From owner-freebsd-arch@FreeBSD.ORG Sun May 24 20:43:22 2015 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 9CD1A306; Sun, 24 May 2015 20:43:22 +0000 (UTC) (envelope-from kmacybsd@gmail.com) Received: from mail-ob0-x22c.google.com (mail-ob0-x22c.google.com [IPv6:2607:f8b0:4003:c01::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 6068E35D; Sun, 24 May 2015 20:43:22 +0000 (UTC) (envelope-from kmacybsd@gmail.com) Received: by obbnx5 with SMTP id nx5so43213416obb.0; Sun, 24 May 2015 13:43:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=v67TYZ76D/dUjJQ0YGRyV+GcAU25xZWTtDU3IfG5euo=; b=L5P6CvNmz/rh7c/BCyNoEq9Eni67Nf/v+1a/x/an12ekzLqPRkdeU22/PBzb60kZ2T 0iOvAZGsvUX5ZsK4CEMW1WCRikTrI3lb39Y9paVAk/VEHuSx7I/AQcIWG1gh/FEYAAJF Nxdwnaoz4MqF5LKs0k9jIGkjpikINokvkp1V8zxF8PjgWBxrYgLS5g3VGs8sfBF/aueu VEa6UvIavgOAtfxS1OGYcZqhVCIIo3NWMLLWD4LZoUtz0VPFVOeSqRJrY+hz1Qjoo693 iSeeumK2NXQOrHyARRHYDWm0JGZuGikHKAXBPiUNG6HH1LMX3WNv+mrvQalpjaF/cqd0 qjnA== MIME-Version: 1.0 X-Received: by 10.202.196.211 with SMTP id u202mr1494446oif.10.1432500201579; Sun, 24 May 2015 13:43:21 -0700 (PDT) Sender: kmacybsd@gmail.com Received: by 10.202.21.132 with HTTP; Sun, 24 May 2015 13:43:21 -0700 (PDT) Received: by 10.202.21.132 with HTTP; Sun, 24 May 2015 13:43:21 -0700 (PDT) In-Reply-To: <555FBE83.6080103@FreeBSD.org> References: <555CADB6.202@FreeBSD.org> <555CC369.1030206@FreeBSD.org> <555FBE83.6080103@FreeBSD.org> Date: Sun, 24 May 2015 13:43:21 -0700 X-Google-Sender-Auth: 3JwDjURESHLDW64mLHTA-YBNtnQ Message-ID: Subject: Re: ASLR work into -HEAD ? From: "K. Macy" To: Bryan Drewery Cc: freebsd-arch@freebsd.org, Oliver Pinter , Shawn Webb , Pedro Giffuni Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 May 2015 20:43:22 -0000 On May 22, 2015 4:41 PM, "Bryan Drewery" wrote: > > On 5/20/2015 12:24 PM, Pedro Giffuni wrote: > > My claim is that the majority of "professional" breachers and > > governments already have ASLR workarounds pre-coded and ready > > to launch. Finding an exploit is more difficult than beating > > ASLR so they are not going to hint everyone that they have > > an exploit until they can take all the linux/windows/MacOSX > > at the same time. > > > > The cost for the NSA and/or anonymous to step on > > ASLR is zero. > Correct. But who are we really protecting against? If it's the NSA only air gap will really do. In reality it's just a matter of making the cost of circumventing protections exceed the value of the data or items being protected. Locking one's doors and windows doesn't make one's house impenetrable by any stretch, but it does deter opportunistic passerby. Protecting against state overreach is a political matter and shouldn't factor into whether to invest in deterring lesser malfeasors. I'm sorry, but Bryan has it right. The political discussion is a side show. -K > This sort of argument easily turns into "why bother with security?". > Please be careful with it. Every layer and mitigation helps. The real > world is not just NSA or China. It's also full of script kiddies. Should > we just stop using SSL because NSA might have cracked it? Should we just > hand over root ssh keys to China because they probably have it all > hacked anyway? Should we just give up since billions of dollars pour > into security breaking research? Should I just post my CC here since > it's surely leaked from the hundreds of places I use it at anyway? No. > > I've had very basic security checks, that could be easily circumvented, > stop actual script kiddies before. Had they persisted longer I would > have been in major trouble. If I explained what it is you would surely > laugh it off and tell me to not bother. Well it worked. ASLR has its > place too. > > -- > Regards, > Bryan Drewery > From owner-freebsd-arch@FreeBSD.ORG Wed May 27 06:20:54 2015 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id BDB937B5; Wed, 27 May 2015 06:20:54 +0000 (UTC) (envelope-from alfred@freebsd.org) Received: from elvis.mu.org (elvis.mu.org [IPv6:2001:470:1f05:b76::196]) by mx1.freebsd.org (Postfix) with ESMTP id 9D110B71; Wed, 27 May 2015 06:20:54 +0000 (UTC) (envelope-from alfred@freebsd.org) Received: from AlfredMacbookAir.local (c-76-21-10-192.hsd1.ca.comcast.net [76.21.10.192]) by elvis.mu.org (Postfix) with ESMTPSA id 7A8D8341F87D; Tue, 26 May 2015 23:20:53 -0700 (PDT) Message-ID: <55656245.3000205@freebsd.org> Date: Tue, 26 May 2015 23:20:53 -0700 From: Alfred Perlstein Organization: FreeBSD User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.6.0 MIME-Version: 1.0 To: "K. Macy" , Bryan Drewery CC: Shawn Webb , Pedro Giffuni , Oliver Pinter , freebsd-arch@freebsd.org Subject: Re: ASLR work into -HEAD ? References: <555CADB6.202@FreeBSD.org> <555CC369.1030206@FreeBSD.org> <555FBE83.6080103@FreeBSD.org> In-Reply-To: Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 May 2015 06:20:54 -0000 On 5/24/15 1:43 PM, K. Macy wrote: > On May 22, 2015 4:41 PM, "Bryan Drewery" wrote: >> On 5/20/2015 12:24 PM, Pedro Giffuni wrote: >>> My claim is that the majority of "professional" breachers and >>> governments already have ASLR workarounds pre-coded and ready >>> to launch. Finding an exploit is more difficult than beating >>> ASLR so they are not going to hint everyone that they have >>> an exploit until they can take all the linux/windows/MacOSX >>> at the same time. >>> >>> The cost for the NSA and/or anonymous to step on >>> ASLR is zero. > Correct. But who are we really protecting against? If it's the NSA only air > gap will really do. In reality it's just a matter of making the cost of > circumventing protections exceed the value of the data or items being > protected. Locking one's doors and windows doesn't make one's house > impenetrable by any stretch, but it does deter opportunistic passerby. > > Protecting against state overreach is a political matter and shouldn't > factor into whether to invest in deterring lesser malfeasors. > > I'm sorry, but Bryan has it right. The political discussion is a side show. > +1, also having a line item is good. Not having ASLR just makes FreeBSD look derp. DragonFly BSD has an implementation of ASLR based upon OpenBSD's model, added in 2010.[ Microsoft's Windows Vista (released January 2007) and later have ASLR enabled In 2003, OpenBSD became the first mainstream operating system to support partial ASLR In Mac OS X Leopard 10.5 (released October 2007), Apple introduced randomization for system libraries Linux has enabled a weak form of ASLR by default since kernel version 2.6.12 (released June 2005). So basically 1 more week and we can be 10 years behind Linux. :) w00t. -Alfred From owner-freebsd-arch@FreeBSD.ORG Wed May 27 11:36:00 2015 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C1777AE4 for ; Wed, 27 May 2015 11:36:00 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: from mail-pd0-f175.google.com (mail-pd0-f175.google.com [209.85.192.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 971891E6 for ; Wed, 27 May 2015 11:36:00 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: by pdbki1 with SMTP id ki1so11196699pdb.1 for ; Wed, 27 May 2015 04:35:53 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=uiXt0CwMco5vRLZ9BD4TeQk8QOTSkOYYyu7m5pKmjvk=; b=QaxVodXRaqx0nqsqFljGc2pPTRWAtF05/FRRQb+3WtjOC/+5upPpjVp95vGXtjbdZN 20cv0CpMdUg97FlxB9lQvIJQWkegdBftRzSJK+LJIQF+A7xf/pjTQvTeH8P8zozcQoI9 cM+lNic3eAAYPJOwQ4oAAYhn7b4iG83cS6D+VXmlTV36elC51P/VE0ukeDWVM2rUZM3K 9EjowvOeVfl/GfXnKwQA6ssCznTm8P8ZwMvhucGVrWQQHqK8afEpq8olI+u0wCS4ViHq XWn6TnE+qDveMw1gim40T4Eu9z6jrJaHv5D65NPv9a5p6FflrwwStRa7J8tK5u8ItE+O Qm+Q== X-Gm-Message-State: ALoCoQkhF36+gjL3fmOz6ZMAqC5AaVW8+u+zxBEi8VHClyFK7rV6aaqyGU8tHxI2k9V6u6LZjhOI MIME-Version: 1.0 X-Received: by 10.66.192.1 with SMTP id hc1mr57775216pac.38.1432726553716; Wed, 27 May 2015 04:35:53 -0700 (PDT) Received: by 10.70.120.165 with HTTP; Wed, 27 May 2015 04:35:53 -0700 (PDT) Received: by 10.70.120.165 with HTTP; Wed, 27 May 2015 04:35:53 -0700 (PDT) In-Reply-To: <55656245.3000205@freebsd.org> References: <555CADB6.202@FreeBSD.org> <555CC369.1030206@FreeBSD.org> <555FBE83.6080103@FreeBSD.org> <55656245.3000205@freebsd.org> Date: Wed, 27 May 2015 07:35:53 -0400 Message-ID: Subject: Re: ASLR work into -HEAD ? From: Shawn Webb To: Alfred Perlstein Cc: Pedro Giffuni , "K. Macy" , Oliver Pinter , Bryan Drewery , freebsd-arch@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 May 2015 11:36:00 -0000 On May 27, 2015 2:20 AM, "Alfred Perlstein" wrote: > > > > On 5/24/15 1:43 PM, K. Macy wrote: >> >> On May 22, 2015 4:41 PM, "Bryan Drewery" wrote: >>> >>> On 5/20/2015 12:24 PM, Pedro Giffuni wrote: >>>> >>>> My claim is that the majority of "professional" breachers and >>>> governments already have ASLR workarounds pre-coded and ready >>>> to launch. Finding an exploit is more difficult than beating >>>> ASLR so they are not going to hint everyone that they have >>>> an exploit until they can take all the linux/windows/MacOSX >>>> at the same time. >>>> >>>> The cost for the NSA and/or anonymous to step on >>>> ASLR is zero. >>> >> >> Correct. But who are we really protecting against? If it's the NSA only air >> gap will really do. In reality it's just a matter of making the cost of >> circumventing protections exceed the value of the data or items being >> protected. Locking one's doors and windows doesn't make one's house >> impenetrable by any stretch, but it does deter opportunistic passerby. >> >> Protecting against state overreach is a political matter and shouldn't >> factor into whether to invest in deterring lesser malfeasors. >> >> I'm sorry, but Bryan has it right. The political discussion is a side show. >> > > +1, also having a line item is good. Not having ASLR just makes FreeBSD look derp. > > DragonFly BSD has an implementation of ASLR based upon OpenBSD's model, added in 2010.[ > Microsoft's Windows Vista (released January 2007) and later have ASLR enabled > In 2003, OpenBSD became the first mainstream operating system to support partial ASLR > In Mac OS X Leopard 10.5 (released October 2007), Apple introduced randomization for system libraries > > Linux has enabled a weak form of ASLR by default since kernel version 2.6.12 (released June 2005). > > So basically 1 more week and we can be 10 years behind Linux. :) > > w00t. > > -Alfred FreeBSD is 14 years behind Linux if you count PaX's ASLR patch. Thanks, Shawn From owner-freebsd-arch@FreeBSD.ORG Wed May 27 16:04:44 2015 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id CC26584E for ; Wed, 27 May 2015 16:04:44 +0000 (UTC) (envelope-from pfg@FreeBSD.org) Received: from nm22-vm1.bullet.mail.bf1.yahoo.com (nm22-vm1.bullet.mail.bf1.yahoo.com [98.139.212.127]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 72779FBE for ; Wed, 27 May 2015 16:04:43 +0000 (UTC) (envelope-from pfg@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1432742676; bh=DnPq+RHu6EALdmRbWsdhI7x5clBI+nXIihljTqjaekY=; h=Date:From:To:CC:Subject:References:In-Reply-To:From:Subject; b=iULZGOo3t5r79uTbKKJS8Q2ekI4VMTAMMokUEu24KL5eCqYIFIZppKjwH71baHcRtIB+Ttt1R8i7HyWYi76Dgs9O8M5Ahz/35fXXIPzMNn+BDtRPyz6MjyGh6u8giPagwiAyBsNkK4JADAxDj9egJglNCh9CtLBiG5Ny8gUGs/AhHrggMLHBAytmwjrpgVw3rQxKvBqU9BO2h15uzs4JeNM4q7CrqdHU0OsNhS+KRZhpR3OSfIxf4D0c6DpnH7youp9Fn4r6TepAFxgayxMj11IpLxvKJq/Zk8YUahOvevPf0yfkTIQiVlTMsT2YAVBW5bTnTe7v6ZS+R6O/oT+xzw== Received: from [66.196.81.174] by nm22.bullet.mail.bf1.yahoo.com with NNFMP; 27 May 2015 16:04:36 -0000 Received: from [98.139.211.205] by tm20.bullet.mail.bf1.yahoo.com with NNFMP; 27 May 2015 16:04:36 -0000 Received: from [127.0.0.1] by smtp214.mail.bf1.yahoo.com with NNFMP; 27 May 2015 16:04:36 -0000 X-Yahoo-Newman-Id: 466329.41568.bm@smtp214.mail.bf1.yahoo.com X-Yahoo-Newman-Property: ymail-3 X-YMail-OSG: Wapii5MVM1k5uh.GqoDy_HILCb_rjcaop7Cf5vv5NpcA_qh JS0b59MCiNXs2zFE7PRqwypqJgBrVop67ef.jhGB0FgYTF95YJ5okvj.Ftl7 Lg_enmD31.4dJDazaqySc9AssmN6yL6T33y_c35buReCw5Cg5UNnw_3TMJWb 4WUVaqo4lHIzsdapvqfCJkfm_JWYIG.O5gWIvu6uAJX2WR6tm_6xP6SoQZOs _I1.3k88JEjfyUaz8BbPesLLWDFnaL1ExniJbSIbhKKdVeTOXiXKYIWSgo6V tMBbTjwaHAekA4sKCQsAVl781Xh47GpUEY0LXPxSMZRgqEjEw6zYJsTt_Gyg jBNEWadUkbdWkit.fi8M5FOEbZ9jfYW6or2pNPpmAXkSmnsVNa2gC4rQEGH5 eicuSdUvXXKOKfFyHsnwkq9IG1FR_Epoy1wSF4je3DwRapYV.kZdiStSML5T 2GTg4P5mdZTsG.GSTdDkEKA_OsJDFXSZ_UsV9NeJudPbfuxpJ8FLfpu6HIfU T8IjnSfuI4xQAsLx4xNBz3yx8WKoV8JGG X-Yahoo-SMTP: xcjD0guswBAZaPPIbxpWwLcp9Unf Message-ID: <5565EB16.20208@FreeBSD.org> Date: Wed, 27 May 2015 11:04:38 -0500 From: Pedro Giffuni User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0 MIME-Version: 1.0 To: Alfred Perlstein CC: freebsd-arch@freebsd.org Subject: Re: ASLR work into -HEAD ? References: <555CADB6.202@FreeBSD.org> <555CC369.1030206@FreeBSD.org> <555FBE83.6080103@FreeBSD.org> <55656245.3000205@freebsd.org> In-Reply-To: <55656245.3000205@freebsd.org> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 May 2015 16:04:45 -0000 On 05/27/15 01:20, Alfred Perlstein wrote: > > > On 5/24/15 1:43 PM, K. Macy wrote: >> On May 22, 2015 4:41 PM, "Bryan Drewery" wrote: >>> On 5/20/2015 12:24 PM, Pedro Giffuni wrote: >>>> My claim is that the majority of "professional" breachers and >>>> governments already have ASLR workarounds pre-coded and ready >>>> to launch. Finding an exploit is more difficult than beating >>>> ASLR so they are not going to hint everyone that they have >>>> an exploit until they can take all the linux/windows/MacOSX >>>> at the same time. >>>> >>>> The cost for the NSA and/or anonymous to step on >>>> ASLR is zero. >> Correct. But who are we really protecting against? If it's the NSA only air >> gap will really do. In reality it's just a matter of making the cost of >> circumventing protections exceed the value of the data or items being >> protected. Locking one's doors and windows doesn't make one's house >> impenetrable by any stretch, but it does deter opportunistic passerby. >> >> Protecting against state overreach is a political matter and shouldn't >> factor into whether to invest in deterring lesser malfeasors. >> >> I'm sorry, but Bryan has it right. The political discussion is a side show. >> > > +1, also having a line item is good. Not having ASLR just makes > FreeBSD look derp. > And of course I am in the minority that thinks that just because everybody else (or at least the OSs that matter) has done it doesn't necessarily make it a great idea. This will be my last email on the subject and I'll stop whining ... promise. > DragonFly BSD has an implementation of ASLR based upon OpenBSD's > model, added in 2010.[ > Microsoft's Windows Vista (released January 2007) and later have ASLR > enabled > In 2003, OpenBSD became the first mainstream operating system to > support partial ASLR > In Mac OS X Leopard 10.5 (released October 2007), Apple introduced > randomization for system libraries > > Linux has enabled a weak form of ASLR by default since kernel version > 2.6.12 (released June 2005). > > So basically 1 more week and we can be 10 years behind Linux. :) > Happy birthday ASLR? ;) Somehow it hasn't been terribly useful in 10 years, and we haven't really missed it, unless there's something I am unaware of that the security advisories didn't mention. If it comes to adopt things because we have to follow the herd, that I guess I prefer the Dragonfly BSD approach: - It is a very simple, to-the-point patch. - It is off by default (NetBSD too?) but very easy to setup with through a sysctl. - Given both points above it is very easy to revert once the marketing hype foo dies. Again just my uneducated opinion, and I won't spend time on the "quick" approach either. regards, Pedro. From owner-freebsd-arch@FreeBSD.ORG Wed May 27 16:41:21 2015 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 029B0B4D for ; Wed, 27 May 2015 16:41:20 +0000 (UTC) (envelope-from ian@freebsd.org) Received: from pmta2.delivery6.ore.mailhop.org (pmta2.delivery6.ore.mailhop.org [54.200.129.228]) by mx1.freebsd.org (Postfix) with SMTP id D75CCB00 for ; Wed, 27 May 2015 16:41:20 +0000 (UTC) (envelope-from ian@freebsd.org) Received: from ilsoft.org (unknown [73.34.117.227]) by outbound2.ore.mailhop.org (Halon Mail Gateway) with ESMTPSA; Wed, 27 May 2015 16:41:39 +0000 (UTC) Received: from revolution.hippie.lan (revolution.hippie.lan [172.22.42.240]) by ilsoft.org (8.14.9/8.14.9) with ESMTP id t4RGfHWe015803; Wed, 27 May 2015 10:41:17 -0600 (MDT) (envelope-from ian@freebsd.org) Message-ID: <1432744877.1200.65.camel@freebsd.org> Subject: Re: ASLR work into -HEAD ? From: Ian Lepore To: Pedro Giffuni Cc: Alfred Perlstein , freebsd-arch@freebsd.org Date: Wed, 27 May 2015 10:41:17 -0600 In-Reply-To: <5565EB16.20208@FreeBSD.org> References: <555CADB6.202@FreeBSD.org> <555CC369.1030206@FreeBSD.org> <555FBE83.6080103@FreeBSD.org> <55656245.3000205@freebsd.org> <5565EB16.20208@FreeBSD.org> Content-Type: text/plain; charset="us-ascii" X-Mailer: Evolution 3.12.10 FreeBSD GNOME Team Port Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 May 2015 16:41:21 -0000 On Wed, 2015-05-27 at 11:04 -0500, Pedro Giffuni wrote: > > On 05/27/15 01:20, Alfred Perlstein wrote: > > > > > > On 5/24/15 1:43 PM, K. Macy wrote: > >> On May 22, 2015 4:41 PM, "Bryan Drewery" wrote: > >>> On 5/20/2015 12:24 PM, Pedro Giffuni wrote: > >>>> My claim is that the majority of "professional" breachers and > >>>> governments already have ASLR workarounds pre-coded and ready > >>>> to launch. Finding an exploit is more difficult than beating > >>>> ASLR so they are not going to hint everyone that they have > >>>> an exploit until they can take all the linux/windows/MacOSX > >>>> at the same time. > >>>> > >>>> The cost for the NSA and/or anonymous to step on > >>>> ASLR is zero. > >> Correct. But who are we really protecting against? If it's the NSA only air > >> gap will really do. In reality it's just a matter of making the cost of > >> circumventing protections exceed the value of the data or items being > >> protected. Locking one's doors and windows doesn't make one's house > >> impenetrable by any stretch, but it does deter opportunistic passerby. > >> > >> Protecting against state overreach is a political matter and shouldn't > >> factor into whether to invest in deterring lesser malfeasors. > >> > >> I'm sorry, but Bryan has it right. The political discussion is a side show. > >> > > > > +1, also having a line item is good. Not having ASLR just makes > > FreeBSD look derp. > > > > And of course I am in the minority that thinks that just because > everybody else (or at least the OSs that matter) has done it > doesn't necessarily make it a great idea. This will be my last email > on the subject and I'll stop whining ... promise. > > > DragonFly BSD has an implementation of ASLR based upon OpenBSD's > > model, added in 2010.[ > > Microsoft's Windows Vista (released January 2007) and later have ASLR > > enabled > > In 2003, OpenBSD became the first mainstream operating system to > > support partial ASLR > > In Mac OS X Leopard 10.5 (released October 2007), Apple introduced > > randomization for system libraries > > > > Linux has enabled a weak form of ASLR by default since kernel version > > 2.6.12 (released June 2005). > > > > So basically 1 more week and we can be 10 years behind Linux. :) > > > > Happy birthday ASLR? ;) Somehow it hasn't been terribly useful in 10 years, > and we haven't really missed it, unless there's something I am unaware of > that the security advisories didn't mention. > > If it comes to adopt things because we have to follow the herd, > that I guess I prefer the Dragonfly BSD approach: > > - It is a very simple, to-the-point patch. > - It is off by default (NetBSD too?) but very > easy to setup with through a sysctl. > - Given both points above it is very easy > to revert once the marketing hype foo dies. > > Again just my uneducated opinion, and I won't > spend time on the "quick" approach either. > > regards, > > Pedro. You may be in a minority, but you're not alone. I just hope that when this fad fades away we aren't left with a permenent performance hit that we can't get rid of. The best way to ensure that is to make sure there's a no-performance-hit way to disable this stuff on day one. -- Ian From owner-freebsd-arch@FreeBSD.ORG Wed May 27 16:54:51 2015 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id CE09EDD7; Wed, 27 May 2015 16:54:51 +0000 (UTC) (envelope-from adrian.chadd@gmail.com) Received: from mail-ig0-x229.google.com (mail-ig0-x229.google.com [IPv6:2607:f8b0:4001:c05::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 96DECE9A; Wed, 27 May 2015 16:54:51 +0000 (UTC) (envelope-from adrian.chadd@gmail.com) Received: by igbsb11 with SMTP id sb11so18832425igb.0; Wed, 27 May 2015 09:54:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=NtjqxT7CwZUbZbNNx2BhSzm2IrTBH+bnvMRbIDnotn0=; b=EfLmclpS/9rOHmqt6UwW42SzcMQYODci7lGhyGNe38ymdkcgQDRlk8Q+oVlFGGkR6t GzMehpHWBHfLNzcFrwv3rZMdIP1T2rjbXxP8VlbUOhJ6XvfkTHZXuBGwt02VWMelGpjT QjW+OleXs+JPjt2zKtWvrTOQE6nWsv8J5/6QDx5ZrjLsnzLa7J2sf01fMjJnxZ5d+L7q V6n32BAU+mXZ71uIfC7rr8rwbOY5RtYkBiKo4bNWfvxNW2gC/lxnBzPF3wgQmShe02RB /bAul+s8OgBWTT7lAcY5iC7sLPdVDGdChpCfGYhysiEPd6B5D5H0s9hBqWYH3epwcLv6 wNQQ== MIME-Version: 1.0 X-Received: by 10.43.163.129 with SMTP id mo1mr4521328icc.61.1432745690953; Wed, 27 May 2015 09:54:50 -0700 (PDT) Sender: adrian.chadd@gmail.com Received: by 10.36.38.133 with HTTP; Wed, 27 May 2015 09:54:50 -0700 (PDT) In-Reply-To: <1432744877.1200.65.camel@freebsd.org> References: <555CADB6.202@FreeBSD.org> <555CC369.1030206@FreeBSD.org> <555FBE83.6080103@FreeBSD.org> <55656245.3000205@freebsd.org> <5565EB16.20208@FreeBSD.org> <1432744877.1200.65.camel@freebsd.org> Date: Wed, 27 May 2015 09:54:50 -0700 X-Google-Sender-Auth: D8WSmmiJ3gewYtSCi_wDcy3lx5Y Message-ID: Subject: Re: ASLR work into -HEAD ? From: Adrian Chadd To: Ian Lepore Cc: Pedro Giffuni , Alfred Perlstein , "freebsd-arch@freebsd.org" Content-Type: text/plain; charset=UTF-8 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 May 2015 16:54:51 -0000 On 27 May 2015 at 09:41, Ian Lepore wrote: > You may be in a minority, but you're not alone. I just hope that when > this fad fades away we aren't left with a permenent performance hit that > we can't get rid of. The best way to ensure that is to make sure > there's a no-performance-hit way to disable this stuff on day one. I believe that's the point of the implementation. It's disabled by default. We can also remove it relatively easily too. I may want this compiled into access points and other IoT devices to harden against a class of attacks, but I also want to be able to remove it for debugging. He makes it so you can enable/disable it during runtime with a sysctl - it's quite nice. -adrian From owner-freebsd-arch@FreeBSD.ORG Wed May 27 16:56:03 2015 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 4A4FFE9A for ; Wed, 27 May 2015 16:56:03 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: from mail-qc0-f173.google.com (mail-qc0-f173.google.com [209.85.216.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 06CADEAC for ; Wed, 27 May 2015 16:56:02 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: by qcxw10 with SMTP id w10so6478634qcx.3 for ; Wed, 27 May 2015 09:55:56 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:subject:from:to:cc:date:in-reply-to :references:organization:content-type:mime-version; bh=ig1nBUiFdxeEX39yNpAnC8otqCYHzkjGKcK/V91FZ9M=; b=FUE1FNmiCM3tzE/K9pqrOpun21dCryWdzEN6I/WzAuvAYlfRWPpyIzpZAswlOCZYfR NqcXZXHA3oaPeLoGQFsdwxTdu046aUvciOkz4s0qFqWc9ufyUCV4VDnl0/4wW0gkF7yM 9vULoRSk07kNjYum0KG2n5o1xXqM2189bBoruRSpvix7B6fyvTVdPICr897kMTNBBU3y 7EZVz2IUvfDgNXnmodz/M+tI6NTUIBF83ITmnm9+BlOL/M0vh33sgUn0FtvYfyRXlpQH uLTUPU+X5VZTE0llnkTv0QbHy/K0TbedNT99jT3yjyXYctMWcaXdmI9Cy46TXLPakB9+ /cbA== X-Gm-Message-State: ALoCoQnnWtERsJcSmGOkRqXF4FdglhMFXC70HXoZA7lPADJkHG7NH+AV8u4YN53EC3yfUADpzuiI X-Received: by 10.55.40.92 with SMTP id o89mr1912054qkh.74.1432743943150; Wed, 27 May 2015 09:25:43 -0700 (PDT) Received: from [10.3.0.26] ([63.88.83.66]) by mx.google.com with ESMTPSA id 67sm10332178qhw.43.2015.05.27.09.25.41 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 27 May 2015 09:25:42 -0700 (PDT) Message-ID: <1432743944.20023.12.camel@hardenedbsd.org> Subject: Re: ASLR work into -HEAD ? From: Shawn Webb To: Pedro Giffuni Cc: Alfred Perlstein , freebsd-arch@freebsd.org Date: Wed, 27 May 2015 12:25:44 -0400 In-Reply-To: <5565EB16.20208@FreeBSD.org> References: <555CADB6.202@FreeBSD.org> <555CC369.1030206@FreeBSD.org> <555FBE83.6080103@FreeBSD.org> <55656245.3000205@freebsd.org> <5565EB16.20208@FreeBSD.org> Organization: HardenedBSD Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-FdrX3mqsx/ESInNSKzo/" X-Mailer: Evolution 3.12.10-0ubuntu1~14.10.1 Mime-Version: 1.0 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 May 2015 16:56:03 -0000 --=-FdrX3mqsx/ESInNSKzo/ Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Wed, 2015-05-27 at 11:04 -0500, Pedro Giffuni wrote: >=20 > On 05/27/15 01:20, Alfred Perlstein wrote: > > > > > > On 5/24/15 1:43 PM, K. Macy wrote: > >> On May 22, 2015 4:41 PM, "Bryan Drewery" wrote: > >>> On 5/20/2015 12:24 PM, Pedro Giffuni wrote: > >>>> My claim is that the majority of "professional" breachers and > >>>> governments already have ASLR workarounds pre-coded and ready > >>>> to launch. Finding an exploit is more difficult than beating > >>>> ASLR so they are not going to hint everyone that they have > >>>> an exploit until they can take all the linux/windows/MacOSX > >>>> at the same time. > >>>> > >>>> The cost for the NSA and/or anonymous to step on > >>>> ASLR is zero. > >> Correct. But who are we really protecting against? If it's the NSA onl= y air > >> gap will really do. In reality it's just a matter of making the cost = of > >> circumventing protections exceed the value of the data or items being > >> protected. Locking one's doors and windows doesn't make one's house > >> impenetrable by any stretch, but it does deter opportunistic passerby. > >> > >> Protecting against state overreach is a political matter and shouldn't > >> factor into whether to invest in deterring lesser malfeasors. > >> > >> I'm sorry, but Bryan has it right. The political discussion is a side = show. > >> > > > > +1, also having a line item is good. Not having ASLR just makes=20 > > FreeBSD look derp. > > >=20 > And of course I am in the minority that thinks that just because > everybody else (or at least the OSs that matter) has done it > doesn't necessarily make it a great idea. This will be my last email > on the subject and I'll stop whining ... promise. Good. I'd rather focus on code rather than pointless politics. >=20 > > DragonFly BSD has an implementation of ASLR based upon OpenBSD's=20 > > model, added in 2010.[ > > Microsoft's Windows Vista (released January 2007) and later have ASLR= =20 > > enabled > > In 2003, OpenBSD became the first mainstream operating system to=20 > > support partial ASLR > > In Mac OS X Leopard 10.5 (released October 2007), Apple introduced=20 > > randomization for system libraries > > > > Linux has enabled a weak form of ASLR by default since kernel version= =20 > > 2.6.12 (released June 2005). > > > > So basically 1 more week and we can be 10 years behind Linux. :) > > >=20 > Happy birthday ASLR? ;) Somehow it hasn't been terribly useful in 10 year= s, > and we haven't really missed it, unless there's something I am unaware of > that the security advisories didn't mention. >=20 > If it comes to adopt things because we have to follow the herd, > that I guess I prefer the Dragonfly BSD approach: >=20 > - It is a very simple, to-the-point patch. Our patch is more complex due to per-jail support and the various weaknesses FreeBSD wanted us to add. HardenedBSD's implementation does not contain those weaknesses. > - It is off by default (NetBSD too?) but very > easy to setup with through a sysctl. Our patch is disabled by default in the GENERIC kernel. > - Given both points above it is very easy > to revert once the marketing hype foo dies. I hope security-related patches that have proven stable and well-performing never get reverted. >=20 > Again just my uneducated opinion, and I won't > spend time on the "quick" approach either. >=20 > regards, >=20 > Pedro. >=20 > _______________________________________________ > freebsd-arch@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-arch > To unsubscribe, send any mail to "freebsd-arch-unsubscribe@freebsd.org" --=-FdrX3mqsx/ESInNSKzo/ Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIbBAABCgAGBQJVZfAIAAoJEGqEZY9SRW7u2lQP90n4goSAiWokB7S3XR/sTEkW mFew95dtd9LqsydOhZYE34FKuNAPZq8NIrD2x7FM/Dcay4WXeffFlzOrkXAib+wk zy1zA4JhfTBwe4kMtWkJZ5S+LN3MFBeLpbMGNCj2uCIZ6QCdHA6hN8dj9PC33sUn aqelpmJM0LnUE1jg5l13rCEL+RuwD14EPCxwSJYYjOOKwMctAF3LfpaYghWAbmhW jbHGqX7FfPMqjhUFGhMLzL3XG6e8ZA2lLBAZSbNtgJvNK5Cvxv4ZLTgE9+CFqtGy EL7FxTVu06dTPt4srMYkhN6AIOHdMgKuNk0Z08nTSgKCS54iFgwD/EgcWl+cHpXr iAvJj1vKknmtXKr4csTmZPdC10H75Hsgz8CQH2Wjm75Xt/+lJJ6+dwz1SmCFI41/ uJaevPUprnb9Wz6zXb4UAxkrU6iqRL7WDlXHJaGp4XD3qa5fMwkXcmIpXAF+AF7i lOnwB6fNEy3EcaGQQYUL6DigDK+30xDB2cbGdV7Gh1ATu2892QgO+nastHMBRh/K lSjYpXzYeVMfzfT77m9e9cvH4AwmSgmmh4OpqnjlIoGjZwD4JTp54DQZfCjvgMU/ 2GVhf0kqd1Mqx03mk9xQi2z5fCQW0LX/HFlnJRdxyeHpsLWq80tlijRTZnfBzzIF m5Meca+nXicAQYMeRfM= =lgHO -----END PGP SIGNATURE----- --=-FdrX3mqsx/ESInNSKzo/-- From owner-freebsd-arch@FreeBSD.ORG Wed May 27 23:37:12 2015 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C5342728 for ; Wed, 27 May 2015 23:37:12 +0000 (UTC) (envelope-from imp@bsdimp.com) Received: from mail-pd0-f171.google.com (mail-pd0-f171.google.com [209.85.192.171]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 961C4ECA for ; Wed, 27 May 2015 23:37:12 +0000 (UTC) (envelope-from imp@bsdimp.com) Received: by pdbki1 with SMTP id ki1so27872900pdb.1 for ; Wed, 27 May 2015 16:37:11 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:sender:subject:mime-version:content-type:from :in-reply-to:date:cc:message-id:references:to; bh=FUtuoKh2qWc2T+E4vJ/s1U4B78TbxicnBOXfYDIkjaE=; b=T2zCVSEjGRnxDlle4HJHqF2VKK+fRbaZnIjznF89+3W6H1Q1G30AakCZqx09JXU9vk 9MthsdsEZr0aX7FZJFnrLaBtHN7su+5rXaqsJSPD38C9yKErYK7M2pKQUGOj3RTbLHMi IC5xGF1Z1dW0RVgTFd8ZMJ/0ZH5cEKNXIc4tDudHUS8u8hXt37AjymfO0DbWq8oz27Em pxAbBsUyhv/ZTDHnMl0tQZrc5BHBfPzXcLVblxzDvkF/voCzTGVAL8XctkDLs/CouLFR ewBw79D2KGby4me/VfTvbTHvf0ctRystCP/a/TlbGTXk4UTeRiKnaFhhq0T+ntWKdGK8 5YFw== X-Gm-Message-State: ALoCoQnJ8HCZQL066AlwdvSz0YGZXioqn1GxzGUG5vhV6XWro1xPCwHgZ3ncM3VYEz82bvSdMBCi X-Received: by 10.70.133.230 with SMTP id pf6mr57785719pdb.56.1432769831278; Wed, 27 May 2015 16:37:11 -0700 (PDT) Received: from [10.64.24.94] ([69.53.236.236]) by mx.google.com with ESMTPSA id mx5sm262409pdb.75.2015.05.27.16.37.09 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 27 May 2015 16:37:10 -0700 (PDT) Sender: Warner Losh Subject: Re: ASLR work into -HEAD ? Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2098\)) Content-Type: multipart/signed; boundary="Apple-Mail=_C4C98686-7800-4870-B2EF-E48E812205A5"; protocol="application/pgp-signature"; micalg=pgp-sha512 X-Pgp-Agent: GPGMail 2.5b6 From: Warner Losh In-Reply-To: <1432743944.20023.12.camel@hardenedbsd.org> Date: Wed, 27 May 2015 17:37:06 -0600 Cc: Pedro Giffuni , Alfred Perlstein , freebsd-arch@freebsd.org Message-Id: References: <555CADB6.202@FreeBSD.org> <555CC369.1030206@FreeBSD.org> <555FBE83.6080103@FreeBSD.org> <55656245.3000205@freebsd.org> <5565EB16.20208@FreeBSD.org> <1432743944.20023.12.camel@hardenedbsd.org> To: Shawn Webb X-Mailer: Apple Mail (2.2098) X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 May 2015 23:37:13 -0000 --Apple-Mail=_C4C98686-7800-4870-B2EF-E48E812205A5 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 > On May 27, 2015, at 10:25 AM, Shawn Webb = wrote: > Good. I'd rather focus on code rather than pointless politics. But then=E2=80=A6 > Our patch is more complex due to per-jail support and the various > weaknesses FreeBSD wanted us to add. HardenedBSD's implementation does > not contain those weaknesses. You=E2=80=99ll get more flies with honey than vinegar. And FreeBSD didn=E2=80=99t want you to do anything. Certain people = wanted certain features or changes. Perhaps you could be more specific, since this kind of = carping is totally unhelpful. Warner --Apple-Mail=_C4C98686-7800-4870-B2EF-E48E812205A5 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJVZlUjAAoJEGwc0Sh9sBEAYAEP/iL1af7RUs+8x/lbDeA14ON2 AYtJmsEE/TuRroVnQeLuF9W8ZRW9OUZh9KPhntjn7uxHhq4jxxFEWu9CYXa0cqXD eA+FQ9qL4og0/Td9GYipyabC6VtPLEdWopY2bjh/diT5sAHYjU4TnoiPOiSPYIO9 nkAX+srS1PD1fnzjhalzycWdHwU3ec0IuYK2wGeFZoHDNQO15wswuq1nCErgIOHe 97vx7auXrauGrPMs6U0yO259mY48csKhfci8I0vLG1rfvJ3W/zDIfKwnhUiHe25p EB0BTGtSk4mBtEuHVGicIfv0Wc91wmIXhLvrVZ6qZq3SBYqEjatBQM8i1o+lO4dk iMfub2hXEfuwlCGYFbprYhB77qT1YoH0J8YPRRc+g9nB5BNYQNgMsZW9JI8xzZa4 B8BGoa2er/KplfFWACrZwJOK/+j2ahic7zErXXxp59DR+r4V6syqsPbTom9IPVpK XtTBSYHFRs2iny/f8qHW25YJmmWg9Ik/xCkh5IfCjJ2v53Ya0POUwHMvFRVgevlA g6KAg6owEKMaFmM2fk91/fJ9Ry4LCRqFQdOEfivtdnQo3ARjcU39PWle3iVpNxTq 5tSwGzLZga8zo5D5WPaRpf/5fjKVryhZf3pHVKptHtWE5CKqYUFSTSHQG25c7OE8 HRVrA20lTMmIfdhFrNUq =sKZ/ -----END PGP SIGNATURE----- --Apple-Mail=_C4C98686-7800-4870-B2EF-E48E812205A5-- From owner-freebsd-arch@FreeBSD.ORG Thu May 28 00:00:23 2015 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 5E9ADA2C for ; Thu, 28 May 2015 00:00:23 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: from mail-qg0-f45.google.com (mail-qg0-f45.google.com [209.85.192.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1B49C3F5 for ; Thu, 28 May 2015 00:00:22 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: by qgg60 with SMTP id 60so10118869qgg.2 for ; Wed, 27 May 2015 17:00:16 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:organization :user-agent:in-reply-to:references:mime-version:content-type; bh=IDJ0x2B1BT1L6bsvqTXBe6csD5+qquDapC9VzTbF/jc=; b=hfcZo7XruQJ993MSOnMP81TnWyHOXNhlWnEBjy+AiGtJb1luAie2pVGnwzVGaLaHEn OrbQfUZsMrmKiEUIn5Q9xxNmBFcWWVxmNTGVOgy/pADP0ucIy+rVrlo1PkIKqiPrPG92 S3cSebSoYN2KEO5NopkvAyv45+hu4J/Tw1zdhSkzQqsEwqFPfGoyZqhH1gc11O6ad2rk +X+WzIgIsGSCmyucmfWMzCQQPRfKPgIfs1/B9VlRm52lOEemrt2WG52tlb3gtpMAyxje T5HLcYMy7EzjqHBXybnUJKw9vW9cItGb3j1ywxRVZocjjYRLgEuw6d4mmDyu61y0UOUQ e8jA== X-Gm-Message-State: ALoCoQmHHorfBOlP2sPs8QAVdriP8ccOZeZqxCnSrk0E3DzoGtApz7mqlzm45yDRtc++Om8IDwhd X-Received: by 10.55.53.8 with SMTP id c8mr70840326qka.63.1432771216574; Wed, 27 May 2015 17:00:16 -0700 (PDT) Received: from shawnwebb-laptop.localnet (c-73-200-186-132.hsd1.md.comcast.net. [73.200.186.132]) by mx.google.com with ESMTPSA id 63sm286974qgx.25.2015.05.27.17.00.15 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 27 May 2015 17:00:15 -0700 (PDT) From: Shawn Webb To: Warner Losh Cc: Pedro Giffuni , Alfred Perlstein , freebsd-arch@freebsd.org Subject: Re: ASLR work into -HEAD ? Date: Wed, 27 May 2015 20:00:02 -0400 Message-ID: <2503264.OAH5YVL1Fd@shawnwebb-laptop> Organization: HardenedBSD User-Agent: KMail/4.14.3 (FreeBSD/11.0-CURRENT; KDE/4.14.3; amd64; ; ) In-Reply-To: References: <555CADB6.202@FreeBSD.org> <1432743944.20023.12.camel@hardenedbsd.org> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart2333400.9eqfPmJx2M"; micalg="pgp-sha256"; protocol="application/pgp-signature" X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 May 2015 00:00:23 -0000 --nextPart2333400.9eqfPmJx2M Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" On Wednesday, 27 May 2015 17:37:06 Warner Losh wrote: > > On May 27, 2015, at 10:25 AM, Shawn Webb > > wrote: Good. I'd rather focus on code rather than pointless politic= s. >=20 > But then=E2=80=A6 >=20 > > Our patch is more complex due to per-jail support and the various > > weaknesses FreeBSD wanted us to add. HardenedBSD's implementation d= oes > > not contain those weaknesses. >=20 > You=E2=80=99ll get more flies with honey than vinegar. >=20 > And FreeBSD didn=E2=80=99t want you to do anything. Certain people wa= nted certain > features or changes. Perhaps you could be more specific, since this k= ind of > carping is totally unhelpful. At the FreeBSD Developer Summit at EuroBSDCon 2014, Ed Maste said on be= half of=20 the FreeBSD Foundation that he (and by extension, the Foundation) would= block=20 the ASLR patch from being merged into HEAD if we didn't provide a mecha= nism=20 for disabling ASLR as a non-root user on a per-binary basis. I begrudgingly committed a first draft of the API on 26 Sep 2014 to our= =20 upstreaming branch[1]. Further changes were made to clean up the=20 implementation a bit within a few days. This rather silly "feature" was= =20 included in the next patch update to the review on Phabricator. This, of course, is a vast weakness that can be easily abused. So we've= made=20 sure not to have this in HardenedBSD. Want to debug an application with= ASLR=20 turned off? Set the sysctl to turn it off. Or use secadm to disable ASL= R for=20 that application. Usage of secadm requires root privileges and works on= a per- jail basis, just like our sysctls that control ASLR. [1]:=20 https://github.com/HardenedBSD/hardenedBSD/commit/0e6726c5606c9055951be= a44ff4a6fca8a79329c =2D-=20 Shawn Webb HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE --nextPart2333400.9eqfPmJx2M Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part. Content-Transfer-Encoding: 7Bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAABCAAGBQJVZlqCAAoJEGqEZY9SRW7uwVgQAI3iSdcGoBDtM5/jJprmE/4X 418ZvraBM2frn2osFLZQAnh2xthAGg+04Q7g7jBaUpRfSX6GMK+1xOnejSFuPYEI bONVJ0fCXM3h5pPkV/vx1E4HP1CCduR/AlG+11Rb3y6llAezFm0ym6ZvKxTftVqn u3m6xTd05oXYRJ1k4DcjvpRWaImF9snZ+3DZPoHAIUgve5050rcF7rijFz2IK0Zq gVJ3GWCyOJbLUKgbBIthpp8Qb8GaFRD8nsok6GXh+PjHtJFIsTGXp9uw1z5+30A7 utp6HzqguM8yDNEanYH+oaCOKy7qvefDMD0pocYvdS72C8zBcMcLalezAEMa6ig7 +gYKWhc2075qkk0OtQHvmYrSI66NFC+TdTvIx4y30egDi79wdPWuu80lQBoHSXxf WKaBZSjzAD35lDCAWJ9+yRC3Fb2wYK5fE9MmWpceLjmIrHdfgiMjgPf46n7lGEtP Fg5V/203XJ8QLu1octwOJu66DXyDFPI+gSAg5bR4G54cd/q0MbXXJlayMosx1AMv SwQBrpmUvCPl8z7re/0VIFZ1shuSqqxaItetfuRi5wPuCxat9AVHr6DCacFnF3O6 JaaXOQhy4evcOozJaxkHgM/8E1posqWouOXWvsBHOqTfapTa+KWn9scogKp5caYR vdOD5rNCepJWDguhHsUc =to4U -----END PGP SIGNATURE----- --nextPart2333400.9eqfPmJx2M-- From owner-freebsd-arch@FreeBSD.ORG Thu May 28 00:31:34 2015 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 2ABA9E6F; Thu, 28 May 2015 00:31:34 +0000 (UTC) (envelope-from carpeddiem@gmail.com) Received: from mail-ig0-x22e.google.com (mail-ig0-x22e.google.com [IPv6:2607:f8b0:4001:c05::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id E8ACFE05; Thu, 28 May 2015 00:31:33 +0000 (UTC) (envelope-from carpeddiem@gmail.com) Received: by igbhj9 with SMTP id hj9so101559703igb.1; Wed, 27 May 2015 17:31:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc:content-type; bh=BFSaIy7BWJr+Xde+wIiXy1llICsIUPu7CiOPkNSdQBI=; b=oRuQ14hTg+qmTtfLG7kpOctTQYNNqQhNi25i/Dyxi4lMK1unMdsyM2H9/FzLdLoHJf j5t412sy3G8Vyw7XqoeWiw6D3M3A9qrzvdBeJbFTLxj2W+IMr/7+tS4mO2lRdgMPAuvw me/ISsWitaFnZo3iI1ec5IJu68TY9EtuczDc0JCtlpKTXRUqwr900Xwl+jpDAjCrgGIb HpEbrDDno580DYxGVBA3fgbjvt32NRqLs79/jaE/RSzsD/hl5Tg8bkQF5dUgsaCDUAw2 Z082EnuoF9fNpZxhgezbQTUbnVjE0upGryNwGWgOWCC8pDbNYYNT8wbKcoU/UsYS0iAs GMCw== X-Received: by 10.42.176.8 with SMTP id bc8mr6201851icb.22.1432773093094; Wed, 27 May 2015 17:31:33 -0700 (PDT) MIME-Version: 1.0 Sender: carpeddiem@gmail.com Received: by 10.107.48.3 with HTTP; Wed, 27 May 2015 17:31:12 -0700 (PDT) In-Reply-To: <2503264.OAH5YVL1Fd@shawnwebb-laptop> References: <555CADB6.202@FreeBSD.org> <1432743944.20023.12.camel@hardenedbsd.org> <2503264.OAH5YVL1Fd@shawnwebb-laptop> From: Ed Maste Date: Wed, 27 May 2015 20:31:12 -0400 X-Google-Sender-Auth: BjdDeovHteQLbObtnqU-ooc1mgk Message-ID: Subject: Re: ASLR work into -HEAD ? To: Shawn Webb Cc: Warner Losh , Pedro Giffuni , Alfred Perlstein , "freebsd-arch@freebsd.org" Content-Type: text/plain; charset=UTF-8 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 May 2015 00:31:34 -0000 On 27 May 2015 at 20:00, Shawn Webb wrote: > > At the FreeBSD Developer Summit at EuroBSDCon 2014, Ed Maste said on behalf of > the FreeBSD Foundation that he (and by extension, the Foundation) would block > the ASLR patch from being merged into HEAD if we didn't provide a mechanism > for disabling ASLR as a non-root user on a per-binary basis. I said no such thing. I did have reservations about various aspects of the ASLR work and also passed on concerns of others. I certainly did not say that I (or the Foundation) would block the work unless certain conditions were met. The Foundation doesn't have authority to block a change, anyway. I did say that we'd need the ability to disable ASLR on a per-process basis, with my specific interest being use by the debugger. From owner-freebsd-arch@FreeBSD.ORG Thu May 28 01:19:18 2015 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 4CE00493 for ; Thu, 28 May 2015 01:19:18 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: from mail-qc0-f170.google.com (mail-qc0-f170.google.com [209.85.216.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 15EFAA3E for ; Thu, 28 May 2015 01:19:17 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: by qcmi9 with SMTP id i9so11713051qcm.0 for ; Wed, 27 May 2015 18:19:17 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:organization :user-agent:in-reply-to:references:mime-version:content-type; bh=PSGqtn6aXZR37eR6YGapUSgsuLU9Q2Gy7IiYDwchrsA=; b=F6fznnP6yeTZvagCEVnc9kNRzhNiIcCiJ5Cj01UJB/zpK6ngwZz++56Ntn7y2JLZGR KEiQJLRgPc3aDo/D/HaJgoI6Fx1hesmeuE2geWAjuQcDXT8ZMOqkHQoVA+9Ax45xUzqX G8/4NItgKYLvnZUsbQth+80jLDOYdoAwEO+zM3tz/i9BVR7zJmAMH8mbocY2KVLZ8YTZ i+YllUhiHxMmi+XZY/mH9WTz+Qil3w36607jYCawWMwuOqhdC3zC2x+EV/9S1el4IU6g sfDKn6QJ4FiJf7Vmcbywvwf4UhX1GWfLc7GwBspL7XygrHT+nk2CacPeUE6Kfa5DhWeb R4BQ== X-Gm-Message-State: ALoCoQlOOtkov7exNakm95iyg08zWkgehPyDeyT8xR9di1uLcf1cl2Wrs38QZVOCESIto0QQbPqB X-Received: by 10.55.22.143 with SMTP id 15mr360119qkw.85.1432775957105; Wed, 27 May 2015 18:19:17 -0700 (PDT) Received: from shawnwebb-laptop.localnet (c-73-200-186-132.hsd1.md.comcast.net. [73.200.186.132]) by mx.google.com with ESMTPSA id i197sm369225qhc.36.2015.05.27.18.19.15 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 27 May 2015 18:19:16 -0700 (PDT) From: Shawn Webb To: Ed Maste Cc: Warner Losh , Pedro Giffuni , Alfred Perlstein , "freebsd-arch@freebsd.org" Subject: Re: ASLR work into -HEAD ? Date: Wed, 27 May 2015 21:19:15 -0400 Message-ID: <3637667.CG6MV3lcfQ@shawnwebb-laptop> Organization: HardenedBSD User-Agent: KMail/4.14.3 (FreeBSD/11.0-CURRENT; KDE/4.14.3; amd64; ; ) In-Reply-To: References: <555CADB6.202@FreeBSD.org> <2503264.OAH5YVL1Fd@shawnwebb-laptop> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart2596045.YBsWsGe7M1"; micalg="pgp-sha256"; protocol="application/pgp-signature" X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 May 2015 01:19:18 -0000 --nextPart2596045.YBsWsGe7M1 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="us-ascii" On Wednesday, 27 May 2015 20:31:12 Ed Maste wrote: > On 27 May 2015 at 20:00, Shawn Webb wrot= e: > > At the FreeBSD Developer Summit at EuroBSDCon 2014, Ed Maste said o= n > > behalf of the FreeBSD Foundation that he (and by extension, the > > Foundation) would block the ASLR patch from being merged into HEAD = if we > > didn't provide a mechanism for disabling ASLR as a non-root user on= a > > per-binary basis. >=20 > I said no such thing. >=20 > I did have reservations about various aspects of the ASLR work and > also passed on concerns of others. I certainly did not say that I (or= > the Foundation) would block the work unless certain conditions were > met. The Foundation doesn't have authority to block a change, anyway.= >=20 > I did say that we'd need the ability to disable ASLR on a per-process= > basis, with my specific interest being use by the debugger. After talking with Ed in private, I realized that I must have misunders= tood=20 the situation. He was mainly curious about how to satisfy existing=20 functionality in gdb and lldb. He didn't mean to convey that he would b= lock=20 the merge of the patch. I must have misunderstood. I still dislike the=20= feature, but it'll remain in the patch upstream. I fear that I may be growing tired of non-technical discussions involvi= ng=20 politics. As I said to Adrian Chadd in IRC, over the last nearly two ye= ars,=20 I've kissed so many shoes to get this in, I've now grown weary and cyni= cal. Unless someone has actual technical input regarding the patch itself, I= 'm=20 going to refrain from commenting further. If you have technical input=20= regarding the patch, please comment on the diff at Phabricator. Thanks, =2D-=20 Shawn Webb HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE --nextPart2596045.YBsWsGe7M1 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part. Content-Transfer-Encoding: 7Bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAABCAAGBQJVZm0TAAoJEGqEZY9SRW7uyosP/ROW7gWZ6B4d1lQOU85qnXhr HcIoWoSGcSyS4WwJgm1arjaH4ph5esVgXTiTk3lyk0t0H1E/385QYWl2lYzTd+EP mWQAv7ck3cjDm1EUuJsewOpgzBCY4m3blIUJ7xvAbJX/U1ZbuXOovChFPyRpRuuz vMa/Ujj7aUI131R9ovMI9a+Use4wCwgtY2/Mpb5x2/tJFwF0wobUWCpBjKoiFVSu S9L3x4mNimuX+0rzamVCvjq1SpFhc03f58F07/6Y7Rx89+HsaEByI9ZoynmSYvaq IZRV1eoh3GYyZU7MRSV9+Kx93HIaVnszjf4vFyIl80GcbOeoy5vobQnsZw/UNMU5 nWtSvK6smsHUd6wvvING6jVueBLD5BCIXPd3jnRCiomXSKgu0xgee91YaPPNSS1E 0KSGiGYYS3HPXmmpkuRG8b5Tg5CTdkhnTaiCYaG0Qhy02Bvd7LF6rvARe1eBwvgJ QvFzRc+KNX8D2nfZXqMKeHYcWj13VAY0kfg9rVThOG49Eh6Se3cMvVaX3lObz4GY iKMASRpJoRz5P4QfHASTR7VuA5Jx8N97loywS62473ZOrxGAJR/Wj5SnrLBFcBOc dGIyNjc72p9CqE3Iz1l8aGqzeHkUm3OQxhE5Ye7RxfiJw4lW3HA4oSE0d9rOgU6W c+SyAY1wL+xxcfXpwBqg =rOyv -----END PGP SIGNATURE----- --nextPart2596045.YBsWsGe7M1--