Date: Thu, 10 Mar 2016 10:40:27 -0500 From: Shawn Webb <shawn.webb@hardenedbsd.org> To: Ed Maste <emaste@freebsd.org> Cc: freebsd-security@freebsd.org Subject: Re: Will 11.0-RELEASE include ASLR? Message-ID: <20160310154027.GJ42303@mutt-hardenedbsd> In-Reply-To: <CAPyFy2BvT1ZqSaZBvtk0KSwuT2EeRMZ=XUFf0P5jj6vszro2EA@mail.gmail.com> References: <56E02D95.9020303@anongoth.pl> <CAPyFy2BvT1ZqSaZBvtk0KSwuT2EeRMZ=XUFf0P5jj6vszro2EA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--bgQAstJ9X1Eg13Dy Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Mar 10, 2016 at 10:29:38AM -0500, Ed Maste wrote: > > There are patches ready for FreeBSD to use and it's ready to be shipped > > in FreeBSD. However, for some reason FreeBSD developers do not want to > > ship ASLR in FreeBSD. Why can't it be included at least as non-default > > src.conf option and marked as experimental? >=20 > A little while ago I asked kib@ to look at the ASLR situation. >=20 > He implemented a small, more general solution. We planned to post it > for review, testing and discussion soon, but given the renewed > interest in this topic we'll put it on Phabricator today. >=20 > I look forward to feedback on the patch from Shawn and the HardenedBSD > folks and everyone else with an interest in ASLR on FreeBSD. I look forward to seeing the patch. We'd be especially interested to see how it does stack and VDSO randomization. If the implementation that FreeBSD provides is better than HardenedBSD's, we'd likely drop our implementation and go with FreeBSD's. I'll keep an eye on Phabricator today. Thanks, --=20 Shawn Webb HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE --bgQAstJ9X1Eg13Dy Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJW4ZVpAAoJEGqEZY9SRW7uL1oP/jjOl/KsoYKmwhdO13DJNGba ktM2n4qyouhlnyAfq5LTnJDC876LFqsQPTkZKmZm8uXBF8o12WEa6CRrdJq72a+g lzBVwD9y2iRJQy7Xff9tSV3AHcS6RbUcec4LLTmioP5cDo7r13ZOzZKTVyDzC1wB GVY+45GzTMhml/dxshMrJ4DCPht4e/bMGbgiQG+ueWRrvhmI3+H06LScriDyf8jQ iiKJyx/bCBg7R3rq+pURZJ4/IEXXpwUbYAY8fQf5H2tLirgg1fYiXvmn6IixMBNZ 8FDIuxZO2riSuN009P+jULS+4ciszc7Kc4WK6mZYWEIl2dLYOf8WR9dwYAQTZH4g fyq3Dtp9whGocEuQHtOd3hpWOfOLH73l5ZgdCKJB+s1WPYK0W7E9vTVX8XQWzM8z epErupqVZNcJLuyi93Q2YSMYVUke9KgvlWaxMDfaBjB/VfgfadHLWbylUE2uOqpS pCeP8F67t+D5P+ZgUsAA+5lr4mHHjJj5tpQDap/FVgxu8h47zocXTZOjCyVy748G HI9CmCotw0ht3gGCn6/WURAQeYmnzX3zkB+Bp6RjaPTwiqq5rdDU9QeUknEzMJcG nwH/bD6jJ8Drs/J5o+iAy9L2mkdUkhSeqElQyWiTu4s/VaWgERjxAviywEtLZtIY lrwDVUDjv2Te/6L+HyPM =1JPW -----END PGP SIGNATURE----- --bgQAstJ9X1Eg13Dy--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20160310154027.GJ42303>