From owner-freebsd-security@freebsd.org Thu Mar 10 15:40:32 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 350F8ACA378 for ; Thu, 10 Mar 2016 15:40:32 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: from mail-qk0-x230.google.com (mail-qk0-x230.google.com [IPv6:2607:f8b0:400d:c09::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id E1D50970 for ; Thu, 10 Mar 2016 15:40:31 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: by mail-qk0-x230.google.com with SMTP id x1so35764973qkc.1 for ; Thu, 10 Mar 2016 07:40:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hardenedbsd-org.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=TiKOrA4WQZVBMDkqj1WHYU+QBArcD+pvY76CxvLW1pc=; b=g52Nw2Xxmttwz/M65MQWCBRacpHlzFJ8K199Z9T3sakrE1Rvuc+YaYq6w+UFZ82Ryd v1ViX78XDZ1WN6YmAp+rJKetQ7+D8Bw5vBBNlfGQ8GwT/jzCMYfFW9bPuo4IrLjRbaMz LM06jEiMD2I1nT6mjZxamsUYqeGlqTFBA4gEcWPl5Ns+XiIquCxi5fIFd0ZCNIqUD2Lv CWFZUr1/ELzSpm7VW+F89fMJbIlflDwx96jZNmlDjc29St9kvPsFsiXToFstSjAPpWeA 2wsaK0v7oDEZHerFXH6/oTsd/UFYTbn5NkLnGmTG/N3nCZG/wjvHbVvvaTrmTreLm6P8 ZtHA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=TiKOrA4WQZVBMDkqj1WHYU+QBArcD+pvY76CxvLW1pc=; b=ag4beLgAqIXJQSQJiR9UbeU7Rx1P+1UtOjCjYN2b6MI8MiyV3oSfgXCuLBSmbbxpvX yjW9b9wuR2YYqGBBLtqKUiLj9RYOgJ4o6wY70oIGBaWe1skLCNiZRVeyHwlScP038AV3 3czhsSjv2PClVV5T0IzRioeyiSMaNkBjFJj2zrMgdWJ/OXVbJFh9vltPYWOCiqLJSdjm QcUSIR0PoVZSDUHBhG71QOzIEJgfD62S6g9D17jhmwyw/JCIVLX+cJHjG0GJezuk3Msj joYa30hX9XB98ulmyntBlRsrHOHvPAKm1xrmXM7ynE23lB3nbb2LKNFaGDOGhxrGbEQ+ vTIQ== X-Gm-Message-State: AD7BkJKBMh0Oa63FUFJng0xXjsnd1jgl6xdLQZlqbEoxB1x/YMB9lrVGN6gJeNwsAOXz75i4 X-Received: by 10.55.74.197 with SMTP id x188mr4973147qka.104.1457624430897; Thu, 10 Mar 2016 07:40:30 -0800 (PST) Received: from mutt-hardenedbsd (c-73-135-80-144.hsd1.md.comcast.net. [73.135.80.144]) by smtp.gmail.com with ESMTPSA id a11sm1876219qge.43.2016.03.10.07.40.29 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 10 Mar 2016 07:40:29 -0800 (PST) Date: Thu, 10 Mar 2016 10:40:27 -0500 From: Shawn Webb To: Ed Maste Cc: freebsd-security@freebsd.org Subject: Re: Will 11.0-RELEASE include ASLR? Message-ID: <20160310154027.GJ42303@mutt-hardenedbsd> References: <56E02D95.9020303@anongoth.pl> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="bgQAstJ9X1Eg13Dy" Content-Disposition: inline In-Reply-To: X-Operating-System: FreeBSD mutt-hardenedbsd 11.0-CURRENT-HBSD FreeBSD 11.0-CURRENT-HBSD X-PGP-Key: http://pgp.mit.edu/pks/lookup?op=vindex&search=0x6A84658F52456EEE User-Agent: Mutt/1.5.24 (2015-08-30) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Mar 2016 15:40:32 -0000 --bgQAstJ9X1Eg13Dy Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Mar 10, 2016 at 10:29:38AM -0500, Ed Maste wrote: > > There are patches ready for FreeBSD to use and it's ready to be shipped > > in FreeBSD. However, for some reason FreeBSD developers do not want to > > ship ASLR in FreeBSD. Why can't it be included at least as non-default > > src.conf option and marked as experimental? >=20 > A little while ago I asked kib@ to look at the ASLR situation. >=20 > He implemented a small, more general solution. We planned to post it > for review, testing and discussion soon, but given the renewed > interest in this topic we'll put it on Phabricator today. >=20 > I look forward to feedback on the patch from Shawn and the HardenedBSD > folks and everyone else with an interest in ASLR on FreeBSD. I look forward to seeing the patch. We'd be especially interested to see how it does stack and VDSO randomization. If the implementation that FreeBSD provides is better than HardenedBSD's, we'd likely drop our implementation and go with FreeBSD's. I'll keep an eye on Phabricator today. Thanks, --=20 Shawn Webb HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE --bgQAstJ9X1Eg13Dy Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJW4ZVpAAoJEGqEZY9SRW7uL1oP/jjOl/KsoYKmwhdO13DJNGba ktM2n4qyouhlnyAfq5LTnJDC876LFqsQPTkZKmZm8uXBF8o12WEa6CRrdJq72a+g lzBVwD9y2iRJQy7Xff9tSV3AHcS6RbUcec4LLTmioP5cDo7r13ZOzZKTVyDzC1wB GVY+45GzTMhml/dxshMrJ4DCPht4e/bMGbgiQG+ueWRrvhmI3+H06LScriDyf8jQ iiKJyx/bCBg7R3rq+pURZJ4/IEXXpwUbYAY8fQf5H2tLirgg1fYiXvmn6IixMBNZ 8FDIuxZO2riSuN009P+jULS+4ciszc7Kc4WK6mZYWEIl2dLYOf8WR9dwYAQTZH4g fyq3Dtp9whGocEuQHtOd3hpWOfOLH73l5ZgdCKJB+s1WPYK0W7E9vTVX8XQWzM8z epErupqVZNcJLuyi93Q2YSMYVUke9KgvlWaxMDfaBjB/VfgfadHLWbylUE2uOqpS pCeP8F67t+D5P+ZgUsAA+5lr4mHHjJj5tpQDap/FVgxu8h47zocXTZOjCyVy748G HI9CmCotw0ht3gGCn6/WURAQeYmnzX3zkB+Bp6RjaPTwiqq5rdDU9QeUknEzMJcG nwH/bD6jJ8Drs/J5o+iAy9L2mkdUkhSeqElQyWiTu4s/VaWgERjxAviywEtLZtIY lrwDVUDjv2Te/6L+HyPM =1JPW -----END PGP SIGNATURE----- --bgQAstJ9X1Eg13Dy--