Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 18 Nov 2021 10:28:52 -0500
From:      Ed Maste <emaste@freebsd.org>
To:        Shawn Webb <shawn.webb@hardenedbsd.org>
Cc:        Kubilay Kocak <koobs@freebsd.org>, Marcin Wojtas <mw@freebsd.org>,  src-committers <src-committers@freebsd.org>,  "<dev-commits-src-all@freebsd.org>" <dev-commits-src-all@freebsd.org>, dev-commits-src-main@freebsd.org
Subject:   Re: git: b014e0f15bc7 - main - Enable ASLR by default for 64-bit executables
Message-ID:  <CAPyFy2Bo9Lps_xmq9tMut-zesGG9fndEWgW309xLzmfPdHb77Q@mail.gmail.com>
In-Reply-To: <20211117054034.jr6wdl5o42dv2kb6@mutt-hbsd>
References:  <202111162226.1AGMQg00099240@gitrepo.freebsd.org> <e07dce67-5aaa-a9ea-bfa4-941c01cdead8@FreeBSD.org> <20211117054034.jr6wdl5o42dv2kb6@mutt-hbsd>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, 17 Nov 2021 at 00:40, Shawn Webb <shawn.webb@hardenedbsd.org> wrote=
:
>
> It also doesn't make much sense to toggle AS{L}R for the different
> parts of an executable image. AS{L}R is an "all or nothing" thing.

There's not toggles for different parts of an executable image.

The aslr_enable and pie_aslr_enable sysctls are for two different
types of ELF objects. As for aslr_honor_sbrk,  sbrk(2) is a legacy
memory management interface - from the man page:

     The brk() and sbrk() functions are legacy interfaces from before the
     advent of modern virtual memory management.  They are deprecated and n=
ot
     present on the arm64 or riscv architectures.  The mmap(2) interface
     should be used to allocate pages instead.

     The brk() and sbrk() functions are used to change the amount of memory
     allocated in a process's data segment.  They do this by moving the
     location of the =E2=80=9Cbreak=E2=80=9D.  The break is the first addre=
ss after the end of
     the process's uninitialized data segment (also known as the =E2=80=9CB=
SS=E2=80=9D).

aslr_honor_sbrk determines whether the kernel reserves a region for
brk/sbrk to grow into. If set to 1 the kernel reserves this area, and
randomly-addressed mappings will not be placed there.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPyFy2Bo9Lps_xmq9tMut-zesGG9fndEWgW309xLzmfPdHb77Q>