From owner-freebsd-security@freebsd.org Fri Sep 25 09:21:50 2015 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 324BCA078E7 for ; Fri, 25 Sep 2015 09:21:50 +0000 (UTC) (envelope-from milios@ccsys.com) Received: from cargobay.net (cargobay.net [198.178.123.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 13EF41436; Fri, 25 Sep 2015 09:21:49 +0000 (UTC) (envelope-from milios@ccsys.com) Received: from [10.5.65.227] (mobile-166-176-251-187.mycingular.net [166.176.251.187]) by cargobay.net (Postfix) with ESMTPSA id 79CC7E61; Fri, 25 Sep 2015 09:16:23 +0000 (UTC) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (1.0) Subject: Re: RFC Stack protector strong From: "Chad J. Milios" X-Mailer: iPhone Mail (13A344) In-Reply-To: <56043FEF.7040307@FreeBSD.org> Date: Fri, 25 Sep 2015 05:21:52 -0400 Cc: freeBSD-security@FreeBSD.org Content-Transfer-Encoding: quoted-printable Message-Id: <89B05640-7733-4FAA-8E2C-3209EC546837@ccsys.com> References: <56043FEF.7040307@FreeBSD.org> To: Pedro Giffuni X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Sep 2015 09:21:50 -0000 > On Sep 24, 2015, at 2:24 PM, Pedro Giffuni wrote: >=20 > (excuse me if you get this message repeated .. I hit the wrong list previo= usly) >=20 > Hello; >=20 > Our current stack protection is very weak (about 1-2 % coverage). > Google engineers have developed a new level of protection > (about 20% coverage) that according to Google and Redhat has > a negligible impact on performance. >=20 > I have opened a code review with a simple update to the default > setting for our stack protector: >=20 > https://reviews.freebsd.org/D3463/ >=20 > Sadly I haven't received much feedback. >=20 > I have no hurry to commit this but as stated in the review I think it > is worthwhile. I don=E2=80=99t expect any issue, but it would be better to= apply > this change soonish rather than later so any collateral issues are > detected and worked out with ample time before 11-Release. >=20 > Any objection? If there is no feedback I will just play with other > things. >=20 > Pedro. That URL did not work for me (404). I found what you are directing us toward= instead at https://reviews.freebsd.org/D3463 I like what I'm reading so far, alas I am a nobody. Could you clarify/elaborate what is meant when you say "coverage" and using t= hese approximate percentages as a metric? Compare and contrast the safestack= approach for us, if you would, as well. Please bear with me, I am a C novic= e and what I know about the magic of compilers could fit on a Post-it Note, t= he really small kind. While I acknowledge I have no place in this conversati= on, I think it would draw more people into the discussion if you'd be willin= g to educate us laypeople a little as attempting to teach often exposes the o= verlooked gaps in ones own knowledge. I understand the difference between a heap and a stack, the process model, t= he idea of a virtualized memory address space, kernel and user modes of exec= ution and that is about where my expertise ends. I have a vague understandin= g of how function calls happen, what a system call interface is, an ABI, an I= SA, buffer overflows and such as concepts but little experience with the mec= hanics of any of the aforementioned. I know that things like W^X and MMUs an= d some mythical "rings" exist to make our lives safer and more productive bu= t as for how they work or if we can trust them, I generally must defer to gr= eater minds whom I then judge by superficial traits such as the size and mes= siness of their beards and the variety and age of their shirts, both t- and H= awaiian. Without simply referring me to a full bookshelf of thousand-page books is th= ere a way people such as myself could become more helpful at assessing such a= change? If I enable this on a couple of systems what sorts of breakage or i= mpact should I be looking for? This is an invitation for anyone to enlighten me, not only the original post= er. I'm sure there are a hundred more lurkers afraid to ask. Thank you for contributing.=