From owner-freebsd-security@FreeBSD.ORG Wed May 14 17:10:04 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 02348558; Wed, 14 May 2014 17:10:04 +0000 (UTC) Received: from mail-qg0-x231.google.com (mail-qg0-x231.google.com [IPv6:2607:f8b0:400d:c04::231]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 7DB992451; Wed, 14 May 2014 17:10:03 +0000 (UTC) Received: by mail-qg0-f49.google.com with SMTP id a108so3271609qge.36 for ; Wed, 14 May 2014 10:10:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; bh=NKDnTiMs+LE6X4YRIDqGx9ycepCEUctPytISwVTq5/w=; b=PNCBPUtqN3WCFrqLE05XYHJkpWV6Wd3R4SFN8SSEH1N63ASVAeUTWelZZDxNs8UVor H0RXqGdqtB68WHlZ3Y6bwHIkh1VsEG1JOrohq/0rjSdu9/E3SCG9yynw4Gltw8Xl7PhN gU/7lHLICcJ8669CebUGJrGNgUTKsFM2b23u0hCtkmzWfBRWNe2hmyPKAV5obBmPlciI EdJPOppDAKV7TmTU1m6rhioi7TOz2b8GTZLM8DldkAm3dhg0WFquj8GGiDMtdLTIW4Wl rDz4lysf3BI1dmOHYW+HhdLcgXWcM2FP3lij0F8ep0PhC9OOdW4hXXSuYdvZIpEg47RE 2VRg== X-Received: by 10.140.95.80 with SMTP id h74mr7742148qge.2.1400087402642; Wed, 14 May 2014 10:10:02 -0700 (PDT) Received: from pwnie.vrt.sourcefire.com (moist.vrt.sourcefire.com. [198.148.79.134]) by mx.google.com with ESMTPSA id y3sm3695714qaj.49.2014.05.14.10.10.01 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 14 May 2014 10:10:01 -0700 (PDT) Date: Wed, 14 May 2014 13:09:59 -0400 From: Shawn Webb To: Adrian Chadd Subject: Re: [CFT] ASLR, PIE, and segvguard on 11-current and 10-stable Message-ID: <20140514170959.GA31277@pwnie.vrt.sourcefire.com> References: <20140514135852.GC3063@pwnie.vrt.sourcefire.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="nFreZHaLTZJo0R7j" Content-Disposition: inline In-Reply-To: X-PGP-Key: http://pgp.mit.edu/pks/lookup?op=vindex&search=0x6A84658F52456EEE User-Agent: Mutt/1.5.23 (2014-03-12) Cc: freebsd-security@freebsd.org, freebsd-current , FreeBSD Stable Mailing List X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 May 2014 17:10:04 -0000 --nFreZHaLTZJo0R7j Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable It runs on all architectures FreeBSD supports. The question is how well it runs. The wider the testing, the better the code, of course. We're actively testing on amd64 and i386 with limited testing on sparc64 and ARM. I've been running with this patches on amd64 on multiple machines for months. amd64 is rock solid from my experience. But your mileage may vary, hence the CFT. :-) Thanks, Shawn On May 14, 2014 10:02 AM -0700, Adrian Chadd wrote: > Hi! >=20 > Cool! Does it run on MIPS? :P >=20 >=20 > -a >=20 >=20 > On 14 May 2014 06:58, Shawn Webb wrote: > > Hey All, > > > > [NOTE: crossposting between freebsd-current@, freebsd-security@, and > > freebsd-stable@. Please forgive me if crossposting is frowned upon.] > > > > Address Space Layout Randomization, or ASLR for short, is an exploit > > mitigation technology. It helps secure applications against low-level > > exploits. A popular secure implementation is known as PaX ASLR, which is > > a third-party patch for Linux. Our implementation is based off of PaX's. > > > > Oliver Pinter, Danilo Egea, and I have been working hard to bring more > > features and robust stability to our ASLR patches. We've done extensive > > testing on amd64. We'd like to get as many people testing these patches. > > Given the nature of them, we'd also like as many eyeballs reviewing the > > code as well. > > > > I have a Raspberry Pi and have noticed a few bugs. On ARM (at least, on > > the RPI), when a parent forks a child, and the child gracefully exits, > > the parent segfaults with the pc register pointing to 0xc0000000. That > > address is always the same, no matter the application. If anyone knows > > the ARM architecture well, and how FreeBSD ties into it, I'd like a > > little guidance. > > > > I also have a sparc64 box, but I'm having trouble getting a vanilla > > 11-current system to be stable on it. I ought to file a few PRs. > > > > You can find links to the patches below. > > > > Patch for 11-current: > > http://www.crysys.hu/~op/freebsd/patches/20140514091132-freebsd-current= -aslr-segvguard-SNAPSHOT.diff > > > > Patch for 10-stable: > > http://www.crysys.hu/~op/freebsd/patches/20140514091132-freebsd-stable-= 10-aslr-segvguard-SNAPSHOT.diff > > > > Thanks, > > > > Shawn Webb --nFreZHaLTZJo0R7j Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQIcBAEBAgAGBQJTc6NnAAoJEGqEZY9SRW7u6+AP/0uOILtPQTmgOjtBOVYTmula sHDK1jwa6QQOTgRhUf6Nep76gUmeyOEBCCv8ExJB9YoOHF3ndLydz8RhkxEvHOWv RLEfmVf8ZFIw0flP9NPlzOdgleOmxFekzOSUUQR8B/bIRGprrDCBfob7CpoKNp79 ygKJQgICmz651n3fLGH7NZyHe+Iw4X1Et8EMfRNyemjB1+X3IKB4egdntXe/qbAk +Viig7g5A8iGUFZ9vtPfJjSMMccIkWTTsI9rgajhOtR1GRA3Cx69dqclkgMB4Ijl yekMf3iuUcmvMVddIRcszi+5WXXUIFGTdu2eNxhJqf6ejB51vDo9CoV0cfrtFRfz RT1f2S/rcl6+m7wexvv/R7yoDYJTebDQoN0M3zH7SrmeTc7LkYRPaLlDbnKKp1Q7 IR+ia/46ypDprnFtNw3tg9zah2bsGo93eQyBgOx2lzADMZKBVf27mFTVRwH4dDd/ 87TugPAMfK/ViiF4mZ7yuQEJRYcaHMUVx4ayS1xUuBAF+VbNYxR3minpZKKy3Le0 6PZMifTYCgM+D3ny6iUYVhIx5XzBTNnrWMJgOg7p/PYVY9jRW7U9/7hZS57koE1b jzr9wtu+Zp5jH5V1UwBXngW9+6854bV/5dveF0bh2PqB2bEPvWtNBscaY8B/9GSd JmLQ73v8jEpfcK73TqJ9 =a9Ka -----END PGP SIGNATURE----- --nFreZHaLTZJo0R7j--