Date: Sat, 24 May 2014 01:24:30 +0200 From: Oliver Pinter <oliver.pntr@gmail.com> To: Shawn Webb <lattera@gmail.com> Cc: freebsd-security@freebsd.org, freebsd-current@freebsd.org, freebsd-stable@freebsd.org Subject: Re: [CFT] ASLR, PIE, and segvguard on 11-current and 10-stable Message-ID: <CAPjTQNG9pGLbDF7a8b%2B9s_NRD3Rq-sLnj7AXczjB=Ko_S44C3A@mail.gmail.com> In-Reply-To: <20140514135852.GC3063@pwnie.vrt.sourcefire.com> References: <20140514135852.GC3063@pwnie.vrt.sourcefire.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 5/14/14, Shawn Webb <lattera@gmail.com> wrote: > Hey All, > > [NOTE: crossposting between freebsd-current@, freebsd-security@, and > freebsd-stable@. Please forgive me if crossposting is frowned upon.] > > Address Space Layout Randomization, or ASLR for short, is an exploit > mitigation technology. It helps secure applications against low-level > exploits. A popular secure implementation is known as PaX ASLR, which is > a third-party patch for Linux. Our implementation is based off of PaX's. > > Oliver Pinter, Danilo Egea, and I have been working hard to bring more > features and robust stability to our ASLR patches. We've done extensive > testing on amd64. We'd like to get as many people testing these patches. > Given the nature of them, we'd also like as many eyeballs reviewing the > code as well. > > I have a Raspberry Pi and have noticed a few bugs. On ARM (at least, on > the RPI), when a parent forks a child, and the child gracefully exits, > the parent segfaults with the pc register pointing to 0xc0000000. That > address is always the same, no matter the application. If anyone knows > the ARM architecture well, and how FreeBSD ties into it, I'd like a > little guidance. > > I also have a sparc64 box, but I'm having trouble getting a vanilla > 11-current system to be stable on it. I ought to file a few PRs. > > You can find links to the patches below. > > Patch for 11-current: > http://www.crysys.hu/~op/freebsd/patches/20140514091132-freebsd-current-aslr-segvguard-SNAPSHOT.diff > > Patch for 10-stable: > http://www.crysys.hu/~op/freebsd/patches/20140514091132-freebsd-stable-10-aslr-segvguard-SNAPSHOT.diff > > Thanks, > > Shawn Webb > New round of patches are there: 11-CURRENT: http://www.crysys.hu/~op/freebsd/patches/20140524011327-freebsd-current-aslr-segvguard-SNAPSHOT.diff 10-STABLE: http://www.crysys.hu/~op/freebsd/patches/20140524011327-freebsd-stable-10-aslr-segvguard-SNAPSHOT.diff What's changed related to previous tag: 11-CURRENT: Oliver Pinter (17): PAX ASLR: update license in kern_pax_aslr.c PAX: update license in kern_pax.c PAX SEGVGUARD: update license in kern_pax_segvguard.c PAX: update license in pax.h PAX ASLR: remove unneeded parameter from pax_aslr_stack function PAX LOG: implement new logging subsystem PAX LOG: fix pax_ulog_segvguard PAX LOG: added sysctl's and tunables PAX ASLR: use PAX LOG PAX LOG: fix pax_ulog_##name() PAX LOG: fix prison init PAX LOG: fixed log and ulog sysctl PAX ASLR: fixed debug sysctl PAX: blacklist clang and related binaries from PIE support PAX ASLR: make ASLR by default opt-out Merge remote-tracking branch 'freebsd/master' into hardened/current/aslr Merge branch 'hardened/current/aslr' of github.com:HardenedBSD/hardenedBSD into hardened/current/aslr Shawn Webb (10): Remove CAN_PIE in preparation for NO_PIE Merge remote-tracking branch 'upstream/master' into hardened/current/aslr PAX ASLR: Blacklist the applications that don't support being built as a position-independent executable Merge remote-tracking branch 'upstream/master' into hardened/current/aslr Disable PAX_SEGVGUARD in LATT-ASLR kernel PAX ASLR: Lock the jail when initializing PAX per-jail PAX settings PAX ASLR: Fix bug with pax_aslr_active() PAX ASLR: Use a full kernel config for LATT-ASLR Revert "PAX: blacklist clang and related binaries from PIE support" Revert "Revert "PAX: blacklist clang and related binaries from PIE support"" 10-STABLE: Oliver Pinter (20): PAX ASLR: update license in kern_pax_aslr.c PAX: update license in kern_pax.c PAX SEGVGUARD: update license in kern_pax_segvguard.c PAX: update license in pax.h PAX ASLR: remove unneeded parameter from pax_aslr_stack function PAX LOG: implement new logging subsystem PAX LOG: fix pax_ulog_segvguard PAX LOG: added sysctl's and tunables PAX ASLR: use PAX LOG PAX LOG: fix pax_ulog_##name() PAX LOG: fix prison init PAX LOG: fixed log and ulog sysctl PAX ASLR: fixed debug sysctl Merge remote-tracking branch 'freebsd/stable/10' into hardened/10/aslr Merge remote-tracking branch 'freebsd/stable/10' into hardened/10/aslr added OPN-ASLR kernel config PAX: Remove CAN_PIE in preparation for NO_PIE from /bin/sh PAX: blacklist clang and related binaries from PIE support PAX ASLR: make ASLR by default opt-out Merge remote-tracking branch 'freebsd/stable/10' into hardened/10/aslr Shawn Webb (4): PAX: Remove CAN_PIE in preparation for NO_PIE PAX ASLR: Blacklist the applications that don't support being built as a position-independent executable PAX ASLR: Lock the jail when initializing PAX per-jail PAX settings PAX ASLR: Fix bug with pax_aslr_active()
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPjTQNG9pGLbDF7a8b%2B9s_NRD3Rq-sLnj7AXczjB=Ko_S44C3A>