From owner-freebsd-arch@FreeBSD.ORG Sun Jul 20 20:19:02 2014 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C14DBED4; Sun, 20 Jul 2014 20:19:02 +0000 (UTC) Received: from mail-qa0-x22d.google.com (mail-qa0-x22d.google.com [IPv6:2607:f8b0:400d:c00::22d]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 5B50927BD; Sun, 20 Jul 2014 20:19:02 +0000 (UTC) Received: by mail-qa0-f45.google.com with SMTP id cm18so4412336qab.4 for ; Sun, 20 Jul 2014 13:19:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; bh=Q/3cahY3EhOrJM4XMnzJhiubmem7jQD2zo2lxjN1Zmg=; b=BJlNjoQqwV2ImmKwpW0kj4X1vtA88OkiyIT4/l/BtkZ6AzIQvKft1mVv2VGrvbHhGz MbU8AVDWinFKPOfuoTR7aj33EwMzi0LBC5aDoZDmHdxcHAMs5aqwNqusjD9MHUEgr3kj mbQ09mJq3w2HxfC4ljrNMHQv18JgFKYEYhLOy26tHERwuyAI/RpSjMggFeS4SmmSMqBp wP6dxUFprijuzSbqJ8koNFvTW63gnYueODwzFGxusnVc+qxGjLs2FUV0kZbRKgu/ghk3 UphJnjR9IypmFP7XLBWpMZKRisgStIDirXcwbF01wiNDM7gNdHwn5MV1CLzzWH/qimBt ZNXQ== X-Received: by 10.140.51.235 with SMTP id u98mr31141307qga.69.1405887541486; Sun, 20 Jul 2014 13:19:01 -0700 (PDT) Received: from pwnie.vrt.sourcefire.com (moist.vrt.sourcefire.com. [198.148.79.134]) by mx.google.com with ESMTPSA id s9sm13773435qge.42.2014.07.20.13.19.00 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 20 Jul 2014 13:19:00 -0700 (PDT) Date: Sun, 20 Jul 2014 16:18:58 -0400 From: Shawn Webb To: Pedro Giffuni Subject: Re: [RFC] ASLR Whitepaper and Candidate Final Patch Message-ID: <20140720201858.GB29618@pwnie.vrt.sourcefire.com> References: <96C72773-3239-427E-A90B-D05FF0F5B782@freebsd.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="uZ3hkaAS1mZxFaxD" Content-Disposition: inline In-Reply-To: <96C72773-3239-427E-A90B-D05FF0F5B782@freebsd.org> X-PGP-Key: http://pgp.mit.edu/pks/lookup?op=vindex&search=0x6A84658F52456EEE User-Agent: Mutt/1.5.23 (2014-03-12) Cc: PaX Team , freebsd-arch@freebsd.org, Oliver Pinter , Bryan Drewery X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Jul 2014 20:19:02 -0000 --uZ3hkaAS1mZxFaxD Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Jul 19, 2014 06:35 PM -0500, Pedro Giffuni wrote: > (Assuming @FreeBSD addresses are subscribed to arch, or check the archive= s) >=20 > FWIW, >=20 > The issues I pointed out are still standing: >=20 > - It is yet undetermined what the performance effect will be, and it is n= ot clear (but seems likely from past measurements) if there will be a perfo= rmance hit even when ASLR is off. > -Apparently there are applications that will segfault (?). So I have an old Dell Latitude E6500 that I bought at Defcon a year or so ago that I'm doing testing on. Even though it's quite an underpowered laptop, I'm running ZFS on it for BE support (in case one of our changes kills it). I'll run unixbench on it a few times to benchmark the ASLR patch. I'll test these three scenarios: 1) ASLR compiled in and enabled; 2) ASLR compiled in and disabled; 3) ASLR compiled out (GENERIC kernel). In each of these three scenarios, I'll have the kernel debugging features (WITNESS, INVARIANTS, etc.) turned off to better simulate a production system and to remove just one more variable in the tests. I'll run unixbench ten times under each scenario and I'll compute averages. Since this is an older laptop (and it's running ZFS), these tests will take a couple days. I'll have an answer for you soon. >=20 > I wouldn?t object to see it in the tree though: it has obviously been the= result of a lot of work and it is configurable and well integrated. It wil= l certainly have to be some time in the tree and undergo extensive testing = before turning it on by default though so it sounds reasonable to bring it = in but leave it initially inactive. That's great to hear. Oliver and I didn't make the PAX_ASLR option default in the GENERIC kernel, so there really isn't anything that needs to happen to make ASLR disabled by default. It's up to the user to add the PAX_ASLR option to their kernel config. The same goes for the WITH_PIE {src,make}.conf tunable. Thanks, Shawn --uZ3hkaAS1mZxFaxD Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBAgAGBQJTzCQxAAoJEGqEZY9SRW7u+8MP/jCJ+0DvnNNuDn61qzFI77cl lNJm4ZA1nZAhtNsa6spKn8obRs+woh5IgG+isKDsa2T6TEjJA3QbhQg8n9EWgstp mt29kZ8V51dMpN/QiGiVLBP6Jz3JtEFIf5vVuXWrAxkqozYqNHdJmPdE56fXRqjd 2jVao+Vms3M8aB1wCi9j1APhi01NdmgZNMxA/Z+X/yUN3FMJ67IwxuXBbzlwV9Kk 73LCXBpebaauRuMXblS+ZizNg2Qqzo29NUVDjkru3tos2sN63meFlK/UvwhXPMwe aHY9h0Q9NE6mecXILbAkB2NwaWFNBXZ1cOUyHPXxy/bv5Fhq4sk4TO5SvsTO/RqW AxVCqe1qEf1FfAIg/cRIOSc2NpV2fePQ48kB3R+yd7soy3RX7Qivyt/fPJNAdVzM b/5C+EYDz6BGJcyNzUhdAB/IxrXLhT+0nck8l59A6Xzklh1xvq2NdK9LBa1GW/AH H3OZ5DEmDk/Y6boULbphMi3YlxqDR17N/NN8nxubJIqBQ7o2zHtUlXNKP1OeqDMa jTh23A2AiD5jl6plWVxdTxZ/kNx0WiPlqcYOuN9r3H37iuSx/XHkBwVNf8W6w2me RZaHkxzrn65QkVCOk4+LeVKAe7mADspv9x+L8snsHfM3/uH+nQ9H0mHZuKwUgD1V sSXnZ1E5qkU9PtrBER2h =w2Cz -----END PGP SIGNATURE----- --uZ3hkaAS1mZxFaxD--