From owner-freebsd-hackers@freebsd.org Tue Apr 23 13:12:56 2019 Return-Path: Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7D7F1159A55B for ; Tue, 23 Apr 2019 13:12:56 +0000 (UTC) (envelope-from m.bryn1u@gmail.com) Received: from mail-lj1-x231.google.com (mail-lj1-x231.google.com [IPv6:2a00:1450:4864:20::231]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 19C0B718A7 for ; Tue, 23 Apr 2019 13:12:55 +0000 (UTC) (envelope-from m.bryn1u@gmail.com) Received: by mail-lj1-x231.google.com with SMTP id f18so13439952lja.10 for ; Tue, 23 Apr 2019 06:12:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=pbHu3kXasXfQ1AJlRB7kyVMH4V/DXw7IM5Up4bY77c0=; b=jsEGB/jiY9hZ0ApQD5rPbJTC9xWpo4DsE/qRQYDfQsA5fLerkRdcn5JDe+eza16k7U fILxEu8X2XbsHQtr+CHmRSfy92woLwnAk9XivPUqIjsXzCKhcWA55nJw6glgZQlBO0K1 +BrErzECFwuVXiqU+Wk4iESM3zgRmpo4v2Kvm5L/vhYF79UybXku8nSeN0OpVMSnEc48 tysQyqoa24S2l+ShdZkqsRGvj+fvIgIO/Mz+Bt3LJrK5/VUoGdpz85TCRcFnGaTdfNHK +DP3jm++bBFRiE6UnJgMXw1r3y8gjluMACq7Ui1hl04kMZGDxYrAfVLaG7XtSU6YHtFl ZIxA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=pbHu3kXasXfQ1AJlRB7kyVMH4V/DXw7IM5Up4bY77c0=; b=SMwU3uPwOYoDB1cCSJ9HVbe8Wp1jZ5TkpTBifmlYVznOcyxMlUBC6pnHyrdqZqKH6g ijOx9zLuSISmy/fcrupueFiRopruNQa8/BsCpd6NcM20l/xuvhzmvU+/VhD4EcRDusmJ ybbVTjf9QDQdZ+SMVOIv4Jqi0cGJMv2d2oMpcLYyQvxHP0rE9bS7bbRCvF6aYUBJvuVo fLZkQb0rMdX7lB4p5h/cN+yFugmCHzHda7M6RzswdUUZGwa4o+IqH2zF9QNe4oeGCUZl sZLlgWMXVxl46CmonY3Mn6wIzbOqHDcStvrKRHRNI1hnZNNgGLuJ+5JlQl5r2Kx8pY0K MsgQ== X-Gm-Message-State: APjAAAV3pM8PMPKKvFCQjgZlVYtENvOU3vdmiKOxkifLB83vhUH+pHvs 37k8pcGv3oPhFt9R6swhILkEhZBe+QZkrwtQA174pA== X-Google-Smtp-Source: APXvYqyc7FeX4sLtfpQPhoOZkW3OZXqOq0TZLN6rSU8WjYGn2O7fE4L5ozRrBoon/gEBFutZmY7j5BK0evCip6V5Teg= X-Received: by 2002:a2e:5301:: with SMTP id h1mr13340345ljb.196.1556025173558; Tue, 23 Apr 2019 06:12:53 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: bryn1u85 Date: Tue, 23 Apr 2019 15:12:42 +0200 Message-ID: Subject: Re: W^X support in FreeBSD To: =?UTF-8?Q?Kornel_Dul=C4=99ba?= Cc: FreeBSD Hackers X-Rspamd-Queue-Id: 19C0B718A7 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=jsEGB/ji; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of mbryn1u@gmail.com designates 2a00:1450:4864:20::231 as permitted sender) smtp.mailfrom=mbryn1u@gmail.com X-Spamd-Result: default: False [-6.78 / 15.00]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36]; FREEMAIL_FROM(0.00)[gmail.com]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com]; NEURAL_HAM_SHORT(-0.94)[-0.941,0]; FROM_EQ_ENVFROM(0.00)[]; RCVD_TLS_LAST(0.00)[]; MIME_TRACE(0.00)[0:+,1:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; TAGGED_FROM(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[1.3.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.5.4.1.0.0.a.2.list.dnswl.org : 127.0.5.0]; IP_SCORE(-2.83)[ip: (-9.45), ipnet: 2a00:1450::/32(-2.37), asn: 15169(-2.26), country: US(-0.06)]; RCVD_COUNT_TWO(0.00)[2] Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Apr 2019 13:12:56 -0000 Hey Kornel, Im just curious why just don't u use HardenedBSD instead FreeBSD ? Either HardenedBSD has ports hardened including fstack-protector-all, SafeStack and Control Flow Integrity wt., 23 kwi 2019 o 13:18 Kornel Dul=C4=99ba napisa=C5= =82(a): > Hello, > > After doing some research I've noticed that FBSD is pretty much the only > *BSD system without support for some sort of W^X policy. > Also said policy is implemented in HardenedBSD which looks pretty much > similar to FBSD. > Would there be interest in reviewing/merging a patch that imports W^X > (PAGEEXEC and MPROTECT) from HardenedBSD? > I suppose that it would have to be disabled by default, as it breaks some > things such as JIT. > > Regards > Kornel Dul=C4=99ba > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org= " >