Date: Sun, 28 Feb 2021 14:23:35 +0200 From: Toomas Soome <tsoome@me.com> To: "dmilith ." <dmilith@gmail.com> Cc: Ihor Antonov <ihor@antonovs.family>, Warner Losh <imp@bsdimp.com>, FreeBSD Current <freebsd-current@freebsd.org>, Gordon Bergling <gbe@freebsd.org>, Ed Maste <emaste@freebsd.org> Subject: Re: HEADS-UP: PIE enabled by default on main Message-ID: <49B22332-AE96-4E51-A5A8-DFE4261499C5@me.com> In-Reply-To: <CAJQ5Jng353Hipe1LuN4RskgPFLtF-hboGM4m0MOj=%2BN%2B4aaSXw@mail.gmail.com> References: <CAPyFy2CyxG=Bj8T22ixW3=E3dv6mPoZRwJ_VSN%2BTwky95rUYYw@mail.gmail.com> <YDk/G50NWjeoia33@lion.0xfce3.net> <YDlEs6tA9e9VJJ0C@kib.kiev.ua> <YDlMykRXkT03y6Kt@lion.0xfce3.net> <YDroC3avOcPeQh0W@kib.kiev.ua> <20210228043411.mj7l5wkwj46neurv@localhost> <CANCZdfoub0mpJti6bkKsTRS2gTi_fjjVc2QniWVMkSWwSnMxNg@mail.gmail.com> <20210228062442.qk5nkzxt4msw2cgm@localhost> <CAJQ5Jng353Hipe1LuN4RskgPFLtF-hboGM4m0MOj=%2BN%2B4aaSXw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 28. Feb 2021, at 13:27, dmilith . <dmilith@gmail.com> wrote: >=20 > First of all - ALSR is designed as mitigation for external attacks, > not internal ones (logged in user). > Second - Linux and FreeBSD both have weak implementations in > comparison to PAX-driven ones. Try attacking the system with > Grsecurity or HardenedBSD (both use the strongest ASLR available > AFAIK). >=20 > Saying that security mitigation features that affect no performance > are "meaningless", is just ridiculous or at least just irresponsible. > It's like telling C programmers that stack protection or out of bounds > checks are bad, cause there's nothing wrong with random SEGFAULTS from > time to time=E2=80=A6 >=20 You seem to forget that those mechanisms are there exactly because = programmers are not caring about random faults from time to time:D With = correct code, one would not need mechanisms like ALSR.=20 rgds, toomas >=20 > On 28/02/2021, Ihor Antonov <ihor@antonovs.family> wrote: >> On 2021-02-27 22:29, Warner Losh wrote: >>> On Sat, Feb 27, 2021 at 9:34 PM Ihor Antonov <ihor@antonovs.family> >>> wrote: >>>=20 >>>>>=20 >>>>> But isn't it well-known that ASLR/ASR/any-related-buzzwork does = not >>>>> add >>>>> any security, except imaginary? The only purpose of it is to have = a >>>>> check-list item ticked green. >>>>=20 >>>> I don't know if I should parse this as sarcasm (or any other form = of >>>> "humor") or is a serious statement? But this does leave me with a = whole >>>> bunch of questions.. >>>>=20 >>>> If this is really how Konstantin is describing it then is it OK to = say >>>> about this to the whole Internet? Why FreeBSD Foundation is paying = for >>>> meaningless work then? Why members of the Core team do this work? = Does >>>> this mean that FreeBSD is working to satisfy the silly needs of = some >>>> fat >>>> customer? What about project independence and not being controlled = by >>>> big money? >>>>=20 >>>> Where can I read about ASLR and security myths? >>>=20 >>> Why not spend time and explain why this does not work? >>>>=20 >>>=20 >>> Not to rise to the baitiness of all these leading questions (they = really >>> are quite contrary to how our community usually comports itself, but = for >>> the sake of civil discourse, I'll ignore).... >>>=20 >>> I'll bet it has something to do with the many known ASLR attacks. = One is >>> chronicled in https://www.vusec.net/projects/anc/ and elsewhere, = which >>> show >>> how MMU side channels can defeat ASLR. Or maybe he's familiar with = the >>> offset2lib attack against Linux 64-bit ASLR documented in this paper >>> = https://cybersecurity.upv.es/attacks/offset2lib/offset2lib-paper.pdf. >>> There's many others as well that show the shortcomings of ASLR and >>> disclose >>> ways to defeat it using various clever means. >>=20 >> Warner, thanks for the links. They are indeed interesting. >>=20 >>>> You clearly should mean something useful and much more important = than >>>> that, >>>=20 >>> Maybe he'd like to understand how PIE accomplishes better security = give >>> the >>> known ASLR weaknesses. And rather than take a sarcastic tone, he = asked >>> for >>> more details that back up the earlier claims of improved security so = we >>> could all learn something. >>=20 >> The conclusion of the paper in the second link clearly says: >>=20 >> We present a new weakness on the current implementationof the ASLR >> Linux systems which affects PIE compiled ex-ecutables. = Applications >> compiled with PIE are consideredto be more robust since it makes >> attacks more difficult. >>=20 >> Which I read as ASLR and PIE work better together. This is the same = what >> Gordon was saying. >>=20 >> The whole situation is wrong on 2 different levels. >>=20 >> First: saying that ASLR is not perfect and can be broken is not the = same >> thing as saying "The only purpose of it is to have a check-list item = ticked >> green" >>=20 >> There are no perfect security measures, and you guys (kernel and OS >> developers) should know that better than us (users). Hackers find new >> exploits, developers find ways to mitigate them and cycle repeats. = Just >> the fact that ASLR can be broken is not the reason to not have it. >>=20 >> Second: look at this exchange from a distance >>=20 >> Ed: we are enabling security feature X, please rebuild your worlds.. >> Godron: great progress! go team! >> Konstantin: why do you think this is great progress? (implying it is >> not) >> Gordon: well, I heard feature X works best with feature Y >> Konstantin: feature Y is useless checkbox, next time you speak make = sure >> you say something useful! >>=20 >> Considering the fact that Konstantin himself worked on ASLR this is = at >> least confusing.. Also does this also mean that feature X (PIE) is = also >> useless checkbox? >>=20 >> Konstantin, Ed, Warner - I dunno what is going on in your house = (Core) but >> it does not look good form the outside. You are sending mixed signals = to >> your auditory. >>=20 >>=20 >> _______________________________________________ >> freebsd-current@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-current >> To unsubscribe, send any mail to = "freebsd-current-unsubscribe@freebsd.org" >>=20 >=20 >=20 > --=20 > -- > Daniel Dettlaff > Versatile Knowledge Systems > verknowsys.com > _______________________________________________ > freebsd-current@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to = "freebsd-current-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?49B22332-AE96-4E51-A5A8-DFE4261499C5>