From owner-freebsd-arch@FreeBSD.ORG Wed May 20 17:24:56 2015 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 958A3F63 for ; Wed, 20 May 2015 17:24:56 +0000 (UTC) Received: from nm31-vm6.bullet.mail.bf1.yahoo.com (nm31-vm6.bullet.mail.bf1.yahoo.com [72.30.239.14]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 365EA1828 for ; Wed, 20 May 2015 17:24:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1432142694; bh=+oqt1TCbMyyZ9RXhk4rRWtWRq9swlL7gYBiy04zEH7U=; h=Date:From:To:Subject:References:In-Reply-To:From:Subject; b=uDOEtn0ZltwTjyH/+VeI6n3ZfAjG83GC5pRi3prFMPemrDMjWpcsGde6jvFqAvqwjwS1TS6wt5GoHgCFReDJWdiWNwYU3kzVyNs6os1TBR9RlLXWD2BGLhhvBT7s9mofhGKGqV+xJ5LD0cbT02le5vU2uakkOXyi4v2lQT2OuMg7KxroeBsbc6J9ws2OAWJ34o6up/pnphACD6abzUyzLbxxHyqklQRD9FVa7OPwUyA6U8ZtbhW4+CqefiGJCwFlejJiH8zwsSS2b8nLBJSdtqqx4A90VG7gC3bXm9TbxXtA4QlvJknXBVvekjpZZq23IShqFaUR/vEkUW8r48OOng== Received: from [98.139.170.180] by nm31.bullet.mail.bf1.yahoo.com with NNFMP; 20 May 2015 17:24:54 -0000 Received: from [98.139.211.198] by tm23.bullet.mail.bf1.yahoo.com with NNFMP; 20 May 2015 17:24:54 -0000 Received: from [127.0.0.1] by smtp207.mail.bf1.yahoo.com with NNFMP; 20 May 2015 17:24:54 -0000 X-Yahoo-Newman-Id: 284963.28127.bm@smtp207.mail.bf1.yahoo.com X-Yahoo-Newman-Property: ymail-3 X-YMail-OSG: N.nIX1AVM1kiydi6vDxpLC183aG5UHNqq.aDQ3yDpRKctcI AL9kZL9s07nRmgxCru1v8yY2wtCXobcm6Gq40dnNxDguY9sEysY3yuXJAr4J Bb1W0NOyfrVpgfMPq5tgESgAdtyjZHruOaSXs6Q0jQ4lojK9C0aoXPe5Bh34 uW8iktNnCm62upHaGQIDJiHddZ6NFdnpDVLOq01hl.DtziMNCB7BYavaq80x fjAOLDcPNSscpqw2VoeNItAp2agnFpeykxyN7JIX8ELTFqfj_uoOd._Dtq4n WZpmqCGB7PIU8I5mY9sPQzXaJXQe3pfvggXnyEGTdCRtHyx0uQuSEwFtfRlF BK_ePPCbaUt2AQr32GwcN6GNHNVzEoFEXl3n_f_mQbjfBypdjMyisRcrSe20 CBnqzHucTa8guXzkG2qT19SqdG80yITM_XFdwZxftfkzl7rUCJkOLCtIPddu CKTb7QZmfLbjtq4he0YMCmPmkJdojG8MHSfRkXf1KfSeOrnDT5pGqkZJz1rZ ejV1Y6w6cPIQ3ydYlpDY8deNCe9_s9Sc2 X-Yahoo-SMTP: xcjD0guswBAZaPPIbxpWwLcp9Unf Message-ID: <555CC369.1030206@FreeBSD.org> Date: Wed, 20 May 2015 12:24:57 -0500 From: Pedro Giffuni User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0 MIME-Version: 1.0 To: Oliver Pinter , Shawn Webb , freebsd-arch@freebsd.org Subject: Re: ASLR work into -HEAD ? References: <555CADB6.202@FreeBSD.org> In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 May 2015 17:24:56 -0000 On 05/20/15 11:31, Oliver Pinter wrote: > On 5/20/15, Pedro Giffuni wrote: >> Hello Shawn; >> >> What ever happened to the performance, does it still have a >> noticeable effect even when disabled? > We should ask to run an exp-run again with/without/disabled ASLR. > So there's not much done in that sense :(. >> I have no technical opinion on the patch, but ... >> >> TBH, the problem I see is that ASLR is so widespread that every >> potential attacker already knows how to defeat it. Yes, it is meant >> only as a mitigation technique but if it only buys you 5 min. >> (at most) I don't see much advantage in obfuscating the VM. > Hi Pedro! > > Explain the situation, when someone release an exploit against one > system without ASLR. The attacker hard code the address of the > specific code, and try it against the whole internet. > In this case all of the try will success. Then explain the other > situation, when the system has ASLR. In this case the exploit in the > majority fails, and the attacker must to try multiple times to attack > the system. This is very large cost on their side... My claim is that the majority of "professional" breachers and governments already have ASLR workarounds pre-coded and ready to launch. Finding an exploit is more difficult than beating ASLR so they are not going to hint everyone that they have an exploit until they can take all the linux/windows/MacOSX at the same time. The cost for the NSA and/or anonymous to step on ASLR is zero. > Sometimes this 5 minutes means that the attacker could break in or > not. Most of the average attackers does not have the knowledge, how to > bypass the ASLR. Yes, there exists automated ROP generator and other > tools, and articles about blink ROP effectiveness, but in the real > life the ASLR is a must have. I think (and see it's just my opinion), that it was a must have 5 years ago, but now any such measure is futile. Capsicum everywhere would be better spent effort. > The ASLR would much more efficient, when segvguard or similar brute > force prevention solution existing in the system. > Define efficient .. performance with PIE and other measures is certainly hit and very likely there is an energy cost as well, so energetically you could consider it a waste of resources. And, just to clarify, I am not in any way against your work: I would personally like to have the option to use ASLR but off by default. If I do turn it on sometime, I won't want any one else to turn it off (even for debugging). Pedro.