Date: Wed, 20 May 2015 13:29:24 -0400 From: Shawn Webb <shawn.webb@hardenedbsd.org> To: Oliver Pinter <oliver.pinter@hardenedbsd.org> Cc: Pedro Giffuni <pfg@freebsd.org>, "freebsd-arch@freebsd.org" <freebsd-arch@freebsd.org> Subject: Re: ASLR work into -HEAD ? Message-ID: <1432142964.4153.19.camel@hardenedbsd.org> In-Reply-To: <CAPQ4fftbUUSMHYXjOD-yO0ZzxdKwXzd5LA5AycrEyKMT3o63xw@mail.gmail.com> References: <555CADB6.202@FreeBSD.org> <CAPQ4fftbUUSMHYXjOD-yO0ZzxdKwXzd5LA5AycrEyKMT3o63xw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--=-kYBWlsHTBVQVo7E2d+nL Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Wed, 2015-05-20 at 18:31 +0200, Oliver Pinter wrote: > On 5/20/15, Pedro Giffuni <pfg@freebsd.org> wrote: > > Hello Shawn; > > > > What ever happened to the performance, does it still have a > > noticeable effect even when disabled? >=20 > We should ask to run an exp-run again with/without/disabled ASLR. >=20 > > > > I have no technical opinion on the patch, but ... > > > > TBH, the problem I see is that ASLR is so widespread that every > > potential attacker already knows how to defeat it. Yes, it is meant > > only as a mitigation technique but if it only buys you 5 min. > > (at most) I don't see much advantage in obfuscating the VM. >=20 > Hi Pedro! >=20 > Explain the situation, when someone release an exploit against one > system without ASLR. The attacker hard code the address of the > specific code, and try it against the whole internet. > In this case all of the try will success. Then explain the other > situation, when the system has ASLR. In this case the exploit in the > majority fails, and the attacker must to try multiple times to attack > the system. This is very large cost on their side... >=20 > Sometimes this 5 minutes means that the attacker could break in or > not. Most of the average attackers does not have the knowledge, how to > bypass the ASLR. Yes, there exists automated ROP generator and other > tools, and articles about blink ROP effectiveness, but in the real > life the ASLR is a must have. >=20 > The ASLR would much more efficient, when segvguard or similar brute > force prevention solution existing in the system. Pedro, I'd like to echo what Oliver just said above and provide some additional insight. There's no "end-all-be-all" solution to security. Proper security solutions implement layer upon layer to make life frustrating for an attacker. It's about buying time and forcing your adversary to spend time and resources to successfully exploit a vulnerability. No knowledgeable security researcher claims ASLR is unexploitable. It's simply another layer. Since it's very effective at making an attacker spend resources for successful exploitation, it's generally one of the first exploit mitigation techniques implemented. It provides a great foundation on which to implement further exploit mitigation techniques. Some say ASLR is useless as there are techniques to defeat it ([B]ROP). Those techniques aren't 100% effective and often crash applications they attempt to exploit prior to successful exploitation. As Oliver pointed out, use of SEGVGUARD (which HardenedBSD has, but is not included in our ASLR patch) in conjunction with ASLR is an effective countermeasure. Again, we're not marketing ASLR as the end-all-be-all solution for exploit mitigation. It's simply an effective layer of that delicious security onion we've all come to love. Let's frustrate our adversaries and force them to peel back more layers! I agree that FreeBSD ought to do EXP-RUNs with ASLR enabled, disabled, and completely removed for comparison. FreeBSD last year ran a ports EXP-RUN with ASLR enabled versus vanilla FreeBSD with the results showing no measurable overhead. Thanks, Shawn Webb --=-kYBWlsHTBVQVo7E2d+nL Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAABCgAGBQJVXMR0AAoJEGqEZY9SRW7ucmEP/2NtSt4uZjz3PL6I5k6qGXya oars80lX6fjORTqAY/cZWyOZid3n0v0QwNtyZCmfF3le6TnobM4B8fQ7U9/DDmPf 4GoaOuLnMG5A3EJqpP9sz0JP1N4xfNeAIJNq+UTD6XPp5YG0M9OdKaF2Rtg/rBvh DeNvuGU9CokO30W5+0dKbXOUd6DhT/694vPPCWSpPOiGWmY9XzZUiF4tfc9II16S /hBsy4rhx/C2+M1dVkh4j1wpII1kO/IfyukyRkva2sxGjs5a8s0l4D5bALVrVWn2 FPMas3WfTmSuGknXBMx3rU2b/ZaO5lGVWudtMduRL6fAKaTyu56s1eii2/J12ZN/ Gd9928nbzQhn528k87Kp4FMGe/kYbflZRjnt3OEu6qc8iR5jQmNDpSj+qxwQD5Eq Y0eGC/CjKUzvMIo1Ku0ynJDCpqTgT/QDid14NhUQjmqjvyNdCo2WINacffhr5XzX zW31ue87BeNbc8Lx67sH2wWwdWLkmn/p/E5E9SQ7o2/er2o3UEjrbZ7draDgzNnr A1bCf4KfZtghajcgtPccIKIYtQ2yLzvN4mgdsMZc6NyDkTRgmausbAC6VTzMwfU3 csOsEBd27aAAhB/g02ftRUQUNki5OmXbZfMSMIYrY/fBFz6iMXKeIhMvaAB1GdYQ QDduUigAq8nWc0a/EbPY =FG5a -----END PGP SIGNATURE----- --=-kYBWlsHTBVQVo7E2d+nL--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1432142964.4153.19.camel>