Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 20 May 2015 13:29:24 -0400
From:      Shawn Webb <shawn.webb@hardenedbsd.org>
To:        Oliver Pinter <oliver.pinter@hardenedbsd.org>
Cc:        Pedro Giffuni <pfg@freebsd.org>, "freebsd-arch@freebsd.org" <freebsd-arch@freebsd.org>
Subject:   Re: ASLR work into -HEAD ?
Message-ID:  <1432142964.4153.19.camel@hardenedbsd.org>
In-Reply-To: <CAPQ4fftbUUSMHYXjOD-yO0ZzxdKwXzd5LA5AycrEyKMT3o63xw@mail.gmail.com>
References:  <555CADB6.202@FreeBSD.org> <CAPQ4fftbUUSMHYXjOD-yO0ZzxdKwXzd5LA5AycrEyKMT3o63xw@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help

--=-kYBWlsHTBVQVo7E2d+nL
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Wed, 2015-05-20 at 18:31 +0200, Oliver Pinter wrote:
> On 5/20/15, Pedro Giffuni <pfg@freebsd.org> wrote:
> > Hello Shawn;
> >
> > What ever happened to the performance, does it still have a
> > noticeable effect even when disabled?
>=20
> We should ask to run an exp-run again with/without/disabled ASLR.
>=20
> >
> > I have no technical opinion on the patch, but ...
> >
> > TBH, the problem I see is that ASLR is so widespread that every
> > potential attacker already knows how to defeat it. Yes, it is meant
> > only as a mitigation technique but if it only buys you 5 min.
> > (at most) I don't see much advantage in obfuscating the VM.
>=20
> Hi Pedro!
>=20
> Explain the situation, when someone release an exploit against one
> system without ASLR. The attacker hard code the address of the
> specific code, and try it against the whole internet.
> In this case all of the try will success. Then explain the other
> situation, when the system has ASLR. In this case the exploit in the
> majority fails, and the attacker must to try multiple times to attack
> the system. This is very large cost on their side...
>=20
> Sometimes this 5 minutes means that the attacker could break in or
> not. Most of the average attackers does not have the knowledge, how to
> bypass the ASLR. Yes, there exists automated ROP generator and other
> tools, and articles about blink ROP effectiveness, but in the real
> life the ASLR is a must have.
>=20
> The ASLR would much more efficient, when segvguard or similar brute
> force prevention solution existing in the system.

Pedro,

I'd like to echo what Oliver just said above and provide some additional
insight.

There's no "end-all-be-all" solution to security. Proper security
solutions implement layer upon layer to make life frustrating for an
attacker. It's about buying time and forcing your adversary to spend
time and resources to successfully exploit a vulnerability. No
knowledgeable security researcher claims ASLR is unexploitable. It's
simply another layer. Since it's very effective at making an attacker
spend resources for successful exploitation, it's generally one of the
first exploit mitigation techniques implemented. It provides a great
foundation on which to implement further exploit mitigation techniques.

Some say ASLR is useless as there are techniques to defeat it ([B]ROP).
Those techniques aren't 100% effective and often crash applications they
attempt to exploit prior to successful exploitation. As Oliver pointed
out, use of SEGVGUARD (which HardenedBSD has, but is not included in our
ASLR patch) in conjunction with ASLR is an effective countermeasure.
Again, we're not marketing ASLR as the end-all-be-all solution for
exploit mitigation. It's simply an effective layer of that delicious
security onion we've all come to love. Let's frustrate our adversaries
and force them to peel back more layers!

I agree that FreeBSD ought to do EXP-RUNs with ASLR enabled, disabled,
and completely removed for comparison. FreeBSD last year ran a ports
EXP-RUN with ASLR enabled versus vanilla FreeBSD with the results
showing no measurable overhead.

Thanks,

Shawn Webb

--=-kYBWlsHTBVQVo7E2d+nL
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAABCgAGBQJVXMR0AAoJEGqEZY9SRW7ucmEP/2NtSt4uZjz3PL6I5k6qGXya
oars80lX6fjORTqAY/cZWyOZid3n0v0QwNtyZCmfF3le6TnobM4B8fQ7U9/DDmPf
4GoaOuLnMG5A3EJqpP9sz0JP1N4xfNeAIJNq+UTD6XPp5YG0M9OdKaF2Rtg/rBvh
DeNvuGU9CokO30W5+0dKbXOUd6DhT/694vPPCWSpPOiGWmY9XzZUiF4tfc9II16S
/hBsy4rhx/C2+M1dVkh4j1wpII1kO/IfyukyRkva2sxGjs5a8s0l4D5bALVrVWn2
FPMas3WfTmSuGknXBMx3rU2b/ZaO5lGVWudtMduRL6fAKaTyu56s1eii2/J12ZN/
Gd9928nbzQhn528k87Kp4FMGe/kYbflZRjnt3OEu6qc8iR5jQmNDpSj+qxwQD5Eq
Y0eGC/CjKUzvMIo1Ku0ynJDCpqTgT/QDid14NhUQjmqjvyNdCo2WINacffhr5XzX
zW31ue87BeNbc8Lx67sH2wWwdWLkmn/p/E5E9SQ7o2/er2o3UEjrbZ7draDgzNnr
A1bCf4KfZtghajcgtPccIKIYtQ2yLzvN4mgdsMZc6NyDkTRgmausbAC6VTzMwfU3
csOsEBd27aAAhB/g02ftRUQUNki5OmXbZfMSMIYrY/fBFz6iMXKeIhMvaAB1GdYQ
QDduUigAq8nWc0a/EbPY
=FG5a
-----END PGP SIGNATURE-----

--=-kYBWlsHTBVQVo7E2d+nL--




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1432142964.4153.19.camel>