Date: Sun, 28 Feb 2021 09:40:54 -0500 From: Shawn Webb <shawn.webb@hardenedbsd.org> To: Warner Losh <imp@bsdimp.com> Cc: Ihor Antonov <ihor@antonovs.family>, FreeBSD Current <freebsd-current@freebsd.org>, Gordon Bergling <gbe@freebsd.org>, Ed Maste <emaste@freebsd.org> Subject: Re: HEADS-UP: PIE enabled by default on main Message-ID: <20210228144054.urbtqudxjyzdkm7h@mutt-hbsd> In-Reply-To: <CANCZdfoub0mpJti6bkKsTRS2gTi_fjjVc2QniWVMkSWwSnMxNg@mail.gmail.com> References: <CAPyFy2CyxG=Bj8T22ixW3=E3dv6mPoZRwJ_VSN%2BTwky95rUYYw@mail.gmail.com> <YDk/G50NWjeoia33@lion.0xfce3.net> <YDlEs6tA9e9VJJ0C@kib.kiev.ua> <YDlMykRXkT03y6Kt@lion.0xfce3.net> <YDroC3avOcPeQh0W@kib.kiev.ua> <20210228043411.mj7l5wkwj46neurv@localhost> <CANCZdfoub0mpJti6bkKsTRS2gTi_fjjVc2QniWVMkSWwSnMxNg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--os6r4uu742b5erpx Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Feb 27, 2021 at 10:29:14PM -0700, Warner Losh wrote: > On Sat, Feb 27, 2021 at 9:34 PM Ihor Antonov <ihor@antonovs.family> wrote: >=20 > > > > > > But isn't it well-known that ASLR/ASR/any-related-buzzwork does not a= dd > > > any security, except imaginary? The only purpose of it is to have a > > > check-list item ticked green. > > > > I don't know if I should parse this as sarcasm (or any other form of > > "humor") or is a serious statement? But this does leave me with a whole > > bunch of questions.. > > > > If this is really how Konstantin is describing it then is it OK to say > > about this to the whole Internet? Why FreeBSD Foundation is paying for > > meaningless work then? Why members of the Core team do this work? Does > > this mean that FreeBSD is working to satisfy the silly needs of some fat > > customer? What about project independence and not being controlled by > > big money? > > > > Where can I read about ASLR and security myths? >=20 > Why not spend time and explain why this does not work? > > >=20 > Not to rise to the baitiness of all these leading questions (they really > are quite contrary to how our community usually comports itself, but for > the sake of civil discourse, I'll ignore).... >=20 > I'll bet it has something to do with the many known ASLR attacks. One is > chronicled in https://www.vusec.net/projects/anc/ and elsewhere, which sh= ow > how MMU side channels can defeat ASLR. Or maybe he's familiar with the > offset2lib attack against Linux 64-bit ASLR documented in this paper > https://cybersecurity.upv.es/attacks/offset2lib/offset2lib-paper.pdf. > There's many others as well that show the shortcomings of ASLR and disclo= se > ways to defeat it using various clever means. Problem with these papers is that they put ASLR on a pedestal it doesn't deserve. If you take a look at PaX's original ASLR paper, you'll learn that ASLR was not designed to protect against local attacks. You'll also learn that the infoleak weakness was already postulated, even in its initial design and implementation. Attacks against the MMU require local code execution--for example, javascript in a browser. ASLR was never meant to protect against such a case. We must take the original design into account when discussing ASLR's valid shortcomings. The point of ASLR is to combine it with W^X. Without W^X, ASLR makes no sense. FreeBSD recently gained a W^X implementation that requires opt-in. When combined with W^X, exploit authors must chain together multiple vulnerabilities in order to successfully exploit. The combination of ASLR and W^X have forever changed the very foundation of exploitation. Both, when combined, do their job well--that of raising the economic cost of successful remote exploitation. Now that FreeBSD has both a form of ASLR known as ASR and a W^X implementation, FreeBSD can move on to other exploit mitigations, such as CFI and SafeStack (both of which are already integrated in some form in HardenedBSD.) This is likely to be my only response to this thread as I'm incredibly tired of rehashing the same arguments, especiall with regards to kib@, over the span of many years. Thanks, --=20 Shawn Webb Cofounder / Security Engineer HardenedBSD GPG Key ID: 0xFF2E67A277F8E1FA GPG Key Fingerprint: D206 BB45 15E0 9C49 0CF9 3633 C85B 0AF8 AB23 0FB2 https://git-01.md.hardenedbsd.org/HardenedBSD/pubkeys/src/branch/master/Sha= wn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc --os6r4uu742b5erpx Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAmA7q3MACgkQ/y5nonf4 4fo4Mg/+JrblJ0imth7bSd0dE6eumIBUjdpfYKXSYMvfPoZ/TxMT+oNGr6KAeCpd n7g8yZiF5IZt47a8JF+TPma4shDX8tib12wln+Fo7oLM/3An4jhTux9YcQtBlDES jT373BPw/CEUTETy+wDBAgToNoYg2LdY2tXMx3GwRfDLOZ/IqNHPuXAH5JHJK48b SbIvfFgKWUfKZpBw38FVk60rZ0qBS8D1kzQlpuGkcvyeOqnUAnehLcE70+A29Pir 1svKapUXyDrnuMBwTsgPjdW4fjIj8Spv4g/jL0dQS7wQkTN3fPCQzB0cHnTBuokz c137nx22FPSJc5d1nyWLS/z1mFXbmGrWphzZzdM4bcXU4A6WVdtQxSDuc6lUqDz4 VeHFSg90ss6OtJv2Hkxp4SxC5k7JRGttjieT9PpTepaZdo0c2VaG5wcDbTjo1Xvh f7gQJSVKAzYQZZk26HYufeMopMiT0FxP62p8/PFgSRJqTXF2muwGEfIdU9Rrfn0w 1+cLAazIdM4hzVupGTtcovxImTAbeBPNr+p/LJdQ3PzJkq85sL5uWFeE0dvKvB1g yhK2TZOCu0Re/M7y/aymEdyiVjpOB92BUV7K1FvjDPXxMhK3CcjOUVe813/7PPY1 irNgGXU/6gaANXY5UKwUFGMacUCCCMDvDV3y4b2VKNw0FdiYirQ= =lNZp -----END PGP SIGNATURE----- --os6r4uu742b5erpx--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20210228144054.urbtqudxjyzdkm7h>