Date: Fri, 20 Mar 2015 14:17:44 -0400 From: Shawn Webb <shawn.webb@hardenedbsd.org> To: Warner Losh <imp@bsdimp.com> Cc: Adrian Chadd <adrian@freebsd.org>, HardenedBSD Core <core@hardenedbsd.org>, Oliver Pinter <oliver.pinter@hardenedbsd.org>, "freebsd-arch@freebsd.org" <freebsd-arch@freebsd.org> Subject: Re: ASLR work into -HEAD ? Message-ID: <1426875464.5550.26.camel@hardenedbsd.org> In-Reply-To: <CC2C8923-A3EB-4EE4-9DBB-A2CC444902BF@bsdimp.com> References: <CAJ-VmomszKm47aLnGWiouUQHvmB8%2BchA=y-q1zvtOwJ7_iqe0g@mail.gmail.com> <7C64CB2B-3FD0-434C-A11A-2A841537220F@bsdimp.com> <CAJ-Vmo=JZoM0V=sSNtW-2Pdh-8gtXWhAGd7uKV7v_rwECqMQJw@mail.gmail.com> <CAPQ4fftmjJ2tfAWzULoTQiY3ZO=GRP9VRt-LtzxUnoMJCZgHLw@mail.gmail.com> <CC2C8923-A3EB-4EE4-9DBB-A2CC444902BF@bsdimp.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--=-hlLhQWqJYtOKnTorZO2D Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Fri, 2015-03-20 at 09:28 -0600, Warner Losh wrote: > > On Mar 19, 2015, at 2:31 PM, Oliver Pinter <oliver.pinter@hardenedbsd.o= rg> wrote: > >=20 > > On Thu, Mar 19, 2015 at 9:04 PM, Adrian Chadd <adrian@freebsd.org> wrot= e: > >> On 19 March 2015 at 12:56, Warner Losh <imp@bsdimp.com> wrote: > >>>=20 > >>>> On Mar 19, 2015, at 12:53 PM, Adrian Chadd <adrian@freebsd.org> wrot= e: > >>>>=20 > >>>> Hi, > >>>>=20 > >>>> Apparently this is done but has stalled: > >>>>=20 > >>>> https://reviews.freebsd.org/D473 > >>>>=20 > >>>> Does anyone have any strong objections to it landing in the tree as-= is? > >>>=20 > >>> There=E2=80=99s rather a lot of them specifically spelled out in the = code review. > >>>=20 > >>> Many of the earlier ones were kinda blown off, so I=E2=80=99ve not be= en inclined > >>> to take the time to re-review it. Glancing at it, I see several minor= issues > >>> that should be cleaned up. > >>=20 > >> Cool. Thanks for taking the time to look at it again. > >>=20 > >> Shawn is in #freebsd on freenode irc, so if you/others want a more > >> interactive review then he's there during the day. > >=20 > > Please CC the core@hardenedbsd.org in future please, when you are > > talking about this issue. > >=20 > > Adrian: do you able to review the MIPS or ARM part especially or test t= hem? >=20 > Adrian: Do not commit the changes. >=20 > I=E2=80=99ve gone back and re-read Robert Watson=E2=80=99s rather long re= view and it appears > that virtually none of that has been addressed. Until it is, do not commi= t it. This > code interacts with dangerous parts of the system, and the default cannot= be > to just let it in because no one has objected recently. Objections have b= een made, > they have been quantified, they haven=E2=80=99t been answered or acted up= on. Until that > changes, you can assume the objections remain in place and asking again w= ithout > fixing them isn=E2=80=99t going to change the answer. >=20 > Warner Warner, We've fixed the vast majority of the concerns raised in that review. To say "virtually none of that has been addressed" and "they haven't been answered or acted upon" is a blatant lie. The fact that there are so many revisions of the patch is proof. We even made our ASLR implementation for FreeBSD less secure by providing a mechanism in ptrace() to disable it as requested by a member of the FreeBSD Foundation. (This "feature" doesn't exist in HardenedBSD's implementation.) If comments like these continue, I will remove the diff from Phabricator and close the BugZilla ticket. FreeBSD can feel free to pull from us, but we won't make any effort to proactively upstream our work. With that said, I have missed a few of the concerns raised. There's so many comments/concerns in that review that it's easy to miss a few. I will address them tonight and upload a new patch tomorrow. Thanks, Shawn Webb HardenedBSD --=-hlLhQWqJYtOKnTorZO2D Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAABCgAGBQJVDGRJAAoJEGqEZY9SRW7u4LQP/2wleg2q2F+Tla+hOLCX5QKo /WaT2mNnm6RxnACOIfYtdR36c6Hpd9+YbhDNu1Lf/mNJ6Qrs4eSVdez2gCRzwzBi L6zNaq5CDjrUCWEHntT6zKV571RAB3u9sAPATAV/1EYrbS7u+fZW6RA1IU1qWm2z JHLH9SPm8aBK1bZfJKVQJTj9LKjA6W0are55nbo6TFnrFjKJbgVZW9JGoeNZ9W40 AzcVSKV/XAWvm5ryS8B1F5TOpAkyfrTOUHv0oXWAonZ1aq2FVN9TeYgDiMTx7Z4i iuGwdh9goUtOlbQnA406aTAh0wnaIhnyPHoUjF4NuA4y8CE+92HTanGisv3uG/jy 3kj45loJFWMFUjlSV23g3jqKoekx7DiTzj4iyjgSJYwTWbY1vOH9xhRKeSVH9Rgf W9ujFqZMtmBpDYRTABOxuPgkZm3ykXNBQSLy58m/8qL8RSdzW18s94Wnck+5AsWT dvmBrwmB0By55y5BVFqpzlUB9i+XkctqvzDnc8j4o0xXk/IG6nfcUq+99Fm7fygo 6UfIKZxvoYD3G0Zfzrf2eL+T2CfQswa9/bUMc0U50LPMCCQp3AmYglSenDV2sUbF hw7pWLTXWVWQAeDNFiFsOgz5BCeO6pRcQ3Q9Lx3K3MZnZTPnyrMxcNfuMqAgUjBW 13EqtI4scXCeVGX3/vwO =AKR2 -----END PGP SIGNATURE----- --=-hlLhQWqJYtOKnTorZO2D--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1426875464.5550.26.camel>