From owner-freebsd-arch@FreeBSD.ORG  Fri Mar 20 18:17:47 2015
Return-Path: <owner-freebsd-arch@FreeBSD.ORG>
Delivered-To: freebsd-arch@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 9A4AFB68
 for <freebsd-arch@freebsd.org>; Fri, 20 Mar 2015 18:17:47 +0000 (UTC)
Received: from mail-qc0-f176.google.com (mail-qc0-f176.google.com
 [209.85.216.176])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4D4351CA
 for <freebsd-arch@freebsd.org>; Fri, 20 Mar 2015 18:17:46 +0000 (UTC)
Received: by qcbkw5 with SMTP id kw5so100401049qcb.2
 for <freebsd-arch@freebsd.org>; Fri, 20 Mar 2015 11:17:40 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:message-id:subject:from:to:cc:date:in-reply-to
 :references:organization:content-type:mime-version;
 bh=acbTBXlYJOTEiU1vsEg35jZOateT6T4ZLckAR1sRZXE=;
 b=So8IdjS78jY06msmTyM1ibkXpMLPajInJwzroWe7CbcLFeSmKMpQsq+lL1N0tmgccF
 6b9oaB6mSS1JqS047JHZ53tFk8D6TiNeqXL6DNLSavQs8JDvhLxkhqZ/pm+qp5xuUgc7
 rpFbrM/iZJywXElWX4xa8/E1T03ZUGvwoVyDmuXOs35+f+1+dDvx0IeSFyNt06ArcPpn
 omUp8/VUGwc7EoznZ8ES79J2N47IShnaRPQZb860Bmdea9SAr12HnFmGZ+zVkHaYDIox
 maYDF0Q7IXWXeijN8rsuukYgZ/kHF5j90d+RZzsCRRO7PlEVHYjI3nQ14Fd0ujbc6zW7
 CHdA==
X-Gm-Message-State: ALoCoQndrwkURed+IGr99Ambrx98R23NqeMipt9f3N4vrEKOsSso+MXsPuLj1ODRAxhbASvryS3S
X-Received: by 10.55.17.164 with SMTP id 36mr115257846qkr.18.1426875460168;
 Fri, 20 Mar 2015 11:17:40 -0700 (PDT)
Received: from [10.3.0.21] ([63.88.83.66])
 by mx.google.com with ESMTPSA id k127sm3500986qhc.42.2015.03.20.11.17.38
 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Fri, 20 Mar 2015 11:17:39 -0700 (PDT)
Message-ID: <1426875464.5550.26.camel@hardenedbsd.org>
Subject: Re: ASLR work into -HEAD ?
From: Shawn Webb <shawn.webb@hardenedbsd.org>
To: Warner Losh <imp@bsdimp.com>
Date: Fri, 20 Mar 2015 14:17:44 -0400
In-Reply-To: <CC2C8923-A3EB-4EE4-9DBB-A2CC444902BF@bsdimp.com>
References: <CAJ-VmomszKm47aLnGWiouUQHvmB8+chA=y-q1zvtOwJ7_iqe0g@mail.gmail.com>
 <7C64CB2B-3FD0-434C-A11A-2A841537220F@bsdimp.com>
 <CAJ-Vmo=JZoM0V=sSNtW-2Pdh-8gtXWhAGd7uKV7v_rwECqMQJw@mail.gmail.com>
 <CAPQ4fftmjJ2tfAWzULoTQiY3ZO=GRP9VRt-LtzxUnoMJCZgHLw@mail.gmail.com>
 <CC2C8923-A3EB-4EE4-9DBB-A2CC444902BF@bsdimp.com>
Organization: HardenedBSD
Content-Type: multipart/signed; micalg="pgp-sha512";
 protocol="application/pgp-signature"; boundary="=-hlLhQWqJYtOKnTorZO2D"
X-Mailer: Evolution 3.12.10-0ubuntu1~14.10.1 
Mime-Version: 1.0
Cc: Adrian Chadd <adrian@freebsd.org>, HardenedBSD Core <core@hardenedbsd.org>,
 Oliver Pinter <oliver.pinter@hardenedbsd.org>,
 "freebsd-arch@freebsd.org" <freebsd-arch@freebsd.org>
X-BeenThere: freebsd-arch@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: Discussion related to FreeBSD architecture <freebsd-arch.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-arch>,
 <mailto:freebsd-arch-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-arch/>
List-Post: <mailto:freebsd-arch@freebsd.org>
List-Help: <mailto:freebsd-arch-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
 <mailto:freebsd-arch-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Mar 2015 18:17:47 -0000


--=-hlLhQWqJYtOKnTorZO2D
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Fri, 2015-03-20 at 09:28 -0600, Warner Losh wrote:
> > On Mar 19, 2015, at 2:31 PM, Oliver Pinter <oliver.pinter@hardenedbsd.o=
rg> wrote:
> >=20
> > On Thu, Mar 19, 2015 at 9:04 PM, Adrian Chadd <adrian@freebsd.org> wrot=
e:
> >> On 19 March 2015 at 12:56, Warner Losh <imp@bsdimp.com> wrote:
> >>>=20
> >>>> On Mar 19, 2015, at 12:53 PM, Adrian Chadd <adrian@freebsd.org> wrot=
e:
> >>>>=20
> >>>> Hi,
> >>>>=20
> >>>> Apparently this is done but has stalled:
> >>>>=20
> >>>> https://reviews.freebsd.org/D473
> >>>>=20
> >>>> Does anyone have any strong objections to it landing in the tree as-=
is?
> >>>=20
> >>> There=E2=80=99s rather a lot of them specifically spelled out in the =
code review.
> >>>=20
> >>> Many of the earlier ones were kinda blown off, so I=E2=80=99ve not be=
en inclined
> >>> to take the time to re-review it. Glancing at it, I see several minor=
 issues
> >>> that should be cleaned up.
> >>=20
> >> Cool. Thanks for taking the time to look at it again.
> >>=20
> >> Shawn is in #freebsd on freenode irc, so if you/others want a more
> >> interactive review then he's there during the day.
> >=20
> > Please CC the core@hardenedbsd.org in future please, when you are
> > talking about this issue.
> >=20
> > Adrian: do you able to review the MIPS or ARM part especially or test t=
hem?
>=20
> Adrian: Do not commit the changes.
>=20
> I=E2=80=99ve gone back and re-read Robert Watson=E2=80=99s rather long re=
view and it appears
> that virtually none of that has been addressed. Until it is, do not commi=
t it. This
> code interacts with dangerous parts of the system, and the default cannot=
 be
> to just let it in because no one has objected recently. Objections have b=
een made,
> they have been quantified, they haven=E2=80=99t been answered or acted up=
on. Until that
> changes, you can assume the objections remain in place and asking again w=
ithout
> fixing them isn=E2=80=99t going to change the answer.
>=20
> Warner

Warner,

We've fixed the vast majority of the concerns raised in that review. To
say "virtually none of that has been addressed" and "they haven't been
answered or acted upon" is a blatant lie. The fact that there are so
many revisions of the patch is proof. We even made our ASLR
implementation for FreeBSD less secure by providing a mechanism in
ptrace() to disable it as requested by a member of the FreeBSD
Foundation. (This "feature" doesn't exist in HardenedBSD's
implementation.) If comments like these continue, I will remove the diff
from Phabricator and close the BugZilla ticket. FreeBSD can feel free to
pull from us, but we won't make any effort to proactively upstream our
work.

With that said, I have missed a few of the concerns raised. There's so
many comments/concerns in that review that it's easy to miss a few. I
will address them tonight and upload a new patch tomorrow.

Thanks,

Shawn Webb
HardenedBSD

--=-hlLhQWqJYtOKnTorZO2D
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAABCgAGBQJVDGRJAAoJEGqEZY9SRW7u4LQP/2wleg2q2F+Tla+hOLCX5QKo
/WaT2mNnm6RxnACOIfYtdR36c6Hpd9+YbhDNu1Lf/mNJ6Qrs4eSVdez2gCRzwzBi
L6zNaq5CDjrUCWEHntT6zKV571RAB3u9sAPATAV/1EYrbS7u+fZW6RA1IU1qWm2z
JHLH9SPm8aBK1bZfJKVQJTj9LKjA6W0are55nbo6TFnrFjKJbgVZW9JGoeNZ9W40
AzcVSKV/XAWvm5ryS8B1F5TOpAkyfrTOUHv0oXWAonZ1aq2FVN9TeYgDiMTx7Z4i
iuGwdh9goUtOlbQnA406aTAh0wnaIhnyPHoUjF4NuA4y8CE+92HTanGisv3uG/jy
3kj45loJFWMFUjlSV23g3jqKoekx7DiTzj4iyjgSJYwTWbY1vOH9xhRKeSVH9Rgf
W9ujFqZMtmBpDYRTABOxuPgkZm3ykXNBQSLy58m/8qL8RSdzW18s94Wnck+5AsWT
dvmBrwmB0By55y5BVFqpzlUB9i+XkctqvzDnc8j4o0xXk/IG6nfcUq+99Fm7fygo
6UfIKZxvoYD3G0Zfzrf2eL+T2CfQswa9/bUMc0U50LPMCCQp3AmYglSenDV2sUbF
hw7pWLTXWVWQAeDNFiFsOgz5BCeO6pRcQ3Q9Lx3K3MZnZTPnyrMxcNfuMqAgUjBW
13EqtI4scXCeVGX3/vwO
=AKR2
-----END PGP SIGNATURE-----

--=-hlLhQWqJYtOKnTorZO2D--