Date: Fri, 20 Mar 2015 15:05:39 -0400 From: Shawn Webb <shawn.webb@hardenedbsd.org> To: Warner Losh <imp@bsdimp.com> Cc: Adrian Chadd <adrian@freebsd.org>, HardenedBSD Core <core@hardenedbsd.org>, Oliver Pinter <oliver.pinter@hardenedbsd.org>, "freebsd-arch@freebsd.org" <freebsd-arch@freebsd.org> Subject: Re: ASLR work into -HEAD ? Message-ID: <1426878339.5550.29.camel@hardenedbsd.org> In-Reply-To: <1426875464.5550.26.camel@hardenedbsd.org> References: <CAJ-VmomszKm47aLnGWiouUQHvmB8%2BchA=y-q1zvtOwJ7_iqe0g@mail.gmail.com> <7C64CB2B-3FD0-434C-A11A-2A841537220F@bsdimp.com> <CAJ-Vmo=JZoM0V=sSNtW-2Pdh-8gtXWhAGd7uKV7v_rwECqMQJw@mail.gmail.com> <CAPQ4fftmjJ2tfAWzULoTQiY3ZO=GRP9VRt-LtzxUnoMJCZgHLw@mail.gmail.com> <CC2C8923-A3EB-4EE4-9DBB-A2CC444902BF@bsdimp.com> <1426875464.5550.26.camel@hardenedbsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Fri, 2015-03-20 at 14:17 -0400, Shawn Webb wrote: > On Fri, 2015-03-20 at 09:28 -0600, Warner Losh wrote: > > > On Mar 19, 2015, at 2:31 PM, Oliver Pinter <oliver.pinter@hardenedbsd.org> wrote: > > > > > > On Thu, Mar 19, 2015 at 9:04 PM, Adrian Chadd <adrian@freebsd.org> wrote: > > >> On 19 March 2015 at 12:56, Warner Losh <imp@bsdimp.com> wrote: > > >>> > > >>>> On Mar 19, 2015, at 12:53 PM, Adrian Chadd <adrian@freebsd.org> wrote: > > >>>> > > >>>> Hi, > > >>>> > > >>>> Apparently this is done but has stalled: > > >>>> > > >>>> https://reviews.freebsd.org/D473 > > >>>> > > >>>> Does anyone have any strong objections to it landing in the tree as-is? > > >>> > > >>> There’s rather a lot of them specifically spelled out in the code review. > > >>> > > >>> Many of the earlier ones were kinda blown off, so I’ve not been inclined > > >>> to take the time to re-review it. Glancing at it, I see several minor issues > > >>> that should be cleaned up. > > >> > > >> Cool. Thanks for taking the time to look at it again. > > >> > > >> Shawn is in #freebsd on freenode irc, so if you/others want a more > > >> interactive review then he's there during the day. > > > > > > Please CC the core@hardenedbsd.org in future please, when you are > > > talking about this issue. > > > > > > Adrian: do you able to review the MIPS or ARM part especially or test them? > > > > Adrian: Do not commit the changes. > > > > I’ve gone back and re-read Robert Watson’s rather long review and it appears > > that virtually none of that has been addressed. Until it is, do not commit it. This > > code interacts with dangerous parts of the system, and the default cannot be > > to just let it in because no one has objected recently. Objections have been made, > > they have been quantified, they haven’t been answered or acted upon. Until that > > changes, you can assume the objections remain in place and asking again without > > fixing them isn’t going to change the answer. > > > > Warner > > Warner, > > We've fixed the vast majority of the concerns raised in that review. To > say "virtually none of that has been addressed" and "they haven't been > answered or acted upon" is a blatant lie. The fact that there are so > many revisions of the patch is proof. We even made our ASLR > implementation for FreeBSD less secure by providing a mechanism in > ptrace() to disable it as requested by a member of the FreeBSD > Foundation. (This "feature" doesn't exist in HardenedBSD's > implementation.) If comments like these continue, I will remove the diff > from Phabricator and close the BugZilla ticket. FreeBSD can feel free to > pull from us, but we won't make any effort to proactively upstream our > work. > > With that said, I have missed a few of the concerns raised. There's so > many comments/concerns in that review that it's easy to miss a few. I > will address them tonight and upload a new patch tomorrow. I've updated the patch. Is there anything I've missed? Thanks, Shawn Webb HardenedBSD [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAABCgAGBQJVDG+DAAoJEGqEZY9SRW7uHesP/1C0dn7RTMwgC5i4trRLvxWN F40qlP3c0VQnfUiC6+/NT9kupIR17cecnqsB6MYT2axa4+pw8uIV4sHK1ZwEaw/O VXAPR7u9HznTR8earpaj1W36FZWLfuCgaGTxvTwzboqNwm6goIFBJogq46Pjgh7G MZ2NVSIy5+hUErMc6+7k9NwdnGNY8av4V+8ThgiTuE3ezQ2cTF4bv2FyG/eapbSf AVy5cOdO8DSxBSNvLr26vHNzt4YygakPuIbH+JEaGDflUoG0IXDIp6h5RE5NzXk+ CiBOZLHoFSM1oa74njGVB736KCUH/lcX4wCblX14VDu3Z0m4Fsj/9fNBWDTIwioS RvfFf5YzD9IC7vOroVZa3h55qE7X0A4Rg4yJrHNY9UDH91JDSGMqbQCLpdMQvcix npAWL6dr59j+GoSKR49lWklV0k9Bysj1LBlxhoNOko42OuaCDcGUoMgFeXVF6HOs 3wYRS5BXS0olW22sBvtufENqq6Z6Q9wFdsW4A8nWApyJmGrNFaOgxT9FFKxu9Xww quF+hUuPUvcMDPgttfzoQRCao2ad9ibiSLleph2Gp0Lri7r2iSvjX3sZXOw8GjLO MDQ4OpTfJ7I7wYZRvFVR4YjlSeENFyE+E9RPGbJtuuTe/TLkfOLa2tlqGdXl+ubN 7HJIz0eFUlK7BJGNq4Ql =3y95 -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1426878339.5550.29.camel>