From owner-freebsd-stable@FreeBSD.ORG  Mon Apr  2 17:33:28 2012
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 1C14D106566B
	for <freebsd-stable@freebsd.org>; Mon,  2 Apr 2012 17:33:28 +0000 (UTC)
	(envelope-from ryao@cs.stonybrook.edu)
Received: from edge1.cs.stonybrook.edu (edge1.cs.stonybrook.edu
	[130.245.9.210])
	by mx1.freebsd.org (Postfix) with ESMTP id A250F8FC0C
	for <freebsd-stable@freebsd.org>; Mon,  2 Apr 2012 17:33:27 +0000 (UTC)
Received: from HUBCAS1.cs.stonybrook.edu (130.245.9.206) by
	edge1.cs.stonybrook.edu (130.245.9.210) with Microsoft SMTP Server
	(TLS) id 14.1.355.2; Mon, 2 Apr 2012 13:33:21 -0400
Received: from [192.168.1.2] (72.89.250.133) by hubcas1.cs.stonybrook.edu
	(130.245.9.212) with Microsoft SMTP Server (TLS) id 14.1.323.3;
	Mon, 2 Apr 2012 13:33:24 -0400
Message-ID: <4F79E27E.3000509@cs.stonybrook.edu>
Date: Mon, 2 Apr 2012 13:31:42 -0400
From: Richard Yao <ryao@cs.stonybrook.edu>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
	rv:10.0.1) Gecko/20120301 Thunderbird/10.0.1
MIME-Version: 1.0
To: Tom Evans <tevans.uk@googlemail.com>
References: <4F75E404.8000104@cs.stonybrook.edu>
	<4F75EF86.6090909@cs.stonybrook.edu>
	<20120330190713.GG2358@deviant.kiev.zoral.com.ua>
	<4F760C9E.6060405@cs.stonybrook.edu>
	<20120330194649.GH2358@deviant.kiev.zoral.com.ua>
	<4F761371.7020606@cs.stonybrook.edu>
	<20120330203605.GI2358@deviant.kiev.zoral.com.ua>
	<4F76350F.8000708@cs.stonybrook.edu>
	<20120330224631.GJ2358@deviant.kiev.zoral.com.ua>
	<4F7637F3.2060502@cs.stonybrook.edu>
	<CAGE5yCpuvsVrc-+DTVas-W4fjuP2s+6PQONMOTyEbGnj2CY3ig@mail.gmail.com>
	<4F766F29.2030803@cs.stonybrook.edu>
	<CAFHbX1KiZx68MP4bCAvPc0Zui3fA4O35_z3kP781zoJqLYp7Bw@mail.gmail.com>
	<4F79D88B.3040102@cs.stonybrook.edu>
	<CAFHbX1KE15G9gx7Duw2R8zC5jL1jiEir0yMB0-s5+4xx517WtQ@mail.gmail.com>
In-Reply-To: <CAFHbX1KE15G9gx7Duw2R8zC5jL1jiEir0yMB0-s5+4xx517WtQ@mail.gmail.com>
X-Enigmail-Version: 1.3.5
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature";
	boundary="------------enig84D05DD8B3C98EF127CDEA97"
X-Originating-IP: [72.89.250.133]
Cc: freebsd-stable@freebsd.org
Subject: Re: Text relocations in kernel modules
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Apr 2012 17:33:28 -0000

--------------enig84D05DD8B3C98EF127CDEA97
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 04/02/12 13:13, Tom Evans wrote:
> On Mon, Apr 2, 2012 at 5:49 PM, Richard Yao <ryao@cs.stonybrook.edu> wr=
ote:
>> On 04/02/12 05:56, Tom Evans wrote:
>>> On Sat, Mar 31, 2012 at 3:42 AM, Richard Yao <ryao@cs.stonybrook.edu>=
 wrote:
>>>>> There are no security implications, no system resources to be waste=
d.
>>>>>
>>>>> And if you think there are security implications, then lets see a
>>>>> proof-of-concept.
>>>>
>>>> If I find time to write a proof-of-concept, I promise to publish it
>>>> publicly. Your security team will find out when everyone else does.
>>>
>>> Richard, I'm not sure what you are trying to accomplish here. You hav=
e
>>> had a clear explanation of why certain things are done in a certain
>>> way in the FreeBSD codebase, and a confirmation that they do not thin=
k
>>> it causes any security issues in FreeBSD.
>>>
>>> Your response is to threaten to write an exploit against FreeBSD, and=

>>> distribute it publicly before disclosing to security@.
>>
>> Some people believe that projects that do not take proper
>> countermeasures against security vulnerabilities do not deserve to hav=
e
>> special notification of issues. I happen to be one of them.
>=20
> This is a straw man argument - FreeBSD does take proper
> countermeasures against security vulnerabilities - and so your
> conclusion that you can blithely fully disclose vulnerabilities with
> no moral concerns is a logical fallacy.

My opinion is that any OS that lacks ALSR lacks proper countermeasures
against vunerabilities that ASLR would kill. Furthermore, I believe that
trying to minimize the impact of bugs that would be addressed by ASLR is
ultimately harmful to users' security. Logically, full disclosure would
only apply to attacks that ASLR would kill.

With that said, I should remind you of the FreeBSD project's license,
which disclaims the possibility of "moral concerns":

THIS SOFTWARE IS PROVIDED BY THE FREEBSD PROJECT ``AS IS'' AND ANY
EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FREEBSD PROJECT OR
CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

It is highly unlikely that anyone who opts for full disclosure of
vulnerabilities that ASLR would kill would also be the person who wrote
the vulnerable code in the first place. However, should he be the same
person, it would seem that you have already accepted a license freeing
him of responsibility.

there are many people who have commit access. Any of them could
intentionally commit vulnerabilities that ASLR would kill. If you do not
like this situation, I suggest that you consider alternative operating
systems, such as AIX, Mac OS X or Solaris. Their licenses might be more
permissive in your ability to hold their makers responsible for flaws.


--------------enig84D05DD8B3C98EF127CDEA97
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPeeKAAAoJELFAT5FmjZuE1YwQAIiV3JFU+Kg+GumulPhMP8sp
3uPaSg+Wg/ztD2ZCHMz491z/PKldW9DoEqF6JJDS/+nxqOf+OPYdUarnkAx1K0N+
0ANhchqJjt7XrO26YL8YFHtH8kkT1Xl+ltmS0tohtuEltO/Wq1xQpDTb0B4AW75F
LVHW6vprs4P8vCXpis5OG61qY2pSQFp5wdFoiv8Q0HK/wPt9PfdYHTgt/avSghrN
+X1MatQtr/wnuA9R5vGvyPwj2WhBWOB84S/1Fn4MRnFPg4eeIF4Qkyh+WHBNAj0H
bpyQSwzCyHL/g94EqvC9HDHjs5j/OrHcEVE0KXIZYY0+Eu6CTCHpLUJu94gW3vyD
fEDjXz9owFHJexFWmY/KjjeVr5tvv79s/2NQHvEGaoYJHpZ28JruGdf+B6+9mALE
1RuVAUs1SgjNTMJkEosVK4SlGBwWnAc3V5PCGpIU7pH08WYROetF2xUKIEvA96R8
+l1jKPqpXKudDf/Drg9gMP14JSCq0+d8Jjk/MjCuCWLjYLyxnw0OfV1QHyuuWyTf
d5PlRiHgoJU0yPA87zo7kV5YS8eJq91PIoRTeoTS40yCyDiNcJRxlFoJKawfCcmM
teTMulO1ZjT0ZOhXZychvE6PK0ihoCtOR46MqGn02iFc+0374UcSyXzJxc2UP+wp
Tca3la+kbxPADYBVZBzd
=pcUP
-----END PGP SIGNATURE-----

--------------enig84D05DD8B3C98EF127CDEA97--