From owner-freebsd-arch@FreeBSD.ORG Sat May 23 14:32:32 2015 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 446DE713 for ; Sat, 23 May 2015 14:32:32 +0000 (UTC) Received: from nm16.bullet.mail.bf1.yahoo.com (nm16.bullet.mail.bf1.yahoo.com [98.139.212.175]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E31A3160E for ; Sat, 23 May 2015 14:32:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1432391544; bh=c8qU2vSTFXdcG+8P2fOUxFVVtRUUvGzXI8zYei6NEbc=; h=Date:From:To:Subject:References:In-Reply-To:From:Subject; b=o0G/mluM+z9vo5Yz93eaY0EPthlyWGb4LTh0jTdhjrR4z88PxGspzJTJdrj629WEGQJrOVVXGQ13cMBgKVYX11nK65sAP3iDTU/g80jUMexBqcWDeY48VKu9i6xUT/dXuZOvM8XesTGRSgHsWji2DabumMwAgHkYX0egGV3ZK1y8OwPbYzjaGMEuBd+eLwRDcQQhAv0+Qq0D9cVs/vLqg7kNQVkGzivSzUBM4DXGwk8rKiNMljn/O/UtrKqx4GxXum5G2aWvRLsSN82Tvl5UMGxa8WT13wYXJriPPG6+c8serNUujCXCvbjiwWPw7pF3nIlUe3DXZT9k3xX95bcviA== Received: from [98.139.170.182] by nm16.bullet.mail.bf1.yahoo.com with NNFMP; 23 May 2015 14:32:24 -0000 Received: from [98.139.211.197] by tm25.bullet.mail.bf1.yahoo.com with NNFMP; 23 May 2015 14:32:24 -0000 Received: from [127.0.0.1] by smtp206.mail.bf1.yahoo.com with NNFMP; 23 May 2015 14:32:24 -0000 X-Yahoo-Newman-Id: 814154.86564.bm@smtp206.mail.bf1.yahoo.com X-Yahoo-Newman-Property: ymail-3 X-YMail-OSG: jzOtv70VM1k8f3i0puQMNdLMGTGCwHA6LC6qx82BQCQ78si 8bDzCYtnQ7CM1wQgssfe9z96HFBH1lkrYKzYvzrfi0wJ9P5K.5XXSDNN2CzK lpTROjb0xrgROiEuAwb91Mv6s7ZpnNJn4y08.ksAjPRJV8o3ODrzm2MoAzZa HPet7SgsImijkJ2MGmR3caEbNpbyek9.zKcv8oY2fBfR62guwjD5hBasaSBi k9Qgx8nyDjHAnPb1ulHtll.HNzSNxfrj_O3jYjdSofYQ_L6ZQZ3dE4Vv3C1P NxipsfvafapJnbwRRQyYXbL6dxSMK..Idonq.wyCj9NcShG2gIalbj2WCi2o JToXXbYqJ7ASCjajg0z8TtzeC2ewbcBua07eg36HnceXEvaCLavraIaxF.N4 inXIXgo.n4B7wR6m3uNVYC4Z9Q_J1AL0acgSK_bxKMuOTWte1xIIBP58gX1S R0af2z0dA2tdKxmBS9221u4OkbtICU5MX.i5oYLwDXPtbX1pMqynoPEyLZiA Uiyrk5lfYAcKtDXPWFd5QEnYe88vBIi3e X-Yahoo-SMTP: xcjD0guswBAZaPPIbxpWwLcp9Unf Message-ID: <55608F83.3000009@FreeBSD.org> Date: Sat, 23 May 2015 09:32:35 -0500 From: Pedro Giffuni User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0 MIME-Version: 1.0 To: Bryan Drewery , Oliver Pinter , Shawn Webb , freebsd-arch@freebsd.org Subject: Re: ASLR work into -HEAD ? References: <555CADB6.202@FreeBSD.org> <555CC369.1030206@FreeBSD.org> <555FBE83.6080103@FreeBSD.org> In-Reply-To: <555FBE83.6080103@FreeBSD.org> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 May 2015 14:32:32 -0000 On 05/22/15 18:40, Bryan Drewery wrote: > On 5/20/2015 12:24 PM, Pedro Giffuni wrote: >> My claim is that the majority of "professional" breachers and >> governments already have ASLR workarounds pre-coded and ready >> to launch. Finding an exploit is more difficult than beating >> ASLR so they are not going to hint everyone that they have >> an exploit until they can take all the linux/windows/MacOSX >> at the same time. >> >> The cost for the NSA and/or anonymous to step on >> ASLR is zero. > This sort of argument easily turns into "why bother with security?". I don't think you can blame me of that since I proposed, and am actually mentoring, a project to add yet another security layer (which is hopefully zero-cost). > Please be careful with it. Every layer and mitigation helps. The real > world is not just NSA or China. It's also full of script kiddies. Should > we just stop using SSL because NSA might have cracked it? Should we just > hand over root ssh keys to China because they probably have it all > hacked anyway? Should we just give up since billions of dollars pour > into security breaking research? Should I just post my CC here since > it's surely leaked from the hundreds of places I use it at anyway? No. I think there is a real danger that just because we add something like ASLR, someone will think they are actually protected. AFAICT there is not even one attack today that can be prevented by ASLR. Even then, it might be worth it, but I just don't find acceptable any performance hit even when turned off. > I've had very basic security checks, that could be easily circumvented, > stop actual script kiddies before. Had they persisted longer I would > have been in major trouble. If I explained what it is you would surely > laugh it off and tell me to not bother. Well it worked. ASLR has its > place too. > The fact that SONY pictures was breached in, doesn't mean I am turning off my firewall, but I won't be deploying anything based on enigma, just because "it's better than nothing". Pedro.