Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 14 May 2014 09:58:52 -0400
From:      Shawn Webb <lattera@gmail.com>
To:        freebsd-current@freebsd.org;, freebsd-security@freebsd.org;, freebsd-stable@freebsd.org
Subject:   [CFT] ASLR, PIE, and segvguard on 11-current and 10-stable
Message-ID:  <20140514135852.GC3063@pwnie.vrt.sourcefire.com>

next in thread | raw e-mail | index | archive | help

--lymARMIdFDV9dylT
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

Hey All,

[NOTE: crossposting between freebsd-current@, freebsd-security@, and
freebsd-stable@. Please forgive me if crossposting is frowned upon.]

Address Space Layout Randomization, or ASLR for short, is an exploit
mitigation technology. It helps secure applications against low-level
exploits. A popular secure implementation is known as PaX ASLR, which is
a third-party patch for Linux. Our implementation is based off of PaX's.

Oliver Pinter, Danilo Egea, and I have been working hard to bring more
features and robust stability to our ASLR patches. We've done extensive
testing on amd64. We'd like to get as many people testing these patches.
Given the nature of them, we'd also like as many eyeballs reviewing the
code as well.

I have a Raspberry Pi and have noticed a few bugs. On ARM (at least, on
the RPI), when a parent forks a child, and the child gracefully exits,
the parent segfaults with the pc register pointing to 0xc0000000. That
address is always the same, no matter the application. If anyone knows
the ARM architecture well, and how FreeBSD ties into it, I'd like a
little guidance.

I also have a sparc64 box, but I'm having trouble getting a vanilla
11-current system to be stable on it. I ought to file a few PRs.

You can find links to the patches below.

Patch for 11-current:
http://www.crysys.hu/~op/freebsd/patches/20140514091132-freebsd-current-aslr-segvguard-SNAPSHOT.diff

Patch for 10-stable:
http://www.crysys.hu/~op/freebsd/patches/20140514091132-freebsd-stable-10-aslr-segvguard-SNAPSHOT.diff

Thanks,

Shawn Webb

--lymARMIdFDV9dylT
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (FreeBSD)

iQIcBAEBAgAGBQJTc3abAAoJEGqEZY9SRW7u580QAJWLg7UFiDYh4kScgsbyKmGT
oAtZvijHAmqqRZ3TAbenWfset3MkyxxQ56QupEVvIl7TiveyEzgYNOVsOluur+gZ
KtfM8IUUWQqaxQL7H0lfG304KpZGM6dWahxIPTeM3nOwkb70Z9HY4geuS5B2cSLs
4Js85lwKE09a9dzyCZWz13bB173zTLD4Drx23L5LQdvLfYrn+bQ83SScyq8arzoy
0e3AltDxxqYw50FMCe3865856Umi6envzm1bV/fMMp36Wc4usgLjTcodxqEJvrGs
cRTKCg5lJZQCrPmqOSLaxOwDa9ni6Q6CDHNOi0D1RzfAvLQKzvR+Cro33494PAOL
Lx33GfN2YRPpCnJ7E46/M2Kk+4JF6wCIqqsg8WZAoXdHs9+grs86ID24lueUxR4Z
HL7ubdx68thozBbdq89m9Lg5Iji7Z7UVEVClVgnS+Sy9EoBiJIiFULgB1OuVITzS
TPQ20mfwuIEVxfU2mOdf8FdJuWw5Pb5SrivaNgi+lO73H/et9yhR/SGmoA1jo086
4Tm0acmsq0ITI8gqtIJ0rypjqJxhkvID9qeXsmd8Q6P03XuXV/U7Mr/Ry5Y1iXbh
/lAW6fRosqgWK2UpNTFOXSKG1BVjv+UictZGtPnGV2c5BTeCVNb9NT558jv0FolU
Ica4f4E1I5Auioxdw8Y9
=xhTr
-----END PGP SIGNATURE-----

--lymARMIdFDV9dylT--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140514135852.GC3063>