From owner-freebsd-security@freebsd.org  Wed Mar  9 22:23:16 2016
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 90B5EACA963
 for <freebsd-security@mailman.ysv.freebsd.org>;
 Wed,  9 Mar 2016 22:23:16 +0000 (UTC)
 (envelope-from shawn.webb@hardenedbsd.org)
Received: from mail-qg0-x22b.google.com (mail-qg0-x22b.google.com
 [IPv6:2607:f8b0:400d:c04::22b])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 498E0176C
 for <freebsd-security@freebsd.org>; Wed,  9 Mar 2016 22:23:16 +0000 (UTC)
 (envelope-from shawn.webb@hardenedbsd.org)
Received: by mail-qg0-x22b.google.com with SMTP id w104so55092240qge.1
 for <freebsd-security@freebsd.org>; Wed, 09 Mar 2016 14:23:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=hardenedbsd-org.20150623.gappssmtp.com; s=20150623;
 h=date:from:to:cc:subject:message-id:references:mime-version
 :content-disposition:in-reply-to:user-agent;
 bh=F3M9d5+zW5Efk9Pk/z9lctNYppUaKxFXPuwUpsR9Da0=;
 b=XDCay/v2Z6d3NvYOPyLb1Qjn2gwmNn/S4+GQ8KtuN/1plHyB2WE1NbPHBTix1LVw3j
 xdtY2nJThYpgIc9rvKtDQtevYZTqiVLfBLNaIi1gMXRwXukz23MvYyam/mDjLnAMF/VX
 7Cj1WohrHGhC16A0W+ucQMJUftOZL0A/5/IHFFZl5ZnmrhJVWiXP0t8jS2U+6NRngq9L
 TkcsbnxX5tfze74V9MO84EmyozZwSdRc9DK7DD8ppkC1thuDcWzPWo6vNPxks/ymO8lK
 c5D6O6dshz83RkZM2p0Wq4+73yxHgBRYg/zWvz0AvyL8OVTCfsjX/kwVKNkNJR4Gzypv
 WrYQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:date:from:to:cc:subject:message-id:references
 :mime-version:content-disposition:in-reply-to:user-agent;
 bh=F3M9d5+zW5Efk9Pk/z9lctNYppUaKxFXPuwUpsR9Da0=;
 b=Y3AV2aoqgwHQmwN1GRJzveIWu1IyAV+vDklCsGGzGFm9QkuJ+euwvHaJVhi8WwF6MQ
 hsG5MAHw2h2agoxy9JCX9EPGjB0dSIAgTfbJ4jTV0A5TNdyTka8CztX1yXBY6xQw1w+T
 KVSg4hcZjxA7hfQaLHIYkiFt8zplIDmVy2Sti58kpjqq4ICRfZVKmOA4BWVb8+9PhJw+
 wuHUCODj5frarTU77NjOgLlO++M9sie9FPhJuweJj/9cvOp0VVMiUj8LuuoUQgb5oYiW
 TT/gbe4CweeMcO1oEi0JA8LbBgw+b0TK3Fus0qZvf304pD1mMe+FlWHwlzsy4cBAz0gj
 /nTw==
X-Gm-Message-State: AD7BkJIiMnsrgmU8P1tIyMhMqtwf35MR4NLQgfHtxPStzQZe+XvhtF9jXrz2bJ383F5qGKK7
X-Received: by 10.140.106.68 with SMTP id d62mr169202qgf.84.1457562195470;
 Wed, 09 Mar 2016 14:23:15 -0800 (PST)
Received: from mutt-hardenedbsd (c-73-135-80-144.hsd1.md.comcast.net.
 [73.135.80.144])
 by smtp.gmail.com with ESMTPSA id c2sm344217qkb.41.2016.03.09.14.23.14
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Wed, 09 Mar 2016 14:23:14 -0800 (PST)
Date: Wed, 9 Mar 2016 17:23:12 -0500
From: Shawn Webb <shawn.webb@hardenedbsd.org>
To: Brett Glass <brett@lariat.net>
Cc: Piotr Kubaj <pkubaj@anongoth.pl>, freebsd-security@freebsd.org
Subject: Re: Will 11.0-RELEASE include ASLR?
Message-ID: <20160309222312.GD42303@mutt-hardenedbsd>
References: <56E02D95.9020303@anongoth.pl>
 <201603091722.KAA24139@mail.lariat.net>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature"; boundary="hoZxPH4CaxYzWscb"
Content-Disposition: inline
In-Reply-To: <201603091722.KAA24139@mail.lariat.net>
X-Operating-System: FreeBSD mutt-hardenedbsd 11.0-CURRENT-HBSD FreeBSD
 11.0-CURRENT-HBSD 
X-PGP-Key: http://pgp.mit.edu/pks/lookup?op=vindex&search=0x6A84658F52456EEE
User-Agent: Mutt/1.5.24 (2015-08-30)
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Mar 2016 22:23:16 -0000


--hoZxPH4CaxYzWscb
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Mar 09, 2016 at 10:21:42AM -0700, Brett Glass wrote:
> ASLR is controversial. Some see it as "security by obscurity;" others see
> it as extremely useful and effective.
>=20
> Yes, I would like it as a kernel build option, so that I can choose to
> optimize for raw speed (e.g. on a server which is hardened in other ways)
> or for the extra warm fuzzies that ASLR provides.

The great thing is that our implementation comes as a kernel build
option, just like you want. Our implementation also works on a per-jail
basis.

Thanks,

--=20
Shawn Webb
HardenedBSD

GPG Key ID:          0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89  3D9E 6A84 658F 5245 6EEE

--hoZxPH4CaxYzWscb
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJW4KJOAAoJEGqEZY9SRW7u20sP/jYqalzbyiQtCqSl2SR7leq9
Cdu134/qX/fnddtWaUYani9XuaPZPs8Qfi+ZlWN/WZ2CZcXR3/PIpQPvg37rqUXG
Cql9WwZjJqqn884RZb08KHBsduVZF81r4SJZCIFSZyvm7+EBz1FJlVS2Tsrz42by
W5YsSi0KfzHhdsy88l6WAfwUB70kVQSWLwXse2HkQVG4MnmBhUDeLMaezHUdZWEJ
PCYjWiuuOOO9uMalCz+2bwzbcQzVLuvT5W69Q90ENE+bJelC2WkAAJtknXhGdJoR
tcCPbX1IyXEupLweM5w0FHKNzYs88Kh2xoRdcx12M0QXu+9TmAiOpFa1zb+PazEC
kVLVQliY+uirQkf1H/4jwNAGB+bKeoGCdC/B4JUqVgfAw+1K9EZvrmMTPjYU3YFk
/xaNL1j2638c4elt7rtm57XF4SGGzgEGWguXo/bWt+8FYp2pT+w6hOHY0SyN/dw+
m296z1UELZC/vG4MLiH88Bidbm97Ft1BUErt2fjo4wOc7iQyP0QxSWGUGvgt1/ad
Q6I9pDDsm6TE5w8C1jSRgAd2xx2WebX1WOaZHkrAAsBhXKFzhxZux0yEVqDh183v
KYm9f6qaDx09PFepU94lS3aM4vdNmheaD1wuyyzlq3orJb9vwNtg9kIDYSenqdSV
BsRzBkEifXp1QNXct30a
=jGpJ
-----END PGP SIGNATURE-----

--hoZxPH4CaxYzWscb--