From owner-freebsd-stable@FreeBSD.ORG Mon Apr 2 18:46:58 2012 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 139DE1065672 for ; Mon, 2 Apr 2012 18:46:58 +0000 (UTC) (envelope-from peter@wemm.org) Received: from mail-iy0-f182.google.com (mail-iy0-f182.google.com [209.85.210.182]) by mx1.freebsd.org (Postfix) with ESMTP id BB9BC8FC0C for ; Mon, 2 Apr 2012 18:46:57 +0000 (UTC) Received: by iahk25 with SMTP id k25so6129962iah.13 for ; Mon, 02 Apr 2012 11:46:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wemm.org; s=google; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=AQ8tsWCxKEWLXw++1QGXBpeCCrOanokO4AHABC+74Qo=; b=B/xqovvxfeP8iTOZscGK5TdJQRL2liJhhhkKBzC/zDS60s8/C7n/d95HcZLgJycjcr 4FJolfVSnHbyvwm7UZWrqALPlntwOyxfvSvARliR50RZOSHv4mTNOFuJwD8aXUW6ZqNU jRrqoCE+/THOM1XnI3zSNYwdFGcJdu/9orN5w= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:x-gm-message-state; bh=AQ8tsWCxKEWLXw++1QGXBpeCCrOanokO4AHABC+74Qo=; b=mUkCLd0JbkneH3fnxlgBR4mUOSNZeIR/JwSdPEyS71VcYfMym1X3ghBD6DA1jRsXlG 1PGAW24WUTpmj2kUqjhXEEK8choExHdwB/o0oa15R5r497+bzmiH97CbzOmv62nmkJPI EzQFlHs9XzW2Ov0gynBqhPmbx3uS68UEQj5cvdSVcC0LekXR4ctW3Dd7c1wM7PlOBfdj S3x3vJtzan7z2obfbrS9Sk9rztsmDGNiH6sTccopY1tlgstuaK00Th8T2sXT+5QMCDWF ObsK7Fu+snl1kSW84HzWbJcB7u6VqYk2LMWl5aYXA3YnbUoq+jSizpEjYRcK6OKOmIwu eoJA== MIME-Version: 1.0 Received: by 10.50.219.200 with SMTP id pq8mr7717640igc.6.1333392417312; Mon, 02 Apr 2012 11:46:57 -0700 (PDT) Received: by 10.231.172.138 with HTTP; Mon, 2 Apr 2012 11:46:57 -0700 (PDT) In-Reply-To: <4F79E27E.3000509@cs.stonybrook.edu> References: <4F75E404.8000104@cs.stonybrook.edu> <4F75EF86.6090909@cs.stonybrook.edu> <20120330190713.GG2358@deviant.kiev.zoral.com.ua> <4F760C9E.6060405@cs.stonybrook.edu> <20120330194649.GH2358@deviant.kiev.zoral.com.ua> <4F761371.7020606@cs.stonybrook.edu> <20120330203605.GI2358@deviant.kiev.zoral.com.ua> <4F76350F.8000708@cs.stonybrook.edu> <20120330224631.GJ2358@deviant.kiev.zoral.com.ua> <4F7637F3.2060502@cs.stonybrook.edu> <4F766F29.2030803@cs.stonybrook.edu> <4F79D88B.3040102@cs.stonybrook.edu> <4F79E27E.3000509@cs.stonybrook.edu> Date: Mon, 2 Apr 2012 11:46:57 -0700 Message-ID: From: Peter Wemm To: Richard Yao Content-Type: text/plain; charset=ISO-8859-1 X-Gm-Message-State: ALoCoQnJH+HeNp7okbLfvg4dtmpZDO1PcFgzPsP4mS5Zi+rG4ZEWrCZu1vJvMQ1ic3sy0qS0gDnZ Cc: Tom Evans , freebsd-stable@freebsd.org Subject: Re: Text relocations in kernel modules X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Apr 2012 18:46:58 -0000 On Mon, Apr 2, 2012 at 10:31 AM, Richard Yao wrote: > On 04/02/12 13:13, Tom Evans wrote: >> On Mon, Apr 2, 2012 at 5:49 PM, Richard Yao wrote: >>> On 04/02/12 05:56, Tom Evans wrote: >>>> On Sat, Mar 31, 2012 at 3:42 AM, Richard Yao wrote: >>>>>> There are no security implications, no system resources to be wasted. >>>>>> >>>>>> And if you think there are security implications, then lets see a >>>>>> proof-of-concept. >>>>> >>>>> If I find time to write a proof-of-concept, I promise to publish it >>>>> publicly. Your security team will find out when everyone else does. >>>> >>>> Richard, I'm not sure what you are trying to accomplish here. You have >>>> had a clear explanation of why certain things are done in a certain >>>> way in the FreeBSD codebase, and a confirmation that they do not think >>>> it causes any security issues in FreeBSD. >>>> >>>> Your response is to threaten to write an exploit against FreeBSD, and >>>> distribute it publicly before disclosing to security@. >>> >>> Some people believe that projects that do not take proper >>> countermeasures against security vulnerabilities do not deserve to have >>> special notification of issues. I happen to be one of them. >> >> This is a straw man argument - FreeBSD does take proper >> countermeasures against security vulnerabilities - and so your >> conclusion that you can blithely fully disclose vulnerabilities with >> no moral concerns is a logical fallacy. > > My opinion is that any OS that lacks ALSR lacks proper countermeasures > against vunerabilities that ASLR would kill. Furthermore, I believe that > trying to minimize the impact of bugs that would be addressed by ASLR is > ultimately harmful to users' security. Logically, full disclosure would > only apply to attacks that ASLR would kill. Remember.. ASLR is a userland thing. .ko files, which is what this thread is about, already use random address layout. When you do a "kldload virtio.ko", you have no way to predict what address it will be loaded at. And you don't even have access to the addresses. Of course if you want to talk about ASLR and userland .so files then that's an entirely different thing. But this thread is about your tools finding DT_TEXTREL in a .ko kernel file, not userland .so files. -- Peter Wemm - peter@wemm.org; peter@FreeBSD.org; peter@yahoo-inc.com; KI6FJV "All of this is for nothing if we don't go to the stars" - JMS/B5 "If Java had true garbage collection, most programs would delete themselves upon execution." -- Robert Sewell