From owner-freebsd-security@freebsd.org  Thu Apr 23 15:38:37 2020
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id C10602BA914
 for <freebsd-security@mailman.nyi.freebsd.org>;
 Thu, 23 Apr 2020 15:38:37 +0000 (UTC)
 (envelope-from brooks@spindle.one-eyed-alien.net)
Received: from spindle.one-eyed-alien.net (spindle.one-eyed-alien.net
 [199.48.129.229])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 497M0D58JZz3RJX;
 Thu, 23 Apr 2020 15:38:36 +0000 (UTC)
 (envelope-from brooks@spindle.one-eyed-alien.net)
Received: by spindle.one-eyed-alien.net (Postfix, from userid 3001)
 id BD7D83C0199; Thu, 23 Apr 2020 15:38:35 +0000 (UTC)
Date: Thu, 23 Apr 2020 15:38:35 +0000
From: Brooks Davis <brooks@freebsd.org>
To: Marcin Wojtas <mw@semihalf.com>
Cc: Ed Maste <emaste@freebsd.org>, freebsd-security@freebsd.org,
 Rafal Jaworowski <raj@semihalf.com>
Subject: Re: ASLR/PIE status in FreeBSD HEAD
Message-ID: <20200423153835.GF42225@spindle.one-eyed-alien.net>
References: <CAPv3WKfYyVnfNDTPOEN6TF_GjJr=ThdNeB1yMtTEoQoxEdHMDg@mail.gmail.com>
 <CAPyFy2Cis6mKP+tRqEG8CwODgLXVBpQsxQ4FJX6wrpiPODr=Bg@mail.gmail.com>
 <CAPv3WKdQrS4oAcUcNn_mQOUJCmKm88LWhv62yf5B0BkmnyGpaA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature"; boundary="a+b56+3nqLzpiR9O"
Content-Disposition: inline
In-Reply-To: <CAPv3WKdQrS4oAcUcNn_mQOUJCmKm88LWhv62yf5B0BkmnyGpaA@mail.gmail.com>
User-Agent: Mutt/1.9.4 (2018-02-28)
X-Rspamd-Queue-Id: 497M0D58JZz3RJX
X-Spamd-Bar: ------
Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none;
 spf=none (mx1.freebsd.org: domain of brooks@spindle.one-eyed-alien.net has no
 SPF policy when checking 199.48.129.229)
 smtp.mailfrom=brooks@spindle.one-eyed-alien.net
X-Spamd-Result: default: False [-6.53 / 15.00]; ARC_NA(0.00)[];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[];
 RCPT_COUNT_THREE(0.00)[4]; TO_DN_SOME(0.00)[];
 NEURAL_HAM_LONG(-1.00)[-1.000,0];
 MIME_GOOD(-0.20)[multipart/signed,text/plain];
 DMARC_NA(0.00)[freebsd.org]; AUTH_NA(1.00)[];
 TO_MATCH_ENVRCPT_SOME(0.00)[]; R_SPF_NA(0.00)[];
 SIGNED_PGP(-2.00)[];
 FORGED_SENDER(0.30)[brooks@freebsd.org,brooks@spindle.one-eyed-alien.net];
 RCVD_COUNT_ZERO(0.00)[0]; R_DKIM_NA(0.00)[];
 MIME_TRACE(0.00)[0:+,1:+,2:~];
 ASN(0.00)[asn:36236, ipnet:199.48.128.0/22, country:US];
 FROM_NEQ_ENVFROM(0.00)[brooks@freebsd.org,brooks@spindle.one-eyed-alien.net]; 
 IP_SCORE(-3.63)[ip: (-9.54), ipnet: 199.48.128.0/22(-4.76), asn: 36236(-3.80),
 country: US(-0.05)]
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Apr 2020 15:38:37 -0000


--a+b56+3nqLzpiR9O
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Apr 20, 2020 at 04:21:59PM +0200, Marcin Wojtas wrote:
> Hi Ed,
>=20
> pt., 17 kwi 2020 o 15:52 Ed Maste <emaste@freebsd.org> napisa??(a):
> >
> > On Fri, 17 Apr 2020 at 08:58, Marcin Wojtas <mw@semihalf.com> wrote:
> > >
> > > Hi,
> > >
> > > Together with our customers, Semihalf is interested in improving the =
status
> > > of security mitigations enablement in FreeBSD.
> >
> > Happy to hear that there's interest in this work!
> >
> > > 1. Are there any hard blockers, like missing features or bugs, that p=
revent
> > > enabling ASLR by default in the kernel and building the base system w=
ith
> > > -DWITH_PIE?
> >
> > I believe there are no showstopper issues but there are a some
> > prerequisites. One is that there are some applications that may
> > misbehave with randomization enabled. They would need to be
> > identified, and tagged (with the elfctl tool now in the base system).
>=20
> I was thinking if it is possible to come up with such wide test
> coverage to test every single application from the base system. Do you
> think it is achievable or should we rather follow the approach to do
> as many tests as possible, but rely on the community feedback to catch
> the corner cases (like the ntpd issue mentioned in this thread)?
> What about the ports?

If we gate on full testing we'll never move forward.  We had a GSoC
project a few years ago to try to generate lame tests for each program,
if someone picked that up, we could get better coverage fairly
quickly, but it would still be far from complete.  Our best bet is
probably to make it easy for people to test and to try and recruit testers
in the community (this is especially true for ports).

-- Brooks

--a+b56+3nqLzpiR9O
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEcBAEBAgAGBQJeobZ6AAoJEKzQXbSebgfA8bEH/2oHmEOqlyZkzVfCuSeW3d2x
SitpiVCTpp040jO6eZG6d+vUlG2JydJSyO4cHvr32WLb8Mq9m1tc54PArrBrsS1d
BxynlmntqU1lR0ulhTwBXyUezjqwrx8pRg32PfNbK5owU+pKAtcTwRRqqNmQr3vJ
IAWe/54u2P9DUJkAUsrykc2Q4OpzSJYoTYJKnnxhN8tI1cPYuzaLmCVotmhBjX87
s+GXQWf/OuGqeM4NNj05+UIDrSuUfIOIAjDXgEwhfnN/DgxrsHv6DAiOfCXjrtSL
qlYLNQrPl4ySV3HKMYr3570OSo05YQfMWzSCH6akPawCMTq5KFgi0VK3KYFRg8Y=
=UUmC
-----END PGP SIGNATURE-----

--a+b56+3nqLzpiR9O--