From owner-freebsd-arch@FreeBSD.ORG  Wed May 27 11:36:00 2015
Return-Path: <owner-freebsd-arch@FreeBSD.ORG>
Delivered-To: freebsd-arch@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id C1777AE4
 for <freebsd-arch@freebsd.org>; Wed, 27 May 2015 11:36:00 +0000 (UTC)
 (envelope-from shawn.webb@hardenedbsd.org)
Received: from mail-pd0-f175.google.com (mail-pd0-f175.google.com
 [209.85.192.175])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 971891E6
 for <freebsd-arch@freebsd.org>; Wed, 27 May 2015 11:36:00 +0000 (UTC)
 (envelope-from shawn.webb@hardenedbsd.org)
Received: by pdbki1 with SMTP id ki1so11196699pdb.1
 for <freebsd-arch@freebsd.org>; Wed, 27 May 2015 04:35:53 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:in-reply-to:references:date
 :message-id:subject:from:to:cc:content-type;
 bh=uiXt0CwMco5vRLZ9BD4TeQk8QOTSkOYYyu7m5pKmjvk=;
 b=QaxVodXRaqx0nqsqFljGc2pPTRWAtF05/FRRQb+3WtjOC/+5upPpjVp95vGXtjbdZN
 20cv0CpMdUg97FlxB9lQvIJQWkegdBftRzSJK+LJIQF+A7xf/pjTQvTeH8P8zozcQoI9
 cM+lNic3eAAYPJOwQ4oAAYhn7b4iG83cS6D+VXmlTV36elC51P/VE0ukeDWVM2rUZM3K
 9EjowvOeVfl/GfXnKwQA6ssCznTm8P8ZwMvhucGVrWQQHqK8afEpq8olI+u0wCS4ViHq
 XWn6TnE+qDveMw1gim40T4Eu9z6jrJaHv5D65NPv9a5p6FflrwwStRa7J8tK5u8ItE+O
 Qm+Q==
X-Gm-Message-State: ALoCoQkhF36+gjL3fmOz6ZMAqC5AaVW8+u+zxBEi8VHClyFK7rV6aaqyGU8tHxI2k9V6u6LZjhOI
MIME-Version: 1.0
X-Received: by 10.66.192.1 with SMTP id hc1mr57775216pac.38.1432726553716;
 Wed, 27 May 2015 04:35:53 -0700 (PDT)
Received: by 10.70.120.165 with HTTP; Wed, 27 May 2015 04:35:53 -0700 (PDT)
Received: by 10.70.120.165 with HTTP; Wed, 27 May 2015 04:35:53 -0700 (PDT)
In-Reply-To: <55656245.3000205@freebsd.org>
References: <555CADB6.202@FreeBSD.org>
 <CAPQ4fftbUUSMHYXjOD-yO0ZzxdKwXzd5LA5AycrEyKMT3o63xw@mail.gmail.com>
 <555CC369.1030206@FreeBSD.org> <555FBE83.6080103@FreeBSD.org>
 <CAHM0Q_O4bCTaVi5HvKohrcYE--Yw8Yoo-0wEp1ScnF=qLiiQiQ@mail.gmail.com>
 <55656245.3000205@freebsd.org>
Date: Wed, 27 May 2015 07:35:53 -0400
Message-ID: <CAExMvskE8u7gbocSuf3d=5KebVYgyhJWWdxFEct0aa+0+WnWXg@mail.gmail.com>
Subject: Re: ASLR work into -HEAD ?
From: Shawn Webb <shawn.webb@hardenedbsd.org>
To: Alfred Perlstein <alfred@freebsd.org>
Cc: Pedro Giffuni <pfg@freebsd.org>, "K. Macy" <kmacy@freebsd.org>, 
 Oliver Pinter <oliver.pinter@hardenedbsd.org>,
 Bryan Drewery <bdrewery@freebsd.org>, freebsd-arch@freebsd.org
Content-Type: text/plain; charset=UTF-8
X-Content-Filtered-By: Mailman/MimeDel 2.1.20
X-BeenThere: freebsd-arch@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Discussion related to FreeBSD architecture <freebsd-arch.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-arch>,
 <mailto:freebsd-arch-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-arch/>
List-Post: <mailto:freebsd-arch@freebsd.org>
List-Help: <mailto:freebsd-arch-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
 <mailto:freebsd-arch-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 27 May 2015 11:36:00 -0000

On May 27, 2015 2:20 AM, "Alfred Perlstein" <alfred@freebsd.org> wrote:
>
>
>
> On 5/24/15 1:43 PM, K. Macy wrote:
>>
>> On May 22, 2015 4:41 PM, "Bryan Drewery" <bdrewery@freebsd.org> wrote:
>>>
>>> On 5/20/2015 12:24 PM, Pedro Giffuni wrote:
>>>>
>>>> My claim is that the majority of "professional" breachers and
>>>> governments already have ASLR workarounds pre-coded and ready
>>>> to launch. Finding an exploit is more difficult than beating
>>>> ASLR so they are not going to hint everyone that they have
>>>> an exploit until they can take all the linux/windows/MacOSX
>>>> at the same time.
>>>>
>>>> The cost for the NSA and/or anonymous to step on
>>>> ASLR is zero.
>>>
>>
>> Correct. But who are we really protecting against? If it's the NSA only
air
>> gap will really do.  In reality it's just a matter of making the cost of
>> circumventing protections exceed the value of the data or items being
>> protected. Locking one's doors and windows doesn't make one's house
>> impenetrable by any stretch, but it does deter opportunistic passerby.
>>
>> Protecting against state overreach is a political matter and shouldn't
>> factor into whether to invest in deterring lesser malfeasors.
>>
>> I'm sorry, but Bryan has it right. The political discussion is a side
show.
>>
>
> +1, also having a line item is good.  Not having ASLR just makes FreeBSD
look derp.
>
> DragonFly BSD has an implementation of ASLR based upon OpenBSD's model,
added in 2010.[
> Microsoft's Windows Vista (released January 2007) and later have ASLR
enabled
> In 2003, OpenBSD became the first mainstream operating system to support
partial ASLR
> In Mac OS X Leopard 10.5 (released October 2007), Apple introduced
randomization for system libraries
>
> Linux has enabled a weak form of ASLR by default since kernel version
2.6.12 (released June 2005).
>
> So basically 1 more week and we can be 10 years behind Linux. :)
>
> w00t.
>
> -Alfred

FreeBSD is 14 years behind Linux if you count PaX's ASLR patch.

Thanks,

Shawn