Date: Sat, 21 Mar 2015 10:43:40 -0400 From: Shawn Webb <shawn.webb@hardenedbsd.org> To: Warner Losh <imp@bsdimp.com> Cc: Adrian Chadd <adrian@freebsd.org>, HardenedBSD Core <core@hardenedbsd.org>, Oliver Pinter <oliver.pinter@hardenedbsd.org>, "freebsd-arch@freebsd.org" <freebsd-arch@freebsd.org> Subject: Re: ASLR work into -HEAD ? Message-ID: <9043388.Uf7dufN8KZ@shawnwebb-laptop> In-Reply-To: <A637110F-A865-4924-AB06-13D7DE2631A8@bsdimp.com> References: <CAJ-VmomszKm47aLnGWiouUQHvmB8%2BchA=y-q1zvtOwJ7_iqe0g@mail.gmail.com> <1426878339.5550.29.camel@hardenedbsd.org> <A637110F-A865-4924-AB06-13D7DE2631A8@bsdimp.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Friday, March 20, 2015 03:14:30 PM Warner Losh wrote: > > On Mar 20, 2015, at 1:05 PM, Shawn Webb <shawn.webb@hardenedbsd.org> > > wrote: > > > > On Fri, 2015-03-20 at 14:17 -0400, Shawn Webb wrote: > >> On Fri, 2015-03-20 at 09:28 -0600, Warner Losh wrote: > >>>> On Mar 19, 2015, at 2:31 PM, Oliver Pinter > >>>> <oliver.pinter@hardenedbsd.org> wrote:>>>> > >>>> On Thu, Mar 19, 2015 at 9:04 PM, Adrian Chadd <adrian@freebsd.org> wrote: > >>>>> On 19 March 2015 at 12:56, Warner Losh <imp@bsdimp.com> wrote: > >>>>>>> On Mar 19, 2015, at 12:53 PM, Adrian Chadd <adrian@freebsd.org> > >>>>>>> wrote: > >>>>>>> > >>>>>>> Hi, > >>>>>>> > >>>>>>> Apparently this is done but has stalled: > >>>>>>> > >>>>>>> https://reviews.freebsd.org/D473 > >>>>>>> > >>>>>>> Does anyone have any strong objections to it landing in the tree > >>>>>>> as-is? > >>>>>> > >>>>>> There’s rather a lot of them specifically spelled out in the code > >>>>>> review. > >>>>>> > >>>>>> Many of the earlier ones were kinda blown off, so I’ve not been > >>>>>> inclined > >>>>>> to take the time to re-review it. Glancing at it, I see several minor > >>>>>> issues that should be cleaned up. > >>>>> > >>>>> Cool. Thanks for taking the time to look at it again. > >>>>> > >>>>> Shawn is in #freebsd on freenode irc, so if you/others want a more > >>>>> interactive review then he's there during the day. > >>>> > >>>> Please CC the core@hardenedbsd.org in future please, when you are > >>>> talking about this issue. > >>>> > >>>> Adrian: do you able to review the MIPS or ARM part especially or test > >>>> them? > >>> > >>> Adrian: Do not commit the changes. > >>> > >>> I’ve gone back and re-read Robert Watson’s rather long review and it > >>> appears that virtually none of that has been addressed. Until it is, do > >>> not commit it. This code interacts with dangerous parts of the system, > >>> and the default cannot be to just let it in because no one has objected > >>> recently. Objections have been made, they have been quantified, they > >>> haven’t been answered or acted upon. Until that changes, you can assume > >>> the objections remain in place and asking again without fixing them > >>> isn’t going to change the answer. > >>> > >>> Warner > >> > >> Warner, > >> > >> We've fixed the vast majority of the concerns raised in that review. To > >> say "virtually none of that has been addressed" and "they haven't been > >> answered or acted upon" is a blatant lie. The fact that there are so > >> many revisions of the patch is proof. We even made our ASLR > >> implementation for FreeBSD less secure by providing a mechanism in > >> ptrace() to disable it as requested by a member of the FreeBSD > >> Foundation. (This "feature" doesn't exist in HardenedBSD's > >> implementation.) If comments like these continue, I will remove the diff > >> from Phabricator and close the BugZilla ticket. FreeBSD can feel free to > >> pull from us, but we won't make any effort to proactively upstream our > >> work. > >> > >> With that said, I have missed a few of the concerns raised. There's so > >> many comments/concerns in that review that it's easy to miss a few. I > >> will address them tonight and upload a new patch tomorrow. > > > > I've updated the patch. Is there anything I've missed? > > I’ve taken a look at the updated patch and see that it addressed the > issues I raised. It almost looks like the update to the review a month > ago was the wrong version, since so many more of the original > comments appear to be addressed than when I looked. Thanks! > > Warner I've updated the patch again. Please let me know if there's anything I've missed. Otherwise, I'd love to see this committed in HEAD. :-) -- Shawn Webb HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAABCAAGBQJVDYOcAAoJEGqEZY9SRW7uTDMP/ikvBOG9SJ3C3fipDtg+968D 5WtFqQw3AMqfzf6h1ixhB0FXOC27gBFpGvy4Hy5WG8U5l8E06aB24fyqQi6U6MUt Brb8aJg1VpjxRec2+rmPz/TbVu0LaTXgn1RnY2fVurG846ehz0e8OE09jGHbWz3u gx9Rn1yj6DAe8xeTfrEMIwhSctZgd6bjahCuPjuID3Rz0f/9RrGd7XTpClwCosWA IjrpOPdxcS5Uy0x+givcGt/1rqHVBlDMcZDQ1kcomzN6MEEe/J94N939ah4Asn3B ZoEuLeqcc8E7rqixaXbmktNfVCS2/jtdzmeChDw5isO47MUJExkwkHVneSV3ZQ0z eU1c6jL7XpD4lZqaVNYy/CCYDQW0VCi7J1W5ZYYfpDY0lzLzP8L84+iACuwNG7Xp W3wMnMOkxz9QVlxUHlsuQCMp1TZA9HTRSi9VwpoDv2mrEz8boTpwbvu928mOLrFT V5BV8nbanWgYl07duMEZ+Hto+gBeWgJF8h3OsShSNQh1+7y0r9bD+3mOr/h+tXV3 q5Dg56hNg1LOH8KNeY4yWCmxcI4aWI+GWu0qKBIY/mfMr9Yn7sMK4b498iP1fFl5 Qw/FeI5EaTdXY4wLaQPQVJH6OwRV+72Wk+BkT5OQfpcywegLZdcwzUmIgZ8sCeLA vlZX2PdT26KQFQiVB1g5 =HsOX -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9043388.Uf7dufN8KZ>