Date: Wed, 9 Mar 2016 16:05:12 +0000 From: Big Lebowski <spankthespam@gmail.com> To: Piotr Kubaj <pkubaj@anongoth.pl> Cc: freebsd-security <freebsd-security@freebsd.org> Subject: Re: Will 11.0-RELEASE include ASLR? Message-ID: <CAHcXP%2Bc%2B-PYkn4C8TyGf6Jropot3zsJAiDZFrBvmeT7595fqPA@mail.gmail.com> In-Reply-To: <56E02D95.9020303@anongoth.pl> References: <56E02D95.9020303@anongoth.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Piotr, There are people who can probably answer it better, but until they do, I can share what I've heard about it: on the FreeBSD side there are few things that stop ASLR implementation: - there's no actual agreement between the influencial developers on wether ASLR is viable or needed in first place - there was no planning or discussion how to implement ALSR in FreeBSD, Shawn simply started writing the code, and some developers would like to discuss and plan things first - there are doubts expressed in the code reviews about code quality and compliance to FreeBSD standards. Some developers dedicated their time to review the code and provide feedback, there were few cycles of rewrite, review, rinse, repeat, but if you'd look into the reviews, Shawn closed them, and I understand they'd only be considered for inclusion if they'd meet the code quality standards expected As a side note, one person saying 'ASLR implementation is finished' and proper ASLR implementation that's properly tested, functional and not in fact opening other security issues are two vastly different things, that should be approached very carefully. Cheers, BL On Wed, Mar 9, 2016 at 2:05 PM, Piotr Kubaj <pkubaj@anongoth.pl> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Shawn Webb has recently announced that ASLR is complete on HardenedBSD. > There are patches ready for FreeBSD to use and it's ready to be shipped > in FreeBSD. However, for some reason FreeBSD developers do not want to > ship ASLR in FreeBSD. Why can't it be included at least as non-default > src.conf option and marked as experimental? > > FreeBSD is the only OS that matters that doesn't have ASLR. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2 > > iQIcBAEBCAAGBQJW4C2QAAoJEHpZm4Ugg5yd2MoQAMPZ+UxbpTo9YvJz6YYB8wtH > tRw3jQMUb4K6s26IO1mp/K6p+DM+HXcVvamO2cxjRKseQy/oLBGizgfR1ktBqdXQ > xuqQJc5BCSdKgTsBs0IvNQghvUQkEyvYi+wn9EY9qJh6oEguAkcAWUhl5rGN2FhM > Gwf9VDoPAR+n9Pjl6brcqyQvWczfDx9+VFpF0joeiI5PRRMF1UUsTYM/OHvtVoQA > n1f8qNppIdprjwUjWE/BX6POaDhs4ZZKJRaFmbCuYudDPpX7P1yj7CHz/xthjMYG > 325NnCJpN81fwCmcgvDFU3BYkEC9JSkBoA+5oDdRU3MALsJNQ10rz+IhAaeAsCMb > oz7Oy0Gykeic60NLuMZlhOfl79XW666T1B9wOWlkrAlBPCY6v2kz6t/oJbHHGQOf > CCBuhQJCdzdqyTnv0Bx4ZXiiecwhjvxaAPCwgppnxf2qLuBgxr9BsswMVp7wgYfM > 2sfxk0pS0RuV5M2qWN9UATOyOiO5aPsC4f+WUzUM0LC6MbuHVDJu3QaUo7F3b3Ic > KX150B3gWtsGlZZs8N9mIM3Aj/O5E496JHEf6zmlz6ssLuE6gIO8ICqpFSaXzkJC > IWzgIVdL88gK6niVg7KCOAuzVZ1sxcx7cBCtGzAhVy9RhYKqwAtN9T2YOBC75cQW > OdRGf2V3trcK664nKgEA > =lM/6 > -----END PGP SIGNATURE----- > _______________________________________________ > freebsd-security@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org > " >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHcXP%2Bc%2B-PYkn4C8TyGf6Jropot3zsJAiDZFrBvmeT7595fqPA>