From owner-freebsd-arch@FreeBSD.ORG Wed May 27 16:56:03 2015 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 4A4FFE9A for ; Wed, 27 May 2015 16:56:03 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: from mail-qc0-f173.google.com (mail-qc0-f173.google.com [209.85.216.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 06CADEAC for ; Wed, 27 May 2015 16:56:02 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: by qcxw10 with SMTP id w10so6478634qcx.3 for ; Wed, 27 May 2015 09:55:56 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:subject:from:to:cc:date:in-reply-to :references:organization:content-type:mime-version; bh=ig1nBUiFdxeEX39yNpAnC8otqCYHzkjGKcK/V91FZ9M=; b=FUE1FNmiCM3tzE/K9pqrOpun21dCryWdzEN6I/WzAuvAYlfRWPpyIzpZAswlOCZYfR NqcXZXHA3oaPeLoGQFsdwxTdu046aUvciOkz4s0qFqWc9ufyUCV4VDnl0/4wW0gkF7yM 9vULoRSk07kNjYum0KG2n5o1xXqM2189bBoruRSpvix7B6fyvTVdPICr897kMTNBBU3y 7EZVz2IUvfDgNXnmodz/M+tI6NTUIBF83ITmnm9+BlOL/M0vh33sgUn0FtvYfyRXlpQH uLTUPU+X5VZTE0llnkTv0QbHy/K0TbedNT99jT3yjyXYctMWcaXdmI9Cy46TXLPakB9+ /cbA== X-Gm-Message-State: ALoCoQnnWtERsJcSmGOkRqXF4FdglhMFXC70HXoZA7lPADJkHG7NH+AV8u4YN53EC3yfUADpzuiI X-Received: by 10.55.40.92 with SMTP id o89mr1912054qkh.74.1432743943150; Wed, 27 May 2015 09:25:43 -0700 (PDT) Received: from [10.3.0.26] ([63.88.83.66]) by mx.google.com with ESMTPSA id 67sm10332178qhw.43.2015.05.27.09.25.41 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 27 May 2015 09:25:42 -0700 (PDT) Message-ID: <1432743944.20023.12.camel@hardenedbsd.org> Subject: Re: ASLR work into -HEAD ? From: Shawn Webb To: Pedro Giffuni Cc: Alfred Perlstein , freebsd-arch@freebsd.org Date: Wed, 27 May 2015 12:25:44 -0400 In-Reply-To: <5565EB16.20208@FreeBSD.org> References: <555CADB6.202@FreeBSD.org> <555CC369.1030206@FreeBSD.org> <555FBE83.6080103@FreeBSD.org> <55656245.3000205@freebsd.org> <5565EB16.20208@FreeBSD.org> Organization: HardenedBSD Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-FdrX3mqsx/ESInNSKzo/" X-Mailer: Evolution 3.12.10-0ubuntu1~14.10.1 Mime-Version: 1.0 X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 May 2015 16:56:03 -0000 --=-FdrX3mqsx/ESInNSKzo/ Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Wed, 2015-05-27 at 11:04 -0500, Pedro Giffuni wrote: >=20 > On 05/27/15 01:20, Alfred Perlstein wrote: > > > > > > On 5/24/15 1:43 PM, K. Macy wrote: > >> On May 22, 2015 4:41 PM, "Bryan Drewery" wrote: > >>> On 5/20/2015 12:24 PM, Pedro Giffuni wrote: > >>>> My claim is that the majority of "professional" breachers and > >>>> governments already have ASLR workarounds pre-coded and ready > >>>> to launch. Finding an exploit is more difficult than beating > >>>> ASLR so they are not going to hint everyone that they have > >>>> an exploit until they can take all the linux/windows/MacOSX > >>>> at the same time. > >>>> > >>>> The cost for the NSA and/or anonymous to step on > >>>> ASLR is zero. > >> Correct. But who are we really protecting against? If it's the NSA onl= y air > >> gap will really do. In reality it's just a matter of making the cost = of > >> circumventing protections exceed the value of the data or items being > >> protected. Locking one's doors and windows doesn't make one's house > >> impenetrable by any stretch, but it does deter opportunistic passerby. > >> > >> Protecting against state overreach is a political matter and shouldn't > >> factor into whether to invest in deterring lesser malfeasors. > >> > >> I'm sorry, but Bryan has it right. The political discussion is a side = show. > >> > > > > +1, also having a line item is good. Not having ASLR just makes=20 > > FreeBSD look derp. > > >=20 > And of course I am in the minority that thinks that just because > everybody else (or at least the OSs that matter) has done it > doesn't necessarily make it a great idea. This will be my last email > on the subject and I'll stop whining ... promise. Good. I'd rather focus on code rather than pointless politics. >=20 > > DragonFly BSD has an implementation of ASLR based upon OpenBSD's=20 > > model, added in 2010.[ > > Microsoft's Windows Vista (released January 2007) and later have ASLR= =20 > > enabled > > In 2003, OpenBSD became the first mainstream operating system to=20 > > support partial ASLR > > In Mac OS X Leopard 10.5 (released October 2007), Apple introduced=20 > > randomization for system libraries > > > > Linux has enabled a weak form of ASLR by default since kernel version= =20 > > 2.6.12 (released June 2005). > > > > So basically 1 more week and we can be 10 years behind Linux. :) > > >=20 > Happy birthday ASLR? ;) Somehow it hasn't been terribly useful in 10 year= s, > and we haven't really missed it, unless there's something I am unaware of > that the security advisories didn't mention. >=20 > If it comes to adopt things because we have to follow the herd, > that I guess I prefer the Dragonfly BSD approach: >=20 > - It is a very simple, to-the-point patch. Our patch is more complex due to per-jail support and the various weaknesses FreeBSD wanted us to add. HardenedBSD's implementation does not contain those weaknesses. > - It is off by default (NetBSD too?) but very > easy to setup with through a sysctl. Our patch is disabled by default in the GENERIC kernel. > - Given both points above it is very easy > to revert once the marketing hype foo dies. I hope security-related patches that have proven stable and well-performing never get reverted. >=20 > Again just my uneducated opinion, and I won't > spend time on the "quick" approach either. >=20 > regards, >=20 > Pedro. >=20 > _______________________________________________ > freebsd-arch@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-arch > To unsubscribe, send any mail to "freebsd-arch-unsubscribe@freebsd.org" --=-FdrX3mqsx/ESInNSKzo/ Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIbBAABCgAGBQJVZfAIAAoJEGqEZY9SRW7u2lQP90n4goSAiWokB7S3XR/sTEkW mFew95dtd9LqsydOhZYE34FKuNAPZq8NIrD2x7FM/Dcay4WXeffFlzOrkXAib+wk zy1zA4JhfTBwe4kMtWkJZ5S+LN3MFBeLpbMGNCj2uCIZ6QCdHA6hN8dj9PC33sUn aqelpmJM0LnUE1jg5l13rCEL+RuwD14EPCxwSJYYjOOKwMctAF3LfpaYghWAbmhW jbHGqX7FfPMqjhUFGhMLzL3XG6e8ZA2lLBAZSbNtgJvNK5Cvxv4ZLTgE9+CFqtGy EL7FxTVu06dTPt4srMYkhN6AIOHdMgKuNk0Z08nTSgKCS54iFgwD/EgcWl+cHpXr iAvJj1vKknmtXKr4csTmZPdC10H75Hsgz8CQH2Wjm75Xt/+lJJ6+dwz1SmCFI41/ uJaevPUprnb9Wz6zXb4UAxkrU6iqRL7WDlXHJaGp4XD3qa5fMwkXcmIpXAF+AF7i lOnwB6fNEy3EcaGQQYUL6DigDK+30xDB2cbGdV7Gh1ATu2892QgO+nastHMBRh/K lSjYpXzYeVMfzfT77m9e9cvH4AwmSgmmh4OpqnjlIoGjZwD4JTp54DQZfCjvgMU/ 2GVhf0kqd1Mqx03mk9xQi2z5fCQW0LX/HFlnJRdxyeHpsLWq80tlijRTZnfBzzIF m5Meca+nXicAQYMeRfM= =lgHO -----END PGP SIGNATURE----- --=-FdrX3mqsx/ESInNSKzo/--