From owner-freebsd-arch@FreeBSD.ORG Thu May 28 00:00:23 2015 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 5E9ADA2C for ; Thu, 28 May 2015 00:00:23 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: from mail-qg0-f45.google.com (mail-qg0-f45.google.com [209.85.192.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1B49C3F5 for ; Thu, 28 May 2015 00:00:22 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: by qgg60 with SMTP id 60so10118869qgg.2 for ; Wed, 27 May 2015 17:00:16 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:organization :user-agent:in-reply-to:references:mime-version:content-type; bh=IDJ0x2B1BT1L6bsvqTXBe6csD5+qquDapC9VzTbF/jc=; b=hfcZo7XruQJ993MSOnMP81TnWyHOXNhlWnEBjy+AiGtJb1luAie2pVGnwzVGaLaHEn OrbQfUZsMrmKiEUIn5Q9xxNmBFcWWVxmNTGVOgy/pADP0ucIy+rVrlo1PkIKqiPrPG92 S3cSebSoYN2KEO5NopkvAyv45+hu4J/Tw1zdhSkzQqsEwqFPfGoyZqhH1gc11O6ad2rk +X+WzIgIsGSCmyucmfWMzCQQPRfKPgIfs1/B9VlRm52lOEemrt2WG52tlb3gtpMAyxje T5HLcYMy7EzjqHBXybnUJKw9vW9cItGb3j1ywxRVZocjjYRLgEuw6d4mmDyu61y0UOUQ e8jA== X-Gm-Message-State: ALoCoQmHHorfBOlP2sPs8QAVdriP8ccOZeZqxCnSrk0E3DzoGtApz7mqlzm45yDRtc++Om8IDwhd X-Received: by 10.55.53.8 with SMTP id c8mr70840326qka.63.1432771216574; Wed, 27 May 2015 17:00:16 -0700 (PDT) Received: from shawnwebb-laptop.localnet (c-73-200-186-132.hsd1.md.comcast.net. [73.200.186.132]) by mx.google.com with ESMTPSA id 63sm286974qgx.25.2015.05.27.17.00.15 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 27 May 2015 17:00:15 -0700 (PDT) From: Shawn Webb To: Warner Losh Cc: Pedro Giffuni , Alfred Perlstein , freebsd-arch@freebsd.org Subject: Re: ASLR work into -HEAD ? Date: Wed, 27 May 2015 20:00:02 -0400 Message-ID: <2503264.OAH5YVL1Fd@shawnwebb-laptop> Organization: HardenedBSD User-Agent: KMail/4.14.3 (FreeBSD/11.0-CURRENT; KDE/4.14.3; amd64; ; ) In-Reply-To: References: <555CADB6.202@FreeBSD.org> <1432743944.20023.12.camel@hardenedbsd.org> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart2333400.9eqfPmJx2M"; micalg="pgp-sha256"; protocol="application/pgp-signature" X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 May 2015 00:00:23 -0000 --nextPart2333400.9eqfPmJx2M Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" On Wednesday, 27 May 2015 17:37:06 Warner Losh wrote: > > On May 27, 2015, at 10:25 AM, Shawn Webb > > wrote: Good. I'd rather focus on code rather than pointless politic= s. >=20 > But then=E2=80=A6 >=20 > > Our patch is more complex due to per-jail support and the various > > weaknesses FreeBSD wanted us to add. HardenedBSD's implementation d= oes > > not contain those weaknesses. >=20 > You=E2=80=99ll get more flies with honey than vinegar. >=20 > And FreeBSD didn=E2=80=99t want you to do anything. Certain people wa= nted certain > features or changes. Perhaps you could be more specific, since this k= ind of > carping is totally unhelpful. At the FreeBSD Developer Summit at EuroBSDCon 2014, Ed Maste said on be= half of=20 the FreeBSD Foundation that he (and by extension, the Foundation) would= block=20 the ASLR patch from being merged into HEAD if we didn't provide a mecha= nism=20 for disabling ASLR as a non-root user on a per-binary basis. I begrudgingly committed a first draft of the API on 26 Sep 2014 to our= =20 upstreaming branch[1]. Further changes were made to clean up the=20 implementation a bit within a few days. This rather silly "feature" was= =20 included in the next patch update to the review on Phabricator. This, of course, is a vast weakness that can be easily abused. So we've= made=20 sure not to have this in HardenedBSD. Want to debug an application with= ASLR=20 turned off? Set the sysctl to turn it off. Or use secadm to disable ASL= R for=20 that application. Usage of secadm requires root privileges and works on= a per- jail basis, just like our sysctls that control ASLR. [1]:=20 https://github.com/HardenedBSD/hardenedBSD/commit/0e6726c5606c9055951be= a44ff4a6fca8a79329c =2D-=20 Shawn Webb HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE --nextPart2333400.9eqfPmJx2M Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part. Content-Transfer-Encoding: 7Bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAABCAAGBQJVZlqCAAoJEGqEZY9SRW7uwVgQAI3iSdcGoBDtM5/jJprmE/4X 418ZvraBM2frn2osFLZQAnh2xthAGg+04Q7g7jBaUpRfSX6GMK+1xOnejSFuPYEI bONVJ0fCXM3h5pPkV/vx1E4HP1CCduR/AlG+11Rb3y6llAezFm0ym6ZvKxTftVqn u3m6xTd05oXYRJ1k4DcjvpRWaImF9snZ+3DZPoHAIUgve5050rcF7rijFz2IK0Zq gVJ3GWCyOJbLUKgbBIthpp8Qb8GaFRD8nsok6GXh+PjHtJFIsTGXp9uw1z5+30A7 utp6HzqguM8yDNEanYH+oaCOKy7qvefDMD0pocYvdS72C8zBcMcLalezAEMa6ig7 +gYKWhc2075qkk0OtQHvmYrSI66NFC+TdTvIx4y30egDi79wdPWuu80lQBoHSXxf WKaBZSjzAD35lDCAWJ9+yRC3Fb2wYK5fE9MmWpceLjmIrHdfgiMjgPf46n7lGEtP Fg5V/203XJ8QLu1octwOJu66DXyDFPI+gSAg5bR4G54cd/q0MbXXJlayMosx1AMv SwQBrpmUvCPl8z7re/0VIFZ1shuSqqxaItetfuRi5wPuCxat9AVHr6DCacFnF3O6 JaaXOQhy4evcOozJaxkHgM/8E1posqWouOXWvsBHOqTfapTa+KWn9scogKp5caYR vdOD5rNCepJWDguhHsUc =to4U -----END PGP SIGNATURE----- --nextPart2333400.9eqfPmJx2M--