From owner-freebsd-security@FreeBSD.ORG Wed May 14 17:02:11 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 0429CDF1; Wed, 14 May 2014 17:02:11 +0000 (UTC) Received: from mail-qc0-x231.google.com (mail-qc0-x231.google.com [IPv6:2607:f8b0:400d:c01::231]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 97C7423CD; Wed, 14 May 2014 17:02:10 +0000 (UTC) Received: by mail-qc0-f177.google.com with SMTP id i17so3255564qcy.36 for ; Wed, 14 May 2014 10:02:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=0AgJCZtCTU3IFbwQo02Wv/q7DvEnT6pEaVUOwXXctLQ=; b=q36ggtuqlBJkZfEbablxYhv/WAoJRwvlYpnF0XVQY2iWysRrxS3kajYtS+JE4d2kH4 YXGhBZkTnUsxvxnBZ8CrXeix1YvyT/xJkVUfcUxAmYOuVPW3CY17CCtFrgE6Wdp7rQVO hYTcH+86umUWs1QUOwuNztmLJ6Vg3J2O6halrtZtwBnZdb+Hl/o/BMxoHZYxTwjrVuSu Dv9HKH/9DLdnIcxePnxQcp0wEiPs3lM8W9iI1rsLyShQ8p3iUk+S87AlKrp8iPQJo8TH UnEI/o+/6OolfDmQq9ne3vdW29xoUKCsJnZIDBK7iYgSf8wCe10NBeJPRN71tX/Nt7yl 06cg== MIME-Version: 1.0 X-Received: by 10.140.104.195 with SMTP id a61mr7324093qgf.102.1400086929717; Wed, 14 May 2014 10:02:09 -0700 (PDT) Sender: adrian.chadd@gmail.com Received: by 10.224.191.201 with HTTP; Wed, 14 May 2014 10:02:09 -0700 (PDT) In-Reply-To: <20140514135852.GC3063@pwnie.vrt.sourcefire.com> References: <20140514135852.GC3063@pwnie.vrt.sourcefire.com> Date: Wed, 14 May 2014 10:02:09 -0700 X-Google-Sender-Auth: GmFptiiCoBTRx-N3HUWrxicEmm8 Message-ID: Subject: Re: [CFT] ASLR, PIE, and segvguard on 11-current and 10-stable From: Adrian Chadd To: Shawn Webb Content-Type: text/plain; charset=UTF-8 X-Mailman-Approved-At: Wed, 14 May 2014 21:18:39 +0000 Cc: freebsd-security@freebsd.org, freebsd-current , FreeBSD Stable Mailing List X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 May 2014 17:02:11 -0000 Hi! Cool! Does it run on MIPS? :P -a On 14 May 2014 06:58, Shawn Webb wrote: > Hey All, > > [NOTE: crossposting between freebsd-current@, freebsd-security@, and > freebsd-stable@. Please forgive me if crossposting is frowned upon.] > > Address Space Layout Randomization, or ASLR for short, is an exploit > mitigation technology. It helps secure applications against low-level > exploits. A popular secure implementation is known as PaX ASLR, which is > a third-party patch for Linux. Our implementation is based off of PaX's. > > Oliver Pinter, Danilo Egea, and I have been working hard to bring more > features and robust stability to our ASLR patches. We've done extensive > testing on amd64. We'd like to get as many people testing these patches. > Given the nature of them, we'd also like as many eyeballs reviewing the > code as well. > > I have a Raspberry Pi and have noticed a few bugs. On ARM (at least, on > the RPI), when a parent forks a child, and the child gracefully exits, > the parent segfaults with the pc register pointing to 0xc0000000. That > address is always the same, no matter the application. If anyone knows > the ARM architecture well, and how FreeBSD ties into it, I'd like a > little guidance. > > I also have a sparc64 box, but I'm having trouble getting a vanilla > 11-current system to be stable on it. I ought to file a few PRs. > > You can find links to the patches below. > > Patch for 11-current: > http://www.crysys.hu/~op/freebsd/patches/20140514091132-freebsd-current-aslr-segvguard-SNAPSHOT.diff > > Patch for 10-stable: > http://www.crysys.hu/~op/freebsd/patches/20140514091132-freebsd-stable-10-aslr-segvguard-SNAPSHOT.diff > > Thanks, > > Shawn Webb