Date: Wed, 9 Mar 2016 11:52:52 -0500 From: Shawn Webb <shawn.webb@hardenedbsd.org> To: Big Lebowski <spankthespam@gmail.com> Cc: Piotr Kubaj <pkubaj@anongoth.pl>, freebsd-security <freebsd-security@freebsd.org> Subject: Re: Will 11.0-RELEASE include ASLR? Message-ID: <20160309165252.GB42303@mutt-hardenedbsd> In-Reply-To: <CAHcXP%2BdPOu4mgOCrjWx61JaQUQCW47VALQVmh_T_P=DMuZyNDw@mail.gmail.com> References: <56E02D95.9020303@anongoth.pl> <CAHcXP%2Bc%2B-PYkn4C8TyGf6Jropot3zsJAiDZFrBvmeT7595fqPA@mail.gmail.com> <20160309162210.GA42303@mutt-hardenedbsd> <CAHcXP%2BdPOu4mgOCrjWx61JaQUQCW47VALQVmh_T_P=DMuZyNDw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--KFztAG8eRSV9hGtP Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Mar 09, 2016 at 04:39:37PM +0000, Big Lebowski wrote: > Shawn, >=20 > Please, note, that I said, these are the things I've heard, and there > should be people able to answer those better. As such, you should consider > them to be opinion, not pure facts. >=20 > On Wed, Mar 9, 2016 at 4:22 PM, Shawn Webb <shawn.webb@hardenedbsd.org> > wrote: >=20 > > (Responding inline) > > > > On Wed, Mar 09, 2016 at 04:05:12PM +0000, Big Lebowski wrote: > > > Hi Piotr, > > > > > > There are people who can probably answer it better, but until they do= , I > > > can share what I've heard about it: on the FreeBSD side there are few > > > things that stop ASLR implementation: > > > > > > - there's no actual agreement between the influencial developers on > > wether > > > ASLR is viable or needed in first place > > > > Some FreeBSD developers think ASLR would be a good addition and others > > don't. We at HardenedBSD believe that ASLR provides a great foundation > > for further exploit mitigation technologies. We don't hold the belief > > that ASLR is the "end-all-be-all" of security as some would like you to > > believe. > > >=20 > That's pretty much what I wanted to say. >=20 >=20 > > > > > - there was no planning or discussion how to implement ALSR in FreeBS= D, > > > Shawn simply started writing the code, and some developers would like= to > > > discuss and plan things first > > > > Discussions took place over a period of over two years. I was very > > cooperative. If you take a look at the two reviews on FreeBSD's > > Phabricator instance (linked to below), you'll notice that there's a lot > > of back-and-forth discussion. > > >=20 > Discussing patches and designing a feature such as ASLR is not exactly the > same thing. In the spirit of this, some developers would expect some form > of academical approach, a whitepaper, and so on, not the reviews > discussion, and that's what lacking in their opinion. We provided a whitepaper and went through a few revisions of that, even. >=20 >=20 > > > > > - there are doubts expressed in the code reviews about code quality a= nd > > > compliance to FreeBSD standards. Some developers dedicated their time= to > > > review the code and provide feedback, there were few cycles of rewrit= e, > > > review, rinse, repeat, but if you'd look into the reviews, Shawn clos= ed > > > them, and I understand they'd only be considered for inclusion if the= y'd > > > meet the code quality standards expected > > > > Initial patches did not meet code quality standards. However, those > > style(9) violations were fixed early on. > > > > Even though the patches on Phabricator are closed, they can still be > > looked at for independent review. However, the code is now old and does > > not reflect the current implementation in HardenedBSD. > > > > We closed the reviews so that we could focus on making HardenedBSD > > great, not because of the lack of code quality. > > > > I'm not sure whether the patches would be considered for inclusion. > > That's up to FreeBSD to decide. Given that the last patch went months > > without any input from FreeBSD--input that was promised to be delivered. > > >=20 > I dont know C and I am not a security expert, however, the code quality w= as > questioned by people who I respect for their achievement in security, > operating systems and C knowledge, and I can simply rely what I've heard: > that there are doubts, some people even mentioned actual bugs, so its not > all about style(9). Yet again, not something I can verify myself, only > something I've heard and can share. >=20 > The lack of input is directly caused by my first two points: lack of > agreement that FreeBSD needs it, and lack of academical style on how > FreeBSD would like to implement it. Agreed. >=20 >=20 > > > > > > > > As a side note, one person saying 'ASLR implementation is finished' a= nd > > > proper ASLR implementation that's properly tested, functional and not= in > > > fact opening other security issues are two vastly different things, t= hat > > > should be approached very carefully. > > > > Does "being tested over the period of three or so years through many > > full package builds, production deployments, and dogfooding" not mean > > "properly tested?" What does "properly tested" mean to you? > > > > The developers at HardenedBSD make it a point to run HardenedBSD on all > > their hardware--even laptops. > > > > HardenedBSD has been available for over two years, so it can be tested > > by anyone who downloads it and runs tests themselves. If there's a test > > you'd like me to run, please let me know. > > >=20 > Sorry, but I completely disagree here. I dont know the actual numbers, but > I can safely assume that HardenedBSD user numbers are way smaller than > FreeBSD, and thus, I would say that amount of dogfooding over so short > period of time (since ASLR is considered to be completed by you) is nowhe= re > close for my taste, to consider it production ready. Moreover, do you have > any tests results available? Do you have a complete automated test suite > exposed somwhere? Have you done static code analysis? Have you used fuzze= rs > or any similar tools? When it comes to number of users, sure. We don't have nearly the visibility FreeBSD enjoys. But that's not a problem I can easily solve. Since we don't have any tools that call home, we don't even know how many users we have. Does a kernel fuzzer even exist for FreeBSD? If so, I'd love to run it for a whole bunch of things. I'll run it for ASLR, too. >=20 > Dont get me wrong, I highly appreciate your work in that area, however, I > would like to see more complete, thorough and cautios approach to such > complicated thing as computer security. What can we at HardenedBSD do to make it "more complete, thorough, and cautious"? Thanks, Shawn >=20 > Cheers, > BL >=20 >=20 > > > > Thanks, > > > > Shawn > > > > Original Phabricator review: https://reviews.freebsd.org/D473 (warning: > > huge load time since this review spans around two years). > > > > New Phabricator review for a smaller prereq patch: > > https://reviews.freebsd.org/D3565 > > > > Thanks, > > > > Shawn > > > > > > > > Cheers, > > > BL > > > > > > On Wed, Mar 9, 2016 at 2:05 PM, Piotr Kubaj <pkubaj@anongoth.pl> wrot= e: > > > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > > Hash: SHA256 > > > > > > > > Shawn Webb has recently announced that ASLR is complete on Hardened= BSD. > > > > There are patches ready for FreeBSD to use and it's ready to be shi= pped > > > > in FreeBSD. However, for some reason FreeBSD developers do not want= to > > > > ship ASLR in FreeBSD. Why can't it be included at least as non-defa= ult > > > > src.conf option and marked as experimental? > > > > > > > > FreeBSD is the only OS that matters that doesn't have ASLR. > > > > -----BEGIN PGP SIGNATURE----- > > > > Version: GnuPG v2 > > > > > > > > iQIcBAEBCAAGBQJW4C2QAAoJEHpZm4Ugg5yd2MoQAMPZ+UxbpTo9YvJz6YYB8wtH > > > > tRw3jQMUb4K6s26IO1mp/K6p+DM+HXcVvamO2cxjRKseQy/oLBGizgfR1ktBqdXQ > > > > xuqQJc5BCSdKgTsBs0IvNQghvUQkEyvYi+wn9EY9qJh6oEguAkcAWUhl5rGN2FhM > > > > Gwf9VDoPAR+n9Pjl6brcqyQvWczfDx9+VFpF0joeiI5PRRMF1UUsTYM/OHvtVoQA > > > > n1f8qNppIdprjwUjWE/BX6POaDhs4ZZKJRaFmbCuYudDPpX7P1yj7CHz/xthjMYG > > > > 325NnCJpN81fwCmcgvDFU3BYkEC9JSkBoA+5oDdRU3MALsJNQ10rz+IhAaeAsCMb > > > > oz7Oy0Gykeic60NLuMZlhOfl79XW666T1B9wOWlkrAlBPCY6v2kz6t/oJbHHGQOf > > > > CCBuhQJCdzdqyTnv0Bx4ZXiiecwhjvxaAPCwgppnxf2qLuBgxr9BsswMVp7wgYfM > > > > 2sfxk0pS0RuV5M2qWN9UATOyOiO5aPsC4f+WUzUM0LC6MbuHVDJu3QaUo7F3b3Ic > > > > KX150B3gWtsGlZZs8N9mIM3Aj/O5E496JHEf6zmlz6ssLuE6gIO8ICqpFSaXzkJC > > > > IWzgIVdL88gK6niVg7KCOAuzVZ1sxcx7cBCtGzAhVy9RhYKqwAtN9T2YOBC75cQW > > > > OdRGf2V3trcK664nKgEA > > > > =3DlM/6 > > > > -----END PGP SIGNATURE----- > > > > _______________________________________________ > > > > freebsd-security@freebsd.org mailing list > > > > https://lists.freebsd.org/mailman/listinfo/freebsd-security > > > > To unsubscribe, send any mail to " > > freebsd-security-unsubscribe@freebsd.org > > > > " > > > > > > > _______________________________________________ > > > freebsd-security@freebsd.org mailing list > > > https://lists.freebsd.org/mailman/listinfo/freebsd-security > > > To unsubscribe, send any mail to " > > freebsd-security-unsubscribe@freebsd.org" > > > > -- > > Shawn Webb > > HardenedBSD > > > > GPG Key ID: 0x6A84658F52456EEE > > GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE > > --=20 Shawn Webb HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE --KFztAG8eRSV9hGtP Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJW4FTiAAoJEGqEZY9SRW7u8C0P/A3FowG3nIuRpPc4cD0i3N5Y nW8avhW45UkY415QSY7Cw4e7ejv3t9ZmLXyOkUt3xc7H09T9hp+QurvxC1spUiCD Mt9XZk8XW03MObLq5sp+OiZsCG5PWcmAu+PWhmYVwkHh5REz/xAaCFICERynH+UI RhJeUMIgkuvu6jC+c4OvaKgOHV4Zy9q4eGqvta9FcODvQf69KEmmo9vhQo+B+UfF deT+GbfyR83it1ysIec8Yj+6kUO043OwQc65QIsS6o102ynBJkiwo1FMtfNfT3B0 NzPSnwvZKEVYIZrZ61Bu5TZtRV99flMXh5v7RMuByl3AdcewB5JsvWV9JaKlPg3p i1bz8VPCQ57yYMVdYZq+efJWlmSyR/fKBLYTCk1Qroy7p/e+mYo7tx7cS79I0LOU C61gexRp9GDo4ZY90pEkD8hTt2NBImonBDI1P+O+EIXGOfyGNUOGoH6boVMAmDwf GSjhV+zng2+TmO/ptOEl4atXhqGHevlCL2H6GkDvUepV/ErvTfmlRBCrqeiMMDM7 RDo6YTaQB3uZwzdHr9EiFUfUzQ0p8SEt8fdmjAOKnnVgZTXXeiX9UOM9Fn61gQ6e 8JJY/6CrhF1auvTyfxDrmhIk8yOZbDjKHsnhRhoObZH5Ll249tkVnuBVDoQopoBS apNXsXcdEf8mY1lvTaQx =k0Iv -----END PGP SIGNATURE----- --KFztAG8eRSV9hGtP--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20160309165252.GB42303>