From owner-freebsd-current@FreeBSD.ORG Wed May 14 13:58:56 2014 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 17EFBDA; Wed, 14 May 2014 13:58:56 +0000 (UTC) Received: from mail-qc0-x22b.google.com (mail-qc0-x22b.google.com [IPv6:2607:f8b0:400d:c01::22b]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A704A2234; Wed, 14 May 2014 13:58:55 +0000 (UTC) Received: by mail-qc0-f171.google.com with SMTP id x13so2815357qcv.2 for ; Wed, 14 May 2014 06:58:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:subject:message-id:mime-version:content-type :content-disposition:user-agent; bh=CG0v5gOwTbBmlS+2IPK9vINoUeprxugnfKYFUaZUA04=; b=vD/LFlo6dwYjmEQnuyP0BfS7iMGlueUKOfASAgzT4dlQuBVcIrOjRXCDHNpkvin2WT dfW3yzGHcSHF8tCxQOcuoGbriy6J4eS3uD8/aNyABqTEeIG6iqW4pwDcJjznPUHS3G5R 9mzlSTQL4z8/bHy24NXQwDKTykE2zdRsi593K1v/vpXcc5uMeJZ3BHQH+QZ//bcGxR4F uJEpHLiYytOtjwpTicKQVuxliUm+eOSHrgpHRjRFhMK2LmC+BWeofu+lq9b+cQ/DZoy/ 8ZflJcTnxWSf3ZysqIoXWH3rR+D2lZCPZx56+cdVJ4X1uHdhA16JThgwbDkmo9chDoRF d4vA== X-Received: by 10.140.96.68 with SMTP id j62mr5832925qge.5.1400075934858; Wed, 14 May 2014 06:58:54 -0700 (PDT) Received: from pwnie.vrt.sourcefire.com (moist.vrt.sourcefire.com. [198.148.79.134]) by mx.google.com with ESMTPSA id k9sm3018963qat.18.2014.05.14.06.58.53 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 14 May 2014 06:58:54 -0700 (PDT) Date: Wed, 14 May 2014 09:58:52 -0400 From: Shawn Webb To: freebsd-current@freebsd.org;, freebsd-security@freebsd.org;, freebsd-stable@freebsd.org Subject: [CFT] ASLR, PIE, and segvguard on 11-current and 10-stable Message-ID: <20140514135852.GC3063@pwnie.vrt.sourcefire.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="lymARMIdFDV9dylT" Content-Disposition: inline X-PGP-Key: http://pgp.mit.edu/pks/lookup?op=vindex&search=0x6A84658F52456EEE User-Agent: Mutt/1.5.23 (2014-03-12) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 May 2014 13:58:56 -0000 --lymARMIdFDV9dylT Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hey All, [NOTE: crossposting between freebsd-current@, freebsd-security@, and freebsd-stable@. Please forgive me if crossposting is frowned upon.] Address Space Layout Randomization, or ASLR for short, is an exploit mitigation technology. It helps secure applications against low-level exploits. A popular secure implementation is known as PaX ASLR, which is a third-party patch for Linux. Our implementation is based off of PaX's. Oliver Pinter, Danilo Egea, and I have been working hard to bring more features and robust stability to our ASLR patches. We've done extensive testing on amd64. We'd like to get as many people testing these patches. Given the nature of them, we'd also like as many eyeballs reviewing the code as well. I have a Raspberry Pi and have noticed a few bugs. On ARM (at least, on the RPI), when a parent forks a child, and the child gracefully exits, the parent segfaults with the pc register pointing to 0xc0000000. That address is always the same, no matter the application. If anyone knows the ARM architecture well, and how FreeBSD ties into it, I'd like a little guidance. I also have a sparc64 box, but I'm having trouble getting a vanilla 11-current system to be stable on it. I ought to file a few PRs. You can find links to the patches below. Patch for 11-current: http://www.crysys.hu/~op/freebsd/patches/20140514091132-freebsd-current-aslr-segvguard-SNAPSHOT.diff Patch for 10-stable: http://www.crysys.hu/~op/freebsd/patches/20140514091132-freebsd-stable-10-aslr-segvguard-SNAPSHOT.diff Thanks, Shawn Webb --lymARMIdFDV9dylT Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQIcBAEBAgAGBQJTc3abAAoJEGqEZY9SRW7u580QAJWLg7UFiDYh4kScgsbyKmGT oAtZvijHAmqqRZ3TAbenWfset3MkyxxQ56QupEVvIl7TiveyEzgYNOVsOluur+gZ KtfM8IUUWQqaxQL7H0lfG304KpZGM6dWahxIPTeM3nOwkb70Z9HY4geuS5B2cSLs 4Js85lwKE09a9dzyCZWz13bB173zTLD4Drx23L5LQdvLfYrn+bQ83SScyq8arzoy 0e3AltDxxqYw50FMCe3865856Umi6envzm1bV/fMMp36Wc4usgLjTcodxqEJvrGs cRTKCg5lJZQCrPmqOSLaxOwDa9ni6Q6CDHNOi0D1RzfAvLQKzvR+Cro33494PAOL Lx33GfN2YRPpCnJ7E46/M2Kk+4JF6wCIqqsg8WZAoXdHs9+grs86ID24lueUxR4Z HL7ubdx68thozBbdq89m9Lg5Iji7Z7UVEVClVgnS+Sy9EoBiJIiFULgB1OuVITzS TPQ20mfwuIEVxfU2mOdf8FdJuWw5Pb5SrivaNgi+lO73H/et9yhR/SGmoA1jo086 4Tm0acmsq0ITI8gqtIJ0rypjqJxhkvID9qeXsmd8Q6P03XuXV/U7Mr/Ry5Y1iXbh /lAW6fRosqgWK2UpNTFOXSKG1BVjv+UictZGtPnGV2c5BTeCVNb9NT558jv0FolU Ica4f4E1I5Auioxdw8Y9 =xhTr -----END PGP SIGNATURE----- --lymARMIdFDV9dylT--