Date: Wed, 14 May 2014 13:09:59 -0400 From: Shawn Webb <lattera@gmail.com> To: Adrian Chadd <adrian@freebsd.org> Cc: freebsd-security@freebsd.org, freebsd-current <freebsd-current@freebsd.org>, FreeBSD Stable Mailing List <freebsd-stable@freebsd.org> Subject: Re: [CFT] ASLR, PIE, and segvguard on 11-current and 10-stable Message-ID: <20140514170959.GA31277@pwnie.vrt.sourcefire.com> In-Reply-To: <CAJ-Vmonm5k05ap03CvXR3tosJ6at-gxeaT0d4%2BJ1QzQ8-5viww@mail.gmail.com> References: <20140514135852.GC3063@pwnie.vrt.sourcefire.com> <CAJ-Vmonm5k05ap03CvXR3tosJ6at-gxeaT0d4%2BJ1QzQ8-5viww@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--nFreZHaLTZJo0R7j Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable It runs on all architectures FreeBSD supports. The question is how well it runs. The wider the testing, the better the code, of course. We're actively testing on amd64 and i386 with limited testing on sparc64 and ARM. I've been running with this patches on amd64 on multiple machines for months. amd64 is rock solid from my experience. But your mileage may vary, hence the CFT. :-) Thanks, Shawn On May 14, 2014 10:02 AM -0700, Adrian Chadd wrote: > Hi! >=20 > Cool! Does it run on MIPS? :P >=20 >=20 > -a >=20 >=20 > On 14 May 2014 06:58, Shawn Webb <lattera@gmail.com> wrote: > > Hey All, > > > > [NOTE: crossposting between freebsd-current@, freebsd-security@, and > > freebsd-stable@. Please forgive me if crossposting is frowned upon.] > > > > Address Space Layout Randomization, or ASLR for short, is an exploit > > mitigation technology. It helps secure applications against low-level > > exploits. A popular secure implementation is known as PaX ASLR, which is > > a third-party patch for Linux. Our implementation is based off of PaX's. > > > > Oliver Pinter, Danilo Egea, and I have been working hard to bring more > > features and robust stability to our ASLR patches. We've done extensive > > testing on amd64. We'd like to get as many people testing these patches. > > Given the nature of them, we'd also like as many eyeballs reviewing the > > code as well. > > > > I have a Raspberry Pi and have noticed a few bugs. On ARM (at least, on > > the RPI), when a parent forks a child, and the child gracefully exits, > > the parent segfaults with the pc register pointing to 0xc0000000. That > > address is always the same, no matter the application. If anyone knows > > the ARM architecture well, and how FreeBSD ties into it, I'd like a > > little guidance. > > > > I also have a sparc64 box, but I'm having trouble getting a vanilla > > 11-current system to be stable on it. I ought to file a few PRs. > > > > You can find links to the patches below. > > > > Patch for 11-current: > > http://www.crysys.hu/~op/freebsd/patches/20140514091132-freebsd-current= -aslr-segvguard-SNAPSHOT.diff > > > > Patch for 10-stable: > > http://www.crysys.hu/~op/freebsd/patches/20140514091132-freebsd-stable-= 10-aslr-segvguard-SNAPSHOT.diff > > > > Thanks, > > > > Shawn Webb --nFreZHaLTZJo0R7j Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQIcBAEBAgAGBQJTc6NnAAoJEGqEZY9SRW7u6+AP/0uOILtPQTmgOjtBOVYTmula sHDK1jwa6QQOTgRhUf6Nep76gUmeyOEBCCv8ExJB9YoOHF3ndLydz8RhkxEvHOWv RLEfmVf8ZFIw0flP9NPlzOdgleOmxFekzOSUUQR8B/bIRGprrDCBfob7CpoKNp79 ygKJQgICmz651n3fLGH7NZyHe+Iw4X1Et8EMfRNyemjB1+X3IKB4egdntXe/qbAk +Viig7g5A8iGUFZ9vtPfJjSMMccIkWTTsI9rgajhOtR1GRA3Cx69dqclkgMB4Ijl yekMf3iuUcmvMVddIRcszi+5WXXUIFGTdu2eNxhJqf6ejB51vDo9CoV0cfrtFRfz RT1f2S/rcl6+m7wexvv/R7yoDYJTebDQoN0M3zH7SrmeTc7LkYRPaLlDbnKKp1Q7 IR+ia/46ypDprnFtNw3tg9zah2bsGo93eQyBgOx2lzADMZKBVf27mFTVRwH4dDd/ 87TugPAMfK/ViiF4mZ7yuQEJRYcaHMUVx4ayS1xUuBAF+VbNYxR3minpZKKy3Le0 6PZMifTYCgM+D3ny6iUYVhIx5XzBTNnrWMJgOg7p/PYVY9jRW7U9/7hZS57koE1b jzr9wtu+Zp5jH5V1UwBXngW9+6854bV/5dveF0bh2PqB2bEPvWtNBscaY8B/9GSd JmLQ73v8jEpfcK73TqJ9 =a9Ka -----END PGP SIGNATURE----- --nFreZHaLTZJo0R7j--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140514170959.GA31277>