From owner-freebsd-current@FreeBSD.ORG Sat May 24 16:22:41 2014 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 163FF649; Sat, 24 May 2014 16:22:41 +0000 (UTC) Received: from mail-qc0-x22f.google.com (mail-qc0-x22f.google.com [IPv6:2607:f8b0:400d:c01::22f]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A3EE9289E; Sat, 24 May 2014 16:22:40 +0000 (UTC) Received: by mail-qc0-f175.google.com with SMTP id w7so9929398qcr.20 for ; Sat, 24 May 2014 09:22:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; bh=o5DkegHqYUfM2Ic3VscIRgCOiMRcF1u47NC5ErZhcqY=; b=B5abpdMLS2tB3pXKAdVBEMdkT18dFayIQU+SeRaFuOHODAjsp1yDyalWixjjbCcG5B YEu/QlMGu7haQXTt7AMscHmdn5UiTB6Er9xzKmkPi4fTP4r2tsXWERYSDZdOA2PXKber bu9nf/OY+AUCs/xk0gFJM3/7R4E++4A79mTZfzF7fzhHyqcOvf0QNofTuxYB8y1N7Xlb w9nFYVl4uT1nTkHprmRVcm3+t+MF5gxETDu+Dolet3jmDMGcL3YipLJuwznkYh1lSuVS 16cQzs+WsyurHtEvSY69roq2VDfECpgsU6A8uEgMYDjqzZ5GCcrYlDpqJNUY3dLFLBsY vZEg== X-Received: by 10.140.109.201 with SMTP id l67mr16660146qgf.72.1400948559845; Sat, 24 May 2014 09:22:39 -0700 (PDT) Received: from pwnie.vrt.sourcefire.com (moist.vrt.sourcefire.com. [198.148.79.134]) by mx.google.com with ESMTPSA id 91sm4261137qgp.41.2014.05.24.09.22.37 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 24 May 2014 09:22:37 -0700 (PDT) Date: Sat, 24 May 2014 12:22:36 -0400 From: Shawn Webb To: Pedro Giffuni Subject: Re: [CFT] ASLR, PIE, and segvguard on 11-current and 10-stable Message-ID: <20140524162236.GG2029@pwnie.vrt.sourcefire.com> References: <4E5105B9-54F7-4780-B954-65BDD42EF331@freebsd.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="yQbNiKLmgenwUfTN" Content-Disposition: inline In-Reply-To: <4E5105B9-54F7-4780-B954-65BDD42EF331@freebsd.org> X-PGP-Key: http://pgp.mit.edu/pks/lookup?op=vindex&search=0x6A84658F52456EEE User-Agent: Mutt/1.5.23 (2014-03-12) Cc: freebsd-current@freebsd.org, "Wojciech A. Koszek" , Oliver Pinter X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 May 2014 16:22:41 -0000 --yQbNiKLmgenwUfTN Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On May 23, 2014 07:44 PM -0500, Pedro Giffuni wrote: > (Dropped the cross-posting, which *is* frowned upon) >=20 > While I do very much appreciate this work being done, and I agree we shou= ld have it in the tree, I would really prefer it opt-in rather opt-out, at = least initially. >=20 > I know this may very well be the subject of a bikeshed of historical prop= ortions but: >=20 > 1) Understand this may break some applications (?). Yup. This is why we provide both ugidfw support for dynamic rulesets and per-jail settings. We'll soon be adding FS extended attributes as well. >=20 > 2) It is yet undetermined what the performance effect will be. Very early on, Oliver ran unixbench against the ASLR implementation. There was some anomalous behaviors. Our implementation has drastically changed since then and we ought to run unixbench again against the current implementation. I've got a lot going on right now, but when things settle down, I'll run unixbench under these conditions: 1) Vanilla FreeBSD 11-CURRENT with WITNESS and other debugging features turned off. 2) FreeBSD 11-CURRENT with ASLR patches applied, but with ASLR turned off, and with WITNESS and other debugging features turned off. 3) FreeBSD 11-CURRENT with ASLR patches applied, but with ASLR turned on, and with WITNESS and other debugging features turned off. I hope to have the tests done within the next two weeks. >=20 > I find it very neat that it can be enabled for jails though. That's my second favorite feature of our implementation, the first being ugidfw integration. I'm glad to see you like the jails integration. Thanks, Shawn --yQbNiKLmgenwUfTN Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQIcBAEBAgAGBQJTgMdLAAoJEGqEZY9SRW7u6BQQAJa3ncro8LB6rf9bTWJS1lUb iQfB6DVqVxttNSVcWIUv2ykUDAU210N/oUOdvoaCz1pjYx3aBEAXMsuQwXzGFdop nJI/OFJ1MUozMACSWJEsiM0H10NbetKblRW/AFbX913V7gDSaRcwC6G1mNb8Vd6b xt1sljQPGdEPdOHUdCOrvCIXK1LGCjgOeP2z8AmyzFDms8G+hBgK/Q+5vuwpAigH 4Fbd9A+w0byVYtCIH3q1JG8dce1RbP8ycF/sAcITPU0lHc63c+8PgQAxCxkK7e1U rY+LA6XdH+AXyrMQyLimTUUnMF3yMcaQQ5s8gm0QthAhcDgE9e4w57P7Yo55VLeC A8KppO9nSCDt4TB3JyGbeGZ7Enjo9vl9KXIFhZnbfEctdSUl2fyZoWAWAeKteA0N WtXOOFjTpRFp2Yi7SRxZS3eaZZNvtmlM+wYKvJjALmH07TnmjdjE3gz9oKgAbDPR z+BgvuWMj5PzKuwrW20opqeaqSccy1GRcxyI8ujfs2spHvgcCa7MHmNmeJ2On9/a YQ8sSPP9jEZoZp26R8VGqbl1gO/+I/jI/WDjh83Ombtj9VZzDUASzwlSsiCimIh2 fa+2WsZkJ0dRiaiomRAk7qrKB1kyhcWi3y/LhnHsyr0FKJ3heb8eRC54yjlkAoAJ y7d1VG2dv7G6tMeut8Qs =yRoO -----END PGP SIGNATURE----- --yQbNiKLmgenwUfTN--