Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 9 Mar 2016 16:05:12 +0000
From:      Big Lebowski <spankthespam@gmail.com>
To:        Piotr Kubaj <pkubaj@anongoth.pl>
Cc:        freebsd-security <freebsd-security@freebsd.org>
Subject:   Re: Will 11.0-RELEASE include ASLR?
Message-ID:  <CAHcXP%2Bc%2B-PYkn4C8TyGf6Jropot3zsJAiDZFrBvmeT7595fqPA@mail.gmail.com>
In-Reply-To: <56E02D95.9020303@anongoth.pl>
References:  <56E02D95.9020303@anongoth.pl>

next in thread | previous in thread | raw e-mail | index | archive | help
Hi Piotr,

There are people who can probably answer it better, but until they do, I
can share what I've heard about it: on the FreeBSD side there are few
things that stop ASLR implementation:

- there's no actual agreement between the influencial developers on wether
ASLR is viable or needed in first place
- there was no planning or discussion how to implement ALSR in FreeBSD,
Shawn simply started writing the code, and some developers would like to
discuss and plan things first
- there are doubts expressed in the code reviews about code quality and
compliance to FreeBSD standards. Some developers dedicated their time to
review the code and provide feedback, there were few cycles of rewrite,
review, rinse, repeat, but if you'd look into the reviews, Shawn closed
them, and I understand they'd only be considered for inclusion if they'd
meet the code quality standards expected

As a side note, one person saying 'ASLR implementation is finished' and
proper ASLR implementation that's properly tested, functional and not in
fact opening other security issues are two vastly different things, that
should be approached very carefully.

Cheers,
BL

On Wed, Mar 9, 2016 at 2:05 PM, Piotr Kubaj <pkubaj@anongoth.pl> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Shawn Webb has recently announced that ASLR is complete on HardenedBSD.
> There are patches ready for FreeBSD to use and it's ready to be shipped
> in FreeBSD. However, for some reason FreeBSD developers do not want to
> ship ASLR in FreeBSD. Why can't it be included at least as non-default
> src.conf option and marked as experimental?
>
> FreeBSD is the only OS that matters that doesn't have ASLR.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iQIcBAEBCAAGBQJW4C2QAAoJEHpZm4Ugg5yd2MoQAMPZ+UxbpTo9YvJz6YYB8wtH
> tRw3jQMUb4K6s26IO1mp/K6p+DM+HXcVvamO2cxjRKseQy/oLBGizgfR1ktBqdXQ
> xuqQJc5BCSdKgTsBs0IvNQghvUQkEyvYi+wn9EY9qJh6oEguAkcAWUhl5rGN2FhM
> Gwf9VDoPAR+n9Pjl6brcqyQvWczfDx9+VFpF0joeiI5PRRMF1UUsTYM/OHvtVoQA
> n1f8qNppIdprjwUjWE/BX6POaDhs4ZZKJRaFmbCuYudDPpX7P1yj7CHz/xthjMYG
> 325NnCJpN81fwCmcgvDFU3BYkEC9JSkBoA+5oDdRU3MALsJNQ10rz+IhAaeAsCMb
> oz7Oy0Gykeic60NLuMZlhOfl79XW666T1B9wOWlkrAlBPCY6v2kz6t/oJbHHGQOf
> CCBuhQJCdzdqyTnv0Bx4ZXiiecwhjvxaAPCwgppnxf2qLuBgxr9BsswMVp7wgYfM
> 2sfxk0pS0RuV5M2qWN9UATOyOiO5aPsC4f+WUzUM0LC6MbuHVDJu3QaUo7F3b3Ic
> KX150B3gWtsGlZZs8N9mIM3Aj/O5E496JHEf6zmlz6ssLuE6gIO8ICqpFSaXzkJC
> IWzgIVdL88gK6niVg7KCOAuzVZ1sxcx7cBCtGzAhVy9RhYKqwAtN9T2YOBC75cQW
> OdRGf2V3trcK664nKgEA
> =lM/6
> -----END PGP SIGNATURE-----
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org
> "
>



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHcXP%2Bc%2B-PYkn4C8TyGf6Jropot3zsJAiDZFrBvmeT7595fqPA>