SafeStack in base

[David Chisnall]

On 27 Jul 2016, at 23:55, Shawn Webb <shawn.webb at hardenedbsd.org> wrote:
> 
> I'm interested in getting SafeStack working in FreeBSD base. Below is a
> link to a simplistic (maybe too simplistic?) patch to enable SafeStack.
> The patch applies against HardenedBSD's hardened/current/master branch.
> Given how simple the patch is, it'd be extremely easy to port over to
> FreeBSD (just line numbers would change).

We’ve worked with the authors of the SafeStack work.  There are some changes to libc and a few other support libraries needed for it to work, which are in the GitHub repository.  They’ve also done some work to address issues of things like Firefox and v8 that need to be able to walk the stack, allocate their own stacks for userspace threads, and so on.

It was not enabled for FreeBSD 11 because SafeStack imposes a lot of long-term ABI constraints that it’s not clear we want to support indefinitely given the ‘Missing the point(er)’ Oakland paper last year.  It does increase the work factor for attackers, so has some security benefit, but if bypassing it is something that’s going to be added to exploit toolkits then it’s little practical benefit.

One middle-ground that we’ve considered is only supporting it for statically linked binaries.  This absolves us of the need to support the ABI indefinitely, and still provides a lot of the benefit.

David

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3698 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-current/attachments/20160728/e866c399/attachment.bin>