[RFC] ASLR Whitepaper and Candidate Final Patch

[Bryan Drewery]

On 7/11/14, 6:29 PM, Shawn Webb wrote:
> Hey All,
>
> Oliver Pinter and I have been working hard on our ASLR implementation.
> We're now in the final stages of development and would like to get
> feedback from the community. I've attached to this email a small
> whitepaper that details our implementation and the accompanying patch.
>
> There is one part of the patch that I wrote that is quite an ugly hack
> and would like to get some feedback on. I added a little hack to
> sys_mmap() to apply ASLR to calls to mmap(2) when MAP_32BIT is
> specified. I'd like to remove that ugly hack to something a bit more
> beautiful, so if anyone has any suggestions, I'm all ears.
>
> Other than that ugly hack, the code adheres to FreeBSD's style(9)
> standards. I believe we have an awesome implementation, one I've
> personally been using without issue for months.
>
> I'm looking forward to your comments and questions. I've CC'd the PaX
> team. Please keep them CC'd in your replies.
>
> Thank you very much,
>
> Shawn Webb
> CC: PaX Team
> CC: Oliver Pinter
> CC: des at freebsd.org
> CC: alc at rice.edu
> CC: bdrewery at freebsd.org
>
> PS - Sorry for the duplicate emails. I hit the wrong key and didn't CC
> everyone.

I plan to review and test this and then commit it likely next weekend 
(7/27). I would do it sooner but will be busy next week.

One big shortcoming I reported to Shawn was lack of committable 
documentation. He is working on that now.

There was a lot of outrage over the NO_PIE commit which seemed to be 
much more directed at ASLR and its support scope across the system than 
the simple -fPIE change that was committed. If anyone has any concerns 
please do speak up now with constructive input.

I am leaning towards leaving by PIE/ASLR off by default on head until 
more widespread testing can be done. Eventually we will want it enabled 
by default though.

-- 
Regards,
Bryan Drewery