ASLR work into -HEAD ?

Fri Mar 20 21:14:45 UTC 2015

> On Mar 20, 2015, at 1:05 PM, Shawn Webb <shawn.webb at hardenedbsd.org> wrote:
> 
> On Fri, 2015-03-20 at 14:17 -0400, Shawn Webb wrote:
>> On Fri, 2015-03-20 at 09:28 -0600, Warner Losh wrote:
>>>> On Mar 19, 2015, at 2:31 PM, Oliver Pinter <oliver.pinter at hardenedbsd.org> wrote:
>>>> 
>>>> On Thu, Mar 19, 2015 at 9:04 PM, Adrian Chadd <adrian at freebsd.org> wrote:
>>>>> On 19 March 2015 at 12:56, Warner Losh <imp at bsdimp.com> wrote:
>>>>>> 
>>>>>>> On Mar 19, 2015, at 12:53 PM, Adrian Chadd <adrian at freebsd.org> wrote:
>>>>>>> 
>>>>>>> Hi,
>>>>>>> 
>>>>>>> Apparently this is done but has stalled:
>>>>>>> 
>>>>>>> https://reviews.freebsd.org/D473
>>>>>>> 
>>>>>>> Does anyone have any strong objections to it landing in the tree as-is?
>>>>>> 
>>>>>> There’s rather a lot of them specifically spelled out in the code review.
>>>>>> 
>>>>>> Many of the earlier ones were kinda blown off, so I’ve not been inclined
>>>>>> to take the time to re-review it. Glancing at it, I see several minor issues
>>>>>> that should be cleaned up.
>>>>> 
>>>>> Cool. Thanks for taking the time to look at it again.
>>>>> 
>>>>> Shawn is in #freebsd on freenode irc, so if you/others want a more
>>>>> interactive review then he's there during the day.
>>>> 
>>>> Please CC the core at hardenedbsd.org in future please, when you are
>>>> talking about this issue.
>>>> 
>>>> Adrian: do you able to review the MIPS or ARM part especially or test them?
>>> 
>>> Adrian: Do not commit the changes.
>>> 
>>> I’ve gone back and re-read Robert Watson’s rather long review and it appears
>>> that virtually none of that has been addressed. Until it is, do not commit it. This
>>> code interacts with dangerous parts of the system, and the default cannot be
>>> to just let it in because no one has objected recently. Objections have been made,
>>> they have been quantified, they haven’t been answered or acted upon. Until that
>>> changes, you can assume the objections remain in place and asking again without
>>> fixing them isn’t going to change the answer.
>>> 
>>> Warner
>> 
>> Warner,
>> 
>> We've fixed the vast majority of the concerns raised in that review. To
>> say "virtually none of that has been addressed" and "they haven't been
>> answered or acted upon" is a blatant lie. The fact that there are so
>> many revisions of the patch is proof. We even made our ASLR
>> implementation for FreeBSD less secure by providing a mechanism in
>> ptrace() to disable it as requested by a member of the FreeBSD
>> Foundation. (This "feature" doesn't exist in HardenedBSD's
>> implementation.) If comments like these continue, I will remove the diff
>> from Phabricator and close the BugZilla ticket. FreeBSD can feel free to
>> pull from us, but we won't make any effort to proactively upstream our
>> work.
>> 
>> With that said, I have missed a few of the concerns raised. There's so
>> many comments/concerns in that review that it's easy to miss a few. I
>> will address them tonight and upload a new patch tomorrow.
> 
> I've updated the patch. Is there anything I've missed?

I’ve taken a look at the updated patch and see that it addressed the
issues I raised. It almost looks like the update to the review a month
ago was the wrong version, since so many more of the original
comments appear to be addressed than when I looked. Thanks!

Warner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freebsd.org/pipermail/freebsd-arch/attachments/20150320/0c52b045/attachment.sig>