ASLR work into -HEAD ?

Shawn Webb shawn.webb at hardenedbsd.org
Wed May 27 16:56:03 UTC 2015 

On Wed, 2015-05-27 at 11:04 -0500, Pedro Giffuni wrote:
> 
> On 05/27/15 01:20, Alfred Perlstein wrote:
> >
> >
> > On 5/24/15 1:43 PM, K. Macy wrote:
> >> On May 22, 2015 4:41 PM, "Bryan Drewery"<bdrewery at freebsd.org>  wrote:
> >>> On 5/20/2015 12:24 PM, Pedro Giffuni wrote:
> >>>> My claim is that the majority of "professional" breachers and
> >>>> governments already have ASLR workarounds pre-coded and ready
> >>>> to launch. Finding an exploit is more difficult than beating
> >>>> ASLR so they are not going to hint everyone that they have
> >>>> an exploit until they can take all the linux/windows/MacOSX
> >>>> at the same time.
> >>>>
> >>>> The cost for the NSA and/or anonymous to step on
> >>>> ASLR is zero.
> >> Correct. But who are we really protecting against? If it's the NSA only air
> >> gap will really do.  In reality it's just a matter of making the cost of
> >> circumventing protections exceed the value of the data or items being
> >> protected. Locking one's doors and windows doesn't make one's house
> >> impenetrable by any stretch, but it does deter opportunistic passerby.
> >>
> >> Protecting against state overreach is a political matter and shouldn't
> >> factor into whether to invest in deterring lesser malfeasors.
> >>
> >> I'm sorry, but Bryan has it right. The political discussion is a side show.
> >>
> >
> > +1, also having a line item is good.  Not having ASLR just makes 
> > FreeBSD look derp.
> >
> 
> And of course I am in the minority that thinks that just because
> everybody else (or at least the OSs that matter)  has done it
> doesn't necessarily make it a great idea. This will be my last email
> on the subject and I'll stop whining ... promise.

Good. I'd rather focus on code rather than pointless politics.

> 
> > DragonFly BSD has an implementation of ASLR based upon OpenBSD's 
> > model, added in 2010.[
> > Microsoft's Windows Vista (released January 2007) and later have ASLR 
> > enabled
> > In 2003, OpenBSD became the first mainstream operating system to 
> > support partial ASLR
> > In Mac OS X Leopard 10.5 (released October 2007), Apple introduced 
> > randomization for system libraries
> >
> > Linux has enabled a weak form of ASLR by default since kernel version 
> > 2.6.12 (released June 2005).
> >
> > So basically 1 more week and we can be 10 years behind Linux. :)
> >
> 
> Happy birthday ASLR? ;) Somehow it hasn't been terribly useful in 10 years,
> and we haven't really missed it, unless there's something I am unaware of
> that the security advisories didn't mention.
> 
> If it comes to adopt things because we have to follow the herd,
> that I guess I prefer the Dragonfly BSD approach:
> 
> - It is a very simple, to-the-point patch.

Our patch is more complex due to per-jail support and the various
weaknesses FreeBSD wanted us to add. HardenedBSD's implementation does
not contain those weaknesses.

> - It is off by default (NetBSD too?) but very
>   easy to setup with through a sysctl.

Our patch is disabled by default in the GENERIC kernel.

> - Given both points above it is very easy
> to revert once the marketing hype foo dies.

I hope security-related patches that have proven stable and
well-performing never get reverted.

> 
> Again just my uneducated opinion, and I won't
> spend time on the "quick" approach either.
> 
> regards,
> 
> Pedro.
> 
> _______________________________________________
> freebsd-arch at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-arch
> To unsubscribe, send any mail to "freebsd-arch-unsubscribe at freebsd.org"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://lists.freebsd.org/pipermail/freebsd-arch/attachments/20150527/72949306/attachment.sig>

More information about the freebsd-arch mailing list