[RFC] Enable nxstack by default
kostikbel at gmail.com
Wed Nov 16 09:07:42 UTC 2011
On Wed, Nov 16, 2011 at 01:09:18AM +0100, Oliver Pinter wrote:
> On 11/15/11, Jeremie Le Hen <jeremie at le-hen.org> wrote:
> > Hi,
> > On Wed, Oct 19, 2011 at 12:37:44AM +0200, Oliver Pinter wrote:
> >> In NetBSD has been some PaX feature  implemented. (ASLR, W^X
> >> (~nxstack), mprotect restriction, veriexec, mmap randomization...)
> >>  http://pax.grsecurity.net/docs/index.html
> >>  http://www.netbsd.org/~elad/recent/man/security.8.html
> >>  http://people.freebsd.org/~ssouhlal/testing/stackgap-20050527.diff
> > Suleiman actually wrought two patches, one randomizing the stack (the
> > one you pointed out) and another one randomizing non-fixed mmap(2)
> > calls:
> > http://people.freebsd.org/~ssouhlal/testing/mmap_random-20050528.diff
> > FYI, they do not apply cleanly on recent source trees (the patches were
> > made in 2005), but they can be applied with little fiddling. I'm
> > running multiple 8.x production machines with them without any problem.
> Yeah, I use thins patch in 7-STABLE and 9-STABLE too.
> Patch for 9-STABLE has attached.
One immediate issue, which is definitely not critical, is that the size
of the stack of main thread becomes chopped by the random amount of
bytes. This is not an issue for single-threaded process, because typical
default stack size is around 64M. For the threaded process, libthr cuts
the stack, see thr_init.c:init_main_thread(). There, the size of the
stack is 2 or 4MB, and 64KB might be more significant part of it.
Missed bit from the patch is some randomization at the load address
for the PIE (which is the main feature of ASLR, I suspect). See
imgact_elf.c:exec(), et_dyn_addr calculation.
Another missed bit is the similar modification for
The upper limit for the random offset for mmap() should be configurable
in the same way as stack gap, instead of the dump enable/disable knob.
There are numerous style violations in the patch, or rather, the patch
fully violates the style.
> > I've always wanted them to be committed as opt-in knobs, but I can't
> > remember why they hadn't at the time.
> > Cheers,
> > --
> > Jeremie Le Hen
> > Men are born free and equal. Later on, they're on their own.
> > Jean Yanne
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20111116/a60c9c16/attachment.pgp
More information about the freebsd-current