HEADS-UP: PIE enabled by default on main

Konstantin Belousov kostikbel at gmail.com
Sun Feb 28 18:02:37 UTC 2021


On Sat, Feb 27, 2021 at 08:34:11PM -0800, Ihor Antonov wrote:
> > 
> > But isn't it well-known that ASLR/ASR/any-related-buzzwork does not add
> > any security, except imaginary?  The only purpose of it is to have a
> > check-list item ticked green.
> 
> I don't know if I should parse this as sarcasm (or any other form of
> "humor") or is a serious statement? But this does leave me with a whole
> bunch of questions..
> 
> If this is really how Konstantin is describing it then is it OK to say
> about this to the whole Internet? Why FreeBSD Foundation is paying for
> meaningless work then? Why members of the Core team do this work?  Does
> this mean that FreeBSD is working to satisfy the silly needs of some fat
> customer? What about project independence and not being controlled by
> big money?
What fat customer?
Other than that (and tone, of course), you formulate right the core of
the issue.  ASLR is useless as a stop-gap measure, exploits work around
it with full success since XP SP3, but the myth about its importance
is so widely circulating that we have to spend a lot of efforts first
developing the feature, and then similar amount of efforts to productize
it.  The later means to make it available to general public without
introducing a breakage.

We tried to do as you said, not implement but explain, you see the attempts
to list research papers below the thread.  It does not work.  This is the
case where security theater wins.

In fact, switch to PIE itself is somewhat useful. For instance,
- rtld direct execution mode benefits from it
- kernel image activator might optimize/compact address space
- emulation tools like valgrind have more freedom loading the image as well,
- static linkers can do some optimizations only possible for DSO-like and
  not binary
and so on. But I would never call it a 'huge security advance'.

> 
> Where can I read about ASLR and security myths? 
> Why not spend time and explain why this does not work?
Because spending time explaining why it does not work does not work.
People read check-lists and not explanations, esp. if check-lists are
provided by somebody not interested in explanation, but to pursue a
red/green line in the check-list.

And I do not even start on the quality of the 'alternative' implementations.

> 
> 
> > You clearly should mean something useful and much more important than that,
> > when stating that FreeBSD made a huge step forward.  So I want to be aware
> > of the advance.
> 
> Why attack a person who was really happy for the project?
> This DOES sound a agressive, even for a sarcastic joke..
> I am saying this someone who shares the same native language with Mr. Belousov,
> it is not a "language/culture" difference thing.
I do not see how supposed sharing of native language with me makes it
legitimate to express your emotions as mine statements.

> 
> -----
> just your regular user who reads mailing list ocassionally
> _______________________________________________
> freebsd-current at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "freebsd-current-unsubscribe at freebsd.org"


More information about the freebsd-current mailing list