(Responding inline)
On Wed, Mar 09, 2016 at 04:05:12PM +0000, Big Lebowski
wrote:> Hi Piotr,
>
> There are people who can probably answer it better, but until they do, I
> can share what I've heard about it: on the FreeBSD side there are few
> things that stop ASLR implementation:
>
> - there's no actual agreement between the influencial developers on
wether
> ASLR is viable or needed in first place
Some FreeBSD developers think ASLR would be a good addition and others
don't. We at HardenedBSD believe that ASLR provides a great foundation
for further exploit mitigation technologies. We don't hold the belief
that ASLR is the "end-all-be-all" of security as some would like you
to
believe.
> - there was no planning or discussion how to implement ALSR in FreeBSD,
> Shawn simply started writing the code, and some developers would like to
> discuss and plan things first
Discussions took place over a period of over two years. I was very
cooperative. If you take a look at the two reviews on FreeBSD's
Phabricator instance (linked to below), you'll notice that there's a lot
of back-and-forth discussion.
> - there are doubts expressed in the code reviews about code quality and
> compliance to FreeBSD standards. Some developers dedicated their time to
> review the code and provide feedback, there were few cycles of rewrite,
> review, rinse, repeat, but if you'd look into the reviews, Shawn closed
> them, and I understand they'd only be considered for inclusion if
they'd
> meet the code quality standards expected
Initial patches did not meet code quality standards. However, those
style(9) violations were fixed early on.
Even though the patches on Phabricator are closed, they can still be
looked at for independent review. However, the code is now old and does
not reflect the current implementation in HardenedBSD.
We closed the reviews so that we could focus on making HardenedBSD
great, not because of the lack of code quality.
I'm not sure whether the patches would be considered for inclusion.
That's up to FreeBSD to decide. Given that the last patch went months
without any input from FreeBSD--input that was promised to be delivered.
>
> As a side note, one person saying 'ASLR implementation is finished'
and
> proper ASLR implementation that's properly tested, functional and not
in
> fact opening other security issues are two vastly different things, that
> should be approached very carefully.
Does "being tested over the period of three or so years through many
full package builds, production deployments, and dogfooding" not mean
"properly tested?" What does "properly tested" mean to you?
The developers at HardenedBSD make it a point to run HardenedBSD on all
their hardware--even laptops.
HardenedBSD has been available for over two years, so it can be tested
by anyone who downloads it and runs tests themselves. If there's a test
you'd like me to run, please let me know.
Thanks,
Shawn
Original Phabricator review: https://reviews.freebsd.org/D473 (warning:
huge load time since this review spans around two years).
New Phabricator review for a smaller prereq patch:
https://reviews.freebsd.org/D3565
Thanks,
Shawn
>
> Cheers,
> BL
>
> On Wed, Mar 9, 2016 at 2:05 PM, Piotr Kubaj <pkubaj at anongoth.pl>
wrote:
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA256
> >
> > Shawn Webb has recently announced that ASLR is complete on
HardenedBSD.
> > There are patches ready for FreeBSD to use and it's ready to be
shipped
> > in FreeBSD. However, for some reason FreeBSD developers do not want to
> > ship ASLR in FreeBSD. Why can't it be included at least as
non-default
> > src.conf option and marked as experimental?
> >
> > FreeBSD is the only OS that matters that doesn't have ASLR.
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v2
> >
> > iQIcBAEBCAAGBQJW4C2QAAoJEHpZm4Ugg5yd2MoQAMPZ+UxbpTo9YvJz6YYB8wtH
> > tRw3jQMUb4K6s26IO1mp/K6p+DM+HXcVvamO2cxjRKseQy/oLBGizgfR1ktBqdXQ
> > xuqQJc5BCSdKgTsBs0IvNQghvUQkEyvYi+wn9EY9qJh6oEguAkcAWUhl5rGN2FhM
> > Gwf9VDoPAR+n9Pjl6brcqyQvWczfDx9+VFpF0joeiI5PRRMF1UUsTYM/OHvtVoQA
> > n1f8qNppIdprjwUjWE/BX6POaDhs4ZZKJRaFmbCuYudDPpX7P1yj7CHz/xthjMYG
> > 325NnCJpN81fwCmcgvDFU3BYkEC9JSkBoA+5oDdRU3MALsJNQ10rz+IhAaeAsCMb
> > oz7Oy0Gykeic60NLuMZlhOfl79XW666T1B9wOWlkrAlBPCY6v2kz6t/oJbHHGQOf
> > CCBuhQJCdzdqyTnv0Bx4ZXiiecwhjvxaAPCwgppnxf2qLuBgxr9BsswMVp7wgYfM
> > 2sfxk0pS0RuV5M2qWN9UATOyOiO5aPsC4f+WUzUM0LC6MbuHVDJu3QaUo7F3b3Ic
> > KX150B3gWtsGlZZs8N9mIM3Aj/O5E496JHEf6zmlz6ssLuE6gIO8ICqpFSaXzkJC
> > IWzgIVdL88gK6niVg7KCOAuzVZ1sxcx7cBCtGzAhVy9RhYKqwAtN9T2YOBC75cQW
> > OdRGf2V3trcK664nKgEA
> > =lM/6
> > -----END PGP SIGNATURE-----
> > _______________________________________________
> > freebsd-security at freebsd.org mailing list
> > https://lists.freebsd.org/mailman/listinfo/freebsd-security
> > To unsubscribe, send any mail to "freebsd-security-unsubscribe at
freebsd.org
> > "
> >
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe at
freebsd.org"
--
Shawn Webb
HardenedBSD
GPG Key ID: 0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL:
<http://lists.freebsd.org/pipermail/freebsd-security/attachments/20160309/02920515/attachment.sig>