ASLR support on FreeBSD 13.0-RELEASE-p11

[Chaitra P B]

Hi,
We have added below changes in 'sysctl.conf' to get ASLR enabled on FreeBSD 13.0-RELEASE-p11.

#Enable ASLR
kern.elf32.aslr.enable=1
kern.elf32.aslr.pie_enable=1
kern.elf64.aslr.enable=1
kern.elf64.aslr.pie_enable=1

Also after above changes, we can see below sysctl output for ASLR

#sysctl -a | grep aslr
kern.elf32.aslr.stack_gap: 3
kern.elf32.aslr.honor_sbrk: 1
kern.elf32.aslr.pie_enable: 1
kern.elf32.aslr.enable: 1
kern.elf64.aslr.stack_gap: 3
kern.elf64.aslr.honor_sbrk: 1
kern.elf64.aslr.pie_enable: 1
kern.elf64.aslr.enable: 1
vm.aslr_restarts: 11744

We are using dASLR tool, https://wwwin-github.cisco.com/Trust/daslr to confirm the Randomization. Among the reported test result I'm seeing FAIL for 'THREAD STACKS'(Diagnostic test). Does Randomization supported for 'THREAD STACKS' on FreeBSD 13.0-RELEASE-p11 or is there any latest patch to address this ?

Diagnostic test: Result of executing a standalone binary whose sole function is to output the addresses of its program segments.Different memory segments are examined during this as given.
By default it runs 25 times.
#Diagnostic Check:/root/chaitra/bin-x86_64/daslr_diag    25    Runs    FAIL
Stack PASS Entrpy = 20 bits
Heap PASS Entrpy = 34 bits
Bss PASS Entrpy = 24 bits
Data PASS Entrpy = 24 bits
Text PASS Entrpy = 24 bits
Thread Stacks FAIL Entrpy = 0 bits
Anon Map PASS Entrpy = 34 bits

 

[SirDice]

Keep in mind that 13.0 will be EoL very soon (end of this month). It's possible this has already been fixed in 13.1, so I would suggest trying that first. Even if it was a bug in 13.0 it just won't get fixed anymore due to the impending EoL.