We haven't given up, but we're focusing our time on HardenedBSD itself.
While we focus on HardenedBSD, we encourage FreeBSD to take an interest
in our enhancements and hopefully pull from HardenedBSD.
There has been a tremendous effort in getting ASLR upstreamed over more
than two years. We would supply a patch, a few FreeBSD developers would
review it and make note of a few things we need to improve, we'd make
those improvements and submit a new patch.
Recently, a couple people on Twitter have claimed that HardenedBSD
doesn't listen to FreeBSD developers in our development efforts. The
long history shown on FreeBSD's code review system proves otherwise.
We've catered a lot to FreeBSD. There's over two years of comments and
revision changes you can sift through.
We've received substantial help from FreeBSD committers in making our
ASLR implementation better. However, for at least four months, certain
people who have agreed to take charge of reviewing our work in
preparation for upstreaming have not done so. FreeBSD's silence speaks
rather loudly.
Certain FreeBSD committers and certain well-respected members of the
FreeBSD community seem to think ASLR is useless due to ROP. Though ASLR
can be defeated in certain circumstances, it definitely helps and
provides a great foundation on which to base further exploit mitigation
development. This has been proven in the real world time and time again.
Pair ASLR with SEGVGUARD and you have a great start for further exploit
mitigation technologies. Pipacs claims his RAP work will stop ROP
gadgets. I have high hopes for RAP and am excited for it to be proven by
time just like any good security measure.
I have a lot of respect for FreeBSD and its community. Because of
FreeBSD, I enjoy the career that I have. I cherish the relationships
built because of the generosity of the FreeBSD community as a whole.
We may revisit upstreaming our changes at a later date, but right now
we're going to focus on making HardenedBSD as awesome as it's destined
to be.