No ASLR upstreaming?

H

hans1024

Hi, so the HardenedBSD has an ASLR implementation. Is anybody still trying to get it upstreamed into FreeBSD?

There is a phabricator review https://reviews.freebsd.org/D473 that has been closed a month ago with the following message from Shawn Webb: "Closing this revision. FreeBSD is free to pull from HardenedBSD."
So, does this mean he's just going to invest his time into HardenedBSD and gave up on pushing the patches to FreeBSD?
 
Your first message on these boards and I have to wonder why are you even asking such thing here. Why don't you ask Mr. Shawn Webb yourself directly what he means with that commit message?
 
The patch has been under review for quite a long time, with several devlopers pointing out problems and HardenedBSD devs fixing them. This is the last review they uploaded was also abandoned https://reviews.freebsd.org/D3565 . It seems to have something to do with the fact that it's been in review for so long and FreeBSD devs weren't happy about the way it was implemented. You should probably ask HardenedBSD devs what happened, though, perhaps there are other problems.

I wish this could have been reviewed and pushed in time for 11, but it looks like it won't make it to FreeBSD in the near future.
 
Last edited by a moderator:
Answer perfectly fits for topic "FreeBSD is susceptible to common exploits".

Question - why most FreeBSD developers see no problem here? incompetence ( hardly... ) or just shut up and work, boss knows better, case?
 
So I asked on https://groups.google.com/a/hardenedbsd.org/forum/ and this is Shawn Webb's answer:
We haven't given up, but we're focusing our time on HardenedBSD itself.
While we focus on HardenedBSD, we encourage FreeBSD to take an interest
in our enhancements and hopefully pull from HardenedBSD.

There has been a tremendous effort in getting ASLR upstreamed over more
than two years. We would supply a patch, a few FreeBSD developers would
review it and make note of a few things we need to improve, we'd make
those improvements and submit a new patch.

Recently, a couple people on Twitter have claimed that HardenedBSD
doesn't listen to FreeBSD developers in our development efforts. The
long history shown on FreeBSD's code review system proves otherwise.
We've catered a lot to FreeBSD. There's over two years of comments and
revision changes you can sift through.

We've received substantial help from FreeBSD committers in making our
ASLR implementation better. However, for at least four months, certain
people who have agreed to take charge of reviewing our work in
preparation for upstreaming have not done so. FreeBSD's silence speaks
rather loudly.

Certain FreeBSD committers and certain well-respected members of the
FreeBSD community seem to think ASLR is useless due to ROP. Though ASLR
can be defeated in certain circumstances, it definitely helps and
provides a great foundation on which to base further exploit mitigation
development. This has been proven in the real world time and time again.

Pair ASLR with SEGVGUARD and you have a great start for further exploit
mitigation technologies. Pipacs claims his RAP work will stop ROP
gadgets. I have high hopes for RAP and am excited for it to be proven by
time just like any good security measure.

I have a lot of respect for FreeBSD and its community. Because of
FreeBSD, I enjoy the career that I have. I cherish the relationships
built because of the generosity of the FreeBSD community as a whole.

We may revisit upstreaming our changes at a later date, but right now
we're going to focus on making HardenedBSD as awesome as it's destined
to be.
Click to expand...

Especially interesting bits are:
However, for at least four months, certain
people who have agreed to take charge of reviewing our work in
preparation for upstreaming have not done so.
Click to expand...
Certain FreeBSD committers and certain well-respected members of the
FreeBSD community seem to think ASLR is useless due to ROP.
Click to expand...
It looks like there are some problems on the FreeBSD side.

-----------------------------------------------------------------------------------------

Beastie7 said:
There are alternatives the project is considering also; like SafeStack. Which is built into the Clang compiler.
Click to expand...
SafeStack is definitely not a substitute for ASLR. It looks like SafeStack is more similar to stack cannaries (-fstack-protector). If i understand SafeStack correctly, it protects the return adresses better than cannaries, but overwriting return adresses is not the only way to hijack control flow.
 
Thank you hans1024 for insight. Less speculation on important things and more disappointment with FreeBSD "bosses". I wish Matthew Dillon and DragonFly BSD all the best.
 
CoTones said:
Thank you hans1024 for insight. Less speculation on important things and more disappointment with FreeBSD "bosses". I wish Matthew Dillon and DragonFly BSD all the best.
Click to expand...

DragonflyBSD doesn't have ASLR either iirc. Its a pity they (FreeBSD) aren't taking this more seriously, but in the meantime there is OpenBSD.
 
Not only OpenBSD but also NetBSD, OS X, iOS, Solaris, Linux, Android, Windows...

"DragonFly BSD has an implementation of ASLR based upon OpenBSD's model, added in 2010. It is off by default, and can be enabled by setting the sysctl vm.randomize_mmap to 1."
 
CoTones said:
Not only OpenBSD but also NetBSD, OS X, iOS, Solaris, Linux, Android, Windows...

"DragonFly BSD has an implementation of ASLR based upon OpenBSD's model, added in 2010. It is off by default, and can be enabled by setting the sysctl vm.randomize_mmap to 1."
Click to expand...

Wow. Thanks for this.
 
CoTones said:
Not only OpenBSD but also NetBSD, OS X, iOS, Solaris, Linux, Android, Windows...

"DragonFly BSD has an implementation of ASLR based upon OpenBSD's model, added in 2010. It is off by default, and can be enabled by setting the sysctl vm.randomize_mmap to 1."
Click to expand...
Linux's implementation of ASLR is actually known to be quite weak, grsecurity patch greatles enhances it to be equal to OpenBSD's implementation.
 
FreeBSD community seem to think ASLR is useless due to ROP.
Click to expand...
I doubt that. I doubt anybody in core team at FreeBSD thinks that. Sure (S)ROP can help, but many times knowing where you can jump is just _easy way out.
 
I agree with getopt, but it seems its been blocked for political reasons :(

I have actually migrated a few machines to hardenedbsd.

The only performance loss of any significance I have seen is down to the clang compiler, for some reason clang compiled binaries are slower (this is on FreeBSD and hardenedbsd), ASLR itself is having no meaningful impact on my machines.

I have only migrated personal machines tho not client's.
 
From the register.co.uk, June 19, 2017 "That's Random" article:

OpenBSD has a new security feature designed to harden it against kernel-level buffer overruns, the "KARL" (kernel address randomised link).
Click to expand...

Wonder if this is interesting for FreeBSD?
 
You must log in or register to reply here.
Back
Top