question about new FreeBSD13 or 14

[Raffeale]

is there NX bit control in new freebsd?
could the heap code be executed?
could the stack code be executed?

 

[mark_j]

Yes, since, at a guess FreeBSD 6+.
See also D14282
You best point inquiries to the FreeBSD arch mailing list.

 

[Raffeale]

whether the code in stack can be run or in heap?

 

[Raffeale]

for example :
some program injection opcode into stack and jump into code location in stack . can it do that ?

 

[mark_j]

Why do you want to know this stuff?

Regardless, the nx bit is old news. With nx set you can't execute non-executable pages, period. You can't set EIP to ESP+ some offset address and run your exploit; it will hardware except. I think Windows called it "the blue screen of death"?
Even the ELF format has protection for this. See rtld(1).
There are various other tools like mprotect(2) and even capsicum(4). I think aslr is being released in freebsd-13, but then again I think it was being hyped up at 12R, so I wouldn't hold my breath on that.
But again, why do you want to know? Context is everything.

Like I said, if you want a detailed/definitive explanation, post a question to freebsd-arch mailing list. They will surely ask you what your motivation is....

 

[Raffeale]

thanks for your answer. my motivation is I want to know the whether it is safe when some internet programs has bug in new freebsd 13 or 14. when nx bit is enabled, any jump to esp will cause segment fault right ?

 

[Raffeale]

recently I got a lot xorg segment fault , when I use lldb to debug xorg core dump ,I found there is that the one of frames is a stack pointer in the backtrace history. I don't know how this is happend, the xorg has not been stabled since upgrading to new and upgrade mesa-dri , I suspect that maybe the mesa-dri or xorg driver has some bug

 

[mark_j]

thanks for your answer. my motivation is I want to know the whether it is safe when some internet programs has bug in new freebsd 13 or 14. when nx bit is enabled, any jump to esp will cause segment fault right ?

Yes.

 

[mark_j]

recently I got a lot xorg segment fault , when I use lldb to debug xorg core dump ,I found there is that the one of frames is a stack pointer in the backtrace history. I don't know how this is happend, the xorg has not been stabled since upgrading to new and upgrade mesa-dri , I suspect that maybe the mesa-dri or xorg driver has some bug

I have no idea. You sure it was not a frame pointer?
Also, I'm not a fan of lldb, because it was sub-par in 12. I've stuck with gdb (devil you know and all that).
So, I would try the debug using gdb and see. If it still shows it, then report this to port maintainers & freebsd kernel devs.
You'll need hard evidence, though, so it can be tracked.
The fact you got a sigsegv means the system is working, no?

 

[Raffeale]

yes,the system is working,so it is not kernel modules problem,the xorg core dump and i drop into shell,i will try gdb with it.thanks you for your help

 

[ralphbsz]

Why do you want to know this stuff?

That is a very good question.

They will surely ask you what your motivation is....

I think that the OP needs to authenticate and explain their credentials. Not to me (I don't care, I'm not going to give people security-relevant information, since I don't understand this kind of thing well enough), but to others.