Page MenuHomeFreeBSD
Feed Advanced Search

Mar 22 2016

lattera-gmail.com added a comment to D3001: Activate relro and bindnow in build system.

We've been running with a modified version of this patch in HardenedBSD for a while now. It only applies to base and not ports, though we have some ports opting into RELRO + BIND_NOW. Would this be something that could be committed? Or are there still objections?

Mar 22 2016, 12:31 AM
lattera-gmail.com added a watcher for secteam: lattera-gmail.com.
Mar 22 2016, 12:22 AM
lattera-gmail.com added a watcher for security: lattera-gmail.com.
Mar 22 2016, 12:22 AM

Mar 11 2016

lattera-gmail.com updated subscribers of D5603: ASLR.
Mar 11 2016, 2:55 AM

Mar 10 2016

lattera-gmail.com added inline comments to D5603: ASLR.
Mar 10 2016, 11:26 PM
lattera-gmail.com added inline comments to D5603: ASLR.
Mar 10 2016, 8:22 PM
lattera-gmail.com added inline comments to D5603: ASLR.
Mar 10 2016, 8:20 PM
lattera-gmail.com added inline comments to D5603: ASLR.
Mar 10 2016, 5:04 PM
lattera-gmail.com added a comment to D5603: ASLR.

Things that are missing from this patch to make this ASLR implementation complete:

Mar 10 2016, 4:50 PM
lattera-gmail.com added inline comments to D5603: ASLR.
Mar 10 2016, 4:46 PM

Feb 23 2016

lattera-gmail.com added a comment to D5411: Try to create the debug directory if it does not exist..

This has been tested successfully by a HardenedBSD user.

Feb 23 2016, 6:33 PM

Jan 20 2016

lattera-gmail.com added a comment to D4960: Make bsdinstall/zfsboot support the new UEFI boot loader.

You can add me to the list of people who have tested it. This works fine for me.

Jan 20 2016, 12:17 AM

Dec 19 2015

lattera-gmail.com abandoned D473: Base ASLR.

Closing this revision. FreeBSD is free to pull from HardenedBSD.

Dec 19 2015, 6:49 PM
lattera-gmail.com abandoned D3565: Per-Process PS_STRINGS, USRSTACK, shared_object_base, and sigcode_base.

Closing this revision. FreeBSD is free to pull from HardenedBSD.

Dec 19 2015, 6:49 PM · HardenedBSD

Oct 31 2015

lattera-gmail.com updated the diff for D3565: Per-Process PS_STRINGS, USRSTACK, shared_object_base, and sigcode_base.

This update brings the patch current with latest FreeBSD HEAD. No other changes.

Oct 31 2015, 5:37 PM · HardenedBSD

Sep 27 2015

lattera-gmail.com added a comment to D3001: Activate relro and bindnow in build system.
In D3001#77165, @pfg wrote:

I don't like this approach:

  • First of all we don't want bindnow because it has many issues, it may be set conditionally but for now we can avoid it altogether.
Sep 27 2015, 4:16 PM

Sep 8 2015

lattera-gmail.com added a comment to D3565: Per-Process PS_STRINGS, USRSTACK, shared_object_base, and sigcode_base.
In D3565#74326, @kib wrote:

Anything like this patch can only be considered if your 'aslr' implementation is ever found acceptable. Until it is not, the patch only adds bloat.

That said, and being whatever trivial, the patch has technical issues. The first and most obvious one is the fact that struct proc is the wrong location for the data you put into it. I argue that the locations of objects in the user address space is the property of the vmspace and not the process.

Second issue is less trivial. Right now, the data which you moved is located in the static (as in, not changing) struct sysentvec. In other words, after you have dereferenced sv = p->p_sysent, you know that you have a pointer to the stable and _consistent_ set of values like address of psstrings, address of signal trampoline, base of the shared page etc. With your patch, this property is lost. Now, you must guarantee that the operations which modify the user address space layout, like execve(), do not happen in parallel. I did not inspected your patch closely for the issue, but neither did you.

And, of course, the patch changes the ABI by making e.g. psstrings/sigtrampoline process-private, instead of all ABI-sharing processes sharing the psstrings/sigtramp value. I am certain that this e.g. breaks core dump analysis due to signal trampoline address change.

Sep 8 2015, 10:02 PM · HardenedBSD

Sep 7 2015

lattera-gmail.com updated subscribers of D3565: Per-Process PS_STRINGS, USRSTACK, shared_object_base, and sigcode_base.
Sep 7 2015, 8:45 PM · HardenedBSD

Sep 4 2015

lattera-gmail.com retitled D3565: Per-Process PS_STRINGS, USRSTACK, shared_object_base, and sigcode_base from to Per-Process PS_STRINGS, USRSTACK, shared_object_base, and sigcode_base.
Sep 4 2015, 12:05 AM · HardenedBSD

Aug 28 2015

lattera-gmail.com added a comment to D3001: Activate relro and bindnow in build system.
In D3001#72044, @pfg wrote:

Just an opinion ...
Going for the "partial" relro (without bindnow) seems like an obvious win.

Aug 28 2015, 3:06 PM

Aug 5 2015

lattera-gmail.com added a comment to D473: Base ASLR.

New update: I've found an issue with stack randomization on ARM64. We're working on fixing it right now. You can track the bug here: https://github.com/HardenedBSD/hardenedBSD/issues/154

Aug 5 2015, 6:40 PM

Jul 28 2015

lattera-gmail.com added a comment to D473: Base ASLR.
In D473#64973, @rwatson wrote:
In D473#59442, @rwatson wrote:

That seems a sensible strategy.

Any luck?

Jul 28 2015, 1:45 PM

Jul 7 2015

lattera-gmail.com added a comment to D473: Base ASLR.
In D473#59409, @rwatson wrote:

Hi Shawn. Hope you are feeling better post-travel. Just wanted to check on the status of this patch -- will there be an updated version fixing the credential transition issue soon?

Jul 7 2015, 8:45 PM

Jun 25 2015

lattera-gmail.com added a member for HardenedBSD: lattera-gmail.com.
Jun 25 2015, 11:39 AM

Jun 14 2015

lattera-gmail.com added a comment to D473: Base ASLR.

Hey Robert,

Jun 14 2015, 9:23 PM

Jun 6 2015

lattera-gmail.com added a comment to D473: Base ASLR.

I'm going to try to get some help with the credential changing stuff. That's an area that I'm not well versed in. If you have time to suggest how the credential change detection logic should like in code, I'd be happy to make that change. Ideally, we'd want all places that check for credential changing to be switched to that, but I'm not sure that's the job of an ASLR patch.

Jun 6 2015, 8:32 PM
lattera-gmail.com added a comment to D473: Base ASLR.

Thank you for taking the time to review our patch. I'll work to address your comments while I'm at BSDCan.

Jun 6 2015, 8:17 PM

May 12 2015

lattera-gmail.com added a comment to D473: Base ASLR.

Are there any updates since I last updated the patch nearly a month ago?

May 12 2015, 2:17 PM

Apr 16 2015

lattera-gmail.com updated the diff for D473: Base ASLR.

This update fixes all the concerns Robert Watson brought up, with a few outstanding fixes that need to be addressed by Robert Watson (due to my comments the last 24 hours). If I have missed anything, please let me know and I'd be happy to take a look ASAP.

Apr 16 2015, 8:08 AM
lattera-gmail.com added inline comments to D473: Base ASLR.
Apr 16 2015, 7:55 AM

Apr 15 2015

lattera-gmail.com added inline comments to D473: Base ASLR.
Apr 15 2015, 10:21 PM
lattera-gmail.com added inline comments to D473: Base ASLR.
Apr 15 2015, 7:28 PM

Mar 31 2015

lattera-gmail.com added a comment to D473: Base ASLR.

Just a little update. I worked on a new patch over the weekend and am almost ready with a new patch. I need to research how to create SDT probes and a few other tasks. I'm hoping to have an updated patch this weekend.

Mar 31 2015, 1:51 PM

Mar 27 2015

lattera-gmail.com added a comment to D473: Base ASLR.

Thanks for your thorough review! I hope to take a look at this over the weekend. I hope to have a new patch that addresses your concerns on Monday.

Mar 27 2015, 8:34 PM

Mar 22 2015

lattera-gmail.com added inline comments to D473: Base ASLR.
Mar 22 2015, 9:33 PM

Mar 21 2015

lattera-gmail.com updated the diff for D473: Base ASLR.

This update fixes the #endif typo and the rest of the concerns Warner Losh has. I decided not to remove the pax_aslr_init_prison and pax_aslr_init_prison32 macros since we have more features planned that will make use of it, as Oliver pointed out.

Mar 21 2015, 2:56 PM

Mar 20 2015

lattera-gmail.com added inline comments to D473: Base ASLR.
Mar 20 2015, 7:07 PM
lattera-gmail.com updated the diff for D473: Base ASLR.

This updated patch fully addresses Ed Maste's and Robert Watson's concerns.

Mar 20 2015, 7:03 PM
lattera-gmail.com added inline comments to D473: Base ASLR.
Mar 20 2015, 4:37 PM

Mar 19 2015

lattera-gmail.com added a comment to D473: Base ASLR.

Whoops, sorry, looked at the wrong update. But the question still remains: what's preventing this from being committed?

Mar 19 2015, 6:48 PM
lattera-gmail.com added a comment to D473: Base ASLR.

It has been well over a month since this patch was updated to address all remaining concerns. Can this be committed?

Mar 19 2015, 6:47 PM

Mar 1 2015

lattera-gmail.com updated the diff for D473: Base ASLR.

Due to prison0_init being created upstream, our patch as it stood would have created a merge conflict. This update simply fixes that to make FreeBSD's job easier in importing our ASLR work.

Mar 1 2015, 8:00 PM

Feb 21 2015

lattera-gmail.com updated the diff for D473: Base ASLR.

Lots of manpage updates to resolve rwatson@'s and gjb@'s concerns.

Feb 21 2015, 3:43 PM

Feb 1 2015

lattera-gmail.com updated the diff for D473: Base ASLR.

This update adds additional backported code.

Feb 1 2015, 12:17 AM

Jan 31 2015

lattera-gmail.com added a comment to D473: Base ASLR.
In D473#66, @rwatson wrote:

A few comments on the man page; I've not yet had a chance to look at the full contents of the patch.

Jan 31 2015, 6:31 PM
lattera-gmail.com updated the diff for D473: Base ASLR.

This update addresses Robert Watson's concerns, improves stability, and increases the maximum bits that can can be set with the tunables.

Jan 31 2015, 5:31 PM

Nov 3 2014

lattera-gmail.com added inline comments to D473: Base ASLR.
Nov 3 2014, 7:53 PM
lattera-gmail.com updated the diff for D473: Base ASLR.

Clean up some code.

Nov 3 2014, 4:56 PM
lattera-gmail.com added inline comments to D473: Base ASLR.
Nov 3 2014, 4:19 PM

Nov 2 2014

lattera-gmail.com updated the diff for D473: Base ASLR.

New patch to address mjg's concerns.

Nov 2 2014, 5:17 PM

Sep 29 2014

lattera-gmail.com updated the diff for D473: Base ASLR.

Fixed typos.

Sep 29 2014, 11:27 AM
lattera-gmail.com added inline comments to D473: Base ASLR.
Sep 29 2014, 10:45 AM
lattera-gmail.com updated the diff for D473: Base ASLR.

Thanks to Ilya Bakulin, ASLR is now fully functional and bug-free on ARM!

Sep 29 2014, 10:11 AM

Sep 28 2014

lattera-gmail.com updated the diff for D473: Base ASLR.

Add extra security parameters around executing processes when ASLR has been disabled via ptrace. Only allow disabling ASLR via ptrace if securelevel <= 0.

Sep 28 2014, 11:59 PM

Sep 26 2014

lattera-gmail.com updated the diff for D473: Base ASLR.

Add extra debugger functionality Ed Maste (emaste@) requested. New PTrace request: PT_PAX. Pass in PAX_NOTE_NOASLR to the data argument to ptrace(PT_PAX) after forking and before calling execve() to disable ASLR for to-be-debugged applications.

Sep 26 2014, 2:31 PM
lattera-gmail.com updated the diff for D473: Base ASLR.

No technical change. Full context patch.

Sep 26 2014, 9:29 AM

Sep 25 2014

lattera-gmail.com updated the diff for D473: Base ASLR.

Remove unneeded change to sys/kern/kern_sig.c

Sep 25 2014, 3:03 PM
lattera-gmail.com updated the diff for D473: Base ASLR.

Style and performance changes made by Oliver Pinter.

Sep 25 2014, 2:25 PM

Sep 5 2014

lattera-gmail.com updated the diff for D473: Base ASLR.

Make style changes requested by Robert Watson.

Sep 5 2014, 8:08 AM

Aug 16 2014

lattera-gmail.com updated the diff for D473: Base ASLR.

Cleaned up a lot of code. Removed extra logging functionality. Fixed a few bugs and typos. Removed the ugly MAP_32BIT hack. Implemented more suggestions based on private and public comments.

Aug 16 2014, 12:58 AM

Jul 24 2014

lattera-gmail.com updated the diff for D473: Base ASLR.

This patch implements the various suggestions made by the team. It has been compiled and tested successfully on amd64 both with ASLR enabled and disabled.

Jul 24 2014, 3:48 PM

Jul 23 2014

lattera-gmail.com added inline comments to D473: Base ASLR.
Jul 23 2014, 10:14 PM
lattera-gmail.com retitled D473: Base ASLR from to Base ASLR.
Jul 23 2014, 9:38 PM