Change Details

Tests on the main 64-bit architectures prove that the ASLR is stable and does not result in noticeable performance degradation. By default use address map randomization for PIE binaries and disable SBRK, in order to allow to utilize the bss grow region for mappings. Both settings are respected only in case the ASLR is enabled. Although the tests on 32-bit architectures with ASLR enabled were mostly passed, the issues may be encountered for high memory consumption cases (e.g. buildworld). Therefore for the sake of safety keep ASLR is disabled for 32-bit executables on 64-bit machines, too.

Address Space Layout Randomization (ASLR) is an exploit mitigation technique implemented in the majority of modern operating systems. It involves randomly positioning the base address of an executable and the position of libraries, heap, and stack, in a process's address space. Although over the years ASLR proved to not guarantee full OS security on its own, this mechanism should make exploitation more difficult. Tests on the tier 1 64-bit architectures proved that the ASLR is stable and does not result in noticeable performance degradation, therefore it should be safe to enable this mechanism by default. Moreover its effectiveness is increased for the PIE (Position Independentent Executables) binaries - thanks to the commit 9a227a2fd642 ("Enable PIE by default on 64-bit architectures"), it is enough to control usage of ASLR in the OS solely by the sysctls. This patch toggles the kernel settings to use address map randomization for PIE & non-PIE 64-bit binaries. It also disables SBRK, in order to allow to utilize the bss grow region for mappings. The latter is respected only in case the ASLR is enabled, so do it for all architectures. As for the drawbacks, a consequence of using the ASLR is more significant VM fragmentation, hence the issues may be encountered in the systems with a limited address space in the high memory consumption cases, such as the buildworld. As a result, although the tests on 32-bit architectures with ASLR enabled were mostly on par with what was observed on 64-bit ones, the defaults for the former are not changed. Also, for the sake of safety keep the feature disabled for 32-bit executables on 64-bit machines, too. The commited change may also slightly impact debuggers usage, therefore a care should be taken when analyzing backtraces and using `disable-randomization` flag in gdb. In case any change in the OS behavior is observed, that can be possibly caused by this patch, it is recommended to use freebsd-bugs@freebsd.org mailing list for reporting and discussing the encountered issue. Also, in order to confirm/rule-out the dependency on ASLR it is strongly advised to re-run the test with the feature disabled - it can be done by settings the following sysctls in the /etc/sysctl.conf file: kern.elf64.aslr.enable=0 kern.elf64.aslr.pie_enable=0

Tests on the main 64-bit architectures prove that the ASLR is stable and doesAddress Space Layout Randomization (ASLR) is an exploit mitigation technique not result in noticeable performance degradationimplemented in the majority of modern operating systems. It involves randomly positioning the base address of an executable and the position of libraries, heap, and stack, in a process's address space. Although over the years ASLR proved to not guarantee full OS security on its own, this mechanism should make exploitation more difficult. By default use address map randomization for PIE binaries and disTests on the tier 1 64-bit architectures proved that the ASLR is stable SBRK,and does in order to allow to utilize the bss grow region for mappings.not result in noticeable performance degradation, therefore it should be safe to Both settings are respected only in case the ASLR is enabledenable this mechanism by default. Moreover its effectiveness is increased for the PIE (Position Independentent Executables) binaries - thanks to the commit 9a227a2fd642 ("Enable PIE by default on 64-bit architectures"), it is enough to control usage of ASLR in the OS solely by the sysctls. AlthoughThis patch toggles the tests on 32-bit architectures with ASLR enabledkernel settings to use address map randomization for were mostly passedPIE & non-PIE 64-bit binaries. It also disables SBRK, the issues may be encounteredin order to allow to utilize for high memory consumption cases (e.gthe bss grow region for mappings. buildworld).The latter is respected only in case the ThereforeASLR is enabled, so do it for all architectures. As for the sakdrawbacks, a consequence of safety keepusing the ASLR is disabled for 32-bitmore significant VM fragmentation, hence the issues may be encountered in the systems with a limited address space in the high memory consumption cases, such as the buildworld. As a result, although the tests on 32-bit architectures with ASLR enabled were mostly on par with what was observed on 64-bit ones, the defaults for the former are not changed. Also, for the sake of safety keep the feature disabled for 32-bit executables on 64-bit machines, too. The commited change may also slightly impact debuggers usage, therefore a care should be taken when analyzing backtraces and using `disable-randomization` flag in gdb. In case any change in the OS behavior is observed, that can be possibly caused by this patch, it is recommended to use freebsd-bugs@freebsd.org mailing list for reporting and discussing the encountered issue. Also, in order to confirm/rule-out the dependency on ASLR it is strongly advised to re-run the test with the feature disabled - it can be done by settings the following sysctls in the /etc/sysctl.conf file: kern.elf64.aslr.enable=0 kern.elf64.aslr.pie_enable=0