Re: [CFT] ASLR and PIE on amd64

--089e015380bab16b1604f5dbd4e0
Content-Type: text/plain; charset=ISO-8859-1

On 3/22/14, Shawn Webb <lattera@gmail.com> wrote:
> Hey All,
>
> First off, I hope that even as a non-committer, it's okay that I post
> a call for testing. If not, please excuse my newbishness in this
> process. This is my first time submitting a major patch upstream to
> FreeBSD.
>
> Over the past few months, I've had the opportunity and pleasure to
> enhance existing patches to FreeBSD that implement a common exploit
> mitigation technology called Address Space Layout Randomization (ASLR)
> along with support for Position Independent Executables (PIE).
> ASLR+PIE has been a long-requested feature by many people I've met on
> IRC.
>
> I've submitted my patch to PR kernel/181497. I'm currently in the
> process of adding PIE support to certain high-visibility applications
> in base (mainly network daemons). I've added a make.conf knob that's
> default to enabled (WITH_PIE=1). An application has to also explicitly
> support PIE as well by defining CAN_PIE in the Makefile prior to
> including bsd.prog.mk. After I get a decent amount of applications
> enabled with PIE support, I'll submit one last patch.
>
> The following sysctl's can be set with a kernel compiled with the
> PAX_ASLR option:
>
> security.pax.aslr.status: 1
> security.pax.aslr.debug: 0
> security.pax.aslr.mmap_len: 16
> security.pax.aslr.stack_len: 12
> security.pax.aslr.exec_len: 12
>
> The security.pax.aslr.status sysctl enables and disables the ASLR
> system as a whole. The debug sysctl gives debugging output. The
> mmap_len sysctl tells the ASLR system how many bits to randomize with
> mmap() is called. The stack_len sysctl tells the ASLR system how many
> bits to randomize in the stack. The exec_len sysctl tells the ASLR
> system how many bits to randomize the execbase (this controls PIE).
> These sysctls can be set as a per-jail basis. If you have an
> application which doesn't support ASLR, yet you want ASLR enabled for
> everything else, you can simply place that misbehaving application in
> a jail with only that jail's ASLR settings turned off.
>
> Please let me know how your testing goes. I'm giving a presentation at
> BSDCan regarding this.
>
> If you want to keep tabs on my bleeding-edge development process,
> please follow my progress on GitHub:
> https://github.com/lattera/freebsd (branch: soldierx/lattera/aslr).
>
> Thank you very much,

Hi!

Please apply this patch. This fixed an issue with tunables.

>
> Shawn Webb
> _______________________________________________
> freebsd-current@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org"
>

--089e015380bab16b1604f5dbd4e0
Content-Type: application/octet-stream; 
	name="0001-PaX-ASLR-fixed-tunables-in-kern_pax.c.patch"
Content-Disposition: attachment; 
	filename="0001-PaX-ASLR-fixed-tunables-in-kern_pax.c.patch"
Content-Transfer-Encoding: base64
X-Attachment-Id: file0

RnJvbSAwODkwYmUxMGJlOWRjMTU4MDM3YzEzN2NmNDRlNDlkYWUzM2Q3NTNkIE1vbiBTZXAgMTcg
MDA6MDA6MDAgMjAwMQpGcm9tOiBPbGl2ZXIgUGludGVyIDxvbGl2ZXIucG50ckBnbWFpbC5jb20+
CkRhdGU6IE1vbiwgMzEgTWFyIDIwMTQgMDI6MDI6NDIgKzAyMDAKU3ViamVjdDogW1BBVENIXSBQ
YVggQVNMUjogZml4ZWQgdHVuYWJsZXMgaW4ga2Vybl9wYXguYwoKU2lnbmVkLW9mZi1ieTogT2xp
dmVyIFBpbnRlciA8b2xpdmVyLnBudHJAZ21haWwuY29tPgotLS0KIHN5cy9rZXJuL2tlcm5fcGF4
LmMgfCA2ICsrKy0tLQogMSBmaWxlIGNoYW5nZWQsIDMgaW5zZXJ0aW9ucygrKSwgMyBkZWxldGlv
bnMoLSkKCmRpZmYgLS1naXQgYS9zeXMva2Vybi9rZXJuX3BheC5jIGIvc3lzL2tlcm4va2Vybl9w
YXguYwppbmRleCAyMTg1YmFmLi5iMDNjYzAzIDEwMDY0NAotLS0gYS9zeXMva2Vybi9rZXJuX3Bh
eC5jCisrKyBiL3N5cy9rZXJuL2tlcm5fcGF4LmMKQEAgLTk5LDIxICs5OSwyMSBAQCBTWVNDVExf
UFJPQyhfc2VjdXJpdHlfcGF4X2FzbHIsIE9JRF9BVVRPLCBtbWFwX2xlbiwKICAgICBOVUxMLCAw
LCBzeXNjdGxfcGF4X2FzbHJfbW1hcCwgIkkiLAogICAgICJOdW1iZXIgb2YgYml0cyByYW5kb21p
emVkIGZvciBtbWFwKDIpIGNhbGxzLiAiCiAgICAgIjMyIGJpdDogWzgsMTZdIDY0IGJpdDogWzE2
LDMyXSIpOwotVFVOQUJMRV9JTlQoInNlY3VyaXR5LnBheC5hc2xyLm1tYXAiLCAmcGF4X2FzbHJf
bW1hcF9sZW4pOworVFVOQUJMRV9JTlQoInNlY3VyaXR5LnBheC5hc2xyLm1tYXBfbGVuIiwgJnBh
eF9hc2xyX21tYXBfbGVuKTsKIAogU1lTQ1RMX1BST0MoX3NlY3VyaXR5X3BheF9hc2xyLCBPSURf
QVVUTywgc3RhY2tfbGVuLAogICAgIENUTFRZUEVfSU5UfENUTEZMQUdfUld8Q1RMRkxBR19UVU58
Q1RMRkxBR19QUklTT04sCiAgICAgTlVMTCwgMCwgc3lzY3RsX3BheF9hc2xyX3N0YWNrLCAiSSIs
CiAgICAgIk51bWJlciBvZiBiaXRzIHJhbmRvbWl6ZWQgZm9yIHRoZSBzdGFjay4gIgogICAgICIz
MiBiaXQ6IFs2LDEyXSA2NCBiaXQ6IFsxMiwyMV0iKTsKLVRVTkFCTEVfSU5UKCJzZWN1cml0eS5w
YXguYXNsci5zdGFjayIsICZwYXhfYXNscl9zdGFja19sZW4pOworVFVOQUJMRV9JTlQoInNlY3Vy
aXR5LnBheC5hc2xyLnN0YWNrX2xlbiIsICZwYXhfYXNscl9zdGFja19sZW4pOwogCiBTWVNDVExf
UFJPQyhfc2VjdXJpdHlfcGF4X2FzbHIsIE9JRF9BVVRPLCBleGVjX2xlbiwKICAgICBDVExUWVBF
X0lOVHxDVExGTEFHX1JXfENUTEZMQUdfVFVOfENUTEZMQUdfUFJJU09OLAogICAgIE5VTEwsIDAs
IHN5c2N0bF9wYXhfYXNscl9leGVjLCAiSSIsCiAgICAgIk51bWJlciBvZiBiaXRzIHJhbmRvbWl6
ZWQgZm9yIHRoZSBQSUUgZXhlYyBiYXNlLiAiCiAgICAgIjMyIGJpdDogWzYsMTJdIDY0IGJpdDog
WzEyLDIxXSIpOwotVFVOQUJMRV9JTlQoInNlY3VyaXR5LnBheC5hc2xyLnN0YWNrIiwgJnBheF9h
c2xyX2V4ZWNfbGVuKTsKK1RVTkFCTEVfSU5UKCJzZWN1cml0eS5wYXguYXNsci5leGVjX2xlbiIs
ICZwYXhfYXNscl9leGVjX2xlbik7CiAKIHN0YXRpYyBpbnQKIHN5c2N0bF9wYXhfYXNscl9zdGF0
dXMoU1lTQ1RMX0hBTkRMRVJfQVJHUykKLS0gCjEuOS4wCgo=
--089e015380bab16b1604f5dbd4e0
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org"
--089e015380bab16b1604f5dbd4e0--