ASLR work into -HEAD ?

Shawn Webb shawn.webb at hardenedbsd.org
Fri Mar 20 19:05:42 UTC 2015


On Fri, 2015-03-20 at 14:17 -0400, Shawn Webb wrote:
> On Fri, 2015-03-20 at 09:28 -0600, Warner Losh wrote:
> > > On Mar 19, 2015, at 2:31 PM, Oliver Pinter <oliver.pinter at hardenedbsd.org> wrote:
> > > 
> > > On Thu, Mar 19, 2015 at 9:04 PM, Adrian Chadd <adrian at freebsd.org> wrote:
> > >> On 19 March 2015 at 12:56, Warner Losh <imp at bsdimp.com> wrote:
> > >>> 
> > >>>> On Mar 19, 2015, at 12:53 PM, Adrian Chadd <adrian at freebsd.org> wrote:
> > >>>> 
> > >>>> Hi,
> > >>>> 
> > >>>> Apparently this is done but has stalled:
> > >>>> 
> > >>>> https://reviews.freebsd.org/D473
> > >>>> 
> > >>>> Does anyone have any strong objections to it landing in the tree as-is?
> > >>> 
> > >>> There’s rather a lot of them specifically spelled out in the code review.
> > >>> 
> > >>> Many of the earlier ones were kinda blown off, so I’ve not been inclined
> > >>> to take the time to re-review it. Glancing at it, I see several minor issues
> > >>> that should be cleaned up.
> > >> 
> > >> Cool. Thanks for taking the time to look at it again.
> > >> 
> > >> Shawn is in #freebsd on freenode irc, so if you/others want a more
> > >> interactive review then he's there during the day.
> > > 
> > > Please CC the core at hardenedbsd.org in future please, when you are
> > > talking about this issue.
> > > 
> > > Adrian: do you able to review the MIPS or ARM part especially or test them?
> > 
> > Adrian: Do not commit the changes.
> > 
> > I’ve gone back and re-read Robert Watson’s rather long review and it appears
> > that virtually none of that has been addressed. Until it is, do not commit it. This
> > code interacts with dangerous parts of the system, and the default cannot be
> > to just let it in because no one has objected recently. Objections have been made,
> > they have been quantified, they haven’t been answered or acted upon. Until that
> > changes, you can assume the objections remain in place and asking again without
> > fixing them isn’t going to change the answer.
> > 
> > Warner
> 
> Warner,
> 
> We've fixed the vast majority of the concerns raised in that review. To
> say "virtually none of that has been addressed" and "they haven't been
> answered or acted upon" is a blatant lie. The fact that there are so
> many revisions of the patch is proof. We even made our ASLR
> implementation for FreeBSD less secure by providing a mechanism in
> ptrace() to disable it as requested by a member of the FreeBSD
> Foundation. (This "feature" doesn't exist in HardenedBSD's
> implementation.) If comments like these continue, I will remove the diff
> from Phabricator and close the BugZilla ticket. FreeBSD can feel free to
> pull from us, but we won't make any effort to proactively upstream our
> work.
> 
> With that said, I have missed a few of the concerns raised. There's so
> many comments/concerns in that review that it's easy to miss a few. I
> will address them tonight and upload a new patch tomorrow.

I've updated the patch. Is there anything I've missed?

Thanks,

Shawn Webb
HardenedBSD
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://lists.freebsd.org/pipermail/freebsd-arch/attachments/20150320/39bab4cd/attachment.sig>


More information about the freebsd-arch mailing list