On Wed, Mar 09, 2016 at 04:39:37PM +0000, Big Lebowski wrote: > Shawn, > > Please, note, that I said, these are the things I've heard, and there > should be people able to answer those better. As such, you should consider > them to be opinion, not pure facts. > > On Wed, Mar 9, 2016 at 4:22 PM, Shawn Webb <shawn.w...@hardenedbsd.org> > wrote: > > > (Responding inline) > > > > On Wed, Mar 09, 2016 at 04:05:12PM +0000, Big Lebowski wrote: > > > Hi Piotr, > > > > > > There are people who can probably answer it better, but until they do, I > > > can share what I've heard about it: on the FreeBSD side there are few > > > things that stop ASLR implementation: > > > > > > - there's no actual agreement between the influencial developers on > > wether > > > ASLR is viable or needed in first place > > > > Some FreeBSD developers think ASLR would be a good addition and others > > don't. We at HardenedBSD believe that ASLR provides a great foundation > > for further exploit mitigation technologies. We don't hold the belief > > that ASLR is the "end-all-be-all" of security as some would like you to > > believe. > > > > That's pretty much what I wanted to say. > > > > > > > - there was no planning or discussion how to implement ALSR in FreeBSD, > > > Shawn simply started writing the code, and some developers would like to > > > discuss and plan things first > > > > Discussions took place over a period of over two years. I was very > > cooperative. If you take a look at the two reviews on FreeBSD's > > Phabricator instance (linked to below), you'll notice that there's a lot > > of back-and-forth discussion. > > > > Discussing patches and designing a feature such as ASLR is not exactly the > same thing. In the spirit of this, some developers would expect some form > of academical approach, a whitepaper, and so on, not the reviews > discussion, and that's what lacking in their opinion.
We provided a whitepaper and went through a few revisions of that, even. > > > > > > > - there are doubts expressed in the code reviews about code quality and > > > compliance to FreeBSD standards. Some developers dedicated their time to > > > review the code and provide feedback, there were few cycles of rewrite, > > > review, rinse, repeat, but if you'd look into the reviews, Shawn closed > > > them, and I understand they'd only be considered for inclusion if they'd > > > meet the code quality standards expected > > > > Initial patches did not meet code quality standards. However, those > > style(9) violations were fixed early on. > > > > Even though the patches on Phabricator are closed, they can still be > > looked at for independent review. However, the code is now old and does > > not reflect the current implementation in HardenedBSD. > > > > We closed the reviews so that we could focus on making HardenedBSD > > great, not because of the lack of code quality. > > > > I'm not sure whether the patches would be considered for inclusion. > > That's up to FreeBSD to decide. Given that the last patch went months > > without any input from FreeBSD--input that was promised to be delivered. > > > > I dont know C and I am not a security expert, however, the code quality was > questioned by people who I respect for their achievement in security, > operating systems and C knowledge, and I can simply rely what I've heard: > that there are doubts, some people even mentioned actual bugs, so its not > all about style(9). Yet again, not something I can verify myself, only > something I've heard and can share. > > The lack of input is directly caused by my first two points: lack of > agreement that FreeBSD needs it, and lack of academical style on how > FreeBSD would like to implement it. Agreed. > > > > > > > > > > As a side note, one person saying 'ASLR implementation is finished' and > > > proper ASLR implementation that's properly tested, functional and not in > > > fact opening other security issues are two vastly different things, that > > > should be approached very carefully. > > > > Does "being tested over the period of three or so years through many > > full package builds, production deployments, and dogfooding" not mean > > "properly tested?" What does "properly tested" mean to you? > > > > The developers at HardenedBSD make it a point to run HardenedBSD on all > > their hardware--even laptops. > > > > HardenedBSD has been available for over two years, so it can be tested > > by anyone who downloads it and runs tests themselves. If there's a test > > you'd like me to run, please let me know. > > > > Sorry, but I completely disagree here. I dont know the actual numbers, but > I can safely assume that HardenedBSD user numbers are way smaller than > FreeBSD, and thus, I would say that amount of dogfooding over so short > period of time (since ASLR is considered to be completed by you) is nowhere > close for my taste, to consider it production ready. Moreover, do you have > any tests results available? Do you have a complete automated test suite > exposed somwhere? Have you done static code analysis? Have you used fuzzers > or any similar tools? When it comes to number of users, sure. We don't have nearly the visibility FreeBSD enjoys. But that's not a problem I can easily solve. Since we don't have any tools that call home, we don't even know how many users we have. Does a kernel fuzzer even exist for FreeBSD? If so, I'd love to run it for a whole bunch of things. I'll run it for ASLR, too. > > Dont get me wrong, I highly appreciate your work in that area, however, I > would like to see more complete, thorough and cautios approach to such > complicated thing as computer security. What can we at HardenedBSD do to make it "more complete, thorough, and cautious"? Thanks, Shawn > > Cheers, > BL > > > > > > Thanks, > > > > Shawn > > > > Original Phabricator review: https://reviews.freebsd.org/D473 (warning: > > huge load time since this review spans around two years). > > > > New Phabricator review for a smaller prereq patch: > > https://reviews.freebsd.org/D3565 > > > > Thanks, > > > > Shawn > > > > > > > > Cheers, > > > BL > > > > > > On Wed, Mar 9, 2016 at 2:05 PM, Piotr Kubaj <pku...@anongoth.pl> wrote: > > > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > > Hash: SHA256 > > > > > > > > Shawn Webb has recently announced that ASLR is complete on HardenedBSD. > > > > There are patches ready for FreeBSD to use and it's ready to be shipped > > > > in FreeBSD. However, for some reason FreeBSD developers do not want to > > > > ship ASLR in FreeBSD. Why can't it be included at least as non-default > > > > src.conf option and marked as experimental? > > > > > > > > FreeBSD is the only OS that matters that doesn't have ASLR. > > > > -----BEGIN PGP SIGNATURE----- > > > > Version: GnuPG v2 > > > > > > > > iQIcBAEBCAAGBQJW4C2QAAoJEHpZm4Ugg5yd2MoQAMPZ+UxbpTo9YvJz6YYB8wtH > > > > tRw3jQMUb4K6s26IO1mp/K6p+DM+HXcVvamO2cxjRKseQy/oLBGizgfR1ktBqdXQ > > > > xuqQJc5BCSdKgTsBs0IvNQghvUQkEyvYi+wn9EY9qJh6oEguAkcAWUhl5rGN2FhM > > > > Gwf9VDoPAR+n9Pjl6brcqyQvWczfDx9+VFpF0joeiI5PRRMF1UUsTYM/OHvtVoQA > > > > n1f8qNppIdprjwUjWE/BX6POaDhs4ZZKJRaFmbCuYudDPpX7P1yj7CHz/xthjMYG > > > > 325NnCJpN81fwCmcgvDFU3BYkEC9JSkBoA+5oDdRU3MALsJNQ10rz+IhAaeAsCMb > > > > oz7Oy0Gykeic60NLuMZlhOfl79XW666T1B9wOWlkrAlBPCY6v2kz6t/oJbHHGQOf > > > > CCBuhQJCdzdqyTnv0Bx4ZXiiecwhjvxaAPCwgppnxf2qLuBgxr9BsswMVp7wgYfM > > > > 2sfxk0pS0RuV5M2qWN9UATOyOiO5aPsC4f+WUzUM0LC6MbuHVDJu3QaUo7F3b3Ic > > > > KX150B3gWtsGlZZs8N9mIM3Aj/O5E496JHEf6zmlz6ssLuE6gIO8ICqpFSaXzkJC > > > > IWzgIVdL88gK6niVg7KCOAuzVZ1sxcx7cBCtGzAhVy9RhYKqwAtN9T2YOBC75cQW > > > > OdRGf2V3trcK664nKgEA > > > > =lM/6 > > > > -----END PGP SIGNATURE----- > > > > _______________________________________________ > > > > freebsd-security@freebsd.org mailing list > > > > https://lists.freebsd.org/mailman/listinfo/freebsd-security > > > > To unsubscribe, send any mail to " > > freebsd-security-unsubscr...@freebsd.org > > > > " > > > > > > > _______________________________________________ > > > freebsd-security@freebsd.org mailing list > > > https://lists.freebsd.org/mailman/listinfo/freebsd-security > > > To unsubscribe, send any mail to " > > freebsd-security-unsubscr...@freebsd.org" > > > > -- > > Shawn Webb > > HardenedBSD > > > > GPG Key ID: 0x6A84658F52456EEE > > GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE > > -- Shawn Webb HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
signature.asc
Description: PGP signature
