On Wed, Nov 16, 2011 at 01:09:18AM +0100, Oliver Pinter wrote: > On 11/15/11, Jeremie Le Hen <jeremie_at_le-hen.org> wrote: > > Hi, > > > > On Wed, Oct 19, 2011 at 12:37:44AM +0200, Oliver Pinter wrote: > >> In NetBSD has been some PaX feature [0] implemented. (ASLR, W^X > >> (~nxstack), mprotect restriction, veriexec, mmap randomization[2]...) > >> > >> [0] http://pax.grsecurity.net/docs/index.html > >> [1] http://www.netbsd.org/~elad/recent/man/security.8.html > >> [2] http://people.freebsd.org/~ssouhlal/testing/stackgap-20050527.diff > > > > Suleiman actually wrought two patches, one randomizing the stack (the > > one you pointed out) and another one randomizing non-fixed mmap(2) > > calls: > > > > http://people.freebsd.org/~ssouhlal/testing/mmap_random-20050528.diff > > > > > > FYI, they do not apply cleanly on recent source trees (the patches were > > made in 2005), but they can be applied with little fiddling. I'm > > running multiple 8.x production machines with them without any problem. > > Yeah, I use thins patch in 7-STABLE and 9-STABLE too. > Patch for 9-STABLE has attached. One immediate issue, which is definitely not critical, is that the size of the stack of main thread becomes chopped by the random amount of bytes. This is not an issue for single-threaded process, because typical default stack size is around 64M. For the threaded process, libthr cuts the stack, see thr_init.c:init_main_thread(). There, the size of the stack is 2 or 4MB, and 64KB might be more significant part of it. Missed bit from the patch is some randomization at the load address for the PIE (which is the main feature of ASLR, I suspect). See imgact_elf.c:exec(), et_dyn_addr calculation. Another missed bit is the similar modification for freebsd32_copyout_strings(). The upper limit for the random offset for mmap() should be configurable in the same way as stack gap, instead of the dump enable/disable knob. There are numerous style violations in the patch, or rather, the patch fully violates the style. > > > > > > > I've always wanted them to be committed as opt-in knobs, but I can't > > remember why they hadn't at the time. > > > > Cheers, > > -- > > Jeremie Le Hen > > > > Men are born free and equal. Later on, they're on their own. > > Jean Yanne > >
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:20 UTC