Re: [CFT] ASLR, PIE, and segvguard on 11-current and 10-stable

From: Adrian Chadd <adrian_at_freebsd.org>
Date: Wed, 14 May 2014 10:02:09 -0700
Hi!

Cool! Does it run on MIPS? :P


-a


On 14 May 2014 06:58, Shawn Webb <lattera_at_gmail.com> wrote:
> Hey All,
>
> [NOTE: crossposting between freebsd-current_at_, freebsd-security_at_, and
> freebsd-stable_at_. Please forgive me if crossposting is frowned upon.]
>
> Address Space Layout Randomization, or ASLR for short, is an exploit
> mitigation technology. It helps secure applications against low-level
> exploits. A popular secure implementation is known as PaX ASLR, which is
> a third-party patch for Linux. Our implementation is based off of PaX's.
>
> Oliver Pinter, Danilo Egea, and I have been working hard to bring more
> features and robust stability to our ASLR patches. We've done extensive
> testing on amd64. We'd like to get as many people testing these patches.
> Given the nature of them, we'd also like as many eyeballs reviewing the
> code as well.
>
> I have a Raspberry Pi and have noticed a few bugs. On ARM (at least, on
> the RPI), when a parent forks a child, and the child gracefully exits,
> the parent segfaults with the pc register pointing to 0xc0000000. That
> address is always the same, no matter the application. If anyone knows
> the ARM architecture well, and how FreeBSD ties into it, I'd like a
> little guidance.
>
> I also have a sparc64 box, but I'm having trouble getting a vanilla
> 11-current system to be stable on it. I ought to file a few PRs.
>
> You can find links to the patches below.
>
> Patch for 11-current:
> http://www.crysys.hu/~op/freebsd/patches/20140514091132-freebsd-current-aslr-segvguard-SNAPSHOT.diff
>
> Patch for 10-stable:
> http://www.crysys.hu/~op/freebsd/patches/20140514091132-freebsd-stable-10-aslr-segvguard-SNAPSHOT.diff
>
> Thanks,
>
> Shawn Webb
Received on Wed May 14 2014 - 15:02:11 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:49 UTC