# No ASLR upstreaming?



## hans1024 (Jan 18, 2016)

Hi, so the HardenedBSD has an ASLR implementation. Is anybody still trying to get it upstreamed into FreeBSD?

There is a phabricator review https://reviews.freebsd.org/D473 that has been closed a month ago with the following message from Shawn Webb: "Closing this revision. FreeBSD is free to pull from HardenedBSD."
So, does this mean he's just going to invest his time into HardenedBSD and gave up on pushing the patches to FreeBSD?


----------



## kpa (Jan 18, 2016)

Your first message on these boards and I have to wonder why are you even asking such thing here. Why don't you ask Mr. Shawn Webb yourself directly what he means with that commit message?


----------



## beastDemian (Jan 18, 2016)

The patch has been under review for quite a long time, with several devlopers pointing out problems and HardenedBSD devs fixing them. This is the last review they uploaded was also abandoned https://reviews.freebsd.org/D3565 . It seems to have something to do with the fact that it's been in review for so long and FreeBSD devs weren't happy about the way it was implemented. You should probably ask HardenedBSD devs what happened, though, perhaps there are other problems.

I wish this could have been reviewed and pushed in time for 11, but it looks like it won't make it to FreeBSD in the near future.


----------



## gofer_touch (Jan 18, 2016)

This is interesting, I was reading this not too long ago https://wiki.freebsd.org/AddressSpaceLayoutRandomization and thought that ASLR had already been implemented.


----------



## Beastie7 (Jan 18, 2016)

There are alternatives the project is considering also; like SafeStack. Which is built into the Clang compiler.


----------



## CoTones (Jan 18, 2016)

Answer perfectly fits for topic "FreeBSD is susceptible to common exploits".

Question - why most FreeBSD developers see no problem here? incompetence ( hardly... ) or just shut up and work, boss knows better, case?


----------



## hans1024 (Jan 18, 2016)

So I asked on https://groups.google.com/a/hardenedbsd.org/forum/ and this is Shawn Webb's answer:


> We haven't given up, but we're focusing our time on HardenedBSD itself.
> While we focus on HardenedBSD, we encourage FreeBSD to take an interest
> in our enhancements and hopefully pull from HardenedBSD.
> 
> ...



Especially interesting bits are:


> However, for at least four months, certain
> people who have agreed to take charge of reviewing our work in
> preparation for upstreaming have not done so.





> Certain FreeBSD committers and certain well-respected members of the
> FreeBSD community seem to think ASLR is useless due to ROP.


It looks like there are some problems on the FreeBSD side.

-----------------------------------------------------------------------------------------



Beastie7 said:


> There are alternatives the project is considering also; like SafeStack. Which is built into the Clang compiler.


SafeStack is definitely not a substitute for ASLR. It looks like SafeStack is more similar to stack cannaries (-fstack-protector). If i understand SafeStack correctly, it protects the return adresses better than cannaries, but overwriting return adresses is not the only way to hijack control flow.


----------



## CoTones (Jan 19, 2016)

Thank you hans1024 for insight. Less speculation on important things and more disappointment with FreeBSD "bosses". I wish Matthew Dillon and DragonFly BSD all the best.


----------



## gofer_touch (Jan 19, 2016)

CoTones said:


> Thank you hans1024 for insight. Less speculation on important things and more disappointment with FreeBSD "bosses". I wish Matthew Dillon and DragonFly BSD all the best.



DragonflyBSD doesn't have ASLR either iirc. Its a pity they (FreeBSD) aren't taking this more seriously, but in the meantime there is OpenBSD.


----------



## CoTones (Jan 19, 2016)

Not only OpenBSD but also NetBSD, OS X, iOS, Solaris, Linux, Android, Windows...

"DragonFly BSD has an implementation of ASLR based upon OpenBSD's model, added in 2010. It is off by default, and can be enabled by setting the sysctl vm.randomize_mmap to 1."


----------



## gofer_touch (Jan 19, 2016)

CoTones said:


> Not only OpenBSD but also NetBSD, OS X, iOS, Solaris, Linux, Android, Windows...
> 
> "DragonFly BSD has an implementation of ASLR based upon OpenBSD's model, added in 2010. It is off by default, and can be enabled by setting the sysctl vm.randomize_mmap to 1."



Wow. Thanks for this.


----------



## hans1024 (Jan 19, 2016)

I found a half year old but relevant thread on freebsd-arch http://marc.info/?t=142679127700003&r=1&w=2 .

It looks like some developers think ASLR is waste of time, but nobody seems to be directly opposed to the patch, because it can be disabled at runtime. So I guess the problem is that no developer is interested enough to invest time into reviewing the patch.


----------



## pkubaj (Jan 19, 2016)

CoTones said:


> Not only OpenBSD but also NetBSD, OS X, iOS, Solaris, Linux, Android, Windows...
> 
> "DragonFly BSD has an implementation of ASLR based upon OpenBSD's model, added in 2010. It is off by default, and can be enabled by setting the sysctl vm.randomize_mmap to 1."


Linux's implementation of ASLR is actually known to be quite weak, grsecurity patch greatles enhances it to be equal to OpenBSD's implementation.


----------



## _martin (Apr 4, 2016)

> FreeBSD community seem to think ASLR is useless due to ROP.


I doubt that. I doubt anybody in core team at FreeBSD thinks that. Sure (S)ROP can help, but many times knowing where you can jump is just _easy way out.


----------



## Oko (Jun 25, 2017)

getopt said:


> Edit: This I find quite remarkable
> http://hardenedbsd.org/content/easy-feature-comparison


I find that table misleading:
https://marc.info/?l=openbsd-tech&m=149732026405941
https://marc.info/?l=openbsd-tech&m=149792179514439&w=2


----------



## chrcol (Jun 27, 2017)

I agree with getopt, but it seems its been blocked for political reasons 

I have actually migrated a few machines to hardenedbsd.

The only performance loss of any significance I have seen is down to the clang compiler, for some reason clang compiled binaries are slower (this is on FreeBSD and hardenedbsd), ASLR itself is having no meaningful impact on my machines.

I have only migrated personal machines tho not client's.


----------



## ronaldlees (Jul 14, 2017)

From the register.co.uk, June 19, 2017 "That's Random" article:



> OpenBSD has a new security feature designed to harden it against kernel-level buffer overruns, the "KARL" (kernel address randomised link).



Wonder if this is interesting for FreeBSD?


----------

