OpenBSD's Kernel Gets W^X Treatment On Amd64

← Back to Stories (view on slashdot.org)

OpenBSD's Kernel Gets W^X Treatment On Amd64

Posted by Soulskill on Wednesday January 14, 2015 @01:56AM from the write-stuff dept.

New submitter brynet tips this news from Theo de Raadt: Over the last two months Mike Larkin (mlarkin@) modified the amd64 kernel to follow the W^X principles. It started as a humble exercise to fix the .rodata segment, and kind of went crazy. As a result, no part of the kernel address space is writeable and executable simultaneously. At least that is the idea, modulo mistakes. Final attention to detail (which some of you experienced in buggy drafts in snapshots) was to make the MP and ACPI trampolines follow W^X, furthermore they are unmapped when not required. Final picture is many architectures were improved, but amd64 and sparc64 look the best due to MMU features available to service the W^X model. The entire safety model is also improved by a limited form of kernel ASLR (the code segment does not move around yet, but data and page table ASLR is fairly good."

24 of 84 comments (clear)

Min score:

Reason:

Sort:

Re:most of you will pretend you understand by drinkypoo · 2015-01-14 02:03 · Score: 4, Funny

Actually, I was just thinking that this was a relatively penetrable summary. It tells me so much, I don't even need to R TFA.

--
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Re:most of you will pretend you understand by mwvdlee · 2015-01-14 02:09 · Score: 5, Insightful

The summary could use a bit of translation, instead of merely copying content off a maillist post intended for a very specific group of kernel specialists using slang terminology.

--
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
Re:most of you will pretend you understand by Anonymous Coward · 2015-01-14 02:11 · Score: 3, Informative

Once you grok that W^X means Write XOR Execute (which you can gather from the rest of the summary), it gets easier.
Re:most of you will pretend you understand by Anonymous Coward · 2015-01-14 02:26 · Score: 3, Informative

Once you grok that W^X means Write XOR Execute (which you can gather from the rest of the summary), it gets easier.
I thought that meant they added all wheel drive and turbos.
Re:Status on other UNIX like kernels by Anonymous Coward · 2015-01-14 02:30 · Score: 5, Informative

According to Wikipedia, which is always right:

Similar features are available for other operating systems, including the PaX and Exec Shield patches for Linux, and NetBSD 4+'s implementation of PaX.
W^X
No rant from Theo by frambris · 2015-01-14 02:35 · Score: 4, Funny

I expected a long rant from TdR. I was disappointed.
1. Re:No rant from Theo by armanox · 2015-01-14 04:23 · Score: 2
  
  He doesn't always have a long rant. Actually, the patches I submitted to libreSSL merely got marked approved, no rant attached at all.
  
  --
  I'm starting to think GNU is the problem with "GNU/Linux" these days.
2. Re:No rant from Theo by rnws · 2015-01-14 05:53 · Score: 3, Funny
  
  GNU or Gnome?
3. Re:No rant from Theo by fahrbot-bot · 2015-01-14 06:26 · Score: 4, Funny
  
  I expected a long rant from TdR. I was disappointed.
  He had write permission on the email so his rant couldn't execute.
  
  --
  It must have been something you assimilated. . . .
Re:most of you will pretend you understand by Z00L00K · 2015-01-14 02:40 · Score: 4, Insightful

If you have a need to get something translated maybe it's worth to look it up.
Everyone is so used to get everything served on a plate these days that when the need arises they are completely lost in how to dig for information.
I see this as a nice teaser that isn't dumbed-down.

--
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
Re:most of you will pretend you understand by Anonymous Coward · 2015-01-14 02:42 · Score: 4, Funny

My guess is 80% of you will get about 20% of what this email is saying, but you'll post on here like you know it all.
Search your feelings, you know it to be true. /reflections of myself about 15 years ago. //Modulo mistakes... cute
20% is still more than Theo De Raadt wanted anyone else to understand. So, I call it a win.
Re:Status on other UNIX like kernels by Nikademus · 2015-01-14 02:52 · Score: 4, Insightful

Except that only userland benefitted from that till now.
Now it's even for the kernel, that's the news here.

--
I gave up with the idea of an useful sig...
Re:FreeBSD? by Anonymous Coward · 2015-01-14 02:57 · Score: 2, Informative

Yes, there is some cross-pollination. In general, while BSDs share a common background, they are different operating systems, not "distros".
Very disturbed by tag "writeorexecute" by sideslash · 2015-01-14 02:57 · Score: 4, Insightful

C'mon, people, it's writexorexecute, as in "xor" as in "exclusive or". Write or execute is exactly what they're trying to avoid.

Never bothered learning how to tag stuff or contribute to tags on Slashdot, so just ranting here. Thank you, that is all.
1. Re:Very disturbed by tag "writeorexecute" by sideslash · 2015-01-14 04:08 · Score: 2
  
  In english "or" does have the connotation you describe.
  I would say it "does sometimes" have that connotation. Addressing an invalid in bed: "Can you sit or stand?" Obviously in order to stand they will first sit up, but we don't know whether they can do both. I'm sticking with my theory that while writing the summary and tags, an editor accidentally executed it, as usual. :)
2. Re:Very disturbed by tag "writeorexecute" by UnderCoverPenguin · 2015-01-14 06:40 · Score: 2
  
  When C syntax was developed, the designers tried to limit the use of glyphs to those represented in 7-bit ANSI character code, which does not have a codepoint for "circle-plus" nor for a lot of other glyphs used in formal logic and in math.
  
  --
  Don't try to out wierd me, three-eyes. I get stranger things than you, free with my breakfast cereal. --Zaphod Beeblebr
Re:most of you will pretend you understand by Anonymous Coward · 2015-01-14 03:12 · Score: 5, Insightful

I don't know, it's not like there is some sort of free services out there that could help you find the explanation without parsing the whole list.
https://en.wikipedia.org/wiki/Trampoline_%28computing%29
Re:most of you will pretend you understand by red_dragon · 2015-01-14 03:29 · Score: 3, Informative

I doubt that the mailing list will show any definition of "trampoline". That word has a specific meaning in kernel programming, such that one would already have a good understanding of the subject before poking around in kernel code.
FWIW, "trampoline" refers to generated bits of code containing jumps to arbitrarily different pieces of code, something that ESR called "an incredibly hairy technique" in the Jargon File.

--
In Soviet Russia, Jesus asks: "What Would You Do?"
Re:FreeBSD? by Lunix+Nutcase · 2015-01-14 03:42 · Score: 2

Sure, if someone ports it over. They do share features but not all BSD kernels have all the same features.
would you like pie or cake? both! by Chirs · 2015-01-14 04:19 · Score: 2

In the english language itself, "or" doesn't necessarily imply "xor". Usually some other mechanism is used to imply exclusivity, either from situational awareness or from context in the surrounding text.
Re:most of you will pretend you understand by mrchaotica · 2015-01-14 04:39 · Score: 3, Interesting

Next, some noob is going to ask what "ESR," "hairy" and "jargon file" are. And then somebody else won't know what "noob" means. It's the Eternal September all over again (said the guy with the six-digit ID to the guy with the four-digit one)...

--
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
Re:Status on other UNIX like kernels by StikyPad · 2015-01-14 06:32 · Score: 2

Still of limited value. ROP already bypasses DEP/NX protections, which are required for W^X to be effective. ROP techniques are used to great effect in iPhone jailbreaks.
These protections may guard against a (very small subset of) casual attackers, but they're just another minor hurdle for determined attackers.
For a primer, see also: https://en.wikipedia.org/wiki/... (And the rest of the article.)
The biggest security advantage that BSD has is being such a small target.

--
https://www.eff.org/https-everywhere
Re:Status on other UNIX like kernels by iggymanz · 2015-01-14 07:43 · Score: 2

with BSD being in everything from printers to elevator controllers (and Apple products), it's not a small target but more of a less visible one to date
Re:most of you will pretend you understand by Darinbob · 2015-01-14 08:25 · Score: 4, Insightful

Mmm, it made sense to me, but then I work at low levels of code. I do find it somewhat strange though that the criticism is basically that it's too nerdy. I'm quite happy to see more nerd postings and fewer Dice fluff. Stories that go over the heads of the masses is what Slashdot should be about.
This is nothing new, there have been articles with absolutely impenetrable jargon and ideas before when discussing high level web oriented stuff or scripting, but since so many readers these days work in such areas that they don't complain. So I have to look up what jquery is, it's not a problem, so others who call themselves nerds should be content to look up with W^X means.