Slashdot Mirror

← Back to Stories (view on slashdot.org)

HardenedBSD Completes Strong ASLR Implementation

Posted by timothy on from the never-play-marco-polo-with-hannibal-lector dept.

New submitter HardenedBSD writes: A relatively new fork of FreeBSD, HardenedBSD, has completed its Address Space Layout Randomization (ASLR) feature. Without ASLR, applications are loaded into memory in a deterministic manner. An attacker who knows where a vulnerability lies in memory can reliably exploit that vulnerability to manipulate the application into doing the attacker's bidding. ASLR removes the determinism, making it so that even if an attacker knows that a vulnerability exists, he doesn't know where that vulnerability lies in memory. HardenedBSD's particular implementation of ASLR is the strongest form ever implemented in any of the BSDs.

The next step is to update documentation and submit updates to the patches they have already submitted upstream to FreeBSD. ASLR is the first step in a long list of exploit mitigation technologies HardenedBSD plans to implement.

66 comments

  1. Update documentation by zAPPzAPP · · Score: 3, Funny

    That's always my next step too

    1. Re:Update documentation by Anonymous Coward · · Score: 0

      Yep, they will start with that just after they managed to get code execution to follow the same random sequence as the program loading.

    2. Re:Update documentation by Anonymous Coward · · Score: 0

      That's always my next step too

      I know you're joking, but the *BSDs have some pretty damn good documentation:

      * https://www.freebsd.org/docs.html

      They also have translation teams that take the canonical English versions and translate them many other languages (including Mongolian of all things).

    3. Re:Update documentation by Bengie · · Score: 1

      They have great documentation, especially compared to the competition, but there are some pieces that are lacking. There is a dedicated group that started in the past few years that is going over documenting the entirety of FreeBSD with people with great documentation skills and are also normalizing the formats to a new document format. Large undertaking.

  2. Cool by Anonymous Coward · · Score: 1

    Pretty cool stuff. Nice to see more distros do this stuff. Personally I'm using openbsd for all my work these days because they have pretty much all these things turned on (and have had them for a long time)

    1. Re:Cool by fisted · · Score: 0

      I'm using openbsd for all my work

      Nice to see more distros do this stuff.

      Something tells me you aren't as familiar with the BSDs as you pretend to be. What could it possibly be?

      --
      CLI paste? paste.pr0.tips!
    2. Re: Cool by Anonymous Coward · · Score: 0

      He said he uses OpenBSD for all his work! Maybe he was fired 16 years ago you insensitive clod!

    3. Re: Cool by Anonymous Coward · · Score: 0

      I don't get what you guys are saying. the openbsd distribution is different from the FreeBSD distribution which is different from dragonflybsd distribution. are you guys saying only Linux has distributions? plus I love how on slashdot even when the OP makes a fairly neutral comment, the clowns come in with hateful comments right away. the level of comments here is quite low...

    4. Re: Cool by fisted · · Score: 1

      BSD doesn't have "distributions" in the way GNU/Linux does, dear AC. The concept doesn't quite apply.

      --
      CLI paste? paste.pr0.tips!
  3. FreeBSD by Anonymous Coward · · Score: 0

    Are there plans to merge ASLR into FreeBSD ?

    1. Re:FreeBSD by Bengie · · Score: 1

      The next step is to update documentation and submit updates to the patches they have already submitted upstream to FreeBSD

    2. Re:FreeBSD by unixisc · · Score: 1

      I'd like to see it make it to PC-BSD. 11 maybe?

    3. Re:FreeBSD by Bengie · · Score: 1

      PC-BSD is just a thin wrapper of scripts, wizards, and some decent tools over FreeBSD. You can upgrade and downgrade to/from PC-BSD/FreeBSD.

    4. Re:FreeBSD by TheRaven64 · · Score: 1

      PC-BSD occasionally picks some patches to apply on top of a stock FreeBSD, but they try to keep it fairly small. I suspect that they're unlikely to pick up these for several reasons. First, there are still some random segfaults in applications caused by these patches that are not yet diagnosed. Second, the HardenedBSD team doesn't have a great track record for security, for example merging some insecure random number generator patches that were under review for FreeBSD and rejected over security issues and shipping them in production. Third, since the Blind ROP work from Stanford, ASLR is largely discredited as a security feature - it's a nice checkbox feature, but it doesn't really buy you much against a determined attacker. Fourth, the last iteration of the patches still had some very odd decisions about the interfaces for turning ASLR on and off (they also had a number of lock-order reversals, which are hopefully fixed in the latest version).

      --
      I am TheRaven on Soylent News
    5. Re:FreeBSD by unixisc · · Score: 1

      From the documentation in the handbooks, I'm left w/ the impression that PC-BSD is what you get the moment you want X11 on top of FreeBSD. Or is there more to it than that?

    6. Re:FreeBSD by Anonymous Coward · · Score: 0

      ??

      no you don't undrestand - it won't be used by PCBSD - it can't.
      flash player is not supported with a hardenedbsd kernel. so no way.

    7. Re:FreeBSD by Anonymous Coward · · Score: 0

      I'd say PC-BSD vs FreeBSD is akin to Ubuntu vs Debian. One is based on the other, with the goal of being newbie-friendly.

      You can install Debian and install a desktop, or you can install Ubuntu and get a desktop configured and ready to use.

      Personally, I'd always choose Debian and build up from that. (Posting this from FreeBSD.)

    8. Re:FreeBSD by Anonymous Coward · · Score: 0

      > Third, since the Blind ROP work from Stanford [stanford.edu], ASLR is largely discredited as a security feature

      this is utter nonsense. BROP doesn't work against a proper ASLR implementation. hint: brute force prevention is part of the deal. if you know better then feel free to demonstrate BROP against a grsecurity system ;).

      cheers,
        PaX Team

    9. Re:FreeBSD by TheRaven64 · · Score: 1

      BROP doesn't work against a proper ASLR implementation

      Define 'proper'. Re-randomisation after every fork()? Good luck with that. PLTs at random offsets? Sure, if you're willing to pay the overhead of not being able to share any position-independent code between processes.

      --
      I am TheRaven on Soylent News
    10. Re:FreeBSD by Anonymous Coward · · Score: 0

      i defined it in the challenge i gave you: grsecurity and its brute force prevention mechanism (but you can also just read the canonical document on ASLR on the PaX doc site where this requirement is clearly spelled out). if you can make BROP work there, by all means, let us and the world know. otherwise stop the parroting of academic 'research'.

  4. Why not just use OpenBSDs? by Anonymous Coward · · Score: 1

    Wouldn't it be easier to just import OpenBSD's implementation?

    1. Re:Why not just use OpenBSDs? by Zer0P · · Score: 5, Interesting

      Wouldn't it be easier to just import OpenBSD's implementation?

      See the pictures under this link: http://hup.hu/node/140322 . ;)

    2. Re:Why not just use OpenBSDs? by Bengie · · Score: 1

      OpenBSD has an entirely different kernel at this point. Their only major commonality is starting from the same OS a long time ago.

      1993 - NetBSD forks 4.3BSD
      1993 - FreeBSD forks 4.4BSD
      1996 - OpenBSD forks NetBSD 1.0

      As much as they still shared code, they have diverged over the past 20 years.

    3. Re: Why not just use OpenBSDs? by Anonymous Coward · · Score: 0

      this is interesting but aren't some of these issues already addressed in openbsd 5.8 and about to be released 5.9? 5.7 is pretty ancient at this point. would love to see how newer openbsd holds up. tried to run the tests myself but seems like they don't compile out of the box on openbsd :-( would love it if someone posted instructions.

  5. Old story by no-body · · Score: 2

    Adamantix over 10 years ago but got silent after version 2 or so. Tried to find their soure recently- impossible. Would have been great to get it to current HW compatibility. End of old story.

  6. Re:??? nothing by Anonymous Coward · · Score: 0, Redundant

    Or just expect that, when a story is posted on a Saturday afternoon/evening, the Slashdot audience will be much smaller than usual. It'll also include a disproportionate number of brave, dedicated Men's Rights Advocates that have no family, no girlfriend, no prospects, and nothing better to be doing on a weekend afternoon than to post anonymous whines.

  7. Re:BSD is for cows. by ArcadeMan · · Score: 0

    Moo

    --
    Get free satoshi (Bitcoin) and Dogecoins
  8. Re:BSD is for cows. by Anonymous Coward · · Score: 0

    And I suppose you think you're a Keyboard Cowboy...

  9. OpenBSD? by Anonymous Coward · · Score: 2, Interesting

    I believe OpenBSD already added this functionality. Yer or two ago. How is this implementation better than theirs?

    1. Re:OpenBSD? by Anonymous Coward · · Score: 0

      This list should clarify things a bit.
      While OpenBSD had ASLR it is lacking in many other ways.
      That is the thing with security, it isn't the doors you locked that matters, it's that single one you didn't lock that is the problem.

    2. Re:OpenBSD? by Noryungi · · Score: 1, Interesting

      This list should clarify things a bit.
      While OpenBSD had ASLR it is lacking in many other ways.
      That is the thing with security, it isn't the doors you locked that matters, it's that single one you didn't lock that is the problem.

      Hmmm... While I agree with you on the general principle, here are a couple of things, off the top of my head:

      1. False positives ("Vulnerable" tests in your example) do exist, you know. How are you sure that OpenBSD (or FreeBSD) is vulnerable in such and such case? Have you created an exploit specifically for the things being tested by paxtest? Maybe OpenBSD has other capabilities

      2. False negatives are also a thing. Even if paxtest says: "such-and-such is OK", how do you know if a clever hacker won't be able to find a way around the ASLR protection?

      Also important: paxtest dates back to 2004, and, as far as I know, has never been updated since (web site here). Not that this is a bad thing, but ASLR, and security, has changed a lot since then...

      --
      The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
    3. Re:OpenBSD? by Anonymous Coward · · Score: 0

      Wait, I'm pretty sure that the one I answered to wasn't an AC. Did Slashdot drop the poster info?

    4. Re:OpenBSD? by buchner.johannes · · Score: 1

      You can achieve the same level of security with Hardened Gentoo Linux (PaX, Grsecurity2, which is Gentoo with different flags) https://wiki.gentoo.org/wiki/H... .
      The only small difference is that strcpy is still allowed (applications should move to strlcpy/strpcpy instead).

      Then again, I don't use hardened Gentoo, because last time I tried (couple of years back), it was hard to maintain on a simple desktop.

      Other distributions that use PaX: https://en.wikipedia.org/wiki/...

      --
      NB: The message above might reflect my opinion right now, but not necessarily tomorrow or next year.
  10. My big question now... by tlambert · · Score: 3, Interesting

    My big question now...

    Can I still run the debugger on running binaries, or does the debugger now need work done on it?

    Same question, but for core dumps.

    1. Re:My big question now... by Anonymous Coward · · Score: 0

      My guess is yes on non-stripped binaries and no on stripped binaries. Which is fine for development but a PITA for debugging crashes on client computers.

    2. Re:My big question now... by Anonymous Coward · · Score: 0

      More importantly it'll make some bugs harder to find - since the memory is laid out differently every time it means some bugs will appear differently every time, eg because they overflow into different memory which causes a crash that looks different every time, or sometimes doesn't crash at all.

    3. Re:My big question now... by Anonymous Coward · · Score: 0

      More importantly it'll make some bugs harder to find - since the memory is laid out differently every time it means some bugs will appear differently every time, eg because they overflow into different memory which causes a crash that looks different every time, or sometimes doesn't crash at all.

      It will also reveal some bugs that were nicely hidden before, when the particular fixed allocation didn't cause any immediately visible issues.

    4. Re:My big question now... by tlambert · · Score: 2

      It will also reveal some bugs that were nicely hidden before, when the particular fixed allocation didn't cause any immediately visible issues.

      Fuzzing is useless, if you can't reproduce the bug.

      It's the same as saying "There's a bug in there *somewhere*, but I will be damned if I can tell you where!".

      Eng: "You mean 'It's broke'?"

      Test: "Yeah."

      Eng: "Thank you very F'ing much!"

      Test: "What are you typing?"

      Eng: "I'm closing your bug as 'Can not reproduce'; there: done!"

    5. Re:My big question now... by Anonymous Coward · · Score: 0

      Do you able to run debugger on linux since ~10 years with enabled ASLR? ;)

  11. Welcome to Windows 7 by Billly+Gates · · Score: 0, Troll

    ASLR was one of the arguments of using Windows while for some reason it is still bashed as insecure here. Chuckles

    --
    http://saveie6.com/
    1. Re:Welcome to Windows 7 by WndSks · · Score: 0

      Welcome to Vista (Beta 2, http://blogs.msdn.com/b/michae... )

    2. Re:Welcome to Windows 7 by Anonymous Coward · · Score: 0

      Yes. Windows beat Mac and FreeBSD to ASLR, but was years behind everybody else (especially if you consider OOT patches.

      Theo Radt commented on FreeBSD not having ASLR. He said something the the effect of, "even Windows has ASLR for fucks sake."

      So, yeah, pretty sad. But, Windows still suffers insane design decisions that makes it the least secure OS in the history of software. Things like font parsing in kernel space. So, anything that uses a fucking font can gain root on a windows box (yet another exploit using this vector is in the wild right now for windows). So, yeah, windows is horrible on security. Beating freebsd to ASLR doesn't change this.

  12. Doesn't sound like it's complete by SleepyHappyDoc · · Score: 1, Funny

    Perhaps they should call it "Getting Hard BSD".

    --
    Stasis is death. Embrace change.
  13. How is ASLR doing on Linux? by Anonymous Coward · · Score: 0

    Seriously, back in 2013 (and even before that) ASLR has been talked about on the Linux developer scene - some even post articles online about it, such as http://securityetalii.es/2013/...

    As it is already 2015, how is ASLR doing on Linux?

  14. All that effort, so little protection by Anonymous Coward · · Score: 0

    If you can read the address space you can defeat ASLR. So it makes life a little more difficult, but once you've solved it you've solved it.

    More 'tick in the box' security which doesn't actually provide anything useful.

    1. Re:All that effort, so little protection by behrooz0az · · Score: 1

      Even if that's true there are a lot of exploits out there that can't deliver more than a few bytes of machine code.
      You can't exploit stuff with less than say 100 bytes of code if you don't even have the offsets for functions that you need to call. You can with less than 30 bytes if You do(eg, socket, fork, some io).
      It's not just a tick in the box.

      --
      Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion. -- Spazmania (174582)
    2. Re:All that effort, so little protection by Bengie · · Score: 2

      If you can read the address space you can defeat ASLR

      Ohh, you mean segfault when you read unallocated memory? Even if you could, are you planning to read all 8,589,934,592GiB of the address space? with O(n) scaling, assuming a crazy low 1 clock cycle per address, it would take you about 35 years to scan the entire 2^63 user virtual address space at 4ghz.

      I am not saying ASLR is perfect, I'm just saying it's not nearly as simple as you make it out to be.

    3. Re:All that effort, so little protection by TheRaven64 · · Score: 1

      Read this paper if you want to know how easy it is.

      --
      I am TheRaven on Soylent News
  15. Re: ??? nothing by Anonymous Coward · · Score: 0

    1. No, you are wrong. This isn't a matter of opinion.
    2. Yeah, because special snowflake you just needs to shit up every reply in every thread.
    3. Log the fuck in and vote in the firehose.

    Or you could just STFU or leave we don't care.

  16. OpenBSD? by Anonymous Coward · · Score: 0

    Didn't OpenBSD do this, and more, the other year?

  17. ASLR? by tersegon · · Score: 1

    I don't understand what this has to do with videos of whispering women.

  18. Pollination is good by fnj · · Score: 1

    If this gets ported to FreeBSD I say hurrah and many thanks to HardenedBSD!

    1. Re:Pollination is good by Bengie · · Score: 2

      Pollination is good

      HardenedBSD was forked with the explicit idea of testing new security ideas and seeing what works, then pushing the code upstream back to FreeBSD. *BSD is not like Linux distros where they rarely work together. A lot of security ideas require some major changes that would not be feasible as a simple branch.

  19. Re:??? nothing by Barsteward · · Score: 1

    register and log in then maybe you'll be listened to - what are you scared of?

    --
    "The hands that help are better far than lips that pray." - Robert Ingersoll (1833-1899)
  20. Re:??? nothing by Anonymous Coward · · Score: 0

    I'm not scared of anything, my anonymous friend "Barsteward". I'm just too lazy to register and log in each time I want to comment here. I don't want to deal with yet another goddamn website account, especially when I can post without one here. I've got enough of those fuckers for other sites!

  21. Re:??? nothing by alexgieg · · Score: 1

    It took you more time to explain why you don't want an account that it'd have taken for you to make one. As for logging in every time, how about, I dunno, keeping your account logged in?

    --
    Conservatism: (n.) love of the existing evils. Liberalism: (n.) desire to substitute new evils for the existing ones.
  22. Right, Let's hope OS X gets jumps in too ! by Anonymous Coward · · Score: 0

    Right, I'm whishing OS X would try to catch up also ...

    I just did quick and dirty port to get it compiled and see how Yosemite compares.

    ac

    ps. Slashdot is hostile towards posting code & patches, I got complained about using less 'junk' characters up until I removed all of that what's linked.

  23. brains.... by Anonymous Coward · · Score: 0

    yes, I like FreeBSD.

    Unfortunately, they (hardenedbsd) just made it the ASLR implementation unusable: flash player is forbidden. So, then anyway I don't need ASLR. linux layer is not supported. Great decision. First they put all the work in hardeningf BSD which makes a great desktop, then they through out basically the main reason why someone on the desktop would indeeeed neeeeeed ASLR.
    Really. Great. get some brains, and start again.

    1. Re:brains.... by Anonymous Coward · · Score: 0

      Flash is being phased out. There are many BSD desktop users that do not care for flash.

  24. Re:??? nothing by Barsteward · · Score: 1

    mine stays logged in, no need to keep logging in. i think you don't want your opinions tracked. if you registered, logged in and posted (umlimited posts) we'd know if you are a troll or not.

    --
    "The hands that help are better far than lips that pray." - Robert Ingersoll (1833-1899)