Slashdot Mirror

← Back to Stories (view on slashdot.org)

HardenedBSD Completes Strong ASLR Implementation

Posted by timothy on from the never-play-marco-polo-with-hannibal-lector dept.

New submitter HardenedBSD writes: A relatively new fork of FreeBSD, HardenedBSD, has completed its Address Space Layout Randomization (ASLR) feature. Without ASLR, applications are loaded into memory in a deterministic manner. An attacker who knows where a vulnerability lies in memory can reliably exploit that vulnerability to manipulate the application into doing the attacker's bidding. ASLR removes the determinism, making it so that even if an attacker knows that a vulnerability exists, he doesn't know where that vulnerability lies in memory. HardenedBSD's particular implementation of ASLR is the strongest form ever implemented in any of the BSDs.

The next step is to update documentation and submit updates to the patches they have already submitted upstream to FreeBSD. ASLR is the first step in a long list of exploit mitigation technologies HardenedBSD plans to implement.

29 of 66 comments (clear)

  1. Update documentation by zAPPzAPP · · Score: 3, Funny

    That's always my next step too

    1. Re:Update documentation by Bengie · · Score: 1

      They have great documentation, especially compared to the competition, but there are some pieces that are lacking. There is a dedicated group that started in the past few years that is going over documenting the entirety of FreeBSD with people with great documentation skills and are also normalizing the formats to a new document format. Large undertaking.

  2. Cool by Anonymous Coward · · Score: 1

    Pretty cool stuff. Nice to see more distros do this stuff. Personally I'm using openbsd for all my work these days because they have pretty much all these things turned on (and have had them for a long time)

    1. Re: Cool by fisted · · Score: 1

      BSD doesn't have "distributions" in the way GNU/Linux does, dear AC. The concept doesn't quite apply.

      --
      CLI paste? paste.pr0.tips!
  3. Why not just use OpenBSDs? by Anonymous Coward · · Score: 1

    Wouldn't it be easier to just import OpenBSD's implementation?

    1. Re:Why not just use OpenBSDs? by Zer0P · · Score: 5, Interesting

      Wouldn't it be easier to just import OpenBSD's implementation?

      See the pictures under this link: http://hup.hu/node/140322 . ;)

    2. Re:Why not just use OpenBSDs? by Bengie · · Score: 1

      OpenBSD has an entirely different kernel at this point. Their only major commonality is starting from the same OS a long time ago.

      1993 - NetBSD forks 4.3BSD
      1993 - FreeBSD forks 4.4BSD
      1996 - OpenBSD forks NetBSD 1.0

      As much as they still shared code, they have diverged over the past 20 years.

  4. Old story by no-body · · Score: 2

    Adamantix over 10 years ago but got silent after version 2 or so. Tried to find their soure recently- impossible. Would have been great to get it to current HW compatibility. End of old story.

  5. OpenBSD? by Anonymous Coward · · Score: 2, Interesting

    I believe OpenBSD already added this functionality. Yer or two ago. How is this implementation better than theirs?

    1. Re:OpenBSD? by Noryungi · · Score: 1, Interesting

      This list should clarify things a bit.
      While OpenBSD had ASLR it is lacking in many other ways.
      That is the thing with security, it isn't the doors you locked that matters, it's that single one you didn't lock that is the problem.

      Hmmm... While I agree with you on the general principle, here are a couple of things, off the top of my head:

      1. False positives ("Vulnerable" tests in your example) do exist, you know. How are you sure that OpenBSD (or FreeBSD) is vulnerable in such and such case? Have you created an exploit specifically for the things being tested by paxtest? Maybe OpenBSD has other capabilities

      2. False negatives are also a thing. Even if paxtest says: "such-and-such is OK", how do you know if a clever hacker won't be able to find a way around the ASLR protection?

      Also important: paxtest dates back to 2004, and, as far as I know, has never been updated since (web site here). Not that this is a bad thing, but ASLR, and security, has changed a lot since then...

      --
      The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
    2. Re:OpenBSD? by buchner.johannes · · Score: 1

      You can achieve the same level of security with Hardened Gentoo Linux (PaX, Grsecurity2, which is Gentoo with different flags) https://wiki.gentoo.org/wiki/H... .
      The only small difference is that strcpy is still allowed (applications should move to strlcpy/strpcpy instead).

      Then again, I don't use hardened Gentoo, because last time I tried (couple of years back), it was hard to maintain on a simple desktop.

      Other distributions that use PaX: https://en.wikipedia.org/wiki/...

      --
      NB: The message above might reflect my opinion right now, but not necessarily tomorrow or next year.
  6. My big question now... by tlambert · · Score: 3, Interesting

    My big question now...

    Can I still run the debugger on running binaries, or does the debugger now need work done on it?

    Same question, but for core dumps.

    1. Re:My big question now... by tlambert · · Score: 2

      It will also reveal some bugs that were nicely hidden before, when the particular fixed allocation didn't cause any immediately visible issues.

      Fuzzing is useless, if you can't reproduce the bug.

      It's the same as saying "There's a bug in there *somewhere*, but I will be damned if I can tell you where!".

      Eng: "You mean 'It's broke'?"

      Test: "Yeah."

      Eng: "Thank you very F'ing much!"

      Test: "What are you typing?"

      Eng: "I'm closing your bug as 'Can not reproduce'; there: done!"

  7. Doesn't sound like it's complete by SleepyHappyDoc · · Score: 1, Funny

    Perhaps they should call it "Getting Hard BSD".

    --
    Stasis is death. Embrace change.
  8. Re:FreeBSD by Bengie · · Score: 1

    The next step is to update documentation and submit updates to the patches they have already submitted upstream to FreeBSD

  9. ASLR? by tersegon · · Score: 1

    I don't understand what this has to do with videos of whispering women.

  10. Pollination is good by fnj · · Score: 1

    If this gets ported to FreeBSD I say hurrah and many thanks to HardenedBSD!

    1. Re:Pollination is good by Bengie · · Score: 2

      Pollination is good

      HardenedBSD was forked with the explicit idea of testing new security ideas and seeing what works, then pushing the code upstream back to FreeBSD. *BSD is not like Linux distros where they rarely work together. A lot of security ideas require some major changes that would not be feasible as a simple branch.

  11. Re:??? nothing by Barsteward · · Score: 1

    register and log in then maybe you'll be listened to - what are you scared of?

    --
    "The hands that help are better far than lips that pray." - Robert Ingersoll (1833-1899)
  12. Re:??? nothing by alexgieg · · Score: 1

    It took you more time to explain why you don't want an account that it'd have taken for you to make one. As for logging in every time, how about, I dunno, keeping your account logged in?

    --
    Conservatism: (n.) love of the existing evils. Liberalism: (n.) desire to substitute new evils for the existing ones.
  13. Re:All that effort, so little protection by behrooz0az · · Score: 1

    Even if that's true there are a lot of exploits out there that can't deliver more than a few bytes of machine code.
    You can't exploit stuff with less than say 100 bytes of code if you don't even have the offsets for functions that you need to call. You can with less than 30 bytes if You do(eg, socket, fork, some io).
    It's not just a tick in the box.

    --
    Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion. -- Spazmania (174582)
  14. Re:FreeBSD by unixisc · · Score: 1

    I'd like to see it make it to PC-BSD. 11 maybe?

  15. Re:All that effort, so little protection by Bengie · · Score: 2

    If you can read the address space you can defeat ASLR

    Ohh, you mean segfault when you read unallocated memory? Even if you could, are you planning to read all 8,589,934,592GiB of the address space? with O(n) scaling, assuming a crazy low 1 clock cycle per address, it would take you about 35 years to scan the entire 2^63 user virtual address space at 4ghz.

    I am not saying ASLR is perfect, I'm just saying it's not nearly as simple as you make it out to be.

  16. Re:FreeBSD by Bengie · · Score: 1

    PC-BSD is just a thin wrapper of scripts, wizards, and some decent tools over FreeBSD. You can upgrade and downgrade to/from PC-BSD/FreeBSD.

  17. Re:FreeBSD by TheRaven64 · · Score: 1

    PC-BSD occasionally picks some patches to apply on top of a stock FreeBSD, but they try to keep it fairly small. I suspect that they're unlikely to pick up these for several reasons. First, there are still some random segfaults in applications caused by these patches that are not yet diagnosed. Second, the HardenedBSD team doesn't have a great track record for security, for example merging some insecure random number generator patches that were under review for FreeBSD and rejected over security issues and shipping them in production. Third, since the Blind ROP work from Stanford, ASLR is largely discredited as a security feature - it's a nice checkbox feature, but it doesn't really buy you much against a determined attacker. Fourth, the last iteration of the patches still had some very odd decisions about the interfaces for turning ASLR on and off (they also had a number of lock-order reversals, which are hopefully fixed in the latest version).

    --
    I am TheRaven on Soylent News
  18. Re:All that effort, so little protection by TheRaven64 · · Score: 1

    Read this paper if you want to know how easy it is.

    --
    I am TheRaven on Soylent News
  19. Re:FreeBSD by unixisc · · Score: 1

    From the documentation in the handbooks, I'm left w/ the impression that PC-BSD is what you get the moment you want X11 on top of FreeBSD. Or is there more to it than that?

  20. Re:??? nothing by Barsteward · · Score: 1

    mine stays logged in, no need to keep logging in. i think you don't want your opinions tracked. if you registered, logged in and posted (umlimited posts) we'd know if you are a troll or not.

    --
    "The hands that help are better far than lips that pray." - Robert Ingersoll (1833-1899)
  21. Re:FreeBSD by TheRaven64 · · Score: 1

    BROP doesn't work against a proper ASLR implementation

    Define 'proper'. Re-randomisation after every fork()? Good luck with that. PLTs at random offsets? Sure, if you're willing to pay the overhead of not being able to share any position-independent code between processes.

    --
    I am TheRaven on Soylent News