Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Upgraded For NetBSD-amd64 with Kernel ASLR Support (netbsd.org)

Posted by EditorDavid on from the address-space-layout-randomization dept.

24 years after its release, NetBSD is getting a security upgrade -- specifically, Address Space Layout Randomization (ASLR). An anonymous reader writes: Support for Kernel ASLR was added on NetBSD-amd64 a few weeks ago. KASLR basically randomizes the address of the kernel, and makes it harder to exploit several classes of vulnerabilities [including privilege escalations and remote code execution]. It is still a work-in-progress, but it's already fully functional, and can be used following the instructions on this post from the NetBSD blog. It will be available starting from NetBSD 9, but may be backported to NetBSD 8 once it is stabilized.
NetBSD says they're the first BSD system to support ASLR.

49 comments

  1. Last! by Anonymous Coward · · Score: -1

    Last!

    1. Re: Last! by Anonymous Coward · · Score: 0

      Gosh, the Linux kernel has had default ASLR since June 2005! Why is NetBSD so far behind?

    2. Re: Last! by DontBeAMoran · · Score: 1

      It's hard to follow others when you're in a constant state of dying.

      --
      #DeleteFacebook
    3. Re: Last! by darthsilun · · Score: 2

      The Linux kernel finally has KASLR enabled by default in the 4.12 kernel – in July 2017 [1]

      The Fine Summary is poorly written, making it sound like NetBSD is way behind the times. But the truth is it's only three months later than Linux. Not bad IMO when you consider how many people work on the NetBSD kernel versus how many work on the Linux kernel.

      [1] https://kernelnewbies.org/Linu...

    4. Re: Last! by Anonymous Coward · · Score: 0

      I've always found ASLR for kernels to be pointless - you only have to query a few software interrupt vectors to figure out where it's been moved to.

    5. Re: Last! by Zero__Kelvin · · Score: 2

      Sorry, but that's not how it works. Linus doesn't decide what gets enabled, the distribution developers do. Your statement is literally nonsensical.

      --
      Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
    6. Re: Last! by Anonymous Coward · · Score: 0

      Reading some of your other posts I'd say you have plenty of first hand experience with nonsensical statements. Takes one to know one I guess.

    7. Re: Last! by TheRaven64 · · Score: 1

      ASLR in userspace increases work factor, but attacks such as BROP and successors can bypass it. It can also suffer from various weakness - for example the StageFright vulnerability on Android was made worse by the fact that, on 32-bit systems, jemalloc allocated in large chunks (and didn't randomise within a chunk) and so you ended up with 8 bits of entropy, and the automatic restart meant that, on average, you could guess (and get root privilege arbitrary code execution) in 128 attempts.

      KASLR, in contrast, is entirely snake oil. Kernel interfaces were never designed to avoid leaking kernel addresses to unprivileged code, because kernel security doesn't rely on addresses being secret, it relies on kernel addresses being unusable from userspace. The kernel-userspace interfaces (system calls and ioctls) provide a large number of ways of finding kernel addresses from userspace. If your threat model is protecting the OS from a malicious device via DMA or a malicious hypervisor, then it's even weaker.

      --
      I am TheRaven on Soylent News
    8. Re: Last! by Anonymous Coward · · Score: 0

      True true, with advances in machine learning and AI - *ASLR is like a lock on the front door of your house; it only stops random teenagers.

  2. Porting NetBSD to Rust. by Anonymous Coward · · Score: -1

    I've been thinking about porting NetBSD or OpenBSD to the Rust programming language. I think NetBSD would be easier to port, but OpenBSD might be better from a security standpoint. Rust, of course, is pretty much the most safe and secure programming language ever developed. Rust and the BSDs were meant for eachother. Is anyone else interested in doing this? Would you be willing to contribute to such a project?

    1. Re:Porting NetBSD to Rust. by Anonymous Coward · · Score: 0

      No.

    2. Re: Porting NetBSD to Rust. by Anonymous Coward · · Score: 0

      Use a real language like C#.

    3. Re:Porting NetBSD to Rust. by Anonymous Coward · · Score: 1

      The scary thing is that some Rust advocates actually say stuff like this without any sense of irony, not as a troll.

      Sadly, similar to JavaScript, Rust has enough marching morons behind it to stick around for a long time to come.

    4. Re: Porting NetBSD to Rust. by Anonymous Coward · · Score: -1

      I'm not 'trolling'. I'm completely serious. Maybe you haven't used Rust yet but it's the next generation of programming. It offers unparalleled safety without sacrificing performance. That's the beauty of Rust's zero cost abstractions. Rust is what languages like C, C++, Java and C# should have been. It's still a young language but as more people learn about it we're seeing its usage skyrocket. Mozilla is already using Rust for parts of Firefox. I think we will see the same thing happen to most software projects. They will gradually use more and more Rust until all of the original C or C++ or Java or C# code is gone. If you're a programmer and you're not using Rust already, then you likely soon will be. Rust is taking the programming world by storm.

    5. Re: Porting NetBSD to Rust. by footNipple · · Score: 1

      I'm not 'trolling'. I'm completely serious. Maybe you haven't used Rust yet but it's the next generation of programming. It offers unparalleled safety without sacrificing performance. That's the beauty of Rust's zero cost abstractions. Rust is what languages like C, C++, Java and C# should have been. It's still a young language but as more people learn about it we're seeing its usage skyrocket. Mozilla is already using Rust for parts of Firefox. I think we will see the same thing happen to most software projects. They will gradually use more and more Rust until all of the original C or C++ or Java or C# code is gone. If you're a programmer and you're not using Rust already, then you likely soon will be. Rust is taking the programming world by storm.

      You will be glad to know that I've taken your words, pasted them into MS Word, prettied them up with a fancy font, printed them on a nice piece of paper, framed that paper and hanged it the wall of my office for the years to come. Thank you for this inspiration.

      Your Friend in Rust,
      FootNipple

    6. Re:Porting NetBSD to Rust. by Anonymous Coward · · Score: -1

      I've been thinking about porting trumpBSD or trumpBSD to the trump programming language. I think trumpBSD would be easier to port, but trumpBSD might be better from a security standpoint. Trump, of course, is pretty much the most safe and secure programming language ever developed. Trump and the TRUMPs were meant for eachother. Is anyone else interested in doing this? Would you be willing to contribute to such a project?

    7. Re: Porting NetBSD to Rust. by Anonymous Coward · · Score: 3, Insightful

      Rust is what languages like C, C++, Java and C# should have been.

      That statement may be debatable for some languages. But I've looked at Rust. It can't do what C can. Sorry. You can't write low level code (and I don't mean something as high level as the Linux kernel) in it. Go ahead, try writing a bootloader in Rust. Let me know how it turns out.

      The reality is that most good C programmers rarely have pointer fumbles. The fact of the matter is that lots of software we rely on (both open source and closed) are not written by even marginal programmers. There is this philosophy that if a good programmer writes the foundation the less skilled can follow along and product good software. It kinda works; to a point.

      But even if all pointer bugs magically go away to equate this with "more secure" software is insane. The security hole landscape is vast. Really vast: Timing attacks, hardware flaws, surprising backchannels, social engineering. Yes, ASLR is a good defense. But claiming that Rust is going to fix security or just pushing it in this marketing style hype-fest is a detriment to just how hard getting security right is.

    8. Re: Porting NetBSD to Rust. by Anonymous Coward · · Score: 3, Funny

      PHP is way more popular. Why not go the popularity route? It means there are more people proficient in the language!

    9. Re:Porting NetBSD to Rust. by jimbo · · Score: 4, Insightful

      No it's not scary. Every language, OS and many other projects when new have some people who are very enthusiastic and that's a good thing. It's understandable and normal in a growing thriving community.

      The Rust community at large usually says that if you have a large existing code base it is maybe not worth rewriting. However Rust integrates well into existing C projects and sometimes it's worth considering replacing problematic components in a larger project with Rust implementations, sometimes not. One example is Dropbox that's mostly a Go shop and will remain so, but they rewrote the bits that do bulk data transfers in Rust.

      Just get over the few super enthusiasts, be happy for them and if you are starting a new project make an informed decision, as opposed to one based on defensiveness or entrenching. Rust have many impressive features it's well worth considering.

    10. Re: Porting NetBSD to Rust. by DontBeAMoran · · Score: 2

      Make it PHP + Javascript to be absolutely sure it's 100% safe.

      --
      #DeleteFacebook
    11. Re:Porting NetBSD to Rust. by DontBeAMoran · · Score: 1

      Sadly, similar to JavaScript, Rust has enough marching morons behind it to stick around for a long time to come.

      So what's the alternative to Javascript for the Web? Java, Flash and Silverlight are not valid options.

      --
      #DeleteFacebook
    12. Re: Porting NetBSD to Rust. by Megol · · Score: 2

      One can absolutely write low level code in Rust. There are examples available. Most parts of Linux are high-ish level but many parts are low level - or if doing actual interfacing with hardware isn't low level I wonder what you consider low enough. Microcode? That would be a table for hardware to interpret.

    13. Re:Porting NetBSD to Rust. by Anonymous Coward · · Score: 0

      > So what's the alternative to Javascript for the Web? Java, Flash and Silverlight are not valid options.

      The alternative is: nothing. NO client-side code running in the browser. Didn't we learn anything from the ActiveX fiasco?

      You say we would lose all the functionality of web apps? The web would be reduced to static pages and forms again? Well, shucks, I'll just have to live with that.

      (Captcha: bogeymen)

    14. Re: Porting NetBSD to Rust. by Anonymous Coward · · Score: 0

      The hatred here toward Rust is absurd and without merit. Even when the Linux kernel and the GNU utilities have bee rewritten in Rust, along with Firefox and other early adopters, there will still be freaks here at /. wrongly claiming Rust can't be used for such things!

    15. Re:Porting NetBSD to Rust. by Anonymous Coward · · Score: 0

      Maybe you should rewrite systemd in Rust.

    16. Re:Porting NetBSD to Rust. by Anonymous Coward · · Score: 0

      Enthusiasm is well and good, unless it's chasing down a blind alley, diffusing resources, or otherwise inflicting more technical debt upon the world. For a private hobby project, fine, do whatever you want. But when network and OS code escapes into the wild, it affects everyone.

      From a language design point of view I find nothing about Rust particularly interesting, the syntax is absolutely horrid, the semantics are confused, and they seem to have the C++ attitude of constantly growing and changing the language in all directions rather than having a coherent, central design with a small number of orthogonal concepts. Their main success has been in marketing, by convincing people that the concept of memory safety was original to Rust. "C is memory unsafe, therefore you must rewrite in Rust!" Huh?

      If you want a well-maintained language that fills an interesting niche and has mass appeal, Go is a much better example of a language worth looking at.

    17. Re:Porting NetBSD to Rust. by Kjella · · Score: 1

      So what's the alternative to Javascript for the Web? Java, Flash and Silverlight are not valid options.

      The future seems to be WebAssembly. Essentially it'll make the web more desktop-like, write in the language you want and compile. You'll still need some Javascript to interact with the assembly, but much less.

      --
      Live today, because you never know what tomorrow brings
    18. Re: Porting NetBSD to Rust. by Anonymous Coward · · Score: 0

      Please post an article to /. when you've written your own operating system written in Rust. Until then, you're just a windbag.

  3. They're not the first by a long shot by Anonymous Coward · · Score: 0

    OpenBSD was there ages ago: https://en.wikipedia.org/wiki/Address_space_layout_randomization#OpenBSD

    1. Re:They're not the first by a long shot by Anonymous Coward · · Score: 3, Informative

      OpenBSD doesn't have KASLR. It recently got KARL, but that's different. OpenBSD has had ASLR support for userland (PIE and PIC binaries and libs).

    2. Re:They're not the first by a long shot by DontBeAMoran · · Score: 1

      PIC binaries? What about ATmega or at least ATtiny?

      --
      #DeleteFacebook
    3. Re:They're not the first by a long shot by Anonymous Coward · · Score: 0

      Much funi. He he he.

      XD

  4. systemd has had this for years by Anonymous Coward · · Score: 1, Funny

    it's one of the reasons Linux is being phased out. It will eventually be an app that runs inside the much more secure systemd framework.

  5. Safe at last! by fahrbot-bot · · Score: 1

    Now I can stop worrying about my toaster getting hacked - no, the bread kind, not these.

    --
    It must have been something you assimilated. . . .
    1. Re:Safe at last! by Anonymous Coward · · Score: 1

      FYI, here's something funny:

      https://www.walldevil.com/wallpapers/a75/battlestar-galactica-toaster-cylon-caprica.jpg

    2. Re:Safe at last! by Anonymous Coward · · Score: 0

      Missing this one ?

  6. If you don't include macOS/OS X by Anonymous Coward · · Score: 0

    ... which has had full system ASLR for five years (and library-level ASLR for ten), including in the Darwin source releases as far as I am aware.

    1. Re:If you don't include macOS/OS X by Anonymous Coward · · Score: -1

      Hi Mac fanboi.

      We don't give a crap about your dumbed down OS, go away.

    2. Re:If you don't include macOS/OS X by Anonymous Coward · · Score: 1

      I am a Mac user, yes; I've used Macs for about 19 years, including pre-OS X.

      I'm also a developer with over 24 years of linux experience, with a half decade of solaris in there too.

      I'm not a fanboi. But I am pointing out that macOS is a BSD derivative with KASLR (unless there is some subtlety in the implementation that NetBSD is claiming is unique, or that there is some limitation in the macOS implementation I don't know about; either or both seem possible.)

      Glad to see you can do HTML though; get you with your bolds and italics. When you're older they will let you write little programs.

    3. Re:If you don't include macOS/OS X by Anonymous Coward · · Score: 0

      The Mac OS kernel in no way is a BSD derivative. Even calling Mac OS a BSD derivative is a stretch...

    4. Re:If you don't include macOS/OS X by Anonymous Coward · · Score: 0

      Oh, yes it is. Mach started out as a drop-in replacement for the BSD kernel.

      XNU supports all BSD system calls, as well as Mach calls. It does everything a BSD kernel does and more. It isn't the same as other BSD kernels, but it is unequivocally a BSD descendant, as much so as any other BSD.

    5. Re:If you don't include macOS/OS X by Anonymous Coward · · Score: 0

      Look at the source code. It shares a lot of code from FreeBSD and NetBSD excluding the mach bits and iokit.

  7. Windows has had it for decades... by Anonymous Coward · · Score: 0

    Unfortunately it wasn't actually meant to do it.

  8. ASLR wastes time randomining it. by Anonymous Coward · · Score: 0

    With ASLR, the attacker can do "trial-and-error" of the exploit addresses at 65536 attempts until that it got the escalation of privileges.

    1. Re:ASLR wastes time randomining it. by Anonymous Coward · · Score: 0

      ... 65536 attempts which all crash the system, forcing a reboot... so only one attempt at the end of the day...

  9. I thought HardenedBSD was first? by rainer_d · · Score: 2

    https://hardenedbsd.org/conten...

    AFAIK, this ALSR-thingy was the reason it was originally forked-off.

    --
    Windows 2000 - from the guys who brought us edlin
    1. Re:I thought HardenedBSD was first? by Anonymous Coward · · Score: 2, Informative

      HardenedBSD's is trying to copy grsec, but they're not really at the same level as grsec devs and are doing it badly. FreeBSD devs have repeatedly refused to merge any "improvements" done by HardenedBSD for a reason.

    2. Re:I thought HardenedBSD was first? by rainer_d · · Score: 1

      I know. Well, I knew there was some sort of dispute - or why else the whole forking business?

      --
      Windows 2000 - from the guys who brought us edlin
  10. Ob. Homer Simpson by TeknoHog · · Score: 3, Funny

    Mmmm... KASLR...

    --
    Escher was the first MC and Giger invented the HR department.