On Fri, 4 Feb 2022 at 20:24, Mark Millard wrote:
>
> EXAMPLES
> The following is an example of a typical usage of the elfctl command:
>
>elfctl file
> elfctl -e +aslr file
Fixed in dbc7364b1840ef3f36994952d085add5d161775d
EXAMPLES
The following is an example of a typical usage of the elfctl command:
elfctl file
elfctl -e +aslr file
vs.:
# elfctl -l
Known features are:
noaslr Disable ASLR
noprotmax Disable implicit PROT_MAX
nostackgap Disable stack gap
wxneeded
On Fri, Dec 10, 2021 at 06:35:47PM +0100, Marcin Wojtas wrote:
> Hi Daniel
>
>
> pt., 10 gru 2021 o 10:16 Daniel O'Connor napisał(a):
> >
> >
> >
> > > On 17 Nov 2021, at 09:00, Marcin Wojtas wrote:
> > > As of b014e0f15bc7 the ASLR (Addr
Hi Daniel
pt., 10 gru 2021 o 10:16 Daniel O'Connor napisał(a):
>
>
>
> > On 17 Nov 2021, at 09:00, Marcin Wojtas wrote:
> > As of b014e0f15bc7 the ASLR (Address Space Layout
> > Randomization) feature becomes enabled for the all 64-bit
> > binaries by def
> On 17 Nov 2021, at 09:00, Marcin Wojtas wrote:
> As of b014e0f15bc7 the ASLR (Address Space Layout
> Randomization) feature becomes enabled for the all 64-bit
> binaries by default.
Firstly, thank your for your efforts here, it is appreciated :)
I am finding that the lang/
.
>
> Hopefully fixed by 036af1053acd6cae68c5fb6bed30508f2e40be13.
The mkimg failures are indeed fixed by the above commit - it was just
a latent bug in mkimg.
I've opened PR 259968 as a tracking bug for outstanding issues found
as a result of enabling ASLR by default, and submitted a PR for each
of the three outstanding issues.
On Thu, 18 Nov 2021 at 13:09, Li-Wen Hsu wrote:
>
> The mkimg ones are a bit tricky, it seems the output is changed in
> each run. We may need a way to generate reproducible results..
Hopefully fixed by 036af1053acd6cae68c5fb6bed30508f2e40be13.
> On 18 Nov 2021, at 11:43, Marcin Wojtas wrote:
> czw., 18 lis 2021 o 19:07 Li-Wen Hsu napisał(a):
>>
>>> On Wed, Nov 17, 2021 at 6:30 AM Marcin Wojtas wrote:
>>>
>>> As of b014e0f15bc7 the ASLR (Address Space Layout
>>> Randomiza
Hi,
czw., 18 lis 2021 o 19:07 Li-Wen Hsu napisał(a):
>
> On Wed, Nov 17, 2021 at 6:30 AM Marcin Wojtas wrote:
> >
> > As of b014e0f15bc7 the ASLR (Address Space Layout
> > Randomization) feature becomes enabled for the all 64-bit
> > binaries by default
On Wed, Nov 17, 2021 at 6:30 AM Marcin Wojtas wrote:
>
> As of b014e0f15bc7 the ASLR (Address Space Layout
> Randomization) feature becomes enabled for the all 64-bit
> binaries by default.
>
> Address Space Layout Randomization (ASLR) is an exploit mitigation
> techniq
As of b014e0f15bc7 the ASLR (Address Space Layout
Randomization) feature becomes enabled for the all 64-bit
binaries by default.
Address Space Layout Randomization (ASLR) is an exploit mitigation
technique implemented in the majority of modern operating systems.
It involves randomly positioning
not see in my
> > testing due to the mismatch between stock FreeBSD and my testing
> > environment.
>
> The issue persists still at r350713 on HP Probook after clean rebuild.
>
> root@# uname -a
> FreeBSD vzakharov 13.0-CURRENT FreeBSD 13.0-CURRENT r350713 GENERIC-NODEBU
> > >
> Try r350608. There was a mis-merge in the committed patch (more serious
> part), and some limits were not applied, which I did not see in my
> testing due to the mismatch between stock FreeBSD and my testing
> environment.
The issue persists still at r350713 on HP Pro
gt; >
> > Try r350608. There was a mis-merge in the committed patch (more serious
> > part), and some limits were not applied, which I did not see in my
> > testing due to the mismatch between stock FreeBSD and my testing
> > environment.
>
> I'm now at r3
rious
> part), and some limits were not applied, which I did not see in my
> testing due to the mismatch between stock FreeBSD and my testing
> environment.
I'm now at r350609, and booting with ASLR enabled works in VBox.
I'll try the Citrix Hypervisor VM t
gt; > r350566 to r350584 (and was quite uneventful).
> >
> > In each case, a "real machine" was used (laptop & a build machine).
>
> After more trial and error, r350484 is the culprit for Citrix
> Hypervisor 8.
>
> I have these lines in /boot/loader.conf:
culprit for Citrix
Hypervisor 8.
I have these lines in /boot/loader.conf:
kern.elf32.aslr.enable="1"
kern.elf32.aslr.pie_enable="1"
kern.elf64.aslr.enable="1"
kern.elf64.aslr.pie_enable="1"
r350483 works like a charm, and so does r35048
Hello,
> For better or worse the term ASLR is today in common use to refer to a
> number of different approaches. Using what has become a generic term
> allows the implementation to change in the future, without changing
> the interface (e.g. sysctls, userland tools, etc.).
If I
On 18 January 2017 at 17:56, Piotr Kubaj wrote:
> It should also be stated properly that this patch doesn't implement ASLR, but
> ASR.
For better or worse the term ASLR is today in common use to refer to a
number of different approaches. Using what has become a generic term
It should also be stated properly that this patch doesn't implement ASLR, but
ASR.
signature.asc
Description: PGP signature
On Wed, Jan 18, 2017 at 9:53 AM, Johannes Lundberg wrote:
> Hi
>
> What is the status of ASLR?
>
> https://reviews.freebsd.org/D5603
>
> The thread has been silent for a couple of months. I'm happy to test if
> needed.
Hi Johannes,
I think we were waiting on some re
Hi
What is the status of ASLR?
https://reviews.freebsd.org/D5603
The thread has been silent for a couple of months. I'm happy to test if
needed.
I'm also interested in KASLR. Is that also on the roadmap? If someone
involved could share some info I
Hey All,
I just updated the ASLR patch to FreeBSD (link below). If anyone is interested
in testing the patch out, please give it a whirl. It has been a while since we
last did a call for testing, so there's a lot of changes (too many to really
list). We've vastly improved perfo
Hey All,
It has been a long time since we sent out a call for testing request for our
ASLR patch. We've been hard at work making our ASLR implementation as robust
as possible. We'd like to invite all adventurous souls to test our ASLR
implementation. Put it through the ringer.
Since
Hey All,
I've submitted a new revision of our ASLR patch to Phabric. It can be
applied to 11-CURRENT. The main changes include removal of the MAP_32BIT
hack for amd64, a couple bug fixes, and stylistic changes requested by a
few people. I'm looking for commentary and volunteers for te
freebsd-security@, and
> > > freebsd-stable@. Please forgive me if crossposting is frowned upon.]
> > >
> > > Address Space Layout Randomization, or ASLR for short, is an exploit
> > > mitigation technology. It helps secure applications against low-level
> &
On 5/26/14, 5:18 AM, David Chisnall wrote:
On 25 May 2014, at 21:31, Oliver Pinter wrote:
On 5/25/14, Dag-Erling Smørgrav wrote:
Oliver Pinter writes:
pax_log will be in future a generic pax related logging framework,
with ratelimiting and other features. It will log user, IP, binary
name
On 25 May 2014, at 21:31, Oliver Pinter wrote:
> On 5/25/14, Dag-Erling Smørgrav wrote:
>> Oliver Pinter writes:
>>> pax_log will be in future a generic pax related logging framework,
>>> with ratelimiting and other features. It will log user, IP, binary
>>> name, path, checksum, and others.
>
On 5/25/14, Dag-Erling Smørgrav wrote:
> Oliver Pinter writes:
>> pax_log will be in future a generic pax related logging framework,
>> with ratelimiting and other features. It will log user, IP, binary
>> name, path, checksum, and others.
>
> What are you using this for? Are you sure you can't
Oliver Pinter writes:
> pax_log will be in future a generic pax related logging framework,
> with ratelimiting and other features. It will log user, IP, binary
> name, path, checksum, and others.
What are you using this for? Are you sure you can't use ktrace? It's a
lot more flexible and power
error: linker command failed with exit code 1 (use -v to see invocation)
> *** [bugpoint] Error code 1
I assume you only get this with your ASLR patches applied? Maybe this is
because the clang binary itself gets built statically (and so will definitely
not be PIE), but the rest of the
On 5/25/14, Dag-Erling Smørgrav wrote:
> Oliver Pinter writes:
>> PAX LOG: implement new logging subsystem
>> PAX LOG: fix pax_ulog_segvguard
>> PAX LOG: added sysctl's and tunables
>> PAX ASLR: use PAX LOG
>> PAX LOG: fix p
Oliver Pinter writes:
> PAX LOG: implement new logging subsystem
> PAX LOG: fix pax_ulog_segvguard
> PAX LOG: added sysctl's and tunables
> PAX ASLR: use PAX LOG
> PAX LOG: fix pax_ulog_##name()
> PAX LOG: fix prison init
> P
Oliver Pinter writes:
> Two idea here:
> a) create a tunable security.pax.expert_mode, and create sysctls at
> boot time depending from expert mode
> b) just add CTLFLAG_SKIP and hide the sysctl from normal user
The cost of an unused sysctl is about a hundred bytes of kernel memory.
What is the c
t; > freebsd-stable@. Please forgive me if crossposting is frowned upon.]
>> >
>> > Address Space Layout Randomization, or ASLR for short, is an exploit
>> > mitigation technology. It helps secure applications against low-level
>> > exploits. A popular secure implement
attributes as well.
>
> 2) It is yet undetermined what the performance effect will be.
Very early on, Oliver ran unixbench against the ASLR implementation.
There was some anomalous behaviors. Our implementation has drastically
changed since then and we ought to run unixbench again against t
(Dropped the cross-posting, which *is* frowned upon)
While I do very much appreciate this work being done, and I agree we should
have it in the tree, I would really prefer it opt-in rather opt-out, at least
initially.
I know this may very well be the subject of a bikeshed of historical
proport
rossposting is frowned upon.]
> >
> > Address Space Layout Randomization, or ASLR for short, is an exploit
> > mitigation technology. It helps secure applications against low-level
> > exploits. A popular secure implementation is known as PaX ASLR, which is
> > a third-party
On 5/14/14, Shawn Webb wrote:
> Hey All,
>
> [NOTE: crossposting between freebsd-current@, freebsd-security@, and
> freebsd-stable@. Please forgive me if crossposting is frowned upon.]
>
> Address Space Layout Randomization, or ASLR for short, is an exploit
> mitigation
On Wed, May 14, 2014 at 09:58:52AM -0400, Shawn Webb wrote:
> Hey All,
>
> [NOTE: crossposting between freebsd-current@, freebsd-security@, and
> freebsd-stable@. Please forgive me if crossposting is frowned upon.]
>
> Address Space Layout Randomization, or ASLR for sh
On Wed, 2014-05-14 at 09:58 -0400, Shawn Webb wrote:
> Hey All,
>
> [NOTE: crossposting between freebsd-current@, freebsd-security@, and
> freebsd-stable@. Please forgive me if crossposting is frowned upon.]
>
> Address Space Layout Randomization, or ASLR for short, is an ex
On 14 May 2014 10:09, Shawn Webb wrote:
> It runs on all architectures FreeBSD supports. The question is how well
> it runs. The wider the testing, the better the code, of course. We're
> actively testing on amd64 and i386 with limited testing on sparc64 and
> ARM. I've been running with this patc
; > Hey All,
> >
> > [NOTE: crossposting between freebsd-current@, freebsd-security@, and
> > freebsd-stable@. Please forgive me if crossposting is frowned upon.]
> >
> > Address Space Layout Randomization, or ASLR for short, is an exploit
> > mitigation technology
Hi!
Cool! Does it run on MIPS? :P
-a
On 14 May 2014 06:58, Shawn Webb wrote:
> Hey All,
>
> [NOTE: crossposting between freebsd-current@, freebsd-security@, and
> freebsd-stable@. Please forgive me if crossposting is frowned upon.]
>
> Address Space Layout Randomization,
Hey All,
[NOTE: crossposting between freebsd-current@, freebsd-security@, and
freebsd-stable@. Please forgive me if crossposting is frowned upon.]
Address Space Layout Randomization, or ASLR for short, is an exploit
mitigation technology. It helps secure applications against low-level
exploits
Updated aslr + segvguard SNAPSHOT patches, see the attachments.
freebsd-stable-10-r265039-aslr-segvguard-SNAPSHOT.diff : against
stable/10 @r265039
freebsd-current-r265046-aslr-segvguard-SNAPSHOT.diff : against current @r265046
To apply the patch, use this command:
patch -p1 < freebsd-sta
t; >> >>> > a call for testing. If not, please excuse my newbishness in this
> >> >>> > process. This is my first time submitting a major patch upstream to
> >> >>> > FreeBSD.
> >> >>> >
> >> >>> >
t;>> > process. This is my first time submitting a major patch upstream to
>> >>> > FreeBSD.
>> >>> >
>> >>> > Over the past few months, I've had the opportunity and pleasure to
>> >>> > enhance existing patches to
gt; > FreeBSD.
> >>> >
> >>> > Over the past few months, I've had the opportunity and pleasure to
> >>> > enhance existing patches to FreeBSD that implement a common exploit
> >>> > mitigation technology called Address Spac
tunity and pleasure to
>>> > enhance existing patches to FreeBSD that implement a common exploit
>>> > mitigation technology called Address Space Layout Randomization (ASLR)
>>> > along with support for Position Independent Executables (PIE).
>>> > ASL
please excuse my newbishness in this
>> > process. This is my first time submitting a major patch upstream to
>> > FreeBSD.
>> >
>> > Over the past few months, I've had the opportunity and pleasure to
>> > enhance existing patches to FreeBSD that i
On 3/31/14, 8:24 AM, Shawn Webb wrote:
On Mar 31, 2014 02:07 AM +0200, Oliver Pinter wrote:
On 3/22/14, Shawn Webb wrote:
Hey All,
First off, I hope that even as a non-committer, it's okay that I post
a call for testing. If not, please excuse my newbishness in this
process. This is my first t
ss. This is my first time submitting a major patch upstream to
> > FreeBSD.
> >
> > Over the past few months, I've had the opportunity and pleasure to
> > enhance existing patches to FreeBSD that implement a common exploit
> > mitigation technology called Addr
ver the past few months, I've had the opportunity and pleasure to
> enhance existing patches to FreeBSD that implement a common exploit
> mitigation technology called Address Space Layout Randomization (ASLR)
> along with support for Position Independent Executables (PIE).
> ASLR
to
enhance existing patches to FreeBSD that implement a common exploit
mitigation technology called Address Space Layout Randomization (ASLR)
along with support for Position Independent Executables (PIE).
ASLR+PIE has been a long-requested feature by many people I've met on
IRC.
I've subm
55 matches
Mail list logo