tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Adding a boot flag for No ASLR



On 23.07.2018 14:54, Siddharth Muralee wrote:
> 
>     (1) An implementation detail of userland shouldn't be leaked into the
>     kernel boot (!) process.
> 
> 
> Okay. I think this makes sense(I am still pretty new to NetBSD) - Can
> you suggest some other location/config that can be used.
> 

no-ASLR can be treated independently of the userland detail. I disable
it myself anyway using sysctl.conf(5) and I would switch to boot option.

For MKSANITIZER with the current PaX ASLR this is a mandatory option.

I think that leaking userland detail is overstatement.

Not sanitizing init(8) is not an option as it pulls in external
libraries that are sanitized -lutil and -lcrpyt.

> 
>     (2) There is no fundamental issue that makes the sanitizers incompatible
>     with ASLR. The only issue for asan and friends is the reservation of the
>     shadow buffer and that can and should be handled explicitly.
> 
>  
> We have implemented the ATF tests for ASan - The tests work only 50% or
> less when ASLR is on. To get perfect results I think ASLR needs to be off.
> I guess Kamil can provide more info on this.
> 

Shadow and metadata memory is just a part of the implementation detail.
We are required to keep the remaining data of the program in address
space in predictable ranges. With PaX ASLR the ranges are fluid and
impossible to get functional.

OpenBSD due to ASR is impossible to get functional with these
sanitizers, it's the same story with HardenedBSD and their ASLR.

As an alternative there would be an option to highly reduce the entropy
of ASLR, but its purpose would be gone.

ASan is more tolerant to PaX ASLR and it sometimes works by in basic
scenarios. TSan and MSan are fully incompatible with PaX ASLR.

In the current version sanitizers (ASan, TSan, MSan) bail out on
detected ASLR with a failure rather than dying on some internal
corruption and crash.

> -- 
> Regards, 
>   Siddharth M
>   Third Year B.Tech (CSE) Student,
>   Amrita School of Engineering, Kollam
> /  Blog <http://r3xnation.wordpress.com> /
> /---------------------------------------/
> /“Most people get ahead during the time that others waste.//"/


Attachment: signature.asc
Description: OpenPGP digital signature



Home | Main Index | Thread Index | Old Index