On 23.07.2018 14:54, Siddharth Muralee wrote: > > (1) An implementation detail of userland shouldn't be leaked into the > kernel boot (!) process. > > > Okay. I think this makes sense(I am still pretty new to NetBSD) - Can > you suggest some other location/config that can be used. > no-ASLR can be treated independently of the userland detail. I disable it myself anyway using sysctl.conf(5) and I would switch to boot option. For MKSANITIZER with the current PaX ASLR this is a mandatory option. I think that leaking userland detail is overstatement. Not sanitizing init(8) is not an option as it pulls in external libraries that are sanitized -lutil and -lcrpyt. > > (2) There is no fundamental issue that makes the sanitizers incompatible > with ASLR. The only issue for asan and friends is the reservation of the > shadow buffer and that can and should be handled explicitly. > > > We have implemented the ATF tests for ASan - The tests work only 50% or > less when ASLR is on. To get perfect results I think ASLR needs to be off. > I guess Kamil can provide more info on this. > Shadow and metadata memory is just a part of the implementation detail. We are required to keep the remaining data of the program in address space in predictable ranges. With PaX ASLR the ranges are fluid and impossible to get functional. OpenBSD due to ASR is impossible to get functional with these sanitizers, it's the same story with HardenedBSD and their ASLR. As an alternative there would be an option to highly reduce the entropy of ASLR, but its purpose would be gone. ASan is more tolerant to PaX ASLR and it sometimes works by in basic scenarios. TSan and MSan are fully incompatible with PaX ASLR. In the current version sanitizers (ASan, TSan, MSan) bail out on detected ASLR with a failure rather than dying on some internal corruption and crash. > -- > Regards, > Siddharth M > Third Year B.Tech (CSE) Student, > Amrita School of Engineering, Kollam > / Blog <http://r3xnation.wordpress.com> / > /---------------------------------------/ > /“Most people get ahead during the time that others waste.//"/
Attachment:
signature.asc
Description: OpenPGP digital signature