ASLR and PIE disabled by default

Nelson H. F. Beebe beebe at math.utah.edu
Mon Apr 3 17:00:07 PDT 2017


List members have been discussing security mechanisms for DragonFlyBSD
today.

I recently watched OpenBSD architect Theo de Raadt's presentation

	Pledge:a new security technology in OpenBSD
	https://www.youtube.com/watch?v=F_7S1eqKsFk

He argues that most security wrappers for software from other O/Ses
are too complex, as evidenced by their low rate of adoption.

He then goes on to describe the pledge() call that allows software to
declare their needed security features, after which the kernel ensures
that they are not violated.

I was sufficiently intrigued to try it on one of my own software
packages, and here is all that it took to get it implemented:

In configure.in, add

	AC_CHECK_HEADERS(sys/pledge.h)

In the main() program, near the top, add

	#if defined(HAVE_SYS_PLEDGE_H)
	    if (pledge("cpath rpath stdio tty wpath", NULL) != 0)
	    {
		perror("pledge system call failed: perror says");
		exit(EXIT_FAILURE);
	    }
	#endif

For more on pledge(), see its manual pages at

	http://man.openbsd.org/pledge

Starting with a guess of "stdio" for the needed security classes, it
took me about 20 minutes to figure out what other classes my program
needed.

Matt Dillon is correct that having to add security declarations in
software is onerous, and a possible source of error, and having
external global mechanisms, such as in the kernel or the shell, or
stack W^X (write-or-execute, but not both) protection, are more
secure.

Because we see increasing attacks against software, it seems to me
that we realistically have to use both approaches, and given how
little code that pledge() takes, I am prepared to use it in new
releases of my own code.

Unfortunately, for those scripting languages such as perl, python, and
ruby, that make pretty much any Unix system call available, the
pledge() approach cannot just be put into the language interpreter: it
has to be put into the scripts themselves.

-------------------------------------------------------------------------------
- Nelson H. F. Beebe                    Tel: +1 801 581 5254                  -
- University of Utah                    FAX: +1 801 581 4148                  -
- Department of Mathematics, 110 LCB    Internet e-mail: beebe at math.utah.edu  -
- 155 S 1400 E RM 233                       beebe at acm.org  beebe at computer.org -
- Salt Lake City, UT 84112-0090, USA    URL: http://www.math.utah.edu/~beebe/ -
-------------------------------------------------------------------------------


More information about the Users mailing list