ASLR and PIE disabled by default
Nelson H. F. Beebe
beebe at math.utah.edu
Mon Apr 3 17:00:07 PDT 2017
List members have been discussing security mechanisms for DragonFlyBSD
today.
I recently watched OpenBSD architect Theo de Raadt's presentation
Pledge:a new security technology in OpenBSD
https://www.youtube.com/watch?v=F_7S1eqKsFk
He argues that most security wrappers for software from other O/Ses
are too complex, as evidenced by their low rate of adoption.
He then goes on to describe the pledge() call that allows software to
declare their needed security features, after which the kernel ensures
that they are not violated.
I was sufficiently intrigued to try it on one of my own software
packages, and here is all that it took to get it implemented:
In configure.in, add
AC_CHECK_HEADERS(sys/pledge.h)
In the main() program, near the top, add
#if defined(HAVE_SYS_PLEDGE_H)
if (pledge("cpath rpath stdio tty wpath", NULL) != 0)
{
perror("pledge system call failed: perror says");
exit(EXIT_FAILURE);
}
#endif
For more on pledge(), see its manual pages at
http://man.openbsd.org/pledge
Starting with a guess of "stdio" for the needed security classes, it
took me about 20 minutes to figure out what other classes my program
needed.
Matt Dillon is correct that having to add security declarations in
software is onerous, and a possible source of error, and having
external global mechanisms, such as in the kernel or the shell, or
stack W^X (write-or-execute, but not both) protection, are more
secure.
Because we see increasing attacks against software, it seems to me
that we realistically have to use both approaches, and given how
little code that pledge() takes, I am prepared to use it in new
releases of my own code.
Unfortunately, for those scripting languages such as perl, python, and
ruby, that make pretty much any Unix system call available, the
pledge() approach cannot just be put into the language interpreter: it
has to be put into the scripts themselves.
-------------------------------------------------------------------------------
- Nelson H. F. Beebe Tel: +1 801 581 5254 -
- University of Utah FAX: +1 801 581 4148 -
- Department of Mathematics, 110 LCB Internet e-mail: beebe at math.utah.edu -
- 155 S 1400 E RM 233 beebe at acm.org beebe at computer.org -
- Salt Lake City, UT 84112-0090, USA URL: http://www.math.utah.edu/~beebe/ -
-------------------------------------------------------------------------------
More information about the Users
mailing list