1. 5

    I want to take my puppy, Vader, to Patapsco State Park and spend the whole day there, hacking on HardenedBSD in the wilderness while Lord Vader sleeps next to me.

      1. 1

        I remember a discussion you and I had here about the concept of data being nothing more than code of a different nature. For some reason, I’m unable to find that discussion. Do you remember which thread that was?

        1. 2

          It came up in this one. Wait, that one was data integrity vs CFI. Prolly not it.

          Edit: Couldn’t find it with a variety of terms. Ability to limit search to specific users’ comments and stories would go so far here and in other situations.

          1. 2

            Almost. Thanks for looking! I’m glad that it’s harder to find than I myself had anticipated. I’m not legally insane… yet. ;-P

            1. 1

              The search engine is just really bad. Helped me enough that Im still grateful to whoever put the time into it. Just really limited.

              Also, if you add a name, it looks for mentions with @, not authorship. Just adding that in case it saves you time.

      1. 1

        Really good timing for this article. Thank you so much! I plan to start work on setting up centralized auth for all of HardenedBSD’s infrastructure within the next week or two.

        1. 17

          I haven’t slept in three days. I’m hoping to sleep. A lot.

          1. 2

            Best of luck getting your sleep! You deserve it :)

            1. 2

              Turns out, my brain decided to forget we’re getting new windows installed at home first thing Saturday morning.

              I’m reminded of a phrase by a good friend of mine who passed away around 15-ish years ago: “sleep is for the dead.”

              1. 1

                Jeez. Do you have insomnia or did you have some kind of emergency… that lasted for 72 hours?

                1. 3

                  For a period of two to three weeks every six months, I get huge bouts of insomnia. Worst I’ve had is six days without solid sleep. At around the 90 hour mark, I start micro-sleeping throughout the day/night: periods of 2-5 minutes where I space out.

                  1. 2

                    I used to have insomnia issues due to anxiety, although not nearly that bad (1 or 2 days at a time). I finally got it under control when I started going to the gym a few days a week and going to yoga once a week (the less intense ones that emphasize breathing, Hatha or Anusara). Might not work for everyone.

              1. 5

                Things I’d like to accomplish this week:

                1. Perform maintenance of the following servers: amd64 package build server; binary update build server.
                2. Attempt to determine why our ThunderX2 is not booting HardenedBSD 13-CURRENT/arm64.
                3. Surprise my wife with a few strategically-placed love notes.
                4. Build out more infrastructure for the BSD security working group the HardenedBSD Foundation is spearheading. Get a gitea server online.
                5. My wife and I started taking a free course offered through our congregation on becoming self-reliant through personal and familial financial planning and preparation. We started week two on Sunday and I’m hoping to work through some of the material.
                6. Deploy more HardenedBSD VMs at NIST.
                7. More that I’m forgetting due to a migraine I’m currently experiencing.

                Putting on the “HardenedBSD Cofounder” hat due to mixing official HardenedBSD stuff with personal stuff in the list above.

                edit[0]: grammar

                1. 7

                  Surprise my wife with a few strategically-placed love notes.

                  That’s what I’m talking about! One guy I knew had the love notes hanging off strings where they would bump into her face at key moments of her leaving the bedroom to start her morning routine. Hallway, kitchen, living room… randomly. She’d be like “Wtf!?,” grab the thing, focus to read it, and it make her day. Became a routine part of their lives, but a good routine.

                1. 3

                  So, ASLR on OpenBSD isn’t really ASLR?

                  1. 1

                    If you like internet fights: correct, it’s not

                    1. 3

                      I didn’t ask to cause a fight. I asked because I want to know. Is there a technical reason or is it just because it doesn’t follow the PaX model? Is that reason enough? Is it because it doesn’t use the same deltas or because it uses none? Is it just a naming issue? The difference between ASR and ASLR have been briefly explained to me before in another comment here. However, that was in reference to FreeBSD’s rather recent implementation. There’s also this: https://hardenedbsd.org/content/easy-feature-comparison which is from the author but that means he’s not being consistent. Is there a reason for that? Maybe just an oversight? New information? I’m very curious about this. I have a very basic understanding of these things and maybe I’m just overlooking something that I should have picked up on. Here’s the other comment: https://lobste.rs/s/curktg/implement_address_space_layout#c_aok28i

                      1. 3

                        PaX introduced ASLR, and in that sense it had a specific meaning. It has since then been used to refer generically to various sorts of allocation address randomization. In a claim about ASLR the specific implementation is unclear, absent additional context.

                        About two decades ago PaX ASR had performance and fragmentation concerns (on i386 Linux) which were addressed by PaX ASLR. However, those concerns are not necessarily applicable to other operating systems on contemporary 64-bit processors in today’s context.

                        1. 1

                          Yep. This all makes sense. The explanation about the difference between ASR and ASLR makes sense too. Though I’d never seen the term ASR mentioned before or by anyone else. However, it does seem as though OpenBSD uses some of those deltas or maybe ones that aren’t in line with the PaX model. Looking here: http://inertiawar.com/openbsd/hawkes_openbsd.pdf which is old and specific to OpenBSD 3.9 (i386) but still seems to imply that there’s the randomized stack top + randomized stack gap.

                        2. 2

                          I need to update the feature comparison page such that the mouse hover text mentions ASR rather than ASLR for OpenBSD. Thanks for the reminder!

                          1. 3

                            I reckon OpenBSD should update their innovations page as it specifically mentions ASLR also.

                            https://www.openbsd.org/innovations.html

                    1. 5

                      After starting the weekend presenting at vBSDcon earlier today, I’ll be working on building the infrastructure for the new collaborative call for participation mentioned in the slides.

                      1. 2

                        Full disclosure: I haven’t recursively crawled the site, grepping it for the word “universal”.

                        After a few minutes (around ten) of looking around the site, I can’t find anywhere on the site where Debian officially quantifies or defines the word “universal”.

                        If it’s CPU architecture support, I don’t think any Linux distro comes close to NetBSD. Granted, I kinda stopped paying attention to Linux over a decade ago.

                        1. 1

                          Anyone else getting an SSL/TLS error? https://imgur.com/a/nVxZqVM

                          1. 4

                            I’ll be backporting FreeBSD’s ASR work into HardenedBSD 12-STABLE such that HardenedBSD’s ASLR implementation is preferred over FreeBSD’s ASR.

                            1. 4

                              Kill it with fire.

                              1. 3

                                Might help to say why.

                                1. 9

                                  Wait, so you’re gonna make me explain myself? How dare you! ;-P

                                  Just kidding.

                                  Now that llvm is becoming more and more mature, I’d love for the entirety of the OS to be self-hosted with llvm across all supported architectures. FreeBSD has a mechanism for an “external compiler toolchain”–meaning, a compiler toolchain installed via ports/pkg (or otherwise).

                                  FreeBSD will need to continue with the notion of an external toolchain at least until llvm gains support for those architectures where an external toolchain is already required. Regardless of llvm’s architectural support (or lack thereof), having a notion of an external toolchain allows toolchain developers to experiment on the OS from a compiler perspective from outside the actual OS source code tree–especially important for OSes like the BSDs that keep a notion of a basic userland tightly coupled with the kernel.

                                  This is all background info to say: there is really no need for gcc in base, especially given the existing capability to rely on an external toolchain when needed. Therefore: kill gcc with fire.

                                  1. 8

                                    Basically GCC is fine, GCC 4.2.1 that’s been obsolete for a decade isn’t.

                                    1. 6

                                      GCC 4.2.1 is the last gcc under GPLv2, all newer versions are GPLv3. That’s why most BSD’s stayed on 4.2.1 until clang/llvm became the compiler of choice.

                                      1. 2

                                        I should’ve prefaced my response to say that my beliefs don’t necessarily reflect those of the FreeBSD project’s. From someone on the outside who has been paying attention, it just seems natural to retire gcc 4.2.1 in base in favor of the external toolchain capability.

                                        1. 1

                                          No worries, just adding a bit of clarification.

                                      2. 0

                                        So, anyone want to speculate how GPL lost the mindshare war here?

                                        If GCC were good, people would use it. And GPL would have a foothold.

                                        Clang being BSD = major blow to GPL.

                                        1. 8

                                          BSD people like to use software with BSD licenses?

                                          1. 4

                                            GCC was good. People did use it. And then Apple poured incredible resources into Clang so they could exert more control over their platform, resulting in Clang becoming a viable alternative to GCC.

                                            1. 3

                                              I agree, and GCC was also the compiler who has basically killed an industry of crappy proprietary vendor C compilers by supporting C reasonably well and generating code for all kinds of platforms.

                                              That said, the competition from Clang was a very good thing for GCC as well. So in the end, everybody is better off: both GCC for improving due to pressure from Clang and the BSDs for finally having a compiler with a license they like.

                                    1. 1

                                      I notice this is tagged with +linux, but this is just a reminder that XFCE runs on more than Linux, like the BSDs. :)

                                      1. 1

                                        If someone can upload the whitepaper somewhere not behind a spamwall, that’d be very much appreciated.

                                        1. 2

                                          I’m working on a script to automate the deployment of extremely customized virtualized builds of HardenedBSD, where the build is built on-demand, on a NIST project. Each time the newly-built VM boots up, it resets itself to a known sane state.

                                          1. 3

                                            I posted this mainly because I came across it just today in research of another class of bugs and found this one not only to be relevant to my research but also found it interesting in terms of demonstrations on an attacker’s mindset during exploit development.

                                            1. 2

                                              In more detail, the Linux and PaX (FreeBSD, HardenedGentoo and others use the PaX ASLR approximation) ASLR designs rely on the same core ideas, in that they define four partial-VM areas: (1) stack, (2) libraries/mmaps, (3) executable and (4) heap.

                                              FreeBSD’s implementation:

                                              1. Is disabled by default.
                                              2. Is ASR, not ASLR (ASR does not use deltas, whereas ASLR does).
                                              3. Is incomplete, and therefore cannot be relied upon in academia.
                                              4. Building applications as PIEs in FreeBSD is disabled by default.
                                              5. They incorrectly list FreeBSD in the PaX list–it’s HardenedBSD (a derivative of FreeBSD that aims to provide the BSD community with a clean-room reimplementation of the publicly-documented bits of the PaX/grsecurity patchset) that uses the PaX model. As mentioned previously, FreeBSD is working on their own ASR implementation.
                                              1. 2

                                                I noticed this mistake as well but I knew you or someone else here would be able to clear up any confusion around that. I’m curious to know your thoughts on the rest of the paper once you have time to read it.

                                                1. 2

                                                  I’ve added it to my “thorough reading” list. Problem is, that list is growing exponentially and hopelessly. I think I have enough in my list to last me a few years now. ;)

                                                1. 4

                                                  Schneier et al already did. They argue there’s many ways for them to get what they need without systematic weakening of everything we have a la BULLRUN. We just need to keep passing that along and/or simplify it into blog posts that highlight the easy options that most people would agree addresses needs of law enforcement and the courts.

                                                  Easiest being using specific, targeted warrants for metadata or data that a third party executes, delivering just the needed information. The LEO’s and spy agencies don’t get the full access since they’re untrustworthy. The courts can put person in contempt or something for not giving the key to the third party. It’s not perfect but it’s a start. Maybe laws passed ensuring they protect and handle the info correctly.

                                                1. 4

                                                  My initial fix for HardenedBSD actually introduced a couple new bugs. I blame the violent food poisoning for my lack of attention to detail. ;)

                                                  But, seriously, had I felt better, I would’ve used asprintf to begin with in my fix of the vulnerable code. :)

                                                  Lesson learned: do not commit code immediately after choking on own vomit.

                                                  1. 2

                                                    I’m hoping to see if HardenedBSD works on sparc64, thanks to a donation of a sparc64 server from Baltimore’s hackerspace, Unallocated Space. I’m also hoping to completely finish up a project at work I’ve been hacking on for the past two months.

                                                    1. 2

                                                      I really like the author’s explanations, providing the reader clues into the author’s frame of mind. The reader learns what goes into exploiting this type of vulnerability step-by-step, not just from a mechanic’s perspective, but from a mindset perspective, too.