Page 1 of 3 123 LastLast
Results 1 to 10 of 22

Thread: FreeBSD does not have ASLR

  1. #1
    Join Date
    Oct 2013
    Posts
    8

    Default FreeBSD does not have ASLR

    I was doing an analysis for my company who is looking to select a new operating system for their recently created server farm. I was analyzing FreeBSD when I found something alarming about it.

    I ran a program that I made called simplegets, and then I looked at it's layout in virtual memory while running and this is what I got:

    Code:
    doggoson@fbsd:/home/doggoson % ps aux | grep simplegets
    doggoson 13381  0.0  0.1    9920   1416  0  I+    2:07PM  0:00.00 ./simplegets
    doggoson 13398  0.0  0.1   16288   1776  1  S+    2:08PM  0:00.00 grep simplegets
    doggoson@fbsd:/home/doggoson % cat /proc/13381/map
    0x400000 0x401000 1 0 0xfffffe003c103828 r-x 1 0 0x1000 COW NC vnode /usr/home/doggoson/simplegets NCH -1
    0x600000 0x800000 2 0 0xfffffe0016de89f8 rw- 1 0 0x3000 NCOW NNC default - CH 1001
    0x800600000 0x800618000 24 0 0xfffffe00076ed658 r-x 90 0 0x1004 COW NC vnode /libexec/ld-elf.so.1 NCH -1
    0x800618000 0x800639000 21 0 0xfffffe001e195828 rw- 1 0 0x3000 NCOW NNC default - CH 1001
    0x800817000 0x800819000 2 0 0xfffffe0023bf22b8 rw- 1 0 0x3000 NCOW NNC default - CH 1001
    0x800819000 0x800947000 258 0 0xfffffe00076ed000 r-x 166 76 0x1004 COW NC vnode /lib/libc.so.7 NCH -1
    0x800947000 0x800b46000 0 0 0xfffffe005afdc9f8 --- 1 0 0x2000 NCOW NNC default - NCH -1
    0x800b46000 0x800b51000 11 0 0xfffffe00374cd9f8 rw- 1 0 0x3000 COW NNC vnode /lib/libc.so.7 CH 1001
    0x800b51000 0x800b6c000 8 0 0xfffffe0067d37740 rw- 2 0 0x3000 NCOW NNC default - CH 1001
    0x800c00000 0x801000000 8 0 0xfffffe0067d37740 rw- 2 0 0x3000 NCOW NNC default - CH 1001
    0x7ffffffdf000 0x7ffffffff000 3 0 0xfffffe00790363a0 rw- 1 0 0x3000 NCOW NNC default - CH 1001
    0x7ffffffff000 0x800000000000 0 0 0xfffffe0007515cb0 r-x 94 0 0x4 COW NC default - NCH -1
    doggoson@fbsd:/home/doggoson %
    The suprise came when I ran simplegets a second time:

    Code:
    doggoson@fbsd:/home/doggoson % ps aux | grep simplegets
    doggoson 13446  0.0  0.1    9920   1416  0  S+    2:12PM  0:00.00 ./simplegets
    doggoson 13449  0.0  0.1   16288   1776  1  S+    2:12PM  0:00.00 grep simplegets
    doggoson@fbsd:/home/doggoson % cat /proc/13446/map
    0x400000 0x401000 1 0 0xfffffe003c103828 r-x 1 0 0x1000 COW NC vnode /usr/home/doggoson/simplegets NCH -1
    0x600000 0x800000 2 0 0xfffffe004a9b3910 rw- 1 0 0x3000 NCOW NNC default - CH 1001
    0x800600000 0x800618000 24 0 0xfffffe00076ed658 r-x 90 0 0x1004 COW NC vnode /libexec/ld-elf.so.1 NCH -1
    0x800618000 0x800639000 21 0 0xfffffe00660a13a0 rw- 1 0 0x3000 NCOW NNC default - CH 1001
    0x800817000 0x800819000 2 0 0xfffffe00790390e8 rw- 1 0 0x3000 NCOW NNC default - CH 1001
    0x800819000 0x800947000 258 0 0xfffffe00076ed000 r-x 166 76 0x1004 COW NC vnode /lib/libc.so.7 NCH -1
    0x800947000 0x800b46000 0 0 0xfffffe00486fd910 --- 1 0 0x2000 NCOW NNC default - NCH -1
    0x800b46000 0x800b51000 11 0 0xfffffe00600819f8 rw- 1 0 0x3000 COW NNC vnode /lib/libc.so.7 CH 1001
    0x800b51000 0x800b6c000 8 0 0xfffffe00302672b8 rw- 2 0 0x3000 NCOW NNC default - CH 1001
    0x800c00000 0x801000000 8 0 0xfffffe00302672b8 rw- 2 0 0x3000 NCOW NNC default - CH 1001
    0x7ffffffdf000 0x7ffffffff000 3 0 0xfffffe007219f740 rw- 1 0 0x3000 NCOW NNC default - CH 1001
    0x7ffffffff000 0x800000000000 0 0 0xfffffe0007515cb0 r-x 94 0 0x4 COW NC default - NCH -1
    doggoson@fbsd:/home/doggoson %
    As you can see, all the memory addresses have not changed which shows that FreeBSD lacks Address Space Layout Randomization or ASLR, an important security feature that all other operating systems including Windows have.

    Linux has ASLR as shown when simplegets is executed once:

    Code:
    doggoson@bluebook ~ $ ps aux | grep simplegets
    doggoson   4134  0.0  0.0   4080   348 pts/0    S+   13:59   0:00 ./simplegets
    doggoson   4145  0.0  0.0   8052   916 pts/1    S+   13:59   0:00 grep --colour=auto simplegets
    doggoson@bluebook ~ $ cat /proc/4134/maps 
    00400000-00401000 r-xp 00000000 08:06 261421                             /home/doggoson/Workspace/CC+/simplegets
    00600000-00601000 rw-p 00000000 08:06 261421                             /home/doggoson/Workspace/CC+/simplegets
    7f704e324000-7f704e4c6000 r-xp 00000000 08:08 4461920                    /lib/x86_64-linux-gnu/libc-2.17.so
    7f704e4c6000-7f704e6c6000 ---p 001a2000 08:08 4461920                    /lib/x86_64-linux-gnu/libc-2.17.so
    7f704e6c6000-7f704e6ca000 r--p 001a2000 08:08 4461920                    /lib/x86_64-linux-gnu/libc-2.17.so
    7f704e6ca000-7f704e6cc000 rw-p 001a6000 08:08 4461920                    /lib/x86_64-linux-gnu/libc-2.17.so
    7f704e6cc000-7f704e6d0000 rw-p 00000000 00:00 0 
    7f704e6d0000-7f704e6f1000 r-xp 00000000 08:08 4461916                    /lib/x86_64-linux-gnu/ld-2.17.so
    7f704e8d0000-7f704e8d3000 rw-p 00000000 00:00 0 
    7f704e8ee000-7f704e8f1000 rw-p 00000000 00:00 0 
    7f704e8f1000-7f704e8f2000 r--p 00021000 08:08 4461916                    /lib/x86_64-linux-gnu/ld-2.17.so
    7f704e8f2000-7f704e8f4000 rw-p 00022000 08:08 4461916                    /lib/x86_64-linux-gnu/ld-2.17.so
    7fffdca09000-7fffdca2a000 rw-p 00000000 00:00 0                          [stack]
    7fffdca49000-7fffdca4b000 r-xp 00000000 00:00 0                          [vdso]
    ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
    doggoson@bluebook ~ $
    and again

    Code:
    doggoson@bluebook ~ $ ps aux | grep simplegets
    doggoson   4173  0.0  0.0   4080   348 pts/0    S+   14:02   0:00 ./simplegets
    doggoson   4176  0.0  0.0   8052   916 pts/1    S+   14:02   0:00 grep --colour=auto simplegets
    doggoson@bluebook ~ $ cat /proc/4173/maps 
    00400000-00401000 r-xp 00000000 08:06 261421                             /home/doggoson/Workspace/CC+/simplegets
    00600000-00601000 rw-p 00000000 08:06 261421                             /home/doggoson/Workspace/CC+/simplegets
    7f1e449ac000-7f1e44b4e000 r-xp 00000000 08:08 4461920                    /lib/x86_64-linux-gnu/libc-2.17.so
    7f1e44b4e000-7f1e44d4e000 ---p 001a2000 08:08 4461920                    /lib/x86_64-linux-gnu/libc-2.17.so
    7f1e44d4e000-7f1e44d52000 r--p 001a2000 08:08 4461920                    /lib/x86_64-linux-gnu/libc-2.17.so
    7f1e44d52000-7f1e44d54000 rw-p 001a6000 08:08 4461920                    /lib/x86_64-linux-gnu/libc-2.17.so
    7f1e44d54000-7f1e44d58000 rw-p 00000000 00:00 0 
    7f1e44d58000-7f1e44d79000 r-xp 00000000 08:08 4461916                    /lib/x86_64-linux-gnu/ld-2.17.so
    7f1e44f58000-7f1e44f5b000 rw-p 00000000 00:00 0 
    7f1e44f76000-7f1e44f79000 rw-p 00000000 00:00 0 
    7f1e44f79000-7f1e44f7a000 r--p 00021000 08:08 4461916                    /lib/x86_64-linux-gnu/ld-2.17.so
    7f1e44f7a000-7f1e44f7c000 rw-p 00022000 08:08 4461916                    /lib/x86_64-linux-gnu/ld-2.17.so
    7fff4049f000-7fff404c0000 rw-p 00000000 00:00 0                          [stack]
    7fff405fe000-7fff40600000 r-xp 00000000 00:00 0                          [vdso]
    ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
    doggoson@bluebook ~ $
    As you can see, not only is the address space layout of simplegets neater and simpler but more importantly, the memory addresses have changed showing that Linux is well protected using ASLR.

    It just goes to show, FreeBSD is not safer then Linux but rather the other way round.

    It also shows that it is possible that the FreeBSD project is cooperating with the NSA and CIA so that they can easily access FreeBSD hosts more easily.
    Last edited by doggobot; 10-18-2013 at 12:51 AM.

  2. #2
    Join Date
    Aug 2013
    Posts
    118

    Default

    Quote Originally Posted by doggobot View Post
    I was doing an analysis for my company who is looking to select a new operating system for their recently created server farm. I was analyzing FreeBSD when I found something alarming about it.

    I ran a program that I made called simplegets, and then I looked at it's layout in virtual memory while running and this is what I got:

    [...]

    As you can see, not only is the address space layout of simplegets neater and simpler but more importantly, the memory addresses have changed showing that Linux is well protected using ASLR.

    It just goes to show, FreeBSD is not safer then Linux but rather the other way round.

    It also shows that it is possible that the FreeBSD project is cooperating with the NSA and CIA so that they can easily access FreeBSD hosts more easily.
    I believe FreeBSD 10 will be including ASLR with it enabled by default. Alternatively, you could very easily add it in yourself-- there is a patch for FreeBSD 9 that is already widely available.

    Regarding FreeBSD vs Linux safety-- that is entirely a subjective matter. However, even I am baffled at the idea that you consider the omission of ASLR to render any other benefit moot in its absence.

    As for the last sentence, that is so laughable as to be scarcely worth even trying to refute. But I will say this: If FreeBSD was cooperating with the NSA and the CIA, you'd know about it. FreeBSD is open-source. That's why I can tell you that your 3-letter-agencies were involved with SELinux amongst other Linux projects. Furthermore, the absence of ASLR does not affect the ease of 'accessing FreeBSD hosts'.

  3. #3
    Join Date
    Oct 2013
    Posts
    109

    Default

    FreeBSD does not have ASLR
    Are you fucking kidding me
    It’s 2014 and this shit doesn’t even have basic protect.

    “More secure then Linux” Bullshit

  4. #4
    Join Date
    Aug 2013
    Posts
    51

    Default

    Quote Originally Posted by JX8p View Post
    I believe FreeBSD 10 will be including ASLR with it enabled by default. Alternatively, you could very easily add it in yourself-- there is a patch for FreeBSD 9 that is already widely available.

    Regarding FreeBSD vs Linux safety-- that is entirely a subjective matter. However, even I am baffled at the idea that you consider the omission of ASLR to render any other benefit moot in its absence.

    As for the last sentence, that is so laughable as to be scarcely worth even trying to refute. But I will say this: If FreeBSD was cooperating with the NSA and the CIA, you'd know about it. FreeBSD is open-source. That's why I can tell you that your 3-letter-agencies were involved with SELinux amongst other Linux projects. Furthermore, the absence of ASLR does not affect the ease of 'accessing FreeBSD hosts'.
    Yes this guy was laughing also when he wrote this: http://marc.info/?l=openbsd-tech&m=129236621626462&w=2

    My NDA with the FBI has recently expired, and I wanted to make you
    aware of the fact that the FBI implemented a number of backdoors and
    side channel key leaking mechanisms into the OCF, for the express
    purpose of monitoring the site to site VPN encryption system
    implemented by EOUSA, the parent organization to the FBI. Jason
    Wright and several other developers were responsible for those
    backdoors, and you would be well advised to review any and all code
    commits by Wright as well as the other developers he worked with
    originating from NETSEC.

  5. #5
    Join Date
    Feb 2012
    Posts
    260

    Default

    Quote Originally Posted by endman View Post
    Are you fucking kidding me
    It’s 2014 and this shit doesn’t even have basic protect.

    “More secure then Linux” Bullshit
    Nice job there answering yourself, loser...
    This idiot did this post on October 18; apparently no body gave a f*ck so now he is forced to post it here; he wants attention: http://aboutthebsds.wordpress.com/20...d-is-insecure/
    Go get a life, loser.

  6. #6
    Join Date
    Aug 2013
    Posts
    118

    Default

    Quote Originally Posted by ACiD View Post
    Yes this guy was laughing also when he wrote this: http://marc.info/?l=openbsd-tech&m=129236621626462&w=2
    You're telling me what I was doing? Because in fact I hadn't seen that post. Very presumptuous of you. However if those allegations are true you have a lot more than OpenBSD that is potentially compromised. Mind you, I find the allegations dubious in the extreme -- they reek of FUD and are totally unsubstantiated by any fact. Furthermore OpenBSD and the code derived from it (as used in many other projects which include Linux-related projects) is frequently audited, and something like this is unlikely to go unnoticed. By the way, people generally don't get 10yr NDAs that expire and allow you to talk at will afterwards.

    Anyway, if by some chance this whole silliness is totally true, then one need only file an FoI request to see about this man's NDA.

    Are you fucking kidding me
    It’s 2014 and this shit doesn’t even have basic protect.

    “More secure then Linux” Bullshit
    Sorry mate, that's really just not how it works. You can't take one little thing and try and extrapolate from it the total state of a project. In any case, ASLR is mainly something for the very paranoid; remote holes are what are generally important for security.

  7. #7
    Join Date
    Aug 2013
    Posts
    51

    Default

    Quote Originally Posted by JX8p View Post
    You're telling me what I was doing? Because in fact I hadn't seen that post. Very presumptuous of you. However if those allegations are true you have a lot more than OpenBSD that is potentially compromised. Mind you, I find the allegations dubious in the extreme -- they reek of FUD and are totally unsubstantiated by any fact. Furthermore OpenBSD and the code derived from it (as used in many other projects which include Linux-related projects) is frequently audited, and something like this is unlikely to go unnoticed. By the way, people generally don't get 10yr NDAs that expire and allow you to talk at will afterwards.

    Anyway, if by some chance this whole silliness is totally true, then one need only file an FoI request to see about this man's NDA.



    Sorry mate, that's really just not how it works. You can't take one little thing and try and extrapolate from it the total state of a project. In any case, ASLR is mainly something for the very paranoid; remote holes are what are generally important for security.
    Uhm the BSD backdoors were widely public after they were discovered.

  8. #8
    Join Date
    Nov 2012
    Posts
    639

    Default

    Quote Originally Posted by JX8p View Post
    Sorry mate, that's really just not how it works. You can't take one little thing and try and extrapolate from it the total state of a project. In any case, ASLR is mainly something for the very paranoid; remote holes are what are generally important for security.
    It's not one little thing. It's one of the most important things. Even windows has it. Furthermore, Linux provides much more security mechanisms and is much more frequently audited.

  9. #9
    Join Date
    Nov 2012
    Posts
    639

    Default

    Quote Originally Posted by Sergio View Post
    Nice job there answering yourself, loser...
    This idiot did this post on October 18; apparently no body gave a f*ck so now he is forced to post it here; he wants attention: http://aboutthebsds.wordpress.com/20...d-is-insecure/
    Go get a life, loser.
    All kudos goes to you Sergio! Nice job. You have advertised his blog at Phoronix and now the world will hear how bsd sucks! You are marked as bsd traitor now and trolls from bsd camps will try to hunt you down. You've been warned.

  10. #10
    Join Date
    Feb 2012
    Posts
    260

    Default

    Quote Originally Posted by Pawlerson View Post
    It's not one little thing. It's one of the most important things. Even windows has it. Furthermore, Linux provides much more security mechanisms and is much more frequently audited.
    Riiiiiight, Pawlerson (aka kraftman, aka BSDSucksDicks, aka endman, etc, etc)...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •