[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: spender@grsecurity.net: Re: PowerPC W^X

To: misc@openbsd.org
Subject: Re: spender@grsecurity.net: Re: PowerPC W^X
From: spender@grsecurity.net
Date: Sat, 19 Apr 2003 20:20:35 -0400
Content-Disposition: inline
User-Agent: Mutt/1.5.3i

> This is who we are dealing with.

'We'?  My mail was you YOU, Theo.  Cult rule #1: make the followers
believe they are under attack, it promotes the "us vs. them" mentality.

> I am sick and tired of this person.

That's interesting, as this is the first time I've contacted you.

> Now that his attitude is fully
> visible, I would be more than happy if you guys in the community
>  convinced him to leave me alone as I have better things to do.

I knew I could count on you, Theo, to provide an unbalanced viewpoint to
your influential users.  For the benefit of everyone else, here is the
mail that was sent to Theo, to which I received his arrogant and
dismissing email.  Theo likes to dismiss points when he's wrong.

Hi Theo,

I have a question about your W^X implementation in OpenBSD.  Since you
do not want to break applications, I would like to map a 257MB file rwx.

Do you:
1) Deny the mapping because it is too large, restricting mappings to be
256MB on OpenBSD and thus break applications.
2) Demote the executable bit in the data segment, thus breaking POSIX as
you are not able to honor the protections on the mapping.
3) Allow the mapping, thus defeating W^X, and breaking the application
as it cannot execute in the last MB of the segment?

Also, I'm curious why you tout random stack gap (and your other recent
features for that matter) without discussing the other end of the issue?
Your random stack gap provides only 8 bits of randomness, not the 10 you
think.  Regardless, 8-10 bits is merely an obscurity defense, of which I
am sure you are aware.  The exploit does not even need to be reworked,
only executed a few more times (and with 8 bits of randomness, this can
be done in a second).  Could you point me to a discussion of this
feature where you discuss it as what it is, an obscurity feature?
Also, the following email to misc@ is still requiring an answer:

http://marc.theaimsgroup.com/?l=openbsd-misc&m=105076448801556&w=2

I would personally be interested in your timeline, since as it stands
we've heard several reports of OpenBSD being introduced to PaX during
HAL2001, and I gave a presentation in the early summer of 2002 on PaX
and full ASLR, for which several OpenBSD developers were in attendance
(and an OpenBSD developer who is no longer one).  Making your
timelines/documentation available to the community will aid in OpenBSD
receiving proper credit for their work.  Since it was clearly false
that OpenBSD was not aware of PaX at the time W^X was developed, a
clarification on your statement would be appreciated.

Sincerely,
-Brad

Follow-Ups:
- Re: spender@grsecurity.net: Re: PowerPC W^X
  - From: Ted Unangst <tedu@stanford.edu>
- Re: spender@grsecurity.net: Re: PowerPC W^X
  - From: "Richard P. Koett" <mail-lists@telus.net>
- Re: spender@grsecurity.net: Re: PowerPC W^X
  - From: Artur Grabowski <art@blahonga.org>

Prev by Date: renice a process after boot
Next by Date: Re: renice a process after boot
Prev by thread: Re: spender@grsecurity.net: Re: PowerPC W^X
Next by thread: Re: spender@grsecurity.net: Re: PowerPC W^X
Index(es):
- Date
- Thread