Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Operating Systems Security Unix BSD

OpenBSD's Kernel Gets W^X Treatment On Amd64 84

New submitter brynet tips this news from Theo de Raadt: Over the last two months Mike Larkin (mlarkin@) modified the amd64 kernel to follow the W^X principles. It started as a humble exercise to fix the .rodata segment, and kind of went crazy. As a result, no part of the kernel address space is writeable and executable simultaneously. At least that is the idea, modulo mistakes. Final attention to detail (which some of you experienced in buggy drafts in snapshots) was to make the MP and ACPI trampolines follow W^X, furthermore they are unmapped when not required. Final picture is many architectures were improved, but amd64 and sparc64 look the best due to MMU features available to service the W^X model. The entire safety model is also improved by a limited form of kernel ASLR (the code segment does not move around yet, but data and page table ASLR is fairly good."
This discussion has been archived. No new comments can be posted.

OpenBSD's Kernel Gets W^X Treatment On Amd64

Comments Filter:
  • by Anonymous Coward

    My guess is 80% of you will get about 20% of what this email is saying, but you'll post on here like you know it all.
    Search your feelings, you know it to be true. /reflections of myself about 15 years ago. //Modulo mistakes... cute

    • Actually, I was just thinking that this was a relatively penetrable summary. It tells me so much, I don't even need to R TFA.

      • by Anonymous Coward

        The fact that the OP did NOT define 'W^X' was what hooked me in the first place!

        Yeah, Journalism 101 conventions were not followed but anyone with an IQ above room temp could derive the meaning in a cursory read.

        • Especially when W^X had a link to a definition.

          • For me the link was right at the start of a new line and not very noticeable, I didn't see it until after I'd read the article (and googled W^X myself).

            I'm not sure what the post would have lost if they'd included a short explanation ("W^X (memory can be Writeable OR Executable)").

    • by mwvdlee ( 775178 ) on Wednesday January 14, 2015 @09:09AM (#48810559) Homepage

      The summary could use a bit of translation, instead of merely copying content off a maillist post intended for a very specific group of kernel specialists using slang terminology.

      • by Z00L00K ( 682162 ) on Wednesday January 14, 2015 @09:40AM (#48810779) Homepage Journal

        If you have a need to get something translated maybe it's worth to look it up.

        Everyone is so used to get everything served on a plate these days that when the need arises they are completely lost in how to dig for information.

        I see this as a nice teaser that isn't dumbed-down.

        • Re: (Score:2, Insightful)

          by mwvdlee ( 775178 )

          How do I translate "trampoline" without reading the entire freakin' maillist history?
          This is slang and you won't find the intended meaning it in a dictionary.

        • We live in a complex and rapidly-changing world. It's never a bad idea to push a little knowledge up front. Unless you're actively working with something complex, even if you do know something about it, that knowledge may be outdated and erroneous.

          I wasn't aware of W^X as a discipline. I don't have the need or the time to study it in detail. But the succinct description of what it is and what it's good for informs me that there's something out there that I might want to take advantage of someday and if I sh

      • by LWATCDR ( 28044 )

        News for Nerds.
        That pretty much rules out any summary as being too technical.
        I actually found the summary to be one of the better ones I have seen on Slashdot.

      • by Darinbob ( 1142669 ) on Wednesday January 14, 2015 @03:25PM (#48813813)

        Mmm, it made sense to me, but then I work at low levels of code. I do find it somewhat strange though that the criticism is basically that it's too nerdy. I'm quite happy to see more nerd postings and fewer Dice fluff. Stories that go over the heads of the masses is what Slashdot should be about.

        This is nothing new, there have been articles with absolutely impenetrable jargon and ideas before when discussing high level web oriented stuff or scripting, but since so many readers these days work in such areas that they don't complain. So I have to look up what jquery is, it's not a problem, so others who call themselves nerds should be content to look up with W^X means.

    • Re: (Score:3, Informative)

      by Anonymous Coward

      Once you grok that W^X means Write XOR Execute (which you can gather from the rest of the summary), it gets easier.

      • Re: (Score:3, Informative)

        by Anonymous Coward

        Once you grok that W^X means Write XOR Execute (which you can gather from the rest of the summary), it gets easier.

        I thought that meant they added all wheel drive and turbos [subaru.com].

      • But, really, it should be: !w || !x so that read-only, no-execute access is also valid.

        Truth Table for this expression:


          X | F | T
        _W__|___|___
        _F__|_T_|_T_
        _T__|_T_|_F_

        • Hmm, haven't kept up on Linux, but on most embedded systems I've worked with the read-only data is lumped together in the text (executable) section.

        • But, really, it should be: !w || !x so that read-only, no-execute access is also valid.

          Truth Table for this expression:

            X | F | T
          _W__|___|___
          _F__|_T_|_T_
          _T__|_T_|_F_

          So NAND really and not XOR?

    • by Anonymous Coward on Wednesday January 14, 2015 @09:42AM (#48810797)

      My guess is 80% of you will get about 20% of what this email is saying, but you'll post on here like you know it all.
      Search your feelings, you know it to be true. /reflections of myself about 15 years ago. //Modulo mistakes... cute

      20% is still more than Theo De Raadt wanted anyone else to understand. So, I call it a win.

  • by Anonymous Coward

    Does anyone know what the status is on other UNIX like kernels with respect to this W^X security feature? Is OpenBSD pioneering new ground here?

    • by Anonymous Coward on Wednesday January 14, 2015 @09:30AM (#48810705)

      According to Wikipedia, which is always right:

      Similar features are available for other operating systems, including the PaX and Exec Shield patches for Linux, and NetBSD 4+'s implementation of PaX.

      W^X [wikipedia.org]

      • by Nikademus ( 631739 ) * <renaud.allard@it> on Wednesday January 14, 2015 @09:52AM (#48810865) Homepage

        Except that only userland benefitted from that till now.
        Now it's even for the kernel, that's the news here.

        • Still of limited value. ROP [wikipedia.org] already bypasses DEP/NX protections, which are required for W^X to be effective. ROP techniques are used to great effect in iPhone jailbreaks.

          These protections may guard against a (very small subset of) casual attackers, but they're just another minor hurdle for determined attackers.

          For a primer, see also: https://en.wikipedia.org/wiki/... [wikipedia.org] (And the rest of the article.)

          The biggest security advantage that BSD has is being such a small target.

          • with BSD being in everything from printers to elevator controllers (and Apple products), it's not a small target but more of a less visible one to date

          • True. This was also my first reaction.
            If you read the whole post and speak BSD, however, you'll notice that full kernel-space ASLR is under way as well. So, once again, OpenBSD leads exploit mitigation.

            • ASLR is already implemented in Windows (since Vista for libraries, and 7 for kernel, IIRC) and OS X (since 10.5 for libraries, and 10.8 for everything), in iOS since 4.3, Android since 4.0.

              I'll leave it as a judgment call to the reader as to how effective/successful any of those have been.

    • by Anonymous Coward

      Others have something for userspace such as the PaX and exec shield mentioned by the AC above me. This is for kernel space.

  • by frambris ( 525874 ) on Wednesday January 14, 2015 @09:35AM (#48810739) Homepage
    I expected a long rant from TdR. I was disappointed.
  • I wasn't aware the BSDs have different kernels. Do OpenBSD kernel changes also end up in the other BSDs?

    (I guess it might not be worth it as I recently saw confirmation that *BSD is dying.)

    • Re: (Score:2, Informative)

      by Anonymous Coward
      Yes, there is some cross-pollination. In general, while BSDs share a common background, they are different operating systems, not "distros".
    • Sure, if someone ports it over. They do share features but not all BSD kernels have all the same features.

  • by sideslash ( 1865434 ) on Wednesday January 14, 2015 @09:57AM (#48810895)
    C'mon, people, it's writexorexecute, as in "xor" as in "exclusive or". Write or execute is exactly what they're trying to avoid.

    Never bothered learning how to tag stuff or contribute to tags on Slashdot, so just ranting here. Thank you, that is all.
    • by fisted ( 2295862 )
      Well, you're right from a formal logic perspective. In spoken languages, though, there's often an implicit 'either' attached to the 'or', causing 'or' to essentially mean 'xor'.
      • I think what happened is that while somebody was writing the summary and tags, they accidentally executed it. Happens often around here. ;)
      • Well, you're right from a formal logic perspective. In spoken languages, though, there's often an implicit 'either' attached to the 'or', causing 'or' to essentially mean 'xor'.

        Yes, everyone should be expected to go read Principia Mathematica [stanford.edu] before posting to Slashdot, far better than any captcha in use today.

      • And that's why we have code, rather than just compiling the comments. ;-)

    • by caseih ( 160668 )

      "Do you want an apple or an orange? You can only have one or the other." In english "or" does have the connotation you describe. Human brain fuzzy logic I suppose.

      • In english "or" does have the connotation you describe.

        I would say it "does sometimes" have that connotation. Addressing an invalid in bed: "Can you sit or stand?" Obviously in order to stand they will first sit up, but we don't know whether they can do both. I'm sticking with my theory that while writing the summary and tags, an editor accidentally executed it, as usual. :)

        • by jrumney ( 197329 )
          Sometimes it depends on context, like a lot of written English, but a big clue is that there is no word 'xor' in the English language, and another clue is that it is common to see 'and/or' written when the author explicitly wants to include the possibility that both options may be true at the same time.
      • In the english language itself, "or" doesn't necessarily imply "xor". Usually some other mechanism is used to imply exclusivity, either from situational awareness or from context in the surrounding text.

      • Exclusive Or is called exclusive for a reason. In your example, you indicated exclusivity with "only". Therefore, while "or" CAN have the connotation he describes, it isn't guaranteed. We gather a lot by context. But what if we don't understand the context? That happens all the time.

        I'm very explicit about whether my ors are exclusive or not -- I have to be; I've got children. "Go to bed NOW or you don't get to go to your friend's house tomorrow" is very obviously exclusive to an adult -- but to a kid

        • by jrumney ( 197329 )

          "Go to bed NOW or you don't get to go to your friend's house tomorrow" is very obviously exclusive to an adult -- but to a kid, they figure they' ve got options.

          I'd say the opposite. The kid is thinking if I go to my bed now, I am definitely going to my friends house, and I can get straight out of bed again, because once I've fulfilled the request the outcome is decided and the threat of not going to my friend's house cannot be pulled out again for another situation. It's the adult that figures the optio

    • by nsre ( 1880644 )

      Also, ^ is used in formal logic to represent a conjunction (i.e., "and"). If "or" were appropriate here, the notation should be WvX (alternatively, W+X). Really I believe the article should use the plus symbol with a circle around it, which is available in unicode but not in Slashdot comments.

      • When C syntax was developed, the designers tried to limit the use of glyphs to those represented in 7-bit ANSI character code, which does not have a codepoint for "circle-plus" nor for a lot of other glyphs used in formal logic and in math.

    • by Anonymous Coward

      Except it's not xor, read only segments are allowed. The actual thing thats permitted is write nand execute.

  • The entire safety model is also improved by a limited form of kernel ASLR (the code segment does not move around yet, but data and page table ASLR is fairly good."

    Oh, my - unopened quotation and an unclosed parenthetical! This crap drives me nuts. Don't journalists have to take English classes at all?

  • Like this one:

    http://www.coresecurity.com/content/open-bsd-advisorie

  • I am impressed that OpenBSD is so righteously conservative they are just getting one of the security feature they are most famous for.

    I hope developers of other systems would follow that example and I can't wait for someone to modify the linux kernel to support USB keyboards, or to modify Xorg to support 1024x768 resolution up from the previous maximum of 640x480.

Beware of all enterprises that require new clothes, and not rather a new wearer of clothes. -- Henry David Thoreau

Working...