OpenBSD's Kernel Gets W^X Treatment On Amd64 84
New submitter brynet tips this news from Theo de Raadt:
Over the last two months Mike Larkin (mlarkin@) modified the amd64 kernel to follow the W^X principles. It started as a humble exercise to fix the .rodata segment, and kind of went crazy. As a result, no part of the kernel address space is writeable and executable simultaneously. At least that is the idea, modulo mistakes. Final attention to detail (which some of you experienced in buggy drafts in snapshots) was to make the MP and ACPI trampolines follow W^X, furthermore they are unmapped when not required. Final picture is many architectures were improved, but amd64 and sparc64 look the best due to MMU features available to service the W^X model. The entire safety model is also improved by a limited form of kernel ASLR (the code segment does not move around yet, but data and page table ASLR is fairly good."
most of you will pretend you understand (Score:1)
My guess is 80% of you will get about 20% of what this email is saying, but you'll post on here like you know it all. /reflections of myself about 15 years ago. //Modulo mistakes... cute
Search your feelings, you know it to be true.
Re:most of you will pretend you understand (Score:5, Funny)
Actually, I was just thinking that this was a relatively penetrable summary. It tells me so much, I don't even need to R TFA.
Re: (Score:1)
The fact that the OP did NOT define 'W^X' was what hooked me in the first place!
Yeah, Journalism 101 conventions were not followed but anyone with an IQ above room temp could derive the meaning in a cursory read.
Re: (Score:1)
Especially when W^X had a link to a definition.
Re: (Score:2)
I'm not sure what the post would have lost if they'd included a short explanation ("W^X (memory can be Writeable OR Executable)").
Re: (Score:1)
What was not obvious? It's clear there is an anchor tag for W^X which when hovered over shows a wiki article. Seems pretty obvious that was a link to explain what W^X meant for those who didn't already know.
Re:most of you will pretend you understand (Score:5, Insightful)
The summary could use a bit of translation, instead of merely copying content off a maillist post intended for a very specific group of kernel specialists using slang terminology.
Re:most of you will pretend you understand (Score:5, Insightful)
If you have a need to get something translated maybe it's worth to look it up.
Everyone is so used to get everything served on a plate these days that when the need arises they are completely lost in how to dig for information.
I see this as a nice teaser that isn't dumbed-down.
Re: (Score:2, Insightful)
How do I translate "trampoline" without reading the entire freakin' maillist history?
This is slang and you won't find the intended meaning it in a dictionary.
Re:most of you will pretend you understand (Score:5, Insightful)
I don't know, it's not like there is some sort of free services out there that could help you find the explanation without parsing the whole list.
https://en.wikipedia.org/wiki/Trampoline_%28computing%29 [wikipedia.org]
Re:most of you will pretend you understand (Score:4, Informative)
I doubt that the mailing list will show any definition of "trampoline". That word has a specific meaning in kernel programming, such that one would already have a good understanding of the subject before poking around in kernel code.
FWIW, "trampoline" refers to generated bits of code containing jumps to arbitrarily different pieces of code, something that ESR called "an incredibly hairy technique" in the Jargon File.
Re:most of you will pretend you understand (Score:4, Interesting)
Next, some noob is going to ask what "ESR," "hairy" and "jargon file" are. And then somebody else won't know what "noob" means. It's the Eternal September all over again (said the guy with the six-digit ID to the guy with the four-digit one)...
Re: most of you will pretend you understand (Score:1)
And that's why you've seen a dearth of new contributors in the past decade, systemd exodus notwithstanding.
Re: (Score:2)
Re:Should I be glad or sad... (Score:2)
...that I did understand all of this. (Maybe it goes with being between the six-digit guy and the four-digit one.)
Re: (Score:1)
That word has a specific meaning in kernel programming, such that one would already have a good understanding of the subject before poking around in kernel code.
One that is very different from the understanding of what a trampoline is for programmers in certain languages... Which kind of confused me.
Re: (Score:2)
Trampoline can mean many things. Often it's used to switch some context in between function calls, so in a sense a system call can be seen as a trampoline between the application and the kernel,
Re: (Score:2)
We live in a complex and rapidly-changing world. It's never a bad idea to push a little knowledge up front. Unless you're actively working with something complex, even if you do know something about it, that knowledge may be outdated and erroneous.
I wasn't aware of W^X as a discipline. I don't have the need or the time to study it in detail. But the succinct description of what it is and what it's good for informs me that there's something out there that I might want to take advantage of someday and if I sh
Re: (Score:2)
News for Nerds.
That pretty much rules out any summary as being too technical.
I actually found the summary to be one of the better ones I have seen on Slashdot.
Re:most of you will pretend you understand (Score:5, Insightful)
Mmm, it made sense to me, but then I work at low levels of code. I do find it somewhat strange though that the criticism is basically that it's too nerdy. I'm quite happy to see more nerd postings and fewer Dice fluff. Stories that go over the heads of the masses is what Slashdot should be about.
This is nothing new, there have been articles with absolutely impenetrable jargon and ideas before when discussing high level web oriented stuff or scripting, but since so many readers these days work in such areas that they don't complain. So I have to look up what jquery is, it's not a problem, so others who call themselves nerds should be content to look up with W^X means.
Re: (Score:3, Informative)
Once you grok that W^X means Write XOR Execute (which you can gather from the rest of the summary), it gets easier.
Re: (Score:3, Informative)
Once you grok that W^X means Write XOR Execute (which you can gather from the rest of the summary), it gets easier.
I thought that meant they added all wheel drive and turbos [subaru.com].
Re: (Score:2)
But, really, it should be: !w || !x so that read-only, no-execute access is also valid.
Truth Table for this expression:
X | F | T
_W__|___|___
_F__|_T_|_T_
_T__|_T_|_F_
Re: (Score:2)
Hmm, haven't kept up on Linux, but on most embedded systems I've worked with the read-only data is lumped together in the text (executable) section.
Re: (Score:2)
But, really, it should be: !w || !x so that read-only, no-execute access is also valid.
Truth Table for this expression:
X | F | T
_W__|___|___
_F__|_T_|_T_
_T__|_T_|_F_
So NAND really and not XOR?
Re: (Score:2, Offtopic)
Re: (Score:2)
Re:most of you will pretend you understand (Score:4, Funny)
My guess is 80% of you will get about 20% of what this email is saying, but you'll post on here like you know it all. /reflections of myself about 15 years ago. //Modulo mistakes... cute
Search your feelings, you know it to be true.
20% is still more than Theo De Raadt wanted anyone else to understand. So, I call it a win.
Re: (Score:2)
Sort of. Linux has DEP and a few other features (ASLR and SEHOP for example.) Redhat created ExecShield that can contribute. I don't know if PaX has been merged yet (haven't followed in quiet a while now) but it also does something similar. While not the same, they all provide different answers to the problem.
Then JIT languages come along and screw everything up. ;-)
W^X is just one method OpenBSD championed, but it's not an exclusive technology.
Status on other UNIX like kernels (Score:1)
Does anyone know what the status is on other UNIX like kernels with respect to this W^X security feature? Is OpenBSD pioneering new ground here?
Re:Status on other UNIX like kernels (Score:5, Informative)
According to Wikipedia, which is always right:
Similar features are available for other operating systems, including the PaX and Exec Shield patches for Linux, and NetBSD 4+'s implementation of PaX.
W^X [wikipedia.org]
Re:Status on other UNIX like kernels (Score:5, Insightful)
Except that only userland benefitted from that till now.
Now it's even for the kernel, that's the news here.
Re: (Score:3)
Still of limited value. ROP [wikipedia.org] already bypasses DEP/NX protections, which are required for W^X to be effective. ROP techniques are used to great effect in iPhone jailbreaks.
These protections may guard against a (very small subset of) casual attackers, but they're just another minor hurdle for determined attackers.
For a primer, see also: https://en.wikipedia.org/wiki/... [wikipedia.org] (And the rest of the article.)
The biggest security advantage that BSD has is being such a small target.
Re: (Score:3)
with BSD being in everything from printers to elevator controllers (and Apple products), it's not a small target but more of a less visible one to date
Re: Status on other UNIX like kernels (Score:2)
True. This was also my first reaction.
If you read the whole post and speak BSD, however, you'll notice that full kernel-space ASLR is under way as well. So, once again, OpenBSD leads exploit mitigation.
Re: (Score:2)
ASLR is already implemented in Windows (since Vista for libraries, and 7 for kernel, IIRC) and OS X (since 10.5 for libraries, and 10.8 for everything), in iOS since 4.3, Android since 4.0.
I'll leave it as a judgment call to the reader as to how effective/successful any of those have been.
Re: (Score:1)
Others have something for userspace such as the PaX and exec shield mentioned by the AC above me. This is for kernel space.
No rant from Theo (Score:4, Funny)
Re: (Score:3)
Re:No rant from Theo (Score:4, Funny)
Re:No rant from Theo (Score:5, Funny)
I expected a long rant from TdR. I was disappointed.
He had write permission on the email so his rant couldn't execute.
FreeBSD? (Score:2)
I wasn't aware the BSDs have different kernels. Do OpenBSD kernel changes also end up in the other BSDs?
(I guess it might not be worth it as I recently saw confirmation that *BSD is dying.)
Re: (Score:2, Informative)
Re: (Score:3)
Sure, if someone ports it over. They do share features but not all BSD kernels have all the same features.
Very disturbed by tag "writeorexecute" (Score:5, Insightful)
Never bothered learning how to tag stuff or contribute to tags on Slashdot, so just ranting here. Thank you, that is all.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Well, you're right from a formal logic perspective. In spoken languages, though, there's often an implicit 'either' attached to the 'or', causing 'or' to essentially mean 'xor'.
Yes, everyone should be expected to go read Principia Mathematica [stanford.edu] before posting to Slashdot, far better than any captcha in use today.
Re: (Score:2)
And that's why we have code, rather than just compiling the comments. ;-)
Re: (Score:2)
"Do you want an apple or an orange? You can only have one or the other." In english "or" does have the connotation you describe. Human brain fuzzy logic I suppose.
Re: (Score:3)
In english "or" does have the connotation you describe.
I would say it "does sometimes" have that connotation. Addressing an invalid in bed: "Can you sit or stand?" Obviously in order to stand they will first sit up, but we don't know whether they can do both. I'm sticking with my theory that while writing the summary and tags, an editor accidentally executed it, as usual. :)
Re: (Score:2)
would you like pie or cake? both! (Score:3)
In the english language itself, "or" doesn't necessarily imply "xor". Usually some other mechanism is used to imply exclusivity, either from situational awareness or from context in the surrounding text.
Re: (Score:1)
Exclusive Or is called exclusive for a reason. In your example, you indicated exclusivity with "only". Therefore, while "or" CAN have the connotation he describes, it isn't guaranteed. We gather a lot by context. But what if we don't understand the context? That happens all the time.
I'm very explicit about whether my ors are exclusive or not -- I have to be; I've got children. "Go to bed NOW or you don't get to go to your friend's house tomorrow" is very obviously exclusive to an adult -- but to a kid
Re: (Score:2)
I'd say the opposite. The kid is thinking if I go to my bed now, I am definitely going to my friends house, and I can get straight out of bed again, because once I've fulfilled the request the outcome is decided and the threat of not going to my friend's house cannot be pulled out again for another situation. It's the adult that figures the optio
Re: (Score:1)
Also, ^ is used in formal logic to represent a conjunction (i.e., "and"). If "or" were appropriate here, the notation should be WvX (alternatively, W+X). Really I believe the article should use the plus symbol with a circle around it, which is available in unicode but not in Slashdot comments.
Re: (Score:3)
When C syntax was developed, the designers tried to limit the use of glyphs to those represented in 7-bit ANSI character code, which does not have a codepoint for "circle-plus" nor for a lot of other glyphs used in formal logic and in math.
Re: (Score:1)
Except it's not xor, read only segments are allowed. The actual thing thats permitted is write nand execute.
Re: (Score:1)
OpenBSD also has support for SMEP/SMAP on newer Intel processors in addition to NX, which at least makes arbitrarily poking around memory a little more risky.
http://freshbsd.org/search?pro... [freshbsd.org]
http://freshbsd.org/search?pro... [freshbsd.org]
Punctuation Nazi (Score:2)
The entire safety model is also improved by a limited form of kernel ASLR (the code segment does not move around yet, but data and page table ASLR is fairly good."
Oh, my - unopened quotation and an unclosed parenthetical! This crap drives me nuts. Don't journalists have to take English classes at all?
It will prevent remote exploits (Score:2)
Like this one:
http://www.coresecurity.com/content/open-bsd-advisorie
OpenBSD Gets Feature It Was Already Known For (Score:2)
I am impressed that OpenBSD is so righteously conservative they are just getting one of the security feature they are most famous for.
I hope developers of other systems would follow that example and I can't wait for someone to modify the linux kernel to support USB keyboards, or to modify Xorg to support 1024x768 resolution up from the previous maximum of 640x480.