Contributed by jose on from the milestone dept.
"The i386 branch recently went ELF, complementing the W^X work.Having done the a.out to ELF upgrade on a SPARC, yes, it's just easiest to reinstall from scratch. All sorts of things will stop working otherwise, and it's easiest to just do a wipe and reinstall. The snapshots are up and making the rounds of the mirrors, so if you feel daring, download and test stuff out.If you wish to upgrade, you must do so by installing a binary snapshot.. upgrading from source won't work.
You can find the original email here . For a _very_ detailed description of W^X on i386, check out the follow-up email ."
(Comments are closed)
By Anonymous Coward () on
By Dries Schellekens () on http://marc.theaimsgroup.com/?l=openbsd-misc&m=105
Comments
By Dries Schellekens () on
Comments
By Anonymous Coward () on
http://marc.theaimsgroup.com/?l=openbsd-misc&m=105058898328497&w=2
Comments
By Dries Schellekens () on
Comments
By Anonymous Coward () on
Comments
By Dries Schellekens () on
Comments
By Anonymous Coward () on
Comments
By Anonymous Coward () on
Comments
By Dries Schellekens () on
Considering we'd never heard of PaX before we did W^X.
You seem to think OpenBSD just copied PaX as your website states:
PaX features are part of OpenBSD (MagicPoint presentation)
non-executable stack pages based on the segmentation logic implemented by the Openwall Project
non-executable stack and heap pages based on the segmentation logic implemented in RSX
non-executable stack and heap pages based on the segmentation logic implemented in kNoX
You make a clear distinguish between OpenBSD and other non-exec stack/heap implementations!
Comments
By PaX Team () on
This is a lie. I've posted one proof on the mailing list, and in the meantime i got word that he had been made aware of PaX at HAL2001 as well (that's August 2001). If you want to prove me wrong (i'm not accusing, just suspecting), please make your private development mailing list archives available to the public, you should have nothing to hide.
> You seem to think OpenBSD just copied PaX as
> your website states:
What's wrong with this (you realize i talk about PaX *features*, not PaX per se)? Didn't PaX have non-exec page semantics 2 years before OpenBSD? Didn't PaX have randomization that OpenBSD is now considering (not to mention the strange coincidence of you guys having stack randomization one month after it was released in PaX, after HAL2001 too)? Again, making your development process open to the public would allow to clear up any confusions one may have.
As for the distinction between OpenBSD and the others: they predate PaX (as far as the segmentation based non-exec feature is concerned), you're not suggesting to put claims on them, are you?
Comments
By Dries Schellekens () on
> This is a lie. I've posted one proof on the mailing list,
To me http://marc.theaimsgroup.com/?l=openbsd-tech&m=97416533704634&w=2
nothing. OK, you can assume someone he heard the name. At that moment OpenBSD developers totally weren't interested at implementing something similar. So I doubt they looked hard at it (perhaps just briefly). What did PaX do at that moment? Non-exec stack and heap on i386, or more features (like randomization)?
> Didn't PaX have non-exec page semantics 2 years before OpenBSD?
Didn't Solar Designer implement a non-executable stack on Linux several years before PaX? Doesn't Solaris have noexec_user_stack many years before PaX? The PaX team didn't invent this.
> Didn't PaX have randomization that OpenBSD is now considering (not to mention the strange coincidence of you guys having stack randomization one month after it was released in PaX, after HAL2001 too)?
So art@'s stackgap_random is inspired by PaX (if PaX had this before Augustus 16, 2001; I'm not able to verify this). Perhaps this was the only new thing (invented by the PaX team), that could be easily implemented in OpenBSD. At this moment OpenBSD developers didn't think non exec stack was a good idea. I doubt you had randomization of everything, non exec paging based on segmentations, mprotect restrictions, ... at that moment.
I believe Theo when he says when they started thinking about W^X, they didn't look at PaX; they had forgotten the name and didn't bother to look at the progress you made since HAL2001. Ofcourse this is pure speculation of my part.
> Again, making your development process open to the public would allow to clear up any confusions one may have.
You guys are good at this too. No CVS, no mailing list archives, no changelog, ...
Comments
By Anonymous Coward () on
> and heap on i386, or more features (like
> randomization)?
What we call PAGEEXEC/MPROTECT. The randomization came late July 2001.
> The PaX team didn't invent this.
You're shooting at the wrong target. Noone talks about invention here (for all i know, little in PaX can actually be said to be 'first' of its kind, maybe full ASLR and KERNEXEC of late, not that it mattered though). What we are talking about is where OpenBSD got the inspiration, you guys should come clean on this (you don't want to seriously sell the idea that a security conscious OS development crew doesn't follow the scene at large...).
> So art@'s stackgap_random is inspired by PaX
We don't know, but you see, if OpenBSD didn't consider Intrusion Protection/Prevention mechanisms at that time (you said so), how come this one came out of the blue all of a sudden? How come that after almost two years it still hasn't evolved into full randomization? I say it's fishy but i'll happily accept your version of the story as soon as you provide it (from a credible source, not 'my word against your word' style).
> Perhaps this was the only new thing (invented
> by the PaX team)
Wrong, as i said above, few things can be attributed to us as 'invention', nor does it matter. As far as i could track it back, the stack randomization idea popped up sometime 1997 (but i'm sure it's older), there's even one US patent issued on it (it has prior art too from the same year).
> At this moment OpenBSD developers didn't think
> non exec stack was a good idea.
And they still don't and they're right. Nor has PaX ever been a non-exec stack implementation. So what point did you try to make here?
> I doubt you had randomization of everything,
Wrong, when ASLR was first released, it already provided *full* randomization of the address space, nothing changed since.
> non exec paging based on segmentations,
Correct, it came in September 2002.
> mprotect restrictions, ... at that moment.
Wrong, it was included in November 2000.
> Ofcourse this is pure speculation of my part.
If what you speculate on is true then it sheds some bad light on your developers as they failed to follow the security scene (being security conscious would have one believe that it's an important thing to you).
> You guys are good at this too. No CVS,
http://www.grsecurity.net/cvs.php
http://cvsweb.grsecurity.net/index.cgi/
> no mailing list archives,
http://www.grsecurity.net/mailinglist.php
> no changelog
You can generate it from the CVS.
Now, where did you say your archives were again?
Comments
By Dries Schellekens () on
If you want the exact timeline of events, ask for it on the official OpenBSD mailing list; Theo doesn't read deadly.org (some developers do). Or talk to him on some conference...
Thanks for pointing me to the CVS. I didn't know PaX was developed in the grsecurity tree. It's not stated on your main website: http://pageexec.virtualave.net/
Comments
By Anonymous Coward () on
By PaX Team () on
http://marc.theaimsgroup.com/?l=openbsd-misc&m=105060386219963&w=2
It's left unanswered (no private mails either).
> I didn't know PaX was developed in the grsecurity tree.
That's because it is not. grsecurity graciously provides CVS hosting to PaX, but they've got their own trees with their own PaX in there (there was some integration work to do).
> It's not stated on your main website
This is for reasons beyond my control, i can't explain it in public, sorry. If and when the situation changes (or i lose my patience), i'll announce it on our site as well. The CVS has been and will stay open to the public regardless.
By Dries Schellekens () on
I don't know, perhaps because of the remote exploit for OpenSSH.
> How come that after almost two years it still hasn't evolved into full randomization?
Because the evolution started only recently.
Non exec pages happened in the summer of 2002. The W^X stuff got in the tree end 2002/begin 2003. This week W^X became possible on i386 and macppc still has to come. Complete randomization (ASLR) is on the future work list, and to Theo this seems a natural evolution from W^X.
The addition of stackgap_random was just an isolated event. Much like frantzen's stackghost code for sparc (http://stackghost.cerias.purdue.edu/).
I think the work started only recently (summer of 2002) and is slowly evolving to something comparable to PaX, but with other design choices, mainly because of different interpretations of POSIX standards (BTW you haven't commented on miod@'s mail on misc@).
> > At this moment OpenBSD developers didn't think non exec stack was a good idea.
>
> And they still don't and they're right. Nor has PaX ever been a non-exec stack implementation. So what point did you try to make here?
I meant that at that moment OpenBSD developers didn't intend to implement a non exec pages (stack+heap).
> > non exec paging based on segmentations,
>
> Correct, it came in September 2002.
At this moment OpenBSD had already designed there one non exec stack ugly hack on i386.
Comments
By PaX Team () on
That was in June 2002, HAL2001 and OpenBSD stack randomization were in August 2001.
> The addition of stackgap_random was just an isolated event.
That doesn't answer the simple question i asked: where did it come from (you'll see from my mailing post that i'm working on some 'history' docs, hence it'd be nice to know more)? You still haven't pointed us to the real source: your private development communications that would clear things up.
> Complete randomization (ASLR) is on the future
> work list, and to Theo this seems a natural
> evolution from W^X.
You are wrong on this, randomization is 'orthogonal' to non-exec pages, that is, they can be independently developed and deployed. Your history notes are interesting (even if i knew it already) but irrelevant to my question (why not evolve into full ASLR during all this time if stack randomization was deemed important enough to get into the tree so long ago).
> (BTW you haven't commented on miod@'s mail on misc@).
If you mean his last one, i did comment on it, but in private. If you followed and understood that thread of discussion, it should be clear that POSIX (in the OpenBSD interpretation) mandates EACCES if PROT_EXEC was requested in that situation whereas OpenBSD (and the others too for that matter) fail only for PROT_READ (this is in the code snippet i had posted beforehand). So the conclusion to any reasonable person is crystal clear: OpenBSD violates POSIX. Since Theo went apparently incommunicado (spelling?) i saw no reason to bother him or the others with this, if noone cared so far, unlikely they would all of a sudden. I hope they learned a lesson though: don't talk trash about PaX when it's not true and they have a problem themselves.
Comments
By Dries Schellekens () on
>
> That doesn't answer the simple question i asked: where did it come from? You still haven't pointed us to the real source: your private development communications that would clear things up.
Send an email to art@ and you will know.
> > Complete randomization (ASLR) is on the future work list, and to Theo this seems a natural evolution from W^X.
>
> You are wrong on this, randomization is 'orthogonal' to non-exec pages, that is, they can be independently developed and deployed.
I'm under impression that the planned randomization ( Randomized mapping for shared objects, Try to find a way to map the main program randomly, Randomized mmap ) requires ELF (as did W^X).
Comments
By PaX Team () on
Maybe i didn't express myself clear enough: i'm interested in full public archives, not what an individual is willing to share, that is, it's not only for myself but for all. It's a pity the OpenBSD community goes so easily by this closed development process - i don't. If art or anyone else has anything to say on history, they'd better make it available to everyone. Besides, i made my request already clear on the misc@ list.
> I'm under impression that the planned
> randomization (Randomized mapping for shared
> objects, Try to find a way to map the main
> program randomly, Randomized mmap) requires ELF
> (as did W^X).
I thought a.out supported runtime relocation which is all you need for randomization. Other than that, even if in OpenBSD you need ELF support for both features, my claim stands that they can be implemented independently of each other (once you have the common infrastructure - ELF - in place). As a sidenote, PaX has had a.out non-exec pages since the beginning on i386 (although not really maintained or even tested as noone uses a.out on Linux), only OpenBSD's approach needs ELF.
By Dries Schellekens () on
BTW how are non-exec pages implemented on ppc? It's not documented yet (because it have only been added recently)?
Comments
By Anonymous Coward () on
You answer my question.
Comments
By Dries Schellekens () on
Now my question: how are non-exec pages implemented on ppc?
Comments
By Anonymous Coward () on
This has nothing to do with the linker. Programs doing fixed mmaps will need to use this interface. PaX requires one second to change the flags on a binary. OpenBSD requires source modification. So much for binary compatibility.
Comments
By Dries Schellekens () on
You still haven't answered my question.
By PaX Team () on
By tedu () on
while i'm switching over to PaX, which is clearly better if an anonymous coward told me so, any suggestions for lunch? i can't decide. you tell me what to do.
Comments
By Anonymous Coward () on
By Anonymous Coward () on
There's your hero in action. You should feel proud.
Comments
By Dries Schellekens () on
He's main problem seems to be that you add extra restrictions to mprotect. In this way you're required to hack the ELF header to run programs like XFree86, wine, ...
Comments
By PaX Team () on
XFree86: they have their own ET_REL ELF file loading mechanism (it escapes me why they can't just use ET_DYN libraries which are actually meant to be loaded/executed) which assumes calloc() and the like gives them executable memory. i don't know about OpenBSD but on linux glibc doesn't even ask for PROT_EXEC in those functions. the solution is however more suprising than you'd think: link the X server statically and all problems are solved. as a bonus you'll have reduced the in-memory footprint of XFree86 as well.
wine: it has its own file format loader for PE files (something like ELF in the UNIX world, but less developed IMHO) and uses mmap() and the like. it can be fixed by several ways, once the kernel work in PaX is finished, we'll get to it hopefully.
real casualties are Java and others that really need to generate code at runtime, they can be fixed in the source code or just disable PaX on them and you don't need to hack the ELF header if you put the proper ACL on said files (in grsecurity).
PS: after having read the thread, i hope you realize that Theo's point is wrong, PaX doesn't break POSIX.
By tedu () on
Comments
By Dries Schellekens () on
No manual entry for PaX
I guess UNIX is case sensitive :-P
By tedu () on
By Jedi/Sector One () j@pureftpd.org on http://www.pureftpd.org/
Obviously, Linux had stack address randomization and non-executable pages before OpenBSD.
So what? Did someone violate a patent?
We are talking about free software here.
Free software is not a war between projects, it's a collaborative work.
If OpenBSD rips off nice ideas, and even code from other operating systems, this is great. I would love to see every feature of GrSecurity implemented in OpenBSD.
If RedHat ships a Linux kernel with PF, this would be great also. Both for RedHat and for OpenBSD (more users, more bugs will be fixed, more ideas will be suggested, etc) .
OpenBSD already closely watches every change in NetBSD and FreeBSD in order to port relevant ones. It's ok, it's great, it brings a lot of fixes and additions.
As I see, all the flamed craptalk between PaX and Theo is about credits. Even if OpenBSD developpers never heard about PaX (and don't read deadly.org either, because we already talked about PaX before), how much does it cost to give a little credit? GrSecurity already gives credit to OpenBSD for the IPID generation.
The OpenBSD developpers have some experiences that GrSecurity/PaX developpers don't have. But the reverse is also true. There are good ideas to take from both sides, code to share, and this is a good way to make both projects better. But after the discussions, it's clear that both projects will ignore each other, and possibly go in the same direction, implementing the same thing a bit differently. This happen all the time in a commercial world, but it's a bit pity for OSS projects.
Comments
By PaX Team () on
> But after the discussions, it's clear that both
> projects will ignore each other, and possibly
> go in the same direction, implementing the same
> thing a bit differently.
What made you arrive at this conclusion? Theo != OpenBSD and from other private correspondance with other developers it's obviously that we're not ignored (and i don't know where you got that we ignored them, or plan to). Also you have to understand that kernel development is very specific to a given kernel, sharing/cooperation can rarely go beyond that of ideas/high-level concepts for technical reasons. What will happen to userland changes is an interesting question though, we'll see what can be shared/re-used (reminds me that propolice is already in Trusted Debian).
By zil0g () on
=)
By Anonymous Coward () on
Comments
By Anonymous Coward () on
By Anonymous Coward () on
MicroBSD had ELF support years bef...
Ah, foo. All thhe fun's been taken out of that one...
Comments
By mirabile () mirabile@bsdcow.net on http://MirBSD.BSDadvocacy.org/
two hours before, or so...
Okay, I started with the code from drahn@ and worked
with him on resolving some issues, and I took other
code from NetBSD...
But damn, WineX still does not work. A port that
builds is sent at ports@ some days ago.
Comments
By Anonymous Coward () on
By Chad Loder () on http://www.linuxjournal.com/article.php?sid=1059
http://www.linuxjournal.com/article.php?sid=1059
By Anonymous Coward () on
Comments
By tedu () on
By Anonymous Coward () on
What's ELF? Why not Dark ELF?
Comments
By Anonymous Coward () on
By Anonymous Coward () on