mailing list archives
Re: Buffer overflow prevention
From: Theo de Raadt <deraadt () cvs openbsd org>
Date: Mon, 18 Aug 2003 15:31:11 -0600 (MDT)
If we had been aware of PAX as you claim, why would we have thought
that i386 solutions were impossible?
You have thought that i386 solutions were possible, because you have
Can you please stop spinning this?
W^X was up and running on some of our architectures before we had
heard of PAX.
Months later, ways of doing W^X for i386 were discussed, but this was
also before we had heard of PAX.
Even later, W^X was starting to work on i386, but even this was before
we had heard of PAX.
And finally, as you guys keep saying: W^X does not do what PAX does!
In essence, PAX attempts a best-effort of mapping existing and unchanged
Linux binaries (except for marking) so that they are mapped best for
security. They do this by changing almost only kernel code.
In essence, the OpenBSD method attempts to make changes through the
entire system so that userland binaries are better organized and so
that kernel changes can be reduced or simplified. For instance, the
most complicated component of the W^X changes is not the kernel
modifications, but the changes to binutils and ld.so to map binaries
more carefully! OpenBSD/i386 3.3 binaries will not easily run on an
OpenBSD/i386 3.4 system, and if they do run, they will NOT HAVE
PROTECTION! This is something the PAX people knew the Linux community
would not accept; having entirely different constraints caused us to
take an ENTIRELY different approach to these problems.
W^X does not do what PAX does; rather, W^X attempts to solve many of
the same problem AREAS, but using entirely DIFFERENT SOLUTIONS.
Yet, persistantly we have been flooded by PAX supporters demanding
that we should give credit to the PAX people for the ideas in W^X.
When we had NOT known about PAX, and when W^X does NOT technically do
what PAX does.
How is it that out of one side of the mouth PAX people say that things
which I say are not possible on i386 using W^X (full per-page X bit) are
possible using PAX, and then the other side of the mouth says that W^X
is just derived from PAX ideas?
Holy cow, can you guys please stop crowing for me to revise history!
There is only one thing I have found the various PAX people to have in
common; they are very persistant at calling other people liars. Can
you people please grow up?
I'd say that the one thing that ``the various PaX people'' have in common is
that they use PaX. I believe I am one of them and I don't call you a liar. I
also know others who probably fit your definition who do not call you a liar.
You get rewarded for working on OpenBSD by donations and by selling CDs. For
other people the only reward is often public acknowledgement.
Oh? So to get their reward, they send out their drones to assault other
projects, and get credit that is not theirs?
It is clear that W^X was developed without knowlege of PAX; it is clear
that this is a case of two solutions to a similar problem space -- call it
convergent evolution; it is clear that begging for credit is just making
your efforts look more and more political and less and less techical.
I urge the PAX authors to get their community's rabid foaming under control.
In attack after attack posted to our mailing lists, we were not being asked
to say that the ideas from the PAX people predated the ideas in W^X. No, no!
We were being told to say that W^X ideas were *COPIED* from PAX, when
we had no idea that such a thing as PAX even existed! Furthermore, there are
difference in approach between W^X and PAX which are so fundamental that
it is clear we did not copy from PAX! Like, our idea that mprotect should
still permit a user to request a page that is PROT_EXEC|PROT_WRITE; by default
the PAX people prefer to deny such requests.
The way you have
presented W^R to the world, i.e. as if there was nothing like it on this planet
does not acknowledge the hard work of others.
We informally (in mail to lists, etc) presented W^X to say we have
shipped a system that does this and this and that, to improve
resistance against exploitation of bugs, in concert with ProPolice.
If you look at the PAX web and other much more formal documentation,
you will find that they do not mention W^X.
If you look at Crispin's StackGuard papers, you will not find a
mention of ProPolice -- which is clearly a better StackGuard. Why
should we mention PAX? It does not influence what OpenBSD users
encounter. Are Linux people being specifically told "This is PAX,
like W^X in OpenBSD"?
Hard work that implemented what
you thought was impossible before you even started thinking about it.
So? If our efforts were parallel, without any communication, how can I
give them credit? You want me to say that W^X is based on PAX, right?
You want me to lie. Get stuffed! I will not make that lie which you want
me to make.
W^X was invented because we saw the need for it. We had no idea that anyone
else was working in the same area.
Your continued insistance that we knew of PAX is making you look ridiculous.
say that is impressive, don't you think so? When people contacted you about it,
you treated them in a manner that was not exactly what one might expect from
a grown-up person.
I have seen about 50 mails from PAX developers or PAX-associated developers or
users insisting that we say that W^X is a PAX derivative. I continue to tell
them that I will not agree to such revisionism.
I will not revise history to make your ego feel less bruised.
The Adamantix Project
Taking trustworthy software out of the labs, and into the real world
Competing against OpenBSD security efforts, but starting out 6 years later...
- Re: Buffer overflow prevention, (continued)