HardenedBSD, some examples

Hi folks,

For testing ASLR, I just wrote this very basic example :

#include <mtld/devatlas.h>

using namespace Mobi::Mtld;

int

main(int argc, char *argv[])

{

Da::DeviceAtlas *da = new Da::DeviceAtlas();

printf("Address of da ptr %p\n", da);

delete da;

return (0);

}

Compiled without fPIE and aslr disabled (sysctl hardening.pax.aslr.status=0).
clang++ -I/usr/local/include -L/usr/local/lib -ldevatlas -lcommon -o da-test-aslr da-test-aslr.cc
So each time it is called, it should be the same address all the time.
For example

./da-test-aslr

Address of da ptr 0x802417000

./da-test-aslr

Address of da ptr 0x802417000

...

Now let's enable ASLR and compile with PIE flag
clang++ -I/usr/local/include -L/usr/local/lib -fPIE -ldevatlas -lcommon -o da-test-aslr da-test-aslr.cc

./da-test-aslr

Address of da ptr 0x887017000

./da-test-aslr

Address of da ptr 0x86bc17000

...

Another topic ...
With the ptrace hardening feature, it is possible to allow only root and possibly via PTRACE_HARDENING_GRP kernel option enabled to allow only one specific gid to perform any kind of ptrace call. It is also possible to set ugidfw utility with ptracehdflags to disable ptrace hardening for a specific binary for example.

ugidfw add subject uid dcarlier object filesys /usr/bin/top mode rx ptracehdflags a