I was doing an analysis for my company who is looking to select a new operating system for their recently created server farm. I was analyzing FreeBSD when I found something alarming about it.
I ran a program that I made called simplegets, and then I looked at it's layout in virtual memory while running and this is what I got:
The suprise came when I ran simplegets a second time:
As you can see, all the memory addresses have not changed which shows that FreeBSD lacks Address Space Layout Randomization or ASLR, an important security feature that all other operating systems including Windows have.
Linux has ASLR as shown when simplegets is executed once:
and again
As you can see, not only is the address space layout of simplegets neater and simpler but more importantly, the memory addresses have changed showing that Linux is well protected using ASLR.
It just goes to show, FreeBSD is not safer then Linux but rather the other way round.
It also shows that it is possible that the FreeBSD project is cooperating with the NSA and CIA so that they can easily access FreeBSD hosts more easily.
I ran a program that I made called simplegets, and then I looked at it's layout in virtual memory while running and this is what I got:
Code:
doggoson@fbsd:/home/doggoson % ps aux | grep simplegets doggoson 13381 0.0 0.1 9920 1416 0 I+ 2:07PM 0:00.00 ./simplegets doggoson 13398 0.0 0.1 16288 1776 1 S+ 2:08PM 0:00.00 grep simplegets doggoson@fbsd:/home/doggoson % cat /proc/13381/map 0x400000 0x401000 1 0 0xfffffe003c103828 r-x 1 0 0x1000 COW NC vnode /usr/home/doggoson/simplegets NCH -1 0x600000 0x800000 2 0 0xfffffe0016de89f8 rw- 1 0 0x3000 NCOW NNC default - CH 1001 0x800600000 0x800618000 24 0 0xfffffe00076ed658 r-x 90 0 0x1004 COW NC vnode /libexec/ld-elf.so.1 NCH -1 0x800618000 0x800639000 21 0 0xfffffe001e195828 rw- 1 0 0x3000 NCOW NNC default - CH 1001 0x800817000 0x800819000 2 0 0xfffffe0023bf22b8 rw- 1 0 0x3000 NCOW NNC default - CH 1001 0x800819000 0x800947000 258 0 0xfffffe00076ed000 r-x 166 76 0x1004 COW NC vnode /lib/libc.so.7 NCH -1 0x800947000 0x800b46000 0 0 0xfffffe005afdc9f8 --- 1 0 0x2000 NCOW NNC default - NCH -1 0x800b46000 0x800b51000 11 0 0xfffffe00374cd9f8 rw- 1 0 0x3000 COW NNC vnode /lib/libc.so.7 CH 1001 0x800b51000 0x800b6c000 8 0 0xfffffe0067d37740 rw- 2 0 0x3000 NCOW NNC default - CH 1001 0x800c00000 0x801000000 8 0 0xfffffe0067d37740 rw- 2 0 0x3000 NCOW NNC default - CH 1001 0x7ffffffdf000 0x7ffffffff000 3 0 0xfffffe00790363a0 rw- 1 0 0x3000 NCOW NNC default - CH 1001 0x7ffffffff000 0x800000000000 0 0 0xfffffe0007515cb0 r-x 94 0 0x4 COW NC default - NCH -1 doggoson@fbsd:/home/doggoson %
Code:
doggoson@fbsd:/home/doggoson % ps aux | grep simplegets doggoson 13446 0.0 0.1 9920 1416 0 S+ 2:12PM 0:00.00 ./simplegets doggoson 13449 0.0 0.1 16288 1776 1 S+ 2:12PM 0:00.00 grep simplegets doggoson@fbsd:/home/doggoson % cat /proc/13446/map 0x400000 0x401000 1 0 0xfffffe003c103828 r-x 1 0 0x1000 COW NC vnode /usr/home/doggoson/simplegets NCH -1 0x600000 0x800000 2 0 0xfffffe004a9b3910 rw- 1 0 0x3000 NCOW NNC default - CH 1001 0x800600000 0x800618000 24 0 0xfffffe00076ed658 r-x 90 0 0x1004 COW NC vnode /libexec/ld-elf.so.1 NCH -1 0x800618000 0x800639000 21 0 0xfffffe00660a13a0 rw- 1 0 0x3000 NCOW NNC default - CH 1001 0x800817000 0x800819000 2 0 0xfffffe00790390e8 rw- 1 0 0x3000 NCOW NNC default - CH 1001 0x800819000 0x800947000 258 0 0xfffffe00076ed000 r-x 166 76 0x1004 COW NC vnode /lib/libc.so.7 NCH -1 0x800947000 0x800b46000 0 0 0xfffffe00486fd910 --- 1 0 0x2000 NCOW NNC default - NCH -1 0x800b46000 0x800b51000 11 0 0xfffffe00600819f8 rw- 1 0 0x3000 COW NNC vnode /lib/libc.so.7 CH 1001 0x800b51000 0x800b6c000 8 0 0xfffffe00302672b8 rw- 2 0 0x3000 NCOW NNC default - CH 1001 0x800c00000 0x801000000 8 0 0xfffffe00302672b8 rw- 2 0 0x3000 NCOW NNC default - CH 1001 0x7ffffffdf000 0x7ffffffff000 3 0 0xfffffe007219f740 rw- 1 0 0x3000 NCOW NNC default - CH 1001 0x7ffffffff000 0x800000000000 0 0 0xfffffe0007515cb0 r-x 94 0 0x4 COW NC default - NCH -1 doggoson@fbsd:/home/doggoson %
Linux has ASLR as shown when simplegets is executed once:
Code:
doggoson@bluebook ~ $ ps aux | grep simplegets doggoson 4134 0.0 0.0 4080 348 pts/0 S+ 13:59 0:00 ./simplegets doggoson 4145 0.0 0.0 8052 916 pts/1 S+ 13:59 0:00 grep --colour=auto simplegets doggoson@bluebook ~ $ cat /proc/4134/maps 00400000-00401000 r-xp 00000000 08:06 261421 /home/doggoson/Workspace/CC+/simplegets 00600000-00601000 rw-p 00000000 08:06 261421 /home/doggoson/Workspace/CC+/simplegets 7f704e324000-7f704e4c6000 r-xp 00000000 08:08 4461920 /lib/x86_64-linux-gnu/libc-2.17.so 7f704e4c6000-7f704e6c6000 ---p 001a2000 08:08 4461920 /lib/x86_64-linux-gnu/libc-2.17.so 7f704e6c6000-7f704e6ca000 r--p 001a2000 08:08 4461920 /lib/x86_64-linux-gnu/libc-2.17.so 7f704e6ca000-7f704e6cc000 rw-p 001a6000 08:08 4461920 /lib/x86_64-linux-gnu/libc-2.17.so 7f704e6cc000-7f704e6d0000 rw-p 00000000 00:00 0 7f704e6d0000-7f704e6f1000 r-xp 00000000 08:08 4461916 /lib/x86_64-linux-gnu/ld-2.17.so 7f704e8d0000-7f704e8d3000 rw-p 00000000 00:00 0 7f704e8ee000-7f704e8f1000 rw-p 00000000 00:00 0 7f704e8f1000-7f704e8f2000 r--p 00021000 08:08 4461916 /lib/x86_64-linux-gnu/ld-2.17.so 7f704e8f2000-7f704e8f4000 rw-p 00022000 08:08 4461916 /lib/x86_64-linux-gnu/ld-2.17.so 7fffdca09000-7fffdca2a000 rw-p 00000000 00:00 0 [stack] 7fffdca49000-7fffdca4b000 r-xp 00000000 00:00 0 [vdso] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] doggoson@bluebook ~ $
Code:
doggoson@bluebook ~ $ ps aux | grep simplegets doggoson 4173 0.0 0.0 4080 348 pts/0 S+ 14:02 0:00 ./simplegets doggoson 4176 0.0 0.0 8052 916 pts/1 S+ 14:02 0:00 grep --colour=auto simplegets doggoson@bluebook ~ $ cat /proc/4173/maps 00400000-00401000 r-xp 00000000 08:06 261421 /home/doggoson/Workspace/CC+/simplegets 00600000-00601000 rw-p 00000000 08:06 261421 /home/doggoson/Workspace/CC+/simplegets 7f1e449ac000-7f1e44b4e000 r-xp 00000000 08:08 4461920 /lib/x86_64-linux-gnu/libc-2.17.so 7f1e44b4e000-7f1e44d4e000 ---p 001a2000 08:08 4461920 /lib/x86_64-linux-gnu/libc-2.17.so 7f1e44d4e000-7f1e44d52000 r--p 001a2000 08:08 4461920 /lib/x86_64-linux-gnu/libc-2.17.so 7f1e44d52000-7f1e44d54000 rw-p 001a6000 08:08 4461920 /lib/x86_64-linux-gnu/libc-2.17.so 7f1e44d54000-7f1e44d58000 rw-p 00000000 00:00 0 7f1e44d58000-7f1e44d79000 r-xp 00000000 08:08 4461916 /lib/x86_64-linux-gnu/ld-2.17.so 7f1e44f58000-7f1e44f5b000 rw-p 00000000 00:00 0 7f1e44f76000-7f1e44f79000 rw-p 00000000 00:00 0 7f1e44f79000-7f1e44f7a000 r--p 00021000 08:08 4461916 /lib/x86_64-linux-gnu/ld-2.17.so 7f1e44f7a000-7f1e44f7c000 rw-p 00022000 08:08 4461916 /lib/x86_64-linux-gnu/ld-2.17.so 7fff4049f000-7fff404c0000 rw-p 00000000 00:00 0 [stack] 7fff405fe000-7fff40600000 r-xp 00000000 00:00 0 [vdso] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] doggoson@bluebook ~ $
It just goes to show, FreeBSD is not safer then Linux but rather the other way round.
It also shows that it is possible that the FreeBSD project is cooperating with the NSA and CIA so that they can easily access FreeBSD hosts more easily.
Comment