Date: Tue, 14 Jan 2014 05:03:28 -0600 From: David Noel <david.i.noel@gmail.com> To: FreeBSD Questions Mailing List <freebsd-questions@freebsd.org> Subject: Exploit Mitigation Techniques: an Update After 10 Years (Theo de Raadt) Message-ID: <CAHAXwYC8ScSRyGHSG0gzVG=YYfoSrVbJJ6afSZzhZEOa4L5_SQ@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
http://tech.yandex.ru/events/yagosti/ruBSD/talks/1487/ I found an interesting talk the other day by OpenBSD's Theo de Raadt discussing the various exploit mitigation techniques used by OpenBSD. After outlining them he spent a few minutes talking about their adoption by other operating systems. He was particularly critical of the FreeBSD project for either not incorporating these techniques or for incorporating them, but disabling them by default. I'm not a systems developer so I have little basis for an opinion on what he said. I was hoping someone here who was more knowledgeable in that domain could chime in. Are the techniques he describes really the cutting edge when it comes to operating system security? Again, I'm not a systems guy, but I could see the value in the techniques he described. On the other hand I could also see how things like address space randomization could be dismissed as security through obscurity, and stand as nothing more than a small roadblock one would have to work around to compromise a system. If these techniques are not worth implementing, what are their main criticisms? If they are as useful as Theo seems to believe, what efforts are underway to incorporate them into FreeBSD? -David
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHAXwYC8ScSRyGHSG0gzVG=YYfoSrVbJJ6afSZzhZEOa4L5_SQ>