From owner-freebsd-questions@FreeBSD.ORG Tue Jan 14 11:17:31 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 9FAB0634 for ; Tue, 14 Jan 2014 11:17:31 +0000 (UTC) Received: from relaygateway01.edpnet.net (relaygateway01.edpnet.net [212.71.1.210]) by mx1.freebsd.org (Postfix) with ESMTP id 3BF5519B8 for ; Tue, 14 Jan 2014 11:17:30 +0000 (UTC) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AnwGAMkb1VJNbXft/2dsb2JhbABagws4g1S3BU+BERd0giUBAQEEAQEBICsIGAsQCxgCAgUTDgICDwUTAQkIJAgHBAEZAwSHTwMVCao3lVYDYYRGF4EpjQ0BAU8Hgm81gRMElU2CUAGBMJBlgy47MYEE X-IPAS-Result: AnwGAMkb1VJNbXft/2dsb2JhbABagws4g1S3BU+BERd0giUBAQEEAQEBICsIGAsQCxgCAgUTDgICDwUTAQkIJAgHBAEZAwSHTwMVCao3lVYDYYRGF4EpjQ0BAU8Hgm81gRMElU2CUAGBMJBlgy47MYEE X-IronPort-AV: E=Sophos;i="4.95,658,1384297200"; d="scan'208";a="230739845" Received: from 77.109.119.237.adsl.dyn.edpnet.net (HELO mordor.lan) ([77.109.119.237]) by relaygateway01.edpnet.net with ESMTP/TLS/DHE-RSA-AES256-SHA; 14 Jan 2014 11:58:59 +0100 Date: Tue, 14 Jan 2014 12:16:19 +0100 From: Julien Cigar To: David Noel Subject: Re: Exploit Mitigation Techniques: an Update After 10 Years (Theo de Raadt) Message-ID: <20140114111619.GC1672@mordor.lan> References: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.22 (2013-10-16) Cc: FreeBSD Questions Mailing List X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Jan 2014 11:17:31 -0000 http://www.itwire.com/business-it-news/open-source/62728-mckusick-denies-freebsd-lagging-on-security On Tue, Jan 14, 2014 at 05:03:28AM -0600, David Noel wrote: > http://tech.yandex.ru/events/yagosti/ruBSD/talks/1487/ > > I found an interesting talk the other day by OpenBSD's Theo de Raadt > discussing the various exploit mitigation techniques used by OpenBSD. > After outlining them he spent a few minutes talking about their > adoption by other operating systems. He was particularly critical of > the FreeBSD project for either not incorporating these techniques or > for incorporating them, but disabling them by default. > > I'm not a systems developer so I have little basis for an opinion on > what he said. I was hoping someone here who was more knowledgeable in > that domain could chime in. Are the techniques he describes really the > cutting edge when it comes to operating system security? Again, I'm > not a systems guy, but I could see the value in the techniques he > described. On the other hand I could also see how things like address > space randomization could be dismissed as security through obscurity, > and stand as nothing more than a small roadblock one would have to > work around to compromise a system. > > If these techniques are not worth implementing, what are their main > criticisms? If they are as useful as Theo seems to believe, what > efforts are underway to incorporate them into FreeBSD? > > -David > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" -- No trees were killed in the creation of this message. However, many electrons were terribly inconvenienced.