Date: Wed, 27 May 2015 07:35:53 -0400 From: Shawn Webb <shawn.webb@hardenedbsd.org> To: Alfred Perlstein <alfred@freebsd.org> Cc: Pedro Giffuni <pfg@freebsd.org>, "K. Macy" <kmacy@freebsd.org>, Oliver Pinter <oliver.pinter@hardenedbsd.org>, Bryan Drewery <bdrewery@freebsd.org>, freebsd-arch@freebsd.org Subject: Re: ASLR work into -HEAD ? Message-ID: <CAExMvskE8u7gbocSuf3d=5KebVYgyhJWWdxFEct0aa%2B0%2BWnWXg@mail.gmail.com> In-Reply-To: <55656245.3000205@freebsd.org> References: <555CADB6.202@FreeBSD.org> <CAPQ4fftbUUSMHYXjOD-yO0ZzxdKwXzd5LA5AycrEyKMT3o63xw@mail.gmail.com> <555CC369.1030206@FreeBSD.org> <555FBE83.6080103@FreeBSD.org> <CAHM0Q_O4bCTaVi5HvKohrcYE--Yw8Yoo-0wEp1ScnF=qLiiQiQ@mail.gmail.com> <55656245.3000205@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On May 27, 2015 2:20 AM, "Alfred Perlstein" <alfred@freebsd.org> wrote: > > > > On 5/24/15 1:43 PM, K. Macy wrote: >> >> On May 22, 2015 4:41 PM, "Bryan Drewery" <bdrewery@freebsd.org> wrote: >>> >>> On 5/20/2015 12:24 PM, Pedro Giffuni wrote: >>>> >>>> My claim is that the majority of "professional" breachers and >>>> governments already have ASLR workarounds pre-coded and ready >>>> to launch. Finding an exploit is more difficult than beating >>>> ASLR so they are not going to hint everyone that they have >>>> an exploit until they can take all the linux/windows/MacOSX >>>> at the same time. >>>> >>>> The cost for the NSA and/or anonymous to step on >>>> ASLR is zero. >>> >> >> Correct. But who are we really protecting against? If it's the NSA only air >> gap will really do. In reality it's just a matter of making the cost of >> circumventing protections exceed the value of the data or items being >> protected. Locking one's doors and windows doesn't make one's house >> impenetrable by any stretch, but it does deter opportunistic passerby. >> >> Protecting against state overreach is a political matter and shouldn't >> factor into whether to invest in deterring lesser malfeasors. >> >> I'm sorry, but Bryan has it right. The political discussion is a side show. >> > > +1, also having a line item is good. Not having ASLR just makes FreeBSD look derp. > > DragonFly BSD has an implementation of ASLR based upon OpenBSD's model, added in 2010.[ > Microsoft's Windows Vista (released January 2007) and later have ASLR enabled > In 2003, OpenBSD became the first mainstream operating system to support partial ASLR > In Mac OS X Leopard 10.5 (released October 2007), Apple introduced randomization for system libraries > > Linux has enabled a weak form of ASLR by default since kernel version 2.6.12 (released June 2005). > > So basically 1 more week and we can be 10 years behind Linux. :) > > w00t. > > -Alfred FreeBSD is 14 years behind Linux if you count PaX's ASLR patch. Thanks, Shawn
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAExMvskE8u7gbocSuf3d=5KebVYgyhJWWdxFEct0aa%2B0%2BWnWXg>