Date: Fri, 22 May 2015 18:40:51 -0500 From: Bryan Drewery <bdrewery@FreeBSD.org> To: Pedro Giffuni <pfg@FreeBSD.org>, Oliver Pinter <oliver.pinter@hardenedbsd.org>, Shawn Webb <shawn.webb@hardenedbsd.org>, freebsd-arch@freebsd.org Subject: Re: ASLR work into -HEAD ? Message-ID: <555FBE83.6080103@FreeBSD.org> In-Reply-To: <555CC369.1030206@FreeBSD.org> References: <555CADB6.202@FreeBSD.org> <CAPQ4fftbUUSMHYXjOD-yO0ZzxdKwXzd5LA5AycrEyKMT3o63xw@mail.gmail.com> <555CC369.1030206@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --7WB0at8ihqDKalmCTslJAF1kecxPn3EjH Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 5/20/2015 12:24 PM, Pedro Giffuni wrote: > My claim is that the majority of "professional" breachers and > governments already have ASLR workarounds pre-coded and ready > to launch. Finding an exploit is more difficult than beating > ASLR so they are not going to hint everyone that they have > an exploit until they can take all the linux/windows/MacOSX > at the same time. >=20 > The cost for the NSA and/or anonymous to step on > ASLR is zero. This sort of argument easily turns into "why bother with security?". Please be careful with it. Every layer and mitigation helps. The real world is not just NSA or China. It's also full of script kiddies. Should we just stop using SSL because NSA might have cracked it? Should we just hand over root ssh keys to China because they probably have it all hacked anyway? Should we just give up since billions of dollars pour into security breaking research? Should I just post my CC here since it's surely leaked from the hundreds of places I use it at anyway? No. I've had very basic security checks, that could be easily circumvented, stop actual script kiddies before. Had they persisted longer I would have been in major trouble. If I explained what it is you would surely laugh it off and tell me to not bother. Well it worked. ASLR has its place too. --=20 Regards, Bryan Drewery --7WB0at8ihqDKalmCTslJAF1kecxPn3EjH Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJVX76IAAoJEDXXcbtuRpfPl6cH/2mCC8Dftn9/Wj9bTCX9O8AF x0jZnU0rc1u0ARFmsFPAA2CCnjom5oxzMwkxpk1OP2FmWVcDSbDQ4TRghnmOG8nT mF84ktVGRAXAa2YtOsIK/u0Q4ACilk/oOXP+FPepDuc3+e4OOFQCUSsJC1BhoNve L1EvJ5hwgkTNNp8IFoZOIh3aTAhEwh6FfIy0Bn+WAyUVdS69FDLo5lXTV+bYJym7 f/uKHtJJvJDSiS+E3NJ9sm02S6xki0bKNphjDDT+I+M4Hc27u+VXsFKBcTmW23Ky WVZY9q+V8+Us+wKQ9fvfp5Sf67iLvQnqbNj4R8NXn0vEG7lx/OBMJK5vJFDyCyE= =LDFO -----END PGP SIGNATURE----- --7WB0at8ihqDKalmCTslJAF1kecxPn3EjH--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?555FBE83.6080103>