could you please guys implement some anti exploitation technologies such as ASLR out of the box ? Or maybe dedicate a manpage explaining the dev team views over such matters.
I've been a long time user of FreeBSD and i can't help but to feel it keeps dragging behind in this field.
Or please someone explain me why i shouldn't be worrying about that.
could you please guys implement some anti exploitation technologies such as ASLR out of the box ? Or maybe dedicate a manpage explaining the dev team views over such matters.
I've been a long time user of FreeBSD and i can't help but to feel it keeps dragging behind in this field.
Or please someone explain me why i shouldn't be worrying about that.
Explanation: You're running BSD. What gains is ASLR supposed to provide you, the end user? Protecting you against a custom crafted process injection attack on your specific BSD distro written by someone who could have made more profit creating a bogus kickstarter campaign or by attempting to mine bitcoins?
(I kid... there's enough stuff running FreeBSD that no ASLR by default is a bit odd... but it sure makes debugging easier)
ASLR [wikipedia.org] has been usefully complicating enough vulnerabilities to have proven it's worthwhile. At this point it's quite near being an industry standard for any system that follows good security practices. It's really not credible to reject it anymore as too complicated to risk bothering with. Yes, some of the issues can be addressed more deeply, too, but security should be layered and redundant.
A major cause for why there are less exploits on the *BSD kernels is that the rate of innovation is so low. New an
You see but you do not observe.
Sir Arthur Conan Doyle, in "The Memoirs of Sherlock Holmes"
Please if some FreeBSD dev sees this... (Score:0)
could you please guys implement some anti exploitation technologies such as ASLR out of the box ? Or maybe dedicate a manpage explaining the dev team views over such matters.
I've been a long time user of FreeBSD and i can't help but to feel it keeps dragging behind in this field.
Or please someone explain me why i shouldn't be worrying about that.
Re:Please if some FreeBSD dev sees this... (Score:1)
could you please guys implement some anti exploitation technologies such as ASLR out of the box ? Or maybe dedicate a manpage explaining the dev team views over such matters.
I've been a long time user of FreeBSD and i can't help but to feel it keeps dragging behind in this field.
Or please someone explain me why i shouldn't be worrying about that.
Explanation: You're running BSD. What gains is ASLR supposed to provide you, the end user? Protecting you against a custom crafted process injection attack on your specific BSD distro written by someone who could have made more profit creating a bogus kickstarter campaign or by attempting to mine bitcoins?
(I kid... there's enough stuff running FreeBSD that no ASLR by default is a bit odd... but it sure makes debugging easier)
Re: (Score:2)
ASLR [wikipedia.org] has been usefully complicating enough vulnerabilities to have proven it's worthwhile. At this point it's quite near being an industry standard for any system that follows good security practices. It's really not credible to reject it anymore as too complicated to risk bothering with. Yes, some of the issues can be addressed more deeply, too, but security should be layered and redundant.
A major cause for why there are less exploits on the *BSD kernels is that the rate of innovation is so low. New an