From the documentation in the handbooks, I'm left w/ the impression that PC-BSD is what you get the moment you want X11 on top of FreeBSD. Or is there more to it than that?
PC-BSD occasionally picks some patches to apply on top of a stock FreeBSD, but they try to keep it fairly small. I suspect that they're unlikely to pick up these for several reasons. First, there are still some random segfaults in applications caused by these patches that are not yet diagnosed. Second, the HardenedBSD team doesn't have a great track record for security, for example merging some insecure random number generator patches that were under review for FreeBSD and rejected over security issues a [hardenedbsd.org]
> Third, since the Blind ROP work from Stanford [stanford.edu], ASLR is largely discredited as a security feature
this is utter nonsense. BROP doesn't work against a proper ASLR implementation. hint: brute force prevention is part of the deal. if you know better then feel free to demonstrate BROP against a grsecurity system;).
BROP doesn't work against a proper ASLR implementation
Define 'proper'. Re-randomisation after every fork()? Good luck with that. PLTs at random offsets? Sure, if you're willing to pay the overhead of not being able to share any position-independent code between processes.
i defined it in the challenge i gave you: grsecurity and its brute force prevention mechanism (but you can also just read the canonical document on ASLR on the PaX doc site where this requirement is clearly spelled out). if you can make BROP work there, by all means, let us and the world know. otherwise stop the parroting of academic 'research'.
FreeBSD (Score:0)
Are there plans to merge ASLR into FreeBSD ?
Re:FreeBSD (Score:2)
The next step is to update documentation and submit updates to the patches they have already submitted upstream to FreeBSD
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:0)
I'd say PC-BSD vs FreeBSD is akin to Ubuntu vs Debian. One is based on the other, with the goal of being newbie-friendly.
You can install Debian and install a desktop, or you can install Ubuntu and get a desktop configured and ready to use.
Personally, I'd always choose Debian and build up from that. (Posting this from FreeBSD.)
Re: (Score:2)
Re: (Score:0)
> Third, since the Blind ROP work from Stanford [stanford.edu], ASLR is largely discredited as a security feature
this is utter nonsense. BROP doesn't work against a proper ASLR implementation. hint: brute force prevention is part of the deal. if you know better then feel free to demonstrate BROP against a grsecurity system ;).
cheers,
PaX Team
Re: (Score:2)
BROP doesn't work against a proper ASLR implementation
Define 'proper'. Re-randomisation after every fork()? Good luck with that. PLTs at random offsets? Sure, if you're willing to pay the overhead of not being able to share any position-independent code between processes.
Re: (Score:0)
i defined it in the challenge i gave you: grsecurity and its brute force prevention mechanism (but you can also just read the canonical document on ASLR on the PaX doc site where this requirement is clearly spelled out). if you can make BROP work there, by all means, let us and the world know. otherwise stop the parroting of academic 'research'.
Re: (Score:0)
??
no you don't undrestand - it won't be used by PCBSD - it can't.
flash player is not supported with a hardenedbsd kernel. so no way.