Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Operating Systems Security Unix BSD

HardenedBSD Completes Strong ASLR Implementation 66

New submitter HardenedBSD writes: A relatively new fork of FreeBSD, HardenedBSD, has completed its Address Space Layout Randomization (ASLR) feature. Without ASLR, applications are loaded into memory in a deterministic manner. An attacker who knows where a vulnerability lies in memory can reliably exploit that vulnerability to manipulate the application into doing the attacker's bidding. ASLR removes the determinism, making it so that even if an attacker knows that a vulnerability exists, he doesn't know where that vulnerability lies in memory. HardenedBSD's particular implementation of ASLR is the strongest form ever implemented in any of the BSDs.

The next step is to update documentation and submit updates to the patches they have already submitted upstream to FreeBSD. ASLR is the first step in a long list of exploit mitigation technologies HardenedBSD plans to implement.
This discussion has been archived. No new comments can be posted.

HardenedBSD Completes Strong ASLR Implementation

Comments Filter:
  • by zAPPzAPP ( 1207370 ) on Saturday July 25, 2015 @05:24PM (#50182677)

    That's always my next step too

  • by Anonymous Coward

    Pretty cool stuff. Nice to see more distros do this stuff. Personally I'm using openbsd for all my work these days because they have pretty much all these things turned on (and have had them for a long time)

    • by fisted ( 2295862 )

      I'm using openbsd for all my work

      Nice to see more distros do this stuff.

      Something tells me you aren't as familiar with the BSDs as you pretend to be. What could it possibly be?

  • by Anonymous Coward

    Wouldn't it be easier to just import OpenBSD's implementation?

  • by no-body ( 127863 ) on Saturday July 25, 2015 @06:18PM (#50182855)

    Adamantix over 10 years ago but got silent after version 2 or so. Tried to find their soure recently- impossible. Would have been great to get it to current HW compatibility. End of old story.

  • OpenBSD? (Score:2, Interesting)

    by Anonymous Coward

    I believe OpenBSD already added this functionality. Yer or two ago. How is this implementation better than theirs?

  • by tlambert ( 566799 ) on Saturday July 25, 2015 @08:30PM (#50183231)

    My big question now...

    Can I still run the debugger on running binaries, or does the debugger now need work done on it?

    Same question, but for core dumps.

  • ASLR was one of the arguments of using Windows while for some reason it is still bashed as insecure here. Chuckles

  • Perhaps they should call it "Getting Hard BSD".

  • I don't understand what this has to do with videos of whispering women.
  • If this gets ported to FreeBSD I say hurrah and many thanks to HardenedBSD!

    • by Bengie ( 1121981 )

      Pollination is good

      HardenedBSD was forked with the explicit idea of testing new security ideas and seeing what works, then pushing the code upstream back to FreeBSD. *BSD is not like Linux distros where they rarely work together. A lot of security ideas require some major changes that would not be feasible as a simple branch.

A complex system that works is invariably found to have evolved from a simple system that works.

Working...