Security Upgraded For NetBSD-amd64 with Kernel ASLR Support (netbsd.org) 49

24 years after its release, NetBSD is getting a security upgrade -- specifically, Address Space Layout Randomization (ASLR). An anonymous reader writes: Support for Kernel ASLR was added on NetBSD-amd64 a few weeks ago. KASLR basically randomizes the address of the kernel, and makes it harder to exploit several classes of vulnerabilities [including privilege escalations and remote code execution]. It is still a work-in-progress, but it's already fully functional, and can be used following the instructions on this post from the NetBSD blog. It will be available starting from NetBSD 9, but may be backported to NetBSD 8 once it is stabilized.
NetBSD says they're the first BSD system to support ASLR.
    it's one of the reasons Linux is being phased out. It will eventually be an app that runs inside the much more secure systemd framework.

  • Now I can stop worrying about my toaster [embeddedarm.com] getting hacked - no, the bread kind, not these [wikipedia.org].

      FYI, here's something funny:


  • by rainer_d ( 115765 ) on Sunday October 22, 2017 @06:01PM (#55414441) Homepage

    https://hardenedbsd.org/conten... [hardenedbsd.org]

    AFAIK, this ALSR-thingy was the reason it was originally forked-off.

      HardenedBSD's is trying to copy grsec, but they're not really at the same level as grsec devs and are doing it badly. FreeBSD devs have repeatedly refused to merge any "improvements" done by HardenedBSD for a reason.

      • I know. Well, I knew there was some sort of dispute - or why else the whole forking business?

  • by TeknoHog ( 164938 ) on Sunday October 22, 2017 @06:14PM (#55414511) Homepage Journal
    Mmmm... KASLR [wikipedia.org]...

