Slashdot Mirror

← Back to Stories (view on slashdot.org)

Heap Protection Mechanism

Posted by Hemos on from the protecting-ourselves dept.

An anonymous reader writes "There's an article by Jason Miller on innovation in Unix that talks about OpenBSD's new heap protection mechanism as a major boon for security. Sounds like OpenBSD is going to be the first to support this new security method."

8 of 365 comments (clear)

  1. Slowdown? by (1+-sqrt(5))*(2**-1) · · Score: 4, Informative
    Continues Theo,
    A number of other similar changes which are too dangerous for normal software or cause too much of a slowdown are available as malloc options as described in the manual page.
    Id est, they stopped before reaching a Java-like retardation.
    1. Re:Slowdown? by Anonymous Coward · · Score: 5, Informative

      Ho hum.

      http://www-128.ibm.com/developerworks/java/library /j-jtp09275.html

      Malloc is slow. Per studies, 20-30% of CPU time wasted on memory management.

      I haven't seen that level of retardation in JVM's since... oh... 1996?

      But yeah, keep thinking you can do it better. Whatever. In the meanwhile, the rest of the world moves on.

  2. Hm... gotta reply to myself by archeopterix · · Score: 4, Informative

    Ok, I've posted hastily, thus creating a bit of an half-assed post. They use more techniques (random address allocation, immediate free-to-kernel), still not revolutionary, but indeed worth mentioning. My bad.

  3. Re:My Windows XP has heap protection! by jcupitt65 · · Score: 4, Informative
    The MS thing is just support for no-execute: the bit that says that this page is only code and not data and you shouldn't try to run anything in here. Everyone has supported this for ages.

    This is more. It looks like they are adding extra 'tripwire' pages to the heap, so if an attacker manages to write to part of the heap they shouldn't, there's a good chance they'll hit a tripwire and be detected.

  4. Also Worth Mentioning by RAMMS+EIN · · Score: 4, Informative

    This presentation (by Theo de Raadt) gives a good overview of the security features in OpenBSD (beyond what's already outlined on the OpenBSD security page). It covers W^X, random stack displacements, random canaries to detect stack smashing, random library base addresses, random addresses for mmap and malloc operations, guard pages, privilege revocation, and privilege separation. One thing it doesn't cover is systrace.

    --
    Please correct me if I got my facts wrong.
  5. Re:new method? by JohanV · · Score: 5, Informative

    You mean the Data Execute Protection from Microsoft? OpenBSD has had that for a long time already, only they named it w^x.

    This new feature from OpenBSD is the use of guard pages and the immediate freeing of memory. In essence this means that both bad programming and exploit attempts are much more likely to result in a core dump then some unidentifiable and non reproducible corruption or a working exploit. Many people consider that a good thing because it will result in bugs being found in userland applications that would have otherwise stayed unnoticed. So even if you don't use OpenBSD yourself this is helping your system becomming more secure and better. And if you are running OpenBSD there is o need to worry too much about the stability of this feature, it was actually enabled shortly after the 3.7 release and has been in every snapshot on the way to 3.8.

    And I have to agree with the author that the best thing is that we get all the goods without ever having to switch them on!

  6. Re:new method? by ArbitraryConstant · · Score: 4, Informative

    "You mean the Data Execute Protection from Microsoft? OpenBSD has had that for a long time already, only they named it w^x."

    They also didn't need the per-page execute bit to do it. You need a fairly new machine to get the protection, but my 486 firewall has it. They also have stack protection, which is helpful because even if the heap and stack aren't executable you can overwrite return addresses or pointers to functions, and have them point to existing code that can be tricked into doing something malicious.

    --
    I rarely criticize things I don't care about.
  7. Re:This is why I couldn't use OpenBSD exclusively. by Nimrangul · · Score: 4, Informative
    But they don't care, they're not trying to be FreeBSD or a Linux distribution, they're trying to be OpenBSD and a part of that is not letting people's perception of optimum performance get in the way of doing what is right by them.

    You gotta remember, the project doesn't do it for outsiders, what they do is for themselves. They want security and are willing to pay performance and ease of use to get it, it's like a mantra for them, never take the path of least resistance.

    If this looses like 5 or 10 percent of it's performance on my machines I won't mind, it's another layer of protection and I like having it and am fine with the cost, faster hardware isn't that expensive. If something I run crashes, I will report to the people that wrote it, telling them that I found a problem that was found by OpenBSD's malloc, maybe they'll even devote an old test box to checking for bugs on it.

    If OpenBSD was trying to be a Linux distribution then we'd not have most of the good stuff that makes OpenBSD unique.

    --
    I'm sick of following my dreams - I'm just going to ask them where they're going and hook up with them later.