Slashdot Mirror

← Back to Stories (view on slashdot.org)

Heap Protection Mechanism

Posted by Hemos on from the protecting-ourselves dept.

An anonymous reader writes "There's an article by Jason Miller on innovation in Unix that talks about OpenBSD's new heap protection mechanism as a major boon for security. Sounds like OpenBSD is going to be the first to support this new security method."

2 of 365 comments (clear)

  1. Re:new method? by JohanV · · Score: 5, Informative

    You mean the Data Execute Protection from Microsoft? OpenBSD has had that for a long time already, only they named it w^x.

    This new feature from OpenBSD is the use of guard pages and the immediate freeing of memory. In essence this means that both bad programming and exploit attempts are much more likely to result in a core dump then some unidentifiable and non reproducible corruption or a working exploit. Many people consider that a good thing because it will result in bugs being found in userland applications that would have otherwise stayed unnoticed. So even if you don't use OpenBSD yourself this is helping your system becomming more secure and better. And if you are running OpenBSD there is o need to worry too much about the stability of this feature, it was actually enabled shortly after the 3.7 release and has been in every snapshot on the way to 3.8.

    And I have to agree with the author that the best thing is that we get all the goods without ever having to switch them on!

  2. Re:Slowdown? by Anonymous Coward · · Score: 5, Informative

    Ho hum.

    http://www-128.ibm.com/developerworks/java/library /j-jtp09275.html

    Malloc is slow. Per studies, 20-30% of CPU time wasted on memory management.

    I haven't seen that level of retardation in JVM's since... oh... 1996?

    But yeah, keep thinking you can do it better. Whatever. In the meanwhile, the rest of the world moves on.