Slashdot Mirror

← Back to Stories (view on slashdot.org)

HardenedBSD Completes Strong ASLR Implementation

Posted by timothy on from the never-play-marco-polo-with-hannibal-lector dept.

New submitter HardenedBSD writes: A relatively new fork of FreeBSD, HardenedBSD, has completed its Address Space Layout Randomization (ASLR) feature. Without ASLR, applications are loaded into memory in a deterministic manner. An attacker who knows where a vulnerability lies in memory can reliably exploit that vulnerability to manipulate the application into doing the attacker's bidding. ASLR removes the determinism, making it so that even if an attacker knows that a vulnerability exists, he doesn't know where that vulnerability lies in memory. HardenedBSD's particular implementation of ASLR is the strongest form ever implemented in any of the BSDs.

The next step is to update documentation and submit updates to the patches they have already submitted upstream to FreeBSD. ASLR is the first step in a long list of exploit mitigation technologies HardenedBSD plans to implement.

4 of 66 comments (clear)

  1. OpenBSD? by Anonymous Coward · · Score: 2, Interesting

    I believe OpenBSD already added this functionality. Yer or two ago. How is this implementation better than theirs?

    1. Re:OpenBSD? by Noryungi · · Score: 1, Interesting

      This list should clarify things a bit.
      While OpenBSD had ASLR it is lacking in many other ways.
      That is the thing with security, it isn't the doors you locked that matters, it's that single one you didn't lock that is the problem.

      Hmmm... While I agree with you on the general principle, here are a couple of things, off the top of my head:

      1. False positives ("Vulnerable" tests in your example) do exist, you know. How are you sure that OpenBSD (or FreeBSD) is vulnerable in such and such case? Have you created an exploit specifically for the things being tested by paxtest? Maybe OpenBSD has other capabilities

      2. False negatives are also a thing. Even if paxtest says: "such-and-such is OK", how do you know if a clever hacker won't be able to find a way around the ASLR protection?

      Also important: paxtest dates back to 2004, and, as far as I know, has never been updated since (web site here). Not that this is a bad thing, but ASLR, and security, has changed a lot since then...

      --
      The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
  2. Re:Why not just use OpenBSDs? by Zer0P · · Score: 5, Interesting

    Wouldn't it be easier to just import OpenBSD's implementation?

    See the pictures under this link: http://hup.hu/node/140322 . ;)

  3. My big question now... by tlambert · · Score: 3, Interesting

    My big question now...

    Can I still run the debugger on running binaries, or does the debugger now need work done on it?

    Same question, but for core dumps.