Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Upgraded For NetBSD-amd64 with Kernel ASLR Support (netbsd.org)

Posted by EditorDavid on from the address-space-layout-randomization dept.

24 years after its release, NetBSD is getting a security upgrade -- specifically, Address Space Layout Randomization (ASLR). An anonymous reader writes: Support for Kernel ASLR was added on NetBSD-amd64 a few weeks ago. KASLR basically randomizes the address of the kernel, and makes it harder to exploit several classes of vulnerabilities [including privilege escalations and remote code execution]. It is still a work-in-progress, but it's already fully functional, and can be used following the instructions on this post from the NetBSD blog. It will be available starting from NetBSD 9, but may be backported to NetBSD 8 once it is stabilized.
NetBSD says they're the first BSD system to support ASLR.

11 of 49 comments (clear)

  1. Re:They're not the first by a long shot by Anonymous Coward · · Score: 3, Informative

    OpenBSD doesn't have KASLR. It recently got KARL, but that's different. OpenBSD has had ASLR support for userland (PIE and PIC binaries and libs).

  2. Re: Porting NetBSD to Rust. by Anonymous Coward · · Score: 3, Insightful

    Rust is what languages like C, C++, Java and C# should have been.

    That statement may be debatable for some languages. But I've looked at Rust. It can't do what C can. Sorry. You can't write low level code (and I don't mean something as high level as the Linux kernel) in it. Go ahead, try writing a bootloader in Rust. Let me know how it turns out.

    The reality is that most good C programmers rarely have pointer fumbles. The fact of the matter is that lots of software we rely on (both open source and closed) are not written by even marginal programmers. There is this philosophy that if a good programmer writes the foundation the less skilled can follow along and product good software. It kinda works; to a point.

    But even if all pointer bugs magically go away to equate this with "more secure" software is insane. The security hole landscape is vast. Really vast: Timing attacks, hardware flaws, surprising backchannels, social engineering. Yes, ASLR is a good defense. But claiming that Rust is going to fix security or just pushing it in this marketing style hype-fest is a detriment to just how hard getting security right is.

  3. Re: Porting NetBSD to Rust. by Anonymous Coward · · Score: 3, Funny

    PHP is way more popular. Why not go the popularity route? It means there are more people proficient in the language!

  4. Re:Porting NetBSD to Rust. by jimbo · · Score: 4, Insightful

    No it's not scary. Every language, OS and many other projects when new have some people who are very enthusiastic and that's a good thing. It's understandable and normal in a growing thriving community.

    The Rust community at large usually says that if you have a large existing code base it is maybe not worth rewriting. However Rust integrates well into existing C projects and sometimes it's worth considering replacing problematic components in a larger project with Rust implementations, sometimes not. One example is Dropbox that's mostly a Go shop and will remain so, but they rewrote the bits that do bulk data transfers in Rust.

    Just get over the few super enthusiasts, be happy for them and if you are starting a new project make an informed decision, as opposed to one based on defensiveness or entrenching. Rust have many impressive features it's well worth considering.

  5. Re: Porting NetBSD to Rust. by DontBeAMoran · · Score: 2

    Make it PHP + Javascript to be absolutely sure it's 100% safe.

    --
    #DeleteFacebook
  6. Re: Last! by darthsilun · · Score: 2

    The Linux kernel finally has KASLR enabled by default in the 4.12 kernel – in July 2017 [1]

    The Fine Summary is poorly written, making it sound like NetBSD is way behind the times. But the truth is it's only three months later than Linux. Not bad IMO when you consider how many people work on the NetBSD kernel versus how many work on the Linux kernel.

    [1] https://kernelnewbies.org/Linu...

  7. Re: Porting NetBSD to Rust. by Megol · · Score: 2

    One can absolutely write low level code in Rust. There are examples available. Most parts of Linux are high-ish level but many parts are low level - or if doing actual interfacing with hardware isn't low level I wonder what you consider low enough. Microcode? That would be a table for hardware to interpret.

  8. I thought HardenedBSD was first? by rainer_d · · Score: 2

    https://hardenedbsd.org/conten...

    AFAIK, this ALSR-thingy was the reason it was originally forked-off.

    --
    Windows 2000 - from the guys who brought us edlin
    1. Re:I thought HardenedBSD was first? by Anonymous Coward · · Score: 2, Informative

      HardenedBSD's is trying to copy grsec, but they're not really at the same level as grsec devs and are doing it badly. FreeBSD devs have repeatedly refused to merge any "improvements" done by HardenedBSD for a reason.

  9. Re: Last! by Zero__Kelvin · · Score: 2

    Sorry, but that's not how it works. Linus doesn't decide what gets enabled, the distribution developers do. Your statement is literally nonsensical.

    --
    Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
  10. Ob. Homer Simpson by TeknoHog · · Score: 3, Funny

    Mmmm... KASLR...

    --
    Escher was the first MC and Giger invented the HR department.