Will 11.0-RELEASE include ASLR?
Shawn Webb
shawn.webb at hardenedbsd.org
Thu Mar 10 13:54:49 UTC 2016
On Wed, Mar 09, 2016 at 10:23:22PM -0700, Brett Glass wrote:
> At 05:25 PM 3/9/2016, Sergej Schmidt wrote:
>
> >In which way ASLR has something to do with security by obscurity?
>
> ASLR attempts to create security by obscuring the locations of
> objects within the machine's address space. Critics of ASLR say
> (with some justification!) that this is just hiding them... in
> plain sight. Without getting into a flame war about that, I would
> simply like the option of compiling it in or not.
That option has always been available in HardenedBSD's implementation.
It has been a kernel option that you can toggle at compile time with the
PAX_ASLR kernel option. IT can also be toggled via /boot/loader.conf by
setting hardening.pax.aslr.status=0.
Thanks,
--
Shawn Webb
HardenedBSD
GPG Key ID: 0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20160310/72930941/attachment.sig>
More information about the freebsd-security
mailing list