Will 11.0-RELEASE include ASLR?
Shawn Webb
shawn.webb at hardenedbsd.org
Thu Mar 10 15:40:32 UTC 2016
On Thu, Mar 10, 2016 at 10:29:38AM -0500, Ed Maste wrote:
> > There are patches ready for FreeBSD to use and it's ready to be shipped
> > in FreeBSD. However, for some reason FreeBSD developers do not want to
> > ship ASLR in FreeBSD. Why can't it be included at least as non-default
> > src.conf option and marked as experimental?
>
> A little while ago I asked kib@ to look at the ASLR situation.
>
> He implemented a small, more general solution. We planned to post it
> for review, testing and discussion soon, but given the renewed
> interest in this topic we'll put it on Phabricator today.
>
> I look forward to feedback on the patch from Shawn and the HardenedBSD
> folks and everyone else with an interest in ASLR on FreeBSD.
I look forward to seeing the patch. We'd be especially interested to see
how it does stack and VDSO randomization.
If the implementation that FreeBSD provides is better than
HardenedBSD's, we'd likely drop our implementation and go with
FreeBSD's.
I'll keep an eye on Phabricator today.
Thanks,
--
Shawn Webb
HardenedBSD
GPG Key ID: 0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20160310/8913ca65/attachment.sig>
More information about the freebsd-security
mailing list