Exploit Mitigation Techniques: an Update After 10 Years (Theo de Raadt)

Julien Cigar jcigar at ulb.ac.be
Tue Jan 14 11:17:31 UTC 2014


On Tue, Jan 14, 2014 at 05:03:28AM -0600, David Noel wrote:
> http://tech.yandex.ru/events/yagosti/ruBSD/talks/1487/
> I found an interesting talk the other day by OpenBSD's Theo de Raadt
> discussing the various exploit mitigation techniques used by OpenBSD.
> After outlining them he spent a few minutes talking about their
> adoption by other operating systems. He was particularly critical of
> the FreeBSD project for either not incorporating these techniques or
> for incorporating them, but disabling them by default.
> I'm not a systems developer so I have little basis for an opinion on
> what he said. I was hoping someone here who was more knowledgeable in
> that domain could chime in. Are the techniques he describes really the
> cutting edge when it comes to operating system security? Again, I'm
> not a systems guy, but I could see the value in the techniques he
> described. On the other hand I could also see how things like address
> space randomization could be dismissed as security through obscurity,
> and stand as nothing more than a small roadblock one would have to
> work around to compromise a system.
> If these techniques are not worth implementing, what are their main
> criticisms? If they are as useful as Theo seems to believe, what
> efforts are underway to incorporate them into FreeBSD?
> -David
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"

No trees were killed in the creation of this message.
However, many electrons were terribly inconvenienced.

More information about the freebsd-questions mailing list