Re: kernel aslr: someone interested?

To: tech-kern%netbsd.org@localhost
Subject: Re: kernel aslr: someone interested?
From: christos%astron.com@localhost (Christos Zoulas)
Date: Sat, 25 Mar 2017 19:08:25 +0000 (UTC)

In article <smu37e1h7bo.fsf%linuxpal.mit.edu@localhost>,
Greg Troxel  <gdt%lexort.com@localhost> wrote:
>-=-=-=-=-=-
>
>
>Maxime Villard <max%m00nbsd.net@localhost> writes:
>
>> I would also add - even if it is not a relevant argument - that most
>> "commonly-used" operating systems do have kernel aslr: Windows, Mac, Linux,
>> etc.
>
>There's another point, which various people may also consider invalid :-)
>
>In the US, there's a federal computer security standard NIST 800-53, and
>essentially a subset of that NIST 800-171, and more or less all federal
>contractors handling non-public information have to implement it.  There
>are a lot of security controls, and exploit mitigation is one of them.
>
>I am not claiming that kernel ASLR is a requirement.  But, I would hate
>to see people in these environments be told not to use NetBSD because it
>lacks some security controls compared to alternatives.

I think that nobody disputes that ASLR significantly raises the barrier
to entry (amount of work) that attackers need to perform in most cases.

christos

References:
- kernel aslr: someone interested?
  - From: Maxime Villard
- Re: kernel aslr: someone interested?
  - From: Joerg Sonnenberger
- Re: kernel aslr: someone interested?
  - From: Maxime Villard
- Re: kernel aslr: someone interested?
  - From: Greg Troxel

Prev by Date: Re: kernel aslr: someone interested?
Next by Date: Re: kernel aslr: someone interested?
Previous by Thread: Re: kernel aslr: someone interested?
Next by Thread: Re: kernel aslr: someone interested?
Indexes:

Home | Main Index | Thread Index | Old Index