Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Oleg Cherkasov (Oleg.Cherkasovmail.com)
Date: Mon Dec 03 2001 - 03:16:26 CST
On Saturday 01 December 2001 17:57, Cy Schubert - ITSD Open Systems Group
> In message <200112011642.JAA09819lariat.org>, Brett Glass writes:
> > > Would it inconvenience debugging that malloc(3) becomes non
> > > deterministic in its layout ?
> > >
> > > Would the increased uncertainty on program run-time be
> > > good or bad ?
> > It could make reproduction of problems more difficult. So, if
> > it goes in, I'd like a switch to turn it off.... Maybe a
> > sysctl.
> > But there's a more serious philosophical issue here. Isn't
> > shuffling the heap to avoid attacks really a form of
> > "security via obscurity?"
> Defence through depth. Every little bit helps. I think we should do
> I suppose we could have a malloc.conf bit to turn this feature off (on
> by default).
Think a new key 'malloc.random' for sysctl could be more useful, protected
with 'kern.securelevel' > 1.
To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message