Submission + - HardenedBSD Completes Strong ASLR Implementation (hardenedbsd.org)
HardenedBSD writes: A relatively new fork of FreeBSD, HardenedBSD, completed their Address Space Layout Randomization (ASLR) feature. Without ASLR, applications are loaded into memory in a deterministic manner. An attacker who knows where a vulnerability lies in memory can reliably exploit that vulnerability to manipulate the application to doing the attacker's bidding. ASLR removes the determinism, making it so that an attacker knows that a vulnerability exists, but doesn't know where that vulnerability lies in memory. HardenedBSD's particular implementation of ASLR is the strongest form ever implemented in any of the BSDs.
With HardenedBSD having completed their ASLR implementation, the next step is to update documentation and submit update the patches they have already submitted upstream to FreeBSD. ASLR is the first step in a long list of exploit mitigation technologies HardenedBSD plans to implement. HardenedBSD has also implemented other exploit mitigation, security, and general hardening features, providing great security for FreeBSD.
With HardenedBSD having completed their ASLR implementation, the next step is to update documentation and submit update the patches they have already submitted upstream to FreeBSD. ASLR is the first step in a long list of exploit mitigation technologies HardenedBSD plans to implement. HardenedBSD has also implemented other exploit mitigation, security, and general hardening features, providing great security for FreeBSD.
