Date: Sat, 01 Dec 2001 17:22:25 +0100 From: Extended Laurent Fabre <elf@noos.fr> Cc: security@FreeBSD.ORG Subject: Re: philosophical question... Message-ID: <3C0903C1.9010108@noos.fr> References: <200112011642.JAA09819@lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Seems like an OpenBSD feature :P But from a security point of view, if an attacker can guess the random seed, i can't see the protection offered... It will just raise the number of brute force attacks... No ? Brett Glass wrote: >>Would it inconvenience debugging that malloc(3) becomes non >>deterministic in its layout ? >> > >>Would the increased uncertainty on program run-time be >>good or bad ? >> > > It could make reproduction of problems more difficult. So, if > it goes in, I'd like a switch to turn it off.... Maybe a > sysctl. > > But there's a more serious philosophical issue here. Isn't > shuffling the heap to avoid attacks really a form of > "security via obscurity?" > > --Brett Glass > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3C0903C1.9010108>