Date: Sat, 01 Dec 2001 17:31:37 +0000 From: Colin Percival <colin.percival@wadham.ox.ac.uk> To: security@FreeBSD.ORG Subject: Re: philosophical question... Message-ID: <5.0.2.1.1.20011201171925.035156f8@popserver.sfu.ca> In-Reply-To: <3C0903C1.9010108@noos.fr> References: <200112011642.JAA09819@lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
At 17:22 01/12/2001 +0100, Extended Laurent Fabre wrote: >Seems like an OpenBSD feature :P > >But from a security point of view, if an attacker can guess >the random seed, i can't see the protection offered... >It will just raise the number of brute force attacks... I think that a certain amount of protection is given by the fact that an exploit which fails as a result of malloc being nondeterministic would have a good chance of crashing the daemon being attacked. Brute force attacks are hard when each faliure has a chance of making further attempts impossible. ;) Another interesting consideration is that making malloc nondeterministic could make other bugs visible. Still, I have to agree that this sounds pretty OpenBSDish... looking at the BSDs as a whole I'd say it would make sense for this to be added into OpenBSD first and ported to FreeBSD once it has proved itself. Colin Percival To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.0.2.1.1.20011201171925.035156f8>