ASLR and PIE disabled by default
Carsten Mattner
carstenmattner at gmail.com
Tue Apr 4 02:14:39 PDT 2017
On Tue, Apr 4, 2017 at 4:34 AM, Ben Woolley <tautolog at gmail.com> wrote:
> Hi Carsten,
>
> To be fair, their solution allows you to use pledge for source,
> and vmm for binary.
Despite the fact that vmm isn't an exact replacement you make a fair
point. Virtualization can be used for security but it's more complex
than a syscall filter or MAC and therefore more likely to have holes.
I guess vmm makes sense since OpenBSD removed support for foreign
executables and there won't be many OpenBSD closed source applications
anyway.
> One issue with binary is not *really* knowing what kind of access
> it should have, not just for security, but also for functionality.
> It kinda makes sense.
Which is another reason to have a cross platform solution so that
projects can maintain a single profile for multiple platforms
and therefore avoid putting too much of a burden on upstream
developers. I think it's time to consolidate at least the config
format if not push for something like Capsicum. Compared to a
complex filesystem like ZFS or Hammer or even POSIX filesystems
in general, writing a minimally viable syscall filter or MAC
feature is approachable enough for many developers that there's
many variants in Unixes and Linux.
More information about the Users
mailing list