A relatively new fork of FreeBSD, HardenedBSD, has completed its Address Space Layout Randomization (ASLR) feature. Without ASLR, applications are loaded into memory in a deterministic manner. An attacker who knows where a vulnerability lies in memory can reliably exploit that vulnerability to manipulate the application into doing the attacker's bidding. ASLR removes the determinism, making it so that even if an attacker knows that a vulnerability exists, he doesn't know where that vulnerability lies in memory. HardenedBSD's particular implementation of ASLR is the strongest form ever implemented in any of the BSDs.
The next step is to update documentation and submit updates to the patches they have already submitted upstream to FreeBSD. ASLR is the first step in a long list of exploit mitigation technologies HardenedBSD plans to implement.
(Score: 2) by TheRaven on Monday July 27 2015, @11:21AM
That said, ASLR doesn't make ROP much harder these days. Things like fixed-offset PLTs make it relatively easy to bypass.
sudo mod me up
(Score: 2) by FatPhil on Monday July 27 2015, @11:59AM
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 2) by TheRaven on Monday July 27 2015, @12:53PM
sudo mod me up