|
OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below. |
|
Thread Tools | Display Modes |
|
|||
randomization kernel protection
Hello I'm not too much familiar with IT and programing but I would ask about new feature.What advantage will be this change what Theo is doing .
https://marc.info/?l=openbsd-tech&m=149732026405941 |
|
||||
phessler@ answered this question in the comments to the article in the OpenBSD Journal.
Quote:
|
|
|||
Why Theo do this now not 10 years ago.Somebody from NSA use this method to hack system.
|
|
||||
There was also this article in bleepingcomputer.com, and where I first learned about it.
OpenBSD Will Get Unique Kernels on Each Reboot It explains the difference in KARL and ASLR — Address Space Layout Randomization, which has been implemented in Linux: |
|
||||
For clarity, your link references KASLR - "Kernel ASLR."
ASLR is not new, having been initially developed for Linux PaX in 2001 and deployed in OpenBSD in 2003, with other operating systems following over time. (Wiki) Last edited by jggimi; 11th August 2017 at 03:43 PM. Reason: added link |
|
|||
On my learning of OpenBSD doing this kernel randomization thingy, I moved (after ~12 years of Linux) from an ArchLinux based distro to OpenBSD. (I had been dissatisfied with Linux due to the effects of Red Hat - in particular - on the way Linux was being developed - I really don't like systemd. I also have learned that I really don't like the OpenRC init, which I've used for quite some time - the dislike is for completely different reasons...)
OpenBSD even without the Linux compatibility kernel layer, gives me more useful application choices than Void Linux (a technically great non-systemd alternative that uses the runit init). Unfortunately Void Linux seems to me to be more of a technical experiment & hobby for a BSD guy! (He makes me feel very simple minded...) I only mentioned Void, as it was probably my last hope of finding a systemd free Linux that was suitable. For me it isn't. Repo is too small, community is too small, development team is too small, forum moderator team is too small, & on it goes. /rant |
|
||||
Quote:
Quote:
Personally, randomised kernals do not mean much to me. The extra security is nice, but it would not be the determining factor in my choice of OS. |
|
|||
@s_d I agree with you that the rolling release package management system is not really suitable for business environments.
Where Void's rolling release system is superior to Arch (or any other rolling system that I know of) is that you can not upgrade any package for over a year, & then upgrade only selected packages (the dependencies will have to be upgraded too of course) & there will be no stability problems. If you go to 3 months & beyond with Arch (based systems) you are asking for system trouble. The kernel randomization thing was really just what caused me to have another look at OpenBSD. It installed & ran on my main machine; does just about everything that I need, so it is my new desktop system. I just have to get AirVPN working on it & I'll be completely satisfied. |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
"arc4random - randomization for all occasions" presentation by Theo de Raadt | J65nko | News | 0 | 22nd November 2014 12:51 AM |
freebsd jails and drupal protection | barti | FreeBSD Security | 7 | 6th September 2012 03:58 AM |
ASLR (Address Space Layout Randomization): i386 PAE vs 64 bit | aleunix | OpenBSD Security | 0 | 2nd March 2012 11:48 AM |
Protection against Fingerprinting | magnesik | OpenBSD Security | 0 | 6th February 2010 12:12 AM |
Virus & Rootkit protection | jaymax | FreeBSD Ports and Packages | 1 | 18th June 2008 02:46 PM |