Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
Security-related innovation in Unix
Jason Miller, 2005-09-28

Recently, a good friend of mine forwarded me an article from kerneltrap.org, which talked about a new heap implementation that's being introduced into an upcoming release of the OpenBSD operating system. This article was of specific interest to me, as I have been experimenting with the creation of a more secure heap implementation myself.

Comments Mode:
Security in Unix 2005-09-29
Alexey Vesnin
Unix systems(except Linux) are built with security concern in mind. OpenBSD is great for all the things you need to be rally SECURE. By the way - think about a question, that all the crap-like hardware like cheap all-in-one-but-software-based RAID controllers, WinModems, buggy video cards, IBM odd-f...

[ more ]  [ reply ]
Security-related innovation in Unix 2005-10-03
Anonymous (9 replies)
There is no explanation of how it works except an offhand remark about "guard pages". And what are the 3 BSDs. I thought there were just 2....

[ more ]  [ reply ]
Re: Security-related innovation in Unix 2005-10-03
Anonymous
3:

Free*, Open* and Net*...

[ more ]  [ reply ]
Re: Security-related innovation in Unix 2005-10-03
Anonymous
These are opinion columns, so I can't really get into the dirty technical details in the article. A guard page is basically an invalid (or valid but protected) page of memory on either side of an allocated chunk.

For example, let's say you allocated a big chunk of memory, and the heap returned a ...

[ more ]  [ reply ]
Re: Security-related innovation in Unix 2005-10-03
Anonymous
free, net, and open are the three BSDs...

[ more ]  [ reply ]
Re: Security-related innovation in Unix 2005-10-03
Anonymous
www.freebsd.org

www.openbsd.org

www.netbsd.org...

[ more ]  [ reply ]
Re: Security-related innovation in Unix 2005-10-03
Anonymous
Here is a discussion on the topic and the original post by Theo.
http://kerneltrap.org/node/5584

The three BSDs are Net, Free, and Open. There is also DragonFly, but it's just a continuation of the FreeBSD 4.x tree, so maybe it doesn't count.

...

[ more ]  [ reply ]
Re: Security-related innovation in Unix 2005-10-03
Anonymous
www.FreeBSD.org
www.NetBSD.org
www.OpenBSD.org...

[ more ]  [ reply ]
Re: Security-related innovation in Unix 2005-10-03
Anonymous
OpenBSD, NetBSD, FreeBSD, DragonflyBSD, etc.

The first three are what people mean when they say things about "the 3 BSDs"...

[ more ]  [ reply ]
Re: Security-related innovation in Unix 2005-10-03
Anonymous

OpenBSD, FreeBSD, NetBSD?...

[ more ]  [ reply ]
Re: Security-related innovation in Unix 2005-10-04
Jose Roman
Actually there are at least 5 BSD's.

1.FreeBSD
2.NetBSD
3.OpenBSD
4.Dragonfly BSD
5. Mac OS X(Darwin based on FreeBSD 5.X)...

[ more ]  [ reply ]
Security-related innovation in Unix 2005-10-03
David Emery (1 replies)
One of the things that Ada supports is the notion of strongly typed heaps, and has mechanisms to establish the max size of the heap for each "access type". This is what I think we really need. A big part of the security problem with heaps in C/C++ is that they're completely untyped, which makes it...

[ more ]  [ reply ]
Re: Security-related innovation in Unix 2005-10-05
Anonymous
Look how many programs are written in Ada and how many in other languages. Price of strong typing (and other theoretically-good features) is too high....

[ more ]  [ reply ]
Security-related innovation in Unix 2005-10-03
Todd Knarr (1 replies)
I have to wonder here. The "guard pages" sound a lot like the dead pages Electric Fence and NJAMD insert around each allocation to catch over/under-runs. The guard pages introduce a high overhead in terms of memory use (to the point that some programs simply can't run, there isn't enough address spa...

[ more ]  [ reply ]
Re: Security-related innovation in Unix 2005-10-05
Anonymous
There is enough RAM with 64bit archs.
But the performance will suffer....

[ more ]  [ reply ]
It is a contraction! 2005-10-05
English_language
On the other hand, if you're running one of the BSDs, you're probably running "phkmalloc," named after it's author, Poul-Henning Kamp....

[ more ]  [ reply ]
Security-related innovation in Unix 2005-10-05
Anonymous
The adding of default security features in OS's combined with stability is heartening. I'd like to point out Redhat has made SELinux and Execsheild default in RHEL4. NSA deserves the credit for SELinux. RH adding (even if it with a fairly permissive template set) SELinux to an enterprise product ...

[ more ]  [ reply ]




 

Privacy Statement
Copyright 2009, SecurityFocus