| ▲ | unacorner 10 hours ago | |
It took FreeBSD almost 20 years to implement ASLR: https://svnweb.freebsd.org/base?view=revision&revision=34396... Is security not a priority for their developers? | ||
| ▲ | laxd 10 hours ago | parent | next [-] | |
My impression is that ASLR just hasn't been well regarded and prioritized. See for example this tweet by cperciva: https://x.com/cperciva/status/1528971801983823872 | ||
| ▲ | avadodin 9 hours ago | parent | prev [-] | |
ASLR implemented at the mmap level in 32 bits(which was 100% of FreeBSD usage in 2005) is less than 20bits of randomness try 1M times and you've broken it add to that limitations in early implementations where large swaths of the address space were reserved for kernel and shared libraries and you're in a scenario where many of your exploits maybe fail to run the first couple of times and that's ignoring side channels or kernels such as Linux degrading back due to difficulty adapting some other feature to use ASLR. | ||