top | item 34861467

(no title)

beachhead | 3 years ago

It'll never happen. Every single time this comes up it turns into the same thing over and over again. You must remember the person that said they'd "write a blogpost bypassing OpenBSD mitigations next week" and that's been well over a month now and, surprise, there's no blog about this.

Everything OpenBSD does is wrong and trivial to bypass but everyone's too busy to do it. Maybe the dumbest part about this is that nobody on the other side of this is making claims that these mitigations are perfect in any way.

Qualys has bypassed some OpenBSD malloc hardening features recently but then they don't go around making wild or insulting claims about how wrong and trivial they are either. Go figure.

discuss

g0xA52A2A|3 years ago

Just replying to provide some context [1] for those who come across this comment as I think it's pretty interesting. Also OpenBSD are working on something for this [2].

[1] https://seclists.org/oss-sec/2023/q1/92

[2] https://marc.info/?l=openbsd-tech&m=167673316325935&w=2

beachhead|3 years ago

More from Qualys: https://seclists.org/oss-sec/2023/q1/109