1. 11
  1.  

  2. 6

    I love the hiring page more than the [good, ] technical content this time.

    1. 3

      Who is Marta?

      1. 1

        Apparently, a terrific footballer. Alternatively, it could be Márta Pardavi ranked as Civil Rights Defender of the Year by that website. We just can’t know by the presentation. Did find out about some great women, though. :)

      2. 3

        So, ASLR on OpenBSD isn’t really ASLR?

        1. 1

          If you like internet fights: correct, it’s not

          1. 3

            I didn’t ask to cause a fight. I asked because I want to know. Is there a technical reason or is it just because it doesn’t follow the PaX model? Is that reason enough? Is it because it doesn’t use the same deltas or because it uses none? Is it just a naming issue? The difference between ASR and ASLR have been briefly explained to me before in another comment here. However, that was in reference to FreeBSD’s rather recent implementation. There’s also this: https://hardenedbsd.org/content/easy-feature-comparison which is from the author but that means he’s not being consistent. Is there a reason for that? Maybe just an oversight? New information? I’m very curious about this. I have a very basic understanding of these things and maybe I’m just overlooking something that I should have picked up on. Here’s the other comment: https://lobste.rs/s/curktg/implement_address_space_layout#c_aok28i

            1. 3

              PaX introduced ASLR, and in that sense it had a specific meaning. It has since then been used to refer generically to various sorts of allocation address randomization. In a claim about ASLR the specific implementation is unclear, absent additional context.

              About two decades ago PaX ASR had performance and fragmentation concerns (on i386 Linux) which were addressed by PaX ASLR. However, those concerns are not necessarily applicable to other operating systems on contemporary 64-bit processors in today’s context.

              1. 1

                Yep. This all makes sense. The explanation about the difference between ASR and ASLR makes sense too. Though I’d never seen the term ASR mentioned before or by anyone else. However, it does seem as though OpenBSD uses some of those deltas or maybe ones that aren’t in line with the PaX model. Looking here: http://inertiawar.com/openbsd/hawkes_openbsd.pdf which is old and specific to OpenBSD 3.9 (i386) but still seems to imply that there’s the randomized stack top + randomized stack gap.

              2. 2

                I need to update the feature comparison page such that the mouse hover text mentions ASR rather than ASLR for OpenBSD. Thanks for the reminder!

                1. 3

                  I reckon OpenBSD should update their innovations page as it specifically mentions ASLR also.

                  https://www.openbsd.org/innovations.html