Linked by Dareka on Fri 19th Apr 2013 10:40 UTC
BeOS & Derivatives "Starting with hrev45522, address space layout randomization (ASLR) and data execution prevention (DEP) are available in Haiku. These two features, which have actually become a standard in any modern OS, make it much harder to exploit any vulnerability that may be present in an application running on Haiku, thus generally improving system security."
Permalink for comment 559251
To read all comments associated with this story, please click here.
Security fail
by peteo on Fri 19th Apr 2013 13:24 UTC
peteo
Member since:
2011-10-05

I was (un)fortunate enough to get intimate knowledge about the Haiku source code after fixing the PCNet driver, and doing a few rounds of code review.

And I have to say that ASLR support at this point is pretty comical when the rest of the system basically ignores security.

A code review is long overdue.

GSoC is nice and all, but the students doesn't even avoid the most basic exploits (at a basic level, Haiku is littered with buffer overflow sensitive code, but that's the least of their problems from a security standpoint.)

As an avid BeOS fan, I sincerely hope they get their act together and start reviewing code properly before committing.

Reply Score: 1