Linked by Dareka on Fri 19th Apr 2013 10:40 UTC
BeOS & Derivatives "Starting with hrev45522, address space layout randomization (ASLR) and data execution prevention (DEP) are available in Haiku. These two features, which have actually become a standard in any modern OS, make it much harder to exploit any vulnerability that may be present in an application running on Haiku, thus generally improving system security."
Thread beginning with comment 559232
To read all comments associated with this story, please click here.
In the sidebar?
by chekr on Fri 19th Apr 2013 10:46 UTC
chekr
Member since:
2005-11-05

Now this is some real interesting news, about an actual OS, but on OS News it is relegated to the side column?

Reply Score: 3

RE: In the sidebar?
by WereCatf on Fri 19th Apr 2013 10:57 in reply to "In the sidebar?"
WereCatf Member since:
2006-02-15

Now this is some real interesting news, about an actual OS, but on OS News it is relegated to the side column?


Well, how much is there to write about it? There isn't much interesting in the implementation details and sure, Thom could've written in length what ASLR and DEP are and how they function, but.. well, that wouldn't really been relevant any longer.

Reply Parent Score: 2

RE[2]: In the sidebar?
by some1 on Fri 19th Apr 2013 14:07 in reply to "RE: In the sidebar?"
some1 Member since:
2010-10-05

Well, how much is there to write about it?

A fair bit, actually. DEP and ASLR are not binary "on/off" features, there are many details to what they actually do in the specific implementation and deployment.

Reply Parent Score: 4

RE: In the sidebar?
by Thom_Holwerda on Fri 19th Apr 2013 11:07 in reply to "In the sidebar?"
Thom_Holwerda Member since:
2005-06-29

As the comment above already notes - what's there to write?

Reply Parent Score: 2

RE: In the sidebar?
by bassbeast on Sun 21st Apr 2013 00:14 in reply to "In the sidebar?"
bassbeast Member since:
2007-11-11

Uhhh...how EXACTLY is this interesting? ASLR and DEP are fine and dandy for OSes that are being actively targeted but for haiku this is as useless as tits on a boar hog as we say down here.

So if you are happy they have that checkbox on a bulletpoint? Then I'm happy for you, I really am. But I bet you could scan the web for the next year and not find a virus targeting haiku that ASLR and DEP would protect against, hell you'd be lucky to find a single bug that would run on it at all.

Sometimes security by obscurity actually does work and unless they have made a deal with some OEM to sell haiku boxes I don't really see a point in this other than filling in a checkbox on a list, i really don't.

Reply Parent Score: 2

RE[2]: In the sidebar?
by pgeorgi on Sun 21st Apr 2013 12:04 in reply to "RE: In the sidebar?"
pgeorgi Member since:
2010-02-18

Sometimes security by obscurity actually does work and unless they have made a deal with some OEM to sell haiku boxes I don't really see a point in this other than filling in a checkbox on a list, i really don't.

Right now it might be useless. But having the feature on by default makes sure that applications run in such an environment (and don't make weird assumptions). Which can come in handy should the feature ever become crucial.

Reply Parent Score: 2

RE[2]: In the sidebar?
by Vanders on Sun 21st Apr 2013 13:39 in reply to "RE: In the sidebar?"
Vanders Member since:
2005-07-06

Uhhh...how EXACTLY is this interesting? ASLR and DEP are fine and dandy for OSes that are being actively targeted but for haiku this is as useless as tits on a boar hog as we say down here.

ASLR and DEP can also help developers find bugs: things like dangling pointers to unreferenced memory quickly become apparent, for example.

Reply Parent Score: 4