> ASLR is controversial. Some see it as "security by obscurity;" others see > it as extremely useful and effective.In which way ASLR has something to do with security by obscurity? Imho this is a standard security feature of a modern OS. Regards, Sergej -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20160310/1473270e/attachment.sig>
At 05:25 PM 3/9/2016, Sergej Schmidt wrote:>In which way ASLR has something to do with security by obscurity?ASLR attempts to create security by obscuring the locations of objects within the machine's address space. Critics of ASLR say (with some justification!) that this is just hiding them... in plain sight. Without getting into a flame war about that, I would simply like the option of compiling it in or not. --Brett Glass