OpenBSD Memory protection mechanisms that are not enabled by default?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

OpenBSD Memory protection mechanisms that are not enabled by default?

Hess THR
Hello!

Besides the "S" option for malloc.conf and increasing kern.stackgap_random and removing the wxallowed mount option, what else memory-related hardening mechanism are in OpenBSD that can be turned on and it is not enabled by default?

Even options would be useful if we have to re-compile the kernel, if minimal source code modification is needed.

Tried to get lists/ideas from grsecurity (if there is any, that is not already used in OpenBSD), but it is hard when you are not a programmer.

Many thanks.

Reply | Threaded
Open this post in threaded view
|

Re: OpenBSD Memory protection mechanisms that are not enabled by default?

Michael Price
There is no default malloc.conf file for good reasons. The performance
impacts are substantial. Additionally they stop bad behavior by aborting
the program. If you are not a programmer then you will be hard pressed to
fix the relevant applications.

Michael

On Mon, Feb 12, 2018 at 9:51 AM Hess THR <[hidden email]> wrote:

> Hello!
>
> Besides the "S" option for malloc.conf and increasing kern.stackgap_random
> and removing the wxallowed mount option, what else memory-related hardening
> mechanism are in OpenBSD that can be turned on and it is not enabled by
> default?
>
> Even options would be useful if we have to re-compile the kernel, if
> minimal source code modification is needed.
>
> Tried to get lists/ideas from grsecurity (if there is any, that is not
> already used in OpenBSD), but it is hard when you are not a programmer.
>
> Many thanks.
>
>