alt Hacker News> It's worth noting that FreeBSD made this easier than it would be on a modern Linux kernel: FreeBSD 14.x has no KASLR (kernel addresses are fixed and predictable) and no stack canaries for integer arrays (the overflowed buffer is int32_t[]).
What about FreeBSD 15.x then? I didn't see anything in the release notes or the mitigations(7) man page about KASLR. Is it being worked on?
NetBSD apparently has it: https://wiki.netbsd.org/security/kaslr/
Replies
keysersoze33 • today at 11:57 AM
This is more of a Linux kernel criticism of KASLR, but perhaps it's related as to why it's not been a priority in FreeBSD (i.e. it gives a false sense of safety and rather focus on 'proper' security hardening): https://forums.freebsd.org/threads/truth-about-linux-4-6-sec...
➕ show 1 reply
I don't understand this, because KASLR has been default in FreeBSD since 13.2:
[kmiles@peter ~]$ cat /etc/os-release
NAME=FreeBSD
VERSION="13.3-RELEASE-p4"
VERSION_ID="13.3"
ID=freebsd
ANSI_COLOR="0;31"
PRETTY_NAME="FreeBSD 13.3-RELEASE-p4"
CPE_NAME="cpe:/o:freebsd:freebsd:13.3"
HOME_URL="https://FreeBSD.org/"
BUG_REPORT_URL="https://bugs.FreeBSD.org/"
[kmiles@peter ~]$ sysctl kern.elf64.aslr.enable
kern.elf64.aslr.enable: 1