This is a reminder that FreeBSD still doesn't have basic exploit mitigations like ASLR in the year 2019

This is a reminder that FreeBSD still doesn't have basic exploit mitigations like ASLR in the year 2019.

Attached: freebsd-logo.png (250x217, 31.58K)

Other urls found in this thread:

cvedetails.com/vulnerability-list/vendor_id-93/product_id-19117/Oracle-JRE.html
twitter.com/SFWRedditImages

ASLR is braindamage only necessary because of braindamage.
Only memory unsafe language like C/C++ need shit like that. Of course Unix weenies and Zig Forums LARPer will never admit that C/C++ is shit and responsibly for 99% of all bugs.
Full disclosure: I'm not the LISP faggot. I have no opinion on LISP. I am Steve Klabnik XDDDDDD

Use OpenBSD then. What a shit thread.

And all programming languages are usually implemented in what? Oh right C/C++

You're an idiot

just dont run malware on your computer

Modern compilers are written in C/C++ because that the language all mainstream OSes and libraries are written in. Why? because of Unix weenies and Cniles. He's completely right.

Build the future you want to C. Us Unix weenies at least can sit on our asses because our way is THE _way_. You're the Zig Forums equivalent of antifa.

Unix weenies are such fags.

what good is ASLR? (rhetorical, I actually don't know).
The thing I don't understand about stack smashing is how to find an absolute memory address you can place code (a page with execution flags).
I forget exactly how ELF/PEs are mapped in memory so bear with me niggas.

My guess is these attacks use API functions they can reliably determine? (Global offset table?)
Trying to directly jump into heap/stack containing shellcode seems impossible, it seems like the cracker must first call mmap (or wangblows equiv.) then copy the shellcode before actually jumping.
How often do these attacks require exploiting other aspects of the program to return a pointer containing the shellcode?
If you loaded the shellcode into heap by some legitamate means, then found the address by exploit, then smashed the stack, what difference would it make?

What is changed in the layout?
I swear the Global Offset table is still at a fixed address and changing where the stack is doesn't seem to do fuck all.
What am I missing here? What class of attacks does ASLR address?

Attached: 0fa3e07cec1d7646df73afa19b269a6143661397bd653f7fd6a86152d7da5243.jpg (564x839, 205.6K)

Unix was an operating system. No one uses it. le unix philosophy is only ever mentioned by absolute hipsters.
Can you stop being retarded?
No you can. What did Terry do? He made his HolyC-compiler (own programming language) and OS running only HolyC from x86_64 assembly.
Git gud or git out!
There is also Redox. I'm not saying it's good or that i'd use it but it's an OS and it's made in Rust.
Yes they claim it to be Unix like but which OS these days isn't claimed to be that?
You need things like a filesystem to store documents, images and other data.
Yes one could indeed use shit like numbers instead of unicode letter paths.
However would you find anything ever? I doubt it. It would make the system too complicated and you'd end up creating a telephone book for the files on your drive.

Daily reminder that this is not an argument, just unix weenies who can't take anyone criticizing the pile of garbage that they see as the pinnacle of technology.

After finding a bunch of computer books that predate C, I'm beginning to understand that the UNIX hater doesn't know shit about computers and is making shit up because he is a dumb as fuck brick holding on to dead ideas like they meant anything if ever.

How does Rust prevent memroy exploits without ASLR?

like A and B?

>a thread died for some guy to say that (((cocbsd))) is missing mitigation against a threat
>this lack probably due of the (((coc))) incompetence
pathetic

Get lost.

The specter of that trash operating system and the language it was written in haunt us to this day.

Terry made a basic OS over several decades with no networking and shit hardware support. Rust is implemented using LLVM which uses C++ is a back end it's not exactly independent either and Redox is a unix like OS anyway.

That's true, but it's only part of the problem. A lot of software was written in assembly which C weenies look down on for being "less safe", but it still doesn't suffer from all these bugs and exploits. The "design" of C makes it harder to prevent errors than assembly language. That's why Linux needs 15,600 "programmers" and still can't get rid of the OOM killer.


There are programming languages today that don't need any C/C++ or a C/C++ compiler. Mezzano is written entirely in Lisp. PL/I and Pascal compilers don't use any C at all. It's mostly scripting languages that are written in C/C++ but there are many different implementations, like CLPython and Jython for Python.


People did build things for decades before and after C. In 1990 you could get a computer that has nothing written in C. The problem is that once UNIX weenies were able to get POSIX standardized, they started forcing it on people. Incompetent "decision makers" wanted "standard" operating systems and UNIX shills were able to convince them that POSIX is "the" standard for operating systems instead of being a standard for UNIX. That's like saying C is "the" standard for programming languages when the point is for C compilers to follow the standard.


File systems didn't come from UNIX. That's as dumb as saying integers came from C.


If you read computer books that predate C, you would know that a lot of "inventions" of C and UNIX were around for a long longer, not only before they were tacked onto UNIX, but before UNIX even existed. A lot of these books also had open questions and possible ways to solve known problems, but in UNIX, not only are these problems not solved 50 years later, but neither are the ones solved by Multics.

No, you've just had your brain damaged by UNIX too much so you can't understand it.

For reasons I'm ashamed to admit, I am taking an "Introto Un*x" course. (Partly to give me a reason to get back onthis list...) Last night the instructor stated "BeforeUn*x, no file system had a tree structure." I almostscreamed out "Bullshit!" but stopped myself just in time. I knew beforehand this guy definitely wasn't playingwith a full deck, but can any of the old-timers on this listplease tell me which OS was the first with a tree-structuredfile system? My guess is Multics, in the late '60s.

based

No such thing as memory safe language. You can only shift part of the responsibility to someone else at a huge performance/bloat cost. "Memory safe" languages are inferior way of doing resource intensive computing as shown by the industry.

The "industry" is using Java everywhere. The fuck you smoking?

Java is a terrible example because it's fairly slow and full of vulnerabilities.

look mah, I'm memory safe

cvedetails.com/vulnerability-list/vendor_id-93/product_id-19117/Oracle-JRE.html
yeah and your insurance company and bank use it so it must be secure.

Stop shitposting. You know those businesses prefer the convenience and cost of java over security.

HAPAS ARE SUPERIOR TO WHITES

HAPAS ARE SUPERIOR TO WHITES

HAPAS ARE SUPERIOR TO WHITES

HAPAS ARE SUPERIOR TO WHITES

HAPAS ARE SUPERIOR TO WHITES

HAPAS ARE SUPERIOR TO WHITES

HAPAS ARE SUPERIOR TO WHITES

HAPAS ARE SUPERIOR TO WHITES

HAPAS ARE SUPERIOR TO WHITES

HAPAS ARE SUPERIOR TO WHITES

Good idea user, but don't you think that idea is a bit too Jewish?

Whatcha sliding Chaim?

Holy fuck what is going on in this thread

Fuck off moshe.

Looks like some Soros-funded controlled opposition to me.

I'm seeing a lot of bot posts spammed around here. Be careful anons

Wow. Just wow.