Theo de Raadt has announced a new security feature is coming to the OpenBSD operating system which should make it more difficult to attack OpenBSD's kernel. The new feature, called kernel address randomized link, introduces small changes to the kernel each time the system boots. These changes in the internal layout of the kernel make it difficult for attackers to predict and exploit features in the kernel. "Previously, the kernel assembly language bootstrap/runtime locore.S was compiled and linked with all the other .c files of the kernel in a deterministic fashion. locore.o was always first, then the .c files order specified by our config utility and some helper files. In the new world order, locore is split into two files: One chunk is bootstrap, that is left at the beginning. The assembly language runtime and all other files are linked in random fashion. There are some other pieces to try to improve the randomness of the layout. As a result, every new kernel is unique. The relative offsets between functions and data are unique." Additional details and a roadmap for improving the randomization feature can be found in de Raadt's mailing list post.
Star Labs - Laptops built for Linux.
View our range including the Star Lite, Star LabTop and more. Available with a choice of Ubuntu, Linux Mint or Zorin OS pre-installed with many more distributions supported. Visit Star Labs for information, to buy and get support.