Heap Protection Mechanism

An anonymous reader writes "There's an article by Jason Miller on innovation in Unix that talks about OpenBSD's new heap protection mechanism as a major boon for security. Sounds like OpenBSD is going to be the first to support this new security method."

cool

[chrisxkelley]

now unix will be more secure than all... well, again.

My solution is slower, but 100% effective

[Anonymous Coward]

When my application needs a chunk of memory, it sends a specially crafted HTTPS request to my bank, debits the account, sends a fax to the local computer shop who then sends a tech over to install the DIMMs.

When the application is finished with the memory, it sends a FAX to the local electronics recycling facility who sends out a tech to remove the DIMMs and melt them down into whatever.

Using this method of heap memory allocation (I call it "ACAlloc" for "Anonymous Coward Alloc" has been 100% effective and I have NEVER had a heap overflow exploit in any of my code.

Yes, it's slow, but I am secure.

...And I'm running the most up-to-date 80386 Linux 0.97 kernel. TDz.

What's next?

[Groo Wanderer]

Ok, we start out with 'protection', then we move to 'a heap' of protection, most assuredly to be followed by 'a whole heap' of protection. I can only see this spiral continuing until Bill Gates himself gets up on stage at CES in an Elvis suit promising 'a hunka- hunka- burnin protection'. *SHUDDER* Time to take a cold shower.

              -Charlie

Apologies to the Black-Eyed Peas

[Anonymous Coward]

OpenBSD's "My Heap":

Lookin' at my heap, heap
You can look but you can't touch it.
If you touch it, I'ma start some drama.
You don't want no drama.
[...]
My heap, my heap, my heap, my heap.

Microsoft Windows?

[fernique]

Could this technology be implemented in the Microsoft Windows systems to be more secure than Linux?

Re:OpenBSD at the cutting edge on security

[fireboy1919]

than more mainstream Linux distributions

I know it seems strange...but OpenBSD isn't a Linux distribution at all.

I know its hard to wrap head around. Its one of those things you just have to accept. In addition:
-deep down, cows are not people too. So you can eat 'em, I guess.
-neither are cats or dogs. So don't force them to wear clothing.
-neither is information. So it doesn't care about being free or anything else.
-"Windows" is somehow both an operating system and a Window manager. You're not supposed to consider them separate things (wierd, isn't it?)
-Wearing a tampon with wings will not give you the power of flight.

Hopefully I've cleared up a few issues for you. :)

Re:Hm... old technique?

[Chocolate Teapot]

Guard pages aren't exactly shiny new

Shhh!! I was waiting until everyone started using them before hitting them with my patent ;)

Heap protection?

[justforaday]

I call my heap protection mechanism "bumpers" : p

Linux Had A Spec For This Ages Ago

[Anonymous Coward]

But Linus doesn't like specs so it got dropped !

VBLinux

[Frankie70]

  For real security, don't use C.


I am rewriting Linux in Visual Basic 6.0.
I am going to call the distro VBLinux.

Re:What's next?

[Rufus88]

Bill Gates himself gets up on stage at CES in an Elvis suit promising 'a hunka- hunka- burnin protection'. *SHUDDER* Time to take a cold shower.

You *need* a cold shower? Hell, to me, that image *was* the equivalent of a cold shower!

Re:Slowdown?

[Anonymous Coward]

You Java apologists are worse than creationists.

Re:cool

[Orgazmus]

Its just Windows 2000 with a 1 added for each bugfix

Re:Unnecessary when using languages that solve thi

[Clover_Kicker]

You're totally right, dude.

Let me know when you release your Haskell version of Sendmail, and I'll switch over immediately.

Re:Whatever happened to segmentation?

[Sloppy]

Holy crap, if my 1987 self could hear what I'm saying in 2005... "You senile old bastard! I'll fucking kill you for this!" would probably be his first reaction.

2005 self would counter with, "Yeah, the pointers will be bigger than they used to be, but you progam in high-level languages now, so you don't ever worry about that. It's the compiler's problem."

1987 Sloppy would say, "But I'm going go write a compiler!"

2005 Sloppy would say, "You fuckwit, you never got anywhere on that project. You barely even started it. Too much time fucking around with graphics and genetics."

1987 Sloppy would say, "But, but, it's not fair! Segmentation is an x86 thing. Everyone knows that in the future, we'll all be using 68k. 68k doesn't do segmentation."

2005 Sloppy would sigh.

1987 Sloppy would say, "Oh come on. There's no way people are still using x86 in the 21st century, or even in the 1990s. No fucking way."

2005 Sloppy would just shrug. There's nothing to do in a situation like this. There's nothing you can say. They'll never believe you.