Hacker News new | ask | show | jobs
by PhantomGremlin 3700 days ago
I was not responding to "the mainstream OS OpenBSD ...". Let's go back to your remark, which preceded his:

kernel exploits for OpenBSD are neither theoretical nor impractical.

You put that out there as a bare, standalone statement. No elaboration, no proof.

Your comment might be true, but I would have liked to see some more "meat" in it. Some supporting evidence, some inkling of a truly wonderful proof.
1 comments
aortega 3700 days ago
I did write a remote kernel exploit for OpenBSD, it was not an easy task, and this was in a time when there were basically no exploit countermeasures in kernel (2007) (https://www.coresecurity.com/content/open-bsd-advisorie)

There are a bunch of local kernel exploits, all very practical and reliable. Kernel protections are something OpenBSD lacked until very recently.

link
PhantomGremlin 3699 days ago
Yes, thanks for reminding me of that one.

That timeline isn't pretty. The OpenBSD guys really needed to be dragged, kicking and screaming, to calling it a "security fix" rather than something milder like a "reliability fix".

link