Hello, > For better or worse the term ASLR is today in common use to refer to a > number of different approaches. Using what has become a generic term > allows the implementation to change in the future, without changing > the interface (e.g. sysctls, userland tools, etc.).
If I'm not mistaken, ASR is the approach that was first taken by the PaX team in an attempt to randomize mmaps. It later evolved into ASLR, however I do agree that one should call this ASLR for compatibility reasons in the future. > I wish there was a concise, technical comparison of the approaches > implemented by different operating systems, but I've unfortunately not > found one. FWIW, ASLR is just a workaround and has it's weaknesses, but is a workaround I would like to see implemented in FreeBSD, be it ASLR or ASR, until a proper solution comes along.  https://www.blackhat.com/docs/asia-16/materials/asia-16-Marco-Gisbert-Exploiting-Linux-And-PaX-ASLRS-Weaknesses-On-32-And-64-Bit-Systems-wp.pdf -- Best regards, Domagoj Stolfa
Description: PGP signature