Disclaimer: I do not interact with the OpenBSD anymore due to abuse, however I will say on a technical level they have tried to squash entire classes of vulns, relatively effectively for the last 2 decades:
1. W^X (Write XOR Execute):
URL: https://en.wikipedia.org/wiki/W%5EX
2. ProPolice Stack Protector:
URL: https://en.wikipedia.org/wiki/OpenBSD_security_features
3. Address Space Layout Randomization (ASLR):
URL: https://en.wikipedia.org/wiki/Address_space_layout_randomization
4. RETGUARD:
URL: https://www.gobsd.org/viewtopic.php?t=3862
They invented some stuff or were an early implementor.
Good news: we're (CSA) working on something in this area and will hopefully have some interesting things to show off in a few weeks.
=> More informations about this toot | View the thread | More toots from kurtseifried@infosec.exchange
text/geminiThis content has been proxied by September (ba2dc).