OpenBSD adds a new snapshot feature

OpenBSD

They will already know OpenBSD, an operating system of the BSD family. If you do not know it, it is an open source Unix-like system and it is not based on the Linux kernel, obviously. It is a descendant of NetBSD, but leaving portability in second place to focus on security as a strong point. Well, with the release of OpenBSD 6.2 will come a kernel with a very interesting feature.

It turns out that OpenBSD 6.2 will create a unique kernel every time a system user reboots or updates the system. This function it is called KARL (Kernel Address Randomized Link) and works by relinking the kernel's internal files in a random order so that it generates a unique binary blob each time. This is new, since current versions of OpenBSD use a predefined location, which results in the internal files being linked and loaded into the same binary each time and for all users.

The development of Theo de Raadt it will work by generating this specific image during installation, during updates or boot time. If the user boots, updates or reboots the machine, the newly generated kernel will be replaced by the new binary. And all this for what? Well, this way a random location is made for the memory addresses where the application and kernel code is executed, instead of having a hierarchy or memory segments already defined for each thing, which complicates the use of exploits that point to a memory area and improves security.

There is another similar technique called KASLR (Kernel Space Layout Randomization), which differs from KARL in that instead of generating a different binary each time, KASLR loads the same binary in random locations, which is what operating systems such as Windows and Linux-based currently use. Both for the same purpose.


Be the first to comment

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: AB Internet Networks 2008 SL
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.