OpenBSD Memory protection mechanisms that are not enabled by default?

[Hess THR]

Hello!

Besides the "S" option for malloc.conf and increasing kern.stackgap_random and 
removing the wxallowed mount option, what else memory-related hardening 
mechanism are in OpenBSD that can be turned on and it is not enabled by default?

Even options would be useful if we have to re-compile the kernel, if minimal 
source code modification is needed.

Tried to get lists/ideas from grsecurity (if there is any, that is not already 
used in OpenBSD), but it is hard when you are not a programmer.

Many thanks. 

Re: OpenBSD Memory protection mechanisms that are not enabled by default?

[Michael Price]

There is no default malloc.conf file for good reasons. The performance
impacts are substantial. Additionally they stop bad behavior by aborting
the program. If you are not a programmer then you will be hard pressed to
fix the relevant applications.

Michael

On Mon, Feb 12, 2018 at 9:51 AM Hess THR  wrote:

> Hello!
>
> Besides the "S" option for malloc.conf and increasing kern.stackgap_random
> and removing the wxallowed mount option, what else memory-related hardening
> mechanism are in OpenBSD that can be turned on and it is not enabled by
> default?
>
> Even options would be useful if we have to re-compile the kernel, if
> minimal source code modification is needed.
>
> Tried to get lists/ideas from grsecurity (if there is any, that is not
> already used in OpenBSD), but it is hard when you are not a programmer.
>
> Many thanks.
>
>