Hacker News new | past | comments | ask | show | jobs | submit login

> You also don’t need to do dynamic linking.

This is a big one. Linking against libc on many platforms also means making your binaries relocatable. It's a lot of unnecessary, incidental complexity.




It also means giving up ASLR, though.


You can still randomize heap allocations (but not with as much entropy), as usually the heap segment is quite large. But you don't get randomization of, e.g. the code.

ASLR is a weak defense. It's akin to randomizing which of the kitchen drawers you'll put your jewelry in. Not the same level of security as say, a locked safe.

Attacks are increasingly sophisticated, composed of multiple exploits in a chain, one of which is some form of ASLR bypass. It's usually one of the easiest links in the chain.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: