Hacker News new | past | comments | ask | show | jobs | submit login

> The worst reforms in my opinion have been the ones that obfuscate memory and introduce nondeterminism, like aslr. It makes C programs impossible to debug.

This is why personality(2)'s ADDR_NO_RANDOMIZE exists, and both GDB and LLDB use it. And, like, if you have are attaching to an executable that was already launched both debuggers are more than competent enough at reading /proc/pid/maps and rebasing debug symbols to match.

> On the other hand, stuff like ASAN is great. I don't hear many people talking about it, sadly enough, outside Chrome team.

Every major browser engine tests with address sanitizer, as does the Linux kernel and many other projects that are concerned about security–it catches real bugs! But it could always see wider adoption, of course.

> Operating systems should enable that systemically.

But it's not really a security feature, nor is it something that an operating system implements (it's a dynamic library and an instrumented binary). However, memory tagging may bring something similar at the hardware level, and we may actually see real usage of this in the coming years rather than the perpetual soon™.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact