← Back to context

Comment by 0xDEAFBEAD

2 years ago

Is there a current meta for OpenBSD exploit developers?

What's the right way to go about hardening the system if there's no meta to observe?

My very naive take would be something like: A successful exploit depends on jumping through a number of different hoops. Each of those hoops has an estimated success probability associated with it. We can multiply all the individual probabilities together to get an estimated probability of successful exploit -- assuming that hoop probabilities are independent, which seems reasonable? The most efficient way to harden against exploits is to try and shrink whichever hoop possesses the greatest partial derivative of overall exploit success probability with respect to developer time.

8 comments

0xDEAFBEAD

Reply
saagarjha  2 years ago

The meta doesn’t exist because nobody targets OpenBSD because it’s not used. People’s analysis of it is mostly just their educated guess as to how work for other platforms would carry over.

dtx1  2 years ago

> The most efficient way to harden against exploits is to try and shrink whichever hoop possesses the greatest partial derivative of overall exploit success probability with respect to developer time.

Depending on your definition of efficient, adding more hoops should work exponentially better.

  • 0xDEAFBEAD  2 years ago

    My definition of efficient is essentially whatever decreases the number of workable exploits most rapidly per hour of developer time.

    >Depending on your definition of efficient, adding more hoops should work exponentially better.

    Explain?

    • nequo  2 years ago

      Suppose your hoop probabilities are 25% and that you have two hoops so that the probability of jumping through both is

        25% * 25% = 6.25%.

      You can reduce the size of one of the hoops in half, changing the probability to

        25% * 25%/2 = 3.125%

      You can also add a third hoop, in which case the probability is

        25% * 25% * 25% = 1.5625%

      1.5625% < 3.125%, so adding a third hoop is better than shrinking one of the two existing hoops. Of course, this argument makes important assumptions about the hoop probabilities.

      3 replies →