===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/62.html,v
retrieving revision 1.28
retrieving revision 1.29
diff -c -r1.28 -r1.29
*** www/62.html 2017/10/02 19:43:51 1.28
--- www/62.html 2017/10/02 20:47:29 1.29
***************
*** 177,184 ****
csh(1) and
mail(1)
were rewritten to cope with the removal.
!
New mitigations
! were added, Kernel Address Randomized Link (KARL) and Trapsleds.
--- 177,195 ----
csh(1) and
mail(1)
were rewritten to cope with the removal.
!
Trapsleds, a new mitigation that significantly reduces the amount of
! nops in the instruction stream, converting them to traps, eliminating
! many potentially useful gadgets.
! Kernel Address Randomized Link (KARL), a new "link-kit" allows the .o
! files of the kernel to be relinked in a random order, creating a unique
! kernel for each boot.
! Like with libc previously,
! rc(8) re-links libcrypto on
! startup, placing the objects in a random order.
! In addition to libcrypto, to deter code reuse exploits,
! rc(8) re-links
! ld.so on
! startup, placing the objects in a random order.