version 1.28, 2017/10/02 19:43:51 |
version 1.29, 2017/10/02 20:47:29 |
|
|
<a href="https://man.openbsd.org/csh.1">csh(1)</a> and |
<a href="https://man.openbsd.org/csh.1">csh(1)</a> and |
<a href="https://man.openbsd.org/mail.1">mail(1)</a> |
<a href="https://man.openbsd.org/mail.1">mail(1)</a> |
were rewritten to cope with the removal. |
were rewritten to cope with the removal. |
<li><a href="https://www.openbsd.org/innovations.html">New mitigations</a> |
<li>Trapsleds, a new mitigation that significantly reduces the amount of |
were added, Kernel Address Randomized Link (KARL) and Trapsleds. |
nops in the instruction stream, converting them to traps, eliminating |
|
many potentially useful gadgets. |
|
<li>Kernel Address Randomized Link (KARL), a new "link-kit" allows the .o |
|
files of the kernel to be relinked in a random order, creating a unique |
|
kernel for each boot. |
|
<li>Like with libc previously, |
|
<a href="https://man.openbsd.org/rc.8">rc(8)</a> re-links libcrypto on |
|
startup, placing the objects in a random order. |
|
<li>In addition to libcrypto, to deter code reuse exploits, |
|
<a href="https://man.openbsd.org/rc.8">rc(8)</a> re-links |
|
<a href="https://man.openbsd.org/ld.so.1">ld.so</a> on |
|
startup, placing the objects in a random order. |
</ul> |
</ul> |
<p> |
<p> |
|
|