===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/62.html,v
retrieving revision 1.28
retrieving revision 1.29
diff -u -r1.28 -r1.29
--- www/62.html 2017/10/02 19:43:51 1.28
+++ www/62.html 2017/10/02 20:47:29 1.29
@@ -177,8 +177,19 @@
csh(1) and
mail(1)
were rewritten to cope with the removal.
-
New mitigations
- were added, Kernel Address Randomized Link (KARL) and Trapsleds.
+ Trapsleds, a new mitigation that significantly reduces the amount of
+ nops in the instruction stream, converting them to traps, eliminating
+ many potentially useful gadgets.
+ Kernel Address Randomized Link (KARL), a new "link-kit" allows the .o
+ files of the kernel to be relinked in a random order, creating a unique
+ kernel for each boot.
+ Like with libc previously,
+ rc(8) re-links libcrypto on
+ startup, placing the objects in a random order.
+ In addition to libcrypto, to deter code reuse exploits,
+ rc(8) re-links
+ ld.so on
+ startup, placing the objects in a random order.