version 1.19, 2018/10/01 20:16:14 |
version 1.20, 2018/10/01 20:27:57 |
|
|
|
|
<li>Security improvements: |
<li>Security improvements: |
<ul> |
<ul> |
|
<li>New <a href="https://man.openbsd.org/unveil.2">unveil(2)</a> |
|
system call to restrict file system access of the calling |
|
process to the specified files and directories. It is most |
|
powerful when properly combined with privilege separation |
|
and <a href="https://man.openbsd.org/pledge.2">pledge(2)</a>. |
<li>New "retguard" security mechanism on amd64 and arm64: |
<li>New "retguard" security mechanism on amd64 and arm64: |
use per-function random cookies to protect access to function |
use per-function random cookies to protect access to function |
return instructions, making them harder to use in ROP gadgets. |
return instructions, making them harder to use in ROP gadgets. |