version 1.53, 2018/10/14 16:12:03 |
version 1.54, 2018/10/14 16:15:54 |
|
|
process to the specified files and directories. It is most |
process to the specified files and directories. It is most |
powerful when properly combined with privilege separation |
powerful when properly combined with privilege separation |
and <a href="https://man.openbsd.org/pledge.2">pledge(2)</a>. |
and <a href="https://man.openbsd.org/pledge.2">pledge(2)</a>. |
<li>New "retguard" security mechanism on amd64 and arm64: |
<li>New RETGUARD security mechanism on amd64 and arm64: |
use per-function random cookies to protect access to function |
use per-function random cookies to protect access to function |
return instructions, making them harder to use in ROP gadgets. |
return instructions, making them harder to use in ROP gadgets. |
<li>Simultaneous multithreading (SMT) is now disabled by default |
<li>Simultaneous multithreading (SMT) is now disabled by default |