===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/64.html,v
retrieving revision 1.57
retrieving revision 1.58
diff -u -r1.57 -r1.58
--- www/64.html 2018/10/14 19:34:34 1.57
+++ www/64.html 2018/10/14 22:50:28 1.58
@@ -195,9 +195,21 @@
process to the specified files and directories. It is most
powerful when properly combined with privilege separation
and pledge(2).
+
Implemented MAP_STACK option for
+ mmap(2).
+ At pagefaults and syscalls the kernel will check that the
+ stack pointer points to MAP_STACK memory, which mitigates
+ against attacks using stack pivots.
New RETGUARD security mechanism on amd64 and arm64:
use per-function random cookies to protect access to function
return instructions, making them harder to use in ROP gadgets.
+ clang(1)
+ includes a pass which identifies common instructions which
+ may be useful in ROP gadgets and replaces them with safe
+ alternatives on amd64 and i386.
+ The Retpoline mitigation against Spectre Variant 2 has been
+ enabled in clang(1)
+ and in assembly files on amd64.
Simultaneous multithreading (SMT) is now disabled by default
and can be enabled with the new hw.smt
sysctl(2) variable.