version 1.1, 2020/05/06 12:20:45 |
version 1.2, 2020/05/06 12:36:08 |
|
|
features and auditing it. The kernel API accessible to these |
features and auditing it. The kernel API accessible to these |
programs is now restricted through <a |
programs is now restricted through <a |
href="https://man.openbsd.org/pledge">pledge(2)</a>. |
href="https://man.openbsd.org/pledge">pledge(2)</a>. |
|
<li>System calls may now only be performed from selected code regions: |
<!-- syscall call-from --> |
the main program, <a href="https://man.openbsd.org/ld.so">ld.so(1)</a>, |
<li><span style="color: red;">"syscall call-from" checking</span> |
libc.so and the signal trampoline. A new system call |
<li>Introduced <a |
<a href="https://man.openbsd.org/msyscall">msyscall(2)</a> indicates |
href="https://man.openbsd.org/msyscall">msyscall(2)</a>, permitting |
the the libc range, and activates the locking. This change hardens |
system calls from selected code regions only: the main program, <a |
against some attack methods. |
href="https://man.openbsd.org/ld.so">ld.so(1)</a>, libc.so and |
|
sigtramp. This is intended to harden against a mixture of W^X failures |
|
and JIT bugs allowing syscall misinterpretation. |
|
|
|
<li>Prevented stack trace saving from inspecting untrusted data on |
<li>Prevented stack trace saving from inspecting untrusted data on |
amd64, arm64 and i386. |
amd64, arm64 and i386. |
<li>Used lfence in place of stac/clac on pre-SMAP CPUs to protect |
<li>Used lfence in place of stac/clac on pre-SMAP CPUs to protect |