===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/73.html,v
retrieving revision 1.22
retrieving revision 1.23
diff -c -r1.22 -r1.23
*** www/73.html 2023/04/03 21:51:34 1.22
--- www/73.html 2023/04/03 22:14:15 1.23
***************
*** 83,89 ****
Various kernel improvements:
-
- Added support for the Rockchip RK3568 processor.
- Implemented the waitid(2) system call
--- 83,88 ----
***************
*** 713,774 ****
- Security improvements:
! - Add Synthetic Memory Protections. These provide
!
! - Immutable memory mappings whose permissions and size cannot be
! changed anymore. A new system call mimmutable(2) enables
! this feature.
!
- Execute-Only permission on memory mappings. This uses hardware
! support where possible and emulation where the hardware does not have
! separate execute only features.
!
- Stack permission on mappings: On every system call the stack
! pointer is checked. It must point to a mapping that has MAP_STACK
! permissions.
!
- Pinning of syscall entry to a unique specific memory regions from
! which system calls can be made.
!
! The execute-only mappings are active on arm64, risc-v, hppa,
! aarch64, mips64, sparc64, amd64, mips, and power-pc platforms.
!
!
! - Implemented a --executable-only option in ld.bfd(1).
!
!
- Changed ld.so(1)
! to map certain regions of memory as immutable when loading shared
! libraries.
!
- Added execve(2)
violations of pinsyscall(2) policy
to the daily mail, available by setting rc.conf.local(5)
accounting=YES.
!
- Added retguard to amd64 syscalls.
!
!
- Randomly relink and install sshd(8) on boot, resulting
! in a sshd with unknown address layout after every reboot.
!
- Add another mitigation against classic BROP on systems without
execute-only mmu hardware-enforcement. A range-checking wrapper in
! front of copyin() and copyinstr() ensures the userland source address
! doesn't overlap the main program text and other text segments, thereby
! making this address ranges unreadable to the kernel. No programs have
! been discovered which require reading their own text segments with a
! system call.
!
- On arm64, introduce mitigation of the Spectre-BHB (Branch
History Injection) CPU vulnerability by using core-specific trampoline
vectors.
!
!
- Tightened the pledge(2) after ssh(1) session establishment.
!
!
- Enabled the Data Independent Timing (DIT) feature in both the kernel and
! userland on arm64 CPUs that support it to mitigate timing side-channel
attacks.
-
- Changes in the network stack:
--- 712,776 ----
- Security improvements:
! - Permissions (RWX, MAP_STACK, etc) on address space regions can
! be made immutable,
! so that mmap(2), mprotect(2) or munmap(2) fail with EPERM.
! Most of the program static address space is now automatically
! immutable (main program, ld.so, main stack, load-time shared
! libraries, and dlopen()'d libraries mapped without RTLD_NODELETE).
! Programmers can request non-immutable static data using the
! "openbsd.mutable" section, or manually bring immutability to (page
! aligned heap objects) using mimmutable(2).
!
- Some architectures now have non-readable code ("xonly"), both from
! the perspective of userland reading its own memory, or the kernel
! trying to read memory in a system call. Many sloppy practices in
! userland code had to be repaired to allow this. The linker (ld.lld(1)) option
! --execute-only is enabled by default. In order of development: arm64,
! riscv64, hppa, amd64, powerpc64, powerpc (G5 only), octeon. sparc64
! (sun4u only, unfinished).
!
- On all architectures which lack hardware-enforcement of xonly,
! system calls are now prevented from reading (via copyin(9)/copyinst)
! inside the program's main text, ld.so text, sigtramp text, or libc.so
! text.
!
- can still benefit from switching to --execute-only binaries if the
! cpu generates different traps for instruction-fetch versus data-fetch.
! The VM system will not allow memory to be read before it was executed
! which is valuable together with library relinking. Architectures
! switched over include loongson.
!
- ld.so(1) and crt0
! register the location of the execve(2) stub with the
! kernel using pinsyscall(2), after which the kernel only accepts an
! execve call from that specific location.
- Added execve(2)
violations of pinsyscall(2) policy
to the daily mail, available by setting rc.conf.local(5)
accounting=YES.
!
- Added retguard (consistency-check the return address on the
! stack) to amd64 syscalls.
!
- sshd random relinking at boot: Randomly relink and install sshd(8), resulting
! in a sshd binary with unknown address layout after every reboot.
- Add another mitigation against classic BROP on systems without
execute-only mmu hardware-enforcement. A range-checking wrapper in
! front of copyin(9) and
! href="https://man.openbsd.org/copyinstr.9">copyinstr(9) ensures
! the userland source address doesn't overlap the main program text and
! other text segments, thereby making this address ranges unreadable to
! the kernel. No programs have been discovered which require reading
! their own text segments with a system call.
- On arm64, introduce mitigation of the Spectre-BHB (Branch
History Injection) CPU vulnerability by using core-specific trampoline
vectors.
!
- Enabled the arm64 Data Independent Timing (DIT) feature in both the kernel and
! userland on CPUs that support it to mitigate timing side-channel
attacks.
- Changes in the network stack:
***************
*** 783,796 ****
configuring IPv6. This allows non-multicast interfaces such as
point-to-point interfaces and the NBMA / point-to-multipoint
interfaces like mpe(4), mgre(4) and wg(4) to work with IPv6.
-
- Use the new getnsecruntime(9)
timer to check the TCP_KEEPALIVE timer only against the system
runtime, not the uptime. Prevents TCP connections to fail after
wakeing up from suspend.
-
-
- Used stoeplitz (symmetric Toeplitz hash algorithm) to generate a
hash/flowid for pf(4) state
keys. With this change, pf will hash traffic the same way that
--- 785,795 ----
***************
*** 800,810 ****
queues too. using the same algorithm throughout the stack encourages
affinity of packets to rings and softnet threads the whole way
through.
-
- Prevented possible kernel crashes by dropping TCP packets with
destination port 0 in pf(4)
and the stack.
-
- Fixed a endian swap bug causing problems with vlans(4) on em(4) sparc64 systems.
--- 799,807 ----
***************
*** 826,832 ****
half second even if there is nothing to read. By default this buffer
is infinite and must be filled to become readable.
- Avoided enabling TSO on interfaces which are already attached to a bridge.
-
Routing daemons and other userland network improvements:
--- 823,828 ----
***************
*** 956,966 ****
When decoding and validating an individual RPKI file using filemode
(rpki-client -f file), display the optional CMS signing-time, and
non-optional X.509 notBefore, and X.509 notAfter timestamps.
-
-
- In snmpd(8),
-
Switched tftpd(8) to
--- 952,957 ----