| version 1.22, 2023/04/03 21:51:34 |
version 1.23, 2023/04/03 22:14:15 |
|
|
| |
|
| <li>Various kernel improvements: |
<li>Various kernel improvements: |
| <ul> |
<ul> |
| |
|
| <li>Added support for the Rockchip RK3568 processor. |
<li>Added support for the Rockchip RK3568 processor. |
| <li>Implemented the <a |
<li>Implemented the <a |
| href="https://man.openbsd.org/waitid.2">waitid(2)</a> system call |
href="https://man.openbsd.org/waitid.2">waitid(2)</a> system call |
|
|
| |
|
| <li>Security improvements: |
<li>Security improvements: |
| <ul> |
<ul> |
| <li>Add Synthetic Memory Protections. These provide |
<li>Permissions (RWX, MAP_STACK, etc) on address space regions can |
| <ul> |
be made <a href="https://man.openbsd.org/mimmutable.2">immutable</a>, |
| <li>Immutable memory mappings whose permissions and size cannot be |
so that <a href="https://man.openbsd.org/mmap.2">mmap(2)</a>, <a |
| changed anymore. A new system call <a |
href="https://man.openbsd.org/mprotect.2">mprotect(2)</a> or <a |
| href="https://man.openbsd.org/mimmutable.2">mimmutable(2)</a> enables |
href="https://man.openbsd.org/munmap.2">munmap(2)</a> fail with EPERM. |
| this feature. |
Most of the program static address space is now automatically |
| <li>Execute-Only permission on memory mappings. This uses hardware |
immutable (main program, ld.so, main stack, load-time shared |
| support where possible and emulation where the hardware does not have |
libraries, and dlopen()'d libraries mapped without RTLD_NODELETE). |
| separate execute only features. |
Programmers can request non-immutable static data using the |
| <li>Stack permission on mappings: On every system call the stack |
"openbsd.mutable" section, or manually bring immutability to (page |
| pointer is checked. It must point to a mapping that has MAP_STACK |
aligned heap objects) using <a |
| permissions. |
href="https://man.openbsd.org/mimmutable.2">mimmutable(2)</a>. |
| <li>Pinning of syscall entry to a unique specific memory regions from |
<li>Some architectures now have non-readable code ("xonly"), both from |
| which system calls can be made. |
the perspective of userland reading its own memory, or the kernel |
| </ul><br> |
trying to read memory in a system call. Many sloppy practices in |
| The execute-only mappings are active on arm64, risc-v, hppa, |
userland code had to be repaired to allow this. The <a |
| aarch64, mips64, sparc64, amd64, mips, and power-pc platforms. |
href="https://man.openbsd.org/ld.lld.1">linker (ld.lld(1))</a> option |
| <!-- XXX xonly checks on copyin(9) are not described yet --> |
--execute-only is enabled by default. In order of development: arm64, |
| |
riscv64, hppa, amd64, powerpc64, powerpc (G5 only), octeon. sparc64 |
| <li>Implemented a --executable-only option in <a href="https://man.openbsd.org/ld.bfd.1">ld.bfd(1)</a>. |
(sun4u only, unfinished). |
| |
<li>On all architectures which lack hardware-enforcement of xonly, |
| <li>Changed <a href="https://man.openbsd.org/ld.so.1">ld.so(1)</a> |
system calls are now prevented from reading (via <a |
| to map certain regions of memory as immutable when loading shared |
href="https://man.openbsd.org/copyin.9">copyin(9)</a>/copyinst) |
| libraries. |
inside the program's main text, ld.so text, sigtramp text, or libc.so |
| |
text. |
| |
<li>can still benefit from switching to --execute-only binaries if the |
| |
cpu generates different traps for instruction-fetch versus data-fetch. |
| |
The VM system will not allow memory to be read before it was executed |
| |
which is valuable together with library relinking. Architectures |
| |
switched over include loongson. |
| |
<li><a href="https://man.openbsd.org/ld.so.1">ld.so(1)</a> and crt0 |
| |
register the location of the <a |
| |
href="https://man.openbsd.org/execve.2">execve(2)</a> stub with the |
| |
kernel using pinsyscall(2), after which the kernel only accepts an |
| |
execve call from that specific location. |
| <li>Added <a href="https://man.openbsd.org/execve.2">execve(2)</a> |
<li>Added <a href="https://man.openbsd.org/execve.2">execve(2)</a> |
| violations of <a |
violations of <a |
| href="https://man.openbsd.org/pinsyscall.2">pinsyscall(2)</a> policy |
href="https://man.openbsd.org/pinsyscall.2">pinsyscall(2)</a> policy |
| to the daily mail, available by setting rc.conf.local(5) |
to the daily mail, available by setting rc.conf.local(5) |
| accounting=YES. |
accounting=YES. |
| <li>Added retguard to amd64 syscalls. |
<li>Added retguard (consistency-check the return address on the |
| |
stack) to amd64 syscalls. |
| <li>Randomly relink and install <a |
<li>sshd random relinking at boot: Randomly relink and install <a |
| href="https://man.openbsd.org/sshd.8">sshd(8)</a> on boot, resulting |
href="https://man.openbsd.org/sshd.8">sshd(8)</a>, resulting |
| in a sshd with unknown address layout after every reboot. |
in a sshd binary with unknown address layout after every reboot. |
| |
|
| <li>Add another mitigation against classic BROP on systems without |
<li>Add another mitigation against classic BROP on systems without |
| execute-only mmu hardware-enforcement. A range-checking wrapper in |
execute-only mmu hardware-enforcement. A range-checking wrapper in |
| front of copyin() and copyinstr() ensures the userland source address |
front of <a href="https://man.openbsd.org/copyin.9">copyin(9)</a> and |
| doesn't overlap the main program text and other text segments, thereby |
href="https://man.openbsd.org/copyinstr.9">copyinstr(9)</a> ensures |
| making this address ranges unreadable to the kernel. No programs have |
the userland source address doesn't overlap the main program text and |
| been discovered which require reading their own text segments with a |
other text segments, thereby making this address ranges unreadable to |
| system call. |
the kernel. No programs have been discovered which require reading |
| |
their own text segments with a system call. |
| <li>On arm64, introduce mitigation of the Spectre-BHB (Branch |
<li>On arm64, introduce mitigation of the Spectre-BHB (Branch |
| History Injection) CPU vulnerability by using core-specific trampoline |
History Injection) CPU vulnerability by using core-specific trampoline |
| vectors. |
vectors. |
| |
<li>Enabled the arm64 Data Independent Timing (DIT) feature in both the kernel and |
| <li>Tightened the <a |
userland on CPUs that support it to mitigate timing side-channel |
| href="https://man.openbsd.org/pledge.2">pledge(2)</a> after <a |
|
| href="https://man.openbsd.org/ssh.1">ssh(1)</a> session establishment. |
|
| |
|
| <li>Enabled the Data Independent Timing (DIT) feature in both the kernel and |
|
| userland on arm64 CPUs that support it to mitigate timing side-channel |
|
| attacks. |
attacks. |
| |
|
| </ul> |
</ul> |
| |
|
| <li>Changes in the network stack: |
<li>Changes in the network stack: |
|
|
| configuring IPv6. This allows non-multicast interfaces such as |
configuring IPv6. This allows non-multicast interfaces such as |
| point-to-point interfaces and the NBMA / point-to-multipoint |
point-to-point interfaces and the NBMA / point-to-multipoint |
| interfaces like mpe(4), mgre(4) and wg(4) to work with IPv6. |
interfaces like mpe(4), mgre(4) and wg(4) to work with IPv6. |
| |
|
| <li>Use the new <a |
<li>Use the new <a |
| href="https://man.openbsd.org/getnsecruntime.9">getnsecruntime(9)</a> |
href="https://man.openbsd.org/getnsecruntime.9">getnsecruntime(9)</a> |
| timer to check the TCP_KEEPALIVE timer only against the system |
timer to check the TCP_KEEPALIVE timer only against the system |
| runtime, not the uptime. Prevents TCP connections to fail after |
runtime, not the uptime. Prevents TCP connections to fail after |
| wakeing up from suspend. |
wakeing up from suspend. |
| |
|
| |
|
| <li>Used stoeplitz (symmetric Toeplitz hash algorithm) to generate a |
<li>Used stoeplitz (symmetric Toeplitz hash algorithm) to generate a |
| hash/flowid for <a href="https://man.openbsd.org/pf.4">pf(4)</a> state |
hash/flowid for <a href="https://man.openbsd.org/pf.4">pf(4)</a> state |
| keys. With this change, pf will hash traffic the same way that |
keys. With this change, pf will hash traffic the same way that |
|
|
| queues too. using the same algorithm throughout the stack encourages |
queues too. using the same algorithm throughout the stack encourages |
| affinity of packets to rings and softnet threads the whole way |
affinity of packets to rings and softnet threads the whole way |
| through. |
through. |
| |
|
| <li>Prevented possible kernel crashes by dropping TCP packets with |
<li>Prevented possible kernel crashes by dropping TCP packets with |
| destination port 0 in <a href="https://man.openbsd.org/pf.4">pf(4)</a> |
destination port 0 in <a href="https://man.openbsd.org/pf.4">pf(4)</a> |
| and the stack. |
and the stack. |
| |
|
| <li>Fixed a endian swap bug causing problems with <a |
<li>Fixed a endian swap bug causing problems with <a |
| href="https://man.openbsd.org/vlan.4">vlans(4)</a> on <a |
href="https://man.openbsd.org/vlan.4">vlans(4)</a> on <a |
| href="https://man.openbsd.org/em.4">em(4)</a> sparc64 systems. |
href="https://man.openbsd.org/em.4">em(4)</a> sparc64 systems. |
|
|
| half second even if there is nothing to read. By default this buffer |
half second even if there is nothing to read. By default this buffer |
| is infinite and must be filled to become readable. |
is infinite and must be filled to become readable. |
| <li>Avoided enabling TSO on interfaces which are already attached to a bridge. |
<li>Avoided enabling TSO on interfaces which are already attached to a bridge. |
| |
|
| </ul> |
</ul> |
| |
|
| <li>Routing daemons and other userland network improvements: |
<li>Routing daemons and other userland network improvements: |
|
|
| <li>When decoding and validating an individual RPKI file using filemode |
<li>When decoding and validating an individual RPKI file using filemode |
| (rpki-client -f file), display the optional CMS signing-time, and |
(rpki-client -f file), display the optional CMS signing-time, and |
| non-optional X.509 notBefore, and X.509 notAfter timestamps. |
non-optional X.509 notBefore, and X.509 notAfter timestamps. |
| </ul> |
|
| |
|
| <li>In <a href="https://man.openbsd.org/snmpd.8">snmpd(8)</a>, |
|
| <ul> |
|
| <!-- XXX --> |
|
| </ul> |
</ul> |
| |
|
| <li>Switched <a href="https://man.openbsd.org/tftpd.8">tftpd(8)</a> to |
<li>Switched <a href="https://man.openbsd.org/tftpd.8">tftpd(8)</a> to |
![[BACK]](/icons/back.gif){kind=icon}
Return to 73.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www