| version 1.52, 2023/04/08 10:56:51 |
version 1.53, 2023/04/08 11:05:00 |
|
|
| --execute-only is enabled by default. In order of development: arm64, |
--execute-only is enabled by default. In order of development: arm64, |
| riscv64, hppa, amd64, powerpc64, powerpc (G5 only), octeon, and sparc64 |
riscv64, hppa, amd64, powerpc64, powerpc (G5 only), octeon, and sparc64 |
| (sun4u only; unfinished). |
(sun4u only; unfinished). |
| <li>On all architectures which lack hardware-enforcement of xonly, |
|
| system calls are now prevented from reading (via <a |
|
| href="https://man.openbsd.org/copyin.9">copyin(9)</a>/copyinst) |
|
| inside the program's main text, ld.so text, sigtramp text, or libc.so |
|
| text. |
|
| <li>These can still benefit from switching to --execute-only binaries if the |
<li>These can still benefit from switching to --execute-only binaries if the |
| cpu generates different traps for instruction-fetch versus data-fetch. |
cpu generates different traps for instruction-fetch versus data-fetch. |
| The VM system will not allow memory to be read before it was executed |
The VM system will not allow memory to be read before it was executed |
![[BACK]](/icons/back.gif){kind=icon}
Return to 73.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www