www/75.html - diff

Return to 75.html CVS log

Up to [local] / www

Diff for /www/75.html between version 1.34 and 1.35

-version 1.34, 2024/03/31 21:47:37
+version 1.35, 2024/03/31 22:31:43
 Line 420
 Line 420
 Line 420
  <li>Security improvements:
    <ul>
+   <li>Introduce pinsyscalls(2): The kernel and <a
+         href="https://man.openbsd.org/ld.so.1">ld.so(1)</a> register the
+         precise entry location of every system call used by a program, as
+         described in the new ELF section .openbsd.syscalls inside ld.so and
+         libc.so. ld.so uses the new syscall <a
+         href="https://man.openbsd.org/pinsyscalls.2">pinsyscalls(2)</a> to
+         tell the kernel the precise entry location of system calls in
+         libc.so.<br>
+       Attempting to use a different system call entry instruction to
+         perform a non-corresponding system call operation will fail and the
+         process will be terminated with signal SIGABRT.
+   <li>Removed support for <a
+         href="https://man.openbsd.org/syscall.2">syscall(2)</a>, the
+         "indirection system call," a dangerous alternative entry point for all
+         system calls.<br>
+       Together with <a
+         href="https://man.openbsd.org/pinsyscalls.2">pinsyscalls(2)</a> this
+         change makes it ipmpossible to perform system call through any other
+         way than the libc system cann wrapper functions.<br<
+       Users of syscall(2), such as Perl and the Go programming
+         languange were converted to use the libc functions.
    <li>Added <a href="https://man.openbsd.org/pledge.2">pledge(2)</a>
          stdio before parsing pfkey messages to <a
          href="https://man.openbsd.org/ipsecctl.8">ipsecctl(8)</a> -m and -s.
-   <li>Tightened <a href="https://man.openbsd.org/pax.1">pax(1)</a> <a
+   <li>Tightened the <a
-         href="https://man.openbsd.org/pledge.2">pledge(2)</a> in List and
+         href="https://man.openbsd.org/pledge.2">pledge(2)</a> in <a
-         Append modes.
+         href="https://man.openbsd.org/pax.1">pax(1)</a> in List and Append
-   <li>Created __OpenBSD versions of llvm cxa guard implementation using
+         modes.
-         futex() with the correct number of arguments and without using <a
+   <li>Created __OpenBSD versions of llvm cxa guard implementation
+         using <a href="https://man.openbsd.org/futex.2">futex(2)</a> with the
+         correct number of arguments and without using <a
          href="https://man.openbsd.org/syscall.2">syscall(2)</a>.
-   <li>Removed support for <a
+   <li>Improvements in Pointer Authentication (PAC) and Branch Target
-         href="https://man.openbsd.org/syscall.2">syscall(2)</a>, the
+         Identification (BTI) on arm64.
-         "indirection system call," a dangerous alternative entry point for all
-         system calls and incompatible with the precision system call entry
-         point scheme a.k.a. <a href="https://man.openbsd.org/pinsyscalls.2">pinsyscalls(2)</a>
-   <li>Enable BTI and PAC again on arm64.
-   <li><a style="color:red;" href="https://man.openbsd.org/pinsyscalls.2">pinsyscalls(2)</a>
    </ul>
  <li>Changes in the network stack:
-Line 516
+Line 532
 Line 516
 Line 532
    <li>In <a href="https://man.openbsd.org/bgpd.8">bgpd(8)</a>,
    <ul>
-   <li>...
+     <li>Rewrite the internal message passing mechanism to use a new
+         memory-safe API.
+     <li>Rewrite most protocol parsers to use the new memory-safe API.
+         Convert the UPDATE parser, all of RTR, as well as both the MRT dump
+         code in bgpd and the parser in bgpctl.
+     <li>Improve RTR logging, error handling and version negotiation.
    </ul>
    <li><a href="https://man.openbsd.org/rpki-client.8">rpki-client(8)</a> saw these and more changes: