version 1.104, 2023/02/01 19:12:06 |
version 1.105, 2023/02/03 06:37:51 |
|
|
the perspective of userland reading its own memory, or the kernel |
the perspective of userland reading its own memory, or the kernel |
trying to read memory in a system call. Many sloppy practices in |
trying to read memory in a system call. Many sloppy practices in |
userland code had to be repaired to allow this. The linker option |
userland code had to be repaired to allow this. The linker option |
--execute-only is enabled by default. In order of development: arm64, |
<b>--execute-only<b> is enabled by default. In order of development: arm64, |
riscv64, hppa, octeon, sparc64 (sun4u only), amd64, powerpc64, |
riscv64, hppa, octeon, sparc64 (sun4u only), amd64, powerpc64, |
powerpc (G5 only). |
powerpc (G5 only). |
Mark Kettenis, Theo de Raadt, Visa Hankala, Miod Vallat, |
Mark Kettenis, Theo de Raadt, Visa Hankala, Miod Vallat, |
|
|
Theo Buehler, Robert Nagy, Christian Weisgerber in ports. |
Theo Buehler, Robert Nagy, Christian Weisgerber in ports. |
Dec 2022 - Feb 2023, still ongoing. |
Dec 2022 - Feb 2023, still ongoing. |
<li>On all architectures which lack hardware-enforcement of xonly, |
<li>On all architectures which lack hardware-enforcement of xonly, |
prevent system-call reading (via copyin/copyinst) of the program's |
system calls are now prevented from reading (via copyin/copyinst) |
main text, ld.so text, sigtramp text, or libc.so text. |
inside the program's main text, ld.so text, sigtramp text, or |
|
libc.so text. |
Theo de Raadt, Jan 2023. |
Theo de Raadt, Jan 2023. |
|
<li>Architectures which lack xonly mmu-enforcement can still benefit |
|
from switching to --execute-only binaries if the cpu generates |
|
different traps for instruction-fetch versus data-fetch. The |
|
VM system will not allowed momeory to be read before it was |
|
executed which is valuable together with library relinking. |
|
Architectures switched over include sparc64 (sun4v), loongson. |
|
Theo de Raadt, Feb 2023. |
</ul> |
</ul> |
|
|
<h3>Functions</h3> |
<h3>Functions</h3> |