| version 1.113, 2023/09/01 22:17:57 |
version 1.114, 2024/01/22 19:06:01 |
|
|
| <li>ld.so and crt0 register the location of the execve(2) stub with |
<li>ld.so and crt0 register the location of the execve(2) stub with |
| the kernel using pinsyscall(2), after which the kernel only accepts |
the kernel using pinsyscall(2), after which the kernel only accepts |
| an execve call from that specific location. Theo de Raadt, Feb 2023. |
an execve call from that specific location. Theo de Raadt, Feb 2023. |
| |
Made redundant by pinsyscalls(2) which handles all system calls. |
| <li>Mandatory enforcement of indirect branch targets (BTI on arm64, |
<li>Mandatory enforcement of indirect branch targets (BTI on arm64, |
| IBT on Intel amd64), unless a linker flag (-Wl,-z,nobtcfi) requests |
IBT on Intel amd64), unless a linker flag (-Wl,-z,nobtcfi) requests |
| no enforcement. |
no enforcement. |
| |
<li>The kernel and ld.so register the precise entry location of every |
| |
system call used by a program, as described in the new ELF section |
| |
<b>.openbsd.syscalls</b> inside ld.so and libc.so. ld.so uses the |
| |
new syscall pinsyscalls(2) to tell the kernel where libc.so the |
| |
precise entry location of system calls. Since all syscall entries |
| |
are now known to the kernel, the pininsyscall(SYS_execve) interface |
| |
becomes redundant. Theo de Raadt, Jan 2024. |
| </ul> |
</ul> |
| |
|
| <h3>Functions</h3> |
<h3>Functions</h3> |
![[BACK]](/icons/back.gif){kind=icon}
Return to innovations.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www