version 1.114, 2024/01/22 19:06:01 |
version 1.115, 2024/01/22 23:23:35 |
|
|
executed which is valuable together with library relinking. |
executed which is valuable together with library relinking. |
Architectures switched over include loongson. |
Architectures switched over include loongson. |
Theo de Raadt, Feb 2023. |
Theo de Raadt, Feb 2023. |
<li>ld.so and crt0 register the location of the execve(2) stub with |
<li>ld.so and crt0 register the location of the |
the kernel using pinsyscall(2), after which the kernel only accepts |
<a href="https://man.openbsd.org/execve.2">execve(2)</a> |
an execve call from that specific location. Theo de Raadt, Feb 2023. |
libc syscall stub with the kernel using |
Made redundant by pinsyscalls(2) which handles all system calls. |
<a href="https://man.openbsd.org/pinsyscall.2">pinsyscall(2)</a>, |
|
after which the kernel only accepts an execve call from that |
|
specific location. Theo de Raadt, Feb 2023. Made redundant by |
|
<a href="https://man.openbsd.org/pinsyscalls.2">pinsyscalls(2)</a> |
|
which handles all system calls. |
<li>Mandatory enforcement of indirect branch targets (BTI on arm64, |
<li>Mandatory enforcement of indirect branch targets (BTI on arm64, |
IBT on Intel amd64), unless a linker flag (-Wl,-z,nobtcfi) requests |
IBT on Intel amd64), unless a linker flag (-Wl,-z,nobtcfi) requests |
no enforcement. |
no enforcement. |
<li>The kernel and ld.so register the precise entry location of every |
<li>The kernel and ld.so register the precise entry location of |
system call used by a program, as described in the new ELF section |
every system call used by a program, as described in the |
<b>.openbsd.syscalls</b> inside ld.so and libc.so. ld.so uses the |
new ELF section <b>.openbsd.syscalls</b> inside ld.so and |
new syscall pinsyscalls(2) to tell the kernel where libc.so the |
libc.so. ld.so uses the new syscall |
precise entry location of system calls. Since all syscall entries |
<a href="https://man.openbsd.org/pinsyscalls.2">pinsyscalls(2)</a> |
are now known to the kernel, the pininsyscall(SYS_execve) interface |
to tell the kernel where libc.so the precise entry location |
becomes redundant. Theo de Raadt, Jan 2024. |
of system calls. Since all syscall entries are now known |
|
to the kernel, the pininsyscall(SYS_execve) interface becomes |
|
redundant. Theo de Raadt, Jan 2024. |
</ul> |
</ul> |
|
|
<h3>Functions</h3> |
<h3>Functions</h3> |