www/innovations.html - diff

Return to innovations.html CVS log

Up to [local] / www

version 1.116, 2024/02/12 05:39:58

version 1.117, 2024/04/02 08:45:41

Line 202

system-calls can no longer be performed from PROT_WRITE memory.

Theo de Raadt, June 2, 2019.

<li>System calls may only be performed from selected code regions

(main program, ld.so, libc.so, and sigtramp).

(main program, ld.so, libc.so, and sigtramp). The libc.so region

Theo de Raadt, November 28, 2019.

Theo de Raadt, November 28, 2019.<br>

This mechanism was removed because later work on immutable memory +

pinned system calls was even better.

<li>Permissions (RWX, MAP_STACK, etc) on address space regions can be

made immutable, so that <a href="https://man.openbsd.org/mmap.2">mmap(2)</a>,

Line 259

Line 262

to tell the kernel the precise entry location of system calls in libc.so.

Since all syscall entries are now known to the kernel, the

pininsyscall(SYS_execve) interface becomes redundant.

also becomes redundant (and is removed a bit later), because immutable

memory + pinsyscalls together are cheaper and more effective targetting.

Theo de Raadt, Jan 2024.

</ul>