version 1.35, 2016/08/15 02:22:07 |
version 1.36, 2016/09/14 06:32:57 |
|
|
violate it if the executable is marked with <tt>PT_OPENBSD_WXNEEDED</tt> |
violate it if the executable is marked with <tt>PT_OPENBSD_WXNEEDED</tt> |
and it is located on a filesystem mounted with the <tt>wxallowed</tt> |
and it is located on a filesystem mounted with the <tt>wxallowed</tt> |
<a href="http://man.openbsd.org/mount.8">mount(8)</a> option. |
<a href="http://man.openbsd.org/mount.8">mount(8)</a> option. |
|
<li>GOT and PLT protection by ld.so: first done as part of the W^X |
|
work in OpenBSD 3.3, by Dale Rahn and Theo de Raadt. |
|
The GOT and PLT regions are read-only outside of ld.so itself. |
|
Extended to the .init/.fini sections (constructors and destructors) |
|
in OpenBSD 3.4. |
<li>ASLR: OpenBSD 3.4 was the first widely used operating system to |
<li>ASLR: OpenBSD 3.4 was the first widely used operating system to |
provide it by default. |
provide it by default. |
<li><a href="http://man.openbsd.org/OpenBSD-current/man1/gcc-local.1">gcc-local(1)</a> |
<li><a href="http://man.openbsd.org/OpenBSD-current/man1/gcc-local.1">gcc-local(1)</a> |
|
|
<tt>libc.so</tt> on startup, placing the objects in a random order. |
<tt>libc.so</tt> on startup, placing the objects in a random order. |
Theo de Raadt and Robert Peichaer, May 2016, |
Theo de Raadt and Robert Peichaer, May 2016, |
enabled by default since OpenBSD 6.0. |
enabled by default since OpenBSD 6.0. |
|
<li>Kernel-assisted lazy binding for W^X safety in multi-threaded programs. |
|
A new syscall <a href="http://man.openbsd.org/kbind.2">kbind(2)</a> |
|
permits lazy-binding to be W^X safe in multi-threaded programs. |
|
Implemented for OpenBSD 5.9 by Philip Guenther in July 2015. |
|
<li>Process layouts in memory tightened to remove execute permission from |
|
all separate, non-instruction data and to remove write permission from |
|
data that is only modified during loading and relocation. |
|
By combining the RELRO (Read-Only after Relocation) design by the |
|
GNU project with the original ASLR work from OpenBSD 3.3 and |
|
strict lazy-binding work from OpenBSD 5.9, this is applied to not |
|
just a subset of programs and libraries but rather to all programs |
|
and libraries. |
|
Implemented for OpenBSD 6.1 by Philip Guenther in August 2016. |
</ul> |
</ul> |
|
|
<h3>Functions</h3> |
<h3>Functions</h3> |