version 1.53, 2017/10/09 16:02:38 |
version 1.54, 2017/10/12 17:02:16 |
|
|
protection against address space discovery attacks. Implemented first by |
protection against address space discovery attacks. Implemented first by |
Damien Miller (<a href="https://man.openbsd.org/OpenBSD-current/man8/sshd.8">sshd(8)</a> 2004), Claudio Jeker (<a href="https://man.openbsd.org/OpenBSD-current/man8/bgpd.8">bgpd(8)</a>, 2015), Eric Faurot (<a href="https://man.openbsd.org/OpenBSD-current/man8/smtpd.8">smtpd(8)</a>, 2016), |
Damien Miller (<a href="https://man.openbsd.org/OpenBSD-current/man8/sshd.8">sshd(8)</a> 2004), Claudio Jeker (<a href="https://man.openbsd.org/OpenBSD-current/man8/bgpd.8">bgpd(8)</a>, 2015), Eric Faurot (<a href="https://man.openbsd.org/OpenBSD-current/man8/smtpd.8">smtpd(8)</a>, 2016), |
Rafael Zalamena (various, 2016), and others. |
Rafael Zalamena (various, 2016), and others. |
<li>trapsleds: Reduction of incidental nop instructions/sequences in the |
<li>trapsleds: Reduction of incidental NOP instructions/sequences in the |
instruction stream which could be useful potentially for ROP attack methods |
instruction stream which could be useful potentially for ROP attack methods |
to innaccurately target gadgets. These nops sequences are converted into |
to innaccurately target gadgets. These NOP sequences are converted into |
trap sequences where possible. Todd Mortimer and Theo de Raadt, June 2017. |
trap sequences where possible. Todd Mortimer and Theo de Raadt, June 2017. |
<li>The .o files of the kernel are relinked in random order from a link-kit, |
<li>The .o files of the kernel are relinked in random order from a link-kit, |
before every reboot. This provides substantial interior randomization in |
before every reboot. This provides substantial interior randomization in |