version 1.96, 2022/07/14 02:31:14 |
version 1.97, 2022/12/09 17:11:41 |
|
|
<li>System calls may only be performed from selected code regions |
<li>System calls may only be performed from selected code regions |
(main program, ld.so, libc.so, and sigtramp). |
(main program, ld.so, libc.so, and sigtramp). |
Theo de Raadt, November 28, 2019. |
Theo de Raadt, November 28, 2019. |
|
<li>Permissions (RWX, MAP_STACK, etc) on address space regions can be |
|
made immutable, so that <a href="https://man.openbsd.org/mmap.2">mmap(2)</a>, |
|
<a href="https://man.openbsd.org/mprotect.2">mprotect(2)</a> or |
|
<a href="https://man.openbsd.org/munmap.2">munmap(2)</a> fail with |
|
EPERM. Most of the program static address space is now automatically |
|
immutable (main program, ld.so, main stack, load-time shared libraries, |
|
and dlopen()'d libraries mapped without RTLD_NODELETE). Programmers |
|
can request non-immutable static data using the "openbsd.mutable" section, |
|
or manually bring immutability to (page aligned heap objects) using |
|
<a href="https://man.openbsd.org/mimmutable.2">mimmutable(2)</a>. |
</ul> |
</ul> |
|
|
<h3>Functions</h3> |
<h3>Functions</h3> |