===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/innovations.html,v
retrieving revision 1.35
retrieving revision 1.36
diff -c -r1.35 -r1.36
*** www/innovations.html 2016/08/15 02:22:07 1.35
--- www/innovations.html 2016/09/14 06:32:57 1.36
***************
*** 383,388 ****
--- 383,393 ----
violate it if the executable is marked with PT_OPENBSD_WXNEEDED
and it is located on a filesystem mounted with the wxallowed
mount(8) option.
+
GOT and PLT protection by ld.so: first done as part of the W^X
+ work in OpenBSD 3.3, by Dale Rahn and Theo de Raadt.
+ The GOT and PLT regions are read-only outside of ld.so itself.
+ Extended to the .init/.fini sections (constructors and destructors)
+ in OpenBSD 3.4.
ASLR: OpenBSD 3.4 was the first widely used operating system to
provide it by default.
gcc-local(1)
***************
*** 409,414 ****
--- 414,432 ----
libc.so on startup, placing the objects in a random order.
Theo de Raadt and Robert Peichaer, May 2016,
enabled by default since OpenBSD 6.0.
+ Kernel-assisted lazy binding for W^X safety in multi-threaded programs.
+ A new syscall kbind(2)
+ permits lazy-binding to be W^X safe in multi-threaded programs.
+ Implemented for OpenBSD 5.9 by Philip Guenther in July 2015.
+ Process layouts in memory tightened to remove execute permission from
+ all separate, non-instruction data and to remove write permission from
+ data that is only modified during loading and relocation.
+ By combining the RELRO (Read-Only after Relocation) design by the
+ GNU project with the original ASLR work from OpenBSD 3.3 and
+ strict lazy-binding work from OpenBSD 5.9, this is applied to not
+ just a subset of programs and libraries but rather to all programs
+ and libraries.
+ Implemented for OpenBSD 6.1 by Philip Guenther in August 2016.
Functions