=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/innovations.html,v retrieving revision 1.35 retrieving revision 1.36 diff -c -r1.35 -r1.36 *** www/innovations.html 2016/08/15 02:22:07 1.35 --- www/innovations.html 2016/09/14 06:32:57 1.36 *************** *** 383,388 **** --- 383,393 ---- violate it if the executable is marked with PT_OPENBSD_WXNEEDED and it is located on a filesystem mounted with the wxallowed mount(8) option. +

GOT and PLT protection by ld.so: first done as part of the W^X + work in OpenBSD 3.3, by Dale Rahn and Theo de Raadt. + The GOT and PLT regions are read-only outside of ld.so itself. + Extended to the .init/.fini sections (constructors and destructors) + in OpenBSD 3.4.

ASLR: OpenBSD 3.4 was the first widely used operating system to provide it by default.

gcc-local(1) *************** *** 409,414 **** --- 414,432 ---- libc.so on startup, placing the objects in a random order. Theo de Raadt and Robert Peichaer, May 2016, enabled by default since OpenBSD 6.0. +

Kernel-assisted lazy binding for W^X safety in multi-threaded programs. + A new syscall kbind(2) + permits lazy-binding to be W^X safe in multi-threaded programs. + Implemented for OpenBSD 5.9 by Philip Guenther in July 2015. +

Process layouts in memory tightened to remove execute permission from + all separate, non-instruction data and to remove write permission from + data that is only modified during loading and relocation. + By combining the RELRO (Read-Only after Relocation) design by the + GNU project with the original ASLR work from OpenBSD 3.3 and + strict lazy-binding work from OpenBSD 5.9, this is applied to not + just a subset of programs and libraries but rather to all programs + and libraries. + Implemented for OpenBSD 6.1 by Philip Guenther in August 2016.

Functions