===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/innovations.html,v
retrieving revision 1.53
retrieving revision 1.54
diff -c -r1.53 -r1.54
*** www/innovations.html 2017/10/09 16:02:38 1.53
--- www/innovations.html 2017/10/12 17:02:16 1.54
***************
*** 464,472 ****
protection against address space discovery attacks. Implemented first by
Damien Miller (sshd(8) 2004), Claudio Jeker (bgpd(8), 2015), Eric Faurot (smtpd(8), 2016),
Rafael Zalamena (various, 2016), and others.
! trapsleds: Reduction of incidental nop instructions/sequences in the
instruction stream which could be useful potentially for ROP attack methods
! to innaccurately target gadgets. These nops sequences are converted into
trap sequences where possible. Todd Mortimer and Theo de Raadt, June 2017.
The .o files of the kernel are relinked in random order from a link-kit,
before every reboot. This provides substantial interior randomization in
--- 464,472 ----
protection against address space discovery attacks. Implemented first by
Damien Miller (sshd(8) 2004), Claudio Jeker (bgpd(8), 2015), Eric Faurot (smtpd(8), 2016),
Rafael Zalamena (various, 2016), and others.
! trapsleds: Reduction of incidental NOP instructions/sequences in the
instruction stream which could be useful potentially for ROP attack methods
! to innaccurately target gadgets. These NOP sequences are converted into
trap sequences where possible. Todd Mortimer and Theo de Raadt, June 2017.
The .o files of the kernel are relinked in random order from a link-kit,
before every reboot. This provides substantial interior randomization in