===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/innovations.html,v
retrieving revision 1.80
retrieving revision 1.81
diff -c -r1.80 -r1.81
*** www/innovations.html 2019/06/01 22:54:16 1.80
--- www/innovations.html 2019/06/01 23:12:48 1.81
***************
*** 129,135 ****
(sigreturn(2)
oriented programming) mitigation: attacks researched by
Eric Bosman
! and Herbert Bos in 2014, solution implemented by Theo de Raadt in May 2016,
enabled by default since OpenBSD 6.0.
Library order randomization:
In rc(8), re-link
--- 129,135 ----
(sigreturn(2)
oriented programming) mitigation: attacks researched by
Eric Bosman
! and Herbert Bos in 2014, solution implemented by Theo de Raadt in May 2016,
enabled by default since OpenBSD 6.0.
Library order randomization:
In rc(8), re-link
***************
*** 164,170 ****
innaccurately target gadgets. These NOP sequences are converted into
trap sequences where possible. Todd Mortimer and Theo de Raadt, June
2017.
! Kernel relinking at boot:
the .o files of the kernel are relinked in random order from a
link-kit, before every reboot. This provides substantial interior
randomization in the kernel's text and data segments for layout and
--- 164,170 ----
innaccurately target gadgets. These NOP sequences are converted into
trap sequences where possible. Todd Mortimer and Theo de Raadt, June
2017.
! Kernel relinking at boot:
the .o files of the kernel are relinked in random order from a
link-kit, before every reboot. This provides substantial interior
randomization in the kernel's text and data segments for layout and
***************
*** 172,178 ****
kernel boot, similar to the userland fork+exec model described above
but for the kernel. Theo de Raadt, June 2017.
! Rearranged i386/amd64 register allocator order in
clang(1)
to reduce polymorphic RET instructions:
Todd Mortimer, November 20, 2017.
--- 172,178 ----
kernel boot, similar to the userland fork+exec model described above
but for the kernel. Theo de Raadt, June 2017.
! Rearranged i386/amd64 register allocator order in
clang(1)
to reduce polymorphic RET instructions:
Todd Mortimer, November 20, 2017.
***************
*** 181,187 ****
embedded polymorphic RET instructions. Enhancements to
clang(1)
Todd Mortimer, April 28, 2018 and onwards.
! MAP_STACK addition to
mmap(2)
allows opportunistic verification that the stack-register
points at stack memory, therefore catching pivots to non-stack
--- 181,187 ----
embedded polymorphic RET instructions. Enhancements to
clang(1)
Todd Mortimer, April 28, 2018 and onwards.
! MAP_STACK addition to
mmap(2)
allows opportunistic verification that the stack-register
points at stack memory, therefore catching pivots to non-stack
***************
*** 192,198 ****
.openbsd.randomdata section) to consistency-check the
return address on the stack. Implemented for AMD64 and ARM64
by Todd Mortimer in OpenBSD 6.4.
! MAP_CONCEAL addition to
mmap(2)
disallows memory pages to be written to core dumps, preventing
accidental exposure of private information.
--- 192,198 ----
.openbsd.randomdata section) to consistency-check the
return address on the stack. Implemented for AMD64 and ARM64
by Todd Mortimer in OpenBSD 6.4.
! MAP_CONCEAL addition to
mmap(2)
disallows memory pages to be written to core dumps, preventing
accidental exposure of private information.
***************
*** 562,568 ****
ping(8):
Restructured to include IPv6 functionality and maintained by Florian Obser.
The separate
! ping6(8)
was superseded on September 17, 2016,
and the new, combined version was released with OpenBSD 6.1.
xenodm(1):
--- 562,568 ----
ping(8):
Restructured to include IPv6 functionality and maintained by Florian Obser.
The separate
! ping6(8)
was superseded on September 17, 2016,
and the new, combined version was released with OpenBSD 6.1.
xenodm(1):