===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/innovations.html,v
retrieving revision 1.96
retrieving revision 1.97
diff -c -r1.96 -r1.97
*** www/innovations.html 2022/07/14 02:31:14 1.96
--- www/innovations.html 2022/12/09 17:11:41 1.97
***************
*** 203,208 ****
--- 203,218 ----
System calls may only be performed from selected code regions
(main program, ld.so, libc.so, and sigtramp).
Theo de Raadt, November 28, 2019.
+ Permissions (RWX, MAP_STACK, etc) on address space regions can be
+ made immutable, so that mmap(2),
+ mprotect(2) or
+ munmap(2) fail with
+ EPERM. Most of the program static address space is now automatically
+ immutable (main program, ld.so, main stack, load-time shared libraries,
+ and dlopen()'d libraries mapped without RTLD_NODELETE). Programmers
+ can request non-immutable static data using the "openbsd.mutable" section,
+ or manually bring immutability to (page aligned heap objects) using
+ mimmutable(2).
Functions