| version 1.114, 2024/01/22 19:06:01 |
version 1.115, 2024/01/22 23:23:35 |
|
|
| executed which is valuable together with library relinking. |
executed which is valuable together with library relinking. |
| Architectures switched over include loongson. |
Architectures switched over include loongson. |
| Theo de Raadt, Feb 2023. |
Theo de Raadt, Feb 2023. |
| <li>ld.so and crt0 register the location of the execve(2) stub with |
<li>ld.so and crt0 register the location of the |
| the kernel using pinsyscall(2), after which the kernel only accepts |
<a href="https://man.openbsd.org/execve.2">execve(2)</a> |
| an execve call from that specific location. Theo de Raadt, Feb 2023. |
libc syscall stub with the kernel using |
| Made redundant by pinsyscalls(2) which handles all system calls. |
<a href="https://man.openbsd.org/pinsyscall.2">pinsyscall(2)</a>, |
| |
after which the kernel only accepts an execve call from that |
| |
specific location. Theo de Raadt, Feb 2023. Made redundant by |
| |
<a href="https://man.openbsd.org/pinsyscalls.2">pinsyscalls(2)</a> |
| |
which handles all system calls. |
| <li>Mandatory enforcement of indirect branch targets (BTI on arm64, |
<li>Mandatory enforcement of indirect branch targets (BTI on arm64, |
| IBT on Intel amd64), unless a linker flag (-Wl,-z,nobtcfi) requests |
IBT on Intel amd64), unless a linker flag (-Wl,-z,nobtcfi) requests |
| no enforcement. |
no enforcement. |
| <li>The kernel and ld.so register the precise entry location of every |
<li>The kernel and ld.so register the precise entry location of |
| system call used by a program, as described in the new ELF section |
every system call used by a program, as described in the |
| <b>.openbsd.syscalls</b> inside ld.so and libc.so. ld.so uses the |
new ELF section <b>.openbsd.syscalls</b> inside ld.so and |
| new syscall pinsyscalls(2) to tell the kernel where libc.so the |
libc.so. ld.so uses the new syscall |
| precise entry location of system calls. Since all syscall entries |
<a href="https://man.openbsd.org/pinsyscalls.2">pinsyscalls(2)</a> |
| are now known to the kernel, the pininsyscall(SYS_execve) interface |
to tell the kernel where libc.so the precise entry location |
| becomes redundant. Theo de Raadt, Jan 2024. |
of system calls. Since all syscall entries are now known |
| |
to the kernel, the pininsyscall(SYS_execve) interface becomes |
| |
redundant. Theo de Raadt, Jan 2024. |
| </ul> |
</ul> |
| |
|
| <h3>Functions</h3> |
<h3>Functions</h3> |
![[BACK]](/icons/back.gif){kind=icon}
Return to innovations.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www