| version 1.43, 2017/03/15 15:57:59 |
version 1.44, 2017/03/15 19:24:58 |
|
|
| Originally written by Lennart Augustsson in 1997, |
Originally written by Lennart Augustsson in 1997, |
| rewritten and maintained by Alexandre Ratchov since June 21, 2016 |
rewritten and maintained by Alexandre Ratchov since June 21, 2016 |
| and first released with OpenBSD 6.0. |
and first released with OpenBSD 6.0. |
| <li><a href="http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/switchd/">switchd(8)</a>, |
<li><a href="http://man.openbsd.org/switchd.8">switchd(8)</a>, |
| <a href="http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/switchctl/">switchctl(8)</a>: |
<a href="http://man.openbsd.org/switchctl.8">switchctl(8)</a>: |
| Written and maintained by Reyk Floeter. |
Written and maintained by Reyk Floeter. |
| Imported July 19, 2016; to be released with OpenBSD 6.1. |
Imported July 19, 2016; to be released with OpenBSD 6.1. |
| |
<li><a href="http://man.openbsd.org/acme-client.1">acme-client(1)</a>: |
| |
Written by Kristaps Dzonsons, improved by Florian Obser, |
| |
Sebastian Benoit, Joel Sing, Theo de Raadt, and others. |
| |
Imported August 31, 2017; to be released with OpenBSD 6.1. |
| |
<li><a href="http://man.openbsd.org/syspatch.8">syspatch(8)</a>: |
| |
Written and maintained by Antoine Jacoutot. |
| |
Imported September 5, 2016; to be released with OpenBSD 6.1. |
| |
<li><a href="http://man.openbsd.org/ping.8">ping(8)</a>: |
| |
Restructured to include IPv6 functionality and maintained by Florian Obser. |
| |
The separate |
| |
<a href="http://man.openbsd.org/OpenBSD-6.0/ping6.8">ping6(8)</a> |
| |
was superseded on September 17, 2016, |
| |
and the new, combined version will be released with OpenBSD 6.1. |
| |
<li><a href="http://man.openbsd.org/xenodm.1">xenodm(1)</a>: |
| |
Cleaned-up fork of |
| |
<a href="http://man.openbsd.org/OpenBSD-6.0/xdm.1">xdm(1)</a> |
| |
maintained by Matthieu Herrb. |
| |
Imported October 23, 2016; to be released with OpenBSD 6.1. |
| </ul> |
</ul> |
| |
|
| <h3>Concepts</h3> |
<h3>Concepts</h3> |
|
|
| system to enable it systemwide by default. |
system to enable it systemwide by default. |
| <li>W^X: First used for sparc, sparc64, alpha, and hppa in OpenBSD 3.3. |
<li>W^X: First used for sparc, sparc64, alpha, and hppa in OpenBSD 3.3. |
| Strictly enforced by default since OpenBSD 6.0: a program can only |
Strictly enforced by default since OpenBSD 6.0: a program can only |
| violate it if the executable is marked with <tt>PT_OPENBSD_WXNEEDED</tt> |
violate it if the executable is marked with <code>PT_OPENBSD_WXNEEDED</code> |
| and it is located on a filesystem mounted with the <tt>wxallowed</tt> |
and it is located on a filesystem mounted with the <code>wxallowed</code> |
| <a href="http://man.openbsd.org/mount.8">mount(8)</a> option. |
<a href="http://man.openbsd.org/mount.8">mount(8)</a> option. |
| <li>GOT and PLT protection by ld.so: first done as part of the W^X |
<li>GOT and PLT protection by ld.so: first done as part of the W^X |
| work in OpenBSD 3.3, by Dale Rahn and Theo de Raadt. |
work in OpenBSD 3.3, by Dale Rahn and Theo de Raadt. |
|
|
| enabled by default since OpenBSD 6.0. |
enabled by default since OpenBSD 6.0. |
| <li>C library order randomization: |
<li>C library order randomization: |
| In <a href="http://man.openbsd.org/rc.8">rc(8)</a>, re-link |
In <a href="http://man.openbsd.org/rc.8">rc(8)</a>, re-link |
| <tt>libc.so</tt> on startup, placing the objects in a random order. |
<code>libc.so</code> on startup, placing the objects in a random order. |
| Theo de Raadt and Robert Peichaer, May 2016, |
Theo de Raadt and Robert Peichaer, May 2016, |
| enabled by default since OpenBSD 6.0. |
enabled by default since OpenBSD 6.0. |
| <li>Kernel-assisted lazy-binding for W^X safety in multi-threaded programs. |
<li>Kernel-assisted lazy-binding for W^X safety in multi-threaded programs. |
![[BACK]](/icons/back.gif){kind=icon}
Return to innovations.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www