[BACK]Return to innovations.html CVS log [TXT][DIR] Up to [local] / www

Diff for /www/innovations.html between version 1.80 and 1.81

version 1.80, 2019/06/01 22:54:16 version 1.81, 2019/06/01 23:12:48
Line 129 
Line 129 
         (<a href="https://man.openbsd.org/sigreturn.2">sigreturn(2)</a>          (<a href="https://man.openbsd.org/sigreturn.2">sigreturn(2)</a>
         oriented programming) mitigation: attacks researched by          oriented programming) mitigation: attacks researched by
         <a href="http://www.cs.vu.nl/~herbertb/papers/srop_sp14.pdf">Eric Bosman</a>          <a href="http://www.cs.vu.nl/~herbertb/papers/srop_sp14.pdf">Eric Bosman</a>
         and Herbert Bos in 2014, solution implemented by Theo de Raadt in May 2016,          and Herbert Bos in 2014, solution implemented by Theo de Raadt in May 2016,
         enabled by default since OpenBSD 6.0.          enabled by default since OpenBSD 6.0.
     <li><strong>Library order randomization</strong>:      <li><strong>Library order randomization</strong>:
         In <a href="https://man.openbsd.org/rc.8">rc(8)</a>, re-link          In <a href="https://man.openbsd.org/rc.8">rc(8)</a>, re-link
Line 164 
Line 164 
         innaccurately target gadgets. These NOP sequences are converted into          innaccurately target gadgets. These NOP sequences are converted into
         trap sequences where possible. Todd Mortimer and Theo de Raadt, June          trap sequences where possible. Todd Mortimer and Theo de Raadt, June
         2017.          2017.
     <li><strong>Kernel relinking at boot</strong>:      <li><strong>Kernel relinking at boot</strong>:
         the .o files of the kernel are relinked in random order from a          the .o files of the kernel are relinked in random order from a
         link-kit, before every reboot. This provides substantial interior          link-kit, before every reboot. This provides substantial interior
         randomization in the kernel's text and data segments for layout and          randomization in the kernel's text and data segments for layout and
Line 172 
Line 172 
         kernel boot, similar to the userland fork+exec model described above          kernel boot, similar to the userland fork+exec model described above
         but for the kernel.  Theo de Raadt, June 2017.          but for the kernel.  Theo de Raadt, June 2017.
     <li>      <li>
         Rearranged i386/amd64 register allocator order in          Rearranged i386/amd64 register allocator order in
         <a href="https://man.openbsd.org/clang.1">clang(1)</a>          <a href="https://man.openbsd.org/clang.1">clang(1)</a>
         to reduce polymorphic RET instructions:          to reduce polymorphic RET instructions:
         Todd Mortimer, November 20, 2017.          Todd Mortimer, November 20, 2017.
Line 181 
Line 181 
         embedded polymorphic RET instructions.  Enhancements to          embedded polymorphic RET instructions.  Enhancements to
         <a href="https://man.openbsd.org/clang.1">clang(1)</a>          <a href="https://man.openbsd.org/clang.1">clang(1)</a>
         Todd Mortimer, April 28, 2018 and onwards.          Todd Mortimer, April 28, 2018 and onwards.
     <li><b>MAP_STACK</b> addition to      <li><b>MAP_STACK</b> addition to
         <a href="https://man.openbsd.org/mmap.2">mmap(2)</a>          <a href="https://man.openbsd.org/mmap.2">mmap(2)</a>
         allows opportunistic verification that the stack-register          allows opportunistic verification that the stack-register
         points at stack memory, therefore catching pivots to non-stack          points at stack memory, therefore catching pivots to non-stack
Line 192 
Line 192 
         <b>.openbsd.randomdata</b> section) to consistency-check the          <b>.openbsd.randomdata</b> section) to consistency-check the
         return address on the stack.  Implemented for AMD64 and ARM64          return address on the stack.  Implemented for AMD64 and ARM64
         by Todd Mortimer in OpenBSD 6.4.          by Todd Mortimer in OpenBSD 6.4.
     <li><b>MAP_CONCEAL</b> addition to      <li><b>MAP_CONCEAL</b> addition to
         <a href="https://man.openbsd.org/mmap.2">mmap(2)</a>          <a href="https://man.openbsd.org/mmap.2">mmap(2)</a>
         disallows memory pages to be written to core dumps, preventing          disallows memory pages to be written to core dumps, preventing
         accidental exposure of private information.          accidental exposure of private information.
Line 562 
Line 562 
     <li><a href="https://man.openbsd.org/ping.8">ping(8)</a>:      <li><a href="https://man.openbsd.org/ping.8">ping(8)</a>:
         Restructured to include IPv6 functionality and maintained by Florian Obser.          Restructured to include IPv6 functionality and maintained by Florian Obser.
         The separate          The separate
         <a href="https://man.openbsd.org/OpenBSD-6.0/ping6.8">ping6(8)</a>          <a href="https://man.openbsd.org/OpenBSD-6.0/ping6.8">ping6(8)</a>
         was superseded on September 17, 2016,          was superseded on September 17, 2016,
         and the new, combined version was released with OpenBSD 6.1.          and the new, combined version was released with OpenBSD 6.1.
     <li><a href="https://man.openbsd.org/xenodm.1">xenodm(1)</a>:      <li><a href="https://man.openbsd.org/xenodm.1">xenodm(1)</a>:
Legend:
Removed from v.1.80  
changed lines
  Added in v.1.81