| version 1.96, 2022/07/14 02:31:14 |
version 1.97, 2022/12/09 17:11:41 |
|
|
| <li>System calls may only be performed from selected code regions |
<li>System calls may only be performed from selected code regions |
| (main program, ld.so, libc.so, and sigtramp). |
(main program, ld.so, libc.so, and sigtramp). |
| Theo de Raadt, November 28, 2019. |
Theo de Raadt, November 28, 2019. |
| |
<li>Permissions (RWX, MAP_STACK, etc) on address space regions can be |
| |
made immutable, so that <a href="https://man.openbsd.org/mmap.2">mmap(2)</a>, |
| |
<a href="https://man.openbsd.org/mprotect.2">mprotect(2)</a> or |
| |
<a href="https://man.openbsd.org/munmap.2">munmap(2)</a> fail with |
| |
EPERM. Most of the program static address space is now automatically |
| |
immutable (main program, ld.so, main stack, load-time shared libraries, |
| |
and dlopen()'d libraries mapped without RTLD_NODELETE). Programmers |
| |
can request non-immutable static data using the "openbsd.mutable" section, |
| |
or manually bring immutability to (page aligned heap objects) using |
| |
<a href="https://man.openbsd.org/mimmutable.2">mimmutable(2)</a>. |
| </ul> |
</ul> |
| |
|
| <h3>Functions</h3> |
<h3>Functions</h3> |
![[BACK]](/icons/back.gif){kind=icon}
Return to innovations.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www