===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/innovations.html,v
retrieving revision 1.96
retrieving revision 1.97
diff -u -r1.96 -r1.97
--- www/innovations.html	2022/07/14 02:31:14	1.96
+++ www/innovations.html	2022/12/09 17:11:41	1.97
@@ -203,6 +203,16 @@
     <li>System calls may only be performed from selected code regions
         (main program, ld.so, libc.so, and sigtramp).
 	Theo de Raadt, November 28, 2019.
+    <li>Permissions (RWX, MAP_STACK, etc) on address space regions can be
+	made immutable, so that <a href="https://man.openbsd.org/mmap.2">mmap(2)</a>,
+	<a href="https://man.openbsd.org/mprotect.2">mprotect(2)</a> or
+	<a href="https://man.openbsd.org/munmap.2">munmap(2)</a> fail with
+	EPERM. Most of the program static address space is now automatically
+	immutable (main program, ld.so, main stack, load-time shared libraries,
+	and dlopen()'d libraries mapped without RTLD_NODELETE).  Programmers
+	can request non-immutable static data using the "openbsd.mutable" section,
+	or manually bring immutability to (page aligned heap objects) using
+	<a href="https://man.openbsd.org/mimmutable.2">mimmutable(2)</a>.
 </ul>
 
 <h3>Functions</h3>