Article 6FXPC Removing syscall() from OpenBSD

Removing syscall() from OpenBSD

by
corbet
from LWN.net on (#6FXPC)
For a view into the OpenBSD approach to security, see this message fromTheo de Raadt, where he describes a plan to remove the syscall() system call(which allows the invocation of any available system call by providing itsnumber) from the kernel. The purpose, of course, is to make it harder foran attacker to invoke an arbitrary system call, even if they are able torun some code on the target system.

I hope I am forcing attack coders into using increasingly more complicated methods. Same time, it means fewer methods are available. Other methods make exploitation more fragile. This is pushing success rates into "low-percent statistical" success. If we teach more software stacks to "fail hard, don't try to recover", that is an improvement in security.
External Content
Source RSS or Atom Feed
Feed Location http://lwn.net/headlines/rss
Feed Title LWN.net
Feed Link https://lwn.net/
Reply 0 comments