[$] OpenBSD system-call-origin verification

A new mechanism to help thwart return-orientedprogramming (ROP) and similar attacks has recently been added to theOpenBSD kernel. It will block system calls that are not made via the Clibrary (libc) system-call wrappers. Instead of being able to stringtogether some "gadgets" that make a system call directly, an attacker wouldneed to be able to call the wrapper, which is normally at a randomized location.