pinsyscalls(2) working in anger

by
from OpenBSD Journal on (#6HYGM)

Theo de Raadt (deraadt@)has committed (to -current) the remaining parts required to getpinsyscalls(2)working in anger.

The commits were:

  1. This,
    CVSROOT:/cvsModule name:srcChanges by:deraadt@cvs.openbsd.org2024/01/16 12:05:01Modified files:sys/sys : exec.h proc.h syscall_mi.h sys/kern : exec_elf.c kern_exec.c kern_exit.c kern_fork.c sys/uvm : uvm_map.c uvm_map.h uvm_mmap.c Log message:The kernel will now read pinsyscall tables out of PT_OPENBSD_SYSCALLS inthe main program or ld.so, and accept a submission of that informationfor libc.so from ld.so via pinsyscalls(2). At system call invocation,the syscall number is matched to the specific address it must come from.ok kettenis, gnezdo, testing of variations by many people
  2. this,
    CVSROOT:/cvsModule name:srcChanges by:deraadt@cvs.openbsd.org2024/01/16 12:07:31Modified files:libexec/ld.so : library.c library_mquery.c loader.c resolve.c resolve.h Log message:Read PT_OPENBSD_SYSCALLS in libc.so, and convert it to a table forpinsyscalls(2).ok kettenis
  3. and this:
    CVSROOT:/cvsModule name:srcChanges by:deraadt@cvs.openbsd.org2024/01/16 12:08:37Modified files:bin/ps : print.c ps.1 Log message:print flag 'l' for base program or ld.so being under pinsyscalls enforcement,and 'L' for libc.so. This flag printing may be deleted once we are entirelyconfident this is working correctly.ok kettenis

This means, once again, that if you feel up to it, it is time to grab the most recent snapshot and test intensively, reporting back any problems or oddities you may encounter.

External Content
Source RSS or Atom Feed
Feed Location http://undeadly.org/cgi?action=rss
Feed Title OpenBSD Journal
Feed Link http://undeadly.org/
Reply 0 comments