OpenBSD Journal
Home : : Add Story : : Archives : : About : : Create Account : : Login :
Kernel W^X extended to i386
Contributed by tbert on Thu Aug 27 07:44:22 2015 (GMT)
from the 32-bits-of-randomness dept.

As mentioned back in January, Mike Larkin (mlarkin@) has been working on improving W^X protections in the OpenBSD kernel. The bulk of the work was focused on the amd64 architecture, but he recently committed similar support for the i386 architecture as well.

CVSROOT:	/cvs
Module name:	src
Changes by:	mlarkin@cvs.openbsd.org	2015/08/24 22:57:32

Modified files:
	sys/arch/i386/i386: locore.s pmap.c pmapae.c

Log message:
Enforce kernel w^x policy by properly setting NX (as needed) for
kernel text, PTEs, .rodata, data, bss and the symbol regions. This has
been in snaps for a while with no reported fallout.

The APTE space and MP/ACPI trampolines will be fixed next.

ok deraadt@

Thanks for keeping us 32bit users up to date as well, Mike!
[topicsecurity]

<< OpenBSD 5.8, Another Song | Reply | Flattened | Expanded | Removal of SSLv3 from LibreSSL >>

Threshold: Help

Related Links
more by tbert


[ Home | Add Story | Archives | Polls | About ]

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. Some icons from slashdot.org used with permission from Kathleen. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. Search engine is ht://Dig. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]