Contributed by tbert on from the 32-bits-of-randomness dept.
As mentioned back in January, Mike Larkin (mlarkin@) has been working on improving W^X protections in the OpenBSD kernel. The bulk of the work was focused on the amd64 architecture, but he recently committed similar support for the i386 architecture as well.
CVSROOT: /cvs Module name: src Changes by: email@example.com 2015/08/24 22:57:32 Modified files: sys/arch/i386/i386: locore.s pmap.c pmapae.c Log message: Enforce kernel w^x policy by properly setting NX (as needed) for kernel text, PTEs, .rodata, data, bss and the symbol regions. This has been in snaps for a while with no reported fallout. The APTE space and MP/ACPI trampolines will be fixed next. ok deraadt@
Thanks for keeping us 32bit users up to date as well, Mike!
(Comments are closed)