Contributed by rueda on from the pinning-for-the-fjords dept.
Theo de Raadt (deraadt@)
has committed (to -current) the remaining parts required to get
pinsyscalls(2)
working in anger.
The commits were:
- This,
CVSROOT: /cvs Module name: src Changes by: deraadt@cvs.openbsd.org 2024/01/16 12:05:01 Modified files: sys/sys : exec.h proc.h syscall_mi.h sys/kern : exec_elf.c kern_exec.c kern_exit.c kern_fork.c sys/uvm : uvm_map.c uvm_map.h uvm_mmap.c Log message: The kernel will now read pinsyscall tables out of PT_OPENBSD_SYSCALLS in the main program or ld.so, and accept a submission of that information for libc.so from ld.so via pinsyscalls(2). At system call invocation, the syscall number is matched to the specific address it must come from. ok kettenis, gnezdo, testing of variations by many people
- this,
CVSROOT: /cvs Module name: src Changes by: deraadt@cvs.openbsd.org 2024/01/16 12:07:31 Modified files: libexec/ld.so : library.c library_mquery.c loader.c resolve.c resolve.h Log message: Read PT_OPENBSD_SYSCALLS in libc.so, and convert it to a table for pinsyscalls(2). ok kettenis
- and this:
CVSROOT: /cvs Module name: src Changes by: deraadt@cvs.openbsd.org 2024/01/16 12:08:37 Modified files: bin/ps : print.c ps.1 Log message: print flag 'l' for base program or ld.so being under pinsyscalls enforcement, and 'L' for libc.so. This flag printing may be deleted once we are entirely confident this is working correctly. ok kettenis
This means, once again, that if you feel up to it, it is time to grab the most recent snapshot and test intensively, reporting back any problems or oddities you may encounter.
(Comments are closed)
By Will Backman (24.198.178.58) on
Thank you for posting these updates, and for the incentive to give the latest snapshot a try.