pinsyscalls(2) work summarized by Theo de Raadt

Contributed by Peter N. M. Hansteen on 2024-01-28 from the safely pinned dept.

In a post to tech@, Theo de Raadt (deraadt@) summarizes the multi-year effort to make certain attack vectors unavailable on OpenBSD:

Subject:    pinsyscalls(2)
From:       "Theo de Raadt" <deraadt () openbsd ! org>
Date:       2024-01-28 20:20:59

pinsyscalls(2) has gone into the tree without too much difficulty, and no
issues are currently known.

None of this could have been possible without help from a few groups of
people.

- gnezdo@ and others for early on reviewing the ports tree and removing (or
  at least reducing) calls to syscall(2)
- afresh1@, who followed my guidance and over 6 months wrote a syscall(2)
  emulator inside perl
- But most of all -- jsing@, who went through multiple iterations inside
  the go ecosystem to (1) force it to use libc system call stubs, which
  permitted msyscall(2), and (2) incrementally remove use of syscall(2)
  inside go and go libraries.

The direct-syscalls-inside-the-binary model used by go (and only go, noone
else in the history of the unix software does this) provided the biggest
resistance against this effort.

Start to end, this took 5 years.

Together with library relinking, this makes some specific low-level attack
methods unfeasable on OpenBSD, which will force the use of other methods.
Hopefuly those other methods are more difficult, or also harmed by library
relinking and other changes we've made.

This is all about removing avenues, and forcing attackers to use other
methods which are hopefully more challenging.

If you're not on -current, this is a preview of what to look forward to in the upcoming OpenBSD 7.5 release.

(Comments are closed)

Latest Articles

Fri, Apr 26
- 08:33 Passphrase timeout for disk decryption at boot added (potential battery lifesaver) (2)
Wed, Apr 24
- 04:35 Game of Trees 0.98 released (2)
Tue, Apr 23
- 05:25 pfctl(8) and systat(8) to display fragment reassembly statistics (0)
Thu, Apr 18
- 05:05 Coming soon to a -current system near you: parallel raw IP input (0)
Wed, Apr 17
- 05:33 In -current, default write format for tar(1) changed to "pax" (12)
Wed, Apr 10
- 18:50 OpenSMTPD 7.5.0p0 Released (2)
Tue, Apr 09
- 04:49 20 years since "and we're just starting": undeadly.org turns 20 (2024-04-09) (13)
Fri, Apr 05
- 06:16 OpenBSD 7.5 released (3)
Thu, Mar 28
- 18:18 LibreSSL 3.8.4 and 3.9.1 released (0)

Credits

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]