diff options
| author |   deraadt <deraadt@openbsd.org> | 2020-10-15 16:30:21 +0000 |
|---|---|---|
| committer | deraadt <deraadt@openbsd.org> | 2020-10-15 16:30:21 +0000 |
| commit | 2bc3a8c076b486ad5cb1adf52ac1373fba054b0a (patch) | |
| tree | 06ae83440149f8e2a0f25702b3e01f4bf7e55e65 /lib/csu/powerpc64 | |
| parent | sys/kernel.h: remove dead externs: tickfix, tixfixinterval, tickdelta, ... (diff) | |
| download | wireguard-openbsd-2bc3a8c076b486ad5cb1adf52ac1373fba054b0a.tar.xz wireguard-openbsd-2bc3a8c076b486ad5cb1adf52ac1373fba054b0a.zip | |
crt0 MD _dl_exit() performs syscall to SYS_exit directly, but then
some of these functions were returning. That makes the +1word address
a fairly strong and easily located gadget. Put a hard-trap
instruction after the syscall. This remains a gadget for 'terminal
system' calls (such as execve), but hey that's why we have pledge w/o
"exec" throughout the tree.
Quite surprisingly, hppa's delay-slot load of SYS_exit makes it the
safest of the bunch, not that this helps anyone.
ok kettenis
Diffstat (limited to 'lib/csu/powerpc64')
| -rw-r--r-- | lib/csu/powerpc64/md_init.h | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/csu/powerpc64/md_init.h b/lib/csu/powerpc64/md_init.h index 3fa2ab118e6..e2054bd5754 100644 --- a/lib/csu/powerpc64/md_init.h +++ b/lib/csu/powerpc64/md_init.h @@ -1,4 +1,4 @@ -/* $OpenBSD: md_init.h,v 1.3 2020/10/14 22:11:19 deraadt Exp $ */ +/* $OpenBSD: md_init.h,v 1.4 2020/10/15 16:30:23 deraadt Exp $ */ /* * Copyright (c) 2020 Dale Rahn <drahn@openbsd.org> @@ -116,5 +116,5 @@ __asm( \ "_dl_exit: \n" \ " li %r0, " STR(SYS_exit) " \n" \ " sc \n" \ -" blr \n" \ +" .long 0 # illegal \n" \ ) |