openbsd.randomdata became RO in userland due to the RELRO work. We should - wireguard-openbsd - WireGuard implementation for the OpenBSD kernel

diff options

author	deraadt <deraadt@openbsd.org>	2016-09-01 09:05:52 +0000
committer	deraadt <deraadt@openbsd.org>	2016-09-01 09:05:52 +0000
commit	e0b1a45a9cc16ee535e94f774a4e7d2fed58f47c (patch)
tree	b03c3cc4e59142b5da1a710e1fed37658b28a3f4 /sys/lib/libkern
parent	Avoid mapping the vector page W\|X. Map it using PROT_READ\|PROT_WRITE (diff)
download	wireguard-openbsd-e0b1a45a9cc16ee535e94f774a4e7d2fed58f47c.tar.xz wireguard-openbsd-e0b1a45a9cc16ee535e94f774a4e7d2fed58f47c.zip

openbsd.randomdata became RO in userland due to the RELRO work. We should

also do so in the kernel, which gains us RO ssp cookie, which will prevent spraying attacks. The random layer was openbsd.randomdata annotating working entropy/chacha buffers which in turn required them to be RW. To make that work again, so we need to copy RO seeds to RW working buffers, and later clear the RO seed buffers afterwards using a temporary RW mapping. help & ok kettenis, ok guenther

Diffstat (limited to 'sys/lib/libkern')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: