diff options
| author |   visa <visa@openbsd.org> | 2017-06-08 11:47:24 +0000 |
|---|---|---|
| committer | visa <visa@openbsd.org> | 2017-06-08 11:47:24 +0000 |
| commit | a6a40f7b8a0a2f6821bbe92b3c7ef0f679da1498 (patch) | |
| tree | dc4a5721ad669a71a5a344fa1b22c1f4e7788e68 /usr.bin/mandoc/man_term.c | |
| parent | Invoke openssl with -passin file rather than -key in ca_revoke(). (diff) | |
| download | wireguard-openbsd-a6a40f7b8a0a2f6821bbe92b3c7ef0f679da1498.tar.xz wireguard-openbsd-a6a40f7b8a0a2f6821bbe92b3c7ef0f679da1498.zip | |
Split early startup code out of locore.S into locore0.S. Adjust link
run so that this locore0.o is always at the start of the executable.
But randomize the link order of all other .o files in the kernel, so
that their exec/rodata/data/bss segments land all over the place.
Late during kernel boot, smash the startup code with traps so that
it does not point to the other randomly placed code. It has be smashed,
because sgi runs in the kseg0 or xkphys space.
As a result, the internal layout of every newly build bsd kernel is
different from past kernels. Internal relative offsets are not known
to an outside attacker.
Ramdisk kernels cannot be compiled like this, because they are gzip'd.
When the internal pointer references change, the compression dictionary
bloats and results in poorer compression.
Diffstat (limited to 'usr.bin/mandoc/man_term.c')
0 files changed, 0 insertions, 0 deletions