OpenBSD Journal

pinsyscalls(2) working in anger

Contributed by rueda on from the pinning-for-the-fjords dept.

Theo de Raadt (deraadt@) has committed (to -current) the remaining parts required to get pinsyscalls(2) working in anger.

The commits were:

  1. This,
    CVSROOT:	/cvs
    Module name:	src
    Changes by:	2024/01/16 12:05:01
    Modified files:
    	sys/sys        : exec.h proc.h syscall_mi.h 
    	sys/kern       : exec_elf.c kern_exec.c kern_exit.c kern_fork.c 
    	sys/uvm        : uvm_map.c uvm_map.h uvm_mmap.c 
    Log message:
    The kernel will now read pinsyscall tables out of PT_OPENBSD_SYSCALLS in
    the main program or, and accept a submission of that information
    for from via pinsyscalls(2).  At system call invocation,
    the syscall number is matched to the specific address it must come from.
    ok kettenis, gnezdo, testing of variations by many people
  2. this,
    CVSROOT:	/cvs
    Module name:	src
    Changes by:	2024/01/16 12:07:31
    Modified files:
    	libexec/  : library.c library_mquery.c loader.c resolve.c 
    Log message:
    Read PT_OPENBSD_SYSCALLS in, and convert it to a table for
    ok kettenis
  3. and this:
    CVSROOT:	/cvs
    Module name:	src
    Changes by:	2024/01/16 12:08:37
    Modified files:
    	bin/ps         : print.c ps.1 
    Log message:
    print flag 'l' for base program or being under pinsyscalls enforcement,
    and 'L' for  This flag printing may be deleted once we are entirely
    confident this is working correctly.
    ok kettenis

This means, once again, that if you feel up to it, it is time to grab the most recent snapshot and test intensively, reporting back any problems or oddities you may encounter.

(Comments are closed)

  1. By Will Backman ( on

    Thank you for posting these updates, and for the incentive to give the latest snapshot a try.


Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]