pinning all system calls

Contributed by rueda on 2023-12-09 from the pincall-wizard dept.

Theo de Raadt (deraadt@) posted to tech@ regarding restrictions on the addresses from which system calls can be made.

In addition to providing background, the post contains information (and a patch) for an imminent change - the introduction of a new syscall, pinsyscalls(2) [link not working at the time of writing because change not yet committed], which specifies the addresses from which individual system calls are permitted.

pinsyscalls(2) will be called only from the shared library linker, ld.so(1).

(Comments are closed)

Comments

By Jorden Verwer (82.217.51.248) on 2023-12-10 22:25

Actually, it's pinsyscall, not pinsyscalls. That's also why the link to the man page doesn't work.
Comments
1. By brynet (Brynet) brynet@openbsd.org on 2023-12-10 22:39 https://brynet.ca/
  
  No, pinsyscall(2) was the previous iteration that was for execve(2) only. The new system call is pinsyscalls(2), and is for all system calls. It has not been committed, hence no man page, but it in the mail sent by deraadt@.
  
  ...
  +.Sh NAME
  +.Nm pinsyscalls
  +.Nd pin system call entry to precise positions in the address space
2. By rueda (rueda) on 2023-12-10 22:39 https://www.openbsdfoundation.org/donations.html
  
  No (sorry!). If you read the patch attached to Theo's post, you'll see that pinsyscalls(2) is new and distinct.
3. By Jorden Verwer (46.22.182.224) on 2023-12-18 14:50
  
  Ah yes, you are both right. I only read the running text of the email, not the patch. The patch mentions pinsyscalls, but the description only mentions pinsyscall. Obviously the patch is what really matters. Apologies for the confusion!

Latest Articles

Fri, Apr 26
- 08:33 Passphrase timeout for disk decryption at boot added (potential battery lifesaver) (2)
Wed, Apr 24
- 04:35 Game of Trees 0.98 released (3)
Tue, Apr 23
- 05:25 pfctl(8) and systat(8) to display fragment reassembly statistics (0)
Thu, Apr 18
- 05:05 Coming soon to a -current system near you: parallel raw IP input (0)
Wed, Apr 17
- 05:33 In -current, default write format for tar(1) changed to "pax" (17)
Wed, Apr 10
- 18:50 OpenSMTPD 7.5.0p0 Released (2)
Tue, Apr 09
- 04:49 20 years since "and we're just starting": undeadly.org turns 20 (2024-04-09) (13)
Fri, Apr 05
- 06:16 OpenBSD 7.5 released (3)
Thu, Mar 28
- 18:18 LibreSSL 3.8.4 and 3.9.1 released (0)

Credits

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]