zlacker

[return to "OpenBSD: Removing syscall(2) from libc and kernel"]
1. tiffan+Mr[view] [source] 2023-10-27 17:33:06
>>eclipt+(OP)
Can someone explain the significance.
◧◩
2. monoca+Fw[view] [source] 2023-10-27 17:56:59
>>tiffan+Mr
OpenBSD has been putting in a lot of work lately to harden the syscall ABI; a large component of that work has been constricting how a syscall is invoked from user space as a defense in depth technique to make shell code style exploits more difficult. That's previously taken the form of techniques like only allowing syscalls to be invoked from the libc .text section.

This work is removing a very indirect morph of syscall where the arguments/sysnum are in a struct in memory, making it harder for exploits to invoke weird versions of syscalls on their own terms.

◧◩◪
3. eikenb+O01[view] [source] 2023-10-27 20:36:23
>>monoca+Fw
Why aren't these changes made in kernel to keep the syscall ABI standardized and safe instead of requiring the use of an unsafe language wrapper? We should be discouraging more use of unsafe languages, not forcing it.
◧◩◪◨
4. samus+272[view] [source] 2023-10-28 07:05:20
>>eikenb+O01
The C ABI doesn't necessarily force you to use C. Maybe to turn some pesky macros into proper functions. Bury the bindings deep in the language's stdlib. Done.

Under the hood, it's all assembly language instructions invoking an operating system written in C. Operating systems care very much about types, but can't offer type safety. Programming languages can.

[go to top]