zlacker

[return to "OpenBSD: Removing syscall(2) from libc and kernel"]
1. tiffan+Mr[view] [source] 2023-10-27 17:33:06
>>eclipt+(OP)
Can someone explain the significance.
◧◩
2. monoca+Fw[view] [source] 2023-10-27 17:56:59
>>tiffan+Mr
OpenBSD has been putting in a lot of work lately to harden the syscall ABI; a large component of that work has been constricting how a syscall is invoked from user space as a defense in depth technique to make shell code style exploits more difficult. That's previously taken the form of techniques like only allowing syscalls to be invoked from the libc .text section.

This work is removing a very indirect morph of syscall where the arguments/sysnum are in a struct in memory, making it harder for exploits to invoke weird versions of syscalls on their own terms.

◧◩◪
3. kracke+bj1[view] [source] 2023-10-27 22:17:15
>>monoca+Fw
But aren't shellcode style exploits already fairly rare with W^X, so most end up using return-to-libc style attacks? Wouldn't CFI be a much better solution?
◧◩◪◨
4. saagar+ce2[view] [source] 2023-10-28 08:53:08
>>kracke+bj1
OpenBSD users mostly don’t use systems with strong hardware CFI, so they make do with stuff like this.
[go to top]