|
|
|
|
|
|
by brynet
812 days ago
|
|
|
> ARM64 has execute-only support so that it's possible for code to execute, but not read, a text segment. OpenBSD does xonly by default on multiple architectures (arm64, risc-v, ... g5 powerpc), including even amd64 on recent Intel/AMD CPUs supporting MPK/PKU: https://marc.info/?l=openbsd-cvs&m=167423045918820&w=2 On machines that lack hardware-enforcement, at least on CPUs that can differentiate between traps for instruction-fetch and data-fetch, there is still benefit: https://marc.info/?l=openbsd-cvs&m=167517831914525&w=2 (msyscall(2) part is now handled by pinsyscalls in -current) |
|
|