OpenBSD's Kernel Gets W^X Treatment On Amd64

New submitter brynet tips this news from Theo de Raadt: Over the last two months Mike Larkin (mlarkin@) modified the amd64 kernel to follow the W^X principles. It started as a humble exercise to fix the .rodata segment, and kind of went crazy. As a result, no part of the kernel address space is writeable and executable simultaneously. At least that is the idea, modulo mistakes. Final attention to detail (which some of you experienced in buggy drafts in snapshots) was to make the MP and ACPI trampolines follow W^X, furthermore they are unmapped when not required. Final picture is many architectures were improved, but amd64 and sparc64 look the best due to MMU features available to service the W^X model. The entire safety model is also improved by a limited form of kernel ASLR (the code segment does not move around yet, but data and page table ASLR is fairly good."

Re:most of you will pretend you understand

[drinkypoo]

Actually, I was just thinking that this was a relatively penetrable summary. It tells me so much, I don't even need to R TFA.

No rant from Theo

[frambris]

I expected a long rant from TdR. I was disappointed.

Re:No rant from Theo

[rnws]

GNU or Gnome?

Re:No rant from Theo

[fahrbot-bot]

I expected a long rant from TdR. I was disappointed.

He had write permission on the email so his rant couldn't execute.

Re:most of you will pretend you understand

My guess is 80% of you will get about 20% of what this email is saying, but you'll post on here like you know it all.
Search your feelings, you know it to be true. /reflections of myself about 15 years ago. //Modulo mistakes... cute

20% is still more than Theo De Raadt wanted anyone else to understand. So, I call it a win.