Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenBSD's Kernel Gets W^X Treatment On Amd64

Posted by Soulskill on from the write-stuff dept.

New submitter brynet tips this news from Theo de Raadt: Over the last two months Mike Larkin (mlarkin@) modified the amd64 kernel to follow the W^X principles. It started as a humble exercise to fix the .rodata segment, and kind of went crazy. As a result, no part of the kernel address space is writeable and executable simultaneously. At least that is the idea, modulo mistakes. Final attention to detail (which some of you experienced in buggy drafts in snapshots) was to make the MP and ACPI trampolines follow W^X, furthermore they are unmapped when not required. Final picture is many architectures were improved, but amd64 and sparc64 look the best due to MMU features available to service the W^X model. The entire safety model is also improved by a limited form of kernel ASLR (the code segment does not move around yet, but data and page table ASLR is fairly good."

7 of 84 comments (clear)

  1. Re:most of you will pretend you understand by mwvdlee · · Score: 5, Insightful

    The summary could use a bit of translation, instead of merely copying content off a maillist post intended for a very specific group of kernel specialists using slang terminology.

    --
    Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
  2. Re:most of you will pretend you understand by Z00L00K · · Score: 4, Insightful

    If you have a need to get something translated maybe it's worth to look it up.

    Everyone is so used to get everything served on a plate these days that when the need arises they are completely lost in how to dig for information.

    I see this as a nice teaser that isn't dumbed-down.

    --
    If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
  3. Re:Status on other UNIX like kernels by Nikademus · · Score: 4, Insightful

    Except that only userland benefitted from that till now.
    Now it's even for the kernel, that's the news here.

    --
    I gave up with the idea of an useful sig...
  4. Very disturbed by tag "writeorexecute" by sideslash · · Score: 4, Insightful

    C'mon, people, it's writexorexecute, as in "xor" as in "exclusive or". Write or execute is exactly what they're trying to avoid.

    Never bothered learning how to tag stuff or contribute to tags on Slashdot, so just ranting here. Thank you, that is all.

  5. Re:most of you will pretend you understand by mwvdlee · · Score: 1, Insightful

    How do I translate "trampoline" without reading the entire freakin' maillist history?
    This is slang and you won't find the intended meaning it in a dictionary.

    --
    Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
  6. Re:most of you will pretend you understand by Anonymous Coward · · Score: 5, Insightful

    I don't know, it's not like there is some sort of free services out there that could help you find the explanation without parsing the whole list.

    https://en.wikipedia.org/wiki/Trampoline_%28computing%29

  7. Re:most of you will pretend you understand by Darinbob · · Score: 4, Insightful

    Mmm, it made sense to me, but then I work at low levels of code. I do find it somewhat strange though that the criticism is basically that it's too nerdy. I'm quite happy to see more nerd postings and fewer Dice fluff. Stories that go over the heads of the masses is what Slashdot should be about.

    This is nothing new, there have been articles with absolutely impenetrable jargon and ideas before when discussing high level web oriented stuff or scripting, but since so many readers these days work in such areas that they don't complain. So I have to look up what jquery is, it's not a problem, so others who call themselves nerds should be content to look up with W^X means.