OpenBSD's Kernel Gets W^X Treatment On Amd64

New submitter brynet tips this news from Theo de Raadt: Over the last two months Mike Larkin (mlarkin@) modified the amd64 kernel to follow the W^X principles. It started as a humble exercise to fix the .rodata segment, and kind of went crazy. As a result, no part of the kernel address space is writeable and executable simultaneously. At least that is the idea, modulo mistakes. Final attention to detail (which some of you experienced in buggy drafts in snapshots) was to make the MP and ACPI trampolines follow W^X, furthermore they are unmapped when not required. Final picture is many architectures were improved, but amd64 and sparc64 look the best due to MMU features available to service the W^X model. The entire safety model is also improved by a limited form of kernel ASLR (the code segment does not move around yet, but data and page table ASLR is fairly good."

Re:most of you will pretend you understand

[mwvdlee]

The summary could use a bit of translation, instead of merely copying content off a maillist post intended for a very specific group of kernel specialists using slang terminology.

Re:Status on other UNIX like kernels

According to Wikipedia, which is always right:

Similar features are available for other operating systems, including the PaX and Exec Shield patches for Linux, and NetBSD 4+'s implementation of PaX.

W^X

Re:most of you will pretend you understand

I don't know, it's not like there is some sort of free services out there that could help you find the explanation without parsing the whole list.

https://en.wikipedia.org/wiki/Trampoline_%28computing%29