CVSROOT: /cvs Module name: src Changes by: dera...@cvs.openbsd.org 2020/10/15 10:30:23
Modified files: lib/csu/aarch64: md_init.h lib/csu/alpha : md_init.h lib/csu/amd64 : md_init.h lib/csu/arm : md_init.h lib/csu/hppa : md_init.h lib/csu/i386 : md_init.h lib/csu/m88k : md_init.h lib/csu/mips64 : md_init.h lib/csu/powerpc: md_init.h lib/csu/powerpc64: md_init.h lib/csu/sh : md_init.h lib/csu/sparc64: md_init.h Log message: crt0 MD _dl_exit() performs syscall to SYS_exit directly, but then some of these functions were returning. That makes the +1word address a fairly strong and easily located gadget. Put a hard-trap instruction after the syscall. This remains a gadget for 'terminal system' calls (such as execve), but hey that's why we have pledge w/o "exec" throughout the tree. Quite surprisingly, hppa's delay-slot load of SYS_exit makes it the safest of the bunch, not that this helps anyone. ok kettenis