CVSROOT: /cvs Module name: src Changes by: dera...@cvs.openbsd.org 2023/12/12 08:44:00
Modified files: libexec/ld.so : loader.c Log message: To avoid kbind(2) becoming a powerful gadget, it is called inline to a function. Therefore we cannot create a precise pinsyscall label. Instead create a duplicate entry (using inline asm) to force the kernel's pinsyscall code to skip validation, rather than labelling it illegal. kbind(2) remains safe because it self-protects by checking its calling address. ok kettenis