CVSROOT: /cvs
Module name: src
Changes by: dera...@cvs.openbsd.org 2023/12/12 08:44:00
Modified files:
libexec/ld.so : loader.c
Log message:
To avoid kbind(2) becoming a powerful gadget, it is called inline to a
function. Therefore we cannot create a precise pinsyscall label. Instead
create a duplicate entry (using inline asm) to force the kernel's pinsyscall
code to skip validation, rather than labelling it illegal. kbind(2) remains
safe because it self-protects by checking its calling address.
ok kettenis
