artulab.com Git - openbsd/commit

author	deraadt <deraadt@openbsd.org>
	Wed, 31 May 2017 19:18:18 +0000 (19:18 +0000)
committer	deraadt <deraadt@openbsd.org>
	Wed, 31 May 2017 19:18:18 +0000 (19:18 +0000)
commit	527d7fdf3c0bf4f2d31d1136ecd5de1aab43c9e6
tree	27cbb620e665eee08e2c475ae28656ffb58564da	tree \| snapshot
parent	8261d4169f4a17beedca416306d4bdd77c24e60d	commit \| diff

Split early startup code out of locore.S into locore0.S.  Adjust link
run so that this locore0.o is always at the start of the executable.
But randomize the link order of all other .o files in the kernel, so
that their exec/rodata/data/bss segments land all over the place.
Late during kernel boot, unmap the early startup code.

As a result, the internal layout of every newly build bsd kernel is
different from past kernels.  Internal relative offsets are not known
to an outside attacker.  The only known offsets are in the startup code,
which has been unmapped.

Ramdisk kernels cannot be compiled like this, because they are gzip'd.
When the internal pointer references change, the compression dictionary
bloats and results in poorer compression.

ok kettenis mlarkin visa, also thanks to tedu for getting me back to this

sys/arch/amd64/amd64/autoconf.c		diff \| blob \| history
sys/arch/amd64/amd64/locore.S		diff \| blob \| history
sys/arch/amd64/amd64/locore0.S	[new file with mode: 0644]	blob
sys/arch/amd64/conf/Makefile.amd64		diff \| blob \| history
sys/arch/amd64/conf/files.amd64		diff \| blob \| history
sys/arch/amd64/conf/ld.script		diff \| blob \| history
sys/arch/i386/conf/Makefile.i386		diff \| blob \| history
sys/arch/i386/conf/files.i386		diff \| blob \| history
sys/arch/i386/conf/ld.script		diff \| blob \| history
sys/arch/i386/i386/autoconf.c		diff \| blob \| history
sys/arch/i386/i386/locore.s		diff \| blob \| history
sys/arch/i386/i386/locore0.S	[new file with mode: 0644]	blob
sys/conf/makegap.sh	[new file with mode: 0644]	blob