At present, mprotect(2) may reduce permissions on immutable pages marked
PROT_READ | PROT_WRITE to the less permissive PROT_READ. This one-way
operation is permitted for an introductory period to observe how software
uses this mechanism. It may change to require explicit mutable region
annotation with __attribute__((section(".openbsd.mutable"))) and explicit
calls to mimmutable().
^^^ Decided we'll do that for now, since we've only discovered one program
trying to be clever so far (chrome is trying to do something smart, and
mimmutable makes it even better)
discussed with kettenis and robert
projects / openbsd / commit