Theo de Raadt wrote in <[email protected]>: |The following change only permits system calls from address-ranges |in the process which system calls are expected from. ... |Unfortunately our current go build model hasn't followed solaris/macos |approach yet of calling libc stubs, and uses the inappropriate "embed |system calls directly" method, so for now we'll need to authorize the main |program text as well. A comment in exec_elf.c explains this. | |If go is adapted to call library-based system call stubs on OpenBSD as
May i ask -- does this really mean that the (theoretic) possibility of writing a small assembler program which performs direct system calls will no longer be possible? Whereas i see "static binary: main program does system calls", a future change could very well restrict the allowed address range some more even then? --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)
