Theo de Raadt wrote in <[email protected]>: |Steffen Nurpmeso <[email protected]> wrote: |1> Theo de Raadt wrote in <[email protected]>: |>|The following change only permits system calls from address-ranges |>|in the process which system calls are expected from. |> ... |>|Unfortunately our current go build model hasn't followed solaris/macos |>|approach yet of calling libc stubs, and uses the inappropriate "embed |>|system calls directly" method, so for now we'll need to authorize \ |>|the main |>|program text as well. A comment in exec_elf.c explains this. |>| |>|If go is adapted to call library-based system call stubs on OpenBSD as |> |> May i ask -- does this really mean that the (theoretic) |> possibility of writing a small assembler program which performs |> direct system calls will no longer be possible? |> Whereas i see "static binary: main program does system calls", |> a future change could very well restrict the allowed address range |> some more even then? | |Hopefully once go (and other environments which do the same) are |converted to use libc stubs, yes. Unless your binary is static (which |is PIC/PIE, which is already an ABI hurdle). | |Program to the API rather than the ABI. When we see benefits, we |change the ABI more often than the API. | |I have altered the ABI. Pray I do not alter it further.
Ok. It was that cool feeling once you had learned assembler, only you (, the assembler) and the OS. Thanks, and ciao! --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)
