CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2016/09/01 03:05:52
Modified files:
sys/dev : rnd.c
Log message:
openbsd.randomdata became RO in userland due to the RELRO work. We should
also do so in the kernel, which gains us RO ssp cookie, which will prevent
spraying attacks.
The random layer was openbsd.randomdata annotating working entropy/chacha
buffers which in turn required them to be RW. To make that work again,
so we need to copy RO seeds to RW working buffers, and later clear the
RO seed buffers afterwards using a temporary RW mapping.
help & ok kettenis, ok guenther
