https://undeadly.org/cgi?action=article;sid=20230714121907 Front page [ ] [Search site] OpenBSD Journal Home Archives About Submit Story Create Account Login Mandatory enforcement of indirect branch targets Contributed by rueda on 2023-07-14 from the targeted-protection dept. Theo de Raadt (deraadt@) has updated innovations.html to include an item regarding the work which has been done to enforce indirect branch target restriction (on the amd64 [Intel] and arm64 platforms). The commit message provides some detail: CVSROOT: /cvs Module name: www Changes by: deraadt@cvs.openbsd.org 2023/07/13 08:02:00 Modified files: . : innovations.html Log message: Over the last 6 months we've worked on adding arm64 BTI & Intel IBT support in the kernels and all userland binaries. We have been fixing all the applications along the way. Many developers were involved. There is an innovative and substantial difference in our approach compared to how Linux is doing it: - On OpenBSD, IBT/BTI enforcement is on by default (meaning mandatory), unless a binary is linked to request opt-out (using -Wl,-z,nobtcfi). After all our fixes, very few application binaries need that, and that count is expected to shrink quickly as we (or upstreams) fix the outstanding issues. - On Linux they are rehashing the same design as their executable-stack mechanism: if a single .o file in a resulting binary isn't marked as IBT/BTI enforcement, the system will (silently) execute the program without enforcement and noone knows this is happening. So for an issue from around 2001, today Linux binaries with executable stack exist and work unsafely. I expect that 20 years from now Linux binaries without IBT/BTI enforcement will also exist and work unsafely.. For a little background information, see ARM Inc's Reference documentation. The main commits that enabled the protection were this and this, after extensive testing in snapshots that turned up various problems that needed fixing in developer tools as well as several different applications. Reply --------------------------------------------------------------------- Latest Articles * Fri, Jul 14 + 12:19 Mandatory enforcement of indirect branch targets (0) * Thu, Jul 13 + 11:02 OpenBGPD 8.1 released (0) * Wed, Jul 12 + 13:50 pkg_*: the road forward (2) * Tue, Jul 11 + 11:33 Wayland on OpenBSD (0) * Thu, Jul 06 + 11:58 Major pfsync(4) Rewrite Has Been Committed (0) + 04:45 Soft updates (softdep) disabled for future VFS work (3) * Tue, Jul 04 + 09:42 [CFT] sec(4) for Route Based IPSec VPNs (3) * Sat, Jun 24 + 05:43 Game of Trees 0.90 released (0) * Wed, Jun 21 + 08:19 [CFT] Major pfsync(4) Rewrite on the Horizon (0) Credits Copyright (c) 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]