ok I know I can do base conversion with dc, but the decimal offsets are just as mysterious as the hex offsets. I still don’t know where my syscalls are ¯\_(ツ)_/¯
I’m guessing they’re callsites, to prevent unintended locations in memory from hosting syscalls in a stack smashing or return-oriented programming attack.
Oh, I thought OpenBSD’s syscall protection was tied to libc specifically, though I must admit I didn’t think through the details. An mprotect call in ld.so that permits libc and denies all others? But then how can ld.so make syscalls safely? Is this blog post hinting at the answer?
I’m guessing libc has syscalls in it, and also the magic .openbsd.syscalls section that identifies the location of each one. So an ordinary program that doesn’t try to make syscalls on its own will link against libc and use libc’s pre-approved syscalls.
I guess you can make syscalls outside of libc if you add the necessary .openbsd.syscalls (as in this blogpost), but unlike Linux they’re not guaranteed to be stable so it’s still a bad idea.
Related: A more robust raw OpenBSD syscall demo
ok I know I can do base conversion with dc, but the decimal offsets are just as mysterious as the hex offsets. I still don’t know where my syscalls are ¯\_(ツ)_/¯
I’m guessing they’re callsites, to prevent unintended locations in memory from hosting syscalls in a stack smashing or return-oriented programming attack.
Oh, I thought OpenBSD’s syscall protection was tied to libc specifically, though I must admit I didn’t think through the details. An mprotect call in ld.so that permits libc and denies all others? But then how can ld.so make syscalls safely? Is this blog post hinting at the answer?
I’m guessing libc has syscalls in it, and also the magic
.openbsd.syscallssection that identifies the location of each one. So an ordinary program that doesn’t try to make syscalls on its own will link against libc and use libc’s pre-approved syscalls.I guess you can make syscalls outside of libc if you add the necessary
.openbsd.syscalls(as in this blogpost), but unlike Linux they’re not guaranteed to be stable so it’s still a bad idea.