@kmeisthax (Like, the goal seems to be “oh the attacker cannot put an arbitrary thing in rax and jump to a syscall instruction”. But like libc *by design* has to have gadgets that load it up with basically any valid syscall number…)

@saagar I suspect OpenBSD plans to change its libc to not have that kind of gadget and instead have a separate wrapper per syscall. They can do that because OpenBSD does NOT make any KABI promises whatsoever (unlike Linux).

This is also why Go keeps breaking on OpenBSD. I suspect that might also be part of their threat model...

@kmeisthax This is going to break applications that use dlsym to look up symbols in libc though

@kmeisthax Like if you take this to its logical conclusion it’s just “applications should specify which system calls they use” which is literally just what pledge does and it’s enforced by the kernel and not in some weird ad-hoc IP to syscall number lookup scheme