Theo de Raadt (Theo de Raadt) added to the Patch series for additional protection of memory memory for additional protection of memory processes in the user space. The developers have offered a new system call and associated with it the mimmutable library function of the same name, which allows to fix the rights of access when reflecting in memory (Memory Mappings). After fixing, the right to recording and execution exhibited for the region of memory, it is impossible to further change through the subsequent challenges of the functions of MMAP (), mprotect () and munmap (), which, when trying to change, will give out error Eperm.
To control the ability to change the rights of reflected memory for object files, a new Mutable BSS section (.openbsd.mutable, Mutable Block Starting Symbol) is proposed, and new PF_MUTABLE and UVM_et_imMutable flags are added. Support for determining the “OpenBSD.mutable” sections and their placement in a separate area in the BSS, leveled along the border of the memory page, has been added to the compounder. Through a call, Mimmutable functions are given the possibility of marking all reflected areas as unchanged (immutable), with the exception of sections noted as “Openbsd.mutable”. A new opportunity will be brought to users in the OpenBSD 7.3.