OpenBSD is experimenting with a new mitigation to defend against return-oriented programming (ROP) attacks, which are difficult to defend against. The new mitigation makes it harder for attackers to make system calls, but some security researchers doubt its effectiveness. The previous restrictions on where system calls could be made have been expanded, and a new pintable system call has been introduced. The new work adds an ELF section to select programs, specifying which system call is expected at each location. While this work adds another barrier to ROP attacks, it is unlikely to be adopted elsewhere due to doubts about its practical benefit and the added complexity it introduces.
https://lwn.net/SubscriberLink/959562/0578b8e463f790c1/