DavePolaschek [soylentnews.org] writes:
OpenBSD 6.4 [openbsd.org] has dropped, and has a bunch of improvements, including:
- Unveil(2) system call to restrict file system access to specified directories / files
- RETGUARD protection added for AMD64 and ARM64
- clang includes a ROP gadget replacement pass
- clang includes retpoline mitigation for Spectre Variant 2
- meltdown mitigation for i386
- amd64 doesn't leak FPU state information across protection boundaries
...and much more.
Original Submission