- gnezdo@ and others for early on reviewing the ports tree and removing (or
at least reducing) calls to syscall(2)
- afresh1@, who followed my guidance and over 6 months wrote a syscall(2)
emulator inside
perl
- But most of all -- jsing@, who went through multiple iterations inside
the
go ecosystem to (1) force it to use libc system call stubs, which
permitted
msyscall(2), and (2) incrementally remove use of syscall(2)
inside go and go libraries.
The direct-syscalls-inside-the-binary model used by go (and only go, noone
else in the history of the unix software does this) provided the biggest
resistance against this effort.
Start to end, this took 5 years.
Together with library relinking, this makes some specific low-level attack
methods unfeasable on OpenBSD, which will force the use of other methods.
Hopefuly those other methods are more difficult, or also harmed by library
relinking and other changes we've made.
This is all about removing avenues, and forcing attackers to use other
methods which are hopefully more challenging.