why- Open BSD .rocks

Syscall From-Verification (∞)

From OpenBSD 6.7 on, the kernel checks if a syscall is executed from the address space where it’s corresponding process is coming from. If this is not the case, the process gets killed.

This helps avoiding attackers uploading exploit code containing a raw system call sequence and instructions.

Details: