There is a paragraph in the article dedicated to this, starting with:
> Security researchers have expressed doubt about how useful this check is at preventing compromises.
Doesn't cite the HN thread, but two other cases.
> I think? this is the same work, just now merged into the kernel?
That is my understanding, yes. From the article:
> In December, De Raadt sent a patch to the OpenBSD mailing list expanding OpenBSD's restrictions on the locations from which a process can make system calls. ... Now that patch has been merged, finishing a process which De Raadt said has taken five years.
> Security researchers have expressed doubt about how useful this check is at preventing compromises.
Doesn't cite the HN thread, but two other cases.
> I think? this is the same work, just now merged into the kernel?
That is my understanding, yes. From the article:
> In December, De Raadt sent a patch to the OpenBSD mailing list expanding OpenBSD's restrictions on the locations from which a process can make system calls. ... Now that patch has been merged, finishing a process which De Raadt said has taken five years.