Backport patch for increased rowhammer resistance from OpenBSD

[nmeum]

This commit backports an OpenBSD doas change which attempt to make doas more resistant to rowhammer attacks.

A similar change has been committed to sudo last year.

See:

• openbsd/src@38599af
• sudo-project/sudo@7873f83
• https://doi.org/10.48550/arXiv.2309.02545

[ncopa]

Any plans to merge this?

[walking-octopus]

Is the maintainer active? Last pull request merged was in January of 2022.

[gregstula]

tl;dr yes this project is maintained; this is the void linux opendoas fork.

@walking-octopus
Hey I investigated this because I, too, am I doas enjoyer. Leaving this breakdown here for posterity since I found a reddit thread from 9 months ago asking if the project was dead, so I'm sure some other curious doas user will stumble upon this PR.

Is the maintainer active?

Duncaen is very active on this very github account. From what I saw, he is a well respected maintainer of VoidLinux which has roots in openBSD and they are the ones that revived opendoas. You can see on his github page that he is a very active maintainer and committing almost daily. This package is in good hard working active hands.

Last pull request merged was in January of 2022.

doas is fairly stable and the codebase is small. It's not expected to get many updates. This pull request is the only change that is behind upstream. If you look at openBSD's commit and the pull request here, you'll it's a very small change to add some mitigation for rowhammer and it was somewhat reluctantly merged only because of how dead simple it was

openbsd/src@38599af

change permit to be more bits away from deny, because rowhammer.
not really sure why this is our problem, but the diff is small.
ok deraadt millert miod

So it's probably just low priority for @Duncaen at the moment. This is definitely a maintained fork from what I can see