===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/33.html,v
retrieving revision 1.25
retrieving revision 1.26
diff -c -r1.25 -r1.26
*** www/33.html 2003/04/03 14:41:12 1.25
--- www/33.html 2003/04/19 08:13:26 1.26
***************
*** 1,4 ****
!
OpenBSD 3.3 Release
--- 1,4 ----
! p
OpenBSD 3.3 Release
***************
*** 74,88 ****
- Integration of the
ProPolice
! stack protection technology into the system compiler. This protection is
! enabled by default. With this change, function prologues are modified
! to rearrange the stack: a random canary is placed before the return
! address, and buffer variables are moved closer to the canary so that
! regular variables are below, and harder to smash. The function
! epilogue then checks if the canary is still intact. If it is not,
! the process is terminated. This change makes it very hard for an
! attacker to modify the return address used when returning from a
! function.
- W^X (pronounced: "W xor X") on architectures capable of
--- 74,88 ----
- Integration of the
ProPolice
! stack protection technology, by Hiroaki Etoh, into the system
! compiler. This protection is enabled by default. With this change,
! function prologues are modified to rearrange the stack: a random
! canary is placed before the return address, and buffer variables are
! moved closer to the canary so that regular variables are below, and
! harder to smash. The function epilogue then checks if the canary is
! still intact. If it is not, the process is terminated. This change
! makes it very hard for an attacker to modify the return address used
! when returning from a function.
- W^X (pronounced: "W xor X") on architectures capable of
***************
*** 92,99 ****
executable at the same time and vice versa. This raises the bar on
potential buffer overflows and other attacks: as a result, an attacker
is unable to write code anywhere in memory where it can be executed.
! (NOTE: i386 and powerpc do not support W^X in 3.3; however, 3.4 will
! make this change on those architectures as well).
- Still more reduction in setuid and setgid binaries, and more chroot
--- 92,100 ----
executable at the same time and vice versa. This raises the bar on
potential buffer overflows and other attacks: as a result, an attacker
is unable to write code anywhere in memory where it can be executed.
! (NOTE: i386 and powerpc do not support W^X in 3.3; however, 3.3-current
! already supports it on i386, and both these processors are expected to
! support this change in 3.4).
- Still more reduction in setuid and setgid binaries, and more chroot
***************
*** 440,446 ****
alt="OpenBSD">
www@openbsd.org
! $OpenBSD: 33.html,v 1.25 2003/04/03 14:41:12 nick Exp $
--- 441,447 ----
alt="OpenBSD">
www@openbsd.org
! $OpenBSD: 33.html,v 1.26 2003/04/19 08:13:26 deraadt Exp $