===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/33.html,v
retrieving revision 1.25
retrieving revision 1.26
diff -c -r1.25 -r1.26
*** www/33.html	2003/04/03 14:41:12	1.25
--- www/33.html	2003/04/19 08:13:26	1.26
***************
*** 1,4 ****
! <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
  <html>
  <head>
  <title>OpenBSD 3.3 Release</title>
--- 1,4 ----
! p<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
  <html>
  <head>
  <title>OpenBSD 3.3 Release</title>
***************
*** 74,88 ****
  <ul>
  <li>Integration of the
  <a href="http://www.trl.ibm.com/projects/security/ssp">ProPolice</a>
! stack protection technology into the system compiler. This protection is
! enabled by default.  With this change, function prologues are modified
! to rearrange the stack: a random canary is placed before the return
! address, and buffer variables are moved closer to the canary so that
! regular variables are below, and harder to smash.  The function
! epilogue then checks if the canary is still intact.  If it is not,
! the process is terminated.  This change makes it very hard for an
! attacker to modify the return address used when returning from a
! function.
  <p>
  
  <li>W^X (pronounced: "W xor X") on architectures capable of
--- 74,88 ----
  <ul>
  <li>Integration of the
  <a href="http://www.trl.ibm.com/projects/security/ssp">ProPolice</a>
! stack protection technology, by Hiroaki Etoh, into the system
! compiler. This protection is enabled by default.  With this change,
! function prologues are modified to rearrange the stack: a random
! canary is placed before the return address, and buffer variables are
! moved closer to the canary so that regular variables are below, and
! harder to smash.  The function epilogue then checks if the canary is
! still intact.  If it is not, the process is terminated.  This change
! makes it very hard for an attacker to modify the return address used
! when returning from a function.
  <p>
  
  <li>W^X (pronounced: "W xor X") on architectures capable of
***************
*** 92,99 ****
  executable at the same time and vice versa.  This raises the bar on
  potential buffer overflows and other attacks: as a result, an attacker
  is unable to write code anywhere in memory where it can be executed.
! (NOTE: i386 and powerpc do not support W^X in 3.3; however, 3.4 will
! make this change on those architectures as well). 
  <p>
  
  <li>Still more reduction in setuid and setgid binaries, and more chroot
--- 92,100 ----
  executable at the same time and vice versa.  This raises the bar on
  potential buffer overflows and other attacks: as a result, an attacker
  is unable to write code anywhere in memory where it can be executed.
! (NOTE: i386 and powerpc do not support W^X in 3.3; however, 3.3-current
! already supports it on i386, and both these processors are expected to
! support this change in 3.4). 
  <p>
  
  <li>Still more reduction in setuid and setgid binaries, and more chroot
***************
*** 440,446 ****
  alt="OpenBSD"></a> 
  <a href="mailto:www@openbsd.org">www@openbsd.org</a>
  <br><small>
! $OpenBSD: 33.html,v 1.25 2003/04/03 14:41:12 nick Exp $
  </small>
  
  </body>
--- 441,447 ----
  alt="OpenBSD"></a> 
  <a href="mailto:www@openbsd.org">www@openbsd.org</a>
  <br><small>
! $OpenBSD: 33.html,v 1.26 2003/04/19 08:13:26 deraadt Exp $
  </small>
  
  </body>