===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/33.html,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -r1.25 -r1.26
--- www/33.html	2003/04/03 14:41:12	1.25
+++ www/33.html	2003/04/19 08:13:26	1.26
@@ -1,4 +1,4 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+p<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
 <html>
 <head>
 <title>OpenBSD 3.3 Release</title>
@@ -74,15 +74,15 @@
 <ul>
 <li>Integration of the
 <a href="http://www.trl.ibm.com/projects/security/ssp">ProPolice</a>
-stack protection technology into the system compiler. This protection is
-enabled by default.  With this change, function prologues are modified
-to rearrange the stack: a random canary is placed before the return
-address, and buffer variables are moved closer to the canary so that
-regular variables are below, and harder to smash.  The function
-epilogue then checks if the canary is still intact.  If it is not,
-the process is terminated.  This change makes it very hard for an
-attacker to modify the return address used when returning from a
-function.
+stack protection technology, by Hiroaki Etoh, into the system
+compiler. This protection is enabled by default.  With this change,
+function prologues are modified to rearrange the stack: a random
+canary is placed before the return address, and buffer variables are
+moved closer to the canary so that regular variables are below, and
+harder to smash.  The function epilogue then checks if the canary is
+still intact.  If it is not, the process is terminated.  This change
+makes it very hard for an attacker to modify the return address used
+when returning from a function.
 <p>
 
 <li>W^X (pronounced: "W xor X") on architectures capable of
@@ -92,8 +92,9 @@
 executable at the same time and vice versa.  This raises the bar on
 potential buffer overflows and other attacks: as a result, an attacker
 is unable to write code anywhere in memory where it can be executed.
-(NOTE: i386 and powerpc do not support W^X in 3.3; however, 3.4 will
-make this change on those architectures as well). 
+(NOTE: i386 and powerpc do not support W^X in 3.3; however, 3.3-current
+already supports it on i386, and both these processors are expected to
+support this change in 3.4). 
 <p>
 
 <li>Still more reduction in setuid and setgid binaries, and more chroot
@@ -440,7 +441,7 @@
 alt="OpenBSD"></a> 
 <a href="mailto:www@openbsd.org">www@openbsd.org</a>
 <br><small>
-$OpenBSD: 33.html,v 1.25 2003/04/03 14:41:12 nick Exp $
+$OpenBSD: 33.html,v 1.26 2003/04/19 08:13:26 deraadt Exp $
 </small>
 
 </body>