===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/33.html,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -r1.25 -r1.26
--- www/33.html 2003/04/03 14:41:12 1.25
+++ www/33.html 2003/04/19 08:13:26 1.26
@@ -1,4 +1,4 @@
-
+p
OpenBSD 3.3 Release
@@ -74,15 +74,15 @@
- Integration of the
ProPolice
-stack protection technology into the system compiler. This protection is
-enabled by default. With this change, function prologues are modified
-to rearrange the stack: a random canary is placed before the return
-address, and buffer variables are moved closer to the canary so that
-regular variables are below, and harder to smash. The function
-epilogue then checks if the canary is still intact. If it is not,
-the process is terminated. This change makes it very hard for an
-attacker to modify the return address used when returning from a
-function.
+stack protection technology, by Hiroaki Etoh, into the system
+compiler. This protection is enabled by default. With this change,
+function prologues are modified to rearrange the stack: a random
+canary is placed before the return address, and buffer variables are
+moved closer to the canary so that regular variables are below, and
+harder to smash. The function epilogue then checks if the canary is
+still intact. If it is not, the process is terminated. This change
+makes it very hard for an attacker to modify the return address used
+when returning from a function.
- W^X (pronounced: "W xor X") on architectures capable of
@@ -92,8 +92,9 @@
executable at the same time and vice versa. This raises the bar on
potential buffer overflows and other attacks: as a result, an attacker
is unable to write code anywhere in memory where it can be executed.
-(NOTE: i386 and powerpc do not support W^X in 3.3; however, 3.4 will
-make this change on those architectures as well).
+(NOTE: i386 and powerpc do not support W^X in 3.3; however, 3.3-current
+already supports it on i386, and both these processors are expected to
+support this change in 3.4).
- Still more reduction in setuid and setgid binaries, and more chroot
@@ -440,7 +441,7 @@
alt="OpenBSD">
www@openbsd.org
-$OpenBSD: 33.html,v 1.25 2003/04/03 14:41:12 nick Exp $
+$OpenBSD: 33.html,v 1.26 2003/04/19 08:13:26 deraadt Exp $