| version 1.21, 2003/03/27 23:29:02 |
version 1.22, 2003/03/29 03:12:50 |
|
|
| <li>Integration of the |
<li>Integration of the |
| <a href="http://www.trl.ibm.com/projects/security/ssp">ProPolice</a> |
<a href="http://www.trl.ibm.com/projects/security/ssp">ProPolice</a> |
| stack protection technology into the system compiler. This protection is |
stack protection technology into the system compiler. This protection is |
| enabled by default. |
enabled by default. With this change, function prologues are modified |
| |
to rearrange the stack: a random canary is placed before the return |
| |
address, and buffer variables are moved closer to the canary so that |
| |
regular variables are below, and harder to smash. The function |
| |
epilogue then checks if the canary is still intact. If it is not, |
| |
the process is terminated. This change makes it very hard for an |
| |
attacker to modify the return address used when returning from a |
| |
function. |
| <p> |
<p> |
| |
|
| <li>W^X (pronounced: "W xor X") binaries on architectures capable of |
<li>W^X (pronounced: "W xor X") on architectures capable of |
| pure execute-bit support in the MMU (sparc, sparc64, alpha, |
pure execute-bit support in the MMU (sparc, sparc64, alpha, |
| hppa). This is a fine-grained memory permissions layout, ensuring that |
hppa). This is a fine-grained memory permissions layout, ensuring that |
| memory which can be written to by application programs can not be |
memory which can be written to by application programs can not be |
| executable at the same time and vice versa. This raises the bar on |
executable at the same time and vice versa. This raises the bar on |
| potential buffer overflows and other attacks. |
potential buffer overflows and other attacks: as a result, an attacker |
| |
is unable to write code anywhere in memory where it can be executed. |
| |
(NOTE: i386 and powerpc do not support W^X in 3.3; however, 3.4 will |
| |
make this change on those architectures as well). |
| <p> |
<p> |
| |
|
| <li>Still more reduction in setuid and setgid binaries, and more chroot |
<li>Still more reduction in setuid and setgid binaries, and more chroot |
| use throughout the system. |
use throughout the system. While some programs are still setuid or |
| |
setgid, almost all of them grab a resource and then quickly revoke |
| |
privilege. |
| <p> |
<p> |
| |
|
| <li>The X window system uses privilege separation, for better security. |
<li>The X window server and xconsole now use privilege separation, |
| |
for better security. Also, xterm has been modified to do privilege |
| |
revocation. xdm runs as a special user and group, to further constrain |
| |
what might go wrong. |
| <p> |
<p> |
| |
|
| <li>As usual, improvements to the documentation, notably the man pages and |
<li>As usual, improvements to the documentation, notably the man pages and |
|
|
| <li>Full CIDR support |
<li>Full CIDR support |
| <li>Early checksum verification return on invalid packets |
<li>Early checksum verification return on invalid packets |
| <li>Performance boost: large rulesets load much faster now |
<li>Performance boost: large rulesets load much faster now |
| <li>spamd, a spam deferral daemon, to whom smtp connections can be redirected to |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spamd">spamd</a>, |
| |
a spam deferral daemon, which SMTP connections can be redirected to. |
| |
This daemon handles connections based on black lists and white lists, |
| |
tar-pits the connections, and ensures that the spammer knows why their |
| |
mail has not been accepted. |
| </ul> |
</ul> |
| |
|
| <p> |
<p> |
![[BACK]](/icons/back.gif){kind=icon}
Return to 33.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www