version 1.21, 2003/03/27 23:29:02 |
version 1.22, 2003/03/29 03:12:50 |
|
|
<li>Integration of the |
<li>Integration of the |
<a href="http://www.trl.ibm.com/projects/security/ssp">ProPolice</a> |
<a href="http://www.trl.ibm.com/projects/security/ssp">ProPolice</a> |
stack protection technology into the system compiler. This protection is |
stack protection technology into the system compiler. This protection is |
enabled by default. |
enabled by default. With this change, function prologues are modified |
|
to rearrange the stack: a random canary is placed before the return |
|
address, and buffer variables are moved closer to the canary so that |
|
regular variables are below, and harder to smash. The function |
|
epilogue then checks if the canary is still intact. If it is not, |
|
the process is terminated. This change makes it very hard for an |
|
attacker to modify the return address used when returning from a |
|
function. |
<p> |
<p> |
|
|
<li>W^X (pronounced: "W xor X") binaries on architectures capable of |
<li>W^X (pronounced: "W xor X") on architectures capable of |
pure execute-bit support in the MMU (sparc, sparc64, alpha, |
pure execute-bit support in the MMU (sparc, sparc64, alpha, |
hppa). This is a fine-grained memory permissions layout, ensuring that |
hppa). This is a fine-grained memory permissions layout, ensuring that |
memory which can be written to by application programs can not be |
memory which can be written to by application programs can not be |
executable at the same time and vice versa. This raises the bar on |
executable at the same time and vice versa. This raises the bar on |
potential buffer overflows and other attacks. |
potential buffer overflows and other attacks: as a result, an attacker |
|
is unable to write code anywhere in memory where it can be executed. |
|
(NOTE: i386 and powerpc do not support W^X in 3.3; however, 3.4 will |
|
make this change on those architectures as well). |
<p> |
<p> |
|
|
<li>Still more reduction in setuid and setgid binaries, and more chroot |
<li>Still more reduction in setuid and setgid binaries, and more chroot |
use throughout the system. |
use throughout the system. While some programs are still setuid or |
|
setgid, almost all of them grab a resource and then quickly revoke |
|
privilege. |
<p> |
<p> |
|
|
<li>The X window system uses privilege separation, for better security. |
<li>The X window server and xconsole now use privilege separation, |
|
for better security. Also, xterm has been modified to do privilege |
|
revocation. xdm runs as a special user and group, to further constrain |
|
what might go wrong. |
<p> |
<p> |
|
|
<li>As usual, improvements to the documentation, notably the man pages and |
<li>As usual, improvements to the documentation, notably the man pages and |
|
|
<li>Full CIDR support |
<li>Full CIDR support |
<li>Early checksum verification return on invalid packets |
<li>Early checksum verification return on invalid packets |
<li>Performance boost: large rulesets load much faster now |
<li>Performance boost: large rulesets load much faster now |
<li>spamd, a spam deferral daemon, to whom smtp connections can be redirected to |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=spamd">spamd</a>, |
|
a spam deferral daemon, which SMTP connections can be redirected to. |
|
This daemon handles connections based on black lists and white lists, |
|
tar-pits the connections, and ensures that the spammer knows why their |
|
mail has not been accepted. |
</ul> |
</ul> |
|
|
<p> |
<p> |