version 1.25, 2003/04/03 14:41:12 |
version 1.26, 2003/04/19 08:13:26 |
|
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> |
p<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> |
<html> |
<html> |
<head> |
<head> |
<title>OpenBSD 3.3 Release</title> |
<title>OpenBSD 3.3 Release</title> |
|
|
<ul> |
<ul> |
<li>Integration of the |
<li>Integration of the |
<a href="http://www.trl.ibm.com/projects/security/ssp">ProPolice</a> |
<a href="http://www.trl.ibm.com/projects/security/ssp">ProPolice</a> |
stack protection technology into the system compiler. This protection is |
stack protection technology, by Hiroaki Etoh, into the system |
enabled by default. With this change, function prologues are modified |
compiler. This protection is enabled by default. With this change, |
to rearrange the stack: a random canary is placed before the return |
function prologues are modified to rearrange the stack: a random |
address, and buffer variables are moved closer to the canary so that |
canary is placed before the return address, and buffer variables are |
regular variables are below, and harder to smash. The function |
moved closer to the canary so that regular variables are below, and |
epilogue then checks if the canary is still intact. If it is not, |
harder to smash. The function epilogue then checks if the canary is |
the process is terminated. This change makes it very hard for an |
still intact. If it is not, the process is terminated. This change |
attacker to modify the return address used when returning from a |
makes it very hard for an attacker to modify the return address used |
function. |
when returning from a function. |
<p> |
<p> |
|
|
<li>W^X (pronounced: "W xor X") on architectures capable of |
<li>W^X (pronounced: "W xor X") on architectures capable of |
|
|
executable at the same time and vice versa. This raises the bar on |
executable at the same time and vice versa. This raises the bar on |
potential buffer overflows and other attacks: as a result, an attacker |
potential buffer overflows and other attacks: as a result, an attacker |
is unable to write code anywhere in memory where it can be executed. |
is unable to write code anywhere in memory where it can be executed. |
(NOTE: i386 and powerpc do not support W^X in 3.3; however, 3.4 will |
(NOTE: i386 and powerpc do not support W^X in 3.3; however, 3.3-current |
make this change on those architectures as well). |
already supports it on i386, and both these processors are expected to |
|
support this change in 3.4). |
<p> |
<p> |
|
|
<li>Still more reduction in setuid and setgid binaries, and more chroot |
<li>Still more reduction in setuid and setgid binaries, and more chroot |