www/34.html - diff

Return to 34.html CVS log

Up to [local] / www

Diff for /www/34.html between version 1.19 and 1.20

version 1.19, 2003/09/05 00:30:26

version 1.20, 2003/09/05 02:40:05

Line 83

effort limit on code execution.

<li>ld.so on ELF platforms now loads libraries in a random order for

on ELF platforms now loads libraries in a random order for

greater resistance to attacks. The i386 architecture also maps libraries

somewhat randomized addresses. Together with W^X and ProPolice, these

changes increase the difficulty of successfully exploiting an application

Line 100

Line 101

to the original authors where possible.

<li>Privilege separation has been implemented for the syslog daemon, making

<li>Privilege separation has been implemented for the

<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=syslogd">syslogd(8)</a>

daemon, making

it much more robust against future errors. The child which listens to

network traffic now runs as a normal user and chroots itself, while the

parent process tracks the state of the child and performs privileged

Line 135

Line 138

bugs in the X server.

<li>Emulation support for binary compatibility is now controlled via sysctl.

<li>Emulation support for binary compatibility is now controlled via

<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl">sysctl(1)</a>

Emulation is now disabled by default to limit exposure to malicious

binaries, and can be enabled in

Line 155

Line 159

for large parts of the source tree.

<li>Replacement of GNU diff/diff3, grep/egrep/fgrep/zgrep/zegrep/zfgrep,

<li>Replacement of GNU

and gzip/zcat/gunzip/gzcat/zcmp/zmore/zdiff/zforce/gzexe/znew

<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=diff">diff</a>,

with BSD licensed equivalents.

<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=diff3">diff3</a>,

<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=grep">grep</a>,

<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=egrep">egrep</a>,

<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fgrep">fgrep</a>,

<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=zgrep">zgrep</a>,

<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=zegrep">zegrep</a>,

<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=zfgrep">zfgrep</a>,

<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gzip">gzip</a>,

<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=zcat">zcat</a>,

<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gunzip">gunzip</a>,

<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gzcat">gzcat</a>,

<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=zcmp">zcmp</a>,

<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=zmore">zmore</a>,

<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=zdiff">zdiff</a>,

<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=zforce">zforce</a>,

<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gzexe">gzexe</a>,

and

commands with BSD licensed equivalents.

<li>Addition of read-only support for NTFS file systems.

<li>Addition of read-only support for

file systems.

<li>Reliability improvements to layered file systems, enabling NULLFS to

<li>Reliability improvements to layered file systems, enabling

work again.

<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mount_null">NULLFS</a>

to work again.

<li>Improvements to the Linux emulator enabling more applications to run.

Line 173

Line 198

<li>Significant improvements to the pthread library.

<li>Replace many static fd_set uses to poll() or dynamic allocation.

<li>Replace many static fd_set uses, to instead use

or dynamic allocation.

<li>Legacy KerberosIV support has been removed, and the remaining KerberosV

Line 184

Line 211

<li>A large number of bug fixes, changes, and optimizations to our packet filter

including:

<ul>

<li>packet tagging (e.g. filter on tags added by bridge based on MAC address)

<li>stateful TCP normalization (prevent uptime calculation and NAT detection)

<li>passive OS detection (filter or redirect connections based on source OS)

<li>SYN proxy (protect servers against SYN flood attacks)