| version 1.3, 2003/09/04 04:28:18 |
version 1.4, 2003/09/04 04:52:08 |
|
|
| <p> |
<p> |
| |
|
| <li>A static bounds checker has been added to the compiler to perform basic |
<li>A static bounds checker has been added to the compiler to perform basic |
| checks on functions which accept buffers and sizes. |
checks on functions which accept buffers and sizes. The checker aims to |
| |
find common mistakes in the use of library functions such as |
| |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strlcpy">strlcpy(3)</a> |
| |
or <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sscanf">sscanf(3)</a> |
| |
without emitting any false positives. Running it over the source and ports |
| |
trees revealed over a hundred real bugs, which were fixed and submitted back |
| |
to the original authors where possible. |
| <p> |
<p> |
| |
|
| <li>Privilege separation for syslogd was integrated. |
<li>Privilege separation has been implemented for the syslog daemon, making it much |
| |
more robust against future errors. The child which listens to network traffic |
| |
now runs as a normal user and chroots itself, while the parent process tracks |
| |
the state of the child and performs privileged operations on its behalf. |
| <p> |
<p> |
| |
|
| <li>Many unsafe string functions have been removed from the kernel and userland |
<li>Many unsafe string functions have been removed from the kernel and userland |
| utilities. |
utilities. This audit is one of the most comprehensive OpenBSD has ever done, |
| |
with thousands of occurrences of |
| |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strcpy">strcpy(3)</a> and |
| |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strcat">strcat(3)</a> |
| |
being replaced with safer, bounded alternatives such as |
| |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strlcpy">strlcpy(3)</a> and |
| |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strlcat">strlcat(3)</a>. |
| |
|
| <p> |
<p> |
| |
|
| <li>Support for |
<li>Support for |
|
|
| <li>Manual pages have been greatly cleaned up and improved. |
<li>Manual pages have been greatly cleaned up and improved. |
| <p> |
<p> |
| |
|
| <li>Systrace support in the ports subsystem to aid in detecting misbehaving |
<li>The ports tree now supports building programs under |
| programs. |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace">systrace(1)</a>, |
| |
preventing the possibility of applications harming the system at compile-time |
| |
via trojaned configuration scripts or otherwise. |
| <p> |
<p> |
| |
|
| <li>More licenses fixes, including the removal of the advertising clause |
<li>More licenses fixes, including the removal of the advertising clause |
![[BACK]](/icons/back.gif){kind=icon}
Return to 34.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www