===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/34.html,v
retrieving revision 1.13
retrieving revision 1.14
diff -c -r1.13 -r1.14
*** www/34.html 2003/09/04 18:23:19 1.13
--- www/34.html 2003/09/04 19:15:21 1.14
***************
*** 79,92 ****
Further W^X improvements, including support for the i386 architecture.
Native i386 binaries have their executable segments rearranged to support
! isolating code from data.
ld.so on ELF platforms now loads libraries in a random order for
! greater resistance to attacks. The i386 architecture also has libraries
! mapped at random addresses. Along with W^X, these changes increase the
! difficulty of successfully exploiting an application error, such as a
! buffer overflow.
A static bounds checker has been added to the compiler to perform basic
--- 79,93 ----
Further W^X improvements, including support for the i386 architecture.
Native i386 binaries have their executable segments rearranged to support
! isolating code from data, and the cpu CS limit is used to impose a best
! effort limit on code execution.
ld.so on ELF platforms now loads libraries in a random order for
! greater resistance to attacks. The i386 architecture also maps libraries
! somewhat randomized addresses. Together with W^X and ProPolice, these
! changes increase the difficulty of successfully exploiting an application
! error, such as a buffer overflow.
A static bounds checker has been added to the compiler to perform basic
***************
*** 487,493 ****
alt="OpenBSD">
www@openbsd.org
! $OpenBSD: 34.html,v 1.13 2003/09/04 18:23:19 david Exp $