===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/34.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -c -r1.5 -r1.6
*** www/34.html 2003/09/04 05:04:08 1.5
--- www/34.html 2003/09/04 06:29:45 1.6
***************
*** 76,87 ****
The i386 architecture has been switched to the ELF executable format.
!
Further W^X improvements, including support for the i386 and powerpc
! architectures.
!
ELF platforms now have random library ordering for greater resistance to
! attacks.
A static bounds checker has been added to the compiler to perform basic
--- 76,91 ----
The i386 architecture has been switched to the ELF executable format.
!
Further W^X improvements, including support for the i386 architecture.
! Native i386 binaries have their executable segments rearranged to support
! isolating code from data.
!
ld.so on ELF platforms now loads libraries in a random order for
! greater resistance to attacks. The i386 architecture also has libraries
! mapped at random addresses. Along with W^X, these changes increase the
! difficulty of successfully exploiting an application error, such as a
! buffer overflow.
A static bounds checker has been added to the compiler to perform basic
***************
*** 94,108 ****
to the original authors where possible.
!
Privilege separation has been implemented for the syslog daemon, making it much
! more robust against future errors. The child which listens to network traffic
! now runs as a normal user and chroots itself, while the parent process tracks
! the state of the child and performs privileged operations on its behalf.
Many unsafe string functions have been removed from the kernel and userland
! utilities. This audit is one of the most comprehensive OpenBSD has ever done,
! with thousands of occurrences of
strcpy(3) and
strcat(3)
being replaced with safer, bounded alternatives such as
--- 98,113 ----
to the original authors where possible.
!
Privilege separation has been implemented for the syslog daemon, making
! it much more robust against future errors. The child which listens to
! network traffic now runs as a normal user and chroots itself, while the
! parent process tracks the state of the child and performs privileged
! operations on its behalf.
Many unsafe string functions have been removed from the kernel and userland
! utilities. This audit is one of the most comprehensive OpenBSD has ever
! done, with thousands of occurrences of
strcpy(3) and
strcat(3)
being replaced with safer, bounded alternatives such as
***************
*** 121,134 ****
The ports tree now supports building programs under
systrace(1),
! preventing the possibility of applications harming the system at compile-time
! via trojaned configuration scripts or otherwise.
More licenses fixes, including the removal of the advertising clause
! for large parts of the source tree.
Over 2400 tested packages.
--- 126,155 ----
The ports tree now supports building programs under
systrace(1),
! preventing the possibility of applications harming the system at
! compile-time via trojaned configuration scripts or otherwise.
More licenses fixes, including the removal of the advertising clause
! for large parts of the source tree.
+
Replacement of GNU diff, grep, and gzip with BSD licensed equivalents.
+
+
+
Addition of read-only support for NTFS file systems.
+
+
+
Reliability improvements to layered file systems, enabling NULLFS to
+ work again.
+
+
+
Improvements to the linux emulator enabling more applications to run.
+
+
+
Restructuring of Kerberos libraries for easier management.
+
+
Over 2400 tested packages.
***************
*** 457,463 ****
alt="OpenBSD">
www@openbsd.org
! $OpenBSD: 34.html,v 1.5 2003/09/04 05:04:08 avsm Exp $