===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/34.html,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- www/34.html	2003/09/04 04:28:18	1.3
+++ www/34.html	2003/09/04 04:52:08	1.4
@@ -85,14 +85,30 @@
 <p>
 
 <li>A static bounds checker has been added to the compiler to perform basic
-    checks on functions which accept buffers and sizes.
+    checks on functions which accept buffers and sizes.  The checker aims to
+    find common mistakes in the use of library functions such as 
+    <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strlcpy">strlcpy(3)</a>
+    or <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sscanf">sscanf(3)</a>
+    without emitting any false positives.  Running it over the source and ports
+    trees revealed over a hundred real bugs, which were fixed and submitted back
+    to the original authors where possible.
 <p>
 
-<li>Privilege separation for syslogd was integrated.
+<li>Privilege separation has been implemented for the syslog daemon, making it much
+    more robust against future errors.  The child which listens to network traffic
+    now runs as a normal user and chroots itself, while the parent process tracks
+    the state of the child and performs privileged operations on its behalf.
 <p>
 
 <li>Many unsafe string functions have been removed from the kernel and userland
-    utilities.
+    utilities.  This audit is one of the most comprehensive OpenBSD has ever done,
+    with thousands of occurrences of
+    <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strcpy">strcpy(3)</a> and
+    <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strcat">strcat(3)</a> 
+    being replaced with safer, bounded alternatives such as
+    <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strlcpy">strlcpy(3)</a> and
+    <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strlcat">strlcat(3)</a>.
+    
 <p>
 
 <li>Support for
@@ -103,8 +119,10 @@
 <li>Manual pages have been greatly cleaned up and improved.
 <p>
 
-<li>Systrace support in the ports subsystem to aid in detecting misbehaving
-    programs.
+<li>The ports tree now supports building programs under 
+    <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace">systrace(1)</a>,
+    preventing the possibility of applications harming the system at compile-time
+    via trojaned configuration scripts or otherwise.
 <p>
 
 <li>More licenses fixes, including the removal of the advertising clause
@@ -439,7 +457,7 @@
 alt="OpenBSD"></a>
 <a href="mailto:www@openbsd.org">www@openbsd.org</a>
 <br><small>
-$OpenBSD: 34.html,v 1.3 2003/09/04 04:28:18 jason Exp $
+$OpenBSD: 34.html,v 1.4 2003/09/04 04:52:08 avsm Exp $
 </small>
 
 </body>