===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/34.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- www/34.html 2003/09/04 05:04:08 1.5
+++ www/34.html 2003/09/04 06:29:45 1.6
@@ -76,12 +76,16 @@
The i386 architecture has been switched to the ELF executable format.
-
Further W^X improvements, including support for the i386 and powerpc
- architectures.
+Further W^X improvements, including support for the i386 architecture.
+ Native i386 binaries have their executable segments rearranged to support
+ isolating code from data.
-
ELF platforms now have random library ordering for greater resistance to
- attacks.
+ld.so on ELF platforms now loads libraries in a random order for
+ greater resistance to attacks. The i386 architecture also has libraries
+ mapped at random addresses. Along with W^X, these changes increase the
+ difficulty of successfully exploiting an application error, such as a
+ buffer overflow.
A static bounds checker has been added to the compiler to perform basic
@@ -94,15 +98,16 @@
to the original authors where possible.
-
Privilege separation has been implemented for the syslog daemon, making it much
- more robust against future errors. The child which listens to network traffic
- now runs as a normal user and chroots itself, while the parent process tracks
- the state of the child and performs privileged operations on its behalf.
+Privilege separation has been implemented for the syslog daemon, making
+ it much more robust against future errors. The child which listens to
+ network traffic now runs as a normal user and chroots itself, while the
+ parent process tracks the state of the child and performs privileged
+ operations on its behalf.
Many unsafe string functions have been removed from the kernel and userland
- utilities. This audit is one of the most comprehensive OpenBSD has ever done,
- with thousands of occurrences of
+ utilities. This audit is one of the most comprehensive OpenBSD has ever
+ done, with thousands of occurrences of
strcpy(3) and
strcat(3)
being replaced with safer, bounded alternatives such as
@@ -121,14 +126,30 @@
The ports tree now supports building programs under
systrace(1),
- preventing the possibility of applications harming the system at compile-time
- via trojaned configuration scripts or otherwise.
+ preventing the possibility of applications harming the system at
+ compile-time via trojaned configuration scripts or otherwise.
More licenses fixes, including the removal of the advertising clause
-for large parts of the source tree.
+ for large parts of the source tree.
+
Replacement of GNU diff, grep, and gzip with BSD licensed equivalents.
+
+
+
Addition of read-only support for NTFS file systems.
+
+
+
Reliability improvements to layered file systems, enabling NULLFS to
+ work again.
+
+
+
Improvements to the linux emulator enabling more applications to run.
+
+
+
Restructuring of Kerberos libraries for easier management.
+
+
Over 2400 tested packages.
@@ -457,7 +478,7 @@
alt="OpenBSD">
www@openbsd.org
-$OpenBSD: 34.html,v 1.5 2003/09/04 05:04:08 avsm Exp $
+$OpenBSD: 34.html,v 1.6 2003/09/04 06:29:45 tedu Exp $