version 1.26, 2003/09/06 01:53:53 |
version 1.27, 2003/09/06 04:05:09 |
|
|
|
|
<ul> |
<ul> |
|
|
<li>The i386 architecture has been switched to the ELF executable format. |
<li>The i386 architecture has been switched to the |
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=elf">ELF</a> |
|
executable format. |
<p> |
<p> |
|
|
<li>Further W^X improvements, including support for the i386 architecture. |
<li>Further W^X improvements, including support for the i386 architecture. |
|
|
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so">ld.so(1)</a> |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so">ld.so(1)</a> |
on ELF platforms now loads libraries in a random order for |
on ELF platforms now loads libraries in a random order for |
greater resistance to attacks. The i386 architecture also maps libraries |
greater resistance to attacks. The i386 architecture also maps libraries |
somewhat randomized addresses. Together with W^X and ProPolice, these |
somewhat randomized addresses. Together with W^X and |
changes increase the difficulty of successfully exploiting an application |
<a href="http://www.research.ibm.com/trl/projects/security/ssp/">ProPolice</a>, |
|
these changes increase the difficulty of successfully exploiting an application |
error, such as a buffer overflow. |
error, such as a buffer overflow. |
<p> |
<p> |
|
|
|
|
enabling more applications to run. |
enabling more applications to run. |
<p> |
<p> |
|
|
<li>Significant improvements to the pthread library. |
<li>Significant improvements to the |
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pthreads">pthreads(3)</a> |
|
library. |
<p> |
<p> |
|
|
<li>Replace many static fd_set uses, to instead use |
<li>Replace many static fd_set uses, to instead use |