| version 1.5, 2003/09/04 05:04:08 |
version 1.6, 2003/09/04 06:29:45 |
|
|
| <li>The i386 architecture has been switched to the ELF executable format. |
<li>The i386 architecture has been switched to the ELF executable format. |
| <p> |
<p> |
| |
|
| <li>Further W^X improvements, including support for the i386 and powerpc |
<li>Further W^X improvements, including support for the i386 architecture. |
| architectures. |
Native i386 binaries have their executable segments rearranged to support |
| |
isolating code from data. |
| <p> |
<p> |
| |
|
| <li>ELF platforms now have random library ordering for greater resistance to |
<li>ld.so on ELF platforms now loads libraries in a random order for |
| attacks. |
greater resistance to attacks. The i386 architecture also has libraries |
| |
mapped at random addresses. Along with W^X, these changes increase the |
| |
difficulty of successfully exploiting an application error, such as a |
| |
buffer overflow. |
| <p> |
<p> |
| |
|
| <li>A static bounds checker has been added to the compiler to perform basic |
<li>A static bounds checker has been added to the compiler to perform basic |
|
|
| to the original authors where possible. |
to the original authors where possible. |
| <p> |
<p> |
| |
|
| <li>Privilege separation has been implemented for the syslog daemon, making it much |
<li>Privilege separation has been implemented for the syslog daemon, making |
| more robust against future errors. The child which listens to network traffic |
it much more robust against future errors. The child which listens to |
| now runs as a normal user and chroots itself, while the parent process tracks |
network traffic now runs as a normal user and chroots itself, while the |
| the state of the child and performs privileged operations on its behalf. |
parent process tracks the state of the child and performs privileged |
| |
operations on its behalf. |
| <p> |
<p> |
| |
|
| <li>Many unsafe string functions have been removed from the kernel and userland |
<li>Many unsafe string functions have been removed from the kernel and userland |
| utilities. This audit is one of the most comprehensive OpenBSD has ever done, |
utilities. This audit is one of the most comprehensive OpenBSD has ever |
| with thousands of occurrences of |
done, with thousands of occurrences of |
| <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strcpy">strcpy(3)</a> and |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strcpy">strcpy(3)</a> and |
| <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strcat">strcat(3)</a> |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strcat">strcat(3)</a> |
| being replaced with safer, bounded alternatives such as |
being replaced with safer, bounded alternatives such as |
|
|
| |
|
| <li>The ports tree now supports building programs under |
<li>The ports tree now supports building programs under |
| <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace">systrace(1)</a>, |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace">systrace(1)</a>, |
| preventing the possibility of applications harming the system at compile-time |
preventing the possibility of applications harming the system at |
| via trojaned configuration scripts or otherwise. |
compile-time via trojaned configuration scripts or otherwise. |
| <p> |
<p> |
| |
|
| <li>More licenses fixes, including the removal of the advertising clause |
<li>More licenses fixes, including the removal of the advertising clause |
| for large parts of the source tree. |
for large parts of the source tree. |
| |
<p> |
| |
|
| |
<li>Replacement of GNU diff, grep, and gzip with BSD licensed equivalents. |
| |
<p> |
| |
|
| |
<li>Addition of read-only support for NTFS file systems. |
| |
<p> |
| |
|
| |
<li>Reliability improvements to layered file systems, enabling NULLFS to |
| |
work again. |
| |
<p> |
| |
|
| |
<li>Improvements to the linux emulator enabling more applications to run. |
| |
<p> |
| |
|
| |
<li>Restructuring of Kerberos libraries for easier management. |
| <p> |
<p> |
| |
|
| <li>Over 2400 tested packages. |
<li>Over 2400 tested packages. |
![[BACK]](/icons/back.gif){kind=icon}
Return to 34.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www