===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/34.html,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- www/34.html 2003/09/04 18:23:19 1.13
+++ www/34.html 2003/09/04 19:15:21 1.14
@@ -79,14 +79,15 @@
Further W^X improvements, including support for the i386 architecture.
Native i386 binaries have their executable segments rearranged to support
- isolating code from data.
+ isolating code from data, and the cpu CS limit is used to impose a best
+ effort limit on code execution.
ld.so on ELF platforms now loads libraries in a random order for
- greater resistance to attacks. The i386 architecture also has libraries
- mapped at random addresses. Along with W^X, these changes increase the
- difficulty of successfully exploiting an application error, such as a
- buffer overflow.
+ greater resistance to attacks. The i386 architecture also maps libraries
+ somewhat randomized addresses. Together with W^X and ProPolice, these
+ changes increase the difficulty of successfully exploiting an application
+ error, such as a buffer overflow.
A static bounds checker has been added to the compiler to perform basic
@@ -487,7 +488,7 @@
alt="OpenBSD">
www@openbsd.org
-$OpenBSD: 34.html,v 1.13 2003/09/04 18:23:19 david Exp $
+$OpenBSD: 34.html,v 1.14 2003/09/04 19:15:21 deraadt Exp $