===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/34.html,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -r1.19 -r1.20
--- www/34.html 2003/09/05 00:30:26 1.19
+++ www/34.html 2003/09/05 02:40:05 1.20
@@ -83,7 +83,8 @@
effort limit on code execution.
-
ld.so on ELF platforms now loads libraries in a random order for
+ld.so(1)
+ on ELF platforms now loads libraries in a random order for
greater resistance to attacks. The i386 architecture also maps libraries
somewhat randomized addresses. Together with W^X and ProPolice, these
changes increase the difficulty of successfully exploiting an application
@@ -100,7 +101,9 @@
to the original authors where possible.
-
Privilege separation has been implemented for the syslog daemon, making
+Privilege separation has been implemented for the
+ syslogd(8)
+ daemon, making
it much more robust against future errors. The child which listens to
network traffic now runs as a normal user and chroots itself, while the
parent process tracks the state of the child and performs privileged
@@ -135,7 +138,8 @@
bugs in the X server.
-
Emulation support for binary compatibility is now controlled via sysctl.
+Emulation support for binary compatibility is now controlled via
+ sysctl(1)
Emulation is now disabled by default to limit exposure to malicious
binaries, and can be enabled in
@@ -155,16 +159,37 @@
for large parts of the source tree.
-
Replacement of GNU diff/diff3, grep/egrep/fgrep/zgrep/zegrep/zfgrep,
-and gzip/zcat/gunzip/gzcat/zcmp/zmore/zdiff/zforce/gzexe/znew
-with BSD licensed equivalents.
+Replacement of GNU
+diff,
+diff3,
+grep,
+egrep,
+fgrep,
+zgrep,
+zegrep,
+zfgrep,
+gzip,
+zcat,
+gunzip,
+gzcat,
+zcmp,
+zmore,
+zdiff,
+zforce,
+gzexe,
+and
+znew
+commands with BSD licensed equivalents.
-
Addition of read-only support for NTFS file systems.
+Addition of read-only support for
+ NTFS
+ file systems.
-
Reliability improvements to layered file systems, enabling NULLFS to
- work again.
+Reliability improvements to layered file systems, enabling
+ NULLFS
+ to work again.
Improvements to the Linux emulator enabling more applications to run.
@@ -173,7 +198,9 @@
Significant improvements to the pthread library.
-
Replace many static fd_set uses to poll() or dynamic allocation.
+Replace many static fd_set uses, to instead use
+ poll(2)
+or dynamic allocation.
Legacy KerberosIV support has been removed, and the remaining KerberosV
@@ -184,9 +211,10 @@
A large number of bug fixes, changes, and optimizations to our packet filter
+ pf(4)
including:
-- packet tagging (e.g. filter on tags added by bridge based on MAC address)
+
- packet tagging (e.g. filter on tags added by bridge based on MAC address)
- stateful TCP normalization (prevent uptime calculation and NAT detection)
- passive OS detection (filter or redirect connections based on source OS)
- SYN proxy (protect servers against SYN flood attacks)
@@ -542,7 +570,7 @@
alt="OpenBSD">
www@openbsd.org
-$OpenBSD: 34.html,v 1.19 2003/09/05 00:30:26 tedu Exp $
+$OpenBSD: 34.html,v 1.20 2003/09/05 02:40:05 deraadt Exp $