www/59.html - diff

Return to 59.html CVS log

Up to [local] / www

Diff for /www/59.html between version 1.58 and 1.59

-version 1.58, 2016/03/06 08:43:00
+version 1.59, 2016/03/06 10:50:10
 Line 149
 Line 149
 Line 149
  <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pledge">pledge(2)</a>
      support integrated:
      <ul>
-     <li>tame(2) system call renamed to pledge(2).
+     <li>The tame(2) system call was renamed to pledge(2).
-     <li>Many behaviours/semantics extended and refined.
+         Behavior and semantics were extended and refined.
-     <li>453 out of 707 base system binaries adapted to use pledge.
+     <li>453 out of 707 base system binaries were adapted to use pledge.
-     <li>14 ports adapted to use pledge (some decompression tools, mutt,
+     <li>14 ports now use pledge(2): some decompression tools, mutt,
-         some pdf tools, chromium/iridium, and the i3 window manager).
+         some pdf tools, chromium/iridium, and the i3 window manager.
-     <li>Several bugs exposed by pledge(2) have been corrected, for example in
+     <li>Various bugs exposed by pledge(2) were corrected.
+         For example in
          <a href="http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/bgpd/bgpd.c?rev=1.181&amp;content-type=text/x-cvsweb-markup">
              bgpd(8)</a>,
          <a href="http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin/iked/config.c?rev=1.40&amp;content-type=text/x-cvsweb-markup">
-Line 165
+Line 166
 Line 165
 Line 166
              ntpd(8)</a>,
          and <a href="http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/syslogd/syslogd.c?rev=1.200&amp;content-type=text/x-cvsweb-markup">
              syslogd(8)</a>.
-     <li>Several misguided "features" have been removed, such as
+     <li>Several misfeatures were removed, such as:
-         <a href="http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libc/asr/asr.c?rev=1.50&amp;content-type=text/x-cvsweb-markup">
+         <ul>
-             support for HOSTALIASES from the resolver</a>,
+             <li><a href="http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libc/asr/asr.c?rev=1.50&amp;content-type=text/x-cvsweb-markup">
-         <a href="http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libc/asr/asr.c?rev=1.49&amp;content-type=text/x-cvsweb-markup">
+                     support for HOSTALIASES</a>
-             support for "lookup yp" in /etc/resolv.conf</a>,
+                 in the
-         <a href="http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/gnu/usr.bin/binutils-2.17/binutils/rename.c?rev=1.2&amp;content-type=text/x-cvsweb-markup">
+                 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=asr_run">
-             setuid-preserving code in binutils tools</a> or
+                     resolver</a>.
-         <a href="http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/patch/ed.c?rev=1.1&amp;content-type=text/x-cvsweb-markup">
+             <li><a href="http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libc/asr/asr.c?rev=1.49&amp;content-type=text/x-cvsweb-markup">
-             ed-style diffs via proc/exec in patch(1)</a>.
+                     support for <tt>lookup yp</tt></a>
-     <li>A somewhat intensive audit of userland program so that they could be
+                 in
-         properly annotated with pledge(2) was done, resulting in some design
+                 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=resolv.conf">
-         changes such as in
+                     resolv.conf(5)</a>.
+             <li><a href="http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/gnu/usr.bin/binutils-2.17/binutils/rename.c?rev=1.2&amp;content-type=text/x-cvsweb-markup">
+                     setuid-preserving code</a>
+                 in tools from binutils.
+             <li>handling of
+                 <a href="http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/patch/ed.c?rev=1.1&amp;content-type=text/x-cvsweb-markup">
+                     ed-style diffs</a> via proc/exec in
+                 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=patch">patch(1)</a>.
+         </ul>
+     <li>Userland programs were audited so that they could be properly annotated
+         with pledge(2).
+         This resulted in design changes such as in
          <a href="http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/rdate/rdate.c?rev=1.33&amp;content-type=text/x-cvsweb-markup">
              rdate(1)</a>,
          <a href="http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/sndiod/sndiod.c?rev=1.18&amp;content-type=text/x-cvsweb-markup">
              sndiod(8)</a>
-         or the introduction of <tt>SOCK_DNS</tt>
+         or the introduction of the <tt>SOCK_DNS</tt>
          <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=socket">
              socket(2)</a>
          flag that makes an <tt>SS_DNS</tt> tagged socket conceptually different
          from a plain socket.
-     <li>It also has been used to constrain programs to a more limited POSIX
+     <li>pledge(2) is also used to constrain programs that handle untrusted data
-         subset, such as some
+         to a very limited subset of POSIX.
+         For example,
+         <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strings">strings(1)</a>
+         or
+         <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=objdump">objdump(1)</a>
+         from the
          <a href="http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/gnu/usr.bin/binutils-2.17/binutils/objdump.c?rev=1.2&amp;content-type=text/x-cvsweb-markup">
              binutils</a>
-         tools that handle untrusted data
-         (<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=strings">strings(1)</a>,
-         <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=objdump">objdump(1)</a>, ...),
          or the RSA-privsep process in
          <a href="http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/ca.c?rev=1.15&amp;content-type=text/x-cvsweb-markup">
              smtpd(1)</a>.