Return to 60.html CVS log | Up to [local] / www |
version 1.2, 2016/07/03 20:20:13 | version 1.3, 2016/07/21 09:57:48 | ||
---|---|---|---|
|
|
||
<li>Security improvements: | <li>Security improvements: | ||
<ul> | <ul> | ||
<li><tt>W^X</tt> is now strictly enforced by default; | |||
a program can only violate it if the executable is marked with | |||
<tt>PT_OPENBSD_WXNEEDED</tt> and its is located on a filesystem | |||
mounted with the <tt>wxallowed</tt> <a href="http://man.openbsd.org/?query=mount&sec=8">mount(8)</a> option. | |||
<li>The <a href="http://man.openbsd.org/?query=setjmp&sec=3">setjmp(3)</a> | |||
family of functions now apply XOR cookies to stack and return-address | |||
values in the jmpbuf on amd64, hppa, i386, mips64, and powerpc. | |||
<li><a href="http://man.openbsd.org/?query=sigreturn&sec=2">sigreturn(2)</a> | |||
can now only be used by the kernel-provided signal trampoline, | |||
with a cookie to detect attempts to reuse it. | |||
<li>... | <li>... | ||
</ul> | </ul> | ||
<p> | <p> | ||
<li>Assorted improvements: | <li>Assorted improvements: | ||
<ul> | <ul> | ||
<li>The thread library can now be loaded into a single-threaded process. | |||
<li>Improved symbol handling and standards compliance in libc. | |||
For example, defining an <tt>open()</tt> function will no longer | |||
interfere with the operation of | |||
<a href="http://man.openbsd.org/?query=fopen&sec=3">fopen(3)</a>. | |||
<li><tt>PT_TLS</tt> sections are now supported in initially loaded object. | |||
<li>Improved handling of "no paths" and "empty path" in | |||
<a href="http://man.openbsd.org/?query=fts&sec=3">fts(3)</a>. | |||
<li><a href="http://man.openbsd.org/?query=kdump&sec=1">kdump(1)</a> | |||
now dumps pollfd structures. | |||
<li>... | <li>... | ||
</ul> | </ul> | ||
<p> | <p> |