===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/60.html,v
retrieving revision 1.18
retrieving revision 1.19
diff -c -r1.18 -r1.19
*** www/60.html 2016/07/22 20:24:02 1.18
--- www/60.html 2016/07/22 20:30:32 1.19
***************
*** 68,75 ****
--- 68,77 ----
...
+
Improved hardware support, including:
+ - The iwm driver supports more models, notably the 3165 and 8260.
- ...
***************
*** 126,132 ****
sigreturn(2)
can now only be used by the kernel-provided signal trampoline,
with a cookie to detect attempts to reuse it.
! In rc(8),
re-link libc.so on startup, placing the objects in a random order.
In the getpwnam(3)
family of functions, stop opening the shadow database by default.
--- 128,134 ----
sigreturn(2)
can now only be used by the kernel-provided signal trampoline,
with a cookie to detect attempts to reuse it.
! To deter ROP exploits, in rc(8),
re-link libc.so on startup, placing the objects in a random order.
In the getpwnam(3)
family of functions, stop opening the shadow database by default.
***************
*** 136,144 ****
systrace.
Remove Linux emulation support.
Remove support for the usermount option.
! The TCP SYN cache does reseed its random hash function from
time to time.
! This prevents that an attacker can figure out the distribution
of the hash function with a timing attack.
To work against SYN flooding attacks the administrator can
change the size of the hash array now.
--- 138,146 ----
systrace.
Remove Linux emulation support.
Remove support for the usermount option.
! The TCP SYN cache reseeds its random hash function from
time to time.
! This prevents an attacker from calculating the distribution
of the hash function with a timing attack.
To work against SYN flooding attacks the administrator can
change the size of the hash array now.