![[BACK]](/icons/back.gif){kind=icon}
Return to 64.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www|
Return to 64.html CVS log | Up to [local] / www |
| version 1.32, 2018/10/03 12:08:00 | version 1.33, 2018/10/03 12:10:06 | ||
|---|---|---|---|
|
|
||
| </ul> | </ul> | ||
| <p> | <p> | ||
| <li>Security improvements: | |||
| <ul> | |||
| <li>New <a href="https://man.openbsd.org/unveil.2">unveil(2)</a> | |||
| system call to restrict file system access of the calling | |||
| process to the specified files and directories. It is most | |||
| powerful when properly combined with privilege separation | |||
| and <a href="https://man.openbsd.org/pledge.2">pledge(2)</a>. | |||
| <li>New "retguard" security mechanism on amd64 and arm64: | |||
| use per-function random cookies to protect access to function | |||
| return instructions, making them harder to use in ROP gadgets. | |||
| <li>Simultaneous multithreading (SMT) is now disabled by default | |||
| and can be enabled with the new <code>hw.smt</code> | |||
| <a href="https://man.openbsd.org/sysctl.2">sysctl(2)</a> variable. | |||
| <li>Audio recording is now disabled by default and can be enabled | |||
| with the new <code>kern.audio.record</code> | |||
| <a href="https://man.openbsd.org/sysctl.2">sysctl(2)</a> variable. | |||
| </ul> | |||
| <p> | |||
| <li>Routing daemons and other userland network improvements: | <li>Routing daemons and other userland network improvements: | ||
| <ul> | <ul> | ||
| <li><a href="https://man.openbsd.org/ospf6d.8">ospf6d(8)</a> can now | <li><a href="https://man.openbsd.org/ospf6d.8">ospf6d(8)</a> can now | ||
|
|
||
| <li><a href="https://man.openbsd.org/route.8">route(8)</a> now errors out | <li><a href="https://man.openbsd.org/route.8">route(8)</a> now errors out | ||
| on bad <tt>-netmask/-prefixlen</tt> usage instead of configuring | on bad <tt>-netmask/-prefixlen</tt> usage instead of configuring | ||
| ambigious routes. | ambigious routes. | ||
| </ul> | |||
| <p> | |||
| <li>Security improvements: | |||
| <ul> | |||
| <li>New <a href="https://man.openbsd.org/unveil.2">unveil(2)</a> | |||
| system call to restrict file system access of the calling | |||
| process to the specified files and directories. It is most | |||
| powerful when properly combined with privilege separation | |||
| and <a href="https://man.openbsd.org/pledge.2">pledge(2)</a>. | |||
| <li>New "retguard" security mechanism on amd64 and arm64: | |||
| use per-function random cookies to protect access to function | |||
| return instructions, making them harder to use in ROP gadgets. | |||
| <li>Simultaneous multithreading (SMT) is now disabled by default | |||
| and can be enabled with the new <code>hw.smt</code> | |||
| <a href="https://man.openbsd.org/sysctl.2">sysctl(2)</a> variable. | |||
| <li>Audio recording is now disabled by default and can be enabled | |||
| with the new <code>kern.audio.record</code> | |||
| <a href="https://man.openbsd.org/sysctl.2">sysctl(2)</a> variable. | |||
| </ul> | </ul> | ||
| <p> | <p> | ||