Return to 64.html CVS log | Up to [local] / www |
version 1.32, 2018/10/03 12:08:00 | version 1.33, 2018/10/03 12:10:06 | ||
---|---|---|---|
|
|
||
</ul> | </ul> | ||
<p> | <p> | ||
<li>Security improvements: | |||
<ul> | |||
<li>New <a href="https://man.openbsd.org/unveil.2">unveil(2)</a> | |||
system call to restrict file system access of the calling | |||
process to the specified files and directories. It is most | |||
powerful when properly combined with privilege separation | |||
and <a href="https://man.openbsd.org/pledge.2">pledge(2)</a>. | |||
<li>New "retguard" security mechanism on amd64 and arm64: | |||
use per-function random cookies to protect access to function | |||
return instructions, making them harder to use in ROP gadgets. | |||
<li>Simultaneous multithreading (SMT) is now disabled by default | |||
and can be enabled with the new <code>hw.smt</code> | |||
<a href="https://man.openbsd.org/sysctl.2">sysctl(2)</a> variable. | |||
<li>Audio recording is now disabled by default and can be enabled | |||
with the new <code>kern.audio.record</code> | |||
<a href="https://man.openbsd.org/sysctl.2">sysctl(2)</a> variable. | |||
</ul> | |||
<p> | |||
<li>Routing daemons and other userland network improvements: | <li>Routing daemons and other userland network improvements: | ||
<ul> | <ul> | ||
<li><a href="https://man.openbsd.org/ospf6d.8">ospf6d(8)</a> can now | <li><a href="https://man.openbsd.org/ospf6d.8">ospf6d(8)</a> can now | ||
|
|
||
<li><a href="https://man.openbsd.org/route.8">route(8)</a> now errors out | <li><a href="https://man.openbsd.org/route.8">route(8)</a> now errors out | ||
on bad <tt>-netmask/-prefixlen</tt> usage instead of configuring | on bad <tt>-netmask/-prefixlen</tt> usage instead of configuring | ||
ambigious routes. | ambigious routes. | ||
</ul> | |||
<p> | |||
<li>Security improvements: | |||
<ul> | |||
<li>New <a href="https://man.openbsd.org/unveil.2">unveil(2)</a> | |||
system call to restrict file system access of the calling | |||
process to the specified files and directories. It is most | |||
powerful when properly combined with privilege separation | |||
and <a href="https://man.openbsd.org/pledge.2">pledge(2)</a>. | |||
<li>New "retguard" security mechanism on amd64 and arm64: | |||
use per-function random cookies to protect access to function | |||
return instructions, making them harder to use in ROP gadgets. | |||
<li>Simultaneous multithreading (SMT) is now disabled by default | |||
and can be enabled with the new <code>hw.smt</code> | |||
<a href="https://man.openbsd.org/sysctl.2">sysctl(2)</a> variable. | |||
<li>Audio recording is now disabled by default and can be enabled | |||
with the new <code>kern.audio.record</code> | |||
<a href="https://man.openbsd.org/sysctl.2">sysctl(2)</a> variable. | |||
</ul> | </ul> | ||
<p> | <p> | ||