===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/64.html,v
retrieving revision 1.32
retrieving revision 1.33
diff -c -r1.32 -r1.33
*** www/64.html 2018/10/03 12:08:00 1.32
--- www/64.html 2018/10/03 12:10:06 1.33
***************
*** 158,163 ****
--- 158,182 ----
+
Security improvements:
+
+ - New unveil(2)
+ system call to restrict file system access of the calling
+ process to the specified files and directories. It is most
+ powerful when properly combined with privilege separation
+ and pledge(2).
+
- New "retguard" security mechanism on amd64 and arm64:
+ use per-function random cookies to protect access to function
+ return instructions, making them harder to use in ROP gadgets.
+
- Simultaneous multithreading (SMT) is now disabled by default
+ and can be enabled with the new
hw.smt
+ sysctl(2) variable.
+ - Audio recording is now disabled by default and can be enabled
+ with the new
kern.audio.record
+ sysctl(2) variable.
+
+
+
Routing daemons and other userland network improvements:
- ospf6d(8) can now
***************
*** 186,210 ****
- route(8) now errors out
on bad -netmask/-prefixlen usage instead of configuring
ambigious routes.
-
-
-
-
Security improvements:
-
- - New unveil(2)
- system call to restrict file system access of the calling
- process to the specified files and directories. It is most
- powerful when properly combined with privilege separation
- and pledge(2).
-
- New "retguard" security mechanism on amd64 and arm64:
- use per-function random cookies to protect access to function
- return instructions, making them harder to use in ROP gadgets.
-
- Simultaneous multithreading (SMT) is now disabled by default
- and can be enabled with the new
hw.smt
- sysctl(2) variable.
- - Audio recording is now disabled by default and can be enabled
- with the new
kern.audio.record
- sysctl(2) variable.
--- 205,210 ----