![[BACK]](/icons/back.gif){kind=icon}
Return to 66.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www|
Return to 66.html CVS log | Up to [local] / www |
| version 1.27, 2019/09/30 12:53:10 | version 1.28, 2019/09/30 12:58:14 | ||
|---|---|---|---|
|
|
||
| <li>Security improvements: | <li>Security improvements: | ||
| <ul> | <ul> | ||
| <li><a href="https://man.openbsd.org/unveil.2">unveil(2)</a> is | <li><a href="https://man.openbsd.org/unveil.2">unveil(2)</a> is | ||
| now used in 77 userland programs to restrict filesystem | now used in 77 userland programs to redact filesystem access. | ||
| access. | |||
| <li>Various changes | <li>Various changes | ||
| in <a href="https://man.openbsd.org/unveil.2">unveil(2)</a> | in <a href="https://man.openbsd.org/unveil.2">unveil(2)</a> | ||
| to improve application behavior when encountering hidden | to improve application behavior when encountering hidden | ||
| filesystem paths. | filesystem paths. | ||
| <li><a href="https://man.openbsd.org/ps.1">ps(1)</a> can now show | <li><a href="https://man.openbsd.org/ps.1">ps(1)</a> can show which | ||
| which processes have called unveil(2) to run with a restricted | processes have called <a href="https://man.openbsd.org/unveil.2">unveil(2)</a> | ||
| filesystem view. | with the <b>u</b> and <b>U</b> flags in STATE field. | ||
| <li><a href="https://man.openbsd.org/ps.1">ps(1)</a> can show the list | |||
| of <a href="https://man.openbsd.org/pledge.2">pledge(2)</a> options | |||
| processes use with the <b>-o pledge</b> option. | |||
| <li>Further and improved mitigations against Spectre side-channel | <li>Further and improved mitigations against Spectre side-channel | ||
| vulnerability in Intel CPUs built since 2012. | vulnerability in Intel CPUs built since 2012. | ||
| <li>Mitigations for Intel's Microarchitectural Data Sampling | <li>Mitigations for Intel's Microarchitectural Data Sampling | ||
|
|
||
| <li>Rewrote <a href="https://man.openbsd.org/doas.1">doas(1)</a> | <li>Rewrote <a href="https://man.openbsd.org/doas.1">doas(1)</a> | ||
| environment inheritance not to inherit, and instead reset to the | environment inheritance not to inherit, and instead reset to the | ||
| target user's values by default. | target user's values by default. | ||
| <li>Make | <li>Prepare | ||
| the <a href="https://www.openbsd.org/amd64.htmp">amd64</a> BIOS | the <a href="https://www.openbsd.org/amd64.htmp">amd64</a> BIOS | ||
| bootloader load a kernel at a random virtual address. | bootloader for loading the kernel at a random virtual address (future work). | ||
| <li>Introduced | <li>Introduced | ||
| <a href="https://man.openbsd.org/malloc_conceal.3">malloc_conceal(3)</a> | <a href="https://man.openbsd.org/malloc_conceal.3">malloc_conceal(3)</a> | ||
| and <a href="https://man.openbsd.org/calloc_conceal.3">calloc_conceal(3)</a>, | and <a href="https://man.openbsd.org/calloc_conceal.3">calloc_conceal(3)</a>, |