Return to 66.html CVS log | Up to [local] / www |
version 1.27, 2019/09/30 12:53:10 | version 1.28, 2019/09/30 12:58:14 | ||
---|---|---|---|
|
|
||
<li>Security improvements: | <li>Security improvements: | ||
<ul> | <ul> | ||
<li><a href="https://man.openbsd.org/unveil.2">unveil(2)</a> is | <li><a href="https://man.openbsd.org/unveil.2">unveil(2)</a> is | ||
now used in 77 userland programs to restrict filesystem | now used in 77 userland programs to redact filesystem access. | ||
access. | |||
<li>Various changes | <li>Various changes | ||
in <a href="https://man.openbsd.org/unveil.2">unveil(2)</a> | in <a href="https://man.openbsd.org/unveil.2">unveil(2)</a> | ||
to improve application behavior when encountering hidden | to improve application behavior when encountering hidden | ||
filesystem paths. | filesystem paths. | ||
<li><a href="https://man.openbsd.org/ps.1">ps(1)</a> can now show | <li><a href="https://man.openbsd.org/ps.1">ps(1)</a> can show which | ||
which processes have called unveil(2) to run with a restricted | processes have called <a href="https://man.openbsd.org/unveil.2">unveil(2)</a> | ||
filesystem view. | with the <b>u</b> and <b>U</b> flags in STATE field. | ||
<li><a href="https://man.openbsd.org/ps.1">ps(1)</a> can show the list | |||
of <a href="https://man.openbsd.org/pledge.2">pledge(2)</a> options | |||
processes use with the <b>-o pledge</b> option. | |||
<li>Further and improved mitigations against Spectre side-channel | <li>Further and improved mitigations against Spectre side-channel | ||
vulnerability in Intel CPUs built since 2012. | vulnerability in Intel CPUs built since 2012. | ||
<li>Mitigations for Intel's Microarchitectural Data Sampling | <li>Mitigations for Intel's Microarchitectural Data Sampling | ||
|
|
||
<li>Rewrote <a href="https://man.openbsd.org/doas.1">doas(1)</a> | <li>Rewrote <a href="https://man.openbsd.org/doas.1">doas(1)</a> | ||
environment inheritance not to inherit, and instead reset to the | environment inheritance not to inherit, and instead reset to the | ||
target user's values by default. | target user's values by default. | ||
<li>Make | <li>Prepare | ||
the <a href="https://www.openbsd.org/amd64.htmp">amd64</a> BIOS | the <a href="https://www.openbsd.org/amd64.htmp">amd64</a> BIOS | ||
bootloader load a kernel at a random virtual address. | bootloader for loading the kernel at a random virtual address (future work). | ||
<li>Introduced | <li>Introduced | ||
<a href="https://man.openbsd.org/malloc_conceal.3">malloc_conceal(3)</a> | <a href="https://man.openbsd.org/malloc_conceal.3">malloc_conceal(3)</a> | ||
and <a href="https://man.openbsd.org/calloc_conceal.3">calloc_conceal(3)</a>, | and <a href="https://man.openbsd.org/calloc_conceal.3">calloc_conceal(3)</a>, |