===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/66.html,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -r1.27 -r1.28
--- www/66.html 2019/09/30 12:53:10 1.27
+++ www/66.html 2019/09/30 12:58:14 1.28
@@ -382,15 +382,17 @@
Security improvements:
- unveil(2) is
- now used in 77 userland programs to restrict filesystem
- access.
+ now used in 77 userland programs to redact filesystem access.
- Various changes
in unveil(2)
to improve application behavior when encountering hidden
filesystem paths.
-
- ps(1) can now show
- which processes have called unveil(2) to run with a restricted
- filesystem view.
+
- ps(1) can show which
+ processes have called unveil(2)
+ with the u and U flags in STATE field.
+
- ps(1) can show the list
+ of pledge(2) options
+ processes use with the -o pledge option.
- Further and improved mitigations against Spectre side-channel
vulnerability in Intel CPUs built since 2012.
- Mitigations for Intel's Microarchitectural Data Sampling
@@ -403,9 +405,9 @@
- Rewrote doas(1)
environment inheritance not to inherit, and instead reset to the
target user's values by default.
-
- Make
+
- Prepare
the amd64 BIOS
- bootloader load a kernel at a random virtual address.
+ bootloader for loading the kernel at a random virtual address (future work).
- Introduced
malloc_conceal(3)
and calloc_conceal(3),