=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata.html,v retrieving revision 1.543 retrieving revision 1.544 diff -c -r1.543 -r1.544 *** www/errata.html 2006/01/05 05:34:07 1.543 --- www/errata.html 2006/01/13 23:13:00 1.544 *************** *** 74,79 **** --- 74,105 ----

+ 004: RELIABILITY FIX: January 13, 2006 i386 architecture
+ Constrain + i386_set_ioperm(2) + so even root is blocked from accessing the ioports + unless the machine is running at lower securelevels or with an open X11 aperture. +
+ + A source code patch exists which remedies this problem.
+
+ +
+ 003: RELIABILITY FIX: January 13, 2006 i386 architecture
+ Change the implimentation of i386 W^X so that the "execute line" can move around. + Before it was limited to being either at 512MB (below which all code normally + lands) or at the top of the stack. Now the line can float as + mprotect(2) + and + mmap(2) + requests need it to. This is now implimented using only GDT selectors + instead of the LDT so that it is more robust as well. +
+ + A source code patch exists which remedies this problem.
+
+
002: SECURITY FIX: January 5, 2006 All architectures
Do not allow users to trick suid programs into re-opening files via /dev/fd. *************** *** 121,127 ****
www@openbsd.org !
$OpenBSD: errata.html,v 1.543 2006/01/05 05:34:07 brad Exp $ --- 147,153 ----
www@openbsd.org !
$OpenBSD: errata.html,v 1.544 2006/01/13 23:13:00 brad Exp $