===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata.html,v
retrieving revision 1.71
retrieving revision 1.72
diff -c -r1.71 -r1.72
*** www/errata.html 1998/02/16 00:59:46 1.71
--- www/errata.html 1998/02/19 10:42:30 1.72
***************
*** 21,36 ****
All architectures
! - Building an object tree from a read-only source tree (such as off a CDROM)
! may fail under certain circumstances (e.g. when creating a symlink on sparc
! whose target name is exactly 33 characters). As a workaround you have to
! either provide the source tree read/write, or install a newer version of
! /usr/bin/readlink. You wish to use
!
! revision 1.13 of usr.bin/readlink/readlink.c.
!
- IMPORTANT
A combination localhost+remote host security problem exists if a
local user running a setuid binary causes a non-existant root .rhosts
file to be created via a symbolic link with a specific kind of corefile,
--- 21,39 ----
All architectures
!
! - SECURITY FIX
! If the sysctl variable net.inet.ip.forwarding is
! enabled (value 1), but the variable net.inet.ip.sourceroute
! is disabled (value 0), the kernel will still accept source routing packets
! itself. Our fix changes the net.inet.ip.sourceroute
! variable to mean that all block all source routed packets should be
! blocked completely.
!
! A kernel patch is provided.
!
- SECURITY FIX
A combination localhost+remote host security problem exists if a
local user running a setuid binary causes a non-existant root .rhosts
file to be created via a symbolic link with a specific kind of corefile,
***************
*** 43,56 ****
This problem is fixed much better in OpenBSD-current, where the kernel's
--- 46,59 ----
This problem is fixed much better in OpenBSD-current, where the kernel's
***************
*** 58,68 ****
create a file on the other side of a symbolic link. Such a patch is not
possible for the 4.4lite1 VFS layer in the OpenBSD 2.2 kernel.
i386
! - The Intel P5 F00F bug was discovered after the CDR's had already been
sent to the manufacturer. This problem permits any user who has an account
to lock your machine up using a 4-line program. The problem only affects
Intel P5 processors (the i386, i486, P-Pro, and P-II are not vulnerable,
--- 61,92 ----
create a file on the other side of a symbolic link. Such a patch is not
possible for the 4.4lite1 VFS layer in the OpenBSD 2.2 kernel.
+
+
- SECURITY FIX
+ If you rely on the system securelevels as described in init(8), you
+ will want this fix. A bug in the vm system permits a file descriptor
+ opened read-only on a device, to later on be mmap(2)'d read-write, and
+ then modified. This does not result in a security hole by itself, but
+ it does violate the safety semantics which securelevels are supposed to
+ provide.
+
+ A kernel patch is available which corrects this behaviour.
+
+
- BUILD PROCESS FIX
+ Building an object tree from a read-only source tree (such as off a CDROM)
+ may fail under certain circumstances (e.g. when creating a symlink on sparc
+ whose target name is exactly 33 characters). As a workaround you have to
+ either provide the source tree read/write, or install a newer version of
+ /usr/bin/readlink.
+
+ A replacement source file exists.
+
i386
! - RELIABILITY FIX
! The Intel P5 F00F bug was discovered after the CDR's had already been
sent to the manufacturer. This problem permits any user who has an account
to lock your machine up using a 4-line program. The problem only affects
Intel P5 processors (the i386, i486, P-Pro, and P-II are not vulnerable,
***************
*** 70,86 ****
A kernel source-code patch is available.
!
- Some Linux binaries will execute in SVR4 emulation mode, which is
definately a problem for people who need Linux emulation to work correctly.
To solve this mis-identification problem,
! a patch file is provided.
!
- APM can crash on machines without it.
A kernel source-code patch is available.
!
- A few people are running into this problem, particularily if they had some
other *BSD operating system on their machine before trying OpenBSD: if after
installation onto an IDE-based machine, the kernel fails to mount the root
partition because it thinks that it should be opening sd0 (0x400), this means
--- 94,113 ----
A kernel source-code patch is available.
!
- FUNCTIONALITY FIX
! Some Linux binaries will execute in SVR4 emulation mode, which is
definately a problem for people who need Linux emulation to work correctly.
To solve this mis-identification problem,
! a patch file is provided.
!
- RELIABILITY FIX
! APM can crash on machines without it.
A kernel source-code patch is available.
!
- INSTALLATION PROCESS FLAW
! A few people are running into this problem, particularily if they had some
other *BSD operating system on their machine before trying OpenBSD: if after
installation onto an IDE-based machine, the kernel fails to mount the root
partition because it thinks that it should be opening sd0 (0x400), this means
***************
*** 93,108 ****
mac68k
! - Unfortunately, X11 binaries for the mac68k did not manage to make it onto the
CDROM. However, X11 for the mac68k is immediately available from
ftp://ftp.OpenBSD.org/pub/OpenBSD/2.2/mac68k/X11/X11R6.tar.gz. Please
be sure to read the README file also in that directory for instructions on installing
and setting up X.
!
- As shipped on the CDROM, both the generic kernel and the
! genericsbc kernel extract themselves into the wrong place in the filesystem.
Both should extract a kernel named /bsd, but they extract
the kernel into /usr/src/sys/arch/mac68k/compile instead.
--- 120,141 ----
mac68k