www/errata.html - diff

Return to errata.html CVS log

Up to [local] / www

Diff for /www/errata.html between version 1.543 and 1.544

-version 1.543, 2006/01/05 05:34:07
+version 1.544, 2006/01/13 23:13:00
 Line 74
 Line 74
 Line 74
  <a name="vax"></a>
  <ul>
+ <li><a name="i386machdep"></a>
+ <font color="#009000"><strong>004: RELIABILITY FIX: January 13, 2006</strong></font> &nbsp; <i>i386 architecture</i><br>
+ Constrain
+ <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=i386_set_ioperm&amp;arch=i386&amp;sektion=2">i386_set_ioperm(2)</a>
+ so even root is blocked from accessing the ioports
+ unless the machine is running at lower securelevels or with an open X11 aperture.
+ <br>
+ <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/i386/004_i386machdep.patch">
+ A source code patch exists which remedies this problem</a>.<br>
+ <p>
+ <li><a name="i386pmap"></a>
+ <font color="#009000"><strong>003: RELIABILITY FIX: January 13, 2006</strong></font> &nbsp; <i>i386 architecture</i><br>
+ Change the implimentation of i386 W^X so that the "execute line" can move around.
+ Before it was limited to being either at 512MB (below which all code normally
+ lands) or at the top of the stack. Now the line can float as
+ <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mprotect&amp;sektion=2">mprotect(2)</a>
+ and
+ <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mmap&amp;sektion=2">mmap(2)</a>
+ requests need it to. This is now implimented using only GDT selectors
+ instead of the LDT so that it is more robust as well.
+ <br>
+ <a href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/i386/003_i386pmap.patch">
+ A source code patch exists which remedies this problem</a>.<br>
+ <p>
  <li><a name="fd"></a>
  <font color="#009000"><strong>002: SECURITY FIX: January 5, 2006</strong></font> &nbsp; <i>All architectures</i><br>
  Do not allow users to trick suid programs into re-opening files via /dev/fd.