+Constrain +i386_set_ioperm(2) +so even root is blocked from accessing the ioports +unless the machine is running at lower securelevels or with an open X11 aperture. +
+ +A source code patch exists which remedies this problem.
+
+ +
+Change the implimentation of i386 W^X so that the "execute line" can move around. +Before it was limited to being either at 512MB (below which all code normally +lands) or at the top of the stack. Now the line can float as +mprotect(2) +and +mmap(2) +requests need it to. This is now implimented using only GDT selectors +instead of the LDT so that it is more robust as well. +
+ +A source code patch exists which remedies this problem.
+
+
Do not allow users to trick suid programs into re-opening files via /dev/fd. @@ -189,7 +215,7 @@
www@openbsd.org
-$OpenBSD: errata37.html,v 1.5 2006/01/05 05:34:08 brad Exp $ +
$OpenBSD: errata37.html,v 1.6 2006/01/13 23:13:00 brad Exp $