===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata37.html,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- www/errata37.html 2006/01/05 05:34:08 1.5
+++ www/errata37.html 2006/01/13 23:13:00 1.6
@@ -74,6 +74,32 @@
+-
+010: RELIABILITY FIX: January 13, 2006 i386 architecture
+Constrain
+i386_set_ioperm(2)
+so even root is blocked from accessing the ioports
+unless the machine is running at lower securelevels or with an open X11 aperture.
+
+
+A source code patch exists which remedies this problem.
+
+
+
-
+009: RELIABILITY FIX: January 13, 2006 i386 architecture
+Change the implimentation of i386 W^X so that the "execute line" can move around.
+Before it was limited to being either at 512MB (below which all code normally
+lands) or at the top of the stack. Now the line can float as
+mprotect(2)
+and
+mmap(2)
+requests need it to. This is now implimented using only GDT selectors
+instead of the LDT so that it is more robust as well.
+
+
+A source code patch exists which remedies this problem.
+
+
-
008: SECURITY FIX: January 5, 2006 All architectures
Do not allow users to trick suid programs into re-opening files via /dev/fd.
@@ -189,7 +215,7 @@
www@openbsd.org
-
$OpenBSD: errata37.html,v 1.5 2006/01/05 05:34:08 brad Exp $
+
$OpenBSD: errata37.html,v 1.6 2006/01/13 23:13:00 brad Exp $