version 1.11, 1996/10/02 01:24:15 |
version 1.12, 1996/11/02 04:19:39 |
|
|
<li>generic protection against the bind() takeover problem. |
<li>generic protection against the bind() takeover problem. |
<li>at -f security fix. |
<li>at -f security fix. |
<li>install now supports -C, -p, and -S flags. |
<li>install now supports -C, -p, and -S flags. |
<!-- <li>a real adduser program, which can even be used uninteractively. --> |
<li>a real adduser program, which can even be used uninteractively. |
<li>POSIX & C2 requirement; lose setuid/setgid bits if owner/group changed |
<li>POSIX & C2 requirement; lose setuid/setgid bits if owner/group changed |
by chown(). This can be turned off with sysctl. |
by chown(). This can be turned off with sysctl. |
<li>partial protection against tcp SYN attacks. |
<li>partial protection against tcp SYN attacks. |
|
|
<li>`lsof'-style features in fstat. |
<li>`lsof'-style features in fstat. |
<li>/bin/ksh (latest version of pdksh) with more fixes. |
<li>/bin/ksh (latest version of pdksh) with more fixes. |
<li>rudimentary support for ISA Plug-and-Play cards |
<li>rudimentary support for ISA Plug-and-Play cards |
<li>Fixed timeout support in RPC library, and also fixed it to support more than |
<li>Fixed timeout support in RPC library, and also fixed it to support more |
FD_SETSIZE file descriptors. |
than FD_SETSIZE file descriptors. |
<li>improved locate command |
<li>improved locate command |
<li>a good start at NETIPX support |
<li>a good start at NETIPX support |
<li>nvi version 1.76 |
<li>nvi version 1.76 |
|
|
<li>latest version of perl, and a lndir command. |
<li>latest version of perl, and a lndir command. |
<li>Even more security fixes. |
<li>Even more security fixes. |
<li>cdio command for using CD audio. |
<li>cdio command for using CD audio. |
<li>Kernel warns if /dev/console does not exist; nice warning for booting with an |
<li>Kernel warns if /dev/console does not exist; nice warning for booting with |
unpopulated /dev directory. |
an unpopulated /dev directory. |
<li>libgnumalloc is gone; our malloc() is better. |
<li>libgnumalloc is gone; our malloc() is better. |
<li>FreeBSD pipe() system call; quite a bit faster. |
<li>FreeBSD pipe() system call; quite a bit faster. |
<li>Some serial drivers support /dev/cuaXX devices for transparent |
<li>Some serial drivers support /dev/cuaXX devices for transparent |
dialout+dialout, like in SunOS |
dialout+dialout, like in SunOS |
<li>DDB can now access symbol tables from LKM modules |
<li>DDB can now access symbol tables from LKM modules |
<li>Say goodbye to dump, restore, and mt security holes: They are no longer setuid. |
<li>Say goodbye to dump, restore, and mt security holes: They are no longer |
|
setuid. |
<li>*Hobbit*'s netcat utility. The crackers use it, so should you. |
<li>*Hobbit*'s netcat utility. The crackers use it, so should you. |
<li>YP can be compiled out of the system. |
<li>YP can be compiled out of the system. |
<li>New routed (from SGI). |
<li>New routed (from SGI). |
<li>Almost complete in-tree development for MIPS/Alpha systems (ie. binutils). |
<li>Almost complete in-tree development for MIPS/Alpha systems (ie. binutils). |
<li>ftp command modified for easily scripted ftp & http downloads. |
<li>ftp command modified for easily scripted ftp & http downloads. |
<li>And of course... more security related fixes. |
<li>And of course... more security related fixes. |
<li>$RSH environment variable used throughout for "ssh" users (ie. dump, restore, mt). |
<li>$RSH environment variable used throughout for "ssh" users (ie. dump, |
|
restore, mt). |
<li>vim is replacing nvi, since nvi does not have a pure BSD license, and vim |
<li>vim is replacing nvi, since nvi does not have a pure BSD license, and vim |
also works better. |
also works better. |
<li>16 partitions per disk on i386 and sparc ports (yipee!) |
<li>16 partitions per disk on i386 and sparc ports (yipee!) |
<li>Nice sample files in /etc |
<li>Nice sample files in /etc |
<li>sendmail gecos hole fixed (in a number of ways; other programs in the source |
<li>sendmail gecos hole fixed (in a number of ways; other programs in the |
tree were also vulnerable.) |
source tree were also vulnerable.) |
<li>secure multicast tools against possible security problems. |
<li>secure multicast tools against possible security problems. |
<li>latest GNU groff, incorporated in a clean wrapperized form. |
<li>latest GNU groff, incorporated in a clean wrapperized form. |
<li>use vim instead of nvi. vim has been extended to add many missing features. |
<li>use vim instead of nvi. vim has been extended to add many missing features. |
|
|
<li>We have completed security reviews of almost all userland programs and |
<li>We have completed security reviews of almost all userland programs and |
libraries except for the gnu stuff (where, based on preliminary |
libraries except for the gnu stuff (where, based on preliminary |
inspection, poor handling of temporary files appears rampant). |
inspection, poor handling of temporary files appears rampant). |
|
<li>Even then, we continued to find and fix more security holes. We found |
|
holes in 5 other system programs. |
|
<li>Working Linux ext2fs. |
|
<li>Added sudo (which is maintained by one of our developers). |
|
<li>Added ctm to the source tree. |
|
<li>The NIST Posix test suite became free. As a result we have been correcting |
|
numerous problems in the source tree, and expect to be completely |
|
POSIX compliant very soon. |
|
<li>upgrade to CVS version 1.9. |
|
<li>Added -C option to pax/tar. Also make -z support compressed files too. |
|
<li>Make core dumping much more controlled in setuid cases. |
</ul> |
</ul> |
</p> |
</p> |
|
|