===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v
retrieving revision 1.13
retrieving revision 1.14
diff -c -r1.13 -r1.14
*** www/plus.html	1996/12/24 03:04:44	1.13
--- www/plus.html	1996/12/24 08:37:33	1.14
***************
*** 1,192 ****
! <!DOCTYPE HTML PUBLIC  "-//IETF//DTD HTML Strict//EN">
! <html>
! <head>
! <title>OpenBSD changes</title>
! <link rev=made href=mailto:www@openbsd.org>
! <meta name="resource-type" content="document">
! <meta name="description" content="the main OpenBSD page">
! <meta name="keywords" content="openbsd,main">
! <meta name="distribution" content="global">
! <meta name="copyright" content="This document copyright 1996 by OpenBSD, Inc.">
! </head>
! 
! <body>
! 
! <h1>OpenBSD</h1>
! <hr>
! <h3>Changes Relative to other *BSD's.</h3>
! 
! <p>
! OpenBSD looks a lot like NetBSD (from which it is derived, following
! the 4.4BSD roots), but is now being developed seperately.  Good changes
! from other free operating systems will be merged in (of course, depending
! on various factors like developer time for example.)  OpenBSD tracks
! NetBSD changes very closely; say anywhere between 2 to 10 days
! behind the state of NetBSD-current all the time.  Hence you can truly
! say that OpenBSD is NetBSD <b>PLUS MORE STUFF</b>.
! 
! <p>
! Compared to NetBSD, various additions have been made. This is a
! partial list of the major machine independent changes (ie. these are the 
! changes people ask about most often). Check the page of the specific port
! you are interested in for further port-specific details. Note that many ports
! have had architecture-specific enhancements.
! 
! <ul>
! <li>Many many NetBSD PR's fixed (which NetBSD has not yet fixed)
! <li>New curses library, including libform, libpanel and libmenu.
! <li>a termlib library which understands termcap.db, needed for new curses. 
! <li>The FreeBSD ports subsystem was integrated and is usable by you! 
! <li>ipfilter for filtering dangerous packets
! <li>better ELF support
! <li>nlist() that understands ELF, ECOFF, and a.out, allowing non-a.out ports
!         to use kvm utilies 
! <li>Verbatim integration of the GNU tools (using a wrapper Makefile)
! <li>All the pieces needed for cross compilation are in the source tree.
! <li>Some LKM support in the tree.
! <li>ATAPI support (should work on all ISA busses)
! <li>new scsi, md5, pkg_* commands
! <li>Numerous security related fixes
! <li>Kerberos and other crypto in the source tree that is exportable
! <li>Solid YP master, server, and client capabilities.
! <li>/dev/*random -- a device driver providing some kinds of random data
! <li>In-kernel update(8) with an adaptive algorithm
! <li>Some ddb improvements and extensions
! <li>Numerous scsi fixes
! <li>ncheck utility for ffs
! <li>/sbin/init now deals with non-existant ttys, no longer spins gettys madly.
! <li>new system calls: rfork(), minherit(), poll().
! <li>select() that can handle any amount of file descriptors.
! <li>kernfs extensions
! <li>ATM support (support for one company's sparc & i386 cards available)
! <li>Boot kernels with "-c" to edit/enable/disable device configuration tables
! <li>pax as tar, gnutar is toast
! <li>using AT&T awk, gawk is toast
! <li>Even more security fixes.
! <li>Accepts FreeBSD MD5 passwords in password maps, soon will be able to
!         generate them too
! <li>Linux ext2fs and BSD4.4 LFS support being worked on.
! <li>Working ATAPI audio support for multiple architectures.
! <li>terminfo database support.
! <li>Fortran in the tree.
! <li>The most secure rdist support anywhere.
! <li>randomized port allocation in bind(), bindresvport(), and rresvport() --
!         security via unpredictability.
! <li>Protection from the udp spamming and ftp bounce attacks.
! <li>Significantly improved ftp daemon.
! <li>Numerous more security policy and implimentation improvements (OpenBSD
!         defaults to installing in a very secure mode)
! <li>zlib (non-GPL'd gzip-compatible library)
! <li>Newest version of pppd.
! <li>_POSIX_SAVED_IDS behaviour with permitted BSD extensions.
! <li>Fixed long-standing vm swap-leak.
! <li>FreeBSD malloc() that uses mmap() and is able to free unused memory.
! <li>Numerous FreeBSD userland fixes and improvements incorporated.
! <li>new rdisc Router Discovery daemon
! <li>generic protection against the bind() takeover problem.
! <li>at -f security fix.
! <li>20 or so more security fixes
! <li>install now supports -C, -p, and -S flags.
! <li>a real adduser program, which can even be used uninteractively.
! <li>POSIX & C2 requirement; lose setuid/setgid bits if owner/group changed
!         by chown(). This can be turned off with sysctl.
! <li>partial protection against tcp SYN attacks.
! <li>added /etc/fbtab support to login & init.
! <li>RCS version 5.7
! <li>much newer join command (4.4lite2 with other fixes)
! <li>scsi subsystem security fix
! <li>Kerberos is much more silent if not configured
! <li>arc4-based random support in kernel
! <li>ncr53cXXX scsi scripts assembler
! <li>Numerous ftpd improvements and fixes, including multihomed and skey support.
! <li>`lsof'-style features in fstat.
! <li>rudimentary support for ISA Plug-and-Play cards
! <li>Fixed timeout support in RPC library, and also fixed it to support more
!         than FD_SETSIZE file descriptors.
! <li>improved locate command
! <li>a good start at NETIPX support
! <li>vim version 4.5
! <li>gcc 2.7.2.1 (to get closer to native alpha support ar gcc
!         bugs).
! <li>latest version of perl, and a lndir command.
! <li>Even more security fixes.
! <li>cdio command for using CD audio. 
! <li>Kernel warns f /dev/ces not ebooting ated /de<li>libgis gone; our malloc() is better.
! <li>FreeBSD pipe() system call; quite a bit faster.
! <li>Some serial driver support for /dev/cuaXX devices to support transparent
!       out+dial
! <li>DDcess symrom LKM es
! <li>Say goodbye to dump, restore, and mt security holes: They are no longer
!         setuid.
! <li>*Hobbit*'s netcat utility. The crackers use it, so should you.
! <li>New routed from SGI.
! <li>Complete in-tree development for MIPS/Alpha systems (ie. binutils).
! <li>ftp command modified for easily scripted ftp & http downloads.
! <li>And of course... more security related bugfixes... (ie. dump,
!         restore, mt).
! <li>vim is replacing nvi, since nvi does not have a pure BSD license, and vim
!         also works better.
! <li>16 partitions working on sparc and i386 (yipee!)
! <li>Nice sample files in /etc
! <li>sendmail gecos hole fixed (in a number of ways; other programs in the
! 	source tree were also vulnerable.)
! <li>secure multicast tools against possible security problems.
! <li>latest GNU groff, incorporated in a clean wrapperized form.
! <li>mopd for networking booting Digital machines
! <li>less version 2.90
! <li>deal with the SYN bomb problem (denial of service attack) as well known.
! <li>Sendmail 8.8.4 with smrsh
! <li>Another kerberos security fix.
! <li>Almost a hundred more security fixes, including /tmp races because of strncpy.
! <li>Compile time option to compile the source tree almost completely dynamic.
! <li>A 7% reduction in size of static binaries.
! <li>FreeBSD's adduser(8) command. Also an rmuser(8) command.
! <li>We have completed security reviews of almost all userland programs and
!         libraries except for the gnu stuff (where, based on preliminary
!         inspection there is poor handling of temp files).
! <li>Working Linux ext2fs.
! <li>Added sudo (which is maintained by one of our developers)
! <li>CTM is now a supported way of obtaining OpenBSD source code.
! <li>The NIST Posix test suite became free. As a result we have been correcting
! 	numerous problems in the source tree, and expect to be completely
! 	POSIX compliant very soon.
! <li>upgrade to CVS version 1.9.
! <li>Added -C option to pax/tar. Also made -z support compressed files too.
! <li>Updated md4 and md5 headers to use bittypes so they work on 64-bit machines.
! <li>Added secure hashing-- nearing RFC 1938 compliance.
! <li>Fix for PCI etherlink3  packet-receive bug.
! <li>sleep will "return time unslept" if interrupted.
! <li>yp and bootparam warns about security problems. ypserv will not allow operations if not operating on reserved port.
! <li>config now supports pmax
! <li>pdksh version is now 5.2.11
! <li>documentation added/updated for various architectures
! <li>/dev/ttyv series is now useable
! <li>Security fixes to sysctl, default to prevent users from using mount syscall
! <li>Cleaned up Amiga's Makefile's and documentation
! <li>Added more ATAPI CD-ROM sipport
! <li>Multiple updates for legacy GNU software
! <li>Many man pages cleaned up
! <li>updates to installation floppy disks for many ports.
! <li>fsck now checks for holes in directories.
! <li>updated default console drivers on Mac 68k port. Dropping to system debugger from a serial console is now an option, not the default.
! <li>ftpd security fix-- will not write passwords if core dumps. ALL suid/root process will dump to a mode 600 file
! <li>Stack traceback support added to arc port.
! <li>Fixed prevalent poor "C" syntax strcpy() strlen() in many sources
! <li>cd fix so that `cp kernel /' works with all shells
! <li>SCSI subsystem updates: updated scanner and unknown device routines
! <li>lpr/lpd/lp fixes (security, POSIX/ANSI compliance)
! <li>IDE Hard Disk driver fix reduces chance of NULL pointers
! <li>binutils is now 961112 release from CYGNUS
! <li>includes and system dependancies now work on explicit 16- and 32-bit quantities-- not the machine dependent "short" and "long" integer. 
! <br><br>
! 
! This list only mentions platform-independent changes.  For a list of changes
! made in a particular platform, please check the page for that platform.<br><br>
! 
! <hr>
! <a href="index.html"><img src=back.gif border=0 alt=OpenBSD></a> 
! <a href=mailto:www@openbsd.org>www@openbsd.org</a>
! <br><small>$OpenBSD: plus.html,v 1.13 1996/12/24 03:04:44 jkatz Exp $</small>
! 
! </body>
! </html>
--- 1,238 ----
! <!DOCTYPE HTML PUBLIC  "-//IETF//DTD HTML Strict//EN">
! <html>
! <head>
! <title>OpenBSD changes</title>
! <link rev=made href=mailto:www@openbsd.org>
! <meta name="resource-type" content="document">
! <meta name="description" content="the main OpenBSD page">
! <meta name="keywords" content="openbsd,main">
! <meta name="distribution" content="global">
! <meta name="copyright" content="This document copyright 1996 by OpenBSD, Inc.">
! </head>
! 
! <body>
! 
! <h1>OpenBSD</h1>
! <hr>
! <h3>Changes Relative to other *BSD's.</h3>
! 
! <p>
! OpenBSD looks a lot like NetBSD (from which it is derived, following
! the 4.4BSD roots), but is now being developed seperately.  Good changes
! from other free operating systems will be merged in (of course, depending
! on various factors like developer time for example.)  OpenBSD tracks
! NetBSD changes very closely; say anywhere between 2 to 10 days
! behind the state of NetBSD-current all the time.  Hence you can truly
! say that OpenBSD is NetBSD <b>PLUS MORE STUFF</b>.
! 
! <p>
! Compared to NetBSD, various additions have been made. This is a
! partial list of the major machine independent changes (ie. these are the 
! changes people ask about most often). Check the page of the specific port
! you are interested in for further port-specific details. Note that many ports
! have had architecture-specific enhancements.
! 
! <ul>
! <li>Many many NetBSD PR's fixed (which NetBSD has not yet fixed)
! <li>New curses library, including libform, libpanel and libmenu.
! <li>a termlib library which understands termcap.db, needed for new curses. 
! <li>The FreeBSD ports subsystem was integrated and is usable by you! 
! <li>ipfilter for filtering dangerous packets
! <li>better ELF support
! <li>nlist() that understands ELF, ECOFF, and a.out, allowing non-a.out ports
!         to use kvm utilies 
! <li>Verbatim integration of the GNU tools (using a wrapper Makefile)
! <li>All the pieces needed for cross compilation are in the source tree.
! <li>Some LKM support in the tree.
! <li>ATAPI support (should work on all ISA busses)
! <li>new scsi, md5, pkg_* commands
! <li>Numerous security related fixes
! <li>Kerberos and other crypto in the source tree that is exportable
! <li>Solid YP master, server, and client capabilities.
! <li>/dev/*random -- a device driver providing some kinds of random data
! <li>In-kernel update(8) with an adaptive algorithm
! <li>Some ddb improvements and extensions
! <li>Numerous scsi fixes
! <li>ncheck utility for ffs
! <li>/sbin/init now deals with non-existant ttys, no longer spins gettys madly.
! <li>new system calls: rfork(), minherit(), poll().
! <li>select() that can handle any amount of file descriptors.
! <li>kernfs extensions
! <li>ATM support (support for one company's sparc & i386 cards available)
! <li>Boot kernels with "-c" to edit/enable/disable device configuration tables
! <li>pax as tar, gnutar is toast
! <li>using AT&T awk, gawk is toast
! <li>Even more security fixes.
! <li>Accepts FreeBSD MD5 passwords in password maps, soon will be able to
!         generate them too
! <li>Linux ext2fs and BSD4.4 LFS support being worked on.
! <li>Working ATAPI audio support for multiple architectures.
! <li>terminfo database support.
! <li>Fortran in the tree.
! <li>The most secure rdist support anywhere.
! <li>randomized port allocation in bind(), bindresvport(), and rresvport() --
!         security via unpredictability.
! <li>Protection from the udp spamming and ftp bounce attacks.
! <li>Significantly improved ftp daemon.
! <li>Numerous more security policy and implimentation improvements (OpenBSD
!         defaults to installing in a very secure mode)
! <li>zlib (non-GPL'd gzip-compatible library)
! <li>Newest version of pppd.
! <li>_POSIX_SAVED_IDS behaviour with permitted BSD extensions.
! <li>Fixed long-standing vm swap-leak.
! <li>FreeBSD malloc() that uses mmap() and is able to free unused memory.
! <li>Numerous FreeBSD userland fixes and improvements incorporated.
! <li>new rdisc Router Discovery daemon
! <li>generic protection against the bind() takeover problem.
! <li>at -f security fix.
! <li>20 or so more security fixes
! <li>install now supports -C, -p, and -S flags.
! <li>a real adduser program, which can even be used uninteractively.
! <li>POSIX & C2 requirement; lose setuid/setgid bits if owner/group changed
!         by chown(). This can be turned off with sysctl.
! <li>partial protection against tcp SYN attacks.
! <li>added /etc/fbtab support to login & init.
! <li>RCS version 5.7
! <li>much newer join command (4.4lite2 with other fixes)
! <li>scsi subsystem security fix
! <li>Kerberos is much more silent if not configured
! <li>arc4-based random support in kernel
! <li>ncr53cXXX scsi scripts assembler
! <li>Numerous ftpd improvements and fixes, including multihomed and skey support.
! <li>`lsof'-style features in fstat.
! <li>rudimentary support for ISA Plug-and-Play cards
! <li>Fixed timeout support in RPC library, and also fixed it to support more
!         than FD_SETSIZE file descriptors.
! <li>improved locate command
! <li>a good start at NETIPX support
! <li>vim version 4.5
! <li>gcc 2.7.2.1 (to get closer to native alpha support ar gcc
!         bugs).
! <li>latest version of perl, and a lndir command.
! <li>Even more security fixes.
! <li>cdio command for using CD audio. 
! <li>Kernel warns f /dev/ces not ebooting ated /de<li>libgis gone; our malloc() is better.
! <li>FreeBSD pipe() system call; quite a bit faster.
! <li>Some serial driver support for /dev/cuaXX devices to support transparent
!       out+dial
! <li>DDcess symrom LKM es
! <li>Say goodbye to dump, restore, and mt security holes: They are no longer
!         setuid.
! <li>*Hobbit*'s netcat utility. The crackers use it, so should you.
! <li>New routed from SGI.
! <li>Complete in-tree development for MIPS/Alpha systems (ie. binutils).
! <li>ftp command modified for easily scripted ftp & http downloads.
! <li>And of course... more security related bugfixes... (ie. dump,
!         restore, mt).
! <li>vim is replacing nvi, since nvi does not have a pure BSD license, and vim
!         also works better.
! <li>16 partitions working on sparc and i386 (yipee!)
! <li>Nice sample files in /etc
! <li>sendmail gecos hole fixed (in a number of ways; other programs in the
! 	source tree were also vulnerable.)
! <li>secure multicast tools against possible security problems.
! <li>latest GNU groff, incorporated in a clean wrapperized form.
! <li>mopd for networking booting Digital machines
! <li>less version 2.90
! <li>deal with the SYN bomb problem (denial of service attack) as well known.
! <li>Another kerberos security fix.
! <li>Almost a hundred more security fixes, including /tmp races because of strncpy.
! <li>Compile time option to compile the source tree almost completely dynamic.
! <li>A 7% reduction in size of static binaries.
! <li>FreeBSD's adduser(8) command. Also an rmuser(8) command.
! <li>We have completed security reviews of almost all userland programs and
!         libraries except for the gnu stuff (where, based on preliminary
!         inspection there is poor handling of temp files).
! <li>Working Linux ext2fs.
! <li>Added sudo (which is maintained by one of our developers)
! <li>CTM is now a supported way of obtaining OpenBSD source code.
! <li>The NIST Posix test suite became free. As a result we have been correcting
! 	numerous problems in the source tree, and expect to be completely
! 	POSIX compliant very soon.
! <li>upgrade to CVS version 1.9.
! <li>A number of security fixes to the way coredumping works.
! <li>The /dev/*random devices are now default on all architectures.
! <li>Add stack tracebacks to Arc port's kernel debugger.
! <li>Skey revamped into full OTP (RFC1938) support, including sha1 and
! 	md5 support.
! <li>GPL i387 emulator added.
! <li>Crank kvm space on the i386 port, also limit buffer cache useage
! 	so that 512MB machines may work (untested :-)
! <li>Numerous fixes to the lpr suite, including security.
! <li>More ftpd raging paranoia security fixes.
! <li>The NIST suite showed numerous errors in libraries and the kernel.
! 	Only a few small errors remain now, mostly regarding serial
! 	ports.
! <li>In numerous utilities: prefer $LOGNAME, but also accept $USER.
! <li>OLF binary type added.  This is like ELF, but includes an OS-dependent
! 	tag. elf2olf(1) converts an elf binary to a tagged OLF binary which
! 	the kernel can recognize correctly.
! <li>Beware $HOME overflows throughout the source tree.
! <li>Integration of the pmax port.
! <li>Import of ctm.
! <li>Various repairs to the scsi scanner support.
! <li>Numerous more difficult-to-exploit-but-possible-if-someone-really-wanted-to
! 	buffer overflows found in system utilities..
! <li>Memory leak paranoia in cron.
! <li>Make login get more consistantly upset about failed logins, and tell user
! 	about these failures at the next successfull login.
! <li>pdksh version is now 5.2.11
! <li>New bsd.*.mk feature: DEBUG=-g.  Try it, you'll like it.
! <li>The Arc port family has a new member: The rPC44 works! 
! <li>lpt driver is now bus-independent.
! <li>com driver is now bus-independent.
! <li>Numerous small security fixes again...
! <li>Use pdksh as our /bin/sh.  This provides excellent POSIX compliance.
! <li>Prevent generic users from mounting filesystems by default.
! <li>Added -C option to pax/tar. Also made -z support compressed files too.
! <li>Increased compatibility in the pccons driver with BSDi features.
! <li>Imported FreeBSD's calendar.
! <li>GNU gdb works on the mips-based platforms.
! <li>Add FreeBSD md5 diffs to mtree(8).  This can be used to implement a
! 	tripwire-like system.
! <li>Some YP and bootparamd security changes.
! <li>Hundreds of little fixes all over the place.
! <li>Multiple updates for GNU software
! <li>Add disklabels to the floppy device drivers.
! <li>At boottime, have (*mountroot)() look at the root device's disklabel
! 	to determine which filesystem type is to be mounted.
! <li>If disklabel reading code discovers an ISOFS filesystem underlying,
! 	spoof a nice disklabel (enough to fool mountroot).
! <li>tcpdump 3.3
! <li>Fix information gathering attack in ping(8).
! <li>Add NetBSD's "route show" implementation, and at the samet time fix
! 	the new buffer overflows that this provided.
! <li>Fix a few setgroups() related security holes.
! <li>sendmail 8.8.4
! <li>texinfo 3.9
! <li>f77 0.5.19
! <li>Repair some more KerberosIV buffer overflows.  Hard to believe this is
! 	supposed to be security software.
! <li>Add XCASE/IUCLC/OLCUC/OCRNL/ONOCR/ONLRET tty subsystem flags for
! 	backwards compatibility.
! <li>Permit NFS attribute cache to be configured on a per-mount basis.
! 
! <li>Properly split fsck, mount, and newfs into multiple pieces.  Use
! 	disklabel information if it is available.
! <li>Add disklabels to the vnd device driver.
! <li>Change the games to be run setgid games, not setuid games.  This closes
! 	a whole slew of fascinating security holes.
! <li>Import of the powerpc port.
! <li>Properly use _POSIX_SAVED_IDS throughout the source tree.
! <li>Permit building of kernels without a.out support.
! <li>ppp 2.3b3
! <li>libcrypt goes away. We do not need this stub library anymore. Do not link
! 	against it on OpenBSD, all the pieces you need are in libc.
! </ul>
! <br>
! 
! This list only mentions platform-independent changes.  For a list of changes
! made in a particular platform, please check the page for that platform.<br><br>
! 
! <hr>
! <a href="index.html"><img src=back.gif border=0 alt=OpenBSD></a> 
! <a href=mailto:www@openbsd.org>www@openbsd.org</a>
! <br><small>$OpenBSD: plus.html,v 1.14 1996/12/24 08:37:33 deraadt Exp $</small>
! 
! </body>
! </html>