===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- www/plus.html 1996/10/02 01:24:15 1.11
+++ www/plus.html 1996/11/02 04:19:39 1.12
@@ -85,7 +85,7 @@
generic protection against the bind() takeover problem.
at -f security fix.
install now supports -C, -p, and -S flags.
-
+a real adduser program, which can even be used uninteractively.
POSIX & C2 requirement; lose setuid/setgid bits if owner/group changed
by chown(). This can be turned off with sysctl.
partial protection against tcp SYN attacks.
@@ -100,8 +100,8 @@
`lsof'-style features in fstat.
/bin/ksh (latest version of pdksh) with more fixes.
rudimentary support for ISA Plug-and-Play cards
-Fixed timeout support in RPC library, and also fixed it to support more than
- FD_SETSIZE file descriptors.
+Fixed timeout support in RPC library, and also fixed it to support more
+ than FD_SETSIZE file descriptors.
improved locate command
a good start at NETIPX support
nvi version 1.76
@@ -110,27 +110,29 @@
latest version of perl, and a lndir command.
Even more security fixes.
cdio command for using CD audio.
-Kernel warns if /dev/console does not exist; nice warning for booting with an
- unpopulated /dev directory.
+Kernel warns if /dev/console does not exist; nice warning for booting with
+ an unpopulated /dev directory.
libgnumalloc is gone; our malloc() is better.
FreeBSD pipe() system call; quite a bit faster.
Some serial drivers support /dev/cuaXX devices for transparent
dialout+dialout, like in SunOS
DDB can now access symbol tables from LKM modules
-Say goodbye to dump, restore, and mt security holes: They are no longer setuid.
+Say goodbye to dump, restore, and mt security holes: They are no longer
+ setuid.
*Hobbit*'s netcat utility. The crackers use it, so should you.
YP can be compiled out of the system.
New routed (from SGI).
Almost complete in-tree development for MIPS/Alpha systems (ie. binutils).
ftp command modified for easily scripted ftp & http downloads.
And of course... more security related fixes.
-$RSH environment variable used throughout for "ssh" users (ie. dump, restore, mt).
+$RSH environment variable used throughout for "ssh" users (ie. dump,
+ restore, mt).
vim is replacing nvi, since nvi does not have a pure BSD license, and vim
also works better.
16 partitions per disk on i386 and sparc ports (yipee!)
Nice sample files in /etc
-sendmail gecos hole fixed (in a number of ways; other programs in the source
- tree were also vulnerable.)
+sendmail gecos hole fixed (in a number of ways; other programs in the
+ source tree were also vulnerable.)
secure multicast tools against possible security problems.
latest GNU groff, incorporated in a clean wrapperized form.
use vim instead of nvi. vim has been extended to add many missing features.
@@ -150,6 +152,17 @@
We have completed security reviews of almost all userland programs and
libraries except for the gnu stuff (where, based on preliminary
inspection, poor handling of temporary files appears rampant).
+Even then, we continued to find and fix more security holes. We found
+ holes in 5 other system programs.
+Working Linux ext2fs.
+Added sudo (which is maintained by one of our developers).
+Added ctm to the source tree.
+The NIST Posix test suite became free. As a result we have been correcting
+ numerous problems in the source tree, and expect to be completely
+ POSIX compliant very soon.
+upgrade to CVS version 1.9.
+Added -C option to pax/tar. Also make -z support compressed files too.
+Make core dumping much more controlled in setuid cases.
@@ -160,7 +173,7 @@
www@openbsd.org
-
$OpenBSD: plus.html,v 1.11 1996/10/02 01:24:15 deraadt Exp $
+
$OpenBSD: plus.html,v 1.12 1996/11/02 04:19:39 deraadt Exp $