===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- www/plus.html	1996/12/24 03:04:44	1.13
+++ www/plus.html	1996/12/24 08:37:33	1.14
@@ -1,192 +1,238 @@
-<!DOCTYPE HTML PUBLIC  "-//IETF//DTD HTML Strict//EN">
-<html>
-<head>
-<title>OpenBSD changes</title>
-<link rev=made href=mailto:www@openbsd.org>
-<meta name="resource-type" content="document">
-<meta name="description" content="the main OpenBSD page">
-<meta name="keywords" content="openbsd,main">
-<meta name="distribution" content="global">
-<meta name="copyright" content="This document copyright 1996 by OpenBSD, Inc.">
-</head>
-
-<body>
-
-<h1>OpenBSD</h1>
-<hr>
-<h3>Changes Relative to other *BSD's.</h3>
-
-<p>
-OpenBSD looks a lot like NetBSD (from which it is derived, following
-the 4.4BSD roots), but is now being developed seperately.  Good changes
-from other free operating systems will be merged in (of course, depending
-on various factors like developer time for example.)  OpenBSD tracks
-NetBSD changes very closely; say anywhere between 2 to 10 days
-behind the state of NetBSD-current all the time.  Hence you can truly
-say that OpenBSD is NetBSD <b>PLUS MORE STUFF</b>.
-
-<p>
-Compared to NetBSD, various additions have been made. This is a
-partial list of the major machine independent changes (ie. these are the 
-changes people ask about most often). Check the page of the specific port
-you are interested in for further port-specific details. Note that many ports
-have had architecture-specific enhancements.
-
-<ul>
-<li>Many many NetBSD PR's fixed (which NetBSD has not yet fixed)
-<li>New curses library, including libform, libpanel and libmenu.
-<li>a termlib library which understands termcap.db, needed for new curses. 
-<li>The FreeBSD ports subsystem was integrated and is usable by you! 
-<li>ipfilter for filtering dangerous packets
-<li>better ELF support
-<li>nlist() that understands ELF, ECOFF, and a.out, allowing non-a.out ports
-        to use kvm utilies 
-<li>Verbatim integration of the GNU tools (using a wrapper Makefile)
-<li>All the pieces needed for cross compilation are in the source tree.
-<li>Some LKM support in the tree.
-<li>ATAPI support (should work on all ISA busses)
-<li>new scsi, md5, pkg_* commands
-<li>Numerous security related fixes
-<li>Kerberos and other crypto in the source tree that is exportable
-<li>Solid YP master, server, and client capabilities.
-<li>/dev/*random -- a device driver providing some kinds of random data
-<li>In-kernel update(8) with an adaptive algorithm
-<li>Some ddb improvements and extensions
-<li>Numerous scsi fixes
-<li>ncheck utility for ffs
-<li>/sbin/init now deals with non-existant ttys, no longer spins gettys madly.
-<li>new system calls: rfork(), minherit(), poll().
-<li>select() that can handle any amount of file descriptors.
-<li>kernfs extensions
-<li>ATM support (support for one company's sparc & i386 cards available)
-<li>Boot kernels with "-c" to edit/enable/disable device configuration tables
-<li>pax as tar, gnutar is toast
-<li>using AT&T awk, gawk is toast
-<li>Even more security fixes.
-<li>Accepts FreeBSD MD5 passwords in password maps, soon will be able to
-        generate them too
-<li>Linux ext2fs and BSD4.4 LFS support being worked on.
-<li>Working ATAPI audio support for multiple architectures.
-<li>terminfo database support.
-<li>Fortran in the tree.
-<li>The most secure rdist support anywhere.
-<li>randomized port allocation in bind(), bindresvport(), and rresvport() --
-        security via unpredictability.
-<li>Protection from the udp spamming and ftp bounce attacks.
-<li>Significantly improved ftp daemon.
-<li>Numerous more security policy and implimentation improvements (OpenBSD
-        defaults to installing in a very secure mode)
-<li>zlib (non-GPL'd gzip-compatible library)
-<li>Newest version of pppd.
-<li>_POSIX_SAVED_IDS behaviour with permitted BSD extensions.
-<li>Fixed long-standing vm swap-leak.
-<li>FreeBSD malloc() that uses mmap() and is able to free unused memory.
-<li>Numerous FreeBSD userland fixes and improvements incorporated.
-<li>new rdisc Router Discovery daemon
-<li>generic protection against the bind() takeover problem.
-<li>at -f security fix.
-<li>20 or so more security fixes
-<li>install now supports -C, -p, and -S flags.
-<li>a real adduser program, which can even be used uninteractively.
-<li>POSIX & C2 requirement; lose setuid/setgid bits if owner/group changed
-        by chown(). This can be turned off with sysctl.
-<li>partial protection against tcp SYN attacks.
-<li>added /etc/fbtab support to login & init.
-<li>RCS version 5.7
-<li>much newer join command (4.4lite2 with other fixes)
-<li>scsi subsystem security fix
-<li>Kerberos is much more silent if not configured
-<li>arc4-based random support in kernel
-<li>ncr53cXXX scsi scripts assembler
-<li>Numerous ftpd improvements and fixes, including multihomed and skey support.
-<li>`lsof'-style features in fstat.
-<li>rudimentary support for ISA Plug-and-Play cards
-<li>Fixed timeout support in RPC library, and also fixed it to support more
-        than FD_SETSIZE file descriptors.
-<li>improved locate command
-<li>a good start at NETIPX support
-<li>vim version 4.5
-<li>gcc 2.7.2.1 (to get closer to native alpha support ar gcc
-        bugs).
-<li>latest version of perl, and a lndir command.
-<li>Even more security fixes.
-<li>cdio command for using CD audio. 
-<li>Kernel warns f /dev/ces not ebooting ated /de<li>libgis gone; our malloc() is better.
-<li>FreeBSD pipe() system call; quite a bit faster.
-<li>Some serial driver support for /dev/cuaXX devices to support transparent
-      out+dial
-<li>DDcess symrom LKM es
-<li>Say goodbye to dump, restore, and mt security holes: They are no longer
-        setuid.
-<li>*Hobbit*'s netcat utility. The crackers use it, so should you.
-<li>New routed from SGI.
-<li>Complete in-tree development for MIPS/Alpha systems (ie. binutils).
-<li>ftp command modified for easily scripted ftp & http downloads.
-<li>And of course... more security related bugfixes... (ie. dump,
-        restore, mt).
-<li>vim is replacing nvi, since nvi does not have a pure BSD license, and vim
-        also works better.
-<li>16 partitions working on sparc and i386 (yipee!)
-<li>Nice sample files in /etc
-<li>sendmail gecos hole fixed (in a number of ways; other programs in the
-	source tree were also vulnerable.)
-<li>secure multicast tools against possible security problems.
-<li>latest GNU groff, incorporated in a clean wrapperized form.
-<li>mopd for networking booting Digital machines
-<li>less version 2.90
-<li>deal with the SYN bomb problem (denial of service attack) as well known.
-<li>Sendmail 8.8.4 with smrsh
-<li>Another kerberos security fix.
-<li>Almost a hundred more security fixes, including /tmp races because of strncpy.
-<li>Compile time option to compile the source tree almost completely dynamic.
-<li>A 7% reduction in size of static binaries.
-<li>FreeBSD's adduser(8) command. Also an rmuser(8) command.
-<li>We have completed security reviews of almost all userland programs and
-        libraries except for the gnu stuff (where, based on preliminary
-        inspection there is poor handling of temp files).
-<li>Working Linux ext2fs.
-<li>Added sudo (which is maintained by one of our developers)
-<li>CTM is now a supported way of obtaining OpenBSD source code.
-<li>The NIST Posix test suite became free. As a result we have been correcting
-	numerous problems in the source tree, and expect to be completely
-	POSIX compliant very soon.
-<li>upgrade to CVS version 1.9.
-<li>Added -C option to pax/tar. Also made -z support compressed files too.
-<li>Updated md4 and md5 headers to use bittypes so they work on 64-bit machines.
-<li>Added secure hashing-- nearing RFC 1938 compliance.
-<li>Fix for PCI etherlink3  packet-receive bug.
-<li>sleep will "return time unslept" if interrupted.
-<li>yp and bootparam warns about security problems. ypserv will not allow operations if not operating on reserved port.
-<li>config now supports pmax
-<li>pdksh version is now 5.2.11
-<li>documentation added/updated for various architectures
-<li>/dev/ttyv series is now useable
-<li>Security fixes to sysctl, default to prevent users from using mount syscall
-<li>Cleaned up Amiga's Makefile's and documentation
-<li>Added more ATAPI CD-ROM sipport
-<li>Multiple updates for legacy GNU software
-<li>Many man pages cleaned up
-<li>updates to installation floppy disks for many ports.
-<li>fsck now checks for holes in directories.
-<li>updated default console drivers on Mac 68k port. Dropping to system debugger from a serial console is now an option, not the default.
-<li>ftpd security fix-- will not write passwords if core dumps. ALL suid/root process will dump to a mode 600 file
-<li>Stack traceback support added to arc port.
-<li>Fixed prevalent poor "C" syntax strcpy() strlen() in many sources
-<li>cd fix so that `cp kernel /' works with all shells
-<li>SCSI subsystem updates: updated scanner and unknown device routines
-<li>lpr/lpd/lp fixes (security, POSIX/ANSI compliance)
-<li>IDE Hard Disk driver fix reduces chance of NULL pointers
-<li>binutils is now 961112 release from CYGNUS
-<li>includes and system dependancies now work on explicit 16- and 32-bit quantities-- not the machine dependent "short" and "long" integer. 
-<br><br>
-
-This list only mentions platform-independent changes.  For a list of changes
-made in a particular platform, please check the page for that platform.<br><br>
-
-<hr>
-<a href="index.html"><img src=back.gif border=0 alt=OpenBSD></a> 
-<a href=mailto:www@openbsd.org>www@openbsd.org</a>
-<br><small>$OpenBSD: plus.html,v 1.13 1996/12/24 03:04:44 jkatz Exp $</small>
-
-</body>
-</html>
+<!DOCTYPE HTML PUBLIC  "-//IETF//DTD HTML Strict//EN">
+<html>
+<head>
+<title>OpenBSD changes</title>
+<link rev=made href=mailto:www@openbsd.org>
+<meta name="resource-type" content="document">
+<meta name="description" content="the main OpenBSD page">
+<meta name="keywords" content="openbsd,main">
+<meta name="distribution" content="global">
+<meta name="copyright" content="This document copyright 1996 by OpenBSD, Inc.">
+</head>
+
+<body>
+
+<h1>OpenBSD</h1>
+<hr>
+<h3>Changes Relative to other *BSD's.</h3>
+
+<p>
+OpenBSD looks a lot like NetBSD (from which it is derived, following
+the 4.4BSD roots), but is now being developed seperately.  Good changes
+from other free operating systems will be merged in (of course, depending
+on various factors like developer time for example.)  OpenBSD tracks
+NetBSD changes very closely; say anywhere between 2 to 10 days
+behind the state of NetBSD-current all the time.  Hence you can truly
+say that OpenBSD is NetBSD <b>PLUS MORE STUFF</b>.
+
+<p>
+Compared to NetBSD, various additions have been made. This is a
+partial list of the major machine independent changes (ie. these are the 
+changes people ask about most often). Check the page of the specific port
+you are interested in for further port-specific details. Note that many ports
+have had architecture-specific enhancements.
+
+<ul>
+<li>Many many NetBSD PR's fixed (which NetBSD has not yet fixed)
+<li>New curses library, including libform, libpanel and libmenu.
+<li>a termlib library which understands termcap.db, needed for new curses. 
+<li>The FreeBSD ports subsystem was integrated and is usable by you! 
+<li>ipfilter for filtering dangerous packets
+<li>better ELF support
+<li>nlist() that understands ELF, ECOFF, and a.out, allowing non-a.out ports
+        to use kvm utilies 
+<li>Verbatim integration of the GNU tools (using a wrapper Makefile)
+<li>All the pieces needed for cross compilation are in the source tree.
+<li>Some LKM support in the tree.
+<li>ATAPI support (should work on all ISA busses)
+<li>new scsi, md5, pkg_* commands
+<li>Numerous security related fixes
+<li>Kerberos and other crypto in the source tree that is exportable
+<li>Solid YP master, server, and client capabilities.
+<li>/dev/*random -- a device driver providing some kinds of random data
+<li>In-kernel update(8) with an adaptive algorithm
+<li>Some ddb improvements and extensions
+<li>Numerous scsi fixes
+<li>ncheck utility for ffs
+<li>/sbin/init now deals with non-existant ttys, no longer spins gettys madly.
+<li>new system calls: rfork(), minherit(), poll().
+<li>select() that can handle any amount of file descriptors.
+<li>kernfs extensions
+<li>ATM support (support for one company's sparc & i386 cards available)
+<li>Boot kernels with "-c" to edit/enable/disable device configuration tables
+<li>pax as tar, gnutar is toast
+<li>using AT&T awk, gawk is toast
+<li>Even more security fixes.
+<li>Accepts FreeBSD MD5 passwords in password maps, soon will be able to
+        generate them too
+<li>Linux ext2fs and BSD4.4 LFS support being worked on.
+<li>Working ATAPI audio support for multiple architectures.
+<li>terminfo database support.
+<li>Fortran in the tree.
+<li>The most secure rdist support anywhere.
+<li>randomized port allocation in bind(), bindresvport(), and rresvport() --
+        security via unpredictability.
+<li>Protection from the udp spamming and ftp bounce attacks.
+<li>Significantly improved ftp daemon.
+<li>Numerous more security policy and implimentation improvements (OpenBSD
+        defaults to installing in a very secure mode)
+<li>zlib (non-GPL'd gzip-compatible library)
+<li>Newest version of pppd.
+<li>_POSIX_SAVED_IDS behaviour with permitted BSD extensions.
+<li>Fixed long-standing vm swap-leak.
+<li>FreeBSD malloc() that uses mmap() and is able to free unused memory.
+<li>Numerous FreeBSD userland fixes and improvements incorporated.
+<li>new rdisc Router Discovery daemon
+<li>generic protection against the bind() takeover problem.
+<li>at -f security fix.
+<li>20 or so more security fixes
+<li>install now supports -C, -p, and -S flags.
+<li>a real adduser program, which can even be used uninteractively.
+<li>POSIX & C2 requirement; lose setuid/setgid bits if owner/group changed
+        by chown(). This can be turned off with sysctl.
+<li>partial protection against tcp SYN attacks.
+<li>added /etc/fbtab support to login & init.
+<li>RCS version 5.7
+<li>much newer join command (4.4lite2 with other fixes)
+<li>scsi subsystem security fix
+<li>Kerberos is much more silent if not configured
+<li>arc4-based random support in kernel
+<li>ncr53cXXX scsi scripts assembler
+<li>Numerous ftpd improvements and fixes, including multihomed and skey support.
+<li>`lsof'-style features in fstat.
+<li>rudimentary support for ISA Plug-and-Play cards
+<li>Fixed timeout support in RPC library, and also fixed it to support more
+        than FD_SETSIZE file descriptors.
+<li>improved locate command
+<li>a good start at NETIPX support
+<li>vim version 4.5
+<li>gcc 2.7.2.1 (to get closer to native alpha support ar gcc
+        bugs).
+<li>latest version of perl, and a lndir command.
+<li>Even more security fixes.
+<li>cdio command for using CD audio. 
+<li>Kernel warns f /dev/ces not ebooting ated /de<li>libgis gone; our malloc() is better.
+<li>FreeBSD pipe() system call; quite a bit faster.
+<li>Some serial driver support for /dev/cuaXX devices to support transparent
+      out+dial
+<li>DDcess symrom LKM es
+<li>Say goodbye to dump, restore, and mt security holes: They are no longer
+        setuid.
+<li>*Hobbit*'s netcat utility. The crackers use it, so should you.
+<li>New routed from SGI.
+<li>Complete in-tree development for MIPS/Alpha systems (ie. binutils).
+<li>ftp command modified for easily scripted ftp & http downloads.
+<li>And of course... more security related bugfixes... (ie. dump,
+        restore, mt).
+<li>vim is replacing nvi, since nvi does not have a pure BSD license, and vim
+        also works better.
+<li>16 partitions working on sparc and i386 (yipee!)
+<li>Nice sample files in /etc
+<li>sendmail gecos hole fixed (in a number of ways; other programs in the
+	source tree were also vulnerable.)
+<li>secure multicast tools against possible security problems.
+<li>latest GNU groff, incorporated in a clean wrapperized form.
+<li>mopd for networking booting Digital machines
+<li>less version 2.90
+<li>deal with the SYN bomb problem (denial of service attack) as well known.
+<li>Another kerberos security fix.
+<li>Almost a hundred more security fixes, including /tmp races because of strncpy.
+<li>Compile time option to compile the source tree almost completely dynamic.
+<li>A 7% reduction in size of static binaries.
+<li>FreeBSD's adduser(8) command. Also an rmuser(8) command.
+<li>We have completed security reviews of almost all userland programs and
+        libraries except for the gnu stuff (where, based on preliminary
+        inspection there is poor handling of temp files).
+<li>Working Linux ext2fs.
+<li>Added sudo (which is maintained by one of our developers)
+<li>CTM is now a supported way of obtaining OpenBSD source code.
+<li>The NIST Posix test suite became free. As a result we have been correcting
+	numerous problems in the source tree, and expect to be completely
+	POSIX compliant very soon.
+<li>upgrade to CVS version 1.9.
+<li>A number of security fixes to the way coredumping works.
+<li>The /dev/*random devices are now default on all architectures.
+<li>Add stack tracebacks to Arc port's kernel debugger.
+<li>Skey revamped into full OTP (RFC1938) support, including sha1 and
+	md5 support.
+<li>GPL i387 emulator added.
+<li>Crank kvm space on the i386 port, also limit buffer cache useage
+	so that 512MB machines may work (untested :-)
+<li>Numerous fixes to the lpr suite, including security.
+<li>More ftpd raging paranoia security fixes.
+<li>The NIST suite showed numerous errors in libraries and the kernel.
+	Only a few small errors remain now, mostly regarding serial
+	ports.
+<li>In numerous utilities: prefer $LOGNAME, but also accept $USER.
+<li>OLF binary type added.  This is like ELF, but includes an OS-dependent
+	tag. elf2olf(1) converts an elf binary to a tagged OLF binary which
+	the kernel can recognize correctly.
+<li>Beware $HOME overflows throughout the source tree.
+<li>Integration of the pmax port.
+<li>Import of ctm.
+<li>Various repairs to the scsi scanner support.
+<li>Numerous more difficult-to-exploit-but-possible-if-someone-really-wanted-to
+	buffer overflows found in system utilities..
+<li>Memory leak paranoia in cron.
+<li>Make login get more consistantly upset about failed logins, and tell user
+	about these failures at the next successfull login.
+<li>pdksh version is now 5.2.11
+<li>New bsd.*.mk feature: DEBUG=-g.  Try it, you'll like it.
+<li>The Arc port family has a new member: The rPC44 works! 
+<li>lpt driver is now bus-independent.
+<li>com driver is now bus-independent.
+<li>Numerous small security fixes again...
+<li>Use pdksh as our /bin/sh.  This provides excellent POSIX compliance.
+<li>Prevent generic users from mounting filesystems by default.
+<li>Added -C option to pax/tar. Also made -z support compressed files too.
+<li>Increased compatibility in the pccons driver with BSDi features.
+<li>Imported FreeBSD's calendar.
+<li>GNU gdb works on the mips-based platforms.
+<li>Add FreeBSD md5 diffs to mtree(8).  This can be used to implement a
+	tripwire-like system.
+<li>Some YP and bootparamd security changes.
+<li>Hundreds of little fixes all over the place.
+<li>Multiple updates for GNU software
+<li>Add disklabels to the floppy device drivers.
+<li>At boottime, have (*mountroot)() look at the root device's disklabel
+	to determine which filesystem type is to be mounted.
+<li>If disklabel reading code discovers an ISOFS filesystem underlying,
+	spoof a nice disklabel (enough to fool mountroot).
+<li>tcpdump 3.3
+<li>Fix information gathering attack in ping(8).
+<li>Add NetBSD's "route show" implementation, and at the samet time fix
+	the new buffer overflows that this provided.
+<li>Fix a few setgroups() related security holes.
+<li>sendmail 8.8.4
+<li>texinfo 3.9
+<li>f77 0.5.19
+<li>Repair some more KerberosIV buffer overflows.  Hard to believe this is
+	supposed to be security software.
+<li>Add XCASE/IUCLC/OLCUC/OCRNL/ONOCR/ONLRET tty subsystem flags for
+	backwards compatibility.
+<li>Permit NFS attribute cache to be configured on a per-mount basis.
+
+<li>Properly split fsck, mount, and newfs into multiple pieces.  Use
+	disklabel information if it is available.
+<li>Add disklabels to the vnd device driver.
+<li>Change the games to be run setgid games, not setuid games.  This closes
+	a whole slew of fascinating security holes.
+<li>Import of the powerpc port.
+<li>Properly use _POSIX_SAVED_IDS throughout the source tree.
+<li>Permit building of kernels without a.out support.
+<li>ppp 2.3b3
+<li>libcrypt goes away. We do not need this stub library anymore. Do not link
+	against it on OpenBSD, all the pieces you need are in libc.
+</ul>
+<br>
+
+This list only mentions platform-independent changes.  For a list of changes
+made in a particular platform, please check the page for that platform.<br><br>
+
+<hr>
+<a href="index.html"><img src=back.gif border=0 alt=OpenBSD></a> 
+<a href=mailto:www@openbsd.org>www@openbsd.org</a>
+<br><small>$OpenBSD: plus.html,v 1.14 1996/12/24 08:37:33 deraadt Exp $</small>
+
+</body>
+</html>