version 1.79, 1998/11/16 04:46:31 |
version 1.80, 1998/11/17 01:10:30 |
|
|
increase security is simply a comprehensive file-by-file analysis of |
increase security is simply a comprehensive file-by-file analysis of |
every critical software component. Flaws have been found in just |
every critical software component. Flaws have been found in just |
about every area of the system. Entire new classes of security |
about every area of the system. Entire new classes of security |
problems have been found during our the audit, and often source code |
problems have been found during our audit, and often source code |
which had been audited earlier needs re-auditing with these new flaws |
which had been audited earlier needs re-auditing with these new flaws |
in mind. Code often gets audited multiple times, and by multiple |
in mind. Code often gets audited multiple times, and by multiple |
people with different auditing skills.<p> |
people with different auditing skills.<p> |
|
|
<a href=http://www.geek-girl.com/bugtraq/index.html>BUGTRAQ</a>.<p> |
<a href=http://www.geek-girl.com/bugtraq/index.html>BUGTRAQ</a>.<p> |
|
|
The most intense part of our security auditing happened immediately |
The most intense part of our security auditing happened immediately |
before the OpenBSD 2.0 release and during the 2.0->2.1 transition, |
before the OpenBSD 2.0 release and during the 2.0->2.1 transition, |
over the last third of 1996 and first half of 1997. Thousands (yes, |
over the last third of 1996 and first half of 1997. Thousands (yes, |
thousands) of security issues were fixed rapidly over this year-long |
thousands) of security issues were fixed rapidly over this year-long |
period; bugs like the standard buffer overflows, protocol |
period; bugs like the standard buffer overflows, protocol |
|
|
<h3><font color=#e00000><strong>Watching our Security Changes</strong></font></h3> |
<h3><font color=#e00000><strong>Watching our Security Changes</strong></font></h3> |
Since we take a proactive stance with security, we are continually |
Since we take a proactive stance with security, we are continually |
finding and fixing new security problems. Not all of these problems |
finding and fixing new security problems. Not all of these problems |
get widely reported because (as stated earlier); many of them are not |
get widely reported because (as stated earlier) many of them are not |
confirmed to be exploitable; many simple bugs we fix do turn out to |
confirmed to be exploitable; many simple bugs we fix do turn out to |
have security consequences we could not predict. We do not have the |
have security consequences we could not predict. We do not have the |
time resources to make these changes available in the above format.<p> |
time resources to make these changes available in the above format.<p> |
|
|
it is nearly 300MB of source code, and problems do occur as we |
it is nearly 300MB of source code, and problems do occur as we |
transition between major releases. |
transition between major releases. |
<li>Install a binary <a href=snapshots.html>snapshot</a> for your |
<li>Install a binary <a href=snapshots.html>snapshot</a> for your |
architecure, which are made available fairly often. For |
architecture, which are made available fairly often. For |
instance, an i386 snapshot is typically made available weekly. |
instance, an i386 snapshot is typically made available weekly. |
</ul> |
</ul> |
|
|