| version 1.26, 1998/02/23 22:13:18 |
version 1.27, 1998/02/23 22:17:17 |
|
|
| open software development model permits us to take a more |
open software development model permits us to take a more |
| uncompromising view towards increased security than Sun, SGI, IBM, HP, |
uncompromising view towards increased security than Sun, SGI, IBM, HP, |
| or other vendors are able to. We can make changes the vendors would |
or other vendors are able to. We can make changes the vendors would |
| not make. Also, since OpenBSD is exported with <a href=/crypto.html> |
not make. Also, since OpenBSD is exported with <a href=crypto.html> |
| cryptography software</a>, we are able to take cryptographic |
cryptography software</a>, we are able to take cryptographic |
| approaches towards fixing security problems.<p> |
approaches towards fixing security problems.<p> |
| |
|
|
|
| operating systems. |
operating systems. |
| |
|
| <ul> |
<ul> |
| <li><a href=rfork>Rfork() system call flaw (patch included)</a> |
<li><a href=advisories/rfork>Rfork() system call flaw (patch included)</a> |
| <li><a href=procfs>Procfs flaws (patch included)</a> |
<li><a href=advisories/procfs>Procfs flaws (patch included)</a> |
| <li><a href=signals>Deviant Signals (patch included)</a> |
<li><a href=advisories/signals>Deviant Signals (patch included)</a> |
| </ul> |
</ul> |
| |
|
| <p> |
<p> |
|
|
| operating systems. |
operating systems. |
| |
|
| <ul> |
<ul> |
| <li><a href=/errata.html#f00f>Intel P5 f00f lockup (patch included)</a> |
<li><a href=errata.html#f00f>Intel P5 f00f lockup (patch included)</a> |
| <li><a href=/errata.html#sourceroute> |
<li><a href=errata.html#sourceroute> |
| Sourcerouted Packet Acceptance (patch included)</a> |
Sourcerouted Packet Acceptance (patch included)</a> |
| <li><a href=/errata.html#ruserok>Setuid coredump & Ruserok() flaw (patch included)</a> |
<li><a href=errata.html#ruserok>Setuid coredump & Ruserok() flaw (patch included)</a> |
| <li><a href=/errata.html#mmap>Read-write mmap() flaw (patch included)</a> |
<li><a href=errata.html#mmap>Read-write mmap() flaw (patch included)</a> |
| </ul> |
</ul> |
| |
|
| |
|
|
|
| |
|
| <ul> |
<ul> |
| <li>If you understand security issues, watch our |
<li>If you understand security issues, watch our |
| <a href=/mail.html>source-changes mailing list</a> and keep an |
<a href=mail.html>source-changes mailing list</a> and keep an |
| eye out for things which appear security related. Since |
eye out for things which appear security related. Since |
| exploitability is not proven for many of the fixes we make, |
exploitability is not proven for many of the fixes we make, |
| do not expect the relevant commit message to say "SECURITY FIX!". |
do not expect the relevant commit message to say "SECURITY FIX!". |
|
|
| <li>Track our current source code tree, and teach yourself how to do a |
<li>Track our current source code tree, and teach yourself how to do a |
| complete system build from time to time. Make the assumption |
complete system build from time to time. Make the assumption |
| that the current source tree always has stronger security. |
that the current source tree always has stronger security. |
| <li>Install a binary <a href=/snapshots.html>snapshots</a>, which are |
<li>Install a binary <a href=snapshots.html>snapshots</a>, which are |
| made available fairly often. |
made available fairly often. |
| </ul> |
</ul> |
| |
|
|
|
| <a href=mailto:deraadt@openbsd.org>deraadt@openbsd.org</a>. |
<a href=mailto:deraadt@openbsd.org>deraadt@openbsd.org</a>. |
| <br> |
<br> |
| If you wish to PGP encode it (but please only do so if privacy is very |
If you wish to PGP encode it (but please only do so if privacy is very |
| urgent, since it is inconvenient) use this <a href=pgpkey>pgp key</a>. |
urgent, since it is inconvenient) use this <a href=advisories/pgpkey>pgp key</a>. |
| |
|
| <hr> |
<hr> |
| <a href=/index.html><img src=/back.gif border=0 alt=OpenBSD></a> |
<a href=index.html><img src=/back.gif border=0 alt=OpenBSD></a> |
| <a href=mailto:www@openbsd.org>www@openbsd.org</a> |
<a href=mailto:www@openbsd.org>www@openbsd.org</a> |
| <br> |
<br> |
| <small>$OpenBSD$</small> |
<small>$OpenBSD$</small> |
![[BACK]](/icons/back.gif){kind=icon}
Return to security.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www