version 1.26, 1998/02/23 22:13:18 |
version 1.27, 1998/02/23 22:17:17 |
|
|
open software development model permits us to take a more |
open software development model permits us to take a more |
uncompromising view towards increased security than Sun, SGI, IBM, HP, |
uncompromising view towards increased security than Sun, SGI, IBM, HP, |
or other vendors are able to. We can make changes the vendors would |
or other vendors are able to. We can make changes the vendors would |
not make. Also, since OpenBSD is exported with <a href=/crypto.html> |
not make. Also, since OpenBSD is exported with <a href=crypto.html> |
cryptography software</a>, we are able to take cryptographic |
cryptography software</a>, we are able to take cryptographic |
approaches towards fixing security problems.<p> |
approaches towards fixing security problems.<p> |
|
|
|
|
operating systems. |
operating systems. |
|
|
<ul> |
<ul> |
<li><a href=rfork>Rfork() system call flaw (patch included)</a> |
<li><a href=advisories/rfork>Rfork() system call flaw (patch included)</a> |
<li><a href=procfs>Procfs flaws (patch included)</a> |
<li><a href=advisories/procfs>Procfs flaws (patch included)</a> |
<li><a href=signals>Deviant Signals (patch included)</a> |
<li><a href=advisories/signals>Deviant Signals (patch included)</a> |
</ul> |
</ul> |
|
|
<p> |
<p> |
|
|
operating systems. |
operating systems. |
|
|
<ul> |
<ul> |
<li><a href=/errata.html#f00f>Intel P5 f00f lockup (patch included)</a> |
<li><a href=errata.html#f00f>Intel P5 f00f lockup (patch included)</a> |
<li><a href=/errata.html#sourceroute> |
<li><a href=errata.html#sourceroute> |
Sourcerouted Packet Acceptance (patch included)</a> |
Sourcerouted Packet Acceptance (patch included)</a> |
<li><a href=/errata.html#ruserok>Setuid coredump & Ruserok() flaw (patch included)</a> |
<li><a href=errata.html#ruserok>Setuid coredump & Ruserok() flaw (patch included)</a> |
<li><a href=/errata.html#mmap>Read-write mmap() flaw (patch included)</a> |
<li><a href=errata.html#mmap>Read-write mmap() flaw (patch included)</a> |
</ul> |
</ul> |
|
|
|
|
|
|
|
|
<ul> |
<ul> |
<li>If you understand security issues, watch our |
<li>If you understand security issues, watch our |
<a href=/mail.html>source-changes mailing list</a> and keep an |
<a href=mail.html>source-changes mailing list</a> and keep an |
eye out for things which appear security related. Since |
eye out for things which appear security related. Since |
exploitability is not proven for many of the fixes we make, |
exploitability is not proven for many of the fixes we make, |
do not expect the relevant commit message to say "SECURITY FIX!". |
do not expect the relevant commit message to say "SECURITY FIX!". |
|
|
<li>Track our current source code tree, and teach yourself how to do a |
<li>Track our current source code tree, and teach yourself how to do a |
complete system build from time to time. Make the assumption |
complete system build from time to time. Make the assumption |
that the current source tree always has stronger security. |
that the current source tree always has stronger security. |
<li>Install a binary <a href=/snapshots.html>snapshots</a>, which are |
<li>Install a binary <a href=snapshots.html>snapshots</a>, which are |
made available fairly often. |
made available fairly often. |
</ul> |
</ul> |
|
|
|
|
<a href=mailto:deraadt@openbsd.org>deraadt@openbsd.org</a>. |
<a href=mailto:deraadt@openbsd.org>deraadt@openbsd.org</a>. |
<br> |
<br> |
If you wish to PGP encode it (but please only do so if privacy is very |
If you wish to PGP encode it (but please only do so if privacy is very |
urgent, since it is inconvenient) use this <a href=pgpkey>pgp key</a>. |
urgent, since it is inconvenient) use this <a href=advisories/pgpkey>pgp key</a>. |
|
|
<hr> |
<hr> |
<a href=/index.html><img src=/back.gif border=0 alt=OpenBSD></a> |
<a href=index.html><img src=/back.gif border=0 alt=OpenBSD></a> |
<a href=mailto:www@openbsd.org>www@openbsd.org</a> |
<a href=mailto:www@openbsd.org>www@openbsd.org</a> |
<br> |
<br> |
<small>$OpenBSD$</small> |
<small>$OpenBSD$</small> |