| version 1.79, 1998/11/16 04:46:31 |
version 1.80, 1998/11/17 01:10:30 |
|
|
| increase security is simply a comprehensive file-by-file analysis of |
increase security is simply a comprehensive file-by-file analysis of |
| every critical software component. Flaws have been found in just |
every critical software component. Flaws have been found in just |
| about every area of the system. Entire new classes of security |
about every area of the system. Entire new classes of security |
| problems have been found during our the audit, and often source code |
problems have been found during our audit, and often source code |
| which had been audited earlier needs re-auditing with these new flaws |
which had been audited earlier needs re-auditing with these new flaws |
| in mind. Code often gets audited multiple times, and by multiple |
in mind. Code often gets audited multiple times, and by multiple |
| people with different auditing skills.<p> |
people with different auditing skills.<p> |
|
|
| <a href=http://www.geek-girl.com/bugtraq/index.html>BUGTRAQ</a>.<p> |
<a href=http://www.geek-girl.com/bugtraq/index.html>BUGTRAQ</a>.<p> |
| |
|
| The most intense part of our security auditing happened immediately |
The most intense part of our security auditing happened immediately |
| before the OpenBSD 2.0 release and during the 2.0->2.1 transition, |
before the OpenBSD 2.0 release and during the 2.0->2.1 transition, |
| over the last third of 1996 and first half of 1997. Thousands (yes, |
over the last third of 1996 and first half of 1997. Thousands (yes, |
| thousands) of security issues were fixed rapidly over this year-long |
thousands) of security issues were fixed rapidly over this year-long |
| period; bugs like the standard buffer overflows, protocol |
period; bugs like the standard buffer overflows, protocol |
|
|
| <h3><font color=#e00000><strong>Watching our Security Changes</strong></font></h3> |
<h3><font color=#e00000><strong>Watching our Security Changes</strong></font></h3> |
| Since we take a proactive stance with security, we are continually |
Since we take a proactive stance with security, we are continually |
| finding and fixing new security problems. Not all of these problems |
finding and fixing new security problems. Not all of these problems |
| get widely reported because (as stated earlier); many of them are not |
get widely reported because (as stated earlier) many of them are not |
| confirmed to be exploitable; many simple bugs we fix do turn out to |
confirmed to be exploitable; many simple bugs we fix do turn out to |
| have security consequences we could not predict. We do not have the |
have security consequences we could not predict. We do not have the |
| time resources to make these changes available in the above format.<p> |
time resources to make these changes available in the above format.<p> |
|
|
| it is nearly 300MB of source code, and problems do occur as we |
it is nearly 300MB of source code, and problems do occur as we |
| transition between major releases. |
transition between major releases. |
| <li>Install a binary <a href=snapshots.html>snapshot</a> for your |
<li>Install a binary <a href=snapshots.html>snapshot</a> for your |
| architecure, which are made available fairly often. For |
architecture, which are made available fairly often. For |
| instance, an i386 snapshot is typically made available weekly. |
instance, an i386 snapshot is typically made available weekly. |
| </ul> |
</ul> |
| |
|
![[BACK]](/icons/back.gif){kind=icon}
Return to security.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www