Todd C. Miller | 1 May 03:56 2003

OpenBSD 3.3 released

------------------------------------------------------------------------
- OpenBSD 3.3 RELEASED -------------------------------------------------

May 1, 2003.

We are pleased to announce the official release of OpenBSD 3.3.
This is our 13th release on CD-ROM (and 14th via FTP).  We remain
proud of OpenBSD's record of seven years with only a single remote
hole in the default install.  As in our previous releases, 3.3
provides significant improvements, including new features, in nearly
all areas of the system:

- Ever-improving security            (http://www.OpenBSD.org/security.html)

  o Integration of the ProPolice stack protection technology, by
    Hiroaki Etoh, into the system compiler.  This protection is
    enabled by default.  With this change, function prologues are
    modified to rearrange the stack: a random canary is placed
    before the return address, and buffer variables are moved closer
    to the canary so that regular variables are below, and harder
    to smash.  The function epilogue then checks if the canary is
    still intact.  If it is not, the process is terminated.  This
    change makes it very hard for an attacker to modify the return
    address used when returning from a function.

  o W^X (pronounced: "W xor X") on architectures capable of pure
    execute-bit support in the MMU (sparc, sparc64, alpha, hppa).
    This is a fine-grained memory permissions layout, ensuring
    that memory which can be written to by application programs can
    not be executable at the same time and vice versa. This raises
(Continue reading)


Gmane