login
Search
Ted Unangst announced the release of OpenBSD 3.4 a couple of days early referring to Halloween by saying, "We just couldn't wait another 2 days, so now you can enjoy OpenBSD 3.4 a little early and protect yourself from ghosts and goblins." OpenBSD 3.4 is the 14'th release of OpenBSD on CD-Rom, and the 15'th release by FTP. Ted adds, " We remain proud of OpenBSD's record of seven years with only a single remote hole in the default install. As in our previous releases, 3.4 provides significant improvements, including new features, in nearly all areas of the system".
Highlights of the 3.4 release include W^X improvments, randomized order in loading of libraries, loading of libraries into somewhat random memory locations, privilege seperation implemented in syslog, reimplementation of thousands of occurances of unsafe library calls, the kernel is compiled with ProPolice, improved hardware support, massive overhaul and sync with NetBSD of USB code, and an improved ports tree. Users of PF, OpenBSD's stateful packet filter, will be able to utilize the introduction of packet tagging, stateful TCP normalization (effectively preventing uptime calculation and NAT detection), passive OS detection, a SYN proxy to protect from SYN flood attacks and adaptive state timeouts to better handle attacks.
From: Ted Unangst [email blocked] To: jeremy Subject: OpenBSD 3.4 Released Date: Thu, 30 Oct 2003 18:41:46 -0500 (EST) We just couldn't wait another 2 days, so now you can enjoy OpenBSD 3.4 a little early and protect yourself from ghosts and goblins. ------------------------------------------------------------------------ - OpenBSD 3.4 RELEASED ------------------------------------------------- Nov 1, 2003. We are pleased to announce the official release of OpenBSD 3.4. This is our 14th release on CD-ROM (and 15th via FTP). We remain proud of OpenBSD's record of seven years with only a single remote hole in the default install. As in our previous releases, 3.4 provides significant improvements, including new features, in nearly all areas of the system: - Ever-improving security (http://www.OpenBSD.org/security.html) o W^X (pronounced: "W xor X") improvements, especially on the i386 architecture. Native i386 binaries have their executable segments rearranged to support isolating code from data, and the cpu CS limit is used to impose a best effort limit on code execution. o ld.so on ELF platforms now loads libraries in a randomized order. Furthermore, on the i386 architecture, libraries and executable code are mapped at random addresses. Together with W^X and ProPolice, these changes increase the difficulty of successfully exploiting an application error. o A static bounds checker has been added to the system compiler, designed to detect improper use of string and buffer manipulation functions. Through use of this checker, hundreds of bugs of in the source and ports trees were found and fixed. o Privilege separation has been implemented for the syslog daemon, making it much more robust against future errors. The child which listens to network traffic now runs as a normal user and chroots itself, while the parent process tracks the state of the child and performs privileged operations on its behalf. o Thousands of occurrences of unsafe library calls such as strcpy(), strcat() and sprintf() have been changed to the safer alternatives strlcpy(), strlcat(), and snprintf() or asprintf() in one of the most intensive audits yet performed by the OpenBSD project. The kernel is now completely free of these functions, as is most of the userland source tree. o Many improvements and bug fixes in the ProPolice stack protector. Several other code generation bugs for RISC architectures were also found and fixed. o The kernel is now also compiled with the ProPolice stack protector. o Privilege separation has been implemented in the X server. The privileged child process is responsible for the operations that cannot be done after the main process has switched to a non-privileged user. This greatly reduces the potential damage that could be caused by malicious X clients, in case of bugs in the X server. o Emulation support for binary compatibility is now controlled via sysctl. Emulation is now disabled by default to limit exposure to malicious binaries, and can be enabled in sysctl.conf(5). o The ports tree now supports building programs with systrace(1), reducing the risk of harm at compile time via trojaned configure scripts. - Improved hardware support (http://www.OpenBSD.org/plat.html) o Support for AES instruction on just released VIA C3 processors, capable of 1.6Gbit/s AES128-CBC in openssl(1) speed tests. o Kauai ATA controllers (Apple ATA100 wdc) enabling support for Powerbook 12" and 17" models. o Support for controlling LongRun registers on Transmeta CPUs. o Many fixes to aac(4), ahc(4), osiop(4), siop(4) SCSI drivers. o New it(4), lm(4) and viaenv(4) hardware monitor drivers. o New safe(4) driver for SafeNet crypto accelerators. o New mtd(4) driver for Myson Technologies network cards. o More ethernet cards supported by sk(4), wi(4), fxp(4), and dc(4). o Massive overhaul and sync with NetBSD of the entire usb(4) system. o New and better support for various controllers in pciide(4), including experimental support for Serial ATA controllers. o New drivers to support mgx(4) and pninek(4) SPARC framebuffers. The vigra(4) driver also supports more models. o pcmcia(4) support for Tadpole SPARCBooks and SPARCs with pcmcia-sbus bridges. - Major improvements in the pf packet filter, including: o Packet tagging (e.g. filter on tags added by bridge based on MAC address) o Stateful TCP normalization (prevent uptime calculation and NAT detection) o Passive OS detection (filter or redirect connections based on source OS) o SYN proxy (protect servers against SYN flood attacks) o Adaptive state timeouts (prevent state table overflows under attack) - New features and significant bug-fixes included with 3.4 o Symbol caching in ld.so reducing the start up time of large applications. o More licenses fixes, including the removal of the advertising clause for large parts of the source tree. o Replacement of GNU diff/diff3, grep/egrep/fgrep/zgrep/zegrep/zfgrep, and gzip/zcat/gunzip/gzcat/zcmp/zmore/zdiff/zforce/gzexe/znew with BSD licensed equivalents. o Addition of read-only support for NTFS file systems. o Reliability improvements to layered file systems, enabling NULLFS to work again. o Import of growfs(8) utility, allowing expansion of existing file systems. o Improvements to the Linux emulator enabling more applications to run with greater stability. o Significant improvements to the pthread library. o Replace many static fd_set uses, to instead use poll(2) or dynamic allocation. o ANSIfication and stricter prototypes for a large portion of the source tree. o Legacy KerberosIV support has been removed, and the remaining KerberosV codebase has been restructured for easier management. o USER_LDT option now controllable via sysctl. o Many, many man page improvements. - The "ports" tree is greatly improved (http://www.OpenBSD.org/ports.html) o The 3.4 CD-ROMs ship with many pre-built packages for the common architectures. The FTP site contains hundreds more packages (for the important architectures) which we could not fit onto the CD-ROMs (or which had prohibitive licenses). - The system includes the following major components from outside suppliers: o XFree86 4.3.0 (+ patches). o gcc 2.95.3 (+ patches and ProPolice). o Perl 5.8.0 (+ patches). o Apache 1.3.28 and mod_ssl 2.8.15, DSO support (+ patches). o OpenSSL 0.9.7b (+ patches). o Groff 1.15. o Sendmail 8.12.9. o Bind 9.2.2 (+ patches). o Lynx 2.8.4rel.1 with HTTPS and IPv6 support (+ patches) o Sudo 1.6.7p5. o Ncurses 5.2. o KAME-stable IPv6. o Heimdal 0.6rc1 (+ patches) o Arla-current o OpenSSH 3.7.1 If you'd like to see a list of what has changed between OpenBSD 3.3 and 3.4, look at http://www.OpenBSD.org/plus34.html Even though the list is a summary of the most important changes made to OpenBSD, it still is a very very long list. ------------------------------------------------------------------------ - SECURITY AND ERRATA -------------------------------------------------- We provide patches for known security threats and other important issues discovered after each CD release. As usual, between the creation of the OpenBSD 3.4 FTP/CD-ROM binaries and the actual 3.4 release date, our team found and fixed some new reliability problems (note: most are minor, and in subsystems that are not enabled by default). Our continued research into security means we will find new security problems -- and we always provide patches as soon as possible. Therefore, we advise regular visits to http://www.OpenBSD.org/security.html and http://www.OpenBSD.org/errata.html Security patch announcements are sent to the [email blocked] mailing list. For information on OpenBSD mailing lists, please see: http://www.OpenBSD.org/mail.html ------------------------------------------------------------------------ - CD-ROM SALES ---------------------------------------------------------- OpenBSD 3.4 is also available on CD-ROM. The 3-CD set costs $40USD (EUR 45) and is available via mail order and from a number of contacts around the world. The set includes a colorful booklet which carefully explains the installation of OpenBSD. A new set of cute little stickers are also included (sorry, but our FTP mirror sites do not support STP, the Sticker Transfer Protocol). As an added bonus, the second CD contains an exclusive audio track, "The Legend of Puffy Hood." Lyrics for the song may be found at: http://www.OpenBSD.org/lyrics.html#34 Profits from CD sales are the primary income source for the OpenBSD project -- in essence selling these CD-ROM units ensures that OpenBSD will continue to make another release six months from now. The OpenBSD 3.4 CD-ROMs are bootable on the following four platforms: o i386 o macppc o sparc o sparc64 (UltraSPARC) (Other platforms must boot from floppy, network, or other method). For more information on ordering CD-ROMs, see: http://www.OpenBSD.org/orders.html The above web page lists a number of places where OpenBSD CD-ROMs can be purchased from. For our default mail order, go directly to: https://https.OpenBSD.org/cgi-bin/order or, for European orders: https://https.OpenBSD.org/cgi-bin/order.eu All of our developers strongly urge you to buy a CD-ROM and support our future efforts. Additionally, donations to the project are highly appreciated, as described in more detail at: http://www.OpenBSD.org/goals.html#funding ------------------------------------------------------------------------ - T-SHIRT SALES -------------------------------------------------------- The project continues to expand its funding base by selling t-shirts and polo shirts. And our users like them too. We have a variety of shirts available, with the new and old designs, from our web ordering system at: https://https.OpenBSD.org/cgi-bin/order and for Europe: https://https.OpenBSD.org/cgi-bin/order.eu The OpenBSD 3.4 and OpenSSH t-shirts are available now! ------------------------------------------------------------------------ - FTP INSTALLS --------------------------------------------------------- If you choose not to buy an OpenBSD CD-ROM, OpenBSD can be easily installed via FTP. Typically you need a single small piece of boot media (e.g., a boot floppy) and then the rest of the files can be installed from a number of locations, including directly off the Internet. Follow this simple set of instructions to ensure that you find all of the documentation you will need while performing an install via FTP. With the CD-ROMs, the necessary documentation is easier to find. 1) Read either of the following two files for a list of ftp mirrors which provide OpenBSD, then choose one near you: http://www.OpenBSD.org/ftp.html ftp://ftp.OpenBSD.org/pub/OpenBSD/3.4/ftplist As of Nov 1, 2003, the following ftp sites have the 3.4 release: ftp://ftp.ca.openbsd.org/pub/OpenBSD/3.4/ Alberta, Canada (above is master site, please USE A MIRROR below) ftp://ftp.usa.openbsd.org/pub/OpenBSD/3.4/ Boulder, CO, USA ftp://ftp7.usa.openbsd.org/pub/os/OpenBSD/3.4/ West Lafayette, IN, USA ftp://openbsd.wiretapped.net/pub/OpenBSD/3.4/ Sydney, Australia ftp://ftp.kd85.com/pub/OpenBSD/3.4/ Lovendegem, Belgium ftp://ftp.calyx.nl/pub/OpenBSD/3.4/ Amsterdam, Netherlands ftp://ftp.se.openbsd.org/pub/OpenBSD/3.4/ Stockholm, Sweden ftp://ftp.linux.org.tr/pub/OpenBSD/3.4/ Turkey Other mirrors will take a day or two to update. 2) Connect to that ftp mirror site and go into the directory pub/OpenBSD/3.4/ which contains these files and directories. This is a list of what you will see: ANNOUNCEMENT XF4.tar.gz mac68k/ sparc/ Changelogs/ alpha/ macppc/ sparc64/ HARDWARE ftplist mvme68k/ src.tar.gz PACKAGES hp300/ packages/ sys.tar.gz PORTS hppa/ ports.tar.gz tools/ README i386/ root.mail vax/ It is quite likely that you will want at LEAST the following files which apply to all the architectures OpenBSD supports. README - generic README HARDWARE - list of hardware we support PORTS - description of our "ports" tree PACKAGES - description of pre-compiled packages root.mail - a copy of root's mail at initial login. (This is really worthwhile reading). 3) Read the README file. It is short, and a quick read will make sure you understand what else you need to fetch. 4) Next, go into the directory that applies to your architecture, for example, i386. This is a list of what you will see: CKSUM INSTALL.os2br cdrom34.fs index.txt INSTALL.ata INSTALL.pt comp34.tgz man34.tgz INSTALL.chs MD5 etc34.tgz misc34.tgz INSTALL.dbr base34.tgz floppy34.fs xbase34.tgz INSTALL.i386 bsd floppyB34.fs xfont34.tgz INSTALL.linux bsd.rd floppyC34.fs xserv34.tgz INSTALL.mbr cd34.iso game34.tgz xshare34.tgz If you are new to OpenBSD, fetch _at least_ the file INSTALL.i386 and the appropriate floppy*.fs or cd34.iso file. Consult the INSTALL.i386 file if you don't know which of the floppy images you need (or simply fetch all of them). 5) If you are an expert, follow the instructions in the file called README; otherwise, use the more complete instructions in the file called INSTALL.i386. INSTALL.i386 may tell you that you need to fetch other files. 6) Just in case, take a peek at: http://www.OpenBSD.org/errata.html This is the page where we talk about the mistakes we made while creating the 3.4 release, or the significant bugs we fixed post-release which we think our users should have fixes for. Patches and workarounds are clearly described there. Note: If you end up needing to write a raw floppy using Windows, you can use "fdimage.exe" located in the pub/OpenBSD/3.4/tools directory to do so. ------------------------------------------------------------------------ - XFree86 FOR MOST ARCHITECTURES --------------------------------------- XFree86 has been integrated more closely into the system. This release contains XFree86 4.3.0. Most of our architectures ship with XFree86, including sparc, sparc64 and macppc. During installation, you can install XFree86 quite easily. Be sure to try out xdm(1) and see how we have customized it for OpenBSD. On the i386 platform a few older X servers are included from XFree86 3.3.6. These can be used for cards that are not supported by XFree86 4.3.0 or where XFree86 4.3.0 support is buggy. Please read the /usr/X11R6/README file for post-installation information. ------------------------------------------------------------------------ - PORTS TREE ----------------------------------------------------------- The OpenBSD ports tree contains automated instructions for building third party software. The software has been verified to build and run on the various OpenBSD architectures. The 3.4 ports collection, including many of the distribution files, is included on the 3-CD set. Please see the PORTS file for more information. Note: some of the most popular ports, e.g., the Apache web server and several X applications, come standard with OpenBSD. Also, many popular ports have been pre-compiled for those who do not desire to build their own binaries (see BINARY PACKAGES, below). ------------------------------------------------------------------------ - BINARY PACKAGES WE PROVIDE ------------------------------------------- A large number of binary packages are provided. Please see the PACKAGES file (ftp://ftp.OpenBSD.org/pub/OpenBSD/3.4/PACKAGES) for more details. ------------------------------------------------------------------------ - SYSTEM SOURCE CODE --------------------------------------------------- The CD-ROMs contain source code for all the subsystems explained above, and the README (ftp://ftp.OpenBSD.org/pub/OpenBSD/3.4/README) file explains how to deal with these source files. For those who are doing an FTP install, the source code for all four subsystems can be found in the pub/OpenBSD/3.4/ directory: XF4.tar.gz ports.tar.gz src.tar.gz sys.tar.gz ------------------------------------------------------------------------ - THANKS --------------------------------------------------------------- OpenBSD 3.4 includes artwork and CD artistic layout by Ty Semaka, who also wrote the lyrics and arranged an audio track on the OpenBSD 3.4 CD set. Ports tree and package building by Christian Weisgerber and Peter Valchev. System builds by Theo de Raadt, Henning Brauer, and Michael Shalayeff. ISO-9660 filesystem layout by Theo de Raadt. We would like to thank all of the people who sent in bug reports, bug fixes, donation cheques, and hardware that we use. We would also like to thank those who pre-ordered the 3.4 CD-ROM or bought our previous CD-ROMs. Those who did not support us financially have still helped us with our goal of improving the quality of the software. Our developers are: Aaron Campbell, Alexander Yurchenko, Andreas Gunnarsson, Angelos D. Keromytis, Anil Madhavapeddy, Artur Grabowski, Ben Lindstrom, Bjorn Sandell, Bob Beck, Brad Smith, Brandon Creighton, Brian Caswell, Brian Somers, Bruno Rohee, Camiel Dobbelaar, Can Erkin Acar, Cedric Berger, Chad Loder, Chris Cappuccio, Christian Weisgerber, Constantine Sapuntzakis, Dale Rahn, Damien Couderc, Damien Miller, Dan Harnett, Daniel Hartmeier, David B Terrell, David Krause, David Lebel, David Leonard, Dug Song, Eric Jackson, Federico G. Schwindt, Grigoriy Orlov, Hakan Olsson, Hans Insulander, Heikki Korpela, Henning Brauer, Henric Jungheim, Hiroaki Etoh, Horacio Menezo Ganau, Hugh Graham, Ian Darwin, Jakob Schlyter, Jan-Uwe Finck, Jason Ish, Jason McIntyre, Jason Peel, Jason Wright, Jean-Baptiste Marchand, Jean-Francois Brousseau, Jean-Jacques Bernard-Gundol, Jim Rees, Jolan Luff, Jose Nazario, Joshua Stein, Jun-ichiro itojun Hagino, Kenjiro Cho, Kenneth R Westerback, Kevin Lo, Kevin Steves, Kjell Wooding, Louis Bertrand, Magnus Holmberg, Marc Espie, Marc Matteo, Marco S Hyman, Marcus Watts, Margarida Sequeira, Mark Grimes, Markus Friedl, Mats O Jansson, Matt Behrens, Matt Smart, Matthew Jacob, Matthieu Herrb, Michael Shalayeff, Michael T. Stolarchuk, Mike Frantzen, Mike Pechkin, Miod Vallat, Nathan Binkert, Nick Holland, Niels Provos, Niklas Hallqvist, Nikolay Sturm, Nils Nordman, Oleg Safiullin, Otto Moerbeek, Paul Janzen, Peter Galbavy, Peter Stromberg, Peter Valchev, Philipp Buehler, Reinhard J. Sammer, Rich Cannings, Ryan Thomas McBride, Shell Hin-lik Hung, Steve Murphree, Ted Unangst, Theo de Raadt, Thierry Deval, Thomas Nordin, Thorsten Lockert, Tobias Weingartner, Todd C. Miller, Todd T. Fries, Vincent Labrecque, Wilbern Cobb, Wim Vandeputte.
poor performance
As showed by http://bulk.fefe.de/scalability OpenBSD have poor performance. I wonder why I can want to use an OS that is secure, but slower than other (also very secure) OS, like FreeBSD, NetBSD and Liinux ?
http://bulk.fefe.de/scalability/
http://bulk.fefe.de/scalability/
FYI (from http://bulk.fefe.de
FYI (from http://bulk.fefe.de/scalability/ page):
[...]
[Update Oct 23 2003]: Please see this update as well. The OpenBSD project has several patches pending in -CURRENT to speed up bottlenecks identified in these benchmarks, so the next update will probably will look much better for OpenBSD.
[...]
OpenBSD 3.4 just released yesterday. In the benchmark OpenBSD 3.4 was in -CURRENT state, which mean "under development".
In the development cycle every OS can produce fals banchmark. For example Linux 2.6.0-test5 < kernels suffers IO regression, etc.
Try OBSD 3.4 today!
yay
Finaly OpenBSD is getting back up from its benchmark beating. I want to see OpenBSD really get in gear so its lean, mean and clean. Now if only they would work on their install.
Install?
I'm not sure what needs to be changed in the install. I found it one of the easiest to use. No graphical stuff (since I don't put graphics hardware in my boxen), the ability to drop to a shell and a straight forward install.
I think the only thing that could use some improvement is the disk labeling and partitioning stuff.
But it seems otherwise fine.
strange ...
The following quote is from the same web site. It seems that some openBSD folk have a really strange attitude concerning security/performance. Can someone from the OpenBSD developership give an example of how security makes you choose an O(n) algorithm over O(1)? I am a huge OpenBSD fan, but I don't understand why we can't have an OS as good as Linux or FreeBSD AND having great security ...
I was asked by a few OpenBSD people why I'm even comparing them here, since "everyone knows" they don't scale well and their goal is security and not scalability.
It is a strange attitude, but is that really their attitude?
It is a strange attitude. If I wanted to improve the crash safety of my car, I'd take the wheels off and fill the car itself with cement. Since I won't be driving it (or even moving it, for that matter), I won't crash into anything.
I'd rather have ABS and good tires.
I *can* understand why O(1) algos haven't been pulled in everywhere they might be, given that they're focusing on getting the security first and programmer time is a limited resource. But to say they shouldn't focus on performance at all is absurd.
One thing I'm curious about is how much the library randomization and other randomization aspects contribute to the odd performance graphs OpenBSD gave in the scalability test. It was rather clear that at least in certain areas, OpenBSD was a truly unpredictable animal performance-wise, and I wonder if any of that is related to these security changes. Here you really DO have a performance/security tradeoff, if that's the case.
No, most of the security feat
No, most of the security features which do give measurable overhead (propolice, w^x, randomization in everything, et cetera), actually give an insignificant overhead on the overall system. The problem is mainly that this stresstester synced his cvs with -current at a time when serious changes were being introduced and tested (-current changes every freakin' hour - you simply don't use that tree for stresstesting). Apart from all that, the code this stresstester used was linux-centric and he made several wrong assumptions on how the openbsd kernel works (and got inherent weird results). On top of that: this stresstester couldn't tweak openbsd because of lack of knowledge - while he did tweak the others... Anyone who even fails operating the openbsd-installer shouldn't 'stresstest' it.
Good thing is that this test did bring up a real bug - and that people are working on it.
actually no,..
He didn't tweak the others. And I wouldn't trust anyone who says they can tweak linux 2.6-test at the moment, considering that the developers themselves are working out performance regression issues in the scheduler version he tested. 2.6 has three IO schedulers.
Performance?
FWIW, I have an Athlon 1GHz machine running OpenBSD. Aside from being a NAT, it handles dial-in (for when I'm on the road), SMTP, DNS, SVN, CVS, NTP, and usually supports several users doing development.
I haven't had a single performance issue with what these days is considered "moderate" hardware.
I use Linux (with XFS) for my public webservers, were performance matters. For a typical multi-user development box and file server it seems to perform fine.
not so important
You forget that the numbers here are for highly specific, micro-second tasks. In reality, with these high numbers of connections (or whatever relevant to the test), the bottleneck will be the amount of memory, the speed (and layout) of the disks, and speed of network. Non of these things really has anything to do with the OS (unless you get into driver performance and stuff, but that's far-fetched).
In reality, most of these tests will make little difference on any low to average-loaded box (I guess that counts for most servers) in a real-life situation.
(I dare you to guess the OS, remotely on any network, by looking at it's performance in normal use...)
Truth is, it doesn't really matter much which OS you run, as long as it stays up (but don't tell that to the zealots). Performance is not an issue until you get really high loads (and then you'd be better off also installing load-balancing and/or backup spares), so just choose something *you* like to work with.
Or do like I do, run them all (with the function of the server based on what they do best). ;)
I think security is a bit of a bullshit argument if that's the only factor to choose an OS for, since most security-issues come down to the daemons chosen, and those are the same on every OS. No OS is completely safe against buffer-overflows, DDoS attacks, or other security problems. That said, every OS has a specialisation, and even though NetBSD was slower on some things, it never crashed; even though OpenBSD was slower, too, it really gives you an edge when it comes to security. Choose what matters most to you, in the specific application you will use the server for.
It also shows all tested OS'es have plenty of nice things coming in their CVS (Net-, Open-) and development branches (Free- 5.x, Linux 2.6.x)... =)
then you have never used it
If you think that benchmark makes you an expert to speak out on the horrid speed and performance of the os, well then go nuts. You have obviously never used obsd in a production enviroment.
I have 9 machines to bring up to 3.4. Most have been running obsd since 3.0, and I never have problems. Its a kick ass system.
Strange...
So young and 4 fixes:
That's strange...
it's not strange, it was just
it's not strange, it was just bad luck. the CDs were already shipping when the problems were found.
not really.....
The tree is always frozen a month before the cd's are released, patches creep in in that time, but cannot be merged while the cd's are being built.
From my understanding, the tree is frozen a month in advance because they need time to compile the slow as sin sparc and vax stuff that is still supported, and included on the cd, and Theo doesn't trust cross compilers.
OpenBSD 3.4 does not contain
OpenBSD 3.4 does not contain randomization of the main executable. Please correct this inaccuracy in your story.
re: OpenBSD 3.4 does not contain
Am I misunderstanding the following?
o ld.so on ELF platforms now loads libraries in a randomized order. Furthermore, on the i386 architecture, libraries and executable code are mapped at random addresses. Together with W^X and ProPolice, these changes increase the difficulty of successfully exploiting an application error.It specifically says "" I'm not suggesting that the executable itself is randomized, but that it is loaded into a random memory location each time it is loaded...
The executable isn't loaded i
The executable isn't loaded into a random memory location each time it's loaded. Ask Tedu for clarification on it. The code to do so simply hasn't been developed yet.
Also note that their announce
Also note that their announcement on the website doesn't contain the false statement.
thanks for the heads up
Okay, I've updated the story. Thanks for the correction.
From the OpenBSD 3.4 "What's New" section:
mozilla
when is someone gonna point out the best part of this release: mozilla?
Mozilla, firebird, galeon, and all that cool gecko based stuff works without hassle in 3.4, its great! I know it was doable before from -current, but now its out of the box, easy to install.
Although galeon isn't a package, and compiling it in ports takes an f'ing eternity.