Prodotto: OpenBSD

	OpenBSD 3.3 è disponibile in questo cofanetto multipiattaforma composto da 3 CD-ROM.
Sommario: Prezzo: Euro 14,64 Produttore: OpenBSD Codice: 00207 Peso: 200 g

Prodotto: OpenBSD, ulteriori informazioni

Ecco alcuni miglioramenti rispetto alle versioni precedenti:

• Integration of the ProPolice stack protection technology, by Hiroaki Etoh, into the system compiler. This protection is enabled by default. With this change, function prologues are modified to rearrange the stack: a random canary is placed before the return address, and buffer variables are moved closer to the canary so that regular variables are below, and harder to smash. The function epilogue then checks if the canary is still intact. If it is not, the process is terminated. This change makes it very hard for an attacker to modify the return address used when returning from a function.

• W^X (pronounced: "W xor X") on architectures capable of pure execute-bit support in the MMU (sparc, sparc64, alpha, hppa). This is a fine-grained memory permissions layout, ensuring that memory which can be written to by application programs can not be executable at the same time and vice versa. This raises the bar on potential buffer overflows and other attacks: as a result, an attacker is unable to write code anywhere in memory where it can be executed. (NOTE: i386 and powerpc do not support W^X in 3.3; however, 3.3-current already supports it on i386, and both these processors are expected to support this change in 3.4).

• Still more reduction in setuid and setgid binaries, and more chroot use throughout the system. While some programs are still setuid or setgid, almost all of them grab a resource and then quickly revoke privilege.

• The X window server and xconsole now use privilege separation, for better security. Also, xterm has been modified to do privilege revocation. xdm runs as a special user and group, to further constrain what might go wrong.

• As usual, improvements to the documentation, notably the man pages and the Web FAQ. An increasingly large part of the website is available in several languages.

• More complete collection and better tested set of "ports". setuid/setgid ports have been significantly reduced as well. Many of the ones that remain setuid have been modified to revoke privileges as early as possible.

• Over 2000 pre-built and tested packages.

• Significant improvements to the pthread library.

• An incredible amount of enhancements and stability improvements to our packet filter, pf, including:
  • Queue, a bandwidth management system (uses altq underneath)
  • Anchors, allowing subrulesets which can be loaded and modified independently
  • Tables, a very efficient way for large address lists in rules
  • Address pools, redirect/NAT to multiple addresses and thus load balancing
  • Configuration language has been made much more flexible
  • TCP window scaling support
  • Full CIDR support
  • Early checksum verification return on invalid packets
  • Performance boost: large rulesets load much faster now
  • spamd, a spam deferral daemon, which SMTP connections can be redirected to. This daemon handles connections based on black lists and white lists, tar-pits the connections, and ensures that the spammer knows why their mail has not been accepted.

• Much improved sparc64 support: support for more models and several major bugs eradicated.

• The system includes the following major components from outside suppliers:
  • XFree86 4.2.1 (and i386 contains 3.3.X servers also, thus providing support for all chipsets)
  • Gcc 2.95.3 (+ patches)
  • Perl 5.8.0 (+ patches)
  • Apache 1.3.27, mod_ssl 2.8.12, DSO support (+ patches)
  • OpenSSL 0.9.7beta3 (+ patches)
  • Groff 1.15
  • Sendmail 8.12.9
  • Bind 9.2.2 (+ patches)
  • Lynx 2.8.2rel.1 with HTTPS support added (+ patches)
  • Sudo 1.6.7
  • Ncurses 5.2
  • Latest KAME IPv6
  • KTH Kerberos 1.1.1
  • Heimdal 0.4e (+ patches)
  • OpenSSH 3.6

• Many improvements for security and reliability.