OpenBSD 3.3: ProPolice and W^X
Posted by creining | Filed under Security
OpenBSD 3.3 will be officially released on May 1st. I’ve only been using OpenBSD since 3.0 but have been truly impressed with the path that it has taken in that short time. In 3.3 Theo and company have attacked executable buffer overflow problems in a fundamental and logical way by implementing ProPolice and marking memory pages non-writeable and non-executable where possible using W^X. Also little things like reduced setuid/setgid programs, chrooting of Apache, X Windows privilege seperation, systrace which is a system call access manager, and the excellent packetfilter, pf, keep me coming back.
Comments are closed.