security fixes, additions

You may say to yourself, “Gosh, I hope the recent SSH and Sendmail holes are fixed in DragonFly BSD, too!” And you’d be right.

Miguel Mendez brought up the idea of using NetBSD’s Veriexec for more secure prebinding (which will also be committed, but not used by default); David Rhodus reports he has Veriexec working and will commit it soon.

One Reply to “security fixes, additions”

  1. Actually Veriexec isn’t for prebinding, it just happens to work on binaries too.
    Veriexec can be used in higher securelevels to prevent the execution of modified binaries. Actually, there is currently the schg flag, but this only prevents files from being modified; Veriexec has a lot more possibilities.

Comments are closed.

To respond on your own website, enter the URL of your response which should contain a link to this post's permalink URL. Your response will then appear (possibly after moderation) on this page. Want to update or remove your response? Update or delete your post and re-enter your post's URL again. (Find out more about Webmentions.)

Mentions

  • Simon 'corecode' Schubert