You may say to yourself, “Gosh, I hope the recent SSH and Sendmail holes are fixed in DragonFly BSD, too!” And you’d be right.
Miguel Mendez brought up the idea of using NetBSD’s Veriexec for more secure prebinding (which will also be committed, but not used by default); David Rhodus reports he has Veriexec working and will commit it soon.
Actually Veriexec isn’t for prebinding, it just happens to work on binaries too.
Veriexec can be used in higher securelevels to prevent the execution of modified binaries. Actually, there is currently the schg flag, but this only prevents files from being modified; Veriexec has a lot more possibilities.