Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenBSD 3.4 Released

Posted by timothy on from the new-poster-too dept.

tedu writes "We just couldn't wait another 2 days, so now you can enjoy OpenBSD 3.4 a little early and protect yourself from ghosts and goblins. More details at the OpenBSD website and official announcement. Remember to please use a mirror."

2 of 275 comments (clear)

  1. Thoughts on security by arvindn · · Score: 5, Interesting
    From the release notes:
    Thousands of occurrences of unsafe library calls such as strcpy(), strcat() and sprintf() have been changed to the safer alternatives strlcpy(), strlcat(), and snprintf() or asprintf() in one of the most intensive audits yet performed by the OpenBSD project. The kernel is now completely free of these functions, as is most of the userland source tree.
    That's certainly a good thing, but it raises the question of why they were there in the first place. I mean, everyone's known for ages that these are unsecure, and the manpage lists it a bug etc. Of course its a pain to keep track of the length of each string (making them fixed size is not always feasible), but I would have expected that in kernel level code convenience would take the back seat.

    Note: this is purely an academic question, it is not my intention to critisize anyone, but just to learn why these things happen, not being a very experienced programmer myself.

  2. TCP/IP by ndavidg · · Score: 4, Interesting

    From a University of Texas CS instructor's web site:

    The Transmission Control Protocol was first formally specified in December of 1974 by Vint Cerf, Yogen Dalal and Carl Sunshine.

    The link can be found here:

    http://www.cs.utexas.edu/users/chris/think/Early_D ays_Of_TCP/index.shtml

    And supporting documentation will be found here:

    http://www.cs.utexas.edu/users/chris/think/Early_D ays_Of_TCP/Annotated_Bibliography/index.shtml