EHLO misc@, We have just published two OpenSMTPD snapshots + one "extras" snapshots.
A quick note regarding these snapshots: The OpenSMTPD snapshot contains a rework of the daemon bootstrap process following an idea from deraadt@ which was discussed during the hackathon in Nantes recently. Basically, at startup, instead of just forking the child processes, this new bootstrap will have them reexecute the smtpd executable so that each child process benefits from a distinct address space randomization. This means that if a process gets compromised, an attacker can no longer take the address space of the compromised process as a hint to attack others, their symbols will not be located at the same address. This isn't as easy to implement as it is to describe, kudos to eric@ for achieving this so quickly and by himself. Regarding the -extras snapshot, it contains a fix to the bug that we had so much pain tracking and which caused the daemon to hang. If you run w/ filter-spamassassin / filter-clamav or any other filter which hangs when daemon is under a bit of load, you definitely want to upgrade extras. Waiting for your feedback, y'all ! -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
