the .mc file used for /etc/mail/submit.cf. By default,
/etc/mail/freebsd.submit.mc is installed and used.
Requested by: fenner
Submitted by: ume
MFC after: 1 week
Add /etc/rc.d to the startup dirs list. It is a convenient place to put
custom startup scripts instead of hacking a shared rc.local. eg: ftpd in
listener mode, or maybe even sendmail or another mailer, etc.
<peril sensitive sunglasses off>
clientmqueue (submit mail queue).
The new mailq display is only active if both the old
daily_status_mailq_enable is set to "YES" and the new
daily_status_include_submit_mailq is set to "YES" so people who disabled
440.status-mailq won't have any surprises.
Likewise, the new queue run is only active if both the old
daily_queuerun_enable is set to "YES" and the new daily_submit_queuerun
is set to "YES" so people who disabled 500.queuerun won't have any
surprises.
While I am here, remove the [ ! -d /var/spool/mqueue ] checks from
both scripts as the queue directory isn't always /var/spool/mqueue for
the main daemon -- it can be set to anything in the sendmail.cf file.
MFC after: 1 week
prevent the interfaces from being initialized by /etc/rc.network6
wrongly. So, you can explicitly initialize the interfaces by
/etc/pccard_ether.
With previous rc.network6, if you specify pccardd_flags="-z",
net.inet6.ip6.accept_rtadv was wronly set to 0, then RA was not
accepted.
again."
As an alternative to sendmail_enable=NONE, solve the boot time problem
for non-sendmail users completely by moving all of the sendmail startup
code from /etc/rc to /etc/rc.sendmail. The source for that script will
be kept in src/etc/sendmail/rc.sendmail so make.conf's NO_SENDMAIL will
prevent it from being installed. A new rc.conf variable,
mta_start_script specifies the script to run to start the user's
preferred MTA. For backward compatibility, it will default to
/etc/rc.sendmail. The specified script is called out of /etc/rc after
checking to make sure it exists. A new rc.sendmail.8 man page has also
been added which now houses the sendmail_* variable descriptions
formerly in rc.conf.5.
Use /etc/rc.sendmail in /etc/mail/Makefile to reduce code duplication.
Reviewed by: -current, -stable, obrien, peter, ru
MFC after: 1 week
was apparently smoking something when I committed the last fix, because as
ume was kindly enough to set me straight on, amd *will* start with no
arguments at all, as long as there is an /etc/amd.conf file for it to
read. What it won't do is start with *just* -p.
In any case, now it's fixed.
(65536 * 32 - 1), but MAKEDEV only supports up to (32 * 32 -1). Device
names use the unit number in base 32 for all "digits".
This required fixing an old bug in MAKEDEV:ttyminor(). Its arg was the
global $unit instead of $1.
Reminded by: Valentin K. Ponomarenko <valka@krog.ukrtel.net>
MFC-after: 1 week
logic and added a new set of targets for controlling the MSP queue runner
(start-mspq, stop-mspq, and restart-mspq).
Reminded by: Mark Santcroos <marks@ripe.net>
MFC after: 1 week
at boot time.
Instead of rc.conf's sendmail_enable only accepting YES or NO, it can now
also accept NONE. If set to NONE, none of the other sendmail related
startup items will be done.
Remove an extra queue running daemon might be started that wasn't necessary
(it didn't hurt anything but it wasn't needed).
The new logic is:
# MTA
if ${sendmail_enable} == NONE
# Do nothing
else if ${sendmail_enable} == YES
start sendmail with ${sendmail_flags}
else if ${sendmail_submit_enable} == YES
start sendmail with ${sendmail_submit_flags}
else if ${sendmail_outbound_enable} == YES
start sendmail with ${sendmail_outbound_flags}
endif
# MSP Queue Runner
if ${sendmail_enable} != NONE &&
[ -r /etc/mail/submit.cf] && ${sendmail_msp_queue_enable} == YES
start sendmail with ${sendmail_msp_queue_flags}
endif
Discussed with: Thomas Quinot <Thomas.Quinot@Cuivre.FR.EU.ORG>,
Christopher Schulte <schulte+freebsd@nospam.schulte.org>
MFC after: 1 week
Install sys/<arch>/include/pc/*.h to /usr/include/machine/pc/.
PR: docs/29534
Install sys/netatm/*/*.h to /usr/include/netatm/*/.
Don't install compatibility symlinks for <machine/soundcard.h>
and <machine/joystick.h>. Three years is enough to be aware of
the change, and these weren't visible in the SHARED=symlinks
case.
Back out include/Makefile,v 1.160 that was a null change anyway
due to the bug in the path, and we now don't want to install
these headers because they would otherwise be invisible in the
SHARED=symlinks case.
Don't install IPFILTER headers. Userland utilities fetch them
directly, and they were not visible in the SHARED=symlinks case.
Resurrect SHARED=symlinks in Makefile.inc1.
PR: bin/28002
Prodded by: bde
MFC after: 2 weeks
black lists in the default config, give a pointer to a non-static list.
I was convinced this was the right thing to do after getting a PR
asking to add ORBZ the day before ORBZ went off the air.
PR: conf/35884
MFC after: 4 days
only doing ipnat(8). Go back to using $ipfilter_active, but turn off
$ipfilter_active when loading ipl.ko has failed.
Submitted by: devet@devet.org (Arjan de Vet)
MFC after: 3 days
conf file, or command line options. I brought this up in PR 12432,
which (ironically) obrien assigned to me after I became a committer. :)
PR: conf/12432
Submitted by: Me
administrator wishes to run commands outside of the PATH, he should
use a full pathname for the executable or set the PATH as appropriate
in any local startup scripts.
PR: misc/35770
addition, take out the checks on the $dumpdev. dumpon(8) behaves well
if given a non-existent filename. It gives a nice error message which
is better rather than the current silent failure.
Reviewed by: des
$ipfilter_active. $ipfilter_enable is set to "NO" if modules fail to
load, and $ipfilter_active can be "YES" when we are not using ipf(8).
MFC after: 3 days
and teach it to look for more general classes of failures, including
SSH login failures. This is similar but not identical to a patch
submitted by aeonflux@synapse.subneural.net.
o Introduce /var/log/authentication.log, which will be the target for
auth.info and authpriv.info by default. Rotate on the same schedule
as most other logs. Create at installation.
o Remove logging of auth.info from /var/log/security.log, which will
return to being only for security feature subsystems (such as ipfw,
and so on).
This creates a special authentication log, which can now be searched
by scripts for authentication events.
argument. Don't fail silently, but let savecore(8) make noise. It
won't behave badly, it doesn't need protection.
At the same time, allow the administrator to have dumpdev enabled
while dumpdir (savecore(8)) is disabled and document how to do it.
PR: conf/35725
systems due to sshd not using the security log class. Tweak syslog.conf
so that /var/log/security also gets a useful set of
authentication-related logging.
Submitted by: aeonflux@synapse.subneural.net
MFC after: 4 weeks
Kerberized CVS (kserver) listens on the same port as normal CVS
(pserver). In /etc/inetd.conf cvs kserver is disabled by default,
but set to listen to the service port 'cvs' which doesn't exist. It
should listen to 'cvspserver'.
PR: 34317
Submitted by: Sean Chittenden <sean@chittenden.org>
seperate the short name and the long name. This was present for most
but not all entries. Because the parsing doesn't reject unrecognized
entries, this didn't cause failures, but it wasn't strictly correct.
Submitted by: Martin Faxer <gmh003532@brfmasthugget.se>
MFC after: 2 weeks
some new IANA-blessed services and close some PRs. Ports for
Jabber and PostgreSQL.
PR: conf/35219, conf/35220
Submitted by: Sean Chittenden <sean@chittenden.org>
MFC after: 1 day
and looks like no other Unix diskless configuration I've ever seen.
Thus allow a more traditional /etc.
Note, the use of an MFS /var should also be settable.
Otherwise installing ports(packages) is just a total PITA.
rc.conf(5) and the files' inline documentation.
- Add the "closed"-type, documented in both places, but which did not
exist in the code.
- When provided a ruleset, the system should not make any assumptions
about the sites's policy and should add no rules of its own.
- Make the "UNKNOWN" (documented in-line) actual work as advertised,
load no rules.
Prodded by: Igor M Podlesny <poige@morning.ru>
MFC after: 1 week
when running natd(8) out of the rc-files. It is perfectly valid for
the interface or alias address to be set in a natd(8) configuration
file, not on the command line. Also, loosen up the restrictions on
identifying an IP address argument in 'natd_interface.'
Fix the documentation, rc.conf(5), to reflect this change.
Take the bogus default for 'natd_interface' out of /etc/defaults/rc.conf.
MFC after: 3 days
at boot (sendmail_enable=NO), a localhost-only daemon may started
(sendmail_submit_enable) as it is needed to accept mail from command line
submissions. If this isn't desired, see etc/mail/README for more hints.
Optionally (sendmail_msp_queue_enable) start a queue runner for the
submission queue in case a daemon isn't available to accept command line
submitted mail at submission time.
Note that the syslog labels for all of these sendmail processes have been
uniquified for easier log parsing.
works and ways to work around common problems people might have.
Include information on reverting to a set-user-ID root sendmail binary in
case anyone really needs to do this.
Checking for the existence of sendmail.cf is rather silly when someone
is using the mailwrapper(8) to run a mail daemon that is not actually
sendmail(8). It is also probably better to let sendmail(8) actually
try to start and error out if the administrator has
'sendmail_enable="YES"' but no sendmail.conf. At present, it would
fail silently.
Reviewed by: gshapiro
MFC after: 2 days
updated driver. The newer driver in current outputs a version string
that contains a space, so we need to eat two words in between RocketPortX
and the number of ports on the board.
values at all if they are not purposefully set. What if the
administrator messed with them in /etc/sysctl.conf? We don't want to
overwrite them.
If 'log_in_vain' is zero, do not force the issue. If it is non-zero,
set it.
pam_login_access(8) and pam_securetty(8) to enforce various checks
previously done by login(1) but now handled by PAM, and pam_lastlog(8) to
record login sessions in utmp / wtmp / lastlog.
Sponsored by: DARPA, NAI Labs
10 in -STABLE), pccardd's string comparison between
pccard.conf's entry and PC card's CIS tupple became strict
matching.
As influences of this commit, some PC cards don't work since
some /etc/default/pccard.conf's card identifiers entries are
incorrectly described.
- Lexar Media compact flash
- IO DATA CBIDE2 in 16 bit mode
- TOSHIBA Portable 24X Speed CD-ROM Drive PA2673UJ
- Hewlett Packard M820e (CD-writer)
Update these card configs.
PR: 33815
Obtained from: [bsd-nomads:16128]
/usr/share/examples/pppd.
Remove the out-of-place pppd(8) configuration files in etc/ppp,
ppp.shells.sample and ppp.deny.
Make the appropriate changes to the build process, etc/Makefile and
etc/mtree/BSD.usr.mtree, so it all works.
/usr/share/examples/pppd.
Update pppd(8) documentation to reflect this, usr.sbin/pppd/pppd.8.
Remove the out-of-place pppd(8) configuration files in etc/ppp,
ppp.shells.sample and ppp.deny.
Make the appropriate changes to the build process, etc/Makefile and
etc/mtree/BSD.usr.mtree, so it all works.
The files from etc/ppp, ppp.shells.sample and ppp.deny, were moved
with a repo copy. Note it in the logs with a forced commit to these
two.
Submitted by: Maxim Konovalov <maxim@macomnet.ru> provided the new samples.
This change was submitted to the freebsd-audit mailing list for review
but received no feedback. Hindsight-enabled reviews are welcome.
PR: conf/31358
Submitted: Thomas Quinot <thomas@cuivre.fr.eu.org>
# This card has the same PCMCIA and OEM id as ELSA XI300 wireless card, which
# appears to be listed elsewhere in this file.
Submitted by: Abe Toshiaki-san <ans@sun-tec.co.jp>
MFC After: 5 days
Try this out in -CURRENT, MFC, and then consider dropping the
'log_in_vain' knob all together. It really is something for
sysctl.conf(5).
PR: bin/32953
Reviewed by: -bugs discussion
MFC after: 1 week
The code will be fixed for all known security vulnerabilities,
and a make.conf(5) knob (ENABLE_SUID_MAN) will be provided for
those who still want it installed setuid for whatever reasons.
users who don't wish to use it. If the admin is worried about leaking
information about which users exist and which have OPIE enabled, the
no_fake_prompts option can simply be removed.
Also insert the appropriate pam_opieaccess lines after pam_opie to break
the chain in case the user is logging in from an untrusted host, or has a
.opiealways file. The entire opieaccess / opiealways concept is slightly
unpammish, but admins familiar with OPIE will expect it to work.
Reviewed by: ache, markm
Sponsored by: DARPA, NAI Labs
We now do it as a "camcontrol rescan all" which is something ken
promised to implement; for the time being it's not worse than the old
"camcontrol rescan $device" which ended up in something like
"camcontrol rescan aic1". Currently, camcontrol misinterprets the
third non-numeric arg as number 0, and rescans bus 0, which is about
the best we could get at this time.
Approved by: imp
MFC after: 1 week
The catpaging and setuidness features of man(1) combined make
it vulnerable to a number of security attacks. Specifically,
it was possible to overwrite system catpages with arbitrarily
contents by either setting up a symlink to a directory holding
system catpages, or by writing custom -mdoc or -man groff(1)
macro packages and setting up GROFF_TMAC_PATH in environment
to point to them. (See PR below for details).
This means man(1) can no longer create system catpages on a
regular user's behalf. (It is still able to if the user has
write permissions to the directory holding catpages, e.g.,
user's own manpages, or if the running user is ``root''.)
To create and install catpages during ``make world'', please
set MANBUILDCAT=YES in /etc/make.conf. To rebuild catpages
on a weekly basis, please set weekly_catman_enable="YES" in
/etc/periodic.conf.
PR: bin/32791
Submitted by: Michael Johansson <micke@nevermind.net>
o Sony PCWA-C100 WaveLAN card
Submitted by: "Jeremiah Gowdy" <jgowdy@home.com>
o Corega KK Wireless LAN PCCA-11 (version b?)
Submitted by: Masahide *MAC* Noda <mac@clave.gr.jp>
to have backward compatibility symbolic links.
This code should check existence of deprecated locales and
fix them using following scheme:
. if new locale directory exisists and is a symlink -- remove it
. if old locale directory exists and not a symlink -- rename it to
its new name
This should allow to mtree(1) and existing locale aliases make(1)
rules to setup locale dirs correctly (avoid self-referenced symlinks)
BTW, this commit brings in backward compatibility support for ru_SU
locales (aliased to appropriate ru_RU ones).
- The disktab was taken from etc.alpha.
- rc.sparc64 doesn't do anything right now.
- The ttys file has all the vty's commented out since we don't know how
those will work yet. Also, an entry is added for the Openfirmware
console device.
Submitted by: jake (partially)
a packed array so sizeof work. This broke RFMON mode and passing
up 802.11 packets.
The Linux emulation code was derived from the open source Linux driver to
maintain compatibility.
LEAP support is added, hints from Richard Johnson. I've verified this
locally with PC350v42510.img firmware. More bug fixing from Marco to
fix long passwords.
Change DELAYs in flash part of driver to FLASH_DELAY which uses tsleep
so it doesn't look like your system died during a flash update.
Install header files in /usr/include/dev/an
Cleanup some ifmedia bugs add "Home" key mode to ifmedia and ancontrol.
This way you can manage 2 keys a little easier. Map the home mode into
key 5. Enhance ifconfig to dump the various configured SSIDs. I use
a bunch of different ones and roam between them. Use the syntax similar
to the WEP keys to deal with setting difference SSIDs.
Bump up up the Card capabilities RID since they added 2 bytes to it
in the latest firmware. Thankfully we changed it from a terminal
failure so the card still worked but the driver whined.
Some cleanup patches from Marco Molteni.
Submitted by: Richard Johnson <raj@cisco.com>
Marco Molteni <molter@tin.it>
and myself
Various checks: David Wolfskill <david@catwhisker.org>
Reviewed by: Brooks Davis <brooks@freebsd.org>
Warner Losh <imp@freebsd.org>
Approved by: Brooks Davis <brooks@freebsd.org>
Warner Losh <imp@freebsd.org>
Obtained from: Linux emulation API's from Aironet driver.
types (networkfs_types) with a version that includes the original
list.
This increases the scope for user error and also means that systems with
networkfs_types set in /etc/rc.conf will not benefit from changes to the
list in /etc/defaults/rc.conf on upgrade.
Instead, store the default list in /etc/rc itself and allow the operator
to append to that list by specifying her own list in networkfs_types.
Rename networkfs_types to extra_netfs_types accordingly, as the new name
better describes the purpose of the variable. Default the value to
'NO'.
the network is initialized. This was first implemented in rev 1.268
of src/etc/rc, but was backed out at wollman's request.
The objection was that the right place for the fix is in mount(8).
Having looked at that problem, I find it hard to believe that
the hoops one would have to jump through can be justified by the
desire for purity alone.
Note that there are reported issues surrounding nfsclient kernel
support and mount_nfs(8), which currently make NFS an ugly exception
to the general case.
With this change, systems with non-NFS network filesystems configured
for mounting on startup in /etc/fstab are no longer guaranteed to
fail on startup.
o uncommnent joy stuff (me)
o Add BONDWELL B236 joystick card (me)
o Add Buffalo WLI-CF-S11G wi card (me)
o CNF CD-m (submitted by gda)
Submitted by: Dmitry A Goncharov <gda@sani.ru>
md device and file system creation occurs *after* mtree is run, and
as such an /var/tmp/* or /tmp/* entries will be under the mountpoint
(or fail) rather than appearing in the md filesystems. This prevents
the creation of vi.recover, and might affect other localizations that
rely on the mtree calls affecting these directories.
LC_MESSAGES related data was installed to <locale>/LC_MESSAGES file.
Now it go to <locale>/LC_MESSAGES/SYS_LC_MESSAGES file. LC_MESSAGES
directory is supposed to be storage of message catalogs of userland tools.
This should allow us to avoid many potential problems with future
libintl related functionality introduction.
Thanks for useful suggestions about correct way how to replace plain
files with directories at installworld stage to: Ruslan Ermilov <ru>
so swap the order.
Also allow rpc.lockd and rpc.statd to be turned on if nfsclient is
enabled. They are needed to provide client side locking support.
PR: conf/27811
already set (e.g. a failed/skipped mergemaster run during an upgrade).
Without this, if script_name_sep was not set in the rc.conf files,
local scripts will not be executed on startup or shutdown.
PR: misc/32687
Submitted by: Nicholas Paufler <echofox@discordia.ca> (the problem)
Sheldon Hearn (the idea behind the fix)
Reviewed by: sheldonh
MFC after: 1 week
- Add instructions regarding replacing 'my.domain', as this has come up
on freebsd-questions.
- Remove reference to rs.internic.net/templates, as that directory no
longer exists. Instead, encourage them gently to talk to their network
provider.
MFC after: 1 week
of /etc/daily. Some time later, /etc/daily became a set of periodic(8)
scripts. Now, this evolution continues, and /etc/security has been
broken into periodic(8) scripts to make local customization easier and
more maintainable.
Reviewed by: ru
Approved by: ru
kernel TCP timer code: rather than checking for tcp_keepalive being
set to "YES", check for "NO" and turn off keepalives if the variable
is set in that manner.
o Note: eventually, it would make sense to remove this variable from
rc.conf management, and instead rely on sysctl.conf. In fact, this
is probably true of a number of rc.conf variables whose sole aim
is to drive the setting of sysctls at boot time.
installed instead of pam.conf. This is for testing; the conditionals will
be removed once we are confident that pam.d works as intended.
Sponsored by: DARPA, NAI Labs
conversion script generated the wrong format, so the configuration files
didn't actually work. Good thing I hadn't thrown the switch yet...
Sponsored by: DARPA, NAI Labs (but the f***ups are all mine)
backward compatibility symlinks for good measure.
DEVFS already gets this right (except for the symlinks).
PR: 24781
Submitted by: Christian Weisgerber <naddy@mips.inka.de>
MFC after: 3 days
to get it all right, allowing ipnat to be enabled independantly of ipfilter
in rc.conf (among other things).
PR: multiple
Submitted by: Arjan de Vet <devet@devet.org>
Reviewed by: Giorgos Keramidas <keramida@FreeBSD.org>
Use these new functions instead of printf(1), which is scheduled for
removal as a shell builtin command, and which will not be available as a
standalone utility if MAKEDEV is run prior to mounting /usr.
Requested by: knu
smmsp - sendmail 8.12 operates as a set-group-ID binary (instead of
set-user-ID). This new user/group will be used for command line
submissions. UID/GID 25 is suggested in the sendmail documentation and has
been adopted by other operating systems such as OpenBSD and Solaris 9.
mailnull - The default value for DefaultUser is now set to the uid and gid
of the first existing user mailnull, sendmail, or daemon that has a
non-zero uid. If none of these exist, sendmail reverts back to the old
behavior of using uid 1 and gid 1. Currently FreeBSD uses daemon for
DefaultUser but I would prefer not to use an account used by other
programs, hence the addition of mailnull. UID/GID 26 has been chosen for
this user.
This was discussed on -arch on October 18-19, 2001.
MFC after: 1 week
the idea of not masking passwords on comments in case the
administrator comments out an entry without clearing the
password. Instead completely ignore comments (since they have no
security impact) when doing the diff of the old and new passwd file.
Suggested by: rwatson
extracted and recreating device files.
Without this, you'll see following messages when 'MAKEDEV all':
[: : out of range
[: : out of range
acd0t is invalid -- can't have more than 32 devices or 169 tracks
Reported by: David Syphers <dsyphers@uchicago.edu> (at current@FreeBSD.org)
continuation lines, extra whitespace, and to use the last matching
line in the file. This syncs the host.conf generation with how
the nsswitch.conf is parsed.
Only print " host.conf" instead of a multi-line message, since this
happens on every boot.
- if nsswitch.conf exists, host.conf is auto-generated for compatibility
with legacy applications and libraries.
- if host.conf exists but nsswitch.conf does not, nsswitch.conf is auto-
generated as usual.
`localhost'. If your /etc/nsswitch.conf has ``hosts: files dns'', and
you changed `myname.my.domain' in /etc/hosts to match hostname(1), and
you run inetd(8) with the -l option, any connect to `myname' using its
real IP address through inetd(8), e.g. `ftp -a myname', will spam your
/var/log/messages with:
inetd[PID]: warning: /etc/hosts.allow, line 23: host name/name mismatch: myname.my.domain != localhost
This is especially bad for -STABLE, where /etc/host.conf defaults to
"files first then DNS" resolution order.
Noticed by: Igor Kucherenko <kivvy@sunbay.com>
MFC after: 1 week
Many people like to use generic devices in rc.syscons, etc..
So rc.devfs needs to run before those rc files.
Requested by: Jos Backus <josb@cncdsl.com>
the original commit of local_startup depended on the scripts being
executable; so there is too much precedence to change it now. About all
anyone could agree on is that rev 1.274 broke POLA and before rev 1.274
also broke POLA.
dhclient and pccard_ether, introduce the concept of a "settle time" to
pccard_ether with the new pccard_ether_delay variable. Defaults to 5
seconds, which is enough time for the ed driver to finish its
autoconfiguration for newer Linksys based cards. This also can
eliminate the ed0: timeout messages that happen at startup as well.
MFC: after RE says OK.
appears to be another OEM version of the Netgear FA411. This is a
guess, since the original didn't include the flags, but this is too
similar to my netgear card...
Submitted by: neal@nelsonnet.org
permissions on some files, and give hints as to what those permissions
might be. Note also that the current more liberal permissions might
get changed in future revisions.
discussed on the arch@ mailinglist (after repo-copy).
sys.mk will .error if it finds /etc/defaults/make.conf but include
it anyways (this is the same behaviour as with the make.conf.local
removal).
/usr/share/examples/etc/make.conf has BDEFLAGS commented out now,
since it's only an example file.
Adjust all textes that talk about make.conf or defaults/make.conf to
match the new situation.
value, it forces GCC to not optimize above this level. For intance, GCC
made with "WANT_FORCE_OPTIMIZATION_DOWNGRADE=1" is a good setting for the
Alpha platform when building ports.
rc.firewall6. Specifically, don't do anything
if [ -z ${source_rc_confs_defined} ]. Not doing this leads to a problem
with dependencies: chkdepend will set, e.g., portmap_enable to YES if
some service that needs portmap is enabled, but rc.network sources
rc.firewall, which used to source defaults/rc.conf unconditionally,
which would result in portmap_enable being set back to NO.
PR: 29631
Submitted by: OGAWA Takaya <t-ogawa@triaez.kaisei.org>
and ftpd. This more conservative default reduces the exposure of
freshly installed machines, which is especially valuable for machines
that receive minimal further configuration before being put into
production. Generally speaking, SSH has superseded the use of both
telnet and ftp in many environments. In light of recent remotely
exploitable security holes in both telnetd and ftpd, this choice
retains flexibility (both telnetd and ftpd daemons remain installed
and easily enableable) while protecting users who don't need the
additional risk. This change brings our configuration into line with
the majority of other UNIX vendors, including OpenBSD and NetBSD.
To address the concerns of those requiring remote access via telnet
from first install, changes will shortly be committed to sysinstall
to provide the ability to edit inetd.conf during the installation
process, allowing telnetd and ftp to be re-enabled during the
installation process.
While I'm at it, slightly improve commenting for inetd.conf so that
it's more clear to users how to enable and disable services.
Further commenting to indicate the functions of various columns would
probably also be useful.
Reviewed by: imp, chris, jake, nate, -arch, -stable
is required into rc.network.
Person failed to use a real name so both email addresses from PR included
(Sent was different to From).
PR: 22998
Submitted by: dl@leo.org/spock@empire.trek.org
us anyway because it doesn't work right on the x86 and alpha. On
K&R code, small ints would be promoted to int. ANSI-C doesn't require
this and the small ints can be passed taking 8 or 16 bits of stack
space. However, the x86 abi that we use *does* promote to 32 bit,
and the alpha ABI passes them in 64 bit registers so we dont have
that aspect of the problem here. Losing float precision by having it
cast down to int because the funtion prototype specifies int is the
least of our problems. -Wmissing-prototypes helps here anyway.
correct some ommissions of udp ports.
Update IANA web page.
Clean up/correct some comments. I went a little further than the PR.
PR: conf/23416
Submitted by: Rudolf Cejka <cejkar@dcse.fee.vutbr.cz>
install /etc/mail/sendmail.cf to /etc/mail/sendmail.cf and exits with an
error:
===> etc/sendmail
install -c -o root -g wheel -m 644 /etc/mail/sendmail.cf /etc/mail/sendmail.cf
install: /etc/mail/sendmail.cf and /etc/mail/sendmail.cf are the same file
*** Error code 64
Catch this in the Makefile and don't call install if the source and target
are the same file.
Reported by: Alexandr Listopad <laa@reis.zp.ua>
MFC after: 1 week
building a .cf file from a .mc file.
Include -D_FFR_TLS_O_T to enable tls policy control since the sendmail binary
build enables that FFR as well.
PR: conf/28361
MFC after: 1 week
for separating the startup scripts' list into individual filenames.
Run the shutdown scripts in reverse alphabetical order, so dependent
services are stopped before the services they depend upon.
Reviewed by: -arch, -audit
MFC after: 3 weeks
