id used by sysinstall when enabling anonymous FTP.
Change the default group used by sysinstall for setting up anonymous FTP
from operator to ftp; there is no reason to use operator and there are
potential security issues when doing so.
PR: 93284
Approved by: ru (mentor)
Reviewed by: simon
this now compiles on i386 with WARNS?= 3. Most of the fixes included
adding missing 'static' keywords to internal functions, using fully-defined
terminators in statically defined arrays of structs, and various
signed vs unsigned mismatches. Also G/C'd unused configSecurity()
function.
possible for information to be copied from the group file to the group
file in the FTP area. This patch based on a patch from Zak Johnson
<zakj at nox dot cx>.
PR: bin/25851
Submitted by: Ted Mittelstaedt <tedm at toybox punkt placo period com>
Approved by: jhb (proxy mentor)
MFC after: 3 days
MFC to: RELENG_5, RELENG_6
Security: Prevents possible group information leakage
PR: bin/90057
Submitted by: Charlie M. McDonald <BoredOutkast at yahoo punkt com>
Approved by: jhb (mentor by proxy)
MFC to: RELENG_5, RELENG_6
MFC After: 3 days
- Allow the upload directory to be optional. If the upload directory
field is cleared to the empty string then no directory will be created.
- Don't create a bin/ subdirectory in ftp's home dir containing ls(1) and
date(1) as ftpd(8) no longer requires it.
- Create a pwd.db file in etc/ instead of a passwd file.
- Ignore NIS compat entries in /etc/group and /etc/master.passwd when
building the anonymous files.
PR: bin/60662
Submitted by: Olafur Osvaldsson oli at isnic dot is
by providing the opportunity to edit inetd.conf during the system
installation process. The following modifications were made:
(1) Expand the Anonymous FTP description dialog to indicate that inetd
and ftpd must be enabled before it can be used.
(2) Introduce a new configInetd() pair of dialogs, the first describing
inetd, giving a couple of examples of services that require it, and
hinting at potential risk, then asking the user if they wish to
enable it. The second indicates that inetd.conf must be configured
to enabled specific services, and asks if the user would like to
load inetd.conf into the editor to modify it. Add this
configuration action to the index.
There are some further improvements that might be considered:
(1) Provide a more inetd.conf-specific configuration tool that speaks
inetd.conf(5). However, this is made difficult by the "yet another
configuration format" nature of inetd.conf, as well as its use of
commenting to disable services, rather than an in-syntax way to
disable a service without commenting it out. Submissions here
would probably be welcome.
(2) There's some overlap between settings in the somewhat obtuse
Security Profile mechanism and other settings, including the inetd
setting, and NFS server configuration. As features become
individually tunable, they should probably be removed from the
security profile mechanism. Otherwise, somewhat counter-intuitively,
sysinstall (in practice) queries multiple times whether inetd, nfsd,
etc, should be enabled/disabled. A possible future direction might
be to drive profiles not by degree of paranoia, rather, the set
of services desired. Or simply to remove the Security Profile
mechanism and resort to feature-driven configuration.
Reviewed by: imp, chris, jake, nate, -arch, -stable
as redoing all the menus to have proper, or at least non-hallucinogenic,
keyboard accelerators.
This requires my recent update to libdialog to work properly and will
probably also exhibit some other "interesting" behavior while the last
few missing screen clears are found (which is why I'm not going to MFC
immediately). At least now, however, sysinstall does not gratuitously
redraw random screens at the drop of a hat and drive serial console
installers out of their minds.
Now we know which variables are internal and which need to be
backed to /etc/rc.conf.site. rc.conf is not touched now.
Also kget kernel change information back properly and set up a loader.rc
file to use it.
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.
Boy, I'm glad we're not using sup anymore. This update would have been
insane otherwise.
bogus or overly complex and really needed to be done more consistently
and sanely throughout - no question about it. Done.
Suggested-By: Paul Traina <pst@Shockwave.COM>
I still have a _very very annoying_ display bug which occurs when a menu
item causes a submenu to be displayed - the screen repaints for the original
menu (which is restored upon return from the submenu) are off by about 4
characters. I've tried restoring the screen, the cursor position, you name
it - same deal. Grrrr! This commit is my first step in trying to get someone
else to help me look into this one since I'm just tearing my hair out at this
point!
1. Use new dialog menu hacks (no strings, just arrays of dialogMenuItem structs)
so that I can create composite menus with radio/checkbox/... items in them,
removing some long-standing UI bogons in various menus. This work isn't
finished yet, but will be done in two phases. This is phase one.
2. Remove all the script installation stuff. I never got time to document it,
it was arcane and it just complicated much of the code. There are better
ways of doing this if I want to do auto-driven installations later.
3. Remove much dead code and otherwise attempt to remove as much historical
grot as possible so that this code is easier to hack on. This is also
a two-stage process, phase one of which is now complete.
1. Revamp package installer to use new dependency lists and also
pkg_add's new `read from stdin' mode to prevent a copy of the package
from hitting the disk unnecessarily.
2. More fixes for running "not as init" - don't get upset if CDROM already
mounted, do the right thing instead.
3. If running as init, assume first-time install and _don't show the
(W)rite option in the fdisk screen.
4. Many other little tweaks, some of which will have to wait for fuller testing
until I can create a boot floppy (testing certain system-destroying
features of sysinstall can be a royal pain). Expect some more commits.