Among bumping several limits, most interesting thing is that
Apache requires than "filesize=64M" restriction must be removed.
I think it is due to mmap() usage in apache, but I am not shure.
wish only to bring up their interfaces. This script is not actually called
by any other script and exists purely for user convenience.
Requested by: pst
(if firewall = "somefilename").
Fix typo fixes and URLs which were accidently nuked out of this
file (submitted by: soil@quick.net via PR#3501).
Submitted by: "Danny J. Zerkel" <dzerkel@phofarm.com>
to 0775.
This does *not* instantly make any program which "ensures"
mail spool consistency by creating lock files safe in any way
since other tools, like mail.local, will be using flock() semantics
and any such lock file will simply be ignored. It does, however,
allow a lot of things which are currently suid root in order to create
such bogus lockfiles to, at least, be bogus at a much lower level of
privilege (and this is good). Ultimately, of course, everybody should
just use flock.
nfs requests from non-privileged ports.
Change mountd such that it does never set this variable, but only clears
it when run with -n. Also document this in the man page.
Leave dumpdev, but kill the savecore variable. Thus, it's still off
by default, but all you need is enabling dumpdev now.
phk's old argument that savecore might inadvertendly fill up the disk
no longer counts, savecore now correctly obeyes a `minfree' file, and
we ship our systems with such a file that even has a reasonable
default.
Fixed munged whitespace (just 2 lines of it). The mtree files were
originally generated by `mtree -cdinx -kuname,gname,mode'. This
gives output with no tabs except in the header. The format should
be preserved by manual updates so that the files don't change a
lot when they are regenerated.
This allows find to pass files with "illegal" characters to xargs in a
safe manner.
Note: due to the manner in which the file names are now passed between
find and xargs, the files are now sorted differently than before.
The first /etc/security run after installing this change may result
in a lot of output when nothing did in fact change.
Closes PR# 1910.
2.2 candidate.
at runtime.
etc/make.conf:
Nuked HAVE_FPU option.
lib/msun/Makefile:
Always build the i387 objects. Copy the i387 source files at build
time so that the i387 objects have different names. This is simpler
than renaming the files in the cvs repository or repeating half of
bsd.lib.mk to add explicit rules.
lib/msun/src/*.c:
Renamed all functions that have an i387-specific version by adding
`__generic_' to their names.
lib/msun/src/get_hw_float.c:
New file for getting machdep.hw_float from the kernel.
sys/i386/include/asmacros.h:
Abuse the ENTRY() macro to generate jump vectors and associated code.
This works much like PIC PLT dynamic initialization. The PIC case is
messy. The old i387 entry points are renamed. Renaming is easier
here because the names are given by macro expansions.
diff output, and replace them with "(password)". The diffs get
mailed to root, which in many cases is forwarded across the
Internet. A patient sniffer could acquire the entire "master.passwd"
file by saving all the diffs. With this fix, you still see that the
password changed, but you don't see the details.
Unless somebody talks me out of it, I am going to merge this into -2.2
in 48 hours.
dkminor(). Use $((1 << 29)) instead of a mysterious decimal number for
$scisctl. Use dkminor() instead of repeating part of it for special cases.
Shortened some long lines.
bell type on boot. Slightly annoying when your system doesn't have a speaker.
This adds a `keybell' frob for setting it. Closes PR#2519
Submitted-By: Jonathan Mini <mini@hydrogen.nike.efn.org>
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.
Boy, I'm glad we're not using sup anymore. This update would have been
insane otherwise.
wondering what the hw-config of a machine is, and the logs have been
rotated many times since reboot already.
Added:
/sbin/dmesg > /var/tmp/dmesg.boot
to /etc/rc
2.2 candidate
I've added an installation from optical disk drive facility.
This enables FreeBSD to be installed from an optical disk, which
may be formatted in "super floppy" style or sliced into MSDOS-FS
and UFS partitions.
Note: ncr.c should be reviewed by Stefan Esser <se@freebsd.org>
and cd.c by Joerg Wunsch <joerg@freebsd.org> before bringing this
into 2.2.
Submitted-By: Shunsuke Akiyama <akiyama@kme.mei.co.jp>
The zoneinfo makefile doesn't follow the rules. It builds everything
at install time. It dpends on zic to create the directories. zic
doesn't know about the weird 555 permissions specified in BSD.usr.dist,
so it creates the directories with nonstandard permissions.
if kerberos is installed. So far as I'm aware, kerberos aware clients
detect ECONNREFUSED and (if allowed) fall back to the non-kerberos
servers. They do not know how to interpret messages such as
"rlogind: unknown option -k".
I believe Garrett also mentioned this.
Unfortunately, this adds an extra step to bringing up kerberos.
It also stops /var/log/messages getting quite so many useless (and
confusing) error messages when somebody does a port scan on you.
news.notice info should not be sent to /var/log/messages, as news has
its own set of logs and notice is overused by inn
added entries for newsservers (but they're commented out)
This is a lot more robust and handles errors a lot better. It also cleans
up stray, hopeless, or unmodified files rather than leaving them there
forever.
. crate the symlink for /dev/log if required, then
. remove the old socket (savecore might have already created it
accidentally), then
. start syslogd.
(Btw., our test(1) misses an option to test for a socket.)
Fixed some style bugs for cua* and tty*.
Removed superfluous chmod for consolectl.
FIxed a tiny security bug for perfmon and changed the style for
perfmon to match the style of the non-std devices.
>Description:
The sed script in /etc/rc.local that builds the host/kernel ID line
for the message of the day relies on the year not going past 1999.
When the year passes 1999, the ID line is malformed.
Submitted by: Wolfram Schneider <wosch@cs.tu-berlin.de>
>Description:
Applications that rely on getttyent and related calls will
not find entries that are not listed in /etc/ttys. Screen
and xterm (rxvt, color_xterm) will not be able to obtain
unique utmp slots as a result. This isn't a critical problem
but it will keep utilities such as 'finger', 'who' and 'w'
from displaying the correct information.
Closes PR#conf/1270
Submitted by: winter@jurai.net
shipped with freebsd can be changed without modifying the Makefiles directly.
Creates: BOOT_FORCE_COMCONSOLE
BOOT_PROBE_KEYBOARD
BOOT_PROBE_KEYBOARD_LOCK
BOOT_COMCONSOLE (port value for console)
default, so there's no use in running it without any printer
definition in printcap. Also added a bunch of hints about the printer
setup, to guide the admin about the printer setup (handbook,
"apsfilter"), and a commented-out sample setup for a remote printer.
In the same line, add /var/spool/lpd/output to BSD.var.dist since it
is referred to by the "lp" entry in printcap.
- split the "starting network daemons" in half.
- The first half starts things necessary to get full name service up.
- The quota check etc moved from "before network" to after the name
services are running. quotacheck does a while(p=getpwent()) which
isn't real good without YP running...
- moved rwhod a little later to put it with the other network stuff.
- deferred inetd a tad so that it's after ldconfig and dev_mkdb,
otherwise you get logins before you're ready.
Unresolved: named is started before ypserv/ypbind still, but named does
a while(s = getservent()) and while (p=getprotoent()) to suck in the
entire database into memory. This means you cannot have a "+" in the
/etc/services or /etc/protocols files or you get a long hang at boot.
Turn OFF the "small servers" by default. FreeBSD systems should only
serve actively used programs. Jewels like chargen and echo are too
useful in attack scenarios.
Added forgotten share/doc/psd/05.sysman and share/zoneinfo/America/Indiana.
bsd.doc.mk:
Nuked mkdir -p and wrong fixups of the leaf directory's ownerships and
permissions. The doc tree should be well enough established for this
to be safe. Installs to directories should use a trailing slash on
the directory name so installs to non-drectories are fatal, but I
didn't start changing them.
bsd.man.mk:
Nuked mkdir -p and wrong fixups of the leaf directory's ownerships and
permissions. They were overkill to create just /usr/share/info.
zoneinfo/Makefile:
No changes yet. zic creates directories with ordinary 755 permissions.
Why do we use 555 permissions for directories in /usr/share/zoninfo.
Why not for zoneinfo itself? /proc and /dev/fd are the only other
directories in the system with 555 permissions.
