d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
freebsd-nq/etc
History
Ruslan Ermilov 30843b9337 Do not install man(1) setuid ``man''. 
The catpaging and setuidness features of man(1) combined make
it vulnerable to a number of security attacks.  Specifically,
it was possible to overwrite system catpages with arbitrarily
contents by either setting up a symlink to a directory holding
system catpages, or by writing custom -mdoc or -man groff(1)
macro packages and setting up GROFF_TMAC_PATH in environment
to point to them.  (See PR below for details).

This means man(1) can no longer create system catpages on a
regular user's behalf.  (It is still able to if the user has
write permissions to the directory holding catpages, e.g.,
user's own manpages, or if the running user is ``root''.)

To create and install catpages during ``make world'', please
set MANBUILDCAT=YES in /etc/make.conf.  To rebuild catpages
on a weekly basis, please set weekly_catman_enable="YES" in
/etc/periodic.conf.

PR:		bin/32791
2002-01-15 14:11:05 +00:00
..
defaults
Correct Corega KK Wireless entry
2002-01-12 07:01:51 +00:00
etc.alpha
s/sysctl -w/sysctl/
2001-12-11 08:21:46 +00:00
etc.amd64
Move the syscons configuration to a machine independent rc.syscons. The
2001-01-09 22:28:17 +00:00
etc.i386
Add an entry for the Zip 250.
2001-08-31 22:49:22 +00:00
etc.ia64
s/sysctl -w/sysctl/
2001-12-11 08:21:46 +00:00
etc.sparc64
Populate etc.sparc64:
2002-01-07 23:53:34 +00:00
isdn
update the sample isdnd.rc file with a firmware keyword example and a real
2001-05-27 08:05:57 +00:00
kerberosIV
Fix typo: kereros -> kerberos
2000-10-06 17:36:05 +00:00
mail
Grammar fix for comment
2001-12-30 04:40:18 +00:00
mtree
Do not install man(1) setuid ``man''.
2002-01-15 14:11:05 +00:00
namedb
The named.conf file should refer to named.conf(5) in addition to
2001-12-03 08:05:52 +00:00
pam.d
Unmunge the version preservation code and obfuscate it so CVS won't munge
2002-01-12 23:08:59 +00:00
periodic
Fix a stray character that found its way into a filename.
2001-12-14 22:25:04 +00:00
ppp
Move the interface address setting and default route setting out of
2001-06-21 15:42:26 +00:00
rc.d
o Add a comment indicating that if /tmp==/var/tmp in rc.diskless2, the
2001-12-26 17:18:39 +00:00
root
Add these key bindings for tcsh users in interactive mode:
2001-01-10 02:37:16 +00:00
sendmail
Since buildworld builds cf files specified in SENDMAIL_ADDITIONAL_MC,
2001-11-20 03:41:05 +00:00
amd.map
apmd.conf
Now properly use logger's facility argument
2001-08-06 15:52:42 +00:00
auth.conf
Merge into a single US-exportable libcrypt, which only provides
2000-12-28 10:32:02 +00:00
crontab
Move the sendmail -q from cron to periodic, as suggested by a few people.
2001-02-19 02:47:42 +00:00
csh.cshrc
csh.login
Remove all mention of LANG and MM_CHARSET.
2000-07-27 11:39:33 +00:00
csh.logout
dhclient.conf
o Spelling error s/suffient/sufficient/
2001-10-27 03:14:37 +00:00
disktab
Add an entry for the Zip 250.
2001-08-31 22:49:22 +00:00
dm.conf
fbtab
ftpusers
gettytab
Add entries for 3wire terminals. (carrier not supplied, so we set nc).
2001-08-31 22:18:50 +00:00
group
Add two new accounts/groups for sendmail:
2001-11-17 21:24:45 +00:00
hosts
- Improve line-wrapping and spacing so as to improve readability.
2001-12-11 22:36:10 +00:00
hosts.allow
Clear up what the line "ALL : PARANOID : RFC931 20 : deny" means
2001-08-18 14:22:52 +00:00
hosts.equiv
hosts.lpd
inetd.conf
Chroot to /tftpboot for tftp.
2001-10-22 01:46:53 +00:00
locale.alias
Actually make aliases for ru_SU locales.
2002-01-08 15:30:56 +00:00
locale.deprecated
Sort entries and clarify comments
2002-01-11 15:51:56 +00:00
login.access
login.conf
ftp(1) was not the only user of FTP_PASSIVE_MODE, libfetch uses it
2001-12-14 15:48:55 +00:00
MAKEDEV
Fix some leftover stray characters from expr(1)-to-$(()) sweeps.
2001-12-27 22:41:35 +00:00
MAKEDEV.local
Makefile
Everybody (for suitable values of "everybody") seems to think pam.conf should
2002-01-14 17:15:53 +00:00
man.alias
Remove aliases not needed for new man version
2001-06-26 00:41:07 +00:00
master.passwd
Add two new accounts/groups for sendmail:
2001-11-17 21:24:45 +00:00
minfree
modems
motd
Whitespace police.
2001-12-18 18:21:51 +00:00
netconfig
Add cvs tag
2001-03-24 07:20:36 +00:00
netstart
Run network6_pass1 if ipv6_enable is YES
2001-05-18 09:14:39 +00:00
network.subr
rpc.lockd needs rpc.statd to be running for it to start up properly.
2001-12-13 04:21:18 +00:00
networks
newsyslog.conf
Use tabs where possible.
2001-12-01 17:14:34 +00:00
nls.alias
Add forgotten alias for ru_SU.ISO8859-5
2002-01-08 19:07:03 +00:00
nsmb.conf
Comment out an example that was missed on first import.
2002-01-07 08:41:55 +00:00
opieaccess
Add commented out example
2001-08-14 23:51:58 +00:00
pccard_ether
Due to a bug in the ed driver, which leads to hangs when using it with
2001-09-13 06:18:07 +00:00
phones
primes
Add /etc/primes for OpenSSH SSH2 DH exchange.
2001-03-24 00:28:43 +00:00
printcap
fixes:
2000-11-01 13:30:24 +00:00
profile
Remove all mention of LANG and MM_CHARSET.
2000-07-27 11:39:33 +00:00
protocols
Update reference URL.
2001-10-10 18:34:28 +00:00
rc
Don't require operators to override the list of network filesystem
2001-12-29 19:42:55 +00:00
rc.atm
Avoid unnecessary calls to expr(1) by using standard shell arithmetic
2001-11-14 06:35:43 +00:00
rc.devfs
Add copyright notices. Other systems have been barrowing our /etc files
2000-10-08 19:20:36 +00:00
rc.diskless1
Remove incorrect comments about the population of /etc: no attempt is
2001-12-26 17:00:55 +00:00
rc.diskless2
o Add a comment indicating that if /tmp==/var/tmp in rc.diskless2, the
2001-12-26 17:18:39 +00:00
rc.firewall
Remove a stale entry related to passing ARP with bridging and ipfw.
2001-12-27 05:40:09 +00:00
rc.firewall6
fix typo. icmptype of destination unreach is not 2 but 1.
2001-08-21 15:05:09 +00:00
rc.initdiskless
Remove incorrect comments about the population of /etc: no attempt is
2001-12-26 17:00:55 +00:00
rc.isdn
Anti-foot-shooting for pcvt users: ignore isdn_screenflags which is
2001-05-19 08:17:35 +00:00
rc.network
rpc.lockd needs rpc.statd to be running for it to start up properly.
2001-12-13 04:21:18 +00:00
rc.network6
automatic creation of faith0 and stf0 for backward compatibility.
2001-12-15 03:59:47 +00:00
rc.pccard
Alter the pccard setup a bit so that it looks prettier by redirecting
2001-03-04 17:34:37 +00:00
rc.resume
Apply a more consistent style to the echo statements in /etc/ scripts.
2000-12-17 08:16:06 +00:00
rc.serial
Add copyright notices. Other systems have been barrowing our /etc files
2000-10-08 19:20:36 +00:00
rc.shutdown
Set the script_name_sep variable to a safe value if it is not
2001-12-12 10:12:20 +00:00
rc.subr
Import the NetBSD 1.5 RC system.
2001-06-16 07:16:14 +00:00
rc.suspend
Add copyright notices. Other systems have been barrowing our /etc files
2000-10-08 19:20:36 +00:00
rc.syscons
Make the 'echo' output for blanktime and scrnmap consistent with their
2001-08-31 15:29:24 +00:00
rc.sysctl
sysctl(8) doesn't need '-w' to write to sysctl variables anymore.
2001-07-17 22:03:19 +00:00
remote
Add com1-4 as finger friendly shortcuts for /dev/cuaa0-3. Specify a default
2001-02-21 19:45:47 +00:00
rpc
Add sgi_fam 391002, file alteration monitor.
2001-08-11 09:43:04 +00:00
services
'ircd' is a better service name. Also note '6667' is unoffical
2001-11-20 19:52:28 +00:00
shells
remove last empty line
2000-04-27 21:58:46 +00:00
sysctl.conf
Enable vmiodirenable by default. Remove incorrect comment from sysctl.conf.
2001-09-26 19:35:04 +00:00
syslog.conf
Explain that /var/log/all.log needs to be touched and chmod'd 'ere it
2001-10-28 13:41:30 +00:00
termcap.small
Sync with main
2001-11-22 21:43:43 +00:00
usbd.conf
Kill the correct dhclient on detach of the ethernet device.
2000-10-20 00:42:05 +00:00