`localhost'. If your /etc/nsswitch.conf has ``hosts: files dns'', and
you changed `myname.my.domain' in /etc/hosts to match hostname(1), and
you run inetd(8) with the -l option, any connect to `myname' using its
real IP address through inetd(8), e.g. `ftp -a myname', will spam your
/var/log/messages with:
inetd[PID]: warning: /etc/hosts.allow, line 23: host name/name mismatch: myname.my.domain != localhost
This is especially bad for -STABLE, where /etc/host.conf defaults to
"files first then DNS" resolution order.
Noticed by: Igor Kucherenko <kivvy@sunbay.com>
MFC after: 1 week
Many people like to use generic devices in rc.syscons, etc..
So rc.devfs needs to run before those rc files.
Requested by: Jos Backus <josb@cncdsl.com>
the original commit of local_startup depended on the scripts being
executable; so there is too much precedence to change it now. About all
anyone could agree on is that rev 1.274 broke POLA and before rev 1.274
also broke POLA.
dhclient and pccard_ether, introduce the concept of a "settle time" to
pccard_ether with the new pccard_ether_delay variable. Defaults to 5
seconds, which is enough time for the ed driver to finish its
autoconfiguration for newer Linksys based cards. This also can
eliminate the ed0: timeout messages that happen at startup as well.
MFC: after RE says OK.
appears to be another OEM version of the Netgear FA411. This is a
guess, since the original didn't include the flags, but this is too
similar to my netgear card...
Submitted by: neal@nelsonnet.org
permissions on some files, and give hints as to what those permissions
might be. Note also that the current more liberal permissions might
get changed in future revisions.
discussed on the arch@ mailinglist (after repo-copy).
sys.mk will .error if it finds /etc/defaults/make.conf but include
it anyways (this is the same behaviour as with the make.conf.local
removal).
/usr/share/examples/etc/make.conf has BDEFLAGS commented out now,
since it's only an example file.
Adjust all textes that talk about make.conf or defaults/make.conf to
match the new situation.
value, it forces GCC to not optimize above this level. For intance, GCC
made with "WANT_FORCE_OPTIMIZATION_DOWNGRADE=1" is a good setting for the
Alpha platform when building ports.
rc.firewall6. Specifically, don't do anything
if [ -z ${source_rc_confs_defined} ]. Not doing this leads to a problem
with dependencies: chkdepend will set, e.g., portmap_enable to YES if
some service that needs portmap is enabled, but rc.network sources
rc.firewall, which used to source defaults/rc.conf unconditionally,
which would result in portmap_enable being set back to NO.
PR: 29631
Submitted by: OGAWA Takaya <t-ogawa@triaez.kaisei.org>
and ftpd. This more conservative default reduces the exposure of
freshly installed machines, which is especially valuable for machines
that receive minimal further configuration before being put into
production. Generally speaking, SSH has superseded the use of both
telnet and ftp in many environments. In light of recent remotely
exploitable security holes in both telnetd and ftpd, this choice
retains flexibility (both telnetd and ftpd daemons remain installed
and easily enableable) while protecting users who don't need the
additional risk. This change brings our configuration into line with
the majority of other UNIX vendors, including OpenBSD and NetBSD.
To address the concerns of those requiring remote access via telnet
from first install, changes will shortly be committed to sysinstall
to provide the ability to edit inetd.conf during the installation
process, allowing telnetd and ftp to be re-enabled during the
installation process.
While I'm at it, slightly improve commenting for inetd.conf so that
it's more clear to users how to enable and disable services.
Further commenting to indicate the functions of various columns would
probably also be useful.
Reviewed by: imp, chris, jake, nate, -arch, -stable
is required into rc.network.
Person failed to use a real name so both email addresses from PR included
(Sent was different to From).
PR: 22998
Submitted by: dl@leo.org/spock@empire.trek.org
us anyway because it doesn't work right on the x86 and alpha. On
K&R code, small ints would be promoted to int. ANSI-C doesn't require
this and the small ints can be passed taking 8 or 16 bits of stack
space. However, the x86 abi that we use *does* promote to 32 bit,
and the alpha ABI passes them in 64 bit registers so we dont have
that aspect of the problem here. Losing float precision by having it
cast down to int because the funtion prototype specifies int is the
least of our problems. -Wmissing-prototypes helps here anyway.
correct some ommissions of udp ports.
Update IANA web page.
Clean up/correct some comments. I went a little further than the PR.
PR: conf/23416
Submitted by: Rudolf Cejka <cejkar@dcse.fee.vutbr.cz>
install /etc/mail/sendmail.cf to /etc/mail/sendmail.cf and exits with an
error:
===> etc/sendmail
install -c -o root -g wheel -m 644 /etc/mail/sendmail.cf /etc/mail/sendmail.cf
install: /etc/mail/sendmail.cf and /etc/mail/sendmail.cf are the same file
*** Error code 64
Catch this in the Makefile and don't call install if the source and target
are the same file.
Reported by: Alexandr Listopad <laa@reis.zp.ua>
MFC after: 1 week
building a .cf file from a .mc file.
Include -D_FFR_TLS_O_T to enable tls policy control since the sendmail binary
build enables that FFR as well.
PR: conf/28361
MFC after: 1 week
for separating the startup scripts' list into individual filenames.
Run the shutdown scripts in reverse alphabetical order, so dependent
services are stopped before the services they depend upon.
Reviewed by: -arch, -audit
MFC after: 3 weeks
non-printable characters to sneak into /var/log/messages (e.g.
someone aims a Solaris/Linux RCP exploit at your FreeBSD box and
you end up with his shellcode as part of a log entry). You might
get something like,
host.mydom.org login failures:
Binary file (standard input) matches
In the daily security script as a result. Allowing attackers to
mess with your security script's ability to accurately report
is a Bad Thing. Tell grep(1) to treat /var/log/messages like a
text file even if it has non-printable characters.
Submitted by: Tim Zingelman <zingelman@fnal.gov> on freebsd-security
Approved by: ru
MFC after: 1 week
the default section and into the papchap section.
It's really irritating when you run ppp with no arguments and end up
blowing away your default route !
the following description in RFC2461:
AdvSendAdvertisements
A flag indicating whether or not the router sends
periodic Router Advertisements and responds to
Router Solicitations.
Default: FALSE
Note that AdvSendAdvertisements MUST be FALSE by
default so that a node will not accidentally start
acting as a router unless it is explicitly
configured by system management to send Router
Advertisements.
Submitted by: JINMEI Tatuya <jinmei@isl.rdc.toshiba.co.jp>
MFC after: 1 week
This work was based on kame-20010528-freebsd43-snap.tgz and some
critical problem after the snap was out were fixed.
There are many many changes since last KAME merge.
TODO:
- The definitions of SADB_* in sys/net/pfkeyv2.h are still different
from RFC2407/IANA assignment because of binary compatibility
issue. It should be fixed under 5-CURRENT.
- ip6po_m member of struct ip6_pktopts is no longer used. But, it
is still there because of binary compatibility issue. It should
be removed under 5-CURRENT.
Reviewed by: itojun
Obtained from: KAME
MFC after: 3 weeks
after the network is configured.
Future remote filesystem types should be added to remote_fstypes, which
is a whitespace-delimited list of type:description pairs.
The specific problem this fixes right now is that smbfs mounts described
in /etc/ftsab were failing.
Make the default setting YES for now to get some experience with it.
Note: If people starts seeing disk errors because of this then it
should not be backed.
With a small disk being 20GB these days, chances are pretty good that
an ailing sector will not be read while still being recoverable by
the drive.
Diskcheck daemon will read disks in the background at a low rate and
that way give the diskdrive a chance to detect and correct soft read
errors before they become hard errors.
Idea by: phk
Written by: ben
about non-existent mount directories (which would come
into existence after the real mount has occured) when just
testing for if there are any NFS filesystems in /etc/fstab.
PR: bin/26597
Submitted by: Dmitry Morozovsky <marck@rinet.ru>
MFC after: 3 days
systems were repo-copied from sys/miscfs to sys/fs.
- Renamed the following file systems and their modules:
fdesc -> fdescfs, portal -> portalfs, union -> unionfs.
- Renamed corresponding kernel options:
FDESC -> FDESCFS, PORTAL -> PORTALFS, UNION -> UNIONFS.
- Install header files for the above file systems.
- Removed bogus -I${.CURDIR}/../../sys CFLAGS from userland
Makefiles.