freebsd-skq/etc
Ruslan Ermilov 30843b9337 Do not install man(1) setuid ``man''.
The catpaging and setuidness features of man(1) combined make
it vulnerable to a number of security attacks.  Specifically,
it was possible to overwrite system catpages with arbitrarily
contents by either setting up a symlink to a directory holding
system catpages, or by writing custom -mdoc or -man groff(1)
macro packages and setting up GROFF_TMAC_PATH in environment
to point to them.  (See PR below for details).

This means man(1) can no longer create system catpages on a
regular user's behalf.  (It is still able to if the user has
write permissions to the directory holding catpages, e.g.,
user's own manpages, or if the running user is ``root''.)

To create and install catpages during ``make world'', please
set MANBUILDCAT=YES in /etc/make.conf.  To rebuild catpages
on a weekly basis, please set weekly_catman_enable="YES" in
/etc/periodic.conf.

PR:		bin/32791
2002-01-15 14:11:05 +00:00
..
defaults Correct Corega KK Wireless entry 2002-01-12 07:01:51 +00:00
etc.alpha s/sysctl -w/sysctl/ 2001-12-11 08:21:46 +00:00
etc.amd64
etc.i386 Add an entry for the Zip 250. 2001-08-31 22:49:22 +00:00
etc.ia64 s/sysctl -w/sysctl/ 2001-12-11 08:21:46 +00:00
etc.sparc64 Populate etc.sparc64: 2002-01-07 23:53:34 +00:00
isdn
kerberosIV
mail Grammar fix for comment 2001-12-30 04:40:18 +00:00
mtree Do not install man(1) setuid ``man''. 2002-01-15 14:11:05 +00:00
namedb The named.conf file should refer to named.conf(5) in addition to 2001-12-03 08:05:52 +00:00
pam.d Unmunge the version preservation code and obfuscate it so CVS won't munge 2002-01-12 23:08:59 +00:00
periodic Fix a stray character that found its way into a filename. 2001-12-14 22:25:04 +00:00
ppp
rc.d o Add a comment indicating that if /tmp==/var/tmp in rc.diskless2, the 2001-12-26 17:18:39 +00:00
root
sendmail Since buildworld builds cf files specified in SENDMAIL_ADDITIONAL_MC, 2001-11-20 03:41:05 +00:00
amd.map
apmd.conf Now properly use logger's facility argument 2001-08-06 15:52:42 +00:00
auth.conf
crontab
csh.cshrc
csh.login
csh.logout
dhclient.conf o Spelling error s/suffient/sufficient/ 2001-10-27 03:14:37 +00:00
disktab Add an entry for the Zip 250. 2001-08-31 22:49:22 +00:00
dm.conf
fbtab
ftpusers
gettytab Add entries for 3wire terminals. (carrier not supplied, so we set nc). 2001-08-31 22:18:50 +00:00
group Add two new accounts/groups for sendmail: 2001-11-17 21:24:45 +00:00
hosts - Improve line-wrapping and spacing so as to improve readability. 2001-12-11 22:36:10 +00:00
hosts.allow Clear up what the line "ALL : PARANOID : RFC931 20 : deny" means 2001-08-18 14:22:52 +00:00
hosts.equiv
hosts.lpd
inetd.conf Chroot to /tftpboot for tftp. 2001-10-22 01:46:53 +00:00
locale.alias Actually make aliases for ru_SU locales. 2002-01-08 15:30:56 +00:00
locale.deprecated Sort entries and clarify comments 2002-01-11 15:51:56 +00:00
login.access
login.conf ftp(1) was not the only user of FTP_PASSIVE_MODE, libfetch uses it 2001-12-14 15:48:55 +00:00
MAKEDEV Fix some leftover stray characters from expr(1)-to-$(()) sweeps. 2001-12-27 22:41:35 +00:00
MAKEDEV.local
Makefile Everybody (for suitable values of "everybody") seems to think pam.conf should 2002-01-14 17:15:53 +00:00
man.alias
master.passwd Add two new accounts/groups for sendmail: 2001-11-17 21:24:45 +00:00
minfree
modems
motd Whitespace police. 2001-12-18 18:21:51 +00:00
netconfig
netstart
network.subr rpc.lockd needs rpc.statd to be running for it to start up properly. 2001-12-13 04:21:18 +00:00
networks
newsyslog.conf Use tabs where possible. 2001-12-01 17:14:34 +00:00
nls.alias Add forgotten alias for ru_SU.ISO8859-5 2002-01-08 19:07:03 +00:00
nsmb.conf Comment out an example that was missed on first import. 2002-01-07 08:41:55 +00:00
opieaccess Add commented out example 2001-08-14 23:51:58 +00:00
pccard_ether Due to a bug in the ed driver, which leads to hangs when using it with 2001-09-13 06:18:07 +00:00
phones
primes
printcap
profile
protocols Update reference URL. 2001-10-10 18:34:28 +00:00
rc Don't require operators to override the list of network filesystem 2001-12-29 19:42:55 +00:00
rc.atm Avoid unnecessary calls to expr(1) by using standard shell arithmetic 2001-11-14 06:35:43 +00:00
rc.devfs
rc.diskless1 Remove incorrect comments about the population of /etc: no attempt is 2001-12-26 17:00:55 +00:00
rc.diskless2 o Add a comment indicating that if /tmp==/var/tmp in rc.diskless2, the 2001-12-26 17:18:39 +00:00
rc.firewall Remove a stale entry related to passing ARP with bridging and ipfw. 2001-12-27 05:40:09 +00:00
rc.firewall6 fix typo. icmptype of destination unreach is not 2 but 1. 2001-08-21 15:05:09 +00:00
rc.initdiskless Remove incorrect comments about the population of /etc: no attempt is 2001-12-26 17:00:55 +00:00
rc.isdn
rc.network rpc.lockd needs rpc.statd to be running for it to start up properly. 2001-12-13 04:21:18 +00:00
rc.network6 automatic creation of faith0 and stf0 for backward compatibility. 2001-12-15 03:59:47 +00:00
rc.pccard
rc.resume
rc.serial
rc.shutdown Set the script_name_sep variable to a safe value if it is not 2001-12-12 10:12:20 +00:00
rc.subr
rc.suspend
rc.syscons Make the 'echo' output for blanktime and scrnmap consistent with their 2001-08-31 15:29:24 +00:00
rc.sysctl sysctl(8) doesn't need '-w' to write to sysctl variables anymore. 2001-07-17 22:03:19 +00:00
remote
rpc Add sgi_fam 391002, file alteration monitor. 2001-08-11 09:43:04 +00:00
services 'ircd' is a better service name. Also note '6667' is unoffical 2001-11-20 19:52:28 +00:00
shells
sysctl.conf Enable vmiodirenable by default. Remove incorrect comment from sysctl.conf. 2001-09-26 19:35:04 +00:00
syslog.conf Explain that /var/log/all.log needs to be touched and chmod'd 'ere it 2001-10-28 13:41:30 +00:00
termcap.small Sync with main 2001-11-22 21:43:43 +00:00
usbd.conf