| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
| |
Submitted by: cpiazza, who...
Actually tested: make world
Desired by: jkh, mjacob
|
| |
|
|
|
|
|
| |
early to allow entropy to replenish.
sshd must start late to catch the full effects of ldconfig.
|
|
|
|
| |
waiting for someone to commit this. :)
|
| |
|
|
|
|
|
|
| |
PR: 17028
Submitted by: David Malone <dwmalone@maths.tcd.ie>
Approved by: jkh
|
|
|
|
| |
NO_FORTRAN NOCRYPT NOGAMES NOINFO NOLIBC_R NOSECURE NOSHARE
|
| |
|
|
|
|
|
|
|
|
| |
Also enable some standard IPv6 apps by default.
These entries will be simply ignored on systems with no INET6 defined.
Approved by: jkh
Suggested by: peter
|
|
|
|
| |
Reviewed by: phantom
|
| |
|
| |
|
|
|
|
| |
Submitted by: John Hay <jhay@mikom.csir.co.za>
|
|
|
|
|
|
|
| |
it breaks mergemaster (and probably other things).
Submitted by: Munehiro Matsuda <haro@tk.kubota.co.jp>
Approved by: jkh
|
|
|
|
| |
ssh[d] config files in the right place.
|
| |
|
|
|
|
|
|
|
|
|
| |
interfaces passed to rtadvd
-Comment out example sentences more completely
-Redirect error message of ifconfig output into /dev/null, to correctly
find out working IPv6 interfaces
Approved by: jkh
|
|
|
|
|
|
|
|
| |
-small comment fix.
Approved by: jkh
Submitted by: Chris Costello <chris@calldei.com>
|
|
|
|
|
|
|
| |
Approved by: jkh
Submitted by: bmah@CA.Sandia.GOV (Bruce A. Mah),
Ruslan Ermilov <ru@ucb.crimea.ua>
|
|
|
|
|
|
|
|
|
|
|
| |
Initial version created by, and kindly much tested by:
bmah@CA.Sandia.GOV (Bruce A. Mah)
Approved by: jkh
Reviewed by: bmah@CA.Sandia.GOV (Bruce A. Mah),
Ollivier Robert <roberto@keltia.freenix.fr>
Obtained from: KAME project
|
|
|
|
| |
Approved by: jkh
|
|
|
|
| |
as default rather than /dev/cuaa0
|
|
|
|
|
|
|
|
|
|
|
|
| |
MAKEDEV all, making DHCP on multiple interfaces happier, and allowing use
of tcpdump to to debug DHCP, without creating more devices.
(we need devfs)
Modify MAKEDEV to create four tun devices in MAKEDEV all as well, since
we're being gratuitous with network pseudo-devices.
(we need devfs)
Approved by: The Hubbard
|
|
|
|
|
|
| |
installation, so it should be in this file too.
Approved by: jkh
|
|
|
|
| |
Approved: Prior commit approved by jkh
|
|
|
|
|
|
| |
action when denying access to a service. Unfortunately, this also makes
a dandy denial-of-service attack possible. Change to just log the event
and shoot a "go away" response back down the socket.
|
|
|
|
|
|
|
|
| |
Missing IPv6 loopback name record cause name resolving lock
on INET6 enabled systems in some cases.
So define it.
Approved by: jkh
|
|
|
|
| |
Approved by: jkh
|
| |
|
| |
|
|
|
|
| |
Approved by: jhk
|
|
|
|
|
|
|
|
|
|
|
| |
S/Key authentication for ftpd was not working due to ftp implementation and
/etc/pam.conf missmatch.
So add ftpd entries into /etc/pam.conf.
Reported by: "Jose M. Alcaide" <jose@we.lc.ehu.es>
Approved by: jkh
Reviewed by: markm
|
|
|
|
|
| |
Submitted by: Hidetoshi Shimokawa <simokawa@sat.t.u-tokyo.ac.jp>
OK'ed by: jkh@FreeBSD.org
|
|
|
|
|
|
|
|
|
|
| |
interface on the dhclient command line. Not doing so screws up vmware's
network interface by attempting to configure it for DHCP (which will
never work, of course). It also would impact any other interface that
may be present that, again, would likely be manually configured for
some other purpose.
Approved by: jkh
|
|
|
|
|
|
|
|
|
|
|
|
| |
strictly a security hole, but neither is it a very good idea. Replace
it with a symlink to /dev/null to happify programs that expect it.
It is suggested that users of the jail environment modify the jail's
syslog.conf to not send stuff to /dev/console, but instead syslog
it somewhere else. Such as a loghost, potentially even to the host
environment's syslog.
Approved by: jkh
|
|
|
|
|
|
|
|
|
| |
/etc/Makefile so that if it is defined, MAKEDEV all is not called
during a make distribution. This helps clean up the messy userland
in jail(), by reducing the number of devices exposed in jail.
Modifications to jail(2) to follow.
Approved by: jkh-arius
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
an all.log for logging all messages, and one to demonstrate use of loghosts.
Also, a matching entry in newsyslog.conf for all.log.
Per request of Garrett Wollman, also modified the maillog entry to use the
@T newsyslog time specification mechanism. Because newsyslog doesn't
support the mod date specification machanism, couldn't change other
entries that required more than one execution a month, but less than once
a day.
Approved by: jkh
Reviewed by: freebsd-security
|
|
|
|
|
|
|
| |
you to run a preprocessor, such as m4, so that you can use macros in your
rules file.
Approved by: jkh
|
|
|
|
|
|
|
|
|
|
|
| |
Reviewed by: joerg
The isdnd is able to listen on a socket for isdnmonitor to connect to
it to remotely control it (similar to ppp and pppctl). When this is
enabled in the isdnd config file, it will fail currently because isdnd
is started before the network interfaces are configured.
It is necessary to move the isdnd start after the ifconfig of the network
interfaces, then this problem will not occur.
|
|
|
|
| |
Approved by: jkh
|
|
|
|
|
|
| |
happen with a keyboard and monitor the console change was not as needed
in the i386 case as the Alpha case. IMO >50% of Alpha installs are using
a serial console, the change matching rev 1.7 should not be backed out.
|
|
|
|
|
|
|
|
|
|
|
| |
devices because accessible by group wheel instead of group operator.
Didn't fix fishy group for rsa*.ctl. This device should have group operator
if that is safe, or mode 600 and group wheel.
Removed ssc and uk*.
Removed bogus (redundant) chmod's to 600.
|
|
|
|
|
|
|
|
|
| |
# Apollo PCMCIA Ethernet Adapter
# Olicom OC2220
# National Semiconductor InfoMover NE4100
I forgot who submitted the first two, but the third one was submitted
by Jim Bloom.
|
|
|
|
|
| |
the console reguardless of the type of console.
* Make the Alpha version match the i386 version.
|
|
|
|
|
|
|
|
|
|
|
| |
draft-manning-dsua-01.txt.
Stop using public addresses as samples and use the recommended
192.0.2.0/24 netblock that has specifically been set aside for
documentation purposes.
Reviewed by: readers of freebsd-security did not respond to a request
for review
|
|
|
|
|
|
| |
Submitted by: Atsushi Onoe <onoe@sm.sony.co.jp>,
YAMAMOTO Shigeru <shigeru@iij.ad.jp>,
Masahide -mac- NODA <mac@clave.gr.jp>
|
| |
|
|
|
|
| |
Suggested by: asami
|
|
|
|
| |
Submitted by: Andy Farkas <andyf@speednet.com.au>
|