os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Add links to manpages.

Browse source
This commit is contained in:
Wolfram Schneider 1997-07-05 23:04:44 +00:00
parent ed9ac474e1
commit 24fb4dd5b7
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/www/; revision=1712
7 changed files with 126 additions and 49 deletions
Download patch file Download diff file Expand all files Collapse all files

18
data/releases/2.2R/notes.sgml
View file

@ -1,10 +1,10 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN" [
<!ENTITY base CDATA "../..">
<!ENTITY date "$Date: 1997-03-17 08:38:31 $">
<!ENTITY date "$Date: 1997-07-05 23:04:44 $">
<!ENTITY title "FreeBSD 2.2 Release Notes">
<!ENTITY % includes SYSTEM "../../includes.sgml"> %includes;
]>
<!-- $Id: notes.sgml,v 1.1 1997-03-17 08:38:31 mbarkah Exp $ -->
<!-- $Id: notes.sgml,v 1.2 1997-07-05 23:04:44 wosch Exp $ -->
<html>
&header;
@ -42,7 +42,9 @@ in 2.2.
The number of EISA slots to probe is now a fully supported option,
including the ability to save the value from a UserConfig session
with dset(8). This helps owners of HP NetServer LC machines to
with
<a href="http://www.de.freebsd.org/de/cgi/man.cgi?dset(8)">dset(8)</a>.
This helps owners of HP NetServer LC machines to
install the system on their hardware.
Support for the SDL RISCom N2pci sync serial card.
@ -74,7 +76,8 @@ The syscons and psm drivers now have a new underlying shared keyboard
driver, eliminating many of the previously existing problems with
their mutual interaction.
Syscons now supports cut & paste in textmode using the moused(8)
Syscons now supports cut & paste in textmode using the
<a href="http://www.de.freebsd.org/de/cgi/man.cgi?moused(8)">moused(8)</a>
utility.
2.2 is the first release that includes full CD-R support for the
@ -151,8 +154,11 @@ The kernel configuration option handling has been largely moved away
from the old -D Makefile kludges, towards a system of "opt_foo.h"
kernel include files, allowing Makefile dependencies to work again.
We expect the old hack that blows the entire compile directory away
on each run of config(8) to go away anytime soon. Unless you're changing
weird options, you might now consider using the -n option to config(8),
on each run of
<a href="http://www.de.freebsd.org/de/cgi/man.cgi?config(8)">config(8)</a>
to go away anytime soon. Unless you're changing
weird options, you might now consider using the -n option to
<a href="http://www.de.freebsd.org/de/cgi/man.cgi?config(8)">config(8)</a>,
or setting the env variable NO_CONFIG_CLOBBER, if CPU time is costly for
you. See also the comments in the handbook about how it works.

59
data/security.sgml
View file

@ -1,9 +1,9 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN" [
<!ENTITY date "$Date: 1997-07-01 03:52:10 $">
<!ENTITY date "$Date: 1997-07-05 23:02:47 $">
<!ENTITY title "FreeBSD Security Guide">
<!ENTITY % includes SYSTEM "includes.sgml"> %includes;
]>
<!-- $Id: security.sgml,v 1.4 1997-07-01 03:52:10 max Exp $ -->
<!-- $Id: security.sgml,v 1.5 1997-07-05 23:02:47 wosch Exp $ -->
<HTML>
<HEAD>
@ -15,7 +15,7 @@
<H1>FreeBSD Security Guide</H1>
<em>Last Updated: $Date: 1997-07-01 03:52:10 $ </em>
<em>Last Updated: $Date: 1997-07-05 23:02:47 $ </em>
<P>This guide attempts to document some of the tips and tricks used by
many FreeBSD security experts for securing systems and writing secure
@ -52,10 +52,22 @@ FreeBSD Security Officers</a> if you have changes you'd like to see here.
security issues to watch for in this area are:
<P><UL>
<LI><A NAME="#rule1_1"></A>strcpy() and sprintf() calls from
unbounded data. Use strncpy() and snprintf() when the length is known
<LI><A NAME="#rule1_1"></A>
<a href="http://www.de.freebsd.org/de/cgi/man.cgi?strcpy(3)">
strcpy(3)</a> and <a
href="http://www.de.freebsd.org/de/cgi/man.cgi?sprintf(3)">
sprintf(3)</a> calls from
unbounded data. Use
<a href="http://www.de.freebsd.org/de/cgi/man.cgi?strncpy(3)">
strncpy(3)</a> and
<a href="http://www.de.freebsd.org/de/cgi/man.cgi?snprintf(3)">
snprintf(3)</a> when the length is known
(or implement some other form of bounds-checking when it's not).
In fact, never use gets(3) or sprintf(3), period.
In fact, never use
<a href="http://www.de.freebsd.org/de/cgi/man.cgi?gets(3)">gets(3)</a>
or
<a href="http://www.de.freebsd.org/de/cgi/man.cgi?sprintf(3)">
sprintf(3)</a>, period.
<P><LI><A NAME="#rule1_2"></A>Watch for strvis(3) and getenv(3) abuse.
strvis() is easy to get the destination string wrong for, and getenv()
@ -65,18 +77,31 @@ FreeBSD Security Officers</a> if you have changes you'd like to see here.
to unexpected values. If your program reads environment variables,
be paranoid!
<P><LI>Every time you see an open(2) or stat(2) call, ask yourself, "What
<P><LI>Every time you see an
<a href="http://www.de.freebsd.org/de/cgi/man.cgi?open(2)">open(2)</a>
or
<a href="http://www.de.freebsd.org/de/cgi/man.cgi?stat(2)">stat(2)</a>
call, ask yourself, "What
if it's a symbolic link?"
<P><LI><A NAME="#rule1_3"></A>All uses of mktemp(), tempnam(), mkstemp(),
etc.; make sure that they use mkstemp() instead. Also look for races in
<P><LI><A NAME="#rule1_3"></A>All uses of
<a href="http://www.de.freebsd.org/de/cgi/man.cgi?mktemp(3)">
mktemp(3)</a>, <a
href="http://www.de.freebsd.org/de/cgi/man.cgi?tempnam(3)">
tempnam</a>, <a
href="http://www.de.freebsd.org/de/cgi/man.cgi?mkstemp(3)">
mkstemp(3)</a>,
etc.; make sure that they use
<a href="http://www.de.freebsd.org/de/cgi/man.cgi?mkstemp(3)">
mkstemp(3)</a> instead. Also look for races in
/tmp in general, being aware that there are very few things can be atomic
in /tmp:
<UL>
<LI>Creating a directory. This will either succeed or fail.
<LI>Opening a file O_CREAT | O_EXCL
</UL>
mkstemp(3) properly handles this for you, so all temp files should
<a href="http://www.de.freebsd.org/de/cgi/man.cgi?mkstemp(3)">
mkstemp(3)</a> properly handles this for you, so all temp files should
use mkstemp to guarantee there's no race and that the permissions
are right.
@ -101,7 +126,9 @@ FreeBSD Security Officers</a> if you have changes you'd like to see here.
<P><LI><A NAME="#rule1_8"></A>Don't just grep for the usual suspects
in programs which run at elevated privs. Look line by line for possible
overflows in these cases since there are a lot more ways than strcpy()
overflows in these cases since there are a lot more ways than
<a href="http://www.de.freebsd.org/de/cgi/man.cgi?strcpy(3)">
strcpy(3)</a>
and friends to cause buffer overflows.
<P><LI><A NAME="#rule1_9"></A>Just because you drop privs somewhere doesn't
@ -111,7 +138,8 @@ FreeBSD Security Officers</a> if you have changes you'd like to see here.
<P><LI><A NAME="#rule2"></A>Do uid management. So drop privs as soon as possible,
and really drop them. Switching between euid and uid is not enough. Use
setuid() when you can.
<a href="http://www.de.freebsd.org/de/cgi/man.cgi?setuid">setuid()</a>
when you can.
<P><LI><A NAME="#rule3"></A>Never display configuration file contents on errors.
A line number and perhaps position count is enough. This is true for all
@ -132,7 +160,8 @@ FreeBSD Security Officers</a> if you have changes you'd like to see here.
you would like to have go into the tree.
<P><LI><A NAME="#rule4_3"></A>When sending changes around for review, always
use context or unidiff format diffs which may be easily fed to patch(1).
use context or unidiff format diffs which may be easily fed to
<a href="http://www.de.freebsd.org/de/cgi/man.cgi?patch(1)">patch(1)</a>.
Do not simply send whole files! Diffs are much easier to read and apply to
local sources (especially those in which multiple, simultaneous changes
may be taking place). All changes should be relative to 3.0-current
@ -160,7 +189,9 @@ FreeBSD Security Officers</a> if you have changes you'd like to see here.
signal handlers. Many routines in the various libraries are not
sufficiently reentrant to make this safe.
<P><LI><A NAME="#rule6"></A>Pay special attention to realloc() usage - more
<P><LI><A NAME="#rule6"></A>Pay special attention to
<a href="http://www.de.freebsd.org/de/cgi/man.cgi?realloc(3)">
realloc(3)</a> usage - more
often than not, it's not done correctly.
<P><LI>When using fixed-size buffers, use sizeof() to prevent lossage when

7
data/support.sgml
View file

@ -1,9 +1,9 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN" [
<!ENTITY date "$Date: 1997-06-10 04:42:36 $">
<!ENTITY date "$Date: 1997-07-05 23:02:48 $">
<!ENTITY title "Support">
<!ENTITY % includes SYSTEM "includes.sgml"> %includes;
]>
<!-- $Id: support.sgml,v 1.26 1997-06-10 04:42:36 meganm Exp $ -->
<!-- $Id: support.sgml,v 1.27 1997-07-05 23:02:48 wosch Exp $ -->
<html>
&header;
@ -96,7 +96,8 @@
<h2><a
href="http://www.freebsd.org/cgi/cvsweb.cgi">CVS Repository</a></h2>
<p>CVS (the Concurrent Version System) is the tool we use for
<p><a href="http://www.de.freebsd.org/de/cgi/man.cgi?cvs">CVS</a>
(the Concurrent Version System) is the tool we use for
keeping our sources under control. Every change (with
accompanying log message explaining its purpose) from
FreeBSD 2.0 to the present is stored here, and can be

18
en/releases/2.2R/notes.sgml
View file

@ -1,10 +1,10 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN" [
<!ENTITY base CDATA "../..">
<!ENTITY date "$Date: 1997-03-17 08:38:31 $">
<!ENTITY date "$Date: 1997-07-05 23:04:44 $">
<!ENTITY title "FreeBSD 2.2 Release Notes">
<!ENTITY % includes SYSTEM "../../includes.sgml"> %includes;
]>
<!-- $Id: notes.sgml,v 1.1 1997-03-17 08:38:31 mbarkah Exp $ -->
<!-- $Id: notes.sgml,v 1.2 1997-07-05 23:04:44 wosch Exp $ -->
<html>
&header;
@ -42,7 +42,9 @@ in 2.2.
The number of EISA slots to probe is now a fully supported option,
including the ability to save the value from a UserConfig session
with dset(8). This helps owners of HP NetServer LC machines to
with
<a href="http://www.de.freebsd.org/de/cgi/man.cgi?dset(8)">dset(8)</a>.
This helps owners of HP NetServer LC machines to
install the system on their hardware.
Support for the SDL RISCom N2pci sync serial card.
@ -74,7 +76,8 @@ The syscons and psm drivers now have a new underlying shared keyboard
driver, eliminating many of the previously existing problems with
their mutual interaction.
Syscons now supports cut & paste in textmode using the moused(8)
Syscons now supports cut & paste in textmode using the
<a href="http://www.de.freebsd.org/de/cgi/man.cgi?moused(8)">moused(8)</a>
utility.
2.2 is the first release that includes full CD-R support for the
@ -151,8 +154,11 @@ The kernel configuration option handling has been largely moved away
from the old -D Makefile kludges, towards a system of "opt_foo.h"
kernel include files, allowing Makefile dependencies to work again.
We expect the old hack that blows the entire compile directory away
on each run of config(8) to go away anytime soon. Unless you're changing
weird options, you might now consider using the -n option to config(8),
on each run of
<a href="http://www.de.freebsd.org/de/cgi/man.cgi?config(8)">config(8)</a>
to go away anytime soon. Unless you're changing
weird options, you might now consider using the -n option to
<a href="http://www.de.freebsd.org/de/cgi/man.cgi?config(8)">config(8)</a>,
or setting the env variable NO_CONFIG_CLOBBER, if CPU time is costly for
you. See also the comments in the handbook about how it works.

59
en/security.sgml
View file

@ -1,9 +1,9 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN" [
<!ENTITY date "$Date: 1997-07-01 03:52:10 $">
<!ENTITY date "$Date: 1997-07-05 23:02:47 $">
<!ENTITY title "FreeBSD Security Guide">
<!ENTITY % includes SYSTEM "includes.sgml"> %includes;
]>
<!-- $Id: security.sgml,v 1.4 1997-07-01 03:52:10 max Exp $ -->
<!-- $Id: security.sgml,v 1.5 1997-07-05 23:02:47 wosch Exp $ -->
<HTML>
<HEAD>
@ -15,7 +15,7 @@
<H1>FreeBSD Security Guide</H1>
<em>Last Updated: $Date: 1997-07-01 03:52:10 $ </em>
<em>Last Updated: $Date: 1997-07-05 23:02:47 $ </em>
<P>This guide attempts to document some of the tips and tricks used by
many FreeBSD security experts for securing systems and writing secure
@ -52,10 +52,22 @@ FreeBSD Security Officers</a> if you have changes you'd like to see here.
security issues to watch for in this area are:
<P><UL>
<LI><A NAME="#rule1_1"></A>strcpy() and sprintf() calls from
unbounded data. Use strncpy() and snprintf() when the length is known
<LI><A NAME="#rule1_1"></A>
<a href="http://www.de.freebsd.org/de/cgi/man.cgi?strcpy(3)">
strcpy(3)</a> and <a
href="http://www.de.freebsd.org/de/cgi/man.cgi?sprintf(3)">
sprintf(3)</a> calls from
unbounded data. Use
<a href="http://www.de.freebsd.org/de/cgi/man.cgi?strncpy(3)">
strncpy(3)</a> and
<a href="http://www.de.freebsd.org/de/cgi/man.cgi?snprintf(3)">
snprintf(3)</a> when the length is known
(or implement some other form of bounds-checking when it's not).
In fact, never use gets(3) or sprintf(3), period.
In fact, never use
<a href="http://www.de.freebsd.org/de/cgi/man.cgi?gets(3)">gets(3)</a>
or
<a href="http://www.de.freebsd.org/de/cgi/man.cgi?sprintf(3)">
sprintf(3)</a>, period.
<P><LI><A NAME="#rule1_2"></A>Watch for strvis(3) and getenv(3) abuse.
strvis() is easy to get the destination string wrong for, and getenv()
@ -65,18 +77,31 @@ FreeBSD Security Officers</a> if you have changes you'd like to see here.
to unexpected values. If your program reads environment variables,
be paranoid!
<P><LI>Every time you see an open(2) or stat(2) call, ask yourself, "What
<P><LI>Every time you see an
<a href="http://www.de.freebsd.org/de/cgi/man.cgi?open(2)">open(2)</a>
or
<a href="http://www.de.freebsd.org/de/cgi/man.cgi?stat(2)">stat(2)</a>
call, ask yourself, "What
if it's a symbolic link?"
<P><LI><A NAME="#rule1_3"></A>All uses of mktemp(), tempnam(), mkstemp(),
etc.; make sure that they use mkstemp() instead. Also look for races in
<P><LI><A NAME="#rule1_3"></A>All uses of
<a href="http://www.de.freebsd.org/de/cgi/man.cgi?mktemp(3)">
mktemp(3)</a>, <a
href="http://www.de.freebsd.org/de/cgi/man.cgi?tempnam(3)">
tempnam</a>, <a
href="http://www.de.freebsd.org/de/cgi/man.cgi?mkstemp(3)">
mkstemp(3)</a>,
etc.; make sure that they use
<a href="http://www.de.freebsd.org/de/cgi/man.cgi?mkstemp(3)">
mkstemp(3)</a> instead. Also look for races in
/tmp in general, being aware that there are very few things can be atomic
in /tmp:
<UL>
<LI>Creating a directory. This will either succeed or fail.
<LI>Opening a file O_CREAT | O_EXCL
</UL>
mkstemp(3) properly handles this for you, so all temp files should
<a href="http://www.de.freebsd.org/de/cgi/man.cgi?mkstemp(3)">
mkstemp(3)</a> properly handles this for you, so all temp files should
use mkstemp to guarantee there's no race and that the permissions
are right.
@ -101,7 +126,9 @@ FreeBSD Security Officers</a> if you have changes you'd like to see here.
<P><LI><A NAME="#rule1_8"></A>Don't just grep for the usual suspects
in programs which run at elevated privs. Look line by line for possible
overflows in these cases since there are a lot more ways than strcpy()
overflows in these cases since there are a lot more ways than
<a href="http://www.de.freebsd.org/de/cgi/man.cgi?strcpy(3)">
strcpy(3)</a>
and friends to cause buffer overflows.
<P><LI><A NAME="#rule1_9"></A>Just because you drop privs somewhere doesn't
@ -111,7 +138,8 @@ FreeBSD Security Officers</a> if you have changes you'd like to see here.
<P><LI><A NAME="#rule2"></A>Do uid management. So drop privs as soon as possible,
and really drop them. Switching between euid and uid is not enough. Use
setuid() when you can.
<a href="http://www.de.freebsd.org/de/cgi/man.cgi?setuid">setuid()</a>
when you can.
<P><LI><A NAME="#rule3"></A>Never display configuration file contents on errors.
A line number and perhaps position count is enough. This is true for all
@ -132,7 +160,8 @@ FreeBSD Security Officers</a> if you have changes you'd like to see here.
you would like to have go into the tree.
<P><LI><A NAME="#rule4_3"></A>When sending changes around for review, always
use context or unidiff format diffs which may be easily fed to patch(1).
use context or unidiff format diffs which may be easily fed to
<a href="http://www.de.freebsd.org/de/cgi/man.cgi?patch(1)">patch(1)</a>.
Do not simply send whole files! Diffs are much easier to read and apply to
local sources (especially those in which multiple, simultaneous changes
may be taking place). All changes should be relative to 3.0-current
@ -160,7 +189,9 @@ FreeBSD Security Officers</a> if you have changes you'd like to see here.
signal handlers. Many routines in the various libraries are not
sufficiently reentrant to make this safe.
<P><LI><A NAME="#rule6"></A>Pay special attention to realloc() usage - more
<P><LI><A NAME="#rule6"></A>Pay special attention to
<a href="http://www.de.freebsd.org/de/cgi/man.cgi?realloc(3)">
realloc(3)</a> usage - more
often than not, it's not done correctly.
<P><LI>When using fixed-size buffers, use sizeof() to prevent lossage when

7
en/support.sgml
View file

@ -1,9 +1,9 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN" [
<!ENTITY date "$Date: 1997-06-10 04:42:36 $">
<!ENTITY date "$Date: 1997-07-05 23:02:48 $">
<!ENTITY title "Support">
<!ENTITY % includes SYSTEM "includes.sgml"> %includes;
]>
<!-- $Id: support.sgml,v 1.26 1997-06-10 04:42:36 meganm Exp $ -->
<!-- $Id: support.sgml,v 1.27 1997-07-05 23:02:48 wosch Exp $ -->
<html>
&header;
@ -96,7 +96,8 @@
<h2><a
href="http://www.freebsd.org/cgi/cvsweb.cgi">CVS Repository</a></h2>
<p>CVS (the Concurrent Version System) is the tool we use for
<p><a href="http://www.de.freebsd.org/de/cgi/man.cgi?cvs">CVS</a>
(the Concurrent Version System) is the tool we use for
keeping our sources under control. Every change (with
accompanying log message explaining its purpose) from
FreeBSD 2.0 to the present is stored here, and can be

7
en/usergroups.sgml
View file

@ -1,9 +1,9 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN" [
<!ENTITY date "$Date: 1997-06-10 04:42:36 $">
<!ENTITY date "$Date: 1997-07-05 23:02:48 $">
<!ENTITY title "Support">
<!ENTITY % includes SYSTEM "includes.sgml"> %includes;
]>
<!-- $Id: usergroups.sgml,v 1.26 1997-06-10 04:42:36 meganm Exp $ -->
<!-- $Id: usergroups.sgml,v 1.27 1997-07-05 23:02:48 wosch Exp $ -->
<html>
&header;
@ -96,7 +96,8 @@
<h2><a
href="http://www.freebsd.org/cgi/cvsweb.cgi">CVS Repository</a></h2>
<p>CVS (the Concurrent Version System) is the tool we use for
<p><a href="http://www.de.freebsd.org/de/cgi/man.cgi?cvs">CVS</a>
(the Concurrent Version System) is the tool we use for
keeping our sources under control. Every change (with
accompanying log message explaining its purpose) from
FreeBSD 2.0 to the present is stored here, and can be