diff --git a/data/releases/2.0.5A/notes.sgml b/data/releases/2.0.5A/notes.sgml index e0391dc30c..c1c5800d1a 100644 --- a/data/releases/2.0.5A/notes.sgml +++ b/data/releases/2.0.5A/notes.sgml @@ -1,10 +1,10 @@ - + %includes; ]> - + &header; @@ -157,7 +157,8 @@ still functioning disks from mounting. Hard wiring allows static allocation of unit numbers (and hence device names) to scsi devices based on SCSI ID and bus. SCSI configuration occurs in the kernel config file. Samples of the configuration syntax can be found in the -scsi(4) man page or the LINT kernel config file. +scsi(4)> +man page or the LINT kernel config file. Owner: Peter Dufault (dufault@hda.com) Sources involved: sys/scsi/* usr.sbin/config/* diff --git a/data/releases/2.0.5R/notes.sgml b/data/releases/2.0.5R/notes.sgml index 8a0a145fe6..0a73f40bad 100644 --- a/data/releases/2.0.5R/notes.sgml +++ b/data/releases/2.0.5R/notes.sgml @@ -1,10 +1,10 @@ - + %includes; ]> - + &header; @@ -164,7 +164,8 @@ still functioning disks from mounting. Hard wiring allows static allocation of unit numbers (and hence device names) to scsi devices based on SCSI ID and bus. SCSI configuration occurs in the kernel config file. Samples of the configuration syntax can be found in the -scsi(4) man page or the LINT kernel config file. +scsi(4)> +man page or the LINT kernel config file. Owner: Peter Dufault (dufault@hda.com) Sources involved: sys/scsi/* usr.sbin/config/* diff --git a/data/releases/2.0/notes.sgml b/data/releases/2.0/notes.sgml index 18d75a8611..66d1e0fd62 100644 --- a/data/releases/2.0/notes.sgml +++ b/data/releases/2.0/notes.sgml @@ -1,10 +1,10 @@ - + %includes; ]> - + &header; @@ -122,8 +122,13 @@ Loadable filesystems Most filesystems are now dynamically loadable on demand, with the exception of the UFS family (FFS, LFS, and MFS). With the exception of NFS, all such filesystems can be unloaded when all references are -unmounted. To support this functionality, the getvfsbyname(3) -family of functions has been added to the C library and the lsvfs(1) +unmounted. To support this functionality, the + +getvfsbyname(3) + +family of functions has been added to the C library and the +lsvfs(1) + command provides the same information at the shell level. Be aware of the following current restrictions: @@ -150,7 +155,9 @@ Some of the features new in 2.0 are: table. The second item explains the absence of skey.access in the installed /etc. To enable S/Key support, create a file skey.access in /etc and fill it -according to your needs. See also skey.access(5) and the example in +according to your needs. See also skey. +access(5) +and the example in /usr/share/examples/etc/skey.access. Owner: pst, guido @@ -227,8 +234,12 @@ Device configuration database ----------------------------- The kernel now keeps better track of which device drivers are active and where the devices are attached; this information is made available to -user programs via the new sysctl(3) management interface. Current -applications include lsdev(8), which lists the currently configured +user programs via the new +sysctl(3) +management interface. Current +applications include +lsdev(8), +which lists the currently configured devices. In the future, we expect to use this code to automatically generate a configuration file for you at installation time. @@ -244,7 +255,9 @@ series of kernel variables and parameters which were previously manipulated by reading and writing /dev/kmem. Many programs have been rewritten to use this interface, although many old-style programs still remain. Some variables which were never accessible before are now available through -the sysctl(1) program. In addition to the standard 4.4BSD MIB variables, +the +sysctl(1) +program. In addition to the standard 4.4BSD MIB variables, we have added support for YP/NIS domains (kern.domainname), controlling the update daemon (kern.update), retrieving the OS release date (kern.osreldate), determining the name of the booted kernel (kern.bootfile), diff --git a/data/releases/2.1.5R/notes.sgml b/data/releases/2.1.5R/notes.sgml index b9985b4fea..62d28eb460 100644 --- a/data/releases/2.1.5R/notes.sgml +++ b/data/releases/2.1.5R/notes.sgml @@ -1,10 +1,10 @@ - + %includes; ]> - + &header; @@ -49,7 +49,9 @@ Better support for the Matrox Meteor frame grabber card. Support for the Connectix Quickcam (parallel port camera). Worm driver - it is now possible to burn CDROMs using the Plasmon or -HP 4080i CDR drives (see `wormcontrol(1)'). NOTE: If your drive +HP 4080i CDR drives (see + +wormcontrol(1)). NOTE: If your drive probes as a CD rather than a WORM, some additional patches may be required from -current to get it working for you. We decided not to bring these changes over by default as they make too many changes to @@ -61,7 +63,9 @@ Kernel features: Various VM system enhancements and more than a few bugs fixed. A concatenated disk driver for simple types of RAID applications. -See the man page for ccd(4) for more information. +See the man page for +ccd(4)> +for more information. Real PCI bus probing (before ISA) and support for various PCI bridges. diff --git a/data/releases/2.1.6R/notes.sgml b/data/releases/2.1.6R/notes.sgml index 276f0549b8..72f5edfe97 100644 --- a/data/releases/2.1.6R/notes.sgml +++ b/data/releases/2.1.6R/notes.sgml @@ -1,10 +1,10 @@ - + %includes; ]> - + &header; @@ -57,7 +57,9 @@ Kernel features: Various VM system enhancements and more than a few bugs fixed. A concatenated disk driver for simple types of RAID applications. -See the man page for ccd(4) for more information. +See the man page for +ccd(4)> +for more information. Real PCI bus probing (before ISA) and support for various PCI bridges. diff --git a/data/releases/2.1.7R/notes.sgml b/data/releases/2.1.7R/notes.sgml index 3209d313d2..ebed33f226 100644 --- a/data/releases/2.1.7R/notes.sgml +++ b/data/releases/2.1.7R/notes.sgml @@ -1,10 +1,10 @@ - + %includes; ]> - + &header; @@ -67,7 +67,9 @@ Kernel features: Various VM system enhancements and more than a few bugs fixed. A concatenated disk driver for simple types of RAID applications. -See the man page for ccd(4) for more information. +See the man page for +ccd(4)> +for more information. Real PCI bus probing (before ISA) and support for various PCI bridges. diff --git a/data/releases/2.2.1R/notes.sgml b/data/releases/2.2.1R/notes.sgml index 4232217359..79821b956e 100644 --- a/data/releases/2.2.1R/notes.sgml +++ b/data/releases/2.2.1R/notes.sgml @@ -1,10 +1,10 @@ - + %includes; ]> - + &header; @@ -70,7 +70,9 @@ in 2.2. The number of EISA slots to probe is now a fully supported option, including the ability to save the value from a UserConfig session -with dset(8). This helps owners of HP NetServer LC machines to +with +dset(8)>. +This helps owners of HP NetServer LC machines to install the system on their hardware. Support for the SDL RISCom N2pci sync serial card. @@ -105,7 +107,8 @@ The syscons and psm drivers now have a new underlying shared keyboard driver, eliminating many of the previously existing problems with their mutual interaction. -Syscons now supports cut & paste in textmode using the moused(8) +Syscons now supports cut & paste in textmode using the +moused(8)> utility. 2.2 is the first release that includes full CD-R support for the @@ -182,8 +185,11 @@ The kernel configuration option handling has been largely moved away from the old -D Makefile kludges, towards a system of "opt_foo.h" kernel include files, allowing Makefile dependencies to work again. We expect the old hack that blows the entire compile directory away -on each run of config(8) to go away anytime soon. Unless you're changing -weird options, you might now consider using the -n option to config(8), +on each run of +config(8)> +to go away anytime soon. Unless you're changing +weird options, you might now consider using the -n option to +config(8)>, or setting the env variable NO_CONFIG_CLOBBER, if CPU time is costly for you. See also the comments in the handbook about how it works. diff --git a/data/releases/2.2.2R/errata.sgml b/data/releases/2.2.2R/errata.sgml index 319cc2694a..cc4d8cac27 100644 --- a/data/releases/2.2.2R/errata.sgml +++ b/data/releases/2.2.2R/errata.sgml @@ -1,10 +1,10 @@ - + %includes; ]> - + &header; @@ -20,7 +20,9 @@ Fix: If you have the source distribution installed, simply cp /usr/src/etc/login.conf /etc otherwise, get it from the FreeBSD FTP site using this URL: ftp://ftp.freebsd.org/pub/FreeBSD/FreeBSD-current/src/etc/login.conf - instead. Simply cd to /etc and then run fetch(1) with the provided URL. + instead. Simply cd to /etc and then run +fetch(1)> +with the provided URL. o sysconfig scrambles rc.conf if run again. diff --git a/data/releases/2.2.2R/notes.sgml b/data/releases/2.2.2R/notes.sgml index 06b8590768..d5269a16e8 100644 --- a/data/releases/2.2.2R/notes.sgml +++ b/data/releases/2.2.2R/notes.sgml @@ -1,10 +1,10 @@ - + %includes; ]> - + &header; @@ -34,7 +34,8 @@ NFSv3 is now the default, with fall-back to NFSv2 occuring as necessary. An lchown() system call has been added for changing the ownership of symlinks. -Login classes added for setting default user limits (see login.conf(5)). +Login classes added for setting default user limits (see login. +conf(5)). ftpd now supports virtual FTP hosting. @@ -84,7 +85,9 @@ in 2.2. The number of EISA slots to probe is now a fully supported option, including the ability to save the value from a UserConfig session -with dset(8). This helps owners of HP NetServer LC machines to +with +dset(8)>. +This helps owners of HP NetServer LC machines to install the system on their hardware. Support for the SDL RISCom N2pci sync serial card. @@ -119,7 +122,8 @@ The syscons and psm drivers now have a new underlying shared keyboard driver, eliminating many of the previously existing problems with their mutual interaction. -Syscons now supports cut & paste in textmode using the moused(8) +Syscons now supports cut & paste in textmode using the +moused(8)> utility. 2.2 is the first release that includes full CD-R support for the @@ -196,8 +200,11 @@ The kernel configuration option handling has been largely moved away from the old -D Makefile kludges, towards a system of "opt_foo.h" kernel include files, allowing Makefile dependencies to work again. We expect the old hack that blows the entire compile directory away -on each run of config(8) to go away anytime soon. Unless you're changing -weird options, you might now consider using the -n option to config(8), +on each run of +config(8)> +to go away anytime soon. Unless you're changing +weird options, you might now consider using the -n option to +config(8)>, or setting the env variable NO_CONFIG_CLOBBER, if CPU time is costly for you. See also the comments in the handbook about how it works. diff --git a/data/security.sgml b/data/security.sgml index ee290d714b..12d675bb51 100644 --- a/data/security.sgml +++ b/data/security.sgml @@ -1,9 +1,9 @@ + %includes; ]> - + @@ -15,7 +15,7 @@

FreeBSD Security Guide

-Last Updated: $Date: 1997-09-28 09:24:32 $ +Last Updated: $Date: 1997-10-03 20:53:15 $

This guide attempts to document some of the tips and tricks used by many FreeBSD security experts for securing systems and writing secure @@ -69,8 +69,13 @@ FreeBSD Security Officers if you have changes you'd like to see here. sprintf(3), period. -

  • Watch for strvis(3) and getenv(3) abuse. - strvis() is easy to get the destination string wrong for, and getenv() +

  • Watch for + strvis(3) + and getenv(3) + abuse. + strvis(3) + is easy to get the destination string wrong for, and + getenv(3) can return strings much longer than the user might expect - they are one of the key ways an attack is often made on a program, causing it to overwrite stack or variables by setting its environment variables @@ -138,7 +143,7 @@ FreeBSD Security Officers if you have changes you'd like to see here.

  • Do uid management. So drop privs as soon as possible, and really drop them. Switching between euid and uid is not enough. Use - setuid() + setuid(2) when you can.

  • Never display configuration file contents on errors. diff --git a/data/tutorials/ddwg/ddwg.sgml b/data/tutorials/ddwg/ddwg.sgml index 41cbbafa64..9cb25739aa 100644 --- a/data/tutorials/ddwg/ddwg.sgml +++ b/data/tutorials/ddwg/ddwg.sgml @@ -6,7 +6,7 @@ ++ ++ Copyright Eric L. Hernes - Wednesday, August 2, 1995 ++ - ++ $Id: ddwg.sgml,v 1.3 1996-12-28 23:36:51 mpp Exp $ + ++ $Id: ddwg.sgml,v 1.4 1997-10-03 20:53:38 wosch Exp $ ++ ++ Sgml doc for something --> @@ -58,7 +58,8 @@ device opened. These are available through the macros -The manual page. It is recommended that you check these for access modes in <sys/fcntl.h> and do what is required. For example if -The d_read() and d_write() entry points are called when read(2) and -write(2) are called on your device from user-space. The transfer +The d_read() and d_write() entry points are called when + and + +are called on your device from user-space. The transfer of data can be handled through the kernel support routine uiomove(). d_ioctl() @@ -120,7 +123,9 @@ d_ioctl(dev_t dev, int cmd, caddr_t arg, int flag, struct proc *p) d_ioctl() is a catch-all for operations which don't make sense in a read/write paradigm. Probably the most famous of all ioctl's is on -tty devices, through stty(1). The ioctl entry point is called from +tty devices, through +. +The ioctl entry point is called from ioctl() in sys/kern/sys_generic.c

    There are four different types of ioctl's which can be implemented. @@ -228,7 +233,8 @@ scatter-gather io via the readv() and writev() system calls. -This structure is required, but generally it is created by config(8) +This structure is required, but generally it is created by + from the kernel configuration file. It is required on a per-device basis, meaning that if you have a driver which controls two serial boards, you will have two isa_device structures. If you build a @@ -281,7 +287,8 @@ initialize your device. The ). The .

    If the driver has data structures and ioctl's which are specific to @@ -455,7 +463,8 @@ The steps required to add your driver to the standard FreeBSD kernel are Add to the driver list Add an entry to the [bc]devsw Add the driver entry to the kernel config file - config(8), compile, and install the kernel + , +compile, and install the kernel make required nodes. reboot. @@ -476,7 +485,9 @@ The first field is the pathname of the driver module relative to /usr/src/sys. For the case of a binary driver the path would be something like ``i386/OBJ/joy.o''. -The second field tells config(8) that this is an optional driver. Some +The second field tells + +that this is an optional driver. Some devices are required for the kernel to even be built. The third field is the name of the device. @@ -512,7 +523,8 @@ d_ioctl_t joyioctl; This either defines your entry points, or null entry points which will return ENXIO when called (the #else clause). -The include file ``joy.h'' is automatically generated by config(8) when +The include file ``joy.h'' is automatically generated by + when the kernel build tree is created. This usually has only one line like: #define NJOY 1 @@ -569,7 +581,8 @@ the network class. It uses interrupt 10. It uses 32k of shared memory at physical address 0xd0000. It also defines it's interrupt handler to be ``ixintr()'' -config(8) the kernel. + +the kernel.

    Now with our config file in hand, we can create a kernel compile directory. This is done by simply typing: @@ -632,7 +645,8 @@ Lines 17 - 26 -- This includes the file ``pca.h'' and conditionally compiles the rest of the LKM on whether or not we have a pcaudio device defined. This -mimics the behavior of config. In a standard device driver, config(8) +mimics the behavior of config. In a standard device driver, + generates the pca.h file from the number pca devices in the config file. 17 /* diff --git a/en/releases/2.0.5A/notes.sgml b/en/releases/2.0.5A/notes.sgml index e0391dc30c..c1c5800d1a 100644 --- a/en/releases/2.0.5A/notes.sgml +++ b/en/releases/2.0.5A/notes.sgml @@ -1,10 +1,10 @@ - + %includes; ]> - + &header; @@ -157,7 +157,8 @@ still functioning disks from mounting. Hard wiring allows static allocation of unit numbers (and hence device names) to scsi devices based on SCSI ID and bus. SCSI configuration occurs in the kernel config file. Samples of the configuration syntax can be found in the -scsi(4) man page or the LINT kernel config file. +scsi(4)> +man page or the LINT kernel config file. Owner: Peter Dufault (dufault@hda.com) Sources involved: sys/scsi/* usr.sbin/config/* diff --git a/en/releases/2.0.5R/notes.sgml b/en/releases/2.0.5R/notes.sgml index 8a0a145fe6..0a73f40bad 100644 --- a/en/releases/2.0.5R/notes.sgml +++ b/en/releases/2.0.5R/notes.sgml @@ -1,10 +1,10 @@ - + %includes; ]> - + &header; @@ -164,7 +164,8 @@ still functioning disks from mounting. Hard wiring allows static allocation of unit numbers (and hence device names) to scsi devices based on SCSI ID and bus. SCSI configuration occurs in the kernel config file. Samples of the configuration syntax can be found in the -scsi(4) man page or the LINT kernel config file. +scsi(4)> +man page or the LINT kernel config file. Owner: Peter Dufault (dufault@hda.com) Sources involved: sys/scsi/* usr.sbin/config/* diff --git a/en/releases/2.0/notes.sgml b/en/releases/2.0/notes.sgml index 18d75a8611..66d1e0fd62 100644 --- a/en/releases/2.0/notes.sgml +++ b/en/releases/2.0/notes.sgml @@ -1,10 +1,10 @@ - + %includes; ]> - + &header; @@ -122,8 +122,13 @@ Loadable filesystems Most filesystems are now dynamically loadable on demand, with the exception of the UFS family (FFS, LFS, and MFS). With the exception of NFS, all such filesystems can be unloaded when all references are -unmounted. To support this functionality, the getvfsbyname(3) -family of functions has been added to the C library and the lsvfs(1) +unmounted. To support this functionality, the + +getvfsbyname(3) + +family of functions has been added to the C library and the +lsvfs(1) + command provides the same information at the shell level. Be aware of the following current restrictions: @@ -150,7 +155,9 @@ Some of the features new in 2.0 are: table. The second item explains the absence of skey.access in the installed /etc. To enable S/Key support, create a file skey.access in /etc and fill it -according to your needs. See also skey.access(5) and the example in +according to your needs. See also skey. +access(5) +and the example in /usr/share/examples/etc/skey.access. Owner: pst, guido @@ -227,8 +234,12 @@ Device configuration database ----------------------------- The kernel now keeps better track of which device drivers are active and where the devices are attached; this information is made available to -user programs via the new sysctl(3) management interface. Current -applications include lsdev(8), which lists the currently configured +user programs via the new +sysctl(3) +management interface. Current +applications include +lsdev(8), +which lists the currently configured devices. In the future, we expect to use this code to automatically generate a configuration file for you at installation time. @@ -244,7 +255,9 @@ series of kernel variables and parameters which were previously manipulated by reading and writing /dev/kmem. Many programs have been rewritten to use this interface, although many old-style programs still remain. Some variables which were never accessible before are now available through -the sysctl(1) program. In addition to the standard 4.4BSD MIB variables, +the +sysctl(1) +program. In addition to the standard 4.4BSD MIB variables, we have added support for YP/NIS domains (kern.domainname), controlling the update daemon (kern.update), retrieving the OS release date (kern.osreldate), determining the name of the booted kernel (kern.bootfile), diff --git a/en/releases/2.1.5R/notes.sgml b/en/releases/2.1.5R/notes.sgml index b9985b4fea..62d28eb460 100644 --- a/en/releases/2.1.5R/notes.sgml +++ b/en/releases/2.1.5R/notes.sgml @@ -1,10 +1,10 @@ - + %includes; ]> - + &header; @@ -49,7 +49,9 @@ Better support for the Matrox Meteor frame grabber card. Support for the Connectix Quickcam (parallel port camera). Worm driver - it is now possible to burn CDROMs using the Plasmon or -HP 4080i CDR drives (see `wormcontrol(1)'). NOTE: If your drive +HP 4080i CDR drives (see + +wormcontrol(1)). NOTE: If your drive probes as a CD rather than a WORM, some additional patches may be required from -current to get it working for you. We decided not to bring these changes over by default as they make too many changes to @@ -61,7 +63,9 @@ Kernel features: Various VM system enhancements and more than a few bugs fixed. A concatenated disk driver for simple types of RAID applications. -See the man page for ccd(4) for more information. +See the man page for +ccd(4)> +for more information. Real PCI bus probing (before ISA) and support for various PCI bridges. diff --git a/en/releases/2.1.6R/notes.sgml b/en/releases/2.1.6R/notes.sgml index 276f0549b8..72f5edfe97 100644 --- a/en/releases/2.1.6R/notes.sgml +++ b/en/releases/2.1.6R/notes.sgml @@ -1,10 +1,10 @@ - + %includes; ]> - + &header; @@ -57,7 +57,9 @@ Kernel features: Various VM system enhancements and more than a few bugs fixed. A concatenated disk driver for simple types of RAID applications. -See the man page for ccd(4) for more information. +See the man page for +ccd(4)> +for more information. Real PCI bus probing (before ISA) and support for various PCI bridges. diff --git a/en/releases/2.1.7R/notes.sgml b/en/releases/2.1.7R/notes.sgml index 3209d313d2..ebed33f226 100644 --- a/en/releases/2.1.7R/notes.sgml +++ b/en/releases/2.1.7R/notes.sgml @@ -1,10 +1,10 @@ - + %includes; ]> - + &header; @@ -67,7 +67,9 @@ Kernel features: Various VM system enhancements and more than a few bugs fixed. A concatenated disk driver for simple types of RAID applications. -See the man page for ccd(4) for more information. +See the man page for +ccd(4)> +for more information. Real PCI bus probing (before ISA) and support for various PCI bridges. diff --git a/en/releases/2.2.1R/notes.sgml b/en/releases/2.2.1R/notes.sgml index 4232217359..79821b956e 100644 --- a/en/releases/2.2.1R/notes.sgml +++ b/en/releases/2.2.1R/notes.sgml @@ -1,10 +1,10 @@ - + %includes; ]> - + &header; @@ -70,7 +70,9 @@ in 2.2. The number of EISA slots to probe is now a fully supported option, including the ability to save the value from a UserConfig session -with dset(8). This helps owners of HP NetServer LC machines to +with +dset(8)>. +This helps owners of HP NetServer LC machines to install the system on their hardware. Support for the SDL RISCom N2pci sync serial card. @@ -105,7 +107,8 @@ The syscons and psm drivers now have a new underlying shared keyboard driver, eliminating many of the previously existing problems with their mutual interaction. -Syscons now supports cut & paste in textmode using the moused(8) +Syscons now supports cut & paste in textmode using the +moused(8)> utility. 2.2 is the first release that includes full CD-R support for the @@ -182,8 +185,11 @@ The kernel configuration option handling has been largely moved away from the old -D Makefile kludges, towards a system of "opt_foo.h" kernel include files, allowing Makefile dependencies to work again. We expect the old hack that blows the entire compile directory away -on each run of config(8) to go away anytime soon. Unless you're changing -weird options, you might now consider using the -n option to config(8), +on each run of +config(8)> +to go away anytime soon. Unless you're changing +weird options, you might now consider using the -n option to +config(8)>, or setting the env variable NO_CONFIG_CLOBBER, if CPU time is costly for you. See also the comments in the handbook about how it works. diff --git a/en/releases/2.2.2R/errata.sgml b/en/releases/2.2.2R/errata.sgml index 319cc2694a..cc4d8cac27 100644 --- a/en/releases/2.2.2R/errata.sgml +++ b/en/releases/2.2.2R/errata.sgml @@ -1,10 +1,10 @@ - + %includes; ]> - + &header; @@ -20,7 +20,9 @@ Fix: If you have the source distribution installed, simply cp /usr/src/etc/login.conf /etc otherwise, get it from the FreeBSD FTP site using this URL: ftp://ftp.freebsd.org/pub/FreeBSD/FreeBSD-current/src/etc/login.conf - instead. Simply cd to /etc and then run fetch(1) with the provided URL. + instead. Simply cd to /etc and then run +fetch(1)> +with the provided URL. o sysconfig scrambles rc.conf if run again. diff --git a/en/releases/2.2.2R/notes.sgml b/en/releases/2.2.2R/notes.sgml index 06b8590768..d5269a16e8 100644 --- a/en/releases/2.2.2R/notes.sgml +++ b/en/releases/2.2.2R/notes.sgml @@ -1,10 +1,10 @@ - + %includes; ]> - + &header; @@ -34,7 +34,8 @@ NFSv3 is now the default, with fall-back to NFSv2 occuring as necessary. An lchown() system call has been added for changing the ownership of symlinks. -Login classes added for setting default user limits (see login.conf(5)). +Login classes added for setting default user limits (see login. +conf(5)). ftpd now supports virtual FTP hosting. @@ -84,7 +85,9 @@ in 2.2. The number of EISA slots to probe is now a fully supported option, including the ability to save the value from a UserConfig session -with dset(8). This helps owners of HP NetServer LC machines to +with +dset(8)>. +This helps owners of HP NetServer LC machines to install the system on their hardware. Support for the SDL RISCom N2pci sync serial card. @@ -119,7 +122,8 @@ The syscons and psm drivers now have a new underlying shared keyboard driver, eliminating many of the previously existing problems with their mutual interaction. -Syscons now supports cut & paste in textmode using the moused(8) +Syscons now supports cut & paste in textmode using the +moused(8)> utility. 2.2 is the first release that includes full CD-R support for the @@ -196,8 +200,11 @@ The kernel configuration option handling has been largely moved away from the old -D Makefile kludges, towards a system of "opt_foo.h" kernel include files, allowing Makefile dependencies to work again. We expect the old hack that blows the entire compile directory away -on each run of config(8) to go away anytime soon. Unless you're changing -weird options, you might now consider using the -n option to config(8), +on each run of +config(8)> +to go away anytime soon. Unless you're changing +weird options, you might now consider using the -n option to +config(8)>, or setting the env variable NO_CONFIG_CLOBBER, if CPU time is costly for you. See also the comments in the handbook about how it works. diff --git a/en/security.sgml b/en/security.sgml index ee290d714b..12d675bb51 100644 --- a/en/security.sgml +++ b/en/security.sgml @@ -1,9 +1,9 @@ + %includes; ]> - + @@ -15,7 +15,7 @@

    FreeBSD Security Guide

    -Last Updated: $Date: 1997-09-28 09:24:32 $ +Last Updated: $Date: 1997-10-03 20:53:15 $

    This guide attempts to document some of the tips and tricks used by many FreeBSD security experts for securing systems and writing secure @@ -69,8 +69,13 @@ FreeBSD Security Officers if you have changes you'd like to see here. sprintf(3), period. -

  • Watch for strvis(3) and getenv(3) abuse. - strvis() is easy to get the destination string wrong for, and getenv() +

  • Watch for + strvis(3) + and getenv(3) + abuse. + strvis(3) + is easy to get the destination string wrong for, and + getenv(3) can return strings much longer than the user might expect - they are one of the key ways an attack is often made on a program, causing it to overwrite stack or variables by setting its environment variables @@ -138,7 +143,7 @@ FreeBSD Security Officers if you have changes you'd like to see here.

  • Do uid management. So drop privs as soon as possible, and really drop them. Switching between euid and uid is not enough. Use - setuid() + setuid(2) when you can.

  • Never display configuration file contents on errors.