os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Add links to manpages.

Browse source
This commit is contained in:
Wolfram Schneider 1997-10-03 20:53:38 +00:00
parent 274c3c80b7
commit 3971e967a6
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/www/; revision=2027
21 changed files with 205 additions and 105 deletions
Download patch file Download diff file Expand all files Collapse all files

17
en/security.sgml
View file

@ -1,9 +1,9 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN" [
<!ENTITY date "$Date: 1997-09-28 09:24:32 $">
<!ENTITY date "$Date: 1997-10-03 20:53:15 $">
<!ENTITY title "FreeBSD Security Guide">
<!ENTITY % includes SYSTEM "includes.sgml"> %includes;
]>
<!-- $Id: security.sgml,v 1.6 1997-09-28 09:24:32 wosch Exp $ -->
<!-- $Id: security.sgml,v 1.7 1997-10-03 20:53:15 wosch Exp $ -->
<HTML>
<HEAD>
@ -15,7 +15,7 @@
<H1>FreeBSD Security Guide</H1>
<em>Last Updated: $Date: 1997-09-28 09:24:32 $ </em>
<em>Last Updated: $Date: 1997-10-03 20:53:15 $ </em>
<P>This guide attempts to document some of the tips and tricks used by
many FreeBSD security experts for securing systems and writing secure
@ -69,8 +69,13 @@ FreeBSD Security Officers</a> if you have changes you'd like to see here.
<a href="http://www.freebsd.org/cgi/man.cgi?sprintf(3)">
sprintf(3)</a>, period.
<P><LI><A NAME="#rule1_2"></A>Watch for strvis(3) and getenv(3) abuse.
strvis() is easy to get the destination string wrong for, and getenv()
<P><LI><A NAME="#rule1_2"></A>Watch for
<a href="http://www.freebsd.org/cgi/man.cgi?strvis(3)">strvis(3)</a>
and <a href="http://www.freebsd.org/cgi/man.cgi?getenv(3)">getenv(3)</a>
abuse.
<a href="http://www.freebsd.org/cgi/man.cgi?strvis(3)">strvis(3)</a>
is easy to get the destination string wrong for, and
<a href="http://www.freebsd.org/cgi/man.cgi?getenv(3)">getenv(3)</a>
can return strings much longer than the user might expect - they are
one of the key ways an attack is often made on a program, causing it
to overwrite stack or variables by setting its environment variables
@ -138,7 +143,7 @@ FreeBSD Security Officers</a> if you have changes you'd like to see here.
<P><LI><A NAME="#rule2"></A>Do uid management. So drop privs as soon as possible,
and really drop them. Switching between euid and uid is not enough. Use
<a href="http://www.freebsd.org/cgi/man.cgi?setuid">setuid()</a>
<a href="http://www.freebsd.org/cgi/man.cgi?setuid(2)">setuid(2)</a>
when you can.
<P><LI><A NAME="#rule3"></A>Never display configuration file contents on errors.