diff --git a/en/security/security.sgml b/en/security/security.sgml
index 499bb97eba..f4971265fe 100644
--- a/en/security/security.sgml
+++ b/en/security/security.sgml
@@ -1,11 +1,11 @@
-
+
%includes;
]>
-
+
&header;
@@ -29,10 +29,6 @@ introduce vulnerabilities.
Information about the FreeBSD Security Officer
Information handling policies
FreeBSD Security Advisories
-FreeBSD Security Mailing Lists Information
-FreeBSD Security Tips and Tricks
-Secure Programming Guidelines
-Other Related Security Information
@@ -289,318 +285,6 @@ for the very latest advisories please check the
&advisories.html.inc;
-
-FreeBSD Security Mailing Lists Information
-
-If you are administering or using any number of FreeBSD systems, you
-should probably be subscribed to one or more of the following lists:
-
-
-
-
-Secure Programming Guidelines
-
-- Never trust any source of input, i.e. command line arguments,
-environment variables, configuration files, incoming TCP/UDP/ICMP packets,
-hostname lookups, function arguments, etc. If the length of or contents of
-the data received is at all subject to outside control, then the program or
-function should watch for this when copying it around. Specific security
-issues to watch for in this are:
-
-
-
-- strcpy() and sprintf() calls from unbounded data. Use strncpy and
-snprintf() when the length is known (or implement some other form of
-bounds-checking when the length is unknown). In fact, never ever use
-gets() or sprintf(), period. If you do - we will send evil dwarfs after you.
-
-
-- If you have to check the user input so it does not contain bad
-characters of some sort, do NOT check for those bad characters. Instead
-simply verify that it consists ONLY of those characters that you do
-allow. In general concept is: disallow anything that is not
-explicitly allowed.
-
-
-- Read man pages for strncpy() and strncat() calls. Be sure to
-understand how they work!!! While strncpy() might not append a terminating
-\0, strncat() on the other hand adds the \0.
-
-
-- Watch for strvis() and getenv() abuse. With strvis() it is easy to get
-the destination string wrong, and getenv() can return strings much
-longer then the program might expect. These two functions are one of the
-key ways an attack is often made on a program, causing it to overwrite stack
-or variables by setting its environment variables to unexpected values. If
-your program reads environment variables, be paranoid. Be very paranoid!
-
-
-- Ever time you use open() or stat() call - ask yourself: "What if it
-is a symbolic link?"
-
-
-- Make sure to use mkstemp() instead of mktemp(), tempnam(), etc.
-Also make sure to look for races in /tmp in general, being aware that
-there are very few things which can be atomic in /tmp:
-
- - Creating a directory. This will either succeed or fail.
- - Opening a file O_CREAT | O_EXCL
-
-If you use mkstemp() the above cases will be properly handled for you. Hence
-all temp files should use mkstemp() to guarantee there is not race
-condition and that the permissions are correct.
-
-
-- If an attacker can force packets to go/come from another arbitrary
-system then that attacker has complete control over the data that we get
-and NONE of it should be trusted.
-
-
-- Never trust a configuration file is correctly formatted or that it was
-generated by the appropriate utility. Don't trust user input such as
-terminal names or language strings to be free of '/' or '../../../' if
-there is any chance that they can be used in a path name. Don't trust
-ANY paths supplied by the user when you are running setuid root.
-
-
-- Look for holes or weaknesses in how data is stored. All temp files
-should have 600 permission in order to be protected from prying eyes.
-
-
-- Do not just grep for the usual suspects in programs which run with
-elevated privileges. Look line by line for possible overflows in these
-cases since there are a lot more ways to cause buffer overflows than
-by abusing strcpy() and friends.
-
-
-- Just because you drop privileges somewhere, it does not mean that no
-exploit is possible. The attacker may put the necessary code on the
-stack to regain the privileges before executing /bin/sh.
-
-
-- Do uid management. Do drop privileges as soon as possible, and really
-do drop them. Switching between euid and uid is NOT enough. Use setuid()
-when you can.
-
-
-- Never display configuration file contents on errors. A line number and
-perhaps position count is enough. This is true for all libs and for any
-suid/sgid program.
-
-
-- Tips for those reviewing existing code for security problems:
-
-- If you are unsure of your security fixes, send them to a reviewer with
-whom you already have arrangements for a second glance over your
-code. Don't commit code you are not sure about since breaking something
-in the name of a security fix is rather embarrassing.
-
-
-- Those without CVS commit privileges should make sure that a reviewer
-with such privileges is among the last to review the changes. That person
-will both review and incorporate the final version you would like to have
-go into the tree.
-
-
-- When sending changes around for review, always use context or unidiff
-format diffs - this way diffs can be easily fed to patch(1). Do not simply
-send the whole files. Diffs are much easier to read and apply to local
-sources (especially those in which multiple, simultaneous changes may be
-taking place). All changes should be relative to the -current branch of
-development.
-
-
-- Always directly test your changes (e.g. build and run the affected
-sources) before sending them to a reviewer. Nobody likes being sent
-obviously broken stuff for review, and it just makes it appear as though
-the submitter didn't even really look at what he was submitting
-(which is also hardly
-confidence building). If you need accounts on a machine with a specific
-version which you don't have available - just ask. The project has
-resources available for exactly such purposes.
-
-
-- Note for committers: do not forget to retrofit -current patches into
-the -stable branch as appropriate.
-
-
-- Do not needlessly rewrite code to suit your style/tastes - it only
-makes the reviewer's job needlessly more difficult. Do so only if there
-are clear reasons for it.
-
-
-- Look out for programs doing complex things with signal
-handlers. Many routines in the various libraries are not sufficiently
-reentrant to make this safe.
-
-
-- Pay special attention to realloc() usage - more often then not the
-function is not used correctly.
-
-
-- When using fixed size buffers, use sizeof() to prevent lossage
-when a buffer size is changed but the code which uses it isn't. For
-example:
-
- char buf[1024];
- struct foo { ... };
- ...
-BAD:
- xxx(buf, 1024)
- xxx(yyy, sizeof(struct foo))
-GOOD:
- xxx(buf, sizeof(buf))
- xxx(yyy, sizeof(yyy))
-
-Be careful though with sizeof of pointers when you really want the size
-of where it points to!
-
-
-- Every time you see "char foo[###]", check every usage of foo to make
-sure that it can't be overflowed. If you can't avoid overflow (and cases
-of this have been seen), then at least malloc the buffer so that one can't
-walk on the stack.
-
-
-- Always close file descriptors as soon as you can - this makes it more
-likely that the stdio buffer contents will be discarded. In library
-routines, always set any file descriptors that you open to close-on-exec.
-
-
-
-A useful auditing tool is the its4 port, located in
-/usr/ports/security/its4/. This is an automated C code auditor which
-highlights potential trouble-spots in the code. It is a useful
-first-pass tool, but should not be relied upon as being authoritative,
-and a complete audit should include human examination of the entire
-code.
-
-For more information on secure programming techniques and resources, see
-the How to Write Secure Code
-resource center.
-
-
-FreeBSD Security Tips and Tricks
-There are several steps one must take to secure a FreeBSD system, or
-in fact any &unix; system:
-
-
-- Disabling potentially dangerous software
-A lot of software has to be run as a special privileged user to make
-use of specific resources, by making the executable set-uid. An
-example is UUCP or PPP software that makes use of a serial port, or
-sendmail which has to write in the mail spool and bind to a privileged
-network port. When you are not using UUCP, it is of little use to have
-software on your system and it may be wise to disable it. Of course,
-this requires good knowledge of what can be thrown away and what not,
-as well as good indication whether or not you will want the functionality
-in the future.
-Also some utilities you may find not useful enough to have
-around pose a possible security risk, like swapinfo. If you remove
-the set-uid bit for the executable (via 'chmod ug-s filename' command)
-you can always keep on using swapinfo when you're root. It is however
-not a good idea to strip so many sbits that you have to be root all
-the time.
-Not only remove programs that you don't use, also remove services you
-don't want or need to provide. This can be done by editing the
-/etc/inetd.conf and /etc/rc.conf files and turning
-off all services you don't use.
-
-- Fixing software which has security bugs (or how to stay one step ahead
-of crackers)
-Make sure you are subscribed to various FreeBSD Security
-mailing lists so you get updates on security bugs and
-fixes. Apply the fixes immediately.
-
-- Backups - repair your system if a security breach does occur
-Always have backups and a clean version of the operating system (e.g. on
-CD-Rom).
-Make sure your backups do not contain corrupted data or
-data modified by attackers.
-
-- Install software to watch the state of the system
-Programs like the tcp wrappers and tripwire (both in packages/ports) can
-help you to monitor activity on your system. This makes it easier
-to detect break-ins. Also read outputs of the /etc/security scripts
-which are run daily and mailed to the root account.
-
-- Educating the people who work on the system
-Users should know what they are doing. They should be told to never give
-out their password to anyone and to also use hard-to-guess passwords.
-Let them understand that the security of the system/network is partly
-in their hands.
-
-
-
-There is also a FreeBSD Security How-To available which provides some
-advanced tips on how to improve security of your system. You can
-find it at
-http://www.FreeBSD.org/~jkb/howto.html.
-Security is an ongoing process. Make sure you are following the latest
-developments in the security arena.
-
-
-What to do when you detect a security compromise
-
-
-- Determine the level of the security breach
-What privileges did the attacker get? Did the attacker manage to get
-root access? Did the attacker only manage to get user level access?
-
-- Determine if the state of system (kernel or userland) has been
-tampered with
-What software has been tampered with? Was new kernel installed? Were any
-of the system binaries (such as telnetd, login, etc) modified? If you
-believe an attacker could have done any tampering with an OS, you may want
-to re-install the operating system from a safe medium.
-
-- Find out how the break-in was done
-Did the break-in occur via a well-known security bug? If that is the case,
-make sure to install the correct patches. Was the break-in successful due
-to a misconfiguration? Was the break-in result of a new bug? If you believe
-the break-in occurred via a new bug, you should warn the
- FreeBSD Security
-Officer.
-
-- Fix the security hole
-Install new software or apply patches to the old one in order to fix the
-problems. Disable any compromised accounts.
-
-- Other resources
-CERT also offers
-detailed information
-on what steps to take in case of a system compromise.
-
-
-Other Related Security Information
-
-
&footer
-