Adjust wording a little...
Suggested-By: eivind
This commit is contained in:
parent
9d5a4db029
commit
f6f3f4e6d9
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/www/; revision=1165
2 changed files with 12 additions and 12 deletions
|
@ -1,5 +1,5 @@
|
||||||
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN" [
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN" [
|
||||||
<!ENTITY date "$Date: 1997-02-15 06:45:27 $">
|
<!ENTITY date "$Date: 1997-02-15 13:28:51 $">
|
||||||
<!ENTITY title "FreeBSD Security Guide">
|
<!ENTITY title "FreeBSD Security Guide">
|
||||||
<!ENTITY % includes SYSTEM "includes.sgml"> %includes;
|
<!ENTITY % includes SYSTEM "includes.sgml"> %includes;
|
||||||
]>
|
]>
|
||||||
|
@ -14,7 +14,7 @@
|
||||||
|
|
||||||
<H1>FreeBSD Security Guide</H1>
|
<H1>FreeBSD Security Guide</H1>
|
||||||
|
|
||||||
<em>Last Updated: $Date: 1997-02-15 06:45:27 $ </em>
|
<em>Last Updated: $Date: 1997-02-15 13:28:51 $ </em>
|
||||||
|
|
||||||
<P>This guide attempts to document some of the tips and tricks used by
|
<P>This guide attempts to document some of the tips and tricks used by
|
||||||
many FreeBSD security experts for securing systems and writing secure
|
many FreeBSD security experts for securing systems and writing secure
|
||||||
|
@ -41,10 +41,10 @@ to introduce security holes in the first place.
|
||||||
<P><UL>
|
<P><UL>
|
||||||
<LI><A NAME="#rule1"></A>Never trust any source of input, i.e. command line
|
<LI><A NAME="#rule1"></A>Never trust any source of input, i.e. command line
|
||||||
arguments, environment variables, configuration files, incoming UDP packets,
|
arguments, environment variables, configuration files, incoming UDP packets,
|
||||||
hostname lookups, etc. If the length or contents of the data received
|
hostname lookups, function arguments, etc. If the length or contents of
|
||||||
is at all subject to outside control then the program should watch
|
the data received is at all subject to outside control then the program
|
||||||
for this when copying it around. Specific security issues to watch for
|
or function should watch for this when copying it around. Specific
|
||||||
in this area are:
|
security issues to watch for in this area are:
|
||||||
|
|
||||||
<P><UL>
|
<P><UL>
|
||||||
<LI><A NAME="#rule1_1"></A>strcpy() and sprintf() calls from
|
<LI><A NAME="#rule1_1"></A>strcpy() and sprintf() calls from
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN" [
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN" [
|
||||||
<!ENTITY date "$Date: 1997-02-15 06:45:27 $">
|
<!ENTITY date "$Date: 1997-02-15 13:28:51 $">
|
||||||
<!ENTITY title "FreeBSD Security Guide">
|
<!ENTITY title "FreeBSD Security Guide">
|
||||||
<!ENTITY % includes SYSTEM "includes.sgml"> %includes;
|
<!ENTITY % includes SYSTEM "includes.sgml"> %includes;
|
||||||
]>
|
]>
|
||||||
|
@ -14,7 +14,7 @@
|
||||||
|
|
||||||
<H1>FreeBSD Security Guide</H1>
|
<H1>FreeBSD Security Guide</H1>
|
||||||
|
|
||||||
<em>Last Updated: $Date: 1997-02-15 06:45:27 $ </em>
|
<em>Last Updated: $Date: 1997-02-15 13:28:51 $ </em>
|
||||||
|
|
||||||
<P>This guide attempts to document some of the tips and tricks used by
|
<P>This guide attempts to document some of the tips and tricks used by
|
||||||
many FreeBSD security experts for securing systems and writing secure
|
many FreeBSD security experts for securing systems and writing secure
|
||||||
|
@ -41,10 +41,10 @@ to introduce security holes in the first place.
|
||||||
<P><UL>
|
<P><UL>
|
||||||
<LI><A NAME="#rule1"></A>Never trust any source of input, i.e. command line
|
<LI><A NAME="#rule1"></A>Never trust any source of input, i.e. command line
|
||||||
arguments, environment variables, configuration files, incoming UDP packets,
|
arguments, environment variables, configuration files, incoming UDP packets,
|
||||||
hostname lookups, etc. If the length or contents of the data received
|
hostname lookups, function arguments, etc. If the length or contents of
|
||||||
is at all subject to outside control then the program should watch
|
the data received is at all subject to outside control then the program
|
||||||
for this when copying it around. Specific security issues to watch for
|
or function should watch for this when copying it around. Specific
|
||||||
in this area are:
|
security issues to watch for in this area are:
|
||||||
|
|
||||||
<P><UL>
|
<P><UL>
|
||||||
<LI><A NAME="#rule1_1"></A>strcpy() and sprintf() calls from
|
<LI><A NAME="#rule1_1"></A>strcpy() and sprintf() calls from
|
||||||
|
|
Loading…
Reference in a new issue