The NetBSD Project

CVS log for src/etc/security

[BACK] Up to [cvs.NetBSD.org] / src / etc

Request diff between arbitrary revisions


Default branch: MAIN
Current tag: MAIN


Revision 1.115 / (download) - annotate - [select for diffs], Wed Nov 6 19:37:05 2013 UTC (5 months, 1 week ago) by spz
Branch: MAIN
CVS Tags: tls-earlyentropy-base, tls-earlyentropy, riastradh-xf86-video-intel-2-7-1-pre-2-21-15, riastradh-drm2-base3, HEAD
Changes since 1.114: +21 -6 lines
Diff to previous 1.114 (unified)

Introduce a variable for security.conf, default empty, to list users
whose home is (allowed to be) owned by another user.

It's a separate variable and not just check_passwd_permit_dups so I can
make security shut up about my uucp users.

Fixes the second half of PR misc/36063

Revision 1.114 / (download) - annotate - [select for diffs], Wed Nov 6 19:30:20 2013 UTC (5 months, 1 week ago) by spz
Branch: MAIN
Changes since 1.113: +10 -3 lines
Diff to previous 1.113 (unified)

having more than one line with the same group name and gid is not only
allowed, it's even recommended for groups with lots of members, so
do not warn about duplicate group name lines if the gid is the same

Revision 1.113 / (download) - annotate - [select for diffs], Sun Sep 8 08:19:40 2013 UTC (7 months, 1 week ago) by prlw1
Branch: MAIN
Changes since 1.112: +2 -1 lines
Diff to previous 1.112 (unified)

Add defaults for pkg_info and pkg_admin variables in case pkgpath.conf
is not installed.

Revision 1.112 / (download) - annotate - [select for diffs], Wed May 1 05:36:25 2013 UTC (11 months, 2 weeks ago) by agc
Branch: MAIN
CVS Tags: tls-maxphys-base, riastradh-drm2-base2, riastradh-drm2-base1, riastradh-drm2-base, riastradh-drm2, khorben-n900
Changes since 1.111: +7 -4 lines
Diff to previous 1.111 (unified)

Fix for problematic paths in /etc/daily and /etc/security reported in
PR/47645.

Add a separate file which contains the paths for the pkg_admin and
pkg_info utilities. This is called /etc/pkgpath.conf (to distinguish it
from pkg.conf).

Thanks also to Edgar Fuss for the sanity check.

Revision 1.111 / (download) - annotate - [select for diffs], Thu Apr 5 09:09:27 2012 UTC (2 years ago) by spz
Branch: MAIN
CVS Tags: yamt-pagecache-base8, yamt-pagecache-base7, yamt-pagecache-base6, yamt-pagecache-base5, yamt-pagecache-base4, agc-symver-base, agc-symver
Branch point for: tls-maxphys
Changes since 1.110: +12 -8 lines
Diff to previous 1.110 (unified)

change security so that there is a configuration value for the list of
users who will not be considered for duplicate uid check.
Seed it with 'toor' in defaults/security.conf.

Revision 1.110 / (download) - annotate - [select for diffs], Wed Mar 2 17:00:28 2011 UTC (3 years, 1 month ago) by christos
Branch: MAIN
CVS Tags: yamt-pagecache-base3, yamt-pagecache-base2, yamt-pagecache-base, netbsd-6-base, netbsd-6-1-RELEASE, netbsd-6-1-RC4, netbsd-6-1-RC3, netbsd-6-1-RC2, netbsd-6-1-RC1, netbsd-6-1-4-RELEASE, netbsd-6-1-3-RELEASE, netbsd-6-1-2-RELEASE, netbsd-6-1-1-RELEASE, netbsd-6-1, netbsd-6-0-RELEASE, netbsd-6-0-RC2, netbsd-6-0-RC1, netbsd-6-0-5-RELEASE, netbsd-6-0-4-RELEASE, netbsd-6-0-3-RELEASE, netbsd-6-0-2-RELEASE, netbsd-6-0-1-RELEASE, netbsd-6-0, netbsd-6, matt-nb6-plus-nbase, matt-nb6-plus-base, matt-nb6-plus, cherry-xenmp-base, cherry-xenmp, bouyer-quota2-nbase
Branch point for: yamt-pagecache
Changes since 1.109: +3 -3 lines
Diff to previous 1.109 (unified)

too much quoting. pointed by anon ymous

Revision 1.109 / (download) - annotate - [select for diffs], Mon Dec 27 03:38:52 2010 UTC (3 years, 3 months ago) by christos
Branch: MAIN
CVS Tags: matt-mips64-premerge-20101231, bouyer-quota2-base
Branch point for: bouyer-quota2
Changes since 1.108: +14 -14 lines
Diff to previous 1.108 (unified)

`` -> $()

Revision 1.108 / (download) - annotate - [select for diffs], Fri Feb 5 16:29:02 2010 UTC (4 years, 2 months ago) by jmmv
Branch: MAIN
Changes since 1.107: +18 -7 lines
Diff to previous 1.107 (unified)

Deprecate the pkgdb_dir settings from daily.conf and security.conf in
favor of the PKG_DBDIR variable in /etc/pkg_install.conf.  The purpose
of this is to only have to define the location of the packages database
in a single place and have all other system components pick it up.

pkgdb_dir is still honored if defined and the scripts will spit out a
warning in that case, asking the administrator to migrate to the
PKG_DBDIR setting.  We can't remove this compatibility workaround until,
at least, after NetBSD 6 is released.

Revision 1.107 / (download) - annotate - [select for diffs], Tue Jan 19 22:08:11 2010 UTC (4 years, 3 months ago) by jmmv
Branch: MAIN
Changes since 1.106: +20 -2 lines
Diff to previous 1.106 (unified)

Add the fetch_pkg_vulnerabilities option to the daily script to keep the
packages vulnerability database up to date.  This will only fetch the
file from the server if it has changed since the last run.

Add the check_pkg_vulnerabilities and check_pkg_signatures options to the
security script to check that the installed packages are sane.

All of these options are enabled by default but they will only run if
there is, at least, one installed package.

Revision 1.106 / (download) - annotate - [select for diffs], Tue Jan 27 10:32:18 2009 UTC (5 years, 2 months ago) by haad
Branch: MAIN
CVS Tags: matt-premerge-20091211, jym-xensuspend-nbase, jym-xensuspend-base, jym-xensuspend
Changes since 1.105: +17 -2 lines
Diff to previous 1.105 (unified)

Add support for lvm to security script. Backup lvm configuration to /var/backup/lvm with other system backups. Disable lvm check until MKLVM is enabled by default. no objections on tech-userlevel@.

Revision 1.105 / (download) - annotate - [select for diffs], Fri Nov 23 15:51:27 2007 UTC (6 years, 4 months ago) by dholland
Branch: MAIN
CVS Tags: yamt-pf42-baseX, yamt-pf42-base4, yamt-pf42-base3, yamt-pf42-base2, yamt-pf42-base, yamt-pf42, wrstuden-revivesa-base-3, wrstuden-revivesa-base-2, wrstuden-revivesa-base-1, wrstuden-revivesa-base, wrstuden-revivesa, netbsd-5-base, netbsd-5-2-RELEASE, netbsd-5-2-RC1, netbsd-5-2-2-RELEASE, netbsd-5-2-1-RELEASE, netbsd-5-2, netbsd-5-1-RELEASE, netbsd-5-1-RC4, netbsd-5-1-RC3, netbsd-5-1-RC2, netbsd-5-1-RC1, netbsd-5-1-4-RELEASE, netbsd-5-1-3-RELEASE, netbsd-5-1-2-RELEASE, netbsd-5-1-1-RELEASE, netbsd-5-1, netbsd-5-0-RELEASE, netbsd-5-0-RC4, netbsd-5-0-RC3, netbsd-5-0-RC2, netbsd-5-0-RC1, netbsd-5-0-2-RELEASE, netbsd-5-0-1-RELEASE, netbsd-5-0, netbsd-5, mjf-devfs2-base2, mjf-devfs2-base, mjf-devfs2, mjf-devfs-base, matt-nb5-pq3-base, matt-nb5-pq3, matt-nb5-mips64-u2-k2-k4-k7-k8-k9, matt-nb5-mips64-u1-k1-k5, matt-nb5-mips64-premerge-20101231, matt-nb5-mips64-premerge-20091211, matt-nb5-mips64-k15, matt-nb5-mips64, matt-nb4-mips64-k7-u2a-k9b, matt-mips64-base2, matt-armv6-nbase, matt-armv6-base, keiichi-mipv6-base, keiichi-mipv6, hpcarm-cleanup-nbase, hpcarm-cleanup-base, cube-autoconf-base, cube-autoconf
Branch point for: mjf-devfs
Changes since 1.104: +20 -8 lines
Diff to previous 1.104 (unified)

Handle non-trivial NIS compat entries (like +joe:::::::::) in the password
file. Fixes (my own) PR bin/33138.

reviewed: christos

Revision 1.104 / (download) - annotate - [select for diffs], Mon Aug 27 19:57:02 2007 UTC (6 years, 7 months ago) by adrianp
Branch: MAIN
Changes since 1.103: +3 -2 lines
Diff to previous 1.103 (unified)

The location of the pkg_info binary can now be specified in /etc/security.conf.
The default remains as /usr/sbin/pkg_info.  This should fix PR# 36746.

Revision 1.103 / (download) - annotate - [select for diffs], Thu Aug 9 07:50:58 2007 UTC (6 years, 8 months ago) by tron
Branch: MAIN
Branch point for: matt-armv6
Changes since 1.102: +15 -7 lines
Diff to previous 1.102 (unified)

Add code to monitor the disk wedges (see dk(4)) configured on the
system. Based on a patch contributed by Andreas Wrede in PR misc/36747.

Revision 1.102 / (download) - annotate - [select for diffs], Wed Jun 6 13:30:48 2007 UTC (6 years, 10 months ago) by martti
Branch: MAIN
CVS Tags: matt-mips64-base, matt-mips64, hpcarm-cleanup
Changes since 1.101: +2 -2 lines
Diff to previous 1.101 (unified)

Use "mktemp -d -t xxx" to create the temporary directories. This will use
TMPDIR environment variable if set, otherwise use /tmp.  (misc/35544)

Revision 1.101 / (download) - annotate - [select for diffs], Tue Mar 27 08:37:58 2007 UTC (7 years ago) by jnemeth
Branch: MAIN
Changes since 1.100: +3 -3 lines
Diff to previous 1.100 (unified)

PR/36058 -- fix check for group/other writable home directories from
Jukka Salmi

Revision 1.100 / (download) - annotate - [select for diffs], Tue Sep 26 08:32:40 2006 UTC (7 years, 6 months ago) by tron
Branch: MAIN
CVS Tags: netbsd-4-base
Branch point for: netbsd-4
Changes since 1.99: +37 -11 lines
Diff to previous 1.99 (unified)

Improve security check for "/etc/exports":
1.) Properly handle line continuation and network exports.
2.) Make the report more compact.

Patch contributed by Jukka Salmi in PR bin/24583.

Revision 1.99 / (download) - annotate - [select for diffs], Sat Sep 23 04:07:01 2006 UTC (7 years, 6 months ago) by jmcneill
Branch: MAIN
Changes since 1.98: +2 -1 lines
Diff to previous 1.98 (unified)

PR #26490: /etc/security is not aware of sha1 passwords

Revision 1.98 / (download) - annotate - [select for diffs], Thu May 25 02:38:10 2006 UTC (7 years, 10 months ago) by lukem
Branch: MAIN
CVS Tags: abandoned-netbsd-4-base, abandoned-netbsd-4
Changes since 1.97: +27 -7 lines
Diff to previous 1.97 (unified)

Implement check_devices_ignore_paths, which is a list of paths to
avoid traversing during check_devices.

Revision 1.97 / (download) - annotate - [select for diffs], Mon Apr 17 07:38:53 2006 UTC (8 years ago) by veego
Branch: MAIN
Changes since 1.96: +2 -2 lines
Diff to previous 1.96 (unified)

Don't try to backup a 'nfs' disklabel, which will happen because of the
recent iostat changes.
Patch supplied in pr# 33274 by Geoff C. Wing.

Revision 1.96 / (download) - annotate - [select for diffs], Sun Jan 29 23:17:24 2006 UTC (8 years, 2 months ago) by rpaulo
Branch: MAIN
Changes since 1.95: +3 -3 lines
Diff to previous 1.95 (unified)

PR 32666: /etc/security may cause tapes to rewind. By Duncan McEwan.

Revision 1.95 / (download) - annotate - [select for diffs], Mon Apr 11 15:46:42 2005 UTC (9 years ago) by peter
Branch: MAIN
Changes since 1.94: +3 -3 lines
Diff to previous 1.94 (unified)

Allow an underscore as first character and embedded underscores & dots
for login and group names.

Fixes PR misc/29913 from Arto Selonen.

Revision 1.94 / (download) - annotate - [select for diffs], Sat Feb 5 15:26:37 2005 UTC (9 years, 2 months ago) by jdolecek
Branch: MAIN
CVS Tags: netbsd-3-base
Branch point for: netbsd-3
Changes since 1.93: +9 -3 lines
Diff to previous 1.93 (unified)

add a check_passwd_permin_nonalpha option, which changes the passwd
test to permit non-alphanumeric characters in login names

Revision 1.93 / (download) - annotate - [select for diffs], Sun Nov 21 19:00:12 2004 UTC (9 years, 4 months ago) by kim
Branch: MAIN
Changes since 1.92: +3 -1 lines
Diff to previous 1.92 (unified)

When checking /etc/exports, account for "-network=XXX" as restricting
the mount (i.e. it is not considered globally exported).

Fixes PR: 26890

Revision 1.92 / (download) - annotate - [select for diffs], Tue Sep 28 15:03:58 2004 UTC (9 years, 6 months ago) by erh
Branch: MAIN
Changes since 1.91: +7 -4 lines
Diff to previous 1.91 (unified)

PR misc/7716: add configuration options find_core_ignore_fstypes and
check_devices_ignore_fstypes to allow the filesystem types that are
ignored during the daily and security runs to be adjusted.

Revision 1.91 / (download) - annotate - [select for diffs], Fri Jul 23 06:12:16 2004 UTC (9 years, 8 months ago) by lukem
Branch: MAIN
Changes since 1.90: +21 -26 lines
Diff to previous 1.90 (unified)

Merge /etc/mtree/special & /etc/mtree/special.local using "mtree -M".
This allows users to override mtree/special entries in mtree/special.local,
which is useful if you've replaced a directory with a symlink (for example).
This effectively makes $check_mtree_follow_symlinks=YES pointless, but
I'm retaining that for compatibility reasons.

Fix bug in generation of $MPBYUID (used "/^+/" instead of "/^\+/" as a regex),
which has existed for a long time but only failed with our awk; GNU awk seems
to have permitted this.  (This meant that the duplicate UID check was broken
when using our awk.)

Rename some temp files to more accurately reflect their purpose, to
aid debugging.

Revision 1.90 / (download) - annotate - [select for diffs], Fri Apr 9 17:33:35 2004 UTC (10 years ago) by kim
Branch: MAIN
Changes since 1.89: +2 -2 lines
Diff to previous 1.89 (unified)

Catch STDERR from /etc/security.local (not just STDOUT).

Revision 1.89 / (download) - annotate - [select for diffs], Fri Apr 2 13:13:47 2004 UTC (10 years ago) by jmmv
Branch: MAIN
Changes since 1.88: +3 -1 lines
Diff to previous 1.88 (unified)

Introduce and use the rcvar_manpage variable, which contains the manual page
name where the user should look at for documentation about rcvar.  It defaults
to 'rc.subr(5)', as rc.subr is mainly used by rc.d scripts.

This variable is useful to let the daily, weekly, monthly and security scripts
tune the warning message shown when any of the variables they handle is not
properly set.

Closes PR misc/23908.

Revision 1.88 / (download) - annotate - [select for diffs], Mon Feb 9 09:04:13 2004 UTC (10 years, 2 months ago) by jdolecek
Branch: MAIN
CVS Tags: netbsd-2-base, netbsd-2-1-RELEASE, netbsd-2-1-RC6, netbsd-2-1-RC5, netbsd-2-1-RC4, netbsd-2-1-RC3, netbsd-2-1-RC2, netbsd-2-1-RC1, netbsd-2-0-base, netbsd-2-0-RELEASE, netbsd-2-0-RC5, netbsd-2-0-RC4, netbsd-2-0-RC3, netbsd-2-0-RC2, netbsd-2-0-RC1, netbsd-2-0-3-RELEASE, netbsd-2-0-2-RELEASE, netbsd-2-0-1-RELEASE
Branch point for: netbsd-2-1, netbsd-2-0, netbsd-2
Changes since 1.87: +2 -2 lines
Diff to previous 1.87 (unified)

add missing && in the home directory group writability condition;
gawk somehow coped even without (defaults to && ?), but nawk printed
bogus warnings (defaults to || ?)

Revision 1.87 / (download) - annotate - [select for diffs], Wed Nov 19 20:28:19 2003 UTC (10 years, 5 months ago) by jhawk
Branch: MAIN
Changes since 1.86: +3 -2 lines
Diff to previous 1.86 (unified)

Provide a workaround for PR bin/12900.
When /dev is an fdesc, and /dev/tty is stat()ed without a controlling tty,
a "Device not configured" error is returned.

Filter mtree's stderr to ignore this error.

If fdesc is fixed to not behave in this fashion, this workaround can
be removed; bin/12900 should remain open until that time.

Revision 1.86 / (download) - annotate - [select for diffs], Tue Nov 18 03:30:40 2003 UTC (10 years, 5 months ago) by jhawk
Branch: MAIN
Changes since 1.85: +3 -2 lines
Diff to previous 1.85 (unified)

In check_varmail (mailbox ownership/permissions check):
  Make ls -A explicit, to help n debugging when not run as root
    (-A is implied when ls is run as root)
  Ignore dotfiles, as they are not mailboxes (e.g. .jhawk.pop)

Revision 1.85 / (download) - annotate - [select for diffs], Tue Nov 18 03:23:53 2003 UTC (10 years, 5 months ago) by jhawk
Branch: MAIN
Changes since 1.84: +15 -8 lines
Diff to previous 1.84 (unified)

XXX: note pairwise cascaded test inversion in permit_star.

Add checkyesno check_homes_permit_usergroups to allow group writability
  when the groupname matches the username.  Defaults to off.

Revision 1.84 / (download) - annotate - [select for diffs], Wed Oct 1 04:29:03 2003 UTC (10 years, 6 months ago) by jhawk
Branch: MAIN
Changes since 1.83: +6 -4 lines
Diff to previous 1.83 (unified)

Suppress output when running security.local if it produces no output.
/etc/security should produce no output (and thus suppress the report)
when nothing is wrong.

While we're here, use printf instead of two echos, like the rest of
the script.

Revision 1.83 / (download) - annotate - [select for diffs], Fri Feb 21 22:47:51 2003 UTC (11 years, 1 month ago) by jhawk
Branch: MAIN
Changes since 1.82: +4 -4 lines
Diff to previous 1.82 (unified)

Use $diff_options when running diff in /etc/security.
Default diff_options to -u, for unified-format context diffs,
because context is essential to a useful evaluation of differences.
This represents a behavior change.

Implements change-request PR security/17247 from
Takahiro Kambe <taca@sky.yamashina.kyoto.jp>.

Revision 1.82 / (download) - annotate - [select for diffs], Thu Feb 13 02:42:06 2003 UTC (11 years, 2 months ago) by jhawk
Branch: MAIN
Changes since 1.81: +8 -3 lines
Diff to previous 1.81 (unified)

Under check_mtree, invoke mtree with -L if check_mtree_follow_symlinks is set.
Apparently mtree -L is imperfect, but it is far better than the lack thereof
if symlinks are involved reaching files mtree verifies.

Revision 1.81 / (download) - annotate - [select for diffs], Thu Feb 13 01:55:10 2003 UTC (11 years, 2 months ago) by jhawk
Branch: MAIN
Changes since 1.80: +36 -20 lines
Diff to previous 1.80 (unified)

Add some flexibility to /etc/security, by way of security.conf options:
  check_passwd_nowarn_shells	Don't warn about these non-/etc/shells shells
  check_passwd_nowarn_users	Don't warn about these users
  check_passwd_permit_star	Don't warn about "*" in the $2 field
Behavior change: check_passwd_nowarn_shells defaults to /sbin/nologin and
  /usr/libexec/uucp/uucico, so that it will not warn about the default
  master.passwd.
The rationale here is that an administrator who chooses to permit these
  warnable conditions should not be warned about them day after day, yet
  should not be forced to disable check_passwd entirely.
check_passwd_permit_star is primarily of interest to sites who use *'d
  entries for Kerberos or ssh logins, despite the fact that we permit
  "*ssh" (etc.) for this purpose (legacy).

Revision 1.80 / (download) - annotate - [select for diffs], Mon Jan 6 20:30:30 2003 UTC (11 years, 3 months ago) by wiz
Branch: MAIN
Changes since 1.79: +18 -18 lines
Diff to previous 1.79 (unified)

writable, not writeable.

Revision 1.79 / (download) - annotate - [select for diffs], Tue Aug 20 07:53:51 2002 UTC (11 years, 8 months ago) by elric
Branch: MAIN
CVS Tags: fvdl_fs64_base
Changes since 1.78: +7 -6 lines
Diff to previous 1.78 (unified)

Added .k5login to the list of files that are checked in each user's
home directory.

Addresses PR: security/18000

Revision 1.78 / (download) - annotate - [select for diffs], Tue Jun 18 22:43:53 2002 UTC (11 years, 10 months ago) by itojun
Branch: MAIN
Changes since 1.77: +3 -3 lines
Diff to previous 1.77 (unified)

md5/bcrypt password starts with $[12], so use ^ in regex

Revision 1.77 / (download) - annotate - [select for diffs], Tue Jun 18 22:21:43 2002 UTC (11 years, 10 months ago) by itojun
Branch: MAIN
Changes since 1.76: +3 -2 lines
Diff to previous 1.76 (unified)

recognize md5/bcrypt password.  noted by: Eric Jacoboni <jaco@teaser.fr>

Revision 1.76 / (download) - annotate - [select for diffs], Mon Jun 10 16:04:48 2002 UTC (11 years, 10 months ago) by atatat
Branch: MAIN
Changes since 1.75: +3 -3 lines
Diff to previous 1.75 (unified)

The check_rootdotfiles section mucks with the PATH setting, but
never puts it back properly.  As such, jobs run later that expect
there to be a path will lose badly (eg, run lintpkgsrc -i from
security.local).  Let's just re-export the PATH.

Revision 1.75 / (download) - annotate - [select for diffs], Tue May 21 13:50:46 2002 UTC (11 years, 11 months ago) by lukem
Branch: MAIN
CVS Tags: netbsd-1-6-base
Branch point for: netbsd-1-6
Changes since 1.74: +27 -16 lines
Diff to previous 1.74 (unified)

Support shell metacharacters (`*', '?', '[') in /etc/changelist lines,
including checks for "backups that exist when actual file is deleted", a la
the existing mechanism used for "/etc/ifconfig.*" ... "/etc/rc.d/*" checks.
This resolves [security/15798] from Bob Kemp <bob@allegory.demon.co.uk>.

Revision 1.74 / (download) - annotate - [select for diffs], Tue Dec 18 00:44:20 2001 UTC (12 years, 4 months ago) by lukem
Branch: MAIN
Changes since 1.73: +2 -1 lines
Diff to previous 1.73 (unified)

Add nullfs to the list of file system types to skip during the "big finds".
Fix from Alan Barrett in [misc/14957].

Revision 1.73 / (download) - annotate - [select for diffs], Fri Nov 9 09:01:20 2001 UTC (12 years, 5 months ago) by lukem
Branch: MAIN
Changes since 1.72: +3 -3 lines
Diff to previous 1.72 (unified)

remove blank lines from the lists of files to backup_and_diff

Revision 1.72 / (download) - annotate - [select for diffs], Thu Oct 18 16:08:24 2001 UTC (12 years, 6 months ago) by lukem
Branch: MAIN
Changes since 1.71: +2 -2 lines
Diff to previous 1.71 (unified)

add -dgq to check_pkgs ls(1). suggested by @@@

Revision 1.71 / (download) - annotate - [select for diffs], Thu Oct 18 14:50:17 2001 UTC (12 years, 6 months ago) by taca
Branch: MAIN
Changes since 1.70: +2 -2 lines
Diff to previous 1.70 (unified)

Add -T option to ls(1) when -l option is specified.
This fixes none-changed files under ${backup_dir}/pkgs as bellow:

======
/var/backups/pkgs diffs (OLD < > NEW)
======
159c159
< -rw-r--r--  1 root  wheel     528 Apr 19 01:11 ja-less-332/+CONTENTS
---
> -rw-r--r--  1 root  wheel     528 Apr 19  2001 ja-less-332/+CONTENTS

Revision 1.70 / (download) - annotate - [select for diffs], Mon Oct 15 03:00:22 2001 UTC (12 years, 6 months ago) by lukem
Branch: MAIN
Changes since 1.69: +2 -2 lines
Diff to previous 1.69 (unified)

Use "nodiff" instead of "nomail" for the tag which is used to exclude
files from having the changes diff generated.  Suggested by Michael Graff.

Revision 1.69 / (download) - annotate - [select for diffs], Sun Oct 14 00:42:31 2001 UTC (12 years, 6 months ago) by lukem
Branch: MAIN
Changes since 1.68: +3 -3 lines
Diff to previous 1.68 (unified)

minor optimisation suggested by christos

Revision 1.68 / (download) - annotate - [select for diffs], Sat Oct 13 14:22:11 2001 UTC (12 years, 6 months ago) by lukem
Branch: MAIN
Changes since 1.67: +23 -17 lines
Diff to previous 1.67 (unified)

A few more changes, from more discussions with Andrew Brown.
- Resurrect /etc/changelist, even if it's an "empty" file by default,
  because it's easier to use than /etc/mtree/special.local for adding
  a couple of simple files. Back by popular demand (hi @@@! :-)
- Add /etc/rc.d/* to the list of "dynamic" files; this notices changes
  in user-added scripts
- Only calculate the mtree -I nomail list once, and re-use
- Use "cat foo | while read file" instead of "for file in `cat foo`" ;
  handles whitespace better...

Revision 1.67 / (download) - annotate - [select for diffs], Fri Oct 12 05:18:23 2001 UTC (12 years, 6 months ago) by lukem
Branch: MAIN
Changes since 1.66: +240 -134 lines
Diff to previous 1.66 (unified)

Major overhaul, with help from Andrew Brown <atatat@netbsd.org>.

Features:
- Add a bunch of stuff to /etc/mtree/special to enable removal of
  /etc/changelist:
	- files which we want to monitor for changes but don't want to
	  see the diffs of (master.passwd, ssh_host_key, ...) are
	  tagged with "nomail"
	- files which we don't want to monitor are tagged with "exclude"
	  (such as netgroup.db, kvm.db, ...)
	- monitor /etc/mtree/special.local, /root/.ssh/*
	- remove /etc/changelist, and a bunch of XXX comments
	- use mtree(8)'s -D, -I, and -E to generate lists of files to
	  actually do the changelist stuff on.
	- support /etc/mtree/special.local as an optional user-provided
	  version of /etc/mtree/special (effectively, an enhanced
	  /etc/changelist)
- Add code to monitor: /etc/ifconfig.* /etc/raid*.conf /etc/rc.conf.d/*
  including support for these files being added and removed at will.
- If /sbin/fdisk exists, backup the output of "fdisk $disk" for all
  the active disk drives as part of $check_disklabels
- Check permissions on: ~/.ssh/* ~/.shosts

Details:
- Reorder initialisation of defaults
- Remove special case for /etc/master.passwd "monitor but don't email diffs"
  with general case for other similar files.
- Keep all `autogenerated' files (such as disklabel.*, setuid.current, ...)
  in "$backup_dir/work", to minimise name clashes.
- Add migrate_file(old, new) to do the hard work of migrating files
  from the old `top level' /var/backups mechanism to the `full path'
  mechanism recently added. Use this appropriately.
- Add backup_and_diff(file, printdiffs), to the hard work of backing-up
  and diff-ing files.
- Cleanup use of shell redirects
- /bin/sh supports ~root globbing, so use it.
- Improve umask checking; use awk regex rather than awk math

Revision 1.66 / (download) - annotate - [select for diffs], Fri Oct 5 01:06:17 2001 UTC (12 years, 6 months ago) by lukem
Branch: MAIN
Changes since 1.65: +4 -4 lines
Diff to previous 1.65 (unified)

minor whitespace fix

Revision 1.65 / (download) - annotate - [select for diffs], Wed Oct 3 15:41:25 2001 UTC (12 years, 6 months ago) by lukem
Branch: MAIN
Changes since 1.64: +4 -4 lines
Diff to previous 1.64 (unified)

replace "pkg_dbdir" with "pkgdb_dir", to be consistent with "backup_dir"

Revision 1.64 / (download) - annotate - [select for diffs], Wed Oct 3 07:04:32 2001 UTC (12 years, 6 months ago) by cjs
Branch: MAIN
Changes since 1.63: +2 -1 lines
Diff to previous 1.63 (unified)

Since we store the output of ls for use later, make sure that we have TZ=UTC.
(Otherwise time zone changes cause us to believe that files have changed
when they have not.)

Revision 1.63 / (download) - annotate - [select for diffs], Wed Oct 3 00:12:17 2001 UTC (12 years, 6 months ago) by lukem
Branch: MAIN
Changes since 1.62: +30 -22 lines
Diff to previous 1.62 (unified)

- clean up a couple of comments
- reformat some awk blocks
- replace "sed 1d | awk '...'" with "awk 'NR==1 {next;} ...'"

Revision 1.62 / (download) - annotate - [select for diffs], Mon Oct 1 02:21:20 2001 UTC (12 years, 6 months ago) by atatat
Branch: MAIN
Changes since 1.61: +19 -4 lines
Diff to previous 1.61 (unified)

Add a chunk of code to check the installed pkgs list by making a list
of all installed pkgs and their +CONTENTS and +REQUIRED_BY files (if
they have one) and handling this file along with all the other
CHANGELIST stuff.

Greg Woods gets points for coming up with the idea.

Luke Mewburn asked me to do it, and provided lots of criticism along
the way.

Revision 1.61 / (download) - annotate - [select for diffs], Mon Sep 24 03:19:43 2001 UTC (12 years, 6 months ago) by lukem
Branch: MAIN
Changes since 1.60: +2 -2 lines
Diff to previous 1.60 (unified)

remove acd (non existant), add ld (for hw raid logical drives)

Revision 1.60 / (download) - annotate - [select for diffs], Sun Sep 23 19:51:20 2001 UTC (12 years, 6 months ago) by perry
Branch: MAIN
Changes since 1.59: +2 -2 lines
Diff to previous 1.59 (unified)

add raid, remove cd drives and floppy drives from the nightly disk
permissions checks.

note: This whole thing needs to be rototilled. And yes, I'm
volunteering to do it.

Revision 1.59 / (download) - annotate - [select for diffs], Sun Sep 23 19:10:25 2001 UTC (12 years, 6 months ago) by perry
Branch: MAIN
Changes since 1.58: +7 -2 lines
Diff to previous 1.58 (unified)

Update the password sanity checking thusly:
1) If a password entry is of the form \*[A-z-]+, do not complain that
   the account is off but has a valid password. Thus you can do
   passwords like *ssh to indicate ssh only logins.
   We should come up with a standard scheme for what various *keywords mean.
   Note that if the field length is 13, 20 or 34 you'll still get
   bitched at.
   This code should be cleaned up. (So should the password scheme.)
2) If the entry is for "toor", don't complain that the account is off
   but has a valid shell. We ship with toor:*:, there is no point in
   complaining about it.

Part of the campaign against spurious security warning output.

Revision 1.58 / (download) - annotate - [select for diffs], Sat Sep 22 04:06:23 2001 UTC (12 years, 7 months ago) by perry
Branch: MAIN
Changes since 1.57: +2 -2 lines
Diff to previous 1.57 (unified)

run mtree on the special file using the new -l option, so it will not
complain about things like files set 444 instead of 644.

part of the campaign against spurious output in the nightly security run.

Revision 1.57 / (download) - annotate - [select for diffs], Sun Aug 26 11:55:38 2001 UTC (12 years, 7 months ago) by simonb
Branch: MAIN
Changes since 1.56: +3 -3 lines
Diff to previous 1.56 (unified)

Remove rz/tz support for pmax, switch to MI SCSI.

Revision 1.56 / (download) - annotate - [select for diffs], Mon Jun 18 10:54:02 2001 UTC (12 years, 10 months ago) by lukem
Branch: MAIN
Changes since 1.55: +8 -12 lines
Diff to previous 1.55 (unified)

use mktemp(1) to create temporary directories, and ensure that cleanup traps
are setup asap.

Revision 1.55 / (download) - annotate - [select for diffs], Thu Jun 14 07:50:07 2001 UTC (12 years, 10 months ago) by lukem
Branch: MAIN
Changes since 1.54: +2 -2 lines
Diff to previous 1.54 (unified)

use symbolic signal names instead of numbers

Revision 1.54 / (download) - annotate - [select for diffs], Thu May 10 14:19:27 2001 UTC (12 years, 11 months ago) by atatat
Branch: MAIN
Changes since 1.53: +21 -3 lines
Diff to previous 1.53 (unified)

When backing files listed in /etc/changelist, instead of truncating
to the basename of the file, use the whole path with $backup_dir
prepended, in effect mirrorring the directory tree.  This eliminates
the possibility of a name collision.

Closes pr bin/12727.

Revision 1.53 / (download) - annotate - [select for diffs], Thu May 10 14:10:15 2001 UTC (12 years, 11 months ago) by atatat
Branch: MAIN
Changes since 1.52: +3 -3 lines
Diff to previous 1.52 (unified)

Allow embedded hyphens in user names (and group names), just not as the
first or last character.

Revision 1.52 / (download) - annotate - [select for diffs], Wed Apr 4 03:17:19 2001 UTC (13 years ago) by atatat
Branch: MAIN
Changes since 1.51: +12 -20 lines
Diff to previous 1.51 (unified)

Provide the capability of storing backups via RCS instead of just a
"current" and a "last" (which is useless if you wanna know what you
changed last week).  Set the default to on.

Revision 1.51 / (download) - annotate - [select for diffs], Thu Mar 15 02:23:47 2001 UTC (13 years, 1 month ago) by hubertf
Branch: MAIN
Changes since 1.50: +1 -7 lines
Diff to previous 1.50 (unified)

Run skeyaudit (only) from /etc/daily instead of /etc/security, else there's
some risk that the users don't get warned if an admin turns off running
/etc/security (by putting run_security=no into daily.conf).

Fixes PR 12267.

Revision 1.50 / (download) - annotate - [select for diffs], Mon Mar 12 16:48:13 2001 UTC (13 years, 1 month ago) by atatat
Branch: MAIN
Changes since 1.49: +2 -2 lines
Diff to previous 1.49 (unified)

Allow md5 passwords of length 34 as passwords

Revision 1.49 / (download) - annotate - [select for diffs], Sun Feb 11 09:55:09 2001 UTC (13 years, 2 months ago) by jdolecek
Branch: MAIN
Changes since 1.48: +8 -4 lines
Diff to previous 1.48 (unified)

Introduce max_grouplen - this determines the maximum permitted length
of group names, similarily to max_loginlen

Revision 1.48 / (download) - annotate - [select for diffs], Tue Jan 9 17:30:29 2001 UTC (13 years, 3 months ago) by abs
Branch: MAIN
Changes since 1.47: +16 -13 lines
Diff to previous 1.47 (unified)

Add a new variable 'backup_dir', which can be used to change the backup
directory from /var/backup (useful for those of us who have a separate /var
and would like to have our backup disklabels on the root filesystem).
Default behaviour unchanged. backup_dir being unset is taken as /var/backup.

Revision 1.47 / (download) - annotate - [select for diffs], Sat Oct 7 07:36:56 2000 UTC (13 years, 6 months ago) by lukem
Branch: MAIN
Changes since 1.46: +5 -5 lines
Diff to previous 1.46 (unified)

use ${foo##*/} instead of `basename $foo`.  as suggested (with minor variation)
by Toru Nishimura <nisimura@itc.aist-nara.ac.jp>

Revision 1.46 / (download) - annotate - [select for diffs], Sun Sep 10 21:27:50 2000 UTC (13 years, 7 months ago) by christos
Branch: MAIN
Changes since 1.45: +6 -6 lines
Diff to previous 1.45 (unified)

PR/10982: kilbi@rad.rwth-aachen.de: Don't confuse printf with usernames
that start with -.

Revision 1.45 / (download) - annotate - [select for diffs], Sun Jul 2 22:27:47 2000 UTC (13 years, 9 months ago) by sommerfeld
Branch: MAIN
Changes since 1.44: +19 -8 lines
Diff to previous 1.44 (unified)

Fix pr9320: improve umask checking for root's dotfiles.
Now even notices bogus umasks like 044

Revision 1.44 / (download) - annotate - [select for diffs], Fri May 26 17:08:21 2000 UTC (13 years, 10 months ago) by ad
Branch: MAIN
CVS Tags: netbsd-1-5-base, minoura-xpg4dl-base, minoura-xpg4dl
Branch point for: netbsd-1-5
Changes since 1.43: +7 -1 lines
Diff to previous 1.43 (unified)

We may as well allow local additions to /etc/security, since it gets done
for the other periodic checks.

Revision 1.43 / (download) - annotate - [select for diffs], Fri May 5 18:28:53 2000 UTC (13 years, 11 months ago) by itojun
Branch: MAIN
Changes since 1.42: +7 -5 lines
Diff to previous 1.42 (unified)

check /etc/mail/aliases on check_aliases.
/etc/aliases will be checked as well, if exists (for backward compatibility).

Revision 1.42 / (download) - annotate - [select for diffs], Mon Apr 24 23:46:37 2000 UTC (13 years, 11 months ago) by fair
Branch: MAIN
Changes since 1.41: +7 -1 lines
Diff to previous 1.41 (unified)

Add skeyaudit to /etc/security (with a variable to disable) per PR 5871

Revision 1.41 / (download) - annotate - [select for diffs], Sat Jan 15 01:15:12 2000 UTC (14 years, 3 months ago) by christos
Branch: MAIN
Changes since 1.40: +2 -2 lines
Diff to previous 1.40 (unified)

Use cat -f to avoid denial of service attacks by people who make .rhosts
files fifos.

Revision 1.40 / (download) - annotate - [select for diffs], Sun Sep 5 15:11:42 1999 UTC (14 years, 7 months ago) by perry
Branch: MAIN
CVS Tags: wrstuden-devbsize-base, wrstuden-devbsize-19991221, wrstuden-devbsize, comdex-fall-1999-base, comdex-fall-1999
Changes since 1.39: +2 -2 lines
Diff to previous 1.39 (unified)

We already had logic not to try to grab the disklabels of md's and
fd's -- add cd's to the list.

Revision 1.39 / (download) - annotate - [select for diffs], Thu Jul 22 00:47:50 1999 UTC (14 years, 9 months ago) by hubertf
Branch: MAIN
Changes since 1.38: +3 -3 lines
Diff to previous 1.38 (unified)

Use standard variable "$0" for the whole line instead of the non-standard,
undocumented "$LINE".

Submitted in PR 7041 by Greg A. Woods <woods@weird.com>

Revision 1.38 / (download) - annotate - [select for diffs], Fri Apr 23 08:20:28 1999 UTC (15 years ago) by kleink
Branch: MAIN
Changes since 1.37: +6 -6 lines
Diff to previous 1.37 (unified)

Get rid of old-style chown operands.

Revision 1.37 / (download) - annotate - [select for diffs], Wed Mar 17 19:11:05 1999 UTC (15 years, 1 month ago) by wrstuden
Branch: MAIN
CVS Tags: netbsd-1-4-base, netbsd-1-4-RELEASE, netbsd-1-4-PATCH001
Branch point for: netbsd-1-4
Changes since 1.36: +6 -3 lines
Diff to previous 1.36 (unified)

Add a commented-out duplicate id checker which doesn't exclude toor, and
add a comment saying how to switch it on.

Revision 1.36 / (download) - annotate - [select for diffs], Wed Mar 17 02:58:11 1999 UTC (15 years, 1 month ago) by wrstuden
Branch: MAIN
Changes since 1.35: +4 -2 lines
Diff to previous 1.35 (unified)

Modify duplicate user id check to exclude "toor". Any other uid 0
accounts will generate a message with that (those) account names, root, and
toor present in the list.

Revision 1.35 / (download) - annotate - [select for diffs], Tue Mar 16 06:18:17 1999 UTC (15 years, 1 month ago) by fair
Branch: MAIN
Changes since 1.34: +2 -2 lines
Diff to previous 1.34 (unified)

Fix PR 5068 - scanning ~user/.rhosts files on NFS mounted home
directories with -maproot=nobody on the server. The argument to be
made is that if NetBSD's root can't read these files, it shouldn't
try to check them.

Revision 1.34 / (download) - annotate - [select for diffs], Thu Feb 18 18:53:33 1999 UTC (15 years, 2 months ago) by abs
Branch: MAIN
Changes since 1.33: +19 -7 lines
Diff to previous 1.33 (unified)

Handle + in master.passwd (From PR#4802).
Also, handle + in group and allow max_loginlen to be configurable.

Revision 1.33 / (download) - annotate - [select for diffs], Mon Sep 14 19:42:42 1998 UTC (15 years, 7 months ago) by tv
Branch: MAIN
Changes since 1.32: +2 -2 lines
Diff to previous 1.32 (unified)

Nix "Login %s is off but still has a valid shell" warning for 20-character
encrypted passwords generated by the NEWSALT option to passwd(1).

Revision 1.32 / (download) - annotate - [select for diffs], Tue Aug 25 13:47:29 1998 UTC (15 years, 7 months ago) by lukem
Branch: MAIN
Changes since 1.31: +48 -9 lines
Diff to previous 1.31 (unified)

* if $check_disklabels=YES, backup and compare of disklabels of current disks.
  should detect added or removed disks as well. backup labels go in
  /var/backups/disklabel.XXX (XXX = disk name, e.g., sd0), and the
  changelist style backups have .current or .backup suffixes
* minor whitespace, formatting, and comment cleanup

Revision 1.31 / (download) - annotate - [select for diffs], Mon Jan 26 12:02:55 1998 UTC (16 years, 2 months ago) by lukem
Branch: MAIN
Changes since 1.30: +20 -13 lines
Diff to previous 1.30 (unified)

include rc.subr and use appropriately

Revision 1.30 / (download) - annotate - [select for diffs], Wed Oct 8 16:13:44 1997 UTC (16 years, 6 months ago) by mycroft
Branch: MAIN
CVS Tags: netbsd-1-3-base, netbsd-1-3-RELEASE, netbsd-1-3-PATCH003-CANDIDATE2, netbsd-1-3-PATCH003-CANDIDATE1, netbsd-1-3-PATCH003-CANDIDATE0, netbsd-1-3-PATCH003, netbsd-1-3-PATCH002, netbsd-1-3-PATCH001, netbsd-1-3-BETA, netbsd-1-3
Changes since 1.29: +13 -5 lines
Diff to previous 1.29 (unified)

Deal with files in the changelist that are added or removed.
* When a file is removed, move its .current file to .backup.
* When a file is added, create its .current file.
* In either case, send a diff against /dev/null.
Mostly from Jim Bernard in PR 4183, with the removal case fixed.

Revision 1.29 / (download) - annotate - [select for diffs], Tue Sep 23 14:36:56 1997 UTC (16 years, 7 months ago) by lukem
Branch: MAIN
Changes since 1.28: +9 -10 lines
Diff to previous 1.28 (unified)

- use 'ftpd -C user' to check the format of /etc/ftpusers.
  closes [security/4061]
- rename $MPPATH to $MPBYPATH, to clarify its use

Revision 1.28 / (download) - annotate - [select for diffs], Thu Sep 18 05:16:19 1997 UTC (16 years, 7 months ago) by lukem
Branch: MAIN
Changes since 1.27: +52 -42 lines
Diff to previous 1.27 (unified)

- don't print "Checking setuid files and devices:" if no problems
  found (solves [security/4047])
- minor cleanup (rename a couple of variables, etc)

Revision 1.27 / (download) - annotate - [select for diffs], Fri Aug 22 09:40:17 1997 UTC (16 years, 8 months ago) by lukem
Branch: MAIN
Changes since 1.26: +62 -61 lines
Diff to previous 1.26 (unified)

- correct use of generated temporary files.
- clean up comments and generated output.
- clean up $SECUREDIR if SIGINT or SIGQUIT received.
- .rhosts may have to be world readable in NFS environments, so allow it to be.
- update list of disks to check for reasonable permissions
- don't show differences in /etc/master.passwd, as the encrypted strings may
  be sent. From reading comments earlier in the script, this was the intention
  anyway. Fix from Jim Bernard <jbernard@tater.mines.edu> in [security/3994].
- when checking /etc/ftpusers, skip comment lines and only match full
  usernames.
  XXX: this should be enhanced to check lines of the enhanced ftpusers format.

Revision 1.26 / (download) - annotate - [select for diffs], Tue Aug 19 12:08:35 1997 UTC (16 years, 8 months ago) by lukem
Branch: MAIN
Changes since 1.25: +9 -4 lines
Diff to previous 1.25 (unified)

* ensure that check for '.' in root's $PATH doesn't yield a false positive.
  fix from Jim Bernard <jbernard@tater.mines.edu> in [security/3995]
* detect empty :: elements as '.' in a sh(1) path (leading :, trailing :,
  or ::)

Revision 1.25 / (download) - annotate - [select for diffs], Tue Jun 24 02:32:38 1997 UTC (16 years, 10 months ago) by lukem
Branch: MAIN
Changes since 1.24: +36 -19 lines
Diff to previous 1.24 (unified)

* when checking /etc/master.passwd, read in /etc/shells for a list of
  valid shells and then check each active account against that
* remove unnecessary ()s in a few printf's.

Revision 1.24 / (download) - annotate - [select for diffs], Tue Jun 24 01:16:47 1997 UTC (16 years, 10 months ago) by lukem
Branch: MAIN
Changes since 1.23: +3 -3 lines
Diff to previous 1.23 (unified)

* take advantage of xargs -0 when finding devices and set?id files
* use 'ls -q' in the above, so that characters that may cause problems
  in the output are replaced with '?'

Revision 1.23 / (download) - annotate - [select for diffs], Mon Jun 23 11:59:30 1997 UTC (16 years, 10 months ago) by lukem
Branch: MAIN
Changes since 1.22: +2 -2 lines
Diff to previous 1.22 (unified)

Also check /etc/profile for setting of umask.
From Chris Jones <cjones@rupert.oscs.montana.edu> in [misc/3763]

Revision 1.22 / (download) - annotate - [select for diffs], Mon Jun 23 01:49:15 1997 UTC (16 years, 10 months ago) by lukem
Branch: MAIN
Changes since 1.21: +5 -1 lines
Diff to previous 1.21 (unified)

Ignore blank lines and comments in /etc/exports
From Jaromir Dolecek <dolecek@moria.ics.muni.cz> in [misc/3691]

Revision 1.21 / (download) - annotate - [select for diffs], Mon Apr 21 17:38:39 1997 UTC (17 years ago) by mycroft
Branch: MAIN
Changes since 1.20: +4 -4 lines
Diff to previous 1.20 (unified)

Don't list directories with the setuid bit set or FIFOs.

Revision 1.20 / (download) - annotate - [select for diffs], Mon Apr 21 11:19:57 1997 UTC (17 years ago) by mycroft
Branch: MAIN
Changes since 1.19: +10 -10 lines
Diff to previous 1.19 (unified)

Minor cleanup.

Revision 1.19 / (download) - annotate - [select for diffs], Mon Apr 21 11:14:41 1997 UTC (17 years ago) by mycroft
Branch: MAIN
Changes since 1.18: +14 -8 lines
Diff to previous 1.18 (unified)

When doing security checks in user home directory, sort by home directory, to
optimize lookups a little.
Also, add some more files to the naughty lists.

Revision 1.18 / (download) - annotate - [select for diffs], Thu Apr 17 07:42:07 1997 UTC (17 years ago) by mikel
Branch: MAIN
Changes since 1.17: +3 -3 lines
Diff to previous 1.17 (unified)

make /etc/aliases check a bit more discriminating: the line must be
uncommented, and it must contain a '|' character (forwarding to program).

Revision 1.17 / (download) - annotate - [select for diffs], Mon Mar 10 09:45:58 1997 UTC (17 years, 1 month ago) by mycroft
Branch: MAIN
Changes since 1.16: +13 -13 lines
Diff to previous 1.16 (unified)

Minor cleanup.

Revision 1.16 / (download) - annotate - [select for diffs], Fri Feb 14 08:52:05 1997 UTC (17 years, 2 months ago) by mikel
Branch: MAIN
Changes since 1.15: +7 -9 lines
Diff to previous 1.15 (unified)

Don't leave logs in /etc/mtree; from Andrew Wheadon in PR misc/3106.
Also fixed some comments.

Revision 1.15 / (download) - annotate - [select for diffs], Sun Jan 5 11:46:12 1997 UTC (17 years, 3 months ago) by mrg
Branch: MAIN
Changes since 1.14: +444 -404 lines
Diff to previous 1.14 (unified)

add configuration file for security, as security.conf.
the file allows each action taken by security to be
turned on or off.

Revision 1.14 / (download) - annotate - [select for diffs], Wed May 22 00:51:08 1996 UTC (17 years, 11 months ago) by mrg
Branch: MAIN
Changes since 1.13: +3 -2 lines
Diff to previous 1.13 (unified)

ignore setgid on dirs.

Revision 1.13 / (download) - annotate - [select for diffs], Sun Jan 14 00:58:25 1996 UTC (18 years, 3 months ago) by pk
Branch: MAIN
CVS Tags: netbsd-1-2-base, netbsd-1-2-RELEASE, netbsd-1-2-PATCH001, netbsd-1-2-BETA, netbsd-1-2
Changes since 1.12: +11 -8 lines
Diff to previous 1.12 (unified)

Several fixes from Arne H. Juul (PR#1814).

Revision 1.12 / (download) - annotate - [select for diffs], Sun Dec 17 02:01:14 1995 UTC (18 years, 4 months ago) by thorpej
Branch: MAIN
Changes since 1.11: +1 -1 lines
Diff to previous 1.11 (unified)

New-style RCS ids.

Revision 1.11 / (download) - annotate - [select for diffs], Tue Jan 31 16:09:45 1995 UTC (19 years, 2 months ago) by jtc
Branch: MAIN
CVS Tags: netbsd-1-1-base, netbsd-1-1-RELEASE, netbsd-1-1-PATCH001, netbsd-1-1
Changes since 1.10: +2 -2 lines
Diff to previous 1.10 (unified)

Change .emacsrc to .emacs in list of files to be checked.
From Mike Long, in PR #768.

Revision 1.10 / (download) - annotate - [select for diffs], Tue Oct 18 16:52:57 1994 UTC (19 years, 6 months ago) by mycroft
Branch: MAIN
Changes since 1.9: +3 -2 lines
Diff to previous 1.9 (unified)

Fix the fstype-based pruning algorithms.  Partly suggested by John Kohl.

Revision 1.9 / (download) - annotate - [select for diffs], Wed Jun 15 04:28:20 1994 UTC (19 years, 10 months ago) by cgd
Branch: MAIN
CVS Tags: netbsd-1-0-base
Branch point for: netbsd-1-0
Changes since 1.8: +529 -43 lines
Diff to previous 1.8 (unified)

update to new security script

Revision 1.8 / (download) - annotate - [select for diffs], Sat Jan 15 18:32:06 1994 UTC (20 years, 3 months ago) by cgd
Branch: MAIN
Changes since 1.7: +1 -1 lines
Diff to previous 1.7 (unified)

people importing trees from SunOS should be shot; add -d to ls.

Revision 1.7 / (download) - annotate - [select for diffs], Wed Dec 15 07:07:36 1993 UTC (20 years, 4 months ago) by mycroft
Branch: MAIN
Changes since 1.6: +2 -2 lines
Diff to previous 1.6 (unified)

Find only set[gu]id files and devices, like old ncheck(1).

Revision 1.6 / (download) - annotate - [select for diffs], Wed Oct 27 16:59:13 1993 UTC (20 years, 5 months ago) by cgd
Branch: MAIN
Changes since 1.5: +3 -3 lines
Diff to previous 1.5 (unified)

use of xargs wasn't strictly a security hole, but could lead to fouled-
up results.  xargs should really have an option to automatically
'quote' input.

Revision 1.5 / (download) - annotate - [select for diffs], Wed Oct 27 09:54:31 1993 UTC (20 years, 5 months ago) by mycroft
Branch: MAIN
Changes since 1.4: +2 -4 lines
Diff to previous 1.4 (unified)

Use xargs(1) to avoid overflowing the argument list to ls(1).

Revision 1.4 / (download) - annotate - [select for diffs], Tue Oct 26 01:38:57 1993 UTC (20 years, 5 months ago) by cgd
Branch: MAIN
Changes since 1.3: +7 -4 lines
Diff to previous 1.3 (unified)

from FreeBSD: check for set*id devices in a way closer to the original.
note that you can still overflow the args buffer for the ls (and it does
that on lamp), but it's better than before.

Revision 1.3 / (download) - annotate - [select for diffs], Tue Oct 19 06:13:08 1993 UTC (20 years, 6 months ago) by mycroft
Branch: MAIN
Changes since 1.2: +2 -2 lines
Diff to previous 1.2 (unified)

Rewrite set[gu]id find command to avoid walking non-local file systems.

Revision 1.2 / (download) - annotate - [select for diffs], Fri Apr 2 08:00:48 1993 UTC (21 years ago) by cgd
Branch: MAIN
CVS Tags: netbsd-alpha-1, netbsd-0-9-base, netbsd-0-9-RELEASE, netbsd-0-9-BETA, netbsd-0-9-ALPHA2, netbsd-0-9-ALPHA, netbsd-0-9, netbsd-0-8
Changes since 1.1: +22 -10 lines
Diff to previous 1.1 (unified)

updated to reflect the fact that we don't have an ncheck

Revision 1.1 / (download) - annotate - [select for diffs], Sun Mar 21 09:45:37 1993 UTC (21 years, 1 month ago) by cgd
Branch: MAIN

Initial revision

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.




CVSweb <webmaster@jp.NetBSD.org>