Attachment 5592 Details for Bug 13256 – file.diff

[patch] file.diff

file.diff (text/plain), 5.38 KB, created by Alexey M. Zelkin on 1999-08-19 14:20:01 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Alexey M. Zelkin

Created: 1999-08-19 14:20:01 UTC

Size: 5.38 KB

patch

obsolete

>Index: security.7
>===================================================================
>RCS file: /usr/local/CVSROOT/src/share/man/man7/security.7,v
>retrieving revision 1.8
>diff -c -r1.8 security.7
>*** security.7	1999/08/18 05:55:02	1.8
>--- security.7	1999/01/19 08:53:27
>***************
>*** 1,12 ****
>! .\" Copyright (c) 1998, Matthew Dillon.  Terms and conditions are those of
>! .\" the BSD Copyright as specified in the file "/usr/src/COPYRIGHT" in
>! .\" the source tree.
>  .\"
>  .\"	$Id: security.7,v 1.8 1999/08/18 05:55:02 chris Exp $
>  .\"
>  .Dd December 20, 1998
>  .Dt SECURITY 7
>! .Os
>  .Sh NAME
>  .Nm security
>  .Nd introduction to security under FreeBSD
>--- 1,32 ----
>! .\" Copyright (c) 1998, Matthew Dillon.
>! .\" All rights reserved.
>  .\"
>+ .\" Redistribution and use in source and binary forms, with or without
>+ .\" modification, are permitted provided that the following conditions
>+ .\" are met:
>+ .\" 1. Redistributions of source code must retain the above copyright
>+ .\"    notice, this list of conditions and the following disclaimer.
>+ .\" 2. Redistributions in binary form must reproduce the above copyright
>+ .\"    notice, this list of conditions and the following disclaimer in the
>+ .\"    documentation and/or other materials provided with the distribution.
>+ .\"
>+ .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
>+ .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
>+ .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
>+ .\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
>+ .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
>+ .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
>+ .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
>+ .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
>+ .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
>+ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
>+ .\" SUCH DAMAGE.
>+ .\"
>  .\"	$Id: security.7,v 1.8 1999/08/18 05:55:02 chris Exp $
>  .\"
>  .Dd December 20, 1998
>  .Dt SECURITY 7
>! .Os FreeBSD
>  .Sh NAME
>  .Nm security
>  .Nd introduction to security under FreeBSD
>***************
>*** 208,214 ****
>  If you are running a machine through which people only login via sshd and
>  never login via telnetd or rshd or rlogind, then turn off those services!
>  .Pp
>! .Bx Free
>  now defaults to running ntalkd, comsat, and finger in a sandbox.
>  Another program which may be a candidate for running in a sandbox is
>  .Xr named 8 .
>--- 228,234 ----
>  If you are running a machine through which people only login via sshd and
>  never login via telnetd or rshd or rlogind, then turn off those services!
>  .Pp
>! .Fx
>  now defaults to running ntalkd, comsat, and finger in a sandbox.
>  Another program which may be a candidate for running in a sandbox is
>  .Xr named 8 .
>***************
>*** 288,294 ****
>  If an attacker breaks root he can do just about anything, but there
>  are certain conveniences.  For example, most modern kernels have a
>  packet sniffing device driver built in.  Under
>! .Bx Free
>  it is called
>  the
>  .Sq bpf
>--- 308,314 ----
>  If an attacker breaks root he can do just about anything, but there
>  are certain conveniences.  For example, most modern kernels have a
>  packet sniffing device driver built in.  Under
>! .Fx
>  it is called
>  the
>  .Sq bpf
>***************
>*** 503,509 ****
>  service and forget to update the firewall.  You can still open up the 
>  high-numbered port range on the firewall to allow permissive-like operation
>  without compromising your low ports.  Also take note that
>! .Bx Free
>  allows you to
>  control the range of port numbers used for dynamic binding via the various
>  net.inet.ip.portrange sysctl's
>--- 523,529 ----
>  service and forget to update the firewall.  You can still open up the 
>  high-numbered port range on the firewall to allow permissive-like operation
>  without compromising your low ports.  Also take note that
>! .Fx
>  allows you to
>  control the range of port numbers used for dynamic binding via the various
>  net.inet.ip.portrange sysctl's
>***************
>*** 534,540 ****
>  outgoing network with ICMP responses.  This type of attack can also crash the
>  server by running it out of mbuf's, especially if the server cannot drain the
>  ICMP responses it generates fast enough.  The
>! .Bx Free
>  kernel has a new kernel
>  compile option called ICMP_BANDLIM which limits the effectiveness of these 
>  sorts of attacks.  The last major class of springboard attacks is related to
>--- 554,560 ----
>  outgoing network with ICMP responses.  This type of attack can also crash the
>  server by running it out of mbuf's, especially if the server cannot drain the
>  ICMP responses it generates fast enough.  The
>! .Fx
>  kernel has a new kernel
>  compile option called ICMP_BANDLIM which limits the effectiveness of these 
>  sorts of attacks.  The last major class of springboard attacks is related to
>***************
>*** 574,584 ****
>  .Xr find 1 ,
>  .Xr kerberos 1 ,
>  .Xr md5 1 ,
>! .Xr ssh 1 ,
>! .Xr sshd 1 ,
>  .Xr syslogd 1 ,
>  .Xr xdm 1 ,
>  .Xr sysctl 8
>  .Sh HISTORY
>  The
>  .Nm
>--- 594,608 ----
>  .Xr find 1 ,
>  .Xr kerberos 1 ,
>  .Xr md5 1 ,
>! .Xr netstat 1 ,
>  .Xr syslogd 1 ,
>  .Xr xdm 1 ,
>  .Xr sysctl 8
>+ 
>+ The follwing are part of security ports collection:
>+ 
>+ .Xr ssh 1 ,
>+ .Xr sshd 1
>  .Sh HISTORY
>  The
>  .Nm

Actions: View | Diff

Attachments on bug 13256: 5592