src/usr.sbin/sysinstall/anonFTP.c, branch releng/9.2 FreeBSD source tree Create group ftp by default. This is gid 14 as this is the historical 2007-06-11T18:36:39+00:00 Ceri Davies ceri@FreeBSD.org 2007-06-11T18:36:39+00:00 3213dc8412824764919f6bcffc91b066cc8cf1e1 id used by sysinstall when enabling anonymous FTP. Change the default group used by sysinstall for setting up anonymous FTP from operator to ftp; there is no reason to use operator and there are potential security issues when doing so. PR: 93284 Approved by: ru (mentor) Reviewed by: simon 
id used by sysinstall when enabling anonymous FTP.

Change the default group used by sysinstall for setting up anonymous FTP
from operator to ftp; there is no reason to use operator and there are
potential security issues when doing so.

PR:		93284
Approved by:	ru (mentor)
Reviewed by:	simon
Fix numerous warnings. Aside from menu items in system.c and menu.c 2006-02-28T21:49:33+00:00 John Baldwin jhb@FreeBSD.org 2006-02-28T21:49:33+00:00 9d4514b0fdac8c06657e1812b8b27e4d964388e0 this now compiles on i386 with WARNS?= 3. Most of the fixes included adding missing 'static' keywords to internal functions, using fully-defined terminators in statically defined arrays of structs, and various signed vs unsigned mismatches. Also G/C'd unused configSecurity() function. 
this now compiles on i386 with WARNS?= 3.  Most of the fixes included
adding missing 'static' keywords to internal functions, using fully-defined
terminators in statically defined arrays of structs, and various
signed vs unsigned mismatches.  Also G/C'd unused configSecurity()
function.
If sysinstall was used to configure an anonymous FTP area, it was 2006-01-15T22:57:17+00:00 Ceri Davies ceri@FreeBSD.org 2006-01-15T22:57:17+00:00 c371d3ffd7d1c9dacd6f49dde3372f40ad14f22f possible for information to be copied from the group file to the group file in the FTP area. This patch based on a patch from Zak Johnson <zakj at nox dot cx>. PR: bin/25851 Submitted by: Ted Mittelstaedt <tedm at toybox punkt placo period com> Approved by: jhb (proxy mentor) MFC after: 3 days MFC to: RELENG_5, RELENG_6 Security: Prevents possible group information leakage 
possible for information to be copied from the group file to the group
file in the FTP area.  This patch based on a patch from Zak Johnson
<zakj at nox dot cx>.

PR:		bin/25851
Submitted by:	Ted Mittelstaedt <tedm at toybox punkt placo period com>
Approved by:	jhb (proxy mentor)
MFC after:	3 days
MFC to:		RELENG_5, RELENG_6
Security:	Prevents possible group information leakage
Correct obsolete chown syntax. 2006-01-15T22:42:38+00:00 Ceri Davies ceri@FreeBSD.org 2006-01-15T22:42:38+00:00 80ed316e5cbd1c1e81ceaccd9fe3f77958e0e553 PR: bin/90057 Submitted by: Charlie M. McDonald <BoredOutkast at yahoo punkt com> Approved by: jhb (mentor by proxy) MFC to: RELENG_5, RELENG_6 MFC After: 3 days 
PR:		bin/90057
Submitted by:	Charlie M. McDonald <BoredOutkast at yahoo punkt com>
Approved by:	jhb (mentor by proxy)
MFC to:		RELENG_5, RELENG_6
MFC After:	3 days
Various updates to the anonymous ftp support: 2004-11-16T19:06:42+00:00 John Baldwin jhb@FreeBSD.org 2004-11-16T19:06:42+00:00 60ede768f7cb48efacfe29a75bffe9f2546f2a50 - Allow the upload directory to be optional. If the upload directory field is cleared to the empty string then no directory will be created. - Don't create a bin/ subdirectory in ftp's home dir containing ls(1) and date(1) as ftpd(8) no longer requires it. - Create a pwd.db file in etc/ instead of a passwd file. - Ignore NIS compat entries in /etc/group and /etc/master.passwd when building the anonymous files. PR: bin/60662 Submitted by: Olafur Osvaldsson oli at isnic dot is 
- Allow the upload directory to be optional.  If the upload directory
  field is cleared to the empty string then no directory will be created.
- Don't create a bin/ subdirectory in ftp's home dir containing ls(1) and
  date(1) as ftpd(8) no longer requires it.
- Create a pwd.db file in etc/ instead of a passwd file.
- Ignore NIS compat entries in /etc/group and /etc/master.passwd when
  building the anonymous files.

PR:		bin/60662
Submitted by:	Olafur Osvaldsson oli at isnic dot is
Fixed assorted misuses of NULL in integer context. 2004-03-11T11:58:16+00:00 Bruce Evans bde@FreeBSD.org 2004-03-11T11:58:16+00:00 03f0d9e8ae6d98324d750f279801106df7b32877 






Typo: s/seperately/separately
2002-08-06T20:36:02+00:00

Jens Schweikhardt
schweikh@FreeBSD.org

2002-08-06T20:36:02+00:00

5333b7726b2686a51f827e03f7c7facecd9acda6

PR:		misc/41235
Submitted by:	Fesskat Tudeer <freebsd-fesskat@fesskat.org>
MFC after:	3 days





PR:		misc/41235
Submitted by:	Fesskat Tudeer <freebsd-fesskat@fesskat.org>
MFC after:	3 days







Silence warnings :
2001-09-22T22:21:01+00:00

Murray Stokely
murray@FreeBSD.org

2001-09-22T22:21:01+00:00

9838440951d3c1bb6d7bed226e52149f2deffd6b

   Use static as necessary.
   Use __unused as necessary.
   sizeof(int) != sizeof(void *)





   Use static as necessary.
   Use __unused as necessary.
   sizeof(int) != sizeof(void *)







Compensate for default disabling of network services in inetd.conf(5)
2001-08-02T03:25:16+00:00

Robert Watson
rwatson@FreeBSD.org

2001-08-02T03:25:16+00:00

0c09bcb0e8c4aa4decc75413ca15b7a468e7faf0

by providing the opportunity to edit inetd.conf during the system
installation process.  The following modifications were made:

(1) Expand the Anonymous FTP description dialog to indicate that inetd
    and ftpd must be enabled before it can be used.

(2) Introduce a new configInetd() pair of dialogs, the first describing
    inetd, giving a couple of examples of services that require it, and
    hinting at potential risk, then asking the user if they wish to
    enable it.  The second indicates that inetd.conf must be configured
    to enabled specific services, and asks if the user would like to
    load inetd.conf into the editor to modify it.  Add this
    configuration action to the index.

There are some further improvements that might be considered:

(1) Provide a more inetd.conf-specific configuration tool that speaks
    inetd.conf(5).  However, this is made difficult by the "yet another
    configuration format" nature of inetd.conf, as well as its use of
    commenting to disable services, rather than an in-syntax way to
    disable a service without commenting it out.  Submissions here
    would probably be welcome.

(2) There's some overlap between settings in the somewhat obtuse
    Security Profile mechanism and other settings, including the inetd
    setting, and NFS server configuration.  As features become
    individually tunable, they should probably be removed from the
    security profile mechanism.  Otherwise, somewhat counter-intuitively,
    sysinstall (in practice) queries multiple times whether inetd, nfsd,
    etc, should be enabled/disabled.  A possible future direction might
    be to drive profiles not by degree of paranoia, rather, the set
    of services desired.  Or simply to remove the Security Profile
    mechanism and resort to feature-driven configuration.

Reviewed by:	imp, chris, jake, nate, -arch, -stable





by providing the opportunity to edit inetd.conf during the system
installation process.  The following modifications were made:

(1) Expand the Anonymous FTP description dialog to indicate that inetd
    and ftpd must be enabled before it can be used.

(2) Introduce a new configInetd() pair of dialogs, the first describing
    inetd, giving a couple of examples of services that require it, and
    hinting at potential risk, then asking the user if they wish to
    enable it.  The second indicates that inetd.conf must be configured
    to enabled specific services, and asks if the user would like to
    load inetd.conf into the editor to modify it.  Add this
    configuration action to the index.

There are some further improvements that might be considered:

(1) Provide a more inetd.conf-specific configuration tool that speaks
    inetd.conf(5).  However, this is made difficult by the "yet another
    configuration format" nature of inetd.conf, as well as its use of
    commenting to disable services, rather than an in-syntax way to
    disable a service without commenting it out.  Submissions here
    would probably be welcome.

(2) There's some overlap between settings in the somewhat obtuse
    Security Profile mechanism and other settings, including the inetd
    setting, and NFS server configuration.  As features become
    individually tunable, they should probably be removed from the
    security profile mechanism.  Otherwise, somewhat counter-intuitively,
    sysinstall (in practice) queries multiple times whether inetd, nfsd,
    etc, should be enabled/disabled.  A possible future direction might
    be to drive profiles not by degree of paranoia, rather, the set
    of services desired.  Or simply to remove the Security Profile
    mechanism and resort to feature-driven configuration.

Reviewed by:	imp, chris, jake, nate, -arch, -stable







Mark relevant functions __printflike()/__printf0like() and silence some of
2001-07-05T09:51:09+00:00

Kris Kennaway
kris@FreeBSD.org

2001-07-05T09:51:09+00:00

a015c9348c803a214819f1835f2578ef3c20bb89

the non-constant format string warnings.

MFC after:	1 week





the non-constant format string warnings.

MFC after:	1 week