| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2009-06-03 | Arla client rename from xfs to nnpfs for later upgrades. Tested on various ↵ | Janne Johansson | |
| arches. ok todd@ beck@ | |||
| 2009-05-24 | new variable SUIDSKIP to exclude paths from setuid and device checks, | Ingo Schwarze | |
| useful for example for release(8) DESTDIRs, ro-mounted foreign OS partitions, nosuid+nodev-mounted backup areas and the like while here, do not call ls w/o args in case find returns nothing based on a patch from halex@, re-implemented by me; variable naming by jmc@ ok halex@ jmc@ | |||
| 2009-05-18 | support shell globs on ^+ lines in changelist(5) | Ingo Schwarze | |
| based on a patch from John Wong, johnw at wonghome dot net, tweaked by me while here, document globbing for normal lines, too "i like that" okan@; feedback and ok jmc@ | |||
| 2009-05-16 | fix a couple of obvious echo -> next_part conversions i forgot; | Ingo Schwarze | |
| found while investigating an unrelated bug report from John Wong | |||
| 2009-05-14 | replace the $OUTPUT idiom by the new next_part function from daily(8) | Ingo Schwarze | |
| shortening the script by 100 lines and making it easier to understand no functional change intended feedback and ok sthen@ ajacoutot@ okan@ | |||
| 2009-05-04 | The strings "x5y" and "-42" are not valid group IDs, so fix the regex, | Ingo Schwarze | |
| and fix two pastos in the printf(1) reporting bad group IDs; ok okan@ | |||
| 2009-03-23 | Small rewording to remove ambiguity. | Antoine Jacoutot | |
| A package can actually "change" after an update even if its version does not and yet it will not appear in the security(8) output. wording by eric@ ok mbalmer@ | |||
| 2008-07-23 | Prevent warning about insecure hostnames where no /etc/hostname.* | Stuart Henderson | |
| exists. From wcmaier@. Check target of symbolic links to avoid noise at boot and in seucrity output where you have several interfaces symlinked to one config file. "If you think this is the right thing to do" deraadt@ | |||
| 2008-04-17 | Teach security(8) to check for world-readable hostname.if files. | Stuart Henderson | |
| An increasing number of types of these files (e.g. ppp, carp and wlan adapters) may contain secrets. ok deraadt oga johan | |||
| 2007-10-23 | list package changes in daily insecurity output | Stuart Henderson | |
| ok henning | |||
| 2007-08-22 | plural of ID is IDs, not ID's, ok mk jmc | Henning Brauer | |
| 2006-10-31 | generate diffs for files listed in /etc/changelist as they are created | David Gwynne | |
| and deleted. previously this script only generated diffs for existing files. ok lots of people including millert@ msf@ mcbride@ todd@ and probably more. | |||
| 2006-10-13 | changelist files are ascii, even if they contain a few funny chars. | Otto Moerbeek | |
| Encountered by henning@; ok millert@ robert@ deraadt@ | |||
| 2006-03-21 | Fix for PR 5043: shell startup scripts might contain binary characters but | David Krause | |
| grep should assume ASCII text, fixes umask detection ok millert@ jaredy@ | |||
| 2005-12-06 | Remove fdescfs | Pedro Martelletto | |
| 2005-11-24 | Remove kernfs, okay deraadt@. | Pedro Martelletto | |
| 2005-11-11 | do not scan afs/xfs directories; chris.kuethe | Theo de Raadt | |
| 2005-02-22 | Avoid spurious "globally exported" warning. Noted by jared r r spiegel. | Otto Moerbeek | |
| ok henning@ | |||
| 2005-02-07 | indentation whitespace nits | David Krause | |
| 2005-01-06 | - document /etc/security's .secure hooks | Jason McIntyre | |
| - sync the comments in /etc/security ok millert@ | |||
| 2004-08-25 | Use $file shorthand instead of specifying /var/backups/disklabel.$d. | Todd C. Miller | |
| Noticed by ian@ | |||
| 2004-08-25 | store a copy of the disklabel for mounted filesystems and report changes | Todd C. Miller | |
| OK deraadt@ | |||
| 2003-12-28 | Update based on PR 2208: | Otto Moerbeek | |
| o Prepare for the update to join(1). o Handle non-ascii chars in pathnames for setuid and device checks. ok millert@ deraadt@ | |||
| 2003-11-28 | fix regexp for group names | Nikolay Sturm | |
| ok millert@ | |||
| 2003-07-07 | when testing passwd(5) expire field, force its value to an int before | Todd C. Miller | |
| checking for non-zero since an empty field is equivalent to 0. Problem noted by Graeme Lee. | |||
| 2003-07-03 | Fix setting of umaskset. Also, there is no need to use TMP3 for | Todd C. Miller | |
| umask detection. | |||
| 2003-07-01 | We need the "/ 10" in the group writability check after all; marc@ | Todd C. Miller | |
| 2003-07-01 | Make the test for unsafe umask more bullet-proof. With help from marc@ | Todd C. Miller | |
| 2003-06-30 | some more extra mktemp randomness; millert@ ok | Anil Madhavapeddy | |
| 2003-06-15 | The hyphen in regexp should really be escaped | Alexander Yurchenko | |
| ok millert@ | |||
| 2003-06-13 | Add dot ('.') in usernames too for consistency with adduser/useradd. | Todd C. Miller | |
| Noted by Brian Poole | |||
| 2003-06-12 | Don't complain about usernames that end in '$' which may be needed by | Todd C. Miller | |
| samba; this is consistent with useradd and adduser. From Dan Brosemer. | |||
| 2003-04-08 | Use POSIX chown semantics (user:group); noted by Leandro Costa | Todd C. Miller | |
| 2002-12-30 | put bin dirs before sbin dirs in PATH for consistency with other cron scripts | Todd C. Miller | |
| 2002-12-15 | writeable -> writable; torh at bogus dot net | Henning Brauer | |
| 2002-07-23 | check account expiration time as well; from hamajima@nagoya.ydc.co.jp pr2835 | Peter Valchev | |
| 2002-07-17 | don't complain about our new usernames that start with underscores | joshua stein | |
| deraadt and millert ok | |||
| 2002-05-22 | Check for S/Key entries in /etc/skey, not /etc/skeyeys; David Krause | Todd C. Miller | |
| We could use skeyinfo(1) to check but this is much cheaper. | |||
| 2002-02-18 | use mktemp; help & ok millert | Peter Valchev | |
| 2001-10-01 | mtree -l (loose permissions check) on /etc/mtree/special. ok millert@. | Jakob Schlyter | |
| 2001-04-06 | fix username and groupname length checks. | Brad Smith | |
| -- Patch from: wilfried@ via PR#1761 Ok'd by: deraadt@ | |||
| 2001-04-05 | Skip entries starting with '+' in duplicate user ID check so we don't | Todd C. Miller | |
| get false positives for YP stuff. Closes PR 1755 | |||
| 2001-03-25 | Don't provide diffs of sensitive files like ssh host keys. Instead, | Todd C. Miller | |
| just save the md5 checksums so we can still determine when something change. Entries in /etc/changelist that are prefixed with a '+' will only have their md5 checksums saved, not the actual files. | |||
| 2001-03-16 | Add ~/.ssh/id_dsa and ~/.ssh/id_rsa to the "must be owned by user and | Todd C. Miller | |
| not readable by other" block. Remove ~/.ssh/random_seed as it is not used in OpenSSH. Add ~/.ssh/authorized_keys2, and ~/.ssh/known_hosts to the "must be owned by user and not writable" block. | |||
| 2001-01-31 | more fat utmp; ianm@cit.uws.edu.au | Theo de Raadt | |
| 2000-12-22 | gnupg ring/data ownership/permission checking added; ok millert@ | Todd T. Fries | |
| 2000-12-17 | Todd, Aaron, Dug, and me all prefer unidiff | Marco S Hyman | |
| 2000-10-20 | Since sh's bulitin echo(1) supports /t and /n there is no reason to | Todd C. Miller | |
| use printf(1) here. This way there is no possibility of format string problems and we use a shell builtin instead of an external command. | |||
| 2000-10-18 | printf(1) format string fixes! checked by theo. | Hugh Graham | |
| inspiration from dynamo@ime.net. also a typo fix. | |||
| 2000-10-06 | When including the listing of a directory in root's security mail, pass the | Aaron Campbell | |
| -q flag to ls(1) so that non-printable characters will appear as '?'. This prevents a malicious user from fooling the administrator into thinking the contents of a file name are actually valid script output (note that you can put newlines in file names); deraadt@ ok | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |