Age | Commit message (Collapse) | Author | |
---|---|---|---|
2005-11-24 | Remove kernfs, okay deraadt@. | Pedro Martelletto | |
2005-11-11 | do not scan afs/xfs directories; chris.kuethe | Theo de Raadt | |
2005-02-22 | Avoid spurious "globally exported" warning. Noted by jared r r spiegel. | Otto Moerbeek | |
ok henning@ | |||
2005-02-07 | indentation whitespace nits | David Krause | |
2005-01-06 | - document /etc/security's .secure hooks | Jason McIntyre | |
- sync the comments in /etc/security ok millert@ | |||
2004-08-25 | Use $file shorthand instead of specifying /var/backups/disklabel.$d. | Todd C. Miller | |
Noticed by ian@ | |||
2004-08-25 | store a copy of the disklabel for mounted filesystems and report changes | Todd C. Miller | |
OK deraadt@ | |||
2003-12-28 | Update based on PR 2208: | Otto Moerbeek | |
o Prepare for the update to join(1). o Handle non-ascii chars in pathnames for setuid and device checks. ok millert@ deraadt@ | |||
2003-11-28 | fix regexp for group names | Nikolay Sturm | |
ok millert@ | |||
2003-07-07 | when testing passwd(5) expire field, force its value to an int before | Todd C. Miller | |
checking for non-zero since an empty field is equivalent to 0. Problem noted by Graeme Lee. | |||
2003-07-03 | Fix setting of umaskset. Also, there is no need to use TMP3 for | Todd C. Miller | |
umask detection. | |||
2003-07-01 | We need the "/ 10" in the group writability check after all; marc@ | Todd C. Miller | |
2003-07-01 | Make the test for unsafe umask more bullet-proof. With help from marc@ | Todd C. Miller | |
2003-06-30 | some more extra mktemp randomness; millert@ ok | Anil Madhavapeddy | |
2003-06-15 | The hyphen in regexp should really be escaped | Alexander Yurchenko | |
ok millert@ | |||
2003-06-13 | Add dot ('.') in usernames too for consistency with adduser/useradd. | Todd C. Miller | |
Noted by Brian Poole | |||
2003-06-12 | Don't complain about usernames that end in '$' which may be needed by | Todd C. Miller | |
samba; this is consistent with useradd and adduser. From Dan Brosemer. | |||
2003-04-08 | Use POSIX chown semantics (user:group); noted by Leandro Costa | Todd C. Miller | |
2002-12-30 | put bin dirs before sbin dirs in PATH for consistency with other cron scripts | Todd C. Miller | |
2002-12-15 | writeable -> writable; torh at bogus dot net | Henning Brauer | |
2002-07-23 | check account expiration time as well; from hamajima@nagoya.ydc.co.jp pr2835 | Peter Valchev | |
2002-07-17 | don't complain about our new usernames that start with underscores | joshua stein | |
deraadt and millert ok | |||
2002-05-22 | Check for S/Key entries in /etc/skey, not /etc/skeyeys; David Krause | Todd C. Miller | |
We could use skeyinfo(1) to check but this is much cheaper. | |||
2002-02-18 | use mktemp; help & ok millert | Peter Valchev | |
2001-10-01 | mtree -l (loose permissions check) on /etc/mtree/special. ok millert@. | Jakob Schlyter | |
2001-04-06 | fix username and groupname length checks. | Brad Smith | |
-- Patch from: wilfried@ via PR#1761 Ok'd by: deraadt@ | |||
2001-04-05 | Skip entries starting with '+' in duplicate user ID check so we don't | Todd C. Miller | |
get false positives for YP stuff. Closes PR 1755 | |||
2001-03-25 | Don't provide diffs of sensitive files like ssh host keys. Instead, | Todd C. Miller | |
just save the md5 checksums so we can still determine when something change. Entries in /etc/changelist that are prefixed with a '+' will only have their md5 checksums saved, not the actual files. | |||
2001-03-16 | Add ~/.ssh/id_dsa and ~/.ssh/id_rsa to the "must be owned by user and | Todd C. Miller | |
not readable by other" block. Remove ~/.ssh/random_seed as it is not used in OpenSSH. Add ~/.ssh/authorized_keys2, and ~/.ssh/known_hosts to the "must be owned by user and not writable" block. | |||
2001-01-31 | more fat utmp; ianm@cit.uws.edu.au | Theo de Raadt | |
2000-12-22 | gnupg ring/data ownership/permission checking added; ok millert@ | Todd T. Fries | |
2000-12-17 | Todd, Aaron, Dug, and me all prefer unidiff | Marco S Hyman | |
2000-10-20 | Since sh's bulitin echo(1) supports /t and /n there is no reason to | Todd C. Miller | |
use printf(1) here. This way there is no possibility of format string problems and we use a shell builtin instead of an external command. | |||
2000-10-18 | printf(1) format string fixes! checked by theo. | Hugh Graham | |
inspiration from dynamo@ime.net. also a typo fix. | |||
2000-10-06 | When including the listing of a directory in root's security mail, pass the | Aaron Campbell | |
-q flag to ls(1) so that non-printable characters will appear as '?'. This prevents a malicious user from fooling the administrator into thinking the contents of a file name are actually valid script output (note that you can put newlines in file names); deraadt@ ok | |||
2000-07-23 | Add a little blurb explaing the meaning of mtree's output. | Bruno Rohee | |
millert@ ok. | |||
2000-06-18 | fix inspired by pr 744 from karls@inet.no | Todd T. Fries | |
changed so files are e.g. backups/etc_passwd not backups/_etc_passwd | |||
2000-05-26 | Capitalize 'id' to be consistent with our man pages. | Aaron Campbell | |
2000-04-16 | sendmail support files now live in /etc/mail | Todd C. Miller | |
2000-02-29 | existance -> existence | Aaron Campbell | |
1999-11-22 | match /dev/fd{0,1,2,3}{,B,C,D,E,F,G,H}[abcdefghijklmnop] when doing device ↵ | Todd C. Miller | |
checks; closes PR #750 | |||
1999-06-19 | Give line printout along with line number. | Marc Espie | |
1998-11-22 | make /var/backups same as mtree says; mickey | Theo de Raadt | |
1998-08-17 | don't include FIFOs in check for set[ug]id files and devices; andrew@nfr.net | Todd C. Miller | |
1998-07-11 | better checks for . in path from "Denis A. Doroshenko" <cyxob@isl.vtu.lt> | Marco S Hyman | |
1998-05-10 | Check a few more DOTfiles that could potentially compromise security on a per | Todd T. Fries | |
user basis. | |||
1998-03-22 | fix ksh.kshrc; check ksh.kshrc, .kshrc for owner/mode/path | Marco S Hyman | |
1998-02-25 | Deal with non-existent /etc/skeykeys | Todd C. Miller | |
1997-12-28 | be more careful during termination | Theo de Raadt | |
1997-11-17 | completely avoid master.passwd in the changelist processing; ↵ | Theo de Raadt | |
jbernard@tater.mines.edu |