summaryrefslogtreecommitdiff
path: root/etc/security
AgeCommit message (Collapse)Author
2006-03-21Fix for PR 5043: shell startup scripts might contain binary characters butDavid Krause
grep should assume ASCII text, fixes umask detection ok millert@ jaredy@
2005-12-06Remove fdescfsPedro Martelletto
2005-11-24Remove kernfs, okay deraadt@.Pedro Martelletto
2005-11-11do not scan afs/xfs directories; chris.kuetheTheo de Raadt
2005-02-22Avoid spurious "globally exported" warning. Noted by jared r r spiegel.Otto Moerbeek
ok henning@
2005-02-07indentation whitespace nitsDavid Krause
2005-01-06- document /etc/security's .secure hooksJason McIntyre
- sync the comments in /etc/security ok millert@
2004-08-25Use $file shorthand instead of specifying /var/backups/disklabel.$d.Todd C. Miller
Noticed by ian@
2004-08-25store a copy of the disklabel for mounted filesystems and report changesTodd C. Miller
OK deraadt@
2003-12-28Update based on PR 2208:Otto Moerbeek
o Prepare for the update to join(1). o Handle non-ascii chars in pathnames for setuid and device checks. ok millert@ deraadt@
2003-11-28fix regexp for group namesNikolay Sturm
ok millert@
2003-07-07when testing passwd(5) expire field, force its value to an int beforeTodd C. Miller
checking for non-zero since an empty field is equivalent to 0. Problem noted by Graeme Lee.
2003-07-03Fix setting of umaskset. Also, there is no need to use TMP3 forTodd C. Miller
umask detection.
2003-07-01We need the "/ 10" in the group writability check after all; marc@Todd C. Miller
2003-07-01Make the test for unsafe umask more bullet-proof. With help from marc@Todd C. Miller
2003-06-30some more extra mktemp randomness; millert@ okAnil Madhavapeddy
2003-06-15The hyphen in regexp should really be escapedAlexander Yurchenko
ok millert@
2003-06-13Add dot ('.') in usernames too for consistency with adduser/useradd.Todd C. Miller
Noted by Brian Poole
2003-06-12Don't complain about usernames that end in '$' which may be needed byTodd C. Miller
samba; this is consistent with useradd and adduser. From Dan Brosemer.
2003-04-08Use POSIX chown semantics (user:group); noted by Leandro CostaTodd C. Miller
2002-12-30put bin dirs before sbin dirs in PATH for consistency with other cron scriptsTodd C. Miller
2002-12-15writeable -> writable; torh at bogus dot netHenning Brauer
2002-07-23check account expiration time as well; from hamajima@nagoya.ydc.co.jp pr2835Peter Valchev
2002-07-17don't complain about our new usernames that start with underscoresjoshua stein
deraadt and millert ok
2002-05-22Check for S/Key entries in /etc/skey, not /etc/skeyeys; David KrauseTodd C. Miller
We could use skeyinfo(1) to check but this is much cheaper.
2002-02-18use mktemp; help & ok millertPeter Valchev
2001-10-01mtree -l (loose permissions check) on /etc/mtree/special. ok millert@.Jakob Schlyter
2001-04-06fix username and groupname length checks.Brad Smith
-- Patch from: wilfried@ via PR#1761 Ok'd by: deraadt@
2001-04-05Skip entries starting with '+' in duplicate user ID check so we don'tTodd C. Miller
get false positives for YP stuff. Closes PR 1755
2001-03-25Don't provide diffs of sensitive files like ssh host keys. Instead,Todd C. Miller
just save the md5 checksums so we can still determine when something change. Entries in /etc/changelist that are prefixed with a '+' will only have their md5 checksums saved, not the actual files.
2001-03-16Add ~/.ssh/id_dsa and ~/.ssh/id_rsa to the "must be owned by user andTodd C. Miller
not readable by other" block. Remove ~/.ssh/random_seed as it is not used in OpenSSH. Add ~/.ssh/authorized_keys2, and ~/.ssh/known_hosts to the "must be owned by user and not writable" block.
2001-01-31more fat utmp; ianm@cit.uws.edu.auTheo de Raadt
2000-12-22gnupg ring/data ownership/permission checking added; ok millert@Todd T. Fries
2000-12-17Todd, Aaron, Dug, and me all prefer unidiffMarco S Hyman
2000-10-20Since sh's bulitin echo(1) supports /t and /n there is no reason toTodd C. Miller
use printf(1) here. This way there is no possibility of format string problems and we use a shell builtin instead of an external command.
2000-10-18printf(1) format string fixes! checked by theo.Hugh Graham
inspiration from dynamo@ime.net. also a typo fix.
2000-10-06When including the listing of a directory in root's security mail, pass theAaron Campbell
-q flag to ls(1) so that non-printable characters will appear as '?'. This prevents a malicious user from fooling the administrator into thinking the contents of a file name are actually valid script output (note that you can put newlines in file names); deraadt@ ok
2000-07-23Add a little blurb explaing the meaning of mtree's output.Bruno Rohee
millert@ ok.
2000-06-18fix inspired by pr 744 from karls@inet.noTodd T. Fries
changed so files are e.g. backups/etc_passwd not backups/_etc_passwd
2000-05-26Capitalize 'id' to be consistent with our man pages.Aaron Campbell
2000-04-16sendmail support files now live in /etc/mailTodd C. Miller
2000-02-29existance -> existenceAaron Campbell
1999-11-22match /dev/fd{0,1,2,3}{,B,C,D,E,F,G,H}[abcdefghijklmnop] when doing device ↵Todd C. Miller
checks; closes PR #750
1999-06-19Give line printout along with line number.Marc Espie
1998-11-22make /var/backups same as mtree says; mickeyTheo de Raadt
1998-08-17don't include FIFOs in check for set[ug]id files and devices; andrew@nfr.netTodd C. Miller
1998-07-11better checks for . in path from "Denis A. Doroshenko" <cyxob@isl.vtu.lt>Marco S Hyman
1998-05-10Check a few more DOTfiles that could potentially compromise security on a perTodd T. Fries
user basis.
1998-03-22fix ksh.kshrc; check ksh.kshrc, .kshrc for owner/mode/pathMarco S Hyman
1998-02-25Deal with non-existent /etc/skeykeysTodd C. Miller