Implement a new manual page category ``SECURITY CONSIDERATIONS''
(suggested by mycroft)
This commit is contained in:
parent
d86c20ef36
commit
fc90756956
@ -1,4 +1,4 @@
|
||||
.\" $NetBSD: dm.8,v 1.5 1998/04/28 06:00:52 fair Exp $
|
||||
.\" $NetBSD: dm.8,v 1.6 1998/06/08 12:41:41 lukem Exp $
|
||||
.\"
|
||||
.\" Copyright (c) 1987, 1991, 1993
|
||||
.\" The Regents of the University of California. All rights reserved.
|
||||
@ -86,26 +86,26 @@ game logging file
|
||||
.El
|
||||
.Sh SEE ALSO
|
||||
.Xr dm.conf 5
|
||||
.Sh BUGS
|
||||
Two problems result from
|
||||
.Nm
|
||||
running the games setuid
|
||||
.Dq games .
|
||||
First, all games that allow users to run
|
||||
.Ux
|
||||
commands should carefully
|
||||
set both the real and effective user id's immediately before executing
|
||||
those commands. Probably more important is that
|
||||
.Nm
|
||||
never be setuid
|
||||
anything but
|
||||
.Dq games
|
||||
so that compromising a game will result only in
|
||||
the user's ability to play games at will. Secondly, games which previously
|
||||
had no reason to run setuid and which accessed user files may have to
|
||||
be modified.
|
||||
.Sh HISTORY
|
||||
The
|
||||
.Nm
|
||||
command appeared in
|
||||
.Bx 4.3 tahoe .
|
||||
.Sh SECURITY CONSIDERATIONS
|
||||
Two issues result from
|
||||
.Nm
|
||||
running the games setgid
|
||||
.Dq games .
|
||||
First, all games that allow users to run
|
||||
.Ux
|
||||
commands should carefully
|
||||
set both the real and effective group id's immediately before executing
|
||||
those commands.
|
||||
Probably more important is that
|
||||
.Nm
|
||||
never be setgid anything but
|
||||
.Dq games
|
||||
so that compromising a game will result only in
|
||||
the user's ability to play games at will.
|
||||
Secondly, games which previously had no reason to run setgid and which
|
||||
accessed user files may have to be modified.
|
||||
|
@ -1,4 +1,4 @@
|
||||
.\" $NetBSD: getcwd.3,v 1.9 1998/02/05 18:46:29 perry Exp $
|
||||
.\" $NetBSD: getcwd.3,v 1.10 1998/06/08 12:41:42 lukem Exp $
|
||||
.\"
|
||||
.\" Copyright (c) 1991, 1993
|
||||
.\" The Regents of the University of California. All rights reserved.
|
||||
@ -150,10 +150,13 @@ The
|
||||
.Fn getwd
|
||||
function appeared in
|
||||
.Bx 4.0 .
|
||||
.Sh BUGS
|
||||
The
|
||||
.Sh SECURITY CONSIDERATIONS
|
||||
As
|
||||
.Fn getwd
|
||||
function
|
||||
does not do sufficient error checking and is not able to return very
|
||||
long, but valid, paths.
|
||||
It is provided for compatibility.
|
||||
does not know the length of the supplied buffer, it is possible
|
||||
for a long (but valid) path to overflow the buffer and provide
|
||||
a means for an attacker to exploit the caller.
|
||||
.Fn getcwd
|
||||
should be used in place of
|
||||
.Fn getwd
|
||||
(the latter is only provided for compatibility purposes).
|
||||
|
@ -1,4 +1,4 @@
|
||||
.\" $NetBSD: getpass.3,v 1.5 1998/02/05 18:46:52 perry Exp $
|
||||
.\" $NetBSD: getpass.3,v 1.6 1998/06/08 12:41:42 lukem Exp $
|
||||
.\"
|
||||
.\" Copyright (c) 1989, 1991, 1993
|
||||
.\" The Regents of the University of California. All rights reserved.
|
||||
@ -86,7 +86,7 @@ a pointer to that object.
|
||||
Subsequent calls to
|
||||
.Nm getpass
|
||||
will modify the same object.
|
||||
.Pp
|
||||
.Sh SECURITY CONSIDERATIONS
|
||||
The calling process should zero the password as soon as possible to
|
||||
avoid leaving the cleartext password visible in the process's address
|
||||
space.
|
||||
|
@ -1,4 +1,4 @@
|
||||
.\" $NetBSD: fgets.3,v 1.8 1998/04/28 20:58:01 fair Exp $
|
||||
.\" $NetBSD: fgets.3,v 1.9 1998/06/08 12:41:42 lukem Exp $
|
||||
.\"
|
||||
.\" Copyright (c) 1990, 1991, 1993
|
||||
.\" The Regents of the University of California. All rights reserved.
|
||||
@ -140,7 +140,7 @@ and
|
||||
.Fn gets
|
||||
conform to
|
||||
.St -ansiC .
|
||||
.Sh BUGS
|
||||
.Sh SECURITY CONSIDERATIONS
|
||||
Since it is usually impossible to ensure that the next input line
|
||||
is less than some arbitrary length, and because overflowing the
|
||||
input buffer is almost invariably a security violation, programs
|
||||
|
@ -1,4 +1,4 @@
|
||||
.\" $NetBSD: mktemp.3,v 1.10 1998/06/01 20:16:37 kleink Exp $
|
||||
.\" $NetBSD: mktemp.3,v 1.11 1998/06/08 12:41:42 lukem Exp $
|
||||
.\"
|
||||
.\" Copyright (c) 1989, 1991, 1993
|
||||
.\" The Regents of the University of California. All rights reserved.
|
||||
@ -139,7 +139,7 @@ A
|
||||
.Fn mktemp
|
||||
function appeared in
|
||||
.At v7 .
|
||||
.Sh BUGS
|
||||
.Sh SECURITY CONSIDERATIONS
|
||||
The use of
|
||||
.Fn mktemp
|
||||
should generally be avoided, as a hostile process can exploit a race
|
||||
|
@ -1,4 +1,4 @@
|
||||
.\" $NetBSD: printf.3,v 1.8 1998/04/28 20:58:01 fair Exp $
|
||||
.\" $NetBSD: printf.3,v 1.9 1998/06/08 12:41:42 lukem Exp $
|
||||
.\"
|
||||
.\" Copyright (c) 1990, 1991, 1993
|
||||
.\" The Regents of the University of California. All rights reserved.
|
||||
@ -625,14 +625,16 @@ and
|
||||
conversions, as well as other nonsensical combinations such as
|
||||
.Cm %Ld ,
|
||||
are not standard; such combinations should be avoided.
|
||||
.Pp
|
||||
.Sh SECURITY CONSIDERATIONS
|
||||
Because
|
||||
.Fn sprintf
|
||||
and
|
||||
.Fn vsprintf
|
||||
assume an infinitely long string, callers must be careful not to
|
||||
overflow the actual space; this is often impossible to assure.
|
||||
For safety, programmers should use the
|
||||
For safety, programmers should use
|
||||
.Fn snprintf
|
||||
interface instead.
|
||||
or
|
||||
.Fn vsnprintf
|
||||
instead.
|
||||
Unfortunately, this interface is not portable.
|
||||
|
@ -1,4 +1,4 @@
|
||||
.\" $NetBSD: tmpnam.3,v 1.7 1998/04/28 20:59:29 fair Exp $
|
||||
.\" $NetBSD: tmpnam.3,v 1.8 1998/06/08 12:41:42 lukem Exp $
|
||||
.\"
|
||||
.\" Copyright (c) 1988, 1991, 1993
|
||||
.\" The Regents of the University of California. All rights reserved.
|
||||
@ -196,7 +196,7 @@ compatibility only.
|
||||
The
|
||||
.Xr mkstemp 3
|
||||
interface is strongly preferred.
|
||||
.Pp
|
||||
.Sh SECURITY CONSIDERATIONS
|
||||
There are four important problems with these interfaces (as well as
|
||||
with the historic
|
||||
.Xr mktemp 3
|
||||
|
@ -1,4 +1,4 @@
|
||||
.\" $NetBSD: ftpd.8,v 1.25 1998/06/08 07:13:13 lukem Exp $
|
||||
.\" $NetBSD: ftpd.8,v 1.26 1998/06/08 12:41:42 lukem Exp $
|
||||
.\"
|
||||
.\" Copyright (c) 1985, 1988, 1991, 1993
|
||||
.\" The Regents of the University of California. All rights reserved.
|
||||
@ -581,9 +581,18 @@ The server must run as the super-user to create sockets with
|
||||
privileged port numbers.
|
||||
It maintains an effective user id of the logged in user, reverting
|
||||
to the super-user only when binding addresses to sockets.
|
||||
The possible security holes have been extensively scrutinized, but
|
||||
are possibly incomplete.
|
||||
.Sh HISTORY
|
||||
The
|
||||
.Nm
|
||||
command appeared in
|
||||
.Bx 4.2 .
|
||||
.Pp
|
||||
The
|
||||
.Pa /etc/ftpd.conf
|
||||
functionality was implemented in
|
||||
.Nx 1.3
|
||||
by Luke Mewburn, based on work by Simon Burge.
|
||||
.Sh SECURITY CONSIDERATIONS
|
||||
.Cm RFC-959
|
||||
provides no restrictions on the PORT command, and this can lead
|
||||
to security problems, as
|
||||
@ -599,14 +608,3 @@ will be rejected.
|
||||
Use of this option is
|
||||
.Em strongly
|
||||
recommended.
|
||||
.Sh HISTORY
|
||||
The
|
||||
.Nm
|
||||
command appeared in
|
||||
.Bx 4.2 .
|
||||
.Pp
|
||||
The
|
||||
.Pa /etc/ftpd.conf
|
||||
functionality was implemented in
|
||||
.Nx 1.3
|
||||
by Luke Mewburn, based on work by Simon Burge.
|
||||
|
@ -1,4 +1,4 @@
|
||||
.\" $NetBSD: rexecd.8,v 1.5 1998/04/29 08:33:12 fair Exp $
|
||||
.\" $NetBSD: rexecd.8,v 1.6 1998/06/08 12:41:43 lukem Exp $
|
||||
.\"
|
||||
.\" Copyright (c) 1983, 1991, 1993
|
||||
.\" The Regents of the University of California. All rights reserved.
|
||||
@ -145,3 +145,9 @@ The
|
||||
.Nm
|
||||
command appeared in
|
||||
.Bx 4.2 .
|
||||
.Sh SECURITY CONSIDERATIONS
|
||||
As the passwords exchanged by the client and
|
||||
.Nm
|
||||
are not encrypted, it is
|
||||
.Em strongly
|
||||
recommended that this service is not enabled.
|
||||
|
@ -1,4 +1,4 @@
|
||||
.\" $NetBSD: rpc.sprayd.8,v 1.5 1997/10/20 02:51:47 enami Exp $
|
||||
.\" $NetBSD: rpc.sprayd.8,v 1.6 1998/06/08 12:41:43 lukem Exp $
|
||||
.\"
|
||||
.\" Copyright (c) 1994 Christos Zoulas
|
||||
.\" All rights reserved.
|
||||
@ -52,3 +52,11 @@ uses an RPC protocol defined in
|
||||
.Pa /usr/include/rpcsvc/spray.x .
|
||||
.Sh SEE ALSO
|
||||
.Xr spray 8
|
||||
.Sh SECURITY CONSIDERATIONS
|
||||
As
|
||||
.Nm
|
||||
responds to packets generated by
|
||||
.Xr spray 8 ,
|
||||
remote users can cause a denial of network service against the local
|
||||
host by saturating requests to
|
||||
.Nm "" .
|
||||
|
@ -1,4 +1,4 @@
|
||||
.\" $NetBSD: tftpd.8,v 1.6 1998/02/06 05:43:16 perry Exp $
|
||||
.\" $NetBSD: tftpd.8,v 1.7 1998/06/08 12:41:43 lukem Exp $
|
||||
.\"
|
||||
.\" Copyright (c) 1983, 1991, 1993
|
||||
.\" The Regents of the University of California. All rights reserved.
|
||||
@ -103,9 +103,19 @@ relative filenames.
|
||||
.Nm
|
||||
will
|
||||
.Xr chroot 2
|
||||
on startup; therefore the remote host is not expected to pass the directory
|
||||
as part of the file name to transfer. This option is intended primarily for
|
||||
compatibility with SunOS boot ROMs which do not include a directory name.
|
||||
on startup.
|
||||
This is recommended for security reasons (so that files other than
|
||||
those in the
|
||||
.Pa /tftpboot
|
||||
directory aren't accessable).
|
||||
If the remote host passes the directory name as part of the
|
||||
file name to transfer, you may have to create a symbolic link
|
||||
from
|
||||
.Sq tftpboot
|
||||
to
|
||||
.Sq \&.
|
||||
under
|
||||
.Pa /tftpboot .
|
||||
.El
|
||||
.Pp
|
||||
.Sh SEE ALSO
|
||||
@ -121,3 +131,25 @@ The
|
||||
.Fl s
|
||||
flag appeared in
|
||||
.Nx 1.0 .
|
||||
.Sh SECURITY CONSIDERATIONS
|
||||
You are
|
||||
.Em strongly
|
||||
advised to setup
|
||||
.Nm
|
||||
using the
|
||||
.Fl s
|
||||
flag in conjunction with the name of the directory that
|
||||
contains the files that
|
||||
.Nm
|
||||
will serve to remote hosts (e.g.,
|
||||
.Pa /tftpboot ) .
|
||||
This ensures that only the files that should be served
|
||||
to remote hosts can be accessed by them.
|
||||
.Pp
|
||||
Because there is no user-login or validation within
|
||||
the
|
||||
.Tn TFTP
|
||||
protocol, the remote site will probably have some
|
||||
sort of file-access restrictions in place. The
|
||||
exact methods are specific to each site and therefore
|
||||
difficult to document here.
|
||||
|
@ -1,4 +1,4 @@
|
||||
.\" $NetBSD: fsirand.8,v 1.2 1997/09/14 14:58:53 lukem Exp $
|
||||
.\" $NetBSD: fsirand.8,v 1.3 1998/06/08 12:41:43 lukem Exp $
|
||||
.\"
|
||||
.\" Copyright (c) 1997 Christos Zoulas
|
||||
.\" All rights reserved.
|
||||
@ -60,9 +60,9 @@ Print the current inode generation numbers; the filesystem is not modified.
|
||||
.Pp
|
||||
.Nm
|
||||
exits zero on success, non-zero on failure.
|
||||
.Sh BUGS
|
||||
The current implementation does not use a good random number generator,
|
||||
so the randomization can be predicted.
|
||||
.Sh SEE ALSO
|
||||
.Xr fsck_ffs 8 ,
|
||||
.Xr newfs 8
|
||||
.Sh SECURITY CONSIDERATIONS
|
||||
The current implementation does not use a good random number generator,
|
||||
so the randomization can be predicted.
|
||||
|
@ -1,4 +1,4 @@
|
||||
.\" $NetBSD: mdoc.7,v 1.8 1998/02/06 06:13:20 perry Exp $
|
||||
.\" $NetBSD: mdoc.7,v 1.9 1998/06/08 12:41:43 lukem Exp $
|
||||
.\"
|
||||
.\" Copyright (c) 1991, 1993
|
||||
.\" The Regents of the University of California. All rights reserved.
|
||||
@ -121,6 +121,8 @@ If a standard is not applicable, the history
|
||||
of the subject should be given.
|
||||
.It Ar BUGS
|
||||
Gotchas and caveats.
|
||||
.It Ar SECURITY CONSIDERATIONS
|
||||
Security issues to be aware of.
|
||||
.It Ar other
|
||||
Customized headers may be added at
|
||||
the authors discretion.
|
||||
|
@ -1,4 +1,4 @@
|
||||
.\" $NetBSD: shar.1,v 1.5 1997/10/19 23:05:28 lukem Exp $
|
||||
.\" $NetBSD: shar.1,v 1.6 1998/06/08 12:41:44 lukem Exp $
|
||||
.\"
|
||||
.\" Copyright (c) 1990, 1993
|
||||
.\" The Regents of the University of California. All rights reserved.
|
||||
@ -67,19 +67,6 @@ or
|
||||
.Nm
|
||||
makes no provisions for special types of files or files containing
|
||||
magic characters.
|
||||
.Pp
|
||||
It is easy to insert trojan horses into
|
||||
.Nm
|
||||
files.
|
||||
It is strongly recommended that all shell archive files be examined
|
||||
before running them through
|
||||
.Xr sh 1 .
|
||||
Archives produced using this implementation of
|
||||
.Nm
|
||||
may be easily examined with the command:
|
||||
.Bd -literal -offset indent
|
||||
egrep -v '^[X#]' shar.file
|
||||
.Ed
|
||||
.Sh EXAMPLES
|
||||
To create a shell archive of the program
|
||||
.Xr ls 1
|
||||
@ -103,3 +90,16 @@ The
|
||||
.Nm
|
||||
command appears in
|
||||
.Bx 4.4 .
|
||||
.Sh SECURITY CONSIDERATIONS
|
||||
It is easy to insert trojan horses into
|
||||
.Nm
|
||||
files.
|
||||
It is strongly recommended that all shell archive files be examined
|
||||
before running them through
|
||||
.Xr sh 1 .
|
||||
Archives produced using this implementation of
|
||||
.Nm
|
||||
may be easily examined with the command:
|
||||
.Bd -literal -offset indent
|
||||
egrep -v '^[X#]' shar.file
|
||||
.Ed
|
||||
|
@ -1,4 +1,4 @@
|
||||
.\" $NetBSD: tftp.1,v 1.7 1998/04/28 06:00:57 fair Exp $
|
||||
.\" $NetBSD: tftp.1,v 1.8 1998/06/08 12:41:44 lukem Exp $
|
||||
.\"
|
||||
.\" Copyright (c) 1990, 1993, 1994
|
||||
.\" The Regents of the University of California. All rights reserved.
|
||||
@ -159,8 +159,12 @@ Toggle packet tracing.
|
||||
.It Cm verbose
|
||||
Toggle verbose mode.
|
||||
.El
|
||||
.Sh BUGS
|
||||
.Pp
|
||||
.Sh HISTORY
|
||||
The
|
||||
.Nm
|
||||
command appeared in
|
||||
.Bx 4.3 .
|
||||
.Sh SECURITY CONSIDERATIONS
|
||||
Because there is no user-login or validation within
|
||||
the
|
||||
.Tn TFTP
|
||||
@ -168,8 +172,3 @@ protocol, the remote site will probably have some
|
||||
sort of file-access restrictions in place. The
|
||||
exact methods are specific to each site and therefore
|
||||
difficult to document here.
|
||||
.Sh HISTORY
|
||||
The
|
||||
.Nm
|
||||
command appeared in
|
||||
.Bx 4.3 .
|
||||
|
@ -30,7 +30,7 @@
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" from: @(#)chroot.8 8.1 (Berkeley) 6/9/93
|
||||
.\" $NetBSD: chroot.8,v 1.5 1997/10/18 04:06:28 lukem Exp $
|
||||
.\" $NetBSD: chroot.8,v 1.6 1998/06/08 12:41:44 lukem Exp $
|
||||
.\"
|
||||
.Dd June 9, 1993
|
||||
.Dt CHROOT 8
|
||||
@ -74,12 +74,12 @@ is used.
|
||||
.Xr chdir 2 ,
|
||||
.Xr chroot 2 ,
|
||||
.Xr environ 7
|
||||
.Sh CAVEATS
|
||||
.Nm
|
||||
should never be installed setuid root, as it would then be possible
|
||||
to exploit the program to gain root privileges.
|
||||
.Sh HISTORY
|
||||
The
|
||||
.Nm
|
||||
utility first appeared in
|
||||
.Bx 4.4 .
|
||||
.Sh SECURITY CONSIDERATIONS
|
||||
.Nm
|
||||
should never be installed setuid root, as it would then be possible
|
||||
to exploit the program to gain root privileges.
|
||||
|
@ -1,4 +1,4 @@
|
||||
.\" $NetBSD: inetd.8,v 1.15 1998/05/01 01:57:26 thorpej Exp $
|
||||
.\" $NetBSD: inetd.8,v 1.16 1998/06/08 12:41:44 lukem Exp $
|
||||
.\"
|
||||
.\" Copyright (c) 1998 The NetBSD Foundation, Inc.
|
||||
.\" All rights reserved.
|
||||
@ -261,13 +261,13 @@ on a socket and eventually time out, the server is said to be
|
||||
and should use a
|
||||
.Dq wait
|
||||
entry.
|
||||
.Xr Comsat 8
|
||||
.Xr comsat 8
|
||||
.Pq Xr biff 1
|
||||
and
|
||||
.Xr talkd 8
|
||||
are both examples of the latter type of
|
||||
datagram server.
|
||||
.Xr Tftpd 8
|
||||
.Xr tftpd 8
|
||||
is an exception; it is a datagram server that establishes pseudo-connections.
|
||||
It must be listed as
|
||||
.Dq wait
|
||||
@ -391,3 +391,12 @@ based services is modeled after that
|
||||
provided by SunOS 4.1.
|
||||
Support for specifying the socket buffer sizes was added in
|
||||
.Nx 1.4 .
|
||||
.Sh SECURITY CONSIDERATIONS
|
||||
Enabling the
|
||||
.Dq echo ,
|
||||
.Dq discard ,
|
||||
and
|
||||
.Dq chargen
|
||||
built-in trivial services is not recommended because remote
|
||||
users may abuse these to cause a denial of network service to
|
||||
or from the local host.
|
||||
|
Loading…
Reference in New Issue
Block a user