* If per_user_tmp is disabled and /tmp equals to ${per_user_tmp_dir}/@uid,
remove it and recreate it with proper permissions (1777).
This fixes the problem when per_user_tmp is enabled and will put /tmp
on its original state when it's disabled.
Enabled via per_user_tmp in /etc/rc.conf (default off).
See security(8) and rc.conf(5) for more details.
Lots of input from thorpej@ & christos@, thanks!
remove pseudo-device btdev(4) and inherent limitations
add bthub(4) which autoconfigures at bluetooth controllers as they
are enabled. bluetooth devices now attach here.
btdevctl(8) and its cache is updated to handle new semantics
etc/rc.d/btdevctl is updated to configure devices from a list
in /etc/bluetooth/btdevctl.conf
of /etc/rc.d/ipfilter and family if MKIPFILTER=no. As lukem points
out, skipping installation of etc/rc.d/ scripts is not inconsistent
with other optional components, such as pf, x11, etc.
NetBSD Foundation Membership still pending.) This stack was written by
Iain under sponsorship from Itronix Inc.
The stack includes support for rfcomm networking (networking via your
bluetooth enabled cell phone), hid devices (keyboards/mice), and headsets.
Drivers for both PCMCIA and USB bluetooth controllers are included.
not absolute.
This affects an update with sysinst, which will try to look at
/targetroot/etc/fstab, which points to /etc/etc.whatever, which is
not there during the upgrade, and results in all (/targetroot)/etc
files getting nuked!
display or mouse variable should be changed. This is backwards compatible
with the old setvar style: if the argument is not specified, it defaults
to `keyboard'.
* remove all references to $ip6sitelocal and output a warning
message if the variable is defined.
* introduce $ip6uniquelocal (defaults to 'NO') that will control the
behaviour of the system when $ip6mode is ``router'' (i.e. fc00::/7
will not be routed if the variable is ``NO'') as per RFC 4193.
Thanks to Jonathan A. Kollasch for pointing this out in PR 32152.
derive IP address(es) from the interface (e.g "... from any to fxp0").
This however, creates window for possible attacks from the network.
Implement the solution proposed by YAMAMOTO Takashi:
Add /etc/defaults/pf.boot.conf and load it with the /etc/rc.d/pf_boot
script before starting the network. People who don't like the default
rules can override it with their own /etc/pf.boot.conf.
The default rules have been obtained from OpenBSD.
No objections on: tech-security
plunky