switch and a set of flags. Get rid of DEFAULT flags entirely. Print
warnings if on/off switches are not set, or are set incorrectly.
Add a shell function to simplify this on/off switch testing.
* remove superfluous umasks
* replace `eval ...` with $((...)) or ${i#...}
* use $0 instead of MAKEDEV
* warn on unknown devices
* add enss* to ss*
* ensure tapes are root.operator 660
* st* perms are 660 not 640
* ttyv* isn't a special case on the sparc (it's an i386-ism)
* add enss* to ss*
* use $0.local instead of MAKEDEV.local, and reset the umask afterwards
* remove devices before mknod-ing them
* use ${i#...} and $((...)) instead of `eval ...`
* tz* has perms 660 root.operator (instead of 666 root.wheel)
* consolidate a few devices into one case, with internal switching
for the slight difference (usually unit name and major number)
* reset the umask after MAKEDEV.local
* don't treat ttyv* specially - it's an i386-ism
* add enss* to ss*
* md* is root.operator 640 not root.wheel 600
* use ${i#...} instead of `expr ...`
* use 'sh $0.local' not 'sh MAKEDEV.local'
* warn on invalid devices
* st* has perms 660 not 640
* use $0 not MAKEDEV
* add enss* to ss*
* remove superfluous use of umask
* ensure umask is reset after running MAKEDEV.local
- clean up comments and generated output.
- clean up $SECUREDIR if SIGINT or SIGQUIT received.
- .rhosts may have to be world readable in NFS environments, so allow it to be.
- update list of disks to check for reasonable permissions
- don't show differences in /etc/master.passwd, as the encrypted strings may
be sent. From reading comments earlier in the script, this was the intention
anyway. Fix from Jim Bernard <jbernard@tater.mines.edu> in [security/3994].
- when checking /etc/ftpusers, skip comment lines and only match full
usernames.
XXX: this should be enhanced to check lines of the enhanced ftpusers format.
an interface to first time its address is referenced. Therefore:
* configure lo0 before all other interfaces (rather than afterwards).
* don't explicitly add a route from `hostname` to localhost
names for the lower density minor dev numbers. My shell code would
even work for a wt1 device, but I would seriously pity anyone trying
to get two of these things to work on one machine. Heck, no one should
even try to use ONE wt device.
Really weird bug. On inspection, the shell code in rc looked fine, but
when tested, sure enough, the semantics of the shell were not what I
thought they were. Very unexpected to me, and obviously to the
hundreds of people who must have read those lines without seeing that
they were broken.
2) substantial cleanup. In particular, I got rid of lots of
egregiously obsolete entries, and I got rid of obsolete
capabilities in the only mostly obsolete entries, etc.
