===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/Attic/porting.html,v
retrieving revision 1.18
retrieving revision 1.19
diff -c -r1.18 -r1.19
*** www/Attic/porting.html	1999/02/08 13:59:20	1.18
--- www/Attic/porting.html	1999/02/27 16:37:29	1.19
***************
*** 99,110 ****
         conditions where you don't have proper control. For instance, an attacker
         who already has user privileges on your machines may replace files in 
         <code>/tmp</code> with symbolic links to more strategic files, such as
!        <code>/etc/passwd</code>.  
  
     <li>For instance, both <code>fopen</code> and <code>freopen</code>
         <strong>create a new file or open an existing file</strong> for
         writing. An attacker may create a symbolic link from
!        <code>/etc/passwd</code> to <code>/tmp/addrpool_dump</code>. The
         instant you open it, your password file is hosed. Yes, even with
         an <code>unlink</code> right before. You only narrow the window
         of opportunity.  Use <code>open</code> with
--- 99,110 ----
         conditions where you don't have proper control. For instance, an attacker
         who already has user privileges on your machines may replace files in 
         <code>/tmp</code> with symbolic links to more strategic files, such as
!        <code>/etc/master.passwd</code>.  
  
     <li>For instance, both <code>fopen</code> and <code>freopen</code>
         <strong>create a new file or open an existing file</strong> for
         writing. An attacker may create a symbolic link from
!        <code>/etc/master.passwd</code> to <code>/tmp/addrpool_dump</code>. The
         instant you open it, your password file is hosed. Yes, even with
         an <code>unlink</code> right before. You only narrow the window
         of opportunity.  Use <code>open</code> with
***************
*** 297,304 ****
         path. Specifically, they set <code>/usr/bin</code> and
         <code>/bin</code> to be searched <em>before</em>
         <code>/usr/local/bin</code> and <code>/usr/X11R6/bin</code>.
!    <li>Do <em>NOT</em> generate shared libraries for <code>${MACHINE_ARCH} ==
!        alpha</code>
     <li>In OpenBSD <code>curses.h/libcurses/libtermlib</code> are the
         ``new curses''.  Change:<br>
         <code>ncurses.h ==&gt; curses.h</code><br>
--- 297,307 ----
         path. Specifically, they set <code>/usr/bin</code> and
         <code>/bin</code> to be searched <em>before</em>
         <code>/usr/local/bin</code> and <code>/usr/X11R6/bin</code>.
!    <li>Do <em>NOT</em> generate shared libraries if
!        <code>${NO_SHARED_LIBS}</code> is defined.
!    <li>If you rely on a feature that appeared in a recent version of
!        <code>bsd.port.mk</code> don't forget to add a line
!        <code>NEED_VERSION = x.yy</code> in the Makefile.
     <li>In OpenBSD <code>curses.h/libcurses/libtermlib</code> are the
         ``new curses''.  Change:<br>
         <code>ncurses.h ==&gt; curses.h</code><br>
***************
*** 341,346 ****
    <hr>
    <a href="index.html"><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a> 
    <a href=mailto:www@openbsd.org>www@openbsd.org</a>
!   <br><small>$OpenBSD: porting.html,v 1.18 1999/02/08 13:59:20 rohee Exp $</small>
   </body>
  </html>
--- 344,349 ----
    <hr>
    <a href="index.html"><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a> 
    <a href=mailto:www@openbsd.org>www@openbsd.org</a>
!   <br><small>$OpenBSD: porting.html,v 1.19 1999/02/27 16:37:29 rohee Exp $</small>
   </body>
  </html>