=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/Attic/porting.html,v retrieving revision 1.18 retrieving revision 1.19 diff -u -r1.18 -r1.19 --- www/Attic/porting.html 1999/02/08 13:59:20 1.18 +++ www/Attic/porting.html 1999/02/27 16:37:29 1.19 @@ -99,12 +99,12 @@ conditions where you don't have proper control. For instance, an attacker who already has user privileges on your machines may replace files in /tmp with symbolic links to more strategic files, such as - /etc/passwd. + /etc/master.passwd.
  • For instance, both fopen and freopen create a new file or open an existing file for writing. An attacker may create a symbolic link from - /etc/passwd to /tmp/addrpool_dump. The + /etc/master.passwd to /tmp/addrpool_dump. The instant you open it, your password file is hosed. Yes, even with an unlink right before. You only narrow the window of opportunity. Use open with @@ -297,8 +297,11 @@ path. Specifically, they set /usr/bin and /bin to be searched before /usr/local/bin and /usr/X11R6/bin. -
  • Do NOT generate shared libraries for ${MACHINE_ARCH} == - alpha +
  • Do NOT generate shared libraries if + ${NO_SHARED_LIBS} is defined. +
  • If you rely on a feature that appeared in a recent version of + bsd.port.mk don't forget to add a line + NEED_VERSION = x.yy in the Makefile.
  • In OpenBSD curses.h/libcurses/libtermlib are the ``new curses''. Change:
    ncurses.h ==> curses.h
    @@ -341,6 +344,6 @@
    OpenBSD www@openbsd.org -
    $OpenBSD: porting.html,v 1.18 1999/02/08 13:59:20 rohee Exp $ +
    $OpenBSD: porting.html,v 1.19 1999/02/27 16:37:29 rohee Exp $