| version 1.18, 1999/02/08 13:59:20 |
version 1.19, 1999/02/27 16:37:29 |
|
|
| conditions where you don't have proper control. For instance, an attacker |
conditions where you don't have proper control. For instance, an attacker |
| who already has user privileges on your machines may replace files in |
who already has user privileges on your machines may replace files in |
| <code>/tmp</code> with symbolic links to more strategic files, such as |
<code>/tmp</code> with symbolic links to more strategic files, such as |
| <code>/etc/passwd</code>. |
<code>/etc/master.passwd</code>. |
| |
|
| <li>For instance, both <code>fopen</code> and <code>freopen</code> |
<li>For instance, both <code>fopen</code> and <code>freopen</code> |
| <strong>create a new file or open an existing file</strong> for |
<strong>create a new file or open an existing file</strong> for |
| writing. An attacker may create a symbolic link from |
writing. An attacker may create a symbolic link from |
| <code>/etc/passwd</code> to <code>/tmp/addrpool_dump</code>. The |
<code>/etc/master.passwd</code> to <code>/tmp/addrpool_dump</code>. The |
| instant you open it, your password file is hosed. Yes, even with |
instant you open it, your password file is hosed. Yes, even with |
| an <code>unlink</code> right before. You only narrow the window |
an <code>unlink</code> right before. You only narrow the window |
| of opportunity. Use <code>open</code> with |
of opportunity. Use <code>open</code> with |
|
|
| path. Specifically, they set <code>/usr/bin</code> and |
path. Specifically, they set <code>/usr/bin</code> and |
| <code>/bin</code> to be searched <em>before</em> |
<code>/bin</code> to be searched <em>before</em> |
| <code>/usr/local/bin</code> and <code>/usr/X11R6/bin</code>. |
<code>/usr/local/bin</code> and <code>/usr/X11R6/bin</code>. |
| <li>Do <em>NOT</em> generate shared libraries for <code>${MACHINE_ARCH} == |
<li>Do <em>NOT</em> generate shared libraries if |
| alpha</code> |
<code>${NO_SHARED_LIBS}</code> is defined. |
| |
<li>If you rely on a feature that appeared in a recent version of |
| |
<code>bsd.port.mk</code> don't forget to add a line |
| |
<code>NEED_VERSION = x.yy</code> in the Makefile. |
| <li>In OpenBSD <code>curses.h/libcurses/libtermlib</code> are the |
<li>In OpenBSD <code>curses.h/libcurses/libtermlib</code> are the |
| ``new curses''. Change:<br> |
``new curses''. Change:<br> |
| <code>ncurses.h ==> curses.h</code><br> |
<code>ncurses.h ==> curses.h</code><br> |
![[BACK]](/icons/back.gif){kind=icon}
Return to porting.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www