|
Revision tags: perseant-exfatfs-base-20250801 netbsd-11-base
|
|
| #
1.18 |
|
31-Oct-2024 |
gutteridge |
security.7: give example of a program with per-user-tmp issue
|
| #
1.17 |
|
30-Oct-2024 |
gutteridge |
security.7: note some programs won't work with per-user-tmp
Addresses a documentation aspect of PR kern/58438.
|
|
Revision tags: netbsd-10-1-RELEASE perseant-exfatfs-base-20240630 perseant-exfatfs-base netbsd-10-0-RELEASE netbsd-10-0-RC6 netbsd-10-0-RC5 netbsd-10-0-RC4 netbsd-10-0-RC3 netbsd-10-0-RC2 netbsd-10-0-RC1 netbsd-10-base cjep_sun2x-base1 cjep_sun2x-base cjep_staticlib_x-base1 cjep_staticlib_x-base
|
|
| #
1.16 |
|
10-Jan-2021 |
riastradh |
branches: 1.16.8;
Various entropy integration improvements.
- New /etc/security check for entropy in daily security report.
- New /etc/rc.d/entropy script runs (after random_seed and rndctl) to
check for entropy at boot -- in rc.conf, you can:
. set `entropy=check' to halt multiuser boot and enter single-user
mode if not enough entropy
. set `entropy=wait' to make multiuser boot wait until enough entropy
Default is to always boot without waiting -- and rely on other
channels like security report to alert the operator if there's a
problem.
- New man page entropy(7) discussing the higher-level concepts and
system integration with cross-references.
- New paragraph in afterboot(8) about entropy citing entropy(7) for
more details.
This change addresses many of the issues discussed in security/55659.
This is a first draft; happy to take improvements to the man pages and
scripted messages to improve clarity.
I considered changing motd to include an entropy warning with a
reference to the entropy(7) man page, but it's a little trickier:
- Not sure it's appropriate for all users to see at login rather than
users who have power to affect the entropy estimate (maybe it is,
just haven't decided).
- We only have a mechanism for changing once at boot; the message would
remain until next boot even if an operator adds enough entropy.
- The mechanism isn't really conducive to making a message appear
conditionally from boot to boot.
|
|
Revision tags: netbsd-9-4-RELEASE netbsd-9-3-RELEASE netbsd-9-2-RELEASE netbsd-9-1-RELEASE phil-wifi-20200421 phil-wifi-20200411 is-mlppp-base phil-wifi-20200406 netbsd-9-0-RELEASE netbsd-9-0-RC2 netbsd-9-0-RC1 phil-wifi-20191119 netbsd-9-base phil-wifi-20190609 pgoyette-compat-merge-20190127 pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906 pgoyette-compat-0728 phil-wifi-base pgoyette-compat-0625 pgoyette-compat-0521 pgoyette-compat-0502 pgoyette-compat-0422 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base perseant-stdc-iso10646-base
|
|
| #
1.15 |
|
03-Jul-2017 |
wiz |
Remove workaround for ancient HTML generation code.
|
|
Revision tags: netbsd-8-1-RELEASE netbsd-8-1-RC1 netbsd-8-0-RELEASE netbsd-8-0-RC2 netbsd-8-0-RC1 matt-nb8-mediatek-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1 pgoyette-localcount-20170320 bouyer-socketcan-base pgoyette-localcount-20170107 pgoyette-localcount-20161104 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base
|
|
| #
1.14 |
|
21-May-2016 |
christos |
branches: 1.14.8;
Mention MPROTECT issues
|
| #
1.13 |
|
14-Jun-2015 |
christos |
the data segment is not randomized.
|
| #
1.12 |
|
13-May-2015 |
shm |
0 mappings are currently disabled on all architectures.
|
|
Revision tags: netbsd-7-2-RELEASE netbsd-7-1-2-RELEASE netbsd-7-1-1-RELEASE netbsd-7-1-RELEASE netbsd-7-1-RC2 netbsd-7-nhusb-base-20170116 netbsd-7-1-RC1 netbsd-7-0-2-RELEASE netbsd-7-nhusb-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 netbsd-7-base yamt-pagecache-base9 tls-earlyentropy-base riastradh-xf86-video-intel-2-7-1-pre-2-21-15 tls-maxphys-base
|
|
| #
1.11 |
|
18-Mar-2014 |
riastradh |
Merge riastradh-drm2 to HEAD.
|
|
Revision tags: riastradh-drm2-base3 riastradh-drm2-base2 riastradh-drm2-base1
|
|
| #
1.10 |
|
20-Jul-2013 |
wiz |
Use Mt for email addresses.
|
|
Revision tags: riastradh-drm2-base agc-symver-base
|
|
| #
1.9 |
|
15-Mar-2013 |
njoly |
branches: 1.9.4;
Fix a few file system paths to use Pa macro.
|
|
Revision tags: netbsd-6-0-6-RELEASE netbsd-6-1-5-RELEASE yamt-pagecache-tag8 netbsd-6-1-4-RELEASE netbsd-6-0-5-RELEASE netbsd-6-1-3-RELEASE netbsd-6-0-4-RELEASE netbsd-6-1-2-RELEASE netbsd-6-0-3-RELEASE netbsd-6-1-1-RELEASE netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 netbsd-6-1-RC2 netbsd-6-1-RC1 yamt-pagecache-base8 netbsd-6-0-1-RELEASE yamt-pagecache-base7 matt-nb6-plus-nbase yamt-pagecache-base6 netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 yamt-pagecache-base5 yamt-pagecache-base4 netbsd-6-base yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base cherry-xenmp-base
|
|
| #
1.8 |
|
30-Mar-2011 |
jruoho |
branches: 1.8.4; 1.8.10;
Add some random, but decent enough, reading material to SEE ALSO.
|
| #
1.7 |
|
20-Mar-2011 |
jruoho |
Now that this is a generic page, clarify the AUTHORS section a little.
|
| #
1.6 |
|
19-Mar-2011 |
wiz |
Remove duplicate word.
|
| #
1.5 |
|
18-Mar-2011 |
jruoho |
Remove xref to nonexistent option(4).
|
| #
1.4 |
|
18-Mar-2011 |
jruoho |
Note the previous also in the lead paragraph.
|
| #
1.3 |
|
18-Mar-2011 |
jruoho |
Note the 'fetch_pkg_vulnerabilities=YES' also here. In lack of a proper
name, put this under "administrative security".
|
| #
1.2 |
|
18-Mar-2011 |
jruoho |
Use .Ss for non-standard subtitles.
|
| #
1.1 |
|
18-Mar-2011 |
jruoho |
Move security(8) to the section 7. Discussed on source-changes a while back.
Should address PR # 35718 at least partially.
|