1) pw->pw_class was always zero since not copied
2) login_getuserclass() used instead of login_getclass(), so
default class always returned
3) env pointer can be redefined at the moment of setusercontext() call
regenerated them to fix the line numbers. Also, I added two commented out
options in Makefile, one to tell sshd that a group writeable homedir
is OK because all users are in their own group, and the other is to allow
an unencrypted connection (which is dangerous since it can lead to
compromise of keys), but on a secure network it's damn useful for backups
etc.
o restricted setuid-root access to executables, adjustable
on a per-program and per-user basis;
o a relatively secure environment for scripts, so that well-written
scripts can be run as root (or some other uid/gid), without
unduly compromising security.
See pkg/DESCR for a comparson w/sudo.
Changed floppy generation code to chmod gunzip to executable by a
better strategic location for the chmod command. The former code
failed to do this, meaning gunzip couldn't be run from the floppy.
"Ooops". Yes, I actually do use this code! Honest! :-)
(tested with Linux x86, FreeBSD x86, Solaris 2.x SPARC, OSF/1 Alpha), DOS,
WinNT/Win95.
John the Ripper supports the following cracking modes:
- wordlist with or without rules;
- "single crack", makes use of the login/GECOS information;
- incremental, tries all character combinations;
- external, allows you to define your own cracking mode.
- MD5 based password files support
strobe is a network/security tool that locates and
describes all listening tcp ports on a (remote) host or on
many hosts in a bandwidth utilisation maximising, and pro-
cess resource minimizing manner.
strobe approximates a parallel finite state machine inter-
nally. In non-linear multi-host mode it attempts to appor-
tion bandwidth and sockets amoung the hosts very effi-
ciently. This can reap appreciable gains in speed for
multiple distinct hosts/routes.
Submitted by: proff@suburbia.net (Julian Assange)
Reviewed & Modified by: max
(Closing PR #1663.)
ignores it's argument (it's meaningless, the kernel keeps the state), but
2.1.x use it. ssh was effectively giving a random port to 2.1.
Originally noticed by: John Polstra <jdp@polstra.com>
PLISTs.
Note: I know that this is going to break some symlinks and/or .so
includes, I will back some of these out as I run into these during
package building.
than usernames. This makes it much more difficult for somebody to "frame"
one of your users.
ie: instead of people getting:
connect from peter@spinner.DIALix.COM
in their syslogs, they will get this instead:
connect from [W+rNvCy5FuPV4xEj8thdXIlfD9qNIbzB]@spinner.DIALix.COM
The remote site will have to send it to you to decode it. When you are
given one of these cookies, you can know for sure it is not faked, and you
don't have to trust the word of the remote sysadmin when arranging your
local lame hacker-type user to meet with an unfortunate incident :-).
This feature is documented in the man pages.
Also, fix an apparent bug in the code that deals with this, but it might
be a feature of the version of libdes we have on FreeBSD.
Requested by: markm (a fair while ago)
reporting bug which happens if the remote end uses tcp_wrappers to control
sshd access (it says something like "read: no such file or directory" or
"read: permission denied" instead of "connection closed"). I already sent it
in to the ssh mailing list.
Submitted by: fenner
all the COMMENTs! No package names, no version numbers, no "this is
absolutix-3.1.2" type comments that have zero information contents.
Now, without any bad examples to follow, nobody has an excuse to import
a port with those kind of comments. :)
Phew! 238 ports modified!
TIS has recently instituted a registration policy for access to the freely
available toolkit. We have added this additional step to ensure that you
are aware that, while this software is freely available, it is licensed and
copyrighted software.
so add a dummy fetch: target to tell people to read their licence and
obtain the source manually, and what to do with it when you have it.
meaning it will silently fail if you (say) install as "bin". This makes
the packaging break. (Will the package tools install the setuid-root
binary anyway?)
They were not particularly useful anyway, they are mainly diagnostic tools
to parse the output of 'netstat' to see which users have what local
connections open.
Requested by: asami
- protect the secret RSA etc/ssh_host_key. It is now generated on install
(either by pkg_add or make install) if not already present and is not
ever added to a package since it's your host's credentials. It should
not be removed on pkg_delete, since you are in big trouble if you did
this (for example) pkg_delete ssh-1.2.14; pkg_add ssh-1.2.15.tgz.
- fix the broken manpage symlink when compressing man pages (slogin.1
has been causing /etc/weekly to generate cron messages)
- zlib 1.0.4 is now "blessed" again, the ssh working sources now use this
instead of v0.95. The decompression problem was fixed in either 1.0.3
or 1.0.4. Also, the current version of cvs uses zlib 1.0.4 as well..
- perl5.002 -> perl5.003
Reviewed by: torstenb
ssh for transport. FreeBSD does not have the implementation bugs that some
other systems appear to have, this option only hurts us.
Reviewed by: torstenb
want to touch it.
While I'm here, change MASTER_SITES to URL form (ftp://) and add
markm as the maintainer (he's the only one who touched this
Makefile since the beginning of history)....
This implementation has been built with Our ((actually its own but in our
source tree) DES library and our MD{45}. You will need to link your SSL
code with -ldes and -lmd.
Are you happy now, Torsten? ;-)