From owner-freebsd-audit@FreeBSD.ORG Sun Jun 22 22:19:22 2003 Return-Path: Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7E2FD37B401 for ; Sun, 22 Jun 2003 22:19:22 -0700 (PDT) Received: from pop018.verizon.net (pop018pub.verizon.net [206.46.170.212]) by mx1.FreeBSD.org (Postfix) with ESMTP id 936C343FE5 for ; Sun, 22 Jun 2003 22:19:21 -0700 (PDT) (envelope-from mtm@identd.net) Received: from kokeb.ambesa.net ([138.88.140.205]) by pop018.verizon.net (InterMail vM.5.01.05.33 201-253-122-126-133-20030313) with ESMTP id <20030623051919.HEOL11703.pop018.verizon.net@kokeb.ambesa.net>; Mon, 23 Jun 2003 00:19:19 -0500 Date: Mon, 23 Jun 2003 01:19:14 -0400 From: Mike Makonnen To: freebsd-audit@FreeBSD.Org X-Mailer: Sylpheed version 0.8.10 (GTK+ 1.2.10; i386-portbld-freebsd5.0) Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="Multipart_Mon__23_Jun_2003_01:19:14_-0400_08196c00" X-Authentication-Info: Submitted using SMTP AUTH at pop018.verizon.net from [138.88.140.205] at Mon, 23 Jun 2003 00:19:17 -0500 Message-Id: <20030623051919.HEOL11703.pop018.verizon.net@kokeb.ambesa.net> cc: Lars Eggert Subject: Fw: [FreeBSD-rc] mktemp patch X-BeenThere: freebsd-audit@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD Security Audit List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Jun 2003 05:19:22 -0000 This is a multi-part message in MIME format. --Multipart_Mon__23_Jun_2003_01:19:14_-0400_08196c00 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Hello folks, I don't see any problems with this patch, but I thought I would pass it by this list, since it affects the periodic security scripts. Is there any reason we should specify the template manually instead of using the -t argument to mktemp(1) ? Begin forwarded message: Date: Sat, 21 Jun 2003 10:34:16 -0700 From: Lars Eggert To: FreeBSD-rc@yahoogroups.com Subject: [FreeBSD-rc] mktemp patch Hi, the attached patch replaces explicit templates with mktemp's -t switch. Lars -- Lars Eggert USC Information Sciences Institute -- Mike Makonnen | GPG-KEY: http://www.identd.net/~mtm/mtm.asc mtm@identd.net | D228 1A6F C64E 120A A1C9 A3AA DAE1 E2AF DBCC 68B9 mtm@FreeBSD.Org| FreeBSD - The Power To Serve --Multipart_Mon__23_Jun_2003_01:19:14_-0400_08196c00 Content-Type: text/plain; name="00000000.mimetmp" Content-Disposition: attachment; filename="00000000.mimetmp" Content-Transfer-Encoding: 7bit Hi, the attached patch replaces explicit templates with mktemp's -t switch. Lars -- Lars Eggert USC Information Sciences Institute --Multipart_Mon__23_Jun_2003_01:19:14_-0400_08196c00 Content-Type: text/plain; name="mktemp.patch" Content-Disposition: attachment; filename="mktemp.patch" Content-Transfer-Encoding: 7bit Index: periodic/security/500.ipfwdenied =================================================================== RCS file: /home/xbone/CVSROOT/FreeBSD-CURRENT-etc/periodic/security/500.ipfwdenied,v retrieving revision 1.1.1.3 diff -u -r1.1.1.3 500.ipfwdenied --- periodic/security/500.ipfwdenied 26 Oct 2002 20:49:08 -0000 1.1.1.3 +++ periodic/security/500.ipfwdenied 21 Jun 2003 16:20:51 -0000 @@ -41,7 +41,7 @@ case "$daily_status_security_ipfwdenied_enable" in [Yy][Ee][Ss]) - TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX` + TMP=`mktemp -t security` if ipfw -a l 2>/dev/null | egrep "deny|reset|unreach" > ${TMP}; then check_diff new_only ipfw ${TMP} "${host} ipfw denied packets:" fi Index: periodic/security/510.ipfdenied =================================================================== RCS file: /home/xbone/CVSROOT/FreeBSD-CURRENT-etc/periodic/security/510.ipfdenied,v retrieving revision 1.1.1.1 diff -u -r1.1.1.1 510.ipfdenied --- periodic/security/510.ipfdenied 26 Oct 2002 20:49:08 -0000 1.1.1.1 +++ periodic/security/510.ipfdenied 21 Jun 2003 16:21:10 -0000 @@ -41,7 +41,7 @@ case "$daily_status_security_ipfdenied_enable" in [Yy][Ee][Ss]) - TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX` + TMP=`mktemp -t security` if ipfstat -nhio 2>/dev/null | grep block > ${TMP}; then check_diff new_only ipf ${TMP} "${host} ipf denied packets:" fi Index: periodic/security/550.ipfwlimit =================================================================== RCS file: /home/xbone/CVSROOT/FreeBSD-CURRENT-etc/periodic/security/550.ipfwlimit,v retrieving revision 1.1.1.3 diff -u -r1.1.1.3 550.ipfwlimit --- periodic/security/550.ipfwlimit 9 Dec 2002 18:02:54 -0000 1.1.1.3 +++ periodic/security/550.ipfwlimit 21 Jun 2003 16:19:56 -0000 @@ -42,7 +42,7 @@ case "$daily_status_security_ipfwlimit_enable" in [Yy][Ee][Ss]) - TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX` + TMP=`mktemp -t security` IPFW_LOG_LIMIT=`sysctl -n net.inet.ip.fw.verbose_limit 2> /dev/null` if [ $? -eq 0 ] && [ "${IPFW_LOG_LIMIT}" -ne 0 ]; then ipfw -a l | grep " log " | \ Index: periodic/security/600.ip6fwdenied =================================================================== RCS file: /home/xbone/CVSROOT/FreeBSD-CURRENT-etc/periodic/security/600.ip6fwdenied,v retrieving revision 1.1.1.3 diff -u -r1.1.1.3 600.ip6fwdenied --- periodic/security/600.ip6fwdenied 26 Oct 2002 20:49:10 -0000 1.1.1.3 +++ periodic/security/600.ip6fwdenied 21 Jun 2003 16:21:29 -0000 @@ -41,7 +41,7 @@ case "$daily_status_security_ip6fwdenied_enable" in [Yy][Ee][Ss]) - TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX` + TMP=`mktemp -t security` if ip6fw -a l 2>/dev/null | egrep "deny|reset|unreach" > ${TMP}; then check_diff new_only ip6fw ${TMP} "${host} ip6fw denied packets:" fi Index: periodic/security/650.ip6fwlimit =================================================================== RCS file: /home/xbone/CVSROOT/FreeBSD-CURRENT-etc/periodic/security/650.ip6fwlimit,v retrieving revision 1.1.1.3 diff -u -r1.1.1.3 650.ip6fwlimit --- periodic/security/650.ip6fwlimit 9 Dec 2002 18:02:55 -0000 1.1.1.3 +++ periodic/security/650.ip6fwlimit 21 Jun 2003 16:20:14 -0000 @@ -42,7 +42,7 @@ case "$daily_status_security_ip6fwlimit_enable" in [Yy][Ee][Ss]) - TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX` + TMP=`mktemp -t security` IP6FW_LOG_LIMIT=`sysctl -n net.inet6.ip6.fw.verbose_limit 2> /dev/null` if [ $? -eq 0 ] && [ "${IP6FW_LOG_LIMIT}" -ne 0 ]; then ip6fw -a l | grep " log " | \ Index: periodic/security/security.functions =================================================================== RCS file: /home/xbone/CVSROOT/FreeBSD-CURRENT-etc/periodic/security/security.functions,v retrieving revision 1.1.1.2 diff -u -r1.1.1.2 security.functions --- periodic/security/security.functions 25 Nov 2002 16:50:15 -0000 1.1.1.2 +++ periodic/security/security.functions 21 Jun 2003 16:20:33 -0000 @@ -52,7 +52,7 @@ msg="$1"; shift if [ "${tmpf}" = "-" ]; then - tmpf=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX` + tmpf=`mktemp -t security` cat > ${tmpf} fi Index: rc.d/motd =================================================================== RCS file: /home/xbone/CVSROOT/FreeBSD-CURRENT-etc/rc.d/motd,v retrieving revision 1.1.1.2 diff -u -r1.1.1.2 motd --- rc.d/motd 29 Apr 2003 23:34:44 -0000 1.1.1.2 +++ rc.d/motd 21 Jun 2003 16:17:46 -0000 @@ -38,7 +38,7 @@ case ${OSTYPE} in FreeBSD) - T=`mktemp /tmp/_motd.XXXXXX` + T=`mktemp -t motd` uname -v | sed -e 's,^\([^#]*\) #\(.* [1-2][0-9][0-9][0-9]\).*/\([^\]*\) $,\1 (\3) #\2,' > ${T} awk '{if (NR == 1) {if ($1 == "FreeBSD") {next} else {print "\n"$0}} else {print}}' < /etc/motd >> ${T} ;; --Multipart_Mon__23_Jun_2003_01:19:14_-0400_08196c00-- From owner-freebsd-audit@FreeBSD.ORG Thu Jun 26 03:36:55 2003 Return-Path: Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0C44E37B401 for ; Thu, 26 Jun 2003 03:36:55 -0700 (PDT) Received: from mail.liwing.de (mail.liwing.de [213.70.188.162]) by mx1.FreeBSD.org (Postfix) with ESMTP id C519E43FF9 for ; Thu, 26 Jun 2003 03:36:53 -0700 (PDT) (envelope-from rehsack@liwing.de) Received: (qmail 47574 invoked from network); 26 Jun 2003 10:36:52 -0000 Received: from stingray.liwing.de (HELO liwing.de) ([213.70.188.164]) (envelope-sender ) by mail.liwing.de (qmail-ldap-1.03) with SMTP for ; 26 Jun 2003 10:36:52 -0000 Message-ID: <3EFACCC4.1000508@liwing.de> Date: Thu, 26 Jun 2003 12:36:52 +0200 From: Jens Rehsack Organization: LiWing IT-Services User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.2) Gecko/20030208 Netscape/7.02 (Compact - Build 2) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-audit Content-Type: multipart/mixed; boundary="------------040303080803070607000003" Subject: [patch] src/gnu/usr.bin/send-pr X-BeenThere: freebsd-audit@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD Security Audit List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Jun 2003 10:36:55 -0000 This is a multi-part message in MIME format. --------------040303080803070607000003 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hi, I tried to write a small script which makes it easier to send PR's from a hidden subdomain. This is required for us, because I didn't found a way to send pr's from internal network. So I had to copy the generated pr-files to one of our "internet" machines and use 'send-pr -f'. Ok, I added some new parameters to send-pr but found no person who is really responsible to it, so I remembered a hint got earlier to send patches to be approved to audit@. What do you think, makes it sense or should I rewite my script to make replacements using sed and some regular expressions? Best, jens --------------040303080803070607000003 Content-Type: text/plain; name="patch-send-pr.sh.diff" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="patch-send-pr.sh.diff" --- gnu/usr.bin/send-pr/send-pr.sh.orig Sat Mar 22 10:31:24 2003 +++ gnu/usr.bin/send-pr/send-pr.sh Wed Jun 25 09:58:02 2003 @@ -138,6 +138,9 @@ BATCH= CC= SEVERITY_C= +PRIORITY_C= +CATEGORY_C= +CLASS_C= while [ $# -gt 0 ]; do case "$1" in @@ -160,6 +163,15 @@ -s | --severity) if [ $# -eq 1 ]; then echo "$USAGE"; exit 1; fi shift ; SEVERITY_C="$1" ;; + --priority) if [ $# -eq 1 ]; then echo "$USAGE"; exit 1; fi + shift ; PRIORITY_C="$1" + ;; + --category) if [ $# -eq 1 ]; then echo "$USAGE"; exit 1; fi + shift ; CATEGORY_C="$1" + ;; + --class) if [ $# -eq 1 ]; then echo "$USAGE"; exit 1; fi + shift ; CLASS_C="$1" + ;; -p | -P | --print) PRINT=true ;; -L | --list) FORMAT=norm ;; -l | -CL | --lisp) FORMAT=lisp ;; @@ -247,9 +259,15 @@ if [ -z "$SEVERITY_C" ]; then SEVERITY_C='<[ non-critical | serious | critical ] (one line)>' fi -PRIORITY_C='<[ low | medium | high ] (one line)>' -CATEGORY_C='' -CLASS_C='<[ sw-bug | doc-bug | change-request | update | maintainer-update ] (one line)>' +if [ -z "$PRIORITY_C" ]; then + PRIORITY_C='<[ low | medium | high ] (one line)>' +fi +if [ -z "$CATEGORY_C" ]; then + CATEGORY_C='' +fi +if [ -z "$CLASS_C" ]; then + CLASS_C='<[ sw-bug | doc-bug | change-request | update | maintainer-update ] (one line)>' +fi RELEASE_C='' ENVIRONMENT_C='' DESCRIPTION_C='' --------------040303080803070607000003 Content-Type: text/plain; name="submit-pr" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="submit-pr" #!/bin/sh # $Id$ usage() { cat <] [-c ] [-a ] [-l ] [-s ] [-t ] [-o ] [-u ] [-m ] location of port in ports-tree (eg. lang/php4) e-mail addresses to put in Cc: of mail pattern to match the patch files one of [ sw-bug | doc-bug | change-request | update | maintainer-update ] one of [ non-critical | serious | critical ] one of the entries from /etc/gnats/freefall one of [ low | medium | high ] another user name, eg. when name differs from mail user name another domain name for sending mail from/to EOF exit 1 } cc="Jens Rehsack " organization="LiWing IT-Services" severity="non-critical" # [ non-critical | serious | critical ] priority="medium" # [ low | medium | high ] category="ports" # ${pr_file} ${EDITOR} ${pr_file} echo "The PR to send is in ${pr_file}" --------------040303080803070607000003--