diff --git a/en/auditors.sgml b/en/auditors.sgml index 61652c614f..ad7eafc1dd 100644 --- a/en/auditors.sgml +++ b/en/auditors.sgml @@ -1,743 +1,743 @@ + %includes; ]> &header;

General Information

&date;

Overview

In light of our recent (and still ongoing) security concerns, it has become rather obvious that nothing less than a rigorous and comprehensive security review of the FreeBSD source tree will enable us to really have much confidence in the security of our operating system, an OS that many have come increasingly to rely upon and must be made more than reasonably secure if they are to continue to be able to do so.

The sheer amount of legacy code & code from outside sources in FreeBSD also makes it especially easy for security holes to go unnoticed until it's rather too late, and no truly large-scale attempt has been made up to this point to really go through the codebase with a specific focus on security issues, that being a rather big project and most FreeBSD developers being more than busy enough elsewhere. This situation must now change, however, if we are to remain the kind of operating system that people can continue to rely upon as the Internet continues to grow and (I suspect) become an ever-more hostile environment for improperly protected systems. Proper security is something of a cooperative arrangement between the local administrator and the OS vendor, and this "OS vendor" needs to do its part.

The core team's first step in becoming more serious about security was to bring the project's security officer, Guido van Rooij, into the team so that one of the "voices at the table" would have security as his primary mandate and representation in all the important security mailing lists external to the FreeBSD Project. He will also keep the rest of us in core much more aware of security concerns as they arise, hopefully not to be taken quite so by surprise as we have a few times in the past.

Our second step will be this audit, an attempt to methodically go through every line of source in FreeBSD looking for obvious buffer overflows (sprintf()/strcpy() vs snprintf()/strncpy() and so on), less obvious security holes, instances of insufficiently defensive coding, amusing comment strings to forward to freebsd-chat, whatever we run across.

Using the modules database as an outline, we will split the source tree into more manageable pieces, keeping a sign-up sheet in a prominent place so that people can see which modules are covered and which are not. A carefully selected team of individuals is now also being formed, that team being composed of "auditors" and "reviewers" (most members of the team being both). An auditor has principle responsibility, which may be shared with another auditor, for actually going through the code and looking for security holes and/or bugs. Once a reasonable pile of diffs have been accumulated, assuming that any problems were found, they are send to one or more reviewers who are responsible for giving the changes another once-over and, if the auditor does not have commit privileges, to actually commit the changes when & if they're deemed acceptable.

Requirements:

In order to be an auditor, you should either have commit privileges on freefall.FreeBSD.org or an arrangement with another auditor/reviewer who does. You should also be running or have immediate access to FreeBSD-current sources + href="doc/en_US.ISO8859-1/books/handbook/cutting-edge.html#CURRENT">FreeBSD-current sources since all of our changes will be made relative to that branch and then brought back (as necessary) into the 2.1 and 2.2 branches.

What to look for and what the general rules to follow are is sufficiently complex that I have turned it into a FreeBSD Security Guide. Please read this now if you haven't already. Other excellent documents are the Secure Programming Checklist and the Unix Security Checklist, both available from AUSCERT.

Sign-Up sheet:

Here is the sign-up sheet as it sits so far. This is *very* skeletal at this stage, given that we've just now started, and as people indicate which module(s) they're willing to either audit or review, we'll fill it in. If this tabular format also becomes unwieldy as it fills up, we can change it or put it on a web page or something. :) I've left some sample entries open just as place-holders, and they in no way imply that someone has to be willing to pick up pieces that large.

Anything in the modules database represents a potential auditing target - from ones as small as "cat" to ones as large as "lib", the most important being that people bite off pieces no larger than they think they can chew. If you take 15 things onto your plate and deal with only 5, you're not doing anyone any favors since the other auditors will be assuming that the other 10 items are handled!

To sign up for something, please send mail to jmb@FreeBSD.org.

Module Auditor(s) Reviewer(s) Status
bin ac ee* gvr* jh ka mu vk imp* jmb* md* gvr* Open
contrib cg gvr* Open
eBones mrvm* gvr* Open
games ab ee* xaa gvr* Open
init gl gvr* Open
lib ak bjn pst* dg* imp* jkh* gvr* Open
libc ee* mu gvr* Open
libexec crh ee* imp* mr witr gvr* Open
lkm dob* gvr* Open
sbin ee* imp* or* tao jmb* md* gvr* Open
secure dc mrvm* gvr* Open
telnetd ac dn imp* gvr* Open
usr.bin bob ee* jha jm ky* rb rd rjk vk md* gvr* Open
usr.sbin ee* ejc gl imp* jm marc rd md* gvr* Open

Auditor/Reviewer keys

This is the list of people who have volunteered to participate as auditors or reviewers in this process. They may also be reached collectively by sending mail to the auditors@FreeBSD.org alias at times when it is appropriate to send mail to all auditors. If you wish to reach just the auditors & reviewers for a specific category, say usr.sbin for example, then you would send mail to audit-usr.sbin@FreeBSD.org.

Key Auditor/Reviewer Name and Email address
ab Aaron Bornstein aaronb@j51.com
ac Adrian Chadd adrian@psinet.net.au
ak Adam Kubicki apk@itl.waw.pl
am Albert Mietus gam@gamp.hacom.nl
avk Alexander V. Kalganov top@sonic.cris.net
bb Bob Bishop rb@gid.co.uk
bjn Brent J. Nordquist nordquist@platinum.com
bob Bob Willcox bob@luke.pmr.com
btm Brian T. Michely brianm@cmhcsys.com
cg Coranth Gryphon gryphon@healer.com
cl Chris Lambertus cmlambertus@ucdavis.edu
crh Charles Henrich henrich@crh.cl.msu.edu
dc Dan Cross tenser@spitfire.ecsel.psu.edu
dg* David Greenman davidg@FreeBSD.org
din Dinesh Nair dinesh@alphaque.com
dn David Nugent davidn@labs.usn.blaze.net.au
dob* David E. O'Brien obrien@NUXI.com
dz Danny J. Zerkel dzerkel@phofarm.com
ee* Eivind Eklund eivind@FreeBSD.org
eh Elijah Hempstone avatar@gandalf.bss.sol.net
ehu Ernest Hua hua@chromatic.com
ejc Eric J. Chet ejc@gargoyle.bazzle.com
gl Giles Lean giles@nemeton.com.au
gvr* Guido van Rooij guido@FreeBSD.org
gw Graham Wheeler gram@oms.co.za
imp* Warner Losh imp@FreeBSD.org
jb Jim Bresler jfb11@inlink.com
jh Jake Hamby jehamby@lightside.com
jha John H. Aughey jha@cs.purdue.edu
jk Jerry Kendall Jerry@kcis.com
jkh* Jordan K. Hubbard jkh@FreeBSD.org
jm Josef Moellers mollers.pad@sni.de
jmb* Jonathan M. Bresler jmb@FreeBSD.org
joe* Joe Greco jgreco@solaria.sol.net
ka Kalganov Alexander top@bird.cris.net
ki Kenneth Ingham ingham@i-pi.com
ky* Kazutaka YOKOTA yokota@zodiac.mech.utsunomiya-u.ac.jp
marc Marc Slemko marcs@znep.com
md* Matt Dillon dillon@best.net
mr Mike Romaniw msr@cuc.com
mrvm* Mark Murray mark@grondar.za
mu Mudge mudge@l0pht.com
or* Ollivier Robert roberto@keltia.freenix.fr
pb Peter Blake ppb@baloo.tcp.co.uk
peter* Peter Wemm peter@FreeBSD.org
phk* Poul-Henning Kamp phk@FreeBSD.org
pst* Paul Traina pst@FreeBSD.org
rb Reinier Bezuidenhout rbezuide@oskar.nanoteq.co.za
rd Rajiv Dighe rajivd@sprynet.com
rel Roger Espel Llima espel@llaic.univ-bpclermont.fr
rjk Richard J Kuhns rjk@grauel.com
rm Robin Melville robmel@nadt.org.uk
rs Robert Sexton robert@kudra.com
sc Sergei Chechetkin csl@whale.sunbay.crimea.ua
tao Brian Tao taob@risc.org
tdr Thomas David Rivers ponds!rivers@dg-rtp.dg.com
vk Vadim Kolontsov vadim@tversu.ac.ru
witr Robert Withrow witr@rwwa.com
xaa Mark Huizer xaa@stack.nl

* = Has CVS commit privileges.

&footer; diff --git a/en/availability.sgml b/en/availability.sgml index 30a6cc6ad9..c0b8cd96ea 100644 --- a/en/availability.sgml +++ b/en/availability.sgml @@ -1,83 +1,83 @@ + %includes; ]> &header;

Availability of FreeBSD

FreeBSD is free and is available for downloading over the Internet or on CDROM for a small fee.


Hardware requirements.

FreeBSD runs on a variety of PC and Alpha hardware. Please review - the supported - configurations section of the FreeBSD + the supported + configurations section of the FreeBSD Handbook for more information.


Where to get it.

FreeBSD can be downloaded over the Internet for free, using a variety of different protocols (FTP, CVS, AFS, and more). If bandwidth is expensive for you then it can also be purchased on CDROM from a variety of vendors.

For more information on obtaining FreeBSD, please see the Handbook Chapter on obtaining + href="doc/en_US.ISO8859-1/books/handbook/mirrors.html">Handbook Chapter on obtaining FreeBSD.

For more information on installing FreeBSD, please see the Handbook Chapter on + href="doc/en_US.ISO8859-1/books/handbook/install.html">Handbook Chapter on installing FreeBSD.


About the FreeBSD Project.

FreeBSD is developed and supported by a worldwide team of programmers. Jordan Hubbard, one of the project's founders, has written a brief history + href="doc/en_US.ISO8859-1/books/handbook/history.html">brief history of the FreeBSD project. Information about who's responsible for what + href="doc/en_US.ISO8859-1/books/handbook/staff-who.html">who's responsible for what is also available. If you are curious, take a look at some pictures of the team members. A more complete listing of contributors is available in the Contributors section of the - FreeBSD Handbook. FreeBSD is + href="doc/en_US.ISO8859-1/books/handbook/contrib.html">Contributors section of the + FreeBSD Handbook. FreeBSD is an open project, and welcomes the help of individuals who have time and or skills to offer.

This "about" section was created by Sean Kelly.

Inside your PC is a daemon waiting to be unleashed. Free it with FreeBSD.

&footer; diff --git a/en/internal/about.sgml b/en/internal/about.sgml index 3e0f39b581..0d0798d48a 100644 --- a/en/internal/about.sgml +++ b/en/internal/about.sgml @@ -1,90 +1,90 @@ - + %includes; ]> &header;

The Machine

The machine www.FreeBSD.org, otherwise known as freefall.FreeBSD.org, is 800MHz Pentium III set up with 1024 megabytes of RAM and about 50 gigabytes of disk space. The mail duties for the domain are handled by hub.FreeBSD.org, a 400 MHz Pentium II with 256 megabytes RAM and about 16 gigabytes disk space.

Naturally, these systems all run FreeBSD. The hardware and network connection have been generously provided by BSDi, Yahoo!, and other contributors to the FreeBSD project. + href="../doc/en_US.ISO8859-1/books/handbook/donors.html">contributors to the FreeBSD project.

A complete list of all host names in the FreeBSD.org domain is available at the The FreeBSD.org Network page.

The Software

These pages are served up by the versatile and efficient Apache http server. In addition, there are a few locally crafted CGI scripts. Indexing of these pages and the mailing list archive are provided by freewais-sf, a derivative of the CNIDR freewais.

The Urchin web statistics package is used to provide these statistics on web server usage.

The Pages

These Web pages have been put together by John Fieber <jfieber@FreeBSD.org> with input from the FreeBSD community and you. The Webmaster is <wosch@FreeBSD.org>. The FreeBSD pages are HTML 3.2 compliant and best viewed with your browser.

See also the FreeBSD Documentation Project

Page Design

Original page design by Megan McCormack

Building and updating the FreeBSD Web Pages

&webbuild;

Update of the FreeBSD Web Pages

The FreeBSD Web Pages are updated daily at 0800 and 2000 UTC.

Mirroring the FreeBSD Web Pages

You can (and are encouraged to) mirror the FreeBSD web pages on www.FreeBSD.org.

Usage statistics for this server are updated daily.

FreeBSD Internal Home &footer; diff --git a/en/internal/mirror.sgml b/en/internal/mirror.sgml index b0f89c8c6f..61cb8493f4 100644 --- a/en/internal/mirror.sgml +++ b/en/internal/mirror.sgml @@ -1,61 +1,61 @@ - + %includes; ]> &header;

You can (and are encouraged to) mirror the FreeBSD web pages www.FreeBSD.org. To do this, you need to obtain and install a program called cvsup on your web server. -CVSup is a software package for +CVSup is a software package for distributing and updating collections of files across a network.

Installing CVSup

To build and install it, do the following:

  # cd /usr/ports/net/cvsup-bin
  # make all install clean
 

Running CVSup

If you keep your mirrored FreeBSD web pages in the directory /usr/FreeBSD-mirror and are owned by the user `fred', then run the following command as user `fred':

      $ cvsup supfile-www
 
The file supfile-www contain:
        *default host=cvsup.FreeBSD.org
        *default prefix=/usr/FreeBSD-mirror
        *default base=/usr/local/etc/cvsup
        www release=current delete use-rel-suffix compress
 

This will mirror the FreeBSD web pages into /usr/FreeBSD-mirror. You can install this into fred's crontab, so that it runs once a day. The pages on www.FreeBSD.org are updated daily at about 4:30am California time.

More Information on CVSup

-See the CVSup introduction in the +See the CVSup introduction in the handbook.

FreeBSD Internal Home &footer; diff --git a/en/java/docs/howtoports.sgml b/en/java/docs/howtoports.sgml index b04d4a0a43..ff35aabf4d 100644 --- a/en/java/docs/howtoports.sgml +++ b/en/java/docs/howtoports.sgml @@ -1,34 +1,34 @@ - + %includes; ]> &header;
-

General instructions can be found in the FreeBSD Handbook, under Porting Applications. +

General instructions can be found in the FreeBSD Handbook, under Porting Applications.

For Java ports, there are unofficial standards:

     1) If it's a library then jar files go into:
           /usr/local/share/java/classes/
 
     2) If it's a stand-alone application then jar files go into:
           /usr/local/share/java/<application-name>/
         and  scripts to run it go into:
           /usr/local/bin/
 
     3) Documentation goes into:
           /usr/local/share/doc/java/<application-name>/
 

The more ported applications we have, the better.

&footer; diff --git a/en/java/install.sgml b/en/java/install.sgml index 974791be01..106b4289b2 100644 --- a/en/java/install.sgml +++ b/en/java/install.sgml @@ -1,29 +1,29 @@ - + %includes; ]> &header;

Installing FreeBSD's JDK is typically straightforward:

cd /usr/ports/java/jdk
make
make install
make clean

The JDK does not require any dependencies to install. However, if you wish to run any graphics, you will need to have X installed and running.

Many applications in Java need Java Foundation Classes (Swing) to run. JFC can be installed in: /usr/ports/java/jfc -

If you should have trouble, you can see the FreeBSD Handbook section on "installing applications" for help. +

If you should have trouble, you can see the FreeBSD Handbook section on "installing applications" for help.

&footer; diff --git a/en/mailto.sgml b/en/mailto.sgml index 2f3c318a8f..842bcdd82f 100644 --- a/en/mailto.sgml +++ b/en/mailto.sgml @@ -1,52 +1,52 @@ + %includes; ]> &header;

Questions about FreeBSD...

Questions regarding FreeBSD should be addressed to the FreeBSD Questions mailing list, freebsd-questions@FreeBSD.ORG.

Mailing lists are the primary support channel for FreeBSD users, with numerous mailing lists covering different topic areas. Several non-English mailing lists are also available.

Questions about the contents of this WWW server...

Questions or suggestions about our documentation (Handbook, FAQ, Handbook, FAQ, Tutorials) should be addressed to the FreeBSD Documentation Project mailing list, freebsd-doc@FreeBSD.ORG.

Snail mail, phone and fax

For CDROM orders: The FreeBSD Mall

For commercial support: The FreeBSD Mall

Who Is Responsible for What

Public Relations & Corporate Liaison, Security Officer, Postmaster, Webmaster etc.

&footer; diff --git a/en/news/1997/index.sgml b/en/news/1997/index.sgml index e2e70cf6bc..938573c6e0 100644 --- a/en/news/1997/index.sgml +++ b/en/news/1997/index.sgml @@ -1,272 +1,272 @@ - + %includes; News Home'> %newsincludes; ]> &header;

December 1997

November 1997

October 1997

September 1997

August 1997

July 1997

June 1997

May 1997

April 1997

March 1997

February 1997

January 1997

&newshome; &footer; diff --git a/en/news/1998/index.sgml b/en/news/1998/index.sgml index 46316ba04d..4546afe3ab 100644 --- a/en/news/1998/index.sgml +++ b/en/news/1998/index.sgml @@ -1,242 +1,242 @@ - + %includes; News Home'> %newsincludes; ]> &header;

December 1998

November 1998

October 1998

September 1998

August 1998

July 1998

May 1998

April 1998

March 1998

February 1998

January 1998

&newshome; &footer; diff --git a/en/news/2000/index.sgml b/en/news/2000/index.sgml index ab135f5f0b..1dc8e10c1c 100644 --- a/en/news/2000/index.sgml +++ b/en/news/2000/index.sgml @@ -1,456 +1,456 @@ - + %includes; News Home'> %newsincludes; ]> &header;

December 2000

November 2000

October 2000

September 2000

August 2000

July 2000

June 2000

May 2000

April 2000

March 2000

February 2000

January 2000

&newshome; &footer; diff --git a/en/news/press-rel-2.sgml b/en/news/press-rel-2.sgml index 2145f5442b..6f9970ef2f 100644 --- a/en/news/press-rel-2.sgml +++ b/en/news/press-rel-2.sgml @@ -1,89 +1,89 @@ - + %includes; %newsincludes; ]> &header;

Complete XML Development System Integrated with FreeBSD

Concord, CA, April 29, 1999: Included with FreeBSD 3.1 is a complete, integrated SGML/XML development system that installs with a simple, easy to use command sequence.

FreeBSD's Ports system and multitasking architecture makes it easy for an SGML/XML developer to download and install all the latest versions of the tools and reference material he needs to develop SGML and XML formatting languages and documents, and the online Internet mailing lists help him learn and keep up-to-date with the evolving XML implementation.

FreeBSD is a full-featured open-source operating system which runs on virtually all Intel x86-based personal computers. Its 580 page "Handbook" has recently been completely done over into DocBook format, and it is a living example of an evolving document built with SGML tools. The Handbook is available on the Internet at:

The FreeBSD Documentation Project is also making available the "FreeBSD Documentation Project Primer" to make it as painless as possible for newcomers to contribute to the FreeBSD Documentation Set. Much of the information in the primer is appropriate to all SGML/XML users, and is freely available. The primer, which is constantly being updated by the Documentation Project team, can be found at:

Features of the Document Project SGML/XML System include:

The FreeBSD Documentation Project is actively migrating from the LinuxDoc DTD to the DocBook DTD, and has been providing feedback to the DocBook maintainers regarding new features and possible implementations for the past year. For more information about the FreeBSD Documentation Project, please contact the freebsd-doc@FreeBSD.org mailing list.

The FreeBSD operating system is available on the Internet from the master FreeBSD website and from various mirror systems around the world, and it can also be obtained on convenient CDROMs from Walnut Creek CDROM. Information on all of these options is available through:

&footer; diff --git a/en/projects/cvsweb.sgml b/en/projects/cvsweb.sgml index efa55091f2..883cf4bda1 100644 --- a/en/projects/cvsweb.sgml +++ b/en/projects/cvsweb.sgml @@ -1,91 +1,91 @@ - + %includes; ]> &header;

Contents

What is CVSweb?

CVSweb is a WWW interface for CVS repositories with which you can browse a file hierarchy on your browser to view each file's revision history in a very handy manner.

CVSweb was originally written by &a.fenner; for the FreeBSD Project, and instantly won great popularity among software developpers for its usability.

FreeBSD-CVSweb, formerly known as knu-CVSweb, is an enhanced version of CVSweb based on and has been kept in sync with Henner Zeller's CVSweb, which is an extended version of CVSweb. &a.knu; made numerous cleanups, bug-fixes, security enhancements and feature improvements over the version and brought it back where it was born. FreeBSD-CVSweb is currently maintained by &a.scop;.

CVSweb is freely available under the terms of the BSD license. It is currently used by such projects as FreeBSD, XFree86, Perl, and Ruby.


Downloads

Download the tarball from the following sites. The latest release is 2.0.3.


Resources

Project Mailinglist:
freebsd-cvsweb@FreeBSD.org is the mailing list for people discussing the development of the FreeBSD CVSweb. Patches, bug reports and feature requests are welcome. To join the list, follow the instructions - described here.
+ described here.
CVS repository
CVSweb is available through - anonymous CVS pserver. + anonymous CVS pserver. The module name is /projects/cvsweb.
CVSweb on CVSweb
You can browse the CVSweb source via the CVSweb itself here.
&footer; diff --git a/en/projects/newbies.sgml b/en/projects/newbies.sgml index 0aff624238..97191c2f50 100644 --- a/en/projects/newbies.sgml +++ b/en/projects/newbies.sgml @@ -1,250 +1,250 @@ - + %includes; ]> &header;

The following resources are some of those which FreeBSD newbies have found most helpful when learning to use FreeBSD. Please send corrections and additions to FreeBSD-Newbies@FreeBSD.org.

Using the FreeBSD web site

This web site is the main source of up to date information about FreeBSD. Newbies have found the following pages particularly helpful:

Learning about FreeBSD

Learning about UNIX

Many of the problems we have as newbies come from being unfamiliar with the UNIX commands needed to fix our FreeBSD problems. Without a UNIX background you'll be faced with two things to learn at once. Fortunately a lot of resources are available to make this easier.

Learning about the X Window System

The X Window System is used with a number of operating systems, including FreeBSD. The documentation for X can be found at The XFree86 Project, Inc. Beware, much of this documentation is reference material which is likely to be difficult for newcomers to digest.

Helping other people

Everyone has something to contribute to the FreeBSD community, even newbies! Some are busy working with the new advocacy group and some have become involved with the Documentation Project as reviewers. Other FreeBSD newbies might have particular skills and experiences to share, either computer related or not, or just want to meet new newbies and make them feel welcome. There's always people around who help others simply because they like to. Write to FreeBSD Newbies for more information.

Friends who run FreeBSD are a great resource. No book can replace chatting on the phone or across a pizza with someone who has the same interests, enjoys similar accomplishments, and faces the same challenges. If you don't have many friends who use FreeBSD, consider using your old FreeBSD CDs to create some more :-)

User groups are good places to meet other FreeBSD users. If there's not one nearby, maybe you could start one.

Before talking to real humans about your new skills, you might want to check the Pronunciation Guide and the Jargon File :-)

On line we have the FreeBSD-Newbies mailing list for non-technical discussions about matters of interest to newbies. Another mailing list, FreeBSD-Questions, answers our questions about using FreeBSD.

&footer; diff --git a/en/projects/updater.sgml b/en/projects/updater.sgml index 395c35d932..432cdc33aa 100644 --- a/en/projects/updater.sgml +++ b/en/projects/updater.sgml @@ -1,239 +1,239 @@ - + %includes; Done"> In Progress"> Not Started"> ]> &header;

Contents

Goals

The FreeBSD Binary Updater Project aims to provide a secure mechanism for the distribution of binary updates for FreeBSD. This project is complementary to the Open Packages and libh projects efforts and there should be very little overlap.

This system is a client / server mechanism that allows clients to install any known "profile" or release of FreeBSD over the network. Where a specific profile might contain a specific set of FreeBSD software to install, additional packages, and configuration actions that make it more ideal for a specific environment (ie FreeBSD 4.3 Secure Web server profile)

Our current implementation aims to abstract the actual ontology of the FreeBSD software collections so that future development in the direction of a more fine grained base system can be leveraged effectively without unnecessary reimplementation.

Design

"Profiles"

What the user sees as "top level objects" in the upgrade system are canned profiles. A profile can represent a given user's system configuration or a generic system template (web server, mail server, etc) that we provide.

Each profile consists of file entries and/or collection entries. A collection entry represents a grouped set of files like a package or what sysinstall calls a "distribution." Profiles exist on the server machine, though the client can also choose to cache copies for "tripwire" types of activities. Some typical profiles and their contents might look like this:

        [mysystem]                        [web-server]
         bin  4.2                          bin	   4.2
         bash 2.02                         manpages 4.2
         src  4.2                          apache   2.1
         xblaster 1.0
 

A collection can also have a specific version number associated with it or have a "floating" version number, meaning that it tracks whatever's newest for that entity.

Authentication

Users will authenticate with the server via a username / password scheme which allows them to access their custom profiles as well as any system-defined ones.

Binary packages from the server are signed using public key cryptography.

Upgrade Client

The client supports connecting to an upgrade server, authenticating a user, browsing existing profiles or creating new ones and downloading file data and "actions" from the server. New file data will be created in such a way that partial updates do not cause corruption and whole transactions are committed in reasonably atomic fashion.

The client will be implemented in a 3-stage process:

Since a system can also be "upgraded" from a standing start, a next-generation installation tool could take care of the disklabelling filesystem formatting, and network setup then make heavy use of the client library to actually bring up a menu of available software and perform the installation.

Upgrade Server

The server supports connections by arbitrary numbers of clients and authenticating a user (or "anonymous" if the server is configured to support anonymous connections) for determining the available profiles.

Once the server receives a manifest (e.g. a set of collections) from a client machine and a server-side profile name to match it with, it goes looking through each collection to see if a newer version of that collection exists on the server or if there are any change deltas pending against the collection which are greater than the corresponding patchlevel of the collection in the client manifest.

Deltas and/or entire collections are sent to the client for unpacking along with any before/after actions for each delta or collection which should be executed on the client. Once the client has confirmed that all before/after actions and extraction of a given collection has completed successfully, it updates the stored profile and goes on to the next. If the transfer is interrupted at any point, the process can therefore pick up where it left off.

The upgrade server provides local storage for a certain amount of profile data depending on disk space constraints and can also be used as a way of cloning machines. The user installs one machine entirely according to taste and then uploads its profile. Each subsequent machine is installed from this profile and voila, an army of clones.

The server will probably not keep any truly client-side data like /etc/master.passwd or anything else it doesn't offer out of its own collections, but we can leave this decision open for later or make it a configuration option.

Implementation Details

Update Server

The update server is for the most part in a usable state. Information about profiles, collections, and actions are stored in a SQL database. A database abstraction layer talks calls the relevant hooks (MySQL and PostgreSQL supported at the moment) to service client requests. Using a relational database has made it very easy for us to change the organization of the data without spending time rewriting code. As we finalize our data structures it might be more efficient to move to BerkeleyDB or another solution but for now SQL has saved a lot of development time.

The server can be used to successfully install or upgrade a system to FreeBSD 4.X but there is a lot of polishing up to do and many additional features are needed.

Server TODO list :

Update Client

The update client is not currently usable. At the moment, it consists of some code to perform the actual updates, and some quick code to test the various functions of the updater. Also, the client does not currently handle packages. Once this capability has been added, and the various ugly bugs have been worked out, the existing code needs to be turned into a library.

From there, it will possible to easily create an installer as well as an end-user upgrade program, in forms of a text application, an X application, and maybe even big eye candy GNOME and KDE applications as well.

Client TODO list :

Where's the Code?

This project is currently being developed in main FreeBSD CVS repository. Its sources are located under projects/binup hierarchy. You can use the usual methods of retrieving FreeBSD sources to access it. NOTE: cvsup users should use projects-all cvsup collection to access projects under projects/ hierarchy

A mailing list has been setup for this project. Please post all questions, patches, etc to the freebsd-binup@FreeBSD.org mailing list. For instructions on how to subscribe to thsi list, please see the FreeBSD + href="../doc/en_US.ISO8859-1/books/handbook/eresources.html#ERESOURCES-MAIL">FreeBSD Handbook

&footer; diff --git a/en/publish.sgml b/en/publish.sgml index cd488ed2aa..60646b17da 100644 --- a/en/publish.sgml +++ b/en/publish.sgml @@ -1,580 +1,580 @@ + %includes; ]> &header;
FreeBSD Daemon
Here you'll find the covers of many FreeBSD related publications. If you know of any additional FreeBSD publications/CDROMs let us know, at www@FreeBSD.org, so that they may be added to this site. -

The FreeBSD Handbook contains a +

The FreeBSD Handbook contains a considerably longer bibliography.

+ href="doc/en_US.ISO8859-1/books/handbook/bibliography.html">bibliography.

Click on any of the graphics to see a larger version.

Books

book cover This is a recent (May 1997) publication from Tatsumi Hosokawa and others. Among computer books, it is a top-seller in Japan and exceeded the sales of Bill Gates' "The Road Ahead" when published (it was #2, this book was #1).
book cover (Japanese FreeBSD book with 2.0.5, titled "FreeBSD: Fun and easy Installation")
book cover (Japanese FreeBSD book with 2.0.5, titled "FreeBSD Introductory Kit")
book cover This is BSDi's "The Complete FreeBSD" with installation guide, manual pages and installation CDs inside.
book cover This book was recently published (early 1997) in Taiwan. Its title is "FreeBSD: introduction and applications" and the author is Jian-Da Li.
book cover This is the "Getting Started with FreeBSD" from Fuki-Shuppan. Other than the standard installation guide and Japanese environment, it emphasizes system administration and low-level information (such as the boot process, etc.) FreeBSD-2.2.2R and XFree86-3.2 on CDROM. 264 pages, 3,400 yen.
book cover The "Personal Unix Starter Kit - FreeBSD" from ASCII. Includes history of Unix, a guide to build a Japanese documentation processing system and how to create ports. 2.1.7.1R and XFree86-3.2 in CDROM. 384 pages, 3,000 yen.
book cover BSD mit Methode, M. Schulze, B. Roehrig, M. Hoelzer und andere, C&L Computer und Literatur Verlag, 1998, 850 pages. 2 CDROMs, FreeBSD 2.2.6, NetBSD 1.2.1 and 1.3.2, OpenBSD 2.2 and 2.3. DM 98,-.
book cover This is the "FreeBSD Install and utilization manual" from Mainichi Communications. General introduction to FreeBSD from installation to utilization with troubleshooting under the supervision of the user group in Japan. 2.2.7-RELEASE FreeBSD(98)2.2.7-Rev01 PAO and distfiles in CDROM. 472 pages, 3,600yen.
book cover The "FreeBSD User's Reference Manual" from Mainichi Communications, under the supervision of "jpman project", the manual translation project by the user group in Japan. Japanese edition of the section 1 of the FreeBSD manual. 2.2.7-RELEASE FreeBSD(98)2.2.7-Rev01 and PAO in CDROM. 1,040 pages, 3,800yen.
book cover The "FreeBSD System Administrator's Manual" from Mainichi Communications, under the supervision of "jpman project", the manual translation project by the user group in Japan. Japanese edition of the section 5 and 8 of the FreeBSD manual. 756 pages, 3,300yen.
book cover This is "About FreeBSD" from Youngjin.com. It is first FreeBSD book in Korea, and covers several topics from installation to Korean environment. 3.5.1-RELEASE/PAO and 4.1-RELEASE in 3 CDROMs. 788 pages, 26,000 won.
book cover Onno W Purbo, Dodi Maryanto, Syahrial Hubbany, Widjil Widodo: Building Internet Server with FreeBSD (in Indonesia Language), published by Elex Media Komputindo, 2000.
book cover The FreeBSD Handbook 1st Edition is a comprehensive FreeBSD Tutorial and reference. It covers installation, day-to-day use of FreeBSD, and much more. April 2000, BSDi. ISBN 1-57176-241-8
book cover The Complete FreeBSD with CDs, 3rd Ed, FreeBSD 4.2. Everything you ever wanted to know about how to get your computer up and running FreeBSD. Includes 4 CDs containing the FreeBSD operating system! Released: November 2000 ISBN: 1-57176-246-9
book cover The FreeBSD Handbook 2nd Edition is a comprehensive FreeBSD Tutorial and reference. It covers installation, day-to-day use of FreeBSD, and much more. November 2001, Wind River Systems. ISBN 1-57176-303-1

CDROMs

For more about recent releases go to FreeBSD release information page.

CD cover This is InfoMagic's BSDisc, containing FreeBSD 2.0 and NetBSD 1.0 on a single CD. This is the only example I have which had cover art.
CD cover This is the original 4.4 BSD Lite2 release from UC Berkeley, the core technology behind much of FreeBSD.
CD cover The first of Laser5's "BSD" series. Contains FreeBSD-2.0.5R, NetBSD-1.0, XFree86-3.1.1 and FreeBSD(98) kernel.
CD cover The second of Laser5's "BSD" series. From this version, the CDs come in a standard jewel box. Contains FreeBSD-2.1R, NetBSD-1.1, XFree86-3.1.2 and 3.1.2A, and FreeBSD(98) kernel (2.0.5).
CD cover This is the Laser5 Japanese edition of the FreeBSD CDROM. It is a 4 CD set.
CD cover This is the only FreeBSD CD Pacific Hitech produced before merging their product line with that of Walnut Creek CDROM. PHT now also produces the FreeBSD/J (Japanese) CD product.
CD cover This is the cover disc from the Korean magazine. Note the creative cover art! The CD contains the FreeBSD 2.2.1 release with some local additions.
CD cover This is it - the very first FreeBSD CD published! Both the FreeBSD Project and Walnut Creek CDROM were fairly young back then, and you'll probably have little difficulty in spotting the differences in production quality between then and now.
CD cover This was the second FreeBSD CD published by Walnut Creek CDROM and also the very last on the 1.x branch (ref USL/Novell lawsuit and settlement). The next release, FreeBSD 1.1.5, was only available on the net.
CD cover This unusual CD is something of a collector's item now given that almost all existing examples were systematically tracked down and destroyed. An artwork mishap has this CD dated for the wrong year, and on the spine "January" is also misspelled as "Jaunary", just to increase the embarrassment factor. Ah, the perils of turning in one's artwork just hours before leaving for a trade show.
CD cover This is the fixed-up version of the FreeBSD 2.0 CD. Note that the color scheme has even been changed in the corrected version, something unusual for a fixup and perhaps done to distance it from the earlier mistake.
CD cover The FreeBSD 2.0.5 release CD. This was the first CD to feature Tatsumi Hosokawa's daemon artwork.
CD cover The FreeBSD 2.1 release CD. This was the first CD release on the 2.1 branch (the last being 2.1.7).
CD cover The FreeBSD 2.1.5 release CD.
CD cover The FreeBSD 2.1.6 release CD.
CD cover The Japanese version of 2.1.6. This was the first and last Japanese localized version published by WC, responsibility for that product then transitioning to a team led by Tatsumi Hosokawa and sponsored by Pacific Hitech and Laser5.
CD cover The FreeBSD 2.1.7 release CD. Also the last CD released on the 2.1.x branch. Done primarily as a security fixup for 2.1.6
CD cover An early release SNAPshot of 2.2 (done before 2.2.1 was released).
CD cover The FreeBSD 2.2.1 release CD. This was the first CD on the 2.2 branch.
CD cover The FreeBSD 2.2.2 release CD.
CD cover The FreeBSD 3.0 snapshot CD.
CD cover The FreeBSD mailing list and newsgroup archives, turned into HTML and semi-indexed by thread. This product ran for 2 releases and then stopped with a thud once it became obvious that there was simply too much data to deal with on one CD. Perhaps when DVD becomes more popular...
CD cover FreeBSD Toolkit: Six disc set of resources to make your FreeBSD experience more enriching.
CD cover FreeBSD Alpha 4.2 - The full version of the DEC Alpha 64-bit UNIX operating system.
CD cover FreeBSD 4.2: The full version of the PC 32-bit UNIX operating system.
CD cover FreeBSD 4.2 CD-ROM. Lehmanns CD-ROM Edition. January 2001, 4 CD-ROMs. Lehmanns Fachbuchhandlung. Germany. ISBN 3-931253-72-4.
CD cover FreeBSD 4.3 RELEASE CDROM. April 2001, Wind River Systems. ISBN 1-57176-300-7.
CD cover FreeBSD Toolkit: Six disc set of resources to make your FreeBSD experience more enriching. June 2001, Wind River Systems. ISBN 1-57176-301-5.
CD cover FreeBSD 4.4 CD-ROM. Lehmanns CD-ROM Edition. November 2001, 6 CD-ROMs in Jewelcase. Lehmanns Fachbuchhandlung. Germany. ISBN 3-931253-84-8.
CD cover FreeBSD 4.4 RELEASE CDROM. Wind River Systems. September 2001. ISBN 1-57176-304-X.
CD cover FreeBSD 4.5 RELEASE CDROM. February 2002, FreeBSD Mall Inc. ISBN 1-57176-306-6.

Magazines

magazine cover Cover of Korean UNIX magazine, May 1997 issue. Also included FreeBSD 2.2.1 with cover CDs.
magazine cover UNIX User Magazine November 1996 issue. Also included FreeBSD 2.1.5 on cover CD.
magazine cover This is the "FreeBSD Full Course" special in April 1997's Software Design (published by Gijutsu Hyoron Sha). There are 80 pages of FreeBSD articles covering everything from installation to tracking -current.
magazine cover Quality Unix for FREE, by Brett Glass in Sm@rt Reseller Online September 1998
magazine cover This is the "BSD magazine" published by ASCII corporation, the world's first publication specialized in BSD. BSD magazine covers FreeBSD, NetBSD, OpenBSD and BSD/OS. The premiere issue features articles on the history of BSD, installation, and Ports/Packages; it also includes 4 CD-ROMs containing FreeBSD 3.2-RELEASE, NetBSD 1.4.1 and OpenBSD 2.5.

Newsletters

newletter cover This is issue #1 of the FreeBSD Newsletter, published and distributed free of charge by Walnut Creek CDROM.
newsletter cover This is issue #2 of the FreeBSD Newsletter, published and distributed free of charge by Walnut Creek CDROM.
&footer; diff --git a/en/releases/index.sgml b/en/releases/index.sgml index ce3e75852d..4d2a750395 100644 --- a/en/releases/index.sgml +++ b/en/releases/index.sgml @@ -1,265 +1,265 @@ - + %includes; ]> - + &header; FreeBSD Releases

For late-breaking news about FreeBSD, please visit the Newsflash page.

Current Release(s)

Release &rel.current; (June 2002) Announcement : Release Notes : Hardware Notes : Errata

The latest daily release from our FreeBSD-stable branch is +HREF="&base;/doc/en_US.ISO8859-1/books/handbook/current-stable.html#STABLE">FreeBSD-stable branch is also available. Please see Getting FreeBSD for details.

Future Releases

We will continue to bring you new releases from both - our FreeBSD-stable and - FreeBSD-current + our FreeBSD-stable and + FreeBSD-current branches, both as developer's snapshots and as regular full releases. The next scheduled release on the -stable branch will be FreeBSD 4.7 on October 1, 2002. Subsequent releases will follow at 4 month intervals. The first release on what is now the -current branch will be FreeBSD 5.0, scheduled for November 20, 2002.

For more information about the release engineering process, or to see a comprehensive schedule of upcoming releases, please visit the Release Engineering section of this web site.

The release documentation files for FreeBSD-stable and FreeBSD-current are available for viewing in HTML format on the Release Documentation page. These files are rebuilt periodically, and reflect the changing state of FreeBSD's development.

Past Releases

Release Usage Statistics

A snapshot of the current FreeBSD release usage is available at http://www.FreeBSD.org/statistic/release_usage/2002/.

&footer; diff --git a/en/releases/snapshots.sgml b/en/releases/snapshots.sgml index f955842530..d22a4c7903 100644 --- a/en/releases/snapshots.sgml +++ b/en/releases/snapshots.sgml @@ -1,86 +1,86 @@ - + %includes; ]> - + &header;

What are snapshots?

As part of an ongoing effort to improve the overall release process before a release actually slips out the door with problems that make folks mad, we are now periodically producing interim test releases called snapshots. These snapshots will be very similar to full releases, except that they will be somewhat more minimal. In particular, before getting and installing a snapshot release, be aware of following:

Your feedback on these snapshots is, of course, greatly welcome. They are not just for our benefit - those who are coming to rely on FreeBSD for mission critical applications should welcome a chance to get at more updated bits in a structured fashion. You can also use these snapshots as tangible evidence that your feedback is getting incorporated and that you (hopefully) will not have any unpleasant surprises in the next release. On the other hand, if you do send us hate mail next release and it turns out that you never even tried the snapshots, well, it cuts both ways!

Where to find snapshots

-

Snapshots of FreeBSD-current +

Snapshots of FreeBSD-current are available via anonymous FTP from ftp://current.FreeBSD.org/pub/FreeBSD/. The snapshot releases are in directories named in the format REL-YYMMDD-SNAP where `REL' is the release number, `YY' is the year, `MM' is the month, and `DD' is the day the snapshot was released. Each snapshot directory contains a `README' file which outlines the changes for the particular snapshot.

By popular demand, snapshots are also now available for the - FreeBSD-stable branch via anonymous FTP from + FreeBSD-stable branch via anonymous FTP from ftp://releng4.FreeBSD.org/pub/FreeBSD/. The snapshot releases are in directories named in the same manner as -current snapshots, but ending in the keyword RELENG instead of SNAP.

Release Home &footer; diff --git a/en/search/index-site.sgml b/en/search/index-site.sgml index 335a23b306..dd443a2aab 100644 --- a/en/search/index-site.sgml +++ b/en/search/index-site.sgml @@ -1,54 +1,54 @@ - + %includes; ]> &header;

Site Map

&site;

Meta homepages


A-Z Index

&atoz; &footer; diff --git a/en/search/search.sgml b/en/search/search.sgml index a332e29ac7..7098eca1f4 100644 --- a/en/search/search.sgml +++ b/en/search/search.sgml @@ -1,463 +1,463 @@ - + %includes; ]> &header;

FreeBSD Search Services


-

Web pages (including FAQ -and Handbook)

+

Web pages (including FAQ +and Handbook)

Search for:

Note: Use the operators AND or NOT to limit your search. Look here for more hints.


Limit the number of results to


Mailing list archives

The mailing list archive indexes are now updated weekly!

The mailing lists (as well as many others) have also been archived by GeoCrawler.

Search for:

Note: Use the operators AND or NOT to limit your search. Look here for more hints.


Limit the number of results to sort by Search

In archive(s):

Note: Searching more than three or four archives at once may yield inaccurate results.

General Archives

Advocacy FreeBSD Evangelism
Announce Important events / milestones
Chat Random topics (sometimes) related to FreeBSD
Jobs FreeBSD related job announcements and resumes
Newbies New FreeBSD users activities and discussion
Questions General questions
User-Groups A forum for FreeBSD user groups

System Use and Administration

Bugs Reports and discussion of bugs
Cluster Discussions related to using FreeBSD in clustered environments
Hardware Discussions concerning hardware as it relates to FreeBSD
ISP Discussions for ISPs using FreeBSD
Security FreeBSD computer security issues (DES, Kerberos, etc.)
Stable Discussion of the FreeBSD-stable branch of the development tree

Developer

Afs Porting and using AFS (the Andrew File System) from CMU/Transarc
Alpha Porting FreeBSD to the DEC Alpha
Arch Architecture and design discussions
ARM Porting FreeBSD to the StrongArm
ATM Using ATM networking with FreeBSD
Audit Source code audit project
Binup Design and development of the binary update system
Commit Changes made to the FreeBSD source tree
Config Development of FreeBSD installation and configuration tools
Current Use of FreeBSD-current sources
Database Discussing database use and development under FreeBSD
Doc Discussions concerning documentation
Emulation Emulating other systems on FreeBSD
Firewire Design and implementation of a Firewire (aka IEEE 1394 aka iLink) subsystem for FreeBSD
Fs Discussions concerning FreeBSD filesystems
Hackers General technical discussions
I18n FreeBSD Internationalization
ia64 Porting FreeBSD to Intel's upcoming IA64 systems
ipfw Technical discussion concerning the redesign of the IP firewall code
ISDN Development of ISDN support for FreeBSD
Java JDK porting and application development
libh The second generation installation and package system
Multimedia Discussions about FreeBSD as a multimedia platform
Mobile Using FreeBSD in a mobile environment
Mozilla Porting mozilla to FreeBSD
Net Networking discussion and TCP/IP source code
New Bus Technical discussions on Bus Architecture
Platforms Cross-platform FreeBSD issues (non-Intel FreeBSD ports)
Policy FreeBSD core team policy decisions.
Ports Discussions concerning FreeBSD's ports collection
PPC Porting FreeBSD to the PowerPC
QA Discussion of quality assurance issues
Realtime Development of realtime extensions to FreeBSD
SCSI Discussions about FreeBSD's SCSI support
Small Using FreeBSD in embedded applications
SMP FreeBSD on multi-processor platforms
SPARC Porting FreeBSD to the SPARC
Standards FreeBSD Conformance to the C99 and the POSIX standards
Tokenring Support Token Ring in FreeBSD

Limited lists

Hubs People running mirror sites (infrastructural support)
Install Installation system development
WWW Web site maintainers

&footer; diff --git a/en/security/advisories.xml b/en/security/advisories.xml index 764b5f3f82..e89bed45dc 100644 --- a/en/security/advisories.xml +++ b/en/security/advisories.xml @@ -1,676 +1,676 @@ - + %includes; ]> - + &header;

Introduction

This web page is designed to assist both new and experienced users in the area of FreeBSD security. FreeBSD takes security very seriously and is constantly working on making the OS as secure as possible.

Here you will find additional information, or links to information, on how to protect your system against various types of attack, on whom to contact if you find a security-related bug, and so on. There is also a section on the various ways that the systems programmer can become more security conscious so that he is less likely to introduce vulnerabilities.

Table of Contents

The FreeBSD Security Officer Team

To better coordinate information exchange with others in the security community, FreeBSD has a focal point for security related communications: the FreeBSD Security Officer team. The position is staffed by a team of dedicated security officers, whose main tasks are to send out advisories when there are known security holes and to act on reports of possible security problems with FreeBSD.

If you need to contact someone from FreeBSD about a possible security bug, you should therefore send mail to the Security Officer team with a description of what you have found and the type of vulnerability it represents. The Security Officer team also communicates with the various CERT and FIRST teams around the world, sharing information about possible vulnerabilities in FreeBSD or utilities commonly used with FreeBSD. The Security Officers are also active members of those organizations.

If you do need to contact the Security Officer team about a particularly sensitive matter, please use their PGP key to encrypt your message before sending it.

FreeBSD Security Advisories

The FreeBSD Security Officer Team provides security advisories for the following releases of FreeBSD:

At this time, security advisories are being released for:

Older releases are not maintained and users are strongly encouraged to upgrade to one of the supported releases mentioned above.

Like all development efforts, security fixes are first brought into -the FreeBSD-current branch. +the FreeBSD-current branch. After a couple of days and some testing, the fix is retrofitted into the supported FreeBSD-stable branch(es) and an advisory is then sent out.

Some statistics about advisories released during 2000:

Advisories are sent to the following FreeBSD mailing lists:

Advisories are always signed using the FreeBSD Security Officer PGP key and are archived, along with their associated patches, at our FTP CERT repository. At the time of this writing, the following advisories are currently available (note that this list may be a few days out of date - for the very latest advisories please check the FTP site):

FreeBSD 4.6-RELEASE released. FreeBSD 4.5-RELEASE released. FreeBSD 4.4-RELEASE released. FreeBSD 4.3-RELEASE released.

FreeBSD Security Mailing Lists Information

If you are administering or using any number of FreeBSD systems, you should probably be subscribed to one or more of the following lists:

 freebsd-security                General security related discussion
 freebsd-security-notifications  Security notifications (moderated mailing list)
 
Send mail to majordomo@FreeBSD.ORG with
      subscribe <listname>  [<optional address>]
 
in the body of the message in order to subscribe yourself. For example:
 % echo "subscribe freebsd-security" | mail majordomo@FreeBSD.org
 
and if you would like to unsubscribe from a mailing list:
 % echo "unsubscribe freebsd-security" | mail majordomo@FreeBSD.org
 

Secure Programming Guidelines

A useful auditing tool is the its4 port, located in /usr/ports/security/its4/. This is an automated C code auditor which highlights potential trouble-spots in the code. It is a useful first-pass tool, but should not be relied upon as being authoritative, and a complete audit should include human examination of the entire code.

For more information on secure programming techniques and resources, see the How to Write Secure Code resource center.

FreeBSD Security Tips and Tricks

There are several steps one must take to secure a FreeBSD system, or in fact any Unix system:

There is also a FreeBSD Security How-To available which provides some advanced tips on how to improve security of your system. You can find it at http://www.FreeBSD.org/~jkb/howto.html.

Security is an ongoing process. Make sure you are following the latest developments in the security arena.

What to do when you detect a security compromise

Other Related Security Information

&footer diff --git a/en/security/security.sgml b/en/security/security.sgml index 764b5f3f82..e89bed45dc 100644 --- a/en/security/security.sgml +++ b/en/security/security.sgml @@ -1,676 +1,676 @@ - + %includes; ]> - + &header;

Introduction

This web page is designed to assist both new and experienced users in the area of FreeBSD security. FreeBSD takes security very seriously and is constantly working on making the OS as secure as possible.

Here you will find additional information, or links to information, on how to protect your system against various types of attack, on whom to contact if you find a security-related bug, and so on. There is also a section on the various ways that the systems programmer can become more security conscious so that he is less likely to introduce vulnerabilities.

Table of Contents

The FreeBSD Security Officer Team

To better coordinate information exchange with others in the security community, FreeBSD has a focal point for security related communications: the FreeBSD Security Officer team. The position is staffed by a team of dedicated security officers, whose main tasks are to send out advisories when there are known security holes and to act on reports of possible security problems with FreeBSD.

If you need to contact someone from FreeBSD about a possible security bug, you should therefore send mail to the Security Officer team with a description of what you have found and the type of vulnerability it represents. The Security Officer team also communicates with the various CERT and FIRST teams around the world, sharing information about possible vulnerabilities in FreeBSD or utilities commonly used with FreeBSD. The Security Officers are also active members of those organizations.

If you do need to contact the Security Officer team about a particularly sensitive matter, please use their PGP key to encrypt your message before sending it.

FreeBSD Security Advisories

The FreeBSD Security Officer Team provides security advisories for the following releases of FreeBSD:

At this time, security advisories are being released for:

Older releases are not maintained and users are strongly encouraged to upgrade to one of the supported releases mentioned above.

Like all development efforts, security fixes are first brought into -the FreeBSD-current branch. +the FreeBSD-current branch. After a couple of days and some testing, the fix is retrofitted into the supported FreeBSD-stable branch(es) and an advisory is then sent out.

Some statistics about advisories released during 2000:

Advisories are sent to the following FreeBSD mailing lists:

Advisories are always signed using the FreeBSD Security Officer PGP key and are archived, along with their associated patches, at our FTP CERT repository. At the time of this writing, the following advisories are currently available (note that this list may be a few days out of date - for the very latest advisories please check the FTP site):

FreeBSD 4.6-RELEASE released. FreeBSD 4.5-RELEASE released. FreeBSD 4.4-RELEASE released. FreeBSD 4.3-RELEASE released.

FreeBSD Security Mailing Lists Information

If you are administering or using any number of FreeBSD systems, you should probably be subscribed to one or more of the following lists:

 freebsd-security                General security related discussion
 freebsd-security-notifications  Security notifications (moderated mailing list)
 
Send mail to majordomo@FreeBSD.ORG with
      subscribe <listname>  [<optional address>]
 
in the body of the message in order to subscribe yourself. For example:
 % echo "subscribe freebsd-security" | mail majordomo@FreeBSD.org
 
and if you would like to unsubscribe from a mailing list:
 % echo "unsubscribe freebsd-security" | mail majordomo@FreeBSD.org
 

Secure Programming Guidelines

A useful auditing tool is the its4 port, located in /usr/ports/security/its4/. This is an automated C code auditor which highlights potential trouble-spots in the code. It is a useful first-pass tool, but should not be relied upon as being authoritative, and a complete audit should include human examination of the entire code.

For more information on secure programming techniques and resources, see the How to Write Secure Code resource center.

FreeBSD Security Tips and Tricks

There are several steps one must take to secure a FreeBSD system, or in fact any Unix system:

There is also a FreeBSD Security How-To available which provides some advanced tips on how to improve security of your system. You can find it at http://www.FreeBSD.org/~jkb/howto.html.

Security is an ongoing process. Make sure you are following the latest developments in the security arena.

What to do when you detect a security compromise

Other Related Security Information

&footer diff --git a/en/smp/index.sgml b/en/smp/index.sgml index d37639fcef..4c557c2364 100644 --- a/en/smp/index.sgml +++ b/en/smp/index.sgml @@ -1,1671 +1,1671 @@ - + %includes; Done"> In progress"> Stalled"> Not Started"> Resolved"> Unresolved"> %developers; ]> &header;

Contents

Project Goal

The FreeBSD SMP project, often referred to as SMPng (SMP next generation), is focused on implementing fine-grained SMP support for the FreeBSD 5.0 kernel (scheduled for November 2002). Due to FreeBSD's history, this is much like trying to fit a square peg into a round hole, and as such, the intermediate results aren't pretty in many ways. We are specifically not attempting to rewrite the kernel from scratch, nor are we on a crusade to fix all the architectural nits currently present in the kernel. In fact, we expect to leave a trail of architectural nits that will still be evident in many ways when FreeBSD 5.0 is released. This is a pragmatic project rather than a theoretical one; we need to have the kernel working and stable in under a year, so time restraints require that we be realistic about what to do when.

Project Plan

This web page contains information related to the effort to improve SMP support in FreeBSD. In general, this project uses what it can from the BSD/OS 5.0 development kernel, and re-implements what cannot be directly used due to divergence in the code bases.

As with any free software project, a detailed schedule is not possible. We expect to have significant performance and stability issues that need to be worked through over the first several months of the project, though every effort will be made to keep -current running as well as possible.

The task list below is not intended to be complete, but does represent a set of relevant and/or important components of the overall work. The "Responsible" field identifies a developer who has expressed willingness to be responsible for completing the identified task; this doesn't preclude others working on it, but suggests that coordination with the responsible party might be appropriate so as to avoid unnecessary duplication of work, and to maximize forward progress. If beginning work on a new area of substantial size, or one that appears unclaimed, it may be worth dropping an e-mail to the FreeBSD SMP mailing list to see if any progress has been made.

The definition of the date field varies depending on the status of a task. For completed tasks, it refers to the date completed or reported completed. For in-progress tasks, it refers to the date of the last update of the entry. For stalled tasks, it refers to the date that the task was declared stalled. For new tasks, it refers to the date the task was added to the list.

Tasks are sorted first by status, then by date.

Resources and Links

Status

Following is an incomplete list of general tasks.

Task Responsible Last updated Status
Convert the giant lock from spinning to blocking, add the scheduler lock, add per-CPU idle processes. &a.dillon; 25 June 2000 &status.done;
Port the BSD/OS locking primitives (i386). &a.jake; 3 July 2000 &status.done;
Implement heavy-weight interrupt threads (i386). &a.grog; 3 August 2000 &status.done;
Rewrite the low level interrupt code (i386 UP). &a.grog; 3 August 2000 &status.done;
Demonstrated reasonable stability (self-hosted buildworld) (i386 UP). -smp developers 12 August 2000 &status.done;
Port the BSD/OS locking primitives (alpha). &a.dfr; 24 August 2000 &status.done;
Stub out (disable) spl()s. &a.grog; 30 August 2000 &status.done;
Port the BSD/OS ktr code. &a.grog;, &a.jhb; 30 August 2000 &status.done;
Rewrite the low level interrupt code (i386 SMP). &a.jhb; 1 September 2000 &status.done;
Demonstrated reasonable stability (self-hosted buildworld) (i386 SMP). -smp developers 6 September 2000 &status.done;
Demonstrated reasonable stability (self-hosted buildworld) (alpha). -smp developers 6 September 2000 &status.done;
Make malloc and friends thread-safe. &a.jasone; 10 September 2000 &status.done;
Implement msleep(), make tsleep() an msleep() wrapper. &a.jake; 11 September 2000 &status.done;
Make fxp driver thread-safe. &a.cp; 17 September 2000 &status.done;
Make mbuf's thread-safe. &a.bmilekic; 29 September 2000 &status.done;
Lock manager re-work. &a.jasone; 3 October 2000 &status.done;
Implement heavy-weight interrupt threads (alpha). &a.jhb;, &a.dfr; 5 October 2000 &status.done;
Rewrite the low level interrupt code (alpha). &a.dfr;, &a.jhb; 5 October 2000 &status.done;
Process accounting. &a.tegge;, &a.jhb; 5 October 2000 &status.done;
Make ethernet drivers thread-safe. &a.wpaul; 15 October 2000 &status.done;
Make the mutex headers mostly machine-independent. &a.jhb; 20 October 2000 &status.done;
Rename SMP_DEBUG to MUTEX_DEBUG. &a.jhb; 20 October 2000 &status.done;
Give each soft interrupt its own thread. &a.cp; 25 October 2000 &status.done;
Make sf_bufs (sendfile(2)) thread-safe. &a.bmilekic; 5 November 2000 &status.done;
Make the witness code work correctly. &a.jhb; 18 November 2000 &status.done;
Split the ktr-specific code out of db_interface.c. &a.jhb; 15 December 2000 &status.done;
Convert the sio driver to using a spin mutex. &a.jhb; 18 December 2000 &status.done;
Implement condition variables. &a.jake;, &a.jasone; 15 January 2001 &status.done;
Add a flag to mtx_init() (MTX_RECURSE) that denotes whether a mutex is allowed to recurse. &a.bmilekic; 19 January 2001 &status.done;
Make the zone allocator thread-safe. &a.des; 21 January 2001 &status.done;
Convert simplelocks to mutexes. &a.jasone; 24 January 2001 &status.done;
Make kernel preemptive with respect to interrupts. &a.jake; 31 January 2001 &status.done;
Cleanup of mutex API. &a.bmilekic; 8 February 2001 &status.done;
Remove COM_LOCK. &a.markm; 11 February 2001 &status.done;
Merge various scheduling classes into one run queue. Modify scheduler to support preemptable kernel. &a.jake; 11 February 2001 &status.done;
Make priority propagation work correctly. &a.jake; 11 February 2001 &status.done;
Make most of the interrupt thread code MI and shared between hardware and software interrupts. &a.jhb; 18 February 2001 &status.done;
Add protection to struct jail and jail-related functionality. &a.rwatson; 20 February 2001 &status.done;
Implement sx (shared/exclusive) locks. &a.jasone; 5 March 2001 &status.done;
Generalize/improve witness to handle more complex locking primitives (mtx, sx). &a.jhb; 28 March 2001 &status.done;
Convert the allproc and proctree locks from lockmgr locks to sx locks. &a.jhb; 28 March 2001 &status.done;
Make mbuf system use condition variables instead of msleep()/wakeup(). &a.bmilekic; 2 April 2001 &status.done;
Remove <sys/mutex.h> includes from other kernel headers such as <vm/vm_zone.h>, <sys/resourcevar.h>, <sys/ucred.h>, and <sys/mbuf.h>. &a.markm; 15 May 2001 &status.done;
Cleanup the various mp_machdep.c's, unify various SMP API's such as IPI delivery, etc. &a.jhb; 15 May 2001 &status.done;
Make most of the forward_* and forwarded_* functions MI. &a.jhb; 15 May 2001 &status.done;
Complete the MD support for SMP on the Alpha platform. &a.gallatin;, &a.dfr;, &a.jhb; 15 May 2001 &status.done;
Convert select() to use condition variables. &a.tanimura; 15 May 2001 &status.done;
Add a "giant" lock around the VM subsystem. &a.alfred; 13 June 2001 &status.done;
Introduce a modified slab allocator for the mbuf subsystem. &a.bmilekic; 21 June 2001 &status.done;
Add a witness_assert() function to handle lock assertions. &a.jhb; 27 June 2001 &status.done;
Extend sx locks to support try lock operations. &a.jhb; 27 June 2001 &status.done;
Document KTR. &a.jhb; 28 June 2001 &status.done;
Make fork_return, fork_exit, ast, and userret MI. &a.jhb; 29 June 2001 &status.done;
Make sched_lock's savecrit a per-process property saved and restored in mi_switch and initialized in fork_exit. &a.jhb; 30 June 2001 &status.done;
Make ast() loop. &a.jhb; 10 August 2001 &status.done;
Add upgrade/downgrade sx lock operations. Alexander Kabaev, &a.jasone; 13 August 2001 &status.done;
Implement semaphores. &a.jasone; 14 August 2001 &status.done;
Add support for upgrade/downgrades in witness. &a.jhb; 23 August 2001 &status.done;
Make most of cpu_wait() and cpu_exit() MI. &a.peter; 9 September 2001 &status.done;
Split NFS into client and server. &a.peter; 18 Oct 2001 &status.done;
Lock taskqueues. &a.arr;, &a.jhb; 25 October 2001 &status.done;
Add a per-thread ucred reference. &a.jhb; 25 October 2001 &status.done;
Make most of the per-CPU stuff MI. &a.jhb; 11 December 2001 &status.done;
Make critical section saved state per-thread instead of per-lock so that interlocking spin locks work properly. &a.jhb; 17 December 2001 &status.done;
Replace the APIC-specific imen_mtx with a MI-named icu_lock to protect interrupt controllers and associated data within the kernel for both i386 and alpha. &a.jhb; 20 December 2001 &status.done;
Use the per-thread critical section nesting level in the mutex and interrupt thread code to automatically determine when to not preempt. This makes the MTX_NOSWITCH, SWI_SWITCH, and SWI_NOSWITCH flags obsolete as the kernel will be able to figure out the proper behavior on its own. &a.jhb; 5 January 2002 &status.done;
Lock struct filedesc and struct file. &a.tanimura;, &a.alfred; 12 January 2002 &status.done;
Lock struct pgrp, struct session, and struct sigio. &a.tanimura; 23 February 2002 &status.done;
Lock pipe implementation, but not sigio/fown, VM interactions &a.alfred; 27 February 2002 &status.done;
Move to explicit reference counting for soft vnode references. &a.phk; 8 March 2002 &status.done;
Initialize mutex pools early enough that sx locks can be used for VM. &a.green; 14 March 2002 &status.done;
Place a global lock (sellock) around selinfo structures to fix a variety of lock order reversals, and make select() MP-safe. &a.alfred;, &a.davidc; 14 March 2002 &status.done;
Push down Giant on read, write, pread, pwrite system calls, acquiring Giant in the per-subsystem fileop layer for sockets, VFS, etc. &a.alfred; 15 March 2002 &status.done;
Lock down kernel module structures. &a.arr; 18 March 2002 &status.done;
Lock down kernel linker globals. &a.arr; 18 March 2002 &status.done;
Rewrite kernel memory allocator to be a slab allocator that uses per-cpu caches. &a.jeff; 21 March 2002 &status.done;
Replace incorrect use of MD critical section API to disable interrupts with a specific interrupt disable API. &a.imp;, &a.dfr;, &a.benno;, &a.jhb; 21 March 2002 &status.done;
Lock down access to the shared p_args "process arguments" structure through appropriate protection of that structure and references to it. &a.mini; 31 March 2002 &status.done;
Move from flags/tsleep lock to sx locks to protect sysctl tree from updates during sysctl operations. &a.mini; 1 April 2002 &status.done;
Create/port userland tool to manage KTR event dumps. &a.jake; 1 April 2002 &status.done;
Create MTX_SYSINIT and SX_SYSINIT macros that allow for initializing locks that are subsystem independent. &a.arr; 2 April 2002 &status.done;
Lock down the global securelevel variable. &a.arr; 2 April 2002 &status.done;
Make grow_stack() MI. Possibly even a macro or inline. &a.alc; 6 April 2002 &status.done;
Lock use of p_fd, which otherwise can result in corrupted p_fd panics during heavy operation. Start with a global, and move to per-proc locking. &a.alfred;, &a.tanimura; 8 April 2002 &status.done;
Lock struct pargs. &a.mini; 9 April 2002 &status.done;
Make {o,}sigreturn() MPSAFE. &a.alc; 11 April 2002 &status.done;
Rewrite kernel memory allocator so that Giant is not required for malloc() or free(). &a.jeff; 2 May 2002 &status.done;
Replace complex shared/exclusive locking scheme in the VM system with a purely exclusive lockmgr locking scheme, simplifying locking and removing potential livelock/deadlock scenarios. &a.green;, &a.alc; 3 May 2002 &status.done;
Push down Giant into readv/writev system calls in style of read/write/pread/pwrite once malloc no longer requires Giant in the handling of iovec structures for uio. &a.alc; 9 May 2002 &status.done;
Push down Giant in mprotect(), minherit(), and madvise() so that it is no longer acquired and released directly. &a.alc; 18 May 2002 &status.done;
Update suser() and p_can*() APIs to accept threads instead of processes. &a.jhb; 18 May 2002 &status.done;
Broadly transition to td_ucred from p_ucred once KSE dependencies are in place. &a.jhb; 18 May 2002 &status.done;
Add a witness_sleep() check to uma_zalloc() to catch code calling malloc() or uma_zalloc() while holding non-sleepable locks. &a.jhb; 20 May 2002 &status.done;
Optimize UP support by changing spin locks to only perform critical section enter and exits. &a.jhb; 21 May 2002 &status.done;
Make sleep mutexes spin if the current lock holder is executing on another CPU. &a.jhb; 21 May 2002 &status.done;
Add support for the IA32 pause instruction to spin loops in locks. &a.jhb; 21 May 2002 &status.done;
Make KTRACE write into tracefiles asynchronously. &a.jhb; 7 June 2002 &status.done;
Remove Giant from jail(2). &a.arr; 25 June 2002 &status.done;
Remove Giant from modnext(2), modfnext(2), modstat(2),and modfind(2). &a.arr; 25 June 2002 &status.done;
Lock struct proc. &a.jhb; 20 February 2001 &status.wip;
Make the kernel fully preemptive. &a.jhb; 7 September 2001 &status.wip;
Lock down the tty subsystem. Dick Garner, Jeremy Scofield, &a.tmm; 2 April 2002 &status.wip;
Fix clock locking to be the same on all platforms. &a.jhb; 16 November 2001 &status.wip;
Implement lazy interrupt thread switching (context stealing) on i386. &a.bmilekic; 4 January 2002 &status.wip;
Fix synchronization of TLB flushes and invlpg() on x86 SMP. &a.peter; 4 January 2002 &status.wip;
Lock pipe implementation: sigio/fown-related evil &a.alfred; 27 February 2002 &status.wip;
Make use of process locking and process reference counting to protect debugging interfaces (and procfs). &a.jhb; 27 February 2002 &status.wip;
Make use of process locking to protect process monitoring sysctls, including those employed by 'ps' and related tools. &a.jhb; 27 February 2002 &status.wip;
Lock down TrustedBSD MAC implementation. &a.rwatson; 27 February 2002 &status.wip;
Lock down newbus infrastructure to support driver fine-graining. &a.imp; 28 February 2002 &status.wip;
Remove the MP safe syscall flag from the syscall table and add explicit mtx_lock/unlock's of Giant to all syscalls. &a.dillon;, &a.mux; 28 February 2002 &status.wip;
SMPng architecture document. &a.jhb; 28 February 2002 &status.wip;
Move to shared lock for VOP_GETATTR() to reduce blocking during frequent lightweight VFS operations. Modify namei() to provide a LOOKUP_SHARED flag to indicate when the lock required may be shared instead of exclusive. &a.jeff; 11 March 2002 &status.wip;
Create mutex profiling tool for the kernel so as to measure contention and behavior of kernel mutexes. &a.eivind;, &a.des; 31 March 2002 &status.wip;
Lock eventhandlers. &a.msmith;, &a.mini; 8 April 2002 &status.wip;
Lock sysctl hierarchy and access methods. &a.mini; 9 April 2002 &status.wip;
Document existing vm_map locking and verify it's correctness. &a.alc; 18 May 2002 &status.wip;
Document existing vm_object locking and verify it's correctness. &a.alc; 4 May 2002 &status.wip;
Implement generic turnstiles to use when blocking on non-sleepable locks. &a.jhb; 23 May 2002 &status.wip;
Create mechanism in cdevsw structure to protect thread-unsafe drivers. &a.jhb; 15 May 2001 &status.stalled;
Make printf() safe to call in almost any situation to avoid deadlocks. &a.cp; 15 May 2001 &status.stalled;
Add locking to NFS.   15 May 2001 &status.new;
Remove priority argument from tsleep(), msleep(), cv_*wait*().   12 January 2001 &status.new;
Reimplement kqueue using condition variables. &a.jlemon; 15 March 2001 &status.new;
Conditionalize atomic ops in the SMP code that are used for debugging statistics. &a.peter; 15 March 2001 &status.new;
Add a new witness check for exiting processes to verify that an exiting process holds no locks. &a.jhb; 13 June 2001 &status.new;
Make cpu_coredump MI.   13 June 2001 &status.new;
Specify priorities for condition variables, semaphores, and sx locks.   7 September 2001 &status.new;
Fix SIGXPU and other #if 0'd things in mi_switch().   7 September 2001 &status.new;
Axe schedpu() in favor of event driven priority updates as much as possible.   7 September 2001 &status.new;
Fix PHOLD() so that it blocks to guarantee PS_INMEM.   7 September 2001 &status.new;
Fix *hold (e.g. crhold) to return reference to object.   7 September 2001 &status.new;
Fix various procfs_machdep.c to use PHOLD, not sched_lock.   7 September 2001 &status.new;
Add witness checking for lockmgr locks.   7 September 2001 &status.new;
Add ICU spin locks on ia64.   4 January 2002 &status.new;
Fast-path push-down of Giant for VOP_READ() and VOP_WRITE().   25 February 2002 &status.new;
Lock contention measurement tool to measure heat of various locks, including Giant, and permit more directed performance and locking strategy optimization.   25 February 2002 &status.new;
Push the grabbing of Giant into Linux i386 ABI system calls.   25 February 2002 &status.new;
Push the grabbing of Giant into Linux AXP ABI system calls.   25 February 2002 &status.new;
Push the grabbing of Giant into SVR4 i386 ABI system calls.   25 February 2002 &status.new;
Push the grabbing of Giant into OSF/1 AXP ABI system calls.   25 February 2002 &status.new;
Push the grabbing of Giant into IBCS i386 ABI system calls.   25 February 2002 &status.new;
Lock pipe implementation: VM optimizations.   27 February 2002 &status.new;
Document in-vnode locking strategy, clean it up, remove interlock, switch to sx locks. &a.jeff; 27 February 2002 &status.new;
Review locking strategy and correctness of VFS operations and fix up various failure modes associated with enabling VFS locking assertions. &a.jeff; 27 February 2002 &status.new;
Switch from using lockmgr in VM to using a mutex or exclusive sxlock. Push down Giant on all VM except for vm_object/VFS and vm_page/pmap components. &a.green;, &a.alc; 18 March 2002 &status.new;
Expand mutex profiling tool to also profile sx locks. &a.eivind;, &a.des; 1 April 2002 &status.new;
Implement atomic_fetchadd() for int's and long's with acq and rel versions.   23 May 2002 &status.new;
Implement a simple reference count API using atomic operations and use this to replace locks that just protect a reference count.   23 May 2002 &status.new;
Implement a sleep queue abstraction to be used by both msleep() and condition variables. This new abstraction should use a hash table of sleep queues with a spin lock on each sleep queue chain similar to turnstile chain locks to make sched_lock finger grained. &a.jhb; 23 May 2002 &status.new;
Add a witness_sleep() check to copyin/out() and s/fuword(). &a.jhb; 7 June 2002 &status.new;
Split witness_lock() into witness_checkorder() and witness_lock(). witness_checkorder() would be called before acquiring a lock to increase the changes of detecting and warning about a reversal prior to deadlocking. witness_lock() would simply update witness' internal state to note that a lock has been acquired. &a.jhb; 7 June 2002 &status.new;
Lock down linker_file_t structures in the kernel linker. &a.arr; 19 June 2002 &status.wip;

This table lists the todo subtasks for multithreading the network stack.

Task Responsible Last updated Status
Protect network interface queues. &a.jlemon; 24 November 2000 &status.done;
Lock down struct socket. &a.tanimura; 21 April 2002 &status.wip;
Lock down struct inpcb. &a.hsu; 29 April 2002 &status.wip;
Lock struct ifnet.   19 January 2001 &status.new;
Reduce contention upon locking a socket buffer by replacing tsleep() and wakeup() with a condvar. &a.tanimura; 21 April 2002 &status.new;

Known Issues

Issue Last updated Status
Idle processor time is not charged to the idle processes. 20 September 2000 &status.resolved;
microuptime creeps backwards. 4 October 2000 &status.resolved;
microuptime() went backwards 4 October 2000 &status.resolved;
Process accounting is not accurate (the more CPUs, the closer to correct it is). 5 October 2000 &status.resolved;
M_DEVBUF is probably the wrong memory pool for interrupt stuff and we should think about creating a new malloc pool for that stuff. 9 February 2001 &status.resolved;
PC card eject panics due to a race condition in the interrupt thread code. 15 March 2001 &status.resolved;
SMP x86 boxes are seeing NCPU * 100 clk interrupts and NCPU * 128 rtc interrupts. 15 May 2001 &status.resolved;
Witness will infinitely recurse when it acquires Giant after sleeping with a sleepable lock. 27 June 2001 &status.resolved;
Serial gdb does not work if boot_ddb and boot_gdb options are specified. 5 September 2000 &status.unresolved;
Serial gdb does not work at 115200 baud. 5 September 2000 &status.unresolved;
Profiling is broken. 20 February 2001 &status.unresolved;
jail_sysvipc_allowed is checked in an unsafe manner in the SYSV IPC syscalls. 5 March 2002 &status.unresolved;
Serial gdb never regains control once 'cont' has been entered. 25 March 2002 &status.unresolved;

News

The remainder of this page is structured as a reverse-chronological log.

13 January 2002 15 May 2001 22 March 2001 5 March 2001 24 January 2001 12 January 2001 11 October 2000 8 September 2000 6 September 2000 5 September 2000 1 September 2000 30 August 2000 12 August 2000 3 August 2000 6 July 2000 5 July 2000 3 July 2000 26 June 2000 25 June 2000 19 June 2000 &footer; diff --git a/en/support.sgml b/en/support.sgml index 97e5d07c3d..76f0f8634d 100644 --- a/en/support.sgml +++ b/en/support.sgml @@ -1,982 +1,982 @@ + %includes; ]> &header;

Mailing lists

-

Mailing +

Mailing lists are the primary support channel for FreeBSD users, with numerous mailing lists covering different topic areas. When in doubt about what list to post a question to, post to freebsd-questions@FreeBSD.ORG. You can browse or search the mailing list archives at www.FreeBSD.org.

The FreeBSD Conspectus is a summary of some of the mailing lists produced each week, giving you an at-a-glance overview of recent discussions and decisions.

Several non-English mailing lists are also available:

If you create other FreeBSD mailing lists, let us know about them.

Newsgroups

There are a few FreeBSD specific newsgroups, along with + href="doc/en_US.ISO8859-1/books/handbook/eresources-news.html">newsgroups, along with numerous other newsgroups on topics of interest to FreeBSD users, though the mailing lists remain the most reliable way to get in touch with the FreeBSD developers. For miscellaneous FreeBSD discussion, see comp.unix.bsd.freebsd.misc. For important announcements, see comp.unix.bsd.freebsd.announce.

The BSD Usenet News Searcher have archives of all BSD-related Usenet newsgroups from June 1992 onwards.

IRC

While #freebsd channels exist on various IRC networks, the FreeBSD project does not control them or endorse IRC as a support medium. You may be ignored, insulted, or kicked out if you ask questions on any channel in IRC, though you may have slightly better luck in channels named #freebsdhelp where such exist. If you want to try these or any other channels on IRC, it is nonetheless at your own risk and any complaints about conduct on those channels should not be directed to the FreeBSD project. See also - the FAQ entry for + the FAQ entry for more information.

WEB Resources

Problem Report Database

Current FreeBSD problem reports are tracked using the GNATS database.

A FreeBSD problem report (PR) is not necessarily a bug with FreeBSD itself. In some cases it may be reporting a mistake in the documentation (which could be a simple typo). In other cases it may be a 'wishlist' item that the submitter would like to see incorporated in to FreeBSD. In many cases a PR contains a port which has been prepared for inclusion in the FreeBSD Ports and Packages collection.

Problem reports start 'open', and are closed as the issue they report is resolved. In addition, each PR is assigned a unique tracking ID to ensure that it is not lost. Many FreeBSD changes include the tracking ID of the PR that prompted the change.

Problem reports may also be submitted to the development team using the send-pr(1) command on a FreeBSD system, using this web based submission form, or by sending an email message to freebsd-bugs@FreeBSD.ORG. Please note that send-pr is preferred since messages sent to the mailing list are not tracked as official problem reports, and may get lost in the noise!

Before submitting a problem report, you might find it useful to read the Writing FreeBSD Problem Reports article. This article describes when you should submit a problem report, what you are expected to include in one, and what the best way to submit your problem report is.

CVS Repository

CVS (the Concurrent Version System) is the tool we use for keeping our sources under control. Every change (with accompanying log message explaining its purpose) from FreeBSD 2.0 to the present is stored here, and can be easily viewed from here (click on the link). To obtain a complete copy of the FreeBSD CVS repository or any of the development branches inside it, you may choose any one of following options:

Mirrors of the CVS Repository cgi script are available in California, Germany, Japan and Spain (English, Spanish).

User Groups

FreeBSD's widespread popularity has spawned a number of user groups around the world. If you know of a FreeBSD user group not listed here, let us know about it.

Australia

Europe

North America

Rest of the world

FreeBSD Development Projects

In addition to the mainstream development path of FreeBSD, a number of developer groups are working on the cutting edge to expand FreeBSD's range of applications in new directions.

FreeBSD Security Guide

Security resources available to FreeBSD users: PGP Key for Security Officers, advisories, patches and mailing lists.

Commercial Consulting Services

Whether you are just starting out with FreeBSD, or need to complete a large project, a consultant or two might be your answer.

General Unix Information

The X Window System

Hardware

Related Operating System Projects

&footer; diff --git a/en/usergroups.sgml b/en/usergroups.sgml index 97e5d07c3d..76f0f8634d 100644 --- a/en/usergroups.sgml +++ b/en/usergroups.sgml @@ -1,982 +1,982 @@ + %includes; ]> &header;

Mailing lists

-

Mailing +

Mailing lists are the primary support channel for FreeBSD users, with numerous mailing lists covering different topic areas. When in doubt about what list to post a question to, post to freebsd-questions@FreeBSD.ORG. You can browse or search the mailing list archives at www.FreeBSD.org.

The FreeBSD Conspectus is a summary of some of the mailing lists produced each week, giving you an at-a-glance overview of recent discussions and decisions.

Several non-English mailing lists are also available:

If you create other FreeBSD mailing lists, let us know about them.

Newsgroups

There are a few FreeBSD specific newsgroups, along with + href="doc/en_US.ISO8859-1/books/handbook/eresources-news.html">newsgroups, along with numerous other newsgroups on topics of interest to FreeBSD users, though the mailing lists remain the most reliable way to get in touch with the FreeBSD developers. For miscellaneous FreeBSD discussion, see comp.unix.bsd.freebsd.misc. For important announcements, see comp.unix.bsd.freebsd.announce.

The BSD Usenet News Searcher have archives of all BSD-related Usenet newsgroups from June 1992 onwards.

IRC

While #freebsd channels exist on various IRC networks, the FreeBSD project does not control them or endorse IRC as a support medium. You may be ignored, insulted, or kicked out if you ask questions on any channel in IRC, though you may have slightly better luck in channels named #freebsdhelp where such exist. If you want to try these or any other channels on IRC, it is nonetheless at your own risk and any complaints about conduct on those channels should not be directed to the FreeBSD project. See also - the FAQ entry for + the FAQ entry for more information.

WEB Resources

Problem Report Database

Current FreeBSD problem reports are tracked using the GNATS database.

A FreeBSD problem report (PR) is not necessarily a bug with FreeBSD itself. In some cases it may be reporting a mistake in the documentation (which could be a simple typo). In other cases it may be a 'wishlist' item that the submitter would like to see incorporated in to FreeBSD. In many cases a PR contains a port which has been prepared for inclusion in the FreeBSD Ports and Packages collection.

Problem reports start 'open', and are closed as the issue they report is resolved. In addition, each PR is assigned a unique tracking ID to ensure that it is not lost. Many FreeBSD changes include the tracking ID of the PR that prompted the change.

Problem reports may also be submitted to the development team using the send-pr(1) command on a FreeBSD system, using this web based submission form, or by sending an email message to freebsd-bugs@FreeBSD.ORG. Please note that send-pr is preferred since messages sent to the mailing list are not tracked as official problem reports, and may get lost in the noise!

Before submitting a problem report, you might find it useful to read the Writing FreeBSD Problem Reports article. This article describes when you should submit a problem report, what you are expected to include in one, and what the best way to submit your problem report is.

CVS Repository

CVS (the Concurrent Version System) is the tool we use for keeping our sources under control. Every change (with accompanying log message explaining its purpose) from FreeBSD 2.0 to the present is stored here, and can be easily viewed from here (click on the link). To obtain a complete copy of the FreeBSD CVS repository or any of the development branches inside it, you may choose any one of following options:

Mirrors of the CVS Repository cgi script are available in California, Germany, Japan and Spain (English, Spanish).

User Groups

FreeBSD's widespread popularity has spawned a number of user groups around the world. If you know of a FreeBSD user group not listed here, let us know about it.

Australia

Europe

North America

Rest of the world

FreeBSD Development Projects

In addition to the mainstream development path of FreeBSD, a number of developer groups are working on the cutting edge to expand FreeBSD's range of applications in new directions.

FreeBSD Security Guide

Security resources available to FreeBSD users: PGP Key for Security Officers, advisories, patches and mailing lists.

Commercial Consulting Services

Whether you are just starting out with FreeBSD, or need to complete a large project, a consultant or two might be your answer.

General Unix Information

The X Window System

Hardware

Related Operating System Projects

&footer; diff --git a/en/where.sgml b/en/where.sgml index bc6d7b0bb9..63bcbce8bf 100644 --- a/en/where.sgml +++ b/en/where.sgml @@ -1,138 +1,138 @@ + %includes; ]> &header;

Release Information

Detailed descriptions of past, present, and future releases. Look here first to determine what the latest version of FreeBSD is.

-

Installing FreeBSD

+

Installing FreeBSD

There are many options for installing FreeBSD, including installation from CDROM, floppy disk, an MS-DOS partition, magnetic tape, anonymous ftp, and NFS. Please read through the installation guide before downloading + href="doc/en_US.ISO8859-1/books/handbook/install.html">installation guide before downloading the entire FreeBSD distribution. If you are installing on a machine connected to the Internet, you may only need to download a single installation disk image!

Distribution Sites

The official sources for FreeBSD are:

If you plan on getting FreeBSD via ftp, please check the listing of mirror sites in the + href="doc/en_US.ISO8859-1/books/handbook/mirrors.html">mirror sites in the handbook to see if there is a site closer to you. For more information about past, present and future releases in general, please visit the release information page.

If you're interested in a purely experimental snapshot release of FreeBSD-current (AKA 5.0-current), aimed at developers and bleeding-edge testers only, then please see the daily snapshot server FTP site.

Applications and Utility Software

The Packages collection

The FreeBSD packages collection is a diverse collection of utility and application software that has been ported to FreeBSD. The packages are pre-compiled binaries ready to drop into your system and run.

The Ports collection

The Ports collection is like the packages collection, but the necessary patches and makefiles to compile the source code are provided instead of compiled binaries. For software with important configuration that must be done at compile time, the "port" version may be more useful than the "package" version.

For information about how you can contribute your favorite piece of software to the port collection, have a look at The Porter's Handbook and - the Contributing to + the Contributing to FreeBSD chapter in - the FreeBSD handbook.

+ the FreeBSD handbook.

Commercial software

Beginning with FreeBSD Release 2.0.5, FreeBSD includes demo versions of some commercial as well as some shareware products. In addition to the demos available in the FreeBSD distribution, a number of other commercial vendors offer software products specifically for FreeBSD.

&footer; diff --git a/share/sgml/advisories.xml b/share/sgml/advisories.xml index 764b5f3f82..e89bed45dc 100644 --- a/share/sgml/advisories.xml +++ b/share/sgml/advisories.xml @@ -1,676 +1,676 @@ - + %includes; ]> - + &header;

Introduction

This web page is designed to assist both new and experienced users in the area of FreeBSD security. FreeBSD takes security very seriously and is constantly working on making the OS as secure as possible.

Here you will find additional information, or links to information, on how to protect your system against various types of attack, on whom to contact if you find a security-related bug, and so on. There is also a section on the various ways that the systems programmer can become more security conscious so that he is less likely to introduce vulnerabilities.

Table of Contents

The FreeBSD Security Officer Team

To better coordinate information exchange with others in the security community, FreeBSD has a focal point for security related communications: the FreeBSD Security Officer team. The position is staffed by a team of dedicated security officers, whose main tasks are to send out advisories when there are known security holes and to act on reports of possible security problems with FreeBSD.

If you need to contact someone from FreeBSD about a possible security bug, you should therefore send mail to the Security Officer team with a description of what you have found and the type of vulnerability it represents. The Security Officer team also communicates with the various CERT and FIRST teams around the world, sharing information about possible vulnerabilities in FreeBSD or utilities commonly used with FreeBSD. The Security Officers are also active members of those organizations.

If you do need to contact the Security Officer team about a particularly sensitive matter, please use their PGP key to encrypt your message before sending it.

FreeBSD Security Advisories

The FreeBSD Security Officer Team provides security advisories for the following releases of FreeBSD:

At this time, security advisories are being released for:

Older releases are not maintained and users are strongly encouraged to upgrade to one of the supported releases mentioned above.

Like all development efforts, security fixes are first brought into -the FreeBSD-current branch. +the FreeBSD-current branch. After a couple of days and some testing, the fix is retrofitted into the supported FreeBSD-stable branch(es) and an advisory is then sent out.

Some statistics about advisories released during 2000:

Advisories are sent to the following FreeBSD mailing lists:

Advisories are always signed using the FreeBSD Security Officer PGP key and are archived, along with their associated patches, at our FTP CERT repository. At the time of this writing, the following advisories are currently available (note that this list may be a few days out of date - for the very latest advisories please check the FTP site):

FreeBSD 4.6-RELEASE released. FreeBSD 4.5-RELEASE released. FreeBSD 4.4-RELEASE released. FreeBSD 4.3-RELEASE released.

FreeBSD Security Mailing Lists Information

If you are administering or using any number of FreeBSD systems, you should probably be subscribed to one or more of the following lists:

 freebsd-security                General security related discussion
 freebsd-security-notifications  Security notifications (moderated mailing list)
 
Send mail to majordomo@FreeBSD.ORG with
      subscribe <listname>  [<optional address>]
 
in the body of the message in order to subscribe yourself. For example:
 % echo "subscribe freebsd-security" | mail majordomo@FreeBSD.org
 
and if you would like to unsubscribe from a mailing list:
 % echo "unsubscribe freebsd-security" | mail majordomo@FreeBSD.org
 

Secure Programming Guidelines

A useful auditing tool is the its4 port, located in /usr/ports/security/its4/. This is an automated C code auditor which highlights potential trouble-spots in the code. It is a useful first-pass tool, but should not be relied upon as being authoritative, and a complete audit should include human examination of the entire code.

For more information on secure programming techniques and resources, see the How to Write Secure Code resource center.

FreeBSD Security Tips and Tricks

There are several steps one must take to secure a FreeBSD system, or in fact any Unix system:

There is also a FreeBSD Security How-To available which provides some advanced tips on how to improve security of your system. You can find it at http://www.FreeBSD.org/~jkb/howto.html.

Security is an ongoing process. Make sure you are following the latest developments in the security arena.

What to do when you detect a security compromise

Other Related Security Information

&footer