Mastering FreeBSD and OpenBSD Security Unconfirmed Errata

Errata

Submit your own errata for this product.

The errata list is a list of errors and their corrections that were found after the product was released.

The following errata were submitted by our customers and have not yet been approved or disproved by the author or editor. They solely represent the opinion of the customer.

Color Key: Serious Technical Mistake Minor Technical Mistake Language or formatting error Typo Question

Version	Location	Description	Submitted By
Printed	Page 3 2nd paragraph	"orwere" should be "or were"	Anonymous
Printed	Page 50 Paragraph about Random PIDs	a "been" is missing in: A number of exploits, such as race conditions, make use of the fact that process IDs (PIDs) have historically <here> issued sequentially by the operating system.	Anonymous
Printed	Page 57 middle of the page	in `e.g., run kdump \| less`, `run` should not be bold.	Anonymous
Printed	Page 57 middle of the page	in `e.g., run kdump \| less`, `run` should not be bold.	Anonymous
Printed	Page 118 'Controlling User Access' paragraph	The sentence "The user and group named <nothing here> on an OpenBSD system (BIND in FreeBSD), for example, [ .. ]" is missing the name of the BIND user/group on OpenBSD.	Anonymous
Printed	Page 118 'Controlling User Access' paragraph	The sentence "The user and group named <nothing here> on an OpenBSD system (BIND in FreeBSD), for example, [ .. ]" is missing the name of the BIND user/group on OpenBSD.	Anonymous
Printed	Page 150 paragraph starting with 'The latter lines...'	dip.t-dailin.net should be dip.t-dialin.net (not only because the latter is mentioned in example 4.7 but also because that's the correct address that german telekom assign to their clients)	Anonymous
Printed	Page 157 Example 4.9	There are a couple of (potential) problems with example 4.9. a.) In the beginning, there's OIFS="$IFS" IFS=" " and then later IFS=$OLDIFS which should be IFS=$OIFS (on a sidenote, the quotes around $IFS in `OIFS=$IFS` are obsolete) b.) the line mkdir -p ${level_dir}{$level} should be mkdir -p ${level_dir}${level} c.) the whole problem with IFS=" " for line ...; do IFS=$OLDIFS ... IFS=" " can be avoided by using read instead of a for loop. Here's an approach in awk that handles the situation pretty well: $ cat foo.awk #!/usr/bin/env awk -f BEGIN { FS=":"; passwd = "/etc/master.passwd"; } /^#/ { next; } { uid = $3; gid = $4; if (uid >= 1000 && uid < 5000) print >> (level_dir 1 passwd); if (uid >= 5000 && uid < 10000) print >> (level_dir 2 passwd); if (gid != 101) print >> (level_dir 3 passwd); } it could be called like this: $ awk -v level_dir=bar -f foo.awk /etc/passwd; and would get rid of the whole 'for line in ...' loop d.) sorting is an expensive operation. If the resulting lists in level_dir should really be sorted, merge-sort teaches us that sorting small lists is less expensive and we should sort them instead. e.) it's a little strange to have three loops that all loop over the same variables when what they do could easily be combined into a single loop f.) the lines mkdir -p ${level_dir}${level} rm -rf ${level_dir}${level}/* for dir in /etc /usr/local/etc; do mkdir -p ${level_dir}${level}/${dir} done touch ${level_dir}${level}/etc/master.passwd chown root:wheel ${level_dir}${level}/etc/master.passwd chmod 600 ${level_dir}${level}/etc/master.passwd would be a whole lot more readable this way: curlev = ${level_dir}${level} rm -rf ${curlev} mkdir -p ${curlev}{/etc,/usr/local/etc} # make sure master.passwd exists and has sane permissions mpwd = ${curlev}/etc/master.passwd touch ${mpwd} chown root:wheel ${mpwd} chmod 600 ${mpwd}	Anonymous
Printed	Page 157 Example 4.9	There are a couple of (potential) problems with example 4.9. a.) In the beginning, there's OIFS="$IFS" IFS=" " and then later IFS=$OLDIFS which should be IFS=$OIFS (on a sidenote, the quotes around $IFS in `OIFS=$IFS` are obsolete) b.) the line mkdir -p ${level_dir}{$level} should be mkdir -p ${level_dir}${level} c.) the whole problem with IFS=" " for line ...; do IFS=$OLDIFS ... IFS=" " can be avoided by using read instead of a for loop. Here's an approach in awk that handles the situation pretty well: $ cat foo.awk #!/usr/bin/env awk -f BEGIN \ { FS=":"; passwd = "/etc/master.passwd"; } /^#/ \ { next; } { uid = $3; gid = $4; if (uid >= 1000 && uid < 5000) print >> (level_dir 1 passwd); if (uid >= 5000 && uid < 10000) print >> (level_dir 2 passwd); if (gid != 101) print >> (level_dir 3 passwd); } it could be called like this: $ awk -v level_dir=bar -f foo.awk /etc/passwd; and would get rid of the whole 'for line in ...' loop d.) sorting is an expensive operation. If the resulting lists in level_dir should really be sorted, merge-sort teaches us that sorting small lists is less expensive and we should sort them instead. e.) it's a little strange to have three loops that all loop over the same variables when what they do could easily be combined into a single loop f.) the lines mkdir -p ${level_dir}${level} rm -rf ${level_dir}${level}/* for dir in /etc /usr/local/etc; do mkdir -p ${level_dir}${level}/${dir} done touch ${level_dir}${level}/etc/master.passwd chown root:wheel ${level_dir}${level}/etc/master.passwd chmod 600 ${level_dir}${level}/etc/master.passwd would be a whole lot more readable this way: curlev = ${level_dir}${level} rm -rf ${curlev} mkdir -p ${curlev}{/etc,/usr/local/etc} # make sure master.passwd exists and has sane permissions mpwd = ${curlev}/etc/master.passwd touch ${mpwd} chown root:wheel ${mpwd} chmod 600 ${mpwd}	Anonymous
Printed	Page 159 Example 4.10	Judging by the shebang line, the script is supposed to be a Bourne Shell script. However, neither the lines level1_sys=alpha beta gamma delta level2_sys=mercury venus earth mars nor foreach system in $level1_sys; do are valid Bourne Shell (or ksh or bash) syntax.	Anonymous
Printed	Page 185 5th para	configure BIND => configure djbdns	Anonymous
Printed	Page 367 2nd paragraph	> The manual page for syslog.conf(5) specifies that these facilities are for local use. The manual page for syslog.conf(5) does not actually mention the purpose of local[0-7], the one for syslog(3) does, however: LOG_LOCAL0 Reserved for local use. Similarly for LOG_LOCAL1 through LOG_LOCAL7. > You, the administrator, may define these seven facilities [..] Unless local0 has a special meaning there are eigth of them.	Anonymous