mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2025-01-11 17:04:19 +01:00
HardenedBSD src tree
6e56beb6d2
code. Apart from the first one, none really affect typical configurations but are nevertheless unnecessary limitations. We use netbooted PCs as student X-terminals and all of the below fixes have been useful. Apologies for including them all in one PR, but some are just too silly or trivial to send on their own! a) Newer SMC cards have hardware addresses starting with 00:E0. Netboot compares the MAC address with 00:00:C0 to determine if it is a WD/SMC card, so it fails to detect these. b) Netboot is unable to boot kzipped kernels, as it assumes that the kernel load address is 0x100000. c) Users can abort the booting process and enter arbitrary network addresses, or boot from a floppy disk. This can be a problem when netbooted machines are used in a student environment. d) It is not possible to set all options via bootp. For example there is no way to remotely force a client to boot from disk. With both SECURE_BOOT(patch below) and NO_TFTP defined, short of unplugging the eprom there is no way at all to get the client to boot locally. A generic solution is to allow complete netboot commands to be sent using bootp lines such as: :T132="diskboot": e) The last character of netboot command names is not checked. You can type 'iz 10.0.0.1' and it will be interpreted as 'ip'. This is only important if you try to add a new command which is the same as an existing one except for the last character. f) We have a configuration where multiple servers are willing to serve a diskless client. The tftp config file, or the bootptab entry on each server must specify the root and swap filesystems as 'ip:/fs' even though 'ip' will usually be the responding server's IP address. It would be nice if netboot could automatically prepend the server's IP address to an entry specified as just '/fs', so that multiple servers can use the same tftp or bootp configuration files. Admittedly this is hardly a major problem! PR: 7098 Submitted by: Ian Dowse <iedowse@maths.tcd.ie> |
||
---|---|---|
bin | ||
contrib | ||
crypto | ||
etc | ||
games | ||
gnu | ||
include | ||
kerberos5 | ||
kerberosIV | ||
lib | ||
libexec | ||
lkm | ||
release | ||
sbin | ||
secure | ||
share | ||
sys | ||
tools | ||
usr.bin | ||
usr.sbin | ||
COPYRIGHT | ||
Makefile | ||
Makefile.alpha | ||
README |
This is the top level of the FreeBSD source directory. This file was last revised on: $Id: README,v 1.11 1997/08/09 14:36:20 jkh Exp $ For copyright information, please see the file COPYRIGHT in this directory (additional copyright information also exists for some sources in this tree - please see the specific source directories for more information). The Makefile in this directory supports a number of targets for building components (or all) of the FreeBSD source tree, the most commonly used one being ``world'', which rebuilds and installs everything in the FreeBSD system from the source tree except the kernel and the contents of /etc. Please see the top of the Makefile in this directory for more information on the standard build targets and compile-time flags. Building a kernel with config(8) is a somewhat more involved process, documentation for which can be found at: http://www.freebsd.org/handbook/kernelconfig.html And in the config(8) man page. The sample kernel configuration files reside in the sys/i386/conf sub-directory (assuming that you've installed the kernel sources), the file named GENERIC being the one used to build your initial installation kernel. The file LINT contains entries for all possible devices, not just those commonly used, and is meant more as a general reference than an actual kernel configuration file (a kernel built from it wouldn't even run). Source Roadmap: --------------- bin System/User commands. contrib Packages contributed by 3rd parties. crypto Export controlled stuff (see crypto/README). etc Template files for /etc games Amusements. gnu Various commands and libraries under the GNU Public License. Please see gnu/COPYING* for more information. include System include files. kerberosIV Kerberos package - also export controlled. lib System libraries. libexec System daemons. lkm Loadable Kernel Modules. release Release building Makefile & associated tools. sbin System commands. secure DES and DES-related utilities - NOT FOR EXPORT! share Shared resources. sys Kernel sources. tools Utilities for regression testing and miscellaneous tasks. usr.bin User commands. usr.sbin System administration commands. For information on synchronizing your source tree with one or more of the FreeBSD Project's development branches, please see: http://www.freebsd.org/handbook/synching.html