HardenedBSD/etc/mtree/BSD.var.dist
Colin Percival a235643007 Disable SSL renegotiation in order to protect against a serious
protocol flaw. [09:15]

Correctly handle failures from unsetenv resulting from a corrupt
environment in rtld-elf. [09:16]

Fix permissions in freebsd-update in order to prevent leakage of
sensitive files. [09:17]

Approved by:	so (cperciva)
Security:	FreeBSD-SA-09:15.ssl
Security:	FreeBSD-SA-09:16.rtld
Security:	FreeBSD-SA-09:17.freebsd-udpate
2009-12-03 09:18:40 +00:00

93 lines
1.5 KiB
Plaintext

# $FreeBSD$
#
# Please see the file src/etc/mtree/README before making changes to this file.
#
/set type=dir uname=root gname=wheel mode=0755
.
account
..
at
/set uname=daemon
jobs
..
spool
..
/set uname=root
..
/set mode=0750
/set gname=audit
audit
..
/set gname=wheel
backups
..
crash
..
cron
tabs mode=0700
..
..
/set mode=0755
db
entropy uname=operator gname=operator mode=0700
..
freebsd-update mode=0700
..
ipf mode=0700
..
pkg
..
ports
..
portsnap
..
..
empty mode=0555 flags=schg
..
games gname=games mode=0775
..
heimdal mode=0700
..
log
..
mail gname=mail mode=0775
..
msgs uname=daemon
..
named
..
preserve
..
run
named uname=bind gname=bind
..
ppp gname=network mode=0770
..
..
rwho gname=daemon mode=0775
..
spool
lock uname=uucp gname=dialer mode=0775
..
/set gname=daemon
lpd
..
mqueue
..
opielocks mode=0700
..
output
lpd
..
..
/set gname=wheel
..
tmp mode=01777
vi.recover mode=01777
..
..
yp
..
..