diff --git a/contrib/telnet/telnet/telnet.1 b/contrib/telnet/telnet/telnet.1 index 015401030f23..053fb1c863c0 100644 --- a/contrib/telnet/telnet/telnet.1 +++ b/contrib/telnet/telnet/telnet.1 @@ -1,1485 +1,1485 @@ .\" Copyright (c) 1983, 1990, 1993 .\" The Regents of the University of California. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" @(#)telnet.1 8.6 (Berkeley) 6/1/94 .\" $FreeBSD$ .\" -.Dd June 21, 2021 +.Dd September 29, 2022 .Dt TELNET 1 .Os .Sh NAME .Nm telnet .Nd user interface to the .Tn TELNET protocol .Sh SYNOPSIS .Nm .Op Fl 468EFKLNQacdfruxy .Op Fl B Ar baudrate .Op Fl S Ar tos .Op Fl X Ar authtype .Op Fl e Ar escapechar .Op Fl k Ar realm .Op Fl l Ar user .Op Fl n Ar tracefile .Op Fl s Ar src_addr .Op Fl P Ar policy .Oo .Ar host .Op Ar port .Oc .Sh DESCRIPTION The .Nm command is used to communicate with another host using the .Tn TELNET protocol. If .Nm is invoked without the .Ar host argument, it enters command mode, indicated by its prompt .Pq Dq Li telnet\&> . In this mode, it accepts and executes the commands listed below. If it is invoked with arguments, it performs an .Ic open command with those arguments. .Pp Options: .Bl -tag -width indent .It Fl 4 Forces .Nm to use IPv4 addresses only. .It Fl 6 Forces .Nm to use IPv6 addresses only. .It Fl 8 Specifies an 8-bit data path. This causes an attempt to negotiate the .Dv TELNET BINARY option on both input and output. .It Fl B Ar baudrate Sets the baud rate to .Ar baudrate . .It Fl E Stops any character from being recognized as an escape character. .It Fl F If Kerberos V5 authentication is being used, the .Fl F option allows the local credentials to be forwarded to the remote system, including any credentials that have already been forwarded into the local environment. .It Fl K Specifies no automatic login to the remote system. .It Fl L Specifies an 8-bit data path on output. This causes the .Dv BINARY option to be negotiated on output. .It Fl N Prevents IP address to name lookup when destination host is given as an IP address. .It Fl Q Quiet mode. This suppresses the messages .Nm would normally output upon connecting or disconnecting. .It Fl S Ar tos Sets the IP type-of-service (TOS) option for the telnet connection to the value .Ar tos , which can be a numeric TOS value or, on systems that support it, a symbolic TOS name found in the .Pa /etc/iptos file. .It Fl X Ar atype Disables the .Ar atype type of authentication. .It Fl a Attempt automatic login. This is now the default, so this option is ignored. Currently, this sends the user name via the .Ev USER variable of the .Ev ENVIRON option if supported by the remote system. The name used is that of the current user as returned by .Xr getlogin 2 if it agrees with the current user ID, otherwise it is the name associated with the user ID. .It Fl c Disables the reading of the user's .Pa \&.telnetrc file. (See the .Ic toggle skiprc command on this man page.) .It Fl d Sets the initial value of the .Ic debug toggle to .Dv TRUE . .It Fl e Ar escapechar Sets the initial .Nm escape character to .Ar escapechar . If .Ar escapechar is omitted, then there will be no escape character. .It Fl f If Kerberos V5 authentication is being used, the .Fl f option allows the local credentials to be forwarded to the remote system. .It Fl k Ar realm If Kerberos authentication is being used, the .Fl k option requests that .Nm obtain tickets for the remote host in realm .Ar realm instead of the remote host's realm, as determined by .Xr krb_realmofhost 3 . .It Fl l Ar user When connecting to the remote system, if the remote system understands the .Ev ENVIRON option, then .Ar user will be sent to the remote system as the value for the variable .Ev USER . This option implies the .Fl a option. This option may also be used with the .Ic open command. .It Fl n Ar tracefile Opens .Ar tracefile for recording trace information. See the .Ic set tracefile command below. .It Fl P Ar policy Use IPsec policy specification string .Ar policy , for the connections. See .Xr ipsec_set_policy 3 for details. .It Fl r Specifies a user interface similar to .Xr rlogin 1 . In this mode, the escape character is set to the tilde (~) character, unless modified by the .Fl e option. .It Fl s Ar src_addr Set the source IP address for the .Nm connection to .Ar src_addr , which can be an IP address or a host name. .It Fl u Forces .Nm to use .Dv AF_UNIX addresses only (e.g., .Ux domain sockets, accessed with a file path). .It Fl x Turns on encryption of the data stream if possible. This is now the default, so this option is ignored. .It Fl y Suppresses encryption of the data stream. .It Ar host Indicates the official name, an alias, or the Internet address of a remote host. If .Ar host starts with a .Ql / , .Nm establishes a connection to the corresponding named socket. .It Ar port Indicates a port number (address of an application). If a number is not specified, the default .Nm port is used. .El .Pp When in rlogin mode, a line of the form ~.\& disconnects from the remote host; ~ is the .Nm escape character. Similarly, the line ~^Z suspends the .Nm session. The line ~^] escapes to the normal .Nm escape prompt. .Pp Once a connection has been opened, .Nm will attempt to enable the .Dv TELNET LINEMODE option. If this fails, then .Nm will revert to one of two input modes: either \*(Lqcharacter at a time\*(Rq or \*(Lqold line by line\*(Rq depending on what the remote system supports. .Pp When .Dv LINEMODE is enabled, character processing is done on the local system, under the control of the remote system. When input editing or character echoing is to be disabled, the remote system will relay that information. The remote system will also relay changes to any special characters that happen on the remote system, so that they can take effect on the local system. .Pp In \*(Lqcharacter at a time\*(Rq mode, most text typed is immediately sent to the remote host for processing. .Pp In \*(Lqold line by line\*(Rq mode, all text is echoed locally, and (normally) only completed lines are sent to the remote host. The \*(Lqlocal echo character\*(Rq (initially \*(Lq^E\*(Rq) may be used to turn off and on the local echo (this would mostly be used to enter passwords without the password being echoed). .Pp If the .Dv LINEMODE option is enabled, or if the .Ic localchars toggle is .Dv TRUE (the default for \*(Lqold line by line\*(Rq; see below), the user's .Ic quit , .Ic intr , and .Ic flush characters are trapped locally, and sent as .Tn TELNET protocol sequences to the remote side. If .Dv LINEMODE has ever been enabled, then the user's .Ic susp and .Ic eof are also sent as .Tn TELNET protocol sequences, and .Ic quit is sent as a .Dv TELNET ABORT instead of .Dv BREAK . There are options (see .Ic toggle .Ic autoflush and .Ic toggle .Ic autosynch below) which cause this action to flush subsequent output to the terminal (until the remote host acknowledges the .Tn TELNET sequence) and flush previous terminal input (in the case of .Ic quit and .Ic intr ) . .Pp While connected to a remote host, .Nm command mode may be entered by typing the .Nm \*(Lqescape character\*(Rq (initially \*(Lq^]\*(Rq). When in command mode, the normal terminal editing conventions are available. .Pp The following .Nm commands are available. Only enough of each command to uniquely identify it need be typed (this is also true for arguments to the .Ic mode , .Ic set , .Ic toggle , .Ic unset , .Ic slc , .Ic environ , and .Ic display commands). .Bl -tag -width "mode type" .It Ic auth Ar argument ... The auth command manipulates the information sent through the .Dv TELNET AUTHENTICATE option. Valid arguments for the .Ic auth command are: .Bl -tag -width "disable type" .It Ic disable Ar type Disables the specified type of authentication. To obtain a list of available types, use the .Ic auth disable ?\& command. .It Ic enable Ar type Enables the specified type of authentication. To obtain a list of available types, use the .Ic auth enable ?\& command. .It Ic status Lists the current status of the various types of authentication. .El .It Ic close Close a .Tn TELNET session and return to command mode. .It Ic display Ar argument ... Displays all, or some, of the .Ic set and .Ic toggle values (see below). .It Ic encrypt Ar argument ... The encrypt command manipulates the information sent through the .Dv TELNET ENCRYPT option. .Pp Valid arguments for the .Ic encrypt command are: .Bl -tag -width Ar .It Ic disable Ar type Xo .Op Cm input | output .Xc Disables the specified type of encryption. If you omit the input and output, both input and output are disabled. To obtain a list of available types, use the .Ic encrypt disable ?\& command. .It Ic enable Ar type Xo .Op Cm input | output .Xc Enables the specified type of encryption. If you omit input and output, both input and output are enabled. To obtain a list of available types, use the .Ic encrypt enable ?\& command. .It Ic input This is the same as the .Ic encrypt start input command. .It Ic -input This is the same as the .Ic encrypt stop input command. .It Ic output This is the same as the .Ic encrypt start output command. .It Ic -output This is the same as the .Ic encrypt stop output command. .It Ic start Op Cm input | output Attempts to start encryption. If you omit .Ic input and .Ic output , both input and output are enabled. To obtain a list of available types, use the .Ic encrypt enable ?\& command. .It Ic status Lists the current status of encryption. .It Ic stop Op Cm input | output Stops encryption. If you omit input and output, encryption is on both input and output. .It Ic type Ar type Sets the default type of encryption to be used with later .Ic encrypt start or .Ic encrypt stop commands. .El .It Ic environ Ar arguments ... The .Ic environ command is used to manipulate the variables that may be sent through the .Dv TELNET ENVIRON option. The initial set of variables is taken from the users environment, with only the .Ev DISPLAY and .Ev PRINTER variables being exported by default. The .Ev USER variable is also exported if the .Fl a or .Fl l options are used. .Pp Valid arguments for the .Ic environ command are: .Bl -tag -width Fl .It Ic define Ar variable value Define the variable .Ar variable to have a value of .Ar value . Any variables defined by this command are automatically exported. The .Ar value may be enclosed in single or double quotes so that tabs and spaces may be included. .It Ic undefine Ar variable Remove .Ar variable from the list of environment variables. .It Ic export Ar variable Mark the variable .Ar variable to be exported to the remote side. .It Ic unexport Ar variable Mark the variable .Ar variable to not be exported unless explicitly asked for by the remote side. .It Ic list List the current set of environment variables. Those marked with a .Cm * will be sent automatically, other variables will only be sent if explicitly requested. .It Ic ?\& Prints out help information for the .Ic environ command. .El .It Ic logout Sends the .Dv TELNET LOGOUT option to the remote side. This command is similar to a .Ic close command; however, if the remote side does not support the .Dv LOGOUT option, nothing happens. If, however, the remote side does support the .Dv LOGOUT option, this command should cause the remote side to close the .Tn TELNET connection. If the remote side also supports the concept of suspending a user's session for later reattachment, the logout argument indicates that you should terminate the session immediately. .It Ic mode Ar type .Ar Type is one of several options, depending on the state of the .Tn TELNET session. The remote host is asked for permission to go into the requested mode. If the remote host is capable of entering that mode, the requested mode will be entered. .Bl -tag -width Ar .It Ic character Disable the .Dv TELNET LINEMODE option, or, if the remote side does not understand the .Dv LINEMODE option, then enter \*(Lqcharacter at a time\*(Rq mode. .It Ic line Enable the .Dv TELNET LINEMODE option, or, if the remote side does not understand the .Dv LINEMODE option, then attempt to enter \*(Lqold-line-by-line\*(Rq mode. .It Ic isig Pq Ic \-isig Attempt to enable (disable) the .Dv TRAPSIG mode of the .Dv LINEMODE option. This requires that the .Dv LINEMODE option be enabled. .It Ic edit Pq Ic \-edit Attempt to enable (disable) the .Dv EDIT mode of the .Dv LINEMODE option. This requires that the .Dv LINEMODE option be enabled. .It Ic softtabs Pq Ic \-softtabs Attempt to enable (disable) the .Dv SOFT_TAB mode of the .Dv LINEMODE option. This requires that the .Dv LINEMODE option be enabled. .It Ic litecho Pq Ic \-litecho Attempt to enable (disable) the .Dv LIT_ECHO mode of the .Dv LINEMODE option. This requires that the .Dv LINEMODE option be enabled. .It Ic ?\& Prints out help information for the .Ic mode command. .El .It Xo .Ic open .Op Fl l Ar user .Op Ar host .Op Oo Fl /+ Oc Ns Ar port .Xc Open a connection to the named host. If no port number is specified, .Nm will attempt to contact a .Tn TELNET server at the default port. The host specification may be either a host name (see .Xr hosts 5 ) , an Internet address specified in the \*(Lqdot notation\*(Rq (see .Xr inet 3 ) , or IPv6 host name or IPv6 coloned-hexadecimal addreess. The .Fl l option may be used to specify the user name to be passed to the remote system via the .Ev ENVIRON option. When connecting to a non-standard port, .Nm omits any automatic initiation of .Tn TELNET options. When the port number is preceded by a minus sign, the initial option negotiation is done. When, however, the port number is preceded by a plus sign, any option negotiation and understanding is prohibited, making telnet dumb client for POP3/SMTP/NNTP/HTTP-like protocols with any data including .Tn TELNET IAC character (0xff). After establishing a connection, the file .Pa \&.telnetrc in the users home directory is opened. Lines beginning with a # are comment lines. Blank lines are ignored. Lines that begin without white space are the start of a machine entry. The first thing on the line is the name of the machine that is being connected to. It may be the hostname or numeric address specified as the argument .Ar host , the canonical name of that string as determined by .Xr getaddrinfo 3 , or the string .Dq Li DEFAULT indicating all hosts. The rest of the line, and successive lines that begin with white space are assumed to be .Nm commands and are processed as if they had been typed in manually to the .Nm command prompt. .It Ic quit Close any open .Tn TELNET session and exit .Nm . An end of file (in command mode) will also close a session and exit. .It Ic send Ar arguments Sends one or more special character sequences to the remote host. The following are the arguments which may be specified (more than one argument may be specified at a time): .Bl -tag -width escape .It Ic abort Sends the .Dv TELNET ABORT (Abort processes) sequence. .It Ic ao Sends the .Dv TELNET AO (Abort Output) sequence, which should cause the remote system to flush all output .Em from the remote system .Em to the user's terminal. .It Ic ayt Sends the .Dv TELNET AYT (Are You There) sequence, to which the remote system may or may not choose to respond. .It Ic brk Sends the .Dv TELNET BRK (Break) sequence, which may have significance to the remote system. .It Ic ec Sends the .Dv TELNET EC (Erase Character) sequence, which should cause the remote system to erase the last character entered. .It Ic el Sends the .Dv TELNET EL (Erase Line) sequence, which should cause the remote system to erase the line currently being entered. .It Ic eof Sends the .Dv TELNET EOF (End Of File) sequence. .It Ic eor Sends the .Dv TELNET EOR (End of Record) sequence. .It Ic escape Sends the current .Nm escape character (initially \*(Lq^\*(Rq). .It Ic ga Sends the .Dv TELNET GA (Go Ahead) sequence, which likely has no significance to the remote system. .It Ic getstatus If the remote side supports the .Dv TELNET STATUS command, .Ic getstatus will send the subnegotiation to request that the server send its current option status. .It Ic ip Sends the .Dv TELNET IP (Interrupt Process) sequence, which should cause the remote system to abort the currently running process. .It Ic nop Sends the .Dv TELNET NOP (No OPeration) sequence. .It Ic susp Sends the .Dv TELNET SUSP (SUSPend process) sequence. .It Ic synch Sends the .Dv TELNET SYNCH sequence. This sequence causes the remote system to discard all previously typed (but not yet read) input. This sequence is sent as .Tn TCP urgent data (and may not work if the remote system is a .Bx 4.2 system -- if it doesn't work, a lower case \*(Lqr\*(Rq may be echoed on the terminal). .It Ic do Ar cmd .It Ic dont Ar cmd .It Ic will Ar cmd .It Ic wont Ar cmd Sends the .Dv TELNET DO .Ar cmd sequence. .Ar Cmd can be either a decimal number between 0 and 255, or a symbolic name for a specific .Dv TELNET command. .Ar Cmd can also be either .Ic help or .Ic ?\& to print out help information, including a list of known symbolic names. .It Ic ?\& Prints out help information for the .Ic send command. .El .It Ic set Ar argument value .It Ic unset Ar argument value The .Ic set command will set any one of a number of .Nm variables to a specific value or to .Dv TRUE . The special value .Ic off turns off the function associated with the variable, this is equivalent to using the .Ic unset command. The .Ic unset command will disable or set to .Dv FALSE any of the specified functions. The values of variables may be interrogated with the .Ic display command. The variables which may be set or unset, but not toggled, are listed here. In addition, any of the variables for the .Ic toggle command may be explicitly set or unset using the .Ic set and .Ic unset commands. .Bl -tag -width escape .It Ic ayt If .Tn TELNET is in localchars mode, or .Dv LINEMODE is enabled, and the status character is typed, a .Dv TELNET AYT sequence (see .Ic send ayt preceding) is sent to the remote host. The initial value for the \*(LqAre You There\*(Rq character is the terminal's status character. .It Ic echo This is the value (initially \*(Lq^E\*(Rq) which, when in \*(Lqline by line\*(Rq mode, toggles between doing local echoing of entered characters (for normal processing), and suppressing echoing of entered characters (for entering, say, a password). .It Ic eof If .Nm is operating in .Dv LINEMODE or \*(Lqold line by line\*(Rq mode, entering this character as the first character on a line will cause this character to be sent to the remote system. The initial value of the eof character is taken to be the terminal's .Ic eof character. .It Ic erase If .Nm is in .Ic localchars mode (see .Ic toggle .Ic localchars below), .Sy and if .Nm is operating in \*(Lqcharacter at a time\*(Rq mode, then when this character is typed, a .Dv TELNET EC sequence (see .Ic send .Ic ec above) is sent to the remote system. The initial value for the erase character is taken to be the terminal's .Ic erase character. .It Ic escape This is the .Nm escape character (initially \*(Lq^[\*(Rq) which causes entry into .Nm command mode (when connected to a remote system). .It Ic flushoutput If .Nm is in .Ic localchars mode (see .Ic toggle .Ic localchars below) and the .Ic flushoutput character is typed, a .Dv TELNET AO sequence (see .Ic send .Ic ao above) is sent to the remote host. The initial value for the flush character is taken to be the terminal's .Ic flush character. .It Ic forw1 .It Ic forw2 If .Nm is operating in .Dv LINEMODE , these are the characters that, when typed, cause partial lines to be forwarded to the remote system. The initial value for the forwarding characters are taken from the terminal's eol and eol2 characters. .It Ic interrupt If .Nm is in .Ic localchars mode (see .Ic toggle .Ic localchars below) and the .Ic interrupt character is typed, a .Dv TELNET IP sequence (see .Ic send .Ic ip above) is sent to the remote host. The initial value for the interrupt character is taken to be the terminal's .Ic intr character. .It Ic kill If .Nm is in .Ic localchars mode (see .Ic toggle .Ic localchars below), .Ic and if .Nm is operating in \*(Lqcharacter at a time\*(Rq mode, then when this character is typed, a .Dv TELNET EL sequence (see .Ic send .Ic el above) is sent to the remote system. The initial value for the kill character is taken to be the terminal's .Ic kill character. .It Ic lnext If .Nm is operating in .Dv LINEMODE or \*(Lqold line by line\*(Rq mode, then this character is taken to be the terminal's .Ic lnext character. The initial value for the lnext character is taken to be the terminal's .Ic lnext character. .It Ic quit If .Nm is in .Ic localchars mode (see .Ic toggle .Ic localchars below) and the .Ic quit character is typed, a .Dv TELNET BRK sequence (see .Ic send .Ic brk above) is sent to the remote host. The initial value for the quit character is taken to be the terminal's .Ic quit character. .It Ic reprint If .Nm is operating in .Dv LINEMODE or \*(Lqold line by line\*(Rq mode, then this character is taken to be the terminal's .Ic reprint character. The initial value for the reprint character is taken to be the terminal's .Ic reprint character. .It Ic rlogin This is the rlogin escape character. If set, the normal .Nm escape character is ignored unless it is preceded by this character at the beginning of a line. This character, at the beginning of a line followed by a "." closes the connection; when followed by a ^Z it suspends the .Nm command. The initial state is to disable the .Nm rlogin escape character. .It Ic start If the .Dv TELNET TOGGLE-FLOW-CONTROL option has been enabled, then this character is taken to be the terminal's .Ic start character. The initial value for the start character is taken to be the terminal's .Ic start character. .It Ic stop If the .Dv TELNET TOGGLE-FLOW-CONTROL option has been enabled, then this character is taken to be the terminal's .Ic stop character. The initial value for the stop character is taken to be the terminal's .Ic stop character. .It Ic susp If .Nm is in .Ic localchars mode, or .Dv LINEMODE is enabled, and the .Ic suspend character is typed, a .Dv TELNET SUSP sequence (see .Ic send .Ic susp above) is sent to the remote host. The initial value for the suspend character is taken to be the terminal's .Ic suspend character. .It Ic tracefile This is the file to which the output, caused by .Ic netdata or .Ic option tracing being .Dv TRUE , will be written. If it is set to .Dq Fl , then tracing information will be written to standard output (the default). .It Ic worderase If .Nm is operating in .Dv LINEMODE or \*(Lqold line by line\*(Rq mode, then this character is taken to be the terminal's .Ic worderase character. The initial value for the worderase character is taken to be the terminal's .Ic worderase character. .It Ic ?\& Displays the legal .Ic set .Pq Ic unset commands. .El .It Ic opie Ar sequence challenge The .Ic opie command computes a response to the OPIE challenge. .It Ic slc Ar state The .Ic slc command (Set Local Characters) is used to set or change the state of the special characters when the .Dv TELNET LINEMODE option has been enabled. Special characters are characters that get mapped to .Tn TELNET commands sequences (like .Ic ip or .Ic quit ) or line editing characters (like .Ic erase and .Ic kill ) . By default, the local special characters are exported. .Bl -tag -width Fl .It Ic check Verify the current settings for the current special characters. The remote side is requested to send all the current special character settings, and if there are any discrepancies with the local side, the local side will switch to the remote value. .It Ic export Switch to the local defaults for the special characters. The local default characters are those of the local terminal at the time when .Nm was started. .It Ic import Switch to the remote defaults for the special characters. The remote default characters are those of the remote system at the time when the .Tn TELNET connection was established. .It Ic ?\& Prints out help information for the .Ic slc command. .El .It Ic status Show the current status of .Nm . This includes the peer one is connected to, as well as the current mode. .It Ic toggle Ar arguments ... Toggle (between .Dv TRUE and .Dv FALSE ) various flags that control how .Nm responds to events. These flags may be set explicitly to .Dv TRUE or .Dv FALSE using the .Ic set and .Ic unset commands listed above. More than one argument may be specified. The state of these flags may be interrogated with the .Ic display command. Valid arguments are: .Bl -tag -width Ar .It Ic authdebug Turns on debugging information for the authentication code. .It Ic autoflush If .Ic autoflush and .Ic localchars are both .Dv TRUE , then when the .Ic ao , or .Ic quit characters are recognized (and transformed into .Tn TELNET sequences; see .Ic set above for details), .Nm refuses to display any data on the user's terminal until the remote system acknowledges (via a .Dv TELNET TIMING MARK option) that it has processed those .Tn TELNET sequences. The initial value for this toggle is .Dv TRUE if the terminal user had not done an "stty noflsh", otherwise .Dv FALSE (see .Xr stty 1 ) . .It Ic autodecrypt When the .Dv TELNET ENCRYPT option is negotiated, by default the actual encryption (decryption) of the data stream does not start automatically. The autoencrypt (autodecrypt) command states that encryption of the output (input) stream should be enabled as soon as possible. .It Ic autologin If the remote side supports the .Dv TELNET AUTHENTICATION option .Nm attempts to use it to perform automatic authentication. If the .Dv AUTHENTICATION option is not supported, the user's login name are propagated through the .Dv TELNET ENVIRON option. This command is the same as specifying .Fl a option on the .Ic open command. .It Ic autosynch If .Ic autosynch and .Ic localchars are both .Dv TRUE , then when either the .Ic intr or .Ic quit characters is typed (see .Ic set above for descriptions of the .Ic intr and .Ic quit characters), the resulting .Tn TELNET sequence sent is followed by the .Dv TELNET SYNCH sequence. This procedure .Ic should cause the remote system to begin throwing away all previously typed input until both of the .Tn TELNET sequences have been read and acted upon. The initial value of this toggle is .Dv FALSE . .It Ic binary Enable or disable the .Dv TELNET BINARY option on both input and output. .It Ic inbinary Enable or disable the .Dv TELNET BINARY option on input. .It Ic outbinary Enable or disable the .Dv TELNET BINARY option on output. .It Ic crlf If this is .Dv TRUE , then carriage returns will be sent as .Li . If this is .Dv FALSE , then carriage returns will be send as .Li . The initial value for this toggle is .Dv FALSE . .It Ic crmod Toggle carriage return mode. When this mode is enabled, most carriage return characters received from the remote host will be mapped into a carriage return followed by a line feed. This mode does not affect those characters typed by the user, only those received from the remote host. This mode is not very useful unless the remote host only sends carriage return, but never line feed. The initial value for this toggle is .Dv FALSE . .It Ic debug Toggles socket level debugging (useful only to the .Ic super user ) . The initial value for this toggle is .Dv FALSE . .It Ic encdebug Turns on debugging information for the encryption code. .It Ic localchars If this is .Dv TRUE , then the .Ic flush , .Ic interrupt , .Ic quit , .Ic erase , and .Ic kill characters (see .Ic set above) are recognized locally, and transformed into (hopefully) appropriate .Tn TELNET control sequences (respectively .Ic ao , .Ic ip , .Ic brk , .Ic ec , and .Ic el ; see .Ic send above). The initial value for this toggle is .Dv TRUE in \*(Lqold line by line\*(Rq mode, and .Dv FALSE in \*(Lqcharacter at a time\*(Rq mode. When the .Dv LINEMODE option is enabled, the value of .Ic localchars is ignored, and assumed to always be .Dv TRUE . If .Dv LINEMODE has ever been enabled, then .Ic quit is sent as .Ic abort , and .Ic eof and .Ic suspend are sent as .Ic eof and .Ic susp (see .Ic send above). .It Ic netdata Toggles the display of all network data (in hexadecimal format). The initial value for this toggle is .Dv FALSE . .It Ic options Toggles the display of some internal .Nm protocol processing (having to do with .Tn TELNET options). The initial value for this toggle is .Dv FALSE . .It Ic prettydump When the .Ic netdata toggle is enabled, if .Ic prettydump is enabled the output from the .Ic netdata command will be formatted in a more user readable format. Spaces are put between each character in the output, and the beginning of any .Nm escape sequence is preceded by a '*' to aid in locating them. .It Ic skiprc When the skiprc toggle is .Dv TRUE , .Nm skips the reading of the .Pa \&.telnetrc file in the users home directory when connections are opened. The initial value for this toggle is .Dv FALSE . .It Ic termdata Toggles the display of all terminal data (in hexadecimal format). The initial value for this toggle is .Dv FALSE . .It Ic verbose_encrypt When the .Ic verbose_encrypt toggle is .Dv TRUE , .Nm prints out a message each time encryption is enabled or disabled. The initial value for this toggle is .Dv FALSE . .It Ic ?\& Displays the legal .Ic toggle commands. .El .It Ic z Suspend .Nm . This command only works when the user is using the .Xr csh 1 . .It Ic \&! Op Ar command Execute a single command in a subshell on the local system. If .Ar command is omitted, then an interactive subshell is invoked. .It Ic ?\& Op Ar command Get help. With no arguments, .Nm prints a help summary. If .Ar command is specified, .Nm will print the help information for just that command. .El .Sh ENVIRONMENT .Nm uses at least the .Ev HOME , .Ev SHELL , .Ev DISPLAY , and .Ev TERM environment variables. Other environment variables may be propagated to the other side via the .Dv TELNET ENVIRON option. .Sh FILES .Bl -tag -width ~/.telnetrc -compact .It Pa ~/.telnetrc user customized telnet startup values .El .Sh SEE ALSO .Xr rlogin 1 , .Xr rsh 1 , .Xr hosts 5 , .Xr nologin 5 , -.Xr telnetd 8 +.Xr telnetd 8 Pq Pa ports/net/freebsd-telnetd .Sh HISTORY The .Nm command appeared in .Bx 4.2 . .Pp IPv6 support was added by WIDE/KAME project. .Sh NOTES On some remote systems, echo has to be turned off manually when in \*(Lqold line by line\*(Rq mode. .Pp In \*(Lqold line by line\*(Rq mode or .Dv LINEMODE the terminal's .Ic eof character is only recognized (and sent to the remote system) when it is the first character on a line. diff --git a/libexec/getty/gettytab.5 b/libexec/getty/gettytab.5 index 9131dda3ed81..b71ea34da537 100644 --- a/libexec/getty/gettytab.5 +++ b/libexec/getty/gettytab.5 @@ -1,519 +1,518 @@ .\" Copyright (c) 1983, 1991, 1993 .\" The Regents of the University of California. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" from: @(#)gettytab.5 8.4 (Berkeley) 4/19/94 .\" $FreeBSD$ .\" " -.Dd February 26, 2018 +.Dd September 29, 2022 .Dt GETTYTAB 5 .Os .Sh NAME .Nm gettytab .Nd terminal configuration data base .Sh SYNOPSIS .Nm .Sh DESCRIPTION The .Nm file is a simplified version of the .Xr termcap 5 data base used to describe terminal lines. The initial terminal login process .Xr getty 8 accesses the .Nm file each time it starts, allowing simpler reconfiguration of terminal characteristics. Each entry in the data base is used to describe one class of terminals. .Pp There is a default terminal class, .Va default , that is used to set global defaults for all other classes. (That is, the .Va default entry is read, then the entry for the class required is used to override particular settings.) .Sh CAPABILITIES Refer to .Xr termcap 5 for a description of the file layout. The .Va default column below lists defaults obtained if there is no entry in the table obtained, nor one in the special .Va default table. .Bl -column Name Type /usr/bin/login .It Sy "Name Type Default Description" .It "ac str unused expect-send chat script for modem answer" .It "al str unused user to auto-login instead of prompting" .It "ap bool false terminal uses any parity" .It "bk str 0377 alternate end of line character (input break)" .It "c0 num unused tty control flags to write messages" .It "c1 num unused tty control flags to read login name" .It "c2 num unused tty control flags to leave terminal as" .It "ce bool false use crt erase algorithm" .It "ck bool false use crt kill algorithm" .It "cl str" Ta Dv NULL .Ta No "screen clear sequence" .It "co bool false console - add" .Ql \en after login prompt .It "ct num 10 chat timeout for" .Va \&ac and .Va \&ic scripts .It "dc num 0 chat debug bitmask" .It "de num 0 delay secs and flush input before writing first prompt" .It "df str %+ the" Xr strftime 3 "format used for \&%d in the banner message" .It "ds str" Ta So Li ^Y .Sc Ta No "delayed suspend character" .It "dx bool false set" .Dv DECCTLQ .It "ec bool false leave echo" .Em OFF .It "ep bool false terminal uses even parity" .It "er str" Ta So Li ^? .Sc Ta No "erase character" .It "et str" Ta So Li ^D .Sc Ta No "end of text" .Pq Dv EOF character .It "ev str" Ta Dv NULL .Ta No "initial environment" .It "fl str" Ta So Li ^O .Sc Ta No "output flush character" .It "hc bool false do" .Em NOT hangup line on last close .It "he str" Ta Dv NULL .Ta No "hostname editing regular expression" .It "hn str hostname hostname" .It "ht bool false terminal has real tabs" .It "hw bool false do cts/rts hardware flow control" .It "i0 num unused tty input flags to write messages" .It "i1 num unused tty input flags to read login name" .It "i2 num unused tty input flags to leave terminal as" .It "ic str unused expect-send chat script for modem initialization" .It "if str unused display named file before prompt, like /etc/issue" .It "ig bool false ignore garbage characters in login name" .It "im str" Ta Dv NULL .Ta No "initial (banner) message" .It "iM str" Ta Dv NULL .Ta No "execute named file to generate initial (banner) message" .It "in str" Ta So Li ^C .Sc Ta No "interrupt character" .It "is num unused input speed" .It "kl str" Ta So Li ^U .Sc Ta No "kill character" .It "l0 num unused tty local flags to write messages" .It "l1 num unused tty local flags to read login name" .It "l2 num unused tty local flags to leave terminal as" .It "lm str login: login prompt" .It "ln str" Ta So Li ^V .Sc Ta No "``literal next'' character" .It "lo str" Ta Pa /usr/bin/login .Ta No "program to exec when name obtained" .It "mb bool false do flow control based on carrier" .It "nc bool false terminal does not supply carrier (set clocal)" .It "nl bool false terminal has (or might have) a newline character" .It "np bool false terminal uses no parity (i.e., 8-bit characters)" .It "nx str default next table (for auto speed selection)" .It "o0 num unused tty output flags to write messages" .It "o1 num unused tty output flags to read login name" .It "o2 num unused tty output flags to leave terminal as" .It "op bool false terminal uses odd parity" .It "os num unused output speed" .It "pc str" Ta So Li \e0 .Sc Ta No "pad character" .It "pe bool false use printer (hard copy) erase algorithm" .It "pf num 0 delay" between first prompt and following flush (seconds) .It "pl bool false start PPP login program unconditionally if" .Va \&pp is specified .It "pp str unused PPP login program" .It "ps bool false line connected to a" .Tn MICOM port selector .It "qu str" Ta So Li \&^\e .Sc Ta No "quit character" .It "rp str" Ta So Li ^R .Sc Ta No "line retype character" .It "rt num unused ring timeout when using" .Va \&ac .It "rw bool false do" .Em NOT use raw for input, use cbreak .It "sp num unused line speed (input and output)" .It "su str" Ta So Li ^Z .Sc Ta No "suspend character" .It "tc str none table continuation" .It "to num 0 timeout (seconds)" .It "tt str" Ta Dv NULL .Ta No "terminal type (for environment)" .It "ub bool false do unbuffered output (of prompts etc)" .It "we str" Ta So Li ^W .Sc Ta No "word erase character" .It "xc bool false do" .Em NOT echo control chars as .Ql ^X .It "xf str" Ta So Li ^S Sc Ta Dv XOFF (stop output) character .It "xn str" Ta So Li ^Q Sc Ta Dv XON (start output) character .It "Lo str C the locale name used for \&%d in the banner message" .El .Pp The following capabilities are no longer supported by .Xr getty 8 : .Bl -column Name Type /usr/bin/login .It "bd num 0 backspace delay" .It "cb bool false use crt backspace mode" .It "cd num 0 carriage-return delay" .It "f0 num unused tty mode flags to write messages" .It "f1 num unused tty mode flags to read login name" .It "f2 num unused tty mode flags to leave terminal as" .It "fd num 0 form-feed (vertical motion) delay" .It "lc bool false terminal has lower case" .It "nd num 0 newline (line-feed) delay" .It "uc bool false terminal is known upper case only" .El .Pp If no line speed is specified, speed will not be altered from that which prevails when getty is entered. Specifying an input or output speed will override line speed for stated direction only. .Pp Terminal modes to be used for the output of the message, for input of the login name, and to leave the terminal set as upon completion, are derived from the boolean flags specified. If the derivation should prove inadequate, any (or all) of these three may be overridden with one of the .Va \&c0 , .Va \&c1 , .Va \&c2 , .Va \&i0 , .Va \&i1 , .Va \&i2 , .Va \&l0 , .Va \&l1 , .Va \&l2 , .Va \&o0 , .Va \&o1 , or .Va \&o2 numeric specifications, which can be used to specify (usually in octal, with a leading '0') the exact values of the flags. These flags correspond to the termios .Va c_cflag , .Va c_iflag , .Va c_lflag , and .Va c_oflag fields, respectively. Each these sets must be completely specified to be effective. .Pp Should .Xr getty 8 receive a null character (presumed to indicate a line break) it will restart using the table indicated by the .Va \&nx entry. If there is none, it will re-use its original table. .Pp Delays are specified in milliseconds, the nearest possible delay available in the tty driver will be used. Should greater certainty be desired, delays with values 0, 1, 2, and 3 are interpreted as choosing that particular delay algorithm from the driver. .Pp The .Va \&cl screen clear string may be preceded by a (decimal) number of milliseconds of delay required (a la termcap). This delay is simulated by repeated use of the pad character .Va \&pc . .Pp The initial message, login message, and initial file; .Va \&im , .Va \&lm and .Va \&if may include any of the following character sequences, which expand to information about the environment in which .Xr getty 8 is running. .Bl -tag -offset indent -width \&%xxxxxxxxxxxxxx .It \&%d The current date and time formatted according to the .Va \&Lo and .Va \&df strings. .It \&%h The hostname of the machine, which is normally obtained from the system using .Xr gethostname 3 , but may also be overridden by the .Va \&hn table entry. In either case it may be edited with the .Va \&he POSIX .Dq extended regular expression, which is matched against the hostname. If there are no parenthesized subexpressions in the pattern, the entire matched string is used as the final hostname; otherwise, the first matched subexpression is used instead. If the pattern does not match, the original hostname is not modified. .It \&%t The tty name. .It "\&%m, \&%r, \&%s, \&%v" The type of machine, release of the operating system, name of the operating system, and version of the kernel, respectively, as returned by .Xr uname 3 . .It \&%% A .Dq % character. .El .Pp When getty execs the login process, given in the .Va \&lo string (usually .Dq Pa /usr/bin/login ) , it will have set the environment to include the terminal type, as indicated by the .Va \&tt string (if it exists). The .Va \&ev string, can be used to enter additional data into the environment. It is a list of comma separated strings, each of which will presumably be of the form .Li name=value . .Pp If a non-zero timeout is specified, with .Va \&to , then getty will exit within the indicated number of seconds, either having received a login name and passed control to .Xr login 1 , or having received an alarm signal, and exited. This may be useful to hangup dial in lines. .Pp Output from .Xr getty 8 is even parity unless .Va \&op or .Va \&np is specified. The .Va \&op string may be specified with .Va \&ap to allow any parity on input, but generate odd parity output. Note: this only applies while getty is being run, terminal driver limitations prevent a more complete implementation. The .Xr getty 8 utility does not check parity of input characters in .Dv RAW mode. .Pp If a .Va \&pp string is specified and a PPP link bring-up sequence is recognized, getty will invoke the program referenced by the .Va \&pp option. This can be used to handle incoming PPP calls. If the .Va \&pl option is true as well, .Xr getty 8 will skip the user name prompt and the PPP detection phase, and will invoke the program specified by .Va \&pp instantly. .Pp .Nm Getty provides some basic intelligent modem handling by providing a chat script feature available via two capabilities: .Pp .Bl -tag -offset indent -width \&xxxxxxxx -compact .It ic Chat script to initialize modem. .It ac Chat script to answer a call. .El .Pp A chat script is a set of expect/send string pairs. When a chat string starts, .Nm getty will wait for the first string, and if it finds it, will send the second, and so on. Strings specified are separated by one or more tabs or spaces. Strings may contain standard ASCII characters and special 'escapes', which consist of a backslash character followed by one or more characters which are interpreted as follows: .Pp .Bl -tag -offset indent -width \&xxxxxxxx -compact .It \ea bell character. .It \eb backspace. .It \en newline. .It \ee escape. .It \ef formfeed. .It \ep half-second pause. .It \er carriage return. .It \eS , \es space character. .It \et tab. .It \exNN hexadecimal byte value. .It \e0NNN octal byte value. .El .Pp Note that the .Ql \ep sequence is only valid for send strings and causes a half-second pause between sending the previous and next characters. Hexadecimal values are, at most, 2 hex digits long, and octal values are a maximum of 3 octal digits. .Pp The .Va \&ic chat sequence is used to initialize a modem or similar device. A typical example of an init chat script for a modem with a hayes compatible command set might look like this: .Pp .Dl :ic="" ATE0Q0V1\er OK\er ATS0=0\er OK\er: .Pp This script waits for nothing (which always succeeds), sends a sequence to ensure that the modem is in the correct mode (suppress command echo, send responses in verbose mode), and then disables auto-answer. It waits for an "OK" response before it terminates. The init sequence is used to check modem responses to ensure that the modem is functioning correctly. If the init script fails to complete, .Nm getty considers this to be fatal, and results in an error logged via .Xr syslogd 8 , and exiting. .Pp Similarly, an answer chat script is used to manually answer the phone in response to (usually) a "RING". When run with an answer script, .Nm getty opens the port in non-blocking mode, clears any extraneous input and waits for data on the port. As soon as any data is available, the answer chat script is started and scanned for a string, and responds according to the answer chat script. With a hayes compatible modem, this would normally look something like: .Pp .Dl :ac=RING\er ATA\er CONNECT: .Pp This causes the modem to answer the call via the "ATA" command, then scans input for a "CONNECT" string. If this is received before a .Va \&ct timeout, then a normal login sequence commences. .Pp The .Va \&ct capability specifies a timeout for all send and expect strings. This timeout is set individually for each expect wait and send string and must be at least as long as the time it takes for a connection to be established between a remote and local modem (usually around 10 seconds). .Pp In most situations, you will want to flush any additional input after the connection has been detected, and the .Va \&de capability may be used to do that, as well as delay for a short time after the connection has been established during which all of the connection data has been sent by the modem. .Sh SEE ALSO .Xr login 1 , .Xr gethostname 3 , .Xr uname 3 , .Xr termcap 5 , -.Xr getty 8 , -.Xr telnetd 8 +.Xr getty 8 .Sh HISTORY The .Nm file format appeared in .Bx 4.2 . .Sh BUGS The special characters (erase, kill, etc.) are reset to system defaults by .Xr login 1 . In .Em all cases, '#' or '^H' typed in a login name will be treated as an erase character, and '@' will be treated as a kill character. .Pp The delay stuff is a real crock. Apart form its general lack of flexibility, some of the delay algorithms are not implemented. The terminal driver should support sane delay settings. .Pp The .Xr termcap 5 format is horrid, something more rational should have been chosen. diff --git a/share/man/man5/src.conf.5 b/share/man/man5/src.conf.5 index 557ee637af13..e8d6d71fec46 100644 --- a/share/man/man5/src.conf.5 +++ b/share/man/man5/src.conf.5 @@ -1,1795 +1,1794 @@ .\" DO NOT EDIT-- this file is @generated by tools/build/options/makeman. .\" $FreeBSD$ -.Dd September 9, 2022 +.Dd September 29, 2022 .Dt SRC.CONF 5 .Os .Sh NAME .Nm src.conf .Nd "source build options" .Sh DESCRIPTION The .Nm file contains variables that control what components will be generated during the build process of the .Fx source tree; see .Xr build 7 . .Pp The .Nm file uses the standard makefile syntax. However, .Nm should not specify any dependencies to .Xr make 1 . Instead, .Nm is to set .Xr make 1 variables that control the aspects of how the system builds. .Pp The default location of .Nm is .Pa /etc/src.conf , though an alternative location can be specified in the .Xr make 1 variable .Va SRCCONF . Overriding the location of .Nm may be necessary if the system-wide settings are not suitable for a particular build. For instance, setting .Va SRCCONF to .Pa /dev/null effectively resets all build controls to their defaults. .Pp The only purpose of .Nm is to control the compilation of the .Fx source code, which is usually located in .Pa /usr/src . As a rule, the system administrator creates .Nm when the values of certain control variables need to be changed from their defaults. .Pp In addition, control variables can be specified for a particular build via the .Fl D option of .Xr make 1 or in its environment; see .Xr environ 7 . .Pp The environment of .Xr make 1 for the build can be controlled via the .Va SRC_ENV_CONF variable, which defaults to .Pa /etc/src-env.conf . Some examples that may only be set in this file are .Va WITH_DIRDEPS_BUILD , and .Va WITH_META_MODE , and .Va MAKEOBJDIRPREFIX as they are environment-only variables. .Pp The values of variables are ignored regardless of their setting; even if they would be set to .Dq Li FALSE or .Dq Li NO . The presence of an option causes it to be honored by .Xr make 1 . .Pp This list provides a name and short description for variables that can be used for source builds. .Bl -tag -width indent .It Va WITHOUT_ACCT Do not build process accounting tools such as .Xr accton 8 and .Xr sa 8 . .It Va WITHOUT_ACPI Do not build .Xr acpiconf 8 , .Xr acpidump 8 and related programs. .It Va WITHOUT_APM Do not build .Xr apm 8 , .Xr apmd 8 and related programs. .It Va WITH_ASAN Build the base system with Address Sanitizer (ASan) to detect memory corruption bugs such as buffer overflows or use-after-free. Requires that Clang be used as the base system compiler and that the runtime support library is available. When set, it enforces these options: .Pp .Bl -item -compact .It .Va WITH_LLVM_BINUTILS .It .Va WITH_LLVM_CXXFILT .El .It Va WITHOUT_ASSERT_DEBUG Compile programs and libraries without the .Xr assert 3 checks. .It Va WITHOUT_AT Do not build .Xr at 1 and related utilities. .It Va WITHOUT_ATM Do not build programs and libraries related to ATM networking. .It Va WITHOUT_AUDIT Do not build audit support into system programs. .It Va WITHOUT_AUTHPF Do not build .Xr authpf 8 . .It Va WITHOUT_AUTOFS Do not build .Xr autofs 5 related programs, libraries, and kernel modules. .It Va WITHOUT_AUTO_OBJ Disable automatic creation of objdirs. This is enabled by default if the wanted OBJDIR is writable by the current user. .Pp This must be set in the environment, make command line, or .Pa /etc/src-env.conf , not .Pa /etc/src.conf . .It Va WITH_BEARSSL Build the BearSSL library. .Pp BearSSL is a tiny SSL library suitable for embedded environments. For details see .Lk https://www.BearSSL.org/ .Pp This library is currently only used to perform signature verification and related operations for Verified Exec and .Xr loader 8 . When set, these options are also in effect: .Pp .Bl -inset -compact .It Va WITH_LOADER_EFI_SECUREBOOT (unless .Va WITHOUT_LOADER_EFI_SECUREBOOT is set explicitly) .It Va WITH_LOADER_VERIEXEC (unless .Va WITHOUT_LOADER_VERIEXEC is set explicitly) .It Va WITH_LOADER_VERIEXEC_VECTX (unless .Va WITHOUT_LOADER_VERIEXEC_VECTX is set explicitly) .It Va WITH_VERIEXEC (unless .Va WITHOUT_VERIEXEC is set explicitly) .El .It Va WITHOUT_BHYVE Do not build or install .Xr bhyve 8 , associated utilities, and examples. .Pp This option only affects amd64/amd64. .It Va WITH_BHYVE_SNAPSHOT Include support for save and restore (snapshots) in .Xr bhyve 8 and .Xr bhyvectl 8 . .Pp This option only affects amd64/amd64. .It Va WITH_BIND_NOW Build all binaries with the .Dv DF_BIND_NOW flag set to indicate that the run-time loader should perform all relocation processing at process startup rather than on demand. The combination of the .Va BIND_NOW and .Va RELRO options provide "full" Relocation Read-Only (RELRO) support. With full RELRO the entire GOT is made read-only after performing relocation at startup, avoiding GOT overwrite attacks. .It Va WITHOUT_BLACKLIST Set this if you do not want to build .Xr blacklistd 8 and .Xr blacklistctl 8 . When set, these options are also in effect: .Pp .Bl -inset -compact .It Va WITHOUT_BLACKLIST_SUPPORT (unless .Va WITH_BLACKLIST_SUPPORT is set explicitly) .El .It Va WITHOUT_BLACKLIST_SUPPORT Build some programs without .Xr libblacklist 3 support, like .Xr fingerd 8 , .Xr ftpd 8 , and .Xr sshd 8 . .It Va WITHOUT_BLUETOOTH Do not build Bluetooth related kernel modules, programs and libraries. .It Va WITHOUT_BOOT Do not build the boot blocks and loader. .It Va WITHOUT_BOOTPARAMD Do not build or install .Xr bootparamd 8 . .It Va WITHOUT_BOOTPD Do not build or install .Xr bootpd 8 . .It Va WITHOUT_BSDINSTALL Do not build .Xr bsdinstall 8 , .Xr sade 8 , and related programs. .It Va WITHOUT_BSD_CPIO Do not build the BSD licensed version of cpio based on .Xr libarchive 3 . .It Va WITHOUT_BSNMP Do not build or install .Xr bsnmpd 1 and related libraries and data files. .It Va WITHOUT_BZIP2 Do not build contributed bzip2 software as a part of the base system. .Bf -symbolic The option has no effect yet. .Ef When set, these options are also in effect: .Pp .Bl -inset -compact .It Va WITHOUT_BZIP2_SUPPORT (unless .Va WITH_BZIP2_SUPPORT is set explicitly) .El .It Va WITHOUT_BZIP2_SUPPORT Build some programs without optional bzip2 support. .It Va WITHOUT_CALENDAR Do not build .Xr calendar 1 . .It Va WITHOUT_CAPSICUM Do not build Capsicum support into system programs. When set, it enforces these options: .Pp .Bl -item -compact .It .Va WITHOUT_CASPER .El .It Va WITHOUT_CAROOT Do not add the trusted certificates from the Mozilla NSS bundle to base. .It Va WITHOUT_CASPER Do not build Casper program and related libraries. .It Va WITH_CCACHE_BUILD Use .Xr ccache 1 for the build. No configuration is required except to install the .Sy devel/ccache package. When using with .Xr distcc 1 , set .Sy CCACHE_PREFIX=/usr/local/bin/distcc . The default cache directory of .Pa $HOME/.ccache will be used, which can be overridden by setting .Sy CCACHE_DIR . The .Sy CCACHE_COMPILERCHECK option defaults to .Sy content when using the in-tree bootstrap compiler, and .Sy mtime when using an external compiler. The .Sy CCACHE_CPP2 option is used for Clang but not GCC. .Pp Sharing a cache between multiple work directories requires using a layout similar to .Pa /some/prefix/src .Pa /some/prefix/obj and an environment such as: .Bd -literal -offset indent CCACHE_BASEDIR='${SRCTOP:H}' MAKEOBJDIRPREFIX='${SRCTOP:H}/obj' .Ed .Pp See .Xr ccache 1 for more configuration options. .It Va WITHOUT_CCD Do not build .Xr geom_ccd 4 and related utilities. .It Va WITHOUT_CDDL Do not build code licensed under Sun's CDDL. When set, it enforces these options: .Pp .Bl -item -compact .It .Va WITHOUT_CTF .It .Va WITHOUT_DTRACE .It .Va WITHOUT_LOADER_ZFS .It .Va WITHOUT_ZFS .El .It Va WITHOUT_CLANG Do not build the Clang C/C++ compiler during the regular phase of the build. When set, it enforces these options: .Pp .Bl -item -compact .It .Va WITHOUT_CLANG_EXTRAS .It .Va WITHOUT_CLANG_FORMAT .It .Va WITHOUT_CLANG_FULL .It .Va WITHOUT_LLVM_COV .El .Pp When set, these options are also in effect: .Pp .Bl -inset -compact .It Va WITHOUT_LLVM_TARGET_AARCH64 (unless .Va WITH_LLVM_TARGET_AARCH64 is set explicitly) .It Va WITHOUT_LLVM_TARGET_ALL (unless .Va WITH_LLVM_TARGET_ALL is set explicitly) .It Va WITHOUT_LLVM_TARGET_ARM (unless .Va WITH_LLVM_TARGET_ARM is set explicitly) .It Va WITHOUT_LLVM_TARGET_POWERPC (unless .Va WITH_LLVM_TARGET_POWERPC is set explicitly) .It Va WITHOUT_LLVM_TARGET_RISCV (unless .Va WITH_LLVM_TARGET_RISCV is set explicitly) .El .It Va WITHOUT_CLANG_BOOTSTRAP Do not build the Clang C/C++ compiler during the bootstrap phase of the build. To be able to build the system, either gcc or clang bootstrap must be enabled unless an alternate compiler is provided via XCC. .It Va WITH_CLANG_EXTRAS Build additional clang and llvm tools, such as bugpoint and clang-format. .It Va WITH_CLANG_FORMAT Build clang-format. .It Va WITHOUT_CLANG_FULL Avoid building the ARCMigrate, Rewriter and StaticAnalyzer components of the Clang C/C++ compiler. .It Va WITHOUT_CLANG_IS_CC Do not install links to the Clang C/C++ compiler as .Pa /usr/bin/cc , .Pa /usr/bin/c++ and .Pa /usr/bin/cpp . .It Va WITHOUT_CLEAN Do not clean before building world and/or kernel. .It Va WITHOUT_CPP Do not build .Xr cpp 1 . .It Va WITHOUT_CROSS_COMPILER Do not build any cross compiler in the cross-tools stage of buildworld. When compiling a different version of .Fx than what is installed on the system, provide an alternate compiler with XCC to ensure success. When compiling with an identical version of .Fx to the host, this option may be safely used. This option may also be safe when the host version of .Fx is close to the sources being built, but all bets are off if there have been any changes to the toolchain between the versions. When set, it enforces these options: .Pp .Bl -item -compact .It .Va WITHOUT_CLANG_BOOTSTRAP .It .Va WITHOUT_ELFTOOLCHAIN_BOOTSTRAP .It .Va WITHOUT_LLD_BOOTSTRAP .El .It Va WITHOUT_CRYPT Do not build any crypto code. When set, it enforces these options: .Pp .Bl -item -compact .It .Va WITHOUT_DMAGENT .It .Va WITHOUT_KERBEROS .It .Va WITHOUT_KERBEROS_SUPPORT .It .Va WITHOUT_LDNS .It .Va WITHOUT_LDNS_UTILS .It .Va WITHOUT_OPENSSH .It .Va WITHOUT_OPENSSL .It .Va WITHOUT_OPENSSL_KTLS .It .Va WITHOUT_PKGBOOTSTRAP .It .Va WITHOUT_UNBOUND .It .Va WITHOUT_ZFS .El .Pp When set, these options are also in effect: .Pp .Bl -inset -compact .It Va WITHOUT_GSSAPI (unless .Va WITH_GSSAPI is set explicitly) .El .It Va WITH_CTF Compile with CTF (Compact C Type Format) data. CTF data encapsulates a reduced form of debugging information similar to DWARF and the venerable stabs and is required for DTrace. .It Va WITHOUT_CUSE Do not build CUSE-related programs and libraries. .It Va WITHOUT_CXGBETOOL Do not build .Xr cxgbetool 8 .Pp This is a default setting on arm/armv6, arm/armv7, powerpc/powerpc, riscv/riscv64 and riscv/riscv64sf. .It Va WITH_CXGBETOOL Build .Xr cxgbetool 8 .Pp This is a default setting on amd64/amd64, arm64/aarch64, i386/i386, powerpc/powerpc64 and powerpc/powerpc64le. .It Va WITHOUT_CXX Do not build C++ headers and runtime libraries. It also prevents building binaries and libraries written in C++, including .Xr devd 8 . When set, it enforces these options: .Pp .Bl -item -compact .It .Va WITHOUT_CLANG .It .Va WITHOUT_CLANG_EXTRAS .It .Va WITHOUT_CLANG_FORMAT .It .Va WITHOUT_CLANG_FULL .It .Va WITHOUT_DTRACE_TESTS .It .Va WITHOUT_GOOGLETEST .It .Va WITHOUT_LLVM_COV .It .Va WITHOUT_OFED .It .Va WITHOUT_OFED_EXTRA .It .Va WITHOUT_OPENMP .It .Va WITHOUT_PMC .It .Va WITHOUT_TESTS .El .It Va WITHOUT_DEBUG_FILES Avoid building or installing standalone debug files for each executable binary and shared library. .It Va WITH_DETECT_TZ_CHANGES Make the time handling code detect changes to the timezone files. .It Va WITHOUT_DIALOG Do not build .Xr dialog 1 , .Xr dialog 3 , .Xr dpv 1 , and .Xr dpv 3 . When set, it enforces these options: .Pp .Bl -item -compact .It .Va WITHOUT_BSDINSTALL .El .It Va WITHOUT_DICT Do not build the Webster dictionary files. .It Va WITH_DIRDEPS_BUILD This is an experimental build system. For details see https://www.crufty.net/sjg/docs/freebsd-meta-mode.htm. Build commands can be seen from the top-level with: .Dl make show-valid-targets The build is driven by dirdeps.mk using .Va DIRDEPS stored in Makefile.depend files found in each directory. .Pp The build can be started from anywhere, and behaves the same. The initial instance of .Xr make 1 recursively reads .Va DIRDEPS from .Pa Makefile.depend , computing a graph of tree dependencies from the current origin. Setting .Va NO_DIRDEPS skips checking dirdep dependencies and will only build in the current and child directories. .Va NO_DIRDEPS_BELOW skips building any dirdeps and only build the current directory. .Pp This also utilizes the .Va WITH_META_MODE logic for incremental builds. .Pp The build hides commands executed unless .Va NO_SILENT is defined. .Pp Note that there is currently no mass install feature for this. .Pp When set, it enforces these options: .Pp .Bl -item -compact .It .Va WITH_INSTALL_AS_USER .El .Pp When set, these options are also in effect: .Pp .Bl -inset -compact .It Va WITH_META_MODE (unless .Va WITHOUT_META_MODE is set explicitly) .It Va WITH_STAGING (unless .Va WITHOUT_STAGING is set explicitly) .It Va WITH_STAGING_MAN (unless .Va WITHOUT_STAGING_MAN is set explicitly) .It Va WITH_STAGING_PROG (unless .Va WITHOUT_STAGING_PROG is set explicitly) .It Va WITH_SYSROOT (unless .Va WITHOUT_SYSROOT is set explicitly) .El .Pp This must be set in the environment, make command line, or .Pa /etc/src-env.conf , not .Pa /etc/src.conf . .It Va WITH_DIRDEPS_CACHE Cache result of dirdeps.mk which can save significant time for subsequent builds. Depends on .Va WITH_DIRDEPS_BUILD . .Pp This must be set in the environment, make command line, or .Pa /etc/src-env.conf , not .Pa /etc/src.conf . .It Va WITHOUT_DMAGENT Do not build dma Mail Transport Agent. .It Va WITHOUT_DOCCOMPRESS Do not install compressed system documentation. Only the uncompressed version will be installed. .It Va WITHOUT_DTRACE Do not build DTrace framework kernel modules, libraries, and user commands. When set, it enforces these options: .Pp .Bl -item -compact .It .Va WITHOUT_CTF .El .It Va WITH_DTRACE_TESTS Build and install the DTrace test suite in .Pa /usr/tests/cddl/usr.sbin/dtrace . This test suite is considered experimental on architectures other than amd64/amd64 and running it may cause system instability. .It Va WITHOUT_DYNAMICROOT Set this if you do not want to link .Pa /bin and .Pa /sbin dynamically. .It Va WITHOUT_EE Do not build and install .Xr edit 1 , .Xr ee 1 , and related programs. .It Va WITHOUT_EFI Set not to build .Xr efivar 3 and .Xr efivar 8 . .Pp This is a default setting on powerpc/powerpc, powerpc/powerpc64 and powerpc/powerpc64le. .It Va WITH_EFI Build .Xr efivar 3 and .Xr efivar 8 . .Pp This is a default setting on amd64/amd64, arm/armv6, arm/armv7, arm64/aarch64, i386/i386, riscv/riscv64 and riscv/riscv64sf. .It Va WITHOUT_ELFTOOLCHAIN_BOOTSTRAP Do not build ELF Tool Chain tools (addr2line, nm, size, strings and strip) as part of the bootstrap process. .Bf -symbolic An alternate bootstrap tool chain must be provided. .Ef .It Va WITHOUT_EXAMPLES Avoid installing examples to .Pa /usr/share/examples/ . .It Va WITH_EXPERIMENTAL Include experimental features in the build. .It Va WITH_EXTRA_TCP_STACKS Build extra TCP stack modules. .It Va WITH_FDT Build Flattened Device Tree support as part of the base system. This includes the device tree compiler (dtc) and libfdt support library. .It Va WITHOUT_FILE Do not build .Xr file 1 and related programs. .It Va WITHOUT_FINGER Do not build or install .Xr finger 1 and .Xr fingerd 8 . .It Va WITHOUT_FLOPPY Do not build or install programs for operating floppy disk driver. .It Va WITHOUT_FORMAT_EXTENSIONS Do not enable .Fl fformat-extensions when compiling the kernel. Also disables all format checking. .It Va WITHOUT_FORTH Build bootloaders without Forth support. .It Va WITHOUT_FP_LIBC Build .Nm libc without floating-point support. .It Va WITHOUT_FREEBSD_UPDATE Do not build .Xr freebsd-update 8 . .It Va WITHOUT_FTP Do not build or install .Xr ftp 1 and .Xr ftpd 8 . .It Va WITHOUT_GAMES Do not build games. .It Va WITHOUT_GH_BC Install the traditional FreeBSD .Xr bc 1 and .Xr dc 1 programs instead of the enhanced versions. .It Va WITHOUT_GNU_DIFF Do not build GNU .Xr diff3 1 . .It Va WITHOUT_GOOGLETEST Neither build nor install .Lb libgmock , .Lb libgtest , and dependent tests. .It Va WITHOUT_GPIO Do not build .Xr gpioctl 8 as part of the base system. .It Va WITHOUT_GSSAPI Do not build libgssapi. .It Va WITHOUT_HAST Do not build .Xr hastd 8 and related utilities. .It Va WITH_HESIOD Build Hesiod support. .It Va WITHOUT_HTML Do not build HTML docs. .It Va WITHOUT_HYPERV Do not build or install HyperV utilities. .Pp This is a default setting on arm/armv6, arm/armv7, arm64/aarch64, powerpc/powerpc, powerpc/powerpc64, powerpc/powerpc64le, riscv/riscv64 and riscv/riscv64sf. .It Va WITH_HYPERV Build or install HyperV utilities. .Pp This is a default setting on amd64/amd64 and i386/i386. .It Va WITHOUT_ICONV Do not build iconv as part of libc. .It Va WITHOUT_INCLUDES Do not install header files. This option used to be spelled .Va NO_INCS . .Bf -symbolic The option does not work for build targets. .Ef .It Va WITHOUT_INET Do not build programs and libraries related to IPv4 networking. When set, it enforces these options: .Pp .Bl -item -compact .It .Va WITHOUT_INET_SUPPORT .El .It Va WITHOUT_INET6 Do not build programs and libraries related to IPv6 networking. When set, it enforces these options: .Pp .Bl -item -compact .It .Va WITHOUT_INET6_SUPPORT .El .It Va WITHOUT_INET6_SUPPORT Build libraries, programs, and kernel modules without IPv6 support. .It Va WITHOUT_INETD Do not build .Xr inetd 8 . .It Va WITHOUT_INET_SUPPORT Build libraries, programs, and kernel modules without IPv4 support. .It Va WITH_INIT_ALL_PATTERN Build the base system or kernel with stack variables initialized to .Pq compiler defined debugging patterns on function entry. This option requires the clang compiler. .It Va WITH_INIT_ALL_ZERO Build the base system or kernel with stack variables initialized to zero on function entry. This option requires that the clang compiler be used. .It Va WITHOUT_INSTALLLIB Set this to not install optional libraries. For example, when creating a .Xr nanobsd 8 image. .Bf -symbolic The option does not work for build targets. .Ef .It Va WITH_INSTALL_AS_USER Make install targets succeed for non-root users by installing files with owner and group attributes set to that of the user running the .Xr make 1 command. The user still must set the .Va DESTDIR variable to point to a directory where the user has write permissions. .It Va WITHOUT_IPFILTER Do not build IP Filter package. .It Va WITHOUT_IPFW Do not build IPFW tools. .It Va WITHOUT_IPSEC_SUPPORT Do not build the kernel with .Xr ipsec 4 support. This option is needed for .Xr ipsec 4 and .Xr tcpmd5 4 . .It Va WITHOUT_ISCSI Do not build .Xr iscsid 8 and related utilities. .It Va WITHOUT_JAIL Do not build tools for the support of jails; e.g., .Xr jail 8 . .It Va WITHOUT_KDUMP Do not build .Xr kdump 1 and .Xr truss 1 . .It Va WITHOUT_KERBEROS Set this to not build Kerberos 5 (KTH Heimdal). When set, these options are also in effect: .Pp .Bl -inset -compact .It Va WITHOUT_GSSAPI (unless .Va WITH_GSSAPI is set explicitly) .It Va WITHOUT_KERBEROS_SUPPORT (unless .Va WITH_KERBEROS_SUPPORT is set explicitly) .El .It Va WITHOUT_KERBEROS_SUPPORT Build some programs without Kerberos support, like .Xr ssh 1 , .Xr telnet 1 , -.Xr sshd 8 , and -.Xr telnetd 8 . +.Xr sshd 8 . .It Va WITH_KERNEL_RETPOLINE Enable the "retpoline" mitigation for CVE-2017-5715 in the kernel build. .It Va WITHOUT_KERNEL_SYMBOLS Do not install standalone kernel debug symbol files. This option has no effect at build time. .It Va WITHOUT_KVM Do not build the .Nm libkvm library as a part of the base system. .Bf -symbolic The option has no effect yet. .Ef When set, these options are also in effect: .Pp .Bl -inset -compact .It Va WITHOUT_KVM_SUPPORT (unless .Va WITH_KVM_SUPPORT is set explicitly) .El .It Va WITHOUT_KVM_SUPPORT Build some programs without optional .Nm libkvm support. .It Va WITHOUT_LDNS Setting this variable will prevent the LDNS library from being built. When set, it enforces these options: .Pp .Bl -item -compact .It .Va WITHOUT_LDNS_UTILS .It .Va WITHOUT_UNBOUND .El .It Va WITHOUT_LDNS_UTILS Setting this variable will prevent building the LDNS utilities .Xr drill 1 and .Xr host 1 . .It Va WITHOUT_LEGACY_CONSOLE Do not build programs that support a legacy PC console; e.g., .Xr kbdcontrol 1 and .Xr vidcontrol 1 . .It Va WITHOUT_LIB32 On 64-bit platforms, do not build 32-bit library set and a .Nm ld-elf32.so.1 runtime linker. .Pp This is a default setting on arm/armv6, arm/armv7, arm64/aarch64, i386/i386, powerpc/powerpc, powerpc/powerpc64le, riscv/riscv64 and riscv/riscv64sf. .It Va WITHOUT_LLD Do not build LLVM's lld linker. .It Va WITHOUT_LLDB Do not build the LLDB debugger. .Pp This is a default setting on arm/armv6, arm/armv7, riscv/riscv64 and riscv/riscv64sf. .It Va WITH_LLDB Build the LLDB debugger. .Pp This is a default setting on amd64/amd64, arm64/aarch64, i386/i386, powerpc/powerpc, powerpc/powerpc64 and powerpc/powerpc64le. .It Va WITHOUT_LLD_BOOTSTRAP Do not build the LLD linker during the bootstrap phase of the build. To be able to build the system an alternate linker must be provided via XLD. .It Va WITHOUT_LLD_IS_LD Do not install a .Pa /usr/bin/ld symlink to .Pa ld.lld . The system will not have a usable tool chain unless a linker is provided some other way. .It Va WITHOUT_LLVM_ASSERTIONS Disable debugging assertions in LLVM. .It Va WITH_LLVM_BINUTILS Install LLVM's binutils (ar, addr2line, nm, etc.) instead of ELF Tool Chain's. .It Va WITHOUT_LLVM_COV Do not build the .Xr llvm-cov 1 tool. .It Va WITHOUT_LLVM_CXXFILT Install ELF Tool Chain's cxxfilt as c++filt, instead of LLVM's llvm-cxxfilt. .It Va WITHOUT_LLVM_TARGET_AARCH64 Do not build LLVM target support for AArch64. The .Va LLVM_TARGET_ALL option should be used rather than this in most cases. .It Va WITHOUT_LLVM_TARGET_ALL Only build the required LLVM target support. This option is preferred to specific target support options. When set, these options are also in effect: .Pp .Bl -inset -compact .It Va WITHOUT_LLVM_TARGET_AARCH64 (unless .Va WITH_LLVM_TARGET_AARCH64 is set explicitly) .It Va WITHOUT_LLVM_TARGET_ARM (unless .Va WITH_LLVM_TARGET_ARM is set explicitly) .It Va WITHOUT_LLVM_TARGET_POWERPC (unless .Va WITH_LLVM_TARGET_POWERPC is set explicitly) .It Va WITHOUT_LLVM_TARGET_RISCV (unless .Va WITH_LLVM_TARGET_RISCV is set explicitly) .El .It Va WITHOUT_LLVM_TARGET_ARM Do not build LLVM target support for ARM. The .Va LLVM_TARGET_ALL option should be used rather than this in most cases. .It Va WITH_LLVM_TARGET_BPF Build LLVM target support for BPF. The .Va LLVM_TARGET_ALL option should be used rather than this in most cases. .It Va WITH_LLVM_TARGET_MIPS Build LLVM target support for MIPS. The .Va LLVM_TARGET_ALL option should be used rather than this in most cases. .It Va WITHOUT_LLVM_TARGET_POWERPC Do not build LLVM target support for PowerPC. The .Va LLVM_TARGET_ALL option should be used rather than this in most cases. .It Va WITHOUT_LLVM_TARGET_RISCV Do not build LLVM target support for RISC-V. The .Va LLVM_TARGET_ALL option should be used rather than this in most cases. .It Va WITHOUT_LLVM_TARGET_X86 Do not build LLVM target support for X86. The .Va LLVM_TARGET_ALL option should be used rather than this in most cases. .It Va WITH_LOADER_EFI_SECUREBOOT Enable building .Xr loader 8 with support for verification based on certificates obtained from UEFI. .It Va WITH_LOADER_FIREWIRE Enable firewire support in /boot/loader on x86. This option is a nop on all other platforms. .It Va WITHOUT_LOADER_GELI Disable inclusion of GELI crypto support in the boot chain binaries. .Pp This is a default setting on powerpc/powerpc, powerpc/powerpc64 and powerpc/powerpc64le. .It Va WITH_LOADER_GELI Build GELI bootloader support. .Pp This is a default setting on amd64/amd64, arm/armv6, arm/armv7, arm64/aarch64, i386/i386, riscv/riscv64 and riscv/riscv64sf. .It Va WITHOUT_LOADER_KBOOT Do not build kboot, a linuxboot environment loader .Pp This is a default setting on arm/armv6, arm/armv7, arm64/aarch64, i386/i386, powerpc/powerpc, powerpc/powerpc64le, riscv/riscv64 and riscv/riscv64sf. .It Va WITH_LOADER_KBOOT Build kboot, a linuxboot environment loader .Pp This is a default setting on amd64/amd64 and powerpc/powerpc64. .It Va WITHOUT_LOADER_LUA Do not build LUA bindings for the boot loader. .Pp This is a default setting on powerpc/powerpc, powerpc/powerpc64 and powerpc/powerpc64le. .It Va WITH_LOADER_LUA Build LUA bindings for the boot loader. .Pp This is a default setting on amd64/amd64, arm/armv6, arm/armv7, arm64/aarch64, i386/i386, riscv/riscv64 and riscv/riscv64sf. .It Va WITHOUT_LOADER_OFW Disable building of openfirmware bootloader components. .Pp This is a default setting on amd64/amd64, arm/armv6, arm/armv7, arm64/aarch64, i386/i386, riscv/riscv64 and riscv/riscv64sf. .It Va WITH_LOADER_OFW Build openfirmware bootloader components. .Pp This is a default setting on powerpc/powerpc, powerpc/powerpc64 and powerpc/powerpc64le. .It Va WITHOUT_LOADER_UBOOT Disable building of ubldr. .Pp This is a default setting on amd64/amd64, arm64/aarch64, i386/i386, powerpc/powerpc64le, riscv/riscv64 and riscv/riscv64sf. .It Va WITH_LOADER_UBOOT Build ubldr. .Pp This is a default setting on arm/armv6, arm/armv7, powerpc/powerpc and powerpc/powerpc64. .It Va WITH_LOADER_VERBOSE Build with extra verbose debugging in the loader. May explode already nearly too large loader over the limit. Use with care. .It Va WITH_LOADER_VERIEXEC Enable building .Xr loader 8 with support for verification similar to Verified Exec. .Pp Depends on .Va WITH_BEARSSL . When set, these options are also in effect: .Pp .Bl -inset -compact .It Va WITH_LOADER_EFI_SECUREBOOT (unless .Va WITHOUT_LOADER_EFI_SECUREBOOT is set explicitly) .It Va WITH_LOADER_VERIEXEC_VECTX (unless .Va WITHOUT_LOADER_VERIEXEC_VECTX is set explicitly) .El .It Va WITH_LOADER_VERIEXEC_PASS_MANIFEST Enable building .Xr loader 8 with support to pass a verified manifest to the kernel. The kernel has to be built with a module to parse the manifest. .Pp Depends on .Va WITH_LOADER_VERIEXEC . .It Va WITHOUT_LOADER_ZFS Do not build ZFS file system boot loader support. .It Va WITHOUT_LOCALES Do not build localization files; see .Xr locale 1 . .It Va WITHOUT_LOCATE Do not build .Xr locate 1 and related programs. .It Va WITHOUT_LPR Do not build .Xr lpr 1 and related programs. .It Va WITHOUT_LS_COLORS Build .Xr ls 1 without support for colors to distinguish file types. .It Va WITHOUT_MACHDEP_OPTIMIZATIONS Prefer machine-independent non-assembler code in libc and libm. .It Va WITHOUT_MAIL Do not build any mail support (MUA or MTA). When set, it enforces these options: .Pp .Bl -item -compact .It .Va WITHOUT_DMAGENT .It .Va WITHOUT_MAILWRAPPER .It .Va WITHOUT_SENDMAIL .El .It Va WITHOUT_MAILWRAPPER Do not build the .Xr mailwrapper 8 MTA selector. .It Va WITHOUT_MAKE Do not install .Xr make 1 and related support files. .It Va WITHOUT_MAKE_CHECK_USE_SANDBOX Do not execute .Dq Li "make check" in limited sandbox mode. This option should be paired with .Va WITH_INSTALL_AS_USER if executed as an unprivileged user. See .Xr tests 7 for more details. .It Va WITH_MALLOC_PRODUCTION Disable assertions and statistics gathering in .Xr malloc 3 . It also defaults the A and J runtime options to off. .It Va WITHOUT_MAN Do not build manual pages. When set, these options are also in effect: .Pp .Bl -inset -compact .It Va WITHOUT_MAN_UTILS (unless .Va WITH_MAN_UTILS is set explicitly) .El .It Va WITHOUT_MANCOMPRESS Do not install compressed man pages. Only the uncompressed versions will be installed. .It Va WITH_MANSPLITPKG Split man pages into their own packages during make package. .It Va WITHOUT_MAN_UTILS Do not build utilities for manual pages, .Xr apropos 1 , .Xr makewhatis 1 , .Xr man 1 , .Xr whatis 1 , .Xr manctl 8 , and related support files. .It Va WITH_META_MODE Create .Xr make 1 meta files when building, which can provide a reliable incremental build when using .Xr filemon 4 . The meta file is created in OBJDIR as .Pa target.meta . These meta files track the command that was executed, its output, and the current directory. The .Xr filemon 4 module is required unless .Va NO_FILEMON is defined. When the module is loaded, any files used by the commands executed are tracked as dependencies for the target in its meta file. The target is considered out-of-date and rebuilt if any of these conditions are true compared to the last build: .Bl -bullet -compact .It The command to execute changes. .It The current working directory changes. .It The target's meta file is missing. .It The target's meta file is missing filemon data when filemon is loaded and a previous run did not have it loaded. .It [requires .Xr filemon 4 ] Files read, executed or linked to are newer than the target. .It [requires .Xr filemon 4 ] Files read, written, executed or linked are missing. .El The meta files can also be useful for debugging. .Pp The build hides commands that are executed unless .Va NO_SILENT is defined. Errors cause .Xr make 1 to show some of its environment for further debugging. .Pp The build operates as it normally would otherwise. This option originally invoked a different build system but that was renamed to .Va WITH_DIRDEPS_BUILD . .Pp This must be set in the environment, make command line, or .Pa /etc/src-env.conf , not .Pa /etc/src.conf . .It Va WITHOUT_MLX5TOOL Do not build .Xr mlx5tool 8 .Pp This is a default setting on arm/armv6, arm/armv7, powerpc/powerpc, riscv/riscv64 and riscv/riscv64sf. .It Va WITH_MLX5TOOL Build .Xr mlx5tool 8 .Pp This is a default setting on amd64/amd64, arm64/aarch64, i386/i386, powerpc/powerpc64 and powerpc/powerpc64le. .It Va WITHOUT_NETCAT Do not build .Xr nc 1 utility. .It Va WITHOUT_NETGRAPH Do not build applications to support .Xr netgraph 4 . When set, it enforces these options: .Pp .Bl -item -compact .It .Va WITHOUT_ATM .It .Va WITHOUT_BLUETOOTH .El .Pp When set, these options are also in effect: .Pp .Bl -inset -compact .It Va WITHOUT_NETGRAPH_SUPPORT (unless .Va WITH_NETGRAPH_SUPPORT is set explicitly) .El .It Va WITHOUT_NETGRAPH_SUPPORT Build libraries, programs, and kernel modules without netgraph support. .It Va WITHOUT_NIS Do not build .Xr NIS 8 support and related programs. If set, you might need to adopt your .Xr nsswitch.conf 5 and remove .Sq nis entries. .It Va WITHOUT_NLS Do not build NLS catalogs. When set, it enforces these options: .Pp .Bl -item -compact .It .Va WITHOUT_NLS_CATALOGS .El .It Va WITHOUT_NLS_CATALOGS Do not build NLS catalog support for .Xr csh 1 . .It Va WITHOUT_NS_CACHING Disable name caching in the .Pa nsswitch subsystem. The generic caching daemon, .Xr nscd 8 , will not be built either if this option is set. .It Va WITHOUT_NTP Do not build .Xr ntpd 8 and related programs. .It Va WITHOUT_NVME Do not build nvme related tools and kernel modules. .Pp This is a default setting on arm/armv6, arm/armv7, powerpc/powerpc, riscv/riscv64 and riscv/riscv64sf. .It Va WITH_NVME Build nvme related tools and kernel modules. .Pp This is a default setting on amd64/amd64, arm64/aarch64, i386/i386, powerpc/powerpc64 and powerpc/powerpc64le. .It Va WITHOUT_OFED Disable the build of the .Dq "OpenFabrics Enterprise Distribution" Infiniband software stack, including kernel modules and userspace libraries. When set, it enforces these options: .Pp .Bl -item -compact .It .Va WITHOUT_OFED_EXTRA .El .It Va WITH_OFED_EXTRA Build the non-essential components of the .Dq "OpenFabrics Enterprise Distribution" Infiniband software stack, mostly examples. .It Va WITH_OPENLDAP Enable building LDAP support for kerberos using an openldap client from ports. .It Va WITHOUT_OPENMP Do not build LLVM's OpenMP runtime. .Pp This is a default setting on arm/armv6, arm/armv7 and powerpc/powerpc. .It Va WITH_OPENMP Build LLVM's OpenMP runtime. .Pp This is a default setting on amd64/amd64, arm64/aarch64, i386/i386, powerpc/powerpc64, powerpc/powerpc64le, riscv/riscv64 and riscv/riscv64sf. .It Va WITHOUT_OPENSSH Do not build OpenSSH. .It Va WITHOUT_OPENSSL Do not build OpenSSL. When set, it enforces these options: .Pp .Bl -item -compact .It .Va WITHOUT_DMAGENT .It .Va WITHOUT_KERBEROS .It .Va WITHOUT_KERBEROS_SUPPORT .It .Va WITHOUT_LDNS .It .Va WITHOUT_LDNS_UTILS .It .Va WITHOUT_OPENSSH .It .Va WITHOUT_OPENSSL_KTLS .It .Va WITHOUT_PKGBOOTSTRAP .It .Va WITHOUT_UNBOUND .It .Va WITHOUT_ZFS .El .Pp When set, these options are also in effect: .Pp .Bl -inset -compact .It Va WITHOUT_GSSAPI (unless .Va WITH_GSSAPI is set explicitly) .El .It Va WITHOUT_OPENSSL_KTLS Do not include kernel TLS support in OpenSSL. .Pp This is a default setting on arm/armv6, arm/armv7, i386/i386, powerpc/powerpc, powerpc/powerpc64, powerpc/powerpc64le, riscv/riscv64 and riscv/riscv64sf. .It Va WITH_OPENSSL_KTLS Include kernel TLS support in OpenSSL. .Pp This is a default setting on amd64/amd64 and arm64/aarch64. .It Va WITHOUT_PAM Do not build PAM library and modules. .Bf -symbolic This option is deprecated and does nothing. .Ef When set, these options are also in effect: .Pp .Bl -inset -compact .It Va WITHOUT_PAM_SUPPORT (unless .Va WITH_PAM_SUPPORT is set explicitly) .El .It Va WITHOUT_PAM_SUPPORT Build some programs without PAM support, particularly .Xr ftpd 8 and .Xr ppp 8 . .It Va WITHOUT_PF Do not build PF firewall package. When set, it enforces these options: .Pp .Bl -item -compact .It .Va WITHOUT_AUTHPF .El .It Va WITHOUT_PIE Do not build dynamically linked binaries as Position-Independent Executable (PIE). .It Va WITHOUT_PKGBOOTSTRAP Do not build .Xr pkg 7 bootstrap tool. .It Va WITHOUT_PMC Do not build .Xr pmccontrol 8 and related programs. .It Va WITHOUT_PORTSNAP Do not build or install .Xr portsnap 8 and related files. .It Va WITHOUT_PPP Do not build .Xr ppp 8 and related programs. .It Va WITH_PROFILE Build profiled libraries for use with .Xr gprof 8 . This option is deprecated and may not be present in a future version of .Fx . .It Va WITHOUT_QUOTAS Do not build .Xr quota 1 and related programs. .It Va WITHOUT_RADIUS_SUPPORT Do not build radius support into various applications, like .Xr pam_radius 8 and .Xr ppp 8 . .It Va WITH_RATELIMIT Build the system with rate limit support. .Pp This makes .Dv SO_MAX_PACING_RATE effective in .Xr getsockopt 2 , and .Ar txrlimit support in .Xr ifconfig 8 , by proxy. .It Va WITHOUT_RBOOTD Do not build or install .Xr rbootd 8 . .It Va WITHOUT_RELRO Do not apply the Relocation Read-Only (RELRO) vulnerability mitigation. See also the .Va BIND_NOW option. .It Va WITH_REPRODUCIBLE_BUILD Exclude build metadata (such as the build time, user, or host) from the kernel, boot loaders, and uname output, so that builds produce bit-for-bit identical output. .It Va WITHOUT_RESCUE Do not build .Xr rescue 8 . .It Va WITH_RETPOLINE Build the base system with the retpoline speculative execution vulnerability mitigation for CVE-2017-5715. .It Va WITHOUT_ROUTED Do not build .Xr routed 8 utility. .It Va WITH_RPCBIND_WARMSTART_SUPPORT Build .Xr rpcbind 8 with warmstart support. .It Va WITHOUT_SENDMAIL Do not build .Xr sendmail 8 and related programs. .It Va WITHOUT_SERVICESDB Do not install .Pa /var/db/services.db . .It Va WITHOUT_SETUID_LOGIN Set this to disable the installation of .Xr login 1 as a set-user-ID root program. .It Va WITHOUT_SHAREDOCS Do not build the .Bx 4.4 legacy docs. .It Va WITHOUT_SHARED_TOOLCHAIN Build the toolchain binaries as statically linked executables. The set includes .Xr cc 1 , .Xr make 1 and necessary utilities like assembler, linker and library archive manager. .It Va WITH_SORT_THREADS Enable threads in .Xr sort 1 . .It Va WITHOUT_SOURCELESS Do not build kernel modules that include sourceless code (either microcode or native code for host CPU). When set, it enforces these options: .Pp .Bl -item -compact .It .Va WITHOUT_SOURCELESS_HOST .It .Va WITHOUT_SOURCELESS_UCODE .El .It Va WITHOUT_SOURCELESS_HOST Do not build kernel modules that include sourceless native code for host CPU. .It Va WITHOUT_SOURCELESS_UCODE Do not build kernel modules that include sourceless microcode. .It Va WITHOUT_SPLIT_KERNEL_DEBUG Do not build standalone kernel debug files. Debug data (if enabled by the kernel configuration file) will be included in the kernel and modules. When set, it enforces these options: .Pp .Bl -item -compact .It .Va WITHOUT_KERNEL_SYMBOLS .El .It Va WITHOUT_SSP Do not build world with propolice stack smashing protection. .It Va WITH_STAGING Enable staging of files to a stage tree. This can be best thought of as auto-install to .Va DESTDIR with some extra meta data to ensure dependencies can be tracked. Depends on .Va WITH_DIRDEPS_BUILD . When set, these options are also in effect: .Pp .Bl -inset -compact .It Va WITH_STAGING_MAN (unless .Va WITHOUT_STAGING_MAN is set explicitly) .It Va WITH_STAGING_PROG (unless .Va WITHOUT_STAGING_PROG is set explicitly) .El .Pp This must be set in the environment, make command line, or .Pa /etc/src-env.conf , not .Pa /etc/src.conf . .It Va WITH_STAGING_MAN Enable staging of man pages to stage tree. .It Va WITH_STAGING_PROG Enable staging of PROGs to stage tree. .It Va WITH_STALE_STAGED Check staged files are not stale. .It Va WITHOUT_STATS Neither build nor install .Lb libstats and dependent binaries. .It Va WITHOUT_SYSCONS Do not build .Xr syscons 4 support files such as keyboard maps, fonts, and screen output maps. .It Va WITH_SYSROOT Enable use of sysroot during build. Depends on .Va WITH_DIRDEPS_BUILD . .Pp This must be set in the environment, make command line, or .Pa /etc/src-env.conf , not .Pa /etc/src.conf . .It Va WITHOUT_SYSTEM_COMPILER Do not opportunistically skip building a cross-compiler during the bootstrap phase of the build. Normally, if the currently installed compiler matches the planned bootstrap compiler type and revision, then it will not be built. This does not prevent a compiler from being built for installation though, only for building one for the build itself. The .Va WITHOUT_CLANG option controls that. .It Va WITHOUT_SYSTEM_LINKER Do not opportunistically skip building a cross-linker during the bootstrap phase of the build. Normally, if the currently installed linker matches the planned bootstrap linker type and revision, then it will not be built. This does not prevent a linker from being built for installation though, only for building one for the build itself. The .Va WITHOUT_LLD option controls that. .Pp This option is only relevant when .Va WITH_LLD_BOOTSTRAP is set. .It Va WITHOUT_TALK Do not build or install .Xr talk 1 and .Xr talkd 8 . .It Va WITHOUT_TCP_WRAPPERS Do not build or install .Xr tcpd 8 , and related utilities. .It Va WITHOUT_TCSH Do not build and install .Pa /bin/csh (which is .Xr tcsh 1 ) . .It Va WITHOUT_TELNET Do not build .Xr telnet 1 and related programs. .It Va WITHOUT_TESTS Do not build nor install the .Fx Test Suite in .Pa /usr/tests/ . See .Xr tests 7 for more details. This also disables the build of all test-related dependencies, including ATF. When set, it enforces these options: .Pp .Bl -item -compact .It .Va WITHOUT_DTRACE_TESTS .El .Pp When set, these options are also in effect: .Pp .Bl -inset -compact .It Va WITHOUT_GOOGLETEST (unless .Va WITH_GOOGLETEST is set explicitly) .It Va WITHOUT_TESTS_SUPPORT (unless .Va WITH_TESTS_SUPPORT is set explicitly) .El .It Va WITHOUT_TESTS_SUPPORT Disable the build of all test-related dependencies, including ATF. When set, it enforces these options: .Pp .Bl -item -compact .It .Va WITHOUT_GOOGLETEST .El .It Va WITHOUT_TEXTPROC Do not build programs used for text processing. .It Va WITHOUT_TFTP Do not build or install .Xr tftp 1 and .Xr tftpd 8 . .It Va WITHOUT_TOOLCHAIN Do not install header or programs used for program development, compilers, debuggers etc. When set, it enforces these options: .Pp .Bl -item -compact .It .Va WITHOUT_CLANG .It .Va WITHOUT_CLANG_EXTRAS .It .Va WITHOUT_CLANG_FORMAT .It .Va WITHOUT_CLANG_FULL .It .Va WITHOUT_INCLUDES .It .Va WITHOUT_LLD .It .Va WITHOUT_LLDB .It .Va WITHOUT_LLVM_COV .El .It Va WITH_UBSAN Build the base system with Undefined Behavior Sanitizer (UBSan) to detect various kinds of undefined behavior at runtime. Requires that Clang be used as the base system compiler and that the runtime support library is available .It Va WITHOUT_UNBOUND Do not build .Xr unbound 8 and related programs. .It Va WITHOUT_UNIFIED_OBJDIR Use the historical object directory format for .Xr build 7 targets. For native-builds and builds done directly in sub-directories the format of .Pa ${MAKEOBJDIRPREFIX}/${.CURDIR} is used, while for cross-builds .Pa ${MAKEOBJDIRPREFIX}/${TARGET}.${TARGET_ARCH}/${.CURDIR} is used. .Pp This option is transitional and will be removed in a future version of .Fx , at which time .Va WITH_UNIFIED_OBJDIR will be enabled permanently. .Pp This must be set in the environment, make command line, or .Pa /etc/src-env.conf , not .Pa /etc/src.conf . .It Va WITHOUT_USB Do not build USB-related programs and libraries. .It Va WITHOUT_USB_GADGET_EXAMPLES Do not build USB gadget kernel modules. .It Va WITHOUT_UTMPX Do not build user accounting tools such as .Xr last 1 , .Xr users 1 , .Xr who 1 , .Xr ac 8 , .Xr lastlogin 8 and .Xr utx 8 . .It Va WITH_VERIEXEC Enable building .Xr veriexec 8 which loads the contents of verified manifests into the kernel for use by .Xr mac_veriexec 4 .Pp Depends on .Va WITH_BEARSSL . .It Va WITHOUT_VI Do not build and install vi, view, ex and related programs. .It Va WITHOUT_VT Do not build .Xr vt 4 support files (fonts and keymaps). .It Va WITHOUT_WARNS Set this to not add warning flags to the compiler invocations. Useful as a temporary workaround when code enters the tree which triggers warnings in environments that differ from the original developer. .It Va WITHOUT_WERROR Set this to not treat compiler warnings as errors. Useful as a temporary workaround when working on fixing compiler warnings. When set, warnings are still printed in the build log but do not fail the build. .It Va WITHOUT_WIRELESS Do not build programs used for 802.11 wireless networks; especially .Xr wpa_supplicant 8 and .Xr hostapd 8 . When set, these options are also in effect: .Pp .Bl -inset -compact .It Va WITHOUT_WIRELESS_SUPPORT (unless .Va WITH_WIRELESS_SUPPORT is set explicitly) .El .It Va WITHOUT_WIRELESS_SUPPORT Build libraries, programs, and kernel modules without 802.11 wireless support. .It Va WITHOUT_WPA_SUPPLICANT_EAPOL Build .Xr wpa_supplicant 8 without support for the IEEE 802.1X protocol and without support for EAP-PEAP, EAP-TLS, EAP-LEAP, and EAP-TTLS protocols (usable only via 802.1X). .It Va WITHOUT_ZFS Do not build the ZFS file system kernel module, libraries such as .Xr libbe 3 , and user commands such as .Xr zpool 8 or .Xr zfs 8 . Also disable ZFS support in utilities and libraries which implement ZFS-specific functionality. .It Va WITHOUT_ZONEINFO Do not build the timezone database. When set, it enforces these options: .Pp .Bl -item -compact .It .Va WITHOUT_ZONEINFO_LEAPSECONDS_SUPPORT .El .It Va WITH_ZONEINFO_LEAPSECONDS_SUPPORT Build leapsecond information in to the timezone database. .El .Sh FILES .Bl -tag -compact -width Pa .It Pa /etc/src.conf .It Pa /etc/src-env.conf .It Pa /usr/share/mk/bsd.own.mk .El .Sh SEE ALSO .Xr make 1 , .Xr make.conf 5 , .Xr build 7 , .Xr ports 7 .Sh HISTORY The .Nm file appeared in .Fx 7.0 . .Sh AUTHORS This manual page was autogenerated by .An tools/build/options/makeman . diff --git a/share/man/man7/security.7 b/share/man/man7/security.7 index 49701bbe80f1..f87833ece112 100644 --- a/share/man/man7/security.7 +++ b/share/man/man7/security.7 @@ -1,1115 +1,1115 @@ .\" Copyright (C) 1998 Matthew Dillon. All rights reserved. .\" Copyright (c) 2019 The FreeBSD Foundation, Inc. .\" .\" Parts of this documentation were written by .\" Konstantin Belousov under sponsorship .\" from the FreeBSD Foundation. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" $FreeBSD$ .\" -.Dd January 14, 2022 +.Dd September 29, 2022 .Dt SECURITY 7 .Os .Sh NAME .Nm security .Nd introduction to security under FreeBSD .Sh DESCRIPTION Security is a function that begins and ends with the system administrator. While all .Bx multi-user systems have some inherent security, the job of building and maintaining additional security mechanisms to keep users .Dq honest is probably one of the single largest undertakings of the sysadmin. Machines are only as secure as you make them, and security concerns are ever competing with the human necessity for convenience. .Ux systems, in general, are capable of running a huge number of simultaneous processes and many of these processes operate as servers \(em meaning that external entities can connect and talk to them. As yesterday's mini-computers and mainframes become today's desktops, and as computers become networked and internetworked, security becomes an ever bigger issue. .Pp Security is best implemented through a layered onion approach. In a nutshell, what you want to do is to create as many layers of security as are convenient and then carefully monitor the system for intrusions. .Pp System security also pertains to dealing with various forms of attacks, including attacks that attempt to crash or otherwise make a system unusable but do not attempt to break root. Security concerns can be split up into several categories: .Bl -enum -offset indent .It Denial of Service attacks (DoS) .It User account compromises .It Root compromise through accessible servers .It Root compromise via user accounts .It Backdoor creation .El .Pp A denial of service attack is an action that deprives the machine of needed resources. Typically, DoS attacks are brute-force mechanisms that attempt to crash or otherwise make a machine unusable by overwhelming its servers or network stack. Some DoS attacks try to take advantages of bugs in the networking stack to crash a machine with a single packet. The latter can only be fixed by applying a bug fix to the kernel. Attacks on servers can often be fixed by properly specifying options to limit the load the servers incur on the system under adverse conditions. Brute-force network attacks are harder to deal with. A spoofed-packet attack, for example, is nearly impossible to stop short of cutting your system off from the Internet. It may not be able to take your machine down, but it can fill up your Internet pipe. .Pp A user account compromise is even more common than a DoS attack. -Many -sysadmins still run standard -.Xr telnetd 8 +Some +sysadmins still run +.Nm telnetd and .Xr ftpd 8 servers on their machines. These servers, by default, do not operate over encrypted connections. The result is that if you have any moderate-sized user base, one or more of your users logging into your system from a remote location (which is the most common and convenient way to log in to a system) will have his or her password sniffed. The attentive system administrator will analyze his remote access logs looking for suspicious source addresses even for successful logins. .Pp One must always assume that once an attacker has access to a user account, the attacker can break root. However, the reality is that in a well secured and maintained system, access to a user account does not necessarily give the attacker access to root. The distinction is important because without access to root the attacker cannot generally hide his tracks and may, at best, be able to do nothing more than mess with the user's files or crash the machine. User account compromises are very common because users tend not to take the precautions that sysadmins take. .Pp System administrators must keep in mind that there are potentially many ways to break root on a machine. The attacker may know the root password, the attacker may find a bug in a root-run server and be able to break root over a network connection to that server, or the attacker may know of a bug in an SUID-root program that allows the attacker to break root once he has broken into a user's account. If an attacker has found a way to break root on a machine, the attacker may not have a need to install a backdoor. Many of the root holes found and closed to date involve a considerable amount of work by the attacker to clean up after himself, so most attackers do install backdoors. This gives you a convenient way to detect the attacker. Making it impossible for an attacker to install a backdoor may actually be detrimental to your security because it will not close off the hole the attacker used to break in originally. .Pp Security remedies should always be implemented with a multi-layered .Dq onion peel approach and can be categorized as follows: .Bl -enum -offset indent .It Securing root and staff accounts .It Securing root \(em root-run servers and SUID/SGID binaries .It Securing user accounts .It Securing the password file .It Securing the kernel core, raw devices, and file systems .It Quick detection of inappropriate changes made to the system .It Paranoia .El .Sh SECURING THE ROOT ACCOUNT AND SECURING STAFF ACCOUNTS Do not bother securing staff accounts if you have not secured the root account. Most systems have a password assigned to the root account. The first thing you do is assume that the password is .Em always compromised. This does not mean that you should remove the password. The password is almost always necessary for console access to the machine. What it does mean is that you should not make it possible to use the password outside of the console or possibly even with a .Xr su 1 utility. For example, make sure that your PTYs are specified as being .Dq Li insecure in the .Pa /etc/ttys file so that direct root logins via .Xr telnet 1 are disallowed. If using other login services such as .Xr sshd 8 , make sure that direct root logins are disabled there as well. Consider every access method \(em services such as .Xr ftp 1 often fall through the cracks. Direct root logins should only be allowed via the system console. .Pp Of course, as a sysadmin you have to be able to get to root, so we open up a few holes. But we make sure these holes require additional password verification to operate. One way to make root accessible is to add appropriate staff accounts to the .Dq Li wheel group (in .Pa /etc/group ) . The staff members placed in the .Li wheel group are allowed to .Xr su 1 to root. You should never give staff members native .Li wheel access by putting them in the .Li wheel group in their password entry. Staff accounts should be placed in a .Dq Li staff group, and then added to the .Li wheel group via the .Pa /etc/group file. Only those staff members who actually need to have root access should be placed in the .Li wheel group. It is also possible, when using an authentication method such as Kerberos, to use Kerberos's .Pa .k5login file in the root account to allow a .Xr ksu 1 to root without having to place anyone at all in the .Li wheel group. This may be the better solution since the .Li wheel mechanism still allows an intruder to break root if the intruder has gotten hold of your password file and can break into a staff account. While having the .Li wheel mechanism is better than having nothing at all, it is not necessarily the safest option. .Pp An indirect way to secure the root account is to secure your staff accounts by using an alternative login access method and *'ing out the crypted password for the staff accounts. This way an intruder may be able to steal the password file but will not be able to break into any staff accounts or root, even if root has a crypted password associated with it (assuming, of course, that you have limited root access to the console). Staff members get into their staff accounts through a secure login mechanism such as .Xr kerberos 8 or .Xr ssh 1 using a private/public key pair. When you use something like Kerberos you generally must secure the machines which run the Kerberos servers and your desktop workstation. When you use a public/private key pair with SSH, you must generally secure the machine you are logging in .Em from (typically your workstation), but you can also add an additional layer of protection to the key pair by password protecting the keypair when you create it with .Xr ssh-keygen 1 . Being able to star-out the passwords for staff accounts also guarantees that staff members can only log in through secure access methods that you have set up. You can thus force all staff members to use secure, encrypted connections for all their sessions which closes an important hole used by many intruders: that of sniffing the network from an unrelated, less secure machine. .Pp The more indirect security mechanisms also assume that you are logging in from a more restrictive server to a less restrictive server. For example, if your main box is running all sorts of servers, your workstation should not be running any. In order for your workstation to be reasonably secure you should run as few servers as possible, up to and including no servers at all, and you should run a password-protected screen blanker. Of course, given physical access to a workstation, an attacker can break any sort of security you put on it. This is definitely a problem that you should consider but you should also consider the fact that the vast majority of break-ins occur remotely, over a network, from people who do not have physical access to your workstation or servers. .Pp Using something like Kerberos also gives you the ability to disable or change the password for a staff account in one place and have it immediately affect all the machines the staff member may have an account on. If a staff member's account gets compromised, the ability to instantly change his password on all machines should not be underrated. With discrete passwords, changing a password on N machines can be a mess. You can also impose re-passwording restrictions with Kerberos: not only can a Kerberos ticket be made to timeout after a while, but the Kerberos system can require that the user choose a new password after a certain period of time (say, once a month). .Sh SECURING ROOT \(em ROOT-RUN SERVERS AND SUID/SGID BINARIES The prudent sysadmin only runs the servers he needs to, no more, no less. Be aware that third party servers are often the most bug-prone. For example, running an old version of .Xr imapd 8 or .Xr popper 8 Pq Pa ports/mail/popper is like giving a universal root ticket out to the entire world. Never run a server that you have not checked out carefully. Many servers do not need to be run as root. For example, the .Xr talkd 8 , .Xr comsat 8 , and .Xr fingerd 8 daemons can be run in special user .Dq sandboxes . A sandbox is not perfect unless you go to a large amount of trouble, but the onion approach to security still stands: if someone is able to break in through a server running in a sandbox, they still have to break out of the sandbox. The more layers the attacker must break through, the lower the likelihood of his success. Root holes have historically been found in virtually every server ever run as root, including basic system servers. If you are running a machine through which people only log in via .Xr sshd 8 and never log in via -.Xr telnetd 8 -then turn off those services! +.Nm telnetd +then turn off this service! .Pp .Fx now defaults to running .Xr talkd 8 , .Xr comsat 8 , and .Xr fingerd 8 in a sandbox. Depending on whether you are installing a new system or upgrading an existing system, the special user accounts used by these sandboxes may not be installed. The prudent sysadmin would research and implement sandboxes for servers whenever possible. .Pp There are a number of other servers that typically do not run in sandboxes: .Xr sendmail 8 , .Xr popper 8 , .Xr imapd 8 , .Xr ftpd 8 , and others. There are alternatives to some of these, but installing them may require more work than you are willing to put (the convenience factor strikes again). You may have to run these servers as root and rely on other mechanisms to detect break-ins that might occur through them. .Pp The other big potential root hole in a system are the SUID-root and SGID binaries installed on the system. Most of these binaries, such as .Xr su 1 , reside in .Pa /bin , /sbin , /usr/bin , or .Pa /usr/sbin . While nothing is 100% safe, the system-default SUID and SGID binaries can be considered reasonably safe. Still, root holes are occasionally found in these binaries. A root hole was found in Xlib in 1998 that made .Xr xterm 1 Pq Pa ports/x11/xterm (which is typically SUID) vulnerable. It is better to be safe than sorry and the prudent sysadmin will restrict SUID binaries that only staff should run to a special group that only staff can access, and get rid of .Pq Dq Li "chmod 000" any SUID binaries that nobody uses. A server with no display generally does not need an .Xr xterm 1 Pq Pa ports/x11/xterm binary. SGID binaries can be almost as dangerous. If an intruder can break an SGID-kmem binary the intruder might be able to read .Pa /dev/kmem and thus read the crypted password file, potentially compromising any passworded account. Alternatively an intruder who breaks group .Dq Li kmem can monitor keystrokes sent through PTYs, including PTYs used by users who log in through secure methods. An intruder that breaks the .Dq Li tty group can write to almost any user's TTY. If a user is running a terminal program or emulator with a keyboard-simulation feature, the intruder can potentially generate a data stream that causes the user's terminal to echo a command, which is then run as that user. .Sh SECURING USER ACCOUNTS User accounts are usually the most difficult to secure. While you can impose draconian access restrictions on your staff and *-out their passwords, you may not be able to do so with any general user accounts you might have. If you do have sufficient control then you may win out and be able to secure the user accounts properly. If not, you simply have to be more vigilant in your monitoring of those accounts. Use of SSH and Kerberos for user accounts is more problematic due to the extra administration and technical support required, but still a very good solution compared to a crypted password file. .Sh SECURING THE PASSWORD FILE The only sure fire way is to *-out as many passwords as you can and use SSH or Kerberos for access to those accounts. Even though the crypted password file .Pq Pa /etc/spwd.db can only be read by root, it may be possible for an intruder to obtain read access to that file even if the attacker cannot obtain root-write access. .Pp Your security scripts should always check for and report changes to the password file (see .Sx CHECKING FILE INTEGRITY below). .Sh SECURING THE KERNEL CORE, RAW DEVICES, AND FILE SYSTEMS If an attacker breaks root he can do just about anything, but there are certain conveniences. For example, most modern kernels have a packet sniffing device driver built in. Under .Fx it is called the .Xr bpf 4 device. An intruder will commonly attempt to run a packet sniffer on a compromised machine. You do not need to give the intruder the capability and most systems should not have the .Xr bpf 4 device compiled in. .Pp But even if you turn off the .Xr bpf 4 device, you still have .Pa /dev/mem and .Pa /dev/kmem to worry about. For that matter, the intruder can still write to raw disk devices. Also, there is another kernel feature called the module loader, .Xr kldload 8 . An enterprising intruder can use a KLD module to install his own .Xr bpf 4 device or other sniffing device on a running kernel. To avoid these problems you have to run the kernel at a higher security level, at least level 1. The security level can be set with a .Xr sysctl 8 on the .Va kern.securelevel variable. Once you have set the security level to 1, write access to raw devices will be denied and special .Xr chflags 1 flags, such as .Cm schg , will be enforced. You must also ensure that the .Cm schg flag is set on critical startup binaries, directories, and script files \(em everything that gets run up to the point where the security level is set. This might be overdoing it, and upgrading the system is much more difficult when you operate at a higher security level. You may compromise and run the system at a higher security level but not set the .Cm schg flag for every system file and directory under the sun. Another possibility is to simply mount .Pa / and .Pa /usr read-only. It should be noted that being too draconian in what you attempt to protect may prevent the all-important detection of an intrusion. .Pp The kernel runs with five different security levels. Any super-user process can raise the level, but no process can lower it. The security levels are: .Bl -tag -width flag .It Ic -1 Permanently insecure mode \- always run the system in insecure mode. This is the default initial value. .It Ic 0 Insecure mode \- immutable and append-only flags may be turned off. All devices may be read or written subject to their permissions. .It Ic 1 Secure mode \- the system immutable and system append-only flags may not be turned off; disks for mounted file systems, .Pa /dev/mem and .Pa /dev/kmem may not be opened for writing; .Pa /dev/io (if your platform has it) may not be opened at all; kernel modules (see .Xr kld 4 ) may not be loaded or unloaded. The kernel debugger may not be entered using the .Va debug.kdb.enter sysctl. A panic or trap cannot be forced using the .Va debug.kdb.panic , .Va debug.kdb.panic_str and other sysctl's. .It Ic 2 Highly secure mode \- same as secure mode, plus disks may not be opened for writing (except by .Xr mount 2 ) whether mounted or not. This level precludes tampering with file systems by unmounting them, but also inhibits running .Xr newfs 8 while the system is multi-user. .Pp In addition, kernel time changes are restricted to less than or equal to one second. Attempts to change the time by more than this will log the message .Dq Time adjustment clamped to +1 second . .It Ic 3 Network secure mode \- same as highly secure mode, plus IP packet filter rules (see .Xr ipfw 8 , .Xr ipfirewall 4 and .Xr pfctl 8 ) cannot be changed and .Xr dummynet 4 or .Xr pf 4 configuration cannot be adjusted. .El .Pp The security level can be configured with variables documented in .Xr rc.conf 5 . .Sh CHECKING FILE INTEGRITY: BINARIES, CONFIG FILES, ETC When it comes right down to it, you can only protect your core system configuration and control files so much before the convenience factor rears its ugly head. For example, using .Xr chflags 1 to set the .Cm schg bit on most of the files in .Pa / and .Pa /usr is probably counterproductive because while it may protect the files, it also closes a detection window. The last layer of your security onion is perhaps the most important \(em detection. The rest of your security is pretty much useless (or, worse, presents you with a false sense of safety) if you cannot detect potential incursions. Half the job of the onion is to slow down the attacker rather than stop him in order to give the detection layer a chance to catch him in the act. .Pp The best way to detect an incursion is to look for modified, missing, or unexpected files. The best way to look for modified files is from another (often centralized) limited-access system. Writing your security scripts on the extra-secure limited-access system makes them mostly invisible to potential attackers, and this is important. In order to take maximum advantage you generally have to give the limited-access box significant access to the other machines in the business, usually either by doing a read-only NFS export of the other machines to the limited-access box, or by setting up SSH keypairs to allow the limit-access box to SSH to the other machines. Except for its network traffic, NFS is the least visible method \(em allowing you to monitor the file systems on each client box virtually undetected. If your limited-access server is connected to the client boxes through a switch, the NFS method is often the better choice. If your limited-access server is connected to the client boxes through a hub or through several layers of routing, the NFS method may be too insecure (network-wise) and using SSH may be the better choice even with the audit-trail tracks that SSH lays. .Pp Once you give a limit-access box at least read access to the client systems it is supposed to monitor, you must write scripts to do the actual monitoring. Given an NFS mount, you can write scripts out of simple system utilities such as .Xr find 1 and .Xr md5 1 . It is best to physically .Xr md5 1 the client-box files boxes at least once a day, and to test control files such as those found in .Pa /etc and .Pa /usr/local/etc even more often. When mismatches are found relative to the base MD5 information the limited-access machine knows is valid, it should scream at a sysadmin to go check it out. A good security script will also check for inappropriate SUID binaries and for new or deleted files on system partitions such as .Pa / and .Pa /usr . .Pp When using SSH rather than NFS, writing the security script is much more difficult. You essentially have to .Xr scp 1 the scripts to the client box in order to run them, making them visible, and for safety you also need to .Xr scp 1 the binaries (such as .Xr find 1 ) that those scripts use. The .Xr sshd 8 daemon on the client box may already be compromised. All in all, using SSH may be necessary when running over unsecure links, but it is also a lot harder to deal with. .Pp A good security script will also check for changes to user and staff members access configuration files: .Pa .rhosts , .shosts , .ssh/authorized_keys and so forth, files that might fall outside the purview of the MD5 check. .Pp If you have a huge amount of user disk space it may take too long to run through every file on those partitions. In this case, setting mount flags to disallow SUID binaries on those partitions is a good idea. The .Cm nosuid option (see .Xr mount 8 ) is what you want to look into. I would scan them anyway at least once a week, since the object of this layer is to detect a break-in whether or not the break-in is effective. .Pp Process accounting (see .Xr accton 8 ) is a relatively low-overhead feature of the operating system which I recommend using as a post-break-in evaluation mechanism. It is especially useful in tracking down how an intruder has actually broken into a system, assuming the file is still intact after the break-in occurs. .Pp Finally, security scripts should process the log files and the logs themselves should be generated in as secure a manner as possible \(em remote syslog can be very useful. An intruder tries to cover his tracks, and log files are critical to the sysadmin trying to track down the time and method of the initial break-in. One way to keep a permanent record of the log files is to run the system console to a serial port and collect the information on a continuing basis through a secure machine monitoring the consoles. .Sh PARANOIA A little paranoia never hurts. As a rule, a sysadmin can add any number of security features as long as they do not affect convenience, and can add security features that do affect convenience with some added thought. Even more importantly, a security administrator should mix it up a bit \(em if you use recommendations such as those given by this manual page verbatim, you give away your methodologies to the prospective attacker who also has access to this manual page. .Sh SPECIAL SECTION ON DoS ATTACKS This section covers Denial of Service attacks. A DoS attack is typically a packet attack. While there is not much you can do about modern spoofed packet attacks that saturate your network, you can generally limit the damage by ensuring that the attacks cannot take down your servers. .Bl -enum -offset indent .It Limiting server forks .It Limiting springboard attacks (ICMP response attacks, ping broadcast, etc.) .It Kernel Route Cache .El .Pp A common DoS attack is against a forking server that attempts to cause the server to eat processes, file descriptors, and memory until the machine dies. The .Xr inetd 8 server has several options to limit this sort of attack. It should be noted that while it is possible to prevent a machine from going down it is not generally possible to prevent a service from being disrupted by the attack. Read the .Xr inetd 8 manual page carefully and pay specific attention to the .Fl c , C , and .Fl R options. Note that spoofed-IP attacks will circumvent the .Fl C option to .Xr inetd 8 , so typically a combination of options must be used. Some standalone servers have self-fork-limitation parameters. .Pp The .Xr sendmail 8 daemon has its .Fl OMaxDaemonChildren option which tends to work much better than trying to use .Xr sendmail 8 Ns 's load limiting options due to the load lag. You should specify a .Va MaxDaemonChildren parameter when you start .Xr sendmail 8 high enough to handle your expected load but not so high that the computer cannot handle that number of .Nm sendmail Ns 's without falling on its face. It is also prudent to run .Xr sendmail 8 in .Dq queued mode .Pq Fl ODeliveryMode=queued and to run the daemon .Pq Dq Nm sendmail Fl bd separate from the queue-runs .Pq Dq Nm sendmail Fl q15m . If you still want real-time delivery you can run the queue at a much lower interval, such as .Fl q1m , but be sure to specify a reasonable .Va MaxDaemonChildren option for that .Xr sendmail 8 to prevent cascade failures. .Pp The .Xr syslogd 8 daemon can be attacked directly and it is strongly recommended that you use the .Fl s option whenever possible, and the .Fl a option otherwise. .Pp You should also be fairly careful with connect-back services such as tcpwrapper's reverse-identd, which can be attacked directly. You generally do not want to use the reverse-ident feature of tcpwrappers for this reason. .Pp It is a very good idea to protect internal services from external access by firewalling them off at your border routers. The idea here is to prevent saturation attacks from outside your LAN, not so much to protect internal services from network-based root compromise. Always configure an exclusive firewall, i.e., .So firewall everything .Em except ports A, B, C, D, and M-Z .Sc . This way you can firewall off all of your low ports except for certain specific services such as .Xr talkd 8 , .Xr sendmail 8 , and other internet-accessible services. If you try to configure the firewall the other way \(em as an inclusive or permissive firewall, there is a good chance that you will forget to .Dq close a couple of services or that you will add a new internal service and forget to update the firewall. You can still open up the high-numbered port range on the firewall to allow permissive-like operation without compromising your low ports. Also take note that .Fx allows you to control the range of port numbers used for dynamic binding via the various .Va net.inet.ip.portrange sysctl's .Pq Dq Li "sysctl net.inet.ip.portrange" , which can also ease the complexity of your firewall's configuration. I usually use a normal first/last range of 4000 to 5000, and a hiport range of 49152 to 65535, then block everything under 4000 off in my firewall (except for certain specific internet-accessible ports, of course). .Pp Another common DoS attack is called a springboard attack \(em to attack a server in a manner that causes the server to generate responses which then overload the server, the local network, or some other machine. The most common attack of this nature is the ICMP PING BROADCAST attack. The attacker spoofs ping packets sent to your LAN's broadcast address with the source IP address set to the actual machine they wish to attack. If your border routers are not configured to stomp on ping's to broadcast addresses, your LAN winds up generating sufficient responses to the spoofed source address to saturate the victim, especially when the attacker uses the same trick on several dozen broadcast addresses over several dozen different networks at once. Broadcast attacks of over a hundred and twenty megabits have been measured. A second common springboard attack is against the ICMP error reporting system. By constructing packets that generate ICMP error responses, an attacker can saturate a server's incoming network and cause the server to saturate its outgoing network with ICMP responses. This type of attack can also crash the server by running it out of .Vt mbuf Ns 's , especially if the server cannot drain the ICMP responses it generates fast enough. The .Fx kernel has a new kernel compile option called .Dv ICMP_BANDLIM which limits the effectiveness of these sorts of attacks. The last major class of springboard attacks is related to certain internal .Xr inetd 8 services such as the UDP echo service. An attacker simply spoofs a UDP packet with the source address being server A's echo port, and the destination address being server B's echo port, where server A and B are both on your LAN. The two servers then bounce this one packet back and forth between each other. The attacker can overload both servers and their LANs simply by injecting a few packets in this manner. Similar problems exist with the internal chargen port. A competent sysadmin will turn off all of these .Xr inetd 8 Ns -internal test services. .Sh ACCESS ISSUES WITH KERBEROS AND SSH There are a few issues with both Kerberos and SSH that need to be addressed if you intend to use them. Kerberos5 is an excellent authentication protocol but the kerberized .Xr telnet 1 suck rocks. There are bugs that make them unsuitable for dealing with binary streams. Also, by default Kerberos does not encrypt a session unless you use the .Fl x option. SSH encrypts everything by default. .Pp SSH works quite well in every respect except when it is set up to forward encryption keys. What this means is that if you have a secure workstation holding keys that give you access to the rest of the system, and you .Xr ssh 1 to an unsecure machine, your keys become exposed. The actual keys themselves are not exposed, but .Xr ssh 1 installs a forwarding port for the duration of your login and if an attacker has broken root on the unsecure machine he can utilize that port to use your keys to gain access to any other machine that your keys unlock. .Pp We recommend that you use SSH in combination with Kerberos whenever possible for staff logins. SSH can be compiled with Kerberos support. This reduces your reliance on potentially exposable SSH keys while at the same time protecting passwords via Kerberos. SSH keys should only be used for automated tasks from secure machines (something that Kerberos is unsuited to). We also recommend that you either turn off key-forwarding in the SSH configuration, or that you make use of the .Va from Ns = Ns Ar IP/DOMAIN option that SSH allows in its .Pa authorized_keys file to make the key only usable to entities logging in from specific machines. .Sh KNOBS AND TWEAKS .Fx provides several knobs and tweak handles that make some introspection information access more restricted. Some people consider this as improving system security, so the knobs are briefly listed there, together with controls which enable some mitigations of the hardware state leaks. .Pp Hardware mitigation sysctl knobs described below have been moved under .Pa machdep.mitigations , with backwards-compatibility shims to accept the existing names. A future change will rationalize the sense of the individual sysctls (so that enabled / true always indicates that the mitigation is active). For that reason the previous names remain the canonical way to set the mitigations, and are documented here. Backwards compatibility shims for the interim sysctls under .Pa machdep.mitigations will not be added. .Bl -tag -width security.bsd.unprivileged_proc_debug .It Dv security.bsd.see_other_uids Controls visibility of processes owned by different uid. The knob directly affects the .Dv kern.proc sysctls filtering of data, which results in restricted output from utilities like .Xr ps 1 . .It Dv security.bsd.see_other_gids Same, for processes owned by different gid. .It Dv security.bsd.see_jail_proc Same, for processes belonging to a jail. .It Dv security.bsd.conservative_signals When enabled, unprivileged users are only allowed to send job control and usual termination signals like .Dv SIGKILL , .Dv SIGINT , and .Dv SIGTERM , to the processes executing programs with changed uids. .It Dv security.bsd.unprivileged_proc_debug Controls availability of the process debugging facilities to non-root users. See also .Xr proccontrol 1 mode .Dv trace . .It Dv vm.pmap.pti Tunable, amd64-only. Enables mode of operation of virtual memory system where usermode page tables are sanitized to prevent so-called Meltdown information leak on some Intel CPUs. By default, the system detects whether the CPU needs the workaround, and enables it automatically. See also .Xr proccontrol 1 mode .Dv kpti . .It Dv machdep.mitigations.flush_rsb_ctxsw amd64. Controls Return Stack Buffer flush on context switch, to prevent cross-process ret2spec attacks. Only needed, and only enabled by default, if the machine supports SMEP, otherwise IBRS would do necessary flushing on kernel entry anyway. .It Dv hw.mds_disable amd64 and i386. Controls Microarchitectural Data Sampling hardware information leak mitigation. .It Dv hw.spec_store_bypass_disable amd64 and i386. Controls Speculative Store Bypass hardware information leak mitigation. .It Dv hw.ibrs_disable amd64 and i386. Controls Indirect Branch Restricted Speculation hardware information leak mitigation. .It Dv machdep.syscall_ret_flush_l1d amd64. Controls force-flush of L1D cache on return from syscalls which report errors other than .Ev EEXIST , .Ev EAGAIN , .Ev EXDEV , .Ev ENOENT , .Ev ENOTCONN , and .Ev EINPROGRESS . This is mostly a paranoid setting added to prevent hypothetical exploitation of unknown gadgets for unknown hardware issues. The error codes exclusion list is composed of the most common errors which typically occurs on normal system operation. .It Dv machdep.nmi_flush_l1d_sw amd64. Controls force-flush of L1D cache on NMI; this provides software assist for bhyve mitigation of L1 terminal fault hardware information leak. .It Dv hw.vmm.vmx.l1d_flush amd64. Controls the mitigation of L1 Terminal Fault in bhyve hypervisor. .It Dv vm.pmap.allow_2m_x_ept amd64. Allows the use of superpages for executable mappings under the EPT page table format used by hypervisors on Intel CPUs to map the guest physical address space to machine physical memory. May be disabled to work around a CPU Erratum called Machine Check Error Avoidance on Page Size Change. .It Dv machdep.mitigations.rngds.enable amd64 and i386. Controls mitigation of Special Register Buffer Data Sampling versus optimization of the MCU access. When set to zero, the mitigation is disabled, and the RDSEED and RDRAND instructions do not incur serialization overhead for shared buffer accesses, and do not serialize off-core memory accessses. .It Dv kern.elf32.aslr.enable Controls system-global Address Space Layout Randomization (ASLR) for normal non-PIE (Position Independent Executable) 32-bit ELF binaries. See also the .Xr proccontrol 1 .Dv aslr mode, also affected by the per-image control note flag. .It Dv kern.elf32.aslr.pie_enable Controls system-global Address Space Layout Randomization for position-independent (PIE) 32-bit binaries. .It Dv kern.elf32.aslr.honor_sbrk Makes ASLR less aggressive and more compatible with old binaries relying on the sbrk area. .It Dv kern.elf32.aslr.stack If ASLR is enabled for a binary, a non-zero value enables randomization of the stack. Otherwise, the stack is mapped at a fixed location determined by the process ABI. .It Dv kern.elf64.aslr.enable ASLR control for 64-bit ELF binaries. .It Dv kern.elf64.aslr.pie_enable ASLR control for 64-bit ELF PIEs. .It Dv kern.elf64.aslr.honor_sbrk ASLR sbrk compatibility control for 64-bit binaries. .It Dv kern.elf64.aslr.stack Controls stack address randomization for 64-bit binaries. .It Dv kern.elf32.nxstack Enables non-executable stack for 32-bit processes. Enabled by default if supported by hardware and corresponding binary. .It Dv kern.elf64.nxstack Enables non-executable stack for 64-bit processes. .It Dv kern.elf32.allow_wx Enables mapping of simultaneously writable and executable pages for 32-bit processes. .It Dv kern.elf64.allow_wx Enables mapping of simultaneously writable and executable pages for 64-bit processes. .El .Sh SEE ALSO .Xr chflags 1 , .Xr find 1 , .Xr md5 1 , .Xr netstat 1 , .Xr openssl 1 , .Xr proccontrol 1 , .Xr ps 1 , .Xr ssh 1 , .Xr xdm 1 Pq Pa ports/x11/xorg-clients , .Xr group 5 , .Xr ttys 5 , .Xr accton 8 , .Xr init 8 , .Xr sshd 8 , .Xr sysctl 8 , .Xr syslogd 8 , .Xr vipw 8 .Sh HISTORY The .Nm manual page was originally written by .An Matthew Dillon and first appeared in .Fx 3.1 , December 1998. diff --git a/tools/build/options/WITHOUT_KERBEROS_SUPPORT b/tools/build/options/WITHOUT_KERBEROS_SUPPORT index 1a50b28678bc..07516bb272e8 100644 --- a/tools/build/options/WITHOUT_KERBEROS_SUPPORT +++ b/tools/build/options/WITHOUT_KERBEROS_SUPPORT @@ -1,7 +1,6 @@ .\" $FreeBSD$ Build some programs without Kerberos support, like .Xr ssh 1 , .Xr telnet 1 , -.Xr sshd 8 , and -.Xr telnetd 8 . +.Xr sshd 8 . diff --git a/usr.bin/login/login.1 b/usr.bin/login/login.1 index bd92837b8b87..ddb3b30f1b58 100644 --- a/usr.bin/login/login.1 +++ b/usr.bin/login/login.1 @@ -1,164 +1,164 @@ .\" Copyright (c) 1980, 1990, 1993 .\" The Regents of the University of California. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" @(#)login.1 8.2 (Berkeley) 5/5/94 .\" $FreeBSD$ .\" -.Dd July 20, 2019 +.Dd September 29, 2022 .Dt LOGIN 1 .Os .Sh NAME .Nm login .Nd log into the computer .Sh SYNOPSIS .Nm .Op Fl fp .Op Fl h Ar hostname .Op Ar user .Sh DESCRIPTION The .Nm utility logs users (and pseudo-users) into the computer system. .Pp If no user is specified, or if a user is specified and authentication of the user fails, .Nm prompts for a user name. Authentication of users is configurable via .Xr pam 8 . Password authentication is the default. .Pp The following options are available: .Bl -tag -width indent .It Fl f When a user name is specified, this option indicates that proper authentication has already been done and that no password need be requested. This option may only be used by the super-user or when an already logged in user is logging in as themselves. .It Fl h Specify the host from which the connection was received. It is used by various daemons such as -.Xr telnetd 8 . +.Nm telnetd . This option may only be used by the super-user. .It Fl p By default, .Nm discards any previous environment. The .Fl p option disables this behavior. .El .Pp Login access can be controlled via .Xr login.access 5 or the login class in .Xr login.conf 5 , which provides allow and deny records based on time, tty and remote host name. .Pp If the file .Pa /etc/fbtab exists, .Nm changes the protection and ownership of certain devices specified in this file. .Pp Immediately after logging a user in, .Nm displays the system copyright notice, the date and time the user last logged in, the message of the day as well as other information. If the file .Pa .hushlogin exists in the user's home directory, all of these messages are suppressed. This is to simplify logins for non-human users, such as .Xr uucp 1 . .Pp The .Nm utility enters information into the environment (see .Xr environ 7 ) specifying the user's home directory (HOME), command interpreter (SHELL), search path (PATH), terminal type (TERM) and user name (both LOGNAME and USER). Other environment variables may be set due to entries in the login class capabilities database, for the login class assigned in the user's system passwd record. The login class also controls the maximum and current process resource limits granted to a login, process priorities and many other aspects of a user's login environment. .Pp Some shells may provide a builtin .Nm command which is similar or identical to this utility. Consult the .Xr builtin 1 manual page. .Pp The .Nm utility will submit an audit record when login succeeds or fails. Failure to determine the current auditing state will result in an error exit from .Nm . .Sh FILES .Bl -tag -width ".Pa /etc/security/audit_control" -compact .It Pa /etc/fbtab changes device protections .It Pa /etc/login.conf login class capabilities database .It Pa /var/run/motd message-of-the-day .It Pa /var/mail/user system mailboxes .It Pa \&.hushlogin makes login quieter .It Pa /etc/pam.d/login .Xr pam 8 configuration file .It Pa /etc/security/audit_user user flags for auditing .It Pa /etc/security/audit_control global flags for auditing .El .Sh SEE ALSO .Xr builtin 1 , .Xr chpass 1 , .Xr csh 1 , .Xr newgrp 1 , .Xr passwd 1 , .Xr rlogin 1 , .Xr getpass 3 , .Xr fbtab 5 , .Xr login.access 5 , .Xr login.conf 5 , .Xr environ 7 .Sh HISTORY A .Nm utility appeared in .At v6 . diff --git a/usr.sbin/dconschat/dconschat.8 b/usr.sbin/dconschat/dconschat.8 index 98e79752bf58..2455080c5e12 100644 --- a/usr.sbin/dconschat/dconschat.8 +++ b/usr.sbin/dconschat/dconschat.8 @@ -1,329 +1,329 @@ .\" Copyright (c) 2003 Hidetoshi Shimokawa .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR .\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED .\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE .\" DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, .\" INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES .\" (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR .\" SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, .\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN .\" ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" .\" $FreeBSD$ .\" .\" -.Dd February 11, 2003 +.Dd September 29, 2022 .Dt DCONSCHAT 8 .Os .Sh NAME .Nm dconschat .Nd user interface to .Xr dcons 4 .Sh SYNOPSIS .Nm .Op Fl brvwRT1 .Op Fl e Ar escape-char .Op Fl h Ar hz .Op Fl C Ar console_port .Op Fl G Ar gdb_port .Op Fl M Ar core .Op Fl N Ar system .Nm .Op Fl brvwR1 .Op Fl h Ar hz .Op Fl C Ar console_port .Op Fl G Ar gdb_port .Op Fl a Ar address .Op Fl u Ar bus_num .Fl t Ar target_eui64 .Sh DESCRIPTION The .Nm utility is designed to provide a way for users to access .Xr dcons 4 (dumb console device) on a local or remote system. The .Nm utility interacts with .Xr dcons 4 using .Xr kvm 3 or .Xr firewire 4 , and interacts with the user over TTY or TCP/IP. To access remote .Xr dcons 4 using .Xr firewire 4 , you have to specify target EUI64 address using the .Fl t option. Physical DMA should be enabled on the target machine for access via FireWire. .Pp The .Nm utility and the .Xr dcons 4 driver communicate using 2 ports, one for the console port and another for remote .Xr gdb 1 Pq Pa ports/devel/gdb port. Users are supposed to access .Nm using TTY, .Xr telnet 1 and .Xr gdb 1 Pq Pa ports/devel/gdb . You can specify listen ports for console and .Xr gdb 1 Pq Pa ports/devel/gdb port using the .Fl C and .Fl G options respectively. The port number 0 has special meaning that current TTY (stdin/stdout) is used instead of TCP/IP. A negative port number will disable the port. By analogy with .Xr pty 4 device, the .Xr dcons 4 acts as a slave device and .Nm acts as a master device with -.Xr telnetd 8 . +.Nm telnetd . .Pp Typed characters are normally transmitted directly to .Xr dcons 4 . A escape character (the default is .Ql ~ ) appearing as the first character of a line is an escape signal; the following are recognized: .Bl -tag -width ident .It Ic ~. Drop the connection and exit. .It Ic ~^G Invoke kgdb on the terminal on which dconschat is running. .It Ic ~^R Reset the target over FireWire if a reset address is registered in Configuration ROM. .It Ic ~^Z Suspend the dconschat process. .El .Pp The following options are supported. .Bl -tag -width indent .It Fl b Translate Ctrl-C to ALT_BREAK (CR + .Ql ~ + Ctrl-B) on .Xr gdb 1 Pq Pa ports/devel/gdb port. .It Fl r Replay old buffer on connection. .It Fl v Verbose debug output. Multiple .Fl v options increase verbosity. .It Fl w Listen on a wildcard address rather than localhost. .It Fl R Read-only. Do not write anything to the .Xr dcons 4 buffer. .It Fl T Enable ad-hoc workaround for the TELNET protocol to remove unnecessary byte sequences. It should be set when you access .Nm using .Xr telnet 1 . .It Fl 1 One-shot. Read available buffer, then exit. This implies the .Fl r option. .It Fl e Ar escape-char Specify escape character. The default is '~'. .It Fl h Ar hz Specify polling rate. The default value is 100. .It Fl C Ar console_port Specify the console port. The default value is 0 (stdin/stdout). .It Fl G Ar gdb_port Specify .Xr gdb 1 Pq Pa ports/devel/gdb port. The default value is \-1 (disabled). .It Fl M Ar core Specify core file. .It Fl N Ar system Specify system file such as .Pa /boot/kernel/kernel . .It Fl t Ar target_eui64 Specify the 64-bit extended unique identifier of the target, and use FireWire to access remote .Xr dcons 4 . .It Fl a Ar address Specify the physical I/O address of the .Xr dcons 4 buffer. See .Xr dcons 4 for details. If this option is not specified, .Nm tries to get the address from the Configuration ROM on the target. You are supposed to enable .Xr dcons_crom 4 on the target to omit this option. .It Fl u Ar bus_num Specify FireWire bus number. The default is 0. .El .Sh FILES .Bl -tag -width indent -compact .It Pa /dev/fwmem0.0 .It Pa /dev/mem .It Pa /dev/kmem .El .Sh EXAMPLES To use .Nm with FireWire for remote .Xr dcons 4 , you have to specify the EUI64 of the target. You can obtain EUI64 by running .Xr fwcontrol 8 without options. The first EUI64 is of the host running .Xr fwcontrol 8 and others on the bus follow. .Bd -literal -offset indent # fwcontrol 2 devices (info_len=2) node EUI64 status 1 77-66-55-44-33-22-11-00 0 0 00-11-22-33-44-55-66-77 1 .Ed .Pp The EUI64 does not change unless you change the hardware as the ethernet address. .Pp Now we can run .Nm . .Bd -literal -offset indent # dconschat -br -G 12345 -t 00-11-22-33-44-55-66-77 .Ed .Pp You will get console output of the target and login prompt if a .Xr getty 8 is running on .Xr dcons 4 . You can break to DDB with ALT_BREAK (CR + .Ql ~ + Ctrl-B) if .Dv DDB and .Dv ALT_BREAK_TO_DEBUGGER are enabled in the target kernel. To quit the session, type CR + .Ql ~ + .Ql \&. in the console port. .Pp Using .Xr gdb 1 Pq Pa ports/devel/gdb port is almost the same as remote .Xr gdb 1 Pq Pa ports/devel/gdb over serial line except using TCP/IP instead of .Pa /dev/cu* . See .Sx "On-line Kernel Debugging Using Remote GDB" section of .%T "The FreeBSD Developers Handbook" and .Xr gdb 4 for details. .Bd -literal -offset indent % gdb -k kernel.debug (kgdb) target remote :12345 .Ed .Pp Once .Xr gdb 1 Pq Pa ports/devel/gdb is attached and you specified the .Fl b option to .Nm , typing Ctrl-C in .Xr gdb 1 Pq Pa ports/devel/gdb causes a break to debugger. .Pp The following command gets the console log from the crash dump: .Bd -literal -offset indent # dconschat -1 -M vmcore.0 -N kernel.0 .Ed .Pp If you want access to the console using .Xr telnet 1 , try the following: .Bd -literal -offset indent # dconschat -rTC 5555 & # telnet localhost 5555 .Ed .Pp You may want to keep logging console output of several machines. .Nm conserver-com in the Ports collection may help you. Insert the following lines in .Pa conserver.cf : .Bd -literal -offset indent console local { master localhost; type exec; exec /usr/sbin/dconschat -rh 25; } console remote { master localhost; type exec; exec /usr/sbin/dconschat -rh 25 -t 00-11-22-33-44-55-66-77; } .Ed .Sh SEE ALSO .Xr gdb 1 Pq Pa ports/devel/gdb , .Xr telnet 1 , .Xr kvm 3 , .Xr dcons 4 , .Xr dcons_crom 4 , .Xr ddb 4 , .Xr firewire 4 , .Xr fwohci 4 , .Xr gdb 4 , .Xr eui64 5 , .Xr fwcontrol 8 .Sh AUTHORS .An Hidetoshi Shimokawa Aq Mt simokawa@FreeBSD.org .Sh BUGS This utility is .Ud diff --git a/usr.sbin/inetd/inetd.8 b/usr.sbin/inetd/inetd.8 index 6e6af3ec68cb..19f6d0614619 100644 --- a/usr.sbin/inetd/inetd.8 +++ b/usr.sbin/inetd/inetd.8 @@ -1,990 +1,990 @@ .\" Copyright (c) 1985, 1991, 1993, 1994 .\" The Regents of the University of California. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" from: @(#)inetd.8 8.3 (Berkeley) 4/13/94 .\" $FreeBSD$ .\" -.Dd December 6, 2021 +.Dd September 29, 2022 .Dt INETD 8 .Os .Sh NAME .Nm inetd .Nd internet .Dq super-server .Sh SYNOPSIS .Nm .Op Fl dlWw .Op Fl a Ar address .Op Fl C Ar rate .Op Fl c Ar maximum .Op Fl p Ar filename .Op Fl R Ar rate .Op Fl s Ar maximum .Op Ar configuration_file .Sh DESCRIPTION The .Nm utility should be run at boot time by .Pa /etc/rc (see .Xr rc 8 ) . It then listens for connections on certain internet sockets. When a connection is found on one of its sockets, it decides what service the socket corresponds to, and invokes a program to service the request. The server program is invoked with the service socket as its standard input, output and error descriptors. After the program is finished, .Nm continues to listen on the socket (except in some cases which will be described below). Essentially, .Nm allows running one daemon to invoke several others, reducing load on the system. .Pp The following options are available: .Bl -tag -width indent .It Fl a Ar address Specify one specific IP address to bind to. Alternatively, a hostname can be specified, in which case the IPv4 or IPv6 address which corresponds to that hostname is used. Usually a hostname is specified when .Nm is run inside a .Xr jail 8 , in which case the hostname corresponds to that of the .Xr jail 8 environment. .Pp When the hostname specification is used and both IPv4 and IPv6 bindings are desired, one entry with the appropriate .Em protocol type for each binding is required for each service in .Pa /etc/inetd.conf . For example, a TCP-based service would need two entries, one using .Dq tcp4 for the .Em protocol and the other using .Dq tcp6 . See the explanation of the .Pa /etc/inetd.conf .Em protocol field below. .It Fl C Ar rate Specify the default maximum number of times a service can be invoked from a single IP address in one minute; the default is unlimited. May be overridden on a per-service basis with the "max-connections-per-ip-per-minute" parameter. .It Fl c Ar maximum Specify the default maximum number of simultaneous invocations of each service; the default is unlimited. May be overridden on a per-service basis with the "max-child" parameter. .It Fl d Turn on debugging. .It Fl l Turn on logging of successful connections. .It Fl p Specify an alternate file in which to store the process ID. .It Fl R Ar rate Specify the maximum number of times a service can be invoked in one minute; the default is 256. A rate of 0 allows an unlimited number of invocations. .It Fl s Ar maximum Specify the default maximum number of simultaneous invocations of each service from a single IP address; the default is unlimited. May be overridden on a per-service basis with the "max-child-per-ip" parameter. .It Fl W Turn on TCP Wrapping for internal services which are built in to .Nm . .It Fl w Turn on TCP Wrapping for external services. See the .Sx "IMPLEMENTATION NOTES" section for more information on TCP Wrappers support. .El .Pp Upon execution, .Nm reads its configuration information from a configuration file which, by default, is .Pa /etc/inetd.conf . There must be an entry for each field of the configuration file, with entries for each field separated by a tab or a space. Comments are denoted by a .Dq # at the beginning of a line. There must be an entry for each field. The fields of the configuration file are as follows: .Pp .Bd -unfilled -offset indent -compact service-name socket-type protocol {wait|nowait}[/max-child[/max-connections-per-ip-per-minute[/max-child-per-ip]]] user[:group][/login-class] server-program server-program-arguments .Ed .Pp To specify an ONC RPC-based service, the entry would contain these fields: .Pp .Bd -unfilled -offset indent -compact service-name/version socket-type rpc/protocol {wait|nowait}[/max-child[/max-connections-per-ip-per-minute[/max-child-per-ip]]] user[:group][/login-class] server-program server-program-arguments .Ed .Pp There are two types of services that .Nm can start: standard and TCPMUX. A standard service has a well-known port assigned to it; it may be a service that implements an official Internet standard or is a .Bx Ns -specific service. As described in RFC 1078, TCPMUX services are nonstandard services that do not have a well-known port assigned to them. They are invoked from .Nm when a program connects to the .Dq tcpmux well-known port and specifies the service name. This feature is useful for adding locally-developed servers. TCPMUX requests are only accepted when the multiplexor service itself is enabled, above and beyond and specific TCPMUX-based servers; see the discussion of internal services below. .Pp The .Em service-name entry is the name of a valid service in the file .Pa /etc/services , or the specification of a .Ux domain socket (see below). For .Dq internal services (discussed below), the service name should be the official name of the service (that is, the first entry in .Pa /etc/services ) . When used to specify an ONC RPC-based service, this field is a valid RPC service name listed in the file .Pa /etc/rpc . The part on the right of the .Dq / is the RPC version number. This can simply be a single numeric argument or a range of versions. A range is bounded by the low version to the high version - .Dq rusers/1-3 . For TCPMUX services, the value of the .Em service-name field consists of the string .Dq tcpmux followed by a slash and the locally-chosen service name. The service names listed in .Pa /etc/services and the name .Dq help are reserved. Try to choose unique names for your TCPMUX services by prefixing them with your organization's name and suffixing them with a version number. .Pp The .Em socket-type should be one of .Dq stream , .Dq dgram , .Dq raw , .Dq rdm , or .Dq seqpacket , depending on whether the socket is a stream, datagram, raw, reliably delivered message, or sequenced packet socket. TCPMUX services must use .Dq stream . .Pp The .Em protocol must be a valid protocol or .Dq unix . Examples are .Dq tcp or .Dq udp , both of which imply IPv4 for backward compatibility. The names .Dq tcp4 and .Dq udp4 specify IPv4 only. The names .Dq tcp6 and .Dq udp6 specify IPv6 only. The names .Dq tcp46 and .Dq udp46 specify that the entry accepts both IPv4 and IPv6 connections via a wildcard .Dv AF_INET6 socket. Rpc based services are specified with the .Dq rpc/tcp or .Dq rpc/udp service type. One can use specify IPv4 and/or IPv6 with the 4, 6 or 46 suffix, for example .Dq rpc/tcp6 or .Dq rpc/udp46 . TCPMUX services must use .Dq tcp , .Dq tcp4 , .Dq tcp6 or .Dq tcp46 . .Pp The .Em wait/nowait entry specifies whether the server that is invoked by .Nm will take over the socket associated with the service access point, and thus whether .Nm should wait for the server to exit before listening for new service requests. Datagram servers must use .Dq wait , as they are always invoked with the original datagram socket bound to the specified service address. These servers must read at least one datagram from the socket before exiting. If a datagram server connects to its peer, freeing the socket so .Nm can receive further messages on the socket, it is said to be a .Dq multi-threaded server; it should read one datagram from the socket and create a new socket connected to the peer. It should fork, and the parent should then exit to allow .Nm to check for new service requests to spawn new servers. Datagram servers which process all incoming datagrams on a socket and eventually time out are said to be .Dq single-threaded . The .Xr comsat 8 and .Xr talkd 8 utilities are examples of the latter type of datagram server. The .Xr tftpd 8 utility is an example of a multi-threaded datagram server. .Pp Servers using stream sockets generally are multi-threaded and use the .Dq nowait entry. Connection requests for these services are accepted by .Nm , and the server is given only the newly-accepted socket connected to a client of the service. Most stream-based services operate in this manner. Stream-based servers that use .Dq wait are started with the listening service socket, and must accept at least one connection request before exiting. Such a server would normally accept and process incoming connection requests until a timeout. TCPMUX services must use .Dq nowait . .Pp The maximum number of outstanding child processes (or .Dq threads ) for a .Dq nowait service may be explicitly specified by appending a .Dq / followed by the number to the .Dq nowait keyword. Normally (or if a value of zero is specified) there is no maximum. Otherwise, once the maximum is reached, further connection attempts will be queued up until an existing child process exits. This also works in the case of .Dq wait mode, although a value other than one (the default) might not make sense in some cases. You can also specify the maximum number of connections per minute for a given IP address by appending a .Dq / followed by the number to the maximum number of outstanding child processes. Once the maximum is reached, further connections from this IP address will be dropped until the end of the minute. In addition, you can specify the maximum number of simultaneous invocations of each service from a single IP address by appending a .Dq / followed by the number to the maximum number of outstanding child processes. Once the maximum is reached, further connections from this IP address will be dropped. .Pp The .Em user entry should contain the user name of the user as whom the server should run. This allows for servers to be given less permission than root. The optional .Em group part separated by .Dq \&: allows a group name other than the default group for this user to be specified. The optional .Em login-class part separated by .Dq / allows specification of a login class other than the default .Dq daemon login class. .Pp The .Em server-program entry should contain the pathname of the program which is to be executed by .Nm when a request is found on its socket. If .Nm provides this service internally, this entry should be .Dq internal . .Pp The .Em server-program-arguments entry lists the arguments to be passed to the .Em server-program , starting with argv[0], which usually is the name of the program. If the service is provided internally, the .Em service-name of the service (and any arguments to it) or the word .Dq internal should take the place of this entry. .Pp Currently, the only internal service to take arguments is .Dq auth . Without options, the service will always return .Dq ERROR\ : HIDDEN-USER . The available arguments to this service that alter its behavior are: .Bl -tag -width indent .It Fl d Ar fallback Provide a .Ar fallback username. If the real .Dq auth service is enabled (with the .Fl r option discussed below), return this username instead of an error when lookups fail for either socket credentials or the username. If the real .Dq auth service is disabled, return this username for every request. This is primarily useful when running this service on a NAT machine. .It Fl F Same as .Fl f but without the restriction that the username in .Pa .fakeid must not match an existing user. .It Fl f If the file .Pa .fakeid exists in the home directory of the identified user, report the username found in that file instead of the real username. If the username found in .Pa .fakeid is that of an existing user, then the real username is reported. If the .Fl i flag is also given then the username in .Pa .fakeid is checked against existing user IDs instead. .It Fl g Instead of returning the user's name to the ident requester, report a username made up of random alphanumeric characters, e.g., .Dq c0c993 . The .Fl g flag overrides not only the user names, but also any fallback name, .Pa .fakeid or .Pa .noident files. .It Fl i Return numeric user IDs instead of usernames. .It Fl n If the file .Pa .noident exists in the home directory of the identified user, return .Dq ERROR\ : HIDDEN-USER . This overrides any .Pa fakeid file which might exist. .It Fl o Ar osname Use .Ar osname instead of the name of the system as reported by .Xr uname 3 . .It Fl r Offer a real .Dq auth service, as per RFC 1413. All the remaining flags apply only in this case. .It Fl t Xo .Ar sec Ns Op Cm \&. Ns Ar usec .Xc Specify a timeout for the service. The default timeout is 10.0 seconds. .El .Pp The .Nm utility also provides several other .Dq trivial services internally by use of routines within itself. These services are .Dq echo , .Dq discard , .Dq chargen (character generator), .Dq daytime (human readable time), and .Dq time (machine readable time, in the form of the number of seconds since midnight, January 1, 1900). All of these services are available in both TCP and UDP versions; the UDP versions will refuse service if the request specifies a reply port corresponding to any internal service. (This is done as a defense against looping attacks; the remote IP address is logged.) For details of these services, consult the appropriate RFC document. .Pp The TCPMUX-demultiplexing service is also implemented as an internal service. For any TCPMUX-based service to function, the following line must be included in .Pa inetd.conf : .Bd -literal -offset indent tcpmux stream tcp nowait root internal .Ed .Pp When given the .Fl l option .Nm will log an entry to syslog each time a connection is accepted, noting the service selected and the IP-number of the remote requester if available. Unless otherwise specified in the configuration file, and in the absence of the .Fl W and .Fl w options, .Nm will log to the .Dq daemon facility. .Pp The .Nm utility rereads its configuration file when it receives a hangup signal, .Dv SIGHUP . Services may be added, deleted or modified when the configuration file is reread. Except when started in debugging mode, or configured otherwise with the .Fl p option, .Nm records its process ID in the file .Pa /var/run/inetd.pid to assist in reconfiguration. .Sh IMPLEMENTATION NOTES .Ss TCP Wrappers When given the .Fl w option, .Nm will wrap all services specified as .Dq stream nowait or .Dq dgram except for .Dq internal services. If the .Fl W option is given, such .Dq internal services will be wrapped. If both options are given, wrapping for both internal and external services will be enabled. Either wrapping option will cause failed connections to be logged to the .Dq auth syslog facility. Adding the .Fl l flag to the wrapping options will include successful connections in the logging to the .Dq auth facility. .Pp Note that .Nm only wraps requests for a .Dq wait service while no servers are available to service requests. Once a connection to such a service has been allowed, .Nm has no control over subsequent connections to the service until no more servers are left listening for connection requests. .Pp When wrapping is enabled, the .Pa tcpd daemon is not required, as that functionality is builtin. For more information on TCP Wrappers, see the relevant documentation .Pq Xr hosts_access 5 . When reading that document, keep in mind that .Dq internal services have no associated daemon name. Therefore, the service name as specified in .Pa inetd.conf should be used as the daemon name for .Dq internal services. .Ss TCPMUX RFC 1078 describes the TCPMUX protocol: ``A TCP client connects to a foreign host on TCP port 1. It sends the service name followed by a carriage-return line-feed . The service name is never case sensitive. The server replies with a single character indicating positive (+) or negative (\-) acknowledgment, immediately followed by an optional message of explanation, terminated with a . If the reply was positive, the selected protocol begins; otherwise the connection is closed.'' The program is passed the TCP connection as file descriptors 0 and 1. .Pp If the TCPMUX service name begins with a .Dq + , .Nm returns the positive reply for the program. This allows you to invoke programs that use stdin/stdout without putting any special server code in them. .Pp The special service name .Dq help causes .Nm to list the TCPMUX services which are enabled in .Pa inetd.conf . .Ss IPsec The implementation includes a tiny hack to support IPsec policy settings for each socket. A special form of comment line, starting with .Dq Li #@ , is interpreted as a policy specifier. Everything after the .Dq Li #@ will be used as an IPsec policy string, as described in .Xr ipsec_set_policy 3 . Each policy specifier is applied to all the following lines in .Pa inetd.conf until the next policy specifier. An empty policy specifier resets the IPsec policy. .Pp If an invalid IPsec policy specifier appears in .Pa inetd.conf , .Nm will provide an error message via the .Xr syslog 3 interface and abort execution. .Ss Ux Domain Sockets In addition to running services on IP sockets, .Nm can also manage .Ux domain sockets. To do this you specify a .Em protocol of .Dq unix and specify the .Ux domain socket as the .Em service-name . The .Em service-type may be .Dq stream or .Dq dgram . The specification of the socket must be an absolute path name, optionally prefixed by an owner and mode of the form .Em ":user:group:mode\&:" . The specification: .Pp .Dl ":news:daemon:220:/var/run/sock" .Pp creates a socket owned by user .Dq news in group .Dq daemon with permissions allowing only that user and group to connect. The default owner is the user that .Nm is running as. The default mode only allows the socket's owner to connect. .Pp .Sy WARNING : while creating a .Ux domain socket, .Nm must change the ownership and permissions on the socket. This can only be done securely if the directory in which the socket is created is writable only by root. Do .Em NOT use .Nm to create sockets in world writable directories such as .Pa /tmp ; use .Pa /var/run or a similar directory instead. .Pp Internal services may be run on .Ux domain sockets, in the usual way. In this case the name of the internal service is determined using the last component of the socket's pathname. For example, specifying a socket named .Pa /var/run/chargen would invoke the .Dq chargen service when a connection is received on that socket. .Sh "FILES" .Bl -tag -width /var/run/inetd.pid -compact .It Pa /etc/inetd.conf configuration file .It Pa /etc/netconfig network configuration data base .It Pa /etc/rpc translation of service names to RPC program numbers .It Pa /etc/services translation of service names to port numbers .It Pa /var/run/inetd.pid the pid of the currently running .Nm .El .Sh "EXAMPLES" Examples for a variety of services are available in .Pa /etc/inetd.conf . .Pp It includes examples for .Nm bootpd , .Nm comsat , .Nm cvs , .Nm date , .Nm fingerd , .Nm ftpd , .Nm imapd , .Nm nc , .Nm nmbd , .Nm nntpd , .Nm rlogind , .Nm rpc.rquotad , .Nm rpc.rusersd , .Nm rpc.rwalld , .Nm rpc.statd , .Nm rpc.sprayd , .Nm rshd , .Nm prometheus_sysctl_exporter , .Nm smtpd , .Nm smbd , .Nm swat .Nm talkd , .Nm telnetd , .Nm tftpd , .Nm uucpd . .Pp The internal services provided by .Nm for daytime, time, echo, discard and chargen are also included, as well as chargen for .Nm ipsec Authentication Headers .Pp Examples for handling auth requests via .Nm identd , are similarly included. .Sh "ERROR MESSAGES" The .Nm server logs error messages using .Xr syslog 3 . Important error messages and their explanations are: .Pp .Bl -ohang -compact .It Xo .Ar service Ns / Ns Ar protocol .No "server failing (looping), service terminated." .Xc The number of requests for the specified service in the past minute exceeded the limit. The limit exists to prevent a broken program or a malicious user from swamping the system. This message may occur for several reasons: .Bl -enum -offset indent .It There are many hosts requesting the service within a short time period. .It A broken client program is requesting the service too frequently. .It A malicious user is running a program to invoke the service in a denial-of-service attack. .It The invoked service program has an error that causes clients to retry quickly. .El .Pp Use the .Fl R Ar rate option, as described above, to change the rate limit. Once the limit is reached, the service will be reenabled automatically in 10 minutes. .Pp .It Xo .Ar service Ns / Ns Ar protocol : .No \&No such user .Ar user , .No service ignored .Xc .It Xo .Ar service Ns / Ns Ar protocol : .No getpwnam : .Ar user : .No \&No such user .Xc No entry for .Ar user exists in the .Xr passwd 5 database. The first message occurs when .Nm (re)reads the configuration file. The second message occurs when the service is invoked. .Pp .It Xo .Ar service : .No can't set uid .Ar uid .Xc .It Xo .Ar service : .No can't set gid .Ar gid .Xc The user or group ID for the entry's .Ar user field is invalid. .Pp .It "setsockopt(SO_PRIVSTATE): Operation not supported" The .Nm utility attempted to renounce the privileged state associated with a socket but was unable to. .Pp .It Xo unknown .Ar rpc/udp or .Ar rpc/tcp .Xc No entry was found for either .Ar udp or .Ar tcp in the .Xr netconfig 5 database. .Pp .It Xo unknown .Ar rpc/udp6 or .Ar rpc/tcp6 .Xc No entry was found for either .Ar udp6 or .Ar tcp6 in the .Xr netconfig 5 database. .El .Sh SEE ALSO .Xr cvs 1 Pq Pa ports/devel/opencvs , .Xr date 1 , .Xr nc 1 , .Xr ipsec_set_policy 3 , .Xr ipsec 4 , .Xr hosts_access 5 , .Xr hosts_options 5 , .Xr login.conf 5 , .Xr netconfig 5 , .Xr passwd 5 , .Xr rpc 5 , .Xr services 5 , .Xr bootpd 8 , .Xr comsat 8 , .Xr fingerd 8 , .Xr ftpd 8 , .Xr imapd 8 Pq Pa ports/mail/courier-imap , .Xr nmbd 8 Pq Pa ports/net/samba412 , .Xr rlogind 8 , .Xr rpc.rquotad 8 , .Xr rpc.rusersd 8 , .Xr rpc.rwalld 8 , .Xr rpc.statd 8 , .Xr rshd 8 , .Xr prometheus_sysctl_exporter 8 , .Xr smbd 8 Pq Pa ports/net/samba412 , .Xr talkd 8 , -.Xr telnetd 8 , +.Xr telnetd 8 Pq Pa ports/net/freebsd-telnetd , .Xr tftpd 8 , .Xr uucpd 8 Pq Pa ports/net/freebsd-uucp .Rs .%A Michael C. St. Johns .%T Identification Protocol .%O RFC1413 .Re .Sh HISTORY The .Nm utility appeared in .Bx 4.3 . TCPMUX is based on code and documentation by Mark Lottor. Support for ONC RPC-based services is modeled after that provided by SunOS 4.1. The IPsec hack was contributed by the KAME project in 1999. The .Fx TCP Wrappers support first appeared in .Fx 3.2 .