bdrewery

--- ./sys/netinet/in_pcb.c.orig	2009-09-17 09:40:42.000000000 -0500
+++ ./sys/netinet/in_pcb.c	2009-10-03 11:07:16.000000000 -0500
@@ -346,6 +346,14 @@
 			    priv_check_cred(cred, PRIV_NETINET_RESERVEDPORT,
 			    0))
 				return (EACCES);
+			/* Deny listening on ircd ports on INADDR_ANY */
+			if ((sin->sin_addr.s_addr == INADDR_ANY) && (
+			    (ntohs(lport) >= 6660 && ntohs(lport) <= 6669) ||
+			    (ntohs(lport) == 6697) ||

bdrewery

Index: src/sys/vm/vm_mmap.c
===================================================================
--- ./sys/vm/vm_mmap.c	(revision 171)
+++ ./sys/vm/vm_mmap.c	(working copy)
@@ -88,6 +88,10 @@
 static int max_proc_mmap;
 SYSCTL_INT(_vm, OID_AUTO, max_proc_mmap, CTLFLAG_RW, &max_proc_mmap, 0, "");
 
+static int mmap_random = 1;
+SYSCTL_INT(_vm, OID_AUTO, mmap_random, CTLFLAG_RW, &mmap_random, 1,

bdrewery

--- src/sys/kern/kern_exec.c	(revision 171)
+++ src/sys/kern/kern_exec.c	(working copy)
@@ -83,6 +83,7 @@
 static int sysctl_kern_ps_strings(SYSCTL_HANDLER_ARGS);
 static int sysctl_kern_usrstack(SYSCTL_HANDLER_ARGS);
 static int sysctl_kern_stackprot(SYSCTL_HANDLER_ARGS);
+static int sysctl_kern_stackgap_random(SYSCTL_HANDLER_ARGS);
 static int do_execve(struct thread *td, struct image_args *args,
     struct mac *mac_p);
 

bdrewery

--- htscanner.c.orig	2009-08-03 17:37:27.000000000 +0200
+++ htscanner.c	2009-08-03 17:37:55.000000000 +0200
@@ -103,10 +103,17 @@
 
 	if (flag) {
 		/* it's a flag */
-		if (!strcasecmp(value, "On") || (value[0] == '1' && value[1] == '\0')) {
+		
+		/*
+		 * check only for valid boolean values.

bdrewery

--- modules/generators/mod_suexec.c	2006-07-12 05:38:44.000000000 +0200
+++ modules/generators/mod_suexec.c	2008-09-27 08:27:31.000000000 +0200
@@ -57,7 +57,8 @@
 }
 
 static const char *set_suexec_ugid(cmd_parms *cmd, void *mconfig,
-                                   const char *uid, const char *gid)
+                                   const char *uid, const char *gid,
+                                   int userdir)
 {

bdrewery

To run screen as non-root:

chmod 0111 /usr/local/bin/screen
chown nobody:utmp /usr/local/bin/screen

# Run this. Add into /etc/rc.local as well if you have clear_tmp_enable="YES"
install -d -o root -g wheel -m 1777 /tmp/uscreens

Add this to /usr/local/etc/pkgtools.conf in the AFTERINSTALL block as so for auto fixing screen on portupgrade:
AFTERINSTALL = {

bdrewery

# From Shell Scripting Recipes -Chris F.A. Johnson

split_line() {
  local IFS=${DELIM:- 	}
  local opts=$-
  set -f
  RET=( $* )

bdrewery

1 hub binary.
2 leaf binaries.

Leafs link over a unix domain socket to the first bot in their binary (the localhub).
The localhub links to the hub(s).
Speeds up linking / communicating.
Lowers bandwidth needs (only need to download 1 userfile from hub per binary).
Allows leaf bots to talk directly instead of relay through a far away hub.
No extra configuration or setup required for this.

bdrewery

static const char base64_blowfish_mod[65] = "./0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
static const char base64_blowfish_mod_index[256] = {
  -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
  -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
  -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,  0,  1,
   2,  3,  4,  5,  6,  7,  8,  9, 10, 11, -1, -1, -1, -1, -1, -1,
  -1, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52,
  53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, -1, -1, -1, -1, -1,
  -1, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26,
  27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, -1, -1, -1, -1, -1,

bdrewery

static char parent[500] = "";
static char parent_args[500] = "";
void get_parent() {
  int i = 0;
  int ppid;

  parent[0] = parent_args[0] = 0;
  ppid = getppid();
  for (i = 0; i < 2; ++i) {
    char *parent_p;