Practical UNIX & Internet Security, 2nd Edition by Simson Garfinkel and Gene Spafford This page contains changes made in the 3/00 reprint. Here's the key to the markup: [page-number]: serious technical mistake {page-number}: minor technical mistake : important language/formatting problem (page-number): language change or minor formatting problem ?page-number?: reader question or request for clarification (xxviii & xxix) The following information was added to the Preface: Comments and Questions We have tested and verified the information in this book to the best of our ability, but you may find that features have changed (or even that we have made mistakes!). Please let us know about any errors you find, as well as your suggestions for future editions, by writing to: O'Reilly & Associates, Inc. 101 Morris Street Sebastopol, CA 95472 1-800-998-9938 (in the U.S. or Canada) 1-707-829-0515 (international/local) 1-707-829-0104 (FAX) You can also send us messages electronically. To be put on the mailing list or request a catalog, send email to: info@oreilly.com To ask technical questions or comment on the book, send email to: bookquestions@oreilly.com We have a web site for the book, where we'll list examples, errata, and any plans for future editions. You can access this page at: http://www.oreilly.com/catalog/puis/ For more information about this book and others, see the O'Reilly web site: http://www.oreilly.com {77} Figure 4.1, in the "Users Group" section: gid was changed from "102" to "100." (87) In the "Restricting su" section, the first sentence of the first paragraph did read: "...process group wheel..." It now reads: "...unix group wheel...". {101} The first footnote, marked with an asterisk, did read: "...NFS..." It now reads: "...NFS or another distributed file system..." (118) The last sentence of the first paragraph, did read: "...not to give one..." It now reads: "...not give one..." (131) The paragraph beginning with "Note that some versions..." did read: "...on remote machines..." It now reads: "...on client machines..." {150} In the paragraph entitled "crypt", the last sentence did read: "...crypt program..." It now reads: "...crypt() system call..." (167) The bulleted section titled "Authentication" did read: "...makes possible mathematically verifying..." It now reads: "...makes it possible to mathematically verify..." ?217? The second sentence in the second paragraph did read: "Alternatively, you can also use RCS (Revision Control System) or SCCS (Source Code Control System) to archive these files and keep a revision history." It now reads: "Alternatively, you can also use RCS (Revision Control System), CVS (Concurrent Versions System), or SCCS (Source Code Control System) to archive these files and keep a revision history." {233} The third line of the second paragraph did read: "...chroot system command..." It now reads: "...chroot() system call..." (236) A footnote has been added for the "Restricting Logins" title that reads "There may be mechanisms and methods under other versions of Unix for restricting accounts and managing dormant accounts. We present the most common methods in these sections of the book." {238} The second sentence in the last paragraph did read: "You can tell you are using shadow passwords if the password field in /etc/passwd is blank or contains an asterisk or hash marks for every password, instead of containing regular encrypted passwords." It now reads: "You can tell you are using shadow passwords if the password field in /etc/passwd is blank, or contains a symbol such as ! or # for every password, instead of containing regular encrypted passwords." {263} The third sentence of the third paragraph in the section "Shadow Password Files" did read: "(For instance, SVR4 uses the file /etc/shadow, with protected mode 400, and owned by root; ...)" It now reads: "(For instance, SVR4 uses the file /etc/shadow, with protected mode 600, and owned by root; ...)" (300) The first line of the first paragraph did read: "This command can..." It now reads: "This file can..." ?311? A footnote has been added for the "NOTE" section in the middle of the page, which reads: "AIX silently ignores .* as priority, one has to use .debug." (316) In Table 10-5, the fourth row in the "Message" column, which read "root logged in.", has been moved to column 3, line 2. ?332? The second line in the fourth paragraph did read: "...wishes to run--a game..." It now reads: "...wishes to run--login, a game..." {342} The third line of the first paragraph did read: "...not contain a / symbol..." It now reads: "...not contain a leading / symbol..." {342} The third code section did read: "PATH= /usr/bin......." It now reads: "PATH=/usr/bin........" (extra blank between "=" and "/" deleted) {355} In the NOTE, the extra blanks before "access" in the Berkley example have been deleted.