From kuma@slab.tnr.sharp.co.jp Sun Mar  7 23:26:53 1999
Return-Path: <kuma@slab.tnr.sharp.co.jp>
Received: from od3.sharp.co.jp (od3.sharp.co.jp [202.32.86.132])
	by hub.freebsd.org (Postfix) with ESMTP id CD54E14D43
	for <FreeBSD-gnats-submit@freebsd.org>; Sun,  7 Mar 1999 23:26:48 -0800 (PST)
	(envelope-from kuma@slab.tnr.sharp.co.jp)
Received: by od3.sharp.co.jp; id QAA02110; Mon, 8 Mar 1999 16:26:24 +0900 (JST)
Received: from unknown(133.159.14.115) by od3.sharp.co.jp via smap (4.1)
	id xma001840; Mon, 8 Mar 99 16:25:22 +0900
Received: from td1.tnr.sharp.co.jp (root@td1.tnr.sharp.co.jp [133.159.52.20]) by od.sharp.co.jp (8.8.5/3.5W-98081113) with ESMTP id QAA27095; Mon, 8 Mar 1999 16:25:20 +0900 (JST)
Received: from mailfwd.slab.tnr.sharp.co.jp ([10.32.30.11]) by td1.tnr.sharp.co.jp (8.8.5/3.5W-97080613) with ESMTP id QAA22906; Mon, 8 Mar 1999 16:25:19 +0900 (JST)
Received: from server01.slab.tnr.sharp.co.jp ([10.32.50.4])
	by mailfwd.slab.tnr.sharp.co.jp (8.8.4+2.7Wbeta4/3.6Wbeta7) with ESMTP id QAA14801;
	Mon, 8 Mar 1999 16:24:11 +0900 (JST)
Received: from gaye.slab.tnr.sharp.co.jp (gaye.slab.tnr.sharp.co.jp [10.32.49.117])
	by server01.slab.tnr.sharp.co.jp (8.8.5/3.6Wbeta7 98051815) with ESMTP id QAA27467;
	Mon, 8 Mar 1999 16:25:19 +0900 (JST)
Received: (from kuma@localhost) by gaye.slab.tnr.sharp.co.jp (8.8.7/3.5Wpl5) id QAA01164; Mon, 8 Mar 1999 16:25:19 +0900 (JST)
Message-Id: <199903080725.QAA01164@gaye.slab.tnr.sharp.co.jp>
Date: Mon, 8 Mar 1999 16:25:19 +0900 (JST)
From: kuma@jp.freebsd.org
Sender: kuma@slab.tnr.sharp.co.jp
Reply-To: kuma@jp.freebsd.org
To: FreeBSD-gnats-submit@freebsd.org
Cc: horikawa@jp.freebsd.org
Subject: possible typo in security.7
X-Send-Pr-Version: 3.2

>Number:         10482
>Category:       docs
>Synopsis:       typo? in security.7 man pages
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    ghelmer
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          doc-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Mar  7 23:30:00 PST 1999
>Closed-Date:    Mon Mar 15 09:43:37 CST 1999
>Last-Modified:  Mon Mar 15 09:43:47 CST 1999
>Originator:     Norihiro Kumagai
>Release:        FreeBSD 3.1-RELEASE i386
>Organization:
Japanese FreeBSD Manual Translation Project
>Environment:

	Any box installed with 3.1-RELEASE

>Description:

	In the following paragraph, (in line 365) 

It is a very good idea to protect internal services from external access
by firewalling them off at your border routers.  The idea here is to prevent
saturation attacks from outside your LAN, not so much to protect internal
services from root network-based root compromise.  Always configure an exclusive
firewall, i.e. 'firewall everything *except* ports A, B, C, D, and M-Z'.   This
way you can firewall off all of your low ports except for certain specific
services such as named (if you are primary for a zone), ntalkd, sendmail,
and other internet-accessible services.

	the phrase "root network-based root compromise" should be
	better "network-based root compromise", I guess.

	I am afraid that my poor English reading has lead me to 
	misunderstanding, that is, "root network-based root 
	compromise" is really right.
	In case of my misunderstanding, I would be happy to hear the
	meaning of "root network-based root compromise" for the future
	better Japanese translation.

>How-To-Repeat:

	hit, "man security":-)

>Fix:

	The following patch be applied:

--- security.7-org	Mon Mar  8 16:18:54 1999
+++ security.7	Mon Mar  8 16:20:44 1999
@@ -365,7 +365,7 @@
 It is a very good idea to protect internal services from external access
 by firewalling them off at your border routers.  The idea here is to prevent
 saturation attacks from outside your LAN, not so much to protect internal 
-services from root network-based root compromise.  Always configure an exclusive
+services from network-based root compromise.  Always configure an exclusive
 firewall, i.e. 'firewall everything *except* ports A, B, C, D, and M-Z'.   This
 way you can firewall off all of your low ports except for certain specific
 services such as named (if you are primary for a zone), ntalkd, sendmail,

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-doc->ghelmer 
Responsible-Changed-By: ghelmer 
Responsible-Changed-When: Thu Mar 11 14:12:15 CST 1999 
Responsible-Changed-Why:  
I'll take this. 
State-Changed-From-To: open->closed 
State-Changed-By: ghelmer 
State-Changed-When: Mon Mar 15 09:43:37 CST 1999 
State-Changed-Why:  
Fixed, thanks. 
>Unformatted:
