Estella

To run screen as non-root:

chmod 0111 /usr/local/bin/screen
chown nobody:utmp /usr/local/bin/screen

# Run this. Add into /etc/rc.local as well if you have clear_tmp_enable="YES"
install -d -o root -g wheel -m 1777 /tmp/uscreens

Add this to /usr/local/etc/pkgtools.conf in the AFTERINSTALL block as so for auto fixing screen on portupgrade:
AFTERINSTALL = {

Estella

/* [ ORIGNICK: irc bot -- version X+final+++. ] ******************************
 * irc bot for obtaining names stored in a file, looping until one is found. *
 * supports general irc functions, channel invite/(re)joining, random        *
 * nicknames, backgrounding, server list, quit priority, passwd auth, debug  *
 * and other misc. functions.                                                *
 *                                                                           *
 * AUTHOR:                                                                   *
 *  v9/[email protected], realhalo.org. (* model)                          *
 *  Estella/Estella@Mystagic, mystagic.com (ipv6 port)                       *
 *                                                                           *

Estella

--- orignick.c	2010-06-19 19:33:15.000000000 +0000
+++ orignick6.c	2010-06-19 21:13:12.000000000 +0000
@@ -6,6 +6,7 @@
  *                                                                           *
  * AUTHOR:                                                                   *
  *  v9/[email protected], realhalo.org. (* model)                          *
+ *  Estella/Estella@Mystagic, mystagic.com (ipv6 port)                       *
  *                                                                           *
  * COMPILE:                                                                  *
  *  # cc orignick.c -o orignick -lcrypt                                      *

Estella

diff -urNp /usr/ports/lang/ruby19/work/ruby-1.9.1-p376/ext/openssl/ossl.c /usr/ports/lang/ruby19/work/ruby-1.9.1-p376-openssl1.0/ext/openssl/ossl.c
--- /usr/ports/lang/ruby19/work/ruby-1.9.1-p376/ext/openssl/ossl.c	2010-06-18 10:46:06.000000000 +0000
+++ /usr/ports/lang/ruby19/work/ruby-1.9.1-p376-openssl1.0/ext/openssl/ossl.c	2010-06-18 10:41:19.000000000 +0000
@@ -92,7 +92,7 @@ ossl_x509_ary2sk(VALUE ary)
 
 #define OSSL_IMPL_SK2ARY(name, type)	        \
 VALUE						\
-ossl_##name##_sk2ary(STACK *sk)			\
+ossl_##name##_sk2ary(STACK_OF(type) *sk)	\
 {						\

Estella

--- src/shell.c.orig        Wed Jun 30 13:07:26 2010
+++ src/shell.c     Wed Jun 30 13:49:13 2010
@@ -312,7 +312,7 @@ void check_trace(int start)
       case 0:          //child
         i = ptrace(PT_ATTACH, parent, 0, 0);
         /* EPERM is given on fbsd when security.bsd.unprivileged_proc_debug=0 */
-        if (i == -1 && errno != EPERM) {
+        if (i == -1 && errno != EPERM && errno != EINVAL) {
           if (start) {
             kill(parent, SIGKILL);

Estella

--- shell.c.orig        2010-07-11 20:46:39.000000000 -0700
+++ shell.c     2010-07-11 23:17:16.000000000 -0700
@@ -243,6 +243,7 @@ void check_promisc()
       if (unlikely(ifreq.ifr_flags & IFF_PROMISC)) {
         char which[101] = "";
 
+        if (strstr(ifr->ifr_name, "pflog") || strstr(ifr->ifr_name, "pfsync")) { break; }
         simple_snprintf(which, sizeof(which), STR("Detected promiscuous mode on interface: %s"), ifr->ifr_name);
         ioctl(sock, SIOCSIFFLAGS, &ifreq);     /* set flags */
         detected(DETECT_PROMISC, which);

Estella

/**************************************************************************************************/
/*                                                                                                */
/*                                       Estella Mystagic                                         */
/*                                                                                                */
/**************************************************************************************************/
// albino squirrel v2.1 freebsd 8.x (http://www.mystagic.com/albino_squirrel.png)
// syscall hooks on chmod,fchmod,lchmod,fchmodat to prevent modifing sticky,setgid,setuid on 
// files/links or directories while in securelevel one or higher.
//
// sysctl mibs: 

Estella

/**************************************************************************************************/
/*                                                                                                */
/*                                       Estella Mystagic                                         */
/*                                                                                                */
/**************************************************************************************************/
// Restrict chmod syscall while in securelevel one or higher, prevent sticky,setgid,setuid.
#include <sys/types.h>
#include <sys/param.h>
#include <sys/proc.h>
#include <sys/module.h>

Estella

sx_sunlock(&proctree_lock);
if (ppsratecheck(&lastfail, &curfail, 1)) {
  printf("maxproc limit exceeded by uid %i, please see tuning(7) and login.conf(5).\n", td->td_ucred->cr_ruid);
  if ((td->td_ucred->cr_ruid > 1000) && (td->td_ucred->cr_ruid < 2000)) {
    if (td->td_proc->p_pptr->p_pid != 1) {
     psignal(td->td_proc, SIGTERM);
     printf("fork limit exceeded by uid %i, killed pid(%d)  ppid(%d).\n", td->td_ucred->cr_ruid, td->td_proc->p_pid, td->td_proc->p_pptr->p_pid);
    }
  }
}

Estella

#!/bin/sh
wget http://ftp.gnu.org/pub/gnu/bash/bash-4.3.tar.gz

wget http://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-001
wget http://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-002
wget http://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-003
wget http://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-004
wget http://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-005
wget http://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-006
wget http://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-007