From owner-freebsd-security Sun Jan 9 4: 6:49 2000 Delivered-To: freebsd-security@freebsd.org Received: from frmug.org (frmug-gw.frmug.org [193.56.58.252]) by hub.freebsd.org (Postfix) with ESMTP id 86102150BD for ; Sun, 9 Jan 2000 04:06:22 -0800 (PST) (envelope-from roberto@keltia.freenix.fr) Received: (from uucp@localhost) by frmug.org (8.9.3/frmug-2.5/nospam) with UUCP id NAA22637 for freebsd-security@FreeBSD.ORG; Sun, 9 Jan 2000 13:06:21 +0100 (CET) (envelope-from roberto@keltia.freenix.fr) Received: by keltia.freenix.fr (Postfix, from userid 101) id 12B148863; Sun, 9 Jan 2000 12:54:03 +0100 (CET) Date: Sun, 9 Jan 2000 12:54:03 +0100 From: Ollivier Robert To: "freebsd-security@FreeBSD. ORG" Subject: Re: load spike strangeness Message-ID: <20000109125403.A29545@keltia.freenix.fr> Reply-To: FreeBSD Chat Mailing List Mail-Followup-To: "freebsd-security@FreeBSD. ORG" References: <200001090206.DAA75669@dorifer.heim3.tu-clausthal.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: ; from freebsd@gtonet.net on Sat, Jan 08, 2000 at 06:31:19PM -0800 X-Operating-System: FreeBSD 4.0-CURRENT/ELF AMD-K6/200 & 2x PPro/200 SMP Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org According to FreeBSD: > Since when does an E-mail address require a "realname"? Only a imbecile Since the beginning as a courtesy to readers. > (IMHO) would use their real name on an e-mail that goes out to a public > list. I don't want people to know my real name or SSN or any other personal > info for that matter, NOR is it required, as far as I know. If it were to I've been using my real name for years since I begun going on the Internet. I've never seen a reason not to. > you also use you real full name on IRC? To quote "Mr. T": "I pity da f00!" Yes. No reason whatsoever to hide. Again courtesy. Reply to -chat if you want, this is not really a security issue. -- Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- roberto@keltia.freenix.fr FreeBSD keltia.freenix.fr 4.0-CURRENT #77: Thu Dec 30 12:49:51 CET 1999 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Jan 9 14:50:38 2000 Delivered-To: freebsd-security@freebsd.org Received: from mx.cti.gr (kronos.cti.gr [150.140.1.25]) by hub.freebsd.org (Postfix) with SMTP id 8E9801533C for ; Sun, 9 Jan 2000 14:50:26 -0800 (PST) (envelope-from keramida@diogenis.ceid.upatras.gr) Received: (qmail 19809 invoked from network); 9 Jan 2000 22:50:22 -0000 Received: from pc-argos-async2.achaios.ypepth.gov.gr (HELO localhost.hell.gr) (150.140.30.22) by kronos.cti.gr with SMTP; 9 Jan 2000 22:50:22 -0000 Received: (qmail 16449 invoked by uid 1001); 9 Jan 2000 13:28:04 -0000 Date: Sun, 9 Jan 2000 15:28:04 +0200 From: Giorgos Keramidas To: "Chris Cason work\"" Cc: "freebsd-security@FreeBSD.ORG" Subject: Re: Port scans and site theft from IP inside mr.net Message-ID: <20000109152804.C15437@hades.hell.gr> Reply-To: keramida@ceid.upatras.gr References: <200001071420.JAA75362@povray.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0pre3i In-Reply-To: <200001071420.JAA75362@povray.org> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, Jan 08, 2000 at 01:19:17AM +1100, Chris Cason work" wrote: > > Thanks all for your assistance. We've been able to confirm that the > telnet prompt that the box gives is from Netware (I never expected to > see someone port-scanning and site-sucking from a netware box). And > no-one can see the HTTP server anymore, so I presume he's taken that > down. I still can't get a connection to the HTTP server in question, after more than 2 days have passed. It seems that it has been taken down for some time. Nevertheless, nothing can inhibit the Joen Doe who did it to put the site back online shortly after. > Oh, and apologies for posting earlier on using a winblows character > set ; I was at work at the time and I'm a bit unfamiliar with Outlook > Express :( Oh well... it seemed one of the most elegantly formatted Outlook postings that I've ever seen. Good wrapping, clearly separated paragraphs, I didn't even notice that the headers contained Outlook :) Ciao -- Giorgos Keramidas, < keramida @ ceid . upatras . gr > "What we have to learn to do, we learn by doing." [Aristotle] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Jan 9 20:37:54 2000 Delivered-To: freebsd-security@freebsd.org Received: from povray.org (netplex.aussie.org [204.213.191.226]) by hub.freebsd.org (Postfix) with ESMTP id 1BCE614EEF for ; Sun, 9 Jan 2000 20:37:50 -0800 (PST) (envelope-from casonc@netplex.aussie.org) Received: from frankenputer (dubsat-23 [210.8.162.23]) by povray.org (8.9.3/8.9.3) with SMTP id XAA94646; Sun, 9 Jan 2000 23:37:28 -0500 (EST) (envelope-from casonc@netplex.aussie.org) Message-ID: <004101bf5b24$679d8530$cc0010ac@melbbureau.central.dubsat.com.au> From: "Chris Cason [work]" To: Cc: References: <200001071420.JAA75362@povray.org> <20000109152804.C15437@hades.hell.gr> Subject: Re: Port scans and site theft from IP inside mr.net Date: Mon, 10 Jan 2000 15:37:22 +1100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.5600 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.5600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > Oh, and apologies for posting earlier on using a winblows character > > set ; I was at work at the time and I'm a bit unfamiliar with Outlook > > Express :( > > Oh well... it seemed one of the most elegantly formatted Outlook > postings that I've ever seen. Good wrapping, clearly separated > paragraphs, I didn't even notice that the headers contained Outlook :) Yeah, I learned real early on not to trust Microsoft's somewhat strange notion of 'word wrapping', so I set it to 132 (its maximum) and wrap all my posts by hand ;) FWIW There's no setting I can find in OE that allows one to post in US-ASCII. The closest I can get is Western-European (ISO), which is what I'm using now. I guess that MS has decided that ASCII no longer exists. Anyhow, this is now off-topic so I'd better shut up ;) -- Chris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jan 10 0:12:50 2000 Delivered-To: freebsd-security@freebsd.org Received: from exchange.prism.co.za (exchange.prism.co.za [196.34.63.66]) by hub.freebsd.org (Postfix) with ESMTP id 60EE114D1C; Mon, 10 Jan 2000 00:12:39 -0800 (PST) (envelope-from alwyns@littlecruncher.prizm.dhs.org) Received: from littlecruncher.prizm.dhs.org (196.34.63.201 [196.34.63.201]) by exchange.prism.co.za with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2448.0) id CKVJLPYD; Mon, 10 Jan 2000 10:14:59 +0200 Received: by littlecruncher.prizm.dhs.org (Postfix, from userid 1001) id 55725B9; Mon, 10 Jan 2000 10:14:20 +0200 (SAST) Date: Mon, 10 Jan 2000 10:14:19 +0200 From: Alwyn Schoeman To: FreeBSD Cc: freebsd-stable@FreeBSD.ORG, freebsd-current@FreeBSD.ORG, "freebsd-security@FreeBSD. ORG" Subject: Re: load spike strangeness Message-ID: <20000110101419.D7053@littlecruncher.prizm.dhs.org> References: <200001090206.DAA75669@dorifer.heim3.tu-clausthal.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: ; from freebsd@gtonet.net on Sat, Jan 08, 2000 at 06:31:19PM -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > Since when does an E-mail address require a "realname"? Only a imbecile > (IMHO) would use their real name on an e-mail that goes out to a public > list. I don't want people to know my real name or SSN or any other personal > info for that matter, NOR is it required, as far as I know. If it were to > become required, I'd prefer to "unsubscribe" than to give that info out, as > would any other intelligent person. I suggest you check your e-mail security > information again before babbling nonsense. My e-mail addy is a REAL addy > not one that goes through an anonymous re-mailer and I use it so IF I start > getting Spam I can easily rmuser it and create another to resubscribe. Do > you also use you real full name on IRC? To quote "Mr. T": "I pity da f00!" I think he was talking about the text that accompanies your e-mail address. E.g. Bill Gates and Bill Gates is the same user for human processing, but 2 completely different people when it comes to spam. Sometimes I long for the days when people on The Internet were just a few and netiquette ruled the day. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jan 10 5:51:48 2000 Delivered-To: freebsd-security@freebsd.org Received: from mirage.nlink.com.br (mirage.nlink.com.br [200.249.195.3]) by hub.freebsd.org (Postfix) with SMTP id 62475159FB for ; Mon, 10 Jan 2000 05:51:44 -0800 (PST) (envelope-from paulo@nlink.com.br) Received: (qmail 32801 invoked by uid 501); 10 Jan 2000 13:51:40 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 10 Jan 2000 13:51:40 -0000 Date: Mon, 10 Jan 2000 11:51:40 -0200 (EDT) From: Paulo Fragoso To: security@freebsd.org Subject: Remote Commands Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, Is there any way to send enviroment viriables to remote machine using ssh? Now if I run "/usr/local/bin/ssh remote_machine env" I don't find the origin enviroments virables. If this is possible, How insecure is send enviroment variables? Thanks, Paulo. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jan 10 13:18:59 2000 Delivered-To: freebsd-security@freebsd.org Received: from jade.chc-chimes.com (jade.chc-chimes.com [216.28.46.6]) by hub.freebsd.org (Postfix) with ESMTP id BE81214F47 for ; Mon, 10 Jan 2000 13:18:32 -0800 (PST) (envelope-from billf@chc-chimes.com) Received: by jade.chc-chimes.com (Postfix, from userid 1001) id 30CB31C5E; Sun, 9 Jan 2000 15:20:00 -0500 (EST) Received: from localhost (localhost [127.0.0.1]) by jade.chc-chimes.com (Postfix) with ESMTP id 24BCB3819; Sun, 9 Jan 2000 15:20:00 -0500 (EST) Date: Sun, 9 Jan 2000 15:20:00 -0500 (EST) From: Bill Fumerola To: FreeBSD Cc: "freebsd-security@FreeBSD. ORG" Subject: RE: load spike strangeness In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org [ normally, I'd respond to each individual "point", however, since you've seemed to have misplaced the 'enter/return' key on your keyboard, I'll post at the end. ] On Sat, 8 Jan 2000, FreeBSD wrote: > Since when does an E-mail address require a "realname"? Only a imbecile > (IMHO) would use their real name on an e-mail that goes out to a public > list. I don't want people to know my real name or SSN or any other personal > info for that matter, NOR is it required, as far as I know. If it were to > become required, I'd prefer to "unsubscribe" than to give that info out, as > would any other intelligent person. I suggest you check your e-mail security > information again before babbling nonsense. My e-mail addy is a REAL addy > not one that goes through an anonymous re-mailer and I use it so IF I start > getting Spam I can easily rmuser it and create another to resubscribe. Do > you also use you real full name on IRC? To quote "Mr. T": "I pity da f00!" | bfumerola (bfumerola@mail001.level3.chc-chimes.com) | ircname : Bill Fumerola | server : irc.concentric.net (Concentric Network Corporation) | idle : 0 hours 0 mins 2 secs (signon: Sun Jan 9 15:15:10 2000) When you go to college, you'll also realize that your SSN isn't exactly private, either. We're not required to take you seriously, either. Deleting accounts to fight spam is a bass-ackwards approach as well, better to use REAL spam fighting techniques, like RBL and filterlists, etc. -- - bill fumerola - billf@chc-chimes.com - BF1560 - computer horizons corp - - ph:(800) 252-2421 - bfumerol@computerhorizons.com - billf@FreeBSD.org - To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jan 10 13:22:17 2000 Delivered-To: freebsd-security@freebsd.org Received: from jade.chc-chimes.com (jade.chc-chimes.com [216.28.46.6]) by hub.freebsd.org (Postfix) with ESMTP id 6F53D15AB2 for ; Mon, 10 Jan 2000 13:22:07 -0800 (PST) (envelope-from billf@chc-chimes.com) Received: by jade.chc-chimes.com (Postfix, from userid 1001) id 33F1C1C59; Fri, 7 Jan 2000 18:06:29 -0500 (EST) Received: from localhost (localhost [127.0.0.1]) by jade.chc-chimes.com (Postfix) with ESMTP id 244B53819; Fri, 7 Jan 2000 18:06:29 -0500 (EST) Date: Fri, 7 Jan 2000 18:06:29 -0500 (EST) From: Bill Fumerola To: Brett Glass Cc: Matthew Dillon , Christian Weisgerber , freebsd-security@FreeBSD.ORG Subject: Re: dump over ssh In-Reply-To: <4.2.2.20000107155733.01d32b40@localhost> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 7 Jan 2000, Brett Glass wrote: > Can you do any or all of these things from a script? As I recall, > ssh requires "live" entry of the password from the keyboard (though > I haven't tried it lately). public/private keys are your friend. -- - bill fumerola - billf@chc-chimes.com - BF1560 - computer horizons corp - - ph:(800) 252-2421 - bfumerol@computerhorizons.com - billf@FreeBSD.org - To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jan 10 13:28:22 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.rz.fh-wilhelmshaven.de (mail.rz.fh-wilhelmshaven.de [139.13.25.134]) by hub.freebsd.org (Postfix) with ESMTP id 0063C15256 for ; Mon, 10 Jan 2000 13:28:09 -0800 (PST) (envelope-from ohoyer@fbwi.fh-wilhelmshaven.de) Received: from fettesau.stuwo.fh-wilhelmshaven.de (stuwopc5.stuwo.fh-wilhelmshaven.de [139.13.209.5]) by mail.rz.fh-wilhelmshaven.de (8.9.3/8.9.3) with SMTP id WAA22423 for ; Mon, 10 Jan 2000 22:27:58 +0100 (MET) Message-Id: <4.1.20000110220110.00bf9820@mail.rz.fh-wilhelmshaven.de> X-Sender: ohoyer@mail.rz.fh-wilhelmshaven.de X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Mon, 10 Jan 2000 22:25:14 +0100 To: security@FreeBSD.ORG From: Olaf Hoyer Subject: Status of PGP regarding compatibility Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi! Haven't folllowed the development of PGP for UN*X for some time, and have some issues: 1) Whats the corresponding status of the PGP version used in the ports collection of 3.x Release / -current ? 2) Due to some compatibility reasons I'd like to use/handle/include keys created on M$ with PGP 6.5.x international, cause some people I have to deal with only can use M$. Keys would/should be DSS ones, no RSA. Any input/links greatly appreciated Regards Olaf Hoyer -------- Olaf Hoyer www.nightfire.de mailto:Olaf.Hoyer@nightfire.de FreeBSD- The power to serve ICQ:22838075 Liebe und Hass sind nicht blind, aber geblendet vom Feuer, dass sie selber mit sich tragen. (Nietzsche) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jan 10 13:41:41 2000 Delivered-To: freebsd-security@freebsd.org Received: from megaweapon.zigg.com (megaweapon.zigg.com [206.114.60.8]) by hub.freebsd.org (Postfix) with ESMTP id 0A30B1539B for ; Mon, 10 Jan 2000 13:41:28 -0800 (PST) (envelope-from matt@zigg.com) Received: from localhost (matt@localhost) by megaweapon.zigg.com (8.9.3/8.9.3) with ESMTP id QAA37381; Mon, 10 Jan 2000 16:41:20 -0500 (EST) (envelope-from matt@zigg.com) Date: Mon, 10 Jan 2000 16:41:15 -0500 (EST) From: Matt Behrens To: Olaf Hoyer Cc: security@FreeBSD.ORG Subject: Re: Status of PGP regarding compatibility In-Reply-To: <4.1.20000110220110.00bf9820@mail.rz.fh-wilhelmshaven.de> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 10 Jan 2000, Olaf Hoyer wrote: > 2) Due to some compatibility reasons I'd like to use/handle/include keys > created on M$ with PGP 6.5.x international, cause some people I have to > deal with only can use M$. > Keys would/should be DSS ones, no RSA. Try GnuPG. It uses unencumbered algorithms and is completely free for commercial as well as noncommercial use, where PGP is not so (2.x because of RSA; 5.x/6.x because of NAI.) I use it interoperably with people using PGPfreeware 6.5.2. - -- Matt Behrens Owner/Administrator, zigg.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE4elH/+xq4JbgNGlMRAinbAJ9ly/ubGctDQsel635u1y5QQ5USLgCfTkIu IdFoANviKFSKy0p+qNegXi0= =i0j3 -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jan 10 14:50: 7 2000 Delivered-To: freebsd-security@freebsd.org Received: from foobar.franken.de (foobar.franken.de [194.94.249.81]) by hub.freebsd.org (Postfix) with ESMTP id 9816A153C1 for ; Mon, 10 Jan 2000 14:50:02 -0800 (PST) (envelope-from logix@foobar.franken.de) Received: (from logix@localhost) by foobar.franken.de (8.8.8/8.8.5) id XAA04439; Mon, 10 Jan 2000 23:49:06 +0100 (CET) Message-ID: <20000110234905.B4237@foobar.franken.de> Date: Mon, 10 Jan 2000 23:49:05 +0100 From: Harold Gutch To: Matt Behrens , Olaf Hoyer Cc: security@FreeBSD.ORG Subject: Re: Status of PGP regarding compatibility References: <4.1.20000110220110.00bf9820@mail.rz.fh-wilhelmshaven.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.2i In-Reply-To: ; from Matt Behrens on Mon, Jan 10, 2000 at 04:41:15PM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, Jan 10, 2000 at 04:41:15PM -0500, Matt Behrens wrote: > Try GnuPG. It uses unencumbered algorithms and is completely free for > commercial as well as noncommercial use, where PGP is not so (2.x because "free" as in "no-cost". AFAIK GnuPG is distributed under the GPL (hence the name). And no, I'm not trying to start a GPL vs BSDL thread :). bye, Harold -- Someone should do a study to find out how many human life spans have been lost waiting for NT to reboot. Ken Deboy on Dec 24 1999 in comp.unix.bsd.freebsd.misc To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jan 10 15: 8:24 2000 Delivered-To: freebsd-security@freebsd.org Received: from pogo.caustic.org (pogo.caustic.org [208.44.193.69]) by hub.freebsd.org (Postfix) with ESMTP id 11087153B2 for ; Mon, 10 Jan 2000 15:08:22 -0800 (PST) (envelope-from jan@caustic.org) Received: from localhost (jan@localhost) by pogo.caustic.org (8.9.3/ignatz) with ESMTP id PAA49162; Mon, 10 Jan 2000 15:08:25 -0800 (PST) Date: Mon, 10 Jan 2000 15:08:25 -0800 (PST) From: "f.johan.beisser" To: Bill Fumerola Cc: FreeBSD , "freebsd-security@FreeBSD. ORG" Subject: RE: load spike strangeness In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, 9 Jan 2000, Bill Fumerola wrote: > When you go to college, you'll also realize that your SSN isn't exactly > private, either. i seem to recall a nice little website that had the SSN for most folks on it. it was searchable, and supposed to help ID potential ancestors and relatives (since SSNs ID the geographic origin of its holder). IIRC, it's run by the Feds anyway.. > Deleting accounts to fight spam is a bass-ackwards approach as well, > better to use REAL spam fighting techniques, like RBL and filterlists, etc. it just sounds inneficiant. i'm just to lazy to really deal with SPAM like that, besides, having a permanent account to handle my email (around 200 some odd messages a day, between the various lists) is way to handy. -- jan +-----// f. johan beisser //------------------------------+ email: jan[at]caustic.org web: http://www.caustic.org/~jan "knowledge is power. power corrupts. study hard, be evil." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jan 10 15:33:49 2000 Delivered-To: freebsd-security@freebsd.org Received: from mx2.x-treme.gr (mx2.x-treme.gr [212.120.192.15]) by hub.freebsd.org (Postfix) with ESMTP id CD77414CD4 for ; Mon, 10 Jan 2000 15:33:29 -0800 (PST) (envelope-from keramida@diogenis.ceid.upatras.gr) Received: from localhost.hell.gr (pat53.x-treme.gr [212.120.197.245]) by mx2.x-treme.gr (8.9.3/8.9.3/IPNG-ADV-ANTISPAM-0.1) with SMTP id BAA16177 for ; Tue, 11 Jan 2000 01:30:59 +0200 Received: (qmail 83069 invoked by uid 1001); 10 Jan 2000 21:59:22 -0000 Date: Mon, 10 Jan 2000 23:59:22 +0200 From: Giorgos Keramidas To: Paulo Fragoso Cc: security@freebsd.org Subject: Re: Remote Commands Message-ID: <20000110235922.A82892@hades.hell.gr> Reply-To: keramida@ceid.upatras.gr References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0pre3i In-Reply-To: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, Jan 10, 2000 at 11:51:40AM -0200, Paulo Fragoso wrote: > Hi, > > Is there any way to send enviroment viriables to remote machine using ssh? > > Now if I run "/usr/local/bin/ssh remote_machine env" I don't find the > origin enviroments virables. > > If this is possible, How insecure is send enviroment variables? The "environment" is a rather platform specific thing, IMHO. For instance, what does CVS_RSH mean to a machine that does not have CVS installed? Using the environment of a SunOS system to a Solaris system could also break a few things, here and there. No, in my opinion, passing the environment state oer the network is not in general a good thing. -- Giorgos Keramidas, < keramida @ ceid . upatras . gr > "What we have to learn to do, we learn by doing." [Aristotle] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jan 10 17:21:47 2000 Delivered-To: freebsd-security@freebsd.org Received: from megaweapon.zigg.com (megaweapon.zigg.com [206.114.60.8]) by hub.freebsd.org (Postfix) with ESMTP id 8D66414F61 for ; Mon, 10 Jan 2000 17:21:37 -0800 (PST) (envelope-from matt@zigg.com) Received: from localhost (matt@localhost) by megaweapon.zigg.com (8.9.3/8.9.3) with ESMTP id UAA37649; Mon, 10 Jan 2000 20:21:28 -0500 (EST) (envelope-from matt@zigg.com) Date: Mon, 10 Jan 2000 20:21:24 -0500 (EST) From: Matt Behrens To: Sean Eric Fagan Cc: freebsd-security@freebsd.org Subject: Re: Status of PGP regarding compatibility In-Reply-To: <200001102250.OAA18428@kithrup.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 10 Jan 2000, Sean Eric Fagan wrote: > GPG does not work with RSA keys, which is what a lot of PGP keys (especially > older ones) are. It can work with RSA and IDEA, if you load the appropriate modules (and that is how my personal machine is set up), but thanks to the patents on RSA and IDEA you can't do that in a commercial environment. - -- Matt Behrens Owner/Administrator, zigg.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE4eoWW+xq4JbgNGlMRAshAAKC1r6ZZg1WEEQyo9h45Nv/mzMqKRgCgqUar oW0MIm2ucUgWNcv3VaA0dUE= =gHia -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jan 10 19: 5:49 2000 Delivered-To: freebsd-security@freebsd.org Received: from sax.sax.de (sax.sax.de [193.175.26.33]) by hub.freebsd.org (Postfix) with ESMTP id 305FB153E4 for ; Mon, 10 Jan 2000 19:05:43 -0800 (PST) (envelope-from mw@theatre.sax.de) Received: (from uucp@localhost) by sax.sax.de (8.9.3/8.9.3) with UUCP id EAA11364 for security@freebsd.org; Tue, 11 Jan 2000 04:05:17 +0100 (CET) Received: by theatre.sax.de (8.9.3/8.6.12-s1) id EAA17633 for security@freebsd.org; Tue, 11 Jan 2000 04:05:10 +0100 (CET) Date: Tue, 11 Jan 2000 04:05:10 +0100 From: Martin Welk To: security@freebsd.org Subject: UUCP over SSH tunnel? Message-ID: <20000111040509.A17467@theatre.sax.de> Reply-To: mw@sax.de Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i Organization: Private UUCP/Usenet site. X-Operating-System: FreeBSD http://www.freebsd.org/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello there, I want to do UUCP-over-IP through an SSH tunnel - does anybody have a configuration example for such a job, I tried to configure it properly but without luck :-( TIA... Regards, Martin -- /| /| | /| / ,,You know, there's a lot of opportunities, / |/ | artin |/ |/ elk if you're knowing to take them, you know, there's a lot of opportunities, Freiberg/Saxony, Germany if there aren't you can make them, mw@sax.de / mw@theatre.sax.de make or break them!'' (Tennant/Lowe) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jan 10 22: 5:18 2000 Delivered-To: freebsd-security@freebsd.org Received: from cairo.anu.edu.au (cairo.anu.edu.au [150.203.224.11]) by hub.freebsd.org (Postfix) with ESMTP id 9354E15431 for ; Mon, 10 Jan 2000 22:05:03 -0800 (PST) (envelope-from avalon@cairo.anu.edu.au) Received: (from avalon@localhost) by cairo.anu.edu.au (8.9.3/8.9.3) id RAA07943; Tue, 11 Jan 2000 17:04:31 +1100 (EST) From: Darren Reed Message-Id: <200001110604.RAA07943@cairo.anu.edu.au> Subject: Re: Ensuring packet defragmentation in FreeBSD? To: jwyatt@rwsystems.net (James Wyatt) Date: Tue, 11 Jan 2000 17:04:31 +1100 (Australia/NSW) Cc: freebsd-security@FreeBSD.ORG In-Reply-To: from "James Wyatt" at Jan 06, 2000 11:23:02 PM X-Mailer: ELM [version 2.5 PL1] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In some mail from James Wyatt, sie said: > > I've been looking at sevral programs to help test client setups and > learning how they work. I noticed in the nmap manpage, it states: > > "...this method won't get by packet filters and firewalls that > queue all IP fragments (like the CONFIG_IP_ALWAYS_DEFRAG option > in the Linux kernel),..." > > Does FreeBSD queue packet fragments and/or reassemble them in a way I can > detect this probing by fragmented packets? Which files should I look in? You don't really want to do this anyway...the current maintainer of the linux firewalling code has made some nasty comments about the side effects of this behaviour. Darren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jan 11 1:59:43 2000 Delivered-To: freebsd-security@freebsd.org Received: from tusk.mountain-inter.net (tusk.mountain-inter.net [204.244.200.1]) by hub.freebsd.org (Postfix) with ESMTP id 8AADB15457 for ; Tue, 11 Jan 2000 01:59:40 -0800 (PST) (envelope-from sreid@sea-to-sky.net) Received: from grok.localnet (unknown@analog17.sq.mntn.net [204.244.200.26]) by tusk.mountain-inter.net (8.9.3/8.9.3) with ESMTP id BAA01549; Tue, 11 Jan 2000 01:59:43 -0800 Received: by grok.localnet (Postfix, from userid 1000) id D7B5D212E07; Tue, 11 Jan 2000 02:00:20 -0800 (PST) Date: Tue, 11 Jan 2000 02:00:20 -0800 From: Steve Reid To: Matt Behrens Cc: Sean Eric Fagan , freebsd-security@FreeBSD.ORG Subject: Re: Status of PGP regarding compatibility Message-ID: <20000111020018.A1985@grok.localnet> References: <200001102250.OAA18428@kithrup.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.4i In-Reply-To: ; from Matt Behrens on Mon, Jan 10, 2000 at 08:21:24PM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, Jan 10, 2000 at 08:21:24PM -0500, Matt Behrens wrote: > It can work with RSA and IDEA, if you load the appropriate > modules (and that is how my personal machine is set up), but thanks to the > patents on RSA and IDEA you can't do that in a commercial environment. I can't find anything in the GnuPG docs or web site about RSA/IDEA modules. Can you provide a link? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jan 11 4: 6:48 2000 Delivered-To: freebsd-security@freebsd.org Received: from megaweapon.zigg.com (megaweapon.zigg.com [206.114.60.8]) by hub.freebsd.org (Postfix) with ESMTP id B60501531B for ; Tue, 11 Jan 2000 04:06:43 -0800 (PST) (envelope-from matt@zigg.com) Received: from localhost (matt@localhost) by megaweapon.zigg.com (8.9.3/8.9.3) with ESMTP id HAA38785; Tue, 11 Jan 2000 07:06:28 -0500 (EST) (envelope-from matt@zigg.com) Date: Tue, 11 Jan 2000 07:06:23 -0500 (EST) From: Matt Behrens To: Steve Reid Cc: Sean Eric Fagan , freebsd-security@FreeBSD.ORG Subject: Re: Status of PGP regarding compatibility In-Reply-To: <20000111020018.A1985@grok.localnet> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 11 Jan 2000, Steve Reid wrote: > On Mon, Jan 10, 2000 at 08:21:24PM -0500, Matt Behrens wrote: > > It can work with RSA and IDEA, if you load the appropriate > > modules (and that is how my personal machine is set up), but thanks to the > > patents on RSA and IDEA you can't do that in a commercial environment. > > I can't find anything in the GnuPG docs or web site about RSA/IDEA > modules. Can you provide a link? Sure. The modules themselves are at ; instructions for their use can be found at . - -- Matt Behrens Owner/Administrator, zigg.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE4exzC+xq4JbgNGlMRAibsAJ9HAatgALwwkOWftjofAwKWsmXDsgCeLVrT zH0lXKoI85qD3ytCMyFAbP0= =SZsN -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jan 11 4:20: 9 2000 Delivered-To: freebsd-security@freebsd.org Received: from ren.detir.qld.gov.au (ns.detir.qld.gov.au [203.46.81.66]) by hub.freebsd.org (Postfix) with ESMTP id ACB0E15474; Tue, 11 Jan 2000 04:19:56 -0800 (PST) (envelope-from syssgm@detir.qld.gov.au) Received: by ren.detir.qld.gov.au; id WAA12060; Tue, 11 Jan 2000 22:19:20 +1000 (EST) Received: from ogre.detir.qld.gov.au(167.123.8.3) via SMTP by ren.detir.qld.gov.au, id smtpd012047; Tue Jan 11 22:19:12 2000 Received: from atlas.detir.qld.gov.au (atlas.detir.qld.gov.au [167.123.8.9]) by ogre.detir.qld.gov.au (8.8.8/8.8.7) with ESMTP id WAA02803; Tue, 11 Jan 2000 22:18:27 +1000 (EST) Received: from nymph.detir.qld.gov.au (nymph.detir.qld.gov.au [167.123.10.10]) by atlas.detir.qld.gov.au (8.8.5/8.8.5) with ESMTP id WAA01164; Tue, 11 Jan 2000 22:18:26 +1000 (EST) Received: from nymph.detir.qld.gov.au (localhost [127.0.0.1]) by nymph.detir.qld.gov.au (8.9.3/8.8.7) with ESMTP id WAA31198; Tue, 11 Jan 2000 22:18:25 +1000 (EST) (envelope-from syssgm@nymph.detir.qld.gov.au) Message-Id: <200001111218.WAA31198@nymph.detir.qld.gov.au> To: Kris Kennaway Cc: freebsd-security@freebsd.org, syssgm@detir.qld.gov.au Subject: Re: cvs commit: src/usr.sbin/ctm/ctm ctm.1 src/usr.sbin/ctm/ctm_rmail ctm_rmail.1 References: <200001110746.XAA82203@freefall.freebsd.org> In-Reply-To: <200001110746.XAA82203@freefall.freebsd.org> from Kris Kennaway at "Mon, 10 Jan 2000 23:46:34 -0800" Date: Tue, 11 Jan 2000 22:18:25 +1000 From: Stephen McKay Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Monday, 10th January 2000, Kris Kennaway wrote: >kris 2000/01/10 23:46:34 PST > > Modified files: > usr.sbin/ctm/ctm ctm.1 > usr.sbin/ctm/ctm_rmail ctm_rmail.1 > Log: > Document the (in)security features of CTM, especially ctm_rmail. > > Revision Changes Path > 1.16 +28 -2 src/usr.sbin/ctm/ctm/ctm.1 > 1.18 +26 -25 src/usr.sbin/ctm/ctm_rmail/ctm_rmail.1 I suppose it's a bigger and uglier world than it was even 5 short years ago when I wrote those soothing and perhaps naive words about possible fake deltas. I've not heard of any attacks, nor do I think one would actually succeed. The buffer overflow was a more realistic danger. But you are correct from a theoretical viewpoint; an attack *could* be made on the current email distributed ctm system. So, I am motivated to work on a cryptographic signature enhancement. Otherwise, what is the point of distributing a program with a manual that advises everyone not to use it?! Do you have any suggestions on how such a mechanism might be added? I have built a system in the past using PGP, but it aged ungracefully as PGP changed. I'm thinking of something like encoding the delta md5 with a secret key known only to the generation site, and having the current public key of known generations sites in a configuration file. Also, if the delta format changes, it would be a good time to introduce other changes, like detecting when files move from foo/bar.c to foo/Attic/bar.c and thus further reducing delta sizes. Stephen. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jan 11 4:56:49 2000 Delivered-To: freebsd-security@freebsd.org Received: from ns1.via-net-works.net.ar (ns1.via-net-works.net.ar [200.10.100.10]) by hub.freebsd.org (Postfix) with ESMTP id C1B1915475 for ; Tue, 11 Jan 2000 04:56:45 -0800 (PST) (envelope-from fpscha@ns1.via-net-works.net.ar) Received: (from fpscha@localhost) by ns1.via-net-works.net.ar (8.8.5/8.8.4) id JAA18889; Tue, 11 Jan 2000 09:56:46 -0300 (GMT) From: Fernando Schapachnik Message-Id: <200001111256.JAA18889@ns1.via-net-works.net.ar> Subject: Re: UUCP over SSH tunnel? In-Reply-To: <20000111040509.A17467@theatre.sax.de> from Martin Welk at "Jan 11, 0 04:05:10 am" To: mw@sax.de Date: Tue, 11 Jan 2000 09:56:46 -0300 (GMT) Cc: security@FreeBSD.ORG Reply-To: Fernando Schapachnik X-Mailer: ELM [version 2.4ME+ PL40 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Read first the UUCP info pages on how to set up UUCP over TCP. Make in work without the SSH tunnel. Then create an account on your server that has, say, /bin/cat as shell, and make sure you limit the resources it can consume (to limit any DoS possibility). As last step, on the client, modify /etc/uucp/sys and add: address 127.0.0.1 and create a script that: ssh -l account -L 540:server:540 server calls uucico kills ssh. Hope it helps. Note I'm using UUCP over TCP, which works fine, ssh port forwarding, which works fine too, but have never combined both. Regards. En un mensaje anterior, Martin Welk escribió: > Hello there, > > I want to do UUCP-over-IP through an SSH tunnel - does anybody have a > configuration example for such a job, I tried to configure it properly > but without luck :-( Fernando P. Schapachnik Administración de la red VIA NET.WORKS ARGENTINA S.A. fernando@via-net-works.net.ar (54-11) 4323-3333 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jan 11 5: 9:34 2000 Delivered-To: freebsd-security@freebsd.org Received: from ren.detir.qld.gov.au (ns.detir.qld.gov.au [203.46.81.66]) by hub.freebsd.org (Postfix) with ESMTP id 26FE614DCC for ; Tue, 11 Jan 2000 05:09:31 -0800 (PST) (envelope-from syssgm@detir.qld.gov.au) Received: by ren.detir.qld.gov.au; id XAA13276; Tue, 11 Jan 2000 23:08:49 +1000 (EST) Received: from ogre.detir.qld.gov.au(167.123.8.3) via SMTP by ren.detir.qld.gov.au, id smtpd013266; Tue Jan 11 23:08:39 2000 Received: from atlas.detir.qld.gov.au (atlas.detir.qld.gov.au [167.123.8.9]) by ogre.detir.qld.gov.au (8.8.8/8.8.7) with ESMTP id XAA03991; Tue, 11 Jan 2000 23:08:07 +1000 (EST) Received: from nymph.detir.qld.gov.au (nymph.detir.qld.gov.au [167.123.10.10]) by atlas.detir.qld.gov.au (8.8.5/8.8.5) with ESMTP id XAA02338; Tue, 11 Jan 2000 23:08:07 +1000 (EST) Received: from nymph.detir.qld.gov.au (localhost [127.0.0.1]) by nymph.detir.qld.gov.au (8.9.3/8.8.7) with ESMTP id XAA31980; Tue, 11 Jan 2000 23:08:06 +1000 (EST) (envelope-from syssgm@nymph.detir.qld.gov.au) Message-Id: <200001111308.XAA31980@nymph.detir.qld.gov.au> To: naddy@mips.rhein-neckar.de (Christian Weisgerber) Cc: freebsd-security@freebsd.org, syssgm@detir.qld.gov.au Subject: Re: dump over ssh References: <854v9q$1gf9$1@bigeye.rhein-neckar.de> <858p5j$mu3$1@bigeye.rhein-neckar.de> In-Reply-To: <858p5j$mu3$1@bigeye.rhein-neckar.de> from Christian Weisgerber at "09 Jan 2000 02:44:19 +0100" Date: Tue, 11 Jan 2000 23:08:06 +1000 From: Stephen McKay Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sunday, 9th January 2000, Christian Weisgerber wrote: >Christian Weisgerber wrote: > >> # dump -0aP ssh -f host:/dev/nrsa0 / > >BTW, I just noticed that the Linux port of dump contains equivalent >functionality. No additional flag there, but the environment variable >RSH is checked. Opinions on which approach is preferable? I use dump over ssh all the time. I just use a pipe as suggested by others here. I don't think your change is necessary. But if you absolutely *must* change dump to tightly integrate ssh, I really hope you use an explicit command line argument, not an environment variable. There are too many hidden magic environment variables already. Stephen. PS Once upon a time I used a command that took an input stream and wrote it to a set of tapes or floppies or whatever. If I still had that program you could use "ssh host dump ... | multivol /dev/nrsa0" and keep changing tapes to make it happy. That's more Unix-like, if that counts for anything. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jan 11 11:51:42 2000 Delivered-To: freebsd-security@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id 7DD6E151FB; Tue, 11 Jan 2000 11:51:40 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 6B2A21CD43D; Tue, 11 Jan 2000 11:51:40 -0800 (PST) (envelope-from kris@hub.freebsd.org) Date: Tue, 11 Jan 2000 11:51:40 -0800 (PST) From: Kris Kennaway To: Stephen McKay Cc: freebsd-security@freebsd.org Subject: Re: cvs commit: src/usr.sbin/ctm/ctm ctm.1 src/usr.sbin/ctm/ctm_rmail ctm_rmail.1 In-Reply-To: <200001111218.WAA31198@nymph.detir.qld.gov.au> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 11 Jan 2000, Stephen McKay wrote: > But you are correct from a theoretical viewpoint; an attack *could* be > made on the current email distributed ctm system. So, I am motivated > to work on a cryptographic signature enhancement. Otherwise, what is > the point of distributing a program with a manual that advises everyone > not to use it?! I agree: this was something I planned to work on in the near future. The solution is actually very simple, it just requires a bit of infrastructure to get there. Now that we have OpenSSL in the base system (well, it's still coming for US folks because of untidiness in the code I have to clean up), we need to get a FreeBSD certificate authority of some sort set up, and the CTM administrator would (have the generator) sign each delta with a DSA key, the public half of which is distributed to the clients. > Also, if the delta format changes, it would be a good time to introduce other > changes, like detecting when files move from foo/bar.c to foo/Attic/bar.c > and thus further reducing delta sizes. It would certainly be better to make these changes at the same time. Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jan 11 11:58:30 2000 Delivered-To: freebsd-security@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id 82AA515360; Tue, 11 Jan 2000 11:58:28 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 6F7CB1CD43F for ; Tue, 11 Jan 2000 11:58:28 -0800 (PST) (envelope-from kris@hub.freebsd.org) Date: Tue, 11 Jan 2000 11:58:28 -0800 (PST) From: Kris Kennaway To: security@freebsd.org Subject: Warning: insecurity of ctm Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I've recently added the following warning to the ctm(1) and ctm_rmail(1) manpages: -------- SECURITY CTM is an INSECURE PROTOCOL - there is no authentication performed that the changes applied to the source code were sent by a trusted party, and so care should be taken if the CTM deltas are obtained via an unauthenti- cated medium such as email. It is a relatively simple matter for an at- tacker to forge a CTM delta to replace or precede the legitimate one and insert malicious code into your source tree. If the legitimate delta is somehow prevented from arriving, this will go unnoticed until a later delta attempts to touch the same file, at which point the MD5 checksum will fail. A future version of FreeBSD may solve this problem by authenticating CTM deltas using cryptographic signatures, but in the mean time it is strong- ly recommended that you obtain the CTM deltas via FTP, and not via email. -------- Everyone who uses CTM should be aware of the implications of this.. Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jan 11 12:19:27 2000 Delivered-To: freebsd-security@freebsd.org Received: from eastwood.aldigital.algroup.co.uk (eastwood.aldigital.algroup.co.uk [194.128.162.193]) by hub.freebsd.org (Postfix) with ESMTP id ED36C14C31 for ; Tue, 11 Jan 2000 12:19:19 -0800 (PST) (envelope-from adam@algroup.co.uk) Received: from algroup.co.uk ([192.168.57.1]) by eastwood.aldigital.algroup.co.uk (8.8.8/8.6.12) with ESMTP id UAA10428 for ; Tue, 11 Jan 2000 20:19:12 GMT Message-ID: <387B9043.62415CF3@algroup.co.uk> Date: Tue, 11 Jan 2000 20:19:15 +0000 From: Adam Laurie X-Mailer: Mozilla 4.7 [en] (X11; I; FreeBSD 3.2-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: security@freebsd.org Subject: console disappears after reboot Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, I realise this is slightly off topic, but as the situation arises due to a security procedure, I hope someone else here as already seen similar problems... I am working at a facility that has a locked server room with an annexe just outside where you can access the servers without being in the cold/noise. For security reasons, the vga/keyboard switch that feeds the annexe is switched off when there's no-one there. This setup has worked fine for a number of years. However, we are now installing some new servers and we've found that if they get rebooted when the switch is off, the console gets changed to a serial device. This means we've lost the machine(s) until we log in remotely and reboot again. Not good. It seems that FreeBSD 3.1+ scans for a console, and if it can't find kb / vga it switches to serial. The old machines all work fine as they are 3.0 or less. I know I can set the console device in /boot/loader.conf, but this leads to other problems (possibly a bug here): on some machines we get a "/boot/loader not found - Disk error 0x1", and we suspect that this is to do with the boot partition not being constrained to the first 1024 cylinders. Anyway, to cut a long story short, I would prefer to simply do something in /etc/rc.local to force the console back to local kb/vga, or disable the serial console in the kernel itself... so my question is: what? Is there such a command/setting? cheers, Adam -- Adam Laurie Tel: +44 (181) 742 0755 A.L. Digital Ltd. Fax: +44 (181) 742 5995 Voysey House Barley Mow Passage http://www.aldigital.co.uk London W4 4GB mailto:adam@algroup.co.uk UNITED KINGDOM PGP key on keyservers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jan 11 12:31:56 2000 Delivered-To: freebsd-security@freebsd.org Received: from news-ma.rhein-neckar.de (news-ma.rhein-neckar.de [193.197.90.3]) by hub.freebsd.org (Postfix) with ESMTP id ABAF914C14 for ; Tue, 11 Jan 2000 12:31:48 -0800 (PST) (envelope-from daemon@bigeye.rhein-neckar.de) Received: from bigeye.rhein-neckar.de (uucp@localhost) by news-ma.rhein-neckar.de (8.8.8/8.8.8) with bsmtp id VAA03435 for freebsd-security@freebsd.org; Tue, 11 Jan 2000 21:31:47 +0100 (CET) (envelope-from daemon@bigeye.rhein-neckar.de) Received: (from daemon@localhost) by bigeye.rhein-neckar.de (8.9.3/8.9.3) id UAA61875 for freebsd-security@freebsd.org; Tue, 11 Jan 2000 20:16:10 +0100 (CET) (envelope-from daemon) From: naddy@mips.rhein-neckar.de (Christian Weisgerber) Subject: Re: UUCP over SSH tunnel? Date: 11 Jan 2000 20:16:10 +0100 Message-ID: <85fvhq$1sda$1@bigeye.rhein-neckar.de> References: <20000111040509.A17467@theatre.sax.de> <200001111256.JAA18889@ns1.via-net-works.net.ar> To: freebsd-security@freebsd.org Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Fernando Schapachnik wrote: > Then create an account on your server that has, say, /bin/cat as shell, > and make sure you limit the resources it can consume (to limit any DoS > possibility). If you have control over the server, you can just give the account /usr/libexec/uucp/uucico as shell and run uucp over a pipe port that does "ssh -l login host". -- Christian "naddy" Weisgerber naddy@mips.rhein-neckar.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jan 11 13: 3:33 2000 Delivered-To: freebsd-security@freebsd.org Received: from alcanet.com.au (border.alcanet.com.au [203.62.196.10]) by hub.freebsd.org (Postfix) with ESMTP id 28AD814F26 for ; Tue, 11 Jan 2000 13:03:29 -0800 (PST) (envelope-from jeremyp@gsmx07.alcatel.com.au) Received: by border.alcanet.com.au id <40330>; Wed, 12 Jan 2000 07:55:29 +1100 Content-return: prohibited From: Peter Jeremy Subject: Re: cvs commit: src/usr.sbin/ctm/ctm ctm.1 src/usr.sbin/ctm/ctm_rmail ctm_rmail.1 In-reply-to: ; from kris@hub.freebsd.org on Wed, Jan 12, 2000 at 06:45:14AM +1100 To: Kris Kennaway Cc: freebsd-security@FreeBSD.ORG Message-Id: <00Jan12.075529est.40330@border.alcanet.com.au> MIME-version: 1.0 X-Mailer: Mutt 1.0i Content-type: text/plain; charset=us-ascii References: <200001111218.WAA31198@nymph.detir.qld.gov.au> Date: Wed, 12 Jan 2000 07:55:28 +1100 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 2000-Jan-12 06:45:14 +1100, Kris Kennaway wrote: > we need to get a FreeBSD certificate authority of some sort set >up, and the CTM administrator would (have the generator) sign each delta >with a DSA key, the public half of which is distributed to the clients. Sounds excellent. As a further check, it would be nice if someone with access to the master CTM repository could run md5(1) across the repository and make the result available (together with the CTM deltas that it relates to). This would let people check that their local repositories haven't accumulated any bitrot. BTW, in making these changes to the CTM format, remember to make sure that the existing ctm can at least apply the new deltas (even if it can't understand the signatures) :-). Peter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jan 11 17:46:19 2000 Delivered-To: freebsd-security@freebsd.org Received: from cc942873-a.ewndsr1.nj.home.com (cc942873-a.ewndsr1.nj.home.com [24.2.89.207]) by hub.freebsd.org (Postfix) with ESMTP id CCB5D15121 for ; Tue, 11 Jan 2000 17:46:16 -0800 (PST) (envelope-from cjc@cc942873-a.ewndsr1.nj.home.com) Received: (from cjc@localhost) by cc942873-a.ewndsr1.nj.home.com (8.9.3/8.9.3) id UAA09158; Tue, 11 Jan 2000 20:49:58 -0500 (EST) (envelope-from cjc) From: "Crist J. Clark" Message-Id: <200001120149.UAA09158@cc942873-a.ewndsr1.nj.home.com> Subject: Re: console disappears after reboot In-Reply-To: <387B9043.62415CF3@algroup.co.uk> from Adam Laurie at "Jan 11, 2000 08:19:15 pm" To: adam@algroup.co.uk (Adam Laurie) Date: Tue, 11 Jan 2000 20:49:58 -0500 (EST) Cc: security@FreeBSD.ORG Reply-To: cjclark@home.com X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Adam Laurie wrote, > Hi, > > I realise this is slightly off topic, but as the situation arises due to > a security procedure, I hope someone else here as already seen similar > problems... > > I am working at a facility that has a locked server room with an annexe > just outside where you can access the servers without being in the > cold/noise. For security reasons, the vga/keyboard switch that feeds the > annexe is switched off when there's no-one there. This setup has worked > fine for a number of years. However, we are now installing some new > servers and we've found that if they get rebooted when the switch is > off, the console gets changed to a serial device. This means we've lost > the machine(s) until we log in remotely and reboot again. Not good. > > It seems that FreeBSD 3.1+ scans for a console, and if it can't find kb > / vga it switches to serial. The old machines all work fine as they are > 3.0 or less. > > I know I can set the console device in /boot/loader.conf, but this leads > to other problems (possibly a bug here): on some machines we get a > "/boot/loader not found - Disk error 0x1", and we suspect that this is > to do with the boot partition not being constrained to the first 1024 > cylinders. > > Anyway, to cut a long story short, I would prefer to simply do something > in /etc/rc.local to force the console back to local kb/vga, or disable > the serial console in the kernel itself... so my question is: what? Is > there such a command/setting? If a console has "died," you should, # kill -HUP 1 To refresh. Rebooting the machine a second time should not be necessary. Since you can access the machine's remotely, this should work. -- Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jan 11 19:21: 5 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail2.gmx.net (mail2.gmx.net [194.221.183.62]) by hub.freebsd.org (Postfix) with SMTP id A2154154E3 for ; Tue, 11 Jan 2000 19:21:00 -0800 (PST) (envelope-from Gerhard.Sittig@gmx.net) Received: (qmail 24033 invoked by uid 0); 12 Jan 2000 03:20:59 -0000 Received: from p3e9e7931.dip.t-dialin.net (HELO speedy.gsinet) (62.158.121.49) by mail2.gmx.net with SMTP; 12 Jan 2000 03:20:59 -0000 Received: (from sittig@localhost) by speedy.gsinet (8.8.8/8.8.8) id WAA07574 for security@FreeBSD.ORG; Tue, 11 Jan 2000 22:07:28 +0100 Date: Tue, 11 Jan 2000 22:07:28 +0100 From: Gerhard Sittig To: security@FreeBSD.ORG Subject: Re: UUCP over SSH tunnel? Message-ID: <20000111220728.I5375@speedy.gsinet> References: <20000111040509.A17467@theatre.sax.de> <200001111256.JAA18889@ns1.via-net-works.net.ar> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <200001111256.JAA18889@ns1.via-net-works.net.ar>; from fpscha@ns1.via-net-works.net.ar on Tue, Jan 11, 2000 at 09:56:46AM -0300 Organization: System Defenestrators Inc. Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, Jan 11, 2000 at 09:56 -0300, Fernando Schapachnik wrote: > > and create a script that: > > ssh -l account -L 540:server:540 server > calls uucico > kills ssh. That would be too harsh a reaction, I guess. One could issue a command like "ssh [opts] server sleep 10" since ssh will terminate when the command AND the tunnelled connections are gone. virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net -- If you don't understand or are scared by any of the above ask your parents or an adult to help you. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jan 11 23:34: 5 2000 Delivered-To: freebsd-security@freebsd.org Received: from mentisworks.com (valkery.mentisworks.com [207.227.89.226]) by hub.freebsd.org (Postfix) with ESMTP id 2CC1214FD2 for ; Tue, 11 Jan 2000 23:34:03 -0800 (PST) (envelope-from nathank@mentisworks.com) Received: from [24.29.246.53] (HELO mentisworks.com) by mentisworks.com (CommuniGate Pro SMTP 3.2b9) with ESMTP id 651408 for freebsd-security@freebsd.org; Wed, 12 Jan 2000 01:34:10 -0600 Received: from [192.168.245.111] (HELO mentisworks.com) by mentisworks.com (CommuniGate Pro SMTP 3.2b9) with ESMTP id 2350012 for freebsd-security@freebsd.org; Wed, 12 Jan 2000 01:34:07 -0600 Message-ID: <387C2DBF.B5D8FB73@mentisworks.com> Date: Wed, 12 Jan 2000 01:31:11 -0600 From: Nathan Kinsman Organization: Mentisworks, LLC X-Mailer: Mozilla 4.7 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: Re: Ensuring packet defragmentation in FreeBSD? References: <200001110604.RAA07943@cairo.anu.edu.au> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Darren Reed wrote: > > In some mail from James Wyatt, sie said: > > > > I've been looking at sevral programs to help test client setups and > > learning how they work. I noticed in the nmap manpage, it states: > > > > "...this method won't get by packet filters and firewalls that > > queue all IP fragments (like the CONFIG_IP_ALWAYS_DEFRAG option > > in the Linux kernel),..." > > > > Does FreeBSD queue packet fragments and/or reassemble them in a way I can > > detect this probing by fragmented packets? Which files should I look in? > > You don't really want to do this anyway...the current maintainer of > the linux firewalling code has made some nasty comments about the > side effects of this behaviour. I have found the following rule used with Darren's IPFilter to be a usefull alternative: # Block any packets which are too short to be real. block in quick all with short If you use Snort NIDS software, you can also use this rule to alert you to small fragments: preprocessor minfrag: 128 Both IPFilter and Snort run very well, with low overhead on FreeBSD. > > Darren > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Nathan Kinsman To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jan 11 23:37:42 2000 Delivered-To: freebsd-security@freebsd.org Received: from mentisworks.com (valkery.mentisworks.com [207.227.89.226]) by hub.freebsd.org (Postfix) with ESMTP id 5CFFB14F72 for ; Tue, 11 Jan 2000 23:37:40 -0800 (PST) (envelope-from nathank@mentisworks.com) Received: from [24.29.246.53] (HELO mentisworks.com) by mentisworks.com (CommuniGate Pro SMTP 3.2b9) with ESMTP id 651409; Wed, 12 Jan 2000 01:37:47 -0600 Received: from [192.168.245.111] (HELO mentisworks.com) by mentisworks.com (CommuniGate Pro SMTP 3.2b9) with ESMTP id 2350013; Wed, 12 Jan 2000 01:37:47 -0600 Message-ID: <387C2E9B.ACEC62AD@mentisworks.com> Date: Wed, 12 Jan 2000 01:34:51 -0600 From: Nathan Kinsman Organization: Mentisworks, LLC X-Mailer: Mozilla 4.7 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: Adam Laurie Cc: freebsd-security@freebsd.org Subject: Re: console disappears after reboot References: <387B9043.62415CF3@algroup.co.uk> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Adam Laurie wrote: > > Hi, > > I realise this is slightly off topic, but as the situation arises due to > a security procedure, I hope someone else here as already seen similar > problems... > > I am working at a facility that has a locked server room with an annexe > just outside where you can access the servers without being in the > cold/noise. For security reasons, the vga/keyboard switch that feeds the > annexe is switched off when there's no-one there. This setup has worked > fine for a number of years. However, we are now installing some new > servers and we've found that if they get rebooted when the switch is > off, the console gets changed to a serial device. This means we've lost > the machine(s) until we log in remotely and reboot again. Not good. > > It seems that FreeBSD 3.1+ scans for a console, and if it can't find kb > / vga it switches to serial. The old machines all work fine as they are > 3.0 or less. > > I know I can set the console device in /boot/loader.conf, but this leads > to other problems (possibly a bug here): on some machines we get a > "/boot/loader not found - Disk error 0x1", and we suspect that this is > to do with the boot partition not being constrained to the first 1024 > cylinders. > > Anyway, to cut a long story short, I would prefer to simply do something > in /etc/rc.local to force the console back to local kb/vga, or disable > the serial console in the kernel itself... so my question is: what? Is > there such a command/setting? This is from /usr/src/sys/i386/conf/LINT: # `flags' for atkbd: # 0x01 Force detection of keyboard, else we always assume a keyboard have you tried this in your kernel config? > > cheers, > Adam > -- > Adam Laurie Tel: +44 (181) 742 0755 > A.L. Digital Ltd. Fax: +44 (181) 742 5995 > Voysey House > Barley Mow Passage http://www.aldigital.co.uk > London W4 4GB mailto:adam@algroup.co.uk > UNITED KINGDOM PGP key on keyservers > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Nathan Kinsman To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jan 12 3:51:21 2000 Delivered-To: freebsd-security@freebsd.org Received: from ns1.via-net-works.net.ar (ns1.via-net-works.net.ar [200.10.100.10]) by hub.freebsd.org (Postfix) with ESMTP id E1EE814D1D for ; Wed, 12 Jan 2000 03:51:17 -0800 (PST) (envelope-from fpscha@ns1.via-net-works.net.ar) Received: (from fpscha@localhost) by ns1.via-net-works.net.ar (8.8.5/8.8.4) id IAA07522; Wed, 12 Jan 2000 08:51:33 -0300 (GMT) From: Fernando Schapachnik Message-Id: <200001121151.IAA07522@ns1.via-net-works.net.ar> Subject: Re: UUCP over SSH tunnel? In-Reply-To: <20000111220728.I5375@speedy.gsinet> from Gerhard Sittig at "Jan 11, 0 10:07:28 pm" To: Gerhard.Sittig@gmx.net (Gerhard Sittig) Date: Wed, 12 Jan 2000 08:51:33 -0300 (GMT) Cc: security@FreeBSD.ORG Reply-To: Fernando Schapachnik X-Mailer: ELM [version 2.4ME+ PL40 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org En un mensaje anterior, Gerhard Sittig escribió: > On Tue, Jan 11, 2000 at 09:56 -0300, Fernando Schapachnik wrote: > > > > and create a script that: > > > > ssh -l account -L 540:server:540 server > > calls uucico > > kills ssh. > > That would be too harsh a reaction, I guess. One could issue a > command like "ssh [opts] server sleep 10" since ssh will > terminate when the command AND the tunnelled connections are > gone. Good idea, but wouldn't work as you are using /bin/cat as your shell. On the other hand, you may be able to create a script that sleeps a few seconds and then exits. Using this as a shell might do the job. Regards. Fernando P. Schapachnik Administración de la red VIA NET.WORKS ARGENTINA S.A. fernando@via-net-works.net.ar (54-11) 4323-3333 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jan 12 10:46:34 2000 Delivered-To: freebsd-security@freebsd.org Received: from eastwood.aldigital.algroup.co.uk (eastwood.aldigital.algroup.co.uk [194.128.162.193]) by hub.freebsd.org (Postfix) with ESMTP id 8CD2B1554A for ; Wed, 12 Jan 2000 10:46:31 -0800 (PST) (envelope-from adam@algroup.co.uk) Received: from algroup.co.uk ([193.195.56.225]) by eastwood.aldigital.algroup.co.uk (8.8.8/8.6.12) with ESMTP id SAA11245; Wed, 12 Jan 2000 18:46:07 GMT Message-ID: <387CCBEF.6F49D1CF@algroup.co.uk> Date: Wed, 12 Jan 2000 18:46:07 +0000 From: Adam Laurie Organization: A.L. Group plc X-Mailer: Mozilla 4.07 [en] (Win95; I) MIME-Version: 1.0 To: cjclark@home.com Cc: security@FreeBSD.ORG Subject: Re: console disappears after reboot References: <200001120149.UAA09158@cc942873-a.ewndsr1.nj.home.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Crist J. Clark wrote: > > Anyway, to cut a long story short, I would prefer to simply do something > > in /etc/rc.local to force the console back to local kb/vga, or disable > > the serial console in the kernel itself... so my question is: what? Is > > there such a command/setting? > > If a console has "died," you should, > > # kill -HUP 1 > > To refresh. Rebooting the machine a second time should not be > necessary. Since you can access the machine's remotely, this should > work. Unfortunately not. I assume it only tries to refresh the serial console. The only other suggestion (thanks to all that posted it) was to disable console on sio0. Sadly this doesn't work either. Any more takers? :) cheers, Adam -- Adam Laurie Tel: +44 (181) 742 0755 A.L. Digital Ltd. Fax: +44 (181) 742 5995 Voysey House Barley Mow Passage http://www.aldigital.co.uk London W4 4GB mailto:adam@algroup.co.uk UNITED KINGDOM PGP key on keyservers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jan 12 11:29:21 2000 Delivered-To: freebsd-security@freebsd.org Received: from cc942873-a.ewndsr1.nj.home.com (cc942873-a.ewndsr1.nj.home.com [24.2.89.207]) by hub.freebsd.org (Postfix) with ESMTP id 9470C1522B for ; Wed, 12 Jan 2000 11:29:16 -0800 (PST) (envelope-from cjc@cc942873-a.ewndsr1.nj.home.com) Received: (from cjc@localhost) by cc942873-a.ewndsr1.nj.home.com (8.9.3/8.9.3) id OAA11492; Wed, 12 Jan 2000 14:33:05 -0500 (EST) (envelope-from cjc) From: "Crist J. Clark" Message-Id: <200001121933.OAA11492@cc942873-a.ewndsr1.nj.home.com> Subject: Re: console disappears after reboot In-Reply-To: <387CCBEF.6F49D1CF@algroup.co.uk> from Adam Laurie at "Jan 12, 2000 06:46:07 pm" To: adam@algroup.co.uk (Adam Laurie) Date: Wed, 12 Jan 2000 14:33:04 -0500 (EST) Cc: cjclark@home.com, security@FreeBSD.ORG Reply-To: cjclark@home.com X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Adam Laurie wrote, > Crist J. Clark wrote: > > > > Anyway, to cut a long story short, I would prefer to simply do something > > > in /etc/rc.local to force the console back to local kb/vga, or disable > > > the serial console in the kernel itself... so my question is: what? Is > > > there such a command/setting? > > > > If a console has "died," you should, > > > > # kill -HUP 1 > > > > To refresh. Rebooting the machine a second time should not be > > necessary. Since you can access the machine's remotely, this should > > work. > > Unfortunately not. I assume it only tries to refresh the serial console. I don't think so. Is the getty(8) for the device (I assume ttyv0) still in the ps(1) output? If it is, perhaps kill it. Either kill it dead and SIGHUP init(8) to start the new one, or maybe some signal (a HUP?) refreshes a getty. -- Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jan 13 2:45:34 2000 Delivered-To: freebsd-security@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id C666815676; Thu, 13 Jan 2000 02:45:21 -0800 (PST) (envelope-from des@flood.ping.uio.no) Received: (from des@localhost) by flood.ping.uio.no (8.9.3/8.9.3) id LAA84771; Thu, 13 Jan 2000 11:45:16 +0100 (CET) (envelope-from des@flood.ping.uio.no) To: cjclark@home.com Cc: adam@algroup.co.uk (Adam Laurie), stable@freebsd.org Subject: Re: console disappears after reboot References: <200001121933.OAA11492@cc942873-a.ewndsr1.nj.home.com> From: Dag-Erling Smorgrav Date: 13 Jan 2000 11:45:15 +0100 In-Reply-To: "Crist J. Clark"'s message of "Wed, 12 Jan 2000 14:33:04 -0500 (EST)" Message-ID: Lines: 25 User-Agent: Gnus/5.0802 (Gnus v5.8.2) Emacs/20.4 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org [moved to -stable from -security] "Crist J. Clark" writes: > Adam Laurie wrote, > > Crist J. Clark wrote: > > > > Anyway, to cut a long story short, I would prefer to simply do something > > > > in /etc/rc.local to force the console back to local kb/vga, or disable > > > > the serial console in the kernel itself... so my question is: what? Is > > > > there such a command/setting? > > > If a console has "died," you should [HUP init] > > Unfortunately not. I assume it only tries to refresh the serial console. > I don't think so. Is the getty(8) for the device (I assume ttyv0) still > in the ps(1) output? If it is, perhaps kill it. Either kill it dead > and SIGHUP init(8) to start the new one, or maybe some signal (a HUP?) > refreshes a getty. You're totally off the track. His problem is that the kernel (or the boot loader) decides that there is no built-in console and uses a serial console instead. This has nothing to do with init(8). I guess the right person to answer this kind of question would be Mike Smith or Daniel Sobral. DES -- Dag-Erling Smorgrav - des@flood.ping.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jan 13 9:25:44 2000 Delivered-To: freebsd-security@freebsd.org Received: from zippy.cdrom.com (zippy.cdrom.com [204.216.27.228]) by hub.freebsd.org (Postfix) with ESMTP id A70401512E; Thu, 13 Jan 2000 09:25:37 -0800 (PST) (envelope-from jkh@zippy.cdrom.com) Received: from zippy.cdrom.com (jkh@localhost [127.0.0.1]) by zippy.cdrom.com (8.9.3/8.9.3) with ESMTP id JAA95568; Thu, 13 Jan 2000 09:23:55 -0800 (PST) (envelope-from jkh@zippy.cdrom.com) To: markm@freebsd.org Cc: security@freebsd.org Subject: We need to do an audit of our "crypto", both current and planned. Date: Thu, 13 Jan 2000 09:23:55 -0800 Message-ID: <95546.947784235@zippy.cdrom.com> From: "Jordan K. Hubbard" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org So that we can obey this clause of the new export agreement: Encryption source code which is available to the public and which is subject to an express agreement for the payment of a licensing fee or royalty for commercial production or sale of any product developed using the source code (such as "community source" code) may be exported under a license exception to any end-user without a technical review. At the time of export, the exporter must submit to the Bureau of Export Administration a copy of the source code, or a written notification of its Internet address. All other source code can be exported after a technical review to any non-government end-user. U.S. exporters may have to provide general information on foreign products developed for commercial sale using commercial source code, but foreign products developed using U.S.-origin source code or toolkits do not require a technical review. E.g. I need to submit a written notification containing the URL pointing to just the crypto stuff we're going to do, including future items like OpenSSH, IPSec, etc. Once that's done, at least as I read this agreement (and have at least 3 times :), we and any mirror site in the U.S. containing the FreeBSD code should be in the clear. I'm also sure that it's possible to read this agreement in such a way that, with sufficient paranoia, one could conclude that nothing had changed and it was all a plot by the space aliens to lend us a false sense of security, but I'd rather not hear those arguments from people right now, I just want to know what we should "declare" as part of this process. :) - Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jan 13 13:19:58 2000 Delivered-To: freebsd-security@freebsd.org Received: from gndrsh.dnsmgr.net (GndRsh.dnsmgr.net [198.145.92.4]) by hub.freebsd.org (Postfix) with ESMTP id 4D46A14F56; Thu, 13 Jan 2000 13:19:49 -0800 (PST) (envelope-from freebsd@gndrsh.dnsmgr.net) Received: (from freebsd@localhost) by gndrsh.dnsmgr.net (8.9.3/8.9.3) id NAA33623; Thu, 13 Jan 2000 13:19:38 -0800 (PST) (envelope-from freebsd) From: "Rodney W. Grimes" Message-Id: <200001132119.NAA33623@gndrsh.dnsmgr.net> Subject: Re: We need to do an audit of our "crypto", both current and planned. In-Reply-To: <95546.947784235@zippy.cdrom.com> from "Jordan K. Hubbard" at "Jan 13, 2000 09:23:55 am" To: jkh@zippy.cdrom.com (Jordan K. Hubbard) Date: Thu, 13 Jan 2000 13:19:38 -0800 (PST) Cc: markm@FreeBSD.ORG, security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org [I have slightly reorder the quoted text here to make this response more coherent] Late in the orignal message jkh said: > I'm also sure that it's possible to read this agreement in such a way > that, with sufficient paranoia, one could conclude that nothing had > changed and it was all a plot by the space aliens to lend us a false > sense of security, but I'd rather not hear those arguments from people A question was raised later in this thread by Mark Murray. I'll apply my best anal retentive legal explination to the text of this clause to try and clarify things for everyone :-) I'm not being paranoid here, this _is_ what it says. > So that we can obey this clause of the new export agreement: > > Encryption source code which is available to the public and which is > subject to an express agreement for the payment of a licensing fee or > royalty for commercial production or sale of any product developed > using the source code (such as "community source" code) may be > exported under a license exception to any end-user without a technical > review. At the time of export, the exporter must submit to the Bureau ^^^^^^^^^^^^^^ This means when the bits get transfered. > of Export Administration a copy of the source code, or a written ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > notification of its Internet address. All other source code can be ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ This means a copy of the actual information, or a pointer to it at the _time_ (ie, date and time) it was exported. Also notice the word ``written'', that implies a paper and ink copy, I don't know that the law recoginizes email as being ``written''. Blacks surely does not. > exported after a technical review to any non-government > end-user. U.S. exporters may have to provide general information on > foreign products developed for commercial sale using commercial source > code, but foreign products developed using U.S.-origin source code or > toolkits do not require a technical review. So, IMHO, yes, you have to submit an ``Internet address'' (Can't find a legal definition of that one, is it an IP number, URL, or what??? I think the intent was a URL.) for each different copy of what was exported. As someone else stated though we may understand the rapid changing nature of this, I can assure you that the law does not, nor do the people drafting this rule. > > E.g. I need to submit a written notification containing the URL > pointing to just the crypto stuff we're going to do, including future > items like OpenSSH, IPSec, etc. Once that's done, at least as I read > this agreement (and have at least 3 times :), we and any mirror site > in the U.S. containing the FreeBSD code should be in the clear. Look every single word up in a Blacks Legal, then you have ``read'' this text. :-). -- Rod Grimes - KD7CAX @ CN85sl - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jan 13 13:59:29 2000 Delivered-To: freebsd-security@freebsd.org Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2]) by hub.freebsd.org (Postfix) with ESMTP id EF8DD14F56; Thu, 13 Jan 2000 13:59:27 -0800 (PST) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.9.3/8.9.1) id NAA86433; Thu, 13 Jan 2000 13:59:07 -0800 (PST) (envelope-from dillon) Date: Thu, 13 Jan 2000 13:59:07 -0800 (PST) From: Matthew Dillon Message-Id: <200001132159.NAA86433@apollo.backplane.com> To: "Rodney W. Grimes" Cc: jkh@zippy.cdrom.com (Jordan K. Hubbard), markm@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: We need to do an audit of our "crypto", both current and planned. References: <200001132119.NAA33623@gndrsh.dnsmgr.net> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org What I would recommend is that you create a URL to a CGI on freefall which generates hotlinks to the various major sections. Does our web-cvs archive allow us to retrieve things by tag? If so then the solution is trivial. We simply have the CGI list the available releases as hotlinks, and go from there. The accessor can then click on the release he is interested in and then click on the various crypto hotlinks that extract the appropriate relase from the CVS tree. Alternatively you can just have a URL that points into the current source tree (e.g. to the top level 'src' and 'crypto' directories). If the government complains you can always change it to be more specific later on. I really doubt the government will care. Certainly nothing drastic will happen if all the information is there but not specifically hotlinked (i.e. accessor must delve through the source tree, but the location of the major crypto stuff is obvious). -Matt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jan 13 14:21:13 2000 Delivered-To: freebsd-security@freebsd.org Received: from erouter0.it-datacntr.louisville.edu (erouter0.it-datacntr.louisville.edu [136.165.1.36]) by hub.freebsd.org (Postfix) with ESMTP id 463A214EAC; Thu, 13 Jan 2000 14:21:11 -0800 (PST) (envelope-from k.stevenson@louisville.edu) Received: from osaka.louisville.edu (osaka.louisville.edu [136.165.1.114]) by erouter0.it-datacntr.louisville.edu (Postfix) with ESMTP id 82FF724D2F; Thu, 13 Jan 2000 17:21:07 -0500 (EST) Received: by osaka.louisville.edu (Postfix, from userid 15) id C272818605; Thu, 13 Jan 2000 17:21:06 -0500 (EST) Date: Thu, 13 Jan 2000 17:21:06 -0500 From: Keith Stevenson To: "Rodney W. Grimes" Cc: "Jordan K. Hubbard" , markm@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: We need to do an audit of our "crypto", both current and planned. Message-ID: <20000113172106.B67821@osaka.louisville.edu> References: <95546.947784235@zippy.cdrom.com> <200001132119.NAA33623@gndrsh.dnsmgr.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0pre3i In-Reply-To: <200001132119.NAA33623@gndrsh.dnsmgr.net> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, Jan 13, 2000 at 01:19:38PM -0800, Rodney W. Grimes wrote: > > So, IMHO, yes, you have to submit an ``Internet address'' (Can't find > a legal definition of that one, is it an IP number, URL, or what??? I > think the intent was a URL.) for each different copy of what was exported. Quoting Amendment #3 again... "To qualify, exporters must notify BXA of the Internet location (e.g., URL or Internet address) or provide a copy of the source code by the time of export." Based on that, my non-legal-expert opinion is that a URL is sufficient. (Dammit Jim, I'm a sysadmin not a lawyer! :) Regards, --Keith Stevenson-- -- Keith Stevenson System Programmer - Data Center Services - University of Louisville k.stevenson@louisville.edu PGP key fingerprint = 4B 29 A8 95 A8 82 EA A2 29 CE 68 DE FC EE B6 A0 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jan 13 14:44:34 2000 Delivered-To: freebsd-security@freebsd.org Received: from gndrsh.dnsmgr.net (GndRsh.dnsmgr.net [198.145.92.4]) by hub.freebsd.org (Postfix) with ESMTP id 3D2EE14CED; Thu, 13 Jan 2000 14:44:31 -0800 (PST) (envelope-from freebsd@gndrsh.dnsmgr.net) Received: (from freebsd@localhost) by gndrsh.dnsmgr.net (8.9.3/8.9.3) id OAA33836; Thu, 13 Jan 2000 14:44:18 -0800 (PST) (envelope-from freebsd) From: "Rodney W. Grimes" Message-Id: <200001132244.OAA33836@gndrsh.dnsmgr.net> Subject: Re: We need to do an audit of our "crypto", both current and planned. In-Reply-To: <20000113172106.B67821@osaka.louisville.edu> from Keith Stevenson at "Jan 13, 2000 05:21:06 pm" To: k.stevenson@louisville.edu (Keith Stevenson) Date: Thu, 13 Jan 2000 14:44:17 -0800 (PST) Cc: jkh@zippy.cdrom.com (Jordan K. Hubbard), markm@FreeBSD.ORG, security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > On Thu, Jan 13, 2000 at 01:19:38PM -0800, Rodney W. Grimes wrote: > > > > So, IMHO, yes, you have to submit an ``Internet address'' (Can't find > > a legal definition of that one, is it an IP number, URL, or what??? I > > think the intent was a URL.) for each different copy of what was exported. > > Quoting Amendment #3 again... Not in the information provided by Jordan :-(. I'll go get the whole text from the URL's someone else posted and read the whole of it. > > "To qualify, exporters must notify BXA of the Internet location (e.g., URL or > Internet address) or provide a copy of the source code by the time of export." > > Based on that, my non-legal-expert opinion is that a URL is sufficient. I still don't have a legal definition for ``Internet address'', and now I need one for ``URL'' too. e.g.,'s are just that, examples, not legal definitions. > > (Dammit Jim, I'm a sysadmin not a lawyer! :) I'm neither any more :-) -- Rod Grimes - KD7CAX @ CN85sl - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jan 13 14:57:31 2000 Delivered-To: freebsd-security@freebsd.org Received: from lariat.lariat.org (lariat.lariat.org [206.100.185.2]) by hub.freebsd.org (Postfix) with ESMTP id 33E271531D; Thu, 13 Jan 2000 14:57:29 -0800 (PST) (envelope-from brett@lariat.org) Received: from workhorse (IDENT:ppp0.lariat.org@lariat.lariat.org [206.100.185.2]) by lariat.lariat.org (8.9.3/8.9.3) with ESMTP id PAA14208; Thu, 13 Jan 2000 15:57:23 -0700 (MST) Message-Id: <4.2.2.20000113155651.01d15370@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2 Date: Thu, 13 Jan 2000 15:57:21 -0700 To: "Jordan K. Hubbard" , markm@FreeBSD.ORG From: Brett Glass Subject: Re: We need to do an audit of our "crypto", both current and planned. Cc: security@FreeBSD.ORG In-Reply-To: <95546.947784235@zippy.cdrom.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 10:23 AM 1/13/2000 , Jordan K. Hubbard wrote: >So that we can obey this clause of the new export agreement: > >Encryption source code which is available to the public and which is >subject to an express agreement for the payment of a licensing fee or This should be "not subject to." --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jan 13 15: 9: 9 2000 Delivered-To: freebsd-security@freebsd.org Received: from gndrsh.dnsmgr.net (GndRsh.dnsmgr.net [198.145.92.4]) by hub.freebsd.org (Postfix) with ESMTP id CAA5C150BA; Thu, 13 Jan 2000 15:09:04 -0800 (PST) (envelope-from freebsd@gndrsh.dnsmgr.net) Received: (from freebsd@localhost) by gndrsh.dnsmgr.net (8.9.3/8.9.3) id PAA33905; Thu, 13 Jan 2000 15:08:44 -0800 (PST) (envelope-from freebsd) From: "Rodney W. Grimes" Message-Id: <200001132308.PAA33905@gndrsh.dnsmgr.net> Subject: Re: We need to do an audit of our "crypto", both current and planned. In-Reply-To: <4.2.2.20000113155651.01d15370@localhost> from Brett Glass at "Jan 13, 2000 03:57:21 pm" To: brett@lariat.org (Brett Glass) Date: Thu, 13 Jan 2000 15:08:44 -0800 (PST) Cc: jkh@zippy.cdrom.com (Jordan K. Hubbard), markm@FreeBSD.ORG, security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > At 10:23 AM 1/13/2000 , Jordan K. Hubbard wrote: > > >So that we can obey this clause of the new export agreement: > > > >Encryption source code which is available to the public and which is > >subject to an express agreement for the payment of a licensing fee or > > This should be "not subject to." I sure hope that it is ``not subject to'', I was reading that and thinking real hard just how the open source world was going to get around the fact that they needed, not only, to take a payment, but also create an ``express agreement'' for that payment :-) -- Rod Grimes - KD7CAX @ CN85sl - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jan 13 17: 6:45 2000 Delivered-To: freebsd-security@freebsd.org Received: from vasquez.zip.com.au (vasquez.zip.com.au [203.12.97.41]) by hub.freebsd.org (Postfix) with ESMTP id C1A8514C0B for ; Thu, 13 Jan 2000 17:06:40 -0800 (PST) (envelope-from ncb@zip.com.au) Received: from zipperii.zip.com.au (ncb@zipperii.zip.com.au [203.12.97.87]) by vasquez.zip.com.au (8.9.2/8.9.1) with ESMTP id MAA03186 for ; Fri, 14 Jan 2000 12:06:37 +1100 (EST) Date: Fri, 14 Jan 2000 12:06:36 +1100 (EST) From: Nicholas Brawn To: freebsd-security@freebsd.org Subject: Disallow remote login by regular user. Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi folks. I'm trying to ocnfigure my system so that I can disallow a particular user account from being able to login remotely, and forcing users to su to the account instead. How may I configure this? PS. Users may be using anything from telnet to ssh to login to the system, so I need something that works across the board. Cheers, Nick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jan 13 17:41: 0 2000 Delivered-To: freebsd-security@freebsd.org Received: from pau-amma.whistle.com (pau-amma.whistle.com [207.76.205.64]) by hub.freebsd.org (Postfix) with ESMTP id 330B614E9A for ; Thu, 13 Jan 2000 17:40:58 -0800 (PST) (envelope-from dhw@whistle.com) Received: (from dhw@localhost) by pau-amma.whistle.com (8.9.2/8.9.2) id RAA49056; Thu, 13 Jan 2000 17:40:56 -0800 (PST) Date: Thu, 13 Jan 2000 17:40:56 -0800 (PST) From: David Wolfskill Message-Id: <200001140140.RAA49056@pau-amma.whistle.com> To: freebsd-security@FreeBSD.ORG, ncb@zip.com.au Subject: Re: Disallow remote login by regular user. In-Reply-To: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Date: Fri, 14 Jan 2000 12:06:36 +1100 (EST) >From: Nicholas Brawn >Hi folks. I'm trying to ocnfigure my system so that I can disallow a >particular user account from being able to login remotely, and forcing >users to su to the account instead. How may I configure this? >PS. Users may be using anything from telnet to ssh to login to the system, >so I need something that works across the board. I find that using '*' as the encrypted password appears to do the job for me. Cheers, david -- David Wolfskill dhw@whistle.com UNIX System Administrator voice: (650) 577-7158 pager: (888) 347-0197 FAX: (650) 372-5915 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jan 13 17:43:14 2000 Delivered-To: freebsd-security@freebsd.org Received: from cc942873-a.ewndsr1.nj.home.com (cc942873-a.ewndsr1.nj.home.com [24.2.89.207]) by hub.freebsd.org (Postfix) with ESMTP id 55D2914DF1 for ; Thu, 13 Jan 2000 17:43:10 -0800 (PST) (envelope-from cjc@cc942873-a.ewndsr1.nj.home.com) Received: (from cjc@localhost) by cc942873-a.ewndsr1.nj.home.com (8.9.3/8.9.3) id UAA15101; Thu, 13 Jan 2000 20:45:21 -0500 (EST) (envelope-from cjc) From: "Crist J. Clark" Message-Id: <200001140145.UAA15101@cc942873-a.ewndsr1.nj.home.com> Subject: Re: Disallow remote login by regular user. In-Reply-To: from Nicholas Brawn at "Jan 14, 2000 12:06:36 pm" To: ncb@zip.com.au (Nicholas Brawn) Date: Thu, 13 Jan 2000 20:45:20 -0500 (EST) Cc: freebsd-security@FreeBSD.ORG Reply-To: cjclark@home.com X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Nicholas Brawn wrote, > Hi folks. I'm trying to ocnfigure my system so that I can disallow a > particular user account from being able to login remotely, and forcing > users to su to the account instead. How may I configure this? > > PS. Users may be using anything from telnet to ssh to login to the system, > so I need something that works across the board. For anything that is going to call login(1), you can use /etc/login.access(5). That pretty much eliminates stuff like telnet, rlogin, and console logins. For SSH, look at the 'AllowUsers' and 'DenyUsers' keywords for the sshd_conf file on the sshd(8) manpage. And of course, if ftp(1) is an issue, there is /etc/ftpusers as described in ftpd(8). None of these options, however, should mess with su(1). -- Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jan 13 17:46:22 2000 Delivered-To: freebsd-security@freebsd.org Received: from icg.interactivate.com (icg.interactivate.com [207.110.42.216]) by hub.freebsd.org (Postfix) with ESMTP id 7924114E9A for ; Thu, 13 Jan 2000 17:46:20 -0800 (PST) (envelope-from larry@interactivate.com) Received: from cx47987-c (cx47987-c.escnd1.sdca.home.com [24.0.175.251]) by icg.interactivate.com (8.9.3/8.9.3) with ESMTP id RAA21281; Thu, 13 Jan 2000 17:49:14 -0800 (PST) Message-Id: <4.2.2.20000113173750.00bd29a0@mail.interactivate.com> X-Sender: larry@mail.interactivate.com (Unverified) X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2 Date: Thu, 13 Jan 2000 17:41:11 -0800 To: Nicholas Brawn , freebsd-security@FreeBSD.ORG From: Lawrence Sica Subject: Re: Disallow remote login by regular user. In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 12:06 PM 1/14/00 +1100, Nicholas Brawn wrote: >Hi folks. I'm trying to ocnfigure my system so that I can disallow a >particular user account from being able to login remotely, and forcing >users to su to the account instead. How may I configure this? > >PS. Users may be using anything from telnet to ssh to login to the system, >so I need something that works across the board. across the board i'm not sure but i think you could modify the sshd_config file to deny the user remote login and telnet uses login so you could setup a /etc/login.access file to deny access. I haven't had to set this up so I'm thinking where i would start. do a man on login.access for howto set that up. It will allow you to give access to user by their tty. Check the respective man pages for exact particulars. HTH --Larry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jan 13 19:14:57 2000 Delivered-To: freebsd-security@freebsd.org Received: from lariat.lariat.org (lariat.lariat.org [206.100.185.2]) by hub.freebsd.org (Postfix) with ESMTP id 581A514DE2; Thu, 13 Jan 2000 19:14:51 -0800 (PST) (envelope-from brett@lariat.org) Received: from workhorse (IDENT:ppp0.lariat.org@lariat.lariat.org [206.100.185.2]) by lariat.lariat.org (8.9.3/8.9.3) with ESMTP id UAA16862; Thu, 13 Jan 2000 20:14:25 -0700 (MST) Message-Id: <4.2.2.20000113201211.01cabcf0@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2 Date: Thu, 13 Jan 2000 20:14:19 -0700 To: "Rodney W. Grimes" From: Brett Glass Subject: Re: We need to do an audit of our "crypto", both current and planned. Cc: jkh@zippy.cdrom.com (Jordan K. Hubbard), markm@FreeBSD.ORG, security@FreeBSD.ORG In-Reply-To: <200001132308.PAA33905@gndrsh.dnsmgr.net> References: <4.2.2.20000113155651.01d15370@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Don't start jumping up and down and cheering yet, though; there's another problem. That problem, alas, is the word "unrestricted." The only code that's "unrestricted," according to the new regs, is code that uses keys of 64 or fewer bits. Or at least that's how I understand the draft at http://www.cdt.org/crypto/admin/000110cryptoregs.shtml --Brett At 04:08 PM 1/13/2000 , Rodney W. Grimes wrote: > > At 10:23 AM 1/13/2000 , Jordan K. Hubbard wrote: > > > > >So that we can obey this clause of the new export agreement: > > > > > >Encryption source code which is available to the public and which is > > >subject to an express agreement for the payment of a licensing fee or > > > > This should be "not subject to." > >I sure hope that it is ``not subject to'', I was reading that and thinking >real hard just how the open source world was going to get around >the fact that they needed, not only, to take a payment, but also create >an ``express agreement'' for that payment :-) > > >-- >Rod Grimes - KD7CAX @ CN85sl - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jan 13 19:32: 5 2000 Delivered-To: freebsd-security@freebsd.org Received: from lariat.lariat.org (lariat.lariat.org [206.100.185.2]) by hub.freebsd.org (Postfix) with ESMTP id 6B6D014DB7 for ; Thu, 13 Jan 2000 19:31:58 -0800 (PST) (envelope-from brett@lariat.org) Received: from workhorse (IDENT:ppp0.lariat.org@lariat.lariat.org [206.100.185.2]) by lariat.lariat.org (8.9.3/8.9.3) with ESMTP id UAA17038 for ; Thu, 13 Jan 2000 20:31:52 -0700 (MST) Message-Id: <4.2.2.20000113202656.01d66100@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2 Date: Thu, 13 Jan 2000 20:31:45 -0700 To: security@freebsd.org From: Brett Glass Subject: Crypto regulations: Lucy pulls the football away? Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1"; format=flowed Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I've been poring over the proposed new crypto regulations, and think I see= =20 a serious problem vis-a-vis open source. The provision that allows the=20 export of source code, quoted at=20 http://www.cdt.org/crypto/admin/000110cryptoregs.shtml, says: >Also in =A7740.13, to, in part, take into account the "open source"= approach=20 >to software development, UNRESTRICTED encryption source code not subject=20 >to an express agreement for the payment of a licensing fee or royalty for= =20 >commercial production or sale of any product developed using the source=20 >code can, without review, be released from "EI" controls and exported and= =20 >reexported under License Exception TSU. Note the use of the qualifier "unrestricted" in the paragraph above. So,=20 what's "unrestricted?" The text one paragraph above gives what appears to=20 be an answer: >In =A7740.13, Technology and Software UNRESTRICTED, changes are made to=20 >reflect amendments to the Wassenaar Arrangement. Specifically, encryption= =20 >software is no longer eligible for mass market treatment under the General= =20 >Software Note. Encryption commodities and software are now eligible for=20 >mass market treatment under the new Cryptography Note in Category 5 - Part= =20 >2 of the CCL. This Note multilaterally decontrols mass market encryption=20 >commodities and software up to and including 64-bits. So, if I read the draft correctly, no open source crypto software that's=20 strong enough to protect anyone's privacy against a marginally competent=20 code cracker can be exported, even under the new rules. Am I off base here?= =20 I hope I am, but I fear I'm not. --Brett Glass To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jan 13 19:44:49 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.wzrd.com (mail.wzrd.com [206.99.165.3]) by hub.freebsd.org (Postfix) with ESMTP id 9FE6A14D4C for ; Thu, 13 Jan 2000 19:44:47 -0800 (PST) (envelope-from danh@wzrd.com) Received: by mail.wzrd.com (Postfix, from userid 91) id 6B2CA5D01E; Thu, 13 Jan 2000 22:44:46 -0500 (EST) Subject: Re: Disallow remote login by regular user. In-Reply-To: from Nicholas Brawn at "Jan 14, 2000 12: 6:36 pm" To: ncb@zip.com.au (Nicholas Brawn) Date: Thu, 13 Jan 2000 22:44:46 -0500 (EST) Cc: freebsd-security@freebsd.org X-Mailer: ELM [version 2.4ME+ PL43 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 491 Message-Id: <20000114034446.6B2CA5D01E@mail.wzrd.com> From: danh@wzrd.com (Dan Harnett) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello, You could also set this particular user's shell to /sbin/nologin and make the others use the -m option to su. Dan Harnett > Hi folks. I'm trying to ocnfigure my system so that I can disallow a > particular user account from being able to login remotely, and forcing > users to su to the account instead. How may I configure this? > > PS. Users may be using anything from telnet to ssh to login to the system, > so I need something that works across the board. > > Cheers, > Nick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jan 13 19:47:50 2000 Delivered-To: freebsd-security@freebsd.org Received: from cairo.anu.edu.au (cairo.anu.edu.au [150.203.224.11]) by hub.freebsd.org (Postfix) with ESMTP id 1D24A155EA for ; Thu, 13 Jan 2000 19:47:45 -0800 (PST) (envelope-from avalon@cairo.anu.edu.au) Received: (from avalon@localhost) by cairo.anu.edu.au (8.9.3/8.9.3) id OAA24531; Fri, 14 Jan 2000 14:47:30 +1100 (EST) From: Darren Reed Message-Id: <200001140347.OAA24531@cairo.anu.edu.au> Subject: Re: Crypto regulations: Lucy pulls the football away? To: brett@lariat.org (Brett Glass) Date: Fri, 14 Jan 2000 14:47:30 +1100 (Australia/NSW) Cc: security@FreeBSD.ORG In-Reply-To: <4.2.2.20000113202656.01d66100@localhost> from "Brett Glass" at Jan 13, 2000 08:31:45 PM X-Mailer: ELM [version 2.5 PL1] MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In some mail from Brett Glass, sie said: [...] > >In §740.13, Technology and Software UNRESTRICTED, changes are made to > >reflect amendments to the Wassenaar Arrangement. Specifically, encryption > >software is no longer eligible for mass market treatment under the General > >Software Note. Encryption commodities and software are now eligible for > >mass market treatment under the new Cryptography Note in Category 5 - Part > >2 of the CCL. This Note multilaterally decontrols mass market encryption > >commodities and software up to and including 64-bits. > > So, if I read the draft correctly, no open source crypto software that's > strong enough to protect anyone's privacy against a marginally competent > code cracker can be exported, even under the new rules. Am I off base here? > I hope I am, but I fear I'm not. What does "Category 5 - Part 2 of the CCL" say ? At first they say: "encryption software is no longer eligible for mass market treatment under the General Software Note." but then go on to say: "Encryption commodities and software are now eligible for mass market treatment under the new Cryptography Note in Category 5 - Part 2 of the CCL." And then goes on to say: "This Note multilaterally decontrols mass market encryption commodities and software up to and including 64-bits" I read that as saying encryption software must be classified according to "Category 5 - Part 2 of the CCL" to determine if it is mass market or not, as opposed to whatever the "General Software Note" is. Better yet, get a lawyer who does government stuff for a living to read and advise. Darren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jan 13 23:46:42 2000 Delivered-To: freebsd-security@freebsd.org Received: from jason.argos.org (a1-3b058.neo.rr.com [24.93.181.58]) by hub.freebsd.org (Postfix) with ESMTP id 83E8E150FB for ; Thu, 13 Jan 2000 23:46:39 -0800 (PST) (envelope-from mike@argos.org) Received: from localhost (mike@localhost) by jason.argos.org (8.9.1/8.9.1) with ESMTP id CAA00340; Fri, 14 Jan 2000 02:46:11 -0500 Date: Fri, 14 Jan 2000 02:46:11 -0500 (EST) From: Mike Nowlin To: Nicholas Brawn Cc: freebsd-security@FreeBSD.ORG Subject: Re: Disallow remote login by regular user. In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Hi folks. I'm trying to ocnfigure my system so that I can disallow a > particular user account from being able to login remotely, and forcing > users to su to the account instead. How may I configure this? Be careful of your definition of "remotely". I have several users that need to telnet into a machine to trigger a program to run, but they're only allowed to telnet in from certain machines on the local network, and we don't want them triggering it from home. /etc/login.conf with a few extra class entries can be your friend. With a bit of careful planning, locking down certain users (or opening it up to certain users) is fairly easy. Check the "hosts.{allow|deny}" and "ttys.{allow|deny}" entries in the man page for login.conf. --mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jan 14 0: 0:17 2000 Delivered-To: freebsd-security@freebsd.org Received: from sonet.crimea.ua (OTC-sl3-FLY.CRIS.NET [212.110.136.71]) by hub.freebsd.org (Postfix) with ESMTP id 7AF38151C4 for ; Thu, 13 Jan 2000 23:59:59 -0800 (PST) (envelope-from phantom@scorpion.crimea.ua) Received: (from uucp@localhost) by sonet.crimea.ua (8.9.3/8.9.3) with UUCP id KAA13232; Fri, 14 Jan 2000 10:07:33 +0300 (MSK) Received: (from phantom@localhost) by scorpion.crimea.ua (8.8.8/8.8.5+ssl+keepalive) id JAA28258; Fri, 14 Jan 2000 09:07:18 +0300 (MSK) Date: Fri, 14 Jan 2000 09:07:18 +0300 From: Alexey Zelkin To: David Wolfskill Cc: freebsd-security@FreeBSD.ORG, ncb@zip.com.au Subject: Re: Disallow remote login by regular user. Message-ID: <20000114090718.C16542@scorpion.crimea.ua> References: <200001140140.RAA49056@pau-amma.whistle.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.7i In-Reply-To: <200001140140.RAA49056@pau-amma.whistle.com> X-Operating-System: FreeBSD 2.2.7-RELEASE i386 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org hi, On Thu, Jan 13, 2000 at 05:40:56PM -0800, David Wolfskill wrote: > >Hi folks. I'm trying to ocnfigure my system so that I can disallow a > >particular user account from being able to login remotely, and forcing > >users to su to the account instead. How may I configure this? > > >PS. Users may be using anything from telnet to ssh to login to the system, ^^^ > >so I need something that works across the board. > > I find that using '*' as the encrypted password appears to do the job > for me. It will not fix a problem if user if user have ~/.ssh/identity file :) Simplest and dirty way to fix such problems is just changing user shell to unexistent one or something like /bin/date :) -- /* Alexey Zelkin && phantom@cris.net */ /* Tavric National University && phantom@crimea.edu */ /* http://www.ccssu.crimea.ua/~phantom && phantom@FreeBSD.org */ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jan 14 1:21:53 2000 Delivered-To: freebsd-security@freebsd.org Received: from newgate.superusers.dk (newgate.superusers.dk [193.88.184.3]) by hub.freebsd.org (Postfix) with ESMTP id 0EF1714F8F for ; Fri, 14 Jan 2000 01:21:51 -0800 (PST) (envelope-from mojo@superusers.dk) Received: from jackson.super.dk (jackson.super.dk [193.88.250.12]) by newgate.superusers.dk (8.9.2/8.9.2) with ESMTP id KAA03715 for ; Fri, 14 Jan 2000 10:21:49 +0100 (CET) (envelope-from mojo@superusers.dk) Received: from superusers.dk (webling.super.dk [193.88.250.206]) by jackson.super.dk (8.9.3/8.9.3) with ESMTP id KAA13771 for ; Fri, 14 Jan 2000 10:21:47 +0100 (MET) Message-ID: <387EEAA2.5BB4F793@superusers.dk> Date: Fri, 14 Jan 2000 10:21:38 +0100 From: Morten Joergensen Organization: SuperUsers a/s X-Mailer: Mozilla 4.61 [en] (X11; I; FreeBSD 3.4-STABLE i386) X-Accept-Language: da, en MIME-Version: 1.0 To: freebsd-security@FreeBSD.ORG Subject: (no subject) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org auth 4d1caf50 subscribe freebsd-security mojo@superusers.dk To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jan 14 2:36:53 2000 Delivered-To: freebsd-security@freebsd.org Received: from netserv.osi.ru (netserv.osi.ru [195.178.193.139]) by hub.freebsd.org (Postfix) with ESMTP id DC86215214 for ; Fri, 14 Jan 2000 02:36:47 -0800 (PST) (envelope-from ks@itp.ac.ru) Received: from ntgate.osi.ru (ntgate.osi.ru [195.178.194.141]) by netserv.osi.ru (8.9.1a/8.9.1) with SMTP id NAA23651 for ; Fri, 14 Jan 2000 13:37:37 +0300 (MSK/MSD) Received: from speecart.osi.ru ([195.178.194.35]) by ntgate.osi.ru (Lotus SMTP MTA v4.6.6 (890.1 7-16-1999)) with SMTP id C3256866.003A5E4F; Fri, 14 Jan 2000 13:37:32 +0300 Message-ID: X-Mailer: XFMail 1.2 [p0] on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=KOI8-R Content-Transfer-Encoding: 8bit MIME-Version: 1.0 Date: Fri, 14 Jan 2000 14:41:11 +0300 (MSK) Reply-To: ks@itp.ac.ru Organization: OSI AF, Moscow office From: "Sergey S. Kosyakov" To: freebsd-security@freebsd.org Subject: UDP port 9080 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Somebody from 209.67.9.49 has sent a number of UDP packets to my firewall's port 9080 (they were filtered). Does anybody know what it can be? Sergey. --- ---------------------------------- Sergey Kosyakov Systems Administrator Open Society Institute Tel.: (095) 921-3835, (095) 921-8147 E-Mail: Sergey S. Kosyakov Date: 14-Jan-00 Time: 14:39:05 --- "I stayed up all night playing poker with tarot cards. I got a full house and four people died." -- Steven Wright ---------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jan 14 5: 8:22 2000 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 6E6CD14F79 for ; Fri, 14 Jan 2000 05:08:13 -0800 (PST) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id IAA36001 for ; Fri, 14 Jan 2000 08:08:25 -0500 (EST) (envelope-from robert@cyrus.watson.org) Date: Fri, 14 Jan 2000 08:08:25 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: freebsd-security@freebsd.org Subject: Restructuring authorization checks to facilitate new security models Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi there folks, As you most likely know, I've been involved in a number of projects relating to extending or replacing the base FreeBSD/BSD security model for a variety of purposes, be it integration with distributed systems, or trusted system extensions for FreeBSD. One recurring theme has been that the first thing to be replaced are the calls to suser(), problems managing object security parameters, extending pcred, etc. I'd like to propose that we discuss modifying the current structure a bit to improve the extensibility of the security model, enabling projects such as FreeDTE, trusted OS extensions such as POSIX.1e, etc, to be implemented more easily and less intrusively. Almost all authorization mechanisms fall under the generalization that they involve some subject (process) performing an operation on one or more objects (process, vnode, network interface, ...), which may in and of themselves be the subjects of other operations. For example, currently with the privileged uid 0 behavior, almost all checks involve simply a subject, and an implicit operation, with little regard for the object (suser()). With file permissions, all of these are taken into account: a subject, an object, and a specific operation checked against a permission mask (or ACL). With signal operations, again there are subjects and objects, both of which are processes. Mandatory access control, capabilities, and DTE all fit well into this model. As such, a basic security operation usually looks a little like this: access_check(subject_label, object_label, operation_descriptor) Which would return a boolean descriptor. In the case of MAC or information flow labels, the object_label or subject_label would be modified as a result of this operation. The best approach may simply be to define a generic, extensible security label with the desirable features -- uids, capabilities, MAC labels, etc. Then replace existing permission structures with these. For example: if ((error = access_check(p1->p_seclabel, p2->p_seclabel, ACCESS_PKILL)) return (error); if ((error = VOP_GETSECLABEL(vp, &seclabel, p, 0)) return (error); if ((error = access_check(p1->p_seclabel, &seclabel, ACESS_WRITE)) return (error); You could imagine a more extensive ACCES_ component that described the operation as part of a hierarchal set of operation descriptors, etc, etc, but you get the idea--a constant suffices for this example. In the case of normal UNIX-like operation, this call would result in an ownership check, a suser check, and a capability check. With MAC enabled, there would also be an overriding MAC label check, etc. I.e., this call would demux in a centralized policy engine that could implement a variety of policies in a pluggable way--possibly even pluggable at runtime using klds. You could imagine a simple boolean evaluation tree merging policy results from various policy modules to produce a consistent combined policy based on allowing capabilities, relying on MAC, and permitting a superuser, for example. Similarly, you can imagine pulling the superuser support at runtime, or adding securelevel modules that introduce masks on available results. Some unfamiliar objects would also be assigned labels for security processing--interfaces, IPFW configuration, ... Anyhow, this functionality would be very useful to me, and a number of others working on security-related projects in the kernel. I'd like to get feedback and discussion on the set of checks that could be adapted to such a format, and their requirements--i.e., are all checks going to involve two labels? What kind of material should be in the seclabel (prison, uids, gids, capabilities, mac labels, inf labels, extensible pointers...?), etc. Presumably a proc pointer is also required to allow scheduling of events (i.e., to read policy from userland or a file, etc). Is this kind of generalization one that would be useful to commit to the central repository? It would certainly make maintaing a mandatory access control implementation easier, as normally such an implementation requires fairly intrusive hooks throughout the OS, but this call is a generic form of those hooks. Any comments or suggestions would be much appreciated--I'd like to start work on an implementation ASAP (i.e., in the next two weeks) so I can push a number of new security models out the door. Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jan 14 5:49:12 2000 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 28AE0151A0 for ; Fri, 14 Jan 2000 05:49:05 -0800 (PST) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id IAA36057 for ; Fri, 14 Jan 2000 08:46:35 -0500 (EST) (envelope-from robert@cyrus.watson.org) Date: Fri, 14 Jan 2000 08:46:35 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: freebsd-security@freebsd.org Subject: Further issues (was: Re: Restructuring authorization checks to facilitate new security models) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org A further expansion on a question I meant to address in my previous email, but didn't go into in detail: Should type information for objects/subjects be passed as a property of the object/subject argument components, or as a property of the operation component? I.e., ACCESS_PKILL implies that both elements are processes, but you could imagine using more generic ACCESS_WRITE and providing type information to indicate that the elements are processes. I.e., int access_check(subject_type, subject_label, object_type, object_label, operation_descriptor); In this manner, modules could determine whether they are interested in mediating a particular request--i.e., a prison implementation could decide to ignore all file requests, as chroot would cover its requirements. This could result in a reduced set of operations that are easier to manage: i.e., ACCESS_READ, ACCESS_WRITE, ACCESS_ALLOC, ACCESS_DELETE, and so on, allowing more overlap between categories based on subject/object type. The nature of the operation_descriptor field is pretty relevant--do access control mechanisms wants to make decisions based on well-defined abstractions, or based on specific call descriptors (i.e., per-syscall/vnops/vfsops/etc)? Or both? Possible object_type's might be: OBJECT_IPFW OBJECT_VNODE OBJECT_PROC OBJECT_KERNLINKER ... You could also imagine a two-level hierarchy for the operations as a possibility, with flags indicating specifics if necessary: ..., REQUEST_TYPE_VNODE, REQUEST_OPEN, FWRITE|FREAD) ..., REQUEST_TYPE_IPFW, REQUEST_READ, 0) ..., REQUEST_TYPE_PTRACE, REQUEST_OPEN, 0) ..., REQUEST_TYPE_IP_TCP_PRIVILEGED, REQUEST_OPEN, 0) or ..., OBJECT_VNODE, REQUEST_OPEN, FWRITE|FREAD) ..., OBJECT_PTRACE, REQUEST_OPEN, 0) ..., OBJECT_SOCKET_IP, REQUEST_OPEN, SRESERVED) Depending on how fine-grained the mechanism needed to be, this might have to be very detailed, or fairly broad. Keeping a standard REQUEST_ field would allow decisions about operations that might not be understood by the policy mechanism--i.e., MAC might not know about vnodes, but would know that a process with an appropriate label might be permitted to read but not write that object, suggesting REQUEST_OPEN should in fact be two calls at open time--request permission to READ, and optionally WRITE if vn_open() wanted it. Similarly, signalling might constitute a WRITE from the point of view of MAC, suggesting: ..., OBJECT_PROC, PROC_SIGNAL, REQUEST_WRITE, 0) ..., OBJECT_PROC, PROC_PTRACE, REQUEST_WRITE, 0) Anyhow, thoughts are welcome. Depending on response on -security, I may move this to -arch in a bit. Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jan 14 8:19:47 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.xmission.com (mail.xmission.com [198.60.22.22]) by hub.freebsd.org (Postfix) with ESMTP id C98391534E for ; Fri, 14 Jan 2000 08:19:43 -0800 (PST) (envelope-from wes@softweyr.com) Received: from [204.68.178.39] (helo=softweyr.com ident=wes) by mail.xmission.com with esmtp (Exim 3.03 #3) id 1299Ro-0008TB-00; Fri, 14 Jan 2000 09:19:37 -0700 Message-ID: <387F4D7C.3C72D334@softweyr.com> Date: Fri, 14 Jan 2000 09:23:24 -0700 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.7 [en] (X11; U; FreeBSD 3.3-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: Alexey Zelkin Cc: David Wolfskill , freebsd-security@FreeBSD.ORG, ncb@zip.com.au Subject: Re: Disallow remote login by regular user. References: <200001140140.RAA49056@pau-amma.whistle.com> <20000114090718.C16542@scorpion.crimea.ua> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Alexey Zelkin wrote: > > hi, > > On Thu, Jan 13, 2000 at 05:40:56PM -0800, David Wolfskill wrote: > > > >Hi folks. I'm trying to ocnfigure my system so that I can disallow a > > >particular user account from being able to login remotely, and forcing > > >users to su to the account instead. How may I configure this? > > > > >PS. Users may be using anything from telnet to ssh to login to the system, > ^^^ > > >so I need something that works across the board. > > > > I find that using '*' as the encrypted password appears to do the job > > for me. > > It will not fix a problem if user if user have ~/.ssh/identity file :) > > Simplest and dirty way to fix such problems is just changing user shell > to unexistent one or something like /bin/date :) Or /bin/nologin, or install the no-login package/port and use /usr/local/bin/ nologin, which will log attempts in syslog for you. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jan 14 8:39: 2 2000 Delivered-To: freebsd-security@freebsd.org Received: from zeta.qmw.ac.uk (zeta.qmw.ac.uk [138.37.6.6]) by hub.freebsd.org (Postfix) with ESMTP id 0669914E47 for ; Fri, 14 Jan 2000 08:36:28 -0800 (PST) (envelope-from d.m.pick@qmw.ac.uk) Received: from xi.css.qmw.ac.uk ([138.37.8.11]) by zeta.qmw.ac.uk with esmtp (Exim 3.02 #1) id 1299h0-0000mK-00; Fri, 14 Jan 2000 16:35:19 +0000 Received: from cgaa180 by xi.css.qmw.ac.uk with local (Exim 1.92 #1) id 1299gy-0005rl-00; Fri, 14 Jan 2000 16:35:16 +0000 X-Mailer: exmh version 2.0.2 2/24/98 To: Robert Watson Cc: freebsd-security@freebsd.org Subject: Re: Restructuring authorization checks to facilitate new security models In-reply-to: Your message of "Fri, 14 Jan 2000 08:08:25 EST." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 14 Jan 2000 16:35:16 +0000 From: David Pick Message-Id: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org The subject/object model looks reasonable, but I suspect that some operations will turn out to have more than one object operand; for example a user/process (subject) mounting (operation) a file system (object) at a particular place in the already mounted filesystem (second object). I also suspect that the exact choice of which subject to use will not always be obvious; in my example will it be the user or the process? - the criteria about what object should "inherit" what capabilities from what object and be controlled by any ACLs tagged on to which object will be a good generator of (ahem) debate. -- David Pick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jan 14 10:35:14 2000 Delivered-To: freebsd-security@freebsd.org Received: from nu.binary.net (nu.binary.net [12.13.120.25]) by hub.freebsd.org (Postfix) with ESMTP id BC18915713 for ; Fri, 14 Jan 2000 10:32:31 -0800 (PST) (envelope-from nathan@rtfm.net) Received: from matrix.binary.net (root@matrix.binary.net [12.13.120.2]) by nu.binary.net (8.9.1a/8.9.0) with ESMTP id MAA29350; Fri, 14 Jan 2000 12:32:23 -0600 (CST) Received: (from nathan@localhost) by matrix.binary.net (8.9.3/8.9.1) id MAA19443; Fri, 14 Jan 2000 12:32:22 -0600 (CST) Date: Fri, 14 Jan 2000 13:32:22 -0500 From: Nathan Dorfman To: cjclark@home.com Cc: Nicholas Brawn , freebsd-security@FreeBSD.ORG Subject: Re: Disallow remote login by regular user. Message-ID: <20000114133222.A18079@rtfm.net> References: <200001140145.UAA15101@cc942873-a.ewndsr1.nj.home.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95i In-Reply-To: <200001140145.UAA15101@cc942873-a.ewndsr1.nj.home.com>; from Crist J. Clark on Thu, Jan 13, 2000 at 08:45:20PM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, Jan 13, 2000 at 08:45:20PM -0500, Crist J. Clark wrote: > Nicholas Brawn wrote, > > Hi folks. I'm trying to ocnfigure my system so that I can disallow a > > particular user account from being able to login remotely, and forcing > > users to su to the account instead. How may I configure this? > > > > PS. Users may be using anything from telnet to ssh to login to the system, > > so I need something that works across the board. > > For anything that is going to call login(1), you can use > /etc/login.access(5). That pretty much eliminates stuff like telnet, > rlogin, and console logins. For SSH, look at the 'AllowUsers' and > 'DenyUsers' keywords for the sshd_conf file on the sshd(8) > manpage. And of course, if ftp(1) is an issue, there is /etc/ftpusers > as described in ftpd(8). You can make sshd use login(1). Set UseLogin to yes in sshd_config. This is (at least sounds like) a good idea just so that login.access(5) and login.conf(5) have their effect. > None of these options, however, should mess with su(1). > -- > Crist J. Clark cjclark@home.com -- Nathan Dorfman The statements and opinions in my Unix Admin @ Frontline Communications public posts are mine, not FCC's. "The light at the end of the tunnel is the headlight of an approaching train." --/usr/games/fortune To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jan 14 13:43:14 2000 Delivered-To: freebsd-security@freebsd.org Received: from modemcable254.3-113-216.mtl.mc.videotron.net (modemcable254.3-113-216.mtl.mc.videotron.net [216.113.3.254]) by hub.freebsd.org (Postfix) with ESMTP id 36F4414D5C for ; Fri, 14 Jan 2000 13:43:11 -0800 (PST) (envelope-from lpreid@modemcable254.3-113-216.mtl.mc.videotron.net) Received: (from lpreid@localhost) by modemcable254.3-113-216.mtl.mc.videotron.net (8.9.3/8.9.3) id QAA60036; Fri, 14 Jan 2000 16:42:53 -0500 (EST) (envelope-from lpreid) Date: Fri, 14 Jan 2000 16:23:01 -0500 From: Louis-Philippe Reid To: Nicholas Brawn Cc: freebsd-security@FreeBSD.ORG Subject: Re: Disallow remote login by regular user. Message-ID: <20000114162301.B3133@modemcable254.3-113-216.mtl.mc.> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.6i X-Mailer: Mutt 0.95.6i In-Reply-To: ; from Nicholas Brawn on Fri, Jan 14, 2000 at 12:06:36PM +1100 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, Jan 14, 2000 at 12:06:36PM +1100, Nicholas Brawn wrote: > > Hi folks. I'm trying to ocnfigure my system so that I can disallow a > particular user account from being able to login remotely, and forcing > users to su to the account instead. How may I configure this? > > PS. Users may be using anything from telnet to ssh to login to the system, > so I need something that works across the board. > This is a suggestion, in no way am I saying over here that this a secure solution to the problem...i'm just throwing out an idea for discussion. How about setting up a script that would check what is the PPID of the current shell and check if this PPID is associated with an other shell. If PPID is an allowed shell (bash, sh, ...) then you know the user went thru su. Then you put this script in /etc/profile (or whatever is appropriate for the user's shell) and the script would get the UID of the user running the script and would check if it need to apply the policy for this user. If user is in the list and if PPID is not a shell, kill the current shell... it could even be the user's shell (a simple wrapper doing the job of checking PPID and then exec'ing the shell if check is ok) quick hack...but there could be security drawbacks i'm not thinking of. Bye! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jan 14 15:33:24 2000 Delivered-To: freebsd-security@freebsd.org Received: from cairo.anu.edu.au (cairo.anu.edu.au [150.203.224.11]) by hub.freebsd.org (Postfix) with ESMTP id 9979214FDB; Fri, 14 Jan 2000 15:33:17 -0800 (PST) (envelope-from avalon@cairo.anu.edu.au) Received: (from avalon@localhost) by cairo.anu.edu.au (8.9.3/8.9.3) id KAA23101; Sat, 15 Jan 2000 10:33:19 +1100 (EST) From: Darren Reed Message-Id: <200001142333.KAA23101@cairo.anu.edu.au> Subject: Re: We need to do an audit of our "crypto", both current and planned. To: jkh@zippy.cdrom.com (Jordan K. Hubbard) Date: Sat, 15 Jan 2000 10:33:19 +1100 (Australia/NSW) Cc: markm@FreeBSD.ORG, security@FreeBSD.ORG In-Reply-To: <95546.947784235@zippy.cdrom.com> from "Jordan K. Hubbard" at Jan 13, 2000 09:23:55 AM X-Mailer: ELM [version 2.5 PL1] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Jordon, have you actually sought out professional legal advice on this course of action ? The reason I ask is there seems to be more than one way to interpret this new law, with some saying all you need to do is send them a pointer to ftp://ftp.freebsd.org and you've done your work, as opposed to identifying each package individually. Darren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jan 14 17:35:36 2000 Delivered-To: freebsd-security@freebsd.org Received: from ind.alcatel.com (postal.xylan.com [208.8.0.248]) by hub.freebsd.org (Postfix) with ESMTP id 9BB00151A7; Fri, 14 Jan 2000 17:35:33 -0800 (PST) (envelope-from wes@softweyr.com) Received: from mailhub.xylan.com (mailhub [198.206.181.70]) by ind.alcatel.com (8.9.3+Sun/8.9.1 (ind.alcatel.com 3.0 [OUT])) with SMTP id RAA15550; Fri, 14 Jan 2000 17:34:22 -0800 (PST) X-Origination-Site: Received: from omni.xylan.com by mailhub.xylan.com (SMI-8.6/SMI-SVR4 (mailhub 2.1 [HUB])) id RAA29151; Fri, 14 Jan 2000 17:34:21 -0800 Received: from softweyr.com (dyn1.utah.xylan.com [198.206.184.237]) by omni.xylan.com (8.9.3+Sun/8.9.1 (Xylan engr [SPOOL])) with ESMTP id RAA21591; Fri, 14 Jan 2000 17:33:05 -0800 (PST) Message-ID: <387FCF80.285CF6E0@softweyr.com> Date: Fri, 14 Jan 2000 18:38:09 -0700 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.7 [en] (X11; U; FreeBSD 3.3-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: Darren Reed Cc: "Jordan K. Hubbard" , markm@freebsd.org, security@freebsd.org Subject: Re: We need to do an audit of our "crypto", both current and planned. References: <200001142333.KAA23101@cairo.anu.edu.au> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Darren Reed wrote: > > Jordon, have you actually sought out professional legal advice on this > course of action ? The reason I ask is there seems to be more than one > way to interpret this new law, with some saying all you need to do is > send them a pointer to ftp://ftp.freebsd.org and you've done your work, > as opposed to identifying each package individually. He's working on it; it was dicussed in -hackers yesterday. Sorry, I should've directed the conversation over here. Everybody be patient for a few days, we have plenty of time before 4.0-RELEASE to get this worked out. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jan 14 20:45:15 2000 Delivered-To: freebsd-security@freebsd.org Received: from zippy.cdrom.com (zippy.cdrom.com [204.216.27.228]) by hub.freebsd.org (Postfix) with ESMTP id 69A3D14C8B; Fri, 14 Jan 2000 20:45:14 -0800 (PST) (envelope-from jkh@zippy.cdrom.com) Received: from zippy.cdrom.com (jkh@localhost [127.0.0.1]) by zippy.cdrom.com (8.9.3/8.9.3) with ESMTP id UAA38588; Fri, 14 Jan 2000 20:45:16 -0800 (PST) (envelope-from jkh@zippy.cdrom.com) To: Darren Reed Cc: markm@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: We need to do an audit of our "crypto", both current and planned. In-reply-to: Your message of "Sat, 15 Jan 2000 10:33:19 +1100." <200001142333.KAA23101@cairo.anu.edu.au> Date: Fri, 14 Jan 2000 20:45:16 -0800 Message-ID: <38585.947911516@zippy.cdrom.com> From: "Jordan K. Hubbard" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Legal counsel will be consulted before making any significant moves on this, not to worry on that score. - Jordan > Jordon, have you actually sought out professional legal advice on this > course of action ? The reason I ask is there seems to be more than one > way to interpret this new law, with some saying all you need to do is > send them a pointer to ftp://ftp.freebsd.org and you've done your work, > as opposed to identifying each package individually. > > Darren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jan 14 21:52:44 2000 Delivered-To: freebsd-security@freebsd.org Received: from atdot.dotat.org (atdot.dotat.org [150.101.89.3]) by hub.freebsd.org (Postfix) with ESMTP id D0B0A14EB7 for ; Fri, 14 Jan 2000 21:51:56 -0800 (PST) (envelope-from newton@atdot.dotat.org) Received: (from newton@localhost) by atdot.dotat.org (8.9.3/8.9.3) id QAA01061; Sat, 15 Jan 2000 16:13:34 +1030 (CST) (envelope-from newton) Date: Sat, 15 Jan 2000 16:13:34 +1030 From: Mark Newton To: David Pick Cc: Robert Watson , freebsd-security@FreeBSD.ORG Subject: Re: Restructuring authorization checks to facilitate new security models Message-ID: <20000115161334.F767@atdot.dotat.org> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: ; from D.M.Pick@qmw.ac.uk on Fri, Jan 14, 2000 at 04:35:16PM +0000 X-PGP-Key: http://slash.dotat.org/~newton/pgpkey.txt Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, Jan 14, 2000 at 04:35:16PM +0000, David Pick wrote: > The subject/object model looks reasonable, but I suspect that some > operations will turn out to have more than one object operand; for > example a user/process (subject) mounting (operation) a file system > (object) at a particular place in the already mounted filesystem > (second object). It strikes me that that example represents at least three separate sequential authorization checks, not a single authorization check which needs to work on three subjects. Not to say that other stronger examples mightn't exist, but this doesn't appear to be one of them. - mark -------------------------------------------------------------------- I tried an internal modem, newton@atdot.dotat.org but it hurt when I walked. Mark Newton ----- Voice: +61-4-1620-2223 ------------- Fax: +61-8-82231777 ----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Jan 15 8:54:57 2000 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id EF57214C8B for ; Sat, 15 Jan 2000 08:54:49 -0800 (PST) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id LAA00926; Sat, 15 Jan 2000 11:55:03 -0500 (EST) (envelope-from robert@cyrus.watson.org) Date: Sat, 15 Jan 2000 11:55:02 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: David Pick Cc: freebsd-security@freebsd.org Subject: Re: Restructuring authorization checks to facilitate new security models In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 14 Jan 2000, David Pick wrote: > The subject/object model looks reasonable, but I suspect that some > operations will turn out to have more than one object operand; for > example a user/process (subject) mounting (operation) a file system > (object) at a particular place in the already mounted filesystem > (second object). I was wondering about this (and mentioned it as a possibility) but was not clear on specific examples where multiple objects were needed--in most cases this can be safely decomposed into two access checks, one per object. However, this continues to raise the issue of whether or not such access checks should be specific to individual requests, or whether they should be generic categories ("WRITE", "READ", ..). I'm leaning towards categories as it allows more extensibility with introduction of new syscalls, etc. > I also suspect that the exact choice of which subject to use will not > always be obvious; in my example will it be the user or the process? - > the criteria about what object should "inherit" what capabilities from > what object and be controlled by any ACLs tagged on to which object will > be a good generator of (ahem) debate. Presumably the credential block would resemble the existing ucred structure, maintaining uid/gid information, whether or not the process should be protected from ptrace/etc, a capability mask, and so on. As you point out, generalizing access checks also suggests generalizing some common points for transforms -- i.e., inheritence on exec. Presumably some things can't be generalized--for example, picking up privileges on exec from setuid binaries, transfer of rights via ancillary data on a socket (especially in the style of my tokens code where you can delegate the use of tokens). Similarly, we'll have to think through a way to notify the authorization subsystem of security events--MAC would require label changes on successful events, for example. One nice thing about providing a decent set of hooks and generalizations is that we could now have pluggable authorization modules--for example, FreeDTE could be dropped in with a kld at runtime, rather than having to be compiled in. Similarly, MAC, an otherwise extremely intrusive set of changes on the base source tree, could be slipped in with relative ease. Being able to say "load these kernel modules to get B2-targetted behavior" would be pretty impressive :-). Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Jan 15 14:24:39 2000 Delivered-To: freebsd-security@freebsd.org Received: from cc942873-a.ewndsr1.nj.home.com (cc942873-a.ewndsr1.nj.home.com [24.2.89.207]) by hub.freebsd.org (Postfix) with ESMTP id 1379415130 for ; Sat, 15 Jan 2000 14:24:37 -0800 (PST) (envelope-from cjc@cc942873-a.ewndsr1.nj.home.com) Received: (from cjc@localhost) by cc942873-a.ewndsr1.nj.home.com (8.9.3/8.9.3) id RAA52977; Sat, 15 Jan 2000 17:29:11 -0500 (EST) (envelope-from cjc) From: "Crist J. Clark" Message-Id: <200001152229.RAA52977@cc942873-a.ewndsr1.nj.home.com> Subject: Re: Disallow remote login by regular user. In-Reply-To: <200001140140.RAA49056@pau-amma.whistle.com> from David Wolfskill at "Jan 13, 2000 05:40:56 pm" To: dhw@whistle.com (David Wolfskill) Date: Sat, 15 Jan 2000 17:29:11 -0500 (EST) Cc: freebsd-security@FreeBSD.ORG, ncb@zip.com.au Reply-To: cjclark@home.com X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org David Wolfskill wrote, > >Date: Fri, 14 Jan 2000 12:06:36 +1100 (EST) > >From: Nicholas Brawn > > >Hi folks. I'm trying to ocnfigure my system so that I can disallow a > >particular user account from being able to login remotely, and forcing > >users to su to the account instead. How may I configure this? > > >PS. Users may be using anything from telnet to ssh to login to the system, > >so I need something that works across the board. > > I find that using '*' as the encrypted password appears to do the job > for me. But without a password, how does a non-root user then 'su' to these other accounts? -- Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Jan 15 14:29:43 2000 Delivered-To: freebsd-security@freebsd.org Received: from cc942873-a.ewndsr1.nj.home.com (cc942873-a.ewndsr1.nj.home.com [24.2.89.207]) by hub.freebsd.org (Postfix) with ESMTP id A673414E82 for ; Sat, 15 Jan 2000 14:29:38 -0800 (PST) (envelope-from cjc@cc942873-a.ewndsr1.nj.home.com) Received: (from cjc@localhost) by cc942873-a.ewndsr1.nj.home.com (8.9.3/8.9.3) id RAA53004; Sat, 15 Jan 2000 17:33:50 -0500 (EST) (envelope-from cjc) From: "Crist J. Clark" Message-Id: <200001152233.RAA53004@cc942873-a.ewndsr1.nj.home.com> Subject: Re: Disallow remote login by regular user. In-Reply-To: <20000114034446.6B2CA5D01E@mail.wzrd.com> from Dan Harnett at "Jan 13, 2000 10:44:46 pm" To: danh@wzrd.com (Dan Harnett) Date: Sat, 15 Jan 2000 17:33:50 -0500 (EST) Cc: ncb@zip.com.au (Nicholas Brawn), freebsd-security@FreeBSD.ORG Reply-To: cjclark@home.com X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Dan Harnett wrote, > Hello, > > You could also set this particular user's shell to /sbin/nologin and make the > others use the -m option to su. But if you do this, remember, -m Leave the environment unmodified. The invoked shell is your lo- gin shell, and no directory changes are made. As a security pre- caution, if the target user's shell is a non-standard shell (as defined by getusershell(3)) and the caller's real uid is non-ze- ro, su will fail. You have to add '/sbin/nologin' to /etc/shells. -- Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Jan 15 14:57:12 2000 Delivered-To: freebsd-security@freebsd.org Received: from revelex.com (revelex.com [207.61.176.194]) by hub.freebsd.org (Postfix) with ESMTP id 0554615130 for ; Sat, 15 Jan 2000 14:57:08 -0800 (PST) (envelope-from jonf@revelex.com) Received: from localhost (jonf@localhost) by revelex.com (8.9.3/8.9.3) with ESMTP id RAA07304; Sat, 15 Jan 2000 17:52:27 -0500 (EST) Date: Sat, 15 Jan 2000 17:52:27 -0500 (EST) From: Jonathan Fortin To: cjclark@home.com Cc: Dan Harnett , Nicholas Brawn , freebsd-security@FreeBSD.ORG Subject: Re: Disallow remote login by regular user. In-Reply-To: <200001152233.RAA53004@cc942873-a.ewndsr1.nj.home.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello, You could also set the users shell to /bin/false and add it in /etc/shells and use the -m option. jonf@revelex.com On Sat, 15 Jan 2000, Crist J. Clark wrote: > Dan Harnett wrote, > > Hello, > > > > You could also set this particular user's shell to /sbin/nologin and make the > > others use the -m option to su. > > But if you do this, remember, > > -m Leave the environment unmodified. The invoked shell is your lo- > gin shell, and no directory changes are made. As a security pre- > caution, if the target user's shell is a non-standard shell (as > defined by getusershell(3)) and the caller's real uid is non-ze- > ro, su will fail. > > You have to add '/sbin/nologin' to /etc/shells. > -- > Crist J. Clark cjclark@home.com > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message