From owner-freebsd-security@FreeBSD.ORG Sun Nov 6 16:30:07 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CC16716A41F; Sun, 6 Nov 2005 16:30:07 +0000 (GMT) (envelope-from gabor.kovesdan@t-hosting.hu) Received: from server.t-hosting.hu (server.t-hosting.hu [217.20.133.7]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5641743D49; Sun, 6 Nov 2005 16:30:07 +0000 (GMT) (envelope-from gabor.kovesdan@t-hosting.hu) Received: from localhost (localhost [127.0.0.1]) by server.t-hosting.hu (Postfix) with ESMTP id C5243997D98; Sun, 6 Nov 2005 17:30:04 +0100 (CET) Received: from server.t-hosting.hu ([127.0.0.1]) by localhost (server.t-hosting.hu [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 91455-07-2; Sun, 6 Nov 2005 17:30:01 +0100 (CET) Received: from [80.98.133.57] (catv-50628539.catv.broadband.hu [80.98.133.57]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by server.t-hosting.hu (Postfix) with ESMTP id 351D8997688; Sun, 6 Nov 2005 17:30:01 +0100 (CET) Message-ID: <436E2F88.3010300@t-hosting.hu> Date: Sun, 06 Nov 2005 17:30:00 +0100 From: =?ISO-8859-1?Q?K=F6vesd=E1n_G=E1bor?= User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-questions@freebsd.org, freebsd-security@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at t-hosting.hu X-Mailman-Approved-At: Sun, 06 Nov 2005 19:40:59 +0000 Cc: Subject: What happened with portaudit? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 06 Nov 2005 16:30:08 -0000 Hello, One of my machines I got a report about 3 vulnerable packages (php4, ruby, openssl) in tomorrows security run output, but in today's security run output all of them disappeared, but nobody upgraded or removed the affected packages. I reinstalled portaudit, refreshd its database, but now it reports 0 affected pakages. The pkg_info command lists that three packages, so they are still installed. Does anybody suspect what's wrong? Cheers, Gabor Kovesdan From owner-freebsd-security@FreeBSD.ORG Sun Nov 6 20:48:57 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9B3A716A420; Sun, 6 Nov 2005 20:48:57 +0000 (GMT) (envelope-from jimmy@inet-solutions.be) Received: from hoboe1bl1.telenet-ops.be (hoboe1bl1.telenet-ops.be [195.130.137.72]) by mx1.FreeBSD.org (Postfix) with ESMTP id DBA2B43D5F; Sun, 6 Nov 2005 20:48:54 +0000 (GMT) (envelope-from jimmy@inet-solutions.be) Received: from localhost (localhost.localdomain [127.0.0.1]) by hoboe1bl1.telenet-ops.be (Postfix) with SMTP id 6CDE238180; Sun, 6 Nov 2005 21:48:53 +0100 (CET) Received: from intranet.devbox.be (d54C304FE.access.telenet.be [84.195.4.254]) by hoboe1bl1.telenet-ops.be (Postfix) with ESMTP id 392D4383A2; Sun, 6 Nov 2005 21:48:53 +0100 (CET) Received: from intranet.devbox.be (localhost [127.0.0.1]) by intranet.devbox.be (8.13.3/8.13.3) with ESMTP id jA6KmqTO030478; Sun, 6 Nov 2005 21:48:52 +0100 (CET) Received: (from jimmy@localhost) by intranet.devbox.be (8.13.3/8.13.3/Submit) id jA6KmqtV004518; Sun, 6 Nov 2005 21:48:52 +0100 (CET) Date: Sun, 6 Nov 2005 21:48:52 +0100 From: Jimmy Scott To: =?iso-8859-1?Q?K=F6vesd=E1n_G=E1bor?= Message-ID: <20051106204852.GB25399@ada.devbox.be> References: <436E2F88.3010300@t-hosting.hu> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="xXmbgvnjoT4axfJE" Content-Disposition: inline In-Reply-To: <436E2F88.3010300@t-hosting.hu> User-Agent: Mutt/1.4.2i X-PGP-KeyID: 48033D3D X-PGP-Fingerprint: 88A9 54A0 D143 A4F7 8ACA 154F 8032 D30C 4803 3D3D X-PGP-Key: http://pub.devbox.be/misc/pgp.jimmy.asc Cc: freebsd-security@freebsd.org, freebsd-questions@freebsd.org Subject: Re: What happened with portaudit? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 06 Nov 2005 20:48:57 -0000 --xXmbgvnjoT4axfJE Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Nov 06, 2005 at 05:30:00PM +0100, K=F6vesd=E1n G=E1bor wrote: > Hello, >=20 > One of my machines I got a report about 3 vulnerable packages (php4,=20 > ruby, openssl) in tomorrows security run output, but in today's security= =20 > run output all of them disappeared, but nobody upgraded or removed the=20 > affected packages. I reinstalled portaudit, refreshd its database, but=20 > now it reports 0 affected pakages. The pkg_info command lists that three= =20 > packages, so they are still installed. Does anybody suspect what's wrong? >=20 > Cheers, >=20 > Gabor Kovesdan > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.or= g" >=20 I noticed the same, but didn't had the time to look for a possible answer on that question. --=20 The Four Horsemen of the Apocalypse: Death, Famine, War, and SNMP --xXmbgvnjoT4axfJE Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (OpenBSD) iD8DBQFDbmw0gDLTDEgDPT0RAoiqAJ0YtkSn+9Oc8rT7QjXIbE9N2nOpLwCgkh7z xS8kFLa+elRpUhkH4f6D/A4= =cTn9 -----END PGP SIGNATURE----- --xXmbgvnjoT4axfJE-- From owner-freebsd-security@FreeBSD.ORG Sun Nov 6 22:09:44 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CE24916A41F; Sun, 6 Nov 2005 22:09:44 +0000 (GMT) (envelope-from simon@zaphod.nitro.dk) Received: from zaphod.nitro.dk (zarniwoop.nitro.dk [83.92.207.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id 571D943D46; Sun, 6 Nov 2005 22:09:44 +0000 (GMT) (envelope-from simon@zaphod.nitro.dk) Received: by zaphod.nitro.dk (Postfix, from userid 3000) id 01D65114AF; Sun, 6 Nov 2005 23:09:42 +0100 (CET) Date: Sun, 6 Nov 2005 23:09:42 +0100 From: "Simon L. Nielsen" To: Jimmy Scott Message-ID: <20051106220942.GC904@zaphod.nitro.dk> References: <436E2F88.3010300@t-hosting.hu> <20051106204852.GB25399@ada.devbox.be> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="ctP54qlpMx3WjD+/" Content-Disposition: inline In-Reply-To: <20051106204852.GB25399@ada.devbox.be> User-Agent: Mutt/1.5.11 Cc: freebsd-security@freebsd.org, =?iso-8859-1?Q?K=F6vesd=E1n_G=E1bor?= , freebsd-questions@freebsd.org Subject: Re: What happened with portaudit? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 06 Nov 2005 22:09:44 -0000 --ctP54qlpMx3WjD+/ Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2005.11.06 21:48:52 +0100, Jimmy Scott wrote: > On Sun, Nov 06, 2005 at 05:30:00PM +0100, K=F6vesd=E1n G=E1bor wrote: > > Hello, > >=20 > > One of my machines I got a report about 3 vulnerable packages (php4,=20 > > ruby, openssl) in tomorrows security run output, but in today's securit= y=20 > > run output all of them disappeared, but nobody upgraded or removed the= =20 > > affected packages. I reinstalled portaudit, refreshd its database, but= =20 > > now it reports 0 affected pakages. The pkg_info command lists that thre= e=20 > > packages, so they are still installed. Does anybody suspect what's wron= g? >=20 > I noticed the same, but didn't had the time to look for a possible > answer on that question. It does seem to work for me now. Could people having this problem please check the size of /var/db/portaudit/auditfile.tbz and try to run portaudit -Fa to refetch the database and check again? For reference: [simon@zaphod:/tmp] ls -l /var/db/portaudit/auditfile.tbz -r--r--r-- 1 root wheel 31762 6 Nov 22:40 /var/db/portaudit/auditfile.t= bz There have been one previous report where a problem with the portaudit database build resulted in an incomplete auditfile which was then fixed after the next portaudit database rebuild. --=20 Simon L. Nielsen FreeBSD Security Team --ctP54qlpMx3WjD+/ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFDbn8mh9pcDSc1mlERAl5IAKCQ77kHqIeqJYnB1Uyr4KwvX5VtGgCffJ18 R9GPir8f9fy6YT5QitjgLcU= =oN+t -----END PGP SIGNATURE----- --ctP54qlpMx3WjD+/-- From owner-freebsd-security@FreeBSD.ORG Mon Nov 7 06:26:46 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1364616A427 for ; Mon, 7 Nov 2005 06:26:46 +0000 (GMT) (envelope-from prosa@pro.sk) Received: from ns.pro.sk (proxy.pro.sk [212.55.244.46]) by mx1.FreeBSD.org (Postfix) with ESMTP id 56E3543D46 for ; Mon, 7 Nov 2005 06:26:44 +0000 (GMT) (envelope-from prosa@pro.sk) Received: from peter (Peter [192.168.1.53]) by ns.pro.sk (8.13.1/8.13.1) with SMTP id jA76QgVl052138 for ; Mon, 7 Nov 2005 07:26:42 +0100 (CET) (envelope-from prosa@pro.sk) Message-ID: <00ce01c5e364$213c1e70$3501a8c0@pro.sk> From: "Peter Rosa" To: "FreeBSD Security" References: <436E2F88.3010300@t-hosting.hu> Date: Mon, 7 Nov 2005 07:26:03 +0100 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1506 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1506 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.0 (ns.pro.sk [192.168.1.1]); Mon, 07 Nov 2005 07:26:42 +0100 (CET) Subject: Re: What happened with portaudit? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Nov 2005 06:26:46 -0000 Hi, I had the same problem and it persists from 4 day ago until today. As a reference: $> ls -l /var/db/portaudit/auditfile.tbz -r--r--r-- 1 root wheel 31754 7 nov 02:40 /var/db/portaudit/auditfile.tbz Isn't portaudit too important to have such problems? This is the second failure in between 6 weeks. Peter Rosa From owner-freebsd-security@FreeBSD.ORG Mon Nov 7 06:50:49 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 736A816A41F; Mon, 7 Nov 2005 06:50:49 +0000 (GMT) (envelope-from lupe@lupe-christoph.de) Received: from buexe.b-5.de (buexe.b-5.de [84.19.0.30]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2E37B43D45; Mon, 7 Nov 2005 06:50:48 +0000 (GMT) (envelope-from lupe@lupe-christoph.de) Received: from antalya.lupe-christoph.de (antalya.lupe-christoph.de [172.17.0.9]) by buexe.b-5.de (8.12.3/8.12.3/b-5/buexe-3.4) with ESMTP id jA76ojqi026138; Mon, 7 Nov 2005 07:50:46 +0100 Received: from localhost (localhost [127.0.0.1]) by antalya.lupe-christoph.de (Postfix) with ESMTP id 06A0E344A6; Mon, 7 Nov 2005 07:50:40 +0100 (CET) Received: from antalya.lupe-christoph.de ([127.0.0.1]) by localhost (antalya [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 18315-07-32; Mon, 7 Nov 2005 07:50:35 +0100 (CET) Received: by antalya.lupe-christoph.de (Postfix, from userid 1000) id 46409344D4; Mon, 7 Nov 2005 07:48:52 +0100 (CET) Date: Mon, 7 Nov 2005 07:48:52 +0100 To: "Simon L. Nielsen" Message-ID: <20051107064852.GA26203@lupe-christoph.de> Mail-Followup-To: "Simon L. Nielsen" , freebsd-security@freebsd.org, freebsd-questions@freebsd.org References: <436E2F88.3010300@t-hosting.hu> <20051106204852.GB25399@ada.devbox.be> <20051106220942.GC904@zaphod.nitro.dk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20051106220942.GC904@zaphod.nitro.dk> User-Agent: Mutt/1.5.9i From: lupe@lupe-christoph.de (Lupe Christoph) X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at lupe-christoph.de Cc: freebsd-security@freebsd.org, freebsd-questions@freebsd.org Subject: Re: What happened with portaudit? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Nov 2005 06:50:49 -0000 On Sunday, 2005-11-06 at 23:09:42 +0100, Simon L. Nielsen wrote: > It does seem to work for me now. Could people having this problem > please check the size of /var/db/portaudit/auditfile.tbz and try to > run portaudit -Fa to refetch the database and check again? > For reference: > [simon@zaphod:/tmp] ls -l /var/db/portaudit/auditfile.tbz > -r--r--r-- 1 root wheel 31762 6 Nov 22:40 /var/db/portaudit/auditfile.tbz Same problem here, on all machines: ls -l /var/db/portaudit/auditfile.tbz -r--r--r-- 1 root wheel 5689 Nov 6 03:10 /var/db/portaudit/auditfile.tbz portaudit -Fa auditfile.tbz 100% of 31 kB 32 kBps New database installed. 0 problem(s) in your installed packages found. ls -l /var/db/portaudit/auditfile.tbz -r--r--r-- 1 root wheel 31764 Nov 7 07:40 /var/db/portaudit/auditfile.tbz Lupe Christoph -- | You know we're sitting on four million pounds of fuel, one nuclear | | weapon and a thing that has 270,000 moving parts built by the lowest | | bidder. Makes you feel good, doesn't it? | | Rockhound in "Armageddon", 1998, about the Space Shuttle | From owner-freebsd-security@FreeBSD.ORG Mon Nov 7 07:44:07 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8856B16A420 for ; Mon, 7 Nov 2005 07:44:07 +0000 (GMT) (envelope-from jimmy@inet-solutions.be) Received: from mail.ihosting.be (vero.ihosting.be [83.217.81.43]) by mx1.FreeBSD.org (Postfix) with SMTP id 4EBE843D48 for ; Mon, 7 Nov 2005 07:44:05 +0000 (GMT) (envelope-from jimmy@inet-solutions.be) Received: (qmail 10575 invoked by uid 1033); 7 Nov 2005 07:47:03 -0000 Received: from jimmy@inet-solutions.be by excalibur.hyprotech.be by uid 1016 with qmail-scanner-1.20st (clamscan: 0.75. spamassassin: 2.63. Clear:RC:1(127.0.0.1):. Processed in 0.010222 secs); 07 Nov 2005 07:47:03 -0000 Received: from localhost (HELO vero.ihosting.be) (127.0.0.1) by mail.ihosting.be with SMTP; 7 Nov 2005 07:47:03 -0000 Received: (from jimmy@inet-solutions.be) by vero.ihosting.be (mini_sendmail/1.3.5 16nov2003); Mon, 07 Nov 2005 08:47:03 CET (sender jimmy@inet-solutions.be by using webserver vero.ihosting.be path /www/ihosting/horde.ihosting.be/imp - report abuse to abuse@boxke.be) Received: from 194.78.143.3 ([194.78.143.3]) by webmail.boxke.be (IMP) with HTTP for ; Mon, 7 Nov 2005 08:47:03 +0100 Message-ID: <1131349623.436f06779cbc1@webmail.boxke.be> Date: Mon, 7 Nov 2005 08:47:03 +0100 From: jimmy@inet-solutions.be To: "Simon L. Nielsen" References: <436E2F88.3010300@t-hosting.hu> <20051106204852.GB25399@ada.devbox.be> <20051106220942.GC904@zaphod.nitro.dk> In-Reply-To: <20051106220942.GC904@zaphod.nitro.dk> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit User-Agent: Internet Messaging Program (IMP) 3.2.3 X-Originating-IP: 194.78.143.3 Cc: freebsd-security@freebsd.org, =?iso-8859-1?b?S/Z2ZXNk4W4g?= =?iso-8859-1?b?R+Fib3I=?= , freebsd-questions@freebsd.org Subject: Re: What happened with portaudit? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Nov 2005 07:44:07 -0000 Quoting "Simon L. Nielsen" : > On 2005.11.06 21:48:52 +0100, Jimmy Scott wrote: > > On Sun, Nov 06, 2005 at 05:30:00PM +0100, Kövesdán Gábor wrote: > > > Hello, > > > > > > One of my machines I got a report about 3 vulnerable packages (php4, > > > ruby, openssl) in tomorrows security run output, but in today's security > > > run output all of them disappeared, but nobody upgraded or removed the > > > affected packages. I reinstalled portaudit, refreshd its database, but > > > now it reports 0 affected pakages. The pkg_info command lists that three > > > packages, so they are still installed. Does anybody suspect what's wrong? > > > > I noticed the same, but didn't had the time to look for a possible > > answer on that question. > > It does seem to work for me now. Could people having this problem > please check the size of /var/db/portaudit/auditfile.tbz and try to > run portaudit -Fa to refetch the database and check again? > > For reference: > > [simon@zaphod:/tmp] ls -l /var/db/portaudit/auditfile.tbz > -r--r--r-- 1 root wheel 31762 6 Nov 22:40 /var/db/portaudit/auditfile.tbz > > There have been one previous report where a problem with the portaudit > database build resulted in an incomplete auditfile which was then > fixed after the next portaudit database rebuild. > > -- > Simon L. Nielsen > FreeBSD Security Team > Everything seems fine today, I can't check the size of the file from then since it's being run every night by periodic/security. If you are really interrested in the file I could restore it from a backup somehow, but it will be a lot of work. I should have checked it from the moment I noticed in the emails. Kind regards, Jimmy Scott ---------------------------------------------------------------- This message has been sent through ihosting.be To report spamming or other unaccepted behavior by a iHosting customer, please send a message to abuse@ihosting.be ---------------------------------------------------------------- From owner-freebsd-security@FreeBSD.ORG Mon Nov 7 22:41:07 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2828916A423 for ; Mon, 7 Nov 2005 22:41:07 +0000 (GMT) (envelope-from full-disclosure@csilva.org) Received: from jupiter.nswebhost.com (jupiter.nswebhost.com [72.9.236.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id 12B0843D4C for ; Mon, 7 Nov 2005 22:41:05 +0000 (GMT) (envelope-from full-disclosure@csilva.org) Received: from 55-246.dial.nortenet.pt ([212.13.55.246]:34801 helo=[192.168.1.10]) by jupiter.nswebhost.com with esmtpa (Exim 4.52) id 1EZFfY-0000aq-Sm for freebsd-security@freebsd.org; Mon, 07 Nov 2005 17:40:53 -0500 Message-ID: <436FD807.7080008@csilva.org> Date: Mon, 07 Nov 2005 22:41:11 +0000 From: Carlos Silva aka |Danger_Man| User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-security@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Antivirus-Scanner: Clean mail though you should still use an Antivirus X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - jupiter.nswebhost.com X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - csilva.org X-Source: X-Source-Args: X-Source-Dir: Subject: Security updates without rebooting X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Nov 2005 22:41:07 -0000 Hello all, Can someone explain how to apply security patches on the system without rebooting the machine? I guess that I cant patch the kernel without compiling and rebooting the machine, so the only way is with iptables and keeping the daemons "fresh"? Regards, Carlos Silva, http://osiris.csilva.org/ From owner-freebsd-security@FreeBSD.ORG Wed Nov 9 14:49:23 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DF20216A41F for ; Wed, 9 Nov 2005 14:49:23 +0000 (GMT) (envelope-from freebsd-security-local@be-well.ilk.org) Received: from mail27.sea5.speakeasy.net (mail27.sea5.speakeasy.net [69.17.117.29]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9202943D46 for ; Wed, 9 Nov 2005 14:49:23 +0000 (GMT) (envelope-from freebsd-security-local@be-well.ilk.org) Received: (qmail 13607 invoked from network); 9 Nov 2005 14:49:23 -0000 Received: from dsl092-078-145.bos1.dsl.speakeasy.net (HELO be-well.ilk.org) ([66.92.78.145]) (envelope-sender ) by mail27.sea5.speakeasy.net (qmail-ldap-1.03) with SMTP for ; 9 Nov 2005 14:49:23 -0000 Received: by be-well.ilk.org (Postfix, from userid 1147) id D5EE828441; Wed, 9 Nov 2005 09:49:22 -0500 (EST) Sender: lowell@be-well.ilk.org To: Carlos Silva aka |Danger_Man| References: <436FD807.7080008@csilva.org> From: Lowell Gilbert Date: 09 Nov 2005 09:49:22 -0500 In-Reply-To: <436FD807.7080008@csilva.org> Message-ID: <44slu5anbh.fsf@be-well.ilk.org> Lines: 14 User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: freebsd-security@freebsd.org Subject: Re: Security updates without rebooting X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Nov 2005 14:49:24 -0000 Carlos Silva aka |Danger_Man| writes: > Can someone explain how to apply security patches on the system > without rebooting the machine? > > I guess that I cant patch the kernel without compiling and rebooting > the machine, so the only way is with iptables and keeping the daemons > "fresh"? I think it would better to look at it this way: you can't apply a patch without stopping and restarting whatever the patch is part of. For the kernel, that obviously does require rebooting. But it depends on what the patch is; security advisories usually describe how to apply fixes or workarounds. http://www.freebsd.org/security/#adv From owner-freebsd-security@FreeBSD.ORG Fri Nov 11 22:12:58 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A776316A41F for ; Fri, 11 Nov 2005 22:12:58 +0000 (GMT) (envelope-from csmith@bonddesk.com) Received: from msmisps01.bonddesk.com (msmisps01.bonddesk.com [12.47.70.99]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3B38B43D46 for ; Fri, 11 Nov 2005 22:12:58 +0000 (GMT) (envelope-from csmith@bonddesk.com) Received: from mimail.bdg.local ([10.132.16.100]) by chmail.bdg.local with Microsoft SMTPSVC(6.0.3790.1830); Fri, 11 Nov 2005 17:12:56 -0500 Received: from 10.133.16.35 ([10.133.16.35]) by mimail.bdg.local ([10.132.16.100]) with Microsoft Exchange Server HTTP-DAV ; Fri, 11 Nov 2005 22:12:55 +0000 Received: from csmith-dt.bdg.local by mimail.bonddesk.com; 11 Nov 2005 17:12:55 -0500 From: Corey Smith To: freebsd-security@freebsd.org Content-Type: text/plain Content-Transfer-Encoding: 7bit Date: Fri, 11 Nov 2005 17:12:55 -0500 Message-Id: <1131747175.23925.225.camel@localhost> Mime-Version: 1.0 X-Mailer: Evolution 2.2.3 FreeBSD GNOME Team Port X-OriginalArrivalTime: 11 Nov 2005 22:12:56.0604 (UTC) FILETIME=[119D4DC0:01C5E70D] Subject: pam_krb5 pam_sm_authenticate question X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Nov 2005 22:12:58 -0000 First time poster so be kind :) I was looking at the pam_krb5.c code and noticed that for authentication to succeed getpwnam() has to succeed. Previously I had setup a web site using mod_auth_pam to authenticate against an active directory (AD) server using a pam config like: # auth auth required pam_krb5.so no_ccache no_warn # account account required pam_permit.so Using security/pam_krb5 this was OK. I didn't need to have AD users in my local /etc/passwd for authentication to be successful. This is not possible using FreeBSD's pam_krb5.so because of the getpwnam in the authentication function of pam_krb5.c. I'm not trying to build a bikeshed but shouldn't pam_sm_authenticate verify the password and pam_sm_acct_mgmt verify that the user has a local account? If this were the case then you could setup other services like ftp and such to use pam_krb5 for AD authentication. -Corey Smith