From owner-freebsd-security Sun Dec 20 05:16:48 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id FAA09888 for freebsd-security-outgoing; Sun, 20 Dec 1998 05:16:48 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from ol.kyrnet.kg (ol.kyrnet.kg [195.254.160.10]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id FAA09883 for ; Sun, 20 Dec 1998 05:16:43 -0800 (PST) (envelope-from mlists@gizmo.kyrnet.kg) Received: from gizmo.kyrnet.kg (IDENT:mlists@gizmo.kyrnet.kg [195.254.160.13]) by ol.kyrnet.kg (8.9.1a/8.9.1) with ESMTP id RAA25478; Sun, 20 Dec 1998 17:45:38 +0600 Received: from localhost (mlists@localhost) by gizmo.kyrnet.kg (8.9.1a/8.9.1) with ESMTP id SAA21260; Sun, 20 Dec 1998 18:14:49 +0500 Date: Sun, 20 Dec 1998 18:14:48 +0500 (KGT) From: CyberPsychotic Reply-To: fygrave@tigerteam.net To: Rico Pajarola cc: security@FreeBSD.ORG Subject: Re: nmap crashes inetd/portmap on 2.2.6 In-Reply-To: <3.0.32.19981219170558.0080a8c0@www.dlc.cybertime.ch> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, 19 Dec 1998, Rico Pajarola wrote: ~ portscanning with nmap results in inetd crashing/hanging on FBSD 2.2.6 ~ which makes an excellent DoS attack. Portmap is also affected, inetd hangs ~ initializing rpc/udp services when you HUP it, making it somewhat more ~ complicated to recover, as you'll have to restart all rpc services (in the ~ correct order). It is not always reproducible (sometimes you need to try ~ several times with different flags to nmap). I couldn't crash inetd on ~ FBSD-Current (may 28 1998) so I guess it has been fixed. Are there any ~ known issues I missed? other os are vulnerable as well (still testing). ~ well, the similar(?) bug was found in linux inetd. The problem was with the way accept() call was implemented in kernel. I suspect nearly the same thing may appear here. For details related to linux glitch, see: http://oliver.efri.hr/~crv/security/bugs/Linux/inetd.html ~F. -- fygrave@tigerteam.net http://www.kalug.lug.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Dec 20 06:58:32 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id GAA17570 for freebsd-security-outgoing; Sun, 20 Dec 1998 06:58:32 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from shell2.la.best.com (shell2.la.best.com [209.24.216.141]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA17565 for ; Sun, 20 Dec 1998 06:58:30 -0800 (PST) (envelope-from nugundam@shell2.la.best.com) Received: (from nugundam@localhost) by shell2.la.best.com (8.9.1/8.9.0/best.sh) id GAA16505 for security@FreeBSD.ORG; Sun, 20 Dec 1998 06:58:01 -0800 (PST) Message-ID: <19981220065801.A16429@la.best.com> Date: Sun, 20 Dec 1998 06:58:01 -0800 From: "Joseph T. Lee" To: security@FreeBSD.ORG Subject: Re: nmap crashes inetd/portmap on 2.2.6 References: <3.0.32.19981219170558.0080a8c0@www.dlc.cybertime.ch> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.2i In-Reply-To: <3.0.32.19981219170558.0080a8c0@www.dlc.cybertime.ch>; from Rico Pajarola on Sat, Dec 19, 1998 at 05:10:36PM +0100 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, Dec 19, 1998 at 05:10:36PM +0100, Rico Pajarola wrote: > portscanning with nmap results in inetd crashing/hanging on FBSD 2.2.6 > which makes an excellent DoS attack. Portmap is also affected, inetd hangs > initializing rpc/udp services when you HUP it, making it somewhat more > complicated to recover, as you'll have to restart all rpc services (in the > correct order). It is not always reproducible (sometimes you need to try > several times with different flags to nmap). I couldn't crash inetd on > FBSD-Current (may 28 1998) so I guess it has been fixed. Are there any > known issues I missed? other os are vulnerable as well (still testing). If I strobe my FreeBSD 3.0-current system, it gets to the point where it looks like a DoS attack: Dec 20 06:51:43 greenwood3 /kernel: icmp-response bandwidth limit 585/100 pps Dec 20 06:51:44 greenwood3 identd[32580]: warning: can't get client address: Socket is not connected Dec 20 06:51:44 greenwood3 /kernel: icmp-response bandwidth limit 295/100 pps Dec 20 06:51:45 greenwood3 identd[32584]: getbuf: bad address (000186c0 not in f0100000-0xFFC00000) - ofile Dec 20 06:51:45 greenwood3 identd[32584]: k_getuid retries: 1 Dec 20 06:51:45 greenwood3 /kernel: icmp-response bandwidth limit 219/100 pps Dec 20 06:51:46 greenwood3 /kernel: icmp-response bandwidth limit 322/100 pps Dec 20 06:51:47 greenwood3 syslogd: /dev/console: Too many open files in system: Too many open files in system Dec 20 06:51:47 greenwood3 syslogd: /var/run/utmp: Too many open files in system Dec 20 06:51:47 greenwood3 syslogd: /var/run/utmp: Too many open files in system Dec 20 06:51:47 greenwood3 /kernel: file: table is full Then the rest of the log line are the file table being full, utmp problems, and bouncing off Matt's icmp-response limits.. :) Of course all the packets were going so fast because it was going through lo0, but it could be just as well flooded from an external interface. Killed the compile of wine I was working on also.. -- Joseph nugundam =best=com==/==\=IIGS=/==\=Playstation=/==\=Civic HX CVT=/==\ # Anime Expo 1998 >> www.anime-expo.org/ > # Redline Games >> www.redlinegames.com/ > # Cal-Animage Epsilon >> www.best.com/~nugundam/epsilon/ > # EX: The Online World of Anime & Manga >> www.ex.org/ / To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Dec 20 08:26:30 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id IAA24709 for freebsd-security-outgoing; Sun, 20 Dec 1998 08:26:30 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from servidor.exsocom.com.mx (servidor.exsocom.com.mx [200.34.46.130]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA24695; Sun, 20 Dec 1998 08:26:23 -0800 (PST) (envelope-from agalindo@servidor.exsocom.com.mx) Received: from servidor.exsocom.com.mx (servidor.exsocom.com.mx [200.34.46.130]) by servidor.exsocom.com.mx (8.8.8/8.8.8) with SMTP id KAA01186; Sun, 20 Dec 1998 10:32:58 GMT (envelope-from agalindo@servidor.exsocom.com.mx) Date: Sun, 20 Dec 1998 10:32:57 +0000 (GMT) From: Alejandro Galindo Chairez AGALINDO To: freebsd-security@FreeBSD.ORG cc: questions@FreeBSD.ORG Subject: udp security Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org My name is Alejandro and i have some servers in Mexico with FreeBSD 2.2.5, 2.2.6 and 2.2.7 releases (from Walnut Creck CDROM) One mounth ago my servers was been attacked from some hackers, i was monitoring their activities and i only know that they are using the user datagram protocolo, i installed a firewall but this cant stop their activities, iam worried becouse last week they delete the log files from /var/log and last day they access one of my server with a username and a password (they created the username and password, they access the server for 3 minutes and then they delete the user) IAM WORRIED becouse i dont know how they did that, the server violated had the 2.2.5 version and i upgrade it to 2.2.7 release, but this morning the hackers insist in access my servers. i need help, i need to know how to protect my servers, but the most important in my mind is to know how they are accessing the servers, i buyed the Firewalls book from Oreally & associates and i was using the firewall with ipfw, but this dont stop the hackers. thanks for your help Alejandro Galindo To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Dec 20 09:46:24 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA01964 for freebsd-security-outgoing; Sun, 20 Dec 1998 09:46:24 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from phoenix (phoenix.aye.net [206.185.8.134]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id JAA01959 for ; Sun, 20 Dec 1998 09:46:23 -0800 (PST) (envelope-from brich@aye.net) Received: (qmail 5843 invoked by uid 7506); 20 Dec 1998 17:44:05 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 20 Dec 1998 17:44:05 -0000 Date: Sun, 20 Dec 1998 12:44:05 -0500 (EST) From: Barrett Richardson To: Alejandro Galindo Chairez AGALINDO cc: freebsd-security@FreeBSD.ORG Subject: Re: udp security In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Do you want to shut the guys out or find out what they are doing? A re-install may be safest at this point. Some simple things you could do - check the rc files and root's .profile, .bash_profile or whatever for booby traps. Disable network services that you can live with out use nmap to do a port scan and try to identify what else there is. Do a 'grep :0: /etc/master.passwd' and look for bogus priveleged accounts. Check timestamps in /etc/services and /etc/inetd.conf and looks for extra entries there. Turn on process accounting (stash the accounting file in an out of the way place). Make hard links to /var/log/messages, history files and hide them somewhere. You may want to set the append only flag on various things like /var/log/messages, .history, /etc/master.passwd and raise the secure level. Inventory suid binaries on the system (look for a setuid editor or vipw). Be extra careful. A cracker would probably rather destroy your system that leave evidence that can't be erased. Maybe hide the 'rm' and 'dd' commands and replace them with something that does nothing. Entertain the idea that multiple backdoors could be in place and they could be making new ones while you plugging old ones -- a clean slate may be your most economical fix if you don't find something obvious quickly. -- Barrett On Sun, 20 Dec 1998, Alejandro Galindo Chairez AGALINDO wrote: > My name is Alejandro and i have some servers in Mexico with FreeBSD 2.2.5, > 2.2.6 and 2.2.7 releases (from Walnut Creck CDROM) > > One mounth ago my servers was been attacked from some hackers, i was > monitoring their activities and i only know that they are using the user > datagram protocolo, i installed a firewall but this cant stop their > activities, iam worried becouse last week they delete the log files from > /var/log and last day they access one of my server with a username and a > password (they created the username and password, they access the server > for 3 minutes and then they delete the user) IAM WORRIED becouse i dont > know how they did that, the server violated had the 2.2.5 version and i > upgrade it to 2.2.7 release, but this morning the hackers insist in access > my servers. > > i need help, i need to know how to protect my servers, but the most > important in my mind is to know how they are accessing the servers, i > buyed the Firewalls book from Oreally & associates and i was using the > firewall with ipfw, but this dont stop the hackers. > > thanks for your help > > Alejandro Galindo > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Dec 20 09:52:59 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA02629 for freebsd-security-outgoing; Sun, 20 Dec 1998 09:52:59 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from servidor.exsocom.com.mx (servidor.exsocom.com.mx [200.34.46.130]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA02622 for ; Sun, 20 Dec 1998 09:52:55 -0800 (PST) (envelope-from agalindo@servidor.exsocom.com.mx) Received: from servidor.exsocom.com.mx (servidor.exsocom.com.mx [200.34.46.130]) by servidor.exsocom.com.mx (8.8.8/8.8.8) with SMTP id LAA02799 for ; Sun, 20 Dec 1998 11:59:30 GMT (envelope-from agalindo@servidor.exsocom.com.mx) Date: Sun, 20 Dec 1998 11:59:30 +0000 (GMT) From: Alejandro Galindo Chairez AGALINDO To: freebsd-security@FreeBSD.ORG Subject: Re: udp security (fwd) Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ---------- Forwarded message ---------- Date: Sun, 20 Dec 1998 11:20:12 +0000 (GMT) From: Alejandro Galindo Chairez AGALINDO To: Karl Pielorz Cc: questions@FreeBSD.ORG Subject: Re: udp security Thanks Karl i was doing exactly like your suggestions, but in my mind the big problem is dont know how they access the servers, and how they did it across udp. when i reesinstalled the operating system of course i close all the back doors instelled from them but this morning i have the next monitoring: ----------------- Click here ----------------- >From Address To Address Proto Bytes CPS ================================================================================ pegasus.mobil.com..domain www.computercenter.c..domain udp 1250238 462 servidor.exsocom.com..domain pegasus.mobil.com..domain udp 1207960 368 pegasus2.mobil.com..domain www.computercenter.c..domain udp 1168200 765 servidor.exsocom.com..domain pegasus2.mobil.com..domain udp 1153864 331 www.computercenter.com.mx pegasus.mobil.com icmp 1052016 392 www.computercenter.com.mx pegasus2.mobil.com icmp 984648 672 servidor.exsocom.com..telnet desarrollo00.exsocom.c..1043 tcp 565621 240 pegasus.mobil.com..domain servidor.exsocom.com..domain udp 437580 118 pegasus2.mobil.com..domain servidor.exsocom.com..domain udp 417978 132 A ------------------ cut here ------------------- if you see here they are attacking from mobil.com servers (in this case), exactly like this i have many references becouse they change the attack from diferent servers and dialup connections. Of course here i supouse that like i close the back doors they are sending a lot of packets for win access one more time, and the important here is know how to block their attacks. Regards Alejandro On Sun, 20 Dec 1998, Karl Pielorz wrote: > > Alejandro Galindo Chairez AGALINDO wrote: > > > i need help, i need to know how to protect my servers, but the most > > important in my mind is to know how they are accessing the servers, i > > buyed the Firewalls book from Oreally & associates and i was using the > > firewall with ipfw, but this dont stop the hackers. > > > > thanks for your help > > This isn't really FreeBSD related... Do you know for 100% that you have > removed the hackers, and all their equipment from your compromised system? > It's not uncommon for hackers once they have a connection to leave numerous > back doors in the system - so they can get in again... > > Even your firewall won't help with that... The only way you can be 100% sure > you have got rid of them is probably to either reinstall the machine, or break > out the backups form a time you are _certain_ you weren't hacked... > > Once you have the new machine up, follow all the security guidelines (i.e. use > a firewall like your doing, make sure the machine only runs the services you > need - e.g. disable everything you don't need from inetd etc.) > > Only then will you stand a chance of keeping them out... > > As for attacks via UDP - this is certainly possible, though I've not seen any > exploits for FreeBSD and UDP for as long as I can remember... :) > > -Kp > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Dec 20 10:13:51 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA04504 for freebsd-security-outgoing; Sun, 20 Dec 1998 10:13:51 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from dragon.acadiau.ca (dragon.acadiau.ca [131.162.1.79]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA04499 for ; Sun, 20 Dec 1998 10:13:49 -0800 (PST) (envelope-from 026809r@dragon.acadiau.ca) Received: from dragon (dragon [131.162.1.79]) by dragon.acadiau.ca (8.8.5/8.8.5) with ESMTP id OAA23068; Sun, 20 Dec 1998 14:13:45 -0400 (AST) Date: Sun, 20 Dec 1998 14:13:45 -0400 (AST) From: Michael Richards <026809r@acadiau.ca> X-Sender: 026809r@dragon To: "Joseph T. Lee" cc: security@FreeBSD.ORG Subject: Re: nmap crashes inetd/portmap on 2.2.6 In-Reply-To: <19981220065801.A16429@la.best.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > If I strobe my FreeBSD 3.0-current system, it gets to the point where > it looks like a DoS attack: > Dec 20 06:51:43 greenwood3 /kernel: icmp-response bandwidth limit 585/100 pps Neato. How does one enable this ping limitation? > Dec 20 06:51:45 greenwood3 identd[32584]: getbuf: bad address (000186c0 not in f0100000-0xFFC00000) - ofile > Dec 20 06:51:45 greenwood3 identd[32584]: k_getuid retries: 1 > Dec 20 06:51:47 greenwood3 syslogd: /dev/console: Too many open files in system: Too many open files in system > Dec 20 06:51:47 greenwood3 syslogd: /var/run/utmp: Too many open files in system > Dec 20 06:51:47 greenwood3 syslogd: /var/run/utmp: Too many open files in system > Dec 20 06:51:47 greenwood3 /kernel: file: table is full Here is what I have noticed. If you are running tcpwrappers or something that will try to ident every connection, it starts up enough ident processes that bad things like this start happening. At one point, my PC's load average was up to 45 because of someone portscanning me. I looked, and for some reason, there were about 100 ident processes running. Then I started getting errors like those above. At the time, it was a 3.0-BETA system. -Michael To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Dec 20 10:23:32 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA05568 for freebsd-security-outgoing; Sun, 20 Dec 1998 10:23:32 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from servidor.exsocom.com.mx (servidor.exsocom.com.mx [200.34.46.130]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA05556 for ; Sun, 20 Dec 1998 10:23:28 -0800 (PST) (envelope-from agalindo@servidor.exsocom.com.mx) Received: from servidor.exsocom.com.mx (servidor.exsocom.com.mx [200.34.46.130]) by servidor.exsocom.com.mx (8.8.8/8.8.8) with SMTP id MAA03227; Sun, 20 Dec 1998 12:29:59 GMT (envelope-from agalindo@servidor.exsocom.com.mx) Date: Sun, 20 Dec 1998 12:29:59 +0000 (GMT) From: Alejandro Galindo Chairez AGALINDO To: Karl Pielorz cc: freebsd-security@FreeBSD.ORG Subject: Re: udp security In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, 20 Dec 1998, Karl Pielorz wrote: > > On Sun, 20 Dec 1998, Alejandro Galindo Chairez AGALINDO wrote: > > > Thanks Karl > > > > i was doing exactly like your suggestions, but in my mind the big problem > > is dont know how they access the servers, and how they did it across udp. > > when i reesinstalled the operating system of course i close all the back > > doors instelled from them but this morning i have the next monitoring: > > > > ----------------- Click here ----------------- > > [stats deleted] > > They seem to be sending you a lot of DNS (port 53) traffic - are you sure > your machine has been compromised again? - There are DoS (denial of > service) attacks for older verions Bind (the DNS system), but not many > exploits... > Yes, but they are using other ports for attack, not only the domain port 53, iam sure the machine is clean now becouse i reeinstall the operating system, and i only backup the suernames and password, nothing else. > As a temporary measure you could disable bind on your system, or if you > recompile your kernel with bpfilters you can get a tcpdump of the actual > traffic their sending, e.g. > > tcpdump host theirhostname.com > > This will show all traffic going to / from their host - and might give you > an idea of what's going on... Yes, right now iam monitoring with trafshow, and it use tcpdump, but i only can see with what protocol and port they are attacking Thanks for your help :) Regards Alejandro > > UDP traffic from port 53 to port 53 (DNS) is usually one name server > talking to another for queries... > > Hope that helps anyway, > > Regards, > > Karl > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Dec 20 10:44:56 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA08188 for freebsd-security-outgoing; Sun, 20 Dec 1998 10:44:56 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from aniwa.sky (p54-nas1.wlg.ihug.co.nz [216.100.145.54]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA08173; Sun, 20 Dec 1998 10:44:51 -0800 (PST) (envelope-from andrew@squiz.co.nz) Received: from localhost (andrew@localhost) by aniwa.sky (8.8.8/8.8.7) with ESMTP id HAA09283; Mon, 21 Dec 1998 07:42:55 +1300 (NZDT) (envelope-from andrew@squiz.co.nz) Date: Mon, 21 Dec 1998 07:42:55 +1300 (NZDT) From: Andrew McNaughton X-Sender: andrew@aniwa.sky Reply-To: andrew@squiz.co.nz To: Alejandro Galindo Chairez AGALINDO cc: freebsd-security@FreeBSD.ORG, questions@FreeBSD.ORG Subject: Re: udp security In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, 20 Dec 1998, Alejandro Galindo Chairez AGALINDO wrote: > My name is Alejandro and i have some servers in Mexico with FreeBSD 2.2.5, > 2.2.6 and 2.2.7 releases (from Walnut Creck CDROM) > > One mounth ago my servers was been attacked from some hackers, i was > monitoring their activities and i only know that they are using the user > datagram protocolo, i installed a firewall but this cant stop their > activities, iam worried becouse last week they delete the log files from > /var/log and last day they access one of my server with a username and a > password (they created the username and password, they access the server > for 3 minutes and then they delete the user) IAM WORRIED becouse i dont > know how they did that, the server violated had the 2.2.5 version and i > upgrade it to 2.2.7 release, but this morning the hackers insist in access > my servers. > > i need help, i need to know how to protect my servers, but the most > important in my mind is to know how they are accessing the servers, i > buyed the Firewalls book from Oreally & associates and i was using the > firewall with ipfw, but this dont stop the hackers. > > thanks for your help > > Alejandro Galindo You haven't provided much information that anyone could use to help you pin down the problem. About all that anyone could give you from this is pointers on how you might isolate the problem. So, here's a bundle of the usual bits of advice. Pretty much everyone who's come to the freebsd-security list about getting hacked this year has been hacked through the popper bug. If you're running popper, upgrade to the latest version or to a different pop server. If your hackers have been able to create an account, then they have root priviledges, and have probably installed a backdoor or two. You can not expect to cover every possible vulnerability that may have been introduced. Reinstall from scratch as soon as is practical, and install tripwire while you're at it (before you connect the newly installed OS to the network). You say you think you're being hacked through udp. Why? How have you set up your firewall. What traffic do you expect to see, and what blocks and logging do you have in place for other traffic. Go through all of your network services (netstat -a) and for each open port find out exactly what version of what software you are running. With a list of these in hand, search bugtraq, rootshell, fyodors etc for exploits that affect you. For every service you run as root, look to see if you can run it under a different uid. For each service, identify who you expect to be using it from where. Limit where services can be accessed from accordingly. Use ipfw and/or tcpwrappers. Run a few of the major scanners on yourself. ISS, SATAN, COPS. Set syslog up to pass your logs out to another machine which you trust. ie get your logs out before they get wiped. Back up now if you don't have a back up. Don't trust this backup any more than you must. Change your passwords. Remove shells from every account that doesn't need it. Disable rhosts if you don't need it. Disable suid bits where possible. Consider where sniffers might be on your network and check this out. (You should *NEVER* send root passwords as clear text. Use ssh.) If your security is commercially important and you don't have the skills to deal with your problem, then consider hiring help. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Dec 20 12:07:02 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA15062 for freebsd-security-outgoing; Sun, 20 Dec 1998 12:07:02 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from apollo.backplane.com (apollo.backplane.com [209.157.86.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA15047 for ; Sun, 20 Dec 1998 12:07:00 -0800 (PST) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.9.1/8.9.1) id MAA33947; Sun, 20 Dec 1998 12:05:42 -0800 (PST) (envelope-from dillon) Date: Sun, 20 Dec 1998 12:05:42 -0800 (PST) From: Matthew Dillon Message-Id: <199812202005.MAA33947@apollo.backplane.com> To: Michael Richards <026809r@acadiau.ca> Cc: "Joseph T. Lee" , security@FreeBSD.ORG Subject: Re: nmap crashes inetd/portmap on 2.2.6 References: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org :> If I strobe my FreeBSD 3.0-current system, it gets to the point where :> it looks like a DoS attack: : :> Dec 20 06:51:43 greenwood3 /kernel: icmp-response bandwidth limit :585/100 pps :Neato. How does one enable this ping limitation? : :> Dec 20 06:51:45 greenwood3 identd[32584]: getbuf: bad address (000186c0 :not in f0100000-0xFFC00000) - ofile :> Dec 20 06:51:45 greenwood3 identd[32584]: k_getuid retries: 1 :> Dec 20 06:51:47 greenwood3 syslogd: /dev/console: Too many open files in :system: Too many open files in system :> Dec 20 06:51:47 greenwood3 syslogd: /var/run/utmp: Too many open files :in system :> Dec 20 06:51:47 greenwood3 syslogd: /var/run/utmp: Too many open files :in system :> Dec 20 06:51:47 greenwood3 /kernel: file: table is full :Here is what I have noticed. If you are running tcpwrappers or something :that will try to ident every connection, it starts up enough ident :processes that bad things like this start happening. At one point, my PC's :load average was up to 45 because of someone portscanning me. I looked, :and for some reason, there were about 100 ident processes running. Then I :started getting errors like those above. At the time, it was a 3.0-BETA :system. : :-Michael I've added a section on DOS attacks to my security(1) man page (/usr/src/share/man/man1/security.1 in the CVS tree) -Matt Matthew Dillon Engineering, HiWay Technologies, Inc. & BEST Internet Communications & God knows what else. (Please include original email in any response) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Dec 20 15:28:55 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id PAA05185 for freebsd-security-outgoing; Sun, 20 Dec 1998 15:28:55 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from shell2.la.best.com (shell2.la.best.com [209.24.216.141]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA05145 for ; Sun, 20 Dec 1998 15:28:53 -0800 (PST) (envelope-from nugundam@shell2.la.best.com) Received: (from nugundam@localhost) by shell2.la.best.com (8.9.1/8.9.0/best.sh) id PAA23527; Sun, 20 Dec 1998 15:27:02 -0800 (PST) Message-ID: <19981220152702.A23509@la.best.com> Date: Sun, 20 Dec 1998 15:27:02 -0800 From: "Joseph T. Lee" To: Michael Richards <026809r@acadiau.ca> Cc: security@FreeBSD.ORG Subject: Re: nmap crashes inetd/portmap on 2.2.6 References: <19981220065801.A16429@la.best.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.2i In-Reply-To: ; from Michael Richards on Sun, Dec 20, 1998 at 02:13:45PM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, Dec 20, 1998 at 02:13:45PM -0400, Michael Richards wrote: > Neato. How does one enable this ping limitation? It's in LINT. options "ICMP_BANDLIM" -- Joseph nugundam =best=com==/==\=IIGS=/==\=Playstation=/==\=Civic HX CVT=/==\ # Anime Expo 1998 >> www.anime-expo.org/ > # Redline Games >> www.redlinegames.com/ > # Cal-Animage Epsilon >> www.best.com/~nugundam/epsilon/ > # EX: The Online World of Anime & Manga >> www.ex.org/ / To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Dec 21 03:17:51 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id DAA08886 for freebsd-security-outgoing; Mon, 21 Dec 1998 03:17:51 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from bagira.iit.bme.hu (bagira.iit.bme.hu [152.66.241.5]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id DAA08877 for ; Mon, 21 Dec 1998 03:17:44 -0800 (PST) (envelope-from mohacsi@bagira.iit.bme.hu) Received: from localhost (mohacsi@localhost) by bagira.iit.bme.hu (8.9.1/8.9.1) with ESMTP id MAA23024 for ; Mon, 21 Dec 1998 12:17:30 +0100 (MET) Date: Mon, 21 Dec 1998 12:17:30 +0100 (MET) From: Janos Mohacsi To: security@FreeBSD.ORG Subject: preventing single user login w/o password Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, How can I prevent booting FreeBSD into the single user mode without supplying either root or maybe different password? Janos Mohacsi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Dec 21 05:24:27 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id FAA22478 for freebsd-security-outgoing; Mon, 21 Dec 1998 05:24:27 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from cc942873-a.ewndsr1.nj.home.com (cc942873-a.ewndsr1.nj.home.com [24.2.89.207]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id FAA22473 for ; Mon, 21 Dec 1998 05:24:25 -0800 (PST) (envelope-from cjc@cc942873-a.ewndsr1.nj.home.com) Received: (from cjc@localhost) by cc942873-a.ewndsr1.nj.home.com (8.8.8/8.8.8) id IAA27266; Mon, 21 Dec 1998 08:24:53 -0500 (EST) (envelope-from cjc) From: "Crist J. Clark" Message-Id: <199812211324.IAA27266@cc942873-a.ewndsr1.nj.home.com> Subject: Re: preventing single user login w/o password In-Reply-To: from Janos Mohacsi at "Dec 21, 98 12:17:30 pm" To: mohacsi@bagira.iit.bme.hu (Janos Mohacsi) Date: Mon, 21 Dec 1998 08:24:53 -0500 (EST) Cc: security@FreeBSD.ORG Reply-To: cjclark@home.com X-Mailer: ELM [version 2.4ME+ PL40 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Janos Mohacsi wrote, > Hi, > How can I prevent booting FreeBSD into the single user mode without > supplying either root or maybe different password? Here's the simple answer, but you might not like it, Control physical access to the machine. "There is no security without physical security." -- Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Dec 21 06:03:08 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id GAA26339 for freebsd-security-outgoing; Mon, 21 Dec 1998 06:03:08 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from k6n1.znh.org (dialup7.gaffaneys.com [208.155.161.57]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA26322 for ; Mon, 21 Dec 1998 06:02:57 -0800 (PST) (envelope-from zach@gaffaneys.com) Received: (from zach@localhost) by k6n1.znh.org (8.9.1/8.9.1) id OAA28213; Mon, 21 Dec 1998 14:00:38 GMT (envelope-from zach) Message-ID: <19981221080038.A5438@znh.org> Date: Mon, 21 Dec 1998 08:00:38 -0600 From: Zach Heilig To: Janos Mohacsi , security@FreeBSD.ORG Subject: Re: preventing single user login w/o password References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.2i In-Reply-To: ; from Janos Mohacsi on Mon, Dec 21, 1998 at 12:17:30PM +0100 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, Dec 21, 1998 at 12:17:30PM +0100, Janos Mohacsi wrote: > How can I prevent booting FreeBSD into the single user mode without > supplying either root or maybe different password? Change this line (in /etc/ttys): console none unknown off secure to: console none unknown off insecure This does not prevent booting from a floppy, and mounting filesystems from there. Even if you disable floppy/cdrom booting (or remove all floppy/cdrom drives), it does not prevent opening the machine and shorting the "reset bios cmos settings" jumper. -- Zach Heilig (zach@gaffaneys.com) Our one strength was that our senior officers were more flexible than theirs... How's that? We can customize our colonels. [ Illiad in User Friendly, Dec. 1, 1998 ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Dec 21 07:11:27 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id HAA02945 for freebsd-security-outgoing; Mon, 21 Dec 1998 07:11:27 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from ns1.yes.no (ns1.yes.no [195.204.136.10]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA02831; Mon, 21 Dec 1998 07:11:17 -0800 (PST) (envelope-from eivind@bitbox.follo.net) Received: from bitbox.follo.net (bitbox.follo.net [195.204.143.218]) by ns1.yes.no (8.9.1a/8.9.1) with ESMTP id QAA11019; Mon, 21 Dec 1998 16:11:12 +0100 (CET) Received: (from eivind@localhost) by bitbox.follo.net (8.8.8/8.8.6) id QAA14736; Mon, 21 Dec 1998 16:11:11 +0100 (MET) Message-ID: <19981221161110.E14124@follo.net> Date: Mon, 21 Dec 1998 16:11:10 +0100 From: Eivind Eklund To: Dag-Erling Smorgrav , Matt Dillon Cc: security@FreeBSD.ORG Subject: Re: cvs commit: src/etc rc.conf References: <199812190725.XAA05479@freefall.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.2i In-Reply-To: ; from Dag-Erling Smorgrav on Mon, Dec 21, 1998 at 03:45:49PM +0100 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I'm moving this to freebsd-security. On Mon, Dec 21, 1998 at 03:45:49PM +0100, Dag-Erling Smorgrav wrote: > Matt Dillon writes: > If named is run in the sandbox, it will have to be restarted every > time an interface comes up after being down an hour or more - less if > you lower interface-interval in /etc/namedb/named.conf, which you > probably will if you run a caching nameserver on a box that has a > dynamic IP address (e.g. a dialout gateway). It will also complain > loudly every time it receives any of SIGHUP, SIGINT, SIGILL, SIGSYS or > SIGTERM unless you perform the appropriate named.conf magic to move > the pid and dump files to a directory writeable by bind:bind. > > OBTW, the /etc/named/s/ hack is just that - a hack, and an ugly one at > that. > > You'll just have to come to terms with the fact that named needs > privs. ... unless you do a series of small modifications. It is not as if rescanning the interfaces is a _large_ task, or one that couldn't be done by a forked out half of named, decreasing the chance of a problem spreading. You'll just have to come to terms with the fact that you are not a security person. ;-) Eivind. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Dec 21 07:17:29 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id HAA03402 for freebsd-security-outgoing; Mon, 21 Dec 1998 07:17:29 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from mail.inficad.com (mail.inficad.com [207.19.74.5]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA03396 for ; Mon, 21 Dec 1998 07:17:27 -0800 (PST) (envelope-from joeym@inficad.com) Received: from exchsrvr.inficad.com (exchsrvr.inficad.com [208.204.81.30]) by mail.inficad.com (8.9.1a/8.9.0) with ESMTP id IAA11092; Mon, 21 Dec 1998 08:17:57 -0700 (MST) Received: by exchsrvr.inficad.com with Internet Mail Service (5.5.1960.3) id ; Mon, 21 Dec 1998 08:16:04 -0700 Message-ID: <813A3F0E2D02D211884900A0C966731E419189@exchsrvr.inficad.com> From: Joey Miller To: "'Janos Mohacsi'" , security@FreeBSD.ORG Subject: RE: preventing single user login w/o password Date: Mon, 21 Dec 1998 08:15:38 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1960.3) Content-Type: text/plain Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 in /etc/ttys: # # This entry needed for asking password when init goes to single-user mode # If you want to be asked for password, change "secure" to "insecure" here console none unknown off secure - -- Joey Miller Lead Programmer Inficad Communications 602.265.4423 Ext. 159 - -----Original Message----- From: Janos Mohacsi [mailto:mohacsi@bagira.iit.bme.hu] Sent: Monday, December 21, 1998 4:18 AM To: security@FreeBSD.ORG Subject: preventing single user login w/o password Hi, How can I prevent booting FreeBSD into the single user mode without supplying either root or maybe different password? Janos Mohacsi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.0.2 iQA/AwUBNn5mDdaopA9z+Kj8EQIqVwCdE8W8VcC11RTm4XbY6/UGGnBOgZ4AoKXu Uyvgdjc4yjQg4SRyq93rlMj2 =TN5f -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Dec 21 07:25:19 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id HAA04354 for freebsd-security-outgoing; Mon, 21 Dec 1998 07:25:19 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA04326; Mon, 21 Dec 1998 07:25:16 -0800 (PST) (envelope-from des@flood.ping.uio.no) Received: (from des@localhost) by flood.ping.uio.no (8.9.1/8.9.1) id QAA35715; Mon, 21 Dec 1998 16:25:09 +0100 (CET) (envelope-from des) To: Eivind Eklund Cc: Dag-Erling Smorgrav , Matt Dillon , security@FreeBSD.ORG Subject: Re: cvs commit: src/etc rc.conf References: <199812190725.XAA05479@freefall.freebsd.org> <19981221161110.E14124@follo.net> From: Dag-Erling Smorgrav Date: 21 Dec 1998 16:25:08 +0100 In-Reply-To: Eivind Eklund's message of "Mon, 21 Dec 1998 16:11:10 +0100" Message-ID: Lines: 26 X-Mailer: Gnus v5.5/Emacs 19.34 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Eivind Eklund writes: > On Mon, Dec 21, 1998 at 03:45:49PM +0100, Dag-Erling Smorgrav wrote: > > Matt Dillon writes: > > If named is run in the sandbox, it will have to be restarted every > > time an interface comes up after being down an hour or more - less if > > you lower interface-interval in /etc/namedb/named.conf, which you > > probably will if you run a caching nameserver on a box that has a > > dynamic IP address (e.g. a dialout gateway). It will also complain > > loudly every time it receives any of SIGHUP, SIGINT, SIGILL, SIGSYS or > > SIGTERM unless you perform the appropriate named.conf magic to move > > the pid and dump files to a directory writeable by bind:bind. > > ... unless you do a series of small modifications. It is not as if > rescanning the interfaces is a _large_ task, or one that couldn't be > done by a forked out half of named Umm, the problem isn't scanning interfaces, the problem is binding to them, which needs to be done by the parent, so you can't delegate interface rescanning to a child process. Or rather, you can, but it won't matter since at some point the child will need to communicate its results to the parent which will then attempt to bind to port 53 on interfaces it's not yet bound to, for which it needs privs. DES -- Dag-Erling Smorgrav - des@flood.ping.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Dec 21 07:30:22 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id HAA05506 for freebsd-security-outgoing; Mon, 21 Dec 1998 07:30:22 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from verdi.nethelp.no (verdi.nethelp.no [158.36.41.162]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id HAA05487 for ; Mon, 21 Dec 1998 07:30:18 -0800 (PST) (envelope-from sthaug@nethelp.no) From: sthaug@nethelp.no Received: (qmail 18929 invoked by uid 1001); 21 Dec 1998 15:30:14 +0000 (GMT) To: eivind@yes.no Cc: des@flood.ping.uio.no, dillon@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: cvs commit: src/etc rc.conf In-Reply-To: Your message of "Mon, 21 Dec 1998 16:11:10 +0100" References: <19981221161110.E14124@follo.net> X-Mailer: Mew version 1.05+ on Emacs 19.34.2 Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Date: Mon, 21 Dec 1998 16:30:14 +0100 Message-ID: <18927.914254214@verdi.nethelp.no> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > If named is run in the sandbox, it will have to be restarted every > > time an interface comes up after being down an hour or more - less if > > you lower interface-interval in /etc/namedb/named.conf, which you > > probably will if you run a caching nameserver on a box that has a > > dynamic IP address (e.g. a dialout gateway). It will also complain > > loudly every time it receives any of SIGHUP, SIGINT, SIGILL, SIGSYS or > > SIGTERM unless you perform the appropriate named.conf magic to move > > the pid and dump files to a directory writeable by bind:bind. > > > > OBTW, the /etc/named/s/ hack is just that - a hack, and an ugly one at > > that. > > > > You'll just have to come to terms with the fact that named needs > > privs. > > ... unless you do a series of small modifications. It is not as if > rescanning the interfaces is a _large_ task, or one that couldn't be > done by a forked out half of named, decreasing the chance of a problem > spreading. named, possibly with some small modifications, could easily run in the sandbox for a fairly large class of important configurations, namely the ISP which runs primary and/or secondary service for thousands of domains on one box - and this box is a dedicated name server. (On such a box, interfaces change rarely if at all - so I would be quite comfortable with removing the code for rescanning of interfaces. An initial scan would still be necessary.) Steinar Haug, Nethelp consulting, sthaug@nethelp.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Dec 21 07:32:18 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id HAA05713 for freebsd-security-outgoing; Mon, 21 Dec 1998 07:32:18 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA05699 for ; Mon, 21 Dec 1998 07:32:16 -0800 (PST) (envelope-from des@flood.ping.uio.no) Received: (from des@localhost) by flood.ping.uio.no (8.9.1/8.9.1) id QAA35729; Mon, 21 Dec 1998 16:32:09 +0100 (CET) (envelope-from des) To: cjclark@home.com Cc: mohacsi@bagira.iit.bme.hu (Janos Mohacsi), security@FreeBSD.ORG Subject: Re: preventing single user login w/o password References: <199812211324.IAA27266@cc942873-a.ewndsr1.nj.home.com> From: Dag-Erling Smorgrav Date: 21 Dec 1998 16:32:09 +0100 In-Reply-To: "Crist J. Clark"'s message of "Mon, 21 Dec 1998 08:24:53 -0500 (EST)" Message-ID: Lines: 21 X-Mailer: Gnus v5.5/Emacs 19.34 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org "Crist J. Clark" writes: > Janos Mohacsi wrote, > > How can I prevent booting FreeBSD into the single user mode without > > supplying either root or maybe different password? > Here's the simple answer, but you might not like it, > > Control physical access to the machine. > > "There is no security without physical security." Well, you can translate physical access to the computer into physical access to a more manageable item, such as a Java ring, if you use some kind of hardware device which strongly encrypts your disks and keep the encryption key on the Java ring. The idea is that you can't boot the computer without the ring, and you can't decrypt the contents of the disk drive without it either (not within reasonable amounts of time, anyway). DES -- Dag-Erling Smorgrav - des@flood.ping.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Dec 21 07:35:44 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id HAA06401 for freebsd-security-outgoing; Mon, 21 Dec 1998 07:35:44 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from ns1.yes.no (ns1.yes.no [195.204.136.10]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA06387; Mon, 21 Dec 1998 07:35:40 -0800 (PST) (envelope-from eivind@bitbox.follo.net) Received: from bitbox.follo.net (bitbox.follo.net [195.204.143.218]) by ns1.yes.no (8.9.1a/8.9.1) with ESMTP id QAA11519; Mon, 21 Dec 1998 16:35:34 +0100 (CET) Received: (from eivind@localhost) by bitbox.follo.net (8.8.8/8.8.6) id QAA14860; Mon, 21 Dec 1998 16:35:33 +0100 (MET) Message-ID: <19981221163532.G14124@follo.net> Date: Mon, 21 Dec 1998 16:35:32 +0100 From: Eivind Eklund To: Dag-Erling Smorgrav Cc: Matt Dillon , security@FreeBSD.ORG Subject: Re: cvs commit: src/etc rc.conf References: <199812190725.XAA05479@freefall.freebsd.org> <19981221161110.E14124@follo.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.2i In-Reply-To: ; from Dag-Erling Smorgrav on Mon, Dec 21, 1998 at 04:25:08PM +0100 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, Dec 21, 1998 at 04:25:08PM +0100, Dag-Erling Smorgrav wrote: > Eivind Eklund writes: > > ... unless you do a series of small modifications. It is not as if > > rescanning the interfaces is a _large_ task, or one that couldn't be > > done by a forked out half of named > > Umm, the problem isn't scanning interfaces, the problem is binding to > them, which needs to be done by the parent, so you can't delegate > interface rescanning to a child process. Or rather, you can, but it > won't matter since at some point the child will need to communicate > its results to the parent which will then attempt to bind to port 53 > on interfaces it's not yet bound to, for which it needs privs. You don't need to have the parent bind the interface. You use the capability transfer support in BSD - you pass an fd over a local socket, using SCM_RIGHTS. This is described in the Stevens book, which is presently occupying the space between your monitor and lamp (on the right side of the monitor). The implementation of this mechanism is in sys/kern/uipc_socket.c, sys/kern/uipc_syscalls.c, and sys/kern/uipc_usrreq.c. Eivind. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Dec 21 08:11:15 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id IAA12010 for freebsd-security-outgoing; Mon, 21 Dec 1998 08:11:15 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from ol.kyrnet.kg (ol.kyrnet.kg [195.254.160.10]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA11987 for ; Mon, 21 Dec 1998 08:11:09 -0800 (PST) (envelope-from mlists@gizmo.kyrnet.kg) Received: from gizmo.kyrnet.kg (IDENT:mlists@gizmo.kyrnet.kg [195.254.160.13]) by ol.kyrnet.kg (8.9.1a/8.9.1) with ESMTP id UAA27924; Mon, 21 Dec 1998 20:39:56 +0600 Received: from localhost (mlists@localhost) by gizmo.kyrnet.kg (8.9.1a/8.9.1) with ESMTP id VAA01618; Mon, 21 Dec 1998 21:09:25 +0500 Date: Mon, 21 Dec 1998 21:09:24 +0500 (KGT) From: CyberPsychotic Reply-To: fygrave@tigerteam.net To: Alejandro Galindo Chairez AGALINDO cc: freebsd-security@FreeBSD.ORG Subject: Re: udp security In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="-20771424-1675980187-914256563=:417" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. Send mail to mime@docserver.cac.washington.edu for more info. ---20771424-1675980187-914256563=:417 Content-Type: TEXT/PLAIN; charset=US-ASCII You may want to install this piece, and make it listen the ports which hackers try to attack. It will save these packs for latter analysis, so we could see what acrtually they are trying to do. My idea is that they probably got into via named, but well. Lets' see.. (I did this piece for kicking Win* Bo scanner dudes, the piece is not quiute secure probably, maybe vulneriable to DoS attacks, if you'd use a command (so don't)). But having those packets saved would help you to figure out what actually they try to do.. maybe they have implememented some kind of backdoor working over UDP. (well :) I did one myself, when played with a friend of mine, so :)) -- fygrave@tigerteam.net http://www.kalug.lug.net ---20771424-1675980187-914256563=:417 Content-Type: APPLICATION/x-gunzip; name="udplstn.1.0.tar.gz" Content-ID: Content-Description: Content-Disposition: attachment; filename="udplstn.1.0.tar.gz" Content-Transfer-Encoding: BASE64 H4sIABJudjYAA+1be1fbSJbPv9KnqDiTRKaNsY0NiRn3NuGRpjsBFsgmvQmH I0slW4MseVUSj+nJd5/fvVWSZUPImT2b9MyOKwHLVbeqbt33vSpyfxqpLF57 9A2b6LY2N3vikRBic2P+07SWEBsb673uxsbmZleIdqe1sfFI9L4lUkXLVeam QjwKbkepeyW/CPe18X/Rlhv+v3UvZRBG3+R87RbY2f0y/9c73YL/vU5nHfxf 7xH/W98CmcX2b87/nZ3ByPPsJzv7b7Zfnw7E6u7x0eFrfOzuvXqHz/duFInV 0cgf2osgPGQfvfrldGCkqJkIL5lM3NjHk7yRXjOx3+zqabZtG6j+nxyaVBfF rLFt/cnZ2amL1aToEwUMBng+PZml6rbtRdKN+7aVTsRqIBbWs/9omv4rtUL/ T/a2d9/ufZs9vqL/0PyNQv+73U3W/1avtdT/79E+QmN96Yvhrdi5Hcr0WN16 4yQLPeHnaRiPhJJXMnUjcR3GmUxFHI7GmRJJINovX74Q57ZlWaEvXbUWhDdS 9S1Dp5+ycCTTTLqTZiwzggoid0IAli+v4jyKfooSz43Gicps+2zsxpdKZEnf Xi2bvYt1HP8vVz8NpR8kqU8r1QWeRCZVBuSatn2cp9NEydk82zobh0pEYZZF UkxD6UnClk6JM8BiwWol1+I2ybEduqNIepmYut6lzJQN80WHxohKJlJ4OIIb xmKapJlIYpqVionrjcNYNsURLZunSopsLFMpXPxkSaxs7JdQF/qxmmqI63Ho jQk48kUkM97dT2iaUKCKhhOOisMgCLOGyLypn0+mNg7suRnNdzPiQ70pXuWZ OMBSsQLZgQzoR+fDUhPhKpG6vPE4H5nDE69sfXpG4pqRUHkQACxIE8wSz8lq 43jTNAHzJkwCP1TgqhSXcXId08q2l0o5paFAuhmEQ02eOyfNU0IsVsDs/Rjx A3DL0hACBRJeAp6OpoSagOprKpxMI9kAae0kloYcaR6LMKMNfFcSEvAe1HGd xM8z4YyTqUwDiMttXWBbMclxhqlmOggbJynxDIhPQjBaSQ+IZbdz8yAlr/Iw 8oF6RbyMnGjK0O44RoRJPvH5TRjnN8I5+Vn0mq26mEZuBrGbiCGIj72G7jC6 tdWYD0Db08ExTTO9gFaQt2wMfitFopAm+TCC1JyNpd51jF2z68Q2C6xmISRB YY43hp7YTrteuGHbMrTRRIG6ZRmEEGRSMgo0F6Gc4JsbNQ0QjhKLKAG3QqI5 MLdZ/KfQ6kyQMN1qqSNZz/wkz5q206kb725bGjhybwXxfJoAko9jNKUhwuao qTVKSbBsiH5wyCsggJydQv7CKy0Mpay7vp+CJGusU9esOGC3R0N0kKbo1/Wy haJkiT2GJdAaGUBcEiAvlOfGMX2ilynXX0VgcJLHMfPZaq4VoQRtFOcTex88 cVlZCrL07dO9/xQYa85SETqMTHUHo6jCv0ohYL1GagYFYc2k/bF109Kte/5u 93h19cf2y06zvfGi2W522v32+gun01qvW4DrAujlq+6Lc2s/DcVhciU6m6L9 ot/p9tc32ZZWVuvdWa3dMau1H16t1+9sLK628X+wmh2UxCPCxeBW3z5Og5uS YjOCEWkqlML4/zSJyDYJRrNKoSawaL7cfLmx8WKz2+1trHe7zRlJbXvl8Ohs b0UvCF0dQZZgLGJS8yT2YVbCGEr/ixvnbnor2g3gutlqil/g02G/fFKDQEpI UngpbTY+Exln7NVIalj81VR6IfwbCWJTkDxgp1xBaLGRRxYwDMhnVF0EG0it dYVUKzgCD3oGGs36GM2GluYhdUIXYI1+hm6SzI9lNFVNlvOJNrS017UL/Zzh JyPyLwnNL09Aq1i6rd7XisH7fbFt7/y8ffh677SPR/stzMqu9ES7KyCy651+ 54X49fWZZru1cphkckVQjMR0YxMA9VMhprWbrYZxcez7PHjxEQjnDkMYE6s0 dEPJ2j1JCCahQ9w02MzH8to4E7gp2AU+1ympOcUKsFlmYQot/KawbetwbkZK axNaPFc4ZJ7jJOPwQPow/JazUi9SEk5I8owQpxCCTZWbpuEVLcDMpS0sZ+oq RV0Hx4WpktpYqWJnkhDahnet601gUkgx1rSU+GFKQCxbAXlDFpYCkQjRQ6Pw 1BmIZls8TsSF0LlGmCCFhMcTH4k5wg1ESbnUrOqRdnY7/dbLCqv2PuztVDHE pFCNmaTvlDviKGgIDwFNIc8zlNClKsf6ZYImVqeF0RQfV6/O8SsqDkhfUpEm CZ8RhKQDK+r1yvN9dNOROj8XNlt3rDtbz5om5H7cWMAmaXOB3iHRISGta9qz rSxy34JMjbHZ2pNplwHwa3h6qKzjJ1KRqk9caLlluWSQPFZb41l9LbZFTqtd LPx1QxsQmoONSG19CZkbaUHXOsvukoICiFbpKSFZq1fCsjAOXRgiFGmKE6ll hJYK44AUNiCBx69LDlVnZLNoq6nLSAQwVHCTWQK2OG/fnZ6JvQ8Hp2f14pwF ZoX1sazSmmAOcbdCeNC9Tb86otkkC8Gx1+PtN++3fzt9LEy8MuRwFRoGIwnY nAyKjkog62ThMbEqqSRL2TiFYJGgqHKOEqQp2rkXWT801CKb3SeaTihmmEGT K58gnMgpWresg+Pt3d0Ta5Wms1AUJy6E0KCLEMTTGM8UEtOhJx8+fGhWfojS k4aJhQsVMt809Ygkx0cnZ5VNv7ZnRUIx2fGhzwhl64UQlktX4hfY1KM8m0Je KmJLRBQqouQpui3UDrJ7LSkPIGOi47JkSgYKxJIkZN+hklHk/0UtxvsGe3wl /9/knN/UfzcQDcEXtdbby/z/e7QnsIBRDif9Z5i2MGmOf7RnXTk8SObP96lb tZbdTqW62w1KZvf0Jqx7d/qv3XChN/DiLJrvosh+vgcRDIxSthbG8/0uPNEa jXxtAZwoCoeLfVTrmOurldXJmm3TyUJP5Ei6RzGHhhmFtYPWlm2vIUCVgZtH mbhyoxxxycqaTSqeihWj/YM3R6/3D97sbRX9ZDRg9wfH2zu/XuwenJQDK8aS kuEdHL578wYj5a4MYhwObV0OwGzBTBFSZK8YK3mDhDAWV0kIc+amSl54E0RI bGfNVvWtOSgKjwjIOd0WKw0C1HD0CFCGoQiWcP8CzNx6QOr6AgFwEI4c6ijW yCkYcfS8yS2597r9OyIgNoCBA/bING3UOGbpi6fqH4pGanbtgYDkU4xx9k9C e6c5P3evq8KiVC+ikOBS3l4nqa/6vMynTHuwTxn5kjxbcFHGQxS5sBJJGiKw ICdqppMnmptc8TVFxWjRuWCqaBiibSFYteRNmDltkPazbRP/J24YOxxhpSOv 5DS+XBGR9fdhHnx89W7/9OC/935on0PASEcugAMeWbChsIHfQJbXoP3pk3RV YRyyPqcDnBVvscBDhXJPTyYSXFCall7RY8OLMvrE8vZMFh3GkDHjAYRrjpHt +pzs8PCTMECSGQhdDhEM7XoeCO0UgeH7i6Nf6+LZM/F4YWCfBuqYJKzfxaKY 7SAUJffLwSSFBWZW/6n6FItaw3wFEpaVSsTWiI7b9OXz/VjozcAacWer927K tYkyJqDAlTcHF1XWBHPprMRW/HqCrDoMeJNiD2M19Enr4nc+0uIuJlAkVdVl vCK6hCaZvIXO6g4jSYKILLFh1qUzVo8IkZonOx2XwlkHmxvA1paATAQ6lfFD eAXIWIgQakRno5rQKE1yaBhExBJeBO46LdrIPLcrzx1+VkA+9B1+zieuujTw VM8qqXx08f7k6PDNb387utg52ds+w+f28fHe4S7o//Zod49n+PnUzDVPhCrF 01hFcf6po3kd4JqcHXgaylusF86zjJfAVB0wEiTXm6DgsU6MJR+vrHcYhtRW B09VreEqj9fhanexYp3XDIIoV2PH5BTUA147Wv3EQGjH6WzvXxwc7p01To/I V7w+2X7baNXrg8Fqm0QAsjIF35PUqWn4fo1ltWAQMVJ8xs/wrzJNnGeFTlJV K4HU6K8aH/OliazoInAnYXQ7MJsvjuoH/hiMsySOnINDMoYX24e/3VmKfRJB QYLxSH6CT4pk1DenbTgL5kMgpf4irvrcxbFpGXPoO7rAJUZXwY2EEPaG2R6A JeUBV9VtQy7NcGYuSQsM9/MiA+NCkRZn6IIjtvDPMAKWcmBwNSZPs4K4aizp ANp4RZa8ODiMccMY40arQep4DymemeUaz7BElfcWktCSEMXShhhcALpzTmql 7hJyn0nJScd12dficl6WVPErvEDrPjaVuBFqW2srVCmuKJE1ixmqkNV1CS8y LZXQB6fT3s2EJA9Ntcg5TWEyVtuNZ9pRNVjtIfUWuAiLx4adygNFtWqUcAUP KTDMVuHtCYAyU7FC3jeSzj0Lvz88otpZ/TGxgOm3omdwqs2pOe/DL4r0uwWd /5vNGhpa8JsE2tRzKcjg0vZuciq4sH+pmgy2RnL4mY5A5XpotOuNpTGlMx5C Wu8JzgqCcSyAByKcjgaIfNSLT6IgyREP0FQyrnOxgTWLDSx2+D5pb8UwFsbu Y+vmaevFByo162LXU9WH0mUfSSH6NNj9cP4pI4uIwLnBGbzMLuIscQtlWf2x MC11GsfQWM2Psf42NOIPGFZs8MMPEEWB7PovVAuOZVGmyHXgnlOFSDHZEWkw Re8YYxWbsxWEKfW09lStPVVN+h/Sf330WuFHGxzVH5/s7R98YI1+8KRfPCbb gmq0Vc+IdFpbnMeVmKAaeLBlNDzhIANuX4cXTpzwmxOOdOpsDs3cBZNozm/M hKGjn1CxhErTWWUZvTSLN+1FdPzM6DmBP2CPXeK36LILT12xZoUh80xMxq+w +KUBR2S1B033ltlaOIyZY2yXkfLHg4q4lxuZM9CXL62ONXV0Eviz+IiUzvr/ cc2kqP8UFbw/oP7T6XY3y/sfm50e3f/Y7C7vf32X9mD9575SyawmZLPbSKbw i+no4/mgduWNp/2on/YRj8FNzFUDqll/XVdNrsRqUc2w4RM9fK3m49Q3RR9Z Q3qeZf38bS7t52i+KJGz4zR731s72bozOl9AKcfnijgLvcbYL/RW6zdbxi/P l1/uz8zZuXrGycLWcn3HtjgOEY7jDUYyA6V10kxLXDUKysPoPx6IvaN9bdv0 2w3H046d3l8+v3ou+mXdiJNXCkAQTlziuQDyCKhafXpGu3ykgnTsn5tJjNni Cnr+lOZzqO9mSehgHubX7wWNCLQojWnAe+FSXtKUyh6AGwOueP4PmqOFjfFv nS/iYIp1fd37IKj1mdMA/b6InBv7FyJC3cCIwjuaGn5CThnSaO5WuAEFmGA9 F5jYPa6Z6FKHd3CVTLNBq34HlVlgV62GgK1GdoIkIf4V3r4oXFCQRd59Vrko IAwpS4hZ3l9CABcarmZLNvYZzIm1rgMkLGHFzKrmGl9qxNchRB9zMXM+PBEU DNKg9rxJgqCNHW4BoAsiRDH9Lm/uldQ0lchUMiJjmcL8vP1fexdvtw8Ov1oM AyLY595alDUXWps85o8209+sFf6fb+t+C+f/6Ov+v7dR3v9fX2+3yP931ntL //892v/q/c99r3T+wfcyX3vj8nW3Ove+opru3k11i2qB/buu0lUN6KwjnFJl /OB4Vhgvh6ZpRmPHJ2fzg3yVDnjQ+yHgxX13zGVhnYradaVEmKW35goe1VXZ bmqDw1CVHJRxa2jcKP+sNR5KKufTV8a9YXDH5LD2xaST9q8iW5rig2PjNeit RelANFZ6gxJ1fUJDH+0pBsb6m+xJO80oostDbvYc/hIOlC5HgtjS42pJUU+l ii2l8PqOTupOJKRClcMmPloR8y6m3PsxxIziAm8yZTfUqOmXNjUETfR9wCfY enAGnbiE12ddpNIcT5Fwl25NU8Qy3CzEg/wcP39+aB3t/eZWEBwwzJfgmZog DflC3aNEOJlIP3QzGd1y0AEIm8taUt865hoY34kpL8yGsZgg0ONblFyhUgkX xrikVdRPZhXwqYvJ8sb16DpDOQcE5DmmTBCEN1wX04N5TFohzQLsxoeS72KT WzdjGpQA9F3ahC4+WeYQhaYN6OGqWi9EwNSolg+3aMI8+PRB+C+I/T5ILQKX 7hD1n34gkS8WnbHG1i/hZgM6XkliUIY6zXwdqPzTBRKL9z/G32CPr/39V69d 5v/t7maH8//NZf7/XRqE1Vz+V1keBJyVmBuHwtxaELUIYYCMm8goauVgpcgp OLNYGNo9OBG1Zq262GKXqadSAFj26aqggMS0WlQk4NvXdHPR/MECcv3KS/ZO r9es/IjuyvoP64N2j1/jmRW10xTt3heWI/suHFd5YVgXG73eek+s/ijmljC+ U/Rsm66+kKG453X36fbWP516L9uyLduyLduyLduyLduyLduyLduyLduyLduy Ldu/cfs7RDifgwBQAAA= ---20771424-1675980187-914256563=:417-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Dec 21 08:43:27 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id IAA15865 for freebsd-security-outgoing; Mon, 21 Dec 1998 08:43:27 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from foobar.franken.de (foobar.franken.de [194.94.249.81]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA15859 for ; Mon, 21 Dec 1998 08:43:11 -0800 (PST) (envelope-from logix@foobar.franken.de) Received: (from logix@localhost) by foobar.franken.de (8.8.8/8.8.5) id RAA01719; Mon, 21 Dec 1998 17:42:22 +0100 (CET) Message-ID: <19981221174222.A1588@foobar.franken.de> Date: Mon, 21 Dec 1998 17:42:22 +0100 From: Harold Gutch To: Garance A Drosihn , Marco Molteni Cc: freebsd-security@FreeBSD.ORG Subject: Re: A better explanation (was: buffer overflows and chroot) References: <62537.913989002@zippy.cdrom.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.2i In-Reply-To: ; from Garance A Drosihn on Sat, Dec 19, 1998 at 05:22:57AM -0500 X-Organisation: BatmanSystemDistribution X-Mission: To free the world from the Penguin Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, Dec 19, 1998 at 05:22:57AM -0500, Garance A Drosihn wrote: > At 7:57 PM +0100 12/18/98, Marco Molteni wrote: > >Scenario: > > > > 1. Bob is a non privileged user. > > 2. Bob actively searches for buffer overflows in suid binaries. > > 3. if Bob is able to do his job, soon or later he'll get root. > > 4. I don't mind if Bob is a good guy or a bad guy, I don't want > > anybody to be root on my machines. > > 5. I want to put him in a chroot jail full of suid binaries, but > > suid not to root, to pseudoroot, where pseudoroot is a > > non privileged user. > > 6. Bob can do all his experiments in his nice jail. > > 6. if Bob becomes pseudoroot, I am still safe, since: > > 6.1 he is in a chroot jail > > 6.2 in the jail there isn't any executable suid to a privileged > > user (root, bin, whatever). > > 6.3 from 6.2, he can't escape from the jail > > > > is 6.3 correct? > > >From #2, Bob is running setuid binaries. Presumably he's running a Binaries suid to some _unprivileged_ user. That's the whole point Marco is trying to make here. "bob" will eventually manage to become some other user. So, in case "bob" manages to exploit some buffer overflow or whatever other bugs your suid binary has, he will only be able to become another _unprivileged_ user. Unless he can do further harm from this uid, you are safe. He will not be able to break out of the chroot-jail unless himself is root (at least I have no idea how you'd break out being a normal unprivileged user). -- bye, logix Sleep is an abstinence syndrome wich occurs due to lack of caffein. Wed Mar 4 04:53:33 CET 1998 #unix, ircnet To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Dec 21 08:54:04 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id IAA17051 for freebsd-security-outgoing; Mon, 21 Dec 1998 08:54:04 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from orcrist.mediacity.com (orcrist.mediacity.com [208.138.36.146]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA16993 for ; Mon, 21 Dec 1998 08:54:01 -0800 (PST) (envelope-from gsutter@orcrist.mediacity.com) Received: (from gsutter@localhost) by orcrist.mediacity.com (8.8.8/8.8.8) id IAA10591; Mon, 21 Dec 1998 08:53:55 -0800 (PST) (envelope-from gsutter) Message-ID: <19981221085355.A10360@orcrist.mediacity.com> Date: Mon, 21 Dec 1998 08:53:55 -0800 From: Gregory Sutter To: Dag-Erling Smorgrav , security@FreeBSD.ORG Subject: Re: preventing single user login w/o password References: <199812211324.IAA27266@cc942873-a.ewndsr1.nj.home.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.2i In-Reply-To: ; from Dag-Erling Smorgrav on Mon, Dec 21, 1998 at 04:32:09PM +0100 Organization: Zer0 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, Dec 21, 1998 at 04:32:09PM +0100, Dag-Erling Smorgrav wrote: > > Janos Mohacsi wrote, > > > How can I prevent booting FreeBSD into the single user mode without > > > supplying either root or maybe different password? > > Well, you can translate physical access to the computer into physical > access to a more manageable item, such as a Java ring, if you use some > kind of hardware device which strongly encrypts your disks and keep > the encryption key on the Java ring. The idea is that you can't boot > the computer without the ring, and you can't decrypt the contents of > the disk drive without it either (not within reasonable amounts of > time, anyway). Okay, it's 8:45 AM, and I'm still tired, but the first thing that came into my mind was an actual ring that one wears upon a finger. Then I wondered about using that as a physical security key. It would be easy to put a small chip or 2 in a ring; the reader could be sitting in a 5.25" slot until cases are specially built for the device, which would be plugged into the motherboard and prevent all input or somesuch mechanism until the chip is detected. Now, I don't know much about the actual cryptography, but combining "something you have" with "something you know", such as a passphrase, could make for a good physical security system. Combine that with a sturdy, locked case and any intruder will have to take measures that will make their intrusion obvious. Greg -- Gregory S. Sutter Computing is a terminal addiction. mailto:gsutter@pobox.com http://www.pobox.com/~gsutter/ PGP DSS public key 0x40AE3052 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Dec 21 09:11:58 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA19930 for freebsd-security-outgoing; Mon, 21 Dec 1998 09:11:58 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA19925 for ; Mon, 21 Dec 1998 09:11:56 -0800 (PST) (envelope-from des@flood.ping.uio.no) Received: (from des@localhost) by flood.ping.uio.no (8.9.1/8.9.1) id SAA35974; Mon, 21 Dec 1998 18:08:38 +0100 (CET) (envelope-from des) To: Gregory Sutter Cc: Dag-Erling Smorgrav , security@FreeBSD.ORG Subject: Re: preventing single user login w/o password References: <199812211324.IAA27266@cc942873-a.ewndsr1.nj.home.com> <19981221085355.A10360@orcrist.mediacity.com> From: Dag-Erling Smorgrav Date: 21 Dec 1998 18:08:38 +0100 In-Reply-To: Gregory Sutter's message of "Mon, 21 Dec 1998 08:53:55 -0800" Message-ID: Lines: 20 X-Mailer: Gnus v5.5/Emacs 19.34 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Gregory Sutter writes: > On Mon, Dec 21, 1998 at 04:32:09PM +0100, Dag-Erling Smorgrav wrote: > > Well, you can translate physical access to the computer into physical > > access to a more manageable item, such as a Java ring, if you use some > > kind of hardware device which strongly encrypts your disks and keep > > the encryption key on the Java ring. > Okay, it's 8:45 AM, and I'm still tired, but the first thing that came > into my mind was an actual ring that one wears upon a finger. Then I > wondered about using that as a physical security key. It would be > easy to put a small chip or 2 in a ring; the reader could be sitting > in a 5.25" slot until cases are specially built for the device, which > would be plugged into the motherboard and prevent all input or > somesuch mechanism until the chip is detected. Congratulations on your new invention! Though I'm afraid it's already patented by Sun Microsystems :) DES -- Dag-Erling Smorgrav - des@flood.ping.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Dec 21 10:03:01 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA27312 for freebsd-security-outgoing; Mon, 21 Dec 1998 10:03:01 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from zippy.cdrom.com (zippy.cdrom.com [204.216.27.228]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA27307 for ; Mon, 21 Dec 1998 10:03:00 -0800 (PST) (envelope-from jkh@zippy.cdrom.com) Received: from zippy.cdrom.com (jkh@localhost.cdrom.com [127.0.0.1]) by zippy.cdrom.com (8.9.1/8.9.1) with ESMTP id JAA83903; Mon, 21 Dec 1998 09:39:13 -0800 (PST) To: Gregory Sutter cc: Dag-Erling Smorgrav , security@FreeBSD.ORG Subject: Re: preventing single user login w/o password In-reply-to: Your message of "Mon, 21 Dec 1998 08:53:55 PST." <19981221085355.A10360@orcrist.mediacity.com> Date: Mon, 21 Dec 1998 09:39:13 -0800 Message-ID: <83899.914261953@zippy.cdrom.com> From: "Jordan K. Hubbard" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Okay, it's 8:45 AM, and I'm still tired, but the first thing that came > into my mind was an actual ring that one wears upon a finger. Then I It's called a JavaButton, and you can get it in ring form. Somewhere on Sun's web pages is an order form, but I'm too lethargic to look for it at the moment. :) Anyway, it also includes the reader and supposedly works very well. Not exportable, however, and therein lies the rub. - Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Dec 21 10:30:38 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA01044 for freebsd-security-outgoing; Mon, 21 Dec 1998 10:30:38 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA01037 for ; Mon, 21 Dec 1998 10:30:34 -0800 (PST) (envelope-from des@flood.ping.uio.no) Received: (from des@localhost) by flood.ping.uio.no (8.9.1/8.9.1) id TAA39856; Mon, 21 Dec 1998 19:09:24 +0100 (CET) (envelope-from des) To: "Jordan K. Hubbard" Cc: Gregory Sutter , Dag-Erling Smorgrav , security@FreeBSD.ORG Subject: Re: preventing single user login w/o password References: <83899.914261953@zippy.cdrom.com> From: Dag-Erling Smorgrav Date: 21 Dec 1998 19:09:23 +0100 In-Reply-To: "Jordan K. Hubbard"'s message of "Mon, 21 Dec 1998 09:39:13 -0800" Message-ID: Lines: 12 X-Mailer: Gnus v5.5/Emacs 19.34 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org "Jordan K. Hubbard" writes: > It's called a JavaButton, and you can get it in ring form. Somewhere > on Sun's web pages is an order form, but I'm too lethargic to look for > it at the moment. :) Anyway, it also includes the reader and > supposedly works very well. Not exportable, however, and therein lies > the rub. Not exportable? I've seen one demonstrated in Norway... DES -- Dag-Erling Smorgrav - des@flood.ping.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Dec 21 11:16:15 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA07355 for freebsd-security-outgoing; Mon, 21 Dec 1998 11:16:15 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from xylan.com (postal.xylan.com [208.8.0.248]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA07350 for ; Mon, 21 Dec 1998 11:16:11 -0800 (PST) (envelope-from wes@softweyr.com) Received: from mailhub.xylan.com by xylan.com (8.8.7/SMI-SVR4 (xylan-mgw 2.2 [OUT])) id LAA25037; Mon, 21 Dec 1998 11:15:18 -0800 (PST) Received: from utah.XYLAN.COM by mailhub.xylan.com (SMI-8.6/SMI-SVR4 (mailhub 2.1 [HUB])) id LAA24169; Mon, 21 Dec 1998 11:15:17 -0800 Received: from softweyr.com by utah.XYLAN.COM (SMI-8.6/SMI-SVR4 (xylan utah [SPOOL])) id MAA25785; Mon, 21 Dec 1998 12:15:16 -0700 Message-ID: <367E9E44.ADBB400A@softweyr.com> Date: Mon, 21 Dec 1998 12:15:16 -0700 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.5 [en] (X11; U; FreeBSD 2.2.7-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: Dag-Erling Smorgrav CC: Gregory Sutter , security@FreeBSD.ORG Subject: Re: preventing single user login w/o password References: <199812211324.IAA27266@cc942873-a.ewndsr1.nj.home.com> <19981221085355.A10360@orcrist.mediacity.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Dag-Erling Smorgrav wrote: > > Gregory Sutter writes: > > > > Okay, it's 8:45 AM, and I'm still tired, but the first thing that came > > into my mind was an actual ring that one wears upon a finger. Then I > > wondered about using that as a physical security key. It would be > > easy to put a small chip or 2 in a ring; the reader could be sitting > > in a 5.25" slot until cases are specially built for the device, which > > would be plugged into the motherboard and prevent all input or > > somesuch mechanism until the chip is detected. > > Congratulations on your new invention! Though I'm afraid it's already > patented by Sun Microsystems :) Actually it is patented by Dallas Semiconductor, who makes them. Only the Java techonology is owned by Sun. See http://www.ibutton.com/ for more info. And yes, these little things are *very* cool. -- Where am I, and what am I doing in this handbasket? Wes Peters +1.801.915.2061 Softweyr LLC wes@softweyr.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Dec 21 13:24:41 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id NAA26832 for freebsd-security-outgoing; Mon, 21 Dec 1998 13:24:41 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from orcrist.mediacity.com (orcrist.mediacity.com [208.138.36.146]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA26813 for ; Mon, 21 Dec 1998 13:24:38 -0800 (PST) (envelope-from gsutter@orcrist.mediacity.com) Received: (from gsutter@localhost) by orcrist.mediacity.com (8.8.8/8.8.8) id NAA13589; Mon, 21 Dec 1998 13:24:31 -0800 (PST) (envelope-from gsutter) Message-ID: <19981221132431.D10360@orcrist.mediacity.com> Date: Mon, 21 Dec 1998 13:24:31 -0800 From: Gregory Sutter To: Dag-Erling Smorgrav Cc: security@FreeBSD.ORG Subject: Re: preventing single user login w/o password References: <199812211324.IAA27266@cc942873-a.ewndsr1.nj.home.com> <19981221085355.A10360@orcrist.mediacity.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.2i In-Reply-To: ; from Dag-Erling Smorgrav on Mon, Dec 21, 1998 at 06:08:38PM +0100 Organization: Zer0 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, Dec 21, 1998 at 06:08:38PM +0100, Dag-Erling Smorgrav wrote: > Gregory Sutter writes: > > On Mon, Dec 21, 1998 at 04:32:09PM +0100, Dag-Erling Smorgrav wrote: > > > Well, you can translate physical access to the computer into physical > > > access to a more manageable item, such as a Java ring, if you use some > > > kind of hardware device which strongly encrypts your disks and keep > > > the encryption key on the Java ring. > > Okay, it's 8:45 AM, and I'm still tired, but the first thing that came > > into my mind was an actual ring that one wears upon a finger. Then I > > wondered about using that as a physical security key. It would be > > easy to put a small chip or 2 in a ring; the reader could be sitting > > in a 5.25" slot until cases are specially built for the device, which > > would be plugged into the motherboard and prevent all input or > > somesuch mechanism until the chip is detected. > > Congratulations on your new invention! Though I'm afraid it's already > patented by Sun Microsystems :) Ain't I something? Damn, but that's cool. Greg -- Gregory S. Sutter If I had finished this sentence mailto:gsutter@pobox.com http://www.pobox.com/~gsutter/ PGP DSS public key 0x40AE3052 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Dec 21 13:52:04 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id NAA00160 for freebsd-security-outgoing; Mon, 21 Dec 1998 13:52:04 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from lazlo.steam.com (lazlo.steam.com [199.108.84.37]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA00150; Mon, 21 Dec 1998 13:52:01 -0800 (PST) (envelope-from cliff@steam.com) Received: from icarus (gaffer@icarus.internal.steam.com [192.168.32.32]) by lazlo.steam.com (8.9.1/8.9.1) with SMTP id NAA09767; Mon, 21 Dec 1998 13:52:24 -0800 (PST) From: "Cliff Skolnick" To: "Eivind Eklund" , "Dag-Erling Smorgrav" Cc: "Matt Dillon" , Subject: RE: cvs commit: src/etc rc.conf Date: Mon, 21 Dec 1998 13:51:20 -0800 Message-ID: <000201be2d2c$0b94baa0$2020a8c0@icarus.internal.steam.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2377.0 In-Reply-To: <19981221163532.G14124@follo.net> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This sandbox stuff is starting to worry me :( The more FreeBSD changes stock daemons used on many other UNIX systems the harder it will be to respond to know bugs. For denial of service attacks often the sandbox will not help, if the daemon dumps core or becomes unusable it doesn't matter what UID it was. The sandbox changes a fundamental design of UNIX, and makes FreeBSD "different" than other UNIX systems. The difference in the short term may be more security, but in the long term FreeBSD daemons could become hopelessly out of sync with standard daemon distributions over time. It's one thing to change a few permissions and directory names, it's completely different to start passing file descriptors (which is only mildly portable) via a coprocess. If this stuff started to become standard FreeBSD it would be time to start looking for another OS IMHO. I want to run something close to a standard UNIX that works and is reasonably secure. The only total security is to turn the machines off. :) -- Cliff Skolnick Steam Tunnel Operations cliff@steam.com http://www.steam.com/ > -----Original Message----- > From: owner-freebsd-security@FreeBSD.ORG > [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Eivind Eklund > Sent: Monday, December 21, 1998 7:36 AM > To: Dag-Erling Smorgrav > Cc: Matt Dillon; security@FreeBSD.ORG > Subject: Re: cvs commit: src/etc rc.conf > > > On Mon, Dec 21, 1998 at 04:25:08PM +0100, Dag-Erling Smorgrav wrote: > > Eivind Eklund writes: > > > ... unless you do a series of small modifications. It is not as if > > > rescanning the interfaces is a _large_ task, or one that couldn't be > > > done by a forked out half of named > > > > Umm, the problem isn't scanning interfaces, the problem is binding to > > them, which needs to be done by the parent, so you can't delegate > > interface rescanning to a child process. Or rather, you can, but it > > won't matter since at some point the child will need to communicate > > its results to the parent which will then attempt to bind to port 53 > > on interfaces it's not yet bound to, for which it needs privs. > > You don't need to have the parent bind the interface. You use the > capability transfer support in BSD - you pass an fd over a local > socket, using SCM_RIGHTS. > > This is described in the Stevens book, which is presently occupying > the space between your monitor and lamp (on the right side of the > monitor). The implementation of this mechanism is in > sys/kern/uipc_socket.c, sys/kern/uipc_syscalls.c, and > sys/kern/uipc_usrreq.c. > > Eivind. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Dec 21 14:22:41 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id OAA03419 for freebsd-security-outgoing; Mon, 21 Dec 1998 14:22:41 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from mercury.webnology.com (mercury.webnology.com [209.155.51.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA03414 for ; Mon, 21 Dec 1998 14:22:38 -0800 (PST) (envelope-from jooji@webnology.com) Received: from localhost (jooji@localhost) by mercury.webnology.com (8.9.1/8.8.8) with SMTP id RAA32729; Mon, 21 Dec 1998 17:28:57 -0600 (envelope-from jooji@webnology.com) Date: Mon, 21 Dec 1998 17:28:57 -0600 (CST) From: "Jasper O'Malley" To: Gregory Sutter cc: Dag-Erling Smorgrav , security@FreeBSD.ORG Subject: Re: preventing single user login w/o password In-Reply-To: <19981221085355.A10360@orcrist.mediacity.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 21 Dec 1998, Gregory Sutter wrote: > Okay, it's 8:45 AM, and I'm still tired, but the first thing that came > into my mind was an actual ring that one wears upon a finger. I hate to break this to you, Greg, but you're a bit late: http://www.ibutton.com/Ring/pr_ring.html http://www.ibutton.com/java.html Cheers, Mick The Reverend Jasper P. O'Malley dotdot:jooji@webnology.com Systems Administrator ringring:asktheadmiral Webnology, LLC woowoo:http://www.webnology.com/~jooji To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Dec 21 15:03:06 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id PAA07121 for freebsd-security-outgoing; Mon, 21 Dec 1998 15:03:06 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from ns1.yes.no (ns1.yes.no [195.204.136.10]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA07111; Mon, 21 Dec 1998 15:02:55 -0800 (PST) (envelope-from eivind@bitbox.follo.net) Received: from bitbox.follo.net (bitbox.follo.net [195.204.143.218]) by ns1.yes.no (8.9.1a/8.9.1) with ESMTP id AAA17262; Tue, 22 Dec 1998 00:02:43 +0100 (CET) Received: (from eivind@localhost) by bitbox.follo.net (8.8.8/8.8.6) id AAA16570; Tue, 22 Dec 1998 00:02:42 +0100 (MET) Message-ID: <19981222000242.H14124@follo.net> Date: Tue, 22 Dec 1998 00:02:42 +0100 From: Eivind Eklund To: Cliff Skolnick Cc: Matt Dillon , security@FreeBSD.ORG Subject: Re: cvs commit: src/etc rc.conf References: <19981221163532.G14124@follo.net> <000201be2d2c$0b94baa0$2020a8c0@icarus.internal.steam.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.2i In-Reply-To: <000201be2d2c$0b94baa0$2020a8c0@icarus.internal.steam.com>; from Cliff Skolnick on Mon, Dec 21, 1998 at 01:51:20PM -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, Dec 21, 1998 at 01:51:20PM -0800, Cliff Skolnick wrote: > This sandbox stuff is starting to worry me :( > > The more FreeBSD changes stock daemons used on many other UNIX systems the > harder it will be to respond to know bugs. For denial of service attacks > often the sandbox will not help, if the daemon dumps core or becomes > unusable it doesn't matter what UID it was. > > The sandbox changes a fundamental design of UNIX, and makes FreeBSD > "different" than other UNIX systems. The difference in the short term may > be more security, but in the long term FreeBSD daemons could become > hopelessly out of sync with standard daemon distributions over time. It's > one thing to change a few permissions and directory names, it's completely > different to start passing file descriptors (which is only mildly portable) > via a coprocess. We track BIND from Vixie. If we're going to do this sort of changes, we will at least attempt to get it integrated in the standard distribution. There will not be any large-scale patches that make it difficult to track the standard distribution. Eivind. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Dec 21 15:42:48 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id PAA12056 for freebsd-security-outgoing; Mon, 21 Dec 1998 15:42:48 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from home.fiberia.com (home.fiberia.com [208.137.248.51]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA12015 for ; Mon, 21 Dec 1998 15:42:38 -0800 (PST) (envelope-from www@home.fiberia.com) Received: by home.fiberia.com (8.9.1/8.9.1) id QAA11338; Mon, 21 Dec 1998 16:42:40 -0800 (PST) Date: Mon, 21 Dec 1998 16:42:40 -0800 (PST) Message-Id: <199812220042.QAA11338@home.fiberia.com> X-Fiberia-User: ufa X-Fiberia-Real-Address: kat@diaspro.com To: FreeBSD-security@FreeBSD.ORG From: happyadmin@ufa.hypermart.net Subject: MARRY CHRISTMAS & Happy New Year! Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ~ Ñ×ÀÑÒËÈÂÎÃÎ ÐÎÆÄÅÑÒÂÀ è ÍÎÂÎÃÎ ÃÎÄÀ! ~ ÑÄÅËÀÉÒÅ ÑÞÐÏÐÈÇ ÑÂÎÈÌ ÄÐÓÇÜßÌ! Ïîøëèòå Íîâîãîäíèå è Ðîæäåñòâåíñêèå Ïîñëàíèÿ ñ ìóçûêàëüíûì ñîïðîâîæäåíèåì, âîñïîëüçîâàâøèñü ÑËÓÆÁÎÉ ÂÈÐÒÓÀËÜÍÛÕ ÎÒÊÐÛÒÎÊ, àáñîëþòíî ÁÅÑÏËÀÒÍÎ !! --*( ÑËÓÆÁÀ ÂÈÐÒÓÀËÜÍÛÕ ÎÒÊÐÛÒÎÊ )*-- * http://ufa.hypermart.net * To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Dec 21 16:08:00 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id QAA16840 for freebsd-security-outgoing; Mon, 21 Dec 1998 16:08:00 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from apollo.backplane.com (apollo.backplane.com [209.157.86.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA16835 for ; Mon, 21 Dec 1998 16:07:58 -0800 (PST) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.9.1/8.9.1) id QAA48177; Mon, 21 Dec 1998 16:07:51 -0800 (PST) (envelope-from dillon) Date: Mon, 21 Dec 1998 16:07:51 -0800 (PST) From: Matthew Dillon Message-Id: <199812220007.QAA48177@apollo.backplane.com> To: Eivind Eklund Cc: Cliff Skolnick , security@FreeBSD.ORG Subject: Re: cvs commit: src/etc rc.conf References: <19981221163532.G14124@follo.net> <000201be2d2c$0b94baa0$2020a8c0@icarus.internal.steam.com> <19981222000242.H14124@follo.net> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org :On Mon, Dec 21, 1998 at 01:51:20PM -0800, Cliff Skolnick wrote: :> This sandbox stuff is starting to worry me :( :> :> The more FreeBSD changes stock daemons used on many other UNIX systems the :> harder it will be to respond to know bugs. For denial of service attacks :... :> The sandbox changes a fundamental design of UNIX, and makes FreeBSD :> "different" than other UNIX systems. The difference in the short term may :... Two points. (1) We have made no changes to the stock bind distribution. None. Zero. Zilch. Nada. (2) Using a sandbox does not change the fundamental design of UNIX in the least, in my view. A number of traditional UNIX subsystems have used sandboxes for a long time. For example, the 'operator' account and lpd. -Matt Matthew Dillon Engineering, HiWay Technologies, Inc. & BEST Internet Communications & God knows what else. (Please include original email in any response) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Dec 21 17:14:55 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id RAA24413 for freebsd-security-outgoing; Mon, 21 Dec 1998 17:14:55 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from aniwa.sky (p42-max7.wlg.ihug.co.nz [209.79.142.170]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id RAA24399; Mon, 21 Dec 1998 17:14:38 -0800 (PST) (envelope-from andrew@squiz.co.nz) Received: from localhost (andrew@localhost) by aniwa.sky (8.8.8/8.8.7) with ESMTP id NAA23983; Tue, 22 Dec 1998 13:43:23 +1300 (NZDT) (envelope-from andrew@squiz.co.nz) Date: Tue, 22 Dec 1998 13:43:23 +1300 (NZDT) From: Andrew McNaughton X-Sender: andrew@aniwa.sky Reply-To: andrew@squiz.co.nz To: Eivind Eklund cc: Cliff Skolnick , Matt Dillon , security@FreeBSD.ORG Subject: Re: cvs commit: src/etc rc.conf In-Reply-To: <19981222000242.H14124@follo.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 22 Dec 1998, Eivind Eklund wrote: > On Mon, Dec 21, 1998 at 01:51:20PM -0800, Cliff Skolnick wrote: > > This sandbox stuff is starting to worry me :( > > > > The more FreeBSD changes stock daemons used on many other UNIX systems the > > harder it will be to respond to know bugs. For denial of service attacks > > often the sandbox will not help, if the daemon dumps core or becomes > > unusable it doesn't matter what UID it was. > > > > The sandbox changes a fundamental design of UNIX, and makes FreeBSD > > "different" than other UNIX systems. The difference in the short term may > > be more security, but in the long term FreeBSD daemons could become > > hopelessly out of sync with standard daemon distributions over time. It's > > one thing to change a few permissions and directory names, it's completely > > different to start passing file descriptors (which is only mildly portable) > > via a coprocess. > > We track BIND from Vixie. If we're going to do this sort of changes, > we will at least attempt to get it integrated in the standard > distribution. There will not be any large-scale patches that make it > difficult to track the standard distribution. Yes there's a problem when things get too different from other unix implementations, but this is a valuable extension to traditional unix. Is it possible to bring the other unixes along? Would it be possible to present a standard interface spec designed to be implemented on other platforms also? Andrew McNaughton To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Dec 21 17:20:20 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id RAA25230 for freebsd-security-outgoing; Mon, 21 Dec 1998 17:20:20 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from adelphi.physics.adelaide.edu.au (adelphi.physics.adelaide.edu.au [129.127.36.247]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id RAA25211 for ; Mon, 21 Dec 1998 17:20:13 -0800 (PST) (envelope-from kkennawa@physics.adelaide.edu.au) Received: from bragg (bragg [129.127.36.34]) by adelphi.physics.adelaide.edu.au (8.8.8/8.8.8/UofA-1.5) with SMTP id LAA25810; Tue, 22 Dec 1998 11:50:08 +1030 (CST) Received: from localhost by bragg; (5.65/1.1.8.2/05Aug95-0227PM) id AA17282; Tue, 22 Dec 1998 11:50:07 +1030 Date: Tue, 22 Dec 1998 11:50:07 +1030 (CST) From: Kris Kennaway X-Sender: kkennawa@bragg To: Cliff Skolnick Cc: security@FreeBSD.ORG Subject: RE: cvs commit: src/etc rc.conf In-Reply-To: <000201be2d2c$0b94baa0$2020a8c0@icarus.internal.steam.com> Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 21 Dec 1998, Cliff Skolnick wrote: > This sandbox stuff is starting to worry me :( So: 1) Don't enable the sandbox stuff. This is configurable by flags, and hopefully will always be. 2) Don't use the FreeBSD modified utilities which you don't like. Rip out bind, install the stock distribution yourself, and deal with a familiar quantity. Kris ----- (ASP) Microsoft Corporation (MSFT) announced today that the release of its productivity suite, Office 2000, will be delayed until the first quarter of 1901. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Dec 21 19:36:39 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id TAA13543 for freebsd-security-outgoing; Mon, 21 Dec 1998 19:36:39 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from ppc1.cybertime.ch (ppc1.cybertime.ch [194.191.120.136]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id TAA13513 for ; Mon, 21 Dec 1998 19:36:26 -0800 (PST) (envelope-from pajarola@cybertime.ch) Received: from gw1zyx3.cybertime.ch by ppc1.cybertime.ch (AIX 4.1/UCB 5.64/4.03) id AA12498; Tue, 22 Dec 1998 04:36:16 +0100 Message-Id: <3.0.32.19981222043608.00892c40@www.dlc.cybertime.ch> X-Sender: pajarola@www.dlc.cybertime.ch X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Tue, 22 Dec 1998 04:36:25 +0100 To: security@FreeBSD.ORG From: Rico Pajarola Subject: Re: nmap crashes inetd/portmap on 2.2.6 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org What I meant was much more subtle. There are no traces anywhere, no log entries (after all, that's the purpose of a stealth scan). But inetd hangs, ie, I can connect to a port served by inetd (eg 110), but nothing happens after I connect, no banner or anything, and no error messages anywhere. This happens with all tcp services running under inetd. When I restart inetd, it processes inetd.conf only up to the first rpc service, so I believe portmap gets somehow screwed as well. Everything at and below that line in inetd.conf is ignored. Other systems affected are AIX 4.1.5, Solaris 2.6, and SCO UW 2.1 with similar symptoms. Cisco Routers (IOS 11.1) show extreme performance drops when scanned, but they recover as soon as scanning stops. Linux (tested on RedHat 5.1) and FreeBSD-current are immune. Rico Pajarola >If I strobe my FreeBSD 3.0-current system, it gets to the point where >it looks like a DoS attack: > >Dec 20 06:51:43 greenwood3 /kernel: icmp-response bandwidth limit 585/100 pps >Dec 20 06:51:44 greenwood3 identd[32580]: warning: can't get client address: >Socket is not connected >Dec 20 06:51:44 greenwood3 /kernel: icmp-response bandwidth limit 295/100 pps >Dec 20 06:51:45 greenwood3 identd[32584]: getbuf: bad address (000186c0 not in >f0100000-0xFFC00000) - ofile >Dec 20 06:51:45 greenwood3 identd[32584]: k_getuid retries: 1 >Dec 20 06:51:45 greenwood3 /kernel: icmp-response bandwidth limit 219/100 pps >Dec 20 06:51:46 greenwood3 /kernel: icmp-response bandwidth limit 322/100 pps >Dec 20 06:51:47 greenwood3 syslogd: /dev/console: Too many open files in >system: Too many open files in system >Dec 20 06:51:47 greenwood3 syslogd: /var/run/utmp: Too many open files in >system >Dec 20 06:51:47 greenwood3 syslogd: /var/run/utmp: Too many open files in >system >Dec 20 06:51:47 greenwood3 /kernel: file: table is full > >Then the rest of the log line are the file table being full, utmp problems, >and bouncing off Matt's icmp-response limits.. :) Of course all the >packets were going so fast because it was going through lo0, but it >could be just as well flooded from an external interface. > >Killed the compile of wine I was working on also.. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Dec 21 20:03:07 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id UAA17254 for freebsd-security-outgoing; Mon, 21 Dec 1998 20:03:07 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from roble.com (gw4.roble.com [199.108.85.10]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA17247 for ; Mon, 21 Dec 1998 20:03:05 -0800 (PST) (envelope-from sendmail@roble.com) Received: from roble3.roble.com (roble3.roble.com [207.5.40.53]) by roble.com (Roble1b) with SMTP id UAA04346 for ; Mon, 21 Dec 1998 20:03:05 -0800 (PST) Date: Mon, 21 Dec 1998 20:03:01 -0800 (PST) From: Roger Marquis X-Sender: Roger Marquis Reply-To: Roger Marquis To: security@FreeBSD.ORG Subject: CERT CA-98-13, patch needed In-Reply-To: <199812211511.HAA02961@hub.freebsd.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org The just released CERT advisory (CA-98-13) indicates certain FreeBSD systems are vulnerable to IP DOS attacks, namely: FreeBSD versions prior to 2.2.8 are vulnerable. FreeBSD 3.0 is also vulnerable. FreeBSD 3.0-current as of 1998/11/12 is not vulnerable. --- A patch is available at ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/CA-98-13/patch Unfortunately, the patch at this URL seems to have invalid formatting characters (=3D). Does anyone have a valid patch for this advisory? Roger Marquis Roble Systems Consulting http://www.roble.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Dec 21 20:43:13 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id UAA23358 for freebsd-security-outgoing; Mon, 21 Dec 1998 20:43:13 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from alecto.physics.uiuc.edu (alecto.physics.uiuc.edu [130.126.8.20]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA23350 for ; Mon, 21 Dec 1998 20:43:10 -0800 (PST) (envelope-from igor@alecto.physics.uiuc.edu) Received: (from igor@localhost) by alecto.physics.uiuc.edu (8.9.0/8.9.0) id WAA07477 for security@freebsd.org; Mon, 21 Dec 1998 22:43:06 -0600 (CST) From: Igor Roshchin Message-Id: <199812220443.WAA07477@alecto.physics.uiuc.edu> Subject: Re: CERT CA-98-13, patch needed In-Reply-To: from "Roger Marquis" at "Dec 21, 1998 8: 3: 1 pm" To: security@FreeBSD.ORG Date: Mon, 21 Dec 1998 22:43:06 -0600 (CST) X-Mailer: ELM [version 2.4ME+ PL43 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > The just released CERT advisory (CA-98-13) indicates certain FreeBSD > systems are vulnerable to IP DOS attacks, namely: > > FreeBSD versions prior to 2.2.8 are vulnerable. > FreeBSD 3.0 is also vulnerable. > FreeBSD 3.0-current as of 1998/11/12 is not vulnerable. > --- > A patch is available at > ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/CA-98-13/patch > What is the "cut-off" date for 2.2-STABLE when it was fixed ? (I know, it's possible to see it from the CVS logs, but it's much easier if such information is distributed, since the advisory is issued, and the exact date is given for the -current) Thanks, Igor To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Dec 22 02:30:22 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id CAA27173 for freebsd-security-outgoing; Tue, 22 Dec 1998 02:30:22 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from hosting.doublesquare.com (hosting.doublesquare.com [195.5.128.151]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id CAA27168 for ; Tue, 22 Dec 1998 02:30:19 -0800 (PST) (envelope-from ark@eltex.ru) From: ark@eltex.ru Received: from eltex.ru (eltex-spiiras.nw.ru [195.19.204.46] (may be forged)) by hosting.doublesquare.com (8.8.8/8.8.8) with ESMTP id NAA01370; Tue, 22 Dec 1998 13:28:33 +0300 (MSK) Received: from border.eltex.spb.ru (root@border.eltex.ru [195.19.198.2]) by eltex.ru (8.8.8/8.8.8) with SMTP id NAA24370; Tue, 22 Dec 1998 13:28:35 +0300 (MSK) Received: by border.eltex.spb.ru (ssmtp TIS-0.5alpha, 19 Oct 1998); Tue, 22 Dec 1998 13:28:19 +0300 Received: from undisclosed-intranet-sender id xma001396; Tue, 22 Dec 98 13:28:03 +0300 Date: Tue, 22 Dec 1998 13:27:56 +0300 Message-Id: <199812221027.NAA03688@paranoid.eltex.spb.ru> In-Reply-To: <367E9E44.ADBB400A@softweyr.com> from "Wes Peters " Organization: "Klingon Imperial Intelligence Service" Subject: Re: preventing single user login w/o password To: wes@softweyr.com Cc: des@flood.ping.uio.no, Gregory@paranoid.eltex.spb.ru, Sutter@paranoid.eltex.spb.ru, , security@FreeBSD.ORG Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- nuqneH, Yep. Cool thing. Why Java, anyways? It will be better without it. Wes Peters said : > Dag-Erling Smorgrav wrote: > > > > Gregory Sutter writes: > > > > > > Okay, it's 8:45 AM, and I'm still tired, but the first thing that came > > > into my mind was an actual ring that one wears upon a finger. Then I > > > wondered about using that as a physical security key. It would be > > > easy to put a small chip or 2 in a ring; the reader could be sitting > > > in a 5.25" slot until cases are specially built for the device, which > > > would be plugged into the motherboard and prevent all input or > > > somesuch mechanism until the chip is detected. > > > > Congratulations on your new invention! Though I'm afraid it's already > > patented by Sun Microsystems :) > > Actually it is patented by Dallas Semiconductor, who makes them. Only the > Java techonology is owned by Sun. See http://www.ibutton.com/ for more > info. > > And yes, these little things are *very* cool. Where am I, and what am I doing in this handbasket? _ _ _ _ _ _ _ {::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_ (##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_| [||] [||] [||] Do i believe in Bible? Hell,man,i've seen one! -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBNn90KqH/mIJW9LeBAQFf3wP/R3o4eSajPMbsU5pmaVFyuemmdSVXZdY6 vVLaX5MVshW3Ld0o20YNVOtQPx1k5krUVaB2+xJy+KWlZ12N7XmXH8FTb4U8WNZb Q1gXSt4nnRlZ0FsAqECRY97dUrgnzOqo5d5uCTWJiA7rYfaCozZ7UZtsi5ONhiES L64mk4pIeT8= =jypK -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Dec 22 04:01:51 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id EAA05528 for freebsd-security-outgoing; Tue, 22 Dec 1998 04:01:51 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id EAA05501 for ; Tue, 22 Dec 1998 04:01:49 -0800 (PST) (envelope-from des@flood.ping.uio.no) Received: (from des@localhost) by flood.ping.uio.no (8.9.1/8.9.1) id NAA42624; Tue, 22 Dec 1998 13:01:24 +0100 (CET) (envelope-from des) To: Kris Kennaway Cc: Cliff Skolnick , security@FreeBSD.ORG Subject: Re: cvs commit: src/etc rc.conf References: From: Dag-Erling Smorgrav Date: 22 Dec 1998 13:01:23 +0100 In-Reply-To: Kris Kennaway's message of "Tue, 22 Dec 1998 11:50:07 +1030 (CST)" Message-ID: Lines: 10 X-Mailer: Gnus v5.5/Emacs 19.34 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Kris Kennaway writes: > 2) Don't use the FreeBSD modified utilities which you don't like. Rip out > bind, install the stock distribution yourself, and deal with a familiar > quantity. Our bind *is* the stock distribution. It has not been modified. DES -- Dag-Erling Smorgrav - des@flood.ping.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Dec 22 04:21:57 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id EAA08832 for freebsd-security-outgoing; Tue, 22 Dec 1998 04:21:57 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from ns1.sminter.com.ar (ns1.sminter.com.ar [200.10.100.10]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id EAA08827 for ; Tue, 22 Dec 1998 04:21:54 -0800 (PST) (envelope-from fpscha@ns1.sminter.com.ar) Received: (from fpscha@localhost) by ns1.sminter.com.ar (8.8.5/8.8.4) id JAA04130; Tue, 22 Dec 1998 09:21:20 -0300 (GMT) From: Fernando Schapachnik Message-Id: <199812221221.JAA04130@ns1.sminter.com.ar> Subject: Re: CERT CA-98-13, patch needed In-Reply-To: from Roger Marquis at "Dec 21, 98 08:03:01 pm" To: marquis@roble.com Date: Tue, 22 Dec 1998 09:21:20 -0300 (GMT) Cc: security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL40 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Just remove the "3D"s from the patch and it will apply. Regards. En un mensaje anterior, Roger Marquis escribió: > The just released CERT advisory (CA-98-13) indicates certain FreeBSD > systems are vulnerable to IP DOS attacks, namely: > > FreeBSD versions prior to 2.2.8 are vulnerable. > FreeBSD 3.0 is also vulnerable. > FreeBSD 3.0-current as of 1998/11/12 is not vulnerable. > --- > A patch is available at > ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/CA-98-13/patch > > Unfortunately, the patch at this URL seems to have invalid formatting > characters (=3D). Does anyone have a valid patch for this advisory? > > Roger Marquis > Roble Systems Consulting > http://www.roble.com/ > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > Fernando P. Schapachnik Administracion de la red S&M International SA To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Dec 22 05:29:39 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id FAA16369 for freebsd-security-outgoing; Tue, 22 Dec 1998 05:29:39 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from bsd.mgr3.k12.mo.us (bsd.mgr3.k12.mo.us [204.184.227.140]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id FAA16364; Tue, 22 Dec 1998 05:29:37 -0800 (PST) (envelope-from rjn103s@mgr3.k12.mo.us) Received: from www.mgr3.k12.mo.us (www.mgr3.k12.mo.us [204.184.227.130]) by bsd.mgr3.k12.mo.us (8.8.8/8.8.8) with SMTP id HAA02871; Tue, 22 Dec 1998 07:29:09 -0600 (CST) (envelope-from rjn103s@mgr3.k12.mo.us) Received: from cave540 (unverified [204.184.227.140]) by mgr3.k12.mo.us (EMWAC SMTPRS 0.83) with SMTP id ; Tue, 22 Dec 1998 07:31:49 -0600 Message-Id: <3.0.6.32.19981222072526.00f3ad50@mgr3.k12.mo.us> X-Sender: rjn103s@mgr3.k12.mo.us X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.6 (32) Date: Tue, 22 Dec 1998 07:25:26 -0600 To: ipfilter@coombs.anu.edu.au From: Nelson Subject: Revised: Need Help With Rules Cc: questions@FreeBSD.ORG, security@FreeBSD.ORG Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Greetings, I am new to ipfilter and I have installed the ipfilter and all is well with ipnat but I am having a bit of trouble with some redirection for some boxes I would like to place behind the firewall. The boxes work great (behind the firewall) when you are trying to access them from the internet side of the firewall but not at all from the private side. ie. boxes from the intranet can not call to the address a.b.c.xx2 and get anything. So from the world side all is well but on site behind the firewall things are not. Internet firewall address a.b.c.xxx/255.255.255.0 --------+----- mail address aliased a.b.c.xx1/255.255.255.255 | www address aliased a.b.c.xx2/255.255.255.255 | [ed1] Outside Interface (oif) a.b.c.xxx,a.b.c.xx1,a.b.c.xx2 (Firewall FreeBSD-2.2.8) [xl0] Inside Interface (iif) 172.16.255.254 default gateway | | --------+----- Intranet 172.16.0.0/255.255.0.0 This is what I have for the redirection that works from Internet side of firewall. # mail address aliased a.b.c.xx1/255.255.255.255 from outside world rdr ed1 a.b.c.xx1/32 port smtp -> 172.16.0.3 port smtp rdr ed1 a.b.c.xx1/32 port pop3 -> 172.16.0.3 port pop3 # redirect http rdr ed1 a.b.c.xx2/32 port http -> 172.16.0.3 port http # redirect ftp rdr ed1 a.b.c.xx2/32 port ftp -> 172.16.0.3 port ftp I have tried things like rdr xl0 a.b.c.xx1/32 port (service) -> 172.16.0.3 port (service) rdr xl0 a.b.c.xx2/32 port (service) -> 172.16.0.3 port (service) with no luck:( I am not even sure if I need the stuff for xl0 but I am unsure at this point. I have put all these rules before the mappings and still no luck. Thoughts Welcome & Appreciated! Thanks! Richard Nelson Technology Director Research & Development Director System Administrator Mountain Grove R-III Schools 420 N. Main Mountain Grove, MO 65711 ++++++++++++++++++++++++++++++++++++++++ + FreeBSD, Linux, & Java = Excellence + + http://www.freebsd.org + + http://www.redhat.com + + http://java.sun.com/ + + Samba + (FreeBSD||Linux)= Free PDC! + + Using FreeBSD for Servers! + + Using Linux for Workstaions! + ++++++++++++++++++++++++++++++++++++++++ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Dec 22 05:50:36 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id FAA18141 for freebsd-security-outgoing; Tue, 22 Dec 1998 05:50:36 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from hosting.doublesquare.com (hosting.doublesquare.com [195.5.128.151]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id FAA18133 for ; Tue, 22 Dec 1998 05:50:32 -0800 (PST) (envelope-from ark@eltex.ru) From: ark@eltex.ru Received: from eltex.ru (eltex-spiiras.nw.ru [195.19.204.46] (may be forged)) by hosting.doublesquare.com (8.8.8/8.8.8) with ESMTP id QAA02343; Tue, 22 Dec 1998 16:49:52 +0300 (MSK) Received: from border.eltex.spb.ru (root@border.eltex.ru [195.19.198.2]) by eltex.ru (8.8.8/8.8.8) with SMTP id QAA24936; Tue, 22 Dec 1998 16:49:52 +0300 (MSK) Received: by border.eltex.spb.ru (ssmtp TIS-0.5alpha, 19 Oct 1998); Tue, 22 Dec 1998 16:49:40 +0300 Received: from undisclosed-intranet-sender id xma000518; Tue, 22 Dec 98 16:49:37 +0300 Date: Tue, 22 Dec 1998 16:49:28 +0300 Message-Id: <199812221349.QAA04304@paranoid.eltex.spb.ru> Organization: "Klingon Imperial Intelligence Service" Subject: Re: CERT CA-98-13, patch needed To: fpscha@ns1.sminter.com.ar Cc: marquis@roble.com, security@FreeBSD.ORG Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- nuqneH, BTW what about 2.1.7.1? Its ip_input.c has major differences.. _ _ _ _ _ _ _ {::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_ (##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_| [||] [||] [||] Do i believe in Bible? Hell,man,i've seen one! -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBNn+jZ6H/mIJW9LeBAQHhzAP9Eq18I8rS49qPG+gbvWdidVS3udYUtGq5 eyWkMAFX24yR12JSt/f96vgZsYd400h2E6zL0vJ8oUlkXSWovhBry1uoCAm+roz1 NsfinvHVdOg3+2bXX16ugb7wHtmT7LYojpc2/CHKF4rL+JYHmbxePv7z1BTOL2fw YuRQEMc8C/0= =3PFO -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Dec 22 07:31:09 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id HAA03570 for freebsd-security-outgoing; Tue, 22 Dec 1998 07:31:09 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from k6n1.znh.org (dialup9.gaffaneys.com [208.155.161.59]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA03559 for ; Tue, 22 Dec 1998 07:30:57 -0800 (PST) (envelope-from zach@gaffaneys.com) Received: (from zach@localhost) by k6n1.znh.org (8.9.1/8.9.1) id PAA31487; Tue, 22 Dec 1998 15:28:31 GMT (envelope-from zach) Message-ID: <19981222092831.A31250@znh.org> Date: Tue, 22 Dec 1998 09:28:31 -0600 From: Zach Heilig To: Harold Gutch , Garance A Drosihn , Marco Molteni Cc: freebsd-security@FreeBSD.ORG Subject: Re: A better explanation (was: buffer overflows and chroot) References: <62537.913989002@zippy.cdrom.com> <19981221174222.A1588@foobar.franken.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.2i In-Reply-To: <19981221174222.A1588@foobar.franken.de>; from Harold Gutch on Mon, Dec 21, 1998 at 05:42:22PM +0100 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, Dec 21, 1998 at 05:42:22PM +0100, Harold Gutch wrote: > > >From #2, Bob is running setuid binaries. Presumably he's running a > Binaries suid to some _unprivileged_ user. > That's the whole point Marco is trying to make here. > "bob" will eventually manage to become some other user. > So, in case "bob" manages to exploit some buffer overflow or > whatever other bugs your suid binary has, he will only be able to > become another _unprivileged_ user. > Unless he can do further harm from this uid, you are safe. > He will not be able to break out of the chroot-jail unless himself > is root (at least I have no idea how you'd break out being a > normal unprivileged user). There is no need to break out of the chroot environment after finding a working attack. Assuming that "bob" is attacking what is normally an suid-root binary, and assuming this "bob" has a regular account as well, any attack that works against the suid-non-root user binary, also works against the (otherwise identical) suid-root binary. A non-priviledged user does not buy anything, if there is any worry that this "bob" wants perform malicious acts as root. -- Zach Heilig (zach@gaffaneys.com) Our one strength was that our senior officers were more flexible than theirs... How's that? We can customize our colonels. [ Illiad in User Friendly, Dec. 1, 1998 ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Dec 22 08:06:00 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id IAA08038 for freebsd-security-outgoing; Tue, 22 Dec 1998 08:06:00 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from pluto.plutotech.com (mail.plutotech.com [206.168.67.137]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA08025 for ; Tue, 22 Dec 1998 08:05:56 -0800 (PST) (envelope-from kelly@plutotech.com) Received: from plutotech.com (tampopo.plutotech.com [206.168.67.161]) by pluto.plutotech.com (8.9.1/8.9.1) with ESMTP id JAA22224; Tue, 22 Dec 1998 09:03:41 -0700 (MST) (envelope-from kelly@plutotech.com) Message-ID: <367FC2DD.2B8FF234@plutotech.com> Date: Tue, 22 Dec 1998 09:03:41 -0700 From: Sean Kelly Organization: Pluto Technologies X-Mailer: Mozilla 4.04 [en] (X11; I; FreeBSD 3.0-CURRENT i386) MIME-Version: 1.0 To: ark@eltex.ru CC: wes@softweyr.com, des@flood.ping.uio.no, Gregory@paranoid.eltex.spb.ru, Sutter@paranoid.eltex.spb.ru, gsutter@pobox.com, security@FreeBSD.ORG Subject: Re: preventing single user login w/o password References: <199812221027.NAA03688@paranoid.eltex.spb.ru> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Yep. Cool thing. Why Java, anyways? It will be better without it. There are a lot more than iButton rings with Java in them: there's serial number iButtons, add-only memory iButtons, temperature sensor iButtons, addressable switch iButtons, and more. And they're available in other packages: transistor-style, surface mount, etc. I've got a network of the temperature sensor ones spread throughout my home, controlled by FreeBSD, of course! --Sean To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Dec 22 08:50:54 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id IAA15137 for freebsd-security-outgoing; Tue, 22 Dec 1998 08:50:54 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from horse.supranet.net (horse.supranet.net [205.164.160.8]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA15132 for ; Tue, 22 Dec 1998 08:50:52 -0800 (PST) (envelope-from john@arnie.jfive.com) Received: from snake.supranet.net (snake.supranet.net [205.164.160.19]) by horse.supranet.net (8.9.1/8.9.1) with SMTP id KAA01395 for ; Tue, 22 Dec 1998 10:50:44 -0600 (CST) Date: Tue, 22 Dec 1998 10:50:44 -0600 (CST) From: John Heyer X-Sender: john@snake.supranet.net To: security@FreeBSD.ORG Subject: Re: CERT CA-98-13, patch needed In-Reply-To: <199812221221.JAA04130@ns1.sminter.com.ar> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 22 Dec 1998, Fernando Schapachnik wrote: > Just remove the "3D"s from the patch and it will apply. > > Regards. > Here's mine if anybody's too lazy to do it themselves or doesn't know C. I'm running 2.2.5 and the patch was actually around line 465, but it should work regardless. The directory is /usr/src/sys/netinet --- ip_input.c 1998/10/27 09:19:03 1.104 +++ ip_input.c 1998/11/11 21:17:59 1.105 @@ -513,7 +513,7 @@ */ if (ip->ip_off & (IP_MF | IP_OFFMASK | IP_RF)) { if (m->m_flags & M_EXT) { /* XXX */ - if ((m = m_pullup(m, sizeof (struct ip))) == 0) { + if ((m = m_pullup(m, hlen)) == 0) { ipstat.ips_toosmall++; #ifdef IPDIVERT frag_divert_port = 0; -- "Mr. Spock, your mind is incedibly logical and analytical!" "Thank you." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Dec 22 08:52:14 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id IAA15367 for freebsd-security-outgoing; Tue, 22 Dec 1998 08:52:14 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from wind.freenet.am ([194.151.101.35]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA15257 for ; Tue, 22 Dec 1998 08:51:53 -0800 (PST) (envelope-from casper@acc.am) Received: from lemming.acc.am (acc.freenet.am [194.151.101.251]) by wind.freenet.am (8.9.1/8.9.1) with ESMTP id UAA27036 for ; Tue, 22 Dec 1998 20:51:03 +0400 (GMT) Received: from acc.am (nightmar.acc.am [192.168.100.108]) by lemming.acc.am (8.9.1a/8.9.1) with ESMTP id UAA20862 for ; Tue, 22 Dec 1998 20:54:56 +0400 (AMT) Message-ID: <367FCD34.FE3CF78F@acc.am> Date: Tue, 22 Dec 1998 20:47:48 +0400 From: Casper Organization: Armenian Computer Center X-Mailer: Mozilla 4.5 [en] (Win95; I) X-Accept-Language: ru,en MIME-Version: 1.0 To: "freebsd-security@FreeBSD.ORG" Subject: About chroot Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Are there any way to change back to the / , when logged in chroot-ed environment? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Dec 22 09:17:04 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA18742 for freebsd-security-outgoing; Tue, 22 Dec 1998 09:17:04 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from fledge.watson.org (FLEDGE.RES.CMU.EDU [128.2.93.229]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA18737 for ; Tue, 22 Dec 1998 09:17:02 -0800 (PST) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.8.8/8.8.8) with SMTP id MAA15591; Tue, 22 Dec 1998 12:16:14 -0500 (EST) Date: Tue, 22 Dec 1998 12:16:13 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: Dag-Erling Smorgrav cc: cjclark@home.com, Janos Mohacsi , security@FreeBSD.ORG Subject: Re: preventing single user login w/o password In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 21 Dec 1998, Dag-Erling Smorgrav wrote: > "Crist J. Clark" writes: > > Janos Mohacsi wrote, > > > How can I prevent booting FreeBSD into the single user mode without > > > supplying either root or maybe different password? > > Here's the simple answer, but you might not like it, > > > > Control physical access to the machine. > > > > "There is no security without physical security." > > Well, you can translate physical access to the computer into physical > access to a more manageable item, such as a Java ring, if you use some > kind of hardware device which strongly encrypts your disks and keep > the encryption key on the Java ring. The idea is that you can't boot > the computer without the ring, and you can't decrypt the contents of > the disk drive without it either (not within reasonable amounts of > time, anyway). I'm actually not sure this is a solution. If I have physical access to the machine, I can induce (via hardware or software) a mechanism to capture your key when or before you attach the key to the machine so that the decryption can occur. I think there is a fairly strong evidence that 'tamper-proof hardware' simply cannot exist, at least not economically, if not at all. If your key was required to perform the disk-decryption operations, presumably that is a step in the right direction, but if it just transfers the key, I come in and set something up to intercept the key when you arrive to boot the machine. It's sort of like the kerberos database master key--if anyone cares, they can get it trivially. If it is before kerberos has started, look for a stash file or trojan the terminal driver; if it is after, attach a debugger to the kerberos process, if it uses the key, it must have it in a recoverable form. So why bother? :) Robert N Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: 03 01 DD 8E 15 67 48 73 25 6D 10 FC EC 68 C1 1C Carnegie Mellon University http://www.cmu.edu/ TIS Labs at Network Associates, Inc. http://www.tis.com/ SafePort Network Services http://www.safeport.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Dec 22 09:21:33 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA19506 for freebsd-security-outgoing; Tue, 22 Dec 1998 09:21:33 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from fledge.watson.org (FLEDGE.RES.CMU.EDU [128.2.93.229]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA19479; Tue, 22 Dec 1998 09:21:29 -0800 (PST) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.8.8/8.8.8) with SMTP id MAA15663; Tue, 22 Dec 1998 12:21:14 -0500 (EST) Date: Tue, 22 Dec 1998 12:21:14 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: Eivind Eklund cc: Dag-Erling Smorgrav , Matt Dillon , security@FreeBSD.ORG Subject: Re: cvs commit: src/etc rc.conf In-Reply-To: <19981221163532.G14124@follo.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 21 Dec 1998, Eivind Eklund wrote: > On Mon, Dec 21, 1998 at 04:25:08PM +0100, Dag-Erling Smorgrav wrote: > > Eivind Eklund writes: > > > ... unless you do a series of small modifications. It is not as if > > > rescanning the interfaces is a _large_ task, or one that couldn't be > > > done by a forked out half of named > > > > Umm, the problem isn't scanning interfaces, the problem is binding to > > them, which needs to be done by the parent, so you can't delegate > > interface rescanning to a child process. Or rather, you can, but it > > won't matter since at some point the child will need to communicate > > its results to the parent which will then attempt to bind to port 53 > > on interfaces it's not yet bound to, for which it needs privs. > > You don't need to have the parent bind the interface. You use the > capability transfer support in BSD - you pass an fd over a local > socket, using SCM_RIGHTS. > > This is described in the Stevens book, which is presently occupying > the space between your monitor and lamp (on the right side of the > monitor). The implementation of this mechanism is in > sys/kern/uipc_socket.c, sys/kern/uipc_syscalls.c, and > sys/kern/uipc_usrreq.c. The BSD book describes a bug in the mark and sweep garbage collection algorithm than can result in file descriptor hijacking or kernel memory nasties. Does anyone know if this was ever fixed? (It is discussed in the 4.4BSD book in a footnote on the page that discusses SCM_RIGHTS) I glanced through the code for a while this summer while I was modifying the SCM_ ancillary data passing code to be hookable by an LKM. My goal was to allow other things to be transferred, and assuming they don't have the same tunneling property as file descriptors that require the mark-and-sweep, it works fine. I don't attempt to deal with the mark-and-sweep case in my generalized form. I submitted patches a while back, but I haven't had the time to fix the formatting to BDE so needless to say they aren't there yet. Essentially I provide a series of registration functions in the style of at_fork(), except at_unp_gc(), etc. I used the code to allow the passing of privileges from process to process on demand. Robert N Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: 03 01 DD 8E 15 67 48 73 25 6D 10 FC EC 68 C1 1C Carnegie Mellon University http://www.cmu.edu/ TIS Labs at Network Associates, Inc. http://www.tis.com/ SafePort Network Services http://www.safeport.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Dec 22 10:07:25 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA24981 for freebsd-security-outgoing; Tue, 22 Dec 1998 10:07:25 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA24972 for ; Tue, 22 Dec 1998 10:07:21 -0800 (PST) (envelope-from des@flood.ping.uio.no) Received: (from des@localhost) by flood.ping.uio.no (8.9.1/8.9.1) id TAA45326; Tue, 22 Dec 1998 19:07:11 +0100 (CET) (envelope-from des) To: Robert Watson Cc: Dag-Erling Smorgrav , cjclark@home.com, Janos Mohacsi , security@FreeBSD.ORG Subject: Re: preventing single user login w/o password References: From: Dag-Erling Smorgrav Date: 22 Dec 1998 19:07:10 +0100 In-Reply-To: Robert Watson's message of "Tue, 22 Dec 1998 12:16:13 -0500 (EST)" Message-ID: Lines: 52 X-Mailer: Gnus v5.5/Emacs 19.34 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Robert Watson writes: > On 21 Dec 1998, Dag-Erling Smorgrav wrote: > > "Crist J. Clark" writes: > > > "There is no security without physical security." > > Well, you can translate physical access to the computer into physical > > access to a more manageable item, such as a Java ring, if you use some > > kind of hardware device which strongly encrypts your disks and keep > > the encryption key on the Java ring. The idea is that you can't boot > > the computer without the ring, and you can't decrypt the contents of > > the disk drive without it either (not within reasonable amounts of > > time, anyway). > I'm actually not sure this is a solution. If I have physical access to > the machine, I can induce (via hardware or software) a mechanism to > capture your key when or before you attach the key to the machine so that > the decryption can occur. We're making different assumptions. You're making the assumption that you can get access to my machine, install your snooper and get out undetected. I'm making the assumption that you can get access to my machine and try to reboot it into single-user mode (perhaps using a boot disk) but that afterwards, I know you've been there and will take appropriate measures (examine the hardware for traces of tampering, etc.) > I think there is a fairly strong evidence that > 'tamper-proof hardware' simply cannot exist, at least not economically, if > not at all. If your key was required to perform the disk-decryption > operations, presumably that is a step in the right direction, but if it > just transfers the key, I come in and set something up to intercept the > key when you arrive to boot the machine. Yes, I was envisaging a system where the floppy contains a short program which downloads the key to the cryptographic hardware, and proceeds to boot the OS. Obviously, if you can snoop the key you're in. But it would be trivial (in the sense of "it's been done before") to implement a challenge-response protocol which makes playback attacks impossible. You then have two keys: one which is used to encrypt and decrypt harddisk data, and one which is used for downloading the other key to the controller (or for negotiating a session key, or whatever). The controller has one half of the negotiation key stored in NVRAM and uses it to generate challenges; the iButton has the other half, which it uses to generate responses. When the controller and the iButton are satisfied that they are talking to the intended protagonist, the iButton transfers the encryption key, encrypted with the negotiation key or a one-time session key to the controller. I don't think this is particularly revolutionary stuff; in fact I wouldn't be surprised if there were already systems on the market that behave as I described. DES -- Dag-Erling Smorgrav - des@flood.ping.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Dec 22 10:18:50 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA26804 for freebsd-security-outgoing; Tue, 22 Dec 1998 10:18:50 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA26791 for ; Tue, 22 Dec 1998 10:18:46 -0800 (PST) (envelope-from des@flood.ping.uio.no) Received: (from des@localhost) by flood.ping.uio.no (8.9.1/8.9.1) id TAA45375; Tue, 22 Dec 1998 19:16:06 +0100 (CET) (envelope-from des) To: Casper Cc: "freebsd-security@FreeBSD.ORG" Subject: Re: About chroot References: <367FCD34.FE3CF78F@acc.am> From: Dag-Erling Smorgrav Date: 22 Dec 1998 19:16:05 +0100 In-Reply-To: Casper's message of "Tue, 22 Dec 1998 20:47:48 +0400" Message-ID: Lines: 17 X-Mailer: Gnus v5.5/Emacs 19.34 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Casper writes: > Are there any way to change back to the / , when logged in chroot-ed > environment? Break root, create a device node for kmem, open it, edit your process structure. Or something like that. Won't work unless there are exploitable suid binaries available, but I'm sure there are other, subtler ways. (reminds me of how fun it is, on a Sun box, to use the monitor's Forth interpreter to edit your shell's process structures and set the uid/gid to 0 - assuming the sysadmin has forgotten to set a monitor password, which happens more often than you'd think) DES -- Dag-Erling Smorgrav - des@flood.ping.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Dec 22 10:49:33 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA00885 for freebsd-security-outgoing; Tue, 22 Dec 1998 10:49:33 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from gvr.gvr.org (gvr.gvr.org [194.151.74.97]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA00867; Tue, 22 Dec 1998 10:49:24 -0800 (PST) (envelope-from security-officer@freebsd.org) Received: (from guido@localhost) by gvr.gvr.org (8.8.8/8.8.5) id TAA09347; Tue, 22 Dec 1998 19:49:16 +0100 (MET) Date: Tue, 22 Dec 1998 19:49:16 +0100 (MET) Message-Id: <199812221849.TAA09347@gvr.gvr.org> From: FreeBSD Security Officer Subject: CERT Advisory CA-98.13 - TCP/IP Denial of Service (fwd) Reply-To: security-officer@FreeBSD.ORG To: undisclosed-recipients:; Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org The following advisory was issued by CERT yesterday. Because it affects FreeBSD systems as well, we are forwarding it to the appropriate FreeBSD mailing lists. We would like to thanks CERT for cooperation with the FreeBSD security officer on this subject. -----BEGIN PGP SIGNED MESSAGE----- CERT Advisory CA-98-13-tcp-denial-of-service Original Issue Date: December 21, 1998 Last Revised Topic: Vulnerability in Certain TCP/IP Implementations Affected Systems Some systems with BSD-derived TCP/IP stacks. See Appendix A for a complete list of affected systems. Overview Intruders can disrupt service or crash systems with vulnerable TCP/IP stacks. No special access is required, and intruders can use source-address spoofing to conceal their true location. I. Description By carefully constructing a sequence of packets with certain characteristics, an intruder can cause vulnerable systems to crash, hang, or behave in unpredictable ways. This vulnerability is similar in its effect to other denial-of-service vulnerabilities, including the ones described in http://www.cert.org/advisories/CA-97.28.Teardrop_Land.html Specifically, intruders can use this vulnerability in conjunction with IP-source-address spoofing to make it difficult or impossible to know their location. They can also use the vulnerability in conjunction with broadcast packets to affect a large number of vulnerable machines with a small number of packets. II. Impact Any remote user can crash or hang a vulnerable machine, or cause the system to behave in unpredictable ways. III. Solution A. Install a patch from your vendor. Appendix A contains input from vendors who have provided information for this advisory. We will update the appendix as we receive more information. If you do not see your vendor's name, the CERT/CC did not hear from that vendor. Please contact your vendor directly. B. Configure your router or firewall to help prevent source-address spoofing. We encourage sites to configure their routers or firewalls to reduce the ability of intruders to use source-address spoofing. Currently, the best method to reduce the number of IP-spoofed packets exiting your network is to install filtering on your routers that requires packets leaving your network to have a source address from your internal network. This type of filter prevents a source IP-spoofing attack from your site by filtering all outgoing packets that contain a source address of a different network. A detailed description of this type of filtering is available in RFC 2267, "Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing" by Paul Ferguson of Cisco Systems, Inc. and Daniel Senie of Blazenet, Inc. We recommend it to both Internet Service Providers and sites that manage their own routers. The document is currently available at http://info.internet.isi.edu:80/in-notes/rfc/files/rfc2267.txt Note that this type of filtering does not protect a site from the attack itself, but it does reduce the ability of intruders to conceal their location, thereby discouraging attacks. Appendix A - Vendor Information Berkeley Software Design, Inc. (BSDI) BSDI's current release BSD/OS 4.0 is not vulnerable to this problem. BSD/OS 3.1 is vulnerable and a patch (M310-049) is available from BSDI's WWW server at http://www.bsdi.com/support/patches or via our ftp server from the directory ftp://ftp.bsdi.com/bsdi/patches/patches-3.1. Cisco Systems Cisco is not vulnerable. Compaq Computer Corporation SOURCE: (c) Copyright 1994, 1995, 1996, 1997, 1998 Compaq Computer Corporation. All rights reserved. SOURCE: Compaq Computer Corporation Compaq Services Software Security Response Team USA This reported problem is not present for the as shipped, Compaq's Digital ULTRIX or Compaq's Digital UNIX Operating Systems Software. - Compaq Computer Corporation Data General Corporation We are investigating. We will provide an update when our investigation is complete. FreeBSD, Inc. FreeBSD 2.2.8 is not vulnerable. FreeBSD versions prior to 2.2.8 are vulnerable. FreeBSD 3.0 is also vulnerable. FreeBSD 3.0-current as of 1998/11/12 is not vulnerable. A patch is available at ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/CA-98-13/patch Fujitsu Regarding this vulnerability, Fujitsu's UXP/V operating system is not vulnerable. Hewlett-Packard Company HP is not vulnerable. IBM Corporation AIX is not vulnerable. IBM and AIX are registered trademarks of International Business Machines Corporation. Livingston Enterprises, Inc. Livingston systems are not vulnerable. Computer Associates International CA systems are not vulnerable. Microsoft Corporation Microsoft is not vulnerable. NEC Corporation NEC Corporation EWS-UX, UP-UX and UX/4800 Unix systems are not vulnerable to this problem. OpenBSD Security fixes for this problem are now available for 2.3 and 2.4. For 2.3, see www.openbsd.org/errata23.html#tcpfix For our 2.4 release which is available on CD on Dec 1, see www.openbsd.org/errata.html#tcpfix The bug is fixed in our -current source tree. Sun Microsystems, Inc. We have confirmed that SunOS and Solaris are not vulnerable to the DOS attack. Wind River Systems, Inc. We've taken a look at our networking code and have determined that this is not a problem in the currently shipping version of the VxWorks RTOS. _________________________________________________________________ Contributors The vulnerability was originally discovered by Joel Boutros of the Enterprise Security Services team of Cambridge Technology Partners. Guido van Rooij of FreeBSD, Inc., provided an analysis of the vulnerability and information regarding its scope and extent. ______________________________________________________________________ This document is available from: http://www.cert.org/advisories/CA-98-13-tcp-denial-of-service.html. ______________________________________________________________________ CERT/CC Contact Information Email: cert@cert.org Phone: +1 412-268-7090 (24-hour hotline) Fax: +1 412-268-6989 Postal address: CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh PA 15213-3890 U.S.A. CERT personnel answer the hotline 08:00-20:00 EST(GMT-5) / EDT(GMT-4) Monday through Friday; they are on call for emergencies during other hours, on U.S. holidays, and on weekends. Using encryption We strongly urge you to encrypt sensitive information sent by email. Our public PGP key is available from http://www.cert.org/CERT_PGP.key. If you prefer to use DES, please call the CERT hotline for more information. Getting security information CERT publications and other security information are available from our web site http://www.cert.org/. To be added to our mailing list for advisories and bulletins, send email to cert-advisory-request@cert.org and include SUBSCRIBE your-email-address in the subject of your message. Copyright 1998 Carnegie Mellon University. Conditions for use, disclaimers, and sponsorship information can be found in http://www.cert.org/legal_stuff.html. * CERT is registered in the U.S. Patent and Trademark Office ______________________________________________________________________ NO WARRANTY Any material furnished by Carnegie Mellon University and the Software Engineering Institute is furnished on an "as is" basis. Carnegie Mellon University makes no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use of the material. Carnegie Mellon University does not make any warranty of any kind with respect to freedom from patent, trademark, or copyright infringement. _________________________________________________________________ Revision History -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBNn64knVP+x0t4w7BAQHd/wQAv+1cQif/KNdFZ1ObARzlJJUd9T0Za5WM GjZwrlYR3CIm+eByVbGGizCYTXzuiTjQdenKxfDXAXXwqZRIvFbpjU3qWY6kCicf BhTbvzOOIT/ROhr9fWRwPqqPMKUyUYaJCbeWYWeV6PFJ6fYhWrBihiE+yml4n1Xp k2lHvwHl9lE= =9kEz -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Dec 22 10:50:59 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA01336 for freebsd-security-outgoing; Tue, 22 Dec 1998 10:50:59 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from gvr.gvr.org (gvr.gvr.org [194.151.74.97]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA01157 for ; Tue, 22 Dec 1998 10:50:53 -0800 (PST) (envelope-from guido@gvr.org) Received: (from guido@localhost) by gvr.gvr.org (8.8.8/8.8.5) id TAA09364; Tue, 22 Dec 1998 19:50:18 +0100 (MET) Message-ID: <19981222195018.A9354@gvr.org> Date: Tue, 22 Dec 1998 19:50:18 +0100 From: Guido van Rooij To: Roger Marquis , security@FreeBSD.ORG Subject: Re: CERT CA-98-13, patch needed References: <199812211511.HAA02961@hub.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.2i In-Reply-To: ; from Roger Marquis on Mon, Dec 21, 1998 at 08:03:01PM -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, Dec 21, 1998 at 08:03:01PM -0800, Roger Marquis wrote: > The just released CERT advisory (CA-98-13) indicates certain FreeBSD > systems are vulnerable to IP DOS attacks, namely: > > FreeBSD versions prior to 2.2.8 are vulnerable. > FreeBSD 3.0 is also vulnerable. > FreeBSD 3.0-current as of 1998/11/12 is not vulnerable. > --- > A patch is available at > ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/CA-98-13/patch > > Unfortunately, the patch at this URL seems to have invalid formatting > characters (=3D). Does anyone have a valid patch for this advisory? > You are right. I have corrected this in the meantime. -Guido To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Dec 22 10:53:14 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA01732 for freebsd-security-outgoing; Tue, 22 Dec 1998 10:53:14 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from gvr.gvr.org (gvr.gvr.org [194.151.74.97]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA01705 for ; Tue, 22 Dec 1998 10:53:08 -0800 (PST) (envelope-from guido@gvr.org) Received: (from guido@localhost) by gvr.gvr.org (8.8.8/8.8.5) id TAA09374; Tue, 22 Dec 1998 19:52:20 +0100 (MET) Message-ID: <19981222195220.B9354@gvr.org> Date: Tue, 22 Dec 1998 19:52:20 +0100 From: Guido van Rooij To: ark@eltex.ru, fpscha@ns1.sminter.com.ar Cc: marquis@roble.com, security@FreeBSD.ORG Subject: Re: CERT CA-98-13, patch needed References: <199812221349.QAA04304@paranoid.eltex.spb.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.2i In-Reply-To: <199812221349.QAA04304@paranoid.eltex.spb.ru>; from ark@eltex.ru on Tue, Dec 22, 1998 at 04:49:28PM +0300 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, Dec 22, 1998 at 04:49:28PM +0300, ark@eltex.ru wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > nuqneH, > > BTW what about 2.1.7.1? Its ip_input.c has major differences.. > _ _ _ _ _ _ _ This system is so old that you should consider upgrading anyway. Anyway, the patch should be applied there too (and it applies cleanly). -Guido To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Dec 22 10:58:55 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA02987 for freebsd-security-outgoing; Tue, 22 Dec 1998 10:58:55 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from escape.rtsnet.ru (escape.rtsnet.ru [194.247.132.4]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA02960 for ; Tue, 22 Dec 1998 10:58:49 -0800 (PST) (envelope-from igor@zynaps.ru) Received: from vulcan.rtsnet.ru (vulcan.rtsnet.ru [172.16.4.33]) by escape.rtsnet.ru (8.9.1a/8.9.1/Zynaps) with ESMTP id VAA21500 for ; Tue, 22 Dec 1998 21:58:43 +0300 (MSK) (envelope-from igor@zynaps.ru) Received: (from igor@localhost) by vulcan.rtsnet.ru (8.8.8/8.8.8/Zynaps) id VAA06660 for freebsd-security@freebsd.org; Tue, 22 Dec 1998 21:58:43 +0300 (MSK) (envelope-from igor) Message-ID: <19981222215843.A6647@rtsnet.ru> Date: Tue, 22 Dec 1998 21:58:43 +0300 From: Igor Vinokurov To: freebsd-security@FreeBSD.ORG Subject: Re: About chroot Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.2i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Dag-Erling Smorgrav write: > > Are there any way to change back to the / , when logged in chroot-ed > > environment? > > Break root, create a device node for kmem, open it, edit your process > structure. Or something like that. Won't work unless there are > exploitable suid binaries available, but I'm sure there are other, > subtler ways. BTW, which devices absolutely needed for chrooted environment? Now I create these: fd/, null, pty*, stdin, stderr, stdout, tty*, zero... -- Igor Vinokurov To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Dec 22 11:53:15 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA26724 for freebsd-security-outgoing; Tue, 22 Dec 1998 11:53:15 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from fep03-svc.tin.it (mta03-acc.tin.it [212.216.176.34]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA26599 for ; Tue, 22 Dec 1998 11:52:52 -0800 (PST) (envelope-from molter@tin.it) Received: from nympha.ecomotor.it ([212.216.1.223]) by fep03-svc.tin.it (InterMail v4.0 201-221-105) with SMTP id <19981222195243.GWIT18112.fep03-svc@nympha.ecomotor.it> for ; Tue, 22 Dec 1998 20:52:43 +0100 Received: (qmail 482 invoked by uid 1000); 22 Dec 1998 19:05:50 -0000 From: "Marco Molteni" Date: Tue, 22 Dec 1998 20:05:49 +0100 (CET) X-Sender: molter@nympha To: Zach Heilig cc: freebsd-security@FreeBSD.ORG Subject: Re: A better explanation (was: buffer overflows and chroot) In-Reply-To: <19981222092831.A31250@znh.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 22 Dec 1998, Zach Heilig wrote: > There is no need to break out of the chroot environment after finding a > working attack. > > Assuming that "bob" is attacking what is normally an suid-root binary, > and assuming this "bob" has a regular account as well, any attack that > works against the suid-non-root user binary, also works against the > (otherwise identical) suid-root binary. My gosh, Zach. I'm not completely fool. Bob *hasn't* a regular (== not chrooted) account. Otherwise, why would I build the chroot environment? Marco (feeling unable to make himself understood) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Dec 22 12:06:23 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA03003 for freebsd-security-outgoing; Tue, 22 Dec 1998 12:06:23 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from ns.csis.hku.hk (ns.csis.hku.hk [147.8.178.10]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA02940 for ; Tue, 22 Dec 1998 12:06:06 -0800 (PST) (envelope-from ctkwan@ns.cs.hku.hk) Received: from champion (champion.csis.hku.hk [147.8.177.11]) by ns.csis.hku.hk (8.9.1/8.9.1) with SMTP id EAA24588 for ; Wed, 23 Dec 1998 04:06:39 +0800 (HKT) Received: by champion (4.1/S2.0-sunos4) id AA23197; Wed, 23 Dec 98 04:06:33 HKT Date: Wed, 23 Dec 1998 04:06:33 +0800 (HKT) From: Doug Kwan ~{9XUq5B~} To: freebsd-security@FreeBSD.ORG Subject: unsubscribe Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org unsubscribe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Dec 22 14:02:27 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id OAA10881 for freebsd-security-outgoing; Tue, 22 Dec 1998 14:02:27 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from ns1.astcorp.com (madcow.astcorp.com [207.3.92.239]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA10828 for ; Tue, 22 Dec 1998 14:02:17 -0800 (PST) (envelope-from jbeley@ns1.astcorp.com) Received: (from jbeley@localhost) by ns1.astcorp.com (8.9.1a/8.9.1/Debian/GNU) id QAA04712 for freebsd-security@freebsd.org; Tue, 22 Dec 1998 16:01:48 -0600 Date: Tue, 22 Dec 1998 16:01:48 -0600 From: Jeff Beley Message-Id: <199812222201.QAA04712@ns1.astcorp.com> To: freebsd-security@FreeBSD.ORG Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org subscribe freebsd-security@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Dec 22 16:48:24 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id QAA26639 for freebsd-security-outgoing; Tue, 22 Dec 1998 16:48:24 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from xylan.com (postal.xylan.com [208.8.0.248]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA26629 for ; Tue, 22 Dec 1998 16:48:20 -0800 (PST) (envelope-from wes@softweyr.com) Received: from mailhub.xylan.com by xylan.com (8.8.7/SMI-SVR4 (xylan-mgw 2.2 [OUT])) id QAA08855; Tue, 22 Dec 1998 16:46:59 -0800 (PST) Received: from utah.XYLAN.COM by mailhub.xylan.com (SMI-8.6/SMI-SVR4 (mailhub 2.1 [HUB])) id QAA05887; Tue, 22 Dec 1998 16:46:59 -0800 Received: from softweyr.com by utah.XYLAN.COM (SMI-8.6/SMI-SVR4 (xylan utah [SPOOL])) id RAA07959; Tue, 22 Dec 1998 17:46:57 -0700 Message-ID: <36803D81.AF467985@softweyr.com> Date: Tue, 22 Dec 1998 17:46:57 -0700 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.5 [en] (X11; U; FreeBSD 2.2.7-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: ark@eltex.ru CC: des@flood.ping.uio.no, gsutter@pobox.com, security@FreeBSD.ORG Subject: Re: preventing single user login w/o password References: <199812221027.NAA03688@paranoid.eltex.spb.ru> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ark@eltex.ru wrote: > Yep. Cool thing. Why Java, anyways? It will be better without it. In what way would it be better without it? How many programs have you written that are running in jewelry? ;^) The JavaButton allows you to download your own custom code into the Java Button (or JavaRing), which means you can do arbitrarily complex signatures. Dallas Semi also sells an iButton minus the Java engine, running their own proprietary DallOS. God only knows what the programming is like. -- Where am I, and what am I doing in this handbasket? Wes Peters +1.801.915.2061 Softweyr LLC wes@softweyr.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Dec 22 21:03:36 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id VAA25211 for freebsd-security-outgoing; Tue, 22 Dec 1998 21:03:36 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from apollo.backplane.com (apollo.backplane.com [209.157.86.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id VAA25205 for ; Tue, 22 Dec 1998 21:03:35 -0800 (PST) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.9.1/8.9.1) id VAA11013; Tue, 22 Dec 1998 21:02:25 -0800 (PST) (envelope-from dillon) Date: Tue, 22 Dec 1998 21:02:25 -0800 (PST) From: Matthew Dillon Message-Id: <199812230502.VAA11013@apollo.backplane.com> To: Robert Watson Cc: Eivind Eklund , Dag-Erling Smorgrav , security@FreeBSD.ORG Subject: Re: cvs commit: src/etc rc.conf Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org :> capability transfer support in BSD - you pass an fd over a local :> socket, using SCM_RIGHTS. :... : :The BSD book describes a bug in the mark and sweep garbage collection :algorithm than can result in file descriptor hijacking or kernel memory :nasties. Does anyone know if this was ever fixed? (It is discussed in :the 4.4BSD book in a footnote on the page that discusses SCM_RIGHTS) I :glanced through the code for a while this summer while I was modifying the :SCM_ ancillary data passing code to be hookable by an LKM. My goal was to :... I have no idea.... what does the footnote say exactly? Does it give enough info to point us to a procedure or source file to look at ? -Matt : Robert N Watson Matthew Dillon Engineering, HiWay Technologies, Inc. & BEST Internet Communications & God knows what else. (Please include original email in any response) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Dec 22 21:08:53 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id VAA26098 for freebsd-security-outgoing; Tue, 22 Dec 1998 21:08:53 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from foobar.franken.de (foobar.franken.de [194.94.249.81]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id VAA26093 for ; Tue, 22 Dec 1998 21:08:50 -0800 (PST) (envelope-from logix@foobar.franken.de) Received: (from logix@localhost) by foobar.franken.de (8.8.8/8.8.5) id GAA05696; Wed, 23 Dec 1998 06:08:10 +0100 (CET) Message-ID: <19981223060810.A5560@foobar.franken.de> Date: Wed, 23 Dec 1998 06:08:10 +0100 From: Harold Gutch To: Zach Heilig , Garance A Drosihn , Marco Molteni Cc: freebsd-security@FreeBSD.ORG Subject: Re: A better explanation (was: buffer overflows and chroot) References: <62537.913989002@zippy.cdrom.com> <19981221174222.A1588@foobar.franken.de> <19981222092831.A31250@znh.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.2i In-Reply-To: <19981222092831.A31250@znh.org>; from Zach Heilig on Tue, Dec 22, 1998 at 09:28:31AM -0600 X-Organisation: BatmanSystemDistribution X-Mission: To free the world from the Penguin Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, Dec 22, 1998 at 09:28:31AM -0600, Zach Heilig wrote: > > Binaries suid to some _unprivileged_ user. > > Assuming that "bob" is attacking what is normally an suid-root binary, and > assuming this "bob" has a regular account as well, any attack that works > against the suid-non-root user binary, also works against the (otherwise > identical) suid-root binary. > True, so "bob" still can prove that there are buffer overflows or whatever in the binary that can be exploited. But is this a problem ? All that Marco wants is that "bob" won't be able to gain root-privileges, if "bob" is able to show Marco that the binary is exploitable and that he can is able to get the rights of the user it is suid to, this is fine, Marco doesn't have a problem with this. > A non-priviledged user does not buy anything, if there is any worry that this > "bob" wants perform malicious acts as root. > Of course it does, basically you're saying "a suid bit gives you root rights, no matter who owns the file". -- bye, logix Sleep is an abstinence syndrome wich occurs due to lack of caffein. Wed Mar 4 04:53:33 CET 1998 #unix, ircnet To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Dec 22 21:18:13 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id VAA27493 for freebsd-security-outgoing; Tue, 22 Dec 1998 21:18:13 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from foobar.franken.de (foobar.franken.de [194.94.249.81]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id VAA27485 for ; Tue, 22 Dec 1998 21:18:08 -0800 (PST) (envelope-from logix@foobar.franken.de) Received: (from logix@localhost) by foobar.franken.de (8.8.8/8.8.5) id GAA05724; Wed, 23 Dec 1998 06:16:34 +0100 (CET) Message-ID: <19981223061634.B5560@foobar.franken.de> Date: Wed, 23 Dec 1998 06:16:34 +0100 From: Harold Gutch To: Casper , "freebsd-security@FreeBSD.ORG" Subject: Re: About chroot References: <367FCD34.FE3CF78F@acc.am> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.2i In-Reply-To: <367FCD34.FE3CF78F@acc.am>; from Casper on Tue, Dec 22, 1998 at 08:47:48PM +0400 X-Organisation: BatmanSystemDistribution X-Mission: To free the world from the Penguin Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, Dec 22, 1998 at 08:47:48PM +0400, Casper wrote: > Are there any way to change back to the / , when logged in chroot-ed > environment? > Assuming you're root, yes you can. Search the archives for the exact steps, it's extremely easy once you've seen it. As Poul-Henning Kamp posted to this list shortly ago, he wrote a "safer chroot", which, according to him, isn't that easy to break out of. -- bye, logix Sleep is an abstinence syndrome wich occurs due to lack of caffein. Wed Mar 4 04:53:33 CET 1998 #unix, ircnet To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Dec 23 00:55:09 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id AAA15683 for freebsd-security-outgoing; Wed, 23 Dec 1998 00:55:09 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from alcanet.com.au (border.alcanet.com.au [203.62.196.10]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id AAA15667 for ; Wed, 23 Dec 1998 00:55:07 -0800 (PST) (envelope-from peter.jeremy@auss2.alcatel.com.au) Received: by border.alcanet.com.au id <40360>; Wed, 23 Dec 1998 19:54:10 +1100 Date: Wed, 23 Dec 1998 19:54:54 +1100 From: Peter Jeremy Subject: Re: cvs commit: src/etc rc.conf To: freebsd-security@FreeBSD.ORG Cc: dillon@apollo.backplane.com Message-Id: <98Dec23.195410est.40360@border.alcanet.com.au> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Matthew Dillon wrote: >:The BSD book describes a bug in the mark and sweep garbage collection >:algorithm than can result in file descriptor hijacking or kernel memory >:nasties. Does anyone know if this was ever fixed? (It is discussed in >:the 4.4BSD book in a footnote on the page that discusses SCM_RIGHTS) I >:glanced through the code for a while this summer while I was modifying the >:SCM_ ancillary data passing code to be hookable by an LKM. My goal was to >:... > > I have no idea.... what does the footnote say exactly? At the bottom of page 389: "If a listening socket is accessible, then any queued connections that it holds are also accessible; the garbage collector in 4.4BSD fails to take this into account." This footnote is referenced from a paragraph discussing unp_gc() - which can be found in kern/uipc_usrreq.c. From a quick look at the 2.2.6 CVS logs (the latest I can quickly study), it doesn't look like it's ever been eradicated. Peter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Dec 23 02:14:34 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id CAA24232 for freebsd-security-outgoing; Wed, 23 Dec 1998 02:14:34 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from wind.freenet.am ([194.151.101.35]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id CAA24210 for ; Wed, 23 Dec 1998 02:14:16 -0800 (PST) (envelope-from casper@acc.am) Received: from lemming.acc.am (acc.freenet.am [194.151.101.251]) by wind.freenet.am (8.9.1/8.9.1) with ESMTP id OAA09524 for ; Wed, 23 Dec 1998 14:13:36 +0400 (GMT) Received: from acc.am (nightmar.acc.am [192.168.100.108]) by lemming.acc.am (8.9.1a/8.9.1) with ESMTP id OAA26758 for ; Wed, 23 Dec 1998 14:17:48 +0400 (AMT) Message-ID: <3680C18A.65C94C49@acc.am> Date: Wed, 23 Dec 1998 14:10:18 +0400 From: Casper Organization: Armenian Computer Center X-Mailer: Mozilla 4.5 [en] (Win95; I) X-Accept-Language: ru,en MIME-Version: 1.0 CC: "freebsd-security@FreeBSD.ORG" Subject: Re: About chroot References: <367FCD34.FE3CF78F@acc.am> <19981223061634.B5560@foobar.franken.de> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org OK, thanx ... i'll look for this patch Harold Gutch wrote: > > On Tue, Dec 22, 1998 at 08:47:48PM +0400, Casper wrote: > > Are there any way to change back to the / , when logged in chroot-ed > > environment? > > > Assuming you're root, yes you can. Search the archives for the > exact steps, it's extremely easy once you've seen it. > As Poul-Henning Kamp posted to this list shortly ago, he wrote a > "safer chroot", which, according to him, isn't that easy to break > out of. > > -- > bye, logix > > Sleep is an abstinence syndrome wich occurs due to lack of caffein. > Wed Mar 4 04:53:33 CET 1998 #unix, ircnet > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Dec 23 02:27:28 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id CAA25469 for freebsd-security-outgoing; Wed, 23 Dec 1998 02:27:28 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from k6n1.znh.org (dialup9.gaffaneys.com [208.155.161.59]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id CAA25446 for ; Wed, 23 Dec 1998 02:27:11 -0800 (PST) (envelope-from zach@gaffaneys.com) Received: (from zach@localhost) by k6n1.znh.org (8.9.1/8.9.1) id KAA42012; Wed, 23 Dec 1998 10:23:51 GMT (envelope-from zach) Message-ID: <19981223042351.A41978@znh.org> Date: Wed, 23 Dec 1998 04:23:51 -0600 From: Zach Heilig To: Harold Gutch , Zach Heilig , Garance A Drosihn , Marco Molteni Cc: freebsd-security@FreeBSD.ORG Subject: Re: A better explanation (was: buffer overflows and chroot) References: <62537.913989002@zippy.cdrom.com> <19981221174222.A1588@foobar.franken.de> <19981222092831.A31250@znh.org> <19981223060810.A5560@foobar.franken.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.2i In-Reply-To: <19981223060810.A5560@foobar.franken.de>; from Harold Gutch on Wed, Dec 23, 1998 at 06:08:10AM +0100 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Dec 23, 1998 at 06:08:10AM +0100, Harold Gutch wrote: > > A non-priviledged user does not buy anything, if there is any worry that this > > "bob" wants perform malicious acts as root. > Of course it does, basically you're saying "a suid bit gives you > root rights, no matter who owns the file". Ok, pretend for a moment that in this jail, a vulnerability is found in $JAIL/usr/bin/crontab It is identical to the normal /usr/bin/crontab, but instead of being owned by root, it is owned by pseudo-root. No matter what happens, root will not be obtained from attacking $JAIL/usr/bin/crontab. But, if you apply the same attack that works against the jail version of 'crontab' to /usr/bin/crontab (same as the jail version, except for owner), root priviledges will be obtained. Even if "bob" only has one account that goes straight into this jail, as long as there are other user accounts on the machine, it wouldn't be very hard to get non-jail access. In my experience, it is very easy to obtain a username/password pair... just ask the user that "owns" them -- about half will answer the question without much, if any, 'resistance'. I've even had people volunteer this sort of information. -- Zach Heilig (zach@gaffaneys.com) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Dec 23 02:33:42 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id CAA26177 for freebsd-security-outgoing; Wed, 23 Dec 1998 02:33:42 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from hosting.doublesquare.com (hosting.doublesquare.com [195.5.128.151]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id CAA26166 for ; Wed, 23 Dec 1998 02:33:38 -0800 (PST) (envelope-from ark@eltex.ru) From: ark@eltex.ru Received: from eltex.ru (eltex-spiiras.nw.ru [195.19.204.46] (may be forged)) by hosting.doublesquare.com (8.8.8/8.8.8) with ESMTP id NAA01405; Wed, 23 Dec 1998 13:33:02 +0300 (MSK) Received: from border.eltex.spb.ru (root@border.eltex.ru [195.19.198.2]) by eltex.ru (8.8.8/8.8.8) with SMTP id NAA28066; Wed, 23 Dec 1998 13:33:02 +0300 (MSK) Received: by border.eltex.spb.ru (ssmtp TIS-0.5alpha, 19 Oct 1998); Wed, 23 Dec 1998 13:32:48 +0300 Received: from undisclosed-intranet-sender id xma001662; Wed, 23 Dec 98 13:32:38 +0300 Date: Wed, 23 Dec 1998 13:32:24 +0300 Message-Id: <199812231032.NAA08384@paranoid.eltex.spb.ru> In-Reply-To: <367FC2DD.2B8FF234@plutotech.com> from "Sean Kelly " Organization: "Klingon Imperial Intelligence Service" Subject: Re: preventing single user login w/o password To: kelly@plutotech.com Cc: ark@eltex.ru, wes@softweyr.com, des@flood.ping.uio.no, gsutter@pobox.com, security@FreeBSD.ORG Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- nuqneH, Does that mean there is at least _some_ FreeBSD software for iButtons? Where can i get programming info? P.S. serial number iiButtons, widely used here for authentication, are no good for this purpose (IMHO).. Too easy to read when owner does not expect that and too easy to build an emulator.. Sean Kelly said : > > Yep. Cool thing. Why Java, anyways? It will be better without it. > > There are a lot more than iButton rings with Java in them: there's > serial number iButtons, add-only memory iButtons, temperature sensor > iButtons, addressable switch iButtons, and more. And they're available > in other packages: transistor-style, surface mount, etc. > > I've got a network of the temperature sensor ones spread throughout my > home, controlled by FreeBSD, of course! > > --Sean > _ _ _ _ _ _ _ {::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_ (##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_| [||] [||] [||] Do i believe in Bible? Hell,man,i've seen one! -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBNoDGt6H/mIJW9LeBAQHZ5wP9EHA8dV9Oq7B2sjfMflaoJgjxFJycEg8l 8Rs3SlWaKs6ETert81HBc1bQRpDafUbkLEb8WvrbeHYCJJMjPegcSoFo6y3avw2T cSjp5bvbNxbC+hgdigIPDqL1hS4ROEgXCtE3DJpb8AUQW9nAnvHhNoxEY7/IRe77 v2aOX5sPlM8= =10M6 -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Dec 23 04:23:01 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id EAA08304 for freebsd-security-outgoing; Wed, 23 Dec 1998 04:23:01 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id EAA08299 for ; Wed, 23 Dec 1998 04:22:59 -0800 (PST) (envelope-from des@flood.ping.uio.no) Received: (from des@localhost) by flood.ping.uio.no (8.9.1/8.9.1) id NAA48213; Wed, 23 Dec 1998 13:22:52 +0100 (CET) (envelope-from des) To: security@FreeBSD.ORG Subject: Sendmail configuration From: Dag-Erling Smorgrav Date: 23 Dec 1998 13:22:51 +0100 Message-ID: Lines: 15 X-Mailer: Gnus v5.5/Emacs 19.34 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I have a box where Sendmail needs to run as a kind of proxy: all mail it receives destined to a specific domain should be forwarded to another host (which is not listed as MX for that domain), while all mail received *from* that host should be relayed to its recipient. Other than that, all relaying should be blocked. Do any of you have an idea of how to do this with Sendmail 8.8.8 (FreeBSD 2.2.7)? (BTW, I have a feeling that this is not entirely within the charter for this list, but I don't know where else I can find anybody with sufficient expertise in these matters, short of finding a sendmail- specific mailing list) DES -- Dag-Erling Smorgrav - des@flood.ping.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Dec 23 05:01:11 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id FAA12810 for freebsd-security-outgoing; Wed, 23 Dec 1998 05:01:11 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from aniwa.sky (p9-nas1.wlg.ihug.co.nz [216.100.145.9]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id FAA12793 for ; Wed, 23 Dec 1998 05:00:49 -0800 (PST) (envelope-from andrew@squiz.co.nz) Received: from localhost (andrew@localhost) by aniwa.sky (8.8.8/8.8.7) with ESMTP id BAA01286; Thu, 24 Dec 1998 01:59:05 +1300 (NZDT) (envelope-from andrew@squiz.co.nz) Date: Thu, 24 Dec 1998 01:59:03 +1300 (NZDT) From: Andrew McNaughton X-Sender: andrew@aniwa.sky Reply-To: andrew@squiz.co.nz To: Dag-Erling Smorgrav cc: security@FreeBSD.ORG Subject: Re: Sendmail configuration In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Probably a sendmail list is a good approach. There's not much that's OS specific about this question, so while no doubt you'll find help on the freebsd lists, you might get there quicker with a specific mailing list or newsgroup. Come to that, a search of archives at www.egroups.com or www.dejanews.com would get it pretty quickly. Or a FAQ. The freebsd-security list is not the one you want. Amongst the freebsd lists, try freebsd-questions or perhaps freebsd-isp. http://www.harker.com/sendmail/sendmail-ref.html is not a bad starting point for sendmail stuff. Their sendmail.cf configurator system will probably give you what you need without very much understanding of sendmail. It's basically a cgi based expert system which asks you questions and then spits out a sendmail.cf file. Seems to work OK. Andrew McNaughton On 23 Dec 1998, Dag-Erling Smorgrav wrote: > I have a box where Sendmail needs to run as a kind of proxy: all mail > it receives destined to a specific domain should be forwarded to > another host (which is not listed as MX for that domain), while all > mail received *from* that host should be relayed to its recipient. > Other than that, all relaying should be blocked. Do any of you have an > idea of how to do this with Sendmail 8.8.8 (FreeBSD 2.2.7)? > > (BTW, I have a feeling that this is not entirely within the charter > for this list, but I don't know where else I can find anybody with > sufficient expertise in these matters, short of finding a sendmail- > specific mailing list) > > DES > -- > Dag-Erling Smorgrav - des@flood.ping.uio.no > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Dec 23 05:05:44 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id FAA13232 for freebsd-security-outgoing; Wed, 23 Dec 1998 05:05:44 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from ns1.sminter.com.ar (ns1.sminter.com.ar [200.10.100.10]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id FAA13222 for ; Wed, 23 Dec 1998 05:05:41 -0800 (PST) (envelope-from fpscha@ns1.sminter.com.ar) Received: (from fpscha@localhost) by ns1.sminter.com.ar (8.8.5/8.8.4) id KAA27496; Wed, 23 Dec 1998 10:03:06 -0300 (GMT) From: Fernando Schapachnik Message-Id: <199812231303.KAA27496@ns1.sminter.com.ar> Subject: Re: Sendmail configuration In-Reply-To: from Dag-Erling Smorgrav at "Dec 23, 98 01:22:51 pm" To: des@flood.ping.uio.no (Dag-Erling Smorgrav) Date: Wed, 23 Dec 1998 10:03:06 -0300 (GMT) Cc: security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL40 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org You should be able to handle this with normal sendmail anti-spamming filters: If machine A is acting as proxy for machine B, then: allow B's IP to send mail to any domain by adding it's IP in the allowed IPs list. Add B's domain in the allowed domains for relaying. At B, add the domain in variable w (eg, Cw domain.com), but do not publish it in DNS. Hope it helps! Regards! En un mensaje anterior, Dag-Erling Smorgrav escribió: > I have a box where Sendmail needs to run as a kind of proxy: all mail > it receives destined to a specific domain should be forwarded to > another host (which is not listed as MX for that domain), while all > mail received *from* that host should be relayed to its recipient. > Other than that, all relaying should be blocked. Do any of you have an > idea of how to do this with Sendmail 8.8.8 (FreeBSD 2.2.7)? > > (BTW, I have a feeling that this is not entirely within the charter > for this list, but I don't know where else I can find anybody with > sufficient expertise in these matters, short of finding a sendmail- > specific mailing list) > > DES > -- > Dag-Erling Smorgrav - des@flood.ping.uio.no > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > Fernando P. Schapachnik Administracion de la red S&M International SA To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Dec 23 05:21:54 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id FAA15342 for freebsd-security-outgoing; Wed, 23 Dec 1998 05:21:54 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from lohi.clinet.fi (lohi.clinet.fi [194.100.0.7]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id FAA15324 for ; Wed, 23 Dec 1998 05:21:47 -0800 (PST) (envelope-from hsu@mail.clinet.fi) Received: from katiska.clinet.fi (katiska.clinet.fi [194.100.0.4]) by lohi.clinet.fi (8.9.1/8.9.0) with ESMTP id PAA16545; Wed, 23 Dec 1998 15:22:33 +0200 (EET) Received: (from hsu@localhost) by katiska.clinet.fi (8.9.0/8.9.0) id PAA03467; Wed, 23 Dec 1998 15:21:39 +0200 (EET) From: Heikki Suonsivu MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <13952.61026.89818.68189@katiska.clinet.fi> Date: Wed, 23 Dec 1998 15:21:38 +0200 (EET) To: Guido van Rooij Cc: freebsd-security@FreeBSD.ORG Subject: Re: CERT CA-98-13, patch needed In-Reply-To: <19981222195220.B9354@gvr.org> References: <199812221349.QAA04304@paranoid.eltex.spb.ru> <19981222195220.B9354@gvr.org> X-Mailer: VM 6.47 under Emacs 19.34.1 Organization: Clinet Ltd, Espoo, Finland Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Guido van Rooij writes: > On Tue, Dec 22, 1998 at 04:49:28PM +0300, ark@eltex.ru wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > > > nuqneH, > > > > BTW what about 2.1.7.1? Its ip_input.c has major differences.. > > _ _ _ _ _ _ _ > > This system is so old that you should consider upgrading anyway. > Anyway, the patch should be applied there too (and it applies cleanly). Newer versions break down on many older machines, everything gets bus erros and init dies. I have one 386 which fails in this way and I have seen someone else reporting the same problem on lists. Not a major problem for me, as my problem host is only a home router doing nothing else but routing a single 57.6k serial link (and it only runs sshd). I can use linux or netbsd on that if 2.1.7.1 rots too badly. Of course I would not like to lift a finger before I absolutely must do something about it, as it has been working perfectly for years apart the unhappy attempt to upgrade it to 2.2*. If I touch it it will break down completely, as the system consists of very old swedish-british 386 with lots of patch wire in a wide-open configuration laying on table with cables going all directions, separate power supply which also runs my Sun 3/60 disk, and collection of random ISA cards for serial and two ethernets :) > -Guido > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Heikki Suonsivu / Clinet Oy / Tekniikantie 12 / FI-02150 Espoo / FINLAND, hsu@clinet.fi mobile +358-40-5519679 work +358-9-43542270 fax -4555276 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Dec 23 05:28:36 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id FAA16213 for freebsd-security-outgoing; Wed, 23 Dec 1998 05:28:36 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from ns1.yes.no (ns1.yes.no [195.204.136.10]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id FAA16179 for ; Wed, 23 Dec 1998 05:28:30 -0800 (PST) (envelope-from eivind@bitbox.follo.net) Received: from bitbox.follo.net (bitbox.follo.net [195.204.143.218]) by ns1.yes.no (8.9.1a/8.9.1) with ESMTP id OAA09739; Wed, 23 Dec 1998 14:28:22 +0100 (CET) Received: (from eivind@localhost) by bitbox.follo.net (8.8.8/8.8.6) id OAA29859; Wed, 23 Dec 1998 14:27:46 +0100 (MET) Message-ID: <19981223142742.Q24362@follo.net> Date: Wed, 23 Dec 1998 14:27:42 +0100 From: Eivind Eklund To: Casper Cc: "freebsd-security@FreeBSD.ORG" Subject: Re: About chroot References: <367FCD34.FE3CF78F@acc.am> <19981223061634.B5560@foobar.franken.de> <3680C18A.65C94C49@acc.am> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.2i In-Reply-To: <3680C18A.65C94C49@acc.am>; from Casper on Wed, Dec 23, 1998 at 02:10:18PM +0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Dec 23, 1998 at 02:10:18PM +0400, Casper wrote: > OK, thanx ... i'll look for this patch (Safer chroot) That patch is not publically available yet. Eivind. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Dec 23 05:45:42 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id FAA18326 for freebsd-security-outgoing; Wed, 23 Dec 1998 05:45:42 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id FAA18320 for ; Wed, 23 Dec 1998 05:45:40 -0800 (PST) (envelope-from des@flood.ping.uio.no) Received: (from des@localhost) by flood.ping.uio.no (8.9.1/8.9.1) id OAA48504; Wed, 23 Dec 1998 14:45:24 +0100 (CET) (envelope-from des) To: Fernando Schapachnik Cc: security@FreeBSD.ORG Subject: Re: Sendmail configuration References: <199812231303.KAA27496@ns1.sminter.com.ar> From: Dag-Erling Smorgrav Date: 23 Dec 1998 14:45:23 +0100 In-Reply-To: Fernando Schapachnik's message of "Wed, 23 Dec 1998 10:03:06 -0300 (GMT)" Message-ID: Lines: 18 X-Mailer: Gnus v5.5/Emacs 19.34 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Fernando Schapachnik writes: > If machine A is acting as proxy for machine B, then: > allow B's IP to send mail to any domain by adding it's IP in the allowed > IPs list. > Add B's domain in the allowed domains for relaying. > > At B, add the domain in variable w (eg, Cw domain.com), but do not > publish it in DNS. I don't control B, and it's not running Sendmail. It's not even running Unix. In fact, I don't think there's anybody in that company who really understands the software it runs, and the only guy who maybe does is quitting. But hey, I'm just a lowly consultant, and not a particularly well-paid one at that. DES -- Dag-Erling Smorgrav - des@flood.ping.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Dec 23 05:53:57 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id FAA19502 for freebsd-security-outgoing; Wed, 23 Dec 1998 05:53:57 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from guepardo.vicosa.com.br (guepardo.tdnet.com.br [200.236.148.6]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id FAA19476; Wed, 23 Dec 1998 05:53:42 -0800 (PST) (envelope-from grios@netshell.vicosa.com.br) Received: from netshell.vicosa.com.br [200.236.148.193] by guepardo.vicosa.com.br with ESMTP (SMTPD32-4.03) id A792EC3012A; Wed, 23 Dec 1998 11:00:50 +03d00 Message-ID: <3680F56B.128CBDDF@netshell.vicosa.com.br> Date: Wed, 23 Dec 1998 11:51:39 -0200 From: Gustavo Vieira G C Rios X-Mailer: Mozilla 4.5 [en] (Win95; I) X-Accept-Language: en MIME-Version: 1.0 To: FreeBSD Questions , FreeBSD Security , FreeBSD Br Subject: keeping updated with FreeBSD (some help please) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Can anyone do any comments about this supfile? I am beginning with FreeBSD, so i just wanna update my 2.2.7 Release to 3.0.0! All i need do is to update my /usr/src, right? and "make world" right ? my supfile is: *default tag=RELENG_3_0_0_RELEASE *default hosts=cvsup.internat.FreeBSD.ORG *default prefix=/usr *defatul base=/usr/local/etc/cvsup *default release=cvs delete user-rel-suffix compress src-all doc-all cvs-crypto Thank you for your time and cooperation. Best regards, Gustavo Rios -- +-------------------------------------------------------------------+ " ... Overall we've found FreeBSD to excel in performace, stability, technical support, and of course price. Two years after discovering FreeBSD, we have yet to find a reason why we switch to anything else" -David Filo, Yahoo! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Dec 23 07:10:42 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id HAA27303 for freebsd-security-outgoing; Wed, 23 Dec 1998 07:10:42 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from gallions-reach.inpharmatica.co.uk (ns0.inpharmatica.com [193.115.214.5]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA27277 for ; Wed, 23 Dec 1998 07:10:37 -0800 (PST) (envelope-from m.seaman@inpharmatica.co.uk) Received: from kings-cross.inpharmatica.co.uk (euston.inpharmatica.co.uk [193.115.214.6]) by gallions-reach.inpharmatica.co.uk (8.8.8/8.8.8) with ESMTP id PAA20132; Wed, 23 Dec 1998 15:10:25 GMT (envelope-from m.seaman@inpharmatica.co.uk) Received: from paddington.inpharmatica.co.uk (root@paddington.inpharmatica.co.uk [192.168.122.1]) by kings-cross.inpharmatica.co.uk (8.8.7/8.8.7) with ESMTP id PAA31129; Wed, 23 Dec 1998 15:10:25 GMT Received: from inpharmatica.co.uk (matthew@localhost [127.0.0.1]) by paddington.inpharmatica.co.uk (8.8.7/8.8.7) with ESMTP id PAA30286; Wed, 23 Dec 1998 15:10:24 GMT Message-ID: <368107DF.97958F79@inpharmatica.co.uk> Date: Wed, 23 Dec 1998 15:10:23 +0000 From: Matthew Seaman X-Mailer: Mozilla 4.5 [en] (X11; I; Linux 2.1.130 i586) X-Accept-Language: en MIME-Version: 1.0 To: Dag-Erling Smorgrav CC: security@FreeBSD.ORG Subject: Re: Sendmail configuration References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Dag-Erling Smorgrav wrote: > > I have a box where Sendmail needs to run as a kind of proxy: all mail > it receives destined to a specific domain should be forwarded to > another host (which is not listed as MX for that domain), while all > mail received *from* that host should be relayed to its recipient. > Other than that, all relaying should be blocked. Do any of you have an > idea of how to do this with Sendmail 8.8.8 (FreeBSD 2.2.7)? BTDT. Assuming this sendmail is also handling mail for other domains, or that you want it to do spam filtering (otherwise you'ld be using the SMTP proxy from FWTK eh?) Then you need to do these things: i) Enable MAILERTABLE: eg. add this to the .mc file FEATURE(mailertable, `hash -o /etc/mail/mailertable')dnl ii) Add entries to the mailertable to relay all of the e-mail for the domain in question (and any sub-domains thereof): domain.com relay:[mailhost.domain.com] .domain.com relay:[mailhost.domain.com] Generate the hashed table with makemap: makemap hash mailertable < mailertable Nb. the [square brackets] suppress sendmail's normal MX lookup behaviour --- you will need some sort of hostname to address translation for mailhost.domain.com, but that can probably be provided out of /etc/hosts via the /etc/service.switch mechanism if you can't use DNS. iii) Set up a standard anti-relay configuration. Personally I use Claus Assmann's check_* rulesets (http://www.informatik.uni-kiel.de/~ca/email/check.html) --- the beta version (http://www.informatik.uni-kiel.de/~ca/email/rules/beta/check.tar) is quite usable and has a cleaner configuration than the release version IMHO. Unpack the tarball in /usr/src/usr.sbin/sendmail/cf --- most files will end up in the `hack' directory --- and edit the .mc file appropriately. Here's what I use: this also enables RBL and is set up to send any local e-mail from the relay onto the mailhost: divert(0)dnl VERSIONID(`@(#)mailrelay.mc $Revision$') OSTYPE(bsd4.4)dnl DOMAIN(generic)dnl define(`MAIL_HUB', `relay:mailhost.domain.com')dnl define(`confPRIVACY_FLAGS', `goaway,restrictmailq,restrictqrun')dnl define(`confDEF_USER_ID', `6:6')dnl define(`confCW_FILE', `-o /etc/sendmail.cw')dnl MAILER(local)dnl MAILER(smtp)dnl FEATURE(always_add_domain)dnl FEATURE(mailertable, `hash -o /etc/mail/mailertable')dnl define(`_MAPS_RBL_')dnl define(`_CHECK_FROM_')dnl define(`_CHECK_FULL_FROM_')dnl define(`_DNSVALID_')dnl define(`_IP_LOOKUP_')dnl define(`_USE_RELAY_MAILERTABLE_', `/etc/mail/mailertable')dnl define(`_CHECK_MAP_TYPE_', `hash')dnl define(`_MARK_')dnl HACK(use_names)dnl HACK(use_ip)dnl HACK(use_relayto)dnl HACK(check_mail3)dnl HACK(check_relay3)dnl HACK(check_rcpt4)dnl iv) Set up the various anti-relay and anti-spam tables: Lists of IP no.s/domains to be considered local and thus allowed to relay through the mailer: /etc/mail/LocalIP /etc/mail/LocalNames List of domains to which anyone can relay via this mailer: /etc/RelayTo Hashed lookup table of banned domains or IP number ranges. possibly with personalized rejection message... /etc/mail/junk.db eg. CYBERPROMO.COM:dom "501 Access from this domain is denied because of spamming" 205.199.2:net "550 Access for your IP block is denied because of spamming" And that's basically it... Matthew -- Certe, Toto, sentio nos in Kansate non iam adesse. Matthew Seaman Inpharmatica Ltd, 60 Charlotte St, London, W1P 2AX Tel: +44 171 631 4644 x229 Fax: +44 171 631 4844 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Dec 23 07:41:13 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id HAA00474 for freebsd-security-outgoing; Wed, 23 Dec 1998 07:41:13 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA00469; Wed, 23 Dec 1998 07:41:11 -0800 (PST) (envelope-from des@flood.ping.uio.no) Received: (from des@localhost) by flood.ping.uio.no (8.9.1/8.9.1) id QAA48784; Wed, 23 Dec 1998 16:40:49 +0100 (CET) (envelope-from des) To: Gustavo Vieira G C Rios Cc: FreeBSD Questions Subject: Re: keeping updated with FreeBSD (some help please) References: <3680F56B.128CBDDF@netshell.vicosa.com.br> From: Dag-Erling Smorgrav Date: 23 Dec 1998 16:40:49 +0100 In-Reply-To: Gustavo Vieira G C Rios's message of "Wed, 23 Dec 1998 11:51:39 -0200" Message-ID: Lines: 49 X-Mailer: Gnus v5.5/Emacs 19.34 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org [moved to -questions] Gustavo Vieira G C Rios writes: > Can anyone do any comments about this supfile? > I am beginning with FreeBSD, so i just wanna update my 2.2.7 Release to > 3.0.0! All i need do is to update my /usr/src, right? and "make world" > right ? No, you need to convert from aout to Elf, so it's a little more complicated. In fact, it's complicated enough that I'd recommend doing a fresh install of 3.0 if that is at all possible for you. > my supfile is: > *default tag=RELENG_3_0_0_RELEASE > *default hosts=cvsup.internat.FreeBSD.ORG > *default prefix=/usr > *defatul base=/usr/local/etc/cvsup > *default release=cvs delete user-rel-suffix compress > src-all > doc-all > cvs-crypto I'd use: *default host=cvsup.internat.FreeBSD.org *default base=/usr prefix=/usr *default release=cvs tag=RELENG_3_0_0_RELEASE *default delete use-rel-suffix compress src-all doc-all tag=. src-crypto src-eBones src-secure You probably want the ports as well; if so, add: ports-all tag=. Take a look in /usr/share/examples/cvsup for other examples. In any case, there's no reason not to go all the way and cvsup the most recent -current (it's pretty stable these days); if you want to do that, just change 'tag=RELENG_3_0_0_RELEASE' to 'tag=.' (in that case you can remove the 'tag=.' on the doc-all and ports-all lines) DES -- Dag-Erling Smorgrav - des@flood.ping.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Dec 23 07:56:46 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id HAA02370 for freebsd-security-outgoing; Wed, 23 Dec 1998 07:56:46 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from fledge.watson.org (FLEDGE.RES.CMU.EDU [128.2.93.229]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA02365 for ; Wed, 23 Dec 1998 07:56:43 -0800 (PST) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.8.8/8.8.8) with SMTP id KAA19978; Wed, 23 Dec 1998 10:56:20 -0500 (EST) Date: Wed, 23 Dec 1998 10:56:20 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: Matthew Dillon cc: Eivind Eklund , Dag-Erling Smorgrav , security@FreeBSD.ORG Subject: Re: cvs commit: src/etc rc.conf In-Reply-To: <199812230502.VAA11013@apollo.backplane.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 22 Dec 1998, Matthew Dillon wrote: > > :> capability transfer support in BSD - you pass an fd over a local > :> socket, using SCM_RIGHTS. > :... > : > :The BSD book describes a bug in the mark and sweep garbage collection > :algorithm than can result in file descriptor hijacking or kernel memory > :nasties. Does anyone know if this was ever fixed? (It is discussed in > :the 4.4BSD book in a footnote on the page that discusses SCM_RIGHTS) I > :glanced through the code for a while this summer while I was modifying the > :SCM_ ancillary data passing code to be hookable by an LKM. My goal was to > :... > > I have no idea.... what does the footnote say exactly? Does it give > enough info to point us to a procedure or source file to look at ? Unfortunately, I have no idea. I'm in Washington, DC, and my copy of the 4.4 book is in Pittsburgh--I just recalled it being there in the 4.4 edition and trying to figure out the consequences. From memory, I believe that the issue was that they didn't sweep through descriptors in messages to unix domain sockets in the listen state that might have been queued prior to an accept. As such, the entry in the file table would be garbage collected, but when the file descriptor arrived it would continue to point to that open file entry--which might be a problem in either the case that it now pointed to a different file (hijacking) or to a not-open file. As I didn't have a chance to walk through it in any detail, I'm not sure whether you'd just get a kernel panic, or whether non-denial-of-sevice attacks might be possible. I also was unsure whether it was corrected in lite2. When I get back home this evening, I'll poke through the apropriate kernel source code and see if my recollection is correct--I won't have access to the BSD book again for about two weeks so someone else will have to find the footnote if they are interested. :-) I don't believe the footnote mentions hijacking, but that seems to logically be one of the possible outcomes of the problem. Robert N Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: 03 01 DD 8E 15 67 48 73 25 6D 10 FC EC 68 C1 1C Carnegie Mellon University http://www.cmu.edu/ TIS Labs at Network Associates, Inc. http://www.tis.com/ SafePort Network Services http://www.safeport.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Dec 23 08:37:30 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id IAA07386 for freebsd-security-outgoing; Wed, 23 Dec 1998 08:37:30 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from pluto.plutotech.com (mail.plutotech.com [206.168.67.137]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA07381 for ; Wed, 23 Dec 1998 08:37:27 -0800 (PST) (envelope-from kelly@plutotech.com) Received: from plutotech.com (tampopo.plutotech.com [206.168.67.161]) by pluto.plutotech.com (8.9.1/8.9.1) with ESMTP id JAA22311; Wed, 23 Dec 1998 09:36:39 -0700 (MST) (envelope-from kelly@plutotech.com) Message-ID: <36811C1A.39920A16@plutotech.com> Date: Wed, 23 Dec 1998 09:36:42 -0700 From: Sean Kelly X-Mailer: Mozilla 4.04 [en] (WinNT; I) MIME-Version: 1.0 To: ark@eltex.ru CC: wes@softweyr.com, des@flood.ping.uio.no, gsutter@pobox.com, security@FreeBSD.ORG Subject: Re: preventing single user login w/o password References: <199812231032.NAA08384@paranoid.eltex.spb.ru> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Does that mean there is at least _some_ FreeBSD software for iButtons? Yes. In addition to what I have in development, see http://www.freebsd.org/~fsmp/HomeAuto/Therm.html You can preview my work at: http://www.geocities.com/ResearchTriangle/5930/api/Packages.html --Sean To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Dec 23 10:22:34 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA19714 for freebsd-security-outgoing; Wed, 23 Dec 1998 10:22:34 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from mercury.jorsm.com (mercury.jorsm.com [207.112.128.9]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA19695; Wed, 23 Dec 1998 10:22:30 -0800 (PST) (envelope-from jer@jorsm.com) Received: from localhost (jer@localhost) by mercury.jorsm.com (8.8.7/8.8.7) with SMTP id MAA07566; Wed, 23 Dec 1998 12:22:22 -0600 (CST) Date: Wed, 23 Dec 1998 12:22:21 -0600 (CST) From: Jeremy Shaffner To: Alejandro Galindo Chairez AGALINDO cc: freebsd-security@FreeBSD.ORG, questions@FreeBSD.ORG Subject: Re: udp security In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org It's toast. Unplug the thing immediately. Backup user and system files (and audit them!). Reinstall (2.2.8) on another drive, or a new box. Recover first, investigate second. On Sun, 20 Dec 1998, Alejandro Galindo Chairez AGALINDO wrote: > My name is Alejandro and i have some servers in Mexico with FreeBSD 2.2.5, > 2.2.6 and 2.2.7 releases (from Walnut Creck CDROM) > > One mounth ago my servers was been attacked from some hackers, i was > monitoring their activities and i only know that they are using the user > datagram protocolo, i installed a firewall but this cant stop their > activities, iam worried becouse last week they delete the log files from > /var/log and last day they access one of my server with a username and a > password (they created the username and password, they access the server > for 3 minutes and then they delete the user) IAM WORRIED becouse i dont > know how they did that, the server violated had the 2.2.5 version and i > upgrade it to 2.2.7 release, but this morning the hackers insist in access > my servers. > > i need help, i need to know how to protect my servers, but the most > important in my mind is to know how they are accessing the servers, i > buyed the Firewalls book from Oreally & associates and i was using the > firewall with ipfw, but this dont stop the hackers. > > thanks for your help > > Alejandro Galindo > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > -===================================================================- Jeremy Shaffner JORSM Internet Senior Technical Support Northwest Indiana's Premium jer@jorsm.com Internet Service Provider support@jorsm.com http://www.jorsm.com -===================================================================- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Dec 23 12:08:55 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA01251 for freebsd-security-outgoing; Wed, 23 Dec 1998 12:08:55 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from apollo.backplane.com (apollo.backplane.com [209.157.86.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA01246 for ; Wed, 23 Dec 1998 12:08:53 -0800 (PST) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.9.1/8.9.1) id MAA16823; Wed, 23 Dec 1998 12:08:43 -0800 (PST) (envelope-from dillon) Date: Wed, 23 Dec 1998 12:08:43 -0800 (PST) From: Matthew Dillon Message-Id: <199812232008.MAA16823@apollo.backplane.com> To: Peter Jeremy Cc: freebsd-security@FreeBSD.ORG Subject: Re: cvs commit: src/etc rc.conf References: <98Dec23.195410est.40360@border.alcanet.com.au> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org :>:The BSD book describes a bug in the mark and sweep garbage collection :>:algorithm than can result in file descriptor hijacking or kernel memory :>:nasties. Does anyone know if this was ever fixed? (It is discussed in :>:the 4.4BSD book in a footnote on the page that discusses SCM_RIGHTS) I :>:glanced through the code for a while this summer while I was modifying the :>:SCM_ ancillary data passing code to be hookable by an LKM. My goal was to :>:... :> :> I have no idea.... what does the footnote say exactly? : :At the bottom of page 389: : "If a listening socket is accessible, then any queued connections : that it holds are also accessible; the garbage collector in 4.4BSD : fails to take this into account." : :This footnote is referenced from a paragraph discussing unp_gc() - :which can be found in kern/uipc_usrreq.c. From a quick look at the :2.2.6 CVS logs (the latest I can quickly study), it doesn't look like :it's ever been eradicated. : :Peter Shit. There's a bug. It took me a while to find it, but there's a bug. A very bad bug. A Very, very, very, very bad bug. I'm going to fix this in the FreeBSD tree first, then post the diff without additional comment. -Matt Matthew Dillon Engineering, HiWay Technologies, Inc. & BEST Internet Communications & God knows what else. (Please include original email in any response) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Dec 23 12:27:21 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA03932 for freebsd-security-outgoing; Wed, 23 Dec 1998 12:27:21 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from horton.iaces.com (horton.iaces.com [204.147.87.98]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA03927; Wed, 23 Dec 1998 12:27:19 -0800 (PST) (envelope-from proot@horton.iaces.com) Received: (from proot@localhost) by horton.iaces.com (8.8.8/8.8.8) id OAA05260; Wed, 23 Dec 1998 14:26:54 -0600 (CST) (envelope-from proot) From: "Paul T. Root" Message-Id: <199812232026.OAA05260@horton.iaces.com> Subject: Re: keeping updated with FreeBSD (some help please) In-Reply-To: <3680F56B.128CBDDF@netshell.vicosa.com.br> from Gustavo Vieira G C Rios at "Dec 23, 98 11:51:39 am" To: grios@netshell.vicosa.com.br (Gustavo Vieira G C Rios) Date: Wed, 23 Dec 1998 14:26:54 -0600 (CST) Cc: freebsd-questions@FreeBSD.ORG, security@FreeBSD.ORG, freebsd@br.freebsd.org X-Organization: USWEST !nterprise Networking - ACES X-Phone: (612) 664-3385 X-Fax: (612) 664-4779 X-Page: (800) SKY-PAGE PIN: 537-7270 X-Address: 600 Stinson Blvd, Fl 1S X-Address: Minneapolis, MN 55413 X-Mailer: ELM [version 2.4ME+ PL38 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In a previous message, Gustavo Vieira G C Rios said: > Can anyone do any comments about this supfile? > I am beginning with FreeBSD, so i just wanna update my 2.2.7 Release to > 3.0.0! All i need do is to update my /usr/src, right? and "make world" > right ? That's true. But if your a beginner to FreeBSD, then the core developers are not recommending 3.0. It's meant for developers. You'd be better off going to 2.2.8-Stable. This is what I use. *default host=cvsup2.FreeBSD.org *default base=/usr *default prefix=/usr *default release=cvs *default tag=RELENG_2_2 *default delete use-rel-suffix src-all *default tag=. ports-all doc-all > my supfile is: > *default tag=RELENG_3_0_0_RELEASE > *default hosts=cvsup.internat.FreeBSD.ORG > *default prefix=/usr > *defatul base=/usr/local/etc/cvsup > *default release=cvs delete user-rel-suffix compress > src-all > doc-all > cvs-crypto > > Thank you for your time and cooperation. > Best regards, > Gustavo Rios > > -- > +-------------------------------------------------------------------+ > " ... Overall we've found FreeBSD to excel in performace, stability, > technical support, and of course price. Two years after discovering > FreeBSD, we have yet to find a reason why we switch to anything else" > -David Filo, Yahoo! > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > -- Your wondering how he eats and breathes and other science facts. Well, repeat to yourself, "It's just a show", then sit back and try to just relax. - Theme song MST 3000 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Dec 23 13:12:24 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id NAA08677 for freebsd-security-outgoing; Wed, 23 Dec 1998 13:12:24 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from apollo.backplane.com (apollo.backplane.com [209.157.86.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA08671 for ; Wed, 23 Dec 1998 13:12:20 -0800 (PST) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.9.1/8.9.1) id NAA17044; Wed, 23 Dec 1998 13:12:14 -0800 (PST) (envelope-from dillon) Date: Wed, 23 Dec 1998 13:12:14 -0800 (PST) From: Matthew Dillon Message-Id: <199812232112.NAA17044@apollo.backplane.com> To: Matthew Dillon Cc: Peter Jeremy , freebsd-security@FreeBSD.ORG Subject: Re: cvs commit: src/etc rc.conf Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Ok, I've looked at it some more. It isn't as bad as I thought but it is still pretty bad. Here's the problem: process A: make unix domain connection sendmsg a couple of file descriptors close the descriptors we just sent close the connection (unc_gc() runs at this point and tries to flush/close these descriptors, but doesn't quite do it right. However, I looked all the way back to the 4.4 lite commit and it does not appear to gatuitously close the descriptors. Instead, it relies on sorflush() to do that). process B: create socket, listen on socket. wait until A has made the connection, sent the descriptors, and closed its connection. accept() the connection from A (which is now closed on A's) side. recvmsg() descriptors, which were previously closed but may now be valid again and hold references to files used by other processes if we have waited a sufficient period of time. However, from my reading of the code if these descriptors had been closed, the associated socket buffer would have been flushed so this can't happen. Ok, and this is why it *DOESN'T* actually happen: unc_gc() adds an f_count reference, then attempt to sorflush() the isolated files, then closes them (subtracting one from the ref count). Thus it is left up to sorflush() to actually close the descriptors. sorflush() will release the associated messages so we should be safe. But here's the problem: unp_gc() is confused. It is calling sorflush() on non-sockets. Line 1118 of kern/uipc_usrreq.c: /* * for each FD on our hit list, do the following two things */ for (i = nunref, fpp = extra_ref; --i >= 0; ++fpp) sorflush((struct socket *)(*fpp)->f_data); <------- for (i = nunref, fpp = extra_ref; --i >= 0; ++fpp) closef(*fpp, (struct proc *) NULL); free((caddr_t)extra_ref, M_FILE); unp_gcing = 0; It happily believes that any descriptor for which FMARK has not been set is not marked accessible and thus, somehow, is magically a socket and calls sorflush() on it. But the descriptors that were queued in those sendmsg()'s wind up not being FMARK's because their f_count == f_msgcount. unp_gc() then assumes these descriptors are unix domain sockets. But they are not necessarily unix domain sockets. Could someone take a look at that and tell me if I am right in regards to the sorflush() ? ::At the bottom of page 389: :: "If a listening socket is accessible, then any queued connections :: that it holds are also accessible; the garbage collector in 4.4BSD :: fails to take this into account." :: ::This footnote is referenced from a paragraph discussing unp_gc() - ::which can be found in kern/uipc_usrreq.c. From a quick look at the ::2.2.6 CVS logs (the latest I can quickly study), it doesn't look like ::it's ever been eradicated. :: ::Peter : : Shit. There's a bug. It took me a while to find it, but there's a : bug. A very bad bug. A Very, very, very, very bad bug. I'm going to : fix this in the FreeBSD tree first, then post the diff without : additional comment. : : -Matt Matthew Dillon Engineering, HiWay Technologies, Inc. & BEST Internet Communications & God knows what else. (Please include original email in any response) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Dec 23 15:27:26 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id PAA22128 for freebsd-security-outgoing; Wed, 23 Dec 1998 15:27:26 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from goliath.camtech.net.au (goliath.camtech.net.au [203.5.73.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA22122 for ; Wed, 23 Dec 1998 15:27:24 -0800 (PST) (envelope-from newton@camtech.com.au) Received: from sebastion.sa.camtech.com.au (sebastion.sa.camtech.com.au [203.28.3.2]) by goliath.camtech.net.au (8.8.5/8.8.2) with ESMTP id JAA07330; Thu, 24 Dec 1998 09:45:52 +1030 (CST) Received: (from smtp@localhost) by sebastion.sa.camtech.com.au (8.8.5/8.8.7) id JAA27174; Thu, 24 Dec 1998 09:46:40 +1030 (CST) Received: from slingshot(192.168.1.2) by sebastion via smap (V2.0) id xma027168; Thu, 24 Dec 98 09:46:14 +1030 Received: from frenzy.ct (newton@frenzy.ct [192.168.4.65]) by slingshot.ct (8.9.1/8.9.1) with ESMTP id JAA28865; Thu, 24 Dec 1998 09:45:59 +1030 (CST) From: Mark Newton Received: (from newton@localhost) by frenzy.ct (8.8.8/8.8.8) id JAA13917; Thu, 24 Dec 1998 09:45:57 +1030 (CDT) Message-Id: <199812232315.JAA13917@frenzy.ct> Subject: Re: About chroot In-Reply-To: <19981223142742.Q24362@follo.net> from Eivind Eklund at "Dec 23, 98 02:27:42 pm" To: eivind@yes.no (Eivind Eklund) Date: Thu, 24 Dec 1998 09:45:56 +1030 (CDT) Cc: casper@acc.am, freebsd-security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL32 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Eivind Eklund wrote: > On Wed, Dec 23, 1998 at 02:10:18PM +0400, Casper wrote: > > OK, thanx ... i'll look for this patch > > (Safer chroot) That patch is not publically available yet. k, until it is... I have a patch which completely disables chroot() for processes which have already been chroot()'ed (by making chroot() fail with EPERM if the process' root directory is not the same as init's root directory whether it's being called by the superuser or not). I've posted it here before anything up to a year ago and don't recall {any/much} complaining about it. It breaks traditional semantics so it should be optional (if you are running the kind of site that finds such a patch necessary you probably think that securing chroot() is more important than preserving traditional semantics anyway). If there's support for this (especially from the security guys) I can wrap it in a sysctl knob and commit it (with notes in the chroot(2) manpage describing the knob of course). - mark --- Mark Newton Email: newton@camtech.com.au Systems Engineer and Senior Trainer Phone: +61-8-8303-3300 Camtech (SA), a member of the Fax: +61-8-8303-4403 CAMTECH group of companies WWW: http://www.camtech.com.au To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Dec 23 17:03:56 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id RAA04948 for freebsd-security-outgoing; Wed, 23 Dec 1998 17:03:56 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from dnai.com (dnai.com [207.181.194.98]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id RAA04942 for ; Wed, 23 Dec 1998 17:03:54 -0800 (PST) (envelope-from miket@dnai.com) Received: from einstein (dnai-207-181-255-19.dialup.dnai.com [207.181.255.19]) by dnai.com (8.8.8/8.8.8) with SMTP id RAA17365 for ; Wed, 23 Dec 1998 17:03:45 -0800 (PST) Message-Id: <199812240103.RAA17365@dnai.com> X-Sender: miket@mail.dnai.com (Unverified) X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0.1 Date: Wed, 23 Dec 1998 17:02:20 -0800 To: freebsd-security@FreeBSD.ORG From: Mike Thompson Subject: IPFW configuration question Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello everyone, As part of securing a couple of FreeBSD 2.2.7 servers to be placed on the Internet, it was suggested that I use "ipfw" as an additional security measure. In doing this I thought I would pass the script I developed to configure the FreeBSD kernel firewall these servers to this e-mail list for comments. Basically, I only want access to our DNS, Apache and secure shell to get through. This script was derived from the simple scripts provided in rc.firewall and with some embellishment by myself. The only thing that I believe is missing is that I would also like to enable traceroute to work from the server to help diagnose Internet delay problems. I guess I also have to let ICMP packets through to do this, but I would have another script to do only when I am actually on the system. Any comments would be appreciated. Not being a system admin I am just trying to cover as many bases as I can and trying to err on the side of caution. Thanks, Mike Thompson ------------------------------------------------------------- ############ # Set quiet mode fwcmd="/sbin/ipfw -q" ############ # Flush out the list before we begin. $fwcmd -f flush ############ # Start with default rules that we would only want # to change in rare cases. $fwcmd add 100 pass all from any to any via lo0 $fwcmd add 200 deny all from any to 127.0.0.0/8 # Allow ssh through. $fwcmd add pass tcp from any to any 22 # Allow access to our DNS. $fwcmd add pass tcp from any to any 53 setup # Allow access to our WWW. $fwcmd add pass tcp from any to any 80 setup # Allow TCP through if setup succeeded. $fwcmd add pass tcp from any to any established # Reject all setup of incoming connections from the outside. $fwcmd add deny tcp from any to any in via fxp0 setup # Allow setup of any other TCP connection. $fwcmd add pass tcp from any to any setup # Allow DNS queries out in the world. $fwcmd add pass udp from any 53 to any $fwcmd add pass udp from any to any 53 # Everything else is denied as default. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Dec 23 17:16:40 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id RAA06351 for freebsd-security-outgoing; Wed, 23 Dec 1998 17:16:40 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from allegro.lemis.com (allegro.lemis.com [192.109.197.134]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id RAA06340; Wed, 23 Dec 1998 17:16:36 -0800 (PST) (envelope-from grog@freebie.lemis.com) Received: from freebie.lemis.com (freebie.lemis.com [192.109.197.137]) by allegro.lemis.com (8.9.1/8.9.0) with ESMTP id LAA09947; Thu, 24 Dec 1998 11:46:07 +1030 (CST) Received: (from grog@localhost) by freebie.lemis.com (8.9.1/8.9.0) id LAA14602; Thu, 24 Dec 1998 11:46:09 +1030 (CST) Message-ID: <19981224114608.Z12346@freebie.lemis.com> Date: Thu, 24 Dec 1998 11:46:08 +1030 From: Greg Lehey To: Gustavo Vieira G C Rios , FreeBSD Questions , FreeBSD Security , FreeBSD Br Subject: Re: keeping updated with FreeBSD (some help please) References: <3680F56B.128CBDDF@netshell.vicosa.com.br> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.91.1i In-Reply-To: <3680F56B.128CBDDF@netshell.vicosa.com.br>; from Gustavo Vieira G C Rios on Wed, Dec 23, 1998 at 11:51:39AM -0200 WWW-Home-Page: http://www.lemis.com/~grog Organization: LEMIS, PO Box 460, Echunga SA 5153, Australia Phone: +61-8-8388-8286 Fax: +61-8-8388-8725 Mobile: +61-41-739-7062 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wednesday, 23 December 1998 at 11:51:39 -0200, Gustavo Vieira G C Rios wrote: > Can anyone do any comments about this supfile? > I am beginning with FreeBSD, so i just wanna update my 2.2.7 Release to > 3.0.0! All i need do is to update my /usr/src, right? and "make world" > right ? > > my supfile is: > *default tag=RELENG_3_0_0_RELEASE > *default hosts=cvsup.internat.FreeBSD.ORG > *default prefix=/usr > *defatul base=/usr/local/etc/cvsup > *default release=cvs delete user-rel-suffix compress > src-all > doc-all > cvs-crypto This is better than your last attempt, but you really need to be careful with your spelling. You still have a typo there ('defatul'). I'll get back with a more detailed analysis when I have time, but about the only real thing I see wrong here is that you're trying to get it from cvsup.internat.FreeBSD.org, which is really only intended for crypto software. They don't have the bandwidth for the complete system, and I'm not even sure they have it avaialable. Try a different site for src-all and doc-all. In case something *does* go wrong, it would be a good idea to rename /usr/src and /usr/doc before starting (or at least do a backup). Greg -- See complete headers for address, home page and phone numbers finger grog@lemis.com for PGP public key To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Dec 23 20:18:26 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id UAA03279 for freebsd-security-outgoing; Wed, 23 Dec 1998 20:18:26 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from guepardo.vicosa.com.br (guepardo.tdnet.com.br [200.236.148.6]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id UAA03261 for ; Wed, 23 Dec 1998 20:18:15 -0800 (PST) (envelope-from grios@netshell.vicosa.com.br) Received: from netshell.vicosa.com.br [200.236.148.193] by guepardo.vicosa.com.br with ESMTP (SMTPD32-4.03) id A935B8F0108; Thu, 24 Dec 1998 00:47:01 +03d00 Message-ID: <3681B710.66AFAD48@netshell.vicosa.com.br> Date: Thu, 24 Dec 1998 01:37:52 -0200 From: Gustavo Vieira G C Rios X-Mailer: Mozilla 4.5 [en] (Win95; I) X-Accept-Language: en MIME-Version: 1.0 To: FreeBSD Security Subject: qpopper Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, i am a security paranoid, so i would like to know how secure is qpopper (which is the best: qpopper or cucipop)? How can i use xinetd and qpopper together? -- +-------------------------------------------------------------------+ " ... Overall we've found FreeBSD to excel in performace, stability, technical support, and of course price. Two years after discovering FreeBSD, we have yet to find a reason why we switch to anything else" -David Filo, Yahoo! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Dec 23 21:15:48 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id VAA09745 for freebsd-security-outgoing; Wed, 23 Dec 1998 21:15:48 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from phoenix (phoenix.aye.net [206.185.8.134]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id VAA09739 for ; Wed, 23 Dec 1998 21:15:45 -0800 (PST) (envelope-from brich@aye.net) Received: (qmail 906 invoked by uid 7506); 24 Dec 1998 05:13:09 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 24 Dec 1998 05:13:09 -0000 Date: Thu, 24 Dec 1998 00:13:09 -0500 (EST) From: Barrett Richardson To: freebsd-security@FreeBSD.ORG Subject: Do I really need inetd? Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I have all my necessary network services running as daemons. In the face of recent discoveries of problems caused for inetd by nmap and various things I've come to the conclusion that I really don't need inetd -- another variable I can eliminated from the mix. Any undesirable side effects come to mind? - Barrett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Dec 23 22:06:08 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id WAA14793 for freebsd-security-outgoing; Wed, 23 Dec 1998 22:06:08 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from fledge.watson.org (FLEDGE.RES.CMU.EDU [128.2.93.229]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id WAA14785 for ; Wed, 23 Dec 1998 22:06:06 -0800 (PST) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.8.8/8.8.8) with SMTP id BAA28515; Thu, 24 Dec 1998 01:05:52 -0500 (EST) Date: Thu, 24 Dec 1998 01:05:51 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: Barrett Richardson cc: freebsd-security@FreeBSD.ORG Subject: Re: Do I really need inetd? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 24 Dec 1998, Barrett Richardson wrote: > I have all my necessary network services running as daemons. In the > face of recent discoveries of problems caused for inetd by nmap > and various things I've come to the conclusion that I really don't > need inetd -- another variable I can eliminated from the mix. > > Any undesirable side effects come to mind? Some daemons are more secure when running under inetd (they don't require privilege to bind a low port number under inetd). Inetd provides a good point to put wrappers for additional auditing and access control not supported by all daemons. Inetd also provides some limited anti-DOS capabilities. Example: fingerd does not require privileged access when run from inetd, as inetd will pass connections onto it from the <1024 port 79. But if you run it without inetd, it will require root access initially to acquire the listening socket. Arguably, this is an issue with the capability design, but inetd provides an adequate solution in the case of a service like fingerd. If you only run daemons that require privilege anyway, then inetd indeed just adds another variable--on the other hand, it can be an organizing variable that makes the machine easier to manage and audit. Additional source code can always be interpretted as additional risk, but this risk seems well calculated in most cases. To close down all network services, I'd rather just kill inetd than hunt down pid's for other daemons :-). Robert N Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: 03 01 DD 8E 15 67 48 73 25 6D 10 FC EC 68 C1 1C Carnegie Mellon University http://www.cmu.edu/ TIS Labs at Network Associates, Inc. http://www.tis.com/ SafePort Network Services http://www.safeport.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Dec 23 22:32:12 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id WAA17381 for freebsd-security-outgoing; Wed, 23 Dec 1998 22:32:12 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from gratis.grondar.za (gratis.grondar.za [196.7.18.65]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id WAA17363; Wed, 23 Dec 1998 22:32:05 -0800 (PST) (envelope-from mark@grondar.za) Received: from greenpeace.grondar.za (greenpeace.grondar.za [196.7.18.132]) by gratis.grondar.za (8.9.1/8.9.1) with ESMTP id IAA24656; Thu, 24 Dec 1998 08:31:27 +0200 (SAST) (envelope-from mark@grondar.za) Received: from grondar.za (localhost [127.0.0.1]) by greenpeace.grondar.za (8.9.1/8.9.1) with ESMTP id IAA07559; Thu, 24 Dec 1998 08:31:19 +0200 (SAST) (envelope-from mark@grondar.za) Message-Id: <199812240631.IAA07559@greenpeace.grondar.za> To: Greg Lehey cc: Gustavo Vieira G C Rios , FreeBSD Questions , FreeBSD Security , FreeBSD Br Subject: Re: keeping updated with FreeBSD (some help please) In-Reply-To: Your message of " Thu, 24 Dec 1998 11:46:08 +1030." <19981224114608.Z12346@freebie.lemis.com> References: <3680F56B.128CBDDF@netshell.vicosa.com.br> <19981224114608.Z12346@freebie.lemis.com> Date: Thu, 24 Dec 1998 08:31:18 +0200 From: Mark Murray Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Greg Lehey wrote: > I'll get back with a more detailed analysis when I have time, but > about the only real thing I see wrong here is that you're trying to > get it from cvsup.internat.FreeBSD.org, which is really only intended > for crypto software. They don't have the bandwidth for the complete > system, and I'm not even sure they have it avaialable. Try a > different site for src-all and doc-all. We have the bandwidth, as long as you are inside South Africa :-). International connectivity sucks, but at 2am localtime (GMT+0200) it is as empty as it will ever be. M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Dec 23 23:16:50 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id XAA23662 for freebsd-security-outgoing; Wed, 23 Dec 1998 23:16:50 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from mail.numachi.com (numachi.numachi.com [198.175.254.2]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id XAA23657 for ; Wed, 23 Dec 1998 23:16:46 -0800 (PST) (envelope-from reichert@numachi.com) Received: (qmail 497 invoked by uid 1001); 24 Dec 1998 07:16:32 -0000 Message-ID: <19981224021632.D29742@numachi.com> Date: Thu, 24 Dec 1998 02:16:32 -0500 From: Brian Reichert To: freebsd-security@FreeBSD.ORG Subject: Re: IPFW configuration question References: <199812240103.RAA17365@dnai.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.91i In-Reply-To: <199812240103.RAA17365@dnai.com>; from Mike Thompson on Wed, Dec 23, 1998 at 05:02:20PM -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Dec 23, 1998 at 05:02:20PM -0800, Mike Thompson wrote: > Hello everyone, > > As part of securing a couple of FreeBSD 2.2.7 servers to be > placed on the Internet, it was suggested that I use "ipfw" > as an additional security measure. > > In doing this I thought I would pass the script I developed > to configure the FreeBSD kernel firewall these servers to > this e-mail list for comments. Basically, I only want access > to our DNS, Apache and secure shell to get through. Your script also allows http in. Just reminding you... > This > script was derived from the simple scripts provided in > rc.firewall and with some embellishment by myself. > > The only thing that I believe is missing is that I would > also like to enable traceroute to work from the server to > help diagnose Internet delay problems. I guess I also have > to let ICMP packets through to do this, but I would have > another script to do only when I am actually on the system. You might want ping: $fwcmd add allow icmp from any to any What I'm using for traceroute, which I'm not convinced is totally correct: $fwcmd add allow udp from any to any 33434-33534 > Any comments would be appreciated. Not being a system admin > I am just trying to cover as many bases as I can and trying > to err on the side of caution. The rc.firewall script ('simple') also has a template for not leaking packets out for RFC1918 nets; I suspect that you'd want to do as well... Also, for a gateway, you'd want to take steps to not leak out packets that are not from your net, and conversely, not let _in_ packet that are allegedly from your net. I put firewalls up on my gateways recently (still tuning), and modeled my filtering on the 'simple' option (advice always appreciated): 1) Stop spoofing; ie: only stuff _not from_ your net can come in, only stuff _from_ your net can go out. 2) block the RFC1918 nets. 3) allow ping and traceroute to work. 4) Allow established TCP connections in. You'll want this rule before any other rules (I expect), as most incoming packets will be for established sessions, and you want to 'early out' of the rules as quickly as possible... 5) Allow connections to those TCP and UDP services that you care about. I care, for example, about domain ('DNS') (to my name servers only), smtp (to my MX hosts only), ssh, http, ntp. Now, for additional analysis that I do: 7) Explicitly deny those expected connections that are common/expected (and unwanted), as to prevent my logs (see #8 and #9) from being clogged. 8) Reject and log all incoming connections, so you can see what people are looking for. 9) Accept and log all outgoing connections, so you can better analyze how your users are making use of your net connection. Additionally, I chucked into /etc/daily: echo "Clearing firewall accounting" ipfw zero > Thanks, > > Mike Thompson > ------------------------------------------------------------- -- Brian 'you Bastard' Reichert reichert@numachi.com 37 Crystal Ave. #303 Current daytime number: (603)-434-6842 Derry NH 03038-1713 USA Intel architecture: the left-hand path To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Dec 23 23:20:21 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id XAA24236 for freebsd-security-outgoing; Wed, 23 Dec 1998 23:20:21 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from goliath.camtech.net.au (goliath.camtech.net.au [203.5.73.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id XAA24210 for ; Wed, 23 Dec 1998 23:20:10 -0800 (PST) (envelope-from newton@camtech.com.au) Received: from sebastion.sa.camtech.com.au (sebastion.sa.camtech.com.au [203.28.3.2]) by goliath.camtech.net.au (8.8.5/8.8.2) with ESMTP id RAA28396; Thu, 24 Dec 1998 17:43:40 +1030 (CST) Received: (from smtp@localhost) by sebastion.sa.camtech.com.au (8.8.5/8.8.7) id RAA01717; Thu, 24 Dec 1998 17:44:31 +1030 (CST) Received: from slingshot(192.168.1.2) by sebastion via smap (V2.0) id xma001713; Thu, 24 Dec 98 17:44:15 +1030 Received: from frenzy.ct (newton@frenzy.ct [192.168.4.65]) by slingshot.ct (8.9.1/8.9.1) with ESMTP id RAA10288; Thu, 24 Dec 1998 17:44:03 +1030 (CST) From: Mark Newton Received: (from newton@localhost) by frenzy.ct (8.8.8/8.8.8) id RAA17322; Thu, 24 Dec 1998 17:44:02 +1030 (CDT) Message-Id: <199812240714.RAA17322@frenzy.ct> Subject: Re: About chroot In-Reply-To: From newton at "Dec 24, 98 09:45:56 am" To: newton@camtech.com.au (newton) Date: Thu, 24 Dec 1998 17:44:02 +1030 (CDT) Cc: eivind@yes.no, casper@acc.am, freebsd-security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL32 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Replying to my own mail: > I have a patch which completely disables chroot() for processes which > have already been chroot()'ed (by making chroot() fail with EPERM > if the process' root directory is not the same as init's root directory > whether it's being called by the superuser or not). I've submitted the patch; It's kern/9183. Does anyone want to review it? I'll commit it if there's a positive response (but won't if there's no response). - mark --- Mark Newton Email: newton@camtech.com.au Systems Engineer and Senior Trainer Phone: +61-8-8303-3300 Camtech (SA), a member of the Fax: +61-8-8303-4403 CAMTECH group of companies WWW: http://www.camtech.com.au To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Dec 24 01:54:16 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id BAA09612 for freebsd-security-outgoing; Thu, 24 Dec 1998 01:54:16 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from burka.rdy.com (burka.rdy.com [205.149.163.30]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id BAA09607 for ; Thu, 24 Dec 1998 01:54:15 -0800 (PST) (envelope-from dima@burka.rdy.com) Received: (from dima@localhost) by burka.rdy.com (8.9.1/RDY&DVV) id BAA19489; Thu, 24 Dec 1998 01:53:52 -0800 (PST) Message-Id: <199812240953.BAA19489@burka.rdy.com> Subject: Re: IPFW configuration question In-Reply-To: <19981224021632.D29742@numachi.com> from Brian Reichert at "Dec 24, 1998 2:16:32 am" To: reichert@numachi.com (Brian Reichert) Date: Thu, 24 Dec 1998 01:53:51 -0800 (PST) Cc: freebsd-security@FreeBSD.ORG X-Class: Fast Organization: HackerDome Reply-To: dima@best.net From: dima@best.net (Dima Ruban) X-Mailer: ELM [version 2.4ME+ PL43 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Brian Reichert writes: > > You might want ping: > > $fwcmd add allow icmp from any to any If you just want to use ping, I'd rather suggest specifying icmptypes/ > What I'm using for traceroute, which I'm not convinced is totally > correct: > > $fwcmd add allow udp from any to any 33434-33534 You might want to put: $fwcmd add allow udp from any to any 33434-33534 out to allow outgoing traceroute only. -- dima To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Dec 24 04:35:44 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id EAA26052 for freebsd-security-outgoing; Thu, 24 Dec 1998 04:35:44 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from shell2.la.best.com (shell2.la.best.com [209.24.216.141]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id EAA26046 for ; Thu, 24 Dec 1998 04:35:43 -0800 (PST) (envelope-from nugundam@shell2.la.best.com) Received: (from nugundam@localhost) by shell2.la.best.com (8.9.1/8.9.0/best.sh) id EAA23693 for freebsd-security@FreeBSD.ORG; Thu, 24 Dec 1998 04:34:52 -0800 (PST) Message-ID: <19981224043452.A23609@la.best.com> Date: Thu, 24 Dec 1998 04:34:52 -0800 From: "Joseph T. Lee" To: freebsd-security@FreeBSD.ORG Subject: Re: Do I really need inetd? References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.2i In-Reply-To: ; from Barrett Richardson on Thu, Dec 24, 1998 at 12:13:09AM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, Dec 24, 1998 at 12:13:09AM -0500, Barrett Richardson wrote: > I have all my necessary network services running as daemons. In the > face of recent discoveries of problems caused for inetd by nmap > and various things I've come to the conclusion that I really don't > need inetd -- another variable I can eliminated from the mix. inetd centralizes the daemon management, besides providing some protection such as sandboxing said daemons instead of letting them all run as root as needed. In relation to the nmap thing, you can limit the number of daemon children/max connections per minute per IP through, to discourage DoS attacks. -- Joseph nugundam =best=com==/==\=IIGS=/==\=Playstation=/==\=Civic HX CVT=/==\ # Anime Expo 1998 >> www.anime-expo.org/ > # Redline Games >> www.redlinegames.com/ > # Cal-Animage Epsilon >> www.best.com/~nugundam/epsilon/ > # EX: The Online World of Anime & Manga >> www.ex.org/ / To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Dec 24 06:56:28 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id GAA08602 for freebsd-security-outgoing; Thu, 24 Dec 1998 06:56:28 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA08589 for ; Thu, 24 Dec 1998 06:56:22 -0800 (PST) (envelope-from des@flood.ping.uio.no) Received: (from des@localhost) by flood.ping.uio.no (8.9.1/8.9.1) id PAA75127; Thu, 24 Dec 1998 15:55:56 +0100 (CET) (envelope-from des) To: dima@best.net Cc: reichert@numachi.com (Brian Reichert), freebsd-security@FreeBSD.ORG Subject: Re: IPFW configuration question References: <199812240953.BAA19489@burka.rdy.com> From: Dag-Erling Smorgrav Date: 24 Dec 1998 15:55:55 +0100 In-Reply-To: dima@best.net's message of "Thu, 24 Dec 1998 01:53:51 -0800 (PST)" Message-ID: Lines: 12 X-Mailer: Gnus v5.5/Emacs 19.34 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org dima@best.net (Dima Ruban) writes: > Brian Reichert writes: > > You might want ping: > > $fwcmd add allow icmp from any to any > If you just want to use ping, I'd rather suggest specifying icmptypes/ I'm quite sure you'd want more than just ping. At the very least, you want to be able to receive (and optionally send) ICMP Unreachable. DES -- Dag-Erling Smorgrav - des@flood.ping.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Dec 24 07:01:01 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id HAA09240 for freebsd-security-outgoing; Thu, 24 Dec 1998 07:01:01 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA09235 for ; Thu, 24 Dec 1998 07:00:59 -0800 (PST) (envelope-from des@flood.ping.uio.no) Received: (from des@localhost) by flood.ping.uio.no (8.9.1/8.9.1) id QAA75137; Thu, 24 Dec 1998 16:00:42 +0100 (CET) (envelope-from des) To: Barrett Richardson Cc: freebsd-security@FreeBSD.ORG Subject: Re: Do I really need inetd? References: From: Dag-Erling Smorgrav Date: 24 Dec 1998 16:00:41 +0100 In-Reply-To: Barrett Richardson's message of "Thu, 24 Dec 1998 00:13:09 -0500 (EST)" Message-ID: Lines: 17 X-Mailer: Gnus v5.5/Emacs 19.34 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Barrett Richardson writes: > I have all my necessary network services running as daemons. In the > face of recent discoveries of problems caused for inetd by nmap > and various things I've come to the conclusion that I really don't > need inetd -- another variable I can eliminated from the mix. > > Any undesirable side effects come to mind? As others have pointed out, inetd has its advantage. One advantage I have not yet seen mentioned is that you have less running processes at any time since unneeded servers are not running. Also, assuming inetd does not die, you needn't worry about somebody DoSing you by killing your servers, since inetd will restart them as needed. DES -- Dag-Erling Smorgrav - des@flood.ping.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Dec 24 08:09:10 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id IAA16836 for freebsd-security-outgoing; Thu, 24 Dec 1998 08:09:10 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from samizdat.uucom.com (samizdat.uucom.com [198.202.217.54]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA16831 for ; Thu, 24 Dec 1998 08:09:07 -0800 (PST) (envelope-from cshenton@uucom.com) Received: (from cshenton@localhost) by samizdat.uucom.com (8.9.1/8.9.0) id LAA02495; Thu, 24 Dec 1998 11:08:16 -0500 To: Barrett Richardson Cc: freebsd-security@FreeBSD.ORG Subject: Re: Do I really need inetd? References: From: Chris Shenton Date: 24 Dec 1998 11:08:16 -0500 In-Reply-To: Barrett Richardson's message of Thu, 24 Dec 1998 00:13:09 -0500 (EST) Message-ID: <86ww3hh6a7.fsf@samizdat.uucom.com> Lines: 19 X-Mailer: Gnus v5.5/Emacs 20.2 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Barrett Richardson writes: > I have all my necessary network services running as daemons. In the > face of recent discoveries of problems caused for inetd by nmap > and various things I've come to the conclusion that I really don't > need inetd -- another variable I can eliminated from the mix. > > Any undesirable side effects come to mind? When I set up a new box, I usually first install sshd. Then I find I can usually turn off inetd because I don't need any services there: telnet and ftp can be replaced with ssh/scp, other services (finger, chargen) are of little or no use and pose unnecessary risks. This is typically for production servers; your tolerance for risk on desktop or home boxes will dictate how fascist you want to be. Having said that, if I do want something different (e.g., amanda, rstatd), I'll run inetd but with only these lines in the inetd.conf file, and I'll tcp_wrap them. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Dec 24 08:23:08 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id IAA19021 for freebsd-security-outgoing; Thu, 24 Dec 1998 08:23:08 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from fledge.watson.org (FLEDGE.RES.CMU.EDU [128.2.93.229]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA18983 for ; Thu, 24 Dec 1998 08:22:49 -0800 (PST) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.8.8/8.8.8) with SMTP id LAA00421; Thu, 24 Dec 1998 11:19:04 -0500 (EST) Date: Thu, 24 Dec 1998 11:19:04 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: Mark Newton cc: eivind@yes.no, casper@acc.am, freebsd-security@FreeBSD.ORG Subject: Re: About chroot In-Reply-To: <199812240714.RAA17322@frenzy.ct> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 24 Dec 1998, Mark Newton wrote: > > I have a patch which completely disables chroot() for processes which > > have already been chroot()'ed (by making chroot() fail with EPERM > > if the process' root directory is not the same as init's root directory > > whether it's being called by the superuser or not). > > I've submitted the patch; It's kern/9183. > > Does anyone want to review it? I'll commit it if there's a positive > response (but won't if there's no response). Mark, It seems like a neat idea. However, enabling vfs.hard_chroot may break security in certain environments--in particular, environments where a chroot is used as part of the system bootup, and where existing services will try to use chroot to create sandboxes. A prime example might be a netboot'd anonymous FTP server. For whatever reason, the boot device is not writable, or should not be writable during the normal system run; once the system gets up, it chroots so that the root directory is in a more convenient place than on the original boot media. Now, the ftp daemon will attempt to chroot to the ~ftp directory when a user logs in. chroot will now fail, preventing the creation of a sandbox. I suppose a better example might be booting off of a floppy disk once we have modules working properly--during the boot sequence, it is desirable to have access to the root directory to load modules from file systems. But after we're done with that, we will want to chroot to that mfs root directory for performance reasons. I think a larger nastier warning note in the documentation would probably be sufficient. Something specifically mentioning chroot web servers, anonymous ftp, etc. Needless to say, also, this patch only provides limited protection against chroot escape attempts. It prevents the user from chrooting to trick userland utilities that rely on hard-coded paths (such as access to ld.so, libc for getpwnam, etc). This is useful, but doesn't prevent a root user inside the sandbox from creating device nodes, mounting file systems, etc. And with that kind of capability, chroot won't do much. :-) Robert N Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: 03 01 DD 8E 15 67 48 73 25 6D 10 FC EC 68 C1 1C Carnegie Mellon University http://www.cmu.edu/ TIS Labs at Network Associates, Inc. http://www.tis.com/ SafePort Network Services http://www.safeport.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Dec 24 09:18:33 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA24202 for freebsd-security-outgoing; Thu, 24 Dec 1998 09:18:33 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from apollo.backplane.com (apollo.backplane.com [209.157.86.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA24197 for ; Thu, 24 Dec 1998 09:18:32 -0800 (PST) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.9.1/8.9.1) id JAA27944; Thu, 24 Dec 1998 09:18:20 -0800 (PST) (envelope-from dillon) Date: Thu, 24 Dec 1998 09:18:20 -0800 (PST) From: Matthew Dillon Message-Id: <199812241718.JAA27944@apollo.backplane.com> To: "Joseph T. Lee" Cc: freebsd-security@FreeBSD.ORG Subject: Re: Do I really need inetd? Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org :On Thu, Dec 24, 1998 at 12:13:09AM -0500, Barrett Richardson wrote: :> I have all my necessary network services running as daemons. In the :> face of recent discoveries of problems caused for inetd by nmap :> and various things I've come to the conclusion that I really don't :> need inetd -- another variable I can eliminated from the mix. : :inetd centralizes the daemon management, besides providing some :protection such as sandboxing said daemons instead of letting them all :run as root as needed. : :In relation to the nmap thing, you can limit the number of daemon :children/max connections per minute per IP through, to discourage DoS :attacks. Many months ago I added a max-connections and max-rate capability to inetd. The parameters can be specified globally or on a per-service basis. 'man inetd' for details. -Matt :-- :Joseph nugundam =best=com==/==\=IIGS=/==\=Playstation=/==\=Civic HX CVT=/==\ :# Anime Expo 1998 >> www.anime-expo.org/ > :# Redline Games >> www.redlinegames.com/ > :# Cal-Animage Epsilon >> www.best.com/~nugundam/epsilon/ > :# EX: The Online World of Anime & Manga >> www.ex.org/ / : :To Unsubscribe: send mail to majordomo@FreeBSD.org :with "unsubscribe freebsd-security" in the body of the message : Matthew Dillon Engineering, HiWay Technologies, Inc. & BEST Internet Communications & God knows what else. (Please include original email in any response) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Dec 24 10:32:38 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA02827 for freebsd-security-outgoing; Thu, 24 Dec 1998 10:32:38 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from netbox.com (home.netbox.com [206.24.105.130]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA02822 for ; Thu, 24 Dec 1998 10:32:36 -0800 (PST) (envelope-from jwgray@netbox.com) Received: from localhost (jwgray@localhost) by netbox.com (8.8.8/8.8.7) with ESMTP id KAA07754; Thu, 24 Dec 1998 10:32:25 -0800 (PST) (envelope-from jwgray@netbox.com) Date: Thu, 24 Dec 1998 10:32:25 -0800 (PST) From: Jeff Gray To: Matthew Dillon cc: "Joseph T. Lee" , freebsd-security@FreeBSD.ORG Subject: Re: Do I really need inetd? In-Reply-To: <199812241718.JAA27944@apollo.backplane.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Matt, Appreciate the suggestion. To save some of us syntax problems maybe you could post the lines, ones that work are always nice. Thanks Jeff On Thu, 24 Dec 1998, Matthew Dillon wrote: > :On Thu, Dec 24, 1998 at 12:13:09AM -0500, Barrett Richardson wrote: > :> I have all my necessary network services running as daemons. In the > :> face of recent discoveries of problems caused for inetd by nmap > :> and various things I've come to the conclusion that I really don't > :> need inetd -- another variable I can eliminated from the mix. > : > :inetd centralizes the daemon management, besides providing some > :protection such as sandboxing said daemons instead of letting them all > :run as root as needed. > : > :In relation to the nmap thing, you can limit the number of daemon > :children/max connections per minute per IP through, to discourage DoS > :attacks. > > Many months ago I added a max-connections and max-rate capability to > inetd. The parameters can be specified globally or on a per-service > basis. 'man inetd' for details. > > -Matt > > :-- > :Joseph nugundam =best=com==/==\=IIGS=/==\=Playstation=/==\=Civic HX CVT=/==\ > :# Anime Expo 1998 >> www.anime-expo.org/ > > :# Redline Games >> www.redlinegames.com/ > > :# Cal-Animage Epsilon >> www.best.com/~nugundam/epsilon/ > > :# EX: The Online World of Anime & Manga >> www.ex.org/ / > : > :To Unsubscribe: send mail to majordomo@FreeBSD.org > :with "unsubscribe freebsd-security" in the body of the message > : > > Matthew Dillon Engineering, HiWay Technologies, Inc. & BEST Internet > Communications & God knows what else. > (Please include original email in any response) > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Dec 24 11:35:40 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA09868 for freebsd-security-outgoing; Thu, 24 Dec 1998 11:35:40 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from apollo.backplane.com (apollo.backplane.com [209.157.86.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA09862 for ; Thu, 24 Dec 1998 11:35:37 -0800 (PST) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.9.1/8.9.1) id LAA34947; Thu, 24 Dec 1998 11:35:24 -0800 (PST) (envelope-from dillon) Date: Thu, 24 Dec 1998 11:35:24 -0800 (PST) From: Matthew Dillon Message-Id: <199812241935.LAA34947@apollo.backplane.com> To: Jeff Gray Cc: "Joseph T. Lee" , freebsd-security@FreeBSD.ORG Subject: Re: Do I really need inetd? References: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org :Matt, : :Appreciate the suggestion. : :To save some of us syntax problems maybe you could post the lines, ones :that work are always nice. : :Thanks :Jeff I usually just run: inetd -l -R 1024 If you want, you can also add in the '-c N' option to absolutely guarentee that an attack will not take the machine down. i.e. '-c 600' or something like that. If you need fine control for specific services, you can specify a maxchild after the wait|nowait field, i.e. 'wait/200' rather then 'wait'. I suggest playing with it. The manual page is quite clear on the matter. -Matt Matthew Dillon Engineering, HiWay Technologies, Inc. & BEST Internet Communications & God knows what else. (Please include original email in any response) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Dec 24 12:26:30 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA15610 for freebsd-security-outgoing; Thu, 24 Dec 1998 12:26:30 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from cantor.boolean.net (cantor.boolean.net [209.133.111.73]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA15605 for ; Thu, 24 Dec 1998 12:26:27 -0800 (PST) (envelope-from Kurt@OpenLDAP.Org) Received: from gypsy (localhost [127.0.0.1]) by cantor.boolean.net (8.9.1/8.9.1) with SMTP id UAA82967; Thu, 24 Dec 1998 20:26:57 GMT (envelope-from Kurt@OpenLDAP.Org) Message-Id: <3.0.5.32.19981224122830.00967800@localhost> X-Sender: guru@localhost X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Thu, 24 Dec 1998 12:28:30 -0800 To: Matthew Dillon From: "Kurt D. Zeilenga" Subject: Re: Do I really need inetd? Cc: "Joseph T. Lee" , freebsd-security@FreeBSD.ORG In-Reply-To: <199812241718.JAA27944@apollo.backplane.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org If you have IP aliases/addresses, I recommend you use the -a option such that inetd only listens on address you expect the services to be obtained under. inetd -a 127.0.0.1 /etc/inetd-local.conf inetd -a 10.128.0.1 /etc/inetd-internal.conf inetd -a 192.9.200.254 /etc/inetd-external.conf For example, we have a number of services which must be accessed from localhost (like: pop3) while others services are excessible from a specific external address (we have quite a few IP aliases). We have another set of services we only allow connections from within our firewall to make and others which are allowed only a specific external IP address. This approach doesn't add bars to the windows of your system. It just reduces the number of windows you have to watch. Of course, it only takes one window (a good cracker can get through any window) ... you still need 'bars'... like tcpd and ipfw (even on inetd bound to localhost). Kurt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Dec 24 12:44:21 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA17630 for freebsd-security-outgoing; Thu, 24 Dec 1998 12:44:21 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from wind.freenet.am ([194.151.101.35]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA17310 for ; Thu, 24 Dec 1998 12:43:56 -0800 (PST) (envelope-from casper@acc.am) Received: from lemming.acc.am (acc.freenet.am [194.151.101.251]) by wind.freenet.am (8.9.1/8.9.1) with ESMTP id AAA13743 for ; Fri, 25 Dec 1998 00:42:17 +0400 (GMT) Received: from acc.am (nightmar.acc.am [192.168.100.108]) by lemming.acc.am (8.9.1a/8.9.1) with ESMTP id AAA16889 for ; Fri, 25 Dec 1998 00:47:11 +0400 (AMT) Message-ID: <3682A65B.8CFB144F@acc.am> Date: Fri, 25 Dec 1998 00:38:52 +0400 From: Casper Organization: Armenian Computer Center X-Mailer: Mozilla 4.5 [en] (Win95; I) X-Accept-Language: ru,en MIME-Version: 1.0 To: "freebsd-security@FreeBSD.ORG" Subject: Magic Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Did anyone tried to cjange loader's MAGIK in the exec's header and recompile system ... I think it'll disallow to upload some executable and run it on target system ...... So if you have recompiled system , chrooting all your network services - from telnetd till httpd, ftpd & etc. , dont place compiler, mknod in chrooted dirs and disallow reading of executable files ..only --x , how intruder can break this protection ? Of course i assume that system configured properly ...... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Dec 24 13:05:16 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id NAA19962 for freebsd-security-outgoing; Thu, 24 Dec 1998 13:05:16 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from intra.ispchannel.net (intra.ispchannel.net [208.166.60.21]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA19957 for ; Thu, 24 Dec 1998 13:05:10 -0800 (PST) (envelope-from nicole@ispchannel.com) Received: from dogbert.mediacity.com (dogbert.mediacity.com [208.138.36.140]) by intra.ispchannel.net (Postfix) with ESMTP id 1D751F00A; Thu, 24 Dec 1998 13:04:54 -0800 (PST) Message-ID: X-Mailer: XFMail 1.2 [p0] on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <86ww3hh6a7.fsf@samizdat.uucom.com> Date: Thu, 24 Dec 1998 13:04:53 -0800 (PST) Organization: The ISP Channel From: Nicole Harrington To: Chris Shenton Subject: Re: Do I really need inetd? Cc: freebsd-security@FreeBSD.ORG, Barrett Richardson Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 24-Dec-98 Chris Shenton wrote: > Barrett Richardson writes: > >> I have all my necessary network services running as daemons. In the >> face of recent discoveries of problems caused for inetd by nmap >> and various things I've come to the conclusion that I really don't >> need inetd -- another variable I can eliminated from the mix. >> >> Any undesirable side effects come to mind? > > When I set up a new box, I usually first install sshd. Then I find I > can usually turn off inetd because I don't need any services there: > telnet and ftp can be replaced with ssh/scp, other services (finger, > chargen) are of little or no use and pose unnecessary risks. This is > typically for production servers; your tolerance for risk on desktop > or home boxes will dictate how fascist you want to be. > > Having said that, if I do want something different (e.g., amanda, > rstatd), I'll run inetd but with only these lines in the inetd.conf > file, and I'll tcp_wrap them. > I agree. I have found that Inetd is very usefull for rarely needed services. It allows one to set parameters on usage that would otherwise be impossible. (like -c for DOS prevention and TCPwrappers) However for very active services however like smtp or pop3 on a busy system, I agree that running them as a daemon can help performance a great deal. Even SSH as a daemon saves a lot of time since it does not need to generate a key for every loggon. To help prevent DOS'ing and accidents, having a script to monitor it and restart if it is killed can make up for INETD's benefits. Nicole |\ __ /| (`\ | o_o |__ ) ) // \\ Nicole Harrington | Systems Administrator -------------------(((---(((----------------------- nicole@mediacity.com - nicole@ispchannel.com www.mediacity.com - www.ispchannel.com Phone: 650-237-1454 - Pager: 415-301-2482 Powered By Coca-Cola and FreeBSD Why do doctors call what they do practice? Microsoft: What bug would you like today? ---------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Dec 24 13:31:47 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id NAA22491 for freebsd-security-outgoing; Thu, 24 Dec 1998 13:31:47 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from www0j.netaddress.usa.net (www0j.netaddress.usa.net [204.68.24.39]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id NAA22447 for ; Thu, 24 Dec 1998 13:31:36 -0800 (PST) (envelope-from eugene.k@lycosmail.com) From: eugene.k@lycosmail.com Received: from oleg-tchetchel by www0j.netaddress.usa.net (SMI-8.6/SMI-SVR4) id VAA11155; Thu, 24 Dec 1998 21:31:23 GMT Date: Thu, 24 Dec 1998 21:31:23 GMT To: freebsd-security@FreeBSD.ORG Subject: Holiday Greetings ! Message-Id: Content-Type: TEXT/PLAIN charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org One of the Christmas miracles: http://www3.mcps.k12.md.us/users/rsfay/magic/index.html Eugene K. http://www.nisco.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Dec 24 13:35:00 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id NAA23145 for freebsd-security-outgoing; Thu, 24 Dec 1998 13:35:00 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from phoenix (phoenix.aye.net [206.185.8.134]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id NAA23132 for ; Thu, 24 Dec 1998 13:34:58 -0800 (PST) (envelope-from brich@aye.net) Received: (qmail 903 invoked by uid 7506); 24 Dec 1998 21:32:25 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 24 Dec 1998 21:32:25 -0000 Date: Thu, 24 Dec 1998 16:32:24 -0500 (EST) From: Barrett Richardson To: Casper cc: "freebsd-security@FreeBSD.ORG" Subject: Re: Magic In-Reply-To: <3682A65B.8CFB144F@acc.am> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 25 Dec 1998, Casper wrote: > Did anyone tried to cjange loader's MAGIK in the exec's header and recompile > system ... I think it'll disallow to upload some executable and run it on target > system ...... > So if you have recompiled system , chrooting all your network services - from > telnetd till httpd, ftpd & etc. , dont place compiler, mknod in chrooted dirs > and disallow reading of executable files ..only --x , how intruder can break > this protection ? > Of course i assume that system configured properly ...... > I used a different means to the same end. I used a flag bit that can only be set by root and require it to be set in imgact_aout.c, imgact_elf.c and imgact_gzip.c for non root users. Wrote a util to set the flag on files in /bin, /sbin, /usr/{bin,sbin}, /usr/libexec, /usr/local/{bin,sbin}. Used the same return code for a bad magic number. Whenever you try to execute a binary that doesn't have the flag set it spits out "cannot execute binary file". A user can even copy a system binary to his directory, and the copy won't run -- and only root can set the flag to make it run. Got the idea from John Dyson. I have been thinking of incorporating the behaviour into one of the securelevels on my system. - Barrett > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Dec 24 13:48:23 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id NAA24704 for freebsd-security-outgoing; Thu, 24 Dec 1998 13:48:23 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA24699 for ; Thu, 24 Dec 1998 13:48:22 -0800 (PST) (envelope-from des@flood.ping.uio.no) Received: (from des@localhost) by flood.ping.uio.no (8.9.1/8.9.1) id WAA76344; Thu, 24 Dec 1998 22:45:13 +0100 (CET) (envelope-from des) To: Casper Cc: "freebsd-security@FreeBSD.ORG" Subject: Re: Magic References: <3682A65B.8CFB144F@acc.am> From: Dag-Erling Smorgrav Date: 24 Dec 1998 22:45:12 +0100 In-Reply-To: Casper's message of "Fri, 25 Dec 1998 00:38:52 +0400" Message-ID: Lines: 23 X-Mailer: Gnus v5.5/Emacs 19.34 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Casper writes: > Did anyone tried to cjange loader's MAGIK in the exec's header and > recompile system ... I think it'll disallow to upload some > executable and run it on target system ...... > So if you have recompiled system , chrooting all your network > services - from telnetd till httpd, ftpd & etc. , dont place > compiler, mknod in chrooted dirs and disallow reading of executable > files ..only --x , how intruder can break this protection ? If there is any way at all an intruder can chmod an executable - *any* executable - and examine it, it will be trivial for him to spot the changed magic and create executables of his own with the correct magic. If there's no way an intruder can chmod anything, what are you worried about? He'll never be able to add execute permission to an exectuable he might have uploaded. Search the archives - there was a thread two or three months back about randomizing syscall numbers to make it hard for intruders to execute foreign executables. DES -- Dag-Erling Smorgrav - des@flood.ping.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Dec 24 14:56:27 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id OAA01546 for freebsd-security-outgoing; Thu, 24 Dec 1998 14:56:27 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from trooper.velocet.ca (host-034.canadiantire.ca [209.146.201.34]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA01538 for ; Thu, 24 Dec 1998 14:56:18 -0800 (PST) (envelope-from dgilbert@trooper.velocet.ca) Received: (from dgilbert@localhost) by trooper.velocet.ca (8.8.7/8.8.7) id RAA06040; Thu, 24 Dec 1998 17:55:44 -0500 (EST) From: David Gilbert MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <13954.50798.838080.934663@trooper.velocet.ca> Date: Thu, 24 Dec 1998 17:55:42 -0500 (EST) To: Dag-Erling Smorgrav Cc: Casper , "freebsd-security@FreeBSD.ORG" Subject: Re: Magic In-Reply-To: References: <3682A65B.8CFB144F@acc.am> X-Mailer: VM 6.62 under Emacs 19.34.2 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >>>>> "Dag-Erling" == Dag-Erling Smorgrav writes: Dag-Erling> Search the archives - there was a thread two or three Dag-Erling> months back about randomizing syscall numbers to make it Dag-Erling> hard for intruders to execute foreign executables. I've thought for some time that requiring a signature on binaries before execution would be a cool idea. Obviously, this would slow execution by some factor (although binaries could be cached as already checked), but on secure systems it would be worth it. To go farter, you could require suid executables and executables that run as certain users to be singed by more trusted keys. You might put more stringent restrictions on what root can run than other users, and still different restrictions on what executables can change their userid. Dave. -- ============================================================================ |David Gilbert, Velocet Communications. | Two things can only be | |Mail: dgilbert@velocet.net | equal if and only if they | |http://www.velocet.net/~dgilbert | are precisely opposite. | =========================================================GLO================ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Dec 24 15:34:57 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id PAA05252 for freebsd-security-outgoing; Thu, 24 Dec 1998 15:34:57 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from atdot.dotat.org (atdot.dotat.org [203.23.150.35]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA05231 for ; Thu, 24 Dec 1998 15:34:51 -0800 (PST) (envelope-from newton@atdot.dotat.org) Received: (from newton@localhost) by atdot.dotat.org (8.9.1/8.7) id KAA00819; Fri, 25 Dec 1998 10:00:33 +1030 (CST) From: Mark Newton Message-Id: <199812242330.KAA00819@atdot.dotat.org> Subject: Re: About chroot To: robert+freebsd@cyrus.watson.org Date: Fri, 25 Dec 1998 10:00:33 +1030 (CST) Cc: newton@camtech.com.au, eivind@yes.no, casper@acc.am, freebsd-security@FreeBSD.ORG In-Reply-To: from "Robert Watson" at Dec 24, 98 11:19:04 am X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Robert Watson wrote: > On Thu, 24 Dec 1998, Mark Newton wrote: > > I've submitted the patch; It's kern/9183. > > > > Does anyone want to review it? I'll commit it if there's a positive > > response (but won't if there's no response). > > Mark, > It seems like a neat idea. However, enabling vfs.hard_chroot may break > security in certain environments--in particular, environments where a > chroot is used as part of the system bootup, and where existing services > will try to use chroot to create sandboxes. Agreed. I figured those cases would make up a minority. (re: booting off a floppy) Don't people boot off CD's these days? :-) > I think a larger nastier warning note in the documentation would probably > be sufficient. Something specifically mentioning chroot web servers, > anonymous ftp, etc. Yup. They're the cases it's intended to address: Web servers, ftpd, pesky users who are put in jails by their login shell, etc. > Needless to say, also, this patch only provides limited protection against > chroot escape attempts. It prevents the user from chrooting to trick > userland utilities that rely on hard-coded paths (such as access to ld.so, > libc for getpwnam, etc). This is useful, but doesn't prevent a root user > inside the sandbox from creating device nodes, mounting file systems, etc. > And with that kind of capability, chroot won't do much. :-) Of course -- But that's relatively easy: The same check for p_rdir that's used to work out whether chroot() should fail can also be placed into mknod(2) and mount(2). I wouldn't even need to unstaticize hard_chroot to make those changes happen. If it gets more widely used, though, the p_rdir check probably should be wrapped in a function that can be called from elsewhere in the kernel to do a permission check -- if hard_chrooted() returns TRUE, fail the operation... We'd probably also want to restrict a user's ability to access LKM/KLD interfaces, assuming they're in the kernel in the first place. reboot(2) should also be restricted. Are there any others? (deny bind()ing to privileged ports? nah, that'd break ftpd, which is part of the intended audience of the patch, with very few security benefits). If we commit something like this it might be worth creating a new hard_chroot(7) manpage and referring to that out of chroot(2), mount(2), mknod(2) and any other manpages that are affected by the change. hard_chroot(7) could contain a detailed description of what the patch does and the effects it is likely to have on the types of services you mentioned above as things this patch is likely to break, as well as descriptions of what it can help with. - mark -------------------------------------------------------------------- I tried an internal modem, newton@atdot.dotat.org but it hurt when I walked. Mark Newton ----- Voice: +61-4-1958-3414 ------------- Fax: +61-8-83034403 ----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Dec 24 21:13:40 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id VAA03787 for freebsd-security-outgoing; Thu, 24 Dec 1998 21:13:40 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from fledge.watson.org (FLEDGE.RES.CMU.EDU [128.2.93.229]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id VAA03778 for ; Thu, 24 Dec 1998 21:13:37 -0800 (PST) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.8.8/8.8.8) with SMTP id AAA22608; Fri, 25 Dec 1998 00:06:46 -0500 (EST) Date: Fri, 25 Dec 1998 00:06:46 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: Barrett Richardson cc: Casper , "freebsd-security@FreeBSD.ORG" Subject: Re: Magic In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 24 Dec 1998, Barrett Richardson wrote: > On Fri, 25 Dec 1998, Casper wrote: > > > Did anyone tried to cjange loader's MAGIK in the exec's header and recompile > > system ... I think it'll disallow to upload some executable and run it on target > > system ...... > > So if you have recompiled system , chrooting all your network services - from > > telnetd till httpd, ftpd & etc. , dont place compiler, mknod in chrooted dirs > > and disallow reading of executable files ..only --x , how intruder can break > > this protection ? > > Of course i assume that system configured properly ...... > > I used a different means to the same end. I used a flag bit that > can only be set by root and require it to be set in imgact_aout.c, > imgact_elf.c and imgact_gzip.c for non root users. Wrote a util > to set the flag on files in /bin, /sbin, /usr/{bin,sbin}, > /usr/libexec, /usr/local/{bin,sbin}. Used the same return code > for a bad magic number. Whenever you try to execute a binary > that doesn't have the flag set it spits out "cannot execute > binary file". A user can even copy a system binary to his directory, > and the copy won't run -- and only root can set the flag to make it > run. Got the idea from John Dyson. > > I have been thinking of incorporating the behaviour into one of the > securelevels on my system. The problem with limitations on execve() are that it is very hard to tell when a file is exec'd :). The execve() syscall is only one possible way in which code can become executable (that is, might end up in the path of execution, and in a process that might execute it). Some examples might be-- - Perl (or any other interpretter) interpretters, especially those with optimization - Shells with scripting - Php3 support in apache - Buffer overflows in any executable (not just suid ones) - elisp in emacs - Dynamically linked applications - Debugging support The old LD_LIBRARY_PATH trick plays on the last one, but the ability to change the shared library linked against is essentially equivilent to being able to create an executable. Being able to attach with a debugger might also be equivilent, if you can change mappings on the processes address space, manipulate registers, code ordering, etc. I.e., you can attach a debugger to joe process and cause it to act however you want just by moving the instruction pointer around appropriately and single-stepping it with argument modifications to syscalls. Needless to say, any debugger that couldn't do this wouldn't be very useful :). As a simple example, I spent last night writing some simple trust analysis modifications to my FreeBSD kernel on one of my notebooks. I added a bunch of hooks around execve, chmod, etc, to monitor a) Execution of binaries owned by another user, or by a group if the file is group writable b) Creation, deletion of setuid binaries c) Modification of ownership, interesting file modes Etc. That is, interesting situations from the point of view of a formal trust model. I then added a syscall to pull down the stored records on demand from the kernel. I'll post the results in a few days. But an immediate conclusion was that most of the executable code on the system is not executed using execve() :). Much of it is shell script executed as an argument to the interpretter, instead of via the execve interpretter support. Similarly, much is dynamically linked. When you log in, the shell goes out and runs all kinds of scripts--none of this is visible via execve. Similarly, insertion of code via buffer overflow is invisible to monitoring at that level. To really crack down on this behavior, you'd have to: 1) remove dynamic linking against anything but strictly approved code 2) not allow any manipulation of a process except through io (specifically, not via a debugger where the instruction pointer can be manipulated to cause it to jump around syscalls, modify arguments, etc) 3) know that all programs do exactly what you want, and never anything else (i.e., no interpretters, no exploitable programs, etc). I have concluded that it is essentially impossible to gain any serious protection by restricting the binaries that may be run on the system. The only good approach is through proper access control on syscalls, strong authentication, and adequate protection of process resources. On the other hand, signed executables or a chflag flag will confuse the hell out of joe hacker if joe hacker is really joe script-kiddie. :-) I'm not above confusing script kiddies, but I think this flag may not actually improve security, just perceived security without significant modification of the OS. Robert N Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: 03 01 DD 8E 15 67 48 73 25 6D 10 FC EC 68 C1 1C Carnegie Mellon University http://www.cmu.edu/ TIS Labs at Network Associates, Inc. http://www.tis.com/ SafePort Network Services http://www.safeport.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Dec 26 01:36:51 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id BAA15725 for freebsd-security-outgoing; Sat, 26 Dec 1998 01:36:51 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from ol.kyrnet.kg (ol.kyrnet.kg [195.254.160.10]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id BAA15719 for ; Sat, 26 Dec 1998 01:36:45 -0800 (PST) (envelope-from mlists@gizmo.kyrnet.kg) Received: from gizmo.kyrnet.kg (IDENT:mlists@gizmo.kyrnet.kg [195.254.160.13]) by ol.kyrnet.kg (8.9.1a/8.9.1) with ESMTP id OAA10276; Sat, 26 Dec 1998 14:04:56 +0600 Received: from localhost (mlists@localhost) by gizmo.kyrnet.kg (8.9.1a/8.9.1) with ESMTP id OAA27149; Sat, 26 Dec 1998 14:34:44 +0500 Date: Sat, 26 Dec 1998 14:34:42 +0500 (KGT) From: CyberPsychotic Reply-To: fygrave@tigerteam.net To: Gustavo Vieira G C Rios cc: FreeBSD Security Subject: Re: qpopper In-Reply-To: <3681B710.66AFAD48@netshell.vicosa.com.br> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ~ Hi, i am a security paranoid, so i would like to know how secure is ~ qpopper (which is the best: qpopper or cucipop)? ~ How can i use xinetd and qpopper together? several vulneriabilities were found in qpoper implementations: the first, and the most evil one, is a buffer overflow, so consider an upgrade, if you want to use it. another, one, which existed in older ones, allowed an intruder to brute-force passwords without being noticed (and even disconnected in some cases). as for cucipop, I never used it so have no ideas. On most of my Unix systems I use pop3 daemon, which was originally developed for Linux under GNU, but could be ported to BSD easily. (basically path fixes). To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Dec 26 01:37:42 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id BAA15743 for freebsd-security-outgoing; Sat, 26 Dec 1998 01:37:42 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from ol.kyrnet.kg (ol.kyrnet.kg [195.254.160.10]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id BAA15738 for ; Sat, 26 Dec 1998 01:37:37 -0800 (PST) (envelope-from mlists@gizmo.kyrnet.kg) Received: from gizmo.kyrnet.kg (IDENT:mlists@gizmo.kyrnet.kg [195.254.160.13]) by ol.kyrnet.kg (8.9.1a/8.9.1) with ESMTP id OAA10282; Sat, 26 Dec 1998 14:05:55 +0600 Received: from localhost (mlists@localhost) by gizmo.kyrnet.kg (8.9.1a/8.9.1) with ESMTP id OAA27154; Sat, 26 Dec 1998 14:35:43 +0500 Date: Sat, 26 Dec 1998 14:35:43 +0500 (KGT) From: CyberPsychotic Reply-To: fygrave@tigerteam.net To: Barrett Richardson cc: freebsd-security@FreeBSD.ORG Subject: Re: Do I really need inetd? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ~ ~ I have all my necessary network services running as daemons. In the ~ face of recent discoveries of problems caused for inetd by nmap ~ and various things I've come to the conclusion that I really don't ~ need inetd -- another variable I can eliminated from the mix. ~ ~ Any undesirable side effects come to mind? nah.. not a one. I don't use inetd on some machines and very happy with it;) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Dec 26 06:43:51 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id GAA04330 for freebsd-security-outgoing; Sat, 26 Dec 1998 06:43:51 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA04325 for ; Sat, 26 Dec 1998 06:43:49 -0800 (PST) (envelope-from des@flood.ping.uio.no) Received: (from des@localhost) by flood.ping.uio.no (8.9.1/8.9.1) id PAA93627; Sat, 26 Dec 1998 15:43:25 +0100 (CET) (envelope-from des) To: Gustavo Vieira G C Rios Cc: FreeBSD Security Subject: Re: qpopper References: <3681B710.66AFAD48@netshell.vicosa.com.br> From: Dag-Erling Smorgrav Date: 26 Dec 1998 15:43:24 +0100 In-Reply-To: Gustavo Vieira G C Rios's message of "Thu, 24 Dec 1998 01:37:52 -0200" Message-ID: Lines: 11 X-Mailer: Gnus v5.5/Emacs 19.34 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Gustavo Vieira G C Rios writes: > Hi, i am a security paranoid, so i would like to know how secure is > qpopper (which is the best: qpopper or cucipop)? > How can i use xinetd and qpopper together? If you really were paranoid, you wouldn't run software that asks your users to type their passwords over an unencrypted TCP connection. DES -- Dag-Erling Smorgrav - des@flood.ping.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Dec 26 08:57:35 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id IAA11790 for freebsd-security-outgoing; Sat, 26 Dec 1998 08:57:35 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from roble.com (gw4.roble.com [199.108.85.10]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA11785 for ; Sat, 26 Dec 1998 08:57:33 -0800 (PST) (envelope-from sendmail@roble.com) Received: from roble3.roble.com (roble3.roble.com [207.5.40.53]) by roble.com (Roble1b) with SMTP id IAA14952 for ; Sat, 26 Dec 1998 08:57:20 -0800 (PST) Date: Sat, 26 Dec 1998 08:57:17 -0800 (PST) From: Roger Marquis To: security@FreeBSD.ORG Subject: Re: Do I really need inetd? Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org "Kurt D. Zeilenga" wrote: >If you have IP aliases/addresses, I recommend you use the -a option such >that inetd only listens on address you expect the services to be obtained >under. > inetd -a 127.0.0.1 /etc/inetd-local.conf > ... The -a parameter is a great feature of FreeBSD inetd. I hope future versions will accept multiple IP addresses. Under 2.2.7, if you need to run an ftpd on say 12 specific IPs, you'll need to run 12 inetds. It would be cleaner if either one -a understood multiple IPs: inetd /etc/inetd.conf.ftp -a 192.168.1.10 192.168.1.11 [...] or if inetd understood multiple -a flags: inetd /etc/inetd.conf.ftp -a 192.168.1.10 -a 192.168.1.11 [...] -- Roger Marquis Roble Systems Consulting http://www.roble.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Dec 26 09:13:54 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA13295 for freebsd-security-outgoing; Sat, 26 Dec 1998 09:13:54 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from phoenix (phoenix.aye.net [206.185.8.134]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id JAA13290 for ; Sat, 26 Dec 1998 09:13:52 -0800 (PST) (envelope-from brich@aye.net) Received: (qmail 20163 invoked by uid 7506); 26 Dec 1998 17:11:14 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 26 Dec 1998 17:11:14 -0000 Date: Sat, 26 Dec 1998 12:11:14 -0500 (EST) From: Barrett Richardson To: Robert Watson cc: Casper , "freebsd-security@FreeBSD.ORG" Subject: Re: Magic In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 25 Dec 1998, Robert Watson wrote: > On Thu, 24 Dec 1998, Barrett Richardson wrote: > > > On Fri, 25 Dec 1998, Casper wrote: > > > > > Did anyone tried to cjange loader's MAGIK in the exec's header and recompile > > > system ... I think it'll disallow to upload some executable and run it on target > > > system ...... > > > So if you have recompiled system , chrooting all your network services - from > > > telnetd till httpd, ftpd & etc. , dont place compiler, mknod in chrooted dirs > > > and disallow reading of executable files ..only --x , how intruder can break > > > this protection ? > > > Of course i assume that system configured properly ...... > > > > I used a different means to the same end. I used a flag bit that > > can only be set by root and require it to be set in imgact_aout.c, > > imgact_elf.c and imgact_gzip.c for non root users. Wrote a util > > to set the flag on files in /bin, /sbin, /usr/{bin,sbin}, > > /usr/libexec, /usr/local/{bin,sbin}. Used the same return code > > for a bad magic number. Whenever you try to execute a binary > > that doesn't have the flag set it spits out "cannot execute > > binary file". A user can even copy a system binary to his directory, > > and the copy won't run -- and only root can set the flag to make it > > run. Got the idea from John Dyson. > > > > I have been thinking of incorporating the behaviour into one of the > > securelevels on my system. > > The problem with limitations on execve() are that it is very hard to tell > when a file is exec'd :). The execve() syscall is only one possible way > in which code can become executable (that is, might end up in the path of > execution, and in a process that might execute it). Some examples might > be-- > > - Perl (or any other interpretter) interpretters, especially those with > optimization > - Shells with scripting > - Php3 support in apache > - Buffer overflows in any executable (not just suid ones) > - elisp in emacs > - Dynamically linked applications > - Debugging support > > The old LD_LIBRARY_PATH trick plays on the last one, but the ability to > change the shared library linked against is essentially equivilent to > being able to create an executable. Being able to attach with a debugger > might also be equivilent, if you can change mappings on the processes > address space, manipulate registers, code ordering, etc. I.e., you can > attach a debugger to joe process and cause it to act however you want just > by moving the instruction pointer around appropriately and single-stepping > it with argument modifications to syscalls. Needless to say, any debugger > that couldn't do this wouldn't be very useful :). > > As a simple example, I spent last night writing some simple trust analysis > modifications to my FreeBSD kernel on one of my notebooks. I added a > bunch of hooks around execve, chmod, etc, to monitor > > a) Execution of binaries owned by another user, or by a group if the file > is group writable > b) Creation, deletion of setuid binaries > c) Modification of ownership, interesting file modes > > Etc. That is, interesting situations from the point of view of a formal > trust model. I then added a syscall to pull down the stored records on > demand from the kernel. I'll post the results in a few days. But an > immediate conclusion was that most of the executable code on the system is > not executed using execve() :). Much of it is shell script executed as an > argument to the interpretter, instead of via the execve interpretter > support. Similarly, much is dynamically linked. When you log in, the > shell goes out and runs all kinds of scripts--none of this is visible via > execve. Similarly, insertion of code via buffer overflow is invisible to > monitoring at that level. > > To really crack down on this behavior, you'd have to: > > 1) remove dynamic linking against anything but strictly approved code > 2) not allow any manipulation of a process except through io > (specifically, not via a debugger where the instruction pointer can be > manipulated to cause it to jump around syscalls, modify arguments, etc) > 3) know that all programs do exactly what you want, and never anything > else (i.e., no interpretters, no exploitable programs, etc). > > I have concluded that it is essentially impossible to gain any serious > protection by restricting the binaries that may be run on the system. The > only good approach is through proper access control on syscalls, strong > authentication, and adequate protection of process resources. > > On the other hand, signed executables or a chflag flag will confuse the > hell out of joe hacker if joe hacker is really joe script-kiddie. :-) > I'm not above confusing script kiddies, but I think this flag may not > actually improve security, just perceived security without significant > modification of the OS. > > Robert N Watson Although an imperfect model I still think it useful. One can hardcode LD_LIBRARY_PATH in ld.so, shell scripts don't interpret binaries, user access can be removed from the debugger -- but perl, that is a bummer. In any event joe cracker has, as of yet, not been a problem for us but the dollars joe script kiddie has cost us is approaching six figures. To me expending resources of an attacker equates to more security (11 character passwords are more secure than 5 character passwords because it takes more resources to break) and I have added another hurdle for an attacker to overcome; made it less appealing to upload a suite of cracker utils from rootshell.com and attempt to run them on my system. An added bonus is that joe user cannot upload and run software packages of his choosing without my approval. -- Barrett > > robert@fledge.watson.org http://www.watson.org/~robert/ > PGP key fingerprint: 03 01 DD 8E 15 67 48 73 25 6D 10 FC EC 68 C1 1C > > Carnegie Mellon University http://www.cmu.edu/ > TIS Labs at Network Associates, Inc. http://www.tis.com/ > SafePort Network Services http://www.safeport.com/ > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Dec 26 13:47:49 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id NAA04934 for freebsd-security-outgoing; Sat, 26 Dec 1998 13:47:49 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from wind.freenet.am ([194.151.101.35]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA04912 for ; Sat, 26 Dec 1998 13:47:27 -0800 (PST) (envelope-from casper@acc.am) Received: from lemming.acc.am (acc.freenet.am [194.151.101.251]) by wind.freenet.am (8.9.1/8.9.1) with ESMTP id BAA28588 for ; Sun, 27 Dec 1998 01:46:34 +0400 (GMT) Received: from acc.am (acc.freenet.am [194.151.101.251]) by lemming.acc.am (8.9.1a/8.9.1) with ESMTP id BAA07697 for ; Sun, 27 Dec 1998 01:52:27 +0400 (AMT) Message-ID: <36855859.5D0BD741@acc.am> Date: Sun, 27 Dec 1998 01:42:49 +0400 From: Casper Organization: Armenian Computer Center X-Mailer: Mozilla 4.5 [en] (Win98; I) X-Accept-Language: ru,en MIME-Version: 1.0 To: "freebsd-security@FreeBSD.ORG" Subject: Re: Magic References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Yep! Imm agree with Barret t , it's a most secure way , i think ........ Can You nd me this patches , i wonna work on it ..... What about include in some secure level facility to disable read of any file if it begins with magic by user (may be by any user, including root) ? It will disable read of these files .... of course intruder can bruteforce by changing megic of file & looking to response :) ... but itlll take a lot of time ... Barrett Richardson wrote: > > On Fri, 25 Dec 1998, Robert Watson wrote: > > > On Thu, 24 Dec 1998, Barrett Richardson wrote: > > > > > On Fri, 25 Dec 1998, Casper wrote: > > > > > > > Did anyone tried to cjange loader's MAGIK in the exec's header and recompile > > > > system ... I think it'll disallow to upload some executable and run it on target > > > > system ...... > > > > So if you have recompiled system , chrooting all your network services - from > > > > telnetd till httpd, ftpd & etc. , dont place compiler, mknod in chrooted dirs > > > > and disallow reading of executable files ..only --x , how intruder can break > > > > this protection ? > > > > Of course i assume that system configured properly ...... > > > > > > I used a different means to the same end. I used a flag bit that > > > can only be set by root and require it to be set in imgact_aout.c, > > > imgact_elf.c and imgact_gzip.c for non root users. Wrote a util > > > to set the flag on files in /bin, /sbin, /usr/{bin,sbin}, > > > /usr/libexec, /usr/local/{bin,sbin}. Used the same return code > > > for a bad magic number. Whenever you try to execute a binary > > > that doesn't have the flag set it spits out "cannot execute > > > binary file". A user can even copy a system binary to his directory, > > > and the copy won't run -- and only root can set the flag to make it > > > run. Got the idea from John Dyson. > > > > > > I have been thinking of incorporating the behaviour into one of the > > > securelevels on my system. > > > > The problem with limitations on execve() are that it is very hard to tell > > when a file is exec'd :). The execve() syscall is only one possible way > > in which code can become executable (that is, might end up in the path of > > execution, and in a process that might execute it). Some examples might > > be-- > > > > - Perl (or any other interpretter) interpretters, especially those with > > optimization > > - Shells with scripting > > - Php3 support in apache > > - Buffer overflows in any executable (not just suid ones) > > - elisp in emacs > > - Dynamically linked applications > > - Debugging support > > > > The old LD_LIBRARY_PATH trick plays on the last one, but the ability to > > change the shared library linked against is essentially equivilent to > > being able to create an executable. Being able to attach with a debugger > > might also be equivilent, if you can change mappings on the processes > > address space, manipulate registers, code ordering, etc. I.e., you can > > attach a debugger to joe process and cause it to act however you want just > > by moving the instruction pointer around appropriately and single-stepping > > it with argument modifications to syscalls. Needless to say, any debugger > > that couldn't do this wouldn't be very useful :). > > > > As a simple example, I spent last night writing some simple trust analysis > > modifications to my FreeBSD kernel on one of my notebooks. I added a > > bunch of hooks around execve, chmod, etc, to monitor > > > > a) Execution of binaries owned by another user, or by a group if the file > > is group writable > > b) Creation, deletion of setuid binaries > > c) Modification of ownership, interesting file modes > > > > Etc. That is, interesting situations from the point of view of a formal > > trust model. I then added a syscall to pull down the stored records on > > demand from the kernel. I'll post the results in a few days. But an > > immediate conclusion was that most of the executable code on the system is > > not executed using execve() :). Much of it is shell script executed as an > > argument to the interpretter, instead of via the execve interpretter > > support. Similarly, much is dynamically linked. When you log in, the > > shell goes out and runs all kinds of scripts--none of this is visible via > > execve. Similarly, insertion of code via buffer overflow is invisible to > > monitoring at that level. > > > > To really crack down on this behavior, you'd have to: > > > > 1) remove dynamic linking against anything but strictly approved code > > 2) not allow any manipulation of a process except through io > > (specifically, not via a debugger where the instruction pointer can be > > manipulated to cause it to jump around syscalls, modify arguments, etc) > > 3) know that all programs do exactly what you want, and never anything > > else (i.e., no interpretters, no exploitable programs, etc). > > > > I have concluded that it is essentially impossible to gain any serious > > protection by restricting the binaries that may be run on the system. The > > only good approach is through proper access control on syscalls, strong > > authentication, and adequate protection of process resources. > > > > On the other hand, signed executables or a chflag flag will confuse the > > hell out of joe hacker if joe hacker is really joe script-kiddie. :-) > > I'm not above confusing script kiddies, but I think this flag may not > > actually improve security, just perceived security without significant > > modification of the OS. > > > > Robert N Watson > > Although an imperfect model I still think it useful. One can hardcode > LD_LIBRARY_PATH in ld.so, shell scripts don't interpret binaries, > user access can be removed from the debugger -- but perl, > that is a bummer. In any event joe cracker has, as of yet, not been > a problem for us but the dollars joe script kiddie has cost us is > approaching six figures. To me expending resources of an attacker > equates to more security (11 character passwords are more secure > than 5 character passwords because it takes more resources to break) > and I have added another hurdle for an attacker to overcome; made > it less appealing to upload a suite of cracker utils from > rootshell.com and attempt to run them on my system. > > An added bonus is that joe user cannot upload and run software > packages of his choosing without my approval. > > -- > > Barrett > > > > > robert@fledge.watson.org http://www.watson.org/~robert/ > > PGP key fingerprint: 03 01 DD 8E 15 67 48 73 25 6D 10 FC EC 68 C1 1C > > > > Carnegie Mellon University http://www.cmu.edu/ > > TIS Labs at Network Associates, Inc. http://www.tis.com/ > > SafePort Network Services http://www.safeport.com/ > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message