From owner-freebsd-security Sun Aug 1 4:16:15 1999 Delivered-To: freebsd-security@freebsd.org Received: from prioris.im.pw.edu.pl (prioris.im.pw.edu.pl [148.81.80.7]) by hub.freebsd.org (Postfix) with ESMTP id DF38814D8C; Sun, 1 Aug 1999 04:16:03 -0700 (PDT) (envelope-from zaks@prioris.im.pw.edu.pl) Received: from pd92.warszawa.ppp.tpnet.pl ([212.160.55.92]:4868 "EHLO localhost") by prioris.im.pw.edu.pl with ESMTP id ; Sun, 1 Aug 1999 13:15:13 +0200 Received: from zaks by localhost with local (Exim 2.05 #1 (Debian)) id 11AI5O-00003i-00; Fri, 30 Jul 1999 21:12:54 +0200 To: "Andy V. Oleynik" Cc: freebsd-ports@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: Extracted files' permissions References: <19990729161457.A727@prioris.im.pw.edu.pl> <37A16CEF.657AE236@prime.net.ua> From: Slawek Zak Date: 30 Jul 1999 21:12:54 +0200 In-Reply-To: "Andy V. Oleynik"'s message of "Fri, 30 Jul 1999 12:14:23 +0300" Message-ID: <87btcut0i1.fsf@prioris.im.pw.edu.pl> Lines: 12 Organization: Kamikaze leming squadron User-Agent: Gnus/5.070095 (Pterodactyl Gnus v0.95) XEmacs/21.1 (Arches) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ** "Andy V. Oleynik" wrote: Andy> It's not seldom situation when creator creates package under Andy> its own uid/gid which may not exist on other systems. Dont Andy> worry about it. Just write perl script which read package Andy> list and chown 0:0 all the stuff :) Slawek Zak wrote: Yes, but don't forget about suid/sgid/world-writeable files right ? :) -- * Suavek Zak (Systems Administrator) * email: zaks@im.pw.edu.pl voice: +48 (0) 22 674 66 79 * PGP v2.6: 2048/9A7CBF71, finger://zaks@prioris.im.pw.edu.pl To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Aug 1 14:24:56 1999 Delivered-To: freebsd-security@freebsd.org Received: from w2xo.pgh.pa.us (w2xo.pgh.pa.us [206.210.70.5]) by hub.freebsd.org (Postfix) with ESMTP id C372414DE2 for ; Sun, 1 Aug 1999 14:24:52 -0700 (PDT) (envelope-from durham@w2xo.pgh.pa.us) Received: from w2xo.pgh.pa.us (shazam.internal [10.0.0.3]) by w2xo.pgh.pa.us (8.9.2/8.9.1) with ESMTP id VAA07339; Sun, 1 Aug 1999 21:23:38 GMT (envelope-from durham@w2xo.pgh.pa.us) Message-ID: <37A4BADC.4CCC3CA0@w2xo.pgh.pa.us> Date: Sun, 01 Aug 1999 17:23:40 -0400 From: "James C. Durham" Organization: dis- X-Mailer: Mozilla 4.61 [en] (X11; U; FreeBSD 3.2-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: Warner Losh Cc: freebsd-security@FreeBSD.ORG Subject: Re: SSH2 Won't forward priviledged ports References: <379E85A1.1E734862@w2xo.pgh.pa.us> <199907310543.XAA86286@harmony.village.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Warner Losh wrote: > > In message <379E85A1.1E734862@w2xo.pgh.pa.us> "James C. Durham" writes: > : I can forward ports > 1024, but not < 1024. > > Feature. Unless you are root, you cannot bind to those ports. > > : Somehow, even though I'm being authenticated as root > : for login purposes, I'm not being authenticated for port > : forwarding. I've made keys for both the client and > : server machines for root. > > Are you root on the client machine, if not then your ssh My apologies. I thought I had posted to this group with the resolution of my problems, but in case I did not, rebooting the server fixed the problem. Several of us discussed this and it seems that something must still have been listening on those ports, even though I had commented out those services in inetd.conf and issued a kill -1 to inetd (at least I *think* I did!). The group's best guess was that I forgot to do the kill -1 . They're probably right... regards, -- Jim Durham To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Aug 1 23:50:10 1999 Delivered-To: freebsd-security@freebsd.org Received: from hotmail.com (f318.hotmail.com [207.82.250.238]) by hub.freebsd.org (Postfix) with SMTP id 55D4714F49 for ; Sun, 1 Aug 1999 23:50:08 -0700 (PDT) (envelope-from madrapour@hotmail.com) Received: (qmail 91482 invoked by uid 0); 2 Aug 1999 06:50:01 -0000 Message-ID: <19990802065001.91481.qmail@hotmail.com> Received: from 195.96.144.201 by www.hotmail.com with HTTP; Sun, 01 Aug 1999 23:50:00 PDT X-Originating-IP: [195.96.144.201] From: "N. N.M" To: freebsd-security@FreeBSD.ORG Subject: Increasing SYN-ACK queue Date: Sun, 01 Aug 1999 23:50:00 PDT Mime-Version: 1.0 Content-Type: text/plain; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi everybody, As I learned, the "increasing the size of the connection queue (SYN-ACK queue)" and also "decreasing the time-out waiting for 3-way handshaking" are necessary for a host to decrease the probabilty of DoS (Denial of Service) attack. Could anyone tell me how I can manipulate these two options in FreeBSD? thanks in advance, Nazila ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Aug 2 2:59:29 1999 Delivered-To: freebsd-security@freebsd.org Received: from admin.cdotb.ernet.in (admin.cdotb.ernet.in [202.41.72.2]) by hub.freebsd.org (Postfix) with SMTP id 8288B1504A for ; Mon, 2 Aug 1999 02:59:01 -0700 (PDT) (envelope-from amit@cdotb.ernet.in) Received: from ws9.cdotb.ernet.in by admin.cdotb.ernet.in (SMI-8.6/SMI-SVR4) id PAA13287; Mon, 2 Aug 1999 15:26:58 -0500 Received: from localhost by ws9.cdotb.ernet.in (5.65v4.0/1.1.19.2/15Dec98-0204PM) id AA03081; Mon, 2 Aug 1999 15:27:16 +0500 Date: Mon, 2 Aug 1999 15:27:16 +0500 (GMT+0500) From: "Amit Kr.Jain" To: "N. N.M" Cc: freebsd-security@FreeBSD.ORG Subject: Re: Increasing SYN-ACK queue In-Reply-To: <19990802065001.91481.qmail@hotmail.com> Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi!! The size of connection queue can be specified as the second argument of listen system call and the time out can be specified by using the connect with a time out. amit. ******************************************************************************* WORK HOME ------ ------ Amit Kr Jain, Flat No 7/2 (Research Engineer), 7th cross C-DOT, KHM Block 2nd floor, Sneha Complex, Opp Shanti Sagar. 71/1 Miller Road, R.T.Nagar BANGALORE - 560052 BANGALORE. Voice - 080-2263399 ext 247/329 080-2261529 email: amit@cdotb.ernet.in ******************************************************************************* On Sun, 1 Aug 1999, N. N.M wrote: > Hi everybody, > > As I learned, the "increasing the size of the connection queue (SYN-ACK > queue)" and also "decreasing the time-out waiting for 3-way handshaking" are > necessary for a host to decrease the probabilty of DoS (Denial of Service) > attack. Could anyone tell me how I can manipulate these two options in > FreeBSD? > > thanks in advance, > Nazila > > > ______________________________________________________ > Get Your Private, Free Email at http://www.hotmail.com > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Aug 2 7:41:56 1999 Delivered-To: freebsd-security@freebsd.org Received: from prioris.im.pw.edu.pl (prioris.im.pw.edu.pl [148.81.80.7]) by hub.freebsd.org (Postfix) with ESMTP id CC3A514C27 for ; Mon, 2 Aug 1999 07:41:51 -0700 (PDT) (envelope-from zaks@prioris.im.pw.edu.pl) Received: from pd240.warszawa.ppp.tpnet.pl ([212.160.55.240]:1540 "EHLO localhost") by prioris.im.pw.edu.pl with ESMTP id ; Mon, 2 Aug 1999 16:40:56 +0200 Received: from zaks by localhost with local (Exim 2.05 #1 (Debian)) id 11BIyZ-00004j-00; Mon, 2 Aug 1999 16:22:03 +0200 To: freebsd-security@FreeBSD.ORG Subject: Re: Increasing SYN-ACK queue References: From: Slawek Zak Date: 02 Aug 1999 16:22:03 +0200 In-Reply-To: "Amit Kr.Jain"'s message of "Mon, 2 Aug 1999 15:27:16 +0500 (GMT+0500)" Message-ID: <87r9lms1o4.fsf@prioris.im.pw.edu.pl> Lines: 14 Organization: Kamikaze leming squadron User-Agent: Gnus/5.070095 (Pterodactyl Gnus v0.95) XEmacs/21.1 (Arches) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ** "Amit Kr.Jain" wrote: Amit> Hi!! Amit> The size of connection queue can be specified as the second Amit> argument of listen system call and the time out can be Amit> specified by using the connect with a time out. I think that the original poster aked about the default value for all connections. Is there any way to do this ? -- * Suavek Zak (Systems Administrator) * email: zaks@im.pw.edu.pl voice: +48 (0) 22 674 66 79 * PGP v2.6: 2048/9A7CBF71, finger://zaks@prioris.im.pw.edu.pl To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Aug 2 12:38:26 1999 Delivered-To: freebsd-security@freebsd.org Received: from frmug.org (frmug-gw.frmug.org [193.56.58.252]) by hub.freebsd.org (Postfix) with ESMTP id 6573714E8A for ; Mon, 2 Aug 1999 12:38:20 -0700 (PDT) (envelope-from roberto@keltia.freenix.fr) Received: (from uucp@localhost) by frmug.org (8.9.1/frmug-2.3/nospam) with UUCP id VAA06309 for freebsd-security@FreeBSD.ORG; Mon, 2 Aug 1999 21:37:42 +0200 (CEST) (envelope-from roberto@keltia.freenix.fr) Received: by keltia.freenix.fr (Postfix, from userid 101) id 1F12B8861; Mon, 2 Aug 1999 21:19:00 +0200 (CEST) (envelope-from roberto) Date: Mon, 2 Aug 1999 21:19:00 +0200 From: Ollivier Robert To: freebsd-security@FreeBSD.ORG Subject: Re: Increasing SYN-ACK queue Message-ID: <19990802211900.A28010@keltia.freenix.fr> Mail-Followup-To: freebsd-security@FreeBSD.ORG References: <87r9lms1o4.fsf@prioris.im.pw.edu.pl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii User-Agent: Mutt/0.95.5i In-Reply-To: <87r9lms1o4.fsf@prioris.im.pw.edu.pl>; from Slawek Zak on Mon, Aug 02, 1999 at 04:22:03PM +0200 X-Operating-System: FreeBSD 4.0-CURRENT/ELF ctm#5468 AMD-K6 MMX @ 200 MHz Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org According to Slawek Zak: > I think that the original poster aked about the default value for all > connections. Is there any way to do this ? Increase the following variable: kern.ipc.somaxconn: 128 -- Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- roberto@keltia.freenix.fr FreeBSD keltia.freenix.fr 4.0-CURRENT #72: Mon Jul 12 08:26:43 CEST 1999 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Aug 3 6: 7:43 1999 Delivered-To: freebsd-security@freebsd.org Received: from hotmail.com (f22.hotmail.com [207.82.251.202]) by hub.freebsd.org (Postfix) with SMTP id 03B1114DDE for ; Tue, 3 Aug 1999 06:07:41 -0700 (PDT) (envelope-from madrapour@hotmail.com) Received: (qmail 13892 invoked by uid 0); 3 Aug 1999 13:07:01 -0000 Message-ID: <19990803130701.13891.qmail@hotmail.com> Received: from 195.96.144.201 by www.hotmail.com with HTTP; Tue, 03 Aug 1999 06:07:01 PDT X-Originating-IP: [195.96.144.201] From: "N. N.M" To: freebsd-security@FreeBSD.ORG Subject: Re: Increasing SYN-ACK queue Date: Tue, 03 Aug 1999 06:07:01 PDT Mime-Version: 1.0 Content-Type: text/plain; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >According to Slawek Zak: >>I think that the original poster aked about the default value for all >>connections. Is there any way to do this ? > >Increase the following variable: > >kern.ipc.somaxconn: 128 >-- >Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- Thanks all for your replies. Slawek is right, I wanted to know how I can increase the size of "SYN-ACK queue" and also decrease the "time-out waiting", both for all TCP connections. This will reduce the probabilty of being a victem of SYN Attack. Anyway, "kern.ipc.somaxconn" variable seems to be related to "SYN-ACK queue". Does anybody know about the variable related to "time-out waiting" which this is the amount of time that a connection is allowed to stay in a half-open state. Beside, what considerations must be concerned when changing the amount of these variables? Is there any fixed and tested amount for them? thanks, Nazila ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Aug 3 9:20:16 1999 Delivered-To: freebsd-security@freebsd.org Received: from fed-ef1.frb.gov (fed.frb.gov [132.200.32.32]) by hub.freebsd.org (Postfix) with ESMTP id 3AA5114DEA for ; Tue, 3 Aug 1999 09:20:12 -0700 (PDT) (envelope-from seth@freebie.dp.ny.frb.org) Received: by fed-ef1.frb.gov; id MAA01148; Tue, 3 Aug 1999 12:18:33 -0400 (EDT) Received: from m1pmdf.frb.gov(192.168.3.38) by fed.frb.gov via smap (V4.2) id xma001046; Tue, 3 Aug 99 12:18:22 -0400 Date: Tue, 03 Aug 1999 12:18:18 -0400 (EDT) From: Seth Subject: chflags() [heads up] (fwd) To: security@freebsd.org Message-id: MIME-version: 1.0 Content-type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org FYI... this hit bugtraq today. SB ---------- Forwarded message ---------- Date: Sun, 01 Aug 1999 19:20:45 +0300 From: Adam Morrison To: BUGTRAQ@SECURITYFOCUS.COM Subject: chflags() [heads up] >From the OpenBSD change logs: RCS file: /cvs/src/sys/kern/vfs_syscalls.c,v ---------------------------- revision 1.59 date: 1999/07/30 18:27:47; author: deraadt; state: Exp; lines: +20 -1 do not permit regular users to chflags/fchflags on chr or blk devices -- even if they happen to own them at the moment. NetBSD-current has this fixed as of the following revision of vfs_syscalls.c. $NetBSD: vfs_syscalls.c,v 1.146 1999/07/31 03:18:43 christos >From quick inspection, FreeBSD appears to be vulnerable. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Aug 3 13:21:54 1999 Delivered-To: freebsd-security@freebsd.org Received: from garlic.acadiau.ca (garlic.acadiau.ca [131.162.2.48]) by hub.freebsd.org (Postfix) with ESMTP id 8418814D4E for ; Tue, 3 Aug 1999 13:21:45 -0700 (PDT) (envelope-from 026809r@dragon.acadiau.ca) Received: from dragon (dragon.acadiau.ca [131.162.200.56]) by garlic.acadiau.ca (8.8.5/8.8.5) with ESMTP id RAA13944 for ; Tue, 3 Aug 1999 17:21:23 -0300 (ADT) Date: Tue, 3 Aug 1999 17:21:22 -0300 (ADT) From: Michael Richards <026809r@dragon.acadiau.ca> X-Sender: 026809r@dragon To: security@freebsd.org Subject: Odd ICMP packets being logged Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi. I'm seeing some odd packets being logged via my ipf. I've looked around but not really found any good resources on ipfilter/ipnat. I can't find this documented: 03/08/1999 17:03:03.370491 vx0 @0:5 b ###.###.###.### -> 10.23.3.2 PR icmp len 20 43 icmp 8/0 10.23.3.2 is my internal address that my ISP has set up with their messed up PIX NAT system. Here are my rules: # Nasty Packets: # Block any packets which are too short to be real. block in log quick all with short # Block any packets with source routing set block in log quick all with opt lsrr block in log quick all with opt ssrr # nasty ports we don't allow block return-rst in log quick on vx0 proto tcp from any to any port = 23 block return-rst in log quick on vx0 proto tcp from any to any port = 25 block return-rst in log quick on vx0 proto tcp from any to any port = 137 block return-rst in log quick on vx0 proto tcp from any to any port = 139 block return-rst in log quick on vx0 proto tcp from any to any port = 1080 block return-rst in log quick on vx0 proto tcp from any to any port = 31337 block return-icmp(net-unr) in log on vx0 proto udp from any to any port = 1080 I suspect that they may be coming from the last rule because that's the only thing that says anything about ICMPs. Can anyone shed light on this, or even point me to a resource that explains ipf's log format? thanks -Michael To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Aug 3 15:44:48 1999 Delivered-To: freebsd-security@freebsd.org Received: from cheops.anu.edu.au (cheops.anu.edu.au [150.203.76.24]) by hub.freebsd.org (Postfix) with ESMTP id F352D14BF4 for ; Tue, 3 Aug 1999 15:44:43 -0700 (PDT) (envelope-from avalon@cheops.anu.edu.au) Received: (from avalon@localhost) by cheops.anu.edu.au (8.9.1/8.9.1) id IAA27809; Wed, 4 Aug 1999 08:42:24 +1000 (EST) From: Darren Reed Message-Id: <199908032242.IAA27809@cheops.anu.edu.au> Subject: Re: Odd ICMP packets being logged To: 026809r@dragon.acadiau.ca (Michael Richards) Date: Wed, 4 Aug 1999 08:42:24 +1000 (EST) Cc: security@FreeBSD.ORG In-Reply-To: from "Michael Richards" at Aug 3, 99 05:21:22 pm X-Mailer: ELM [version 2.4 PL23] Content-Type: text Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In some mail from Michael Richards, sie said: > > Hi. > I'm seeing some odd packets being logged via my ipf. I've looked around > but not really found any good resources on ipfilter/ipnat. I can't find > this documented: > 03/08/1999 17:03:03.370491 vx0 @0:5 b ###.###.###.### -> 10.23.3.2 PR icmp > len 20 43 icmp 8/0 Date Time interface group:rule block sourceIP -> destip PR protocol len ip-header-length ip-length icmp type/code It's actually coming from rule #5. Type 8 is ECHO so it's a ping packet. Darren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Aug 3 16:27: 5 1999 Delivered-To: freebsd-security@freebsd.org Received: from garlic.acadiau.ca (garlic.acadiau.ca [131.162.2.48]) by hub.freebsd.org (Postfix) with ESMTP id 1273E14C46 for ; Tue, 3 Aug 1999 16:27:02 -0700 (PDT) (envelope-from 026809r@dragon.acadiau.ca) Received: from dragon (dragon.acadiau.ca [131.162.200.56]) by garlic.acadiau.ca (8.8.5/8.8.5) with ESMTP id UAA20328; Tue, 3 Aug 1999 20:25:14 -0300 (ADT) Date: Tue, 3 Aug 1999 20:25:12 -0300 (ADT) From: Michael Richards <026809r@dragon.acadiau.ca> X-Sender: 026809r@dragon To: Darren Reed Cc: security@FreeBSD.ORG Subject: Re: Odd ICMP packets being logged In-Reply-To: <199908032242.IAA27809@cheops.anu.edu.au> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 4 Aug 1999, Darren Reed wrote: > > I'm seeing some odd packets being logged via my ipf. I've looked around > > but not really found any good resources on ipfilter/ipnat. I can't find > > this documented: > > 03/08/1999 17:03:03.370491 vx0 @0:5 b ###.###.###.### -> 10.23.3.2 PR icmp > > len 20 43 icmp 8/0 > > Date Time interface group:rule block sourceIP -> destip PR protocol len > ip-header-length ip-length icmp type/code > > It's actually coming from rule #5. Type 8 is ECHO so it's a ping packet. Hrm. That's kinda odd... Rule #5 is: block return-rst in log quick on vx0 proto tcp from any to any port = 25 Can't see why that would be logging an ICMP... -Michael To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Aug 3 18:29:25 1999 Delivered-To: freebsd-security@freebsd.org Received: from ares.maths.adelaide.edu.au (Ares.maths.adelaide.edu.au [129.127.44.147]) by hub.freebsd.org (Postfix) with ESMTP id B43F914DBC for ; Tue, 3 Aug 1999 18:29:19 -0700 (PDT) (envelope-from glewis@ares.maths.adelaide.edu.au) Received: (from glewis@localhost) by ares.maths.adelaide.edu.au (8.9.3/8.9.3) id KAA65877; Wed, 4 Aug 1999 10:58:50 +0930 (CST) (envelope-from glewis) From: Greg Lewis Message-Id: <199908040128.KAA65877@ares.maths.adelaide.edu.au> Subject: Re: chflags() [heads up] (fwd) In-Reply-To: from Seth at "Aug 3, 1999 12:18:18 pm" To: Seth Date: Wed, 4 Aug 1999 10:58:50 +0930 (CST) Cc: security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL56 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > FYI... this hit bugtraq today. > > SB > > ---------- Forwarded message ---------- > Date: Sun, 01 Aug 1999 19:20:45 +0300 > From: Adam Morrison > To: BUGTRAQ@SECURITYFOCUS.COM > Subject: chflags() [heads up] > > >From the OpenBSD change logs: > > RCS file: /cvs/src/sys/kern/vfs_syscalls.c,v > ---------------------------- > revision 1.59 > date: 1999/07/30 18:27:47; author: deraadt; state: Exp; lines: +20 -1 > do not permit regular users to chflags/fchflags on chr or blk devices -- > even if they happen to own them at the moment. > > NetBSD-current has this fixed as of the following revision of > vfs_syscalls.c. > > $NetBSD: vfs_syscalls.c,v 1.146 1999/07/31 03:18:43 christos > > >From quick inspection, FreeBSD appears to be vulnerable. Already fixed by the looks of it :) 1.112.2.4 Mon Aug 2 21:37:25 1999 UTC by imp Branch: RELENG_3 MFC: 1.126 only root sets flags on devices 1.126 Mon Aug 2 21:34:46 1999 UTC by imp Only allow root to set file flags on devices. -- Greg Lewis glewis@trc.adelaide.edu.au Computing Officer +61 8 8303 5083 Teletraffic Research Centre To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 5 14:36: 4 1999 Delivered-To: freebsd-security@freebsd.org Received: from poboxer.pobox.com (ferg5200-1-11.cpinternet.com [208.149.16.11]) by hub.freebsd.org (Postfix) with ESMTP id 3C5671557B for ; Thu, 5 Aug 1999 14:35:25 -0700 (PDT) (envelope-from alk@poboxer.pobox.com) Received: (from alk@localhost) by poboxer.pobox.com (8.9.3/8.9.1) id QAA24335; Thu, 5 Aug 1999 16:34:17 -0500 (CDT) (envelope-from alk) From: Anthony Kimball MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Date: Thu, 5 Aug 1999 16:34:05 -0500 (CDT) X-Face: \h9Jg:Cuivl4S*UP-)gO.6O=T]]@ncM*tn4zG);)lk#4|lqEx=*talx?.Gk,dMQU2)ptPC17cpBzm(l'M|H8BUF1&]dDCxZ.c~Wy6-j,^V1E(NtX$FpkkdnJixsJHE95JlhO 5\M3jh'YiO7KPCn0~W`Ro44_TB@&JuuqRqgPL'0/{):7rU-%.*@/>q?1&Ed Reply-To: alk@pobox.com To: freebsd-security@freebsd.org Subject: group bits X-Mailer: VM 6.43 under 20.4 "Emerald" XEmacs Lucid Message-ID: <14249.52685.50332.808817@avalon.east> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I'd like to obtain a consensus guideline on an an issue which is treated inconsistently in FreeBSD's user space: Is it true, as I believe, that group rwx bits are the principal correct and appropriate mechanism to allow a specific group of users to control aspects of system administration which are protected from control by the body of users at large? My specific motivation is that everytime I cvsup, I have to patch sendmail and ppp to suppress their group-writable-config errors/warnings. If a clear consensus existed that these errors/warnings were spurious, then a PR might have a snowball's chance of remedying the situation. If not, then at least I could give up one wasted quixotic hope. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Aug 5 17:41:39 1999 Delivered-To: freebsd-security@freebsd.org Received: from xylan.com (postal.xylan.com [208.8.0.248]) by hub.freebsd.org (Postfix) with ESMTP id E839D15520 for ; Thu, 5 Aug 1999 17:41:37 -0700 (PDT) (envelope-from wes@softweyr.com) Received: from mailhub.xylan.com by xylan.com (8.8.7/SMI-SVR4 (xylan-mgw 2.2 [OUT])) id RAA28269; Thu, 5 Aug 1999 17:36:30 -0700 (PDT) Received: from omni.xylan.com by mailhub.xylan.com (SMI-8.6/SMI-SVR4 (mailhub 2.1 [HUB])) id RAA16451; Thu, 5 Aug 1999 17:32:51 -0700 Received: from softweyr.com (dyn5.utah.xylan.com) by omni.xylan.com (4.1/SMI-4.1 (xylan engr [SPOOL])) id AA12779; Thu, 5 Aug 99 17:36:28 PDT Message-Id: <37AA2E0B.ECDE4153@softweyr.com> Date: Thu, 05 Aug 1999 18:36:27 -0600 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.5 [en] (X11; U; FreeBSD 3.1-RELEASE i386) X-Accept-Language: en Mime-Version: 1.0 To: alk@pobox.com Cc: freebsd-security@FreeBSD.ORG Subject: Re: group bits References: <14249.52685.50332.808817@avalon.east> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Anthony Kimball wrote: > > I'd like to obtain a consensus guideline on an an issue which is > treated inconsistently in FreeBSD's user space: Is it true, as I > believe, that group rwx bits are the principal correct and appropriate > mechanism to allow a specific group of users to control aspects of > system administration which are protected from control by the body of > users at large? sudo? -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC http://softweyr.com/ wes@softweyr.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Aug 6 1:33: 9 1999 Delivered-To: freebsd-security@freebsd.org Received: from storm.FreeBSD.org.uk (storm.freebsd.org.uk [194.242.128.198]) by hub.freebsd.org (Postfix) with ESMTP id 0B6A315005 for ; Fri, 6 Aug 1999 01:33:05 -0700 (PDT) (envelope-from brian@Awfulhak.org) Received: from keep.lan.Awfulhak.org (localhost [127.0.0.1]) by storm.FreeBSD.org.uk (8.9.3/8.9.3) with ESMTP id JAA32477; Fri, 6 Aug 1999 09:32:56 +0100 (BST) (envelope-from brian@Awfulhak.org) Received: from keep.lan.Awfulhak.org (brian@localhost.lan.Awfulhak.org [127.0.0.1]) by keep.lan.Awfulhak.org (8.9.3/8.9.3) with ESMTP id JAA00845; Fri, 6 Aug 1999 09:03:05 +0100 (BST) (envelope-from brian@keep.lan.Awfulhak.org) Message-Id: <199908060803.JAA00845@keep.lan.Awfulhak.org> X-Mailer: exmh version 2.0.2 2/24/98 To: alk@pobox.com Cc: freebsd-security@FreeBSD.ORG Subject: Re: group bits In-reply-to: Your message of "Thu, 05 Aug 1999 16:34:05 CDT." <14249.52685.50332.808817@avalon.east> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 06 Aug 1999 09:03:05 +0100 From: Brian Somers Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > I'd like to obtain a consensus guideline on an an issue which is > treated inconsistently in FreeBSD's user space: Is it true, as I > believe, that group rwx bits are the principal correct and appropriate > mechanism to allow a specific group of users to control aspects of > system administration which are protected from control by the body of > users at large? > > My specific motivation is that everytime I cvsup, I have to patch > sendmail and ppp to suppress their group-writable-config > errors/warnings. If a clear consensus existed that these > errors/warnings were spurious, then a PR might have a snowball's > chance of remedying the situation. If not, then at least I could give > up one wasted quixotic hope. If you want to allow users to modify their own ppp configuration, you should do this by including the line !include ~/.ppp.conf in ppp.conf. This means that users can modify their own profiles without screwing around with other peoples. ppp.conf should always be owned by root and mode 600, 400 or 0. -- Brian Don't _EVER_ lose your sense of humour ! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Aug 6 4:22: 1 1999 Delivered-To: freebsd-security@freebsd.org Received: from poboxer.pobox.com (ferg5200-1-45.cpinternet.com [208.149.16.45]) by hub.freebsd.org (Postfix) with ESMTP id AD05E14D09 for ; Fri, 6 Aug 1999 04:21:46 -0700 (PDT) (envelope-from alk@poboxer.pobox.com) Received: (from alk@localhost) by poboxer.pobox.com (8.9.3/8.9.1) id GAA28477; Fri, 6 Aug 1999 06:21:17 -0500 (CDT) (envelope-from alk) From: Anthony Kimball MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Date: Fri, 6 Aug 1999 06:21:17 -0500 (CDT) X-Face: \h9Jg:Cuivl4S*UP-)gO.6O=T]]@ncM*tn4zG);)lk#4|lqEx=*talx?.Gk,dMQU2)ptPC17cpBzm(l'M|H8BUF1&]dDCxZ.c~Wy6-j,^V1E(NtX$FpkkdnJixsJHE95JlhO 5\M3jh'YiO7KPCn0~W`Ro44_TB@&JuuqRqgPL'0/{):7rU-%.*@/>q?1&Ed Reply-To: alk@pobox.com To: brian@FreeBSD.org.uk Cc: freebsd-security@FreeBSD.ORG Subject: Re: group bits References: <14249.52685.50332.808817@avalon.east> <199908060803.JAA00845@keep.lan.Awfulhak.org> X-Mailer: VM 6.43 under 20.4 "Emerald" XEmacs Lucid Message-ID: <14250.50016.61650.779505@avalon.east> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Quoth Brian Somers on Fri, 6 August: : If you want to allow users to modify their own ppp configuration, you : should do this by including the line : : !include ~/.ppp.conf : : in ppp.conf. This means that users can modify their own profiles : without screwing around with other peoples. That's a very nice functionality which I had completely overlooked. Thank you for pointing it out. But it does quite completely miss the point of my interest, which is in the meaning of the group bits. : ppp.conf should always be owned by root and mode 600, 400 or 0. In what sense of "should"? I want those persons responsible for administering ppp to be able to do so, although they may not have root access. I can do this by saying !include /etc/ppp/ppp.conf.shared in /etc/ppp/ppp.conf, and making /etc/ppp/ppp.conf.shared group writable by group ppp, from your description. I have to ask, therefore, what purpose does it serve to require that ppp.conf should not be group writable? It seems to frustrate the purpose of that bit. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Aug 6 4:52: 6 1999 Delivered-To: freebsd-security@freebsd.org Received: from axl.noc.iafrica.com (axl.noc.iafrica.com [196.31.1.175]) by hub.freebsd.org (Postfix) with ESMTP id A986014ED9 for ; Fri, 6 Aug 1999 04:51:47 -0700 (PDT) (envelope-from sheldonh@axl.noc.iafrica.com) Received: from sheldonh (helo=axl.noc.iafrica.com) by axl.noc.iafrica.com with local-esmtp (Exim 3.02 #1) id 11CiXI-0006sP-00 for freebsd-security@freebsd.org; Fri, 06 Aug 1999 13:51:44 +0200 From: Sheldon Hearn To: alk@pobox.com Cc: freebsd-questions@FreeBSD.ORG Subject: Re: group bits In-reply-to: Your message of "Thu, 05 Aug 1999 16:34:05 EST." <14249.52685.50332.808817@avalon.east> Date: Fri, 06 Aug 1999 13:51:23 +0200 Message-ID: <26425.933940283@axl.noc.iafrica.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org [ Hijacked from freebsd-security ] On Thu, 05 Aug 1999 16:34:05 EST, Anthony Kimball wrote: > Is it true, as I believe, that group rwx bits are the principal > correct and appropriate mechanism to allow a specific group of users > to control aspects of system administration which are protected from > control by the body of users at large? Principle, yes. Correct, very often. Appropriate, depends. You can go _very_ far with correct permissions and ownerships. > My specific motivation is that everytime I cvsup, I have to patch > sendmail and ppp to suppress their group-writable-config > errors/warnings. *bing* That's your problem. If you're making changes to your source tree, use CVS. Oh, and this doesn't belong in freebsd-security. :-) Ciao, Sheldon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Aug 6 4:53:25 1999 Delivered-To: freebsd-security@freebsd.org Received: from storm.FreeBSD.org.uk (storm.freebsd.org.uk [194.242.128.198]) by hub.freebsd.org (Postfix) with ESMTP id ADC8F1555C for ; Fri, 6 Aug 1999 04:53:12 -0700 (PDT) (envelope-from brian@Awfulhak.org) Received: from keep.lan.Awfulhak.org (localhost [127.0.0.1]) by storm.FreeBSD.org.uk (8.9.3/8.9.3) with ESMTP id MAA33864; Fri, 6 Aug 1999 12:53:09 +0100 (BST) (envelope-from brian@Awfulhak.org) Received: from keep.lan.Awfulhak.org (brian@localhost.lan.Awfulhak.org [127.0.0.1]) by keep.lan.Awfulhak.org (8.9.3/8.9.3) with ESMTP id MAA01988; Fri, 6 Aug 1999 12:54:38 +0100 (BST) (envelope-from brian@keep.lan.Awfulhak.org) Message-Id: <199908061154.MAA01988@keep.lan.Awfulhak.org> X-Mailer: exmh version 2.0.2 2/24/98 To: alk@pobox.com Cc: brian@FreeBSD.org.uk, freebsd-security@FreeBSD.ORG Subject: Re: group bits In-reply-to: Your message of "Fri, 06 Aug 1999 06:21:17 CDT." <14250.50016.61650.779505@avalon.east> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 06 Aug 1999 12:54:38 +0100 From: Brian Somers Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Quoth Brian Somers on Fri, 6 August: > : If you want to allow users to modify their own ppp configuration, you > : should do this by including the line > : > : !include ~/.ppp.conf > : > : in ppp.conf. This means that users can modify their own profiles > : without screwing around with other peoples. > > That's a very nice functionality which I had completely overlooked. > Thank you for pointing it out. But it does quite completely miss the > point of my interest, which is in the meaning of the group bits. > > : ppp.conf should always be owned by root and mode 600, 400 or 0. > > In what sense of "should"? I want those persons responsible for > administering ppp to be able to do so, although they may not have root > access. I can do this by saying !include /etc/ppp/ppp.conf.shared in > /etc/ppp/ppp.conf, and making /etc/ppp/ppp.conf.shared group writable > by group ppp, from your description. I have to ask, therefore, what > purpose does it serve to require that ppp.conf should not be group > writable? It seems to frustrate the purpose of that bit. I guess you're right. The check is really to ensure that somebody hasn't got the permissions screwed up. This is now far less likely now that a base ppp.conf is installed 600 by sysinstall. Feel free to raise the PR. A set of patches to check the ``other'' permissions on /etc, /etc/ppp & /etc/ppp/ppp.conf would be nice too :-) -- Brian Don't _EVER_ lose your sense of humour ! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Aug 6 4:59:45 1999 Delivered-To: freebsd-security@freebsd.org Received: from uni-sb.de (uni-sb.de [134.96.252.33]) by hub.freebsd.org (Postfix) with ESMTP id AA3D415005 for ; Fri, 6 Aug 1999 04:59:18 -0700 (PDT) (envelope-from netchild@Vodix.CS.Uni-SB.de) Received: from work.net.local (maxtnt-086.telip.uni-sb.de [134.96.70.213]) by uni-sb.de (8.9.3/1999070600) with ESMTP id NAA01302; Fri, 6 Aug 1999 13:59:11 +0200 (CEST) X-Authentication-Warning: uni-sb.de: Host maxtnt-086.telip.uni-sb.de [134.96.70.213] claimed to be work.net.local Received: from Vodix.CS.Uni-SB.de (localhost.net.local [127.0.0.1]) by work.net.local (8.9.3/8.9.3) with ESMTP id NAA01057; Fri, 6 Aug 1999 13:40:36 +0200 (CEST) (envelope-from netchild@Vodix.CS.Uni-SB.de) Message-Id: <199908061140.NAA01057@work.net.local> Date: Fri, 6 Aug 1999 13:40:35 +0200 (CEST) From: A.Leidinger@WJPServer.CS.Uni-SB.de Subject: Re: group bits To: Anthony Kimball Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <14249.52685.50332.808817@avalon.east> MIME-Version: 1.0 Content-Type: TEXT/plain; CHARSET=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 5 Aug, Anthony Kimball wrote: > My specific motivation is that everytime I cvsup, I have to patch > sendmail and ppp to suppress their group-writable-config /usr/src/contrib/sendmail/cf/README: ---snip--- confUNSAFE_GROUP_WRITES UnsafeGroupWrites [False] If set, group-writable :include: and .forward files are considered "unsafe", that is, programs and files cannot be directly referenced from such files. World-writable files are always considered unsafe. ---snip--- should do it. Bye, Alexander. -- Hey, it's not like the whole building burned down. http://netchild.home.pages.de A.Leidinger+Home @ WJPServer.CS.Uni-SB.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Aug 6 8:37:27 1999 Delivered-To: freebsd-security@freebsd.org Received: from poboxer.pobox.com (ferg5200-1-19.cpinternet.com [208.149.16.19]) by hub.freebsd.org (Postfix) with ESMTP id D6F57155CE for ; Fri, 6 Aug 1999 08:37:15 -0700 (PDT) (envelope-from alk@poboxer.pobox.com) Received: (from alk@localhost) by poboxer.pobox.com (8.9.3/8.9.1) id KAA29178; Fri, 6 Aug 1999 10:36:44 -0500 (CDT) (envelope-from alk) From: Anthony Kimball MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Date: Fri, 6 Aug 1999 10:36:44 -0500 (CDT) X-Face: \h9Jg:Cuivl4S*UP-)gO.6O=T]]@ncM*tn4zG);)lk#4|lqEx=*talx?.Gk,dMQU2)ptPC17cpBzm(l'M|H8BUF1&]dDCxZ.c~Wy6-j,^V1E(NtX$FpkkdnJixsJHE95JlhO 5\M3jh'YiO7KPCn0~W`Ro44_TB@&JuuqRqgPL'0/{):7rU-%.*@/>q?1&Ed Reply-To: alk@pobox.com To: A.Leidinger@WJPServer.CS.Uni-SB.de Cc: freebsd-security@FreeBSD.ORG Subject: Re: group bits References: <14249.52685.50332.808817@avalon.east> <199908061140.NAA01057@work.net.local> X-Mailer: VM 6.43 under 20.4 "Emerald" XEmacs Lucid Message-ID: <14251.234.963945.937536@avalon.east> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Quoth A.Leidinger@WJPServer.CS.Uni-SB.de on Fri, 6 August: : /usr/src/contrib/sendmail/cf/README: : ---snip--- : confUNSAFE_GROUP_WRITES UnsafeGroupWrites : [False] If set, group-writable : :include: and .forward files are : considered "unsafe", that is, programs : and files cannot be directly referenced : from such files. World-writable files : are always considered unsafe. : ---snip--- : should do it. Not for sendmail.cf. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Aug 6 9:46:23 1999 Delivered-To: freebsd-security@freebsd.org Received: from florence.pavilion.net (florence.pavilion.net [194.242.128.25]) by hub.freebsd.org (Postfix) with ESMTP id 4BA3A14CBE for ; Fri, 6 Aug 1999 09:46:17 -0700 (PDT) (envelope-from joe@florence.pavilion.net) Received: (from joe@localhost) by florence.pavilion.net (8.9.3/8.8.8) id RAA53292; Fri, 6 Aug 1999 17:45:27 +0100 (BST) (envelope-from joe) Date: Fri, 6 Aug 1999 17:45:27 +0100 From: Josef Karthauser To: Brian Somers Cc: alk@pobox.com, freebsd-security@FreeBSD.ORG Subject: Re: group bits Message-ID: <19990806174527.D59532@pavilion.net> References: <14250.50016.61650.779505@avalon.east> <199908061154.MAA01988@keep.lan.Awfulhak.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.4i In-Reply-To: <199908061154.MAA01988@keep.lan.Awfulhak.org>; from Brian Somers on Fri, Aug 06, 1999 at 12:54:38PM +0100 X-NCC-RegID: uk.pavilion Organisation: Pavilion Internet plc, 24 The Old Steine, Brighton, BN1 1EL, England Phone: +44-845-333-5000 Fax: +44-845-333-5001 Mobile: +44-403-596893 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, Aug 06, 1999 at 12:54:38PM +0100, Brian Somers wrote: > > I guess you're right. The check is really to ensure that somebody > hasn't got the permissions screwed up. This is now far less likely > now that a base ppp.conf is installed 600 by sysinstall. > > Feel free to raise the PR. A set of patches to check the ``other'' > permissions on /etc, /etc/ppp & /etc/ppp/ppp.conf would be nice too > :-) > I'll keep my eyes open for the PR and DTRT with it. Joe -- Josef Karthauser FreeBSD: How many times have you booted today? Technical Manager Viagra for your server (http://www.uk.freebsd.org) Pavilion Internet plc. [joe@pavilion.net, joe@uk.freebsd.org, joe@tao.org.uk] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Aug 7 0:28:22 1999 Delivered-To: freebsd-security@freebsd.org Received: from poboxer.pobox.com (ferg5200-1-19.cpinternet.com [208.149.16.19]) by hub.freebsd.org (Postfix) with ESMTP id EB86B14F2F for ; Sat, 7 Aug 1999 00:27:55 -0700 (PDT) (envelope-from alk@poboxer.pobox.com) Received: (from alk@localhost) by poboxer.pobox.com (8.9.3/8.9.1) id XAA26621; Thu, 5 Aug 1999 23:23:40 -0500 (CDT) (envelope-from alk) From: Anthony Kimball MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Date: Thu, 5 Aug 1999 23:23:40 -0500 (CDT) X-Face: \h9Jg:Cuivl4S*UP-)gO.6O=T]]@ncM*tn4zG);)lk#4|lqEx=*talx?.Gk,dMQU2)ptPC17cpBzm(l'M|H8BUF1&]dDCxZ.c~Wy6-j,^V1E(NtX$FpkkdnJixsJHE95JlhO 5\M3jh'YiO7KPCn0~W`Ro44_TB@&JuuqRqgPL'0/{):7rU-%.*@/>q?1&Ed Reply-To: alk@pobox.com To: wes@softweyr.com Cc: freebsd-security@FreeBSD.ORG Subject: Re: group bits References: <14249.52685.50332.808817@avalon.east> <37AA2E0B.ECDE4153@softweyr.com> X-Mailer: VM 6.43 under 20.4 "Emerald" XEmacs Lucid Message-ID: <14250.25026.756025.612481@avalon.east> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Quoth Wes Peters on Thu, 5 August: : : sudo? Sudo is a wonderful tool, but it far too big a hammer for such a small nail for one thing (allows root access to everyone permitted to perform a limited task), doesn't retrofit integrated environments with editors for another (as e.g. Xemacs), and just evades the issue rather than addressing it for a third -- although certainly it provides a useful work around for many cases (clearly enough cases so that what I regard as the real issue is much less pressing for most folks). Rhetorical question: Does sudo make group bits obsolete? Rhetorical response: Of course not. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Aug 7 6: 8:10 1999 Delivered-To: freebsd-security@freebsd.org Received: from nexus.plymovent.se (nexus.plymovent.se [212.247.77.253]) by hub.freebsd.org (Postfix) with ESMTP id 2CFA214DC1 for ; Sat, 7 Aug 1999 06:08:05 -0700 (PDT) (envelope-from thomas.uhrfelt@plymovent.se) Received: from tu (polaris [192.168.1.21]) by nexus.plymovent.se (8.9.3/8.9.3) with SMTP id PAA00773 for ; Sat, 7 Aug 1999 15:16:05 +0200 (CEST) (envelope-from thomas.uhrfelt@plymovent.se) From: "Thomas Uhrfelt" To: Subject: SKIP Date: Sat, 7 Aug 1999 15:07:17 +0200 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Importance: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org If anybody have successfully installed and used SKIP 1.0 between FreeBSD 3.x machines, would you be so kind to get in touch with me. I need help urgently. Regards, Thomas Uhrfelt Computer Technician To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Aug 7 23:21:51 1999 Delivered-To: freebsd-security@freebsd.org Received: from 60-Hz.Powered-By.AC (226-193.adsl2.avtel.net [207.71.226.193]) by hub.freebsd.org (Postfix) with ESMTP id 1B00C14D6B; Sat, 7 Aug 1999 23:21:46 -0700 (PDT) (envelope-from dburr@Powered-By.AC) Received: from localhost (dburr@localhost) by 60-Hz.Powered-By.AC (8.9.3/8.9.3) with ESMTP id XAA17110; Sat, 7 Aug 1999 23:20:03 -0700 (PDT) (envelope-from dburr@Powered-By.AC) Date: Sat, 7 Aug 1999 23:20:02 -0700 (PDT) From: Donald Burr To: FreeBSD Questions Cc: FreeBSD Security Subject: umountall requests - what does this all mean? Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I keep getting log messages similar to these: Aug 7 19:04:49 60-Hz mountd[150]: umountall request from 207.71.226.193 from unprivileged port Aug 7 19:04:53 60-Hz mountd[150]: umountall request from 207.71.226.193 from unprivileged port Aug 7 19:47:59 60-Hz mountd[150]: umountall request from 207.71.226.193 from unprivileged port Aug 7 19:48:03 60-Hz mountd[150]: umountall request from 207.71.226.193 from unprivileged port 207.71.226.193 is the IP addressed assigned to me by my ADSL provider, so I can only assume that these packets are coming in through the ADSL modem. What do these messages mean, and should I be worried about them? And how do I block them? Your assistance is greatly appreciated. Thanks! Donald Burr WEB: http://www.Powered-By.AC/ PO Box 91212, Santa Barbara, CA 93190-1212 Tel:(805)957-9666 FAX:(800)492-5954 Member and software developer with The FreBSD Project - http://www.FreeBSD.ORG/ *** FreeBSD *** A FREE, 32 Bit UNIX OS for PC's -- The Power to Serve! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message