From owner-freebsd-security@FreeBSD.ORG Wed Nov 1 06:40:26 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B01DC16A40F for ; Wed, 1 Nov 2006 06:40:26 +0000 (UTC) (envelope-from cperciva@freebsd.org) Received: from pd2mo2so.prod.shaw.ca (shawidc-mo1.cg.shawcable.net [24.71.223.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 31C3643D69 for ; Wed, 1 Nov 2006 06:40:19 +0000 (GMT) (envelope-from cperciva@freebsd.org) Received: from pd3mr8so.prod.shaw.ca (pd3mr8so-qfe3.prod.shaw.ca [10.0.141.24]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0J81008ASH77LX70@l-daemon> for freebsd-security@freebsd.org; Tue, 31 Oct 2006 23:40:19 -0700 (MST) Received: from pn2ml7so.prod.shaw.ca ([10.0.121.151]) by pd3mr8so.prod.shaw.ca (Sun Java System Messaging Server 6.2-2.05 (built Apr 28 2005)) with ESMTP id <0J810026BH770O40@pd3mr8so.prod.shaw.ca> for freebsd-security@freebsd.org; Tue, 31 Oct 2006 23:40:19 -0700 (MST) Received: from hexahedron.daemonology.net ([24.82.18.31]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with SMTP id <0J8100B7NH766RG0@l-daemon> for freebsd-security@freebsd.org; Tue, 31 Oct 2006 23:40:19 -0700 (MST) Received: (qmail 13296 invoked from network); Wed, 01 Nov 2006 06:40:16 +0000 Received: from unknown (HELO ?127.0.0.1?) (127.0.0.1) by localhost with SMTP; Wed, 01 Nov 2006 06:40:16 +0000 Date: Tue, 31 Oct 2006 22:40:15 -0800 From: FreeBSD Security Officer To: freebsd security , FreeBSD Stable Message-id: <4548414F.7070107@freebsd.org> Organization: FreeBSD Project MIME-version: 1.0 Content-type: text/plain; charset=ISO-8859-1 Content-transfer-encoding: 7bit X-Enigmail-Version: 0.94.0.0 User-Agent: Thunderbird 1.5 (X11/20060416) Cc: Subject: Security Officer-supported branches update X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: security-officer@freebsd.org List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Nov 2006 06:40:26 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Everyone, The branches supported by the FreeBSD Security Officer have been updated to reflect recent EoL (end-of-life) events. The new list is below and at . FreeBSD 5.3 and FreeBSD 5.4 have `expired' and are no longer supported effective November 1, 2006. The end-of-life date for FreeBSD 6.0 has been delayed by two months in order to allow time for users to upgrade after FreeBSD 6.2 is released. As a result, FreeBSD 6.0 and FreeBSD 4.11 will both reach their respective EoLs and cease to be supported at the end of January 2007. [Excerpt from http://www.freebsd.org/security/ follows] FreeBSD Security Advisories The FreeBSD Security Officer provides security advisories for several branches of FreeBSD development. These are the -STABLE Branches and the Security Branches. (Advisories are not issued for the -CURRENT Branch.) * There is usually only a single -STABLE branch, although during the transition from one major development line to another (such as from FreeBSD 5.x to 6.x), there is a time span in which there are two -STABLE branches. The -STABLE branch tags have names like RELENG_6. The corresponding builds have names like FreeBSD 6.1-STABLE. * Each FreeBSD Release has an associated Security Branch. The Security Branch tags have names like RELENG_6_1. The corresponding builds have names like FreeBSD 6.1-RELEASE-p1. Isses affecting the FreeBSD Ports Collection are covered in the FreeBSD VuXML document. Each branch is supported by the Security Officer for a limited time only, and is designated as one of `Early adopter', `Normal', or `Extended'. The designation is used as a guideline for determining the lifetime of the branch as follows. Early adopter Releases which are published from the -CURRENT branch will be supported by the Security Officer for a minimum of 6 months after the release. Normal Releases which are published from a -STABLE branch will be supported by the Security Officer for a minimum of 12 months after the release. Extended Selected releases will be supported by the Security Officer for a minimum of 24 months after the release. The current designation and estimated lifetimes of the currently supported branches are given below. The Estimated EoL (end-of-life) column gives the earliest date on which that branch is likely to be dropped. Please note that these dates may be extended into the future, but only extenuating circumstances would lead to a branch's support being dropped earlier than the date listed. +--------------------------------------------------------------------+ | Branch | Release | Type | Release date | Estimated EoL | |-----------+------------+--------+----------------+-----------------| |RELENG_4 |n/a |n/a |n/a |January 31, 2007 | |-----------+------------+--------+----------------+-----------------| |RELENG_4_11|4.11-RELEASE|Extended|January 25, 2005|January 31, 2007 | |-----------+------------+--------+----------------+-----------------| |RELENG_5 |n/a |n/a |n/a |May 31, 2008 | |-----------+------------+--------+----------------+-----------------| |RELENG_5_5 |5.5-RELEASE |Extended|May 25, 2006 |May 31, 2008 | |-----------+------------+--------+----------------+-----------------| |RELENG_6 |n/a |n/a |n/a |last release + 2y| |-----------+------------+--------+----------------+-----------------| |RELENG_6_0 |6.0-RELEASE |Normal |November 4, 2005|January 31, 2007 | |-----------+------------+--------+----------------+-----------------| |RELENG_6_1 |6.1-RELEASE |Extended|May 9, 2006 |May 31, 2008 | +--------------------------------------------------------------------+ [End excerpt] Colin Percival FreeBSD Security Officer -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (FreeBSD) iD8DBQFFSEFPFdaIBMps37IRAhBAAJ9lFlIZMMW/h0/Xg2HypcCv460dVwCcCUfu jm+Fc5s534tUHVJxNObfQB0= =V/7g -----END PGP SIGNATURE----- From owner-freebsd-security@FreeBSD.ORG Fri Nov 3 15:55:02 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9EF3416A40F for ; Fri, 3 Nov 2006 15:55:02 +0000 (UTC) (envelope-from ricardo_bsd@yahoo.com.br) Received: from web56404.mail.re3.yahoo.com (web56404.mail.re3.yahoo.com [216.252.111.83]) by mx1.FreeBSD.org (Postfix) with SMTP id 1C11B43D45 for ; Fri, 3 Nov 2006 15:54:59 +0000 (GMT) (envelope-from ricardo_bsd@yahoo.com.br) Received: (qmail 97183 invoked by uid 60001); 3 Nov 2006 15:54:59 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com.br; h=Message-ID:Received:Date:From:Subject:To:MIME-Version:Content-Type; b=xD0X9kaqK07T2c7TDS19Mzt35XsS/AJ7qSXwAcZeLZhtx3xViYnuKg7scLqzfSbwn1u9g70/RPeacUhcdhq29oEiGH1dSJQehJoyYoq6V/yWK9CeSOvlwdVPqYk96ho08LEHIkaqk/7I3TG/BNoTXMFFIKdg1xl37FShElHrS/U= ; Message-ID: <20061103155459.97181.qmail@web56404.mail.re3.yahoo.com> Received: from [200.232.193.150] by web56404.mail.re3.yahoo.com via HTTP; Fri, 03 Nov 2006 07:54:59 PST Date: Fri, 3 Nov 2006 07:54:59 -0800 (PST) From: "Ricardo A. Reis" To: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Enc: FreeBSD and the new virtual machine-based rootkits X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Nov 2006 15:55:02 -0000 =0A=0A----- Mensagem encaminhada ----=0ADe: Ricardo A. Reis =0APara: security@freebsd.org=0AEnviadas: Sexta-feira, 3 de Nove= mbro de 2006 10:54:14=0AAssunto: FreeBSD and the new virtual machine-based = rootkits=0A=0AHi All,=0A=0A =0A=0ARecently i participated in Brazil on Octo= ber 2006 The FIRST/TRANSITS and=0AII Latin American Incident Response Confe= rence (COLARIS).=0A=0A=0AIn the II COLARIS - Joanna Rutkowska alert the po= ssible =0Anew technology of Malware's using hardware virtualization, presen= t=0A=0Ain AMD and INTEL new processor.=0A=0A =0A=0AI've two questions ...= =0A=0A =0A=0A1) How is possible detect if my system is moved inside a VM on= the fly ?=0A2) Exist a project for merge veriexec from NetBSD on FreeBSD = =0A and add SPKI feature ?=0A=0A =0A=0Ahttp://www.eweek.com/article2/0,= 1895,2040760,00.asp=0A=0Ahttp://www.invisiblething.org=0A=0A =0A=0A-=0A=0AR= icardo A. Reis=0A=0AUNIFESP=0A=0AUnix and Network Admin =0A=0A =0A=0A = =0A=0A=0A=0A=09=09 =0AVoc=EA quer respostas para suas perguntas? Ou voc=EA = sabe muito e quer compartilhar seu conhecimento? Experimente o Yahoo! Respo= stas!=0A=0A=0A=0A=0A=0A=09=0A=0A=0A=09=0A=09=09=0A_________________________= ______________________________ =0AVoc=EA quer respostas para suas perguntas= ? Ou voc=EA sabe muito e quer compartilhar seu conhecimento? Experimente o = Yahoo! Respostas !=0Ahttp://br.answers.yahoo.com/ From owner-freebsd-security@FreeBSD.ORG Fri Nov 3 19:50:20 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 93CA816A407 for ; Fri, 3 Nov 2006 19:50:20 +0000 (UTC) (envelope-from wxs@atarininja.org) Received: from syn.atarininja.org (syn.csh.rit.edu [129.21.60.158]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4F69F43D45 for ; Fri, 3 Nov 2006 19:50:20 +0000 (GMT) (envelope-from wxs@atarininja.org) Received: by syn.atarininja.org (Postfix, from userid 1001) id E5E435C57; Fri, 3 Nov 2006 14:58:01 -0500 (EST) Date: Fri, 3 Nov 2006 14:58:01 -0500 From: Wesley Shields To: "Ricardo A. Reis" Message-ID: <20061103195801.GA23725@atarininja.org> References: <20061103155459.97181.qmail@web56404.mail.re3.yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20061103155459.97181.qmail@web56404.mail.re3.yahoo.com> User-Agent: Mutt/1.5.13 (2006-08-11) Cc: freebsd-security@freebsd.org Subject: Re: Enc: FreeBSD and the new virtual machine-based rootkits X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Nov 2006 19:50:20 -0000 On Fri, Nov 03, 2006 at 07:54:59AM -0800, Ricardo A. Reis wrote: [...] > In the II COLARIS - Joanna Rutkowska alert the possible > new technology of Malware's using hardware virtualization, present > in AMD and INTEL new processor. > > I've two questions ... > > 1) How is possible detect if my system is moved inside a VM on the fly ? She has discussed various solutions for this problem, and why she believes they may or may not work. The one most people suggest is to time how long it takes for various instructions to run, but this can be tricked by the VMM-rootkit. I'd suggest reading: http://theinvisiblethings.blogspot.com/2006/08/blue-pill-detection.html > 2) Exist a project for merge veriexec from NetBSD on FreeBSD > and add SPKI feature ? Not that I'm aware of but something which is somewhat similar has been posted to trustedbsd-discuss. I'd check out the following links: http://lists.freebsd.org/pipermail/trustedbsd-discuss/2006-August/000865.html http://people.freebsd.org/~csjp/mac/ http://people.freebsd.org/~csjp/mac_chkexec.txt AFAIK this is still in perforce, but will hopefully make it's way into -CURRENT and eventually a release. I'm sure someone will speak up if I'm wrong here. -- WXS