From owner-freebsd-security Sun Sep 24 5:57: 3 2000 Delivered-To: freebsd-security@freebsd.org Received: from stud.alakhawayn.ma (stud.alakhawayn.ma [193.194.63.94]) by hub.freebsd.org (Postfix) with ESMTP id 95A5837B446 for ; Sun, 24 Sep 2000 05:56:40 -0700 (PDT) Received: from localhost (961BE653994@localhost) by stud.alakhawayn.ma (8.9.0/8.9.0) with SMTP id MAA12221 for ; Sun, 24 Sep 2000 12:52:01 GMT Date: Sun, 24 Sep 2000 12:52:01 +0000 (GMT) From: Ali Alaoui El Hassani <961BE653994@stud.alakhawayn.ma> To: freebsd-security@FreeBSD.ORG Subject: Encryption over IP (fwd) Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ---------- Forwarded message ---------- Date: Sun, 24 Sep 2000 12:50:09 +0000 (GMT) From: Ali Alaoui El Hassani <961BE653994@stud.alakhawayn.ma> To: CrazZzy Slash , freebsd-security@FreeBSD.ORG, Peter Pentchev Subject: Encryption over IP Dear all I have a question for you, do you any encryption protocols else then IPsec(ESP, ESP +AH) that do encryption overIP ? I thank you in advance, Ali Alaoui El Hassani To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Sep 24 5:57: 7 2000 Delivered-To: freebsd-security@freebsd.org Received: from stud.alakhawayn.ma (stud.alakhawayn.ma [193.194.63.94]) by hub.freebsd.org (Postfix) with ESMTP id 2C94337B422 for ; Sun, 24 Sep 2000 05:56:51 -0700 (PDT) Received: from localhost (961BE653994@localhost) by stud.alakhawayn.ma (8.9.0/8.9.0) with SMTP id MAA12212; Sun, 24 Sep 2000 12:50:09 GMT Date: Sun, 24 Sep 2000 12:50:09 +0000 (GMT) From: Ali Alaoui El Hassani <961BE653994@stud.alakhawayn.ma> To: CrazZzy Slash , freebsd-security@FreeBSD.ORG, Peter Pentchev Subject: Encryption over IP Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Dear all I have a question for you, do you any encryption protocols else then IPsec(ESP, ESP +AH) that do encryption overIP ? I thank you in advance, Ali Alaoui El Hassani To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Sep 24 6:13:11 2000 Delivered-To: freebsd-security@freebsd.org Received: from nenya.ms.mff.cuni.cz (nenya.ms.mff.cuni.cz [195.113.17.137]) by hub.freebsd.org (Postfix) with ESMTP id 8D2C137B424 for ; Sun, 24 Sep 2000 06:13:06 -0700 (PDT) Received: from localhost (mencl@localhost) by nenya.ms.mff.cuni.cz (8.9.3+Sun/8.9.1) with ESMTP id PAA05569; Sun, 24 Sep 2000 15:12:04 +0200 (MET DST) Date: Sun, 24 Sep 2000 15:12:04 +0200 (MET DST) From: "Vladimir Mencl, MK, susSED" To: Ali Alaoui El Hassani <961BE653994@stud.alakhawayn.ma> Cc: CrazZzy Slash , freebsd-security@FreeBSD.ORG, Peter Pentchev Subject: Re: Encryption over IP In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, 24 Sep 2000, Ali Alaoui El Hassani wrote: > > Dear all I have a question for you, > > do you any encryption protocols else then IPsec(ESP, ESP +AH) that do > > encryption overIP ? Why do you need a different protocol? Well, anyway, you can use tunnelling via ssh. If you join together userlevel PPP and ssh, you can create the same effect - two hosts connected by an encrypted virtual link, at each host connected to a (virtual) interface - tun0 in case of FreeBSD. Vlada Mencl To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Sep 24 7:43:17 2000 Delivered-To: freebsd-security@freebsd.org Received: from tandem.milestonerdl.com (tandem.milestonerdl.com [204.107.138.1]) by hub.freebsd.org (Postfix) with ESMTP id 8DADB37B424 for ; Sun, 24 Sep 2000 07:43:09 -0700 (PDT) Received: from tandem (tandem [204.107.138.1]) by tandem.milestonerdl.com (8.10.0/8.10.0) with ESMTP id e8OEg3L68691; Sun, 24 Sep 2000 09:42:03 -0500 (CDT) Date: Sun, 24 Sep 2000 09:42:03 -0500 (CDT) From: Marc Rassbach To: "Vladimir Mencl, MK, susSED" Cc: Ali Alaoui El Hassani <961BE653994@stud.alakhawayn.ma>, CrazZzy Slash , freebsd-security@FreeBSD.ORG, Peter Pentchev Subject: Re: Encryption over IP In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, 24 Sep 2000, Vladimir Mencl, MK, susSED wrote: > On Sun, 24 Sep 2000, Ali Alaoui El Hassani wrote: > > > > > Dear all I have a question for you, > > > > do you any encryption protocols else then IPsec(ESP, ESP +AH) that do > > > > encryption overIP ? > > Why do you need a different protocol? If you happen to be hiding behind a NAT. > > Well, anyway, you can use tunnelling via ssh. SKIP is also an option. > > If you join together userlevel PPP and ssh, you can create the same > effect - two hosts connected by an encrypted virtual link, at each host > connected to a (virtual) interface - tun0 in case of FreeBSD. > > > Vlada Mencl > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Sep 24 8:30:35 2000 Delivered-To: freebsd-security@freebsd.org Received: from stud.alakhawayn.ma (stud.alakhawayn.ma [193.194.63.94]) by hub.freebsd.org (Postfix) with ESMTP id BBA5D37B42C for ; Sun, 24 Sep 2000 08:30:22 -0700 (PDT) Received: from localhost (961BE653994@localhost) by stud.alakhawayn.ma (8.9.0/8.9.0) with SMTP id PAA13048; Sun, 24 Sep 2000 15:24:52 GMT Date: Sun, 24 Sep 2000 15:24:52 +0000 (GMT) From: Ali Alaoui El Hassani <961BE653994@stud.alakhawayn.ma> To: "Vladimir Mencl, MK, susSED" Cc: CrazZzy Slash , freebsd-security@FreeBSD.ORG, Peter Pentchev Subject: Re: Encryption over IP In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Dear Sir, I need another protocol that does encryprtion over IP, As you know ssh does above TCP or UDP. So I am looking for a protocol other than ESP IN IPSEC that does encryprtion over IP Ali. On Sun, 24 Sep 2000, Vladimir Mencl, MK, susSED wrote: > On Sun, 24 Sep 2000, Ali Alaoui El Hassani wrote: > > > > > Dear all I have a question for you, > > > > do you any encryption protocols else then IPsec(ESP, ESP +AH) that do > > > > encryption overIP ? > > Why do you need a different protocol? > > Well, anyway, you can use tunnelling via ssh. > > If you join together userlevel PPP and ssh, you can create the same > effect - two hosts connected by an encrypted virtual link, at each host > connected to a (virtual) interface - tun0 in case of FreeBSD. > > > Vlada Mencl > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Sep 24 10: 0:23 2000 Delivered-To: freebsd-security@freebsd.org Received: from jade.chc-chimes.com (jade.chc-chimes.com [216.28.46.6]) by hub.freebsd.org (Postfix) with ESMTP id 4F2E437B422 for ; Sun, 24 Sep 2000 10:00:21 -0700 (PDT) Received: by jade.chc-chimes.com (Postfix, from userid 1001) id B2C891C41; Sun, 24 Sep 2000 13:00:15 -0400 (EDT) Date: Sun, 24 Sep 2000 13:00:15 -0400 From: Bill Fumerola To: Ali Alaoui El Hassani <961BE653994@stud.alakhawayn.ma> Cc: "Vladimir Mencl, MK, susSED" , CrazZzy Slash , freebsd-security@FreeBSD.ORG, Peter Pentchev Subject: Re: Encryption over IP Message-ID: <20000924130015.U34501@jade.chc-chimes.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: ; from 961BE653994@stud.alakhawayn.ma on Sun, Sep 24, 2000 at 03:24:52PM +0000 X-Operating-System: FreeBSD 3.3-STABLE i386 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, Sep 24, 2000 at 03:24:52PM +0000, Ali Alaoui El Hassani wrote: > Dear Sir, > I need another protocol that does encryprtion over IP, As you know ssh > does above TCP or UDP. So I am looking for a protocol other than ESP IN > IPSEC that does encryprtion over IP You just described what ESP is (encryption as a protocol over IP), so instead of making cryptic references to what you think you need, why don't you tell us what you're trying to do and why you feel that IPSEC (ESP/AH) isn't sufficient for this. You'll get much further. -- Bill Fumerola - Network Architect, BOFH / Chimes, Inc. billf@chimesnet.com / billf@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Sep 24 10: 9:37 2000 Delivered-To: freebsd-security@freebsd.org Received: from eastwood.aldigital.algroup.co.uk (eastwood.aldigital.algroup.co.uk [194.128.162.193]) by hub.freebsd.org (Postfix) with ESMTP id 4A6B237B422 for ; Sun, 24 Sep 2000 10:09:34 -0700 (PDT) Received: from algroup.co.uk ([192.168.192.1]) by eastwood.aldigital.algroup.co.uk (8.8.8/8.6.12) with ESMTP id RAA15373 for ; Sun, 24 Sep 2000 17:09:32 GMT Message-ID: <39CE3507.99AB57FA@algroup.co.uk> Date: Sun, 24 Sep 2000 18:08:23 +0100 From: Adam Laurie X-Mailer: Mozilla 4.7 [en-gb] (Win98; I) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-security@FreeBSD.ORG Subject: Re: sysinstall DOESN'T ASK, dangerous defaults! References: <39CB4C42.1A59669C@kew.com> <4.3.2.7.2.20000923222349.04919900@localhost> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Brett Glass wrote: > > At 01:13 AM 9/23/2000, Wes Peters wrote: > > >Drew Derbyshire wrote: > > > > > > > Neil Blakey-Milner wrote: > > > > Brett, did it ever occur to you THESE ARE THE DEFAULTS because MOST > > > > PEOPLE WANT THEM THAT WAY? > > > > > > Did you take a survey? > > > >Yes. The lack of complaints from anybody other than Brett Glass constitutes > >our unofficial, non-scientific survey. > > You forget: I wasn't the one who started this thread. I merely indicated > my agreement. > > > > Most people also want a secure system. Don't even get me started about > > > rlogin/rsh being on by default in /etc/inetd.conf. > > > >Most people wouldn't know a secure system if it bit them in the nose. > > It's sad how many arguments for NOT improving FreeBSD are based on > what I can only call hacker elitism. Of COURSE a super-experienced > hacker can deal with a user-hostile install, secure the system > manually, etc. given lots of time and knowledge. So? Hear hear. cheers, Adam -- Adam Laurie Tel: +44 (181) 742 0755 A.L. Digital Ltd. Fax: +44 (181) 742 5995 Voysey House Barley Mow Passage http://www.aldigital.co.uk London W4 4GB mailto:adam@algroup.co.uk UNITED KINGDOM PGP key on keyservers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Sep 24 11:50:51 2000 Delivered-To: freebsd-security@freebsd.org Received: from ns1.via-net-works.net.ar (ns1.via-net-works.net.ar [200.10.100.10]) by hub.freebsd.org (Postfix) with ESMTP id 5BD6D37B424 for ; Sun, 24 Sep 2000 11:50:47 -0700 (PDT) Received: (from fpscha@localhost) by ns1.via-net-works.net.ar (8.9.3/8.9.3) id PAA59171; Sun, 24 Sep 2000 15:50:38 -0300 (ART) From: Fernando Schapachnik Message-Id: <200009241850.PAA59171@ns1.via-net-works.net.ar> Subject: Re: Encryption over IP In-Reply-To: "from Ali Alaoui El Hassani at Sep 24, 2000 12:50:09 pm" To: Ali Alaoui El Hassani <961BE653994@stud.alakhawayn.ma> Date: Sun, 24 Sep 2000 15:50:38 -0300 (ART) Cc: CrazZzy Slash , freebsd-security@FreeBSD.ORG, Peter Pentchev Reply-To: Fernando Schapachnik X-Mailer: ELM [version 2.4ME+ PL82 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=ISO-8859-1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org En un mensaje anterior, Ali Alaoui El Hassani escribió: > > Dear all I have a question for you, > > do you any encryption protocols else then IPsec(ESP, ESP +AH) that do > > encryption overIP ? Look for vtun in the ports. Not sure about how 'strong', but easy to setup. Good luck! Fernando P. Schapachnik Administración de la red VIA NET.WORKS ARGENTINA S.A. fernando@via-net-works.net.ar (54-11) 4323-3333 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Sep 24 11:57:16 2000 Delivered-To: freebsd-security@freebsd.org Received: from ibb0021.ibb.uu.nl (ibb0021.ibb.uu.nl [131.211.124.21]) by hub.freebsd.org (Postfix) with ESMTP id 7710737B422 for ; Sun, 24 Sep 2000 11:57:08 -0700 (PDT) Received: by ibb0021.ibb.uu.nl (Postfix) id B72D67B4; Sun, 24 Sep 2000 20:55:56 +0200 (CEST) Date: Sun, 24 Sep 2000 20:55:56 +0200 From: Mipam To: "Vladimir Mencl, MK, susSED" Cc: Ali Alaoui El Hassani <961BE653994@stud.alakhawayn.ma>, CrazZzy Slash , freebsd-security@FreeBSD.ORG, Peter Pentchev Subject: Re: Encryption over IP Message-ID: <20000924205556.D590@ibb0021.ibb.uu.nl> Reply-To: mipam@ibb.net References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from mencl@nenya.ms.mff.cuni.cz on Sun, Sep 24, 2000 at 03:12:04PM +0200 X-Obviously: All email clients suck. Only Mutt sucks less! X-Editor: Vi X-Operating-System: BSD Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Well, anyway, you can use tunnelling via ssh. > > If you join together userlevel PPP and ssh, you can create the same > effect - two hosts connected by an encrypted virtual link, at each host > connected to a (virtual) interface - tun0 in case of FreeBSD. > Ahem, well, ppp over ssh isnt such a good idea. In general tcp over tcp is a bad idea. Bye, Mipam. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Sep 24 12:15:44 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.gmx.net (pop.gmx.net [194.221.183.20]) by hub.freebsd.org (Postfix) with SMTP id 8171337B422 for ; Sun, 24 Sep 2000 12:15:35 -0700 (PDT) Received: (qmail 30002 invoked by uid 0); 24 Sep 2000 19:15:33 -0000 Received: from p3ee20aa0.dip.t-dialin.net (HELO speedy.gsinet) (62.226.10.160) by mail.gmx.net with SMTP; 24 Sep 2000 19:15:33 -0000 Received: (from sittig@localhost) by speedy.gsinet (8.8.8/8.8.8) id QAA16107 for security@FreeBSD.ORG; Sun, 24 Sep 2000 16:06:17 +0200 Date: Sun, 24 Sep 2000 16:06:17 +0200 From: Gerhard Sittig To: security@FreeBSD.ORG Subject: Re: sendmail default run state Message-ID: <20000924160617.M5065@speedy.gsinet> Mail-Followup-To: security@FreeBSD.ORG References: <20000923145557.G5065@speedy.gsinet> <20000922222026.A33410@mithrandr.moria.org> <200009222118.e8MLId117503@orthanc.ab.ca> <20000923145557.G5065@speedy.gsinet> <200009240514.XAA09239@harmony.village.org> <200009222118.e8MLId117503@orthanc.ab.ca> <20000922222026.A33410@mithrandr.moria.org> <200009222118.e8MLId117503@orthanc.ab.ca> <20000923145557.G5065@speedy.gsinet> <4.3.2.7.2.20000923223152.04470e70@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <4.3.2.7.2.20000923223152.04470e70@localhost>; from brett@lariat.org on Sat, Sep 23, 2000 at 10:34:23PM -0600 Organization: System Defenestrators Inc. Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, Sep 23, 2000 at 22:34 -0600, Brett Glass wrote: > At 06:55 AM 9/23/2000, Gerhard Sittig wrote: > > >Are you sure of the above facts? IIRC _any_ UNIX MUA will use > >the sendmail command line interface (/usr/sbin/sendmail) for > >outgoing mail. Only MTAs talk SMTP. > > Many -- in fact most -- MUAs talk SMTP. And for good reason: > it's universal. You can talk to either the local machine > OR a remote machine that way, while going through local > sendmail requires extra code. As does SMTP conversation you didn't have to know about when only feeding stdin of /usr/sbin/sendmail. I cannot judge what's more expensive and error prone. But tradition says that a sendmail executable is there (no matter who really provides this functionality). On Sat, Sep 23, 2000 at 23:14 -0600, Warner Losh wrote: > In message <20000923145557.G5065@speedy.gsinet> Gerhard Sittig writes: > : Are you sure of the above facts? IIRC _any_ UNIX MUA will use > : the sendmail command line interface (/usr/sbin/sendmail) for > : outgoing mail. Only MTAs talk SMTP. > > MH talks directly to the smtp port when sending mail and bad things > happen if no SMTP daemon is running. I hate it when that happens. You (as well as all the other contributors I didn't cite above) are absolutely right. And I notice I'm old fashioned and not always wanting to follow what others call "progress". :) But once MUAs start talking SMTP I still feel they take over what was MTA work before. :> And when they do, "localhost" seems a bad choice to assume a mail daemon to be running on. I would at least do a "dig $DOMAIN mx" (or "dnsmx $DOMAIN" for those who think it to be more appropriate) survey or have my user (respective workstation's admin) tell me which machine to connect to. I still stand to the essence "Almost no machine in a LAN needs sendmail_enable=YES and you know quite exactly the ones which do, since they're dedicated mail servers or relays." This seems quite analogeous to DNS. You might install the software (bind and query tools) everywhere. But you only have few machines run the daemon and point any other there by means of resolv.conf (in addition of installing some "dumb" caches - i.e. nullclients - , maybe). And you don't have every program talk DNS but have them use the resolver lib. That's most easily extendable giving the advantage to every client without changing it. But I could be wrong again and overlook the difference in complexity of these two protocols and the need of applications to participate directly ... :) virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net -- If you don't understand or are scared by any of the above ask your parents or an adult to help you. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Sep 24 13:29: 4 2000 Delivered-To: freebsd-security@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id BF42C37B422 for ; Sun, 24 Sep 2000 13:29:01 -0700 (PDT) Received: (from des@localhost) by flood.ping.uio.no (8.9.3/8.9.3) id WAA49707; Sun, 24 Sep 2000 22:28:55 +0200 (CEST) (envelope-from des@ofug.org) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: mipam@ibb.net Cc: "Vladimir Mencl, MK, susSED" , Ali Alaoui El Hassani <961BE653994@stud.alakhawayn.ma>, CrazZzy Slash , freebsd-security@FreeBSD.ORG, Peter Pentchev Subject: Re: Encryption over IP References: <20000924205556.D590@ibb0021.ibb.uu.nl> From: Dag-Erling Smorgrav Date: 24 Sep 2000 22:28:55 +0200 In-Reply-To: Mipam's message of "Sun, 24 Sep 2000 20:55:56 +0200" Message-ID: Lines: 13 User-Agent: Gnus/5.0802 (Gnus v5.8.2) Emacs/20.4 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Mipam writes: > > If you join together userlevel PPP and ssh, you can create the same > > effect - two hosts connected by an encrypted virtual link, at each host > > connected to a (virtual) interface - tun0 in case of FreeBSD. > Ahem, well, ppp over ssh isnt such a good idea. > In general tcp over tcp is a bad idea. Your throughput goes down the drain, but it works fine and it's easy to set up. And remember, sweeping generalizations are always wrong. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Sep 24 13:39:41 2000 Delivered-To: freebsd-security@freebsd.org Received: from ibb0021.ibb.uu.nl (ibb0021.ibb.uu.nl [131.211.124.21]) by hub.freebsd.org (Postfix) with ESMTP id 081BE37B422 for ; Sun, 24 Sep 2000 13:39:34 -0700 (PDT) Received: by ibb0021.ibb.uu.nl (Postfix) id 20B927B4; Sun, 24 Sep 2000 22:38:17 +0200 (CEST) Date: Sun, 24 Sep 2000 22:38:16 +0200 From: Mipam To: Dag-Erling Smorgrav Cc: mipam@ibb.net, "Vladimir Mencl, MK, susSED" , Ali Alaoui El Hassani <961BE653994@stud.alakhawayn.ma>, CrazZzy Slash , freebsd-security@FreeBSD.ORG, Peter Pentchev Subject: Re: Encryption over IP Message-ID: <20000924223816.F590@ibb0021.ibb.uu.nl> Reply-To: mipam@ibb.net References: <20000924205556.D590@ibb0021.ibb.uu.nl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from des@ofug.org on Sun, Sep 24, 2000 at 10:28:55PM +0200 X-Obviously: All email clients suck. Only Mutt sucks less! X-Editor: Vi X-Operating-System: BSD Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Your throughput goes down the drain, but it works fine and it's easy > to set up. And remember, sweeping generalizations are always wrong. > Not really. Tcp always assumes an unreliable carrier, which isnt the case in tcp over tcp. This can cause problems in some situations. Mipam. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Sep 24 13:47:36 2000 Delivered-To: freebsd-security@freebsd.org Received: from faith.cs.utah.edu (faith.cs.utah.edu [155.99.198.108]) by hub.freebsd.org (Postfix) with ESMTP id D370237B422 for ; Sun, 24 Sep 2000 13:47:27 -0700 (PDT) Received: (from danderse@localhost) by faith.cs.utah.edu (8.9.3/8.9.3) id OAA21437; Sun, 24 Sep 2000 14:46:20 -0600 (MDT) Message-Id: <200009242046.OAA21437@faith.cs.utah.edu> Subject: Re: Encryption over IP To: mipam@ibb.net Date: Sun, 24 Sep 2000 14:46:20 -0600 (MDT) Cc: des@ofug.org (Dag-Erling Smorgrav), mencl@nenya.ms.mff.cuni.cz (Vladimir Mencl MK susSED), 961BE653994@stud.alakhawayn.ma (Ali Alaoui El Hassani), slash@krsu.edu.kg (CrazZzy Slash), freebsd-security@FreeBSD.ORG, roam@orbitel.bg (Peter Pentchev) In-Reply-To: <20000924223816.F590@ibb0021.ibb.uu.nl> from "Mipam" at Sep 24, 2000 10:38:16 PM From: "David G. Andersen" X-Mailer: ELM [version 2.5 PL2] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Lo and behold, Mipam once said: > > > Your throughput goes down the drain, but it works fine and it's easy > > to set up. And remember, sweeping generalizations are always wrong. > > > > Not really. > Tcp always assumes an unreliable carrier, which isnt the case in tcp over tcp. > This can cause problems in some situations. And is needed in some situations, such as going through a tcp nat proxy. ... like the one I have to traverse to access the world from my cable modem connection. Sure, you could try to tunnel it over some UDP-based protocol the NAT box thinks it understands, but when said nat box is a windoze 98 box running "internet connection sharing," the easiest way to make life work well is over TCP. Yes, running TCP over a reliable connection is often bad. Yes, it's also often the best solution. -Dave > > Mipam. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > -- work: dga@lcs.mit.edu me: dga@pobox.com MIT Laboratory for Computer Science http://www.angio.net/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Sep 24 16: 6:38 2000 Delivered-To: freebsd-security@freebsd.org Received: from mercury.ccmr.cornell.edu (mercury.ccmr.cornell.edu [128.84.231.97]) by hub.freebsd.org (Postfix) with ESMTP id C438A37B422 for ; Sun, 24 Sep 2000 16:06:36 -0700 (PDT) Received: from khitomer.msc.cornell.edu (IDENT:0@khitomer.msc.cornell.edu [128.84.249.245]) by mercury.ccmr.cornell.edu (8.9.3/8.9.3) with ESMTP id TAA22386; Sun, 24 Sep 2000 19:06:35 -0400 Received: from localhost (mitch@localhost) by khitomer.msc.cornell.edu (8.9.3/8.9.3) with ESMTP id TAA13207; Sun, 24 Sep 2000 19:06:33 -0400 X-Authentication-Warning: khitomer.msc.cornell.edu: mitch owned process doing -bs Date: Sun, 24 Sep 2000 19:06:33 -0400 (EDT) From: Mitch Collinsworth To: cjclark@alum.mit.edu Cc: Mitch Collinsworth , Gerhard Sittig , security@FreeBSD.ORG Subject: Re: sendmail default run state In-Reply-To: <20000923204319.D42636@149.211.6.64.reflexcom.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, 23 Sep 2000, Crist J . Clark wrote: > On Sat, Sep 23, 2000 at 10:54:54AM -0400, Mitch Collinsworth wrote: > > On Sat, 23 Sep 2000, Gerhard Sittig wrote: > > > > fetchmail delivers by default to a SMTP server. But it could be > > > run as well in MDA mode -- although I never used it this way. > > > > We do. > > Me too. Errr, well, I have. I have a listener on right now. > > On the notebook when I dialup, I grab mail with fetchmail and send it > straight to procmail. Here's the line in the .fetchmailrc, We use it for slurping mail from our pop server into user home dirs in AFS. fetchmail runs in user space, so has access to the AFS token needed in order to write in the user's AFS space. -Mitch To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Sep 24 18:47:12 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.rpi.edu (mail.rpi.edu [128.113.100.7]) by hub.freebsd.org (Postfix) with ESMTP id 4DF0C37B42C for ; Sun, 24 Sep 2000 18:47:10 -0700 (PDT) Received: from [128.113.24.47] (gilead.acs.rpi.edu [128.113.24.47]) by mail.rpi.edu (8.9.3/8.9.3) with ESMTP id VAA284140; Sun, 24 Sep 2000 21:45:29 -0400 Mime-Version: 1.0 X-Sender: drosih@mail.rpi.edu Message-Id: In-Reply-To: References: Date: Sun, 24 Sep 2000 21:46:12 -0400 To: "Vladimir Mencl, MK, susSED" , Ali Alaoui El Hassani <961BE653994@stud.alakhawayn.ma> From: Garance A Drosihn Subject: Re: Encryption over IP Cc: CrazZzy Slash , freebsd-security@FreeBSD.ORG, Peter Pentchev Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 3:12 PM +0200 9/24/00, Vladimir Mencl, MK, susSED wrote: >On Sun, 24 Sep 2000, Ali Alaoui El Hassani wrote: > > > > > Dear all I have a question for you, > > > > do you any encryption protocols else then IPsec(ESP, ESP +AH) > > that do encryption overIP ? > >Why do you need a different protocol? > >Well, anyway, you can use tunnelling via ssh. Other option might be tunnelling using the underlying openssl layer. I'm just now playing with 'stunnel' to encrypt connections to a chat system that is used here at RPI. It wasn't all that hard to setup. Of course, we were doing that to tunnel just one service, and not all traffic between two hosts. --- Garance Alistair Drosehn = gad@eclipse.acs.rpi.edu Senior Systems Programmer or drosih@rpi.edu Rensselaer Polytechnic Institute To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Sep 24 19: 4:33 2000 Delivered-To: freebsd-security@freebsd.org Received: from bsdie.rwsystems.net (bsdie.rwsystems.net [209.197.223.2]) by hub.freebsd.org (Postfix) with ESMTP id ED31937B42C for ; Sun, 24 Sep 2000 19:04:27 -0700 (PDT) Received: from bsdie.rwsystems.net([209.197.223.2]) (1602 bytes) by bsdie.rwsystems.net via sendmail with P:esmtp/R:bind_hosts/T:inet_zone_bind_smtp (sender: ) id for ; Sun, 24 Sep 2000 20:52:28 -0500 (CDT) (Smail-3.2.0.111 2000-Feb-17 #1 built 2000-Jun-25) Date: Sun, 24 Sep 2000 20:52:27 -0500 (CDT) From: James Wyatt To: Mipam Cc: Dag-Erling Smorgrav , "Vladimir Mencl, MK, susSED" , Ali Alaoui El Hassani <961BE653994@stud.alakhawayn.ma>, CrazZzy Slash , freebsd-security@FreeBSD.ORG, Peter Pentchev Subject: Re: Encryption over IP In-Reply-To: <20000924223816.F590@ibb0021.ibb.uu.nl> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, 24 Sep 2000, Mipam wrote: > > Your throughput goes down the drain, but it works fine and it's easy > > to set up. And remember, sweeping generalizations are always wrong. > > Not really. > Tcp always assumes an unreliable carrier, which isnt the case in tcp over tcp. > This can cause problems in some situations. Could you be a bit more specific? I can see where the extra overhead isn't always pretty, but I can't see where it *hurts* things other than network throughput. Actually the throughput doesn't suffer all *that* much, if you measure it and you have medium packets. For short, telnet-class packets the overhead is more noticable than FTP, NNTP, SMTP, HTTP, etc... - Jy@ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Sep 24 19:57:17 2000 Delivered-To: freebsd-security@freebsd.org Received: from blackstar.krsu.edu.kg (blackstar.krsu.edu.kg [195.254.161.130]) by hub.freebsd.org (Postfix) with ESMTP id B4EF337B422 for ; Sun, 24 Sep 2000 19:57:04 -0700 (PDT) Received: from krsu.edu.kg (krsu.edu.kg [195.254.164.3]) by blackstar.krsu.edu.kg (8.9.1a/8.9.1) with ESMTP id JAA21052; Thu, 17 Aug 2000 09:44:11 +0600 (KGST) Received: from localhost (slash@localhost) by krsu.edu.kg (8.9.3/8.9.3) with ESMTP id JAA22548; Mon, 25 Sep 2000 09:00:06 +0600 (KGST) (envelope-from slash@krsu.edu.kg) Date: Mon, 25 Sep 2000 09:00:06 +0600 (KGST) From: CrazZzy Slash To: Ali Alaoui El Hassani <961BE653994@stud.alakhawayn.ma> Cc: freebsd-security@FreeBSD.ORG, Peter Pentchev Subject: Re: Encryption over IP In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi! You can do tunneling over ssh, I think.. :) P.S. Sorry for my bad English.. :) On Sun, 24 Sep 2000, Ali Alaoui El Hassani wrote: > > Dear all I have a question for you, > > do you any encryption protocols else then IPsec(ESP, ESP +AH) that do > > encryption overIP ? > > I thank you in advance, > > Ali Alaoui El Hassani > > -- Key fingerprint = 08 2C 60 63 FB DE A5 67 96 38 02 0F FA 9B 81 86 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Sep 24 20:59:57 2000 Delivered-To: freebsd-security@freebsd.org Received: from ns.yogotech.com (ns.yogotech.com [206.127.123.66]) by hub.freebsd.org (Postfix) with ESMTP id A657B37B422 for ; Sun, 24 Sep 2000 20:59:50 -0700 (PDT) Received: from nomad.yogotech.com (nomad.yogotech.com [206.127.123.131]) by ns.yogotech.com (8.9.3/8.9.3) with ESMTP id VAA13617; Sun, 24 Sep 2000 21:57:56 -0600 (MDT) (envelope-from nate@nomad.yogotech.com) Received: (from nate@localhost) by nomad.yogotech.com (8.8.8/8.8.8) id VAA06561; Sun, 24 Sep 2000 21:57:55 -0600 (MDT) (envelope-from nate) Date: Sun, 24 Sep 2000 21:57:55 -0600 (MDT) Message-Id: <200009250357.VAA06561@nomad.yogotech.com> From: Nate Williams MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit To: mipam@ibb.net Cc: Dag-Erling Smorgrav , "Vladimir Mencl, MK, susSED" , Ali Alaoui El Hassani <961BE653994@stud.alakhawayn.ma>, CrazZzy Slash , freebsd-security@FreeBSD.ORG, Peter Pentchev Subject: Re: Encryption over IP In-Reply-To: <20000924223816.F590@ibb0021.ibb.uu.nl> References: <20000924205556.D590@ibb0021.ibb.uu.nl> <20000924223816.F590@ibb0021.ibb.uu.nl> X-Mailer: VM 6.34 under 19.16 "Lille" XEmacs Lucid Reply-To: nate@yogotech.com (Nate Williams) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > Your throughput goes down the drain, but it works fine and it's easy > > to set up. And remember, sweeping generalizations are always wrong. > > > > Not really. > Tcp always assumes an unreliable carrier, which isnt the case in tcp > over tcp. This can cause problems in some situations. Actually, TCP in it's current incarnation assumes a 'reliable' connection where unreliability is caused by congestion, which it attempts to avoid. In general, the more reliable the carrier, the better TCP tends to work. Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Sep 24 22:45:59 2000 Delivered-To: freebsd-security@freebsd.org Received: from ux1.ibb.net (ibb0005.ibb.uu.nl [131.211.124.5]) by hub.freebsd.org (Postfix) with ESMTP id F35D537B42C for ; Sun, 24 Sep 2000 22:45:56 -0700 (PDT) Received: from localhost (mipam@localhost) by ux1.ibb.net (8.9.3/8.9.3/UX1TT) with SMTP id HAA10733; Mon, 25 Sep 2000 07:44:09 +0200 Date: Mon, 25 Sep 2000 07:44:09 +0200 (MET DST) From: Mipam To: James Wyatt Cc: Dag-Erling Smorgrav , "Vladimir Mencl, MK, susSED" , Ali Alaoui El Hassani <961BE653994@stud.alakhawayn.ma>, CrazZzy Slash , freebsd-security@FreeBSD.ORG, Peter Pentchev Subject: Re: Encryption over IP In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Could you be a bit more specific? I can see where the extra overhead isn't > always pretty, but I can't see where it *hurts* things other than network > throughput. Actually the throughput doesn't suffer all *that* much, if you > measure it and you have medium packets. For short, telnet-class packets > the overhead is more noticable than FTP, NNTP, SMTP, HTTP, etc... - Jy@ Okay, here is a nice article concerning tcp over tcp: http://sites.inka.de/sites/bigred/devel/tcp-tcp.html In here more details are worked out. I know many ppl deffer in this, however, my own experiences with tcp over tcp werent that good at all and i am working from a T1 connection, so i cant say that my connection is that slow. Anyway, my own experiences, together with this article why tcp over tcp can cause problems lead to my opinion that tcp over tcp isnt such a good idea. I was happy that i wasnt the only one who experienced problems with this. Plz read the above article, then consider again conerning tcp over tcp. Some ppl even claim that tcp over tcp, so that tcp has a reliable carrier, is a good idea in fact.... If they could bring in some arguments why, i could consider them. Bye, Mipam. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Sep 24 22:55: 9 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.gplsucks.org (mail.gplsucks.org [63.227.213.93]) by hub.freebsd.org (Postfix) with ESMTP id F1C7337B43C for ; Sun, 24 Sep 2000 22:54:59 -0700 (PDT) Received: from localhost (bwoods2@localhost) by mail.gplsucks.org (8.11.0/8.11.0) with ESMTP id e8P5sxh00265 for ; Sun, 24 Sep 2000 22:54:59 -0700 (PDT) Date: Sun, 24 Sep 2000 22:54:58 -0700 (PDT) From: William Woods To: freebsd-security@freebsd.org Subject: Penetration testing question.... Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Please excuse me and point me in the right direction if this is not the best list (I suspect it isnt...) I currently run FreeBSD at home and on my personal system at work. The company I work for is developing a security hardware/software solution for windows and since I am the only person in the group with any type of *nix experiance they have asked me to do some penetration tests. They said I could use any OS I want for my platform (I am going to use FreeBSD because I am most familiar with it, linux is an option but I would rather stick with FreeBSD). They want me to get the the most commonly used scanners (I am currently useing SAINT and NMAP to test my persoanl LAN) and tools hackers use and test the devel systems for security. Now since I am not into the "hacking and cracking" scene I am kind of at a loss here. I have what I consider to be 2 good scanners, SAINT and NMAP but as to other "tools of the trade" I am at a bit of a loss. Where would I go from here ? Could you point me to a more realivant list at least? Again, I appologize if this is not the best forum for this question, I realise it is for FreeBSD related questions, but I really diden't know where else to turn. Thanks, Bill To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Sep 24 23: 4:30 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.kyx.net (cr95838-b.crdva1.bc.wave.home.com [24.113.50.147]) by hub.freebsd.org (Postfix) with ESMTP id 73A1237B422 for ; Sun, 24 Sep 2000 23:04:16 -0700 (PDT) Received: from smp.kyx.net (unknown [10.22.22.45]) by mail.kyx.net (Postfix) with SMTP id 705E91DC03; Sun, 24 Sep 2000 23:03:46 -0700 (PDT) From: Dragos Ruiu Organization: kyx.net To: nate@yogotech.com (Nate Williams), Nate Williams , mipam@ibb.net Subject: Re: Encryption over IP Date: Sun, 24 Sep 2000 22:57:20 -0700 X-Mailer: KYX-CP/M [version core00-mail-92] Content-Type: text/plain Cc: Dag-Erling Smorgrav , "Vladimir Mencl, MK, susSED" , Ali Alaoui El Hassani <961BE653994@stud.alakhawayn.ma>, CrazZzy Slash , freebsd-security@FreeBSD.ORG, Peter Pentchev References: <20000924223816.F590@ibb0021.ibb.uu.nl> <200009250357.VAA06561@nomad.yogotech.com> In-Reply-To: <200009250357.VAA06561@nomad.yogotech.com> MIME-Version: 1.0 Message-Id: <00092423054818.00325@smp.kyx.net> Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, 24 Sep 2000, Nate Williams wrote: > > > Your throughput goes down the drain, but it works fine and it's easy > > > to set up. And remember, sweeping generalizations are always wrong. > > Not really. > > Tcp always assumes an unreliable carrier, which isnt the case in tcp > > over tcp. This can cause problems in some situations. > Actually, TCP in it's current incarnation assumes a 'reliable' > connection where unreliability is caused by congestion, which it > attempts to avoid. > In general, the more reliable the carrier, the better TCP tends to work. > Nate Here is an interesting paper that seemed applicable to this discussion and may avoid some debate based on conjecture.... The real way to prove any of these performance arguments is with real-world benchmarks... Now... I've heard a couple of ppp-over-ssh afficionados talk about tweaking timeouts to make this work more efficiently on throughput but I haven't seen anything practical yet. I would love any further info on this. cheers, --dr --kyx-- url: http://sites.inka.de/sites/bigred/devel/tcp-tcp.html Why TCP Over TCP Is A Bad Idea A frequently occurring idea for IP tunneling applications is to run a protocol like PPP, which encapsulates IP packets in a format suited for a stream transport (like a modem line), over a TCP-based connection. This would be an easy solution for encrypting tunnels by running PPP over SSH, for which several recommendations already exist (one in the Linux HOWTO base, one on my own website, and surely several others). It would also be an easy way to compress arbitrary IP traffic, while datagram based compression has hard to overcome efficiency limits. Unfortunately, it doesn't work well. Long delays and frequent connection aborts are to be expected. Here is why. TCP's retransmission algorithm TCP divides the data stream into segments which are sent as individual IP datagrams. The segments carry a sequence number which numbers the bytes in the stream, and an acknowledge number which tells the other side the last received sequence number. [RFC793] Since IP datagrams may be lost, duplicated or reordered, the sequence numbers are used to reassemble the stream. The acknowledge number tells the sender, indirectly, if a segment was lost: when an acknowledge for a recently sent segment does not arrive in a certain amount of time, the sender assumes a lost packet and re-sends that segment. Many other protocols using a similar approach, designed mostly for use over lines with relatively fixed bandwidth, have the "certain amount of time" fixed or configurable. In the Internet however, parameters like bandwidth, delay and loss rate are vastly different from one connection to another and even changing over time on a single connection. A fixed timeout in the seconds range would be inappropriate on a fast LAN and likewise inappropriate on a congested international link. In fact, it would increase the congestion and lead to an effect known as "meltdown". For this reason, TCP uses adaptive timeouts for all timing-related parameters. They start at conservative estimates and change dynamically with every received segment. The actual algorithms used are described in [RFC2001]. The details are not important here but one critical property: when a segment timeouts, the following timeout is increased (exponentially, in fact, because that has been shown to avoid the meltdown effect). Stacking TCPs The TCP timeout policy works fine in the Internet over a vast range of different connection characteristics. Because TCP tries very hard not to break connections, the timeout can increase up to the range of several minutes. This is just what is sensible for unattended bulk data transfer. (For interactive applications, such slow connections are of course undesirable and likely the user will terminate them.) This optimization for reliability breaks when stacking one TCP connection on top of another, which was never anticipated by the TCP designers. But it happens when running PPP over SSH or another TCP-based protocol, because the PPP-encapsulated IP datagrams likely carry TCP-based payload, like this: (IP stack diagram omitted) Note that the upper and the lower layer TCP have different timers. When an upper layer connection starts fast, its timers are fast too. Now it can happen that the lower connection has slower timers, perhaps as a leftover from a period with a slow or unreliable base connection. Imagine what happens when, in this situation, the base connection starts losing packets. The lower layer TCP queues up a retransmission and increases its timeouts. Since the connection is blocked for this amount of time, the upper layer (i.e. payload) TCP won't get a timely ACK, and will also queue a retransmission. Because the timeout is still less than the lower layer timeout, the upper layer will queue up more retransmissions faster than the lower layer can process them. This makes the upper layer connection stall very quickly and every retransmission just adds to the problem - an internal meltdown effect. TCPs reliability provisions backfire here. The upper layer retransmissions are completely unnecessary, since the carrier guarantees delivery - but the upper layer TCP can't know this, because TCP always assumes an unreliable carrier. Practical experience The whole problem was the original incentive to start the CIPE project, because I used a PPP over SSH solution for some time and it proved to be fairly unusable. At that time it had to run over an optical link which suffered frequent packet loss, sometimes 10-20% over an extended period of time. With plain TCP, this was just bearable (because the link was not congested), but with the stacked protocols, connections would get really slow and then break very frequently. This is the detailed reason why CIPE uses a datagram carrier. (The choice for UDP, instead of another IP-level protocol like IPsec does, is for several reasons: this allows to distinguish tunnels by their port number, and it adds the ability to run over SOCKS.) The datagram carrier has exactly the same characteristics as plain IP, for which TCP was designed to run over. Olaf Titz Last modified: Fri Apr 14 20:12:33 CEST 2000 -- Dragos Ruiu dursec.com ltd. / kyx.net - we're from the future gpg/pgp key on file at wwwkeys.pgp.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Sep 25 0: 5:24 2000 Delivered-To: freebsd-security@freebsd.org Received: from devnull.xpert.com (xpert.com [199.203.132.1]) by hub.freebsd.org (Postfix) with ESMTP id 860F437B43C for ; Mon, 25 Sep 2000 00:05:18 -0700 (PDT) Received: from exchange.xpert.com ([199.203.132.115]) by devnull.xpert.com with esmtp (Exim 3.01 #1) id 13dSK1-00042Y-00 for freebsd-security@freebsd.org; Mon, 25 Sep 2000 09:05:05 +0200 Received: by exchange.xpert.com with Internet Mail Service (5.5.2650.21) id ; Mon, 25 Sep 2000 10:05:18 +0300 Message-ID: <00BF97DD9F3FD311AB860060084E50DD311C71@exchange.xpert.com> From: Yonatan Bokovza To: "'freebsd-security@freebsd.org'" Subject: RE: Penetration testing question.... Date: Mon, 25 Sep 2000 10:05:16 +0300 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > -----Original Message----- > From: William Woods [mailto:bwoods2@uswest.net] > Sent: Monday, September 25, 2000 7:55 AM > To: freebsd-security@freebsd.org > Subject: Penetration testing question.... > > > Please excuse me and point me in the right direction if this > is not the > best list (I suspect it isnt...) > > I currently run FreeBSD at home and on my personal system at work. The > company I work for is developing a security hardware/software > solution for > windows and since I am the only person in the group with any > type of *nix > experiance they have asked me to do some penetration tests. > They said I > could use any OS I want for my platform (I am going to use > FreeBSD because > I am most familiar with it, linux is an option but I would rather > stick with FreeBSD). They want me to get the the most commonly > used scanners (I am currently useing SAINT and NMAP to test my > persoanl LAN) and tools hackers use and test the devel systems for > security. So far, so cool. > > Now since I am not into the "hacking and cracking" scene I am > kind of at a > loss here. I have what I consider to be 2 good scanners, > SAINT and NMAP > but as to other "tools of the trade" I am at a bit of a loss. > Where would > I go from here ? Could you point me to a more realivant list at least? /usr/ports/security/nessus* is a good general-purpose security scanner. But you want to attack a unique software, and that's completely different than looking for known vulnerabilities in a server. Checking is a software is secure is _wide_ topic. Generally speaking, if the program utilises the network, see if it's vulnerable to network attacks, or if it vulnerabify (hehe, "makes vulnerable") the station it's installed on. If it's used on server where users have local access- see if a local user can take advantage of it to cause havoc or elevate permissions. Mail me off the list for more opinions. > > Again, I appologize if this is not the best forum for this question, I > realise it is for FreeBSD related questions, but I really diden't know > where else to turn. > > > Thanks, > > Bill > Sure, Yonatan. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Sep 25 0: 6:54 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.kyx.net (cr95838-b.crdva1.bc.wave.home.com [24.113.50.147]) by hub.freebsd.org (Postfix) with ESMTP id DA77337B43C for ; Mon, 25 Sep 2000 00:06:46 -0700 (PDT) Received: from smp.kyx.net (unknown [10.22.22.45]) by mail.kyx.net (Postfix) with SMTP id 2F1991DC03; Mon, 25 Sep 2000 00:06:16 -0700 (PDT) From: Dragos Ruiu Organization: kyx.net To: William Woods , freebsd-security@freebsd.org Subject: Re: Penetration testing question.... Date: Mon, 25 Sep 2000 00:04:55 -0700 X-Mailer: KYX-CP/M [version core00-mail-92] Content-Type: text/plain References: In-Reply-To: MIME-Version: 1.0 Message-Id: <0009250008231B.00325@smp.kyx.net> Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, 24 Sep 2000, William Woods wrote: > Now since I am not into the "hacking and cracking" scene I am kind of at a > loss here. I have what I consider to be 2 good scanners, SAINT and NMAP > but as to other "tools of the trade" I am at a bit of a loss. Where would > I go from here ? Could you point me to a more realivant list at least? Fyodor, of nmap fame, maintains a survey of the top 50 security tools at http://www.insecure.org/tools.html Could be just what you're looking for, and a good checklist of tools for any security professional's toolbox. cheers, --dr -- Dragos Ruiu dursec.com ltd. / kyx.net - we're from the future gpg/pgp key on file at wwwkeys.pgp.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Sep 25 0:24:37 2000 Delivered-To: freebsd-security@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id 36C5D37B507 for ; Mon, 25 Sep 2000 00:24:19 -0700 (PDT) Received: (from des@localhost) by flood.ping.uio.no (8.9.3/8.9.3) id JAA51717; Mon, 25 Sep 2000 09:24:12 +0200 (CEST) (envelope-from des@ofug.org) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: mipam@ibb.net Cc: "Vladimir Mencl, MK, susSED" , Ali Alaoui El Hassani <961BE653994@stud.alakhawayn.ma>, CrazZzy Slash , freebsd-security@FreeBSD.ORG, Peter Pentchev Subject: Re: Encryption over IP References: <20000924205556.D590@ibb0021.ibb.uu.nl> <20000924223816.F590@ibb0021.ibb.uu.nl> From: Dag-Erling Smorgrav Date: 25 Sep 2000 09:24:11 +0200 In-Reply-To: Mipam's message of "Sun, 24 Sep 2000 22:38:16 +0200" Message-ID: Lines: 14 User-Agent: Gnus/5.0802 (Gnus v5.8.2) Emacs/20.4 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Mipam writes: > > Your throughput goes down the drain, but it works fine and it's easy > > to set up. And remember, sweeping generalizations are always wrong. > Not really. > Tcp always assumes an unreliable carrier, which isnt the case in tcp > over tcp. This can cause problems in some situations. TCP does not require an unreliable carrier; it *defends* against an unreliable carrier. Running on top of a reliable carrier will not break TCP. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Sep 25 1:36:36 2000 Delivered-To: freebsd-security@freebsd.org Received: from aurora.scoop.co.nz (aurora.scoop.co.nz [203.96.152.68]) by hub.freebsd.org (Postfix) with ESMTP id 1E8E237B424 for ; Mon, 25 Sep 2000 01:36:30 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by aurora.scoop.co.nz (8.9.3/8.9.3) with SMTP id UAA01568; Mon, 25 Sep 2000 20:30:18 +1200 (NZST) Date: Mon, 25 Sep 2000 20:30:18 +1200 (NZST) From: Andrew McNaughton Reply-To: andrew@scoop.co.nz To: Dag-Erling Smorgrav Cc: mipam@ibb.net, "Vladimir Mencl, MK, susSED" , Ali Alaoui El Hassani <961BE653994@stud.alakhawayn.ma>, CrazZzy Slash , freebsd-security@FreeBSD.ORG, Peter Pentchev Subject: Re: Encryption over IP In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 25 Sep 2000, Dag-Erling Smorgrav wrote: > Mipam writes: > > > Your throughput goes down the drain, but it works fine and it's easy > > > to set up. And remember, sweeping generalizations are always wrong. > > Not really. > > Tcp always assumes an unreliable carrier, which isnt the case in tcp > > over tcp. This can cause problems in some situations. > > TCP does not require an unreliable carrier; it *defends* against an > unreliable carrier. Running on top of a reliable carrier will not > break TCP. This is true, but does not contradict what you replied to. The problems relate to duplication of error correction, and do not break the connection, but do have performance implications. I guess we all agree with each other? -- Andrew McNaughton andrew@squiz.co.nz To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Sep 25 1:57: 9 2000 Delivered-To: freebsd-security@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id 77C6437B422 for ; Mon, 25 Sep 2000 01:56:57 -0700 (PDT) Received: (from des@localhost) by flood.ping.uio.no (8.9.3/8.9.3) id KAA52097; Mon, 25 Sep 2000 10:55:55 +0200 (CEST) (envelope-from des@ofug.org) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: andrew@scoop.co.nz Cc: mipam@ibb.net, "Vladimir Mencl, MK, susSED" , Ali Alaoui El Hassani <961BE653994@stud.alakhawayn.ma>, CrazZzy Slash , freebsd-security@FreeBSD.ORG, Peter Pentchev Subject: Re: Encryption over IP References: From: Dag-Erling Smorgrav Date: 25 Sep 2000 10:55:54 +0200 In-Reply-To: Andrew McNaughton's message of "Mon, 25 Sep 2000 20:30:18 +1200 (NZST)" Message-ID: Lines: 12 User-Agent: Gnus/5.0802 (Gnus v5.8.2) Emacs/20.4 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Andrew McNaughton writes: > This is true, but does not contradict what you replied to. The problems > relate to duplication of error correction, and do not break the > connection, but do have performance implications. > > I guess we all agree with each other? Yes. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Sep 25 2:15:10 2000 Delivered-To: freebsd-security@freebsd.org Received: from smtp.doosys.com (smtp.doosys.com [195.64.50.136]) by hub.freebsd.org (Postfix) with ESMTP id 5894A37B422; Mon, 25 Sep 2000 02:14:57 -0700 (PDT) Received: from smtp.intra.doosys.com (IDENT:itcsrv-doosys@smtp.intra.doosys.com. [10.10.10.12]) by smtp.doosys.com (8.9.3/8.9.3) with ESMTP id LAA66313; Mon, 25 Sep 2000 11:07:06 +0200 (CEST) (envelope-from Bart_van_Leeuwen@doosys.com) From: Bart_van_Leeuwen@doosys.com Subject: Re: Encryption over IP To: Mipam Cc: Ali Alaoui El Hassani <961BE653994@stud.alakhawayn.ma>, Dag-Erling Smorgrav , freebsd-security@FreeBSD.ORG, James Wyatt , "Vladimir Mencl, MK, susSED" , owner-freebsd-security@FreeBSD.ORG, Peter Pentchev , CrazZzy Slash X-Mailer: Lotus Notes Release 5.0.4 June 8, 2000 Message-ID: Date: Mon, 25 Sep 2000 11:13:36 +0200 X-MIMETrack: Serialize by Router on ITCSRV/DOOSYS(Release 5.0.4a |July 24, 2000) at 09/25/2000 11:13:43 AM MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org TCP over TCP has a few known problems, and the article you point at desribes one of those. Your claim about your connection however has little to do with it. Speed of the connection is of little importance, the packet loss you encounter however is of major importance. A T1 with 10% packet loss will not work well at all, 64kbit with 0% packet loss will work reasonably well. Bottem line, a dedicated tunneling protocol that does not use tcp as a transport layer is a very good idea. Bart van Leeuwen. mailto:Bart_van_Leeuwen@doosys.com http://www.doosys.com/ mailto:bart@ixori.demon.nl http://www.ixori.demon.nl/ Mipam Sent by: To: James Wyatt owner-freebsd-security@F cc: Dag-Erling Smorgrav , "Vladimir Mencl, MK, reeBSD.ORG susSED" , Ali Alaoui El Hassani <961BE653994@stud.alakhawayn.ma>, CrazZzy Slash , freebsd-security@FreeBSD.ORG, Peter Pentchev 25-09-2000 07:44 Subject: Re: Encryption over IP > Could you be a bit more specific? I can see where the extra overhead isn't > always pretty, but I can't see where it *hurts* things other than network > throughput. Actually the throughput doesn't suffer all *that* much, if you > measure it and you have medium packets. For short, telnet-class packets > the overhead is more noticable than FTP, NNTP, SMTP, HTTP, etc... - Jy@ Okay, here is a nice article concerning tcp over tcp: http://sites.inka.de/sites/bigred/devel/tcp-tcp.html In here more details are worked out. I know many ppl deffer in this, however, my own experiences with tcp over tcp werent that good at all and i am working from a T1 connection, so i cant say that my connection is that slow. Anyway, my own experiences, together with this article why tcp over tcp can cause problems lead to my opinion that tcp over tcp isnt such a good idea. I was happy that i wasnt the only one who experienced problems with this. Plz read the above article, then consider again conerning tcp over tcp. Some ppl even claim that tcp over tcp, so that tcp has a reliable carrier, is a good idea in fact.... If they could bring in some arguments why, i could consider them. Bye, Mipam. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Sep 25 3: 4:34 2000 Delivered-To: freebsd-security@freebsd.org Received: from liam.london.sparza.com (liam.london.sparza.com [212.135.72.25]) by hub.freebsd.org (Postfix) with ESMTP id C33D937B422 for ; Mon, 25 Sep 2000 03:04:20 -0700 (PDT) Received: from hagop.london.sparza.com ([212.135.72.28]) by liam.london.sparza.com with esmtp (Exim 3.14 #3) id 13dV7X-0002Fm-00; Mon, 25 Sep 2000 11:04:23 +0100 Received: from localhost (scot@localhost) by hagop.london.sparza.com (8.9.3/8.9.3) with ESMTP id LAA07163; Mon, 25 Sep 2000 11:04:04 +0100 (BST) (envelope-from scot@london.sparza.com) Date: Mon, 25 Sep 2000 11:04:04 +0100 (BST) From: Scot Elliott To: CrazZzy Slash Cc: Ali Alaoui El Hassani <961BE653994@stud.alakhawayn.ma>, freebsd-security@FreeBSD.ORG, Peter Pentchev Subject: Re: Encryption over IP In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org As a friend pointed out to me recently, long term SSH connections that move a lot of data are probably not very secure, as the SSH protocol does not re-generate it's encryption keys unlike something like IPSec... Scot On Mon, 25 Sep 2000, CrazZzy Slash wrote: > Hi! > You can do tunneling over ssh, I think.. :) > > > P.S. Sorry for my bad English.. :) > > On Sun, 24 Sep 2000, Ali Alaoui El Hassani wrote: > > > > > Dear all I have a question for you, > > > > do you any encryption protocols else then IPsec(ESP, ESP +AH) that do > > > > encryption overIP ? > > > > I thank you in advance, > > > > Ali Alaoui El Hassani > > > > > > -- > > Key fingerprint = 08 2C 60 63 FB DE A5 67 96 38 02 0F FA 9B 81 86 > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Sep 25 3:16:22 2000 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8D8AA37B422 for ; Mon, 25 Sep 2000 03:16:20 -0700 (PDT) Received: from ux1.ibb.net (ibb0005.ibb.uu.nl [131.211.124.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 70A9D6E2AB5 for ; Mon, 25 Sep 2000 03:16:19 -0700 (PDT) Received: from localhost (mipam@localhost) by ux1.ibb.net (8.9.3/8.9.3/UX1TT) with SMTP id MAA11134; Mon, 25 Sep 2000 12:15:22 +0200 Date: Mon, 25 Sep 2000 12:15:22 +0200 (MET DST) From: Mipam To: Scot Elliott Cc: CrazZzy Slash , Ali Alaoui El Hassani <961BE653994@stud.alakhawayn.ma>, freebsd-security@FreeBSD.ORG, Peter Pentchev Subject: Re: Encryption over IP In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > As a friend pointed out to me recently, long term SSH connections that > move a lot of data are probably not very secure, as the SSH protocol does > not re-generate it's encryption keys unlike something like IPSec... > This is not the case. For example in openssh you can specify the regeneration time of the key. Default this is set to 3600 seconds. And when you would look closely, you also see it happening for a message is displayed when this happens. You also can check in your logs it happens. Checkout /etc/sshd_config Bye, Mipam. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Sep 25 3:28:46 2000 Delivered-To: freebsd-security@freebsd.org Received: from liam.london.sparza.com (liam.london.sparza.com [212.135.72.25]) by hub.freebsd.org (Postfix) with ESMTP id 1882037B422 for ; Mon, 25 Sep 2000 03:28:44 -0700 (PDT) Received: from hagop.london.sparza.com ([212.135.72.28]) by liam.london.sparza.com with esmtp (Exim 3.14 #3) id 13dVVC-0002Jh-00; Mon, 25 Sep 2000 11:28:50 +0100 Received: from localhost (scot@localhost) by hagop.london.sparza.com (8.9.3/8.9.3) with ESMTP id LAA07218; Mon, 25 Sep 2000 11:28:36 +0100 (BST) (envelope-from scot@london.sparza.com) Date: Mon, 25 Sep 2000 11:28:36 +0100 (BST) From: Scot Elliott To: Mipam Cc: CrazZzy Slash , Ali Alaoui El Hassani <961BE653994@stud.alakhawayn.ma>, freebsd-security@FreeBSD.ORG, Peter Pentchev Subject: Re: Encryption over IP In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org No - only the RSA server key is changed periodically. The session key (passed from client to server using public key crypto at the start) is not changed throughout the session... which can last much longer than the server key regeneration time. Scot On Mon, 25 Sep 2000, Mipam wrote: > > As a friend pointed out to me recently, long term SSH connections that > > move a lot of data are probably not very secure, as the SSH protocol does > > not re-generate it's encryption keys unlike something like IPSec... > > > > This is not the case. > For example in openssh you can specify the regeneration time of the key. > Default this is set to 3600 seconds. And when you would look closely, you > also see it happening for a message is displayed when this happens. > You also can check in your logs it happens. Checkout /etc/sshd_config > Bye, > > Mipam. > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Sep 25 3:31:16 2000 Delivered-To: freebsd-security@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id C71BE37B42C for ; Mon, 25 Sep 2000 03:31:13 -0700 (PDT) Received: (from des@localhost) by flood.ping.uio.no (8.9.3/8.9.3) id MAA52474; Mon, 25 Sep 2000 12:31:02 +0200 (CEST) (envelope-from des@ofug.org) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: Mipam Cc: Scot Elliott , CrazZzy Slash , Ali Alaoui El Hassani <961BE653994@stud.alakhawayn.ma>, freebsd-security@FreeBSD.ORG, Peter Pentchev Subject: Re: Encryption over IP References: From: Dag-Erling Smorgrav Date: 25 Sep 2000 12:31:02 +0200 In-Reply-To: Mipam's message of "Mon, 25 Sep 2000 12:15:22 +0200 (MET DST)" Message-ID: Lines: 12 User-Agent: Gnus/5.0802 (Gnus v5.8.2) Emacs/20.4 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Mipam writes: > For example in openssh you can specify the regeneration time of the key. > Default this is set to 3600 seconds. And when you would look closely, you > also see it happening for a message is displayed when this happens. > You also can check in your logs it happens. Checkout /etc/sshd_config This only applies to new connections, I think. Existing ones keep the same key. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Sep 25 3:48:52 2000 Delivered-To: freebsd-security@freebsd.org Received: from ux1.ibb.net (ibb0005.ibb.uu.nl [131.211.124.5]) by hub.freebsd.org (Postfix) with ESMTP id 118A137B422 for ; Mon, 25 Sep 2000 03:48:49 -0700 (PDT) Received: from localhost (mipam@localhost) by ux1.ibb.net (8.9.3/8.9.3/UX1TT) with SMTP id MAA11211; Mon, 25 Sep 2000 12:48:05 +0200 Date: Mon, 25 Sep 2000 12:48:05 +0200 (MET DST) From: Mipam To: Scot Elliott Cc: CrazZzy Slash , Ali Alaoui El Hassani <961BE653994@stud.alakhawayn.ma>, freebsd-security@FreeBSD.ORG, Peter Pentchev Subject: Re: Encryption over IP In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > No - only the RSA server key is changed periodically. The session key > (passed from client to server using public key crypto at the start) is not > changed throughout the session... which can last much longer than the > server key regeneration time. Okay, good point :) Mipam. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Sep 25 5:42:10 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.gplsucks.org (mail.gplsucks.org [63.227.213.93]) by hub.freebsd.org (Postfix) with ESMTP id 9D4E037B43F for ; Mon, 25 Sep 2000 05:39:59 -0700 (PDT) Received: from localhost (bwoods2@localhost) by mail.gplsucks.org (8.11.0/8.11.0) with ESMTP id e8PCdw001203; Mon, 25 Sep 2000 05:39:58 -0700 (PDT) Date: Mon, 25 Sep 2000 05:39:57 -0700 (PDT) From: William Woods To: Dragos Ruiu Cc: William Woods , freebsd-security@freebsd.org Subject: Re: Penetration testing question.... In-Reply-To: <0009250008231B.00325@smp.kyx.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Thanks. On Mon, 25 Sep 2000, Dragos Ruiu wrote: > On Sun, 24 Sep 2000, William Woods wrote: > > Now since I am not into the "hacking and cracking" scene I am kind of at a > > loss here. I have what I consider to be 2 good scanners, SAINT and NMAP > > but as to other "tools of the trade" I am at a bit of a loss. Where would > > I go from here ? Could you point me to a more realivant list at least? > > > Fyodor, of nmap fame, maintains a survey of the top 50 security tools > at http://www.insecure.org/tools.html > > Could be just what you're looking for, and a good checklist of tools for > any security professional's toolbox. > > cheers, > --dr > > -- > Dragos Ruiu dursec.com ltd. / kyx.net - we're from the future > gpg/pgp key on file at wwwkeys.pgp.net > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Sep 25 6:53:56 2000 Delivered-To: freebsd-security@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id 59D3837B422 for ; Mon, 25 Sep 2000 06:53:47 -0700 (PDT) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id GAA19145; Mon, 25 Sep 2000 06:53:39 -0700 Received: from passer.osg.gov.bc.ca(142.32.110.29) via SMTP by point.osg.gov.bc.ca, id smtpda19143; Mon Sep 25 06:53:39 2000 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.9.3/8.9.1) id GAA63378; Mon, 25 Sep 2000 06:53:39 -0700 (PDT) Received: from cwsys9.cwsent.com(10.2.2.1), claiming to be "cwsys.cwsent.com" via SMTP by passer9.cwsent.com, id smtpdq63376; Mon Sep 25 06:53:25 2000 Received: (from uucp@localhost) by cwsys.cwsent.com (8.11.0/8.9.1) id e8PDrPx04495; Mon, 25 Sep 2000 06:53:25 -0700 (PDT) Message-Id: <200009251353.e8PDrPx04495@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpdev4486; Mon Sep 25 06:52:54 2000 X-Mailer: exmh version 2.1.1 10/15/1999 Reply-To: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-OS: FreeBSD 4.1-RELEASE X-Sender: cy To: William Woods Cc: freebsd-security@FreeBSD.ORG Subject: Re: Penetration testing question.... In-reply-to: Your message of "Sun, 24 Sep 2000 22:54:58 PDT." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Mon, 25 Sep 2000 06:52:54 -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message , William Woods writes: > Please excuse me and point me in the right direction if this is not the > best list (I suspect it isnt...) > > I currently run FreeBSD at home and on my personal system at work. The > company I work for is developing a security hardware/software solution for > windows and since I am the only person in the group with any type of *nix > experiance they have asked me to do some penetration tests. They said I > could use any OS I want for my platform (I am going to use FreeBSD because > I am most familiar with it, linux is an option but I would rather > stick with FreeBSD). They want me to get the the most commonly > used scanners (I am currently useing SAINT and NMAP to test my > persoanl LAN) and tools hackers use and test the devel systems for > security. [deleted] We do penetration testing using nmap and nessus on a periodic basis from two locations in our own network and from outside of our network. These are great firewall testing tools. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/DEC Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Sep 25 8: 4:43 2000 Delivered-To: freebsd-security@freebsd.org Received: from priv-edtnes04-hme0.telusplanet.net (fepout2.telus.net [199.185.220.237]) by hub.freebsd.org (Postfix) with ESMTP id 1FD0537B440 for ; Mon, 25 Sep 2000 08:04:19 -0700 (PDT) Received: from yuggoth.warpedspace.org ([216.232.142.232]) by priv-edtnes12-hme0.telusplanet.net (InterMail vM.4.01.02.11 201-229-116-111) with ESMTP id <20000925145532.JVLD4505.priv-edtnes12-hme0.telusplanet.net@yuggoth.warpedspace.org> for ; Mon, 25 Sep 2000 08:55:32 -0600 Received: (from sdp@localhost) by yuggoth.warpedspace.org (8.11.0/8.11.0) id e8PF3m001769; Mon, 25 Sep 2000 08:03:48 -0700 (PDT) From: "S. David Pullara" MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <14799.26963.869302.229516@yuggoth.warpedspace.org> Date: Mon, 25 Sep 2000 08:03:47 -0700 (PDT) To: freebsd-security@FreeBSD.ORG Subject: OpenSSH compiles? X-Mailer: VM 6.72 under 21.1 (patch 12) "Channel Islands" XEmacs Lucid Cc: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Does anyone know if there's some trick to getting OpenSSH 2.2.0 to compile? First the Makefile in ssh/lib dies because of a "malformed if" (the line with ${KERBEROS} == "yes"), which I got around by just commenting out that part of the makefile, then I'm getting some missing files. Here is the error output -- ===> lib Warning: Object directory not changed from original /usr/src/contrib/ssh/lib cc -O -pipe -I/usr/src/contrib/ssh/lib/.. -c /usr/src/contrib/ssh/lib/../authfd.c -o authfd.o In file included from /usr/src/contrib/ssh/lib/../authfd.c:19: /usr/src/contrib/ssh/lib/../includes.h:27: sys/endian.h: No such file or directory In file included from /usr/src/contrib/ssh/lib/../authfd.c:19: /usr/src/contrib/ssh/lib/../includes.h:41: netgroup.h: No such file or directory *** Error code 1 Stop in /usr/src/contrib/ssh/lib. *** Error code 1 Stop in /usr/src/contrib/ssh. and here is what I commented out of lib/Makefile -- #.if (${KERBEROS} == "yes") #CFLAGS+= -DKRB4 -I${DESTDIR}/usr/include/kerberosIV #.if (${AFS} == "yes") #CFLAGS+= -DAFS #SRCS+= radix.c #.endif # AFS #.endif # KERBEROS Excuse the maillist spam if this is a simple fix -- I just thought I'd ask if anyone's had a similar problem before this takes a large amount of time. Any ideas would be a great help. David Pullara To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Sep 25 8:41:39 2000 Delivered-To: freebsd-security@freebsd.org Received: from green.dyndns.org (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 929BD37B422; Mon, 25 Sep 2000 08:41:33 -0700 (PDT) Received: from localhost (vykygn@localhost [127.0.0.1] (may be forged)) by green.dyndns.org (8.11.0/8.11.0) with ESMTP id e8PFfM549719; Mon, 25 Sep 2000 11:41:25 -0400 (EDT) (envelope-from green@FreeBSD.org) Message-Id: <200009251541.e8PFfM549719@green.dyndns.org> X-Mailer: exmh version 2.2 06/23/2000 with nmh-1.0.4 To: Scot Elliott Cc: CrazZzy Slash , Ali Alaoui El Hassani <961BE653994@stud.alakhawayn.ma>, freebsd-security@FreeBSD.org, Peter Pentchev Subject: Re: Encryption over IP In-Reply-To: Message from Scot Elliott of "Mon, 25 Sep 2000 11:04:04 BST." From: "Brian F. Feldman" Date: Mon, 25 Sep 2000 11:41:21 -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > As a friend pointed out to me recently, long term SSH connections that > move a lot of data are probably not very secure, as the SSH protocol does > not re-generate it's encryption keys unlike something like IPSec... So, weigh that into your decision of whether SSH is appropriate or not; are people on the inside going to be actively attempting a chosen-plaintext or known-plaintext attack? A long term SSH connection which only you have control over should really not have any need for rekeying; the stream should not be able to be known by anyone else in its unencrypted form nor should it be able to be modified at will before transport. For using SSH as an anonymous tunnel in hostile environments, I'd definitely want to know it was rekeying at a decent interval. -- Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! / green@FreeBSD.org `------------------------------' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Sep 25 8:45: 5 2000 Delivered-To: freebsd-security@freebsd.org Received: from liam.london.sparza.com (liam.london.sparza.com [212.135.72.25]) by hub.freebsd.org (Postfix) with ESMTP id 9F31B37B42C; Mon, 25 Sep 2000 08:44:57 -0700 (PDT) Received: from hagop.london.sparza.com ([212.135.72.28]) by liam.london.sparza.com with esmtp (Exim 3.14 #3) id 13daRI-0003Sb-00; Mon, 25 Sep 2000 16:45:08 +0100 Received: from localhost (scot@localhost) by hagop.london.sparza.com (8.9.3/8.9.3) with ESMTP id QAA08505; Mon, 25 Sep 2000 16:44:53 +0100 (BST) (envelope-from scot@london.sparza.com) Date: Mon, 25 Sep 2000 16:44:53 +0100 (BST) From: Scot Elliott To: "Brian F. Feldman" Cc: CrazZzy Slash , Ali Alaoui El Hassani <961BE653994@stud.alakhawayn.ma>, freebsd-security@FreeBSD.org, Peter Pentchev Subject: Re: Encryption over IP In-Reply-To: <200009251541.e8PFfM549719@green.dyndns.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I'm not sure that's the point. If you're using SSH to tunnel between two networks, across the public Internet then there is a chance of your encrypted datastream being intercepted and analysed. If there's a large amount of data then the chance of the key being found and therefore your unencrypted data exposed - is much higher. Scot On Mon, 25 Sep 2000, Brian F. Feldman wrote: > > As a friend pointed out to me recently, long term SSH connections that > > move a lot of data are probably not very secure, as the SSH protocol does > > not re-generate it's encryption keys unlike something like IPSec... > > So, weigh that into your decision of whether SSH is appropriate or not; are > people on the inside going to be actively attempting a chosen-plaintext or > known-plaintext attack? A long term SSH connection which only you have > control over should really not have any need for rekeying; the stream should > not be able to be known by anyone else in its unencrypted form nor should it > be able to be modified at will before transport. > > For using SSH as an anonymous tunnel in hostile environments, I'd definitely > want to know it was rekeying at a decent interval. > > -- > Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! / > green@FreeBSD.org `------------------------------' > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Sep 25 9:28:10 2000 Delivered-To: freebsd-security@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id 538E937B422 for ; Mon, 25 Sep 2000 09:28:07 -0700 (PDT) Received: (from des@localhost) by flood.ping.uio.no (8.9.3/8.9.3) id SAA53817; Mon, 25 Sep 2000 18:28:02 +0200 (CEST) (envelope-from des@ofug.org) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: "S. David Pullara" Cc: freebsd-security@FreeBSD.ORG Subject: Re: OpenSSH compiles? References: <14799.26963.869302.229516@yuggoth.warpedspace.org> From: Dag-Erling Smorgrav Date: 25 Sep 2000 18:28:01 +0200 In-Reply-To: "S. David Pullara"'s message of "Mon, 25 Sep 2000 08:03:47 -0700 (PDT)" Message-ID: Lines: 17 User-Agent: Gnus/5.0802 (Gnus v5.8.2) Emacs/20.4 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org "S. David Pullara" writes: > Does anyone know if there's some trick to getting OpenSSH 2.2.0 to > compile? First the Makefile in ssh/lib dies because of a "malformed > if" (the line with ${KERBEROS} == "yes"), which I got around by just > commenting out that part of the makefile, then I'm getting some > missing files. Don't build code in src/contrib. Contrib is merely a repository for (mostly) unmodified contributed source code; the actual build system as well as local additions are in other places (in this case, src/secure). Note that OpenSSH has a lot of dependencies (OpenSSL, libcrypto, libssh) that you need to build first, so it's probably simpler to just 'make world'. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Sep 25 9:46:15 2000 Delivered-To: freebsd-security@freebsd.org Received: from green.dyndns.org (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 3640437B42C; Mon, 25 Sep 2000 09:46:11 -0700 (PDT) Received: from localhost (yqhu8k@localhost [127.0.0.1] (may be forged)) by green.dyndns.org (8.11.0/8.11.0) with ESMTP id e8PGim554314; Mon, 25 Sep 2000 12:44:50 -0400 (EDT) (envelope-from green@FreeBSD.org) Message-Id: <200009251644.e8PGim554314@green.dyndns.org> X-Mailer: exmh version 2.2 06/23/2000 with nmh-1.0.4 To: Scot Elliott Cc: "Brian F. Feldman" , CrazZzy Slash , Ali Alaoui El Hassani <961BE653994@stud.alakhawayn.ma>, freebsd-security@FreeBSD.org, Peter Pentchev Subject: Re: Encryption over IP In-Reply-To: Message from Scot Elliott of "Mon, 25 Sep 2000 16:44:53 BST." From: "Brian F. Feldman" Date: Mon, 25 Sep 2000 12:44:47 -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > I'm not sure that's the point. > > If you're using SSH to tunnel between two networks, across the public > Internet then there is a chance of your encrypted datastream being > intercepted and analysed. If there's a large amount of data then the > chance of the key being found and therefore your unencrypted data exposed > - is much higher. You still have to know at least some chunks of the plaintext to do that. You simply _cannot_ brute force any moderately decent algorithm with reasonable key length. For example, Blowfish (commonly) uses a 160 bit key. To do 2^160 operations of anything in a reasonable amount of time would be astounding, much less 2^160 different blowfish encryptions (note that it takes about 26 operations to encrypt one byte of data; that does not take into account the very low key agility which is much more significant for being able to brute-force it). There aren't any chosen-plaintext or known-plaintext attacks against it; if there were, you would still have to push that much data through the tunnel; even chosen-plaintext attacks against a non-trivial algorithm require a huge amount of data to be encrypted. In other words, don't worry about it. -- Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! / green@FreeBSD.org `------------------------------' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Sep 25 9:55: 3 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id E416337B42C; Mon, 25 Sep 2000 09:55:00 -0700 (PDT) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id JAA87041; Mon, 25 Sep 2000 09:55:00 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Mon, 25 Sep 2000 09:55:00 -0700 (PDT) From: Kris Kennaway To: "S. David Pullara" Cc: freebsd-security@FreeBSD.ORG Subject: Re: OpenSSH compiles? In-Reply-To: <14799.26963.869302.229516@yuggoth.warpedspace.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 25 Sep 2000, S. David Pullara wrote: > Warning: Object directory not changed from original /usr/src/contrib/ssh/lib > cc -O -pipe -I/usr/src/contrib/ssh/lib/.. -c /usr/src/contrib/ssh/lib/../authfd.c -o authfd.o ^^^^^^^^^^^^^^^^^^^^ That's not where OpenSSH lives on FreeBSD. What are you trying to do? If you're on 4.0 or later, just use the version in /usr/src/crypto built by make world, if not then just copy all of /usr/src/crypto/openss[hl] and /usr/src/secure from a 4.1-stable system and use that. OpenSSH 2.2.0 is in -current. Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Sep 25 10:27: 5 2000 Delivered-To: freebsd-security@freebsd.org Received: from mgw1.MEIway.com (mgw1.meiway.com [212.73.210.75]) by hub.freebsd.org (Postfix) with ESMTP id 3CDFA37B43C for ; Mon, 25 Sep 2000 10:27:04 -0700 (PDT) Received: from mail.Go2France.com (ms1.meiway.com [212.73.210.73]) by mgw1.MEIway.com (Postfix Relay Hub) with ESMTP id 501396A909 for ; Mon, 25 Sep 2000 19:27:02 +0200 (CEST) Received: from sv.Go2France.com [212.73.210.79] by mail.Go2France.com with ESMTP (SMTPD32-6.04) id ABC86E120086; Mon, 25 Sep 2000 19:30:48 +0200 Message-Id: <5.0.0.25.0.20000925192642.073b8eb0@mail.Go2France.com> X-Sender: lconrad%Go2France.com@mail.Go2France.com X-Mailer: QUALCOMM Windows Eudora Version 5.0 Date: Mon, 25 Sep 2000 19:27:35 +0200 To: freebsd-security@freebsd.org From: Len Conrad Subject: IPsec cleints for Win32? Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org We'll be building VPN with FreeBSD + KAME as the central VPN server. Beside F-Secure.com's product, anybody know of/used other IPsec clients for Win32? Thanks, Len http://BIND8NT.MEIway.com: ISC BIND 8.2.2 p5 installable binary for NT4 http://IMGate.MEIway.com: Build free, hi-perf, anti-spam mail gateways To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Sep 25 11: 0:56 2000 Delivered-To: freebsd-security@freebsd.org Received: from smtp1.sentex.ca (smtp1.sentex.ca [199.212.134.4]) by hub.freebsd.org (Postfix) with ESMTP id 1D77837B43E for ; Mon, 25 Sep 2000 11:00:22 -0700 (PDT) Received: from simoeon.sentex.net (simeon.sentex.ca [209.112.4.47]) by smtp1.sentex.ca (8.11.0/8.11.0) with ESMTP id e8PHxvK66288; Mon, 25 Sep 2000 13:59:57 -0400 (EDT) Message-Id: <5.0.0.25.0.20000925135315.0547b470@marble.sentex.ca> X-Sender: mdtpop@marble.sentex.ca X-Mailer: QUALCOMM Windows Eudora Version 5.0 Date: Mon, 25 Sep 2000 13:54:47 -0400 To: Len Conrad , freebsd-security@FreeBSD.ORG From: Mike Tancsa Subject: Re: IPsec cleints for Win32? In-Reply-To: <5.0.0.25.0.20000925192642.073b8eb0@mail.Go2France.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 07:27 PM 9/25/00 +0200, Len Conrad wrote: >We'll be building VPN with FreeBSD + KAME as the central VPN server. > >Beside F-Secure.com's product, anybody know of/used other IPsec clients >for Win32? Have a search through comp.dcom.vpn, as there are a few client stacks discussed there. Some certainly seem to have more reported problems than others. ---Mike ------------------------------------------------------------------------ Mike Tancsa, tel +1 519 651 3400 Sentex Communications mike@sentex.net Cambridge, Ontario Canada www.sentex.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Sep 25 11:23:52 2000 Delivered-To: freebsd-security@freebsd.org Received: from mgw1.MEIway.com (mgw1.meiway.com [212.73.210.75]) by hub.freebsd.org (Postfix) with ESMTP id 1DD3D37B42C for ; Mon, 25 Sep 2000 11:23:37 -0700 (PDT) Received: from mail.Go2France.com (ms1.meiway.com [212.73.210.73]) by mgw1.MEIway.com (Postfix Relay Hub) with ESMTP id 0C3346A903 for ; Mon, 25 Sep 2000 20:23:36 +0200 (CEST) Received: from sv.Go2France.com [212.73.210.79] by mail.Go2France.com with ESMTP (SMTPD32-6.04) id A9097CAF0086; Mon, 25 Sep 2000 20:27:21 +0200 Message-Id: <5.0.0.25.0.20000925201825.040ad900@mail.Go2France.com> X-Sender: lconrad%Go2France.com@mail.Go2France.com X-Mailer: QUALCOMM Windows Eudora Version 5.0 Date: Mon, 25 Sep 2000 20:24:00 +0200 To: From: Len Conrad Subject: Re: IPsec cleints for Win32? In-Reply-To: <027001c0271c$35796690$fd01a8c0@pacbell.net> References: <5.0.0.25.0.20000925192642.073b8eb0@mail.Go2France.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org John, >Windows 2000 has IPSec support natively. The project is our FreeBSD + KAME IPsec + PowerCrypt (or equivalent) on the central site, and 150 roaming portables we are bidding on. I've seen much enthusiasm for Win2K Pro on portables due to much improved stability, IR, USB, so maybe you've got a great suggestion there. Just W2K alone rather than Win98 ME + F-Secure. MS is a VPNc.org member, so I'll try to find out if W2K IPsec talks to VPNc's OpenBSD/KAME reference platform, fwiw. thanks, Len To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Sep 25 11:38:26 2000 Delivered-To: freebsd-security@freebsd.org Received: from hal9000.bsdonline.org (ffaxvawx3-4-047.cox.rr.com [24.168.203.47]) by hub.freebsd.org (Postfix) with ESMTP id 9503837B424 for ; Mon, 25 Sep 2000 11:38:18 -0700 (PDT) Received: by hal9000.bsdonline.org (Postfix, from userid 1001) id F30921F43; Mon, 25 Sep 2000 14:38:07 -0400 (EDT) Date: Mon, 25 Sep 2000 14:38:07 -0400 From: Andrew J Caines To: "'freebsd-security@freebsd.org'" Cc: Nessus list Subject: Re: Penetration testing question.... Message-ID: <20000925143807.A401@hal9000.bsdonline.org> Reply-To: Andrew J Caines Mail-Followup-To: "'freebsd-security@freebsd.org'" , Nessus list References: <00BF97DD9F3FD311AB860060084E50DD311C71@exchange.xpert.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <00BF97DD9F3FD311AB860060084E50DD311C71@exchange.xpert.com>; from Yonatan@xpert.com on Mon, Sep 25, 2000 at 10:05:16AM +0300 Organization: H.A.L. Plant X-Powered-by: FreeBSD 4.1-STABLE Importance: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Yonatan Bokovza suggested... > /usr/ports/security/nessus* is a good general-purpose security scanner. I'll second that. Nessus is a great network vulnerability testing suite. It's well designed, produces good reports and, most importantly, the modular vulnerability tests are kept well up-to-date. See http://www.nessus.org/ for details. nb. www.nessus.com is the developers' new commercial organisation for providing paid support. They alway have been and still are very responsive to questions and issues on the mailing lists. While the ports can help you get started, you'll want to keep up with the vulnerability tests, aka. "Nessus Plugins". There is more than one way to do this, but getting Nessus by CVS is my preferred method. See the web site for details. I have a simple script to automate the process. Let me know if you're interested. -Andrew- -- _______________________________________________________________________ | -Andrew J. Caines- Unix Systems Engineer A.J.Caines@altavista.net | To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Sep 25 16: 1:28 2000 Delivered-To: freebsd-security@freebsd.org Received: from lynx.aba.net.au (lynx.esec.com.au [203.21.84.1]) by hub.freebsd.org (Postfix) with SMTP id 2CD4237B43C for ; Mon, 25 Sep 2000 16:01:16 -0700 (PDT) Received: (qmail 29131 invoked from network); 25 Sep 2000 23:01:12 -0000 Received: from swun.esec.com.au (HELO eSec.com.au) (203.21.85.207) by lynx.esec.com.au with SMTP; 25 Sep 2000 23:01:12 -0000 Message-ID: <39CFDB60.A69A3F49@eSec.com.au> Date: Tue, 26 Sep 2000 10:10:24 +1100 From: Sam Wun Organization: eSec X-Mailer: Mozilla 4.74 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 Cc: "'freebsd-security@freebsd.org'" Subject: IPsec block my ssh remote login. References: <00BF97DD9F3FD311AB860060084E50DD311C71@exchange.xpert.com> <20000925143807.A401@hal9000.bsdonline.org> Content-Type: text/plain; charset=gb2312 Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, I have just configured my 4.1 kernel with IPSEC enabled. After executed setkey, it blocks all my network traffic accessing between my client and server machines. I can't even use ssh remote login. Then I used Tcpdump to listen on one of the NIC which is dedicated for the network connection between my client and server machine. I can see ESP packet going thru when I am runniing ssh logging in to my client machine, but ssh seems waiting forever for the reply from my client machine. How can I get some sort of packet go thru with IPSEC protected? Thanks Sam. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Sep 25 17:37:40 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 0D97737B43C; Mon, 25 Sep 2000 17:37:38 -0700 (PDT) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id RAA52592; Mon, 25 Sep 2000 17:37:38 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Mon, 25 Sep 2000 17:37:37 -0700 (PDT) From: Kris Kennaway To: Sam Wun Cc: "'freebsd-security@freebsd.org'" Subject: Re: IPsec block my ssh remote login. In-Reply-To: <39CFDB60.A69A3F49@eSec.com.au> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 26 Sep 2000, Sam Wun wrote: > I have just configured my 4.1 kernel with IPSEC enabled. > After executed setkey, it blocks all my network traffic accessing between my > client and server machines. > I can't even use ssh remote login. Then I used Tcpdump to listen on one of > the NIC which is dedicated for the network connection between my client and > server machine. I can see ESP packet going thru when I am runniing ssh > logging in to my client machine, but ssh seems waiting forever for the reply > from my client machine. > > How can I get some sort of packet go thru with IPSEC protected? Just configuring it in your kernel shouldn't block incoming packets (or change the behaviour of the system at all, in fact) - you need to configure the appropriate IPSEC security policies using setkey(8), and the security associations using the same tool (manually keyed SAs) or using the racoon port (IKE). It sounds like you're already sending out ESP packets from your other machine, but haven't configured the 4.1 machine with the corresponding setup. Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Sep 25 18:24:51 2000 Delivered-To: freebsd-security@freebsd.org Received: from lynx.aba.net.au (lynx.esec.com.au [203.21.84.1]) by hub.freebsd.org (Postfix) with SMTP id EBBDB37B42C for ; Mon, 25 Sep 2000 18:24:38 -0700 (PDT) Received: (qmail 31172 invoked from network); 26 Sep 2000 01:24:36 -0000 Received: from swun.esec.com.au (HELO eSec.com.au) (203.21.85.207) by lynx.esec.com.au with SMTP; 26 Sep 2000 01:24:35 -0000 Message-ID: <39CFFCFD.25452959@eSec.com.au> Date: Tue, 26 Sep 2000 12:33:49 +1100 From: Sam Wun Organization: eSec X-Mailer: Mozilla 4.74 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: Kris Kennaway Cc: "'freebsd-security@freebsd.org'" Subject: Re: IPsec block my ssh remote login. References: Content-Type: text/plain; charset=gb2312 Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Here is the setkey policy I used: setkey -c < On Tue, 26 Sep 2000, Sam Wun wrote: > > > I have just configured my 4.1 kernel with IPSEC enabled. > > After executed setkey, it blocks all my network traffic accessing between my > > client and server machines. > > I can't even use ssh remote login. Then I used Tcpdump to listen on one of > > the NIC which is dedicated for the network connection between my client and > > server machine. I can see ESP packet going thru when I am runniing ssh > > logging in to my client machine, but ssh seems waiting forever for the reply > > from my client machine. > > > > How can I get some sort of packet go thru with IPSEC protected? > > Just configuring it in your kernel shouldn't block incoming packets (or > change the behaviour of the system at all, in fact) - you need to > configure the appropriate IPSEC security policies using setkey(8), and the > security associations using the same tool (manually keyed SAs) or using > the racoon port (IKE). > > It sounds like you're already sending out ESP packets from your other > machine, but haven't configured the 4.1 machine with the corresponding > setup. > > Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Sep 25 18:45:58 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id ED73B37B424; Mon, 25 Sep 2000 18:45:49 -0700 (PDT) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id SAA78505; Mon, 25 Sep 2000 18:45:49 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Mon, 25 Sep 2000 18:45:49 -0700 (PDT) From: Kris Kennaway To: Sam Wun Cc: "'freebsd-security@freebsd.org'" Subject: Re: IPsec block my ssh remote login. In-Reply-To: <39CFFCFD.25452959@eSec.com.au> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 26 Sep 2000, Sam Wun wrote: > Here is the setkey policy I used: > > setkey -c < add 172.16.1.1 172.16.1.2 esp 9876 -E 3des-cbc "hogehogehogehogehogehoge"; > add 172.16.1.2 172.16.1.1 esp 10000 -E 3des-cbc "mogamogamogamogamogamoga"; > spdadd 172.16.1.1 172.16.1.2 any -P out ipsec esp/transport//use; I believe you also need a spd entry which matches the incoming packets i.e. coming in from 172.16.1.2 to 172.16.1.1 spdadd 172.16.1.2 172.16.1.1 any -P in ipsec esp/transport//use; This says to apply the esp/transport//use transform to packets coming IN from 172.16.1.2 to 172.16.1.1, to go with your other policy which matches packets going OUT from 172.16.1.1 to 172.16.1.2. You may also find it beneficial to use racoon (/usr/ports/security/racoon) to manage the security associations instead of manually keying them with 'add' entries (plus you'll get more random keys, periodic rekeying, etc). Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Sep 25 19: 3:29 2000 Delivered-To: freebsd-security@freebsd.org Received: from lynx.aba.net.au (lynx.esec.com.au [203.21.84.1]) by hub.freebsd.org (Postfix) with SMTP id 8491837B424 for ; Mon, 25 Sep 2000 19:03:21 -0700 (PDT) Received: (qmail 23106 invoked from network); 26 Sep 2000 02:03:16 -0000 Received: from swun.esec.com.au (HELO eSec.com.au) (203.21.85.207) by lynx.esec.com.au with SMTP; 26 Sep 2000 02:03:16 -0000 Message-ID: <39D0060C.230D7658@eSec.com.au> Date: Tue, 26 Sep 2000 13:12:28 +1100 From: Sam Wun Organization: eSec X-Mailer: Mozilla 4.74 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: Kris Kennaway Cc: "'freebsd-security@freebsd.org'" Subject: Re: IPsec block my ssh remote login. References: Content-Type: text/plain; charset=gb2312 Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This makes much more sense now. Thanks Another question is, do I need to setup ipsec in rc.conf file like ipfilter just for convinently setting the IPSEC up when the machine in the booting stage? If so, I will need to modify the rc.network to reflect the change? Thanks Sam. Kris Kennaway wrote: > On Tue, 26 Sep 2000, Sam Wun wrote: > > > Here is the setkey policy I used: > > > > setkey -c < > add 172.16.1.1 172.16.1.2 esp 9876 -E 3des-cbc "hogehogehogehogehogehoge"; > > add 172.16.1.2 172.16.1.1 esp 10000 -E 3des-cbc "mogamogamogamogamogamoga"; > > spdadd 172.16.1.1 172.16.1.2 any -P out ipsec esp/transport//use; > > I believe you also need a spd entry which matches the incoming packets > i.e. coming in from 172.16.1.2 to 172.16.1.1 > > spdadd 172.16.1.2 172.16.1.1 any -P in ipsec esp/transport//use; > > This says to apply the esp/transport//use transform to packets coming IN > from 172.16.1.2 to 172.16.1.1, to go with your other policy which matches > packets going OUT from 172.16.1.1 to 172.16.1.2. > > You may also find it beneficial to use racoon (/usr/ports/security/racoon) > to manage the security associations instead of manually keying them with > 'add' entries (plus you'll get more random keys, periodic rekeying, etc). > > Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Sep 25 19:11:48 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id D65DB37B622; Mon, 25 Sep 2000 19:11:05 -0700 (PDT) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id TAA90248; Mon, 25 Sep 2000 19:11:05 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Mon, 25 Sep 2000 19:11:05 -0700 (PDT) From: Kris Kennaway To: Sam Wun Cc: "'freebsd-security@freebsd.org'" Subject: Re: IPsec block my ssh remote login. In-Reply-To: <39D0060C.230D7658@eSec.com.au> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 26 Sep 2000, Sam Wun wrote: > This makes much more sense now. Thanks > Another question is, do I need to setup ipsec in rc.conf file like ipfilter just > for convinently setting the IPSEC up when the machine in the booting stage? If > so, I will need to modify the rc.network to reflect the change? rc.conf includes the option: ipsec_file="/etc/ipsec.conf" # Name of config file for setkey which does the obvious thing. You may also like to enable other rc.conf options. Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Sep 25 19:16:40 2000 Delivered-To: freebsd-security@freebsd.org Received: from lynx.aba.net.au (lynx.esec.com.au [203.21.84.1]) by hub.freebsd.org (Postfix) with SMTP id 5373637B43F for ; Mon, 25 Sep 2000 19:16:32 -0700 (PDT) Received: (qmail 14902 invoked from network); 26 Sep 2000 02:16:30 -0000 Received: from swun.esec.com.au (HELO eSec.com.au) (203.21.85.207) by lynx.esec.com.au with SMTP; 26 Sep 2000 02:16:30 -0000 Message-ID: <39D00927.E28A4D13@eSec.com.au> Date: Tue, 26 Sep 2000 13:25:43 +1100 From: Sam Wun Organization: eSec X-Mailer: Mozilla 4.74 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: Kris Kennaway Cc: "'freebsd-security@freebsd.org'" Subject: Re: IPsec block my ssh remote login. References: Content-Type: text/plain; charset=gb2312 Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org but I can't find ipsec_file when I man rc.conf Besides, what do I need to modify the /etc/rc.network file? Thanks Sam. Kris Kennaway wrote: > On Tue, 26 Sep 2000, Sam Wun wrote: > > > This makes much more sense now. Thanks > > Another question is, do I need to setup ipsec in rc.conf file like ipfilter just > > for convinently setting the IPSEC up when the machine in the booting stage? If > > so, I will need to modify the rc.network to reflect the change? > > rc.conf includes the option: > > ipsec_file="/etc/ipsec.conf" # Name of config file for setkey > > which does the obvious thing. You may also like to enable other rc.conf > options. > > Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Sep 25 19:19:15 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id D093837B43E; Mon, 25 Sep 2000 19:19:13 -0700 (PDT) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id TAA94019; Mon, 25 Sep 2000 19:19:13 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Mon, 25 Sep 2000 19:19:13 -0700 (PDT) From: Kris Kennaway To: Sam Wun Cc: "'freebsd-security@freebsd.org'" Subject: Re: IPsec block my ssh remote login. In-Reply-To: <39D00927.E28A4D13@eSec.com.au> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 26 Sep 2000, Sam Wun wrote: > but I can't find ipsec_file when I man rc.conf It should be present in modern versions of FreeBSD..remember, the default file (which you don't edit) lives in /etc/defaults - you just add your local changes to /etc/rc.conf, which supercedes the defaults in /etc/defaults/rc.conf > Besides, what do I need to modify the /etc/rc.network file? You don't. Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Sep 25 19:25:31 2000 Delivered-To: freebsd-security@freebsd.org Received: from lynx.aba.net.au (lynx.esec.com.au [203.21.84.1]) by hub.freebsd.org (Postfix) with SMTP id 6C81837B42C for ; Mon, 25 Sep 2000 19:25:18 -0700 (PDT) Received: (qmail 23621 invoked from network); 26 Sep 2000 02:25:16 -0000 Received: from swun.esec.com.au (HELO eSec.com.au) (203.21.85.207) by lynx.esec.com.au with SMTP; 26 Sep 2000 02:25:16 -0000 Message-ID: <39D00B35.FED62EAC@eSec.com.au> Date: Tue, 26 Sep 2000 13:34:29 +1100 From: Sam Wun Organization: eSec X-Mailer: Mozilla 4.74 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: Kris Kennaway Cc: "'freebsd-security@freebsd.org'" Subject: Re: IPsec block my ssh remote login. References: Content-Type: text/plain; charset=gb2312 Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org What version of FreeBSD are you running? I am using 4.1 stable: troot@fastline /etc/defaults # uname -a FreeBSD fastline.rock.com 4.1-STABLE FreeBSD 4.1-STABLE #0: Sun Sep 24 18:10:37 EST 2000 troot@fastline.rock.com:/usr/obj/usr/src/sys/FASTLINE i386 The /etc/defaults/re.conf has the cvs version: # $FreeBSD: src/etc/defaults/rc.conf,v 1.53 2000/03/12 20:35:54 shin Exp $ Thanks Sam. Kris Kennaway wrote: > On Tue, 26 Sep 2000, Sam Wun wrote: > > > but I can't find ipsec_file when I man rc.conf > > It should be present in modern versions of FreeBSD..remember, the default > file (which you don't edit) lives in /etc/defaults - you just add your > local changes to /etc/rc.conf, which supercedes the defaults in > /etc/defaults/rc.conf > > > Besides, what do I need to modify the /etc/rc.network file? > > You don't. > > Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Sep 25 19:28:52 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 4138737B422; Mon, 25 Sep 2000 19:28:50 -0700 (PDT) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id TAA99146; Mon, 25 Sep 2000 19:28:50 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Mon, 25 Sep 2000 19:28:49 -0700 (PDT) From: Kris Kennaway To: Sam Wun Cc: "'freebsd-security@freebsd.org'" Subject: Re: IPsec block my ssh remote login. In-Reply-To: <39D00B35.FED62EAC@eSec.com.au> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 26 Sep 2000, Sam Wun wrote: > What version of FreeBSD are you running? I am using 4.1 stable: > troot@fastline /etc/defaults # uname -a > FreeBSD fastline.rock.com 4.1-STABLE FreeBSD 4.1-STABLE #0: Sun Sep 24 > 18:10:37 EST 2000 troot@fastline.rock.com:/usr/obj/usr/src/sys/FASTLINE > i386 > > The /etc/defaults/re.conf has the cvs version: > # $FreeBSD: src/etc/defaults/rc.conf,v 1.53 2000/03/12 20:35:54 shin Exp $ Your /etc is out of date - run mergemaster. 4.1-R came with 1.53.2.6 Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Sep 25 19:29:28 2000 Delivered-To: freebsd-security@freebsd.org Received: from fyre.somcol.co.za (fyre.somcol.co.za [196.30.167.130]) by hub.freebsd.org (Postfix) with ESMTP id 413E537B43C; Mon, 25 Sep 2000 19:29:13 -0700 (PDT) Received: from localhost (jus@localhost) by fyre.somcol.co.za (8.9.3/8.9.3) with ESMTP id EAA45273; Tue, 26 Sep 2000 04:28:53 +0200 (SAST) (envelope-from jus@security.za.net) X-Authentication-Warning: fyre.somcol.co.za: jus owned process doing -bs Date: Tue, 26 Sep 2000 04:28:53 +0200 (SAST) From: Justin Stanford X-Sender: jus@fyre.somcol.co.za To: Sam Wun Cc: Kris Kennaway , "'freebsd-security@freebsd.org'" Subject: Re: IPsec block my ssh remote login. In-Reply-To: <39D00B35.FED62EAC@eSec.com.au> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Why don't you two get a room? *grin* On Tue, 26 Sep 2000, Sam Wun wrote: > What version of FreeBSD are you running? I am using 4.1 stable: > troot@fastline /etc/defaults # uname -a > FreeBSD fastline.rock.com 4.1-STABLE FreeBSD 4.1-STABLE #0: Sun Sep 24 > 18:10:37 EST 2000 troot@fastline.rock.com:/usr/obj/usr/src/sys/FASTLINE > i386 > > The /etc/defaults/re.conf has the cvs version: > # $FreeBSD: src/etc/defaults/rc.conf,v 1.53 2000/03/12 20:35:54 shin Exp $ > > Thanks > Sam. > > Kris Kennaway wrote: > > > On Tue, 26 Sep 2000, Sam Wun wrote: > > > > > but I can't find ipsec_file when I man rc.conf > > > > It should be present in modern versions of FreeBSD..remember, the default > > file (which you don't edit) lives in /etc/defaults - you just add your > > local changes to /etc/rc.conf, which supercedes the defaults in > > /etc/defaults/rc.conf > > > > > Besides, what do I need to modify the /etc/rc.network file? > > > > You don't. > > > > Kris > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Sep 25 21:44:41 2000 Delivered-To: freebsd-security@freebsd.org Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82]) by hub.freebsd.org (Postfix) with ESMTP id 3424437B424; Mon, 25 Sep 2000 21:44:34 -0700 (PDT) Received: from 149.211.6.64.reflexcom.com ([64.6.211.149]) by mailhost01.reflexnet.net with Microsoft SMTPSVC(5.5.1877.197.19); Mon, 25 Sep 2000 21:43:13 -0700 Received: (from cjc@localhost) by 149.211.6.64.reflexcom.com (8.11.0/8.11.0) id e8Q4iLw69493; Mon, 25 Sep 2000 21:44:21 -0700 (PDT) (envelope-from cjc) Date: Mon, 25 Sep 2000 21:44:20 -0700 From: "Crist J . Clark" To: "Brian F. Feldman" Cc: Scot Elliott , CrazZzy Slash , Ali Alaoui El Hassani <961BE653994@stud.alakhawayn.ma>, freebsd-security@FreeBSD.ORG, Peter Pentchev Subject: Re: Encryption over IP Message-ID: <20000925214420.J59015@149.211.6.64.reflexcom.com> Reply-To: cjclark@alum.mit.edu References: <200009251644.e8PGim554314@green.dyndns.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <200009251644.e8PGim554314@green.dyndns.org>; from green@FreeBSD.ORG on Mon, Sep 25, 2000 at 12:44:47PM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, Sep 25, 2000 at 12:44:47PM -0400, Brian F. Feldman wrote: > > I'm not sure that's the point. > > > > If you're using SSH to tunnel between two networks, across the public > > Internet then there is a chance of your encrypted datastream being > > intercepted and analysed. If there's a large amount of data then the > > chance of the key being found and therefore your unencrypted data exposed > > - is much higher. > > You still have to know at least some chunks of the plaintext to do that. > You simply _cannot_ brute force any moderately decent algorithm with > reasonable key length. For example, Blowfish (commonly) uses a 160 bit key. > To do 2^160 operations of anything in a reasonable amount of time would be > astounding, much less 2^160 different blowfish encryptions (note that it > takes about 26 operations to encrypt one byte of data; that does not take > into account the very low key agility which is much more significant for > being able to brute-force it). > > There aren't any chosen-plaintext or known-plaintext attacks against it; if > there were, you would still have to push that much data through the tunnel; > even chosen-plaintext attacks against a non-trivial algorithm require a huge > amount of data to be encrypted. In other words, don't worry about it. As the saying goes, if the encryption is the weakest part of your security scheme, you've got the most secure scheme in the world[0]. However, when using SSH to tunnel another protocol, it is quite possible that blocks of data that could be guessed and are repeated frequently in the output, something like a TCP header. That said, I confess that I have not examined how SSH uses fill to do its block encryptions. If it is sending each keystroke to the target machine, for example, you need to pad the data to send it. Now that I think about it I am not sure how it even deals with the block encryptions. (Dammit, now I am going to have to go find out.) Adding a timeout (or perhaps counting the bytes transfered) to generate a new key does not sound like it would be exceedingly difficult. All of the code to do it is already there. The tricky part will be designing the negotiations so that client and server can agree on a time for new keys and maintaining back-compatibility. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Sep 25 23:37: 6 2000 Delivered-To: freebsd-security@freebsd.org Received: from starfruit.itojun.org (ny-ppp017.iij-us.net [216.98.99.17]) by hub.freebsd.org (Postfix) with ESMTP id 9347B37B422; Mon, 25 Sep 2000 23:37:00 -0700 (PDT) Received: from kiwi.itojun.org (localhost [127.0.0.1]) by starfruit.itojun.org (8.11.0/8.11.0) with ESMTP id e8Q6ZMK18900; Tue, 26 Sep 2000 15:35:24 +0900 (JST) Message-Id: <200009260635.e8Q6ZMK18900@ starfruit.itojun.org> To: Kris Kennaway Cc: Sam Wun , "'freebsd-security@freebsd.org'" In-reply-to: kris's message of Mon, 25 Sep 2000 18:45:49 MST. X-Template-Reply-To: itojun@itojun.org X-Template-Return-Receipt-To: itojun@itojun.org X-PGP-Fingerprint: F8 24 B4 2C 8C 98 57 FD 90 5F B4 60 79 54 16 E2 Subject: Re: IPsec block my ssh remote login. From: Jun-ichiro itojun Hagino Date: Tue, 26 Sep 2000 15:35:22 +0900 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >> Here is the setkey policy I used: >> setkey -c <> add 172.16.1.1 172.16.1.2 esp 9876 -E 3des-cbc "hogehogehogehogehogehoge"; >> add 172.16.1.2 172.16.1.1 esp 10000 -E 3des-cbc "mogamogamogamogamogamoga"; >> spdadd 172.16.1.1 172.16.1.2 any -P out ipsec esp/transport//use; >I believe you also need a spd entry which matches the incoming packets >i.e. coming in from 172.16.1.2 to 172.16.1.1 >spdadd 172.16.1.2 172.16.1.1 any -P in ipsec esp/transport//use; >This says to apply the esp/transport//use transform to packets coming IN >from 172.16.1.2 to 172.16.1.1, to go with your other policy which matches >packets going OUT from 172.16.1.1 to 172.16.1.2. actually, inbound policy is not required. If you get an encrypted traffic and you have a matching IPsec SA (key) for them, that will be used to decrypt the traffic. what inbound policy does is to reject, or accept, based on how the traffic was encrypted. For example, if you have the following: >spdadd 172.16.1.2 172.16.1.1 any -P in ipsec esp/transport//require; 172.16.1.1 will accept traffic from 172.16.1.2, only if the traffic was encrypted. with the following, >spdadd 172.16.1.2 172.16.1.1 any -P in ipsec esp/transport//use; 172.16.1.1 will accept traffic from 172.16.1.2, if the traffic was encrypted, or if the traffic was not encrypted (= doesn't care). >You may also find it beneficial to use racoon (/usr/ports/security/racoon) >to manage the security associations instead of manually keying them with >'add' entries (plus you'll get more random keys, periodic rekeying, etc). if you would like to use racoon (or isakmpd) to negotiate IPsec SAs (keys) and would like to really secure the traffic, I would suggest the use of the following policy ("require" instead "use"): >spdadd 172.16.1.1 172.16.1.2 any -P out ipsec esp/transport//require; >spdadd 172.16.1.2 172.16.1.1 any -P in ipsec esp/transport//require; outbound "use" policy means that we can emit unencrypted traffic out to the wire, until key neogiation is finished, and it may not be desirable behavior. outbound "require" will instruct the node to emit encrypted traffic only. "use" may make sense when encryption is optional, so it depends on your goal which is one more suitable. inbound "require" will reject unencrypted incoming traffic, and requires the peer (172.16.1.2) to emit encrypted traffic to the node (172.16.1.1). itojun To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Sep 26 3:12:20 2000 Delivered-To: freebsd-security@freebsd.org Received: from elde.org (elde.org [195.204.143.185]) by hub.freebsd.org (Postfix) with ESMTP id 5E49337B42C; Tue, 26 Sep 2000 03:10:10 -0700 (PDT) Received: by elde.org (Postfix, from userid 1002) id A0FA65EF56; Tue, 26 Sep 2000 12:10:03 +0200 (CEST) Date: Tue, 26 Sep 2000 12:10:03 +0200 From: Terje Elde To: "Brian F. Feldman" Cc: Scot Elliott , CrazZzy Slash , Ali Alaoui El Hassani <961BE653994@stud.alakhawayn.ma>, freebsd-security@FreeBSD.ORG, Peter Pentchev Subject: Re: Encryption over IP Message-ID: <20000926121003.G43065@dlt.follo.net> References: <200009251644.e8PGim554314@green.dyndns.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200009251644.e8PGim554314@green.dyndns.org>; from green@FreeBSD.ORG on Mon, Sep 25, 2000 at 12:44:47PM -0400 X-Mailer: Mutt http://www.mutt.org/ X-Editor: Vim http://www.vim.org/ X-IRC: ircii!epic4-2000 - prevail[1214] X-Goal: Exterminate All Rational Thought Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 * Brian F. Feldman (green@FreeBSD.ORG) [000925 18:47]: > > I'm not sure that's the point. > > > > If you're using SSH to tunnel between two networks, across the public > > Internet then there is a chance of your encrypted datastream being > > intercepted and analysed. If there's a large amount of data then the > > chance of the key being found and therefore your unencrypted data exposed > > - is much higher. > > You still have to know at least some chunks of the plaintext to do that. > You simply _cannot_ brute force any moderately decent algorithm with > reasonable key length. For example, Blowfish (commonly) uses a 160 bit key. > To do 2^160 operations of anything in a reasonable amount of time would be > astounding, much less 2^160 different blowfish encryptions (note that it > takes about 26 operations to encrypt one byte of data; that does not take > into account the very low key agility which is much more significant for > being able to brute-force it). First of all, blowfish is most commonly used with a 128 bit key, not a 160 bit one. > There aren't any chosen-plaintext or known-plaintext attacks against it; if > there were, you would still have to push that much data through the tunnel; > even chosen-plaintext attacks against a non-trivial algorithm require a huge > amount of data to be encrypted. In other words, don't worry about it. The point of re-keying isn't to avoid known plaintext or chosen plaintext attacks. The point is to help improve the situation should any component be broken. This includes the algorithm which might be vulnerable to unknown attacks, the PRNG might have made a bad judgement about it's entropy pool and given you a bad key once. Security isn't just about protecting from what you know are weaknesses in a system. Security is about protecting from anything, including what you don't know about. In my opinion re-keying is one step which will ease things quite considerably should anything break. It won't prevent most attacks, but it will help minimise the impact. Let's take an example. I'm running a system with a bad PRNG. It takes it's input from hashing incoming IP packets (or whatever). This allows you to control it, and because the mixing part isn't well designed either you manage to take control over the whole thing. I then start a ssh session, which will live on forever and feed data to this box from a remote one. Because you've broken my PRNG you manage to get the key. If you don't re-key you'll be able to read the data on the connection forever. With re-keying you'll loose that access with the next re-key after I get entropy not known to you. Terje -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.3 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE50HX48HLgLrwmRg0RAsHwAJ9qyZ8tGdc+vdQMvuTERklnBnTmygCgz8Rv 3wIG4mkUdWPbx79ce+t+Iu4= =lW85 -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Sep 26 3:14:50 2000 Delivered-To: freebsd-security@freebsd.org Received: from elde.org (elde.org [195.204.143.185]) by hub.freebsd.org (Postfix) with ESMTP id A277037B627 for ; Tue, 26 Sep 2000 03:13:09 -0700 (PDT) Received: by elde.org (Postfix, from userid 1002) id E48435EF55; Tue, 26 Sep 2000 12:13:08 +0200 (CEST) Date: Tue, 26 Sep 2000 12:13:08 +0200 From: Terje Elde To: freebsd-security@FreeBSD.ORG Subject: Re: IPsec cleints for Win32? Message-ID: <20000926121308.I43065@dlt.follo.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org * Len Conrad (lconrad@Go2France.com) [000925 19:28]: > We'll be building VPN with FreeBSD + KAME as the central VPN server. > > Beside F-Secure.com's product, anybody know of/used other IPsec > clients for Win32? One of the best known is PGPNet. It talks IPSec but doesn't support static keying, so you'll have to run a IKE daemon (racoon). Terje To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Sep 26 3:22:59 2000 Delivered-To: freebsd-security@freebsd.org Received: from relay.mmbank.ru (Relay.mmbank.ru [212.30.145.235]) by hub.freebsd.org (Postfix) with ESMTP id 618B037B422 for ; Tue, 26 Sep 2000 03:22:56 -0700 (PDT) Received: from secure.main.mmbank.ru ([192.168.253.2]) by relay.mmbank.ru (8.9.3/8.9.3) with SMTP id OAA31981 for ; Tue, 26 Sep 2000 14:22:53 +0400 From: sg@NB.MMBANK.ru Received: from clio.nb.mmbank.ru (CLIO [192.168.123.9]) by corpmail.main.mmbank.ru with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21) id TKVJK7G3; Tue, 26 Sep 2000 14:19:05 +0400 Received: by Clio with Internet Mail Service (5.5.1960.3) id ; Tue, 26 Sep 2000 17:20:34 +0600 Message-ID: <31D9EF75F90DD3118680009027608DF5A8DEF4@Clio> To: freebsd-security@FreeBSD.ORG Subject: Re: IPsec cleints for Win32? Date: Tue, 26 Sep 2000 17:20:33 +0600 X-Mailer: Internet Mail Service (5.5.1960.3) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > We'll be building VPN with FreeBSD + KAME as the central VPN server. > > > > Beside F-Secure.com's product, anybody know of/used other IPsec > > clients for Win32? > > One of the best known is PGPNet. It talks IPSec but doesn't support static > keying, so you'll have to run a IKE daemon (racoon). > [sg] interesting, but who was crypto-tunnel between cisco & freebsd ? ;) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Sep 26 3:28:14 2000 Delivered-To: freebsd-security@freebsd.org Received: from pandora.worldonline.nl (pandora.worldonline.nl [195.241.48.140]) by hub.freebsd.org (Postfix) with ESMTP id EC73437B43E for ; Tue, 26 Sep 2000 03:28:05 -0700 (PDT) Received: from intramail.worldonline.nl. (intramail.worldonline.nl [194.151.129.159]) by pandora.worldonline.nl (Postfix) with ESMTP id 4504E36B9C; Tue, 26 Sep 2000 12:29:22 +0200 (MET DST) Received: (from maikel@localhost) by intramail.worldonline.nl. (8.9.3/8.8.8) id MAA52743; Tue, 26 Sep 2000 12:26:05 +0200 (CEST) (envelope-from maikel) Date: Tue, 26 Sep 2000 12:26:05 +0200 From: Maikel Verheijen To: Terje Elde Cc: freebsd-security@FreeBSD.ORG Subject: Re: IPsec cleints for Win32? Message-ID: <20000926122605.N47967@intramail.worldonline.nl> References: <20000926121308.I43065@dlt.follo.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="XlS4q8O07AKt4+K1" X-Mailer: Mutt 1.0i In-Reply-To: <20000926121308.I43065@dlt.follo.net>; from terje@elde.net on Tue, Sep 26, 2000 at 12:13:08PM +0200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --XlS4q8O07AKt4+K1 Content-Type: text/plain; charset=us-ascii On Tue, Sep 26, 2000 at 12:13:08PM +0200, Terje Elde wrote: > One of the best known is PGPNet. It talks IPSec but doesn't support static > keying, so you'll have to run a IKE daemon (racoon). PGPnet is nice, however I cannot find it on the pgpi server anymore... > Terje Kind regards, Maikel Verheijen. --XlS4q8O07AKt4+K1 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.0i for non-commercial use MessageID: 9NZscWAC1eUjueXJtbp42xX193zza3eT iQA/AwUBOdB5vamWNQ7RrPkAEQIGrwCfXFA0T8aAZ4+neAjPcXqk5/mp8EwAoO+i rMjPYKRBKR6gIRv2hL1GgC2/ =oonA -----END PGP SIGNATURE----- --XlS4q8O07AKt4+K1-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Sep 26 6:49:38 2000 Delivered-To: freebsd-security@freebsd.org Received: from mgw1.MEIway.com (mgw1.meiway.com [212.73.210.75]) by hub.freebsd.org (Postfix) with ESMTP id 09DB037B43E for ; Tue, 26 Sep 2000 06:49:24 -0700 (PDT) Received: from mail.Go2France.com (ms1.meiway.com [212.73.210.73]) by mgw1.MEIway.com (Postfix Relay Hub) with ESMTP id C7D2C6A905 for ; Tue, 26 Sep 2000 15:49:22 +0200 (CEST) Received: from sv.Go2France.com [212.73.210.79] by mail.Go2France.com with ESMTP (SMTPD32-6.04) id AA7E98D60086; Tue, 26 Sep 2000 15:54:06 +0200 Message-Id: <5.0.0.25.0.20000926151714.04817710@mail.Go2France.com> X-Sender: lconrad%Go2France.com@mail.Go2France.com X-Mailer: QUALCOMM Windows Eudora Version 5.0 Date: Tue, 26 Sep 2000 15:49:46 +0200 To: freebsd-security@freebsd.org From: Len Conrad Subject: VPN / IPsec server with Powercrypt Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org We need some guidance knitting together FreeBSD 4.1 + KAME IPsec VPN + Powercrypt board for central VPN gateway. Basically, is it doable? Has anybody done it? or do we just go OpenBSD? While quoting the price, Brian/Powercrypt added this comment: "Regarding FreeBSD: Please note that the driver that we have available is a generic encryption driver. It does not perform IPSec functions. I just want to make sure that I tell you this before you decide to purchase. IPSec is performed in OpenBSD because they created their drivers and incorporated it into the o/s." So, is FreeBSD VPN / IPsec with hw crypto support from the Powercrypt board do-able or not? His reservation seems to suggest maybe not. Len ============================ http://BIND8NT.MEIway.com: ISC BIND 8.2.2 p5 installable binary for NT4 http://IMGate.MEIway.com: Build free, hi-perf, anti-spam mail gateways To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Sep 26 7: 4:33 2000 Delivered-To: freebsd-security@freebsd.org Received: from bsdie.rwsystems.net (bsdie.rwsystems.net [209.197.223.2]) by hub.freebsd.org (Postfix) with ESMTP id EB42737B42C for ; Tue, 26 Sep 2000 07:04:30 -0700 (PDT) Received: from bsdie.rwsystems.net([209.197.223.2]) (2249 bytes) by bsdie.rwsystems.net via sendmail with P:esmtp/R:bind_hosts/T:inet_zone_bind_smtp (sender: ) id for ; Tue, 26 Sep 2000 08:57:44 -0500 (CDT) (Smail-3.2.0.111 2000-Feb-17 #1 built 2000-Jun-25) Date: Tue, 26 Sep 2000 08:57:42 -0500 (CDT) From: James Wyatt To: Terje Elde Cc: freebsd-security@FreeBSD.ORG Subject: Re: Encryption over IP In-Reply-To: <20000926121003.G43065@dlt.follo.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > The point of re-keying isn't to avoid known plaintext or chosen plaintext > attacks. The point is to help improve the situation should any component be > broken. This includes the algorithm which might be vulnerable to unknown > attacks, the PRNG might have made a bad judgement about it's entropy pool and > given you a bad key once. [ ... ] > Let's take an example. I'm running a system with a bad PRNG. It takes it's > input from hashing incoming IP packets (or whatever). This allows you to > control it, and because the mixing part isn't well designed either you manage > to take control over the whole thing. I then start a ssh session, which will > live on forever and feed data to this box from a remote one. Because you've > broken my PRNG you manage to get the key. If you don't re-key you'll be able to > read the data on the connection forever. With re-keying you'll loose that > access with the next re-key after I get entropy not known to you. But if "you can control [the PRNG]", don't you know it later? If you can only guess it once in a while, wouldn't rekeying give an attacking party more chances to try getting the key? Also: What happens when your PRNG runs-out of entropy? If ssh stops or prevents login or rekeying, then you can have an outage and might not have the entropy to gen a key on login. If it doesn't, then couldn't an attacker replace or modify your PRNG to generate a fixed pattern? They might never need direct access to your host again. Is there anything out there to ensure my PRNG is up to snuff or monitor it for BB or Spong? Is there any way I could graph the entropy pool with MRTG? I didn't see many hints in the egd doc. Should I care? - Jy@ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Sep 26 7:21:18 2000 Delivered-To: freebsd-security@freebsd.org Received: from elde.org (elde.org [195.204.143.185]) by hub.freebsd.org (Postfix) with ESMTP id 988B937B422 for ; Tue, 26 Sep 2000 07:21:08 -0700 (PDT) Received: by elde.org (Postfix, from userid 1002) id BCC455F2C6; Tue, 26 Sep 2000 16:21:03 +0200 (CEST) Date: Tue, 26 Sep 2000 16:21:03 +0200 From: Terje Elde To: James Wyatt Cc: freebsd-security@FreeBSD.ORG Subject: Re: Encryption over IP Message-ID: <20000926162102.A55111@dlt.follo.net> References: <20000926121003.G43065@dlt.follo.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from jwyatt@rwsystems.net on Tue, Sep 26, 2000 at 08:57:42AM -0500 X-Mailer: Mutt http://www.mutt.org/ X-Editor: Vim http://www.vim.org/ X-IRC: ircii!epic4-2000 - prevail[1214] X-Goal: Exterminate All Rational Thought Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 * James Wyatt (jwyatt@rwsystems.net) [000926 16:05]: > > The point of re-keying isn't to avoid known plaintext or chosen plaintext > > attacks. The point is to help improve the situation should any component be > > broken. This includes the algorithm which might be vulnerable to unknown > > attacks, the PRNG might have made a bad judgement about it's entropy pool and > > given you a bad key once. > [ ... ] > > Let's take an example. I'm running a system with a bad PRNG. It takes it's > > input from hashing incoming IP packets (or whatever). This allows you to > > control it, and because the mixing part isn't well designed either you manage > > to take control over the whole thing. I then start a ssh session, which will > > live on forever and feed data to this box from a remote one. Because you've > > broken my PRNG you manage to get the key. If you don't re-key you'll be able to > > read the data on the connection forever. With re-keying you'll loose that > > access with the next re-key after I get entropy not known to you. > > But if "you can control [the PRNG]", don't you know it later? If you can > only guess it once in a while, wouldn't rekeying give an attacking party > more chances to try getting the key? It I get entropy into the pool without you knowing then you no longer control it. You're somewhat right on the second issue though. It all boils down to everything being a tradeoff. If someone can break my PRNG then I for one would feel more comfortable rekeying as that will give you the ability to drop a bad key. Sure, the risk is there that the attack starts after the initial key is made and thus you allow the attacker to get a key he otherwise would not be able to get. If you cannot know if you key have been taken or not, would you rather bet the security of your entire communication on the first key being good, or would you split things up to minimise the impact of an attack? Also, there are other issues besides the effects of key compromise. The more ciphertext you have to work with the better the chances are that the attack will work in the first place for example. > Also: What happens when your PRNG runs-out of entropy? If ssh stops or > prevents login or rekeying, then you can have an outage and might not have > the entropy to gen a key on login. If it doesn't, then couldn't an > attacker replace or modify your PRNG to generate a fixed pattern? They > might never need direct access to your host again. You should never run out of entropy on a good system. If you do, then that should not be a problem for a running session, as the running session should simply keep using the old key until the new one is ready to use. If an attacker is able to replace or modify your PRNG, then you've got bigger problems anyway, as that requires root. > Is there anything out there to ensure my PRNG is up to snuff or monitor it > for BB or Spong? Is there any way I could graph the entropy pool with > MRTG? I didn't see many hints in the egd doc. Should I care? - Jy@ The simple answer is that you probably don't have to care, others will do it for you. If this is something that interests you then learning more is a good choice. Terje -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.3 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE50LDM8HLgLrwmRg0RAuXgAJ4vnfWLOSTllGhpMS5ud0bTKiuajQCeO+cB N6PGoqYvK7oV8C6aYgCE51s= =yZnb -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Sep 26 7:24:52 2000 Delivered-To: freebsd-security@freebsd.org Received: from elde.org (elde.org [195.204.143.185]) by hub.freebsd.org (Postfix) with ESMTP id 4707337B42C for ; Tue, 26 Sep 2000 07:24:45 -0700 (PDT) Received: by elde.org (Postfix, from userid 1002) id 663B75F2C6; Tue, 26 Sep 2000 16:24:44 +0200 (CEST) Date: Tue, 26 Sep 2000 16:24:44 +0200 From: Terje Elde To: sg@NB.MMBANK.ru Cc: freebsd-security@FreeBSD.ORG Subject: Re: IPsec cleints for Win32? Message-ID: <20000926162444.B55111@dlt.follo.net> References: <31D9EF75F90DD3118680009027608DF5A8DEF4@Clio> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <31D9EF75F90DD3118680009027608DF5A8DEF4@Clio>; from sg@NB.MMBANK.ru on Tue, Sep 26, 2000 at 05:20:33PM +0600 X-Mailer: Mutt http://www.mutt.org/ X-Editor: Vim http://www.vim.org/ X-IRC: ircii!epic4-2000 - prevail[1214] X-Goal: Exterminate All Rational Thought Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org * sg@NB.MMBANK.ru (sg@NB.MMBANK.ru) [000926 12:23]: > > > We'll be building VPN with FreeBSD + KAME as the central VPN server. > > > > > > Beside F-Secure.com's product, anybody know of/used other IPsec > > > clients for Win32? > > > > One of the best known is PGPNet. It talks IPSec but doesn't support static > > keying, so you'll have to run a IKE daemon (racoon). > > > [sg] interesting, but who was crypto-tunnel between cisco & freebsd > ? ;) Cisco does. At least on these models: Cisco 1600 series Cisco 2500 series Cisco 2600 series Cisco 3600 series Cisco 4000 series (Cisco 4000, 4000-M, 4500, 4500-M, 4700, 4700-M) Cisco 7200 series Cisco 7500 series Cisco AS5300 Terje To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Sep 26 8:42:21 2000 Delivered-To: freebsd-security@freebsd.org Received: from starfruit.itojun.org (ny-ppp009.iij-us.net [216.98.99.9]) by hub.freebsd.org (Postfix) with ESMTP id E8B5637B42C for ; Tue, 26 Sep 2000 08:42:16 -0700 (PDT) Received: from kiwi.itojun.org (localhost [127.0.0.1]) by starfruit.itojun.org (8.11.0/8.11.0) with ESMTP id e8QFeAY01956; Wed, 27 Sep 2000 00:40:15 +0900 (JST) Message-Id: <200009261540.e8QFeAY01956@ starfruit.itojun.org> To: Len Conrad Cc: freebsd-security@freebsd.org In-reply-to: lconrad's message of Tue, 26 Sep 2000 15:49:46 +0200. <5.0.0.25.0.20000926151714.04817710@mail.Go2France.com> X-Template-Reply-To: itojun@itojun.org X-Template-Return-Receipt-To: itojun@itojun.org X-PGP-Fingerprint: F8 24 B4 2C 8C 98 57 FD 90 5F B4 60 79 54 16 E2 Subject: Re: VPN / IPsec server with Powercrypt From: Jun-ichiro itojun Hagino Date: Wed, 27 Sep 2000 00:40:10 +0900 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >"Regarding FreeBSD: Please note that the driver that we have available is a >generic encryption driver. It does not perform IPSec functions. I just want >to make sure that I tell you this before you decide to purchase. IPSec is >performed in OpenBSD because they created their drivers and incorporated it >into the o/s." >So, is FreeBSD VPN / IPsec with hw crypto support from the Powercrypt >board do-able or not? no, there's no support in kernel IPsec for PowerCrypt (or any of hardware crypto cards). itojun To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Sep 26 12:38:37 2000 Delivered-To: freebsd-security@freebsd.org Received: from alpha1.dlinc.com (alpha1.dlinc.com [208.128.117.6]) by hub.freebsd.org (Postfix) with ESMTP id 8576E37B42C for ; Tue, 26 Sep 2000 12:38:34 -0700 (PDT) Received: from dice.com (grpwise.dlinc.com [208.160.60.2]) by alpha1.dlinc.com (8.9.3/8.9.3) with SMTP id OAA30805 for ; Tue, 26 Sep 2000 14:37:27 -0500 (CDT) Received: from D_and_L_Online-Message_Server by dice.com with Novell_GroupWise; Tue, 26 Sep 2000 14:38:29 -0500 Message-Id: X-Mailer: Novell GroupWise 5.2 Date: Tue, 26 Sep 2000 14:37:49 -0500 From: "Kevin Riggins" To: freebsd-security@freebsd.org Subject: LDAP and user authentication revisited... Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Peoples, I have searched and searched and searched and the latest reference to LDAP = user authentication is about a year old. At that time pam_ldap kinda = worked, but not really. Has this changed any in 4.1 Stable.=20 Thanks in advance, Kevin Riggins System Administrator Dice.com emai: kriggins@dice.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Sep 26 12:43:34 2000 Delivered-To: freebsd-security@freebsd.org Received: from virtual-voodoo.com (virtual-voodoo.com [204.120.165.254]) by hub.freebsd.org (Postfix) with ESMTP id 2774937B42C for ; Tue, 26 Sep 2000 12:43:28 -0700 (PDT) Received: from ny1wsh031 (blackhole.cioe.com [204.120.165.44]) (authenticated) by virtual-voodoo.com (8.11.0/8.11.0) with ESMTP id e8QJhLF28040; Tue, 26 Sep 2000 14:43:21 -0500 (EST) (envelope-from steve@virtual-voodoo.com) Message-ID: <034f01c027f2$06f43350$8a1a050a@winstar.com> From: "Steven E. Ames" To: "Kevin Riggins" , References: Subject: Re: LDAP and user authentication revisited... Date: Tue, 26 Sep 2000 14:43:21 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Actually... maybe not in 4.x but in -CURRENT we have nsswitch now... Unless I'm way off base that's a huge step toward getting LDAP user authentication. That in conjunction with the LDAP NIS package might just get you there (haven't tried myself). -Steve ----- Original Message ----- From: "Kevin Riggins" To: Sent: Tuesday, September 26, 2000 2:37 PM Subject: LDAP and user authentication revisited... > Peoples, > > I have searched and searched and searched and the latest reference to LDAP user authentication is about a year old. At that time pam_ldap kinda worked, but not really. Has this changed any in 4.1 Stable. > > Thanks in advance, > > > Kevin Riggins > System Administrator > Dice.com > emai: kriggins@dice.com > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Sep 26 14:11:24 2000 Delivered-To: freebsd-security@freebsd.org Received: from winston.osd.bsdi.com (winston.osd.bsdi.com [204.216.27.229]) by hub.freebsd.org (Postfix) with ESMTP id B0B8137B42C for ; Tue, 26 Sep 2000 14:11:22 -0700 (PDT) Received: from winston.osd.bsdi.com (jkh@localhost [127.0.0.1]) by winston.osd.bsdi.com (8.11.0/8.9.3) with ESMTP id e8QLB9U80887; Tue, 26 Sep 2000 14:11:09 -0700 (PDT) (envelope-from jkh@winston.osd.bsdi.com) To: Len Conrad Cc: freebsd-security@FreeBSD.ORG Subject: Re: VPN / IPsec server with Powercrypt In-Reply-To: Message from Len Conrad of "Tue, 26 Sep 2000 15:49:46 +0200." <5.0.0.25.0.20000926151714.04817710@mail.Go2France.com> Date: Tue, 26 Sep 2000 14:11:09 -0700 Message-ID: <80883.970002669@winston.osd.bsdi.com> From: Jordan Hubbard Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > We need some guidance knitting together FreeBSD 4.1 + KAME IPsec VPN > + Powercrypt board for central VPN gateway. > > Basically, is it doable? Has anybody done it? or do we just go OpenBSD? I think you'll have to go with OpenBSD for now. What we've done here with hardware crypto support is by no means as comprehensive as what they have done and nobody has stepped up to the plate as yet to make that happen. If anybody does, we have some powercrypt boards here with their names on them. :) - Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Sep 26 16:22:51 2000 Delivered-To: freebsd-security@freebsd.org Received: from jamus.xpert.com (jamus.xpert.com [199.203.132.17]) by hub.freebsd.org (Postfix) with ESMTP id 2490437B423 for ; Tue, 26 Sep 2000 16:22:41 -0700 (PDT) Received: from roman (helo=localhost) by jamus.xpert.com with local-esmtp (Exim 3.12 #5) id 13e5xE-0003yX-00; Wed, 27 Sep 2000 03:24:12 +0200 Date: Wed, 27 Sep 2000 03:24:12 +0200 (IST) From: Roman Shterenzon To: "Steven E. Ames" Cc: Kevin Riggins , freebsd-security@FreeBSD.ORG Subject: Re: LDAP and user authentication revisited... In-Reply-To: <034f01c027f2$06f43350$8a1a050a@winstar.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I just had a year long expirience with padl.com's nss_ldap and pam_ldap modules under RedHat Linux 6.1 and it was a complete disaster. We had to move to NIS after [almost] one year of struggling. There's still PR open in redhat, and there are more bugs that I know that exist in these modules, but I didn't feel like fixing them. If you'd like to know more about it, you can contact me off the list. Take care. On Tue, 26 Sep 2000, Steven E. Ames wrote: > Actually... maybe not in 4.x but in -CURRENT we have nsswitch now... > Unless I'm way off base that's a huge step toward getting LDAP user > authentication. That in conjunction with the LDAP NIS package might just > get you there (haven't tried myself). > > -Steve > > ----- Original Message ----- > From: "Kevin Riggins" > To: > Sent: Tuesday, September 26, 2000 2:37 PM > Subject: LDAP and user authentication revisited... > > > > Peoples, > > > > I have searched and searched and searched and the latest reference to > LDAP user authentication is about a year old. At that time pam_ldap > kinda worked, but not really. Has this changed any in 4.1 Stable. > > > > Thanks in advance, > > > > > > Kevin Riggins > > System Administrator > > Dice.com > > emai: kriggins@dice.com > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > --Roman Shterenzon, UNIX System Administrator and Consultant [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Sep 26 20:52:11 2000 Delivered-To: freebsd-security@freebsd.org Received: from ocis.ocis.net (ocis.ocis.net [209.52.173.1]) by hub.freebsd.org (Postfix) with ESMTP id 52A0837B422 for ; Tue, 26 Sep 2000 20:52:09 -0700 (PDT) Received: from localhost (vdrifter@localhost) by ocis.ocis.net (8.9.3/8.9.3) with ESMTP id UAA13123 for ; Tue, 26 Sep 2000 20:52:08 -0700 Date: Tue, 26 Sep 2000 20:52:08 -0700 (PDT) From: John F Cuzzola To: freebsd-security@FreeBSD.ORG Subject: ipfw + natd + Novell Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello everyone, I have a Novell Server that has been moved from a public ip to a private one (192.168.0.6). The 192.168.0.xxx segment gets internet access through a FreeBSD box using ipfw/natd. The Novell server needs to be accessable from the internet from source addresses 142.42.22.xxx. So I tried to set up a NAT for it as follows: natd -p 7500 -redirect_address 192.168.0.6 0.0.0.0 -a 207.24.168.5 ipfw add 10 divert 7500 ip from 142.42.22.0/24 to 207.24.168.5 ipfw add 20 divert 7500 ip from 207.24.168.5 to 142.42.22.0/24 So 142.42.22.0/24 should be able to get to the novell server using 207.24.168.5 as its ip. Using the Windows Client they can connect and see the NDS tree but when they try to log in the connection times-out. I know there are some programs that wont work through NAT (like the ones that insist on reporting back the private ip address). I was wondering if anyone has had experience logging into a Novell Server with NAT. Can it be done? Thank-you JohnC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Sep 26 21:28:56 2000 Delivered-To: freebsd-security@freebsd.org Received: from allmaui.com (server25.aitcom.net [208.234.0.10]) by hub.freebsd.org (Postfix) with ESMTP id 3A34837B423 for ; Tue, 26 Sep 2000 21:28:40 -0700 (PDT) Received: from allmaui.com (c756043-a.stcla1.sfba.home.com [24.20.23.203]) by allmaui.com (8.8.8/8.8.5) with ESMTP id AAA19251; Wed, 27 Sep 2000 00:28:33 -0400 Message-ID: <39D114F0.46A3251@allmaui.com> Date: Tue, 26 Sep 2000 21:28:16 +0000 From: Craig Cowen X-Mailer: Mozilla 4.74 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: John F Cuzzola Cc: freebsd-security@FreeBSD.ORG Subject: Re: ipfw + natd + Novell References: Content-Type: multipart/alternative; boundary="------------FFAE8E796D64C9D8F931E9BD" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --------------FFAE8E796D64C9D8F931E9BD Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Correct me if I am wrong but the 0 in your private network is an error. try making it a 1. Craig Cowen John F Cuzzola wrote: > Hello everyone, > I have a Novell Server that has been moved from a public ip to a private > one (192.168.0.6). The 192.168.0.xxx segment gets internet access through > a FreeBSD box using ipfw/natd. The Novell server needs to be accessable > from the internet from source addresses 142.42.22.xxx. So I tried to set > up a NAT for it as follows: > > natd -p 7500 -redirect_address 192.168.0.6 0.0.0.0 -a 207.24.168.5 > > ipfw add 10 divert 7500 ip from 142.42.22.0/24 to 207.24.168.5 > ipfw add 20 divert 7500 ip from 207.24.168.5 to 142.42.22.0/24 > > So 142.42.22.0/24 should be able to get to the novell server using > 207.24.168.5 as its ip. Using the Windows Client they can connect and see > the NDS tree but when they try to log in the connection times-out. I know > there are some programs that wont work through NAT (like the ones that > insist on reporting back the private ip address). I was wondering if > anyone has had experience logging into a Novell Server with NAT. Can it > be done? > > Thank-you > JohnC > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Craig Cowen 408-394-6673 Cell craig-pager@allmaui.com --------------FFAE8E796D64C9D8F931E9BD Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit Correct me if I am wrong but the 0 in your private network is an error.
try making it a 1.

Craig Cowen

John F Cuzzola wrote:

Hello everyone,
I have a Novell Server that has been moved from a public ip to a private
one (192.168.0.6). The 192.168.0.xxx segment gets internet access through
a FreeBSD box using ipfw/natd. The Novell server needs to be accessable
from the internet from source addresses 142.42.22.xxx. So I tried to set
up a NAT for it as follows:

natd -p 7500 -redirect_address 192.168.0.6 0.0.0.0 -a 207.24.168.5

ipfw add 10 divert 7500 ip from 142.42.22.0/24 to 207.24.168.5
ipfw add 20 divert 7500 ip from 207.24.168.5 to 142.42.22.0/24

So 142.42.22.0/24 should be able to get to the novell server using
207.24.168.5 as its ip. Using the Windows Client they can connect and see
the NDS tree but when they try to log in the connection times-out. I know
there are some programs that wont work through NAT (like the ones that
insist on reporting back the private ip address). I was wondering if
anyone has had experience logging into a Novell Server with NAT. Can it
be done?

Thank-you
JohnC

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

-- 
Craig Cowen
408-394-6673 Cell
craig-pager@allmaui.com
  --------------FFAE8E796D64C9D8F931E9BD-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Sep 26 22:42:37 2000 Delivered-To: freebsd-security@freebsd.org Received: from silby.com (cb34181-c.mdsn1.wi.home.com [24.183.3.139]) by hub.freebsd.org (Postfix) with ESMTP id BF2A337B424 for ; Tue, 26 Sep 2000 22:42:31 -0700 (PDT) Received: (qmail 51192 invoked by uid 1000); 27 Sep 2000 05:43:42 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 27 Sep 2000 05:43:42 -0000 Date: Wed, 27 Sep 2000 00:43:41 -0500 (CDT) From: Mike Silbersack To: security@freebsd.org, ports@freebsd.org Subject: pine from: buffer overflow patch Message-ID: MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="0-1300450710-970033421=:51183" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. Send mail to mime@docserver.cac.washington.edu for more info. --0-1300450710-970033421=:51183 Content-Type: TEXT/PLAIN; charset=US-ASCII Hello, fellow pine 4 users. This patch should fix the pine from: overflow which was posted to bugtraq a few days ago. I'd appreciate it if others could test/review this patch so that we can get it put into the ports tree ASAP. (Presumably pine 3 should also be patched, but I'm not interested in touching it. Is anyone interested in removing the pine3 port?) Feedback is greatly appreciated, Mike "Silby" Silbersack --0-1300450710-970033421=:51183 Content-Type: TEXT/PLAIN; charset=US-ASCII; name=patch-ba Content-Transfer-Encoding: BASE64 Content-ID: Content-Description: Content-Disposition: attachment; filename=patch-ba KioqIHBpbmUvbmV3bWFpbC5jLm9yaWcJTW9uIFNlcCAyNSAxNTowNzowMSAy MDAwDQotLS0gcGluZS9uZXdtYWlsLmMJVHVlIFNlcCAyNiAxNTozNDoyNCAy MDAwDQoqKioqKioqKioqKioqKioNCioqKiAzNDIsMzQ4ICoqKioNCiAgCQkJ CQkgICBlLT5mcm9tLT5wZXJzb25hbCwgTlVMTCksDQogIAkJICAgcHNfZ2xv YmFsLT50dHlvLT5zY3JlZW5fY29scyk7DQogIAllbHNlDQohIAkgIHNwcmlu dGYoZnJvbSArICgobnVtYmVyID4gMUwpID8gMTggOiA2KSwgIiVzJXMlcyIs IA0KICAJCSAgZS0+ZnJvbS0+bWFpbGJveCwNCiAgCQkgIGUtPmZyb20tPmhv c3QgPyAiQCIgOiAiIiwNCiAgCQkgIGUtPmZyb20tPmhvc3QgPyBlLT5mcm9t LT5ob3N0IDogIiIpOw0KLS0tIDM0MiwzNDkgLS0tLQ0KICAJCQkJCSAgIGUt PmZyb20tPnBlcnNvbmFsLCBOVUxMKSwNCiAgCQkgICBwc19nbG9iYWwtPnR0 eW8tPnNjcmVlbl9jb2xzKTsNCiAgCWVsc2UNCiEgCSAgc25wcmludGYoZnJv bSArICgobnVtYmVyID4gMUwpID8gMTggOiA2KSwgc2l6ZW9mKGZyb20pIC0g c3RybGVuKGZyb20pLA0KISAgICAgICAgICAgICAgICAgICAiJXMlcyVzIiwg DQogIAkJICBlLT5mcm9tLT5tYWlsYm94LA0KICAJCSAgZS0+ZnJvbS0+aG9z dCA/ICJAIiA6ICIiLA0KICAJCSAgZS0+ZnJvbS0+aG9zdCA/IGUtPmZyb20t Pmhvc3QgOiAiIik7DQo= --0-1300450710-970033421=:51183-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 27 0:39:50 2000 Delivered-To: freebsd-security@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id E996137B424 for ; Wed, 27 Sep 2000 00:39:47 -0700 (PDT) Received: (from des@localhost) by flood.ping.uio.no (8.9.3/8.9.3) id JAA61959; Wed, 27 Sep 2000 09:39:43 +0200 (CEST) (envelope-from des@ofug.org) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: "Steven E. Ames" Cc: "Kevin Riggins" , Subject: Re: LDAP and user authentication revisited... References: <034f01c027f2$06f43350$8a1a050a@winstar.com> From: Dag-Erling Smorgrav Date: 27 Sep 2000 09:39:42 +0200 In-Reply-To: "Steven E. Ames"'s message of "Tue, 26 Sep 2000 14:43:21 -0500" Message-ID: Lines: 12 User-Agent: Gnus/5.0802 (Gnus v5.8.2) Emacs/20.4 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org "Steven E. Ames" writes: > Actually... maybe not in 4.x but in -CURRENT we have nsswitch now... > Unless I'm way off base that's a huge step toward getting LDAP user > authentication. That in conjunction with the LDAP NIS package might just > get you there (haven't tried myself). FreeBSD has had PAM support for quite some time now, and I'd be surprised if there wasn't a PAM LDAP module available somewhere. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 27 0:40:59 2000 Delivered-To: freebsd-security@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id 7655C37B424 for ; Wed, 27 Sep 2000 00:40:57 -0700 (PDT) Received: (from des@localhost) by flood.ping.uio.no (8.9.3/8.9.3) id JAA61975; Wed, 27 Sep 2000 09:40:53 +0200 (CEST) (envelope-from des@ofug.org) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: Craig Cowen Cc: John F Cuzzola , freebsd-security@FreeBSD.ORG Subject: Re: ipfw + natd + Novell References: <39D114F0.46A3251@allmaui.com> From: Dag-Erling Smorgrav Date: 27 Sep 2000 09:40:53 +0200 In-Reply-To: Craig Cowen's message of "Tue, 26 Sep 2000 21:28:16 +0000" Message-ID: Lines: 9 User-Agent: Gnus/5.0802 (Gnus v5.8.2) Emacs/20.4 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Craig Cowen writes: > Correct me if I am wrong but the 0 in your private network is an error. > try making it a 1. No, it's not an error. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 27 0:58:10 2000 Delivered-To: freebsd-security@freebsd.org Received: from iclub.nsu.ru (iclub.nsu.ru [193.124.222.66]) by hub.freebsd.org (Postfix) with ESMTP id 5927937B422 for ; Wed, 27 Sep 2000 00:57:55 -0700 (PDT) Received: from localhost (fjoe@localhost) by iclub.nsu.ru (8.9.3/8.9.3) with ESMTP id OAA88440; Wed, 27 Sep 2000 14:55:14 +0700 (NSS) (envelope-from fjoe@iclub.nsu.ru) Date: Wed, 27 Sep 2000 14:55:14 +0700 (NSS) From: Max Khon To: Dag-Erling Smorgrav Cc: "Steven E. Ames" , Kevin Riggins , freebsd-security@FreeBSD.ORG Subject: Re: LDAP and user authentication revisited... In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org hi, there! On 27 Sep 2000, Dag-Erling Smorgrav wrote: > "Steven E. Ames" writes: > > Actually... maybe not in 4.x but in -CURRENT we have nsswitch now... > > Unless I'm way off base that's a huge step toward getting LDAP user > > authentication. That in conjunction with the LDAP NIS package might just > > get you there (haven't tried myself). > > FreeBSD has had PAM support for quite some time now, and I'd be > surprised if there wasn't a PAM LDAP module available somewhere. http://www.padl.com/ they also have NSS LDAP modules. /fjoe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 27 3: 9:18 2000 Delivered-To: freebsd-security@freebsd.org Received: from lynx.aba.net.au (lynx.esec.com.au [203.21.84.1]) by hub.freebsd.org (Postfix) with SMTP id 4D73E37B42C for ; Wed, 27 Sep 2000 03:09:10 -0700 (PDT) Received: (qmail 19100 invoked from network); 27 Sep 2000 10:09:04 -0000 Received: from melb-dialin15.esec.com.au (HELO eSec.com.au) (203.25.253.79) by lynx.esec.com.au with SMTP; 27 Sep 2000 10:09:04 -0000 Message-ID: <39D1B8E8.B5B070FB@eSec.com.au> Date: Wed, 27 Sep 2000 20:07:52 +1100 From: Sam wun Organization: eSec X-Mailer: Mozilla 4.72 [en] (X11; I; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 Cc: "'freebsd-security@freebsd.org'" Subject: What happened if the pre-share key got cacked? References: <00BF97DD9F3FD311AB860060084E50DD311C71@exchange.xpert.com> <20000925143807.A401@hal9000.bsdonline.org> Content-Type: text/plain; charset=gb2312 Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I am a bit concernt about hte pre-share key that using by the IPsec couple of client and the server machines. What if this key got stolent somehow? what will be the consequence? I am using IPSec in FreeBSD. The pre-share key is used by racoon. The psk.txt is protected by 600 permission. But what if my root account got cracked? anyone whom posesses my root account will be able to see the content of the psk.txt file? It may not be that importnat if the psk.txt got hacked, the hacker still hard to penetrade in to another machine which also got IPsec setup. Because all data transfer is protected by IPsec., thus tcpdump will fail. Am I right? Thanks Sam. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 27 3:46:12 2000 Delivered-To: freebsd-security@freebsd.org Received: from pawn.primelocation.net (pawn.primelocation.net [205.161.238.235]) by hub.freebsd.org (Postfix) with ESMTP id 2B90437B424; Wed, 27 Sep 2000 03:46:07 -0700 (PDT) Received: from earth.causticlabs.com (oca-pm3-1-4.hitter.net [207.192.76.4]) by pawn.primelocation.net (Postfix) with ESMTP id 2B1B49B05; Wed, 27 Sep 2000 06:46:03 -0400 (EDT) Date: Wed, 27 Sep 2000 06:46:02 -0400 (EDT) From: "Chris D. Faulhaber" X-Sender: jedgar@earth.causticlabs.com To: Mike Silbersack Cc: security@freebsd.org, ports@freebsd.org Subject: Re: pine from: buffer overflow patch In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 27 Sep 2000, Mike Silbersack wrote: > (Presumably pine 3 should also be patched, but I'm not interested in > touching it. Is anyone interested in removing the pine3 port?) > Sorry, someone beat you too it. ports/mail/pine3 was removed Feb 23, 2000. ----- Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 27 3:50:19 2000 Delivered-To: freebsd-security@freebsd.org Received: from elde.org (elde.org [195.204.143.185]) by hub.freebsd.org (Postfix) with ESMTP id 9AB8537B424 for ; Wed, 27 Sep 2000 03:50:16 -0700 (PDT) Received: by elde.org (Postfix, from userid 1002) id 54FCE5F2C6; Wed, 27 Sep 2000 12:50:06 +0200 (CEST) Date: Wed, 27 Sep 2000 12:50:06 +0200 From: Terje Elde To: Sam wun Cc: "'freebsd-security@freebsd.org'" Subject: Re: What happened if the pre-share key got cacked? Message-ID: <20000927125006.B59697@dlt.follo.net> References: <00BF97DD9F3FD311AB860060084E50DD311C71@exchange.xpert.com> <20000925143807.A401@hal9000.bsdonline.org> <39D1B8E8.B5B070FB@eSec.com.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <39D1B8E8.B5B070FB@eSec.com.au>; from swun@eSec.com.au on Wed, Sep 27, 2000 at 08:07:52PM +1100 X-Mailer: Mutt http://www.mutt.org/ X-Editor: Vim http://www.vim.org/ X-IRC: ircii!epic4-2000 - prevail[1214] X-Goal: Exterminate All Rational Thought Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org * Sam wun (swun@eSec.com.au) [000927 12:09]: > I am a bit concernt about hte pre-share key that using by the IPsec couple of > client and the server machines. > What if this key got stolent somehow? what will be the consequence? > I am using IPSec in FreeBSD. The pre-share key is used by racoon. The psk.txt > is protected by 600 permission. But what if my root account got cracked? > anyone whom posesses my root account will be able to see the content of the > psk.txt file? Bottom line is that if someone gets your root account you're owned no matter what you do. > It may not be that importnat if the psk.txt got hacked, the hacker still hard > to penetrade in to another machine which also got IPsec setup. Because all > data transfer is protected by IPsec., thus tcpdump will fail. Am I right? If they've got the psk then they'll be able to decrypt (more complicated than that, but let's simplify). Also, if they break into the box which has hte psk.txt file, then it's pretty safe to assume it's one of the endpoints, in which case it'll be able to sniff. Terje To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 27 4:25:26 2000 Delivered-To: freebsd-security@freebsd.org Received: from drawbridge.ctc.com (drawbridge.ctc.com [147.160.99.35]) by hub.freebsd.org (Postfix) with ESMTP id C49BB37B42C for ; Wed, 27 Sep 2000 04:25:22 -0700 (PDT) Received: from server2.ctc.com (server2.ctc.com [147.160.1.4]) by drawbridge.ctc.com (8.10.1/8.10.1) with ESMTP id e8RBOxU22995; Wed, 27 Sep 2000 07:25:00 -0400 (EDT) Received: from ctcjst-mail1.ctc.com (ctcjst-mail1.ctc.com [147.160.34.14]) by server2.ctc.com (8.9.3/8.9.3) with ESMTP id HAA01270; Wed, 27 Sep 2000 07:24:54 -0400 (EDT) Received: by CTCJST-MAIL1 with Internet Mail Service (5.5.2650.21) id ; Wed, 27 Sep 2000 07:27:24 -0400 Message-ID: From: "Cameron, Frank" To: freebsd-security@FreeBSD.ORG Cc: "'John F Cuzzola'" Subject: RE: ipfw + natd + Novell Date: Wed, 27 Sep 2000 07:27:18 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org What version of NetWare are you running? If NetWare 5, how do you have SLP configured? What error message/code is returned to the client? You can try searching support.novell.com (I just tried a quick minute search with little success). If I get a chance I'll take a look in our library. -frank -----Original Message----- From: John F Cuzzola [mailto:vdrifter@ocis.ocis.net] Sent: Tuesday, September 26, 2000 11:52 PM Hello everyone, I have a Novell Server that has been moved from a public ip to a private one (192.168.0.6). So I tried to set up a NAT for it as follows: natd -p 7500 -redirect_address 192.168.0.6 0.0.0.0 -a 207.24.168.5 ipfw add 10 divert 7500 ip from 142.42.22.0/24 to 207.24.168.5 ipfw add 20 divert 7500 ip from 207.24.168.5 to 142.42.22.0/24 So 142.42.22.0/24 should be able to get to the novell server using 207.24.168.5 as its ip. Using the Windows Client they can connect and see the NDS tree but when they try to log in the connection times-out. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 27 5: 1:47 2000 Delivered-To: freebsd-security@freebsd.org Received: from gw.nectar.com (gw.nectar.com [208.42.49.153]) by hub.freebsd.org (Postfix) with ESMTP id 459C437B43E for ; Wed, 27 Sep 2000 05:01:40 -0700 (PDT) Received: from hamlet.nectar.com (hamlet.nectar.com [10.0.1.102]) by gw.nectar.com (Postfix) with ESMTP id 220091925D; Wed, 27 Sep 2000 07:01:39 -0500 (CDT) Received: (from nectar@localhost) by hamlet.nectar.com (8.9.3/8.9.3) id HAA36238; Wed, 27 Sep 2000 07:01:39 -0500 (CDT) (envelope-from nectar@spawn.nectar.com) Date: Wed, 27 Sep 2000 07:01:39 -0500 From: "Jacques A. Vidrine" To: Max Khon Cc: freebsd-security@FreeBSD.ORG Subject: Re: LDAP and user authentication revisited... Message-ID: <20000927070138.B36155@hamlet.nectar.com> Mail-Followup-To: "Jacques A. Vidrine" , Max Khon , freebsd-security@FreeBSD.ORG References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from fjoe@iclub.nsu.ru on Wed, Sep 27, 2000 at 02:55:14PM +0700 X-Url: http://www.nectar.com/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Sep 27, 2000 at 02:55:14PM +0700, Max Khon wrote: > http://www.padl.com/ > they also have NSS LDAP modules. I expect to commit support for dynamic loading to nsswitch to -CURRENT in the near future. I have also ported padl.com's nss_ldap. I will put it in the Ports Collection. -- Jacques Vidrine / n@nectar.com / jvidrine@verio.net / nectar@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 27 6:26:43 2000 Delivered-To: freebsd-security@freebsd.org Received: from hera.ik.bme.hu (hera.ik.bme.hu [152.66.243.132]) by hub.freebsd.org (Postfix) with ESMTP id 0CC6F37B423 for ; Wed, 27 Sep 2000 06:26:29 -0700 (PDT) Received: from localhost (mohacsi@localhost) by hera.ik.bme.hu (8.9.3/8.9.3) with ESMTP id PAA30147 for ; Wed, 27 Sep 2000 15:27:21 +0200 (MET DST) Date: Wed, 27 Sep 2000 15:27:21 +0200 (MET DST) From: Mohacsi Janos To: freebsd-security@freebsd.org Subject: Is openssl properly integrated to the FreeBSD? Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, There is an application called CA.pl with documentation in /usr/src/crypto/apps/ directory and also it has a documentation (in /usr/src/crypto/doc/apps) but none of them installed. It could be installed in the /usr/bin or /usr/share/examples/ssl. Also there are lots of documentation in /usr/src/crypto/doc/apps/ in *.pod format but only the openssl.pod is installed? Any intention to integrate them to the FreeBSD man pages or handbook? Or should I go on to make a diff to incorporate. Thanks in advance, Janos Mohacsi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 27 9:12: 3 2000 Delivered-To: freebsd-security@freebsd.org Received: from osiris.ipform.ru (osiris.ipform.ru [212.158.165.98]) by hub.freebsd.org (Postfix) with ESMTP id E3EEB37B424; Wed, 27 Sep 2000 09:11:56 -0700 (PDT) Received: from wp2 (wp2 [192.168.0.12]) by osiris.ipform.ru (8.11.0/8.11.0) with SMTP id e8RGBrR04465; Wed, 27 Sep 2000 20:11:54 +0400 (MSD) (envelope-from matrix@ipform.ru) Message-ID: <014401c0289d$a7765320$0c00a8c0@ipform.ru> From: "Artem Koutchine" To: Cc: Subject: Good network monitoring utility Date: Wed, 27 Sep 2000 20:11:50 +0400 Organization: IP Form MIME-Version: 1.0 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6600 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I need to monitor host on a medium sized (but spread and heterogenic) local network and a couple of remote host in Internet. On FreeBSD/Linux based machines I also would like to monitor security (network attacks mostly). Maybe someone is running some monitoring software and will be glad to share the experience. I have found 'netsaint' in the ports and looked at the demo and it looks pretty good, has anybody actually tried it? Thanks! Artem To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 27 9:20:53 2000 Delivered-To: freebsd-security@freebsd.org Received: from puck.nether.net (puck.nether.net [204.42.254.5]) by hub.freebsd.org (Postfix) with ESMTP id B4AAB37B43E; Wed, 27 Sep 2000 09:19:46 -0700 (PDT) Received: (from jared@localhost) by puck.nether.net (8.11.0/8.9.3) id e8RGJgI25431; Wed, 27 Sep 2000 12:19:42 -0400 (envelope-from jared) Date: Wed, 27 Sep 2000 12:19:42 -0400 From: Jared Mauch To: Artem Koutchine Cc: questions@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: Good network monitoring utility Message-ID: <20000927121942.A25415@puck.nether.net> Mail-Followup-To: Artem Koutchine , questions@FreeBSD.ORG, security@FreeBSD.ORG References: <014401c0289d$a7765320$0c00a8c0@ipform.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <014401c0289d$a7765320$0c00a8c0@ipform.ru>; from matrix@ipform.ru on Wed, Sep 27, 2000 at 08:11:50PM +0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I'm biased, but if you are doing mostly host monitoring and some network monitoring, you may want to check out "sysmon", a package that I've written. http://sysmon.org/ I've been getting ready to make it understand a network topology where you have N x T1/DS3/E1/E3/OCn path somewhere in the network, which makes it not perfect for monitoring each circuit, but it also supports dependencies so if a circuit, router or switch fails, you only would get a message from it saying that that device failed (if you configure it properly of course). I'm always interested in feedback as to why my software sucks too... - Jared On Wed, Sep 27, 2000 at 08:11:50PM +0400, Artem Koutchine wrote: > I need to monitor host on a medium sized (but spread and heterogenic) > local network and a couple of remote host in Internet. On FreeBSD/Linux > based > machines I also would like to monitor security (network attacks mostly). > > Maybe someone is running some monitoring software and will be glad to share > the experience. > > I have found 'netsaint' in the ports and looked at the demo and it looks > pretty good, > has anybody actually tried it? > > Thanks! > > Artem > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Jared Mauch | pgp key available via finger from jared@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine. END OF LINE | Manager of IP networks built within my own home To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 27 9:24:38 2000 Delivered-To: freebsd-security@freebsd.org Received: from ibb0021.ibb.uu.nl (ibb0021.ibb.uu.nl [131.211.124.21]) by hub.freebsd.org (Postfix) with ESMTP id E27AD37B42C; Wed, 27 Sep 2000 09:24:25 -0700 (PDT) Received: by ibb0021.ibb.uu.nl (Postfix) id 312C27B4; Wed, 27 Sep 2000 18:23:11 +0200 (CEST) Date: Wed, 27 Sep 2000 18:23:10 +0200 From: Mipam To: Artem Koutchine Cc: questions@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: Good network monitoring utility Message-ID: <20000927182310.C516@ibb0021.ibb.uu.nl> Reply-To: mipam@ibb.net References: <014401c0289d$a7765320$0c00a8c0@ipform.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <014401c0289d$a7765320$0c00a8c0@ipform.ru>; from matrix@ipform.ru on Wed, Sep 27, 2000 at 08:11:50PM +0400 X-Obviously: All email clients suck. Only Mutt sucks less! X-Editor: Vi X-Operating-System: BSD Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Maybe someone is running some monitoring software and will be glad to share > the experience. > Well, take a look at snort (http://www.snort.org). Its in the ports of freebsd. Monitoring concerning security this IDS will surely help a lot. Take a look here: http://www.tw.daemonnews.org/199909/security.html Its discussed there by one of it's developers :) Bye, Mipam. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 27 9:38:19 2000 Delivered-To: freebsd-security@freebsd.org Received: from ns1.via-net-works.net.ar (ns1.via-net-works.net.ar [200.10.100.10]) by hub.freebsd.org (Postfix) with ESMTP id E95A537B424; Wed, 27 Sep 2000 09:38:09 -0700 (PDT) Received: (from fpscha@localhost) by ns1.via-net-works.net.ar (8.9.3/8.9.3) id NAA43617; Wed, 27 Sep 2000 13:38:24 -0300 (ART) From: Fernando Schapachnik Message-Id: <200009271638.NAA43617@ns1.via-net-works.net.ar> Subject: Re: Good network monitoring utility In-Reply-To: <014401c0289d$a7765320$0c00a8c0@ipform.ru> "from Artem Koutchine at Sep 27, 2000 08:11:50 pm" To: Artem Koutchine Date: Wed, 27 Sep 2000 13:38:24 -0300 (ART) Cc: questions@FreeBSD.ORG, security@FreeBSD.ORG Reply-To: Fernando Schapachnik X-Mailer: ELM [version 2.4ME+ PL82 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=ISO-8859-1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org En un mensaje anterior, Artem Koutchine escribió: > I have found 'netsaint' in the ports and looked at the demo and it looks > pretty good, > has anybody actually tried it? netsait 0.0.6 (although still in beta) is pretty good, but it does not monitor from a security point of view. It uses a 'reachability' point of view (in answer 'is everything working?' but not 'has anything been breached?'). Regards. Fernando P. Schapachnik Administración de la red VIA NET.WORKS ARGENTINA S.A. fernando@via-net-works.net.ar (54-11) 4323-3333 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 27 11:25:38 2000 Delivered-To: freebsd-security@freebsd.org Received: from smx.pair.com (smx.pair.com [209.68.1.56]) by hub.freebsd.org (Postfix) with SMTP id DB4FF37B440 for ; Wed, 27 Sep 2000 11:24:44 -0700 (PDT) Received: (qmail 7667 invoked by uid 1000); 27 Sep 2000 18:24:43 -0000 Message-ID: <20000927182443.7666.qmail@smx.pair.com> From: sigma@pair.com Subject: Status of FreeBSD-SA-00:41.elf? To: freebsd-security@freebsd.org Date: Wed, 27 Sep 2000 14:24:43 -0400 (EDT) X-Mailer: ELM [version 2.4ME+ PL40 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org The following advisory went out on August 28, 2000. It indicates that 4.x and 5.x are fixed, and implies that a fix for 3.x would be forthcoming. We actually delayed the rollout of 3.5-STABLE for our users based on this advisory. A month has passed, and I can't find any discussion of this issue, nor any hint as to what the "logistical difficulties" are that the advisory mentions. The patch does in fact seem to work under 3.5-STABLE - at least, the new kernel runs "fine". But without a malformed ELF executable to try out, I can't tell if the problem is really fixed. Does anyone either 1) know how to correctly patch 3.5-STABLE for this problem, or 2) have a malformed ELF executable handy with which to verify the problem? I'd like to know the matter is resolved. Kevin Martin sigma@pair.com ----- Forwarded message from FreeBSD Security Advisories ----- ============================================================================= FreeBSD-SA-00:41 Security Advisory FreeBSD, Inc. Topic: Malformed ELF images can cause a system hang Category: core Module: kernel Announced: 2000-08-28 Credits: Adam McDougall Affects: FreeBSD 3.x, 4.x and 5.x prior to the correction date Corrected: 2000-07-25 (FreeBSD 5.0-CURRENT) 2000-07-23 (FreeBSD 4.0-STABLE) FreeBSD only: Yes I. Background The ELF binary format is used for binary executable programs on modern versions of FreeBSD. II. Problem Description The ELF image activator did not perform sufficient sanity checks on the ELF image header, and when confronted with an invalid or truncated header it suffered a sign overflow bug which caused the CPU to enter into a very long loop in the kernel. The result of this is that the system will appear to lock up for an extended period of time before control returns. This bug can be exploited by unprivileged local users. This vulnerability is not present in FreeBSD 4.1-RELEASE, although 3.5-RELEASE and 3.5.1-RELEASE are vulnerable. III. Impact Local users can cause the system to lock up for an extended period of time (15 minutes or more, depending on CPU speed), during which time the system is completely unresponsive to local and remote users. IV. Workaround None available. V. Solution One of the following: 1) Upgrade your vulnerable FreeBSD system to 4.1-RELEASE, 4.1-STABLE or 5.0-CURRENT after the respective correction dates. FreeBSD 3.5-STABLE has not yet been fixed due to logistical difficulties (and the patch below does not apply cleanly). Consider upgrading to 4.1-RELEASE if this is a concern - this advisory will be reissued once the patch has been applied to the 3.x branch. 2) Apply the patch below and recompile your kernel. Either save this advisory to a file, or download the patch and detached PGP signature from the following locations, and verify the signature using your PGP utility. ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:41/elf.patch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:41/elf.patch.asc # cd /usr/src/sys/kern # patch -p < /path/to/patch_or_advisory [ Recompile your kernel as described in http://www.freebsd.org/handbook/kernelconfig.html and reboot the system ] --- imgact_elf.c 2000/04/30 18:51:39 1.75 +++ imgact_elf.c 2000/07/23 22:19:49 1.78 @@ -190,6 +190,21 @@ object = vp->v_object; error = 0; + /* + * It's necessary to fail if the filsz + offset taken from the + * header is greater than the actual file pager object's size. + * If we were to allow this, then the vm_map_find() below would + * walk right off the end of the file object and into the ether. + * + * While I'm here, might as well check for something else that + * is invalid: filsz cannot be greater than memsz. + */ + if ((off_t)filsz + offset > object->un_pager.vnp.vnp_size || + filsz > memsz) { + uprintf("elf_load_section: truncated ELF file\n"); + return (ENOEXEC); + } + map_addr = trunc_page((vm_offset_t)vmaddr); file_addr = trunc_page(offset); @@ -341,6 +356,12 @@ } error = exec_map_first_page(imgp); + /* + * Also make certain that the interpreter stays the same, so set + * its VTEXT flag, too. + */ + if (error == 0) + nd.ni_vp->v_flag |= VTEXT; VOP_UNLOCK(nd.ni_vp, 0, p); if (error) goto fail; @@ -449,6 +470,17 @@ /* * From this point on, we may have resources that need to be freed. */ + + /* + * Yeah, I'm paranoid. There is every reason in the world to get + * VTEXT now since from here on out, there are places we can have + * a context switch. Better safe than sorry; I really don't want + * the file to change while it's being loaded. + */ + simple_lock(&imgp->vp->v_interlock); + imgp->vp->v_flag |= VTEXT; + simple_unlock(&imgp->vp->v_interlock); + if ((error = exec_extract_strings(imgp)) != 0) goto fail; @@ -610,9 +642,6 @@ imgp->auxargs = elf_auxargs; imgp->interpreted = 0; - /* don't allow modifying the file while we run it */ - imgp->vp->v_flag |= VTEXT; - fail: return error; } To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 27 11:54: 1 2000 Delivered-To: freebsd-security@freebsd.org Received: from silby.com (cb34181-c.mdsn1.wi.home.com [24.183.3.139]) by hub.freebsd.org (Postfix) with ESMTP id D019537B423 for ; Wed, 27 Sep 2000 11:53:56 -0700 (PDT) Received: (qmail 53073 invoked by uid 1000); 27 Sep 2000 18:55:07 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 27 Sep 2000 18:55:07 -0000 Date: Wed, 27 Sep 2000 13:55:07 -0500 (CDT) From: Mike Silbersack To: "Chris D. Faulhaber" Cc: security@freebsd.org, ports@freebsd.org Subject: Re: pine from: buffer overflow patch In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 27 Sep 2000, Chris D. Faulhaber wrote: > On Wed, 27 Sep 2000, Mike Silbersack wrote: > > > (Presumably pine 3 should also be patched, but I'm not interested in > > touching it. Is anyone interested in removing the pine3 port?) > > > > Sorry, someone beat you too it. ports/mail/pine3 was removed Feb 23, > 2000. Good point, I just skimmed cvsweb and assumed it was still there. Glad to know that's not the case. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 27 12:30:33 2000 Delivered-To: freebsd-security@freebsd.org Received: from smtp.nwlink.com (smtp.nwlink.com [209.20.130.57]) by hub.freebsd.org (Postfix) with ESMTP id 6FA1B37B443; Wed, 27 Sep 2000 12:30:11 -0700 (PDT) Received: from utah (jcwells@utah.nwlink.com [209.20.130.41]) by smtp.nwlink.com (8.9.3/8.9.1) with SMTP id MAA09004; Wed, 27 Sep 2000 12:30:07 -0700 (PDT) Date: Wed, 27 Sep 2000 12:43:08 -0700 (PDT) From: "Jason C. Wells" X-Sender: jcwells@utah To: Artem Koutchine Cc: questions@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: Good network monitoring utility In-Reply-To: <014401c0289d$a7765320$0c00a8c0@ipform.ru> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 27 Sep 2000, Artem Koutchine wrote: > I need to monitor host on a medium sized (but spread and heterogenic) > local network and a couple of remote host in Internet. On FreeBSD/Linux > based machines I also would like to monitor security (network attacks > mostly). MRTG also exists. You need to run an snmp agent on any monitored host. You also need to be snmp savvy. MRTG is good at network monitoring. Big Brother works well for host monitoring. Thank you, Jason C. Wells To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 27 13: 1:30 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 664A337B422; Wed, 27 Sep 2000 13:01:25 -0700 (PDT) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id NAA85139; Wed, 27 Sep 2000 13:01:25 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Wed, 27 Sep 2000 13:01:25 -0700 (PDT) From: Kris Kennaway To: sigma@pair.com Cc: freebsd-security@freebsd.org, green@Freebsd.org Subject: Re: Status of FreeBSD-SA-00:41.elf? In-Reply-To: <20000927182443.7666.qmail@smx.pair.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 27 Sep 2000 sigma@pair.com wrote: > The following advisory went out on August 28, 2000. It indicates that 4.x > and 5.x are fixed, and implies that a fix for 3.x would be forthcoming. > We actually delayed the rollout of 3.5-STABLE for our users based on this > advisory. A month has passed, and I can't find any discussion of this > issue, nor any hint as to what the "logistical difficulties" are that the > advisory mentions. The issue is that most FreeBSD developers do not have a 3.5 machine available for testing - BSDi were supposed to be setting up one for us to use but it has not yet come through. This makes it very hard to test security fixes to the 3.5 branch so we don't break it by just committing blindly (in fact, I think we should officially drop security support for the 3.x branch because in practise it's not being supported for security fixes). I believe the problem is still not fixed in 3.5-STABLE at this time. Brian Feldman is the person who committed the original fixes - you should talk to him about testing the fix, and based on that we can commit it to 3.5-STABLE. Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 27 13: 3: 6 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 7451937B422; Wed, 27 Sep 2000 13:02:58 -0700 (PDT) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id NAA85801; Wed, 27 Sep 2000 13:02:58 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Wed, 27 Sep 2000 13:02:58 -0700 (PDT) From: Kris Kennaway To: Mohacsi Janos Cc: freebsd-security@freebsd.org Subject: Re: Is openssl properly integrated to the FreeBSD? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 27 Sep 2000, Mohacsi Janos wrote: > Hi, > There is an application called CA.pl with documentation in > /usr/src/crypto/apps/ directory and also it has a documentation (in > /usr/src/crypto/doc/apps) but none of them installed. It could be > installed in the /usr/bin or /usr/share/examples/ssl. Also there are lots > of documentation in /usr/src/crypto/doc/apps/ in *.pod format but only the > openssl.pod is installed? Any intention to integrate them to the FreeBSD > man pages or handbook? Or should I go on to make a diff to incorporate. Uncomment the following in /usr/src/secure/lib/libcrypto: #.for section in 1 3 #.for pod in ${POD${section}} #.for target in ${pod:T:S/.pod/.${section}/g} #MAN${section}+= ${target} #CLEANFILES+= ${target} #all-man: ${target} #${target}: ${LCRYPTO_SRC}/../doc/${pod} # pod2man ${LCRYPTO_SRC}/../doc/${pod} > ${target} #.endfor #.endfor #.endfor and all the .pod documentation will be converted to manpages and installed. It is not done by default because the OpenSSL manpages spam copies of system manpages with openssl-specific utilities like passwd(1) Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 27 14:37:24 2000 Delivered-To: freebsd-security@freebsd.org Received: from silby.com (cb34181-c.mdsn1.wi.home.com [24.183.3.139]) by hub.freebsd.org (Postfix) with ESMTP id 28C4137B505 for ; Wed, 27 Sep 2000 14:37:01 -0700 (PDT) Received: (qmail 53459 invoked by uid 1000); 27 Sep 2000 21:38:11 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 27 Sep 2000 21:38:11 -0000 Date: Wed, 27 Sep 2000 16:38:11 -0500 (CDT) From: Mike Silbersack To: Kris Kennaway Cc: sigma@pair.com, freebsd-security@freebsd.org, green@Freebsd.org Subject: Re: Status of FreeBSD-SA-00:41.elf? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 27 Sep 2000, Kris Kennaway wrote: > The issue is that most FreeBSD developers do not have a 3.5 machine > available for testing - BSDi were supposed to be setting up one for us to > use but it has not yet come through. This makes it very hard to test > security fixes to the 3.5 branch so we don't break it by just committing > blindly (in fact, I think we should officially drop security support for > the 3.x branch because in practise it's not being supported for security > fixes). I believe the problem is still not fixed in 3.5-STABLE at this > time. One of the features of FreeBSD which I've found appealing in comparison to the linuxes I've seen is the relative ease of upgrade and assurance that your base system is secure after a simple buildworld/installworld. I think that losing this feature for any version more than three months old would be a serious blow to the confidence of FreeBSD users everywhere. I can't fault the developers for having personal boxes running 4+, I myself made the same move. However, I find it hard to believe that BSDi can't find the resources to setup a single 3.x box. After all, 3.5.1 is still being sold at freebsdmall.com, with the prominent "brought to you by BSDi" logo at the top of the page. Surely the proceeds from the CD sales will at least cover the cost of a tiny celeron/duron system. OTOH, if the lack of a box is really a metaphor for the security team being overworked, perhaps perusing a solution similar to how OpenSSH is developed is a good long-term strategy. After fully debugging and fixing a vulnerability in the current-stable release, a group of developers interested in maintaining older -stables can be given the same information/exploits/etc so that they can modify patches to fix their releases of interest. Perhaps pair or some other provider dependant on 3.x could setup a box and organize this kind of group. Undoubtedly, I'm oversimplifying the issues here. However, the likelyhood remains that if 3.x is abandoned, users may react by leaving FreeBSD rather than upgrading to 4.x. Getting this situation resolved is in everyone's best interests. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 27 14:40:39 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id D507B37B423; Wed, 27 Sep 2000 14:40:36 -0700 (PDT) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id OAA34839; Wed, 27 Sep 2000 14:40:36 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Wed, 27 Sep 2000 14:40:36 -0700 (PDT) From: Kris Kennaway To: Mike Silbersack Cc: sigma@pair.com, freebsd-security@freebsd.org, green@Freebsd.org Subject: Re: Status of FreeBSD-SA-00:41.elf? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 27 Sep 2000, Mike Silbersack wrote: > I can't fault the developers for having personal boxes running 4+, I > myself made the same move. However, I find it hard to believe that BSDi > can't find the resources to setup a single 3.x box. After all, 3.5.1 is > still being sold at freebsdmall.com, with the prominent "brought to you by > BSDi" logo at the top of the page. Surely the proceeds from the CD sales > will at least cover the cost of a tiny celeron/duron system. It's not lack of hardware, it's the fact that it hasnt been set up yet. The secondary problem is getting developers to merge their security fixes back to 3.x, but that one can be solved with the aid of a big stick. Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 27 14:42:42 2000 Delivered-To: freebsd-security@freebsd.org Received: from fyre.somcol.co.za (fyre.somcol.co.za [196.30.167.130]) by hub.freebsd.org (Postfix) with ESMTP id 6527437B422; Wed, 27 Sep 2000 14:42:31 -0700 (PDT) Received: from localhost (jus@localhost) by fyre.somcol.co.za (8.9.3/8.9.3) with ESMTP id XAA75415; Wed, 27 Sep 2000 23:41:59 +0200 (SAST) (envelope-from jus@security.za.net) X-Authentication-Warning: fyre.somcol.co.za: jus owned process doing -bs Date: Wed, 27 Sep 2000 23:41:58 +0200 (SAST) From: Justin Stanford X-Sender: jus@fyre.somcol.co.za To: Mike Silbersack Cc: Kris Kennaway , sigma@pair.com, freebsd-security@FreeBSD.org, green@FreeBSD.org Subject: Re: Status of FreeBSD-SA-00:41.elf? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Perhaps some kind soul with a little extra bandwidth and processing power/ram could offer to setup a jail'd machine on one of their arb boxes to run 3.x on for the developers? Mike's right, it is in the best interests of FreeBSD. Regards, jus On Wed, 27 Sep 2000, Mike Silbersack wrote: > > On Wed, 27 Sep 2000, Kris Kennaway wrote: > > > The issue is that most FreeBSD developers do not have a 3.5 machine > > available for testing - BSDi were supposed to be setting up one for us to > > use but it has not yet come through. This makes it very hard to test > > security fixes to the 3.5 branch so we don't break it by just committing > > blindly (in fact, I think we should officially drop security support for > > the 3.x branch because in practise it's not being supported for security > > fixes). I believe the problem is still not fixed in 3.5-STABLE at this > > time. > > One of the features of FreeBSD which I've found appealing in comparison to > the linuxes I've seen is the relative ease of upgrade and assurance that > your base system is secure after a simple buildworld/installworld. I > think that losing this feature for any version more than three months old > would be a serious blow to the confidence of FreeBSD users > everywhere. > > I can't fault the developers for having personal boxes running 4+, I > myself made the same move. However, I find it hard to believe that BSDi > can't find the resources to setup a single 3.x box. After all, 3.5.1 is > still being sold at freebsdmall.com, with the prominent "brought to you by > BSDi" logo at the top of the page. Surely the proceeds from the CD sales > will at least cover the cost of a tiny celeron/duron system. > > OTOH, if the lack of a box is really a metaphor for the security > team being overworked, perhaps perusing a solution similar to how OpenSSH > is developed is a good long-term strategy. After fully debugging and > fixing a vulnerability in the current-stable release, a group of > developers interested in maintaining older -stables can be given the same > information/exploits/etc so that they can modify patches to fix their > releases of interest. Perhaps pair or some other provider dependant on > 3.x could setup a box and organize this kind of group. > > Undoubtedly, I'm oversimplifying the issues here. However, the likelyhood > remains that if 3.x is abandoned, users may react by leaving FreeBSD > rather than upgrading to 4.x. Getting this situation resolved is in > everyone's best interests. > > Mike "Silby" Silbersack > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 27 14:43:44 2000 Delivered-To: freebsd-security@freebsd.org Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20]) by hub.freebsd.org (Postfix) with ESMTP id 764CC37B422; Wed, 27 Sep 2000 14:43:41 -0700 (PDT) Received: (from bright@localhost) by fw.wintelcom.net (8.10.0/8.10.0) id e8RLhde00562; Wed, 27 Sep 2000 14:43:39 -0700 (PDT) Date: Wed, 27 Sep 2000 14:43:39 -0700 From: Alfred Perlstein To: Mike Silbersack Cc: Kris Kennaway , sigma@pair.com, freebsd-security@FreeBSD.ORG, green@FreeBSD.ORG Subject: Re: Status of FreeBSD-SA-00:41.elf? Message-ID: <20000927144339.F9141@fw.wintelcom.net> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.4i In-Reply-To: ; from silby@silby.com on Wed, Sep 27, 2000 at 04:38:11PM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org * Mike Silbersack [000927 14:38] wrote: > > On Wed, 27 Sep 2000, Kris Kennaway wrote: > > > The issue is that most FreeBSD developers do not have a 3.5 machine > > available for testing - BSDi were supposed to be setting up one for us to > > use but it has not yet come through. This makes it very hard to test > > security fixes to the 3.5 branch so we don't break it by just committing > > blindly (in fact, I think we should officially drop security support for > > the 3.x branch because in practise it's not being supported for security > > fixes). I believe the problem is still not fixed in 3.5-STABLE at this > > time. > > One of the features of FreeBSD which I've found appealing in comparison to > the linuxes I've seen is the relative ease of upgrade and assurance that > your base system is secure after a simple buildworld/installworld. I > think that losing this feature for any version more than three months old > would be a serious blow to the confidence of FreeBSD users > everywhere. > [snip] Before everyone goes off the deep end: http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libc/net/res_send.c Revision 1.25.2.2 / (download) - annotate - [select for diffs] , Sat Sep 23 22:48:45 2000 UTC (3 days, 22 hours ago) by alfred People are working on 3.x, just because a single developer doesn't have the reasources at the moment to address a problem doesn't mean we aren't addressing the issues. -- -Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org] "I have the heart of a child; I keep it in a jar on my desk." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 27 17: 1: 5 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 3114937B423; Wed, 27 Sep 2000 17:01:03 -0700 (PDT) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id RAA05244; Wed, 27 Sep 2000 17:01:03 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Wed, 27 Sep 2000 17:01:02 -0700 (PDT) From: Kris Kennaway To: Sam wun Cc: "'freebsd-security@freebsd.org'" Subject: Re: What happened if the pre-share key got cacked? In-Reply-To: <39D1B8E8.B5B070FB@eSec.com.au> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 27 Sep 2000, Sam wun wrote: > I am a bit concernt about hte pre-share key that using by the IPsec couple of > client and the server machines. > What if this key got stolent somehow? what will be the consequence? > I am using IPSec in FreeBSD. The pre-share key is used by racoon. The psk.txt > is protected by 600 permission. But what if my root account got cracked? > anyone whom posesses my root account will be able to see the content of the > psk.txt file? They can do a hell of a lot more than that if they get root. Thats why it's important to make sure attackers can't get root on your boxes, and to choose a cryptographically strong pre-shared key (i.e. n bits of output from /dev/random :-) Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 27 17:50:48 2000 Delivered-To: freebsd-security@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id B030B37B424; Wed, 27 Sep 2000 17:48:35 -0700 (PDT) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory: FreeBSD-SA-00:53.catopen Reply-To: security-advisories@freebsd.org Message-Id: <20000928004835.B030B37B424@hub.freebsd.org> Date: Wed, 27 Sep 2000 17:48:35 -0700 (PDT) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:53 Security Advisory FreeBSD, Inc. Topic: catopen() may pose security risk for third party code Category: core Module: libc Announced: 2000-09-27 Affects: FreeBSD 5.0-CURRENT, 4.x and 3.x prior to the correction date. Corrected: Problem 1: 2000-08-06 (FreeBSD 5.0-CURRENT) 2000-08-22 (FreeBSD 4.1-STABLE) 2000-09-07 (FreeBSD 3.5-STABLE) Problem 2: 2000-09-08 (FreeBSD 5.0-CURRENT, 4.1-STABLE and 3.5-STABLE) Credits: Problem 1: Discovered during internal auditing Problem 2: Ivan Arce FreeBSD only: NO I. Background catopen() and setlocale() are functions which are used to display text in a localized format, e.g. for international users. II. Problem Description There are two problems addressed in this advisory: 1) The catopen() function did not correctly bounds-check an internal buffer which could be indirectly overflowed by the setting of an environment variable. A privileged application which uses catopen() could be made to execute arbitrary code by an unprivileged local user. 2) The catopen() and setlocale() functions could be made to use an arbitrary file as the source for localized data and message catalogs, instead of one of the system files. An attacker could create a file which is a valid locale file or message catalog but which contains special formatting characters which may allow certain badly written privileged applications to be exploited and execute arbitrary code as the privileged user. This second vulnerability is slightly different from the problem originally discovered by Ivan Arce of Core-SDI which affects multiple UNIX operating systems, which involved a different environment variable and which FreeBSD is not susceptible to. However Vulnerability 2 was discovered in FreeBSD after the publication the Core-SDI advisory, and has the same effect on vulnerable applications. NOTE that the FreeBSD base system is not believed to be vulnerable to either of these problems, nor are any vulnerable third party programs (including FreeBSD ports) currently known. Therefore the impact on the majority of FreeBSD systems is expected to be nonexistent. III. Impact Certain setuid/setgid third-party software (including FreeBSD ports/packages) may be vulnerable to a local exploit yielding privileged access. No such software is however currently known. It is believed that no program in the FreeBSD base system is vulnerable to these bugs. The problems were corrected prior to the release of FreeBSD 4.1.1. IV. Workaround Vulnerability 1 described above is the more serious of the two, since it does not require the application to contain a coding flaw in order to exploit it. A scanning utility is provided to detect privileged binaries which use the catopen() function (both statically and dynamically linked binaries), which should be either rebuilt, or have their privileges limited to minimize potential risk. It is not feasible to detect binaries which are vulnerable to the second vulnerability, however the provided utility will also report statically linked binaries which use the setlocale() functions and which *may* potentially be vulnerable. Most of the binaries reported will not in fact be vulnerable, but should be recompiled anyway for maximum assurance of security. Note that some FreeBSD system binaries may be reported as possibly vulnerable by this script, however this is not the case. Statically linked binaries which are identified as vulnerable or potentially vulnerable should be recompiled from source code after patching and recompiling libc, if possible, in order to correct the vulnerability. Dynamically linked binaries will be corrected by simply patching and recompiling libc as described below. As an interim measure, consider removing any identified setuid or setgid binary, removing set[ug]id privileges from the file, or limiting the file access permissions, as appropriate. Of course, it is possible that some of the identified files may be required for the correct operation of your local system, in which case there is no clear workaround except for limiting the set of users who may run the binaries, by an appropriate use of user groups and removing the "o+x" file permission bit. 1) Download the 'scan_locale.sh' and 'test_locale.sh' scripts from ftp://ftp.freebsd.org/pub/FreeBSD/CERT/tools/SA-00:53/scan_locale.sh ftp://ftp.freebsd.org/pub/FreeBSD/CERT/tools/SA-00:53/test_locale.sh e.g. with the fetch(1) command: # fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/tools/SA-00:53/scan_locale.sh Receiving scan_locale.sh (337 bytes): 100% 337 bytes transferred in 0.0 seconds (1.05 MBps) # fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/tools/SA-00:53/test_locale.sh Receiving test_locale.sh (889 bytes): 100% 889 bytes transferred in 0.0 seconds (1.34 MBps) 2) Verify the md5 checksums and compare to the value below: # /sbin/md5 scan_locale.sh MD5 (scan_locale.sh) = efea80f74b05e7ddbc0261ef5211e453 # /sbin/md5 test_locale.sh MD5 (test_locale.sh) = 2a485bf8171cc984dbc58b4d545668b4 3) Run the scan_locale.sh script against your system: # sh scan_locale.sh ./test_locale.sh / This will scan your entire system for setuid or setgid binaries which make use of the exploitable function catopen(), or the potentially exploitable function setlocale(). Each returned binary should be examined (e.g. with 'ls -l' and/or other tools) to determine what security risk it poses to your local environment, e.g. whether it can be run by arbitrary local users who may be able to exploit it to gain privileges. Note that this script reports setlocale() usage (i.e. vulnerability 2) only in statically linked binaries, not dynamically linked binaries, because of the high rate of false positives. It is likely that the majority of such setlocale() binaries identified are not insecure and their identification by this script should not be taken as evidence that they are vulnerable, but they should be recompiled anyway for maximum assurance of security. 4) Remove the binaries, or reduce their file permissions, as appropriate. V. Solution Upgrade your vulnerable FreeBSD system to 4.1-STABLE or 3.5-STABLE after the correction date, or patch your present system source code and rebuild. Then run the scan_locale.sh script as instructed in section IV and identify any statically-linked binaries as reported by the script. These should either be removed, recompiled, or have privileges restricted to secure them against this vulnerability (since statically-linked binaries will not be affected by simply recompiling the shared libc library). To patch your present system: save the patch below into a file, and execute the following commands as root: cd /usr/src/lib/libc patch < /path/to/patch/file make all make install Patches for FreeBSD systems before the correction date: Index: msgcat.c =================================================================== RCS file: /usr2/ncvs//src/lib/libc/nls/msgcat.c,v retrieving revision 1.21 retrieving revision 1.27 diff -u -r1.21 -r1.27 --- nls/msgcat.c 2000/01/27 23:06:33 1.21 +++ nls/msgcat.c 2000/09/01 11:56:31 1.27 @@ -91,8 +91,9 @@ __const char *catpath = NULL; char *nlspath; char *lang; - long len; char *base, *cptr, *pathP; + int spcleft; + long len; struct stat sbuf; if (!name || !*name) { @@ -106,10 +107,10 @@ } else { if (type == NL_CAT_LOCALE) lang = setlocale(LC_MESSAGES, NULL); - else { - if ((lang = (char *) getenv("LANG")) == NULL) - lang = "C"; - } + else + lang = getenv("LANG"); + if (lang == NULL || strchr(lang, '/') != NULL) + lang = "C"; if ((nlspath = (char *) getenv("NLSPATH")) == NULL #ifndef __NETBSD_SYSCALLS || issetugid() @@ -129,13 +130,22 @@ *cptr = '\0'; for (pathP = path; *nlspath; ++nlspath) { if (*nlspath == '%') { + spcleft = sizeof(path) - (pathP - path); if (*(nlspath + 1) == 'L') { ++nlspath; - strcpy(pathP, lang); + if (strlcpy(pathP, lang, spcleft) >= spcleft) { + free(base); + errno = ENAMETOOLONG; + return(NLERR); + } pathP += strlen(lang); } else if (*(nlspath + 1) == 'N') { ++nlspath; - strcpy(pathP, name); + if (strlcpy(pathP, name, spcleft) >= spcleft) { + free(base); + errno = ENAMETOOLONG; + return(NLERR); + } pathP += strlen(name); } else *(pathP++) = *nlspath; } else *(pathP++) = *nlspath; @@ -186,7 +196,7 @@ MCSetT *set; long lo, hi, cur, dir; - if (!cat || setId <= 0) return(NULL); + if (cat == NULL || setId <= 0) return(NULL); lo = 0; if (setId - 1 < cat->numSets) { @@ -212,8 +222,8 @@ if (hi - lo == 1) cur += dir; else cur += ((hi - lo) / 2) * dir; } - if (set->invalid) - (void) loadSet(cat, set); + if (set->invalid && loadSet(cat, set) <= 0) + return(NULL); return(set); } @@ -225,7 +235,7 @@ MCMsgT *msg; long lo, hi, cur, dir; - if (!set || set->invalid || msgId <= 0) return(NULL); + if (set == NULL || set->invalid || msgId <= 0) return(NULL); lo = 0; if (msgId - 1 < set->numMsgs) { @@ -318,7 +328,7 @@ off_t nextSet; cat = (MCCatT *) malloc(sizeof(MCCatT)); - if (!cat) return(NLERR); + if (cat == NULL) return(NLERR); cat->loadType = MCLoadBySet; if ((cat->fd = _open(catpath, O_RDONLY)) < 0) { @@ -351,7 +361,7 @@ cat->numSets = header.numSets; cat->sets = (MCSetT *) malloc(sizeof(MCSetT) * header.numSets); - if (!cat->sets) NOSPACE(); + if (cat->sets == NULL) NOSPACE(); nextSet = header.firstSet; for (i = 0; i < cat->numSets; ++i) { Index: setlocale.c =================================================================== RCS file: /home/ncvs/src/lib/libc/locale/setlocale.c,v retrieving revision 1.27 retrieving revision 1.28 diff -u -r1.27 -r1.28 --- locale/setlocale.c 2000/09/04 03:43:24 1.27 +++ locale/setlocale.c 2000/09/08 07:29:48 1.28 @@ -129,7 +129,7 @@ if (!env || !*env) env = getenv("LANG"); - if (!env || !*env) + if (!env || !*env || strchr(env, '/')) env = "C"; (void) strncpy(new_categories[category], env, ENCODING_LEN); -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBOdKTo1UuHi5z0oilAQH9QwQAhEdiXOU7A/hZpMBKU5bWz6alLqr7o4wp YcypPTnSoMQ2OkFlmuX9sdcgRfwl3gZ1z3QfjhE/eXG7rYSerEyxqcBqgQOBbCUH vURxPEIRqV90DMMZAp62viA1X1Vyx/Ie2WXG/r5Wck1/Zu6BSxsUo3yiWD4gFoVb L1f0kBgl2/A= =YtCH -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 27 20:35: 0 2000 Delivered-To: freebsd-security@freebsd.org Received: from homer.softweyr.com (bsdconspiracy.net [208.187.122.220]) by hub.freebsd.org (Postfix) with ESMTP id AF83D37B423 for ; Wed, 27 Sep 2000 20:34:48 -0700 (PDT) Received: from localhost ([127.0.0.1] helo=softweyr.com ident=Fools trust ident!) by homer.softweyr.com with esmtp (Exim 3.16 #1) id 13eUce-0000Os-00; Wed, 27 Sep 2000 21:44:36 -0600 Message-ID: <39D2BEA4.A9FD13BD@softweyr.com> Date: Wed, 27 Sep 2000 21:44:36 -0600 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.75 [en] (X11; U; FreeBSD 4.1-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: Brett Glass Cc: Drew Derbyshire , freebsd-security@FreeBSD.ORG Subject: Re: sysinstall DOESN'T ASK, dangerous defaults! References: <39CB4C42.1A59669C@kew.com> <4.3.2.7.2.20000923222349.04919900@localhost> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Brett Glass wrote: > > At 01:13 AM 9/23/2000, Wes Peters wrote: > > >Drew Derbyshire wrote: > > > > > > > *Wes Peters* wrote: > > > > Brett, did it ever occur to you THESE ARE THE DEFAULTS because MOST > > > > PEOPLE WANT THEM THAT WAY? > > > > > > Did you take a survey? > > > >Yes. The lack of complaints from anybody other than Brett Glass constitutes > >our unofficial, non-scientific survey. > > You forget: I wasn't the one who started this thread. I merely indicated > my agreement. So now you're a majority of two? > > > Most people also want a secure system. Don't even get me started about > > > rlogin/rsh being on by default in /etc/inetd.conf. > > > >Most people wouldn't know a secure system if it bit them in the nose. > > It's sad how many arguments for NOT improving FreeBSD are based on > what I can only call hacker elitism. Of COURSE a super-experienced > hacker can deal with a user-hostile install, secure the system > manually, etc. given lots of time and knowledge. So? Of COURSE an super-experienced hacker can determine why ftp, telnet, and mail don't work out of the box and fix these user-hostile mistakes. It's sad how many arguments for NOT improving the usability of FreeBSD are based on paranoid security elitism. > > > IMHO, many people wouldn't know NFS if it bit them in the nose. > > > >Funny, every place I've worked for the past 15 years has used NFS quite > >extensively. Oh, but then, I've been working in UNIX shops for quite > >some time. > > I have worked with UNIX since 1977, and rarely use NFS. At least in > part because it stands for "No File Security...." OK, I have NFS on both my workstations here. Have at it. Let me know when you've hacked them via NFS, OK? At work, we use NFS to share the CVS repository among all the workstations and the "build box". Feel free to break into that, too. But uh-oh! Both are protected by a firewall! You (as usual) cut the best part out of what was mis-quoted above: put up or shut up. Everyone here would welcome an OPTION in the installation to install in "hyper secure full-blown Brett Glass paranoia mode" where sshd is the only network service run on the box and every other port is firewalled to hell, but only as an OPTION. And you, of course, just cut that part right out and didn't bother answering it, did you Brett? Is it because you just know better than everyone else on the face of the planet, or just because you can't or won't do the work? In either case, put up or shut up. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 27 20:54:11 2000 Delivered-To: freebsd-security@freebsd.org Received: from iclub.nsu.ru (iclub.nsu.ru [193.124.222.66]) by hub.freebsd.org (Postfix) with ESMTP id 27B6D37B42C for ; Wed, 27 Sep 2000 20:54:06 -0700 (PDT) Received: from localhost (fjoe@localhost) by iclub.nsu.ru (8.9.3/8.9.3) with ESMTP id KAA30855; Thu, 28 Sep 2000 10:53:29 +0700 (NSS) (envelope-from fjoe@iclub.nsu.ru) Date: Thu, 28 Sep 2000 10:53:29 +0700 (NSS) From: Max Khon To: "Jacques A. Vidrine" Cc: freebsd-security@FreeBSD.ORG Subject: Re: LDAP and user authentication revisited... In-Reply-To: <20000927070138.B36155@hamlet.nectar.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org hi, there! On Wed, 27 Sep 2000, Jacques A. Vidrine wrote: > > http://www.padl.com/ > > they also have NSS LDAP modules. > > I expect to commit support for dynamic loading to nsswitch to -CURRENT > in the near future. I have also ported padl.com's nss_ldap. I will > put it in the Ports Collection. that's great! keep up good work! /fjoe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 27 20:54:44 2000 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [12.23.109.2]) by hub.freebsd.org (Postfix) with ESMTP id 6C99537B424 for ; Wed, 27 Sep 2000 20:54:35 -0700 (PDT) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id VAA15387; Wed, 27 Sep 2000 21:54:06 -0600 (MDT) Message-Id: <4.3.2.7.2.20000927214450.04c02ec0@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Wed, 27 Sep 2000 21:48:32 -0600 To: Wes Peters From: Brett Glass Subject: Re: sysinstall DOESN'T ASK, dangerous defaults! Cc: Drew Derbyshire , freebsd-security@FreeBSD.ORG In-Reply-To: <39D2BEA4.A9FD13BD@softweyr.com> References: <39CB4C42.1A59669C@kew.com> <4.3.2.7.2.20000923222349.04919900@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 09:44 PM 9/27/2000, Wes Peters wrote: >> You forget: I wasn't the one who started this thread. I merely indicated >> my agreement. > >So now you're a majority of two? No; it seems more as if YOU are a minority of one. Unless I've managed to miss one, every other participant in this thread besides you has suggested some change to the default configuration. >Of COURSE an super-experienced hacker can determine why ftp, telnet, and >mail don't work out of the box and fix these user-hostile mistakes. If you think that people don't want things to work out of the box, you have not been listening. If you stopped hurling invectives and listened to what people were saying, we could have a reasonable conversation. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 27 21:57:48 2000 Delivered-To: freebsd-security@freebsd.org Received: from dsl-64-193-123-121.telocity.com (dsl-64-193-123-121.telocity.com [64.193.123.121]) by hub.freebsd.org (Postfix) with ESMTP id D344937B42C for ; Wed, 27 Sep 2000 21:57:37 -0700 (PDT) Received: from localhost (root@localhost) by dsl-64-193-123-121.telocity.com (8.11.0/8.11.0) with ESMTP id e8S4wVg84100 for ; Wed, 27 Sep 2000 23:58:31 -0500 (CDT) (envelope-from root@snoopie.yi.org) Date: Wed, 27 Sep 2000 23:58:31 -0500 (CDT) From: Charlie ROOT X-Sender: root@localhost To: freebsd-security@freebsd.org Subject: sftp Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org sftp in base.. ;-) Can we steal this? http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/Makefile To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 27 22: 2:15 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 362EA37B422; Wed, 27 Sep 2000 22:02:12 -0700 (PDT) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id WAA52313; Wed, 27 Sep 2000 22:02:12 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Wed, 27 Sep 2000 22:02:11 -0700 (PDT) From: Kris Kennaway To: Charlie ROOT Cc: freebsd-security@freebsd.org Subject: Re: sftp In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 27 Sep 2000, Charlie ROOT wrote: > sftp in base.. ;-) Can we steal this? > > http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/Makefile http://www.FreeBSD.org/cgi/cvsweb.cgi/src/crypto/openssh/sftp-server/Makefile Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 27 22:58:46 2000 Delivered-To: freebsd-security@freebsd.org Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82]) by hub.freebsd.org (Postfix) with ESMTP id E814237B424 for ; Wed, 27 Sep 2000 22:58:42 -0700 (PDT) Received: from 149.211.6.64.reflexcom.com ([64.6.211.149]) by mailhost01.reflexnet.net with Microsoft SMTPSVC(5.5.1877.197.19); Wed, 27 Sep 2000 22:57:28 -0700 Received: (from cjc@localhost) by 149.211.6.64.reflexcom.com (8.11.0/8.11.0) id e8S5wXg95111; Wed, 27 Sep 2000 22:58:33 -0700 (PDT) (envelope-from cjc) Date: Wed, 27 Sep 2000 22:58:32 -0700 From: "Crist J . Clark" To: John F Cuzzola Cc: freebsd-security@FreeBSD.ORG Subject: Re: ipfw + natd + Novell Message-ID: <20000927225832.E81242@149.211.6.64.reflexcom.com> Reply-To: cjclark@alum.mit.edu References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: ; from vdrifter@ocis.ocis.net on Tue, Sep 26, 2000 at 08:52:08PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, Sep 26, 2000 at 08:52:08PM -0700, John F Cuzzola wrote: > Hello everyone, > I have a Novell Server that has been moved from a public ip to a private > one (192.168.0.6). The 192.168.0.xxx segment gets internet access through > a FreeBSD box using ipfw/natd. The Novell server needs to be accessable > from the internet from source addresses 142.42.22.xxx. So I tried to set > up a NAT for it as follows: > > natd -p 7500 -redirect_address 192.168.0.6 0.0.0.0 -a 207.24.168.5 > > ipfw add 10 divert 7500 ip from 142.42.22.0/24 to 207.24.168.5 > ipfw add 20 divert 7500 ip from 207.24.168.5 to 142.42.22.0/24 > > So 142.42.22.0/24 should be able to get to the novell server using > 207.24.168.5 as its ip. Using the Windows Client they can connect and see > the NDS tree but when they try to log in the connection times-out. I know > there are some programs that wont work through NAT (like the ones that > insist on reporting back the private ip address). I was wondering if > anyone has had experience logging into a Novell Server with NAT. Can it > be done? I might be missing it, but I don't see how traffic returning from 192.168.0.6 is ever NATed back to look like the source is 207.24.168.5 from the client's perspective. That is, that first rule catches packets like, 142.42.22.a:2040 -> 207.24.168.5:427 And they get translated to something like, 142.42.22.a:2040 -> 192.168.0.6:427 But then, I don't see where the responses, 192.168.0.6:427 -> 142.42.22.a:2040 Ever go through NAT again. Shouldn't the second rule be, s/207.24.168.5/192.168.0.6/ ? -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 27 23: 4:50 2000 Delivered-To: freebsd-security@freebsd.org Received: from ocis.ocis.net (ocis.ocis.net [209.52.173.1]) by hub.freebsd.org (Postfix) with ESMTP id 42B0C37B422 for ; Wed, 27 Sep 2000 23:04:39 -0700 (PDT) Received: from localhost (vdrifter@localhost) by ocis.ocis.net (8.9.3/8.9.3) with ESMTP id XAA00351; Wed, 27 Sep 2000 23:04:33 -0700 Date: Wed, 27 Sep 2000 23:04:33 -0700 (PDT) From: John F Cuzzola To: cjclark@alum.mit.edu Cc: freebsd-security@FreeBSD.ORG Subject: Re: ipfw + natd + Novell In-Reply-To: <20000927225832.E81242@149.211.6.64.reflexcom.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org *** Oops, sorry that was a typo: it should have read: ipfw add 20 divert 7500 ip from 192.168.0.6 to 142.42.22.0/24 Anyways I found my answer in Novell's Knowledge base ... Apparently a NAT Firewall is currently not supported but they have a workaround :) On Wed, 27 Sep 2000, Crist J . Clark wrote: > On Tue, Sep 26, 2000 at 08:52:08PM -0700, John F Cuzzola wrote: > > Hello everyone, > > I have a Novell Server that has been moved from a public ip to a private > > one (192.168.0.6). The 192.168.0.xxx segment gets internet access through > > a FreeBSD box using ipfw/natd. The Novell server needs to be accessable > > from the internet from source addresses 142.42.22.xxx. So I tried to set > > up a NAT for it as follows: > > > > natd -p 7500 -redirect_address 192.168.0.6 0.0.0.0 -a 207.24.168.5 > > > > ipfw add 10 divert 7500 ip from 142.42.22.0/24 to 207.24.168.5 > > ipfw add 20 divert 7500 ip from 207.24.168.5 to 142.42.22.0/24 > > > > So 142.42.22.0/24 should be able to get to the novell server using > > 207.24.168.5 as its ip. Using the Windows Client they can connect and see > > the NDS tree but when they try to log in the connection times-out. I know > > there are some programs that wont work through NAT (like the ones that > > insist on reporting back the private ip address). I was wondering if > > anyone has had experience logging into a Novell Server with NAT. Can it > > be done? > > I might be missing it, but I don't see how traffic returning from > 192.168.0.6 is ever NATed back to look like the source is 207.24.168.5 > from the client's perspective. That is, that first rule catches > packets like, > > 142.42.22.a:2040 -> 207.24.168.5:427 > > And they get translated to something like, > > 142.42.22.a:2040 -> 192.168.0.6:427 > > But then, I don't see where the responses, > > 192.168.0.6:427 -> 142.42.22.a:2040 > > Ever go through NAT again. Shouldn't the second rule be, > > s/207.24.168.5/192.168.0.6/ > > ? > -- > Crist J. Clark cjclark@alum.mit.edu > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Sep 28 0:51:51 2000 Delivered-To: freebsd-security@freebsd.org Received: from oskar.nanoteq.co.za (oskar.nanoteq.co.za [196.37.91.66]) by hub.freebsd.org (Postfix) with ESMTP id 8012B37B424; Thu, 28 Sep 2000 00:51:14 -0700 (PDT) Received: from jarrow.dev.nanoteq.co.za (jarrow [196.37.91.33]) by oskar.nanoteq.co.za (8.9.3/8.9.0) with ESMTP id JAA20514; Thu, 28 Sep 2000 09:52:47 +0200 (SAT) Message-ID: X-Mailer: XFMail 1.4.0 on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <20000927144339.F9141@fw.wintelcom.net> Date: Thu, 28 Sep 2000 09:48:54 +0200 (SAST) Reply-To: rbezuide@oskar.nanoteq.co.za From: Reinier Bezuidenhout To: Alfred Perlstein Subject: Re: Status of FreeBSD-SA-00:41.elf? Cc: green@FreeBSD.ORG, freebsd-security@FreeBSD.ORG, sigma@pair.com, Kris Kennaway , Mike Silbersack Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi ... Unfortunately I cannot setup a jailed machine for people out there .. but if anyone can provide such malformed elf binaries, I'll test it on some machines here ... run it for a few days and report back ... I'll get the patches etc from the advisories ... check to see if they fit into 3.5-stable apply them and test them. So ... bottom line ... anyone got such malformed binaries ?? Reinier On 27-Sep-00 Alfred Perlstein wrote: > * Mike Silbersack [000927 14:38] wrote: >> >> On Wed, 27 Sep 2000, Kris Kennaway wrote: >> >> > The issue is that most FreeBSD developers do not have a 3.5 machine >> > available for testing - BSDi were supposed to be setting up one for us to >> > use but it has not yet come through. This makes it very hard to test >> > security fixes to the 3.5 branch so we don't break it by just committing >> > blindly (in fact, I think we should officially drop security support for >> > the 3.x branch because in practise it's not being supported for security >> > fixes). I believe the problem is still not fixed in 3.5-STABLE at this >> > time. >> >> One of the features of FreeBSD which I've found appealing in comparison to >> the linuxes I've seen is the relative ease of upgrade and assurance that >> your base system is secure after a simple buildworld/installworld. I >> think that losing this feature for any version more than three months old >> would be a serious blow to the confidence of FreeBSD users >> everywhere. >> > [snip] > > Before everyone goes off the deep end: > > http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libc/net/res_send.c > > Revision 1.25.2.2 / (download) - annotate - [select for diffs] , Sat Sep 23 > 22:48:45 2000 UTC (3 days, 22 hours ago) by alfred > > People are working on 3.x, just because a single developer doesn't > have the reasources at the moment to address a problem doesn't mean > we aren't addressing the issues. > > -- > -Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org] > "I have the heart of a child; I keep it in a jar on my desk." > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message ################################################################### # # # R.N. Bezuidenhout NetSeq Firewall # # rbezuide@oskar.nanoteq.co.za http://www.nanoteq.co.za # # # ################################################################### ---------------------------------- Date: 28-Sep-00 Time: 09:43:40 This message was sent by XFMail ---------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Sep 28 6:47:12 2000 Delivered-To: freebsd-security@freebsd.org Received: from mirage.nlink.com.br (mirage.nlink.com.br [200.249.195.3]) by hub.freebsd.org (Postfix) with SMTP id 5BD8F37B422 for ; Thu, 28 Sep 2000 06:47:07 -0700 (PDT) Received: (qmail 1447 invoked by uid 501); 28 Sep 2000 13:46:55 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 28 Sep 2000 13:46:55 -0000 Date: Thu, 28 Sep 2000 10:46:55 -0300 (EST) From: Paulo Fragoso To: freebsd-security@freebsd.org Subject: Jail + PostgreSQL Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, We've got two jails's in same FreeBSD box. Sendmail, httpd, sshd are running fine but postgresql fails on startup in two jails (jails environment): pg_ctl: It seems another postmaster is running. Try to start postmaster anyway. pg_ctl: Cannot start postmaster. Is another postmaster is running? IpcSemaphoreCreate: semget failed (No space left on device) key=5432015, num=16, permission=600 This type of error is usually caused by an improper shared memory or System V IPC semaphore configuration. For more information, see the FAQ and platform-specific FAQ's in the source directory pgsql/doc or on our web site at http://www.postgresql.org. FATAL 1: InitProcGlobal: IpcSemaphoreCreate failed If we kill all postgres in all jails and we start postgresql manually on frist jail after this we start postgresql on second jail all work fine. Are there any problem with shared memory using jail? Is this a security problem? Many thanks, Paulo. -- __O _-\<,_ Why drive when you can bike? (_)/ (_) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Sep 28 7:46: 2 2000 Delivered-To: freebsd-security@freebsd.org Received: from public.bta.net.cn (public.bta.net.cn [202.96.0.97]) by hub.freebsd.org (Postfix) with SMTP id C608037B43C for ; Thu, 28 Sep 2000 07:45:53 -0700 (PDT) Received: from netrinsics.com([202.106.13.229]) by public.bta.net.cn(JetMail 2.5.3.0) with SMTP id jm839d3cac6; Thu, 28 Sep 2000 14:45:47 -0000 Received: (from robinson@localhost) by netrinsics.com (8.11.0/8.9.3) id e8SEl7805639 for freebsd-security@freebsd.org; Thu, 28 Sep 2000 22:47:07 +0800 (+0800) (envelope-from robinson) Date: Thu, 28 Sep 2000 22:47:07 +0800 (+0800) From: Michael Robinson Message-Id: <200009281447.e8SEl7805639@netrinsics.com> To: freebsd-security@freebsd.org Subject: Dialup IPSEC Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Pipsecd supports dialup users by providing IP wildcards for security associations. This is very convenient. Racoon, on the other hand (according to the port description): "Design choice, not a bug: - racoon negotiate IPsec keys only. It does not negotiate policy. Policy must be configured into the kernel separately from racoon. If you want to support roaming clients, you may need to have a mechanism to put policy for the roaming client after phase 1 finhises." Does anyone have a working dialup solution for the KAME kernel IPSEC implementation? -Michael Robinson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Sep 28 8: 7:17 2000 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 79FC037B422 for ; Thu, 28 Sep 2000 08:07:05 -0700 (PDT) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id LAA07564; Thu, 28 Sep 2000 11:06:37 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Thu, 28 Sep 2000 11:06:37 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: Paulo Fragoso Cc: freebsd-security@freebsd.org Subject: Re: Jail + PostgreSQL In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 28 Sep 2000, Paulo Fragoso wrote: > If we kill all postgres in all jails and we start postgresql manually on > frist jail after this we start postgresql on second jail all work fine. I wasn't clear from your description as to the configuration. I generally thing of jails in the following kind of diagram: +------------------------------------------+ | The host environment | | | | +-------+ +-------+ | | | Jail1 | | Jail2 | | | +-------+ +-------+ | +------------------------------------------+ This is intended to reflect that while jail's are logically partitioned, they're all subsets of the host environment, and that therefore there can be interactions between the host and jail environments. For example, the reason the jail(8) man page recommends not running inetd/sendmail/sshd/etc in the host environment without configuration modifications is the following: a daemon that binds INADDR_ANY in a jail is limited to that jail's IP address, whereas a daemon in the host environment will listen on any IP not specifically bound by an application (i.e., one in a jail). this means that sendmail will listen on jail IPs if those jails are not running sendmail -- undesirable :-). So my questions below are pointed at determining if this is a host interaction like that, or if it is an inter-jail interaction. In which locations in this diagram are you running postgresql? It sounded like a pgsql in Jail1, and a pgsql in Jail2, but was there also one in the host environment? > Are there any problem with shared memory using jail? Is this a security > problem? It may be, and I don't know because I didn't write this code, that all jails share the same SysV SHM namespace. If that is the case, it needs to be fixed, and could be a security problem if you run applications using SysV SHM between jails. However, it could also be a host vs. jail issue, if you are starting a pgsql in the host environment, which might interfere with the ones in jail. You note that re-running them in the jails makes them start fine -- is this an indication that you had one in the host environment? A concise timeline concerning the starting, stopping, and errors, as well as jail starting events, would be useful. I admit to having never tried to run postgresql in a jail, but it seems like a useful thing to do :-). Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Sep 28 8:12:45 2000 Delivered-To: freebsd-security@freebsd.org Received: from critter.freebsd.dk (wandering-wizard.cybercity.dk [212.242.44.236]) by hub.freebsd.org (Postfix) with ESMTP id 9276D37B424; Thu, 28 Sep 2000 08:12:42 -0700 (PDT) Received: from critter (localhost [127.0.0.1]) by critter.freebsd.dk (8.11.0/8.9.3) with ESMTP id e8SFCeN02295; Thu, 28 Sep 2000 17:12:40 +0200 (CEST) (envelope-from phk@critter.freebsd.dk) To: Robert Watson Cc: Paulo Fragoso , freebsd-security@FreeBSD.ORG Subject: Re: Jail + PostgreSQL In-Reply-To: Your message of "Thu, 28 Sep 2000 11:06:37 EDT." Date: Thu, 28 Sep 2000 17:12:40 +0200 Message-ID: <2293.970153960@critter> From: Poul-Henning Kamp Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org SYSV IPC is not jail-ified... -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD coreteam member | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Sep 28 8:13:41 2000 Delivered-To: freebsd-security@freebsd.org Received: from adetel.net (mercurio.adetel.net.mx [148.245.223.225]) by hub.freebsd.org (Postfix) with ESMTP id 40E1E37B42C for ; Thu, 28 Sep 2000 08:13:29 -0700 (PDT) Received: from sabrina (adetel242-6.adetel.net [200.56.242.6]) by adetel.net (8.9.2/8.9.2) with SMTP id KAA47383 for ; Thu, 28 Sep 2000 10:13:17 -0500 (CDT) (envelope-from alcachofo@demv.net) Message-ID: <003301c0295e$bc1a9fe0$06f238c8@sabrina> Reply-To: "Alcachofo Demv" From: "Alcachofo Demv" To: Subject: Date: Thu, 28 Sep 2000 10:14:01 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3110.1 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org suscribe freebsd-security To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Sep 28 8:20:14 2000 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 4A5E737B443 for ; Thu, 28 Sep 2000 08:19:50 -0700 (PDT) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id LAA07689; Thu, 28 Sep 2000 11:17:40 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Thu, 28 Sep 2000 11:17:40 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: Poul-Henning Kamp Cc: Paulo Fragoso , freebsd-security@FreeBSD.ORG Subject: Re: Jail + PostgreSQL In-Reply-To: <2293.970153960@critter> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I'll take a look at that this afternoon and see if the fix is relatively straight-forward, unless you plan to get to it first. Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services On Thu, 28 Sep 2000, Poul-Henning Kamp wrote: > > SYSV IPC is not jail-ified... > > -- > Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 > phk@FreeBSD.ORG | TCP/IP since RFC 956 > FreeBSD coreteam member | BSD since 4.3-tahoe > Never attribute to malice what can adequately be explained by incompetence. > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Sep 28 9:17:15 2000 Delivered-To: freebsd-security@freebsd.org Received: from jade.chc-chimes.com (jade.chc-chimes.com [216.28.46.6]) by hub.freebsd.org (Postfix) with ESMTP id 03AE537B424 for ; Thu, 28 Sep 2000 09:17:13 -0700 (PDT) Received: by jade.chc-chimes.com (Postfix, from userid 1001) id 82C171C5C; Thu, 28 Sep 2000 12:17:12 -0400 (EDT) Date: Thu, 28 Sep 2000 12:17:12 -0400 From: Bill Fumerola To: Brett Glass Cc: Wes Peters , Drew Derbyshire , freebsd-security@FreeBSD.ORG Subject: Re: sysinstall DOESN'T ASK, dangerous defaults! Message-ID: <20000928121712.A38472@jade.chc-chimes.com> References: <39CB4C42.1A59669C@kew.com> <4.3.2.7.2.20000923222349.04919900@localhost> <39D2BEA4.A9FD13BD@softweyr.com> <4.3.2.7.2.20000927214450.04c02ec0@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <4.3.2.7.2.20000927214450.04c02ec0@localhost>; from brett@lariat.org on Wed, Sep 27, 2000 at 09:48:32PM -0600 X-Operating-System: FreeBSD 3.3-STABLE i386 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Sep 27, 2000 at 09:48:32PM -0600, Brett Glass wrote: > No; it seems more as if YOU are a minority of one. Unless I've managed to > miss one, every other participant in this thread besides you has suggested > some change to the default configuration. Those often fighting for change often use this arguement. However, those of us who like the status quo are the silent majority and don't feel its required for us to sound off everytime someone has some idea on how to make us more secure. Thankfully, I know of `grep -cve '^#' /home/ncvs/CVSROOT/access` people who are generally smart enough not to make changes without thinking of all the consequences. -- Bill Fumerola - Network Architect, BOFH / Chimes, Inc. billf@chimesnet.com / billf@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Sep 28 9:20:43 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 0269437B424; Thu, 28 Sep 2000 09:20:11 -0700 (PDT) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id JAA02960; Thu, 28 Sep 2000 09:20:10 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Thu, 28 Sep 2000 09:20:10 -0700 (PDT) From: Kris Kennaway To: Michael Robinson Cc: freebsd-security@freebsd.org Subject: Re: Dialup IPSEC In-Reply-To: <200009281447.e8SEl7805639@netrinsics.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 28 Sep 2000, Michael Robinson wrote: > Pipsecd supports dialup users by providing IP wildcards for security > associations. This is very convenient. > > Racoon, on the other hand (according to the port description): > > "Design choice, not a bug: > - racoon negotiate IPsec keys only. It does not negotiate policy. Policy > must be configured into the kernel separately from racoon. If you want > to support roaming clients, you may need to have a mechanism to put > policy for the roaming client after phase 1 finhises." > > Does anyone have a working dialup solution for the KAME kernel IPSEC > implementation? Perhaps my brain hasnt spun up yet this early in the morning, but can't you just specify the appropriate range of addresses in the spdadd entry? Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Sep 28 9:22:10 2000 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [12.23.109.2]) by hub.freebsd.org (Postfix) with ESMTP id 76A5337B422 for ; Thu, 28 Sep 2000 09:22:07 -0700 (PDT) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id KAA21903; Thu, 28 Sep 2000 10:21:52 -0600 (MDT) Message-Id: <4.3.2.7.2.20000928101949.047a6b60@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Thu, 28 Sep 2000 10:21:18 -0600 To: Bill Fumerola From: Brett Glass Subject: Re: sysinstall DOESN'T ASK, dangerous defaults! Cc: Wes Peters , Drew Derbyshire , freebsd-security@FreeBSD.ORG In-Reply-To: <20000928121712.A38472@jade.chc-chimes.com> References: <4.3.2.7.2.20000927214450.04c02ec0@localhost> <39CB4C42.1A59669C@kew.com> <4.3.2.7.2.20000923222349.04919900@localhost> <39D2BEA4.A9FD13BD@softweyr.com> <4.3.2.7.2.20000927214450.04c02ec0@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 10:17 AM 9/28/2000, Bill Fumerola wrote: >Those often fighting for change often use this arguement. However, those of >us who like the status quo are the silent majority and don't feel its required >for us to sound off everytime someone has some idea on how to make us more secure. Ah, the old "I'm part of a silent majority that's there even though I can't prove it" argument. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Sep 28 9:52:58 2000 Delivered-To: freebsd-security@freebsd.org Received: from public.bta.net.cn (public.bta.net.cn [202.96.0.97]) by hub.freebsd.org (Postfix) with SMTP id 5245337B424; Thu, 28 Sep 2000 09:52:43 -0700 (PDT) Received: from netrinsics.com([202.106.13.229]) by public.bta.net.cn(JetMail 2.5.3.0) with SMTP id jm839d3dc79; Thu, 28 Sep 2000 16:52:36 -0000 Received: (from robinson@localhost) by netrinsics.com (8.11.0/8.9.3) id e8SGrmj06140; Fri, 29 Sep 2000 00:53:48 +0800 (+0800) (envelope-from robinson) Date: Fri, 29 Sep 2000 00:53:48 +0800 (+0800) From: Michael Robinson Message-Id: <200009281653.e8SGrmj06140@netrinsics.com> To: kris@FreeBSD.org Subject: Re: Dialup IPSEC Cc: freebsd-security@FreeBSD.org In-Reply-To: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Kris Kennaway writes: >> Does anyone have a working dialup solution for the KAME kernel IPSEC >> implementation? > >Perhaps my brain hasnt spun up yet this early in the morning, but can't >you just specify the appropriate range of addresses in the spdadd entry? From the setkey manual: spdadd src_range dst_range upperspec policy ; policy is the one of following: -P direction ipsec protocol/mode/src-dst/level You must specify the end-points addresses of the SA as src and dst with `-' between these addresses which is used to specify the SA to use. In conclusion, you can set a policy for routing your *internal* IP addresses as a range in the spdadd entry, but you must specify the public tunnel endpoint IP addresses as fixed dotted quads (for IPv4). This is specifically the part that racoon, by design, won't help you do. -Michael Robinson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Sep 28 10:19:21 2000 Delivered-To: freebsd-security@freebsd.org Received: from jade.chc-chimes.com (jade.chc-chimes.com [216.28.46.6]) by hub.freebsd.org (Postfix) with ESMTP id E06DC37B422 for ; Thu, 28 Sep 2000 10:19:18 -0700 (PDT) Received: by jade.chc-chimes.com (Postfix, from userid 1001) id 456C01C5C; Thu, 28 Sep 2000 13:19:18 -0400 (EDT) Date: Thu, 28 Sep 2000 13:19:18 -0400 From: Bill Fumerola To: Brett Glass Cc: Wes Peters , Drew Derbyshire , freebsd-security@FreeBSD.ORG Subject: Re: sysinstall DOESN'T ASK, dangerous defaults! Message-ID: <20000928131918.C38472@jade.chc-chimes.com> References: <4.3.2.7.2.20000927214450.04c02ec0@localhost> <39CB4C42.1A59669C@kew.com> <4.3.2.7.2.20000923222349.04919900@localhost> <39D2BEA4.A9FD13BD@softweyr.com> <4.3.2.7.2.20000927214450.04c02ec0@localhost> <20000928121712.A38472@jade.chc-chimes.com> <4.3.2.7.2.20000928101949.047a6b60@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <4.3.2.7.2.20000928101949.047a6b60@localhost>; from brett@lariat.org on Thu, Sep 28, 2000 at 10:21:18AM -0600 X-Operating-System: FreeBSD 3.3-STABLE i386 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, Sep 28, 2000 at 10:21:18AM -0600, Brett Glass wrote: > Ah, the old "I'm part of a silent majority that's there even though I can't > prove it" argument. Sysinstall now gives you the choice to install one of several 'security profiles', so this is really moot now. You have your hooks to install differently, so run along now. On a side note, if you don't like the profiles, send-pr(1) still works. -- Bill Fumerola - Network Architect, BOFH / Chimes, Inc. billf@chimesnet.com / billf@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Sep 28 10:57: 1 2000 Delivered-To: freebsd-security@freebsd.org Received: from mirage.nlink.com.br (mirage.nlink.com.br [200.249.195.3]) by hub.freebsd.org (Postfix) with SMTP id 6202637B423 for ; Thu, 28 Sep 2000 10:56:53 -0700 (PDT) Received: (qmail 29986 invoked by uid 501); 28 Sep 2000 17:56:50 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 28 Sep 2000 17:56:50 -0000 Date: Thu, 28 Sep 2000 14:56:50 -0300 (EST) From: Paulo Fragoso To: Poul-Henning Kamp Cc: Robert Watson , freebsd-security@FreeBSD.ORG Subject: Re: Jail + PostgreSQL In-Reply-To: <2293.970153960@critter> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org hummmmm..... On Thu, 28 Sep 2000, Poul-Henning Kamp wrote: > > SYSV IPC is not jail-ified... > > -- > Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 > phk@FreeBSD.ORG | TCP/IP since RFC 956 > FreeBSD coreteam member | BSD since 4.3-tahoe > Never attribute to malice what can adequately be explained by incompetence. > -- __O _-\<,_ Why drive when you can bike? (_)/ (_) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Sep 28 11:32:55 2000 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 3B8B737B424 for ; Thu, 28 Sep 2000 11:32:28 -0700 (PDT) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id OAA10476; Thu, 28 Sep 2000 14:30:19 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Thu, 28 Sep 2000 14:30:19 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: Paulo Fragoso Cc: Poul-Henning Kamp , freebsd-security@FreeBSD.ORG Subject: Re: Jail + PostgreSQL In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I've been taking a look at the SysV IPC code a bit this morning, and it looks like the problem is that it supports a single integer-based namespace that is seperate from the file system namespace. Leaving aside criticisms of the design, it looks like we need to perform some sort of namespace scoping: either allocate independent namespaces for each jail/partition, or provide stronger inter-jail protection while maintaining the same namespace. From the perspective of running applications regardless of the jail, the first of those is prefered. I'm going to take a further look at it this evening, and could probably hack together some patches by tomorrow or Sunday, although there may be some garbage collection issues. I've never used SysV IPC before, so there may be a bit of a learning curve there. If someone else wants to give this a hack, that would certainly not be bad :-). Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services On Thu, 28 Sep 2000, Paulo Fragoso wrote: > hummmmm..... > > On Thu, 28 Sep 2000, Poul-Henning Kamp wrote: > > > > > SYSV IPC is not jail-ified... > > > > -- > > Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 > > phk@FreeBSD.ORG | TCP/IP since RFC 956 > > FreeBSD coreteam member | BSD since 4.3-tahoe > > Never attribute to malice what can adequately be explained by incompetence. > > > > -- > __O > _-\<,_ Why drive when you can bike? > (_)/ (_) > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Sep 28 11:59:59 2000 Delivered-To: freebsd-security@freebsd.org Received: from mirage.nlink.com.br (mirage.nlink.com.br [200.249.195.3]) by hub.freebsd.org (Postfix) with SMTP id 8ED6A37B43C for ; Thu, 28 Sep 2000 11:59:33 -0700 (PDT) Received: (qmail 37001 invoked by uid 501); 28 Sep 2000 18:59:30 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 28 Sep 2000 18:59:30 -0000 Date: Thu, 28 Sep 2000 15:59:30 -0300 (EST) From: Paulo Fragoso To: Robert Watson Cc: freebsd-security@freebsd.org Subject: Re: Jail + PostgreSQL In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 28 Sep 2000, Robert Watson wrote: > > On Thu, 28 Sep 2000, Paulo Fragoso wrote: > > > If we kill all postgres in all jails and we start postgresql manually on > > frist jail after this we start postgresql on second jail all work fine. > > I wasn't clear from your description as to the configuration. I generally > thing of jails in the following kind of diagram: > > +------------------------------------------+ > | The host environment | > | | > | +-------+ +-------+ | > | | Jail1 | | Jail2 | | > | +-------+ +-------+ | > +------------------------------------------+ Yes, we've got two jails into same host environment. > > This is intended to reflect that while jail's are logically partitioned, > they're all subsets of the host environment, and that therefore there can > be interactions between the host and jail environments. For example, the > reason the jail(8) man page recommends not running inetd/sendmail/sshd/etc > in the host environment without configuration modifications is the > following: a daemon that binds INADDR_ANY in a jail is limited to that > jail's IP address, whereas a daemon in the host environment will listen on > any IP not specifically bound by an application (i.e., one in a jail). > this means that sendmail will listen on jail IPs if those jails are not > running sendmail -- undesirable :-). So my questions below are pointed at > determining if this is a host interaction like that, or if it is an > inter-jail interaction. It's ok. > > In which locations in this diagram are you running postgresql? It sounded > like a pgsql in Jail1, and a pgsql in Jail2, but was there also one in the > host environment? There isn't pgsql in the host environment. > > > Are there any problem with shared memory using jail? Is this a security > > problem? > > It may be, and I don't know because I didn't write this code, that all > jails share the same SysV SHM namespace. If that is the case, it needs to > be fixed, and could be a security problem if you run applications using > SysV SHM between jails. However, it could also be a host vs. jail issue, > if you are starting a pgsql in the host environment, which might interfere > with the ones in jail. You note that re-running them in the jails makes > them start fine -- is this an indication that you had one in the host > environment? A concise timeline concerning the starting, stopping, and When we are logged on jail1 and jail2 (using two xterm), frist we run the pgsql on jail1 and second the pgsql on jail2, they works fine (I think). Rebooting the host enviroment we've got problems, our rc file looks like this: #!/bin/sh rm /export/jail1/tmp/.s* ifconfig ed0 inet alias jjj.jjj.jjj.35 netmask 255.255.255.255 mount -t procfs proc /export/jail1/proc jail /export/jail1 jail1 200.249.195.35 /bin/sh /etc/rc rm /export/jail2/tmp/.s* ifconfig ed0 inet alias jjj.jjj.jjj.38 netmask 255.255.255.255 mount -t procfs proc /export/jail2/proc jail /export/jail2 jail2 200.249.195.38 /bin/sh /etc/rc If the shared menory isn't jailed then it's explain some crazy erros on pgsql, like this: DEBUG: Data Base System is in production state at Thu Sep 28 11:45:32 2000 FATAL 1: relpath_blind: oid of db tallyman is not 22624 ^^^^^^^^ This error happened on jails1 and "tallyman" only exist on jail2!!! > errors, as well as jail starting events, would be useful. I admit to > having never tried to run postgresql in a jail, but it seems like a useful > thing to do :-). > > Robert N M Watson > > robert@fledge.watson.org http://www.watson.org/~robert/ > PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 > TIS Labs at Network Associates, Safeport Network Services > > Thanks, Paulo. -- __O _-\<,_ Why drive when you can bike? (_)/ (_) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Sep 28 17:17:53 2000 Delivered-To: freebsd-security@freebsd.org Received: from thelab.hub.org (CDR20-55.accesscable.net [24.138.20.55]) by hub.freebsd.org (Postfix) with ESMTP id E72F037B509 for ; Thu, 28 Sep 2000 17:16:41 -0700 (PDT) Received: from localhost (scrappy@localhost) by thelab.hub.org (8.11.0/8.11.0) with ESMTP id e8T0F9604394; Thu, 28 Sep 2000 21:15:11 -0300 (ADT) (envelope-from scrappy@hub.org) X-Authentication-Warning: thelab.hub.org: scrappy owned process doing -bs Date: Thu, 28 Sep 2000 21:15:09 -0300 (ADT) From: The Hermit Hacker To: Paulo Fragoso Cc: freebsd-security@FreeBSD.ORG Subject: Re: Jail + PostgreSQL In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org default kernel install has Shared memory set too low in order that you can run N postmasters on the same machine ... I'm using the following settings in my kernel to allow me to run 5 on the same machine: options SYSVSHM options SHMMAXPGS=524288 options SHMSEG=64 options SYSVSEM options SEMMNI=80 options SEMMNS=480 options SEMMNU=240 options SEMMAP=240 options SYSVMSG #SYSV-style message queues you can also use the -B and -N options to reduce the amount of shared memory that is used on the system ... On Thu, 28 Sep 2000, Paulo Fragoso wrote: > Hi, > > We've got two jails's in same FreeBSD box. Sendmail, httpd, sshd are > running fine but postgresql fails on startup in two jails (jails > environment): > > pg_ctl: It seems another postmaster is running. Try to start postmaster > anyway. > pg_ctl: Cannot start postmaster. Is another postmaster is running? > IpcSemaphoreCreate: semget failed (No space left on device) key=5432015, > num=16, permission=600 > This type of error is usually caused by an improper > shared memory or System V IPC semaphore configuration. > For more information, see the FAQ and platform-specific > FAQ's in the source directory pgsql/doc or on our > web site at http://www.postgresql.org. > FATAL 1: InitProcGlobal: IpcSemaphoreCreate failed > > If we kill all postgres in all jails and we start postgresql manually on > frist jail after this we start postgresql on second jail all work fine. > > Are there any problem with shared memory using jail? Is this a security > problem? > > Many thanks, > Paulo. > > -- > __O > _-\<,_ Why drive when you can bike? > (_)/ (_) > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > Marc G. Fournier ICQ#7615664 IRC Nick: Scrappy Systems Administrator @ hub.org primary: scrappy@hub.org secondary: scrappy@{freebsd|postgresql}.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Sep 29 0: 4:52 2000 Delivered-To: freebsd-security@freebsd.org Received: from homer.softweyr.com (bsdconspiracy.net [208.187.122.220]) by hub.freebsd.org (Postfix) with ESMTP id 7C68537B423 for ; Fri, 29 Sep 2000 00:04:30 -0700 (PDT) Received: from localhost ([127.0.0.1] helo=softweyr.com ident=Fools trust ident!) by homer.softweyr.com with esmtp (Exim 3.16 #1) id 13euNA-00005F-00; Fri, 29 Sep 2000 01:14:20 -0600 Message-ID: <39D4414B.E697CACC@softweyr.com> Date: Fri, 29 Sep 2000 01:14:20 -0600 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.75 [en] (X11; U; FreeBSD 4.1-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: Brett Glass Cc: Drew Derbyshire , freebsd-security@FreeBSD.ORG Subject: Re: sysinstall DOESN'T ASK, dangerous defaults! References: <39CB4C42.1A59669C@kew.com> <4.3.2.7.2.20000923222349.04919900@localhost> <4.3.2.7.2.20000927214450.04c02ec0@localhost> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Brett Glass wrote: > > >Of COURSE an super-experienced hacker can determine why ftp, telnet, and > >mail don't work out of the box and fix these user-hostile mistakes. > > If you think that people don't want things to work out of the box, > you have not been listening. No, Brett, it is you who have been consistenly demanding that FreeBSD break the standard installation for everyone just to save you some work you're supposedly paid to do. And you once again just completely side-stepped the issue of doing anything about it yourself. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Sep 29 0:27:39 2000 Delivered-To: freebsd-security@freebsd.org Received: from homer.softweyr.com (bsdconspiracy.net [208.187.122.220]) by hub.freebsd.org (Postfix) with ESMTP id BE5BB37B424 for ; Fri, 29 Sep 2000 00:27:27 -0700 (PDT) Received: from localhost ([127.0.0.1] helo=softweyr.com ident=Fools trust ident!) by homer.softweyr.com with esmtp (Exim 3.16 #1) id 13eujP-0000CN-00; Fri, 29 Sep 2000 01:37:19 -0600 Message-ID: <39D446AE.7E4603EA@softweyr.com> Date: Fri, 29 Sep 2000 01:37:18 -0600 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.75 [en] (X11; U; FreeBSD 4.1-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: Charlie ROOT Cc: freebsd-security@freebsd.org Subject: Re: sftp References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Charlie ROOT wrote: > > sftp in base.. ;-) Can we steal this? > > http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/Makefile No, but only because you can't steal something that is given away. ;^) -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Sep 29 0:33:34 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 9DB4837B422; Fri, 29 Sep 2000 00:33:31 -0700 (PDT) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id AAA71707; Fri, 29 Sep 2000 00:33:31 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Fri, 29 Sep 2000 00:33:31 -0700 (PDT) From: Kris Kennaway To: security@freebsd.org Cc: bugtraq@securityfocus.com Subject: cvs commit: ports/mail/pine4 Makefile (fwd) Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org It almost killed me to see this: mollari# find pine4.21 -type f | xargs egrep '(sprintf|strcpy|strcat)' | wc -l 4299 Don't use pine - I don't believe it is practical to make it secure. :-( Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe ---------- Forwarded message ---------- Date: Fri, 29 Sep 2000 00:28:48 -0700 (PDT) From: Kris Kennaway To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: ports/mail/pine4 Makefile kris 2000/09/29 00:28:48 PDT Modified files: mail/pine4 Makefile Log: Mark FORBIDDEN: known buffer overflows exploitable by remote email. Parenthetically, no software which uses 4299 sprintf/strcpy/strcat calls can possibly be safe - I don't expect to remove this FORBIDDEN tag any time soon. :-( Revision Changes Path 1.43 +3 -1 ports/mail/pine4/Makefile To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Sep 29 15:39:46 2000 Delivered-To: freebsd-security@freebsd.org Received: from jamus.xpert.com (jamus.xpert.com [199.203.132.17]) by hub.freebsd.org (Postfix) with ESMTP id C07E237B502; Fri, 29 Sep 2000 15:39:41 -0700 (PDT) Received: from roman (helo=localhost) by jamus.xpert.com with local-esmtp (Exim 3.12 #5) id 13fAiY-0005ej-00; Sat, 30 Sep 2000 02:41:30 +0200 Date: Sat, 30 Sep 2000 02:41:30 +0200 (IST) From: Roman Shterenzon To: Kris Kennaway Cc: security@freebsd.org Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Perhaps I'll move to mutt, the same command gives only 92 occurrences :) Mutt on the other hand has sgid binary installed.. On Fri, 29 Sep 2000, Kris Kennaway wrote: > It almost killed me to see this: > > mollari# find pine4.21 -type f | xargs egrep '(sprintf|strcpy|strcat)' | wc -l > 4299 > > Don't use pine - I don't believe it is practical to make it secure. :-( > > Kris > > -- > In God we Trust -- all others must submit an X.509 certificate. > -- Charles Forsythe > > ---------- Forwarded message ---------- > Date: Fri, 29 Sep 2000 00:28:48 -0700 (PDT) > From: Kris Kennaway > To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org > Subject: cvs commit: ports/mail/pine4 Makefile > > kris 2000/09/29 00:28:48 PDT > > Modified files: > mail/pine4 Makefile > Log: > Mark FORBIDDEN: known buffer overflows exploitable by remote email. > > Parenthetically, no software which uses 4299 sprintf/strcpy/strcat > calls can possibly be safe - I don't expect to remove this FORBIDDEN > tag any time soon. :-( > > Revision Changes Path > 1.43 +3 -1 ports/mail/pine4/Makefile > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > --Roman Shterenzon, UNIX System Administrator and Consultant [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Sep 29 15:51:17 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 471BB37B502; Fri, 29 Sep 2000 15:51:15 -0700 (PDT) Received: (from kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id PAA08340; Fri, 29 Sep 2000 15:51:15 -0700 (PDT) (envelope-from kris@FreeBSD.org) Date: Fri, 29 Sep 2000 15:51:15 -0700 From: Kris Kennaway To: Roman Shterenzon Cc: Kris Kennaway , security@freebsd.org Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) Message-ID: <20000929155115.A6456@freefall.freebsd.org> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from roman@xpert.com on Sat, Sep 30, 2000 at 02:41:30AM +0200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, Sep 30, 2000 at 02:41:30AM +0200, Roman Shterenzon wrote: > Perhaps I'll move to mutt, the same command gives only 92 occurrences :) > Mutt on the other hand has sgid binary installed.. I haven't looked at mutt yet - of course, just grepping for functions is a poor indicator of the security of a program, but in the case of pine it is so blatant (and the authors have a bad enough track record) as to leave little doubt there are others which are remotely exploitable aside from the currently known exploitable ones. Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Sep 29 15:52:14 2000 Delivered-To: freebsd-security@freebsd.org Received: from smtp6.mindspring.com (smtp6.mindspring.com [207.69.200.110]) by hub.freebsd.org (Postfix) with ESMTP id 301E237B66D; Fri, 29 Sep 2000 15:52:11 -0700 (PDT) Received: from p4f0i0 (user-2inigug.dialup.mindspring.com [165.121.67.208]) by smtp6.mindspring.com (8.9.3/8.8.5) with SMTP id SAA11664; Fri, 29 Sep 2000 18:52:02 -0400 (EDT) Message-ID: <002e01c02a68$00fe3900$d04379a5@p4f0i0> From: "Jonathan M. Slivko" To: "Roman Shterenzon" , "Kris Kennaway" Cc: References: Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) Date: Fri, 29 Sep 2000 18:52:52 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Heh, pine is secure. or, so I think :P [Jonathan M. Slivko, President & Founder - Linux Mafia Internet Services] [Phone: (212) 663-1109 - Pager: (917) 388-5304 (24/7)] [Webpage: http://www.linux-mafia.net -- "In FreeBSD We Trust" ] ----- Original Message ----- From: "Roman Shterenzon" To: "Kris Kennaway" Cc: Sent: Friday, September 29, 2000 8:41 PM Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) > Perhaps I'll move to mutt, the same command gives only 92 occurrences :) > Mutt on the other hand has sgid binary installed.. > > On Fri, 29 Sep 2000, Kris Kennaway wrote: > > > It almost killed me to see this: > > > > mollari# find pine4.21 -type f | xargs egrep '(sprintf|strcpy|strcat)' | wc -l > > 4299 > > > > Don't use pine - I don't believe it is practical to make it secure. :-( > > > > Kris > > > > -- > > In God we Trust -- all others must submit an X.509 certificate. > > -- Charles Forsythe > > > > ---------- Forwarded message ---------- > > Date: Fri, 29 Sep 2000 00:28:48 -0700 (PDT) > > From: Kris Kennaway > > To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org > > Subject: cvs commit: ports/mail/pine4 Makefile > > > > kris 2000/09/29 00:28:48 PDT > > > > Modified files: > > mail/pine4 Makefile > > Log: > > Mark FORBIDDEN: known buffer overflows exploitable by remote email. > > > > Parenthetically, no software which uses 4299 sprintf/strcpy/strcat > > calls can possibly be safe - I don't expect to remove this FORBIDDEN > > tag any time soon. :-( > > > > Revision Changes Path > > 1.43 +3 -1 ports/mail/pine4/Makefile > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > --Roman Shterenzon, UNIX System Administrator and Consultant > [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ] > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Sep 29 15:55:44 2000 Delivered-To: freebsd-security@freebsd.org Received: from jamus.xpert.com (jamus.xpert.com [199.203.132.17]) by hub.freebsd.org (Postfix) with ESMTP id 37BB437B503; Fri, 29 Sep 2000 15:55:40 -0700 (PDT) Received: from roman (helo=localhost) by jamus.xpert.com with local-esmtp (Exim 3.12 #5) id 13fAy1-0005gX-00; Sat, 30 Sep 2000 02:57:29 +0200 Date: Sat, 30 Sep 2000 02:57:29 +0200 (IST) From: Roman Shterenzon To: Kris Kennaway Cc: security@freebsd.org Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) In-Reply-To: <20000929155115.A6456@freefall.freebsd.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 29 Sep 2000, Kris Kennaway wrote: > On Sat, Sep 30, 2000 at 02:41:30AM +0200, Roman Shterenzon wrote: > > > Perhaps I'll move to mutt, the same command gives only 92 occurrences :) > > Mutt on the other hand has sgid binary installed.. > > I haven't looked at mutt yet - of course, just grepping for functions > is a poor indicator of the security of a program, but in the case of > pine it is so blatant (and the authors have a bad enough track record) > as to leave little doubt there are others which are remotely > exploitable aside from the currently known exploitable ones. I was just kidding about the number, strcpy(buf, DEFAULTSTR) is quite secure on most occasions. Mutt supposedly has better PGP integration and pine scares me now. (Although I'm writing this in pine) --Roman Shterenzon, UNIX System Administrator and Consultant [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Sep 29 16:19:24 2000 Delivered-To: freebsd-security@freebsd.org Received: from green.dyndns.org (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id D495637B502; Fri, 29 Sep 2000 16:19:20 -0700 (PDT) Received: from localhost (1cjq2y@localhost [127.0.0.1] (may be forged)) by green.dyndns.org (8.11.0/8.11.0) with ESMTP id e8S5Gi507297; Thu, 28 Sep 2000 01:16:44 -0400 (EDT) (envelope-from green@FreeBSD.org) Message-Id: <200009280516.e8S5Gi507297@green.dyndns.org> X-Mailer: exmh version 2.2 06/23/2000 with nmh-1.0.4 To: sigma@pair.com Subject: Re: Status of FreeBSD-SA-00:41.elf? Cc: security@FreeBSD.org In-Reply-To: Your message of "Wed, 27 Sep 2000 14:24:43 EDT." <20000927182443.7666.qmail@smx.pair.com> From: "Brian F. Feldman" Date: Thu, 28 Sep 2000 01:16:44 -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > The following advisory went out on August 28, 2000. It indicates that 4.x > and 5.x are fixed, and implies that a fix for 3.x would be forthcoming. > We actually delayed the rollout of 3.5-STABLE for our users based on this > advisory. A month has passed, and I can't find any discussion of this > issue, nor any hint as to what the "logistical difficulties" are that the > advisory mentions. > > The patch does in fact seem to work under 3.5-STABLE - at least, the new > kernel runs "fine". But without a malformed ELF executable to try out, I > can't tell if the problem is really fixed. > > Does anyone either 1) know how to correctly patch 3.5-STABLE for this > problem, or 2) have a malformed ELF executable handy with which to verify > the problem? I'd like to know the matter is resolved. > > Kevin Martin > sigma@pair.com Yay! Someone to test the changes on 3.5! I expected the changes would work fine, but I don't feel like breaking things to fix a local DoS (especially since it's a slightly less serious one (no data loss), and many local DoSes exist on any OS -- the known ones take work to get rid of, and some may be impossible). Anyway, if it works, the you should be able to do the following: {"/home/green"}$ dd if=/bin/dd bs=32k count=1 of=evil_dd 1+0 records in 1+0 records out 32768 bytes transferred in 0.001847 secs (17740926 bytes/sec) {"/home/green"}$ chmod +x evil_dd && ./evil_dd elf_load_section: truncated ELF file Abort Taking into account that you've tested it, now I'd be able to MFC it :) It's just not a good idea to use 3.X anyway -- the 4.X series has started off and continued much stronger than 3.X. It was a stretch even doing the last 3.5-RELEASE because of so much general feeling of, "ugh, why should anyone use 3.X?" among the crew. I should say we would do well to stop "supporting" 3.X anymore and let people know (a bit louder perhaps?) 3.5 is the end of the line for 3.X and the proper solution is an upgrade to _4.X_. It's simply not very interesting or useful to be supporting something that should be phased out instead of "sorta upgraded" to the latest small increment of a quietly dying line. -- Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! / green@FreeBSD.org `------------------------------' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Sep 29 16:49:22 2000 Delivered-To: freebsd-security@freebsd.org Received: from giganda.komkon.org (giganda.komkon.org [209.125.17.66]) by hub.freebsd.org (Postfix) with ESMTP id D25CF37B502; Fri, 29 Sep 2000 16:49:19 -0700 (PDT) Received: (from str@localhost) by giganda.komkon.org (8.9.3/8.9.3) id TAA07263; Fri, 29 Sep 2000 19:49:18 -0400 (EDT) (envelope-from str) Date: Fri, 29 Sep 2000 19:49:18 -0400 (EDT) From: Igor Roshchin Message-Id: <200009292349.TAA07263@giganda.komkon.org> To: kris@FreeBSD.ORG, roman@xpert.com Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) Cc: security@FreeBSD.ORG In-Reply-To: <20000929155115.A6456@freefall.freebsd.org> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Date: Fri, 29 Sep 2000 15:51:15 -0700 > From: Kris Kennaway > Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) > > On Sat, Sep 30, 2000 at 02:41:30AM +0200, Roman Shterenzon wrote: > > > Perhaps I'll move to mutt, the same command gives only 92 occurrences :) > > Mutt on the other hand has sgid binary installed.. > > I haven't looked at mutt yet - of course, just grepping for functions > is a poor indicator of the security of a program, but in the case of > pine it is so blatant (and the authors have a bad enough track record) > as to leave little doubt there are others which are remotely > exploitable aside from the currently known exploitable ones. > > Kris > From the point of view of a system administrator, who cares about security of his box and wants to scrutinize the software, I understand the motion like : "pine [,mutt, ..] is insecure, let's remove it". From the point of view of a user who have been using the particular software (I almost never use pine myself, but I have other preferences as a user) for [2-7] years, I would not agree with such a [re]action. I know several users for whom it would be a big problem (or I should better say, a big effort) to stop using pine, and move to some other mail agent.. Ghm.. with all that said, I am not sure if I want it to be weeded out. So, it's again a decision between having a completely secure machine where nothing can be used and therefore nothing can be done effectively, or a completely insecure machine with all conveniences at hand. Probably, for many (or at least some reasonable part) of admins the optimum is somewhere in between those two extreme cases. Now, my suggestion: may be it would be reasonable to leave such potentially insecure ports in the FreeBSD port collection, while adding an additional warning in the install script about this potential danger of these ports/packages... Regards, Igor To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Sep 29 16:55: 6 2000 Delivered-To: freebsd-security@freebsd.org Received: from epsilon.lucida.qc.ca (epsilon.lucida.qc.ca [216.95.146.6]) by hub.freebsd.org (Postfix) with SMTP id D0C6B37B66D for ; Fri, 29 Sep 2000 16:55:01 -0700 (PDT) Received: (qmail 50030 invoked by uid 1000); 29 Sep 2000 23:55:01 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 29 Sep 2000 23:55:01 -0000 Date: Fri, 29 Sep 2000 19:54:59 -0400 (EDT) From: Matt Heckaman X-Sender: matt@epsilon.lucida.qc.ca To: Igor Roshchin Cc: security@FreeBSD.ORG Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) In-Reply-To: <200009292349.TAA07263@giganda.komkon.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Spam-Rating: localhost 1.6.2 0/1000/N Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 29 Sep 2000, Igor Roshchin wrote: ... : Now, my suggestion: may be it would be reasonable to leave such : potentially insecure ports in the FreeBSD port collection, while : adding an additional warning in the install script about this : potential danger of these ports/packages... I have to agree with you here, as the owner and operator of a shell company; there would be outright hell to pay and complaints from a good 200 people if I removed the only MUA that is simple enough and familiar enough for them to use. For me, it comes down to acceptable risk. Besides, pine is never ran by the root account (nor is -any- mail programs :P) so it's impact is somewhat limited in my situation. : Regards, : : Igor * Matt Heckaman - mailto:matt@lucida.qc.ca http://www.lucida.qc.ca/ * * GPG fingerprint - A9BC F3A8 278E 22F2 9BDA BFCF 74C3 2D31 C035 5390 * -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.3 (FreeBSD) Comment: http://www.lucida.qc.ca/pgp iD8DBQE51SvUdMMtMcA1U5ARAkhIAKDBPEG/GtB30tBNTd4DC9RWEVznigCfcha3 Z5k9BEZO365ASJDZsCGNkzc= =2BJj -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Sep 29 16:59:33 2000 Delivered-To: freebsd-security@freebsd.org Received: from smtp6.mindspring.com (smtp6.mindspring.com [207.69.200.110]) by hub.freebsd.org (Postfix) with ESMTP id CF1F637B503; Fri, 29 Sep 2000 16:59:29 -0700 (PDT) Received: from p4f0i0 (user-2inigug.dialup.mindspring.com [165.121.67.208]) by smtp6.mindspring.com (8.9.3/8.8.5) with SMTP id TAA24661; Fri, 29 Sep 2000 19:59:26 -0400 (EDT) Message-ID: <008b01c02a71$6b8938c0$d04379a5@p4f0i0> From: "Jonathan M. Slivko" To: "Igor Roshchin" , , Cc: References: <200009292349.TAA07263@giganda.komkon.org> Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) Date: Fri, 29 Sep 2000 20:00:17 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I totally agree with that, Igor. My two cents is this: If you remove a port because of it's security concerns, then your robbing the average user the choice between what mail client to use. Also, it's not the job of the FreeBSD development team/patch/security team to weed out all the insecure programs, the responsibility lies mainly on the systems administrator that are going to be dealing with the backlash of their decisions. So, I think that the choice should be there, just let the system administrator read up on pine's security flaws and try to work around them if he truely wants to run it. Just because your thinking of marking it as "dangerous", doesn't mean everyone running FreeBSD is gonna stop using it. If they can't get it from ports, they'll just get the source and install it themselves, regardless. So, we might as well have the patches and fixes for what we can and leave what we, as the freebsd team can't accomplish to the systems administrators, who are ultimately responsible for the action they take. Personally, I run pine on my FreeBSD machines and I am very happy with it. Especially some of the addons are extemely helpful. If you ask my opinion, let pine stay in it's normal state and leave the security and the managment of the machines that run it to the systems administrators, where the responsibilities lie in the first place. Doesn't everyone agree with me on that? -- Jonathan M. Slivko [--------------------------------------------------------------------------- -------------------------------] Jonathan M. Slivko, President & Founder - Linux Mafia Internet Services Phone: (212) 663-1109 - Pager: (917) 388-5304 (24/7) Webpage: http://www.linux-mafia.net -- "ya gotta pay for protection" [--------------------------------------------------------------------------- -------------------------------] ----- Original Message ----- From: "Igor Roshchin" To: ; Cc: Sent: Friday, September 29, 2000 7:49 PM Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) > > > Date: Fri, 29 Sep 2000 15:51:15 -0700 > > From: Kris Kennaway > > Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) > > > > On Sat, Sep 30, 2000 at 02:41:30AM +0200, Roman Shterenzon wrote: > > > > > Perhaps I'll move to mutt, the same command gives only 92 occurrences :) > > > Mutt on the other hand has sgid binary installed.. > > > > I haven't looked at mutt yet - of course, just grepping for functions > > is a poor indicator of the security of a program, but in the case of > > pine it is so blatant (and the authors have a bad enough track record) > > as to leave little doubt there are others which are remotely > > exploitable aside from the currently known exploitable ones. > > > > Kris > > > > From the point of view of a system administrator, who cares about > security of his box and wants to scrutinize the software, > I understand the motion like : "pine [,mutt, ..] is insecure, let's remove it". > > From the point of view of a user who have been using the particular software > (I almost never use pine myself, but I have other preferences as a user) > for [2-7] years, I would not agree with such a [re]action. > I know several users for whom it would be a big problem > (or I should better say, a big effort) to stop using pine, > and move to some other mail agent.. > > Ghm.. with all that said, I am not sure if I want it to be weeded out. > > So, it's again a decision between having a completely secure machine > where nothing can be used and therefore nothing can be done effectively, > or a completely insecure machine with all conveniences at hand. > Probably, for many (or at least some reasonable part) of admins the > optimum is somewhere in between those two extreme cases. > > Now, my suggestion: may be it would be reasonable to leave such > potentially insecure ports in the FreeBSD port collection, > while adding an additional warning in the > install script about this potential danger of these ports/packages... > > Regards, > > Igor > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Sep 29 17:10:29 2000 Delivered-To: freebsd-security@freebsd.org Received: from delivery.insweb.com (delivery.insweb.com [12.16.212.64]) by hub.freebsd.org (Postfix) with ESMTP id B696C37B503 for ; Fri, 29 Sep 2000 17:10:27 -0700 (PDT) Received: from ursine.com (dhcp4-202.secure.insweb.com [192.168.4.202]) by delivery.insweb.com (8.9.2/8.9.3) with ESMTP id RAA07648 for ; Fri, 29 Sep 2000 17:10:21 -0700 (PDT) (envelope-from fbsd-security@ursine.com) Message-ID: <39D52FDF.2D08F04D@ursine.com> Date: Fri, 29 Sep 2000 17:12:15 -0700 From: Michael Bryan X-Mailer: Mozilla 4.75 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: security@FreeBSD.ORG Subject: Re: Status of FreeBSD-SA-00:41.elf? References: <200009280516.e8S5Gi507297@green.dyndns.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org "Brian F. Feldman" wrote: > I should say we would do well to stop "supporting" 3.X anymore and let > people know (a bit louder perhaps?) 3.5 is the end of the line for 3.X and > the proper solution is an upgrade to _4.X_. It's simply not very > interesting or useful to be supporting something that should be phased out > instead of "sorta upgraded" to the latest small increment of a quietly > dying line. I really have to disagree with this. 4.0-RELEASE came out in March of this year, just a little over six months ago, and 4.1-RELEASE came out in July, just over two months ago. Are you really willing to say "sorry, you're not supported" to production environments that brought up FreeBSD 3.x in the first quarter of this year, or especially those that tend to be wary of ".0" releases, and that might have installed a 3.5 base just three months ago? I can understand saying feature additions are only in the new line of development, and have no problem with that. But the reality is that many production environments have a relatively long cycle of testing and approving configurations, especially for significant upgrades. Also, many environments take a cautious approach to version rollouts, and do not want to be in the first wave of people using a new release, especially a ".0" release. (At my current job, I am building up a set of 4.1.1 DNS/Mail/Proxy servers that are going to replace a set of servers that are currently running a combination of 3.4 and 3.5. The current schedule is to go live with them in November as part of other changes going on here, although if major security issues came up, I -might- be able to push that up. But I'd have an easier time justifying a patch on top of 3.5 for all the systems, until the scheduled cutover date.) At the very least, security fixes should be available for version N.x for a year or more after M.x comes out (M=N+1). If possible, even longer. Yes, I know that's a resource commitment, and as code diverges, it gets harder and harder to apply even just the security subset of changes back to older verions. I also know that with "Internet Time", and the frequent releases of FreeBSD, that means an ever increasing number of versions to support for security fixes. But if you cut that support time too short, a lot of commercial interests will be alienated, and will very likely say "Hmmm, they won't provide a security patch for the version we just rolled out five months ago, and instead we have to fully upgrade everybody? Maybe we want to go with some other solution instead." And before you or anybody asks, although I wish I could do the the effort myself to help out the FreeBSD project, including things like security support for older versions, I personally do not have the time to be involved in that level of work. So yeah, that means I'm asking y'all to do things that I cannot directly help you with, other than the usual "buy the CDs" and "promote FreeBSD to others", and I know that means I don't really get -that- much say. :-) I know there is only so much that the FreeBSD team can do, but I do want to push for strong consideration of long-life support of old releases for security-related issues. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Sep 29 17:23:38 2000 Delivered-To: freebsd-security@freebsd.org Received: from earth.backplane.com (placeholder-dcat-1076843290.broadbandoffice.net [64.47.83.26]) by hub.freebsd.org (Postfix) with ESMTP id 832B237B502 for ; Fri, 29 Sep 2000 17:23:35 -0700 (PDT) Received: (from dillon@localhost) by earth.backplane.com (8.11.0/8.9.3) id e8U0NUW20137; Fri, 29 Sep 2000 17:23:30 -0700 (PDT) (envelope-from dillon) Date: Fri, 29 Sep 2000 17:23:30 -0700 (PDT) From: Matt Dillon Message-Id: <200009300023.e8U0NUW20137@earth.backplane.com> To: freebsd-security@FreeBSD.ORG Subject: Proposed minor mod to openssh for interactive operation Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At the moment openssh only turns on TCP_NODELAY etc if it thinks you are creating an interactive shell, based on whether it allocates a pty or not. Unfortunately, I have an application (and I expect this would be useful generally) which uses a ssh link between two programs interactively. That is, send command, wait response, send command, wait response. Delaying packets is a bad idea and cuts performance over the link by about 20%. I would like to propose predicating the TCP_NODELAY option on whether the ssh link is two-way or not. Since most batch commands use ssh -n (no stdin), and most interactive commands use ssh without -n (with stdin), I think having ssh set TCP_NODELAY based on -n is the correct solution. Specifically, if -n is not passed, NODELAY is turned on. I have trivial patches (two minor tests), any objections to my committing them? Also, I'm not sure whether we are trying to keep our openssh synced with openbsd's. Does anyone know the procedure for making changes to openssh in FreeBSD's CVS tree? -Matt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Sep 29 17:26:49 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id D39E937B66C; Fri, 29 Sep 2000 17:26:44 -0700 (PDT) Received: (from kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id RAA55816; Fri, 29 Sep 2000 17:26:44 -0700 (PDT) (envelope-from kris@FreeBSD.org) Date: Fri, 29 Sep 2000 17:26:44 -0700 From: Kris Kennaway To: "Jonathan M. Slivko" Cc: Igor Roshchin , kris@FreeBSD.ORG, roman@xpert.com, security@FreeBSD.ORG Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) Message-ID: <20000929172644.C6456@freefall.freebsd.org> References: <200009292349.TAA07263@giganda.komkon.org> <008b01c02a71$6b8938c0$d04379a5@p4f0i0> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <008b01c02a71$6b8938c0$d04379a5@p4f0i0>; from jmslivko@mindspring.com on Fri, Sep 29, 2000 at 08:00:17PM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, Sep 29, 2000 at 08:00:17PM -0400, Jonathan M. Slivko wrote: > If you remove a port because of it's security concerns, then your robbing > the average user the choice between what mail client to use. Also, it's not > the job of the FreeBSD development team/patch/security team to weed out all > the insecure programs, the responsibility lies mainly on the systems Yes it is. Allowing the user to install insecure software only leaves them with a false sense of security and the feeling of betrayal when they get exploited through it. > administrator that are going to be dealing with the backlash of their > decisions. So, I think that the choice should be there, just let the system > administrator read up on pine's security flaws and try to work around them > if he truely wants to run it. They can't be worked around, it's pine itself which is the problem. Again, the system administrator who doesn't know about vulnerabilities with a program is unwittingly wide open for attack. I don't find that acceptable, especially when thats software that comes from the FreeBSD ports collection. > Just because your thinking of marking it as "dangerous", doesn't > mean everyone running FreeBSD is gonna stop using it. If they can't > get it from ports, they'll just get the source and install it > themselves, regardless. So, we might as well have the patches and > fixes for what we can and leave what we, as the freebsd team can't > accomplish to the systems administrators, who are ultimately > responsible for the action they take. Personally, I run pine on my > FreeBSD machines and I am very happy with it. Especially some of the > addons are extemely helpful. It should be a wilful, informed decision to go out and install something on your machine which makes it vulnerable to a security hole. I'm not about to compromise the security of FreeBSD installations by leaving the pine ports able to be installed with no warning. What I probably will do is the same thing I've done with a number of other terminally-insecure-but-useful ports, stick a Big Scary Warning on the front of it which users must agree to before it will install. Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Sep 29 17:45:24 2000 Delivered-To: freebsd-security@freebsd.org Received: from bignet.ru (ns.bignet.ru [213.242.28.5]) by hub.freebsd.org (Postfix) with SMTP id A760D37B502 for ; Fri, 29 Sep 2000 17:45:18 -0700 (PDT) Received: (qmail 30723 invoked from network); 30 Sep 2000 00:39:31 -0000 Received: from morpheus.bignet.ru (HELO 213.242.29.34) (213.242.29.34) by ns.bignet.ru with SMTP; 30 Sep 2000 00:39:31 -0000 Date: Sat, 30 Sep 2000 04:47:17 +0400 From: Blackman X-Mailer: The Bat! (v1.44) Reply-To: Blackman X-Priority: 3 (Normal) Message-ID: <100115743330.20000930044717@bignet.ru> To: Kris Kennaway Cc: "Jonathan M. Slivko" , Igor Roshchin , , Subject: Re[2]: cvs commit: ports/mail/pine4 Makefile (fwd) In-reply-To: <20000929172644.C6456@freefall.freebsd.org> References: <200009292349.TAA07263@giganda.komkon.org> <008b01c02a71$6b8938c0$d04379a5@p4f0i0> <20000929172644.C6456@freefall.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello Kris, Saturday, September 30, 2000, 4:26:44 AM, you wrote: First: sorry, may be it's spam: :-) Pine users&security administrators: "The Author! The Author!!!" KK> It should be a wilful, informed decision to go out and install KK> something on your machine which makes it vulnerable to a security KK> hole. I'm not about to compromise the security of FreeBSD KK> installations by leaving the pine ports able to be installed with no KK> warning. What I probably will do is the same thing I've done with a KK> number of other terminally-insecure-but-useful ports, stick a Big KK> Scary Warning on the front of it which users must agree to before it KK> will install. KK> Kris KK> -- KK> In God we Trust -- all others must submit an X.509 certificate. KK> -- Charles Forsythe --- Best regards, Blackman mailto:blackman@bignet.ru Security Officer ---"I'm peace man"--- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Sep 29 17:57:31 2000 Delivered-To: freebsd-security@freebsd.org Received: from ns1.sunesi.net (ns1.sunesi.net [196.15.192.194]) by hub.freebsd.org (Postfix) with ESMTP id AC79E37B502; Fri, 29 Sep 2000 17:57:25 -0700 (PDT) Received: from nbm by ns1.sunesi.net with local (Exim 3.03 #1) id 13fAxo-0002hp-00; Sat, 30 Sep 2000 02:57:16 +0200 Date: Sat, 30 Sep 2000 02:57:16 +0200 From: Neil Blakey-Milner To: Blackman Cc: Kris Kennaway , chat@FreeBSD.org Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) Message-ID: <20000930025715.A10388@mithrandr.moria.org> References: <200009292349.TAA07263@giganda.komkon.org> <008b01c02a71$6b8938c0$d04379a5@p4f0i0> <20000929172644.C6456@freefall.freebsd.org> <100115743330.20000930044717@bignet.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: <100115743330.20000930044717@bignet.ru>; from blackman@bignet.ru on Sat, Sep 30, 2000 at 04:47:17AM +0400 Organization: Sunesi Clinical Systems X-Operating-System: FreeBSD 3.3-RELEASE i386 X-URL: http://rucus.ru.ac.za/~nbm/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat 2000-09-30 (04:47), Blackman wrote: > First: sorry, may be it's spam: :-) > > Pine users&security administrators: "The Author! The Author!!!" We have a saying in one of my groups: "from the people who brought you wu-ftpd and UW-IMAP..." More than enough said. Neil -- Neil Blakey-Milner Sunesi Clinical Systems nbm@mithrandr.moria.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Sep 29 18:15:32 2000 Delivered-To: freebsd-security@freebsd.org Received: from bignet.ru (ns.bignet.ru [213.242.28.5]) by hub.freebsd.org (Postfix) with SMTP id 74B7137B502 for ; Fri, 29 Sep 2000 18:15:29 -0700 (PDT) Received: (qmail 1163 invoked from network); 30 Sep 2000 01:09:45 -0000 Received: from morpheus.bignet.ru (HELO 213.242.29.34) (213.242.29.34) by ns.bignet.ru with SMTP; 30 Sep 2000 01:09:45 -0000 Date: Sat, 30 Sep 2000 05:17:32 +0400 From: Blackman X-Mailer: The Bat! (v1.44) Reply-To: Blackman X-Priority: 3 (Normal) Message-ID: <118117558520.20000930051732@bignet.ru> To: freebsd-security@FreeBSD.ORG Subject: SecureBSD+Jail Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi! I have some questions: Is it possible to use securebsd+jail on freebsd 4.0? Someone can tell about experience of use this? What about safety? Securebsd project develops or not?:-) "May be I miss something!" --- Best regards, Blackman mailto:blackman@bignet.ru Security Officer ---"I'm peace man"--- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Sep 29 18:20:12 2000 Delivered-To: freebsd-security@freebsd.org Received: from sasami.jurai.net (sasami.jurai.net [63.67.141.99]) by hub.freebsd.org (Postfix) with ESMTP id A3BB937B66D for ; Fri, 29 Sep 2000 18:20:10 -0700 (PDT) Received: from localhost (scanner@localhost) by sasami.jurai.net (8.9.3/8.8.7) with ESMTP id VAA21586; Fri, 29 Sep 2000 21:20:07 -0400 (EDT) Date: Fri, 29 Sep 2000 21:20:07 -0400 (EDT) From: To: Blackman Cc: freebsd-security@FreeBSD.ORG Subject: Re: SecureBSD+Jail In-Reply-To: <118117558520.20000930051732@bignet.ru> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, 30 Sep 2000, Blackman wrote: > Hi! > > I have some questions: > Is it possible to use securebsd+jail on freebsd 4.0? No. I wrote the securebsd people when they first made an announcement of their product. And asked about them tracking -stable because many people run -stable in production. Not just a -release. And they said no. They were only tracking the 3.5 release. And I have yet to see an update to the 4.x branch from them. So im not sure what their plans are but they don't seem to be keeping up to date. :( ============================================================================= -Chris Watson (316) 326-3862 | FreeBSD Consultant, FreeBSD Geek Work: scanner@jurai.net | Open Systems Inc., Wellington, Kansas Home: scanner@deceptively.shady.org | http://open-systems.net ============================================================================= WINDOWS: "Where do you want to go today?" LINUX: "Where do you want to go tommorow?" BSD: "Are you guys coming or what?" ============================================================================= To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Sep 29 18:23:13 2000 Delivered-To: freebsd-security@freebsd.org Received: from puck.firepipe.net (mcut-b-167.resnet.purdue.edu [128.211.209.167]) by hub.freebsd.org (Postfix) with ESMTP id C143F37B502 for ; Fri, 29 Sep 2000 18:23:09 -0700 (PDT) Received: by puck.firepipe.net (Postfix, from userid 1000) id 91D7B1900; Fri, 29 Sep 2000 20:24:02 -0500 (EST) Date: Fri, 29 Sep 2000 20:24:02 -0500 From: Will Andrews To: Blackman Cc: freebsd-security@FreeBSD.ORG Subject: Re: SecureBSD+Jail Message-ID: <20000929202402.O75085@puck.firepipe.net> Reply-To: Will Andrews References: <118117558520.20000930051732@bignet.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <118117558520.20000930051732@bignet.ru>; from blackman@bignet.ru on Sat, Sep 30, 2000 at 05:17:32AM +0400 X-Operating-System: FreeBSD 4.1-STABLE i386 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, Sep 30, 2000 at 05:17:32AM +0400, Blackman wrote: > I have some questions: > Is it possible to use securebsd+jail on freebsd 4.0? > Someone can tell about experience of use this? > What about safety? > > Securebsd project develops or not?:-) SecureBSD has good intentions, but they seem misguided. If they truly cared about improving security of BSD, they would either work with Robert Watson on his TrustedBSD project, or start up an open source project and coordinate with security officers. Anything besides that is a waste of everyone's time. -- Will Andrews - Physics Computer Network wench The Universal Answer to All Problems - "It has something to do with physics." -- Comic on door of Room 240, Physics Building, Purdue University To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Sep 29 19:31:55 2000 Delivered-To: freebsd-security@freebsd.org Received: from dt051n37.san.rr.com (dt051n37.san.rr.com [204.210.32.55]) by hub.freebsd.org (Postfix) with ESMTP id 434B137B66E for ; Fri, 29 Sep 2000 19:31:51 -0700 (PDT) Received: from slave (Studded@slave [10.0.0.1]) by dt051n37.san.rr.com (8.9.3/8.9.3) with ESMTP id TAA72882; Fri, 29 Sep 2000 19:31:43 -0700 (PDT) (envelope-from DougB@gorean.org) Date: Fri, 29 Sep 2000 19:31:43 -0700 (PDT) From: Doug Barton X-Sender: doug@dt051n37.san.rr.com To: Michael Bryan Cc: security@FreeBSD.ORG Subject: Re: Status of FreeBSD-SA-00:41.elf? In-Reply-To: <39D52FDF.2D08F04D@ursine.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 29 Sep 2000, Michael Bryan wrote: > "Brian F. Feldman" wrote: > > > I should say we would do well to stop "supporting" 3.X anymore and let > > people know (a bit louder perhaps?) 3.5 is the end of the line for 3.X and > > the proper solution is an upgrade to _4.X_. It's simply not very > > interesting or useful to be supporting something that should be phased out > > instead of "sorta upgraded" to the latest small increment of a quietly > > dying line. > At the very least, security fixes should be available for version N.x for a > year or more after M.x comes out (M=N+1). If possible, even longer. Yes, I know > that's a resource commitment, and as code diverges, it gets harder and harder to > apply even just the security subset of changes back to older verions. I also know > that with "Internet Time", and the frequent releases of FreeBSD, that means an ever > increasing number of versions to support for security fixes. But if you cut that > support time too short, a lot of commercial interests will be alienated, and will > very likely say "Hmmm, they won't provide a security patch for the version we > just rolled out five months ago, and instead we have to fully upgrade everybody? > Maybe we want to go with some other solution instead." This has been hashed over repeatedly, so we're not going to make any landmark decisions here, but suffice it to say that in general the "one year rule" towards supporting older releases has been the semi-offical policy. Brian is being a tad overenthusiastic. Basically, your points are well taken. Please keep in mind though that this is really only the third major version "rotation" that the project has done where there was a significant number of non-developers who cared. We're still learning the process. With the BSDi deal there are already more resources being dedicated to and obtained for regression testing. In short, the process will improve, meanwhile life goes on. Doug (not speaking for the project, my employer, or anyone else for that matter) -- "The dead cannot be seduced." - Kai, "Lexx" Do YOU Yahoo!? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Sep 29 20: 4:20 2000 Delivered-To: freebsd-security@freebsd.org Received: from bsdie.rwsystems.net (bsdie.rwsystems.net [209.197.223.2]) by hub.freebsd.org (Postfix) with ESMTP id 024DA37B66C; Fri, 29 Sep 2000 20:04:17 -0700 (PDT) Received: from bsdie.rwsystems.net([209.197.223.2]) (1710 bytes) by bsdie.rwsystems.net via sendmail with P:esmtp/R:bind_hosts/T:inet_zone_bind_smtp (sender: ) id for ; Fri, 29 Sep 2000 21:57:41 -0500 (CDT) (Smail-3.2.0.111 2000-Feb-17 #1 built 2000-Jun-25) Date: Fri, 29 Sep 2000 21:57:41 -0500 (CDT) From: James Wyatt To: Roman Shterenzon Cc: Kris Kennaway , security@freebsd.org Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Lies, Damn Lies, and Statistics... I haven't looked, but I'll bet that most of the 4299 hits you got for pine were in code that concerns fairly useless-to-attack areas of code like the CUI (screens, menus, text areas, etc), config file IO, etc... Since the program isn't suid or guid, a stack overflow in the menu code might let you become *gasp!* yourself - whee! I have to admit that with *that* many incidences of a cancer like that, some of it is likely to be attached to a vital organ or two like mailspool header parsing or such. Aftre all user input isn't the problem, external input is, isn't it? - Jy@ On Sat, 30 Sep 2000, Roman Shterenzon wrote: > Perhaps I'll move to mutt, the same command gives only 92 occurrences :) > Mutt on the other hand has sgid binary installed.. > > On Fri, 29 Sep 2000, Kris Kennaway wrote: > > It almost killed me to see this: > > > > mollari# find pine4.21 -type f | xargs egrep '(sprintf|strcpy|strcat)' | wc -l > > 4299 > > > > Don't use pine - I don't believe it is practical to make it secure. :-( [ ... ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Sep 29 20:27:37 2000 Delivered-To: freebsd-security@freebsd.org Received: from silby.com (cb34181-c.mdsn1.wi.home.com [24.183.3.139]) by hub.freebsd.org (Postfix) with ESMTP id 3DDB837B66C for ; Fri, 29 Sep 2000 20:27:35 -0700 (PDT) Received: (qmail 17706 invoked by uid 1000); 30 Sep 2000 03:28:41 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 30 Sep 2000 03:28:41 -0000 Date: Fri, 29 Sep 2000 22:28:41 -0500 (CDT) From: Mike Silbersack To: James Wyatt Cc: Roman Shterenzon , Kris Kennaway , security@freebsd.org Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 29 Sep 2000, James Wyatt wrote: > Lies, Damn Lies, and Statistics... > > I haven't looked, but I'll bet that most of the 4299 hits you got for pine > were in code that concerns fairly useless-to-attack areas of code like the > CUI (screens, menus, text areas, etc), config file IO, etc... Since the > program isn't suid or guid, a stack overflow in the menu code might let > you become *gasp!* yourself - whee! > > I have to admit that with *that* many incidences of a cancer like that, > some of it is likely to be attached to a vital organ or two like mailspool > header parsing or such. Aftre all user input isn't the problem, external > input is, isn't it? - Jy@ Don't trivialize Kris's statement. In the last few weeks, bugtraq has seen two pine-related postings. The first, a DoS any three year old could perform. The second, a buffer overflow which would be relatively simple to exploit. UW has done absolutely nothing about these yet. If you take a look through the code, you'll quickly become disgusted; the strange style makes detecting coding errors extremely difficult, and buffer overruns look to be everywhere. I found out by trying to chase a few that sanity checks were actually done elsewhere, but I have little confidence that every case was handled with such luck. That being said, I'm still finding it very difficult to rip myself away from pine. I had considered suggesting a fork of 4.21 which would be audited and snprintfified, but the license seems to suggest that such an effort could only exist in the form of patches, which would be annoying. In theory, such patches would be absorbed into the main product. But, given the UW coders' use of odd string functions they came up with and total lack of responsiveness, I doubt they'd ever get around to incorporating the patches. Anyone have ideas (or good communication with the UW guys?) Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Sep 29 21:24:12 2000 Delivered-To: freebsd-security@freebsd.org Received: from green.dyndns.org (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 56DAF37B671; Fri, 29 Sep 2000 21:24:06 -0700 (PDT) Received: from localhost (j7esry@localhost [127.0.0.1] (may be forged)) by green.dyndns.org (8.11.0/8.11.0) with ESMTP id e8U4O1533513; Sat, 30 Sep 2000 00:24:04 -0400 (EDT) (envelope-from green@FreeBSD.org) Message-Id: <200009300424.e8U4O1533513@green.dyndns.org> X-Mailer: exmh version 2.2 06/23/2000 with nmh-1.0.4 To: Roman Shterenzon Cc: Kris Kennaway , security@FreeBSD.org Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) In-Reply-To: Message from Roman Shterenzon of "Sat, 30 Sep 2000 02:41:30 +0200." From: "Brian F. Feldman" Date: Sat, 30 Sep 2000 00:24:00 -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Perhaps I'll move to mutt, the same command gives only 92 occurrences :) > Mutt on the other hand has sgid binary installed.. > > On Fri, 29 Sep 2000, Kris Kennaway wrote: > > > It almost killed me to see this: > > > > mollari# find pine4.21 -type f | xargs egrep '(sprintf|strcpy|strcat)' | wc -l > > 4299 > > > > Don't use pine - I don't believe it is practical to make it secure. :-( > > > > Kris Now we should do something else: Pine is pretty popular. It shouldn't be, so we should create a page showing other mailers that are known to be much more secure and their virtues. In a sense, propaganda :) but I feel it's very important to move people away from such insecure software, and they simply won't unless they see alternatives. So, how about it? Should we set up a page so we have a URL to put in the Pine insecurity notice that shows, "you can live without Pine"? I'd propose the first two most popular mailers (it seems) after Pine: mutt and exmh. For instance, I use exmh, so I am interested in nmh being secure. I checked the source, and I found only <100 uses of sprintf/strcat/strcpy. Only a few of them I decided could pose a threat (others MAYBE being exploitable from the configuration files, but that's no big deal at all ;), and even then, the user would have to create a really weird mail format file to do it. So, given those two as believed very secure (or three, counting nmh and exmh as an add-on which it really is) as a start, should we point people to the alternatives which are much safer? I volunteer to do most of the work on it... -- Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! / green@FreeBSD.org `------------------------------' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Sep 29 21:39:37 2000 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [12.23.109.2]) by hub.freebsd.org (Postfix) with ESMTP id 5E86A37B502 for ; Fri, 29 Sep 2000 21:39:34 -0700 (PDT) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id WAA12553; Fri, 29 Sep 2000 22:39:11 -0600 (MDT) Message-Id: <4.3.2.7.2.20000929223558.04900df0@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Fri, 29 Sep 2000 22:39:07 -0600 To: Wes Peters From: Brett Glass Subject: Re: sysinstall DOESN'T ASK, dangerous defaults! Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <39D4414B.E697CACC@softweyr.com> References: <39CB4C42.1A59669C@kew.com> <4.3.2.7.2.20000923222349.04919900@localhost> <4.3.2.7.2.20000927214450.04c02ec0@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 01:14 AM 9/29/2000, Wes Peters wrote: >No, Brett, it is you who have been consistenly demanding that FreeBSD break >the standard installation for everyone just to save you some work you're >supposedly paid to do. Wes, it's not very nice of you -- to say the least -- to misrepresent what I have said and recommended. It doesn't reflect well on you, and causes you to come off as a flamer rather than someone who can engage in a productive discussion. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Sep 29 21:40:52 2000 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [12.23.109.2]) by hub.freebsd.org (Postfix) with ESMTP id 270C137B503 for ; Fri, 29 Sep 2000 21:40:50 -0700 (PDT) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id WAA12579; Fri, 29 Sep 2000 22:40:33 -0600 (MDT) Message-Id: <4.3.2.7.2.20000929223921.00d055b0@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Fri, 29 Sep 2000 22:40:28 -0600 To: Bill Fumerola From: Brett Glass Subject: Re: sysinstall DOESN'T ASK, dangerous defaults! Cc: Wes Peters , Drew Derbyshire , freebsd-security@FreeBSD.ORG In-Reply-To: <20000928131918.C38472@jade.chc-chimes.com> References: <4.3.2.7.2.20000928101949.047a6b60@localhost> <4.3.2.7.2.20000927214450.04c02ec0@localhost> <39CB4C42.1A59669C@kew.com> <4.3.2.7.2.20000923222349.04919900@localhost> <39D2BEA4.A9FD13BD@softweyr.com> <4.3.2.7.2.20000927214450.04c02ec0@localhost> <20000928121712.A38472@jade.chc-chimes.com> <4.3.2.7.2.20000928101949.047a6b60@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 11:19 AM 9/28/2000, Bill Fumerola wrote: >Sysinstall now gives you the choice to install one of several 'security profiles', >so this is really moot now. You have your hooks to install differently, so run along >now. In which version of FreeBSD is this the case? 4.1-STABLE as of two weeks ago did not have even a prototype of such code. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Sep 29 22:11:36 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.gplsucks.org (mail.gplsucks.org [63.227.213.93]) by hub.freebsd.org (Postfix) with ESMTP id 94D6837B502; Fri, 29 Sep 2000 22:11:34 -0700 (PDT) Received: from localhost (bwoods2@localhost) by mail.gplsucks.org (8.11.0/8.11.0) with ESMTP id e8U5AUb15263; Fri, 29 Sep 2000 22:10:31 -0700 (PDT) Date: Fri, 29 Sep 2000 22:10:30 -0700 (PDT) From: William Woods To: Mike Silbersack Cc: James Wyatt , Roman Shterenzon , Kris Kennaway , security@FreeBSD.ORG Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > incorporating the patches. > > Anyone have ideas (or good communication with the UW guys?) > > Mike "Silby" Silbersack Just a thought here, what do the OpenBSD guys do for mail, do they use a audited version of pine we could use? Bill To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Sep 29 22:13:26 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.gplsucks.org (mail.gplsucks.org [63.227.213.93]) by hub.freebsd.org (Postfix) with ESMTP id B171637B503 for ; Fri, 29 Sep 2000 22:13:24 -0700 (PDT) Received: from localhost (bwoods2@localhost) by mail.gplsucks.org (8.11.0/8.11.0) with ESMTP id e8U5CEd15267; Fri, 29 Sep 2000 22:12:14 -0700 (PDT) Date: Fri, 29 Sep 2000 22:12:13 -0700 (PDT) From: William Woods To: Brett Glass Cc: Bill Fumerola , Wes Peters , Drew Derbyshire , freebsd-security@FreeBSD.ORG Subject: Re: sysinstall DOESN'T ASK, dangerous defaults! In-Reply-To: <4.3.2.7.2.20000929223921.00d055b0@localhost> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org 4.1.1 has this, I just finished a 4.1.1 install and used it :) Bill On Fri, 29 Sep 2000, Brett Glass wrote: > At 11:19 AM 9/28/2000, Bill Fumerola wrote: > > >Sysinstall now gives you the choice to install one of several 'security profiles', > >so this is really moot now. You have your hooks to install differently, so run along > >now. > > In which version of FreeBSD is this the case? 4.1-STABLE as of two weeks ago did > not have even a prototype of such code. > > --Brett > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Sep 29 22:55:54 2000 Delivered-To: freebsd-security@freebsd.org Received: from klapaucius.zer0.org (klapaucius.zer0.org [204.152.186.45]) by hub.freebsd.org (Postfix) with ESMTP id 1F8A237B502; Fri, 29 Sep 2000 22:55:53 -0700 (PDT) Received: by klapaucius.zer0.org (Postfix, from userid 1001) id 419F3239A43; Fri, 29 Sep 2000 22:55:52 -0700 (PDT) Date: Fri, 29 Sep 2000 22:55:52 -0700 From: Gregory Sutter To: Justin Stanford Cc: Sam Wun , Kris Kennaway , "'freebsd-security@freebsd.org'" Subject: Re: IPsec block my ssh remote login. Message-ID: <20000929225552.H23587@klapaucius.zer0.org> References: <39D00B35.FED62EAC@eSec.com.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from jus@security.za.net on Tue, Sep 26, 2000 at 04:28:53AM +0200 Organization: Zer0 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 2000-09-26 04:28 +0200, Justin Stanford wrote: > Why don't you two get a room? *grin* I know you're just joking, but I'd like to complain in your general direction anyway. They shouldn't get a room because, by having their discussion on a public mailing list, have taught me how to use IPSec, something which I'll very shortly have to implement. I'm sure there are others who have also benefited from reading their messages, and I'm also sure that there will be even more people who read them in a mailing list archive and also become enlightened. Greg -- Gregory S. Sutter "Software is like sex; it's better mailto:gsutter@zer0.org when it's free." -- Linus Torvalds http://www.zer0.org/~gsutter/ PGP DSS public key 0x40AE3052 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Sep 29 23:44:33 2000 Delivered-To: freebsd-security@freebsd.org Received: from bsdie.rwsystems.net (bsdie.rwsystems.net [209.197.223.2]) by hub.freebsd.org (Postfix) with ESMTP id B65EE37B502; Fri, 29 Sep 2000 23:44:30 -0700 (PDT) Received: from bsdie.rwsystems.net([209.197.223.2]) (1729 bytes) by bsdie.rwsystems.net via sendmail with P:esmtp/R:bind_hosts/T:inet_zone_bind_smtp (sender: ) id for ; Sat, 30 Sep 2000 01:25:46 -0500 (CDT) (Smail-3.2.0.111 2000-Feb-17 #1 built 2000-Jun-25) Date: Sat, 30 Sep 2000 01:25:45 -0500 (CDT) From: James Wyatt To: Gregory Sutter Cc: Justin Stanford , Sam Wun , Kris Kennaway , "'freebsd-security@freebsd.org'" Subject: Re: IPsec block my ssh remote login. In-Reply-To: <20000929225552.H23587@klapaucius.zer0.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 29 Sep 2000, Gregory Sutter wrote: > On 2000-09-26 04:28 +0200, Justin Stanford wrote: > > Why don't you two get a room? *grin* > > I know you're just joking, but I'd like to complain in your general > direction anyway. They shouldn't get a room because, by having > their discussion on a public mailing list, have taught me how to > use IPSec, something which I'll very shortly have to implement. > I'm sure there are others who have also benefited from reading > their messages, and I'm also sure that there will be even more > people who read them in a mailing list archive and also become > enlightened. I figured we all just got a conference room. (^_^) I'm deluded enough to think I've helped someone on this list and I *know* I've received lots of help from it. As you mention, most of it by lurking and watching others solve security problems using FreeBSD with each other. Thanks folks - Jy@ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 30 0:59:54 2000 Delivered-To: freebsd-security@freebsd.org Received: from winston.osd.bsdi.com (winston.osd.bsdi.com [204.216.27.229]) by hub.freebsd.org (Postfix) with ESMTP id 641A337B502; Sat, 30 Sep 2000 00:59:52 -0700 (PDT) Received: from winston.osd.bsdi.com (jkh@localhost [127.0.0.1]) by winston.osd.bsdi.com (8.11.0/8.9.3) with ESMTP id e8U7xNU97923; Sat, 30 Sep 2000 00:59:23 -0700 (PDT) (envelope-from jkh@winston.osd.bsdi.com) To: Mike Silbersack Cc: James Wyatt , Roman Shterenzon , Kris Kennaway , security@FreeBSD.ORG Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) In-Reply-To: Message from Mike Silbersack of "Fri, 29 Sep 2000 22:28:41 CDT." Date: Sat, 30 Sep 2000 00:59:23 -0700 Message-ID: <97919.970300763@winston.osd.bsdi.com> From: Jordan Hubbard Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > That being said, I'm still finding it very difficult to rip myself away > from pine. I had considered suggesting a fork of 4.21 which would be > audited and snprintfified, but the license seems to suggest that such an > effort could only exist in the form of patches, which would be annoying. Not really - that's what the patches/ subdirectory is for. We'd simply stop making it available as a package (mark it RESTRICTED) and let pine users install it from the port. Just because getting the contents of patches/ merged back is desirable doesn't make it mandatory. - Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 30 1: 5:38 2000 Delivered-To: freebsd-security@freebsd.org Received: from winston.osd.bsdi.com (winston.osd.bsdi.com [204.216.27.229]) by hub.freebsd.org (Postfix) with ESMTP id DD91537B503; Sat, 30 Sep 2000 01:05:36 -0700 (PDT) Received: from winston.osd.bsdi.com (jkh@localhost [127.0.0.1]) by winston.osd.bsdi.com (8.11.0/8.9.3) with ESMTP id e8U85NU97964; Sat, 30 Sep 2000 01:05:24 -0700 (PDT) (envelope-from jkh@winston.osd.bsdi.com) To: "Brian F. Feldman" Cc: Roman Shterenzon , Kris Kennaway , security@FreeBSD.ORG Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) In-Reply-To: Message from "Brian F. Feldman" of "Sat, 30 Sep 2000 00:24:00 EDT." <200009300424.e8U4O1533513@green.dyndns.org> Date: Sat, 30 Sep 2000 01:05:23 -0700 Message-ID: <97960.970301123@winston.osd.bsdi.com> From: Jordan Hubbard Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > So, how about it? Should we set up a page so we have a URL to put in the > Pine insecurity notice that shows, "you can live without Pine"? I'd propose > the first two most popular mailers (it seems) after Pine: mutt and exmh. I seriously doubt anybody would be willing to go to that much trouble, making this suggestion sort of a no-op at best. It seems to me that we'll be getting just a tad like those 50's politicians who saw communists under every bed if we're just going to start blacklisting useful ports left and right without fixing them. If we can prove a vulnerability (and not just the risk of one, since risks are everywhere) then we should FIX the vulnerability and move on. We don't have to get the changes taken back and we don't have to do anything fancier than drop patches into the relevant ports directories. - Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 30 1:17:42 2000 Delivered-To: freebsd-security@freebsd.org Received: from eastwood.aldigital.algroup.co.uk (eastwood.aldigital.algroup.co.uk [194.128.162.193]) by hub.freebsd.org (Postfix) with ESMTP id A511937B502 for ; Sat, 30 Sep 2000 01:17:39 -0700 (PDT) Received: from algroup.co.uk (socks-fw.aldigital.co.uk [192.168.254.10]) by eastwood.aldigital.algroup.co.uk (8.8.8/8.6.12) with ESMTP id IAA01185 for ; Sat, 30 Sep 2000 08:17:32 GMT Message-ID: <39D5A13C.8AF289BE@algroup.co.uk> Date: Sat, 30 Sep 2000 09:15:56 +0100 From: Adam Laurie Organization: A.L. Group plc X-Mailer: Mozilla 4.74 [en] (X11; U; FreeBSD 3.4-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: security@FreeBSD.ORG Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) References: <200009292349.TAA07263@giganda.komkon.org> <008b01c02a71$6b8938c0$d04379a5@p4f0i0> <20000929172644.C6456@freefall.freebsd.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Kris Kennaway wrote: > > On Fri, Sep 29, 2000 at 08:00:17PM -0400, Jonathan M. Slivko wrote: > > > If you remove a port because of it's security concerns, then your robbing > > the average user the choice between what mail client to use. Also, it's not > > the job of the FreeBSD development team/patch/security team to weed out all > > the insecure programs, the responsibility lies mainly on the systems > > Yes it is. Allowing the user to install insecure software only leaves > them with a false sense of security and the feeling of betrayal when > they get exploited through it. Surely the same applies to FreeBSD itself? I find it very odd that ports get so much positive pressure from this list to restrict/fix/exclude them when there is a security issue, but try and get something done to core FreeBSD scripts/services etc., and you'll get shot down in flames... Bizarre... cheers, Adam -- Adam Laurie Tel: +44 (20) 8742 0755 A.L. Digital Ltd. Fax: +44 (20) 8742 5995 Voysey House Barley Mow Passage http://www.aldigital.co.uk London W4 4GB mailto:adam@algroup.co.uk UNITED KINGDOM PGP key on keyservers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 30 1:23:23 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.gmx.net (pop.gmx.net [194.221.183.20]) by hub.freebsd.org (Postfix) with SMTP id E0FB537B66C for ; Sat, 30 Sep 2000 01:23:20 -0700 (PDT) Received: (qmail 19657 invoked by uid 0); 30 Sep 2000 08:23:19 -0000 Received: from p3ee21609.dip.t-dialin.net (HELO speedy.gsinet) (62.226.22.9) by mail.gmx.net with SMTP; 30 Sep 2000 08:23:19 -0000 Received: (from sittig@localhost) by speedy.gsinet (8.8.8/8.8.8) id IAA28951 for security@FreeBSD.ORG; Sat, 30 Sep 2000 08:37:11 +0200 Date: Sat, 30 Sep 2000 08:37:11 +0200 From: Gerhard Sittig To: security@FreeBSD.ORG Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) Message-ID: <20000930083711.T5065@speedy.gsinet> Mail-Followup-To: security@FreeBSD.ORG References: <20000929155115.A6456@freefall.freebsd.org> <200009292349.TAA07263@giganda.komkon.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <200009292349.TAA07263@giganda.komkon.org>; from str@giganda.komkon.org on Fri, Sep 29, 2000 at 07:49:18PM -0400 Organization: System Defenestrators Inc. Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, Sep 29, 2000 at 19:49 -0400, Igor Roshchin wrote: > > Now, my suggestion: may be it would be reasonable to leave such > potentially insecure ports in the FreeBSD port collection, > while adding an additional warning in the install script about > this potential danger of these ports/packages... What did I miss when I feel that this is exactly what happened? I've seen Kris' message about "I'm concerned and suggest you do not use it" and the FORBIDDEN commit leaves the port there but requires the admin to take concious(sp,id?) action to have it installed successfully. Only those who really want to can install it (but they still can do so) and everyone should be aware why not to use it or why to take care when using it. Have I gotten wrong what FORBIDDEN does (for me)? I vaguely remember a similar situation with lynx -- but that was some time ago. After FreeBSD's base installation (without X running and sometimes even not installed at all, and even if I had it NS complicator scares me:) I was left with a lot of doc I wanted to read and no viewer to wade through the stuff. So I could decide to install lynx despite of the warning and to make sure I only use it for converting or reading local files. I could as well have gone out and read remote docs, but "I've been warned ..." :) virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net -- If you don't understand or are scared by any of the above ask your parents or an adult to help you. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 30 1:28: 9 2000 Delivered-To: freebsd-security@freebsd.org Received: from sentinel.office1.bg (sentinel.office1.bg [195.24.48.182]) by hub.freebsd.org (Postfix) with SMTP id 946D137B503 for ; Sat, 30 Sep 2000 01:28:03 -0700 (PDT) Received: (qmail 4526 invoked by uid 1001); 30 Sep 2000 08:28:02 -0000 Date: Sat, 30 Sep 2000 11:28:02 +0300 From: Peter Pentchev To: Matt Heckaman Cc: Igor Roshchin , security@FreeBSD.ORG Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) Message-ID: <20000930112802.B4419@ringwraith.office1.bg> References: <200009292349.TAA07263@giganda.komkon.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from matt@ARPA.MAIL.NET on Fri, Sep 29, 2000 at 07:54:59PM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, Sep 29, 2000 at 07:54:59PM -0400, Matt Heckaman wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Fri, 29 Sep 2000, Igor Roshchin wrote: > ... > : Now, my suggestion: may be it would be reasonable to leave such > : potentially insecure ports in the FreeBSD port collection, while > : adding an additional warning in the install script about this > : potential danger of these ports/packages... > > I have to agree with you here, as the owner and operator of a shell > company; there would be outright hell to pay and complaints from a good > 200 people if I removed the only MUA that is simple enough and familiar > enough for them to use. For me, it comes down to acceptable risk. Besides, > pine is never ran by the root account (nor is -any- mail programs :P) so > it's impact is somewhat limited in my situation. Actually, if you happen to be running qmail (and I might be very far off here, but it seems to me that mail.lucida.qc.ca is indeed running qmail), then mutt is a way better choice for a MUA - written specifically for Maildir, quite a bit more scriptable, much easier to configure. Well, yes, it's missing the menu interface, but (at least for me) the time to adjust to the new UI and key combinations was on the order a day or two. G'luck, Peter -- Thit sentence is not self-referential because "thit" is not a word. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 30 6:15:36 2000 Delivered-To: freebsd-security@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id 6AD6537B66C for ; Sat, 30 Sep 2000 06:15:33 -0700 (PDT) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id GAA08842 for ; Sat, 30 Sep 2000 06:15:33 -0700 Received: from passer.osg.gov.bc.ca(142.32.110.29) via SMTP by point.osg.gov.bc.ca, id smtpda08840; Sat Sep 30 06:15:25 2000 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.11.0/8.9.1) id e8UDFPB79677 for ; Sat, 30 Sep 2000 06:15:25 -0700 (PDT) Received: from cwsys9.cwsent.com(10.2.2.1), claiming to be "cwsys.cwsent.com" via SMTP by passer9.cwsent.com, id smtpdi79347; Sat Sep 30 06:14:58 2000 Received: (from uucp@localhost) by cwsys.cwsent.com (8.11.0/8.9.1) id e8UDEwX64263 for ; Sat, 30 Sep 2000 06:14:58 -0700 (PDT) Message-Id: <200009301314.e8UDEwX64263@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpdu64260; Sat Sep 30 06:14:36 2000 X-Mailer: exmh version 2.1.1 10/15/1999 Reply-To: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-OS: FreeBSD 4.1-RELEASE X-Sender: cy To: freebsd-security@freebsd.org Subject: ports/21656: New PGP6 Port Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sat, 30 Sep 2000 06:14:35 -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Anyone care to take a look at the above? It fixes the ADK bug discussed in the recent CERT Advisory about PGP. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/DEC Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 30 7: 4:41 2000 Delivered-To: freebsd-security@freebsd.org Received: from ns1.sunesi.net (ns1.sunesi.net [196.15.192.194]) by hub.freebsd.org (Postfix) with ESMTP id 493BD37B503 for ; Sat, 30 Sep 2000 07:04:38 -0700 (PDT) Received: from nbm by ns1.sunesi.net with local (Exim 3.03 #1) id 13fNFg-00041s-00; Sat, 30 Sep 2000 16:04:32 +0200 Date: Sat, 30 Sep 2000 16:04:32 +0200 From: Neil Blakey-Milner To: Adam Laurie Cc: security@FreeBSD.ORG Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) Message-ID: <20000930160432.A15451@mithrandr.moria.org> References: <200009292349.TAA07263@giganda.komkon.org> <008b01c02a71$6b8938c0$d04379a5@p4f0i0> <20000929172644.C6456@freefall.freebsd.org> <39D5A13C.8AF289BE@algroup.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: <39D5A13C.8AF289BE@algroup.co.uk>; from adam@algroup.co.uk on Sat, Sep 30, 2000 at 09:15:56AM +0100 Organization: Sunesi Clinical Systems X-Operating-System: FreeBSD 3.3-RELEASE i386 X-URL: http://rucus.ru.ac.za/~nbm/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat 2000-09-30 (09:15), Adam Laurie wrote: > Kris Kennaway wrote: > > > > On Fri, Sep 29, 2000 at 08:00:17PM -0400, Jonathan M. Slivko wrote: > > > > > If you remove a port because of it's security concerns, then your robbing > > > the average user the choice between what mail client to use. Also, it's not > > > the job of the FreeBSD development team/patch/security team to weed out all > > > the insecure programs, the responsibility lies mainly on the systems > > > > Yes it is. Allowing the user to install insecure software only leaves > > them with a false sense of security and the feeling of betrayal when > > they get exploited through it. > > Surely the same applies to FreeBSD itself? > > I find it very odd that ports get so much positive pressure from this > list to restrict/fix/exclude them when there is a security issue, but > try and get something done to core FreeBSD scripts/services etc., and > you'll get shot down in flames... Bizarre... Can you give examples? Neil -- Neil Blakey-Milner Sunesi Clinical Systems nbm@mithrandr.moria.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 30 7: 6:41 2000 Delivered-To: freebsd-security@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id 6108537B66D for ; Sat, 30 Sep 2000 07:06:36 -0700 (PDT) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id HAA08980; Sat, 30 Sep 2000 07:05:54 -0700 Received: from passer.osg.gov.bc.ca(142.32.110.29) via SMTP by point.osg.gov.bc.ca, id smtpda08978; Sat Sep 30 07:05:34 2000 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.11.0/8.9.1) id e8UE5YF80138; Sat, 30 Sep 2000 07:05:34 -0700 (PDT) Received: from cwsys9.cwsent.com(10.2.2.1), claiming to be "cwsys.cwsent.com" via SMTP by passer9.cwsent.com, id smtpdp80121; Sat Sep 30 07:04:59 2000 Received: (from uucp@localhost) by cwsys.cwsent.com (8.11.0/8.9.1) id e8UE4xU64460; Sat, 30 Sep 2000 07:04:59 -0700 (PDT) Message-Id: <200009301404.e8UE4xU64460@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpdR64456; Sat Sep 30 07:04:51 2000 X-Mailer: exmh version 2.1.1 10/15/1999 Reply-To: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-OS: FreeBSD 4.1-RELEASE X-Sender: cy To: Adam Laurie Cc: security@FreeBSD.ORG Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) In-reply-to: Your message of "Sat, 30 Sep 2000 09:15:56 BST." <39D5A13C.8AF289BE@algroup.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sat, 30 Sep 2000 07:04:49 -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <39D5A13C.8AF289BE@algroup.co.uk>, Adam Laurie writes: > Kris Kennaway wrote: > > > > On Fri, Sep 29, 2000 at 08:00:17PM -0400, Jonathan M. Slivko wrote: > > > > > If you remove a port because of it's security concerns, then your robbing > > > the average user the choice between what mail client to use. Also, it's n > ot > > > the job of the FreeBSD development team/patch/security team to weed out a > ll > > > the insecure programs, the responsibility lies mainly on the systems > > > > Yes it is. Allowing the user to install insecure software only leaves > > them with a false sense of security and the feeling of betrayal when > > they get exploited through it. > > Surely the same applies to FreeBSD itself? > > I find it very odd that ports get so much positive pressure from this > list to restrict/fix/exclude them when there is a security issue, but > try and get something done to core FreeBSD scripts/services etc., and > you'll get shot down in flames... Bizarre... I had argued with Will Andrews (it was his idea so I cannot take credit for it) for the removal of insecure protocols like telnet, ftp, and the "r" commands and services, now that we have OpenSSH and all the encryption in the base system required to support OpenSSH. This would have left the individual sysadmin solely responsible for installing insecure applications and protocols. Will and I were shot down quite miserably. My first impression when this happened was that I had a sense that we had a double standard. [ The lesson I learned was that being narrow minded like many on these mailing lists doesn't convince anyone, it just alienates people. :) Not that you are, you've made your point nicely. ] Let's step back a bit and look at it from a different angle. An insecure application, e.g. rsh, can possibly be used securely, e.g. behind a firewall, so it can be left in the base. An insecure application, e.g. pine, can only be used securely if the mail that you receive only comes from purely trusted sources. This too can be possible if you only use pine to read mail from cron jobs, however generally it is not. I propose that just as we have RESTRICTED for ports, we could do similar things with insecure applications. As a matter of fact we already do, e.g. NO_BIND, NO_LPR, NO_SENDMAIL, NOGAMES and NOUUCP. We could have additional NO_insecure_application definitions in make.conf. Instead, we could comment out in inetd.conf services that the community has decided are insecure and have the administrator uncomment the services he/she wishes to use. In short, the only conclusion that I can come to that would keep most everyone happy, and even then some will bitch and complain, is that the use of options in make.conf and in sysinstall should satisfy both camps. Be prepared for those who will argue that they don't want to go through a million options before installing FreeBSD. My answer to them is that we can't have our cake and eat it too and to have options is the closest thing we come to having our cake and eating it too. Sorry to all for going off on a tangent, but this relates to a discussion we had on -arch about 2-3 weeks ago and I couldn't let this opportunity pass. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/DEC Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 30 7:19:55 2000 Delivered-To: freebsd-security@freebsd.org Received: from ns1.sunesi.net (ns1.sunesi.net [196.15.192.194]) by hub.freebsd.org (Postfix) with ESMTP id C711637B66E for ; Sat, 30 Sep 2000 07:19:50 -0700 (PDT) Received: from nbm by ns1.sunesi.net with local (Exim 3.03 #1) id 13fNUE-00042a-00; Sat, 30 Sep 2000 16:19:34 +0200 Date: Sat, 30 Sep 2000 16:19:33 +0200 From: Neil Blakey-Milner To: Cy Schubert - ITSD Open Systems Group Cc: Adam Laurie , security@FreeBSD.ORG Subject: inetd sucks? (Re: cvs commit: ports/mail/pine4 Makefile (fwd)) Message-ID: <20000930161933.A15519@mithrandr.moria.org> References: <39D5A13C.8AF289BE@algroup.co.uk> <200009301404.e8UE4xU64460@cwsys.cwsent.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: <200009301404.e8UE4xU64460@cwsys.cwsent.com>; from Cy.Schubert@uumail.gov.bc.ca on Sat, Sep 30, 2000 at 07:04:49AM -0700 Organization: Sunesi Clinical Systems X-Operating-System: FreeBSD 3.3-RELEASE i386 X-URL: http://rucus.ru.ac.za/~nbm/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat 2000-09-30 (07:04), Cy Schubert - ITSD Open Systems Group wrote: > I had argued with Will Andrews (it was his idea so I cannot take credit > for it) for the removal of insecure protocols like telnet, ftp, and the > "r" commands and services, now that we have OpenSSH and all the > encryption in the base system required to support OpenSSH. This would > have left the individual sysadmin solely responsible for installing > insecure applications and protocols. Will and I were shot down quite > miserably. My first impression when this happened was that I had a > sense > that we had a double standard. > > [ The lesson I learned was that being narrow minded like many on these > mailing lists doesn't convince anyone, it just alienates people. :) > Not that you are, you've made your point nicely. ] There's a difference between getting 'shot down miserably', and having most people say they don't agree with you. One implies it's personal and emotional, and the other implies they don't agree with you. (It didn't help that it sounded like you wanted to remove the telnet binary in the initial submission either, I think.) > Instead, we could comment out in inetd.conf services that the community > has decided are insecure and have the administrator uncomment the > services he/she wishes to use. > > In short, the only conclusion that I can come to that would keep most > everyone happy, and even then some will bitch and complain, is that the > use of options in make.conf and in sysinstall should satisfy both > camps. Be prepared for those who will argue that they don't want to go > through a million options before installing FreeBSD. My answer to them > is that we can't have our cake and eat it too and to have options is > the closest thing we come to having our cake and eating it too. The problem here is that 'telnet' is the LCD, and with the really bad way inetd is configured, it isn't easy to twiddle this bit from sysinstall. We ask about 'ftp' too, and it's sort-of expected to work. The rest, in my opinion, can all be commented out. The alternative (which I'm almost finished working on) is to use a directory + file configuration structure (which I've subsequently found out xinetd uses) which allows sysinstall and other scripts to twiddle services with ease. Neil -- Neil Blakey-Milner Sunesi Clinical Systems nbm@mithrandr.moria.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 30 7:54: 7 2000 Delivered-To: freebsd-security@freebsd.org Received: from hotmail.com (oe22.law7.hotmail.com [216.33.236.242]) by hub.freebsd.org (Postfix) with ESMTP id 035C937B502 for ; Sat, 30 Sep 2000 07:54:06 -0700 (PDT) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Sat, 30 Sep 2000 07:54:02 -0700 X-Originating-IP: [202.66.151.69] From: "Karson Chan" To: Subject: Date: Sat, 30 Sep 2000 22:54:01 +0800 MIME-Version: 1.0 Content-Type: text/plain; charset="big5" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Message-ID: X-OriginalArrivalTime: 30 Sep 2000 14:54:02.0301 (UTC) FILETIME=[45808ED0:01C02AEE] Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org auth b2a2d626 unsubscribe freebsd-security karsonc@hongkong.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 30 7:58:31 2000 Delivered-To: freebsd-security@freebsd.org Received: from cascade.rtd.remotion.nl (cascade.rtd.remotion.nl [194.158.189.129]) by hub.freebsd.org (Postfix) with ESMTP id 51BCC37B66C for ; Sat, 30 Sep 2000 07:58:28 -0700 (PDT) Received: from tsunami.home.skydancer.nl (home.skydancer.nl [131.174.116.218]) by cascade.rtd.remotion.nl (8.9.3/8.9.3) with ESMTP id QAA03347 for ; Sat, 30 Sep 2000 16:58:24 +0200 Received: from tsunami.home.skydancer.nl ([172.18.118.218]) by tsunami.home.skydancer.nl with Microsoft SMTPSVC(5.0.2195.1600); Sat, 30 Sep 2000 16:59:29 +0200 Date: Sat, 30 Sep 2000 16:59:29 +0200 From: Walter Hop X-Mailer: The Bat! (v1.45) Educational X-Priority: 3 (Normal) Message-ID: <13813400158.20000930165929@skydancer.nl> To: "Karson Chan" Cc: freebsd-security@freebsd.org Subject: Re: In-reply-To: References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 30 Sep 2000 14:59:29.0638 (UTC) FILETIME=[089C3860:01C02AEF] Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -- >>>> auth b2a2d626 unsubscribe freebsd-security karsonc@hongkong.com Succeeded. >>>> To Unsubscribe: send mail to majordomo@FreeBSD.org **** Command 'To' not recognized. >>>> with "unsubscribe freebsd-security" in the body of the message **** Command 'with' not recognized. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 30 8: 1:45 2000 Delivered-To: freebsd-security@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id 6989E37B66C for ; Sat, 30 Sep 2000 08:01:41 -0700 (PDT) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id IAA09329; Sat, 30 Sep 2000 08:00:17 -0700 Received: from passer.osg.gov.bc.ca(142.32.110.29) via SMTP by point.osg.gov.bc.ca, id smtpda09323; Sat Sep 30 07:59:57 2000 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.11.0/8.9.1) id e8UExvD80406; Sat, 30 Sep 2000 07:59:57 -0700 (PDT) Received: from cwsys9.cwsent.com(10.2.2.1), claiming to be "cwsys.cwsent.com" via SMTP by passer9.cwsent.com, id smtpdZ80397; Sat Sep 30 07:59:01 2000 Received: (from uucp@localhost) by cwsys.cwsent.com (8.11.0/8.9.1) id e8UEx1r64844; Sat, 30 Sep 2000 07:59:01 -0700 (PDT) Message-Id: <200009301459.e8UEx1r64844@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpdi64830; Sat Sep 30 07:58:03 2000 X-Mailer: exmh version 2.1.1 10/15/1999 Reply-To: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-OS: FreeBSD 4.1-RELEASE X-Sender: cy To: Neil Blakey-Milner Cc: Cy Schubert - ITSD Open Systems Group , Adam Laurie , security@FreeBSD.ORG Subject: Re: inetd sucks? (Re: cvs commit: ports/mail/pine4 Makefile (fwd)) In-reply-to: Your message of "Sat, 30 Sep 2000 16:19:33 +0200." <20000930161933.A15519@mithrandr.moria.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sat, 30 Sep 2000 07:58:02 -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <20000930161933.A15519@mithrandr.moria.org>, Neil Blakey-Milner writ es: > The problem here is that 'telnet' is the LCD, and with the really bad > way inetd is configured, it isn't easy to twiddle this bit from > sysinstall. We ask about 'ftp' too, and it's sort-of expected to work. > The rest, in my opinion, can all be commented out. > > The alternative (which I'm almost finished working on) is to use a > directory + file configuration structure (which I've subsequently found > out xinetd uses) which allows sysinstall and other scripts to twiddle > services with ease. I assume you're going to make your work public, e.g. a port? Will it compile on Solaris, Tru64-UNIX, and Linux too? I played around with a similar concept using the portal filesystem. This idea needs more investigation. I've got an awk script that twiddles the bits in inetd.conf. It's not that difficult to do. The nice thing about it is that it's cross-platform. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/DEC Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 30 8:23:44 2000 Delivered-To: freebsd-security@freebsd.org Received: from ns1.sunesi.net (ns1.sunesi.net [196.15.192.194]) by hub.freebsd.org (Postfix) with ESMTP id 5F88437B66C for ; Sat, 30 Sep 2000 08:23:37 -0700 (PDT) Received: from nbm by ns1.sunesi.net with local (Exim 3.03 #1) id 13fOU0-000491-00; Sat, 30 Sep 2000 17:23:24 +0200 Date: Sat, 30 Sep 2000 17:23:24 +0200 From: Neil Blakey-Milner To: Cy Schubert - ITSD Open Systems Group Cc: Adam Laurie , security@FreeBSD.ORG Subject: Re: inetd sucks? (Re: cvs commit: ports/mail/pine4 Makefile (fwd)) Message-ID: <20000930172324.A15827@mithrandr.moria.org> References: <20000930161933.A15519@mithrandr.moria.org> <200009301459.e8UEx1r64844@cwsys.cwsent.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: <200009301459.e8UEx1r64844@cwsys.cwsent.com>; from Cy.Schubert@uumail.gov.bc.ca on Sat, Sep 30, 2000 at 07:58:02AM -0700 Organization: Sunesi Clinical Systems X-Operating-System: FreeBSD 3.3-RELEASE i386 X-URL: http://rucus.ru.ac.za/~nbm/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat 2000-09-30 (07:58), Cy Schubert - ITSD Open Systems Group wrote: > In message <20000930161933.A15519@mithrandr.moria.org>, Neil > Blakey-Milner writ > es: > > The problem here is that 'telnet' is the LCD, and with the really bad > > way inetd is configured, it isn't easy to twiddle this bit from > > sysinstall. We ask about 'ftp' too, and it's sort-of expected to work. > > The rest, in my opinion, can all be commented out. > > > > The alternative (which I'm almost finished working on) is to use a > > directory + file configuration structure (which I've subsequently found > > out xinetd uses) which allows sysinstall and other scripts to twiddle > > services with ease. > > I assume you're going to make your work public, e.g. a port? Will it > compile on Solaris, Tru64-UNIX, and Linux too? I've currently built it into out inetd (as an _extra_ means of configuration, not replacing the current). It's a very easy-to-use and easy-to-program thing to add, so if the other inetd's can't be bothered to consider it, then that's their fault. If you have to spend the time running around all the inconsistencies of the other systems, the effort to consolidate your inetd.conf rules in inetd.conf, and not the directory-based structure will be only a tiny part. ("Linux" doesn't use just one inetd. RedHat 7.0 uses xinetd by default, which has something very much like this, or so I was told when I discussed this with some local sysadmin and users. I'll take this as proof it's an advantage for a highly configurable system.) > I've got an awk script that twiddles the bits in inetd.conf. It's not > that difficult to do. The nice thing about it is that it's > cross-platform. As much as I feel comfortable running awk from the installer... oh, wait, I'm not. As I suggested to you last time - suggest that we make a /usr/share/examples/inetd with example inetd.conf files in it, and your awk script(s), so that it is included in the distribution. Neil -- Neil Blakey-Milner Sunesi Clinical Systems nbm@mithrandr.moria.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 30 8:38:47 2000 Delivered-To: freebsd-security@freebsd.org Received: from green.dyndns.org (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id C5EFE37B502; Sat, 30 Sep 2000 08:38:42 -0700 (PDT) Received: from localhost (qunvwv@localhost [127.0.0.1] (may be forged)) by green.dyndns.org (8.11.0/8.11.0) with ESMTP id e8UFcb538293; Sat, 30 Sep 2000 11:38:38 -0400 (EDT) (envelope-from green@FreeBSD.org) Message-Id: <200009301538.e8UFcb538293@green.dyndns.org> X-Mailer: exmh version 2.2 06/23/2000 with nmh-1.0.4 To: Jordan Hubbard Cc: Roman Shterenzon , Kris Kennaway , security@FreeBSD.org Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) In-Reply-To: Message from Jordan Hubbard of "Sat, 30 Sep 2000 01:05:23 PDT." <97960.970301123@winston.osd.bsdi.com> From: "Brian F. Feldman" Date: Sat, 30 Sep 2000 11:38:36 -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > So, how about it? Should we set up a page so we have a URL to put in the > > Pine insecurity notice that shows, "you can live without Pine"? I'd propose > > the first two most popular mailers (it seems) after Pine: mutt and exmh. > > I seriously doubt anybody would be willing to go to that much trouble, > making this suggestion sort of a no-op at best. It seems to me that > we'll be getting just a tad like those 50's politicians who saw > communists under every bed if we're just going to start blacklisting > useful ports left and right without fixing them. If we can prove a > vulnerability (and not just the risk of one, since risks are > everywhere) then we should FIX the vulnerability and move on. We > don't have to get the changes taken back and we don't have to do > anything fancier than drop patches into the relevant ports > directories. > > - Jordan Who has the motivation (of any type) to find and fix the likely hundreds of security problems left, though? Kris marked it forbidden because it's just too much work that's never going to get done to have even a reasonable assurance of its safety. But, you propose actively finding which of those problems in the code are vulnerabilities -- that's even more work than just fixing them. If anyone wants to create a "secure pine" patchset, which will likely end up in the hundreds of kilobytes, I'm sure that would be a good reason to not mark pine as forbidden. Another possibility might be to force pine into a chroot... I guess the only good advice to give if you HAVE to run pine is to run it inside a jail. -- Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! / green@FreeBSD.org `------------------------------' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 30 11:16:33 2000 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id C846137B503; Sat, 30 Sep 2000 11:16:29 -0700 (PDT) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id MAA26822; Sat, 30 Sep 2000 12:16:27 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id MAA12880; Sat, 30 Sep 2000 12:16:26 -0600 (MDT) Message-Id: <200009301816.MAA12880@harmony.village.org> To: "Brian F. Feldman" Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) Cc: Jordan Hubbard , Roman Shterenzon , Kris Kennaway , security@FreeBSD.ORG In-reply-to: Your message of "Sat, 30 Sep 2000 11:38:36 EDT." <200009301538.e8UFcb538293@green.dyndns.org> References: <200009301538.e8UFcb538293@green.dyndns.org> Date: Sat, 30 Sep 2000 12:16:26 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- In message <200009301538.e8UFcb538293@green.dyndns.org> "Brian F. Feldman" writes: : Who has the motivation (of any type) to find and fix the likely hundreds of : security problems left, though? Kris marked it forbidden because it's just : too much work that's never going to get done to have even a reasonable : assurance of its safety. But, you propose actively finding which of those : problems in the code are vulnerabilities -- that's even more work than just : fixing them. I 100% support Kris' action as the security officer. We've had MANY black eyes in the security area and pine represents an unacceptible risk in its current state. We don't KNOW there's an exploit in it, otherwise we'd have fixed that case. However, past history has shown that programs that do use strcpy and sprintf rather than their safer cousins almost always wind up being the ones that you area about in bugtraq. We're supposed to be taking security seriously and Kris is being proactive about it. I disagree with Jordan about the 1950's political thing. History has shown that programs that use the unsafe interfaces generally are the ones that wind up having advisories issued about them. We are protecting our user base from these unsafe programs. Sure, these interfaces can be used in a safe way, but looking at the pine source doesn't give me the impression that care has been taken to do this. : If anyone wants to create a "secure pine" patchset, which will likely end up : in the hundreds of kilobytes, I'm sure that would be a good reason to not : mark pine as forbidden. I agree. It is time to take a stand against bad, sloppy coding practices. If pine can't cut it, then it can't cut it and should be forbidden. If someone wants to fix all the problems in pine, then I'd support their inclusion in the port. That's rather the point of marking it FORBIDDEN. : Another possibility might be to force pine into a : chroot... I guess the only good advice to give if you HAVE to run pine is to : run it inside a jail. I don't think that would work. Warner -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface iQCVAwUBOdYt89xynu/2qPVhAQE4FwQAqfxjP0FLfM7LR6khaKFNh2e07r4qS8lU K5sfLqtet0STZ7ekymwg4mjfKXsPZ9UKTZMIrDqQ5wf2Cpu5X97L918w80iq5hZ+ IMuD1yfmmqqfZTrdns5SvtLSvXPRTFN9M6qac4esckw7kLXkzpb+/hQ+UA8eh9XF eeMfGxhfSiU= =8alQ -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 30 11:42:23 2000 Delivered-To: freebsd-security@freebsd.org Received: from green.dyndns.org (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id A36BB37B66D; Sat, 30 Sep 2000 11:42:19 -0700 (PDT) Received: from localhost (ci9ae8@localhost [127.0.0.1] (may be forged)) by green.dyndns.org (8.11.0/8.11.0) with ESMTP id e8UIgA543368; Sat, 30 Sep 2000 14:42:15 -0400 (EDT) (envelope-from green@FreeBSD.org) Message-Id: <200009301842.e8UIgA543368@green.dyndns.org> X-Mailer: exmh version 2.2 06/23/2000 with nmh-1.0.4 To: Warner Losh Cc: Jordan Hubbard , Roman Shterenzon , Kris Kennaway , security@FreeBSD.org Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) In-Reply-To: Message from Warner Losh of "Sat, 30 Sep 2000 12:16:26 MDT." <200009301816.MAA12880@harmony.village.org> From: "Brian F. Feldman" Date: Sat, 30 Sep 2000 14:42:09 -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > : Another possibility might be to force pine into a > : chroot... I guess the only good advice to give if you HAVE to run pine is to > : run it inside a jail. > > I don't think that would work. > > Warner That is, one can create their own jail (or just chroot(8)... I should probably get user-chrooting reviewed ;) which they would use for running potentially evil things -- like reading e-mail with pine. It's not too difficult, but it's really easier just to switch to a better MUA. -- Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! / green@FreeBSD.org `------------------------------' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 30 11:44:37 2000 Delivered-To: freebsd-security@freebsd.org Received: from winston.osd.bsdi.com (winston.osd.bsdi.com [204.216.27.229]) by hub.freebsd.org (Postfix) with ESMTP id 0787937B502; Sat, 30 Sep 2000 11:44:33 -0700 (PDT) Received: from winston.osd.bsdi.com (jkh@localhost [127.0.0.1]) by winston.osd.bsdi.com (8.11.0/8.9.3) with ESMTP id e8UIiJU02380; Sat, 30 Sep 2000 11:44:19 -0700 (PDT) (envelope-from jkh@winston.osd.bsdi.com) To: "Brian F. Feldman" Cc: Roman Shterenzon , Kris Kennaway , security@FreeBSD.org Subject: Security and FreeBSD, my overall perspective In-Reply-To: Message from "Brian F. Feldman" of "Sat, 30 Sep 2000 11:38:36 EDT." <200009301538.e8UFcb538293@green.dyndns.org> Date: Sat, 30 Sep 2000 11:44:19 -0700 Message-ID: <2376.970339459@winston.osd.bsdi.com> From: Jordan Hubbard Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Who has the motivation (of any type) to find and fix the likely hundreds of > security problems left, though? Again, the word is "likely" here and I could just as easily say that parts of what we currently ship in the bindist are "likely" to have bugs because past experience has shown this to be true and software is always an exercise in compromise between time/resources available and perfection. Does that mean we should stop shipping FreeBSD in binary form? Of course not, and I daresay that FreeBSD and any other Unix system comes with an explicit "warning label" telling the administrator that they'd better know what the hell they're doing before putting a box on the network. Some people have also cited arguments that if we don't protect the administrators from their own incompetence, they'll feel betrayed by FreeBSD and go run Windows or something (which has an excellent track-record for security). I also think that's a ridiculous argument since, if followed to the letter, can only lead to situations like we have in society today where every activity which could be even remotely considered dangerous is either forbidden or comes with warning labels 10 inches high, right down to the hot coffee ("WARNING: This is HOT COFFEE. DO NOT POUR IT INTO YOUR CROTCH!"). This is Unix. You're supposed to have at least a minimum level of clue in order to use it and dumbing it down so that this is no longer necessary would not constitute an advance. If we want to do something useful when it comes to all-around security, we should: (a) Continue to issue advisories for both the "system" and for ports so that people are properly informed about vulnerabilities when they're actually found (and not just "suspected"). (b) Add a new field to the ports infrastructure which indicates level of "trust" the project/security people have in that port. E.g. instead of having one big knob rather off-puttingly labelled 'FORBIDDEN', have a 'TRUST' or 'SECURITY_LEVEL' variable which goes from 1 to 10. Then the ports infrastructure can, if it wishes to, issue warnings of varying severity based on the trust level. (c) Start doing meaningful auditing of code and stop chasing various illusions of security. By this, I mean not just blindly grepping around and assuming one is doing something useful by replacing certain functions with ones which bounds-check but actually *reading* the code and seeing where the genuine flaws lie. They may lie completely outside the area of buffer overflows (there being many many ways to write insecure code) or they may be very specific buffer overflows, where the user has an actual opportunity to control the data going in. Data which is simply moving around internally and never has the opportunity to overflow under user control is not data you have to worry too much about. In fact, in some cases you might prefer the code to dump core and actually expose the bug rather than just silently truncating data and producing rather more erroneous results. - Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 30 11:56:31 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 32CBE37B502; Sat, 30 Sep 2000 11:56:27 -0700 (PDT) Received: (from kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id LAA49634; Sat, 30 Sep 2000 11:56:27 -0700 (PDT) (envelope-from kris@FreeBSD.org) Date: Sat, 30 Sep 2000 11:56:27 -0700 From: Kris Kennaway To: Adam Laurie Cc: security@FreeBSD.ORG Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) Message-ID: <20000930115627.C39894@freefall.freebsd.org> References: <200009292349.TAA07263@giganda.komkon.org> <008b01c02a71$6b8938c0$d04379a5@p4f0i0> <20000929172644.C6456@freefall.freebsd.org> <39D5A13C.8AF289BE@algroup.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <39D5A13C.8AF289BE@algroup.co.uk>; from adam@algroup.co.uk on Sat, Sep 30, 2000 at 09:15:56AM +0100 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, Sep 30, 2000 at 09:15:56AM +0100, Adam Laurie wrote: > Kris Kennaway wrote: > > > > On Fri, Sep 29, 2000 at 08:00:17PM -0400, Jonathan M. Slivko wrote: > > > > > If you remove a port because of it's security concerns, then your robbing > > > the average user the choice between what mail client to use. Also, it's not > > > the job of the FreeBSD development team/patch/security team to weed out all > > > the insecure programs, the responsibility lies mainly on the systems > > > > Yes it is. Allowing the user to install insecure software only leaves > > them with a false sense of security and the feeling of betrayal when > > they get exploited through it. > > Surely the same applies to FreeBSD itself? It does, and anything in the same situation will be dealt with accordingly :-) Insecure software meaning "fundamentally insecure", and not just "can be used dangerously if you don't read the manpage). > I find it very odd that ports get so much positive pressure from this > list to restrict/fix/exclude them when there is a security issue, but > try and get something done to core FreeBSD scripts/services etc., and > you'll get shot down in flames... Bizarre... Well, they're different parts of the system, therefore a different set of people claim the rights to complain when you try and change things :-) I don't recall what the security improvements to freebsd scripts you're talking about are though..can you remind me (in private?) If you're talking about policy changes like restricting telnet etc, then unfortunately those discussions will almost always be taken over by the armchair generals and theres not much you can do about it except either do it anyway and piss them off (if you have the political weight to do so), or wait for circumstances to change. Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 30 12:22:20 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 8CD4337B502; Sat, 30 Sep 2000 12:22:17 -0700 (PDT) Received: (from kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id MAA64508; Sat, 30 Sep 2000 12:22:17 -0700 (PDT) (envelope-from kris@FreeBSD.org) Date: Sat, 30 Sep 2000 12:22:17 -0700 From: Kris Kennaway To: Jordan Hubbard Cc: "Brian F. Feldman" , Roman Shterenzon , Kris Kennaway , security@FreeBSD.org Subject: Re: Security and FreeBSD, my overall perspective Message-ID: <20000930122217.A51270@freefall.freebsd.org> References: <2376.970339459@winston.osd.bsdi.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <2376.970339459@winston.osd.bsdi.com>; from jkh@winston.osd.bsdi.com on Sat, Sep 30, 2000 at 11:44:19AM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, Sep 30, 2000 at 11:44:19AM -0700, Jordan Hubbard wrote: > > Who has the motivation (of any type) to find and fix the likely hundreds of > > security problems left, though? > > Again, the word is "likely" here and I could just as easily say that > parts of what we currently ship in the bindist are "likely" to have > bugs because past experience has shown this to be true and software is > always an exercise in compromise between time/resources available and You could say that, but you'd be making an unsupported claim of likelihood. You are confusing "probable" with "well, we can't rule it out", which of course applies to 99% of all code. Not so for what I did with pine: it's had two problems reported in the past few weeks, and a look at the code shows that because of the offensive (as opposed to defensive) way it's written it is very likely that more problems OF THE SAME KIND lurk beneath the surface. Given this, I have something concrete to point to when I say problems are likely. > Some people have also cited arguments that if we don't protect the > administrators from their own incompetence, they'll feel betrayed by > FreeBSD and go run Windows or something (which has an excellent > track-record for security). I also think that's a ridiculous argument > since, if followed to the letter, can only lead to situations like we > have in society today where every activity which could be even > remotely considered dangerous is either forbidden or comes with > warning labels 10 inches high, right down to the hot coffee ("WARNING: > This is HOT COFFEE. DO NOT POUR IT INTO YOUR CROTCH!"). Well, thats NOT what I meant, and you're reading a different interpretation into my words. Read on: > This is Unix. You're supposed to have at least a minimum level of > clue in order to use it and dumbing it down so that this is no longer > necessary would not constitute an advance. If we want to do something > useful when it comes to all-around security, we should: Okay, quick show of hands. How many people blindly trusted pine before this week? How many people would pick up a copy of fsdb(8) and/or ipfw(8) and feel blindly confident they know how to use it properly without screwing themselves up? There are three points at work here: 1) Tools which are documented as being dangerous or which can compromise your security fall into the "well, it's your own fault category". 2) Almost no-one thinks about client applications as a security risk. Most of us are trained to think of servers as potential points of weakness, but client applications like pine and netscape get little attention. 3) Theres nothing an end-user can do to protect himself with certainty from pine, short of "don't read mail with it". Again, this is a statistically uncertainty given that I havent spent days of my life doing a thorough code audit, but I'm willing to put money on the existence of further vulnerabilities in the code. What I have done (and will finish doing when I add the install-time security warning) is move pine into category 1. > (a) Continue to issue advisories for both the "system" and for > ports so that people are properly informed about > vulnerabilities when they're actually found (and not just > "suspected"). No-one's breathed a word about changing this. However, I will be adding a cautionary warning on the next pine advisory, dealing with the currently known remotely exploitable buffer overflow, that it is the opinion of the security officer that there are probably further problems waiting to be discovered. > (b) Add a new field to the ports infrastructure which indicates > level of "trust" the project/security people have in that > port. E.g. instead of having one big knob rather off-puttingly > labelled 'FORBIDDEN', have a 'TRUST' or 'SECURITY_LEVEL' variable > which goes from 1 to 10. Then the ports infrastructure can, if > it wishes to, issue warnings of varying severity based on the > trust level. I've thought about this, but it needs someone to implement it, so we have to work with existing tools in the meantime. > (c) Start doing meaningful auditing of code and stop chasing > various illusions of security. By this, I mean not just Waitasec, what do you mean "start"? FreeBSD is basically the only operating system project which *is* auditing this kind of code (impression based on the security advisory output of all of the other OSes). > blindly grepping around and assuming one is doing something > useful by replacing certain functions with ones which > bounds-check but actually *reading* the code and seeing > where the genuine flaws lie. And again, there was more than blind grepping involved here with pine. But it's simply not something I have the time, nor the inclination to correct, the code misdesign being too endemic and the required time investment being singularly massive. Patches by anyone else will be gratefully accepted, but a warning about the trust level of the code will remain in the meantime. Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 30 12:28: 9 2000 Delivered-To: freebsd-security@freebsd.org Received: from winston.osd.bsdi.com (winston.osd.bsdi.com [204.216.27.229]) by hub.freebsd.org (Postfix) with ESMTP id 8BFDB37B503; Sat, 30 Sep 2000 12:28:06 -0700 (PDT) Received: from winston.osd.bsdi.com (jkh@localhost [127.0.0.1]) by winston.osd.bsdi.com (8.11.0/8.9.3) with ESMTP id e8UJRqU02880; Sat, 30 Sep 2000 12:27:53 -0700 (PDT) (envelope-from jkh@winston.osd.bsdi.com) To: Kris Kennaway Cc: Adam Laurie , security@FreeBSD.ORG Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) In-Reply-To: Message from Kris Kennaway of "Sat, 30 Sep 2000 11:56:27 PDT." <20000930115627.C39894@freefall.freebsd.org> Date: Sat, 30 Sep 2000 12:27:52 -0700 Message-ID: <2876.970342072@winston.osd.bsdi.com> From: Jordan Hubbard Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > If you're talking about policy changes like restricting telnet etc, > then unfortunately those discussions will almost always be taken over > by the armchair generals and theres not much you can do about it Erm, as one of the possible arm-chair generals in question, I think this vastly over-simplifies the argument and ignores the fact that many of us so-called "arm chair generals" are not just nit-picking individual changes or standing in the way for the sheer hell of it but are, in fact, defending an entire ideology which we occasionally see in danger of being fatally compromised. The ideology I'm talking about is nothing less than "base functionality" and how users perceive the system, a perception which has been, in so many demonstrably favorable ways, carefully cultivated and honed over the 7+ years of FreeBSD's existence. FreeBSD is known for giving a rich out-of-box experience and being (comparatively) easy to install and use by a certain percentage of the user population. FreeBSD is also used in preference to other alternatives such as NetBSD, OpenBSD and BSD/OS for many of those reasons. So, when the security mavens come around and start waving the Big Stick at things which compromise their own vision of what constitutes an ideal out-of-box operating system configuration, it shouldn't come as a surprise to anyone if it sometimes runs into conflict with the "established vision", one which has been established for many good reasons of its own given how FreeBSD has differentiated itself and continues to do so. This is no less than a clash of fundamental ideologies at work and neither "side" will advance for as long as people ignore this fact and fail to realize that both sides are in fact "right" for some value of the term just as they're both "wrong", that being nothing less than a fundamental law which can't and won't be changed through argument. Once we've achieved that perspective, we can start achieving compromises which somehow increase security without seriously decreasing the positive attributes which got FreeBSD to where it is in the first place. Enough said. - Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 30 12:29:25 2000 Delivered-To: freebsd-security@freebsd.org Received: from smtp10.atl.mindspring.net (smtp10.atl.mindspring.net [207.69.200.246]) by hub.freebsd.org (Postfix) with ESMTP id ABC1937B503 for ; Sat, 30 Sep 2000 12:29:22 -0700 (PDT) Received: from p4f0i0 (user-2inigic.dialup.mindspring.com [165.121.66.76]) by smtp10.atl.mindspring.net (8.9.3/8.8.5) with SMTP id PAA24491 for ; Sat, 30 Sep 2000 15:29:17 -0400 (EDT) Message-ID: <003601c02b14$dbde67a0$4c4279a5@p4f0i0> From: "Jonathan M. Slivko" To: Subject: My Two Cents on FreeBSD Date: Sat, 30 Sep 2000 15:30:10 -0400 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0033_01C02AF3.518EB3A0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_0033_01C02AF3.518EB3A0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable I think FreeBSD is possibly the best operating system that is freely = distributed, and the most secure, WITHOUT all the restrictions set forth = by OpenBSD and related Operating Systems. I would keep up the good work, = and possibly even integrate some of the OpenBSD features into FreeBSD in = a modified form. Just my two cents. -- Jonathan M. Slivko -------------------------------------------------------------------------= --------------------------------- Jonathan M. Slivko, President & Founder - Linux Mafia Internet = Services =20 Phone: (212) 663-1109 - Pager: (917) 388-5304 = (24/7) =20 Webpage: http://www.linux-mafia.net -- "ya gotta pay for = protection" =20 -------------------------------------------------------------------------= --------------------------------- ------=_NextPart_000_0033_01C02AF3.518EB3A0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
I think FreeBSD is possibly the best = operating=20 system that is freely distributed, and the most secure, WITHOUT all the=20 restrictions set forth by OpenBSD and related Operating Systems. I would = keep up=20 the good work, and possibly even integrate some of the OpenBSD features = into=20 FreeBSD in a modified form. Just my two cents. -- Jonathan M.=20 Slivko
 
----------------------------------------------------------------= ------------------------------------------
 =20 Jonathan M. Slivko, President & Founder - Linux Mafia Internet=20 Services 
  Phone: (212)=20 663-1109           = ;   =20 -            = Pager: (917)=20 388-5304 (24/7)    
  Webpage: http://www.linux-mafia.net &= nbsp; =20 --     "ya gotta pay for = protection"    =20
---------------------------------------------------------------------= -------------------------------------
------=_NextPart_000_0033_01C02AF3.518EB3A0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 30 12:41: 0 2000 Delivered-To: freebsd-security@freebsd.org Received: from winston.osd.bsdi.com (winston.osd.bsdi.com [204.216.27.229]) by hub.freebsd.org (Postfix) with ESMTP id E5AD537B502; Sat, 30 Sep 2000 12:40:57 -0700 (PDT) Received: from winston.osd.bsdi.com (jkh@localhost [127.0.0.1]) by winston.osd.bsdi.com (8.11.0/8.9.3) with ESMTP id e8UJeiU02977; Sat, 30 Sep 2000 12:40:44 -0700 (PDT) (envelope-from jkh@winston.osd.bsdi.com) To: Kris Kennaway Cc: "Brian F. Feldman" , Roman Shterenzon , security@FreeBSD.org Subject: Re: Security and FreeBSD, my overall perspective In-Reply-To: Message from Kris Kennaway of "Sat, 30 Sep 2000 12:22:17 PDT." <20000930122217.A51270@freefall.freebsd.org> Date: Sat, 30 Sep 2000 12:40:43 -0700 Message-ID: <2973.970342843@winston.osd.bsdi.com> From: Jordan Hubbard Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Okay, quick show of hands. How many people blindly trusted pine before > this week? How many people would pick up a copy of fsdb(8) and/or > ipfw(8) and feel blindly confident they know how to use it properly > without screwing themselves up? Well, just to set the record straight, I've never even used pine. I use mh-e. :) I was talking more about our desired policy for dealing with these situations in the present and future, something for which pine is merely an example. > > (b) Add a new field to the ports infrastructure which indicates > > level of "trust" the project/security people have in that > > port. E.g. instead of having one big knob rather off-puttingly > > labelled 'FORBIDDEN', have a 'TRUST' or 'SECURITY_LEVEL' variable > > which goes from 1 to 10. Then the ports infrastructure can, if > > it wishes to, issue warnings of varying severity based on the > > trust level. > > I've thought about this, but it needs someone to implement it, so we > have to work with existing tools in the meantime. I could do this in a couple of hours, including testing. You want the patches to bsd.port.mk in unidiff or context diff format? ;-) > Waitasec, what do you mean "start"? FreeBSD is basically the only > operating system project which *is* auditing this kind of code I was reacting to green's assertion that nobody, in fact, had the time or inclination to do anything of the sort. If he's maligned your efforts by making such claims then I guess we both owe you an apology for understimating the amount of work which has actually been going into auditing. - Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 30 12:48:12 2000 Delivered-To: freebsd-security@freebsd.org Received: from fyre.somcol.co.za (fyre.somcol.co.za [196.30.167.130]) by hub.freebsd.org (Postfix) with ESMTP id EC98237B502; Sat, 30 Sep 2000 12:48:00 -0700 (PDT) Received: from localhost (jus@localhost) by fyre.somcol.co.za (8.9.3/8.9.3) with ESMTP id VAA27032; Sat, 30 Sep 2000 21:46:55 +0200 (SAST) (envelope-from jus@security.za.net) X-Authentication-Warning: fyre.somcol.co.za: jus owned process doing -bs Date: Sat, 30 Sep 2000 21:46:54 +0200 (SAST) From: Justin Stanford X-Sender: jus@fyre.somcol.co.za To: Gregory Sutter Cc: Sam Wun , Kris Kennaway , "'freebsd-security@freebsd.org'" , mwest@apotheosis.org.za Subject: Re: IPsec block my ssh remote login. In-Reply-To: <20000929225552.H23587@klapaucius.zer0.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org It's not that I intended them to actually stop posting to the list, they just seemed to be getting on so well on their ownsome lonesome on the list... ;-) On Fri, 29 Sep 2000, Gregory Sutter wrote: > On 2000-09-26 04:28 +0200, Justin Stanford wrote: > > Why don't you two get a room? *grin* > > I know you're just joking, but I'd like to complain in your general > direction anyway. They shouldn't get a room because, by having > their discussion on a public mailing list, have taught me how to > use IPSec, something which I'll very shortly have to implement. > I'm sure there are others who have also benefited from reading > their messages, and I'm also sure that there will be even more > people who read them in a mailing list archive and also become > enlightened. > > Greg > -- > Gregory S. Sutter "Software is like sex; it's better > mailto:gsutter@zer0.org when it's free." -- Linus Torvalds > http://www.zer0.org/~gsutter/ > PGP DSS public key 0x40AE3052 > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 30 14:15:51 2000 Delivered-To: freebsd-security@freebsd.org Received: from silby.com (cb34181-c.mdsn1.wi.home.com [24.183.3.139]) by hub.freebsd.org (Postfix) with ESMTP id B43DF37B503 for ; Sat, 30 Sep 2000 14:15:48 -0700 (PDT) Received: (qmail 23891 invoked by uid 1000); 30 Sep 2000 21:16:57 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 30 Sep 2000 21:16:57 -0000 Date: Sat, 30 Sep 2000 16:16:57 -0500 (CDT) From: Mike Silbersack To: Jordan Hubbard Cc: James Wyatt , Roman Shterenzon , Kris Kennaway , security@FreeBSD.ORG Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) In-Reply-To: <97919.970300763@winston.osd.bsdi.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, 30 Sep 2000, Jordan Hubbard wrote: > Not really - that's what the patches/ subdirectory is for. We'd > simply stop making it available as a package (mark it RESTRICTED) and > let pine users install it from the port. Just because getting the > contents of patches/ merged back is desirable doesn't make it > mandatory. > > - Jordan Well, if I can't get myself to convert to pine, perhaps I'll start working on an audit. If anyone is interested in helping, please mail me. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 30 14:19:46 2000 Delivered-To: freebsd-security@freebsd.org Received: from green.dyndns.org (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id B482D37B66C; Sat, 30 Sep 2000 14:19:40 -0700 (PDT) Received: from localhost (lwrlqi@localhost [127.0.0.1] (may be forged)) by green.dyndns.org (8.11.0/8.11.0) with ESMTP id e8ULJY544118; Sat, 30 Sep 2000 17:19:37 -0400 (EDT) (envelope-from green@FreeBSD.org) Message-Id: <200009302119.e8ULJY544118@green.dyndns.org> X-Mailer: exmh version 2.2 06/23/2000 with nmh-1.0.4 To: Jordan Hubbard Cc: Kris Kennaway , Roman Shterenzon , security@FreeBSD.org Subject: Re: Security and FreeBSD, my overall perspective In-Reply-To: Message from Jordan Hubbard of "Sat, 30 Sep 2000 12:40:43 PDT." <2973.970342843@winston.osd.bsdi.com> From: "Brian F. Feldman" Date: Sat, 30 Sep 2000 17:19:33 -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Jordan Hubbard wrote: > > Okay, quick show of hands. How many people blindly trusted pine before > > this week? How many people would pick up a copy of fsdb(8) and/or > > ipfw(8) and feel blindly confident they know how to use it properly > > without screwing themselves up? > > Well, just to set the record straight, I've never even used pine. I > use mh-e. :) I was talking more about our desired policy for dealing > with these situations in the present and future, something for which > pine is merely an example. > > > > (b) Add a new field to the ports infrastructure which indicates > > > level of "trust" the project/security people have in that > > > port. E.g. instead of having one big knob rather off-puttingly > > > labelled 'FORBIDDEN', have a 'TRUST' or 'SECURITY_LEVEL' variable > > > which goes from 1 to 10. Then the ports infrastructure can, if > > > it wishes to, issue warnings of varying severity based on the > > > trust level. > > > > I've thought about this, but it needs someone to implement it, so we > > have to work with existing tools in the meantime. > > I could do this in a couple of hours, including testing. You want the > patches to bsd.port.mk in unidiff or context diff format? ;-) I'd do 5 levels: "unknown", "low", "medium", "high", "I wrote this to maintain my life-support system". Can you think of a useful reason to differentiate between, say, level 6 and 7? "I'm a -little- bit more sure..." The granularity is too high at 10 levels, IMHO. However, I also do think > > Waitasec, what do you mean "start"? FreeBSD is basically the only > > operating system project which *is* auditing this kind of code > > I was reacting to green's assertion that nobody, in fact, had the time > or inclination to do anything of the sort. If he's maligned your > efforts by making such claims then I guess we both owe you an apology > for understimating the amount of work which has actually been going > into auditing. Okay, I misrepresented what I wanted to say. Kris does and I do (to a lesser extent, although the sysutils/eject and audio/esound advisories I could call my own, at least) auditing of ports proactively to find exploitable software. The software that comes first is usually suid, then server software and security/ stuff, and then clients and other miscellani -- but it's not as if we don't do it on our own time. What I simply meant was the pine _itself_ is a /huge/ undertaking if we were to want to audit it, and it would probably take weeks to do thoroughly -- or several days to get rid of really obvious things. We're not likely to audit it, and to speak for only myself, the reasons here being that I'm not being paid, I wouldn't enjoy it, I'd get no direct return (because I don't run pine), and I'm not so generous that I'd give up that much of my life on someone _else_'s software. Note that it's someone else's software -- it's really not "community" software because the license just really isn't "open source". In fact, we're probably in violation of it in the ports because we don't call it "pine 4.21L". No chance of forking to make a secure pine, so it would be hell even if we really wanted to... (BTW, Kris, I'd appreciate a new list of ports which have suid files, since a lot of new ports have appeared since the last one) -- Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! / green@FreeBSD.org `------------------------------' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 30 14:21: 9 2000 Delivered-To: freebsd-security@freebsd.org Received: from peak.mountin.net (peak.mountin.net [207.227.119.2]) by hub.freebsd.org (Postfix) with ESMTP id F229D37B503; Sat, 30 Sep 2000 14:21:06 -0700 (PDT) Received: (from daemon@localhost) by peak.mountin.net (8.9.1/8.9.1) id QAA05936; Sat, 30 Sep 2000 16:21:00 -0500 (CDT) (envelope-from jeff-ml@mountin.net) Received: from dial-83.max1.wa.cyberlynk.net(207.227.118.83) by peak.mountin.net via smap (V1.3) id sma005934; Sat Sep 30 16:20:56 2000 Message-Id: <4.3.2.20000930160153.00b8bc10@207.227.119.2> X-Sender: jeff-ml@207.227.119.2 X-Mailer: QUALCOMM Windows Eudora Version 4.3 Date: Sat, 30 Sep 2000 16:16:47 -0500 To: Jordan Hubbard , Kris Kennaway From: "Jeffrey J. Mountin" Subject: Re: Security and FreeBSD, my overall perspective Cc: security@FreeBSD.ORG In-Reply-To: <2973.970342843@winston.osd.bsdi.com> References: <20000930122217.A51270@freefall.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 12:40 PM 9/30/00 -0700, Jordan Hubbard wrote: > > > (b) Add a new field to the ports infrastructure which indicates > > > level of "trust" the project/security people have in that > > > port. E.g. instead of having one big knob rather off-puttingly > > > labelled 'FORBIDDEN', have a 'TRUST' or 'SECURITY_LEVEL' variable > > > which goes from 1 to 10. Then the ports infrastructure can, if > > > it wishes to, issue warnings of varying severity based on the > > > trust level. > > > > I've thought about this, but it needs someone to implement it, so we > > have to work with existing tools in the meantime. > >I could do this in a couple of hours, including testing. You want the >patches to bsd.port.mk in unidiff or context diff format? ;-) While I like this idea to some extent, there should be a disclaimer and/or be used on ports that have been checked over. The later would help any auditing, but the former would prevent misconceptions should a port with a "10" or just a "high" rating end up with an exploit/advisory. Problem is where to put it or when it should display. Would suggest that it spew out early when making the port or even when doing a 'make fetch' and it's relatives. Both the rating and a line or 2 should pop up. Maybe a "Do you wish to continue?" even. OTOH, considering the perception that problems with 3rd party software lead to the conclusion of (potential) problems with FreeBSD this may have a negative impact should a rating seem optimistic. Overall I think it would help many, but it shouldn't be relied upon as the absolute "truth" of the security of something. That is subject to time and trial. Maybe a scale of 1-5 would make it easier to decide what to rate a port at. To get the highest rating it should have clean code *and* a known good track record. Nothing new should ever get that rating. .02 Jeff Mountin - jeff@mountin.net Systems/Network Administrator FreeBSD - the power to serve To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 30 14:21:37 2000 Delivered-To: freebsd-security@freebsd.org Received: from silby.com (cb34181-c.mdsn1.wi.home.com [24.183.3.139]) by hub.freebsd.org (Postfix) with ESMTP id B422A37B66E for ; Sat, 30 Sep 2000 14:21:35 -0700 (PDT) Received: (qmail 23945 invoked by uid 1000); 30 Sep 2000 21:22:46 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 30 Sep 2000 21:22:46 -0000 Date: Sat, 30 Sep 2000 16:22:46 -0500 (CDT) From: Mike Silbersack To: "Brian F. Feldman" Cc: Warner Losh , Jordan Hubbard , Roman Shterenzon , Kris Kennaway , security@FreeBSD.org Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) In-Reply-To: <200009301842.e8UIgA543368@green.dyndns.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, 30 Sep 2000, Brian F. Feldman wrote: > That is, one can create their own jail (or just chroot(8)... I should > probably get user-chrooting reviewed ;) which they would use for running > potentially evil things -- like reading e-mail with pine. It's not too > difficult, but it's really easier just to switch to a better MUA. user-chrooting would be excellent. Chrooting MUAs / web browsers / etc would be a nice feature no matter how secure the program in question seems to be. If you get it implemented, I'll be the first to use the feature. :) Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 30 14:24: 5 2000 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 5E84537B502; Sat, 30 Sep 2000 14:23:59 -0700 (PDT) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id PAA27301; Sat, 30 Sep 2000 15:23:57 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id PAA13609; Sat, 30 Sep 2000 15:23:56 -0600 (MDT) Message-Id: <200009302123.PAA13609@harmony.village.org> To: "Jonathan M. Slivko" Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) Cc: "Igor Roshchin" , kris@FreeBSD.ORG, roman@xpert.com, security@FreeBSD.ORG In-reply-to: Your message of "Fri, 29 Sep 2000 20:00:17 EDT." <008b01c02a71$6b8938c0$d04379a5@p4f0i0> References: <008b01c02a71$6b8938c0$d04379a5@p4f0i0> <200009292349.TAA07263@giganda.komkon.org> Date: Sat, 30 Sep 2000 15:23:56 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <008b01c02a71$6b8938c0$d04379a5@p4f0i0> "Jonathan M. Slivko" writes: : it. Especially some of the addons are extemely helpful. If you ask my : opinion, let pine stay in it's normal state and leave the security and the : managment of the machines that run it to the systems administrators, where : the responsibilities lie in the first place. Doesn't everyone agree with me : on that? I think I disagree. Maybe we need a category that is "This program may be insecure, set INSECURE_OK in your /etc/make.conf if you don't have a problem with that" for ports. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 30 14:25:57 2000 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 9847837B66C; Sat, 30 Sep 2000 14:25:54 -0700 (PDT) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id RAA44853; Sat, 30 Sep 2000 17:25:53 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Sat, 30 Sep 2000 17:25:53 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: "Brian F. Feldman" Cc: security@FreeBSD.org Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) In-Reply-To: <200009301842.e8UIgA543368@green.dyndns.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, 30 Sep 2000, Brian F. Feldman wrote: > > : Another possibility might be to force pine into a > > : chroot... I guess the only good advice to give if you HAVE to run pine is to > > : run it inside a jail. > > > > I don't think that would work. > > That is, one can create their own jail (or just chroot(8)... I should y> probably get user-chrooting reviewed ;) which they would use for running > potentially evil things -- like reading e-mail with pine. It's not too > difficult, but it's really easier just to switch to a better MUA. Neither chroot(8) nor jail(8) are intended to provide a light-weight sandboxing service, and attempts to adapt them will no doubt run into substantial problems, as typically developing security features requires a whole-system view. There have been numerous projects which have provided various forms of light-weight sandboxing, but most of them involve more work to develop and set up than fixing the application in the first place. If you're interested in various forms of integrity-based containment, you might consider spending time working on our Biba MAC implementation, but keep in mind mail programs lose a lot of their utility once you've managed to effectively isolate them from the system (can no longer save attachments, load files to email them out, keep your PGP keyring accessible to your mailer, ...) It's interesting--people constantly bash type-safe languages, but sadly, the majority of the exploited bugs today would all be fixed by writing your mail reader in Java, ML, Modula-3... I support the current move to mark Pine4 as FORBIDDEN. It retains support for Pine in the base system as a port, while providing administrators a safety warning before attempting to install it. If the lack of a package substantially worries people, what we should look at is a way that the package mechanism can include security status information -- i.e., a +ATTRIBUTES or the like file, which includes information on the FORBIDDEN status. Package management tools could inspect this and display a warning as needed, allowing packages to inherit the security properties of their respective ports. Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 30 14:29:33 2000 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 830A637B502 for ; Sat, 30 Sep 2000 14:29:29 -0700 (PDT) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id PAA27322; Sat, 30 Sep 2000 15:29:28 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id PAA13646; Sat, 30 Sep 2000 15:29:28 -0600 (MDT) Message-Id: <200009302129.PAA13646@harmony.village.org> To: Adam Laurie Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) Cc: security@FreeBSD.ORG In-reply-to: Your message of "Sat, 30 Sep 2000 09:15:56 BST." <39D5A13C.8AF289BE@algroup.co.uk> References: <39D5A13C.8AF289BE@algroup.co.uk> <200009292349.TAA07263@giganda.komkon.org> <008b01c02a71$6b8938c0$d04379a5@p4f0i0> <20000929172644.C6456@freefall.freebsd.org> Date: Sat, 30 Sep 2000 15:29:28 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <39D5A13C.8AF289BE@algroup.co.uk> Adam Laurie writes: : I find it very odd that ports get so much positive pressure from this : list to restrict/fix/exclude them when there is a security issue, but : try and get something done to core FreeBSD scripts/services etc., and : you'll get shot down in flames... Bizarre... That's because for the most part all programs running at elevated privs in the base OS have been evaluated for security issues already. They have been looked at in detail. Their sprintfs have been changed to snpritnf, etc. Such is not the case with pine. It runs with privs, but the code that I've looked at appears to be rife with potential overflows. Maybe these aren't exploitable, maybe they are. What Kris' action says is that you are taking a big risk by running this port. That's what his job as ports security officer/coordinator is supposed to be. He's not only supposed to REACT to problems, but he's supposed to proactively find problems and fix or warn about them. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 30 14:33:47 2000 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 5CE6E37B502 for ; Sat, 30 Sep 2000 14:33:44 -0700 (PDT) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id PAA27338; Sat, 30 Sep 2000 15:33:42 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id PAA13677; Sat, 30 Sep 2000 15:33:41 -0600 (MDT) Message-Id: <200009302133.PAA13677@harmony.village.org> To: Cy Schubert - ITSD Open Systems Group Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) Cc: Adam Laurie , security@FreeBSD.ORG In-reply-to: Your message of "Sat, 30 Sep 2000 07:04:49 PDT." <200009301404.e8UE4xU64460@cwsys.cwsent.com> References: <200009301404.e8UE4xU64460@cwsys.cwsent.com> Date: Sat, 30 Sep 2000 15:33:41 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <200009301404.e8UE4xU64460@cwsys.cwsent.com> Cy Schubert - ITSD Open Systems Group writes: : miserably. My first impression when this happened was that I had a : sense that we had a double standard. The programs that you wanted to remove also implemented a secure protocol with Kerberos. That's why they weren't removed. They are also 1000 times more widely used than even Pine is. It would take some intellegent hacking to make it so that they would only use the secure protocol, or that you had to explicitly request the insecure one. No one has done this hacking yet. If they were less useful, less widely deployed, then maybe we could get away with deleting them completely. Sadly, they aren't, so we can't. PINE, on the other hand, is just a mail agent. It should be flagged as being dangerous and people need to jump through hoops to install it. Finally, we did kill setuidperl a while back, did we not? Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 30 14:37:29 2000 Delivered-To: freebsd-security@freebsd.org Received: from jamus.xpert.com (jamus.xpert.com [199.203.132.17]) by hub.freebsd.org (Postfix) with ESMTP id E6DA037B502 for ; Sat, 30 Sep 2000 14:37:25 -0700 (PDT) Received: from roman (helo=localhost) by jamus.xpert.com with local-esmtp (Exim 3.12 #5) id 13fUJk-0007jx-00; Sat, 30 Sep 2000 23:37:12 +0200 Date: Sat, 30 Sep 2000 23:37:12 +0200 (IST) From: Roman Shterenzon To: Neil Blakey-Milner Cc: security@FreeBSD.ORG Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) In-Reply-To: <20000930160432.A15451@mithrandr.moria.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, 30 Sep 2000, Neil Blakey-Milner wrote: > > > > Surely the same applies to FreeBSD itself? > > > > I find it very odd that ports get so much positive pressure from this > > list to restrict/fix/exclude them when there is a security issue, but > > try and get something done to core FreeBSD scripts/services etc., and > > you'll get shot down in flames... Bizarre... > > Can you give examples? I can give you an example: ipfilter in the FreeBSD. It still doesn't have a startup script in /etc/rc* And it's not because it doesn't exist - in fact there's conf/20202, but nothing is being done with it. I guess that one can think of some other examples. --Roman Shterenzon, UNIX System Administrator and Consultant [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 30 14:38:45 2000 Delivered-To: freebsd-security@freebsd.org Received: from green.dyndns.org (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id B231737B66D; Sat, 30 Sep 2000 14:38:37 -0700 (PDT) Received: from localhost (zd83kl@localhost [127.0.0.1] (may be forged)) by green.dyndns.org (8.11.0/8.11.0) with ESMTP id e8ULcW544214; Sat, 30 Sep 2000 17:38:35 -0400 (EDT) (envelope-from green@FreeBSD.org) Message-Id: <200009302138.e8ULcW544214@green.dyndns.org> X-Mailer: exmh version 2.2 06/23/2000 with nmh-1.0.4 To: Mike Silbersack Cc: "Brian F. Feldman" , security@FreeBSD.org Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) In-Reply-To: Message from Mike Silbersack of "Sat, 30 Sep 2000 16:22:46 CDT." From: "Brian F. Feldman" Date: Sat, 30 Sep 2000 17:38:31 -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Mike Silbersack wrote: > > On Sat, 30 Sep 2000, Brian F. Feldman wrote: > > > That is, one can create their own jail (or just chroot(8)... I should > > probably get user-chrooting reviewed ;) which they would use for running > > potentially evil things -- like reading e-mail with pine. It's not too > > difficult, but it's really easier just to switch to a better MUA. > > user-chrooting would be excellent. Chrooting MUAs / web browsers / etc > would be a nice feature no matter how secure the program in question seems > to be. If you get it implemented, I'll be the first to use the > feature. :) > > Mike "Silby" Silbersack Cool :) I use it, for example, for fuzz; it works quite nicely for that. I think I have taken care of all the possible negative interactions and made it safe, so it does need a review, but I'm fairly sure that many people will want to be able to do chroot without being root. Here's what it entails: --- kern/kern_exec.c 2000/09/05 22:10:22 1.113 +++ kern/kern_exec.c 2000/09/15 11:41:14 @@ -280,7 +280,7 @@ if ((((attr.va_mode & VSUID) && p->p_ucred->cr_uid != attr.va_uid) || ((attr.va_mode & VSGID) && p->p_ucred->cr_gid != attr.va_gid)) && (imgp->vp->v_mount->mnt_flag & MNT_NOSUID) == 0 && - (p->p_flag & P_TRACED) == 0) { + (p->p_flag & (P_TRACED | P_UCHROOT)) == 0) { /* * Turn off syscall tracing for set-id programs, except for * root. --- kern/kern_fork.c 2000/09/05 22:10:22 1.80 +++ kern/kern_fork.c 2000/09/15 11:41:15 @@ -434,7 +434,7 @@ * Preserve some more flags in subprocess. P_PROFIL has already * been preserved. */ - p2->p_flag |= p1->p_flag & P_SUGID; + p2->p_flag |= p1->p_flag & (P_SUGID | P_UCHROOT); if (p1->p_session->s_ttyvp != NULL && p1->p_flag & P_CONTROLT) p2->p_flag |= P_CONTROLT; if (flags & RFPPWAIT) --- kern/vfs_syscalls.c 2000/09/05 02:13:14 1.165 +++ kern/vfs_syscalls.c 2000/09/15 11:41:18 @@ -906,6 +906,21 @@ &chroot_allow_open_directories, 0, ""); /* + * This sysctl determines if we will allow any process to chroot(), rather + * than only allowing the capability for "root" users. Once a user has + * performed the chroot(), there must be no way for it to gain elevated + * privileges, therefore P_UCHROOT is set and cannot be cleared in any + * way. P_UCHROOT is used by execve() in the same manner as P_TRACE: + * if the user has too much control over the process, it must not gain + * privileges. + */ + +static int chroot_allow_non_suser = 0; + +SYSCTL_INT(_kern, OID_AUTO, chroot_allow_non_suser, CTLFLAG_RW, + &chroot_allow_non_suser, 0, ""); + +/* * Change notion of root (``/'') directory. */ #ifndef _SYS_SYSPROTO_H_ @@ -922,12 +937,14 @@ } */ *uap; { register struct filedesc *fdp = p->p_fd; - int error; + int error, notsuser; struct nameidata nd; error = suser_xxx(0, p, PRISON_ROOT); - if (error) + if (error && !chroot_allow_non_suser) return (error); + notsuser = error; + error = 0; if (chroot_allow_open_directories == 0 || (chroot_allow_open_directories == 1 && fdp->fd_rdir != rootvnode)) error = chroot_refuse_vdir_fds(fdp); @@ -944,6 +961,8 @@ fdp->fd_jdir = nd.ni_vp; VREF(fdp->fd_jdir); } + if (notsuser) + p->p_flag |= P_UCHROOT; return (0); } --- sys/proc.h 2000/09/05 22:11:12 1.110 +++ sys/proc.h 2000/09/16 12:31:49 @@ -292,6 +292,7 @@ #define P_JAILED 0x1000000 /* Process is in jail */ #define P_OLDMASK 0x2000000 /* need to restore mask before pause */ #define P_ALTSTACK 0x4000000 /* have alternate signal stack */ +#define P_UCHROOT 0x8000000 /* process has performed a user-chroot */ #define P_CAN_SEE 1 #define P_CAN_KILL 2 -- Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! / green@FreeBSD.org `------------------------------' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 30 14:43:37 2000 Delivered-To: freebsd-security@freebsd.org Received: from jamus.xpert.com (jamus.xpert.com [199.203.132.17]) by hub.freebsd.org (Postfix) with ESMTP id 699FF37B502 for ; Sat, 30 Sep 2000 14:43:33 -0700 (PDT) Received: from roman (helo=localhost) by jamus.xpert.com with local-esmtp (Exim 3.12 #5) id 13fUPg-0007ks-00; Sat, 30 Sep 2000 23:43:20 +0200 Date: Sat, 30 Sep 2000 23:43:20 +0200 (IST) From: Roman Shterenzon To: Cy Schubert - ITSD Open Systems Group Cc: Adam Laurie , security@FreeBSD.ORG Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) In-Reply-To: <200009301404.e8UE4xU64460@cwsys.cwsent.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, 30 Sep 2000, Cy Schubert - ITSD Open Systems Group wrote: > I propose that just as we have RESTRICTED for ports, we could do > similar things with insecure applications. As a matter of fact we > already do, e.g. NO_BIND, NO_LPR, NO_SENDMAIL, NOGAMES and NOUUCP. We > could have additional NO_insecure_application definitions in make.conf. > > Instead, we could comment out in inetd.conf services that the community > has decided are insecure and have the administrator uncomment the > services he/she wishes to use. > > In short, the only conclusion that I can come to that would keep most > everyone happy, and even then some will bitch and complain, is that the > use of options in make.conf and in sysinstall should satisfy both > camps. Be prepared for those who will argue that they don't want to go > through a million options before installing FreeBSD. My answer to them > is that we can't have our cake and eat it too and to have options is > the closest thing we come to having our cake and eating it too. Still, I think the default should be "insecure" install, since most machines are firewalled. Let the OpenBSD guys stick to paranoya. If one wants to install an internet host, the "default-secure" install won't suffice anyway, so why annoy all other people which don't need the security? --Roman Shterenzon, UNIX System Administrator and Consultant [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 30 14:45:44 2000 Delivered-To: freebsd-security@freebsd.org Received: from ns1.sunesi.net (ns1.sunesi.net [196.15.192.194]) by hub.freebsd.org (Postfix) with ESMTP id 5F01337B502 for ; Sat, 30 Sep 2000 14:45:40 -0700 (PDT) Received: from nbm by ns1.sunesi.net with local (Exim 3.03 #1) id 13fURm-0004pj-00; Sat, 30 Sep 2000 23:45:30 +0200 Date: Sat, 30 Sep 2000 23:45:30 +0200 From: Neil Blakey-Milner To: Roman Shterenzon Cc: security@FreeBSD.ORG Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) Message-ID: <20000930234530.A18517@mithrandr.moria.org> References: <20000930160432.A15451@mithrandr.moria.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: ; from roman@xpert.com on Sat, Sep 30, 2000 at 11:37:12PM +0200 Organization: Sunesi Clinical Systems X-Operating-System: FreeBSD 3.3-RELEASE i386 X-URL: http://rucus.ru.ac.za/~nbm/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat 2000-09-30 (23:37), Roman Shterenzon wrote: > On Sat, 30 Sep 2000, Neil Blakey-Milner wrote: > > > > > > > Surely the same applies to FreeBSD itself? > > > > > > I find it very odd that ports get so much positive pressure from this > > > list to restrict/fix/exclude them when there is a security issue, but > > > try and get something done to core FreeBSD scripts/services etc., and > > > you'll get shot down in flames... Bizarre... > > > > Can you give examples? > > I can give you an example: ipfilter in the FreeBSD. > It still doesn't have a startup script in /etc/rc* > And it's not because it doesn't exist - in fact there's conf/20202, but > nothing is being done with it. > I guess that one can think of some other examples. I can't see how this was shot down. Darren just doesn't seem to have done anything about it. Reply to the PR, and ask if he still intends to do anything about it, and if he doesn't, then we can assign it to someone else. While it would be nice if developers regularly chased up things assigned to other developers and left for a while, it's best for the originator or stakeholders to actually _say_ something about it _in the PR_ and to the relevant lists if things go by too long. Neil -- Neil Blakey-Milner Sunesi Clinical Systems nbm@mithrandr.moria.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 30 15:15: 5 2000 Delivered-To: freebsd-security@freebsd.org Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82]) by hub.freebsd.org (Postfix) with ESMTP id DFB4337B503; Sat, 30 Sep 2000 15:14:59 -0700 (PDT) Received: from 149.211.6.64.reflexcom.com ([64.6.211.149]) by mailhost01.reflexnet.net with Microsoft SMTPSVC(5.5.1877.197.19); Sat, 30 Sep 2000 15:13:30 -0700 Received: (from cjc@localhost) by 149.211.6.64.reflexcom.com (8.11.0/8.11.0) id e8UMEa847588; Sat, 30 Sep 2000 15:14:36 -0700 (PDT) (envelope-from cjc) Date: Sat, 30 Sep 2000 15:14:36 -0700 From: "Crist J . Clark" To: Mike Silbersack Cc: "Brian F. Feldman" , Warner Losh , Jordan Hubbard , Roman Shterenzon , Kris Kennaway , security@FreeBSD.ORG Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) Message-ID: <20000930151436.D25121@149.211.6.64.reflexcom.com> Reply-To: cjclark@alum.mit.edu References: <200009301842.e8UIgA543368@green.dyndns.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: ; from silby@silby.com on Sat, Sep 30, 2000 at 04:22:46PM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, Sep 30, 2000 at 04:22:46PM -0500, Mike Silbersack wrote: > > On Sat, 30 Sep 2000, Brian F. Feldman wrote: > > > That is, one can create their own jail (or just chroot(8)... I should > > probably get user-chrooting reviewed ;) which they would use for running > > potentially evil things -- like reading e-mail with pine. It's not too > > difficult, but it's really easier just to switch to a better MUA. > > user-chrooting would be excellent. Chrooting MUAs / web browsers / etc > would be a nice feature no matter how secure the program in question seems > to be. If you get it implemented, I'll be the first to use the > feature. :) Why not just run each program under a different user? From the multi-user heritage of the OS, it is really good at keeping users from messing with each other's stuff. You set up a user to read mail, a user to browse, and a user to do whatever else is "risky." You can have one not-too-super-super-user (that you never do anything to risky with) who can access stuff from all of these individual users via group permissions. Here is an example, you have groups, mymailer:*:2010:mysu mysurfer:*:2020:mysu mygamer:*:2030:mysu And each of those users has a 002 umask. From you mysu account you can access everything. From mymailer, you can only screw up your mail (something that chrooting would not get around either). This might be an admin nightmare for systems that _are_ being used for true multi-user (more than one real person) systems. But for the average home box or single-user desktop, this seems that it does all chroot would do and then some with no extra hassles. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 30 15:29:36 2000 Delivered-To: freebsd-security@freebsd.org Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82]) by hub.freebsd.org (Postfix) with ESMTP id 0400037B502 for ; Sat, 30 Sep 2000 15:29:35 -0700 (PDT) Received: from 149.211.6.64.reflexcom.com ([64.6.211.149]) by mailhost01.reflexnet.net with Microsoft SMTPSVC(5.5.1877.197.19); Sat, 30 Sep 2000 15:28:11 -0700 Received: (from cjc@localhost) by 149.211.6.64.reflexcom.com (8.11.0/8.11.0) id e8UMTH347656; Sat, 30 Sep 2000 15:29:17 -0700 (PDT) (envelope-from cjc) Date: Sat, 30 Sep 2000 15:29:17 -0700 From: "Crist J . Clark" To: Roman Shterenzon Cc: Cy Schubert - ITSD Open Systems Group , Adam Laurie , security@FreeBSD.ORG Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) Message-ID: <20000930152917.E25121@149.211.6.64.reflexcom.com> Reply-To: cjclark@alum.mit.edu References: <200009301404.e8UE4xU64460@cwsys.cwsent.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: ; from roman@xpert.com on Sat, Sep 30, 2000 at 11:43:20PM +0200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, Sep 30, 2000 at 11:43:20PM +0200, Roman Shterenzon wrote: > Still, I think the default should be "insecure" install, since most > machines are firewalled. This brings up a funny problem. The people putting up boxes behind firewalls are typically the ones who know what they are doing, your pro and semi-pro sysadmin. They don't need the 'dumb defaults' on the system to turn stuff on for them. They could and often are going to customize that stuff anyway. The people putting up boxes naked on the net are many time your home coax cable, DSL, etc. users. They are less likely to know what they are doing. They are the ones the dumb defaults are aimed at. So, we have an interesting situation. The very person the dumb defaults are aimed at, the UNIX newbie, is the same person who is most likely to be running the machine naked on the net and have the least understanding of the security implications of his actions. Worrying about how the default install affects the experienced user is not too much of a concern since the experienced user knows how to turn stuff on and off (but personally, I'd rather have it all off). I guess I am one of the few that thinks we should default off for the good of the newbie user, rather than save the newbie 5 minutes of RTFM to turn on telnet and ftp. Just everyone hope no exploit like the recent SGI telnetd bug is ever found hiding in FreeBSD's telnetd. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 30 15:34:10 2000 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 3B40637B66D; Sat, 30 Sep 2000 15:34:08 -0700 (PDT) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id SAA45581; Sat, 30 Sep 2000 18:34:07 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Sat, 30 Sep 2000 18:34:06 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: "Brian F. Feldman" Cc: Mike Silbersack , security@FreeBSD.org Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) In-Reply-To: <200009302138.e8ULcW544214@green.dyndns.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, 30 Sep 2000, Brian F. Feldman wrote: > > user-chrooting would be excellent. Chrooting MUAs / web browsers / etc > > would be a nice feature no matter how secure the program in question seems > > to be. If you get it implemented, I'll be the first to use the > > feature. :) > > > > Mike "Silby" Silbersack > > Cool :) I use it, for example, for fuzz; it works quite nicely for that. I > think I have taken care of all the possible negative interactions and made > it safe, so it does need a review, but I'm fairly sure that many people will > want to be able to do chroot without being root. There's a difference between "chroot that is safe for normal users to use" and "chroot that is safe to contain a malicious process". Having glanced at these changes before, it may be that they allow normal users to make use of chroot() without endangering system integrity, but they do not allow for an effective sandbox for the purposes of security. Unless appropriate mandatory inter-process and privilege restrictions are in place, chroot() should not be used for security purposes, only to allow for nested file system environments (i.e., compilation, release building, etc). Using only chroot() and the ability to execute arbitrary code, it is easy to break out of a user-initiated sandbox if any processes owned by the same user are present outside of the sandbox. Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 30 15:37:11 2000 Delivered-To: freebsd-security@freebsd.org Received: from jamus.xpert.com (jamus.xpert.com [199.203.132.17]) by hub.freebsd.org (Postfix) with ESMTP id 1FBA137B66C for ; Sat, 30 Sep 2000 15:37:06 -0700 (PDT) Received: from roman (helo=localhost) by jamus.xpert.com with local-esmtp (Exim 3.12 #5) id 13fVFY-0007qR-00; Sun, 01 Oct 2000 00:36:56 +0200 Date: Sun, 1 Oct 2000 00:36:56 +0200 (IST) From: Roman Shterenzon To: cjclark@alum.mit.edu Cc: security@FreeBSD.ORG Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) In-Reply-To: <20000930152917.E25121@149.211.6.64.reflexcom.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, 30 Sep 2000, Crist J . Clark wrote: > On Sat, Sep 30, 2000 at 11:43:20PM +0200, Roman Shterenzon wrote: > > Still, I think the default should be "insecure" install, since most > > machines are firewalled. > > This brings up a funny problem. > > The people putting up boxes behind firewalls are typically the ones > who know what they are doing, your pro and semi-pro sysadmin. They > don't need the 'dumb defaults' on the system to turn stuff on for > them. They could and often are going to customize that stuff anyway. > > The people putting up boxes naked on the net are many time your home > coax cable, DSL, etc. users. They are less likely to know what they > are doing. They are the ones the dumb defaults are aimed at. > > So, we have an interesting situation. The very person the dumb > defaults are aimed at, the UNIX newbie, is the same person who is most > likely to be running the machine naked on the net and have the least > understanding of the security implications of his actions. > > Worrying about how the default install affects the experienced user is > not too much of a concern since the experienced user knows how to turn > stuff on and off (but personally, I'd rather have it all off). > > I guess I am one of the few that thinks we should default off for the > good of the newbie user, rather than save the newbie 5 minutes of RTFM > to turn on telnet and ftp. Just everyone hope no exploit like the > recent SGI telnetd bug is ever found hiding in FreeBSD's telnetd. I think that you're quite right on this one. I think that the solution which has "secure install" and "insecure" one with a cursor on the "insecure" is good enough for most of the people. Like one said, if you want to shoot yourself in the foot, just do it. Which reminds me - OpenBSD has "afterboot" manpage which describes many aspects of the system, perhaps we need something similar. --Roman Shterenzon, UNIX System Administrator and Consultant [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 30 15:37:25 2000 Delivered-To: freebsd-security@freebsd.org Received: from green.dyndns.org (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 42D9137B503; Sat, 30 Sep 2000 15:37:19 -0700 (PDT) Received: from localhost (0lbiwe@localhost [127.0.0.1] (may be forged)) by green.dyndns.org (8.11.0/8.11.0) with ESMTP id e8UMbE544527; Sat, 30 Sep 2000 18:37:17 -0400 (EDT) (envelope-from green@FreeBSD.org) Message-Id: <200009302237.e8UMbE544527@green.dyndns.org> X-Mailer: exmh version 2.2 06/23/2000 with nmh-1.0.4 To: cjclark@alum.mit.edu Cc: security@FreeBSD.org Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) In-Reply-To: Message from "Crist J . Clark" of "Sat, 30 Sep 2000 15:14:36 PDT." <20000930151436.D25121@149.211.6.64.reflexcom.com> From: "Brian F. Feldman" Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sat, 30 Sep 2000 18:37:14 -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org "Crist J . Clark" wrote: > On Sat, Sep 30, 2000 at 04:22:46PM -0500, Mike Silbersack wrote: > > > > On Sat, 30 Sep 2000, Brian F. Feldman wrote: > > > > > That is, one can create their own jail (or just chroot(8)... I should > > > probably get user-chrooting reviewed ;) which they would use for running > > > potentially evil things -- like reading e-mail with pine. It's not too > > > difficult, but it's really easier just to switch to a better MUA. > > > > user-chrooting would be excellent. Chrooting MUAs / web browsers / etc > > would be a nice feature no matter how secure the program in question seems > > to be. If you get it implemented, I'll be the first to use the > > feature. :) > > Why not just run each program under a different user? From the > multi-user heritage of the OS, it is really good at keeping users from > messing with each other's stuff. You set up a user to read mail, a > user to browse, and a user to do whatever else is "risky." You can > have one not-too-super-super-user (that you never do anything to risky > with) who can access stuff from all of these individual users via > group permissions. Here is an example, you have groups, > > mymailer:*:2010:mysu > mysurfer:*:2020:mysu > mygamer:*:2030:mysu > > And each of those users has a 002 umask. From you mysu account you can > access everything. From mymailer, you can only screw up your mail > (something that chrooting would not get around either). > > This might be an admin nightmare for systems that _are_ being used for > true multi-user (more than one real person) systems. But for the > average home box or single-user desktop, this seems that it does all > chroot would do and then some with no extra hassles. > -- > Crist J. Clark cjclark@alum.mit.edu I was going to suggest this, where a compromise would result in a _different_ user losing all its stuff (you mail only?), but it would still allow remote users to mount local attacks against suid programs and such. In a chroot, the only attacks would be ptrace()-based or socket()-based... In a jail, you have maybe sysv*-based attacks. -- Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! / green@FreeBSD.org `------------------------------' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 30 15:58:27 2000 Delivered-To: freebsd-security@freebsd.org Received: from delivery.insweb.com (delivery.insweb.com [12.16.212.64]) by hub.freebsd.org (Postfix) with ESMTP id EBEC537B502 for ; Sat, 30 Sep 2000 15:58:20 -0700 (PDT) Received: from ursine.com (dhcp4-202.secure.insweb.com [192.168.4.202]) by delivery.insweb.com (8.9.2/8.9.3) with ESMTP id PAA46698 for ; Sat, 30 Sep 2000 15:58:20 -0700 (PDT) (envelope-from fbsd-security@ursine.com) Message-ID: <39D6707D.CEAB26E2@ursine.com> Date: Sat, 30 Sep 2000 16:00:13 -0700 From: Michael Bryan X-Mailer: Mozilla 4.75 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: security@FreeBSD.ORG Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) References: <200009301404.e8UE4xU64460@cwsys.cwsent.com> <20000930152917.E25121@149.211.6.64.reflexcom.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org "Crist J . Clark" wrote: > > On Sat, Sep 30, 2000 at 11:43:20PM +0200, Roman Shterenzon wrote: > > Still, I think the default should be "insecure" install, since most > > machines are firewalled. > > [...] > > I guess I am one of the few that thinks we should default off for the > good of the newbie user, rather than save the newbie 5 minutes of RTFM > to turn on telnet and ftp. Just everyone hope no exploit like the > recent SGI telnetd bug is ever found hiding in FreeBSD's telnetd. I agree, mainly for the reasons you state --- the newbies that are most likely to install with defaults and no tweaking are often those who are running in environments where they need the most protection. The default install should be all services off, with an easy means to enable them explicitly during and after an install. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 30 15:58:58 2000 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id CFDA037B66C for ; Sat, 30 Sep 2000 15:58:21 -0700 (PDT) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id QAA27507; Sat, 30 Sep 2000 16:58:19 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id QAA13969; Sat, 30 Sep 2000 16:58:19 -0600 (MDT) Message-Id: <200009302258.QAA13969@harmony.village.org> To: Jordan Hubbard Subject: Re: Security and FreeBSD, my overall perspective Cc: security@FreeBSD.ORG In-reply-to: Your message of "Sat, 30 Sep 2000 11:44:19 PDT." <2376.970339459@winston.osd.bsdi.com> References: <2376.970339459@winston.osd.bsdi.com> Date: Sat, 30 Sep 2000 16:58:19 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <2376.970339459@winston.osd.bsdi.com> Jordan Hubbard writes: : (a) Continue to issue advisories for both the "system" and for : ports so that people are properly informed about : vulnerabilities when they're actually found (and not just : "suspected"). No body is proposing that we change that. At least not that I'm aware of. : (b) Add a new field to the ports infrastructure which indicates : level of "trust" the project/security people have in that : port. E.g. instead of having one big knob rather off-puttingly : labelled 'FORBIDDEN', have a 'TRUST' or 'SECURITY_LEVEL' variable : which goes from 1 to 10. Then the ports infrastructure can, if : it wishes to, issue warnings of varying severity based on the : trust level. 1 to 10 is too many levels. But I'm not sure what the right number is, so let's assume it is N and move on. I like this idea of having N levels. It is a generalization of what we've done in the past. In addition, we can issue warnings in the packages based on these levels, which is also good. : (c) Start doing meaningful auditing of code and stop chasing : various illusions of security. By this, I mean not just : blindly grepping around and assuming one is doing something : useful by replacing certain functions with ones which : bounds-check but actually *reading* the code and seeing : where the genuine flaws lie. They may lie completely : outside the area of buffer overflows (there being many many : ways to write insecure code) or they may be very specific : buffer overflows, where the user has an actual opportunity to : control the data going in. Data which is simply moving around : internally and never has the opportunity to overflow under : user control is not data you have to worry too much about. : In fact, in some cases you might prefer the code to : dump core and actually expose the bug rather than just : silently truncating data and producing rather more : erroneous results. Kris and I have read the code to pine. While I haven't discussed it with Kris, it looks like there are lots of problems in pine that are waiting to be exploited. It is a feeling I've gotten from working on this sort of thing for a long time, rather than a specific "this line of code is wrong." Generally, we, and OpenBSD, have gone the way of truncating long strings almost all the time. This has proven to be an effective deterrant. The arguments about what is better have largely been theoretical and haven't been implemented on a wide spread basis as the buffer truncation has been. To date I'm unaware of any problems caused by simply truncating the data. Reading the code takes a whole lot of time. Especially the pine code. It takes a lot know know what is going on. Requoting: : Data which is simply moving around : internally and never has the opportunity to overflow under : user control is not data you have to worry too much about. Ah, there's the rub. Now you too are into the probabilty game. It is hard to identify such data (since most programs have very little purely internal data, although much of the external data does come from trusted locations (eg /etc/master.passwd)). It is hard to know. With > 4000 instances of unsafe API usage, it is very likely that we'll see at least 10 bugs bite people in this area. Assume that each instance has a .1% chance of being an exploitable buffer overflow (this number may be too low). This means that the chances of there being NO exploitable buffer overflows are .999^4000, or 1.8%. The chances therefore that there is at least one buffer overflow is 98.2%. Even if we assume there's a .01% chance, there's still a 33% chance that we have at least one that's exploitable. Those are horrible odds, in my opinion (and I was conservative in calculating them because I used 4000 rather than the actual number). That's why it is hard to know if this port is safe or not. The odds are extremely high that it isn't. On Jordan's scale I'd rate this at a 9. 10 would be for ports with known security problems. I do like the trust level metric. For ports that we've extensively reviewed, we could rate them 1. For ports that we haven't, but that run as normal users we could rate them as 2. For ports we haven't that run at elevated privs, we could default to 5 (all these assume N is 10). Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 30 16: 4:10 2000 Delivered-To: freebsd-security@freebsd.org Received: from delivery.insweb.com (delivery.insweb.com [12.16.212.64]) by hub.freebsd.org (Postfix) with ESMTP id AF17437B502 for ; Sat, 30 Sep 2000 16:04:08 -0700 (PDT) Received: from ursine.com (dhcp4-202.secure.insweb.com [192.168.4.202]) by delivery.insweb.com (8.9.2/8.9.3) with ESMTP id QAA47097 for ; Sat, 30 Sep 2000 16:04:08 -0700 (PDT) (envelope-from fbsd-security@ursine.com) Message-ID: <39D671D9.62E7148B@ursine.com> Date: Sat, 30 Sep 2000 16:06:01 -0700 From: Michael Bryan X-Mailer: Mozilla 4.75 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) References: <008b01c02a71$6b8938c0$d04379a5@p4f0i0> <200009292349.TAA07263@giganda.komkon.org> <200009302123.PAA13609@harmony.village.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Warner Losh wrote: > > Maybe we need a category that is "This program may be insecure, set > INSECURE_OK in your /etc/make.conf if you don't have a problem with > that" for ports. I don't like the idea of a setting that gets set once, then allows all insecure ports to get installed without additional user confirmation. I'd much prefer an implementation that provided the following functionality: 1) By default, will not install a particular port if it is marked as potentially dangerous, but will instead provide a warning to the user/installer. 2) The user can do an override for that particular port to go ahead and install it anyway. That override must not carry over to other insecure ports, and it probably should not carry over to future re-installs of the same port. (In other words, each and every time you go to build/install an insecure port, you have to do something to override the default lockout.) That way, the admin/user gets reminded of the potential danger at every reasonable point. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 30 16: 6: 3 2000 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id EE7BD37B502 for ; Sat, 30 Sep 2000 16:05:58 -0700 (PDT) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id TAA45861; Sat, 30 Sep 2000 19:05:51 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Sat, 30 Sep 2000 19:05:51 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: Warner Losh Cc: Jordan Hubbard , security@FreeBSD.ORG Subject: Re: Security and FreeBSD, my overall perspective In-Reply-To: <200009302258.QAA13969@harmony.village.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, 30 Sep 2000, Warner Losh wrote: > I do like the trust level metric. For ports that we've extensively > reviewed, we could rate them 1. For ports that we haven't, but that > run as normal users we could rate them as 2. For ports we haven't > that run at elevated privs, we could default to 5 (all these assume N > is 10). I see a few axes here, which may be reducable down to a single axis of common cases, but: Exposure: Whether or not the application should, in normal use, be exposed to data of untrusted origin (e-mail, data files from untrusted users, socket connections in or out-bound, etc). - Intended to be run with exposure to untrusted environments - Not intended to run with exposure to untrusted environments Auditing: Whether or not the application has been audited by FreeBSD security developers, or other trusted parties. - Known decent - Unknown - Known bad Privilege: What amount of privilege and access this code will be run as, determining the level of damage possible as a result of an exploit. - Run with elevated privilege - Run by normal users - Run sandboxed Just some initial thoughts. Pine rates poorly on all counts: it is exposed to untrusted data (e-mail, SMTP, IMAP), is known bad in terms of past and current exploitable bugs, and is run by many users, potentially including the root user. Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 30 16: 6:15 2000 Delivered-To: freebsd-security@freebsd.org Received: from fyre.somcol.co.za (fyre.somcol.co.za [196.30.167.130]) by hub.freebsd.org (Postfix) with ESMTP id 8CB3437B503 for ; Sat, 30 Sep 2000 16:06:08 -0700 (PDT) Received: from localhost (jus@localhost) by fyre.somcol.co.za (8.9.3/8.9.3) with ESMTP id BAA29335; Sun, 1 Oct 2000 01:05:37 +0200 (SAST) (envelope-from jus@security.za.net) X-Authentication-Warning: fyre.somcol.co.za: jus owned process doing -bs Date: Sun, 1 Oct 2000 01:05:37 +0200 (SAST) From: Justin Stanford X-Sender: jus@fyre.somcol.co.za To: Warner Losh Cc: Jordan Hubbard , security@FreeBSD.ORG Subject: Re: Security and FreeBSD, my overall perspective In-Reply-To: <200009302258.QAA13969@harmony.village.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Sounds good to me. On Sat, 30 Sep 2000, Warner Losh wrote: > In message <2376.970339459@winston.osd.bsdi.com> Jordan Hubbard writes: > : (a) Continue to issue advisories for both the "system" and for > : ports so that people are properly informed about > : vulnerabilities when they're actually found (and not just > : "suspected"). > > No body is proposing that we change that. At least not that I'm aware > of. > > : (b) Add a new field to the ports infrastructure which indicates > : level of "trust" the project/security people have in that > : port. E.g. instead of having one big knob rather off-puttingly > : labelled 'FORBIDDEN', have a 'TRUST' or 'SECURITY_LEVEL' variable > : which goes from 1 to 10. Then the ports infrastructure can, if > : it wishes to, issue warnings of varying severity based on the > : trust level. > > 1 to 10 is too many levels. But I'm not sure what the right number > is, so let's assume it is N and move on. > > I like this idea of having N levels. It is a generalization of what > we've done in the past. In addition, we can issue warnings in the > packages based on these levels, which is also good. > > : (c) Start doing meaningful auditing of code and stop chasing > : various illusions of security. By this, I mean not just > : blindly grepping around and assuming one is doing something > : useful by replacing certain functions with ones which > : bounds-check but actually *reading* the code and seeing > : where the genuine flaws lie. They may lie completely > : outside the area of buffer overflows (there being many many > : ways to write insecure code) or they may be very specific > : buffer overflows, where the user has an actual opportunity to > : control the data going in. Data which is simply moving around > : internally and never has the opportunity to overflow under > : user control is not data you have to worry too much about. > : In fact, in some cases you might prefer the code to > : dump core and actually expose the bug rather than just > : silently truncating data and producing rather more > : erroneous results. > > Kris and I have read the code to pine. While I haven't discussed it > with Kris, it looks like there are lots of problems in pine that are > waiting to be exploited. It is a feeling I've gotten from working on > this sort of thing for a long time, rather than a specific "this line > of code is wrong." Generally, we, and OpenBSD, have gone the way of > truncating long strings almost all the time. This has proven to be an > effective deterrant. The arguments about what is better have largely > been theoretical and haven't been implemented on a wide spread basis > as the buffer truncation has been. To date I'm unaware of any > problems caused by simply truncating the data. > > Reading the code takes a whole lot of time. Especially the pine > code. It takes a lot know know what is going on. > > Requoting: > : Data which is simply moving around > : internally and never has the opportunity to overflow under > : user control is not data you have to worry too much about. > > Ah, there's the rub. Now you too are into the probabilty game. It is > hard to identify such data (since most programs have very little > purely internal data, although much of the external data does come > from trusted locations (eg /etc/master.passwd)). It is hard to know. > With > 4000 instances of unsafe API usage, it is very likely that > we'll see at least 10 bugs bite people in this area. Assume that each > instance has a .1% chance of being an exploitable buffer overflow > (this number may be too low). This means that the chances of there > being NO exploitable buffer overflows are .999^4000, or 1.8%. The > chances therefore that there is at least one buffer overflow is 98.2%. > Even if we assume there's a .01% chance, there's still a 33% chance > that we have at least one that's exploitable. Those are horrible > odds, in my opinion (and I was conservative in calculating them > because I used 4000 rather than the actual number). > > That's why it is hard to know if this port is safe or not. The odds > are extremely high that it isn't. On Jordan's scale I'd rate this at > a 9. 10 would be for ports with known security problems. > > I do like the trust level metric. For ports that we've extensively > reviewed, we could rate them 1. For ports that we haven't, but that > run as normal users we could rate them as 2. For ports we haven't > that run at elevated privs, we could default to 5 (all these assume N > is 10). > > Warner > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 30 16: 8:42 2000 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 3B4BF37B503 for ; Sat, 30 Sep 2000 16:08:39 -0700 (PDT) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id RAA27557; Sat, 30 Sep 2000 17:08:37 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id RAA14067; Sat, 30 Sep 2000 17:08:37 -0600 (MDT) Message-Id: <200009302308.RAA14067@harmony.village.org> To: Michael Bryan Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) Cc: freebsd-security@FreeBSD.ORG In-reply-to: Your message of "Sat, 30 Sep 2000 16:06:01 PDT." <39D671D9.62E7148B@ursine.com> References: <39D671D9.62E7148B@ursine.com> <008b01c02a71$6b8938c0$d04379a5@p4f0i0> <200009292349.TAA07263@giganda.komkon.org> <200009302123.PAA13609@harmony.village.org> Date: Sat, 30 Sep 2000 17:08:37 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <39D671D9.62E7148B@ursine.com> Michael Bryan writes: : I don't like the idea of a setting that gets set once, then allows all : insecure ports to get installed without additional user confirmation. : I'd much prefer an implementation that provided the following functionality: : : 1) By default, will not install a particular port if it is : marked as potentially dangerous, but will instead provide : a warning to the user/installer. : : 2) The user can do an override for that particular port to go : ahead and install it anyway. That override must not carry : over to other insecure ports, and it probably should not : carry over to future re-installs of the same port. (In other : words, each and every time you go to build/install an insecure : port, you have to do something to override the default lockout.) : That way, the admin/user gets reminded of the potential danger : at every reasonable point. After reading the rest of the thread, I'd have to agree with this. I like Jordan's trust metric. We'd have to come up with a good set of defaults and policies (eg, we don't want all ports to get rated a 10, neither do we want them to get rated a 1). We want something that people can set on their systems easily, and override for each individual port as necessary. Things like delegate and pine would get high numbers (say 8 or 9), while things like zip would get a low number (1 or 2). xlock* likely would need a high number, etc, etc, etc. I think that there's a lot of support for this notion (I could be wrong). Enough that it would be interesting trying to see how hard it would be to come up with an API that is easy to implement in the ports system as well as integrate into our package system. It would be a fair amount of work, but I think in the long run it would be useful. Maybe a strawman proposal is needed. Comments? Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 30 16:36: 4 2000 Delivered-To: freebsd-security@freebsd.org Received: from odin.ac.hmc.edu (Odin.AC.HMC.Edu [134.173.32.75]) by hub.freebsd.org (Postfix) with ESMTP id 1560737B66D for ; Sat, 30 Sep 2000 16:36:00 -0700 (PDT) Received: (from brdavis@localhost) by odin.ac.hmc.edu (8.11.0/8.11.0) id e8UNZtm21276; Sat, 30 Sep 2000 16:35:55 -0700 Date: Sat, 30 Sep 2000 16:35:55 -0700 From: Brooks Davis To: Warner Losh Cc: Michael Bryan , freebsd-security@FreeBSD.ORG Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) Message-ID: <20000930163555.A19473@Odin.AC.HMC.Edu> References: <39D671D9.62E7148B@ursine.com> <008b01c02a71$6b8938c0$d04379a5@p4f0i0> <200009292349.TAA07263@giganda.komkon.org> <200009302123.PAA13609@harmony.village.org> <39D671D9.62E7148B@ursine.com> <200009302308.RAA14067@harmony.village.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <200009302308.RAA14067@harmony.village.org>; from imp@village.org on Sat, Sep 30, 2000 at 05:08:37PM -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, Sep 30, 2000 at 05:08:37PM -0600, Warner Losh wrote: > I think that there's a lot of support for this notion (I could be > wrong). Enough that it would be interesting trying to see how hard it > would be to come up with an API that is easy to implement in the ports > system as well as integrate into our package system. It would be a > fair amount of work, but I think in the long run it would be useful. I haven't seen any significant objections (though some early though in the dammage control department for when a well rated port causes a problem as will eventually happen would be good.) I've got one suggestion though. I'd suggest that the scale be something like 1-N plus UNKNOWN. The reason being that I can't see any agreement being forthcoming on how bad a random program off the internet should labled. Some people might want unknown code to default to the level corresponding to "known root exploits in current version" while others might consider it a bit more trustworthy then that. A variable in make.conf could be used to decided what level those should be at. -- Brooks -- Any statement of the form "X is the one, true Y" is FALSE. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 30 16:46: 8 2000 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 1074937B502 for ; Sat, 30 Sep 2000 16:46:05 -0700 (PDT) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id RAA27658; Sat, 30 Sep 2000 17:46:03 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id RAA14278; Sat, 30 Sep 2000 17:46:03 -0600 (MDT) Message-Id: <200009302346.RAA14278@harmony.village.org> To: Brooks Davis Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) Cc: Michael Bryan , freebsd-security@FreeBSD.ORG In-reply-to: Your message of "Sat, 30 Sep 2000 16:35:55 PDT." <20000930163555.A19473@Odin.AC.HMC.Edu> References: <20000930163555.A19473@Odin.AC.HMC.Edu> <39D671D9.62E7148B@ursine.com> <008b01c02a71$6b8938c0$d04379a5@p4f0i0> <200009292349.TAA07263@giganda.komkon.org> <200009302123.PAA13609@harmony.village.org> <39D671D9.62E7148B@ursine.com> <200009302308.RAA14067@harmony.village.org> Date: Sat, 30 Sep 2000 17:46:03 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <20000930163555.A19473@Odin.AC.HMC.Edu> Brooks Davis writes: : On Sat, Sep 30, 2000 at 05:08:37PM -0600, Warner Losh wrote: : > I think that there's a lot of support for this notion (I could be : > wrong). Enough that it would be interesting trying to see how hard it : > would be to come up with an API that is easy to implement in the ports : > system as well as integrate into our package system. It would be a : > fair amount of work, but I think in the long run it would be useful. : : I haven't seen any significant objections (though some early though in the : dammage control department for when a well rated port causes a problem as : will eventually happen would be good.) I've got one suggestion though. : I'd suggest that the scale be something like 1-N plus UNKNOWN. The reason : being that I can't see any agreement being forthcoming on how bad a random : program off the internet should labled. Some people might want unknown : code to default to the level corresponding to "known root exploits in : current version" while others might consider it a bit more trustworthy : then that. A variable in make.conf could be used to decided what level : those should be at. Hmmm. I'm working on a strawman. I'll have to see if this can be added. The basic strawman is that there's a default level (say 3). Ports decalre things about themselves (HAS_SETUID_ROOT=yes, CODE_TRUST=horrible, CODE_TRUST=excellent, HAS_ROOT_HOLE=yes, etc). bsd.port.mk calcuates a value. It compares this value against two levels, one for warning and one for error. Ports below the warning level are handled like now. Ports at or above the warning level, but below the error level gets you a whining message. Ports at or above the error level refuse to build/install. One could then set the default level high when building/installing ports and that would make it harder to get ports to build generally, or one could set it lower if one wanted things to default to more permissive levels. Ditto with the warning levels. I'm still working on the details, and will be out of email touch for a while, but I think that a relatively simple system can be devised that will allow most people to get warm fuzzies, but allow the paranoid and permissive ends of the bell curve a chance to do their thing. It will be a little while before I have something. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 30 16:55:54 2000 Delivered-To: freebsd-security@freebsd.org Received: from winston.osd.bsdi.com (winston.osd.bsdi.com [204.216.27.229]) by hub.freebsd.org (Postfix) with ESMTP id F31DB37B66D for ; Sat, 30 Sep 2000 16:55:52 -0700 (PDT) Received: from winston.osd.bsdi.com (jkh@localhost [127.0.0.1]) by winston.osd.bsdi.com (8.11.0/8.9.3) with ESMTP id e8UNtVU06025; Sat, 30 Sep 2000 16:55:31 -0700 (PDT) (envelope-from jkh@winston.osd.bsdi.com) To: Warner Losh Cc: Michael Bryan , freebsd-security@FreeBSD.ORG Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) In-Reply-To: Message from Warner Losh of "Sat, 30 Sep 2000 17:08:37 MDT." <200009302308.RAA14067@harmony.village.org> Date: Sat, 30 Sep 2000 16:55:31 -0700 Message-ID: <6021.970358131@winston.osd.bsdi.com> From: Jordan Hubbard Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Maybe a strawman proposal is needed. Comments? I'd be happy to provide a strawpatch proposal. :-) Look for something from me tomorrow, since I brought it up and am sort of on the hook now. - Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 30 16:58:51 2000 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id E17CB37B502 for ; Sat, 30 Sep 2000 16:58:48 -0700 (PDT) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id RAA27711; Sat, 30 Sep 2000 17:58:47 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id RAA14364; Sat, 30 Sep 2000 17:58:46 -0600 (MDT) Message-Id: <200009302358.RAA14364@harmony.village.org> To: Jordan Hubbard Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) Cc: Michael Bryan , freebsd-security@FreeBSD.ORG In-reply-to: Your message of "Sat, 30 Sep 2000 16:55:31 PDT." <6021.970358131@winston.osd.bsdi.com> References: <6021.970358131@winston.osd.bsdi.com> Date: Sat, 30 Sep 2000 17:58:46 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <6021.970358131@winston.osd.bsdi.com> Jordan Hubbard writes: : > Maybe a strawman proposal is needed. Comments? : : I'd be happy to provide a strawpatch proposal. :-) Look for something : from me tomorrow, since I brought it up and am sort of on the hook : now. OK. Look at the one I sent you too :-) Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 30 18: 2:19 2000 Delivered-To: freebsd-security@freebsd.org Received: from giganda.komkon.org (giganda.komkon.org [209.125.17.66]) by hub.freebsd.org (Postfix) with ESMTP id 35A0837B66C; Sat, 30 Sep 2000 18:02:16 -0700 (PDT) Received: (from root@localhost) by giganda.komkon.org (8.9.3/8.9.3) id VAA41966; Sat, 30 Sep 2000 21:02:15 -0400 (EDT) (envelope-from str) Date: Sat, 30 Sep 2000 21:02:15 -0400 (EDT) From: Igor Roshchin Message-Id: <200010010102.VAA41966@giganda.komkon.org> To: security@freebsd.org Subject: A new problem in apache ? Cc: ache@freebsd.org Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello! Since this information has not appeared on this list yet, I am just forwarding what appeared on http://www.apacheweek.com/issues/00-09-22 and was quoted on BUGTRAQ yesterday. (in case somebody didn't notice it) I didn't find anything on the apache.org itself related to this problem yet. (Neither a patch nor a new release is available yet) However, www.apache.org is running a version that reports itself as Apache/1.3.13-dev Server at www.apache.org Port 80 Igor > Date: Sat, 30 Sep 2000 00:00:07 -0700 > From: Automatic digest processor > Subject: BUGTRAQ Digest - 28 Sep 2000 to 29 Sep 2000 (#2000-219) > To: Recipients of BUGTRAQ digests > > <..> > > --cMZZGAUNAKbTNcRMXARPPCaQdFUQGW > > Date: Fri, 29 Sep 2000 12:39:11 +0200 > From: Kevin van der Raad > Subject: Security vulnerability in Apache mod_rewrite > MIME-Version: 1.0 > Content-Type: text/plain; charset=us-ascii > Content-Transfer-Encoding: 7bit > > Hi, > > We stumbled across the following article and did not see this issue here > in Bugtraq: > > > > > > http://www.apacheweek.com/issues/00-09-22 > > > > Security vulnerability in mod_rewrite > > > > The Apache development list this week contains a fix for a security issue that affects previous > > versions of Apache, including Apache 1.3.12. Apache is only vulnerable if you use mod_rewrite > > and a specific case of the directive RewriteRule. If the result of a RewriteRule is a filename > > that contains regular expression references then an attacker may be able to access any > > file on the web server. > > > > Here are some example RewriteRule directives. The first is vulnerable, but the others are not > > > > RewriteRule /test/(.*) /usr/local/data/test-stuff/$1 > > RewriteRule /more-icons/(.*) /icons/$1 > > RewriteRule /go/(.*) http://www.apacheweek.com/$1 > > > > The patch is currently being tested and will be part of the release of Apache 1.3.13. Until > > then, users should check their configuration files and not use rules that map to a filename > > such as the first example above. > > > > > -- > > Kevin van der Raad > > ITsec Nederland B.V. > Exploit & Vulnerability Alerting Service > > P.O. box 5120 > NL 2000 GC Haarlem > Tel +31(0)23 542 05 78 > Fax +31(0)23 534 54 77 > > --cMZZGAUNAKbTNcRMXARPPCaQdFUQGW > <..> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 30 18:30:42 2000 Delivered-To: freebsd-security@freebsd.org Received: from nagual.pp.ru (pobrecita.freebsd.ru [194.87.13.42]) by hub.freebsd.org (Postfix) with ESMTP id C6CCB37B502 for ; Sat, 30 Sep 2000 18:30:39 -0700 (PDT) Received: (from ache@localhost) by nagual.pp.ru (8.11.0/8.11.0) id e911UZA26533; Sun, 1 Oct 2000 05:30:35 +0400 (MSD) (envelope-from ache) Date: Sun, 1 Oct 2000 05:30:35 +0400 From: "Andrey A. Chernov" To: Igor Roshchin Cc: security@freebsd.org Subject: Re: A new problem in apache ? Message-ID: <20001001053035.A26403@nagual.pp.ru> References: <200010010102.VAA41966@giganda.komkon.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200010010102.VAA41966@giganda.komkon.org>; from str@giganda.komkon.org on Sat, Sep 30, 2000 at 09:02:15PM -0400 Organization: Biomechanoid Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, Sep 30, 2000 at 09:02:15PM -0400, Igor Roshchin wrote: > > > Here are some example RewriteRule directives. The first is vulnerable, but the others are not > > > > > > RewriteRule /test/(.*) /usr/local/data/test-stuff/$1 Looks like famous ../../../ trick can be used. > > > RewriteRule /more-icons/(.*) /icons/$1 > > > RewriteRule /go/(.*) http://www.apacheweek.com/$1 -- Andrey A. Chernov http://ache.pp.ru/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 30 18:46:43 2000 Delivered-To: freebsd-security@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id 88DA537B503; Sat, 30 Sep 2000 18:46:39 -0700 (PDT) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id SAA11258; Sat, 30 Sep 2000 18:46:38 -0700 Received: from passer.osg.gov.bc.ca(142.32.110.29) via SMTP by point.osg.gov.bc.ca, id smtpda11256; Sat Sep 30 18:46:36 2000 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.11.0/8.9.1) id e911kWv82969; Sat, 30 Sep 2000 18:46:32 -0700 (PDT) Received: from cwsys9.cwsent.com(10.2.2.1), claiming to be "cwsys.cwsent.com" via SMTP by passer9.cwsent.com, id smtpdD82967; Sat Sep 30 18:46:29 2000 Received: (from uucp@localhost) by cwsys.cwsent.com (8.11.0/8.9.1) id e911kSk03262; Sat, 30 Sep 2000 18:46:28 -0700 (PDT) Message-Id: <200010010146.e911kSk03262@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpdTe3256; Sat Sep 30 18:45:51 2000 X-Mailer: exmh version 2.1.1 10/15/1999 Reply-To: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-OS: FreeBSD 4.1-RELEASE X-Sender: cy To: Robert Watson Cc: "Brian F. Feldman" , Mike Silbersack , security@FreeBSD.ORG Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) In-reply-to: Your message of "Sat, 30 Sep 2000 18:34:06 EDT." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sat, 30 Sep 2000 18:45:51 -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message , Robe rt Watson writes: > > Using only chroot() and the ability to execute arbitrary code, it is easy > to break out of a user-initiated sandbox if any processes owned by the > same user are present outside of the sandbox. The last time I tried the chroot() breakout code under FreeBSD-4 it didn't work. I assume that someone had fixed FreeBSD. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/DEC Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 30 19:12:43 2000 Delivered-To: freebsd-security@freebsd.org Received: from giganda.komkon.org (giganda.komkon.org [209.125.17.66]) by hub.freebsd.org (Postfix) with ESMTP id 7059337B503 for ; Sat, 30 Sep 2000 19:12:39 -0700 (PDT) Received: (from str@localhost) by giganda.komkon.org (8.9.3/8.9.3) id WAA49025 for security@freebsd.org; Sat, 30 Sep 2000 22:12:38 -0400 (EDT) (envelope-from str) Date: Sat, 30 Sep 2000 22:12:38 -0400 (EDT) From: Igor Roshchin Message-Id: <200010010212.WAA49025@giganda.komkon.org> To: security@freebsd.org Subject: advisory suggestion Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I remember there was a discussion 1-2 years ago, on how to state in advisories which versions of FreeBSD are vulnerable. Unfortunately I don't remember what was the final consensus, but may I make a suggestion based on the recent advisory? Sometimes, it is difficult to recall when a particular release was rolled out. So, say, if I have a box running 3.5.1 - and I start thinkin if that one is affected, I'd have to go to an ftp server and check the dates of the release, which makes it not very convenient. Well, 4.1.1 is out just a few days ago, so it is easier to recall that date, but if another advisory would come out a month from now, and would have the fix date of September 30, I wouldn't remember if it was before or after 4.1.1 was out. Otherwise, I think the current format is very clear. So, my suggestion is: when there are additional releases in N.K-STABLE (or N.K-CURRENT) branch (or to be more exact the particular N.K version of the branch) besides N.K-RELEASE (such as N.K.1-RELEASE), it would be nice to have a clause in there: Affects: FreeBSD..... ... including 3.5.1-RELEASE Corrected: .... (including 4.1.1-RELEASE [and later]) Regards, Igor > From: FreeBSD Security Advisories > To: FreeBSD Security Advisories > Subject: FreeBSD Security Advisory: FreeBSD-SA-00:53.catopen > Date: Wed, 27 Sep 2000 17:48:35 -0700 (PDT) > > -----BEGIN PGP SIGNED MESSAGE----- > > ============================================================================= > FreeBSD-SA-00:53 Security Advisory > FreeBSD, Inc. > > Topic: catopen() may pose security risk for third party code > > Category: core > Module: libc > Announced: 2000-09-27 > Affects: FreeBSD 5.0-CURRENT, 4.x and 3.x prior to the correction date. > Corrected: Problem 1: 2000-08-06 (FreeBSD 5.0-CURRENT) > 2000-08-22 (FreeBSD 4.1-STABLE) > 2000-09-07 (FreeBSD 3.5-STABLE) > Problem 2: 2000-09-08 (FreeBSD 5.0-CURRENT, 4.1-STABLE and > 3.5-STABLE) <..> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 30 19:16:26 2000 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 710AB37B66D; Sat, 30 Sep 2000 19:16:15 -0700 (PDT) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id WAA47502; Sat, 30 Sep 2000 22:15:57 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Sat, 30 Sep 2000 22:15:57 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: Cy Schubert - ITSD Open Systems Group Cc: "Brian F. Feldman" , Mike Silbersack , security@FreeBSD.ORG Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) In-Reply-To: <200010010146.e911kSk03262@cwsys.cwsent.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, 30 Sep 2000, Cy Schubert - ITSD Open Systems Group wrote: > In message >, Robe > rt Watson writes: > > > > Using only chroot() and the ability to execute arbitrary code, it is easy > > to break out of a user-initiated sandbox if any processes owned by the > > same user are present outside of the sandbox. > > The last time I tried the chroot() breakout code under FreeBSD-4 it > didn't work. I assume that someone had fixed FreeBSD. There are so many ways to break out of a chroot(8), there are almost too many to count, especially if you have privilege. The way I was referring to was to use ptrace() to control processes with a different process file lookup root, hence the requirement that they be owned by the same user, and my comment that in order to do it right, you need a more general MAC mechanism. chroot() simply changes the file system namespace (not necessarily even restricting it), it doesn't block the numerous other mechanisms for IPC in the system. jail(8) makes a fairly decent effort to limit access to privilege allowing the chroot() to be broken, and also limit IPC so as to prevent unwanted communication between processes in a jail() and outside of it. Brian's patches attempt to address some of the more common criticisms of chroot() by allowing the administrator to determine that an un-privileged chroot() will prevent setuid/setgid binaries from being executed (or at least, the mode bits being active), which counteracts some of the common user chroot() attacks, such as redoing the namespace so that setuid/setgid binaries which depend on a constant namespace misbehave. For example, an easy way to leverage the normal chroot(8) if it is permitted for unprivileged users is to hard link /usr/bin/su to /usr/tmp, create a custom /usr/tmp/etc with password files, et al, chroot() to /usr/tmp, and then use su to gain privilege. Brian's patches to not attempt to address breaking the chroot() through means other than the traditional file system namespace, as that's a much harder problem to address. Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 30 19:24:38 2000 Delivered-To: freebsd-security@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id 6C8B937B502 for ; Sat, 30 Sep 2000 19:24:35 -0700 (PDT) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id TAA11386; Sat, 30 Sep 2000 19:23:59 -0700 Received: from passer.osg.gov.bc.ca(142.32.110.29) via SMTP by point.osg.gov.bc.ca, id smtpda11384; Sat Sep 30 19:23:47 2000 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.11.0/8.9.1) id e912Nkd83167; Sat, 30 Sep 2000 19:23:46 -0700 (PDT) Received: from cwsys9.cwsent.com(10.2.2.1), claiming to be "cwsys.cwsent.com" via SMTP by passer9.cwsent.com, id smtpdI83165; Sat Sep 30 19:23:30 2000 Received: (from uucp@localhost) by cwsys.cwsent.com (8.11.0/8.9.1) id e912NT203428; Sat, 30 Sep 2000 19:23:29 -0700 (PDT) Message-Id: <200010010223.e912NT203428@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpdQr3421; Sat Sep 30 19:22:32 2000 X-Mailer: exmh version 2.1.1 10/15/1999 Reply-To: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-OS: FreeBSD 4.1-RELEASE X-Sender: cy To: Warner Losh Cc: Cy Schubert - ITSD Open Systems Group , Adam Laurie , security@FreeBSD.ORG Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) In-reply-to: Your message of "Sat, 30 Sep 2000 15:33:41 MDT." <200009302133.PAA13677@harmony.village.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sat, 30 Sep 2000 19:22:31 -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <200009302133.PAA13677@harmony.village.org>, Warner Losh writes: > In message <200009301404.e8UE4xU64460@cwsys.cwsent.com> Cy Schubert - ITSD Op > en Systems Group writes: > : miserably. My first impression when this happened was that I had a > : sense that we had a double standard. > > The programs that you wanted to remove also implemented a secure > protocol with Kerberos. That's why they weren't removed. They are > also 1000 times more widely used than even Pine is. It would take > some intellegent hacking to make it so that they would only use the > secure protocol, or that you had to explicitly request the insecure > one. No one has done this hacking yet. If they were less useful, > less widely deployed, then maybe we could get away with deleting them > completely. Sadly, they aren't, so we can't. I stand corrected. > > PINE, on the other hand, is just a mail agent. It should be flagged > as being dangerous and people need to jump through hoops to install > it. And, not everybody uses PINE. I use exmh, Jordan uses MH-E, the people I work with use ELM, and I've noticed others use mutt. In that respect it is just another mail agent that is used by some but not all of the people. So the impact of a decision to flag PINE as insecure affects some but not all of the poeple. When an MUA has been flagged with a security problem which cannot easily be fixed, e.g. the MH buffer overruns discussed on BUGTRAQ a year ago, I for one had to make a choice. Do I continue to use MH or do I switch. I switched to nmh. I think that PINE users are in the same predicament as I was a year ago until someone or they either fix their application, they switch to another, or they assess the risk as being low. > > Finally, we did kill setuidperl a while back, did we not? I noticed that. I have to admit that I've been out of sorts since May. If anyone requires an apology from me being a jerk on these lists, I apologise. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/DEC Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 30 19:24:55 2000 Delivered-To: freebsd-security@freebsd.org Received: from tisch.mail.mindspring.net (tisch.mail.mindspring.net [207.69.200.157]) by hub.freebsd.org (Postfix) with ESMTP id 9538F37B503 for ; Sat, 30 Sep 2000 19:24:49 -0700 (PDT) Received: from p4f0i0 (user-2inihhf.dialup.mindspring.com [165.121.70.47]) by tisch.mail.mindspring.net (8.9.3/8.8.5) with SMTP id WAA07369; Sat, 30 Sep 2000 22:24:45 -0400 (EDT) Message-ID: <000b01c02b4e$e499c4e0$2f4679a5@p4f0i0> From: "Jonathan M. Slivko" To: "Igor Roshchin" , References: <200010010212.WAA49025@giganda.komkon.org> Subject: Re: advisory suggestion Date: Sat, 30 Sep 2000 22:25:38 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I totally agree on that point. ---------------------------------------------------------------------------- ------------------------------ Jonathan M. Slivko, President & Founder - Linux Mafia Internet Services Phone: (212) 663-1109 - Pager: (917) 388-5304 (24/7) Webpage: http://www.linux-mafia.net -- "In FreeBSD We Trust!" AIM SN: OptixNYC -- Network Solutions Handle: JSR730 ---------------------------------------------------------------------------- ------------------------------ ----- Original Message ----- From: "Igor Roshchin" To: Sent: Saturday, September 30, 2000 10:12 PM Subject: advisory suggestion > > I remember there was a discussion 1-2 years ago, > on how to state in advisories which versions of FreeBSD are vulnerable. > Unfortunately I don't remember what was the final consensus, > but may I make a suggestion based on the recent advisory? > > Sometimes, it is difficult to recall when a particular release was > rolled out. So, say, if I have a box running 3.5.1 - and I start > thinkin if that one is affected, I'd have to go to an ftp server > and check the dates of the release, which makes it not very convenient. > Well, 4.1.1 is out just a few days ago, so it is easier to recall that date, > but if another advisory would come out a month from now, and would have > the fix date of September 30, I wouldn't remember if it was before > or after 4.1.1 was out. > Otherwise, I think the current format is very clear. > > So, my suggestion is: > when there are additional releases in N.K-STABLE (or N.K-CURRENT) branch > (or to be more exact the particular N.K version of the branch) > besides N.K-RELEASE (such as N.K.1-RELEASE), it would be nice > to have a clause in there: > > Affects: FreeBSD..... > ... including 3.5.1-RELEASE > > Corrected: .... > (including 4.1.1-RELEASE [and later]) > > Regards, > > Igor > > > > From: FreeBSD Security Advisories > > To: FreeBSD Security Advisories > > Subject: FreeBSD Security Advisory: FreeBSD-SA-00:53.catopen > > Date: Wed, 27 Sep 2000 17:48:35 -0700 (PDT) > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > > ============================================================================ = > > FreeBSD-SA-00:53 Security Advisory > > FreeBSD, Inc. > > > > Topic: catopen() may pose security risk for third party code > > > > Category: core > > Module: libc > > Announced: 2000-09-27 > > Affects: FreeBSD 5.0-CURRENT, 4.x and 3.x prior to the correction date. > > Corrected: Problem 1: 2000-08-06 (FreeBSD 5.0-CURRENT) > > 2000-08-22 (FreeBSD 4.1-STABLE) > > 2000-09-07 (FreeBSD 3.5-STABLE) > > Problem 2: 2000-09-08 (FreeBSD 5.0-CURRENT, 4.1-STABLE and > > 3.5-STABLE) > <..> > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 30 22: 8: 7 2000 Delivered-To: freebsd-security@freebsd.org Received: from public.bta.net.cn (public.bta.net.cn [202.96.0.97]) by hub.freebsd.org (Postfix) with SMTP id 1E95B37B502 for ; Sat, 30 Sep 2000 22:08:04 -0700 (PDT) Received: from netrinsics.com([202.106.16.220]) by public.bta.net.cn(JetMail 2.5.3.0) with SMTP id jmb39d71645; Sun, 1 Oct 2000 05:07:55 -0000 Received: (from robinson@localhost) by netrinsics.com (8.11.0/8.9.3) id e9159MK03344 for freebsd-security@freebsd.org; Sun, 1 Oct 2000 13:09:22 +0800 (+0800) (envelope-from robinson) Date: Sun, 1 Oct 2000 13:09:22 +0800 (+0800) From: Michael Robinson Message-Id: <200010010509.e9159MK03344@netrinsics.com> To: freebsd-security@freebsd.org Subject: KAME IPSEC with ipnat Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Just a pointer for anyone trying to get KAME IPSEC to work with ipnat: In order for the IPSEC "tunnellization" policy to take effect on a packet, it has to be routed to an interface. In many cases, you'll want your VPN gateway to also serve as a NAT gateway. However, ipnat only supports source address based policies; everything going out your outbound interface will be natified before it can be tunnelized, and an natified packet won't match your tunnelization policy. The simple solution is to route tunnel-bound VPN packets to the loopback interface: % route add 172.16.0.0 -netmask 0xffffff00 -interface lo0 These packets then get intercepted by the IPSEC layer, encapsulated, and sent out according to the SPD configuration. -Michael Robinson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 30 22:18:48 2000 Delivered-To: freebsd-security@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id 94FF437B502 for ; Sat, 30 Sep 2000 22:18:45 -0700 (PDT) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.3/8.9.3) id BAA12179; Sun, 1 Oct 2000 01:18:38 -0400 (EDT) (envelope-from wollman) Date: Sun, 1 Oct 2000 01:18:38 -0400 (EDT) From: Garrett Wollman Message-Id: <200010010518.BAA12179@khavrinen.lcs.mit.edu> To: "Jeffrey J. Mountin" Cc: security@FreeBSD.ORG Subject: Re: Security and FreeBSD, my overall perspective In-Reply-To: <4.3.2.20000930160153.00b8bc10@207.227.119.2> References: <20000930122217.A51270@freefall.freebsd.org> <2973.970342843@winston.osd.bsdi.com> <4.3.2.20000930160153.00b8bc10@207.227.119.2> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org < said: > While I like this idea to some extent, there should be a disclaimer and/or > be used on ports that have been checked over. Let me re-emphasize this. The mere fact that we are putting some effort into auditing some parts of the software we ship with could potentially create legal liability if any potential security problems are missed by the audit. This is true even despite any disclaimers we or the original authors might make, because the legal `footprint' of such disclaimers varies from place to place [1]. That's why it is important that, as FreeBSD becomes more commercially important, *someone* pay for a general-liability insurance policy which could protect the Project from such suits. It is an unfortunate fact of life that those who exercise editorial discretion (``publishers'') can, by omission as much as by commission, attract more legal scrutiny than mere conduits for information. Of course, it's not just security issues that could cause trouble; intellectual-property issues have been a problem in the past (remember xtetris?) and are likely to rise again. We also have to be concerned (although I've seen no evidence that the security team is anything but) that we make absolutely certain that a program really does have a security problem before reporting it as such; getting an advisory wrong could be cause for a lawsuit. -GAWollman [1] That's why the standard consumer-products warranty boilerplate always says something like, ``This warranty gives you specific legal rights, and you may have others which vary from jurisdiction to jurisdiction.'' I am told that Massachusetts is one of those places. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 30 22:19:56 2000 Delivered-To: freebsd-security@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id A651D37B502; Sat, 30 Sep 2000 22:19:53 -0700 (PDT) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.3/8.9.3) id BAA12187; Sun, 1 Oct 2000 01:19:53 -0400 (EDT) (envelope-from wollman) Date: Sun, 1 Oct 2000 01:19:53 -0400 (EDT) From: Garrett Wollman Message-Id: <200010010519.BAA12187@khavrinen.lcs.mit.edu> To: Robert Watson Cc: security@FreeBSD.ORG Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) In-Reply-To: References: <200009301842.e8UIgA543368@green.dyndns.org> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org < said: > It's interesting--people constantly bash type-safe languages, but sadly, > the majority of the exploited bugs today would all be fixed by writing > your mail reader in Java, ML, Modula-3... ...or Emacs Lisp. -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 30 22:26:29 2000 Delivered-To: freebsd-security@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id 607C437B502 for ; Sat, 30 Sep 2000 22:26:27 -0700 (PDT) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.3/8.9.3) id BAA12242; Sun, 1 Oct 2000 01:26:26 -0400 (EDT) (envelope-from wollman) Date: Sun, 1 Oct 2000 01:26:26 -0400 (EDT) From: Garrett Wollman Message-Id: <200010010526.BAA12242@khavrinen.lcs.mit.edu> To: cjclark@alum.mit.edu Cc: security@FreeBSD.ORG Subject: Multiple userids, one user In-Reply-To: <20000930151436.D25121@149.211.6.64.reflexcom.com> References: <200009301842.e8UIgA543368@green.dyndns.org> <20000930151436.D25121@149.211.6.64.reflexcom.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org < said: > Why not just run each program under a different user? To some extent I do this. When I am forced to use a Web browser configured insecurely (which for some inexplicable reason always seems to involve managing my finances), I switch to another VT, log in as my alter ego, and do what I need to do. Of course, not even my alter ego gives a valid e-mail address to the Web browser.... -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message