From owner-freebsd-security Sun Dec 31 2:24:54 2000 From owner-freebsd-security@FreeBSD.ORG Sun Dec 31 02:24:52 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from c2032.net (c452687-b.oklwn1.il.home.com [24.17.42.184]) by hub.freebsd.org (Postfix) with ESMTP id CFE3D37B400 for ; Sun, 31 Dec 2000 02:24:51 -0800 (PST) Received: from digger.n0p.org (216-53-213-223.ppp.mpinet.net [216.53.213.223]) by c2032.net (8.11.1/8.11.0) with ESMTP id eBVAYC112122 for ; Sun, 31 Dec 2000 04:34:16 -0600 (CST) Message-Id: <4.3.1.2.20001231051923.00aa2d90@mail.c2032.net> X-Sender: wintermute@mail.c2032.net X-Mailer: QUALCOMM Windows Eudora Version 4.3.1 Date: Sun, 31 Dec 2000 05:20:57 -0500 To: freebsd-security@freebsd.org From: Wintermute Subject: Access Control Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I was wondering if anyone here has had any experience with implementing access control system(s) in FreeBSD. If anyone has any information regarding their experience with ACLs, etc. under FreeBSD (i.e. TrustedBSD), sharing that info would be very much appreciated! :) -mute To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Dec 31 5:44:21 2000 From owner-freebsd-security@FreeBSD.ORG Sun Dec 31 05:44:19 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from jamus.xpert.com (jamus.xpert.com [199.203.132.17]) by hub.freebsd.org (Postfix) with ESMTP id 29C6037B402 for ; Sun, 31 Dec 2000 05:44:17 -0800 (PST) Received: from roman (helo=localhost) by jamus.xpert.com with local-esmtp (Exim 3.12 #5) id 14CimW-00072e-00 for freebsd-security@freebsd.org; Sun, 31 Dec 2000 15:44:16 +0200 Date: Sun, 31 Dec 2000 15:44:16 +0200 (IST) From: Roman Shterenzon To: Subject: Re: ports/23978: NEW PORT: security/amavis-perl (fwd) Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, I've finished my port of amavis (http://www.amavis.org/). It works for me (tm) and pkg-install and pkg-deinstall seem to work fine. Please try this port and report any problems to me. Thanks, P.S. Yes, it does take some cpu. There's nothing I can do about it. --Roman Shterenzon, UNIX System Administrator and Consultant [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ] ---------- Forwarded message ---------- Date: Sun, 31 Dec 2000 05:40:01 -0800 (PST) From: gnats-admin@FreeBSD.org To: roman@xpert.com Subject: Re: ports/23978: NEW PORT: security/amavis-perl Thank you very much for your problem report. It has the internal identification `ports/23978'. The individual assigned to look at your report is: freebsd-ports. You can access the state of your problem report at any time via this link: http://www.freebsd.org/cgi/query-pr.cgi?pr=23978 >Category: ports >Responsible: freebsd-ports >Synopsis: NEW PORT: security/amavis-perl, mail antivirus >Arrival-Date: Sun Dec 31 05:40:01 PST 2000 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Dec 31 8: 2:54 2000 From owner-freebsd-security@FreeBSD.ORG Sun Dec 31 08:02:52 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from ns1.via-net-works.net.ar (ns1.via-net-works.net.ar [200.10.100.10]) by hub.freebsd.org (Postfix) with ESMTP id 71BA537B400; Sun, 31 Dec 2000 08:02:50 -0800 (PST) Received: (from fpscha@localhost) by ns1.via-net-works.net.ar (8.9.3/8.9.3) id NAA23947; Sun, 31 Dec 2000 13:03:36 -0300 (ART) From: Fernando Schapachnik Message-Id: <200012311603.NAA23947@ns1.via-net-works.net.ar> Subject: Re: Proposed modification to ftpd In-Reply-To: <200012300003.eBU03dr93498@hak.lan.Awfulhak.org> "from Brian Somers at Dec 30, 2000 00:03:39 am" To: Brian Somers Date: Sun, 31 Dec 2000 13:03:36 -0300 (ART) Cc: Fernando Schapachnik , Kris Kennaway , security@FreeBSD.ORG Reply-To: Fernando Schapachnik X-Mailer: ELM [version 2.4ME+ PL82 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=ISO-8859-1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org En un mensaje anterior, Brian Somers escribió: > > Maybe, but that's how wu-ftpd does it. The objetive is to simplify > > migration from it. Anyway, this is a feature that stock FreeBSD ftpd > > does not have and is very usefull if you are doing virtual hosting. > > I'd favour extending the ftpchroot syntax. Assuming it's currently > only legal to have one user per line, we could introduce a second It's not. You can also use @group (which is preferred if you have many virtual users). > (colon-separated) field specifying the start directory. Regards. Fernando P. Schapachnik Administración de la red VIA NET.WORKS ARGENTINA S.A. fschapachnik@vianetworks.com.ar Conmutador: (54-11) 4323-3333 - Soporte: 0810-333-AYUDA To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Dec 31 8: 9:44 2000 From owner-freebsd-security@FreeBSD.ORG Sun Dec 31 08:09:42 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from peitho.fxp.org (peitho.fxp.org [209.26.95.40]) by hub.freebsd.org (Postfix) with ESMTP id E8A6C37B400 for ; Sun, 31 Dec 2000 08:09:10 -0800 (PST) Received: from earth.causticlabs.com (oca-c1s2-37.mfi.net [209.26.94.84]) by peitho.fxp.org (Postfix) with ESMTP id E90B71360E; Sun, 31 Dec 2000 11:08:59 -0500 (EST) Received: by earth.causticlabs.com (Postfix, from userid 1000) id 2A2821F5B; Sun, 31 Dec 2000 11:08:41 -0500 (EST) Date: Sun, 31 Dec 2000 11:08:40 -0500 From: Chris Faulhaber To: Fernando Schapachnik Cc: security@freebsd.org Subject: Re: Proposed modification to ftpd Message-ID: <20001231110840.A44549@earth.causticlabs.com> References: <200012291629.NAA08120@ns1.via-net-works.net.ar> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200012291629.NAA08120@ns1.via-net-works.net.ar>; from fpscha@ns1.via-net-works.net.ar on Fri, Dec 29, 2000 at 01:29:45PM -0300 Sender: jedgar@earth.causticlabs.com Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, Dec 29, 2000 at 01:29:45PM -0300, Fernando Schapachnik wrote: > Hello: > I just submitted PR bin/23944, which contains a patch against > 4.2R ftpd to add the following funcionality to chrooted users: The > user's home dir is splitted by the first '/./'. The first part is > used to chroot, and the second to chdir (eg, > '/usr/local/www/data/site/./htdocs', means chroot to > /usr/local/www/data/site, and then chdir to htdocs). > Isn't it the client's responsibility to CWD ? -- Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Dec 31 9: 8:40 2000 From owner-freebsd-security@FreeBSD.ORG Sun Dec 31 09:08:38 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from vista.athms.com (athms.bayarea.net [204.71.213.154]) by hub.freebsd.org (Postfix) with ESMTP id 0D97337B400 for ; Sun, 31 Dec 2000 09:08:37 -0800 (PST) Received: from goofy.int.athms.com ([192.168.100.12] helo=athms.com) by vista.athms.com with esmtp (Exim 3.16) id 14Cm6H-0008AC-00 ; Sun, 31 Dec 2000 09:16:53 -0800 Message-ID: <3A4F68DA.F2C91E78@athms.com> Date: Sun, 31 Dec 2000 09:11:54 -0800 From: Tom Czarnik X-Mailer: Mozilla 4.61 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-security@FreeBSD.ORG Cc: echelon , Darren Reed Subject: Re: IPFilter and new rc.conf scripts References: <20001231071333.14649.qmail@web1002.mail.yahoo.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > 4) I find out that I have to issue the command "ipf > -Fa -f /etc/ipf.rules" myself whenever I reboot > FreeBSD or the rules on tun0 won't work. However, the > rules on the internal network (group 9000) work as > expected. No matter I re-issue the command or not > after reboot. > > This confuses me as rc.conf loads the ipf.rules when > FreeBSD reboot. Why do I have to issue this command > again to activate the rules on tun0? Although IPF hasn't changed version numbers between 4.1R and 4.2R as displayed by 'ipf -V', something did change because you must now resync IPF with the interface list. The man page has changed to reflect this. In 4.1R the resync was only available on Solaris and IPF accepted rules for interfaces that had not been present upon initialization. With 4.2R, when IPF is first loaded, the tun0 interface is not present. This also happens if you use any interfaces as modules (as in my case). I use the following patch to rc.network. --- rc.network Fri Dec 8 18:04:44 2000 +++ rc.network.new Fri Dec 8 20:23:11 2000 @@ -218,7 +218,7 @@ ppp_command="${ppp_command} ${ppp_profile}" - echo -n "Starting ppp as \"${ppp_user}\"" + echo "Starting ppp as \"${ppp_user}\"" su -m ${ppp_user} -c "exec ${ppp_command}" ;; esac @@ -299,6 +299,12 @@ # if [ -n "${atm_pass1_done}" ]; then atm_pass2 + fi + + #* Resync IP Filter with any new interfaces (modules or tun0). + if [ -r "${ipfilter_rules}" ]; then + echo -n "IP Filter: " + ipf -y fi # Configure routing To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Dec 31 10: 2:37 2000 From owner-freebsd-security@FreeBSD.ORG Sun Dec 31 10:02:35 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from homer.softweyr.com (bsdconspiracy.net [208.187.122.220]) by hub.freebsd.org (Postfix) with ESMTP id 2EF1937B400 for ; Sun, 31 Dec 2000 10:02:35 -0800 (PST) Received: from [127.0.0.1] (helo=softweyr.com ident=Fools trust ident!) by homer.softweyr.com with esmtp (Exim 3.16 #1) id 14Cmss-000096-00; Sun, 31 Dec 2000 11:07:06 -0700 Sender: wes@FreeBSD.ORG Message-ID: <3A4F75CA.E67C7345@softweyr.com> Date: Sun, 31 Dec 2000 11:07:06 -0700 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.75 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: Tom Czarnik Cc: freebsd-security@FreeBSD.ORG, echelon , Darren Reed Subject: Re: IPFilter and new rc.conf scripts References: <20001231071333.14649.qmail@web1002.mail.yahoo.com> <3A4F68DA.F2C91E78@athms.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Tom Czarnik wrote: > > With 4.2R, when IPF is first loaded, the tun0 interface > is not present. You can take care of this little bobble with ipf -y in your ppp "linkup" script. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Dec 31 11:53: 6 2000 From owner-freebsd-security@FreeBSD.ORG Sun Dec 31 11:53:04 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from ns1.via-net-works.net.ar (ns1.via-net-works.net.ar [200.10.100.10]) by hub.freebsd.org (Postfix) with ESMTP id E7F9F37B400 for ; Sun, 31 Dec 2000 11:53:02 -0800 (PST) Received: (from fpscha@localhost) by ns1.via-net-works.net.ar (8.9.3/8.9.3) id QAA71938; Sun, 31 Dec 2000 16:54:09 -0300 (ART) From: Fernando Schapachnik Message-Id: <200012311954.QAA71938@ns1.via-net-works.net.ar> Subject: Re: Proposed modification to ftpd In-Reply-To: <20001231110840.A44549@earth.causticlabs.com> "from Chris Faulhaber at Dec 31, 2000 11:08:40 am" To: Chris Faulhaber Date: Sun, 31 Dec 2000 16:54:09 -0300 (ART) Cc: Fernando Schapachnik , security@freebsd.org Reply-To: Fernando Schapachnik X-Mailer: ELM [version 2.4ME+ PL82 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=ISO-8859-1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org En un mensaje anterior, Chris Faulhaber escribió: > On Fri, Dec 29, 2000 at 01:29:45PM -0300, Fernando Schapachnik wrote: > > Hello: > > I just submitted PR bin/23944, which contains a patch against > > 4.2R ftpd to add the following funcionality to chrooted users: The > > user's home dir is splitted by the first '/./'. The first part is > > used to chroot, and the second to chdir (eg, > > '/usr/local/www/data/site/./htdocs', means chroot to > > /usr/local/www/data/site, and then chdir to htdocs). > > > > Isn't it the client's responsibility to CWD ? Should be, but if you are doing virtual hosting chances are that your users will be clueless. A tipical environment for a hosting site may look like: virtual_root/ virtual_root/htdocs virtual_root/logs So to avoid support calls ("I upload my .html, but I see nothing in my browser"), you make them auto cd to htdocs. This is why wu-ftpd includes this feature in the first place. So, if you -like me- are tired of upgrading wu-ftpd because of security problems every now and then, and have hundreds of virtual sites to support, you'd better make it transparent to your users when you switch daemons, or they will kill you. Regards. Fernando P. Schapachnik Administración de la red VIA NET.WORKS ARGENTINA S.A. fschapachnik@vianetworks.com.ar Conmutador: (54-11) 4323-3333 - Soporte: 0810-333-AYUDA To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Dec 31 12:15:25 2000 From owner-freebsd-security@FreeBSD.ORG Sun Dec 31 12:15:22 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from vista.athms.com (athms.bayarea.net [204.71.213.154]) by hub.freebsd.org (Postfix) with ESMTP id D17C337B400 for ; Sun, 31 Dec 2000 12:15:18 -0800 (PST) Received: from goofy.int.athms.com ([192.168.100.12] helo=athms.com) by vista.athms.com with esmtp (Exim 3.16) id 14Cp10-0008E6-00 ; Sun, 31 Dec 2000 12:23:38 -0800 Message-ID: <3A4F94A0.2E56754D@athms.com> Date: Sun, 31 Dec 2000 12:18:40 -0800 From: Tom Czarnik X-Mailer: Mozilla 4.61 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: Wes Peters Cc: freebsd-security@FreeBSD.ORG, echelon , Darren Reed Subject: Re: IPFilter and new rc.conf scripts References: <20001231071333.14649.qmail@web1002.mail.yahoo.com> <3A4F68DA.F2C91E78@athms.com> <3A4F75CA.E67C7345@softweyr.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Wes Peters wrote: > > Tom Czarnik wrote: > > > > With 4.2R, when IPF is first loaded, the tun0 interface > > is not present. > > You can take care of this little bobble with ipf -y in your ppp "linkup" > script. There is an open PR#22859 that talks about the ppp/tun0 problem. The fix of loading IPFilter after ppp in the rc.network (like IPFW is done) will correct the problems with both tun0 and modules. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Dec 31 15:51:35 2000 From owner-freebsd-security@FreeBSD.ORG Sun Dec 31 15:51:33 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from spammie.svbug.com (unknown [198.79.110.2]) by hub.freebsd.org (Postfix) with ESMTP id 641E537B402; Sun, 31 Dec 2000 15:51:32 -0800 (PST) Received: from spammie.svbug.com (localhost.mozie.org [127.0.0.1]) by spammie.svbug.com (8.9.3/8.9.3) with ESMTP id PAA01718; Sun, 31 Dec 2000 15:51:21 -0800 (PST) (envelope-from jessem@spammie.svbug.com) Message-Id: <200012312351.PAA01718@spammie.svbug.com> Date: Sun, 31 Dec 2000 15:51:18 -0800 (PST) From: opentrax@email.com Reply-To: opentrax@email.com Subject: Re: Proposed modification to ftpd To: fschapachnik@vianetworks.com.ar Cc: kris@FreeBSD.ORG, security@FreeBSD.ORG In-Reply-To: <200012291655.NAA21010@ns1.via-net-works.net.ar> MIME-Version: 1.0 Content-Type: TEXT/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8BIT Sender: jessem@spammie.svbug.com Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 29 Dec, Fernando Schapachnik wrote: > En un mensaje anterior, Kris Kennaway escribió: > -- Start of PGP signed section. >> On Fri, Dec 29, 2000 at 01:29:45PM -0300, Fernando Schapachnik wrote: >> > Hello: >> > I just submitted PR bin/23944, which contains a patch against >> > 4.2R ftpd to add the following funcionality to chrooted users: The >> > user's home dir is splitted by the first '/./'. The first part is >> > used to chroot, and the second to chdir (eg, >> > '/usr/local/www/data/site/./htdocs', means chroot to >> > /usr/local/www/data/site, and then chdir to htdocs). >> >> Ugh, that's ugly syntax. > > Maybe, but that's how wu-ftpd does it. The objetive is to simplify > migration from it. Anyway, this is a feature that stock FreeBSD ftpd > does not have and is very usefull if you are doing virtual hosting. > Adding a feature is not always a good thing. As I recall, Wu-ftp is one of those buggy version of ftpd. If people want this feature that wu-ftp has, then they should use wu-ftp. Adding this, and possibly bugs, to ftp does not make sense. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Dec 31 18: 2:55 2000 From owner-freebsd-security@FreeBSD.ORG Sun Dec 31 18:02:53 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from bsdie.rwsystems.net (bsdie.rwsystems.net [209.197.223.2]) by hub.freebsd.org (Postfix) with ESMTP id 63DF437B400; Sun, 31 Dec 2000 18:02:53 -0800 (PST) Received: from bsdie.rwsystems.net([209.197.223.2]) (2531 bytes) by bsdie.rwsystems.net via sendmail with P:esmtp/R:bind_hosts/T:inet_zone_bind_smtp (sender: ) id for ; Sun, 31 Dec 2000 20:00:48 -0600 (CST) (Smail-3.2.0.111 2000-Feb-17 #1 built 2000-Jun-25) Date: Sun, 31 Dec 2000 20:00:47 -0600 (CST) From: James Wyatt To: opentrax@email.com Cc: fschapachnik@vianetworks.com.ar, kris@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: Proposed modification to ftpd In-Reply-To: <200012312351.PAA01718@spammie.svbug.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=X-UNKNOWN Content-Transfer-Encoding: QUOTED-PRINTABLE Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, 31 Dec 2000 opentrax@email.com wrote: > On 29 Dec, Fernando Schapachnik wrote: > > En un mensaje anterior, Kris Kennaway escribi=F3: > > -- Start of PGP signed section. > >> On Fri, Dec 29, 2000 at 01:29:45PM -0300, Fernando Schapachnik wrote: > >> > Hello: > >> > =09I just submitted PR bin/23944, which contains a patch against > >> > 4.2R ftpd to add the following funcionality to chrooted users: The > >> > user's home dir is splitted by the first '/./'. The first part is > >> > used to chroot, and the second to chdir (eg, > >> > '/usr/local/www/data/site/./htdocs', means chroot to > >> > /usr/local/www/data/site, and then chdir to htdocs). > >>=20 > >> Ugh, that's ugly syntax. > >=20 > > Maybe, but that's how wu-ftpd does it. The objetive is to simplify > > migration from it. Anyway, this is a feature that stock FreeBSD ftpd > > does not have and is very usefull if you are doing virtual hosting. > >=20 > Adding a feature is not always a good thing. > As I recall, Wu-ftp is one of those buggy version of ftpd. > If people want this feature that wu-ftp has, then they > should use wu-ftp. Adding this, and possibly bugs, to > ftp does not make sense. Did I miss something? Adding *any* feature can possibly add bugs, right? I don't see where adding the wu-ftpd login-dir syntax would add "wu-ftpd style bugs". We aren't using their source, right? They do not have the tools like snprintf() and friends that we can use to get this right. FWIW, I run both FreeBSD and wu-ftpd FTP servers and would *really* like to see the above feature included. While I agree the syntax is a hack, it and things like internal-ls reduce the reliance of the FreeBSD community upon wu-ftpd and improve our lot. Fewer cracked FreeBSD systems is good. -- James Wyatt, R/WSystems, We are but patterns in the entropy of the cosmos To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Dec 31 19:40:45 2000 From owner-freebsd-security@FreeBSD.ORG Sun Dec 31 19:40:43 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from web1003.mail.yahoo.com (web1003.mail.yahoo.com [128.11.23.93]) by hub.freebsd.org (Postfix) with SMTP id 03A7A37B400 for ; Sun, 31 Dec 2000 19:40:43 -0800 (PST) Received: (qmail 8686 invoked by uid 60001); 1 Jan 2001 03:40:42 -0000 Message-ID: <20010101034042.8685.qmail@web1003.mail.yahoo.com> Received: from [205.252.144.26] by web1003.mail.yahoo.com; Sun, 31 Dec 2000 19:40:42 PST Date: Sun, 31 Dec 2000 19:40:42 -0800 (PST) From: echelon Subject: Re: IPFilter and new rc.conf scripts To: Tom Czarnik , Wes Peters Cc: FreeBSD Security , IPFilter MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Happy New Year! Thanks for your information. PR conf/22859 explains why ipf can't work on tun0 after reboot. So the ad-hoc solution is to put "ipf -y" in /etc/ppp/ppp.linkup. Thanks again. -echelon --- Tom Czarnik wrote: > Wes Peters wrote: > > > > Tom Czarnik wrote: > > > > > > With 4.2R, when IPF is first loaded, the tun0 > interface > > > is not present. > > > > You can take care of this little bobble with ipf > -y in your ppp "linkup" > > script. > > There is an open PR#22859 that talks about the > ppp/tun0 problem. The > fix of loading IPFilter after ppp in the rc.network > (like IPFW is done) > will correct the problems with both tun0 and modules. __________________________________________________ Do You Yahoo!? Yahoo! Photos - Share your holiday photos online! http://photos.yahoo.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Dec 31 22:26:56 2000 From owner-freebsd-security@FreeBSD.ORG Sun Dec 31 22:26:55 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.66]) by hub.freebsd.org (Postfix) with ESMTP id 0B14037B400 for ; Sun, 31 Dec 2000 22:26:53 -0800 (PST) Received: from billy-club.village.org (billy-club.village.org [10.0.0.3]) by rover.village.org (8.11.0/8.11.0) with ESMTP id f016Qps85915 for ; Sun, 31 Dec 2000 23:26:52 -0700 (MST) (envelope-from imp@billy-club.village.org) Received: from billy-club.village.org (localhost [127.0.0.1]) by billy-club.village.org (8.11.1/8.8.3) with ESMTP id f016Pqs13614 for ; Sun, 31 Dec 2000 23:25:52 -0700 (MST) Message-Id: <200101010625.f016Pqs13614@billy-club.village.org> Subject: Re: Proposed modification to ftpd To: security@FreeBSD.ORG In-reply-to: Your message of "Sun, 31 Dec 2000 20:00:47 CST." References: Date: Sun, 31 Dec 2000 23:25:52 -0700 From: Warner Losh Sender: imp@billy-club.village.org Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org While the syntax is ugly, I agree that it would be useful to have in our ftpd. In the little consulting I did, this was a huge, huge, huge requested feature. While we could invent yet another syntax, it would likely be better to use a slightly ugly, widely deployed syntax that people are familiar with than a less ugly one they would be more inclined to make a mistake with and have a false sense of security. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Dec 31 22:46:25 2000 From owner-freebsd-security@FreeBSD.ORG Sun Dec 31 22:46:24 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.66]) by hub.freebsd.org (Postfix) with ESMTP id 3599537B400 for ; Sun, 31 Dec 2000 22:46:23 -0800 (PST) Received: from billy-club.village.org (billy-club.village.org [10.0.0.3]) by rover.village.org (8.11.0/8.11.0) with ESMTP id f016kIs86034; Sun, 31 Dec 2000 23:46:18 -0700 (MST) (envelope-from imp@billy-club.village.org) Received: from billy-club.village.org (localhost [127.0.0.1]) by billy-club.village.org (8.11.1/8.8.3) with ESMTP id f016jIs13799; Sun, 31 Dec 2000 23:45:19 -0700 (MST) Message-Id: <200101010645.f016jIs13799@billy-club.village.org> To: "Michael C . Wu" Subject: Re: Large scan activity Cc: Joseph Scott , "freebsd-security@freebsd.org" In-reply-to: Your message of "Sat, 30 Dec 2000 14:43:22 CST." <20001230144322.B48171@peorth.iteration.net> References: <20001230144322.B48171@peorth.iteration.net> Date: Sun, 31 Dec 2000 23:45:18 -0700 From: Warner Losh Sender: imp@billy-club.village.org Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <20001230144322.B48171@peorth.iteration.net> "Michael C . Wu" writes: : If they can't, they'll find someone who is more clued. Only if they are motivated to do so. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Dec 31 23:36:23 2000 From owner-freebsd-security@FreeBSD.ORG Sun Dec 31 23:36:22 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from peorth.iteration.net (peorth.iteration.net [208.190.180.178]) by hub.freebsd.org (Postfix) with ESMTP id DFBAB37B400 for ; Sun, 31 Dec 2000 23:36:20 -0800 (PST) Received: by peorth.iteration.net (Postfix, from userid 1001) id AEB61574D5; Mon, 1 Jan 2001 01:36:48 -0600 (CST) Date: Mon, 1 Jan 2001 01:36:48 -0600 From: "Michael C . Wu" To: Warner Losh Cc: Joseph Scott , "freebsd-security@freebsd.org" Subject: Re: Large scan activity Message-ID: <20010101013648.A47665@peorth.iteration.net> Reply-To: "Michael C . Wu" Mail-Followup-To: "Michael C . Wu" , Warner Losh , Joseph Scott , "freebsd-security@freebsd.org" References: <20001230144322.B48171@peorth.iteration.net> <20001230144322.B48171@peorth.iteration.net> <200101010645.f016jIs13799@billy-club.village.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200101010645.f016jIs13799@billy-club.village.org>; from imp@village.org on Sun, Dec 31, 2000 at 11:45:18PM -0700 X-PGP-Fingerprint: 5025 F691 F943 8128 48A8 5025 77CE 29C5 8FA1 2E20 X-PGP-Key-ID: 0x8FA12E20 Sender: keichii@peorth.iteration.net Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, Dec 31, 2000 at 11:45:18PM -0700, Warner Losh scribbled: | In message <20001230144322.B48171@peorth.iteration.net> "Michael C . Wu" writes: | : If they can't, they'll find someone who is more clued. | | Only if they are motivated to do so. The same problem applies to English speaking admins, no? :) -- +------------------------------------------------------------------+ | keichii@peorth.iteration.net | keichii@bsdconspiracy.net | | http://peorth.iteration.net/~keichii | Yes, BSD is a conspiracy. | +------------------------------------------------------------------+ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message