From owner-freebsd-security Sun Apr 21 10:27:37 2002 Delivered-To: freebsd-security@freebsd.org Received: from DNS2.alterity.net (dns2.alterity.net [198.63.17.11]) by hub.freebsd.org (Postfix) with ESMTP id 2553337B416; Sun, 21 Apr 2002 10:27:16 -0700 (PDT) Received: from prime.gushi.org (prime.gushi.org [208.23.118.172]) by DNS2.alterity.net (8.11.6/8.11.6) with ESMTP id g3LHPWn06352; Sun, 21 Apr 2002 13:25:33 -0400 (EDT) (envelope-from danm@prime.gushi.org) Received: from prime.gushi.org (localhost [127.0.0.1]) by prime.gushi.org (8.12.3/8.12.3) with ESMTP id g3LHRFAm039533; Sun, 21 Apr 2002 13:27:15 -0400 (EDT) Received: from localhost (danm@localhost) by prime.gushi.org (8.12.3/8.12.3/Submit) with ESMTP id g3LHRFd2039530; Sun, 21 Apr 2002 13:27:15 -0400 (EDT) Date: Sun, 21 Apr 2002 13:27:14 -0400 (EDT) From: "Dan Mahoney, System Admin" To: questions@freebsd.org Cc: security@freebsd.org Subject: Locate revealing contents of root:wheel 700 directories Message-ID: <20020421131741.U39364-100000@prime.gushi.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, I noticed that in freeBSD 4.5, locate shows the contents of all folders, even in my previously root:wheel 700 directory, /mnt/var/log. (It's my /var/log directory). I don't recall this being the case previously, and I thought for a moment that it was like the linux slocate, where the locate tool respects permissions (i.e. I wouldn't be able to see the contents of /var/log if I weren't root), but su -ling down to an unprivileged user has confirmed this. I should note that the crontab which calls locate checks for file ownership, but by default, shouldn't the locate utility? -Dan Mahoney -- "And, a special guest, from the future, miss Ria Pischell. Miss Pischell, as you all know, is the inventor of the Statiophonic Oxygenetic Amplifiagraphaphonadelaverberator, and it's pretty hard to imagine life without one of those. -Rufus, Bill & Ted's Bogus Journey --------Dan Mahoney-------- Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Web: http://prime.gushi.org finger danm@prime.gushi.org for pgp public key and tel# --------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Apr 21 15:39:59 2002 Delivered-To: freebsd-security@freebsd.org Received: from obsecurity.dyndns.org (adsl-64-165-226-18.dsl.lsan03.pacbell.net [64.165.226.18]) by hub.freebsd.org (Postfix) with ESMTP id CCF6F37B417; Sun, 21 Apr 2002 15:38:05 -0700 (PDT) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 63F2E66C8C; Sun, 21 Apr 2002 15:38:05 -0700 (PDT) Date: Sun, 21 Apr 2002 15:38:05 -0700 From: Kris Kennaway To: "Dan Mahoney, System Admin" Cc: questions@freebsd.org, security@freebsd.org Subject: Re: Locate revealing contents of root:wheel 700 directories Message-ID: <20020421153805.A22029@xor.obsecurity.org> References: <20020421131741.U39364-100000@prime.gushi.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="liOOAslEiF7prFVr" Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020421131741.U39364-100000@prime.gushi.org>; from danm@prime.gushi.org on Sun, Apr 21, 2002 at 01:27:14PM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --liOOAslEiF7prFVr Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Sun, Apr 21, 2002 at 01:27:14PM -0400, Dan Mahoney, System Admin wrote: > Hi, I noticed that in freeBSD 4.5, locate shows the contents of all > folders, even in my previously root:wheel 700 directory, /mnt/var/log. Only if you run the locate.updatedb utility as root (i.e. in a non-default way). locate only searches the database, it doesn't have any extra privileges. Kris --liOOAslEiF7prFVr Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8wz9MWry0BWjoQKURAg3EAJ9rY5SqD4J7cR8lZKtZ0n6NiGyNjACdFyAn LNZibPaHQkRBI810MWX4PDE= =s0ML -----END PGP SIGNATURE----- --liOOAslEiF7prFVr-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Apr 21 21:41: 7 2002 Delivered-To: freebsd-security@freebsd.org Received: from smtp.west.cox.net (ip68-5-149-166.oc.oc.cox.net [68.5.149.166]) by hub.freebsd.org (Postfix) with SMTP id 1EF2237B404 for ; Sun, 21 Apr 2002 21:34:35 -0700 (PDT) Message-ID: <000e01c1e9a5$363abfa0$6500000a@Tcm2k> From: "HCV Anonymous" To: "Simple@localhost" Subject: You or someone you know has Hepatitis C. Date: Sun, 21 Apr 2002 19:27:12 -0700 MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_NextPart_000_000A_01C1E96A.89B12E20" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_000A_01C1E96A.89B12E20 Content-Type: multipart/alternative; boundary="----=_NextPart_001_000B_01C1E96A.89B12E20" ------=_NextPart_001_000B_01C1E96A.89B12E20 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable If you are unable to view this email in HTML = format, cut and paste the following URL into the address bar of your web = browser. http://www.hcvanonymous.com/publicmessage.html =20 =20 You or someone you know has Hepatitis C. =20 In the United States, almost every = person knows someone with HCV. It is suspected that there are, at = present, more than 5 million people in the United States who are = infected with Hepatitis C, and perhaps as many as 200 million around the = world. This makes HCV one of the greatest = public health threats faced in this century. Without rapid intervention = to contain the spread of the disease, the death rate from hepatitis C = will surpass that from AIDS in the next few years and will only get = worse. =20 =20 Click Cover To Read Story =20 =20 =20 Pamela Anderson Shows Courage =20 Pamela Anderson Click Picture To Read Story Pamela's Hepatitis Bombshell In a surprise announcement, Pamela = Anderson said she was suffering from hepatitis C, and she blames the = infection on ex-husband Tommy Lee. =20 =20 =20 About HCV Anonymous =20 We at www.hcvanonymous.com would like to = welcome any interested people to join us in the fight against this = disease. Information is power, and together we can make a difference. = HCV Anonymous is a public benefit corporation and is not organized for = the private gain of any person. HCV Anonymous is a group created to = combine the strength of many members to benefit one and all.=20 Please, we ask that you become involved = in any way that you can; feel free to forward this e-mail. You are not = obligated to donate financially to HCV Anonymous; there are no dues or = fees. However, our 501(c)(3) non-profit status will be finalized in the = next few months, and we have modified the Twelve Traditions from = Alcoholics Anonymous so that we may accept contributions and advertise. We have already started to research and = apply for a number of grants and donations from major corporate = sponsors. This way we will be able to build the World Service = Organization (WSO), publish and distribute literature, promote HCV = Anonymous at conventions and workshops, and do public service = announcements.=20 Our primary aim for the immediate future = is to bring together hepatitis support groups, patients, and = organizations that serve people with hepatitis, to work towards the = common goal of unity, education, support, and spiritual awareness. By = linking resources, we are creating a centralized community as well as a = large network for support, unifying us, assisting us to confront, = evaluate, and challenge and change thinking that impedes our progress = and well-being. We will be offering FREE Meeting Starter = Packs for already existing HCV meetings, and for new groups of = interested people willing to follow the 12 Traditions of HCV Anonymous. = The Meeting Starter Packs will include HCV Anonymous Positive Attitudes = Workbooks, Meeting Guidelines, Meeting Formats, Literature Packs, = Newcomer Chips, and all Celebration Tokens. There is no authority structure. HCV = Anonymous is made up mainly of volunteers who seek to work together in = many contexts. By committing ourselves to service and unity, we are not = demanding spiritual or other personal uniformity. We meet on points of = accord. Each of us believes that together we can make the world a better = place to live for everyone infected with or affected by HCV. =20 =20 =20 =20 A few of the ways you can help: =20 1. Volunteer to help us promote HCV = Anonymous. 2. We need translators to translate our = website into French, German, Italian, Dutch, Spanish, Portuguese, Chinese, = Japanese, Russian, Korean, etc. This way we can serve other countries and unite = them with our cause.=20 3. Volunteer to host an online open = chat or 12-Step meeting. (All time zones needed.) 4. Become a sponsor or e-mail partner. 5. Start an HCV Anonymous meeting in = your area. 6. Donate to HCV Anonymous if you can. 7. Join as a member of HCV Anonymous on = our website or click here to subscribe to newsletters. =20 =20 =20 Why a 12-Step program for HCV? =20 There are many people with hepatitis C = whose emotions and behavior are destroying them; this behavior is = putting an unnecessary burden on many of their loved ones. They may have = drinking, smoking, eating, fitness, psychological, and sexual issues = that need to be addressed. They may have unresolved issues regarding = treatment. Others may need to "come to believe that a power greater than = themselves exists." They do not believe in God or a Higher Power, or = their relationship with their Higher Power is faltering.=20 There are other people who need to learn = how to assess all facets of their health (clean house), trust their = Higher Power, and unload the guilt, shame, and depression that is = holding them in bondage (whether they are aware of it or not). There are others who have by now = transformed the stumbling block of HCV into a stepping-stone. They have = learned how to live happy, healthy, and normal lives. Here, they can use = their experience, strength, and hope to help others. =20 It has been proven that 12-Step programs = work. There are over 300 different 12-Step programs. HCV Anonymous = Positive Attitudes is tailored to meet the needs of everyone infected = with or affected by HCV. This manuscript uses a "Higher Power of = your understanding" approach. This non-religious approach hosts everyone = regardless of race, creed, religion or lack of religion, or sexual = orientation. Our program offers guidelines for a variety of meeting = formats. =20 =20 =20 =20 Visit our website and get the second = edition of our 12-Step Workbook HCV Anonymous Positive Attitudes PDF = File Version FREE. You can even print it out.=20 =20 =20 This innovative ALL FREE interactive = website will help you locate and meet people who have HCV. You can = upload or view photos, post messages, place or read personal ads, etc; = get support from people with or affected by HCV; join on-line meetings = and chats. We also provide you with current news. We offer an excellent layout of links to = hundreds of websites that will help you find everything you need, = including SSI/Disability, alternative treatment, doctors specializing in = HCV, free medication, help for depression, and much more.=20 If you have a website, please link to = ours, or have us link to yours; there is strength in numbers! E-mail to = info@hcvanonymous.com This message was brought to you by HCV = Anonymous. Thank you for being part of our vision. HCV Anonymous Staff =20 =20 =20 Thank you for taking the time to read = this message. This is an unsolicited (bulk e-mail) Public Service = Announcement--not an unsolicited commercial e-mail. =20 If you feel you have received this = e-mail in error or would like to be removed from our e-mail list please = click here to unsubscribe or e-mail unsubscribe@hcvanonymous.com and put = "UNSUBSCRIBE HCV" in the subject line (all capitals without quotation = marks). This unsolicited bulk e-mail meets = requirements of the United States Unsolicited Commercial Electronic Mail = Act of 2001 (H.R. 95) This message is being sent to you in = compliance with the proposed Federal legislation for commercial e-mail = (S.1618 - SECTION 301). Pursuant to Section 301, Paragraph (a)(2)(C) of = S. 1618, further transmissions to you by the sender of this e-mail may = be stopped at no cost to you by submitting a request to = unsubscribe@hcvanonymous.com and put "UNSUBSCRIBE HCV" in the subject = line (all capitals without quotation marks). Furthermore, this message = cannot be considered spam as long as we include sender contact = information. Copyright =A9 2002 hcvanonymous.com website & newsletter by: Mark = Charbonneaux =20 =20 =20 =20 =20 =20 =20 =20 ------=_NextPart_001_000B_01C1E96A.89B12E20 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
<= /TR>

If you are=20 unable to view this email in HTML format, = cut and=20 paste the following URL into the address bar of = your web=20 browser.  http://www.hcvanonymous.com/publicmessage.html
=

 =20

You or someone you know has = Hepatitis=20 C.


In the United States, = almost every=20 person knows someone with HCV. It is=20 suspected that there are, at present, = more than=20 5 million people in the United States = who are=20 infected with Hepatitis C, and perhaps = as many=20 as 200 million around the world.

This=20 makes HCV one of the greatest public = health=20 threats faced in this century. = Without rapid=20 intervention to contain the spread of = the=20 disease, the death rate from hepatitis C = will=20 surpass that from AIDS in the next few = years and=20 will only get=20 = worse.


Click Cover To Read=20 = Story

 

Pamela Anderson Shows=20 Courage

<= IMG=20 alt=3D"Pamela Anderson"=20 = src=3D"http://www.hcvanonymous.com/images/pamela.jpg"=20 border=3D2>
Pamela = Anderson
Click=20 Picture To Read Story

Pamela's = Hepatitis=20 Bombshell

In a surprise announcement, = Pamela=20 Anderson said she was suffering from = hepatitis=20 C, and she blames the infection on = ex-husband=20 Tommy Lee.

 

About HCV=20 Anonymous

=

We at www.hcvanonymous.com=20 would like to welcome any interested = people=20 to join us in the fight against this=20 disease.=20 Information is power, and = together we can=20 make a difference. HCV=20 Anonymous is a public benefit = corporation and is=20 not organized for the private gain of = any=20 person.=20 HCV Anonymous is a group created = to=20 combine the strength of many members to = benefit=20 one and all.=20

Please, we ask that you become = involved=20 in any way that you can; feel free to = forward=20 this e-mail. You=20 are not obligated to donate = financially=20 to HCV Anonymous; there are no dues or=20 fees. = However,=20 our 501(c)(3) non-profit status = will be=20 finalized in the next few months, and we = have=20 modified the Twelve Traditions from = Alcoholics=20 Anonymous so that we may accept = contributions=20 and advertise.

We=20 have already started to research and = apply for a=20 number of grants and donations from = major=20 corporate sponsors. This = way we=20 will be able to build the World Service=20 Organization (WSO), publish and = distribute=20 literature, promote HCV Anonymous at = conventions=20 and workshops, and do public service=20 announcements.

Our primary aim for the = immediate future=20 is to bring together hepatitis support = groups,=20 patients, and organizations that serve = people=20 with hepatitis, to work towards the = common goal=20 of unity, education, support, and = spiritual=20 awareness.=20 By linking resources, we are = creating a=20 centralized community as well as a large = network=20 for support, unifying us, assisting us = to=20 confront, evaluate, and challenge and = change=20 thinking that impedes our progress and=20 well-being.

We will be offering FREE = Meeting Starter=20 Packs for already existing HCV meetings, = and for=20 new groups of interested people willing = to=20 follow the 12 Traditions of HCV = Anonymous. The = Meeting=20 Starter Packs will include HCV = Anonymous=20 Positive Attitudes Workbooks, = Meeting=20 Guidelines, Meeting Formats, Literature = Packs,=20 Newcomer Chips, and all Celebration=20 Tokens.

There is no authority = structure. HCV = Anonymous=20 is made up mainly of volunteers who seek = to work=20 together in many contexts. By = committing=20 ourselves to service and unity, we are = not=20 demanding spiritual or other personal=20 uniformity.=20 We meet on points of accord. Each = of us=20 believes that together we can make the = world a=20 better place to live for everyone = infected with=20 or affected by=20 = HCV.

 

A=20 few of the ways you can = help:


1. =20 Volunteer to help us promote HCV=20 Anonymous.
2.  We need=20 translators to translate our website = into=20 French, German, Italian,=20 Dutch,
     = Spanish,=20 Portuguese, Chinese, Japanese, Russian, = Korean,=20 etc. = This=20 way we can
     = serve=20 other countries and unite them with our=20 cause. 
3.  Volunteer to = host an=20 online open chat or 12-Step = meeting. (All = time=20 zones needed.)
4.  Become a = sponsor or=20 e-mail partner.
5.  Start an HCV = Anonymous meeting in your = area.
6. =20 Donate to HCV Anonymous if you = can.
7. =20 Join as a member of HCV Anonymous on our = website=20 or click here to subscribe=20 to
      newsletters.

 

 

Why a 12-Step program for=20 HCV?

=

There are many people with = hepatitis C=20 whose emotions and behavior are = destroying them;=20 this behavior is putting an unnecessary = burden=20 on many of their loved ones. They = may have=20 drinking, smoking, eating, fitness,=20 psychological, and sexual issues that = need to be=20 addressed.=20 They may have unresolved issues = regarding=20 treatment. Others may need to "come to = believe=20 that a power greater than themselves=20 exists."=20 They do not believe in God or a = Higher=20 Power, or their relationship with their = Higher=20 Power is faltering.

There are other = people who=20 need to learn how to assess all facets = of their=20 health (clean house), trust their Higher = Power,=20 and unload the guilt, shame, and = depression that=20 is holding them in bondage (whether they = are=20 aware of it or not).

  

There are others who have by = now=20 transformed the stumbling block of HCV = into a=20 stepping-stone. They have learned how to = live=20 happy, healthy, and normal lives. = Here, they can=20 use their experience, strength, and hope = to help=20 others. =20

It has been proven that 12-Step = programs=20 work.=20 There are over 300 different = 12-Step=20 programs. HCV=20 Anonymous Positive Attitudes is = tailored to=20 meet the needs of everyone infected with = or=20 affected by HCV.

This manuscript uses a = =93Higher Power of=20 your understanding=94 approach. This=20 non-religious approach hosts everyone = regardless=20 of race, creed, religion or lack of = religion, or=20 sexual orientation. Our = program=20 offers guidelines for a variety of = meeting=20 = formats.

Visit our = website and get=20 the second edition of our 12-Step Workbook = HCV=20 Anonymous Positive Attitudes PDF File = Version=20 FREE. You can=20 even print it out. =

 


This innovative ALL FREE = interactive=20 website will help you locate and meet = people who=20 have HCV. You=20 can upload or view photos, post = messages,=20 place or read personal ads, etc; get = support=20 from people with or affected by HCV; = join=20 on-line meetings and chats.  = We also=20 provide you with current = news.

We offer an excellent layout of = links to=20 hundreds of websites that will help you = find=20 everything you need, including = SSI/Disability,=20 alternative treatment, doctors = specializing in=20 HCV, free medication, help for = depression, and=20 much more. 

If you have a website, please = link to=20 ours, or have us link to yours; there is = strength in numbers! E-mail to info@hcvanonymous.com

This message was brought to you = by HCV=20 Anonymous.

Thank you for being part of our = vision.

HCV Anonymous=20 = Staff
 

Thank you for taking the time = to read=20 this message. This is an = unsolicited (bulk=20 e-mail) Public Service Announcement--not = an=20 unsolicited commercial e-mail.=20  

If=20 you feel you have received this e-mail = in error=20 or would like to be removed from our = e-mail list=20 please click here to=20 unsubscribe or e-mail=20 unsubscribe@hcvanonymous.com and put=20 =93UNSUBSCRIBE HCV=94 in the subject = line (all=20 capitals without quotation=20 marks).

This=20 unsolicited bulk e-mail meets = requirements of the=20 United States = Unsolicited Commercial=20 Electronic Mail Act of 2001=20 (H.R. 95)

This message is = being sent=20 to you in compliance with the proposed = Federal=20 legislation for commercial e-mail = (S.1618 -=20 SECTION 301).  Pursuant to Section = 301,=20 Paragraph (a)(2)(C) of S. 1618, further=20 transmissions to you by the sender of = this=20 e-mail may be stopped at no cost to you = by=20 submitting a request=20 to unsubscribe@hcvanonymous.com and = put=20 =93UNSUBSCRIBE HCV=94 in the subject = line (all=20 capitals without quotation marks).  = Furthermore, this message cannot be = considered=20 spam as long as we include sender = contact=20 information.

Copyright =A9=20 2002 hcvanonymous.com
website &=20 newsletter by: Mark=20 = Charbonneaux

<= /TD>
<= /TD>
=
------=_NextPart_001_000B_01C1E96A.89B12E20-- ------=_NextPart_000_000A_01C1E96A.89B12E20 Content-Type: image/gif; name="hcv_header.gif" Content-Transfer-Encoding: base64 Content-Location: http://www.hcvanonymous.com/images/hcv_header.gif R0lGODlhZgJQALMAAOfr5yMjI7e2qG6VgJ/FsMzOzXifiZG4ojIyMpWVlWqRfIWrlKzTvmZmZgAA AP///yH5BAAAAAAALAAAAABmAlAAAAT/8MlJC7sl6827/2AojmRpnmiqrmzrvnAsz3Rt3/jLZFTv T5mLcEgsGo/IpHLJbDqf0Kh0CiUQDous9sDFarWGsCHb7S6wYsNgrWi3B+GvfJEWz+d18uFq7fv/ fmVlX4J3gmZne1SLjI2Oj5CRkjs/PhaTmJmam5xPVoeCgKKjV151bGtwagMKa3Z6e6Wgs4dZdWKp ra1xiZ9do2WBoF+3Y4mFcrGdy8zNzo+VFM/T1NWYfV5bscK1YLyItrdsbuTl5Kp4r3fr2lztxKes 8vOuxsGftr2y7unt9/u0EHGxYq2gwYNOoj24hLChw2W+2BE61o3OFjoGzGnc6CZVsVfI/zDmkRiw ZEBvqNAN5HfMmzZSgAbBGuhrmEQ9BB/q3DnpB0OeQIMSKaVvSE2YMU3SRMr0j7tXuDzGO2cvFDZ+ H79h/ehvqSmtROmM68gLJSuyY35FxKhvFjelyZQJncuzAt27B8NuwSbyjFMvS9+aNKT0EFOsZ9/U MxYua1RXM0/eSUMGzMurLNk9rucv3C7G69TqLSyZUE68qKcVmJC6NTNRArcRYIA5lGxgNkkGPnwP 0ao4YVLmaqXqYyqpoEMPTrcqsWKt2bah+WaW6pjg5ZBHJR7cefaqw7KdCX3atXloEs6r9ySL0O4/ RpvC/Ec6uknBu0tW16i9+bnFlFUm0/9NEgUYF2bhRCYeRfhkxNGD1nVl2Cd65aGIUe7Itd6GSkjw E4d31WSVfLxNGNZ1jnGlIDhpjKVYcZuN1JktucQxnTnH/Qdgi8cdZ0dyFNGXWYHdLQYLPOq4F1Ja t+2jpHRffZfcYynaceEFtZUH4l0PbEmXiFDyQSJAAQkDD4wpImmcdxsh502RWcUl3nYc5QhhG2Vl 0eObWcxnX2kGBunSimXuYWh7/t2p6IOLCdddOWnNJsRRknq504eWNkSpiIBgid+ITdG0ZJX+Ncrm ouhg5GNz/ckoUo82ivpUotnBQSg8FonW3kx+xDfkj43lKaFXvvDBEo+LJsufkY0NB2H/pJxm2hCm 0nJyFW406ijGL5PqRegg08nDGDgL2ImquTqOhS5x6qJpWTir3pLOWa4oYgUdtcaa2ZVXBDvjtwcI YGh9Q6rKWXf6CqxwwLMKdyq7zpnbo7IUt5kWbf1qWO3G6iE4k3L5qbUBAwIHO+6xrBbXpwAEsFxy kT3G7OKLdsps882QtWSyzS/CDKuE8BrjMslEsbyDBrQdsOo4nAWzRxAWsCzegK/GzKitARNgwdY7 0Ca1zxND/LDYOI+9rIvrUrXAbPgMxPHbIXocK4W2nYiTIhy0fIC8BCbj19EW9CtSiq60ymO84sAK UtZ6m1wM4sEhXJXAgLnNNgYb6N3y/9EAZPAJivb41YcAGBy9Q+cWhAvjzZGzimOkGqDeOeoFtPxq 5NqpYrMaxj12ttkVv3Fx21rCbXwznO56GUvhwcvZGQIUAEADCDQQxKxA4mHIbAVQb33tGVKkWaBI WqTNeOXPZPQllPclRzEEBtw1+GwRIn0C1EcPdQbVk05QpVf5Aum6RjLMIQABUUuQmlRGDIN9ZwH6 q94BqTdBBCSAZAs63zoYI6zxFSl4IOxInzCmluOZMBJggs2hVNikmoABDs8jSOccEAAHKKBzJSPD 5v4nNed5BII7aEAAEIA6jP1vcwW0AuX+wTIleksPC8tgFxTGvQIIQH96w8IvGLYgQf9EkQssk94V d/CynGkNAApwgAMQSDsAPECNAugcUaZohl9k4IocEAANPafFYyyxi2DcirrCsAcA6FGNNQxADWlo Pa/NQkBcBIzonBjJSMIrhLWambLgYK97nPCTTNjUX1pIike+qTlWih4AEkDDNXaOAYLAHNIw+BUr nREBDmjAK7WmPw7MD0tSy9r82JdF6CGRmEsc2jClh4AAfM9rLdsaMsG4OahdwGVakx4No0cyi/Di jKys4Q0BQE5ybpN2scucyzSQRiLOrnMJGGcQACdNR1LzElZsHHaEFzBD1tCKVwwo6TzXMq2RsaDr xIDLpijL/XEtn6Z4WNju5Kb3qYH/on8DpUaNEJH3hMpEIiqQwQyQgAOcDpesdEAca0fFDZSTnHec I01O1wBXIo0Ds8tATrdWTZ36NAjYpKf0kFZQoUqPnA/ApTw9gE6iVTGdHXAjHHe5NxudUYhqVOlL AVDDlQ7hqDBFJznTqMutlpMh0hzqLAf6U6CiITFxIIAh1UiBlzo0BU5l61DPik4rvjWEaVOJV7IB P1VFaqOfTOGYjEXK5XwMJ9ybawAeUFNdzpOmCigA/g6YgCAQgEaQIR0AcGlZDcQzehRMADkTMMFe stN6rK2eau/avdR64LQCoN5QFdBMBGT2nZqVoG+j2oDM5vaAvz2qANLozMzWTixp/4njKtfYzACU UwJqjGr3JjgAsK62ugpQLUxZAdPYbbZ/fe0cBRvQ3cCBtl5xFEANH2BWnBqgAVekHgPsylrqOTeP DVDtesXovc4mDWbpipiz+MMkWgyLsN/IUqUQ2xowebRE3fiHEfeVGyxUcXq5fMAhh3pMGuISkbnE YVV/eIAM1NSdnUvqGrNawwZgdZEr1amJabjIspp3ka0MwFGPissTB0AAC6GxVmGaSBQHQK4vVWNN UQzj6QKZj/x4GhqHWABGUuCcL00pkAOw33I2E5Ew7rIDzGrkHr/0AeFs5Rq5KQCxvKGkcj3kBNxo V532tpXS7VyTFyleHihAkYNGwP8hs5rZbl4UkwzmIJOSggzHLBhaGSsehQsiStyA9CRTC5kpqwY7 cwpZAuJ8JefQLL0p87FcP7xlinUK4iHGsaY1zoAiy1rOrFoPjTQULzkPaT0RJ3KruPbtbw3ZTPy+ FNdINnaKX7pIRcOZhgc46yETEMd+/WZt9wsxtCcAR/rC1MSrEQAurXvWF0ePviKm4ZtxPVusBlqP zlxNAmpIRPDBqZ/ydUBdz2oBN05Z2dKj77pXeuZAUxaRqk3pnGvdub9Cuk2CJdgl0bJxPJ2BhKLb NDVkulgLu+V/GQrJgDajOEVYeQLtLKJOa0yBGna2jJDh3ou3WmQ30rfGPmfum73/DG9cw3t6iuSz oB0g7NG6cqsyVoC5f850CrCyym90JgWUOvQj4/CzOuTc1RXuSux6vZy45nOSq47UQyPA3MOeL7zV nICpN3OcSR1iBWzu13LxM89yRrENXdpbqI/46KS97r5PLYHCSyDgZNwb8JIllZSURTS0cOE+F3Ux kT8jeSWnW5kYi7I8GIPlu4MeM7XuoXPGDgDZve7dUze4LKiy8O+sad3J7YDVuBHfW50qUoHPe2GT ndcPLzStdQ/1uua2hsFXKeK1jtQ3avUS2ZAhsBvQehtit/fXtfm810gBsm5Vz0jdt8DfXH3rR3sC pKV9c2zvTycj8ntHrek4n01+/8XTte3kB39Vx3vR81mPdnERwiu18Q9kghHKMjyZNmGe9wihhy2O 0yIpUzaG8zg+AkQzlEvhFV5AF1ZcJX3wxnXPBWu2MhtOx2vkxHXwdk70pWZwl3XRNmzlhmpLhlRC 9HYnaEPl5WdAyH7Uo2Trh1TbNHX692Zd9UpcYFU6NXYSYG82qHbl9lJuB3dXt1VdZl0SMF1VVl+B l1UmBgCOBhmFhH59hk+j5Uzl5UbNxoXyZm775oMGB4Tw1lV95zsIeDYnIxuYl0FVM3lk8XFtcyUT GErFghQn9xf5ADY4QyowxDuHsyom1WpjSIbeBXtnR066J38eoWW4h3Zs932+F/9vk0Vt4IdUXbga prhV5sdnzCc7nsh0WyVxNoY/8oZUJYhkSIVSwXdk7DM1Z2R+5tZzXQV3/3SL00Zfsahc/+dGsWhW j7dIgyZloKgKADdfQSgEGhB16JR3UnddAVd9xgiHATCO38dNktcRC9aHGKcvlKZAEeWO9FIPsZaI UpBCtOEpZCKIkwGJaCIOlIh6MHJK8iI/0rNrd2RFBZBq1ZeD6GhZRGEjJzVEbwaDbtSEM0hXU3eF 9BVwrvgAyXhdL2Z3QPgTTrd/5KRIRAQE0ShVnZh3Luh+VLUXZdaDU9eFrnZdatR0IPZ25eR2cuiF bhROcGdWsNd7P0BO3cRigLf/ZkXkjcvnhpdQizWphmAIbzKmWnmoUlakJ/CISc9zDPgAXZVxgHWC hhJIKfrIUZ/SN6cUiRg4kKegItrDgWNwRiMGdUZ3dMvIZygFioQUMKsnlKTola/4e9yIhEd2dEj5 lbqEeN4ni0x3CdHUhiypZiOZZOyGhDsIYvIkk9LVNdwShf1HiokUaG3IfdVHWlqYmjh4hKjoe6ul AO8nTj1wWtlISPEFfYFjHyc1eGy4c0r4dNKYYkU3hOvob+LCC4czlh7xjkZyeuoQnctCJ/xkUm7p eWepDgAZFYdTkJa2ge3QB5OCPTWDNRKoUzLmguUUcLu3jvx3Q2GZD3jThu5E/2SVuZHSh4OfaU4h 9oU0N5TLKAHh5HAouD7do5xxZ4IKB30+2YkruVVNiGUzFW416XRNOJTZ9YUJ+mwYaVe7WE4FSnXi 9XCMtxB8h3MD8HGS9Up1Vj+zQZNfJ0Y2N3cQuVqp2ZXK6ADZRBuX4SfZAo9SwRwKBjqE+DqISEIz lViCIz4BGQ8bWCXD4mkXthbnWSyn85C2CDUm6qBVaGZumDT2cUsjmn+2CJpgpZUlqEhtkEibmEjF tW7w2WyBYwWY6EzSRZKMhD9AFn2sGYffyG+4aUQUUozICY2xN2RnVqcjqFPEVlbxJpXlJGYKcGM8 J2WZqkb9BksIA0E4umbPFf85qieaeSpdBweoyJmcyBeHjlmAjaEPi+UbqzCWawlDmgRYI9Sd1aKl eVmedkkqc+OksWCrkxYIsxpyQwEfZZZGljpPmLiKvSh7Q4glZXAB6tWqramK9yahvTZEZMhGLtWg KOZjOvWJLCUp8rWjBbBuELeLR3WhL2iV6bpILZY0YddqXPZVSHd9tHZmrcR9HQCv8Smh7rl4rcRG PGeNueRZYlEPXDBXvUdQT8pMs0ZrYxV4DIt2I1qL+2d9+WqAEXMyFYgV3PEouIqrnGRSBiGBr3Ei qESswXEkgyMjyhBA5jNJQzEduJJRRhQf/ehdnoI3rqiUGgtTBPRVSauUTvv/enxVgmLEbTO4PzCV ANx2VvNTTmYaTWKkSm0aXrYpVkFIa9IKU3jUTTvLguVFNGzFtd54tdy2Gh+SbldUX6WjXFjrXWC1 EAIwt7v0XkJDtN2SIVC2SwShscvVWW27iU5rVti6IOIJWaCHIFuknru6ssFDSG3pSV5SkQWpq4pj INuwYeijJsxhnTTLJ0/qj2biNkRVBgM0MuVqhnYFS1oEs7OEOVw4lQ11VMLXtkHLOSMTtDxVMsrg SzjlS0SAKZiZuJnTRxeStNIKOG4LvcWrOdJEcPPURE+VN/1oVMN4s1gzUKXTMGMQRvRElfX1E9aU t0ybp7qiK6WkK9i6ALmq/7JvoEMyyypQURZicC658KJrgwS+iheKNR00GyBUQxghcYEyUliJcBnh yylfMUlXsESSglZHYIZFcC2l48H4tF/dcjkE4b2r5nWXBRAwq0R01ERTYzRsg55L6ynY5L170ESU Q0Uz3DAZp0UjkmXCNATYBL0yR8SVk7hCUEczxTY47EPgIUm9oazmU7pOxTwB8UeChDWkVHK+kbID HDpYEXZ8EbFscjCeoSgTZQ6HZS3W8hQ7gnqLU7plfHn+YrPxA0jLkaxRaksBhCKiMyLhm557cySt +7zOylMlVGYXGjjtk3I5XExATC7+EExc9EVCPB7Se7qCYjJ+0zqfHCn+g/+8gVEEuys4aiETsmtJ VCIgeKA4gSy4YrwVQJIAc2DLZ5Iz9mJhJOLD8dhgylOPlHd5plAxNfM3+6BpmiJTtFyJORNyT3Sz qwscmBal/GvAG6ZhJQwqQhw+htEk2COlAnJEn3UFSTA6GJCp8yQ4p1c5mpwPF1F7DfwODaRBcgnB oAE6QHIdI4QhaLkXlzPIktJRzQwatGwWVjVh3kbAx8oncYDLBLnA+vsfSRIYkGzRhMW/pYCeKoQv wfNDgRwuOJI2GoFpweAIMBsFBF2R2kG5kYvPSUIYohAfLsS6WtIrWDK8oAtZNF0Rd7yl0ZwMWvrN e+A8faKxF+AbbJEWEzz/Eqa3rN6UK6ZQPzeLkJShzxJNKt6UOC9qAEDMiEUNM98kG3BpcoMQBm9A M/SyCwNZNomSI4lB0s9MJ2xpuu+1lloBzw3tID1zqxeHj5lLDm1MgZDQIB1YFM1a0Hxzz7SqsxYF FiVM0+WxgDT8na7iHjTspE+yFIQtS0ldMIz92Nmz2HgZJzCd1agNJK37wbLQIJRolp2SzRm0efao gQqGM7W9xrlN0s8CnWesyw6IFny8FlXhPJk00VeDNsNh0r0wchfdLOzZ01YNngAZFxtkpZid0iXc K9q93fvYaR91zR/M2q090OxMPh4EHOndQDGNz9MNnakt0eyJD+5yPn+S/xMLLTMZxRcOYtv+/d+4 TTMY947GLLp9zSNVgWFvQuAQo8boQNuCDbQoXQXWvNr+PFLEDGEps9jWHdpSNCdXXdU8O9NtCR/m rVg7ncdWQS5LokNQUt2hHeME4iqBYiCmLc3xbdrNXN9fAeA+/uNALjPPQSu7jRwxo7+8TTG2QqtY XB2morkKMNgTzh7264+KrbpTQj6JYyUPrBwxDtqL7CuF7McAFBEZ7tPxfBGV1hZogMd6IONwLuOg c8/6jLowfdo6DmGQU9ySI9bjmYFBHuh0ORVkUzYJphK2kNztEti78Fi/ATqfsdV+nWC1zYfp4nHc GYGZgB/vdZBqAt/oHf8kik0Sc4DmuWHP670SDFjTje0tTXyWsG3WcR4acgnjs/7pp+c+nvzTjvHe 4InfKA7HWb0j07k7gn7swC05g6iBr3N6z6kqIHSkoh7E920mHi3AHwQhgtXdRhFK3SyIfV7qExw0 b87YGn7P9LvRKPcncsIi9fPAglzW8wwKowTnBQPat57v+q7r/I7jAJyQLYR57t3JAjmsVFo4yA7k h37s6ULXck3gS+7TW0SkbH4jmXSPusM0BN55kuAxC16d+V43rs4nmw3jQ3LqlTERcDGk/1O4ts6s Ht/unBw/Mz/u6P7y+87YWC3pRDISK+Ft1OHvee5Cs02exBqJ6JLwSi//MzYiy36t2wKev08fx9uR cRIWUYye9MttiBnTpE1g1tjTQbWeIF7v8lOD6w92pv0IrBon7n5jFSB3NxwmGsZKyR1e8nXkHpwM kDhf87Se83AuwZ/+iFQKLW8l7aXs8n5jxkvv34S+8I3v6Vg/MQejlim7JhK1Iy7e5hhcStceQhz/ 9Qox+qRf+qZ/+qif+qq/+qzf+q7/+rAf+7I/+7Rf+7Z/+7if+7q/+7zf+77/+8Af/MI//MRf/MZ/ /Mif/Mq//Mzf/M7//NAf/dI//dRf/dZ//dif/dq//dzf/d6P+gcU/uI//uRf/uZ//uS/RjZ2QPkV YMUFUDywELwFW16J/7V/u0q4aUj4w20FBgFANNRSEiXRJkARMuApAPNDv6Is0VW6hA2ha/vGc33n ex93IBQTR6NA2igaS8XGCDIlKs4MSFnDyJbJy5IZW8kuykSU1q2kg15Fk+yk2DqTJa2h+OX1e36f tp4JyoDDmJnBmrC7WIx5k6qxiKkKofNqtNDYurCySBTSssMUUPqi6IrEEwJZLBntTCDzWE2YnQwT ywrJYhSL+wNyCBYeJi42PkY+jjzDgPmAXQrpyDSKyrqLbggqE5Aja9OVzRULG9+V0bJoQ0hud3+H j49fCRXajd7UkH7d8p3y4tBkUQgFwSoAVDSjjhdPN4oAxIbGzp8gCf8TBaMgT+NGjh0xFiho8GCh O2MgWojzBZomiVO4bCC5ZcIQSzKYHQrlpUaTlP36jblX5+A0ExNo0YkhgQ0GFuiqbFnVCQBMmKnY HWN31ePWYZHutNJVTiaVqZgyRTEqxQgRe9VSVeOSgZIIEyuO3AKlletevvK0IjChLaFMV24yIigU 0xIcXz1PMVULBuRBnmUekSoZ44LBOiI5zMCcsYjevqVNI+uQcgqoOSA0eV100hGcIQW0PeRw50Tk ktKGLozECFJufheGDtUcLVMTO7VtQzoHQlxJS9RgtmqTO6dDYaRPI1vNVIVtBQ/KRqMzxDyTfRoO qkGQ4Wp8T2tz04L/JeCBebu6/Nn4LkABUcJoBEJsGkynCuSKaR+TCslKwU4GUYQSnBYMxKVozJiI s/kWcgLAGgQk8TT6ONDQpXSycO+JRzDSZREM8dOqAymYyisNr2qKRQaB/mvrwjRGFAqx3Zi4LyoQ SzCvkmhIIWmK5fyrx4P9lCooq768667CEvJbgZGiHkwpzC2U0m+DB25E0YuKslrQqvj0GSFMLjnS 0pg8NdJyz3b8LAbQYzwQDD/CqoBpkB3RwAaTQ5Bk6bHaQlAKkjAxKrI7I/jbQFPg+rliDRThpMgd QbsLgs9UA13Vo1MFAaAnLzOZkYowBKvNMXRcQ2wuiHB67YkVHkik/1GdPDQOuVJQmmKnX0eYajha ZmFqFShxAcOV6Xb5sYNKK+ILsWwhaoISM/HZdFeyKEiTgxVECYGdzzog9gIY7jqsDgxEce00/fZ7 4DaDRtiPHlPLADjh9dppIOGQhgEM4AL+/ADO6pAyjCEuCAZYAgqFQUXMhAGiReLQ2DiMBgWOSLis 7jCwShRtygO4G0U4vrPAmvX617yciYm44L96XpPPTROeDL4ESCiFlZptXIJjDkWw+Y5RjFR45IqE YjHaOeQ6I518l2A56yZh2RddQ6tR+BmSz20jv6KINioMqW9cEQ7vfjZVk3I3sWYxUuqSZMNu8Klg 5QlWSaSLLu6S6/9LRso4D5AJRTMN4f0EDqJsg9tZ2myh/9SaGJo3ZzjaUGBGaaxYQJDObIk6cW3y spHwouypcqFFgtU5zjpWwfyGJdQKWhasAoJjBb3jv8pOIJ6gfR7m9onjOdpspQzyAG2ndJMYUs8L kLLFISpGQHShR3prEyeX2doNhchWfz2oM7MaHeCDf05H3iXJQMIOZzWFXecQsanHX94xnzXgwQGW gQsvnhGU4GRgVIboBRsmghLKSQZH0+IHehTyOeiQYiu600sDOLaZP90ua9drR8KiBzGOkS9QWikD BaD0iApGhTHRCJ5arPaB+jgBeFMRyAqtxojGWKl+gQERRLISuvD/2UFiIzqGAjgmMCraEB5UXBhG FCYA7O0viPLigNg6IcDK0M0Vi2IKBVyoMDwM4RojsUkDmZUYCmGhfsQqFx4c5ziiie48NYGWbdhw OwngQYUKY9yK3uUuMrbKVMMhmRYGaQqvLahYzMofQkC5Lzv8CxdNgoGPxgEDzfTuIkUIhxO4wrFK CuN0AeNcFgU4kVIlY3q1DAYY95ZHxGjgUaT40WMchAHtxWYaj0BOIQO2DaTRBmzBBJ4i57g9jIQo cYUUHmIAFr1XTe822culL4nGvGAUEoYUE+CZWuZAZjjGeokimpn0uAVBIo04kZofinDTiR5Nsgsr Q5pAYuSTymQC/4xNYpLDpuGa1ojNhURswhHtMrmxRA0ACvSlHIgzlCMcLi9lUKQlFvSc1iHOf+Bz yggmgAviLEIg+agF2uJwmoaNkxhE6+WgOpZOeAgQYkYNlPBScQq/6SIUTTiXvTrWMS2ISiYljU/W Kqk5AGAmbAhaJz0fajPoqKanCtMh9OAj1P10wwE9myE8znql20yvrfC4Hee0GE+XJId+V7qM5pqE IBrV83a++Q1CMNU+/TmJlPYBoyKHxCz/efKRHTOmYNdUPh1q0m5tMxdoY0KTCQHFIL580w2uIE6k 6OQJOXlE9yDBnGkc5jrPqAsRxVaBMJEjBZSIhUw39AEHuqq4YP/kXFbXB8+74omWw+jZR43RrlLq AqqIgoaiIlVDJ5aFfcHplzTXRK+C2Sg2K3Hi2a5y2StdrZRRNZvNtpgnLnVReaOLx0MfEBL9AhM1 u+yK1BwKDSfErYbUEWw4hzAIfJYMsG9AkII8mQjSmlcuxQrHYbEoqj6VkplU9Y9gqzYWXgyrbTAx Ywh4pY7aesWSfxJpVpDJw5XcDxsTWdkGLKjHksGuHB44jxIYfD/8TMsuTbFaJDeKOXgYSQrBuJ1e phfXZNySqEWtGcgcpif91PRa11LxLDQB5Jrp7qpEgOWT7VozEYugRTbJXlkkGE+U9coLZtxc+uiK uaAWYYv/Ymf/k81IzhS/I8rEYC81fjWQGupYBjWskIpHUeTDnoKYC7GH40prCumcYiRSeyXEgpoG 4KkrgFVkApMGTN6WbWCOSNBumJJVVZGAxyGUVVba3pVYC/5DKMoJoI57x6Q3GqkScsmMLW6B0YVY aRUt+N7eavAvLwYBz2a7MjGoKF3n+jQYNcRKms4LBji0wkwDoYLETt2kBUtnWQ7mn0QhNIUkdoyH LSi1hC3x16xdIMupGpJ3pOZt7LWXYGQ8q+dMRUsp0+0LN0W27tARA6TFiAoMesELZTscnogLgZ1I khM61Tl7d6bJ1ZT1ute0Q3Plg6ugvvakHeqf17yYVUBDRCyS/wBnRhlHKDwZs4HopWP1dJoGg9CF x6ThgZkSsRwrcQ90WuDjE6hA0iZoby7n+ke+kbytXUeGwh9YumBqoyaQsYD9ErXIezkUxLd7UIys +2ESZHOoEraUAFmhyGxODgPD0V3Fx/kLABVDmtVeILUvKwWWaeDfyZhrLhGQVzj2At4ec6TE4/aY CS5OfeQLD69I8ZsFZcQrPyoCUjVyS0FCqdTDFnkk9DfVK9WQu+fl52sYKL1Pxah2k+nAUqkiL/z0 miBWoxcMGGKb4it9Uq+gy6MYs7RqFxNaTkdB3YnIZGGIN75dzx6VNxJdaxPc2jCpECNqIbZyEfHi K+St3nNnTP9JYlZ0GlDCNpRACqLBhGsdOw8p4aHjGSfvSx41UIasyTasOLjJK689ezxkECag0R2d CqH2oyqRk5rggKpvsIRrayvzSoxcMLsQSQ2QeSwhGCqOAKpVUYWKi5KbKgrPqaHGWzdjYogVsZDk WqDPcJxzoahiibq+mg6hYzraCUJHExdMQJJ7OJesaJHOWIZe+ZCBmAuJSAaiIY692g/xS0CAWcA/ Ib/oSiGKYrHSug7rqB2FqIK7ISDAMhQWqBYRCB88U7FHqBYNMLPEyYroipXwiJAtcJ5bSpgNyxm7 8kJ3CB3mYZkPKJixe8R28BzSmB7hqQlVopQrEpf08jEd65//HoqoIMqWySGI4eBDTZmPbQO7YgA3 iGEvJPoC4GKR8Nk2gtGA5VGxVEsHO4KfOyENWVmbaXAkHLAnJAKBlbo4FqgrXkIVTJqsq0gWGonD j8KQVVygVgSZLXqHbQvDdiBDGUK0DwgIkhG5lTifP6S3XRi4ExAgiiowTRIxLhwjpgK2OKsTmahB IfGMbVMCMwK9EekzYZhEPgE0GpijglBFXyob/yq/r8s0akGHhOoNqrqDctm1XsEWUrgoNPyhXtOR DgmUnnkn6XkuRGs1s6iCqGO1meKf9HIKJlIMFjqtkGqUgyoEKCEeLWC6m9KXd6QKzFgZ2OmqTkGM kOjFEjg6/yeZE6ATiBIYnsLriLkSv4R0B5G0xulCmivStnp5DhZxn2fxrmsoiVfTnuQBukGAu7SD JGB5hfuqvf6BN/PwnYcorhrwnLhkM39QSIB5mIJrLndiB/vypRWqNUjswgnBlrDIwFk0mavCQ7HU IFYrGN5JiZUIhMLUk4Xsti4sBjBKAmtJDI20t/QqGJU7D3rUrgywOay4g5soHAuokyPwGK6cNMCR Alm4CzgAMk7DjC6DJU7igDyzoLWgOSOIjAx5D64QLNIYyBbamRMSHcEYsQ2hih9rnFngPyQQzT+a zPTDqbuhQ3/6hUxxwPJag0cDseHxQHlqK4pDqzdJrZnEJv8w3AgqKpQCCiatBA+OMcrDATW0iYxe WKf+WDcV0LSrGsLiaJvM4pUEMrnUMT+SpE8aGqrVGDMc+c8jUoEa4j9cuKnrOK1DXJ3pqw7pswJS 9Bq/cwKnRAnSUgwLCExBwjrh2bU48I052ITMs7purMpCpFDONBXNvKEviq+PMAWVQLdcMKYV2KFg oRyqsgusyzroEwMVOzBBlKGdoJIpgLSK0Cyb2ZqcwIQKbcg984UQBZd2ch4+sUVobJmrOB3ECxTo gZEvRY+Oir9qytPJrNLrkIth7I01ykC5o6cNkytwvLlkIMzqKR0i+5LaCB9vaRnpcMNQuhxFWE2g 4RqZ8In/6jA7IlIBYuGnZoi6Y9y3yfOdGRjOhemA1TiDsmhQ+ogQBEkmmbpKoOnSbJxQhpmnG4BR Is2a+disJdQQ5cCbDIKaVrq83qLUmpmLFUMJOosavdshhWiGiqsCpGGg91jCy0ueyFIZJElTvVjI Wz2rWpordF3TLMxSeZxMpvgbHdqElqEDd3rWl8QMkAiHECigEkUDRDuWZIis/xgCdwAeqzisl/kM moOeMZ1UqXpXkauElSgCNNUTU3yNakU7lJI1FBMLSMkGXuSGoRDHfkCjJrQZNlSLzKODY+wV8ZjL jdCz/ejLt/JRd2Cv+1tF/XqYhrmRQsisctQCmlipoc2C//PBrJ2DWBLo08aQTAtJsBULMcfhTkVy Ju04CKtkiF2SosJcr0WVnp4RmLMKtITjm60THR3bncd4l4e6NrdBTP+LM/Mwm2E8DkosG74hxCLl 1bYZo79YgmDgxaclCsySCw5Nh+JEoEz1DJL50Abro+6RGfyBBV9VHqs1BVdjvvxQwgeyjX1ACHGB hMBAVU1YDbpAs/wiOyjTTwitH4aUQEj6i0YqBOyiv5hIG6jJqrKIrjAIkyaQyNELBZXbKHFqrxpD vlcgy4J5i19b3CmzAXkUIkoESMOcJr9o3YTritYNuyeaiUnAJ6XQr/hypmEjA/D5owywCsh7TvZ9 okQshv/l3SygAQSyaLVrPV6HFVUR9JsJeRhfFFOW+Ar6E0IZeDajuM7FqLNi2hVMKJdlCI4mupdD SoqUCplJsMipu8zmuRIpgz9gVZ+arbL3zMYMmpYxYDAHMVowOA/wtBsJ2EDG+BvNGhP8ZSVk46V9 ES99UDRySYlbgiYgWpjqFYk8aUF5ONejCiMx6uB3IM3j5R2xQSkdq1qLy48IW9q0NVkOLhrnVB9u E8PvAw9QWicfORrdwl+mwVEqKF8y+pnEgogq7QU7aFulqLOGYSl9QZHcJaVFEF/iKoGM6rRXyDH6 QDoErivakWO64A930xPFckU34T3tCFjsURCZFF0WMwn/qMgsmjMUm5qWO2SRVmCiEn0mK3W/E366 d0xZQ3AkI6vX9dObFGGFYgnE/8gUr4XkSX5QbgXYB/2TtRtVbBlVoBjLF6CEuvBdFTgJ2mklLeph O+gbYPYl19IOjcA08OOhe4VaDW4GK6U/4uItE8QAixU1bh2K2RihNIoBHYqWpZEAxlE0bXE1UICG I/iwR3M0rOWl+6kN3oCYYTsyBhm9EjHo6jkcutyRCEaXHyla/pOOFdGtuVHcxAzCOQ7leE1nldy3 baiE0wVKMU2WCMGJcyYVSCC8g+YLG6EMIQpU3sobqpDpJToKFpAOfRgFZBMlaDBUlfZpcGkd3HyB TNCP/wliEUykBMLABtWkyZ0ox/JVDSfzljgIHbdShQPRDB9ZuvpIB4e6seD7h2Ja2DGYomNcAx74 6bSmBRBZJqUmwUWR6OVgD6glG2X+XtBUlHa5mrFQX9hqiH4AhPNFBE3zVdp6lMIWEX/gvrTuiMn7 pEiYBdfIlU+wlVjmhZRMCgPFkT4CBsZm7PcgCgMeE+s6FEdQlHLZQWjagftIlE5GbeVQm6VySIOc phx6Vf6ooO0TArK53bTxObuhsDs8aUvLNj8w7uP2Ayh6A4ssMN+1CyE7UU0SLgaGPUkQD996CSbM sScAiN6yVpA9mfMUg/E8LzkpPcqYF//ZP+Rm7/bGAXvJXb5bIFC0ObeigCr6w4vLZlpZkIZJKhL3 BvAAd4jEkYpU8lh8+l2zSA50SwfudPAHh/AIl/AJp/AKt/ALx/AM1/AN5/AO9/APB/EQF/ERJ/ES N/ETR/EUV/EVZ/EWd/EXh/EYl/EZp/Eat/Ebx/Ec1/Ed5/Ee93EJjwAAOw== ------=_NextPart_000_000A_01C1E96A.89B12E20 Content-Type: image/jpeg; name="newsweek.jpg" Content-Transfer-Encoding: base64 Content-Location: http://www.hcvanonymous.com/images/newsweek.jpg /9j/4AAQSkZJRgABAgAAZABkAAD/7AARRHVja3kAAQAEAAAACgAA/+4AIUFkb2JlAGTAAAAAAQMA EAMCAwYAAAUGAAAJyQAAFeP/2wCEABQQEBkSGScXFycyJh8mMi4mJiYmLj41NTU1NT5EQUFBQUFB REREREREREREREREREREREREREREREREREREREQBFRkZIBwgJhgYJjYmICY2RDYrKzZERERCNUJE RERERERERERERERERERERERERERERERERERERERERERERERERP/CABEIAMUAhgMBIgACEQEDEQH/ xADFAAABBQEBAAAAAAAAAAAAAAAAAgMEBQYBBwEAAwEBAQAAAAAAAAAAAAAAAAECAwQFEAACAgIB AgUDBAMBAAAAAAABAgMEABEFEhMQIRQ0BiAVJTFBIjUyMyQWEQABAwMBBAYGCAYCAwEAAAABABEC IRIDMUFRYXGBkSIyEwTwobFCorIQwdHhUtIjMyBicpJDFPGCc5OzFRIAAQMCBAUBCAMAAAAAAAAA AQARITECECBBEvBRYYEicTCRobEyQgMz0eHx/9oADAMBAAIRAxEAAADTMQ63Pt1ysa0G2MZPcWaI FdOuyXilONkrEaqspwFYAAAARq6vgTvoTNcJ0c3H8a10fMOJ6F7Pxk760xPan0EwATvzAca9AEgs ZVaO/jtwDG8qk8vzVdV5efbqm6BjTJozHNSkjMuXkhVm0bShDVDZt5lPb0kPD1dZzJrrPSvY5aeh l5J4d5LyCx6pOUfFomqBUzfULLaWvA6fPyLbmlVZSHt65rLc0z6eTXoZgZh/SSR41elSOqmS38+i rprvN6Y78B45HR51lVqX8fIZqWIMQLCdnG1dlYZ2O4vp9BHmtAumrCtLjLitvPfAKcjVWtUrX1sV kmMoBDqhOrlPYbw41o1SjtOgm2JUK59COGnPkqq3q525xQVzinAbtEWHPpNjSqva24MxnTFyA7Gm X4j6Et+BeOVrbKtjrEL4NMyMCdsqK2zJsJxvoG+RxY8jOIea+9Tnr6ABeOXgT14ehFXYRoqpZmK1 xrrWPKeYgaKitPtac6m+vSxiXGWnoIF4Z+Yiu5+96KqP2ZN8YVklIXJjWI4/WvnecjPBzhZlVPJs Rr0ACsM9CkV+Pc2l1nTnTMZZnRwSzWcyF0c9Wl6blsobrUEJWXoR0rBuuBWKBNngOQBo4AHQR3gM FAF8AL//2gAIAQIAAQUALaPXgYnCxB68Db+g6zywaGHWArgAGbzfgCThJzb5/I5ts6nwM2MzDw3r OrOo4GwNrOo51nGViPrSM71v6N5vxU7wnXjrwJ8i+2HVm20N68d6yRjiaC7OBcG94f1z92GySvTr RJGee8dguAORsrhHUEbyJ8v0wb3gHVKuir60M6QS29eW/AjRVwB/kPA+WLh8Dn7fX//aAAgBAwAB BQCOEOgrA48CqEhRl9MNSRBB4hX0TJjF2wGTG7mMzNnSc0fB1VAiRtnarYq11wrXOdqscaGEGKGK QZ0BwK4UGupxodh4QzGuu2jAZCIzm/IHN5vPLQOsZwqhz4ftreBSS0ZHgd4d9IBJz9gwxG6SQSRH sFBrpXZ6fAKdEYF3ipo+YBOFhs/piEhT54h6RE2ElmJ2NHB/jketEKR0A4B0F8P662W1rE0Ed/5K 23cjWyMBG/MggjwA0rK2x/DCQMOjigHGYa6vPxP0Hx//2gAIAQEAAQUA5G+tFKXK+odZkYdY2sit nWu7/K+mkj5yJ87yYWCgSKcBB+r5CemXkrQ6poF7zztMnR2l42miHlVjllVvVyyBZFihFuewvomq ARL9NyrHaReLijSHjo4AnFxxovEwxrBVEYu8bBaMnGRy4/EwOy0VEkvHSyWKqEfVy/LWq1n7/eOH neQGff8Akc+/8hn/AKDkc/8AQcjg5nkmEvLXuo81yQU87yJwc9yIz7/yOff+Rz7/AMjn/oOQB35c 1A8l96NhMfjrOemlz00uellyOrJsp5yRsc7ExDVJARVlz0su2oylnpSx4a0mhIezenavyFqstqOS 1NDUj4SQqnAzNi8E74vByOp4JuocDIQeEftvwUwyXhZFWpxj2USlLQsclQa7PZgNeRfb8hC89+9P JVkvyKILrEH1TJaQx15bO4JQq2W4tl6o1ikStZRrELyiSOaN6U9luxLfhNjtJpfb8pZ7F6XlHmU8 g3bi5eSFTdBduTZpDyJMg5mYCK72WTkmRxbCvLy0s61rBGN3JDOWgavY6I19v8g/sG4ez6YcPaat H0hCd5rN6yGGSdzx9hJpuGtwypx1h7FqCWhlCsFSSM2cm4axGgnEca+3+Qf2ENdrXES1nq8RH8fp 1o6/xqNrSfGa0kVTg6kdSvwtfj73LLX9YkMcd6zDXblJ+GW/daOGKD4/t46fNRR12lkdV/0fIP7B ZGi4aOVpOI5aQRmsZDd4SvLCyUY6dS+P+3l1Y8vYH5Zw33xu7FauQ1rdf46pjh4jil0rFQvt/kH9 geZsmuOZtCvU+RXK8fx+81ieXnbjyLy9qpDZ56zOLHyO5OJOZtSzzc9clMPPWksX+VsW4avITU5L fyK5ZjSv3Yl9v8g/sBmhgUYyg5Vk7YdicB/lTQTTx0SXq1WjWxXPXDSeyFhE+XanpyqSIq+3+Qf2 AOb8PLAx08XRldowYaC13lZkFiJi3aRYjYkYVTHChurJE7noX2/P/wBgMIwDB/HFXZEUmVf+lYuM MkMzmvkpZFk6dTWO9E0LhlqdKP8A4r7fnhu+U1gwqQE3kcXXkEphljd4m+4vKkrqcV+wXDT5JM8A 6iM7gUTR9Kr7fnvfh/I5+wHViWO0sdZZj1t3rr6T1BQzF3ya200jFCd6xB1ZNEY1X2/Of2CxM+Lr PLIkZslbI0EjGWNZGH8YI42jLhJLNjvsCWMqMhhkXc5jIX/Rzo1dhQuPQMWn48OtmEI5XedJykgi jSTeSLH0uM3jKrKGwQkI3+K+350M12rXUmxGI2kO0RkR5Yi0ZihMFDkEhjmkRAHCCd1dkKliCrV1 QM9k9yQg4vt+QDfdBaVYy3TkkvWJQipXBmUjCCmV5FhlnlHbCgGvVEyxN2mmkMjBiA3mq+35At6u VtFnWPDG02S9StWjDl2G6VYXZLMMDEHeMcqTdqSKIvlKQVjeeOSVlIVfb8qYo7xmEAkm6h39Kzhl ijiMdqtJVevZMBknjVcHniR7KTKEd94+3IcFV9v8hH/YgNl5q4Roq7yGxGkUndIM1l5j1Z151YHy JvINhl6sdiuLtsX/AEXvRdSeh6j6LI/Sb/HZ+Nz8bn43PxmfjM/GZ+Nw/bc/G5+MxPtux09v/9oA CAECAgY/AD0VEzYUzxnKhUTsvpVE7QumBgqhVFQqioUy3aGfYbzKY09hCc5XXhqtzVXyCa7vlpOi DGUX+lRQy/N1OUCqe+31QjumxdC6nRAXJnZMYehU4Ti/JPg68arrjuNNU4hRkbJp7D//2gAIAQMC Bj8AtDeVz+XKWQIur050RuN/pH9q0kaT7j8EbjfArHoefVC4XOLqZGFzCrSi5M1XkSUADdFKpriW QBEWwMn4tz7bgC7+/RG78pNssGLv8F+w8dkwvPHZfsPLiF+w8dkbReTeNOAmci5pHAw/E91u0WsQ ayJQa+0sTrofRBr7W2zOuiDX27gJueXdyrrrfyWyzT93P5rxvtYgO5/ivdHaQQ7gz/i2g8DMMPH0 U154DDbqpwlMeyjAKi3KU5qEwdRPNbvhgCnULmyJu1XXlhHE4AhOjdqrioRmcDhbybJvtrjHEjAO pQUdk3NSHCgMERxXAW9AR7lIXl9Sg5C2Gq+5a5//2gAIAQEBBj8AE5AyMjbGI2lTxZIHHOGsSXVw kG5pnquyQVa4fVkMOPGcmS28h2YBYuyf1abKVaqAcOdE5LBOCE4/i8tI90TL9cfvWXHjiHLGeQbQ 4osuHCGj4VzDfFj6c0cwP7WGGN+JLHrDqRjbASwjsCVxOna6fUsXmATdZUbyX40ATwkYeYhC59hj uXl55Yg3SMZcQCF5mcx2oGEcf8oc6dQWQZXfwYSfjbCp36uyyYIORkhAR2OXH3qOGOkAI9X8VmWN w1UsUIARl3tSSiMcBG6ki5JbpRxwgBGTXal25lSjGAFwaRc6btaIRAYRDAf8oSyQcja5HsUYygLY UjEOG6lfLGPWBTkVLLaL5ARJroGoztsChkymHh45XRZ3I1AZOf4p48U2iLWFoOwcF3/gj9i/c+CP 5V+58Efyr9z4I/lX7nwR/Kv3D/ZH8ql+pUNSyG3/AKoRx5aOXNkNP7dyEvENXYWQdt/dVch/sj+V UyH/ANcfyr9w/wBkfyr9w/2R/Kv3D/ZD8qrl+CP2fRkOMEk26f0hPOBiONFTHMjfatPWF3fWF3fW F2gw3ui9RuVNzMNnBWaA8VQP1Lu+taK3GL+SAlAgnfRCmh3oy4KWSLEi3XjEBHFPQ6Hcd6llnEeJ E2tVu83rUTknGEpaRKN0oxILaP0otkjQtp96uhOJ1Gm6iEBljczkNUetP4kW5FeL4kWa7T70LZRk 56hvRljnHIY96I1+uq8UyEMf4pLFMEShKQjcP5kBGQjbAa8SVLESCY7QjyUscA8jb6ohQzf4Wtyd JoVeawfHLouCxyhi8U3UL93joVDFlEQZxPdk/LYOK8GOuUzydNHWHyvlmErpZe1pt3dPUpRy4zGc QBfvf8Mwx9iz+TkbhGUmfbE6+nFT8kNIRjA8pBZMEWAxxhGI9vVQLIMeGMAJOZyk1/HulAxiJi39 t9W1CxzlCMYvimIiTyAEgaC0bOKE4kGAgROQ3FSMS40g+vHqR5KcoytmG+UKzJluidhZeEcn6f4a MrIZmj0H2rxTkebvc9XQynL240EnC8bxf1PxUdEePQ8vsV+PJbLe6lkjlaUu8XFV4gyNN3uerlWT zPHaKD2Mj4U6RIlKMT0OogVB7u7q9HU4ggxls9OayQFZEUNUeSzco/IF/ttHwrb+9VuTL/bAj4Qi Z96tuujKRIJlpH+AYsUTKctAOvao+XyQsyTa0SO+mx9yjgMBKcgZAQk9BzZDyhjblIe2R4PqHR8t la4tMtWlUZEHZKVfUh5fBFpS78TWzi+727kZ5SLYj3TrHjQdKlGIaU9Z7g+ldiPJZuUfkChhg108 MYh9NFPBkYyhhnEtpoVjHnZy8XKREAFhcdgbqc/WsuDLOdsBCeMxYEiV2tDo3BTjjyGWaJlG56CW yJHU+3ko+c89OTSEZdkkCN7NpUmtVjmMku1d4UTXtMbgS2lpposRM5DzJOOMQPw3ntaEPrr1KAy5 pzy2S8OMhFiPe7sBpTaoHHlnHzJpKIAYR8OVQ8SN206qZzTkYY4QH8xJc6szcqoea8qTbI22y21b bUVWTLIuTO0PrbEUB6ys8PMzkZylkMQ0jQ8dAHdRjKpiPWjyWblH5AozgTGQwxII10XiZCZE4iZE 6rDPwBml4gjGrWE6S0KyeLGMT4WKkZXe9k/lj7F5o5QRdnnKL7RvHBR81gxDNnlZKMpRua+T0GwR fYvJ/wBWX/5leWkO6PD5d6X3LB/4sntUSQbbaFqdwrNng0sYhAThV3AJca7DptX/AOhii0muEgGM huI2+jKeOTXCb04xH3rN/uYgf1JWnJEHs8OCuBY8EeSy8o/IF/qEx8O2zu1bmv8AUBj4Vph3aseL oYgYyEaAziXboI9az5/MzDkYwHoKXUA3LL5aBiYX5IifvW3Fqu2mhZDysJAxj2Lm7URuBdqbKKEZ kRMD4kZCJckabdDtpVCMvDAEoz7MT7pcayO0KHmZGPiYwRFo0Y6gh6qEonH2QcvZiadli7y2PwRz SlHtCMZiyjB2LOC9d6E5djCS8YikpMaE10fcvFwSqaESDgjj9uqOKVkIyDSsBBbpJU5xNcdSP5f+ UeSzco/IPpd1UOjaQCQyfenUYaO/Tv8AU6yQOgiWlqBIGNH0+5TOVnkI4xEFz2pAnlQetSsqNddP SiGfzEiIks51tGwbnNANgc6LJli0Yg03V0CiA5uDozBtcGPXqjyWblH5B/BxVuwqMgQRKvUrZ1hN gZfhOwjl6whlMibS8X7LEbT9SYO0gBIDj9rKJxDS3HwkaUFKkV6FPG9859+TMIiPu/bxZEY+1a85 bo7H9NqEpi5nnbLQNoW2y3PSuil4sTLMT2ZvoN3t5rrR5LLyj8g+in0aOm0QlESAekmOo4oZZQiM gkY3ilzDVtHfaehD/ZNrFxIe8+0jY2zYoyEpStkYUjWIltf8TbNiGKMZeLjlK0O/hx5D3jtKsxkg NeXp2hsCOHDC2MiC2MVPM7dEQWca1RyZJxiNAHeR6Ah0/UjyWXlH5B9L7NES/BB3AdjuXhgC4n3Z CL7nJICMibjWUnq++vsCcgxMCKNoNki+3cFOELpSGQeGHNCdZS4+xSAJGTIGyXe7qTXdxRxwMaSf 6teJDtxRxPR7gIycVTdae0E8Q6FQXD9niyPJZeUfkCY/RVMGClEaFgUDPJEReoj2j9SiA8ZSPdnR uaqZC43RFRc3vSGrfhAUZxyAyrKTjR6cHpVtmqnhjGJtLn3jxY7t/LVCWYHta+z1bH2p98ZNrTUD 7+J+hjtTEjboUeSy8o/IESNBUqtR9BMQC29bG2MhdIRD1J+xDIf63f2FMC5IdyXZ9r+nUst7GQLR upsqfs2IZIDsg0Y6sqCwFuzx3qp2da7Wq7YcJ4BhWnoUeSynb2flCYalAQ0IBdQjjIBHfl9nrUjE NC4iD7h9InkAMh3QaiMZe9L1mI6USCLARHcSWeg6OhGZDkNbuY68U5GujJ0JQNfeifqTEm3crx1b W38kOn6keSysKC1z/wBQozMbQW5PvTE0NQykxps3n04q7KLox0j6etHzGSQeRpEemgV9zZBs3nko 4ZxlK2RlGMPflLR/YhggXMRZ2dHPePXpwVsv+USAgJ6FEDYUJ5HtBqBr0InF2YE0iU4DVKPJZGcD s3HhYEcQ26lEs5cMPYx1RxxZhWtFtu2bkYuWAu4U3/Q6jkkLhA3W7zs6HUHAvkLpciT6BAbT6nRk SzEONrHahkjUguHV1XKI3odKPJZReGNrRMtKCvBMSDtp6V/pTSkGbZvQt72g47ulGE6EFiEbpWBt S/1JnBbaETkJEIi6Ta8AiMMbbXapL9f0ue6QYyHA/Zqg20spxkCLgIXDUAH61KUAQCzP6bUHDO6P JZZZCTKQiLQP5RUlXM5Og3fegGAIJc70ANQXQFvaHvb14dfFkQzcVZkZ9aaIjZIMV2SZSPq+lwQj BtTqnk5O9Ou1WRNCjyUzt7PyhCEWiSwCl+EDs8VSL70bC8dY8inGoV2Q3HSq0HUtB1LQdS0HUibQ 29OwZN1piyoKDcjyR8bw79t1r+tfp23bLWVbfUv02fgyrZ8K9z4V7nwr3PhX+P4V/j+Ff4/hXufC q2P/ANV/j+Ff4/hX+P4Udy//2Q== ------=_NextPart_000_000A_01C1E96A.89B12E20 Content-Type: image/jpeg; name="pamela.jpg" Content-Transfer-Encoding: base64 Content-Location: http://www.hcvanonymous.com/images/pamela.jpg /9j/4AAQSkZJRgABAgAAZABkAAD/7AARRHVja3kAAQAEAAAAHgAA/+4AIUFkb2JlAGTAAAAAAQMA EAMCAwYAAASDAAAISAAAFk3/2wCEABALCwsMCxAMDBAXDw0PFxsUEBAUGx8XFxcXFx8eFxoaGhoX Hh4jJSclIx4vLzMzLy9AQEBAQEBAQEBAQEBAQEABEQ8PERMRFRISFRQRFBEUGhQWFhQaJhoaHBoa JjAjHh4eHiMwKy4nJycuKzU1MDA1NUBAP0BAQEBAQEBAQEBAQP/CABEIAJgAggMBIgACEQEDEQH/ xAC6AAACAwEBAQAAAAAAAAAAAAAEBQADBgIBBwEAAgMBAQAAAAAAAAAAAAAAAgMAAQQFBhAAAgID AAEEAgIDAQAAAAAAAQIDBAARBRIQITETFAZBIjIjFTQRAAIBAgQDBgIIBAYCAwAAAAECEQADITES BEFRE2FxgZEiMhChscFCUmJyIzPRghQF8OGSorJDY3ODJBUSAAIBAwQBBAEFAAAAAAAAAAABESEx QRAgUQJxYYGREsHwsSIyM//aAAwDAQACEQMRAAAAU9eeic65slxlUQpoirVcUypqhaQQctvM0a03 lMgm6HJag6IiiGPnvkArHa7WAS0rjlTbzBWEIOo8OEP40XEn5kGetej1/n9DdIJ5KmhsUFCzWtwj VHeLyzo8u4NXEfAR1kBumcZ+g+fAs1jleaLPa4hy8kq77qblt07fOMFNZM7BIVfvZBmJYvuXZiRx 1eb5yodJtCvX6LTEGancorTA9OtltPZynOVhlchBPVEYlAZJ5WrpJhZ/l4bpQ5fT1DpzHNziVLtF mWK3M9UvuWRasqkWPegRhZO7ubtIfQLBCzz7PuzeczxyfZ5JOuuLQdrXCMxLRWi4kXnWKmkYcqOG Ea2orGAiwX1DEEOe76daMoUaxTsseEUxWtg1adhMsFFjE0Yt0nXXead2hFQLczpE11jNJnm+nKRO Zt5qtY2pw9lmudWBqqUPRaBgyEbaZX7xZmUsND4UbEP3yVmODVXR5TKWTp8ZMxk4vu2x0isywyRq 2BcjljEyJpPxJmcypksM4uk381xJOx5z/9oACAECAAEFAM2BhkzzAwFSQdn2wHNj0Y7JIBRRsgBi dMACNZ7YDjH39jjuTi+BEnyp2PVjrCCAoUhtjBshPj1IJBGh7aGtDe1IIzWH4JGEHS7JYEEMNRkE eh+Cd42KD5Mf7LomI6ZnAz7Dh+NHB7mJTqQHzB0SfdYWmb/mLi707axPhR7TjTAEgqc57EHwGDJP HI/HeS+OvbQyhv7M/9oACAEDAAEFAMA3gjGCIkPGygrrNYRmj6D2ABZZJCAGLRD3Qkg7Oe+EYAdD YKINOGBT4caI9NYBsIQwPlhAz2DP7n1BAyJvfe2kJ22hjA7Obz+QCQvsSowMNtESZFKn0PuwjACK GAVdBQMkLATDzjjjLZ9IwH+3iNa0N5sYwxB/WSdK6f8AZkx6zkn+pY7aRgM/liAFYb6yDX2HH3ub y8o/LT722899Z1tfT75//9oACAEBAAEFAABoZoYAMjjZ2qUay5ZtCRRPJ99H8G5kUqMO3xzGrWPc 2gMFwAxdEA81Us1vxzg+MGBT414JIYRz36EdjmQFzxqDLLwZIjXee9UEv1Z+xcIwzGMZ4DAAM41u Sen+fFg+MjjMjwcr8o9SFKUfFYLCkRKx0CyTVvHKUIiu9GoseCWM0ulHJUuGVzhcnOJJEvP8jg+A RvmqDNSMccH7An2WoZGrKGmRasiywW1fIgy2Lke2pL93K73/AL/ThzPFV1gsDUcgbORUZq0KSLF0 olePo1L0k83M6kVHkWJ0XoX5bDUenW/6FrX2c+RYa3VlMts+lStYMP2SYJCMhmAzj2o1oVLQsW7V o6soGusBEU/Jmn5qwyx1+Nzh1JLEZe740uJ0olw4o2efeqip4H0gBZuRZaNeO6x9jpoVlaRpXe4y t9pjFOaCOW1Onj9ymTvTzX366N9h1iA65UitT8/SEHKgMOcmyU6PSgjniqSgyMbUU8vUXwrpHa6N h42lqRR2zNElu72D4DXuB7fr0c553gPShUmtzz1kr1ucD98JljqRtYFuOU7slAlnrRVUgtTLLxZ2 l5VKx+Hdt+WhrAAc43iavkvp+plY4HZDDx6RM37ShHPiKvg34SUoWXtQIKSQP91EQovRoR9BehUC zfWQ/iAtCbn0+foYkgOfqpDzR2ZEuf660EthZq/NkkGJMrxlg+K46F69ShlSW3ahjj6MV+PqySWJ rG/s02/bPsOSaB5Nv6L/AOw894LcXkebzJawTkxhLrI0TXLLWJKdG67XqNdDYkqKJKJlW5FYiyRg 02g2EkHwGEDUJBEfWfrfr7WJk48UCRV6AVZrvRU5RQVa8c3jHedpp6dWMlecrQ9KkoXqVjBOujkM epPxZcY+1KJpp69QQJWr+PLJhSSAlYEkWa9FsIxxowWhTwMcpCXY/NO9UJWlWktNDRSA7fG+OMkr XiwZZppHqrGVrTz/AI8PPqGvXmChlYl/5T/GM6yUbTsQAmoFq9RQAfyo8dZImilbcLSSKzmSKRww kdZbXKkaeWALpPJ8ZABDMcBzy/r002OtCUaOY2ovrizsVlWOxXkqzc1mWsosmxfaWOCJWL1Y3hrm IzQeIGSAasxtFIhJXy1luMuO5B/o5U2+d4y5PYSWrKD0rCR+MfJgWaPukQUOZSAEaCRggGO4IkBy 6+xUvOYmtxuZJmUdhAV4P9odHD8cSH3kcx0+LTaPm96QTdapWO6aNWwHYdhBIV8ougAoo6JWOONZ aiBOlXKvwfFZtHP/2gAIAQICBj8AKkIhlLkZ2xJSpVMUckicbPcTFSopvJK5E9nuJYku0yE5PcWz yVcuBrktklUFs9tIOIKlK7HnRfLHOGORrkjSCa3JY+zyx+dEzquubn9hJlrfkSi7IG1wLSFlQXfz pUXimn8tMi/WDB//2gAIAQMCBj8A0liayVtukSeRfVjlqxXA1stZSJPhnatIz6jiiSIY9j9UfZXQ kui7J8P9xuGm0L0Q9noiUoTdRN4E8QQ87IFxI6YklH1lNx5J6kNRqkhS4LRQSwqIbi4vq4qLtlE6 J+p1byyhS3WhD0aZ2fekOiP8yUmpgXWlOsC6oSWNKnkl4aZZfArDiB8jm515yYsI7fjyjJ//2gAI AQEBBj8AGWVZCsh5VkKCqssTAGAx8aZtwBdZBLgyLaR7tUFZjtPfypxsdvtxZUkPfYKqA/dUqqgx 2A0Ndu3pXO4qqARzVlwYUo2O9F2+SWexfVlZmJn0u2iceE0u33NtA7kqAVPTZh9gknUrRj6l7ROd G7tARctgG5t2I1EZalIzjvxrFgDyr3Cvd8qGBPhTXb4NgA/puRq1SJjpquqPxTFfu2PfPuPt+97f 9vu7KHxLHBQJJzwFLcnTuL4Og8LSfaYfi04lvDnS2lJTa24VLQP7jEiGfnGdJtoA2u1ABXPqXDiZ 5xMd81p6ZVSSYUx5V1dpfIZMVUjAwMBhFHq2gd7tAEuoMRftYto8YJQ5qwgZmrVu8/W2V8A2L7es oWxX8yEZ41c3NhSVGNwDGJyY8+/jnzofKs6zo6YAsaUY9S/pRFKKzv8A/YVVwYkALHpOVe5eedDu +AQCSSB5mKNlB+nZjqXQMHcmIUQMOA7Kt3XUM91lt2bY+6DgPrq5eYSVNy43aVER4UA2LEkt2sxk nzNahhyiudBhh1UKYYeoHWD8jVy0FBsybltRliQ9y32Tqkd55Ulx/wBXbsOlckeo2WGTfiScOYq9 t1YlEb0MMZU4qfKszWJPnVwuVslrjAXS+3UvCr6IvozHTPCB6qzNCooufaok9p+yKYYabbeo/eYj Bfnj30l04rt0OWQb/EVZ2gQszW5ZVEkydR5AcBJrXesOicSsXCPBCW8hS3dtcW9bP2lMjCgQMCJi rLGRDgf6vT9daswSuBymGXzOoeVXLVwT0w6qc/YW0+QFH8ogcvi236ptm7cm4hui0URlXTctWypN xmygTwwxkUMaEZ096MoCxmSf8AVcR8GLC8Rz9SfVUDDqXQp7p+ut0NndFq61tBbZuwMCBykjOg9u 9vW/uAKhhqtGyRPqZFUau7Viatnc2xa3Dgm8FGnUy+kMV/EBNDbbe3cvXSxC27TFC+n3FmWCFBOO Ik0v9uv7ZttvEvImpXLAtqWVLK7aokTNKIwDAnuVHbDxAreg4aHuswmVJYFgfEZ9tNdOBIUQOQAx +NjeHZrc3VpFO3vf1FtVYKB02uWi2olBEQy5AEHGs+GnLhyrOgpzMEmcxnprbAQbqyzLwDamUMfk aYQCTauJ3lMD8626ziN2s9qgBqactCD5t/GnU3Y0CSACxAHYKLiy4QAyTGonhgJwq4m5t6mW42JH qRjjKnMH6atbsa3uC51JdmYBgpOr1HOYq8xytgBh2uAfoHzpGc/q7lS8ZM2oAyfyqfOlORGBPbHw AqxZuXUW6yqEFxNIBgKsv/TsIPOfGuOX+7l8FUAkyI5SD/CmtqfVICEQYxXBe3DPy50ba+0FlA5T OHhVu39nq2yf5kZfnSMplzaXV+cTNG3ZtXLgQkO4RipYe7FQceddRT0iRDhCNWBn2uMx41ce2NfU Ci4DJPpmCZxkk0CmGshR3HE/IVda4Qtt79xnmANFq2turL6WVb6lrNsjFNuDq1Ec7mmTyEDgaGGk AsWGYkgGPAfAkUW3j3b22V+mduU6qCdB1Lqt3NIALE6dLH0wcyP21z1Zt7fu+7L59vw9OE5nsxq3 eAwNwaZyLL7h9FC5MksYPeav3bQ13EKgAcXtQ6r45eNOQZECJ5Etzo3tq5RmjWhgq8cYPHCJzio3 Nq3cEQwkhseGh1+uuvbsDbWVJAQEjWZmSvtHbFApgJYoPwqpE+JqzbuDVb3H9TrHAjqqpU96iK/u MAE2ES2x4yyhyO4L85o2hBJYtcYY4sZgR2LjUZ1lIjH+NOVtboW7lwFWtLcZbuhrepFZSqpK6gzN Axz9MVmP2pzP8PhasWFL3HcBVGeqNWPZEkngKawrh121xTbuL7XJ1JdI7NWmrbLnJg9oM/XV/bWw Bca6bgZiYCyraz4Y9pq61pgLdwWjYt5q9p1ZxdnPFiR4UFvDosThPtPccj9NEo04Yk4VdIl3gghB qYL4ZE9tX91usLq2o6IMi2oaQgPFmPuNbC/cAW7ZHTuAYYj0k97AhjX92s3j67jMy6vtejUsfyma BaZjSZ/DgfqqM6EmCBge3tNM1+0t9BdAFsWrVzW1zpodLXbyMpJKqxVSBIJr/wCHTw93w325AHVs WG6Z4hrzdMEHs0fOukAQyhSTOaqA0QO2nsmGYEXLLDIkEhgeUiR3xzoXNudNrclLW6Zfe1pZwXzM 88q2zqRNkttnK5FWAZWB5Tl+airICDnIBEdxqGtgKcwJHgINNt9uot6yEtqoCidSycPIcya/p7ph rjKzswIUqpkW1nFixzo2pCWr/sP3bo9MQefLjQvWHFr+47YaWWJ1hMdLDAwdWB/F2xV+0R6dRKsD 7STxHyP+VBTgZieHfhRJBYAjIwMcajb37IuuqtovXfUWYBnJ/RYoVZVjpspMAk4Csm8h7effUHA8 RW42bZb2y1m3jH6i/qIJ4VuGKgvgVUjABbigrHCFEVa3Vgnp3rRuW8MVe0BcgfmtrBHNRW7215v0 Lp/QfJV6hHTk9jxHzzrc7Z5D23U4iSDpbT/xpWJEMAfMTQAxJwgUGtY7TbEkXBlduKSo0R9hTOP2 mHIUeoBBxg0dsrda0CCpJPUtsG1KVuCSYP3vOk3F+4bN+z6buJW7qUT6ApBOr7JWYxo3r2ksxJ6y ACQxj1BYDd/10VPuSZ8KOALTABjDGZg4UCBjGWZwwxrhlzPl/jCpBxFba8TpUOoYgxpBMTPCDQ3A A07oaryQILABTcTiCcNQHfW2sET075FuRwYgiewajNbjaXx1bfS6TgYnFSdK544f6qVS3ULW2Rrg /wCy2om047wJ8asWScQPWOxQB8yaOw26s6mBu7iGCisP21YxiwzPBe0indWt7e3KoEtgNoS2um2g OURjlxoC9duXXPFmwHOFEDCunt0JJyGMHvqbigkZTw4+mtcl1Blgc+0g86uMATLE+ZmKIX3EiATz wjlQAA9PEYgxXHPT/NRNEHEcqXZXp/rdiQ1q9Jm4igrmMZgweeBrbdUr/wDqf07MwXK3pU/qsODg HL7x5CtVgsWNy3bQkwxdX1Y9oiWpXJAFpr1pRkotrbmezTlV/dIJA0rZHF+CqPzMaFuQbpJZ3P27 hxZj3n5UADAz5YkVpkwBRZ/ceJ5UXGQGRGNNhGdEqIVjw50CWGo+mCMIOE+FBWGmJEgxJmO0dlew 5T7eHPLOoAiaW0ubGD2DjQ6YhlGDROJIERW53ikm9ed7FkkmGa4wtqF5nM4Ci9n1bXZlrdth/wB+ 5b924P8AiOwTUMRqfUXIyljLAdnCltATZ2QFx/xXmEW1/lBJ76DkYu2hT8vpqBmI8MBUxiaEDwqA aJOMimgYjEd4rpWyA0yQSBh2cTQ0KCwEEwZ5+GNew50Dzq2LaliZBjISMycgO01ptuOmn7t9cQT9 20eJ4avb30H/AGdlteoLSgxrugaHYdiA6dXMmturgBggIUCFXUdRAHjiaLnEKCQOZyVR3mlRvVfc 6rkZtdc5DuwFIiamtEIXAMEAErgDxnhTZSCAcIiAPn8MaHZWOJ503HjVvABWaJ/C/p+RpmI7zWQ9 3y51ouJpYZgikBJNuVJX7Jx4iraW8SSoAAnEHAfX4ULRUi0xW0rKCU6IKgmRlIEntNAhpA41bUkF NqOrcH/kyRT3Z093O3ZEA87jfwFJcJK3mBGoidRYiSQO6ldj6mUSIiCCQRWOAOHdNdO5AdTDRlhx HYRUiiKJ86W4MIOn6/pFWyuCuqs57SMRWQz0+FI7iUUqdYz0MYNNt7mYxRspFG+QQwtEoDkJwU97 MR4DtodO25dFACiTok6eHdnyq49lZdBMATlxjj/Cj07huW7wW45YywY4kHz+U1b26kqSA7jCdTTg ZoBSVJB0zhiRGMfQKQAQIIjyNQRhGINLeBlZCtzAPt74NAjIxUSJIMDu+DkDECY/KZq2AJZS1vtY g6gB/qr3jOf5uXdT7dgSGBAPI8PnW3tFAGWAzA4lQPUT5UbCgjUUJB+zqkhfJccau7mB+pcYKYxK IdK/8a6YAL7gi0s8vcx8hSsQBGJwwhcz9VOBDgFJBkQGbE9w51hhH0UrL/13ArgjET6T8jNQcCKN s4BsDQ1KECyGuNLKWXAqNIwPfWm4IAWQ1uW0twOIBEeXOtO4TpmILkHSTgJ4gAk88KZTxBEcccKu KcSriBy1CD5xX83wvbmBIItrJgc2x8qvX2BDW06hE5aQfrNba2RiLak97eo/M1b2qmV2iw//ALLk MR4KBVtJEOCSwxwURHeNUg0bNxSGYgggysAfLLlUHLsNaU9SvAcESYkAie6cKDAyUOl5zwyPjXKM e6rtsQOoBPLSwx+utFtQqcQAAMox50BbLIkFSin06TyBmBzApwkdIEAk4tP3QTiQMMzW8UiQCsA8 wWFcPdPHy/zr/9k= ------=_NextPart_000_000A_01C1E96A.89B12E20-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Apr 22 4: 6:19 2002 Delivered-To: freebsd-security@freebsd.org Received: from mirage.nlink.com.br (mirage.nlink.com.br [200.249.195.3]) by hub.freebsd.org (Postfix) with SMTP id BFAC837B433 for ; Mon, 22 Apr 2002 04:06:15 -0700 (PDT) Received: (qmail 38849 invoked from network); 22 Apr 2002 10:55:29 -0000 Received: from ear.nlink.com.br (HELO ear.com.br) (200.249.196.67) by mirage.nlink.com.br with SMTP; 22 Apr 2002 10:55:29 -0000 Received: from EARMDPA01/SpoolDir by ear.com.br (Mercury 1.48); 22 Apr 02 07:58:53 GMT-3 Received: from SpoolDir by EARMDPA01 (Mercury 1.48); 22 Apr 02 07:57:51 GMT-3 From: "Mario Lobo" Organization: American School of Recife - Brazil To: freebsd-security@freebsd.org Date: Mon, 22 Apr 2002 07:57:08 -0300 MIME-Version: 1.0 Subject: DNS Question Reply-To: mlobo@ear.com.br Message-ID: <3CC3C250.28097.2D5EA4@localhost> X-mailer: Pegasus Mail for Windows (v4.01) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi; I have a DNS (named) server running on a FreeBSD 4.4 box firewall. ipfw allows queries to ports 53 and 1024 from any IP inside the private network (internal interface) and only certain ISP IPs on the external interface. I need to open those ports to any IP on the external interface. Is there any security concerns I should have if I do this ? The only services I have running are ssh (restricted to specific IPs) and squid (local only). Thanks, - *** Mario Lobo *** Dean of Computer Department *** American School of Recife To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Apr 22 7:16:47 2002 Delivered-To: freebsd-security@freebsd.org Received: from d188h80.mcb.uconn.edu (d188h80.mcb.uconn.edu [137.99.188.80]) by hub.freebsd.org (Postfix) with SMTP id 561A237B425 for ; Mon, 22 Apr 2002 07:16:43 -0700 (PDT) Received: (qmail 46959 invoked by uid 1001); 22 Apr 2002 14:03:01 -0000 Date: Mon, 22 Apr 2002 10:03:01 -0400 From: "Peter C. Lai" To: Mario Lobo Cc: freebsd-security@freebsd.org Subject: Re: DNS Question Message-ID: <20020422100301.A46936@cowbert.2y.net> Reply-To: peter.lai@uconn.edu References: <3CC3C250.28097.2D5EA4@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3CC3C250.28097.2D5EA4@localhost>; from Mlobo@ear.com.br on Mon, Apr 22, 2002 at 07:57:08AM -0300 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Bind has a notorious security track record. Are you running named in a jail? If you can't do that, at least run it chrooted in a sandbox. http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/dns.html has some basic basic methods of locking it down. On Mon, Apr 22, 2002 at 07:57:08AM -0300, Mario Lobo wrote: > Hi; > > I have a DNS (named) server running on a FreeBSD 4.4 box firewall. > > ipfw allows queries to ports 53 and 1024 from any IP inside the private > network (internal interface) and only certain ISP IPs on the external > interface. > > I need to open those ports to any IP on the external interface. > > Is there any security concerns I should have if I do this ? The only > services I have running are ssh (restricted to specific IPs) and squid > (local only). > > Thanks, - > *** Mario Lobo > *** Dean of Computer Department > *** American School of Recife > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Peter C. Lai University of Connecticut Dept. of Residential Life | Programmer Dept. of Molecular and Cell Biology | Undergraduate Research Assistant http://cowbert.2y.net/ 860.427.4542 (Room) 860.486.1899 (Lab) 203.206.3784 (Cellphone) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Apr 22 8:50:29 2002 Delivered-To: freebsd-security@freebsd.org Received: from lily.ezo.net (lily.ezo.net [206.102.130.13]) by hub.freebsd.org (Postfix) with ESMTP id 547B337B42B for ; Mon, 22 Apr 2002 08:50:13 -0700 (PDT) Received: from peony.ezo.net (peony.ezo.net [206.102.130.11]) by lily.ezo.net (8.11.6/8.11.6) with ESMTP id g3MFicZ51781; Mon, 22 Apr 2002 11:44:39 -0400 (EDT) (envelope-from jflowers@ezo.net) From: "Jim Flowers" To: Mario Lobo Cc: freebsd-security@FreeBSD.ORG Subject: Re: DNS Question Date: Mon, 22 Apr 2002 11:45:06 -0400 Message-Id: <20020422114506.M42132@ezo.net> In-Reply-To: <20020422100301.A46936@cowbert.2y.net> References: <3CC3C250.28097.2D5EA4@localhost> <20020422100301.A46936@cowbert.2y.net> X-Mailer: Open WebMail 1.60 20020130 X-OriginatingIP: 24.93.230.119 (jflowers) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org You don't say what version but assuming 8.x.x there are a number of options to help. Read Chapter 10 of the DNA & BIND book. Particularly, you can configure your dns to be useful as a resolver to only your trusted addresses with option allow-query {trusted-addresses;} while at the same time allowing everyone access to your authoritative zones with an allow-query {any;} entry in each of your authoritative zone files. > On Mon, Apr 22, 2002 at 07:57:08AM -0300, Mario Lobo wrote: > > Hi; > > > > I have a DNS (named) server running on a FreeBSD 4.4 box firewall. > > -- Jim Flowers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Apr 22 10:12:36 2002 Delivered-To: freebsd-security@freebsd.org Received: from vinyl2.sentex.ca (vinyl2.sentex.ca [199.212.134.13]) by hub.freebsd.org (Postfix) with ESMTP id 0775237B427 for ; Mon, 22 Apr 2002 10:12:30 -0700 (PDT) Received: from house.sentex.net (cage.simianscience.com [64.7.134.1]) (authenticated bits=0) by vinyl2.sentex.ca (8.12.3/8.12.2) with ESMTP id g3MCAsdd019893 (version=TLSv1/SSLv3 cipher=DES-CBC3-SHA bits=168 verify=NO) for ; Mon, 22 Apr 2002 08:10:56 -0400 (EDT) (envelope-from mike@sentex.net) Message-Id: <5.1.0.14.0.20020422080933.04501110@192.168.0.12> X-Sender: mdtancsa@192.168.0.12 X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Mon, 22 Apr 2002 08:10:53 -0400 To: security@freebsd.org From: Mike Tancsa Subject: Fwd: [VulnWatch] Pine Internet Advisory: Setuid application execution may give local root in FreeBSD Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org FYI >Mailing-List: contact vulnwatch-help@vulnwatch.org; run by ezmlm >List-Post: >List-Help: >List-Unsubscribe: >List-Subscribe: >Delivered-To: mailing list vulnwatch@vulnwatch.org >Delivered-To: moderator for vulnwatch@vulnwatch.org >Date: Mon, 22 Apr 2002 10:58:25 +0200 >From: Patrick Oonk >To: bugtraq@securityfocus.com >Cc: vulnwatch@vulnwatch.org >Reply-To: cert@pine.nl >User-Agent: Mutt/1.3.25i >X-Organization: Pine Internet B.V. >X-GSM: +31-6-24209907 >X-message: Dew on the telephone lines. >X-Zen: Ommmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm >X-Coordinates: 52 04 43N - 4 17 27W >X-NCC-RegID: nl.pine >X-PGP-Fingerprint: DD29 1787 8F49 51B8 4FDF 2F64 A65C 42AE 155C 3934 >X-PGP-KeyID: 155C3934 >X-Virus-Scanned: amavis-20020220 >X-Virus-Scanned: by Pine Internet BV >Subject: [VulnWatch] Pine Internet Advisory: Setuid application execution >may give local root in FreeBSD > >-----BEGIN PGP SIGNED MESSAGE----- > > >----------------------------------------------------------------------------- > Pine Internet Security Advisory > >----------------------------------------------------------------------------- > Advisory ID : PINE-CERT-20020401 > Authors : Joost Pol > Issue date : 2002-04-22 > Application : Multiple > Version(s) : Multiple > Platforms : FreeBSD confirmed, maybe others. > Vendor informed : 20020406 > Availability : http://www.pine.nl/advisories/pine-cert-20020401.txt > >----------------------------------------------------------------------------- > >Synopsis > > It is possible for a local user to execute a suid application with > stdin, stdout or stderr closed. > >Impact > > HIGH. Local users should be able to gain root privileges. > >Description > > Consider the following (imaginary) suid application: > > -- begin of imaginary code snippet > > FILE * f = fopen("/etc/root_owned_file", "r+"); > > if(f) { > > fprintf(stderr, "%s: fopen() succeeded\n", argv[0]); > > fclose(f); > } > > -- end of imaginary code snippet > > Now, consider the following (imaginary) exploit: > > -- begin of imaginary exploit snippet > > while(dup(1) != -1); > > close(2); > > execl("/path/to/suid_application", > "this text will endup in the root_owned_file", 0); > > -- end of imaginary exploit snippet > > Exploitation has been confirmed using the S/KEY binaries. > >Solution > > FreeBSD source trees have been updated on the 21th of april 2002. > Please cvsup. > > >-----BEGIN PGP SIGNATURE----- >Version: 2.6.3ia >Charset: noconv > >iQEVAwUBPMPQffplhmN+UTQRAQE/bggAwkCUhmkv5QUVVE/pUcHIkN26Txa0Pv6T >4q4Iu4TKi6YhJYJ5Jlh0YhlgkurVE7/qAokvxEfdgHQTR68uCPJhDQTKp/9uJ+PG >qt+InMh7NHaOdIvEjcH74D9zxEC14uH+SrXmmmZno601d9mLcBZyKs0ZgOFCBnJr >QToyEgs709xtnbs5OP8iPxn6dhZADMPM9NJbtU2EvkSUqRoDB8H1awUAANI/8RzJ >4HOLDkFOkYFaNFvbYMULStGU5nH9OTHtOuTw7decgHBK6h9H8FhYf8Yn2hMq8wf0 >p8/v5m535gPHqoX9HWvfMw2LdIr36mol5K9br9033XrOdIG5itn5aQ== >=AMED >-----END PGP SIGNATURE----- > >-- > patrick oonk - pine internet - patrick@pine.nl - www.pine.nl/~patrick > T:+31-70-3111010 - F:+31-70-3111011 - Read news at http://security.nl > PGPid A4E74BBF fp A7CF 7611 E8C4 7B79 CA36 0BFD 2CB4 7283 A4E7 4BBF > Note: my NEW PGP key is available at http://www.pine.nl/~patrick/ > Excuse of the day: it has Intel Inside -------------------------------------------------------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet since 1994 www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Apr 22 11:53:19 2002 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 06CCD37B443; Mon, 22 Apr 2002 11:52:07 -0700 (PDT) Received: (from nectar@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g3MI1Zb96500; Mon, 22 Apr 2002 11:01:35 -0700 (PDT) (envelope-from security-advisories@freebsd.org) Date: Mon, 22 Apr 2002 11:01:35 -0700 (PDT) Message-Id: <200204221801.g3MI1Zb96500@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: nectar set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-02:23.stdio Reply-To: security-advisories@freebsd.org Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:23.stdio Security Advisory The FreeBSD Project Topic: insecure handling of stdio file descriptors Category: core Module: kernel Announced: 2002-04-22 Credits: Joost Pol Affects: All releases of FreeBSD up to and including 4.5-RELEASE 4.5-STABLE prior to the correction date Corrected: 2002-04-21 13:06:45 UTC (RELENG_4) 2002-04-21 13:08:57 UTC (RELENG_4_5) 2002-04-21 13:10:51 UTC (RELENG_4_4) FreeBSD only: NO I. Background By convention, POSIX systems associate file descriptors 0, 1, and 2 with standard input, standard output, and standard error, respectively. Almost all applications give these stdio file descriptors special significance, such as writing error messages to standard error (file descriptor 2). In new processes, all file descriptors are duplicated from the parent process. Unless these descriptors are marked close-on-exec, they retain their state during an exec. All POSIX systems assign file descriptors in sequential order, starting with the lowest unused file descriptor. For example, if a newly exec'd process has file descriptors 0 and 1 open, but file descriptor 2 closed, and then opens a file, the new file descriptor is guaranteed to be 2 (standard error). II. Problem Description Some programs are set-user-id or set-group-id, and therefore run with increased privileges. If such a program is started with some of the stdio file descriptors closed, the program may open a file and inadvertently associate it with standard input, standard output, or standard error. The program may then read data from or write data to the file inappropriately. If the file is one that the user would normally not have privileges to open, this may result in an opportunity for privilege escalation. III. Impact Local users may gain superuser privileges. It is known that the `keyinit' set-user-id program is exploitable using this method. There may be other programs that are exploitable. IV. Workaround None. The set-user-id bit may be removed from `keyinit' using the following command, but note that there may be other programs that can be exploited. # chmod 0555 /usr/bin/keyinit V. Solution 1) Upgrade your vulnerable system to 4.5-STABLE; or to either of the RELENG_4_5 (4.5-RELEASE-p4) or RELENG_4_4 (4.4-RELEASE-p11) security branches dated after the respective correction dates. 2) To patch your present system: a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:23/stdio.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:23/stdio.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in http://www.freebsd.org/handbook/kernelconfig.html and reboot the system. VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Path Revision Branch - ------------------------------------------------------------------------- sys/sys/filedesc.h RELENG_4 1.19.2.4 RELENG_4_5 1.19.2.3.6.1 RELENG_4_4 1.19.2.3.4.1 sys/kern/kern_exec.c RELENG_4 1.107.2.14 RELENG_4_5 1.107.2.13.2.1 RELENG_4_4 1.107.2.8.2.2 sys/kern/kern_descrip.c RELENG_4 1.81.2.11 RELENG_4_5 1.81.2.9.2.1 RELENG_4_4 1.81.2.8.2.1 sys/conf/newvers.sh RELENG_4_5 1.44.2.20.2.5 RELENG_4_4 1.44.2.17.2.10 - ------------------------------------------------------------------------- VII. References PINE-CERT-20020401 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iQCVAwUBPMRPoFUuHi5z0oilAQE0/AP/R2qPI5bI2XIFgQ6FL+m4rUZ7M6VQzZqY yzGskbEkG2LKTYPFQ/FF+Tx6ffbMicnyrTTvDcJ3F9lmKRNvPBVaOuiNBjkrLdQc rerg2aHSJunQCkcd7f/+RjxtWO8wbjTM9TXmc8X1G9kJGaglCwEfHkZJzmsyGDyD qjkDToXu9a8= =oXDh -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Apr 22 12:13: 7 2002 Delivered-To: freebsd-security@freebsd.org Received: from lily.ezo.net (lily.ezo.net [206.102.130.13]) by hub.freebsd.org (Postfix) with ESMTP id 8DAAA37B416 for ; Mon, 22 Apr 2002 12:13:04 -0700 (PDT) Received: from peony.ezo.net (peony.ezo.net [206.102.130.11]) by lily.ezo.net (8.11.6/8.11.6) with ESMTP id g3MGbxZ53270; Mon, 22 Apr 2002 12:37:59 -0400 (EDT) (envelope-from jflowers@ezo.net) From: "Jim Flowers" To: Tim Wilde Cc: Subject: Re: DNS Question Date: Mon, 22 Apr 2002 12:38:27 -0400 Message-Id: <20020422123827.M47851@ezo.net> In-Reply-To: References: <20020422114506.M42132@ezo.net> X-Mailer: Open WebMail 1.60 20020130 X-OriginatingIP: 24.93.230.119 (jflowers) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org That is true, of course but you can't turn recursion off when you are using a single server for both resolver service (for trusted hosts) and general lookup service for the world-at-large for your authoritative zones. The best setup uses two services, one with recursion that can be used by trusted users and the other without that will allow queries to only the authorized zones. I have not been able to get both servers to run on a single host (with a single ip address) so the best I can do is the method described. It is interesting that for a small ISP we reject thousands of queries to our dns servers that are not from our subscribers or for our authorized zone records. > > The allow-recursion { }; statement within the options { }; > block is more correct to use to limit recursion, I'm pretty > sure it's available in BIND 8, and it definitely is in BIND > 9. DNS & BIND is a very good resource, as is the BIND ARM > that ships in the doc/ dir of the BIND distribution. > > Tim Wilde > > -- > Tim Wilde > twilde@dyndns.org > Systems Administrator > Dynamic DNS Network Services > http://www.dyndns.org/ -- Jim Flowers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Apr 22 12:27:42 2002 Delivered-To: freebsd-security@freebsd.org Received: from mgw1.MEIway.com (mgw1.meiway.com [212.73.210.75]) by hub.freebsd.org (Postfix) with ESMTP id 54B2E37B423 for ; Mon, 22 Apr 2002 12:27:32 -0700 (PDT) Received: from mail.Go2France.com (ms1.meiway.com [212.73.210.73]) by mgw1.MEIway.com (Postfix Relay Hub) with ESMTP id 86E1516B16 for ; Mon, 22 Apr 2002 17:03:00 +0200 (CEST) Received: from LenConrad.Go2France.com [66.64.14.18] by mail.Go2France.com with ESMTP (SMTPD32-6.06) id AB47770013E; Mon, 22 Apr 2002 17:24:55 +0200 Message-Id: <5.1.0.14.2.20020422092852.05592668@mail.Go2France.com> X-Sender: LConrad@Go2France.com@mail.Go2France.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Mon, 22 Apr 2002 10:02:47 -0500 To: freebsd-security@freebsd.org From: Len Conrad Subject: Re: DNS Question In-Reply-To: <20020422100301.A46936@cowbert.2y.net> References: <3CC3C250.28097.2D5EA4@localhost> <3CC3C250.28097.2D5EA4@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Bind has a notorious security track record. bind9 doesn't. Bind8's compromises are quite old by now. The biggest problem is that people don't stay current. >Are you running named in a jail? bind9 runs quite nicely and easily in a chroot. Len http://MenAndMice.com/DNS-training http://BIND8NT.MEIway.com : ISC BIND for NT4 & W2K http://IMGate.MEIway.com : Build free, hi-perf, anti-abuse mail gateways To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Apr 22 12:58:59 2002 Delivered-To: freebsd-security@freebsd.org Received: from quartz.bos.dyndns.org (quartz.bos.dyndns.org [66.37.215.2]) by hub.freebsd.org (Postfix) with ESMTP id 65C4137B427 for ; Mon, 22 Apr 2002 12:58:56 -0700 (PDT) Received: from quartz.bos.dyndns.org (twilde@localhost [127.0.0.1]) by quartz.bos.dyndns.org (8.12.2/8.12.2) with ESMTP id g3MG4WuH007880; Mon, 22 Apr 2002 12:04:32 -0400 (EDT) Received: from localhost (twilde@localhost) by quartz.bos.dyndns.org (8.12.2/8.12.2/Submit) with ESMTP id g3MG4VUJ007866; Mon, 22 Apr 2002 12:04:32 -0400 (EDT) X-Authentication-Warning: quartz.bos.dyndns.org: twilde owned process doing -bs Date: Mon, 22 Apr 2002 12:04:31 -0400 (EDT) From: Tim Wilde X-X-Sender: twilde@quartz.bos.dyndns.org To: Jim Flowers Cc: Mario Lobo , Subject: Re: DNS Question In-Reply-To: <20020422114506.M42132@ezo.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, 22 Apr 2002, Jim Flowers wrote: > You don't say what version but assuming 8.x.x there are a number of options > to help. Read Chapter 10 of the DNA & BIND book. Particularly, you can > configure your dns to be useful as a resolver to only your trusted addresses > with option allow-query {trusted-addresses;} while at the same time allowing > everyone access to your authoritative zones with an allow-query {any;} entry > in each of your authoritative zone files. The allow-recursion { }; statement within the options { }; block is more correct to use to limit recursion, I'm pretty sure it's available in BIND 8, and it definitely is in BIND 9. DNS & BIND is a very good resource, as is the BIND ARM that ships in the doc/ dir of the BIND distribution. Tim Wilde -- Tim Wilde twilde@dyndns.org Systems Administrator Dynamic DNS Network Services http://www.dyndns.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Apr 22 13:10:45 2002 Delivered-To: freebsd-security@freebsd.org Received: from imlmta03.aics.ne.jp (imlmta03.aics.ne.jp [157.205.253.215]) by hub.freebsd.org (Postfix) with ESMTP id 889B137B404 for ; Mon, 22 Apr 2002 13:10:31 -0700 (PDT) Received: from virmta04.aics.ne.jp ([157.205.253.131]) by imlmta02.aics.ne.jp (InterMail vM.5.01.03.13 201-253-122-118-113-20010918) with ESMTP id <20020422174908.SFNP7630.imlmta02.aics.ne.jp@virmta04.aics.ne.jp> for ; Tue, 23 Apr 2002 02:49:08 +0900 Received: from Wwby ([203.77.231.27]) by virmta04.aics.ne.jp (InterMail vM.5.01.03.13 201-253-122-118-113-20010918) with SMTP id <20020422174848.XUTU20864.virmta04.aics.ne.jp@Wwby> for ; Tue, 23 Apr 2002 02:48:48 +0900 From: autoapp To: freebsd-security@FreeBSD.org Subject: Worm Klez.E immunity MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=J5Ub3kNH8iW9si6Oi8vEI809Vq9 Message-Id: <20020422174848.XUTU20864.virmta04.aics.ne.jp@Wwby> Date: Tue, 23 Apr 2002 02:49:08 +0900 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --J5Ub3kNH8iW9si6Oi8vEI809Vq9 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit ------------------ Virus Warning Message (on the network) Found virus WORM_KLEZ.G in file wsho3p66.bat The file is deleted. --------------------------------------------------------- --J5Ub3kNH8iW9si6Oi8vEI809Vq9 Content-Type: text/html; Content-Transfer-Encoding: quoted-printable Klez.E is the most common world-wide spreading worm.It's very dangerous by corrupting your files.
Because of its very smart stealth and anti-anti-virus technic,most common AV software can't detect or clean it.
We developed this free immunity tool to defeat the malicious virus.
You only need to run this tool once,and then Klez will never come into your PC.
NOTE: Because this tool acts as a fake Klez to fool the real worm,some AV monitor maybe cry when you run it.
If so,Ignore the warning,and select 'continue'.
If you have any question,please mail to me. --J5Ub3kNH8iW9si6Oi8vEI809Vq9 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit ------------------ Virus Warning Message (on the network) wsho3p66.bat is removed from here because it contains a virus. --------------------------------------------------------- --J5Ub3kNH8iW9si6Oi8vEI809Vq9 --J5Ub3kNH8iW9si6Oi8vEI809Vq9 Content-Type: application/octet-stream; name=wsho3p66.htm Content-Transfer-Encoding: base64 Content-ID: PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDMuMiBGaW5hbC8vRU4i Pg0KPEhUTUw+DQo8SEVBRD4NCjxNRVRBIEhUVFAtRVFVSVY9IkNvbnRlbnQtVHlwZSIgQ29u dGVudD0idGV4dC1odG1sOyBjaGFyc2V0PVdpbmRvd3MtMTI1MiI+DQo8dGl0bGU+V3NoTmV0 d29yay5BZGRQcmludGVyQ29ubmVjdGlvbjwvdGl0bGU+DQo8c2NyaXB0IGxhbmd1YWdlPSJK YXZhU2NyaXB0Ij4NCg0KICAgIHN6TmF2VmVyc2lvbiA9IG5hdmlnYXRvci5hcHBWZXJzaW9u DQoNCiAgICBpZiAobmF2aWdhdG9yLmFwcE5hbWUgPT0gIk1pY3Jvc29mdCBJbnRlcm5ldCBF eHBsb3JlciIpIHsNCglpZiAoc3pOYXZWZXJzaW9uLmluZGV4T2YgKCI0LiIpID49IDApIHsN CgkgICAgZG9jdW1lbnQud3JpdGVsbignPGxpbmsgcmVsPSJzdHlsZXNoZWV0IiB0eXBlPSJ0 ZXh0L2NzcyIgaHJlZj0iL2lpc2hlbHAvY29tbW9uL3NwaWRpZTQuY3NzIj4nKTsNCgl9IGVs c2Ugew0KCSAgICBkb2N1bWVudC53cml0ZWxuKCc8bGluayByZWw9InN0eWxlc2hlZXQiIHR5 cGU9InRleHQvY3NzIiBocmVmPSIvaWlzaGVscC9jb21tb24vc3BpZGllMy5jc3MiPicpOw0K CX0NCiAgICB9DQogICAgZWxzZSBpZiAobmF2aWdhdG9yLmFwcE5hbWUgPT0gIk5ldHNjYXBl Iikgew0KCWRvY3VtZW50LndyaXRlbG4oJzxsaW5rIHJlbD0ic3R5bGVzaGVldCIgdHlwZT0i dGV4dC9jc3MiIGhyZWY9Ii9paXNoZWxwL2NvbW1vbi9zcGlkaWU0LmNzcyI+Jyk7DQogICAg fQ0KICAgIGVsc2Ugew0KCWRvY3VtZW50LndyaXRlbG4oJzxsaW5rIHJlbD0ic3R5bGVzaGVl dCIgdHlwZT0idGV4dC9jc3MiIGhyZWY9Ii9paXNoZWxwL2NvbW1vbi9zcGlkaWUzLmNzcyI+ Jyk7DQogICAgfQ0KDQo8L3NjcmlwdD4NCjxNRVRBIE5BTUU9IkRFU0NSSVBUSU9OIiBDT05U RU5UPSJJbnRlcm5ldCBJbmZvcm1hdGlvbiBTZXJ2ZXIgcmVmZXJlbmNlIGluZm9ybWF0aW9u Ij48L0hFQUQ+DQo8Qk9EWSBCR0NPTE9SPSNGRkZGRkYgVEVYVD0jMDAwMDAwPg0KPGZvbnQg ZmFjZT0iVmVyZGFuYSwgQXJpYWwsIEhlbHZldGljYSI+DQo8aDM+PGEgbmFtZT0iX3dzaF93 c2huZXR3b3JrLmFkZHByaW50ZXJjb25uZWN0aW9uIj48L2E+V3NoTmV0d29yay5BZGRQcmlu dGVyQ29ubmVjdGlvbjwvaDM+DQo8cD4NClRoZSA8Yj5BZGRQcmludGVyQ29ubmVjdGlvbjwv Yj4gbWV0aG9kIG1hcHMgdGhlIHJlbW90ZSBwcmludGVyIHNwZWNpZmllZCBieSA8aT5zdHJS ZW1vdGVOYW1lPC9pPiB0byB0aGUgbG9jYWwgcmVzb3VyY2UgbmFtZSA8aT5zdHJMb2NhbE5h bWU8L2k+LiAgPC9wPg0KPGg0PlN5bnRheDwvaDQ+DQo8cHJlPjxpPldzaE5ldHdvcms8L2k+ PGI+LkFkZFByaW50ZXJDb25uZWN0aW9uPC9iPiA8aT5zdHJMb2NhbE5hbWU8L2k+LCA8aT5z dHJSZW1vdGVOYW1lPC9pPiwgWzxpPmJVcGRhdGVQcm9maWxlPC9pPl0sIFs8aT5zdHJVc2Vy PC9pPl0sIFs8aT5zdHJQYXNzd29yZDwvaT5dDQo8Yj4gPC9iPjwvcHJlPg0KPGg0PlBhcmFt ZXRlcnM8L2g0Pg0KPGRsPg0KPGR0Pg0KPGk+c3RyTG9jYWxOYW1lPC9pPjwvZHQ+DQo8ZGQ+ DQpMb2NhbCByZXNvdXJjZSB0byBtYXAgdG8uPGJyPg0KPC9kZD4NCjxkdD4NCjxpPnN0clJl bW90ZU5hbWU8L2k+IDwvZHQ+DQo8ZGQ+DQpSZW1vdGUgcHJpbnRlciB0byBtYXAuPGJyPg0K PC9kZD4NCjxkdD4NCjxpPmJVcGRhdGVQcm9maWxlPC9pPjwvZHQ+DQo8ZGQ+DQpJZiA8aT5i VXBkYXRlUHJvZmlsZTwvaT4gaXMgc3VwcGxpZWQgYW5kIGl0cyB2YWx1ZSBpcyBUUlVFLCB0 aGlzIG1hcHBpbmcgaXMgc3RvcmVkIGluIHRoZSB1c2VyIHByb2ZpbGUuPGJyPg0KPC9kZD4N CjxkdD4NCjxpPnN0clVzZXI8L2k+IDwvZHQ+DQo8ZGQ+DQpJZiB5b3UgYXJlIG1hcHBpbmcg YSByZW1vdGUgcHJpbnRlciB1c2luZyB0aGUgY3JlZGVudGlhbHMgb2Ygc29tZW9uZSBvdGhl ciB0aGFuIGN1cnJlbnQgdXNlciwgeW91IGNhbiBzcGVjaWZ5IDxpPnN0clVzZXI8L2k+IGFu ZCA8aT5zdHJQYXNzd29yZDwvaT4uPGJyPg0KPC9kZD4NCjxkdD4NCjxpPnN0clBhc3N3b3Jk PC9pPjwvZHQ+DQo8ZGQ+DQpJZiB5b3UgYXJlIG1hcHBpbmcgYSByZW1vdGUgcHJpbnRlciB1 c2luZyB0aGUgY3JlZGVudGlhbHMgb2Ygc29tZW9uZSBvdGhlciB0aGFuIGN1cnJlbnQgdXNl ciwgeW91IGNhbiBzcGVjaWZ5IDxpPnN0clVzZXI8L2k+IGFuZCA8aT5zdHJQYXNzd29yZDwv aT4uPC9kZD4NCjwvZGw+DQo8aDQ+RXhhbXBsZTwvaDQ+DQo8cHJlPlNldCBXc2hOZXR3b3Jr ID0gV3NjcmlwdC5DcmVhdGVPYmplY3QoJnF1b3Q7V3NjcmlwdC5OZXR3b3JrJnF1b3Q7KQ0K V3NoTmV0d29yay5BZGRQcmludGVyQ29ubmVjdGlvbiAmcXVvdDtMUFQxJnF1b3Q7LCAmcXVv dDtcXFNlcnZlclxQcmludDEmcXVvdDsNCjwvcHJlPg0KPGhyIGNsYXNzPSJpaXMiIHNpemU9 IjEiPg0KPHAgYWxpZ249ImNlbnRlciI+PGVtPjxhIGhyZWY9Ii9paXNoZWxwL2NvbW1vbi9j b2xlZ2FsLmh0bSI+JmNvcHk7IDE5OTcgYnkgTWljcm9zb2Z0IENvcnBvcmF0aW9uLiBBbGwg cmlnaHRzIHJlc2VydmVkLjwvYT48L2VtPjwvcD4NCjwvQk9EWT4NCjwvSFRNTD4NCj== --J5Ub3kNH8iW9si6Oi8vEI809Vq9-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Apr 22 13:24:40 2002 Delivered-To: freebsd-security@freebsd.org Received: from bran.mc.mpls.visi.com (bran.mc.mpls.visi.com [208.42.156.103]) by hub.freebsd.org (Postfix) with ESMTP id 68C0437B4DD for ; Mon, 22 Apr 2002 13:23:35 -0700 (PDT) Received: from sheol.localdomain (hawkeyd-fw.dsl.visi.com [208.42.101.193]) by bran.mc.mpls.visi.com (Postfix) with ESMTP id 47E4B4C36 for ; Mon, 22 Apr 2002 15:20:02 -0500 (CDT) Received: (from hawkeyd@localhost) by sheol.localdomain (8.11.6/8.11.6) id g3MKJuS00974 for freebsd-security@freebsd.org; Mon, 22 Apr 2002 15:19:56 -0500 (CDT) (envelope-from hawkeyd) Date: Mon, 22 Apr 2002 15:19:56 -0500 From: D J Hawkey Jr To: security at FreeBSD Subject: Q about FreeBSD-SA-02:23.stdio Message-ID: <20020422151956.A919@sheol.localdomain> Reply-To: hawkeyd@visi.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello All. Received this SA today, and I have but four questions: - Is this really only a kernel re-build and install thang? - Shouldn't filedesc.h be copied to /usr/include/sys? - libc (and therefore userland) really isn't involved at all? - 'keyinit' was used as an example, but the hole is just in the kernel? TIA, Dave -- ______________________ ______________________ \__________________ \ D. J. HAWKEY JR. / __________________/ \________________/\ hawkeyd@visi.com /\________________/ http://www.visi.com/~hawkeyd/ ----- Forwarded message from FreeBSD Security Advisories ----- ============================================================================= FreeBSD-SA-02:23.stdio Security Advisory The FreeBSD Project Topic: insecure handling of stdio file descriptors Category: core Module: kernel Announced: 2002-04-22 Credits: Joost Pol Affects: All releases of FreeBSD up to and including 4.5-RELEASE 4.5-STABLE prior to the correction date Corrected: 2002-04-21 13:06:45 UTC (RELENG_4) 2002-04-21 13:08:57 UTC (RELENG_4_5) 2002-04-21 13:10:51 UTC (RELENG_4_4) FreeBSD only: NO [SNIP] V. Solution 1) Upgrade your vulnerable system to 4.5-STABLE; or to either of the RELENG_4_5 (4.5-RELEASE-p4) or RELENG_4_4 (4.4-RELEASE-p11) security branches dated after the respective correction dates. 2) To patch your present system: a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:23/stdio.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:23/stdio.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in http://www.freebsd.org/handbook/kernelconfig.html and reboot the system. VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Path Revision Branch - ------------------------------------------------------------------------- sys/sys/filedesc.h RELENG_4 1.19.2.4 RELENG_4_5 1.19.2.3.6.1 RELENG_4_4 1.19.2.3.4.1 sys/kern/kern_exec.c RELENG_4 1.107.2.14 RELENG_4_5 1.107.2.13.2.1 RELENG_4_4 1.107.2.8.2.2 sys/kern/kern_descrip.c RELENG_4 1.81.2.11 RELENG_4_5 1.81.2.9.2.1 RELENG_4_4 1.81.2.8.2.1 sys/conf/newvers.sh RELENG_4_5 1.44.2.20.2.5 RELENG_4_4 1.44.2.17.2.10 - ------------------------------------------------------------------------- ----- End forwarded message ----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Apr 22 13:32: 6 2002 Delivered-To: freebsd-security@freebsd.org Received: from rwcrmhc53.attbi.com (rwcrmhc53.attbi.com [204.127.198.39]) by hub.freebsd.org (Postfix) with ESMTP id D9E9737B699 for ; Mon, 22 Apr 2002 13:31:22 -0700 (PDT) Received: from hume ([12.239.165.26]) by rwcrmhc53.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with SMTP id <20020422202942.MBTX12144.rwcrmhc53.attbi.com@hume>; Mon, 22 Apr 2002 20:29:42 +0000 Message-ID: <00bb01c1ea3c$541a4670$32040101@hume> From: "Charles Pelletier" To: "autoapp" , References: <20020422174848.XUTU20864.virmta04.aics.ne.jp@Wwby> Subject: Re: Worm Klez.E immunity Date: Mon, 22 Apr 2002 15:28:56 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_00B8_01C1EA12.6ADC54E0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_00B8_01C1EA12.6ADC54E0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable anybody know about this:? --charlie pelletier --litmus(mp3.com/litmus) ----- Original Message -----=20 From: autoapp=20 To: freebsd-security@FreeBSD.org=20 Sent: Monday, April 22, 2002 12:49 PM Subject: Worm Klez.E immunity Klez.E is the most common world-wide spreading worm.It's very = dangerous by corrupting your files. Because of its very smart stealth and anti-anti-virus technic,most = common AV software can't detect or clean it. We developed this free immunity tool to defeat the malicious virus. You only need to run this tool once,and then Klez will never come into = your PC. NOTE: Because this tool acts as a fake Klez to fool the real worm,some = AV monitor maybe cry when you run it. If so,Ignore the warning,and select 'continue'. If you have any question,please mail to me.=20 ------=_NextPart_000_00B8_01C1EA12.6ADC54E0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
anybody know = about=20 this:?
--charlie pelletier
--litmus(mp3.com/litmus)
----- Original Message -----
From:=20 autoapp
Sent: Monday, April 22, 2002 = 12:49=20 PM
Subject: Worm Klez.E = immunity

Klez.E is the most common world-wide = spreading=20 worm.It's very dangerous by corrupting your files.
Because of its = very=20 smart stealth and anti-anti-virus technic,most common AV software = can't detect=20 or clean it.
We developed this free immunity tool to defeat the = malicious=20 virus.
You only need to run this tool once,and then Klez will never = come=20 into your PC.
NOTE: Because this tool acts as a fake Klez to fool = the real=20 worm,some AV monitor maybe cry when you run it.
If so,Ignore the=20 warning,and select 'continue'.
If you have any question,please mail to me. = ------=_NextPart_000_00B8_01C1EA12.6ADC54E0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Apr 22 13:36:34 2002 Delivered-To: freebsd-security@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id 76C2937B400 for ; Mon, 22 Apr 2002 13:36:22 -0700 (PDT) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id GAA27887; Mon, 22 Apr 2002 06:42:49 -0700 Received: from passer.osg.gov.bc.ca(142.32.110.29) via SMTP by point.osg.gov.bc.ca, id smtpda27885; Mon Apr 22 06:42:33 2002 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.11.6/8.9.1) id g3MDgRE42352; Mon, 22 Apr 2002 06:42:27 -0700 (PDT) Received: from UNKNOWN(10.1.2.1), claiming to be "cwsys.cwsent.com" via SMTP by passer9.cwsent.com, id smtpde42348; Mon Apr 22 06:41:37 2002 Received: from cwsys (localhost [127.0.0.1]) by cwsys.cwsent.com (8.12.3/8.12.3) with ESMTP id g3MDfajj083200; Mon, 22 Apr 2002 06:41:36 -0700 (PDT) (envelope-from cy@cwsys.cwsent.com) Message-Id: <200204221341.g3MDfajj083200@cwsys.cwsent.com> X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4 Reply-To: Cy Schubert - CITS Open Systems Group From: Cy Schubert - CITS Open Systems Group X-Sender: schubert To: mlobo@ear.com.br Cc: freebsd-security@FreeBSD.ORG Subject: Re: DNS Question In-Reply-To: Message from "Mario Lobo" of "Mon, 22 Apr 2002 07:57:08 -0300." <3CC3C250.28097.2D5EA4@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Mon, 22 Apr 2002 06:41:36 -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In message <3CC3C250.28097.2D5EA4@localhost>, "Mario Lobo" writes: > Hi; > > I have a DNS (named) server running on a FreeBSD 4.4 box firewall. > > ipfw allows queries to ports 53 and 1024 from any IP inside the private > network (internal interface) and only certain ISP IPs on the external > interface. > > I need to open those ports to any IP on the external interface. > > Is there any security concerns I should have if I do this ? The only > services I have running are ssh (restricted to specific IPs) and squid > (local only). Personally, I would run the DNS in a jail or chrooted, e.g. TZ=PST8PDT exec $NAMED -c $NAMED_CONF -u $NAMED_UID -g $NAMED_GID -t $NAMED_CHROOT Cheers, Phone: 250-387-8437 Cy Schubert Fax: 250-387-5766 Team Leader, Sun/Alpha Team Email: Cy.Schubert@osg.gov.bc.ca Open Systems Group, CITS Ministry of Management Services Province of BC FreeBSD UNIX: cy@FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Apr 22 13:47:29 2002 Delivered-To: freebsd-security@freebsd.org Received: from casbah.it.northwestern.edu (casbah.it.northwestern.edu [129.105.16.52]) by hub.freebsd.org (Postfix) with ESMTP id C540937B6C9 for ; Mon, 22 Apr 2002 13:46:39 -0700 (PDT) Received: (from mailnull@localhost) by casbah.it.northwestern.edu (8.8.7/8.8.7) id PAA17488; Mon, 22 Apr 2002 15:43:15 -0500 (CDT) Received: from GLACIER.northwestern.edu (glacier.tss.northwestern.edu [129.105.188.51]) by casbah.it.northwestern.edu via smap (V2.0) id xma015726; Mon, 22 Apr 02 15:42:17 -0500 Message-Id: <5.1.0.14.2.20020422154122.01f1af20@casbah.it.northwestern.edu> X-Sender: dpalmer@casbah.it.northwestern.edu (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Mon, 22 Apr 2002 15:41:39 -0500 To: "Charles Pelletier" , From: Damien Palmer Subject: Re: Worm Klez.E immunity In-Reply-To: <00bb01c1ea3c$541a4670$32040101@hume> References: <20020422174848.XUTU20864.virmta04.aics.ne.jp@Wwby> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Yes, it's a social engineering worm/hoax. If you do what the message says, you will be infected by the worm/virus. Ignore it. -- Damien Palmer At 03:28 PM 4/22/2002 -0500, Charles Pelletier wrote: >anybody know about this:? >--charlie pelletier >--litmus(mp3.com/litmus) >----- Original Message ----- >From: autoapp >To: freebsd-security@FreeBSD.org >Sent: Monday, April 22, 2002 12:49 PM >Subject: Worm Klez.E immunity > >Klez.E is the most common world-wide spreading worm.It's very dangerous by >corrupting your files. >Because of its very smart stealth and anti-anti-virus technic,most common >AV software can't detect or clean it. >We developed this free immunity tool to defeat the malicious virus. >You only need to run this tool once,and then Klez will never come into >your PC. >NOTE: Because this tool acts as a fake Klez to fool the real worm,some AV >monitor maybe cry when you run it. >If so,Ignore the warning,and select 'continue'. >If you have any question,please >mail to me. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Apr 22 13:51:47 2002 Delivered-To: freebsd-security@freebsd.org Received: from mgw1.MEIway.com (mgw1.meiway.com [212.73.210.75]) by hub.freebsd.org (Postfix) with ESMTP id 7173C37B715 for ; Mon, 22 Apr 2002 13:49:45 -0700 (PDT) Received: from mail.Go2France.com (ms1.meiway.com [212.73.210.73]) by mgw1.MEIway.com (Postfix Relay Hub) with ESMTP id 002E516B22 for ; Mon, 22 Apr 2002 13:24:03 +0200 (CEST) Received: from LenConrad.Go2France.com [66.64.14.18] by mail.Go2France.com with ESMTP (SMTPD32-6.06) id A800C990142; Mon, 22 Apr 2002 13:46:08 +0200 Message-Id: <5.1.0.14.2.20020422062026.05613ec0@mail.Go2France.com> X-Sender: LConrad@Go2France.com@mail.Go2France.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Mon, 22 Apr 2002 06:24:01 -0500 To: freebsd-security@freebsd.org From: Len Conrad Subject: Re: DNS Question In-Reply-To: <3CC3C250.28097.2D5EA4@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >ipfw allows queries to ports 53 and 1024 from any IP inside the private >network (internal interface) and only certain ISP IPs on the external >interface. 53 udp/tcp is all you need on ingress, plus ssh. On egress, bind will query via udp/tcp on port > 1023. > I need to open those ports to any IP on the external interface. >Is there any security concerns I should have if I do this ? Run the latest version of bind, and check for known compromises in it on the isc.org site. Len http://MenAndMice.com/DNS-training http://BIND8NT.MEIway.com : ISC BIND for NT4 & W2K http://IMGate.MEIway.com : Build free, hi-perf, anti-abuse mail gateways To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Apr 22 13:54:54 2002 Delivered-To: freebsd-security@freebsd.org Received: from java2.dpcsys.com (java2.dpcsys.com [206.16.184.5]) by hub.freebsd.org (Postfix) with ESMTP id 05A9137B78D for ; Mon, 22 Apr 2002 13:52:15 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by java2.dpcsys.com (8.11.1/8.11.1) with ESMTP id g3MKolD61068; Mon, 22 Apr 2002 13:50:47 -0700 (PDT) Date: Mon, 22 Apr 2002 13:50:47 -0700 (PDT) From: Dan Busarow To: Jim Flowers Cc: freebsd-security@FreeBSD.ORG Subject: Re: DNS Question In-Reply-To: <20020422123827.M47851@ezo.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Apr 22, Jim Flowers wrote: > That is true, of course but you can't turn recursion off when you are using a > single server for both resolver service (for trusted hosts) and general > lookup service for the world-at-large for your authoritative zones. Sure you can. allow-recursion { 192.168.1.0/21; }; limits recursive queries to the specified network. Outside queries will be limited to those you are auth for. Dan -- Dan Busarow 949 443 4172 Dana Point Communications, Inc. dan@dpcsys.com Dana Point, California 83 09 EF 59 E0 11 89 B4 8D 09 DB FD E1 DD 0C 82 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Apr 22 13:55:32 2002 Delivered-To: freebsd-security@freebsd.org Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by hub.freebsd.org (Postfix) with ESMTP id EBC7F37B7F5 for ; Mon, 22 Apr 2002 13:53:34 -0700 (PDT) Received: by elvis.mu.org (Postfix, from userid 1192) id DA479AE24A; Mon, 22 Apr 2002 13:32:16 -0700 (PDT) Date: Mon, 22 Apr 2002 13:32:16 -0700 From: Alfred Perlstein To: D J Hawkey Jr Cc: security at FreeBSD Subject: Re: Q about FreeBSD-SA-02:23.stdio Message-ID: <20020422203216.GR38320@elvis.mu.org> References: <20020422151956.A919@sheol.localdomain> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020422151956.A919@sheol.localdomain> User-Agent: Mutt/1.3.27i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org * D J Hawkey Jr [020422 13:27] wrote: > Hello All. > > Received this SA today, and I have but four questions: > > - Is this really only a kernel re-build and install thang? > - Shouldn't filedesc.h be copied to /usr/include/sys? Doesn't matter. > - libc (and therefore userland) really isn't involved at all? > - 'keyinit' was used as an example, but the hole is > just in the kernel? There's no hole in the kernel, this patch basically puts seatbelts in the kernel to protect against a very easy to make mistake. -Alfred To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Apr 22 14:16:15 2002 Delivered-To: freebsd-security@freebsd.org Received: from proxy.centtech.com (moat.centtech.com [206.196.95.10]) by hub.freebsd.org (Postfix) with ESMTP id 4770837BA89 for ; Mon, 22 Apr 2002 14:14:52 -0700 (PDT) Received: from sprint.centtech.com (sprint.centtech.com [10.177.173.31]) by proxy.centtech.com (8.11.6/8.11.6) with ESMTP id g3MKa5K25648; Mon, 22 Apr 2002 15:36:05 -0500 (CDT) Received: from centtech.com (proton [10.177.173.77]) by sprint.centtech.com (8.9.3+Sun/8.9.3) with ESMTP id PAA19583; Mon, 22 Apr 2002 15:36:04 -0500 (CDT) Message-ID: <3CC47434.131C7762@centtech.com> Date: Mon, 22 Apr 2002 15:36:04 -0500 From: Eric Anderson Reply-To: anderson@centtech.com X-Mailer: Mozilla 4.79 [en] (X11; U; Linux 2.4.2 i386) X-Accept-Language: en MIME-Version: 1.0 To: Charles Pelletier Cc: freebsd-security@freebsd.org Subject: Re: Worm Klez.E immunity References: <20020422174848.XUTU20864.virmta04.aics.ne.jp@Wwby> <00bb01c1ea3c$541a4670$32040101@hume> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Symantec has a page about it: http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.h@mm.html It's been going around all weekend. Eric > Charles Pelletier wrote: > > anybody know about this:? > --charlie pelletier > --litmus(mp3.com/litmus) > > ----- Original Message ----- > From: autoapp > To: freebsd-security@FreeBSD.org > Sent: Monday, April 22, 2002 12:49 PM > Subject: Worm Klez.E immunity > > Klez.E is the most common world-wide spreading worm.It's very > dangerous by corrupting your files. > Because of its very smart stealth and anti-anti-virus technic,most > common AV software can't detect or clean it. > We developed this free immunity tool to defeat the malicious virus. > You only need to run this tool once,and then Klez will never come > into your PC. > NOTE: Because this tool acts as a fake Klez to fool the real > worm,some AV monitor maybe cry when you run it. > If so,Ignore the warning,and select 'continue'. > If you have any question,please mail to me. -- ------------------------------------------------------------------ Eric Anderson Systems Administrator Centaur Technology You have my continuous partial attention ------------------------------------------------------------------ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Apr 22 14:16:44 2002 Delivered-To: freebsd-security@freebsd.org Received: from atlantis.dp.ua (atlantis.dp.ua [193.108.46.1]) by hub.freebsd.org (Postfix) with ESMTP id 9554137BABF for ; Mon, 22 Apr 2002 14:15:34 -0700 (PDT) Received: from localhost (dmitry@localhost) by atlantis.dp.ua (8.11.1/8.11.1) with ESMTP id g3MKlIX65284 for ; Mon, 22 Apr 2002 23:47:18 +0300 (EEST) (envelope-from dmitry@atlantis.dp.ua) Date: Mon, 22 Apr 2002 23:47:18 +0300 (EEST) From: Dmitry Pryanishnikov To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:23.stdio Message-ID: <20020422234500.F64803-100000@atlantis.dp.ua> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello! Has this patch (stdio.patch) been verified properly? It seems that it contains obvious error: + int fd, i, error, flags, devnull; ... + flags = FREAD | FWRITE; + error = vn_open(&nd, &flags, 0); Note that second argument of vn_open must be of type int, not int * (so error = vn_open(&nd, flags, 0) should be correct). This gives the following warning during compilation: cc -c -O -pipe -Wall -Wredundant-decls -Wnested-externs -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Winline -Wcast-qual -fformat-extensions -ansi -nostdinc -I- -I. -I../.. -I../../../include -I../../contrib/ipfilter -D_KERNEL -include opt_global.h -elf -fno-builtin -mpreferred-stack-boundary=2 ../../kern/kern_descrip.c ../../kern/kern_descrip.c: In function `fdcheckstd': ../../kern/kern_descrip.c:1216: warning: passing arg 2 of `vn_open' makes integer from pointer without a cast Please check this code! Sincerely, Dmitry Atlantis ISP, System Administrator e-mail: dmitry@atlantis.dp.ua nic-hdl: LYNX-RIPE To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Apr 22 14:18:53 2002 Delivered-To: freebsd-security@freebsd.org Received: from bodb.mc.mpls.visi.com (bodb.mc.mpls.visi.com [208.42.156.104]) by hub.freebsd.org (Postfix) with ESMTP id AE7FC37B9BB for ; Mon, 22 Apr 2002 14:17:57 -0700 (PDT) Received: from sheol.localdomain (hawkeyd-fw.dsl.visi.com [208.42.101.193]) by bodb.mc.mpls.visi.com (Postfix) with ESMTP id 0B97A5E52; Mon, 22 Apr 2002 16:16:26 -0500 (CDT) Received: (from hawkeyd@localhost) by sheol.localdomain (8.11.6/8.11.6) id g3MLGPh01071; Mon, 22 Apr 2002 16:16:25 -0500 (CDT) (envelope-from hawkeyd) Date: Mon, 22 Apr 2002 16:16:25 -0500 From: D J Hawkey Jr To: Alfred Perlstein Cc: security at FreeBSD Subject: Re: Q about FreeBSD-SA-02:23.stdio Message-ID: <20020422161625.A1046@sheol.localdomain> Reply-To: hawkeyd@visi.com References: <20020422151956.A919@sheol.localdomain> <20020422203216.GR38320@elvis.mu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020422203216.GR38320@elvis.mu.org>; from bright@mu.org on Mon, Apr 22, 2002 at 01:32:16PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Apr 22, at 01:32 PM, Alfred Perlstein wrote: > > * D J Hawkey Jr [020422 13:27] wrote: > > Hello All. > > > > Received this SA today, and I have but four questions: > > > > - Is this really only a kernel re-build and install thang? > > - Shouldn't filedesc.h be copied to /usr/include/sys? > > Doesn't matter. As in, "No userland app should/will need/use the new prototype."? Would 'installworld' move it to /usr/include/sys? > > - libc (and therefore userland) really isn't involved at all? > > - 'keyinit' was used as an example, but the hole is > > just in the kernel? > > There's no hole in the kernel, this patch basically puts seatbelts > in the kernel to protect against a very easy to make mistake. Ah. Alrighty then. > -Alfred Dave -- ______________________ ______________________ \__________________ \ D. J. HAWKEY JR. / __________________/ \________________/\ hawkeyd@visi.com /\________________/ http://www.visi.com/~hawkeyd/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Apr 22 14:53:45 2002 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 8002137BFFA for ; Mon, 22 Apr 2002 14:51:05 -0700 (PDT) Received: (from peter@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g3MLo9l56180 for security@freebsd.org; Mon, 22 Apr 2002 14:50:09 -0700 (PDT) (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 22 Apr 2002 14:50:09 -0700 (PDT) Message-Id: <200204222150.g3MLo9l56180@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: security@FreeBSD.org Subject: Current problem reports assigned to you Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Current FreeBSD problem reports No matches to your query To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Apr 22 15: 4:59 2002 Delivered-To: freebsd-security@freebsd.org Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by hub.freebsd.org (Postfix) with ESMTP id C8E3937C17E for ; Mon, 22 Apr 2002 14:57:18 -0700 (PDT) Received: from madman.nectar.cc (madman.nectar.cc [10.0.1.111]) by gw.nectar.cc (Postfix) with ESMTP id 4A42036; Mon, 22 Apr 2002 16:27:55 -0500 (CDT) Received: from madman.nectar.cc (localhost [IPv6:::1]) by madman.nectar.cc (8.12.3/8.11.6) with ESMTP id g3MLRtFM000418; Mon, 22 Apr 2002 16:27:55 -0500 (CDT) (envelope-from nectar@madman.nectar.cc) Received: (from nectar@localhost) by madman.nectar.cc (8.12.3/8.12.3/Submit) id g3MLRmAM000417; Mon, 22 Apr 2002 16:27:48 -0500 (CDT) Date: Mon, 22 Apr 2002 16:27:48 -0500 From: "Jacques A. Vidrine" To: Dmitry Pryanishnikov Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:23.stdio Message-ID: <20020422212748.GA385@madman.nectar.cc> Mail-Followup-To: "Jacques A. Vidrine" , Dmitry Pryanishnikov , freebsd-security@freebsd.org References: <20020422234500.F64803-100000@atlantis.dp.ua> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020422234500.F64803-100000@atlantis.dp.ua> User-Agent: Mutt/1.3.28i X-Url: http://www.nectar.cc/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, Apr 22, 2002 at 11:47:18PM +0300, Dmitry Pryanishnikov wrote: > > Hello! > > Has this patch (stdio.patch) been verified properly? It seems that it > contains obvious error: [snip] > Please check this code! Thanks, Dmitry! You are correct. This was an error on my part when merging from -CURRENT, where the second parameter is `int *'. I'll fix ASAP. Happily, it so happens that it doesn't make any functional difference, because we don't care what mode we use when we open /dev/null in this case. Cheers, -- Jacques A. Vidrine http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Apr 22 16: 8:22 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.webmonster.de (datasink.webmonster.de [194.162.162.209]) by hub.freebsd.org (Postfix) with SMTP id 4B34437C3EB for ; Mon, 22 Apr 2002 15:57:32 -0700 (PDT) Received: (qmail 50947 invoked by uid 1000); 22 Apr 2002 22:57:27 -0000 Date: Tue, 23 Apr 2002 00:57:27 +0200 From: "Karsten W. Rohrbach" To: Charles Pelletier Cc: freebsd-security@FreeBSD.org Subject: Re: Worm Klez.E immunity Message-ID: <20020423005727.L49959@mail.webmonster.de> Mail-Followup-To: "Karsten W. Rohrbach" , Charles Pelletier , freebsd-security@FreeBSD.org References: <20020422174848.XUTU20864.virmta04.aics.ne.jp@Wwby> <00bb01c1ea3c$541a4670$32040101@hume> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="Y+Z5jE7Arku/2GrR" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <00bb01c1ea3c$541a4670$32040101@hume>; from fozekizer@attbi.com on Mon, Apr 22, 2002 at 03:28:56PM -0500 X-Arbitrary-Number-Of-The-Day: 42 X-URL: http://www.webmonster.de/ X-Disclaimer: My opinions do not necessarily represent those of my employer X-Work-URL: http://www.ngenn.net/ X-Work-Address: nGENn GmbH, Schloss Kransberg, D-61250 Usingen-Kransberg, Germany X-Work-Phone: +49-6081-682-304 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --Y+Z5jE7Arku/2GrR Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Charles Pelletier(fozekizer@attbi.com)@2002.04.22 15:28:56 +0000: > anybody know about this:? it's just another "microsoft internet" problem. sidenote: i started automatically unsubscribing outlook users from some smaller mailing lists, let's see what happens next ;-) regards, /k --=20 > "Niklaus Wirth has lamented that, whereas Europeans pronounce his name > correctly (Ni-klows Virt), Americans invariably mangle it into > (Nick-les Worth). Which is to say that Europeans call him by name, but > Americans call him by value." KR433/KR11-RIPE -- WebMonster Community Founder -- nGENn GmbH Senior Techie http://www.webmonster.de/ -- ftp://ftp.webmonster.de/ -- http://www.ngenn.n= et/ GnuPG 0x2964BF46 2001-03-15 42F9 9FFF 50D4 2F38 DBEE DF22 3340 4F4E 2964 B= F46 My mail is GnuPG signed -- Unsigned ones are bogus -- http://www.gnupg.org/ Please do not remove my address from To: and Cc: fields in mailing lists. 1= 0x --Y+Z5jE7Arku/2GrR Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8xJVXM0BPTilkv0YRAqcMAKCHIz+OucLBjUfnfkIf6qoED9gP0QCgt4Sz DfrGQvUASuypxmxbGUWPico= =LDZ9 -----END PGP SIGNATURE----- --Y+Z5jE7Arku/2GrR-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Apr 22 17: 8:48 2002 Delivered-To: freebsd-security@freebsd.org Received: from imation.homenetweb.com (noc-p5-3-ky-4.homenetweb.com [216.7.67.90]) by hub.freebsd.org (Postfix) with ESMTP id 84A9C37B41D for ; Mon, 22 Apr 2002 17:08:36 -0700 (PDT) Received: from noc2 (d2i-dialin-20.kl.terranova.net [216.89.230.20]) by imation.homenetweb.com (8.12.3/8.12.3) with SMTP id g3N08S5J024540; Mon, 22 Apr 2002 20:08:30 -0400 (EDT) Message-ID: <005a01c1ea5a$dff339e0$0101a8c0@noc2> From: "Richard Ward" To: "autoapp" , References: <20020422174848.XUTU20864.virmta04.aics.ne.jp@Wwby> Subject: Re: Worm Klez.E immunity Date: Mon, 22 Apr 2002 20:07:01 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2615.200 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org What does this have to do with FreeBSD security? Nothing. Maybe you meant to send this message to outlook-security@microsoft.com. -- Richard Ward, GM Home Net Web, Inc. ----- Original Message ----- From: autoapp To: Sent: Monday, April 22, 2002 1:49 PM Subject: Worm Klez.E immunity > Klez.E is the most common world-wide spreading worm.It's very dangerous by corrupting your files. > Because of its very smart stealth and anti-anti-virus technic,most common AV software can't detect or clean it. > We developed this free immunity tool to defeat the malicious virus. > You only need to run this tool once,and then Klez will never come into your PC. > NOTE: Because this tool acts as a fake Klez to fool the real worm,some AV monitor maybe cry when you run it. > If so,Ignore the warning,and select 'continue'. > If you have any question,please mail to me. > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Apr 22 17:25:35 2002 Delivered-To: freebsd-security@freebsd.org Received: from roble.com (mx0.roble.com [206.40.34.14]) by hub.freebsd.org (Postfix) with ESMTP id 7E3BD37B41A for ; Mon, 22 Apr 2002 17:25:32 -0700 (PDT) Received: from gw.netlecture.com (gw.netlecture.com [206.40.34.9]) by roble.com with ESMTP id g3N0PWF64573 for ; Mon, 22 Apr 2002 17:25:32 -0700 (PDT) Date: Mon, 22 Apr 2002 17:25:32 -0700 (PDT) From: Roger Marquis To: security@FreeBSD.ORG Subject: Re: DNS Question Message-ID: <20020422172141.D64443-100000@roble.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Len Conrad wrote: >bind9 runs quite nicely and easily in a chroot. Can it communicate with syslogd when chrooted? Can it accpet zone transfers and write the pid-file assuming a writable directory under $CHROOTHOME? What happens when you send the daemon a -HUP? These are all things we've had problems with under bind8. Be great if they are fixed. -- Roger Marquis Roble Systems Consulting http://www.roble.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Apr 22 17:42:34 2002 Delivered-To: freebsd-security@freebsd.org Received: from smtp3.vol.cz (smtp3.vol.cz [195.250.128.83]) by hub.freebsd.org (Postfix) with ESMTP id E4B3137B433 for ; Mon, 22 Apr 2002 17:41:58 -0700 (PDT) Received: from obluda.cz (xkulesh.vol.cz [195.250.154.106]) by smtp3.vol.cz (8.11.6/8.11.3) with ESMTP id g3N0eXP83367 for ; Tue, 23 Apr 2002 02:40:33 +0200 (CEST) (envelope-from dan@obluda.cz) Message-ID: <3CC4A98D.7090008@obluda.cz> Date: Tue, 23 Apr 2002 02:23:41 +0200 From: Dan Lukes User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.9) Gecko/20020311 X-Accept-Language: cs, sk, en MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: Re: DNS Question References: <5.1.0.14.2.20020422062026.05613ec0@mail.Go2France.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Len Conrad wrote: > On egress, bind will query via udp/tcp on port > 1023. ... unless your named.conf say something other. Because you must have open local port 53 for INcoming questions and for OUTgoing replies already you may decide to select port 53 as source for your own OUTgoing questions (e.g. INcoming replies) also -> simple configuration of firewall; no need for (random) ports >1023 -> no need for "keep-state" (possible subject of DoS) rules. Dan -- Dan Lukes, SISAL, MFF UK tel: +420 2 21914205, fax: +420 2 21914206 AKA: dan@obluda.cz, dan@freebsd.cz, dan@kolej.mff.cuni.cz, dan@fio.cz To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Apr 22 17:51:33 2002 Delivered-To: freebsd-security@freebsd.org Received: from drugs.dv.isc.org (drugs.dv.isc.org [130.155.191.236]) by hub.freebsd.org (Postfix) with ESMTP id 29EA037B400 for ; Mon, 22 Apr 2002 17:51:26 -0700 (PDT) Received: from isc.org (localhost.dv.isc.org [127.0.0.1]) by drugs.dv.isc.org (8.11.6/8.11.2) with ESMTP id g3N0hhx21422; Tue, 23 Apr 2002 10:43:44 +1000 (EST) (envelope-from marka@isc.org) Message-Id: <200204230043.g3N0hhx21422@drugs.dv.isc.org> To: Roger Marquis Cc: security@FreeBSD.ORG From: Mark.Andrews@isc.org Subject: Re: DNS Question In-reply-to: Your message of "Mon, 22 Apr 2002 17:25:32 MST." <20020422172141.D64443-100000@roble.com> Date: Tue, 23 Apr 2002 10:43:43 +1000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > Len Conrad wrote: > >bind9 runs quite nicely and easily in a chroot. > > Can it communicate with syslogd when chrooted? Yes. If it can't then it is the vendor's syslog implementation that is broken. Syslog and chroot are standard parts of the OS and they should work together. If they don't blame the OS not the application that tries to use them. Same with threads and set{e}{u,g}id. > Can it accpet zone > transfers and write the pid-file assuming a writable directory > under $CHROOTHOME? Yes. It always could. BIND 8 required a more complete chroot envirionment as it exec'd named-xfer. > What happens when you send the daemon a -HUP? It re-reads named.conf and acts on the changes there. > These are all things we've had problems with under bind8. Be great > if they are fixed. > > -- > Roger Marquis > Roble Systems Consulting > http://www.roble.com/ > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Mark Andrews, Internet Software Consortium 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews@isc.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Apr 22 18:11:21 2002 Delivered-To: freebsd-security@freebsd.org Received: from some.ants.ate.my.cat5.at.dsgx.org (some.ants.ate.my.cat5.at.dsgx.org [64.215.225.2]) by hub.freebsd.org (Postfix) with ESMTP id D5DD837B417 for ; Mon, 22 Apr 2002 18:11:09 -0700 (PDT) Received: from some.ants.ate.my.cat5.at.dsgx.org (localhost.dsgx.org [64.215.225.2] (may be forged)) by some.ants.ate.my.cat5.at.dsgx.org (8.12.2/8.11.6) with SMTP id g3ML9lJu040393 for ; Mon, 22 Apr 2002 21:09:48 GMT (envelope-from hh@dsgx.org) Date: Mon, 22 Apr 2002 21:09:47 +0000 From: hh To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:23.stdio Message-Id: <20020422210947.4fe7bc2a.hh@dsgx.org> In-Reply-To: <200204221801.g3MI1Zb96500@freefall.freebsd.org> References: <200204221801.g3MI1Zb96500@freefall.freebsd.org> Organization: dsgx net solutions X-Mailer: Sylpheed version 0.7.4 (GTK+ 1.2.10; i386-portbld-freebsd4.5) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org does anybody know's which kind of another files should be taken the +s option to block this bug ? because i just can't reboot the sys again .. right now .. and on this advisore says .. may be exploit with another files .. On Mon, 22 Apr 2002 11:01:35 -0700 (PDT) FreeBSD Security Advisories wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > ============================================================================= > FreeBSD-SA-02:23.stdio Security Advisory > The FreeBSD Project > > Topic: insecure handling of stdio file descriptors > > Category: core > Module: kernel > Announced: 2002-04-22 > Credits: Joost Pol > Affects: All releases of FreeBSD up to and including 4.5-RELEASE > 4.5-STABLE prior to the correction date > Corrected: 2002-04-21 13:06:45 UTC (RELENG_4) > 2002-04-21 13:08:57 UTC (RELENG_4_5) > 2002-04-21 13:10:51 UTC (RELENG_4_4) > FreeBSD only: NO > > I. Background > > By convention, POSIX systems associate file descriptors 0, 1, and 2 > with standard input, standard output, and standard error, > respectively. Almost all applications give these stdio file > descriptors special significance, such as writing error messages to > standard error (file descriptor 2). > > In new processes, all file descriptors are duplicated from the parent > process. Unless these descriptors are marked close-on-exec, they > retain their state during an exec. > > All POSIX systems assign file descriptors in sequential order, > starting with the lowest unused file descriptor. For example, if a > newly exec'd process has file descriptors 0 and 1 open, but file > descriptor 2 closed, and then opens a file, the new file descriptor is > guaranteed to be 2 (standard error). > > II. Problem Description > > Some programs are set-user-id or set-group-id, and therefore run with > increased privileges. If such a program is started with some of the > stdio file descriptors closed, the program may open a file and > inadvertently associate it with standard input, standard output, or > standard error. The program may then read data from or write data to > the file inappropriately. If the file is one that the user would > normally not have privileges to open, this may result in an > opportunity for privilege escalation. > > III. Impact > > Local users may gain superuser privileges. It is known that the > `keyinit' set-user-id program is exploitable using this method. There > may be other programs that are exploitable. > > IV. Workaround > > None. The set-user-id bit may be removed from `keyinit' using the > following command, but note that there may be other programs that can > be exploited. > > # chmod 0555 /usr/bin/keyinit > > V. Solution > > 1) Upgrade your vulnerable system to 4.5-STABLE; or to either of the > RELENG_4_5 (4.5-RELEASE-p4) or RELENG_4_4 (4.4-RELEASE-p11) security > branches dated after the respective correction dates. > > 2) To patch your present system: > > a) Download the relevant patch from the location below, and verify the > detached PGP signature using your PGP utility. > > # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:23/stdio.patch > # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:23/stdio.patch.asc > > b) Execute the following commands as root: > > # cd /usr/src > # patch < /path/to/patch > > c) Recompile your kernel as described in > http://www.freebsd.org/handbook/kernelconfig.html and reboot the > system. > > VI. Correction details > > The following list contains the revision numbers of each file that was > corrected in FreeBSD. > > Path Revision > Branch > - ------------------------------------------------------------------------- > sys/sys/filedesc.h > RELENG_4 1.19.2.4 > RELENG_4_5 1.19.2.3.6.1 > RELENG_4_4 1.19.2.3.4.1 > sys/kern/kern_exec.c > RELENG_4 1.107.2.14 > RELENG_4_5 1.107.2.13.2.1 > RELENG_4_4 1.107.2.8.2.2 > sys/kern/kern_descrip.c > RELENG_4 1.81.2.11 > RELENG_4_5 1.81.2.9.2.1 > RELENG_4_4 1.81.2.8.2.1 > sys/conf/newvers.sh > RELENG_4_5 1.44.2.20.2.5 > RELENG_4_4 1.44.2.17.2.10 > - ------------------------------------------------------------------------- > > VII. References > > PINE-CERT-20020401 > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.6 (FreeBSD) > Comment: For info see http://www.gnupg.org > > iQCVAwUBPMRPoFUuHi5z0oilAQE0/AP/R2qPI5bI2XIFgQ6FL+m4rUZ7M6VQzZqY > yzGskbEkG2LKTYPFQ/FF+Tx6ffbMicnyrTTvDcJ3F9lmKRNvPBVaOuiNBjkrLdQc > rerg2aHSJunQCkcd7f/+RjxtWO8wbjTM9TXmc8X1G9kJGaglCwEfHkZJzmsyGDyD > qjkDToXu9a8= > =oXDh > -----END PGP SIGNATURE----- > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Apr 22 18:16:26 2002 Delivered-To: freebsd-security@freebsd.org Received: from walter.dfmm.org (walter.dfmm.org [209.151.233.240]) by hub.freebsd.org (Postfix) with ESMTP id 5DCA037B41F for ; Mon, 22 Apr 2002 18:16:21 -0700 (PDT) Received: (qmail 61990 invoked by uid 1000); 23 Apr 2002 01:15:18 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 23 Apr 2002 01:15:18 -0000 Date: Mon, 22 Apr 2002 18:15:15 -0700 (PDT) From: Jason Stone X-X-Sender: To: Roger Marquis Cc: Subject: Re: DNS Question In-Reply-To: <20020422172141.D64443-100000@roble.com> Message-ID: <20020422180631.M14111-100000@walter> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Can it communicate with syslogd when chrooted? Yes, it can. However, you may not want to. Consider that some syslogd's have had exploits in the past, and that if you allow a daemon in the chroot to communicate with a daemon outside the chroot, you're exposing yourself in a way that violates the whole point of the chroot. I would recommend running a full-on jail if it's possible. -Jason ----------------------------------------------------------------------- I worry about my child and the Internet all the time, even though she's too young to have logged on yet. Here's what I worry about. I worry that 10 or 15 years from now, she will come to me and say "Daddy, where were you when they took freedom of the press away from the Internet?" -- Mike Godwin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: See https://private.idealab.com/public/jason/jason.gpg iD8DBQE8xLWmswXMWWtptckRAiMEAKCIDyhGzJr095D3KKZFjqB/713ongCdFg9T 52tdGY9oqRu7Z2zoSIQmuzc= =onh8 -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Apr 22 18:25:35 2002 Delivered-To: freebsd-security@freebsd.org Received: from walter.dfmm.org (walter.dfmm.org [209.151.233.240]) by hub.freebsd.org (Postfix) with ESMTP id 3A7AB37B425 for ; Mon, 22 Apr 2002 18:25:13 -0700 (PDT) Received: (qmail 62154 invoked by uid 1000); 23 Apr 2002 01:24:59 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 23 Apr 2002 01:24:59 -0000 Date: Mon, 22 Apr 2002 18:24:50 -0700 (PDT) From: Jason Stone X-X-Sender: To: hh Cc: Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:23.stdio In-Reply-To: <20020422210947.4fe7bc2a.hh@dsgx.org> Message-ID: <20020422181601.C14111-100000@walter> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > does anybody know's which kind of another files should be taken the +s > option to block this bug ? Uh, all of them? Unless you explicitly need the functionality of a particular setuid binary, you should remove the setuid bit. For example, on most of my machines I run something like: SETUIDOK='/usr/bin/su|/usr/local/bin/sudo|/usr/bin/passwd' FILENAME=/root/desetuid-`date +%s`-$$-`hostname` find / -fstype nfs -prune -o -perm -4000 -user 0 -type f | egrep \ -v \($SETUIDOK\) \ > $FILENAME ls -lo `cat $FILENAME` > ${FILENAME}.listing find `cat $FILENAME` -flags chflags > ${FILENAME}.schg chflags noschg `cat ${FILENAME}.schg` chmod u-s `cat $FILENAME` chflags schg `cat ${FILENAME}.schg` to remove all setuid root bits except for the ones in SETUIDOK (passwd, su, sudo). Note, there was a previous thread on creating make variables to control whether or not each setuid binary would be installed setuid. I haven't done any work on a patch, yet, but such a system would allow you a cleaner way of deciding which binaries should be setuid when you do a make world. -Jason ----------------------------------------------------------------------- I worry about my child and the Internet all the time, even though she's too young to have logged on yet. Here's what I worry about. I worry that 10 or 15 years from now, she will come to me and say "Daddy, where were you when they took freedom of the press away from the Internet?" -- Mike Godwin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: See https://private.idealab.com/public/jason/jason.gpg iD8DBQE8xLfrswXMWWtptckRAtgOAKCeKvAVuiSOuIfwpJj0YaUZK7Nr3QCfShgg vDWgBTH9H7Uq832IP0+a9XU= =pFBi -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Apr 22 18:32:32 2002 Delivered-To: freebsd-security@freebsd.org Received: from mirage.nlink.com.br (mirage.nlink.com.br [200.249.195.3]) by hub.freebsd.org (Postfix) with SMTP id 7DDAA37B41B for ; Mon, 22 Apr 2002 18:32:26 -0700 (PDT) Received: (qmail 95548 invoked from network); 23 Apr 2002 01:32:24 -0000 Received: from ear.nlink.com.br (HELO ear.com.br) (200.249.196.67) by mirage.nlink.com.br with SMTP; 23 Apr 2002 01:32:24 -0000 Received: from EARMDPA01/SpoolDir by ear.com.br (Mercury 1.48); 22 Apr 02 22:35:43 GMT-3 Received: from SpoolDir by EARMDPA01 (Mercury 1.48); 22 Apr 02 13:04:45 GMT-3 From: "Mario Lobo" Organization: American School of Recife - Brazil To: freebsd-security@freebsd.org Date: Mon, 22 Apr 2002 13:03:00 -0300 MIME-Version: 1.0 Subject: Re: DNS Question (THANKS TO ALL !!) Reply-To: mlobo@ear.com.br Message-ID: <3CC409FE.11716.23AD8A@localhost> In-reply-to: <20020422114506.M42132@ezo.net> References: <20020422100301.A46936@cowbert.2y.net> X-mailer: Pegasus Mail for Windows (v4.01) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Thanks Guys !! You all gave me material enough to learn and pick the best solution. Again, thanks for all the great tips. - *** Mario Lobo *** Dean of Computer Department *** American School of Recife To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Apr 22 19:20: 0 2002 Delivered-To: freebsd-security@freebsd.org Received: from omta04.mta.everyone.net (sitemail3.everyone.net [216.200.145.37]) by hub.freebsd.org (Postfix) with ESMTP id 93A5B37B437 for ; Mon, 22 Apr 2002 19:19:45 -0700 (PDT) Received: from sitemail.everyone.net (dsnat [216.200.145.62]) by omta04.mta.everyone.net (Postfix) with ESMTP id 1892250557 for ; Mon, 22 Apr 2002 19:19:43 -0700 (PDT) Received: by sitemail.everyone.net (Postfix, from userid 99) id 0B9832756; Mon, 22 Apr 2002 19:19:43 -0700 (PDT) Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: 7bit Mime-Version: 1.0 X-Mailer: MIME-tools 5.41 (Entity 5.404) Date: Mon, 22 Apr 2002 19:19:42 -0700 (PDT) From: nur adiana To: freebsd-security@freebsd.org Subject: IPSec with AES Reply-To: adiana@ikhlas.com X-Originating-Ip: [161.139.66.13] Message-Id: <20020423021943.0B9832756@sitemail.everyone.net> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org i would like to implement AES into my IPSec.. can i simply configure my setkey on FreeBSD like KAME does: setkey -c <; Mon, 22 Apr 2002 19:48:04 -0700 (PDT) Received: from localhost (IDENT:s0FZxpHHqduNzNQGvA14NPMzxeadnt5Q5B4qGSNuLPxDJXl4gke52HDz+Uf0xHN2@localhost [IPv6:::1]) (user=ume mech=CRAM-MD5 bits=0) by cheer.mahoroba.org (8.12.3/8.12.3) with ESMTP/inet6 id g3N2lufA067737 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Tue, 23 Apr 2002 11:48:01 +0900 (JST) (envelope-from ume@mahoroba.org) Date: Tue, 23 Apr 2002 11:47:56 +0900 Message-ID: From: Hajimu UMEMOTO To: adiana@ikhlas.com Cc: freebsd-security@freebsd.org Subject: Re: IPSec with AES In-Reply-To: <20020423021943.0B9832756@sitemail.everyone.net> References: <20020423021943.0B9832756@sitemail.everyone.net> User-Agent: xcite1.38> Wanderlust/2.8.1 (Something) SEMI/1.14.3 (Ushinoya) FLIM/1.14.3 (=?ISO-8859-4?Q?Unebigory=F2mae?=) APEL/10.3 Emacs/21.2 (i386--freebsd) MULE/5.0 (=?ISO-2022-JP?B?GyRCOC1MWhsoQg==?=) X-Operating-System: FreeBSD 4.5-STABLE MIME-Version: 1.0 (generated by SEMI 1.14.3 - "Ushinoya") Content-Type: text/plain; charset=US-ASCII X-Virus-Scanned: by AMaViS-perl11-milter (http://amavis.org/) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, >>>>> On Mon, 22 Apr 2002 19:19:42 -0700 (PDT) >>>>> nur adiana said: adiana> i would like to implement AES into my IPSec.. can i simply configure my setkey on FreeBSD like KAME does: adiana> setkey -c < add 10.1.1.1 20.1.1.1 esp 9876 -E rinjdael-cbc "hogehogehogehoge"; adiana> add 20.1.1.1 10.1.1.1 esp 10000 -E rinjdael-cbc oxdeadbeefdeadbeefdeadbeefdeadbeef; adiana> spdadd 10.1.1.1 20.1.1.1 any -P out ipsec esp/transport//use; adiana> EOF Yes. adiana> or, i must edit my racoon? tq.. Is there any problem? -- Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan ume@mahoroba.org ume@bisd.hitachi.co.jp ume@{,jp.}FreeBSD.org http://www.imasy.org/~ume/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Apr 22 20:38:41 2002 Delivered-To: freebsd-security@freebsd.org Received: from topperwein.dyndns.org (acs-24-154-28-203.zoominternet.net [24.154.28.203]) by hub.freebsd.org (Postfix) with ESMTP id 47CB137B400 for ; Mon, 22 Apr 2002 20:38:34 -0700 (PDT) Received: from topperwein (topperwein [192.168.168.10]) by topperwein.dyndns.org (8.11.6/8.11.6) with ESMTP id g3N3cT369657 for ; Mon, 22 Apr 2002 23:38:29 -0400 (EDT) (envelope-from behanna@zbzoom.net) Date: Mon, 22 Apr 2002 23:38:24 -0400 (EDT) From: Chris BeHanna Reply-To: Chris BeHanna To: FreeBSD Security Subject: Cleaning suid Binaries (Was: Re: stdio security advisory) In-Reply-To: <20020422181601.C14111-100000@walter> Message-ID: <20020422233549.A69611-100000@topperwein.dyndns.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, 22 Apr 2002, Jason Stone wrote: > > does anybody know's which kind of another files should be taken the +s > > option to block this bug ? > > Uh, all of them? Unless you explicitly need the functionality of a > particular setuid binary, you should remove the setuid bit. > > For example, on most of my machines I run something like: > > SETUIDOK='/usr/bin/su|/usr/local/bin/sudo|/usr/bin/passwd' Just FYI, gpg needs to be setuid root in order to lock pages containing cleartext passphrase information in memory; otherwise, they can end up in your swap area. You'll know you're in trouble if gpg blurts out "Warning: Using insecure memory!" right before it prompts you for the passphrase. > [...snip rest of suid cleanup script...] -- Chris BeHanna Software Engineer (Remove "bogus" before responding.) behanna@bogus.zbzoom.net I was raised by a pack of wild corn dogs. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Apr 22 20:56:22 2002 Delivered-To: freebsd-security@freebsd.org Received: from walter.dfmm.org (walter.dfmm.org [209.151.233.240]) by hub.freebsd.org (Postfix) with ESMTP id C733F37B405 for ; Mon, 22 Apr 2002 20:56:17 -0700 (PDT) Received: (qmail 65188 invoked by uid 1000); 23 Apr 2002 03:56:16 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 23 Apr 2002 03:56:16 -0000 Date: Mon, 22 Apr 2002 20:56:13 -0700 (PDT) From: Jason Stone X-X-Sender: To: Chris BeHanna Cc: FreeBSD Security Subject: Re: Cleaning suid Binaries (Was: Re: stdio security advisory) In-Reply-To: <20020422233549.A69611-100000@topperwein.dyndns.org> Message-ID: <20020422204317.O14111-100000@walter> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Just FYI, gpg needs to be setuid root in order to lock pages > containing cleartext passphrase information in memory; otherwise, they > can end up in your swap area. Yeah, gpg will, if setuid root, use mlock(2) to lock your key into core while it is being handled. There are other programs that handle keys and passwords which do not even attempt to use mlock, whether running as root or no - ssh-agent, sshd, telnetd (being used with ipsec or ssl, of course...). Locking your key in core prevents exactly one attack - someone physically breaks into your home/office, unplugs and steals your machine, and then later, recovers your keys from swap. It does not protect you from someone being root on the machine and sniffing your tty, it does not protect you from someone being root on your machine and using a debugger to read a program's memory, it does not protect you from someone with physical access to your machine installing a keyboard sniffer (hardware keyboard sniffers can be purchased for under $100 USD), it does not protect you from someone with root installing a trojan, etc. So the use of mlock doesn't protect you much. On the other hand, having gpg be setuid root increase the likelihood that an attacker can become root and carry out one of the attacks listed above. (Note the current setuid file descriptor attack, previous setuid attacks involving clearing of signal handlers, ptrace race conditions, etc). Therefore, it is probablly a bad idea to leave gpg setuid - on the whole, it does more harm than good. If the "error" message bothers you, either take it out of the source and recompile, or simpler, just run "gpg 2>/dev/null" When capabilities support eventually gets finishes/integrated, then it may be possible to give gpg the ability to call mlock but not give it any other special priveleges. When that happens, then we can start using that functionality again, for whatever it's worth. In the mean time, if you're really worried about it, just buy an extra DIMM and turn off swapping. -Jason ----------------------------------------------------------------------- I worry about my child and the Internet all the time, even though she's too young to have logged on yet. Here's what I worry about. I worry that 10 or 15 years from now, she will come to me and say "Daddy, where were you when they took freedom of the press away from the Internet?" -- Mike Godwin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: See https://private.idealab.com/public/jason/jason.gpg iD8DBQE8xNtgswXMWWtptckRAigvAJ9tY3tSqjqyVaFjSgHiiQS/W+p1DACglIt2 dNcZ0pdWg8lbSK9YQJt1Vyc= =+Rgx -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Apr 22 21:21:33 2002 Delivered-To: freebsd-security@freebsd.org Received: from horsey.gshapiro.net (horsey.gshapiro.net [209.220.147.178]) by hub.freebsd.org (Postfix) with ESMTP id EF61537B416 for ; Mon, 22 Apr 2002 21:21:27 -0700 (PDT) Received: from horsey.gshapiro.net (gshapiro@localhost [IPv6:::1]) by horsey.gshapiro.net (8.12.3/8.12.3) with ESMTP id g3N4LROE036499 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Mon, 22 Apr 2002 21:21:27 -0700 (PDT) Received: (from gshapiro@localhost) by horsey.gshapiro.net (8.12.3/8.12.3/Submit) id g3N4LRwe036496; Mon, 22 Apr 2002 21:21:27 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15556.57671.202243.185259@horsey.gshapiro.net> Date: Mon, 22 Apr 2002 21:21:27 -0700 From: Gregory Neil Shapiro To: Jason Stone Cc: FreeBSD Security Subject: Re: Cleaning suid Binaries (Was: Re: stdio security advisory) In-Reply-To: <20020422204317.O14111-100000@walter> References: <20020422233549.A69611-100000@topperwein.dyndns.org> <20020422204317.O14111-100000@walter> X-Mailer: VM 7.00 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org jason> Therefore, it is probablly a bad idea to leave gpg setuid - on the jason> whole, it does more harm than good. If the "error" message bothers jason> you, either take it out of the source and recompile, or simpler, jason> just run "gpg 2>/dev/null" Or put this in ~/.gnupg/options: no-secmem-warning To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Apr 23 6: 7:27 2002 Delivered-To: freebsd-security@freebsd.org Received: from kira.epconline.net (kira.epconline.net [207.206.185.2]) by hub.freebsd.org (Postfix) with ESMTP id C634E37B416 for ; Tue, 23 Apr 2002 06:07:19 -0700 (PDT) Received: from localhost (carock@localhost) by kira.epconline.net (8.11.4/8.11.4) with ESMTP id g3ND7D776820; Tue, 23 Apr 2002 08:07:13 -0500 (CDT) Date: Tue, 23 Apr 2002 08:07:12 -0500 (CDT) From: Chuck Rock X-Sender: carock@kira.epconline.net To: Jason Stone Cc: freebsd-security@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:23.stdio In-Reply-To: <20020422181601.C14111-100000@walter> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I see see this a lot. Why if the answer is always "all of them" isn't FreeBSD distributed, and patched, and whatever so this is already true. I've seen this suid thing go on for years, and this is the standard reply like some magical knowledge you learn after you play with Linux/Unix for a while. If this is true, then why isn't it so by now? FreeBSD ports even have patches that tweak the ports when they install, couldn't they also tweak the file bits when you run make install too? I can't believe that FreeBSD would allow their system to have these suid bits set if they weren't supposed to be that way. Chuck Rock On Mon, 22 Apr 2002, Jason Stone wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > > does anybody know's which kind of another files should be taken the +s > > option to block this bug ? > > Uh, all of them? Unless you explicitly need the functionality of a > particular setuid binary, you should remove the setuid bit. > > For example, on most of my machines I run something like: > > SETUIDOK='/usr/bin/su|/usr/local/bin/sudo|/usr/bin/passwd' > FILENAME=/root/desetuid-`date +%s`-$$-`hostname` > find / -fstype nfs -prune -o -perm -4000 -user 0 -type f | egrep \ > -v \($SETUIDOK\) \ > $FILENAME > ls -lo `cat $FILENAME` > ${FILENAME}.listing > find `cat $FILENAME` -flags chflags > ${FILENAME}.schg > chflags noschg `cat ${FILENAME}.schg` > chmod u-s `cat $FILENAME` > chflags schg `cat ${FILENAME}.schg` > > to remove all setuid root bits except for the ones in SETUIDOK (passwd, > su, sudo). > > > Note, there was a previous thread on creating make variables to control > whether or not each setuid binary would be installed setuid. I haven't > done any work on a patch, yet, but such a system would allow you a cleaner > way of deciding which binaries should be setuid when you do a make world. > > > -Jason > > ----------------------------------------------------------------------- > I worry about my child and the Internet all the time, even though she's > too young to have logged on yet. Here's what I worry about. I worry > that 10 or 15 years from now, she will come to me and say "Daddy, where > were you when they took freedom of the press away from the Internet?" > -- Mike Godwin > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.6 (FreeBSD) > Comment: See https://private.idealab.com/public/jason/jason.gpg > > iD8DBQE8xLfrswXMWWtptckRAtgOAKCeKvAVuiSOuIfwpJj0YaUZK7Nr3QCfShgg > vDWgBTH9H7Uq832IP0+a9XU= > =pFBi > -----END PGP SIGNATURE----- > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Apr 23 11:29:26 2002 Delivered-To: freebsd-security@freebsd.org Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by hub.freebsd.org (Postfix) with ESMTP id A33BF37B417 for ; Tue, 23 Apr 2002 11:29:21 -0700 (PDT) Received: from madman.nectar.cc (madman.nectar.cc [10.0.1.111]) by gw.nectar.cc (Postfix) with ESMTP id 6048A4A; Tue, 23 Apr 2002 13:29:21 -0500 (CDT) Received: from madman.nectar.cc (localhost [IPv6:::1]) by madman.nectar.cc (8.12.3/8.11.6) with ESMTP id g3NITLFM029823; Tue, 23 Apr 2002 13:29:21 -0500 (CDT) (envelope-from nectar@madman.nectar.cc) Received: (from nectar@localhost) by madman.nectar.cc (8.12.3/8.12.3/Submit) id g3NITK56029822; Tue, 23 Apr 2002 13:29:20 -0500 (CDT) Date: Tue, 23 Apr 2002 13:29:20 -0500 From: "Jacques A. Vidrine" To: Jason Stone Cc: Chris BeHanna , FreeBSD Security Subject: Re: Cleaning suid Binaries (Was: Re: stdio security advisory) Message-ID: <20020423182920.GA29601@madman.nectar.cc> References: <20020422233549.A69611-100000@topperwein.dyndns.org> <20020422204317.O14111-100000@walter> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020422204317.O14111-100000@walter> User-Agent: Mutt/1.3.28i X-Url: http://www.nectar.cc/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, Apr 22, 2002 at 08:56:13PM -0700, Jason Stone wrote: > If the "error" message bothers you, either > take it out of the source and recompile, or simpler, just run > "gpg 2>/dev/null" Or put the following line in $HOME/.gnupg/options: no-secmem-warning -- Jacques A. Vidrine http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Apr 23 14: 3:18 2002 Delivered-To: freebsd-security@freebsd.org Received: from shark.amis.net (shark.amis.net [212.18.32.14]) by hub.freebsd.org (Postfix) with ESMTP id 1A62437B41D for ; Tue, 23 Apr 2002 14:03:12 -0700 (PDT) Received: from baracuda.amis.net (baracuda.amis.net [212.18.32.4]) by shark.amis.net (Postfix) with ESMTP id 255067C05 for ; Tue, 23 Apr 2002 23:03:11 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by baracuda.amis.net (Postfix) with ESMTP id E48229B12 for ; Tue, 23 Apr 2002 23:03:10 +0200 (CEST) Received: from titanic.medinet.si (titanic.medinet.si [212.18.42.5]) by baracuda.amis.net (Postfix) with ESMTP id 0B8119B11 for ; Tue, 23 Apr 2002 23:03:10 +0200 (CEST) Received: by titanic.medinet.si (Postfix, from userid 1000) id 8474D55411; Tue, 23 Apr 2002 23:03:09 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by titanic.medinet.si (Postfix) with ESMTP id 8262555404 for ; Tue, 23 Apr 2002 23:03:09 +0200 (CEST) Date: Tue, 23 Apr 2002 23:03:09 +0200 (CEST) From: Blaz Zupan X-X-Sender: blaz@titanic.medinet.si To: freebsd-security@freebsd.org Subject: segfault in ftpd Message-ID: <20020423225805.Q93786-100000@titanic.medinet.si> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by AMaViS perl-11 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org For some time now I see messages like this in the logs on our webserver: pid 36861 (ftpd), uid 29987: exited on signal 11 This is with the stock ftpd on 4.5-RELEASE-p3 (users use it to upload their web pages to it). I compiled ftpd with -g and tried to set it up so that I get a coredump. I configured: mkdir /var/coredumps chmod 1777 /var/coredumps sysctl kern.corefile=/var/coredumps/%U.%N.%P.core Now I can create a simple program that crashes and the core will be written to /var/coredumps. But ftpd simply does not want to create a coredump. As far as I can see, /etc/login.conf specifies coredumpsize=unlimited. Is there anything else I need to configure or tune to be able to catch a coredump? I'd really like to catch this one before 4.6-RELEASE ;-) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Apr 23 15:37:30 2002 Delivered-To: freebsd-security@freebsd.org Received: from walter.dfmm.org (walter.dfmm.org [209.151.233.240]) by hub.freebsd.org (Postfix) with ESMTP id 47E8C37B41E for ; Tue, 23 Apr 2002 15:37:09 -0700 (PDT) Received: (qmail 4689 invoked by uid 1000); 23 Apr 2002 22:37:04 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 23 Apr 2002 22:37:04 -0000 Date: Tue, 23 Apr 2002 15:37:04 -0700 (PDT) From: Jason Stone X-X-Sender: To: Chuck Rock Cc: Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:23.stdio In-Reply-To: Message-ID: <20020423144648.G76242-100000@walter> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > I see see this a lot. Why if the answer is always "all of them" isn't > FreeBSD distributed, and patched, and whatever so this is already > true. > > I can't believe that FreeBSD would allow their system to have these > suid bits set if they weren't supposed to be that way. If a program has the setuid bit turned on, it will run as the user who owns the program rather than the user who's running it. In general, this is a bad idea because fundamentally, users should not be able to run code as other users. However, there are some programs which must run as root for either all or part of their functionality and are therefore setuid. However, if you either don't need that program at all, or don't need the functionality that requires root priveleges, you can remove the setuid bit to increase system security. For example, lpr is setuid root so that it can write your print job into the queue. Servers, though, usually don't have printers attached, and therefore have no need of lpr, so the setuid bit can be removed. screen is setuid root so that it can create utmp login records for each window it opens up - this functionality is not necesary for the rest of screen's proper operation, so the setuid bit can be removed. None of my users use opie/skey, so I removed the setuid bit from keyinit from all my machines - so I'm much less worried about this vulnerability (though of course I still upgrade everything). So while each setuid program has a reason for being setuid, that doesn't mean that any given box needs each to be setuid. -Jason ----------------------------------------------------------------------- I worry about my child and the Internet all the time, even though she's too young to have logged on yet. Here's what I worry about. I worry that 10 or 15 years from now, she will come to me and say "Daddy, where were you when they took freedom of the press away from the Internet?" -- Mike Godwin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: See https://private.idealab.com/public/jason/jason.gpg iD8DBQE8xeIQswXMWWtptckRArOyAJ97z/CIsMHkVk8MaTlJgZu4NoIE1gCg0lrJ nKzH+kP08t9byO3KBRqXSMA= =e0Fr -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Apr 23 19:54: 7 2002 Delivered-To: freebsd-security@freebsd.org Received: from vulcan.rsasecurity.com (vulcan.rsasecurity.com [204.167.114.130]) by hub.freebsd.org (Postfix) with SMTP id 4027F37B416 for ; Tue, 23 Apr 2002 19:54:03 -0700 (PDT) Received: from sdtihq24.securitydynamics.com by vulcan.rsasecurity.com via smtpd (for hub.FreeBSD.org [216.136.204.18]) with SMTP; 24 Apr 2002 02:52:45 UT Received: from ebola.securitydynamics.com (ebola.securid.com [192.80.211.4]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id WAA04295 for ; Tue, 23 Apr 2002 22:52:28 -0400 (EDT) Received: from spirit.dynas.se (localhost [127.0.0.1]) by ebola.securitydynamics.com (8.10.2+Sun/8.9.1) with SMTP id g3O2s1t01221 for ; Tue, 23 Apr 2002 22:54:01 -0400 (EDT) Received: (qmail 24133 invoked from network); 24 Apr 2002 02:53:55 -0000 Received: from explorer.rsa.com (HELO mikko.rsa.com) (10.81.217.59) by spirit.se.eu.rsa.net with SMTP; 24 Apr 2002 02:53:55 -0000 Received: (from mikko@localhost) by mikko.rsa.com (8.11.6/8.11.6) id g3O2rrM33014; Tue, 23 Apr 2002 19:53:53 -0700 (PDT) (envelope-from mikko) Date: Tue, 23 Apr 2002 19:53:53 -0700 (PDT) From: Mikko Tyolajarvi Message-Id: <200204240253.g3O2rrM33014@mikko.rsa.com> To: blaz@si.FreeBSD.org Cc: security@freebsd.org Orig-To: Blaz Zupan Subject: Re: segfault in ftpd Newsgroups: local.freebsd.security References: <20020423225805.Q93786-100000@titanic.medinet.si> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In local.freebsd.security you write: >For some time now I see messages like this in the logs on our webserver: >pid 36861 (ftpd), uid 29987: exited on signal 11 >This is with the stock ftpd on 4.5-RELEASE-p3 (users use it to upload their >web pages to it). I compiled ftpd with -g and tried to set it up so that I get >a coredump. I configured: > mkdir /var/coredumps > chmod 1777 /var/coredumps > sysctl kern.corefile=/var/coredumps/%U.%N.%P.core >Now I can create a simple program that crashes and the core will be written to >/var/coredumps. But ftpd simply does not want to create a coredump. As far as >I can see, /etc/login.conf specifies coredumpsize=unlimited. Is there anything >else I need to configure or tune to be able to catch a coredump? Try: sysctl kern.sugid_coredump=1 If ftpd crashes after user login, then UID != EUID (which is what makes it such a security problem in the first place -- how often do you _really_ need to change user in the middle of an ftp session? It should just switch uid and be done with it, IMHO). $.02, /Mikko -- Mikko Työläjärvi_______________________________________mikko@rsasecurity.com RSA Security To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Apr 23 20:11: 4 2002 Delivered-To: freebsd-security@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id 189E737B41D for ; Tue, 23 Apr 2002 20:10:51 -0700 (PDT) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.11.4/8.11.6) id g3O3Amd04898; Tue, 23 Apr 2002 23:10:48 -0400 (EDT) (envelope-from wollman) Date: Tue, 23 Apr 2002 23:10:48 -0400 (EDT) From: Garrett Wollman Message-Id: <200204240310.g3O3Amd04898@khavrinen.lcs.mit.edu> To: Mikko Tyolajarvi Cc: security@FreeBSD.ORG Subject: Re: segfault in ftpd Newsgroups: local.freebsd.security In-Reply-To: <200204240253.g3O2rrM33014@mikko.rsa.com> References: <20020423225805.Q93786-100000@titanic.medinet.si> <200204240253.g3O2rrM33014@mikko.rsa.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org < said: > makes it such a security problem in the first place -- how often do > you _really_ need to change user in the middle of an ftp session? > It should just switch uid and be done with it, IMHO). Unfortunately, the people who designed the FTP protocol did not consider the notion of `privileged ports'. As a result, an active-mode FTP connection is required to originate from , which means that for every active-mode FTP operation, the FTP server must be able to bind to a privileged port. An implementation of capabilities would obviate this problem: ftp could change its context entirely to that of the client, except leaving the `can bind low ports' bit on, and still be able to accomplish what it needs to do. -GAWollman To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Apr 24 5:43:10 2002 Delivered-To: freebsd-security@freebsd.org Received: from shark.amis.net (shark.amis.net [212.18.32.14]) by hub.freebsd.org (Postfix) with ESMTP id AC47237B400 for ; Wed, 24 Apr 2002 05:42:59 -0700 (PDT) Received: from baracuda.amis.net (baracuda.amis.net [212.18.32.4]) by shark.amis.net (Postfix) with ESMTP id 5EF128157; Wed, 24 Apr 2002 14:41:53 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by baracuda.amis.net (Postfix) with ESMTP id AE4A79B11; Wed, 24 Apr 2002 14:41:51 +0200 (CEST) Received: from titanic.medinet.si (titanic.medinet.si [212.18.42.5]) by baracuda.amis.net (Postfix) with ESMTP id 407689B29; Wed, 24 Apr 2002 14:41:43 +0200 (CEST) Received: by titanic.medinet.si (Postfix, from userid 1000) id 4591755411; Wed, 24 Apr 2002 14:41:42 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by titanic.medinet.si (Postfix) with ESMTP id 3E83655404; Wed, 24 Apr 2002 14:41:42 +0200 (CEST) Date: Wed, 24 Apr 2002 14:41:42 +0200 (CEST) From: Blaz Zupan X-X-Sender: blaz@titanic.medinet.si To: Mikko Tyolajarvi Cc: security@freebsd.org Subject: Re: segfault in ftpd In-Reply-To: <200204240253.g3O2rrM33014@mikko.rsa.com> Message-ID: <20020424144110.K24518-100000@titanic.medinet.si> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by AMaViS perl-11 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > Try: > > sysctl kern.sugid_coredump=1 Unfortunatelly, that does not seem to be it either. A couple of hours later, ftpd crashed again, again no core dump: pid 2082 (ftpd.debug), uid 2342: exited on signal 11 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Apr 24 6: 0:38 2002 Delivered-To: freebsd-security@freebsd.org Received: from bilver.wjv.com (spdsl-033.wanlogistics.net [63.209.115.33]) by hub.freebsd.org (Postfix) with ESMTP id 66A4837B400 for ; Wed, 24 Apr 2002 06:00:33 -0700 (PDT) Received: (from bv@localhost) by bilver.wjv.com (8.11.6/8.11.6) id g3OCvjc86230 for security@FreeBSD.ORG; Wed, 24 Apr 2002 08:57:45 -0400 (EDT) (envelope-from bv) Date: Wed, 24 Apr 2002 08:57:45 -0400 From: Bill Vermillion To: security@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:23.stdio Message-ID: <20020424125745.GC85736@wjv.com> Reply-To: bv@wjv.com References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.25i Organization: W.J.Vermillion / Orlando - Winter Park Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > Re: FreeBSD Security Advisory FreeBSD-SA-02:23.stdio > ------------------------------ > Date: Tue, 23 Apr 2002 15:37:04 -0700 (PDT) > From: Jason Stone > Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:23.stdio [someone else said] > > I see see this a lot. Why if the answer is always "all of > > them" isn't FreeBSD distributed, and patched, and whatever so > > this is already true. > > I can't believe that FreeBSD would allow their system to have these > > suid bits set if they weren't supposed to be that way. To which Jason replied: > If a program has the setuid bit turned on, it will run as the > user who owns the program rather than the user who's running > it. In general, this is a bad idea because fundamentally, users > should not be able to run code as other users. However, there > are some programs which must run as root for either all or part > of their functionality and are therefore setuid. I have used database programs that run SUID the database owner so that only those who access to the database and run the SUID program can modify/see the database files. > However, if you either don't need that program at all, or don't > need the functionality that requires root priveleges, you can > remove the setuid bit to increase system security. There are other things that run SUID that are not SUID root. man runs as suid man, uucp programs typically run suid uucp, and my news program runs suid news. There are legitimate reasons for running programs suid other than root. setuid.today under /var/log will show you just what is there. So you many not want to blindly remove all SUID bits. One of the other posters showed a script for removing all SUID bits, and that may not be what you want, unless you have checked them all first. > So while each setuid program has a reason for being setuid, > that doesn't mean that any given box needs each to be setuid. Correct. And I'm just pointing that suid doesn't always mean suid root, which seem to be a prominent theme in this thread. Bill -- Bill Vermillion - bv @ wjv . com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Apr 24 11:49:14 2002 Delivered-To: freebsd-security@freebsd.org Received: from bran.mc.mpls.visi.com (bran.mc.mpls.visi.com [208.42.156.103]) by hub.freebsd.org (Postfix) with ESMTP id C737837B41E for ; Wed, 24 Apr 2002 11:49:00 -0700 (PDT) Received: from sheol.localdomain (hawkeyd-fw.dsl.visi.com [208.42.101.193]) by bran.mc.mpls.visi.com (Postfix) with ESMTP id 0A5384A93 for ; Wed, 24 Apr 2002 13:48:31 -0500 (CDT) Received: (from hawkeyd@localhost) by sheol.localdomain (8.11.6/8.11.6) id g3OImUH01479 for freebsd-security@freebsd.org; Wed, 24 Apr 2002 13:48:30 -0500 (CDT) (envelope-from hawkeyd) Date: Wed, 24 Apr 2002 13:48:30 -0500 From: D J Hawkey Jr To: security at FreeBSD Subject: ANN: SA-02:23.stdio patch backported through 4.1-RELEASE Message-ID: <20020424134830.A1446@sheol.localdomain> Reply-To: hawkeyd@visi.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org As the subject says, now available at: http://www.visi.com/~hawkeyd/freebsd-backports.html Note that only 4.2-RELEASE patches are verified by me to apply without error; I'd appreciate any feedback as to the success or failure of the others. If anyone is curious, the current stats on the available patches are: agp-patch-41R-44P1.udiff: 24 04/17/02-21:31:39 delay_ack-patch-41R.udiff: 18 04/17/02-21:31:11 delay_ack-patch-411R.udiff: 9 04/17/02-21:31:12 delay_ack-patch-42R.udiff: 16 04/17/02-21:31:42 delay_ack-patch-43R-43P21.udiff: 29 04/17/02-21:31:48 delay_ack-patch-44R-44P1.udiff: 49 04/17/02-21:31:50 exec-patch-41R-411R.udiff: 12 04/24/02-13:32:26 exec-patch-42R.udiff: 19 04/24/02-13:32:32 exec-patch-42RSA-01:42.udiff: 1 04/24/02-13:29:47 ich_sound-patch-42R.udiff: 11 04/17/02-21:31:53 ich_sound-patch-43R.udiff: 11 04/17/02-21:31:54 ip_state-patch-41R-42R.udiff: 14 04/17/02-21:31:56 signal-patch-42R.udiff: 1 04/24/02-13:30:52 stdio-patch-41R.udiff: 1 04/24/02-13:29:55 stdio-patch-411R.udiff: 1 04/24/02-13:30:01 stdio-patch-42R.udiff: 1 04/24/02-13:30:09 stdio-patch-42RSA-02:08.udiff: 1 04/24/02-13:30:15 stdio-patch-43R-43P4.udiff: 1 04/24/02-13:30:27 stdio-patch-43P5-43P23.udiff: 1 04/24/02-13:30:32 stdio-patch-43P24-43P28.udiff: 1 04/24/02-13:30:40 Those on 4/24, ~13:30 are me, testing the links! As an aside, I had asked this before, but didn't get what I felt was a definitive answer: 1) Is it appropriate to post these announcements to freebsd-announce, and 2) Am I, not having any official connection to The Project, allowed to post there? Thanks, Dave -- ______________________ ______________________ \__________________ \ D. J. HAWKEY JR. / __________________/ \________________/\ hawkeyd@visi.com /\________________/ http://www.visi.com/~hawkeyd/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Apr 24 15:39:50 2002 Delivered-To: freebsd-security@freebsd.org Received: from apollo.pwhsnet.com (adsl-64-164-36-226.dsl.scrm01.pacbell.net [64.164.36.226]) by hub.freebsd.org (Postfix) with ESMTP id B218837B417 for ; Wed, 24 Apr 2002 15:39:41 -0700 (PDT) Received: (from root@localhost) by apollo.pwhsnet.com (8.11.6/8.11.6) id g3OMZT576659 for freebsd-security@freebsd.org; Wed, 24 Apr 2002 15:35:29 -0700 (PDT) (envelope-from patrick@pwhsnet.com) Received: from zeus (patrick@zeus.pwhsnet.com [192.168.0.3]) by apollo.pwhsnet.com (8.11.6/8.11.6) with SMTP id g3OMZSk76613 for ; Wed, 24 Apr 2002 15:35:28 -0700 (PDT) (envelope-from patrick@pwhsnet.com) Message-ID: <009101c1ebdf$341b4000$0300a8c0@zeus> From: "Patrick O. Fish" To: Subject: su: s/key Date: Wed, 24 Apr 2002 15:27:22 -0700 MIME-Version: 1.0 X-scanner: scanned by Inflex 1.0.12.2 - (http://pldaniels.com/inflex/) Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I just got back from a vacation today. I had an email from my security officer saying that he was able to use an exploit to get root, and that he patched it (took suid off that file). I goto su, and i get this: patrick@apollo:~$ su s/key 95 snosoft2 Password: I asked him about it, he doesnt know why thats happening. Any ideas? Patrick Fish PWHS Networks ______________________________________ Scanned and protected by Inflex Inflex Scanning software Available at http://pldaniels.com/inflex To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Apr 24 15:54:16 2002 Delivered-To: freebsd-security@freebsd.org Received: from pike.epylon.com (mail03.epylon.com [63.93.9.99]) by hub.freebsd.org (Postfix) with ESMTP id 032B937B400 for ; Wed, 24 Apr 2002 15:54:11 -0700 (PDT) Received: from [192.168.4.56] (sf-gw.epylon.com [63.93.9.98]) by pike.epylon.com (Postfix) with ESMTP id 4014759211; Wed, 24 Apr 2002 15:52:35 -0700 (PDT) Date: Wed, 24 Apr 2002 16:02:11 -0700 From: Jason DiCioccio Reply-To: "Jason DiCioccio (reply)" To: "Patrick O. Fish" , freebsd-security@freebsd.org Subject: Re: su: s/key Message-ID: <513728078.1019664131@[192.168.4.56]> In-Reply-To: <009101c1ebdf$341b4000$0300a8c0@zeus> References: <009101c1ebdf$341b4000$0300a8c0@zeus> X-Mailer: Mulberry/2.1.2 (Win32) MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="==========513747854==========" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --==========513747854========== Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: quoted-printable Content-Disposition: inline --On Wednesday, April 24, 2002 3:27 PM -0700 "Patrick O. Fish"=20 wrote: > I just got back from a vacation today. I had an email from my security > officer saying that he was able to use an exploit to get root, and that = he > patched it (took suid off that file). I goto su, and i get this: > > patrick@apollo:~$ su > s/key 95 snosoft2 > Password: > If what you're saying is that when you got back from vacation and tried to=20 su, you got that s/key prompt, then it looks like someone has already used=20 the stdio exploit on your box. Cheers, -JD- ---- Useless .sig --==========513747854========== Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (MingW32) Comment: For info see http://www.gnupg.org iD8DBQE8xzl201CVlgQ2fAgRAi4xAKCFILgdcuL4LwHO5nFRHriu5L4oaACfQxKE Gllu+57HesHM9sWmB/mOD1g= =D1nN -----END PGP SIGNATURE----- --==========513747854==========-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Apr 24 15:54:29 2002 Delivered-To: freebsd-security@freebsd.org Received: from numeri.campus.luth.se (numeri.campus.luth.se [130.240.197.103]) by hub.freebsd.org (Postfix) with ESMTP id D66C437B42F for ; Wed, 24 Apr 2002 15:54:21 -0700 (PDT) Received: (from k@localhost) by numeri.campus.luth.se (8.11.6/8.11.6) id g3OMr6H70834; Thu, 25 Apr 2002 00:53:06 +0200 (CEST) (envelope-from k) Date: Thu, 25 Apr 2002 00:53:06 +0200 From: Johan Karlsson To: jason@shalott.net Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:23.stdio Message-ID: <20020425005306.A70101@numeri.campus.luth.se> Reply-To: 20020422181601.C14111-100000@walter.FreeBSD.ORG Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi all, > Note, there was a previous thread on creating make variables to control > whether or not each setuid binary would be installed setuid. I haven't > done any work on a patch, yet, but such a system would allow you a cleaner > way of deciding which binaries should be setuid when you do a make world. If no one has started with this yet I would be willing to take a fisrt shot. I'll see what I can do tonight. /K -- Johan Karlsson mailto:k@numeri.campus.luth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Apr 24 16: 0:25 2002 Delivered-To: freebsd-security@freebsd.org Received: from apollo.pwhsnet.com (adsl-64-164-36-226.dsl.scrm01.pacbell.net [64.164.36.226]) by hub.freebsd.org (Postfix) with ESMTP id 2979237B41B for ; Wed, 24 Apr 2002 16:00:21 -0700 (PDT) Received: (from root@localhost) by apollo.pwhsnet.com (8.11.6/8.11.6) id g3ON6Bu77409; Wed, 24 Apr 2002 16:06:11 -0700 (PDT) (envelope-from patrick@pwhsnet.com) Received: from zeus (patrick@zeus.pwhsnet.com [192.168.0.3]) by apollo.pwhsnet.com (8.11.6/8.11.6) with SMTP id g3ON6Ak77363; Wed, 24 Apr 2002 16:06:10 -0700 (PDT) (envelope-from patrick@pwhsnet.com) Message-ID: <00d801c1ebe3$7e354b50$0300a8c0@zeus> From: "Patrick O. Fish" To: "Jason DiCioccio (reply)" , References: <009101c1ebdf$341b4000$0300a8c0@zeus> <513728078.1019664131@[192.168.4.56]> Subject: Re: su: s/key Date: Wed, 24 Apr 2002 15:58:04 -0700 MIME-Version: 1.0 X-scanner: scanned by Inflex 1.0.12.2 - (http://pldaniels.com/inflex/) Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org yeah, my security officer tried it to see if it would work. he patched it, but im trying to get rid of the s/key prompt ----- Original Message ----- From: "Jason DiCioccio" To: "Patrick O. Fish" ; Sent: Wednesday, April 24, 2002 4:02 PM Subject: Re: su: s/key ______________________________________ Scanned and protected by Inflex Inflex Scanning software Available at http://pldaniels.com/inflex To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Apr 24 16:10:52 2002 Delivered-To: freebsd-security@freebsd.org Received: from harrier.csrv.uidaho.edu (harrier.csrv.uidaho.edu [129.101.119.224]) by hub.freebsd.org (Postfix) with ESMTP id EF7C537B416 for ; Wed, 24 Apr 2002 16:10:49 -0700 (PDT) Received: from uidaho.edu (oblivion.csrv-staff.uidaho.edu [129.101.66.165]) by harrier.csrv.uidaho.edu (8.9.3 (PHNE_22672)/) with ESMTP id QAA05567; Wed, 24 Apr 2002 16:08:27 -0700 (PDT) Message-Id: <200204242308.QAA05567@harrier.csrv.uidaho.edu> Date: Wed, 24 Apr 2002 16:08:54 -0700 (PDT) From: Jon DeShirley Subject: Re: su: s/key To: "Patrick O. Fish" , freebsd-security@freebsd.org In-Reply-To: <00d801c1ebe3$7e354b50$0300a8c0@zeus> MIME-Version: 1.0 Content-Type: TEXT/plain; CHARSET=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On 24 Apr, Patrick O. Fish wrote: > yeah, my security officer tried it to see if it would work. he patched it, > but im trying to get rid of the s/key prompt If it'll be any help, this is the exploit code he probably used: http://online.securityfocus.com/archive/1/269102/2002-04-21/2002-04-27/0 You'll probably want to take a look at /etc/skeykeys [from keyinit(1)]. --jon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Apr 24 16:25:11 2002 Delivered-To: freebsd-security@freebsd.org Received: from pike.epylon.com (mail03.epylon.com [63.93.9.99]) by hub.freebsd.org (Postfix) with ESMTP id 4C59937B41F for ; Wed, 24 Apr 2002 16:24:48 -0700 (PDT) Received: from [192.168.4.56] (sf-gw.epylon.com [63.93.9.98]) by pike.epylon.com (Postfix) with ESMTP id 7E34259218; Wed, 24 Apr 2002 16:01:44 -0700 (PDT) Date: Wed, 24 Apr 2002 16:11:23 -0700 From: Jason DiCioccio Reply-To: "Jason DiCioccio (reply)" To: "Patrick O. Fish" , freebsd-security@freebsd.org Subject: Re: su: s/key Message-ID: <514280062.1019664683@[192.168.4.56]> In-Reply-To: <00d801c1ebe3$7e354b50$0300a8c0@zeus> References: <00d801c1ebe3$7e354b50$0300a8c0@zeus> X-Mailer: Mulberry/2.1.2 (Win32) MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="==========514286024==========" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --==========514286024========== Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: quoted-printable Content-Disposition: inline --On Wednesday, April 24, 2002 3:58 PM -0700 "Patrick O. Fish"=20 wrote: > yeah, my security officer tried it to see if it would work. he patched > it, but im trying to get rid of the s/key prompt The line you're looking to delete is in /etc/skeykeys., I believe it begins = with 'root' :) Cheers, -JD- ---- Useless .sig --==========514286024========== Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (MingW32) Comment: For info see http://www.gnupg.org iD8DBQE8xzub01CVlgQ2fAgRAu34AKCfx+pEEmdTpTlSJ5AgZssOIryI/QCgnzb+ MqOVPiRzgHife2C0BJ/CA4c= =MW/O -----END PGP SIGNATURE----- --==========514286024==========-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Apr 24 17:25: 4 2002 Delivered-To: freebsd-security@freebsd.org Received: from onion.ish.org (onion.ish.org [210.145.219.202]) by hub.freebsd.org (Postfix) with ESMTP id 3799437B404 for ; Wed, 24 Apr 2002 17:25:01 -0700 (PDT) Received: from localhost (ishizuka@localhost [127.0.0.1]) by onion.ish.org (8.11.6/8.11.6/2001-11-30) with ESMTP id g3P0MjY82166 for ; Thu, 25 Apr 2002 09:22:45 +0900 (JST) (envelope-from ishizuka@ish.org) Date: Thu, 25 Apr 2002 09:22:44 +0900 (JST) Message-Id: <20020425.092244.74670614.ishizuka@ish.org> To: freebsd-security@FreeBSD.ORG Subject: FreeBSD-SA-02:22.mmap From: Masachika ISHIZUKA X-PGP-Fingerprint20: 276D 697A C2CB 1580 C683 8F18 DA98 1A4A 50D2 C4CB X-PGP-Fingerprint16: C6 DE 46 24 D7 9F 22 EB 79 E2 90 AB 1B 9A 35 2E X-PGP-Public-Key: http://www.ish.org/pgp-public-key.txt X-URL: http://www.ish.org/ X-Mailer: Mew version 2.2 on Emacs 21.2 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Is there any reasons why FreeBSD-SA-02:22.mmap is not announced in freebsd-security ML nor freebsd-announce ML ? We can find it the following URL, http://www.freebsd.org/security/#adv -- ishizuka@ish.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Apr 24 18:56:23 2002 Delivered-To: freebsd-security@freebsd.org Received: from numeri.campus.luth.se (numeri.campus.luth.se [130.240.197.103]) by hub.freebsd.org (Postfix) with ESMTP id 95CCE37B417; Wed, 24 Apr 2002 18:55:56 -0700 (PDT) Received: (from k@localhost) by numeri.campus.luth.se (8.11.6/8.11.6) id g3P1rrS74076; Thu, 25 Apr 2002 03:53:53 +0200 (CEST) (envelope-from k) Date: Thu, 25 Apr 2002 03:53:53 +0200 From: Johan Karlsson To: freebsd-arch@freebsd.org Subject: NOSUID and NOSUID_prog make knobs Message-ID: <20020425035353.A73613@numeri.campus.luth.se> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="fUYQa+Pmc3FrFX/N" Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --fUYQa+Pmc3FrFX/N Content-Type: text/plain; charset=us-ascii Content-Disposition: inline [bcc -security since the discussion started there ] Hi all, recently a discussion about removing the setuid bit popup again http://docs.FreeBSD.org/cgi/getmsg.cgi?fetch=166393+0+current/freebsd-security Jason noted that it had been discussed before and also that introducing a make knob to disable installation of various programs with the setuid bit turned on had been proposed. I have started to implement this and would like to know what you think of the concept. Attached is an untested diff for some suid/sgid programs. Basicly it protects the BINMODE assignment in the Makefile with .if !defined(NOSUID) && !defined(NOSUID_prog) I have also made changes to make.conf.5 and examples/etc/make.conf to reflect the new knobs. Please have a look at the attached diff and let me know what you think. If there is interest and some commiter would consider to commit something along those lines I'm willing to make a diff for most of the suid/sgid programs we have in the tree. /Johan K -- Johan Karlsson mailto:k@numeri.campus.luth.se --fUYQa+Pmc3FrFX/N Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="NOSUID.diff" ? usr.sbin/sa ? usr.sbin/rpc.statd ? usr.sbin/rpc.umntall ? usr.sbin/rpc.yppasswdd ? usr.sbin/rpc.ypupdated ? usr.sbin/rpc.ypxfrd ? usr.sbin/rpcbind ? usr.sbin/rrenumd ? usr.sbin/rtadvd ? usr.sbin/rtprio ? usr.sbin/rtsold ? usr.sbin/rwhod ? usr.sbin/sendmail ? usr.sbin/setextattr ? usr.sbin/setkey ? usr.sbin/sgsc ? usr.sbin/sicontrol ? usr.sbin/sliplogin ? usr.sbin/slstat ? usr.sbin/spkrtest ? usr.sbin/spray ? usr.sbin/stallion Index: share/examples/etc/make.conf =================================================================== RCS file: /home/ncvs/src/share/examples/etc/make.conf,v retrieving revision 1.186 diff -u -r1.186 make.conf --- share/examples/etc/make.conf 2002/04/23 23:59:51 1.186 +++ share/examples/etc/make.conf 2002/04/25 01:29:12 @@ -88,6 +88,22 @@ # To enable installing ssh(1) with the setuid bit turned on #ENABLE_SUID_SSH= true # +# To avoid installing various parts with the setuid/setgid bit turned on +# +#NOSUID= true # no setuid bit for any of the below +#NOSUID_AT= true # no setuid bit for at +#NOSUID_CHPASS= true # no setuid bit for chpass +#NOSUID_K5SU= true # no setuid bit for k5su +#NOSUID_PING= true # no setuid bit for ping +#NOSUID_PING6= true # no setuid bit for ping6 +#NOSUID_PPP= true # no setuid bit for ppp +#NOSUID_RCP= true # no setuid bit for rcp +#NOSUID_SHUTDOWN= true # no setuid bit for shutdown +# +#NOSGID= true # no setgid bit for any of the below +#NOSGID_DM= true # no setgid bit for dm +#NOSGID_PS= true # no setgid bit for ps + # To avoid building various parts of the base system: #NO_CVS= true # do not build CVS #NO_CXX= true # do not build C++ and friends Index: share/man/man5/make.conf.5 =================================================================== RCS file: /home/ncvs/src/share/man/man5/make.conf.5,v retrieving revision 1.43 diff -u -r1.43 make.conf.5 --- share/man/man5/make.conf.5 2002/04/23 23:59:51 1.43 +++ share/man/man5/make.conf.5 2002/04/25 01:29:16 @@ -480,11 +480,39 @@ set to not build crypto code in .Pa secure subdir. +.It Va NOSGID +.Pq Vt bool +Set to disable the installation of all of the following +as sgid programs. +.It Va NOSGID_DM +.Pq Vt bool +Set to disable the installation of +.Xr dm 8 +as a sgid program. .It Va NOSHARE .Pq Vt bool Set to not build in the .Pa share subdir. +.It Va NOSGID +.Pq Vt bool +Set to disable the installation of all of the following +as suid programs. +.It Va NOSUID_AT +.Pq Vt bool +Set to disable the installation of +.Xr at 1 +as a suid program. +.It Va NOSUID_CHPASS +.Pq Vt bool +Set to disable the installation of +.Xr chpass 1 +as a suid program. +.It Va NOSUID_PPP +.Pq Vt bool +Set to disable the installation of +.Xr ppp 8 +as a suid program. .It Va NOUUCP .Pq Vt bool Set to not build @@ -496,11 +524,6 @@ .Xr perl 1 with thread support. -.It Va PPP_NOSUID -.Pq Vt bool -Set to disable the installation of -.Xr ppp 8 -as an suid root program. .It Va SENDMAIL_MC .Pq Vt str The default m4 configuration file to use at install time. Index: bin/ps/Makefile =================================================================== RCS file: /home/ncvs/src/bin/ps/Makefile,v retrieving revision 1.19 diff -u -r1.19 Makefile --- bin/ps/Makefile 2002/02/04 03:06:50 1.19 +++ bin/ps/Makefile 2002/04/25 01:29:36 @@ -14,7 +14,9 @@ WFORMAT=0 DPADD= ${LIBM} ${LIBKVM} LDADD= -lm -lkvm +.if !defined(NOSGID) && !defined(NOSGID_PS) #BINGRP= kmem #BINMODE=2555 +.endif .include Index: bin/rcp/Makefile =================================================================== RCS file: /home/ncvs/src/bin/rcp/Makefile,v retrieving revision 1.20 diff -u -r1.20 Makefile --- bin/rcp/Makefile 2002/04/18 07:01:34 1.20 +++ bin/rcp/Makefile 2002/04/25 01:29:36 @@ -21,8 +21,10 @@ .PATH: ${.CURDIR}/../../crypto/kerberosIV/appl/bsd .endif +.if !defined(NOSUID) && !defined(NOSUID_RCP) BINOWN= root BINMODE=4555 INSTALLFLAGS=-fschg +.endif .include Index: sbin/ping/Makefile =================================================================== RCS file: /home/ncvs/src/sbin/ping/Makefile,v retrieving revision 1.17 diff -u -r1.17 Makefile --- sbin/ping/Makefile 2001/12/04 02:19:55 1.17 +++ sbin/ping/Makefile 2002/04/25 01:29:48 @@ -3,8 +3,10 @@ PROG= ping MAN= ping.8 +.if !defined(NOSUID) && !defined(NOSUID_PING) BINOWN= root BINMODE=4555 +.endif .if ${MACHINE_ARCH} == "alpha" CFLAGS+=-fno-builtin # GCC's builtin memcpy doesn't do unaligned copies .endif Index: sbin/ping6/Makefile =================================================================== RCS file: /home/ncvs/src/sbin/ping6/Makefile,v retrieving revision 1.9 diff -u -r1.9 Makefile --- sbin/ping6/Makefile 2002/03/01 09:49:48 1.9 +++ sbin/ping6/Makefile 2002/04/25 01:29:48 @@ -6,8 +6,10 @@ CFLAGS+=-DINET6 -DIPSEC WARNS= 0 +.if !defined(NOSUID) && !defined(NOSUID_PING6) BINOWN= root BINMODE=4555 +.endif LDADD= -lipsec -lm -lmd DPADD= ${LIBIPSEC} ${LIBM} ${LIBMD} Index: usr.bin/at/Makefile =================================================================== RCS file: /home/ncvs/src/usr.bin/at/Makefile,v retrieving revision 1.15 diff -u -r1.15 Makefile --- usr.bin/at/Makefile 2002/02/08 22:31:35 1.15 +++ usr.bin/at/Makefile 2002/04/25 01:29:49 @@ -11,8 +11,10 @@ at.1 atq.1 \ at.1 atrm.1 +.if !defined(NUSUID) && !defined(NOSUID_AT) BINOWN= root BINMODE= 4555 +.endif CLEANFILES+= at.1 at.1: at.man Index: usr.bin/chpass/Makefile =================================================================== RCS file: /home/ncvs/src/usr.bin/chpass/Makefile,v retrieving revision 1.25 diff -u -r1.25 Makefile --- usr.bin/chpass/Makefile 2002/03/24 10:21:22 1.25 +++ usr.bin/chpass/Makefile 2002/04/25 01:29:51 @@ -6,8 +6,10 @@ table.c util.c ypxfr_misc.c ${GENSRCS} GENSRCS=yp.h yp_clnt.c yppasswd.h yppasswd_clnt.c yppasswd_private.h \ yppasswd_private_clnt.c yppasswd_private_xdr.c +.if !defined(NOSUID) && !defined(NOSUID_CHPASS) BINOWN= root BINMODE=4555 +.endif .PATH: ${.CURDIR}/../../usr.sbin/pwd_mkdb ${.CURDIR}/../../usr.sbin/vipw \ ${.CURDIR}/../../libexec/ypxfr \ ${.CURDIR}/../../usr.sbin/rpc.yppasswdd \ Index: usr.sbin/ppp/Makefile =================================================================== RCS file: /home/ncvs/src/usr.sbin/ppp/Makefile,v retrieving revision 1.94 diff -u -r1.94 Makefile --- usr.sbin/ppp/Makefile 2002/03/30 17:57:51 1.94 +++ usr.sbin/ppp/Makefile 2002/04/25 01:30:37 @@ -19,11 +19,11 @@ NOSUID= true .endif -.if defined(NOSUID) || defined(PPP_NOSUID) -BINMODE=554 -.else +.if !defined(NOSUID) && !defined(NOSUID_PPP) && !defined(PPP_NOSUID) BINMODE=4554 BINOWN= root +.else +BINMODE=554 .endif BINGRP= network M4FLAGS= --fUYQa+Pmc3FrFX/N-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Apr 25 1:10:52 2002 Delivered-To: freebsd-security@freebsd.org Received: from ns.agentsoft.co.kr (ns.agentsoft.co.kr [211.196.197.222]) by hub.freebsd.org (Postfix) with ESMTP id B195D37B429 for ; Thu, 25 Apr 2002 01:10:26 -0700 (PDT) Received: from daksong ([211.196.197.218]) by ns.agentsoft.co.kr (8.11.6/8.11.6) with SMTP id g3P8A9a65041 for ; Thu, 25 Apr 2002 17:10:11 +0900 (KST) (envelope-from jisong@agentsoft.co.kr) Message-ID: <023001c1ec30$d2d75fc0$0200a8c0@daksong> From: "Song Jeong il" To: References: <20020425.092244.74670614.ishizuka@ish.org> Subject: Re: FreeBSD-SA-02:22.mmap Date: Thu, 25 Apr 2002 17:11:36 +0900 MIME-Version: 1.0 Content-Type: text/plain; charset="euc-kr" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ----- Original Message ----- From: "Masachika ISHIZUKA" To: Sent: Thursday, April 25, 2002 9:22 AM Subject: FreeBSD-SA-02:22.mmap > Is there any reasons why FreeBSD-SA-02:22.mmap is not announced > in freebsd-security ML nor freebsd-announce ML ? > We can find it the following URL, > > http://www.freebsd.org/security/#adv > > -- > ishizuka@ish.org > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Apr 25 2:39:54 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.getnet.net (mail.getnet.net [63.137.32.10]) by hub.freebsd.org (Postfix) with SMTP id 2390F37B41C for ; Thu, 25 Apr 2002 02:39:52 -0700 (PDT) Received: (qmail 11564 invoked from network); 25 Apr 2002 09:39:35 -0000 Received: from 216-19-216-10.getnet.net (HELO sunny.localdomain) (216.19.216.10) by 0 with SMTP; 25 Apr 2002 09:39:35 -0000 Received: (from rooot@localhost) by sunny.localdomain (8.11.6/8.11.6) id g3P9dCB00417 for freebsd-security@freebsd.org; Thu, 25 Apr 2002 02:39:12 -0700 (MST) (envelope-from swive@getnet.com) X-Authentication-Warning: sunny.localdomain: rooot set sender to swive@getnet.com using -f Date: Thu, 25 Apr 2002 02:39:11 -0700 From: VB To: freebsd-security@freebsd.org Subject: patching holes Message-ID: <20020425023911.A401@sunny.localdomain> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hellow, I just installed 4.4 Release. Since this version has been out for a while, I wish to patch all security problems that have been discovered since release date and now. But I don't want to add any other ports/packages. How can I "fully" patch my system without upgrading any other ports/packages? That is, I want to add ***all and only*** security fixes to my system; how can do that efficiently? TIA, vberic PS--I am aware that some problems can be fixed only by upgrading to 4.5, e.g., stdio. I just want to patch 4.4. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Apr 25 2:46:48 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.getnet.net (mail.getnet.net [63.137.32.10]) by hub.freebsd.org (Postfix) with SMTP id 8C81837B41C for ; Thu, 25 Apr 2002 02:46:45 -0700 (PDT) Received: (qmail 16477 invoked from network); 25 Apr 2002 09:44:41 -0000 Received: from 216-19-216-10.getnet.net (HELO sunny.localdomain) (216.19.216.10) by 0 with SMTP; 25 Apr 2002 09:44:41 -0000 Received: (from rooot@localhost) by sunny.localdomain (8.11.6/8.11.6) id g3P9iIN00470 for freebsd-security@freebsd.org; Thu, 25 Apr 2002 02:44:18 -0700 (MST) (envelope-from swive@getnet.com) X-Authentication-Warning: sunny.localdomain: rooot set sender to swive@getnet.com using -f Date: Thu, 25 Apr 2002 02:44:18 -0700 From: VB To: freebsd-security@freebsd.org Subject: zlib please Message-ID: <20020425024418.A445@sunny.localdomain> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org As a different way of putting my poorly worded last message, I want to replace all packages that use the bad zlib. How do I know which ports/packages those are? I am using 4.4 Release. I want to fix zlib et al. without upgrading any other non-security-hole related stuff. How do I do that? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Apr 25 3:39:31 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.getnet.net (mail.getnet.net [63.137.32.10]) by hub.freebsd.org (Postfix) with SMTP id E33AB37B421 for ; Thu, 25 Apr 2002 03:39:27 -0700 (PDT) Received: (qmail 1061 invoked from network); 25 Apr 2002 10:29:43 -0000 Received: from 216-19-216-10.getnet.net (HELO sunny.localdomain) (216.19.216.10) by 0 with SMTP; 25 Apr 2002 10:29:43 -0000 Received: (from rooot@localhost) by sunny.localdomain (8.11.6/8.11.6) id g3PATKT29627 for freebsd-security@freebsd.org; Thu, 25 Apr 2002 03:29:20 -0700 (MST) (envelope-from swive@getnet.com) X-Authentication-Warning: sunny.localdomain: rooot set sender to swive@getnet.com using -f Date: Thu, 25 Apr 2002 03:29:19 -0700 From: VB To: freebsd-security@freebsd.org Subject: Re: patching holes Message-ID: <20020425032919.A9246@sunny.localdomain> References: <200204250946.g3P9k2768965@phelons.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <200204250946.g3P9k2768965@phelons.org>; from awnex@phelons.org on Thu, Apr 25, 2002 at 03:46:02AM -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, Apr 25, 2002 at 03:46:02AM -0600, awnex wrote: > Hi, > > Visit http://www.freebsd.org/security/index.html download all patches upto date as of today, then... > # cd /usr/src/ ; patch < /path/of/downloaded-patch > > It might be a bit time comsuming to dl the patches but just make a quick shell script to do the... > # cd /usr/src/ ; patch < /path/of/downloaded-patch I tried that: "patch < /home/morph/path_to_patch" and also tried the "-p" and the machine returns "Hmmm I can't seem to find a patch in there anywhere." What is this all about? > > have fun! > > - awnex To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Apr 25 3:40:54 2002 Delivered-To: freebsd-security@freebsd.org Received: from cell.sick.ru (cell.sick.ru [195.91.162.238]) by hub.freebsd.org (Postfix) with ESMTP id 7D27737B41D for ; Thu, 25 Apr 2002 03:40:25 -0700 (PDT) Received: from sector.v.gz.ru (alex21.rector.msu.ru [193.232.113.76]) by cell.sick.ru (8.12.3/8.12.3) with ESMTP id g3PAeMHY030574 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=FAIL); Thu, 25 Apr 2002 14:40:23 +0400 (MSD) Received: from ultra.v.ru (ultra.v.ru [10.0.0.99]) by sector.v.gz.ru (8.12.3/8.12.3) with ESMTP id g3PAeMXM002782 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Thu, 25 Apr 2002 14:40:22 +0400 (MSD) (envelope-from polzun@ultra.v.gz.ru) Received: from ultra.v.ru (localhost [127.0.0.1]) by ultra.v.ru (8.12.3/8.12.3) with ESMTP id g3PAeMAL016946; Thu, 25 Apr 2002 14:40:22 +0400 (MSD) (envelope-from polzun@ultra.v.ru) Received: (from polzun@localhost) by ultra.v.ru (8.12.3/8.12.3/Submit) id g3PAeHhO016945; Thu, 25 Apr 2002 14:40:17 +0400 (MSD) Date: Thu, 25 Apr 2002 14:40:17 +0400 From: Pizik Ilya To: VB Cc: freebsd-security@FreeBSD.ORG Subject: Re: patching holes Message-ID: <20020425144017.B16898@ultra.v.gz.ru> References: <20020425023911.A401@sunny.localdomain> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020425023911.A401@sunny.localdomain>; from swive@getnet.com on Thu, Apr 25, 2002 at 02:39:11AM -0700 X-Operating-System: FreeBSD ultra.v.ru 4.5-STABLE i386 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, Apr 25, 2002 at 02:39:11AM -0700, VB wrote: V> Hellow, V> V> I just installed 4.4 Release. Since this version has been out for a while, I wish to patch all security problems that have been discovered since release date and now. But I don't want to add any other ports/packages. V> V> How can I "fully" patch my system without upgrading any other ports/packages? V> V> That is, I want to add ***all and only*** security fixes to my system; how can do that efficiently? V> V> TIA, V> V> vberic V> V> PS--I am aware that some problems can be fixed only by upgrading to 4.5, e.g., stdio. I just want to patch 4.4. V> V> To Unsubscribe: send mail to majordomo@FreeBSD.org V> with "unsubscribe freebsd-security" in the body of the message Cvsup to RELENG_4_4 here is example of supfile: *default host=cvsup.freebsd.org *default release=cvs tag=RELENG_4 *default base=/usr *default prefix=/usr *default delete use-rel-suffix *default compress ## Main Source Tree src-all Also you have to make world. -- With respect, Pizik Ilya. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Apr 25 3:47:32 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.dada.it (mail2.dada.it [195.110.96.69]) by hub.freebsd.org (Postfix) with SMTP id 12AA937B417 for ; Thu, 25 Apr 2002 03:47:29 -0700 (PDT) Received: (qmail 31111 invoked from network); 25 Apr 2002 10:47:24 -0000 Received: from unknown (HELO libero.sunshine.ale) (195.110.114.252) by mail.dada.it with SMTP; 25 Apr 2002 10:47:24 -0000 Received: by libero.sunshine.ale (Postfix, from userid 1001) id 744B45F82; Thu, 25 Apr 2002 12:47:21 +0200 (CEST) Date: Thu, 25 Apr 2002 12:47:21 +0200 From: Alessandro de Manzano To: Pizik Ilya Cc: VB , freebsd-security@FreeBSD.ORG Subject: Re: patching holes Message-ID: <20020425124721.A78004@libero.sunshine.ale> Reply-To: Alessandro de Manzano References: <20020425023911.A401@sunny.localdomain> <20020425144017.B16898@ultra.v.gz.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020425144017.B16898@ultra.v.gz.ru>; from polzun@ultra.v.gz.ru on Thu, Apr 25, 2002 at 02:40:17PM +0400 X-Operating-System: FreeBSD 4.5-STABLE Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, Apr 25, 2002 at 02:40:17PM +0400, Pizik Ilya wrote: > Cvsup to RELENG_4_4 > here is example of supfile: > *default host=cvsup.freebsd.org > *default release=cvs tag=RELENG_4 wrong, should be RELENG_4_4 otherwise you get the latest -stable (now 4.5-stable) -- bye! Ale To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Apr 25 3:51:10 2002 Delivered-To: freebsd-security@freebsd.org Received: from heresy.dreamflow.nl (heresy.dreamflow.nl [62.58.36.22]) by hub.freebsd.org (Postfix) with SMTP id 4624F37B404 for ; Thu, 25 Apr 2002 03:51:03 -0700 (PDT) Received: (qmail 94711 invoked by uid 1000); 25 Apr 2002 10:51:01 -0000 Date: Thu, 25 Apr 2002 12:51:01 +0200 From: Bart Matthaei To: freebsd-security@freebsd.org Subject: GNU Screen Braille Module Buffer Overflow Vulnerability Message-ID: <20020425125101.A94677@heresy.dreamflow.nl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org http://online.securityfocus.com/cgi-bin/sfonline/vulns-item.pl?section=info&id=4578 This seems to applie to the screen in FreeBSD ports. Any word on cvs updates ? B. -- Bart Matthaei bart@dreamflow.nl Avoid reality at all costs. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Apr 25 6:12:48 2002 Delivered-To: freebsd-security@freebsd.org Received: from cell.sick.ru (cell.sick.ru [195.91.162.238]) by hub.freebsd.org (Postfix) with ESMTP id D777D37B419 for ; Thu, 25 Apr 2002 06:12:43 -0700 (PDT) Received: from sector.v.gz.ru (alex21.rector.msu.ru [193.232.113.76]) by cell.sick.ru (8.12.3/8.12.3) with ESMTP id g3PDCfHY016440 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=FAIL); Thu, 25 Apr 2002 17:12:41 +0400 (MSD) Received: from ultra.v.ru (ultra.v.ru [10.0.0.99]) by sector.v.gz.ru (8.12.3/8.12.3) with ESMTP id g3PDCfXM003225 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Thu, 25 Apr 2002 17:12:41 +0400 (MSD) (envelope-from polzun@ultra.v.gz.ru) Received: from ultra.v.ru (localhost [127.0.0.1]) by ultra.v.ru (8.12.3/8.12.3) with ESMTP id g3PDCfAL018504; Thu, 25 Apr 2002 17:12:41 +0400 (MSD) (envelope-from polzun@ultra.v.ru) Received: (from polzun@localhost) by ultra.v.ru (8.12.3/8.12.3/Submit) id g3PDCZhk018503; Thu, 25 Apr 2002 17:12:35 +0400 (MSD) Date: Thu, 25 Apr 2002 17:12:35 +0400 From: Pizik Ilya To: Alessandro de Manzano Cc: VB , freebsd-security@FreeBSD.ORG Subject: Re: patching holes Message-ID: <20020425171235.B18462@ultra.v.gz.ru> References: <20020425023911.A401@sunny.localdomain> <20020425144017.B16898@ultra.v.gz.ru> <20020425124721.A78004@libero.sunshine.ale> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020425124721.A78004@libero.sunshine.ale>; from ale@unixmania.net on Thu, Apr 25, 2002 at 12:47:21PM +0200 X-Operating-System: FreeBSD ultra.v.ru 4.5-STABLE i386 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org A> > Cvsup to RELENG_4_4 A> > here is example of supfile: A> > *default host=cvsup.freebsd.org A> > *default release=cvs tag=RELENG_4 A> A> wrong, should be RELENG_4_4 A> otherwise you get the latest -stable (now 4.5-stable) Sorry. Of course RELENG_4_4. -- With respect, Pizik Ilya. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Apr 25 6:22:48 2002 Delivered-To: freebsd-security@freebsd.org Received: from bodb.mc.mpls.visi.com (bodb.mc.mpls.visi.com [208.42.156.104]) by hub.freebsd.org (Postfix) with ESMTP id 768CB37B423 for ; Thu, 25 Apr 2002 06:22:44 -0700 (PDT) Received: from sheol.localdomain (hawkeyd-fw.dsl.visi.com [208.42.101.193]) by bodb.mc.mpls.visi.com (Postfix) with ESMTP id BE0E14FBA for ; Thu, 25 Apr 2002 08:22:38 -0500 (CDT) Received: (from hawkeyd@localhost) by sheol.localdomain (8.11.6/8.11.6) id g3PDMXA15154 for freebsd-security@freebsd.org; Thu, 25 Apr 2002 08:22:33 -0500 (CDT) (envelope-from hawkeyd) Date: Thu, 25 Apr 2002 08:22:33 -0500 From: D J Hawkey Jr To: security at FreeBSD Subject: ANN: SA-02:22.mmap patch backported through 4.1-RELEASE Message-ID: <20020425082233.A15134@sheol.localdomain> Reply-To: hawkeyd@visi.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org http://www.visi.com/~hawkeyd/freebsd-backports.html Dave -- ______________________ ______________________ \__________________ \ D. J. HAWKEY JR. / __________________/ \________________/\ hawkeyd@visi.com /\________________/ http://www.visi.com/~hawkeyd/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Apr 25 9:22:58 2002 Delivered-To: freebsd-security@freebsd.org Received: from gull.prod.itd.earthlink.net (gull.mail.pas.earthlink.net [207.217.120.84]) by hub.freebsd.org (Postfix) with ESMTP id BEC8A37B405 for ; Thu, 25 Apr 2002 09:22:51 -0700 (PDT) Received: from user-119aekg.biz.mindspring.com ([66.149.58.144] helo=ns.flncs.com) by gull.prod.itd.earthlink.net with esmtp (Exim 3.33 #2) id 170m18-0007Lu-00 for freebsd-security@freebsd.org; Thu, 25 Apr 2002 09:22:46 -0700 Received: from mlevy (cylex [12.27.148.78]) by ns.flncs.com (Postfix) with SMTP id 8D467529E for ; Thu, 25 Apr 2002 11:58:19 -0400 (EDT) Message-ID: <01ca01c1ec71$d08b6360$fd6e34c6@mlevy> From: "Moti" To: Subject: bind9 in a chroot ? Date: Thu, 25 Apr 2002 11:54:57 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org o.k i followed the instructions and i'm quite sure i have it all right ( dns working and all ) question is : how do i verify that my bind is really running chrooted ? will ps -auxw |grep named output -> bind 170 0.0 2.1 3228 2604 ?? Ss 11:52AM 0:00.12 /usr/local/sbin/named -u bind -c /etc/namedb/named.conf -t /etc/chroot be enough ? Moti To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Apr 25 10:43:11 2002 Delivered-To: freebsd-security@freebsd.org Received: from ares.blahz.ab.ca (h24-64-95-168.cg.shawcable.net [24.64.95.168]) by hub.freebsd.org (Postfix) with SMTP id 2D1CB37B404 for ; Thu, 25 Apr 2002 10:43:07 -0700 (PDT) Received: (qmail 11550 invoked from network); 25 Apr 2002 17:43:10 -0000 Received: from unknown (HELO zeus) (24.64.93.70) by h24-64-95-168.cg.shawcable.net with SMTP; 25 Apr 2002 17:43:10 -0000 From: "Mike Roest" To: "'Moti'" , Subject: RE: bind9 in a chroot ? Date: Thu, 25 Apr 2002 11:43:08 -0600 Message-ID: <000401c1ec80$ac5c8c80$465d4018@zeus> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal In-Reply-To: <01ca01c1ec71$d08b6360$fd6e34c6@mlevy> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Yep it is running in the chroot. The -t /etc/chroot shows that. I think that's the only real way to tell --Mike -----Original Message----- From: owner-freebsd-security@FreeBSD.ORG [mailto:owner-freebsd-security@FreeBSD.ORG] On Behalf Of Moti Sent: Thursday, April 25, 2002 9:55 AM To: freebsd-security@freebsd.org Subject: bind9 in a chroot ? o.k i followed the instructions and i'm quite sure i have it all right ( dns working and all ) question is : how do i verify that my bind is really running chrooted ? will ps -auxw |grep named output -> bind 170 0.0 2.1 3228 2604 ?? Ss 11:52AM 0:00.12 /usr/local/sbin/named -u bind -c /etc/namedb/named.conf -t /etc/chroot be enough ? Moti To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Apr 25 10:53:20 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.getnet.net (mail.getnet.net [63.137.32.10]) by hub.freebsd.org (Postfix) with SMTP id 05F5837B422 for ; Thu, 25 Apr 2002 10:52:48 -0700 (PDT) Received: (qmail 25708 invoked from network); 25 Apr 2002 17:52:47 -0000 Received: from 216-19-216-10.getnet.net (HELO sunny.localdomain) (216.19.216.10) by 0 with SMTP; 25 Apr 2002 17:52:47 -0000 Received: (from rooot@localhost) by sunny.localdomain (8.11.6/8.11.6) id g3PHqLa52211 for freebsd-security@freebsd.org; Thu, 25 Apr 2002 10:52:21 -0700 (MST) (envelope-from swive@getnet.com) X-Authentication-Warning: sunny.localdomain: rooot set sender to swive@getnet.com using -f Date: Thu, 25 Apr 2002 10:52:21 -0700 From: VB To: freebsd-security@freebsd.org Subject: Re: patching holes Hmmmm Message-ID: <20020425105221.C9246@sunny.localdomain> References: <20020425023911.A401@sunny.localdomain> <20020425144017.B16898@ultra.v.gz.ru> <20020425124721.A78004@libero.sunshine.ale> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020425124721.A78004@libero.sunshine.ale>; from ale@unixmania.net on Thu, Apr 25, 2002 at 12:47:21PM +0200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, Apr 25, 2002 at 12:47:21PM +0200, Alessandro de Manzano wrote: > On Thu, Apr 25, 2002 at 02:40:17PM +0400, Pizik Ilya wrote: > > > Cvsup to RELENG_4_4 > > here is example of supfile: > > *default host=cvsup.freebsd.org > > *default release=cvs tag=RELENG_4 > > wrong, should be RELENG_4_4 > otherwise you get the latest -stable (now 4.5-stable) > Last time I tried to make world I ran into some problems with smmsp user. So beefore I try that again, I would like to patch using "patch". I downloaded the patches for 4.4, cd'd into /usr/src, then did e.g., "patch < FreeBSD-SA-01:59.rmusr.v1.1.asc". But when I do this for any of the patches, I get "hmmm I don't see a patch in there anywhere." What do I do about this? tia, vberic > -- > > bye! > > Ale To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Apr 25 11: 3:40 2002 Delivered-To: freebsd-security@freebsd.org Received: from secure.stargate.net (secure.stargate.net [209.166.165.218]) by hub.freebsd.org (Postfix) with SMTP id EDF9B37B419 for ; Thu, 25 Apr 2002 11:03:29 -0700 (PDT) Received: (qmail 30256 invoked from network); 25 Apr 2002 18:03:56 -0000 Received: from interrogation.ws.pitdc1.stargate.net (209.166.165.215) by secure.stargate.net with SMTP; 25 Apr 2002 18:03:56 -0000 Subject: RE: bind9 in a chroot ? From: SecLists To: Mike Roest Cc: 'Moti' , freebsd-security@freebsd.org In-Reply-To: <000401c1ec80$ac5c8c80$465d4018@zeus> References: <000401c1ec80$ac5c8c80$465d4018@zeus> Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Ximian Evolution 1.0.4.99 Date: 25 Apr 2002 14:09:06 -0400 Message-Id: <1019758146.9372.23.camel@interrogation.ws.pitdc1.stargate.net> Mime-Version: 1.0 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org You can use lsof to view all open files used by named... if you do that you will see that it is not actually chrooted at all... using the same option with bind9 built from source on OpenBSD, and chrooted into /var/named by the -t option: (root@doberman) ~ # lsof | grep named named 18211 named cwd VDIR 0,20 512 1140352 /var (/dev/wd1e) named 18211 named rtd VDIR 0,20 512 1140352 /var (/dev/wd1e) named 18211 named txt VREG 0,19 5892042 719229 /usr (/dev/wd1d) named 18211 named txt VREG 0,19 61440 1374538 /usr/libexec/ld.so named 18211 named txt VREG 0,20 6429 1163022 /var/run/ld.so.hints named 18211 named txt VREG 0,19 594040 1669247 /usr/lib/libc.so.26.2 You can see that the process is actually accessing files in /usr and /var that are outside of the chroot jail... To do it better than this: http://www.tldp.org/HOWTO/Chroot-BIND-HOWTO-1.html thanks, shawn On Thu, 2002-04-25 at 13:43, Mike Roest wrote: > Yep it is running in the chroot. The -t /etc/chroot shows that. I > think that's the only real way to tell > > --Mike > > -----Original Message----- > From: owner-freebsd-security@FreeBSD.ORG > [mailto:owner-freebsd-security@FreeBSD.ORG] On Behalf Of Moti > Sent: Thursday, April 25, 2002 9:55 AM > To: freebsd-security@freebsd.org > Subject: bind9 in a chroot ? > > > o.k > i followed the instructions and i'm quite sure i have it all right ( dns > working and all ) > question is : how do i verify that my bind is really running chrooted ? > will ps -auxw |grep named output -> bind 170 0.0 2.1 3228 2604 ?? > Ss > 11:52AM 0:00.12 /usr/local/sbin/named -u bind -c > /etc/namedb/named.conf -t > /etc/chroot > be enough ? > Moti > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Apr 25 11:22:32 2002 Delivered-To: freebsd-security@freebsd.org Received: from snipe.prod.itd.earthlink.net (snipe.mail.pas.earthlink.net [207.217.120.62]) by hub.freebsd.org (Postfix) with ESMTP id 09D9737B41D for ; Thu, 25 Apr 2002 11:21:29 -0700 (PDT) Received: from user-119aekg.biz.mindspring.com ([66.149.58.144] helo=ns.flncs.com) by snipe.prod.itd.earthlink.net with esmtp (Exim 3.33 #2) id 170nrw-0004qw-00; Thu, 25 Apr 2002 11:21:24 -0700 Received: from mlevy (cylex [12.27.148.78]) by ns.flncs.com (Postfix) with SMTP id 8D6525576; Thu, 25 Apr 2002 14:24:42 -0400 (EDT) Message-ID: <022001c1ec86$42f99430$fd6e34c6@mlevy> From: "Moti" To: "SecLists" , References: <000401c1ec80$ac5c8c80$465d4018@zeus> <1019758146.9372.23.camel@interrogation.ws.pitdc1.stargate.net> Subject: Re: bind9 in a chroot ? Date: Thu, 25 Apr 2002 14:20:09 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ----- Original Message ----- From: "SecLists" To: "Mike Roest" Cc: "'Moti'" ; Sent: Thursday, April 25, 2002 2:09 PM Subject: RE: bind9 in a chroot ? > You can use lsof to view all open files used by named... if you do that > you will see that it is not actually chrooted at all... using the same > option with bind9 built from source on OpenBSD, and chrooted into > /var/named by the -t option: > > (root@doberman) ~ # lsof | grep named > named 18211 named cwd VDIR 0,20 512 1140352 /var > (/dev/wd1e) > named 18211 named rtd VDIR 0,20 512 1140352 /var > (/dev/wd1e) > named 18211 named txt VREG 0,19 5892042 719229 /usr > (/dev/wd1d) > named 18211 named txt VREG 0,19 61440 1374538 > /usr/libexec/ld.so > named 18211 named txt VREG 0,20 6429 1163022 > /var/run/ld.so.hints > named 18211 named txt VREG 0,19 594040 1669247 > /usr/lib/libc.so.26.2 > > You can see that the process is actually accessing files in /usr and > /var that are outside of the chroot jail... > i did not get this part -> ----------------------------------------------------------------- > To do it better than this: > http://www.tldp.org/HOWTO/Chroot-BIND-HOWTO-1.html ------------------------------------------------------------------ what do you mean to do this better than this ? do you have a better way or is this the btter way ? > > thanks, > shawn > > On Thu, 2002-04-25 at 13:43, Mike Roest wrote: > > Yep it is running in the chroot. The -t /etc/chroot shows that. I > > think that's the only real way to tell > > > > --Mike > > > > -----Original Message----- > > From: owner-freebsd-security@FreeBSD.ORG > > [mailto:owner-freebsd-security@FreeBSD.ORG] On Behalf Of Moti > > Sent: Thursday, April 25, 2002 9:55 AM > > To: freebsd-security@freebsd.org > > Subject: bind9 in a chroot ? > > > > > > o.k > > i followed the instructions and i'm quite sure i have it all right ( dns > > working and all ) > > question is : how do i verify that my bind is really running chrooted ? > > will ps -auxw |grep named output -> bind 170 0.0 2.1 3228 2604 ?? > > Ss > > 11:52AM 0:00.12 /usr/local/sbin/named -u bind -c > > /etc/namedb/named.conf -t > > /etc/chroot > > be enough ? > > Moti > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Apr 25 11:42:37 2002 Delivered-To: freebsd-security@freebsd.org Received: from doberman.codepiranha.org (doberman.codepiranha.org [216.151.95.145]) by hub.freebsd.org (Postfix) with SMTP id 727A337B400 for ; Thu, 25 Apr 2002 11:42:27 -0700 (PDT) Received: (qmail 313 invoked from network); 25 Apr 2002 19:44:01 -0000 Received: from pitbull.codepiranha.org (208.40.169.145) by doberman.codepiranha.org with SMTP; 25 Apr 2002 19:44:01 -0000 Subject: Re: bind9 in a chroot ? From: Shawn Duffy To: Moti Cc: SecLists , freebsd-security@freebsd.org In-Reply-To: <022001c1ec86$42f99430$fd6e34c6@mlevy> References: <000401c1ec80$ac5c8c80$465d4018@zeus> <1019758146.9372.23.camel@interrogation.ws.pitdc1.stargate.net> <022001c1ec86$42f99430$fd6e34c6@mlevy> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-9qx1fO3SFYjcBPKDBMMW" X-Mailer: Ximian Evolution 1.0.4.99 Date: 25 Apr 2002 14:46:42 -0400 Message-Id: <1019760403.8333.1.camel@pitbull.codepiranha.org> Mime-Version: 1.0 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --=-9qx1fO3SFYjcBPKDBMMW Content-Type: text/plain Content-Transfer-Encoding: quoted-printable (emailing from a different account) Yes, what I meant to say was that the link provided a better way to chroot dns... thanks, shawn On Thu, 2002-04-25 at 14:20, Moti wrote: >=20 > ----- Original Message ----- > From: "SecLists" > To: "Mike Roest" > Cc: "'Moti'" ; > Sent: Thursday, April 25, 2002 2:09 PM > Subject: RE: bind9 in a chroot ? >=20 >=20 > > You can use lsof to view all open files used by named... if you do that > > you will see that it is not actually chrooted at all... using the same > > option with bind9 built from source on OpenBSD, and chrooted into > > /var/named by the -t option: > > > > (root@doberman) ~ # lsof | grep named > > named 18211 named cwd VDIR 0,20 512 1140352 /va= r > > (/dev/wd1e) > > named 18211 named rtd VDIR 0,20 512 1140352 /va= r > > (/dev/wd1e) > > named 18211 named txt VREG 0,19 5892042 719229 /us= r > > (/dev/wd1d) > > named 18211 named txt VREG 0,19 61440 1374538 > > /usr/libexec/ld.so > > named 18211 named txt VREG 0,20 6429 1163022 > > /var/run/ld.so.hints > > named 18211 named txt VREG 0,19 594040 1669247 > > /usr/lib/libc.so.26.2 > > > > You can see that the process is actually accessing files in /usr and > > /var that are outside of the chroot jail... > > > i did not get this part -> > ----------------------------------------------------------------- > > To do it better than this: > > http://www.tldp.org/HOWTO/Chroot-BIND-HOWTO-1.html > ------------------------------------------------------------------ > what do you mean to do this better than this ? > do you have a better way or is this the btter way ? >=20 > > > > thanks, > > shawn > > > > On Thu, 2002-04-25 at 13:43, Mike Roest wrote: > > > Yep it is running in the chroot. The -t /etc/chroot shows that. I > > > think that's the only real way to tell > > > > > > --Mike > > > > > > -----Original Message----- > > > From: owner-freebsd-security@FreeBSD.ORG > > > [mailto:owner-freebsd-security@FreeBSD.ORG] On Behalf Of Moti > > > Sent: Thursday, April 25, 2002 9:55 AM > > > To: freebsd-security@freebsd.org > > > Subject: bind9 in a chroot ? > > > > > > > > > o.k > > > i followed the instructions and i'm quite sure i have it all right ( = dns > > > working and all ) > > > question is : how do i verify that my bind is really running chrooted= ? > > > will ps -auxw |grep named output -> bind 170 0.0 2.1 3228 2604 = ?? > > > Ss > > > 11:52AM 0:00.12 /usr/local/sbin/named -u bind -c > > > /etc/namedb/named.conf -t > > > /etc/chroot > > > be enough ? > > > Moti > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-security" in the body of the message > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-security" in the body of the message > > > > > > > > >=20 >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message --=20 email: pakkit at codepiranha dot org web: http://codepiranha.org/~pakkit pgp key: getkey-pakkit@codepiranha.org pgp: 8988 6FB6 3CFE FE6D 548E 98FB CCE9 6CA9 98FC 665A --=-9qx1fO3SFYjcBPKDBMMW Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQA8yE8SzOlsqZj8ZloRApgcAJ9V9QRcF3B3V9mlE+IdRUxYX40iQQCgoHCI Hw/RLHbn49ze+n4Ebd2868w= =uL1g -----END PGP SIGNATURE----- --=-9qx1fO3SFYjcBPKDBMMW-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Apr 25 11:59:13 2002 Delivered-To: freebsd-security@freebsd.org Received: from goanga.com (goanga.com [193.231.240.30]) by hub.freebsd.org (Postfix) with ESMTP id 2407B37B47B for ; Thu, 25 Apr 2002 11:58:57 -0700 (PDT) Received: from abc.ro (goanga.com [193.231.240.30]) by goanga.com (8.11.3/8.11.3) with ESMTP id g3PIwlg58506 for ; Thu, 25 Apr 2002 21:58:53 +0300 (EEST) (envelope-from andrei@abc.ro) Message-ID: <3CC851E7.3529C7AB@abc.ro> Date: Thu, 25 Apr 2002 21:58:47 +0300 From: ANdrei Organization: Cronon AG - tech department X-Mailer: Mozilla 4.78 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: de, ro, en MIME-Version: 1.0 To: security@freebsd.org Subject: apache Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org let me give you a scenario that i want solved :) i have a webserver that needs to run apache with SSL (httpd -SSL, if i remember correctly), but the server is not considered to be secure enough to have an unencrypted key on it's hard drives... so the key is crypted, but then, again, apache is unable to start with SSL enabled if somebody doesn't enter the passphrase by hand... i'm talking about apache with mod-ssl, it's one of many big servers, and any minute of it not being up is a big pain in the ass, so starting apache on every server every time by entering the passphrase by hand is not what i am looking for... starting it from a script where the passphrase is plain text is also considered to be insecure for what i need.... hope smbd had this problem already :) ANdrei and smtg else: i think it would be a great thing for this list and the community if people here stop saying shitwords to each other... if someone's annoying you, say it, but say it nicely, or ignore him... guess most of us feel this way... discussions should be constructive, not a desperate search for weak points in the ideas of others or a search for the "best invective", so they end up imho as "almost spam" when considering this is a "security" list... (don't think of anybody special) ----------------------------------[ http://www.goanga.com ]-- Never take life seriously. _ _ Nobody gets out alive anyway. o' \.=./ `o (o o) -----------------------------------------ooO--(_)--Ooo------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Apr 25 12: 7:19 2002 Delivered-To: freebsd-security@freebsd.org Received: from 12-234-22-238.client.attbi.com (12-234-90-219.client.attbi.com [12.234.90.219]) by hub.freebsd.org (Postfix) with ESMTP id EBA7537B400 for ; Thu, 25 Apr 2002 12:07:15 -0700 (PDT) Received: from Master.gorean.org (master.gorean.org [10.0.0.2]) by 12-234-22-238.client.attbi.com (8.12.2/8.12.2) with ESMTP id g3PJ70Ht090499; Thu, 25 Apr 2002 12:07:00 -0700 (PDT) (envelope-from DougB@FreeBSD.org) Received: from Master.gorean.org (zoot [127.0.0.1]) by Master.gorean.org (8.12.2/8.12.2) with ESMTP id g3PJ72Lr069849; Thu, 25 Apr 2002 12:07:02 -0700 (PDT) (envelope-from DougB@FreeBSD.org) Received: from localhost (doug@localhost) by Master.gorean.org (8.12.2/8.12.2/Submit) with ESMTP id g3PJ70Z1069846; Thu, 25 Apr 2002 12:07:02 -0700 (PDT) X-Authentication-Warning: Master.gorean.org: doug owned process doing -bs Date: Thu, 25 Apr 2002 12:07:00 -0700 (PDT) From: Doug Barton X-X-Sender: doug@master.gorean.org To: ANdrei Cc: security@FreeBSD.org Subject: Re: apache In-Reply-To: <3CC851E7.3529C7AB@abc.ro> Message-ID: <20020425120502.B69694-100000@master.gorean.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org [ I'm sorry to say, this topic isn't appropriate for freebsd mailing lists. It's purely an apache question. ] On Thu, 25 Apr 2002, ANdrei wrote: > let me give you a scenario that i want solved :) > > i have a webserver that needs to run apache with SSL (httpd -SSL, if i > remember correctly), but the server is not considered to be secure > enough to have an unencrypted key on it's hard drives... so the key is > crypted, but then, again, apache is unable to start with SSL enabled if > somebody doesn't enter the passphrase by hand... i'm talking about > apache with mod-ssl, it's one of many big servers, and any minute of it > not being up is a big pain in the ass, so starting apache on every > server every time by entering the passphrase by hand is not what i am > looking for... starting it from a script where the passphrase is plain > text is also considered to be insecure for what i need.... You can't have it both ways. If you want the key to be encrypted, the password has to be entered when the server starts up. Any automated solution would be sufficiently insecure by nature, and roughly equivalent to leaving the password unencrypted. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Apr 25 12:14: 7 2002 Delivered-To: freebsd-security@freebsd.org Received: from goanga.com (goanga.com [193.231.240.30]) by hub.freebsd.org (Postfix) with ESMTP id E7DA837B404 for ; Thu, 25 Apr 2002 12:14:01 -0700 (PDT) Received: from abc.ro (goanga.com [193.231.240.30]) by goanga.com (8.11.3/8.11.3) with ESMTP id g3PJE0g58536 for ; Thu, 25 Apr 2002 22:14:00 +0300 (EEST) (envelope-from andrei@abc.ro) Message-ID: <3CC85578.C97F75E3@abc.ro> Date: Thu, 25 Apr 2002 22:14:00 +0300 From: ANdrei Organization: Cronon AG - tech department X-Mailer: Mozilla 4.78 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: de, ro, en MIME-Version: 1.0 To: security@freebsd.org Subject: sorry Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org [ I'm sorry to say, this topic isn't appropriate for freebsd mailing lists. It's purely an apache question. ] hmmm, sorry for the unappropiate post... i didn't pay attention that it is purely apache :) tks anyway! ANdrei To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Apr 25 12:15:20 2002 Delivered-To: freebsd-security@freebsd.org Received: from shady.org (closed-networks.com [195.167.170.242]) by hub.freebsd.org (Postfix) with SMTP id 399A237B426 for ; Thu, 25 Apr 2002 12:14:28 -0700 (PDT) Received: (qmail 40462 invoked by uid 1000); 25 Apr 2002 19:18:19 -0000 Date: Thu, 25 Apr 2002 20:18:19 +0100 From: Marc Rogers To: ANdrei Cc: freebsd-security@freebsd.org Subject: Re: apache Message-ID: <20020425201819.B9744@closed-networks.com> References: <3CC851E7.3529C7AB@abc.ro> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3CC851E7.3529C7AB@abc.ro>; from andrei@abc.ro on Thu, Apr 25, 2002 at 09:58:47PM +0300 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, Apr 25, 2002 at 09:58:47PM +0300, ANdrei wrote: > let me give you a scenario that i want solved :) > > i have a webserver that needs to run apache with SSL (httpd -SSL, if i > remember correctly), but the server is not considered to be secure > enough to have an unencrypted key on it's hard drives... so the key is > crypted, but then, again, apache is unable to start with SSL enabled if > somebody doesn't enter the passphrase by hand... i'm talking about > apache with mod-ssl, it's one of many big servers, and any minute of it > not being up is a big pain in the ass, so starting apache on every > server every time by entering the passphrase by hand is not what i am > looking for... starting it from a script where the passphrase is plain > text is also considered to be insecure for what i need.... Unfortunately you are either going to have to get a human to do it, or commit the passphrase to a program or script. You can obfuscate the passphrase as much as you like but one way or other the key to the passphrase ends up being stored in a program. The solution that i opted for was to create a server on a secure network that acted as the key manager for the secure webservers. The system was kept off the normal network, and only had ssh access to the machines on the private network. No services ran on the machine appart from an sshd accessable through a gateway. This machine periodically checked to see if the secure servers were running and if not, logged in via ssh and restarted them with the passphrase. Not wonderfully elegant, but necessary and secure enough for its purpose. > > hope smbd had this problem already :) > Im sure many people have had this problem. Better solutions anyone? > ANdrei > Marc -- Marc Rogers Vizzavi UK www.itv.com/popidol To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Apr 25 12:32:46 2002 Delivered-To: freebsd-security@freebsd.org Received: from a2.scoop.co.nz (aurora.scoop.co.nz [203.96.152.68]) by hub.freebsd.org (Postfix) with ESMTP id 9134937B419 for ; Thu, 25 Apr 2002 12:32:31 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by a2.scoop.co.nz (8.12.2/8.12.2) with ESMTP id g3PJWBOc022964; Fri, 26 Apr 2002 07:32:11 +1200 (NZST) (envelope-from andrew@scoop.co.nz) Date: Fri, 26 Apr 2002 07:32:11 +1200 (NZST) From: Andrew McNaughton X-X-Sender: andrew@a2 To: ANdrei Cc: security@FreeBSD.ORG Subject: Re: apache In-Reply-To: <3CC851E7.3529C7AB@abc.ro> Message-ID: <20020426072641.W22173-100000@a2> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, 25 Apr 2002, ANdrei wrote: > let me give you a scenario that i want solved :) > > i have a webserver that needs to run apache with SSL (httpd -SSL, if i > remember correctly), but the server is not considered to be secure > enough to have an unencrypted key on it's hard drives... so the key is > crypted, but then, again, apache is unable to start with SSL enabled if > somebody doesn't enter the passphrase by hand... i'm talking about > apache with mod-ssl, it's one of many big servers, and any minute of it > not being up is a big pain in the ass, so starting apache on every > server every time by entering the passphrase by hand is not what i am > looking for... starting it from a script where the passphrase is plain > text is also considered to be insecure for what i need.... Either your server has access to the key or it doesn't. If your server has access to the key then someone who gets root on the box can get the key. There is NO way around this. If you think it's any improvement, you can have your script contact another box for the passphrase, and that will mean you can at least log the event reliably. It might still involve human entry of the passphrase, but at least you can centralise that. Andrew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Apr 25 14:50:15 2002 Delivered-To: freebsd-security@freebsd.org Received: from drugs.dv.isc.org (drugs.dv.isc.org [130.155.191.236]) by hub.freebsd.org (Postfix) with ESMTP id E785937B417 for ; Thu, 25 Apr 2002 14:49:58 -0700 (PDT) Received: from isc.org (localhost.dv.isc.org [127.0.0.1]) by drugs.dv.isc.org (8.11.6/8.11.2) with ESMTP id g3PLnLx78490; Fri, 26 Apr 2002 07:49:24 +1000 (EST) (envelope-from marka@isc.org) Message-Id: <200204252149.g3PLnLx78490@drugs.dv.isc.org> To: SecLists Cc: Mike Roest , "'Moti'" , freebsd-security@freebsd.org From: Mark.Andrews@isc.org Subject: Re: bind9 in a chroot ? In-reply-to: Your message of "25 Apr 2002 14:09:06 -0400." <1019758146.9372.23.camel@interrogation.ws.pitdc1.stargate.net> Date: Fri, 26 Apr 2002 07:49:21 +1000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > You can use lsof to view all open files used by named... if you do that > you will see that it is not actually chrooted at all... Please retract this mis-statement. It *is* chrooted. You should learn to read the output of your tools. See the entry with 'rtd'. That's the root directory for this process. You will note that it says that the root directory for this process lives on the /var filesystem. As for the other entries. They are the text image of the process. Mark > using the same > option with bind9 built from source on OpenBSD, and chrooted into > /var/named by the -t option: > > (root@doberman) ~ # lsof | grep named > named 18211 named cwd VDIR 0,20 512 1140352 /var > (/dev/wd1e) > named 18211 named rtd VDIR 0,20 512 1140352 /var > (/dev/wd1e) > named 18211 named txt VREG 0,19 5892042 719229 /usr > (/dev/wd1d) > named 18211 named txt VREG 0,19 61440 1374538 > /usr/libexec/ld.so > named 18211 named txt VREG 0,20 6429 1163022 > /var/run/ld.so.hints > named 18211 named txt VREG 0,19 594040 1669247 > /usr/lib/libc.so.26.2 > > You can see that the process is actually accessing files in /usr and > /var that are outside of the chroot jail... > > To do it better than this: > http://www.tldp.org/HOWTO/Chroot-BIND-HOWTO-1.html > > thanks, > shawn > > On Thu, 2002-04-25 at 13:43, Mike Roest wrote: > > Yep it is running in the chroot. The -t /etc/chroot shows that. I > > think that's the only real way to tell > > > > --Mike > > > > -----Original Message----- > > From: owner-freebsd-security@FreeBSD.ORG > > [mailto:owner-freebsd-security@FreeBSD.ORG] On Behalf Of Moti > > Sent: Thursday, April 25, 2002 9:55 AM > > To: freebsd-security@freebsd.org > > Subject: bind9 in a chroot ? > > > > > > o.k > > i followed the instructions and i'm quite sure i have it all right ( dns > > working and all ) > > question is : how do i verify that my bind is really running chrooted ? > > will ps -auxw |grep named output -> bind 170 0.0 2.1 3228 2604 ?? > > Ss > > 11:52AM 0:00.12 /usr/local/sbin/named -u bind -c > > /etc/namedb/named.conf -t > > /etc/chroot > > be enough ? > > Moti > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Mark Andrews, Internet Software Consortium 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews@isc.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Apr 25 16: 2:19 2002 Delivered-To: freebsd-security@freebsd.org Received: from cell.sick.ru (cell.sick.ru [195.91.162.238]) by hub.freebsd.org (Postfix) with ESMTP id 533E737B41A for ; Thu, 25 Apr 2002 16:02:10 -0700 (PDT) Received: from sector.v.gz.ru (alex21.rector.msu.ru [193.232.113.76]) by cell.sick.ru (8.12.3/8.12.3) with ESMTP id g3PN26HY000817 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=FAIL); Fri, 26 Apr 2002 03:02:07 +0400 (MSD) Received: from ultra.v.ru (ultra.v.ru [10.0.0.99]) by sector.v.gz.ru (8.12.3/8.12.3) with ESMTP id g3PN25XQ005781 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Fri, 26 Apr 2002 03:02:06 +0400 (MSD) (envelope-from polzun@ultra.v.gz.ru) Received: from ultra.v.ru (localhost [127.0.0.1]) by ultra.v.ru (8.12.3/8.12.3) with ESMTP id g3PIboAL091017; Thu, 25 Apr 2002 22:37:50 +0400 (MSD) (envelope-from polzun@ultra.v.ru) Received: (from polzun@localhost) by ultra.v.ru (8.12.3/8.12.3/Submit) id g3PIbf7I091016; Thu, 25 Apr 2002 22:37:41 +0400 (MSD) Date: Thu, 25 Apr 2002 22:37:41 +0400 From: Pizik Ilya To: VB Cc: freebsd-security@FreeBSD.ORG Subject: Re: patching holes Hmmmm Message-ID: <20020425223741.A90997@ultra.v.gz.ru> References: <20020425023911.A401@sunny.localdomain> <20020425144017.B16898@ultra.v.gz.ru> <20020425124721.A78004@libero.sunshine.ale> <20020425105221.C9246@sunny.localdomain> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020425105221.C9246@sunny.localdomain>; from swive@getnet.com on Thu, Apr 25, 2002 at 10:52:21AM -0700 X-Operating-System: FreeBSD ultra.v.ru 4.5-STABLE i386 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org V> Last time I tried to make world I ran into some problems with smmsp user. So beefore I try that again, I would like to patch using "patch". I downloaded the patches for 4.4, cd'd into /usr/src, then did e.g., "patch < FreeBSD-SA-01:59.rmusr.v1.1.asc". But when I do this for any of the patches, I get "hmmm I don't see a patch in there anywhere." What do I do about this? look at ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01%3A59.rmuser.v1.1.asc please read it carefuly... # cd /usr/src/usr.sbin/adduser # patch -p < /path/to/patch # make depend && make all install If you want to update system, so: man mergemaster mergemaster cd /usr/src make world make kernel -- With respect, Pizik Ilya. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Apr 25 16:53:13 2002 Delivered-To: freebsd-security@freebsd.org Received: from blacklamb.mykitchentable.net (ekgr-dsl2-92.citlink.net [207.173.226.92]) by hub.freebsd.org (Postfix) with ESMTP id 6EDC437B41E for ; Thu, 25 Apr 2002 16:53:06 -0700 (PDT) Received: from tagalong (unknown [165.107.42.110]) by blacklamb.mykitchentable.net (Postfix) with SMTP id 35F3DEE5A1 for ; Thu, 25 Apr 2002 16:53:03 -0700 (PDT) Message-ID: <020501c1ecb4$4e21a220$6e2a6ba5@lc.ca.gov> From: "Drew Tomlinson" To: Subject: Stateful IPFW Firewall Assistance Date: Thu, 25 Apr 2002 16:52:47 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I'm trying to fine-tune my firewall and am hoping for a little advice regarding stateful behavior. I built this rule set based upon an example by Peter Brezny I found on the web so it may look familar. Here's my current network setup: ISP | | Public DHCP address | 3Com ADSL Modem/Router (Router performs NAT and passes packets to 10.2 by default) | (192.168.10.1) | | | (ed1 192.168.10.2) FBSD Gateway | (ed0 192.168.1.2) | | Internal LAN And here are my current firewall rules: 00100 allow ip from any to any via lo0 00200 deny log ip from any to 127.0.0.0/8 00300 deny log ip from 192.168.1.0/24 to any in recv ed1 00400 deny log ip from not 192.168.1.0/24 to any in recv ed0 00500 allow tcp from any to any established 00600 allow tcp from any to 192.168.1.0/24 21,22,25,80,143,389,443,993 setup 00700 allow tcp from any to 192.168.10.2 21,22 setup 00800 allow icmp from any to any icmptype 3,4,11,12 00900 allow icmp from any to any out icmptype 8 01000 allow icmp from any to any in icmptype 0 01100 reset log tcp from any to any 113 01200 allow udp from 206.13.19.133 123 to 192.168.10.2 123 01300 allow udp from 165.227.1.1 123 to 192.168.10.2 123 01400 allow udp from 63.192.96.2 123 to 192.168.10.2 123 01500 allow udp from 63.192.96.3 123 to 192.168.10.2 123 01600 allow udp from 132.239.254.49 123 to 192.168.10.2 123 01700 allow udp from 192.168.10.1 to any 01800 allow udp from any to 192.168.10.1 01900 check-state 02000 allow ip from 192.168.10.2 to any keep-state out xmit ed1 02100 allow ip from 192.168.1.0/24 to any keep-state via ed0 65500 deny log ip from any to any In reading the ipfw man page, it tells me that "established" matches any packet that has the RST or ACK bit set which is normal TCP traffic. However this seems like it would be pretty easy to fake. In this case, my rule 00500 leaves me pretty wide open? My thought is to change rules 00500-00700 to use check-state and keep-state so the rules look like this: 00450 check-state 00500 deny tcp from any to any established 00600 allow tcp from any to 192.168.1.0/24 21,22,25,80,143,389,443,993 setup keep-state 00700 allow tcp from any to 192.168.10.2 21,22 setup keep-state However, I don't understand how this will affect the rest of the rules, especially 01900-02000. I'd appreciate any comments on this issue. Thanks, Drew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Apr 25 17:46:43 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.getnet.net (mail.getnet.net [63.137.32.10]) by hub.freebsd.org (Postfix) with SMTP id C1C2437B440 for ; Thu, 25 Apr 2002 17:46:32 -0700 (PDT) Received: (qmail 337 invoked from network); 26 Apr 2002 00:46:31 -0000 Received: from 216-19-216-10.getnet.net (HELO sunny.localdomain) (216.19.216.10) by 0 with SMTP; 26 Apr 2002 00:46:31 -0000 Received: (from rooot@localhost) by sunny.localdomain (8.11.6/8.11.6) id g3Q0k4u30610 for freebsd-security@freebsd.org; Thu, 25 Apr 2002 17:46:04 -0700 (MST) (envelope-from swive@getnet.com) X-Authentication-Warning: sunny.localdomain: rooot set sender to swive@getnet.com using -f Date: Thu, 25 Apr 2002 17:46:03 -0700 From: VB To: freebsd-security@freebsd.org Subject: not receiving messages Message-ID: <20020425174603.A84784@sunny.localdomain> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I went and checked the security archives for today and I am not receiving some messages from the security list too. The archive shows messages sent by you all today and by me that I know I did not receive in my inbox. vberic To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Apr 25 18:17: 9 2002 Delivered-To: freebsd-security@freebsd.org Received: from server.cisinc.com.tw (www.cisinc.com.tw [211.72.176.178]) by hub.freebsd.org (Postfix) with ESMTP id A576637B404 for ; Thu, 25 Apr 2002 18:17:04 -0700 (PDT) Received: from localhost (89.c218-184-32.ethome.net.tw [218.184.32.89]) (authenticated (0 bits)) by server.cisinc.com.tw (8.12.1/8.11.6) with ESMTP id g3Q1Guuw045542 for ; Fri, 26 Apr 2002 09:17:02 +0800 (CST) (envelope-from issacchi@cisinc.com.tw) Message-ID: <004801c1ecc0$0f4c0200$0100007f@et.com> From: "Chi Mn Sh" To: Subject: sql injection Date: Fri, 26 Apr 2002 09:16:51 +0800 MIME-Version: 1.0 Content-Type: text/plain; charset="big5" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, My freind told me that PHP with "magic_quotes_gpc" on can prevent any sql injection. Is it true? Thanks for the answers. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Apr 25 19:40:27 2002 Delivered-To: freebsd-security@freebsd.org Received: from rwcrmhc52.attbi.com (rwcrmhc52.attbi.com [216.148.227.88]) by hub.freebsd.org (Postfix) with ESMTP id E1FC437B420 for ; Thu, 25 Apr 2002 19:40:10 -0700 (PDT) Received: from InterJet.elischer.org ([12.232.206.8]) by rwcrmhc52.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020426024010.UQMQ12183.rwcrmhc52.attbi.com@InterJet.elischer.org> for ; Fri, 26 Apr 2002 02:40:10 +0000 Received: from localhost (localhost.elischer.org [127.0.0.1]) by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id TAA45405 for ; Thu, 25 Apr 2002 19:32:13 -0700 (PDT) Date: Thu, 25 Apr 2002 19:32:11 -0700 (PDT) From: Julian Elischer To: security@freebsd.org Subject: RELENG_4_4 Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi I just wanteed to thank you for making the RELENG_4_4 branch and checking in all teh security patches to it.. it has greatly simplified my life.. also: I'd like ot ask if you can please keep that branch alive for as long as possible. We have a lot of custommers on 4.4 and 4.1.1 We will be moving those on 4.1.1 to 4.4 so that they are all at the same level, but we cannot move them up to 4.5 or 4.8 or whatever for at least another 18 months as they don't upgrade production systems more than once on 2 years in general. Just to let you know who will be running on 4.4 and relying on that branch and why I'd like you to make an effort to keep it alive (I notice releng_4_3 has been dropped) I can just say that 4 of the largest banks in the USA are on it and relying on it.. and will be doing so for another year at least. Thanks for a great job well done! Julian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Apr 26 9:13:11 2002 Delivered-To: freebsd-security@freebsd.org Received: from blacklamb.mykitchentable.net (ekgr-dsl2-92.citlink.net [207.173.226.92]) by hub.freebsd.org (Postfix) with ESMTP id EBF3337B419 for ; Fri, 26 Apr 2002 09:13:05 -0700 (PDT) Received: from tagalong (unknown [165.107.42.110]) by blacklamb.mykitchentable.net (Postfix) with SMTP id 72329EE5A1; Fri, 26 Apr 2002 09:12:59 -0700 (PDT) Message-ID: <002d01c1ed3d$32272a20$6e2a6ba5@lc.ca.gov> From: "Drew Tomlinson" To: "Julian Elischer" , References: Subject: Re: RELENG_4_4 Date: Fri, 26 Apr 2002 09:12:42 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ----- Original Message ----- From: "Julian Elischer" Sent: Thursday, April 25, 2002 7:32 PM [snip] > We will be moving those on 4.1.1 to 4.4 so that they are all at the same > level, but we cannot move them up to 4.5 or 4.8 or whatever for > at least another 18 months as they don't upgrade production systems more > than once on 2 years in general. Instead of calling it an "upgrade", call it a system "patch". It just so happens that the RELENG_4_5 "patch" will ensure that the OS is up to date on security issues and more! :) Cheers, Drew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Apr 26 11:32:54 2002 Delivered-To: freebsd-security@freebsd.org Received: from d188h80.mcb.uconn.edu (d188h80.mcb.uconn.edu [137.99.188.80]) by hub.freebsd.org (Postfix) with SMTP id 247EA37B41B for ; Fri, 26 Apr 2002 11:32:51 -0700 (PDT) Received: (qmail 89713 invoked by uid 1001); 26 Apr 2002 18:32:45 -0000 Date: Fri, 26 Apr 2002 14:32:45 -0400 From: "Peter C. Lai" To: Drew Tomlinson Cc: Julian Elischer , security@freebsd.org Subject: Re: RELENG_4_4 Message-ID: <20020426143245.A89608@cowbert.2y.net> Reply-To: peter.lai@uconn.edu References: <002d01c1ed3d$32272a20$6e2a6ba5@lc.ca.gov> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <002d01c1ed3d$32272a20$6e2a6ba5@lc.ca.gov>; from drew@mykitchentable.net on Fri, Apr 26, 2002 at 09:12:42AM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I hope we don't bring up the whole binary patch subject again but in case you aren't trying to be facetious, I would have to state that 4.4 -> 4.5 is a point release and therefore may be a significant change. Just look at how long it takes to run mergemaster when going from 4.4 -> 4.5 and 4.5 -> 4.5. Actually moving from 4.1.1 -> 4.5 is a pretty huge jump too but if you only rebuild world every couple of years for production machines you only have 1 major downtime period instead of many potential ones. A point release can change many things. For example, 4.0 -> 4.1.1? changed the way passwords were stored and look at how many issues people had with that. If patching didn't require rebuilding a large portion of the system, then "patch" may be appropriate, but to production level machines, current patching methods are effectively system upgrades, at least with FreeBSD. At least we aren't talking PHP 4.1 -> 4.2 here :) cheers :) On Fri, Apr 26, 2002 at 09:12:42AM -0700, Drew Tomlinson wrote: > ----- Original Message ----- > From: "Julian Elischer" > Sent: Thursday, April 25, 2002 7:32 PM > > > [snip] > > > We will be moving those on 4.1.1 to 4.4 so that they are all at the > same > > level, but we cannot move them up to 4.5 or 4.8 or whatever for > > at least another 18 months as they don't upgrade production systems > more > > than once on 2 years in general. > > Instead of calling it an "upgrade", call it a system "patch". It just > so happens that the RELENG_4_5 "patch" will ensure that the OS is up to > date on security issues and more! :) > > Cheers, > > Drew > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Peter C. Lai University of Connecticut Dept. of Residential Life | Programmer Dept. of Molecular and Cell Biology | Undergraduate Research Assistant http://cowbert.2y.net/ 860.427.4542 (Room) 860.486.1899 (Lab) 203.206.3784 (Cellphone) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Apr 26 12:49: 7 2002 Delivered-To: freebsd-security@freebsd.org Received: from blacklamb.mykitchentable.net (ekgr-dsl2-92.citlink.net [207.173.226.92]) by hub.freebsd.org (Postfix) with ESMTP id 012CF37B419 for ; Fri, 26 Apr 2002 12:49:01 -0700 (PDT) Received: from tagalong (unknown [165.107.42.110]) by blacklamb.mykitchentable.net (Postfix) with SMTP id 8B042EE5A1; Fri, 26 Apr 2002 12:48:57 -0700 (PDT) Message-ID: <006f01c1ed5b$5d8ea1c0$6e2a6ba5@lc.ca.gov> From: "Drew Tomlinson" To: Cc: "Julian Elischer" , References: <002d01c1ed3d$32272a20$6e2a6ba5@lc.ca.gov> <20020426143245.A89608@cowbert.2y.net> Subject: Re: RELENG_4_4 Date: Fri, 26 Apr 2002 12:48:40 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ----- Original Message ----- From: "Peter C. Lai" To: "Drew Tomlinson" Cc: "Julian Elischer" ; Sent: Friday, April 26, 2002 11:32 AM Subject: Re: RELENG_4_4 > I hope we don't bring up the whole binary patch subject again but > in case you aren't trying to be facetious, I would have to state that > 4.4 -> 4.5 is a point release and therefore may be a significant change. > Just look at how long it takes to run mergemaster when > going from 4.4 -> 4.5 and 4.5 -> 4.5. Actually moving from 4.1.1 -> 4.5 > is a pretty huge jump too but if you only rebuild world every couple of > years for production machines you only have 1 major downtime period instead > of many potential ones. > > A point release can change many things. For example, 4.0 -> 4.1.1? > changed the way passwords were stored and look at how many issues > people had with that. > > If patching didn't require rebuilding a large portion of the system, > then "patch" may be appropriate, but to production level machines, > current patching methods are effectively system upgrades, at least > with FreeBSD. At least we aren't talking PHP 4.1 -> 4.2 here :) Good points. I didn't realize so much might change between point versions. Thanks, Drew > On Fri, Apr 26, 2002 at 09:12:42AM -0700, Drew Tomlinson wrote: > > ----- Original Message ----- > > From: "Julian Elischer" > > Sent: Thursday, April 25, 2002 7:32 PM > > > > > > [snip] > > > > > We will be moving those on 4.1.1 to 4.4 so that they are all at the > > same > > > level, but we cannot move them up to 4.5 or 4.8 or whatever for > > > at least another 18 months as they don't upgrade production systems > > more > > > than once on 2 years in general. > > > > Instead of calling it an "upgrade", call it a system "patch". It just > > so happens that the RELENG_4_5 "patch" will ensure that the OS is up to > > date on security issues and more! :) > > > > Cheers, > > > > Drew > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Apr 26 13:46:32 2002 Delivered-To: freebsd-security@freebsd.org Received: from zoot.corp.yahoo.com (zoot.corp.yahoo.com [216.145.52.89]) by hub.freebsd.org (Postfix) with ESMTP id 8FBB637B416 for ; Fri, 26 Apr 2002 13:46:25 -0700 (PDT) Received: from zoot.corp.yahoo.com (localhost [127.0.0.1]) by zoot.corp.yahoo.com (8.12.3/8.12.3) with ESMTP id g3QKkPHW077163; Fri, 26 Apr 2002 13:46:25 -0700 (PDT) (envelope-from DougB@FreeBSD.org) Received: from localhost (dougb@localhost) by zoot.corp.yahoo.com (8.12.3/8.12.3/Submit) with ESMTP id g3QKkFUr077160; Fri, 26 Apr 2002 13:46:25 -0700 (PDT) X-Authentication-Warning: zoot.corp.yahoo.com: dougb owned process doing -bs Date: Fri, 26 Apr 2002 13:46:15 -0700 (PDT) From: Doug Barton X-X-Sender: dougb@zoot.corp.yahoo.com To: Pizik Ilya Cc: VB , Subject: Re: patching holes Hmmmm In-Reply-To: <20020425223741.A90997@ultra.v.gz.ru> Message-ID: <20020426134553.P77133-100000@zoot.corp.yahoo.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, 25 Apr 2002, Pizik Ilya wrote: > V> Last time I tried to make world I ran into some problems with smmsp user. The latest /usr/src/UPDATING has some good advice about this. -- "We have known freedom's price. We have shown freedom's power. And in this great conflict, ... we will see freedom's victory." - George W. Bush, President of the United States State of the Union, January 28, 2002 Do YOU Yahoo!? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Apr 26 13:52:48 2002 Delivered-To: freebsd-security@freebsd.org Received: from axl.seasidesoftware.co.za (axl.seasidesoftware.co.za [196.31.7.201]) by hub.freebsd.org (Postfix) with ESMTP id 0F50F37B417 for ; Fri, 26 Apr 2002 13:52:43 -0700 (PDT) Received: from sheldonh (helo=axl.seasidesoftware.co.za) by axl.seasidesoftware.co.za with local-esmtp (Exim 3.33 #1) id 171ClW-0006pQ-00; Fri, 26 Apr 2002 22:56:26 +0200 From: Sheldon Hearn To: "Drew Tomlinson" Cc: "Julian Elischer" , security@freebsd.org Subject: Re: RELENG_4_4 In-reply-to: Your message of "Fri, 26 Apr 2002 09:12:42 MST." <002d01c1ed3d$32272a20$6e2a6ba5@lc.ca.gov> Date: Fri, 26 Apr 2002 22:56:26 +0200 Message-ID: <26251.1019854586@axl.seasidesoftware.co.za> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, 26 Apr 2002 09:12:42 MST, "Drew Tomlinson" wrote: > Instead of calling it an "upgrade", call it a system "patch". It just > so happens that the RELENG_4_5 "patch" will ensure that the OS is up to > date on security issues and more! :) Just so that misinformation isn't spread, please note that the "and more" in your paragraph isn't true. The RELENG_4_5 branch is strictly for security fixes. The reason I'm confident saying this is that I once tried to have what I thought was an important bugfix merged onto RELENG_4_4 and my request was rejected, not on the grounds that the bugfix wasn't important, but rather on the grounds that it did not address a security concern. At the time, I was very annoyed, but I've come to see the wisdom in the RELENG_x_x branches. They allow system architects to address security concerns without accepting any new features or bugfixes, which have the theoretical potential to introduce new problems of their own. If I've designed, tested and deployed a system that works, it's possible that I'd rather lose out on bugfixes because I think it's unlikely that I'll need any of them, and I'd rather just pick up security fixes. For folks in that situation, the RELENG_x_x branches are ideal, and the security team should be commended for maintaining them. Ciao, Sheldon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Apr 26 13:54: 0 2002 Delivered-To: freebsd-security@freebsd.org Received: from I-Sphere.COM (shell.i-sphere.com [209.249.146.70]) by hub.freebsd.org (Postfix) with ESMTP id 61D0D37B41C for ; Fri, 26 Apr 2002 13:53:05 -0700 (PDT) Received: (from fasty@localhost) by I-Sphere.COM (8.11.6/8.11.6) id g3QKr9l09735 for freebsd-security@freebsd.org; Fri, 26 Apr 2002 13:53:09 -0700 (PDT) (envelope-from fasty) Date: Fri, 26 Apr 2002 13:53:09 -0700 From: faSty To: freebsd-security@freebsd.org Subject: ODD! Message-ID: <20020426135308.A9707@i-sphere.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi guys, I need help.. I ran cvs'd RELENG_4_5, rebuild BSD include new kernel with -p4 and installworld. After I rebooted the server and It seems wont let me run passwd at all. when ran passwd and it stop from there no activity or anything. what did I miss? --snip-- [shell@~]# passwd root (here no activity after run passwd) --end -trev -- A bore is someone who persists in holding his own views after we have enlightened him with ours. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Apr 26 13:57:17 2002 Delivered-To: freebsd-security@freebsd.org Received: from laptop.tenebras.com (laptop.tenebras.com [66.92.188.18]) by hub.freebsd.org (Postfix) with SMTP id 678E937B41C for ; Fri, 26 Apr 2002 13:57:13 -0700 (PDT) Received: (qmail 4711 invoked from network); 26 Apr 2002 20:57:12 -0000 Received: from sapphire.tenebras.com (HELO tenebras.com) (66.92.188.241) by 0 with SMTP; 26 Apr 2002 20:57:12 -0000 Message-ID: <3CC9BF27.5060506@tenebras.com> Date: Fri, 26 Apr 2002 13:57:11 -0700 From: Michael Sierchio Reply-To: kudzu@tenebras.com User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:0.9.9) Gecko/20020404 X-Accept-Language: en-us, en MIME-Version: 1.0 Cc: security@freebsd.org Subject: Re: RELENG_4_4 References: <26251.1019854586@axl.seasidesoftware.co.za> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Sheldon Hearn wrote: > Just so that misinformation isn't spread, please note that the "and > more" in your paragraph isn't true. The RELENG_4_5 branch is strictly > for security fixes. > > The reason I'm confident saying this is that I once tried to have what I > thought was an important bugfix merged onto RELENG_4_4 and my request > was rejected, not on the grounds that the bugfix wasn't important, but > rather on the grounds that it did not address a security concern. Sounds like generalizing from one example. Perusing the CVS logs would indicate that *critical* bug fixes are included, and the majority of these happen to be security related. That's the reason the branch RELENG_X_Y is informally referred to as -SECURITY. (Now if someone could explain why -STABLE has that label, I'd be amused). To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Apr 26 14: 0:30 2002 Delivered-To: freebsd-security@freebsd.org Received: from jochem.dyndns.org (cc40670-a.groni1.gr.nl.home.com [217.121.240.52]) by hub.freebsd.org (Postfix) with ESMTP id D78C337B41A for ; Fri, 26 Apr 2002 14:00:25 -0700 (PDT) Received: from lisa.jochem.dyndns.org (lisa.jochem.dyndns.org [192.168.1.2]) by jochem.dyndns.org (8.12.2/8.12.2) with ESMTP id g3QL0SVb011472; Fri, 26 Apr 2002 23:00:29 +0200 (CEST) (envelope-from jochem@lisa.jochem.dyndns.org) Received: from lisa.jochem.dyndns.org (localhost [127.0.0.1]) by lisa.jochem.dyndns.org (8.12.3/8.12.2) with ESMTP id g3QL0Idg007371; Fri, 26 Apr 2002 23:00:19 +0200 (CEST) (envelope-from jochem@lisa.jochem.dyndns.org) Received: (from jochem@localhost) by lisa.jochem.dyndns.org (8.12.3/8.12.3/Submit) id g3QL0Imi007370; Fri, 26 Apr 2002 23:00:18 +0200 (CEST) Date: Fri, 26 Apr 2002 23:00:17 +0200 From: Jochem Kossen To: faSty Cc: freebsd-security@FreeBSD.ORG Subject: Re: ODD! Message-ID: <20020426210017.GA7150@jochem.dyndns.org> Mail-Followup-To: faSty , freebsd-security@FreeBSD.ORG References: <20020426135308.A9707@i-sphere.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020426135308.A9707@i-sphere.com> User-Agent: Mutt/1.3.28i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, Apr 26, 2002 at 01:53:09PM -0700, faSty wrote: > Hi guys, > > I need help.. > > I ran cvs'd RELENG_4_5, rebuild BSD include new kernel with -p4 and installworld. After > I rebooted the server and It seems wont let me run passwd at all. > > when ran passwd and it stop from there no activity or anything. what did I miss? mergemaster To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Apr 26 14:14:37 2002 Delivered-To: freebsd-security@freebsd.org Received: from laptop.tenebras.com (laptop.tenebras.com [66.92.188.18]) by hub.freebsd.org (Postfix) with SMTP id D245437B41B for ; Fri, 26 Apr 2002 14:14:24 -0700 (PDT) Received: (qmail 4820 invoked from network); 26 Apr 2002 21:14:24 -0000 Received: from sapphire.tenebras.com (HELO tenebras.com) (66.92.188.241) by 0 with SMTP; 26 Apr 2002 21:14:24 -0000 Message-ID: <3CC9C32F.3040506@tenebras.com> Date: Fri, 26 Apr 2002 14:14:23 -0700 From: Michael Sierchio Reply-To: kudzu@tenebras.com User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:0.9.9) Gecko/20020404 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Doug Barton Cc: Pizik Ilya , VB , freebsd-security@FreeBSD.org Subject: Re: patching holes Hmmmm References: <20020426134553.P77133-100000@zoot.corp.yahoo.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Doug Barton wrote: > On Thu, 25 Apr 2002, Pizik Ilya wrote: > > >>V> Last time I tried to make world I ran into some problems with smmsp user. > > > The latest /usr/src/UPDATING has some good advice about this. > No, not if you're talking about _4_5 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Apr 26 14:28:35 2002 Delivered-To: freebsd-security@freebsd.org Received: from I-Sphere.COM (shell.i-sphere.com [209.249.146.70]) by hub.freebsd.org (Postfix) with ESMTP id 23CE637B416 for ; Fri, 26 Apr 2002 14:28:30 -0700 (PDT) Received: (from fasty@localhost) by I-Sphere.COM (8.11.6/8.11.6) id g3QLSWu10292; Fri, 26 Apr 2002 14:28:32 -0700 (PDT) (envelope-from fasty) Date: Fri, 26 Apr 2002 14:28:32 -0700 From: faSty To: Jochem Kossen Cc: freebsd-security@freebsd.org Subject: Re: ODD! Message-ID: <20020426142832.C9707@i-sphere.com> References: <20020426135308.A9707@i-sphere.com> <20020426210017.GA7150@jochem.dyndns.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020426210017.GA7150@jochem.dyndns.org>; from j.kossen@home.nl on Fri, Apr 26, 2002 at 11:00:17PM +0200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Yes, I did run mergemaster of course always do that after installworld. I run FreeBSD 4.5-RELEASE-p4 on server. I finally got passwd activity and It's been waiting like 30-40 seconds to get prompt.. WOW! I ran cvsup again and nothing update in /usr/src. -trev On Fri, Apr 26, 2002 at 11:00:17PM +0200, Jochem Kossen wrote: > On Fri, Apr 26, 2002 at 01:53:09PM -0700, faSty wrote: > > Hi guys, > > > > I need help.. > > > > I ran cvs'd RELENG_4_5, rebuild BSD include new kernel with -p4 and installworld. After > > I rebooted the server and It seems wont let me run passwd at all. > > > > when ran passwd and it stop from there no activity or anything. what did I miss? > > mergemaster -- "Dying is a very dull, dreary affair. And my advice to you is to have nothing whatever to do with it." -- W. Somerset Maugham To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Apr 27 0:56:44 2002 Delivered-To: freebsd-security@freebsd.org Received: from server-6.tower-15.messagelabs.com (mail15.messagelabs.com [63.210.62.243]) by hub.freebsd.org (Postfix) with SMTP id 4C52F37B427 for ; Sat, 27 Apr 2002 00:56:36 -0700 (PDT) X-VirusChecked: Checked Received: (qmail 9440 invoked by uid 0); 27 Apr 2002 00:49:53 -0000 Date: 27 Apr 2002 00:49:53 -0000 Message-ID: <20020427004953.9439.qmail@server-6.tower-15.messagelabs.com> To: jwood@mn.rr.com To: security@FreeBSD.org From: alert@notification.messagelabs.com Reply-To: alert@notification.messagelabs.com Subject: WARNING. You tried to send a potential virus or unauthorised code Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org The MessageLabs SkyScan Anti-Virus service discovered a possible virus or unauthorised code (such as a joke program or trojan) in an email sent by you. The email has now been quarantined and was not delivered. Please read the whole of this email carefully. It explains what has happened to your email, which suspected virus has been caught and what to do if you need help addressing the problem. To help identify the quarantined email: The message sender was jwood@mn.rr.com security@FreeBSD.org The message recipients were PCCustomerService@eyeonretail.com The message title was Re:congratulations The message date was Fri, 26 Apr 2002 20:49:18 -0400 The virus or unauthorised code identified in the email is F-Secure Anti-Virus for i386-linux Release 4.13 build 3360 Frisk Software International F-PROT engine version 3.10 build 701 620185_2MAUDIO-X-MIDI_CTTimes.bat infection: W95/Klez.H@mm 3 files scanned 1 infections found Some viruses forge the sender address. For more information please visit the link to the virus FAQ's at the bottom of this page. The message was diverted into the virus holding pen on mail server server-6.tower-15.messagelabs.com (pen id 620185_1019868592) and will be held for 30 days before being destroyed Corporate Users: If you sent the email from a corporate network, you should first contact your local IT Helpdesk or System Administrator for advice. They will be able to help you disinfect your workstation. If you would like further information on how to subscribe to MessageLabs SkyScan AV service, a proactive anti-virus service working around the clock, around the globe, please complete our enquiry form. Personal or Home users: If you sent the email from a personal or home account, you will need to disinfect your computer yourself. Please contact your anti-virus software vendor for support. You may like to read the virus FAQ's at: http://www.messagelabs.com/page.asp?id=628 which will answer most virus related questions. ________________________________________________________________________ This email has been scanned for all viruses by the MessageLabs SkyScan service. For more information on a proactive anti-virus service working around the clock, around the globe, visit http://www.messagelabs.com ________________________________________________________________________ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Apr 27 5: 1:33 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx.agni.com (mx.agni.com [202.53.160.4]) by hub.freebsd.org (Postfix) with ESMTP id 7995437B404 for ; Sat, 27 Apr 2002 05:01:25 -0700 (PDT) Received: from venus.agni.com (venus.agni.com [202.53.160.200]) by mx.agni.com (8.12.1/8.12.1) with ESMTP id g3RC1FhX024853 for ; Sat, 27 Apr 2002 18:01:15 +0600 Received: (from mojahed@localhost) by venus.agni.com (8.11.6/8.11.6) id g3RC46D91162 for freebsd-security@FreeBSD.ORG; Sat, 27 Apr 2002 18:04:06 +0600 (BDT) (envelope-from mojahed) Date: Sat, 27 Apr 2002 18:04:06 +0600 From: Mojahedul Hoque Abul Hasanat To: freebsd-security@FreeBSD.ORG Subject: ARP queries with target hardware address set Message-ID: <20020427180406.A91046@venus.agni.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i X-Scanned-By: MIMEDefang 2.2 (www dot roaringpenguin dot com slash mimedefang) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Please excuse me if this is a naive question. When running tcpdump I see that some of the arp queries have their target hardware addresses set to random MACs. AFAIK an arp query should have its target hardware address set to all zeros. Here is an example from the output of "tcpdump -e ...": 0:e0:7d:a1:8:75 Broadcast arp 60: arp who-has 202.168.255.85 (68:74:2e:4d:20:74) tell a.host.ip.address The MAC inside the parenthesis was never in my LAN. Almost all the boxes in the LAN are 4.5-STABLE. The box making these queries runs bind 8.3.1-REL. Suspiciously, this box also makes a lot of arp queries for IPs not in its LAN. Any ideas on the source of these arps? -- Mojahed To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Apr 27 14:20:38 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.dada.it (mail4.dada.it [195.110.96.56]) by hub.freebsd.org (Postfix) with SMTP id 5764C37B404 for ; Sat, 27 Apr 2002 14:20:34 -0700 (PDT) Received: (qmail 5561 invoked from network); 27 Apr 2002 21:20:26 -0000 Received: from unknown (HELO libero.sunshine.ale) (195.110.114.252) by mail.dada.it with SMTP; 27 Apr 2002 21:20:26 -0000 Received: by libero.sunshine.ale (Postfix, from userid 1001) id BBEC85F6B; Sat, 27 Apr 2002 23:20:25 +0200 (CEST) Date: Sat, 27 Apr 2002 23:20:25 +0200 From: Alessandro de Manzano To: Michael Sierchio Cc: Doug Barton , Pizik Ilya , VB , freebsd-security@FreeBSD.org Subject: Re: patching holes Hmmmm Message-ID: <20020427232025.A91243@libero.sunshine.ale> Reply-To: Alessandro de Manzano References: <20020426134553.P77133-100000@zoot.corp.yahoo.com> <3CC9C32F.3040506@tenebras.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <3CC9C32F.3040506@tenebras.com>; from kudzu@tenebras.com on Fri, Apr 26, 2002 at 02:14:23PM -0700 X-Operating-System: FreeBSD 4.5-STABLE Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, Apr 26, 2002 at 02:14:23PM -0700, Michael Sierchio wrote: > >>V> Last time I tried to make world I ran into some problems with smmsp user. > > > > > > The latest /usr/src/UPDATING has some good advice about this. > > > > No, not if you're talking about _4_5 RELENG_4_5 does *not* have new sendmail, so no smmsp user is required nor requested. -- bye! Ale To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Apr 27 16:30:49 2002 Delivered-To: freebsd-security@freebsd.org Received: from rwcrmhc52.attbi.com (rwcrmhc52.attbi.com [216.148.227.88]) by hub.freebsd.org (Postfix) with ESMTP id 1CF8037B417 for ; Sat, 27 Apr 2002 16:30:43 -0700 (PDT) Received: from blossom.cjclark.org ([12.234.91.48]) by rwcrmhc52.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020427233042.QRQR12183.rwcrmhc52.attbi.com@blossom.cjclark.org>; Sat, 27 Apr 2002 23:30:42 +0000 Received: (from cjc@localhost) by blossom.cjclark.org (8.11.6/8.11.6) id g3RNUfw46708; Sat, 27 Apr 2002 16:30:41 -0700 (PDT) (envelope-from cjc) Date: Sat, 27 Apr 2002 16:30:41 -0700 From: "Crist J. Clark" To: Drew Tomlinson Cc: security@FreeBSD.ORG Subject: Re: Stateful IPFW Firewall Assistance Message-ID: <20020427163041.A37618@blossom.cjclark.org> References: <020501c1ecb4$4e21a220$6e2a6ba5@lc.ca.gov> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <020501c1ecb4$4e21a220$6e2a6ba5@lc.ca.gov>; from drew@mykitchentable.net on Thu, Apr 25, 2002 at 04:52:47PM -0700 X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, Apr 25, 2002 at 04:52:47PM -0700, Drew Tomlinson wrote: > I'm trying to fine-tune my firewall and am hoping for a little advice > regarding stateful behavior. I built this rule set based upon an > example by Peter Brezny I found on the web so it may look familar. > > Here's my current network setup: > > ISP > | > | Public DHCP address > | > 3Com ADSL Modem/Router > (Router performs NAT and passes packets to 10.2 by default) > | (192.168.10.1) > | > | > | (ed1 192.168.10.2) > FBSD Gateway > | (ed0 192.168.1.2) > | > | > Internal LAN > > And here are my current firewall rules: > > 00100 allow ip from any to any via lo0 > 00200 deny log ip from any to 127.0.0.0/8 > 00300 deny log ip from 192.168.1.0/24 to any in recv ed1 > 00400 deny log ip from not 192.168.1.0/24 to any in recv ed0 > 00500 allow tcp from any to any established > 00600 allow tcp from any to 192.168.1.0/24 21,22,25,80,143,389,443,993 setup This seems odd. How can anyone ever get packets to your various nets in the 192.168.0.0/16 range from the outside? Maybe these are masked examples? Anyway, you probably want the above to read as, 00500 allow tcp from 192.168.1.0/24 21,22,25,80,143,389,443,993 to any established 00600 allow tcp from any to 192.168.1.0/24 21,22,25,80,143,389,443,993 > 00700 allow tcp from any to 192.168.10.2 21,22 setup And this as, 00700 allow tcp from 192.168.10.2 21,22 to any established 00750 allow tcp from any to 192.168.10.2 21,22 This way, you get rid of that 'pass tcp from any to any established' rule that will mess up, > 01900 check-state > 02000 allow ip from 192.168.10.2 to any keep-state out xmit ed1 > 02100 allow ip from 192.168.1.0/24 to any keep-state via ed0 The keep-state rules by passing packets that they have state on. Also note that the 'check-state' rule here is completely redudant and can be removed. > 65500 deny log ip from any to any > > In reading the ipfw man page, it tells me that "established" matches any > packet that has the RST or ACK bit set which is normal TCP traffic. > However this seems like it would be pretty easy to fake. In this case, > my rule 00500 leaves me pretty wide open? My thought is to change rules > 00500-00700 to use check-state and keep-state so the rules look like > this: > > 00450 check-state > 00500 deny tcp from any to any established > 00600 allow tcp from any to 192.168.1.0/24 21,22,25,80,143,389,443,993 > setup keep-state > 00700 allow tcp from any to 192.168.10.2 21,22 setup keep-state > > However, I don't understand how this will affect the rest of the rules, > especially 01900-02000. I'd appreciate any comments on this issue. There is not a lot of reason to use 'keep-state' on incoming connections. But you may want to put the 'check-state' rule earlier. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Apr 27 16:57:17 2002 Delivered-To: freebsd-security@freebsd.org Received: from rwcrmhc53.attbi.com (rwcrmhc53.attbi.com [204.127.198.39]) by hub.freebsd.org (Postfix) with ESMTP id C6F3837B420 for ; Sat, 27 Apr 2002 16:57:11 -0700 (PDT) Received: from blossom.cjclark.org ([12.234.91.48]) by rwcrmhc53.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020427235711.RJYS25242.rwcrmhc53.attbi.com@blossom.cjclark.org>; Sat, 27 Apr 2002 23:57:11 +0000 Received: (from cjc@localhost) by blossom.cjclark.org (8.11.6/8.11.6) id g3RNv8A46760; Sat, 27 Apr 2002 16:57:08 -0700 (PDT) (envelope-from cjc) Date: Sat, 27 Apr 2002 16:57:08 -0700 From: "Crist J. Clark" To: Mojahedul Hoque Abul Hasanat Cc: freebsd-security@FreeBSD.ORG Subject: Re: ARP queries with target hardware address set Message-ID: <20020427165708.B37618@blossom.cjclark.org> References: <20020427180406.A91046@venus.agni.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020427180406.A91046@venus.agni.com>; from mojahed@agni.com on Sat, Apr 27, 2002 at 06:04:06PM +0600 X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sat, Apr 27, 2002 at 06:04:06PM +0600, Mojahedul Hoque Abul Hasanat wrote: > > Please excuse me if this is a naive question. > > When running tcpdump I see that some of the arp queries have their > target hardware addresses set to random MACs. AFAIK an arp query > should have its target hardware address set to all zeros. Can you quote some standard or RFC that states this? AFA_I_K, the target hardware address field is undefined. It can just as well be random junk as all zeros. RFC 826 just says, The target hardware address is included for completeness and network monitoring. It has no meaning in the request form, since it is this number that the machine is requesting. Here is > an example from the output of "tcpdump -e ...": > > 0:e0:7d:a1:8:75 Broadcast arp 60: arp who-has 202.168.255.85 (68:74:2e:4d:20:74) tell a.host.ip.address > > The MAC inside the parenthesis was never in my LAN. Almost all the > boxes in the LAN are 4.5-STABLE. The box making these queries runs > bind 8.3.1-REL. Suspiciously, this box also makes a lot of arp > queries for IPs not in its LAN. > > Any ideas on the source of these arps? Why does 'a.host.ip.address' think 202.168.255.85 is a local address if it isn't? -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Apr 27 20:56:33 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx.agni.com (mx.agni.com [202.53.160.4]) by hub.freebsd.org (Postfix) with ESMTP id 5CA2837B405; Sat, 27 Apr 2002 20:56:27 -0700 (PDT) Received: from venus.agni.com (venus.agni.com [202.53.160.200]) by mx.agni.com (8.12.1/8.12.1) with ESMTP id g3S3uMhX015772; Sun, 28 Apr 2002 09:56:22 +0600 Received: (from mojahed@localhost) by venus.agni.com (8.11.6/8.11.6) id g3S3xGj95083; Sun, 28 Apr 2002 09:59:16 +0600 (BDT) (envelope-from mojahed) Date: Sun, 28 Apr 2002 09:59:16 +0600 From: Mojahedul Hoque Abul Hasanat To: "Crist J. Clark" Cc: freebsd-security@FreeBSD.ORG Subject: Re: ARP queries with target hardware address set Message-ID: <20020428095916.F94650@venus.agni.com> References: <20020427180406.A91046@venus.agni.com> <20020427165708.B37618@blossom.cjclark.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020427165708.B37618@blossom.cjclark.org>; from cjc@FreeBSD.ORG on Sat, Apr 27, 2002 at 04:57:08PM -0700 X-Scanned-By: MIMEDefang 2.2 (www dot roaringpenguin dot com slash mimedefang) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sat, Apr 27, 2002 at 04:57:08PM -0700, Crist J. Clark wrote: > > should have its target hardware address set to all zeros. > > Can you quote some standard or RFC that states this? AFA_I_K, the > target hardware address field is undefined. It can just as well be > random junk as all zeros. RFC 826 just says, Oops! my fault. I shouldn't have said "should have its target HA set to all zeros". But this is the general case, isn't it? All the arp queries I can see in this LAN have their THA set to zeros, except some queries from this host. > > 0:e0:7d:a1:8:75 Broadcast arp 60: arp who-has 202.168.255.85 (68:74:2e:4d:20:74) tell a.host.ip.address > > > > The MAC inside the parenthesis was never in my LAN. Almost all the > > Why does 'a.host.ip.address' think 202.168.255.85 is a local address > if it isn't? There is absolutely no reason for this. Routing tables are correct, no dynamic routing protocols either. Now I am more inclined to think that someone is injecting these Ethernet frames. But to what effect, I haven't got a clue. -- Mojahed System Administrator, Agni Systems Limited To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message