From owner-freebsd-security Wed Dec 27 08:07:47 1995 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id IAA00507 for security-outgoing; Wed, 27 Dec 1995 08:07:47 -0800 (PST) Received: from colossus.tia.net (colossus.tia.net [205.244.60.2]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id IAA00501 for ; Wed, 27 Dec 1995 08:07:43 -0800 (PST) Received: by colossus.tia.net; id AA31407; Wed, 27 Dec 1995 11:10:44 -0500 Date: Wed, 27 Dec 1995 11:10:44 -0500 (EST) From: "Joseph D. Orthoefer" To: freebsd-security@freebsd.org Subject: VLANS and switching hubs Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org Precedence: bulk This isn't exactly freebsd related; Does anyone have any experience implementing VLANS with a switching hub in order to minimize the amount of sniffing a compromised machine can do on a local network? Is this possible? Any reply would be helpful. Thank in advance, Joseph D. Orthoefer From owner-freebsd-security Fri Dec 29 00:42:01 1995 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id AAA07554 for security-outgoing; Fri, 29 Dec 1995 00:42:01 -0800 (PST) Received: from agora.rdrop.com (root@agora.rdrop.com [199.2.210.241]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id AAA07548 for ; Fri, 29 Dec 1995 00:41:57 -0800 (PST) Received: by agora.rdrop.com (Smail3.1.29.1 #17) id m0tVaNo-000AlEC; Fri, 29 Dec 95 00:41 PST Message-Id: From: batie@agora.rdrop.com (Alan Batie) Subject: Secure PPP configuration? To: freebsd-security@freebsd.org Date: Fri, 29 Dec 1995 00:41:48 -0800 (PST) X-Mailer: ELM [version 2.4 PL24 ME8a] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org Precedence: bulk I'm trying to get PPP services working on my public access system (until now, it's only supported SLIP). After reviewing the documentation, I find there are altogether too many options and configuration files for me to be comfortable that my users can't override them somehow, so I would like some guidance. Design Goal: 1. IP address assigned based on tty 2. Authenticate user via password file 3. Allow negotiation of TCP/IP parameters which don't affect security, in particular, VJ compression 4. Disallow all others, in particular IP address, netmask and defaultroute. Strategy: Set all options in options.ttyxx file, which seems to get read last: auth crtscts mtu xxx mru xxx netmask xxx localip:remoteip -all +pap login noipdefault Questionable options: -defaultroute ac pc vj The above all have the reverse use of the "-" as the man page suggests (i.e. defaultroute tells it to install a default route, but doesn't say the using the - explicitly tells it not to, and similarly, -vj disables vj compression negotiation, but doesn't say that "vj" enables it.) I want to use PAP instead of CHAP because I do not want any cleartext password files online. Each user will run pppd under their own uid, so that it's easier to track logins. As a result, they will be able to install ~/.ppprc files if they want. Is there something I've overlooked, misinterpreted or just plain screwed up? Thanks... -- Alan Batie ______ batie@agora.rdrop.com \ / Freedom for me to be and do +1 503 452-0960 \ / only what *you* approve of 45 28 59 N / 122 43 20 W / 440' MSL \/ is no freedom at all. It is my policy to avoid purchase of any products from companies which use unrequested email advertisements or telephone solicitation. From owner-freebsd-security Fri Dec 29 00:49:25 1995 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id AAA07797 for security-outgoing; Fri, 29 Dec 1995 00:49:25 -0800 (PST) Received: from agora.rdrop.com (root@agora.rdrop.com [199.2.210.241]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id AAA07792 for ; Fri, 29 Dec 1995 00:49:22 -0800 (PST) Received: by agora.rdrop.com (Smail3.1.29.1 #17) id m0tVaV0-000AlEC; Fri, 29 Dec 95 00:49 PST Message-Id: From: batie@agora.rdrop.com (Alan Batie) Subject: Secure PPP configuration followup To: freebsd-security@FreeBSD.org Date: Fri, 29 Dec 1995 00:49:14 -0800 (PST) X-Mailer: ELM [version 2.4 PL24 ME8a] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@FreeBSD.org Precedence: bulk I forgot to add that will need to restrict access to certain users, and if I read the man page right, putting 'login agora ""' in the pap-secrets file (for each enabled login), combined with the "login" option will cause only those in the pap-secrets file to be authenticated, but they will be authenticated out of the password file. Is this right? -- Alan Batie ______ batie@agora.rdrop.com \ / Freedom for me to be and do +1 503 452-0960 \ / only what *you* approve of 45 28 59 N / 122 43 20 W / 440' MSL \/ is no freedom at all. It is my policy to avoid purchase of any products from companies which use unrequested email advertisements or telephone solicitation. From owner-freebsd-security Fri Dec 29 22:51:39 1995 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id WAA03354 for security-outgoing; Fri, 29 Dec 1995 22:51:39 -0800 (PST) Received: from toadflax.cs.ucdavis.edu (toadflax.cs.ucdavis.edu [128.120.56.188]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id WAA03334 Fri, 29 Dec 1995 22:51:33 -0800 (PST) Received: by toadflax.cs.ucdavis.edu (4.1/UCD.CS.2.6) id AA10608; Fri, 29 Dec 95 22:51:31 PST From: obrien@cs.ucdavis.edu (David E. O'Brien) Message-Id: <9512300651.AA10608@toadflax.cs.ucdavis.edu> Subject: termcap access as user uucp To: freebsd-security@freebsd.org, freebsd-hackers@freebsd.org (FreeBSD Hacker's list) Date: Fri, 29 Dec 1995 22:51:30 -0800 (PST) X-Mailer: ELM [version 2.4 PL24 PGP3ALPHA] Content-Type: text Sender: owner-security@freebsd.org Precedence: bulk I'm doing a port of a terminal program to FreeBSD. The orignal author installs it setuid root. I don't care for this. Following /usr/bin/cu's lead, I make it setuid uucp. Problem is the program can't access the termcap database as this user. Does it have something to do with uucp not having a "normal" shell? Security minded people: opinions on the best arraingment for security? Others: What's wrong with Mr. UUCP? Below is a minimal program to demonstrate this. Make it setuid root ==> no problem. Make it non-setuid, owned by joe user ==> no problem. Make it setuid uucp and you get: No termcap present! Test program ~~~~~~~~~~~~ #include #include main() { static char cbuf[2048]; char *term = "xterm"; switch(tgetent(cbuf, term )) { case 0: fprintf(stderr, "No termcap entry for %s\n", term); return 1; case -1: fprintf(stderr, "No termcap present!\n"); return 1; default: printf( "\n%s\n", cbuf ); } return 0; } From owner-freebsd-security Sat Dec 30 01:21:39 1995 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id BAA09301 for security-outgoing; Sat, 30 Dec 1995 01:21:39 -0800 (PST) Received: from irz301.inf.tu-dresden.de (irz301.inf.tu-dresden.de [141.76.1.11]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id BAA09292 Sat, 30 Dec 1995 01:21:31 -0800 (PST) Received: from sax.sax.de by irz301.inf.tu-dresden.de (8.6.12/8.6.12-s1) with ESMTP id KAA17337; Sat, 30 Dec 1995 10:21:29 +0100 Received: by sax.sax.de (8.6.11/8.6.12-s1) with UUCP id KAA03114; Sat, 30 Dec 1995 10:21:29 +0100 Received: (from j@localhost) by uriah.heep.sax.de (8.7.3/8.6.9) id KAA25599; Sat, 30 Dec 1995 10:13:15 +0100 (MET) From: J Wunsch Message-Id: <199512300913.KAA25599@uriah.heep.sax.de> Subject: Re: termcap access as user uucp To: obrien@cs.ucdavis.edu (David E. O'Brien) Date: Sat, 30 Dec 1995 10:13:15 +0100 (MET) Cc: freebsd-security@freebsd.org, freebsd-hackers@freebsd.org Reply-To: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch) In-Reply-To: <9512300651.AA10608@toadflax.cs.ucdavis.edu> from "David E. O'Brien" at Dec 29, 95 10:51:30 pm X-Phone: +49-351-2012 669 X-Mailer: ELM [version 2.4 PL23] MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-security@freebsd.org Precedence: bulk As David E. O'Brien wrote: > > I'm doing a port of a terminal program to FreeBSD. The orignal author > installs it setuid root. I don't care for this. Following /usr/bin/cu's > lead, I make it setuid uucp. Problem is the program can't access the > termcap database as this user. Does it have something to do with uucp > not having a "normal" shell? Do you have a ``protected path'' to your /usr/share/misc directory? uriah # cc foo.c -ltermcap uriah # su -m nobody -c ./a.out xterm|vs100|xterm terminal emulator (X window system):li#24:hs:ts=\E[?E\E[?%i%dT:fs=\E[?F:es:ds=\E[?E:is=\E>\E[?1;3;4;5l\E[?7;8h\E[1;65r\E[65;1H:rs=\E>\E[?1;3;4;5l\E[?7;8h:@7=\E[4~:kh=\E[1~:kI=\E[2~:k0=\E[10~:kD=\E[3~:k1=\E[11~:k2=\E[12~:k3=\E[13~:k4=\E[14~:k5=\E[15~:k6=\E[17~:k7=\E[18~:k8=\E[19~:k9=\E[20~:k;=\E[21~:F1=\E[23~:F2=\E[24~:kP=\E[5~:kN=\E[6~:K1=\EOw:K2=\EOy:K3=\EOu:K4=\EOq:K5=\EOs:al=\E[L:dl=\E[M:im=\E[4h:ei=\E[4l:mi:dc=\E[P:AL=\E[%dL:DL=\E[%dM:DC=\E[%dP:do=\E[B:cl=\E[H\E[J:sf=\ED:as=\E(0:ae=\E(B:cm=\E[%i%d;%dH:nd=\E[C:up=\E[A:nw=\EE:ce=\E[K:cd=\E[J:so=\E[7m:se=\E[m:us=\E[4m:ue=\E[m:md=\E[1m:mr=\E[7m:mb=\E[5m:me=\E[m:sr=\EM:sc=\E7:rc=\E8:cs=\E[%i%d;%dr:UP=\E[%dA:DO=\E[%dB:RI=\E[%dC:LE=\E[%dD:ct=\E[3g:st=\EH:co#80:le=^H:bs:am:if=/usr/share/tabset/vt100:ac=llmmkkjjuuttvvwwqqxxnnpprr``aa:ks=\E[?1h\E=:ke=\E[?1l\E>:ku=\EOA:kd=\EOB:kr=\EOC:kl=\EOD:kb=\177:ho=\E[H:pt:vt#3:xn:ta=^I:ms:bl=^G:cr=^M:eo:it#8:ut: -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE Never trust an operating system you don't have sources for. ;-)