From owner-freebsd-security@freebsd.org Sat Sep 10 22:35:57 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 740D7BD5F94 for ; Sat, 10 Sep 2016 22:35:57 +0000 (UTC) (envelope-from wollman@hergotha.csail.mit.edu) Received: from hergotha.csail.mit.edu (wollman-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:ccb::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 3BC96656 for ; Sat, 10 Sep 2016 22:35:57 +0000 (UTC) (envelope-from wollman@hergotha.csail.mit.edu) Received: from hergotha.csail.mit.edu (localhost [127.0.0.1]) by hergotha.csail.mit.edu (8.15.2/8.15.2) with ESMTP id u8AMZrm0064655; Sat, 10 Sep 2016 18:35:54 -0400 (EDT) (envelope-from wollman@hergotha.csail.mit.edu) Received: (from wollman@localhost) by hergotha.csail.mit.edu (8.15.2/8.14.4/Submit) id u8AMZq43064654; Sat, 10 Sep 2016 18:35:52 -0400 (EDT) (envelope-from wollman) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <22484.35528.306024.578131@hergotha.csail.mit.edu> Date: Sat, 10 Sep 2016 18:35:52 -0400 From: Garrett Wollman To: Jan Mikkelsen Cc: freebsd-security@freebsd.org Subject: Re: Trying to think out a hack for NSS and pw(8) In-Reply-To: References: <22483.5592.653250.726711@hergotha.csail.mit.edu> X-Mailer: VM 8.2.0b under 24.5.1 (amd64-portbld-freebsd10.3) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (hergotha.csail.mit.edu [127.0.0.1]); Sat, 10 Sep 2016 18:35:54 -0400 (EDT) X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED, HEADER_FROM_DIFFERENT_DOMAINS autolearn=disabled version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on hergotha.csail.mit.edu X-Mailman-Approved-At: Sun, 11 Sep 2016 00:08:04 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Sep 2016 22:35:57 -0000 < said: > We manage the two separate databases using the -V option to pw, and > then have a script to merge the two databases into the standard > local database. Thanks for the clue; if I can convince Puppet not to use getpwnam(3) et al then this looks like it will actually be the best option. I determined experimentally that simply adding "-V /etc" to the pw(8) command line will completely disable nsswitch and manipulate only the local passwd database, which is very nearly what I want. -GAWollman From owner-freebsd-security@freebsd.org Sun Sep 11 02:01:31 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 71F6FBD2A72 for ; Sun, 11 Sep 2016 02:01:31 +0000 (UTC) (envelope-from rfg@tristatelogic.com) Received: from outgoing.tristatelogic.com (segfault.tristatelogic.com [69.62.255.118]) by mx1.freebsd.org (Postfix) with ESMTP id 3F474CF5 for ; Sun, 11 Sep 2016 02:01:30 +0000 (UTC) (envelope-from rfg@tristatelogic.com) Received: from segfault-nmh-helo.tristatelogic.com (localhost [127.0.0.1]) by segfault.tristatelogic.com (Postfix) with ESMTP id C7AEF3ACDA for ; Sat, 10 Sep 2016 19:01:29 -0700 (PDT) From: "Ronald F. Guilmette" To: freebsd-security@freebsd.org Subject: Disinfecting attachments (?) Date: Sat, 10 Sep 2016 19:01:29 -0700 Message-ID: <40863.1473559289@server1.tristatelogic.com> X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Sep 2016 02:01:31 -0000 Maybe an ignorant question, but hopefully not an outright stupid one... The story: As I was interacting with my new VM provider, there was a problem. And I had to send the provider a captured screenshot of the browser window where something had gone ugly wrong. I managed to get the screenshot as a .png file, and was all prepared to attach it to a follow-up message that I was sending to the provider through the providers's ticket system, which is apparently based on WHMCS (which I confess I know nothing about). Anyway, the try as I might, the ticket system kept refusing to allow me to attach *any* attachment to my messages. I kept giving me the following utterly moronic and useless error message: The following errors occurred: * The file you tried to upload is not allowed. Subsequent queries to the provider elicited the following explanation: "Oh, the attachments are disabled as a security precaution - it's unfortunate, but WHMCS doesn't actually 'check' attachments for malicious files, so it's a potential point of compromise." Now, please understand everybody, as a general matter I actively _avoid_ using Windoze whenever possible. I'm proud to say that (a) I've never in my life read a single email message of my own on any Windoze system and also (b) that I've never yet been hacked. (And yes, I do believe that there may be a relationship between these two facts.) My point is that I've never found it necessary to understand in any depth what sorts of attachments could possibly do damage, e.g. if opened in the Wrong Environment. My abundant ignorance gives rise to the following seemingly simple and obvious question: After all these years, and after thousands or millions of different types and strains of malware having been seen in the wild, is there really still no readily available tool that can simply be given a hunk of data, sent as an email attatchment, and which can successfully remove from that hunk of data any and all "active" elements, components, or sub-parts which might even potentially cause damage in any arbitrary environment? If not, then perhaps I just invented the next billion dollar start up. :-) But seriously folks, if the first few bytes of a file say that it is just a plain old ordinary .png file, then why would anybody or anything live in fear of it? It's just a bloody image file for God's sake! Ok, so I just googled around and found some articles describing some reports of "exploits" ostensibly relating n some way to .png files. But drilling down into those shows that really, all that is actually happening here is that the attackers are using certain parts of .png files... e.g. the tail end or the metadata fields... to smuggle in _other_ bad stuff _after_ the attacker has already gotten control in some other way. So it seems that whereas .png files can be used for smuggling in evil data, they can't really be used for primary exploitation. On that basis alone I have no idea why anyone would ever think that it would ever be of any use at all to block them. But even if the thought of receiving a .png file makes you shrink in horror, why not just build a tool which inspects the bloody things and which strips out any of the unnatural/evil/smuggled content, leaving behind just an utterly harmless toothless actual image file? I tried googling for "attachment disinfection" but it appears that most or all of the hits I get are to do with water purification and/or other biology-related subjects. So seriously, nobody ever built an attachment disinfector? Regards, rfg From owner-freebsd-security@freebsd.org Sun Sep 11 02:26:41 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4AF43BCF409 for ; Sun, 11 Sep 2016 02:26:41 +0000 (UTC) (envelope-from selphie.keller@gmail.com) Received: from mail-oi0-x232.google.com (mail-oi0-x232.google.com [IPv6:2607:f8b0:4003:c06::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1975BBEA for ; Sun, 11 Sep 2016 02:26:40 +0000 (UTC) (envelope-from selphie.keller@gmail.com) Received: by mail-oi0-x232.google.com with SMTP id y2so232781919oie.0 for ; Sat, 10 Sep 2016 19:26:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=QZC313Q8sONOkaRNfkAvXYt3rWgCap3E0TjF8CwFzKs=; b=C7IZt/JJJ5+/K0cc4T3ddtPKW60EfFRSIb6stLei/grKDcYLb5WjcuBtfVk0dKHfjb 5xJZv6ib1pNtTH8JjPxNUmj0Y7X0dY1wqUByd9eNxkZEeaZHfRrHFeh5VGrlZFjTAAna oC4MRqCqO0NTIT0lyjuhs3ElMU1Dlcuq5AMk6fsCej2fSfUwtq+HDzy1Gbh6vaKbXSmm qCF2fns8uE8QvCbIVJlIyOz3a69CFMS/uJvoFPyhI1xxfIT3HOZbauO8gIq/Qn0UTw9k qE19Ul3gHeul6k72y4qxaP53dEOMZdhA/NKTDZ6qITTcP+BADp+U4DcmvpuxF7jBbfqv pWXw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=QZC313Q8sONOkaRNfkAvXYt3rWgCap3E0TjF8CwFzKs=; b=c6pIIjnCcin2+vBAhqgVSLtsa5cw/9mjFNBz7gG6gRg+5SPeIbiTWku3OUkmEubuDm GxDLP/YiYQ8Sa5PQb2yb4p52heDXUc3lGevNql1/DMVaIHhhEworyyC07v2dRBxkbhd8 1TElIqi9FpBQ7AUnlf0k0UnsQmmw4Rx98RYvASKxyNjewncoaFWuv2S/FMoGyCq4RHub EfP624yNpouMK+GBZjm8nFvrADFQ1KpRPUkBvA0Y8BqvY7k1yQUzliU0Sc2ToleOUz2j 9s5pCJ7ir2Z5h64Va+4usNsTxWNkautXedLbrj6DlVyGz48S3nNPw9laRAQql8fNdWHI Xusw== X-Gm-Message-State: AE9vXwMamUgPZTHvCmlPT2h2xhz3mCSQldn7FCIkeyhdogRsMYP51Rhphi2zuMnV+codsonu1gc+H3RHtxVm+Q== X-Received: by 10.157.43.4 with SMTP id o4mr12087716otb.139.1473560800198; Sat, 10 Sep 2016 19:26:40 -0700 (PDT) MIME-Version: 1.0 Received: by 10.79.12.196 with HTTP; Sat, 10 Sep 2016 19:26:39 -0700 (PDT) In-Reply-To: <40863.1473559289@server1.tristatelogic.com> References: <40863.1473559289@server1.tristatelogic.com> From: Selphie Keller Date: Sat, 10 Sep 2016 20:26:39 -0600 Message-ID: Subject: Re: Disinfecting attachments (?) To: "Ronald F. Guilmette" Cc: freebsd-security@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Sep 2016 02:26:41 -0000 WHMCS has had serious issues in the past with code execution, https://www.cvedetails.com/vulnerability-list/vendor_id-10798/Whmcs.html this is likely the provider just trying to avoid issues while using this system. Many years back there was a nice exploit involving hiding php shells inside PNG data chunks and that could be triggered via resizing and other functions which led to the hacking of some forum software, https://www.idontplaydarts.com/2012/06/encoding-web-shells-in-png-idat-chunks/ , in today's exploit world anything can be mundane at first then later weaponized by some secondary payload/process this concept has been shown with egghunter where arbitrary data is appended into a request as just ascii then later transforms into shellcode, another case involved a person that could use some clever AES transformations that could turn a wallpaper into a payload apk just with AES decrypt on android, http://securityaffairs.co/wordpress/29438/security/hiding-malicious-android-apk.html So even if an attachment seemed safe there could be risk that it can be transformed later into something else. Though, in this case I think it's more about the provider using WHMCS and the issues it had in the past, so they likely setup this policy to reduce some of those vectors of attack. -Mystagic On 10 September 2016 at 20:01, Ronald F. Guilmette wrote: > > Maybe an ignorant question, but hopefully not an outright stupid one... > > The story: > > As I was interacting with my new VM provider, there was a problem. > And I had to send the provider a captured screenshot of the browser > window where something had gone ugly wrong. > > I managed to get the screenshot as a .png file, and was all prepared > to attach it to a follow-up message that I was sending to the provider > through the providers's ticket system, which is apparently based on > WHMCS (which I confess I know nothing about). > > Anyway, the try as I might, the ticket system kept refusing to allow > me to attach *any* attachment to my messages. I kept giving me the > following utterly moronic and useless error message: > > The following errors occurred: > * The file you tried to upload is not allowed. > > Subsequent queries to the provider elicited the following explanation: > > "Oh, the attachments are disabled as a security precaution - it's > unfortunate, but WHMCS doesn't actually 'check' attachments for > malicious files, so it's a potential point of compromise." > > Now, please understand everybody, as a general matter I actively _avoid_ > using Windoze whenever possible. I'm proud to say that (a) I've never > in my life read a single email message of my own on any Windoze system > and also (b) that I've never yet been hacked. (And yes, I do believe > that there may be a relationship between these two facts.) > > My point is that I've never found it necessary to understand in any > depth what sorts of attachments could possibly do damage, e.g. if > opened in the Wrong Environment. My abundant ignorance gives rise > to the following seemingly simple and obvious question: > > After all these years, and after thousands or millions of different > types and strains of malware having been seen in the wild, is there > really still no readily available tool that can simply be given a hunk > of data, sent as an email attatchment, and which can successfully > remove from that hunk of data any and all "active" elements, components, > or sub-parts which might even potentially cause damage in any arbitrary > environment? > > If not, then perhaps I just invented the next billion dollar start up. > :-) > > But seriously folks, if the first few bytes of a file say that it is > just a plain old ordinary .png file, then why would anybody or anything > live in fear of it? It's just a bloody image file for God's sake! > > Ok, so I just googled around and found some articles describing some > reports of "exploits" ostensibly relating n some way to .png files. > But drilling down into those shows that really, all that is actually > happening here is that the attackers are using certain parts of .png > files... e.g. the tail end or the metadata fields... to smuggle in > _other_ bad stuff _after_ the attacker has already gotten control in > some other way. > > So it seems that whereas .png files can be used for smuggling in evil > data, they can't really be used for primary exploitation. On that > basis alone I have no idea why anyone would ever think that it would > ever be of any use at all to block them. But even if the thought > of receiving a .png file makes you shrink in horror, why not just build > a tool which inspects the bloody things and which strips out any of > the unnatural/evil/smuggled content, leaving behind just an utterly > harmless toothless actual image file? > > I tried googling for "attachment disinfection" but it appears that most > or all of the hits I get are to do with water purification and/or other > biology-related subjects. > > So seriously, nobody ever built an attachment disinfector? > > > Regards, > rfg > _______________________________________________ > freebsd-security@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org > " > From owner-freebsd-security@freebsd.org Mon Sep 12 14:21:55 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7B84CBD849A for ; Mon, 12 Sep 2016 14:21:55 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 3E868DA3; Mon, 12 Sep 2016 14:21:54 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (localhost [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id 6AF4428498; Mon, 12 Sep 2016 16:13:43 +0200 (CEST) Received: from illbsd.quip.test (ip-86-49-16-209.net.upcbroadband.cz [86.49.16.209]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id 528B328485; Mon, 12 Sep 2016 16:13:42 +0200 (CEST) Subject: Re: using pkg audit to show base vulnerabilities To: Mark Felder , freebsd security References: <57BEE965.8000903@quip.cz> <1473283515.3860529.718903225.76BE1456@webmail.messagingengine.com> From: Miroslav Lachman <000.fbsd@quip.cz> Message-ID: <57D6B816.7060407@quip.cz> Date: Mon, 12 Sep 2016 16:13:42 +0200 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:42.0) Gecko/20100101 Firefox/42.0 SeaMonkey/2.39 MIME-Version: 1.0 In-Reply-To: <1473283515.3860529.718903225.76BE1456@webmail.messagingengine.com> Content-Type: text/plain; charset=ISO-8859-2; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Sep 2016 14:21:55 -0000 Mark Felder wrote on 09/07/2016 23:25: > > > On Thu, Aug 25, 2016, at 07:49, Miroslav Lachman wrote: >> I am not sure if this is the right list or not. If not, please redirect >> me to the right one. >> >> I noticed this post from Mark Felder >> https://blog.feld.me/posts/2016/08/monitoring-freebsd-base-system-vulnerabilities-with-pkg-audit/ >> >> Great work Mark, thank you! >> >> I found it very useful. I want this to be part of the nightly reports on >> all our machines so I tried to write 405.base-audit. It is based on >> original 410.pkg-audit >> It can check kernel and world of a host or world in jail or chroot (if >> freebsd-version is installed in jail or chroot) >> >> You can my find first attempt at >> http://freebsd.quip.cz/script/405.base-audit.sh >> > > I have been toying with the idea of creating a port that provides a > script called "baseaudit" that can make it very easy to check your > system for known vulns. With the majority of the logic in this script we > could also include this periodic script in the package which would check > nightly as well. Perhaps we should collaborate on this together? I will > need to review your script in detail but at a glance it appears very > thorough. I filed this PR in the meantime https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=212306 We are using this patch in our Poudriere package builder. If you think new port is better then of course I can help with this. Any improvement is better than current state where users cannot easily audit base system and jails. Miroslav Lachman From owner-freebsd-security@freebsd.org Tue Sep 13 21:07:10 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A52A2BD9AF9 for ; Tue, 13 Sep 2016 21:07:10 +0000 (UTC) (envelope-from rfg@tristatelogic.com) Received: from outgoing.tristatelogic.com (segfault.tristatelogic.com [69.62.255.118]) by mx1.freebsd.org (Postfix) with ESMTP id 91C2B7D2 for ; Tue, 13 Sep 2016 21:07:10 +0000 (UTC) (envelope-from rfg@tristatelogic.com) Received: from segfault-nmh-helo.tristatelogic.com (localhost [127.0.0.1]) by segfault.tristatelogic.com (Postfix) with ESMTP id 6673C3AEF8 for ; Tue, 13 Sep 2016 14:07:09 -0700 (PDT) From: "Ronald F. Guilmette" To: freebsd-security@freebsd.org Subject: ftpd leaks info which might be useful to an attacker Date: Tue, 13 Sep 2016 14:07:09 -0700 Message-ID: <68595.1473800829@segfault.tristatelogic.com> X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Sep 2016 21:07:10 -0000 I've been moving all of my stuff over to a shiny new VM that I've purchased, and in the process I am having to revisit various configuration decisions I made 10 years ago or more. One set of such decisions has to do with the following files: ~ftp/etc/group ~ftp/etc/pwd.db Thinking about how the contents of these files affects the behavior of the ftp DIR command caused me to realize that I actually would prefer it if there were some some option available for ftpd which would cause it to display only something like ---- where it currently attempts to print either a user ID name or number or a group ID name or number. I should perhaps mention that I'm using the -A option to ftpd, and that thus, pretty much any Tom, dick, and harry on the whole Internet will be able to log in (as anonymous) to my FTP server and then scrounge around for intersting stuff. I would kind of prefer if the stuff that any such party could find would _not_ include actual user or group IDs, or even numeric UIDs/GIDs. So, um, anybody else agree that it might be Better if ftpd could be coerced into not leaking this kind fo account information? From owner-freebsd-security@freebsd.org Tue Sep 13 21:27:33 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A7BD1BD9FA9 for ; Tue, 13 Sep 2016 21:27:33 +0000 (UTC) (envelope-from lyndon@orthanc.ca) Received: from orthanc.ca (orthanc.ca [IPv6:2607:f2f8:abf8::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "orthanc.ca", Issuer "Let's Encrypt Authority X1" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 91F1FF49 for ; Tue, 13 Sep 2016 21:27:33 +0000 (UTC) (envelope-from lyndon@orthanc.ca) Received: from localhost (localhost [IPv6:::1]) by orthanc.ca (8.15.2/8.15.2) with ESMTPS id u8DLRM5I054589 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 13 Sep 2016 14:27:22 -0700 (PDT) (envelope-from lyndon@orthanc.ca) Date: Tue, 13 Sep 2016 14:27:22 -0700 (PDT) From: Lyndon Nerenberg To: "Ronald F. Guilmette" cc: freebsd-security@freebsd.org Subject: Re: ftpd leaks info which might be useful to an attacker In-Reply-To: <68595.1473800829@segfault.tristatelogic.com> Message-ID: References: <68595.1473800829@segfault.tristatelogic.com> User-Agent: Alpine 2.20 (BSF 67 2015-01-07) Organization: The Frobozz Magic Homing Pigeon Company MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed X-Spam-Status: No, score=-0.0 required=5.0 tests=ALL_TRUSTED,BAYES_00, MISSING_DATE,MISSING_FROM,MISSING_MID autolearn=no autolearn_force=no version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on orthanc.ca X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Sep 2016 21:27:33 -0000 > Thinking about how the contents of these files affects the behavior of > the ftp DIR command caused me to realize that I actually would prefer > it if there were some some option available for ftpd which would cause > it to display only something like ---- where it currently attempts to > print either a user ID name or number or a group ID name or number. I would be concerned about programs that parse that output choking on a field of only hyphens. It's likely safer to just report the uid and gid as 0 (or 666, or some other made-up number of your choice). --lyndon From owner-freebsd-security@freebsd.org Wed Sep 14 07:58:18 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9EB4ABDA6B6 for ; Wed, 14 Sep 2016 07:58:18 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk [IPv6:2001:8b0:151:1:c4ea:bd49:619b:6cb3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.infracaninophile.co.uk", Issuer "infracaninophile.co.uk" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 308FF232 for ; Wed, 14 Sep 2016 07:58:18 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from liminal.local (liminal.infracaninophile.co.uk [IPv6:2001:8b0:151:1:3636:3bff:fed4:b0d6]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: m.seaman@infracaninophile.co.uk) by smtp.infracaninophile.co.uk (Postfix) with ESMTPSA id 3402A1B59 for ; Wed, 14 Sep 2016 07:58:13 +0000 (UTC) Authentication-Results: smtp.infracaninophile.co.uk; dmarc=none header.from=FreeBSD.org Authentication-Results: smtp.infracaninophile.co.uk/3402A1B59; dkim=none; dkim-atps=neutral Subject: Re: ftpd leaks info which might be useful to an attacker To: freebsd-security@freebsd.org References: <68595.1473800829@segfault.tristatelogic.com> From: Matthew Seaman Message-ID: <1333775a-3398-ab93-66fe-6c381eb5c428@FreeBSD.org> Date: Wed, 14 Sep 2016 08:58:07 +0100 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 MIME-Version: 1.0 In-Reply-To: <68595.1473800829@segfault.tristatelogic.com> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="M7Uo75exWSvLre1MGgerLt5kOAKaG8T1n" X-Spam-Status: No, score=-1.2 required=5.0 tests=BAYES_00,SPF_SOFTFAIL autolearn=no autolearn_force=no version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on smtp.infracaninophile.co.uk X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Sep 2016 07:58:18 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --M7Uo75exWSvLre1MGgerLt5kOAKaG8T1n Content-Type: multipart/mixed; boundary="Q3aVhxrtXrQnPRMFL5bhAjXMvFBU5bNQR"; protected-headers="v1" From: Matthew Seaman To: freebsd-security@freebsd.org Message-ID: <1333775a-3398-ab93-66fe-6c381eb5c428@FreeBSD.org> Subject: Re: ftpd leaks info which might be useful to an attacker References: <68595.1473800829@segfault.tristatelogic.com> In-Reply-To: <68595.1473800829@segfault.tristatelogic.com> --Q3aVhxrtXrQnPRMFL5bhAjXMvFBU5bNQR Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 13/09/2016 22:07, Ronald F. Guilmette wrote: > One set of such decisions has to do with the following files: >=20 > ~ftp/etc/group > ~ftp/etc/pwd.db >=20 > Thinking about how the contents of these files affects the behavior of > the ftp DIR command caused me to realize that I actually would prefer > it if there were some some option available for ftpd which would cause > it to display only something like ---- where it currently attempts to > print either a user ID name or number or a group ID name or number. Why is this a problem, given that all the user and group IDs your ftpd will display come from the private files in your chroot? You can make the ownership of the files under ~ftp anything you want, and you can make them appear as anything you want. In practice I'd make everything owned by root:wheel, unless you want to support uploading, in which case *only* the area files can be uploaded to should be made owned by ftpd and writable by that UID. Some sort of cron job running chown and chmod recursively over that collection to enforce this would be a good idea. > I should perhaps mention that I'm using the -A option to ftpd, and that= > thus, pretty much any Tom, dick, and harry on the whole Internet will > be able to log in (as anonymous) to my FTP server and then scrounge > around for intersting stuff. I would kind of prefer if the stuff that > any such party could find would _not_ include actual user or group IDs,= > or even numeric UIDs/GIDs. Basically don't mix anonymous access with password authenticated access. Also, don't use password access with *plaintext* protocols like FTP. About the only useful way to use FTP any more is for anonymous read-only access to download stuff from an archive -- and in that use case, a web server is generally a much better choice. FTP as a protocol is archaic and needs to die. Cheers, Matthew --Q3aVhxrtXrQnPRMFL5bhAjXMvFBU5bNQR-- --M7Uo75exWSvLre1MGgerLt5kOAKaG8T1n Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQJ8BAEBCgBmBQJX2QMVXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2NTNBNjhCOTEzQTRFNkNGM0UxRTEzMjZC QjIzQUY1MThFMUE0MDEzAAoJELsjr1GOGkAT3DgP/joaPF8Iv3qxfdNdqGTpQ+qt 21oa/5ajfcDQAPKtIzD8wUS/xisTy8TM5Xh1ydoqF2FW/x4WGcfU3rPrnwIkjVwj dZy3vUoXOTIuRC7+n6wAI/xFbp4FB/fhEkNJDBbl1aT0nokGry9sMSe0mfgEbym9 9v7JjBIrAJnxtIPe7mD28P2AQa94uHMS/QID8XiK/VxnH6ySNjP9bOiTQXtFzr31 JY3sYrIamEelS623rtFoyA5BbVezxw48pz+vCufx4VV3TkT5eW+7nXkIAEzKGoNj BCUyWy8U5qzIVuXF5tFqdWOsl+8KGyUkwP9VKneoMXtB7gUrOB6+mHcbbec8Jm3K SY8dE0P4w9l4zqIi/SI52fUp+D7CF9hbV1heHvl15bsVlRI/eJY7akpGCcQXYgL7 AXA0WfDB4bgCZA+V/QCNQVenCE3CxKW+usnCBo1/0ZoLOHJo74UW5RqDyHguW8f0 VivAa83vORjXMKWkBUBS1tmoD3u7a+o5jwM0iCGLC4fTqgxT5BGNiJ/FGS69fYjt aGyJZ347pr8hI3bOokKKHTMKhGTAeXwzg30GfbWbHcAplDTpd4LcT5SRhIBTxjWr P5hjdJE4jl0bjVv2yGnM/9ek+OFtnhKQE+Z8WWsabaxRuX+NPXegZaut16X5BTNC 7ODpByT0taPTbbwBgPrS =RtHo -----END PGP SIGNATURE----- --M7Uo75exWSvLre1MGgerLt5kOAKaG8T1n-- From owner-freebsd-security@freebsd.org Wed Sep 14 11:29:28 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 18D82AC487A for ; Wed, 14 Sep 2016 11:29:28 +0000 (UTC) (envelope-from martin@lispworks.com) Received: from lwfs1-cam.cam.lispworks.com (mail.lispworks.com [46.17.166.21]) by mx1.freebsd.org (Postfix) with ESMTP id B21D4163F for ; Wed, 14 Sep 2016 11:29:26 +0000 (UTC) (envelope-from martin@lispworks.com) Received: from higson.cam.lispworks.com (higson.cam.lispworks.com [192.168.1.7]) by lwfs1-cam.cam.lispworks.com (8.14.9/8.14.9) with ESMTP id u8EBII47093746; Wed, 14 Sep 2016 12:18:18 +0100 (BST) (envelope-from martin@lispworks.com) Received: from higson.cam.lispworks.com (localhost.localdomain [127.0.0.1]) by higson.cam.lispworks.com (8.14.4) id u8EBIHC2006155; Wed, 14 Sep 2016 12:18:17 +0100 Received: (from martin@localhost) by higson.cam.lispworks.com (8.14.4/8.14.4/Submit) id u8EBIHss006151; Wed, 14 Sep 2016 12:18:17 +0100 Date: Wed, 14 Sep 2016 12:18:17 +0100 Message-Id: <201609141118.u8EBIHss006151@higson.cam.lispworks.com> From: Martin Simmons To: "Ronald F. Guilmette" CC: freebsd-security@freebsd.org In-reply-to: <68595.1473800829@segfault.tristatelogic.com> (rfg@tristatelogic.com) Subject: Re: ftpd leaks info which might be useful to an attacker References: <68595.1473800829@segfault.tristatelogic.com> X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Sep 2016 11:29:28 -0000 >>>>> On Tue, 13 Sep 2016 14:07:09 -0700, Ronald F Guilmette said: > > I've been moving all of my stuff over to a shiny new VM that I've > purchased, and in the process I am having to revisit various > configuration decisions I made 10 years ago or more. > > One set of such decisions has to do with the following files: > > ~ftp/etc/group > ~ftp/etc/pwd.db > > Thinking about how the contents of these files affects the behavior of > the ftp DIR command caused me to realize that I actually would prefer > it if there were some some option available for ftpd which would cause > it to display only something like ---- where it currently attempts to > print either a user ID name or number or a group ID name or number. > > I should perhaps mention that I'm using the -A option to ftpd, and that > thus, pretty much any Tom, dick, and harry on the whole Internet will > be able to log in (as anonymous) to my FTP server and then scrounge > around for intersting stuff. I would kind of prefer if the stuff that > any such party could find would _not_ include actual user or group IDs, > or even numeric UIDs/GIDs. > > So, um, anybody else agree that it might be Better if ftpd could be > coerced into not leaking this kind fo account information? You might consider an ftp daemon such as proftpd, which doesn't require an etc in the chroot and also has options for hiding the real uid/gid of the files. __Martin From owner-freebsd-security@freebsd.org Wed Sep 14 13:20:03 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E6659BDAE0D for ; Wed, 14 Sep 2016 13:20:03 +0000 (UTC) (envelope-from marquis@roble.com) Received: from mx5.roble.com (mx5.roble.com [206.40.34.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx5.roble.com", Issuer "mx5.roble.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id CBB4A1C30; Wed, 14 Sep 2016 13:20:03 +0000 (UTC) (envelope-from marquis@roble.com) Date: Wed, 14 Sep 2016 06:14:51 -0700 (PDT) From: Roger Marquis To: Matthew Seaman cc: freebsd-security@freebsd.org Subject: Re: ftpd leaks info which might be useful to an attacker In-Reply-To: <1333775a-3398-ab93-66fe-6c381eb5c428@FreeBSD.org> References: <68595.1473800829@segfault.tristatelogic.com> <1333775a-3398-ab93-66fe-6c381eb5c428@FreeBSD.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Sep 2016 13:20:04 -0000 Matthew Seaman wrote: > FTP as a protocol is archaic and needs to die. A good step towards that would be the deprecation of ftpd in base. IMO, Roger From owner-freebsd-security@freebsd.org Wed Sep 14 13:30:56 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5BF41BD91BE for ; Wed, 14 Sep 2016 13:30:56 +0000 (UTC) (envelope-from marquis@roble.com) Received: from mx5.roble.com (mx5.roble.com [206.40.34.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx5.roble.com", Issuer "mx5.roble.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 42CC51234; Wed, 14 Sep 2016 13:30:55 +0000 (UTC) (envelope-from marquis@roble.com) Date: Wed, 14 Sep 2016 06:30:54 -0700 (PDT) From: Roger Marquis To: Matthew Seaman cc: freebsd-security@freebsd.org Subject: Re: ftpd leaks info which might be useful to an attacker MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Sep 2016 13:30:56 -0000 > Matthew Seaman wrote: >> FTP as a protocol is archaic and needs to die. > > A good step towards that would be the deprecation of ftpd in base. As well as the rest of the legacy daemons under /usr/libexec(/*d, other than tcpd). Roger From owner-freebsd-security@freebsd.org Wed Sep 14 18:07:53 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 92B74BD55AF for ; Wed, 14 Sep 2016 18:07:53 +0000 (UTC) (envelope-from beebe@math.utah.edu) Received: from mail.math.utah.edu (mail.math.utah.edu [155.101.98.135]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.math.utah.edu", Issuer "InCommon RSA Server CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 6B1D71EFE; Wed, 14 Sep 2016 18:07:53 +0000 (UTC) (envelope-from beebe@math.utah.edu) Received: from gamma.math.utah.edu (gamma.math.utah.edu [155.101.96.20]) by mail.math.utah.edu (8.14.8/8.14.8) with ESMTP id u8EHXVM6026765; Wed, 14 Sep 2016 11:33:36 -0600 (MDT) Received: from gamma.math.utah.edu (localhost [127.0.0.1]) by gamma.math.utah.edu (8.15.1/8.15.1) with ESMTP id u8EHXVPt131707; Wed, 14 Sep 2016 11:33:31 -0600 Received: (from beebe@localhost) by gamma.math.utah.edu (8.15.1/8.15.1/Submit) id u8EHXVJk131706; Wed, 14 Sep 2016 11:33:31 -0600 Date: Wed, 14 Sep 2016 11:33:31 -0600 From: "Nelson H. F. Beebe" To: Matthew Seaman Cc: beebe@math.utah.edu, freebsd-security@freebsd.org X-US-Mail: "Department of Mathematics, 110 LCB, University of Utah, 155 S 1400 E RM 233, Salt Lake City, UT 84112-0090, USA" X-Telephone: +1 801 581 5254 X-FAX: +1 801 581 4148 X-URL: http://www.math.utah.edu/~beebe Subject: Re: ftpd leaks info which might be useful to an attacker In-Reply-To: <1333775a-3398-ab93-66fe-6c381eb5c428@FreeBSD.org> Message-ID: X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.3.8 (mail.math.utah.edu [155.101.98.135]); Wed, 14 Sep 2016 11:33:36 -0600 (MDT) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Sep 2016 18:07:53 -0000 Matthew Seaman writes today: >> About the only useful way to use FTP any more is for anonymous read-only >> access to download stuff from an archive -- and in that use case, a web >> server is generally a much better choice. FTP as a protocol is archaic >> and needs to die. I agree with the first point (up to the dash), but strongly disagree with the second: FTP provides directory listing capability, whereas HTTP does not. I use "dir -tr" in FTP connections quite frequently, and I find the timestamps in the directory listings critical information that is routinely lost at many HTTP-only sites. ------------------------------------------------------------------------------- - Nelson H. F. Beebe Tel: +1 801 581 5254 - - University of Utah FAX: +1 801 581 4148 - - Department of Mathematics, 110 LCB Internet e-mail: beebe@math.utah.edu - - 155 S 1400 E RM 233 beebe@acm.org beebe@computer.org - - Salt Lake City, UT 84112-0090, USA URL: http://www.math.utah.edu/~beebe/ - ------------------------------------------------------------------------------- From owner-freebsd-security@freebsd.org Wed Sep 14 19:21:59 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 676F0BD6FC4; Wed, 14 Sep 2016 19:21:59 +0000 (UTC) (envelope-from kaduk@mit.edu) Received: from dmz-mailsec-scanner-1.mit.edu (dmz-mailsec-scanner-1.mit.edu [18.9.25.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id EDC901B9E; Wed, 14 Sep 2016 19:21:58 +0000 (UTC) (envelope-from kaduk@mit.edu) X-AuditID: 1209190c-5d3ff70000001b1f-9d-57d9a34e5785 Received: from mailhub-auth-4.mit.edu ( [18.7.62.39]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by (Symantec Messaging Gateway) with SMTP id 78.77.06943.E43A9D75; Wed, 14 Sep 2016 15:21:51 -0400 (EDT) Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-4.mit.edu (8.13.8/8.9.2) with ESMTP id u8EJLn41002721; Wed, 14 Sep 2016 15:21:49 -0400 Received: from multics.mit.edu (system-low-sipb.mit.edu [18.187.2.37]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id u8EJLkHx009571 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 14 Sep 2016 15:21:49 -0400 Received: (from kaduk@localhost) by multics.mit.edu (8.12.9.20060308) id u8EJLkUA010070; Wed, 14 Sep 2016 15:21:46 -0400 (EDT) Date: Wed, 14 Sep 2016 15:21:46 -0400 (EDT) From: Benjamin Kaduk To: freebsd-security@freebsd.org cc: freebsd-current@freebsd.org Subject: Heimdal in base In-Reply-To: <86egfu9z0j.fsf@desk.des.no> Message-ID: References: <86io5a9ome.fsf@desk.des.no> <56428E8A.3090201@FreeBSD.org> <56428F59.5010908@FreeBSD.org> <86y4e47uty.fsf@desk.des.no> <56436F4B.8050002@FreeBSD.org> <86r3jwfpiq.fsf@desk.des.no> <20151111181339.GE48728@zxy.spb.ru> <86io58flhk.fsf@desk.des.no> <20151111184448.GR31314@zxy.spb.ru> <86egfu9z0j.fsf@desk.des.no> User-Agent: Alpine 1.10 (GSO 962 2008-03-14) MIME-Version: 1.0 Content-ID: X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprBKsWRmVeSWpSXmKPExsUixG6nruu/+Ga4wZmJrBZz3nxgsujZ9ITN gcljxqf5LAGMUVw2Kak5mWWpRfp2CVwZt14+YC34LFJx4sBylgbGeYJdjJwcEgImElNfv2Lr YuTiEBJoY5Lom/SGCcLZyCgxecU/RgjnEJPEnG0rWEFahAQaGCV+v+fvYuTgYBHQlpg1yxEk zCagIjHzzUY2EFtEQEGi69MPdhCbWUBe4v+Vy0wgtrCAhMSMlXMZQWxOAU2Jqx9PMoPYvAIO El8W9bJC7NrHLHFuSRdYQlRAR2L1/iksEEWCEidnPmGBGBogsezTLEYI20Giacoe5gmMgrOQ lM1CUjYLSRmErSvxZtVBJghbW+L+zTY2mJoFrVPZFjCyrWKUTcmt0s1NzMwpTk3WLU5OzMtL LdI11MvNLNFLTSndxAiKAE5Jnh2MZ954HWIU4GBU4uG9EXAzXIg1say4MvcQoyQHk5Io77r5 QCG+pPyUyozE4oz4otKc1OJDjBIczEoivEYgOd6UxMqq1KJ8mJQ0B4uSOG/XjAPhQgLpiSWp 2ampBalFMFkZDg4lCd7URUCNgkWp6akVaZk5JQhpJg5OkOE8QMMrQGp4iwsSc4sz0yHypxgV pcR5vUESAiCJjNI8uF5wgtrNpPqKURzoFWHeKyBVPMDkBtf9CmgwE9DgLWuugwwuSURISTUw BrTvZ/+i9zVt80vN+0ycpU1PeLfoTwl498HWK1Zwfsk1hqozzrH/ooNMdF4F8PncXnT12JfI lFXhs5vXR9yz+1U2uzfwX0NfVZ/wPIPrx6I0C9mmxytaSJ69PNU0IHf/6TXdLmsWWc61EXuf dPz8pL6vck1n17yZ42T8c2PV5+MznT0Z1KPUlFiKMxINtZiLihMBJ8cIKSsDAAA= Content-Type: TEXT/PLAIN; charset=ISO-8859-15 Content-Transfer-Encoding: QUOTED-PRINTABLE X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Sep 2016 19:21:59 -0000 (was Re: OpenSSH HPN) [See https://lists.freebsd.org/pipermail/freebsd-security/2015-November/008747.h= tml for the bits that Dag-Erling skipped] On Fri, 13 Nov 2015, Dag-Erling Sm=F8rgrav wrote: > Benjamin Kaduk writes: > > Things seem to have slowed down a lot since the lead Heimdal developer > > got hired for Apple. [...] MIT employs developers whose job > > descriptions include being the krb5 release manager [...] Heimdal has > > changed plans to a 1.7 release [...] and since the developers in > > question are being paid to work on other things, there is no real > > timeline for the release. > > Given this state of affairs, it might not be unreasonable to consider > switching back for 11. There should be enough time, provided our > Kerberos maintainers have some spare cycles. Well, it's definitely too late for 11, now. But, Debian is preparing to remove their heimdal package entirely, imminently: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D837728 I also can't find an archive of heimdal-discuss@sics.se that still works (now that gmane is gone), so I'll quote the relevant message from there, below. Maybe we should consider dropping heimdal for 12. -Ben %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Date: Wed, 14 Sep 2016 14:58:27 -0400 From: Andrew Bartlett To: heimdal-discuss@sics.se Subject: Heimdal to be removed from Debian shortly FYI: I'm sorry to say that per: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D834654 and https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D837728 Heimdal will shortly be removed from Debian. It is the view of those of us involved that inclusion of sensitive security software in the next stable release of Debian needs the normal pattern of maintained upstream releases, not just a git tree to take snapshots from. It is also being eased out of Samba, we will make further decisions once we get a build against MIT krb5 working. Sorry, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.orgSamba Developer, Catalyst IT http://catalyst.net.nz/services/samba From owner-freebsd-security@freebsd.org Wed Sep 14 19:49:14 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BF523BDAC6A for ; Wed, 14 Sep 2016 19:49:14 +0000 (UTC) (envelope-from drosih@rpi.edu) Received: from smtp10.server.rpi.edu (gateway.canit.rpi.edu [128.113.2.230]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "canit.localdomain", Issuer "canit.localdomain" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 9600D1226 for ; Wed, 14 Sep 2016 19:49:13 +0000 (UTC) (envelope-from drosih@rpi.edu) Received: from smtp-auth2.server.rpi.edu (route.canit.rpi.edu [128.113.2.232]) by smtp10.server.rpi.edu (8.14.4/8.14.4/Debian-8) with ESMTP id u8EJk2DW026872 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 14 Sep 2016 15:46:02 -0400 Received: from smtp-auth2.server.rpi.edu (localhost [127.0.0.1]) by smtp-auth2.server.rpi.edu (Postfix) with ESMTP id 41DB018112; Wed, 14 Sep 2016 15:46:02 -0400 (EDT) Received: from [128.113.24.47] (gilead-qc124.netel.rpi.edu [128.113.124.17]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: drosih) by smtp-auth2.server.rpi.edu (Postfix) with ESMTPSA id 369041811F; Wed, 14 Sep 2016 15:46:02 -0400 (EDT) From: "Garance A Drosehn" To: "Ronald F. Guilmette" Cc: freebsd-security@freebsd.org Subject: Re: ftpd leaks info which might be useful to an attacker Date: Wed, 14 Sep 2016 15:46:01 -0400 Message-ID: <3B1B7AA4-5342-4682-ADB6-16C40F3A97E1@rpi.edu> In-Reply-To: <68595.1473800829@segfault.tristatelogic.com> References: <68595.1473800829@segfault.tristatelogic.com> MIME-Version: 1.0 X-Mailer: MailMate (1.9.5r5260) X-Virus-Scanned: ClamAV using ClamSMTP X-Bayes-Prob: 0.0001 (Score 0, tokens from: outgoing, @@RPTN) X-Spam-Score: 0.00 () [Hold at 10.10] X-CanIt-Incident-Id: 03RHvK2qe X-CanIt-Geo: ip=128.113.124.17; country=US; region=New York; city=Troy; latitude=42.7495; longitude=-73.5951; http://maps.google.com/maps?q=42.7495,-73.5951&z=6 X-CanItPRO-Stream: outgoing X-Canit-Stats-ID: Bayes signature not available X-Scanned-By: CanIt (www . roaringpenguin . com) on 128.113.2.230 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Sep 2016 19:49:14 -0000 On 13 Sep 2016, at 17:07, Ronald F. Guilmette wrote: > > One set of such decisions has to do with the following files: > > ~ftp/etc/group > ~ftp/etc/pwd.db > > Thinking about how the contents of these files affects the behavior of > the ftp DIR command caused me to realize that I actually would prefer > it if there were some some option available for ftpd which would cause > it to display only something like ---- where it currently attempts to > print either a user ID name or number or a group ID name or number. Those files completely under the control of the sysadmin (aka "you"), so you can put whatever you want in those files. In my case, I think I wrote a script which generates those two files from the real system files, but it changes the userid and group names. In my case I went with fake userid's which were the first-and-last letters of the real userid, followed by the UID. That way there's some helpful information there for the people who *do* have access to the passwd info for that machine, but there isn't much info for others. -- Garance Alistair Drosehn = drosih@rpi.edu Senior Systems Programmer or gad@FreeBSD.org Rensselaer Polytechnic Institute; Troy, NY; USA From owner-freebsd-security@freebsd.org Wed Sep 14 21:36:29 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DECDEB969BC; Wed, 14 Sep 2016 21:36:29 +0000 (UTC) (envelope-from dewaynegeraghty@gmail.com) Received: from mail-it0-x236.google.com (mail-it0-x236.google.com [IPv6:2607:f8b0:4001:c0b::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id AD9F61DEE; Wed, 14 Sep 2016 21:36:29 +0000 (UTC) (envelope-from dewaynegeraghty@gmail.com) Received: by mail-it0-x236.google.com with SMTP id r192so65247469ita.0; Wed, 14 Sep 2016 14:36:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Q2BQUb2YFvT2VCtTEP308vPNAayZsJAY1fZwkHBHMTc=; b=SucfAuWa5TdZBux/xJ3Cr0Ncrf+4x4tqbGEv8hw/QSQ/sdOpV6wKA0uXxy4Wdv0v/n +J55FsZIStwZ9lIRYHaitAzz6GgtfWxSTg09dgtgnVb4WlA7TS1GU0s9ErqLWFVv3+jr vVP0+A+oyFNOKjUlNPzVVnFDtjxF/ryI5APf7BGntSVXHT/++8qfJwQw0Xi/t1DHmyZz 7pWgotaykXt7IJXG+0xQS6F395wnR3vt2ysOEm8cIr47bY1B+tcfz2I4ykiWUtmaOrgZ 1mOOIEu8pBAm7GsJ9S5gai/SbjrBU/D3Jroc6lRvFo5eWUGy0vl5pvvaKkGq+iAR9Ehc hkLQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Q2BQUb2YFvT2VCtTEP308vPNAayZsJAY1fZwkHBHMTc=; b=DmJal/ICsaRBQF6ms5drq6M+0ohLMjBr1d82SKGVxr/BH4MrrEh8lEEmKPRyRTPlQT /lYOWM0OrCZjaSMCy87Hmg5mQH1RRmZfZ4eLWXt7SsnMTdLCIqrOCsH92trOre4XmLY+ u7BxTg5/D9JzyY4HqDwNZawKdem7zSws3hPllGOfQeUSvLbel87Hu6FkSMrNUpD43QMR +e4Ca0w1BfS7sEdaXU/GTU4Qz7es+ff1ymFY3j+GGcdjBz9sewmO/h4WFfFbLnaxVTEG oQ4oicjMBnga6C/y6oJIVhp+ErxHkY7P2Rl4YfqxHuaAIOQvjQAGZ9mhHjjUWOfXk78X rbQQ== X-Gm-Message-State: AE9vXwOTmM965MkfV998yZk3tEGM6RDRlTNzRdc5XHMRxVjzWLqDT1DNEX3nKRFwGvqFjUg2VQev1En/14lQjg== X-Received: by 10.107.30.69 with SMTP id e66mr11695798ioe.107.1473888989013; Wed, 14 Sep 2016 14:36:29 -0700 (PDT) MIME-Version: 1.0 Received: by 10.79.104.133 with HTTP; Wed, 14 Sep 2016 14:36:28 -0700 (PDT) In-Reply-To: References: <86io5a9ome.fsf@desk.des.no> <56428E8A.3090201@FreeBSD.org> <56428F59.5010908@FreeBSD.org> <86y4e47uty.fsf@desk.des.no> <56436F4B.8050002@FreeBSD.org> <86r3jwfpiq.fsf@desk.des.no> <20151111181339.GE48728@zxy.spb.ru> <86io58flhk.fsf@desk.des.no> <20151111184448.GR31314@zxy.spb.ru> <86egfu9z0j.fsf@desk.des.no> From: Dewayne Geraghty Date: Thu, 15 Sep 2016 07:36:28 +1000 Message-ID: Subject: Re: Heimdal in base To: Benjamin Kaduk Cc: "freebsd-security@freebsd.org" , "freebsd-current@freebsd.org" X-Mailman-Approved-At: Wed, 14 Sep 2016 23:22:36 +0000 Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Sep 2016 21:36:30 -0000 Begs the question-what impact to FreeBSD distribution or use will US export control laws have, if FreeBSD migrated to MIT Kerberos? -- *Disclaimer:* *As implied by email protocols, the information in this message is not confidential. Any intermediary or recipient may inspect, modify (add), copy, forward, reply to, delete, or filter email for any purpose unless said parties are otherwise obligated. Nothing in this message may be legally binding without cryptographic evidence of its integrity and/or confidentiality.* From owner-freebsd-security@freebsd.org Thu Sep 15 02:42:44 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 048E1BDB158; Thu, 15 Sep 2016 02:42:44 +0000 (UTC) (envelope-from kaduk@mit.edu) Received: from dmz-mailsec-scanner-1.mit.edu (dmz-mailsec-scanner-1.mit.edu [18.9.25.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6C60C1797; Thu, 15 Sep 2016 02:42:43 +0000 (UTC) (envelope-from kaduk@mit.edu) X-AuditID: 1209190c-5d3ff70000001b1f-49-57da0a9f1a59 Received: from mailhub-auth-2.mit.edu ( [18.7.62.36]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by (Symantec Messaging Gateway) with SMTP id 2A.F7.06943.F9A0AD75; Wed, 14 Sep 2016 22:42:40 -0400 (EDT) Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-2.mit.edu (8.13.8/8.9.2) with ESMTP id u8F2gc3V029013; Wed, 14 Sep 2016 22:42:39 -0400 Received: from multics.mit.edu (system-low-sipb.mit.edu [18.187.2.37]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id u8F2gZTm024960 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 14 Sep 2016 22:42:38 -0400 Received: (from kaduk@localhost) by multics.mit.edu (8.12.9.20060308) id u8F2gZr7005091; Wed, 14 Sep 2016 22:42:35 -0400 (EDT) Date: Wed, 14 Sep 2016 22:42:35 -0400 (EDT) From: Benjamin Kaduk To: Garrett Wollman , re@freebsd.org cc: freebsd-security@freebsd.org, freebsd-current@freebsd.org Subject: Re: Heimdal in base In-Reply-To: <22490.595.67496.130780@hergotha.csail.mit.edu> Message-ID: References: <86io5a9ome.fsf@desk.des.no> <56428E8A.3090201@FreeBSD.org> <56428F59.5010908@FreeBSD.org> <86y4e47uty.fsf@desk.des.no> <56436F4B.8050002@FreeBSD.org> <86r3jwfpiq.fsf@desk.des.no> <20151111181339.GE48728@zxy.spb.ru> <86io58flhk.fsf@desk.des.no> <20151111184448.GR31314@zxy.spb.ru> <86egfu9z0j.fsf@desk.des.no> <22490.595.67496.130780@hergotha.csail.mit.edu> User-Agent: Alpine 1.10 (GSO 962 2008-03-14) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrBIsWRmVeSWpSXmKPExsUixG6noruA61a4wawF6hZz3nxgsujZ9ITN 4uN8bYsdn+6yO7B4XJp6m9Vjxqf5LAFMUVw2Kak5mWWpRfp2CVwZdz7cZyw4wFrx48R2lgbG 7SxdjJwcEgImElemb2TqYuTiEBJoY5J4vPk+M4SzkVHi/7EVUJlDTBJf/jZDZRoYJV4tXccI 0s8ioC3x6+ZXVhCbTUBFoqH7MjOILSJgIzFx23qwHcwCthILN69iA7GFBWQkjn5fCxbnBKq5 c/Em2BxeAQeJ/e9XQi1YyiKxquc4WJGogI7E6v1TWCCKBCVOznwCNVRLYvn0bSwTGAVmIUnN QpJawMi0ilE2JbdKNzcxM6c4NVm3ODkxLy+1SNdQLzezRC81pXQTIyhQOSV5djCeeeN1iFGA g1GJh/dGwM1wIdbEsuLK3EOMkhxMSqK86+YDhfiS8lMqMxKLM+KLSnNSiw8xSnAwK4nwruC8 FS7Em5JYWZValA+TkuZgURLn7ZpxIFxIID2xJDU7NbUgtQgmK8PBoSTBmwbSKFiUmp5akZaZ U4KQZuLgBBnOAzR8Gdjw4oLE3OLMdIj8KUZdjgU/bq9lEmLJy89LlRLntQQpEgApyijNg5sD TjC7mVRfMYoDvSXMKwFMN0I8wOQEN+kV0BImoCVb1lwHWVKSiJCSamBU0jyzJl/pjskTjkcr 7PmXuE788ueOkkh7vZKev8ClXQwcvf/8Tx6fKf00Yl7SbcEs90fPVp69k5mr/7jc5E/kg22W q3xFAw1WpjW/MXipa/+RveTKr/LQipofHk199l9rss/nP0vc3NukMkOXQ7PG+/WMGOZgJb+7 LA4pz/2WMbqqS14NZVFiKc5INNRiLipOBACzrgnsCwMAAA== X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Sep 2016 02:42:44 -0000 On Wed, 14 Sep 2016, Garrett Wollman wrote: > < said: > > > Well, it's definitely too late for 11, now. > > > But, Debian is preparing to remove their heimdal package entirely, > > imminently: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837728 > [...] > > Since 11.0 hasn't been released yet, is it within the realm of > possibility to officially deprecate Heimdal-in-base before it ships? > At this stage all that would involve is putting an announcement in the > release notes. If you're going to propose that, asking re@ seems like the right things to do. Adding them to the recipient list... -Ben From owner-freebsd-security@freebsd.org Thu Sep 15 02:07:17 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C1D30BDB986; Thu, 15 Sep 2016 02:07:17 +0000 (UTC) (envelope-from wollman@hergotha.csail.mit.edu) Received: from hergotha.csail.mit.edu (wollman-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:ccb::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 85A871B1E; Thu, 15 Sep 2016 02:07:17 +0000 (UTC) (envelope-from wollman@hergotha.csail.mit.edu) Received: from hergotha.csail.mit.edu (localhost [127.0.0.1]) by hergotha.csail.mit.edu (8.15.2/8.15.2) with ESMTP id u8F27Fl9067806; Wed, 14 Sep 2016 22:07:15 -0400 (EDT) (envelope-from wollman@hergotha.csail.mit.edu) Received: (from wollman@localhost) by hergotha.csail.mit.edu (8.15.2/8.14.4/Submit) id u8F27F7Y067805; Wed, 14 Sep 2016 22:07:15 -0400 (EDT) (envelope-from wollman) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <22490.595.67496.130780@hergotha.csail.mit.edu> Date: Wed, 14 Sep 2016 22:07:15 -0400 From: Garrett Wollman To: Benjamin Kaduk Cc: freebsd-security@freebsd.org, freebsd-current@freebsd.org Subject: Re: Heimdal in base In-Reply-To: References: <86io5a9ome.fsf@desk.des.no> <56428E8A.3090201@FreeBSD.org> <56428F59.5010908@FreeBSD.org> <86y4e47uty.fsf@desk.des.no> <56436F4B.8050002@FreeBSD.org> <86r3jwfpiq.fsf@desk.des.no> <20151111181339.GE48728@zxy.spb.ru> <86io58flhk.fsf@desk.des.no> <20151111184448.GR31314@zxy.spb.ru> <86egfu9z0j.fsf@desk.des.no> X-Mailer: VM 8.2.0b under 24.5.1 (amd64-portbld-freebsd10.3) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (hergotha.csail.mit.edu [127.0.0.1]); Wed, 14 Sep 2016 22:07:15 -0400 (EDT) X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED, HEADER_FROM_DIFFERENT_DOMAINS autolearn=disabled version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on hergotha.csail.mit.edu X-Mailman-Approved-At: Thu, 15 Sep 2016 11:07:48 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Sep 2016 02:07:17 -0000 < said: > Well, it's definitely too late for 11, now. > But, Debian is preparing to remove their heimdal package entirely, > imminently: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837728 The primary issue, so far as I can see, is that Heimdal and MIT were only compatible in the parts of the API that were formally standardized. For those of us who need MIT (to have a working kadmin, for example), that has pretty much always boiled down to completely disabling Heimdal in base (and anything that depends on it, like OpenSSH, pam_krb5, and GSSAPI-authenticated NFS), and installing replacement bits from ports/packages. If we're going to remove Heimdal from base, we should completely deorbit (or disable, as appropriate) all of the things that depend on it, and make sure that there are ports that provide replacement functionality. (AFAIK the only thing missing is gssd, the user-mode side of the authenticated NFS support.) My bet would be that very few FreeBSD users actually take advantage of this support, and unless they're running in an all-FreeBSD or all-Heimdal shop probably have to install MIT Kerberos anyway. Since we're expecting to have packaged base complete for 12.0, having to install a few extra packages (and replace some base packages with ports packages) should not be an imposition, for those people who want Kerberos support, and for many of us it would make fresh installs less of a hassle. Since 11.0 hasn't been released yet, is it within the realm of possibility to officially deprecate Heimdal-in-base before it ships? At this stage all that would involve is putting an announcement in the release notes. -GAWollman (writing as the administrator of the CSAIL.MIT.EDU realm, but still not speaking for MIT) From owner-freebsd-security@freebsd.org Thu Sep 15 08:05:24 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6FB94BDBA21; Thu, 15 Sep 2016 08:05:24 +0000 (UTC) (envelope-from mat@mat.cc) Received: from prod2.absolight.net (prod2.absolight.net [79.143.243.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "plouf.absolight.net", Issuer "CAcert Class 3 Root" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 3473F1923; Thu, 15 Sep 2016 08:05:23 +0000 (UTC) (envelope-from mat@mat.cc) Received: from prod2.absolight.net (localhost [127.0.0.1]) by prod2.absolight.net (Postfix) with ESMTP id 759D3BDD40; Thu, 15 Sep 2016 10:05:21 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=mat.cc; h=subject:to :references:cc:from:message-id:date:mime-version:in-reply-to :content-type:content-transfer-encoding; s=plouf; bh=+L30iodophp 21OW2FX7yFKx6fG8=; b=fjaOrAFQAgtmIafShSSRQ9BksEfy3PrDriti5KnoZ4x B2kCHTOEBIuKfHoO9hRzAkwsdIJLUAAevS8UETccZaSPNaMtW6szwK6HFJSHDCSc KiZSM0L0TiIpx1mnN+m673NRAAZ7oORewGlT+vUhFMXu6WcZDfxv8vh8oLCtWeIY = Received: from atuin.in.mat.cc (atuin.in.mat.cc [79.143.241.205]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by prod2.absolight.net (Postfix) with ESMTPSA id 599EFBDD31; Thu, 15 Sep 2016 10:05:21 +0200 (CEST) Subject: Re: Heimdal in base To: Dewayne Geraghty , Benjamin Kaduk References: <86io5a9ome.fsf@desk.des.no> <56428E8A.3090201@FreeBSD.org> <56428F59.5010908@FreeBSD.org> <86y4e47uty.fsf@desk.des.no> <56436F4B.8050002@FreeBSD.org> <86r3jwfpiq.fsf@desk.des.no> <20151111181339.GE48728@zxy.spb.ru> <86io58flhk.fsf@desk.des.no> <20151111184448.GR31314@zxy.spb.ru> <86egfu9z0j.fsf@desk.des.no> Cc: "freebsd-security@freebsd.org" , "freebsd-current@freebsd.org" From: Mathieu Arnold Message-ID: <60bf4983-2f43-5f7f-05a4-52b1c55c4746@mat.cc> Date: Thu, 15 Sep 2016 10:05:21 +0200 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Mailman-Approved-At: Thu, 15 Sep 2016 11:32:23 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Sep 2016 08:05:24 -0000 Le 14/09/2016 =C3=A0 23:36, Dewayne Geraghty a =C3=A9crit : > Begs the question-what impact to FreeBSD distribution or use will US ex= port > control laws have, if FreeBSD migrated to MIT Kerberos? I don't think it would have any impact, these days, the restrictions, from what I understand, only apply to military grade hardware or military only encryption ciphers. --=20 Mathieu Arnold From owner-freebsd-security@freebsd.org Thu Sep 15 13:29:01 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 21538BDB611; Thu, 15 Sep 2016 13:29:01 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from zxy.spb.ru (zxy.spb.ru [195.70.199.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D6BC73BC; Thu, 15 Sep 2016 13:29:00 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from slw by zxy.spb.ru with local (Exim 4.86 (FreeBSD)) (envelope-from ) id 1bkWil-000AbF-Qg; Thu, 15 Sep 2016 16:28:55 +0300 Date: Thu, 15 Sep 2016 16:28:55 +0300 From: Slawa Olhovchenkov To: Garrett Wollman Cc: Benjamin Kaduk , freebsd-security@freebsd.org, freebsd-current@freebsd.org Subject: Re: Heimdal in base Message-ID: <20160915132855.GA2960@zxy.spb.ru> References: <56436F4B.8050002@FreeBSD.org> <86r3jwfpiq.fsf@desk.des.no> <20151111181339.GE48728@zxy.spb.ru> <86io58flhk.fsf@desk.des.no> <20151111184448.GR31314@zxy.spb.ru> <86egfu9z0j.fsf@desk.des.no> <22490.595.67496.130780@hergotha.csail.mit.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <22490.595.67496.130780@hergotha.csail.mit.edu> User-Agent: Mutt/1.5.24 (2015-08-30) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: slw@zxy.spb.ru X-SA-Exim-Scanned: No (on zxy.spb.ru); SAEximRunCond expanded to false X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Sep 2016 13:29:01 -0000 On Wed, Sep 14, 2016 at 10:07:15PM -0400, Garrett Wollman wrote: > < said: > > > Well, it's definitely too late for 11, now. > > > But, Debian is preparing to remove their heimdal package entirely, > > imminently: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837728 > > The primary issue, so far as I can see, is that Heimdal and MIT were > only compatible in the parts of the API that were formally > standardized. For those of us who need MIT (to have a working kadmin, > for example), that has pretty much always boiled down to completely > disabling Heimdal in base (and anything that depends on it, like > OpenSSH, pam_krb5, and GSSAPI-authenticated NFS), and installing > replacement bits from ports/packages. > > If we're going to remove Heimdal from base, we should completely > deorbit (or disable, as appropriate) all of the things that depend on > it, and make sure that there are ports that provide replacement > functionality. (AFAIK the only thing missing is gssd, the user-mode > side of the authenticated NFS support.) My bet would be that very few > FreeBSD users actually take advantage of this support, and unless > they're running in an all-FreeBSD or all-Heimdal shop probably have to > install MIT Kerberos anyway. I am use gssd. For $HOME over NFS. From owner-freebsd-security@freebsd.org Thu Sep 15 17:24:12 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A3B3FBDAE99 for ; Thu, 15 Sep 2016 17:24:12 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from hz.grosbein.net (hz.grosbein.net [78.47.246.247]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 8F555ADA; Thu, 15 Sep 2016 17:24:10 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from eg.sd.rdtc.ru (root@eg.sd.rdtc.ru [62.231.161.221]) by hz.grosbein.net (8.14.9/8.14.9) with ESMTP id u8FHNuWI068785 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 15 Sep 2016 19:23:57 +0200 (CEST) (envelope-from eugen@grosbein.net) X-Envelope-From: eugen@grosbein.net X-Envelope-To: freebsd-security@freebsd.org Received: from [10.58.0.10] (dadvw [10.58.0.10]) by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTPS id u8FHNofb003485 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Fri, 16 Sep 2016 00:23:51 +0700 (KRAT) (envelope-from eugen@grosbein.net) To: freebsd-security Cc: dirk@FreeBSD.org, knu@idaemons.org From: Eugene Grosbein Subject: [openssl-announce] FTP access being taken down Message-ID: <57DAD921.4000308@grosbein.net> Date: Fri, 16 Sep 2016 00:23:45 +0700 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.7.2 MIME-Version: 1.0 Content-Type: text/plain; charset=koi8-r; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=0.3 required=5.0 tests=BAYES_00,LOCAL_FROM autolearn=no version=3.3.2 X-Spam-Report: * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * 2.6 LOCAL_FROM From my domains X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on hz.grosbein.net X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Sep 2016 17:24:12 -0000 Hi! OpenSSL announced takedown of ftp://ftp.openssl.org/: https://mta.openssl.org/pipermail/openssl-announce/2016-September/000075.html Our ports collection has several links to this FTP server that should be changed now in Makefiles of following ports: devel/mingw32-openssl security/openssl-devel security/openssl Ports maintainers CC'd.