From owner-freebsd-security Sun Mar 7 8: 5:20 1999 Delivered-To: freebsd-security@freebsd.org Received: from aniwa.sky (p41-max12.wlg.ihug.co.nz [216.100.145.41]) by hub.freebsd.org (Postfix) with ESMTP id D38C714BFC for ; Sun, 7 Mar 1999 08:05:15 -0800 (PST) (envelope-from andrew@squiz.co.nz) Received: from aniwa.sky (localhost [127.0.0.1]) by aniwa.sky (8.9.1a/8.9.1) with ESMTP id FAA28378 for ; Mon, 8 Mar 1999 05:04:55 +1300 (NZDT) Message-Id: <199903071604.FAA28378@aniwa.sky> X-Mailer: exmh version 2.0.2 2/24/98 To: freebsd-security@freebsd.org Subject: upgrade your lsof and super ports Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Mon, 08 Mar 1999 05:04:55 +1300 From: Andrew McNaughton Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I posted earlier (with no effect) about the root exploits of lsof and super, discussed on bugtraq. The ports for these have been updated, so people who have these programs on their machines should grab the latest versions. Andrew McNaughton To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Mar 7 8:51:21 1999 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (FLEDGE.RES.CMU.EDU [128.2.93.229]) by hub.freebsd.org (Postfix) with ESMTP id 2B8E714D53 for ; Sun, 7 Mar 1999 08:51:12 -0800 (PST) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.8.8/8.8.8) with SMTP id LAA05844 for ; Sun, 7 Mar 1999 11:50:55 -0500 (EST) (envelope-from robert@cyrus.watson.org) Date: Sun, 7 Mar 1999 11:50:55 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: freebsd-security@freebsd.org Subject: Summary: Posix.1e (fwd) Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=ISO-8859-1 Content-Transfer-Encoding: QUOTED-PRINTABLE Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Well, since posts seem to be going through again, I'll send this again.=20 I'm in the process of finishing up auditing support based on POSIX.1e, and hope to stick something online today or tomorrow for people to play with if they are interested. I'll then move onto POSIX.1e Capabilities (and then ACLs). I encourage anyone interested in the standard who wants to discuss its implementation, etc, to subscribe to the posix1e mailing list mentioned below. Although the POSIX.1e draft has been withdrawn as a proposed standard, that does not prohibit its use--Linux now has the beginnings of support for file system ACLs and Capabilities, Solaris uses an almost identical API for its ACL support, etc.=20 ---------- Forwarded message ---------- Date: Wed, 3 Mar 1999 09:11:35 -0500 (EST) From: Robert Watson Reply-To: Robert Watson To: security@freebsd.org Subject: Summary: Posix.1e (fwd) For those that are interested, this summary was recently posted to bugtraq. The mailing list is active, although not very busy yet. Robert N Watson=20 robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: 03 01 DD 8E 15 67 48 73 25 6D 10 FC EC 68 C1 1C Carnegie Mellon University http://www.cmu.edu/ TIS Labs at Network Associates, Inc. http://www.tis.com/ Safeport Network Services http://www.safeport.com/ ---------- Forwarded message ---------- Date: Sun, 28 Feb 1999 22:40:22 +0100 From: Winfried Truemper To: BUGTRAQ@NETSPACE.ORG Subject: Summary: Posix.1e Four weeks ago, I asked bugtraq readers about their opinion on Posix.1e. A summary of all information I got is available under the address http://www.guug.de/~winni/posix.1e/. I will try to update this page regulary. Folks, this subject is so unknown that I did not even get any flames. :-) A few people asked me, where to get the standards paper. The technical Editor, Casey Schaufler sent me an electronic copy of the document (5 MB in size). The document and the webpages of the IEEE clearly state, that I can't make the document available for download without the permission of the IEEE. So I asked them (and re-asked them), but did not get a final answer yet. Robert Watson has set up "a cross-platform mailing list to discuss the POSIX-related issues and to gather modifications to the draft to get a more consistent specification". The subscription-address is posix1e-request@cyrus.watson.org. Regards -Winfried Will Internet-SPAM be legalized in Europe on March, 29th? Prohibit that at Wird Internet-SPAM am 29. M=E4rz in Europa legalisiert? Verhindern Sie es u= nter http://www.politik-digital.de/spam/ Deine Stimme gegen SPAM! - Votez contre le SPAM! - Vote against SPAM! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 8 3: 8:26 1999 Delivered-To: freebsd-security@freebsd.org Received: from ren.detir.qld.gov.au (ns.detir.qld.gov.au [203.46.81.66]) by hub.freebsd.org (Postfix) with ESMTP id 1CF0B14D57 for ; Mon, 8 Mar 1999 03:08:22 -0800 (PST) (envelope-from syssgm@detir.qld.gov.au) Received: by ren.detir.qld.gov.au; id VAA09215; Mon, 8 Mar 1999 21:06:43 +1000 (EST) Received: from ogre.detir.qld.gov.au(167.123.8.3) by ren.detir.qld.gov.au via smap (3.2) id xma009189; Mon, 8 Mar 99 21:06:18 +1000 Received: from atlas.detir.qld.gov.au (atlas.detir.qld.gov.au [167.123.8.9]) by ogre.detir.qld.gov.au (8.8.8/8.8.7) with ESMTP id VAA19545 for ; Mon, 8 Mar 1999 21:06:18 +1000 (EST) Received: from nymph.detir.qld.gov.au (nymph.detir.qld.gov.au [167.123.10.10]) by atlas.detir.qld.gov.au (8.8.5/8.8.5) with ESMTP id VAA08219 for ; Mon, 8 Mar 1999 21:06:17 +1000 (EST) Received: (from syssgm@localhost) by nymph.detir.qld.gov.au (8.8.8/8.8.7) id VAA00761; Mon, 8 Mar 1999 21:06:17 +1000 (EST) (envelope-from syssgm) Date: Mon, 8 Mar 1999 21:06:17 +1000 (EST) Message-Id: <199903081106.VAA00761@nymph.detir.qld.gov.au> To: freebsd-security@freebsd.org From: freebsd-security@detir.qld.gov.au Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org subscribe freebsd-security freebsd-security@detir.qld.gov.au To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 8 3:21:28 1999 Delivered-To: freebsd-security@freebsd.org Received: from ren.detir.qld.gov.au (ns.detir.qld.gov.au [203.46.81.66]) by hub.freebsd.org (Postfix) with ESMTP id 71A9214C40; Mon, 8 Mar 1999 03:21:21 -0800 (PST) (envelope-from syssgm@detir.qld.gov.au) Received: by ren.detir.qld.gov.au; id VAA09528; Mon, 8 Mar 1999 21:19:43 +1000 (EST) Received: from ogre.detir.qld.gov.au(167.123.8.3) by ren.detir.qld.gov.au via smap (3.2) id xma009525; Mon, 8 Mar 99 21:19:41 +1000 Received: from atlas.detir.qld.gov.au (atlas.detir.qld.gov.au [167.123.8.9]) by ogre.detir.qld.gov.au (8.8.8/8.8.7) with ESMTP id VAA19905; Mon, 8 Mar 1999 21:19:41 +1000 (EST) Received: from nymph.detir.qld.gov.au (nymph.detir.qld.gov.au [167.123.10.10]) by atlas.detir.qld.gov.au (8.8.5/8.8.5) with ESMTP id VAA08715; Mon, 8 Mar 1999 21:19:40 +1000 (EST) Received: from nymph.detir.qld.gov.au (localhost.detir.qld.gov.au [127.0.0.1]) by nymph.detir.qld.gov.au (8.8.8/8.8.7) with ESMTP id VAA01060; Mon, 8 Mar 1999 21:19:39 +1000 (EST) (envelope-from syssgm@nymph.detir.qld.gov.au) Message-Id: <199903081119.VAA01060@nymph.detir.qld.gov.au> To: freebsd-security@freebsd.org Cc: syssgm@detir.qld.gov.au, jmb@freebsd.org Subject: I am a wally References: <199903081106.VAA00761@nymph.detir.qld.gov.au> In-Reply-To: <199903081106.VAA00761@nymph.detir.qld.gov.au> from freebsd-security@detir.qld.gov.au at "Mon, 08 Mar 1999 21:06:17 +1000" Date: Mon, 08 Mar 1999 21:19:38 +1000 From: Stephen McKay Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Monday, 8th March 1999, freebsd-security@detir.qld.gov.au wrote: >subscribe freebsd-security freebsd-security@detir.qld.gov.au Well, that auto-re-subscribe script needs a bit of work! :-) No need to flame me. I will be buying a pointy hat as soon as the shops open tomorrow. Still, Mr Postmaster, I thought there was a filter in place to prevent us from displaying our butter fingers in public. It seems to work as badly as my script... Stephen. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 8 7:53:50 1999 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (FLEDGE.RES.CMU.EDU [128.2.93.229]) by hub.freebsd.org (Postfix) with ESMTP id 9F57114CBF for ; Mon, 8 Mar 1999 07:53:47 -0800 (PST) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.8.8/8.8.8) with SMTP id KAA11726 for ; Mon, 8 Mar 1999 10:53:30 -0500 (EST) (envelope-from robert@cyrus.watson.org) Date: Mon, 8 Mar 1999 10:53:29 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: freebsd-security@freebsd.org Subject: Mar 7 17:56:53 fledge /kernel: pid 7887 (ftpd), uid 14: exited on , signal 11 Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org % last .... | ... ftp ftp 128.2.91.224 Sun Mar 7 17:56 still logged in % Fortunately, that was me. Unfortunately, I have no idea what I did that caused that, because I ftp'd in anonymously like 60 times last night. The only thing I can think of is when I put something in an exceeded a quota--however, I just tried that again and no go. I'm still trying to reproduce it, but in case someone wants to go audit the ftpd code, there is apparently something there to find. That was under a very recent 2.2-stable. Robert N Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: 03 01 DD 8E 15 67 48 73 25 6D 10 FC EC 68 C1 1C Carnegie Mellon University http://www.cmu.edu/ TIS Labs at Network Associates, Inc. http://www.tis.com/ Safeport Network Services http://www.safeport.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 8 9:53:48 1999 Delivered-To: freebsd-security@freebsd.org Received: from studict.student.utwente.nl (studict.student.utwente.nl [130.89.220.2]) by hub.freebsd.org (Postfix) with ESMTP id 0685C14EEC for ; Mon, 8 Mar 1999 09:53:45 -0800 (PST) (envelope-from lva@dds.nl) Received: from ren (ut127003.inbel.utwente.nl [130.89.127.3]) by studict.student.utwente.nl (8.8.6/MQT) with SMTP id SAA14064 for ; Mon, 8 Mar 1999 18:53:26 +0100 (MET) Reply-To: From: "laurens van alphen" To: Date: Mon, 8 Mar 1999 18:53:26 +0100 Message-ID: <000601be698c$914db740$0a0010ac@ren.craxx.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Importance: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org hi, my security check output of this 2.2.7-R box says: ed2: NIC memory corrupt - invalid packet length 8440 where 8440 may be replaced by 8702, 8701 or 8444 and repeated aprox 50 times. was this: - a bad hacker - a bad nic (pci realtek 8029, 10base-t, ne2000-comp) - a bad driver thanks for all your input, cheers, -- laurens van alphen, craxx alphen@craxx.com, http://craxx.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 8 10: 4:42 1999 Delivered-To: freebsd-security@freebsd.org Received: from arthur.axion.bt.co.uk (arthur.axion.bt.co.uk [132.146.5.4]) by hub.freebsd.org (Postfix) with ESMTP id 6F2B914BDB for ; Mon, 8 Mar 1999 10:04:32 -0800 (PST) (envelope-from jerome.privat@bt-sys.bt.co.uk) Received: from rambo (actually rambo.futures.bt.co.uk) by arthur (local) with SMTP; Mon, 8 Mar 1999 18:02:41 +0000 Received: from mussel.futures.bt.co.uk (actually mussel) by rambo with SMTP (PP); Mon, 8 Mar 1999 18:03:54 +0000 Received: by mussel.futures.bt.co.uk with SMTP (Microsoft Exchange Server Internet Mail Connector Version 4.0.996.62) id <01BE698D.0AFE0F40@mussel.futures.bt.co.uk>; Mon, 8 Mar 1999 17:56:50 -0000 Message-ID: From: Jerome Privat To: "'freebsd-security@FreeBSD.ORG'" Subject: compiling IPSec Date: Mon, 8 Mar 1999 18:01:16 -0000 X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.996.62 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, I'm currently trying to install an IPSec package in our 2.2.8 FreeBSD boxes and I chose the Kame version. I downloaded the file kame-1999131-fbsd228-stable.tgz and followed all the instructions contained in the kit/INSTALL. I applied the patch: patch -p1 -f < $SOMEWHERE/kit/sys-228.diff and then edit the IP6 conf file maintaining the option IPSEC. 'make depend' produces many warnings, all of the same kind, like: ../../netid/in.h:355: warning: IP_ESP_TRANS_LEVEL redefined ../../netid/in.h:351: this is the location of the previous definition These warnings appear for several #define macro name like IP_ESP_NETWORK_LEVEL, IPSEC_LEVEL_BYPASS, etc. This is normal (and wrong I guess) because the #ifdef IPSEC clause contains a second definition for all these macros without putting them in #else. Then the make depend exits with the 'Error code 1'. Beeing a stable release, I guess I missed something. I've noticed that at www.kame.net there is an include-1999131-fbsd228-stable.tgz: should I include this one too? If yes, where to explode the tar file? We would like to have IPSec for the IPv4 stack, somewhere on the mailing lists I read it's sufficient ot mask the option "INET6". Is that enough? (Btw the errors I got are with the above option in) Tia Jerome To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 8 10: 7: 9 1999 Delivered-To: freebsd-security@freebsd.org Received: from studict.student.utwente.nl (studict.student.utwente.nl [130.89.220.2]) by hub.freebsd.org (Postfix) with ESMTP id 6556214EED for ; Mon, 8 Mar 1999 10:06:56 -0800 (PST) (envelope-from lva@dds.nl) Received: from ren (ut127003.inbel.utwente.nl [130.89.127.3]) by studict.student.utwente.nl (8.8.6/MQT) with SMTP id TAA16729 for ; Mon, 8 Mar 1999 19:06:38 +0100 (MET) Reply-To: From: "laurens van alphen" To: Subject: NIC memory corrupt Date: Mon, 8 Mar 1999 19:06:38 +0100 Message-ID: <000901be698e$69776f20$0a0010ac@ren.craxx.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 In-Reply-To: <000601be698c$914db740$0a0010ac@ren.craxx.com> X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Importance: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org [repost, last message was without a subject] hi, my security check output of this 2.2.7-R box says: ed2: NIC memory corrupt - invalid packet length 8440 where 8440 may be replaced by 8702, 8701 or 8444 and repeated approx 50 times. was this: - a bad hacker - a bad nic (pci realtek 8029, 10base-t, ne2000-comp) - a bad driver thanks for all your input, cheers, -- laurens van alphen, craxx alphen@craxx.com, http://craxx.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 8 11:24:40 1999 Delivered-To: freebsd-security@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 608) id 3DFE614EC1; Mon, 8 Mar 1999 11:24:36 -0800 (PST) From: "Jonathan M. Bresler" To: syssgm@detir.qld.gov.au Cc: freebsd-security@freebsd.org, syssgm@detir.qld.gov.au In-reply-to: <199903081119.VAA01060@nymph.detir.qld.gov.au> (message from Stephen McKay on Mon, 08 Mar 1999 21:19:38 +1000) Subject: Re: I am a wally References: <199903081106.VAA00761@nymph.detir.qld.gov.au> <199903081119.VAA01060@nymph.detir.qld.gov.au> Message-Id: <19990308192436.3DFE614EC1@hub.freebsd.org> Date: Mon, 8 Mar 1999 11:24:36 -0800 (PST) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Cc: syssgm@detir.qld.gov.au, jmb@freebsd.org > Date: Mon, 08 Mar 1999 21:19:38 +1000 > From: Stephen McKay > > On Monday, 8th March 1999, freebsd-security@detir.qld.gov.au wrote: > > >subscribe freebsd-security freebsd-security@detir.qld.gov.au > > Well, that auto-re-subscribe script needs a bit of work! :-) No need to flame > me. I will be buying a pointy hat as soon as the shops open tomorrow. > > Still, Mr Postmaster, I thought there was a filter in place to prevent us > from displaying our butter fingers in public. It seems to work as badly > as my script... > Stephen, I can protect everyone from themselves....so i dont try. Public humiliation is a much better filter than i can create. but dont take it too hard...we all screw up on the lists once in a while. why do you need an auto-resubscribe script? is your connectivity that bad? jmb To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 8 15: 4:46 1999 Delivered-To: freebsd-security@freebsd.org Received: from bureau6.utcc.utoronto.ca (bureau6.utcc.utoronto.ca [128.100.132.16]) by hub.freebsd.org (Postfix) with ESMTP id 5526614F50 for ; Mon, 8 Mar 1999 15:04:40 -0800 (PST) (envelope-from pc.mackenzie@utoronto.ca) Received: from cgowave-45-163.cgocable.net ([24.226.45.163] HELO pauler.homer.com ident: NO-IDENT-SERVICE [port 3388]) by bureau6.utcc.utoronto.ca with SMTP id <178387-12396>; Mon, 8 Mar 1999 18:04:12 -0500 Message-Id: <4.1.19990308175812.009d0310@mail.elehost.com> X-Sender: pc.mackenzie@mailbox21.utcc.utoronto.ca X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Mon, 08 Mar 1999 18:01:17 -0500 To: freebsd-security@FreeBSD.ORG From: Paul MacKenzie Subject: Quick question about arp error Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello, I have a question about ARP based security. With a packet firewall enabled and verbose settings, I get a million of the following messages Mar 2 10:59:24 server /kernel: arplookup xx.xx.xx.xx failed: host is not on local network I know that the host is not on the local network, that is not a problem because it isn't... But, what I do not understand is why is this happening? Is this a security risk? What if anything can be done to fix it? What causes it? Any help would be really appreciated! Thanks... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 8 15: 8:19 1999 Delivered-To: freebsd-security@freebsd.org Received: from puck.nether.net (puck.nether.net [204.42.254.5]) by hub.freebsd.org (Postfix) with ESMTP id 9ECEB14FE5 for ; Mon, 8 Mar 1999 15:08:14 -0800 (PST) (envelope-from jared@puck.nether.net) Received: (from jared@localhost) by puck.nether.net (8.9.2/8.7.3) id SAA27032; Mon, 8 Mar 1999 18:08:13 -0500 (EST) (envelope-from jared) Date: Mon, 8 Mar 1999 18:08:13 -0500 From: Jared Mauch To: Paul MacKenzie Cc: freebsd-security@FreeBSD.ORG Subject: Re: Quick question about arp error Message-ID: <19990308180813.A26719@puck.nether.net> Mail-Followup-To: Paul MacKenzie , freebsd-security@FreeBSD.ORG References: <4.1.19990308175812.009d0310@mail.elehost.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.1i In-Reply-To: <4.1.19990308175812.009d0310@mail.elehost.com>; from Paul MacKenzie on Mon, Mar 08, 1999 at 06:01:17PM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org You probally are getting icmp redirects for this host to point it to a router/gateway that is on the local ethernet. You should drop all non-local icmp redirects at your borders. - jared On Mon, Mar 08, 1999 at 06:01:17PM -0500, Paul MacKenzie wrote: > Hello, > > I have a question about ARP based security. With a packet firewall enabled > and verbose settings, I get a million of the following messages > > Mar 2 10:59:24 server /kernel: arplookup xx.xx.xx.xx failed: host is not > on local network > > I know that the host is not on the local network, that is not a problem > because it isn't... > > But, what I do not understand is why is this happening? Is this a security > risk? What if anything can be done to fix it? What causes it? > > Any help would be really appreciated! > > Thanks... > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Jared Mauch | pgp key available via finger from jared@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 8 16:53:47 1999 Delivered-To: freebsd-security@freebsd.org Received: from sdcc10.ucsd.edu (sdcc10.ucsd.edu [132.239.50.10]) by hub.freebsd.org (Postfix) with ESMTP id 4188F14EDD for ; Mon, 8 Mar 1999 16:52:52 -0800 (PST) (envelope-from tshansen@sdcc10.ucsd.edu) Received: from localhost (tshansen@localhost) by sdcc10.ucsd.edu (8.8.3/8.8.3) with SMTP id QAA15225; Mon, 8 Mar 1999 16:52:31 -0800 (PST) Date: Mon, 8 Mar 1999 16:52:31 -0800 (PST) From: Todd Hansen Reply-To: tshansen@ucsd.edu To: Paul MacKenzie Cc: freebsd-security@FreeBSD.ORG Subject: Re: Quick question about arp error In-Reply-To: <4.1.19990308175812.009d0310@mail.elehost.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org why are your hosts doing a arp lookup for these hosts in the first place? Do they fit within your netmask (as if they are on the local network). If so then the netmask should be modified so that they will send the info to their default route before sending out an arp request. -todd On Mon, 8 Mar 1999, Paul MacKenzie wrote: > Hello, > > I have a question about ARP based security. With a packet firewall enabled > and verbose settings, I get a million of the following messages > > Mar 2 10:59:24 server /kernel: arplookup xx.xx.xx.xx failed: host is not > on local network > > I know that the host is not on the local network, that is not a problem > because it isn't... > > But, what I do not understand is why is this happening? Is this a security > risk? What if anything can be done to fix it? What causes it? > > Any help would be really appreciated! > > Thanks... > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 8 20: 3: 9 1999 Delivered-To: freebsd-security@freebsd.org Received: from ren.detir.qld.gov.au (ns.detir.qld.gov.au [203.46.81.66]) by hub.freebsd.org (Postfix) with ESMTP id 9BDC914D33; Mon, 8 Mar 1999 20:03:04 -0800 (PST) (envelope-from syssgm@detir.qld.gov.au) Received: by ren.detir.qld.gov.au; id OAA00787; Tue, 9 Mar 1999 14:01:23 +1000 (EST) Received: from ogre.detir.qld.gov.au(167.123.8.3) by ren.detir.qld.gov.au via smap (3.2) id xma000770; Tue, 9 Mar 99 14:01:18 +1000 Received: from atlas.detir.qld.gov.au (atlas.detir.qld.gov.au [167.123.8.9]) by ogre.detir.qld.gov.au (8.8.8/8.8.7) with ESMTP id OAA25674; Tue, 9 Mar 1999 14:01:18 +1000 (EST) Received: from nymph.detir.qld.gov.au (nymph.detir.qld.gov.au [167.123.10.10]) by atlas.detir.qld.gov.au (8.8.5/8.8.5) with ESMTP id OAA23705; Tue, 9 Mar 1999 14:01:17 +1000 (EST) Received: from nymph.detir.qld.gov.au (localhost.detir.qld.gov.au [127.0.0.1]) by nymph.detir.qld.gov.au (8.8.8/8.8.7) with ESMTP id OAA13078; Tue, 9 Mar 1999 14:01:15 +1000 (EST) (envelope-from syssgm@nymph.detir.qld.gov.au) Message-Id: <199903090401.OAA13078@nymph.detir.qld.gov.au> To: "Jonathan M. Bresler" Cc: freebsd-security@FreeBSD.ORG, syssgm@detir.qld.gov.au Subject: Re: I am a wally References: <199903081106.VAA00761@nymph.detir.qld.gov.au> <199903081119.VAA01060@nymph.detir.qld.gov.au> <19990308192436.3DFE614EC1@hub.freebsd.org> In-Reply-To: <19990308192436.3DFE614EC1@hub.freebsd.org> from "Jonathan M. Bresler" at "Mon, 08 Mar 1999 11:24:36 -0800" Date: Tue, 09 Mar 1999 14:01:15 +1000 From: Stephen McKay Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Monday, 8th March 1999, "Jonathan M. Bresler" wrote: > why do you need an auto-resubscribe script? is your > connectivity that bad? Our connectivity is good, but we seem to drop off lists at random every so often. Lately our news system has been mangling the mail->news conversion, and I was ready to blame that (even though, in theory, we catch every bounce it generates). So I thought it was time for some resubscription automation. I might just stick to doing it by hand a little longer. Stephen. PS Is there a better list for this discussion? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Mar 8 23:48:55 1999 Delivered-To: freebsd-security@freebsd.org Received: from ns1.seidata.com (ns1.seidata.com [208.10.211.2]) by hub.freebsd.org (Postfix) with ESMTP id 033C2150B4 for ; Mon, 8 Mar 1999 23:48:31 -0800 (PST) (envelope-from mike@seidata.com) Received: from localhost (mike@localhost) by ns1.seidata.com (8.8.8/8.8.5) with ESMTP id CAA01589; Tue, 9 Mar 1999 02:48:12 -0500 (EST) Date: Tue, 9 Mar 1999 02:48:12 -0500 (EST) From: To: Paul MacKenzie Cc: freebsd-security@FreeBSD.ORG Subject: Re: Quick question about arp error In-Reply-To: <4.1.19990308175812.009d0310@mail.elehost.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 8 Mar 1999, Paul MacKenzie wrote: > But, what I do not understand is why is this happening? Is this a security > risk? What if anything can be done to fix it? What causes it? The cause is having different logical subnets on the same physical ethernet segment. The FreeBSD machine on subnet A sees arp from sbunet B because they are physically attached, but it gets confused because the addressing scheme says different subnets. I get this here, as well, and I believe the only real fix is to keep one subnet per physical wire... i.e. don't have multiple logical subnets on the same physical segment. Later, -Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 9 0:40:44 1999 Delivered-To: freebsd-security@freebsd.org Received: from axl.noc.iafrica.com (axl.noc.iafrica.com [196.31.1.175]) by hub.freebsd.org (Postfix) with ESMTP id B8DA5151D2 for ; Tue, 9 Mar 1999 00:40:06 -0800 (PST) (envelope-from sheldonh@axl.noc.iafrica.com) Received: from sheldonh (helo=axl.noc.iafrica.com) by axl.noc.iafrica.com with local-esmtp (Exim 2.12 #1) id 10KI33-000Mnh-00; Tue, 9 Mar 1999 10:39:33 +0200 From: Sheldon Hearn To: alphen@craxx.com Cc: freebsd-security@freebsd.org In-reply-to: Your message of "Mon, 08 Mar 1999 18:53:26 +0100." <000601be698c$914db740$0a0010ac@ren.craxx.com> Date: Tue, 09 Mar 1999 10:39:33 +0200 Message-ID: <87648.920968773@axl.noc.iafrica.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 08 Mar 1999 18:53:26 +0100, "laurens van alphen" wrote: > ed2: NIC memory corrupt - invalid packet length 8440 I've seen this twice before (with Accton cards on both accosions), and both times the problem was faulty RAM on the card. Ciao, Sheldon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 9 7:24: 3 1999 Delivered-To: freebsd-security@freebsd.org Received: from ns1.yes.no (ns1.yes.no [195.204.136.10]) by hub.freebsd.org (Postfix) with ESMTP id C155B14DBC for ; Tue, 9 Mar 1999 07:23:38 -0800 (PST) (envelope-from eivind@bitbox.follo.net) Received: from bitbox.follo.net (bitbox.follo.net [195.204.143.218]) by ns1.yes.no (8.9.1a/8.9.1) with ESMTP id QAA17214; Tue, 9 Mar 1999 16:23:17 +0100 (CET) Received: (from eivind@localhost) by bitbox.follo.net (8.8.8/8.8.6) id QAA64342; Tue, 9 Mar 1999 16:22:59 +0100 (MET) Date: Tue, 9 Mar 1999 16:22:58 +0100 From: Eivind Eklund To: alphen@craxx.com Cc: freebsd-security@FreeBSD.ORG Subject: Re: NIC memory corrupt Message-ID: <19990309162258.D63685@bitbox.follo.net> References: <000601be698c$914db740$0a0010ac@ren.craxx.com> <000901be698e$69776f20$0a0010ac@ren.craxx.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.1i In-Reply-To: <000901be698e$69776f20$0a0010ac@ren.craxx.com>; from laurens van alphen on Mon, Mar 08, 1999 at 07:06:38PM +0100 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, Mar 08, 1999 at 07:06:38PM +0100, laurens van alphen wrote: > [repost, last message was without a subject] > > hi, > > my security check output of this 2.2.7-R box says: > > ed2: NIC memory corrupt - invalid packet length 8440 > > where 8440 may be replaced by 8702, 8701 or 8444 > and repeated approx 50 times. > > was this: > - a bad hacker > - a bad nic (pci realtek 8029, 10base-t, ne2000-comp) > - a bad driver I'm getting these (with 8440 replaced by 40) from a bunch of RealTek cards that otherwise seem to work fine. Always comes on bootup (just as the first packet is sent) on a bunch of different machines. Eivind. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Mar 9 13:59:58 1999 Delivered-To: freebsd-security@freebsd.org Received: from lariat.lariat.org (lariat.lariat.org [206.100.185.2]) by hub.freebsd.org (Postfix) with ESMTP id A4FF414C09; Tue, 9 Mar 1999 13:59:38 -0800 (PST) (envelope-from brett@lariat.org) Received: (from brett@localhost) by lariat.lariat.org (8.8.8/8.8.6) id OAA15811; Tue, 9 Mar 1999 14:59:12 -0700 (MST) Message-Id: <4.1.19990309145714.00c7ec80@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Tue, 09 Mar 1999 14:59:03 -0700 To: Eivind Eklund , alphen@craxx.com From: Brett Glass Subject: Re: NIC memory corrupt Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <19990309162258.D63685@bitbox.follo.net> References: <000901be698e$69776f20$0a0010ac@ren.craxx.com> <000601be698c$914db740$0a0010ac@ren.craxx.com> <000901be698e$69776f20$0a0010ac@ren.craxx.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 04:22 PM 3/9/99 +0100, Eivind Eklund wrote: >I'm getting these (with 8440 replaced by 40) from a bunch of RealTek >cards that otherwise seem to work fine. Always comes on bootup (just >as the first packet is sent) on a bunch of different machines. > >Eivind. I got these on Artisoft AE-3 cards when I expanded the RAM. It seems to happen when the buffer pointer gets lost or when the buffer isn't at the address where the driver thinks it is. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 10 12:10: 7 1999 Delivered-To: freebsd-security@freebsd.org Received: from gauntlet.petech.ac.za (gauntlet.petech.ac.za [196.37.151.34]) by hub.freebsd.org (Postfix) with ESMTP id AA301151B1 for ; Wed, 10 Mar 1999 12:09:59 -0800 (PST) (envelope-from 9846817@ml.petech.ac.za) Received: by gauntlet.petech.ac.za; id WAA11939; Wed, 10 Mar 1999 22:09:40 +0200 (SAT) Received: from ed.petech.ac.za(192.96.7.1) by gauntlet.petech.ac.za via smap (4.0) id xma011768; Wed, 10 Mar 99 22:09:13 +0200 Received: from ml.petech.ac.za (ml.petech.ac.za [192.96.7.37]) by ed.petech.ac.za (8.7.5/8.6.10) with SMTP id EAA06460 for ; Thu, 11 Mar 1999 04:25:30 +0200 Received: from PETNET-Message_Server by ml.petech.ac.za with Novell_GroupWise; Wed, 10 Mar 1999 22:09:25 +0200 Message-Id: X-Mailer: Novell GroupWise 4.1 Date: Wed, 10 Mar 1999 16:24:18 +0200 From: JDM BEZUIDENHOUT <9846817@ml.petech.ac.za> To: FREEBSD-SECURITY@freebsd.org Subject: subscribe FREEBSD-SECURITY Mime-Version: 1.0 Content-Type: text/plain Content-Disposition: inline Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org subscribe FREEBSD-SECURITY To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 10 13:47:25 1999 Delivered-To: freebsd-security@freebsd.org Received: from bagira.iit.bme.hu (bagira.iit.bme.hu [152.66.241.5]) by hub.freebsd.org (Postfix) with ESMTP id 74ADA150FA for ; Wed, 10 Mar 1999 13:47:21 -0800 (PST) (envelope-from mohacsi@bagira.iit.bme.hu) Received: from localhost (mohacsi@localhost) by bagira.iit.bme.hu (8.9.1/8.9.1) with ESMTP id WAA17558 for ; Wed, 10 Mar 1999 22:47:01 +0100 (MET) Date: Wed, 10 Mar 1999 22:47:01 +0100 (MET) From: Janos Mohacsi To: freebsd-security@freebsd.org Subject: disapointing security architecture Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Dear Fellow FreeBSD Users, I was quite interested to the security architecture of the FreeBSD 3.1. At the moment I am quite disappointed. 1. The PAM is a good thing but it seems to be integrated only into the login (with authentication). When will be /etc/pam.d for other tools too? Session Management? Account Management (how to cooperate with login.conf)? Password Management? Are there any documentation about pam_cleartext_pass_ok.so pam_radius.so pam_skey.so pam_tacplus.so pam_unix.so ? 2. What is the /etc/auth.conf? Why is it necessary? Why the /etc/login.conf model (or PAM) for authentication was good? (login.conf, pam.conf, auth.conf .... confusion.conf ;-) 3. The ideas of the /etc/login.conf was quite good. Wasn't it possible to extend it for management (session, password, authentication)? I think login.conf was quite strong in session and account management with different classification of users. The only missing thing was the sessiontime/idletime and sessionlimit management that could be done with -- idled. 4. The man page falsely advertises that /bin/rcp, /bin/rsh uses /etc/auth.conf. (May be after installing kerberos?) 5. I think some setuid root programs should be restricted to use some groups (removing setuid or execute bit for everyone): ccdconfig (necessary only for sysadmins) route (Why users wants to change routes?) fstat ( Probably not necessary for an ordinary users) cu (should be restricted for dialer group) netstat, iostat, nfstat, sysstat, vmstat, pstat, timedc, lpc (just for few admin people) /usr/libexec/uucp/uucico (publicly executable?) I think about the rule of thumb: fewer public setuids, less security hasard. 6. I think about the password update management: OpenBSD well done it. It could be configured in /etc/login.conf (based on classes). An other point OpenBSD made some steps forward: they have IPSec (PF_KEY v2 !!). 7. Opie (alternate skey): When will be integrated? Opie is part of the system but not integrated into login/telnet/ftp. Will be integrated as part of PAM? Any comment are welcome. Sincerely, Janos Mohacsi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 10 14:34: 0 1999 Delivered-To: freebsd-security@freebsd.org Received: from bubba.whistle.com (s205m7.whistle.com [207.76.205.7]) by hub.freebsd.org (Postfix) with ESMTP id DB03915149 for ; Wed, 10 Mar 1999 14:33:22 -0800 (PST) (envelope-from archie@whistle.com) Received: (from archie@localhost) by bubba.whistle.com (8.9.2/8.9.2) id OAA89794; Wed, 10 Mar 1999 14:33:03 -0800 (PST) From: Archie Cobbs Message-Id: <199903102233.OAA89794@bubba.whistle.com> Subject: FreeBSD SKIP port updated To: skip-info@skip.org Date: Wed, 10 Mar 1999 14:33:03 -0800 (PST) Cc: freebsd-security@freebsd.org X-Mailer: ELM [version 2.4ME+ PL38 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Note to FreeBSD users of SKIP (ie, port security/skip): The port has been updated to build SKIP as a KLD instead of an LKM. This means that it's now compatible with FreeBSD 3.x ELF kernels. The bad news is that it's no longer compatible with FreeBSD 2.2.x. However, this is normal and is the case with most ports; ie, if you want the 2.2.x version of the SKIP port you can always get it from www.freebsd.org. Also, although little of the SKIP code itself was changed in this update, the new port has NOT been tested very much so I'd love feedback from anyone willing to test it under 3.x. Thanks, -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 10 15:55:43 1999 Delivered-To: freebsd-security@freebsd.org Received: from fep02-svc.tin.it (mta02-acc.tin.it [212.216.176.33]) by hub.freebsd.org (Postfix) with ESMTP id 6BCB714F0A for ; Wed, 10 Mar 1999 15:54:54 -0800 (PST) (envelope-from molter@tin.it) Received: from nympha.ecomotor.it ([212.216.29.188]) by fep02-svc.tin.it (InterMail v4.0 201-221-105) with SMTP id <19990310235428.HYSU4663.fep02-svc@nympha.ecomotor.it> for ; Thu, 11 Mar 1999 00:54:28 +0100 Received: (qmail 7151 invoked by uid 1000); 10 Mar 1999 23:50:08 -0000 From: "Marco Molteni" Date: Thu, 11 Mar 1999 00:50:07 +0100 (CET) X-Sender: molter@nympha To: freebsd-security@freebsd.org Subject: Re: disapointing security architecture In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 10 Mar 1999, Janos Mohacsi wrote: [..] > An other point OpenBSD made some steps forward: they have IPSec (PF_KEY > v2 !!). 1. PF_KEY != IPsec. 2. Anyway, FreeBSD has IPsec too. Go get KAME IPv6/IPsec at www.kame.net. FreeBSD IPsec will become a merge of KAME, NRL, INRIA. 3. disappointed about FreeBSD security architecture? Fix it. [..] Marco --- "Hi, I have a Compaq machine running Windows 95. How do I install FreeBSD?" "I'm sorry, this is device driver testing: brain implants are two doors down on the right". (Bill Paul, on the freebsd-net mailing list) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 10 17:46:44 1999 Delivered-To: freebsd-security@freebsd.org Received: from smtp1.mindspring.com (smtp1.mindspring.com [207.69.200.31]) by hub.freebsd.org (Postfix) with ESMTP id 2A4C014E92 for ; Wed, 10 Mar 1999 17:46:35 -0800 (PST) (envelope-from ob1k@mindspring.com) Received: from user-38lc2mg.dialup.mindspring.com (user-38lc2mg.dialup.mindspring.com [209.86.10.208]) by smtp1.mindspring.com (8.8.5/8.8.5) with ESMTP id UAA20917; Wed, 10 Mar 1999 20:46:08 -0500 (EST) Date: Wed, 10 Mar 1999 20:47:12 +0000 (GMT) From: ob1k To: Marco Molteni Cc: freebsd-security@FreeBSD.ORG Subject: Re: disapointing security architecture In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Im sorry, but comments like: 3. disappointed about FreeBSD security architecture? Fix it. are such a copout and a really lame way of reasoning. On Thu, 11 Mar 1999, Marco Molteni wrote: > On Wed, 10 Mar 1999, Janos Mohacsi wrote: > > [..] > > > An other point OpenBSD made some steps forward: they have IPSec (PF_KEY > > v2 !!). > > 1. PF_KEY != IPsec. > 2. Anyway, FreeBSD has IPsec too. Go get KAME IPv6/IPsec at > www.kame.net. FreeBSD IPsec will become a merge of KAME, NRL, INRIA. > 3. disappointed about FreeBSD security architecture? Fix it. > > [..] > > Marco > --- > "Hi, I have a Compaq machine running Windows 95. How do I install FreeBSD?" > "I'm sorry, this is device driver testing: brain implants are two doors > down on the right". (Bill Paul, on the freebsd-net mailing list) > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 10 17:56: 0 1999 Delivered-To: freebsd-security@freebsd.org Received: from adk.gr (COREDUMP.CIS.UPENN.EDU [158.130.6.141]) by hub.freebsd.org (Postfix) with ESMTP id EE60D151CB for ; Wed, 10 Mar 1999 17:55:53 -0800 (PST) (envelope-from angelos@dsl.cis.upenn.edu) Received: from dsl.cis.upenn.edu (localhost [127.0.0.1]) by adk.gr (8.9.2/8.9.1) with ESMTP id UAA23785; Wed, 10 Mar 1999 20:55:16 -0500 (EST) Message-Id: <199903110155.UAA23785@adk.gr> X-Mailer: exmh version 2.0.2 2/24/98 To: ob1k Cc: Marco Molteni , freebsd-security@FreeBSD.ORG Subject: Re: disapointing security architecture In-reply-to: Your message of "Wed, 10 Mar 1999 20:47:12 GMT." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 10 Mar 1999 20:55:16 -0500 From: "Angelos D. Keromytis" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message , ob1 k writes: > >> > An other point OpenBSD made some steps forward: they have IPSec (PF_KEY >> > v2 !!). >> >> 1. PF_KEY != IPsec. Sorry for jumping in here, I'd just like to point out that OpenBSD does have an IPsec stack as well (has had one for a bit over 2 years); PFKEYv2 was added recently, replacing the PFENCAP interface used before. If you use the KAME code, I would suggest using the OpenBSD isakmpd with it (once it's been converted to PFKEYv2, should be before the end of the month). Cheers, -Angelos To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 10 19:11:16 1999 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (FLEDGE.RES.CMU.EDU [128.2.93.229]) by hub.freebsd.org (Postfix) with ESMTP id 69E6B151C0 for ; Wed, 10 Mar 1999 19:11:13 -0800 (PST) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.8.8/8.8.8) with SMTP id WAA29238; Wed, 10 Mar 1999 22:10:46 -0500 (EST) (envelope-from robert@cyrus.watson.org) Date: Wed, 10 Mar 1999 22:10:46 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: Janos Mohacsi Cc: freebsd-security@freebsd.org Subject: Re: disapointing security architecture In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 10 Mar 1999, Janos Mohacsi wrote: > Dear Fellow FreeBSD Users, > > I was quite interested to the security architecture of the > FreeBSD 3.1. At the moment I am quite disappointed. > > 1. The PAM is a good thing but it seems to be integrated only into the > login (with authentication). When will be /etc/pam.d for other tools too? > Session Management? Account Management (how to cooperate with > login.conf)? Password Management? Are there any documentation about Unfortunately, I can't help in this area--from previous inquiries, it is my impression that improvements in PAM/etc are on the way. > 2. What is the /etc/auth.conf? Why is it necessary? Why the > /etc/login.conf model (or PAM) for authentication was good? > > (login.conf, pam.conf, auth.conf .... confusion.conf ;-) It is my impression that auth.conf is no longer needed, although if as you point out some of the other daemons are still using the old auth code, it is probably still used by them. > 3. The ideas of the /etc/login.conf was quite good. Wasn't it possible to > extend it for management (session, password, authentication)? I think > login.conf was quite strong in session and account management with > different classification of users. The only missing thing was the > sessiontime/idletime and sessionlimit management that could be done with > -- idled. I believe an idled is available via ports, if you haven't seen it yet. > 4. The man page falsely advertises that /bin/rcp, /bin/rsh uses > /etc/auth.conf. (May be after installing kerberos?) > > 5. I think some setuid root programs should be restricted to use some > groups (removing setuid or execute bit for everyone): > > ccdconfig (necessary only for sysadmins) > route (Why users wants to change routes?) > fstat ( Probably not necessary for an ordinary users) > cu (should be restricted for dialer group) > netstat, iostat, nfstat, sysstat, vmstat, pstat, timedc, lpc (just for few > admin people) At one point in the past, I assembled a setuid manager that allowed policy to be set on these things. I never took it much further due to time constraints and other priorities (see below). > /usr/libexec/uucp/uucico (publicly executable?) > > I think about the rule of thumb: fewer public setuids, less security > hasard. > > 6. I think about the password update management: OpenBSD well done it. > It could be configured in /etc/login.conf (based on classes). > An other point OpenBSD made some steps forward: they have IPSec (PF_KEY v2 > !!). > > 7. Opie (alternate skey): When will be integrated? Opie is part of the > system but not integrated into login/telnet/ftp. Will be integrated as > part of PAM? > > > Any comment are welcome. I would comment that the security architecture for FreeBSD is being actively developed: in the past 6 months, a new version of kerberos, PAM support introduced, and more. While I can't answer your questions about particular in-progress changes, I can suggest that the chances are high they will be addressed soon :-). As additional sign that interesting things are happening out there, I volunteer that I am working on a POSIX.1e implementation for FreeBSD, and that the auditing component is almost completed, and a first pass will be released sometime in the next few days (current delays due to other time commitments). Similarly, documentation projects such as security(8) and Yan's how-to have been improving awareness; limitations on inetd and friends have helped to reduce vulnerability to denial-of-service issues. However, more people contributing to the pool can always help :-). If you have the time or energy to turn some of your suggestions into implementation (that is, perhaps a set of patches to the Makefiles to improve permissions, etc) that would no doubt greatly be appreciated by all parties involved. The send-pr mechanism is usually the best way to submit such changes+rationale, along with a CC: to -security documenting them to encourage someone with commit rights to deal with it, or at least raise some discussion about the changes. Robert N Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: 03 01 DD 8E 15 67 48 73 25 6D 10 FC EC 68 C1 1C Carnegie Mellon University http://www.cmu.edu/ TIS Labs at Network Associates, Inc. http://www.tis.com/ Safeport Network Services http://www.safeport.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 10 19:22:44 1999 Delivered-To: freebsd-security@freebsd.org Received: from camel7.mindspring.com (camel7.mindspring.com [207.69.200.57]) by hub.freebsd.org (Postfix) with ESMTP id 9E4D31522F for ; Wed, 10 Mar 1999 19:22:32 -0800 (PST) (envelope-from ob1k@mindspring.com) Received: from user-38lc2mg.dialup.mindspring.com (user-38lc2mg.dialup.mindspring.com [209.86.10.208]) by camel7.mindspring.com (8.8.5/8.8.5) with ESMTP id WAA25795 for ; Wed, 10 Mar 1999 22:22:07 -0500 (EST) Date: Wed, 10 Mar 1999 22:23:16 +0000 (GMT) From: ob1k To: freebsd-security@FreeBSD.ORG Subject: Re: disapointing security architecture In-Reply-To: <4.1.19990310191337.03cdced0@204.74.82.151> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org oh, Im sorry...I thought it was called _FREE_bsd OS, I was aware that the approach was a WHOAREYOUPAYINGbsd. Thank you. On Wed, 10 Mar 1999, Jamie Lawrence wrote: > At 08:47 PM 3/10/99 +0000, you wrote: > > > >Im sorry, but comments like: > > 3. disappointed about FreeBSD security architecture? Fix it. > >are such a copout and a really lame way of reasoning. > > Not even. Who are you paying to fix it for you? > > -j > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 10 19:28: 4 1999 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (FLEDGE.RES.CMU.EDU [128.2.93.229]) by hub.freebsd.org (Postfix) with ESMTP id 8A80E151EA for ; Wed, 10 Mar 1999 19:28:01 -0800 (PST) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.8.8/8.8.8) with SMTP id WAA29304; Wed, 10 Mar 1999 22:27:34 -0500 (EST) (envelope-from robert@cyrus.watson.org) Date: Wed, 10 Mar 1999 22:27:33 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: ob1k Cc: Marco Molteni , freebsd-security@FreeBSD.ORG Subject: Re: disapointing security architecture In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 10 Mar 1999, ob1k wrote: > Im sorry, but comments like: > 3. disappointed about FreeBSD security architecture? Fix it. > are such a copout and a really lame way of reasoning. Ah, but recall that in the minds of many free software authors, requests for features without code are also a copout :-). This is not to say that I condone a brisk "do it yourself" answer, but it is presumably important to recognize that all developer hours are donated, and precious few are available. Anyone with the insight to provide a cogent analysis of the shortcomings of the current in-between-state of the authentication system probably has the insight (although possibly not the time) to provide at least rudimentary fixes. I would say that the comment was poorly expressed in that it was less of an invitation and more of an accusation; I would say that the reasoning realistic, albeit unfortunately the case. I do not think it is the case that the majority of FreeBSD developers want to be unhelpful or fail to comply with the desire for a better product; it is more that they have a realistic (and now possibly bitter) familiarity with the lack of available resources :-). Robert N Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: 03 01 DD 8E 15 67 48 73 25 6D 10 FC EC 68 C1 1C Carnegie Mellon University http://www.cmu.edu/ TIS Labs at Network Associates, Inc. http://www.tis.com/ Safeport Network Services http://www.safeport.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 10 20: 3:43 1999 Delivered-To: freebsd-security@freebsd.org Received: from stage1.thirdage.com (stage1.thirdage.com [204.74.82.151]) by hub.freebsd.org (Postfix) with ESMTP id EA17415167 for ; Wed, 10 Mar 1999 20:03:09 -0800 (PST) (envelope-from jal@thirdage.com) Received: from gigi (gigi.thirdage.com [204.74.82.169]) by stage1.thirdage.com (8.9.1/8.9.1) with SMTP id UAA29191; Wed, 10 Mar 1999 20:02:22 -0800 (PST) Message-Id: <4.1.19990310200031.03cd4b20@204.74.82.151> X-Sender: jal@204.74.82.151 X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Wed, 10 Mar 1999 20:03:42 -0800 To: ob1k , freebsd-security@FreeBSD.ORG From: Jamie Lawrence Subject: Re: disapointing security architecture In-Reply-To: References: <4.1.19990310191337.03cdced0@204.74.82.151> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 10:23 PM 3/10/99 +0000, ob1k wrote: > > >oh, Im sorry...I thought it was called _FREE_bsd OS, I was aware that the >approach was a WHOAREYOUPAYINGbsd. Thank you. 1) That was a private message. Posting private messages to mailing lists is rude. 2) It is a free OS. That doesn't mean you get to make random demands that other people jump to provide. You want something? Do it or convince someone to do it for you. I suggest you go learn the definition of free in terms of free software and then come back and play. 3) I won't clutter the list with this any further. (The reason I sent it privately in the first place. -j >On Wed, 10 Mar 1999, Jamie Lawrence wrote: > >> At 08:47 PM 3/10/99 +0000, you wrote: >> > >> >Im sorry, but comments like: >> > 3. disappointed about FreeBSD security architecture? Fix it. >> >are such a copout and a really lame way of reasoning. >> >> Not even. Who are you paying to fix it for you? >> >> -j To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 10 23:39: 3 1999 Delivered-To: freebsd-security@freebsd.org Received: from zippy.cdrom.com (zippy.cdrom.com [204.216.27.228]) by hub.freebsd.org (Postfix) with ESMTP id AB4031504D for ; Wed, 10 Mar 1999 23:38:59 -0800 (PST) (envelope-from jkh@zippy.cdrom.com) Received: from zippy.cdrom.com (localhost [127.0.0.1]) by zippy.cdrom.com (8.9.3/8.9.3) with ESMTP id XAA73000; Wed, 10 Mar 1999 23:38:38 -0800 (PST) (envelope-from jkh@zippy.cdrom.com) To: ob1k Cc: freebsd-security@FreeBSD.ORG Subject: Re: disapointing security architecture In-reply-to: Your message of "Wed, 10 Mar 1999 22:23:16 GMT." Date: Wed, 10 Mar 1999 23:38:38 -0800 Message-ID: <72996.921137918@zippy.cdrom.com> From: "Jordan K. Hubbard" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > oh, Im sorry...I thought it was called _FREE_bsd OS, I was aware that the > approach was a WHOAREYOUPAYINGbsd. Thank you. Will you please stop wasting our time with this crap? If you want something fixed, fix it. Otherwise, kindly shut up and let the VOLUNTEER resources here focus on whatever it is they want to focus on since, as you've just pointed out, you're not paying them anything. Why in the hell should they jump just because somebody like you tells them to? You have some kind of god complex? If so, please take it elsewhere - it's neither needed nor desired here. - Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Mar 10 23:59:16 1999 Delivered-To: freebsd-security@freebsd.org Received: from obie.softweyr.com (unknown [204.68.178.33]) by hub.freebsd.org (Postfix) with ESMTP id 215FB15178 for ; Wed, 10 Mar 1999 23:59:11 -0800 (PST) (envelope-from wes@softweyr.com) Received: from softweyr.com (zaphod.softweyr.com [204.68.178.35]) by obie.softweyr.com (8.8.8/8.8.8) with ESMTP id AAA29627; Thu, 11 Mar 1999 00:58:49 -0700 (MST) (envelope-from wes@softweyr.com) Message-ID: <36E777B8.710EE63F@softweyr.com> Date: Thu, 11 Mar 1999 00:58:48 -0700 From: Wes Peters Organization: Softweyr llc X-Mailer: Mozilla 4.5 [en] (X11; U; FreeBSD 3.1-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: "Jordan K. Hubbard" Cc: ob1k , freebsd-security@FreeBSD.ORG Subject: Re: disapointing security architecture References: <72996.921137918@zippy.cdrom.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org "Jordan K. Hubbard" wrote: > > > oh, Im sorry...I thought it was called _FREE_bsd OS, I was aware that the > > approach was a WHOAREYOUPAYINGbsd. Thank you. > > Will you please stop wasting our time with this crap? If you want > something fixed, fix it. Otherwise, kindly shut up and let the > VOLUNTEER resources here focus on whatever it is they want to focus on > since, as you've just pointed out, you're not paying them anything. > Why in the hell should they jump just because somebody like you tells > them to? You have some kind of god complex? If so, please take it > elsewhere - it's neither needed nor desired here. This fool is just trolling for flames. Let's just ignore him. Or filter him. ;^) -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC http://www.softweyr.com/~softweyr wes@softweyr.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 11 2:32:35 1999 Delivered-To: freebsd-security@freebsd.org Received: from eltex.ru (eltex-spiiras.nw.ru [195.19.204.46]) by hub.freebsd.org (Postfix) with ESMTP id C1C19150D7 for ; Thu, 11 Mar 1999 02:31:47 -0800 (PST) (envelope-from ark@eltex.ru) Received: from border.eltex.spb.ru (root@border.eltex.ru [195.19.198.2]) by eltex.ru (8.8.8/8.8.8) with SMTP id NAA03441; Thu, 11 Mar 1999 13:31:16 +0300 (MSK) Received: by border.eltex.spb.ru (ssmtp TIS-0.5alpha, 19 Oct 1998); Thu, 11 Mar 1999 13:30:53 +0300 Received: from undisclosed-intranet-sender id xma019303; Thu, 11 Mar 99 13:30:36 +0300 Date: Thu, 11 Mar 1999 13:30:19 +0300 Message-Id: <199903111030.NAA01403@paranoid.eltex.spb.ru> From: ark@eltex.ru Organization: "Klingon Imperial Intelligence Service" Subject: Re: FreeBSD SKIP port updated To: archie@whistle.com Cc: skip-info@skip.org, freebsd-security@FreeBSD.ORG Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- nuqneH, I am curious if someone tried to update it to compile in-kernel. I don't use LKMs, i have them disabled for security reasons (no flames please) _ _ _ _ _ _ _ {::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_ (##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_| [||] [||] [||] Do i believe in Bible? Hell,man,i've seen one! -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBNuebOqH/mIJW9LeBAQG9SgQApeagqTSQKW11Cw6z8s9UHMPIfRQRBISS 2GvTR32p1VzKWt/xXMxIzVEwfZn2LiJJfvk8tImD3Gu7l42fwMwL/00BwbGteCqz H0WjDDK76H75IGqOvcVeMtWjVFooVf7Mpi4eqyadaG2iMNCyFbp1tdHYvQAFpsUa kLWXKjxkKd0= =A+KM -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 11 6:57:13 1999 Delivered-To: freebsd-security@freebsd.org Received: from bagira.iit.bme.hu (bagira.iit.bme.hu [152.66.241.5]) by hub.freebsd.org (Postfix) with ESMTP id DAB80151D6 for ; Thu, 11 Mar 1999 06:56:49 -0800 (PST) (envelope-from mohacsi@bagira.iit.bme.hu) Received: from localhost (mohacsi@localhost) by bagira.iit.bme.hu (8.9.1/8.9.1) with ESMTP id PAA25734; Thu, 11 Mar 1999 15:55:57 +0100 (MET) Date: Thu, 11 Mar 1999 15:55:56 +0100 (MET) From: Janos Mohacsi To: Robert Watson Cc: freebsd-security@freebsd.org Subject: Re: disapointing security architecture In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 10 Mar 1999, Robert Watson wrote: > > > 3. The ideas of the /etc/login.conf was quite good. Wasn't it possible to > > extend it for management (session, password, authentication)? I think > > login.conf was quite strong in session and account management with > > different classification of users. The only missing thing was the > > sessiontime/idletime and sessionlimit management that could be done with > > -- idled. > > I believe an idled is available via ports, if you haven't seen it yet. I know, but I think it should use the login.conf parameters... But it is against the portability... > At one point in the past, I assembled a setuid manager that allowed policy > to be set on these things. I never took it much further due to time > constraints and other priorities (see below). You mean suidcontrol? > > If you have the time or energy to turn some of your suggestions into > implementation (that is, perhaps a set of patches to the Makefiles to > improve permissions, etc) that would no doubt greatly be appreciated by > all parties involved. The send-pr mechanism is usually the best way to > submit such changes+rationale, along with a CC: to -security documenting > them to encourage someone with commit rights to deal with it, or at least > raise some discussion about the changes. Ok. I will try it. Janos Mohacsi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 11 7:23:23 1999 Delivered-To: freebsd-security@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id 39090152E4 for ; Thu, 11 Mar 1999 07:23:10 -0800 (PST) (envelope-from Cy.Schubert@uumail.gov.bc.ca) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.9.1/8.8.8) id HAA16849; Thu, 11 Mar 1999 07:22:52 -0800 Received: from passer.osg.gov.bc.ca(142.32.110.29) via SMTP by point.osg.gov.bc.ca, id smtpda16847; Thu Mar 11 07:22:36 1999 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.9.3/8.9.1) id HAA00720; Thu, 11 Mar 1999 07:22:31 -0800 (PST) Message-Id: <199903111522.HAA00720@passer.osg.gov.bc.ca> Received: from localhost.osg.gov.bc.ca(127.0.0.1), claiming to be "passer.osg.gov.bc.ca" via SMTP by localhost.osg.gov.bc.ca, id smtpdTuJ705; Thu Mar 11 07:21:31 1999 X-Mailer: exmh version 2.0.2 2/24/98 Reply-To: Cy Schubert - ITSD Open Systems Group X-OS: FreeBSD 3.1-RELEASE X-Sender: cschuber To: "Marco Molteni" Cc: freebsd-security@FreeBSD.ORG Subject: Re: disapointing security architecture In-reply-to: Your message of "Thu, 11 Mar 1999 00:50:07 +0100." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Thu, 11 Mar 1999 07:21:31 -0800 From: Cy Schubert Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message , "Marco Molteni" wr ites: > 3. disappointed about FreeBSD security architecture? Fix it. You haven't offered any proof to back up your statement. The last time anyone made a statement to me like this was last night when a couple of JW's came to my door. Their statements were based on blind faith. Is your statement based on fact or is it based on faith? Please explain. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Open Systems Group Internet: Cy.Schubert@uumail.gov.bc.ca ITSD Cy.Schubert@gems8.gov.bc.ca Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 11 9:13:13 1999 Delivered-To: freebsd-security@freebsd.org Received: from brooklyn.slack.net (brooklyn.slack.net [206.41.21.102]) by hub.freebsd.org (Postfix) with ESMTP id 9BABF15297 for ; Thu, 11 Mar 1999 09:13:03 -0800 (PST) (envelope-from andrewr@brooklyn.slack.net) Received: from localhost (andrewr@localhost) by brooklyn.slack.net (8.8.7/8.8.7) with SMTP id MAA26377; Thu, 11 Mar 1999 12:17:03 -0500 (EST) Date: Thu, 11 Mar 1999 12:17:03 -0500 (EST) From: andrewr To: freebsd-security@FreeBSD.org Cc: jbowie@slack.net Subject: Re: disapointing security architecture In-Reply-To: <199903111522.HAA00720@passer.osg.gov.bc.ca> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Im hoping that this thread will end soon and perhaps be brought to another context. On and off for awhile people would say someting about FreeBSDs security or lack thereof (whatever your opinion may be).. Awhile back I spoke with Jordan through email about doing an all out audit and/or a complete redesign of its "security archicture." The solution was, again: If you have people that are interested, set up a mailing list and see if you can get things started. I, unfortunately, failed on getting the mailing list up due to lack of resources at the time. So, I do extend this offer, if you are interested in doing an audit or delve into the security implementations that FreeBSD has/does not have, please email me and I will attempt to get a mailing list set up. I know this is, I think, the third time (including my single attempt) to get an active group together to do this. My role is just to hold a mailing list forum for this and not much more. I know of a few people already that do personal kernel modifications for increased security measures I encourage you to participate. Andrew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 11 9:29: 6 1999 Delivered-To: freebsd-security@freebsd.org Received: from bubba.whistle.com (s205m7.whistle.com [207.76.205.7]) by hub.freebsd.org (Postfix) with ESMTP id 4EF4415441 for ; Thu, 11 Mar 1999 09:29:03 -0800 (PST) (envelope-from archie@whistle.com) Received: (from archie@localhost) by bubba.whistle.com (8.9.2/8.9.2) id JAA95956; Thu, 11 Mar 1999 09:28:03 -0800 (PST) From: Archie Cobbs Message-Id: <199903111728.JAA95956@bubba.whistle.com> Subject: Re: FreeBSD SKIP port updated In-Reply-To: <199903111030.NAA01403@paranoid.eltex.spb.ru> from "ark@eltex.ru" at "Mar 11, 99 01:30:19 pm" To: ark@eltex.ru Date: Thu, 11 Mar 1999 09:28:03 -0800 (PST) Cc: freebsd-security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL38 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ark@eltex.ru writes: > I am curious if someone tried to update it to compile in-kernel. > I don't use LKMs, i have them disabled for security reasons (no flames > please) Well, there's no reason you couldn't load it at boot time. Ie, add it to boot.conf (or loader.conf of whatever it's called). -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 11 10:43:56 1999 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (FLEDGE.RES.CMU.EDU [128.2.93.229]) by hub.freebsd.org (Postfix) with ESMTP id 02B8314DFF for ; Thu, 11 Mar 1999 10:43:54 -0800 (PST) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.8.8/8.8.8) with SMTP id NAA04872; Thu, 11 Mar 1999 13:43:27 -0500 (EST) (envelope-from robert@cyrus.watson.org) Date: Thu, 11 Mar 1999 13:43:27 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: Janos Mohacsi Cc: freebsd-security@freebsd.org Subject: Re: disapointing security architecture In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 11 Mar 1999, Janos Mohacsi wrote: > On Wed, 10 Mar 1999, Robert Watson wrote: > > > > > > 3. The ideas of the /etc/login.conf was quite good. Wasn't it possible to > > > extend it for management (session, password, authentication)? I think > > > login.conf was quite strong in session and account management with > > > different classification of users. The only missing thing was the > > > sessiontime/idletime and sessionlimit management that could be done with > > > -- idled. > > > > I believe an idled is available via ports, if you haven't seen it yet. > > I know, but I think it should use the login.conf parameters... But it is > against the portability... Hmm. One would think an OS-specific module for determining policy in such a program would be a reasonable gesture in the name of portability :-). > > At one point in the past, I assembled a setuid manager that allowed policy > > to be set on these things. I never took it much further due to time > > constraints and other priorities (see below). > > You mean suidcontrol? That's the one. I had hoped to develop it into a decent interface for modifying system security policy; in particular, in such a way that it could then be mass-applied to a number of hosts rapidly (i.e., a cluster). Due to moving on to other projects and a sort of wondering whether it wasn't better just to use general-purpose tools, I haven't gone back to it. I may get a chance to look at it again more seriously in the near future. It also raises the issue as to whether it wouldn't be better to reengineer the setuid programs so they aren't setuid :-). > > If you have the time or energy to turn some of your suggestions into > > implementation (that is, perhaps a set of patches to the Makefiles to > > improve permissions, etc) that would no doubt greatly be appreciated by > > all parties involved. The send-pr mechanism is usually the best way to > > submit such changes+rationale, along with a CC: to -security documenting > > them to encourage someone with commit rights to deal with it, or at least > > raise some discussion about the changes. > > Ok. I will try it. > Janos Mohacsi > > Robert N Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: 03 01 DD 8E 15 67 48 73 25 6D 10 FC EC 68 C1 1C Carnegie Mellon University http://www.cmu.edu/ TIS Labs at Network Associates, Inc. http://www.tis.com/ Safeport Network Services http://www.safeport.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 11 10:52:56 1999 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (FLEDGE.RES.CMU.EDU [128.2.93.229]) by hub.freebsd.org (Postfix) with ESMTP id 114651528B for ; Thu, 11 Mar 1999 10:52:53 -0800 (PST) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.8.8/8.8.8) with SMTP id NAA04909; Thu, 11 Mar 1999 13:52:34 -0500 (EST) (envelope-from robert@cyrus.watson.org) Date: Thu, 11 Mar 1999 13:52:34 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: andrewr Cc: freebsd-security@FreeBSD.org, jbowie@slack.net Subject: Re: disapointing security architecture In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 11 Mar 1999, andrewr wrote: > Im hoping that this thread will end soon and perhaps be brought to another > context. On and off for awhile people would say someting about FreeBSDs > security or lack thereof (whatever your opinion may be).. Awhile back I > spoke with Jordan through email about doing an all out audit and/or a > complete redesign of its "security archicture." The solution was, again: > If you have people that are interested, set up a mailing list and see if > you can get things started. I, unfortunately, failed on getting the > mailing list up due to lack of resources at the time. > > So, I do extend this offer, if you are interested in doing an audit or > delve into the security implementations that FreeBSD has/does not have, > please email me and I will attempt to get a mailing list set up. I know > this is, I think, the third time (including my single attempt) to get an > active group together to do this. My role is just to hold a mailing list > forum for this and not much more. I know of a few people already that do > personal kernel modifications for increased security measures I encourage > you to participate. Andrew, This is an area of great interest to me. In the effort to help in a redesign, both inside and out of the context of a traditional UNIX security architecture, I am putting time into a POSIX.1e implementation that will providing auditing (not code auditing as you describe, but event auditing), capabilities, ACLs, and possibly eventually MACs, although I have received an email indicating that someone else's implementation of MAC is almost complete at this point. This all fits into the generally UNIX-esque security approach. You can subscribe to our POSIX.1e discussion list by sending email to posix1e-request@cyrus.watson.org. It is a fairly low-volume list, but discussion is always welcome. On a less unixy note, last year I assembled a token-based security model for authentication and authorization; an early version is available for download off my FreeBSD hardening page. It tries to provide a context for a more comprehensive model where tokens represent capabilities, local identities (such as traditional uids), and distributed system identitites (such as kerberos tokens or certificates). A token daemon exists and allows token-exchange based on a policy (that version never went up for download but does actually work), and tokens may be transfered in the style of credentials or file descriptors in plain-FreeBSD. I send-pr'd some patches last year to add support for lkms providing arbitrary-kernel-object-passing hooks via this feature. I don't think it was ever stuck in FreeBSD due to stylistic issues, and I haven't had time to fix that. This May I may take another blast at taking it beyond a proof-of-concept to a full working system. Eivind has suggested a more complicated capabilities system that is in somewhat similar a vein--string-based capabilities specifying subsystems, etc. That behavior could be considered a subset of my token behavior, but the token code is fairly inefficient. If you don't have the resources to set up an alternate-security-architecture mailing list, I'd be glad to host one. I think it's an interesting topic; some of the more radical solutions are unlikely to be incorporated into base BSD if only because it's hard to find effective and novel solutions that are truly a superset of the default UNIX model, and also compatible :-). I'm also aware of a number of projects relating this (including one at TIS Labs/NAI under DARPA contract for imposing additional security restrictions on a base BSD model called 'wrappers'). Robert N Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: 03 01 DD 8E 15 67 48 73 25 6D 10 FC EC 68 C1 1C Carnegie Mellon University http://www.cmu.edu/ TIS Labs at Network Associates, Inc. http://www.tis.com/ Safeport Network Services http://www.safeport.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 11 12:25:39 1999 Delivered-To: freebsd-security@freebsd.org Received: from ns1.seidata.com (ns1.seidata.com [208.10.211.2]) by hub.freebsd.org (Postfix) with ESMTP id 4862215364 for ; Thu, 11 Mar 1999 12:25:31 -0800 (PST) (envelope-from mike@seidata.com) Received: from localhost (mike@localhost) by ns1.seidata.com (8.8.8/8.8.5) with ESMTP id PAA07077; Thu, 11 Mar 1999 15:25:03 -0500 (EST) Date: Thu, 11 Mar 1999 15:25:03 -0500 (EST) From: To: andrewr Cc: freebsd-security@FreeBSD.ORG, jbowie@slack.net Subject: Re: disapointing security architecture In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 11 Mar 1999, andrewr wrote: > So, I do extend this offer, if you are interested in doing an audit or > delve into the security implementations that FreeBSD has/does not have, Here, here. Finally, this thread takes a useful turn. ;) I am extremely interested in the security development of the FreeBSD system. I'd be willing to dedicate server resources (mailing lists, archives, shell accounts, whatever) to such a project... as others are, I'm sure. > forum for this and not much more. I know of a few people already that do > personal kernel modifications for increased security measures I encourage > you to participate. A forum for exchange of such information would be very useful, but what is the purpose of -security (announces/fixes only?). There's also the already substantial list of helpful resources provided by http://www.freebsd.org/security/security.html. Also, there was an auditing project underway (forget the URL)... I agree we need to be active and work together on this, but we don't want to waste time reinventing the wheel or redoing what other projects have already accomplished. Later, -Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 11 13:41: 3 1999 Delivered-To: freebsd-security@freebsd.org Received: from brooklyn.slack.net (brooklyn.slack.net [206.41.21.102]) by hub.freebsd.org (Postfix) with ESMTP id 6402E1520C for ; Thu, 11 Mar 1999 13:41:00 -0800 (PST) (envelope-from jbowie@brooklyn.slack.net) Received: from localhost (jbowie@localhost) by brooklyn.slack.net (8.8.7/8.8.7) with SMTP id QAA24570; Thu, 11 Mar 1999 16:44:54 -0500 (EST) Date: Thu, 11 Mar 1999 16:44:54 -0500 (EST) From: give in to your chemical emotions To: mike@seidata.com Cc: andrewr , freebsd-security@FreeBSD.ORG Subject: Re: disapointing security architecture In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Count me in. -jbowie To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 11 14:28:46 1999 Delivered-To: freebsd-security@freebsd.org Received: from goblin.citadel.com.au (unknown [203.41.114.178]) by hub.freebsd.org (Postfix) with ESMTP id 753211527B for ; Thu, 11 Mar 1999 14:28:41 -0800 (PST) (envelope-from nick@citadel.com.au) Received: by goblin.citadel.com.au; id TAA28219; Fri, 12 Mar 1999 19:30:07 +1100 (EST) Message-Id: <199903120830.TAA28219@goblin.citadel.com.au> Received: from unknown(192.168.3.1) by goblin.citadel.com.au via smap (4.1) id xma028217; Fri, 12 Mar 99 19:29:28 +1100 X-Sender: ncb@mercury.citadel.com.au X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0 Date: Fri, 12 Mar 1999 09:31:52 +1100 To: , andrewr From: Nicholas Brawn Subject: Re: disapointing security architecture Cc: freebsd-security@freebsd.org, jbowie@slack.net In-Reply-To: References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I'm also interested. However, if I recall correctly, the problem last time was that nobody actually sat down and did the work. There were plenty of ideas, but when it came to the crunch, nobody wanted to put in the effort. Nick At 03:25 PM 3/11/99 -0500, mike@seidata.com wrote: >On Thu, 11 Mar 1999, andrewr wrote: > >> So, I do extend this offer, if you are interested in doing an audit or >> delve into the security implementations that FreeBSD has/does not have, > >Here, here. Finally, this thread takes a useful turn. ;) > >I am extremely interested in the security development of the FreeBSD >system. I'd be willing to dedicate server resources (mailing lists, >archives, shell accounts, whatever) to such a project... as others >are, I'm sure. > >> forum for this and not much more. I know of a few people already that do >> personal kernel modifications for increased security measures I encourage >> you to participate. > >A forum for exchange of such information would be very useful, but >what is the purpose of -security (announces/fixes only?). There's >also the already substantial list of helpful resources provided by >http://www.freebsd.org/security/security.html. Also, there was an >auditing project underway (forget the URL)... > >I agree we need to be active and work together on this, but we don't >want to waste time reinventing the wheel or redoing what other >projects have already accomplished. > >Later, > > -Mike > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message > -- Nicholas Brawn, Systems Engineer Citadel Security Management Systems To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 11 14:59:11 1999 Delivered-To: freebsd-security@freebsd.org Received: from smtp4.mindspring.com (smtp4.mindspring.com [207.69.200.64]) by hub.freebsd.org (Postfix) with ESMTP id EF35815221 for ; Thu, 11 Mar 1999 14:58:35 -0800 (PST) (envelope-from ob1k@mindspring.com) Received: from user-38lc3qm.dialup.mindspring.com (user-38lc3qm.dialup.mindspring.com [209.86.15.86]) by smtp4.mindspring.com (8.8.5/8.8.5) with ESMTP id RAA27156; Thu, 11 Mar 1999 17:58:04 -0500 (EST) Date: Thu, 11 Mar 1999 17:59:46 +0000 (GMT) From: ob1k To: "Jordan K. Hubbard" Cc: freebsd-security@FreeBSD.ORG Subject: Re: disapointing security architecture In-Reply-To: <72996.921137918@zippy.cdrom.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Ok, sure no problem. Off the list I am. Cheers On Wed, 10 Mar 1999, Jordan K. Hubbard wrote: > > oh, Im sorry...I thought it was called _FREE_bsd OS, I was aware that the > > approach was a WHOAREYOUPAYINGbsd. Thank you. > > Will you please stop wasting our time with this crap? If you want > something fixed, fix it. Otherwise, kindly shut up and let the > VOLUNTEER resources here focus on whatever it is they want to focus on > since, as you've just pointed out, you're not paying them anything. > Why in the hell should they jump just because somebody like you tells > them to? You have some kind of god complex? If so, please take it > elsewhere - it's neither needed nor desired here. > > - Jordan > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 11 15:29:48 1999 Delivered-To: freebsd-security@freebsd.org Received: from brooklyn.slack.net (brooklyn.slack.net [206.41.21.102]) by hub.freebsd.org (Postfix) with ESMTP id D4F4F1528A for ; Thu, 11 Mar 1999 15:29:37 -0800 (PST) (envelope-from andrewr@brooklyn.slack.net) Received: from localhost (andrewr@localhost) by brooklyn.slack.net (8.8.7/8.8.7) with SMTP id SAA29266; Thu, 11 Mar 1999 18:33:33 -0500 (EST) Date: Thu, 11 Mar 1999 18:33:32 -0500 (EST) From: andrewr To: Nicholas Brawn Cc: mike@seidata.com, freebsd-security@freebsd.org, jbowie@slack.net Subject: Re: disapointing security architecture In-Reply-To: <199903120830.TAA28219@goblin.citadel.com.au> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Nick, Yes, this was this issue. In an upcoming post, I will explain the purpose of this list, the goals, etc. Im hoping this will do more than just spawn ideas. andrew On Fri, 12 Mar 1999, Nicholas Brawn wrote: > I'm also interested. However, if I recall correctly, the problem last time > was that nobody actually sat down and did the work. There were plenty of > ideas, but when it came to the crunch, nobody wanted to put in the effort. > > Nick > > At 03:25 PM 3/11/99 -0500, mike@seidata.com wrote: > >On Thu, 11 Mar 1999, andrewr wrote: > > > >> So, I do extend this offer, if you are interested in doing an audit or > >> delve into the security implementations that FreeBSD has/does not have, > > > >Here, here. Finally, this thread takes a useful turn. ;) > > > >I am extremely interested in the security development of the FreeBSD > >system. I'd be willing to dedicate server resources (mailing lists, > >archives, shell accounts, whatever) to such a project... as others > >are, I'm sure. > > > >> forum for this and not much more. I know of a few people already that do > >> personal kernel modifications for increased security measures I encourage > >> you to participate. > > > >A forum for exchange of such information would be very useful, but > >what is the purpose of -security (announces/fixes only?). There's > >also the already substantial list of helpful resources provided by > >http://www.freebsd.org/security/security.html. Also, there was an > >auditing project underway (forget the URL)... > > > >I agree we need to be active and work together on this, but we don't > >want to waste time reinventing the wheel or redoing what other > >projects have already accomplished. > > > >Later, > > > > -Mike > > > > > > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > >with "unsubscribe freebsd-security" in the body of the message > > > -- > Nicholas Brawn, Systems Engineer > Citadel Security Management Systems > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 11 15:59:22 1999 Delivered-To: freebsd-security@freebsd.org Received: from goliath.camtech.net.au (goliath.camtech.net.au [203.5.73.2]) by hub.freebsd.org (Postfix) with ESMTP id 3B5EA14DFC for ; Thu, 11 Mar 1999 15:59:17 -0800 (PST) (envelope-from newton@camtech.com.au) Received: from sebastion.sa.camtech.com.au (sebastion.sa.camtech.com.au [203.28.3.2]) by goliath.camtech.net.au (8.8.5/8.8.2) with ESMTP id KAA06632; Fri, 12 Mar 1999 10:27:07 +1030 (CST) Received: (from smtp@localhost) by sebastion.sa.camtech.com.au (8.8.5/8.8.7) id KAA09218; Fri, 12 Mar 1999 10:28:16 +1030 (CST) Received: from slingshot(192.168.1.2) by sebastion via smap (V2.0) id xma009207; Fri, 12 Mar 99 10:28:07 +1030 Received: from frenzy.ct (newton@frenzy.ct [192.168.4.65]) by slingshot.ct (8.9.1/8.9.1) with ESMTP id KAA27220; Fri, 12 Mar 1999 10:28:02 +1030 (CST) From: Mark Newton Received: (from newton@localhost) by frenzy.ct (8.8.8/8.8.8) id KAA04856; Fri, 12 Mar 1999 10:28:01 +1030 (CDT) Message-Id: <199903112358.KAA04856@frenzy.ct> Subject: Re: FreeBSD SKIP port updated In-Reply-To: <199903111728.JAA95956@bubba.whistle.com> from Archie Cobbs at "Mar 11, 99 09:28:03 am" To: archie@whistle.com (Archie Cobbs) Date: Fri, 12 Mar 1999 10:28:01 +1030 (CDT) Cc: ark@eltex.ru, freebsd-security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL32 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Archie Cobbs wrote: > ark@eltex.ru writes: > > I am curious if someone tried to update it to compile in-kernel. > > I don't use LKMs, i have them disabled for security reasons (no flames > > please) > > Well, there's no reason you couldn't load it at boot time. > Ie, add it to boot.conf (or loader.conf of whatever it's called). If you have KLDs disabled that shouldn't work (and it represents a pretty major security issue if it does!) - mark --- Mark Newton Email: newton@camtech.com.au Systems Engineer and Senior Trainer Phone: +61-8-8303-3300 Camtech (SA), a member of the Fax: +61-8-8303-4403 CAMTECH group of companies WWW: http://www.camtech.com.au To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 11 16:16:45 1999 Delivered-To: freebsd-security@freebsd.org Received: from bubba.whistle.com (s205m7.whistle.com [207.76.205.7]) by hub.freebsd.org (Postfix) with ESMTP id AB77214D4D for ; Thu, 11 Mar 1999 16:16:39 -0800 (PST) (envelope-from archie@whistle.com) Received: (from archie@localhost) by bubba.whistle.com (8.9.2/8.9.2) id QAA99619; Thu, 11 Mar 1999 16:15:04 -0800 (PST) From: Archie Cobbs Message-Id: <199903120015.QAA99619@bubba.whistle.com> Subject: Re: FreeBSD SKIP port updated In-Reply-To: <199903112358.KAA04856@frenzy.ct> from Mark Newton at "Mar 12, 99 10:28:01 am" To: newton@camtech.com.au (Mark Newton) Date: Thu, 11 Mar 1999 16:15:04 -0800 (PST) Cc: ark@eltex.ru, freebsd-security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL38 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Mark Newton writes: > > > I am curious if someone tried to update it to compile in-kernel. > > > I don't use LKMs, i have them disabled for security reasons (no flames > > > please) > > > > Well, there's no reason you couldn't load it at boot time. > > Ie, add it to boot.conf (or loader.conf of whatever it's called). > > If you have KLDs disabled that shouldn't work (and it represents a > pretty major security issue if it does!) I thought the disabling of KLD's only blocked the kldload() process. Guess not. Hmm.. then I don't know. Maybe you could just stick it in your kernel compilation directory and tweak the makefile... ? -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 11 16:20:35 1999 Delivered-To: freebsd-security@freebsd.org Received: from goliath.camtech.net.au (goliath.camtech.net.au [203.5.73.2]) by hub.freebsd.org (Postfix) with ESMTP id D8C73152F6 for ; Thu, 11 Mar 1999 16:20:08 -0800 (PST) (envelope-from newton@camtech.com.au) Received: from sebastion.sa.camtech.com.au (sebastion.sa.camtech.com.au [203.28.3.2]) by goliath.camtech.net.au (8.8.5/8.8.2) with ESMTP id KAA12564; Fri, 12 Mar 1999 10:48:23 +1030 (CST) Received: (from smtp@localhost) by sebastion.sa.camtech.com.au (8.8.5/8.8.7) id KAA10509; Fri, 12 Mar 1999 10:49:27 +1030 (CST) Received: from slingshot(192.168.1.2) by sebastion via smap (V2.0) id xma010489; Fri, 12 Mar 99 10:49:10 +1030 Received: from frenzy.ct (newton@frenzy.ct [192.168.4.65]) by slingshot.ct (8.9.1/8.9.1) with ESMTP id KAA28134; Fri, 12 Mar 1999 10:49:07 +1030 (CST) From: Mark Newton Received: (from newton@localhost) by frenzy.ct (8.8.8/8.8.8) id KAA05025; Fri, 12 Mar 1999 10:49:07 +1030 (CDT) Message-Id: <199903120019.KAA05025@frenzy.ct> Subject: Re: FreeBSD SKIP port updated In-Reply-To: <199903120015.QAA99619@bubba.whistle.com> from Archie Cobbs at "Mar 11, 99 04:15:04 pm" To: archie@whistle.com (Archie Cobbs) Date: Fri, 12 Mar 1999 10:49:07 +1030 (CDT) Cc: newton@camtech.com.au, ark@eltex.ru, freebsd-security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL32 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Archie Cobbs wrote: > Mark Newton writes: > > > > I am curious if someone tried to update it to compile in-kernel. > > > > I don't use LKMs, i have them disabled for security reasons (no flames > > > > please) > > > > > > Well, there's no reason you couldn't load it at boot time. > > > Ie, add it to boot.conf (or loader.conf of whatever it's called). > > > > If you have KLDs disabled that shouldn't work (and it represents a > > pretty major security issue if it does!) > > I thought the disabling of KLD's only blocked the kldload() process. > Guess not. From a brief look at the source, you might be right. This is bad. I'd think disabling KLDs should totally disable the in-kernel linker. Otherwise someone could get new modules into your kernel by adding 'em to loader.rc and forcing a reboot. - mark --- Mark Newton Email: newton@camtech.com.au Systems Engineer and Senior Trainer Phone: +61-8-8303-3300 Camtech (SA), a member of the Fax: +61-8-8303-4403 CAMTECH group of companies WWW: http://www.camtech.com.au To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 11 16:26:54 1999 Delivered-To: freebsd-security@freebsd.org Received: from bubba.whistle.com (s205m7.whistle.com [207.76.205.7]) by hub.freebsd.org (Postfix) with ESMTP id 6DDB1150D2 for ; Thu, 11 Mar 1999 16:26:50 -0800 (PST) (envelope-from archie@whistle.com) Received: (from archie@localhost) by bubba.whistle.com (8.9.2/8.9.2) id QAA99732; Thu, 11 Mar 1999 16:25:22 -0800 (PST) From: Archie Cobbs Message-Id: <199903120025.QAA99732@bubba.whistle.com> Subject: Re: FreeBSD SKIP port updated In-Reply-To: <199903120019.KAA05025@frenzy.ct> from Mark Newton at "Mar 12, 99 10:49:07 am" To: newton@camtech.com.au (Mark Newton) Date: Thu, 11 Mar 1999 16:25:22 -0800 (PST) Cc: ark@eltex.ru, freebsd-security@Freebsd.org Reply-To: eeBSD.ORG@whistle.com X-Mailer: ELM [version 2.4ME+ PL38 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Mark Newton writes: > > I thought the disabling of KLD's only blocked the kldload() process. > > Guess not. > > From a brief look at the source, you might be right. > > This is bad. I'd think disabling KLDs should totally disable the > in-kernel linker. Otherwise someone could get new modules into your > kernel by adding 'em to loader.rc and forcing a reboot. The counter argument to that is that if someone can modify this file or reboot your computer they already are root and can pretty much do anything anyway, regardless of the securelevel setting. I'm sure there are counter-counter arguments to this though :-) -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 11 16:31:36 1999 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (FLEDGE.RES.CMU.EDU [128.2.93.229]) by hub.freebsd.org (Postfix) with ESMTP id 66E08150D2 for ; Thu, 11 Mar 1999 16:31:13 -0800 (PST) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.8.8/8.8.8) with SMTP id TAA06774; Thu, 11 Mar 1999 19:30:30 -0500 (EST) (envelope-from robert@cyrus.watson.org) Date: Thu, 11 Mar 1999 19:30:29 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: Mark Newton Cc: Archie Cobbs , ark@eltex.ru, freebsd-security@FreeBSD.ORG Subject: Re: FreeBSD SKIP port updated In-Reply-To: <199903120019.KAA05025@frenzy.ct> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 12 Mar 1999, Mark Newton wrote: > Archie Cobbs wrote: > > > Mark Newton writes: > > > > > I am curious if someone tried to update it to compile in-kernel. > > > > > I don't use LKMs, i have them disabled for security reasons (no flames > > > > > please) > > > > > > > > Well, there's no reason you couldn't load it at boot time. > > > > Ie, add it to boot.conf (or loader.conf of whatever it's called). > > > > > > If you have KLDs disabled that shouldn't work (and it represents a > > > pretty major security issue if it does!) > > > > I thought the disabling of KLD's only blocked the kldload() process. > > Guess not. > > From a brief look at the source, you might be right. > > This is bad. I'd think disabling KLDs should totally disable the > in-kernel linker. Otherwise someone could get new modules into your > kernel by adding 'em to loader.rc and forcing a reboot. Arguably, in a securelevel environment, the {/boot,/modules} directories should be entirely noschg. Otherwise the user could specify alternative kernels, use alternative bootstrap code, etc. Any of these yields kernel privileges. I would argue that disabling kldload in securelevels is a good idea; removing the ability to have a dynamically linked kernel from /modules et al is a bad idea; instead, appropriate file protection should be used. Robert N Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: 03 01 DD 8E 15 67 48 73 25 6D 10 FC EC 68 C1 1C Carnegie Mellon University http://www.cmu.edu/ TIS Labs at Network Associates, Inc. http://www.tis.com/ Safeport Network Services http://www.safeport.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 11 16:39:31 1999 Delivered-To: freebsd-security@freebsd.org Received: from fep04-svc.tin.it (mta04-acc.tin.it [212.216.176.35]) by hub.freebsd.org (Postfix) with ESMTP id 053E814E7A for ; Thu, 11 Mar 1999 16:39:06 -0800 (PST) (envelope-from molter@tin.it) Received: from nympha.ecomotor.it ([212.216.29.76]) by fep04-svc.tin.it (InterMail v4.0 201-221-105) with SMTP id <19990312003844.FKZM6673.fep04-svc@nympha.ecomotor.it> for ; Fri, 12 Mar 1999 01:38:44 +0100 Received: (qmail 945 invoked by uid 1000); 12 Mar 1999 00:32:05 -0000 From: "Marco Molteni" Date: Fri, 12 Mar 1999 01:32:04 +0100 (CET) X-Sender: molter@nympha To: "Angelos D. Keromytis" Cc: freebsd-security@FreeBSD.ORG Subject: IKE daemons (was: Re: disapointing security architecture) In-Reply-To: <199903110155.UAA23785@adk.gr> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 10 Mar 1999, Angelos D. Keromytis wrote: > >> > An other point OpenBSD made some steps forward: they have IPSec > >> > (PF_KEY v2 !!). > >> > >> 1. PF_KEY != IPsec. > > Sorry for jumping in here, I'd just like to point out that OpenBSD > does have an IPsec stack as well (has had one for a bit over 2 years); > PFKEYv2 was added recently, replacing the PFENCAP interface used before. Angelos, maybe I wasn't clear. What I meant was simply that PF_KEY isn't IPsec (it's just an API), not that, since OpenBSD has PF_KEY, it hasn't IPsec. I know OpenBSD has the NRL code. > If you use the KAME code, I would suggest using the OpenBSD isakmpd with > it (once it's been converted to PFKEYv2, should be before the end of the > month). This could be a really interesting thing. I'm doing something near to impossible, Multicast IPsec key distribution. As platform I'm using FreeBSD+KAME with some custom patches. What is isakmpd ? Is it an IKE daemon? I saw in the NRL IPsec web pages that they have two IKE/ISAKMP daemons, one from Cisco, but both aren't available outside the USA. Basically I'm looking for some sample code using PF_KEY to do key exchanges. Marco --- "Hi, I have a Compaq machine running Windows 95. How do I install FreeBSD?" "I'm sorry, this is device driver testing: brain implants are two doors down on the right". (Bill Paul, on the freebsd-net mailing list) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 11 16:51:52 1999 Delivered-To: freebsd-security@freebsd.org Received: from adk.gr (COREDUMP.CIS.UPENN.EDU [158.130.6.141]) by hub.freebsd.org (Postfix) with ESMTP id 88A9F152F0 for ; Thu, 11 Mar 1999 16:51:39 -0800 (PST) (envelope-from angelos@dsl.cis.upenn.edu) Received: from dsl.cis.upenn.edu (localhost [127.0.0.1]) by adk.gr (8.9.2/8.9.1) with ESMTP id TAA30722; Thu, 11 Mar 1999 19:51:30 -0500 (EST) Message-Id: <199903120051.TAA30722@adk.gr> X-Mailer: exmh version 2.0.2 2/24/98 To: "Marco Molteni" Cc: freebsd-security@FreeBSD.ORG Subject: Re: IKE daemons (was: Re: disapointing security architecture) In-reply-to: Your message of "Fri, 12 Mar 1999 01:32:04 +0100." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Thu, 11 Mar 1999 19:51:30 -0500 From: "Angelos D. Keromytis" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message , "Marco Molteni" wri tes: > >Angelos, maybe I wasn't clear. What I meant was simply that PF_KEY isn't >IPsec (it's just an API), not that, since OpenBSD has PF_KEY, it hasn't >IPsec. I know OpenBSD has the NRL code. Actually, OpenBSD has the NRL IPv6, and a mutation of the PFKEY code. The IPsec code is our own (its lineage can be traced back to 1995). >What is isakmpd ? Is it an IKE daemon? I saw in the NRL IPsec web pages >that they have two IKE/ISAKMP daemons, one from Cisco, but both aren't >available outside the USA. > >Basically I'm looking for some sample code using PF_KEY to do key >exchanges. Yes, isakmpd is an IKE implementation; as far as I know, it's the best free implementation available outside the US (better than most implementations, free or otherwise, domestic and not). You can get it off the OpenBSD tree (BSD license). The Cisco IKE is just horrible; the other one on the NRL page is most likely the one from the NIST IPsec Reference Implementation (can't seem to locate the URL for that right now). That one uses an updated Pluto (an old IKE implementation I wrote back in '97, also used by the linux-ipsec FreeSWAN project). Since I'm the author of that code, I think my advice is very authoritative: steer clear of it; the core Pluto (about 10K lines) was written in about 3 weeks time, as a proof of concept. For PFKEY code, you can take a look at the OpenBSD ipsecadm(8) source; it's the manual-key command. Or you can talk to Niklas Halqvist and/or Niels Provos (niklas@openbsd, provos@openbsd) who are currently updating isakmpd and photurisd to use PFKEY. Enough rambling, -Angelos To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 11 16:53:26 1999 Delivered-To: freebsd-security@freebsd.org Received: from aniwa.sky (p46-max12.wlg.ihug.co.nz [216.100.145.46]) by hub.freebsd.org (Postfix) with ESMTP id 3FEA0152F0 for ; Thu, 11 Mar 1999 16:53:16 -0800 (PST) (envelope-from andrew@squiz.co.nz) Received: from aniwa.sky (localhost [127.0.0.1]) by aniwa.sky (8.9.1a/8.9.1) with ESMTP id NAA09299; Fri, 12 Mar 1999 13:52:21 +1300 (NZDT) Message-Id: <199903120052.NAA09299@aniwa.sky> X-Mailer: exmh version 2.0.2 2/24/98 To: Nicholas Brawn Cc: mike@seidata.com, andrewr , freebsd-security@FreeBSD.ORG, jbowie@slack.net Subject: Re: disapointing security architecture In-reply-to: Your message of "Fri, 12 Mar 1999 09:31:52 +1100." <199903120830.TAA28219@goblin.citadel.com.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 12 Mar 1999 13:52:21 +1300 From: Andrew McNaughton Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > I'm also interested. However, if I recall correctly, the problem last time > was that nobody actually sat down and did the work. There were plenty of > ideas, but when it came to the crunch, nobody wanted to put in the effort. > > Nick As I recall, discussion turned to concerns over who was qualified to do the work, which seemed rather silly. No security auditing project is going to be complete. No auditor is going to be perfect. Every bit counts. Seems to me that one of the most useful things that could be set up would be a repository of information on what's been checked when by who, and what people have suggested needs to be gone over. I imagine this would be something similar to gnats, or be an adaption of that package. A repository where you could reports identifying problems, suggesting solutions, describing auditing which has been done etc. Should be structured so that you can goto the repository and find out all that's been done on a piece of code you're interested in. I'm interested by this project, but realistically, I can't commit much time to it. Every so often though I check out something that concerns me and as things are whatever information I gather tends not to be made available to others unless it amounts to a confirmed vulnerability. For instance, last year I spotted the buffer overflow potential in the sshd 1.2.25 logging routine which was later the subject of much discussion in bugtraq. I didn't have the time to go through and check out all the places in the code where the routine was called from, and the ones I did check seemed OK, so it didn't go anywhere. An auditing effort needs to have a way to make use of preliminary results like that. There's a bit of work involved in setting up a repository for this sort of information, but it allows the breaking down of the hugs task of auditing an OS into a lot of small tasks that can nonetheless still be part of a whole project. Andrew McNaughton -- ----------- Andrew McNaughton andrew@squiz.co.nz http://www.newsroom.co.nz/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 11 21:16:16 1999 Delivered-To: freebsd-security@freebsd.org Received: from bubba.whistle.com (s205m7.whistle.com [207.76.205.7]) by hub.freebsd.org (Postfix) with ESMTP id D94F614F8C for ; Thu, 11 Mar 1999 21:16:14 -0800 (PST) (envelope-from archie@whistle.com) Received: (from archie@localhost) by bubba.whistle.com (8.9.2/8.9.2) id VAA90743; Thu, 11 Mar 1999 21:15:18 -0800 (PST) From: Archie Cobbs Message-Id: <199903120515.VAA90743@bubba.whistle.com> Subject: Re: disapointing security architecture In-Reply-To: <199903120052.NAA09299@aniwa.sky> from Andrew McNaughton at "Mar 12, 99 01:52:21 pm" To: andrew@squiz.co.nz (Andrew McNaughton) Date: Thu, 11 Mar 1999 21:15:18 -0800 (PST) Cc: freebsd-security@freebsd.org X-Mailer: ELM [version 2.4ME+ PL38 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Andrew McNaughton writes: > > I'm also interested. However, if I recall correctly, the problem last time > > was that nobody actually sat down and did the work. There were plenty of > > ideas, but when it came to the crunch, nobody wanted to put in the effort. > > > > Nick > > As I recall, discussion turned to concerns over who was qualified to do the work, which seemed rather silly. No security auditing project is going to be complete. No auditor is going to be perfect. Every bit counts. Here's an idea.. FreeBSD could pay for a 3rd party security audit of a stock FreeBSD system. Peter Shipley did this for Whistle and the InterJet (a "black box" approach). No problems were found but it was good to know that :-) -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 11 22: 5:40 1999 Delivered-To: freebsd-security@freebsd.org Received: from brooklyn.slack.net (brooklyn.slack.net [206.41.21.102]) by hub.freebsd.org (Postfix) with ESMTP id AE60E14E71 for ; Thu, 11 Mar 1999 22:05:37 -0800 (PST) (envelope-from andrewr@brooklyn.slack.net) Received: from localhost (andrewr@localhost) by brooklyn.slack.net (8.8.7/8.8.7) with SMTP id BAA28037; Fri, 12 Mar 1999 01:09:19 -0500 (EST) Date: Fri, 12 Mar 1999 01:09:19 -0500 (EST) From: andrewr To: Archie Cobbs Cc: Andrew McNaughton , freebsd-security@FreeBSD.ORG Subject: Re: disapointing security architecture In-Reply-To: <199903120515.VAA90743@bubba.whistle.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Here's an idea.. FreeBSD could pay for a 3rd party security audit > of a stock FreeBSD system. Peter Shipley did this for Whistle > and the InterJet (a "black box" approach). No problems were found > but it was good to know that :-) This is a joke, right? > > -Archie > > ___________________________________________________________________________ > Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 11 22:28:51 1999 Delivered-To: freebsd-security@freebsd.org Received: from apollo.backplane.com (apollo.backplane.com [209.157.86.2]) by hub.freebsd.org (Postfix) with ESMTP id D88161532E for ; Thu, 11 Mar 1999 22:28:49 -0800 (PST) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.9.3/8.9.1) id WAA73182; Thu, 11 Mar 1999 22:28:23 -0800 (PST) (envelope-from dillon) Date: Thu, 11 Mar 1999 22:28:23 -0800 (PST) From: Matthew Dillon Message-Id: <199903120628.WAA73182@apollo.backplane.com> To: andrewr Cc: Archie Cobbs , Andrew McNaughton , freebsd-security@FreeBSD.ORG Subject: Re: disapointing security architecture References: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org :> Here's an idea.. FreeBSD could pay for a 3rd party security audit :> of a stock FreeBSD system. Peter Shipley did this for Whistle :> and the InterJet (a "black box" approach). No problems were found :> but it was good to know that :-) : :This is a joke, right? : : :> :> -Archie :> :> ___________________________________________________________________________ :> Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com It would be hillarious if we could get a C2 certification for a base GENERIC system. -Matt Matthew Dillon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Mar 11 23:22:19 1999 Delivered-To: freebsd-security@freebsd.org Received: from drwho.xnet.com (drwho.xnet.com [205.243.140.183]) by hub.freebsd.org (Postfix) with ESMTP id 1542E14BF9 for ; Thu, 11 Mar 1999 23:22:16 -0800 (PST) (envelope-from drwho@drwho.xnet.com) Received: (from drwho@localhost) by drwho.xnet.com (8.9.2/8.9.2) id CAA03707 for freebsd-security@FreeBSD.ORG; Thu, 11 Mar 1999 02:18:46 -0600 (CST) (envelope-from drwho) Date: Thu, 11 Mar 1999 02:18:45 -0600 From: Michael Maxwell To: freebsd-security@FreeBSD.ORG Subject: Re: disapointing security architecture Message-ID: <19990311021845.A3686@drwho.xnet.com> Mail-Followup-To: freebsd-security@FreeBSD.ORG References: <72996.921137918@zippy.cdrom.com> <36E777B8.710EE63F@softweyr.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.3i In-Reply-To: <36E777B8.710EE63F@softweyr.com>; from Wes Peters on Thu, Mar 11, 1999 at 12:58:48AM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, Mar 11, 1999 at 12:58:48AM -0700, Wes Peters wrote: > This fool is just trolling for flames. Let's just ignore him. Or > filter him. ;^) WOuldn't have even gotten this far if people had done this in the first place. But... -- Michael Maxwell | http://www.xnet.com/~drwho/ "American Justice: oxymoron. William J. Clinton: moron." --M. Maxwell (1999) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 12 0:31:44 1999 Delivered-To: freebsd-security@freebsd.org Received: from t15.tempest.sk (t15.tempest.sk [195.28.96.15]) by hub.freebsd.org (Postfix) with ESMTP id CE9E615266 for ; Fri, 12 Mar 1999 00:31:26 -0800 (PST) (envelope-from ludo_koren@tempest.sk) Received: (from koren@localhost) by t15.tempest.sk (8.9.2/8.9.2) id JAA10111; Fri, 12 Mar 1999 09:30:33 +0100 (CET) Date: Fri, 12 Mar 1999 09:30:33 +0100 (CET) Message-Id: <199903120830.JAA10111@t15.tempest.sk> From: Ludo Koren To: andrewr@slack.net Cc: freebsd-security@FreeBSD.ORG In-reply-to: (message from andrewr on Thu, 11 Mar 1999 12:17:03 -0500 (EST)) Subject: Re: disapointing security architecture Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org count me in. ludo To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 12 3:44:26 1999 Delivered-To: freebsd-security@freebsd.org Received: from ns1.sminter.com.ar (ns1.sminter.com.ar [200.10.100.10]) by hub.freebsd.org (Postfix) with ESMTP id 7A61414BD3 for ; Fri, 12 Mar 1999 03:44:23 -0800 (PST) (envelope-from fpscha@ns1.sminter.com.ar) Received: (from fpscha@localhost) by ns1.sminter.com.ar (8.8.5/8.8.4) id IAA21079; Fri, 12 Mar 1999 08:44:00 -0300 (GMT) From: Fernando Schapachnik Message-Id: <199903121144.IAA21079@ns1.sminter.com.ar> Subject: Re: disapointing security architecture In-Reply-To: from andrewr at "Mar 11, 99 12:17:03 pm" To: andrewr@slack.net (andrewr) Date: Fri, 12 Mar 1999 08:44:00 -0300 (GMT) Cc: freebsd-security@FreeBSD.ORG, jbowie@slack.net X-Mailer: ELM [version 2.4ME+ PL40 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org En un mensaje anterior, andrewr escribió: > you can get things started. I, unfortunately, failed on getting the > mailing list up due to lack of resources at the time. [...] I can host the mailing list if there's interest. Regards! Fernando P. Schapachnik Administracion de la red VIA Net Works Argentina SA To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 12 4:46:35 1999 Delivered-To: freebsd-security@freebsd.org Received: from ns1.sminter.com.ar (ns1.sminter.com.ar [200.10.100.10]) by hub.freebsd.org (Postfix) with ESMTP id C947315240 for ; Fri, 12 Mar 1999 04:46:31 -0800 (PST) (envelope-from fpscha@ns1.sminter.com.ar) Received: (from fpscha@localhost) by ns1.sminter.com.ar (8.8.5/8.8.4) id JAA22979 for freebsd-security@freebsd.org; Fri, 12 Mar 1999 09:46:46 -0300 (GMT) From: Fernando Schapachnik Message-Id: <199903121246.JAA22979@ns1.sminter.com.ar> Subject: WinVirus scannig on a FreeBSD FW To: freebsd-security@freebsd.org Date: Fri, 12 Mar 1999 09:46:46 -0300 (GMT) X-Mailer: ELM [version 2.4ME+ PL40 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello: I'd like to set up a firewall in which I can scan for PC viruses. Does anybody know if there's such a tool for FreeBSD? TIA! Fernando P. Schapachnik Administracion de la red VIA Net Works Argentina SA To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 12 5: 3:37 1999 Delivered-To: freebsd-security@freebsd.org Received: from shibumi.feralmonkey.org (shibumi.feralmonkey.org [203.41.114.182]) by hub.freebsd.org (Postfix) with ESMTP id D1751152DA for ; Fri, 12 Mar 1999 05:03:34 -0800 (PST) (envelope-from nick@FERALMONKEY.ORG) Received: from shibumi (shibumi [203.41.114.182]) by shibumi.feralmonkey.org (Postfix) with ESMTP id 3FB557A3C; Sat, 13 Mar 1999 00:04:55 +1100 (EST) Date: Sat, 13 Mar 1999 00:04:54 +1100 (EST) From: To: Fernando Schapachnik Cc: freebsd-security@freebsd.org Subject: Re: WinVirus scannig on a FreeBSD FW In-Reply-To: <199903121246.JAA22979@ns1.sminter.com.ar> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 12 Mar 1999, Fernando Schapachnik wrote: > Hello: > I'd like to set up a firewall in which I can scan for PC viruses. > Does anybody know if there's such a tool for FreeBSD? You need to clarify what you said somewhat. Firstly, do you intend to do local scanning of viruses on the firewall? Do you intend to scan viruses as they pass through the firewall? I suspect it's the latter. There are some commercial products available that act as mail proxies which enforce "content security" as mail passes through. If you want information on that kind of thing email me off-list. Only downside is it runs on NT. :\ I'm unaware of any products which perform virus-scanning of data as it passes through the firewall (on FreeBSD). I think there is one for Solaris and NT (Interscan VirusWall). > > TIA! > > > Fernando P. Schapachnik > Administracion de la red > VIA Net Works Argentina SA > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > Nick -- "We all agree that your theory is crazy, but is it crazy enough?" - Niels Bohr (1885 - 1962) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 12 5: 7:21 1999 Delivered-To: freebsd-security@freebsd.org Received: from ns1.sminter.com.ar (ns1.sminter.com.ar [200.10.100.10]) by hub.freebsd.org (Postfix) with ESMTP id 6B11D15315 for ; Fri, 12 Mar 1999 05:07:13 -0800 (PST) (envelope-from fpscha@ns1.sminter.com.ar) Received: (from fpscha@localhost) by ns1.sminter.com.ar (8.8.5/8.8.4) id KAA06003; Fri, 12 Mar 1999 10:07:21 -0300 (GMT) From: Fernando Schapachnik Message-Id: <199903121307.KAA06003@ns1.sminter.com.ar> Subject: Re: WinVirus scannig on a FreeBSD FW In-Reply-To: from "nick@FERALMONKEY.ORG" at "Mar 13, 99 00:04:54 am" To: nick@FERALMONKEY.ORG Date: Fri, 12 Mar 1999 10:07:20 -0300 (GMT) Cc: freebsd-security@freebsd.org X-Mailer: ELM [version 2.4ME+ PL40 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org En un mensaje anterior, nick@FERALMONKEY.ORG escribió: > On Fri, 12 Mar 1999, Fernando Schapachnik wrote: > > > Hello: > > I'd like to set up a firewall in which I can scan for PC viruses. > > Does anybody know if there's such a tool for FreeBSD? > > You need to clarify what you said somewhat. Firstly, do you intend to do > local scanning of viruses on the firewall? Do you intend to scan viruses > as they pass through the firewall? I suspect it's the latter. Right. > > There are some commercial products available that act as mail proxies > which enforce "content security" as mail passes through. If you want > information on that kind of thing email me off-list. Only downside is it > runs on NT. :\ My main concern are http and ftp downloads. Besides, saying "it runs on NT" is a contradiction in terms :) Thanks anyway. Fernando P. Schapachnik Administracion de la red VIA Net Works Argentina SA To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 12 5:51:51 1999 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (FLEDGE.RES.CMU.EDU [128.2.93.229]) by hub.freebsd.org (Postfix) with ESMTP id 14C0F14BD3 for ; Fri, 12 Mar 1999 05:51:48 -0800 (PST) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.8.8/8.8.8) with SMTP id IAA10448; Fri, 12 Mar 1999 08:51:06 -0500 (EST) (envelope-from robert@cyrus.watson.org) Date: Fri, 12 Mar 1999 08:51:05 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: Matthew Dillon Cc: andrewr , Archie Cobbs , Andrew McNaughton , freebsd-security@FreeBSD.ORG Subject: Re: disapointing security architecture In-Reply-To: <199903120628.WAA73182@apollo.backplane.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 11 Mar 1999, Matthew Dillon wrote: > It would be hillarious if we could get a C2 certification for a base > GENERIC system. I think that would be great also, although possibly not GENERIC :-). POSIX.1e was intended to match the requirements of the various colored books. Once we have Auditing and ACLs, I suspect we are getting fairly close to C2-capable. I've never actually read those specs though--anyone know if they are still available, and if so have an ISBN? If not, I can go dig up a reference librarian and have them find it for me, but Amazon is usually easiest :-). C2 certification is presumably also an expensive process; if someone wants to find a sponsor, we could almost certainly achieve C2 compliance with a little restriction of the base system and appropriate POSIX.1e options. Having a nice big "C2-Compliant!" stamp on the 4.0 CD would blow the competition out of the water (so to speak) and certainly be excellent PR. Robert N Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: 03 01 DD 8E 15 67 48 73 25 6D 10 FC EC 68 C1 1C Carnegie Mellon University http://www.cmu.edu/ TIS Labs at Network Associates, Inc. http://www.tis.com/ Safeport Network Services http://www.safeport.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 12 6: 9:56 1999 Delivered-To: freebsd-security@freebsd.org Received: from exchange.sds.no (exchange.sds.no [139.105.2.11]) by hub.freebsd.org (Postfix) with ESMTP id 3E9E6152AC for ; Fri, 12 Mar 1999 06:09:44 -0800 (PST) (envelope-from Espen.Torseth@sds.no) Received: by exchange.sds.no with Internet Mail Service (5.5.2232.9) id ; Fri, 12 Mar 1999 15:09:23 +0100 Message-ID: <5C6B5666DB52D211BAA50000F6B9956A6401@nt1gj.da.posten.no> From: Espen Torseth To: 'Robert Watson' , Matthew Dillon Cc: andrewr , Archie Cobbs , Andrew McNaughton , freebsd-security@FreeBSD.ORG Subject: RE: disapointing security architecture Date: Fri, 12 Mar 1999 15:09:36 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2232.9) Content-Type: text/plain Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org The Rainbow-series is availble from: http://www.radium.ncsc.mil/tpep/ The TCSEC is now beeing replaced by CC (Common Criteria). And certification is a costly process... :-( Espen Torseth espen.torseth@sds.no > -----Original Message----- > From: Robert Watson [SMTP:robert@cyrus.watson.org] > Sent: 12. mars 1999 14:51 > To: Matthew Dillon > Cc: andrewr; Archie Cobbs; Andrew McNaughton; > freebsd-security@FreeBSD.ORG > Subject: Re: disapointing security architecture > > On Thu, 11 Mar 1999, Matthew Dillon wrote: > > > It would be hillarious if we could get a C2 certification for a base > > GENERIC system. > > I think that would be great also, although possibly not GENERIC :-). > POSIX.1e was intended to match the requirements of the various colored > books. Once we have Auditing and ACLs, I suspect we are getting fairly > close to C2-capable. I've never actually read those specs though--anyone > know if they are still available, and if so have an ISBN? If not, I can > go dig up a reference librarian and have them find it for me, but Amazon > is usually easiest :-). > > C2 certification is presumably also an expensive process; if someone wants > to find a sponsor, we could almost certainly achieve C2 compliance with a > little restriction of the base system and appropriate POSIX.1e options. > Having a nice big "C2-Compliant!" stamp on the 4.0 CD would blow the > competition out of the water (so to speak) and certainly be excellent PR. > > Robert N Watson > > robert@fledge.watson.org http://www.watson.org/~robert/ > PGP key fingerprint: 03 01 DD 8E 15 67 48 73 25 6D 10 FC EC 68 C1 1C > > Carnegie Mellon University http://www.cmu.edu/ > TIS Labs at Network Associates, Inc. http://www.tis.com/ > Safeport Network Services http://www.safeport.com/ > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 12 6:44:58 1999 Delivered-To: freebsd-security@freebsd.org Received: from obie.softweyr.com (unknown [204.68.178.33]) by hub.freebsd.org (Postfix) with ESMTP id C80C414E6F for ; Fri, 12 Mar 1999 06:44:05 -0800 (PST) (envelope-from wes@softweyr.com) Received: from softweyr.com (wes@zaphod.softweyr.com [204.68.178.35]) by obie.softweyr.com (8.8.8/8.8.8) with ESMTP id HAA03334; Fri, 12 Mar 1999 07:43:08 -0700 (MST) (envelope-from wes@softweyr.com) Message-ID: <36E927FC.ACDEEEC3@softweyr.com> Date: Fri, 12 Mar 1999 07:43:08 -0700 From: Wes Peters Organization: Softweyr llc X-Mailer: Mozilla 4.5 [en] (X11; U; FreeBSD 3.1-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: Robert Watson Cc: Matthew Dillon , andrewr , Archie Cobbs , Andrew McNaughton , freebsd-security@FreeBSD.ORG Subject: Re: disapointing security architecture References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Robert Watson wrote: > > C2 certification is presumably also an expensive process; if someone wants > to find a sponsor, we could almost certainly achieve C2 compliance with a > little restriction of the base system and appropriate POSIX.1e options. > Having a nice big "C2-Compliant!" stamp on the 4.0 CD would blow the > competition out of the water (so to speak) and certainly be excellent PR. You cannot certify a piece of software, only a computing system. What would be certified is a particular configuration of FreeBSD X.Y, configured precisely so, on exactly THIS hardware. ANY deviation from the specified hardware, even more or less RAM, invalidates the certfication (unless various RAM configurations are part of the certified system, of course). Your best bet for a sponsor may be a computer vendor. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC http://www.softweyr.com/~softweyr wes@softweyr.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 12 7: 1:11 1999 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (FLEDGE.RES.CMU.EDU [128.2.93.229]) by hub.freebsd.org (Postfix) with ESMTP id 4922C14C2D for ; Fri, 12 Mar 1999 07:01:09 -0800 (PST) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.8.8/8.8.8) with SMTP id JAA10732; Fri, 12 Mar 1999 09:56:24 -0500 (EST) (envelope-from robert@cyrus.watson.org) Date: Fri, 12 Mar 1999 09:56:24 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: Wes Peters Cc: Matthew Dillon , andrewr , Archie Cobbs , Andrew McNaughton , freebsd-security@FreeBSD.ORG Subject: Re: disapointing security architecture In-Reply-To: <36E927FC.ACDEEEC3@softweyr.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 12 Mar 1999, Wes Peters wrote: > Robert Watson wrote: > > > > C2 certification is presumably also an expensive process; if someone wants > > to find a sponsor, we could almost certainly achieve C2 compliance with a > > little restriction of the base system and appropriate POSIX.1e options. > > Having a nice big "C2-Compliant!" stamp on the 4.0 CD would blow the > > competition out of the water (so to speak) and certainly be excellent PR. > > You cannot certify a piece of software, only a computing system. What > would be certified is a particular configuration of FreeBSD X.Y, > configured precisely so, on exactly THIS hardware. ANY deviation from > the specified hardware, even more or less RAM, invalidates the > certfication (unless various RAM configurations are part of the > certified system, of course). Your best bet for a sponsor may be a > computer vendor. True; on ther other hand, it would be *quite* worthy of a big press release. :-) Maybe Whistle wants their InterJet to have a C2 certification? :-) Leaving aside the issue of certification, however, having the features required for certification is certainly a good idea. Recently I've been thinking about how to implement Capabilities and ACLs, now that Auditing is essentially complete. I dug up a masters thesis from somewhere describing implementing ACLfs using file system layers. My thought was instead to implement it using multiple forks of a file in a single file system, as the layering structure is fairly toasted, and I'd rather not deal with it. The ACLs themselves aren't that complex, as they are really just a superset of the UNIX permissions in POSIX.1e. However, adding support to the FS seems more challenging and I'd welcome thoughts on the best way to do it. The Solaris folk now appear to have ACL support in the base OS install + FS. Where did they find the space to store the ACLs? Adding any more serious data to the inode results in reduced performance as you chew through direct block pointers. Adding a new block that stores just ACL data sounds feasible, but removes the simplicity of the whole thing and would require rewriting bunches of stuff (fsck, etc). Adding file system forks (file:data, file:acl, NT-style) sounds interesting, but again is a fairly large amount of work. I suppose one could use layering to do this--reserve the : character (or something else) and have a file system layer merge the various components stored in seperate files into a single uber-file with various forks accessible via the name space, each with their own permissions and ownership. I.e., only the kernel could modify ACLs via the ACL API. Capabilities are essentially a set of flags in POSIX.1e so presumably a reserved int32 or int64 exists in there somewhere. Discussion of the flags is probably best handled on the posix1e mailing list as that's a portability issue. Robert N Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: 03 01 DD 8E 15 67 48 73 25 6D 10 FC EC 68 C1 1C Carnegie Mellon University http://www.cmu.edu/ TIS Labs at Network Associates, Inc. http://www.tis.com/ Safeport Network Services http://www.safeport.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 12 7:12:33 1999 Delivered-To: freebsd-security@freebsd.org Received: from ns1.sminter.com.ar (ns1.sminter.com.ar [200.10.100.10]) by hub.freebsd.org (Postfix) with ESMTP id AA09514D1B for ; Fri, 12 Mar 1999 07:12:27 -0800 (PST) (envelope-from fpscha@ns1.sminter.com.ar) Received: (from fpscha@localhost) by ns1.sminter.com.ar (8.8.5/8.8.4) id MAA19155; Fri, 12 Mar 1999 12:09:34 -0300 (GMT) From: Fernando Schapachnik Message-Id: <199903121509.MAA19155@ns1.sminter.com.ar> Subject: Re: disapointing security architecture In-Reply-To: from Robert Watson at "Mar 12, 99 09:56:24 am" To: robert+freebsd@cyrus.watson.org Date: Fri, 12 Mar 1999 12:09:34 -0300 (GMT) Cc: wes@softweyr.com, dillon@apollo.backplane.com, andrewr@slack.net, archie@whistle.com, andrew@squiz.co.nz, freebsd-security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL40 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org En un mensaje anterior, Robert Watson escribió: [...] > The Solaris folk now appear to have ACL support in the base OS install + > FS. Where did they find the space to store the ACLs? Adding any more I think they store it sacrificing 3rd. level indirection, but I'm not sure. Fernando P. Schapachnik Administracion de la red VIA Net Works Argentina SA To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 12 7:20: 8 1999 Delivered-To: freebsd-security@freebsd.org Received: from unicorn.blackhats.org (unicorn.blackhats.org [194.109.83.155]) by hub.freebsd.org (Postfix) with ESMTP id 3376314E46 for ; Fri, 12 Mar 1999 07:20:02 -0800 (PST) (envelope-from unicorn@unicorn.blackhats.org) Received: (from unicorn@localhost) by unicorn.blackhats.org (8.8.8/8.8.8) id QAA23406; Fri, 12 Mar 1999 16:21:48 +0100 (CET) (envelope-from unicorn) Date: Fri, 12 Mar 1999 16:21:47 +0100 From: The Unicorn To: Robert Watson Cc: Matthew Dillon , andrewr , Archie Cobbs , Andrew McNaughton , freebsd-security@FreeBSD.ORG Subject: Re: disapointing security architecture Message-ID: <19990312162147.C22324@unicorn.quux.org> Mail-Followup-To: Robert Watson , Matthew Dillon , andrewr , Archie Cobbs , Andrew McNaughton , freebsd-security@FreeBSD.ORG References: <199903120628.WAA73182@apollo.backplane.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.1i In-Reply-To: ; from Robert Watson on Fri, Mar 12, 1999 at 08:51:05AM -0500 X-Files: The Truth Is Out There! Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, Mar 12, 1999 at 08:51:05AM -0500, Robert Watson wrote: > On Thu, 11 Mar 1999, Matthew Dillon wrote: > > > It would be hillarious if we could get a C2 certification for a base > > GENERIC system. > > I think that would be great also, although possibly not GENERIC :-). > POSIX.1e was intended to match the requirements of the various colored > books. Once we have Auditing and ACLs, I suspect we are getting fairly > close to C2-capable. I've never actually read those specs though--anyone > know if they are still available, and if so have an ISBN? If not, I can > go dig up a reference librarian and have them find it for me, but Amazon > is usually easiest :-). You are referring to the Orange Book, published by the U.S. Department of Defense. Also known as Trusted Computer Systems Evaluation Criteria (TCSEC), CSC-STD-001-S3, 1983. Part of the rainbow series. As far as I know these are still available online. Check out: http://www.ntshop.net/security/rainbow.htm I know, not a place you want to visit often, but last time I looked they had the complete series on-line, which is rather cute :-) > C2 certification is presumably also an expensive process; if someone wants > to find a sponsor, we could almost certainly achieve C2 compliance with a > little restriction of the base system and appropriate POSIX.1e options. > Having a nice big "C2-Compliant!" stamp on the 4.0 CD would blow the > competition out of the water (so to speak) and certainly be excellent PR. Absolutely, but beware... Things got rather nasty when M$ announced that NT was C2 compliant (but only when networking was disabled :-). If I remember correctly this kind of certification is not only dependend on system software, but also on the hardware used during the certification. Therefor C2 certification on PC hardware may not really be what we are looking for... Then again I could be remembering incorrectly. BTW. Iff the security audit of FreeBSD really takes place I would like to be a part of it. Hopefully I can make some time available to actually work on this as well :-) > Robert N Watson ---end quoted text--- Ciao, Unicorn. -- ======= _ __,;;;/ TimeWaster ================================================ ,;( )_, )~\| A Truly Wise Man Never Plays PGP: 64 07 5D 4C 3F 81 22 73 ;; // `--; Leapfrog With A Unicorn... 52 9D 87 08 51 AA 35 F0 ==='= ;\ = | ==== Youth is Not a Time in Life, It is a State of Mind! ======= To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 12 7:30:45 1999 Delivered-To: freebsd-security@freebsd.org Received: from ints.ru (ints.ru [194.67.173.1]) by hub.freebsd.org (Postfix) with ESMTP id 43DDD1537F for ; Fri, 12 Mar 1999 07:30:03 -0800 (PST) (envelope-from ilmar@ws-ilmar.ints.ru) Received: from ws-ilmar.ints.ru (ws-ilmar.ints.ru [194.67.173.16]) by ints.ru (8.9.2/8.9.2) with ESMTP id SAA22738; Fri, 12 Mar 1999 18:28:51 +0300 (MSK) Received: from localhost (localhost [127.0.0.1]) by ws-ilmar.ints.ru (8.9.2/8.9.1) with ESMTP id SAA38669; Fri, 12 Mar 1999 18:29:35 +0300 (MSK) Date: Fri, 12 Mar 1999 18:29:34 +0300 (MSK) From: "Ilmar S. Habibulin" To: Robert Watson Cc: freebsd-security@FreeBSD.ORG Subject: Re: disapointing security architecture In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 11 Mar 1999, Robert Watson wrote: > it. I may get a chance to look at it again more seriously in the near > future. It also raises the issue as to whether it wouldn't be better to > reengineer the setuid programs so they aren't setuid :-). You mean capabilities and ACLs? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 12 7:33:15 1999 Delivered-To: freebsd-security@freebsd.org Received: from mail.rapidsite.net (mail.rapidsite.net [207.158.192.62]) by hub.freebsd.org (Postfix) with SMTP id 280831544D for ; Fri, 12 Mar 1999 07:33:08 -0800 (PST) (envelope-from gryphon@intech.net) Received: from gw1.hway.net (207.158.192.37) by mail.rapidsite.net (RS ver 1.0.2) with SMTP id 3011; Fri, 12 Mar 1999 10:32:29 -0500 (EST) Message-ID: <36E93489.495C0BF@intech.net> Date: Fri, 12 Mar 1999 10:36:41 -0500 From: Coranth Gryphon Reply-To: gryphon@hway.net X-Mailer: Mozilla 4.08 [en] (WinNT; I) MIME-Version: 1.0 To: Robert Watson Cc: Wes Peters , Matthew Dillon , andrewr , Archie Cobbs , Andrew McNaughton , freebsd-security@FreeBSD.ORG Subject: Re: disapointing security architecture References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Loop-Detect: 1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > FS. Where did they find the space to store the ACLs? Adding any more > serious data to the inode results in reduced performance as you chew How much 'extra stuff' can we pack in before you hit that performance degradation? Also, can anything be removed as obsolete to make more room? Is there documentation (aside from existing code) on exactly what is in the inode block now? > forks (file:data, file:acl, NT-style) sounds interesting, but is a > fairly large amount of work. I suppose one could use layering to do > this--reserve the : character (or something else) and have a file Gets messy when dealing with shared file systems. > direct block pointers. Adding a new block that stores just ACL data > sounds feasible, but removes the simplicity of the whole thing This seems like the simplest approach, as most of the added work is at least straight forward and not technically tricky. My $.03 -coranth ---------------------------------------+---------------------------- Coranth Gryphon | Work Phone: 561-912-2497 Chief Architect, Hiway Technologies | #include ---------------------------------------+---------------------------- When all else fails, do the impossible. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 12 7:43:41 1999 Delivered-To: freebsd-security@freebsd.org Received: from trump.amber.org (trump.amber.org [209.31.146.82]) by hub.freebsd.org (Postfix) with ESMTP id B8F2615449 for ; Fri, 12 Mar 1999 07:43:39 -0800 (PST) (envelope-from petrilli@amber.org) Received: by trump.amber.org (Postfix, from userid 1000) id 2055D18603; Fri, 12 Mar 1999 10:43:38 -0500 (EST) Message-ID: <19990312104338.C2762@amber.org> Date: Fri, 12 Mar 1999 10:43:38 -0500 From: Christopher Petrilli To: freebsd-security@FreeBSD.ORG Subject: Re: disapointing security architecture References: <199903120628.WAA73182@apollo.backplane.com> <19990312162147.C22324@unicorn.quux.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.2i In-Reply-To: <19990312162147.C22324@unicorn.quux.org>; from The Unicorn on Fri, Mar 12, 1999 at 04:21:47PM +0100 X-Disclaimer: I hardly speak for myself, muchless anyone else. Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, Mar 12, 1999 at 04:21:47PM +0100, The Unicorn wrote: > > You are referring to the Orange Book, published by the U.S. Department > of Defense. Also known as Trusted Computer Systems Evaluation Criteria > (TCSEC), CSC-STD-001-S3, 1983. Part of the rainbow series. As far as I > know these are still available online. Check out: When I get home I'll post the information, but you can call the NSA and they will send you a set for free :-) I've got mine, don't you have yours? ;-) > Absolutely, but beware... Things got rather nasty when M$ announced that > NT was C2 compliant (but only when networking was disabled :-). If I > remember correctly this kind of certification is not only dependend on > system software, but also on the hardware used during the certification. > Therefor C2 certification on PC hardware may not really be what we are > looking for... Then again I could be remembering incorrectly. Acutally, there's some discussion in the gov't world about filing a lawsuit about misrepresentation oer this one... they continue to claim NT is "C2 certified" when in fact, it's not... and it's especially not with a floppy or a network card installed. It's pushed against the Orangle Book standards, not the Red Book (Network INterpretation). Honestly, however, it's important to understand that this is not where things are going. The Common Criteria are where things are going, and these look a lot like the UK-based ITSEC standards, in that they are more focused and allow different parts of the OS to meet different standards---mix and match as it were. The biggest problem with certification is that 1) it requires a HUGE HUGE HUGE amount of documentation, 2) it requires someone to "own" the product in ordetr to be responsible for problems, 3) it requires a good bit of money. Not that I think this is a bad idea, but this is probably something for FreeBSD4, no earlier definately... in fact, it could take 2 years to get everything certified, if you move quickly :-) Chris -- | Christopher Petrilli ``Television is bubble-gum for | petrilli@amber.org the mind.''-Frank Lloyd Wright To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 12 8: 2:33 1999 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (FLEDGE.RES.CMU.EDU [128.2.93.229]) by hub.freebsd.org (Postfix) with ESMTP id A91CB15582 for ; Fri, 12 Mar 1999 08:02:28 -0800 (PST) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.8.8/8.8.8) with SMTP id LAA11071; Fri, 12 Mar 1999 11:01:42 -0500 (EST) (envelope-from robert@cyrus.watson.org) Date: Fri, 12 Mar 1999 11:01:42 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: "Ilmar S. Habibulin" Cc: freebsd-security@FreeBSD.ORG Subject: Re: disapointing security architecture In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 12 Mar 1999, Ilmar S. Habibulin wrote: > On Thu, 11 Mar 1999, Robert Watson wrote: > > > it. I may get a chance to look at it again more seriously in the near > > future. It also raises the issue as to whether it wouldn't be better to > > reengineer the setuid programs so they aren't setuid :-). > You mean capabilities and ACLs? ACLs, but not capabilities. I'm not sure I like the idea of mixed privileges in a single process-there are too many ways that parent processes influence child processes, or can subvert their behavior by taking advantage of mixed priveleges. Reworking things to make use of ACLs seems reasonable; using servers that communicate via IPC seems reasonable, but somehow the mixed priveleges always screw everyone. :) LPC/RPC are subject to the normal set of buffer overflows, of course, but you don't get the weird stuff like signals getting sent to children process resulting in different behavior (ping). Perhaps this is more a problem with the process model and its quite-close-ties to the uid authorization model. I'll gladly implement Capabilities, but I'll not necessarily commit to their actually being useful :-). Robert N Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: 03 01 DD 8E 15 67 48 73 25 6D 10 FC EC 68 C1 1C Carnegie Mellon University http://www.cmu.edu/ TIS Labs at Network Associates, Inc. http://www.tis.com/ Safeport Network Services http://www.safeport.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 12 8:53:21 1999 Delivered-To: freebsd-security@freebsd.org Received: from lariat.lariat.org (lariat.lariat.org [206.100.185.2]) by hub.freebsd.org (Postfix) with ESMTP id E1CF81533A for ; Fri, 12 Mar 1999 08:53:15 -0800 (PST) (envelope-from brett@lariat.org) Received: (from brett@localhost) by lariat.lariat.org (8.8.8/8.8.6) id JAA15819; Fri, 12 Mar 1999 09:52:51 -0700 (MST) Message-Id: <4.1.19990312095124.0400ac20@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Fri, 12 Mar 1999 09:52:46 -0700 To: Fernando Schapachnik , freebsd-security@FreeBSD.ORG From: Brett Glass Subject: Re: WinVirus scannig on a FreeBSD FW In-Reply-To: <199903121246.JAA22979@ns1.sminter.com.ar> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Sure: Try John Hardin's procmail kits. They scan for all sorts of MIME attachments and other attempted exploits. They don't guard against a user downloading them via FTP, but this is much less likely. --Brett Glass At 09:46 AM 3/12/99 -0300, Fernando Schapachnik wrote: >Hello: > I'd like to set up a firewall in which I can scan for PC viruses. >Does anybody know if there's such a tool for FreeBSD? > > TIA! > > >Fernando P. Schapachnik >Administracion de la red >VIA Net Works Argentina SA > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 12 9: 6:34 1999 Delivered-To: freebsd-security@freebsd.org Received: from obie.softweyr.com (unknown [204.68.178.33]) by hub.freebsd.org (Postfix) with ESMTP id 000F814CE4 for ; Fri, 12 Mar 1999 09:06:29 -0800 (PST) (envelope-from wes@softweyr.com) Received: from softweyr.com (wes@zaphod.softweyr.com [204.68.178.35]) by obie.softweyr.com (8.8.8/8.8.8) with ESMTP id KAA03602; Fri, 12 Mar 1999 10:05:11 -0700 (MST) (envelope-from wes@softweyr.com) Message-ID: <36E94946.5DFC60DF@softweyr.com> Date: Fri, 12 Mar 1999 10:05:10 -0700 From: Wes Peters Organization: Softweyr llc X-Mailer: Mozilla 4.5 [en] (X11; U; FreeBSD 3.1-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: Fernando Schapachnik Cc: robert+freebsd@cyrus.watson.org, dillon@apollo.backplane.com, andrewr@slack.net, archie@whistle.com, andrew@squiz.co.nz, freebsd-security@FreeBSD.ORG Subject: Re: disapointing security architecture References: <199903121509.MAA19155@ns1.sminter.com.ar> Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Fernando Schapachnik wrote: > > En un mensaje anterior, Robert Watson escribió: > [...] > > The Solaris folk now appear to have ACL support in the base OS install + > > FS. Where did they find the space to store the ACLs? Adding any more > > I think they store it sacrificing 3rd. level indirection, but I'm not sure. I'd guess the direct blocks instead, because they won't have (much) affect on the file size. Lemme look... Nope, it doesn't look like the ACL information is referenced in the disk inode. They must store it somewhere else on the volume. Weird. My suggestion for FreeBSD would be to steal half of the disk direct blocks in the disk inode for ACL information. Each acl needs to have a uid_t (potentially a gid_t), a user/group type bit, and 3 bits of permissions. The way you apply rules is first, any ACL with an exact match for UID is highest priority. Second, any ACL with an exact match for GID. Last, apply the standard UNIX permission rules. You'll need a unique pattern of file type bits that signifies this is an ordinary file with an ACL. I haven't considered interactions between this and NFS, because you'll never use NFS in a C2 environment. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC http://www.softweyr.com/~softweyr wes@softweyr.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 12 9:18:36 1999 Delivered-To: freebsd-security@freebsd.org Received: from ints.ru (ints.ru [194.67.173.1]) by hub.freebsd.org (Postfix) with ESMTP id EB6CA153D4 for ; Fri, 12 Mar 1999 09:18:15 -0800 (PST) (envelope-from ilmar@ws-ilmar.ints.ru) Received: from ws-ilmar.ints.ru (ws-ilmar.ints.ru [194.67.173.16]) by ints.ru (8.9.2/8.9.2) with ESMTP id UAA23371; Fri, 12 Mar 1999 20:17:02 +0300 (MSK) Received: from localhost (localhost [127.0.0.1]) by ws-ilmar.ints.ru (8.9.2/8.9.1) with ESMTP id UAA91673; Fri, 12 Mar 1999 20:17:50 +0300 (MSK) Date: Fri, 12 Mar 1999 20:17:50 +0300 (MSK) From: "Ilmar S. Habibulin" To: Matthew Dillon Cc: freebsd-security@FreeBSD.ORG Subject: Re: disapointing security architecture In-Reply-To: <199903120628.WAA73182@apollo.backplane.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 11 Mar 1999, Matthew Dillon wrote: > :> Here's an idea.. FreeBSD could pay for a 3rd party security audit > :> of a stock FreeBSD system. Peter Shipley did this for Whistle > :> and the InterJet (a "black box" approach). No problems were found > :> but it was good to know that :-) > :This is a joke, right? > It would be hillarious if we could get a C2 certification for a base > GENERIC system. With posix.1e fully implemented it should get B2 ;-) but who will pay for sertification??? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 12 10:19:28 1999 Delivered-To: freebsd-security@freebsd.org Received: from elixir.e.kth.se (elixir.e.kth.se [130.237.48.5]) by hub.freebsd.org (Postfix) with ESMTP id 26CBF154B0 for ; Fri, 12 Mar 1999 10:19:18 -0800 (PST) (envelope-from lha@e.kth.se) Received: from hummel.e.kth.se (hummel.e.kth.se [130.237.43.135]) by elixir.e.kth.se (8.9.2/8.9.2) with ESMTP id TAA05434; Fri, 12 Mar 1999 19:18:19 +0100 (MET) Received: (from lha@localhost) by hummel.e.kth.se (8.9.2/8.9.2) id TAA20641; Fri, 12 Mar 1999 19:18:15 +0100 (MET) From: Love To: Wes Peters Cc: Fernando Schapachnik , robert+freebsd@cyrus.watson.org, dillon@apollo.backplane.com, andrewr@slack.net, archie@whistle.com, andrew@squiz.co.nz, freebsd-security@FreeBSD.ORG Subject: Re: disapointing security architecture References: <199903121509.MAA19155@ns1.sminter.com.ar> <36E94946.5DFC60DF@softweyr.com> Mime-Version: 1.0 (generated by tm-edit 7.106) Content-Type: text/plain; charset=US-ASCII Date: 12 Mar 1999 19:18:13 +0100 In-Reply-To: Wes Peters's message of Fri, 12 Mar 1999 10:05:10 -0700 Message-ID: Lines: 16 X-Mailer: Gnus v5.5/Emacs 20.2 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Wes Peters writes: > Fernando Schapachnik wrote: > > > > > The Solaris folk now appear to have ACL support in the base OS install + > > > FS. Where did they find the space to store the ACLs? Adding any more > > > > I think they store it sacrificing 3rd. level indirection, but I'm not sure. > [...] > Nope, it doesn't look like the ACL information is referenced in the > disk inode. They must store it somewhere else on the volume. Weird. They store it in the shadow inode. Love To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 12 10:19:37 1999 Delivered-To: freebsd-security@freebsd.org Received: from apollo.backplane.com (apollo.backplane.com [209.157.86.2]) by hub.freebsd.org (Postfix) with ESMTP id 017A6153B5 for ; Fri, 12 Mar 1999 10:19:35 -0800 (PST) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.9.3/8.9.1) id KAA78126; Fri, 12 Mar 1999 10:18:37 -0800 (PST) (envelope-from dillon) Date: Fri, 12 Mar 1999 10:18:37 -0800 (PST) From: Matthew Dillon Message-Id: <199903121818.KAA78126@apollo.backplane.com> To: "Ilmar S. Habibulin" Cc: freebsd-security@FreeBSD.ORG Subject: Re: disapointing security architecture References: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org :On Thu, 11 Mar 1999, Matthew Dillon wrote: : :> :> Here's an idea.. FreeBSD could pay for a 3rd party security audit :> :> of a stock FreeBSD system. Peter Shipley did this for Whistle :> :> and the InterJet (a "black box" approach). No problems were found :> :> but it was good to know that :-) :> :This is a joke, right? :> It would be hillarious if we could get a C2 certification for a base :> GENERIC system. :With posix.1e fully implemented it should get B2 ;-) but who will pay for :sertification??? How much does certification cost? -Matt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 12 10:33: 0 1999 Delivered-To: freebsd-security@freebsd.org Received: from ns1.seidata.com (ns1.seidata.com [208.10.211.2]) by hub.freebsd.org (Postfix) with ESMTP id 5441C14D91 for ; Fri, 12 Mar 1999 10:32:50 -0800 (PST) (envelope-from mike@seidata.com) Received: from localhost (mike@localhost) by ns1.seidata.com (8.8.8/8.8.5) with ESMTP id NAA19928; Fri, 12 Mar 1999 13:32:28 -0500 (EST) Date: Fri, 12 Mar 1999 13:32:28 -0500 (EST) From: To: Archie Cobbs Cc: Andrew McNaughton , freebsd-security@FreeBSD.ORG Subject: Re: disapointing security architecture In-Reply-To: <199903120515.VAA90743@bubba.whistle.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 11 Mar 1999, Archie Cobbs wrote: > Here's an idea.. FreeBSD could pay for a 3rd party security audit > of a stock FreeBSD system. Peter Shipley did this for Whistle > and the InterJet (a "black box" approach). No problems were found > but it was good to know that :-) I'd like to see continued devloper/user involvements (as I know I will), but something like this would also be desireable... where do I send my donation? :) Later, -Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 12 10:37: 4 1999 Delivered-To: freebsd-security@freebsd.org Received: from bubba.whistle.com (s205m7.whistle.com [207.76.205.7]) by hub.freebsd.org (Postfix) with ESMTP id 0345A15585 for ; Fri, 12 Mar 1999 10:37:00 -0800 (PST) (envelope-from archie@whistle.com) Received: (from archie@localhost) by bubba.whistle.com (8.9.2/8.9.2) id KAA30503; Fri, 12 Mar 1999 10:36:10 -0800 (PST) From: Archie Cobbs Message-Id: <199903121836.KAA30503@bubba.whistle.com> Subject: Re: disapointing security architecture In-Reply-To: <199903120628.WAA73182@apollo.backplane.com> from Matthew Dillon at "Mar 11, 99 10:28:23 pm" To: dillon@apollo.backplane.com (Matthew Dillon) Date: Fri, 12 Mar 1999 10:36:10 -0800 (PST) Cc: freebsd-security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL38 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Matthew Dillon writes: > :> Here's an idea.. FreeBSD could pay for a 3rd party security audit > :> of a stock FreeBSD system. Peter Shipley did this for Whistle > :> and the InterJet (a "black box" approach). No problems were found > :> but it was good to know that :-) > : > :This is a joke, right? No.. > It would be hillarious if we could get a C2 certification for a base > GENERIC system. I'm not talking about certification, just hiring somebody to blast a box with garbage packets, run SATAN, etc. and report what they find. -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 12 10:58: 1 1999 Delivered-To: freebsd-security@freebsd.org Received: from ns1.seidata.com (ns1.seidata.com [208.10.211.2]) by hub.freebsd.org (Postfix) with ESMTP id 5D385152DC for ; Fri, 12 Mar 1999 10:57:53 -0800 (PST) (envelope-from mike@seidata.com) Received: from localhost (mike@localhost) by ns1.seidata.com (8.8.8/8.8.5) with ESMTP id NAA26479; Fri, 12 Mar 1999 13:57:11 -0500 (EST) Date: Fri, 12 Mar 1999 13:57:11 -0500 (EST) From: To: Robert Watson Cc: Matthew Dillon , andrewr , Archie Cobbs , Andrew McNaughton , freebsd-security@FreeBSD.ORG Subject: Re: disapointing security architecture In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 12 Mar 1999, Robert Watson wrote: > close to C2-capable. I've never actually read those specs though--anyone > know if they are still available, and if so have an ISBN? If not, I can The rainbow books? They're at home on a shelf... as I recall, the Red book was a pretty laughable mess of beuracracy (go figure). I'll try to get you some contact information for them... As I recall, I got them for free over the web (DoD). > C2 certification is presumably also an expensive process; if someone wants > to find a sponsor, we could almost certainly achieve C2 compliance with a I, for one, am willing to make donations to such an effort. Later, -Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 12 11:50:54 1999 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 4F7F5153B5 for ; Fri, 12 Mar 1999 11:50:38 -0800 (PST) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony [10.0.0.6]) by rover.village.org (8.9.3/8.6.6) with ESMTP id TAA65670; Fri, 12 Mar 1999 19:50:17 GMT Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id MAA21485; Fri, 12 Mar 1999 12:50:31 -0700 (MST) Message-Id: <199903121950.MAA21485@harmony.village.org> To: Matthew Dillon Subject: Re: disapointing security architecture Cc: "Ilmar S. Habibulin" , freebsd-security@FreeBSD.ORG In-reply-to: Your message of "Fri, 12 Mar 1999 10:18:37 PST." <199903121818.KAA78126@apollo.backplane.com> References: <199903121818.KAA78126@apollo.backplane.com> Date: Fri, 12 Mar 1999 12:50:31 -0700 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <199903121818.KAA78126@apollo.backplane.com> Matthew Dillon writes: : How much does certification cost? I've heard figures of approx US$1M in the past for C2 and US$5M for B[123] ratings. I don't know how true these numbers are, but they are within an order of magnitude of being right. With even $100k, we could do so many better things for FreeBSD than to go through this process. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 12 11:56:33 1999 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (FLEDGE.RES.CMU.EDU [128.2.93.229]) by hub.freebsd.org (Postfix) with ESMTP id EBA6114BE6 for ; Fri, 12 Mar 1999 11:56:03 -0800 (PST) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.8.8/8.8.8) with SMTP id OAA12233; Fri, 12 Mar 1999 14:54:43 -0500 (EST) (envelope-from robert@cyrus.watson.org) Date: Fri, 12 Mar 1999 14:54:43 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: "Ilmar S. Habibulin" Cc: Matthew Dillon , freebsd-security@FreeBSD.ORG Subject: Re: disapointing security architecture In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 12 Mar 1999, Ilmar S. Habibulin wrote: > On Thu, 11 Mar 1999, Matthew Dillon wrote: > > > :> Here's an idea.. FreeBSD could pay for a 3rd party security audit > > :> of a stock FreeBSD system. Peter Shipley did this for Whistle > > :> and the InterJet (a "black box" approach). No problems were found > > :> but it was good to know that :-) > > :This is a joke, right? > > It would be hillarious if we could get a C2 certification for a base > > GENERIC system. > With posix.1e fully implemented it should get B2 ;-) but who will pay for > sertification??? Well, although someone is implementing MACs, I don't plan to get to that for a while. And the technical editor of posix1e (see posix1e mailing list archive) has indicated he thinks the information label stuff should just be ignored. C2 would be easy, assuming the time and budget for the certification process; a B rating with MACs shouldn't be hard, again the same certification process withstanding. Robert N Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: 03 01 DD 8E 15 67 48 73 25 6D 10 FC EC 68 C1 1C Carnegie Mellon University http://www.cmu.edu/ TIS Labs at Network Associates, Inc. http://www.tis.com/ Safeport Network Services http://www.safeport.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 12 16:57:49 1999 Delivered-To: freebsd-security@freebsd.org Received: from apollo.backplane.com (apollo.backplane.com [209.157.86.2]) by hub.freebsd.org (Postfix) with ESMTP id C7E9D14C82 for ; Fri, 12 Mar 1999 16:57:47 -0800 (PST) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.9.3/8.9.1) id QAA81482; Fri, 12 Mar 1999 16:57:29 -0800 (PST) (envelope-from dillon) Date: Fri, 12 Mar 1999 16:57:29 -0800 (PST) From: Matthew Dillon Message-Id: <199903130057.QAA81482@apollo.backplane.com> To: Archie Cobbs Cc: freebsd-security@FreeBSD.ORG Subject: Re: disapointing security architecture References: <199903121836.KAA30503@bubba.whistle.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org : :I'm not talking about certification, just hiring somebody to blast :a box with garbage packets, run SATAN, etc. and report what they find. : :-Archie :___________________________________________________________________________ :Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com I don't see it as being worth it. It could be tens of thousands of dollars with nothing to show for it at the end. If we do any sort of official security audit, it must work towards something tangible that we can use as a marketing tool. -Matt Matthew Dillon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 12 17:49:24 1999 Delivered-To: freebsd-security@freebsd.org Received: from shibumi.feralmonkey.org (shibumi.feralmonkey.org [203.41.114.182]) by hub.freebsd.org (Postfix) with ESMTP id 4D81314C4E for ; Fri, 12 Mar 1999 17:49:20 -0800 (PST) (envelope-from nick@FERALMONKEY.ORG) Received: from shibumi (shibumi [203.41.114.182]) by shibumi.feralmonkey.org (Postfix) with ESMTP id C844A7A3C; Sat, 13 Mar 1999 12:50:48 +1100 (EST) Date: Sat, 13 Mar 1999 12:50:47 +1100 (EST) From: To: Matthew Dillon Cc: "Ilmar S. Habibulin" , freebsd-security@FreeBSD.ORG Subject: Re: disapointing security architecture In-Reply-To: <199903121818.KAA78126@apollo.backplane.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 12 Mar 1999, Matthew Dillon wrote: > How much does certification cost? > > -Matt Too much. If people are still considering "trusted" certification, they may want to review the ITSEC ratings. They are a bit more realistic than the original TCSEC. Nick -- "We all agree that your theory is crazy, but is it crazy enough?" - Niels Bohr (1885 - 1962) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 12 18:32:57 1999 Delivered-To: freebsd-security@freebsd.org Received: from smtp.enteract.com (thor.enteract.com [207.229.143.11]) by hub.freebsd.org (Postfix) with SMTP id 746DC152FC for ; Fri, 12 Mar 1999 18:32:47 -0800 (PST) (envelope-from dscheidt@enteract.com) Received: (qmail 5699 invoked from network); 13 Mar 1999 02:32:28 -0000 Received: from nathan.enteract.com (dscheidt@207.229.143.6) by thor.enteract.com with SMTP; 13 Mar 1999 02:32:28 -0000 Date: Fri, 12 Mar 1999 20:32:28 -0600 (CST) From: David Scheidt To: Robert Watson Cc: freebsd-security@FreeBSD.ORG Subject: Re: disapointing security architecture In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 12 Mar 1999, Robert Watson wrote: :The Solaris folk now appear to have ACL support in the base OS install + :FS. Where did they find the space to store the ACLs? Adding any more HP/UX 10.x does ACLs with a second inode per file with ACL. There is a pointer to the ACL-inode at the end of the normal inode. I think the reasoning is that most files will have a NULL ACL, defaulting to standard UNIX permissions, and so the overhead of fetching and writing an additional block, syncronously, is not excessive. newfs_hfs(1m) warns to allocate extra inodes if ACLs are going to be used much. This is according to the inode(4) man page, as I haven't got HP/UX source. If I had, I would have a system that I could log into the console on. David Scheidt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 12 19:58:50 1999 Delivered-To: freebsd-security@freebsd.org Received: from apollo.backplane.com (apollo.backplane.com [209.157.86.2]) by hub.freebsd.org (Postfix) with ESMTP id 64B5C152FC for ; Fri, 12 Mar 1999 19:58:49 -0800 (PST) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.9.3/8.9.1) id TAA82290; Fri, 12 Mar 1999 19:58:28 -0800 (PST) (envelope-from dillon) Date: Fri, 12 Mar 1999 19:58:28 -0800 (PST) From: Matthew Dillon Message-Id: <199903130358.TAA82290@apollo.backplane.com> To: David Scheidt Cc: Robert Watson , freebsd-security@FreeBSD.ORG Subject: Re: disapointing security architecture References: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org :On Fri, 12 Mar 1999, Robert Watson wrote: : ::The Solaris folk now appear to have ACL support in the base OS install + ::FS. Where did they find the space to store the ACLs? Adding any more : :HP/UX 10.x does ACLs with a second inode per file with ACL. There is a :pointer to the ACL-inode at the end of the normal inode. I think the :reasoning is that most files will have a NULL ACL, defaulting to standard :UNIX permissions, and so the overhead of fetching and writing an additional :block, syncronously, is not excessive. newfs_hfs(1m) warns to allocate :extra inodes if ACLs are going to be used much. This is according to :the inode(4) man page, as I haven't got HP/UX source. If I had, I would :have a system that I could log into the console on. : :David Scheidt You know, it wouldn't cost too much to implement ACLs with an extra inode if we implemented an ACL cache, allowing multiple references to the same ACL inode. When someone changes the ACL associated with a file, it would hop to a different ACL inode. There'd have to be a mechanism to prevent excessive fragmentation but I think it would work in general terms and not even eat that many inodes. -Matt Matthew Dillon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 12 20:35: 7 1999 Delivered-To: freebsd-security@freebsd.org Received: from smtp.enteract.com (thor.enteract.com [207.229.143.11]) by hub.freebsd.org (Postfix) with SMTP id 4873114E2C for ; Fri, 12 Mar 1999 20:35:05 -0800 (PST) (envelope-from dscheidt@enteract.com) Received: (qmail 25781 invoked from network); 13 Mar 1999 04:34:46 -0000 Received: from nathan.enteract.com (dscheidt@207.229.143.6) by thor.enteract.com with SMTP; 13 Mar 1999 04:34:46 -0000 Date: Fri, 12 Mar 1999 22:34:46 -0600 (CST) From: David Scheidt To: Matthew Dillon Cc: Robert Watson , freebsd-security@FreeBSD.ORG Subject: Re: disapointing security architecture In-Reply-To: <199903130358.TAA82290@apollo.backplane.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 12 Mar 1999, Matthew Dillon wrote: : You know, it wouldn't cost too much to implement ACLs with an extra : inode if we implemented an ACL cache, allowing multiple references to : the same ACL inode. When someone changes the ACL associated with a file, : it would hop to a different ACL inode. There'd have to be a mechanism : to prevent excessive fragmentation but I think it would work in general : terms and not even eat that many inodes. Something like this certainly makes sense. You need to keep track of how many files are using that ACL inode, but that is much the same problem as hard links. What I wonder about is what the hit rate is going to be? I am fairly sure that most of my ACLs will be identical, so I suppose the odds of having one in core is pretty high. You would also win on what ever the ACL equivelant of chmod * is. David Scheidt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Mar 12 22: 9:50 1999 Delivered-To: freebsd-security@freebsd.org Received: from ints.ru (ints.ru [194.67.173.1]) by hub.freebsd.org (Postfix) with ESMTP id B352D14DE0 for ; Fri, 12 Mar 1999 22:09:44 -0800 (PST) (envelope-from ilmar@ws-ilmar.ints.ru) Received: from ws-ilmar.ints.ru (ws-ilmar.ints.ru [194.67.173.16]) by ints.ru (8.9.2/8.9.2) with ESMTP id JAA28879; Sat, 13 Mar 1999 09:08:35 +0300 (MSK) Received: from localhost (localhost [127.0.0.1]) by ws-ilmar.ints.ru (8.9.2/8.9.1) with ESMTP id JAA22938; Sat, 13 Mar 1999 09:09:24 +0300 (MSK) Date: Sat, 13 Mar 1999 09:09:23 +0300 (MSK) From: "Ilmar S. Habibulin" To: Matthew Dillon Cc: freebsd-security@FreeBSD.ORG Subject: Re: disapointing security architecture In-Reply-To: <199903121818.KAA78126@apollo.backplane.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 12 Mar 1999, Matthew Dillon wrote: > :On Thu, 11 Mar 1999, Matthew Dillon wrote: > : > How much does certification cost? I don't know about US or other sertivication systems, but in my country it may cost about 10-100 k$$. It depends on your relaships with sertification laboratory. And sertification result depends on it too. ;-))) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Mar 13 5:25:32 1999 Delivered-To: freebsd-security@freebsd.org Received: from leaf.lumiere.net (leaf.lumiere.net [207.218.152.15]) by hub.freebsd.org (Postfix) with ESMTP id 3AC8C14D5E for ; Sat, 13 Mar 1999 05:25:31 -0800 (PST) (envelope-from j@leaf.lumiere.net) Received: (from j@localhost) by leaf.lumiere.net (8.9.2/8.9.1) id FAA19545; Sat, 13 Mar 1999 05:25:13 -0800 (PST) Date: Sat, 13 Mar 1999 05:25:13 -0800 (PST) From: Jesse To: freebsd-security@freebsd.org Subject: bind 8.1.2 cache poisoning Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, I scanned my archives of freebsd-security and bugtraq and was surprised not to find aynthing on the topic. Sorry if I'm missing something obvious.. I run an IRC server that's part of a small network. Recently I noticed one user with a very obviously fake hostname. The user started bragging to various people about it. He said that he had inserted bogus entries into the cache of the nameserver. So I checked around and found in the Jan 99 section of rootshell an exploit which claims to insert entries into the caches of bind 8.1.2 servers (which is what I run and as far as I can tell is the latest version). If this is true, as it appears, I'm wondering why there's been no discussion of this anywhere (or any fixes). Seems pretty serious if anyone can screw with your DNS cache.. Hopefully there's some sort of configuration error on my part that allows this to happen, but I think I have a pretty normal, secure setup. Any comments? I thought I'd check here first before writing the bind maintainers. Thanks, --- Jesse http://www.lumiere.net/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Mar 13 5:39: 1 1999 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (FLEDGE.RES.CMU.EDU [128.2.93.229]) by hub.freebsd.org (Postfix) with ESMTP id DF29414DC2 for ; Sat, 13 Mar 1999 05:38:59 -0800 (PST) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.8.8/8.8.8) with SMTP id IAA00604; Sat, 13 Mar 1999 08:38:28 -0500 (EST) (envelope-from robert@cyrus.watson.org) Date: Sat, 13 Mar 1999 08:38:28 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: Jesse Cc: freebsd-security@freebsd.org Subject: Re: bind 8.1.2 cache poisoning In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, 13 Mar 1999, Jesse wrote: > I scanned my archives of freebsd-security and bugtraq and was surprised > not to find aynthing on the topic. Sorry if I'm missing something > obvious.. > > I run an IRC server that's part of a small network. Recently I noticed one > user with a very obviously fake hostname. The user started bragging to > various people about it. He said that he had inserted bogus entries into > the cache of the nameserver. > > So I checked around and found in the Jan 99 section of rootshell an > exploit which claims to insert entries into the caches of bind 8.1.2 > servers (which is what I run and as far as I can tell is the latest > version). If this is true, as it appears, I'm wondering why there's been > no discussion of this anywhere (or any fixes). Seems pretty serious if > anyone can screw with your DNS cache.. > > Hopefully there's some sort of configuration error on my part that allows > this to happen, but I think I have a pretty normal, secure setup. > > Any comments? I thought I'd check here first before writing the bind > maintainers. So my comment is this--I don't know much about this specific attack, although it sounds familiar, but because DNS does not use cryptography currently, you should expect it to be spoofable. :-) In the end, the DNS packets travel in cleartext, unprotected, across the network to your local nameserver. Anyone out there is pretty free to forge packets, stuff them into other nameservers, etc. This is not very sociable behavior, but DNS was not really designed to protect against this. As with TCP, the use of sequence numbers can help make this hard to do if you're not actually on a router the original request/response passes through, but that's not really a very effective protection; it makes the attack a little harder if the attacker is not on a common network route. When DNSsec is available, hopefully this kind of problem will be a little more tractable. It won't necessarily save us from programming errors, but at least the protocol will be protected :-). You may want to go read bugtraq, bind-workers, etc, and see if there is any serious mention of it there. If not, consider sending email to the bind bug reporting address. It may be there is something in a recent patch, or something that could be put in a patch. But again, in a protocol with no crypto support that uses the open network, there is only so much you can do. Robert N Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: 03 01 DD 8E 15 67 48 73 25 6D 10 FC EC 68 C1 1C Carnegie Mellon University http://www.cmu.edu/ TIS Labs at Network Associates, Inc. http://www.tis.com/ Safeport Network Services http://www.safeport.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Mar 13 6:32:51 1999 Delivered-To: freebsd-security@freebsd.org Received: from lariat.lariat.org (lariat.lariat.org [206.100.185.2]) by hub.freebsd.org (Postfix) with ESMTP id 9188114D4F for ; Sat, 13 Mar 1999 06:32:49 -0800 (PST) (envelope-from brett@lariat.org) Received: (from brett@localhost) by lariat.lariat.org (8.8.8/8.8.6) id HAA26030; Sat, 13 Mar 1999 07:32:30 -0700 (MST) Message-Id: <4.1.19990313072602.00a6b430@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Sat, 13 Mar 1999 07:29:26 -0700 To: Jesse , freebsd-security@FreeBSD.ORG From: Brett Glass Subject: Re: bind 8.1.2 cache poisoning In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org It can't be hard to poison the cache. Many daemons do reverse lookups on hosts which connect to them, presenting a perfect opportunity to send a spoofed response that gets into the cache. If the "claimed" name and the spoofed one match, they can get stuck for a very long time (just make the time to live very long on purpose). For a standard that holds the Internet together, it is amazing just how weak and awkward DNS really is. --Brett At 05:25 AM 3/13/99 -0800, Jesse wrote: > >Hi, > >I scanned my archives of freebsd-security and bugtraq and was surprised >not to find aynthing on the topic. Sorry if I'm missing something >obvious.. > >I run an IRC server that's part of a small network. Recently I noticed one >user with a very obviously fake hostname. The user started bragging to >various people about it. He said that he had inserted bogus entries into >the cache of the nameserver. > >So I checked around and found in the Jan 99 section of rootshell an >exploit which claims to insert entries into the caches of bind 8.1.2 >servers (which is what I run and as far as I can tell is the latest >version). If this is true, as it appears, I'm wondering why there's been >no discussion of this anywhere (or any fixes). Seems pretty serious if >anyone can screw with your DNS cache.. > >Hopefully there's some sort of configuration error on my part that allows >this to happen, but I think I have a pretty normal, secure setup. > >Any comments? I thought I'd check here first before writing the bind >maintainers. > >Thanks, > >--- >Jesse >http://www.lumiere.net/ > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Mar 13 10:36:57 1999 Delivered-To: freebsd-security@freebsd.org Received: from office.omc.net (office.omc.net [195.185.142.22]) by hub.freebsd.org (Postfix) with ESMTP id 60DB914ED6 for ; Sat, 13 Mar 1999 10:36:20 -0800 (PST) (envelope-from LutzRab@omc.net) Received: from lutz (lutz.omc.net [195.185.142.3]) by office.omc.net (8.9.3/8.9.3) with SMTP id TAA21242 for ; Sat, 13 Mar 1999 19:36:01 +0100 (CET) Message-Id: <199903131836.TAA21242@office.omc.net> From: "Lutz Rabing" Organization: OMCnet IS GmbH To: freebsd-security@FreeBSD.ORG Date: Sat, 13 Mar 1999 19:36:01 +0100 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: sendmail NOQUEUE: ... didn't use HELO protocol Reply-To: LutzRab@omc.net X-mailer: Pegasus Mail for Win32 (v3.01d) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, we get many of these NOQUEUE messages in our maillog from many different dial-up accounts. One every 3 or 4 minutes. Has anyone seen something like this? Whats the purpose? I saw "NetBus online ..." in one of those mails. --------------------- Mar 13 19:25:21 delta sendmail[25150]: NOQUEUE: Authentication-Warning: delta.omc.net: pC19F8579.dip.t-online.de [19 3.159.133.121] didn't use HELO protocol Mar 13 19:25:21 delta sendmail[25150]: TAA25150: ruleset=check_rcpt, arg1=psl@earthling.net, relay=pC19F8579.dip.t-o nline.de [193.159.133.121], reject=550 psl@earthling.net... Relaying denied Mar 13 19:27:05 delta sendmail[25207]: NOQUEUE: Authentication-Warning: delta.omc.net: 166-7-61.ipt.aol.com [152.166 .7.61] didn't use HELO protocol Mar 13 19:27:06 delta sendmail[25207]: TAA25207: ruleset=check_rcpt, arg1=psl@earthling.net, relay=166-7-61.ipt.aol. com [152.166.7.61], reject=550 psl@earthling.net... Relaying denied --------------------- Thanks, Lutz Rabing -OMCnet- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Mar 13 10:40: 2 1999 Delivered-To: freebsd-security@freebsd.org Received: from phk.freebsd.dk (phk.freebsd.dk [212.242.40.153]) by hub.freebsd.org (Postfix) with ESMTP id 8B3F814F17 for ; Sat, 13 Mar 1999 10:39:54 -0800 (PST) (envelope-from phk@critter.freebsd.dk) Received: from critter.freebsd.dk (critter.freebsd.dk [212.242.40.131]) by phk.freebsd.dk (8.9.1/8.8.8) with ESMTP id TAA14186; Sat, 13 Mar 1999 19:39:35 +0100 (CET) (envelope-from phk@critter.freebsd.dk) Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.9.2/8.9.2) with ESMTP id TAA10406; Sat, 13 Mar 1999 19:39:31 +0100 (CET) (envelope-from phk@critter.freebsd.dk) To: LutzRab@omc.net Cc: freebsd-security@FreeBSD.ORG Subject: Re: sendmail NOQUEUE: ... didn't use HELO protocol In-reply-to: Your message of "Sat, 13 Mar 1999 19:36:01 +0100." <199903131836.TAA21242@office.omc.net> Date: Sat, 13 Mar 1999 19:39:31 +0100 Message-ID: <10404.921350371@critter.freebsd.dk> From: Poul-Henning Kamp Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <199903131836.TAA21242@office.omc.net>, "Lutz Rabing" writes: >Hi, > >we get many of these NOQUEUE messages in our maillog from many >different dial-up accounts. One every 3 or 4 minutes. You get one of those every time the rulesets kick in. It usually means that you didn't get hit with a piece of spam... -- Poul-Henning Kamp FreeBSD coreteam member phk@FreeBSD.ORG "Real hackers run -current on their laptop." FreeBSD -- It will take a long time before progress goes too far! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Mar 13 10:53:46 1999 Delivered-To: freebsd-security@freebsd.org Received: from lariat.lariat.org (lariat.lariat.org [206.100.185.2]) by hub.freebsd.org (Postfix) with ESMTP id 3015114D5A for ; Sat, 13 Mar 1999 10:53:42 -0800 (PST) (envelope-from brett@lariat.org) Received: (from brett@localhost) by lariat.lariat.org (8.8.8/8.8.6) id LAA27692; Sat, 13 Mar 1999 11:53:18 -0700 (MST) Message-Id: <4.1.19990313114523.0419f420@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Sat, 13 Mar 1999 11:53:06 -0700 To: LutzRab@omc.net, freebsd-security@FreeBSD.ORG From: Brett Glass Subject: Re: sendmail NOQUEUE: ... didn't use HELO protocol In-Reply-To: <199903131836.TAA21242@office.omc.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Congratulations. Your mailer just caught two spamming attempts and rejected them. One attempted to use SMTP directly from an AOL dial-in (a common source of spam); the other came in from a German ISP. Neither started the transaction with a HELO (which means that they attempted to avoid identifying themselves), and both attempted to relay through you. Since both were destined for the same place, it was probably the same spammer trying twice. --Brett At 07:36 PM 3/13/99 +0100, Lutz Rabing wrote: >Hi, > >we get many of these NOQUEUE messages in our maillog from many >different dial-up accounts. One every 3 or 4 minutes. > >Has anyone seen something like this? Whats the purpose? > >I saw "NetBus online ..." in one of those mails. > > >--------------------- >Mar 13 19:25:21 delta sendmail[25150]: NOQUEUE: Authentication-Warning: >delta.omc.net: pC19F8579.dip.t-online.de [19 >3.159.133.121] didn't use HELO protocol >Mar 13 19:25:21 delta sendmail[25150]: TAA25150: ruleset=check_rcpt, >arg1=psl@earthling.net, relay=pC19F8579.dip.t-o >nline.de [193.159.133.121], reject=550 psl@earthling.net... Relaying denied >Mar 13 19:27:05 delta sendmail[25207]: NOQUEUE: Authentication-Warning: >delta.omc.net: 166-7-61.ipt.aol.com [152.166 >.7.61] didn't use HELO protocol >Mar 13 19:27:06 delta sendmail[25207]: TAA25207: ruleset=check_rcpt, >arg1=psl@earthling.net, relay=166-7-61.ipt.aol. >com [152.166.7.61], reject=550 psl@earthling.net... Relaying denied >--------------------- > > >Thanks, > >Lutz Rabing -OMCnet- > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Mar 13 11: 4:59 1999 Delivered-To: freebsd-security@freebsd.org Received: from dhabat.pair.com (dhabat.pair.com [209.68.1.219]) by hub.freebsd.org (Postfix) with ESMTP id D80A814ED7 for ; Sat, 13 Mar 1999 11:04:54 -0800 (PST) (envelope-from alanp@dhabat.pair.com) Received: (from alanp@localhost) by dhabat.pair.com (8.9.1/8.6.12) id OAA27024; Sat, 13 Mar 1999 14:04:28 -0500 (EST) X-Envelope-To: freebsd-security@freebsd.org Message-ID: <19990313140428.A26796@unixpower.org> Date: Sat, 13 Mar 1999 14:04:28 -0500 From: Alan To: Brett Glass Cc: freebsd-security@freebsd.org Subject: Re: bind 8.1.2 cache poisoning References: <4.1.19990313072602.00a6b430@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.91.1 In-Reply-To: <4.1.19990313072602.00a6b430@localhost>; from Brett Glass on Sat, Mar 13, 1999 at 07:29:26AM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, Mar 13, 1999 at 07:29:26AM -0700, Brett Glass wrote: > It can't be hard to poison the cache. Many daemons do reverse lookups > on hosts which connect to them, presenting a perfect opportunity to > send a spoofed response that gets into the cache. If the "claimed" > name and the spoofed one match, they can get stuck for a very long > time (just make the time to live very long on purpose). > > For a standard that holds the Internet together, it is amazing just > how weak and awkward DNS really is. > > --Brett > The main server people are hitting is a.root-servers.net, they use this for non-existant domains. Messing with the root-servers is just wrong. -- | Alan L. * Webmaster of www.UnixPower.org | | Windsor Unix Users Group Founder: http://unix.windsor.on.ca/ | | Personal Page: http://www.unixpower.org/alanp/ | To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Mar 13 14:38:56 1999 Delivered-To: freebsd-security@freebsd.org Received: from techpower.net (techpower.net [205.133.231.1]) by hub.freebsd.org (Postfix) with ESMTP id 56BF014E0C for ; Sat, 13 Mar 1999 14:38:47 -0800 (PST) (envelope-from hometeam@techpower.net) Received: from localhost (hometeam@localhost) by techpower.net (8.9.2/8.9.3) with ESMTP id RAA33219; Sat, 13 Mar 1999 17:41:55 -0500 (EST) Date: Sat, 13 Mar 1999 17:41:55 -0500 (EST) From: hometeam To: Lutz Rabing Cc: freebsd-security@FreeBSD.ORG Subject: Re: sendmail NOQUEUE: ... didn't use HELO protocol In-Reply-To: <199903131836.TAA21242@office.omc.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Well it looks like your rule sets are working properly. Spam Spam Spam. On Sat, 13 Mar 1999, Lutz Rabing wrote: > Hi, > > we get many of these NOQUEUE messages in our maillog from many > different dial-up accounts. One every 3 or 4 minutes. > > Has anyone seen something like this? Whats the purpose? > > I saw "NetBus online ..." in one of those mails. > > > --------------------- > Mar 13 19:25:21 delta sendmail[25150]: NOQUEUE: Authentication-Warning: delta.omc.net: pC19F8579.dip.t-online.de [19 > 3.159.133.121] didn't use HELO protocol > Mar 13 19:25:21 delta sendmail[25150]: TAA25150: ruleset=check_rcpt, arg1=psl@earthling.net, relay=pC19F8579.dip.t-o > nline.de [193.159.133.121], reject=550 psl@earthling.net... Relaying denied > Mar 13 19:27:05 delta sendmail[25207]: NOQUEUE: Authentication-Warning: delta.omc.net: 166-7-61.ipt.aol.com [152.166 > .7.61] didn't use HELO protocol > Mar 13 19:27:06 delta sendmail[25207]: TAA25207: ruleset=check_rcpt, arg1=psl@earthling.net, relay=166-7-61.ipt.aol. > com [152.166.7.61], reject=550 psl@earthling.net... Relaying denied > --------------------- > > > Thanks, > > Lutz Rabing -OMCnet- > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Mar 13 16:27:44 1999 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (FLEDGE.RES.CMU.EDU [128.2.93.229]) by hub.freebsd.org (Postfix) with ESMTP id 03DAC14EF6 for ; Sat, 13 Mar 1999 16:27:20 -0800 (PST) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.8.8/8.8.8) with SMTP id TAA02572; Sat, 13 Mar 1999 19:26:52 -0500 (EST) (envelope-from robert@cyrus.watson.org) Date: Sat, 13 Mar 1999 19:26:52 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: Thomas Valentino Crimi Cc: freebsd-security@freebsd.org Subject: Re: ACL's In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, 13 Mar 1999, Thomas Valentino Crimi wrote: > Excerpts from FreeBSD-Security: 12-Mar-99 Re: disapointing security > a.. by Robert Watson@cyrus.wats > >The Solaris folk now appear to have ACL support in the base OS install + > >FS. Where did they find the space to store the ACLs? Adding any more > >serious data to the inode results in reduced performance as you chew > >through direct block pointers. Adding a new block that stores just ACL > >data sounds feasible, but removes the simplicity of the whole thing and > > Just a quick question on Posix.1e ACL's, are they per-file or > per-directory? Either way, might storing them in the directory > structure (particularly if they ARE per-directory) be feasable. I was > thinking about this back at the beginning of the thread and was thinking > many implementions may have required a 'hidden file' used by the > stacking layer in each directory to store the data. As a matter of > fact, I think that is how one of the older test ACL's layers did it. > I'd think the directory structure would be better, though. POSIX.1e defines one ACL per file, and two per directory--one the actual permissions on the directory, the other the default ACL for new children in the directory. However, due to hard links, ACLs for files probably have to be stored with the file. BTW, I'd really like to get rid of hard links -- they allow users to retain copies of setuid files after the owner thinks they are deleted. I.e., user creates a hard link to /usr/sbin/somesetuidbin to /usr/tmp/mytemp. Now the admin upgrades the machine, thinking they have removed the risk of the now known buggy somesetuidbin. Also, since directory permissions act as a cumlative masks on the permissions of files held in them, it can be hard to revoke access to a file you own--someone else may have hard linked it elsewhere in the fs without your knowledge (something they can do as long as they own the target directory). Given that hard links already cause inconsistent semantics in the name space for users, and aren't properly preserved in tar, etc, I think they don't contribute much. Robert N Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: 03 01 DD 8E 15 67 48 73 25 6D 10 FC EC 68 C1 1C Carnegie Mellon University http://www.cmu.edu/ TIS Labs at Network Associates, Inc. http://www.tis.com/ Safeport Network Services http://www.safeport.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Mar 13 16:42:56 1999 Delivered-To: freebsd-security@freebsd.org Received: from office.omc.net (office.omc.net [195.185.142.22]) by hub.freebsd.org (Postfix) with ESMTP id CA1EB14F66 for ; Sat, 13 Mar 1999 16:42:53 -0800 (PST) (envelope-from LutzRab@omc.net) Received: from lutz (lutz.omc.net [195.185.142.3]) by office.omc.net (8.9.3/8.9.3) with SMTP id BAA24413 for ; Sun, 14 Mar 1999 01:42:34 +0100 (CET) Message-Id: <199903140042.BAA24413@office.omc.net> From: "Lutz Rabing" Organization: OMCnet IS GmbH To: freebsd-security@FreeBSD.ORG Date: Sun, 14 Mar 1999 01:42:34 +0100 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: sendmail NOQUEUE: ... didn't use HELO protocol Reply-To: LutzRab@omc.net In-reply-to: <4.1.19990313114523.0419f420@localhost> References: <199903131836.TAA21242@office.omc.net> X-mailer: Pegasus Mail for Win32 (v3.01d) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Congratulations. Your mailer just caught two spamming attempts and rejected > them. One attempted to use SMTP directly from an AOL dial-in (a common > source of spam); the other came in from a German ISP. Neither started > the transaction with a HELO (which means that they attempted to avoid > identifying themselves), and both attempted to relay through you. > > Since both were destined for the same place, it was probably the same > spammer trying twice. > What makes me nervous is, that the same spammer has access to hundreds of dialin accounts around the world, trying every 3 or 4 minutes around the clock. Always using "psl@earthling.net" as address. > At 07:36 PM 3/13/99 +0100, Lutz Rabing wrote: > > >Hi, > > > >we get many of these NOQUEUE messages in our maillog from many > >different dial-up accounts. One every 3 or 4 minutes. > > > >Has anyone seen something like this? Whats the purpose? > > > >I saw "NetBus online ..." in one of those mails. > > > > > >--------------------- > >Mar 13 19:25:21 delta sendmail[25150]: NOQUEUE: Authentication-Warning: > >delta.omc.net: pC19F8579.dip.t-online.de [19 > >3.159.133.121] didn't use HELO protocol > >Mar 13 19:25:21 delta sendmail[25150]: TAA25150: ruleset=check_rcpt, > >arg1=psl@earthling.net, relay=pC19F8579.dip.t-o > >nline.de [193.159.133.121], reject=550 psl@earthling.net... Relaying denied > >Mar 13 19:27:05 delta sendmail[25207]: NOQUEUE: Authentication-Warning: > >delta.omc.net: 166-7-61.ipt.aol.com [152.166 > >.7.61] didn't use HELO protocol > >Mar 13 19:27:06 delta sendmail[25207]: TAA25207: ruleset=check_rcpt, > >arg1=psl@earthling.net, relay=166-7-61.ipt.aol. > >com [152.166.7.61], reject=550 psl@earthling.net... Relaying denied > >--------------------- > > > > > >Thanks, > > > >Lutz Rabing -OMCnet- > > > > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > >with "unsubscribe freebsd-security" in the body of the message > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > > Mit freundlichen Gruessen, Lutz Rabing -OMCnet- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Mar 13 17: 4: 9 1999 Delivered-To: freebsd-security@freebsd.org Received: from aauu.aaweber.com (cs9340-48.austin.rr.com [24.93.40.48]) by hub.freebsd.org (Postfix) with ESMTP id 0053514F54; Sat, 13 Mar 1999 17:03:24 -0800 (PST) (envelope-from aaweber@austin.rr.com) Received: (from aaweber@localhost) by aauu.aaweber.com (8.9.1/8.9.1) id TAA01636; Sat, 13 Mar 1999 19:03:05 -0600 (CST) Date: Sat, 13 Mar 1999 19:03:05 -0600 From: Alan Weber To: Freebsd-chat@freebsd.org Cc: freebsd-security@freebsd.org Subject: Re: disapointing security architecture Message-ID: <19990313190305.A1423@austin.rr.com> References: <199903130358.TAA82290@apollo.backplane.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.1i In-Reply-To: ; from David Scheidt on Fri, Mar 12, 1999 at 10:34:46PM -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, Mar 12, 1999 at 10:34:46PM -0600, David Scheidt wrote: --> On Fri, 12 Mar 1999, Matthew Dillon wrote: --> : You know, it wouldn't cost too much to implement ACLs with an extra --> : inode if we implemented an ACL cache, allowing multiple references to --> : the same ACL inode. When someone changes the ACL associated with a file, --> : it would hop to a different ACL inode. There'd have to be a mechanism --> : to prevent excessive fragmentation but I think it would work in general --> : terms and not even eat that many inodes. --> Something like this certainly makes sense. You need to keep track of how --> many files are using that ACL inode, but that is much the same problem as --> hard links. What I wonder about is what the hit rate is going to be? I am --> fairly sure that most of my ACLs will be identical, so I suppose the odds of --> having one in core is pretty high. You would also win on what ever the ACL --> equivelant of chmod * is. I would suggest that each directory have an ACL inode and that by default each file will use the inode of the directory ACL inode. This will cause ACLs to propagate down a directory tree when subdirectories are created. I generally administer access rights on a directory basis. I am very used to the NetWare trustee scheme and find if very convenient to manage user file permissions on a directory basis. Would it be possible to increase the granularity of the permissions with the ACL scheme (delete, create, rename, write, append, read, grant, etc.)? I would be willing to help on implementing ACLs. -- When I was a kid I had to rub sticks together to multiply and divide numbers. A calculator was a job description. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Mar 13 17:20:50 1999 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (FLEDGE.RES.CMU.EDU [128.2.93.229]) by hub.freebsd.org (Postfix) with ESMTP id 259C014E2F for ; Sat, 13 Mar 1999 17:20:23 -0800 (PST) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.8.8/8.8.8) with SMTP id UAA02757; Sat, 13 Mar 1999 20:20:03 -0500 (EST) (envelope-from robert@cyrus.watson.org) Date: Sat, 13 Mar 1999 20:20:03 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: Alan Weber Cc: freebsd-security@freebsd.org Subject: Re: disapointing security architecture In-Reply-To: <19990313190305.A1423@austin.rr.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, 13 Mar 1999, Alan Weber wrote: > On Fri, Mar 12, 1999 at 10:34:46PM -0600, David Scheidt wrote: > --> On Fri, 12 Mar 1999, Matthew Dillon wrote: > > --> : You know, it wouldn't cost too much to implement ACLs with an extra > --> : inode if we implemented an ACL cache, allowing multiple references to > --> : the same ACL inode. When someone changes the ACL associated with a file, > --> : it would hop to a different ACL inode. There'd have to be a mechanism > --> : to prevent excessive fragmentation but I think it would work in general > --> : terms and not even eat that many inodes. > > --> Something like this certainly makes sense. You need to keep track of how > --> many files are using that ACL inode, but that is much the same problem as > --> hard links. What I wonder about is what the hit rate is going to be? I am > --> fairly sure that most of my ACLs will be identical, so I suppose the odds of > --> having one in core is pretty high. You would also win on what ever the ACL > --> equivelant of chmod * is. > > I would suggest that each directory have an ACL inode and that by default each > file will use the inode of the directory ACL inode. This will cause ACLs to > propagate down a directory tree when subdirectories are created. I generally > administer access rights on a directory basis. I am very used to the NetWare > trustee scheme and find if very convenient to manage user file permissions > on a directory basis. Would it be possible to increase the granularity of > the permissions with the ACL scheme (delete, create, rename, write, append, > read, grant, etc.)? I would be willing to help on implementing ACLs. While I recognize the simplicity and usefulness of per-directory ACLs (a la AFS and Coda), I suspect that ACLs in the style of POSIX.1e will probably achieve greater portability (Solaris, Linux, etc). Since permissions are currently on the granularity of files, the POSIX.1e mechanism is probably also more consistent with the current permission model. Robert N Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: 03 01 DD 8E 15 67 48 73 25 6D 10 FC EC 68 C1 1C Carnegie Mellon University http://www.cmu.edu/ TIS Labs at Network Associates, Inc. http://www.tis.com/ Safeport Network Services http://www.safeport.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Mar 13 18:39:30 1999 Delivered-To: freebsd-security@freebsd.org Received: from aauu.aaweber.com (cs9340-48.austin.rr.com [24.93.40.48]) by hub.freebsd.org (Postfix) with ESMTP id CE96D14DAB; Sat, 13 Mar 1999 18:39:24 -0800 (PST) (envelope-from aaweber@austin.rr.com) Received: (from aaweber@localhost) by aauu.aaweber.com (8.9.1/8.9.1) id UAA01893; Sat, 13 Mar 1999 20:39:03 -0600 (CST) Date: Sat, 13 Mar 1999 20:39:02 -0600 From: Alan Weber To: Robert Watson Cc: freebsd-security@freebsd.org Subject: Re: ACLs was disapointing security architecture Message-ID: <19990313203902.B1850@austin.rr.com> References: <19990313190305.A1423@austin.rr.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.1i In-Reply-To: ; from Robert Watson on Sat, Mar 13, 1999 at 08:20:03PM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --> > --> : You know, it wouldn't cost too much to implement ACLs with an extra --> > --> : inode if we implemented an ACL cache, allowing multiple references to --> > --> : the same ACL inode. When someone changes the ACL associated with a file, --> > --> : it would hop to a different ACL inode. There'd have to be a mechanism --> > --> : to prevent excessive fragmentation but I think it would work in general --> > --> : terms and not even eat that many inodes. --> > --> Something like this certainly makes sense. You need to keep track of how --> > --> many files are using that ACL inode, but that is much the same problem as --> > --> hard links. What I wonder about is what the hit rate is going to be? I am --> > --> fairly sure that most of my ACLs will be identical, so I suppose the odds of --> > --> having one in core is pretty high. You would also win on what ever the ACL --> > --> equivelant of chmod * is. --> > I would suggest that each directory have an ACL inode and that by default each --> > file will use the inode of the directory ACL inode. This will cause ACLs to --> > propagate down a directory tree when subdirectories are created. I generally --> > administer access rights on a directory basis. I am very used to the NetWare --> > trustee scheme and find if very convenient to manage user file permissions --> > on a directory basis. Would it be possible to increase the granularity of --> > the permissions with the ACL scheme (delete, create, rename, write, append, --> > read, grant, etc.)? I would be willing to help on implementing ACLs. --> While I recognize the simplicity and usefulness of per-directory ACLs (a --> la AFS and Coda), I suspect that ACLs in the style of POSIX.1e will --> probably achieve greater portability (Solaris, Linux, etc). Since --> permissions are currently on the granularity of files, the POSIX.1e --> mechanism is probably also more consistent with the current permission --> model. I am not suggesting directory-only ACLs but want the file ACL to point to the directory ACL unless explicitly changed on a per file basis. I like the above scheme to reuse ACLs as one change can be efficiently propagated to a huge number of files versus having to fetch/update every file ACL in a directory hierarchy. -- When I was a kid I had to rub sticks together to multiply and divide numbers. A calculator was a job description. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Mar 13 20:47:55 1999 Delivered-To: freebsd-security@freebsd.org Received: from host07.rwsystems.net (kasie.rwsystems.net [209.197.192.103]) by hub.freebsd.org (Postfix) with ESMTP id 7C9A414FAE for ; Sat, 13 Mar 1999 20:47:38 -0800 (PST) (envelope-from jwyatt@RWSystems.net) Received: from kasie.rwsystems.net([209.197.192.103]) (2641 bytes) by host07.rwsystems.net via sendmail with P:esmtp/R:bind_hosts/T:inet_zone_bind_smtp (sender: ) id for ; Sat, 13 Mar 1999 22:12:47 -0600 (CST) (Smail-3.2.0.104 1998-Nov-20 #1 built 1998-Dec-24) Date: Sat, 13 Mar 1999 22:12:45 -0600 (CST) From: James Wyatt To: nick@FERALMONKEY.ORG Cc: Fernando Schapachnik , freebsd-security@freebsd.org Subject: Re: WinVirus scannig on a FreeBSD FW In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, 13 Mar 1999 nick@FERALMONKEY.ORG wrote: > On Fri, 12 Mar 1999, Fernando Schapachnik wrote: > > I'd like to set up a firewall in which I can scan for PC viruses. > > Does anybody know if there's such a tool for FreeBSD? > You need to clarify what you said somewhat. Firstly, do you intend to do > local scanning of viruses on the firewall? Do you intend to scan viruses > as they pass through the firewall? I suspect it's the latter. We found this did not provide enough coverage for our customers - it only got obvious incoming email viruses. It didn't catch infected webmail, interdepartmental (Ted brought floppy with infected .doc file), or stuff buried in .zip files or web pages. We support a number of firewalls with sendmail or smail on FreeBSD or AIX or Linux. There are not many solutions that scan well here even if the coverage was good enough. Since our biggest customer (8000+ desktops) began the change from OS/2 w/Lotus Suite to NT and Office Suite, they have been hit with numerous Office viruses. (Word, Excell, etc...) We are looking at tools that scan the Exchange mailboxes, catching *anything* in almost everyone's email. We are also using Tivoli to pseudorandomly update the McAfee databases on the NT workstations. (Nothing like thousands of workstations all downloading a large file on the 1st of the month!) > There are some commercial products available that act as mail proxies > which enforce "content security" as mail passes through. If you want Our favorite here was MailShield, but it was for mime-type and size filtering. I hadn't seen anything that did 'content security' against virulent files on FreeBSD either. I can't screen all the .doc files as much as I wish I could... 8{) So, why did uSoft make OutLook default to sending .doc files? Was it to make the docs look better to Win32 users? Was it to ensure the GUID info was included without munging the message-id? Was it to sell more antivirus software? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Mar 13 22:10:18 1999 Delivered-To: freebsd-security@freebsd.org Received: from ns1.seidata.com (ns1.seidata.com [208.10.211.2]) by hub.freebsd.org (Postfix) with ESMTP id C1E5514FBB for ; Sat, 13 Mar 1999 22:10:16 -0800 (PST) (envelope-from mike@seidata.com) Received: from localhost (mike@localhost) by ns1.seidata.com (8.8.8/8.8.5) with ESMTP id BAA01191; Sun, 14 Mar 1999 01:09:49 -0500 (EST) Date: Sun, 14 Mar 1999 01:09:49 -0500 (EST) From: To: Alan Cc: Brett Glass , freebsd-security@FreeBSD.ORG Subject: Re: bind 8.1.2 cache poisoning In-Reply-To: <19990313140428.A26796@unixpower.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, 13 Mar 1999, Alan wrote: > The main server people are hitting is a.root-servers.net, they use this for > non-existant domains. Messing with the root-servers is just wrong. Yes... I thoroughly agree with the ideas of 'netiquette' which are apparently behind your post. However, many would also argue that allowing such a central protocol to be so awkwardly trusting is 'just wrong' as well. Later, -Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Mar 13 22:46:17 1999 Delivered-To: freebsd-security@freebsd.org Received: from alive.znep.com (sense-sea-MegaSub-1-222.oz.net [216.39.144.222]) by hub.freebsd.org (Postfix) with ESMTP id 7A5EE14FA0 for ; Sat, 13 Mar 1999 22:46:15 -0800 (PST) (envelope-from marcs@znep.com) Received: from localhost (marcs@localhost) by alive.znep.com (8.9.1/8.9.1) with ESMTP id WAA03360; Sat, 13 Mar 1999 22:53:36 -0800 (PST) (envelope-from marcs@znep.com) Date: Sat, 13 Mar 1999 22:53:36 -0800 (PST) From: Marc Slemko To: Alan , Jesse Cc: freebsd-security@FreeBSD.ORG Subject: Re: bind 8.1.2 cache poisoning In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, 13 Mar 1999, Jesse wrote: [...] > So I checked around and found in the Jan 99 section of rootshell an > exploit which claims to insert entries into the caches of bind 8.1.2 > servers (which is what I run and as far as I can tell is the latest > version). If this is true, as it appears, I'm wondering why there's been > no discussion of this anywhere (or any fixes). Seems pretty serious if > anyone can screw with your DNS cache.. Yup, it can be done. There are three or four programs that I have seen which do it. The way an name server can match a response to a request is by looking at the query id. This query id is a 16 bit number. If you can guess that number, you can often spoof a response. One way to make it harder to exploit is to have your nameserver send queries from multiple ports in random order so that it is difficult to tell which port to spoof to. This can get a lot more expensive and take a fair amount more resouces, but is practical in some situations. The other thing to do is to randomize the query id. Right now it is just ++'ed for each query, making it easy to guess. Randomizing it requires more complicated work to have a cheap way to ensure you don't reuse ids for outstanding queries. This can't prevent attacks, since the 16-bit id is just too small a space and too easy to flood, but it can help. 8.2 will be out soon that will have DNSSEC that will fix these issues in the long term. Paul was talking about 8.1.2++ which would contain randomized query ids which help a bit, but I don't know that such a thing will necessarily be released. In any case, it looks like 8.2 will have randomized query ids as well. On Sat, 13 Mar 1999, Alan wrote: > The main server people are hitting is a.root-servers.net, they use this for > non-existant domains. Messing with the root-servers is just wrong. Hmm? I'm not sure what you are talking about. The root name servers do not run with recursion enabled making this attack not work against them. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Mar 13 23:15:31 1999 Delivered-To: freebsd-security@freebsd.org Received: from unicorn.blackhats.org (unicorn.blackhats.org [194.109.83.155]) by hub.freebsd.org (Postfix) with ESMTP id A111815001 for ; Sat, 13 Mar 1999 23:15:26 -0800 (PST) (envelope-from unicorn@unicorn.blackhats.org) Received: (from unicorn@localhost) by unicorn.blackhats.org (8.8.8/8.8.8) id IAA00503; Sun, 14 Mar 1999 08:19:33 +0100 (CET) (envelope-from unicorn) Date: Sun, 14 Mar 1999 08:19:33 +0100 From: The Unicorn To: Robert Watson Cc: Thomas Valentino Crimi , freebsd-security@FreeBSD.ORG Subject: Re: ACL's Message-ID: <19990314081933.A438@unicorn.quux.org> Mail-Followup-To: Robert Watson , Thomas Valentino Crimi , freebsd-security@FreeBSD.ORG References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.1i In-Reply-To: ; from Robert Watson on Sat, Mar 13, 1999 at 07:26:52PM -0500 X-Files: The Truth Is Out There! Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, Mar 13, 1999 at 07:26:52PM -0500, Robert Watson wrote: > On Sat, 13 Mar 1999, Thomas Valentino Crimi wrote: > [ POSIX related stuff deleted... ] > BTW, I'd really like to get rid of hard links -- they allow users to > retain copies of setuid files after the owner thinks they are deleted. > I.e., user creates a hard link to /usr/sbin/somesetuidbin to > /usr/tmp/mytemp. Now the admin upgrades the machine, thinking they have > removed the risk of the now known buggy somesetuidbin. > > Also, since directory permissions act as a cumlative masks on the > permissions of files held in them, it can be hard to revoke access to a > file you own--someone else may have hard linked it elsewhere in the fs > without your knowledge (something they can do as long as they own the > target directory). Given that hard links already cause inconsistent > semantics in the name space for users, and aren't properly preserved in > tar, etc, I think they don't contribute much. They cause inconsistent semantics, but they are recorded in the inode as the number of links to the file the inode holds information on. Therefor any admin who is worth the money they receive for doing their task will know that if the number of links to a file is greater than one another hard link must exist. Searching the filesystem for another name referring the same inode is then not a really hard thing to do... As far as I am aware there are backup utilities that DO preserve hard links (if I am not mistaken GNU tar does). Have a look at ls -l `which vi view ex` and think again about what hard links contribute (then again similar functionality might be constructed using soft-links; but they are much harder to administrate (read: keep under control)) Just my 0.02 euro. > Robert N Watson ---end quoted text--- Ciao, Unicorn. -- ======= _ __,;;;/ TimeWaster ================================================ ,;( )_, )~\| A Truly Wise Man Never Plays ;; // `--; Leapfrog With A Unicorn... ==='= ;\ = | ==== Youth is Not a Time in Life, It is a State of Mind! ======= To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Mar 13 23:20: 2 1999 Delivered-To: freebsd-security@freebsd.org Received: from ints.ru (ints.ru [194.67.173.1]) by hub.freebsd.org (Postfix) with ESMTP id 6E68914DB0 for ; Sat, 13 Mar 1999 23:18:36 -0800 (PST) (envelope-from ilmar@ws-ilmar.ints.ru) Received: from ws-ilmar.ints.ru (ws-ilmar.ints.ru [194.67.173.16]) by ints.ru (8.9.2/8.9.2) with ESMTP id KAA06411; Sun, 14 Mar 1999 10:17:20 +0300 (MSK) Received: from localhost (localhost [127.0.0.1]) by ws-ilmar.ints.ru (8.9.2/8.9.1) with ESMTP id KAA15294; Sun, 14 Mar 1999 10:18:10 +0300 (MSK) Date: Sun, 14 Mar 1999 10:18:10 +0300 (MSK) From: "Ilmar S. Habibulin" To: Robert Watson Cc: Thomas Valentino Crimi , freebsd-security@FreeBSD.ORG Subject: Re: ACL's In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, 13 Mar 1999, Robert Watson wrote: > BTW, I'd really like to get rid of hard links -- they allow users to > retain copies of setuid files after the owner thinks they are deleted. > I.e., user creates a hard link to /usr/sbin/somesetuidbin to > /usr/tmp/mytemp. Now the admin upgrades the machine, thinking they have > removed the risk of the now known buggy somesetuidbin. But hard links are the UFS ideology is suppose. In my MAC implementation i limit number of hard links to a file with MAC level more than zero. It was done with the same thought im mind, as yours about suidbin. I have to make sure that this file is zero deleted after unlinking. And if i have another copy - it doesn't unlink at all. ;-) So my proposal is - maybe we should limit number of hard links on some files? PS. Sorry for bad english. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Mar 13 23:54: 4 1999 Delivered-To: freebsd-security@freebsd.org Received: from smtp.enteract.com (thor.enteract.com [207.229.143.11]) by hub.freebsd.org (Postfix) with SMTP id 0A08C14E30 for ; Sat, 13 Mar 1999 23:54:02 -0800 (PST) (envelope-from dscheidt@enteract.com) Received: (qmail 24182 invoked from network); 14 Mar 1999 07:53:44 -0000 Received: from nathan.enteract.com (dscheidt@207.229.143.6) by thor.enteract.com with SMTP; 14 Mar 1999 07:53:44 -0000 Date: Sun, 14 Mar 1999 01:53:43 -0600 (CST) From: David Scheidt To: The Unicorn Cc: freebsd-security@FreeBSD.ORG Subject: Re: ACLs In-Reply-To: <19990314081933.A438@unicorn.quux.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, 14 Mar 1999, The Unicorn wrote: :On Sat, Mar 13, 1999 at 07:26:52PM -0500, Robert Watson wrote: :> On Sat, 13 Mar 1999, Thomas Valentino Crimi wrote: :> BTW, I'd really like to get rid of hard links -- they allow users to :> retain copies of setuid files after the owner thinks they are deleted. : :They cause inconsistent semantics, but they are recorded in the inode as :the number of links to the file the inode holds information on. Therefor :any admin who is worth the money they receive for doing their task will :know that if the number of links to a file is greater than one another :hard link must exist. Searching the filesystem for another name :referring the same inode is then not a really hard thing to do... : You have to remeber to check, though. I don't look at the link count every time before I a rm a file. There are all sorts of people admining boxes who haven't sense to check for this. I suspect there are lots of otherwise competent people who don't even know to look for this. Removing the problem might be a better solution than trying to educate the world about it. :As far as I am aware there are backup utilities that DO preserve hard :links (if I am not mistaken GNU tar does). GNU tar does this, at least in modern versions. It may not have since the begining of time. Dump preserves this as well. : :Have a look at ls -l `which vi view ex` and think again about what hard :links contribute (then again similar functionality might be constructed :using soft-links; but they are much harder to administrate (read: keep :under control)) Programs which do different things depending on the name they are invoked under is not a feature. :Just my 0.02 euro. David Scheidt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message