From owner-freebsd-audit Sun Aug 26 0:24:13 2001 Delivered-To: freebsd-audit@freebsd.org Received: from mailman.zeta.org.au (mailman.zeta.org.au [203.26.10.16]) by hub.freebsd.org (Postfix) with ESMTP id AB2B537B407 for ; Sun, 26 Aug 2001 00:24:10 -0700 (PDT) (envelope-from bde@zeta.org.au) Received: from bde.zeta.org.au (bde.zeta.org.au [203.2.228.102]) by mailman.zeta.org.au (8.9.3/8.8.7) with ESMTP id RAA32082; Sun, 26 Aug 2001 17:24:02 +1000 Date: Sun, 26 Aug 2001 17:23:53 +1000 (EST) From: Bruce Evans X-X-Sender: To: Thomas Gellekum Cc: Subject: Re: RFC: statvfs(3) In-Reply-To: Message-ID: <20010826165751.D15568-100000@besplex.bde.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On 24 Aug 2001, Thomas Gellekum wrote: > here's a simple implementation of statvfs(3), which is mandated by > SUSV2. > > I'd welcome suggestions on how to deal with the f_namemax member of > struct statvfs. Currently the functions return PATH_MAX for it, but > this is probably wrong for some filesystem types. We could convert one Use [f]pathconf(). Use it with _PC_NAME_MAX, not with _PC_PATH_MAX. This is a little bogus, but works under FreeBSD. Under FreeBSD: - PATH_MAX is the same for all filesystems, since it is handled by vfs. - NAME_MAX is filesystem-dependent, so it is a bug for to define it. - pathconf() with _PC_NAME_MAX or _PC_PATH_MAX works for all types of files (POSIX only requires it to work for directories). Thus you don't have to worry about [f]pathconf() not working for the descriptor or path passed to [f]statvfs(). > of the f_spare* members in struct statfs (I'd prefer 'long f_spare[2]' > -> 'long f_namemax; long f_spare') and define a _PATH_MAX (in > ?) to initialize that for every filesystem type. Not necessary or useful. It's bogus that POSIX doesn't require pathconf(..., _PC_NAME_MAX) to work for non-directories, yet it apparently requires f_namemax to work for all files on the filesystem ([f]statvfs() is specified in POSIX.1-200x, but the semantics of f_namemax are fuzzy). Bruce To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Tue Aug 28 5:28: 4 2001 Delivered-To: freebsd-audit@freebsd.org Received: from axl.seasidesoftware.co.za (axl.seasidesoftware.co.za [196.31.7.201]) by hub.freebsd.org (Postfix) with ESMTP id 7595F37B403; Tue, 28 Aug 2001 05:28:00 -0700 (PDT) (envelope-from sheldonh@starjuice.net) Received: from sheldonh (helo=axl.seasidesoftware.co.za) by axl.seasidesoftware.co.za with local-esmtp (Exim 3.33 #1) id 15bhzu-000DAt-00; Tue, 28 Aug 2001 14:29:38 +0200 From: Sheldon Hearn To: Nik Clayton Cc: audit@FreeBSD.org Subject: Re: cvs commit: src/libexec/ftpd ftpcmd.y ftpd.8 ftpd.c In-reply-to: Your message of "Tue, 28 Aug 2001 04:59:21 MST." <200108281159.f7SBxLW31831@freefall.freebsd.org> Date: Tue, 28 Aug 2001 14:29:38 +0200 Message-ID: <50646.999001778@axl.seasidesoftware.co.za> Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, 28 Aug 2001 04:59:21 MST, Nik Clayton wrote: > Modified files: > libexec/ftpd ftpcmd.y ftpd.8 ftpd.c > Log: > Add a new option, '-o', for "Write-only". Disables the RETR command, > preventing anyone from downloading files. In conjunction with -A, and some > appropriate file permissions, this lets you create an anonymous FTP drop > box for people to upload files to. I plan to change this such that the impact of the -o flag only applies to guest (anonymous) users. I believe that this change will make the option more useful, because 1) Non-guest users can be influenced on an individual basis, i.e. you can close a single user's account. The guest users, on the other hand, are to be feared with respect to abuse by warez monkeys. Since guest users pose the "unstoppable threat", they're really the ones to whom this option should apply in the absence of a more configurable ftpd. 2) The proposed change will allow me to protect myself against warez monkeys abusing my anonymous upload directory while still allowing non-guest useres with real accounts to retrieve files as expected, without having to run a second instance of ftpd on a non-standard port. Ciao, Sheldon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Tue Aug 28 5:52:10 2001 Delivered-To: freebsd-audit@freebsd.org Received: from nothing-going-on.demon.co.uk (pc-62-31-42-140-hy.blueyonder.co.uk [62.31.42.140]) by hub.freebsd.org (Postfix) with ESMTP id 174F337B40A; Tue, 28 Aug 2001 05:52:02 -0700 (PDT) (envelope-from nik@nothing-going-on.demon.co.uk) Received: (from nik@localhost) by nothing-going-on.demon.co.uk (8.11.3/8.11.3) id f7SCoru44923; Tue, 28 Aug 2001 13:50:53 +0100 (BST) (envelope-from nik) Date: Tue, 28 Aug 2001 13:50:53 +0100 From: Nik Clayton To: Sheldon Hearn Cc: Nik Clayton , audit@FreeBSD.org Subject: Re: cvs commit: src/libexec/ftpd ftpcmd.y ftpd.8 ftpd.c Message-ID: <20010828135053.H46201@clan.nothing-going-on.org> References: <200108281159.f7SBxLW31831@freefall.freebsd.org> <50646.999001778@axl.seasidesoftware.co.za> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="BXr400anF0jyguTS" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <50646.999001778@axl.seasidesoftware.co.za>; from sheldonh@starjuice.net on Tue, Aug 28, 2001 at 02:29:38PM +0200 Organization: FreeBSD Project Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --BXr400anF0jyguTS Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Aug 28, 2001 at 02:29:38PM +0200, Sheldon Hearn wrote: >=20 >=20 > On Tue, 28 Aug 2001 04:59:21 MST, Nik Clayton wrote: >=20 > > Modified files: > > libexec/ftpd ftpcmd.y ftpd.8 ftpd.c=20 > > Log: > > Add a new option, '-o', for "Write-only". Disables the RETR command, > > preventing anyone from downloading files. In conjunction with -A, an= d some > > appropriate file permissions, this lets you create an anonymous FTP d= rop > > box for people to upload files to. >=20 > I plan to change this such that the impact of the -o flag only applies > to guest (anonymous) users. I believe that this change will make the > option more useful, because >=20 > 1) Non-guest users can be influenced on an individual basis, i.e. you > can close a single user's account. The guest users, on the other > hand, are to be feared with respect to abuse by warez monkeys. Since > guest users pose the "unstoppable threat", they're really the ones to > whom this option should apply in the absence of a more configurable > ftpd. >=20 > 2) The proposed change will allow me to protect myself against warez > monkeys abusing my anonymous upload directory while still allowing > non-guest useres with real accounts to retrieve files as expected, > without having to run a second instance of ftpd on a non-standard > port. That may be. But I also want an "all users" option. Yes, by careful setting of directory permissions, /etc/ftpusers, and so on, you can achieve the same effect. But I like defense in depth. So rather than relying on the file system settings, and other files, I'd like to enforce this at the ftpd level as well. N --=20 FreeBSD: The Power to Serve http://www.freebsd.org/ FreeBSD Documentation Project http://www.freebsd.org/docproj/ --- 15B8 3FFC DDB4 34B0 AA5F 94B7 93A8 0764 2C37 E375 --- --BXr400anF0jyguTS Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjuLk6sACgkQk6gHZCw343Wl8ACeJR5j56utbZl8jbgYd/zboFmH RdIAnid10kQHXBfSh6PkNzT64xaekwQl =xtdO -----END PGP SIGNATURE----- --BXr400anF0jyguTS-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Tue Aug 28 5:58:45 2001 Delivered-To: freebsd-audit@freebsd.org Received: from axl.seasidesoftware.co.za (axl.seasidesoftware.co.za [196.31.7.201]) by hub.freebsd.org (Postfix) with ESMTP id 84F3837B405; Tue, 28 Aug 2001 05:58:42 -0700 (PDT) (envelope-from sheldonh@starjuice.net) Received: from sheldonh (helo=axl.seasidesoftware.co.za) by axl.seasidesoftware.co.za with local-esmtp (Exim 3.33 #1) id 15biTg-000DHs-00; Tue, 28 Aug 2001 15:00:24 +0200 From: Sheldon Hearn To: Nik Clayton Cc: audit@FreeBSD.org Subject: Re: cvs commit: src/libexec/ftpd ftpcmd.y ftpd.8 ftpd.c In-reply-to: Your message of "Tue, 28 Aug 2001 13:50:53 +0100." <20010828135053.H46201@clan.nothing-going-on.org> Date: Tue, 28 Aug 2001 15:00:24 +0200 Message-ID: <51079.999003624@axl.seasidesoftware.co.za> Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, 28 Aug 2001 13:50:53 +0100, Nik Clayton wrote: > That may be. But I also want an "all users" option. I can't see how this would be useful, but I'll assume that there's a scenario you have to deal with and I don't have to deal with where it's necessary. Operating on that assumption, I propose -o for "write-only mode for all users" and -O for "write-only mode for guest (anonymouse & ftp) users". Ciao, Sheldon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Tue Aug 28 6:51:54 2001 Delivered-To: freebsd-audit@freebsd.org Received: from nothing-going-on.demon.co.uk (pc-62-31-42-140-hy.blueyonder.co.uk [62.31.42.140]) by hub.freebsd.org (Postfix) with ESMTP id 4E2C637B401; Tue, 28 Aug 2001 06:51:50 -0700 (PDT) (envelope-from nik@nothing-going-on.demon.co.uk) Received: (from nik@localhost) by nothing-going-on.demon.co.uk (8.11.3/8.11.3) id f7SDXe945327; Tue, 28 Aug 2001 14:33:40 +0100 (BST) (envelope-from nik) Date: Tue, 28 Aug 2001 14:33:40 +0100 From: Nik Clayton To: Sheldon Hearn Cc: Nik Clayton , audit@FreeBSD.org Subject: Re: cvs commit: src/libexec/ftpd ftpcmd.y ftpd.8 ftpd.c Message-ID: <20010828143340.I46201@clan.nothing-going-on.org> References: <20010828135053.H46201@clan.nothing-going-on.org> <51079.999003624@axl.seasidesoftware.co.za> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="svExV93C05KqedWb" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <51079.999003624@axl.seasidesoftware.co.za>; from sheldonh@starjuice.net on Tue, Aug 28, 2001 at 03:00:24PM +0200 Organization: FreeBSD Project Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --svExV93C05KqedWb Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Aug 28, 2001 at 03:00:24PM +0200, Sheldon Hearn wrote: > On Tue, 28 Aug 2001 13:50:53 +0100, Nik Clayton wrote: > > That may be. But I also want an "all users" option. >=20 > I can't see how this would be useful, but I'll assume that there's a > scenario you have to deal with and I don't have to deal with where it's > necessary. >=20 > Operating on that assumption, I propose -o for "write-only mode for all > users" and -O for "write-only mode for guest (anonymouse & ftp) users". Works for me. N --=20 FreeBSD: The Power to Serve http://www.freebsd.org/ FreeBSD Documentation Project http://www.freebsd.org/docproj/ --- 15B8 3FFC DDB4 34B0 AA5F 94B7 93A8 0764 2C37 E375 --- --svExV93C05KqedWb Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjuLnbQACgkQk6gHZCw343UHCwCeJmXGyC90PSelrlPbDo8+0Wxm bKEAnRPXSlJQv7PjQ6peS8bGBr+jJU7g =1Yu4 -----END PGP SIGNATURE----- --svExV93C05KqedWb-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Wed Aug 29 3:59:14 2001 Delivered-To: freebsd-audit@freebsd.org Received: from ida.interface-business.de (ida.interface-business.de [193.101.57.9]) by hub.freebsd.org (Postfix) with ESMTP id D829A37B406; Wed, 29 Aug 2001 03:58:58 -0700 (PDT) (envelope-from j@ida.interface-business.de) Received: (from j@localhost) by ida.interface-business.de id f7TAwiO60957; Wed, 29 Aug 2001 12:58:44 +0200 (MET DST) Date: Wed, 29 Aug 2001 12:58:44 +0200 From: Joerg Wunsch To: audit@freebsd.org Cc: ache@freebsd.org, security@freebsd.org Subject: -a in opiekey(1) doesn't work Message-ID: <20010829125844.E60434@ida.interface-business.de> Reply-To: Joerg Wunsch Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i X-Phone: +49-351-31809-14 X-PGP-Fingerprint: DC 47 E6 E4 FF A6 E9 8F 93 21 E0 7D F9 12 D6 4E Organization: interface systems GmbH, Dresden Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Dunno who's the best person to tell this. The -a option to opiekey(1) is supposed to suppress password checking, but closer inspection of the code reveals that the value of `aflag' is properly set when the option is provided, but then never used again. This prevents opiekey from becoming a full replacement of the old skey program for users who used to have too short secret passwords. We should either remove it completely if we think providing this option is a bad idea from the beginning, or make it work as advertised. The patch below implements the latter. (Btw., the check against (flags & 2) isn't useful either since flags is passed from the caller as either 0 or 1, hard-coded. We could set flag 2 when aflag is set, but that'd mean to modify 6 calls to opiereadpass() instead of a single line of change as suggested below.) Index: contrib/opie/opiekey.c =================================================================== RCS file: /home/ncvs/src/contrib/opie/opiekey.c,v retrieving revision 1.1.1.2.6.1 diff -u -r1.1.1.2.6.1 opiekey.c --- contrib/opie/opiekey.c 2000/06/09 07:14:56 1.1.1.2.6.1 +++ contrib/opie/opiekey.c 2001/08/29 10:02:02 @@ -116,7 +116,7 @@ } memset(verify, 0, sizeof(verify)); } - if (!(flags & 2) && opiepasscheck(secret)) { + if (!(flags & 2) && !aflag && opiepasscheck(secret)) { memset(secret, 0, sizeof(secret)); fprintf(stderr, "Secret pass phrases must be between %d and %d characters long.\n", OPIE_SECRET_MIN, OPIE_SECRET_MAX); exit(1); -- J"org Wunsch Unix support engineer joerg_wunsch@interface-systems.de http://www.interface-systems.de/~j/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Wed Aug 29 4:43:20 2001 Delivered-To: freebsd-audit@freebsd.org Received: from axl.seasidesoftware.co.za (axl.seasidesoftware.co.za [196.31.7.201]) by hub.freebsd.org (Postfix) with ESMTP id 87CF337B403; Wed, 29 Aug 2001 04:43:11 -0700 (PDT) (envelope-from sheldonh@starjuice.net) Received: from sheldonh (helo=axl.seasidesoftware.co.za) by axl.seasidesoftware.co.za with local-esmtp (Exim 3.33 #1) id 15c3m8-000JaL-00; Wed, 29 Aug 2001 13:44:52 +0200 From: Sheldon Hearn To: Nik Clayton Cc: audit@FreeBSD.org Subject: Re: cvs commit: src/libexec/ftpd ftpcmd.y ftpd.8 ftpd.c In-reply-to: Your message of "Tue, 28 Aug 2001 15:00:24 +0200." <51079.999003624@axl.seasidesoftware.co.za> Date: Wed, 29 Aug 2001 13:44:52 +0200 Message-ID: <75288.999085492@axl.seasidesoftware.co.za> Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, 28 Aug 2001 15:00:24 +0200, Sheldon Hearn wrote: > Operating on that assumption, I propose -o for "write-only mode for all > users" and -O for "write-only mode for guest (anonymouse & ftp) users". Here is the patch I propose. Note: 1) Andrey Chernov has made the worthwhile observation that command-line options for this behaviour are not ideal. Really, ftpd should allow more flexible configuration through a configuration file. That said, the functionality added by Nik serves a definite purpose even without the additional flexibility Andrey speaks of. My patch only serves to make Nik's new feature useful in what I consider the more likely scenario. This is feature creep. My feeling, though, is that Nik's new feature doesn't make much sense without this "companion" option. Either both should be present or the first (-o) should be backed out. 2) The existing manual page's SYNOPSIS and option listing in the DESCRIPTION are already horribly disordered. No attempt has been made to fix this. 3) The existing source's getopt() optstring and option handling switch are already horribly disordered. No attempt has been made to fix this. Ciao, Sheldon. Index: ftpcmd.y =================================================================== RCS file: /home/ncvs/src/libexec/ftpd/ftpcmd.y,v retrieving revision 1.27 diff -u -d -r1.27 ftpcmd.y --- ftpcmd.y 28 Aug 2001 11:59:20 -0000 1.27 +++ ftpcmd.y 29 Aug 2001 11:38:18 -0000 @@ -94,6 +94,7 @@ extern int readonly; extern int noepsv; extern int noretr; +extern int noguestretr; off_t restart_point; @@ -440,7 +441,7 @@ } | RETR check_login SP pathname CRLF { - if (noretr) + if (noretr || (guest && noguestretr)) reply(500, "RETR command is disabled"); else if ($2 && $4 != NULL) retrieve((char *) 0, $4); Index: ftpd.8 =================================================================== RCS file: /home/ncvs/src/libexec/ftpd/ftpd.8,v retrieving revision 1.42 diff -u -d -r1.42 ftpd.8 --- ftpd.8 28 Aug 2001 11:59:21 -0000 1.42 +++ ftpd.8 29 Aug 2001 11:31:21 -0000 @@ -51,6 +51,7 @@ .Op Fl U .Op Fl r .Op Fl o +.Op Fl O .Op Fl E .Op Fl T Ar maxtimeout .Op Fl t Ar timeout @@ -161,6 +162,12 @@ .It Fl o Put server in write-only mode. RETR is disabled, preventing downloads. +.It Fl O +Put server in write-only mode for anonymous users only. +RETR is disabled for anonymous users, preventing anonymous downloads. +This has no effect if +.Fl o +is also specified. .It Fl E Disable the EPSV command. This is useful for servers behind older firewalls. Index: ftpd.c =================================================================== RCS file: /home/ncvs/src/libexec/ftpd/ftpd.c,v retrieving revision 1.80 diff -u -d -r1.80 ftpd.c --- ftpd.c 28 Aug 2001 11:59:21 -0000 1.80 +++ ftpd.c 29 Aug 2001 11:36:52 -0000 @@ -150,6 +150,7 @@ int readonly=0; /* Server is in readonly mode. */ int noepsv=0; /* EPSV command is disabled. */ int noretr=0; /* RETR command is disabled. */ +int noguestretr=0; /* RETR command is disabled for anon users. */ sig_atomic_t transflag; off_t file_size; @@ -301,7 +302,7 @@ #endif /* OLD_SETPROCTITLE */ - while ((ch = getopt(argc, argv, "AdlDESURrt:T:u:voa:p:46")) != -1) { + while ((ch = getopt(argc, argv, "AdlDESURrt:T:u:vOoa:p:46")) != -1) { switch (ch) { case 'D': daemon_mode++; @@ -382,6 +383,10 @@ case '6': family = AF_INET6; + break; + + case 'O': + noguestretr = 1; break; case 'o': To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Wed Aug 29 6:11: 4 2001 Delivered-To: freebsd-audit@freebsd.org Received: from nagual.pp.ru (pobrecita.freebsd.ru [194.87.13.42]) by hub.freebsd.org (Postfix) with ESMTP id 3F06737B406; Wed, 29 Aug 2001 06:10:58 -0700 (PDT) (envelope-from ache@nagual.pp.ru) Received: (from ache@localhost) by nagual.pp.ru (8.11.6/8.11.6) id f7TDAdc69656; Wed, 29 Aug 2001 17:10:40 +0400 (MSD) (envelope-from ache) Date: Wed, 29 Aug 2001 17:10:36 +0400 From: "Andrey A. Chernov" To: Joerg Wunsch Cc: audit@freebsd.org, security@freebsd.org Subject: Re: -a in opiekey(1) doesn't work Message-ID: <20010829171034.A69622@nagual.pp.ru> References: <20010829125844.E60434@ida.interface-business.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20010829125844.E60434@ida.interface-business.de> User-Agent: Mutt/1.3.21i Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, Aug 29, 2001 at 12:58:44 +0200, Joerg Wunsch wrote: > - if (!(flags & 2) && opiepasscheck(secret)) { > + if (!(flags & 2) && !aflag && opiepasscheck(secret)) { Ok from me. -- Andrey A. Chernov http://ache.pp.ru/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Wed Aug 29 22:19:35 2001 Delivered-To: freebsd-audit@freebsd.org Received: from bazooka.unixfreak.org (bazooka.unixfreak.org [63.198.170.138]) by hub.freebsd.org (Postfix) with ESMTP id 6DBDF37B407 for ; Wed, 29 Aug 2001 22:19:30 -0700 (PDT) (envelope-from dima@unixfreak.org) Received: by bazooka.unixfreak.org (Postfix, from userid 1000) id 775393E2F; Wed, 29 Aug 2001 22:19:28 -0700 (PDT) Received: from bazooka.unixfreak.org (localhost [127.0.0.1]) by bazooka.unixfreak.org (Postfix) with ESMTP id 6A8733C12D for ; Wed, 29 Aug 2001 22:19:28 -0700 (PDT) To: audit@freebsd.org Subject: syslogd option to bind to specific address Date: Wed, 29 Aug 2001 22:19:23 -0700 From: Dima Dorfman Message-Id: <20010830051928.775393E2F@bazooka.unixfreak.org> Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Please review the attacehd patch to: Introduce a -b option that allows the user to specify which address to bind to. This is useful for hosts running jails that need syslog to maintain an open socket to log to a remote host. Thanks. Index: syslogd.8 =================================================================== RCS file: /home/ncvs/src/usr.sbin/syslogd/syslogd.8,v retrieving revision 1.40 diff -u -r1.40 syslogd.8 --- syslogd.8 2001/08/27 11:04:09 1.40 +++ syslogd.8 2001/08/27 11:11:10 @@ -42,6 +42,7 @@ .Nm .Op Fl 46Adknsuv .Op Fl a Ar allowed_peer +.Op Fl b Ar bind_address .Op Fl f Ar config_file .Op Fl m Ar mark_interval .Op Fl p Ar log_socket @@ -151,6 +152,10 @@ options are ignored if the .Fl s option is also specified. +.It Fl b Ar bind_address +Specify one specific IP address or hostname to bind to. +If a hostname is specified, +the IPv4 or IPv6 address which corresponds to it is used. .It Fl d Put .Nm Index: syslogd.c =================================================================== RCS file: /home/ncvs/src/usr.sbin/syslogd/syslogd.c,v retrieving revision 1.80 diff -u -r1.80 syslogd.c --- syslogd.c 2001/07/19 22:04:09 1.80 +++ syslogd.c 2001/08/27 11:11:11 @@ -291,7 +291,7 @@ void die __P((int)); void domark __P((int)); void fprintlog __P((struct filed *, int, char *)); -int* socksetup __P((int)); +int* socksetup __P((int, const char *)); void init __P((int)); void logerror __P((const char *)); void logmsg __P((int, char *, char *, int)); @@ -319,13 +319,15 @@ struct sockaddr_storage frominet; FILE *fp; char *p, *hname, line[MAXLINE + 1]; + const char *bindhostname; struct timeval tv, *tvp; struct sigaction sact; sigset_t mask; pid_t ppid = 1; socklen_t len; - while ((ch = getopt(argc, argv, "46Aa:df:kl:m:np:P:suv")) != -1) + bindhostname = NULL; + while ((ch = getopt(argc, argv, "46Aa:b:df:kl:m:np:P:suv")) != -1) switch (ch) { case '4': family = PF_INET; @@ -342,6 +344,9 @@ if (allowaddr(optarg) == -1) usage(); break; + case 'b': + bindhostname = optarg; + break; case 'd': /* debug */ Debug++; break; @@ -447,7 +452,7 @@ } } if (SecureMode <= 1) - finet = socksetup(family); + finet = socksetup(family, bindhostname); if (finet) { if (SecureMode) { @@ -2235,8 +2240,9 @@ } int * -socksetup(af) +socksetup(af, bindhostname) int af; + const char *bindhostname; { struct addrinfo hints, *res, *r; int error, maxs, *s, *socks; @@ -2245,7 +2251,7 @@ hints.ai_flags = AI_PASSIVE; hints.ai_family = af; hints.ai_socktype = SOCK_DGRAM; - error = getaddrinfo(NULL, "syslog", &hints, &res); + error = getaddrinfo(bindhostname, "syslog", &hints, &res); if (error) { logerror(gai_strerror(error)); errno = 0; To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Thu Aug 30 1:32:13 2001 Delivered-To: freebsd-audit@freebsd.org Received: from axl.seasidesoftware.co.za (axl.seasidesoftware.co.za [196.31.7.201]) by hub.freebsd.org (Postfix) with ESMTP id 9D9B737B403 for ; Thu, 30 Aug 2001 01:32:10 -0700 (PDT) (envelope-from sheldonh@starjuice.net) Received: from sheldonh (helo=axl.seasidesoftware.co.za) by axl.seasidesoftware.co.za with local-esmtp (Exim 3.33 #1) id 15cNFU-000PCR-00; Thu, 30 Aug 2001 10:32:28 +0200 From: Sheldon Hearn To: Dima Dorfman Cc: audit@freebsd.org Subject: Re: syslogd option to bind to specific address In-reply-to: Your message of "Wed, 29 Aug 2001 22:19:23 MST." <20010830051928.775393E2F@bazooka.unixfreak.org> Date: Thu, 30 Aug 2001 10:32:28 +0200 Message-ID: <96870.999160348@axl.seasidesoftware.co.za> Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, 29 Aug 2001 22:19:23 MST, Dima Dorfman wrote: > Please review the attacehd patch to: > > Introduce a -b option that allows the user to specify which address to > bind to. This is useful for hosts running jails that need syslog to > maintain an open socket to log to a remote host. I like it. Ciao, Sheldon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Thu Aug 30 9:33:23 2001 Delivered-To: freebsd-audit@freebsd.org Received: from whale.sunbay.crimea.ua (whale.sunbay.crimea.ua [212.110.138.65]) by hub.freebsd.org (Postfix) with ESMTP id ABC7737B405; Thu, 30 Aug 2001 09:31:31 -0700 (PDT) (envelope-from ru@whale.sunbay.crimea.ua) Received: (from ru@localhost) by whale.sunbay.crimea.ua (8.11.2/8.11.2) id f7UGV4839662; Thu, 30 Aug 2001 19:31:04 +0300 (EEST) (envelope-from ru) Date: Thu, 30 Aug 2001 19:31:04 +0300 From: Ruslan Ermilov To: audit@FreeBSD.org Subject: find(1) -flags Message-ID: <20010830193104.D3955@sunbay.com> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="VbJkn9YxBvnuCH5J" Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --VbJkn9YxBvnuCH5J Content-Type: text/plain; charset=us-ascii Content-Disposition: inline [Bcc'ed to -current] Hi! The current implementation of find(1) -flags primitive is a bit icky and does not match the (poorly) documented behavior. For example, the fact that only a certain set of file flags is recognized is not documented, and there is no reason for this behavior. Also, "no" flags don't take the desired effect to match files that have corresponding flag bits unset. The attached patch extends -flags functionality as follows: : -flags [-|+], : The flags are specified using symbolic names (see chflags(1)). : Those with the "no" prefix (except "nodump") are said to be : . Flags in are checked to be set, and flags in : are checked to be not set. Note that this is different : from -perm, which only allows you to specify mode bits that are set. : : If flags are preceded by a dash (``-''), this primary evaluates : to true if at least all of the bits in and none of the bits : in are set in the file's flags bits. If flags are pre- : ceded by a plus (``+''), this primary evaluates to true if any of : the bits in is set in the file's flags bits, or any of the : bits in is not set in the file's flags bits. Otherwise, : this primary evaluates to true if the bits in exactly match : the file's flags bits, and none of the flags bits match those of : . Please review. Cheers, -- Ruslan Ermilov Oracle Developer/DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age --VbJkn9YxBvnuCH5J Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename=p Index: find.1 =================================================================== RCS file: /home/ncvs/src/usr.bin/find/find.1,v retrieving revision 1.36 diff -u -p -r1.36 find.1 --- find.1 2001/06/29 12:59:20 1.36 +++ find.1 2001/08/30 16:27:29 @@ -428,45 +428,90 @@ matched explicitly. Like .Ic -path , but the match is case insensitive. -.It Ic -perm Oo Fl Oc Ns Ar mode +.It Ic -perm Oo Cm - Ns | Ns Cm + Oc Ns Ar mode The .Ar mode may be either symbolic (see .Xr chmod 1 ) or an octal number. -If the mode is symbolic, a starting value of zero is assumed and the -mode sets or clears permissions without regard to the process' file mode +If the +.Ar mode +is symbolic, a starting value of zero is assumed and the +.Ar mode +sets or clears permissions without regard to the process' file mode creation mask. -If the mode is octal, only bits 07777 +If the +.Ar mode +is octal, only bits 07777 .Pq Dv S_ISUID | S_ISGID | S_ISTXT | S_IRWXU | S_IRWXG | S_IRWXO of the file's mode bits participate in the comparison. -If the mode is preceded by a dash +If the +.Ar mode +is preceded by a dash .Pq Dq Li - , this primary evaluates to true -if at least all of the bits in the mode are set in the file's mode bits. -If the mode is preceded by a plus +if at least all of the bits in the +.Ar mode +are set in the file's mode bits. +If the +.Ar mode +is preceded by a plus .Pq Dq Li + , this primary evaluates to true -if any of the bits in the mode are set in the file's mode bits. +if any of the bits in the +.Ar mode +are set in the file's mode bits. Otherwise, this primary evaluates to true if -the bits in the mode exactly match the file's mode bits. +the bits in the +.Ar mode +exactly match the file's mode bits. Note, the first character of a symbolic mode may not be a dash .Pq Dq Li - . -.It Ic -flags Op Fl Ns Ar flags -This primary evaluates to true if exactly those flags of the file are -set which are also set using the specified -.Ar flags -(if these are not preceded by a dash -.Pq Dq Li - , -or if they match the specified flags (if these are preceded by a dash). -The -.Ar flags -are specified using symbolic names (see +.It Ic -flags Oo Cm - Ns | Ns Cm + Oc Ns Ar flags , Ns Ar notflags +The flags are specified using symbolic names (see .Xr chflags 1 ) . +Those with the +.Qq Li no +prefix (except +.Qq Li nodump ) +are said to be +.Ar notflags . +Flags in +.Ar flags +are checked to be set, and flags in +.Ar notflags +are checked to be not set. Note that this is different from .Ic -perm , -which only allows you to specify flags which are set. +which only allows you to specify mode bits that are set. +.Pp +If flags are preceded by a dash +.Pq Dq Li - , +this primary evaluates to true +if at least all of the bits in +.Ar flags +and none of the bits in +.Ar notflags +are set in the file's flags bits. +If flags are preceded by a plus +.Pq Dq Li + , +this primary evaluates to true +if any of the bits in +.Ar flags +is set in the file's flags bits, +or any of the bits in +.Ar notflags +is not set in the file's flags bits. +Otherwise, +this primary evaluates to true +if the bits in +.Ar flags +exactly match the file's flags bits, +and none of the +.Ar flags +bits match those of +.Ar notflags . .It Ic -print This primary always evaluates to true. It prints the pathname of the current file to standard output. Index: find.h =================================================================== RCS file: /home/ncvs/src/usr.bin/find/find.h,v retrieving revision 1.11 diff -u -p -r1.11 find.h --- find.h 2001/05/03 18:05:34 1.11 +++ find.h 2001/08/30 16:27:29 @@ -81,7 +81,7 @@ typedef struct _plandata { mode_t _m_data; /* mode mask */ struct { u_long _f_flags; - u_long _f_mask; + u_long _f_notflags; } fl; nlink_t _l_data; /* link count */ off_t _o_data; /* file size */ @@ -102,7 +102,7 @@ typedef struct _plandata { #define a_data p_un._a_data #define c_data p_un._c_data #define fl_flags p_un.fl._f_flags -#define fl_mask p_un.fl._f_mask +#define fl_notflags p_un.fl._f_notflags #define g_data p_un._g_data #define i_data p_un._i_data #define l_data p_un._l_data Index: function.c =================================================================== RCS file: /home/ncvs/src/usr.bin/find/function.c,v retrieving revision 1.32 diff -u -p -r1.32 function.c --- function.c 2001/08/30 13:17:58 1.32 +++ function.c 2001/08/30 16:28:02 @@ -550,16 +550,16 @@ f_flags(plan, entry) { u_long flags; - flags = entry->fts_statp->st_flags & - (UF_NODUMP | UF_IMMUTABLE | UF_APPEND | UF_OPAQUE | - SF_ARCHIVED | SF_IMMUTABLE | SF_APPEND); + flags = entry->fts_statp->st_flags; if (plan->flags & F_ATLEAST) - /* note that plan->fl_flags always is a subset of - plan->fl_mask */ - return (flags & plan->fl_mask) == plan->fl_flags; + return (flags | plan->fl_flags) == flags && + !(flags & plan->fl_notflags); + else if (plan->flags & F_ANY) + return (flags & plan->fl_flags) || + (flags | plan->fl_notflags) != flags; else - return flags == plan->fl_flags; - /* NOTREACHED */ + return flags == plan->fl_flags && + !(plan->fl_flags & plan->fl_notflags); } PLAN * @@ -579,12 +579,15 @@ c_flags(option, argvp) if (*flags_str == '-') { new->flags |= F_ATLEAST; flags_str++; + } else if (*flags_str == '+') { + new->flags |= F_ANY; + flags_str++; } if (strtofflags(&flags_str, &flags, ¬flags) == 1) errx(1, "%s: %s: illegal flags string", option->name, flags_str); new->fl_flags = flags; - new->fl_mask = flags | notflags; + new->fl_notflags = notflags; return new; } --VbJkn9YxBvnuCH5J-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Thu Aug 30 11:12:58 2001 Delivered-To: freebsd-audit@freebsd.org Received: from ida.interface-business.de (ida.interface-business.de [193.101.57.9]) by hub.freebsd.org (Postfix) with ESMTP id 4BF8E37B403; Thu, 30 Aug 2001 11:12:45 -0700 (PDT) (envelope-from j@ida.interface-business.de) Received: (from j@localhost) by ida.interface-business.de id f7UIB3F70486; Thu, 30 Aug 2001 20:11:03 +0200 (MET DST) Date: Thu, 30 Aug 2001 20:11:02 +0200 From: Joerg Wunsch To: audit@freebsd.org Cc: security@freebsd.org Subject: why does telnetd run as root? Message-ID: <20010830201102.O69247@ida.interface-business.de> Reply-To: Joerg Wunsch Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i X-Phone: +49-351-31809-14 X-PGP-Fingerprint: DC 47 E6 E4 FF A6 E9 8F 93 21 E0 7D F9 12 D6 4E Organization: interface systems GmbH, Dresden Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Upon answering the question in , i noticed that the only reason for it is that login(1) currently requires root permissions in case -h hostname is given on its invocation. (Port 23 is bound by inetd anyway.) But then, it's IMHO much safer to run telnetd as user `daemon', and have login(1) allow user daemon to pass -h. This minimally increases the chance that someone might fake a hostname to be logged in utmp/wtmp (although user dameon is not supposed to be a usable account anyway), but adds us the ability to run telnetd with the little-privileged ID of daemon, so the next buffer overflow at least won't pose a root compromise... Index: login.c =================================================================== RCS file: /home/ncvs/src/usr.bin/login/login.c,v retrieving revision 1.51.2.11 diff -u -r1.51.2.11 login.c --- login.c 2001/08/07 09:28:52 1.51.2.11 +++ login.c 2001/08/30 16:17:46 @@ -131,6 +131,7 @@ #define DEFAULT_RETRIES 10 #define DEFAULT_PROMPT "login: " #define DEFAULT_PASSWD_PROMPT "Password:" +#define DAEMONUSER "daemon" /* * This bounds the time given to login. Not a define so it can @@ -158,7 +159,7 @@ struct utmp utmp; int rootok, retries, backoff; int ask, ch, cnt, fflag, hflag, pflag, quietlog, rootlogin, rval; - int changepass; + int changepass, allowhopt; time_t warntime; uid_t uid, euid; gid_t egid; @@ -167,6 +168,7 @@ char tname[sizeof(_PATH_TTY) + 10]; char *shell = NULL; login_cap_t *lc = NULL; + struct passwd *daemonuser; #ifdef USE_PAM pid_t pid; int e; @@ -201,13 +203,26 @@ uid = getuid(); euid = geteuid(); egid = getegid(); + /* + * Try finding user "daemon". If it exists, we will allow it to + * set the -h option, in addition to uid == 0. This allows telnetd + * to be run as daemon instead of root. + */ + allowhopt = 0; + if (uid == 0) + allowhopt = 1; + else { + daemonuser = getpwnam(DAEMONUSER); + if (daemonuser && uid == daemonuser->pw_uid) + allowhopt = 1; + } while ((ch = getopt(argc, argv, "fh:p")) != -1) switch (ch) { case 'f': fflag = 1; break; case 'h': - if (uid) + if (!allowhopt) errx(1, "-h option: %s", strerror(EPERM)); hflag = 1; strncpy(full_hostname, optarg, sizeof(full_hostname)-1); -- J"org Wunsch Unix support engineer joerg_wunsch@interface-systems.de http://www.interface-systems.de/~j/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Thu Aug 30 11:18:34 2001 Delivered-To: freebsd-audit@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id 9D95137B639; Thu, 30 Aug 2001 11:18:25 -0700 (PDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.11.4/8.11.4) id f7UIHNa66577; Thu, 30 Aug 2001 14:17:23 -0400 (EDT) (envelope-from wollman) Date: Thu, 30 Aug 2001 14:17:23 -0400 (EDT) From: Garrett Wollman Message-Id: <200108301817.f7UIHNa66577@khavrinen.lcs.mit.edu> To: Joerg Wunsch Cc: audit@FreeBSD.ORG, security@FreeBSD.ORG Subject: why does telnetd run as root? In-Reply-To: <20010830201102.O69247@ida.interface-business.de> References: <20010830201102.O69247@ida.interface-business.de> Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG < said: > But then, it's IMHO much safer to run telnetd as user > `daemon', and have login(1) allow user daemon to pass -h. Only works for cleartext password authentication. -GAWollman To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Aug 31 4:38: 2 2001 Delivered-To: freebsd-audit@freebsd.org Received: from ida.interface-business.de (ida.interface-business.de [193.101.57.9]) by hub.freebsd.org (Postfix) with ESMTP id ADFA237B401; Fri, 31 Aug 2001 04:37:55 -0700 (PDT) Received: (from j@localhost) by ida.interface-business.de id f7VBbn777148; Fri, 31 Aug 2001 13:37:49 +0200 (MET DST) Date: Fri, 31 Aug 2001 13:37:49 +0200 From: Joerg Wunsch To: Garrett Wollman Cc: audit@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: why does telnetd run as root? Message-ID: <20010831133749.H76749@ida.interface-business.de> Reply-To: Joerg Wunsch References: <20010830201102.O69247@ida.interface-business.de> <200108301817.f7UIHNa66577@khavrinen.lcs.mit.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200108301817.f7UIHNa66577@khavrinen.lcs.mit.edu>; from wollman@khavrinen.lcs.mit.edu on Thu, Aug 30, 2001 at 02:17:23PM -0400 X-Phone: +49-351-31809-14 X-PGP-Fingerprint: DC 47 E6 E4 FF A6 E9 8F 93 21 E0 7D F9 12 D6 4E Organization: interface systems GmbH, Dresden Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG As Garrett Wollman wrote: > < said: > > > But then, it's IMHO much safer to run telnetd as user > > `daemon', and have login(1) allow user daemon to pass -h. > > Only works for cleartext password authentication. Not really, but you're right, it doesn't work for SRA telnet. It works for anything that can be handled by /usr/bin/login, i just tried OPIE which does well. Still, allowing this as an option seems useful to me. (If i want encryption, i'll use ssh anyway. Telnet is only a fallback if no encryption is available for whatever reason. It is very unlikely i'll find a client that could do SRA telnet but could not do ssh.) -- J"org Wunsch Unix support engineer joerg_wunsch@interface-systems.de http://www.interface-systems.de/~j/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Aug 31 9:20:43 2001 Delivered-To: freebsd-audit@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id D35EF37B406; Fri, 31 Aug 2001 09:20:39 -0700 (PDT) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.11.4/8.11.4) id f7VGKRg78913; Fri, 31 Aug 2001 12:20:27 -0400 (EDT) (envelope-from wollman) Date: Fri, 31 Aug 2001 12:20:27 -0400 (EDT) From: Garrett Wollman Message-Id: <200108311620.f7VGKRg78913@khavrinen.lcs.mit.edu> To: Joerg Wunsch Cc: audit@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: why does telnetd run as root? In-Reply-To: <20010831133749.H76749@ida.interface-business.de> References: <20010830201102.O69247@ida.interface-business.de> <200108301817.f7UIHNa66577@khavrinen.lcs.mit.edu> <20010831133749.H76749@ida.interface-business.de> Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG < said: > Not really, but you're right, it doesn't work for SRA telnet. Doesn't work for Kerberos either. -GAWollman To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Aug 31 13: 5:25 2001 Delivered-To: freebsd-audit@freebsd.org Received: from Veronica.wmol.com (veronica.wmol.com [208.242.83.241]) by hub.freebsd.org (Postfix) with ESMTP id 6F2AC37B401 for ; Fri, 31 Aug 2001 13:05:21 -0700 (PDT) Received: from rain.hill.hom (24.247.81.122.bay.mi.chartermi.net [24.247.81.122]) by Veronica.wmol.com (Vircom SMTPRS 5.0.193) with ESMTP id for ; Fri, 31 Aug 2001 16:02:55 -0400 Date: Fri, 31 Aug 2001 16:04:14 -0400 From: David Hill To: audit@freebsd.org Subject: users.c PATCH - please review Message-Id: <20010831160414.7125e88e.david@phobia.ms> X-Mailer: Sylpheed version 0.6.0 (GTK+ 1.2.10; i386-unknown-freebsd5.0) Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="Multipart_Fri__31_Aug_2001_16:04:14_-0400_08178600" Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG This is a multi-part message in MIME format. --Multipart_Fri__31_Aug_2001_16:04:14_-0400_08178600 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Hello - I have patched users/users.c so that it will compile under WARNS?=2. I have both attached and cut/pasted it to the message. Please review it. Thanks - David Hill diff -ru /usr/src/usr.bin/users.orig/Makefile /usr/src/usr.bin/users/Makefile --- /usr/src/usr.bin/users.orig/Makefile Fri May 27 08:33:16 1994 +++ /usr/src/usr.bin/users/Makefile Fri Aug 31 15:57:39 2001 @@ -1,5 +1,6 @@ # @(#)Makefile 8.1 (Berkeley) 6/6/93 PROG= users +WARNS?= 2 .include diff -ru /usr/src/usr.bin/users.orig/users.c /usr/src/usr.bin/users/users.c --- /usr/src/usr.bin/users.orig/users.c Fri Aug 27 21:07:14 1999 +++ /usr/src/usr.bin/users/users.c Fri Aug 31 15:58:20 2001 @@ -117,5 +117,8 @@ scmp(p, q) const void *p, *q; { - return(strncmp((char *)p, (char *)q, UT_NAMESIZE)); + const char *const pp1 = p; + const char *const pp2 = q; + + return(strncmp(pp1, pp2, UT_NAMESIZE)); } --Multipart_Fri__31_Aug_2001_16:04:14_-0400_08178600 Content-Type: application/octet-stream; name="users.c.patch" Content-Disposition: attachment; filename="users.c.patch" Content-Transfer-Encoding: base64 ZGlmZiAtcnUgL3Vzci9zcmMvdXNyLmJpbi91c2Vycy5vcmlnL01ha2VmaWxlIC91c3Ivc3JjL3Vz ci5iaW4vdXNlcnMvTWFrZWZpbGUKLS0tIC91c3Ivc3JjL3Vzci5iaW4vdXNlcnMub3JpZy9NYWtl ZmlsZQlGcmkgTWF5IDI3IDA4OjMzOjE2IDE5OTQKKysrIC91c3Ivc3JjL3Vzci5iaW4vdXNlcnMv TWFrZWZpbGUJRnJpIEF1ZyAzMSAxNTo1NzozOSAyMDAxCkBAIC0xLDUgKzEsNiBAQAogIwlAKCMp TWFrZWZpbGUJOC4xIChCZXJrZWxleSkgNi82LzkzCiAKIFBST0c9CXVzZXJzCitXQVJOUz89IDIK IAogLmluY2x1ZGUgPGJzZC5wcm9nLm1rPgpkaWZmIC1ydSAvdXNyL3NyYy91c3IuYmluL3VzZXJz Lm9yaWcvdXNlcnMuYyAvdXNyL3NyYy91c3IuYmluL3VzZXJzL3VzZXJzLmMKLS0tIC91c3Ivc3Jj L3Vzci5iaW4vdXNlcnMub3JpZy91c2Vycy5jCUZyaSBBdWcgMjcgMjE6MDc6MTQgMTk5OQorKysg L3Vzci9zcmMvdXNyLmJpbi91c2Vycy91c2Vycy5jCUZyaSBBdWcgMzEgMTU6NTg6MjAgMjAwMQpA QCAtMTE3LDUgKzExNyw4IEBACiBzY21wKHAsIHEpCiAJY29uc3Qgdm9pZCAqcCwgKnE7CiB7Ci0J cmV0dXJuKHN0cm5jbXAoKGNoYXIgKilwLCAoY2hhciAqKXEsIFVUX05BTUVTSVpFKSk7CisJY29u c3QgY2hhciAqY29uc3QgcHAxID0gcDsKKwljb25zdCBjaGFyICpjb25zdCBwcDIgPSBxOworCQor CXJldHVybihzdHJuY21wKHBwMSwgcHAyLCBVVF9OQU1FU0laRSkpOwogfQo= --Multipart_Fri__31_Aug_2001_16:04:14_-0400_08178600-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Aug 31 13:56:13 2001 Delivered-To: freebsd-audit@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id E3EDE37B403; Fri, 31 Aug 2001 13:56:06 -0700 (PDT) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.11.5/8.11.5) with SMTP id f7VKu0P11997; Fri, 31 Aug 2001 16:56:01 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Fri, 31 Aug 2001 16:56:00 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: "Andrew R. Reiter" Cc: freebsd-audit@FreeBSD.org, freebsd-security@FreeBSD.org Subject: Re: setlogincontext() modifications. In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I guess my response would actually be surprise that it isn't used already. :-) Do those use setusercontext() at all? Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services On Wed, 22 Aug 2001, Andrew R. Reiter wrote: > Hi, > > I plan on doing some patches for adding setlogincontext() calls to: > > libexec/: > atrun/atrun.c > ftpd/ftpd.c > rshd/rshd.c > uucpd/uucpd.c > > as an initial step towards seeing how people react. If people can perhaps > recommend a couple more from other parts of the tree that I could write > patches for, that would be great. I ask this so that I can perhaps get a > bit more of a reaction from some people as this type of patch will effect > some network daemons etc... > > Thanks, > > Andrew > > *-------------................................................. > | Andrew R. Reiter > | arr@fledge.watson.org > | "It requires a very unusual mind > | to undertake the analysis of the obvious" -- A.N. Whitehead > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-audit" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sat Sep 1 8:21: 2 2001 Delivered-To: freebsd-audit@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id BE82837B409; Sat, 1 Sep 2001 08:20:55 -0700 (PDT) Received: from localhost (arr@localhost) by fledge.watson.org (8.11.6/8.11.5) with SMTP id f81FKo022547; Sat, 1 Sep 2001 11:20:50 -0400 (EDT) (envelope-from arr@watson.org) Date: Sat, 1 Sep 2001 11:20:50 -0400 (EDT) From: "Andrew R. Reiter" To: Robert Watson Cc: freebsd-audit@FreeBSD.org, freebsd-security@FreeBSD.org Subject: Re: setlogincontext() modifications. In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Actually yes... as of 4.4-RC, the following utilize setusercontext(): ftpd/ftpd.c: setusercontext(lc, pw, (uid_t)0, LOGIN_SETLOGIN|LOGIN_SETGROUP|LOGIN_SETPRIORITY| LOGIN_SETRESOURCES|LOGIN_SETUMASK); /* and code to reset */ rshd/rshd.c: if (setusercontext(lc, pwd, pwd->pw_uid, LOGIN_SETALL) != 0) On Fri, 31 Aug 2001, Robert Watson wrote: :I guess my response would actually be surprise that it isn't used already. ::-) Do those use setusercontext() at all? : :Robert N M Watson FreeBSD Core Team, TrustedBSD Project :robert@fledge.watson.org NAI Labs, Safeport Network Services : :On Wed, 22 Aug 2001, Andrew R. Reiter wrote: : :> Hi, :> :> I plan on doing some patches for adding setlogincontext() calls to: :> :> libexec/: :> atrun/atrun.c :> ftpd/ftpd.c :> rshd/rshd.c :> uucpd/uucpd.c :> :> as an initial step towards seeing how people react. If people can perhaps :> recommend a couple more from other parts of the tree that I could write :> patches for, that would be great. I ask this so that I can perhaps get a :> bit more of a reaction from some people as this type of patch will effect :> some network daemons etc... :> :> Thanks, :> :> Andrew :> :> *-------------................................................. :> | Andrew R. Reiter :> | arr@fledge.watson.org :> | "It requires a very unusual mind :> | to undertake the analysis of the obvious" -- A.N. Whitehead :> :> :> To Unsubscribe: send mail to majordomo@FreeBSD.org :> with "unsubscribe freebsd-audit" in the body of the message :> : : *-------------................................................. | Andrew R. Reiter | arr@fledge.watson.org | "It requires a very unusual mind | to undertake the analysis of the obvious" -- A.N. Whitehead To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sat Sep 1 9:56:41 2001 Delivered-To: freebsd-audit@freebsd.org Received: from coffee.q9media.com (coffee.q9media.com [216.94.229.19]) by hub.freebsd.org (Postfix) with ESMTP id F398A37B408 for ; Sat, 1 Sep 2001 09:56:35 -0700 (PDT) Received: (from mike@localhost) by coffee.q9media.com (8.11.2/8.11.3) id f81Gw2891012; Sat, 1 Sep 2001 12:58:02 -0400 (EDT) (envelope-from mike) Date: Sat, 1 Sep 2001 12:58:02 -0400 From: Mike Barcroft To: David Hill Cc: audit@FreeBSD.ORG Subject: Re: users.c PATCH - please review Message-ID: <20010901125802.F85574@coffee.q9media.com> Mail-Followup-To: Mike Barcroft , David Hill , audit@FreeBSD.ORG References: <20010831160414.7125e88e.david@phobia.ms> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010831160414.7125e88e.david@phobia.ms>; from david@phobia.ms on Fri, Aug 31, 2001 at 04:04:14PM -0400 Organization: The FreeBSD Project Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG David Hill writes: > I have patched users/users.c so that it will compile under WARNS?=2. I have both attached and cut/pasted it to the message. > Please review it. > diff -ru /usr/src/usr.bin/users.orig/users.c /usr/src/usr.bin/users/users.c > --- /usr/src/usr.bin/users.orig/users.c Fri Aug 27 21:07:14 1999 > +++ /usr/src/usr.bin/users/users.c Fri Aug 31 15:58:20 2001 > @@ -117,5 +117,8 @@ > scmp(p, q) > const void *p, *q; > { > - return(strncmp((char *)p, (char *)q, UT_NAMESIZE)); > + const char *const pp1 = p; > + const char *const pp2 = q; > + > + return(strncmp(pp1, pp2, UT_NAMESIZE)); > } Why create new local variables? Just get rid of the bogus casts. Best regards, Mike Barcroft To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message