From owner-freebsd-audit@FreeBSD.ORG Mon Sep 20 19:04:06 2004 Return-Path: Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7586516A4CE for ; Mon, 20 Sep 2004 19:04:06 +0000 (GMT) Received: from mproxy.gmail.com (rproxy.gmail.com [64.233.170.205]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0200F43D6D for ; Mon, 20 Sep 2004 19:04:06 +0000 (GMT) (envelope-from mikehavard@gmail.com) Received: by mproxy.gmail.com with SMTP id 79so1294418rnk for ; Mon, 20 Sep 2004 12:03:59 -0700 (PDT) Received: by 10.38.15.66 with SMTP id 66mr2063904rno; Mon, 20 Sep 2004 12:03:58 -0700 (PDT) Received: by 10.38.79.77 with HTTP; Mon, 20 Sep 2004 12:03:58 -0700 (PDT) Message-ID: <71b668fd040920120318145845@mail.gmail.com> Date: Mon, 20 Sep 2004 12:03:58 -0700 From: Mike Havard To: freebsd-audit@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: X-BeenThere: freebsd-audit@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Mike Havard List-Id: FreeBSD Security Audit List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Sep 2004 19:04:06 -0000 From owner-freebsd-audit@FreeBSD.ORG Tue Sep 21 07:55:29 2004 Return-Path: Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 42B0F16A4CE for ; Tue, 21 Sep 2004 07:55:29 +0000 (GMT) Received: from mproxy.gmail.com (rproxy.gmail.com [64.233.170.199]) by mx1.FreeBSD.org (Postfix) with ESMTP id CADCA43D5F for ; Tue, 21 Sep 2004 07:55:28 +0000 (GMT) (envelope-from kerochan2@gmail.com) Received: by mproxy.gmail.com with SMTP id 79so1500018rnk for ; Tue, 21 Sep 2004 00:55:22 -0700 (PDT) Received: by 10.38.82.75 with SMTP id f75mr2351990rnb; Tue, 21 Sep 2004 00:55:21 -0700 (PDT) Received: by 10.38.75.26 with HTTP; Tue, 21 Sep 2004 00:55:21 -0700 (PDT) Message-ID: <3b793f1a04092100557a15a96@mail.gmail.com> Date: Tue, 21 Sep 2004 03:55:21 -0400 From: kerochan ii To: =?ISO-8859-1?Q?Dag-Erling_Sm=F8rgrav?= In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit References: <3b793f1a040907174043f4cad4@mail.gmail.com> cc: freebsd-audit@freebsd.org Subject: Re: portaudit false positive X-BeenThere: freebsd-audit@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: kerochan ii List-Id: FreeBSD Security Audit List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Sep 2004 07:55:29 -0000 Yeah, now I updated to 5.2.1-p10 that is supposed to fix theese problems right? But portaudit still warns me. From owner-freebsd-audit@FreeBSD.ORG Tue Sep 21 12:24:24 2004 Return-Path: Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 849FB16A4CE for ; Tue, 21 Sep 2004 12:24:24 +0000 (GMT) Received: from mail.broadpark.no (mail.broadpark.no [217.13.4.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3D95843D2D for ; Tue, 21 Sep 2004 12:24:24 +0000 (GMT) (envelope-from des@des.no) Received: from dwp.des.no (37.80-203-228.nextgentel.com [80.203.228.37]) by mail.broadpark.no (Postfix) with ESMTP id 6636F3CF2; Tue, 21 Sep 2004 14:25:04 +0200 (MEST) Received: by dwp.des.no (Postfix, from userid 2602) id 2FE68B85E; Tue, 21 Sep 2004 14:24:23 +0200 (CEST) To: kerochan ii References: <3b793f1a040907174043f4cad4@mail.gmail.com> <3b793f1a04092100557a15a96@mail.gmail.com> From: des@des.no (=?iso-8859-1?q?Dag-Erling_Sm=F8rgrav?=) Date: Tue, 21 Sep 2004 14:24:23 +0200 In-Reply-To: <3b793f1a04092100557a15a96@mail.gmail.com> (kerochan ii's message of "Tue, 21 Sep 2004 03:55:21 -0400") Message-ID: User-Agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/21.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable cc: freebsd-audit@freebsd.org Subject: Re: portaudit false positive X-BeenThere: freebsd-audit@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: FreeBSD Security Audit List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Sep 2004 12:24:24 -0000 kerochan ii writes: > Yeah, now I updated to 5.2.1-p10 that is supposed to fix theese > problems right? But portaudit still warns me. The vulnerability database was updated late last night. DES --=20 Dag-Erling Sm=F8rgrav - des@des.no From owner-freebsd-audit@FreeBSD.ORG Fri Sep 24 15:49:58 2004 Return-Path: Delivered-To: freebsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2BC2416A4DD for ; Fri, 24 Sep 2004 15:49:58 +0000 (GMT) Received: from post5.inre.asu.edu (post5.inre.asu.edu [129.219.110.120]) by mx1.FreeBSD.org (Postfix) with ESMTP id 60CF643D2F for ; Fri, 24 Sep 2004 15:49:57 +0000 (GMT) (envelope-from David.Bear@asu.edu) Received: from conversion.post5.inre.asu.edu by asu.edu (PMDF V6.1-1X6 #30769) id <0I4J00901YG6XX@asu.edu> for audit@FreeBSD.ORG; Fri, 24 Sep 2004 08:45:42 -0700 (MST) Received: from smtp.asu.edu (smtp.asu.edu [129.219.110.107]) <0I4J0091XYG6SO@asu.edu>; Fri, 24 Sep 2004 08:45:42 -0700 (MST) Received: from moroni.pp.asu.edu (moroni.pp.asu.edu [129.219.69.200]) (8.12.10/8.12.10/asu_smtp_relay,nullclient,tcp_wrapped) with ESMTP id i8OFjf71010811; Fri, 24 Sep 2004 08:45:41 -0700 (MST) Received: by moroni.pp.asu.edu (Postfix, from userid 500) id 82616E06; Fri, 24 Sep 2004 08:45:39 -0700 (MST) Received: from post1.inre.asu.edu (post1.inre.asu.edu [129.219.110.72]) by imap1.asu.edu (8.11.0/8.11.0/asu_cyrus,tcp_wrapped) with ESMTP id f83HJnK21362 for ; Mon, 03 Sep 2001 10:19:49 -0700 (MST) Received: from conversion.post1.inre.asu.edu by asu.edu (PMDF V6.0-24 #47346) david.bear@asu.edu) ; Mon, 03 Sep 2001 10:19:48 -0700 (MST) Received: from mx2.freebsd.org (mx2.freebsd.org [216.136.204.119]) by asu.edu (PMDF V6.0-24 #47346) with ESMTP id <0GJ300B3DK4ZIL@asu.edu> for iddwb@IMAP1.ASU.EDU (ORCPT david.bear@asu.edu); Mon, 03 Sep 2001 10:19:48 -0700 (MST) Received: from hub.freebsd.org (hub.freebsd.org [216.136.204.18]) by mx2.freebsd.org (Postfix) with ESMTP id 3422D55B70; Mon, 03 Sep 2001 10:19:44 -0700 Received: by hub.freebsd.org (Postfix, from userid 538) id 2963937B40F; Mon, 03 Sep 2001 10:19:40 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with SMTP id DEECF2E8108; Mon, 03 Sep 2001 10:19:38 -0700 (PDT) Received: by hub.freebsd.org (bulk_mailer v1.12); Mon, 03 Sep 2001 10:19:38 -0700 Received: from whale.sunbay.crimea.ua (whale.sunbay.crimea.ua [212.110.138.65]) by hub.freebsd.org (Postfix) with ESMTP id 842C637B40C; Mon, 03 Sep 2001 10:19:15 -0700 (PDT) Received: (from ru@localhost) by whale.sunbay.crimea.ua (8.11.2/8.11.2) id f83HJ9143379; Mon, 03 Sep 2001 20:19:09 +0300 (EEST envelope-from ru) From: Ruslan Ermilov Sender: owner-freebsd-security@FreeBSD.ORG To: dwbear75@gmail.com Message-id: <20010903201909.C29616@sunbay.com> MIME-version: 1.0 Content-type: multipart/mixed; boundary="Boundary_(ID_O7SyW64XgpFNpuMLGcYwig)" Precedence: bulk X-Loop: FreeBSD.org Delivered-to: freebsd-security@freebsd.org Old-To: security@FreeBSD.ORG User-Agent: Mutt/1.2.5i X-Keywords: X-Status: cc: audit@FreeBSD.ORG Subject: dropping ``setgid tty'' in dump(8) X-BeenThere: freebsd-audit@freebsd.org X-Mailman-Version: 2.1.1 List-Id: FreeBSD Security Audit List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Fri, 24 Sep 2004 15:49:58 -0000 X-Original-Date: Mon, 03 Sep 2001 20:19:09 +0300 X-List-Received-Date: Fri, 24 Sep 2004 15:49:58 -0000 --Boundary_(ID_O7SyW64XgpFNpuMLGcYwig) Content-type: text/plain; charset=us-ascii Content-disposition: inline Hi! The attached patch replaces the ``wall -g'' functionality built into dump(8) directly with the call to wall(1), thus making it possible to drop the ``setgid tty'' privilege. The DIALUP check was weak, and was also removed. The patch is based on the OpenBSD's work. I've posted another message to the -audit that makes ``wall -g'' really work. Cheers, -- Ruslan Ermilov Oracle Developer/DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age --Boundary_(ID_O7SyW64XgpFNpuMLGcYwig) Content-type: text/plain; charset=us-ascii Content-disposition: attachment; filename=p Index: Makefile =================================================================== RCS file: /home/ncvs/src/sbin/dump/Makefile,v retrieving revision 1.14 diff -u -p -r1.14 Makefile --- Makefile 2001/03/26 14:33:00 1.14 +++ Makefile 2001/09/03 16:57:01 @@ -18,8 +18,6 @@ LINKS= ${BINDIR}/dump ${BINDIR}/rdump CFLAGS+=-DRDUMP CFLAGS+=-I${.CURDIR}/../../libexec/rlogind SRCS= itime.c main.c optr.c dumprmt.c tape.c traverse.c unctime.c -BINGRP= tty -BINMODE=2555 MAN= dump.8 MLINKS+=dump.8 rdump.8 Index: dump.h =================================================================== RCS file: /home/ncvs/src/sbin/dump/dump.h,v retrieving revision 1.9 diff -u -p -r1.9 dump.h --- dump.h 2001/08/10 23:12:10 1.9 +++ dump.h 2001/09/03 16:57:01 @@ -100,7 +100,6 @@ void msg __P((const char *fmt, ...)) __p void msgtail __P((const char *fmt, ...)) __printflike(1, 2); int query __P((char *question)); void quit __P((const char *fmt, ...)) __printflike(1, 2); -void set_operators __P((void)); void timeest __P((void)); time_t unctime __P((char *str)); @@ -151,7 +150,6 @@ void interrupt __P((int signo)); /* in c #define X_ABORT 3 /* abort dump; don't attempt checkpointing */ #define OPGRENT "operator" /* group entry to notify */ -#define DIALUP "ttyd" /* prefix for dialups */ struct fstab *fstabsearch __P((char *key)); /* search fs_file and fs_spec */ Index: main.c =================================================================== RCS file: /home/ncvs/src/sbin/dump/main.c,v retrieving revision 1.26 diff -u -p -r1.26 main.c --- main.c 2001/07/09 03:06:56 1.26 +++ main.c 2001/09/03 16:57:03 @@ -287,7 +287,6 @@ main(argc, argv) if (signal(SIGINT, interrupt) == SIG_IGN) signal(SIGINT, SIG_IGN); - set_operators(); /* /etc/group snarfed */ getfstab(); /* /etc/fstab snarfed */ /* * disk can be either the full special file name, Index: optr.c =================================================================== RCS file: /home/ncvs/src/sbin/dump/optr.c,v retrieving revision 1.12 diff -u -p -r1.12 optr.c --- optr.c 2001/01/29 09:45:51 1.12 +++ optr.c 2001/09/03 16:57:03 @@ -59,7 +59,6 @@ static const char rcsid[] = void alarmcatch __P((/* int, int */)); int datesort __P((const void *, const void *)); -static void sendmes __P((char *, char *)); /* * Query the operator; This previously-fascist piece of code @@ -117,7 +116,7 @@ query(question) return(back); } -char lastmsg[100]; +char lastmsg[BUFSIZ]; /* * Alert the console operator, and enable the alarm clock to @@ -159,130 +158,33 @@ interrupt(signo) } /* - * The following variables and routines manage alerting - * operators to the status of dump. - * This works much like wall(1) does. + * We now use wall(1) to do the actual broadcasting. */ -struct group *gp; - -/* - * Get the names from the group entry "operator" to notify. - */ -void -set_operators() -{ - if (!notify) /*not going to notify*/ - return; - gp = getgrnam(OPGRENT); - (void) endgrent(); - if (gp == NULL) { - msg("No group entry for %s.\n", OPGRENT); - notify = 0; - return; - } -} - -struct tm *localclock; - -/* - * We fork a child to do the actual broadcasting, so - * that the process control groups are not messed up - */ void broadcast(message) char *message; { - time_t clock; - FILE *f_utmp; - struct utmp utmp; - char **np; - int pid, s; + FILE *fp; + char buf[sizeof(_PATH_WALL) + sizeof(OPGRENT) + 3]; - if (!notify || gp == NULL) + if (!notify) return; - switch (pid = fork()) { - case -1: + snprintf(buf, sizeof(buf), "%s -g %s", _PATH_WALL, OPGRENT); + if ((fp = popen(buf, "w")) == NULL) return; - case 0: - break; - default: - while (wait(&s) != pid) - continue; - return; - } - - clock = time((time_t *)0); - localclock = localtime(&clock); - - if ((f_utmp = fopen(_PATH_UTMP, "r")) == NULL) { - msg("Cannot open %s: %s\n", _PATH_UTMP, strerror(errno)); - return; - } - while (!feof(f_utmp)) { - if (fread((char *) &utmp, sizeof (struct utmp), 1, f_utmp) != 1) - break; - if (utmp.ut_name[0] == 0) - continue; - for (np = gp->gr_mem; *np; np++) { - if (strncmp(*np, utmp.ut_name, sizeof(utmp.ut_name)) != 0) - continue; - /* - * Do not send messages to operators on dialups - */ - if (strncmp(utmp.ut_line, DIALUP, strlen(DIALUP)) == 0) - continue; -#ifdef DEBUG - msg("Message to %s at %s\n", *np, utmp.ut_line); -#endif - sendmes(utmp.ut_line, message); - } - } - (void) fclose(f_utmp); - Exit(0); /* the wait in this same routine will catch this */ - /* NOTREACHED */ -} + (void) fputs("\a\a\aMessage from the dump program to all operators\n\nDUMP: NEEDS ATTENTION: ", fp); + if (lastmsg[0]) + (void) fputs(lastmsg, fp); + if (message[0]) + (void) fputs(message, fp); -static void -sendmes(tty, message) - char *tty, *message; -{ - char t[MAXPATHLEN], buf[BUFSIZ]; - register char *cp; - int lmsg = 1; - FILE *f_tty; - - (void) strcpy(t, _PATH_DEV); - (void) strncat(t, tty, sizeof t - strlen(_PATH_DEV) - 1); - - if ((f_tty = fopen(t, "w")) != NULL) { - setbuf(f_tty, buf); - (void) fprintf(f_tty, - "\n\ -\a\a\aMessage from the dump program to all operators at %d:%02d ...\r\n\n\ -DUMP: NEEDS ATTENTION: ", - localclock->tm_hour, localclock->tm_min); - for (cp = lastmsg; ; cp++) { - if (*cp == '\0') { - if (lmsg) { - cp = message; - if (*cp == '\0') - break; - lmsg = 0; - } else - break; - } - if (*cp == '\n') - (void) putc('\r', f_tty); - (void) putc(*cp, f_tty); - } - (void) fclose(f_tty); - } + (void) pclose(fp); } /* - * print out an estimate of the amount of time left to do the dump + * Print out an estimate of the amount of time left to do the dump */ time_t tschedule = 0; Index: pathnames.h =================================================================== RCS file: /home/ncvs/src/sbin/dump/pathnames.h,v retrieving revision 1.6 diff -u -p -r1.6 pathnames.h --- pathnames.h 2001/03/08 09:04:39 1.6 +++ pathnames.h 2001/09/03 16:57:03 @@ -41,3 +41,4 @@ #define _PATH_DUMPDATES "/etc/dumpdates" #define _PATH_LOCK "/tmp/dumplockXXXXXX" #define _PATH_RMT "/etc/rmt" /* path on remote host */ +#define _PATH_WALL "/usr/bin/wall" --Boundary_(ID_O7SyW64XgpFNpuMLGcYwig)--