From owner-freebsd-security@FreeBSD.ORG Tue Jun 14 11:30:38 2005 Return-Path: X-Original-To: freebsd-security@FreeBSD.org Delivered-To: freebsd-security@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8ECAC16A41C for ; Tue, 14 Jun 2005 11:30:38 +0000 (GMT) (envelope-from bsam@bsam.ru) Received: from bsam.ru (gw.ipt.ru [80.253.10.66]) by mx1.FreeBSD.org (Postfix) with ESMTP id 27E3A43D49 for ; Tue, 14 Jun 2005 11:30:37 +0000 (GMT) (envelope-from bsam@bsam.ru) Received: from bsam by bsam.ru with local (Exim 4.30; FreeBSD) id 1Di9cn-000Ia0-Ra; Tue, 14 Jun 2005 15:30:33 +0400 To: freebsd-security@FreeBSD.org References: <22142911@srv.sem.ipt.ru> From: Boris Samorodov Date: Tue, 14 Jun 2005 15:30:33 +0400 In-Reply-To: <22142911@srv.sem.ipt.ru> (Boris Samorodov's message of "Sat, 11 Jun 2005 00:17:20 +0400") Message-ID: <56012134@srv.sem.ipt.ru> User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.0.50 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: "Boris B. Samorodov" Cc: Subject: Re: [Kerberos] Error at Handbook? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Jun 2005 11:30:38 -0000 On Sat, 11 Jun 2005 00:17:20 +0400 Boris Samorodov wrote: > According to FreeBSD Handbook (14.8.2 Setting up a Heimdal KDC) one > should config DNS server by adding: > ----- > _kerberos IN TXT EXAMPLE.ORG. > ----- > This doesn't work. DNS servers returns: text = "EXAMPLE.ORG.". > This is right, because RFC 1035 allows up to 16 character strings at > this field (assuming that noting should be prepended to the field if > it doesn't end with a point). > Thus I've got at KDC log: > ----- > 2005-06-10T23:57:07 Server not found in database: krbtgt/EXAMPLE.ORG.@EXAMPLE.ORG: No such entry in the database > ---- > (lookat the point before '@'). > Everythig is fine when changing DNS TXT record to "EXAMPLE.ORG" > (without a dot at the end). > I'm going to file a DOC/PR, but what security guru can say on the > matter? Am I missing smth? I'm far away from thinking that I'm the > only user who is using the Handbook to configure kerberos on FreeBSD... As nobody complained so far, I filed a PR: ----- http://www.freebsd.org/cgi/query-pr.cgi?pr=82223 >Category: docs >Responsible: freebsd-doc >Synopsis: [Kerberos] Error at Handbook >Arrival-Date: Tue Jun 14 10:40:23 GMT 2005 ----- WBR -- bsam From owner-freebsd-security@FreeBSD.ORG Wed Jun 15 12:51:47 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3230C16A41C for ; Wed, 15 Jun 2005 12:51:47 +0000 (GMT) (envelope-from joda@pdc.kth.se) Received: from ratatosk.pdc.kth.se (ratatosk.pdc.kth.se [130.237.232.41]) by mx1.FreeBSD.org (Postfix) with ESMTP id 932E043D1D for ; Wed, 15 Jun 2005 12:51:45 +0000 (GMT) (envelope-from joda@pdc.kth.se) X-PDC-Rcpt-To: unknown X-PDC-Mail-From: joda@pdc.kth.se X-PDC-Client: shoal.pdc.kth.se (130.237.221.157) Received: from shoal.pdc.kth.se (shoal.pdc.kth.se [130.237.221.157]) by ratatosk.pdc.kth.se (8.13.1/8.13.1) with ESMTP id j5FCphl3334589; Wed, 15 Jun 2005 14:51:43 +0200 (CEST) Received: by shoal.pdc.kth.se (Postfix, from userid 3008) id A3D564A517; Wed, 15 Jun 2005 14:51:43 +0200 (CEST) To: Boris Samorodov References: <22142911@srv.sem.ipt.ru> From: Johan Danielsson Date: Wed, 15 Jun 2005 14:51:43 +0200 In-Reply-To: <22142911@srv.sem.ipt.ru> (Boris Samorodov's message of "Sat, 11 Jun 2005 00:17:20 +0400") Message-ID: User-Agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/20.7 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: freebsd-security@freebsd.org Subject: Re: [Kerberos] Error at Handbook? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Jun 2005 12:51:47 -0000 Boris Samorodov writes: > ----- > _kerberos IN TXT EXAMPLE.ORG. > ----- Your observation is correct, the data in the TXT record is a realm name, not a domain name, so there should be no final period. /Johan From owner-freebsd-security@FreeBSD.ORG Wed Jun 15 17:58:45 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2D83B16A41C; Wed, 15 Jun 2005 17:58:45 +0000 (GMT) (envelope-from colin.percival@wadham.ox.ac.uk) Received: from pd2mo2so.prod.shaw.ca (shawidc-mo1.cg.shawcable.net [24.71.223.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 09B6D43D1D; Wed, 15 Jun 2005 17:58:44 +0000 (GMT) (envelope-from colin.percival@wadham.ox.ac.uk) Received: from pd4mr7so.prod.shaw.ca (pd4mr7so-qfe3.prod.shaw.ca [10.0.141.84]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0II500GTP0KV1810@l-daemon>; Wed, 15 Jun 2005 11:58:07 -0600 (MDT) Received: from pn2ml6so.prod.shaw.ca ([10.0.121.150]) by pd4mr7so.prod.shaw.ca (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0II500HMF0KV04D0@pd4mr7so.prod.shaw.ca>; Wed, 15 Jun 2005 11:58:07 -0600 (MDT) Received: from [192.168.0.60] (S0106006067227a4a.vc.shawcable.net [24.87.209.6]) by l-daemon (iPlanet Messaging Server 5.2 HotFix 1.18 (built Jul 28 2003)) with ESMTP id <0II50066A0KU09@l-daemon>; Wed, 15 Jun 2005 11:58:07 -0600 (MDT) Date: Wed, 15 Jun 2005 10:58:06 -0700 From: Colin Percival To: FreeBSD Stable , freebsd-security@freebsd.org Message-id: <42B06C2E.9030704@wadham.ox.ac.uk> MIME-version: 1.0 Content-type: text/plain; charset=ISO-8859-1 Content-transfer-encoding: 7bit X-Accept-Language: en-us, en X-Enigmail-Version: 0.91.0.0 User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050406) Cc: Subject: FreeBSD 5.4 SMP kernels now available via FreeBSD Update X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Jun 2005 17:58:45 -0000 It sounds like the SMP kernel I provided for FreeBSD 5.3 was quite popular, so I've started building an SMP kernel for FreeBSD 5.4 as well, in addition to the usual GENERIC kernel. To take advantage of this on your FreeBSD 5.4 SMP system, run the following commands as root: # touch /boot/kernel/SMP # freebsd-update fetch # freebsd-update install # echo 'bootfile="SMP"' >> /boot/loader.conf and reboot. You should now find that `uname -ri` outputs "5.4-SECURITY SMP". Colin Percival From owner-freebsd-security@FreeBSD.ORG Thu Jun 16 00:36:12 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DE54616A41C; Thu, 16 Jun 2005 00:36:12 +0000 (GMT) (envelope-from colin.percival@wadham.ox.ac.uk) Received: from pd3mo3so.prod.shaw.ca (shawidc-mo1.cg.shawcable.net [24.71.223.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id B7A6243D4C; Thu, 16 Jun 2005 00:36:12 +0000 (GMT) (envelope-from colin.percival@wadham.ox.ac.uk) Received: from pd3mr3so.prod.shaw.ca (pd3mr3so-qfe3.prod.shaw.ca [10.0.141.179]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0II500BCJJ0BAGXR@l-daemon>; Wed, 15 Jun 2005 18:36:11 -0600 (MDT) Received: from pn2ml3so.prod.shaw.ca ([10.0.121.147]) by pd3mr3so.prod.shaw.ca (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0II500HHMJ0B1T20@pd3mr3so.prod.shaw.ca>; Wed, 15 Jun 2005 18:36:11 -0600 (MDT) Received: from [192.168.0.60] (S0106006067227a4a.vc.shawcable.net [24.87.209.6]) by l-daemon (iPlanet Messaging Server 5.2 HotFix 1.18 (built Jul 28 2003)) with ESMTP id <0II500L5CJ0BS9@l-daemon>; Wed, 15 Jun 2005 18:36:11 -0600 (MDT) Date: Wed, 15 Jun 2005 17:36:10 -0700 From: Colin Percival In-reply-to: <42B095F4.1050100@leadhill.net> To: Billy Newsom Message-id: <42B0C97A.5080004@wadham.ox.ac.uk> MIME-version: 1.0 Content-type: text/plain; charset=ISO-8859-1 Content-transfer-encoding: 7bit X-Accept-Language: en-us, en X-Enigmail-Version: 0.91.0.0 References: <42B06C2E.9030704@wadham.ox.ac.uk> <42B095F4.1050100@leadhill.net> User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050406) Cc: freebsd-security@freebsd.org, FreeBSD Stable Subject: Re: FreeBSD 5.4 SMP kernels now available via FreeBSD Update X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Jun 2005 00:36:13 -0000 Billy Newsom wrote: > Colin Percival wrote: >> It sounds like the SMP kernel I provided for FreeBSD 5.3 was quite >> popular [...] > > I'm curious how popular. Would you like to report some statistics here > on the list? As in, how many SMP downloads did you get, say, in > comparison to the GENERIC? Ok, I've gone through my log files, and it looks like the number of systems downloading SMP kernels is around 4% - 6% of the number of systems downloading GENERIC kernels. That said, I don't think this should be used as a measure of how popular SMP is on FreeBSD systems overall, since people with high-end SMP systems are more likely than average to build their own kernels rather than using those which I distribute and the availability of SMP kernels via FreeBSD Update wasn't very widely advertised. It is probably safe to conclude that _at least_ 5% of FreeBSD systems have more than one processor, but I suspect that the actual value is considerably higher than that. Colin Percival From owner-freebsd-security@FreeBSD.ORG Wed Jun 15 16:24:15 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D343216A41C for ; Wed, 15 Jun 2005 16:24:15 +0000 (GMT) (envelope-from sbhasin@gmail.com) Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.197]) by mx1.FreeBSD.org (Postfix) with ESMTP id 94A0043D4C for ; Wed, 15 Jun 2005 16:24:15 +0000 (GMT) (envelope-from sbhasin@gmail.com) Received: by rproxy.gmail.com with SMTP id i8so2041516rne for ; Wed, 15 Jun 2005 09:24:15 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=h7zZk33gPqdAW6Nen8gunXDSEwV0leiO3DdPsl5Ruf8GyglLdfPl8g9px0iBoW9uM0PJ/e7rDpw3BEwhD1EjVQojIhC7Ux+E4RHVmjxoTRTK9BogYvPBII2sDs5RDuKnIBlQnuLoCbYDXBkfWP1ItjsibxLQH7kAPLtLCGXK4bE= Received: by 10.38.101.33 with SMTP id y33mr2185373rnb; Wed, 15 Jun 2005 09:24:15 -0700 (PDT) Received: by 10.38.208.60 with HTTP; Wed, 15 Jun 2005 09:24:15 -0700 (PDT) Message-ID: Date: Wed, 15 Jun 2005 09:24:15 -0700 From: Saurabh Bhasin To: freebsd-security@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline X-Mailman-Approved-At: Thu, 16 Jun 2005 12:05:25 +0000 Subject: last command - strange entries? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Saurabh Bhasin List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Jun 2005 16:24:15 -0000 Greetings, I am seeing strange entries when i perform "last -20" for example. Here's a sample output becuase I can not seem to make any sense out of this in the last two days and can't find any information online. Any help is appreciated. 0 F=3D=B0Bttyp Wed Dec 31 16:00 still log= ged in 0 6=DB=AFBttyp Wed Dec 31 16:00 still log= ged in 0 m=DA=AFBttyp Wed Dec 31 16:00 still log= ged in 7 m=DA=AFBttyv Wed Dec 31 16:00 still log= ged in 0 =AFBttyp Wed Dec 31 16:00 still logged = in 0 (o=AFBttyp Wed Dec 31 16:00 still logge= d in 2 =EBg=AFBttyp Wed Dec 31 16:00 still log= ged in . and it keeps going for 20 lines.=20 Thanks for your time, Saurabh From owner-freebsd-security@FreeBSD.ORG Thu Jun 16 13:24:33 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 76A6416A41C for ; Thu, 16 Jun 2005 13:24:33 +0000 (GMT) (envelope-from root@Neo-Vortex.net) Received: from Neo-Vortex.net (203-206-17-78.dyn.iinet.net.au [203.206.17.78]) by mx1.FreeBSD.org (Postfix) with ESMTP id CC98E43D55 for ; Thu, 16 Jun 2005 13:24:32 +0000 (GMT) (envelope-from root@Neo-Vortex.net) Received: from localhost.Neo-Vortex.net (Neo-Vortex@localhost.Neo-Vortex.net [127.0.0.1]) by Neo-Vortex.net (8.13.1/8.12.10) with ESMTP id j5GDOUIn026897; Thu, 16 Jun 2005 23:24:30 +1000 (EST) (envelope-from root@Neo-Vortex.net) Date: Thu, 16 Jun 2005 23:24:30 +1000 (EST) From: Neo-Vortex To: Saurabh Bhasin In-Reply-To: Message-ID: <20050616232236.A26561@Neo-Vortex.net> References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=ISO-8859-1 Content-Transfer-Encoding: QUOTED-PRINTABLE Cc: freebsd-security@freebsd.org Subject: Re: last command - strange entries? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Jun 2005 13:24:33 -0000 On Wed, 15 Jun 2005, Saurabh Bhasin wrote: > Greetings, > > I am seeing strange entries when i perform "last -20" for example. > Here's a sample output becuase I can not seem to make any sense out of > this in the last two days and can't find any information online. Any > help is appreciated. > > 0 F=3D=B0Bttyp Wed Dec 31 16:00 still l= ogged in > 0 6=DB=AFBttyp Wed Dec 31 16:00 still l= ogged in > 0 m=DA=AFBttyp Wed Dec 31 16:00 still l= ogged in > 7 m=DA=AFBttyv Wed Dec 31 16:00 still l= ogged in > 0 =AFBttyp Wed Dec 31 16:00 still logge= d in > 0 (o=AFBttyp Wed Dec 31 16:00 still log= ged in > 2 =EBg=AFBttyp Wed Dec 31 16:00 still l= ogged in > . > > and it keeps going for 20 lines. The last command uses /var/log/wtmp and /var/log/utmp (mabe even /var/log/lastlog) - anyway, the point is, it uses those files to get the information, now, it appears as if they have become corrupt, mabe by userland/kernel land desynch? bad upgrade? tried a reboot? Else, can you give us more details about the system, past upgrades, intrusions? ~NVX From owner-freebsd-security@FreeBSD.ORG Thu Jun 16 20:40:22 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AA7C916A41C; Thu, 16 Jun 2005 20:40:22 +0000 (GMT) (envelope-from mipam@ibb.net) Received: from ux11.ltcm.net (213-84-197-131.adsl.xs4all.nl [213.84.197.131]) by mx1.FreeBSD.org (Postfix) with ESMTP id 53C1B43D48; Thu, 16 Jun 2005 20:40:21 +0000 (GMT) (envelope-from mipam@ibb.net) Received: from ux11.ltcm.net (mipam@localhost.ltcm.net [IPv6:::1]) by ux11.ltcm.net (8.12.9/8.12.9/UX11TT) with ESMTP id j5GKeIqC003189; Thu, 16 Jun 2005 22:40:19 +0200 (MEST) Received: from localhost (mipam@localhost) by ux11.ltcm.net (8.12.9/8.12.9/Submit) with ESMTP id j5GKeGKu020493; Thu, 16 Jun 2005 22:40:17 +0200 (MEST) X-Authentication-Warning: ux11.ltcm.net: mipam owned process doing -bs Date: Thu, 16 Jun 2005 22:40:16 +0200 (MEST) From: Mipam X-X-Sender: mipam@ux11.ltcm.net To: Colin Percival In-Reply-To: <42B06C2E.9030704@wadham.ox.ac.uk> Message-ID: References: <42B06C2E.9030704@wadham.ox.ac.uk> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Cc: freebsd-security@freebsd.org, FreeBSD Stable Subject: Re: FreeBSD 5.4 SMP kernels now available via FreeBSD Update X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Jun 2005 20:40:22 -0000 Thanks for the kernel. What parameters did you change in your SMP kernel. Just curious, surely gonna try your kernel. :-) Thanks, Mipam. On Wed, 15 Jun 2005, Colin Percival wrote: > It sounds like the SMP kernel I provided for FreeBSD 5.3 was quite > popular, so I've started building an SMP kernel for FreeBSD 5.4 as > well, in addition to the usual GENERIC kernel. To take advantage > of this on your FreeBSD 5.4 SMP system, run the following commands > as root: > > # touch /boot/kernel/SMP > # freebsd-update fetch > # freebsd-update install > # echo 'bootfile="SMP"' >> /boot/loader.conf > > and reboot. You should now find that `uname -ri` outputs "5.4-SECURITY SMP". > > Colin Percival > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > From owner-freebsd-security@FreeBSD.ORG Thu Jun 16 20:51:33 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9BC1C16A41C; Thu, 16 Jun 2005 20:51:33 +0000 (GMT) (envelope-from colin.percival@wadham.ox.ac.uk) Received: from pd2mo3so.prod.shaw.ca (shawidc-mo1.cg.shawcable.net [24.71.223.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 768C343D4C; Thu, 16 Jun 2005 20:51:32 +0000 (GMT) (envelope-from colin.percival@wadham.ox.ac.uk) Received: from pd5mr3so.prod.shaw.ca (pd5mr3so-qfe3.prod.shaw.ca [10.0.141.144]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0II7001GC3957E30@l-daemon>; Thu, 16 Jun 2005 14:51:05 -0600 (MDT) Received: from pn2ml3so.prod.shaw.ca ([10.0.121.147]) by pd5mr3so.prod.shaw.ca (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0II700CUK395TUD0@pd5mr3so.prod.shaw.ca>; Thu, 16 Jun 2005 14:51:05 -0600 (MDT) Received: from [192.168.0.60] (S0106006067227a4a.vc.shawcable.net [24.87.209.6]) by l-daemon (iPlanet Messaging Server 5.2 HotFix 1.18 (built Jul 28 2003)) with ESMTP id <0II7008D7394I0@l-daemon>; Thu, 16 Jun 2005 14:51:05 -0600 (MDT) Date: Thu, 16 Jun 2005 13:51:04 -0700 From: Colin Percival In-reply-to: To: Mipam Message-id: <42B1E638.5030600@wadham.ox.ac.uk> MIME-version: 1.0 Content-type: text/plain; charset=ISO-8859-1 Content-transfer-encoding: 7bit X-Accept-Language: en-us, en X-Enigmail-Version: 0.91.0.0 References: <42B06C2E.9030704@wadham.ox.ac.uk> User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050406) Cc: freebsd-security@freebsd.org, FreeBSD Stable Subject: Re: FreeBSD 5.4 SMP kernels now available via FreeBSD Update X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Jun 2005 20:51:33 -0000 Mipam wrote: > Thanks for the kernel. > What parameters did you change in your SMP kernel. > Just curious, surely gonna try your kernel. :-) I didn't change any parameters, I just used the SMP kernel configuration from the source tree (i.e., GENERIC plus "options SMP"). Colin Percival From owner-freebsd-security@FreeBSD.ORG Thu Jun 16 15:35:35 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 88B2916A41C for ; Thu, 16 Jun 2005 15:35:35 +0000 (GMT) (envelope-from sbhasin@gmail.com) Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.204]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4C01543D1D for ; Thu, 16 Jun 2005 15:35:34 +0000 (GMT) (envelope-from sbhasin@gmail.com) Received: by rproxy.gmail.com with SMTP id i8so361840rne for ; Thu, 16 Jun 2005 08:35:34 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=milEMgvpsXexUGmFrcv1owKYSx99inZ93Kd9dIHMoJrOiuQv0PAa+FC1k4MOSiA3n3GEMOmBzX+U1RJnTwi4dIwcabtumKp74I2MR/u+LFwOGG0mXCa3PEXfnD2X2CEbeNNduvAs+oQZ0jgAJEzBvqWa802y26Acxz+bgMv7HNU= Received: by 10.38.65.4 with SMTP id n4mr620673rna; Thu, 16 Jun 2005 08:35:34 -0700 (PDT) Received: by 10.38.208.60 with HTTP; Thu, 16 Jun 2005 08:35:34 -0700 (PDT) Message-ID: Date: Thu, 16 Jun 2005 08:35:34 -0700 From: Saurabh Bhasin To: Neo-Vortex In-Reply-To: <20050616232236.A26561@Neo-Vortex.net> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <20050616232236.A26561@Neo-Vortex.net> X-Mailman-Approved-At: Fri, 17 Jun 2005 12:42:01 +0000 Cc: freebsd-security@freebsd.org Subject: Re: last command - strange entries? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Saurabh Bhasin List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Jun 2005 15:35:35 -0000 > The last command uses /var/log/wtmp and /var/log/utmp (mabe even > /var/log/lastlog) - anyway, the point is, it uses those files to get the > information, now, it appears as if they have become corrupt, mabe by > userland/kernel land desynch? bad upgrade? tried a reboot? >=20 > Else, can you give us more details about the system, past upgrades, > intrusions? Thanks for the explanation. I do understand the above and for sanity sake did every single thing to determine if my box was broken into. However, it turns out that the file did get corrupted (this behavior started to appear after a system reboot which required manual fsck). Simple re-creation of the file worked out just fine.