From owner-freebsd-security@FreeBSD.ORG Tue Jan 1 19:44:39 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0828716A468 for ; Tue, 1 Jan 2008 19:44:39 +0000 (UTC) (envelope-from mailman.msc@gmail.com) Received: from wa-out-1112.google.com (wa-out-1112.google.com [209.85.146.176]) by mx1.freebsd.org (Postfix) with ESMTP id D25EB13C4EC for ; Tue, 1 Jan 2008 19:44:38 +0000 (UTC) (envelope-from mailman.msc@gmail.com) Received: by wa-out-1112.google.com with SMTP id k17so8955438waf.3 for ; Tue, 01 Jan 2008 11:44:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:mime-version:content-type:content-transfer-encoding:content-disposition; bh=OssYA+Ir6PrIdNy+hvZXLz6Sq6V2tHqovsEB0Np9Ra0=; b=c8wrxVFLFRkr4mc0B7JsKXj79RIKhP9s2bYJwymCvZno6vUEtbB7x69s3snizAwD9mapMaF6qRP9hVdNYSqEasxzUELy3m6ZsOQ3Z0zqYhtikn05bi4j/ZuaVfXTzwH8vBsW7qoC3idAnqbcgVyVDbikvywfhMFwO/gt8m9wF/E= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:mime-version:content-type:content-transfer-encoding:content-disposition; b=QBzuNNyVe4HO3CfxijTqLATozRkH6GpmONCF58m/M+o+siKXCizrTeqUzcJsbIdjyKLiGLgXPiO/ZGzCVOckFc7CXKvufElmL4DENffQb4OGpSbs5tL6eVabj5LU5JEWNtn3z2iLnW6c9xoxqKKyA39IU3nsE0pH0Buzm1FSd/g= Received: by 10.114.254.1 with SMTP id b1mr13531761wai.140.1199216677725; Tue, 01 Jan 2008 11:44:37 -0800 (PST) Received: by 10.115.110.4 with HTTP; Tue, 1 Jan 2008 11:44:37 -0800 (PST) Message-ID: Date: Wed, 2 Jan 2008 03:44:37 +0800 From: "Anjang Aki" To: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Cc: mailman.msc@gmail.com Subject: Tracking user's activity X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Jan 2008 19:44:39 -0000 Greetings, I've been looking for a proper way to to track down user's activity inside the shell as I'm helping my colleague to configure a web hosting and shell hosting server. Someone have referred me to this article -- http://bsdtips.utcorp.net/mediawiki/index.php/Snoop which is using 'watch' commands to view user's activity once they logged in to the server I found that this 'watch' utility is very useful and are able to fulfill my needs but I can only be able to watch the activity once I'm logging to the server at the time the users are logging in. Is there is any way that logging user's activity can be done without a need for me to login at the server at the same time? Perhaps the activity can be logged into a file and I can read it later. Or is there is any other utility I can use just to monitor user's activity as the server is misused by a user previously and I don't want it to happen again in the future. Best regards, -- -- Anjang Aki -- mailman.msc@gmail.com From owner-freebsd-security@FreeBSD.ORG Tue Jan 1 20:26:22 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C74D316A418 for ; Tue, 1 Jan 2008 20:26:22 +0000 (UTC) (envelope-from frank.mailinglists@gmail.com) Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.176]) by mx1.freebsd.org (Postfix) with ESMTP id 7E56B13C457 for ; Tue, 1 Jan 2008 20:26:22 +0000 (UTC) (envelope-from frank.mailinglists@gmail.com) Received: by py-out-1112.google.com with SMTP id u52so9583394pyb.10 for ; Tue, 01 Jan 2008 12:26:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding; bh=KWgbMAKAiP/C+6fRDUH/v7hIUdaaV3w4RV1RB0IZU3U=; b=M8yIwW2YijK0YG9jAe5DuSOXw+pRsocBZNThX+5XH5SffZQkyYcQT/XOy9Tl4mXAi/0B8WvMvBzWSile38Xkl5aDImrRWkMEhR4mGNS9jXR9CnLYHnUuG85+W+BAKm5GphjW8CfK5DXZRfDU0OxthK7Jpt3kMRCMh5rYvj8Iv5E= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding; b=RMT3o3nG5FXEehWKd7qAy2tdfShgtKEj0T+m5eEv7xxUeA5Zhof3hCoXchF0OqqSWPtov8vpds9dZObWa9g2TZzDcduuenq0tDOFIK5yW+3Ff0tYq3rUN5a0nCHS8q0smeREZxAHe7KIyof5mV4MIcX6l+3jeOE2oaKWQadEpac= Received: by 10.64.199.2 with SMTP id w2mr27721393qbf.11.1199217729189; Tue, 01 Jan 2008 12:02:09 -0800 (PST) Received: from RockYourEars.com ( [66.130.98.195]) by mx.google.com with ESMTPS id q14sm7668071qbq.33.2008.01.01.12.02.07 (version=TLSv1/SSLv3 cipher=RC4-MD5); Tue, 01 Jan 2008 12:02:08 -0800 (PST) Message-ID: <477A9BBA.3030703@gmail.com> Date: Tue, 01 Jan 2008 14:59:54 -0500 From: Frank User-Agent: Thunderbird 2.0.0.9 (X11/20071203) MIME-Version: 1.0 To: Anjang Aki References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-security@freebsd.org Subject: Re: Tracking user's activity X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Jan 2008 20:26:22 -0000 Anjang Aki wrote: > Greetings, > > I've been looking for a proper way to to track down user's activity > inside the shell as I'm helping my colleague to configure a web > hosting and shell hosting server. > > Someone have referred me to this article -- > http://bsdtips.utcorp.net/mediawiki/index.php/Snoop which is using > 'watch' commands to view user's activity once they logged in to the > server > > I found that this 'watch' utility is very useful and are able to > fulfill my needs but I can only be able to watch the activity once I'm > logging to the server at the time the users are logging in. > > Is there is any way that logging user's activity can be done without a > need for me to login at the server at the same time? Perhaps the > activity can be logged into a file and I can read it later. > > Or is there is any other utility I can use just to monitor user's > activity as the server is misused by a user previously and I don't > want it to happen again in the future. > > Best regards, > > > Hello! You can use "script filename" and start doing your stuff. The user can press CTRL-D when he's finished doing his stuff so the content can be flushed to the file. Happy new year, Frank From owner-freebsd-security@FreeBSD.ORG Tue Jan 1 21:59:09 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DC66716A417 for ; Tue, 1 Jan 2008 21:59:09 +0000 (UTC) (envelope-from kkutzko@teksavvy.com) Received: from ironport2-out.pppoe.ca (ironport2-out.pppoe.ca [206.248.154.182]) by mx1.freebsd.org (Postfix) with ESMTP id A763113C458 for ; Tue, 1 Jan 2008 21:59:09 +0000 (UTC) (envelope-from kkutzko@teksavvy.com) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Ao8CAC4/ekdMCqa7/2dsb2JhbACmOAQ X-IronPort-AV: E=Sophos;i="4.24,231,1196658000"; d="scan'208";a="12164537" Received: from mail.pppoe.ca ([65.39.192.132]) by ironport2-out.pppoe.ca with ESMTP; 01 Jan 2008 16:29:48 -0500 Received: from kevin ([76.10.166.187]) by mail.pppoe.ca (Internet Mail Server v1.0) with ASMTP id HWE05948; Tue, 01 Jan 2008 16:29:48 -0500 From: "Kevin K" To: "'Anjang Aki'" References: <477A9BBA.3030703@gmail.com> In-Reply-To: <477A9BBA.3030703@gmail.com> Date: Tue, 1 Jan 2008 16:29:44 -0500 Message-ID: <000301c84cbd$6d81c450$48854cf0$@com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 12.0 Thread-Index: AchMtKGnlM8IAndCR6qOYkpGeVNmvwACKzaQ Content-Language: en-us Cc: freebsd-security@freebsd.org Subject: RE: Tracking user's activity X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Jan 2008 21:59:09 -0000 You could also just run the watch command in a screen session or even daemonize it, if possible. -----Original Message----- From: owner-freebsd-security@freebsd.org [mailto:owner-freebsd-security@freebsd.org] On Behalf Of Frank Sent: Tuesday, January 01, 2008 3:00 PM To: Anjang Aki Cc: freebsd-security@freebsd.org Subject: Re: Tracking user's activity Anjang Aki wrote: > Greetings, > > I've been looking for a proper way to to track down user's activity > inside the shell as I'm helping my colleague to configure a web > hosting and shell hosting server. > > Someone have referred me to this article -- > http://bsdtips.utcorp.net/mediawiki/index.php/Snoop which is using > 'watch' commands to view user's activity once they logged in to the > server > > I found that this 'watch' utility is very useful and are able to > fulfill my needs but I can only be able to watch the activity once I'm > logging to the server at the time the users are logging in. > > Is there is any way that logging user's activity can be done without a > need for me to login at the server at the same time? Perhaps the > activity can be logged into a file and I can read it later. > > Or is there is any other utility I can use just to monitor user's > activity as the server is misused by a user previously and I don't > want it to happen again in the future. > > Best regards, > > > Hello! You can use "script filename" and start doing your stuff. The user can press CTRL-D when he's finished doing his stuff so the content can be flushed to the file. Happy new year, Frank _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" __________ NOD32 2759 (20080101) Information __________ This message was checked by NOD32 antivirus system. http://www.eset.com From owner-freebsd-security@FreeBSD.ORG Tue Jan 1 22:55:48 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 523AF16A420 for ; Tue, 1 Jan 2008 22:55:48 +0000 (UTC) (envelope-from jchambers@ucla.edu) Received: from smtp-14.smtp.ucla.edu (smtp-14.smtp.ucla.edu [169.232.46.250]) by mx1.freebsd.org (Postfix) with ESMTP id 1F2AA13C4E1 for ; Tue, 1 Jan 2008 22:55:48 +0000 (UTC) (envelope-from jchambers@ucla.edu) Received: from mail.ucla.edu (mail.ucla.edu [169.232.46.158]) by smtp-14.smtp.ucla.edu (8.14.2/8.14.2) with ESMTP id m01MLhlH008874; Tue, 1 Jan 2008 14:21:43 -0800 Received: from rome.local (ip8061f526.host.ucla.edu [128.97.245.38]) (authenticated bits=0) by mail.ucla.edu (8.13.8/8.13.8) with ESMTP id m01MLgso028370 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 1 Jan 2008 14:21:43 -0800 Message-ID: <477ABD07.3020102@ucla.edu> Date: Tue, 01 Jan 2008 14:21:59 -0800 From: Jason Chambers Organization: UCLA User-Agent: Thunderbird 2.0.0.9 (Macintosh/20071031) MIME-Version: 1.0 To: Anjang Aki References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Probable-Spam: no X-Spam-Report: none X-Scanned-By: smtp.ucla.edu on 169.232.46.250 Cc: freebsd-security@freebsd.org Subject: Re: Tracking user's activity X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Jan 2008 22:55:48 -0000 Old, but good. /usr/ports/security/snoopy/pkg-descr snoopy is merely a shared library that is used as a wrapper to the execve() function provided by libc as to log every call to syslog (authpriv). system administrators may find snoopy useful in tasks such as light/heavy system monitoring, tracking other administrator's actions as well as getting a good 'feel' of what's going on in the system (for example apache running cgi scripts). WWW: http://sourceforge.net/projects/snoopylogger/ Anjang Aki wrote: > Greetings, > > I've been looking for a proper way to to track down user's activity > inside the shell as I'm helping my colleague to configure a web > hosting and shell hosting server. > > From owner-freebsd-security@FreeBSD.ORG Wed Jan 2 00:37:01 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1861C16A468 for ; Wed, 2 Jan 2008 00:37:01 +0000 (UTC) (envelope-from mailman.msc@gmail.com) Received: from wa-out-1112.google.com (wa-out-1112.google.com [209.85.146.180]) by mx1.freebsd.org (Postfix) with ESMTP id E0F4C13C469 for ; Wed, 2 Jan 2008 00:37:00 +0000 (UTC) (envelope-from mailman.msc@gmail.com) Received: by wa-out-1112.google.com with SMTP id k17so9099077waf.3 for ; Tue, 01 Jan 2008 16:37:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=vESJmiWwMkRIbl6UN2h/NQJdcnVfW8WnTa0dw2/GK30=; b=Lnf0hzCiukaRBhHohDRZgtsJZzMviMY4ZjcT9R0DLc08TUeb02AUVJ1U913UvWvnTa2fvWF48/NMPn1LggqztSB0Xijqzm6umFgl6DEPNCcO1sz9JyP0meDbxhpphxJHC4jYSKpDE3+CSadT2knzgEfOFfxckUdBz3D57Vp3Cn4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=AlzRx8PKMR5gFNsBDxWLc/FSsYX3cu0DoFjjhlaIrink5DR7ivYBooB1DxaHixMfTTwXgYBthrDDVZR7lR81uJgJVwR6oc5fWVeml5ulEiq6f0WR6/6HEBmk0vo3UTcNOchV3MWURlnCddaySiXTzjZm3tDK5vt/PUim8gEubXo= Received: by 10.114.179.1 with SMTP id b1mr14100892waf.143.1199234220606; Tue, 01 Jan 2008 16:37:00 -0800 (PST) Received: by 10.115.110.4 with HTTP; Tue, 1 Jan 2008 16:37:00 -0800 (PST) Message-ID: Date: Wed, 2 Jan 2008 08:37:00 +0800 From: "Anjang Aki" To: "Jason Chambers" In-Reply-To: <477ABD07.3020102@ucla.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <477ABD07.3020102@ucla.edu> Cc: freebsd-security@freebsd.org, mailman.msc@gmail.com Subject: Re: Tracking user's activity X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Jan 2008 00:37:01 -0000 Greetings again, Seems like this utility suits my need. I have installed it using ports but couldn't find any clue where the log file for snoopy is saved or whether snoopy is running on my system. Based on Kevin K reply: "You could also just run the watch command in a screen session or even daemonize it, if possible." ..perhaps this watch process can be automated using script but my scripting skills is poor. Any advice is greatly appreciated in advanced. Regards, On 1/2/08, Jason Chambers wrote: > Old, but good. > > /usr/ports/security/snoopy/pkg-descr > > snoopy is merely a shared library that is used as a wrapper > to the execve() function provided by libc as to log every call > to syslog (authpriv). system administrators may find snoopy > useful in tasks such as light/heavy system monitoring, tracking other > administrator's actions as well as getting a good 'feel' of > what's going on in the system (for example apache running cgi > scripts). > > WWW: http://sourceforge.net/projects/snoopylogger/ > > > > Anjang Aki wrote: > > Greetings, > > > > I've been looking for a proper way to to track down user's activity > > inside the shell as I'm helping my colleague to configure a web > > hosting and shell hosting server. > > > > > > -- -- Anjang Aki -- From owner-freebsd-security@FreeBSD.ORG Wed Jan 2 12:00:08 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B57B916A4DA for ; Wed, 2 Jan 2008 12:00:08 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.freebsd.org (Postfix) with ESMTP id 8E6A013C461 for ; Wed, 2 Jan 2008 12:00:08 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id E61DC4921C; Wed, 2 Jan 2008 07:00:07 -0500 (EST) Date: Wed, 2 Jan 2008 12:00:07 +0000 (GMT) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: Anjang Aki In-Reply-To: Message-ID: <20080102115544.A30578@fledge.watson.org> References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-security@freebsd.org Subject: Re: Tracking user's activity X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Jan 2008 12:00:08 -0000 On Wed, 2 Jan 2008, Anjang Aki wrote: > I've been looking for a proper way to to track down user's activity inside > the shell as I'm helping my colleague to configure a web hosting and shell > hosting server. > > Someone have referred me to this article -- > http://bsdtips.utcorp.net/mediawiki/index.php/Snoop which is using 'watch' > commands to view user's activity once they logged in to the server > > I found that this 'watch' utility is very useful and are able to fulfill my > needs but I can only be able to watch the activity once I'm logging to the > server at the time the users are logging in. > > Is there is any way that logging user's activity can be done without a need > for me to login at the server at the same time? Perhaps the activity can be > logged into a file and I can read it later. > > Or is there is any other utility I can use just to monitor user's activity > as the server is misused by a user previously and I don't want it to happen > again in the future. On recent FreeBSD versions, you can use the security event auditing facility to log all programs run by the user. This isn't quite the same as all commands, as some commands are internal to the shell (i.e., "echo", "alias", "cd", etc), but would certainly give you a trail of all substantive commands (editor sessions, etc). Take a look at the FreeBSD handbook chapter on audit. Make sure to set the policy flag to capture the full command line, not just the command itself. http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/audit.html I use the following /etc/security/audit_control to configure command line auditing on my shell boxes: dir:/var/audit flags:lo,+ex minfree:20 naflags:lo,+ex policy:cnt,argv filesz:104857600 I also have audit_warn configured to compress the trails when they are cycled, per the example in the chapter. You can then use auditreduce and praudit to select and print records in various forms. If you're not interested in auditing commands by all users, you can use the audit_user config file to specify +ex auditing for just that one user. Robert N M Watson Computer Laboratory University of Cambridge > > Best regards, > > > -- > -- Anjang Aki -- > mailman.msc@gmail.com > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > From owner-freebsd-security@FreeBSD.ORG Wed Jan 2 21:18:16 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 252CF16A418 for ; Wed, 2 Jan 2008 21:18:16 +0000 (UTC) (envelope-from gunther.mayer@googlemail.com) Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.182]) by mx1.freebsd.org (Postfix) with ESMTP id CF11013C4CC for ; Wed, 2 Jan 2008 21:18:15 +0000 (UTC) (envelope-from gunther.mayer@googlemail.com) Received: by py-out-1112.google.com with SMTP id u52so10097680pyb.10 for ; Wed, 02 Jan 2008 13:18:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding; bh=Wy2D+mkD3kLtw/duaxy1Oc+xrIyelYL6S/2sfLBGRzk=; b=J3hnjpb1Zb6zm5Udd1pck8WIrDMJpWoc7fadbtaJVPR+m1gTHOhdNsLHgRtnIEXxYhkIM6mQBxkye9BJU+x6/w1Jmc1Cs1YlI+HGvM3IpdVu48fUzCMcr7Gf6T6aRAVyLqGOTPt9SUlyx1Va4SXdXNo0vbLs5R0Y7QLfWecjQ6s= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding; b=XO9UoIL/NGjxE7+nnOczc3EgfL7o/LVJkt5nM79iKtGWGuO29f1yLAJd5pAxVeoK1nHdRX6HPYGZ/6LoXHRn+2TWnCjn9RCpCElV2wrlKPU30Ajck0xTn6QVqh7niLYxvArL3aVozFzqIy+TzaYQK4asc4sGHcbp+SxyDWGOhFE= Received: by 10.110.31.5 with SMTP id e5mr2785834tie.35.1199308693892; Wed, 02 Jan 2008 13:18:13 -0800 (PST) Received: from ?172.25.0.106? ( [41.245.173.38]) by mx.google.com with ESMTPS id i14sm5362075wxd.11.2008.01.02.13.18.10 (version=TLSv1/SSLv3 cipher=RC4-MD5); Wed, 02 Jan 2008 13:18:12 -0800 (PST) Message-ID: <477BFF43.6060003@googlemail.com> Date: Wed, 02 Jan 2008 23:16:51 +0200 From: Gunther Mayer User-Agent: Thunderbird 2.0.0.6 (X11/20071022) MIME-Version: 1.0 To: Mike Silbersack References: <477277FF.30504@googlemail.com> <86myrvhht9.fsf@ds4.des.no> <20071227195833.154b41ae@kan.dnsalias.net> <4774EB0F.90103@googlemail.com> <20071228200428.J6052@odysseus.silby.com> In-Reply-To: <20071228200428.J6052@odysseus.silby.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Wed, 02 Jan 2008 21:33:43 +0000 Cc: freebsd-security@freebsd.org Subject: Re: ProPolice/SSP in 7.0 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Jan 2008 21:18:16 -0000 Thanks everyone for answering my questions so far. Mike Silbersack wrote: > It's too late to make that sort of change for FreeBSD 7.0, but I think > that's a good goal for FreeBSD 8.0. > > Here's what I think you could do: > > 1. Verify that enabling SSP works properly. Ok, I will certainly do that once 7.0 is out and I can run it for a while on our testing box. > 2. Convince Kris Kennaway to run his mysql benchmarks on a FreeBSD 8 > system both with and without SSP to verify that there is no > significant slowdown. Hmm, I guess Kris is not subscribed to -security? Maybe I'll have to post in -questions then... > 3. Get it enabled on FreeBSD 8 by default. > 4. Request that the change be made to FreeBSD 7.1 or 7.2 after it has > proven to not cause problems on FreeBSD 8. Ok, but what's the best way to go about that? Don't see that being documented in the handbook. Do you suggest a post on -questions or a send-pr or both? From owner-freebsd-security@FreeBSD.ORG Thu Jan 3 11:19:10 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6675C16A419 for ; Thu, 3 Jan 2008 11:19:10 +0000 (UTC) (envelope-from qpadla@gmail.com) Received: from fk-out-0910.google.com (fk-out-0910.google.com [209.85.128.191]) by mx1.freebsd.org (Postfix) with ESMTP id E873013C45D for ; Thu, 3 Jan 2008 11:19:09 +0000 (UTC) (envelope-from qpadla@gmail.com) Received: by fk-out-0910.google.com with SMTP id b27so8939399fka.11 for ; Thu, 03 Jan 2008 03:19:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:reply-to:to:subject:date:user-agent:references:in-reply-to:cc:mime-version:content-type:content-transfer-encoding:content-disposition:message-id; bh=C/6RPbT/VzE53/tVYZawp0rglHZfeG/ieN5ZIsQYo4s=; b=MpkBUzNrT+z0fLazeyv5X6bJ4woLf18eGZQqeH84n/EOUT4DDQ9Ados/GVyoeJEt8l18US/yPvj8EJTBmwGbKjvWcP5jThul7jZy/XLq0V5Q8Wfy3KXwmLDSp9ZV6umJcDJ16Sdl+5zApu4nWFRjTiArcmqM3SdkM5+Y8HvkRTM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:reply-to:to:subject:date:user-agent:references:in-reply-to:cc:mime-version:content-type:content-transfer-encoding:content-disposition:message-id; b=bBN7sa4Npew67o9WBeW9dgmIBr86uPp2lPzkms/z98Us3r/1zd7vLa11pqMDnBeUp+/l8zwb0ALhrU96K5l4R84j0NtkqxF+Xz/1mnyFutsYyokJVFySGcWzQ8qMmqrwX9HPe2+z7HUACE/mtZhOTCxTkYK+hqvtplS6aqrDGL8= Received: by 10.78.190.10 with SMTP id n10mr17850619huf.37.1199357512921; Thu, 03 Jan 2008 02:51:52 -0800 (PST) Received: from orion ( [89.162.141.1]) by mx.google.com with ESMTPS id f3sm21288519nfh.15.2008.01.03.02.51.51 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 03 Jan 2008 02:51:52 -0800 (PST) From: Nikolay Pavlov To: freebsd-security@freebsd.org Date: Thu, 3 Jan 2008 12:51:49 +0200 User-Agent: KMail/1.9.6 (enterprise 0.20070907.709405) References: <477277FF.30504@googlemail.com> <20071228200428.J6052@odysseus.silby.com> <477BFF43.6060003@googlemail.com> In-Reply-To: <477BFF43.6060003@googlemail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200801031251.49378.qpadla@gmail.com> Cc: arch@freebsd.org Subject: Re: ProPolice/SSP in 7.0 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: qpadla@gmail.com List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Jan 2008 11:19:10 -0000 On Wednesday 02 January 2008 23:16:51 Gunther Mayer wrote: > Thanks everyone for answering my questions so far. > > Mike Silbersack wrote: > > It's too late to make that sort of change for FreeBSD 7.0, but I think > > that's a good goal for FreeBSD 8.0. > > > > Here's what I think you could do: > > > > 1. Verify that enabling SSP works properly. > > Ok, I will certainly do that once 7.0 is out and I can run it for a > while on our testing box. > > > 2. Convince Kris Kennaway to run his mysql benchmarks on a FreeBSD 8 > > system both with and without SSP to verify that there is no > > significant slowdown. > > Hmm, I guess Kris is not subscribed to -security? Maybe I'll have to > post in -questions then... But you can cc him directly. > > > 3. Get it enabled on FreeBSD 8 by default. > > 4. Request that the change be made to FreeBSD 7.1 or 7.2 after it has > > proven to not cause problems on FreeBSD 8. > > Ok, but what's the best way to go about that? Don't see that being > documented in the handbook. Do you suggest a post on -questions or a > send-pr or both? Since this change is related to whole the system the arch would be a better place. -- ====================================================================== - Best regards, Nikolay Pavlov. <<<----------------------------------- ====================================================================== From owner-freebsd-security@FreeBSD.ORG Fri Jan 4 08:18:29 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7BE5B16A417 for ; Fri, 4 Jan 2008 08:18:29 +0000 (UTC) (envelope-from silby@silby.com) Received: from relay02.pair.com (relay02.pair.com [209.68.5.16]) by mx1.freebsd.org (Postfix) with SMTP id 13AD113C448 for ; Fri, 4 Jan 2008 08:18:28 +0000 (UTC) (envelope-from silby@silby.com) Received: (qmail 98842 invoked from network); 4 Jan 2008 08:18:28 -0000 Received: from unknown (HELO localhost) (unknown) by unknown with SMTP; 4 Jan 2008 08:18:28 -0000 X-pair-Authenticated: 209.68.2.70 Date: Fri, 4 Jan 2008 02:18:27 -0600 (CST) From: Mike Silbersack To: Gunther Mayer In-Reply-To: <477BFF43.6060003@googlemail.com> Message-ID: <20080104021241.R11336@odysseus.silby.com> References: <477277FF.30504@googlemail.com> <86myrvhht9.fsf@ds4.des.no> <20071227195833.154b41ae@kan.dnsalias.net> <4774EB0F.90103@googlemail.com> <20071228200428.J6052@odysseus.silby.com> <477BFF43.6060003@googlemail.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-security@freebsd.org Subject: Re: ProPolice/SSP in 7.0 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Jan 2008 08:18:29 -0000 On Wed, 2 Jan 2008, Gunther Mayer wrote: >> 2. Convince Kris Kennaway to run his mysql benchmarks on a FreeBSD 8 >> system both with and without SSP to verify that there is no significant >> slowdown. > Hmm, I guess Kris is not subscribed to -security? Maybe I'll have to post in > -questions then... Just e-mail him directly. >> 3. Get it enabled on FreeBSD 8 by default. >> 4. Request that the change be made to FreeBSD 7.1 or 7.2 after it has >> proven to not cause problems on FreeBSD 8. > Ok, but what's the best way to go about that? Don't see that being documented > in the handbook. Do you suggest a post on -questions or a send-pr or both? Follow Jeremie's example. Put up a webpage with all of your changes explaining why they're great and should go into 8.0, then post that to -arch. If that doesn't work, post it to -hackers, if that doesn't work... basically, you just need to find a committer who also thinks it's a good idea and is willing to commit it. Apologize to Jeremie if he had patches to finish the job and they didn't get in. Everyone was rushing to get things in before code freeze, but then the 7.0 release has been massively delayed because of instability we found out about after the fact. :( Mike "Silby" Silbersack