From owner-freebsd-security@FreeBSD.ORG Sun Aug 3 02:19:06 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 03E981065673 for ; Sun, 3 Aug 2008 02:19:06 +0000 (UTC) (envelope-from bob@sinister.com) Received: from neptune.sinister.com (neptune.sinister.com [65.18.170.128]) by mx1.freebsd.org (Postfix) with ESMTP id CEBCF8FC23 for ; Sun, 3 Aug 2008 02:19:05 +0000 (UTC) (envelope-from bob@sinister.com) Received: from bob (helo=localhost) by neptune.sinister.com with local-esmtp (Exim 4.63) (envelope-from ) id 1KPT2T-0000Fy-DD; Sat, 02 Aug 2008 22:09:41 -0400 Date: Sat, 2 Aug 2008 22:09:41 -0400 (EDT) From: Bob Keyes To: Poul-Henning Kamp In-Reply-To: <3228.1217718204@critter.freebsd.dk> Message-ID: References: <3228.1217718204@critter.freebsd.dk> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Mailman-Approved-At: Sun, 03 Aug 2008 02:24:11 +0000 Cc: freebsd-security@freebsd.org Subject: Re: The BIND scandal X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Aug 2008 02:19:06 -0000 On Sat, 2 Aug 2008, Poul-Henning Kamp wrote: > In message , Bob Keyes > writes: > >> Until reasonable and diplomatic people are installed as the security >> contacts for organizations such as FreeBSD, I will only make patches >> available to me and my close friends. > > I can warmly recommend you read the book "Blackmailing for dummies", > as I can see that you make several classical beginner mistakes in > this attempt. I really don't care to blackmail anyone. That's what's really great about the BSD license, I can keep my fixes to myself. Of course, what I am wondering right now is, why did I even bother telling you all this. But some of your are as well. Maybe there's some area for agreement. From owner-freebsd-security@FreeBSD.ORG Sun Aug 3 07:05:31 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 667D0106567B for ; Sun, 3 Aug 2008 07:05:31 +0000 (UTC) (envelope-from phk@critter.freebsd.dk) Received: from phk.freebsd.dk (phk.freebsd.dk [130.225.244.222]) by mx1.freebsd.org (Postfix) with ESMTP id 29F6A8FC16 for ; Sun, 3 Aug 2008 07:05:29 +0000 (UTC) (envelope-from phk@critter.freebsd.dk) Received: from critter.freebsd.dk (unknown [192.168.64.3]) by phk.freebsd.dk (Postfix) with ESMTP id CD600170E4; Sun, 3 Aug 2008 07:05:26 +0000 (UTC) Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.14.2/8.14.2) with ESMTP id m7375P5Z004658; Sun, 3 Aug 2008 07:05:25 GMT (envelope-from phk@critter.freebsd.dk) To: Bob Keyes From: "Poul-Henning Kamp" In-Reply-To: Your message of "Sat, 02 Aug 2008 22:09:41 -0400." Date: Sun, 03 Aug 2008 07:05:25 +0000 Message-ID: <4657.1217747125@critter.freebsd.dk> Sender: phk@critter.freebsd.dk Cc: freebsd-security@freebsd.org Subject: Re: The BIND scandal X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Aug 2008 07:05:31 -0000 In message , Bob Keyes writes: >Of course, what I am wondering right now is, why did I even bother telling >you all this. But some of your are as well. No, I'm not wondering the least, it was pretty obvious that you behaved like a spurned primadonna type and now you were going to tell us how much we were missing out because we did not cater to your every whim and fancy. And since you had nothing concrete to bargain with, all you could do was say "Ha!, then you can't play with my dolls!" and go home with your nose in the sky, hoping that we would feel really miserable. Well, we don't. The FreeBSD project has been attempted blackmailed many times over the year, and it havn't worked yet, and it won't ever, if I can prevent it. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. From owner-freebsd-security@FreeBSD.ORG Sun Aug 3 08:06:53 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1A7FE106564A for ; Sun, 3 Aug 2008 08:06:53 +0000 (UTC) (envelope-from ady@ady.ro) Received: from wf-out-1314.google.com (wf-out-1314.google.com [209.85.200.174]) by mx1.freebsd.org (Postfix) with ESMTP id EA2B18FC12 for ; Sun, 3 Aug 2008 08:06:52 +0000 (UTC) (envelope-from ady@ady.ro) Received: by wf-out-1314.google.com with SMTP id 24so1389776wfg.7 for ; Sun, 03 Aug 2008 01:06:52 -0700 (PDT) Received: by 10.142.132.2 with SMTP id f2mr4453238wfd.287.1217749310240; Sun, 03 Aug 2008 00:41:50 -0700 (PDT) Received: by 10.142.54.14 with HTTP; Sun, 3 Aug 2008 00:41:50 -0700 (PDT) Message-ID: <78cb3d3f0808030041w2e0627d4jacf5d0b4abaf0ce1@mail.gmail.com> Date: Sun, 3 Aug 2008 09:41:50 +0200 From: "Adrian Penisoara" Sender: ady@ady.ro To: "Poul-Henning Kamp" In-Reply-To: <4657.1217747125@critter.freebsd.dk> MIME-Version: 1.0 References: <4657.1217747125@critter.freebsd.dk> X-Google-Sender-Auth: 3afc65fe8f849f06 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-security@freebsd.org, Bob Keyes Subject: Re: The BIND scandal X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Aug 2008 08:06:53 -0000 Hi, On Sun, Aug 3, 2008 at 9:05 AM, Poul-Henning Kamp wrote: > > The FreeBSD project has been attempted blackmailed many times over > the year, and it havn't worked yet, and it won't ever, if I can > prevent it. > Sorry to suddenly stump into this, but can we get a bit more background on what is being referred to here and also the initial mail ? Just point me to relevant references if there are any, besides [1]. Mind me, but I think this may not be the most professional way to deal with such situations and I hate to see such (kiddish ?) arguments flow by on a FreeBSD/security list... [1] http://seclists.org/bugtraq/2000/Dec/0317.html Thank you, Adrian. From owner-freebsd-security@FreeBSD.ORG Sun Aug 3 17:21:35 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 73CF31065680 for ; Sun, 3 Aug 2008 17:21:35 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from mail2.fluidhosting.com (mx23.fluidhosting.com [204.14.89.6]) by mx1.freebsd.org (Postfix) with ESMTP id AEB638FC1A for ; Sun, 3 Aug 2008 17:21:34 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: (qmail 12911 invoked by uid 399); 3 Aug 2008 17:21:33 -0000 Received: from localhost (HELO lap.dougb.net) (dougb@dougbarton.us@127.0.0.1) by localhost with ESMTPAM; 3 Aug 2008 17:21:33 -0000 X-Originating-IP: 127.0.0.1 X-Sender: dougb@dougbarton.us Message-ID: <4895E91B.3000002@FreeBSD.org> Date: Sun, 03 Aug 2008 10:21:31 -0700 From: Doug Barton Organization: http://www.FreeBSD.org/ User-Agent: Thunderbird 2.0.0.16 (X11/20080726) MIME-Version: 1.0 To: freebsd-security@freebsd.org References: In-Reply-To: X-Enigmail-Version: 0.95.6 OpenPGP: id=D5B2F0FB Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: The BIND scandal X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Aug 2008 17:21:35 -0000 Bob is quite obviously trolling for a fight here, and I'm definitely not going to get sucked into that. I would like to point out however that the _DNS_ vulnerability that is currently in wide discussion is not in any way related to BIND, it's a fundamental flaw in the protocol related to response forgery. All major vendors of DNS systems and the IETF working groups on DNS are trying to find a permanent solution for this problem. As a stop-gap measure ISC has adopted the same solution for BIND that has proven effective for other vendors, randomizing the query source port. You can find more information about this issue here: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447 http://www.kb.cert.org/vuls/id/800113 http://tools.ietf.org/html/draft-ietf-dnsext-forgery-resilience Hope this helps, Doug -- This .signature sanitized for your protection From owner-freebsd-security@FreeBSD.ORG Sun Aug 3 18:23:38 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7CDAB106566B for ; Sun, 3 Aug 2008 18:23:38 +0000 (UTC) (envelope-from matt@chronos.org.uk) Received: from chronos.org.uk (chronos-pt.tunnel.tserv5.lon1.ipv6.he.net [IPv6:2001:470:1f08:12b::2]) by mx1.freebsd.org (Postfix) with ESMTP id C54E38FC0A for ; Sun, 3 Aug 2008 18:23:37 +0000 (UTC) (envelope-from matt@chronos.org.uk) Received: from workstation2.local.chronos.org.uk (chronos@workstation2.local.chronos.org.uk [IPv6:2001:470:1f09:12b::21]) (authenticated bits=0) by chronos.org.uk (8.14.2/8.14.2) with ESMTP id m73INWm9043492 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Sun, 3 Aug 2008 19:23:33 +0100 (BST) (envelope-from matt@chronos.org.uk) X-DKIM: Sendmail DKIM Filter v2.7.0 chronos.org.uk m73INWm9043492 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=chronos.org.uk; s=mail; t=1217787816; bh=ZLBp4xFK9C8J8Vmq8fhmBl6Bqtxelp7oCSxpmDoCTS 8=; h=From:To:Subject:Date:References:In-Reply-To:MIME-Version: Content-Type:Content-Transfer-Encoding:Message-Id; b=lY7TltPqSzg+K 2dX/qUkqEefjhxFDcOv4wa/mVdxvXyeyMjIN+cVWBpRqtDcDd2tkg6RUcuTZKGTjbwk ruSc8KHRnNnIT2WnxTkYjgf0gij6XXNIn+d4Fmd7YhvtfPDynpiQqJcD4scmAHPJfFE 0NJUnZ/5AJt303Q4a2Se1RFs= From: Matt Dawson To: freebsd-security@freebsd.org Date: Sun, 3 Aug 2008 19:23:31 +0100 User-Agent: KMail/1.9.7 References: <4895E91B.3000002@FreeBSD.org> In-Reply-To: <4895E91B.3000002@FreeBSD.org> X-Face: Uq{{&_!oO{M&ydj?-f%{D]bN7/|/]a+utod35[+IyH#R>F~YPffK,=?iso-8859-1?q?=25=60=7D=25=0A?= FTMbmzo,]0X3K:N&{h7],FI{?EkORzB; f:V3"vKXsUNw5Yh`}ef4MZ*a4,=?iso-8859-1?q?ObuJ=5F=26=5B1S=27zP=5CK0wcKZP=0A?= =?iso-8859-1?q?_=60=23L=25=5Dq*OUPQ-4T=3FHZ=7EAKX0=7D3W=25o=3DP?= X-Spam-Status: No, score=-2.5 required=3.0 tests=AWL,BAYES_00,NO_RELAYS autolearn=ham version=3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on central.local.chronos.org.uk X-Virus-Scanned: ClamAV 0.93.3/7924/Sun Aug 3 18:44:07 2008 on central.local.chronos.org.uk X-Virus-Status: Clean X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (chronos.org.uk [IPv6:2001:470:1f09:12b::1]); Sun, 03 Aug 2008 19:23:36 +0100 (BST) Subject: Re: The BIND scandal X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Aug 2008 18:23:38 -0000 On Sunday 03 Aug 2008, Doug Barton wrote: > Hope this helps, What actually did help was your most rapid update of the BIND ports to -p2 yesterday. You managed all of them three hours before I got the SANS handler's diary on the new releases from RSS! Just wanted to say thanks for that. Your work is appreciated. -- Matt Dawson. matt@chronos.org.uk MTD15-RIPE From owner-freebsd-security@FreeBSD.ORG Mon Aug 4 05:43:45 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8DCF6106566B for ; Mon, 4 Aug 2008 05:43:45 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from mail2.fluidhosting.com (mx23.fluidhosting.com [204.14.89.6]) by mx1.freebsd.org (Postfix) with ESMTP id 1BB2F8FC2E for ; Mon, 4 Aug 2008 05:43:44 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: (qmail 3015 invoked by uid 399); 4 Aug 2008 05:43:44 -0000 Received: from localhost (HELO lap.dougb.net) (dougb@dougbarton.us@127.0.0.1) by localhost with ESMTPAM; 4 Aug 2008 05:43:44 -0000 X-Originating-IP: 127.0.0.1 X-Sender: dougb@dougbarton.us Message-ID: <4896970E.1080205@FreeBSD.org> Date: Sun, 03 Aug 2008 22:43:42 -0700 From: Doug Barton Organization: http://www.FreeBSD.org/ User-Agent: Thunderbird 2.0.0.16 (X11/20080726) MIME-Version: 1.0 To: Matt Dawson References: <4895E91B.3000002@FreeBSD.org> <200808031923.31775.matt@chronos.org.uk> In-Reply-To: <200808031923.31775.matt@chronos.org.uk> X-Enigmail-Version: 0.95.6 OpenPGP: id=D5B2F0FB Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-security@freebsd.org Subject: BIND -P2 update plans (Was: Re: The BIND scandal) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Aug 2008 05:43:45 -0000 Matt Dawson wrote: > On Sunday 03 Aug 2008, Doug Barton wrote: >> Hope this helps, > > What actually did help was your most rapid update of the BIND ports to -p2 > yesterday. You managed all of them three hours before I got the SANS > handler's diary on the new releases from RSS! > > Just wanted to say thanks for that. Your work is appreciated. Thank you for the kind words. :) Since this update is performance related rather than directly security related I plan to give people a chance to update from ports and provide feedback before I update the base in HEAD and [67]-stable. So if you run a busy resolving name server, especially if you were having problems with -P1, then please let me know how -P2 works for you. Doug -- This .signature sanitized for your protection From owner-freebsd-security@FreeBSD.ORG Mon Aug 4 06:25:19 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D94B2106567C for ; Mon, 4 Aug 2008 06:25:19 +0000 (UTC) (envelope-from LConrad@Go2France.com) Received: from mgw1.MEIway.com (mgw1.meiway.com [81.255.84.75]) by mx1.freebsd.org (Postfix) with ESMTP id 929008FC26 for ; Mon, 4 Aug 2008 06:25:19 +0000 (UTC) (envelope-from LConrad@Go2France.com) Received: from VirusGate.MEIway.com (virusgate.meiway.com [81.255.84.76]) by mgw1.MEIway.com (Postfix Relay Hub) with ESMTP id 443EE471ABF for ; Mon, 4 Aug 2008 07:52:50 +0200 (CEST) Received: from localhost (localhost.MEIWay.com [127.0.0.1]) by VirusGate.MEIway.com (Postfix) with SMTP id 72D2438698B for ; Mon, 4 Aug 2008 07:52:50 +0200 (CEST) (envelope-from LConrad@Go2France.com) X-AV-Checked: Mon Aug 4 07:52:50 2008 virusgate.meiway.com Received: from mail.Go2France.com (ms1.meiway.com [81.255.84.73]) by VirusGate.MEIway.com (Postfix) with ESMTP id 43D32386949 for ; Mon, 4 Aug 2008 07:52:50 +0200 (CEST) (envelope-from LConrad@Go2France.com) Received: from TX2.Go2France.com [66.90.247.9] by mail.Go2France.com with ESMTP (SMTPD32-7.07) id A779A5E8011E; Mon, 04 Aug 2008 07:45:29 +0200 X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9 Date: Mon, 04 Aug 2008 00:52:20 -0500 To: freebsd-security@freebsd.org From: Len Conrad In-Reply-To: <4896970E.1080205@FreeBSD.org> References: <4895E91B.3000002@FreeBSD.org> <200808031923.31775.matt@chronos.org.uk> <4896970E.1080205@FreeBSD.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Message-Id: <20080804074531.SM01596@TX2.Go2France.com> Subject: Re: BIND -P2 update plans (Was: Re: The BIND scandal) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Aug 2008 06:25:20 -0000 http://www.freshports.org/search.php?query=bind9&search=go&num=10&stype=name&method=match&deleted=excludedeleted&start=1&casesensitivity=caseinsensitive ... shows 9.5.0.2 but the PortsMon page shows Latest as 9.5.0.1 Len From owner-freebsd-security@FreeBSD.ORG Mon Aug 4 16:38:19 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 818271065679 for ; Mon, 4 Aug 2008 16:38:19 +0000 (UTC) (envelope-from thomas@gibfest.dk) Received: from mail.gibfest.dk (tyknet.dk [80.160.141.33]) by mx1.freebsd.org (Postfix) with ESMTP id 3861C8FC16 for ; Mon, 4 Aug 2008 16:38:19 +0000 (UTC) (envelope-from thomas@gibfest.dk) Received: from mail.gibfest.dk (localhost [127.0.0.1]) by mail.gibfest.dk (Postfix) with ESMTP id A91ABB92D for ; Mon, 4 Aug 2008 18:20:31 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on doobie.tyknet.cn.dom X-Spam-Level: X-Spam-Status: No, score=-4.4 required=5.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham version=3.2.5 Received: from [10.10.1.111] (tykling.tyknet.cn.dom [10.10.1.111]) by mail.gibfest.dk (Postfix) with ESMTP id 92E62B8A2 for ; Mon, 4 Aug 2008 18:20:31 +0200 (CEST) Message-ID: <48972C4E.6010706@gibfest.dk> Date: Mon, 04 Aug 2008 18:20:30 +0200 From: Thomas Rasmussen User-Agent: Thunderbird 2.0.0.16 (Windows/20080708) MIME-Version: 1.0 To: freebsd-security@freebsd.org References: <4895E91B.3000002@FreeBSD.org> <200808031923.31775.matt@chronos.org.uk> <4896970E.1080205@FreeBSD.org> In-Reply-To: <4896970E.1080205@FreeBSD.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: BIND -P2 update plans (Was: Re: The BIND scandal) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Aug 2008 16:38:19 -0000 > Thank you for the kind words. :) > > Since this update is performance related rather than directly security > related I plan to give people a chance to update from ports and > provide feedback before I update the base in HEAD and [67]-stable. So > if you run a busy resolving name server, especially if you were having > problems with -P1, then please let me know how -P2 works for you. > > > Doug > Hello, I'd also like to thank you for updating the port so fast, I was hoping for sometime during the weekend, and was pleasantly surprised to see it available so fast. I've posted to the bind-users list to say this, but to confirm here: On 7-STABLE from a few weeks ago on a couple of busy recursive servers, this patch made an extreme positive difference. I was having problems with constant timeouts, very slow recursive lookups when they did work, and frequent errors about too many open files or somesuch in messages (regardless of kern.maxfiles and FD_SETSIZE settings), all of this disappeared when I applied P2. Number of successful queries almost doubled the minute I restarted with the -P2 patch applied, no more slowness or timeouts. This is the bind9.4 port by the way, 9.5 had even more weird errors and behaviour. I've since seen various sources claiming that 9.5 isn't ready for primetime on busy resolvers, so I'll wait for a while before moving on to 9.5. For the record, I have compiled dns/bind94 with make CFLAGS="-DFD_SETSIZE=65000" install clean to avoid "too many open file descriptors" errors, but with this setting (and increasing kern.maxfiles with sysctl) everything seems to be running nicely. -P2 might have removed the need for increasing FD_SETSIZE but this works, and for now I'll leave it at that. These servers have peak loads at around 1000 queries per second. They are both quad core 2-3ghz boxes with a couple of gigs of ram, and the cpu is around 50% utilized when the servers are busy. If you need more information please let me know. Best regards and thank you for all your work. Thomas Rasmussen From owner-freebsd-security@FreeBSD.ORG Tue Aug 5 05:06:40 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E02401065694 for ; Tue, 5 Aug 2008 05:06:40 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from mail2.fluidhosting.com (mx23.fluidhosting.com [204.14.89.6]) by mx1.freebsd.org (Postfix) with ESMTP id 8656E8FC1A for ; Tue, 5 Aug 2008 05:06:40 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: (qmail 28487 invoked by uid 399); 5 Aug 2008 05:06:39 -0000 Received: from localhost (HELO lap.dougb.net) (dougb@dougbarton.us@127.0.0.1) by localhost with ESMTPAM; 5 Aug 2008 05:06:39 -0000 X-Originating-IP: 127.0.0.1 X-Sender: dougb@dougbarton.us Message-ID: <4897DFDE.5030406@FreeBSD.org> Date: Mon, 04 Aug 2008 22:06:38 -0700 From: Doug Barton Organization: http://www.FreeBSD.org/ User-Agent: Thunderbird 2.0.0.16 (X11/20080726) MIME-Version: 1.0 To: Thomas Rasmussen References: <4895E91B.3000002@FreeBSD.org> <200808031923.31775.matt@chronos.org.uk> <4896970E.1080205@FreeBSD.org> <48972C4E.6010706@gibfest.dk> In-Reply-To: <48972C4E.6010706@gibfest.dk> X-Enigmail-Version: 0.95.6 OpenPGP: id=D5B2F0FB Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-security@freebsd.org Subject: Re: BIND -P2 update plans (Was: Re: The BIND scandal) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Aug 2008 05:06:41 -0000 Thomas Rasmussen wrote: > I've posted to the bind-users list to say this, but to confirm here: On > 7-STABLE from a few weeks ago on a couple of busy recursive servers, > this patch made an extreme positive difference. I was having problems > with constant timeouts, very slow recursive lookups when they did work, > and frequent errors about too many open files or somesuch in messages > (regardless of kern.maxfiles and FD_SETSIZE settings), all of this > disappeared when I applied P2. Number of successful queries almost > doubled the minute I restarted with the -P2 patch applied, no more > slowness or timeouts. That's good news even taking your change to fd_setsize into account. > This is the bind9.4 port by the way, 9.5 had even more weird errors and > behaviour. I've since seen various sources claiming that 9.5 isn't ready > for primetime on busy resolvers, so I'll wait for a while before moving > on to 9.5. Yeah, if you don't have time to help debug the problems then sticking with 9.4 is a good decision. OTOH they can use all the help they can get. :) > For the record, I have compiled dns/bind94 with > > make CFLAGS="-DFD_SETSIZE=65000" install clean > > to avoid "too many open file descriptors" errors, but with this setting > (and increasing kern.maxfiles with sysctl) everything seems to be > running nicely. -P2 might have removed the need for increasing > FD_SETSIZE but this works, and for now I'll leave it at that. I can certainly understand not wanting to change something that's working, but I would like to get at least a couple of users to confirm that -P2 works out of the box before I import them. I don't mind adding a "big fd_setsize" knob to the ports and the base, but I want to be sure it's needed first. Doug -- This .signature sanitized for your protection From owner-freebsd-security@FreeBSD.ORG Fri Aug 8 13:45:21 2008 Return-Path: Delivered-To: freebsd-security@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BDA2A1065671; Fri, 8 Aug 2008 13:45:21 +0000 (UTC) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (lurza.secnetix.de [212.17.241.230]) by mx1.freebsd.org (Postfix) with ESMTP id 36B8A8FC0A; Fri, 8 Aug 2008 13:45:20 +0000 (UTC) (envelope-from olli@lurza.secnetix.de) Received: from lurza.secnetix.de (localhost [127.0.0.1]) by lurza.secnetix.de (8.14.1/8.14.1) with ESMTP id m78DIaIX017556; Fri, 8 Aug 2008 15:18:37 +0200 (CEST) (envelope-from oliver.fromme@secnetix.de) Received: (from olli@localhost) by lurza.secnetix.de (8.14.1/8.14.1/Submit) id m78DIaXJ017555; Fri, 8 Aug 2008 15:18:36 +0200 (CEST) (envelope-from olli) Date: Fri, 8 Aug 2008 15:18:36 +0200 (CEST) Message-Id: <200808081318.m78DIaXJ017555@lurza.secnetix.de> From: Oliver Fromme To: freebsd-stable@FreeBSD.ORG, freebsd-security@FreeBSD.ORG, thompsa@FreeBSD.ORG In-Reply-To: <20080807173525.GB37969@citylink.fud.org.nz> X-Newsgroups: list.freebsd-stable User-Agent: tin/1.8.3-20070201 ("Scotasay") (UNIX) (FreeBSD/6.2-STABLE-20070808 (i386)) MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.1.2 (lurza.secnetix.de [127.0.0.1]); Fri, 08 Aug 2008 15:18:37 +0200 (CEST) Cc: Subject: Re: should looking at an interface with 'ifconfig' trigger a ?change ? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-stable@FreeBSD.ORG, freebsd-security@FreeBSD.ORG, thompsa@FreeBSD.ORG List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Aug 2008 13:45:21 -0000 Andrew Thompson wrote: > Pete French wrote: > > > The bce driver is not properly generating link state events. > > > > OK, that explains why it doesnt failover - but why does looking at it > > with ifconfig make a difference ? surely that should be 'read only ? > > ifconfig will cause the media status to be read from the hardware at > which time the link change is generated as it is different to the stored > value. Shouldn't that be considered a security flaw? After all, you can perform "ifconfig $IF" inside a jail to list the interface configuration, but you're not allowed to make any changes. Given your description above, it means that it is possible to modify the interface configuration (cause a failover) from within a jail. That's not good. I think that needs to be fixed, or at the very least it needs to be properly documented. Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd "I started using PostgreSQL around a month ago, and the feeling is similar to the switch from Linux to FreeBSD in '96 -- 'wow!'." -- Oddbjorn Steffensen From owner-freebsd-security@FreeBSD.ORG Fri Aug 8 14:00:58 2008 Return-Path: Delivered-To: freebsd-security@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6A39D106564A for ; Fri, 8 Aug 2008 14:00:58 +0000 (UTC) (envelope-from mh@kernel32.de) Received: from crivens.kernel32.de (crivens.terrorteam.de [81.169.171.191]) by mx1.freebsd.org (Postfix) with ESMTP id 1EE768FC19 for ; Fri, 8 Aug 2008 14:00:57 +0000 (UTC) (envelope-from mh@kernel32.de) Received: from www.terrorteam.de (localhost [127.0.0.1]) by crivens.kernel32.de (Postfix) with ESMTP id 3FFC3B0297; Fri, 8 Aug 2008 16:00:56 +0200 (CEST) MIME-Version: 1.0 Date: Fri, 8 Aug 2008 16:00:56 +0200 From: Marian Hettwer To: freebsd-stable@FreeBSD.ORG, freebsd-security@FreeBSD.ORG, thompsa@FreeBSD.ORG In-Reply-To: <200808081318.m78DIaXJ017555@lurza.secnetix.de> References: <200808081318.m78DIaXJ017555@lurza.secnetix.de> Message-ID: <293d3dc9ebaee1119424aa58532d3c5d@localhost> X-Sender: mh@kernel32.de User-Agent: RoundCube Webmail/0.1-rc2 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit Cc: Subject: Re: should looking at an interface with 'ifconfig' trigger a?change ? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Aug 2008 14:00:58 -0000 Hi Oliver, On Fri, 8 Aug 2008 15:18:36 +0200 (CEST), Oliver Fromme wrote: > Andrew Thompson wrote: > > Pete French wrote: > > > > The bce driver is not properly generating link state events. > > > > > > OK, that explains why it doesnt failover - but why does looking at it > > > with ifconfig make a difference ? surely that should be 'read only ? > > > > ifconfig will cause the media status to be read from the hardware at > > which time the link change is generated as it is different to the > stored > > value. > > Shouldn't that be considered a security flaw? After all, > you can perform "ifconfig $IF" inside a jail to list the > interface configuration, but you're not allowed to make > any changes. > > Given your description above, it means that it is possible > to modify the interface configuration (cause a failover) > from within a jail. That's not good. I think that needs > to be fixed, or at the very least it needs to be properly > documented. > And regarding documentation. It should be documented, that lagg(4) won't work very well with bce(4). If it's nowhere documented that bce and failover with lagg doesn't work, some people might be screwed... Just my 0,02 cents ./Marian From owner-freebsd-security@FreeBSD.ORG Sat Aug 9 11:05:59 2008 Return-Path: Delivered-To: freebsd-security@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CEFB81065671; Sat, 9 Aug 2008 11:05:59 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.freebsd.org (Postfix) with ESMTP id A35B98FC1A; Sat, 9 Aug 2008 11:05:59 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id E17BF46CC8; Sat, 9 Aug 2008 07:05:58 -0400 (EDT) Date: Sat, 9 Aug 2008 12:05:58 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: freebsd-stable@FreeBSD.ORG, freebsd-security@FreeBSD.ORG, thompsa@FreeBSD.ORG In-Reply-To: <200808081318.m78DIaXJ017555@lurza.secnetix.de> Message-ID: References: <200808081318.m78DIaXJ017555@lurza.secnetix.de> User-Agent: Alpine 1.10 (BSF 962 2008-03-14) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: Subject: Re: should looking at an interface with 'ifconfig' trigger a ?change ? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Aug 2008 11:05:59 -0000 On Fri, 8 Aug 2008, Oliver Fromme wrote: > Andrew Thompson wrote: > > Pete French wrote: > > > > The bce driver is not properly generating link state events. > > > > > > OK, that explains why it doesnt failover - but why does looking at it > > > with ifconfig make a difference ? surely that should be 'read only ? > > > > ifconfig will cause the media status to be read from the hardware at which > > time the link change is generated as it is different to the stored value. > > Shouldn't that be considered a security flaw? After all, you can perform > "ifconfig $IF" inside a jail to list the interface configuration, but you're > not allowed to make any changes. > > Given your description above, it means that it is possible to modify the > interface configuration (cause a failover) from within a jail. That's not > good. I think that needs to be fixed, or at the very least it needs to be > properly documented. While obviously a serious bug (link state notifications are required so that, for example, aggregates can take interfaces going down, or up, into account), I don't see this as a security flaw. The administrator intends for the higher abstraction state transition to be triggered by the lower one, but the problem is that the time it takes for that notification to take place is effectively non-deterministic. If they didn't want the higher level transition to take place, then they shouldn't have configured it that way. On the whole, we make no attempt to limit covert channels from jails to the host system, and there are potentially lots of interactions between them, so its not a violation of the security policy for jails. That said, this definitely needs to be fixed, as things like fail-over and routing updates happen pretty poorly otherwise. The epistemology of security flaws is complicated, needless to say... Robert N M Watson Computer Laboratory University of Cambridge From owner-freebsd-security@FreeBSD.ORG Sat Aug 9 06:20:55 2008 Return-Path: Delivered-To: freebsd-security@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 78B7F106564A; Sat, 9 Aug 2008 06:20:55 +0000 (UTC) (envelope-from thompsa@FreeBSD.org) Received: from pele.citylink.co.nz (pele.citylink.co.nz [202.8.44.226]) by mx1.freebsd.org (Postfix) with ESMTP id 351578FC0C; Sat, 9 Aug 2008 06:20:55 +0000 (UTC) (envelope-from thompsa@FreeBSD.org) Received: from localhost (localhost [127.0.0.1]) by pele.citylink.co.nz (Postfix) with ESMTP id DF5202BD3A; Sat, 9 Aug 2008 18:20:53 +1200 (NZST) X-Virus-Scanned: Debian amavisd-new at citylink.co.nz Received: from pele.citylink.co.nz ([127.0.0.1]) by localhost (pele.citylink.co.nz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yqqownbsQiLY; Sat, 9 Aug 2008 18:20:50 +1200 (NZST) Received: from citylink.fud.org.nz (unknown [202.8.44.45]) by pele.citylink.co.nz (Postfix) with ESMTP; Sat, 9 Aug 2008 18:20:50 +1200 (NZST) Received: by citylink.fud.org.nz (Postfix, from userid 1001) id 8ECBB1142A; Sat, 9 Aug 2008 18:20:49 +1200 (NZST) Date: Fri, 8 Aug 2008 23:20:49 -0700 From: Andrew Thompson To: Marian Hettwer Message-ID: <20080809062049.GC95107@citylink.fud.org.nz> References: <200808081318.m78DIaXJ017555@lurza.secnetix.de> <293d3dc9ebaee1119424aa58532d3c5d@localhost> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <293d3dc9ebaee1119424aa58532d3c5d@localhost> User-Agent: Mutt/1.5.17 (2007-11-01) X-Mailman-Approved-At: Sat, 09 Aug 2008 13:30:38 +0000 Cc: freebsd-security@FreeBSD.ORG, freebsd-stable@FreeBSD.ORG Subject: Re: should looking at an interface with 'ifconfig' trigger a?change ? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Aug 2008 06:20:55 -0000 On Fri, Aug 08, 2008 at 04:00:56PM +0200, Marian Hettwer wrote: > Hi Oliver, > > On Fri, 8 Aug 2008 15:18:36 +0200 (CEST), Oliver Fromme > > > > Shouldn't that be considered a security flaw? After all, > > you can perform "ifconfig $IF" inside a jail to list the > > interface configuration, but you're not allowed to make > > any changes. > > > > Given your description above, it means that it is possible > > to modify the interface configuration (cause a failover) > > from within a jail. That's not good. I think that needs > > to be fixed, or at the very least it needs to be properly > > documented. > > > And regarding documentation. It should be documented, that lagg(4) won't > work very well with bce(4). If it's nowhere documented that bce and > failover with lagg doesn't work, some people might be screwed... I guess so although bce will not be the only one. Also spanning tree, carp and dhclient use link state events too, possibly others. Andrew From owner-freebsd-security@FreeBSD.ORG Sat Aug 9 06:23:45 2008 Return-Path: Delivered-To: freebsd-security@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EA0A11065684; Sat, 9 Aug 2008 06:23:45 +0000 (UTC) (envelope-from thompsa@FreeBSD.org) Received: from pele.citylink.co.nz (pele.citylink.co.nz [202.8.44.226]) by mx1.freebsd.org (Postfix) with ESMTP id A68188FC1C; Sat, 9 Aug 2008 06:23:45 +0000 (UTC) (envelope-from thompsa@FreeBSD.org) Received: from localhost (localhost [127.0.0.1]) by pele.citylink.co.nz (Postfix) with ESMTP id 144152BD18; Sat, 9 Aug 2008 18:01:31 +1200 (NZST) X-Virus-Scanned: Debian amavisd-new at citylink.co.nz Received: from pele.citylink.co.nz ([127.0.0.1]) by localhost (pele.citylink.co.nz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1PJkLwBnRsNj; Sat, 9 Aug 2008 18:01:27 +1200 (NZST) Received: from citylink.fud.org.nz (unknown [202.8.44.45]) by pele.citylink.co.nz (Postfix) with ESMTP; Sat, 9 Aug 2008 18:01:27 +1200 (NZST) Received: by citylink.fud.org.nz (Postfix, from userid 1001) id 141DA1142A; Sat, 9 Aug 2008 18:01:27 +1200 (NZST) Date: Fri, 8 Aug 2008 23:01:26 -0700 From: Andrew Thompson To: freebsd-stable@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Message-ID: <20080809060126.GB95107@citylink.fud.org.nz> References: <20080807173525.GB37969@citylink.fud.org.nz> <200808081318.m78DIaXJ017555@lurza.secnetix.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200808081318.m78DIaXJ017555@lurza.secnetix.de> User-Agent: Mutt/1.5.17 (2007-11-01) X-Mailman-Approved-At: Sat, 09 Aug 2008 13:34:04 +0000 Cc: Subject: Re: should looking at an interface with 'ifconfig' trigger a ?change ? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Aug 2008 06:23:46 -0000 On Fri, Aug 08, 2008 at 03:18:36PM +0200, Oliver Fromme wrote: > Andrew Thompson wrote: > > Pete French wrote: > > > > The bce driver is not properly generating link state events. > > > > > > OK, that explains why it doesnt failover - but why does looking at it > > > with ifconfig make a difference ? surely that should be 'read only ? > > > > ifconfig will cause the media status to be read from the hardware at > > which time the link change is generated as it is different to the stored > > value. > > Shouldn't that be considered a security flaw? After all, > you can perform "ifconfig $IF" inside a jail to list the > interface configuration, but you're not allowed to make > any changes. > > Given your description above, it means that it is possible > to modify the interface configuration (cause a failover) > from within a jail. That's not good. I think that needs > to be fixed, or at the very least it needs to be properly > documented. I dont think its a security flaw, this is meant to happen automatically after all. You cant make ifconfig change the link status within a jail, just catch up on reality. Andrew