From owner-freebsd-security Mon May 27 5:46: 6 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.dev.itouchnet.net (devco.net [196.15.188.2]) by hub.freebsd.org (Postfix) with ESMTP id 9F9B737B405 for ; Mon, 27 May 2002 05:45:59 -0700 (PDT) Received: from nobody by mx1.dev.itouchnet.net with scanned_ok (Exim 3.35 #1) id 17CJt1-000D51-00 for FreeBSD-Security@freebsd.org; Mon, 27 May 2002 14:46:07 +0200 Received: from shell.devco.net ([196.15.188.7]) by mx1.dev.itouchnet.net with esmtp (Exim 3.35 #1) id 17CJt0-000D4g-00; Mon, 27 May 2002 14:46:06 +0200 Received: from bvi by shell.devco.net with local (Exim 3.33 #4) id 17CJt1-000K48-00; Mon, 27 May 2002 14:46:07 +0200 Date: Mon, 27 May 2002 14:46:07 +0200 From: Barry Irwin To: Jerry Murdock Cc: Shoichi Sakane , FreeBSD-Security@FreeBSD.ORG Subject: Re: Racoon SA Hard/Soft Lifetimes Message-ID: <20020527144607.R38967@itouchlabs.com> References: <20020525122004P.sakane@kame.net> <20020525133315.86705.qmail@web14603.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020525133315.86705.qmail@web14603.mail.yahoo.com>; from jerry_murdock@yahoo.com on Sat, May 25, 2002 at 06:33:15AM -0700 X-Checked: Scanned for any viruses and unauthorized attachments at mx1.dev.itouchnet.net X-iScan-ID: 50279-1022503567-23729@mx1.dev.itouchnet.net version $Name: REL_2_0_2 $ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi All I have tracked this down as being available in 4.5< However I can find mo mention of any of the net.key.* sysctls in the man pages, anyone aware of a description, or is it a case of read the source ? Barry On Sat 2002-05-25 (06:33), Jerry Murdock wrote: > > > > try like the following, > > # sysctl -w net.key.preferred_oldsa=0 > > Sounds like exactly what I was looking for, unfortunately it doesn't seem to > have any effect. > > I still see the counters for the old SA incrementing, and nothing going out the > new SA until the old one expires completely. > > For now, I've modified racoon to set the soft lifetime to "hard lifetime - 10 > seconds." The value seems to work quite well for the connection in question > with no apparent key-renegotiation packet loss. > -- Barry Irwin bvi@itouchlabs.com +27214875177 Systems Administrator: Networks And Security Itouch Labs http://www.itouchlabs.com South Africa To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 27 11: 4:13 2002 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 83BCF37B405 for ; Mon, 27 May 2002 11:04:02 -0700 (PDT) Received: (from peter@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g4RI42q92542 for security@freebsd.org; Mon, 27 May 2002 11:04:02 -0700 (PDT) (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 27 May 2002 11:04:02 -0700 (PDT) Message-Id: <200205271804.g4RI42q92542@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: security@FreeBSD.org Subject: Current problem reports assigned to you Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Current FreeBSD problem reports No matches to your query To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue May 28 1:58:57 2002 Delivered-To: freebsd-security@freebsd.org Received: from carolina.rr.com (213-96-224-148.uc.nombres.ttd.es [213.96.224.148]) by hub.freebsd.org (Postfix) with SMTP id 8669B37B409; Tue, 28 May 2002 01:57:15 -0700 (PDT) Reply-To: Message-ID: <035c66c03e3a$5655e8a7$2ee86ca4@ahjhrg> From: To: Cc: , , , , , , Subject: I can help you lose weight Date: Sun, 26 May 0102 23:33:48 +1200 MiME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6700 Importance: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello ! If you're like me, you've tried EVERYTHING to lose weight. I know how you feel - the special diets, miracle pills, and fancy exercise equipment never helped me lose a pound either. It seemed like the harder I tried, the bigger I got, until I heard about a product called Extreme Power Plus. You're probably thinking to yourself, "Oh geez, not another miracle diet pill!" Like you, I was skeptical at first, but my sister swore it helped her lose 23 pounds in just two weeks, so I told her I'd give it a shot. I mean, there was nothing to lose except a lot of weight! Let me tell you, it was the best decision I've ever made. Period. Six months later, as I'm writing this message to you, I've gone from 355 pounds to 210 pounds, and I haven't changed my exercise routine or diet at all. Yes, I still eat pizza, and lots of it! I was so happy with the results that I contacted the manufacturer and got permission to resell it - at a BIG discount. I want to help other people lose weight like I did, because it does so much for your self-esteem, not to mention your health. I give you my personal pledge that Extreme Power Plus absolutely WILL WORK FOR YOU. If it doesn't, you can return it any time for a full refund. If you are frustrated with trying other products, not having any success, and just not getting the results you were promised, then I recommend the only product that worked for me - EXTREME POWER PLUS. You're probably asking yourself, "Ok, so how does this stuff actually work?" Extreme Power Plus contains Lipotropic fat burners and ephedra which is scientifically proven to increase metabolism and cause rapid weight loss. No "hocus pocus" in these pills - just RESULTS, RESULTS, RESULTS!! Here is the bottom line ... I can help you lose 10-15 pounds per week naturally, without exercising and without having to eat rice cakes all day. Just try it for one month - there's nothing to lose, and everything to gain. You will lose weight fast - GUARANTEED. That is my pledge to you. To order Extreme Power Plus on our secure server, just click on the link below: http://pheromone-labs.com/extremeorderc8.htm If you have difficulty accessing the website above, please try our mirror site by clicking on the link below: http://www.pheromone-labs.com/extremeorderc8.htm To see what some of our customers have said about this product, visit http://pheromone-labs.com/testimonials.htm To see a list of ingredients and for more information on test studies and how it will help you lose weight, visit http://pheromone-labs.com/howitworks.htm ************************************************************* If you do not wish to receive any more emails from me, please send an email to "affiliate5@btamail.net.cn" requesting to be removed. ************************************************************* 6531lwUw2-510QKfB8281SJJv5-638JTcS6847rBeD8-186oEEh3639Ul53 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue May 28 8:49:30 2002 Delivered-To: freebsd-security@freebsd.org Received: from orngca-mls03.socal.rr.com (orngca-mls03.socal.rr.com [66.75.160.18]) by hub.freebsd.org (Postfix) with ESMTP id 8A19037B407; Tue, 28 May 2002 08:47:30 -0700 (PDT) Received: from skeletor (sc-66-27-222-45.socal.rr.com [66.27.222.45]) by orngca-mls03.socal.rr.com (8.11.6+Sun/8.11.3) with ESMTP id g4SFlSL12008; Tue, 28 May 2002 08:47:29 -0700 (PDT) From: "Chris Reed" To: , Cc: , , , , , , Subject: RE: I can help you lose weight Date: Tue, 28 May 2002 08:47:30 -0700 Message-ID: <000001c2065e$f9c8bcd0$2dde1b42@skeletor> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 Importance: Normal In-Reply-To: <035c66c03e3a$5655e8a7$2ee86ca4@ahjhrg> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Get this guy outta here! -----Original Message----- From: owner-freebsd-newbies@FreeBSD.ORG [mailto:owner-freebsd-newbies@FreeBSD.ORG] On Behalf Of masterpc@carolina.rr.com Sent: Friday, July 10, 2893 3:44 PM To: fenner@FreeBSD.ORG Cc: freebsd-current@FreeBSD.ORG; freebsd-doc@FreeBSD.ORG; freebsd-fs@FreeBSD.ORG; freebsd-hackers@FreeBSD.ORG; freebsd-newbies@FreeBSD.ORG; freebsd-questions@FreeBSD.ORG; freebsd-security@FreeBSD.ORG Subject: I can help you lose weight Hello ! If you're like me, you've tried EVERYTHING to lose weight. I know how you feel - the special diets, miracle pills, and fancy exercise equipment never helped me lose a pound either. It seemed like the harder I tried, the bigger I got, until I heard about a product called Extreme Power Plus. You're probably thinking to yourself, "Oh geez, not another miracle diet pill!" Like you, I was skeptical at first, but my sister swore it helped her lose 23 pounds in just two weeks, so I told her I'd give it a shot. I mean, there was nothing to lose except a lot of weight! Let me tell you, it was the best decision I've ever made. Period. Six months later, as I'm writing this message to you, I've gone from 355 pounds to 210 pounds, and I haven't changed my exercise routine or diet at all. Yes, I still eat pizza, and lots of it! I was so happy with the results that I contacted the manufacturer and got permission to resell it - at a BIG discount. I want to help other people lose weight like I did, because it does so much for your self-esteem, not to mention your health. I give you my personal pledge that Extreme Power Plus absolutely WILL WORK FOR YOU. If it doesn't, you can return it any time for a full refund. If you are frustrated with trying other products, not having any success, and just not getting the results you were promised, then I recommend the only product that worked for me - EXTREME POWER PLUS. You're probably asking yourself, "Ok, so how does this stuff actually work?" Extreme Power Plus contains Lipotropic fat burners and ephedra which is scientifically proven to increase metabolism and cause rapid weight loss. No "hocus pocus" in these pills - just RESULTS, RESULTS, RESULTS!! Here is the bottom line ... I can help you lose 10-15 pounds per week naturally, without exercising and without having to eat rice cakes all day. Just try it for one month - there's nothing to lose, and everything to gain. You will lose weight fast - GUARANTEED. That is my pledge to you. To order Extreme Power Plus on our secure server, just click on the link below: http://pheromone-labs.com/extremeorderc8.htm If you have difficulty accessing the website above, please try our mirror site by clicking on the link below: http://www.pheromone-labs.com/extremeorderc8.htm To see what some of our customers have said about this product, visit http://pheromone-labs.com/testimonials.htm To see a list of ingredients and for more information on test studies and how it will help you lose weight, visit http://pheromone-labs.com/howitworks.htm ************************************************************* If you do not wish to receive any more emails from me, please send an email to "affiliate5@btamail.net.cn" requesting to be removed. ************************************************************* 6531lwUw2-510QKfB8281SJJv5-638JTcS6847rBeD8-186oEEh3639Ul53 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-newbies" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue May 28 10:58:39 2002 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 3408937B407; Tue, 28 May 2002 10:58:17 -0700 (PDT) Received: (from nectar@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g4SHwHo75682; Tue, 28 May 2002 10:58:17 -0700 (PDT) (envelope-from security-advisories@freebsd.org) Date: Tue, 28 May 2002 10:58:17 -0700 (PDT) Message-Id: <200205281758.g4SHwHo75682@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: nectar set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Notice FreeBSD-SN-02:03 Reply-To: security-advisories@freebsd.org Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SN-02:03 Security Notice The FreeBSD Project Topic: security issues in ports Announced: 2002-05-28 I. Introduction Several ports in the FreeBSD Ports Collection are affected by security issues. These are listed below with references and affected versions. All versions given refer to the FreeBSD port/package version numbers. The listed vulnerabilities are not specific to FreeBSD unless otherwise noted. These ports are not installed by default, nor are they ``part of FreeBSD'' as such. The FreeBSD Ports Collection contains thousands of third-party applications in a ready-to-install format. FreeBSD makes no claim about the security of these third-party applications. See for more information about the FreeBSD Ports Collection. II. Ports +------------------------------------------------------------------------+ Port name: amanda Affected: versions <= amanda-2.3.0.4 Status: Port removed Obsolete versions of Amanda contain multiple buffer overflows. +------------------------------------------------------------------------+ Port name: fetchmail Affected: versions < fetchmail-5.9.11 Status: Fixed +------------------------------------------------------------------------+ Port name: gaim Affected: versions < gaim-0.58 Status: Fixed World-readable temp files allow access to gaim users' hotmail accounts. +------------------------------------------------------------------------+ Port name: gnokii Affected: versions < gnokii-0.4.0.p20,1 Status: Fixed Write access to any file in the filesystem. +------------------------------------------------------------------------+ Port name: horde Affected: versions < horde-1.2.8 Status: Fixed Cross-site scripting attacks. +------------------------------------------------------------------------+ Port name: imap-uw Affected: all versions Status: Not fixed Only when compiled with RFC 1730 support (make -DWITH_RFC1730): Remote buffer overflow yielding non-privileged shell access. +------------------------------------------------------------------------+ Port name: imp Affected: versions < imp-2.2.8 Status: Fixed Cross-site scripting attacks. +------------------------------------------------------------------------+ Port name: linux-netscape6 Affected: versions < 6.2.3 Status: Fixed XMLHttpRequest allows reading of local files. +------------------------------------------------------------------------+ Port name: mnogosearch Affected: versions < mnogosearch-3.1.19_2 Status: Fixed Long query can be abused to execute code with webserver privileges. +------------------------------------------------------------------------+ Port name: mpg321 Affected: versions < mpg321-0.2.9 Status: Fixed Buffer overflow may allow remote attackers to execute arbitrary code via streaming data. +------------------------------------------------------------------------+ Port name: ssh2 Affected: all versions Status: Not fixed Password authentication may be used even if password authentication is disabled. +------------------------------------------------------------------------+ Port name: tinyproxy Affected: versions < tinyproxy-1.5.0 Status: Fixed Invalid query could allow execution of arbitrary code. +------------------------------------------------------------------------+ Port name: webmin Affected: versions < webmin-0.970 Status: Fixed Remote attacker can login to Webmin as any user. +------------------------------------------------------------------------+ III. Upgrading Ports/Packages To upgrade a fixed port/package, perform one of the following: 1) Upgrade your Ports Collection and rebuild and reinstall the port. Several tools are available in the Ports Collection to make this easier. See: /usr/ports/devel/portcheckout /usr/ports/misc/porteasy /usr/ports/sysutils/portupgrade 2) Deinstall the old package and install a new package obtained from [i386] ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/All/ Packages are not automatically generated for other architectures at this time. +------------------------------------------------------------------------+ FreeBSD Security Notices are communications from the Security Officer intended to inform the user community about potential security issues, such as bugs in the third-party applications found in the Ports Collection, which will not be addressed in a FreeBSD Security Advisory. Feedback on Security Notices is welcome at . -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iQCVAwUBPPPEdFUuHi5z0oilAQFW8wP8CXG3dQyI5VPLp0m6frS4BtNtlkjOpq87 R/8FrDizVNGQ88+NzdPPPYWh8joAPGJZSXrWrSWKSge2dqEDK4CTpJ5BFzpQsxUZ kexaZ43DRxrUMQN1AWDyarE+/y8uCk3BnJTWhNLOf2HeOYNekOn/BHQ53ucpoaKs QQEX171+Jnk= =Z1i5 -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue May 28 14:53:19 2002 Delivered-To: freebsd-security@freebsd.org Received: from hex.databits.net (hex.csh.rit.edu [129.21.60.134]) by hub.freebsd.org (Postfix) with SMTP id 4CBC837B406 for ; Tue, 28 May 2002 14:53:12 -0700 (PDT) Received: (qmail 98557 invoked by uid 1001); 28 May 2002 21:28:57 -0000 Date: Tue, 28 May 2002 17:28:57 -0400 From: Pete Fritchman To: security@FreeBSD.org, security-officer@FreeBSD.org Subject: Re: FreeBSD Security Notice FreeBSD-SN-02:03 Message-ID: <20020528172857.B88441@databits.net> References: <200205281758.g4SHwHo75682@freefall.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200205281758.g4SHwHo75682@freefall.freebsd.org>; from security-advisories@freebsd.org on Tue, May 28, 2002 at 10:58:17AM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ++ 28/05/02 10:58 -0700 - FreeBSD Security Advisories: | +------------------------------------------------------------------------+ | Port name: ssh2 | Affected: all versions | Status: Not fixed | Password authentication may be used even if password authentication | is disabled. | | +------------------------------------------------------------------------+ FYI, I've just committed an update to the ssh2 port (now at version 3.1.2) which fixes this problem. Thanks to the port maintainer, larse@ISI.EDU, for his quick response. --pete -- Pete Fritchman [petef@(databits.net|freebsd.org|csh.rit.edu)] finger petef@databits.net for PGP key To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 29 2:51:37 2002 Delivered-To: freebsd-security@freebsd.org Received: from frigg.inter.net.il (frigg.inter.net.il [192.114.186.16]) by hub.freebsd.org (Postfix) with ESMTP id 488A737B404 for ; Wed, 29 May 2002 02:51:32 -0700 (PDT) Received: from main1 ([80.230.140.115]) by frigg.inter.net.il (Mirapoint Messaging Server MOS 3.1.0.58-GA) with SMTP id BLR16755; Wed, 29 May 2002 12:51:29 +0300 (IDT) Message-ID: <001101c206fe$def197b0$738ce650@main1> From: "Retal" To: References: <200205281758.g4SHwHo75682@freefall.freebsd.org> <20020528172857.B88441@databits.net> Subject: Re: FreeBSD Security Notice FreeBSD-SN-02:03 Date: Wed, 29 May 2002 12:52:03 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hm.. The patch is in ttp://www.ssh.com/products/ssh/advisories/authentication.cfm? or its allready placed in the CVS tree? Retal (lirandb@netvision.net.il, retal@retal.co.il) ----- Original Message ----- From: "Pete Fritchman" To: ; Sent: Tuesday, May 28, 2002 11:28 PM Subject: Re: FreeBSD Security Notice FreeBSD-SN-02:03 > ++ 28/05/02 10:58 -0700 - FreeBSD Security Advisories: > | +------------------------------------------------------------------------+ > | Port name: ssh2 > | Affected: all versions > | Status: Not fixed > | Password authentication may be used even if password authentication > | is disabled. > | > | +------------------------------------------------------------------------+ > > FYI, I've just committed an update to the ssh2 port (now at version > 3.1.2) which fixes this problem. Thanks to the port maintainer, > larse@ISI.EDU, for his quick response. > > --pete > > -- > Pete Fritchman [petef@(databits.net|freebsd.org|csh.rit.edu)] > finger petef@databits.net for PGP key > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 29 6: 8:19 2002 Delivered-To: freebsd-security@freebsd.org Received: from smtp21.singnet.com.sg (smtp21.singnet.com.sg [165.21.101.201]) by hub.freebsd.org (Postfix) with ESMTP id 7A12637B400 for ; Wed, 29 May 2002 06:08:13 -0700 (PDT) Received: from cerebus.weeguan.nu (bb-203-125-68-14.singnet.com.sg [203.125.68.14]) by smtp21.singnet.com.sg (8.12.3/8.12.3) with ESMTP id g4TD8CTr002394 for ; Wed, 29 May 2002 21:08:12 +0800 Received: from nexus.weeguan.nu (nexus.weeguan.nu [192.168.0.1]) by cerebus.weeguan.nu (Postfix) with ESMTP id 2C8C63D50 for ; Wed, 29 May 2002 21:08:56 +0800 (SGT) Received: by nexus.weeguan.nu (Postfix, from userid 1001) id 734E65D20; Wed, 29 May 2002 21:08:06 +0800 (SGT) Date: Wed, 29 May 2002 21:08:06 +0800 To: freebsd-security@freebsd.org Subject: Snort producing tcpdump unreadable binary files. Message-ID: <20020529210806.A29200@nexus> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i X-Operating-System: FreeBSD 4.6-RC From: weeguan@hem.passagen.se (Lim Wee Guan) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Dear all, I have started running snort on a firewall machine running FreeBSD 4.6-RC. It is made to log packets using tcpdump binary readable format. i.e. using the -b flag. However, after a while of logging, snort appears to go "crazy" and logs apparently all packets (humongous log files are typical), and if I attempt to read the binary file using tcpdump -r, I get this message at the end of some valid packets: "tcpdump: pcap_loop: bogus savefile header" According to google, some guys had this problem is the past, but it had to do with RedHat Linux machines, and the fact that they changed the libpcap or something like that. This is not RedHat, so what gives? Any advice will be greatly appreciated, as I am currently logging in ASCII, which is not exactly optimal for that slow, grunt machine... ;-) Thanks and regards. -- Lim, Wee Guan | PGP Fingerprint weeguan@myrealbox.com | 430F EF64 2C43 A672 67B3 ICQ: 46537067 | BFE5 6DAA B0C1 E9B1 6332 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 29 9:31: 6 2002 Delivered-To: freebsd-security@freebsd.org Received: from obsecurity.dyndns.org (adsl-64-169-107-187.dsl.lsan03.pacbell.net [64.169.107.187]) by hub.freebsd.org (Postfix) with ESMTP id CFF3337B406 for ; Wed, 29 May 2002 09:30:53 -0700 (PDT) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 5987166DC6; Wed, 29 May 2002 09:30:53 -0700 (PDT) Date: Wed, 29 May 2002 09:30:53 -0700 From: Kris Kennaway To: Lim Wee Guan Cc: freebsd-security@FreeBSD.ORG Subject: Re: Snort producing tcpdump unreadable binary files. Message-ID: <20020529093053.B94904@xor.obsecurity.org> References: <20020529210806.A29200@nexus> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="+g7M9IMkV8truYOl" Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020529210806.A29200@nexus>; from weeguan@hem.passagen.se on Wed, May 29, 2002 at 09:08:06PM +0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --+g7M9IMkV8truYOl Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, May 29, 2002 at 09:08:06PM +0800, Lim Wee Guan wrote: > However, after a while of logging, snort appears to go "crazy" and > logs apparently all packets (humongous log files are typical), and if > I attempt to read the binary file using tcpdump -r, I get this > message at the end of some valid packets: "tcpdump: pcap_loop: bogus > savefile header"=20 I've seen that too; I think it's a problem with the version of pcap we use. I was getting the same problems with plain tcpdump (this is on my PPPoE router system). I'm also seeing snort dying very often inside libpcap. I can't remember if I've tried linking it against the newer version. This isn't really a security question. Kris --+g7M9IMkV8truYOl Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE89QI8Wry0BWjoQKURAjQeAKDFAAja0hmSZK1MHIaRhxnUdtjVVACgpIKe 1sgcBSNGUValm4ZAAyjxWbU= =JNx8 -----END PGP SIGNATURE----- --+g7M9IMkV8truYOl-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 29 9:39:55 2002 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 3485F37B406; Wed, 29 May 2002 09:36:31 -0700 (PDT) Received: (from nectar@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g4TGaVv40767; Wed, 29 May 2002 09:36:31 -0700 (PDT) (envelope-from security-advisories@freebsd.org) Date: Wed, 29 May 2002 09:36:31 -0700 (PDT) Message-Id: <200205291636.g4TGaVv40767@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: nectar set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-02:26.accept Reply-To: security-advisories@freebsd.org Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:26.accept Security Advisory The FreeBSD Project Topic: Remote denial-of-service when using accept filters Category: core Module: kernel Announced: 2002-05-29 Credits: Mike Silbersack Affects: FreeBSD 4.5-RELEASE FreeBSD 4-STABLE after 2001-11-22 and prior to the correction date Corrected: 2002-05-21 18:03:16 UTC (RELENG_4) 2002-05-28 18:27:55 UTC (RELENG_4_5) FreeBSD only: YES I. Background FreeBSD features an accept_filter(9) mechanism which allows an application to request that the kernel pre-process incoming connections. For example, the accf_http(9) accept filter prevents accept(2) from returning until a full HTTP request has been buffered. No accept filters are enabled by default. A system administrator must either compile the FreeBSD kernel with a particular accept filter option (such as ACCEPT_FILTER_HTTP) or load the filter using kldload(8) in order to utilize accept filters. II. Problem Description In the process of adding a syncache to FreeBSD, mechanisms to remove entries from the incomplete listen queue were removed, as only sockets undergoing accept filtering now use the incomplete queue. III. Impact By simply connecting to a socket using accept filtering and holding a few hundred sockets open (~190 with the default backlog value), one may deny access to a service. In addition to malicious users, this affect has also been reported to be caused by worms such as Code Red which generate URLs that do not meet the http accept filter's criteria. Systems are not affected by this bug unless they have enabled accept filters in the kernel and are utilizing an application configured to take advantage of this feature. Apache (versions 1.3.14 and later) is the only application known to utilize accept filters by default. IV. Workaround Do not use accept filters. If you have enabled the ACCEPT_FILTER_DATA or ACCEPT_FILTER_HTTP options in your kernel, remove these options and recompile your kernel as described in and reboot the system. If you have loaded one of the kernel accept filters by using kldload(8), then you must modify your startup scripts not to load these modules and reboot your system. You may list loaded kernel modules by using kldstat(8). If loaded, the HTTP accept filter will be listed as `accf_http.ko', and the Data accept filter will be listed as `accf_data.ko'. For affected versions of Apache, accept filters may be disabled either by adding the directive ``AcceptFilter off'' to your configuration file, or via a compile-time option, depending upon the version. Please see the Apache documentation for details. V. Solution 1) Upgrade your vulnerable system to 4.5-STABLE; or to the RELENG_4_5 (4.5-RELEASE-p6) security branch dated after the respective correction dates. 2) To patch your present system: The following patch has been verified to apply to FreeBSD 4.5-RELEASE and 4.5-STABLE systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:26/accept.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:26/accept.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Path Revision Branch - ------------------------------------------------------------------------- src/sys/kern/uipc_socket.c RELENG_4 1.68.2.21 RELENG_4_5 1.68.2.17.2.1 src/sys/kern/uipc_socket2.c RELENG_4 1.55.2.15 RELENG_4_5 1.55.2.10.2.1 src/sys/conf/newvers.sh RELENG_4_5 1.44.2.20.2.7 - ------------------------------------------------------------------------- VII. References -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iQCVAwUBPPUCC1UuHi5z0oilAQFApAP6ApvgOydr72UHKHXiRZnGxiwBhpyVE+mH 5xdDP45s0GaUChA7GLbpv0hLL5syNPMavo7ygRuqD6pHFA0xpVn3hUXtLh09dhwS YTDWrC2VL9QJmFWIxMNzo0OXD1uDBrlGEk3Ew0jWT2ewe46QW1czpPYCeGg4Bx+i +FzEQ9V4D8k= =W+BP -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 29 9:40:45 2002 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id D7BD437B40B; Wed, 29 May 2002 09:36:35 -0700 (PDT) Received: (from nectar@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g4TGaZX40801; Wed, 29 May 2002 09:36:35 -0700 (PDT) (envelope-from security-advisories@freebsd.org) Date: Wed, 29 May 2002 09:36:35 -0700 (PDT) Message-Id: <200205291636.g4TGaZX40801@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: nectar set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-02:27.rc Reply-To: security-advisories@freebsd.org Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:27.rc Security Advisory The FreeBSD Project Topic: rc uses file globbing dangerously Category: core Module: rc Announced: XXXX-XX-XX Credits: lumpy Affects: FreeBSD 4.4-RELEASE FreeBSD 4.5-RELEASE FreeBSD 4-STABLE prior to the correction date Corrected: 2002-05-09 17:39:01 UTC (RELENG_4) 2002-05-09 17:40:27 UTC (RELENG_4_5) 2002-05-09 17:41:05 UTC (RELENG_4_4) FreeBSD only: YES I. Background rc is the system startup script (/etc/rc). It is run when the FreeBSD is booted multi-user, and performs a multitude of tasks to bring the system up. One of these tasks is to remove lock files left by X Windows, as their existence could prevent one from restarting the X Windows server. II. Problem Description When removing X Windows lock files, rc uses the rm(1) command and shell globbing: rm -f /tmp/.X*-lock /tmp/.X11-unix/* Since /tmp is a world-writable directory, a user may create /tmp/.X11-unix as a symbolic link to an arbitrary directory. The next time that rc is run (i.e. the next time the system is booted), rc will then remove all of the files in that directory. III. Impact Users may remove the contents of arbitrary directories if the /tmp/.X11-unix directory does not already exist and the system can be enticed to reboot (or the user can wait until the next system maintenance window). IV. Workaround Find and remove or comment-out the following line in /etc/rc: rm -f /tmp/.X*-lock /tmp/.X11-unix/* The following command executed as root will do this: /bin/sh -c 'echo -e "/.X11-unix/s/^/#/\nw\nq\n" | /bin/ed -s /etc/rc' V. Solution 1) Upgrade your vulnerable system to 4.5-STABLE; or to either of the RELENG_4_5 (4.5-RELEASE-p6) or RELENG_4_4 (4.4-RELEASE-p13) security branches dated after the respective correction dates. 2) To patch your present system: a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:27/rc.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:27/rc.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Install the new rc script: # cd /usr/src/etc # install -c -o root -g wheel -m 644 rc /etc/rc VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Path Revision Branch - ------------------------------------------------------------------------- src/etc/rc RELENG_4 1.212.2.50 RELENG_4_5 1.212.2.38.2.1 RELENG_4_4 1.212.2.34.2.1 - ------------------------------------------------------------------------- VII. References -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iQCVAwUBPPUCJFUuHi5z0oilAQFP6AQArXkMZig8qYFpb38y1oN5BsnqEHFzasTi pS8emo40Mx9ki4DPRiiLSfzukymVXkjVIcDjKju7qNAxugN4TbZG2AcqZITav0gF i+vdhUnNf5v2Lp8LwwxtsfNIj2aoikXTTwW9fjJFOmQpDOObNYaSg0bMI+13kcIq 4mTmQs507aI= =nn/w -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 29 10:20:40 2002 Delivered-To: freebsd-security@freebsd.org Received: from cvs.openbsd.ru (cvs.openbsd.ru [212.20.30.249]) by hub.freebsd.org (Postfix) with ESMTP id 0EC8A37C0D6 for ; Wed, 29 May 2002 10:11:20 -0700 (PDT) Received: from cvs.openbsd.ru (daemon@localhost [127.0.0.1]) by cvs.openbsd.ru (8.12.2/8.12.2) with ESMTP id g4THBEPi016023 for ; Thu, 30 May 2002 00:11:14 +0700 (NOVST) Received: (from daemon@localhost) by cvs.openbsd.ru (8.12.2/8.12.0/Submit) id g4THBEhq004287; Thu, 30 May 2002 00:11:14 +0700 (NOVST) Date: Thu, 30 May 2002 00:11:14 +0700 (NOVST) Message-Id: <200205291711.g4THBEhq004287@cvs.openbsd.ru> MIME-Version: 1.0 Content-type: text/plain; charset=koi8-r Content-Transfer-Encoding: 8bit From: Minimalist Manager To: FreeBSD-security Subject: Re: T1 ends X-Sender: minimalist@openbsd.ru X-Mailing-List-Server: Minimalist v2.2(2) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ïûéâëá: îÁ ÄÁÎÎÏÍ ÓÅÒ×ÅÒÅ ÎÅÔ ÓÐÉÓËÁ ÒÁÓÓÙÌËÉ "ends". þÔÏÂÙ ÐÏÌÕÞÉÔØ ÓÐÉÓÏË ÓÐÉÓËÏ× ÒÁÓÓÙÌËÉ ÄÁÎÎÏÇÏ ÓÅÒ×ÅÒÁ, ÏÔÐÒÁ×ØÔÅ ÓÏÏÂÝÅÎÉÅ ÎÁ minimalist@openbsd.ru É ÎÁÐÉÛÉÔÅ × ÐÏÌÅ "Subject" ËÏÍÁÎÄÕ "info" (ÂÅÚ ËÁ×ÙÞÅË). -- Sincerely, the Minimalist To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 29 12: 6:37 2002 Delivered-To: freebsd-security@freebsd.org Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by hub.freebsd.org (Postfix) with ESMTP id 9253F37B404 for ; Wed, 29 May 2002 12:06:33 -0700 (PDT) Received: from madman.nectar.cc (madman.nectar.cc [10.0.1.111]) by gw.nectar.cc (Postfix) with ESMTP id 002E62E for ; Wed, 29 May 2002 14:06:32 -0500 (CDT) Received: from madman.nectar.cc (localhost [IPv6:::1]) by madman.nectar.cc (8.12.3/8.11.6) with ESMTP id g4TJ6Wfo004828 for ; Wed, 29 May 2002 14:06:32 -0500 (CDT) (envelope-from nectar@madman.nectar.cc) Received: (from nectar@localhost) by madman.nectar.cc (8.12.3/8.12.3/Submit) id g4TJ6WiU004827 for freebsd-security@freebsd.org; Wed, 29 May 2002 14:06:32 -0500 (CDT) Date: Wed, 29 May 2002 14:06:32 -0500 From: "Jacques A. Vidrine" To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:27.rc Message-ID: <20020529190632.GC4565@madman.nectar.cc> Mail-Followup-To: "Jacques A. Vidrine" , freebsd-security@freebsd.org References: <200205291636.g4TGaZX40801@freefall.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200205291636.g4TGaZX40801@freefall.freebsd.org> User-Agent: Mutt/1.3.99i X-Url: http://www.nectar.cc/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, May 29, 2002 at 09:36:35AM -0700, FreeBSD Security Advisories wrote: > Announced: XXXX-XX-XX Um, sorry folks! :-) I have corrected the version that goes to the FTP mirrors, and will not likely re-mail this advisory until and unless some other revision is required. Cheers, -- Jacques A. Vidrine http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 29 13:39: 6 2002 Delivered-To: freebsd-security@freebsd.org Received: from rwcrmhc51.attbi.com (rwcrmhc51.attbi.com [204.127.198.38]) by hub.freebsd.org (Postfix) with ESMTP id 4056A37B406 for ; Wed, 29 May 2002 13:38:53 -0700 (PDT) Received: from blossom.cjclark.org ([12.234.91.48]) by rwcrmhc51.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020529203852.PMMH11426.rwcrmhc51.attbi.com@blossom.cjclark.org> for ; Wed, 29 May 2002 20:38:52 +0000 Received: (from cjc@localhost) by blossom.cjclark.org (8.11.6/8.11.6) id g4TKcqv13152 for security@freebsd.org; Wed, 29 May 2002 13:38:52 -0700 (PDT) (envelope-from crist.clark@attbi.com) X-Authentication-Warning: blossom.cjclark.org: cjc set sender to crist.clark@attbi.com using -f Date: Wed, 29 May 2002 13:38:52 -0700 From: "Crist J. Clark" To: security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:27.rc Message-ID: <20020529133852.B12700@blossom.cjclark.org> Reply-To: "Crist J. Clark" References: <200205291636.g4TGaZX40801@freefall.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200205291636.g4TGaZX40801@freefall.freebsd.org>; from security-advisories@FreeBSD.org on Wed, May 29, 2002 at 09:36:35AM -0700 X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, May 29, 2002 at 09:36:35AM -0700, FreeBSD Security Advisories wrote: [snip] > IV. Workaround > > Find and remove or comment-out the following line in /etc/rc: > > rm -f /tmp/.X*-lock /tmp/.X11-unix/* > > The following command executed as root will do this: > > /bin/sh -c 'echo -e "/.X11-unix/s/^/#/\nw\nq\n" | /bin/ed -s /etc/rc' Ick. How about, # /usr/bin/printf "/.X11-unix/s/^/#/\nw\nq\n" | /bin/ed -s /etc/rc Next time? -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 29 14: 3:40 2002 Delivered-To: freebsd-security@freebsd.org Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by hub.freebsd.org (Postfix) with ESMTP id 7B87137B406; Wed, 29 May 2002 14:03:35 -0700 (PDT) Received: from madman.nectar.cc (madman.nectar.cc [10.0.1.111]) by gw.nectar.cc (Postfix) with ESMTP id C264B2E; Wed, 29 May 2002 16:03:34 -0500 (CDT) Received: from madman.nectar.cc (localhost [IPv6:::1]) by madman.nectar.cc (8.12.3/8.11.6) with ESMTP id g4TL3Yfo006672; Wed, 29 May 2002 16:03:34 -0500 (CDT) (envelope-from nectar@madman.nectar.cc) Received: (from nectar@localhost) by madman.nectar.cc (8.12.3/8.12.3/Submit) id g4TL3Yr3006671; Wed, 29 May 2002 16:03:34 -0500 (CDT) Date: Wed, 29 May 2002 16:03:34 -0500 From: "Jacques A. Vidrine" To: "Crist J. Clark" Cc: security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:27.rc Message-ID: <20020529210334.GA5544@madman.nectar.cc> References: <200205291636.g4TGaZX40801@freefall.freebsd.org> <20020529133852.B12700@blossom.cjclark.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020529133852.B12700@blossom.cjclark.org> User-Agent: Mutt/1.3.99i X-Url: http://www.nectar.cc/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, May 29, 2002 at 01:38:52PM -0700, Crist J. Clark wrote: > > /bin/sh -c 'echo -e "/.X11-unix/s/^/#/\nw\nq\n" | /bin/ed -s /etc/rc' > > Ick. How about, > > # /usr/bin/printf "/.X11-unix/s/^/#/\nw\nq\n" | /bin/ed -s /etc/rc > > Next time? *shrug* One could prescribe any number of alternatives to achieve the modification. I chose this way, because /bin/sh and /bin/ed are both statically linked and should always be available on all systems in single user mode. It seems unlikely that this will be an issue for anyone, but hey - you never know. Cheers, -- Jacques A. Vidrine http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 29 15:41:24 2002 Delivered-To: freebsd-security@freebsd.org Received: from rwcrmhc52.attbi.com (rwcrmhc52.attbi.com [216.148.227.88]) by hub.freebsd.org (Postfix) with ESMTP id F257337B406; Wed, 29 May 2002 15:41:17 -0700 (PDT) Received: from blossom.cjclark.org ([12.234.91.48]) by rwcrmhc52.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020529224117.TIYR2751.rwcrmhc52.attbi.com@blossom.cjclark.org>; Wed, 29 May 2002 22:41:17 +0000 Received: (from cjc@localhost) by blossom.cjclark.org (8.11.6/8.11.6) id g4TMfDG13550; Wed, 29 May 2002 15:41:13 -0700 (PDT) (envelope-from crist.clark@attbi.com) X-Authentication-Warning: blossom.cjclark.org: cjc set sender to crist.clark@attbi.com using -f Date: Wed, 29 May 2002 15:41:13 -0700 From: "Crist J. Clark" To: "Jacques A. Vidrine" Cc: security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:27.rc Message-ID: <20020529154113.D12700@blossom.cjclark.org> Reply-To: cjclark@alum.mit.edu References: <200205291636.g4TGaZX40801@freefall.freebsd.org> <20020529133852.B12700@blossom.cjclark.org> <20020529210334.GA5544@madman.nectar.cc> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020529210334.GA5544@madman.nectar.cc>; from nectar@freebsd.org on Wed, May 29, 2002 at 04:03:34PM -0500 X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, May 29, 2002 at 04:03:34PM -0500, Jacques A. Vidrine wrote: > On Wed, May 29, 2002 at 01:38:52PM -0700, Crist J. Clark wrote: > > > /bin/sh -c 'echo -e "/.X11-unix/s/^/#/\nw\nq\n" | /bin/ed -s /etc/rc' > > > > Ick. How about, > > > > # /usr/bin/printf "/.X11-unix/s/^/#/\nw\nq\n" | /bin/ed -s /etc/rc > > > > Next time? > > *shrug* One could prescribe any number of alternatives to achieve the > modification. I chose this way, because /bin/sh and /bin/ed are both > statically linked and should always be available on all systems in > single user mode. It seems unlikely that this will be an issue for > anyone, but hey - you never know. I guess I should have explained my concern more. I'm thinking some l33t kid out there is going to look at that and say, "I can just do, # echo -e "/.X11-unix/s/^/#/\nw\nq\n" | /bin/ed -s /etc/rc And not have to worry about all of that /bin/sh stuff at the front..." and thus outsmart himself. He wouldn't realize you are counting on features of the echo builtin in sh(1) and not /bin/echo or the csh(1) echo builtin. The above commands don't work as desired for a non-sh(1)-ish shell. I'm curious to see how many posts to the list might appear as people do just that. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 29 16:54:41 2002 Delivered-To: freebsd-security@freebsd.org Received: from obsecurity.dyndns.org (adsl-64-169-107-187.dsl.lsan03.pacbell.net [64.169.107.187]) by hub.freebsd.org (Postfix) with ESMTP id 92A6C37B417; Wed, 29 May 2002 16:54:33 -0700 (PDT) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 1F6B466B8B; Wed, 29 May 2002 16:54:33 -0700 (PDT) Date: Wed, 29 May 2002 16:54:32 -0700 From: Kris Kennaway To: cjclark@alum.mit.edu Cc: "Jacques A. Vidrine" , security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:27.rc Message-ID: <20020529165432.A8595@xor.obsecurity.org> References: <200205291636.g4TGaZX40801@freefall.freebsd.org> <20020529133852.B12700@blossom.cjclark.org> <20020529210334.GA5544@madman.nectar.cc> <20020529154113.D12700@blossom.cjclark.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="/9DWx/yDrRhgMJTb" Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020529154113.D12700@blossom.cjclark.org>; from crist.clark@attbi.com on Wed, May 29, 2002 at 03:41:13PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --/9DWx/yDrRhgMJTb Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, May 29, 2002 at 03:41:13PM -0700, Crist J. Clark wrote: > On Wed, May 29, 2002 at 04:03:34PM -0500, Jacques A. Vidrine wrote: > > On Wed, May 29, 2002 at 01:38:52PM -0700, Crist J. Clark wrote: > > > > /bin/sh -c 'echo -e "/.X11-unix/s/^/#/\nw\nq\n" | /bin/ed -s /et= c/rc' > > >=20 > > > Ick. How about, > > >=20 > > > # /usr/bin/printf "/.X11-unix/s/^/#/\nw\nq\n" | /bin/ed -s /etc/rc > > >=20 > > > Next time? > >=20 > > *shrug* One could prescribe any number of alternatives to achieve the > > modification. I chose this way, because /bin/sh and /bin/ed are both > > statically linked and should always be available on all systems in > > single user mode. It seems unlikely that this will be an issue for > > anyone, but hey - you never know. >=20 > I guess I should have explained my concern more. I'm thinking some > l33t kid out there is going to look at that and say, "I can just do, >=20 > # echo -e "/.X11-unix/s/^/#/\nw\nq\n" | /bin/ed -s /etc/rc >=20 > And not have to worry about all of that /bin/sh stuff at the front..." > and thus outsmart himself. If people are too stupid^Welite to follow directions they deserve what they get. Kris --/9DWx/yDrRhgMJTb Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE89Wo4Wry0BWjoQKURApFdAJ9PPtbAQRJmW06N1YpicfWjVW6nIwCgtAwQ oL4cqEDVJIFmmJcBM2atjl4= =bg0n -----END PGP SIGNATURE----- --/9DWx/yDrRhgMJTb-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 29 20:10: 0 2002 Delivered-To: freebsd-security@freebsd.org Received: from MCSMTP2.MC.VANDERBILT.EDU (mcsmtp2.mc.Vanderbilt.Edu [160.129.50.78]) by hub.freebsd.org (Postfix) with ESMTP id EF6A237B401 for ; Wed, 29 May 2002 20:09:52 -0700 (PDT) Subject: ipfw issue with nmap false alarms To: freebsd-security@freebsd.org X-Mailer: Lotus Notes Release 5.0.6a January 17, 2001 Message-ID: From: George.Giles@mcmail.vanderbilt.edu Date: Wed, 29 May 2002 22:06:13 -0500 X-MIMETrack: Serialize by Router on MCSMTP2.MC.vanderbilt.edu/VUMC/Vanderbilt(Release 5.0.6a |January 17, 2001) at 05/29/2002 09:57:21 PM MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org nmap reports as expected when scanning the actual ip address, but when run against localhost various open ports show up. Any ideas ? Starting nmap V. 2.54BETA29 ( www.insecure.org/nmap/ ) Interesting ports on localhost (127.0.0.1): (The 1540 ports scanned but not shown below are in state: closed) Port State Service 21/tcp open ftp 22/tcp open ssh 53/tcp open domain 80/tcp open http 443/tcp open https 1669/tcp open netview-aix-9 Nmap run completed -- 1 IP address (1 host up) scanned in 9 seconds bash-2.05$ nmap localhost Starting nmap V. 2.54BETA29 ( www.insecure.org/nmap/ ) Interesting ports on localhost (127.0.0.1): (The 1540 ports scanned but not shown below are in state: closed) Port State Service 21/tcp open ftp 22/tcp open ssh 53/tcp open domain 80/tcp open http 443/tcp open https 2044/tcp open rimsl Nmap run completed -- 1 IP address (1 host up) scanned in 9 seconds bash-2.05$ nmap localhost Starting nmap V. 2.54BETA29 ( www.insecure.org/nmap/ ) Interesting ports on localhost (127.0.0.1): (The 1539 ports scanned but not shown below are in state: closed) Port State Service 21/tcp open ftp 22/tcp open ssh 53/tcp open domain 80/tcp open http 443/tcp open https 2003/tcp open cfingerd 3306/tcp open mysql To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 29 20:30:47 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.visp.co.nz (mail.visp.co.nz [210.55.24.20]) by hub.freebsd.org (Postfix) with ESMTP id D59AC37B408 for ; Wed, 29 May 2002 20:30:13 -0700 (PDT) Received: from visp (visp-adsl3-168.visp.co.nz [210.54.168.3] (may be forged)) by mail.visp.co.nz (8.11.1/8.11.1) with SMTP id g4U3TnR39617; Thu, 30 May 2002 15:29:51 +1200 (NZST) From: "Brett Moore" To: , Subject: RE: ipfw issue with nmap false alarms Date: Thu, 30 May 2002 15:27:36 +1200 Message-ID: <000001c20789$f19ff060$6301a8c0@visp> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 Importance: Normal In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Others may correct me if I am wrong here. I have had the same 'problem'. I was told/read that nmap may sometimes report the port that it is using as open when run against localhost. Try 2.54BETA34 its for d/l at the site. Brett > -----Original Message----- > From: owner-freebsd-security@FreeBSD.ORG > [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of > George.Giles@mcmail.vanderbilt.edu > Sent: Thursday, 30 May 2002 15:06 > To: freebsd-security@FreeBSD.ORG > Subject: ipfw issue with nmap false alarms > > > nmap reports as expected when scanning the actual ip address, but when run > against localhost various open ports show up. > > Any ideas ? > > Starting nmap V. 2.54BETA29 ( www.insecure.org/nmap/ ) > Interesting ports on localhost (127.0.0.1): > (The 1540 ports scanned but not shown below are in state: closed) > Port State Service > 21/tcp open ftp > 22/tcp open ssh > 53/tcp open domain > 80/tcp open http > 443/tcp open https > 1669/tcp open netview-aix-9 > > Nmap run completed -- 1 IP address (1 host up) scanned in 9 seconds > bash-2.05$ nmap localhost > > Starting nmap V. 2.54BETA29 ( www.insecure.org/nmap/ ) > Interesting ports on localhost (127.0.0.1): > (The 1540 ports scanned but not shown below are in state: closed) > Port State Service > 21/tcp open ftp > 22/tcp open ssh > 53/tcp open domain > 80/tcp open http > 443/tcp open https > 2044/tcp open rimsl > > > Nmap run completed -- 1 IP address (1 host up) scanned in 9 seconds > bash-2.05$ nmap localhost > > Starting nmap V. 2.54BETA29 ( www.insecure.org/nmap/ ) > Interesting ports on localhost (127.0.0.1): > (The 1539 ports scanned but not shown below are in state: closed) > Port State Service > 21/tcp open ftp > 22/tcp open ssh > 53/tcp open domain > 80/tcp open http > 443/tcp open https > 2003/tcp open cfingerd > 3306/tcp open mysql > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 29 21:25:52 2002 Delivered-To: freebsd-security@freebsd.org Received: from big.innet.yaroslavl.su (big.innet.yaroslavl.su [217.15.134.73]) by hub.freebsd.org (Postfix) with ESMTP id CA29F37B401 for ; Wed, 29 May 2002 21:25:46 -0700 (PDT) Received: from news.innet.yaroslavl.su (news.innet.yaroslavl.su [217.15.134.69]) by big.innet.yaroslavl.su (8.9.3/8.9.3) with ESMTP id IAA15585 for ; Thu, 30 May 2002 08:25:44 +0400 (MSD) Received: from mail.yartelecom.ru (mail.yartelecom.ru [10.5.255.3]) by news.innet.yaroslavl.su (8.9.3/8.9.3) with ESMTP id IAA40675 for ; Thu, 30 May 2002 08:25:44 +0400 (MSD) Received: (from root@localhost) by mail.yartelecom.ru (8.11.6/8.11.6) id g4U4PiB28149 for freebsd-security@FreeBSD.ORG; Thu, 30 May 2002 08:25:44 +0400 (MSD) Received: from itserv.it.yartelecom.ru (itserv.it.yartelecom.ru [10.3.8.144]) by mail.yartelecom.ru (8.11.6/8.11.6) with ESMTP id g4U4Ph628139 for ; Thu, 30 May 2002 08:25:44 +0400 (MSD) Received: by itserv.it.yartelecom.ru (Postfix, from userid 100) id EB8E07B0; Thu, 30 May 2002 08:27:01 +0400 (MSD) Date: Thu, 30 May 2002 08:27:01 +0400 From: "Alexander E. Syasin" To: freebsd-security@FreeBSD.ORG Subject: dmesg message Message-ID: <20020530082701.B4997@it.yartelecom.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Dear all, --------------------------------- root@itserv:~# uname -a FreeBSD xxxxxxx.xx.xxxxxxxxxx.ru 4.5-RELEASE FreeBSD 4.5-RELEASE #0: Mon May 27 15:42:51 MSD 2002 sae@xxxxxxx.xx.xxxxxxxxxx.ru:/usr/src/sys/compile/xxxxxxx i386 root@itserv:~# dmesg .... error: module compiled without SMP support netsmb_dev: unloaded module_register_init: MOD_LOAD (dev_netsmb, c102fa40, 0) error 1 error: module compiled without SMP support ------------------------------------ that not correct? how correct? Thanks and regards. -- e-mail: sae@it.yartelecom.ru ICQ: 152826071 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 29 22:34: 1 2002 Delivered-To: freebsd-security@freebsd.org Received: from smtp.comcast.net (smtp.comcast.net [24.153.64.2]) by hub.freebsd.org (Postfix) with ESMTP id BA26A37B400 for ; Wed, 29 May 2002 22:33:54 -0700 (PDT) Received: from logical (pcp01940901pcs.hlcrs201.al.comcast.net [68.63.4.45]) by mtaout02.icomcast.net (iPlanet Messaging Server 5.1 HotFix 0.8 (built May 13 2002)) with SMTP id <0GWW008EKSSHIV@mtaout02.icomcast.net> for freebsd-security@FreeBSD.ORG; Thu, 30 May 2002 01:33:54 -0400 (EDT) Date: Thu, 30 May 2002 00:33:53 -0500 From: nathan skains Subject: Nmap /w snort To: freebsd-security@FreeBSD.ORG Message-id: <006101c2079b$96528170$0200a8c0@logical> MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Mailer: Microsoft Outlook Express 6.00.2600.0000 Content-type: text/plain; charset=iso-8859-1 Content-transfer-encoding: 7BIT X-Priority: 3 X-MSMail-priority: Normal References: <000001c20789$f19ff060$6301a8c0@visp> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org i am having a similar problem earlier today i did a scan on my system and go the following results. later i ran another scan and got another weird port open, i am concerned with a comprimise. Starting nmap V. 2.54BETA34 ( www.insecure.org/nmap/ ) Interesting ports on (192.168.0.5): (The 1545 ports scanned but not shown below are in state: closed) Port State Service 21/tcp open ftp 22/tcp open ssh 25/tcp open smtp 80/tcp open http 110/tcp open pop-3 113/tcp open auth 587/tcp open submission 1492/tcp open stone-design-1 << concern about this port being open 3306/tcp open mysql 6667/tcp open irc 6668/tcp open irc when i try an nmap as root i get this error Starting nmap V. 2.54BETA34 ( www.insecure.org/nmap/ ) pcap_open_live: (no devices found) /dev/bpf4: No such file or directory There are several possible reasons for this, depending on your operating system: LINUX: If you are getting Socket type not supported, try modprobe af_packet or recompile your kernel with SOCK_PACKET enabled. *BSD: If you are getting device not configured, you need to recompile your kernel with Berkeley Packet Filter support. If you are getting No such file or directory, try creating the device (eg cd /dev; MAKEDEV ; or use mknod). SOLARIS: If you are trying to scan localhost and getting '/dev/lo0: No such file or directory', complain to Sun. I don't think Solaris can support advanced localhost scans. You can probably use "-P0 -sT localhost" though. but if i throw options in like -P0 -sT it works go figure. any ideas would be greatly appreicated. Nathan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 30 0:11:27 2002 Delivered-To: freebsd-security@freebsd.org Received: from chaos.evolve.za.net (chaos.evolve.za.net [196.34.172.107]) by hub.freebsd.org (Postfix) with ESMTP id B293537B401 for ; Thu, 30 May 2002 00:11:09 -0700 (PDT) Received: from amavis by chaos.evolve.za.net with scanned-ok (Exim 3.34 #1) id 17DK5F-0007JY-00 for freebsd-security@FreeBSD.ORG; Thu, 30 May 2002 09:10:53 +0200 Received: from [192.168.0.56] (helo=DAVE) by chaos.evolve.za.net with smtp (Exim 3.34 #1) id 17DK5E-0007JB-00; Thu, 30 May 2002 09:10:52 +0200 Message-ID: <009001c207a9$454c7020$3800a8c0@DAVE> From: "Dave Raven" To: , References: <000001c20789$f19ff060$6301a8c0@visp> Subject: Re: ipfw issue with nmap false alarms Date: Thu, 30 May 2002 09:11:49 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Virus-Scanned: by Opteq - www.optec.co.za Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org That is the problem, your scanning localhost. rather scan an external card. --Dave. ----- Original Message ----- From: "Brett Moore" To: ; Sent: Thursday, May 30, 2002 5:27 AM Subject: RE: ipfw issue with nmap false alarms > Others may correct me if I am wrong here. > > I have had the same 'problem'. I was told/read that nmap may sometimes > report the port that it is using as open when run against localhost. > > Try 2.54BETA34 its for d/l at the site. > > Brett > > > > -----Original Message----- > > From: owner-freebsd-security@FreeBSD.ORG > > [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of > > George.Giles@mcmail.vanderbilt.edu > > Sent: Thursday, 30 May 2002 15:06 > > To: freebsd-security@FreeBSD.ORG > > Subject: ipfw issue with nmap false alarms > > > > > > nmap reports as expected when scanning the actual ip address, but when run > > against localhost various open ports show up. > > > > Any ideas ? > > > > Starting nmap V. 2.54BETA29 ( www.insecure.org/nmap/ ) > > Interesting ports on localhost (127.0.0.1): > > (The 1540 ports scanned but not shown below are in state: closed) > > Port State Service > > 21/tcp open ftp > > 22/tcp open ssh > > 53/tcp open domain > > 80/tcp open http > > 443/tcp open https > > 1669/tcp open netview-aix-9 > > > > Nmap run completed -- 1 IP address (1 host up) scanned in 9 seconds > > bash-2.05$ nmap localhost > > > > Starting nmap V. 2.54BETA29 ( www.insecure.org/nmap/ ) > > Interesting ports on localhost (127.0.0.1): > > (The 1540 ports scanned but not shown below are in state: closed) > > Port State Service > > 21/tcp open ftp > > 22/tcp open ssh > > 53/tcp open domain > > 80/tcp open http > > 443/tcp open https > > 2044/tcp open rimsl > > > > > > Nmap run completed -- 1 IP address (1 host up) scanned in 9 seconds > > bash-2.05$ nmap localhost > > > > Starting nmap V. 2.54BETA29 ( www.insecure.org/nmap/ ) > > Interesting ports on localhost (127.0.0.1): > > (The 1539 ports scanned but not shown below are in state: closed) > > Port State Service > > 21/tcp open ftp > > 22/tcp open ssh > > 53/tcp open domain > > 80/tcp open http > > 443/tcp open https > > 2003/tcp open cfingerd > > 3306/tcp open mysql > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 30 0:19:57 2002 Delivered-To: freebsd-security@freebsd.org Received: from chaos.evolve.za.net (chaos.evolve.za.net [196.34.172.107]) by hub.freebsd.org (Postfix) with ESMTP id 221C437B400 for ; Thu, 30 May 2002 00:19:39 -0700 (PDT) Received: from amavis by chaos.evolve.za.net with scanned-ok (Exim 3.34 #1) id 17DKDf-0007Oq-00 for freebsd-security@FreeBSD.ORG; Thu, 30 May 2002 09:19:35 +0200 Received: from [192.168.0.56] (helo=DAVE) by chaos.evolve.za.net with smtp (Exim 3.34 #1) id 17DKDd-0007OT-00; Thu, 30 May 2002 09:19:34 +0200 Message-ID: <009801c207aa$7c4003c0$3800a8c0@DAVE> From: "Dave Raven" To: "nathan skains" , References: <000001c20789$f19ff060$6301a8c0@visp> <006101c2079b$96528170$0200a8c0@logical> Subject: Re: Nmap /w snort Date: Thu, 30 May 2002 09:20:31 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Virus-Scanned: by Opteq - www.optec.co.za Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org is 192.168.0.5 the box? That might be the problem, scanning yourself is no good. Fix the nmap problem by making more bpf devices. cd /dev/ && sh ./MAKEDEV bpf4 bpf5 bpf6 Does that port change? Or always stay the same? check sockstat. check netstat. --Dave. ----- Original Message ----- From: "nathan skains" To: Sent: Thursday, May 30, 2002 7:33 AM Subject: Nmap /w snort > i am having a similar problem earlier today i did a scan on my system and go > the following results. later i ran another scan and got another weird port > open, i am concerned with a comprimise. > Starting nmap V. 2.54BETA34 ( www.insecure.org/nmap/ ) > > Interesting ports on (192.168.0.5): > > (The 1545 ports scanned but not shown below are in state: closed) > > Port State Service > > 21/tcp open ftp > > 22/tcp open ssh > > 25/tcp open smtp > > 80/tcp open http > > 110/tcp open pop-3 > > 113/tcp open auth > > 587/tcp open submission > > 1492/tcp open stone-design-1 << concern about this port being open > > 3306/tcp open mysql > > 6667/tcp open irc > > 6668/tcp open irc > > when i try an nmap as root i get this error > > Starting nmap V. 2.54BETA34 ( www.insecure.org/nmap/ ) > pcap_open_live: (no devices found) /dev/bpf4: No such file or directory > There are several possible reasons for this, depending on your operating > system: > LINUX: If you are getting Socket type not supported, try modprobe af_packet > or recompile your kernel with SOCK_PACKET enabled. > *BSD: If you are getting device not configured, you need to recompile your > kernel with Berkeley Packet Filter support. If you are getting No such file > or directory, try creating the device (eg cd /dev; MAKEDEV ; or use > mknod). > SOLARIS: If you are trying to scan localhost and getting '/dev/lo0: No such > file or directory', complain to Sun. I don't think Solaris can support > advanced localhost scans. You can probably use "-P0 -sT localhost" though. > > but if i throw options in like -P0 -sT it works go figure. > any ideas would be greatly appreicated. > > Nathan > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 30 0:43:26 2002 Delivered-To: freebsd-security@freebsd.org Received: from smtp.comcast.net (smtp.comcast.net [24.153.64.2]) by hub.freebsd.org (Postfix) with ESMTP id F30D337B40A for ; Thu, 30 May 2002 00:43:20 -0700 (PDT) Received: from logical (pcp01940901pcs.hlcrs201.al.comcast.net [68.63.4.45]) by mtaout03.icomcast.net (iPlanet Messaging Server 5.1 HotFix 0.8 (built May 13 2002)) with SMTP id <0GWW008M2YQWSO@mtaout03.icomcast.net> for freebsd-security@FreeBSD.ORG; Thu, 30 May 2002 03:42:32 -0400 (EDT) Date: Thu, 30 May 2002 02:42:32 -0500 From: nathan skains Subject: re: Nmap/Snort To: freebsd-security@FreeBSD.ORG Message-id: <000f01c207ad$8f215c20$0200a8c0@logical> MIME-version: 1.0 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Mailer: Microsoft Outlook Express 6.00.2600.0000 Content-type: multipart/alternative; boundary="Boundary_(ID_Ba4Bw28hJYY1kKRgB21wKw)" X-Priority: 3 X-MSMail-priority: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multi-part message in MIME format. --Boundary_(ID_Ba4Bw28hJYY1kKRgB21wKw) Content-type: text/plain; charset=iso-8859-1 Content-transfer-encoding: 7BIT yep i am scanning my self via root. the port that was up on the first scan then i scan again seconds later and it was gone. not really sure. but i am also concern about these ports 113/tcp open auth 587/tcp open submission any way to close them... I am still in the learning process of freebsd so i have search google and have not found anything about these ports Thanks Nate --Boundary_(ID_Ba4Bw28hJYY1kKRgB21wKw) Content-type: text/html; charset=iso-8859-1 Content-transfer-encoding: 7BIT
 yep i am scanning my self via root. the port that was up on the first scan
 then i scan again seconds later and it was gone.
 not really sure. but i am also concern about these ports
 113/tcp open auth
 587/tcp open submission
 
any way to close them... I am still in the learning process of freebsd so i
 have search google and have not found anything about these ports
 Thanks
 Nate
--Boundary_(ID_Ba4Bw28hJYY1kKRgB21wKw)-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 30 1:23:13 2002 Delivered-To: freebsd-security@freebsd.org Received: from obsecurity.dyndns.org (adsl-64-169-107-187.dsl.lsan03.pacbell.net [64.169.107.187]) by hub.freebsd.org (Postfix) with ESMTP id D13FB37B409 for ; Thu, 30 May 2002 01:23:04 -0700 (PDT) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id C88E666B8B; Thu, 30 May 2002 01:22:46 -0700 (PDT) Date: Thu, 30 May 2002 01:22:45 -0700 From: Kris Kennaway To: nathan skains Cc: freebsd-security@FreeBSD.ORG Subject: Re: Nmap/Snort Message-ID: <20020530012244.B18923@xor.obsecurity.org> References: <000f01c207ad$8f215c20$0200a8c0@logical> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="wzJLGUyc3ArbnUjN" Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <000f01c207ad$8f215c20$0200a8c0@logical>; from nskains@comcast.net on Thu, May 30, 2002 at 02:42:32AM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --wzJLGUyc3ArbnUjN Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Thu, May 30, 2002 at 02:42:32AM -0500, nathan skains wrote: > yep i am scanning my self via root. the port that was up on the first scan > then i scan again seconds later and it was gone. This is a FAQ, and it's already been answered in an earlier message. > not really sure. but i am also concern about these ports > 113/tcp open auth > 587/tcp open submission sockstat shows you which process owns sockets. In this case it's inetd's builting auth service, and sendmail. Kris --wzJLGUyc3ArbnUjN Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE89eFTWry0BWjoQKURAoGsAKDJZxM+6k65vYPyCtlNFCiw67gGtACg6K/s mt5UCNfaftx46gSe7fFipOE= =X6ZK -----END PGP SIGNATURE----- --wzJLGUyc3ArbnUjN-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 30 1:36:16 2002 Delivered-To: freebsd-security@freebsd.org Received: from I-Sphere.COM (shell.i-sphere.com [209.249.146.70]) by hub.freebsd.org (Postfix) with ESMTP id 011C037B406 for ; Thu, 30 May 2002 01:36:09 -0700 (PDT) Received: (from fasty@localhost) by I-Sphere.COM (8.11.6/8.11.6) id g4U8ci833245 for freebsd-security@FreeBSD.ORG; Thu, 30 May 2002 01:38:44 -0700 (PDT) (envelope-from fasty) Date: Thu, 30 May 2002 01:38:44 -0700 From: faSty To: freebsd-security@FreeBSD.ORG Subject: Re: Nmap/Snort Message-ID: <20020530013844.A33199@i-sphere.com> Mail-Followup-To: faSty , freebsd-security@FreeBSD.ORG References: <000f01c207ad$8f215c20$0200a8c0@logical> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <000f01c207ad$8f215c20$0200a8c0@logical>; from nskains@comcast.net on Thu, May 30, 2002 at 02:42:32AM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org 113 port is identd usually for IRC or some reason. 587 is for sendmail's submission -trev On Thu, May 30, 2002 at 02:42:32AM -0500, nathan skains wrote: > yep i am scanning my self via root. the port that was up on the first scan > then i scan again seconds later and it was gone. > not really sure. but i am also concern about these ports > 113/tcp open auth > 587/tcp open submission > > any way to close them... I am still in the learning process of freebsd so i > have search google and have not found anything about these ports > Thanks > Nate -- Vail's Second Axiom: The amount of work to be done increases in proportion to the amount of work already completed. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 30 1:47:45 2002 Delivered-To: freebsd-security@freebsd.org Received: from n010095.nbs.netland.nl (fw-office.netland.nl [217.170.32.40]) by hub.freebsd.org (Postfix) with ESMTP id CA85537B405 for ; Thu, 30 May 2002 01:47:41 -0700 (PDT) Received: from wiersma.be (bridge.office.netland.nl [192.168.170.29]) by n010095.nbs.netland.nl (8.11.0/8.11.0) with ESMTP id g4U8le703550 for ; Thu, 30 May 2002 10:47:40 +0200 Message-ID: <3CF5E712.30005@wiersma.be> Date: Thu, 30 May 2002 10:47:14 +0200 From: Wijnand User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.0rc2) Gecko/20020515 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: ipv6 in a jail Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I'm learning/testing ipv6 at the moment, and I want to create a ipv6 server only. I'm trying to set it all up in a jail, but that doesn't seem to be possible. Is it even possible to use ipv6 in a jail? And if yes, how? Thanks, Wijnand To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 30 3: 0:54 2002 Delivered-To: freebsd-security@freebsd.org Received: from server1.newzealandhosting.com (juicyhoes.com [64.49.223.235]) by hub.freebsd.org (Postfix) with ESMTP id 57DB037B400 for ; Thu, 30 May 2002 03:00:51 -0700 (PDT) Received: from bigfoot (c16468.kelvn1.qld.optusnet.com.au [210.49.46.87]) by server1.newzealandhosting.com (Postfix) with ESMTP id 4CFC91084D5 for ; Thu, 30 May 2002 00:00:46 -0500 (CDT) Message-ID: <200205302010280086.0615F70C@zorgco.com> In-Reply-To: <20020530013844.A33199@i-sphere.com> References: <000f01c207ad$8f215c20$0200a8c0@logical> <20020530013844.A33199@i-sphere.com> X-Mailer: Calypso Version 3.30.00.00 (4) Date: Thu, 30 May 2002 20:10:28 +1000 From: "Chris" To: freebsd-security@freebsd.org Subject: Re: Nmap/Snort Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Just as a side note, for people looking to find out about certain ports and= their functions, there is quite a comprehensive tcp/udp port listing at= http://www.iana.org/assignments/port-numbers ------------------------------------------------------------------- On 30/05/2002 at 1:38 AM faSty wrote: >113 port is identd usually for IRC or some reason. > >587 is for sendmail's submission > >-trev > >On Thu, May 30, 2002 at 02:42:32AM -0500, nathan skains wrote: >> yep i am scanning my self via root. the port that was up on the first >scan >> then i scan again seconds later and it was gone. >> not really sure. but i am also concern about these ports >> 113/tcp open auth >> 587/tcp open submission >> >> any way to close them... I am still in the learning process of freebsd >so i >> have search google and have not found anything about these ports >> Thanks >> Nate > >-- >Vail's Second Axiom: > The amount of work to be done increases in proportion to the >amount of work already completed. > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message Chris Zorg Enterprises To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 30 3:15:30 2002 Delivered-To: freebsd-security@freebsd.org Received: from hitit.bimel.com.tr (hitit.bimel.com.tr [212.175.97.140]) by hub.freebsd.org (Postfix) with ESMTP id 1EF4E37B401 for ; Thu, 30 May 2002 03:15:20 -0700 (PDT) Received: (from root@localhost) by hitit.bimel.com.tr (8.11.6/8.11.6) id g4UAGMN87747 for freebsd-security@freebsd.org; Thu, 30 May 2002 13:16:22 +0300 (EEST) (envelope-from simsek@bimel.com.tr) Received: from localhost (simsek@localhost) by hitit.bimel.com.tr (8.11.6/8.11.6av) with ESMTP id g4UAGLg87737 for ; Thu, 30 May 2002 13:16:22 +0300 (EEST) (envelope-from simsek@bimel.com.tr) X-Authentication-Warning: hitit.bimel.com.tr: simsek owned process doing -bs Date: Thu, 30 May 2002 13:16:21 +0300 (EEST) From: Baris Simsek To: freebsd-security@freebsd.org Subject: unsubscribe freebsd-security simsek@hitit.bimel.com.tr Message-ID: <20020530131547.W87683-100000@hitit.bimel.com.tr> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by AMaViS perl-11 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org unsubscribe freebsd-security simsek@hitit.bimel.com.tr To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 30 4: 8:50 2002 Delivered-To: freebsd-security@freebsd.org Received: from castle.jp.FreeBSD.org (castle.jp.FreeBSD.org [210.226.20.15]) by hub.freebsd.org (Postfix) with ESMTP id 677F837B405 for ; Thu, 30 May 2002 04:08:45 -0700 (PDT) Received: from localhost (localhost [::1]) by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) with ESMTP/inet6 id g4UB8Zv78947; Thu, 30 May 2002 20:08:35 +0900 (JST) (envelope-from matusita@jp.FreeBSD.org) Cc: security@FreeBSD.org In-Reply-To: <3CF5E712.30005@wiersma.be> References: <3CF5E712.30005@wiersma.be> X-User-Agent: Mew/1.94.2 XEmacs/21.5 (bamboo) X-FaceAnim: (-O_O-)(O_O- )(_O- )(O- )(- -)( -O)( -O_)( -O_O)(-O_O-) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Dispatcher: imput version 20000228(IM140) Lines: 7 From: Makoto Matsushita To: freebsd@wiersma.be Subject: Re: ipv6 in a jail Date: Thu, 30 May 2002 20:08:32 +0900 Message-Id: <20020530200832G.matusita@jp.FreeBSD.org> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org freebsd> Is it even possible to use ipv6 in a jail? No. jail accepts only an IPv4 address for its interface address. -- - Makoto `MAR' Matsushita To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 30 5:10:56 2002 Delivered-To: freebsd-security@freebsd.org Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by hub.freebsd.org (Postfix) with ESMTP id ADE4537B400 for ; Thu, 30 May 2002 05:10:51 -0700 (PDT) Received: from madman.nectar.cc (madman.nectar.cc [10.0.1.111]) by gw.nectar.cc (Postfix) with ESMTP id 56A9545; Thu, 30 May 2002 07:10:51 -0500 (CDT) Received: from madman.nectar.cc (localhost [IPv6:::1]) by madman.nectar.cc (8.12.3/8.11.6) with ESMTP id g4UCApfo081291; Thu, 30 May 2002 07:10:51 -0500 (CDT) (envelope-from nectar@madman.nectar.cc) Received: (from nectar@localhost) by madman.nectar.cc (8.12.3/8.12.3/Submit) id g4UCAofo081290; Thu, 30 May 2002 07:10:50 -0500 (CDT) Date: Thu, 30 May 2002 07:10:50 -0500 From: "Jacques A. Vidrine" To: cjclark@alum.mit.edu Cc: security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:27.rc Message-ID: <20020530121050.GB81267@madman.nectar.cc> References: <200205291636.g4TGaZX40801@freefall.freebsd.org> <20020529133852.B12700@blossom.cjclark.org> <20020529210334.GA5544@madman.nectar.cc> <20020529154113.D12700@blossom.cjclark.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020529154113.D12700@blossom.cjclark.org> User-Agent: Mutt/1.3.99i X-Url: http://www.nectar.cc/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, May 29, 2002 at 03:41:13PM -0700, Crist J. Clark wrote: > I guess I should have explained my concern more. I'm thinking some > l33t kid out there is going to look at that and say, "I can just do, > > # echo -e "/.X11-unix/s/^/#/\nw\nq\n" | /bin/ed -s /etc/rc > > And not have to worry about all of that /bin/sh stuff at the front..." > and thus outsmart himself. He wouldn't realize you are counting on > features of the echo builtin in sh(1) and not /bin/echo or the csh(1) > echo builtin. The above commands don't work as desired for a > non-sh(1)-ish shell. > > I'm curious to see how many posts to the list might appear as people > do just that. The same logic could be applied to patches, with absurd results. You are describing an administrator who knows just enough to be dangerous. We can't help him. We aim to provide directions in advisories that are as cut-n-paste as possible. Cheers, -- Jacques A. Vidrine http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 30 6:35:12 2002 Delivered-To: freebsd-security@freebsd.org Received: from mile.nevermind.kiev.ua (office.netstyle.com.ua [213.186.199.26]) by hub.freebsd.org (Postfix) with ESMTP id BA05837B400 for ; Thu, 30 May 2002 06:35:04 -0700 (PDT) Received: from mile.nevermind.kiev.ua (never@localhost [127.0.0.1]) by mile.nevermind.kiev.ua (8.12.3/8.12.3) with ESMTP id g4UDYTj3013222 for ; Thu, 30 May 2002 16:34:52 +0300 (EEST) (envelope-from never@mile.nevermind.kiev.ua) Received: (from never@localhost) by mile.nevermind.kiev.ua (8.12.3/8.12.3/Submit) id g4UDYT21013221 for freebsd-security@FreeBSD.ORG; Thu, 30 May 2002 16:34:29 +0300 (EEST) Date: Thu, 30 May 2002 16:34:29 +0300 From: Alexandr Kovalenko To: FreeBSD Security Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:27.rc Message-ID: <20020530133429.GA86256@nevermind.kiev.ua> References: <200205291636.g4TGaZX40801@freefall.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <200205291636.g4TGaZX40801@freefall.freebsd.org> User-Agent: Mutt/1.3.99i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello, FreeBSD Security Advisories! On Wed, May 29, 2002 at 09:36:35AM -0700, you wrote: > ============================================================================= > FreeBSD-SA-02:27.rc Security Advisory > The FreeBSD Project > > Topic: rc uses file globbing dangerously [snip] > I. Background > > rc is the system startup script (/etc/rc). It is run when the FreeBSD > is booted multi-user, and performs a multitude of tasks to bring the > system up. One of these tasks is to remove lock files left by X > Windows, as their existence could prevent one from restarting the X > Windows server. Please, read man 7 X, and see, that X is called "X Window", not "X Windows". -- NEVE-RIPE To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 30 6:38:58 2002 Delivered-To: freebsd-security@freebsd.org Received: from imation.homenetweb.com (noc-p5-3-ky-4.homenetweb.com [216.7.67.90]) by hub.freebsd.org (Postfix) with ESMTP id 202CA37B408 for ; Thu, 30 May 2002 06:38:52 -0700 (PDT) Received: from workstation (d2i-dialin-92.kl.terranova.net [216.89.230.92]) by imation.homenetweb.com (8.12.3/8.12.3) with SMTP id g4UDcf4j017836; Thu, 30 May 2002 09:38:42 -0400 (EDT) Message-ID: <000a01c207df$59b08fc0$5ce659d8@workstation> From: "Richard Ward" To: "Alexandr Kovalenko" , "FreeBSD Security" References: <200205291636.g4TGaZX40801@freefall.freebsd.org> <20020530133429.GA86256@nevermind.kiev.ua> Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:27.rc Date: Thu, 30 May 2002 09:38:50 -0400 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Must we really nit-pick about this? Be thankful that the advisory reached you in a timely manor and move on. -- Richard Ward, Founder. http://www.greyhat.org Grey Hat Consortium -- Intelligent Internet Security. ----- Original Message ----- From: "Alexandr Kovalenko" To: "FreeBSD Security" Sent: Thursday, May 30, 2002 9:34 AM Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:27.rc > Hello, FreeBSD Security Advisories! > > On Wed, May 29, 2002 at 09:36:35AM -0700, you wrote: > > > ============================================================================ = > > FreeBSD-SA-02:27.rc Security Advisory > > The FreeBSD Project > > > > Topic: rc uses file globbing dangerously > [snip] > > I. Background > > > > rc is the system startup script (/etc/rc). It is run when the FreeBSD > > is booted multi-user, and performs a multitude of tasks to bring the > > system up. One of these tasks is to remove lock files left by X > > Windows, as their existence could prevent one from restarting the X > > Windows server. > Please, read man 7 X, and see, that X is called "X Window", not "X > Windows". > > -- > NEVE-RIPE > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 30 6:40:41 2002 Delivered-To: freebsd-security@freebsd.org Received: from a2.scoop.co.nz (aurora.scoop.co.nz [203.96.152.68]) by hub.freebsd.org (Postfix) with ESMTP id 9E2A037B40F for ; Thu, 30 May 2002 06:40:29 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by a2.scoop.co.nz (8.12.2/8.12.2) with ESMTP id g4UDeRkT083925; Fri, 31 May 2002 01:40:27 +1200 (NZST) (envelope-from andrew@scoop.co.nz) Date: Fri, 31 May 2002 01:40:26 +1200 (NZST) From: Andrew McNaughton X-X-Sender: andrew@a2 To: Alexandr Kovalenko Cc: FreeBSD Security Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:27.rc In-Reply-To: <20020530133429.GA86256@nevermind.kiev.ua> Message-ID: <20020531013738.U83716-100000@a2> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, 30 May 2002, Alexandr Kovalenko wrote: > Hello, FreeBSD Security Advisories! > > On Wed, May 29, 2002 at 09:36:35AM -0700, you wrote: > > Windows, as their existence could prevent one from restarting the X > > Windows server. > Please, read man 7 X, and see, that X is called "X Window", not "X > Windows". Good point. The s stands for System and should probably have been capitalized. Andrew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 30 6:42: 4 2002 Delivered-To: freebsd-security@freebsd.org Received: from mile.nevermind.kiev.ua (office.netstyle.com.ua [213.186.199.26]) by hub.freebsd.org (Postfix) with ESMTP id C4F9337B404; Thu, 30 May 2002 06:41:45 -0700 (PDT) Received: from mile.nevermind.kiev.ua (never@localhost [127.0.0.1]) by mile.nevermind.kiev.ua (8.12.3/8.12.3) with ESMTP id g4UDfgj3013408; Thu, 30 May 2002 16:41:42 +0300 (EEST) (envelope-from never@mile.nevermind.kiev.ua) Received: (from never@localhost) by mile.nevermind.kiev.ua (8.12.3/8.12.3/Submit) id g4UDfgTW013407; Thu, 30 May 2002 16:41:42 +0300 (EEST) Date: Thu, 30 May 2002 16:41:42 +0300 From: Alexandr Kovalenko To: Richard Ward Cc: freebsd-chat@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:27.rc Message-ID: <20020530134142.GB86256@nevermind.kiev.ua> References: <200205291636.g4TGaZX40801@freefall.freebsd.org> <20020530133429.GA86256@nevermind.kiev.ua> <000a01c207df$59b08fc0$5ce659d8@workstation> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <000a01c207df$59b08fc0$5ce659d8@workstation> User-Agent: Mutt/1.3.99i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello, Richard Ward! On Thu, May 30, 2002 at 09:38:50AM -0400, you wrote: > Must we really nit-pick about this? Be thankful that the advisory reached > you in a timely manor and move on. Yes, of course, bug thanks to all FreeBSD community, but if we won't note small things, they will accumulate. > > > Windows, as their existence could prevent one from restarting the X > > > Windows server. > > Please, read man 7 X, and see, that X is called "X Window", not "X > > Windows". -- NEVE-RIPE To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 30 6:49: 2 2002 Delivered-To: freebsd-security@freebsd.org Received: from energyhq.homeip.net (213-97-200-73.uc.nombres.ttd.es [213.97.200.73]) by hub.freebsd.org (Postfix) with ESMTP id CE40937B40C for ; Thu, 30 May 2002 06:48:50 -0700 (PDT) Received: by energyhq.homeip.net (Postfix, from userid 1001) id CEB1C3FC9E; Thu, 30 May 2002 15:48:51 +0200 (CEST) Date: Thu, 30 May 2002 15:48:51 +0200 From: Miguel Mendez To: Alexandr Kovalenko Cc: FreeBSD Security Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:27.rc Message-ID: <20020530154851.A59516@energyhq.homeip.net> Mail-Followup-To: Alexandr Kovalenko , FreeBSD Security References: <200205291636.g4TGaZX40801@freefall.freebsd.org> <20020530133429.GA86256@nevermind.kiev.ua> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020530133429.GA86256@nevermind.kiev.ua>; from never@nevermind.kiev.ua on Thu, May 30, 2002 at 04:34:29PM +0300 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, May 30, 2002 at 04:34:29PM +0300, Alexandr Kovalenko wrote: > Please, read man 7 X, and see, that X is called "X Window", not "X > Windows". Oh, come on, if you want to be *that* picky, call it the X Window System. It's very common to call it X Windows or simply X. Let's not waste (more) time arguing on this. Cheers, --=20 Miguel Mendez - flynn@energyhq.homeip.net GPG Public Key :: http://energyhq.homeip.net/files/pubkey.txt EnergyHQ :: http://www.energyhq.tk FreeBSD - The power to serve! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 30 7: 3:40 2002 Delivered-To: freebsd-security@freebsd.org Received: from cithaeron.argolis.org (bgm-24-169-166-7.stny.rr.com [24.169.166.7]) by hub.freebsd.org (Postfix) with ESMTP id B40CA37B403 for ; Thu, 30 May 2002 07:03:04 -0700 (PDT) Received: from cithaeron.argolis.org (localhost [127.0.0.1]) by cithaeron.argolis.org (8.12.3/8.12.3) with ESMTP id g4UE2nDn076426; Thu, 30 May 2002 10:02:49 -0400 (EDT) (envelope-from piechota@argolis.org) Received: from localhost (piechota@localhost) by cithaeron.argolis.org (8.12.3/8.12.3/Submit) with ESMTP id g4UE2nQh076423; Thu, 30 May 2002 10:02:49 -0400 (EDT) X-Authentication-Warning: cithaeron.argolis.org: piechota owned process doing -bs Date: Thu, 30 May 2002 10:02:49 -0400 (EDT) From: Matt Piechota To: Miguel Mendez Cc: Alexandr Kovalenko , FreeBSD Security Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:27.rc In-Reply-To: <20020530154851.A59516@energyhq.homeip.net> Message-ID: <20020530095557.O74408-100000@cithaeron.argolis.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, 30 May 2002, Miguel Mendez wrote: > Oh, come on, if you want to be *that* picky, call it the X Window > System. It's very common to call it X Windows or simply X. Let's not > waste (more) time arguing on this. In the US (and probably elsewhere), our good friends at Microsoft trademarked (patented, peed on, whatever) the name "Windows" when used near computers and operating systems[0]. That's why you'll *never* see the X.org folks use that term, since Microsoft could sue for infringement or somesuch. The X.org FAQ are either X or The X Window System are appropriate. [0] The judge in the Lindows case recently said something along the line of "this trademark of such a generic term [Windows] should be reviewed". -- Matt Piechota To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 30 11: 0:40 2002 Delivered-To: freebsd-security@freebsd.org Received: from pa169.kurdwanowa.sdi.tpnet.pl (pa169.kurdwanowa.sdi.tpnet.pl [213.77.148.169]) by hub.freebsd.org (Postfix) with ESMTP id 7E1EB37B417 for ; Thu, 30 May 2002 11:00:19 -0700 (PDT) Received: from velvet.zaraska.dhs.org (velvet.zaraska.dhs.org [192.168.11.2]) by pa169.kurdwanowa.sdi.tpnet.pl (Postfix) with SMTP id 279CF1E3D; Thu, 30 May 2002 18:00:13 +0000 (GMT) Date: Thu, 30 May 2002 19:57:32 +0200 From: Krzysztof Zaraska To: freebsd-security@freebsd.org Subject: Re: Nmap/Snort Message-Id: <20020530195732.6b4b552b.kzaraska@student.uci.agh.edu.pl> In-Reply-To: <200205302010280086.0615F70C@zorgco.com> References: <000f01c207ad$8f215c20$0200a8c0@logical> <20020530013844.A33199@i-sphere.com> <200205302010280086.0615F70C@zorgco.com> Organization: Univ. of Mining And Metallurgy X-Mailer: Sylpheed version 0.7.4 (GTK+ 1.2.10; i386-portbld-freebsd5.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, 30 May 2002 20:10:28 +1000 "Chris" wrote: > Just as a side note, for people looking to find out about certain ports > and their functions, there is quite a comprehensive tcp/udp port listing > at http://www.iana.org/assignments/port-numbers A lot of information on the subject can be also found at http://seifried.org/security/ports/ -- // Krzysztof Zaraska * kzaraska (at) student.uci.agh.edu.pl // Prelude IDS: http://www.prelude-ids.org/ // A dream will always triumph over reality, once it is given the chance. // -- Stanislaw Lem To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 30 11: 2:59 2002 Delivered-To: freebsd-security@freebsd.org Received: from axl.seasidesoftware.co.za (axl.seasidesoftware.co.za [196.31.7.201]) by hub.freebsd.org (Postfix) with ESMTP id 5601037B408; Thu, 30 May 2002 11:02:54 -0700 (PDT) Received: from sheldonh (helo=axl.seasidesoftware.co.za) by axl.seasidesoftware.co.za with local-esmtp (Exim 3.33 #1) id 17DUGb-0001o9-00; Thu, 30 May 2002 20:03:17 +0200 From: Sheldon Hearn To: "Crist J. Clark" Cc: security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:27.rc In-reply-to: Your message of "Wed, 29 May 2002 13:38:52 MST." <20020529133852.B12700@blossom.cjclark.org> Date: Thu, 30 May 2002 20:03:17 +0200 Message-ID: <6952.1022781797@axl.seasidesoftware.co.za> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, 29 May 2002 13:38:52 MST, "Crist J. Clark" wrote: > Ick. How about, > > # /usr/bin/printf "/.X11-unix/s/^/#/\nw\nq\n" | /bin/ed -s /etc/rc > > Next time? Or even a pathless printf, so that you benefit if your shell has a builtin printf. As far as I know, the only times paths should be specified in the bootstrapping scripts is when they're used to launch some deamons that need to re-exec themselves later and use argv[0] to accomplish this. Ciao, Sheldon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 30 11:32: 9 2002 Delivered-To: freebsd-security@freebsd.org Received: from albaath.com (ns.k-kokudo.co.jp [211.126.226.18]) by hub.freebsd.org (Postfix) with SMTP id A7B0437B407; Thu, 30 May 2002 11:31:58 -0700 (PDT) Received: from unknown (188.210.239.238) by mta85.snfc21.pibi.net with QMQP; 30 May 2002 07:31:54 +1100 Reply-To: "Santiago Riva" Message-ID: <031b55a31a7d$4842c7e3$4ab43db3@ugiljb> From: "Santiago Riva" To: dear@FreeBSD.ORG Subject: Como disparar las ventas en su web. 0253hGqp3-742LalT7950TP-22 Date: Thu, 30 May 2002 16:28:47 +0200 MiME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_00C2_44D68D6D.E8431D04" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: The Bat! (v1.52f) Business Importance: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ------=_NextPart_000_00C2_44D68D6D.E8431D04 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: base64 Q29tb3ByZSANCi0gVGllbmUgbWVub3MgZGUgMTAwIHZpc2l0YXMgYWwgZGlh IGVuIHN1IHdlYj8NCi0gVGllbmUgbWVub3MgZGUgMSB2ZW50YSBhbCBkaWEg ZW4gc3Ugd2ViPw0KIA0KICAgIEVudG9uY2VzIGxlIGludGVyZXNhcmEgbG8g cXVlIGV4cG9uZ28gZW46DQogDQogICAgICAgICAgICAgaHR0cDovL3d3dy5j b21vLXZlbmRlci5jb20vIA0KIA0KKiogRGVzY3VicmEgcXVlIHdlYiAodmVu dGEgZGUgcHJvZC4gYWxpbWVudGljaW9zKSBtdWx0aXBsaWNhDQogICAgcG9y IDggc3VzIHZlbnRhcyBlbiAyIG1lc2VzLiANCiANCioqIEVqZW1wbG8gZGUg dW5hIHdlYiAodmVudGEgZGUgY3Vyc29zIGRlIGZvcm1hY2lvbikgcXVlIA0K ICAgIGVuIDIsNSBtZXNlcyBkaXNwYXJhIHN1IHJhdGlvIGRlIGNvbnZlcnNp b24gKCAlICAgZGUgdmlzaXRhbnRlcw0KICAgIHF1ZSBjb21wcmFuIGFsZ28g ZW4gc3Ugd2ViKSAgaGFzdGEgdW4gc29ycHJlbmRlbnRlIDMuOCUNCiANClRv ZGEgbGEgaW5mb3JtYWNpb24gZW4gOg0KICAgICAgICAgICAgICAgIA0KICAg ICAgICAgICAgIGh0dHA6Ly93d3cuY29tby12ZW5kZXIuY29tLw0KIA0KTXVj aG9zIHNhbHVkb3MsDQogDQpTYW50aWFnbyBSaXZhLiBEaXJlY3Rvci4NCk1h cmtldGluZyBGdXR1cmU6IEUtbWFpbCBtYXJrZXRpbmcuDQpodHRwOi8vd3d3 LmNvbW8tdmVuZGVyLmNvbQ0KDQoNCg0KDQoNCg0KDQoNCg0KDQoNCg0KDQoN Cg0KDQoNCg0KDQoNCg0KDQoNCg0KQ29tb3ByZSANClJlbW92ZTogcmVtb3Zl c0BleW91LmNvbQ0KNDA3NkpIem8wLTk4NmFZcWkwMDgwaWNCZDQtMjE2eFZh QzQyODNXT1JXbDQw To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 30 13:27:49 2002 Delivered-To: freebsd-security@freebsd.org Received: from dargo.gwi.net (dargo.gwi.net [207.5.142.21]) by hub.freebsd.org (Postfix) with SMTP id B884237B406 for ; Thu, 30 May 2002 13:27:46 -0700 (PDT) Received: (qmail 22715 invoked by uid 117); 30 May 2002 20:27:40 -0000 Date: Thu, 30 May 2002 16:27:40 -0400 From: Joshua Coombs To: freebsd-security@freebsd.org Subject: Ethernet layer 2 or 1 encryption Message-ID: <20020530162740.E2028@dargo.gwi.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I saw this touched on back in 1999 in this list, and am looking to reopen this particular can of worms. What I'm looking to do is find some way to transparently encrypt and decrypt all Ethernet traffic going over a couple of links. The links are point to point, carrying HP Switch Mesh traffic along with vlan'd Ethernet traffic. Ideally I'd like a setup that I can drop in between the two switches, basically a set of transparent bridges. Has anyone fooled around with anything similar to this? Joshua Coombs To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 30 15:57:35 2002 Delivered-To: freebsd-security@freebsd.org Received: from d188h80.mcb.uconn.edu (d188h80.mcb.uconn.edu [137.99.188.80]) by hub.freebsd.org (Postfix) with SMTP id ED65A37B406 for ; Thu, 30 May 2002 15:57:29 -0700 (PDT) Received: (qmail 49852 invoked by uid 1001); 30 May 2002 22:57:28 -0000 Date: Thu, 30 May 2002 18:57:28 -0400 From: "Peter C. Lai" To: Krzysztof Zaraska Cc: freebsd-security@freebsd.org Subject: Re: Nmap/Snort Message-ID: <20020530185728.A49830@cowbert.2y.net> Reply-To: peter.lai@uconn.edu References: <000f01c207ad$8f215c20$0200a8c0@logical> <20020530013844.A33199@i-sphere.com> <200205302010280086.0615F70C@zorgco.com> <20020530195732.6b4b552b.kzaraska@student.uci.agh.edu.pl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020530195732.6b4b552b.kzaraska@student.uci.agh.edu.pl>; from kzaraska@student.uci.agh.edu.pl on Thu, May 30, 2002 at 07:57:32PM +0200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org or just /etc/services if you want to be conservative about it. similarly, nmap uses it's own services file, nmap-services, to resolve port numbers to service names. On Thu, May 30, 2002 at 07:57:32PM +0200, Krzysztof Zaraska wrote: > On Thu, 30 May 2002 20:10:28 +1000 > "Chris" wrote: > > > Just as a side note, for people looking to find out about certain ports > > and their functions, there is quite a comprehensive tcp/udp port listing > > at http://www.iana.org/assignments/port-numbers > > A lot of information on the subject can be also found at > http://seifried.org/security/ports/ > > -- > // Krzysztof Zaraska * kzaraska (at) student.uci.agh.edu.pl > // Prelude IDS: http://www.prelude-ids.org/ > // A dream will always triumph over reality, once it is given the chance. > // -- Stanislaw Lem > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Peter C. Lai University of Connecticut Dept. of Molecular and Cell Biology | Undergraduate Research Assistant http://cowbert.2y.net/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 30 16: 6:36 2002 Delivered-To: freebsd-security@freebsd.org Received: from d188h80.mcb.uconn.edu (d188h80.mcb.uconn.edu [137.99.188.80]) by hub.freebsd.org (Postfix) with SMTP id 0C87E37B406 for ; Thu, 30 May 2002 16:06:30 -0700 (PDT) Received: (qmail 49882 invoked by uid 1001); 30 May 2002 23:06:29 -0000 Date: Thu, 30 May 2002 19:06:29 -0400 From: "Peter C. Lai" To: Dave Raven Cc: George.Giles@mcmail.vanderbilt.edu, freebsd-security@FreeBSD.ORG Subject: Re: ipfw issue with nmap false alarms Message-ID: <20020530190629.B49830@cowbert.2y.net> Reply-To: peter.lai@uconn.edu References: <000001c20789$f19ff060$6301a8c0@visp> <009001c207a9$454c7020$3800a8c0@DAVE> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <009001c207a9$454c7020$3800a8c0@DAVE>; from dave@raven.za.net on Thu, May 30, 2002 at 09:11:49AM +0200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Allowing all packets from any to any via lo0 will show open ports when scanning localhost, since with the above rule any packet sent from localhost to localhost will be accepted (which is what nmap is using when scanning localhost). I believe the above rule also allows packets originating from your external IP destined for that same IP. Better to use a different interface to scan the original one. On Thu, May 30, 2002 at 09:11:49AM +0200, Dave Raven wrote: > That is the problem, your scanning localhost. > rather scan an external card. > > > --Dave. > > > ----- Original Message ----- > From: "Brett Moore" > To: ; > Sent: Thursday, May 30, 2002 5:27 AM > Subject: RE: ipfw issue with nmap false alarms > > > > Others may correct me if I am wrong here. > > > > I have had the same 'problem'. I was told/read that nmap may sometimes > > report the port that it is using as open when run against localhost. > > > > Try 2.54BETA34 its for d/l at the site. > > > > Brett > > > > > > > -----Original Message----- > > > From: owner-freebsd-security@FreeBSD.ORG > > > [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of > > > George.Giles@mcmail.vanderbilt.edu > > > Sent: Thursday, 30 May 2002 15:06 > > > To: freebsd-security@FreeBSD.ORG > > > Subject: ipfw issue with nmap false alarms > > > > > > > > > nmap reports as expected when scanning the actual ip address, but when > run > > > against localhost various open ports show up. > > > > > > Any ideas ? > > > > > > Starting nmap V. 2.54BETA29 ( www.insecure.org/nmap/ ) > > > Interesting ports on localhost (127.0.0.1): > > > (The 1540 ports scanned but not shown below are in state: closed) > > > Port State Service > > > 21/tcp open ftp > > > 22/tcp open ssh > > > 53/tcp open domain > > > 80/tcp open http > > > 443/tcp open https > > > 1669/tcp open netview-aix-9 > > > > > > Nmap run completed -- 1 IP address (1 host up) scanned in 9 seconds > > > bash-2.05$ nmap localhost > > > > > > Starting nmap V. 2.54BETA29 ( www.insecure.org/nmap/ ) > > > Interesting ports on localhost (127.0.0.1): > > > (The 1540 ports scanned but not shown below are in state: closed) > > > Port State Service > > > 21/tcp open ftp > > > 22/tcp open ssh > > > 53/tcp open domain > > > 80/tcp open http > > > 443/tcp open https > > > 2044/tcp open rimsl > > > > > > > > > Nmap run completed -- 1 IP address (1 host up) scanned in 9 seconds > > > bash-2.05$ nmap localhost > > > > > > Starting nmap V. 2.54BETA29 ( www.insecure.org/nmap/ ) > > > Interesting ports on localhost (127.0.0.1): > > > (The 1539 ports scanned but not shown below are in state: closed) > > > Port State Service > > > 21/tcp open ftp > > > 22/tcp open ssh > > > 53/tcp open domain > > > 80/tcp open http > > > 443/tcp open https > > > 2003/tcp open cfingerd > > > 3306/tcp open mysql > > > > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-security" in the body of the message > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Peter C. Lai University of Connecticut Dept. of Molecular and Cell Biology | Undergraduate Research Assistant http://cowbert.2y.net/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 30 17:24: 1 2002 Delivered-To: freebsd-security@freebsd.org Received: from roble.com (mx0.roble.com [206.40.34.14]) by hub.freebsd.org (Postfix) with ESMTP id B269B37B403 for ; Thu, 30 May 2002 17:23:57 -0700 (PDT) Received: from gw.netlecture.com (gw.netlecture.com [206.40.34.9]) by roble.com with ESMTP id g4V0Nv007251 for ; Thu, 30 May 2002 17:23:57 -0700 (PDT) Date: Thu, 30 May 2002 17:23:57 -0700 (PDT) From: Roger Marquis To: security@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:27.rc Message-ID: <20020530171719.W7046-100000@roble.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Crist J. Clark wrote: >Ick. How about, > > # /usr/bin/printf "/.X11-unix/s/^/#/\nw\nq\n" | /bin/ed -s /etc/rc Why not: # rm -rf /tmp/.X*-lock /tmp/.X11-unix As long as it doesn't specify subdirectory wildcards (.../*) there should be no problems with links to files outside of /tmp. -- Roger Marquis Roble Systems Consulting http://www.roble.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 30 17:42:30 2002 Delivered-To: freebsd-security@freebsd.org Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by hub.freebsd.org (Postfix) with ESMTP id BA71837B408 for ; Thu, 30 May 2002 17:42:25 -0700 (PDT) Received: by gw.nectar.cc (Postfix, from userid 1001) id 265B641; Thu, 30 May 2002 19:42:25 -0500 (CDT) Date: Thu, 30 May 2002 19:42:25 -0500 From: "Jacques A. Vidrine" To: Roger Marquis Cc: security@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:27.rc Message-ID: <20020531004225.GA80885@hellblazer.nectar.cc> References: <20020530171719.W7046-100000@roble.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020530171719.W7046-100000@roble.com> User-Agent: Mutt/1.3.27i X-Url: http://www.nectar.cc/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, May 30, 2002 at 05:23:57PM -0700, Roger Marquis wrote: > Crist J. Clark wrote: > >Ick. How about, > > > > # /usr/bin/printf "/.X11-unix/s/^/#/\nw\nq\n" | /bin/ed -s /etc/rc > > Why not: > > # rm -rf /tmp/.X*-lock /tmp/.X11-unix > > As long as it doesn't specify subdirectory wildcards (.../*) there > should be no problems with links to files outside of /tmp. This message has so far been concerned with the workaround, not the solution. Cheers, -- Jacques A. Vidrine http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 30 17:43:22 2002 Delivered-To: freebsd-security@freebsd.org Received: from notes.dndlabs.net (rdu88-251-049.nc.rr.com [24.88.251.49]) by hub.freebsd.org (Postfix) with ESMTP id BE15837B409 for ; Thu, 30 May 2002 17:42:54 -0700 (PDT) Received: from ronin ([192.168.1.103]) by notes.dndlabs.net (Lotus Domino Build M12_02042002 Pre-release 1) with ESMTP id 2002053020404978-1527 ; Thu, 30 May 2002 20:40:49 -0400 From: John Ruff To: weeguan@hem.passagen.se (Lim Wee Guan), freebsd-security@freebsd.org Subject: Re: Snort producing tcpdump unreadable binary files. Date: Thu, 30 May 2002 20:40:03 -0400 X-Mailer: KMail [version 1.4] References: <20020529210806.A29200@nexus> In-Reply-To: <20020529210806.A29200@nexus> MIME-Version: 1.0 Message-Id: <200205302040.03264.john@dndlabs.net> X-MIMETrack: Itemize by SMTP Server on TRINITY/DNDLABS(Build M12_02042002 Pre-release 1|February 04, 2002) at 05/30/2002 08:40:49 PM, Serialize by Router on TRINITY/DNDLABS(Build M12_02042002 Pre-release 1|February 04, 2002) at 05/30/2002 08:40:57 PM, Serialize complete at 05/30/2002 08:40:57 PM Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org You should actually be using "snort -r" to read the files and not "tcpdum= p=20 -r". -- GnuPG Public Key: https://www.dndlabs.net/pgpkey/listing.php Key Fingerprint =3D 73D0 EDCC D5ED A6C0 1324 A85E 4957 D3C6 FA6C F3AE On Wednesday 29 May 2002 09:08, Lim Wee Guan wrote: > Dear all, > > I have started running snort on a firewall machine running FreeBSD > 4.6-RC. It is made to log packets using tcpdump binary readable > format. i.e. using the -b flag. > > However, after a while of logging, snort appears to go "crazy" and > logs apparently all packets (humongous log files are typical), and if > I attempt to read the binary file using tcpdump -r, I get this > message at the end of some valid packets: "tcpdump: pcap_loop: bogus > savefile header" > > According to google, some guys had this problem is the past, but it > had to do with RedHat Linux machines, and the fact that they changed > the libpcap or something like that. > > This is not RedHat, so what gives? > > Any advice will be greatly appreciated, as I am currently logging in > ASCII, which is not exactly optimal for that slow, grunt machine... > ;-) > > Thanks and regards. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 30 17:54:48 2002 Delivered-To: freebsd-security@freebsd.org Received: from notes.dndlabs.net (rdu88-251-049.nc.rr.com [24.88.251.49]) by hub.freebsd.org (Postfix) with ESMTP id D55A437B409 for ; Thu, 30 May 2002 17:54:36 -0700 (PDT) Received: from ronin ([192.168.1.103]) by notes.dndlabs.net (Lotus Domino Build M12_02042002 Pre-release 1) with ESMTP id 2002053020523297-1532 ; Thu, 30 May 2002 20:52:32 -0400 From: John Ruff To: faSty , freebsd-security@FreeBSD.ORG Subject: Re: Nmap/Snort Date: Thu, 30 May 2002 20:51:47 -0400 X-Mailer: KMail [version 1.4] References: <000f01c207ad$8f215c20$0200a8c0@logical> <20020530013844.A33199@i-sphere.com> In-Reply-To: <20020530013844.A33199@i-sphere.com> MIME-Version: 1.0 Message-Id: <200205302051.47194.john@dndlabs.net> X-MIMETrack: Itemize by SMTP Server on TRINITY/DNDLABS(Build M12_02042002 Pre-release 1|February 04, 2002) at 05/30/2002 08:52:33 PM, Serialize by Router on TRINITY/DNDLABS(Build M12_02042002 Pre-release 1|February 04, 2002) at 05/30/2002 08:52:39 PM, Serialize complete at 05/30/2002 08:52:39 PM Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org You should be able to close 113/tcp via /etc/inetd.conf. Also using 'lso= f -i=20 -P' is a good tool for determining what's listening on what ports and wha= t=20 daemon is running there. Cheers -- GnuPG Public Key: https://www.dndlabs.net/pgpkey/listing.php Key Fingerprint =3D 73D0 EDCC D5ED A6C0 1324 A85E 4957 D3C6 FA6C F3AE On Thursday 30 May 2002 04:38, faSty wrote: > 113 port is identd usually for IRC or some reason. > > 587 is for sendmail's submission > > -trev > > On Thu, May 30, 2002 at 02:42:32AM -0500, nathan skains wrote: > > yep i am scanning my self via root. the port that was up on the firs= t > > scan then i scan again seconds later and it was gone. > > not really sure. but i am also concern about these ports > > 113/tcp open auth > > 587/tcp open submission > > > > any way to close them... I am still in the learning process of freeb= sd > > so i have search google and have not found anything about these ports > > Thanks > > Nate --=20 GnuPG Public Key: https://www.dndlabs.net/pgpkey/listing.php Key Fingerprint =3D 73D0 EDCC D5ED A6C0 1324 A85E 4957 D3C6 FA6C F3AE To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 30 19:53:53 2002 Delivered-To: freebsd-security@freebsd.org Received: from pacbell.net (adsl-63-199-179-203.dsl.snfc21.pacbell.net [63.199.179.203]) by hub.freebsd.org (Postfix) with ESMTP id 676F837B413 for ; Thu, 30 May 2002 19:53:28 -0700 (PDT) Received: (from paleph@localhost) by pacbell.net (8.11.0/8.9.3) id g4V2OhV01770 for freebsd-security@freebsd.org; Thu, 30 May 2002 19:24:43 -0700 From: paleph@pacbell.net Message-Id: <200205310224.g4V2OhV01770@pacbell.net> Subject: question on freebsd extattr* system calls To: freebsd-security@freebsd.org Date: Thu, 30 May 2002 19:24:43 -0700 (PDT) X-Mailer: ELM [version 2.5 PL3] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Quick question Are there man pages available for the extattr* FreeBSD system calls? I see the following 4 system calls in the sysent table: extattrctl extattr_set_file extattr_get_file extattr_delete_file I am interested in the possible use of these to add ancillary security attributes to file system objects. Paul Fronberg paleph@pacbell.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 30 23:29: 8 2002 Delivered-To: freebsd-security@freebsd.org Received: from south.nanolink.com (south.nanolink.com [217.75.134.10]) by hub.freebsd.org (Postfix) with SMTP id B827637B401 for ; Thu, 30 May 2002 23:29:01 -0700 (PDT) Received: (qmail 22615 invoked by uid 85); 31 May 2002 06:38:16 -0000 Received: from unknown (HELO straylight.ringlet.net) (212.116.140.125) by south.nanolink.com with SMTP; 31 May 2002 06:38:14 -0000 Received: (qmail 84310 invoked by uid 1000); 31 May 2002 06:28:15 -0000 Date: Fri, 31 May 2002 09:28:15 +0300 From: Peter Pentchev To: paleph@pacbell.net Cc: freebsd-security@freebsd.org Subject: Re: question on freebsd extattr* system calls Message-ID: <20020531092814.C352@straylight.oblivion.bg> Mail-Followup-To: paleph@pacbell.net, freebsd-security@freebsd.org References: <200205310224.g4V2OhV01770@pacbell.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="hYooF8G/hrfVAmum" Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <200205310224.g4V2OhV01770@pacbell.net>; from paleph@pacbell.net on Thu, May 30, 2002 at 07:24:43PM -0700 X-Virus-Scanned: by Nik's Monitoring Daemon (AMaViS perl-11d) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --hYooF8G/hrfVAmum Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, May 30, 2002 at 07:24:43PM -0700, paleph@pacbell.net wrote: > Quick question >=20 > Are there man pages available for the extattr* FreeBSD system calls? > I see the following 4 system calls in the sysent table: >=20 > extattrctl > extattr_set_file > extattr_get_file > extattr_delete_file >=20 > I am interested in the possible use of these to add ancillary > security attributes to file system objects. If you're looking at a FreeBSD 4.x syscalls.master file, those syscall names and numbers are there for compatibility purposes only. They are actually implemented in 5.0-CURRENT, and yes, there is a manual page describing them there. I do not think that there are any plans of merging the extended attributes support functionality into FreeBSD 4.x; however, you might want to check with the TrustedBSD Project site http://www.trustedbsd.org/ for more details. G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 If the meanings of 'true' and 'false' were switched, then this sentence wou= ldn't be false. --hYooF8G/hrfVAmum Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE89xf+7Ri2jRYZRVMRAnA+AKCPRRSc10Qi57f+uKfv2+IXKicI2gCgmwP7 OM8wnIS/cbRNlpHNHAKRd5w= =osl4 -----END PGP SIGNATURE----- --hYooF8G/hrfVAmum-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 31 2:10:35 2002 Delivered-To: freebsd-security@freebsd.org Received: from skywalker.systec.no (skywalker.systec.no [80.64.196.212]) by hub.freebsd.org (Postfix) with ESMTP id 18E6B37B414 for ; Fri, 31 May 2002 02:10:23 -0700 (PDT) Received: by skywalker.systec.no with Internet Mail Service (5.5.2653.19) id ; Fri, 31 May 2002 11:10:11 +0200 Message-ID: From: =?iso-8859-1?Q?=D8ystein_Andreassen?= To: 'Joshua Coombs' Cc: "FreeBSD Secuity (E-mail)" Subject: RE: Ethernet layer 2 or 1 encryption Date: Fri, 31 May 2002 11:10:01 +0200 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org What about fiber? It's not encrypted, I know, but is's not possible to eavsdrop ither (I think:)...=20 =D8ystein -----Original Message----- From: Joshua Coombs [mailto:jcoombs@gwi.net] Sent: Thursday, May 30, 2002 22:28 To: freebsd-security@freebsd.org Subject: Ethernet layer 2 or 1 encryption I saw this touched on back in 1999 in this list, and am looking to reopen this particular can of worms. What I'm looking to do is find some way to transparently encrypt and decrypt all Ethernet traffic = going over a couple of links. The links are point to point, carrying HP Switch Mesh traffic along with vlan'd Ethernet traffic. Ideally I'd like a setup that I can drop in between the two switches, basically a = set of transparent bridges. Has anyone fooled around with anything similar to this? Joshua Coombs To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 31 2:43: 3 2002 Delivered-To: freebsd-security@freebsd.org Received: from walter.dfmm.org (walter.dfmm.org [209.151.233.240]) by hub.freebsd.org (Postfix) with ESMTP id 9FACD37B401 for ; Fri, 31 May 2002 02:42:56 -0700 (PDT) Received: (qmail 44962 invoked by uid 1000); 31 May 2002 09:42:50 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 31 May 2002 09:42:50 -0000 Date: Fri, 31 May 2002 02:42:49 -0700 (PDT) From: Jason Stone X-X-Sender: To: =?iso-8859-1?Q?=D8ystein_Andreassen?= Cc: 'Joshua Coombs' , "FreeBSD Secuity (E-mail)" Subject: RE: Ethernet layer 2 or 1 encryption In-Reply-To: Message-ID: <20020531023040.K86736-100000@walter> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > What about fiber? It's not encrypted, I know, but is's not possible to > eavsdrop ither (I think:)... Actually, you can, in fact sniff fibre. Additionally, if you have physical access anyway, you can be a literal man-in-the-middle, bridging all traffic and keeping a copy for yourself. You could probably do something with the tun(4) device. And there's probablly some l2tp software in ports/net that would fit your needs (tund, vtun). l2tp would have higher latency and overhead then just encrypting ethernet payloads, but it has the advantage of being already available. -Jason ----------------------------------------------------------------------- I worry about my child and the Internet all the time, even though she's too young to have logged on yet. Here's what I worry about. I worry that 10 or 15 years from now, she will come to me and say "Daddy, where were you when they took freedom of the press away from the Internet?" -- Mike Godwin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: See https://private.idealab.com/public/jason/jason.gpg iD8DBQE890WaswXMWWtptckRAiPbAKDABp8cdDODFlyQq7Z7K13bvsvDoACgqk6E Qu4UmqGSe+AP1SJroLBvfl8= =C0gU -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 31 6:47:50 2002 Delivered-To: freebsd-security@freebsd.org Received: from lmail.actcom.co.il (mail.actcom.co.il [192.114.47.13]) by hub.freebsd.org (Postfix) with ESMTP id 1021737B400; Fri, 31 May 2002 06:47:45 -0700 (PDT) Received: from nospam.nospam.net (p7.ta1.actcom.co.il [204.141.45.7]) by lmail.actcom.co.il (8.11.6/8.11.6) with ESMTP id g4VDla923699; Fri, 31 May 2002 16:47:37 +0300 Message-ID: <3CF78D95.C96C85D1@nospam.nospam.net> Date: Fri, 31 May 2002 16:49:57 +0200 From: Well Educated X-Mailer: Mozilla 4.79 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-security@freebsd.org Cc: freebsd-chat@freebsd.org Subject: typo in FreeBSD-SA-02:27.rc Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org "X Windows" - what is it, "XP Windows" or "Windows XP" maybe? Let's use true terms to the things. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 31 7:11:11 2002 Delivered-To: freebsd-security@freebsd.org Received: from mcqueen.wolfsburg.de (pns.wobline.de [212.68.68.5]) by hub.freebsd.org (Postfix) with ESMTP id E645D37B422; Fri, 31 May 2002 07:09:36 -0700 (PDT) Received: from k6-2-300.tisys.org (ppp-161.wobline.de [212.68.69.169]) by mcqueen.wolfsburg.de (8.11.3/8.11.3/sh-2002041503) with ESMTP id g4VE9Sw32505; Fri, 31 May 2002 16:09:29 +0200 Received: from daemon.tisys.org (palomino-1533.tisys.org [192.168.0.3]) by k6-2-300.tisys.org (8.12.3/8.12.3) with ESMTP id g4VEAXo2004033; Fri, 31 May 2002 16:10:34 +0200 (CEST) (envelope-from nils@daemon.tisys.org) Received: (from nils@localhost) by daemon.tisys.org (8.12.3/8.12.3/Submit) id g4VEAOjV000680; Fri, 31 May 2002 16:10:24 +0200 (CEST) Date: Fri, 31 May 2002 16:10:24 +0200 From: Nils Holland To: Well Educated Cc: freebsd-security@FreeBSD.ORG, freebsd-chat@FreeBSD.ORG Subject: Re: typo in FreeBSD-SA-02:27.rc Message-ID: <20020531161024.A616@daemon.tisys.org> References: <3CF78D95.C96C85D1@nospam.nospam.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <3CF78D95.C96C85D1@nospam.nospam.net>; from nospam@nospam.nospam.net on Fri, May 31, 2002 at 04:49:57PM +0200 X-Operating-System: FreeBSD palomino-1533.tisys.org 4.6-RC FreeBSD 4.6-RC X-Machine-Uptime: 4:05PM up 9:47, 1 user, load averages: 0.06, 0.10, 0.07 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, May 31, 2002 at 04:49:57PM +0200, Well Educated stood up and spoke: > "X Windows" - what is it, "XP Windows" or "Windows XP" maybe? > Let's use true terms to the things. Hmm, I've never been someone who likes endless debates about small bits and pieces which have no effect at all on, well, anything. In context of the Security Advisory, I don't think that writing "X Windows" instead of "X" or "X Window System" introduces a security hole, or makes it hard to understand what the Advisory is talking about. Therefore, I guess most people have better things to do than to worry about this one... Greetings Nils -- Nils Holland Ti Systems - http://www.tisys.org Addicted to computing since 1987 High on FreeBSD since 1996 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 31 7:55:51 2002 Delivered-To: freebsd-security@freebsd.org Received: from lmail.actcom.co.il (mail.actcom.co.il [192.114.47.13]) by hub.freebsd.org (Postfix) with ESMTP id 7453F37B407; Fri, 31 May 2002 07:55:43 -0700 (PDT) Received: from nospam.nospam.net (p7.ta1.actcom.co.il [204.141.45.7]) by lmail.actcom.co.il (8.11.6/8.11.6) with ESMTP id g4VEte915036; Fri, 31 May 2002 17:55:41 +0300 Message-ID: <3CF79D89.6A5FF823@nospam.nospam.net> Date: Fri, 31 May 2002 17:58:01 +0200 From: Well Educated X-Mailer: Mozilla 4.79 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-security@freebsd.org Cc: freebsd-chat@freebsd.org, Nils Holland Subject: Re: typo in FreeBSD-SA-02:27.rc Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >> "X Windows" - what is it, "XP Windows" or "Windows XP" maybe? >> Let's use true terms to the things. > > Hmm, I've never been someone who likes endless debates about small bits and > pieces which have no effect at all on, well, anything. In context of the > Security Advisory, I don't think that writing "X Windows" instead of "X" or > "X Window System" introduces a security hole, or makes it hard to > understand what the Advisory is talking about. Therefore, I guess most > people have better things to do than to worry about this one... > > Greetings > Nils I didn't say it introduces any security hole or understanding obstacle. But the term "X Windows" just shows crass ignorance of people that use it. Insted of making flames, the typo can be simply corrected. P.S. your reaction casted me to remember the following text :-)) Five year phase-in plan for "EuroEnglish" The European Commission have just announced an agreement whereby English will be the official language of the EU, rather than German, which was the other possibility. As part of the negotiations, Her Majesty's government conceded that English spelling had some room for improvement and has accepted a five year phase in plan that would be known as "EuroEnglish". In the first year, "s" will replace the soft "c". Sertainly, this will make the sivil servants jump for joy. The hard "c" will be dropped in favour of the "k". This should klear up konfusion and keyboards kan have 1 less letter. There will be growing publik enthusiasm in the sekond year, when the troublesome "ph" will be replaced with the "f". This will make words like "fotograf" 20% shorter. In the third year, publik akseptanse of the new spelling kan be expekted to reach the stage where more komplikated changes are possible. Governments will enkorage the removal of double letters, which have always ben a deterent to akurate speling. Also, al wil agre that the horible mes of the silent "e"s in the language is disgraseful, and they should go away. By the 4th year, peopl wil be reseptiv to steps such as replasing "th" with "z" and "w" with "v". During ze fifz year, ze unesesary "o" kan be dropd from vords kontaining "ou" and similar changes vud of kors be aplid to ozer kombinations of leters. After zis fifz year, ve vil hav a realy sensibl riten styl. Zer vil be no mor trubls or difikultis and evrivun vil find it ezi to understand each ozer ZE DREAM VIL FINALI KUM TRU! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 31 8: 0:20 2002 Delivered-To: freebsd-security@freebsd.org Received: from heresy.dreamflow.nl (heresy.dreamflow.nl [62.58.36.22]) by hub.freebsd.org (Postfix) with SMTP id ACE6737B408 for ; Fri, 31 May 2002 08:00:14 -0700 (PDT) Received: (qmail 12592 invoked by uid 1000); 31 May 2002 15:00:12 -0000 Date: Fri, 31 May 2002 17:00:12 +0200 From: Bart Matthaei To: Well Educated Cc: freebsd-security@freebsd.org Subject: Re: typo in FreeBSD-SA-02:27.rc Message-ID: <20020531170012.C6958@heresy.dreamflow.nl> References: <3CF79D89.6A5FF823@nospam.nospam.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <3CF79D89.6A5FF823@nospam.nospam.net>; from nospam@nospam.nospam.net on Fri, May 31, 2002 at 05:58:01PM +0200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, May 31, 2002 at 05:58:01PM +0200, Well Educated wrote: > I didn't say it introduces any security hole or understanding obstacle. But the term "X Windows" > just shows crass ignorance of people that use it. Insted of making flames, the typo can be simply > corrected. Would you be so kind to post this crap to freebsd-test, so we don't have to read it ? "X Windows" is a correct term for "The X Windows system". Oh, and by the way, it's "Instead", and not "Insted". HTH HAND, Bart -- Bart Matthaei bart@dreamflow.nl Time flies like an arrow, but fruit flies like a banana. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 31 8:13:53 2002 Delivered-To: freebsd-security@freebsd.org Received: from moek.pir.net (moek.pir.net [130.64.1.215]) by hub.freebsd.org (Postfix) with ESMTP id 72E6837B403 for ; Fri, 31 May 2002 08:13:49 -0700 (PDT) Received: from pir by moek.pir.net with local (Exim) id 17Do68-0005qv-00 for freebsd-security@freebsd.org; Fri, 31 May 2002 11:13:48 -0400 Date: Fri, 31 May 2002 11:13:48 -0400 From: Peter Radcliffe To: freebsd-security@freebsd.org Subject: Re: typo in FreeBSD-SA-02:27.rc Message-ID: <20020531151348.GC19532@pir.net> Reply-To: freebsd-security@freebsd.org Mail-Followup-To: freebsd-security@freebsd.org References: <3CF79D89.6A5FF823@nospam.nospam.net> <20020531170012.C6958@heresy.dreamflow.nl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020531170012.C6958@heresy.dreamflow.nl> User-Agent: Mutt/1.3.27i X-fish: < X-Copy-On-Listmail: Please do NOT Cc: me on list mail. Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Bart Matthaei probably said: > "X Windows" is a correct term for "The X Windows system". Actually, neither of those two terms are correct according to the X Consortium. ] X(1) X(1) ] ] ] NAME ] X - a portable, network-transparent window system ] ] SYNOPSIS [...] ] The X Consortium requests that the following names be used ] when referring to this software: ] ] X ] X Window System ] X Version 11 ] X Window System, Version 11 ] X11 ] ] X Window System is a trademark of X Consortium, Inc. P. -- pir pir-sig@pir.net pir-sig@net.tufts.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 31 8:20:25 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.gbronline.com (mail.gbronline.com [12.145.226.4]) by hub.freebsd.org (Postfix) with ESMTP id 585BA37B407; Fri, 31 May 2002 08:20:17 -0700 (PDT) Received: from daleco [12.145.236.147] by mail.gbronline.com (SMTPD32-7.06) id A45B6D9003E; Fri, 31 May 2002 10:18:51 -0500 Message-ID: <004201c208b6$95081480$93ec910c@daleco> From: "Kevin Kinsey, DaleCo, S.P." To: "Well Educated" , Cc: References: <3CF78D95.C96C85D1@nospam.nospam.net> Subject: Re: typo in FreeBSD-SA-02:27.rc Date: Fri, 31 May 2002 10:19:37 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ----- Original Message ----- From: "Well Educated" To: Cc: Sent: Friday, May 31, 2002 9:49 AM Subject: typo in FreeBSD-SA-02:27.rc > "X Windows" - what is it, "XP Windows" or "Windows XP" maybe? > Let's use true terms to the things. In spite of the fact that "Well-Educated" [1] doesn't seem to be so and nospam.net doesn't seem to be "no-spam," [2] here's an answer: X is not the first window system written for Unix, but it is the most popular. X's original development team had worked on another window system before writing X. That system's name was ``W'' (for ``Window''). X is just the next letter in the Roman alphabet. X can be called ``X'', ``X Window System'', ``X11'', and other terms. Calling X11 ``X Windows'' can offend some people; see X(1) for a bit more insight on this. ---FreeBSD Handbook, Ch. 5.2.1[3] Now I could be wrong about [1] and [2] but [3] seems spot on. Also, a recent thread on one of the lists addressed this issue. So, Jacques accidentally touched the "s" key, is it really worth complaining about? KDK To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 31 9:16:19 2002 Delivered-To: freebsd-security@freebsd.org Received: from energyhq.homeip.net (213-97-200-73.uc.nombres.ttd.es [213.97.200.73]) by hub.freebsd.org (Postfix) with ESMTP id 8B33E37B407; Fri, 31 May 2002 09:15:42 -0700 (PDT) Received: by energyhq.homeip.net (Postfix, from userid 1001) id 0290B3FC29; Fri, 31 May 2002 18:15:36 +0200 (CEST) Date: Fri, 31 May 2002 18:15:36 +0200 From: Miguel Mendez To: Nils Holland Cc: Well Educated , freebsd-security@FreeBSD.ORG, freebsd-chat@FreeBSD.ORG Subject: Re: typo in FreeBSD-SA-02:27.rc Message-ID: <20020531181536.A268@energyhq.homeip.net> Mail-Followup-To: Nils Holland , Well Educated , freebsd-security@FreeBSD.ORG, freebsd-chat@FreeBSD.ORG References: <3CF78D95.C96C85D1@nospam.nospam.net> <20020531161024.A616@daemon.tisys.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="FCuugMFkClbJLl1L" Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020531161024.A616@daemon.tisys.org>; from nils@daemon.tisys.org on Fri, May 31, 2002 at 04:10:24PM +0200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --FCuugMFkClbJLl1L Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, May 31, 2002 at 04:10:24PM +0200, Nils Holland wrote: > Hmm, I've never been someone who likes endless debates about small bits a= nd > pieces which have no effect at all on, well, anything. In context of the > Security Advisory, I don't think that writing "X Windows" instead of "X" = or > "X Window System" introduces a security hole, or makes it hard to > understand what the Advisory is talking about. Therefore, I guess most > people have better things to do than to worry about this one... LMAO, DON'T FEED THE TROLLS, K, THX Cheers, --=20 Miguel Mendez - flynn@energyhq.homeip.net GPG Public Key :: http://energyhq.homeip.net/files/pubkey.txt EnergyHQ :: http://www.energyhq.tk FreeBSD - The power to serve! --FCuugMFkClbJLl1L Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE896GonLctrNyFFPERArqxAJ9igYKPX7sY3qEJehHA5s0dRCj61wCfYgBw R1Hti01xvq+bHoh6lYmP+YQ= =Fb+N -----END PGP SIGNATURE----- --FCuugMFkClbJLl1L-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 31 9:53:29 2002 Delivered-To: freebsd-security@freebsd.org Received: from wopr.caltech.edu (wopr.caltech.edu [131.215.103.10]) by hub.freebsd.org (Postfix) with ESMTP id 28E9E37B404; Fri, 31 May 2002 09:53:13 -0700 (PDT) Received: from wopr.caltech.edu (localhost.caltech.edu [127.0.0.1]) by wopr.caltech.edu (8.12.3/8.12.3) with ESMTP id g4VGrAPh035688; Fri, 31 May 2002 09:53:10 -0700 (PDT) (envelope-from mph@wopr.caltech.edu) Received: (from mph@localhost) by wopr.caltech.edu (8.12.3/8.12.3/Submit) id g4VGrAkx035687; Fri, 31 May 2002 09:53:10 -0700 (PDT) Date: Fri, 31 May 2002 09:53:10 -0700 From: Matthew Hunt To: "Kevin Kinsey, DaleCo, S.P." Cc: Well Educated , freebsd-security@FreeBSD.ORG, freebsd-chat@FreeBSD.ORG Subject: Re: typo in FreeBSD-SA-02:27.rc Message-ID: <20020531095310.D34758@wopr.caltech.edu> References: <3CF78D95.C96C85D1@nospam.nospam.net> <004201c208b6$95081480$93ec910c@daleco> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <004201c208b6$95081480$93ec910c@daleco>; from kdk@daleco.biz on Fri, May 31, 2002 at 10:19:37AM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, May 31, 2002 at 10:19:37AM -0500, Kevin Kinsey, DaleCo, S.P. wrote: > So, Jacques accidentally touched the "s" key, is it really > worth complaining about? That depends on whether it will be accidentally touched in future advisories or not. -- Matthew Hunt * UNIX is a lever for the http://www.pobox.com/~mph/ * intellect. -J.R. Mashey To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 31 10: 8:56 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.gbronline.com (mail.gbronline.com [12.145.226.4]) by hub.freebsd.org (Postfix) with ESMTP id 2350A37B404; Fri, 31 May 2002 10:08:44 -0700 (PDT) Received: from daleco [12.145.236.17] by mail.gbronline.com (SMTPD32-7.06) id ADC61CF0062; Fri, 31 May 2002 12:07:18 -0500 Message-ID: <008601c208c5$bbf26640$93ec910c@daleco> From: "Kevin Kinsey, DaleCo, S.P." To: "Matthew Hunt" Cc: "Well Educated" , , References: <3CF78D95.C96C85D1@nospam.nospam.net> <004201c208b6$95081480$93ec910c@daleco> <20020531095310.D34758@wopr.caltech.edu> Subject: Re: typo in FreeBSD-SA-02:27.rc Date: Fri, 31 May 2002 12:08:04 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ----- Original Message ----- From: "Matthew Hunt" To: "Kevin Kinsey, DaleCo, S.P." Cc: "Well Educated" ; ; Sent: Friday, May 31, 2002 11:53 AM Subject: Re: typo in FreeBSD-SA-02:27.rc > On Fri, May 31, 2002 at 10:19:37AM -0500, Kevin Kinsey, DaleCo, S.P. wrote: > > > So, Jacques accidentally touched the "s" key, is it really > > worth complaining about? > > That depends on whether it will be accidentally touched in future > advisories or not. Touche, indeed. Maybe it's a holdover from ending "Jack" with one, but that's a thread I hope is over.... KDK > > -- > Matthew Hunt * UNIX is a lever for the > http://www.pobox.com/~mph/ * intellect. -J.R. Mashey > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 31 11: 7:14 2002 Delivered-To: freebsd-security@freebsd.org Received: from nighthawk.sc2000.net (nighthawk.sc2000.net [205.247.104.22]) by hub.freebsd.org (Postfix) with ESMTP id 7DDF837B401 for ; Fri, 31 May 2002 11:07:01 -0700 (PDT) Received: from server1.jgkl.local ([208.5.239.25]) by nighthawk.sc2000.net (8.9.3/8.9.3) with ESMTP id NAA77076; Fri, 31 May 2002 13:01:07 -0500 (CDT) From: dave678@altavista.com Received: by server1.jgkl.local with Internet Mail Service (5.5.2653.19) id ; Fri, 31 May 2002 12:58:02 -0500 Received: from . (193.141.100.220 [193.141.100.220]) by server1.jgkl.local with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id K68YC4PF; Fri, 31 May 2002 12:57:56 -0500 To: thomas.ringer@gte.net, jbednar488@aol.com, bradleygt@webtv.net, ko@ebicom.net, thomas.rietenbach@t-online.de, dax@idirect.com, a.cooper@sghp.com, bradleygt3@aol.com, a.coolbreeze@gte.net, piazza31jeter2@cs.com Cc: ko@epix.net, piazza31girl@yahoo.com, sc100@hotmail.com, mickeyclaire@msn.com, jbednar@erols.com, ko@cloudgehshan.com, thomas.rigsby@tenneco-automotive.com, mickeycolgan@aol.com, freebsd@tesys.com, dax@linet.it Message-ID: <000049d24602$00001f58$000045a2@.> Subject: Make $100,000 a month on eBay! 1259 Date: Fri, 31 May 2002 14:01:00 -1600 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello! Do you sell on Ebay? If so, you could be making up to $100,000 per month? This is no hype and no scam. Recieving over 1.5 billion page views per month, Ebay is the ULTIMATE venue for selling virtually anything and making huge profits with almost no effort. But you have to know what to sell and how to sell. That's where I come in. As a leading expert in internet marketing and the owner of several profitable auction-based businesses, the manual that I have written provides easy to understand and detailed instructions for maximizing your profits with selling strategies that are PROVEN WINNERS. If you've read any other books on Ebay, you know that all of them are designed for the computer idiot and the auction novice. They tell you how to register, how to list an item, how to avoid fraud, etc. This is not the information you need to make millions on Ebay. You need to learn effective SELLING STRATEGIES not read a photocopy of Ebay help files! My manual assumes that you already know your way around Ebay; you don't need any specialized computer knowledge, but you should be familiar with buying and selling on ebay auctions. I'm not going to waste your time teaching you how to register - I'm going to pass on the SECRET SELLING TECHNIQUES that I use each and every day to bring in hundreds of thousands of dollars selling my products on internet auctions. The manual comes as a complete course with the following lessons: Make a Fortune on eBay™ Make a Fortune on eBay™ is filled with page after page of vital eBay™ marketing information. This valuable eBook is terrific for the eBay™ user to get the right eBay™ information and have an instant edge over other more experienced eBay™ Sellers Advanced Selling on eBay™ Advanced Selling on eBay™ has more vital information to make their auction a success. This eBook has many topics to ensure that they get the maximum potential from their auctions. Advanced Selling on eBay™ goes into more detailed information than it's sister eBook Make a Fortune on eBay™. 16 eBay™ Forms "16 eBay™ Forms" is a must. These forms will help them track, analyze and record their auctions. It contains 16 forms with full instructions. This E-Book also contains the forms in printer friendly version, so they can print them for immediate use. Wholesale Sources Wholesale Sources is the final eBook in the eBay™ Marketing eCourse. It contains wholesale distributors from the United States, Mexico, Hong Kong, Taiwan, Asia and the Philippines. Armed with this eBook your customers will have over 10,000,000 wholesale products at their finger tips.. This manual is designed for individuals looking to form an online business for extra income or as a full-time job making hundreds of thousands of dollars on Ebay. Contained in the manual are WINNING STRATEGIES for selling on Ebay auctions. The manual is not designed for Ebay novices and does not teach the "basics" such as registering, putting an item online, buying an item, etc. This manual is designed to make Ebay users into successful and wealthy entrepreneurs! Not only will you be able to make THOUSANDS with the information in these eBooks, you will also receive FULL Resellers rights. This is not an affiliate program where you get 20 or 30%... you keep all the money generated from your eCourse sales. You can sell this eCourse as many times as you want for whatever price you choose. There is NO LIMIT on how much you can make from this incredible product! To order the eCourse click on the link below http://pheromone-labs.com/ebay.htm AOL Users click here: Thank you for your time and I hope to hear from you soon! James Milton President of Phoenix Marketing *** Thank you for being a part of another great offer from Phoenix Marketing. If you feel you don't belong on our opt-in list or would like to remove yourself please send an email to: affiliate1@btamail.net.cn and make sure to have "REMOVE" in the subject line. Thank you. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 31 12: 8:39 2002 Delivered-To: freebsd-security@freebsd.org Received: from smtp-in.sc5.paypal.com (smtp-in.sc5.paypal.com [216.136.155.8]) by hub.freebsd.org (Postfix) with ESMTP id 29AD837B400 for ; Fri, 31 May 2002 12:08:34 -0700 (PDT) Received: from xchange2.pa1.paypal.com (xchange2.pa1.paypal.com [10.1.1.37]) by smtp-in.sc5.paypal.com (8.11.6/8.11.6) with ESMTP id g4VJ8PK07167 for ; Fri, 31 May 2002 12:08:25 -0700 Received: from notgod.com (stinky.ca1.paypal.com [10.5.70.90]) by xchange2.pa1.paypal.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2655.55) id L8D1FNFV; Fri, 31 May 2002 12:08:59 -0700 Message-ID: <3CF7CA22.3020104@notgod.com> Date: Fri, 31 May 2002 12:08:18 -0700 From: Brian Nelson User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.0rc3) Gecko/20020524 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-security@FreeBSD.ORG Subject: Re: typo in FreeBSD-SA-02:27.rc References: <20020531151348.GC19532@pir.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Is it just me, or is this exactly like the annoying player who always demanded that the DM's Guide was, in fact, not a Guide, but a RULEBOOK? Peter Radcliffe wrote: > Actually, neither of those two terms are correct according to the X > Consortium. > > ] X(1) X(1) > ] > ] > ] NAME > ] X - a portable, network-transparent window system > ] > ] SYNOPSIS > [...] > ] The X Consortium requests that the following names be used > ] when referring to this software: > ] > ] X > ] X Window System > ] X Version 11 > ] X Window System, Version 11 > ] X11 > ] > ] X Window System is a trademark of X Consortium, Inc. > > P. > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 31 14: 9:12 2002 Delivered-To: freebsd-security@freebsd.org Received: from snipe.mail.pas.earthlink.net (snipe.mail.pas.earthlink.net [207.217.120.62]) by hub.freebsd.org (Postfix) with ESMTP id D069D37B407; Fri, 31 May 2002 14:08:57 -0700 (PDT) Received: from pool0324.cvx40-bradley.dialup.earthlink.net ([216.244.43.69] helo=mindspring.com) by snipe.prod.itd.earthlink.net with esmtp (Exim 3.33 #2) id 17Dtdn-0002y8-00; Fri, 31 May 2002 14:08:56 -0700 Message-ID: <3CF7E648.6D968AC5@mindspring.com> Date: Fri, 31 May 2002 14:08:24 -0700 From: Terry Lambert X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Nils Holland Cc: Well Educated , freebsd-security@FreeBSD.ORG, freebsd-chat@FreeBSD.ORG Subject: Re: typo in FreeBSD-SA-02:27.rc References: <3CF78D95.C96C85D1@nospam.nospam.net> <20020531161024.A616@daemon.tisys.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Nils Holland wrote: > On Fri, May 31, 2002 at 04:49:57PM +0200, Well Educated stood up and spoke: > > "X Windows" - what is it, "XP Windows" or "Windows XP" maybe? > > Let's use true terms to the things. > > Hmm, I've never been someone who likes endless debates about small bits and > pieces which have no effect at all on, well, anything. In context of the > Security Advisory, I don't think that writing "X Windows" instead of "X" or > "X Window System" introduces a security hole, or makes it hard to > understand what the Advisory is talking about. Therefore, I guess most > people have better things to do than to worry about this one... Yeah. And it's not like the Judge ruled that "Windows" is a trademarkable term. It's not; it's common usage. I have no problem continuing to use it commonly. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 31 14:13:24 2002 Delivered-To: freebsd-security@freebsd.org Received: from snipe.mail.pas.earthlink.net (snipe.mail.pas.earthlink.net [207.217.120.62]) by hub.freebsd.org (Postfix) with ESMTP id 3572D37B40B; Fri, 31 May 2002 14:13:05 -0700 (PDT) Received: from pool0324.cvx40-bradley.dialup.earthlink.net ([216.244.43.69] helo=mindspring.com) by snipe.prod.itd.earthlink.net with esmtp (Exim 3.33 #2) id 17DthM-000027-00; Fri, 31 May 2002 14:12:36 -0700 Message-ID: <3CF7E724.830661C4@mindspring.com> Date: Fri, 31 May 2002 14:12:04 -0700 From: Terry Lambert X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: "Kevin Kinsey, DaleCo, S.P." Cc: Well Educated , freebsd-security@FreeBSD.ORG, freebsd-chat@FreeBSD.ORG Subject: Re: typo in FreeBSD-SA-02:27.rc References: <3CF78D95.C96C85D1@nospam.nospam.net> <004201c208b6$95081480$93ec910c@daleco> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org "Kevin Kinsey, DaleCo, S.P." wrote: > X can be called ``X'', ``X Window System'', ``X11'', and > other terms. Calling X11 ``X Windows'' can offend some > people; see X(1) for a bit more insight on this. > ---FreeBSD Handbook, Ch. 5.2.1[3] > > Now I could be wrong about [1] and [2] but [3] seems spot > on. Also, a recent thread on one of the lists addressed this > issue. So, Jacques accidentally touched the "s" key, is it really > worth complaining about? It's worth doing it on purpose, just to identify "some people" so that we can apply a fractional scaling factor to their opinions. 8-). It's the content, not the form, which is important in messages, folks. "X Windows X Windows X Windows X Windows X Windows" -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 31 14:36: 4 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.gbronline.com (mail.gbronline.com [12.145.226.4]) by hub.freebsd.org (Postfix) with ESMTP id 09FE837B408; Fri, 31 May 2002 14:35:47 -0700 (PDT) Received: from daleco [12.145.226.221] by mail.gbronline.com (SMTPD32-7.06) id AC5DFB0242; Fri, 31 May 2002 16:34:21 -0500 Message-ID: <00b401c208eb$09ca8800$93ec910c@daleco> From: "Kevin Kinsey, DaleCo, S.P." To: "Terry Lambert" Cc: "Well Educated" , , References: <3CF78D95.C96C85D1@nospam.nospam.net> <004201c208b6$95081480$93ec910c@daleco> <3CF7E724.830661C4@mindspring.com> Subject: Re: typo in FreeBSD-SA-02:27.rc Date: Fri, 31 May 2002 16:35:07 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > "Kevin Kinsey, DaleCo, S.P." wrote: > > X can be called ``X'', ``X Window System'', ``X11'', and > > other terms. Calling X11 ``X Windows'' can offend some > > people; see X(1) for a bit more insight on this. > > ---FreeBSD Handbook, Ch. 5.2.1[3] > > > > Now I could be wrong about [1] and [2] but [3] seems spot > > on. Also, a recent thread on one of the lists addressed this > > issue. So, Jacques accidentally touched the "s" key, is it really > > worth complaining about? > > It's worth doing it on purpose, just to identify "some people" > so that we can apply a fractional scaling factor to their > opinions. 8-). It's the content, not the form, which is > important in messages, folks. > > "X Windows X Windows X Windows X Windows X Windows" > > -- Terry Now, from my reading of your posts in general I've opined that you are a pretty good hacker, so are you gonna parse 'em all, make a ratings database and have the mailer tack "two thumbs up" or "push DEL now" depending on who's in the FROM: header? I'd pay a couple bucks some days to have something like that to sort by ... ;-) KDK PS. or how 'bout... \ / \ / \ / Win\/ows Win\/ows Win\/ows / \ / \ / \ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 31 14:46: 2 2002 Delivered-To: freebsd-security@freebsd.org Received: from wopr.caltech.edu (wopr.caltech.edu [131.215.103.10]) by hub.freebsd.org (Postfix) with ESMTP id 93A1437B401; Fri, 31 May 2002 14:45:39 -0700 (PDT) Received: from wopr.caltech.edu (localhost.caltech.edu [127.0.0.1]) by wopr.caltech.edu (8.12.3/8.12.3) with ESMTP id g4VLjbPh042745; Fri, 31 May 2002 14:45:37 -0700 (PDT) (envelope-from mph@wopr.caltech.edu) Received: (from mph@localhost) by wopr.caltech.edu (8.12.3/8.12.3/Submit) id g4VLjbIQ042744; Fri, 31 May 2002 14:45:37 -0700 (PDT) Date: Fri, 31 May 2002 14:45:36 -0700 From: Matthew Hunt To: Terry Lambert Cc: "Kevin Kinsey, DaleCo, S.P." , Well Educated , freebsd-security@FreeBSD.ORG, freebsd-chat@FreeBSD.ORG Subject: Re: typo in FreeBSD-SA-02:27.rc Message-ID: <20020531144536.A42486@wopr.caltech.edu> References: <3CF78D95.C96C85D1@nospam.nospam.net> <004201c208b6$95081480$93ec910c@daleco> <3CF7E724.830661C4@mindspring.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3CF7E724.830661C4@mindspring.com>; from tlambert2@mindspring.com on Fri, May 31, 2002 at 02:12:04PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, May 31, 2002 at 02:12:04PM -0700, Terry Lambert wrote: > It's the content, not the form, which is important in messages, folks. Just as we make a specific effort to write "FreeBSD" instead of "Free BSD", "freebsd", or "FreeBDS" (as often seen on mailing lists) in our official communications, and indeed have standardized on "FreeBSD.org" instead of "freebsd.org", we should respect the wishes of other software authors, and refer to their work in the way that they prefer. Failure to do so indicates that we are ignorant of their wishes or that we are dissmissing them as irrelevant. Neither perception flatters us. -- Matthew Hunt * Clearly there are more things in the http://www.pobox.com/~mph/ * heavens than anyone anticipated. -enp To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 31 15:34:27 2002 Delivered-To: freebsd-security@freebsd.org Received: from falcon.mail.pas.earthlink.net (falcon.mail.pas.earthlink.net [207.217.120.74]) by hub.freebsd.org (Postfix) with ESMTP id F24FE37B40C; Fri, 31 May 2002 15:34:15 -0700 (PDT) Received: from pool0324.cvx40-bradley.dialup.earthlink.net ([216.244.43.69] helo=mindspring.com) by falcon.prod.itd.earthlink.net with esmtp (Exim 3.33 #2) id 17Duy7-0006fJ-00; Fri, 31 May 2002 15:34:00 -0700 Message-ID: <3CF7FA34.730A5BB4@mindspring.com> Date: Fri, 31 May 2002 15:33:24 -0700 From: Terry Lambert X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Matthew Hunt Cc: "Kevin Kinsey, DaleCo, S.P." , Well Educated , freebsd-security@FreeBSD.ORG, freebsd-chat@FreeBSD.ORG Subject: Re: typo in FreeBSD-SA-02:27.rc References: <3CF78D95.C96C85D1@nospam.nospam.net> <004201c208b6$95081480$93ec910c@daleco> <3CF7E724.830661C4@mindspring.com> <20020531144536.A42486@wopr.caltech.edu> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Matthew Hunt wrote: > On Fri, May 31, 2002 at 02:12:04PM -0700, Terry Lambert wrote: > > It's the content, not the form, which is important in messages, folks. > > Just as we make a specific effort to write "FreeBSD" instead of "Free BSD", > "freebsd", or "FreeBDS" (as often seen on mailing lists) in our official > communications, and indeed have standardized on "FreeBSD.org" instead of > "freebsd.org", we should respect the wishes of other software authors, > and refer to their work in the way that they prefer. > > Failure to do so indicates that we are ignorant of their wishes or that > we are dissmissing them as irrelevant. Neither perception flatters us. Totally unlike public flame-fests about spelling, calling attention to the error, making *certain* that people who might otherwise not have seen it and remain unoffended by the mistake, are dragged kicking and screaming into things, right? I think a simple note to the author (instead of a mailing lists) would have accomplished what you *claim* should be accomplished, as opposed to what you appear to really be attempting to accomplish. 8^p. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 31 15:42:38 2002 Delivered-To: freebsd-security@freebsd.org Received: from wopr.caltech.edu (wopr.caltech.edu [131.215.103.10]) by hub.freebsd.org (Postfix) with ESMTP id 13F0D37B400; Fri, 31 May 2002 15:42:34 -0700 (PDT) Received: from wopr.caltech.edu (localhost.caltech.edu [127.0.0.1]) by wopr.caltech.edu (8.12.3/8.12.3) with ESMTP id g4VMgWPh043952; Fri, 31 May 2002 15:42:32 -0700 (PDT) (envelope-from mph@wopr.caltech.edu) Received: (from mph@localhost) by wopr.caltech.edu (8.12.3/8.12.3/Submit) id g4VMgV7p043951; Fri, 31 May 2002 15:42:31 -0700 (PDT) Date: Fri, 31 May 2002 15:42:31 -0700 From: Matthew Hunt To: Terry Lambert Cc: "Kevin Kinsey, DaleCo, S.P." , Well Educated , freebsd-security@freebsd.org, freebsd-chat@freebsd.org Subject: Re: typo in FreeBSD-SA-02:27.rc Message-ID: <20020531154231.A43905@wopr.caltech.edu> References: <3CF78D95.C96C85D1@nospam.nospam.net> <004201c208b6$95081480$93ec910c@daleco> <3CF7E724.830661C4@mindspring.com> <20020531144536.A42486@wopr.caltech.edu> <3CF7FA34.730A5BB4@mindspring.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3CF7FA34.730A5BB4@mindspring.com>; from tlambert2@mindspring.com on Fri, May 31, 2002 at 03:33:24PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, May 31, 2002 at 03:33:24PM -0700, Terry Lambert wrote: > I think a simple note to the author (instead of a mailing lists) would > have accomplished what you *claim* should be accomplished, as opposed > to what you appear to really be attempting to accomplish. 8^p. I agree (or at least think I do, assuming correct parsing), and that's what I would have done if I were the one raising the issue. I refute the notion that the terminology used is unimportant. That does not mean I condone the way in which the subject was brought up. Of course, the guy who started this thread probably won't read my opinion, since he didn't have the decency to use a valid email address. -- Matthew Hunt * Inertia is a property http://www.pobox.com/~mph/ * of matter. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 31 18:27:45 2002 Delivered-To: freebsd-security@freebsd.org Received: from lmail.actcom.co.il (smtp.actcom.co.il [192.114.47.13]) by hub.freebsd.org (Postfix) with ESMTP id 5D89E37B404; Fri, 31 May 2002 18:27:37 -0700 (PDT) Received: from nospam.nospam.net (p55.ta5.actcom.co.il [192.115.23.165]) by lmail.actcom.co.il (8.11.6/8.11.6) with ESMTP id g511RV930462; Sat, 1 Jun 2002 04:27:31 +0300 Message-ID: <3CF83198.2C92CF9A@nospam.nospam.net> Date: Sat, 01 Jun 2002 04:29:44 +0200 From: Well Educated X-Mailer: Mozilla 4.79 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Matthew Hunt Cc: freebsd-security@freebsd.org, freebsd-chat@freebsd.org Subject: Re: typo in FreeBSD-SA-02:27.rc Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > Of course, the guy who started this thread probably won't read my opinion, since he > didn't have the decency to use a valid email address. Because these email lists are publicly available I decided not to use my real email address. I don't want get tons of spam in some future. Your opinion is freely available through http://docs.freebsd.org/mail/current/freebsd-security.html To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 31 18:47:37 2002 Delivered-To: freebsd-security@freebsd.org Received: from imation.homenetweb.com (noc-p5-3-ky-4.homenetweb.com [216.7.67.90]) by hub.freebsd.org (Postfix) with ESMTP id 7E54637B401; Fri, 31 May 2002 18:47:30 -0700 (PDT) Received: from workstation ([216.89.230.39]) by imation.homenetweb.com (8.12.3/8.12.3) with SMTP id g511lN4j020208; Fri, 31 May 2002 21:47:24 -0400 (EDT) Message-ID: <000a01c2090e$51d8f3c0$27e659d8@workstation> From: "Richard Ward" To: "Well Educated" , "Matthew Hunt" Cc: , References: <3CF83198.2C92CF9A@nospam.nospam.net> Subject: Re: typo in FreeBSD-SA-02:27.rc Date: Fri, 31 May 2002 21:47:34 -0400 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Is your mail administrator too lazy to take care of spam so you can have more validation and credibility by using a real e-mail address when posting to a "mailing list?" I'm not trying to start a flame, but I would imagine that if you don't want spam, you shouldn't have an e-mail address at all. I find your excuse to be shady. No offense. Can we take this off 'freebsd-security' now? -- Richard Ward, Founder. http://www.greyhat.org Grey Hat Consortium -- Intelligent Internet Security. ----- Original Message ----- From: "Well Educated" To: "Matthew Hunt" Cc: ; Sent: Friday, May 31, 2002 10:29 PM Subject: Re: typo in FreeBSD-SA-02:27.rc > > Of course, the guy who started this thread probably won't read my > opinion, since he > > didn't have the decency to use a valid email address. > > Because these email lists are publicly available I decided not to use my > real email address. I don't want get tons of spam in some future. Your > opinion is freely available through > http://docs.freebsd.org/mail/current/freebsd-security.html > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 31 19:21:52 2002 Delivered-To: freebsd-security@freebsd.org Received: from cgds1.osc.uscg.mil (cgds1.osc.uscg.mil [152.121.49.10]) by hub.freebsd.org (Postfix) with ESMTP id 1259237B407 for ; Fri, 31 May 2002 19:21:50 -0700 (PDT) Received: from esunolaex.esunola.uscg.mil by CGDS1.osc.uscg.mil with ESMTP for freebsd-security@freebsd.org; Fri, 31 May 2002 22:21:43 -0400 Received: by ESUNOLAEX with Internet Mail Service (5.5.2653.19) id ; Fri, 31 May 2002 21:20:14 -0500 Message-Id: <2D0E5F92D1BCD511A2E60002B315353D325CC9@ATCNEWEX> From: "Skains, Nathan PO3" To: "'freebsd-security@freebsd.org'" Subject: test Date: Fri, 31 May 2002 21:22:00 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org test test To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 31 21: 0:40 2002 Delivered-To: freebsd-security@freebsd.org Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by hub.freebsd.org (Postfix) with ESMTP id C34A737B405; Fri, 31 May 2002 21:00:26 -0700 (PDT) Received: from madman.nectar.cc (madman.nectar.cc [10.0.1.111]) by gw.nectar.cc (Postfix) with ESMTP id 37F4150; Fri, 31 May 2002 23:00:26 -0500 (CDT) Received: from madman.nectar.cc (localhost [IPv6:::1]) by madman.nectar.cc (8.12.3/8.11.6) with ESMTP id g5140Qfo025708; Fri, 31 May 2002 23:00:26 -0500 (CDT) (envelope-from nectar@madman.nectar.cc) Received: (from nectar@localhost) by madman.nectar.cc (8.12.3/8.12.3/Submit) id g5140Nxn025707; Fri, 31 May 2002 23:00:23 -0500 (CDT) Date: Fri, 31 May 2002 23:00:23 -0500 From: "Jacques A. Vidrine" To: "Kevin Kinsey, DaleCo, S.P." Cc: freebsd-chat@FreeBSD.ORG Subject: the X Window System / X Windows (was Re: typo in FreeBSD-SA-02:27.rc) Message-ID: <20020601040022.GA25651@madman.nectar.cc> Reply-To: freebsd-chat@FreeBSD.ORG Mail-Followup-To: "Jacques A. Vidrine" , "Kevin Kinsey, DaleCo, S.P." , freebsd-chat@FreeBSD.ORG References: <3CF78D95.C96C85D1@nospam.nospam.net> <004201c208b6$95081480$93ec910c@daleco> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <004201c208b6$95081480$93ec910c@daleco> User-Agent: Mutt/1.3.99i X-Url: http://www.nectar.cc/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, May 31, 2002 at 10:19:37AM -0500, Kevin Kinsey, DaleCo, S.P. wrote: > So, Jacques accidentally touched the "s" key, is it really > worth complaining about? Some people actually prefer to use the term ``X Windows'' just to annoy pedants. I'm not one of them, though. :-) I actually prefer ``the X Window System'' in text, but tend to verbalize that as ``X Windows'' -- I guess that is how it got there. Follow-ups to freebsd-chat, which I don't read. Cheers, -- Jacques A. Vidrine http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 31 21: 3:52 2002 Delivered-To: freebsd-security@freebsd.org Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by hub.freebsd.org (Postfix) with ESMTP id BA0C337B400; Fri, 31 May 2002 21:03:46 -0700 (PDT) Received: from madman.nectar.cc (madman.nectar.cc [10.0.1.111]) by gw.nectar.cc (Postfix) with ESMTP id 589C010; Fri, 31 May 2002 23:03:46 -0500 (CDT) Received: from madman.nectar.cc (localhost [IPv6:::1]) by madman.nectar.cc (8.12.3/8.11.6) with ESMTP id g5143kfo025729; Fri, 31 May 2002 23:03:46 -0500 (CDT) (envelope-from nectar@madman.nectar.cc) Received: (from nectar@localhost) by madman.nectar.cc (8.12.3/8.12.3/Submit) id g5143jVW025728; Fri, 31 May 2002 23:03:45 -0500 (CDT) Date: Fri, 31 May 2002 23:03:45 -0500 From: "Jacques A. Vidrine" To: freebsd-chat@freebsd.org Cc: Nils Holland Subject: Re: typo in FreeBSD-SA-02:27.rc Message-ID: <20020601040345.GB25651@madman.nectar.cc> Reply-To: freebsd-chat@freebsd.org Mail-Followup-To: "Jacques A. Vidrine" , freebsd-chat@freebsd.org, Nils Holland References: <3CF79D89.6A5FF823@nospam.nospam.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3CF79D89.6A5FF823@nospam.nospam.net> User-Agent: Mutt/1.3.99i X-Url: http://www.nectar.cc/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, May 31, 2002 at 05:58:01PM +0200, Well Educated wrote: > P.S. your reaction casted me to remember the following text :-)) > > Five year phase-in plan for "EuroEnglish" > > The European Commission have just announced an agreement whereby > English will be the official language of the EU, rather than German, which > was the other possibility. [...] This appears to me to be an adaptation of a Mark Twain essay ... I don't have it handy to check my memory. Cheers, -- Jacques A. Vidrine http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 31 23:21:56 2002 Delivered-To: freebsd-security@freebsd.org Received: from cgds1.osc.uscg.mil (cgds1.osc.uscg.mil [152.121.49.10]) by hub.freebsd.org (Postfix) with ESMTP id C3A3B37B404 for ; Fri, 31 May 2002 23:21:51 -0700 (PDT) Received: from esunolaex.esunola.uscg.mil by CGDS1.osc.uscg.mil with ESMTP for freebsd-security@freebsd.org; Sat, 1 Jun 2002 02:21:44 -0400 Received: by ESUNOLAEX with Internet Mail Service (5.5.2653.19) id ; Sat, 1 Jun 2002 01:20:15 -0500 Message-Id: <2D0E5F92D1BCD511A2E60002B315353D325CD0@ATCNEWEX> From: "Skains, Nathan PO3" To: "'freebsd-security@freebsd.org'" Subject: RE: test Date: Sat, 1 Jun 2002 01:22:22 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org i was trying to test a friends mail server and i accidently hit the wrong link in my address book SORRY. I am human and i do make mistakes Thanks Nathan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Jun 1 0:36:19 2002 Delivered-To: freebsd-security@freebsd.org Received: from kilgore.blindfaith.org (w180.z065104012.sjc-ca.dsl.cnc.net [65.104.12.180]) by hub.freebsd.org (Postfix) with ESMTP id BD40537B401 for ; Sat, 1 Jun 2002 00:36:11 -0700 (PDT) Received: from kilgore.blindfaith.org (localhost.blindfaith.org [127.0.0.1]) by kilgore.blindfaith.org (8.12.2/8.12.2) with ESMTP id g517Zaw2020680; Sat, 1 Jun 2002 00:35:36 -0700 (PDT) (envelope-from blyon@blindfaith.org) Received: from localhost (blyon@localhost) by kilgore.blindfaith.org (8.12.2/8.12.2/Submit) with ESMTP id g517Za7f020677; Sat, 1 Jun 2002 00:35:36 -0700 (PDT) (envelope-from blyon@blindfaith.org) X-Authentication-Warning: kilgore.blindfaith.org: blyon owned process doing -bs Date: Sat, 1 Jun 2002 00:35:36 -0700 (PDT) From: Ben Lyon To: "Skains, Nathan PO3" Cc: "'freebsd-security@freebsd.org'" Subject: RE: test In-Reply-To: <2D0E5F92D1BCD511A2E60002B315353D325CD0@ATCNEWEX> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hmmm, dunno about that. I think it's elektro-shok(tm) time for you... On Sat, 1 Jun 2002, Skains, Nathan PO3 wrote: > i was trying to test a friends mail server and i accidently hit the wrong > link in my address book SORRY. I am human and i do make mistakes > Thanks > Nathan > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message