From owner-freebsd-security Sun Nov 12 07:05:49 1995 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id HAA10427 for security-outgoing; Sun, 12 Nov 1995 07:05:49 -0800 Received: from sequent.kiae.su (sequent.kiae.su [144.206.136.6]) by freefall.freebsd.org (8.6.12/8.6.6) with SMTP id HAA10415 for ; Sun, 12 Nov 1995 07:05:42 -0800 Received: by sequent.kiae.su id AA06964 (5.65.kiae-2 ); Sun, 12 Nov 1995 18:01:45 +0300 Received: by sequent.KIAE.su (UUMAIL/2.0); Sun, 12 Nov 95 18:01:44 +0300 Received: (from ache@localhost) by ache.dialup.demos.ru (8.6.12/8.6.12) id QAA00254; Sun, 12 Nov 1995 16:30:09 +0300 To: Peter Wemm Cc: CVS-commiters@freefall.freebsd.org, security@freebsd.org References: In-Reply-To: ; from Peter Wemm at Fri, 3 Nov 1995 21:29:17 +0800 (WST) Message-Id: Organization: Olahm Ha-Yetzirah Date: Sun, 12 Nov 1995 16:30:08 +0300 (MSK) X-Mailer: Mail/@ [v2.40 FreeBSD] From: =?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?= (aka Andrey A. Chernov, Black Mage) X-Class: Fast Subject: Re: cvs commit: CVSROOT log_accum.pl Lines: 20 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Length: 910 Sender: owner-security@freebsd.org Precedence: bulk In message Peter Wemm writes: >I'm running a variant of what you proposed in my kernel at the moment.. > if (!SESS_LEADER(p)) > printf("setlogin called from a non session leader, pid %d\n", p->p_pid); >I do not doubt that your fix is a "good thing" and will be required sooner >or later, I just want to make sure we are not going to to have a hundred >bug reports "xdm doesn't work any more" or some other program that we're >not aware of yet. Peter, do you have any progress in this issue for now? Maybe it is time to commit my fix to -current? -- Andrey A. Chernov : And I rest so composedly, /Now, in my bed, ache@astral.msk.su : That any beholder /Might fancy me dead - http://dt.demos.su/~ache : Might start at beholding me, /Thinking me dead. RELCOM Team,FreeBSD Team : E.A.Poe From "For Annie" 1849 From owner-freebsd-security Sun Nov 12 07:28:22 1995 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id HAA10960 for security-outgoing; Sun, 12 Nov 1995 07:28:22 -0800 Received: from jhome.DIALix.COM (root@jhome.DIALix.COM [192.203.228.69]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id HAA10954 for ; Sun, 12 Nov 1995 07:28:17 -0800 Received: (from peter@localhost) by jhome.DIALix.COM (8.6.12/8.6.9) id XAA03127; Sun, 12 Nov 1995 23:24:40 +0800 Date: Sun, 12 Nov 1995 23:24:40 +0800 (WST) From: Peter Wemm To: =?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?= cc: CVS-commiters@freefall.freebsd.org, security@freebsd.org Subject: Re: cvs commit: CVSROOT log_accum.pl In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org Precedence: bulk On Sun, 12 Nov 1995, =?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?= wrote: > In message > Peter Wemm writes: > > >I'm running a variant of what you proposed in my kernel at the moment.. > > if (!SESS_LEADER(p)) > > printf("setlogin called from a non session leader, pid %d\n", p->p_pid); > > >I do not doubt that your fix is a "good thing" and will be required sooner > >or later, I just want to make sure we are not going to to have a hundred > >bug reports "xdm doesn't work any more" or some other program that we're > >not aware of yet. > > Peter, do you have any progress in this issue for now? > Maybe it is time to commit my fix to -current? Not yet. The change breaks rshd.... -Peter > -- > Andrey A. Chernov : And I rest so composedly, /Now, in my bed, > ache@astral.msk.su : That any beholder /Might fancy me dead - > http://dt.demos.su/~ache : Might start at beholding me, /Thinking me dead. > RELCOM Team,FreeBSD Team : E.A.Poe From "For Annie" 1849 > From owner-freebsd-security Sun Nov 12 10:04:06 1995 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id KAA17191 for security-outgoing; Sun, 12 Nov 1995 10:04:06 -0800 Received: from Root.COM (implode.Root.COM [198.145.90.17]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id KAA17186 for ; Sun, 12 Nov 1995 10:04:04 -0800 Received: from corbin.Root.COM (corbin [198.145.90.50]) by Root.COM (8.6.12/8.6.5) with ESMTP id KAA02328; Sun, 12 Nov 1995 10:04:03 -0800 Received: from localhost (localhost [127.0.0.1]) by corbin.Root.COM (8.6.12/8.6.5) with SMTP id KAA02195; Sun, 12 Nov 1995 10:03:10 -0800 Message-Id: <199511121803.KAA02195@corbin.Root.COM> To: ache@astral.msk.su cc: Peter Wemm , CVS-commiters@freefall.freebsd.org, security@freebsd.org Subject: Re: cvs commit: CVSROOT log_accum.pl In-reply-to: Your message of "Sun, 12 Nov 95 16:30:08 +0300." From: David Greenman Reply-To: davidg@Root.COM Date: Sun, 12 Nov 1995 10:03:10 -0800 Sender: owner-security@freebsd.org Precedence: bulk >In message > Peter Wemm writes: > >>I'm running a variant of what you proposed in my kernel at the moment.. >> if (!SESS_LEADER(p)) >> printf("setlogin called from a non session leader, pid %d\n", p->p_pid); > >>I do not doubt that your fix is a "good thing" and will be required sooner >>or later, I just want to make sure we are not going to to have a hundred >>bug reports "xdm doesn't work any more" or some other program that we're >>not aware of yet. > >Peter, do you have any progress in this issue for now? >Maybe it is time to commit my fix to -current? If we decide to change setlogin() so that it only works for session leaders, then I'd prefer that we leave out the printf(). If you want to add that to your own sources, fine, but I prefer to keep console noise minimized to important failures. -DG From owner-freebsd-security Sun Nov 12 10:18:23 1995 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id KAA17779 for security-outgoing; Sun, 12 Nov 1995 10:18:23 -0800 Received: from jhome.DIALix.COM (jhome.DIALix.COM [192.203.228.69]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id KAA17773 for ; Sun, 12 Nov 1995 10:18:14 -0800 Received: (from peter@localhost) by jhome.DIALix.COM (8.6.12/8.6.9) id CAA03915; Mon, 13 Nov 1995 02:15:21 +0800 Date: Mon, 13 Nov 1995 02:15:21 +0800 (WST) From: Peter Wemm To: David Greenman cc: ache@astral.msk.su, CVS-commiters@freefall.freebsd.org, security@freebsd.org Subject: Re: cvs commit: CVSROOT log_accum.pl In-Reply-To: <199511121803.KAA02195@corbin.Root.COM> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org Precedence: bulk On Sun, 12 Nov 1995, David Greenman wrote: > >In message > > Peter Wemm writes: > > > >>I'm running a variant of what you proposed in my kernel at the moment.. > >> if (!SESS_LEADER(p)) > >> printf("setlogin called from a non session leader, pid %d\n", p->p_pid); > > > >>I do not doubt that your fix is a "good thing" and will be required sooner > >>or later, I just want to make sure we are not going to to have a hundred > >>bug reports "xdm doesn't work any more" or some other program that we're > >>not aware of yet. > > > >Peter, do you have any progress in this issue for now? > >Maybe it is time to commit my fix to -current? > > If we decide to change setlogin() so that it only works for session > leaders, then I'd prefer that we leave out the printf(). If you want to add > that to your own sources, fine, but I prefer to keep console noise minimized > to important failures. Yes; If it was to go in, IMHO it would have been better with log() anyway (like bde's "" == "." change). I guess the real question is; are we prepared to loose XFree86 3.1.2 xdm compatability until their next release? Maybe this isn't such a big deal anyway, because running xdm corrupts the session "name" anyway. -Peter > -DG > From owner-freebsd-security Mon Nov 13 07:50:55 1995 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id HAA05031 for security-outgoing; Mon, 13 Nov 1995 07:50:55 -0800 Received: from sequent.kiae.su (sequent.kiae.su [144.206.136.6]) by freefall.freebsd.org (8.6.12/8.6.6) with SMTP id HAA05013 for ; Mon, 13 Nov 1995 07:50:48 -0800 Received: by sequent.kiae.su id AA02922 (5.65.kiae-2 ); Mon, 13 Nov 1995 18:37:35 +0300 Received: by sequent.KIAE.su (UUMAIL/2.0); Mon, 13 Nov 95 18:37:34 +0300 Received: (from ache@localhost) by ache.dialup.demos.ru (8.6.12/8.6.12) id SAA03883; Mon, 13 Nov 1995 18:23:12 +0300 To: davidg@Root.COM Cc: CVS-commiters@freefall.FreeBSD.ORG, Peter Wemm , security@freebsd.org References: <199511121803.KAA02195@corbin.Root.COM> In-Reply-To: <199511121803.KAA02195@corbin.Root.COM>; from David Greenman at Sun, 12 Nov 1995 10:03:10 -0800 Message-Id: Organization: Olahm Ha-Yetzirah Date: Mon, 13 Nov 1995 18:23:12 +0300 (MSK) X-Mailer: Mail/@ [v2.40 FreeBSD] From: =?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?= (aka Andrey A. Chernov, Black Mage) X-Class: Fast Subject: Re: cvs commit: CVSROOT log_accum.pl Lines: 33 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Length: 1533 Sender: owner-security@freebsd.org Precedence: bulk In message <199511121803.KAA02195@corbin.Root.COM> David Greenman writes: >>In message >> Peter Wemm writes: >> >>>I'm running a variant of what you proposed in my kernel at the moment.. >>> if (!SESS_LEADER(p)) >>> printf("setlogin called from a non session leader, pid %d\n", p->p_pid); >> >>>I do not doubt that your fix is a "good thing" and will be required sooner >>>or later, I just want to make sure we are not going to to have a hundred >>>bug reports "xdm doesn't work any more" or some other program that we're >>>not aware of yet. >> >>Peter, do you have any progress in this issue for now? >>Maybe it is time to commit my fix to -current? > If we decide to change setlogin() so that it only works for session >leaders, then I'd prefer that we leave out the printf(). If you want to add >that to your own sources, fine, but I prefer to keep console noise minimized >to important failures. Of course. Printf introduced by Peter, I mean "return (EPERM);" here not a printf. I refer on my original fix and not to quoted variant from Peter. Setlogin must affect only _current_ session as clearly said in manpage (and from common sense), so no doubts here. -- Andrey A. Chernov : And I rest so composedly, /Now, in my bed, ache@astral.msk.su : That any beholder /Might fancy me dead - http://dt.demos.su/~ache : Might start at beholding me, /Thinking me dead. RELCOM Team,FreeBSD Team : E.A.Poe From "For Annie" 1849 From owner-freebsd-security Mon Nov 13 10:33:57 1995 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id KAA17035 for security-outgoing; Mon, 13 Nov 1995 10:33:57 -0800 Received: from jhome.DIALix.COM (jhome.DIALix.COM [192.203.228.69]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id KAA16740 ; Mon, 13 Nov 1995 10:28:52 -0800 Received: (from peter@localhost) by jhome.DIALix.COM (8.6.12/8.6.9) id CAA03123; Tue, 14 Nov 1995 02:26:45 +0800 Date: Tue, 14 Nov 1995 02:26:45 +0800 (WST) From: Peter Wemm To: David Greenman cc: ache@astral.msk.su, committers@freebsd.org, security@freebsd.org Subject: Re: cvs commit: CVSROOT log_accum.pl In-Reply-To: <199511131630.IAA04150@corbin.Root.COM> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org Precedence: bulk On Mon, 13 Nov 1995, David Greenman wrote: > >>>Peter, do you have any progress in this issue for now? > >>>Maybe it is time to commit my fix to -current? > > > >> If we decide to change setlogin() so that it only works for session > >>leaders, then I'd prefer that we leave out the printf(). If you want to add > >>that to your own sources, fine, but I prefer to keep console noise minimized > >>to important failures. > > > >Of course. Printf introduced by Peter, I mean "return (EPERM);" here > >not a printf. I refer on my original fix and not to quoted variant > >from Peter. Setlogin must affect only _current_ session as clearly > >said in manpage (and from common sense), so no doubts here. > > The current behavior is not inconsistent with the manual page. It says > nothing about a requirement that the session *leader* must be the caller, > only that it affects the current session. Agreed.. If we were to go this way, perhaps make it so that only the session leader can change an existing name. ie: setlogin(..) { if (error = suser(p->p_ucred, &p->p_acflag)) return (error); if (!SESS_LEADER(p) && p->p_pgrp->pg_session->s_login[0]) { #ifdef I_WANNA_KNOW log(LOG_INFO, "setlogin attempted to change login name on non-session leader: pid %d; cmd: %s", p->p_pid, p->p_comm); #endif return (EPERM); } .. rest of setlogin()... } I think it's important that any test for session leaders is done after the suser() call, otherwise an attempt by a process to use the root-only call would not be flagged in the p->p_acflag variable. I wonder if this is really appropriate though. We are supposed to be able to trust root or setuid programs (they can call reboot() after all). I'm not convinced that making setlogin() fail for root is an inherently safe operation... I suspect the ideal fix would be to change the semantics to use something like the credentials system where it's reference counted and copy-on-write when a process changes it. I suspect it would be better for new processes to inherit the login name from it's parent, rather than have it wedged into the session structure. Perhaps there's room for the login name in struct ucred? It's already got the 16 or so "unsigned long"s (gid_t) in it for the supplemental groups.. what's another 8 bytes? :-) That would put setlogin() in the same class as setuid(), I suspect this may be the long-term correct method as it is "method of least suprise". BTW: I suspect "struct ucred" should be reordered for better internal alignment.. It is currently: struct ucred { short cr_ref; long cr_uid; short cr_ngroups; long cr_groups[NGROUPS]; } The order of cr_ngroups and cr_uid could be swapped making the whole thing 4 bytes smaller (assuming that I understand structure packing.. :-) -Peter > -DG > From owner-freebsd-security Mon Nov 13 10:45:12 1995 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id KAA17720 for security-outgoing; Mon, 13 Nov 1995 10:45:12 -0800 Received: from halloran-eldar.lcs.mit.edu (halloran-eldar.lcs.mit.edu [18.26.0.159]) by freefall.freebsd.org (8.6.12/8.6.6) with SMTP id KAA17714 for ; Mon, 13 Nov 1995 10:45:10 -0800 Received: by halloran-eldar.lcs.mit.edu; (5.65/1.1.8.2/19Aug95-0530PM) id AA19662; Mon, 13 Nov 1995 13:42:21 -0500 Date: Mon, 13 Nov 1995 13:42:21 -0500 From: "Garrett A. Wollman" Message-Id: <9511131842.AA19662@halloran-eldar.lcs.mit.edu> To: Peter Wemm Cc: security@freebsd.org Subject: Re: cvs commit: CVSROOT log_accum.pl In-Reply-To: References: <199511131630.IAA04150@corbin.Root.COM> Sender: owner-security@freebsd.org Precedence: bulk [VM-mail-mode went insane on me when I tried to send this last time. Let's try again.] < said: > BTW: I suspect "struct ucred" should be reordered for better internal > alignment.. > It is currently: > struct ucred { > short cr_ref; > long cr_uid; > short cr_ngroups; > long cr_groups[NGROUPS]; > } > The order of cr_ngroups and cr_uid could be swapped making the whole > thing 4 bytes smaller (assuming that I understand structure packing.. :-) Better to make the shorts into longs if you're going to change the structure. shorts are slow. -GAWollman -- Garrett A. Wollman | Shashish is simple, it's discreet, it's brief. ... wollman@lcs.mit.edu | Shashish is the bonding of hearts in spite of distance. Opinions not those of| It is a bond more powerful than absence. We like people MIT, LCS, ANA, or NSA| who like Shashish. - Claude McKenzie + Florent Vollant From owner-freebsd-security Mon Nov 13 11:34:00 1995 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id LAA21368 for security-outgoing; Mon, 13 Nov 1995 11:34:00 -0800 Received: from Root.COM (implode.Root.COM [198.145.90.17]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id LAA21347 ; Mon, 13 Nov 1995 11:33:55 -0800 Received: from corbin.Root.COM (corbin [198.145.90.50]) by Root.COM (8.6.12/8.6.5) with ESMTP id LAA26943; Mon, 13 Nov 1995 11:33:53 -0800 Received: from localhost (localhost [127.0.0.1]) by corbin.Root.COM (8.6.12/8.6.5) with SMTP id LAA04201; Mon, 13 Nov 1995 11:29:39 -0800 Message-Id: <199511131929.LAA04201@corbin.Root.COM> To: Peter Wemm cc: ache@astral.msk.su, committers@freebsd.org, security@freebsd.org Subject: Re: cvs commit: CVSROOT log_accum.pl In-reply-to: Your message of "Tue, 14 Nov 95 02:26:45 +0800." From: David Greenman Reply-To: davidg@Root.COM Date: Mon, 13 Nov 1995 11:29:34 -0800 Sender: owner-security@freebsd.org Precedence: bulk >I wonder if this is really appropriate though. We are supposed to be >able to trust root or setuid programs (they can call reboot() after >all). I'm not convinced that making setlogin() fail for root is an >inherently safe operation... Agreed? setlogin() should not fail for root session leaders. >I suspect the ideal fix would be to change the semantics to use something >like the credentials system where it's reference counted and copy-on-write >when a process changes it. I suspect it would be better for new processes Gack. No, let's keep the current mechanism. >BTW: I suspect "struct ucred" should be reordered for better internal >alignment.. That's fine by me. -DG From owner-freebsd-security Mon Nov 13 13:33:21 1995 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id NAA00501 for security-outgoing; Mon, 13 Nov 1995 13:33:21 -0800 Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.2.228.19]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id NAA00468 ; Mon, 13 Nov 1995 13:33:06 -0800 Received: (from bde@localhost) by godzilla.zeta.org.au (8.6.9/8.6.9) id IAA07800; Tue, 14 Nov 1995 08:27:52 +1100 Date: Tue, 14 Nov 1995 08:27:52 +1100 From: Bruce Evans Message-Id: <199511132127.IAA07800@godzilla.zeta.org.au> To: davidg@Root.COM, peter@jhome.dialix.com Subject: Re: cvs commit: CVSROOT log_accum.pl Cc: ache@astral.msk.su, committers@freebsd.org, security@freebsd.org Sender: owner-security@freebsd.org Precedence: bulk >BTW: I suspect "struct ucred" should be reordered for better internal >alignment.. >It is currently: >struct ucred { > short cr_ref; > long cr_uid; > short cr_ngroups; > long cr_groups[NGROUPS]; >} Actually, it is currently: struct ucred { u_short cr_ref; ^^ uid_t cr_uid; ^^^^^ short cr_ngroups; gid_t cr_groups[NGROUPS]; ^^^^^ } uid_t and gid_t just happen to be unsigned long. This is bogus. They are u_int32_t in NetBSD. I think they should be machine dependent and normally u_int if u_int has more than 32 bits, otherwise u_long. >The order of cr_ngroups and cr_uid could be swapped making the whole >thing 4 bytes smaller (assuming that I understand structure packing.. :-) You can't tell the best packing in general. Putting the explicit char, short, int and long types at the beginning of the struct is probably best in general and works well here. Bruce From owner-freebsd-security Mon Nov 13 13:54:45 1995 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id NAA02138 for security-outgoing; Mon, 13 Nov 1995 13:54:45 -0800 Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.2.228.19]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id NAA02129 for ; Mon, 13 Nov 1995 13:54:37 -0800 Received: (from bde@localhost) by godzilla.zeta.org.au (8.6.9/8.6.9) id IAA08615; Tue, 14 Nov 1995 08:49:30 +1100 Date: Tue, 14 Nov 1995 08:49:30 +1100 From: Bruce Evans Message-Id: <199511132149.IAA08615@godzilla.zeta.org.au> To: peter@jhome.DIALix.COM, wollman@lcs.mit.edu Subject: Re: cvs commit: CVSROOT log_accum.pl Cc: security@FreeBSD.org Sender: owner-security@FreeBSD.org Precedence: bulk >> The order of cr_ngroups and cr_uid could be swapped making the whole >> thing 4 bytes smaller (assuming that I understand structure packing.. :-) >Better to make the shorts into longs if you're going to change the >structure. shorts are slow. Longs might be slow too. Use [unsigned] ints. I've seen reports that shorts (and chars?) are even slower (relatively) on the P6. I don't know why that would be - I would have thought that movsx and movzx were near the top of the list of things to optimize after the 486 optimized more important operations. Bruce From owner-freebsd-security Mon Nov 13 14:30:36 1995 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id OAA03717 for security-outgoing; Mon, 13 Nov 1995 14:30:36 -0800 Received: from itesocci.gdl.iteso.mx (itesocci.gdl.iteso.mx [148.201.1.4]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id OAA03650 for ; Mon, 13 Nov 1995 14:30:10 -0800 Received: (from a16788@localhost) by itesocci.gdl.iteso.mx (8.6.12/8.6.9) id QAA00148; Mon, 13 Nov 1995 16:29:54 -0600 Date: Mon, 13 Nov 1995 16:29:54 -0600 (CST) From: Paredes Sanchez Martin Alejandro cc: security@FreeBSD.org Subject: unsubscribe In-Reply-To: <9511131842.AA19662@halloran-eldar.lcs.mit.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@FreeBSD.org Precedence: bulk From owner-freebsd-security Tue Nov 14 06:02:13 1995 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id GAA00255 for security-outgoing; Tue, 14 Nov 1995 06:02:13 -0800 Received: from sequent.kiae.su (sequent.kiae.su [144.206.136.6]) by freefall.freebsd.org (8.6.12/8.6.6) with SMTP id GAA00227 ; Tue, 14 Nov 1995 06:01:44 -0800 Received: by sequent.kiae.su id AA03158 (5.65.kiae-2 ); Tue, 14 Nov 1995 16:56:21 +0300 Received: by sequent.KIAE.su (UUMAIL/2.0); Tue, 14 Nov 95 16:56:20 +0300 Received: (from ache@localhost) by ache.dialup.demos.ru (8.6.12/8.6.12) id QAA00287; Tue, 14 Nov 1995 16:53:48 +0300 To: davidg@Root.COM Cc: committers@freebsd.org, peter@freebsd.org, security@freebsd.org References: <199511131630.IAA04150@corbin.Root.COM> In-Reply-To: <199511131630.IAA04150@corbin.Root.COM>; from David Greenman at Mon, 13 Nov 1995 08:30:52 -0800 Message-Id: Organization: Olahm Ha-Yetzirah Date: Tue, 14 Nov 1995 16:53:47 +0300 (MSK) X-Mailer: Mail/@ [v2.40 FreeBSD] From: =?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?= (aka Andrey A. Chernov, Black Mage) X-Class: Fast Subject: Re: cvs commit: CVSROOT log_accum.pl Lines: 33 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Length: 1551 Sender: owner-security@freebsd.org Precedence: bulk In message <199511131630.IAA04150@corbin.Root.COM> David Greenman writes: >>>>Peter, do you have any progress in this issue for now? >>>>Maybe it is time to commit my fix to -current? >> >>> If we decide to change setlogin() so that it only works for session >>>leaders, then I'd prefer that we leave out the printf(). If you want to add >>>that to your own sources, fine, but I prefer to keep console noise minimized >>>to important failures. >> >>Of course. Printf introduced by Peter, I mean "return (EPERM);" here >>not a printf. I refer on my original fix and not to quoted variant >>from Peter. Setlogin must affect only _current_ session as clearly >>said in manpage (and from common sense), so no doubts here. > The current behavior is not inconsistent with the manual page. It says >nothing about a requirement that the session *leader* must be the caller, >only that it affects the current session. Yes, but if it isn't leader, it affects *all* sessions, not current one only, it is main bug. As manpage additionly says, it happens "only when new session is being created", it assumes session leader too. I think we need to ask someone from BSD group, what they keep in mind exactly on this thing. Can you contact such person, please? -- Andrey A. Chernov : And I rest so composedly, /Now, in my bed, ache@astral.msk.su : That any beholder /Might fancy me dead - http://dt.demos.su/~ache : Might start at beholding me, /Thinking me dead. RELCOM Team,FreeBSD Team : E.A.Poe From "For Annie" 1849 From owner-freebsd-security Tue Nov 14 06:07:20 1995 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id GAA00642 for security-outgoing; Tue, 14 Nov 1995 06:07:20 -0800 Received: from Root.COM (implode.Root.COM [198.145.90.17]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id GAA00630 ; Tue, 14 Nov 1995 06:07:14 -0800 Received: from corbin.Root.COM (corbin [198.145.90.50]) by Root.COM (8.6.12/8.6.5) with ESMTP id GAA28501; Tue, 14 Nov 1995 06:07:13 -0800 Received: from localhost (localhost [127.0.0.1]) by corbin.Root.COM (8.6.12/8.6.5) with SMTP id GAA00369; Tue, 14 Nov 1995 06:06:24 -0800 Message-Id: <199511141406.GAA00369@corbin.Root.COM> To: ache@astral.msk.su cc: committers@freebsd.org, peter@freebsd.org, security@freebsd.org Subject: Re: cvs commit: CVSROOT log_accum.pl In-reply-to: Your message of "Tue, 14 Nov 95 16:53:47 +0300." From: David Greenman Reply-To: davidg@Root.COM Date: Tue, 14 Nov 1995 06:06:24 -0800 Sender: owner-security@freebsd.org Precedence: bulk >> The current behavior is not inconsistent with the manual page. It says >>nothing about a requirement that the session *leader* must be the caller, >>only that it affects the current session. > >Yes, but if it isn't leader, it affects *all* sessions, not current one >only, it is main bug. Sorry, Andrey, but I don't think you know what a "session" is. >As manpage additionly says, it happens "only when new session is >being created", it assumes session leader too. It makes no such assumption. -DG From owner-freebsd-security Tue Nov 14 06:28:16 1995 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id GAA02610 for security-outgoing; Tue, 14 Nov 1995 06:28:16 -0800 Received: from jhome.DIALix.COM (root@jhome.DIALix.COM [192.203.228.69]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id GAA02537 ; Tue, 14 Nov 1995 06:27:29 -0800 Received: (from peter@localhost) by jhome.DIALix.COM (8.6.12/8.6.9) id WAA05830; Tue, 14 Nov 1995 22:21:56 +0800 Date: Tue, 14 Nov 1995 22:21:56 +0800 (WST) From: Peter Wemm To: =?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?= cc: davidg@Root.COM, committers@freebsd.org, security@freebsd.org Subject: Re: cvs commit: CVSROOT log_accum.pl In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org Precedence: bulk On Tue, 14 Nov 1995, =?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?= wrote: > In message <199511131630.IAA04150@corbin.Root.COM> David Greenman > writes: > > >>>>Peter, do you have any progress in this issue for now? > >>>>Maybe it is time to commit my fix to -current? > >> > >>> If we decide to change setlogin() so that it only works for session > >>>leaders, then I'd prefer that we leave out the printf(). If you want to add > >>>that to your own sources, fine, but I prefer to keep console noise minimized > >>>to important failures. > >> > >>Of course. Printf introduced by Peter, I mean "return (EPERM);" here > >>not a printf. I refer on my original fix and not to quoted variant > >>from Peter. Setlogin must affect only _current_ session as clearly > >>said in manpage (and from common sense), so no doubts here. > > > The current behavior is not inconsistent with the manual page. It says > >nothing about a requirement that the session *leader* must be the caller, > >only that it affects the current session. > > Yes, but if it isn't leader, it affects *all* sessions, not current one > only, it is main bug. No.. it's not _that_ bad.. Suppose you have the case of the original rshd, it forked itself, and the child process did the setlogin(). Since inetd is now starting all processes in their own session, the parent rshd is the session leader and the child is not. The rshd would fail under your proposal even though (in this case) it's a valid operation. The child's setlogin() would affect both the child and the parent. I've since "fixed" rshd so that the parent does the setlogin() - the only remaining program that is broken that I am aware of is XFree86. > As manpage additionly says, it happens "only when new session is > being created", it assumes session leader too. > > I think we need to ask someone from BSD group, what they > keep in mind exactly on this thing. Can you contact such person, please? The original implementation in 4.3BSD (or one of the -net releases) apparently the login name stored in the user struct and had it being strictly inherited from parent to child like setuid(). Somewhere along the way, it seems to have changed semantics to something that is somewhat "non-obvious". (witness the confusion about how to use it in all the code.. even 4.4BSD itself was not compatable with it's own semantics). I still think we should move the login name to the "struct ucred" - then the possibility of the entire session being accidently changed would no longer be an issue. struct ucred is normally 76 bytes long now. Another 12 bytes wouldn't hurt all that much... (especially since another transient data structure would shrink as a result to partly offset the cost). IMHO, having a child process being able to modify the parent's environment goes against the unix religion^H^H^H^H^H^H^Hphilosophy of inherited privilege. Cheers, -Peter > -- > Andrey A. Chernov : And I rest so composedly, /Now, in my bed, > ache@astral.msk.su : That any beholder /Might fancy me dead - > http://dt.demos.su/~ache : Might start at beholding me, /Thinking me dead. > RELCOM Team,FreeBSD Team : E.A.Poe From "For Annie" 1849 > From owner-freebsd-security Tue Nov 14 06:35:56 1995 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id GAA03116 for security-outgoing; Tue, 14 Nov 1995 06:35:56 -0800 Received: from Root.COM (implode.Root.COM [198.145.90.17]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id GAA03088 ; Tue, 14 Nov 1995 06:35:38 -0800 Received: from corbin.Root.COM (corbin [198.145.90.50]) by Root.COM (8.6.12/8.6.5) with ESMTP id GAA28581; Tue, 14 Nov 1995 06:35:37 -0800 Received: from localhost (localhost [127.0.0.1]) by corbin.Root.COM (8.6.12/8.6.5) with SMTP id GAA00395; Tue, 14 Nov 1995 06:34:44 -0800 Message-Id: <199511141434.GAA00395@corbin.Root.COM> To: Peter Wemm cc: ache@astral.msk.su, committers@freebsd.org, security@freebsd.org Subject: Re: cvs commit: CVSROOT log_accum.pl In-reply-to: Your message of "Tue, 14 Nov 95 22:21:56 +0800." From: David Greenman Reply-To: davidg@Root.COM Date: Tue, 14 Nov 1995 06:34:35 -0800 Sender: owner-security@freebsd.org Precedence: bulk >I still think we should move the login name to the "struct ucred" - then >the possibility of the entire session being accidently changed would no >longer be an issue. struct ucred is normally 76 bytes long now. Another >12 bytes wouldn't hurt all that much... (especially since another >transient data structure would shrink as a result to partly offset the cost). I think it needs to stay as part of the process group struct. It doesn't any sense from an architectural perspective to put it in the cred struct. >IMHO, having a child process being able to modify the parent's >environment goes against the unix religion^H^H^H^H^H^H^Hphilosophy of >inherited privilege. Which is why we should restrict it to the session leader. -DG From owner-freebsd-security Tue Nov 14 07:27:02 1995 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id HAA09645 for security-outgoing; Tue, 14 Nov 1995 07:27:02 -0800 Received: from sequent.kiae.su (sequent.kiae.su [144.206.136.6]) by freefall.freebsd.org (8.6.12/8.6.6) with SMTP id HAA09601 for ; Tue, 14 Nov 1995 07:26:50 -0800 Received: by sequent.kiae.su id AA25186 (5.65.kiae-2 ); Tue, 14 Nov 1995 18:05:10 +0300 Received: by sequent.KIAE.su (UUMAIL/2.0); Tue, 14 Nov 95 18:05:09 +0300 Received: (from ache@localhost) by ache.dialup.demos.ru (8.6.12/8.6.12) id RAA00852; Tue, 14 Nov 1995 17:07:12 +0300 To: Bruce Evans , davidg@Root.COM Cc: peter@jhome.dialix.com, security@freebsd.org References: <199511131940.GAA03802@godzilla.zeta.org.au> In-Reply-To: <199511131940.GAA03802@godzilla.zeta.org.au>; from Bruce Evans at Tue, 14 Nov 1995 06:40:36 +1100 Message-Id: Organization: Olahm Ha-Yetzirah Date: Tue, 14 Nov 1995 17:07:12 +0300 (MSK) X-Mailer: Mail/@ [v2.40 FreeBSD] From: =?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?= (aka Andrey A. Chernov, Black Mage) X-Class: Fast Subject: Re: cvs commit: CVSROOT log_accum.pl Lines: 22 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Length: 1015 Sender: owner-security@freebsd.org Precedence: bulk In message <199511131940.GAA03802@godzilla.zeta.org.au> Bruce Evans writes: >>Of course. Printf introduced by Peter, I mean "return (EPERM);" here >>not a printf. I refer on my original fix and not to quoted variant >>from Peter. Setlogin must affect only _current_ session as clearly >>said in manpage (and from common sense), so no doubts here. >The man page says that the call is _normally_ used only to create new >sessions. This is a advice on how the call should be used, not a >restriction on who can make it. The call is restricted to root, and >root never makes mistaks ;-). As I already say, we need to ask opinion of original developers, because it is unclear thing enough. Can anybody do it, please? -- Andrey A. Chernov : And I rest so composedly, /Now, in my bed, ache@astral.msk.su : That any beholder /Might fancy me dead - http://dt.demos.su/~ache : Might start at beholding me, /Thinking me dead. RELCOM Team,FreeBSD Team : E.A.Poe From "For Annie" 1849 From owner-freebsd-security Tue Nov 14 08:06:02 1995 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id IAA15919 for security-outgoing; Tue, 14 Nov 1995 08:06:02 -0800 Received: from halloran-eldar.lcs.mit.edu (halloran-eldar.lcs.mit.edu [18.26.0.159]) by freefall.freebsd.org (8.6.12/8.6.6) with SMTP id IAA15824 for ; Tue, 14 Nov 1995 08:05:36 -0800 Received: by halloran-eldar.lcs.mit.edu; (5.65/1.1.8.2/19Aug95-0530PM) id AA23358; Tue, 14 Nov 1995 11:04:59 -0500 Date: Tue, 14 Nov 1995 11:04:59 -0500 From: "Garrett A. Wollman" Message-Id: <9511141604.AA23358@halloran-eldar.lcs.mit.edu> To: davidg@root.com Cc: security@freebsd.org Subject: Re: cvs commit: CVSROOT log_accum.pl In-Reply-To: <199511141434.GAA00395@corbin.Root.COM> References: <199511141434.GAA00395@corbin.Root.COM> Sender: owner-security@freebsd.org Precedence: bulk < said: > I think it [logname] needs to stay as part of the process group > struct. It doesn't any sense from an architectural perspective to > put it in the cred struct. I don't see that. Please explain your reasoning. -GAWollman -- Garrett A. Wollman | Shashish is simple, it's discreet, it's brief. ... wollman@lcs.mit.edu | Shashish is the bonding of hearts in spite of distance. Opinions not those of| It is a bond more powerful than absence. We like people MIT, LCS, ANA, or NSA| who like Shashish. - Claude McKenzie + Florent Vollant From owner-freebsd-security Tue Nov 14 15:01:51 1995 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id PAA22659 for security-outgoing; Tue, 14 Nov 1995 15:01:51 -0800 Received: from sequent.kiae.su (sequent.kiae.su [144.206.136.6]) by freefall.freebsd.org (8.6.12/8.6.6) with SMTP id PAA22585 ; Tue, 14 Nov 1995 15:00:57 -0800 Received: by sequent.kiae.su id AA01987 (5.65.kiae-2 ); Wed, 15 Nov 1995 02:00:37 +0300 Received: by sequent.KIAE.su (UUMAIL/2.0); Wed, 15 Nov 95 02:00:34 +0300 Received: (from ache@localhost) by ache.dialup.demos.ru (8.6.12/8.6.12) id BAA02178; Wed, 15 Nov 1995 01:29:27 +0300 To: davidg@Root.COM Cc: committers@freebsd.org, peter@freebsd.org, security@freebsd.org References: <199511141406.GAA00369@corbin.Root.COM> In-Reply-To: <199511141406.GAA00369@corbin.Root.COM>; from David Greenman at Tue, 14 Nov 1995 06:06:24 -0800 Message-Id: Organization: Olahm Ha-Yetzirah Date: Wed, 15 Nov 1995 01:29:27 +0300 (MSK) X-Mailer: Mail/@ [v2.40 FreeBSD] From: =?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?= (aka Andrey A. Chernov, Black Mage) X-Class: Fast Subject: Re: cvs commit: CVSROOT log_accum.pl Lines: 33 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Length: 1322 Sender: owner-security@freebsd.org Precedence: bulk In message <199511141406.GAA00369@corbin.Root.COM> David Greenman writes: >>> The current behavior is not inconsistent with the manual page. It says >>>nothing about a requirement that the session *leader* must be the caller, >>>only that it affects the current session. >> >>Yes, but if it isn't leader, it affects *all* sessions, not current one >>only, it is main bug. > Sorry, Andrey, but I don't think you know what a "session" is. Sorry, it was quick attempt to say something different: I mean process group from one session. I really want to say that any root process from process group can modify its father login name. Traditionly son can't modify father resources in such way. >>As manpage additionly says, it happens "only when new session is >>being created", it assumes session leader too. > It makes no such assumption. Why? New session is being created after setsid() (no usual way to do that besides setsid()), *AND* process becomes session leader after setsid(), *SO* it assumes session leader. -- Andrey A. Chernov : And I rest so composedly, /Now, in my bed, ache@astral.msk.su : That any beholder /Might fancy me dead - http://dt.demos.su/~ache : Might start at beholding me, /Thinking me dead. RELCOM Team,FreeBSD Team : E.A.Poe From "For Annie" 1849 From owner-freebsd-security Tue Nov 14 15:13:56 1995 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id PAA23791 for security-outgoing; Tue, 14 Nov 1995 15:13:56 -0800 Received: from sequent.kiae.su (sequent.kiae.su [144.206.136.6]) by freefall.freebsd.org (8.6.12/8.6.6) with SMTP id PAA23748 ; Tue, 14 Nov 1995 15:13:25 -0800 Received: by sequent.kiae.su id AA02042 (5.65.kiae-2 ); Wed, 15 Nov 1995 02:00:42 +0300 Received: by sequent.KIAE.su (UUMAIL/2.0); Wed, 15 Nov 95 02:00:42 +0300 Received: (from ache@localhost) by ache.dialup.demos.ru (8.6.12/8.6.12) id BAA02191; Wed, 15 Nov 1995 01:32:33 +0300 To: Peter Wemm Cc: committers@freebsd.org, davidg@Root.COM, security@freebsd.org References: In-Reply-To: ; from Peter Wemm at Tue, 14 Nov 1995 22:21:56 +0800 (WST) Message-Id: Organization: Olahm Ha-Yetzirah Date: Wed, 15 Nov 1995 01:32:33 +0300 (MSK) X-Mailer: Mail/@ [v2.40 FreeBSD] From: =?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?= (aka Andrey A. Chernov, Black Mage) X-Class: Fast Subject: Re: cvs commit: CVSROOT log_accum.pl Lines: 24 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Length: 1323 Sender: owner-security@freebsd.org Precedence: bulk In message Peter Wemm writes: >The original implementation in 4.3BSD (or one of the -net releases) >apparently the login name stored in the user struct and had it being >strictly inherited from parent to child like setuid(). Somewhere along >the way, it seems to have changed semantics to something that is somewhat >"non-obvious". (witness the confusion about how to use it in all the >code.. even 4.4BSD itself was not compatable with it's own semantics). >I still think we should move the login name to the "struct ucred" - then >the possibility of the entire session being accidently changed would no >longer be an issue. struct ucred is normally 76 bytes long now. Another >12 bytes wouldn't hurt all that much... (especially since another >transient data structure would shrink as a result to partly offset the cost). I agree. I is better fix than setlogin() restriction and compatible with all existen software. Do you have a patch to look at? -- Andrey A. Chernov : And I rest so composedly, /Now, in my bed, ache@astral.msk.su : That any beholder /Might fancy me dead - http://dt.demos.su/~ache : Might start at beholding me, /Thinking me dead. RELCOM Team,FreeBSD Team : E.A.Poe From "For Annie" 1849 From owner-freebsd-security Tue Nov 14 18:21:47 1995 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id SAA04905 for security-outgoing; Tue, 14 Nov 1995 18:21:47 -0800 Received: from twitch.io.org (root@twitch.io.org [198.133.36.152]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id SAA04899 for ; Tue, 14 Nov 1995 18:21:41 -0800 Received: from flinch.io.org (flinch.io.org [198.133.36.153]) by twitch.io.org (8.6.9/8.6.9) with SMTP id VAA15002 for ; Tue, 14 Nov 1995 21:21:03 -0500 Date: Tue, 14 Nov 1995 21:21:16 -0500 (EST) From: Brian Tao To: FREEBSD-SECURITY-L Subject: Using telnet as a shell Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org Precedence: bulk How safe is the Kerberized telnet client as a shell? I have an account on one of my machines called "telnet" with no password. It calls /usr/bin/telnet as the shell. I played with it for about ten minutes and couldn't find any way to spawn a shell or otherwise gain unauthorized access to the machine. Have I overlooked something? -- Brian Tao (BT300, taob@io.org) Systems Administrator, Internex Online Inc. "Though this be madness, yet there is method in't" From owner-freebsd-security Tue Nov 14 21:14:27 1995 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id VAA13169 for security-outgoing; Tue, 14 Nov 1995 21:14:27 -0800 Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.2.228.19]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id VAA13125 ; Tue, 14 Nov 1995 21:14:07 -0800 Received: (from bde@localhost) by godzilla.zeta.org.au (8.6.9/8.6.9) id QAA19112; Wed, 15 Nov 1995 16:10:04 +1100 Date: Wed, 15 Nov 1995 16:10:04 +1100 From: Bruce Evans Message-Id: <199511150510.QAA19112@godzilla.zeta.org.au> To: davidg@Root.COM, peter@jhome.dialix.com Subject: Re: cvs commit: CVSROOT log_accum.pl Cc: ache@astral.msk.su, committers@freebsd.org, security@freebsd.org Sender: owner-security@freebsd.org Precedence: bulk >>IMHO, having a child process being able to modify the parent's >>environment goes against the unix religion^H^H^H^H^H^H^Hphilosophy of >>inherited privilege. > Which is why we should restrict it to the session leader. That would go against the religion that root can do anything :-). This problem is a bit like the one with RLIMIT_NPROC. It's bogus for the limit to be in the proc struct since that allows children to modify the parent's capability of spawning processes. Bruce From owner-freebsd-security Wed Nov 15 15:54:10 1995 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id PAA05496 for security-outgoing; Wed, 15 Nov 1995 15:54:10 -0800 Received: from kilgour.nething.com (kilgour.nething.com [204.253.210.65]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id PAA05448 for ; Wed, 15 Nov 1995 15:53:57 -0800 Received: from randy.nething.com (randy.nething.com [204.253.210.83]) by kilgour.nething.com (8.6.11/8.6.9) with SMTP id RAA04126 for ; Wed, 15 Nov 1995 17:53:07 -0600 Date: Wed, 15 Nov 1995 17:53:07 -0600 Message-Id: <199511152353.RAA04126@kilgour.nething.com> X-Sender: rberndt@nething.com X-Mailer: Windows Eudora Version 2.1.1 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" To: security@freebsd.org From: Randy Berndt Subject: Weird Security Check Output Sender: owner-security@freebsd.org Precedence: bulk I got the following messages one day apart, out of a clear blue sky. I am totally confused. Is this the result of some internal corruption of my system? External hacking? God just hates me? Any help understanding this would be greatly appreciated. Should I be worried? ====== start of first message ====== checking setuid files and devices: Memory fault - core dumped USER=root host=kilgour HOME=/root MAILTO= PS1=# PS2=> LOGNAME=root PATH=/sbin:/bin:/usr/bin MP= TMP=/tmp/_secure.1116 SHELL=/bin/sh IFS= LOG=/var/log cmp: EOF on /tmp/_secure.1116 kilgour setuid/device diffs: 1,107d0 < -rws--x--x 1 root wheel 221184 Sep 28 16:34:28 1995 /bin/bru < -rws--x--x 1 root wheel 221184 Sep 26 14:53:51 1995 /bin/bru.Old < -r-xr-sr-x 1 bin operator 57344 Jun 10 04:48:36 1995 /bin/df < -r-xr-sr-x 1 bin kmem 163840 Jun 10 04:48:49 1995 /bin/ps < -r-sr-xr-x 1 root bin 163840 Jun 10 04:48:51 1995 /bin/rcp < -r-xr-sr-x 1 bin kmem 98304 Jun 10 04:55:03 1995 /sbin/dmesg < -r-sr-sr-x 2 root tty 196608 Jun 10 04:55:05 1995 /sbin/dump < -r-sr-xr-x 1 root bin 143360 Jun 10 04:56:05 1995 /sbin/mount_msdos < -r-sr-xr-x 1 root bin 57344 Jun 10 04:55:32 1995 /sbin/mount_union < -r-sr-xr-x 1 root bin 126976 Jun 10 04:55:41 1995 /sbin/ping < -r-sr-sr-x 2 root tty 196608 Jun 10 04:55:05 1995 /sbin/rdump < -r-sr-sr-x 2 root tty 212992 Jun 10 04:55:50 1995 /sbin/restore < -r-sr-xr-x 1 root bin 135168 Jun 10 04:55:51 1995 /sbin/route < -r-sr-sr-x 2 root tty 212992 Jun 10 04:55:50 1995 /sbin/rrestore < -r-sr-x--- 1 root operator 143360 Jun 10 04:55:55 1995 /sbin/shutdown < -rwxr-S--- 1 root bin 0 Nov 11 21:28:55 1995 /tmp/lp_189_1 < -rwxr-S--- 1 root bin 0 Nov 11 21:28:55 1995 /tmp/lp_193_1 < -rwxr-S--- 1 root bin 0 Nov 11 21:28:55 1995 /tmp/lp_195_1 < -r-sr-xr-x 4 root bin 20480 Jun 10 04:59:11 1995 /usr/bin/at < -r-sr-xr-x 4 root bin 20480 Jun 10 04:59:11 1995 /usr/bin/atq < -r-sr-xr-x 4 root bin 20480 Jun 10 04:59:11 1995 /usr/bin/atrm < -r-sr-xr-x 4 root bin 20480 Jun 10 04:59:11 1995 /usr/bin/batch < -r-sr-xr-x 3 root bin 20480 Jun 10 04:59:24 1995 /usr/bin/chfn < -r-sr-xr-x 3 root bin 20480 Jun 10 04:59:24 1995 /usr/bin/chpass < -r-sr-xr-x 3 root bin 20480 Jun 10 04:59:24 1995 /usr/bin/chsh < -r-sr-xr-x 1 root bin 24576 Jun 10 05:02:59 1995 /usr/bin/crontab < -r-sr-xr-x 1 uucp bin 106496 Jun 10 04:50:50 1995 /usr/bin/cu < -r-xr-sr-x 1 bin kmem 16384 Jun 10 05:00:02 1995 /usr/bin/fstat < -r-xr-sr-x 1 bin kmem 16384 Jun 10 05:00:19 1995 /usr/bin/ipcs < -r-sr-xr-x 1 root bin 16384 Jun 10 05:00:25 1995 /usr/bin/keyinit < -r-sr-xr-x 1 root bin 12288 Jun 10 05:00:38 1995 /usr/bin/lock < -r-sr-xr-x 1 root bin 20480 Jun 10 05:00:41 1995 /usr/bin/login < -r-sr-sr-x 1 root daemon 20480 Jun 10 05:03:16 1995 /usr/bin/lpq < -r-sr-sr-x 1 root daemon 20480 Jun 10 05:03:16 1995 /usr/bin/lpr < -r-sr-sr-x 1 root daemon 16384 Jun 10 05:03:17 1995 /usr/bin/lprm < -r-sr-sr-x 3 root kmem 180224 Jun 10 05:05:54 1995 /usr/bin/mailq < -r-sr-xr-x 1 man bin 28672 Jun 10 04:53:11 1995 /usr/bin/man < -r-xr-sr-x 1 bin kmem 8192 Jun 10 05:00:56 1995 /usr/bin/modstat < -r-xr-sr-x 1 bin kmem 53248 Jun 10 05:01:04 1995 /usr/bin/netstat < -r-sr-sr-x 3 root kmem 180224 Jun 10 05:05:54 1995 /usr/bin/newaliases < -r-xr-sr-x 1 bin kmem 12288 Jun 10 05:01:06 1995 /usr/bin/nfsstat < -r-sr-xr-x 1 root bin 20480 Jun 10 05:01:10 1995 /usr/bin/passwd < -r-sr-xr-x 1 root bin 12288 Jun 10 05:01:16 1995 /usr/bin/quota < -r-sr-xr-x 1 root bin 45056 Jun 10 05:01:19 1995 /usr/bin/rdist < -r-sr-xr-x 1 root bin 16384 Jun 10 05:01:22 1995 /usr/bin/rlogin < -r-sr-xr-x 1 root bin 12288 Jun 10 05:01:27 1995 /usr/bin/rsh < -rws--x--x 2 root bin 286720 Jun 10 04:53:24 1995 /usr/bin/sperl4.036 < -r-sr-xr-x 1 root bin 12288 Jun 10 05:01:48 1995 /usr/bin/su < -rws--x--x 2 root bin 286720 Jun 10 04:53:24 1995 /usr/bin/suidperl < -r-xr-sr-x 1 bin kmem 40960 Jun 10 05:02:42 1995 /usr/bin/systat < -r-xr-sr-x 2 bin kmem 16384 Jun 10 05:02:22 1995 /usr/bin/uptime < -r-sr-xr-x 1 uucp bin 77824 Jun 10 04:50:55 1995 /usr/bin/uucp < -r-sr-xr-x 1 uucp bin 36864 Jun 10 04:50:57 1995 /usr/bin/uuname < -r-sr-xr-x 1 uucp bin 86016 Jun 10 04:51:00 1995 /usr/bin/uustat < -r-sr-xr-x 1 uucp bin 77824 Jun 10 04:51:03 1995 /usr/bin/uux < -r-xr-sr-x 1 bin kmem 20480 Jun 10 05:02:44 1995 /usr/bin/vmstat < -r-xr-sr-x 2 bin kmem 16384 Jun 10 05:02:22 1995 /usr/bin/w < -r-xr-sr-x 1 bin tty 12288 Jun 10 05:02:24 1995 /usr/bin/wall < -r-xr-sr-x 1 bin tty 12288 Jun 10 05:02:31 1995 /usr/bin/write < -r-sr-xr-x 1 games bin 12288 Jun 10 04:49:27 1995 /usr/games/dm < -rws------ 1 games bin 102400 Jun 10 04:49:03 1995 /usr/games/hide/adventure < -rws------ 1 games bin 12288 Jun 10 04:49:04 1995 /usr/games/hide/arithmetic < -rws------ 1 games bin 40960 Jun 10 04:49:06 1995 /usr/games/hide/atc < -rws------ 1 games bin 45056 Jun 10 04:49:07 1995 /usr/games/hide/backgammon < -rws------ 1 games bin 167936 Jun 10 04:49:10 1995 /usr/games/hide/battlestar < -rws------ 1 games bin 12288 Jun 10 04:49:11 1995 /usr/games/hide/bcd < -rws------ 1 games bin 24576 Jun 10 04:49:17 1995 /usr/games/hide/boggle < -rws------ 1 games bin 28672 Jun 10 04:49:22 1995 /usr/games/hide/canfield < -rws------ 1 games bin 12288 Jun 10 04:49:25 1995 /usr/games/hide/cfscores < -rws------ 1 games bin 28672 Jun 10 04:49:26 1995 /usr/games/hide/cribbage < -rws------ 1 games bin 12288 Jun 10 04:49:30 1995 /usr/games/hide/fish < -rws------ 1 games bin 212992 Jun 10 04:49:42 1995 /usr/games/hide/hack < -rws------ 1 games bin 12288 Jun 10 04:49:43 1995 /usr/games/hide/hangman < -rws------ 1 games bin 135168 Jun 10 04:49:45 1995 /usr/games/hide/larn < -rws------ 1 games bin 28672 Jun 10 04:49:46 1995 /usr/games/hide/mille < -rws------ 1 games bin 8192 Jun 10 04:49:47 1995 /usr/games/hide/morse < -rws------ 1 games bin 77824 Jun 10 04:49:50 1995 /usr/games/hide/phantasia < -rws------ 1 games bin 8192 Jun 10 04:49:57 1995 /usr/games/hide/ppt < -rws------ 1 games bin 16384 Jun 10 04:50:01 1995 /usr/games/hide/quiz < -rws------ 1 games bin 20480 Jun 10 04:50:04 1995 /usr/games/hide/robots < -rws------ 1 games bin 110592 Jun 10 04:50:06 1995 /usr/games/hide/rogue < -rws------ 1 games bin 65536 Jun 10 04:50:07 1995 /usr/games/hide/sail < -rws------ 1 games bin 24576 Jun 10 04:50:09 1995 /usr/games/hide/snake < -rws------ 1 games bin 8192 Jun 10 04:50:10 1995 /usr/games/hide/snscore < -rws------ 1 games bin 57344 Jun 10 04:49:09 1995 /usr/games/hide/teachgammon < -rws------ 1 games bin 20480 Jun 10 04:50:11 1995 /usr/games/hide/tetris < -rws------ 1 games bin 57344 Jun 10 04:50:12 1995 /usr/games/hide/trek < -rws------ 1 games bin 12288 Jun 10 04:50:13 1995 /usr/games/hide/worm < -rws------ 1 games bin 20480 Jun 10 04:50:15 1995 /usr/games/hide/wump < -r-sr-xr-x 1 root bin 12288 Jun 10 04:54:43 1995 /usr/libexec/mail.local < -r-sr-xr-x 1 uucp bin 188416 Jun 10 04:50:52 1995 /usr/libexec/uucp/uucico < -r-sr-x--- 1 uucp uucp 86016 Jun 10 04:51:05 1995 /usr/libexec/uucp/uuxqt < -rwsr-xr-x 1 root bin 650913 Sep 19 15:41:12 1995 /usr/local/bin/ssh < -r-xr-sr-x 1 bin kmem 12288 Jun 10 05:04:44 1995 /usr/sbin/iostat < -r-xr-sr-x 1 bin daemon 24576 Jun 10 05:03:14 1995 /usr/sbin/lpc < -r-xr-sr-x 1 bin kmem 28672 Jun 10 05:04:47 1995 /usr/sbin/ncrcontrol < -r-sr-xr-x 1 root bin 86016 Jun 10 05:03:52 1995 /usr/sbin/ppp < -r-sr-xr-x 1 root bin 65536 Jun 10 05:03:53 1995 /usr/sbin/pppd < -r-xr-sr-x 1 bin kmem 12288 Jun 10 05:03:54 1995 /usr/sbin/pppstats < -r-xr-sr-x 2 bin kmem 20480 Jun 10 05:03:55 1995 /usr/sbin/pstat < -r-sr-sr-x 3 root kmem 180224 Jun 10 05:05:54 1995 /usr/sbin/sendmail < -r-sr-xr-x 1 root bin 12288 Jun 10 05:04:08 1995 /usr/sbin/sliplogin < -r-xr-sr-x 1 bin kmem 12288 Jun 10 05:04:10 1995 /usr/sbin/slstat < -r-xr-sr-x 2 bin kmem 20480 Jun 10 05:03:55 1995 /usr/sbin/swapinfo < -r-sr-xr-x 1 root bin 20480 Jun 10 05:04:17 1995 /usr/sbin/timedc < -r-sr-xr-x 1 root bin 16384 Jun 10 05:04:18 1995 /usr/sbin/traceroute < -r-xr-sr-x 1 bin kmem 12288 Jun 10 05:04:19 1995 /usr/sbin/trpt checking for uids of 0: Memory fault - core dumped ====== end of first message ====== ====== start of second message ====== checking setuid files and devices: cmp: EOF on /var/log/setuid.today kilgour setuid/device diffs: 0a1,107 > -rws--x--x 1 root wheel 221184 Sep 28 16:34:28 1995 /bin/bru > -rws--x--x 1 root wheel 221184 Sep 26 14:53:51 1995 /bin/bru.Old > -r-xr-sr-x 1 bin operator 57344 Jun 10 04:48:36 1995 /bin/df > -r-xr-sr-x 1 bin kmem 163840 Jun 10 04:48:49 1995 /bin/ps > -r-sr-xr-x 1 root bin 163840 Jun 10 04:48:51 1995 /bin/rcp > -r-xr-sr-x 1 bin kmem 98304 Jun 10 04:55:03 1995 /sbin/dmesg > -r-sr-sr-x 2 root tty 196608 Jun 10 04:55:05 1995 /sbin/dump > -r-sr-xr-x 1 root bin 143360 Jun 10 04:56:05 1995 /sbin/mount_msdos > -r-sr-xr-x 1 root bin 57344 Jun 10 04:55:32 1995 /sbin/mount_union > -r-sr-xr-x 1 root bin 126976 Jun 10 04:55:41 1995 /sbin/ping > -r-sr-sr-x 2 root tty 196608 Jun 10 04:55:05 1995 /sbin/rdump > -r-sr-sr-x 2 root tty 212992 Jun 10 04:55:50 1995 /sbin/restore > -r-sr-xr-x 1 root bin 135168 Jun 10 04:55:51 1995 /sbin/route > -r-sr-sr-x 2 root tty 212992 Jun 10 04:55:50 1995 /sbin/rrestore > -r-sr-x--- 1 root operator 143360 Jun 10 04:55:55 1995 /sbin/shutdown > -rwxr-S--- 1 root bin 0 Nov 14 18:06:55 1995 /tmp/lp_189_1 > -rwxr-S--- 1 root bin 0 Nov 14 18:06:55 1995 /tmp/lp_192_1 > -rwxr-S--- 1 root bin 0 Nov 14 18:06:55 1995 /tmp/lp_194_1 > -r-sr-xr-x 4 root bin 20480 Jun 10 04:59:11 1995 /usr/bin/at > -r-sr-xr-x 4 root bin 20480 Jun 10 04:59:11 1995 /usr/bin/atq > -r-sr-xr-x 4 root bin 20480 Jun 10 04:59:11 1995 /usr/bin/atrm > -r-sr-xr-x 4 root bin 20480 Jun 10 04:59:11 1995 /usr/bin/batch > -r-sr-xr-x 3 root bin 20480 Jun 10 04:59:24 1995 /usr/bin/chfn > -r-sr-xr-x 3 root bin 20480 Jun 10 04:59:24 1995 /usr/bin/chpass > -r-sr-xr-x 3 root bin 20480 Jun 10 04:59:24 1995 /usr/bin/chsh > -r-sr-xr-x 1 root bin 24576 Jun 10 05:02:59 1995 /usr/bin/crontab > -r-sr-xr-x 1 uucp bin 106496 Jun 10 04:50:50 1995 /usr/bin/cu > -r-xr-sr-x 1 bin kmem 16384 Jun 10 05:00:02 1995 /usr/bin/fstat > -r-xr-sr-x 1 bin kmem 16384 Jun 10 05:00:19 1995 /usr/bin/ipcs > -r-sr-xr-x 1 root bin 16384 Jun 10 05:00:25 1995 /usr/bin/keyinit > -r-sr-xr-x 1 root bin 12288 Jun 10 05:00:38 1995 /usr/bin/lock > -r-sr-xr-x 1 root bin 20480 Jun 10 05:00:41 1995 /usr/bin/login > -r-sr-sr-x 1 root daemon 20480 Jun 10 05:03:16 1995 /usr/bin/lpq > -r-sr-sr-x 1 root daemon 20480 Jun 10 05:03:16 1995 /usr/bin/lpr > -r-sr-sr-x 1 root daemon 16384 Jun 10 05:03:17 1995 /usr/bin/lprm > -r-sr-sr-x 3 root kmem 180224 Jun 10 05:05:54 1995 /usr/bin/mailq > -r-sr-xr-x 1 man bin 28672 Jun 10 04:53:11 1995 /usr/bin/man > -r-xr-sr-x 1 bin kmem 8192 Jun 10 05:00:56 1995 /usr/bin/modstat > -r-xr-sr-x 1 bin kmem 53248 Jun 10 05:01:04 1995 /usr/bin/netstat > -r-sr-sr-x 3 root kmem 180224 Jun 10 05:05:54 1995 /usr/bin/newaliases > -r-xr-sr-x 1 bin kmem 12288 Jun 10 05:01:06 1995 /usr/bin/nfsstat > -r-sr-xr-x 1 root bin 20480 Jun 10 05:01:10 1995 /usr/bin/passwd > -r-sr-xr-x 1 root bin 12288 Jun 10 05:01:16 1995 /usr/bin/quota > -r-sr-xr-x 1 root bin 45056 Jun 10 05:01:19 1995 /usr/bin/rdist > -r-sr-xr-x 1 root bin 16384 Jun 10 05:01:22 1995 /usr/bin/rlogin > -r-sr-xr-x 1 root bin 12288 Jun 10 05:01:27 1995 /usr/bin/rsh > -rws--x--x 2 root bin 286720 Jun 10 04:53:24 1995 /usr/bin/sperl4.036 > -r-sr-xr-x 1 root bin 12288 Jun 10 05:01:48 1995 /usr/bin/su > -rws--x--x 2 root bin 286720 Jun 10 04:53:24 1995 /usr/bin/suidperl > -r-xr-sr-x 1 bin kmem 40960 Jun 10 05:02:42 1995 /usr/bin/systat > -r-xr-sr-x 2 bin kmem 16384 Jun 10 05:02:22 1995 /usr/bin/uptime > -r-sr-xr-x 1 uucp bin 77824 Jun 10 04:50:55 1995 /usr/bin/uucp > -r-sr-xr-x 1 uucp bin 36864 Jun 10 04:50:57 1995 /usr/bin/uuname > -r-sr-xr-x 1 uucp bin 86016 Jun 10 04:51:00 1995 /usr/bin/uustat > -r-sr-xr-x 1 uucp bin 77824 Jun 10 04:51:03 1995 /usr/bin/uux > -r-xr-sr-x 1 bin kmem 20480 Jun 10 05:02:44 1995 /usr/bin/vmstat > -r-xr-sr-x 2 bin kmem 16384 Jun 10 05:02:22 1995 /usr/bin/w > -r-xr-sr-x 1 bin tty 12288 Jun 10 05:02:24 1995 /usr/bin/wall > -r-xr-sr-x 1 bin tty 12288 Jun 10 05:02:31 1995 /usr/bin/write > -r-sr-xr-x 1 games bin 12288 Jun 10 04:49:27 1995 /usr/games/dm > -rws------ 1 games bin 102400 Jun 10 04:49:03 1995 /usr/games/hide/adventure > -rws------ 1 games bin 12288 Jun 10 04:49:04 1995 /usr/games/hide/arithmetic > -rws------ 1 games bin 40960 Jun 10 04:49:06 1995 /usr/games/hide/atc > -rws------ 1 games bin 45056 Jun 10 04:49:07 1995 /usr/games/hide/backgammon > -rws------ 1 games bin 167936 Jun 10 04:49:10 1995 /usr/games/hide/battlestar > -rws------ 1 games bin 12288 Jun 10 04:49:11 1995 /usr/games/hide/bcd > -rws------ 1 games bin 24576 Jun 10 04:49:17 1995 /usr/games/hide/boggle > -rws------ 1 games bin 28672 Jun 10 04:49:22 1995 /usr/games/hide/canfield > -rws------ 1 games bin 12288 Jun 10 04:49:25 1995 /usr/games/hide/cfscores > -rws------ 1 games bin 28672 Jun 10 04:49:26 1995 /usr/games/hide/cribbage > -rws------ 1 games bin 12288 Jun 10 04:49:30 1995 /usr/games/hide/fish > -rws------ 1 games bin 212992 Jun 10 04:49:42 1995 /usr/games/hide/hack > -rws------ 1 games bin 12288 Jun 10 04:49:43 1995 /usr/games/hide/hangman > -rws------ 1 games bin 135168 Jun 10 04:49:45 1995 /usr/games/hide/larn > -rws------ 1 games bin 28672 Jun 10 04:49:46 1995 /usr/games/hide/mille > -rws------ 1 games bin 8192 Jun 10 04:49:47 1995 /usr/games/hide/morse > -rws------ 1 games bin 77824 Jun 10 04:49:50 1995 /usr/games/hide/phantasia > -rws------ 1 games bin 8192 Jun 10 04:49:57 1995 /usr/games/hide/ppt > -rws------ 1 games bin 16384 Jun 10 04:50:01 1995 /usr/games/hide/quiz > -rws------ 1 games bin 20480 Jun 10 04:50:04 1995 /usr/games/hide/robots > -rws------ 1 games bin 110592 Jun 10 04:50:06 1995 /usr/games/hide/rogue > -rws------ 1 games bin 65536 Jun 10 04:50:07 1995 /usr/games/hide/sail > -rws------ 1 games bin 24576 Jun 10 04:50:09 1995 /usr/games/hide/snake > -rws------ 1 games bin 8192 Jun 10 04:50:10 1995 /usr/games/hide/snscore > -rws------ 1 games bin 57344 Jun 10 04:49:09 1995 /usr/games/hide/teachgammon > -rws------ 1 games bin 20480 Jun 10 04:50:11 1995 /usr/games/hide/tetris > -rws------ 1 games bin 57344 Jun 10 04:50:12 1995 /usr/games/hide/trek > -rws------ 1 games bin 12288 Jun 10 04:50:13 1995 /usr/games/hide/worm > -rws------ 1 games bin 20480 Jun 10 04:50:15 1995 /usr/games/hide/wump > -r-sr-xr-x 1 root bin 12288 Jun 10 04:54:43 1995 /usr/libexec/mail.local > -r-sr-xr-x 1 uucp bin 188416 Jun 10 04:50:52 1995 /usr/libexec/uucp/uucico > -r-sr-x--- 1 uucp uucp 86016 Jun 10 04:51:05 1995 /usr/libexec/uucp/uuxqt > -rwsr-xr-x 1 root bin 650913 Sep 19 15:41:12 1995 /usr/local/bin/ssh > -r-xr-sr-x 1 bin kmem 12288 Jun 10 05:04:44 1995 /usr/sbin/iostat > -r-xr-sr-x 1 bin daemon 24576 Jun 10 05:03:14 1995 /usr/sbin/lpc > -r-xr-sr-x 1 bin kmem 28672 Jun 10 05:04:47 1995 /usr/sbin/ncrcontrol > -r-sr-xr-x 1 root bin 86016 Jun 10 05:03:52 1995 /usr/sbin/ppp > -r-sr-xr-x 1 root bin 65536 Jun 10 05:03:53 1995 /usr/sbin/pppd > -r-xr-sr-x 1 bin kmem 12288 Jun 10 05:03:54 1995 /usr/sbin/pppstats > -r-xr-sr-x 2 bin kmem 20480 Jun 10 05:03:55 1995 /usr/sbin/pstat > -r-sr-sr-x 3 root kmem 180224 Jun 10 05:05:54 1995 /usr/sbin/sendmail > -r-sr-xr-x 1 root bin 12288 Jun 10 05:04:08 1995 /usr/sbin/sliplogin > -r-xr-sr-x 1 bin kmem 12288 Jun 10 05:04:10 1995 /usr/sbin/slstat > -r-xr-sr-x 2 bin kmem 20480 Jun 10 05:03:55 1995 /usr/sbin/swapinfo > -r-sr-xr-x 1 root bin 20480 Jun 10 05:04:17 1995 /usr/sbin/timedc > -r-sr-xr-x 1 root bin 16384 Jun 10 05:04:18 1995 /usr/sbin/traceroute > -r-xr-sr-x 1 bin kmem 12288 Jun 10 05:04:19 1995 /usr/sbin/trpt checking for uids of 0: root 0 toor 0 ====== end of second message ====== Randy Berndt ---------------------------------- AOS/VS, FreeBSD, DOS: I'm caught in a maze of twisty little command interpreters, all different. From owner-freebsd-security Wed Nov 15 16:47:32 1995 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id QAA17479 for security-outgoing; Wed, 15 Nov 1995 16:47:32 -0800 Received: from rocky.sri.MT.net (rocky.sri.MT.net [204.182.243.10]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id QAA17472 for ; Wed, 15 Nov 1995 16:47:28 -0800 Received: (from nate@localhost) by rocky.sri.MT.net (8.6.12/8.6.12) id RAA07710; Wed, 15 Nov 1995 17:49:40 -0700 Date: Wed, 15 Nov 1995 17:49:40 -0700 From: Nate Williams Message-Id: <199511160049.RAA07710@rocky.sri.MT.net> To: Randy Berndt Cc: security@freebsd.org Subject: Re: Weird Security Check Output In-Reply-To: <199511152353.RAA04126@kilgour.nething.com> References: <199511152353.RAA04126@kilgour.nething.com> Sender: owner-security@freebsd.org Precedence: bulk > I got the following messages one day apart, out of a clear blue sky. I > am totally confused. Is this the result of some internal corruption of > my system? External hacking? God just hates me? Nah, nothing that serious. Look here. > ====== start of first message ====== > > checking setuid files and devices: > Memory fault - core dumped This is bad..and is probably caused by: > cmp: EOF on /tmp/_secure.1116 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ I'll bet that /tmp filled up at which point the security script got really confused. I'd cleanup your / partition or move your /tmp partition to somewhere with more space. Nate From owner-freebsd-security Wed Nov 15 17:03:02 1995 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id RAA19892 for security-outgoing; Wed, 15 Nov 1995 17:03:02 -0800 Received: from strider.ibenet.it (root@strider.ibenet.it [194.179.130.1]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id RAA19867 for ; Wed, 15 Nov 1995 17:02:49 -0800 Received: (from piero@localhost) by strider.ibenet.it (8.6.12/8.6.12) id BAA14480; Thu, 16 Nov 1995 01:59:10 +0100 From: Piero Serini Message-Id: <199511160059.BAA14480@strider.ibenet.it> Subject: Re: Weird Security Check Output To: rberndt@nething.com (Randy Berndt) Date: Thu, 16 Nov 1995 01:59:09 +0100 (MET) Cc: security@freebsd.org In-Reply-To: <199511152353.RAA04126@kilgour.nething.com> from "Randy Berndt" at Nov 15, 95 05:53:07 pm Reply-To: piero@strider.ibenet.it Operating-System: FreeBSD 1.1.5.1 X-Phone-Number: +39 (2) 58113562 X-NCC-RegID: it.ibenet X-Mailer: ELM [version 2.4 PL23] Content-Type: text Content-Length: 563 Sender: owner-security@freebsd.org Precedence: bulk Hello. Quoting from Randy Berndt (Thu Nov 16 00:53:07 1995): > I got the following messages one day apart, out of a clear blue sky. I am > totally confused. Is this the result of some internal corruption of my system? > External hacking? God just hates me? ... I don't hate you, don't worry. It looks like you just upgraded your system. Bye, -- # $Id: .signature,v 1.12 1995/08/14 12:10:54 piero Exp $ Piero Serini Via Giambologna, 1 I 20136 Milano - ITALY