From owner-freebsd-security Sun Oct 4 00:24:33 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id AAA27484 for freebsd-security-outgoing; Sun, 4 Oct 1998 00:24:33 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from hotmail.com (f287.hotmail.com [207.82.251.178]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id AAA27466 for ; Sun, 4 Oct 1998 00:24:26 -0700 (PDT) (envelope-from madrapour@hotmail.com) Received: (qmail 11419 invoked by uid 0); 4 Oct 1998 07:24:05 -0000 Message-ID: <19981004072405.11418.qmail@hotmail.com> Received: from 208.218.169.84 by www.hotmail.com with HTTP; Sun, 04 Oct 1998 00:24:05 PDT X-Originating-IP: [208.218.169.84] From: "N. N.M" To: freebsd-security@FreeBSD.ORG Subject: Necesseray steps for logging Content-Type: text/plain Date: Sun, 04 Oct 1998 00:24:05 PDT Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, I followed the steps that I thought were necessary for logging on FreeBSD as follow: 1- Run inetd by -l switch 2- Do the appropriate steps on the program or deamon you want to log, for example run ftpd with -l switch or set IPFIREWALL_VERBOSE ass yes. 3- Change the /etc/syslog.conf and insert the name of file which is supposed to save the logs, for example: ftpd.* /var/log/ftpd !ipfw *.* /var/log/ipfw 4- Creat the files (i.e. ftpd) so syslogd can write on them. 5- restart inetd and syslogd. But it doesn't work, it still logs the messages (for example) relevant to ftpd on "messages" file and save nothing on other files I defined in syslog.conf. I don't know if there is something left that I have to do to make it works or no. Thanks, Nazila N. ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Oct 4 04:32:22 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id EAA24097 for freebsd-security-outgoing; Sun, 4 Oct 1998 04:32:22 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from indigo.ie (ts03-044.dublin.indigo.ie [194.125.148.54]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id EAA23972 for ; Sun, 4 Oct 1998 04:31:08 -0700 (PDT) (envelope-from rotel@indigo.ie) Received: (from nsmart@localhost) by indigo.ie (8.8.8/8.8.7) id MAA01036; Sun, 4 Oct 1998 12:22:41 +0100 (IST) (envelope-from rotel@indigo.ie) From: Niall Smart Message-Id: <199810041122.MAA01036@indigo.ie> Date: Sun, 4 Oct 1998 12:22:37 +0000 In-Reply-To: <19981004072405.11418.qmail@hotmail.com>; "N. N.M" Reply-To: rotel@indigo.ie X-Files: The truth is out there X-Mailer: Mail User's Shell (7.2.6 beta(3) 11/17/96) To: "N. N.M" , freebsd-security@FreeBSD.ORG Subject: Re: Necesseray steps for logging Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Oct 4, 12:24am, "N. N.M" wrote: } Subject: Necesseray steps for logging > > I followed the steps that I thought were necessary for logging on > FreeBSD as follow: This looks ok to me, kill the existing syslogd and post the output of syslog -d Niall -- Niall Smart, rotel@indigo.ie. Amaze your friends and annoy your enemies: echo '#define if(x) if (!(x))' >> /usr/include/stdio.h To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Oct 4 07:21:42 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id HAA13696 for freebsd-security-outgoing; Sun, 4 Oct 1998 07:21:42 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from hotmail.com (f139.hotmail.com [207.82.251.18]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id HAA13690 for ; Sun, 4 Oct 1998 07:21:38 -0700 (PDT) (envelope-from madrapour@hotmail.com) Received: (qmail 14300 invoked by uid 0); 4 Oct 1998 14:21:18 -0000 Message-ID: <19981004142118.14299.qmail@hotmail.com> Received: from 208.218.169.84 by www.hotmail.com with HTTP; Sun, 04 Oct 1998 07:21:16 PDT X-Originating-IP: [208.218.169.84] From: "N. N.M" To: freebsd-security@FreeBSD.ORG Subject: Re: The necessary steps for logging Content-Type: text/plain Date: Sun, 04 Oct 1998 07:21:16 PDT Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Dear Niall I killed the syslogd and then reun it again in debug mode. A part of the output of the running syslogd -d is as follow. Note that Wall is the name of machine. Sorry if it's so long. I defined the noice and alert messages to go to the files with correspondent names (notice and alert), but it didn't work. Also the logging of ftp and ipfw was unsuccessful and as you see there are some error messages (unknown priority name) after the lines relevant to ftp and ipfw. off & running.... init cfline("*.err;kern.debug;auth.notice;mail.crit /dev/console", f, "*") cfline("*.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages", f, "*") cfline("ftp.* /var/log/ftpd", f, "*") syslogd: unknown priority name "" logmsg: pri 53, flags 4, from wall, msg syslogd: unknown priority name "" Logging to CONSOLE /dev/console cfline("cron.* var/cron/log", f, "*") cfline("*.err root", f, "*") cfline("*.err /var/log/error", f, "*") cfline("*.notice;news.err root", f, "*") cfline("*.notice /var/log/notice", f, "*") cfline("*.alert root", f, "*") cfline("*.alert /var/log/alert", f, "*") cfline("*.emerg *", f, "*") cfline("*.emerg /var/log/emerg", f, "*") cfline("*.* /var/log/ipfw", f, "ipfw") syslogd: unknown priority name "" logmsg: pri 53, flags 4, from wall, msg syslogd: unknown priority name "" Logging to CONSOLE /dev/console cfline("*.* log/slip.log", f, "startslip") cfline("*.* /var/log/ppp.log", f, "ppp") 7 3 2 3 5 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 X CONSOLE: /dev/console 7 5 2 5 5 5 6 3 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 X FILE: /var/log/messages X X X X X X X X X X X 8 X X X X X X X X X X X X X UNUSED: X X X X X X X X X 8 X X X X X X X X X X X X X X X FILE: /var/cron/log 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 X USERS: root, 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 X USERS: , 5 5 5 5 5 5 5 3 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 X USERS: root, 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 5 X USERS: , 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 X USERS: root, 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 X USERS: , 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 X WALL: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 X USERS: , 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 X UNUSED: (ipfw) 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 X FILE: /var/log/slip.log (startslip) 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 8 X FILE: /var/log/ppp.log (ppp) logmsg: pri 56, flags 4, from wall, msg syslogd: restart syslogd: restarted readfds = 0x38 readfds = 0x38 readfds = 0x38 readfds = 0x38 got a message (1, 0x8) logmsg: pri 116, flags 0, from wall, msg Oct 4 16:15:00 CRON[9617]: (root) CMD (/usr/libexec/atrun) Logging to FILE /var/cron/log readfds = 0x38 readfds = 0x38 readfds = 0x38 readfds = 0x38 readfds = 0x38 readfds = 0x38 readfds = 0x38 readfds = 0x38 got a message (1, 0x8) logmsg: pri 36, flags 0, from wall, msg Oct 4 16:18:02 inetd[9134]: telnet from 195.96.144.99 ........ What do you think is wrong? Nazila N. ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 5 01:00:29 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id BAA27322 for freebsd-security-outgoing; Mon, 5 Oct 1998 01:00:29 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from hotmail.com (f121.hotmail.com [207.82.250.214]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id BAA27310 for ; Mon, 5 Oct 1998 01:00:23 -0700 (PDT) (envelope-from madrapour@hotmail.com) Received: (qmail 17005 invoked by uid 0); 5 Oct 1998 07:59:59 -0000 Message-ID: <19981005075959.17004.qmail@hotmail.com> Received: from 208.218.169.84 by www.hotmail.com with HTTP; Mon, 05 Oct 1998 00:59:59 PDT X-Originating-IP: [208.218.169.84] From: "N. N.M" To: freebsd-security@FreeBSD.ORG Subject: Re: The necessary steps for logging (the problem is fixed) Content-Type: text/plain Date: Mon, 05 Oct 1998 00:59:59 PDT Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Dear Norman Thank you very much. The problem with logging is fixed! I did what you said: >I believe that this is because you used spaces to separate the >fields instead of the required tabs. >From syslog.conf man page (look at the last sentence): >The syslog.conf file is the configuration file for the syslogd(8) >program. It consists of blocks of lines separated by program >specifications, with each line containing two fields: the selector >field which specifies the types of messages and priorities to which >the line applies, and an action field which specifies the action to >be taken if a message syslogd receives matches the selection >criteria. The selector field is separated from the action field by >one or more tab characters. It was just my mistake to use spaces instead of tabs in /etc/syslogd.conf. Anyway, thank you very much. Regards, Nazila N. ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 5 08:34:56 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id IAA25038 for freebsd-security-outgoing; Mon, 5 Oct 1998 08:34:56 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from lariat.lariat.org (lariat.lariat.org [206.100.185.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA25026 for ; Mon, 5 Oct 1998 08:34:48 -0700 (PDT) (envelope-from brett@lariat.org) Received: (from brett@localhost) by lariat.lariat.org (8.8.8/8.8.6) id JAA01782; Mon, 5 Oct 1998 09:34:15 -0600 (MDT) Message-Id: <4.1.19981005093222.041901f0@mail.lariat.org> X-Sender: brett@mail.lariat.org X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Mon, 05 Oct 1998 09:32:54 -0600 To: "N. N.M" , freebsd-security@FreeBSD.ORG From: Brett Glass Subject: Re: The necessary steps for logging (the problem is fixed) In-Reply-To: <19981005075959.17004.qmail@hotmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Both spaces and tabs should count as white space. Should this be submitted as a bug? --Brett At 12:59 AM 10/5/98 -0700, N. N.M wrote: >Dear Norman > >Thank you very much. The problem with logging is fixed! I did what you >said: > >>I believe that this is because you used spaces to separate the >>fields instead of the required tabs. > >>From syslog.conf man page (look at the last sentence): > >>The syslog.conf file is the configuration file for the syslogd(8) >>program. It consists of blocks of lines separated by program >>specifications, with each line containing two fields: the selector >>field which specifies the types of messages and priorities to which >>the line applies, and an action field which specifies the action to >be >taken if a message syslogd receives matches the selection >criteria. >The selector field is separated from the action field by >one or more >tab characters. > >It was just my mistake to use spaces instead of tabs in >/etc/syslogd.conf. Anyway, thank you very much. > >Regards, >Nazila N. > >______________________________________________________ >Get Your Private, Free Email at http://www.hotmail.com > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 5 09:50:25 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA08807 for freebsd-security-outgoing; Mon, 5 Oct 1998 09:50:25 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from emu.sourcee.com (emu.sourcee.com [199.201.159.173]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA08793 for ; Mon, 5 Oct 1998 09:50:13 -0700 (PDT) (envelope-from nrice@emu.sourcee.com) Received: (from nrice@localhost) by emu.sourcee.com (8.8.8/8.8.3) id MAA22308; Mon, 5 Oct 1998 12:49:25 -0400 (EDT) Message-ID: <19981005124924.A22282@emu.sourcee.com> Date: Mon, 5 Oct 1998 12:49:24 -0400 From: Norman C Rice To: Brett Glass , "N. N.M" , freebsd-security@FreeBSD.ORG Subject: Re: The necessary steps for logging (the problem is fixed) References: <19981005075959.17004.qmail@hotmail.com> <4.1.19981005093222.041901f0@mail.lariat.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.91.1i In-Reply-To: <4.1.19981005093222.041901f0@mail.lariat.org>; from Brett Glass on Mon, Oct 05, 1998 at 09:32:54AM -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, Oct 05, 1998 at 09:32:54AM -0600, Brett Glass wrote: > Both spaces and tabs should count as white space. > Should this be submitted as a bug? As the program works according to the documentation (man page), I don't consider this feature a bug. However, many people stumble over the whitespace issue so perhaps a parser enhancement should be considered. -- Regards, Norman C. Rice, Jr. > --Brett > > At 12:59 AM 10/5/98 -0700, N. N.M wrote: > > >Dear Norman > > > >Thank you very much. The problem with logging is fixed! I did what you > >said: > > > >>I believe that this is because you used spaces to separate the > >>fields instead of the required tabs. > > > >>From syslog.conf man page (look at the last sentence): > > > >>The syslog.conf file is the configuration file for the syslogd(8) > >>program. It consists of blocks of lines separated by program > >>specifications, with each line containing two fields: the selector > >>field which specifies the types of messages and priorities to which > >>the line applies, and an action field which specifies the action to >be > >taken if a message syslogd receives matches the selection >criteria. > >The selector field is separated from the action field by >one or more > >tab characters. > > > >It was just my mistake to use spaces instead of tabs in > >/etc/syslogd.conf. Anyway, thank you very much. > > > >Regards, > >Nazila N. > > > >______________________________________________________ > >Get Your Private, Free Email at http://www.hotmail.com > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 5 11:00:25 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA22706 for freebsd-security-outgoing; Mon, 5 Oct 1998 11:00:25 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from orion.ac.hmc.edu (Orion.AC.HMC.Edu [134.173.32.20]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA22698 for ; Mon, 5 Oct 1998 11:00:23 -0700 (PDT) (envelope-from brooks@one-eyed-alien.net) From: brooks@one-eyed-alien.net Received: from localhost (brdavis@localhost) by orion.ac.hmc.edu (8.8.8/8.8.8) with SMTP id KAA26645; Mon, 5 Oct 1998 10:59:28 -0700 (PDT) X-Authentication-Warning: orion.ac.hmc.edu: brdavis owned process doing -bs Date: Mon, 5 Oct 1998 10:59:28 -0700 (PDT) X-Sender: brdavis@orion.ac.hmc.edu To: Brett Glass cc: "N. N.M" , freebsd-security@FreeBSD.ORG Subject: Re: The necessary steps for logging (the problem is fixed) In-Reply-To: <4.1.19981005093222.041901f0@mail.lariat.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 5 Oct 1998, Brett Glass wrote: > Both spaces and tabs should count as white space. Should this be > submitted as a bug? This isn't a bug any more then any other UN*X stupidity you could care to name including other cases nearly identical to this one like tabs not being the same as spaces in sendmail.cf and Makefiles. One thing you can do in this case is use a sanity checker for syslog.conf files like the one I wrote. You can get it at: http://www3.hmc.edu/~brdavis/software/syslogck/ It's based on the Sun syslog manpage, but I think it should work with other normal syslog.conf files. -- Brooks To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 5 12:02:08 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA04676 for freebsd-security-outgoing; Mon, 5 Oct 1998 12:02:08 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from axl.training.iafrica.com (axl.training.iafrica.com [196.31.1.175]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA03844 for ; Mon, 5 Oct 1998 11:58:48 -0700 (PDT) (envelope-from sheldonh@axl.training.iafrica.com) Received: from sheldonh (helo=axl.training.iafrica.com) by axl.training.iafrica.com with local-esmtp (Exim 2.02 #1) id 0zQFpR-0000IK-00; Mon, 5 Oct 1998 20:57:53 +0200 From: Sheldon Hearn To: freebsd-security@FreeBSD.ORG cc: Brett Glass Subject: Re: The necessary steps for logging (the problem is fixed) In-reply-to: Your message of "Mon, 05 Oct 1998 12:49:24 -0400." <19981005124924.A22282@emu.sourcee.com> Date: Mon, 05 Oct 1998 20:57:53 +0200 Message-ID: <1135.907613873@axl.training.iafrica.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, Oct 05, 1998 at 09:32:54AM -0600, Brett Glass wrote: > Both spaces and tabs should count as white space. Should this be > submitted as a bug? In the comments on thsi one that I've seen so far, I've seen only justifications of the program operating in accordance with the manpage. I think the real question is: Does syslogd's use of only tabs as separators, and not whitespace as with many other conf formats, contribute anything to the flexibility of the conf file? If it does, someone should explain how, so that we can settle down and be happy with the current behaviour. If not, _then_ we can discuss whether teaching syslogd to accept whitespace as separators may be useful. Anyone with intelligent comment on the usefulness of using only tabs as separators and not whitespace, as is the norm for many conf formats? Ciao, Sheldon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 5 12:53:45 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA16597 for freebsd-security-outgoing; Mon, 5 Oct 1998 12:53:45 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from picnic.mat.net (picnic.mat.net [206.246.122.117]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA16574 for ; Mon, 5 Oct 1998 12:53:40 -0700 (PDT) (envelope-from chuckr@mat.net) Received: from localhost (chuckr@localhost) by picnic.mat.net (8.9.1/8.8.5) with ESMTP id PAA17482 for ; Mon, 5 Oct 1998 15:52:50 -0400 (EDT) Date: Mon, 5 Oct 1998 15:52:50 -0400 (EDT) From: Chuck Robey To: FreeBSD-security@FreeBSD.ORG Subject: Java-based Crypto Decoder Ring gets NIST FIPS 140-1 certification (fwd) Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Read the forwarded message at the bottom, then come back here and talk with me some .... Got this from the cryptography list at c2.net (great, lo noise list), and it's talking about something I've wanted for a long time. I want to know if it's feasible to be able to use something like this data ring to be able to do FreeBSD logins? I'm not asking if the software exists ... if it doesn't (and I know it doesn't yet) I can do that part, I'm interested if this really represents a secure method for me to be able to do something like carry around my whole 1024 bit private key with me, and use the $15 (yes, it's only $15!) ISA card to interface to the ring, and tell the system securely who I am. I want to know if there are any hidden traps to doing logins that way. This would (I hope) mean a permanent end to me forgetting passwords, since I've never lost a key in my life, but I don't know enough about security to tell if the whole idea has some hidden gotcha in it. ----------------------------+----------------------------------------------- Chuck Robey | Interests include any kind of voice or data chuckr@glue.umd.edu | communications topic, C programming, and Unix. 213 Lakeside Drive Apt T-1 | Greenbelt, MD 20770 | I run Journey2 and picnic (FreeBSD-current) (301) 220-2114 | and jaunt (NetBSD). ----------------------------+----------------------------------------------- ---------- Forwarded message ---------- Java-based Crypto Decoder Ring gets NIST FIPS 140-1 certification INSTEAD OF STORING YOUR PRIVATE KEY IN SOFTWARE ON YOUR PC, KEEP IT IN HARDWARE, ON YOUR CLASS RING, KEY FOB, MONEY CLIP, WATCH OR ANYTHING ELSE THAT CAN STORE A 16mm, stainless steel case. According to its Web site (www.ibutton.com), "the iButtion provides for secure end-to-end Internet transactions-including granting conditional access to Web pages, signing documents, encrypting sensitive files, securing email and conducting financial transactions safely - even if the client computer, software and communication links are not trustworthy. When PC software and hardware are hacked, information remains safe in the physically secure iButton chip." Unlike storing your private key in software on your PC where it can remain in cache after use, and be retrieved by a hacker, the crypto iButton private key never enters your PC, so it cannot be intercepted. In July, the Crypto iButton from Dallas Semiconductor received the NIST FIPS 140-1 "Security Requirements For Cryptographic Modules" certification. The Crypto iButton provides hardware cryptographic services such as long-term safe storage of private keys, a high-speed math accelerator for 1024-bit public key cryptography, and secure message digest (hashing). To date, only 15 hardware products have been validated by the U.S. and Canadian governments. According to their press release at: http://www.dalsemi.com/News_Center/Press_Releases/1998/pr_fips.html, the Crypto iButton ensures both parties involved in a secure information exchange are truly authorized to communicate by rendering messages into unbreakable digital codes using its high-speed math accelerator. The Crypto iButton addresses both components of secure communication, authentication and safe transmission, making it ideal for Internet commerce and/or banking transactions. The Crypto iButton consists of a physically secure, million-transistor microchip packaged in a 16mm stainless steel can. Not only does the steel protect the silicon chip inside from the hard knocks of everyday use; it also shows clear evidence of tampering by leaving scratch and dent marks of the intruder. This steel case satisfies FIPS 140-1 Level 2 Tamper Evidence requirements for physical security. Note: Within the overall 140-1 certification are various sub-levels that identify how well the product rates in different categories such as Physical Security, Environmental Failure Protection, and Tamper Resistance. The sum of the ratings in the individual categories determines whether it merits certification. The iButtion also allows the owner to set an automatic expiration date, to limit the potential for unauthorized use. Once the built-in clock reaches a pre-set time, the chip self-expires and requires re-activation by the service provider before service can be renewed. The service provider can verify that an individual has possession prior to initial activation or renewal (re-activation). In this way, a lost or stolen iButton unconditionally limits the potential for unauthorized use to the remaining activation time, which can be made arbitrarily short by the iButton holder or service provider. According to its Web site, Blue Dot receptors using either the Java operating system (OS), or a proprietary OS, can be purchased online for $15 each. The receptor plugs directly into the parallel port on a PC, and includes software for configuring its features. The software also programs the decoder ring with the private key the first time, and performs any other administrative functions. Just press the Blue Dot with the iButton (ring, fob, key ring, etc.) to establish the connection path. If you know your ring size, you can order Josten's 'Java-powered ring,' or the 'Digital Decoder Ring,' online. Also available are the 'Fossil Watch, key ring, or money clip. http://www.iButton.com/DigStore/access.html#jring. Costs for a single unit range from $45 to $89. "Unlike a loose plastic card, the iButton stays attached to a carefully guarded accessory, such as a badge, ring, key fob, watch band, or wallet, making misplacement less likely. The steel button is rugged enough to withstand harsh outdoor environments and durable enough for a person to wear every day. An individual maintains control over their Crypto iButton in yet another way-a secret Personal Identification Number. If so programmed, the iButton will not perform computations until its PIN is entered, like a bank ATM. " A list of developers and their off-the-shelf applications is at: http://www.iButton.com/Connections/Catalogs/index.html. Custom, networked, server-based applications are available, in addition to individual, standalone PC products. The crypto iButtion is currently being tested by the USPS for electronic distribution of postage stamps. The company marketed its iButton products for other non-crypto uses starting in 1991. A list of current implemented and pilot projects using the product to simply store and process data around the world is at: http://www.iButton.com/showcase.html. This includes the mass-transit system in Turkey, bus passes in China, vending machines in Canada, parking meters in Brazil and Argentina, and buying gas in Mexico and Moscow. Richard Hornbeck www.primenet.com/~hornbeck --- end forwarded text To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 5 13:59:27 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id NAA01015 for freebsd-security-outgoing; Mon, 5 Oct 1998 13:59:27 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from lariat.lariat.org (lariat.lariat.org [206.100.185.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA01010 for ; Mon, 5 Oct 1998 13:59:25 -0700 (PDT) (envelope-from brett@lariat.org) Received: (from brett@localhost) by lariat.lariat.org (8.8.8/8.8.6) id OAA04161; Mon, 5 Oct 1998 14:44:51 -0600 (MDT) Message-Id: <4.1.19981005144059.00bef900@mail.lariat.org> X-Sender: brett@mail.lariat.org X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Mon, 05 Oct 1998 14:42:48 -0600 To: Sheldon Hearn , freebsd-security@FreeBSD.ORG From: Brett Glass Subject: Re: The necessary steps for logging (the problem is fixed) In-Reply-To: <1135.907613873@axl.training.iafrica.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 08:57 PM 10/5/98 +0200, Sheldon Hearn wrote: >Anyone with intelligent comment on the usefulness of using only tabs as >separators and not whitespace, as is the norm for many conf formats? I don't think it's useful. Most people quote items with spaces anyway, either because they do not remember whether spaces are allowed in that case or because they want to be sure. I think that distinguishing between different "kinds" of whitespace creates a pitfall for the unwary and does nothing useful. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 5 14:31:04 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id OAA04655 for freebsd-security-outgoing; Mon, 5 Oct 1998 14:31:04 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from mail1.its.rpi.edu (mail1.its.rpi.edu [128.113.100.7]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA04642 for ; Mon, 5 Oct 1998 14:31:01 -0700 (PDT) (envelope-from drosih@rpi.edu) Received: from [128.113.24.47] (gilead.acs.rpi.edu [128.113.24.47]) by mail1.its.rpi.edu (8.8.8/8.8.6) with ESMTP id RAA100548; Mon, 5 Oct 1998 17:30:47 -0400 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-Sender: drosih@pop1.rpi.edu Message-Id: In-Reply-To: <4.1.19981005093222.041901f0@mail.lariat.org> References: <19981005075959.17004.qmail@hotmail.com> Date: Mon, 5 Oct 1998 17:34:51 -0400 To: Brett Glass , "N. N.M" , freebsd-security@FreeBSD.ORG From: Garance A Drosihn Subject: Re: The necessary steps for logging (the problem is fixed) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 9:32 AM -0600 10/5/98, Brett Glass wrote: > Both spaces and tabs should count as white space. Should this > be submitted as a bug? At the very least, it would be nice if syslog would complain about a line which has no tabs in it. Perhaps there is some case where the first field might contain blanks, but there is no case where a line with no tabs in it would be correct... --- Garance Alistair Drosehn = gad@eclipse.its.rpi.edu Senior Systems Programmer or drosih@rpi.edu Rensselaer Polytechnic Institute To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 5 15:23:08 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id PAA16043 for freebsd-security-outgoing; Mon, 5 Oct 1998 15:23:08 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from java.dpcsys.com (java.dpcsys.com [206.16.184.7]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA16030 for ; Mon, 5 Oct 1998 15:23:05 -0700 (PDT) (envelope-from dan@dpcsys.com) Received: from localhost (dan@localhost) by java.dpcsys.com (8.9.1a/8.9.1) with SMTP id PAA20045; Mon, 5 Oct 1998 15:22:14 -0700 (PDT) Date: Mon, 5 Oct 1998 15:22:14 -0700 (PDT) From: Dan Busarow To: brooks@one-eyed-alien.net cc: Brett Glass , "N. N.M" , freebsd-security@FreeBSD.ORG Subject: Re: The necessary steps for logging (the problem is fixed) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 5 Oct 1998 brooks@one-eyed-alien.net wrote: > > Both spaces and tabs should count as white space. Should this be > > submitted as a bug? > > This isn't a bug any more then any other UN*X stupidity you could care to > name including other cases nearly identical to this one like tabs not > being the same as spaces in sendmail.cf and Makefiles. One thing you can When spaces are a legal value within a field, they can hardly be used as field separators. Dan -- Dan Busarow 949 443 4172 Dana Point Communications, a California corporation dan@dpcsys.com Dana Point, California 83 09 EF 59 E0 11 89 B4 8D 09 DB FD E1 DD 0C 82 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 5 15:33:38 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id PAA18433 for freebsd-security-outgoing; Mon, 5 Oct 1998 15:33:38 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from pluto.plutotech.com (mail.plutotech.com [206.168.67.137]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA18426 for ; Mon, 5 Oct 1998 15:33:35 -0700 (PDT) (envelope-from kelly@plutotech.com) Received: from plutotech.com (tampopo.plutotech.com [206.168.67.161]) by pluto.plutotech.com (8.8.7/8.8.5) with ESMTP id QAA02770; Mon, 5 Oct 1998 16:33:22 -0600 (MDT) Message-ID: <36194931.975AA5AC@plutotech.com> Date: Mon, 05 Oct 1998 16:33:21 -0600 From: Sean Kelly Organization: Pluto Technologies X-Mailer: Mozilla 4.04 [en] (X11; I; FreeBSD 3.0-CURRENT i386) MIME-Version: 1.0 To: Chuck Robey CC: FreeBSD-security@FreeBSD.ORG Subject: Re: Java-based Crypto Decoder Ring gets NIST FIPS 140-1 certification (fwd) References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Chuck Robey wrote: > I'm not asking if the software exists ... if it doesn't (and I know it > doesn't yet) ... well, some of it actually *does* exist! Steve Passe developed some C++ code that interfaces to an iButton (or any Dallas Semiconductor MicroLAN product) using a simple busmaster that you can assemble. Using that code as a basis, I'm developing some Java code that does the same thing, but uses the Dallas Semiconductor DS2485 busmaster. MicroLAN, upon which the iButtons are based, is really nifty: using a single data line, most devices use parasitic power off the bidirectional data line to power themselves. There are remote addressable switches, temperature sensors, and serial numbers. Both of Steve and I use them in our home automation shenanigans. > I can do that part, I'm interested if this really > represents a secure method for me to be able to do something like carry > around my whole 1024 bit private key with me, and use the $15 (yes, it's > only $15!) ISA card to interface to the ring, and tell the system > securely who I am. I want to know if there are any hidden traps to > doing logins that way. I hope not, since I'm planning on using my iButton to arm and disarm the home security system. I get the added bonus of a record of who did it (me, wife, or future kids), and a nearly nil chance that anyone else can disarm it. Go for it! --Sean To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 5 15:47:09 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id PAA21911 for freebsd-security-outgoing; Mon, 5 Oct 1998 15:47:09 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from emu.sourcee.com (emu.sourcee.com [199.201.159.173]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA21884 for ; Mon, 5 Oct 1998 15:46:57 -0700 (PDT) (envelope-from nrice@emu.sourcee.com) Received: (from nrice@localhost) by emu.sourcee.com (8.8.8/8.8.3) id SAA23401; Mon, 5 Oct 1998 18:46:49 -0400 (EDT) Message-ID: <19981005184647.A23354@emu.sourcee.com> Date: Mon, 5 Oct 1998 18:46:47 -0400 From: Norman C Rice To: Garance A Drosihn , Brett Glass , "N. N.M" , freebsd-security@FreeBSD.ORG Subject: Re: The necessary steps for logging (the problem is fixed) References: <19981005075959.17004.qmail@hotmail.com> <4.1.19981005093222.041901f0@mail.lariat.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.91.1i In-Reply-To: ; from Garance A Drosihn on Mon, Oct 05, 1998 at 05:34:51PM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, Oct 05, 1998 at 05:34:51PM -0400, Garance A Drosihn wrote: > At 9:32 AM -0600 10/5/98, Brett Glass wrote: > > Both spaces and tabs should count as white space. Should this > > be submitted as a bug? > > At the very least, it would be nice if syslog would complain > about a line which has no tabs in it. Perhaps there is some > case where the first field might contain blanks, but there is > no case where a line with no tabs in it would be correct... I do not believe that this is correct -- there is support for the program name tags (#!prog and !prog) and comments (#) and these do not require horizontal tab characters. -- Regards, Norman C. Rice, Jr. > --- > Garance Alistair Drosehn = gad@eclipse.its.rpi.edu > Senior Systems Programmer or drosih@rpi.edu > Rensselaer Polytechnic Institute To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 5 16:26:52 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id QAA00396 for freebsd-security-outgoing; Mon, 5 Oct 1998 16:26:52 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from aniwa.sky (pppk-06.igrin.co.nz [202.49.245.85]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA00367 for ; Mon, 5 Oct 1998 16:26:40 -0700 (PDT) (envelope-from andrew@squiz.co.nz) Received: from localhost (andrew@localhost) by aniwa.sky (8.8.8/8.8.7) with SMTP id MAA02021; Tue, 6 Oct 1998 12:24:53 +1300 (NZDT) (envelope-from andrew@squiz.co.nz) Date: Tue, 6 Oct 1998 12:24:52 +1300 (NZDT) From: Andrew McNaughton X-Sender: andrew@aniwa.sky Reply-To: andrew@squiz.co.nz To: Garance A Drosihn cc: Brett Glass , "N. N.M" , freebsd-security@FreeBSD.ORG Subject: Re: The necessary steps for logging (the problem is fixed) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 5 Oct 1998, Garance A Drosihn wrote: > At 9:32 AM -0600 10/5/98, Brett Glass wrote: > > Both spaces and tabs should count as white space. Should this > > be submitted as a bug? > > At the very least, it would be nice if syslog would complain > about a line which has no tabs in it. Perhaps there is some > case where the first field might contain blanks, but there is > no case where a line with no tabs in it would be correct... Or perhaps complain if the number of fields on the line is incorrect. Catches a wider range of errors. Andrew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 5 16:53:58 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id QAA05243 for freebsd-security-outgoing; Mon, 5 Oct 1998 16:53:58 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from ns.mt.sri.com (sri-gw.MT.net [206.127.105.141]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA05236 for ; Mon, 5 Oct 1998 16:53:55 -0700 (PDT) (envelope-from nate@mt.sri.com) Received: from mt.sri.com (rocky.mt.sri.com [206.127.76.100]) by ns.mt.sri.com (8.8.8/8.8.8) with SMTP id RAA11176; Mon, 5 Oct 1998 17:53:34 -0600 (MDT) (envelope-from nate@rocky.mt.sri.com) Received: by mt.sri.com (SMI-8.6/SMI-SVR4) id RAA12302; Mon, 5 Oct 1998 17:53:34 -0600 Date: Mon, 5 Oct 1998 17:53:34 -0600 Message-Id: <199810052353.RAA12302@mt.sri.com> From: Nate Williams MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit To: Sean Kelly Cc: Chuck Robey , FreeBSD-security@FreeBSD.ORG Subject: Re: Java-based Crypto Decoder Ring gets NIST FIPS 140-1 certification (fwd) In-Reply-To: <36194931.975AA5AC@plutotech.com> References: <36194931.975AA5AC@plutotech.com> X-Mailer: VM 6.34 under 19.16 "Lille" XEmacs Lucid Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > I can do that part, I'm interested if this really > > represents a secure method for me to be able to do something like carry > > around my whole 1024 bit private key with me, and use the $15 (yes, it's > > only $15!) ISA card to interface to the ring, and tell the system > > securely who I am. I want to know if there are any hidden traps to > > doing logins that way. > > I hope not, since I'm planning on using my iButton to arm and disarm the > home security system. I get the added bonus of a record of who did it > (me, wife, or future kids), and a nearly nil chance that anyone else can > disarm it. Umm, quick question. What's to stop the burglar from taking your ring and using it to disarm your alarm? (I contrast this with the alarms ability to have a 'disarm but silent setoff setting' which disarms the alarm by still calls in the calvary, which is used when you are in distress... (Or, am I just being truly paranoid...) Nate - Who is looking for a good 'physical' security mechanism that can't be easily forged by an outsider who gets physical access to you and your computer. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 5 17:06:38 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id RAA08407 for freebsd-security-outgoing; Mon, 5 Oct 1998 17:06:38 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from pluto.plutotech.com (mail.plutotech.com [206.168.67.137]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id RAA08336 for ; Mon, 5 Oct 1998 17:06:23 -0700 (PDT) (envelope-from kelly@plutotech.com) Received: from plutotech.com (tampopo.plutotech.com [206.168.67.161]) by pluto.plutotech.com (8.8.7/8.8.5) with ESMTP id SAA07116; Mon, 5 Oct 1998 18:06:11 -0600 (MDT) Message-ID: <36195EF3.23B3260E@plutotech.com> Date: Mon, 05 Oct 1998 18:06:11 -0600 From: Sean Kelly Organization: Pluto Technologies X-Mailer: Mozilla 4.04 [en] (X11; I; FreeBSD 3.0-CURRENT i386) MIME-Version: 1.0 To: Nate Williams CC: Chuck Robey , FreeBSD-security@FreeBSD.ORG Subject: Re: Java-based Crypto Decoder Ring gets NIST FIPS 140-1 certification (fwd) References: <36194931.975AA5AC@plutotech.com> <199810052353.RAA12302@mt.sri.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Umm, quick question. What's to stop the burglar from taking your ring > and using it to disarm your alarm? I'll try to put up a good fight. :-) > (I contrast this with the alarms > ability to have a 'disarm but silent setoff setting' which disarms the > alarm by still calls in the calvary, which is used when you are in > distress... Good idea. Maybe there should be both the ring and a keypad; a special code can indicate distress. > (Or, am I just being truly paranoid...) You? Naaaah! > Nate - Who is looking for a good 'physical' security mechanism that > can't be easily forged by an outsider who gets physical access to you > and your computer. Good luck! --Sean To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 5 17:16:02 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id RAA11156 for freebsd-security-outgoing; Mon, 5 Oct 1998 17:16:02 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from fledge.watson.org (COPLAND.CODA.CS.CMU.EDU [128.2.222.48]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id RAA11104 for ; Mon, 5 Oct 1998 17:15:40 -0700 (PDT) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.8.8/8.8.8) with SMTP id UAA14570; Mon, 5 Oct 1998 20:13:39 -0400 (EDT) Date: Mon, 5 Oct 1998 20:13:39 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: Garance A Drosihn cc: Brett Glass , "N. N.M" , freebsd-security@FreeBSD.ORG Subject: Re: The necessary steps for logging (the problem is fixed) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org As someone who copies config file entries around via the xterm selection, which will not get tabs due to tab expansion, I would say go with the change to accepting either tabs or spaces (or any combination). What do other major config files like this use? (newsyslog.conf, crontab) And it does suck to have so many types of config files, of course.. :) On Mon, 5 Oct 1998, Garance A Drosihn wrote: > At 9:32 AM -0600 10/5/98, Brett Glass wrote: > > Both spaces and tabs should count as white space. Should this > > be submitted as a bug? > > At the very least, it would be nice if syslog would complain > about a line which has no tabs in it. Perhaps there is some > case where the first field might contain blanks, but there is > no case where a line with no tabs in it would be correct... > > --- > Garance Alistair Drosehn = gad@eclipse.its.rpi.edu > Senior Systems Programmer or drosih@rpi.edu > Rensselaer Polytechnic Institute > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > Robert N Watson Carnegie Mellon University http://www.cmu.edu/ TIS Labs at Network Associates, Inc. http://www.tis.com/ SafePort Network Services http://www.safeport.com/ robert@fledge.watson.org http://www.watson.org/~robert/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Oct 5 21:26:32 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id VAA27778 for freebsd-security-outgoing; Mon, 5 Oct 1998 21:26:32 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from obie.softweyr.com ([204.68.178.33]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id VAA27735 for ; Mon, 5 Oct 1998 21:26:23 -0700 (PDT) (envelope-from wes@softweyr.com) Received: from softweyr.com (wes@zaphod.softweyr.com [204.68.178.35]) by obie.softweyr.com (8.8.8/8.8.8) with ESMTP id WAA11749; Mon, 5 Oct 1998 22:25:46 -0600 (MDT) (envelope-from wes@softweyr.com) Message-ID: <36199BC9.8B4BA146@softweyr.com> Date: Mon, 05 Oct 1998 22:25:45 -0600 From: Wes Peters Organization: Softweyr llc X-Mailer: Mozilla 4.05 [en] (X11; I; FreeBSD 2.2.6-RELEASE i386) MIME-Version: 1.0 To: Sean Kelly CC: Nate Williams , Chuck Robey , FreeBSD-security@FreeBSD.ORG Subject: Re: Java-based Crypto Decoder Ring gets NIST FIPS 140-1 certification (fwd) References: <36194931.975AA5AC@plutotech.com> <199810052353.RAA12302@mt.sri.com> <36195EF3.23B3260E@plutotech.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Nate Williams quipped? % Umm, quick question. What's to stop the burglar from taking your ring % and using it to disarm your alarm? Sean Kelly wrote: > I'll try to put up a good fight. :-) For you, Nate, I'd say Montana's (complete lack of) gun-control laws will help. ;^) % (I contrast this with the alarms % ability to have a 'disarm but silent setoff setting' which disarms the % alarm by still calls in the calvary, which is used when you are in % distress... > Good idea. Maybe there should be both the ring and a keypad; a special > code can indicate distress. % (Or, am I just being truly paranoid...) > You? Naaaah! % Nate - Who is looking for a good 'physical' security mechanism that % can't be easily forged by an outsider who gets physical access to you % and your computer. This would pretty much need to be a biometric device of some sort that can measure stress *and* determine if the subject is living or dead. Probably still slightly beyond the state of the art, but not more than a few years out now. I personally prefer the urinalysis login method, but it can get pretty messy, and I'm told is much more embarassing for users with two Y chromosones. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC http://www.softweyr.com/~softweyr wes@softweyr.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 6 00:57:53 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id AAA26417 for freebsd-security-outgoing; Tue, 6 Oct 1998 00:57:53 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from shell6.ba.best.com (shell6.ba.best.com [206.184.139.137]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id AAA26396 for ; Tue, 6 Oct 1998 00:57:49 -0700 (PDT) (envelope-from jkb@best.com) Received: from localhost (jkb@localhost) by shell6.ba.best.com (8.9.0/8.9.0/best.sh) with SMTP id AAA01163 for ; Tue, 6 Oct 1998 00:57:46 -0700 (PDT) X-Authentication-Warning: shell6.ba.best.com: jkb owned process doing -bs Date: Tue, 6 Oct 1998 00:57:46 -0700 (PDT) From: "Jan B. Koum " X-Sender: jkb@shell6.ba.best.com To: freebsd-security@FreeBSD.ORG Subject: Negative IP Packets - Risky? (fwd) Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Am I the only one here who upon reading this goes "Huh?" OTOH, firewall-wizards is moderated by Marcus Ranum who does not let just "any" mail through. In that case: what are negative IP packets?! -- Yan I don't have the password .... + Jan Koum But the path is chainlinked .. | Spelled Jan, pronounced Yan. There. So if you've got the time .... | Web: http://www.best.com/~jkb Set the tone to sync ......... + OS: http://www.FreeBSD.org ---------- Forwarded message ---------- Date: Mon, 05 Oct 1998 20:11:17 +0100 From: James Rowley To: "'firewall-wizards@nfr.com'" Subject: Negative IP Packets - Risky? By sending negative IP packets to a network, you can crash the server. Is anyone else aware of this & possible precautions that one can take? sincerely, James Rowley - Eudemonic Solutions, Edinburgh, SCOTLAND To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 6 01:13:22 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id BAA29273 for freebsd-security-outgoing; Tue, 6 Oct 1998 01:13:22 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from time.cdrom.com (time.cdrom.com [204.216.27.226]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id BAA29267 for ; Tue, 6 Oct 1998 01:13:21 -0700 (PDT) (envelope-from jkh@time.cdrom.com) Received: from time.cdrom.com (jkh@localhost.cdrom.com [127.0.0.1]) by time.cdrom.com (8.8.8/8.8.8) with ESMTP id BAA17500; Tue, 6 Oct 1998 01:13:22 -0700 (PDT) (envelope-from jkh@time.cdrom.com) To: "Jan B. Koum " cc: freebsd-security@FreeBSD.ORG Subject: Re: Negative IP Packets - Risky? (fwd) In-reply-to: Your message of "Tue, 06 Oct 1998 00:57:46 PDT." Date: Tue, 06 Oct 1998 01:13:22 -0700 Message-ID: <17497.907661602@time.cdrom.com> From: "Jordan K. Hubbard" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > By sending negative IP packets to a network, you can crash the server. Ah yes, the old negative IP packets. There's nothing worse than a packet with a BAD ATTITUDE and those negative ones can be downright gloomy. I filter them with HappyBridge(R) 1.0. - Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 6 01:17:23 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id BAA29743 for freebsd-security-outgoing; Tue, 6 Oct 1998 01:17:23 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from mail.ftf.dk (mail.ftf.net [129.142.64.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id BAA29733 for ; Tue, 6 Oct 1998 01:17:16 -0700 (PDT) (envelope-from regnauld@deepo.prosa.dk) Received: from mail.prosa.dk ([192.168.100.254]) by mail.ftf.dk (8.8.8/8.8.8/gw-ftf-1.0) with ESMTP id KAA29497; Tue, 6 Oct 1998 10:22:13 +0200 (CEST) (envelope-from regnauld@deepo.prosa.dk) X-Authentication-Warning: mail.ftf.dk: Host [192.168.100.254] claimed to be mail.prosa.dk Received: from deepo.prosa.dk (deepo.prosa.dk [192.168.100.10]) by mail.prosa.dk (8.8.8/8.8.5/prosa-1.1) with ESMTP id KAA04211; Tue, 6 Oct 1998 10:35:02 +0200 (CEST) Received: (from regnauld@localhost) by deepo.prosa.dk (8.8.8/8.8.5/prosa-1.1) id KAA10863; Tue, 6 Oct 1998 10:27:06 +0200 (CEST) Message-ID: <19981006102706.39881@deepo.prosa.dk> Date: Tue, 6 Oct 1998 10:27:06 +0200 From: Philippe Regnauld To: brooks@one-eyed-alien.net Cc: security@FreeBSD.ORG Subject: Re: The necessary steps for logging (the problem is fixed) References: <4.1.19981005093222.041901f0@mail.lariat.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.88e In-Reply-To: ; from brooks@one-eyed-alien.net on Mon, Oct 05, 1998 at 10:59:28AM -0700 X-Operating-System: FreeBSD 2.2.6-RELEASE i386 Phone: +45 3336 4148 Address: Ahlefeldtsgade 16, 1359 Copenhagen K, Denmark Organization: PROSA Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org brooks@one-eyed-alien.net writes: > On Mon, 5 Oct 1998, Brett Glass wrote: > > being the same as spaces in sendmail.cf and Makefiles. One thing you can > do in this case is use a sanity checker for syslog.conf files like the one > I wrote. You can get it at: > > http://www3.hmc.edu/~brdavis/software/syslogck/ One thing that could be done was to have a wrapper (like crontab -e) that checked syntax (f.ex, with your script) before installing the syslog.conf ? The wrapper would complain noisily and refuse to let you save the file if the file was bogus. syslog -e ? :-) -- -[ Philippe Regnauld / sysadmin / regnauld@deepo.prosa.dk / +55.4N +11.3E ]- The Internet is busy. Please try again later. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 6 02:37:48 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id CAA11458 for freebsd-security-outgoing; Tue, 6 Oct 1998 02:37:48 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from Thingol.KryptoKom.DE (Thingol.KryptoKom.DE [194.245.91.1]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id CAA11413 for ; Tue, 6 Oct 1998 02:37:21 -0700 (PDT) (envelope-from Reinier.Bezuidenhout@KryptoKom.DE) Received: (from mail@localhost) by Thingol.KryptoKom.DE (8.8.7/8.8.4) id LAA19311; Tue, 6 Oct 1998 11:29:05 +0200 Received: from cirdan.kryptokom.de by via smtpp (Version 1.1.1b4) id kwa19305; Tue Oct 06 11:28:46 1998 Received: by Cirdan.KryptoKom.DE (8.8.5/8.8.5) with ESMTP id LAA00811; Tue, 6 Oct 1998 11:34:04 +0200 Received: (from bez@localhost) by borg.kryptokom.de (8.8.8/8.8.8) id LAA09487; Tue, 6 Oct 1998 11:35:58 +0200 (CEST) (envelope-from bez) From: Reinier Bezuidenhout Message-Id: <199810060935.LAA09487@borg.kryptokom.de> Subject: Re: Negative IP Packets - Risky? (fwd) In-Reply-To: <17497.907661602@time.cdrom.com> from "Jordan K. Hubbard" at "Oct 6, 1998 1:13:22 am" To: jkh@time.cdrom.com (Jordan K. Hubbard) Date: Tue, 6 Oct 1998 11:35:58 +0200 (CEST) Cc: jkb@best.com, freebsd-security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL43 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi ... Sorry for this off topic e-mail ... but I just have to say ... Jordan - 10/10 - and a gold medal ... I think you should copyright this one :) :) :) Bye Reinier > > By sending negative IP packets to a network, you can crash the server. > > Ah yes, the old negative IP packets. There's nothing worse than a > packet with a BAD ATTITUDE and those negative ones can be downright > gloomy. I filter them with HappyBridge(R) 1.0. > > - Jordan > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 6 02:51:11 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id CAA13367 for freebsd-security-outgoing; Tue, 6 Oct 1998 02:51:11 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from mail.ftf.dk (mail.ftf.net [129.142.64.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id CAA13311 for ; Tue, 6 Oct 1998 02:50:48 -0700 (PDT) (envelope-from regnauld@deepo.prosa.dk) Received: from mail.prosa.dk ([192.168.100.254]) by mail.ftf.dk (8.8.8/8.8.8/gw-ftf-1.0) with ESMTP id LAA04431; Tue, 6 Oct 1998 11:55:52 +0200 (CEST) (envelope-from regnauld@deepo.prosa.dk) X-Authentication-Warning: mail.ftf.dk: Host [192.168.100.254] claimed to be mail.prosa.dk Received: from deepo.prosa.dk (deepo.prosa.dk [192.168.100.10]) by mail.prosa.dk (8.8.8/8.8.5/prosa-1.1) with ESMTP id MAA04368; Tue, 6 Oct 1998 12:08:41 +0200 (CEST) Received: (from regnauld@localhost) by deepo.prosa.dk (8.8.8/8.8.5/prosa-1.1) id MAA11577; Tue, 6 Oct 1998 12:00:46 +0200 (CEST) Message-ID: <19981006120045.14073@deepo.prosa.dk> Date: Tue, 6 Oct 1998 12:00:45 +0200 From: Philippe Regnauld To: "Jordan K. Hubbard" Cc: "Jan B. Koum " , freebsd-security@FreeBSD.ORG Subject: Re: Negative IP Packets - Risky? (fwd) References: <17497.907661602@time.cdrom.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.88e In-Reply-To: <17497.907661602@time.cdrom.com>; from Jordan K. Hubbard on Tue, Oct 06, 1998 at 01:13:22AM -0700 X-Operating-System: FreeBSD 2.2.6-RELEASE i386 Phone: +45 3336 4148 Address: Ahlefeldtsgade 16, 1359 Copenhagen K, Denmark Organization: PROSA Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Jordan K. Hubbard writes: > > By sending negative IP packets to a network, you can crash the server. > > Ah yes, the old negative IP packets. There's nothing worse than a > packet with a BAD ATTITUDE and those negative ones can be downright > gloomy. I filter them with HappyBridge(R) 1.0. ROTFL^10. I though California was not subject to negative attacks :-) -- -[ Philippe Regnauld / sysadmin / regnauld@deepo.prosa.dk / +55.4N +11.3E ]- The Internet is busy. Please try again later. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 6 02:52:14 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id CAA13615 for freebsd-security-outgoing; Tue, 6 Oct 1998 02:52:14 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from shell.futuresouth.com (shell.futuresouth.com [198.78.58.28]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id CAA13540 for ; Tue, 6 Oct 1998 02:51:55 -0700 (PDT) (envelope-from fullermd@futuresouth.com) Received: (from fullermd@localhost) by shell.futuresouth.com (8.8.8/8.8.8) id EAA24853; Tue, 6 Oct 1998 04:51:45 -0500 (CDT) Message-ID: <19981006045145.26603@futuresouth.com> Date: Tue, 6 Oct 1998 04:51:45 -0500 From: "Matthew D. Fuller" To: Wes Peters Cc: FreeBSD-security@FreeBSD.ORG Subject: Re: Java-based Crypto Decoder Ring gets NIST FIPS 140-1 certification (fwd) References: <36194931.975AA5AC@plutotech.com> <199810052353.RAA12302@mt.sri.com> <36195EF3.23B3260E@plutotech.com> <36199BC9.8B4BA146@softweyr.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.88 In-Reply-To: <36199BC9.8B4BA146@softweyr.com>; from Wes Peters on Mon, Oct 05, 1998 at 10:25:45PM -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, Oct 05, 1998 at 10:25:45PM -0600, Wes Peters woke me up to tell me: > > I personally prefer the urinalysis login method, but it can get pretty > messy, and I'm told is much more embarassing for users with two Y > chromosones. Two Y chromosones? I'm going to hope you meant to X's, else I shall have to REALLY dig and find my old high school bio book and try to remember the various problems slightly more pressing than logging into your computer that come up... *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* | FreeBSD; the way computers were meant to be | * "The only reason I'm burning my candle at both ends, is * | that I haven't figured out how to light the middle yet."| * fullermd@futuresouth.com :-} MAtthew Fuller * | http://keystone.westminster.edu/~fullermd | *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 6 03:50:41 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id DAA21059 for freebsd-security-outgoing; Tue, 6 Oct 1998 03:50:41 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from axl.training.iafrica.com (axl.training.iafrica.com [196.31.1.175]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id DAA21053 for ; Tue, 6 Oct 1998 03:50:32 -0700 (PDT) (envelope-from sheldonh@axl.training.iafrica.com) Received: from sheldonh (helo=axl.training.iafrica.com) by axl.training.iafrica.com with local-esmtp (Exim 2.02 #1) id 0zQUhC-0001bY-00; Tue, 6 Oct 1998 12:50:22 +0200 From: Sheldon Hearn To: freebsd-security@FreeBSD.ORG cc: Dan Busarow Subject: Re: The necessary steps for logging (the problem is fixed) In-reply-to: Your message of "Mon, 05 Oct 1998 15:22:14 MST." Date: Tue, 06 Oct 1998 12:50:21 +0200 Message-ID: <6171.907671021@axl.training.iafrica.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 05 Oct 1998 15:22:14 MST, Dan Busarow wrote: > When spaces are a legal value within a field, they can hardly be used > as field separators. If Dan is right, then the following PR should solve the problem and put an end to this thread: conf/8162 Ciao, Sheldon. Too many tongues, too few teeth. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 6 03:53:53 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id DAA21477 for freebsd-security-outgoing; Tue, 6 Oct 1998 03:53:53 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from ifi.uio.no (ifi.uio.no [129.240.64.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id DAA21452 for ; Tue, 6 Oct 1998 03:53:41 -0700 (PDT) (envelope-from dag-erli@ifi.uio.no) Received: from bergelmir.ifi.uio.no (2602@bergelmir.ifi.uio.no [129.240.65.172]) by ifi.uio.no (8.8.8/8.8.7/ifi0.2) with ESMTP id MAA02587; Tue, 6 Oct 1998 12:52:58 +0200 (MET DST) Received: (from dag-erli@localhost) by bergelmir.ifi.uio.no ; Tue, 6 Oct 1998 12:52:57 +0200 (MET DST) Mime-Version: 1.0 To: Wes Peters Cc: Sean Kelly , Nate Williams , Chuck Robey , FreeBSD-security@FreeBSD.ORG Subject: Re: Java-based Crypto Decoder Ring gets NIST FIPS 140-1 certification (fwd) References: <36194931.975AA5AC@plutotech.com> <199810052353.RAA12302@mt.sri.com> <36195EF3.23B3260E@plutotech.com> <36199BC9.8B4BA146@softweyr.com> Organization: University of Oslo, Department of Informatics X-url: http://www.stud.ifi.uio.no/~dag-erli/ X-other-addresses: 'finger dag-erli@ifi.uio.no' for a list X-disclaimer-1: The views expressed in this article are mine alone, and do X-disclaimer-2: not necessarily coincide with those of any organisation or X-disclaimer-3: company with which I am or have been affiliated. X-Stop-Spam: http://www.cauce.org/ From: dag-erli@ifi.uio.no (Dag-Erling C. =?iso-8859-1?Q?Sm=F8rgrav?= ) Date: 06 Oct 1998 12:52:57 +0200 In-Reply-To: Wes Peters's message of "Mon, 05 Oct 1998 22:25:45 -0600" Message-ID: Lines: 10 X-Mailer: Gnus v5.5/Emacs 19.34 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by hub.freebsd.org id DAA21462 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Wes Peters writes: > I personally prefer the urinalysis login method, but it can get pretty > messy, and I'm told is much more embarassing for users with two Y > chromosones. ITYM "two X chromosomes". HTH, HAND! DES -- Dag-Erling Smørgrav - dag-erli@ifi.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 6 06:52:47 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id GAA18607 for freebsd-security-outgoing; Tue, 6 Oct 1998 06:52:47 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from fledge.watson.org (COPLAND.CODA.CS.CMU.EDU [128.2.222.48]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA18592 for ; Tue, 6 Oct 1998 06:52:43 -0700 (PDT) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.8.8/8.8.8) with SMTP id JAA26494; Tue, 6 Oct 1998 09:52:35 -0400 (EDT) Date: Tue, 6 Oct 1998 09:52:35 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: "Jan B. Koum " cc: freebsd-security@FreeBSD.ORG Subject: Re: Negative IP Packets - Risky? (fwd) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org My feeling is he is referring to the IP stack corruption issue where some stacks treat the packet size field as a 'signed' value instead of an 'unsigned' value, and hence the field can be a 'negative IP packet'. Maybe it was a different field in the header, but I think you get the gyst. Not to spoil Jordan's comic overtures, mind you... :) I thought that at one point someone mentioned an IP stack sensitive to this on bugtraq, but I really don't recall. It might have gone something like this: you could overflow the buffer for an IP packet by setting the packet size large enough that a later size comparison routine that used that size in a signed form never evaluated true, so the fragments could be reassembled past the end of the buffer into other memory, resulting in corruption, and eventually (or shortly) a crash. Needless to say, the vendor of the IP stack screwed up, and it should be fixed, as large packet sizes should not be a problem, and may be used by some protocols. I could be wrong on the description, of course, and it could be something else about a depressed IP stack generating anti-Internet sentiments... (bows out to Jordan and the negative Californian packets..) On Tue, 6 Oct 1998, Jan B. Koum wrote: > > Am I the only one here who upon reading this goes "Huh?" > > OTOH, firewall-wizards is moderated by Marcus Ranum who does not > let just "any" mail through. In that case: what are negative IP packets?! > > -- Yan > > I don't have the password .... + Jan Koum > But the path is chainlinked .. | Spelled Jan, pronounced Yan. There. > So if you've got the time .... | Web: http://www.best.com/~jkb > Set the tone to sync ......... + OS: http://www.FreeBSD.org > > ---------- Forwarded message ---------- > Date: Mon, 05 Oct 1998 20:11:17 +0100 > From: James Rowley > To: "'firewall-wizards@nfr.com'" > Subject: Negative IP Packets - Risky? > > By sending negative IP packets to a network, you can crash the server. > > Is anyone else aware of this & possible precautions that one can take? > > sincerely, > > James Rowley - Eudemonic Solutions, Edinburgh, SCOTLAND > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > Robert N Watson Carnegie Mellon University http://www.cmu.edu/ TIS Labs at Network Associates, Inc. http://www.tis.com/ SafePort Network Services http://www.safeport.com/ robert@fledge.watson.org http://www.watson.org/~robert/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 6 07:45:14 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id HAA28948 for freebsd-security-outgoing; Tue, 6 Oct 1998 07:45:14 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from cheops.anu.edu.au (cheops.anu.edu.au [150.203.224.24]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA28931 for ; Tue, 6 Oct 1998 07:45:07 -0700 (PDT) (envelope-from avalon@coombs.anu.edu.au) Message-Id: <199810061445.HAA28931@hub.freebsd.org> Received: by cheops.anu.edu.au (1.37.109.16/16.2) id AA201105074; Wed, 7 Oct 1998 00:44:34 +1000 From: Darren Reed Subject: Re: Negative IP Packets - Risky? (fwd) To: robert+freebsd@cyrus.watson.org Date: Wed, 7 Oct 1998 00:44:33 +1000 (EST) Cc: jkb@best.com, freebsd-security@FreeBSD.ORG In-Reply-To: from "Robert Watson" at Oct 6, 98 09:52:35 am X-Mailer: ELM [version 2.4 PL23] Content-Type: text Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org you're confused with packets claiming reassembled sizes > 64K. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 6 08:02:51 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id IAA01978 for freebsd-security-outgoing; Tue, 6 Oct 1998 08:02:51 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from relay.acadiau.ca (relay.acadiau.ca [131.162.2.90]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA01972 for ; Tue, 6 Oct 1998 08:02:48 -0700 (PDT) (envelope-from 026809r@dragon.acadiau.ca) Received: from dragon.acadiau.ca (dragon [131.162.1.79]) by relay.acadiau.ca (8.8.5/8.8.5) with ESMTP id MAA06694 for ; Tue, 6 Oct 1998 12:02:42 -0300 (ADT) Received: (from 026809r@localhost) by dragon.acadiau.ca (8.8.8+Sun/8.8.8) id MAA01110 for security@freebsd.org; Tue, 6 Oct 1998 12:02:41 -0300 (ADT) From: Michael Richards <026809r@dragon.acadiau.ca> Message-Id: <199810061502.MAA01110@dragon.acadiau.ca> Subject: Large packets? To: security@FreeBSD.ORG Date: Tue, 6 Oct 1998 12:02:41 -0300 (ADT) X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi everyone. I have been following the discussion of negative IP addresses. Correct me if I am wrong, but isn't the largest possible packet 64K even after it's been re-assembled? -Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 6 08:37:03 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id IAA08043 for freebsd-security-outgoing; Tue, 6 Oct 1998 08:37:03 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from pluto.plutotech.com (mail.plutotech.com [206.168.67.137]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA08006 for ; Tue, 6 Oct 1998 08:36:52 -0700 (PDT) (envelope-from kelly@plutotech.com) Received: from plutotech.com (tampopo.plutotech.com [206.168.67.161]) by pluto.plutotech.com (8.8.7/8.8.5) with ESMTP id JAA21860; Tue, 6 Oct 1998 09:36:36 -0600 (MDT) Message-ID: <361A3903.2DF4B6E1@plutotech.com> Date: Tue, 06 Oct 1998 09:36:35 -0600 From: Sean Kelly Organization: Pluto Technologies X-Mailer: Mozilla 4.04 [en] (X11; I; FreeBSD 3.0-CURRENT i386) MIME-Version: 1.0 To: Wes Peters CC: Nate Williams , Chuck Robey , FreeBSD-security@FreeBSD.ORG Subject: Re: Java-based Crypto Decoder Ring gets NIST FIPS 140-1 certification (fwd) References: <36194931.975AA5AC@plutotech.com> <199810052353.RAA12302@mt.sri.com> <36195EF3.23B3260E@plutotech.com> <36199BC9.8B4BA146@softweyr.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Wes Peters wrote: > I personally prefer the urinalysis login method, but it can get pretty > messy, and I'm told is much more embarassing for users with two Y > chromosones. Heh. Not to mention that most public user areas are already fairly odious in their odors. Peeeeeyew! --Sean To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 6 08:54:36 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id IAA11820 for freebsd-security-outgoing; Tue, 6 Oct 1998 08:54:36 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from picnic.mat.net (picnic.mat.net [206.246.122.117]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA11804 for ; Tue, 6 Oct 1998 08:54:32 -0700 (PDT) (envelope-from chuckr@mat.net) Received: from localhost (chuckr@localhost) by picnic.mat.net (8.9.1/8.8.5) with ESMTP id XAA18443; Mon, 5 Oct 1998 23:33:05 -0400 (EDT) Date: Mon, 5 Oct 1998 23:33:05 -0400 (EDT) From: Chuck Robey To: Nate Williams cc: Sean Kelly , FreeBSD-security@FreeBSD.ORG Subject: Re: Java-based Crypto Decoder Ring gets NIST FIPS 140-1 certification (fwd) In-Reply-To: <199810052353.RAA12302@mt.sri.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 5 Oct 1998, Nate Williams wrote: > > > I can do that part, I'm interested if this really > > > represents a secure method for me to be able to do something like carry > > > around my whole 1024 bit private key with me, and use the $15 (yes, it's > > > only $15!) ISA card to interface to the ring, and tell the system > > > securely who I am. I want to know if there are any hidden traps to > > > doing logins that way. > > > > I hope not, since I'm planning on using my iButton to arm and disarm the > > home security system. I get the added bonus of a record of who did it > > (me, wife, or future kids), and a nearly nil chance that anyone else can > > disarm it. > > Umm, quick question. What's to stop the burglar from taking your ring > and using it to disarm your alarm? (I contrast this with the alarms > ability to have a 'disarm but silent setoff setting' which disarms the > alarm by still calls in the calvary, which is used when you are in > distress... > > (Or, am I just being truly paranoid...) No, you're not being paranoid, but still illogical. Think of the Roman warrior being shown a gun, and told that he can now kill folks from far away ... and the warrior grouses "but what happens when I run out of bullets?" Sure, it happens. What happens, Nate, when that burglar, who now has to take your keys, does exactly that? The analogy with your question of what happens when he takes your ring is exact here. Don't expect this to solve ALL problems, but it's going to be one hell of a lot harder to lose your keys, now isn't it? And, given the length of the password you can carry, as long as you hang onto that ring, you're much safer than you were, right? I'm NOT portraying this as perfect, Nate, merely a huge improvement, right? > > > Nate - Who is looking for a good 'physical' security mechanism that > can't be easily forged by an outsider who gets physical access to you > and your computer. > > ----------------------------+----------------------------------------------- Chuck Robey | Interests include any kind of voice or data chuckr@glue.umd.edu | communications topic, C programming, and Unix. 213 Lakeside Drive Apt T-1 | Greenbelt, MD 20770 | I run Journey2 and picnic (FreeBSD-current) (301) 220-2114 | and jaunt (NetBSD). ----------------------------+----------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 6 09:49:56 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA24914 for freebsd-security-outgoing; Tue, 6 Oct 1998 09:49:56 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from fledge.watson.org (COPLAND.CODA.CS.CMU.EDU [128.2.222.48]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA24901 for ; Tue, 6 Oct 1998 09:49:53 -0700 (PDT) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.8.8/8.8.8) with SMTP id MAA27809; Tue, 6 Oct 1998 12:47:18 -0400 (EDT) Date: Tue, 6 Oct 1998 12:47:18 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: Michael Richards <026809r@dragon.acadiau.ca> cc: security@FreeBSD.ORG Subject: Re: Large packets? In-Reply-To: <199810061502.MAA01110@dragon.acadiau.ca> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 6 Oct 1998, Michael Richards wrote: > I have been following the discussion of negative IP addresses. Correct me if > I am wrong, but isn't the largest possible packet 64K even after it's been > re-assembled? In theory. :) The maximum size of an IP packet is indeed 64k, but some implementations don't check that the fragments being reassembled actually add up to the correct length, so they just past the fragments one after another, off the end of the buffer, onto the floor. Or rather, onto other pieces of memory resulting in corruption. My speculation about the negative number being associated with size was based on this -- that perhaps some careless programmer had accidentally used a signed short for the size in their code, rather than an unsigned short. Then any check against the size field in the form if (size < somesize) would behave incorrectly, because large packet sizes would be interpretted as small ones. Darren has suggested that I am confusing this with another attack, and that is entirely possible. :) The are an awful lot of mistakes an IP stack programmer can make :). Robert N Watson Carnegie Mellon University http://www.cmu.edu/ TIS Labs at Network Associates, Inc. http://www.tis.com/ SafePort Network Services http://www.safeport.com/ robert@fledge.watson.org http://www.watson.org/~robert/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 6 10:12:08 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA28477 for freebsd-security-outgoing; Tue, 6 Oct 1998 10:12:08 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from dt053nb4.san.rr.com (dt053nb4.san.rr.com [204.210.34.180]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA28434 for ; Tue, 6 Oct 1998 10:11:23 -0700 (PDT) (envelope-from Studded@dal.net) Received: from dal.net (Studded@localhost [127.0.0.1]) by dt053nb4.san.rr.com (8.8.8/8.8.8) with ESMTP id KAA17386; Tue, 6 Oct 1998 10:11:20 -0700 (PDT) (envelope-from Studded@dal.net) Message-ID: <361A4F37.141BAE11@dal.net> Date: Tue, 06 Oct 1998 10:11:19 -0700 From: Studded Organization: Triborough Bridge & Tunnel Authority X-Mailer: Mozilla 4.5b2 [en] (X11; I; FreeBSD 2.2.7-STABLE-0929 i386) X-Accept-Language: en MIME-Version: 1.0 CC: freebsd-security@FreeBSD.ORG, Dan Busarow Subject: Re: The necessary steps for logging (the problem is fixed) References: <6171.907671021@axl.training.iafrica.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Sheldon Hearn wrote: > > On Mon, 05 Oct 1998 15:22:14 MST, Dan Busarow wrote: > > > When spaces are a legal value within a field, they can hardly be used > > as field separators. > > If Dan is right, then the following PR should solve the problem and put > an end to this thread: I don't think spaces are valid on either side of the syslog.conf entry. At least my reading of the man page doesn't suggest that. Multiple selectors may be specified for a single action by separating them with semicolon (``;'') characters. It is important to note, howev- er, that each selector can modify the ones preceding it. Multiple facilities may be specified for a single level by separating them with comma (``,'') characters. The section about the RHS is more wordy, but the only valid seperator mentioned is a comma. My vote is to change the code, failing that, the comment in the PR would be a good start. Doug -- *** Chief Operations Officer, DALnet IRC network *** Go PADRES! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 6 10:35:28 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA01503 for freebsd-security-outgoing; Tue, 6 Oct 1998 10:35:28 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from java.dpcsys.com (java.dpcsys.com [206.16.184.7]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA01493 for ; Tue, 6 Oct 1998 10:35:25 -0700 (PDT) (envelope-from dan@dpcsys.com) Received: from localhost (dan@localhost) by java.dpcsys.com (8.9.1a/8.9.1) with SMTP id KAA13649; Tue, 6 Oct 1998 10:35:13 -0700 (PDT) Date: Tue, 6 Oct 1998 10:35:12 -0700 (PDT) From: Dan Busarow To: Studded cc: freebsd-security@FreeBSD.ORG Subject: Re: The necessary steps for logging (the problem is fixed) In-Reply-To: <361A4F37.141BAE11@dal.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 6 Oct 1998, Studded wrote: > I don't think spaces are valid on either side of the syslog.conf entry. > At least my reading of the man page doesn't suggest that. > > Multiple selectors may be specified for a single action by > separating > them with semicolon (``;'') characters. It is important to note, > howev- > er, that each selector can modify the ones preceding it. > > Multiple facilities may be specified for a single level by > separating > them with comma (``,'') characters. The LHS does look space safe. > The section about the RHS is more wordy, but the only valid seperator > mentioned is a comma. My vote is to change the code, failing that, the > comment in the PR would be a good start. >From the man page # Pipe all authentication messages to a filter. auth.* |exec /usr/local/sbin/authfilter Unless someone can demonstrate a valid use of spaces on the LHS crontab style checking would work though. (spaces are only legal in the last field of crontab as well) Dan -- Dan Busarow 949 443 4172 Dana Point Communications, a California corporation dan@dpcsys.com Dana Point, California 83 09 EF 59 E0 11 89 B4 8D 09 DB FD E1 DD 0C 82 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 6 10:49:23 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA03717 for freebsd-security-outgoing; Tue, 6 Oct 1998 10:49:23 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from dt053nb4.san.rr.com (dt053nb4.san.rr.com [204.210.34.180]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA03706 for ; Tue, 6 Oct 1998 10:49:11 -0700 (PDT) (envelope-from Studded@dal.net) Received: from dal.net (Studded@localhost [127.0.0.1]) by dt053nb4.san.rr.com (8.8.8/8.8.8) with ESMTP id KAA17889; Tue, 6 Oct 1998 10:49:07 -0700 (PDT) (envelope-from Studded@dal.net) Message-ID: <361A5812.90244D76@dal.net> Date: Tue, 06 Oct 1998 10:49:06 -0700 From: Studded Organization: Triborough Bridge & Tunnel Authority X-Mailer: Mozilla 4.5b2 [en] (X11; I; FreeBSD 2.2.7-STABLE-0929 i386) X-Accept-Language: en MIME-Version: 1.0 To: Dan Busarow CC: freebsd-security@FreeBSD.ORG Subject: Re: The necessary steps for logging (the problem is fixed) References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Dan Busarow wrote: > Unless someone can demonstrate a valid use of spaces on the LHS > crontab style checking would work though. (spaces are only legal > in the last field of crontab as well) Works for me. :) -- *** Chief Operations Officer, DALnet IRC network *** Go PADRES! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 6 11:02:56 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA05967 for freebsd-security-outgoing; Tue, 6 Oct 1998 11:02:56 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from lariat.lariat.org (lariat.lariat.org [206.100.185.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA05951 for ; Tue, 6 Oct 1998 11:02:48 -0700 (PDT) (envelope-from brett@lariat.org) Received: (from brett@localhost) by lariat.lariat.org (8.8.8/8.8.6) id LAA14207; Tue, 6 Oct 1998 11:59:49 -0600 (MDT) Message-Id: <4.1.19981006115624.04198290@mail.lariat.org> X-Sender: brett@mail.lariat.org X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Tue, 06 Oct 1998 11:58:21 -0600 To: Robert Watson , Michael Richards <026809r@dragon.acadiau.ca> From: Brett Glass Subject: Re: Large packets? Cc: security@FreeBSD.ORG In-Reply-To: References: <199810061502.MAA01110@dragon.acadiau.ca> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 12:47 PM 10/6/98 -0400, Robert Watson wrote: >In theory. :) The maximum size of an IP packet is indeed 64k, but some >implementations don't check that the fragments being reassembled actually >add up to the correct length, so they just past the fragments one after >another, off the end of the buffer, onto the floor. Or rather, onto other >pieces of memory resulting in corruption. This is the "Ping of Death." The problem is that many developers, wanting their network code to be fast, aren't doing bounds checking on network buffers. Of course, ANYTHING you receive off the Net should be treated as highly suspicious. The code should be TOTALLY paranoid. --Brett Glass To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 6 11:13:31 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA07991 for freebsd-security-outgoing; Tue, 6 Oct 1998 11:13:31 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from lariat.lariat.org (lariat.lariat.org [206.100.185.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA07974 for ; Tue, 6 Oct 1998 11:13:22 -0700 (PDT) (envelope-from brett@lariat.org) Received: (from brett@localhost) by lariat.lariat.org (8.8.8/8.8.6) id MAA14341; Tue, 6 Oct 1998 12:12:20 -0600 (MDT) Message-Id: <4.1.19981006120902.04313410@mail.lariat.org> X-Sender: brett@mail.lariat.org X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Tue, 06 Oct 1998 12:10:32 -0600 To: Sean Kelly , Wes Peters From: Brett Glass Subject: Re: Java-based Crypto Decoder Ring gets NIST FIPS 140-1 certification (fwd) Cc: Nate Williams , Chuck Robey , FreeBSD-security@FreeBSD.ORG In-Reply-To: <361A3903.2DF4B6E1@plutotech.com> References: <36194931.975AA5AC@plutotech.com> <199810052353.RAA12302@mt.sri.com> <36195EF3.23B3260E@plutotech.com> <36199BC9.8B4BA146@softweyr.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In other words, this is the way one would "mark" one's territory? Sorry, but this is a case where paper works MUCH better than a CRT. ;-) --Brett At 09:36 AM 10/6/98 -0600, Sean Kelly wrote: >Wes Peters wrote: >> I personally prefer the urinalysis login method, but it can get pretty >> messy, and I'm told is much more embarassing for users with two Y >> chromosones. > >Heh. Not to mention that most public user areas are already fairly >odious in their odors. Peeeeeyew! > >--Sean > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 6 12:37:51 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA26794 for freebsd-security-outgoing; Tue, 6 Oct 1998 12:37:51 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from gjp.erols.com (alex-va-n008c079.moon.jic.com [206.156.18.89]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA26780 for ; Tue, 6 Oct 1998 12:37:46 -0700 (PDT) (envelope-from gjp@gjp.erols.com) Received: from gjp.erols.com (gjp@localhost.erols.com [127.0.0.1]) by gjp.erols.com (8.8.8/8.8.7) with ESMTP id PAA26564; Tue, 6 Oct 1998 15:37:35 -0400 (EDT) (envelope-from gjp@gjp.erols.com) X-Mailer: exmh version 2.0.1 12/23/97 To: "Jordan K. Hubbard" cc: freebsd-security@FreeBSD.ORG From: "Gary Palmer" Subject: Re: Negative IP Packets - Risky? (fwd) In-reply-to: Your message of "Tue, 06 Oct 1998 01:13:22 PDT." <17497.907661602@time.cdrom.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 06 Oct 1998 15:37:35 -0400 Message-ID: <26560.907702655@gjp.erols.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org "Jordan K. Hubbard" wrote in message ID <17497.907661602@time.cdrom.com>: > Ah yes, the old negative IP packets. There's nothing worse than a > packet with a BAD ATTITUDE and those negative ones can be downright > gloomy. I filter them with HappyBridge(R) 1.0. That revision has some serious security problems. You need 1.0.5.3.9999104 PL5 before you get a semi-secure system. Gary -- Gary Palmer FreeBSD Core Team Member FreeBSD: Turning PC's into workstations. See http://www.FreeBSD.ORG/ for info To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 6 12:40:46 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA27318 for freebsd-security-outgoing; Tue, 6 Oct 1998 12:40:46 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from gjp.erols.com (alex-va-n008c079.moon.jic.com [206.156.18.89]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA27229 for ; Tue, 6 Oct 1998 12:40:27 -0700 (PDT) (envelope-from gjp@gjp.erols.com) Received: from gjp.erols.com (gjp@localhost.erols.com [127.0.0.1]) by gjp.erols.com (8.8.8/8.8.7) with ESMTP id PAA26615; Tue, 6 Oct 1998 15:40:13 -0400 (EDT) (envelope-from gjp@gjp.erols.com) X-Mailer: exmh version 2.0.1 12/23/97 To: Philippe Regnauld cc: freebsd-security@FreeBSD.ORG From: "Gary Palmer" Subject: Re: Negative IP Packets - Risky? (fwd) In-reply-to: Your message of "Tue, 06 Oct 1998 12:00:45 +0200." <19981006120045.14073@deepo.prosa.dk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 06 Oct 1998 15:40:13 -0400 Message-ID: <26610.907702813@gjp.erols.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Philippe Regnauld wrote in message ID <19981006120045.14073@deepo.prosa.dk>: > I though California was not subject to negative attacks :-) They are when UCB runs out of drugs. :) Gary -- Gary Palmer FreeBSD Core Team Member FreeBSD: Turning PC's into workstations. See http://www.FreeBSD.ORG/ for info To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 6 12:47:15 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA28855 for freebsd-security-outgoing; Tue, 6 Oct 1998 12:47:15 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from phoenix.volant.org (phoenix.volant.org [205.179.79.193]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA28807 for ; Tue, 6 Oct 1998 12:47:04 -0700 (PDT) (envelope-from patl@phoenix.volant.org) From: patl@phoenix.volant.org Received: from asimov.phoenix.volant.org ([205.179.79.65]) by phoenix.volant.org with smtp (Exim 1.92 #8) id 0zQd4J-00042Y-00; Tue, 6 Oct 1998 12:46:47 -0700 Received: from localhost by asimov.phoenix.volant.org (SMI-8.6/SMI-SVR4) id MAA21632; Tue, 6 Oct 1998 12:46:42 -0700 Date: Tue, 6 Oct 1998 12:46:42 -0700 (PDT) Reply-To: patl@phoenix.volant.org Subject: Re: Two Y chromosomes [ Was: Java-based Crypto Decoder Ring ...] To: "Matthew D. Fuller" cc: Wes Peters , FreeBSD-security@FreeBSD.ORG In-Reply-To: <19981006045145.26603@futuresouth.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; CHARSET=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > On Mon, Oct 05, 1998 at 10:25:45PM -0600, Wes Peters woke me up to tell me: > > > > I personally prefer the urinalysis login method, but it can get pretty > > messy, and I'm told is much more embarassing for users with two Y > > chromosones. > > Two Y chromosones? > I'm going to hope you meant to X's, else I shall have to REALLY dig and > find my old high school bio book and try to remember the various problems > slightly more pressing than logging into your computer that come up... Actually, there are some -very- rare individuals who have two Y chromosomes. But they also have an X chromosome. And there are some equally rare folks with two Xes and a Y. IIRC, there are no obvious physical signs; but such folk tend to be subject to various extremes of anti-social and violent behavour. -Pat To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 6 14:53:19 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id OAA05024 for freebsd-security-outgoing; Tue, 6 Oct 1998 14:53:19 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from orcrist.mediacity.com (orcrist.mediacity.com [208.138.36.146]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA04862 for ; Tue, 6 Oct 1998 14:52:33 -0700 (PDT) (envelope-from gsutter@orcrist.mediacity.com) Received: (from gsutter@localhost) by orcrist.mediacity.com (8.8.8/8.8.8) id OAA09919; Tue, 6 Oct 1998 14:53:24 -0700 (PDT) (envelope-from gsutter) Message-ID: <19981006145323.M10980@orcrist.mediacity.com> Date: Tue, 6 Oct 1998 14:53:23 -0700 From: Gregory Sutter To: patl@phoenix.volant.org, "Matthew D. Fuller" Cc: Wes Peters , FreeBSD-security@FreeBSD.ORG Subject: Re: Two Y chromosomes [ Was: Java-based Crypto Decoder Ring ...] References: <19981006045145.26603@futuresouth.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.2i In-Reply-To: ; from patl@phoenix.volant.org on Tue, Oct 06, 1998 at 12:46:42PM -0700 Organization: Zer0 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, Oct 06, 1998 at 12:46:42PM -0700, patl@phoenix.volant.org wrote: > > > > Two Y chromosones? > > I'm going to hope you meant to X's, else I shall have to REALLY dig and > > find my old high school bio book and try to remember the various problems > > slightly more pressing than logging into your computer that come up... > > Actually, there are some -very- rare individuals who have two Y > chromosomes. But they also have an X chromosome. And there are > some equally rare folks with two Xes and a Y. IIRC, there are > no obvious physical signs; but such folk tend to be subject to > various extremes of anti-social and violent behavour. Actually, such folk tend to have some physical and mental signs, which get worse as the number of additional chromosomes increases. There are people with XYYYY chromosomes, but they're usually quite retarded and have multiple physical problems. If you want to know more, flip through an introductory genetics book; the resulting knowledge may intrigue you, will almost certainly disgust you, but hopefully will also instill you with a sense of awe at the amazing systems that make us "us". Evolution is cool. :) Greg -- Gregory S. Sutter Failing sardine factory cans employees! mailto:gsutter@pobox.com http://www.pobox.com/~gsutter/ PGP DSS public key 0x40AE3052 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 6 15:57:21 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id PAA21075 for freebsd-security-outgoing; Tue, 6 Oct 1998 15:57:21 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from ns.mt.sri.com (sri-gw.MT.net [206.127.105.141]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA21038 for ; Tue, 6 Oct 1998 15:56:56 -0700 (PDT) (envelope-from nate@mt.sri.com) Received: from mt.sri.com (rocky.mt.sri.com [206.127.76.100]) by ns.mt.sri.com (8.8.8/8.8.8) with SMTP id QAA20467; Tue, 6 Oct 1998 16:56:44 -0600 (MDT) (envelope-from nate@rocky.mt.sri.com) Received: by mt.sri.com (SMI-8.6/SMI-SVR4) id QAA02571; Tue, 6 Oct 1998 16:56:30 -0600 Date: Tue, 6 Oct 1998 16:56:30 -0600 Message-Id: <199810062256.QAA02571@mt.sri.com> From: Nate Williams MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit To: patl@phoenix.volant.org Cc: "Matthew D. Fuller" , Wes Peters , FreeBSD-security@FreeBSD.ORG Subject: Re: Two Y chromosomes [ Was: Java-based Crypto Decoder Ring ...] In-Reply-To: References: <19981006045145.26603@futuresouth.com> X-Mailer: VM 6.34 under 19.16 "Lille" XEmacs Lucid Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > > I personally prefer the urinalysis login method, but it can get pretty > > > messy, and I'm told is much more embarassing for users with two Y > > > chromosones. > > > > Two Y chromosones? > > I'm going to hope you meant to X's, else I shall have to REALLY dig and > > find my old high school bio book and try to remember the various problems > > slightly more pressing than logging into your computer that come up... > > Actually, there are some -very- rare individuals who have two Y > chromosomes. But they also have an X chromosome. And there are > some equally rare folks with two Xes and a Y. IIRC, there are > no obvious physical signs; but such folk tend to be subject to > various extremes of anti-social and violent behavour. Actually, not always. Jamie-Lee Curtiss is one of those rare ones (which is why she couldn't have children). Don't ask why I know this... :) Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 6 17:45:21 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id RAA13031 for freebsd-security-outgoing; Tue, 6 Oct 1998 17:45:21 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from whistle.com (s205m131.whistle.com [207.76.205.131]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id RAA12961 for ; Tue, 6 Oct 1998 17:44:53 -0700 (PDT) (envelope-from archie@whistle.com) Received: (from smap@localhost) by whistle.com (8.7.5/8.6.12) id RAA21578; Tue, 6 Oct 1998 17:44:49 -0700 (PDT) Received: from bubba.whistle.com(207.76.205.7) by whistle.com via smap (V1.3) id sma021576; Tue Oct 6 17:44:26 1998 Received: (from archie@localhost) by bubba.whistle.com (8.8.7/8.6.12) id RAA07611; Tue, 6 Oct 1998 17:44:26 -0700 (PDT) From: Archie Cobbs Message-Id: <199810070044.RAA07611@bubba.whistle.com> Subject: Re: The necessary steps for logging (the problem is fixed) In-Reply-To: <361A5812.90244D76@dal.net> from Studded at "Oct 6, 98 10:49:06 am" To: Studded@dal.net (Studded) Date: Tue, 6 Oct 1998 17:44:26 -0700 (PDT) Cc: dan@dpcsys.com, freebsd-security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL38 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Studded writes: > > Unless someone can demonstrate a valid use of spaces on the LHS > > crontab style checking would work though. (spaces are only legal > > in the last field of crontab as well) > > Works for me. :) Here's a patch that makes space a separator between LHS and RHS just like tab is.. -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com Index: syslogd.c =================================================================== RCS file: /cvs/freebsd/src/usr.sbin/syslogd/syslogd.c,v retrieving revision 1.41 diff -u -u -r1.41 syslogd.c --- syslogd.c 1998/08/25 21:16:47 1.41 +++ syslogd.c 1998/10/07 00:44:08 @@ -1365,12 +1365,12 @@ } /* scan through the list of selectors */ - for (p = line; *p && *p != '\t';) { + for (p = line; *p && *p != '\t' && *p != ' ';) { int pri_done; int pri_cmp; /* find the end of this facility name list */ - for (q = p; *q && *q != '\t' && *q++ != '.'; ) + for (q = p; *q && *q != '\t' && *q != ' ' && *q++ != '.'; ) continue; /* get the priority comparison */ @@ -1402,7 +1402,7 @@ ; /* collect priority name */ - for (bp = buf; *q && !strchr("\t,;", *q); ) + for (bp = buf; *q && !strchr(" \t,;", *q); ) *bp++ = *q++; *bp = '\0'; @@ -1424,8 +1424,8 @@ } /* scan facilities */ - while (*p && !strchr("\t.;", *p)) { - for (bp = buf; *p && !strchr("\t,;.", *p); ) + while (*p && !strchr(" \t.;", *p)) { + for (bp = buf; *p && !strchr(" \t,;.", *p); ) *bp++ = *p++; *bp = '\0'; @@ -1454,7 +1454,7 @@ } /* skip to action part */ - while (*p == '\t') + while (*p == '\t' || *p == ' ') p++; switch (*p) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 6 18:23:35 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id SAA21520 for freebsd-security-outgoing; Tue, 6 Oct 1998 18:23:35 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from peak.mountin.net (peak.mountin.net [207.227.119.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id SAA21450 for ; Tue, 6 Oct 1998 18:23:10 -0700 (PDT) (envelope-from jeff-ml@mountin.net) Received: (from daemon@localhost) by peak.mountin.net (8.9.1/8.9.1) id UAA18410; Tue, 6 Oct 1998 20:23:05 -0500 (CDT) Received: from luthien-10.isdn.mke.execpc.com(169.207.65.10) by peak.mountin.net via smap (V1.3) id sma018405; Tue Oct 6 20:22:53 1998 Message-Id: <3.0.3.32.19981006201610.00f718c8@207.227.119.2> X-Sender: jeff-ml@207.227.119.2 X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32) Date: Tue, 06 Oct 1998 20:16:10 -0500 To: "Jordan K. Hubbard" From: "Jeffrey J. Mountin" Subject: Re: Negative IP Packets - Risky? (fwd) Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <17497.907661602@time.cdrom.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 01:13 AM 10/6/98 -0700, Jordan K. Hubbard wrote: >> By sending negative IP packets to a network, you can crash the server. > >Ah yes, the old negative IP packets. There's nothing worse than a >packet with a BAD ATTITUDE and those negative ones can be downright >gloomy. I filter them with HappyBridge(R) 1.0. ROFLMAOUB!!! Just what I needed after ftp'ing the 10/4 beta (knowing a new one is close), installing, and generally trying to fry my brain with all the usual messages and esp. messages, documentation et all for new stuff in 3.0 etc. When is HappyBridge going to be added to ports? 8-) Jeff Mountin - Unix Systems TCP/IP networking jeff@mountin.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 6 19:03:52 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id TAA01166 for freebsd-security-outgoing; Tue, 6 Oct 1998 19:03:52 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from peak.mountin.net (peak.mountin.net [207.227.119.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id TAA01142 for ; Tue, 6 Oct 1998 19:03:43 -0700 (PDT) (envelope-from jeff-ml@mountin.net) Received: (from daemon@localhost) by peak.mountin.net (8.9.1/8.9.1) id VAA18516; Tue, 6 Oct 1998 21:03:36 -0500 (CDT) Received: from luthien-10.isdn.mke.execpc.com(169.207.65.10) by peak.mountin.net via smap (V1.3) id sma018514; Tue Oct 6 21:03:32 1998 Message-Id: <3.0.3.32.19981006205648.006e987c@207.227.119.2> X-Sender: jeff-ml@207.227.119.2 X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32) Date: Tue, 06 Oct 1998 20:56:48 -0500 To: Dan Busarow , Studded From: "Jeffrey J. Mountin" Subject: Re: The necessary steps for logging (the problem is fixed) Cc: freebsd-security@FreeBSD.ORG In-Reply-To: References: <361A4F37.141BAE11@dal.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 10:35 AM 10/6/98 -0700, Dan Busarow wrote: >Unless someone can demonstrate a valid use of spaces on the LHS >crontab style checking would work though. (spaces are only legal >in the last field of crontab as well) Huh? You are refering to the checking, but the original /etc/crontab's for 2.2.7 and the 9/30 beta are mostly spaces, but the do mix tabs and spaces on the LHS, assuming you are referring in this case to only the time/date fields. In 2.2.7 (v1.13) even has a tab between adjkerntz and the -a flag that the beta (v.1.18) did not. There was some other space/tab swapping between the 2, but crontab is _not_ consistant or mentioned clearly (at all) in the man pages. The important parts are almost identical. Jeez. Otherwise a warning for syslog would be good, but I've always used tabs for better clarity reading syslog.conf. Good time to make a decision for crontab or at least the file. ;) Jeff Mountin - Unix Systems TCP/IP networking jeff@mountin.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 6 19:16:32 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id TAA03115 for freebsd-security-outgoing; Tue, 6 Oct 1998 19:16:32 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from peak.mountin.net (peak.mountin.net [207.227.119.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id TAA03096 for ; Tue, 6 Oct 1998 19:16:26 -0700 (PDT) (envelope-from jeff-ml@mountin.net) Received: (from daemon@localhost) by peak.mountin.net (8.9.1/8.9.1) id VAA18538; Tue, 6 Oct 1998 21:16:06 -0500 (CDT) Received: from luthien-10.isdn.mke.execpc.com(169.207.65.10) by peak.mountin.net via smap (V1.3) id sma018536; Tue Oct 6 21:15:47 1998 Message-Id: <3.0.3.32.19981006210902.006e987c@207.227.119.2> X-Sender: jeff-ml@207.227.119.2 X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32) Date: Tue, 06 Oct 1998 21:09:02 -0500 To: Wes Peters , Sean Kelly From: "Jeffrey J. Mountin" Subject: Re: Java-based Crypto Decoder Ring gets NIST FIPS 140-1 certification (fwd) Cc: Nate Williams , Chuck Robey , FreeBSD-security@FreeBSD.ORG In-Reply-To: <36199BC9.8B4BA146@softweyr.com> References: <36194931.975AA5AC@plutotech.com> <199810052353.RAA12302@mt.sri.com> <36195EF3.23B3260E@plutotech.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 10:25 PM 10/5/98 -0600, Wes Peters wrote: >Nate Williams quipped? >% Umm, quick question. What's to stop the burglar from taking your ring >% and using it to disarm your alarm? > >Sean Kelly wrote: >> I'll try to put up a good fight. :-) > >For you, Nate, I'd say Montana's (complete lack of) gun-control laws will >help. ;^) E gads! Skip the fight, unless you can get a bead on him quickly. ;) >% (I contrast this with the alarms >% ability to have a 'disarm but silent setoff setting' which disarms the >% alarm by still calls in the calvary, which is used when you are in >% distress... > >> Good idea. Maybe there should be both the ring and a keypad; a special >> code can indicate distress. Seriously, you could disarm it, but use a "special" code that sends the posse. >% (Or, am I just being truly paranoid...) > >> You? Naaaah! > >% Nate - Who is looking for a good 'physical' security mechanism that >% can't be easily forged by an outsider who gets physical access to you >% and your computer. Before addressing far-out scenarios, let's assume it's a ring. As long as it doesn't not fall off.... If it does, the finder would need to know where to use it. Say one is laying on the street. Despite the odds of finding a "good" receptical, lose the ring and you change the codes. >This would pretty much need to be a biometric device of some sort that >can measure stress *and* determine if the subject is living or dead. >Probably still slightly beyond the state of the art, but not more than >a few years out now. > >I personally prefer the urinalysis login method, but it can get pretty >messy, and I'm told is much more embarassing for users with two Y >chromosones. Retina scan maybe. Simple, less messy and what happens if it is 50 below and you just can't go. Not sure the ladies would like the p-test either. Also what happens if someone steals a sample. For the truely paranoid. 8-) Jeff Mountin - Unix Systems TCP/IP networking jeff@mountin.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 6 19:29:45 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id TAA06645 for freebsd-security-outgoing; Tue, 6 Oct 1998 19:29:45 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from peak.mountin.net (peak.mountin.net [207.227.119.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id TAA06634 for ; Tue, 6 Oct 1998 19:29:42 -0700 (PDT) (envelope-from jeff-ml@mountin.net) Received: (from daemon@localhost) by peak.mountin.net (8.9.1/8.9.1) id VAA18587; Tue, 6 Oct 1998 21:29:07 -0500 (CDT) Received: from luthien-10.isdn.mke.execpc.com(169.207.65.10) by peak.mountin.net via smap (V1.3) id sma018585; Tue Oct 6 21:28:40 1998 Message-Id: <3.0.3.32.19981006212155.006e987c@207.227.119.2> X-Sender: jeff-ml@207.227.119.2 X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32) Date: Tue, 06 Oct 1998 21:21:55 -0500 To: Nate Williams , Sean Kelly From: "Jeffrey J. Mountin" Subject: Re: Java-based Crypto Decoder Ring gets NIST FIPS 140-1 certification (fwd) Cc: Chuck Robey , FreeBSD-security@FreeBSD.ORG In-Reply-To: <199810052353.RAA12302@mt.sri.com> References: <36194931.975AA5AC@plutotech.com> <36194931.975AA5AC@plutotech.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 05:53 PM 10/5/98 -0600, Nate Williams wrote: >Nate - Who is looking for a good 'physical' security mechanism that > can't be easily forged by an outsider who gets physical access to you > and your computer. At my last job when our Sun consultant came in with a Java ring it set a bunch of ideas in motion. Didn't get anywhere, but the rings could be used for physical access control and network access control. Take the idea a bit further.... First let's stick with the WonderTwinsJavaRing (twin not required). Skip cards and anything not attached, but optionally use the WonderTwinJavaPendant (choice of gold/silver/anodized color w/wo pattern of choice - additional goodies extra - chain not included). Why not use it for your home, car, computer, et all. Your employer can use your ring for access control. Add to this the workings of a smart card that you can use like a debit/credit card or like the smartcards have several cards stored. There could be a reference number so that in an emergency medical tecnicians can get your health records. Of course a 2nd memory chip for the last 2 things would be better, so when you wipe your private key you don't have to reprogram you cards and vitals. The list goes on, but there is a potentially HUGE market. Just think how easy this would make a techo-dweeb's life. ;) And it's the way of the future! Jeff Mountin - Unix Systems TCP/IP networking jeff@mountin.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 6 19:31:57 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id TAA07196 for freebsd-security-outgoing; Tue, 6 Oct 1998 19:31:57 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from picnic.mat.net (picnic.mat.net [206.246.122.117]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id TAA07183 for ; Tue, 6 Oct 1998 19:31:54 -0700 (PDT) (envelope-from chuckr@mat.net) Received: from localhost (chuckr@localhost) by picnic.mat.net (8.9.1/8.8.5) with ESMTP id WAA21264; Tue, 6 Oct 1998 22:30:39 -0400 (EDT) Date: Tue, 6 Oct 1998 22:30:39 -0400 (EDT) From: Chuck Robey To: "Jeffrey J. Mountin" cc: Wes Peters , Sean Kelly , Nate Williams , FreeBSD-security@FreeBSD.ORG Subject: Re: Java-based Crypto Decoder Ring gets NIST FIPS 140-1 certification (fwd) In-Reply-To: <3.0.3.32.19981006210902.006e987c@207.227.119.2> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 6 Oct 1998, Jeffrey J. Mountin wrote: > >% can't be easily forged by an outsider who gets physical access to you > >% and your computer. > > Before addressing far-out scenarios, let's assume it's a ring. As long as it doesn't not fall off.... > > If it does, the finder would need to know where to use it. Say one is laying on the street. Despite the odds of finding a "good" receptical, lose the ring and you change the codes. > > > >This would pretty much need to be a biometric device of some sort that > >can measure stress *and* determine if the subject is living or dead. > >Probably still slightly beyond the state of the art, but not more than > >a few years out now. > > > >I personally prefer the urinalysis login method, but it can get pretty > >messy, and I'm told is much more embarassing for users with two Y > >chromosones. > > Retina scan maybe. Simple, less messy and what happens if it is 50 below and you just can't go. Not sure the ladies would like the p-test either. > > Also what happens if someone steals a sample. For the truely paranoid. 8-) You guys are missing the central fact: No, it's not perfect. Yes, it's far better than what we have today. On the other hand, maybe you guys are joking, and I'm being too serious? The thing _really is_ a ring, you can see it on their web site, and it' seems really cheap. I'm going to get more info ... ----------------------------+----------------------------------------------- Chuck Robey | Interests include any kind of voice or data chuckr@glue.umd.edu | communications topic, C programming, and Unix. 213 Lakeside Drive Apt T-1 | Greenbelt, MD 20770 | I run Journey2 and picnic (FreeBSD-current) (301) 220-2114 | and jaunt (NetBSD). ----------------------------+----------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 6 19:48:17 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id TAA10739 for freebsd-security-outgoing; Tue, 6 Oct 1998 19:48:17 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from peak.mountin.net (peak.mountin.net [207.227.119.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id TAA10652 for ; Tue, 6 Oct 1998 19:48:06 -0700 (PDT) (envelope-from jeff-ml@mountin.net) Received: (from daemon@localhost) by peak.mountin.net (8.9.1/8.9.1) id VAA18618; Tue, 6 Oct 1998 21:46:37 -0500 (CDT) Received: from luthien-10.isdn.mke.execpc.com(169.207.65.10) by peak.mountin.net via smap (V1.3) id sma018613; Tue Oct 6 21:46:12 1998 Message-Id: <3.0.3.32.19981006213926.006e987c@207.227.119.2> X-Sender: jeff-ml@207.227.119.2 X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32) Date: Tue, 06 Oct 1998 21:39:26 -0500 To: patl@phoenix.volant.org, "Matthew D. Fuller" From: "Jeffrey J. Mountin" Subject: Re: Two Y chromosomes [ Was: Java-based Crypto Decoder Ring ...] Cc: Wes Peters , FreeBSD-security@FreeBSD.ORG In-Reply-To: References: <19981006045145.26603@futuresouth.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 12:46 PM 10/6/98 -0700, patl@phoenix.volant.org wrote: >> Two Y chromosones? >> I'm going to hope you meant to X's, else I shall have to REALLY dig and >> find my old high school bio book and try to remember the various problems >> slightly more pressing than logging into your computer that come up... > >Actually, there are some -very- rare individuals who have two Y >chromosomes. But they also have an X chromosome. And there are >some equally rare folks with two Xes and a Y. IIRC, there are >no obvious physical signs; but such folk tend to be subject to >various extremes of anti-social and violent behavour. XY - male XX - female XYY - indiscernable mutants - male stigmata XXY - sab (not sure if still "male") Makes me think of Alien 3 when you mention behavior, correcting the typo. Fiorina prison - Some nice people there, even if they are inclined to kill you. Jeff Mountin - Unix Systems TCP/IP networking jeff@mountin.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 6 20:36:41 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id UAA20703 for freebsd-security-outgoing; Tue, 6 Oct 1998 20:36:41 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from lariat.lariat.org (lariat.lariat.org [206.100.185.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA20640 for ; Tue, 6 Oct 1998 20:36:34 -0700 (PDT) (envelope-from brett@lariat.org) Received: (from brett@localhost) by lariat.lariat.org (8.8.8/8.8.6) id VAA19211; Tue, 6 Oct 1998 21:36:22 -0600 (MDT) Message-Id: <4.1.19981006213234.04cd1600@mail.lariat.org> X-Sender: brett@mail.lariat.org X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Tue, 06 Oct 1998 21:35:12 -0600 To: "Jeffrey J. Mountin" , Dan Busarow , Studded From: Brett Glass Subject: Re: The necessary steps for logging (the problem is fixed) Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <3.0.3.32.19981006205648.006e987c@207.227.119.2> References: <361A4F37.141BAE11@dal.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 08:56 PM 10/6/98 -0500, Jeffrey J. Mountin wrote: >You are refering to the checking, but the original /etc/crontab's for 2.2.7 >and the 9/30 beta are mostly spaces, but the do mix tabs and spaces on the >LHS, assuming you are referring in this case to only the time/date fields. > >In 2.2.7 (v1.13) even has a tab between adjkerntz and the -a flag that the >beta (v.1.18) did not. A lot of the Vixie stuff (including his cron and BIND) treats all whitespace the same, regardless of whether you use spaces or tabs. So does Apache. So do a whole bunch of other things. There's also the problem that some editors expand tabs to spaces. In the name of consistency, I'd like to see FreeBSD (and, for that matter, ALL the BSDs) treat tabs and spaces the same, letting you quote spaces with a backslash (or quotes surrounding a string) if you want to embed them. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 6 20:40:43 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id UAA21555 for freebsd-security-outgoing; Tue, 6 Oct 1998 20:40:43 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from lariat.lariat.org (lariat.lariat.org [206.100.185.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA21477 for ; Tue, 6 Oct 1998 20:40:21 -0700 (PDT) (envelope-from brett@lariat.org) Received: (from brett@localhost) by lariat.lariat.org (8.8.8/8.8.6) id VAA19249; Tue, 6 Oct 1998 21:39:59 -0600 (MDT) Message-Id: <4.1.19981006213600.04331550@mail.lariat.org> X-Sender: brett@mail.lariat.org X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Tue, 06 Oct 1998 21:38:44 -0600 To: "Jeffrey J. Mountin" , patl@phoenix.volant.org, "Matthew D. Fuller" From: Brett Glass Subject: Re: Two Y chromosomes [ Was: Java-based Crypto Decoder Ring ...] Cc: Wes Peters , FreeBSD-security@FreeBSD.ORG In-Reply-To: <3.0.3.32.19981006213926.006e987c@207.227.119.2> References: <19981006045145.26603@futuresouth.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 09:39 PM 10/6/98 -0500, Jeffrey J. Mountin wrote: >XY - male >XX - female >XYY - indiscernable mutants - male stigmata >XXY - sab (not sure if still "male") I thought XXY was "calico." --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 6 22:33:21 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id WAA10465 for freebsd-security-outgoing; Tue, 6 Oct 1998 22:33:21 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from obie.softweyr.com ([204.68.178.33]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id WAA10455 for ; Tue, 6 Oct 1998 22:33:15 -0700 (PDT) (envelope-from wes@softweyr.com) Received: from softweyr.com (wes@zaphod.softweyr.com [204.68.178.35]) by obie.softweyr.com (8.8.8/8.8.8) with ESMTP id XAA13762; Tue, 6 Oct 1998 23:25:16 -0600 (MDT) (envelope-from wes@softweyr.com) Message-ID: <361AFB3C.969B7CD3@softweyr.com> Date: Tue, 06 Oct 1998 23:25:16 -0600 From: Wes Peters Organization: Softweyr llc X-Mailer: Mozilla 4.05 [en] (X11; I; FreeBSD 2.2.6-RELEASE i386) MIME-Version: 1.0 To: Chuck Robey CC: "Jeffrey J. Mountin" , Sean Kelly , Nate Williams , FreeBSD-security@FreeBSD.ORG Subject: Re: Java-based Crypto Decoder Ring gets NIST FIPS 140-1 certification (fwd) References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Chuck Robey wrote: > > You guys are missing the central fact: No, it's not perfect. Yes, it's > far better than what we have today. > > On the other hand, maybe you guys are joking, and I'm being too serious? > The thing _really is_ a ring, you can see it on their web site, and it' > seems really cheap. I'm going to get more info ... Yes, I was certainly joking when I went off on the urinalysis thread. (And yes, it's XX-chromosome-enabled, that's what I get for trying to dredge up the one life sciences class I ever took from 20-year-old memory). I agree that a Java ring with your PGP key on it is a great idea, both for personal authentication and to store your PGP key in a private place. I think most users would be astonished to learn that if they ever store a PGP key on their employer's computer (at least in the USA) it pretty much becomes legal property of the employer. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC http://www.softweyr.com/~softweyr wes@softweyr.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Oct 6 23:50:54 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id XAA24802 for freebsd-security-outgoing; Tue, 6 Oct 1998 23:50:54 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from www.scancall.no (www.scancall.no [195.139.183.5]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id XAA24785 for ; Tue, 6 Oct 1998 23:50:46 -0700 (PDT) (envelope-from Marius.Bendiksen@scancall.no) Received: from super2.langesund.scancall.no [195.139.183.29] by www with smtp id IXBSMCJK; Wed, 07 Oct 98 06:50:40 GMT (PowerWeb version 4.04r6) Message-Id: <3.0.5.32.19981007084546.009431a0@mail.scancall.no> X-Sender: Marius@mail.scancall.no X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32) Date: Wed, 07 Oct 1998 08:45:46 +0200 To: patl@phoenix.volant.org From: Marius Bendiksen Subject: Re: Two Y chromosomes [ Was: Java-based Crypto Decoder Ring ...] Cc: freebsd-security@FreeBSD.ORG In-Reply-To: References: <19981006045145.26603@futuresouth.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Actually, there are some -very- rare individuals who have two Y >chromosomes. But they also have an X chromosome. And there are >some equally rare folks with two Xes and a Y. IIRC, there are >no obvious physical signs; but such folk tend to be subject to >various extremes of anti-social and violent behavour. Actually, there are (iirc) some physical signs. The only permutations which don't cause any problems are: XX, XY, XXXY --- Marius Bendiksen, IT-Trainee, ScanCall AS To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 7 07:35:59 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id HAA00945 for freebsd-security-outgoing; Wed, 7 Oct 1998 07:35:59 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from lariat.lariat.org (lariat.lariat.org [206.100.185.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA00937 for ; Wed, 7 Oct 1998 07:35:57 -0700 (PDT) (envelope-from brett@lariat.org) Received: (from brett@localhost) by lariat.lariat.org (8.8.8/8.8.6) id IAA22716; Wed, 7 Oct 1998 08:35:24 -0600 (MDT) Message-Id: <4.1.19981007081405.04ce7d00@mail.lariat.org> X-Sender: brett@mail.lariat.org X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Wed, 07 Oct 1998 08:19:14 -0600 To: Wes Peters , Chuck Robey From: Brett Glass Subject: Re: Java-based Crypto Decoder Ring gets NIST FIPS 140-1 certification (fwd) Cc: "Jeffrey J. Mountin" , Sean Kelly , Nate Williams , FreeBSD-security@FreeBSD.ORG In-Reply-To: <361AFB3C.969B7CD3@softweyr.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 11:25 PM 10/6/98 -0600, Wes Peters wrote: >I agree that a Java ring with your PGP key on it is a great idea, both >for personal authentication and to store your PGP key in a private >place. I think most users would be astonished to learn that if they >ever store a PGP key on their employer's computer (at least in the >USA) it pretty much becomes legal property of the employer. Does anyone remember the Beatles movie "Help?" I wonder if a PGP ring with an important key might get one into a similar scenario. ;-) --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 7 07:43:51 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id HAA01916 for freebsd-security-outgoing; Wed, 7 Oct 1998 07:43:51 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from fledge.watson.org (COPLAND.CODA.CS.CMU.EDU [128.2.222.48]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA01895 for ; Wed, 7 Oct 1998 07:43:47 -0700 (PDT) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.8.8/8.8.8) with SMTP id KAA03928; Wed, 7 Oct 1998 10:42:41 -0400 (EDT) Date: Wed, 7 Oct 1998 10:42:41 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: Wes Peters cc: Chuck Robey , "Jeffrey J. Mountin" , Sean Kelly , Nate Williams , FreeBSD-security@FreeBSD.ORG Subject: Re: Java-based Crypto Decoder Ring gets NIST FIPS 140-1 certification (fwd) In-Reply-To: <361AFB3C.969B7CD3@softweyr.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 6 Oct 1998, Wes Peters wrote: > Chuck Robey wrote: > > > > You guys are missing the central fact: No, it's not perfect. Yes, it's > > far better than what we have today. > > > > On the other hand, maybe you guys are joking, and I'm being too serious? > > The thing _really is_ a ring, you can see it on their web site, and it' > > seems really cheap. I'm going to get more info ... > > I agree that a Java ring with your PGP key on it is a great idea, both > for personal authentication and to store your PGP key in a private > place. I think most users would be astonished to learn that if they > ever store a PGP key on their employer's computer (at least in the > USA) it pretty much becomes legal property of the employer. So here is my concern with keeping the key in a ring. For me, the goal of keeping a key in a smart device would be that I would not want to put my key on a multi-user machine that I was not sure I trusted. On the other hand, I might want to approve an electronic transaction on such a machine by signing data provided by the machine. Example. I carry my key in my Spiffy Java Decoder Ring, and I want to sign a digital check. I do not want to allow my key onto the untrusted machine in front of me running Netscape to get to the electronic storefront. In this case, the ideal key for me is one I plug in, and has a little display and a button or two. I type in my pin number, and it decrypts the pgp key stored in the ring. The ring then displays the comment field of the check, the to: field, and the amount, and prompts for confirmation, all from the digital check transfered to the ring. If I approve the transaction, the ring signs or encrypts the check with the key, and sends it back to the computer. The same goes for authentication. I am willing to participate in a challenge/response with the machine, but I am not willing to provide it with my key. I am also not willing to perform an endless sequence of challenge/response as it plays man-in-the-middle games with my ring. So really my Ring looks a lot like a PCMCIA card with a little calculator on the side looking like one of the SNK calculators, except more chatty. So my feeling is a 'Ring' is cool, but not so useful, whereas a 'Card is useful, but not so cool. :) Robert N Watson Carnegie Mellon University http://www.cmu.edu/ TIS Labs at Network Associates, Inc. http://www.tis.com/ SafePort Network Services http://www.safeport.com/ robert@fledge.watson.org http://www.watson.org/~robert/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 7 08:36:46 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id IAA12883 for freebsd-security-outgoing; Wed, 7 Oct 1998 08:36:46 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from java.dpcsys.com (java.dpcsys.com [206.16.184.7]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA12878 for ; Wed, 7 Oct 1998 08:36:40 -0700 (PDT) (envelope-from dan@dpcsys.com) Received: from localhost (dan@localhost) by java.dpcsys.com (8.9.1a/8.9.1) with SMTP id IAA24828; Wed, 7 Oct 1998 08:37:01 -0700 (PDT) Date: Wed, 7 Oct 1998 08:37:01 -0700 (PDT) From: Dan Busarow To: "Jeffrey J. Mountin" cc: freebsd-security@FreeBSD.ORG Subject: Re: The necessary steps for logging (the problem is fixed) In-Reply-To: <3.0.3.32.19981006205648.006e987c@207.227.119.2> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 6 Oct 1998, Jeffrey J. Mountin wrote: > At 10:35 AM 10/6/98 -0700, Dan Busarow wrote: > >Unless someone can demonstrate a valid use of spaces on the LHS > >crontab style checking would work though. (spaces are only legal > >in the last field of crontab as well) > > Huh? > > You are refering to the checking, but the original /etc/crontab's for 2.2.7 and the 9/30 beta are mostly spaces, but the do mix tabs and spaces on the LHS, assuming you are referring in this case to only the time/date fields. No, I'm refering to crontab(5)'s similarity to syslog.conf in that the last field of both can legally contain spaces. If any of the fields to the left of those fields could also contain spaces then spaces could *not* be used as a delimiter. Since in crontab(5) this is obviously not the case crontab(1)'s mixing of space and tab is fine. I'm asking if anyone has a working syslog.conf that uses spaces on the LHS. The docs don't support this but the code looks like it may. So to prevent the meltdown of previously working syslog.conf files this possability should be looked at. Dan -- Dan Busarow 949 443 4172 Dana Point Communications, a California corporation dan@dpcsys.com Dana Point, California 83 09 EF 59 E0 11 89 B4 8D 09 DB FD E1 DD 0C 82 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 7 08:40:50 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id IAA13891 for freebsd-security-outgoing; Wed, 7 Oct 1998 08:40:50 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from passer.osg.gov.bc.ca (passer.osg.gov.bc.ca [142.32.110.29]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA13853 for ; Wed, 7 Oct 1998 08:40:42 -0700 (PDT) (envelope-from cy@cschuber.net.gov.bc.ca) Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.8.8/8.6.10) id IAA03931; Wed, 7 Oct 1998 08:40:36 -0700 (PDT) Received: from cschuber.net.gov.bc.ca(142.31.240.113), claiming to be "cwsys.cwsent.com" via SMTP by passer.osg.gov.bc.ca, id smtpdaX3922; Wed Oct 7 08:40:00 1998 Received: (from uucp@localhost) by cwsys.cwsent.com (8.8.8/8.6.10) id IAA01822; Wed, 7 Oct 1998 08:39:49 -0700 (PDT) Message-Id: <199810071539.IAA01822@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpdrR1818; Wed Oct 7 08:39:43 1998 X-Mailer: exmh version 2.0.2 2/24/98 Reply-to: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-Sender: cy To: Brett Glass cc: "Jeffrey J. Mountin" , Dan Busarow , Studded , freebsd-security@FreeBSD.ORG Subject: Re: The necessary steps for logging (the problem is fixed) In-reply-to: Your message of "Tue, 06 Oct 1998 21:35:12 MDT." <4.1.19981006213234.04cd1600@mail.lariat.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 07 Oct 1998 08:39:34 -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > In the name of consistency, I'd like to see FreeBSD (and, for that matter, > ALL the BSDs) treat tabs and spaces the same, letting you quote spaces with > a backslash (or quotes surrounding a string) if you want to embed them. I've been caught by this many times. Add to the list Solaris, HP-UX, DEC UNIX, AIX, Linux, ... One would think that with every UN*X operating system having this "feature", syslogd's use of tabs instead of spaces would be common knowledge. Granted, a newbie would not know this, however I remember the first time I made this mistake I remembered not to make it again. On the other hand it could be argued that FreeBSD should a more tolerant syslogd. This would cause the FreeBSD syslogd to be incompatible with other syslogd's, meaning I could create a syslogd for my shop (Suns, Alphas, RS/6000's, DG boxes, HP boxes, Linux boxes, and FreeBSD boxes). If FreeBSD were to have a different syslogd I would not be able to copy my syslogd.conf or cat any additions to any syslogd.conf file. I would have one master file for FreeBSD and another for the other systems. A syslogd.conf syntax checker (as mentioned in an earlier posting) might be a better solution. It could be run at boot or via cron and email its results to the sysadmin. This could be written as a small Perl script. That's my $0.02 worth. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Open Systems Group Internet: cschuber@uumail.gov.bc.ca ITSD Cy.Schubert@gems8.gov.bc.ca Government of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 7 08:41:53 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id IAA14162 for freebsd-security-outgoing; Wed, 7 Oct 1998 08:41:53 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from java.dpcsys.com (java.dpcsys.com [206.16.184.7]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA14134 for ; Wed, 7 Oct 1998 08:41:50 -0700 (PDT) (envelope-from dan@dpcsys.com) Received: from localhost (dan@localhost) by java.dpcsys.com (8.9.1a/8.9.1) with SMTP id IAA25933; Wed, 7 Oct 1998 08:42:13 -0700 (PDT) Date: Wed, 7 Oct 1998 08:42:13 -0700 (PDT) From: Dan Busarow To: Brett Glass cc: freebsd-security@FreeBSD.ORG Subject: Re: The necessary steps for logging (the problem is fixed) In-Reply-To: <4.1.19981006213234.04cd1600@mail.lariat.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 6 Oct 1998, Brett Glass wrote: > There's also the problem that some editors expand tabs to spaces. > > In the name of consistency, I'd like to see FreeBSD (and, for that matter, > ALL the BSDs) treat tabs and spaces the same, letting you quote spaces with > a backslash (or quotes surrounding a string) if you want to embed them. And that would make for even more readable sendmail.cf's (on the plus side it would certainly get everyone to move to m4 instead of editing sendmail.cf directly :) You have to examine the structure of the data in any config file before deciding which characters are legal separators. Dan -- Dan Busarow 949 443 4172 Dana Point Communications, a California corporation dan@dpcsys.com Dana Point, California 83 09 EF 59 E0 11 89 B4 8D 09 DB FD E1 DD 0C 82 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 7 10:25:00 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA02977 for freebsd-security-outgoing; Wed, 7 Oct 1998 10:25:00 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from orion.ac.hmc.edu (Orion.AC.HMC.Edu [134.173.32.20]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA02960 for ; Wed, 7 Oct 1998 10:24:57 -0700 (PDT) (envelope-from brooks@one-eyed-alien.net) From: brooks@one-eyed-alien.net Received: from localhost (brdavis@localhost) by orion.ac.hmc.edu (8.8.8/8.8.8) with SMTP id KAA28246; Wed, 7 Oct 1998 10:24:21 -0700 (PDT) X-Authentication-Warning: orion.ac.hmc.edu: brdavis owned process doing -bs Date: Wed, 7 Oct 1998 10:24:21 -0700 (PDT) X-Sender: brdavis@orion.ac.hmc.edu To: Robert Watson cc: Wes Peters , Chuck Robey , "Jeffrey J. Mountin" , Sean Kelly , Nate Williams , FreeBSD-security@FreeBSD.ORG Subject: Re: Java-based Crypto Decoder Ring gets NIST FIPS 140-1 certification (fwd) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 7 Oct 1998, Robert Watson wrote: > In this case, the ideal key for me is one I plug in, and has a little > display and a button or two. I type in my pin number, and it decrypts the > pgp key stored in the ring. The ring then displays the comment field of > the check, the to: field, and the amount, and prompts for confirmation, > all from the digital check transfered to the ring. If I approve the > transaction, the ring signs or encrypts the check with the key, and sends > it back to the computer. While they don't have any way that wouldn't give the computer your pin, if you use the Crypto buttons (the ring is only one form of them) correctly *no one* including you ever knows the private key. For the actual information on Crypto buttons in perticular and iButtons in general checkout http://www.ibutton.com/. -- Brooks To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 7 10:56:07 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA10152 for freebsd-security-outgoing; Wed, 7 Oct 1998 10:56:07 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from mercury.webnology.com (mercury.webnology.com [209.155.51.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA09996 for ; Wed, 7 Oct 1998 10:56:00 -0700 (PDT) (envelope-from jooji@webnology.com) Received: from localhost (jooji@localhost) by mercury.webnology.com (8.9.1/8.8.8) with SMTP id NAA01328 for ; Wed, 7 Oct 1998 13:02:28 -0500 (envelope-from jooji@webnology.com) Date: Wed, 7 Oct 1998 13:02:28 -0500 (CDT) From: "Jasper O'Malley" To: security@FreeBSD.ORG Subject: "invalid hostname" Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Does -stable still put "invalid hostname" in wtmp when it can't forward resolve the FQDN it gets by reverse resolving the client IP? Cheers, Mick The Reverend Jasper P. O'Malley dotdot:jooji@webnology.com Systems Administrator ringring:asktheadmiral Webnology, LLC woowoo:http://www.webnology.com/~jooji To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 7 11:22:04 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA15785 for freebsd-security-outgoing; Wed, 7 Oct 1998 11:22:04 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id LAA15737 for ; Wed, 7 Oct 1998 11:21:53 -0700 (PDT) (envelope-from imp@village.org) Received: from harmony [10.0.0.6] by rover.village.org with esmtp (Exim 1.71 #1) id 0zQyDV-0004BN-00; Wed, 7 Oct 1998 12:21:41 -0600 Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.1/8.8.3) with ESMTP id MAA17287; Wed, 7 Oct 1998 12:21:28 -0600 (MDT) Message-Id: <199810071821.MAA17287@harmony.village.org> To: "Jeffrey J. Mountin" Subject: Re: Negative IP Packets - Risky? (fwd) Cc: "Jordan K. Hubbard" , freebsd-security@FreeBSD.ORG In-reply-to: Your message of "Tue, 06 Oct 1998 20:16:10 CDT." <3.0.3.32.19981006201610.00f718c8@207.227.119.2> References: <3.0.3.32.19981006201610.00f718c8@207.227.119.2> Date: Wed, 07 Oct 1998 12:21:28 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <3.0.3.32.19981006201610.00f718c8@207.227.119.2> "Jeffrey J. Mountin" writes: : When is HappyBridge going to be added to ports? 8-) Who would jump off of HappyFunBridge? :-0 Warner "Taunter of HappyFunBall" Losh To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 7 12:19:59 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA26955 for freebsd-security-outgoing; Wed, 7 Oct 1998 12:19:59 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from lariat.lariat.org (lariat.lariat.org [206.100.185.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA26949 for ; Wed, 7 Oct 1998 12:19:57 -0700 (PDT) (envelope-from brett@lariat.org) Received: (from brett@localhost) by lariat.lariat.org (8.8.8/8.8.6) id NAA25283; Wed, 7 Oct 1998 13:19:50 -0600 (MDT) Message-Id: <4.1.19981007131531.0408a100@mail.lariat.org> X-Sender: brett@mail.lariat.org X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Wed, 07 Oct 1998 13:16:54 -0600 To: Dan Busarow From: Brett Glass Subject: Re: The necessary steps for logging (the problem is fixed) Cc: freebsd-security@FreeBSD.ORG In-Reply-To: References: <4.1.19981006213234.04cd1600@mail.lariat.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 08:42 AM 10/7/98 -0700, Dan Busarow wrote: >On Tue, 6 Oct 1998, Brett Glass wrote: >> There's also the problem that some editors expand tabs to spaces. >> >> In the name of consistency, I'd like to see FreeBSD (and, for that matter, >> ALL the BSDs) treat tabs and spaces the same, letting you quote spaces with >> a backslash (or quotes surrounding a string) if you want to embed them. > >And that would make for even more readable sendmail.cf's >(on the plus side it would certainly get everyone to move to m4 >instead of editing sendmail.cf directly :) > >You have to examine the structure of the data in any config file >before deciding which characters are legal separators. That's a problem. What's more, in an editor, tabs look like spaces unless you display them as special characters (which ruins the columnization and makes editing hard). So, you're damned if you turn on the special display mode and damned if you don't. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 7 12:20:08 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA27146 for freebsd-security-outgoing; Wed, 7 Oct 1998 12:20:08 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from lariat.lariat.org (lariat.lariat.org [206.100.185.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA27068 for ; Wed, 7 Oct 1998 12:20:03 -0700 (PDT) (envelope-from brett@lariat.org) Received: (from brett@localhost) by lariat.lariat.org (8.8.8/8.8.6) id NAA25280; Wed, 7 Oct 1998 13:19:44 -0600 (MDT) Message-Id: <4.1.19981007131333.0415ddb0@mail.lariat.org> X-Sender: brett@mail.lariat.org X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Wed, 07 Oct 1998 13:14:25 -0600 To: Cy Schubert - ITSD Open Systems Group From: Brett Glass Subject: Re: The necessary steps for logging (the problem is fixed) Cc: "Jeffrey J. Mountin" , Dan Busarow , Studded , freebsd-security@FreeBSD.ORG In-Reply-To: <199810071539.IAA01822@cwsys.cwsent.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 08:39 AM 10/7/98 -0700, Cy Schubert - ITSD Open Systems Group wrote: >If FreeBSD were to have a different syslogd I would >not be able to copy my syslogd.conf or cat any additions to any >syslogd.conf file. Why not? The tabs in those others would still be interpreted as field separators. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 7 14:58:52 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id OAA02454 for freebsd-security-outgoing; Wed, 7 Oct 1998 14:58:52 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from servidor.exsocom.com.mx (servidor.exsocom.com.mx [200.34.46.130]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA02352 for ; Wed, 7 Oct 1998 14:58:40 -0700 (PDT) (envelope-from agalindo@servidor.exsocom.com.mx) Received: from servidor.exsocom.com.mx (servidor.exsocom.com.mx [200.34.46.130]) by servidor.exsocom.com.mx (8.8.7/8.8.5) with SMTP id RAA28771 for ; Wed, 7 Oct 1998 17:05:41 -0500 (CDT) Date: Wed, 7 Oct 1998 17:05:40 -0500 (CDT) From: Alejandro Galindo Chairez AGALINDO To: freebsd-security@FreeBSD.ORG Subject: ipfw and pop3 Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org i install a firewall and natd with 2 NICs (one for public and other for internal network), iam mapping (a STATIC map) with natd from 1 public ip to one internal ip address, the ip came to the WWW server and e-mail server, all the rules are working (i can see the WWW server from the outside and i can send and recived e-mail), but i dont know how to establish the rule for permit from a specific network (public network) to have pop access (for check their e-mails across other palataforms (like w*ndows). the ips: my public ip address: 208.195.117.130 mapped to my internal ip: 192.168.1.2 can you help to me in establish the rule for permit the pop3 port access? i only need to permit the network 208.195.117.0 (mask 0xffffff00) or can you indicate to me where can i find some rule samples for this? Thanks in advanced Alejandro Galindo To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 7 16:17:07 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id QAA19421 for freebsd-security-outgoing; Wed, 7 Oct 1998 16:17:07 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from alecto.physics.uiuc.edu (alecto.physics.uiuc.edu [130.126.8.20]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA19385 for ; Wed, 7 Oct 1998 16:16:53 -0700 (PDT) (envelope-from igor@alecto.physics.uiuc.edu) Received: (from igor@localhost) by alecto.physics.uiuc.edu (8.9.0/8.9.0) id SAA12861; Wed, 7 Oct 1998 18:16:42 -0500 (CDT) From: Igor Roshchin Message-Id: <199810072316.SAA12861@alecto.physics.uiuc.edu> Subject: Re: The necessary steps for logging (the problem is fixed) In-Reply-To: <199810071539.IAA01822@cwsys.cwsent.com> from "Cy Schubert - ITSD Open Systems Group" at "Oct 7, 1998 8:39:34 am" To: cschuber@uumail.gov.bc.ca Date: Wed, 7 Oct 1998 18:16:42 -0500 (CDT) Cc: freebsd-security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL43 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > I've been caught by this many times. Add to the list Solaris, HP-UX, > DEC UNIX, AIX, Linux, ... > > One would think that with every UN*X operating system having this > "feature", syslogd's use of tabs instead of spaces would be common > knowledge. Granted, a newbie would not know this, however I remember > the first time I made this mistake I remembered not to make it again. > > On the other hand it could be argued that FreeBSD should a more > tolerant syslogd. This would cause the FreeBSD syslogd to be > incompatible with other syslogd's, meaning I could create a syslogd for > my shop (Suns, Alphas, RS/6000's, DG boxes, HP boxes, Linux boxes, and > FreeBSD boxes). If FreeBSD were to have a different syslogd I would > not be able to copy my syslogd.conf or cat any additions to any > syslogd.conf file. I would have one master file for FreeBSD and > another for the other systems. Not necessarily. If the proposed changes would be made, they still would be backwards compatible, i.e. the file just with the tabs would be alright, while in addition to that, syslog will understand spaces (as field separators) too. > > A syslogd.conf syntax checker (as mentioned in an earlier posting) > might be a better solution. It could be run at boot or via cron and > email its results to the sysadmin. This could be written as a small > Perl script. > > That's my $0.02 worth. > > > Regards, Phone: (250)387-8437 > Cy Schubert Fax: (250)387-5766 > Open Systems Group Internet: cschuber@uumail.gov.bc.ca > ITSD Cy.Schubert@gems8.gov.bc.ca > Government of BC > Sorry, if I am missing something in this discussion, but so far this problem seems to be obvious: _IF_ the internal structure of the syslogd allows to use both spaces and tabs as field separators, (^1) then, since there is no external contradiction (^2) this can (and probably should) be implemented. (The backward compatibility is preserved). Comments: -------- ^1: i.e. it doesn't conflict with any of the syslogd internals - one should make some kind of "sanity check". ^2: The use of the spaces as the field separator was not found to contradict to the logic of syslog.conf: - there are just 2 fields on each line of syslog.conf - if used for other needs, spaces do not appear in the left hand side of the syslog.conf, but just in the second field. (whether that is important or not, but the only (?) case when it occurs, is when the pipe ("|") symbol is the first one in the second field.) - if the dual use of spaces (as the field separator, and as argument separator in the 2nd field) is troublesome for some reason (which I hope not), the second field an be put in quote marks (though if possible, this should not be implemented - to keep the things simple.) Again, sorry, if I have missed some important point. Igor To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 7 16:52:34 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id QAA25893 for freebsd-security-outgoing; Wed, 7 Oct 1998 16:52:34 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from passer.osg.gov.bc.ca (passer.osg.gov.bc.ca [142.32.110.29]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA25873 for ; Wed, 7 Oct 1998 16:52:25 -0700 (PDT) (envelope-from cschuber@passer.osg.gov.bc.ca) Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.8.8/8.6.10) id QAA06511; Wed, 7 Oct 1998 16:52:18 -0700 (PDT) Message-Id: <199810072352.QAA06511@passer.osg.gov.bc.ca> Received: from localhost.osg.gov.bc.ca(127.0.0.1), claiming to be "passer.osg.gov.bc.ca" via SMTP by localhost.osg.gov.bc.ca, id smtpdhU6507; Wed Oct 7 16:52:04 1998 X-Mailer: exmh version 2.0.2 2/24/98 Reply-to: Cy Schubert - ITSD Open Systems Group X-Sender: cschuber To: Igor Roshchin cc: cschuber@uumail.gov.bc.ca, freebsd-security@FreeBSD.ORG Subject: Re: The necessary steps for logging (the problem is fixed) In-reply-to: Your message of "Wed, 07 Oct 1998 18:16:42 CDT." <199810072316.SAA12861@alecto.physics.uiuc.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 07 Oct 1998 16:52:04 -0700 From: Cy Schubert Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > - if the dual use of spaces (as the field separator, and as argument > separator in the 2nd field) is troublesome for some reason (which I hope not) , > the second field an be put in quote marks > (though if possible, this should not be implemented - to keep the things > simple.) > > Again, sorry, if I have missed some important point. > > Igor As long as backward compatibility can be maintained then I have no problem. However, if the use of quotes breaks backward compatibility or breaks any cross platform compatibility, then the solution needs to be re-engineered. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Open Systems Group Internet: cschuber@uumail.gov.bc.ca ITSD Cy.Schubert@gems8.gov.bc.ca Government of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Oct 7 17:27:55 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id RAA03937 for freebsd-security-outgoing; Wed, 7 Oct 1998 17:27:55 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from aniwa.sky (pppk-07.igrin.co.nz [202.49.245.86]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id RAA03909 for ; Wed, 7 Oct 1998 17:27:45 -0700 (PDT) (envelope-from andrew@squiz.co.nz) Received: from localhost (andrew@localhost) by aniwa.sky (8.8.8/8.8.7) with SMTP id NAA03768; Thu, 8 Oct 1998 13:26:37 +1300 (NZDT) (envelope-from andrew@squiz.co.nz) Date: Thu, 8 Oct 1998 13:26:35 +1300 (NZDT) From: Andrew McNaughton X-Sender: andrew@aniwa.sky Reply-To: andrew@squiz.co.nz To: Alejandro Galindo Chairez AGALINDO cc: freebsd-security@FreeBSD.ORG Subject: Re: ipfw and pop3 In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 7 Oct 1998, Alejandro Galindo Chairez AGALINDO wrote: > the ips: > my public ip address: 208.195.117.130 > mapped to my internal ip: 192.168.1.2 > > can you help to me in establish the rule for permit the pop3 port access? > i only need to permit the network 208.195.117.0 (mask 0xffffff00) > or can you indicate to me where can i find some rule samples for this? I'm not quite clear on your setup (where is the firewall?) but your network can be defined as 208.195.117.0:255.255.255.0 Andrew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 8 00:06:16 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id AAA07801 for freebsd-security-outgoing; Thu, 8 Oct 1998 00:06:16 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from peak.mountin.net ([207.227.119.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id AAA07770 for ; Thu, 8 Oct 1998 00:06:09 -0700 (PDT) (envelope-from jeff-ml@mountin.net) Received: (from daemon@localhost) by peak.mountin.net (8.9.1/8.9.1) id CAA25138; Thu, 8 Oct 1998 02:06:07 -0500 (CDT) Received: from harkol-108.isdn.mke.execpc.com(169.207.64.236) by peak.mountin.net via smap (V1.3) id sma025136; Thu Oct 8 02:06:02 1998 Message-Id: <3.0.3.32.19981008015245.00feeec4@207.227.119.2> X-Sender: jeff-ml@207.227.119.2 X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32) Date: Thu, 08 Oct 1998 01:52:45 -0500 To: Cy Schubert - ITSD Open Systems Group From: "Jeffrey J. Mountin" Subject: Re: The necessary steps for logging (the problem is fixed) Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <199810071539.IAA01822@cwsys.cwsent.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 08:39 AM 10/7/98 -0700, Cy Schubert - ITSD Open Systems Group wrote: >I've been caught by this many times. Add to the list Solaris, HP-UX, >DEC UNIX, AIX, Linux, ... > >One would think that with every UN*X operating system having this >"feature", syslogd's use of tabs instead of spaces would be common >knowledge. Granted, a newbie would not know this, however I remember >the first time I made this mistake I remembered not to make it again. Consistancy would make administrating various systems easier, but how far could this be taken. I'm being rhetorical, but doing will break additional functionality. As someone that always used tabs in syslog.conf, no difference was known when using Solaris and Irix. I did miss the A and B flags in Solaris, among a host of little nags and ps's lack of functionality. Got a kick out of the bsd-like binaries. >On the other hand it could be argued that FreeBSD should a more >tolerant syslogd. This would cause the FreeBSD syslogd to be >incompatible with other syslogd's, meaning I could create a syslogd for >my shop (Suns, Alphas, RS/6000's, DG boxes, HP boxes, Linux boxes, and >FreeBSD boxes). If FreeBSD were to have a different syslogd I would >not be able to copy my syslogd.conf or cat any additions to any >syslogd.conf file. I would have one master file for FreeBSD and >another for the other systems. Best to keep things as similar as possible, so my vote is for the tab. >A syslogd.conf syntax checker (as mentioned in an earlier posting) >might be a better solution. It could be run at boot or via cron and >email its results to the sysadmin. This could be written as a small >Perl script. Agreed. Wouldn't awk be a shorter/better way though? Jeff Mountin - Unix Systems TCP/IP networking jeff@mountin.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 8 00:12:39 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id AAA09058 for freebsd-security-outgoing; Thu, 8 Oct 1998 00:12:39 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from peak.mountin.net ([207.227.119.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id AAA08983 for ; Thu, 8 Oct 1998 00:12:15 -0700 (PDT) (envelope-from jeff-ml@mountin.net) Received: (from daemon@localhost) by peak.mountin.net (8.9.1/8.9.1) id CAA25151; Thu, 8 Oct 1998 02:12:07 -0500 (CDT) Received: from harkol-108.isdn.mke.execpc.com(169.207.64.236) by peak.mountin.net via smap (V1.3) id sma025149; Thu Oct 8 02:11:46 1998 Message-Id: <3.0.3.32.19981008015828.00feeec4@207.227.119.2> X-Sender: jeff-ml@207.227.119.2 X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32) Date: Thu, 08 Oct 1998 01:58:28 -0500 To: Brett Glass From: "Jeffrey J. Mountin" Subject: Re: The necessary steps for logging (the problem is fixed) Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <4.1.19981007131531.0408a100@mail.lariat.org> References: <4.1.19981006213234.04cd1600@mail.lariat.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 01:16 PM 10/7/98 -0600, Brett Glass wrote: >>You have to examine the structure of the data in any config file >>before deciding which characters are legal separators. > >That's a problem. What's more, in an editor, tabs look like spaces >unless you display them as special characters (which ruins the >columnization and makes editing hard). So, you're damned if you turn >on the special display mode and damned if you don't. Displaying ^I is ugly, isn't it. Replacing or highlighting (like ^M in less) are equally an eyesore. You could: less /etc/syslog.conf /^I Quick way to check without much work, but a check is still better. Jeff Mountin - Unix Systems TCP/IP networking jeff@mountin.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 8 01:06:34 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id BAA17144 for freebsd-security-outgoing; Thu, 8 Oct 1998 01:06:34 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from peak.mountin.net ([207.227.119.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id BAA17128 for ; Thu, 8 Oct 1998 01:06:31 -0700 (PDT) (envelope-from jeff-ml@mountin.net) Received: (from daemon@localhost) by peak.mountin.net (8.9.1/8.9.1) id DAA25326; Thu, 8 Oct 1998 03:06:08 -0500 (CDT) Received: from harkol-108.isdn.mke.execpc.com(169.207.64.236) by peak.mountin.net via smap (V1.3) id sma025322; Thu Oct 8 03:05:52 1998 Message-Id: <3.0.3.32.19981008025226.0071bfbc@207.227.119.2> X-Sender: jeff-ml@207.227.119.2 X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32) Date: Thu, 08 Oct 1998 02:52:26 -0500 To: brooks@one-eyed-alien.net, Robert Watson From: "Jeffrey J. Mountin" Subject: Re: Java-based Crypto Decoder Ring gets NIST FIPS 140-1 certification (fwd) Cc: Wes Peters , FreeBSD-security@FreeBSD.ORG In-Reply-To: References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 10:24 AM 10/7/98 -0700, brooks@one-eyed-alien.net wrote: >On Wed, 7 Oct 1998, Robert Watson wrote: > >> In this case, the ideal key for me is one I plug in, and has a little >> display and a button or two. I type in my pin number, and it decrypts the >> pgp key stored in the ring. The ring then displays the comment field of >> the check, the to: field, and the amount, and prompts for confirmation, >> all from the digital check transfered to the ring. If I approve the >> transaction, the ring signs or encrypts the check with the key, and sends >> it back to the computer. > >While they don't have any way that wouldn't give the computer your pin, if >you use the Crypto buttons (the ring is only one form of them) correctly >*no one* including you ever knows the private key. For the actual >information on Crypto buttons in perticular and iButtons in general >checkout http://www.ibutton.com/. Greater flexibility would be needed for what I envision. Wes's mention of property rights begs to have a private/public key method along with protection for both "private" and "public" areas on the ring, which address just having a readable key that is easily copied. The ring owner would have a private key at home. That and only that could change the public key and necessary PIC (personal ID Code). An employer would use their private key to make an "id" for placement on the ring, which would use the persons "public" key. Use would require the users PIC and the employer would manange access with the "id" list. Or the private key could be on the ring with protections. Another key, kept at home would be the only way to access or change the key. Transactions would involve using the public key of the merchant and private key to create a "tranaction authorization" in the ring that is sent back to the merchant's reader. Not sure if a readable public key would be needed or useful, but like credit cards with a picture ID, a photo could be placed in the "public" data area. There is the problem that not everyone can scan a photo. Only "trusted" machines should be able to this. Still an issue is that the ring could be hacked, the photo changed with little trouble and it's some micreants shopping day. Maybe the photo should be encrypted using the private key and decrypted with the readable private key. This should be done by "trusted" facilities at respectable establishments, your bank for instance. Something more is still needed. The ring should have a companion matching unique card. The card with a special reader/writer would be used to create the photo, as well as the private key. Then the ring is immutable without the card, but the user cannot change the private key without a reader/writer, which may not be practical. What if their various credit cards are stored on the private side. This should be changeable, so maybe the photo should not be encrypted, but once set by a "trusted" machine it is immutable, period. Now you just send a photo and the manufacturer will add it to your custom ring, which would still need some kind of not easily forgeable "enabler" to change the "private" data, thus preserving security and privacy of the "private" data, as well as only the user knowing the PIC. The photo would mean in-person fraud would be me with a Darwin Award for stupidity. I'm sure my ramblings can be picked apart, but it's what I'm looking for in a ring for practical use. Jeff Mountin - Unix Systems TCP/IP networking jeff@mountin.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 8 04:21:06 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id EAA15215 for freebsd-security-outgoing; Thu, 8 Oct 1998 04:21:06 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from mail.ftf.dk (mail.ftf.net [129.142.64.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id EAA15210 for ; Thu, 8 Oct 1998 04:21:02 -0700 (PDT) (envelope-from regnauld@deepo.prosa.dk) Received: from mail.prosa.dk ([192.168.100.254]) by mail.ftf.dk (8.8.8/8.8.8/gw-ftf-1.0) with ESMTP id NAA21119; Thu, 8 Oct 1998 13:25:50 +0200 (CEST) (envelope-from regnauld@deepo.prosa.dk) X-Authentication-Warning: mail.ftf.dk: Host [192.168.100.254] claimed to be mail.prosa.dk Received: from deepo.prosa.dk (deepo.prosa.dk [192.168.100.10]) by mail.prosa.dk (8.8.8/8.8.5/prosa-1.1) with ESMTP id NAA08542; Thu, 8 Oct 1998 13:39:06 +0200 (CEST) Received: (from regnauld@localhost) by deepo.prosa.dk (8.8.8/8.8.5/prosa-1.1) id NAA28441; Thu, 8 Oct 1998 13:31:22 +0200 (CEST) Message-ID: <19981008133122.24974@deepo.prosa.dk> Date: Thu, 8 Oct 1998 13:31:22 +0200 From: Philippe Regnauld To: "Jeffrey J. Mountin" Cc: FreeBSD-security@FreeBSD.ORG Subject: Re: Java-based Crypto Decoder Ring gets NIST FIPS 140-1 certification (fwd) References: <36194931.975AA5AC@plutotech.com> <199810052353.RAA12302@mt.sri.com> <36195EF3.23B3260E@plutotech.com> <36199BC9.8B4BA146@softweyr.com> <3.0.3.32.19981006210902.006e987c@207.227.119.2> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.88e In-Reply-To: <3.0.3.32.19981006210902.006e987c@207.227.119.2>; from Jeffrey J. Mountin on Tue, Oct 06, 1998 at 09:09:02PM -0500 X-Operating-System: FreeBSD 2.2.6-RELEASE i386 Phone: +45 3336 4148 Address: Ahlefeldtsgade 16, 1359 Copenhagen K, Denmark Organization: PROSA Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Jeffrey J. Mountin writes: > Retina scan maybe. Simple, less messy and what happens if it is 50 > below and you just can't go. Not sure the ladies would like the p-test either. > > Also what happens if someone steals a sample. For the truely paranoid. 8-) Not so paranoid. Bruce Schneier evoked in his Cryptogram newsletter the problems of physiological security systems: i.e.: you can change your private key/password/id, but you can't change your fingerprints, retina or DNA if someone steals the record... => passwords and secret keys are here to stay. -- -[ Philippe Regnauld / sysadmin / regnauld@deepo.prosa.dk / +55.4N +11.3E ]- The Internet is busy. Please try again later. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 8 06:36:19 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id GAA27185 for freebsd-security-outgoing; Thu, 8 Oct 1998 06:36:19 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from ifi.uio.no (ifi.uio.no [129.240.64.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA27179 for ; Thu, 8 Oct 1998 06:36:13 -0700 (PDT) (envelope-from dag-erli@ifi.uio.no) Received: from hindarfjell.ifi.uio.no (2602@hindarfjell.ifi.uio.no [129.240.64.130]) by ifi.uio.no (8.8.8/8.8.7/ifi0.2) with ESMTP id PAA21943; Thu, 8 Oct 1998 15:34:29 +0200 (MET DST) Received: (from dag-erli@localhost) by hindarfjell.ifi.uio.no ; Thu, 8 Oct 1998 15:34:28 +0200 (MET DST) Mime-Version: 1.0 To: Nate Williams Cc: patl@phoenix.volant.org, "Matthew D. Fuller" , Wes Peters , FreeBSD-security@FreeBSD.ORG Subject: Re: Two Y chromosomes [ Was: Java-based Crypto Decoder Ring ...] References: <19981006045145.26603@futuresouth.com> <199810062256.QAA02571@mt.sri.com> Organization: University of Oslo, Department of Informatics X-url: http://www.stud.ifi.uio.no/~dag-erli/ X-other-addresses: 'finger dag-erli@ifi.uio.no' for a list X-disclaimer-1: The views expressed in this article are mine alone, and do X-disclaimer-2: not necessarily coincide with those of any organisation or X-disclaimer-3: company with which I am or have been affiliated. X-Stop-Spam: http://www.cauce.org/ From: dag-erli@ifi.uio.no (Dag-Erling C. =?iso-8859-1?Q?Sm=F8rgrav?= ) Date: 08 Oct 1998 15:34:26 +0200 In-Reply-To: Nate Williams's message of "Tue, 6 Oct 1998 16:56:30 -0600" Message-ID: Lines: 15 X-Mailer: Gnus v5.5/Emacs 19.34 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by hub.freebsd.org id GAA27181 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Nate Williams writes: > > Actually, there are some -very- rare individuals who have two Y > > chromosomes. But they also have an X chromosome. And there are > > some equally rare folks with two Xes and a Y. IIRC, there are > > no obvious physical signs; but such folk tend to be subject to > > various extremes of anti-social and violent behavour. > Actually, not always. Jamie-Lee Curtiss is one of those rare ones > (which is why she couldn't have children). Don't ask why I know > this... :) How do you know this? ;P DES -- Dag-Erling Smørgrav - dag-erli@ifi.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 8 07:21:52 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id HAA05164 for freebsd-security-outgoing; Thu, 8 Oct 1998 07:21:52 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from anubis.nosc.mil (anubis.nosc.mil [198.253.16.34]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA05159 for ; Thu, 8 Oct 1998 07:21:48 -0700 (PDT) (envelope-from swann@anubis.nosc.mil) Received: from localhost (swann@localhost) by anubis.nosc.mil (8.8.7/8.8.7) with SMTP id KAA04888; Thu, 8 Oct 1998 10:15:07 -0400 (EDT) Date: Thu, 8 Oct 1998 10:15:07 -0400 (EDT) From: David B Swann To: "Dag-Erling C. =?iso-8859-1?Q?Sm=F8rgrav?=" cc: Nate Williams , patl@phoenix.volant.org, "Matthew D. Fuller" , Wes Peters , FreeBSD-security@FreeBSD.ORG Subject: Re: Two Y chromosomes [ Was: Java-based Crypto Decoder Ring ...] In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from QUOTED-PRINTABLE to 8bit by hub.freebsd.org id HAA05160 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Could this thread be moved off the FreeBSD security list? Unless, of course, this aids in the security of my UNIX box ;) __________________________________________________________________________ | Bryan Swann (swann@nosc.mil) 803/566-0086 803/554-0015 (Fax) | | Eagan McAllister Associates, Inc. | | | | "Everything must be working perfectly, cause I don't smell any smoke" | -------------------------------------------------------------------------- On 8 Oct 1998, Dag-Erling C. [iso-8859-1] Smørgrav wrote: > Nate Williams writes: > > > Actually, there are some -very- rare individuals who have two Y > > > chromosomes. But they also have an X chromosome. And there are > > > some equally rare folks with two Xes and a Y. IIRC, there are > > > no obvious physical signs; but such folk tend to be subject to > > > various extremes of anti-social and violent behavour. > > Actually, not always. Jamie-Lee Curtiss is one of those rare ones > > (which is why she couldn't have children). Don't ask why I know > > this... :) > > How do you know this? ;P > > DES > -- > Dag-Erling Smørgrav - dag-erli@ifi.uio.no > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 8 10:09:02 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA03314 for freebsd-security-outgoing; Thu, 8 Oct 1998 10:09:02 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from orion.ac.hmc.edu (Orion.AC.HMC.Edu [134.173.32.20]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA03299 for ; Thu, 8 Oct 1998 10:08:58 -0700 (PDT) (envelope-from brooks@one-eyed-alien.net) From: brooks@one-eyed-alien.net Received: from localhost (brdavis@localhost) by orion.ac.hmc.edu (8.8.8/8.8.8) with SMTP id KAA13294; Thu, 8 Oct 1998 10:08:32 -0700 (PDT) X-Authentication-Warning: orion.ac.hmc.edu: brdavis owned process doing -bs Date: Thu, 8 Oct 1998 10:08:32 -0700 (PDT) X-Sender: brdavis@orion.ac.hmc.edu To: "Jeffrey J. Mountin" cc: Cy Schubert - ITSD Open Systems Group , freebsd-security@FreeBSD.ORG Subject: Re: The necessary steps for logging (the problem is fixed) In-Reply-To: <3.0.3.32.19981008015245.00feeec4@207.227.119.2> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 8 Oct 1998, Jeffrey J. Mountin wrote: > >A syslogd.conf syntax checker (as mentioned in an earlier posting) > >might be a better solution. It could be run at boot or via cron and > >email its results to the sysadmin. This could be written as a small > >Perl script. > > Agreed. Wouldn't awk be a shorter/better way though? If all you want is syntax checking, probably. However, at least under Solaris, syslog can bite you all sorts of different ways due to the fact that you can't get warnings unless you run it in debug mode. In addition to syntax checking my perl script warns you about thinks like non-existant files (syslog doesn't create files on solaris), non-existant loghsts, and bogus users. It's even got an option to create the necessicary files. I don't think I'd want to go to the effort of doing that in awk. :-) -- Brooks To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 8 12:14:26 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA26585 for freebsd-security-outgoing; Thu, 8 Oct 1998 12:14:26 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from castor2.freiepresse.de (castor2.freiepresse.de [194.25.232.30]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA26479 for ; Thu, 8 Oct 1998 12:14:07 -0700 (PDT) (envelope-from G.Sittig@abo.FreiePresse.DE) Received: from uncle.gsinet (ppp-pln183.freiepresse.de [194.25.234.183]) by castor2.freiepresse.de (8.8.4/8.8.4) with ESMTP id VAA09656 for ; Thu, 8 Oct 1998 21:06:30 +0200 (MET DST) Received: from uncle.gsinet (sittig@uncle.gsinet [192.168.11.131]) by uncle.gsinet (8.8.8/8.8.8) with SMTP id UAA13973 for ; Thu, 8 Oct 1998 20:15:28 +0200 Date: Thu, 8 Oct 1998 20:15:27 +0200 (MEST) From: Gerhard Sittig X-Sender: sittig@uncle.gsinet cc: freebsd-security@FreeBSD.ORG Subject: Re: The necessary steps for logging (the problem is fixed) In-Reply-To: <3.0.3.32.19981008015828.00feeec4@207.227.119.2> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 8 Oct 1998, Jeffrey J. Mountin wrote: > > Displaying ^I is ugly, isn't it. > > Replacing or highlighting (like ^M in less) are equally an eyesore. > > You could: > > less /etc/syslog.conf > /^I > > Quick way to check without much work, but a check is still better. vipw and visudo are bubbling up. What about wrapping editor and check together for these config files using so strict a format? G.Sittig@abo.FreiePresse.DE -- If you don't understand or are scared by any of the above ask your parents or an adult to help you. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 8 14:19:54 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id OAA22516 for freebsd-security-outgoing; Thu, 8 Oct 1998 14:19:54 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from ns1.cioe.com (ns1.cioe.com [204.120.165.37]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA22472 for ; Thu, 8 Oct 1998 14:19:34 -0700 (PDT) (envelope-from sjw@ctsmicro.com) Received: from gw.ctsmicro.com (gw.ctsmicro.com [205.159.34.254]) by ns1.cioe.com (8.8.8/8.8.5) with ESMTP id QAA05680 for ; Thu, 8 Oct 1998 16:19:20 -0500 (EST) Received: from sjw (sjw [205.159.34.80]) by gw.ctsmicro.com (8.6.11/8.6.9) with SMTP id PAA19694 for ; Thu, 8 Oct 1998 15:23:17 -0500 Date: Thu, 8 Oct 1998 15:23:17 -0500 Message-Id: <199810082023.PAA19694@gw.ctsmicro.com> X-Sender: sjw@ctsmicro.com X-Mailer: Windows Eudora Version 1.4.4 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" To: security@FreeBSD.ORG From: sjw@ctsmicro.com (Steve Weber) Subject: Re: security-digest V4 #154 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org unsubscribe Steve Weber CAD Manager CTS Microelectronics 1201 Cumberland Ave W. Lafayette, IN 47906 ph: 765-463-2565 fx: 765-497-5399 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 8 14:58:16 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id OAA29157 for freebsd-security-outgoing; Thu, 8 Oct 1998 14:58:16 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from RWSystems.net (Commie.RWSystems.net [204.251.23.221]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA28932 for ; Thu, 8 Oct 1998 14:57:40 -0700 (PDT) (envelope-from jwyatt@rwsystr.RWSystems.net) Received: from rwsystr.RWSystems.net([204.251.23.1]) (1334 bytes) by RWSystems.net via sendmail with P:smtp/R:inet_hosts/T:smtp (sender: ) id for ; Thu, 8 Oct 1998 16:37:50 -0500 (CDT) (Smail-3.2.0.101 1997-Dec-17 #1 built 1998-Jul-31) Date: Thu, 8 Oct 1998 11:27:20 -0500 (CDT) From: James Wyatt To: freebsd-security@FreeBSD.ORG Subject: Re: The necessary steps for logging (the problem is fixed) In-Reply-To: <4.1.19981007131531.0408a100@mail.lariat.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 7 Oct 1998, Brett Glass wrote: > That's a problem. What's more, in an editor, tabs look like spaces > unless you display them as special characters (which ruins the > columnization and makes editing hard). So, you're damned if you turn > on the special display mode and damned if you don't. I *really* liked the (DOS-based) editor 'Multi-Edit' when I used to do Win3.1 MultiMedia work. It showed a tab as a small circle, but still had the tab-width - the rest was normal spaces. It let you ensure you had tabs, but showed the right layout. Tabs in source can compile a *lot* faster in large C++ source and headers. I also used it over NFS to do *nix programming before I got my vi-feet... Wishing vi would support ^T like bash - Jy@ (jwyatt@rwsystems.net) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Oct 8 19:45:29 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id TAA26117 for freebsd-security-outgoing; Thu, 8 Oct 1998 19:45:29 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from alecto.physics.uiuc.edu (alecto.physics.uiuc.edu [130.126.8.20]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id TAA26098 for ; Thu, 8 Oct 1998 19:45:23 -0700 (PDT) (envelope-from igor@alecto.physics.uiuc.edu) Received: (from igor@localhost) by alecto.physics.uiuc.edu (8.9.0/8.9.0) id VAA08354; Thu, 8 Oct 1998 21:45:13 -0500 (CDT) From: Igor Roshchin Message-Id: <199810090245.VAA08354@alecto.physics.uiuc.edu> Subject: Re: The necessary steps for logging (the problem is fixed) (fwd) To: freebsd-security@FreeBSD.ORG Date: Thu, 8 Oct 1998 21:45:13 -0500 (CDT) X-Mailer: ELM [version 2.4ME+ PL43 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Ok, don't crash me with your swords .. ;) I just compiled the syslogd with the changes suggested. THe diff file is at the bottom. It works fine for me. Can anybody else test it against different syslog.conf's ? My only concern: In line 1410 - there was a space inside ", ;" originally: while (strchr(", ;", *q)) According to man syslog.conf - I don't see why it should be there.. This is the moment when the priority is analyzed. No spaces are allowed before the priority specification. So, I assume, this was just a typo. so, it should be while (strchr(",;", *q)) If this is not a typo, but I just missed some meaning, please, correct me! IgoR =====================8< =============================== --- syslogd.c.orig Thu Aug 6 00:58:10 1998 +++ syslogd.c Thu Oct 8 22:19:27 1998 @@ -1365,12 +1365,12 @@ } /* scan through the list of selectors */ - for (p = line; *p && *p != '\t';) { + for (p = line; *p && *p != '\t' && *p != ' ';) { int pri_done; int pri_cmp; /* find the end of this facility name list */ - for (q = p; *q && *q != '\t' && *q++ != '.'; ) + for (q = p; *q && *q != '\t' && *q != ' ' && *q++ != '.'; ) continue; /* get the priority comparison */ @@ -1402,12 +1402,12 @@ ; /* collect priority name */ - for (bp = buf; *q && !strchr("\t,;", *q); ) + for (bp = buf; *q && !strchr("\t,; ", *q); ) *bp++ = *q++; *bp = '\0'; /* skip cruft */ - while (strchr(", ;", *q)) + while (strchr(",;", *q)) q++; /* decode priority name */ @@ -1424,8 +1424,8 @@ } /* scan facilities */ - while (*p && !strchr("\t.;", *p)) { - for (bp = buf; *p && !strchr("\t,;.", *p); ) + while (*p && !strchr("\t.; ", *p)) { + for (bp = buf; *p && !strchr("\t,;. ", *p); ) *bp++ = *p++; *bp = '\0'; @@ -1454,7 +1454,7 @@ } /* skip to action part */ - while (*p == '\t') + while (*p == '\t' || *p == ' ') p++; switch (*p) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 9 05:38:13 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id FAA22537 for freebsd-security-outgoing; Fri, 9 Oct 1998 05:38:13 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from mail.ftf.dk (mail.ftf.net [129.142.64.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id FAA22531 for ; Fri, 9 Oct 1998 05:38:09 -0700 (PDT) (envelope-from regnauld@deepo.prosa.dk) Received: from mail.prosa.dk ([192.168.100.254]) by mail.ftf.dk (8.8.8/8.8.8/gw-ftf-1.0) with ESMTP id OAA00844; Fri, 9 Oct 1998 14:42:59 +0200 (CEST) (envelope-from regnauld@deepo.prosa.dk) X-Authentication-Warning: mail.ftf.dk: Host [192.168.100.254] claimed to be mail.prosa.dk Received: from deepo.prosa.dk (deepo.prosa.dk [192.168.100.10]) by mail.prosa.dk (8.8.8/8.8.5/prosa-1.1) with ESMTP id OAA10965; Fri, 9 Oct 1998 14:56:28 +0200 (CEST) Received: (from regnauld@localhost) by deepo.prosa.dk (8.8.8/8.8.5/prosa-1.1) id OAA11421; Fri, 9 Oct 1998 14:48:49 +0200 (CEST) Message-ID: <19981009144849.44978@deepo.prosa.dk> Date: Fri, 9 Oct 1998 14:48:49 +0200 From: Philippe Regnauld To: shivan@ICI.NET Cc: BUGTRAQ@NETSPACE.ORG, freebsd-security@FreeBSD.ORG Subject: Re: Possible DoS in rsh References: <199810061943.PAA28852@bajor.ici.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.88e In-Reply-To: <199810061943.PAA28852@bajor.ici.net>; from Shivan Dragon on Tue, Oct 06, 1998 at 03:43:01PM -0400 X-Operating-System: FreeBSD 2.2.6-RELEASE i386 Phone: +45 3336 4148 Address: Ahlefeldtsgade 16, 1359 Copenhagen K, Denmark Organization: PROSA Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Shivan Dragon writes: > I don't know if this has been posted before so here it is. If you link your > .rhosts file (or hosts.equiv?) to /dev/zero. When you try to rsh it tried to > read /dev/zero that is of infinate length. I've tried to rsh in and I get > timed out after 60 seconds. Please specify the platform when you send such a post. Which OS ? Which version of the rshd ? BTW: FreeBSD 2.2.7 seems to be unaffected (just asks for your password instead). -- -[ Philippe Regnauld / sysadmin / regnauld@deepo.prosa.dk / +55.4N +11.3E ]- The Internet is busy. Please try again later. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 9 07:57:20 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id HAA14848 for freebsd-security-outgoing; Fri, 9 Oct 1998 07:57:20 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from pn.wagsky.com (wagsky.vip.best.com [206.86.71.127]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA14826; Fri, 9 Oct 1998 07:56:56 -0700 (PDT) (envelope-from Jeff@Wagsky.com) Received: from [192.168.6.3] (mac.pn.wagsky.com [192.168.6.3]) by pn.wagsky.com (8.8.8/8.8.8) with ESMTP id HAA09388; Fri, 9 Oct 1998 07:56:26 -0700 (PDT) (envelope-from Jeff@Wagsky.com) X-Sender: mailman@mail.pn.wagsky.com Message-Id: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Fri, 9 Oct 1998 07:56:09 -0700 To: freebsd-questions@FreeBSD.ORG, freebsd-security@FreeBSD.ORG From: Jeff Kletsky Subject: fwtk and skey authorization Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org After installing the latest version of fwtk (CVSup as of 981009) under FreeBSD 2.2.7-STABLE (CVSup as of 981006), it does not appear as though the skey authorization works properly: bash# /usr/local/authsrv authsrv# adduser jeff ok - user added initially disabled authsrv# enable jeff enabled authsrv# proto jeff skey changed authsrv# passwd jeff "some passwrod phrase typed here" /usr/libexec/ld.so: Undefined symbol "_MD4Init" called from authsrv:/usr/lib/libskey.so.2.0 at 0x2003d218 Any suggestions as to what I've missed? Thanks! Jeff To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 9 12:20:22 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA28881 for freebsd-security-outgoing; Fri, 9 Oct 1998 12:20:22 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from pn.wagsky.com (wagsky.vip.best.com [206.86.71.127]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA28866; Fri, 9 Oct 1998 12:20:15 -0700 (PDT) (envelope-from Jeff@Wagsky.com) Received: from [192.168.6.3] (mac.pn.wagsky.com [192.168.6.3]) by pn.wagsky.com (8.8.8/8.8.8) with ESMTP id MAA09735; Fri, 9 Oct 1998 12:20:04 -0700 (PDT) (envelope-from Jeff@Wagsky.com) X-Sender: mailman@mail.pn.wagsky.com Message-Id: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Fri, 9 Oct 1998 12:19:59 -0700 To: freebsd-questions@FreeBSD.ORG, freebsd-security@FreeBSD.ORG From: Jeff Kletsky Subject: RE: fwtk and skey authorization Cc: obrien@FreeBSD.ORG, Jim Flowers Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org To resolve the failure detailed below, the following change must be made to /usr/ports/security/fwtk/work/fwtk/Makefile.config change from AUXLIB= -lcrypt -lskey to AUXLIB= -lcrypt -lskey -lmd Jeff ----- Original posting After installing the latest version of fwtk (CVSup as of 981009) under FreeBSD 2.2.7-STABLE (CVSup as of 981006), it does not appear as though the skey authorization works properly: bash# /usr/local/authsrv authsrv# adduser jeff ok - user added initially disabled authsrv# enable jeff enabled authsrv# proto jeff skey changed authsrv# passwd jeff "some passwrod phrase typed here" /usr/libexec/ld.so: Undefined symbol "_MD4Init" called from authsrv:/usr/lib/libskey.so.2.0 at 0x2003d218 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 9 12:45:23 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA03122 for freebsd-security-outgoing; Fri, 9 Oct 1998 12:45:23 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from peak.mountin.net (peak.mountin.net [207.227.119.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA03117 for ; Fri, 9 Oct 1998 12:45:18 -0700 (PDT) (envelope-from jeff-ml@mountin.net) Received: (from daemon@localhost) by peak.mountin.net (8.9.1/8.9.1) id OAA04475; Fri, 9 Oct 1998 14:45:12 -0500 (CDT) Received: from aridius-44.isdn.mke.execpc.com(169.207.66.171) by peak.mountin.net via smap (V1.3) id sma004468; Fri Oct 9 14:44:49 1998 Message-Id: <3.0.3.32.19981009143418.00700d00@207.227.119.2> X-Sender: jeff-ml@207.227.119.2 X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32) Date: Fri, 09 Oct 1998 14:34:18 -0500 To: Jeff Kletsky , freebsd-security@FreeBSD.ORG From: "Jeffrey J. Mountin" Subject: Re: fwtk and skey authorization In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 07:56 AM 10/9/98 -0700, Jeff Kletsky wrote: >After installing the latest version of fwtk (CVSup as of 981009) under >FreeBSD 2.2.7-STABLE (CVSup as of 981006), it does not appear as though the >skey authorization works properly: > >bash# /usr/local/authsrv >authsrv# adduser jeff >ok - user added initially disabled >authsrv# enable jeff >enabled >authsrv# proto jeff skey >changed >authsrv# passwd jeff "some passwrod phrase typed here" >/usr/libexec/ld.so: Undefined symbol "_MD4Init" called from >authsrv:/usr/lib/libskey.so.2.0 at 0x2003d218 > >Any suggestions as to what I've missed? I don't use fwtk, but do use SKey at a minimum for certain services. Seems that SKey on your system can't find the MD4 library or fwtk munged something. Don't feel like the rigamoral at the moment to get the source, sorry. Did you try disabling fwtk and adding your account with 'keyinit -s jeff'? If the built in SKey works, it's definately a bug in the port. Otherwise something's broken in -stable. Jeff Mountin - Unix Systems TCP/IP networking jeff@mountin.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 9 13:32:32 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id NAA12776 for freebsd-security-outgoing; Fri, 9 Oct 1998 13:32:32 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from transbay.net (synergy.transbay.net [209.133.53.2] (may be forged)) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA12661; Fri, 9 Oct 1998 13:32:09 -0700 (PDT) (envelope-from bh@synergy.transbay.net) Received: from localhost (bh@localhost) by transbay.net (8.9.1/8.8.8) with SMTP id NAA22919; Fri, 9 Oct 1998 13:35:17 -0700 (PDT) (envelope-from bh@synergy.transbay.net) Date: Fri, 9 Oct 1998 13:35:17 -0700 (PDT) From: Brandon Huey To: Jeff Kletsky cc: freebsd-questions@FreeBSD.ORG, freebsd-security@FreeBSD.ORG, obrien@FreeBSD.ORG, Jim Flowers Subject: RE: fwtk and skey authorization (+ssh) In-Reply-To: Message-ID: X-Copyright: (C)1998 Brandon Huey; Forwarding prohibited MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org on a related note, i recently discovered an s/key patched ssh and it's working great. you can find it at: http://www.lackluster.net/~scott/ssh_skey.html To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Oct 9 20:32:28 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id UAA27098 for freebsd-security-outgoing; Fri, 9 Oct 1998 20:32:28 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from peak.mountin.net (peak.mountin.net [207.227.119.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA27058 for ; Fri, 9 Oct 1998 20:32:14 -0700 (PDT) (envelope-from jeff-ml@mountin.net) Received: (from daemon@localhost) by peak.mountin.net (8.9.1/8.9.1) id WAA07134; Fri, 9 Oct 1998 22:32:09 -0500 (CDT) Received: from aridius-44.isdn.mke.execpc.com(169.207.66.171) by peak.mountin.net via smap (V1.3) id sma007132; Fri Oct 9 22:32:08 1998 Message-Id: <3.0.3.32.19981009222114.007449dc@207.227.119.2> X-Sender: jeff-ml@207.227.119.2 X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32) Date: Fri, 09 Oct 1998 22:21:14 -0500 To: Brandon Huey From: "Jeffrey J. Mountin" Subject: RE: fwtk and skey authorization (+ssh) Cc: freebsd-security@FreeBSD.ORG In-Reply-To: References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 01:35 PM 10/9/98 -0700, Brandon Huey wrote: > >on a related note, i recently discovered an s/key patched ssh and it's >working great. > >you can find it at: http://www.lackluster.net/~scott/ssh_skey.html Rather neat, but is it doing the OTP over an encrypted tunnel ie first you enter your private key password, then it prompts for a SKey password on the server. Or is this just so that you can use either RSA or SKey OTP authentication? Now if there was something to make it optional for POP, rather than mandatory. If you compile popper on a clean install, once you add a /etc/skey.access file and do not wish to use SKey, the access file need a permit. Would be better to use a 2nd access file, especially if you use an alternate passwd file. Just commenting, since it not extremely important in my case, which is why I haven't looked into it much. 8-) Jeff Mountin - Unix Systems TCP/IP networking jeff@mountin.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Oct 10 09:38:47 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA26108 for freebsd-security-outgoing; Sat, 10 Oct 1998 09:38:47 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from uriela.in-berlin.de (servicia.in-berlin.de [192.109.42.145]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA26081 for ; Sat, 10 Oct 1998 09:38:30 -0700 (PDT) (envelope-from nortobor.nostromo.in-berlin.de!ripley@servicia.in-berlin.de) Received: by uriela.in-berlin.de (Smail-3.2.0.101 1997-Dec-17 #1) id m0zS1hg-000VUaC; Sat, 10 Oct 1998 18:17:12 +0200 (CEST) Received: (from ripley@localhost) by nortobor.nostromo.in-berlin.de (8.8.7/8.8.7) id MAA01945; Sat, 10 Oct 1998 12:25:42 +0200 (CEST) (envelope-from ripley) Message-ID: <19981010122539.52033@nostromo.in-berlin.de> Date: Sat, 10 Oct 1998 12:25:40 +0200 From: "H. Eckert" To: andrew@squiz.co.nz Cc: Alejandro Galindo Chairez AGALINDO , freebsd-security@FreeBSD.ORG Subject: Re: ipfw and pop3 References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.84e In-Reply-To: ; from Andrew McNaughton on Thu, Oct 08, 1998 at 01:26:35PM +1300 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, Oct 08, 1998 at 01:26:35PM +1300, Andrew McNaughton wrote: > On Wed, 7 Oct 1998, Alejandro Galindo Chairez AGALINDO wrote: > > can you help to me in establish the rule for permit the pop3 port access? > > i only need to permit the network 208.195.117.0 (mask 0xffffff00) > > or can you indicate to me where can i find some rule samples for this? > > I'm not quite clear on your setup (where is the firewall?) but your > network can be defined as 208.195.117.0:255.255.255.0 How about 208.195.117/24 ? I had some slight trouble about pop3 access and ipfw rules lately, too. My setup is quite simple: [Internet]<--Dialup IP(ipi0)-->[FreeBSD Server]<--Ethernet-->[internal net] I have a pop3 service running on my server for which I want access only from the inside. OTOH I want to access a remote pop3 server from an internal machine. Without ipfw restriction anybody can get at my server while the dialup is active. This is especially bad as my popper is quite old and could easily be abused. There is no use in hunting down security fixes for pop3 as there is no public access anyway so I rather close that hole permanently. What I needed to accomplish is this: [Net] <--- pop3 ok [Net] ---> pop3 denied So I tried a rule like "ipfw deny tcp from any pop3 to any in ipi0" Trouble was, this effectively denied me from getting mail from the remote server :-( The solution is actually really simple, I installed tcp_wrapper. Now I can freely let pop3 through my ipfw ruleset and access to the pop3 service on my server machine from the outside is blocked. No machine on my internal net runs pop3 and they're unreachable due to nat, anyway. inetd.conf: pop3 stream tcp nowait root /usr/local/libexec/tcpd /usr/local/libexec/popper -s /usr/local/etc/hosts.allow: # Wed Oct 7 03:00:00 CEST 1998 popper : LOCAL 10.175. : allow #popper : UNKNOWN PARANOID : deny popper : ALL : deny ALL : ALL (the commented out line didn't work; does anybody know why ?) Greetings, Ripley -- http://www.in-berlin.de/User/nostromo/ == "You don't say what kind of CD drive or hard disks you have, but since it is causing you trouble I'll assume it is IDE." -- comp.unix.bsd.freebsd.misc To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Oct 10 09:39:48 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA26221 for freebsd-security-outgoing; Sat, 10 Oct 1998 09:39:48 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from uriela.in-berlin.de (servicia.in-berlin.de [192.109.42.145]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA26179 for ; Sat, 10 Oct 1998 09:39:06 -0700 (PDT) (envelope-from nortobor.nostromo.in-berlin.de!ripley@servicia.in-berlin.de) Received: by uriela.in-berlin.de (Smail-3.2.0.101 1997-Dec-17 #1) id m0zS1hg-000VUZC; Sat, 10 Oct 1998 18:17:12 +0200 (CEST) Received: (from ripley@localhost) by nortobor.nostromo.in-berlin.de (8.8.7/8.8.7) id LAA01855; Sat, 10 Oct 1998 11:57:20 +0200 (CEST) (envelope-from ripley) Message-ID: <19981010115719.40914@nostromo.in-berlin.de> Date: Sat, 10 Oct 1998 11:57:19 +0200 From: "H. Eckert" To: James Wyatt Cc: freebsd-security@FreeBSD.ORG Subject: Re: The necessary steps for logging (the problem is fixed) References: <4.1.19981007131531.0408a100@mail.lariat.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.84e In-Reply-To: ; from James Wyatt on Thu, Oct 08, 1998 at 11:27:20AM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, Oct 08, 1998 at 11:27:20AM -0500, James Wyatt wrote: > On Wed, 7 Oct 1998, Brett Glass wrote: > > That's a problem. What's more, in an editor, tabs look like spaces > > unless you display them as special characters (which ruins the > > columnization and makes editing hard). So, you're damned if you turn > > on the special display mode and damned if you don't. > > I *really* liked the (DOS-based) editor 'Multi-Edit' when I used to do > Win3.1 MultiMedia work. It showed a tab as a small circle, but still > had the tab-width - the rest was normal spaces. It let you ensure you had > tabs, but showed the right layout. Tabs in source can compile a *lot* > faster in large C++ source and headers. I also used it over NFS to do > *nix programming before I got my vi-feet... You may like Sven Guckes' experiments about syntax coloring involving visible tabs. He made up a syntax-file that even shows whether leading/trailing whitespace consists of tabs, spaces, or a mix of both. Details should be available somewhere at http://www.vim.org/ http://www.math-fu-berlin.de/~guckes/vim/ I think I'll convince him to extract the necessary parts for this kind of config files from his experimental file (which is far too colorful for any real use). > Wishing vi would support ^T like bash - Jy@ (jwyatt@rwsystems.net) What does ^T do in bash ? In my tcsh it justs swaps to adjacent chars. Greetings, Ripley -- http://www.in-berlin.de/User/nostromo/ == "You don't say what kind of CD drive or hard disks you have, but since it is causing you trouble I'll assume it is IDE." -- comp.unix.bsd.freebsd.misc To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Oct 10 10:34:20 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA04450 for freebsd-security-outgoing; Sat, 10 Oct 1998 10:34:20 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from lariat.lariat.org (lariat.lariat.org [206.100.185.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA04429 for ; Sat, 10 Oct 1998 10:34:15 -0700 (PDT) (envelope-from brett@lariat.org) Received: (from brett@localhost) by lariat.lariat.org (8.8.8/8.8.6) id LAA17932; Sat, 10 Oct 1998 11:33:37 -0600 (MDT) Message-Id: <4.1.19981010112940.0427f9c0@mail.lariat.org> X-Sender: brett@mail.lariat.org X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Sat, 10 Oct 1998 11:31:27 -0600 To: "H. Eckert" , James Wyatt From: Brett Glass Subject: Re: The necessary steps for logging (the problem is fixed) Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <19981010115719.40914@nostromo.in-berlin.de> References: <4.1.19981007131531.0408a100@mail.lariat.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 11:57 AM 10/10/98 +0200, H. Eckert wrote: >What does ^T do in bash ? In my tcsh it justs swaps to adjacent chars. That's the EMACS keystroke convention. The "T" stands for "transpose." The story goes that RMS was a sloppy typist and transposed letters a lot, so he devoted a valuable 1-key command to undoing this common mistake. A tab is ^I. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Oct 10 10:50:29 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA06902 for freebsd-security-outgoing; Sat, 10 Oct 1998 10:50:29 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from foobar.franken.de (foobar.franken.de [194.94.249.81]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA06893 for ; Sat, 10 Oct 1998 10:50:17 -0700 (PDT) (envelope-from logix@foobar.franken.de) Received: (from logix@localhost) by foobar.franken.de (8.8.8/8.8.5) id TAA24364; Sat, 10 Oct 1998 19:49:01 +0200 (CEST) Message-ID: <19981010194900.A24338@foobar.franken.de> Date: Sat, 10 Oct 1998 19:49:00 +0200 From: Harold Gutch To: "H. Eckert" , andrew@squiz.co.nz Cc: Alejandro Galindo Chairez AGALINDO , freebsd-security@FreeBSD.ORG Subject: Re: ipfw and pop3 References: <19981010122539.52033@nostromo.in-berlin.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.2i In-Reply-To: <19981010122539.52033@nostromo.in-berlin.de>; from H. Eckert on Sat, Oct 10, 1998 at 12:25:40PM +0200 X-Organisation: BatmanSystemDistribution X-Mission: To free the world from the Penguin Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, Oct 10, 1998 at 12:25:40PM +0200, H. Eckert wrote: > I have a pop3 service running on my server for which I want access > only from the inside. OTOH I want to access a remote pop3 server > from an internal machine. Without ipfw restriction anybody can get > at my server while the dialup is active. This is especially bad as > my popper is quite old and could easily be abused. There is no use > in hunting down security fixes for pop3 as there is no public access > anyway so I rather close that hole permanently. What I needed to > accomplish is this: > > [Net] <--- pop3 ok > [Net] ---> pop3 denied > > So I tried a rule like "ipfw deny tcp from any pop3 to any in ipi0" > Trouble was, this effectively denied me from getting mail from the > remote server :-( > Wouldn't something like the following work: ipfw add reset tcp from any to nostromo pop3 establish via ipi0 Replacing nostromo of course for the host your pop3d is running on. All this would deny is the establishing of TCP connections to nostromo's pop3d from connections coming over ipi0-interface, everything else would be allowed. In fact, this rule would even reset the connection, so the "outside world" would see nostromo's pop3d-port as if there was no service running on it. As I don't know your setup (private/real IPs etc.) you might have to change the ruleset a little according to it. -- bye, logix Sleep is an abstinence syndrome wich occurs due to lack of caffein. Wed Mar 4 04:53:33 CET 1998 #unix, ircnet To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Oct 10 12:34:58 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA20486 for freebsd-security-outgoing; Sat, 10 Oct 1998 12:34:58 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from shell6.ba.best.com (shell6.ba.best.com [206.184.139.137]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA20479 for ; Sat, 10 Oct 1998 12:34:52 -0700 (PDT) (envelope-from jkb@shell6.ba.best.com) Received: (from jkb@localhost) by shell6.ba.best.com (8.9.0/8.9.0/best.sh) id MAA25089; Sat, 10 Oct 1998 12:33:36 -0700 (PDT) Message-ID: <19981010123336.A24920@best.com> Date: Sat, 10 Oct 1998 12:33:36 -0700 From: "Jan B. Koum " To: Brett Glass , "H. Eckert" , James Wyatt Cc: freebsd-security@FreeBSD.ORG Subject: Re: The necessary steps for logging (the problem is fixed) References: <4.1.19981007131531.0408a100@mail.lariat.org> <19981010115719.40914@nostromo.in-berlin.de> <4.1.19981010112940.0427f9c0@mail.lariat.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.2i In-Reply-To: <4.1.19981010112940.0427f9c0@mail.lariat.org>; from Brett Glass on Sat, Oct 10, 1998 at 11:31:27AM -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, Oct 10, 1998 at 11:31:27AM -0600, Brett Glass wrote: > At 11:57 AM 10/10/98 +0200, H. Eckert wrote: > > >What does ^T do in bash ? In my tcsh it justs swaps to adjacent chars. > > That's the EMACS keystroke convention. The "T" stands for "transpose." > The story goes that RMS was a sloppy typist and transposed letters a > lot, so he devoted a valuable 1-key command to undoing this common > mistake. > > A tab is ^I. > > --Brett > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message Isn't this time to take this to -chat? Really... before we patch Unix to make it case insensitive. :) -- Yan I don't have the password .... + Jan Koum But the path is chainlinked .. | Spelled Jan, pronounced Yan. There. So if you've got the time .... | Web: http://www.best.com/~jkb Set the tone to sync ......... + OS: http://www.FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Oct 10 18:51:25 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id SAA27766 for freebsd-security-outgoing; Sat, 10 Oct 1998 18:51:25 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from cheops.anu.edu.au (cheops.anu.edu.au [150.203.224.24]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id SAA27758 for ; Sat, 10 Oct 1998 18:51:21 -0700 (PDT) (envelope-from avalon@coombs.anu.edu.au) Message-Id: <199810110151.SAA27758@hub.freebsd.org> Received: by cheops.anu.edu.au (1.37.109.16/16.2) id AA105890641; Sun, 11 Oct 1998 11:50:41 +1000 From: Darren Reed Subject: Re: The necessary steps for logging (the problem is fixed) To: ripley@nostromo.in-berlin.de (H. Eckert) Date: Sun, 11 Oct 1998 11:50:41 +1000 (EST) Cc: jwyatt@rwsystr.RWSystems.net, freebsd-security@FreeBSD.ORG In-Reply-To: <19981010115719.40914@nostromo.in-berlin.de> from "H. Eckert" at Oct 10, 98 11:57:19 am X-Mailer: ELM [version 2.4 PL23] Content-Type: text Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In some mail from H. Eckert, sie said: > > > Wishing vi would support ^T like bash - Jy@ (jwyatt@rwsystems.net) > > What does ^T do in bash ? In my tcsh it justs swaps to adjacent chars. same thing. but in vi it is 2 characters [xX][pP] in command mode. darren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Oct 10 21:28:00 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id VAA12972 for freebsd-security-outgoing; Sat, 10 Oct 1998 21:28:00 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from RWSystems.net (Commie.RWSystems.net [204.251.23.221]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id VAA12953; Sat, 10 Oct 1998 21:27:57 -0700 (PDT) (envelope-from jwyatt@rwsystr.RWSystems.net) Received: from rwsystr.RWSystems.net([204.251.23.1]) (2936 bytes) by RWSystems.net via sendmail with P:smtp/R:inet_hosts/T:smtp (sender: ) id for ; Sat, 10 Oct 1998 23:11:48 -0500 (CDT) (Smail-3.2.0.101 1997-Dec-17 #1 built 1998-Jul-31) Date: Sat, 10 Oct 1998 18:01:04 -0500 (CDT) From: James Wyatt To: Nate Williams cc: freebsd-chat@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: Compiler likes tabs better than spaces?? (was Re: ..logging (the problem is fixed)) In-Reply-To: <199810082218.QAA29900@mt.sri.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 8 Oct 1998, Nate Williams wrote: > [ Moved to -chat, as this is really not security related... ] > > Tabs in source can compile a *lot* faster in large C++ source and > > headers. I also used it over NFS to do *nix programming before I got > Now, this is one of those statements I *really* like to see, since it > has no basis on factual data. Using tabs vs. spaces won't make your > program compile measurably faster. Whoever told you this was smoking > something.... btw: I'll answer here (once) because you were rather snippy in your answer, you were wrong and our relay doesn't get -chat. I can understand why your (Free) BS Detector might go off. 8{) I said the same thing a while back when I heard it a while ago, so I measured it. For heavy C++ (lotsa big headers made pretty and readable) and code w/ASCII depictions of the structures and PVCS headers, tabs make a very measurable (and sometimes noticable) difference. If you drop 7 (or 3) char for every tab and have lots of them, your file reads go down, the compiler reads more file per line (thus by a clock, compiles faster 8{), and you save disk space. You also have less IO to your editor and such. Your PVCS (or SCCS/RCS/CVS/etc...) archives will also be smaller. You're right if you note that everything past the precompiler is usually constant, though. The effect is also reduced if your compiler utilizes precompiled headers. Removing any successive whitespace, will also speed things up, but at the expense of readability. OTOH, if one doesn't tabbify, comment, or use headers much one might not notice... 8{( As I said, I *did* time this a while back to measure the effect, so this *is* based on fact and I was *not* smoking anything at the time... 8{) Ron Light, the guy who drove me to Unix showed me how nice it was to 'entab' the system headers and frequent-flyers when I was learning C and unix/xenix long ago. (You'll notice FreeBSDs curses.h has tabs) I also loved Borland when they implemented precompiled headers in Borland C++ back in the Win 3.1 days. Sorry to have wasted your time in replying to me, I'll try to be clearer next time - Jy@ (James Wyatt jwyatt@rwsystems.net) My favorite programming language is still solder - David Gunn KA5WAM To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message