From owner-freebsd-security Sun Jan 27 4:51:57 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.ee (smtp.mail.ee [212.107.32.208]) by hub.freebsd.org (Postfix) with SMTP id 45CEA37B42F for ; Sun, 27 Jan 2002 04:51:24 -0800 (PST) Received: (qmail 30505 invoked from network); 27 Jan 2002 12:51:20 -0000 Received: from june.tele2.ee (212.107.32.201) by smtp.mail.ee with SMTP; 27 Jan 2002 12:51:20 -0000 Received: (from nobody@localhost) by june.tele2.ee (8.11.6/8.9.3/Debian 8.9.3-21) id g0RCpKX31851; Sun, 27 Jan 2002 14:51:20 +0200 Date: Sun, 27 Jan 2002 14:51:20 +0200 Message-Id: <200201271251.g0RCpKX31851@june.tele2.ee> X-Authentication-Warning: june.tele2.ee: nobody set sender to peeter.kallas.002@mail.ee using -f From: "peeter kallas" To: freebsd-security@FreeBSD.ORG Subject: Cryptographic file systems MIME-Version: 1.0 X-EdMessageId: 0e4c010d081f5c454257505a7d545e430e514b0e56445e40495453491f51585c14185c535992 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I'm trying to find cryptographic file system for FreeBSD that suits my needs, but there seems to be very little to choose from. I've found only CFS from the ports collection, but it doesn't support multiple users working on same directory I have FreeBSD box that is running Samba and acting as file server for several Windows machines. I'd like to secure the files on the server against physical breakin into the office using some sort of cryptographic file system. I envision it so that a user will log in to FreeBSD box using SSH and ether some passphrase/key for part of the file system to become available. After that user should be able to access encrypted files locally or thru a Samba share that points to the encrypted file system part. After some idle time access should be revoked. As it is small group of people it is ok if they share the key/passphrase and if one user enters it, crypted files become available for all Can anybody suggest something for the job? -- everyday.com -- Tasuta e-post, SMS-id ja aadressiraamat. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Jan 27 4:57:32 2002 Delivered-To: freebsd-security@freebsd.org Received: from atkielski.com (atkielski.com [161.58.232.69]) by hub.freebsd.org (Postfix) with ESMTP id D4FBB37B400 for ; Sun, 27 Jan 2002 04:57:26 -0800 (PST) Received: from contactdish (ASt-Lambert-101-2-1-14.abo.wanadoo.fr [193.251.59.14]) by atkielski.com (8.11.6) id g0RCvNp24671; Sun, 27 Jan 2002 13:57:23 +0100 (CET) Message-ID: <049201c1a732$2a1e0b60$0a00000a@atkielski.com> From: "Anthony Atkielski" To: "peeter kallas" , References: <200201271251.g0RCpKX31851@june.tele2.ee> Subject: Re: Cryptographic file systems Date: Sun, 27 Jan 2002 13:57:22 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org As long as anyone has physical access to the box, there is no solution to the problem you describe. Anyone with access to the server also has access to its network connections, and could thus intercept network traffic involving encrypted files. Encrypting them on disk is thus pointless. The only way to keep files on the server is to encrypt them AND transmit and receive them over the wire in encrypted form to and from client machines. Keys, passphrases, and plaintext file content must not pass over the wire; encryption and decryption operations must take place only on client machines. If this is done, then physical access to the file server will not aid an intruder in compromising file content. But in the scenario you describe, an intruder could intercept key material, passphrases, or actual plaintext file content on the wire, making encryption on disk moot. This also implies that encryption cannot be made completely transparent for the end user. ----- Original Message ----- From: "peeter kallas" To: Sent: Sunday, January 27, 2002 13:51 Subject: Cryptographic file systems > I'm trying to find cryptographic file system for FreeBSD that suits my needs, but there seems to be very little to choose from. I've found only CFS from the ports collection, but it doesn't support multiple users working on same directory > > I have FreeBSD box that is running Samba and acting as file server for several Windows machines. I'd like to secure the files on the server against physical breakin into the office using some sort of cryptographic file system. I envision it so that a user will log in to FreeBSD box using SSH and ether some passphrase/key for part of the file system to become available. After that user should be able to access encrypted files locally or thru a Samba share that points to the encrypted file system part. After some idle time access should be revoked. As it is small group of people it is ok if they share the key/passphrase and if one user enters it, crypted files become available for all > > Can anybody suggest something for the job? > > -- everyday.com -- > Tasuta e-post, SMS-id ja aadressiraamat. > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Jan 27 5:13:18 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.ee (smtp.mail.ee [212.107.32.208]) by hub.freebsd.org (Postfix) with SMTP id 3F1DE37B400 for ; Sun, 27 Jan 2002 05:13:11 -0800 (PST) Received: (qmail 22802 invoked from network); 27 Jan 2002 13:13:09 -0000 Received: from june.tele2.ee (212.107.32.201) by smtp.mail.ee with SMTP; 27 Jan 2002 13:13:09 -0000 Received: (from nobody@localhost) by june.tele2.ee (8.11.6/8.9.3/Debian 8.9.3-21) id g0RDD7O32639; Sun, 27 Jan 2002 15:13:07 +0200 Date: Sun, 27 Jan 2002 15:13:07 +0200 Message-Id: <200201271313.g0RDD7O32639@june.tele2.ee> X-Authentication-Warning: june.tele2.ee: nobody set sender to peeter.kallas.002@mail.ee using -f From: "peeter kallas" Cc: freebsd-security@FreeBSD.ORG To: "Anthony Atkielski" Subject: Vastan: Cryptographic file systems MIME-Version: 1.0 X-EdMessageId: 060005004d5309005a5a625740451055571357585640425651491c535e5f175418505a5c1b94 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > As long as anyone has physical access to the box, there is no solution > to > the problem you describe. Anyone with access to the server also has > access > to its network connections, and could thus intercept network traffic > involving encrypted files. Encrypting them on disk is thus pointless. Thing is that only way to gain access to that box is to physically break into the office, grab the box can run before security guards arrive, so storing info in encrypted form is quite adequate for the situration. Of course it would be better if encryption is done on the client side and theoretically it could be transparent too -- for example NFS client for Windows that crypts the file data (anybody heard of such?) -- everyday.com -- Tasuta e-post, SMS-id ja aadressiraamat. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Jan 27 6:16:51 2002 Delivered-To: freebsd-security@freebsd.org Received: from freebie.atkielski.com (ASt-Lambert-101-2-1-14.abo.wanadoo.fr [193.251.59.14]) by hub.freebsd.org (Postfix) with ESMTP id EDB3037B402 for ; Sun, 27 Jan 2002 06:16:39 -0800 (PST) Received: from contactdish ([10.0.0.10]) by freebie.atkielski.com (8.11.3/8.11.3) with SMTP id g0REGZr15822; Sun, 27 Jan 2002 15:16:35 +0100 (CET) (envelope-from anthony@freebie.atkielski.com) Message-ID: <04a301c1a73d$3b06f580$0a00000a@atkielski.com> From: "Anthony Atkielski" To: "peeter kallas" Cc: References: <200201271313.g0RDD7O32639@june.tele2.ee> Subject: Re: Vastan: Cryptographic file systems Date: Sun, 27 Jan 2002 15:16:35 +0100 Organization: Anthony's Home Page (development site) MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Peeter writes: > Thing is that only way to gain access to that box > is to physically break into the office, grab the > box can run before security guards arrive, so storing > info in encrypted form is quite adequate for the > situration. But if the box is physically secure, and if the system is configured correctly, then storing information in encrypted form is unnecessary, too, since nobody can get to information that he isn't authorized to see, anyway. Additionally, if it is nominally impossible for anyone to access information to which he is not entitled, and the machine is physically secure, BUT it is possible to technically compromise the machine so that access to unauthorized information is possible, then encryption on the server still will not work, because whatever compromise allows an intruder to gain unauthorized access to information will also allow him to gain unauthorized access to encryption material that will allow him to decrypt the information to which he has unauthorized access. So what it boils down to is that encryption is useful only if no plaintext ever exists on the server side or on the wire. ALL encryption and decryption MUST take place on the client side of the connection. If any plaintext appears on the server or on the wire, encryption is useless, and provides only a false sense of security. All secure e-mail systems, for example, handle encryption and decryption on the client machine exclusively, and all information on the wire and on the server is encrypted at all times. Additionally, secure systems keep all encryption key materials on the client side exclusively; no keys are stored or generated or communicated over the wire or on the server. A side effect of this is that there is no way to keep information required by the server secure. For example, file names cannot be kept secure, since the server must see them in the clear in order to manage the file system; file names must therefore be chosen so as not to compromise file content. > Of course it would be better if encryption is done on > the client side and theoretically it could be transparent > too -- for example NFS client for Windows that crypts > the file data (anybody heard of such?) Note that any system that renders encryption transparent on the client side is also insecure, at least on the client side. In other words, if the encryption and decryption are done automatically by the client, then anyone with physical access to the client has access to the encryption and decryption, and thus access to the data. In many applications, this is perfectly acceptable, of course, but it is important to keep it in mind. If the data must be kept secure even on the client side, then encryption systems must be particularly draconian in their handling of the encryption and decryption functions and their management of keys. Such systems are never transparent--far from it--and always involve input of key material from the individual end user (via passphrases, a floppy with a private key, a smart card containing key material, etc.). To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Jan 27 7:21:34 2002 Delivered-To: freebsd-security@freebsd.org Received: from madcap.netmemetic.com (bb-203-125-131-84.singnet.com.sg [203.125.131.84]) by hub.freebsd.org (Postfix) with ESMTP id 2A78C37B402 for ; Sun, 27 Jan 2002 07:21:33 -0800 (PST) Received: by madcap.netmemetic.com (Postfix, from userid 100) id 490B61C8; Sun, 27 Jan 2002 23:15:01 +0800 (SGT) Date: Sun, 27 Jan 2002 23:15:00 +0800 From: Ng Pheng Siong To: freebsd-security@freebsd.org Subject: OPSEC Linux SDK Message-ID: <20020127231500.A278@madcap.netmemetic.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, Per the subject, has anyone used the OPSEC Linux SDK on FreeBSD? I am told the Nokia IPSO is based on FreeBSD, so I'd imagine the OPSEC SDK "should" work. Just wondering if there are gotcha's and whatnot. TIA. Cheers. -- Ng Pheng Siong * http://www.netmemetic.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Jan 27 12: 9:43 2002 Delivered-To: freebsd-security@freebsd.org Received: from zion.cerastes.org (itsb089.itsnpt.com [208.48.228.89]) by hub.freebsd.org (Postfix) with ESMTP id C652E37B402 for ; Sun, 27 Jan 2002 12:09:36 -0800 (PST) Received: by zion.cerastes.org (Postfix, from userid 1003) id 89A9B4B907; Sun, 27 Jan 2002 15:09:30 -0500 (EST) Date: Sun, 27 Jan 2002 15:09:30 -0500 From: Crotalus Cerastes To: Ng Pheng Siong Cc: freebsd-security@freebsd.org Subject: Re: OPSEC Linux SDK Message-ID: <20020127150930.B12886@cerastes.org> References: <20020127231500.A278@madcap.netmemetic.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="J2SCkAp4GZ/dPZZf" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020127231500.A278@madcap.netmemetic.com>; from ngps@netmemetic.com on Sun, Jan 27, 2002 at 11:15:00PM +0800 Organization: Desert Research X-CourtesyOfThePeopleAt: FreeBSD X-URL: http://www.cerastes.org Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --J2SCkAp4GZ/dPZZf Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable hello all, at the risk of going a little too afield, i've personally found IPSO userland to be much closer to 4.4BSD than any recent freebsd. =20 on a related note, i doubt that IPSO includes the linux compatibility features, given that it is supposed to be a "hardened" kernel. :) although i haven't tried running linux binaries on it. -c * Ng Pheng Siong (ngps@netmemetic.com) wrote: > Hi, >=20 > Per the subject, has anyone used the OPSEC Linux SDK on FreeBSD? >=20 > I am told the Nokia IPSO is based on FreeBSD, so I'd imagine the OPSEC SDK > "should" work. Just wondering if there are gotcha's and whatnot. >=20 > TIA. Cheers. > --=20 > Ng Pheng Siong * http://www.netmemetic.com >=20 >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message --=20 crotalus cerastes And the LORD sent fiery serpents cerastes@cerastes.org among the people, and they bit =20 for gnupg public key, see: the people; and much people of http://www.cerastes.org/ Israel died. -- Numbers 21:6 --J2SCkAp4GZ/dPZZf Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8VF56ThhQtDsQTOwRAlm/AJ9DwDgbLfXLNc6m2E1y1HikKBbHwgCdERjY +NthoTPbHi6uKOGpU1Q3+yE= =pgK1 -----END PGP SIGNATURE----- --J2SCkAp4GZ/dPZZf-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Jan 27 12:16:40 2002 Delivered-To: freebsd-security@freebsd.org Received: from brea.mc.mpls.visi.com (brea.mc.mpls.visi.com [208.42.156.100]) by hub.freebsd.org (Postfix) with ESMTP id A761D37B400 for ; Sun, 27 Jan 2002 12:16:38 -0800 (PST) Received: from sheol.localdomain (hawkeyd-fw.dsl.visi.com [208.42.101.193]) by brea.mc.mpls.visi.com (Postfix) with ESMTP id D70C32DE07B for ; Sun, 27 Jan 2002 14:16:37 -0600 (CST) Received: (from hawkeyd@localhost) by sheol.localdomain (8.11.1/8.11.1) id g0RKGaG02190 for freebsd-security@freebsd.org; Sun, 27 Jan 2002 14:16:36 -0600 (CST) (envelope-from hawkeyd) Date: Sun, 27 Jan 2002 14:16:36 -0600 From: D J Hawkey Jr To: security at FreeBSD Subject: ANNOUNCE: Backported patches for SA-02:08 (exec) now available Message-ID: <20020127141636.A2073@sheol.localdomain> Reply-To: hawkeyd@visi.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello All. I'm pleased to announce that the patch for SA-02:08 (exec race condition) has been backported to FreeBSD releases 4.1-REL, 4.1.1-REL, and 4.2-REL. They are now available at the FreeBSD Backports site: http://www.visi.com/~hawkeyd/freebsd-backports.html I hope they help somebody, Dave PS, Please don't flame me for inappropriate use of this mailing list. I was told this is OK. -- ______________________ ______________________ \__________________ \ D. J. HAWKEY JR. / __________________/ \________________/\ hawkeyd@visi.com /\________________/ http://www.visi.com/~hawkeyd/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Jan 27 14:35:53 2002 Delivered-To: freebsd-security@freebsd.org Received: from walter.dfmm.org (walter.dfmm.org [209.151.233.240]) by hub.freebsd.org (Postfix) with ESMTP id 2EDAA37B417 for ; Sun, 27 Jan 2002 14:35:48 -0800 (PST) Received: (qmail 17486 invoked by uid 1000); 27 Jan 2002 22:35:43 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 27 Jan 2002 22:35:43 -0000 Date: Sun, 27 Jan 2002 14:35:37 -0800 (PST) From: Jason Stone X-X-Sender: To: Cc: peeter kallas Subject: Re: Cryptographic file systems In-Reply-To: <200201271251.g0RCpKX31851@june.tele2.ee> Message-ID: <20020127141053.T6286-100000@walter> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > I'm trying to find cryptographic file system for FreeBSD that suits my > needs, but there seems to be very little to choose from. I've found > only CFS from the ports collection, but it doesn't support multiple > users working on same directory TCFS - transparent crypto file system - like CFS only better, and includes support for sharing of the kind that you seem to need in recent versions. http://tcfs.dia.unisa.it/ FiST cryptfs - FiST (Filesystem Translator) is a project to create an OS-independent language for writing filesystems in - you write the filesystem in FiST and then use fistgen to compile it into a kld for linux, solaris, or freebsd. The distribution comes with a number of reference filesystems, including a cryptfs. http://www.cs.columbia.edu/~ezk/research/fist/ Both of these projects are linux-oriented, but do have some freebsd support. I haven't looked at tcfs recently, but fist will need some hacking just to compile. Once you've got it compiled, the simple filesystems like the rot13fs will work pretty well, but the more complex ones like cryptfs and gzipfs will probablly crash your box - at least they did for me under 0.0.4.1 and 0.0.4.2. FiST is being actively developed, though, and things may be better in the 0.0.5 series. I think that FiST cryptfs is the most promising cryptfs freebsd can expect, so watch its progress. Not wholly applicable to you, but also possibly of interest is SFS, the self-certifying file system. This darpa-funded project provides secure access over the net to your local filesystems (which may or may not be encrypted). http://www.fs.net/ Finally, if nothing else works, you can keep your files in encrypted tarballs (stream them through mcrypt from ports or openssl enc in the base system), then create ramdisk filesystems, unpack the files there, let users work with them, then when you're done, tar and encrypt them again. This is a hideous hack, but it does provide a way to work with your files without ever letting them land un-encrypted on disk. I wrote some scripts to do this years ago, before I discovered cfs. I don't reccommend this, but it does work. -Jason ----------------------------------------------------------------------- I worry about my child and the Internet all the time, even though she's too young to have logged on yet. Here's what I worry about. I worry that 10 or 15 years from now, she will come to me and say "Daddy, where were you when they took freedom of the press away from the Internet?" -- Mike Godwin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: See https://private.idealab.com/public/jason/jason.gpg iD8DBQE8VIC/swXMWWtptckRAttEAJ95E3pE7KaiIgQYiUPAHe98OmsSugCeK7Fq lCmb4h5rciBJYc7qIr4XMJk= =I68s -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Jan 27 15:50:53 2002 Delivered-To: freebsd-security@freebsd.org Received: from storm.FreeBSD.org.uk (storm.FreeBSD.org.uk [194.242.139.170]) by hub.freebsd.org (Postfix) with ESMTP id 55ADC37B417 for ; Sun, 27 Jan 2002 15:50:46 -0800 (PST) Received: (from uucp@localhost) by storm.FreeBSD.org.uk (8.11.6/8.11.6) with UUCP id g0RNojg36899; Sun, 27 Jan 2002 23:50:45 GMT (envelope-from mark@grondar.za) Received: from greenpeace.grondar.org (greenpeace [192.168.42.2]) by gratis.grondar.org (Postfix) with ESMTP id CCC60A7; Sun, 27 Jan 2002 23:49:58 +0000 (GMT) Received: from grondar.za (localhost [127.0.0.1]) by greenpeace.grondar.org (8.11.6/8.11.6) with ESMTP id g0RN0lE37723; Sun, 27 Jan 2002 23:00:48 GMT (envelope-from mark@grondar.za) Message-Id: <200201272300.g0RN0lE37723@greenpeace.grondar.org> To: Dag-Erling Smorgrav Cc: security@FreeBSD.ORG Subject: Re: login(1) PAMification References: In-Reply-To: ; from Dag-Erling Smorgrav "24 Jan 2002 18:46:59 +0100." Date: Sun, 27 Jan 2002 23:00:42 +0000 From: Mark Murray Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > Mark Murray writes: > > There is lots more that PAM modules can do; print out //etc/motd, rootterm(), > > and so on. (Look at pam_securetty()). > > Yeah, but I think this is a fairly good start. Let's see if it works > properly; we can figure out what more to move out later. That works for me :-) M -- o Mark Murray \_ FreeBSD Services Limited O.\_ Warning: this .sig is umop ap!sdn To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jan 28 0: 3:20 2002 Delivered-To: freebsd-security@freebsd.org Received: from straylight.ringlet.net (discworld.nanolink.com [217.75.135.248]) by hub.freebsd.org (Postfix) with SMTP id 72B2037B404 for ; Mon, 28 Jan 2002 00:03:10 -0800 (PST) Received: (qmail 14420 invoked by uid 1000); 28 Jan 2002 08:03:48 -0000 Date: Mon, 28 Jan 2002 10:03:48 +0200 From: Peter Pentchev To: D J Hawkey Jr Cc: security at FreeBSD Subject: Re: ANNOUNCE: Backported patches for SA-02:08 (exec) now available Message-ID: <20020128100347.A283@straylight.oblivion.bg> Mail-Followup-To: D J Hawkey Jr , security at FreeBSD References: <20020127141636.A2073@sheol.localdomain> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020127141636.A2073@sheol.localdomain>; from hawkeyd@visi.com on Sun, Jan 27, 2002 at 02:16:36PM -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sun, Jan 27, 2002 at 02:16:36PM -0600, D J Hawkey Jr wrote: > Hello All. > > I'm pleased to announce that the patch for SA-02:08 (exec race condition) > has been backported to FreeBSD releases 4.1-REL, 4.1.1-REL, and 4.2-REL. > > They are now available at the FreeBSD Backports site: > http://www.visi.com/~hawkeyd/freebsd-backports.html > > I hope they help somebody, > Dave > > PS, Please don't flame me for inappropriate use of this mailing list. > I was told this is OK. It certainly is OK - and thanks for the backports! IMHO, your backports - at least those of the security fixes - would also be appropriate for -announce; I have no idea who approves posts to -announce, but it might be worth asking for opinions on this one.. G'luck, Peter -- I am jealous of the first word in this sentence. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jan 28 1: 9:19 2002 Delivered-To: freebsd-security@freebsd.org Received: from obsecurity.dyndns.org (adsl-63-207-60-131.dsl.lsan03.pacbell.net [63.207.60.131]) by hub.freebsd.org (Postfix) with ESMTP id 5300B37B400; Mon, 28 Jan 2002 01:09:12 -0800 (PST) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 8DC9466C11; Mon, 28 Jan 2002 01:09:11 -0800 (PST) Date: Mon, 28 Jan 2002 01:09:11 -0800 From: Kris Kennaway To: announce@FreeBSD.org, security@FreeBSD.org Subject: Change of FreeBSD Security Officer Message-ID: <20020128010911.A50488@xor.obsecurity.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="Dxnq1zWXvFF0Q93v" Content-Disposition: inline User-Agent: Mutt/1.2.5.1i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --Dxnq1zWXvFF0Q93v Content-Type: text/plain; charset=us-ascii Content-Disposition: inline It's with mixed feelings that I'm announcing my resignation as FreeBSD Security Officer. Over the past few months as my PhD has progressed, my available free time has dropped significantly and it's clear that I no longer have the time to adequately fulfil the duties of security officer. I still intend to remain a FreeBSD commiter and will continue to assist in security matters as my free time allows (Paul, Guido, Warner; is there room down there for another emeritus, or do we need to construct that 10th Circle yet?). The FreeBSD core team has approved Jacques Vidrine as my successor; Jacques has been a member of the FreeBSD Security Officer Team for the last 6 months or so, and has taken charge of managing and releasing advisories for the past few months while I have been busy. I'm confident that FreeBSD security is in good hands with Jacques in charge. As always, the security officer team can be contacted at security-officer@FreeBSD.org. Kris Kennaway --Dxnq1zWXvFF0Q93v Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8VRU2Wry0BWjoQKURAjEcAKCoiU9o8Sf/8dN0kuYtJEWfIX5jSACg0G4h SMNOotihvjhxAMDnN2DG2pc= =9+/u -----END PGP SIGNATURE----- --Dxnq1zWXvFF0Q93v-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jan 28 3:50:31 2002 Delivered-To: freebsd-security@freebsd.org Received: from breg.mc.mpls.visi.com (breg.mc.mpls.visi.com [208.42.156.101]) by hub.freebsd.org (Postfix) with ESMTP id 2718137B400 for ; Mon, 28 Jan 2002 03:50:27 -0800 (PST) Received: from sheol.localdomain (hawkeyd-fw.dsl.visi.com [208.42.101.193]) by breg.mc.mpls.visi.com (Postfix) with ESMTP id 190AE2D0761; Mon, 28 Jan 2002 05:50:26 -0600 (CST) Received: (from hawkeyd@localhost) by sheol.localdomain (8.11.1/8.11.1) id g0SBoEc06476; Mon, 28 Jan 2002 05:50:14 -0600 (CST) (envelope-from hawkeyd) Date: Mon, 28 Jan 2002 05:50:14 -0600 (CST) Message-Id: <200201281150.g0SBoEc06476@sheol.localdomain> Mime-Version: 1.0 X-Newsreader: knews 0.9.8a Reply-To: hawkeyd@visi.com Organization: if (!FIFO) if (!LIFO) break; References: <1011984925.3c51aa1dd5d4d_webmail.vsi.ru@ns.sol.net> In-Reply-To: <1011984925.3c51aa1dd5d4d_webmail.vsi.ru@ns.sol.net> From: hawkeyd@visi.com (D J Hawkey Jr) Subject: Re: FreeBSD-SA-02:08.exec patch for 4.0-RELEASE systems X-Original-Newsgroups: sol.lists.freebsd.security To: oleg@oleg.vsi.ru, freebsd-security@freebsd.org Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In article <1011984925.3c51aa1dd5d4d_webmail.vsi.ru@ns.sol.net>, oleg@oleg.vsi.ru writes: > 4.0-RELEASE systems seems to be affected with problems in this advisory. > > My company use a number of 4.0-RELEASE systems that are not upgradable for some > reasons. So I wrote a patch for these systems (below). Can anybody tell me, are > these changes in code sufficient to avoid problems listed in advisory ? Looks quite similar to the backported patches I made for 4.1-REL, 4.1.1-REL, and 4.2-REL. I'm not an expert, but it (and they) should work as advertised. Neither of us hacked the CHECKIO() macro found in 4.3-REL:/sys/miscfs/procfs/procfs.h into the older code, but I think we're still OK. Actually, from what I could see, the patch to that macro is redundant, but pro'lly a good idea as the code moves forward; (p->p_flag & P_INEXEC) will be one less thing to have to remember. > Index: sys/kern/kern_exec.c > diff -u sys/kern/kern_exec.c.orig sys/kern/kern_exec.c > > [SNIP] Thanks, Dave -- Windows: "Where do you want to go today?" Linux: "Where do you want to go tomorrow?" FreeBSD: "Are you guys coming, or what?" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jan 28 4:25:12 2002 Delivered-To: freebsd-security@freebsd.org Received: from mndr.com (dsl081-091-099.lax1.dsl.speakeasy.net [64.81.91.99]) by hub.freebsd.org (Postfix) with ESMTP id 0FA2937B402 for ; Mon, 28 Jan 2002 04:25:09 -0800 (PST) Received: from debussy.paladincorp.com.au (paladincorp.com.au [203.164.10.230]) by mndr.com (8.12.1/8.12.1) with ESMTP id g0SCP5Or039515; Mon, 28 Jan 2002 04:25:06 -0800 (PST) Received: from wagner.paladincorp.com.au (wagner.paladincorp.com.au [192.168.0.6]) by debussy.paladincorp.com.au (8.11.6/8.10.1) with ESMTP id g0SCP4x90817; Mon, 28 Jan 2002 23:25:04 +1100 (EST) Date: Mon, 28 Jan 2002 23:25:05 +1100 (EST) From: torqumada@paladincorp.com.au To: Kris Kennaway Cc: security@FreeBSD.org Subject: Re: Change of FreeBSD Security Officer In-Reply-To: <20020128010911.A50488@xor.obsecurity.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, 28 Jan 2002, Kris Kennaway wrote: Dear Kris, thank you for the excellent efforts, we certainly do appreciate them very much. Hope your PhD goes well, Peace > It's with mixed feelings that I'm announcing my resignation as FreeBSD > Security Officer. Over the past few months as my PhD has progressed, > my available free time has dropped significantly and it's clear that > I no longer have the time to adequately fulfil the duties of security /Torqumada -- Paladin Corporation Pty Ltd. Ph:+612 9835-4782 Fax:+612 9864-0487 Software Engineering: c/c++/perl/sql/eiffel/pascal/haskell/php/java Powered by FreeBSD/SMP http://www.paladincorp.com.au/ The lyf so short, the craft so long to lerne - Chaucer When I die, don't cry for me; just sing a Song and laugh. Torq/2001. As a computing professional, I believe it would be unethical for me to advise, recommend, or support the use (save possibly for personal amusement) of any product that is or depends on any Microsoft product. k To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jan 28 5:25:53 2002 Delivered-To: freebsd-security@freebsd.org Received: from I-Sphere.COM (shell.i-sphere.com [209.249.146.70]) by hub.freebsd.org (Postfix) with ESMTP id 1A51137B416 for ; Mon, 28 Jan 2002 05:25:48 -0800 (PST) Received: (from fasty@localhost) by I-Sphere.COM (8.11.6/8.11.6) id g0SDQ9O40237; Mon, 28 Jan 2002 05:26:09 -0800 (PST) (envelope-from fasty) Date: Mon, 28 Jan 2002 05:26:09 -0800 From: faSty To: Kris Kennaway Cc: freebsd-security@freebsd.org Subject: Re: Change of FreeBSD Security Officer Message-ID: <20020128052609.A40183@i-sphere.com> References: <20020128010911.A50488@xor.obsecurity.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020128010911.A50488@xor.obsecurity.org>; from kris@obsecurity.org on Mon, Jan 28, 2002 at 01:09:11AM -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Kris, thank you for your efforts, and wish your good luck with your PhD. -fasty On Mon, Jan 28, 2002 at 01:09:11AM -0800, Kris Kennaway wrote: > It's with mixed feelings that I'm announcing my resignation as FreeBSD > Security Officer. Over the past few months as my PhD has progressed, > my available free time has dropped significantly and it's clear that > I no longer have the time to adequately fulfil the duties of security > officer. I still intend to remain a FreeBSD commiter and will > continue to assist in security matters as my free time allows (Paul, > Guido, Warner; is there room down there for another emeritus, or do we > need to construct that 10th Circle yet?). > > The FreeBSD core team has approved Jacques Vidrine > as my successor; Jacques has been a member of the > FreeBSD Security Officer Team for the last 6 months or so, and has > taken charge of managing and releasing advisories for the past few > months while I have been busy. I'm confident that FreeBSD security is > in good hands with Jacques in charge. > > As always, the security officer team can be contacted at > security-officer@FreeBSD.org. > > Kris Kennaway -- The only way to get rid of a temptation is to yield to it. -- Oscar Wilde To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jan 28 7:20:38 2002 Delivered-To: freebsd-security@freebsd.org Received: from dc.cis.okstate.edu (dc.cis.okstate.edu [139.78.100.219]) by hub.freebsd.org (Postfix) with ESMTP id D6BF437B404 for ; Mon, 28 Jan 2002 07:20:35 -0800 (PST) Received: from dc.cis.okstate.edu (localhost.cis.okstate.edu [127.0.0.1]) by dc.cis.okstate.edu (8.11.6/8.11.3) with ESMTP id g0SFKZM99969 for ; Mon, 28 Jan 2002 09:20:35 -0600 (CST) (envelope-from martin@dc.cis.okstate.edu) Message-Id: <200201281520.g0SFKZM99969@dc.cis.okstate.edu> To: freebsd-security@freebsd.org Subject: Controlling Cron Logging Date: Mon, 28 Jan 2002 09:20:35 -0600 From: Martin McCormick Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I have a syslog file which is set up to log as follows: *.info;auth.info;mail.warning /var/log/syslog That appears to work well. Now, I wanted to refine things a bit and not see cron logging there so I uncommented the line in /etc/syslog.conf which now looks like: cron.* /var/log/cron That now sends the cron messages to the file /var/log/cron like it should. Is there any way I can cause the cron messages to stop going to syslog while leaving it wide open for anything but cron? Cron is chatty enough that I would like to confine its reports every minute on the minute to one file. Thank you Martin McCormick OSU Center for Computing and Information services Network Operations Group To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jan 28 7:27:56 2002 Delivered-To: freebsd-security@freebsd.org Received: from pi.yip.org (pi.yip.org [199.45.111.121]) by hub.freebsd.org (Postfix) with ESMTP id 26E0E37B402 for ; Mon, 28 Jan 2002 07:27:49 -0800 (PST) Received: (from melange@localhost) by pi.yip.org (8.11.3/8.11.3) id g0SFRjZ54673; Mon, 28 Jan 2002 10:27:45 -0500 (EST) (envelope-from melange@yip.org) Date: Mon, 28 Jan 2002 10:27:45 -0500 From: Bob K To: Martin McCormick Cc: freebsd-security@FreeBSD.ORG Subject: Re: Controlling Cron Logging Message-ID: <20020128102745.J454@yip.org> References: <200201281520.g0SFKZM99969@dc.cis.okstate.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200201281520.g0SFKZM99969@dc.cis.okstate.edu>; from martin@dc.cis.okstate.edu on Mon, Jan 28, 2002 at 09:20:35AM -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, Jan 28, 2002 at 09:20:35AM -0600, Martin McCormick wrote: > I have a syslog file which is set up to log as follows: > > *.info;auth.info;mail.warning /var/log/syslog > > That appears to work well. Now, I wanted to refine > things a bit and not see cron logging there so I uncommented the > line in /etc/syslog.conf which now looks like: > > cron.* /var/log/cron > > That now sends the cron messages to the file > /var/log/cron like it should. Is there any way I can cause the > cron messages to stop going to syslog while leaving it wide open > for anything but cron? Changing this line: > *.info;auth.info;mail.warning /var/log/syslog so it looks like this: > *.info;auth.info;mail.warning;cron.none /var/log/syslog should, in theory, have the effect you seek. -- Bob | Please don't feed the sock puppet. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jan 28 9:43:34 2002 Delivered-To: freebsd-security@freebsd.org Received: from upeople.iserver.net (upeople.iserver.net [128.121.116.62]) by hub.freebsd.org (Postfix) with ESMTP id 871F137B417 for ; Mon, 28 Jan 2002 09:43:28 -0800 (PST) Received: from mesa.unixan.com (djb@mesa.dsl.unixan.com [206.124.137.18]) by upeople.iserver.net (8.11.6) id g0SHhRN35468; Mon, 28 Jan 2002 10:43:27 -0700 (MST) Date: Mon, 28 Jan 2002 09:43:23 -0800 From: Daniel Brown To: freebsd-security@FreeBSD.ORG Cc: martin@dc.cis.okstate.edu Subject: Re: Controlling Cron Logging Message-Id: <20020128094323.5e3a6768.djb@unixan.com> In-Reply-To: <20020128102745.J454@yip.org> References: <200201281520.g0SFKZM99969@dc.cis.okstate.edu> <20020128102745.J454@yip.org> X-Mailer: Sylpheed version 0.6.5 (GTK+ 1.2.10; i686-pc-linux-gnu) X-Face: ".E)>Dp:mHJC%;_j&|O(iET^Y#v)'R,3Th)?un#2[`x7J&@ClPD0?MlzHBP61gci=t1G!Jf8V9r+nMFv:GX&}5R2YZ@lzKO_S5,^.!^<^OijwA[0*`cfC'.Ft7-qcuK4^-Cu X-Frustrated-Since: 999302400 Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org It may not be wise to entirely remove cron from /var/log/syslog. If something serious occurs and cron complains about it, generally it should still be logged to /var/log/syslog so it will not be overlooked. Try: *.info;auth.info;mail.warning;cron.warning /var/log/syslog -Daniel ------------ Quoted Message ------------ Date...: Mon, 28 Jan 2002 10:27:45 -0500 From...: Bob K To.....: Martin McCormick Subject: Re: Controlling Cron Logging On Mon, Jan 28, 2002 at 09:20:35AM -0600, Martin McCormick wrote: > I have a syslog file which is set up to log as follows: > > *.info;auth.info;mail.warning /var/log/syslog > > That appears to work well. Now, I wanted to refine > things a bit and not see cron logging there so I uncommented the > line in /etc/syslog.conf which now looks like: > > cron.* /var/log/cron > > That now sends the cron messages to the file > /var/log/cron like it should. Is there any way I can cause the > cron messages to stop going to syslog while leaving it wide open > for anything but cron? Changing this line: > *.info;auth.info;mail.warning /var/log/syslog so it looks like this: > *.info;auth.info;mail.warning;cron.none /var/log/syslog should, in theory, have the effect you seek. -- Bob | Please don't feed the sock puppet. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jan 28 12: 3:45 2002 Delivered-To: freebsd-security@freebsd.org Received: from dc.cis.okstate.edu (dc.cis.okstate.edu [139.78.100.219]) by hub.freebsd.org (Postfix) with ESMTP id 5455C37B404 for ; Mon, 28 Jan 2002 12:03:40 -0800 (PST) Received: from dc.cis.okstate.edu (localhost.cis.okstate.edu [127.0.0.1]) by dc.cis.okstate.edu (8.11.6/8.11.3) with ESMTP id g0SK3cM24648 for ; Mon, 28 Jan 2002 14:03:39 -0600 (CST) (envelope-from martin@dc.cis.okstate.edu) Message-Id: <200201282003.g0SK3cM24648@dc.cis.okstate.edu> To: freebsd-security@FreeBSD.ORG Subject: Re: Controlling Cron Logging Date: Mon, 28 Jan 2002 14:03:38 -0600 From: Martin McCormick Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Daniel Brown writes: >It may not be wise to entirely remove cron from /var/log/syslog. If >something serious occurs and cron complains about it, generally it >should still be logged to /var/log/syslog so it will not be overlooked. Good point. >Try: > >*.info;auth.info;mail.warning;cron.warning /var/log/syslog This is fine, now. I did try the *.info;auth.info;mail.warning;cron.none /var/log/syslog directive and an odd thing happened. The effect was as if that whole line had been removed or commented out. All logging to syslog stopped but the /var/log/cron file did continue to receive cron reports. I went back and re-read the syslog.conf man page and it may well be that the none action modifies all the facilities designated on that line and separated by ;'s. The more I look at that man page, the more I am not sure if we've got a bug on our hands or not. The cron.warning directive, however, did get the behavior I was looking for. It is good to have the routine activity in a log, but I am glad to know that if there is a real problem, it will show up in syslog. Many thanks to each of you. Martin McCormick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jan 28 13:22:17 2002 Delivered-To: freebsd-security@freebsd.org Received: from mordred.punk.net (mordred.punk.net [216.218.194.216]) by hub.freebsd.org (Postfix) with ESMTP id 6B2F937B402 for ; Mon, 28 Jan 2002 13:22:13 -0800 (PST) Received: (from marc@localhost) by mordred.punk.net (8.11.6/8.11.6) id g0SLM6C64833 for freebsd-security@FreeBSD.ORG; Mon, 28 Jan 2002 13:22:06 -0800 (PST) (envelope-from marc) Date: Mon, 28 Jan 2002 13:22:06 -0800 From: "D. Marc Stearman" To: freebsd-security@FreeBSD.ORG Subject: Re: suidperl Message-ID: <20020128132206.A64775@mordred.punk.net> References: <077f01c19b41$7cf205a0$6500a8c0@halenet.com.au> <20020112204404.A455@raven.robbins.dropbear.id.au> <20020113002822.GA28482@spoon.pkl.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020113002822.GA28482@spoon.pkl.net>; from freebsd-security@rikrose.net on Sun, Jan 13, 2002 at 12:28:22AM +0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org openwebmail is one application that uses suidperl. If you ever need an application to be setuid, you can either use suidperl, or write a c-wrapper around your perl script and have the c-progrm be setuid. It just another option for flexibility. -Marc Rik said: > Which raises the question, what use is suidperl without the suid bit? I > can't recall ever having used it, and I can't recall any scripts I know > of that use it... so, uhm, what's the point? > > rik > -- > PGP Key: D2729A3F - Keyserver: wwwkeys.uk.pgp.net - rich at rdrose dot org > Key fingerprint = 5EB1 4C63 9FAD D87B 854C 3DED 1408 ED77 D272 9A3F > Public key also encoded with outguess on http://rikrose.net > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- D. Marc Stearman -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- The Shadow There are no happy endings because nothing ever ends -Schmendrick the Magician- marc@mordred.punk.net -=-=-=-=-=-=-=- http://mordred.punk.net/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jan 28 14:33:45 2002 Delivered-To: freebsd-security@freebsd.org Received: from lily.ezo.net (lily.ezo.net [206.102.130.13]) by hub.freebsd.org (Postfix) with ESMTP id 5174E37B402 for ; Mon, 28 Jan 2002 14:33:42 -0800 (PST) Received: from newpeony.ezo.net (newpeony.ezo.net [206.102.130.9]) by lily.ezo.net (8.11.6/8.11.6) with ESMTP id g0SMXbV87439; Mon, 28 Jan 2002 17:33:37 -0500 (EST) (envelope-from jflowers@ezo.net) From: "Jim Flowers" To: "D. Marc Stearman" , freebsd-security@FreeBSD.ORG Subject: Re: suidperl Date: Mon, 28 Jan 2002 17:34:00 -500 Message-Id: <20020128173400.M51035@ezo.net> In-Reply-To: <20020128132206.A64775@mordred.punk.net> References: <077f01c19b41$7cf205a0$6500a8c0@halenet.com.au> <20020112204404.A455@raven.robbins.dropbear.id.au> <20020113002822.GA28482@spoon.pkl.net> <20020128132206.A64775@mordred.punk.net> X-Mailer: Open WebMail 1.60 20020125 X-OriginatingIP: 24.93.230.119 (jflowers) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org And while OWM works well enough with perl5.00503 with either suidperl or perl with suid compiled in to allow changing passwords, it does not work with perl5.6 as it refuses to lock or open master.passwd. > openwebmail is one application that uses suidperl. > > If you ever need an application to be setuid, you can either > use suidperl, or write a c-wrapper around your perl script > and have the c-progrm be setuid. It just another option for > flexibility. > > -Marc > > Rik said: > > Which raises the question, what use is suidperl without the suid bit? I > > can't recall ever having used it, and I can't recall any scripts I know > > of that use it... so, uhm, what's the point? > > > > rik Jim Flowers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jan 29 2:17: 6 2002 Delivered-To: freebsd-security@freebsd.org Received: from relay2.agava.net.ru (ofc.agava.net [217.106.235.141]) by hub.freebsd.org (Postfix) with ESMTP id F01DD37B41D for ; Tue, 29 Jan 2002 02:17:00 -0800 (PST) Received: from hellbell.domain (hellbell.domain [192.168.1.12]) by relay2.agava.net.ru (Postfix) with ESMTP id E63BB66BC5 for ; Tue, 29 Jan 2002 13:16:53 +0300 (MSK) Received: from localhost (localhost [127.0.0.1]) by hellbell.domain (Postfix) with ESMTP id A5DEECD12 for ; Tue, 29 Jan 2002 13:16:53 +0300 (MSK) Date: Tue, 29 Jan 2002 13:16:53 +0300 (MSK) From: Alexey Zakirov X-X-Sender: To: Subject: Re: Cryptographic file systems In-Reply-To: <20020127141053.T6286-100000@walter> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sun, 27 Jan 2002, Jason Stone wrote: > did for me under 0.0.4.1 and 0.0.4.2. FiST is being actively developed, > though, and things may be better in the 0.0.5 series. I think that FiST > cryptfs is the most promising cryptfs freebsd can expect, so watch its > progress. There is also a nice project based on vn(4) driver. It's pretty robust and stable: http://vncrypt.sourceforge.net/ ======================================================= This is cryptographic disk driver for FreeBSD. It provides transparent encryption and decryption of selected devices. It is based on vn(4). ======================================================= *** WBR, Alexey Zakirov (frank@agava.com) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jan 30 14:57:24 2002 Delivered-To: freebsd-security@freebsd.org Received: from dmmta-2000-2.dmmta.com (metro145.dmmta.com [216.81.154.145]) by hub.freebsd.org (Postfix) with ESMTP id 66D4A37B402; Wed, 30 Jan 2002 14:56:59 -0800 (PST) Received: from smtp-gw-4.msn.com ([65.71.104.185]) by dmmta-2000-2.dmmta.com with Microsoft SMTPSVC(5.0.2195.1600); Wed, 30 Jan 2002 16:56:51 -0600 Message-ID: <00005bbd61ca$000034a0$00001835@smtp-gw-4.msn.com> To: From: lisa_seeeonline3@msn.com Subject: I WANT YOU SO BAD (FREE) 13822 Date: Wed, 30 Jan 2002 16:59:52 -2000 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit Reply-To: lia_semeonline999@yahoo.com X-OriginalArrivalTime: 30 Jan 2002 22:56:52.0792 (UTC) FILETIME=[686EEB80:01C1A9E1] Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org F R E E F R E E F R E E F R E E F R E E F R E E F R E E F R E E F R E E F R E E F R E E F R E E COME FUCK MY JUICY WET HOLE http://cumageddon.com/?r=first&p=e I WISH THIS BIG DILDO WAS REALLY YOUR HUGE COCK http://hardcorepleasures.net/?r=second&p=e I'M TIRES OF FINGERING MYSELF. I NEED YOUR HUGE COCK NOW. http://smoothai.com/?r=third&p=e F R E E F R E E F R E E F R E E F R E E F R E E F R E E F R E E F R E E F R E E F R E E F R E E F R E E F R E E F R E E F R E E To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jan 30 16:24:12 2002 Delivered-To: freebsd-security@freebsd.org Received: from cleitus.hosting.swbell.net (cleitus.hosting.swbell.net [216.100.99.4]) by hub.freebsd.org (Postfix) with ESMTP id 9F85A37B432 for ; Wed, 30 Jan 2002 16:22:01 -0800 (PST) Received: from pti-inc.com (ppp-64-216-223-240.dialup.stlsmo.swbell.net [64.216.223.240]) by cleitus.hosting.swbell.net id TAA07663; Wed, 30 Jan 2002 19:22:00 -0500 (EST) [ConcentricHost SMTP Relay 1.14] Message-ID: <200201310022.TAA07663@cleitus.hosting.swbell.net> Date: 30 Jan 02 16:33:22 -0600 From: "Heather Wilson" To: Subject: Adv: MEMS and Semiconductor Training Courses Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org PTI Seminars is presenting the following courses for semiconductor personnel.... For more details call 636-343-1333 and ask for Heather Wilson. http://www.ptiseminars.com FUNDAMENTALS of MEMS DESIGN & FABRICATION April 10,2002 San Jose, CA July 24,2002 San Francisco, CA This course covers: MEMS Fabrication Surface Micromachining Bulk Micromachining MEMS Design Micromechanics & Electrostatics MEMS Applications Accelerometers & Gyros Micro Optics Fiber Switches Projection Displays Wireless Sensor Networks CAD for MEMS ___________________________________________________ INTRO to OPTICAL MEMS (For Bio-Sensing & Communications) April 11, 2002 San Jose, CA Course Covers: MEMS Overview MEMS Applications Micromachining Processes Micromachining Materials Micromachining Modeling ___________________________________________________ ABCs of IC DESIGN & FABRICATION February 20, 2002 San Jose, CA March 11, 2002 Portland, OR March 18, 2002 Singapore April 9, 2002 Boston, MA April 19, 2002 Munich, Germany April 30, 2002 Phoenix, AZ This course describes in simple terms a sequential format of information that constitutes the major fabrication processes and design for integrated devices. This one (1) day seminar gives you a comprehensive overview of the semiconductor industry & technology. The course will give you the background you need to understand the basics of semiconductor devices, how they work, the processing technologies & equipment to produce them, and circuit design techniques. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ABCs of BASIC ELECTRONICS AND DEVICES March 18, 2002 San Jose, CA ADVANCED TOPICS IN CMP Chemical Mechanical Planarization March 21-22, 2002 San Jose, CA DEFECT ISOLATION for MULTI LEVEL FAILURE ANALYSIS March 25-26, 2002 San Jose, CA DEVICE PHYSICS MADE EASY April 8, 2002 San Jose, CA Fundamentals of CHEMICAL MECHANICAL PROCESSING March 6, 2002 San Jose, CA Fundamentals of CHEMICAL VAPOR DEPOSITION April 3, 2002 San Jose, CA Fundamentals of ION IMPLANTATION April 2, 2002 San Jose, CA Fundamentals of MEMS DESIGN & FABRICATION April 10, 2002 San Jose, CA July 24, 2002 San Francisco, CA Fundamentals of METALLIZATION April 4, 2002 San Jose, CA Fundamental RF Plasma Generation for Semiconductor Equipment April 4, 2002 San Jose, CA July 24-25, 2002 San Francisco, CA Fundamentals of WET & DRY ETCH March 7, 2002 San Jose, CA Fundamentals of PHOTOLITHOGRAPHY March 19, 2002 San Jose, CA Fundamentals of THERMAL PROCESSING March 12, 2002 San Jose, CA INTELLECTUAL PROPERTY STRATEGIES for SEMICONDUCTOR INDUSTRY COMPANIES February 18-19, 2002 San Jose, CA July 24-25, 2002 San Francisco, CA Intro to CMOS LAYOUT May 6-7, 2002 San Jose, CA Intro to Optical MEMS for Bio Sensing and Communications April 11, 2002 San Jose, CA INTEGRATED YIELD MANAGEMENT March 4-5, 2002 San Jose, CA April 18-19, 2002 Munich, Germany May 6-7, 2002 Singapore Intro to STATISTICAL PROCESSING CONTROL (SPC) April 9, 2002 San Jose, CA Intro to FLIP CHIP, WLCSP and MICROVIA TECHNOLOGIES April 8, 2002 San Jose, CA April 15, 2002 Munich, Germany May 6, 2002 Singapore July 19, 2002 San Francisco, CA PRODUCT MARKETING for the Semiconductor Industry February 27, 2002 San Jose, CA April 18, 2002 Munich, Germany RF WIRELESS FUNDAMENTALS February 25-26, 2002 San Jose, CA CHECK OUR WEB SITE FOR ADDITIONAL COURSES !! http://www.ptiseminars.com For a FULL TRAINING SCHEDULE of "open" course dates visit http://www.pti-inc.com/schedule.htm TO REGISTER Go To https://secure.hosting.swbell.net/www.pti-inc.com/registration.html TO SPEAK: * to an account manager about ATTENDING these courses or having them ONSITE contact us at (636) 343-1333 in the USA. Ask for HEATHER WILSON. * Fax (636) 343-8642 * Email: heather@pti-inc.com PTI SEMINARS, INC. "We Exceed Your Expectations!" * To unsubscribe please reply to heather@pti-inc.com and in the subject "Unsubscribe". We apologize for any inconvenience. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jan 31 7:36:45 2002 Delivered-To: freebsd-security@freebsd.org Received: from breg.mc.mpls.visi.com (breg.mc.mpls.visi.com [208.42.156.101]) by hub.freebsd.org (Postfix) with ESMTP id AB5E437B404 for ; Thu, 31 Jan 2002 07:36:38 -0800 (PST) Received: from sheol.localdomain (hawkeyd-fw.dsl.visi.com [208.42.101.193]) by breg.mc.mpls.visi.com (Postfix) with ESMTP id A6C482D05FE for ; Thu, 31 Jan 2002 09:36:37 -0600 (CST) Received: (from hawkeyd@localhost) by sheol.localdomain (8.11.1/8.11.1) id g0VFaa900660 for freebsd-security@freebsd.org; Thu, 31 Jan 2002 09:36:36 -0600 (CST) (envelope-from hawkeyd) Date: Thu, 31 Jan 2002 09:36:30 -0600 From: D J Hawkey Jr To: security at FreeBSD Subject: OpenSSH protocol 1 in FBSD 4.5-REL Message-ID: <20020131093630.A645@sheol.localdomain> Reply-To: hawkeyd@visi.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi All. Sorry if this has been covered, but I didn't see the answer in the archives. Did the security hole(s) in OpenSSH protocol 1 get fixed for the release of FreeBSD 4.5? TIA, Dave -- ______________________ ______________________ \__________________ \ D. J. HAWKEY JR. / __________________/ \________________/\ hawkeyd@visi.com /\________________/ http://www.visi.com/~hawkeyd/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jan 31 7:59:53 2002 Delivered-To: freebsd-security@freebsd.org Received: from radix.cryptio.net (radix.cryptio.net [199.181.107.213]) by hub.freebsd.org (Postfix) with ESMTP id 7D02737B41B for ; Thu, 31 Jan 2002 07:59:39 -0800 (PST) Received: (from emechler@localhost) by radix.cryptio.net (8.11.6/8.11.6) id g0VFxcL37131; Thu, 31 Jan 2002 07:59:38 -0800 (PST) (envelope-from emechler) Date: Thu, 31 Jan 2002 07:59:38 -0800 From: Erick Mechler To: D J Hawkey Jr Cc: freebsd-security@FreeBSD.ORG Subject: Re: OpenSSH protocol 1 in FBSD 4.5-REL Message-ID: <20020131075937.Y1050@techometer.net> References: <20020131093630.A645@sheol.localdomain> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020131093630.A645@sheol.localdomain>; from D J Hawkey Jr on Thu, Jan 31, 2002 at 09:36:30AM -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Both bugs were fixed in the RELENG_4 branch, which is what 4.5-RELEASE has become. Cheers - Erick At Thu, Jan 31, 2002 at 09:36:30AM -0600, D J Hawkey Jr said this: :: Hi All. Sorry if this has been covered, but I didn't see the answer in the :: archives. :: :: Did the security hole(s) in OpenSSH protocol 1 get fixed for the release :: of FreeBSD 4.5? :: :: TIA, :: Dave :: :: -- :: ______________________ ______________________ :: \__________________ \ D. J. HAWKEY JR. / __________________/ :: \________________/\ hawkeyd@visi.com /\________________/ :: http://www.visi.com/~hawkeyd/ :: :: :: To Unsubscribe: send mail to majordomo@FreeBSD.org :: with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jan 31 8: 3:10 2002 Delivered-To: freebsd-security@freebsd.org Received: from brea.mc.mpls.visi.com (brea.mc.mpls.visi.com [208.42.156.100]) by hub.freebsd.org (Postfix) with ESMTP id EA55837B41E for ; Thu, 31 Jan 2002 08:02:59 -0800 (PST) Received: from sheol.localdomain (hawkeyd-fw.dsl.visi.com [208.42.101.193]) by brea.mc.mpls.visi.com (Postfix) with ESMTP id 0CB892DE1D1; Thu, 31 Jan 2002 10:02:59 -0600 (CST) Received: (from hawkeyd@localhost) by sheol.localdomain (8.11.1/8.11.1) id g0VG2wa00823; Thu, 31 Jan 2002 10:02:58 -0600 (CST) (envelope-from hawkeyd) Date: Thu, 31 Jan 2002 10:02:58 -0600 From: D J Hawkey Jr To: David Rhodus , security at FreeBSD Subject: Re: OpenSSH protocol 1 in FBSD 4.5-REL Message-ID: <20020131100258.A750@sheol.localdomain> Reply-To: hawkeyd@visi.com References: <20020131093630.A645@sheol.localdomain> <08d301c1aa6e$4548d4d0$1506810a@asgidavid> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <08d301c1aa6e$4548d4d0$1506810a@asgidavid>; from sdrhodus@sekurity.net on Thu, Jan 31, 2002 at 10:45:12AM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Jan 31, at 10:45 AM, David Rhodus wrote: > > Yes, that has been fixed. Cool. I have several boxes whose SSH doesn't (and cant!) do protocol 2. One final Q: If those boxes uses ISC's SSH protocol 1 to connect to my 4.5-REL box, is the connection secure [against man-in-the-middle, etc.] attacks? I do understand that those boxes are vulnerable to incoming protocol 1 attacks, but they don't run the daemon, they only do outgoing connections. Thanks again, Dave -- ______________________ ______________________ \__________________ \ D. J. HAWKEY JR. / __________________/ \________________/\ hawkeyd@visi.com /\________________/ http://www.visi.com/~hawkeyd/ > ----- Original Message ----- > From: "D J Hawkey Jr" > To: "security at FreeBSD" > Sent: Thursday, January 31, 2002 10:36 AM > Subject: OpenSSH protocol 1 in FBSD 4.5-REL > > > Hi All. Sorry if this has been covered, but I didn't see the answer in the > > archives. > > > > Did the security hole(s) in OpenSSH protocol 1 get fixed for the release > > of FreeBSD 4.5? > > > > TIA, > > Dave > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jan 31 10:25:57 2002 Delivered-To: freebsd-security@freebsd.org Received: from veldy.net (veldy-host33.dsl.visi.com [209.98.200.33]) by hub.freebsd.org (Postfix) with ESMTP id 7AFB237B416 for ; Thu, 31 Jan 2002 10:25:53 -0800 (PST) Received: from HP2500B (localhost.veldy.net [127.0.0.1]) by veldy.net (Postfix) with SMTP id B47CD1A181; Thu, 31 Jan 2002 12:25:51 -0600 (CST) Message-ID: <006501c1aa84$80b86e20$3028680a@tgt.com> From: "Thomas T. Veldhouse" To: , "security at FreeBSD" References: <20020131093630.A645@sheol.localdomain> Subject: Re: OpenSSH protocol 1 in FBSD 4.5-REL Date: Thu, 31 Jan 2002 12:24:19 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-Mimeole: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Yes, as per /usr/src/UPDATING. Tom Veldhouse veldy@veldy.net ----- Original Message ----- From: "D J Hawkey Jr" To: "security at FreeBSD" Sent: Thursday, January 31, 2002 9:36 AM Subject: OpenSSH protocol 1 in FBSD 4.5-REL > Hi All. Sorry if this has been covered, but I didn't see the answer in the > archives. > > Did the security hole(s) in OpenSSH protocol 1 get fixed for the release > of FreeBSD 4.5? > > TIA, > Dave > > -- > ______________________ ______________________ > \__________________ \ D. J. HAWKEY JR. / __________________/ > \________________/\ hawkeyd@visi.com /\________________/ > http://www.visi.com/~hawkeyd/ > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jan 31 10:41:20 2002 Delivered-To: freebsd-security@freebsd.org Received: from brea.mc.mpls.visi.com (brea.mc.mpls.visi.com [208.42.156.100]) by hub.freebsd.org (Postfix) with ESMTP id 1ABC737B400 for ; Thu, 31 Jan 2002 10:41:18 -0800 (PST) Received: from sheol.localdomain (hawkeyd-fw.dsl.visi.com [208.42.101.193]) by brea.mc.mpls.visi.com (Postfix) with ESMTP id B92E32DE407; Thu, 31 Jan 2002 12:41:16 -0600 (CST) Received: (from hawkeyd@localhost) by sheol.localdomain (8.11.1/8.11.1) id g0VIf8701486; Thu, 31 Jan 2002 12:41:08 -0600 (CST) (envelope-from hawkeyd) Date: Thu, 31 Jan 2002 12:41:08 -0600 From: D J Hawkey Jr To: "Thomas T. Veldhouse" Cc: security at FreeBSD Subject: Re: OpenSSH protocol 1 in FBSD 4.5-REL Message-ID: <20020131124108.A1453@sheol.localdomain> Reply-To: hawkeyd@visi.com References: <20020131093630.A645@sheol.localdomain> <006501c1aa84$80b86e20$3028680a@tgt.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <006501c1aa84$80b86e20$3028680a@tgt.com>; from veldy@veldy.net on Thu, Jan 31, 2002 at 12:24:19PM -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Jan 31, at 12:24 PM, Thomas T. Veldhouse wrote: > > Yes, as per /usr/src/UPDATING. I haven't installed 4.5 yet, so I haven't read it yet. > Tom Veldhouse > veldy@veldy.net Thanks, though, Dave -- ______________________ ______________________ \__________________ \ D. J. HAWKEY JR. / __________________/ \________________/\ hawkeyd@visi.com /\________________/ http://www.visi.com/~hawkeyd/ > ----- Original Message ----- > From: "D J Hawkey Jr" > To: "security at FreeBSD" > Sent: Thursday, January 31, 2002 9:36 AM > Subject: OpenSSH protocol 1 in FBSD 4.5-REL > > > > Hi All. Sorry if this has been covered, but I didn't see the answer in the > > archives. > > > > Did the security hole(s) in OpenSSH protocol 1 get fixed for the release > > of FreeBSD 4.5? > > > > TIA, > > Dave > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jan 31 11: 5: 0 2002 Delivered-To: freebsd-security@freebsd.org Received: from mta03-svc.ntlworld.com (mta03-svc.ntlworld.com [62.253.162.43]) by hub.freebsd.org (Postfix) with ESMTP id BF36837B402 for ; Thu, 31 Jan 2002 11:04:56 -0800 (PST) Received: from hukins.hn.org ([62.253.89.38]) by mta03-svc.ntlworld.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with SMTP id <20020131190454.BXHE26285.mta03-svc.ntlworld.com@hukins.hn.org> for ; Thu, 31 Jan 2002 19:04:54 +0000 Received: (qmail 96709 invoked by uid 1001); 31 Jan 2002 19:04:54 -0000 Date: Thu, 31 Jan 2002 19:04:54 +0000 From: Tom Hukins To: D J Hawkey Jr Cc: "Thomas T. Veldhouse" , security at FreeBSD Subject: Re: OpenSSH protocol 1 in FBSD 4.5-REL Message-ID: <20020131190454.A96671@eborcom.com> Mail-Followup-To: Tom Hukins , D J Hawkey Jr , "Thomas T. Veldhouse" , security at FreeBSD References: <20020131093630.A645@sheol.localdomain> <006501c1aa84$80b86e20$3028680a@tgt.com> <20020131124108.A1453@sheol.localdomain> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020131124108.A1453@sheol.localdomain>; from hawkeyd@visi.com on Thu, Jan 31, 2002 at 12:41:08PM -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, Jan 31, 2002 at 12:41:08PM -0600, D J Hawkey Jr wrote: > On Jan 31, at 12:24 PM, Thomas T. Veldhouse wrote: > > > > Yes, as per /usr/src/UPDATING. > > I haven't installed 4.5 yet, so I haven't read it yet. You can always use http://cvsweb.FreeBSD.org/ to find files in any version of FreeBSD. In this case, see: http://www.freebsd.org/cgi/cvsweb.cgi/src/UPDATING Tom To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jan 31 11: 7:28 2002 Delivered-To: freebsd-security@freebsd.org Received: from clink.schulte.org (clink.schulte.org [209.134.156.193]) by hub.freebsd.org (Postfix) with ESMTP id D4CEF37B402 for ; Thu, 31 Jan 2002 11:07:21 -0800 (PST) Received: from schulte-laptop.nospam.schulte.org (nb-65.netbriefings.com [209.134.134.65]) by clink.schulte.org (Postfix) with ESMTP id 8EE8B24410; Thu, 31 Jan 2002 13:07:20 -0600 (CST) Message-Id: <5.1.0.14.0.20020131125557.01ae8768@pop3s.schulte.org> X-Sender: X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Thu, 31 Jan 2002 13:06:30 -0600 To: hawkeyd@visi.com, "Thomas T. Veldhouse" From: Christopher Schulte Subject: Re: OpenSSH protocol 1 in FBSD 4.5-REL Cc: security at FreeBSD In-Reply-To: <20020131124108.A1453@sheol.localdomain> References: <006501c1aa84$80b86e20$3028680a@tgt.com> <20020131093630.A645@sheol.localdomain> <006501c1aa84$80b86e20$3028680a@tgt.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 12:41 PM 1/31/2002 -0600, D J Hawkey Jr wrote: >On Jan 31, at 12:24 PM, Thomas T. Veldhouse wrote: > > > > Yes, as per /usr/src/UPDATING. > >I haven't installed 4.5 yet, so I haven't read it yet. This is an ungodly long url (sorry) but will allow you to read the 4.5-RELEASE UPDATING file. http://cvsweb.freebsd.org/ is your friend. http://www.freebsd.org/cgi/cvsweb.cgi/~checkout~/src/UPDATING?rev=1.73.2.50.2.4&content-type=text/plain&only_with_tag=RELENG_4_5_0_RELEASE > > Tom Veldhouse > > veldy@veldy.net > >Thanks, though, >Dave > >-- > ______________________ ______________________ > \__________________ \ D. J. HAWKEY JR. / __________________/ > \________________/\ hawkeyd@visi.com /\________________/ > http://www.visi.com/~hawkeyd/ -- Christopher Schulte http://www.schulte.org/ Do not un-munge my @nospam.schulte.org email address. This address is valid. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jan 31 11:33:12 2002 Delivered-To: freebsd-security@freebsd.org Received: from relay3-gui.server.ntli.net (relay3-gui.server.ntli.net [194.168.4.200]) by hub.freebsd.org (Postfix) with ESMTP id 0688237B400 for ; Thu, 31 Jan 2002 11:33:08 -0800 (PST) Received: from pc4-card4-0-cust162.cdf.cable.ntl.com ([80.4.14.162] helo=rhadamanth.private.submonkey.net ident=mailnull) by relay3-gui.server.ntli.net with esmtp (Exim 3.03 #2) id 16WMxE-0002gM-00; Thu, 31 Jan 2002 19:33:04 +0000 Received: from setantae by rhadamanth.private.submonkey.net with local (Exim 3.34 #1) id 16WMxE-000D2E-00; Thu, 31 Jan 2002 19:33:04 +0000 Date: Thu, 31 Jan 2002 19:33:04 +0000 From: Ceri To: Christopher Schulte Cc: freebsd-security@freebsd.org Subject: Re: OpenSSH protocol 1 in FBSD 4.5-REL Message-ID: <20020131193304.GB49952@rhadamanth> References: <006501c1aa84$80b86e20$3028680a@tgt.com> <20020131093630.A645@sheol.localdomain> <006501c1aa84$80b86e20$3028680a@tgt.com> <5.1.0.14.0.20020131125557.01ae8768@pop3s.schulte.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <5.1.0.14.0.20020131125557.01ae8768@pop3s.schulte.org> User-Agent: Mutt/1.3.27i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, Jan 31, 2002 at 01:06:30PM -0600, Christopher Schulte wrote: > At 12:41 PM 1/31/2002 -0600, D J Hawkey Jr wrote: > >On Jan 31, at 12:24 PM, Thomas T. Veldhouse wrote: > >> > >> Yes, as per /usr/src/UPDATING. > > > >I haven't installed 4.5 yet, so I haven't read it yet. > > This is an ungodly long url (sorry) but will allow you to read the > 4.5-RELEASE UPDATING file. http://cvsweb.freebsd.org/ is your friend. > > http://www.freebsd.org/cgi/cvsweb.cgi/~checkout~/src/UPDATING?rev=1.73.2.50.2.4&content-type=text/plain&only_with_tag=RELENG_4_5_0_RELEASE Looks like a job for makeashorterlink.com ;) Ceri -- keep a mild groove on To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jan 31 12:21:20 2002 Delivered-To: freebsd-security@freebsd.org Received: from pc1-dale5-0-cust136.not.cable.ntl.com (pc1-dale5-0-cust136.not.cable.ntl.com [80.1.76.136]) by hub.freebsd.org (Postfix) with SMTP id 7C3CD37B402 for ; Thu, 31 Jan 2002 12:21:10 -0800 (PST) Received: (qmail 17809 invoked from network); 31 Jan 2002 20:21:02 -0000 Received: from localhost (HELO matt.thebigchoice.com) (127.0.0.1) by localhost with SMTP; 31 Jan 2002 20:21:02 -0000 Date: Thu, 31 Jan 2002 20:21:02 +0000 From: Matt H To: "Ceri" Cc: schulte+freebsd@nospam.schulte.org, freebsd-security@FreeBSD.ORG Subject: Re: OpenSSH protocol 1 in FBSD 4.5-REL Message-Id: <20020131202102.01ef7ae8.matt@proweb.co.uk> In-Reply-To: <20020131193304.GB49952@rhadamanth> References: <006501c1aa84$80b86e20$3028680a@tgt.com> <20020131093630.A645@sheol.localdomain> <006501c1aa84$80b86e20$3028680a@tgt.com> <5.1.0.14.0.20020131125557.01ae8768@pop3s.schulte.org> <20020131193304.GB49952@rhadamanth> X-Mailer: Sylpheed version 0.7.0 (GTK+ 1.2.10; i386--freebsd4.4) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >http://www.freebsd.org/cgi/cvsweb.cgi/~checkout~/src/UPDATING?rev=1.73.2.50.2.4&content-type=text/plain&only_with_tag=RELENG_4_5_0_RELEASE > > Looks like a job for makeashorterlink.com ;) http://makeashorterlink.com/?A2CA22B5 there you go :) M To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jan 31 15:51:27 2002 Delivered-To: freebsd-security@freebsd.org Received: from mailhost.alphaconcept.fr (host.97.81.23.62.rev.coltfrance.com [62.23.81.97]) by hub.freebsd.org (Postfix) with ESMTP id 3E2EA37B416; Thu, 31 Jan 2002 15:49:04 -0800 (PST) Received: from cfn.ist.utl.pt (NS [210.111.140.195]) by mailhost.alphaconcept.fr with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2655.55) id Z019N5T9; Fri, 1 Feb 2002 00:44:43 +0100 To: From: "Cheech" Subject: Don't Bogart That Joint... 23908 Date: Thu, 31 Jan 2002 03:46:10 -2000 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit Message-Id: <20020131234904.3E2EA37B416@hub.freebsd.org> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Now Offering for your "Sensitive" Delight ... NEW & IMPROVED *** KATHMANDU 2 *** Thanks to recent dramatic advances in the laboratorial processes for the extraction of botanical/herbal alkaloids and glycocides, we are now able to offer what has already been the most incredibly potent marijuana/cannabis alternative available on the planet .... KATHMANDU TEMPLE KIFF!!! It is NEW, IMPROVED and 20 times more stokin'-tokin' potent in its formulation. KATHMANDU 2 ... a viripotent cannabis alternative for blissful regressions of vexatious depressions... * BURNS AND SMOKES EASIER! * TOKES DEEPER! * TASTES SWEETER! * LASTS LONGER! Kathmandu Temple Kiff is a proprietary; Nepalese, sensitive, pipe-smoking/stoking substance. Kathmandu Temple Kiff is indeed the most substantial marijuana/cannabis alternative on the planet. Absolutely Legal! Marvelously Potent! Kathmandu Temple Kiff possesses all of the positive virtues fine ganja/cannabis without any of the negatives. An amalgamation of high concentrates of rare euphoric herbas, Kathmandu is offered in a solid jigget/bar format and is actually more UPLIFTING & POISED than cannabis / marijuana while rendering Euphoria, Happiness, Mood-Enhancement, Stress/Depression Relief and promoting contemplativeness, creativity, better sleep, lucid dreaming ... and enhancing the sexual experience!!! Kathmandu Temple Kiff is simply the best and just a little pinch/snippet of the Kathmandu goes a long, "sensitive" way. Just 4 or 5 draws of the pipe ... (an herb pipe included with each package of Kathmandu Temple Kiff). PLEASE NOTE: Although no botanical factor in Kathmandu Temple Kiff is illegal or considered to be harmful by regulatory agencies and no tobacco is included therein, it is the policy of our company that Kathmandu Temple Kiff may not be offered or sold to any person that has not attained at least 21 years of age. So power-smokin potent is our new formulation, that much to our delight and actually even to our amazement, we have even be able to establish a very happy clientele within the hard core stoner market. Here is what our customers are saying about Kathmandu Temple Kiff: "Thank you so much for the Temple Kiff. It is everything you guys claim, and then some! I was a bit skeptical when I read your description of its effects, but there is literally no exaggeration in your advertisements. How nice that this is legal! It tastes great and feels great too! I am so glad I took a chance and ordered. Blessings to all of you." -- Frankie R. "I'm a man of my 40's and I really know my stuff. I don't drink or do illegal drugs anymore and have found a much more spiritual path. I used to have to take Valium in the past. Not anymore with the Temple Kiff. It really amazes me how this stuff tastes exactly like the lebanese red and blond hash I used to smoke in the 70's and it has a much more pleasurable effect. I am very satisfied with this product. I like it a lot and will be a customer for life for sure. Whoever makes this stuff is an ARTIST at it. Who would have thought?! Folks, this is the real stuff! Look no further!!" -- A.J. ************************************************************ Our other fine herbal, botanical products include the following: 1. Sweet Vjestika Aphrodisia Drops (tm); An erotic aphrodisia; sexual intensifier / enhancer liquid amalgamated extract for MEN and WOMEN. 2. "Seventh Heaven" Prosaka Tablets (tm); a botanical alternative to pharmaceutical medications for calm, balance, serenity and joyful living... 3. "Seventh Heaven" Gentle Ferocity Tablets (tm); a most efficacious, non-caffeine, non-ephedrine, non-MaHuang botanical energizer and cutting-edge appetite suppressant... 4. Extreme Martial Arts Botanical Remedies; Equivalence Tablets & Dragon Wing Remedy Spray ... pain management that works to alleviate pain even for arthritis and fibromyalgia sufferers... ********************************************* Sweet Vjestika Aphrodisia Drops (tm) inspires and enhances: * Penile & clitoral sensitivity * Sensitivity to touch * Desire to touch and be touched * Fantasy, lust, rapture, erogenous sensitivity ... * Prolongs and intensifies foreplay, orgasm & climax ********************************************* "Seventh Heaven" Prosaka Tablets ... Entirely natural, proprietary, botanical prescription comprised of uncommon Asian Herbs for Calm, Balance, Serenity and Joyful Living. "Seventh Heaven" Prosaka is indeed a most extraordinary, viripotent, calming, centering, mood-enhancing, holistically-formulated, exotic herbaceous alternative to pharmaceutical medications for depression, anxiety, stress, insomnia, etc. NO side effects! NO dependency! Vivaciously Mellow! ********************************************** "Seventh Heaven" Gentle Ferocity Tablets (tm) ... a non-caffeine, non-ephedrine, non-ephedra, non-MaHuang; viripotent, herbaceous prescription for the dynamic energization of body, mind and spirit. This Gentle Ferocity Formulation is amalgamated in accordance with the fundamental Taoist herbal principle of botanical interactiveness and precursorship which in essence is a molecular equation of the relevant botanical/herbal alkaloids and glycosides interacting with one another to prolificate molecular communion and thereby to achieve demonstrative herbal efficaciousness without negative implication to any aspect of human composition. These Gentle Ferocity Cordial Tablets are incredulously and thoroughly effective. Enjoy! For those of you who seek to achieve most demonstrative/non-invasive/non-prohibitive appetite suppression without the negative implications of ongoing usage of MaHuang Herb, Ephedra/Ephedrine or Caffeine as are so magnaminously utilized in a multitude of herbal "diet aids" entitled as "Thermogenics" ... this is ABSOLUTELY the herbal agenda/product for you!! Entirely Natural! Increases Energy! Increases Metabolism! Decreases Appetite! *********************************************** Extreme Martial Arts Botanical Remedies Eastern culture has long had a treatment for bone, muscle, tendon, ligament, sinew and joint distress, traumas, afflictions and constrictions. We are pleased to offer Equivalence Tablets & Dragon Wing Remedy Spray (Hei Ping Shun) (Hei Long Chibang) PLEASE NOTE: While it is true that all physiological traumas and injuries are unique and that no product can arbitrarily eliminate all of the pain and discomfort in all people all of the time, the combination of Equivalence Tablets (Hei Ping Shun) and Dragon Wing Remedy (Hei Long Chibang) remedial botanicals does guarantee to at the least: 1. Significantly reduce discomfort and pain! (In many instances most, if not all, traumas and distress can be eliminated!) 2. Significantly increase mobility and strength ratio. (Please remember also the significance of proper diet, excercise, rest and prayer.) Equivalence Tablets & Dragon Wing Spray Remedials are comprised of entirely natural botanical factors. While Equivalence Tablets (Hei Ping Shun) and Dragon Wing Remedy Spray (Hei Long Chibang) are extremely effective individually, they are utilized to maximum advantage when used in conjunction with one another. ======================================================== PRICING INFORMATION: 1. SEVENTH HEAVEN KATHMANDU TEMPLE KIFF (tm) One .75 oz. jigget/bar $65.00 One 2.0 oz. jigget/bar $115.00 (Free Capillaris Herba with 2.0 oz. bar. Refer to Capillaris paragraph at end of text) 2. SWEET VJESTIKA APHRODISIA DROPS (tm) One 1.0 oz. bottle $90.00 Two 1.0 oz. bottles $140.00 3. SEVENTH HEAVEN PROSAKA (tm) One 100 tablet tin $40.00 Three 100 tablet tins $105.00 Six 100 tablet tins $185.00 4. SEVENTH HEAVEN GENTLE FEROCITY (tm) One 300 tablet jar $130.00 5. Equivalence Tablets - Each bottle contains 90 - 500mg tablets. ** 3-pack (270 tablets) $83.00 ** 6-pack (540 tablets) $126.00 (save $40.00) ** 9-pack (810 tablets) $159.00 (save $90.00) ** 12-pack (1,080 tablets) $192.00 (save $140.00) 6. Dragon Wing Spray Remedy - Each spray bottle contains 4 liquid oz. ** 3-pack (3 - 4 oz. bottles) $83.00 ** 6-pack (6 - 4 oz. bottles) $126.00 (save $40.00) ** 9-pack (9 - 4 oz. bottles) $159.00 (save $90.00) ** 12-pack (12 - 4 oz. bottles) $192.00 (save $140.00) 7. Dynamic Duo Introductory Offers ** 3-pack Equivalence Tabs & 3-pack Dragon Wing $126.00 (save $40.00) ** 6-pack Equivalence Tabs & 3-pack Dragon Wing $159.00 (save $50.00) ** 9-pack Equivalence Tabs & 6-pack Dragon Wing $215.00 (save $70.00) ** 12-pack Equivalence Tabs & 9-pack Dragon Wing $271.00 (save $80.00) 8. SWEET APHRODISIA INTRO COMBINATION OFFER Includes one, 2.0 oz. jigget/bar of Kathmandu Temple Kiff & one, 1 oz. bottle of Sweet Vjestika Aphrodisia Drops. For $150.00 (Reg. $205.00 Save $55) (Free Capillaris Herba with this intro offer. Refer to Capillaris paragraph at end of text) 9. BODY, MIND, SPIRIT "HEAVENLY" INTRO COMBINATION OFFER Includes one, 2.0 oz. jigget/bar of Kathmandu Temple Kiff & 1 tin (100 tablets) of Seventh Heaven Prosaka. For $125.00 (Reg. $155.00 Save $30) (Free Capillaris Herba with this intro offer. Refer to Capillaris paragraph at end of text) 10. "PURE ENERGY" INTRO COMBINATION OFFER Includes one, 2.0 oz. jigget/bar of Kathmandu Temple Kiff & 1 jar (300 tablets) of Seventh Heaven Gentle Ferocity. For $170.00 (Reg. $245.00 Save $75) (Free Capillaris Herba with this intro offer Refer to Capillaris paragraph at end of text) 11. "SENSITIVE" PREFERENTIAL INTRO COMBINATION OFFER Includes one, 2.0 oz. jigget/bar of Kathmandu Temple Kiff & 1 tin (100 tablets) of Seventh Heaven Prosaka & 1 jar (300 tablets) of Seventh Heaven Gentle Ferocity For $200.00 (Reg. $285.00 Save $85) (Free Capillaris Herba with this intro offer Refer to Capillaris paragraph at end of text.) 12. ULTIMATE HERBACEOUSNESS INTRO COMBINATION OFFER Includes one - 2.0 oz. jigget / bar of Kathmandu Temple Kiff, one - 1 oz. bottle of Sweet Vjestika Aphrodisia Drops, one - 100 tablet tin of Prosaka, and one - 300 count jar of Gentle Ferocity for a deep discounted Retail Price of $260.00 (Reg. $375.00 Save $115) (Free Capillaris Herba with this intro offer Refer to Capillaris paragraph at end of text.) SPECIAL OFFER: For a limited time only, you will receive a FREE personal brass hookah with the Ultimate Herbaceous Intro Offer as our gift to you. This hookah has a retail value of $25.00. ************************************************** ORDERING INFORMATION: For your convenience, you can call us direct with your orders or questions. Call 1-623-974-2295 Monday - Friday -- 10:30 AM to 7:00 PM (Mountain Time) Saturday -- 11:00 AM to 3:00 PM (Mountain Time) For all domestic orders, add $5.00 shipping & handling (shipped U.S. Priority Mail). Add $20.00 for International orders. ************************************************** SPECIAL DISCOUNT & GIFT Call now and receive a FREE botanical gift! With every order for a 2.0 oz. jigget / bar of Kathmandu Temple Kiff or one of our four (4) Intro Combination Offers, we will include as our free gift to you ... a 2.0 oz. package of our ever so sedate, sensitive Asian import, loose-leaf Capillaris Herba for "happy" smoking or brewing ... (a $65.00 retail value). ==================================================== To remove your address from our list, click "Reply" in your email software and type "Remove" in the subject field, then send. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Feb 1 5:35:25 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.online.ie (mail.online.ie [213.159.130.68]) by hub.freebsd.org (Postfix) with ESMTP id 4CDBE37B402 for ; Fri, 1 Feb 2002 05:35:22 -0800 (PST) Received: from online.ie (news.eirteic.com [62.17.159.133]); by mail.online.ie with ESMTP id F23691901B; for ; Fri, 1 Feb 2002 13:35:15 +0000 (GMT) Message-ID: <3C5A9981.7090807@online.ie> Date: Fri, 01 Feb 2002 13:34:57 +0000 From: Sascha Luck User-Agent: Mozilla/5.0 (X11; U; Linux i386; en-US; rv:0.9.2) Gecko/20010628 X-Accept-Language: en-gb, en-us MIME-Version: 1.0 To: freebsd-security@FreeBSD.ORG Subject: IPFilter and bridging in -CURRENT? References: <20020131093630.A645@sheol.localdomain> <20020131075937.Y1050@techometer.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Does that work in -CURRENT? I seem to be unable to find anything online - every document I dig up only seems to mention that it doesn't in 4.2-RELEASE... Cheers, s, To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Feb 1 5:54:15 2002 Delivered-To: freebsd-security@freebsd.org Received: from newjack.dahomelands.net (ct470290-a.nblvil1.in.home.com [24.178.188.165]) by hub.freebsd.org (Postfix) with ESMTP id A72B737B41A for ; Fri, 1 Feb 2002 05:54:05 -0800 (PST) Received: from konundrum.org (localhost [127.0.0.1]) by newjack.dahomelands.net (8.11.6/8.11.4) with SMTP id g11DpNk27727; Fri, 1 Feb 2002 08:51:23 -0500 Received: from 194.149.77.45 (SquirrelMail authenticated user schrodinger) by webmail.konundrum.org with HTTP; Fri, 1 Feb 2002 13:51:23 -0000 (GMT) Message-ID: <1141.194.149.77.45.1012571483.squirrel@webmail.konundrum.org> Date: Fri, 1 Feb 2002 13:51:23 -0000 (GMT) Subject: Re: IPFilter and bridging in -CURRENT? From: "Schrodinger" To: bofh@online.ie In-Reply-To: <3C5A9981.7090807@online.ie> References: <3C5A9981.7090807@online.ie> Cc: security@freebsd.org X-Mailer: SquirrelMail (version 1.0.6) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > Does that work in -CURRENT? I seem to be unable to find anything online > - every document I dig up only seems to mention that it doesn't in > 4.2-RELEASE... > > Cheers, > >s, > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- http://konundrum.org/ -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GIT d--- s++:++ a--- C+++ UB++ P+ L- E--- W+++ N o-- K- w--- O- M-- V-- PS+++ PE Y+ PGP++ t++ 5 X++ R tv++ b- DI- D+ G e- h! r- y++ ------END GEEK CODE BLOCK------ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Feb 1 8:12:57 2002 Delivered-To: freebsd-security@freebsd.org Received: from yez.hyperreal.org (blowfish.ny.collab.net [63.121.102.222]) by hub.freebsd.org (Postfix) with SMTP id 2EFFA37B402 for ; Fri, 1 Feb 2002 08:12:54 -0800 (PST) Received: (qmail 17908 invoked by uid 1000); 1 Feb 2002 16:13:24 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 1 Feb 2002 16:13:24 -0000 Date: Fri, 1 Feb 2002 08:13:24 -0800 (PST) From: Brian Behlendorf X-X-Sender: brian@localhost To: security@freebsd.org Subject: rsync core dumping? Message-ID: <20020201080635.H14011-100000@localhost> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org So there've been numerous bulletins to bugtraq, etc. about remote vulnerabilities in rsync prior to 2.4.6 or so. I saw no FreeBSD-specific announcements, however the hole appeared to be pretty generic, so I upgraded anyways to the current version in /usr/ports, 2.5.2. Since the vulnerability announcements, and both before *and* after my upgrade, I've been seeing core dumps from the two public rsync servers I run for apache.org. Feb 1 07:34:09 daedalus /kernel: pid 81088 (rsync), uid 65534: exited on signal 11 Since it runs as an untrusted user and I see no evidence of a compromise I assume it's script kiddies trying whatever linux exploit shove-3-K-of-^@'s-in-a-header kind of attack they might have, but the fact that it still causes a seg fault despite upgrading to a supposedly "fixed" version is somewhat concerning. Is anyone else seeing this? I can't recreate what causes the core dump, I suppose doing a tcpdump to see what people are feeding my server is the next step. Brian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Feb 1 9:21:57 2002 Delivered-To: freebsd-security@freebsd.org Received: from proxy.centtech.com (moat.centtech.com [206.196.95.10]) by hub.freebsd.org (Postfix) with ESMTP id 3CAF337B41D for ; Fri, 1 Feb 2002 09:21:38 -0800 (PST) Received: from sprint.centtech.com (sprint.centtech.com [10.177.173.31]) by proxy.centtech.com (8.11.6/8.11.6) with ESMTP id g11HLbK04341; Fri, 1 Feb 2002 11:21:37 -0600 (CST) Received: from centtech.com (andersonpc [192.168.42.18]) by sprint.centtech.com (8.9.3+Sun/8.9.3) with ESMTP id LAA02403; Fri, 1 Feb 2002 11:21:36 -0600 (CST) Message-ID: <3C5ACFC8.87BA140F@centtech.com> Date: Fri, 01 Feb 2002 11:26:32 -0600 From: Eric Anderson X-Mailer: Mozilla 4.76 [en] (X11; U; FreeBSD 4.3-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: Sascha Luck Cc: freebsd-security@freebsd.org Subject: Re: IPFilter and bridging in -CURRENT? References: <20020131093630.A645@sheol.localdomain> <20020131075937.Y1050@techometer.net> <3C5A9981.7090807@online.ie> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org You'll need to use IPFW. Eric Sascha Luck wrote: > Does that work in -CURRENT? I seem to be unable to find anything online > - every document I dig up only seems to mention that it doesn't in > 4.2-RELEASE... > > Cheers, > > s, > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Feb 1 9:53:30 2002 Delivered-To: freebsd-security@freebsd.org Received: from va.cs.wm.edu (va.cs.wm.edu [128.239.2.31]) by hub.freebsd.org (Postfix) with ESMTP id A222437B402 for ; Fri, 1 Feb 2002 09:53:24 -0800 (PST) Received: from corona.cs.wm.edu (corona [128.239.2.50]) by va.cs.wm.edu (8.11.4/8.9.1) with ESMTP id g11HqfG06283 for ; Fri, 1 Feb 2002 12:52:42 -0500 (EST) Received: (from zvezdan@localhost) by corona.cs.wm.edu (8.11.6/8.9.1) id g11HrMP19520 for security@FreeBSD.ORG; Fri, 1 Feb 2002 12:53:22 -0500 Date: Fri, 1 Feb 2002 12:53:22 -0500 From: Zvezdan Petkovic To: security@FreeBSD.ORG Subject: Re: rsync core dumping? Message-ID: <20020201125322.A19287@corona.cs.wm.edu> Mail-Followup-To: security@FreeBSD.ORG References: <20020201080635.H14011-100000@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020201080635.H14011-100000@localhost>; from brian@collab.net on Fri, Feb 01, 2002 at 08:13:24AM -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, Feb 01, 2002 at 08:13:24AM -0800, Brian Behlendorf wrote: > > So there've been numerous bulletins to bugtraq, etc. about remote > vulnerabilities in rsync prior to 2.4.6 or so. I saw no FreeBSD-specific > announcements, however the hole appeared to be pretty generic, so I > upgraded anyways to the current version in /usr/ports, 2.5.2. Since the > vulnerability announcements, and both before *and* after my upgrade, I've > been seeing core dumps from the two public rsync servers I run for > apache.org. > > Feb 1 07:34:09 daedalus /kernel: pid 81088 (rsync), uid 65534: exited on signal 11 > > Since it runs as an untrusted user and I see no evidence of a compromise I > assume it's script kiddies trying whatever linux exploit > shove-3-K-of-^@'s-in-a-header kind of attack they might have, but the fact > that it still causes a seg fault despite upgrading to a supposedly "fixed" > version is somewhat concerning. Is anyone else seeing this? I can't > recreate what causes the core dump, I suppose doing a tcpdump to see what > people are feeding my server is the next step. > > Brian > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message I don't know about FreeBSD package since I do not use rsync on my BSD machine, but on the network I maintain Red Hat issued two rsync updates in five days. The first one was the security issue. The second one was a fix because rsync segfaulted and even corrupted file system. FWIW. -- Zvezdan Petkovic http://www.cs.wm.edu/~zvezdan/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Feb 1 10:23:56 2002 Delivered-To: freebsd-security@freebsd.org Received: from albatross.prod.itd.earthlink.net (albatross.mail.pas.earthlink.net [207.217.120.120]) by hub.freebsd.org (Postfix) with ESMTP id D274337B416 for ; Fri, 1 Feb 2002 10:23:46 -0800 (PST) Received: from user-38lcob1.dialup.mindspring.com ([209.86.97.97] helo=DSGX1WZFFGDP93) by albatross.prod.itd.earthlink.net with smtp (Exim 3.33 #1) id 16WiLc-0005Nm-00 for freebsd-security@freebsd.org; Fri, 01 Feb 2002 10:23:41 -0800 Message-ID: <008c01c1ab66$b0692820$616156d1@DSGX1WZFFGDP93> From: "suporte" To: Subject: crashs on 4.5RC Date: Fri, 1 Feb 2002 13:23:25 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org i updated my 4.4 to an 4.5RC the first time that i compiled .. it was crashing almost everysingle hour .. i booted up again on the old 4.5PRE-RELEASE .. and recompile the kernel with the new updates from cvsup .. k so was finally stable again .. now i can't get an uptime more than 4 days .. so i tryed again yesterday made another update using the cvsup there was a bunch of things new there .. i compile again .. how many time do u guys think this thing gonna keep reseting me and a bunch of friends we're having the same problems .. we really use the machine is not just a simple for mails .. is for eggdrops/apache/ircds/bncs .. stuffs like that .. can anybody give me a light ? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Feb 1 10:37: 3 2002 Delivered-To: freebsd-security@freebsd.org Received: from tomts5-srv.bellnexxia.net (tomts5.bellnexxia.net [209.226.175.25]) by hub.freebsd.org (Postfix) with ESMTP id 6FECC37B41D for ; Fri, 1 Feb 2002 10:36:49 -0800 (PST) Received: from khan.anarcat.dyndns.org ([65.94.186.7]) by tomts5-srv.bellnexxia.net (InterMail vM.4.01.03.16 201-229-121-116-20010115) with ESMTP id <20020201183647.NHEN3155.tomts5-srv.bellnexxia.net@khan.anarcat.dyndns.org>; Fri, 1 Feb 2002 13:36:47 -0500 Received: from shall.anarcat.dyndns.org (shall.anarcat.dyndns.org [192.168.0.1]) by khan.anarcat.dyndns.org (Postfix) with ESMTP id 4EB73198F; Fri, 1 Feb 2002 13:36:32 -0500 (EST) Received: by shall.anarcat.dyndns.org (Postfix, from userid 1000) id 9DF8220ACA; Fri, 1 Feb 2002 13:36:32 -0500 (EST) Date: Fri, 1 Feb 2002 13:36:31 -0500 From: The Anarcat To: Zvezdan Petkovic Cc: security@FreeBSD.ORG Subject: Re: rsync core dumping? Message-ID: <20020201183631.GG324@shall.anarcat.dyndns.org> References: <20020201080635.H14011-100000@localhost> <20020201125322.A19287@corona.cs.wm.edu> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="BghK6+krpKHjj+jk" Content-Disposition: inline In-Reply-To: <20020201125322.A19287@corona.cs.wm.edu> User-Agent: Mutt/1.3.25i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --BghK6+krpKHjj+jk Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi. An advisory is underway for the rsync port. The 2.5.1_1 is not vulnerable to the problem described in http://www.mandrakesecure.net/en/advisories/2002/MDKSA-2002-009.php 2.5.2 also contains the fix. A,=20 On Fri Feb 01, 2002 at 12:53:22PM -0500, Zvezdan Petkovic wrote: > On Fri, Feb 01, 2002 at 08:13:24AM -0800, Brian Behlendorf wrote: > >=20 > > So there've been numerous bulletins to bugtraq, etc. about remote > > vulnerabilities in rsync prior to 2.4.6 or so. I saw no FreeBSD-specif= ic > > announcements, however the hole appeared to be pretty generic, so I > > upgraded anyways to the current version in /usr/ports, 2.5.2. Since the > > vulnerability announcements, and both before *and* after my upgrade, I'= ve > > been seeing core dumps from the two public rsync servers I run for > > apache.org. --BghK6+krpKHjj+jk Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: Pour information voir http://www.gnupg.org iEYEARECAAYFAjxa4C4ACgkQttcWHAnWiGc6lQCfV2v1n22plkXggB8gi92iD6wf 9VoAn000J0xl3A/7NBChFCIvFLXQ5ziK =56p9 -----END PGP SIGNATURE----- --BghK6+krpKHjj+jk-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Feb 1 10:56:35 2002 Delivered-To: freebsd-security@freebsd.org Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by hub.freebsd.org (Postfix) with ESMTP id E14C137B404 for ; Fri, 1 Feb 2002 10:56:32 -0800 (PST) Received: by elvis.mu.org (Postfix, from userid 1192) id BE42010DDF7; Fri, 1 Feb 2002 10:56:32 -0800 (PST) Date: Fri, 1 Feb 2002 10:56:32 -0800 From: Alfred Perlstein To: suporte Cc: freebsd-security@freebsd.org Subject: Re: crashs on 4.5RC Message-ID: <20020201105632.Q18604@elvis.mu.org> References: <008c01c1ab66$b0692820$616156d1@DSGX1WZFFGDP93> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <008c01c1ab66$b0692820$616156d1@DSGX1WZFFGDP93>; from hh@dsgx.org on Fri, Feb 01, 2002 at 01:23:25PM -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org * suporte [020201 10:23] wrote: > i updated my 4.4 to an 4.5RC the first time that i compiled .. it was > crashing almost everysingle hour .. i booted up again on the old > 4.5PRE-RELEASE .. and recompile the kernel with the new updates from cvsup > .. k so was finally stable again .. now i can't get an uptime more than 4 > days .. so i tryed again yesterday made another update using the cvsup there > was a bunch of things new there .. i compile again .. how many time do u > guys think this thing gonna keep reseting me and a bunch of friends we're > having the same problems .. we really use the machine is not just a simple > for mails .. is for eggdrops/apache/ircds/bncs .. stuffs like that .. > can anybody give me a light ? Please see: http://www.freebsd.org/doc/en_US.ISO8859-1/books/developers-handbook/kerneldebug.html for information on how to give a more useful (read: we can do something about your problems with this information) bug report. -- -Alfred Perlstein [alfred@freebsd.org] 'Instead of asking why a piece of software is using "1970s technology," start asking why software is ignoring 30 years of accumulated wisdom.' Tax deductable donations for FreeBSD: http://www.freebsdfoundation.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Feb 1 14:20:17 2002 Delivered-To: freebsd-security@freebsd.org Received: from www.pbspro.com (www.pbspro.com [209.128.88.98]) by hub.freebsd.org (Postfix) with ESMTP id 0603737B404 for ; Fri, 1 Feb 2002 14:20:10 -0800 (PST) Received: from www (www [209.128.88.98]) by www.pbspro.com (8.11.3nb1/8.11.3) with ESMTP id g11MGpx16931 for ; Fri, 1 Feb 2002 14:16:51 -0800 (PST) Date: Fri, 1 Feb 2002 14:16:51 -0800 (PST) From: "Thomas M. Proett" X-X-Sender: proett@www To: freebsd-security@FreeBSD.ORG Subject: zero renew time Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, I just installed kerberos on a FreeBSD machine from /usr/ports/security/krb5. The version info is: PORTNAME= krb5 PORTVERSION= 1.2.2 PORTREVISION= 4 All seemed to go fine and I set up the config files: /etc/krb5.conf ============== [libdefaults] ticket_lifetime = 600 default_realm = BSD.PBSPRO.COM default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc default_keytab_name = /krb5/v5srvtab [realms] BSD.PBSPRO.COM = { kdc = mongo.pbspro.com default_domain = pbspro.com } [logging] kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmin.log default = FILE:/var/log/krb5lib.log [domain_realm] .pbspro.com = BSD.PBSPRO.COM pbspro.com = BSD.PBSPRO.COM =============== /usr/local/var/krb5kdc/kdc.conf =============================== [kdcdefaults] acl_file = /usr/local/var/krb5kdc/kadm5.acl dict_file = /usr/share/dict/words admin_keytab = /usr/local/var/krb5kdc/kadm5.keytab [realms] BSD.PBSPRO.COM = { master_key_type = des-cbc-crc supported_enctypes = des-cbc-crc:normal des3-cbc-raw:normal des3-cbc-sha1:norm al des-cbc-crc:v4 des-cbc-crc:afs3 max_life = 10h 0m 0s max_renewable_life = =7d 0h 0m 0s } ================================ I can run kinit asking for a renewable ticket but I get zero for the renewable time. ---------------------------------------------------------- proett 3> kinit -f -l 1h -r 1d Password for proett@BSD.PBSPRO.COM: proett 4> klist -f Ticket cache: FILE:/tmp/krb5cc_1001 Default principal: proett@BSD.PBSPRO.COM Valid starting Expires Service principal 02/01/02 12:41:19 02/01/02 13:41:19 krbtgt/BSD.PBSPRO.COM@BSD.PBSPRO.COM renew until 02/01/02 12:41:19, Flags: FRI ---------------------------------------------------------- Any ideas why this happens? Tom Proett Veridian Systems PBSPro Development 650-967-4675 x233 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Feb 2 9: 2:37 2002 Delivered-To: freebsd-security@freebsd.org Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by hub.freebsd.org (Postfix) with ESMTP id 6A44A37B402 for ; Sat, 2 Feb 2002 09:02:34 -0800 (PST) Received: from madman.nectar.cc (madman.nectar.cc [10.0.1.111]) by gw.nectar.cc (Postfix) with ESMTP id E435560; Sat, 2 Feb 2002 11:02:33 -0600 (CST) Received: (from nectar@localhost) by madman.nectar.cc (8.11.6/8.11.6) id g12H2XO47796; Sat, 2 Feb 2002 11:02:33 -0600 (CST) (envelope-from nectar) Date: Sat, 2 Feb 2002 11:02:33 -0600 From: "Jacques A. Vidrine" To: "Thomas M. Proett" Cc: freebsd-security@FreeBSD.ORG Subject: Re: zero renew time Message-ID: <20020202170233.GC47737@madman.nectar.cc> Mail-Followup-To: "Jacques A. Vidrine" , "Thomas M. Proett" , freebsd-security@FreeBSD.ORG References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.27i X-Url: http://www.nectar.cc/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, Feb 01, 2002 at 02:16:51PM -0800, Thomas M. Proett wrote: > PORTNAME= krb5 > PORTVERSION= 1.2.2 > PORTREVISION= 4 The latest is 1.2.3, by the way. > All seemed to go fine and I set up the config files: [snip] > max_renewable_life = =7d 0h 0m 0s You seem to have a typo here. Cheers, -- Jacques A. Vidrine http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Feb 2 16:45:18 2002 Delivered-To: freebsd-security@freebsd.org Received: from barney.sfrn.dnai.com (barney.sfrn.dnai.com [208.59.199.24]) by hub.freebsd.org (Postfix) with ESMTP id A8E6537B416 for ; Sat, 2 Feb 2002 16:45:10 -0800 (PST) Received: from sideshow-bob.sfrn.dnai.com (sideshow-bob.sfrn.dnai.com [208.59.199.20]) by barney.sfrn.dnai.com (8.11.2/8.11.2) with ESMTP id g130iwx98766 for ; Sat, 2 Feb 2002 16:44:58 -0800 (PST) Received: from mini.chicago.com (dnai-216-15-39-222.cust.dnai.com [216.15.39.222]) by sideshow-bob.sfrn.dnai.com (8.11.3/8.11.3) with ESMTP id g130iF904093 for ; Sat, 2 Feb 2002 16:44:15 -0800 (PST) (envelope-from frank@mini.chicago.com) Received: (from frank@localhost) by mini.chicago.com (8.9.3/8.9.3) id QAA49670 for freebsd-security@freebsd.org; Sat, 2 Feb 2002 16:48:18 -0800 (PST) (envelope-from frank) From: Frank Drebin Message-Id: <200202030048.QAA49670@mini.chicago.com> Subject: Racoon/sainfo - 'no policy found' To: freebsd-security@freebsd.org Date: Sat, 2 Feb 2002 16:48:18 -0800 (PST) X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I'm trying to get working a 'standard' vpn setup. That is, I have a FreeBSD (4.2) machine runing NAT, IPFilter, IPSec, Racoon (version 20011215a) among other things. I want to connect to it using Windows 98 and PGPNet (I've tried 6.5.8 and 7.0.3) over the internet. No matter what I do, I get 'no policy found' followed by 'failed to get proposal for responder'. I should point out that I *HAVE* gotten this whole thing to work when I replaced the '98 side with another FBSD machine (4.4) running racoon (same version) along with all the other appropriate pieces. I've attached a section of the log file generated when trying to connect from '98. My racoon.conf is just a copy of the one that comes with the distribution. It works for FBSD<->FBSD, why doesn't it work with PGPNet? Oh, and in searching through the mailing lists I came across a patch someone suggested for something similar. I tried that too - no joy. Any help, suggestions, etc. would be greatly appreciated! Thanks ------------- . . . 2002-01-31 17:18:45: DEBUG: oakley.c:755:oakley_compute_hash1(): HASH computed: 2002-01-31 17:18:45: DEBUG: plog.c:193:plogdump(): 79d4fa1b 6c2b6af5 91173e15 f7f8729f 6215747a 2002-01-31 17:18:45: DEBUG: sainfo.c:100:getsainfo(): anonymous sainfo selected.2002-01-31 17:18:45: DEBUG: isakmp_quick.c:1815:get_sainfo_r(): get sa info: anonymous . . . 2002-01-31 17:18:45: DEBUG: sainfo.c:100:getsainfo(): anonymous sainfo selected.2002-01-31 17:18:45: DEBUG: isakmp_quick.c:1815:get_sainfo_r(): get sa info: anonymous 2002-01-31 17:18:45: DEBUG: isakmp_quick.c:1907:get_proposal_r(): get a destination address of SP index from phase1 address due to no ID payloads found OR because ID type is not address. 2002-01-31 17:18:45: DEBUG: isakmp_quick.c:1968:get_proposal_r(): get a source address of SP index from phase1 address due to no ID payloads found OR because ID type is not address. 2002-01-31 17:18:45: DEBUG: isakmp_quick.c:1993:get_proposal_r(): get a src address from ID payload WINDOWS-EXTERNAL[0] prefixlen=32 ul_proto=0 2002-01-31 17:18:45: DEBUG: isakmp_quick.c:1998:get_proposal_r(): get dst address from ID payload FBSD-EXTERNAL[0] prefixlen=32 ul_proto=0 2002-01-31 17:18:45: DEBUG: policy.c:216:cmpspidxwild(): sub:0xbfbff6b0: WINDOWS-EXTERNAL[0] FBSD-EXTERNAL[0] proto=any dir=in 2002-01-31 17:18:45: DEBUG: policy.c:217:cmpspidxwild(): db: 0x80a3a08: WINDOWS-INTERNAL[0] FBSD-INTERNAL[0] proto=any dir=in 2002-01-31 17:18:45: DEBUG: policy.c:244:cmpspidxwild(): 0xbfbff6b0 masked with /24: WINDOWS-EXTERNAL/24[0] 2002-01-31 17:18:45: DEBUG: policy.c:246:cmpspidxwild(): 0x80a3a08 masked with /24: WINDOWS-INTERNAL/24[0] 2002-01-31 17:18:45: DEBUG: policy.c:216:cmpspidxwild(): sub:0xbfbff6b0: WINDOWS-EXTERNAL[0] FBSD-EXTERNAL[0] proto=any dir=in 2002-01-31 17:18:45: DEBUG: policy.c:217:cmpspidxwild(): db: 0x80a3e08: FBSD-INTERNAL/24[0] WINDOWS-INTERNAL/24[0] proto=any dir=out 2002-01-31 17:18:45: ERROR: isakmp_quick.c:2028:get_proposal_r(): no policy found: WINDOWS-EXTERNAL[0] UNIX-EXTERNAL/32[0] proto=any dir=in 2002-01-31 17:18:45: ERROR: isakmp_quick.c:1069:quick_r1recv(): failed to get proposal for responder. 2002-01-31 17:18:45: ERROR: isakmp.c:1060:isakmp_ph2begin_r(): failed to pre-process packet. . . . To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message