From owner-freebsd-security@FreeBSD.ORG Sun May 15 01:21:26 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8953716A4CE for ; Sun, 15 May 2005 01:21:26 +0000 (GMT) Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.198]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0C7C143DA9 for ; Sun, 15 May 2005 01:21:26 +0000 (GMT) (envelope-from d4rkstorm@gmail.com) Received: by rproxy.gmail.com with SMTP id i8so363485rne for ; Sat, 14 May 2005 18:21:25 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=L6nPm8WNmNsESy2pVf7wp7yJIw3o/IG9S9PI1G66r/eLzqzf2pqYcUJ4ZemGvk3SnKJHUxSlpVWegXeDE+ZaQp5HzCirN1cj+fstCz0X5X2u8GobW84RP4og2r2lAV7PlPAqYOlzY+KMMo8D3GHtASwuLKYOyYD5P43RDOsTOfY= Received: by 10.38.104.2 with SMTP id b2mr1590330rnc; Sat, 14 May 2005 18:21:25 -0700 (PDT) Received: by 10.38.101.18 with HTTP; Sat, 14 May 2005 18:21:25 -0700 (PDT) Message-ID: <245f0df1050514182158f0d041@mail.gmail.com> Date: Sun, 15 May 2005 11:21:25 +1000 From: "Drew B. [Security Expertise/Freelance Security research]." To: "M. Boelen" In-Reply-To: <4286508E.7090004@rootkit.nl> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <245f0df105051408291dd3b641@mail.gmail.com> <4286508E.7090004@rootkit.nl> cc: freebsd-security@freebsd.org Subject: Re: Need some help X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: "Drew B. \[Security Expertise/Freelance Security research\]." List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 May 2005 01:21:26 -0000 Thankyou, I will send you the mailer 'kit' and the optional information regarding the extern dependancies, and a referrer incase you need to know more info. The files are complete and intact (the kit was found before the people had a chance to rm a thing). Notes for others (security minded) while this kit is examined more :: It was not well installed, a better trained Unix user would have made this thing extremely well hidden (the installation was the main reason the machine was even seen,i suspect this would be running nice and safe on many other mail apps, and even now i have started to see a qmail.* ebay-spoof,so perhaps they hve even patched) This was a 'good' coder/s, but they obviously have some trouble with facets of running/maintaining a fBsd machine using Qmail. The webdownload info (3 sites it somehow uses),and 5 irc servers on Undernet.org seem to be the actual source of the controlling. As mentioned,its unfound and the closest I could get to examining it was after many many hours and alot of help and use of rKhunter. The only reason i have not forwarded this to an A/V company is my lack of faith in them,and simply no time, my apoogies. For the A/v who are keen to improve theyre apps; The FreeBSD Port of F-Prot was running nice and happily alongside it:(. (The app that actually spotted the malfunction after running tests seem to be rKhunter,but that only displays some 'possibles' , as mentioned,it will run happily with F-prot,hence i assume it has been encrypted well). Also, strangely, It shows up as an 'infected' file using a heuristics test with AVG (www.grisoft.com) on Windows,using theyre "free" version. Regards, Drew B. PS: Excellent job with rKhunter,I look forward to any help i can give and get from rKhunter :-) , regarding 'spare time' i would help gladly. Expect the complete kit in 20mins max Michael,again thankyou. On 5/15/05, M. Boelen wrote: > Hi, >=20 > I'm the author of Rootkit Hunter, and ofcourse interested. Unfortunately > I can't promise you to investigate it (within a small amount of time--> > due to my spare time..). If you want, you can also send me the file(s) > later. >=20 > If you decide to give me a copy, please password-protect the files > (rar/zip archive). >=20 > Michael > Rootkit.nl >=20 > > Hello, > > I would like to ask for some specialist assistance in dissecting a > > 'rootkit' (seems to be massmailing specific,crafted somehow from > > another kit perhaps) > > > > It was found running on 5.x machines belonging (sofar) to my > > knowledge, 2 companies,one of wich was an isp and another a webhosting > > service running bsd. > > I will provide the kit and further details as soon as i am sure the > > thing will be dealt with by someone official. > > Being properly examined so all exploits within it can be marked > > out,whether new and/or old-modified is important and I cannot > > successfully complete dissection with my current equipment. > > The atacks are still happening, the familiar 'ebay' login page or > > paypal, however, the bug itself is Linux-platform speciic, extremely > > stable, and extremly hard to remove. > > Anyone interested who has the abality,especially an A/V tech/worker > > with a certificate from the company or atleast email header,or anyone > > associated that can link this to freebsd security offically. > > I can confirm that it is stable and running on v5.x FreeBSD now, and > > have no idea how long i has been around. > > Regards, > > (&&assist) > > -------------------------------------------------------------------- > > Drew B. > > Independant Security analysis,for Aussies. > > Security researcher/expert,threat-focus,Freelance. > > _______________________________________________ > > freebsd-security@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-security > > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.= org" > > >=20 >=20 --=20 -------------------------------------------------------------------- Drew B. Independant Security analysis,for Aussies. Security researcher/expert,threat-focus,Freelance. From owner-freebsd-security@FreeBSD.ORG Sun May 15 11:43:41 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 19A5616A4CE for ; Sun, 15 May 2005 11:43:41 +0000 (GMT) Received: from osl1smout1.broadpark.no (osl1smout1.broadpark.no [80.202.4.58]) by mx1.FreeBSD.org (Postfix) with ESMTP id AD9F843DE5 for ; Sun, 15 May 2005 11:43:40 +0000 (GMT) (envelope-from des@des.no) Received: from osl1sminn1.broadpark.no ([80.202.4.59]) by osl1smout1.broadpark.no (Sun Java System Messaging Server 6.1 HotFix 0.05 (built Oct 21 2004)) with ESMTP id <0IGJ003ZEAEUH650@osl1smout1.broadpark.no> for freebsd-security@freebsd.org; Sun, 15 May 2005 15:49:42 +0200 (CEST) Received: from dsa.des.no ([80.203.228.37]) by osl1sminn1.broadpark.no (Sun Java System Messaging Server 6.1 HotFix 0.05 (built Oct 21 2004)) with ESMTP id <0IGJ000UP4Q6MNM0@osl1sminn1.broadpark.no> for freebsd-security@freebsd.org; Sun, 15 May 2005 13:46:54 +0200 (CEST) Received: by dsa.des.no (Pony Express, from userid 666) id 1F3FF45165; Sun, 15 May 2005 13:43:06 +0200 (CEST) Received: from xps.des.no (xps.des.no [10.0.0.12]) by dsa.des.no (Pony Express) with ESMTP id 7FBF545131; Sun, 15 May 2005 13:43:02 +0200 (CEST) Received: by xps.des.no (Postfix, from userid 1001) id 7524833C3B; Sun, 15 May 2005 13:43:02 +0200 (CEST) Date: Sun, 15 May 2005 13:43:02 +0200 From: des@des.no (=?iso-8859-1?q?Dag-Erling_Sm=F8rgrav?=) In-reply-to: <245f0df105051408291dd3b641@mail.gmail.com> To: "Drew B. [Security Expertise/Freelance Security research]." Message-id: <86acmwd8ah.fsf@xps.des.no> MIME-version: 1.0 Content-type: text/plain; charset=iso-8859-1 Content-transfer-encoding: quoted-printable X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on dsa.des.no References: <245f0df105051408291dd3b641@mail.gmail.com> User-Agent: Gnus/5.110002 (No Gnus v0.2) Emacs/21.3 (berkeley-unix) X-Spam-Status: No, score=-2.8 required=5.0 tests=ALL_TRUSTED,AWL autolearn=disabled version=3.0.2 X-Spam-Level: cc: freebsd-security@freebsd.org Subject: Re: Need some help X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 May 2005 11:43:41 -0000 "Drew B. [Security Expertise/Freelance Security research]." writes: > I would like to ask for some specialist assistance in dissecting a > 'rootkit' (seems to be massmailing specific,crafted somehow from > another kit perhaps) Uninformed people would think it logical to contact the FreeBSD Security Officer (so@freebsd.org) before discussing security issues publicly. Of course, being a security expert, you know better than those uninformed people. DES --=20 Dag-Erling Sm=F8rgrav - des@des.no From owner-freebsd-security@FreeBSD.ORG Sun May 15 11:52:22 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9A1D116A4CE for ; Sun, 15 May 2005 11:52:22 +0000 (GMT) Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.201]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4021543D8D for ; Sun, 15 May 2005 11:52:22 +0000 (GMT) (envelope-from d4rkstorm@gmail.com) Received: by rproxy.gmail.com with SMTP id i8so390149rne for ; Sun, 15 May 2005 04:52:21 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=HR1hQxmwydRjFxucHCHoKxqe86vSEYkzPS1NptAo0kLHN19XgHG5n77tCUsiT5DlqYTNHZMOnS0Wc92BNLQ8o1bwf6V65bDqTH0VPVvb67YQMHQxL3zbh+kEvA7jbFJDnZWhq/YRhHerDmzDCEhGxxx5C11cjTWwHCJsL2uQqRo= Received: by 10.39.3.47 with SMTP id f47mr1749679rni; Sun, 15 May 2005 04:52:21 -0700 (PDT) Received: by 10.38.101.18 with HTTP; Sun, 15 May 2005 04:52:21 -0700 (PDT) Message-ID: <245f0df1050515045239459c66@mail.gmail.com> Date: Sun, 15 May 2005 21:52:21 +1000 From: "Drew B. [Security Researcher and Analyst]." To: =?ISO-8859-1?Q?Dag-Erling_Sm=F8rgrav?= In-Reply-To: <86acmwd8ah.fsf@xps.des.no> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <245f0df105051408291dd3b641@mail.gmail.com> <86acmwd8ah.fsf@xps.des.no> cc: freebsd-security@freebsd.org Subject: Re: Need some help X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: "Drew B. \[Security Researcher and Analyst\]." List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 May 2005 11:52:22 -0000 Maybe then you should read a post I posted about one week ago then, i could perhaps dig it out, it specifies the current 'problem' before it was in anyway public, and it is not public atall. It is in discussion. Have a good day sir. Drew. On 15/05/05, Dag-Erling Sm=F8rgrav wrote: > "Drew B. [Security Expertise/Freelance Security research]." writes: > > I would like to ask for some specialist assistance in dissecting a > > 'rootkit' (seems to be massmailing specific,crafted somehow from > > another kit perhaps) >=20 > Uninformed people would think it logical to contact the FreeBSD > Security Officer (so@freebsd.org) before discussing security issues > publicly. Of course, being a security expert, you know better than > those uninformed people. >=20 > DES > -- > Dag-Erling Sm=F8rgrav - des@des.no >=20 --=20 -------------------------------------------------------------------- Drew, Independant Security analysis, currently Freelancing in this area. From owner-freebsd-security@FreeBSD.ORG Sun May 15 20:56:31 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9581416A4CE for ; Sun, 15 May 2005 20:56:31 +0000 (GMT) Received: from mxfep01.bredband.com (mxfep01.bredband.com [195.54.107.70]) by mx1.FreeBSD.org (Postfix) with ESMTP id B29B343D6B for ; Sun, 15 May 2005 20:56:25 +0000 (GMT) (envelope-from jesper@hackunite.net) Received: from mail.hackunite.net ([213.112.198.142] [213.112.198.142]) by mxfep01.bredband.com with ESMTP <20050515205624.XNTU24425.mxfep01.bredband.com@mail.hackunite.net> for ; Sun, 15 May 2005 22:56:24 +0200 Received: from [213.112.198.234] (c-eac670d5.022-45-6f72652.cust.bredbandsbolaget.se [213.112.198.234]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.hackunite.net (Postfix) with ESMTP id A8A4E61A3 for ; Sun, 15 May 2005 22:56:51 +0200 (CEST) Message-ID: <4287B750.6050301@hackunite.net> Date: Sun, 15 May 2005 22:55:44 +0200 From: Jesper Wallin User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-security@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at mail.hackunite.net Subject: About the vulnerabilities in tcpdump and gzip. X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 May 2005 20:56:31 -0000 Dear list, About a week ago, right after 5.4-RELEASE was released, I received a mail from Gentoo Linux's security announcement list about a flaw in tcpdump and gzip. Since none of them are operating system related, I assumed a -p1 and -p2 of the 5.4-RELEASE. Instead, we got a patch for the HTT security issue so I wonder, is the FreeBSD version of tcpdump and/or gzip are secured or simply forgotten/ignored? tcpdump references: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2005-1279 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2005-1280 gzip references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0758 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0988 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1228 Best regards, Jesper Wallin From owner-freebsd-security@FreeBSD.ORG Mon May 16 07:31:15 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C1D0516A4CE for ; Mon, 16 May 2005 07:31:15 +0000 (GMT) Received: from web32915.mail.mud.yahoo.com (web32915.mail.mud.yahoo.com [68.142.206.62]) by mx1.FreeBSD.org (Postfix) with SMTP id 632CC43D8B for ; Mon, 16 May 2005 07:31:15 +0000 (GMT) (envelope-from thewolfro@yahoo.com) Received: (qmail 85849 invoked by uid 60001); 16 May 2005 07:31:14 -0000 Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; b=nM5G7WTzfEdEyaIXHGC853h1Ai7waxPMQw+y0lK+8VpJ33T1/WDVT4AggfTXdEDpR5Amebhw3PUoOK0vEB8S5MJ5XyGd+byLHOcYKxI6wgfrV+eAMuFlXM4gI9UvhiVsXaHdyeZx/FBOFpoLuF+o1ZbfChpg2Y+xbNspnnbPYIg= ; Message-ID: <20050516073114.85847.qmail@web32915.mail.mud.yahoo.com> Received: from [217.156.51.2] by web32915.mail.mud.yahoo.com via HTTP; Mon, 16 May 2005 00:31:14 PDT Date: Mon, 16 May 2005 00:31:14 -0700 (PDT) From: george roman To: freebsd-security@freebsd.org In-Reply-To: 6667 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: Re: Re[2]: icmp problem X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 May 2005 07:31:15 -0000 i think i know what my problem is for nat i didn't use divert with ipfw, instead i used /etc/ipnat.rules file where i put something like this: map fxp0 192.168.66.16/32 -> external_ip/32 for each host that should get nat-ed i will try the divert command to see what happends __________________________________ Yahoo! Mail Mobile Take Yahoo! Mail with you! Check email on your mobile phone. http://mobile.yahoo.com/learn/mail From owner-freebsd-security@FreeBSD.ORG Mon May 16 07:56:55 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8498016A4CE for ; Mon, 16 May 2005 07:56:55 +0000 (GMT) Received: from web32911.mail.mud.yahoo.com (web32911.mail.mud.yahoo.com [68.142.206.58]) by mx1.FreeBSD.org (Postfix) with SMTP id 2505F43D1D for ; Mon, 16 May 2005 07:56:55 +0000 (GMT) (envelope-from thewolfro@yahoo.com) Received: (qmail 67964 invoked by uid 60001); 16 May 2005 07:56:54 -0000 Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; b=AJYBK9vZhavOfERC1zg8mkBLc551ICS4q0rC3zDxqrXUaicXS5tEbuYxwUo3c72fy4Aj6UrXscCbjE5qJhgJs/JKW0prXBvCXexvj0O1Jy4HRUVrqmmwPH6RDxvr/pQ4C7gBKk16MY38luPlPqwDfK3yuHlyN/Tip/ZvhNUpWzQ= ; Message-ID: <20050516075654.67962.qmail@web32911.mail.mud.yahoo.com> Received: from [217.156.51.2] by web32911.mail.mud.yahoo.com via HTTP; Mon, 16 May 2005 00:56:54 PDT Date: Mon, 16 May 2005 00:56:54 -0700 (PDT) From: george roman To: freebsd-security@freebsd.org In-Reply-To: 6667 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: Re: Re[2]: icmp problem X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 May 2005 07:56:55 -0000 yesss. it works i used ipfw add divert natd all from any to any via fxp0 and it works perfectly. --- george roman wrote: > i think i know what my problem is > for nat i didn't use divert with ipfw, instead i > used > /etc/ipnat.rules file where i put something like > this: > > > map fxp0 192.168.66.16/32 -> external_ip/32 > > for each host that should get nat-ed > > i will try the divert command to see what happends > > > > __________________________________ > Yahoo! Mail Mobile > Take Yahoo! Mail with you! Check email on your > mobile phone. > http://mobile.yahoo.com/learn/mail > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to > "freebsd-security-unsubscribe@freebsd.org" > Yahoo! Mail Stay connected, organized, and protected. Take the tour: http://tour.mail.yahoo.com/mailtour.html From owner-freebsd-security@FreeBSD.ORG Mon May 16 08:05:16 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EEEDD16A4CE for ; Mon, 16 May 2005 08:05:15 +0000 (GMT) Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.201]) by mx1.FreeBSD.org (Postfix) with ESMTP id 984F443D55 for ; Mon, 16 May 2005 08:05:15 +0000 (GMT) (envelope-from d4rkstorm@gmail.com) Received: by rproxy.gmail.com with SMTP id i8so471132rne for ; Mon, 16 May 2005 01:05:15 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=g1zOojRAlDA1EBF4HaseEOxGxTLb6n+E+KIF2LId57lpva3X4DU30vQi1q+eAM0NmIQu0c7SBArNXLVDYNgzczHrP1u3Q98RoN53ZuNTm7zSpZG2OLXequaVtgx18m6MjNcy3CzaUC2BZLSEIsScCiEKNTL6dEfdfdCiFBXX4NQ= Received: by 10.39.2.21 with SMTP id e21mr2170152rni; Mon, 16 May 2005 01:05:15 -0700 (PDT) Received: by 10.38.101.18 with HTTP; Mon, 16 May 2005 01:05:13 -0700 (PDT) Message-ID: <245f0df105051601053ecacb0e@mail.gmail.com> Date: Mon, 16 May 2005 18:05:13 +1000 From: "Drew B. [Security Researcher and Analyst]." To: freebsd-security@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Subject: RE: oh foobar! X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: "Drew B. \[Security Researcher and Analyst\]." List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 May 2005 08:05:16 -0000 Hello list , just one thought, If you had a 'package verify" function , wich automatically installs itself and updates itself on any major update (a builtin eatire,posible for a future build), then that alone would eliminate multiple packages, of wich sometimes they have bad components left behind. I have seen a similar idea in the ports/vulnerability-test-port , I think this is a root problem , if you disabled ALL users (well atleast make a stern admin warning, and log the install that was proceeded with for root users to PoC etc , to trackback or monitor) , then you cant get any multiple installs, unless yo are using OLD cds, In wich case, as I am uninformed in fBSD it seems, (but then i think we are all misinformed, the users that is,that fbsd is extremely secure and well to manage,hence making an admin/user think the box is almost indestructible,it is impossible with Opensource,and now it is being torn apart,as duely all things do in time i guess). There just seems to me,that i am seeing alot of fbsd-related exploitation,unlike 10 or so years ago,when yes, unix was comprisable, but usually by a brutefrce on a 'god' pass ;). i am now going to remain idle , and am even leaving the online world, to concentrate on more iportant things,like getting a Job :). So good luck to you all, i will still remain here, i just will not be very Public anymore, it seems i may be upsetting the higher echelons of fBsd, i can see my firewall ya know ;). And i dislike what I see, when all i really did, was report a problem I had myself, and someone I know still has. I am here to only have that addresses, watching the rest of this list function has shown me how weak your security is. Yea sure you might have a nametag (Just like "expert" ;) , but nowdays that dont mean jackshit, and if my machines are going to be annoyed about it, i would rather just d/c and move my stuff. You are the O/S socalled bosses and so@freebsd.org , well, i dont recall EVER seeing it, so i must be just hopeless ey! Anyhow I mean o mis or mal-intent, never did..I warned I was looking into something in my first post here, then received criticism in public from @frebsd.org .. pfft.. ridiculous, out of ALL the words i wrote, all that the person could see was 'expert' ... wow.. congrats! You picked a silly signature error for me. As i am saying.. basically watching the way this is happening, after posting a 'request' has made me sicken of ever posting any problems ever again to you. i find the unprofessionalism , about a silly avaar, ridiculous considering one person managed to say that, and 10 others in Private (yes PM! amazing thing that) , they had atlest p[ositive things to say. yes people make accidents, i have a busy life, NOW not so :) , but i just did not know of a security list running, and then another security officer, I assumed the so@ would be the security-list owner, so considering I have apaprently been 'public' about something that is legal, well this is how i am responding, and i will know that if you treat people this way, toehrs also HAVE and will continue, to leave. Adios amigos (those that actually read things ;) Regards, Drew. -------------------------------------------------------------------- Drew, the antichrist who reported a flaw. From owner-freebsd-security@FreeBSD.ORG Mon May 16 02:41:19 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E07E316A4DB for ; Mon, 16 May 2005 02:41:19 +0000 (GMT) Received: from orpheus.coreixsystems.com.au (orpheus.coreixsystems.com.au [203.59.54.185]) by mx1.FreeBSD.org (Postfix) with ESMTP id 59AC943D6B for ; Mon, 16 May 2005 02:41:18 +0000 (GMT) (envelope-from coreix@coreixsystems.com.au) Received: from craigrm (craigrm.coreixsystems.com.au. [192.168.1.50]) j4G2fEn2000553 for ; Mon, 16 May 2005 10:41:16 +0800 (WST) (envelope-from coreix@coreixsystems.com.au) Message-ID: <001001c559c0$bb190860$3201a8c0@craigrm> From: "Coreix Systems" To: Date: Mon, 16 May 2005 10:41:09 +0800 Organization: Coreix Systems MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-Mailman-Approved-At: Mon, 16 May 2005 13:38:43 +0000 Subject: Configure a FreeBSD firewall to pass IPSec? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Coreix Systems List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 May 2005 02:41:20 -0000 Greg White,. I have noted your comment on some documentation found on the web, "I have successfully (and repeatedly) used Nortel VPN client on a NATed host through a FreeBSD gateway." Currently i have the same problem with a Nortel BCM Running M$ Windows VPN, the BCM sit's behind a FreeBSD Firewall / NATD. ---- Network ---- ADSL Modem | FreeBSD Server / Gateway / HTTP etc. | 192.168.2.242 | 192.168.1.1 Nortel BCM LAN ----------------------------------------------------------------- Can you please provide me with any help (documentation) as to how you were able to successfully get IPSec Forwarding through the Nat'ed BSD Server without breaking IPSEC_AH Thanks Craigrm From owner-freebsd-security@FreeBSD.ORG Tue May 17 12:42:37 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6C03D16A4CE for ; Tue, 17 May 2005 12:42:37 +0000 (GMT) Received: from web32911.mail.mud.yahoo.com (web32911.mail.mud.yahoo.com [68.142.206.58]) by mx1.FreeBSD.org (Postfix) with SMTP id F0BE743DC5 for ; Tue, 17 May 2005 12:42:36 +0000 (GMT) (envelope-from thewolfro@yahoo.com) Received: (qmail 23300 invoked by uid 60001); 17 May 2005 12:42:35 -0000 Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; b=MvQ8FgQLxI1hU3wVPS6j/QaQtYlLdPVNKqqaqv05x8hxLKSrunk0iw7b/br39BBjdk8ypRWvGl0kiIwKPOaUyDgKtRbtA1PrH1ENyeOSA0Had7sX3d+mqdpC8WOiLsAr6e9sL9oLWB6e6Hli7WoVBkhw1RtueAMk1OE1Dk/LEXg= ; Message-ID: <20050517124235.23298.qmail@web32911.mail.mud.yahoo.com> Received: from [217.156.51.2] by web32911.mail.mud.yahoo.com via HTTP; Tue, 17 May 2005 05:42:35 PDT Date: Tue, 17 May 2005 05:42:35 -0700 (PDT) From: george roman To: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: ipfw question X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 May 2005 12:42:37 -0000 does anyone what is the ipfw equivalent line for this one? rdr fxp0 external_ip_addres/32 port 69 -> 192.168.66.3 port 69 udp i use a tftpd server behind a nat and i want to redirect all trafic coming from internet on port 69 to the tftpd server 10x for help __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From owner-freebsd-security@FreeBSD.ORG Tue May 17 13:25:39 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9787316A4CE for ; Tue, 17 May 2005 13:25:39 +0000 (GMT) Received: from eddie.nitro.dk (port324.ds1-khk.adsl.cybercity.dk [212.242.113.79]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3044443D72 for ; Tue, 17 May 2005 13:25:39 +0000 (GMT) (envelope-from simon@eddie.nitro.dk) Received: by eddie.nitro.dk (Postfix, from userid 1000) id 44E17119C4C; Tue, 17 May 2005 15:25:36 +0200 (CEST) Date: Tue, 17 May 2005 15:25:36 +0200 From: "Simon L. Nielsen" To: Jesper Wallin Message-ID: <20050517132535.GC15047@eddie.nitro.dk> References: <4287B750.6050301@hackunite.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="kfjH4zxOES6UT95V" Content-Disposition: inline In-Reply-To: <4287B750.6050301@hackunite.net> User-Agent: Mutt/1.5.9i cc: freebsd-security@freebsd.org Subject: Re: About the vulnerabilities in tcpdump and gzip. X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 May 2005 13:25:39 -0000 --kfjH4zxOES6UT95V Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2005.05.15 22:55:44 +0200, Jesper Wallin wrote: > About a week ago, right after 5.4-RELEASE was released, I received a=20 > mail from Gentoo Linux's security announcement list about a flaw in=20 > tcpdump and gzip. Since none of them are operating system related, I=20 > assumed a -p1 and -p2 of the 5.4-RELEASE. Instead, we got a patch for=20 > the HTT security issue so I wonder, is the FreeBSD version of tcpdump=20 > and/or gzip are secured or simply forgotten/ignored? I'm rather sure that FreeBSD is vulnerable to the tcpdump issue (since I don't see any reason we should not be), but unfortunately the proof-of-concept code does not work on FreeBSD, so I have not yet been able to verify the problem. That said, an advisory is upcomming, but I cannot give you a date yet. It should be noted that the tcpdump issue is DoS, not remote code execution. I do not know the status of the gzip issue, but I will look into it. Both tcpdump and gzip issues are certainly not ignored, but preparing an advisory (and all the related tasks) takes some time. --=20 Simon L. Nielsen FreeBSD Security Team --kfjH4zxOES6UT95V Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQFCifDPh9pcDSc1mlERAkE+AKCs42Z8TMaYPFAJuBfQzRuPPcGrhQCggWng 7a9mET6iXCSFDoXL0B2VI1E= =sHnP -----END PGP SIGNATURE----- --kfjH4zxOES6UT95V-- From owner-freebsd-security@FreeBSD.ORG Tue May 17 13:45:39 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6017816A4CE for ; Tue, 17 May 2005 13:45:39 +0000 (GMT) Received: from web8506.mail.in.yahoo.com (web8506.mail.in.yahoo.com [202.43.219.168]) by mx1.FreeBSD.org (Postfix) with SMTP id F2D5543D73 for ; Tue, 17 May 2005 13:45:37 +0000 (GMT) (envelope-from mohanchandra_01@yahoo.co.in) Received: (qmail 6594 invoked by uid 60001); 17 May 2005 13:45:32 -0000 Message-ID: <20050517134532.6592.qmail@web8506.mail.in.yahoo.com> Received: from [203.126.245.198] by web8506.mail.in.yahoo.com via HTTP; Tue, 17 May 2005 14:45:32 BST Date: Tue, 17 May 2005 14:45:32 +0100 (BST) From: mohan chandra To: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Subject: HOW TO Enable IPSec for FreeBSD.......??? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 May 2005 13:45:39 -0000 Hi, I have tried to enable IPSec support for my FreeBSD( 4.11-RELEASE) system. First, I copied the generic kernel configuration file to a file I called MYKERNEL: #cp /usr/src/sys/i386/conf/GENERIC /usr/src/sys/i386/conf/MYKERNEL Then, I added the following three lines to the options section of /usr/src/sys/i386/conf/MYKERNEL: options IPSEC options IPSEC_ESP options IPSEC_DEBUG After that I recompile the kernel with the following command: # cd /usr/src # make buildkernel KERNCONF=IPSEC && make installkernel KERNCONF=IPSEC And also installed IKE support on my system with the following command using racoon: cd /usr/ports/security/racoon make install clean Afterall completion of build, still IPSec support is not appearing in the system. Suggest me,is there any configuration or modifications need to be done? Please, anyone give me some suggestion to enable IPSec support on FreeBSD. Any Help will be very much appeciated.. Thanx, Regards, Mohan.. ________________________________________________________________________ Yahoo! India Matrimony: Find your life partner online Go to: http://yahoo.shaadi.com/india-matrimony From owner-freebsd-security@FreeBSD.ORG Tue May 17 13:49:15 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5F83216A4CE for ; Tue, 17 May 2005 13:49:15 +0000 (GMT) Received: from pumice6.sentex.ca (pumice6.sentex.ca [64.7.153.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id BD42543DAC for ; Tue, 17 May 2005 13:49:14 +0000 (GMT) (envelope-from mike@sentex.net) Received: from lava.sentex.ca (pyroxene.sentex.ca [199.212.134.18]) by pumice6.sentex.ca (8.13.3/8.13.3) with ESMTP id j4HDnATf088314; Tue, 17 May 2005 09:49:10 -0400 (EDT) (envelope-from mike@sentex.net) Received: from simian.sentex.net (simeon.sentex.ca [192.168.43.27]) by lava.sentex.ca (8.13.3/8.13.3) with ESMTP id j4HDn4PS058951; Tue, 17 May 2005 09:49:04 -0400 (EDT) (envelope-from mike@sentex.net) Message-Id: <6.2.1.2.0.20050517094859.04d809c8@64.7.153.2> X-Mailer: QUALCOMM Windows Eudora Version 6.2.1.2 Date: Tue, 17 May 2005 09:49:22 -0400 To: mohan chandra , freebsd-security@freebsd.org From: Mike Tancsa In-Reply-To: <20050517134532.6592.qmail@web8506.mail.in.yahoo.com> References: <20050517134532.6592.qmail@web8506.mail.in.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Virus-Scanned: by amavisd-new X-Scanned-By: MIMEDefang 2.51 on 64.7.153.21 Subject: Re: HOW TO Enable IPSec for FreeBSD.......??? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 May 2005 13:49:15 -0000 At 09:45 AM 17/05/2005, mohan chandra wrote: >Hi, > > I have tried to enable IPSec support for my >FreeBSD( 4.11-RELEASE) system. Hi, You need to reboot after installing the new kernel. ---Mike From owner-freebsd-security@FreeBSD.ORG Tue May 17 15:43:00 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C3A7216A4CE for ; Tue, 17 May 2005 15:43:00 +0000 (GMT) Received: from h2.prohosting.com.ua (h2.prohosting.com.ua [217.16.18.181]) by mx1.FreeBSD.org (Postfix) with ESMTP id 009DE43D67 for ; Tue, 17 May 2005 15:43:00 +0000 (GMT) (envelope-from news@625.ru) Received: from [194.84.94.11] (helo=[192.168.5.24]) by h2.prohosting.com.ua with esmtpa (Exim 4.50 (FreeBSD)) id 1DY4Da-000C3z-LX for freebsd-security@freebsd.org; Tue, 17 May 2005 19:42:51 +0400 Date: Tue, 17 May 2005 19:42:44 +0400 From: "Danil V. Gerun" Organization: =?ISO-8859-1?Q?=CC=D3=CF_=E3=2E_=D1=EE=F7=E8_=22=C2=EE=E4=EE=EA=E0=ED=E0?= =?ISO-8859-1?Q?=EB=22_/_Water_Supply_and_Water_Treatment_Municipal_Unit?= =?ISO-8859-1?Q?ary_Undertaking_of_city_Sochi?= X-Priority: 3 (Normal) Message-ID: <148047701.20050517194244@625.ru> To: freebsd-security@freebsd.org In-Reply-To: <20050517134532.6592.qmail@web8506.mail.in.yahoo.com> References: <20050517134532.6592.qmail@web8506.mail.in.yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - h2.prohosting.com.ua X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [26 6] X-AntiAbuse: Sender Address Domain - 625.ru X-Source: X-Source-Args: X-Source-Dir: Subject: Re: HOW TO Enable IPSec for FreeBSD.......??? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: "Danil V. Gerun" List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 May 2005 15:43:00 -0000 mc> /usr/src/sys/i386/conf/MYKERNEL ... mc> # cd /usr/src mc> # make buildkernel KERNCONF=IPSEC && make mc> installkernel KERNCONF=IPSEC If this is what you've really done, then you should do make buildkernel KERNCONF=MYKERNEL make installkernel KERNCONF=MYKERNEL And you can also change the 'ident' option in the kernel to the ident MYKERNEL -- Best regards, Danil V. Gerun danil@hate.spam.625.ru From owner-freebsd-security@FreeBSD.ORG Tue May 17 17:40:58 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 43DA016A4DA for ; Tue, 17 May 2005 17:40:58 +0000 (GMT) Received: from radix.cryptio.net (radix.cryptio.net [64.81.55.119]) by mx1.FreeBSD.org (Postfix) with ESMTP id E627843DAA for ; Tue, 17 May 2005 17:40:57 +0000 (GMT) (envelope-from emechler@radix.cryptio.net) Received: by radix.cryptio.net (Postfix, from userid 1002) id A62E6304011; Tue, 17 May 2005 10:40:51 -0700 (PDT) Date: Tue, 17 May 2005 10:40:51 -0700 From: Erick Mechler To: george roman Message-ID: <20050517174051.GR11146@techometer.net> References: <20050517124235.23298.qmail@web32911.mail.mud.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050517124235.23298.qmail@web32911.mail.mud.yahoo.com> User-Agent: Mutt/1.5.6+20040907i cc: freebsd-security@freebsd.org Subject: Re: ipfw question X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 May 2005 17:40:58 -0000 :: does anyone what is the ipfw equivalent line for this one? :: :: rdr fxp0 external_ip_addres/32 port 69 -> 192.168.66.3 :: port 69 udp IPFW doesn't do nat like ipf does. You need to use natd(8): natd -n outside_iface -redirect_port udp 192.168.66.3:69 69 Cheers - Erick From owner-freebsd-security@FreeBSD.ORG Tue May 17 22:54:29 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 32D8A16A4CE for ; Tue, 17 May 2005 22:54:29 +0000 (GMT) Received: from VARK.MIT.EDU (VARK.MIT.EDU [18.95.3.179]) by mx1.FreeBSD.org (Postfix) with ESMTP id 838EF43D5F for ; Tue, 17 May 2005 22:54:28 +0000 (GMT) (envelope-from das@FreeBSD.ORG) Received: from VARK.MIT.EDU (localhost [127.0.0.1]) by VARK.MIT.EDU (8.13.3/8.13.1) with ESMTP id j4HMoOLm055682; Tue, 17 May 2005 18:50:24 -0400 (EDT) (envelope-from das@FreeBSD.ORG) Received: (from das@localhost) by VARK.MIT.EDU (8.13.3/8.13.1/Submit) id j4HMoNqR055681; Tue, 17 May 2005 18:50:23 -0400 (EDT) (envelope-from das@FreeBSD.ORG) Date: Tue, 17 May 2005 18:50:23 -0400 From: David Schultz To: Poul-Henning Kamp Message-ID: <20050517225023.GA55428@VARK.MIT.EDU> Mail-Followup-To: Poul-Henning Kamp , , freebsd-security@FreeBSD.ORG References: <245f0df105051318564b1ffb6b@mail.gmail.com> <94145.1116037219@critter.freebsd.dk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <94145.1116037219@critter.freebsd.dk> cc: freebsd-security@FreeBSD.ORG cc: "Drew B. \[Security Expertise/Freelance Security research\]." Subject: Re: FreeBSD Security Advisory FreeBSD-SA-05:09.htt [REVISED] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 May 2005 22:54:29 -0000 On Sat, May 14, 2005, Poul-Henning Kamp wrote: > In message <245f0df105051318564b1ffb6b@mail.gmail.com>, "Drew B. [Security Expe > rtise/Freelance Security research]." writes: > > >this sounds like trying to solve in the OS a problem that can only > >be solved in the application. Is there something more subtle > >that's going on? > > Well, the application could theoretically do something and Colin > advocated it this morning: make the crypto code footprint data > and key independent. While possible, it is both very tricky to > do (in particular in highlevel languages) and generally found > to be much slower than speed-optimized code. Some colleagues and I have a paper in submission that addresses the issue of key-dependent control flow, much as you describe. You're right that it's hard to do in a high-level language; you'd be surprised (okay, maybe not) at the sort of vulnerabilities that are introduced into perfectly reasonable C programs by gcc. The issue of how to address key-dependent memory accesses is harder to address in general. Consider RC5, which has some key-dependent table lookups built into the algorithm. The Dan Bernstein paper I cited in my last email has some good guidelines about how to do better, but it doesn't offer a generic solution. HTT aside, there are some interesting open problems here. > The fact that one user would be able to spy on another users editor > application and be able to extract for instance the word lengths > and layout of a document would also be considered a major security > problem in many installations. > > Or how about just being able to monitor another customers apache > instance to figure out how much traffic they get and which pages > they get it on ? If you're willing to wait a day or two, you don't even need to have a local account: http://crypto.stanford.edu/~dabo/abstracts/ssl-timing.html I'm just reading Colin's paper now---so as you say, it sounds like the punchline is that having a local account buys you a few orders of magnitude in attack time. Kewl. > The correct (technical) workaround (IMO) is to restrict HTT to be > used only for threads from the same process. That's probably satisfactory, but if you want to be really picky, even that isn't quite sufficient. Consider a Java virtual machine running web applications, for instance. There's one process, but potentially many different protection domains within it. The OS would need to understand that in order to completely prevent this kind of timing attack. (In FreeBSD, perhaps something could be done with multiple KSEGs...) From owner-freebsd-security@FreeBSD.ORG Tue May 17 23:19:44 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 044E316A4CE; Tue, 17 May 2005 23:19:44 +0000 (GMT) Received: from pd4mo1so.prod.shaw.ca (shawidc-mo1.cg.shawcable.net [24.71.223.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9AA1043D7B; Tue, 17 May 2005 23:19:43 +0000 (GMT) (envelope-from cperciva@freebsd.org) Received: from pd5mr3so.prod.shaw.ca (pd5mr3so-qfe3.prod.shaw.ca [10.0.141.144]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0IGN00BHBQ2Z4NC0@l-daemon>; Tue, 17 May 2005 17:18:35 -0600 (MDT) Received: from pn2ml7so.prod.shaw.ca ([10.0.121.151]) by pd5mr3so.prod.shaw.ca (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0IGN00K8IQ2ZQY80@pd5mr3so.prod.shaw.ca>; Tue, 17 May 2005 17:18:35 -0600 (MDT) Received: from [192.168.0.60] (S0106006067227a4a.vc.shawcable.net [24.87.209.6]) by l-daemon (iPlanet Messaging Server 5.2 HotFix 1.18 (built Jul 28 2003)) with ESMTP id <0IGN00J0QQ2YXJ@l-daemon>; Tue, 17 May 2005 17:18:35 -0600 (MDT) Date: Tue, 17 May 2005 16:18:32 -0700 From: Colin Percival In-reply-to: <20050517225023.GA55428@VARK.MIT.EDU> To: David Schultz Message-id: <428A7BC8.2070405@freebsd.org> MIME-version: 1.0 Content-type: text/plain; charset=ISO-8859-1 Content-transfer-encoding: 7bit X-Accept-Language: en-us, en X-Enigmail-Version: 0.91.0.0 References: <245f0df105051318564b1ffb6b@mail.gmail.com> <94145.1116037219@critter.freebsd.dk> <20050517225023.GA55428@VARK.MIT.EDU> User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050406) cc: freebsd-security@freebsd.org cc: Poul-Henning Kamp cc: "Drew B. \[Security Expertise/Freelance Security research\]." Subject: Re: FreeBSD Security Advisory FreeBSD-SA-05:09.htt [REVISED] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 May 2005 23:19:44 -0000 David Schultz wrote: > Some colleagues and I have a paper in submission that addresses > the issue of key-dependent control flow, much as you describe. Care to send me a pre-print? > If you're willing to wait a day or two, you don't even need to > have a local account: > > http://crypto.stanford.edu/~dabo/abstracts/ssl-timing.html 1. The Boneh-Brumley attack is specific to a particular method of performing large integer arithmetic (and thus only applies to RSA, DH, and DSS). My attack applies to essentially all code -- both crypto and non-crypto -- although I picked RSA/OpenSSL as a good demonstration platform. 2. The Boneh-Brumley attack was fixed two years ago. > I'm just reading Colin's paper now---so as you say, it sounds like > the punchline is that having a local account buys you a few orders > of magnitude in attack time. Kewl. No. On hyperthreaded systems which don't run FreeBSD or SCO, having a local account buys you an attack which would otherwise be impossible. (Unless you're running a really old version of OpenSSL.) Colin Percival From owner-freebsd-security@FreeBSD.ORG Wed May 18 07:31:26 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7282C16A4CE for ; Wed, 18 May 2005 07:31:26 +0000 (GMT) Received: from web8505.mail.in.yahoo.com (web8505.mail.in.yahoo.com [202.43.219.167]) by mx1.FreeBSD.org (Postfix) with SMTP id CB61943D73 for ; Wed, 18 May 2005 07:31:24 +0000 (GMT) (envelope-from mohanchandra_01@yahoo.co.in) Received: (qmail 21377 invoked by uid 60001); 18 May 2005 07:31:22 -0000 Message-ID: <20050518073122.21373.qmail@web8505.mail.in.yahoo.com> Received: from [203.126.245.198] by web8505.mail.in.yahoo.com via HTTP; Wed, 18 May 2005 08:31:22 BST Date: Wed, 18 May 2005 08:31:22 +0100 (BST) From: mohan chandra To: "Danil V. Gerun" , freebsd-security@freebsd.org, alex@camulus.com, mike@sentex.net In-Reply-To: 6667 MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Subject: Re: HOW TO Enable IPSec for FreeBSD.......??? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 May 2005 07:31:26 -0000 Hi Danil, Thanks to all for replying.. I executed (build) the kernel with hte propely commands by changing the "GENERIC" with "MYKERNEL" at the "ident" option. #commands used are make buildkernel KERNCONF=MYKERNEL make installkernel KERNCONF=MYKERNEL && reboot But still ipsec support is not there. If ipsec exists the file ipsec.conf should be there under " /etc " folder,but it is not there.. I found ' MYKERNEL ' folder under the following directory: :/usr/obj/usr/src/sys/MYKERNEL It contains so many object files and C-header files, In that ipsec.o, ipsec.h and other ipsec related file like esp,ah etc., are appearing. So with this can I do anything to add ipsec, Please reply me soon. Also I tried using 'setkey' to find the ipsec support with following commands and I got the following output: ------------------------- mohan# setkey -D No SAD entries. mohan# setkey -DP No SPD entries. mohan# -------------------------- And atlast can I use any ipsec patches for FreeBSD. So, please suggest me any sort of solution to get ipsec on my FreeBSD (4.11) with Regards, Mohan.. --- "Danil V. Gerun" wrote: > mc> /usr/src/sys/i386/conf/MYKERNEL > ... > mc> # cd /usr/src > mc> # make buildkernel KERNCONF=IPSEC && make > mc> installkernel KERNCONF=IPSEC > > If this is what you've really done, then you should > do > > make buildkernel KERNCONF=MYKERNEL > make installkernel KERNCONF=MYKERNEL > > > And you can also change the 'ident' option in the > kernel to the > ident MYKERNEL > > > > -- > Best regards, Danil V. Gerun > danil@hate.spam.625.ru > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to > "freebsd-security-unsubscribe@freebsd.org" > mohan chandra wrote: > Hi, > > I have tried to enable IPSec support for my > FreeBSD( 4.11-RELEASE) system. > First, I copied the generic kernel configuration file > to a file I called MYKERNEL: > > #cp /usr/src/sys/i386/conf/GENERIC > /usr/src/sys/i386/conf/MYKERNEL > > > Then, I added the following three lines to the options > section of /usr/src/sys/i386/conf/MYKERNEL: > > options IPSEC > options IPSEC_ESP > options IPSEC_DEBUG > > After that I recompile the kernel with the following > command: > > # cd /usr/src > # make buildkernel KERNCONF=IPSEC && make > installkernel KERNCONF=IPSEC > > And also installed IKE support on my system with the > following command using racoon: > > cd /usr/ports/security/racoon > make install clean > > Afterall completion of build, still IPSec support is > not appearing in the system. Suggest me,is there any > configuration or modifications need to be done? > > Please, anyone give me some suggestion to enable IPSec > support on FreeBSD. > Any Help will be very much appeciated.. > > Thanx, > > Regards, > Mohan.. ________________________________________________________________________ Yahoo! India Matrimony: Find your life partner online Go to: http://yahoo.shaadi.com/india-matrimony From owner-freebsd-security@FreeBSD.ORG Wed May 18 07:44:58 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7321716A4D1 for ; Wed, 18 May 2005 07:44:58 +0000 (GMT) Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.203]) by mx1.FreeBSD.org (Postfix) with ESMTP id D533343D78 for ; Wed, 18 May 2005 07:44:57 +0000 (GMT) (envelope-from jpriotti@gmail.com) Received: by rproxy.gmail.com with SMTP id i8so23725rne for ; Wed, 18 May 2005 00:44:57 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:from:to:references:subject:date:mime-version:content-type:content-transfer-encoding:x-priority:x-msmail-priority:x-mailer:x-mimeole; b=sxksDMXK+Jq4b8Tej+iscMW7b72ST5LboWB3U6wulRYlHNbWhhgWUptwl7LYrQcXg0IYMtGjtFuzPlbFhJEiilE8Ef6blFB8MAmidud5DSwEXAR2SQVVxwHXm4LotUDPu2d50k2d2/zUgTge1upV6pYG9Vob0t/82cKPeMfg/sI= Received: by 10.38.104.24 with SMTP id b24mr130920rnc; Wed, 18 May 2005 00:44:57 -0700 (PDT) Received: from pvy2m1gtzlxqq2x ([200.126.213.55]) by mx.gmail.com with ESMTP id 71sm74520rnb.2005.05.18.00.44.55; Wed, 18 May 2005 00:44:57 -0700 (PDT) Message-ID: <007701c55b7e$198216d0$37d57ec8@pvy2m1gtzlxqq2x> From: "Juan Priotti" To: "mohan chandra" , References: <20050518073122.21373.qmail@web8505.mail.in.yahoo.com> Date: Wed, 18 May 2005 04:48:35 -0300 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1437 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441 Subject: Re: HOW TO Enable IPSec for FreeBSD.......??? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 May 2005 07:44:58 -0000 Have you tried this: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ipsec.html it worked for me Juan ----- Original Mes sage ----- From: "mohan chandra" To: "Danil V. Gerun" ; ; ; Sent: Wednesday, May 18, 2005 4:31 AM Subject: Re: HOW TO Enable IPSec for FreeBSD.......??? > Hi Danil, > > Thanks to all for replying.. > > I executed (build) the kernel with hte propely > commands by changing the "GENERIC" with "MYKERNEL" at > the "ident" option. > > #commands used are > make buildkernel KERNCONF=MYKERNEL > make installkernel KERNCONF=MYKERNEL && reboot > > But still ipsec support is not there. If ipsec exists > the file ipsec.conf should be there under " /etc " > folder,but it is not there.. > > I found ' MYKERNEL ' folder under the following > directory: > > :/usr/obj/usr/src/sys/MYKERNEL > > It contains so many object files and C-header files, > In that ipsec.o, ipsec.h and other ipsec related file > like esp,ah etc., are appearing. > > So with this can I do anything to add ipsec, Please > reply me soon. > > Also I tried using 'setkey' to find the ipsec support > with following commands and I got the following > output: > ------------------------- > mohan# setkey -D > No SAD entries. > mohan# setkey -DP > No SPD entries. > mohan# > -------------------------- > > And atlast can I use any ipsec patches for FreeBSD. > So, please suggest me any sort of solution to get > ipsec on my FreeBSD (4.11) > > with Regards, > > Mohan.. > > > --- "Danil V. Gerun" wrote: > > mc> /usr/src/sys/i386/conf/MYKERNEL > > ... > > mc> # cd /usr/src > > mc> # make buildkernel KERNCONF=IPSEC && make > > mc> installkernel KERNCONF=IPSEC > > > > If this is what you've really done, then you should > > do > > > > make buildkernel KERNCONF=MYKERNEL > > make installkernel KERNCONF=MYKERNEL > > > > > > And you can also change the 'ident' option in the > > kernel to the > > ident MYKERNEL > > > > > > > > -- > > Best regards, Danil V. Gerun > > danil@hate.spam.625.ru > > > > _______________________________________________ > > freebsd-security@freebsd.org mailing list > > > http://lists.freebsd.org/mailman/listinfo/freebsd-security > > To unsubscribe, send any mail to > > "freebsd-security-unsubscribe@freebsd.org" > > > > mohan chandra wrote: > > Hi, > > > > I have tried to enable IPSec support for my > > FreeBSD( 4.11-RELEASE) system. > > First, I copied the generic kernel configuration > file > > to a file I called MYKERNEL: > > > > #cp /usr/src/sys/i386/conf/GENERIC > > /usr/src/sys/i386/conf/MYKERNEL > > > > > > Then, I added the following three lines to the > options > > section of /usr/src/sys/i386/conf/MYKERNEL: > > > > options IPSEC > > options IPSEC_ESP > > options IPSEC_DEBUG > > > > After that I recompile the kernel with the following > > command: > > > > # cd /usr/src > > # make buildkernel KERNCONF=IPSEC && make > > installkernel KERNCONF=IPSEC > > > > And also installed IKE support on my system with the > > following command using racoon: > > > > cd /usr/ports/security/racoon > > make install clean > > > > Afterall completion of build, still IPSec support is > > not appearing in the system. Suggest me,is there any > > configuration or modifications need to be done? > > > > Please, anyone give me some suggestion to enable > IPSec > > support on FreeBSD. > > Any Help will be very much appeciated.. > > > > Thanx, > > > > Regards, > > Mohan.. > > ________________________________________________________________________ > Yahoo! India Matrimony: Find your life partner online > Go to: http://yahoo.shaadi.com/india-matrimony > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" From owner-freebsd-security@FreeBSD.ORG Wed May 18 07:45:16 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C0C8B16A4E7 for ; Wed, 18 May 2005 07:45:16 +0000 (GMT) Received: from mail.yazzy.org (mail.yazzy.org [217.8.140.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2DB0943DA7 for ; Wed, 18 May 2005 07:45:16 +0000 (GMT) (envelope-from lists@yazzy.org) Received: from 217-13-2-82.dd.nextgentel.com ([217.13.2.82] helo=h311r4z3r) by mail.yazzy.org with esmtps (TLSv1:AES256-SHA:256) (YazzY.org) id 1DYJEy-0003jf-DN; Wed, 18 May 2005 09:45:18 +0200 Date: Wed, 18 May 2005 09:45:13 +0200 From: Marcin Jessa To: mohan chandra Message-Id: <20050518094513.0f28d288.lists@yazzy.org> In-Reply-To: <20050518073122.21373.qmail@web8505.mail.in.yahoo.com> References: <20050518073122.21373.qmail@web8505.mail.in.yahoo.com> Organization: YazzY.org X-Mailer: Sylpheed version 1.9.9 (GTK+ 2.6.7; i386-portbld-freebsd5.4) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Score: -2.6 (--) cc: freebsd-security@freebsd.org Subject: Re: HOW TO Enable IPSec for FreeBSD.......??? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 May 2005 07:45:17 -0000 I wrote an IPSec HowTo http://www.ezunix.org/modules.php?op=modload&name=Sections&file=index&req=viewarticle&artid=75&page=1 You don't need any patches. Try to use google.com, you'd be surprised how much you can find on the internet... On Wed, 18 May 2005 08:31:22 +0100 (BST) mohan chandra wrote: > Hi Danil, > > Thanks to all for replying.. > > I executed (build) the kernel with hte propely > commands by changing the "GENERIC" with "MYKERNEL" at > the "ident" option. > > #commands used are > make buildkernel KERNCONF=MYKERNEL > make installkernel KERNCONF=MYKERNEL && reboot > > But still ipsec support is not there. If ipsec exists > the file ipsec.conf should be there under " /etc " > folder,but it is not there.. > > I found ' MYKERNEL ' folder under the following > directory: > > :/usr/obj/usr/src/sys/MYKERNEL > > It contains so many object files and C-header files, > In that ipsec.o, ipsec.h and other ipsec related file > like esp,ah etc., are appearing. > > So with this can I do anything to add ipsec, Please > reply me soon. > > Also I tried using 'setkey' to find the ipsec support > with following commands and I got the following > output: > ------------------------- > mohan# setkey -D > No SAD entries. > mohan# setkey -DP > No SPD entries. > mohan# > -------------------------- > > And atlast can I use any ipsec patches for FreeBSD. > So, please suggest me any sort of solution to get > ipsec on my FreeBSD (4.11) > > with Regards, > > Mohan.. > > > --- "Danil V. Gerun" wrote: > > mc> /usr/src/sys/i386/conf/MYKERNEL > > ... > > mc> # cd /usr/src > > mc> # make buildkernel KERNCONF=IPSEC && make > > mc> installkernel KERNCONF=IPSEC > > > > If this is what you've really done, then you should > > do > > > > make buildkernel KERNCONF=MYKERNEL > > make installkernel KERNCONF=MYKERNEL > > > > > > And you can also change the 'ident' option in the > > kernel to the > > ident MYKERNEL > > > > > > > > -- > > Best regards, Danil V. Gerun > > danil@hate.spam.625.ru > > > > _______________________________________________ > > freebsd-security@freebsd.org mailing list > > > http://lists.freebsd.org/mailman/listinfo/freebsd-security > > To unsubscribe, send any mail to > > "freebsd-security-unsubscribe@freebsd.org" > > > > mohan chandra wrote: > > Hi, > > > > I have tried to enable IPSec support for my > > FreeBSD( 4.11-RELEASE) system. > > First, I copied the generic kernel configuration > file > > to a file I called MYKERNEL: > > > > #cp /usr/src/sys/i386/conf/GENERIC > > /usr/src/sys/i386/conf/MYKERNEL > > > > > > Then, I added the following three lines to the > options > > section of /usr/src/sys/i386/conf/MYKERNEL: > > > > options IPSEC > > options IPSEC_ESP > > options IPSEC_DEBUG > > > > After that I recompile the kernel with the following > > command: > > > > # cd /usr/src > > # make buildkernel KERNCONF=IPSEC && make > > installkernel KERNCONF=IPSEC > > > > And also installed IKE support on my system with the > > following command using racoon: > > > > cd /usr/ports/security/racoon > > make install clean > > > > Afterall completion of build, still IPSec support is > > not appearing in the system. Suggest me,is there any > > configuration or modifications need to be done? > > > > Please, anyone give me some suggestion to enable > IPSec > > support on FreeBSD. > > Any Help will be very much appeciated.. > > > > Thanx, > > > > Regards, > > Mohan.. > > ________________________________________________________________________ > Yahoo! India Matrimony: Find your life partner online > Go to: http://yahoo.shaadi.com/india-matrimony > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" From owner-freebsd-security@FreeBSD.ORG Tue May 17 14:07:16 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B907716A4CE for ; Tue, 17 May 2005 14:07:16 +0000 (GMT) Received: from home.hamlet.lv (To.Beer.Or.Not.To.Beer.hamlet.lv [217.21.160.195]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2E2D443D39 for ; Tue, 17 May 2005 14:07:15 +0000 (GMT) (envelope-from hamlet@hamlet.lv) Received: from hamlet.office.ctco.lv (hamlet.office.ctco.lv [217.21.164.25]) by home.hamlet.lv (8.12.11/8.12.11) with ESMTP id j4HE75qP013648 for ; Tue, 17 May 2005 17:07:05 +0300 (EEST) (envelope-from hamlet@hamlet.lv) From: Hamlet To: mohan chandra In-Reply-To: <20050517134532.6592.qmail@web8506.mail.in.yahoo.com> References: <20050517134532.6592.qmail@web8506.mail.in.yahoo.com> Content-Type: text/plain Date: Tue, 17 May 2005 17:10:23 +0300 Message-Id: <1116339023.4405.3.camel@hamlet.office.ctco.lv> Mime-Version: 1.0 X-Mailer: Evolution 2.0.4 (2.0.4-4) Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV version 0.81, clamav-milter version 0.81b on home.hamlet.lv X-Virus-Status: Clean X-Mailman-Approved-At: Wed, 18 May 2005 13:18:06 +0000 Subject: Re: HOW TO Enable IPSec for FreeBSD.......??? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 May 2005 14:07:16 -0000 Created kernel name is MYKERNEL. Why you trying to compile kernel IPSEC ?? On Tue, 2005-05-17 at 14:45 +0100, mohan chandra wrote: > Hi, > > I have tried to enable IPSec support for my > FreeBSD( 4.11-RELEASE) system. > First, I copied the generic kernel configuration file > to a file I called MYKERNEL: > > #cp /usr/src/sys/i386/conf/GENERIC > /usr/src/sys/i386/conf/MYKERNEL > > > Then, I added the following three lines to the options > section of /usr/src/sys/i386/conf/MYKERNEL: > > options IPSEC > options IPSEC_ESP > options IPSEC_DEBUG > > After that I recompile the kernel with the following > command: > > # cd /usr/src > # make buildkernel KERNCONF=IPSEC && make > installkernel KERNCONF=IPSEC > > And also installed IKE support on my system with the > following command using racoon: > > cd /usr/ports/security/racoon > make install clean > > Afterall completion of build, still IPSec support is > not appearing in the system. Suggest me,is there any > configuration or modifications need to be done? > > Please, anyone give me some suggestion to enable IPSec > support on FreeBSD. > Any Help will be very much appeciated.. > > Thanx, > > Regards, > Mohan.. > > > ________________________________________________________________________ > Yahoo! India Matrimony: Find your life partner online > Go to: http://yahoo.shaadi.com/india-matrimony > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" -- Best regards, Hamlet mailto:hamlet@hamlet.lv From owner-freebsd-security@FreeBSD.ORG Wed May 18 08:41:13 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D051216A4CE; Wed, 18 May 2005 08:41:13 +0000 (GMT) Received: from postal.sdsc.edu (postal.sdsc.edu [132.249.20.114]) by mx1.FreeBSD.org (Postfix) with ESMTP id 61CAD43D2F; Wed, 18 May 2005 08:41:13 +0000 (GMT) (envelope-from okumoto@ucsd.edu) Received: from multivac.sdsc.edu (IDENT:1INUxEfBkv9cAo0Wx/bp6GE4Z0nI0kuA@multivac.sdsc.edu [132.249.20.57]) j4I8fCP18257; Wed, 18 May 2005 01:41:12 -0700 (PDT) Received: (from okumoto@localhost)j4I8fCg5011006; Wed, 18 May 2005 01:41:12 -0700 (PDT) X-Authentication-Warning: multivac.sdsc.edu: okumoto set sender to okumoto@ucsd.edu using -f To: Alexander Leidinger References: <200505121545.j4CFjENu078768@repoman.freebsd.org> <20050512180743.6z1h22fldwksgw4w@netchild.homeip.net> <42897003.2090005@ucsd.edu> <20050517144446.gibxprydoosokw0k@netchild.homeip.net> <428A23A2.5080108@ucsd.edu> <20050518100548.h8r4qc59c08swoog@netchild.homeip.net> From: Max Okumoto In-Reply-To: <20050518100548.h8r4qc59c08swoog@netchild.homeip.net> (Alexander Leidinger's message of "Wed, 18 May 2005 10:05:48 +0200") User-Agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/21.2 (usg-unix-v) Date: Wed, 18 May 2005 01:41:12 -0700 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailman-Approved-At: Wed, 18 May 2005 13:18:06 +0000 cc: freebsd-security@FreeBSD.org Subject: Re: cvs commit: src/usr.bin/make job.c X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 May 2005 08:41:14 -0000 Alexander Leidinger writes: > Max Okumoto wrote: > > [CC changed to freebsd-security instead of the cvs list] > > We're talking about replacing the home-grown mkfifo() funktion in make (a > modified copy of mkstemp()) with mkdtemp() and creating the fifo in this new > directory. > > Max worries about a possible race with this new approach. > >> Its not a race between two nice programs :-) The function mkdtmp() >> creates a uniq directory, but make would then need to create a fifo >> in it. (This is two steps, and thus can allow a race) >> >> Assume badmake has same uid, so it can create a file in the uniq >> directory. (Of course this means that the bad guy already has >> your account.) > >> Normal pattern: >> --------------------- >> make0: uses mkdtmp() to create dir /tmp/4321 >> make0: tries to create fifo /tmp/4321 >> make1: uses mkdtmp() to create dir /tmp/4321 but fails >> make1: mkdtmp() next tries to create /tmp/4322 successs >> make1: tries to create fifo /tmp/4322 >> >> >> Sort of DOS: >> --------------------- >> make: uses mkdtmp() to create /tmp/1234/ >> >> badmake: watches for creation of /tmp/1234/ and >> creates /tmp/1234/fifo. >> >> make: tries to create /tmp/1234/fifo fails. > > Right. But if your account is owned you have to worry about other things than > a DOS of make (e.g. your ssh keys or access to your banking account or > whatever). And there are more possibilities for a DOS in the case of an > owned account (fork-bomb, allocating all memory, generating as much files as > possible, ...; some of them can be limited with resource limits, but not > all), so hardening make would be a nice goal, but in my opinion not a goal > we need to persuade today since it wouldn't buy us much. But feel free to > come up with some good arguments which I haven' thought of. > > Bye, > Alexander. Yup, like I said, should I even be worried about this at all? Your idea of using mkdtemp() can be fixed by putting a loop around the code. Each time around the loop would be expensive but we wouldn't be doing that to often anyway. loop: mkdtemp(template) mkfifo(tempalte + "/fifo") if error remove temp directory, restore template and loop. Or better yet, if someone could create an equiv function in libc so I don't have to maintain it in make(1) :-) Do any other programs need the ability to make a temp fifo? Personally, I don't think it is a risk, but I wanted other peoples opinions, before I tried to fix a non-issue. :-) Max From owner-freebsd-security@FreeBSD.ORG Wed May 18 12:20:35 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5B70116A4CE for ; Wed, 18 May 2005 12:20:35 +0000 (GMT) Received: from mailout10.sul.t-online.com (mailout10.sul.t-online.com [194.25.134.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id CECAC43D62 for ; Wed, 18 May 2005 12:20:34 +0000 (GMT) (envelope-from Alexander@Leidinger.net) Received: from fwd25.aul.t-online.de by mailout10.sul.t-online.com with smtp id 1DYNXN-0001Va-01; Wed, 18 May 2005 14:20:33 +0200 Received: from Andro-Beta.Leidinger.net (ZwxL7iZpgebTtB8-JLR-IKFd44odF3VqXDvjyzHNunIcUNayvrNorp@[217.229.212.213]) by fwd25.sul.t-online.de with esmtp id 1DYNXD-1k84MS0; Wed, 18 May 2005 14:20:23 +0200 Received: from localhost (localhost [127.0.0.1])j4ICKMeO072357; Wed, 18 May 2005 14:20:22 +0200 (CEST) (envelope-from Alexander@Leidinger.net) Received: from 141.113.101.32 ([141.113.101.32]) by netchild.homeip.net (Horde MIME library) with HTTP for ; Wed, 18 May 2005 14:20:22 +0200 Message-ID: <20050518142022.vz8lavfu74oo4sk8@netchild.homeip.net> X-Priority: 3 (Normal) Date: Wed, 18 May 2005 14:20:22 +0200 From: Alexander Leidinger To: mohan chandra References: <20050518073122.21373.qmail@web8505.mail.in.yahoo.com> In-Reply-To: <20050518073122.21373.qmail@web8505.mail.in.yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-15; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: 7bit User-Agent: Internet Messaging Program (IMP) H3 (4.0.3) / FreeBSD-4.11 X-ID: ZwxL7iZpgebTtB8-JLR-IKFd44odF3VqXDvjyzHNunIcUNayvrNorp@t-dialin.net X-TOI-MSGID: 3dc3d735-e780-469b-8a46-d2adc93ca56f X-Mailman-Approved-At: Wed, 18 May 2005 13:18:06 +0000 cc: freebsd-security@freebsd.org Subject: Re: HOW TO Enable IPSec for FreeBSD.......??? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 May 2005 12:20:35 -0000 mohan chandra wrote: > But still ipsec support is not there. If ipsec exists > the file ipsec.conf should be there under " /etc " > folder,but it is not there.. You have to create this file with appropriate content yourself. See the various HOWTOs (e.g. in our handbook). BTW.: Please don't top-post and please cut down what you're quoting to a sane amount. Bye, Alexander. -- http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137 'Just because you can explain it doesn't mean it's not still a miracle.' (Small Gods) From owner-freebsd-security@FreeBSD.ORG Wed May 18 08:06:05 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7514616A4CE for ; Wed, 18 May 2005 08:06:05 +0000 (GMT) Received: from mailout01.sul.t-online.com (mailout01.sul.t-online.com [194.25.134.80]) by mx1.FreeBSD.org (Postfix) with ESMTP id A09C243D64 for ; Wed, 18 May 2005 08:06:04 +0000 (GMT) (envelope-from netchild@FreeBSD.org) Received: from fwd18.aul.t-online.de by mailout01.sul.t-online.com with smtp id 1DYJZ5-00035s-02; Wed, 18 May 2005 10:06:03 +0200 Received: from Andro-Beta.Leidinger.net (rXRB3iZ6ge+vMjmt3LR8nysPVCEjLsLklknaVIcJn8557YiRGEvPc5@[217.229.212.213]) by fwd18.sul.t-online.de with esmtp id 1DYJYr-13FXWa0; Wed, 18 May 2005 10:05:49 +0200 Received: from localhost (localhost [127.0.0.1])j4I85mCi035765; Wed, 18 May 2005 10:05:48 +0200 (CEST) (envelope-from netchild@FreeBSD.org) Received: from 141.113.101.32 ([141.113.101.32]) by netchild.homeip.net (Horde MIME library) with HTTP for ; Wed, 18 May 2005 10:05:48 +0200 Message-ID: <20050518100548.h8r4qc59c08swoog@netchild.homeip.net> X-Priority: 3 (Normal) Date: Wed, 18 May 2005 10:05:48 +0200 From: Alexander Leidinger To: Max Okumoto References: <200505121545.j4CFjENu078768@repoman.freebsd.org> <20050512180743.6z1h22fldwksgw4w@netchild.homeip.net> <42897003.2090005@ucsd.edu> <20050517144446.gibxprydoosokw0k@netchild.homeip.net> <428A23A2.5080108@ucsd.edu> In-Reply-To: <428A23A2.5080108@ucsd.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-15; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: 7bit User-Agent: Internet Messaging Program (IMP) H3 (4.0.3) / FreeBSD-4.11 X-ID: rXRB3iZ6ge+vMjmt3LR8nysPVCEjLsLklknaVIcJn8557YiRGEvPc5@t-dialin.net X-TOI-MSGID: 380ae779-b8b6-4d97-883c-24551f9debf4 X-Mailman-Approved-At: Wed, 18 May 2005 13:18:50 +0000 cc: freebsd-security@FreeBSD.org Subject: Re: cvs commit: src/usr.bin/make job.c X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 May 2005 08:06:05 -0000 Max Okumoto wrote: [CC changed to freebsd-security instead of the cvs list] We're talking about replacing the home-grown mkfifo() funktion in make (a modified copy of mkstemp()) with mkdtemp() and creating the fifo in this new directory. Max worries about a possible race with this new approach. > Its not a race between two nice programs :-) The function mkdtmp() > creates a uniq directory, but make would then need to create a fifo > in it. (This is two steps, and thus can allow a race) > > Assume badmake has same uid, so it can create a file in the uniq > directory. (Of course this means that the bad guy already has > your account.) > Normal pattern: > --------------------- > make0: uses mkdtmp() to create dir /tmp/4321 > make0: tries to create fifo /tmp/4321 > make1: uses mkdtmp() to create dir /tmp/4321 but fails > make1: mkdtmp() next tries to create /tmp/4322 successs > make1: tries to create fifo /tmp/4322 > > > Sort of DOS: > --------------------- > make: uses mkdtmp() to create /tmp/1234/ > > badmake: watches for creation of /tmp/1234/ and > creates /tmp/1234/fifo. > > make: tries to create /tmp/1234/fifo fails. Right. But if your account is owned you have to worry about other things than a DOS of make (e.g. your ssh keys or access to your banking account or whatever). And there are more possibilities for a DOS in the case of an owned account (fork-bomb, allocating all memory, generating as much files as possible, ...; some of them can be limited with resource limits, but not all), so hardening make would be a nice goal, but in my opinion not a goal we need to persuade today since it wouldn't buy us much. But feel free to come up with some good arguments which I haven' thought of. Bye, Alexander. -- http://www.Leidinger.net/ Alexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org/ netchild @ FreeBSD.org : PGP ID = 72077137 Great acts are made up of small deeds. -- Lao Tsu From owner-freebsd-security@FreeBSD.ORG Wed May 18 14:15:03 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8D1C916A4CE; Wed, 18 May 2005 14:15:03 +0000 (GMT) Received: from aiolos.otenet.gr (aiolos.otenet.gr [195.170.0.23]) by mx1.FreeBSD.org (Postfix) with ESMTP id 032D943D62; Wed, 18 May 2005 14:15:02 +0000 (GMT) (envelope-from keramida@freebsd.org) Received: from orion.daedalusnetworks.priv (aris.bedc.ondsl.gr [62.103.39.226])j4IEDIDD019356; Wed, 18 May 2005 17:13:18 +0300 Received: from orion.daedalusnetworks.priv (orion [127.0.0.1]) j4IEEu8p040408; Wed, 18 May 2005 17:14:56 +0300 (EEST) (envelope-from keramida@freebsd.org) Received: (from keramida@localhost)j4IEEuHJ040407; Wed, 18 May 2005 17:14:56 +0300 (EEST) (envelope-from keramida@freebsd.org) Date: Wed, 18 May 2005 17:14:56 +0300 From: Giorgos Keramidas To: Max Okumoto , Alexander Leidinger Message-ID: <20050518141456.GB40240@orion.daedalusnetworks.priv> References: <200505121545.j4CFjENu078768@repoman.freebsd.org> <20050512180743.6z1h22fldwksgw4w@netchild.homeip.net> <42897003.2090005@ucsd.edu> <20050517144446.gibxprydoosokw0k@netchild.homeip.net> <428A23A2.5080108@ucsd.edu> <20050518100548.h8r4qc59c08swoog@netchild.homeip.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Mailman-Approved-At: Thu, 19 May 2005 12:33:30 +0000 cc: freebsd-security@freebsd.org Subject: Re: cvs commit: src/usr.bin/make job.c X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 May 2005 14:15:03 -0000 On 2005-05-18 01:41, Max Okumoto wrote: > Your idea of using mkdtemp() can be fixed by putting a loop > around the code. Each time around the loop would be expensive > but we wouldn't be doing that to often anyway. > > loop: > mkdtemp(template) > mkfifo(tempalte + "/fifo") > if error remove temp directory, restore template and loop. > > Or better yet, if someone could create an equiv function in libc > so I don't have to maintain it in make(1) :-) Do any other > programs need the ability to make a temp fifo? > > Personally, I don't think it is a risk, but I wanted other > peoples opinions, before I tried to fix a non-issue. :-) Does this really need to be of the form DIR/fifo ? I haven't looked at the code that uses the fifo at all, so I risk being extremely out of topic here, but why wouldn't a temporary fifo created with a name obtained from mkstemp() work too? A directory won't be needed if the fifo name is created by mkstemp() and then passed directly to mkfifo(2). Then there is still a (small?) possibility for a race, but a subsequent invocation of mkstemp() is almost guaranteed to work, unless mkstemp() is severely broken. From owner-freebsd-security@FreeBSD.ORG Wed May 18 14:44:38 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C933216A4CE; Wed, 18 May 2005 14:44:38 +0000 (GMT) Received: from mailout08.sul.t-online.com (mailout08.sul.t-online.com [194.25.134.20]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1287543D9D; Wed, 18 May 2005 14:44:38 +0000 (GMT) (envelope-from netchild@FreeBSD.org) Received: from fwd22.aul.t-online.de by mailout08.sul.t-online.com with smtp id 1DYPmk-0006Ii-00; Wed, 18 May 2005 16:44:34 +0200 Received: from Andro-Beta.Leidinger.net (TE1wyMZLQeh4si9QH5rwIksq2fA3tnIV9UVD5KXwlep8zck4GR916x@[217.229.212.213]) by fwd22.sul.t-online.de with esmtp id 1DYPmb-0k2Jeq0; Wed, 18 May 2005 16:44:25 +0200 Received: from localhost (localhost [127.0.0.1])j4IEiOUt093198; Wed, 18 May 2005 16:44:24 +0200 (CEST) (envelope-from netchild@FreeBSD.org) Received: from 141.113.101.32 ([141.113.101.32]) by netchild.homeip.net (Horde MIME library) with HTTP for ; Wed, 18 May 2005 16:44:24 +0200 Message-ID: <20050518164424.ea9t6jeups0ksckk@netchild.homeip.net> X-Priority: 3 (Normal) Date: Wed, 18 May 2005 16:44:24 +0200 From: Alexander Leidinger To: Giorgos Keramidas References: <200505121545.j4CFjENu078768@repoman.freebsd.org> <20050512180743.6z1h22fldwksgw4w@netchild.homeip.net> <42897003.2090005@ucsd.edu> <20050517144446.gibxprydoosokw0k@netchild.homeip.net> <428A23A2.5080108@ucsd.edu> <20050518100548.h8r4qc59c08swoog@netchild.homeip.net> <20050518141456.GB40240@orion.daedalusnetworks.priv> In-Reply-To: <20050518141456.GB40240@orion.daedalusnetworks.priv> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-15; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: 7bit User-Agent: Internet Messaging Program (IMP) H3 (4.0.3) / FreeBSD-4.11 X-ID: TE1wyMZLQeh4si9QH5rwIksq2fA3tnIV9UVD5KXwlep8zck4GR916x@t-dialin.net X-TOI-MSGID: fdb27d4e-99c0-4ae1-b27b-b64aaba7ca91 X-Mailman-Approved-At: Thu, 19 May 2005 12:33:30 +0000 cc: freebsd-security@freebsd.org cc: Max Okumoto Subject: Re: cvs commit: src/usr.bin/make job.c X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 May 2005 14:44:38 -0000 Giorgos Keramidas wrote: > Does this really need to be of the form DIR/fifo ? No. > I haven't looked at the code that uses the fifo at all, so I risk being > extremely out of topic here, but why wouldn't a temporary fifo created > with a name obtained from mkstemp() work too? mkstemp() creates a file. > A directory won't be needed if the fifo name is created by mkstemp() and > then passed directly to mkfifo(2). He wants to get rid of the tmpname() warning at link time, so he decided to copy mkstemp() and modified the copy to create a fifo. I asked why he doesn't use mkdtemp() so nobody has to care about synchronizing the code of mkstemp() and his copy. > Then there is still a (small?) possibility for a race, but a subsequent > invocation of mkstemp() is almost guaranteed to work, unless mkstemp() > is severely broken. We don't talk about this kind of a race. We're talking about a malicious programm hijacking the make-fifo. I don't think this is an issue, since the malicious program has to be run with the same UID, and the you need to worry about more important things than a DOS of make. And since a lot of people download tarballs and run make without looking into the makefiles for malicious content, such a simple DOS isn't worth a bikesheed (at least IMHO). Max already told me he will run the creation of the fifo in a loop. So if the mkfifo() call fails because it already exists, he removes this fifo since he hasn't created it. To be on the safe side I suggest to also print a warning... and maybe to exit because this isn't supposed to happen. I think this should cover our ass good enough. Bye, Alexander. -- http://www.Leidinger.net/ Alexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org/ netchild @ FreeBSD.org : PGP ID = 72077137 If I have to lay an egg for my country, I'll do it. -- Bob Hope From owner-freebsd-security@FreeBSD.ORG Wed May 18 15:41:16 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 016D316A4CE; Wed, 18 May 2005 15:41:16 +0000 (GMT) Received: from postal.sdsc.edu (postal.sdsc.edu [132.249.20.114]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5EB3B43D75; Wed, 18 May 2005 15:41:15 +0000 (GMT) (envelope-from okumoto@ucsd.edu) Received: from multivac.sdsc.edu (IDENT:eK5vQeZ5LcE+F8Etiw2/Agxi5RliIm7d@multivac.sdsc.edu [132.249.20.57]) j4IFfEP27680; Wed, 18 May 2005 08:41:14 -0700 (PDT) Received: (from okumoto@localhost)j4IFfEgZ003295; Wed, 18 May 2005 08:41:14 -0700 (PDT) X-Authentication-Warning: multivac.sdsc.edu: okumoto set sender to okumoto@ucsd.edu using -f To: Giorgos Keramidas References: <200505121545.j4CFjENu078768@repoman.freebsd.org> <20050512180743.6z1h22fldwksgw4w@netchild.homeip.net> <42897003.2090005@ucsd.edu> <20050517144446.gibxprydoosokw0k@netchild.homeip.net> <428A23A2.5080108@ucsd.edu> <20050518100548.h8r4qc59c08swoog@netchild.homeip.net> <20050518141456.GB40240@orion.daedalusnetworks.priv> From: Max Okumoto Date: Wed, 18 May 2005 08:41:14 -0700 In-Reply-To: <20050518141456.GB40240@orion.daedalusnetworks.priv> (Giorgos Keramidas's message of "Wed, 18 May 2005 17:14:56 +0300") Message-ID: User-Agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/21.2 (usg-unix-v) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailman-Approved-At: Thu, 19 May 2005 12:33:30 +0000 cc: freebsd-security@freebsd.org cc: Alexander Leidinger Subject: Re: cvs commit: src/usr.bin/make job.c X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 May 2005 15:41:16 -0000 Giorgos Keramidas writes: > On 2005-05-18 01:41, Max Okumoto wrote: >> Your idea of using mkdtemp() can be fixed by putting a loop >> around the code. Each time around the loop would be expensive >> but we wouldn't be doing that to often anyway. >> >> loop: >> mkdtemp(template) >> mkfifo(tempalte + "/fifo") >> if error remove temp directory, restore template and loop. >> >> Or better yet, if someone could create an equiv function in libc >> so I don't have to maintain it in make(1) :-) Do any other >> programs need the ability to make a temp fifo? >> >> Personally, I don't think it is a risk, but I wanted other >> peoples opinions, before I tried to fix a non-issue. :-) > > Does this really need to be of the form DIR/fifo ? > > I haven't looked at the code that uses the fifo at all, so I risk being > extremely out of topic here, but why wouldn't a temporary fifo created > with a name obtained from mkstemp() work too? I think you mean mktemp(), since mkstemp() actucally creates a file and returns a file descriptor. The reason that I rewrote the code to obtain a fifo file was that the libc generates a warnning message when you link with mktemp(). warning: mktemp() possibly used unsafely; consider using mkstemp() As part of the refactoring of the make(1) that I am doing, I am correcting all the warnings. The original code that phk committed generated this messages and had the race condition. The current code which is derived from mkstemp(), got rid of the error message and the race condition. But has the disadvantage that the code is pretty much a duplicate of the original libc code, sitting in /src/usr.bin/make/job.c:mkfifotemp() which is 80 lines. Alexander suggested that I replace that code with mkdtemp(template) mkfifo(tempalte + "/fifo") Which removed alot of the code duplication, but added the race back in. So my question is it this race something that I should worry about? IMHO removing the warning message was important, but the race isn't much of a problem, but would like some input on it. Thanks Max > > A directory won't be needed if the fifo name is created by mkstemp() and > then passed directly to mkfifo(2). > > Then there is still a (small?) possibility for a race, but a subsequent > invocation of mkstemp() is almost guaranteed to work, unless mkstemp() > is severely broken. From owner-freebsd-security@FreeBSD.ORG Thu May 19 12:43:55 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 27BC716A4CF; Thu, 19 May 2005 12:43:55 +0000 (GMT) Received: from eddie.nitro.dk (port324.ds1-khk.adsl.cybercity.dk [212.242.113.79]) by mx1.FreeBSD.org (Postfix) with ESMTP id 39C9B43DB9; Thu, 19 May 2005 12:43:54 +0000 (GMT) (envelope-from simon@eddie.nitro.dk) Received: by eddie.nitro.dk (Postfix, from userid 1000) id A002E119C4C; Thu, 19 May 2005 14:43:52 +0200 (CEST) Date: Thu, 19 May 2005 14:43:52 +0200 From: "Simon L. Nielsen" To: Max Okumoto Message-ID: <20050519124351.GA24413@eddie.nitro.dk> References: <200505121545.j4CFjENu078768@repoman.freebsd.org> <20050512180743.6z1h22fldwksgw4w@netchild.homeip.net> <42897003.2090005@ucsd.edu> <20050517144446.gibxprydoosokw0k@netchild.homeip.net> <428A23A2.5080108@ucsd.edu> <20050518100548.h8r4qc59c08swoog@netchild.homeip.net> <20050518141456.GB40240@orion.daedalusnetworks.priv> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="VbJkn9YxBvnuCH5J" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.9i cc: freebsd-security@freebsd.org cc: Alexander Leidinger cc: Giorgos Keramidas Subject: Re: cvs commit: src/usr.bin/make job.c X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 May 2005 12:43:55 -0000 --VbJkn9YxBvnuCH5J Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2005.05.18 08:41:14 -0700, Max Okumoto wrote: > Alexander suggested that I replace that code with > mkdtemp(template) > mkfifo(tempalte + "/fifo") >=20 > Which removed alot of the code duplication, but added the race > back in. [...] Ehh, where is the race? mkdtemp creates a unique directory with permissions 0700 so nobody else can race make(1) to the fifo in the temporary... or am I missing something? --=20 Simon L. Nielsen --VbJkn9YxBvnuCH5J Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) iD8DBQFCjIoHh9pcDSc1mlERAka1AJ0RQkmhA/tH0QFM4kSyuw80H4cdpQCgtV7f idxRSQv7KRdi9RTmXJPUym8= =PY9+ -----END PGP SIGNATURE----- --VbJkn9YxBvnuCH5J-- From owner-freebsd-security@FreeBSD.ORG Thu May 19 19:38:36 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F29A916A4CE for ; Thu, 19 May 2005 19:38:35 +0000 (GMT) Received: from msg-mx3.usc.edu (msg-mx3.usc.edu [128.125.137.8]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3A8F643DA6 for ; Thu, 19 May 2005 19:38:35 +0000 (GMT) (envelope-from galiotos@usc.edu) Received: from usc.edu ([128.125.137.12]) by msg-mx3.usc.edu (Sun Java System Messaging Server 6.2-2.02 (built Mar 22 2005)) with ESMTP id <0IGR007DK588L180@msg-mx3.usc.edu> for freebsd-security@freebsd.org; Thu, 19 May 2005 12:38:32 -0700 (PDT) Received: from [128.125.137.2] (Forwarded-For: [128.9.168.63]) by msg-store1.usc.edu (mshttpd); Thu, 19 May 2005 12:38:32 -0700 Date: Thu, 19 May 2005 12:38:32 -0700 From: panagiotis galiotos To: freebsd-security@freebsd.org Message-id: MIME-version: 1.0 X-Mailer: Sun Java(tm) System Messenger Express 6.1 HotFix 0.08 (built Dec 8 2004) Content-type: text/plain; charset=us-ascii Content-language: en Content-transfer-encoding: 7BIT Content-disposition: inline X-Accept-Language: en Priority: normal Subject: Versions issues X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 May 2005 19:38:36 -0000 Hello all, I'm trying to figure out which version I'm currently using. The sysctl return the following values: kern.osreldate: 502101 kern.osrelease: 5.2 - CURRENT Which version is that ? Is it plain 5.2 current or 5.2.1 ? Also very important, where can I download it from ? Any help will be appreciated! Thanks, pgal From owner-freebsd-security@FreeBSD.ORG Thu May 19 19:46:46 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7352016A4CE for ; Thu, 19 May 2005 19:46:46 +0000 (GMT) Received: from zaphod.nitro.dk (port324.ds1-khk.adsl.cybercity.dk [212.242.113.79]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3D27243D90 for ; Thu, 19 May 2005 19:46:45 +0000 (GMT) (envelope-from simon@zaphod.nitro.dk) Received: by zaphod.nitro.dk (Postfix, from userid 3000) id 5A837119E6; Thu, 19 May 2005 15:46:43 +0200 (CEST) Date: Thu, 19 May 2005 15:46:43 +0200 From: "Simon L. Nielsen" To: panagiotis galiotos Message-ID: <20050519134642.GA789@zaphod.nitro.dk> References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="qDbXVdCdHGoSgWSk" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.9i cc: freebsd-security@freebsd.org Subject: Re: Versions issues X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 May 2005 19:46:46 -0000 --qDbXVdCdHGoSgWSk Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2005.05.19 12:38:32 -0700, panagiotis galiotos wrote: Hello, > I'm trying to figure out which version I'm currently using. The > sysctl return the following values: > > kern.osreldate: 502101 > kern.osrelease: 5.2 - CURRENT > > Which version is that ? Is it plain 5.2 current or 5.2.1 ? > Also very important, where can I download it from ? That would be 5.2-CURRENT (as it says) which is somewhere after 5.2 was branched but before 5.3. In short, you should upgrade to a release supported for security fixes (see http://www.freebsd.org/security/ ), ie. 5.3 or newer. --=20 Simon L. Nielsen --qDbXVdCdHGoSgWSk Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (FreeBSD) iD8DBQFCjJjCh9pcDSc1mlERAl53AKC7swTvtb3dcc9xU6ZHLNP7Rt6MuQCeM4Zo U+cPuwFfpOdlVY989u2fEUA= =/Bin -----END PGP SIGNATURE----- --qDbXVdCdHGoSgWSk-- From owner-freebsd-security@FreeBSD.ORG Fri May 20 06:46:54 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1A7D416A4CE for ; Fri, 20 May 2005 06:46:54 +0000 (GMT) Received: from conversation.bsdunix.ch (clintwood.ch [82.220.17.18]) by mx1.FreeBSD.org (Postfix) with ESMTP id A1A0643D9D for ; Fri, 20 May 2005 06:46:52 +0000 (GMT) (envelope-from freebsdlists@bsdunix.ch) Received: from bert.mlan.solnet.ch (bert.mlan.solnet.ch [212.101.1.83]) (authenticated bits=0)j4K6kl4V042576 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO) for ; Fri, 20 May 2005 08:46:47 +0200 (CEST) (envelope-from freebsdlists@bsdunix.ch) From: Thomas Vogt To: freebsd-security@freebsd.org Content-Type: text/plain Date: Fri, 20 May 2005 08:46:50 +0200 Message-Id: <1116571610.54493.41.camel@bert.mlan.solnet.ch> Mime-Version: 1.0 X-Mailer: Evolution 2.2.2 FreeBSD GNOME Team Port Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-1.7 required=5.0 tests=AWL,BAYES_00, SARE_FROM_SPAM_WORD3 autolearn=no version=3.0.2 X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on conversation.bsdunix.ch Subject: Is the "tcp time stamp validation issue" fixed in 5.4? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 May 2005 06:46:54 -0000 Hello I'm a bit confused about the "tcp time stamp validation bug" mentioned in the http://www.kb.cert.org/vuls/id/637934 advisory. FreeBSD has fixed this issue in -current (2005-04-10) and in RELENG_5 (2005-04-19). Is this also already fixed in 5.4? The CVS ID for tcp_input.c does not look like this. But I'm not sure. Regards, Thomas From owner-freebsd-security@FreeBSD.ORG Fri May 20 12:22:15 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C0D4D16A4CE for ; Fri, 20 May 2005 12:22:15 +0000 (GMT) Received: from ms-dienst.rz.rwth-aachen.de (ms-2.rz.RWTH-Aachen.DE [134.130.3.131]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2183643DA0 for ; Fri, 20 May 2005 12:22:15 +0000 (GMT) (envelope-from chris@haakonia.hitnet.rwth-aachen.de) Received: from r220-1 (r220-1.rz.RWTH-Aachen.DE [134.130.3.31]) by ms-dienst.rz.rwth-aachen.de (iPlanet Messaging Server 5.2 Patch 2 (built Jul 14 2004)) with ESMTP id <0IGS00DUAFN3FS@ms-dienst.rz.rwth-aachen.de> for freebsd-security@freebsd.org; Fri, 20 May 2005 14:21:04 +0200 (MEST) Received: from relay.rwth-aachen.de ([134.130.3.1]) by r220-1 (MailMonitor for SMTP v1.2.2 ) ; Fri, 20 May 2005 14:21:03 +0200 (MEST) Received: from haakonia.hitnet.rwth-aachen.de (mulzirak.hitnet.RWTH-Aachen.DE [137.226.181.149]) j4KCL2kb009788; Fri, 20 May 2005 14:21:02 +0200 (MEST) Received: by haakonia.hitnet.rwth-aachen.de (Postfix, from userid 1001) id 898C828439; Fri, 20 May 2005 14:21:02 +0200 (CEST) Date: Fri, 20 May 2005 14:21:02 +0200 From: Christian Brueffer In-reply-to: <1116571610.54493.41.camel@bert.mlan.solnet.ch> To: Thomas Vogt Message-id: <20050520122102.GA1065@unixpages.org> MIME-version: 1.0 Content-type: multipart/signed; boundary=45Z9DzgjV8m4Oswq; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-disposition: inline User-Agent: Mutt/1.5.6i X-Operating-System: FreeBSD 5.4-STABLE X-PGP-Key: http://people.FreeBSD.org/~brueffer/brueffer.key.asc X-PGP-Fingerprint: A5C8 2099 19FF AACA F41B B29B 6C76 178C A0ED 982D References: <1116571610.54493.41.camel@bert.mlan.solnet.ch> cc: freebsd-security@freebsd.org Subject: Re: Is the "tcp time stamp validation issue" fixed in 5.4? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 May 2005 12:22:15 -0000 --45Z9DzgjV8m4Oswq Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, May 20, 2005 at 08:46:50AM +0200, Thomas Vogt wrote: > Hello >=20 > I'm a bit confused about the "tcp time stamp validation bug" mentioned > in the http://www.kb.cert.org/vuls/id/637934 advisory. FreeBSD has fixed > this issue in -current (2005-04-10) and in RELENG_5 (2005-04-19).=20 >=20 > Is this also already fixed in 5.4? The CVS ID for tcp_input.c does not > look like this. But I'm not sure. >=20 Unfortunately the fix wasn't merged back to RELENG_5_4 during the release process. I have written a mail to the security team (see thread on net@), hopefully they will merge this back soon. - Christian --=20 Christian Brueffer chris@unixpages.org brueffer@FreeBSD.org GPG Key: http://people.freebsd.org/~brueffer/brueffer.key.asc GPG Fingerprint: A5C8 2099 19FF AACA F41B B29B 6C76 178C A0ED 982D --45Z9DzgjV8m4Oswq Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD) iD8DBQFCjdYubHYXjKDtmC0RAhlMAKDGYOiyHB8FtYdeewFLesBCIJenVQCg/BME HR12SDvBnJZfh8ntF3jFpJI= =2ezG -----END PGP SIGNATURE----- --45Z9DzgjV8m4Oswq-- From owner-freebsd-security@FreeBSD.ORG Fri May 20 15:41:24 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4723E16A4CE for ; Fri, 20 May 2005 15:41:24 +0000 (GMT) Received: from web32712.mail.mud.yahoo.com (web32712.mail.mud.yahoo.com [68.142.206.25]) by mx1.FreeBSD.org (Postfix) with SMTP id C7A6243D7C for ; Fri, 20 May 2005 15:41:23 +0000 (GMT) (envelope-from stheg_olloydson@yahoo.com) Received: (qmail 15173 invoked by uid 60001); 20 May 2005 15:41:20 -0000 Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; b=lK0Atk1RlSM4LthSbfc9z85BStKZC/Uoa+oPlEiFqpe8CbOGjs5LJGT8ZydHf6J3CoH3TTni3uYdZVkeP3CFcFZef8lsJ/yUZpqI9YD9wtzcZwjrA6rhRqIM2dARsMlqXOGC/RdH4u5QZEh3MQKiZtpBi2+JR5VbDy8JbU5jwOo= ; Message-ID: <20050520154120.15171.qmail@web32712.mail.mud.yahoo.com> Received: from [68.157.29.120] by web32712.mail.mud.yahoo.com via HTTP; Fri, 20 May 2005 08:41:19 PDT Date: Fri, 20 May 2005 08:41:19 -0700 (PDT) From: stheg olloydson To: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: patch schedule for TCP timestamp issue X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 May 2005 15:41:24 -0000 Hello, I see by the commit logs that the so-called PAWS vulnerability was fixed in -current on April 10. Could you, please, say when a patch will be released? Given the hole's low threat-level, this is not a pressing matter; so if the plan is to wait until the possible tcpdump and gzip issues are investigated and fixed (if necessary) so that a "3 for the price of 1" patch-set is released, that would be reasonable. Thanks, stheg Discover Yahoo! Stay in touch with email, IM, photo sharing and more. Check it out! http://discover.yahoo.com/stayintouch.html From owner-freebsd-security@FreeBSD.ORG Fri May 20 16:26:57 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 19DF316A4CF for ; Fri, 20 May 2005 16:26:57 +0000 (GMT) Received: from mail1.simplenet.com (mailer.simplenet.com [209.132.1.31]) by mx1.FreeBSD.org (Postfix) with ESMTP id E15A343D60 for ; Fri, 20 May 2005 16:26:56 +0000 (GMT) (envelope-from tt-list@simplenet.com) Received: from [192.168.1.106] (24.25.210.244) by mail1.simplenet.com (7.0.016) (authenticated as tt@simplenet.com) id 428DA76C00000743 for freebsd-security@freebsd.org; Fri, 20 May 2005 09:26:57 -0700 Message-ID: <428E0FD2.3070200@simplenet.com> Date: Fri, 20 May 2005 09:26:58 -0700 From: Tim Traver User-Agent: Mozilla Thunderbird 1.0 - [MOOX M3] (Windows/20041208) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-security@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Possible PAWS security vulnerability X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 May 2005 16:26:57 -0000 Hello security gurus, yesterday, I mistakenly posted a question on the questions list about this article : http://www.securityfocus.com/bid/13676/info/ which talks about a form of DOS vulnerability. I was curious as to the possibility of FreeBSD 5.x being affected, and if anyone was working on this or not. Ted Mittelstaedt posted this possible patch based upon the OpenBSD patch : in /usr/src/sys/netinet *** tcp_input.c.original Thu May 19 11:52:30 2005 --- tcp_input.c Thu May 19 12:00:14 2005 *************** *** 976,984 **** --- 976,992 ---- * record the timestamp. * NOTE that the test is modified according to the latest * proposal of the tcplw@cray.com list (Braden 1993/04/26). + * NOTE2 additional check added as a result of PAWS vulnerability + * documented in Cisco security notice cisco-sn-20050518-tcpts + * from OpenBSD patch for OpenBSD 3.6 015_tcp.patch */ if ((to.to_flags & TOF_TS) != 0 && SEQ_LEQ(th->th_seq, tp->last_ack_sent)) { + if (SEQ_LEQ(tp->last_ack_sent, th->th_seq + tlen + + ((thflags & (TH_SYN|TH_FIN)) != 0))) + tp->ts_recent = to.to_tsval; + else + tp->ts_recent = 0; tp->ts_recent_age = ticks; tp->ts_recent = to.to_tsval; } After I basically let Ted know that I wouldn't know how to test the patch, because I don't even know how to break it in the first place, he went on a tirade calling me a troll, and all sorts of nasty accusations and general belittlement. I hope that you don't have to work with him on a regular basis, because he appears to be the definition of the word "dickhead." Tim. From owner-freebsd-security@FreeBSD.ORG Fri May 20 17:17:18 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1497A16A4CE for ; Fri, 20 May 2005 17:17:18 +0000 (GMT) Received: from gen129.n001.c02.escapebox.net (gen129.n001.c02.escapebox.net [213.73.91.129]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1440343D70 for ; Fri, 20 May 2005 17:17:15 +0000 (GMT) (envelope-from gemini@geminix.org) Message-ID: <428E1B96.3020306@geminix.org> Date: Fri, 20 May 2005 19:17:10 +0200 From: Uwe Doering Organization: Private UNIX Site User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.8) Gecko/20050519 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Tim Traver References: <428E0FD2.3070200@simplenet.com> In-Reply-To: <428E0FD2.3070200@simplenet.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Received: from gemini by geminix.org with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.50 (FreeBSD)) id 1DZB7Y-00041J-4I; Fri, 20 May 2005 19:17:12 +0200 cc: freebsd-security@freebsd.org Subject: Re: Possible PAWS security vulnerability X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 May 2005 17:17:18 -0000 Tim Traver wrote: > Hello security gurus, > > yesterday, I mistakenly posted a question on the questions list about > this article : > > http://www.securityfocus.com/bid/13676/info/ > > which talks about a form of DOS vulnerability. > > I was curious as to the possibility of FreeBSD 5.x being affected, and > if anyone was working on this or not. > > Ted Mittelstaedt posted this possible patch based upon the OpenBSD patch : > > in /usr/src/sys/netinet > > *** tcp_input.c.original Thu May 19 11:52:30 2005 > --- tcp_input.c Thu May 19 12:00:14 2005 > *************** > *** 976,984 **** > --- 976,992 ---- > * record the timestamp. > * NOTE that the test is modified according to the latest > * proposal of the tcplw@cray.com list (Braden 1993/04/26). > + * NOTE2 additional check added as a result of PAWS > vulnerability > + * documented in Cisco security notice > cisco-sn-20050518-tcpts > + * from OpenBSD patch for OpenBSD 3.6 015_tcp.patch > */ > if ((to.to_flags & TOF_TS) != 0 && > SEQ_LEQ(th->th_seq, tp->last_ack_sent)) { > + if (SEQ_LEQ(tp->last_ack_sent, th->th_seq + tlen > + > + ((thflags & (TH_SYN|TH_FIN)) != 0))) > + tp->ts_recent = to.to_tsval; > + else > + tp->ts_recent = 0; > tp->ts_recent_age = ticks; > tp->ts_recent = to.to_tsval; > } I wonder, what good does it do to set 'tp->ts_recent' conditionally if you overwrite it with 'to.to_tsval' two lines later in any case. So far, I'd say this patch looks faulty. Apart from that, why develop your own patch when there is one already in CVS: http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/tcp_input.c.diff?r1=1.252.2.15&r2=1.252.2.16&f=h As far as I can tell there are good chances that it even applies flawlessly to RELENG_4. Uwe -- Uwe Doering | EscapeBox - Managed On-Demand UNIX Servers gemini@geminix.org | http://www.escapebox.net From owner-freebsd-security@FreeBSD.ORG Fri May 20 17:28:28 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EC4A516A4CE for ; Fri, 20 May 2005 17:28:28 +0000 (GMT) Received: from mail1.simplenet.com (mailer.simplenet.com [209.132.1.31]) by mx1.FreeBSD.org (Postfix) with ESMTP id 79DFC43D6D for ; Fri, 20 May 2005 17:28:28 +0000 (GMT) (envelope-from tt-list@simplenet.com) Received: from [209.132.9.116] (209.132.9.116) by mail1.simplenet.com (7.0.016) (authenticated as tt-list@simplenet.com) id 428D995700002B1C; Fri, 20 May 2005 10:28:02 -0700 Message-ID: <428E1D51.8060105@simplenet.com> Date: Fri, 20 May 2005 10:24:33 -0700 From: Tim Traver User-Agent: Mozilla Thunderbird 1.0 - [MOOX M2] (Windows/20041208) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Uwe Doering References: <428E0FD2.3070200@simplenet.com> <428E1B96.3020306@geminix.org> In-Reply-To: <428E1B96.3020306@geminix.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-security@freebsd.org Subject: Re: Possible PAWS security vulnerability X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 May 2005 17:28:29 -0000 Uwe, Thank you. That really answers my original question. As I said, this was not my patch, and I didn't really even ask for one, but Ted created it, and then acted like a jerk to get me to post it to you guys. Sorry to have taken your time. Tim. Uwe Doering wrote: > Tim Traver wrote: > >> Hello security gurus, >> >> yesterday, I mistakenly posted a question on the questions list about >> this article : >> >> http://www.securityfocus.com/bid/13676/info/ >> >> which talks about a form of DOS vulnerability. >> >> I was curious as to the possibility of FreeBSD 5.x being affected, >> and if anyone was working on this or not. >> >> Ted Mittelstaedt posted this possible patch based upon the OpenBSD >> patch : >> >> in /usr/src/sys/netinet >> >> *** tcp_input.c.original Thu May 19 11:52:30 2005 >> --- tcp_input.c Thu May 19 12:00:14 2005 >> *************** >> *** 976,984 **** >> --- 976,992 ---- >> * record the timestamp. >> * NOTE that the test is modified according to the latest >> * proposal of the tcplw@cray.com list (Braden >> 1993/04/26). >> + * NOTE2 additional check added as a result of PAWS >> vulnerability >> + * documented in Cisco security notice >> cisco-sn-20050518-tcpts >> + * from OpenBSD patch for OpenBSD 3.6 015_tcp.patch >> */ >> if ((to.to_flags & TOF_TS) != 0 && >> SEQ_LEQ(th->th_seq, tp->last_ack_sent)) { >> + if (SEQ_LEQ(tp->last_ack_sent, th->th_seq + tlen >> + >> + ((thflags & (TH_SYN|TH_FIN)) != 0))) >> + tp->ts_recent = to.to_tsval; >> + else >> + tp->ts_recent = 0; >> tp->ts_recent_age = ticks; >> tp->ts_recent = to.to_tsval; >> } > > > I wonder, what good does it do to set 'tp->ts_recent' conditionally if > you overwrite it with 'to.to_tsval' two lines later in any case. So > far, I'd say this patch looks faulty. > > Apart from that, why develop your own patch when there is one already > in CVS: > > > http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/tcp_input.c.diff?r1=1.252.2.15&r2=1.252.2.16&f=h > > > As far as I can tell there are good chances that it even applies > flawlessly to RELENG_4. > > Uwe