From owner-freebsd-security@FreeBSD.ORG Mon Dec 10 11:22:46 2007 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1064C16A46C for ; Mon, 10 Dec 2007 11:22:46 +0000 (UTC) (envelope-from raffaele.delorenzo@libero.it) Received: from grupposervizi.it (mail1.tagetik.com [85.18.71.243]) by mx1.freebsd.org (Postfix) with SMTP id 5B46A13C461 for ; Mon, 10 Dec 2007 11:22:44 +0000 (UTC) (envelope-from raffaele.delorenzo@libero.it) Received: (qmail 25906 invoked by uid 453); 10 Dec 2007 11:22:43 -0000 Received: from [192.9.210.26] (HELO noel.grupposervizi.it) (192.9.210.26) by grupposervizi.it (qpsmtpd/0.31.1) with ESMTP; Mon, 10 Dec 2007 12:22:43 +0100 Message-ID: <475D2185.3090405@libero.it> Date: Mon, 10 Dec 2007 12:22:45 +0100 From: Raffaele De Lorenzo User-Agent: Thunderbird 2.0.0.9 (X11/20071204) MIME-Version: 1.0 To: Julian Elischer References: <4759022A.4020105@libero.it> <47599AE1.6060805@elischer.org> In-Reply-To: <47599AE1.6060805@elischer.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-security@freebsd.org, "raffaele.delorenzo" , FreeBSD Net Subject: Re: Added native socks support to libc in FreeBSD 7 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Dec 2007 11:22:46 -0000 Julian Elischer wrote: > Raffaele De Lorenzo wrote: >> Hi, >> i added a native (client) Socks V4/V5 support inside FreeBSD libc >> library. The work is based of my project (see >> http://csocks.altervista.org) CSOCKS. >> You can get it here: >> >> > > thanks for doing this. now we just need to see if thre is someone who > knows socks who can look at it.. > > The big question is whether it should be in libc or not. Making > everyone who does not use socks pay a cost is a big decision. > > Obviously, for people who use socks, it is good. What is the cost for > others? > > > > > > . > Hi, I understand your doubts... The socks implementation wraps some syscall socket functions like "_connect" and "_bind" trasparently from the applications. When one of these is called, the "socks" check starts: 1) Load rules from /etc/csocks.conf (if exist or there are rules..) 2) Check the rules ("check-rules") with the connection data (the check have a O(1) cost because the rules are stored in a hash-table). If "/etc/csocks.conf" doesn't exist or there are no rules inside it, the entire socks check is skipped and go run native syscall (for example "_connect") . 3) If a rule is matched, then starts the socksified's (connection ) processes, else run the native syscall Now, if the users never will use the socks features (the configuration file is empty), the computation cost is negligible, because the "check-rules" are skipped. If some (or all) users use the socks features, for each syscall wrapped by socks there is a low cost identified by the "check-rule" procedure. I tested this solution in a big network , up to 60 client rules and i didn't see slowdowns for non-socks connections. When a process calls a socks wrapped syscall for the first time (and only the first time!) the entire rules are loaded in memory, and the hash array (empty) too: The hash array empty consumes around 5.6K of memory The single rule consumes 20 Byte of memory User Name and Password consume 2K of memory Raffaele From owner-freebsd-security@FreeBSD.ORG Mon Dec 10 12:49:51 2007 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 90F6916A418 for ; Mon, 10 Dec 2007 12:49:51 +0000 (UTC) (envelope-from des@des.no) Received: from tim.des.no (tim.des.no [194.63.250.121]) by mx1.freebsd.org (Postfix) with ESMTP id 4FAE013C458 for ; Mon, 10 Dec 2007 12:49:51 +0000 (UTC) (envelope-from des@des.no) Received: from tim.des.no (localhost [127.0.0.1]) by spam.des.no (Postfix) with ESMTP id 83BED20AF; Mon, 10 Dec 2007 13:33:51 +0100 (CET) X-Spam-Tests: AWL X-Spam-Learn: disabled X-Spam-Score: -0.1/3.0 X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on tim.des.no Received: from ds4.des.no (des.no [80.203.243.180]) by smtp.des.no (Postfix) with ESMTP id 0CEF02089; Mon, 10 Dec 2007 13:33:51 +0100 (CET) Received: by ds4.des.no (Postfix, from userid 1001) id DAB09844B7; Mon, 10 Dec 2007 13:33:50 +0100 (CET) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: Raffaele De Lorenzo References: <4759022A.4020105@libero.it> <47599AE1.6060805@elischer.org> <475D2185.3090405@libero.it> Date: Mon, 10 Dec 2007 13:33:50 +0100 In-Reply-To: <475D2185.3090405@libero.it> (Raffaele De Lorenzo's message of "Mon\, 10 Dec 2007 12\:22\:45 +0100") Message-ID: <868x4291ap.fsf@ds4.des.no> User-Agent: Gnus/5.110006 (No Gnus v0.6) Emacs/22.1 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-security@freebsd.org, Julian Elischer , FreeBSD Net Subject: Re: Added native socks support to libc in FreeBSD 7 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Dec 2007 12:49:51 -0000 Raffaele De Lorenzo writes: > The socks implementation wraps some syscall socket functions like > "_connect" and "_bind" trasparently from the applications. When one of > these is called, the "socks" check starts: [...] You don't need to put this in libc; you can have wrappers in a separate library which you load with LD_PRELOAD. The strong symbols in the wrapper library will override the weak symbols in libc. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no From owner-freebsd-security@FreeBSD.ORG Mon Dec 10 13:39:12 2007 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3C2CC16A41A for ; Mon, 10 Dec 2007 13:39:12 +0000 (UTC) (envelope-from raffaele.delorenzo@libero.it) Received: from grupposervizi.it (mail1.tagetik.com [85.18.71.243]) by mx1.freebsd.org (Postfix) with SMTP id 4B1EC13C43E for ; Mon, 10 Dec 2007 13:39:10 +0000 (UTC) (envelope-from raffaele.delorenzo@libero.it) Received: (qmail 12501 invoked by uid 453); 10 Dec 2007 13:39:06 -0000 Received: from [192.9.210.26] (HELO noel.grupposervizi.it) (192.9.210.26) by grupposervizi.it (qpsmtpd/0.31.1) with ESMTP; Mon, 10 Dec 2007 14:39:06 +0100 Message-ID: <475D417D.5020303@libero.it> Date: Mon, 10 Dec 2007 14:39:09 +0100 From: Raffaele De Lorenzo User-Agent: Thunderbird 2.0.0.9 (X11/20071204) MIME-Version: 1.0 To: =?UTF-8?B?RGFnLUVybGluZyBTbcO4cmdyYXY=?= References: <4759022A.4020105@libero.it> <47599AE1.6060805@elischer.org> <475D2185.3090405@libero.it> <868x4291ap.fsf@ds4.des.no> In-Reply-To: <868x4291ap.fsf@ds4.des.no> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Cc: freebsd-security@freebsd.org, Julian Elischer , FreeBSD Net Subject: Re: Added native socks support to libc in FreeBSD 7 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Dec 2007 13:39:12 -0000 Dag-Erling Smørgrav wrote: > Raffaele De Lorenzo writes: > >> The socks implementation wraps some syscall socket functions like >> "_connect" and "_bind" trasparently from the applications. When one of >> these is called, the "socks" check starts: [...] >> > > You don't need to put this in libc; you can have wrappers in a separate > library which you load with LD_PRELOAD. The strong symbols in the > wrapper library will override the weak symbols in libc. > > DES > You can see in the port-tree my project "csocks" and http://csocks.altervista.org. Raffaele From owner-freebsd-security@FreeBSD.ORG Thu Dec 13 08:11:55 2007 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E986E16A417 for ; Thu, 13 Dec 2007 08:11:55 +0000 (UTC) (envelope-from WD@US-Webmasters.com) Received: from server1.grabweb.com (split.grabweb.net [67.15.22.16]) by mx1.freebsd.org (Postfix) with ESMTP id ABBC813C4D5 for ; Thu, 13 Dec 2007 08:11:55 +0000 (UTC) (envelope-from WD@US-Webmasters.com) Received: (qmail 21021 invoked from network); 13 Dec 2007 01:45:14 -0600 Received: from batv-01-192.dsl.netins.net (HELO Sabrina.US-Webmasters.com) (207.199.193.192) by uswdns.net with (DHE-RSA-AES256-SHA encrypted) SMTP; 13 Dec 2007 01:45:14 -0600 X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9 Date: Thu, 13 Dec 2007 01:44:46 -0600 To: freebsd-security@freebsd.org From: "W. D." Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Message-Id: <20071213081155.ABBC813C4D5@mx1.freebsd.org> Subject: IPFW compiled in kernel: Where is it reading the config? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Dec 2007 08:11:56 -0000 Hi peeps, After compiling ipfw into the new 6.2 kernel, and typing "ipfw list", all I get is: "65535 deny ip from any to any" =46rom reading the docs, this might indicate that this is the default rule. (I am certainly protected this way--but can't be very productive ;^) ) By the way, when I run "man ipfw" I get nothing. Using this=20 instead: http://www.hmug.org/man/8/ipfw.php How to install=20 the man pages? How do I tell where ipfw is reading its config from? Is there a default config file? The config file locaton that I specify in rc.conf doesn't=20 appear to be being used: firewall_script=3D"/usr/local/etc/ipfw.rules" What is the proper name for the ipfw ruleset file? Some on the Web say that it is "ipfw.rules". Other say it is "rc.firewall" What is the proper location for the ruleset file? I see=20 all of the following: /etc/ipfw.rules /usr/local/etc/ipfw.rules /etc/rc.firewall /usr/local/etc/psa/modules/firewall/rc.firewall Are line numbers required? I see some examples that use line=20 numbers and some do not. Is there a program to easily "syntax check" a config/ruleset=20 file? How do I tell if ipfw is running? "ps aux | grep ipfw" doesn't show anything. I would really appreciate very much some help with this. Many thanks if you can help. Start Here to Find It Fast!=99 ->= http://www.US-Webmasters.com/best-start-page/ $8.77 Domain Names -> http://domains.us-webmasters.com/ From owner-freebsd-security@FreeBSD.ORG Thu Dec 13 11:00:11 2007 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E362316A41A for ; Thu, 13 Dec 2007 11:00:11 +0000 (UTC) (envelope-from gpalmer@freebsd.org) Received: from noop.in-addr.com (unknown [IPv6:2001:5c0:8fff:fffe::214d]) by mx1.freebsd.org (Postfix) with ESMTP id A7DB413C458 for ; Thu, 13 Dec 2007 11:00:11 +0000 (UTC) (envelope-from gpalmer@freebsd.org) Received: from gjp by noop.in-addr.com with local (Exim 4.54 (FreeBSD)) id 1J2lnV-000NP6-U9; Thu, 13 Dec 2007 06:00:09 -0500 Date: Thu, 13 Dec 2007 06:00:09 -0500 From: Gary Palmer To: "W. D." Message-ID: <20071213110009.GB986@in-addr.com> References: <20071213081155.ABBC813C4D5@mx1.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20071213081155.ABBC813C4D5@mx1.freebsd.org> Cc: freebsd-security@freebsd.org Subject: Re: IPFW compiled in kernel: Where is it reading the config? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Dec 2007 11:00:12 -0000 On Thu, Dec 13, 2007 at 01:44:46AM -0600, W. D. wrote: > Hi peeps, > > After compiling ipfw into the new 6.2 kernel, and typing "ipfw list", > all I get is: > > "65535 deny ip from any to any" > > From reading the docs, this might indicate that this is the > default rule. (I am certainly protected this way--but can't > be very productive ;^) ) > > By the way, when I run "man ipfw" I get nothing. Using this > instead: http://www.hmug.org/man/8/ipfw.php How to install > the man pages? > > How do I tell where ipfw is reading its config from? Is > there a default config file? > > The config file locaton that I specify in rc.conf doesn't > appear to be being used: > > firewall_script="/usr/local/etc/ipfw.rules" You require firewall_enable="YES" in /etc/rc.conf for the rules to be looked at Also, firewall_script may be the wrong configuration parameter to use. firewall_script is expected to be a shell script to configure the firewall. If you just want a file of rules, set firewall_type instead. e.g. firewall_type="/etc/rc.firewall.rules" firewall_enable="YES" and then put your rules one line at a time into the specified file. i.e. add allow ip from any to any via lo0 (etc) ipfw is a kernel module. It will not show up in "ps aux". If "ipfw list" does not come back with an error message, then it is likely running. You can check for the ipfw module using kldstat (assuming you did not compile ipfw into a custom kernel) To check the syntax of a list of rules (note: not a shell script) then you can use ipfw -n /path/to/rules/file >From the man page -n Only check syntax of the command strings, without actually pass- ing them to the kernel. Regards, Gary > > What is the proper name for the ipfw ruleset file? Some > on the Web say that it is "ipfw.rules". Other say > it is "rc.firewall" > > What is the proper location for the ruleset file? I see > all of the following: > > /etc/ipfw.rules > /usr/local/etc/ipfw.rules > > /etc/rc.firewall > /usr/local/etc/psa/modules/firewall/rc.firewall > > Are line numbers required? I see some examples that use line > numbers and some do not. > > Is there a program to easily "syntax check" a config/ruleset > file? > > How do I tell if ipfw is running? "ps aux | grep ipfw" > doesn't show anything. > > I would really appreciate very much some help with this. Many > thanks if you can help. > > > > > > > Start Here to Find It Fast!? -> http://www.US-Webmasters.com/best-start-page/ > $8.77 Domain Names -> http://domains.us-webmasters.com/ > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > > From owner-freebsd-security@FreeBSD.ORG Thu Dec 13 12:40:34 2007 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 014D816A421 for ; Thu, 13 Dec 2007 12:40:34 +0000 (UTC) (envelope-from trashy_bumper@yahoo.com) Received: from web36308.mail.mud.yahoo.com (web36308.mail.mud.yahoo.com [209.191.91.185]) by mx1.freebsd.org (Postfix) with SMTP id 916EE13C4CC for ; Thu, 13 Dec 2007 12:40:33 +0000 (UTC) (envelope-from trashy_bumper@yahoo.com) Received: (qmail 37565 invoked by uid 60001); 13 Dec 2007 12:13:51 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type:Message-ID; b=6OKByJoEetrbruK5CEZbuMM3YGH1y7B3EsAWEot1/lyNCwZWayW2I6vWCHIKriVBFzBqgMt+cRFZQcISnx9sxaVKnaZ3x7srLepAfDt/rGl2lud9lQ2ZA6CHre/E5AH/SjsClW8egQhF6ZGpdonU0ORnbSDzZZry0V5EJply6eU=; X-YMail-OSG: AwbSkT8VM1mLwpBhhnhlqW.2birfqa8mCK3ha7GdB2jT38ypA0arf8_W.QEEIXCsY7JcSgsTb6IXvdaVPVExNvFperSubDmKAr0bRwwRf0MVz0.lE7k- Received: from [77.122.205.244] by web36308.mail.mud.yahoo.com via HTTP; Thu, 13 Dec 2007 04:13:51 PST X-Mailer: YahooMailRC/818.31 YahooMailWebService/0.7.158.1 Date: Thu, 13 Dec 2007 04:13:51 -0800 (PST) From: Nash Nipples To: freebsd-security@freebsd.org MIME-Version: 1.0 Message-ID: <417648.37402.qm@web36308.mail.mud.yahoo.com> Content-Type: text/plain; charset=us-ascii X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Re: IPFW compiled in kernel: Where is it reading the config? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Dec 2007 12:40:34 -0000 not sure. i think that on a running kernel it's either a 1 or 0. on a dead kernel its still 1 or 0. in the source its like digging a hole to china. bye ____________________________________________________________________________________ Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping From owner-freebsd-security@FreeBSD.ORG Thu Dec 13 18:39:58 2007 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3B66016A419 for ; Thu, 13 Dec 2007 18:39:58 +0000 (UTC) (envelope-from WD@US-Webmasters.com) Received: from server1.grabweb.com (split.grabweb.net [67.15.22.16]) by mx1.freebsd.org (Postfix) with ESMTP id B348013C469 for ; Thu, 13 Dec 2007 18:39:57 +0000 (UTC) (envelope-from WD@US-Webmasters.com) Received: (qmail 16924 invoked from network); 13 Dec 2007 12:39:55 -0600 Received: from batv-01-192.dsl.netins.net (HELO Sabrina.US-Webmasters.com) (207.199.193.192) by uswdns.net with (DHE-RSA-AES256-SHA encrypted) SMTP; 13 Dec 2007 12:39:55 -0600 X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9 Date: Thu, 13 Dec 2007 12:39:44 -0600 To: Gary Palmer From: "W. D." In-Reply-To: <20071213110009.GB986@in-addr.com> References: <20071213081155.ABBC813C4D5@mx1.freebsd.org> <20071213110009.GB986@in-addr.com> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Message-Id: <20071213183957.B348013C469@mx1.freebsd.org> Cc: freebsd-security@freebsd.org Subject: Re: IPFW compiled in kernel: Where is it reading the config? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 13 Dec 2007 18:39:58 -0000 At 05:00 12/13/2007, Gary Palmer wrote: >=20 >> The config file locaton that I specify in rc.conf doesn't=20 >> appear to be being used: >>=20 >> firewall_script=3D"/usr/local/etc/ipfw.rules" > >You require > >firewall_enable=3D"YES" > >in /etc/rc.conf for the rules to be looked at > >Also, firewall_script may be the wrong configuration parameter to use. =20 >firewall_script is expected to be a shell script to configure the=20 >firewall. If you just want a file of rules, set firewall_type instead. >e.g. > >firewall_type=3D"/etc/rc.firewall.rules" >firewall_enable=3D"YES" > >and then put your rules one line at a time into the specified file. i.e. > >add allow ip from any to any via lo0 >(etc) > >ipfw is a kernel module. It will not show up in "ps aux". If >"ipfw list" does not come back with an error message, then it >is likely running. You can check for the ipfw module using > >kldstat > >(assuming you did not compile ipfw into a custom kernel) > >To check the syntax of a list of rules (note: not a shell script) then >you can use > >ipfw -n /path/to/rules/file > >>From the man page > > -n Only check syntax of the command strings, without actually= pass- > ing them to the kernel. > >Regards, > >Gary Thanks, Gary! This is much of what I was looking for. Start Here to Find It Fast!=99 ->= http://www.US-Webmasters.com/best-start-page/ $8.77 Domain Names -> http://domains.us-webmasters.com/ From owner-freebsd-security@FreeBSD.ORG Fri Dec 14 08:38:48 2007 Return-Path: Delivered-To: freebsd-security@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0BCE516A417; Fri, 14 Dec 2007 08:38:48 +0000 (UTC) (envelope-from dds@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id DF41F13C44B; Fri, 14 Dec 2007 08:38:47 +0000 (UTC) (envelope-from dds@FreeBSD.org) Received: from freefall.freebsd.org (dds@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id lBE8cl6a021614; Fri, 14 Dec 2007 08:38:47 GMT (envelope-from dds@freefall.freebsd.org) Received: (from dds@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id lBE8cls1021610; Fri, 14 Dec 2007 08:38:47 GMT (envelope-from dds) Date: Fri, 14 Dec 2007 08:38:47 GMT Message-Id: <200712140838.lBE8cls1021610@freefall.freebsd.org> To: freebsd-security@FreeBSD.org, dds@FreeBSD.org, dds@FreeBSD.org From: dds@FreeBSD.org X-Mailman-Approved-At: Fri, 14 Dec 2007 12:23:35 +0000 Cc: Subject: Re: bin/91622: cp(1) does not update atime of the source file X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Dec 2007 08:38:48 -0000 Synopsis: cp(1) does not update atime of the source file State-Changed-From-To: open->closed State-Changed-By: dds State-Changed-When: Fri Dec 14 08:33:46 UTC 2007 State-Changed-Why: This problem has been fixed in RELENG_6. Pending MFC is no longer pertinent. http://www.freebsd.org/cgi/query-pr.cgi?pr=91622