From owner-freebsd-security@FreeBSD.ORG Mon Aug 7 22:02:10 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2DC2816A4DD for ; Mon, 7 Aug 2006 22:02:10 +0000 (UTC) (envelope-from scheidell@secnap.net) Received: from mail.secnap.com (mail.secnap.com [204.89.241.129]) by mx1.FreeBSD.org (Postfix) with ESMTP id C0F0343D6A for ; Mon, 7 Aug 2006 22:02:09 +0000 (GMT) (envelope-from scheidell@secnap.net) Received: from [10.70.3.3] (unknown [10.70.3.3]) by mail.secnap.com (Postfix) with ESMTP id 56082164838; Mon, 7 Aug 2006 18:02:08 -0400 (EDT) Message-ID: <44D7B860.5080906@secnap.net> Date: Mon, 07 Aug 2006 18:02:08 -0400 From: Michael Scheidell Organization: SECNAP Network Security User-Agent: Thunderbird 1.5.0.5 (Macintosh/20060719) MIME-Version: 1.0 To: freebsd-security@freebsd.org X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: seeding dev/random in 5.5 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Aug 2006 22:02:10 -0000 I was doing some regression testing in 5.5: Specifically testing booting up a 'virgin' hard disk from a clean install. I was testing what happened if the 300 second timeout happened vs hitting for 'fast+insecure' startup and punching in a bunch of random garbage. I found that for some reason, on a 2.4Ghz Celeron, the 'sysctl -a' and 'date' seeding for 'fast+insecure' seemed to do nothing unless I typed in at least 3 lines of random keystrokes. ie: /etc/rc.d/sshd start WONT, it doesn't generate ssh keys in /etc/ssh and ssh won't start. Is there something in /dev/random that won't init if it isn't random enough? (if doing this from an unattended bootup, expecting the 300 second timeout, I find that sshd does not start!) After doing some testing, it appears that (at least with the combination of a 2.4Ghz Celeron and 5.5) that it takes at least three lines of random data, added to the output of sysctl -a and date to seed /dev/random. (as per this in /etc/rc.d/sshd: read -t ${timeout} junk echo "${junk}" `sysctl -a` `date` > /dev/random I can find no other explanation to the results of my tests: This removes keys: /etc/rc.d/sshd stop rm /etc/ssh/*key* /etc/rc.d/sshd start tests: #1, allow 300 second timeout: remove keys, restart sshd: /etc/rc.d/sshd start let it sit for 300 seconds. No error messages, but sshd doesn't start, and there are no keys in /etc/ssh #2, one line of random test (same results as above) #3, two lines, etc #4, three lines. Now, I get the messages telling me that ssh_keygen has created keys, and there are keys in /etc/ssh I also find that by adding this to the random seeding that it will work with or 300 second timeout: read -t ${timeout} junk echo "${junk}" `sysctl -a` `date` `tcpdump -xs1500 -c 5` > /dev/random Yes, I know, but even ;lj;lkj;lj;ljjl on the keyboard isn't all that random, but my issue is not being able to remotely access a virgin system with ssh. Sometimes these are headless pizza boxes, buried deep in the bowels of some data center. Has anyone else run tests like this? (I suppose the -c value in tcpdump could be random as well '-=) using: count = `date "+%S"` In a remote location, with no head, no monitor, its hard trying to figure out just WHY 'system won't boot'. (it booted, but sshd didn't start!) There is enough random[pun intended] things that can happen when you install a new system, that I would like to try to eliminate one of them. -- Michael Scheidell, CTO SECNAP Network Security / www.secnap.com scheidell@secnap.net / 1+561-999-5000, x 1131 From owner-freebsd-security@FreeBSD.ORG Tue Aug 8 08:12:06 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6E96916A4DA for ; Tue, 8 Aug 2006 08:12:06 +0000 (UTC) (envelope-from arne_woerner@yahoo.com) Received: from web30310.mail.mud.yahoo.com (web30310.mail.mud.yahoo.com [68.142.200.103]) by mx1.FreeBSD.org (Postfix) with SMTP id 0BFB043D45 for ; Tue, 8 Aug 2006 08:12:05 +0000 (GMT) (envelope-from arne_woerner@yahoo.com) Received: (qmail 83183 invoked by uid 60001); 8 Aug 2006 08:12:05 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=hP3VXDibxTKZOCGW2JsnPLyHEvdACoPSbyEmFYQCXC8CQOP0ahzLJk/2yqCDqP+T/b7524tUxG2iVGpb6lOzWzV5mURCjLYCpuRg3EtDM11qpue1TeQMlbWW2dvDrE4t5ZdVWOaufyicwe9OTPgi5/7AGI70MHkXa1ZAiI67uiE= ; Message-ID: <20060808081205.83181.qmail@web30310.mail.mud.yahoo.com> Received: from [213.54.69.172] by web30310.mail.mud.yahoo.com via HTTP; Tue, 08 Aug 2006 01:12:05 PDT Date: Tue, 8 Aug 2006 01:12:05 -0700 (PDT) From: "R. B. Riddick" To: Michael Scheidell , freebsd-security@freebsd.org In-Reply-To: <44D7B860.5080906@secnap.net> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Cc: Subject: Re: seeding dev/random in 5.5 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Aug 2006 08:12:06 -0000 --- Michael Scheidell wrote: > I was doing some regression testing in 5.5: Specifically testing booting > up a 'virgin' hard disk from a clean install. > > I was testing what happened if the 300 second timeout happened vs > hitting for 'fast+insecure' startup and punching in a bunch of > random garbage. > > I found that for some reason, on a 2.4Ghz Celeron, the 'sysctl -a' and > 'date' seeding for 'fast+insecure' seemed to do nothing unless I typed > in at least 3 lines of random keystrokes. > > ie: /etc/rc.d/sshd start WONT, it doesn't generate ssh keys in /etc/ssh > and ssh won't start. > > Is there something in /dev/random that won't init if it isn't random enough? > > (if doing this from an unattended bootup, expecting the 300 second > timeout, I find that sshd does not start!) > > After doing some testing, it appears that (at least with the combination > of a 2.4Ghz Celeron and 5.5) that it takes at least three lines of > random data, added to the output of sysctl -a and date to seed /dev/random. > > (as per this in /etc/rc.d/sshd: > read -t ${timeout} junk > echo "${junk}" `sysctl -a` `date` > /dev/random > > I can find no other explanation to the results of my tests: > > This removes keys: > /etc/rc.d/sshd stop > rm /etc/ssh/*key* > /etc/rc.d/sshd start > > tests: > > #1, allow 300 second timeout: > remove keys, restart sshd: /etc/rc.d/sshd start > let it sit for 300 seconds. > No error messages, but sshd doesn't start, and there are no keys in /etc/ssh > > #2, one line of random test > (same results as above) > #3, two lines, etc > > #4, three lines. > Now, I get the messages telling me that ssh_keygen has created keys, and > there are keys in /etc/ssh > > I also find that by adding this to the random seeding that it will work > with or 300 second timeout: > > read -t ${timeout} junk > echo "${junk}" `sysctl -a` `date` `tcpdump -xs1500 -c > 5` > /dev/random > > Yes, I know, but even ;lj;lkj;lj;ljjl on the keyboard isn't all that > random, but my issue is not being able to remotely access a virgin > system with ssh. Sometimes these are headless pizza boxes, buried deep > in the bowels of some data center. > > Has anyone else run tests like this? > > (I suppose the -c value in tcpdump could be random as well '-=) using: > > count = `date "+%S"` > > In a remote location, with no head, no monitor, its hard trying to > figure out just WHY 'system won't boot'. > (it booted, but sshd didn't start!) > > There is enough random[pun intended] things that can happen when you > install a new system, that I would like to try to eliminate one of them. > I think that during the first reboot after a fresh install the kern.random.sys sysctl settings are already orderly before rc.d/sshd is called... If yes, then sending some pings should do the trick... Or not? I mean: NETWORKING should already be provided at that point... Btw.: __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From owner-freebsd-security@FreeBSD.ORG Tue Aug 8 10:35:29 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0BCD116A4DA for ; Tue, 8 Aug 2006 10:35:29 +0000 (UTC) (envelope-from scheidell@secnap.net) Received: from secnap2.secnap.com (secnap2.secnap.com [204.89.241.128]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9AD7C43D4C for ; Tue, 8 Aug 2006 10:35:28 +0000 (GMT) (envelope-from scheidell@secnap.net) X-MimeOLE: Produced By Microsoft Exchange V6.0.6603.0 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable Date: Tue, 8 Aug 2006 06:35:27 -0400 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: seeding dev/random in 5.5 Thread-Index: Aca6wlkITBNf7ouiSJqnfiif3rlbygAE8ejA From: "Michael Scheidell" To: "R. B. Riddick" , Cc: Subject: RE: seeding dev/random in 5.5 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Aug 2006 10:35:29 -0000 > -----Original Message----- > From: R. B. Riddick [mailto:arne_woerner@yahoo.com]=20 > Sent: Tuesday, August 08, 2006 4:12 AM > To: Michael Scheidell; freebsd-security@freebsd.org > Subject: Re: seeding dev/random in 5.5 >=20 > I think that during the first reboot after a fresh install=20 > the kern.random.sys sysctl settings are already orderly=20 > before rc.d/sshd is called... >=20 > If yes, then sending some pings should do the trick... Or=20 > not? I mean: NETWORKING should already be provided at that point... I am not sure I understand what you are saying in the context of my question. From owner-freebsd-security@FreeBSD.ORG Tue Aug 8 12:38:09 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AEEEE16A4DE for ; Tue, 8 Aug 2006 12:38:09 +0000 (UTC) (envelope-from arne_woerner@yahoo.com) Received: from web30306.mail.mud.yahoo.com (web30306.mail.mud.yahoo.com [68.142.200.99]) by mx1.FreeBSD.org (Postfix) with SMTP id 2C6F143D53 for ; Tue, 8 Aug 2006 12:38:09 +0000 (GMT) (envelope-from arne_woerner@yahoo.com) Received: (qmail 59115 invoked by uid 60001); 8 Aug 2006 12:38:08 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=ZYD7e/dBKMsIKn8ZxjAq1GAnI8e8IfAOx8VIQSkbqE5kgR3hC/3PfiD39MqcR8WSIcmvIy2IDtoju6W/m3QHhqPMhntSK//8NpaWOMago/2PFDsWVrZf7QYtc1HFLldbqEyeyWKF/tJd1Kb4asUqa13Swv8H6ozgu97QBOG3pVs= ; Message-ID: <20060808123808.59113.qmail@web30306.mail.mud.yahoo.com> Received: from [213.54.69.172] by web30306.mail.mud.yahoo.com via HTTP; Tue, 08 Aug 2006 05:38:08 PDT Date: Tue, 8 Aug 2006 05:38:08 -0700 (PDT) From: "R. B. Riddick" To: Michael Scheidell , freebsd-security@freebsd.org In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Cc: Subject: RE: seeding dev/random in 5.5 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Aug 2006 12:38:09 -0000 --- Michael Scheidell wrote: > > I think that during the first reboot after a fresh install > > the kern.random.sys sysctl settings are already orderly > > before rc.d/sshd is called... > > > > If yes, then sending some pings should do the trick... Or > > not? I mean: NETWORKING should already be provided at that point... > > I am not sure I understand what you are saying in the context of my > question. > I mean: Instead of changing a rc.d script u or ur friend could just send some pings to the deeply buried box... -Arne __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From owner-freebsd-security@FreeBSD.ORG Tue Aug 8 13:04:55 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5B56016A4E2 for ; Tue, 8 Aug 2006 13:04:55 +0000 (UTC) (envelope-from scheidell@secnap.net) Received: from mail.secnap.com (mail.secnap.com [204.89.241.129]) by mx1.FreeBSD.org (Postfix) with ESMTP id E696443D45 for ; Tue, 8 Aug 2006 13:04:54 +0000 (GMT) (envelope-from scheidell@secnap.net) Received: from [10.70.3.3] (unknown [10.70.3.3]) by mail.secnap.com (Postfix) with ESMTP id EE55C164838; Tue, 8 Aug 2006 09:04:53 -0400 (EDT) Message-ID: <44D88BF5.9060402@secnap.net> Date: Tue, 08 Aug 2006 09:04:53 -0400 From: Michael Scheidell Organization: SECNAP Network Security User-Agent: Thunderbird 1.5.0.5 (Macintosh/20060719) MIME-Version: 1.0 To: "R. B. Riddick" References: <20060808123808.59113.qmail@web30306.mail.mud.yahoo.com> In-Reply-To: <20060808123808.59113.qmail@web30306.mail.mud.yahoo.com> X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-security@freebsd.org Subject: Re: seeding dev/random in 5.5 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Aug 2006 13:04:55 -0000 R. B. Riddick wrote: > --- Michael Scheidell wrote: > >>> I think that during the first reboot after a fresh install >>> the kern.random.sys sysctl settings are already orderly >>> before rc.d/sshd is called... >>> >>> If yes, then sending some pings should do the trick... Or >>> not? I mean: NETWORKING should already be provided at that point... >>> >> I am not sure I understand what you are saying in the context of my >> question. >> >> > I mean: > Instead of changing a rc.d script u or ur friend could just send some pings to > the deeply buried box... > > why would that help? if (without changing rc file) /dev/random isn't seeded by networking, why wold a ping help? -- Michael Scheidell, CTO SECNAP Network Security / www.secnap.com scheidell@secnap.net / 1+561-999-5000, x 1131 From owner-freebsd-security@FreeBSD.ORG Tue Aug 8 13:53:49 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D97F016A4E8 for ; Tue, 8 Aug 2006 13:53:49 +0000 (UTC) (envelope-from arne_woerner@yahoo.com) Received: from web30310.mail.mud.yahoo.com (web30310.mail.mud.yahoo.com [68.142.200.103]) by mx1.FreeBSD.org (Postfix) with SMTP id A8E0943D92 for ; Tue, 8 Aug 2006 13:53:30 +0000 (GMT) (envelope-from arne_woerner@yahoo.com) Received: (qmail 24189 invoked by uid 60001); 8 Aug 2006 13:53:30 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=uRDyXl/Vavh6GoOGTGEDtc6yVDqFVTMZzqShRFXcOgDyZX7yQ0ZV1B05K+h/EeJoWS5OsbdvMe3XexRkbz5+JMoCcXST+0+0Av1DFvjlqZsyfHGnroMG/Qb+tu2oZJKYBE34Q4j6+bOPCy85OSuSzl3daUS4rOt5UYDL+b7Val8= ; Message-ID: <20060808135330.24187.qmail@web30310.mail.mud.yahoo.com> Received: from [213.54.69.172] by web30310.mail.mud.yahoo.com via HTTP; Tue, 08 Aug 2006 06:53:30 PDT Date: Tue, 8 Aug 2006 06:53:30 -0700 (PDT) From: "R. B. Riddick" To: Michael Scheidell In-Reply-To: <44D88BF5.9060402@secnap.net> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Cc: freebsd-security@freebsd.org Subject: Re: seeding dev/random in 5.5 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Aug 2006 13:53:49 -0000 --- Michael Scheidell wrote: > R. B. Riddick wrote: > > --- Michael Scheidell wrote: > > > >>> I think that during the first reboot after a fresh install > >>> the kern.random.sys sysctl settings are already orderly > >>> before rc.d/sshd is called... > >>> > >>> If yes, then sending some pings should do the trick... Or > >>> not? I mean: NETWORKING should already be provided at that point... > >>> > >> I am not sure I understand what you are saying in the context of my > >> question. > >> > >> > > I mean: > > Instead of changing a rc.d script u or ur friend could just send some pings > to > > the deeply buried box... > > > > > why would that help? > > if (without changing rc file) /dev/random isn't seeded by networking, > why wold a ping help? > I was under the impression, that kern.random.sys.harvest.ethernet is 1 by default. That would mean, that ethernet traffic to that deeply buried box should feed that /dev/random until it is fat and round... Why do u believe, that /dev/random isnt seeded by networking? -Arne __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From owner-freebsd-security@FreeBSD.ORG Tue Aug 8 14:02:01 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B964116A4DA for ; Tue, 8 Aug 2006 14:02:01 +0000 (UTC) (envelope-from scheidell@secnap.net) Received: from mail.secnap.com (mail.secnap.com [204.89.241.129]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4AA9843D49 for ; Tue, 8 Aug 2006 14:02:01 +0000 (GMT) (envelope-from scheidell@secnap.net) Received: from [10.70.3.3] (unknown [10.70.3.3]) by mail.secnap.com (Postfix) with ESMTP id 81B22164838; Tue, 8 Aug 2006 10:02:00 -0400 (EDT) Message-ID: <44D89958.2030305@secnap.net> Date: Tue, 08 Aug 2006 10:02:00 -0400 From: Michael Scheidell Organization: SECNAP Network Security User-Agent: Thunderbird 1.5.0.5 (Macintosh/20060719) MIME-Version: 1.0 To: "R. B. Riddick" References: <20060808135330.24187.qmail@web30310.mail.mud.yahoo.com> In-Reply-To: <20060808135330.24187.qmail@web30310.mail.mud.yahoo.com> X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-security@freebsd.org Subject: Re: seeding dev/random in 5.5 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Aug 2006 14:02:01 -0000 R. B. Riddick wrote: >> > I was under the impression, that > kern.random.sys.harvest.ethernet > is > 1 > by default. > > That would mean, that ethernet traffic to that deeply buried box should feed > that /dev/random until it is fat and round... > > Why do u believe, that /dev/random isnt seeded by networking? > > because it isn't. and pings arn' going to produce much random data. it might feed it LATER, saving to /var/db/entropy, but when the system is booted, and there are no keys in /etc/ssh and rc.d/sshd tried to generate enough to feed to /dev/random, it doesn't At least in this case, this box, this os, this chipset. Only one I have see like this. Its a showstopper. Box won't start remote sshd, can only get at it via console. Not sure why the reluctance to even acknowledge that there could be a minor fix/patch that could prevent dead box and a ${miles=hundreds) trek to bring it back. if its never happened to you, then you may not have the exact combination I have. I can reproduce it 100% of the time, every time, all day long. Only two workarounds that I know of: #1, put in more than 3 lines of garbage on console. #2, put in more than 5 packets of garbage from ethernet (which, acknowledged: if hacker is trying to seed known data to this box, he could feed it known data) -- Michael Scheidell, CTO SECNAP Network Security / www.secnap.com scheidell@secnap.net / 1+561-999-5000, x 1131 From owner-freebsd-security@FreeBSD.ORG Tue Aug 8 14:15:05 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 55B7D16A4DA for ; Tue, 8 Aug 2006 14:15:05 +0000 (UTC) (envelope-from arne_woerner@yahoo.com) Received: from web30313.mail.mud.yahoo.com (web30313.mail.mud.yahoo.com [68.142.201.231]) by mx1.FreeBSD.org (Postfix) with SMTP id B623F43D45 for ; Tue, 8 Aug 2006 14:15:02 +0000 (GMT) (envelope-from arne_woerner@yahoo.com) Received: (qmail 56773 invoked by uid 60001); 8 Aug 2006 14:15:02 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=MTaOqcoOirvtTzxAs1vATRmgkSprera3inqq1Y1egkGJzJFCZGrwofjzqZSYgaMEZaTRbZAOF9VNSJ1BwQg+SkvVVRj98JeLfnyEbjV4QCtL3b7sB1vDO2ykAHaNmTe4OZAfeYbLiKnfiD5ZOhKuuDDh0OBmRC/dHCCkVTSOmOM= ; Message-ID: <20060808141501.56763.qmail@web30313.mail.mud.yahoo.com> Received: from [213.54.69.172] by web30313.mail.mud.yahoo.com via HTTP; Tue, 08 Aug 2006 07:15:01 PDT Date: Tue, 8 Aug 2006 07:15:01 -0700 (PDT) From: "R. B. Riddick" To: Michael Scheidell In-Reply-To: <44D89958.2030305@secnap.net> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Cc: freebsd-security@freebsd.org Subject: Re: seeding dev/random in 5.5 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Aug 2006 14:15:05 -0000 --- Michael Scheidell wrote: > R. B. Riddick wrote: > > Why do u believe, that /dev/random isnt seeded by networking? > > > > > because it isn't. > and pings arn' going to produce much random data. > Hmm... Interesting... > it might feed it LATER, saving to /var/db/entropy, but when the system > is booted, and there are no keys in /etc/ssh and rc.d/sshd tried to > generate enough to feed to /dev/random, it doesn't > Hopefully... I was under the impression, that new "random" events are gathered continuously in order to create an always good source of random ... > I can reproduce it 100% of the time, every time, all day long. > OK... But I still dont understand why that is... Does it have an ethernet NIC? Is that sysctl (kern.random.sys.harvest.ethernet) set to 1 before rc.d/sshd starts? > Only two workarounds that I know of: > #1, put in more than 3 lines of garbage on console. > #2, put in more than 5 packets of garbage from ethernet > (which, acknowledged: if hacker is trying to seed known data to this > box, he could feed it known data) > If I may add: I know another workaround: Create the key files during the install process, which has to be done quite handish anyway, if u do it on a far away deeply buried box... Or not? -Arne __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From owner-freebsd-security@FreeBSD.ORG Tue Aug 8 14:21:07 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5EB7416A504 for ; Tue, 8 Aug 2006 14:21:07 +0000 (UTC) (envelope-from scheidell@secnap.net) Received: from mail.secnap.com (mail.secnap.com [204.89.241.129]) by mx1.FreeBSD.org (Postfix) with ESMTP id 731D643D94 for ; Tue, 8 Aug 2006 14:20:28 +0000 (GMT) (envelope-from scheidell@secnap.net) Received: from [10.70.3.3] (unknown [10.70.3.3]) by mail.secnap.com (Postfix) with ESMTP id E42B4164838; Tue, 8 Aug 2006 10:19:53 -0400 (EDT) Message-ID: <44D89D89.2080502@secnap.net> Date: Tue, 08 Aug 2006 10:19:53 -0400 From: Michael Scheidell Organization: SECNAP Network Security User-Agent: Thunderbird 1.5.0.5 (Macintosh/20060719) MIME-Version: 1.0 To: "R. B. Riddick" References: <20060808141501.56763.qmail@web30313.mail.mud.yahoo.com> In-Reply-To: <20060808141501.56763.qmail@web30313.mail.mud.yahoo.com> X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-security@freebsd.org Subject: Re: seeding dev/random in 5.5 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Aug 2006 14:21:07 -0000 R. B. Riddick wrote: > --- Michael Scheidell wrote: > >> R. B. Riddick wrote: >> >>> Why do u believe, that /dev/random isnt seeded by networking? >>> >>> >>> >> because it isn't. >> and pings arn' going to produce much random data. >> >> > Hmm... Interesting... > > >> it might feed it LATER, saving to /var/db/entropy, but when the system >> is booted, and there are no keys in /etc/ssh and rc.d/sshd tried to >> generate enough to feed to /dev/random, it doesn't >> >> > Hopefully... I was under the impression, that new "random" events are gathered > continuously in order to create an always good source of random ... > > yes, maybe, AFTER it boots, and during the day. >> I can reproduce it 100% of the time, every time, all day long. >> >> > OK... But I still dont understand why that is... Does it have an ethernet NIC? > Is that sysctl (kern.random.sys.harvest.ethernet) set to 1 before rc.d/sshd > starts? > > yes, has nic card (how else would I be able to ssh into it later ;-) no, rc.d/sshd doesn't touch that sysctl. >> Only two workarounds that I know of: >> #1, put in more than 3 lines of garbage on console. >> #2, put in more than 5 packets of garbage from ethernet >> (which, acknowledged: if hacker is trying to seed known data to this >> box, he could feed it known data) >> >> > If I may add: > I know another workaround: Create the key files during the install process, > which has to be done quite handish anyway, if u do it on a far away deeply > buried box... Or not? > > This would affect the generic stock 5.5 install disk as well (it doesn't create new keys when it builds a virgin hard disk) If a user just hits return, there is no error message, no indication that /dev/random wasn't seeded. We have a bootable CD rom, has a generic boot/network/vpn/ and dumpfiles for virgin install. cd rom uses restore to make new HD. Id rather like to have different keys on different boxes. ssh client complains when it sees the same keys for several different ip addresses. > -Arne > > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > -- Michael Scheidell, CTO SECNAP Network Security / www.secnap.com scheidell@secnap.net / 1+561-999-5000, x 1131 From owner-freebsd-security@FreeBSD.ORG Tue Aug 8 15:06:14 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A3AAA16A4DE for ; Tue, 8 Aug 2006 15:06:14 +0000 (UTC) (envelope-from arne_woerner@yahoo.com) Received: from web30315.mail.mud.yahoo.com (web30315.mail.mud.yahoo.com [68.142.201.233]) by mx1.FreeBSD.org (Postfix) with SMTP id 36BFE43D45 for ; Tue, 8 Aug 2006 15:06:14 +0000 (GMT) (envelope-from arne_woerner@yahoo.com) Received: (qmail 37010 invoked by uid 60001); 8 Aug 2006 15:06:12 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=5+6vLCSKFrMrtmkoofI+vNDUsVjE136ikfmSw+fw7nONfZXaEF3NM+ABo8mTdgRphKXz9uXmgZxKT+JPgwaazwRxc89W5ydVQIjI3gpUD8nm6+x93eWa3RpFA+KwvP2mEmUGN461L/SluFWzKy4d/KyhW4ij4vrh0mPgZg9l7Ag= ; Message-ID: <20060808150612.37008.qmail@web30315.mail.mud.yahoo.com> Received: from [213.54.69.172] by web30315.mail.mud.yahoo.com via HTTP; Tue, 08 Aug 2006 08:06:12 PDT Date: Tue, 8 Aug 2006 08:06:12 -0700 (PDT) From: "R. B. Riddick" To: Michael Scheidell In-Reply-To: <44D89D89.2080502@secnap.net> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Cc: freebsd-security@freebsd.org Subject: Re: seeding dev/random in 5.5 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Aug 2006 15:06:14 -0000 --- Michael Scheidell wrote: > This would affect the generic stock 5.5 install disk as well (it doesn't > create new keys when it builds a virgin hard disk) > If a user just hits return, there is no error message, no indication > that /dev/random wasn't seeded. > > We have a bootable CD rom, has a generic boot/network/vpn/ and dumpfiles > for virgin install. > cd rom uses restore to make new HD. > Id rather like to have different keys on different boxes. ssh client > complains when it sees the same keys for several different ip addresses. > Oh. I see... So u just copy a CD to ur HD without any further install scripts... I do it different on my remote boxes: 1. I log in to the systems via sshd of the old system 2. Then I turn of one half of the mirror of the root file system 3. Then I un-tar the new base system to that currently unused disk. 4. Then I use bsdlabel and fdisk to make the box boot from the new disk... 5. Then I would create the ssh-host-keys... 6. Then I setup certain files/services like pf, ipfw, user-accounts, passwords, interfaces, ... 7. Then I would reboot to the freshly installed system (which does not work on some boxes sometimes, because the BIOS is quite old and does not understand the boot0cfg settings (-s5 and such)... *sigh*)... ... Your procedure seems to need operator interaction at the box itself anyway... So I do not see ur problem... Is it that just pressing [ENTER] (in spite of the warning) is not enough in ur case (in contradiction to the instructions)? That would be merely a documentation problem but not a security problem... -Arne __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From owner-freebsd-security@FreeBSD.ORG Tue Aug 8 17:35:04 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7A84916A4DF for ; Tue, 8 Aug 2006 17:35:04 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from mail2.fluidhosting.com (mx24.fluidhosting.com [204.14.89.7]) by mx1.FreeBSD.org (Postfix) with SMTP id 8AE6C43D5F for ; Tue, 8 Aug 2006 17:34:57 +0000 (GMT) (envelope-from dougb@FreeBSD.org) Received: (qmail 32568 invoked by uid 399); 8 Aug 2006 17:34:56 -0000 Received: from localhost (HELO ?192.168.0.3?) (dougb@dougbarton.us@127.0.0.1) by localhost with SMTP; 8 Aug 2006 17:34:56 -0000 Message-ID: <44D8CB3C.5090906@FreeBSD.org> Date: Tue, 08 Aug 2006 10:34:52 -0700 From: Doug Barton Organization: http://www.FreeBSD.org/ User-Agent: Thunderbird 1.5.0.5 (X11/20060729) MIME-Version: 1.0 To: Michael Scheidell References: <44D7B860.5080906@secnap.net> In-Reply-To: <44D7B860.5080906@secnap.net> X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-security@freebsd.org Subject: Re: seeding dev/random in 5.5 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Aug 2006 17:35:04 -0000 Please note that in spite of my @freebsd.org address, I do not purport to speak for the project here. That said, this isn't really a security@ issue, it's more of a freebsd-stable@ issue, for future reference. And FYI, I'm also combining two of your posts so that hopefully we can put this issue to rest. Michael Scheidell wrote: > I was doing some regression testing in 5.5: Not sure what your purpose is here. The 5.x branch is likely to die with 5.5, so if you're looking for a branch for your enterprise to use going forward, you're better off testing in 6.x. If you have other intentions for doing this testing, it would be useful to know them so that we can better answer your questions. > Specifically testing booting up a 'virgin' hard disk from a clean install. > > I was testing what happened if the 300 second timeout happened vs > hitting for 'fast+insecure' startup and punching in a bunch of > random garbage. > > I found that for some reason, on a 2.4Ghz Celeron, the 'sysctl -a' and > 'date' seeding for 'fast+insecure' seemed to do nothing unless I typed > in at least 3 lines of random keystrokes. That's more or less the expected behavior. > ie: /etc/rc.d/sshd start WONT, it doesn't generate ssh keys in /etc/ssh > and ssh won't start. Also expected. > Is there something in /dev/random that won't init if it isn't random enough? Yes. When the Yarrow PRNG was introduced back in the 5-CURRENT days, there were extensive references posted to the design docs. You might want to read the random(4) man page as well. > (if doing this from an unattended bootup, expecting the 300 second > timeout, I find that sshd does not start!) I cannot imagine a scenario where a competent system administrator would do a clean install on a machine, reboot it, and then just walk away without first testing to see that all expected services (especially sshd) were working according to plan. If you can envision such a situation, please describe it in more detail. > In a remote location, with no head, no monitor, its hard trying to > figure out just WHY 'system won't boot'. > (it booted, but sshd didn't start!) This is what serial consoles and KVMs are for. > it might feed it LATER, saving to /var/db/entropy, I _think_ you understand how this works, but just to be clear, the "random" data in /var/db/entropy is output from /dev/random after it has already been seeded. This stuff is then fed back into /dev/random at boot time in order to speed up the process of initializing the PRNG. > Not sure why the reluctance to even acknowledge that there could be a > minor fix/patch that could prevent dead box and a ${miles=hundreds) trek > to bring it back. I don't think anyone is saying "there cannot be a problem," I think that we're waiting for you to describe what FreeBSD problem you'd like us to fix, and/or what fix you're proposing. The confusion is understandable if you did not previously know how things were supposed to work, but hopefully this post clears that up for you. > Only two workarounds that I know of: > #1, put in more than 3 lines of garbage on console. That works, and is in fact (as you surmised) the intended workaround to the problem you describe. Why is this not sufficient for you? > #2, put in more than 5 packets of garbage from ethernet > (which, acknowledged: if hacker is trying to seed known data to this > box, he could feed it known data) Well, the bits of entropy gathered from the system are not fed directly into the PRNG, they are massaged a bit first. So it would not be quite that easy for an attacker to manipulate things. You might want to read up on how Yarrow works. hope this helps, Doug -- This .signature sanitized for your protection From owner-freebsd-security@FreeBSD.ORG Tue Aug 8 20:59:15 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6FEAB16A4DE; Tue, 8 Aug 2006 20:59:15 +0000 (UTC) (envelope-from toasty@dragondata.com) Received: from tokyo01.jp.mail.your.org (tokyo01.jp.mail.your.org [204.9.54.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 138F543D45; Tue, 8 Aug 2006 20:59:14 +0000 (GMT) (envelope-from toasty@dragondata.com) Received: from mail.your.org (server3-a.your.org [64.202.112.67]) by tokyo01.jp.mail.your.org (Postfix) with ESMTP id 9C98E2AD6880; Tue, 8 Aug 2006 20:59:12 +0000 (UTC) Received: from [69.31.99.38] (pool038.dhcp.your.org [69.31.99.38]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by mail.your.org (Postfix) with ESMTP id E681FA0A44E; Tue, 8 Aug 2006 20:59:11 +0000 (UTC) In-Reply-To: <44D8CB3C.5090906@FreeBSD.org> References: <44D7B860.5080906@secnap.net> <44D8CB3C.5090906@FreeBSD.org> Mime-Version: 1.0 (Apple Message framework v752.2) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <45114657-81B6-4618-BFBB-7BD2EA4D0418@dragondata.com> Content-Transfer-Encoding: 7bit From: Kevin Day Date: Tue, 8 Aug 2006 15:59:20 -0500 To: Doug Barton X-Mailer: Apple Mail (2.752.2) Cc: freebsd-security@freebsd.org Subject: Re: seeding dev/random in 5.5 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Aug 2006 20:59:15 -0000 On Aug 8, 2006, at 12:34 PM, Doug Barton wrote: >> (if doing this from an unattended bootup, expecting the 300 second >> timeout, I find that sshd does not start!) > > I cannot imagine a scenario where a competent system administrator > would do > a clean install on a machine, reboot it, and then just walk away > without > first testing to see that all expected services (especially sshd) were > working according to plan. If you can envision such a situation, > please > describe it in more detail. This actually bit us too once. We were doing an unattended diskless (PXE boot) install to 50 servers at a time. These systems were for internal use only, we didn't care at all that the key generation for sshd was done in any secure way, but it meant that we either had to manually go through each server and kickstart the random number generator so sshd would work or hack the rc scripts to do what we really wanted. We got the unattended install down to do exactly what we wanted, so there was no need really to do anything locally on each server after the install. Except this. :) This came up a second time when we had a server on another continent lose its boot drive and we needed some "remote hands" to reinstall the OS for us. We shipped a replacement drive and an install CD configured to do an unattended/automated install. The idea was to give them a replacement hot-swap drive, and a bootable CD that did an automated install. After it was done, all they had to do was remove the CD and power cycle the server. (The people on the other end weren't very technical, so we had to make this extremely easy.) They followed the instructions, and from what we could tell by having them read the text on the screen it looked like it worked. We could ping the server, but not ssh, even though we were certain we had enabled sshd in the install.cfg file. We burned another copy of the CD image and tried it on a system locally to troubleshoot. Except, that since we were watching it, we didn't let the 300 second timeout happen because we were impatient, so it worked for us. It was only after many many hours of debugging that we realized that letting the timeout happen was breaking sshd. So, there are a few reasons for wanting to be able to do an install that just works right off the bat after sysinstall that don't conflict with good sysadmin practices. Maybe sysinstall could be collecting entropy during the installation and use that for an initial seed if the timeout happens? It wouldn't be perfect, but it'd be better than killing ssh. From owner-freebsd-security@FreeBSD.ORG Tue Aug 8 23:18:42 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8D2C116A540; Tue, 8 Aug 2006 23:18:42 +0000 (UTC) (envelope-from scheidell@secnap.net) Received: from secnap2.secnap.com (secnap2.secnap.com [204.89.241.128]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8A5B943D92; Tue, 8 Aug 2006 23:18:41 +0000 (GMT) (envelope-from scheidell@secnap.net) X-MimeOLE: Produced By Microsoft Exchange V6.0.6603.0 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: quoted-printable Date: Tue, 8 Aug 2006 19:18:40 -0400 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: seeding dev/random in 5.5 Thread-Index: Aca7La/we/2Y4wgkTOScTeqIJ8p/lAAEyiiA From: "Michael Scheidell" To: "Kevin Day" , "Doug Barton" Cc: freebsd-security@freebsd.org Subject: RE: seeding dev/random in 5.5 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Aug 2006 23:18:42 -0000 > -----Original Message----- > From: owner-freebsd-security@freebsd.org=20 > [mailto:owner-freebsd-security@freebsd.org] On Behalf Of Kevin Day > Sent: Tuesday, August 08, 2006 4:59 PM > To: Doug Barton > Cc: freebsd-security@freebsd.org > Subject: Re: seeding dev/random in 5.5 >=20 Yes, the install I had to do in amsterdam, translating dutch to english and back is the one I was concerned abot. >=20 >=20 Maybe sysinstall could be collecting entropy during the installation =20 > and use that for an initial seed if the timeout happens? It wouldn't =20 > be perfect, but it'd be better than killing ssh. >=20 Or use my idea of collecting 5 to 10 packets using tcpdump! From owner-freebsd-security@FreeBSD.ORG Tue Aug 8 23:48:52 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 705E716A4DA for ; Tue, 8 Aug 2006 23:48:52 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from mail2.fluidhosting.com (mx23.fluidhosting.com [204.14.89.6]) by mx1.FreeBSD.org (Postfix) with SMTP id E3A7543D45 for ; Tue, 8 Aug 2006 23:48:51 +0000 (GMT) (envelope-from dougb@FreeBSD.org) Received: (qmail 20195 invoked by uid 399); 8 Aug 2006 23:48:51 -0000 Received: from localhost (HELO ?192.168.0.3?) (dougb@dougbarton.us@127.0.0.1) by localhost with SMTP; 8 Aug 2006 23:48:51 -0000 Message-ID: <44D922E0.5050005@FreeBSD.org> Date: Tue, 08 Aug 2006 16:48:48 -0700 From: Doug Barton Organization: http://www.FreeBSD.org/ User-Agent: Thunderbird 1.5.0.5 (X11/20060729) MIME-Version: 1.0 To: Kevin Day References: <44D7B860.5080906@secnap.net> <44D8CB3C.5090906@FreeBSD.org> <45114657-81B6-4618-BFBB-7BD2EA4D0418@dragondata.com> In-Reply-To: <45114657-81B6-4618-BFBB-7BD2EA4D0418@dragondata.com> X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-security@freebsd.org Subject: Re: seeding dev/random in 5.5 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Aug 2006 23:48:52 -0000 Kevin Day wrote: > Maybe sysinstall could be collecting entropy during the installation and > use that for an initial seed if the timeout happens? It wouldn't be > perfect, but it'd be better than killing ssh. The patches you sent to implement this option didn't come through to the mailing list, could you resend them please? :) Seriously though, a lot of people looked at this problem when yarrow was introduced, and no solution became immediately apparent. So, if someone wants to take a crack at implementing something, knock yourself out. Doug -- This .signature sanitized for your protection From owner-freebsd-security@FreeBSD.ORG Wed Aug 9 07:17:37 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0944516A4DE for ; Wed, 9 Aug 2006 07:17:37 +0000 (UTC) (envelope-from arne_woerner@yahoo.com) Received: from web30310.mail.mud.yahoo.com (web30310.mail.mud.yahoo.com [68.142.200.103]) by mx1.FreeBSD.org (Postfix) with SMTP id 5673D43D46 for ; Wed, 9 Aug 2006 07:17:36 +0000 (GMT) (envelope-from arne_woerner@yahoo.com) Received: (qmail 71843 invoked by uid 60001); 9 Aug 2006 07:17:35 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=U8lzG/a2rzNSxgA1aY3OHG47zlPeltmIbL9tOBnDv9tyU8gLdl99dpZYX9cSuvkNig38agCJ721WaIm0aTjFoQ9Hg7ZjigF/ETL9emKu83DxTvAy/WhlWqeDYkHgs+KSyt2/oDme1Fa1AnHL6zhClQ6YhjWt9u1oPU/8DBV8Qwo= ; Message-ID: <20060809071735.71840.qmail@web30310.mail.mud.yahoo.com> Received: from [213.54.65.30] by web30310.mail.mud.yahoo.com via HTTP; Wed, 09 Aug 2006 00:17:35 PDT Date: Wed, 9 Aug 2006 00:17:35 -0700 (PDT) From: "R. B. Riddick" To: Doug Barton , Kevin Day In-Reply-To: <44D922E0.5050005@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Cc: freebsd-security@freebsd.org Subject: Re: seeding dev/random in 5.5 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Aug 2006 07:17:37 -0000 --- Doug Barton wrote: > The patches you sent to implement this option didn't come through to the > mailing list, could you resend them please? :) > > Seriously though, a lot of people looked at this problem when yarrow was > introduced, and no solution became immediately apparent. So, if someone > wants to take a crack at implementing something, knock yourself out. > Since this is the security mailing list, I would like to direct the attention on the following points: * I see in the CD-procedure the problem, that a postman, who is more sophisticated than in Leslie Nielsen's "Naked Gun 33 1/3" movie, might exchange the media, so that u let ur Netherlandish install something u dont know and/or like. Workaround: Do you use a checksum over the media (`md5 < /dev/acd0`) and transmit those checksum on a different way (maybe email)? * I received a private communication yesterday about this matter. But the list did not. I will cite (not litterally) a little bit out of that message: Since you do not know anything about the remotely created host-key, u cannot connect safely to the freshly installed box, because: You do not even know the signature of the new host-key, so that if u connect to the wrong box u would not even known. Workaround: You could give all hosts the same well-known host-key (via your install-image-CD) and then u could change the host-key in a remotely controlled way individually and note down the signature? Maybe my secret informer (lets call him Rasmus or RK) wants to come public... :-) * But what if the postman (see first point) know already the host-key from reading the CD? Then he could log in to ur boxes... -Arne __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From owner-freebsd-security@FreeBSD.ORG Wed Aug 9 13:08:57 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 540B016A4DA; Wed, 9 Aug 2006 13:08:57 +0000 (UTC) (envelope-from brooks@lor.one-eyed-alien.net) Received: from sccmmhc92.asp.att.net (sccmmhc92.asp.att.net [204.127.203.212]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9CA9A43D79; Wed, 9 Aug 2006 13:08:49 +0000 (GMT) (envelope-from brooks@lor.one-eyed-alien.net) Received: from lor.one-eyed-alien.net ([12.207.12.9]) by sccmmhc92.asp.att.net (sccmmhc92) with ESMTP id <20060809130848m92002ro5te>; Wed, 9 Aug 2006 13:08:48 +0000 Received: from lor.one-eyed-alien.net (localhost [127.0.0.1]) by lor.one-eyed-alien.net (8.13.6/8.13.6) with ESMTP id k79D8hmt008221; Wed, 9 Aug 2006 08:08:43 -0500 (CDT) (envelope-from brooks@lor.one-eyed-alien.net) Received: (from brooks@localhost) by lor.one-eyed-alien.net (8.13.6/8.13.6/Submit) id k79D8gow008220; Wed, 9 Aug 2006 08:08:42 -0500 (CDT) (envelope-from brooks) Date: Wed, 9 Aug 2006 08:08:42 -0500 From: Brooks Davis To: "R. B. Riddick" Message-ID: <20060809130842.GA7832@lor.one-eyed-alien.net> References: <44D922E0.5050005@FreeBSD.org> <20060809071735.71840.qmail@web30310.mail.mud.yahoo.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="6c2NcOVqGQ03X4Wi" Content-Disposition: inline In-Reply-To: <20060809071735.71840.qmail@web30310.mail.mud.yahoo.com> User-Agent: Mutt/1.5.11 Cc: freebsd-security@freebsd.org, Doug Barton Subject: Re: seeding dev/random in 5.5 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Aug 2006 13:08:57 -0000 --6c2NcOVqGQ03X4Wi Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Aug 09, 2006 at 12:17:35AM -0700, R. B. Riddick wrote: > --- Doug Barton wrote: > > The patches you sent to implement this option didn't come through to the > > mailing list, could you resend them please? :) > >=20 > > Seriously though, a lot of people looked at this problem when yarrow was > > introduced, and no solution became immediately apparent. So, if someone > > wants to take a crack at implementing something, knock yourself out. > >=20 > Since this is the security mailing list, I would like to direct the atten= tion > on the following points: >=20 > * I see in the CD-procedure the problem, that a postman, who is more > sophisticated than in Leslie Nielsen's "Naked Gun 33 1/3" movie, might ex= change > the media, so that u let ur Netherlandish install something u dont know a= nd/or > like. Workaround: Do you use a checksum over the media (`md5 < /dev/acd0`= ) and > transmit those checksum on a different way (maybe email)? >=20 > * I received a private communication yesterday about this matter. But the= list > did not. I will cite (not litterally) a little bit out of that message: S= ince > you do not know anything about the remotely created host-key, u cannot co= nnect > safely to the freshly installed box, because: You do not even know the > signature of the new host-key, so that if u connect to the wrong box u wo= uld > not even known. Workaround: You could give all hosts the same well-known > host-key (via your install-image-CD) and then u could change the host-key= in a > remotely controlled way individually and note down the signature? Maybe my > secret informer (lets call him Rasmus or RK) wants to come public... :-) These are valid if probably overly paranoid points. :) > * But what if the postman (see first point) know already the host-key from > reading the CD? Then he could log in to ur boxes... This isn't true. The host key lets you impersonate the host. It does not do anything related to log in (unless you use host based auth). -- Brooks --6c2NcOVqGQ03X4Wi Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFE2d5aXY6L6fI4GtQRAqNaAJ0Q4qiEKgZjcZJXt5QF/ZRfSAtopgCgsgHY VI9LNIKRVl2F7Mpf5uwWwVs= =cRL5 -----END PGP SIGNATURE----- --6c2NcOVqGQ03X4Wi-- From owner-freebsd-security@FreeBSD.ORG Wed Aug 9 13:27:53 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8F65A16A4DE for ; Wed, 9 Aug 2006 13:27:53 +0000 (UTC) (envelope-from fwaggle@hungryhacker.com) Received: from smtp106.sbc.mail.re2.yahoo.com (smtp106.sbc.mail.re2.yahoo.com [68.142.229.99]) by mx1.FreeBSD.org (Postfix) with SMTP id E21BD43D67 for ; Wed, 9 Aug 2006 13:27:49 +0000 (GMT) (envelope-from fwaggle@hungryhacker.com) Received: (qmail 7973 invoked from network); 9 Aug 2006 13:27:49 -0000 Received: from unknown (HELO ?192.168.0.4?) (elggawf@sbcglobal.net@71.156.86.203 with plain) by smtp106.sbc.mail.re2.yahoo.com with SMTP; 9 Aug 2006 13:27:48 -0000 Message-ID: <44D9E348.3060604@hungryhacker.com> Date: Wed, 09 Aug 2006 09:29:44 -0400 From: fwaggle User-Agent: Thunderbird 1.5.0.5 (Windows/20060719) MIME-Version: 1.0 To: Brooks Davis References: <44D922E0.5050005@FreeBSD.org> <20060809071735.71840.qmail@web30310.mail.mud.yahoo.com> <20060809130842.GA7832@lor.one-eyed-alien.net> In-Reply-To: <20060809130842.GA7832@lor.one-eyed-alien.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-security@freebsd.org Subject: Re: seeding dev/random in 5.5 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Aug 2006 13:27:53 -0000 Brooks Davis wrote: > On Wed, Aug 09, 2006 at 12:17:35AM -0700, R. B. Riddick wrote: >> --- Doug Barton wrote: [snip] >> * I received a private communication yesterday about this matter. But the list >> did not. I will cite (not litterally) a little bit out of that message: Since >> you do not know anything about the remotely created host-key, u cannot connect >> safely to the freshly installed box, because: You do not even know the >> signature of the new host-key, so that if u connect to the wrong box u would >> not even known. Workaround: You could give all hosts the same well-known >> host-key (via your install-image-CD) and then u could change the host-key in a >> remotely controlled way individually and note down the signature? Maybe my >> secret informer (lets call him Rasmus or RK) wants to come public... :-) > > These are valid if probably overly paranoid points. :) [/snip] i have a question. perhaps i'm misunderstanding something with how SSH works, but how would having a "standard freebsd private key" benefit anyone? if you wanted to impersonate a newly installed freebsd machine, then all you'd need is that freely-available private key. plus you'd get a bunch of clueless admins who had their machines installed by a dedicated server provider, and who'd never change their host key, which would effectively ruin SSH for their purposes. unless i've seriously missed the boat somewhere (it's happened before!) i think a better solution would still be random key generation with a nice little option to email the key signature somewhere that the new admin could pick it up. it's still fraught with impersonation danger for the paranoid, but imo it's a better idea than having a not-so-private key on install. -- fwaggle From owner-freebsd-security@FreeBSD.ORG Wed Aug 9 13:32:43 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7900C16A4DA for ; Wed, 9 Aug 2006 13:32:43 +0000 (UTC) (envelope-from brooks@lor.one-eyed-alien.net) Received: from sccmmhc92.asp.att.net (sccmmhc92.asp.att.net [204.127.203.212]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0249443D72 for ; Wed, 9 Aug 2006 13:32:40 +0000 (GMT) (envelope-from brooks@lor.one-eyed-alien.net) Received: from lor.one-eyed-alien.net ([12.207.12.9]) by sccmmhc92.asp.att.net (sccmmhc92) with ESMTP id <20060809133239m92002s6t4e>; Wed, 9 Aug 2006 13:32:39 +0000 Received: from lor.one-eyed-alien.net (localhost [127.0.0.1]) by lor.one-eyed-alien.net (8.13.6/8.13.6) with ESMTP id k79DWZjQ008376; Wed, 9 Aug 2006 08:32:35 -0500 (CDT) (envelope-from brooks@lor.one-eyed-alien.net) Received: (from brooks@localhost) by lor.one-eyed-alien.net (8.13.6/8.13.6/Submit) id k79DWXng008375; Wed, 9 Aug 2006 08:32:33 -0500 (CDT) (envelope-from brooks) Date: Wed, 9 Aug 2006 08:32:32 -0500 From: Brooks Davis To: fwaggle Message-ID: <20060809133232.GC7832@lor.one-eyed-alien.net> References: <44D922E0.5050005@FreeBSD.org> <20060809071735.71840.qmail@web30310.mail.mud.yahoo.com> <20060809130842.GA7832@lor.one-eyed-alien.net> <44D9E348.3060604@hungryhacker.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="H8ygTp4AXg6deix2" Content-Disposition: inline In-Reply-To: <44D9E348.3060604@hungryhacker.com> User-Agent: Mutt/1.5.11 Cc: freebsd-security@freebsd.org Subject: Re: seeding dev/random in 5.5 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Aug 2006 13:32:43 -0000 --H8ygTp4AXg6deix2 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Aug 09, 2006 at 09:29:44AM -0400, fwaggle wrote: > Brooks Davis wrote: > >On Wed, Aug 09, 2006 at 12:17:35AM -0700, R. B. Riddick wrote: > >>--- Doug Barton wrote: > [snip] > >>* I received a private communication yesterday about this matter. But t= he=20 > >>list > >>did not. I will cite (not litterally) a little bit out of that message:= =20 > >>Since > >>you do not know anything about the remotely created host-key, u cannot= =20 > >>connect > >>safely to the freshly installed box, because: You do not even know the > >>signature of the new host-key, so that if u connect to the wrong box u= =20 > >>would > >>not even known. Workaround: You could give all hosts the same well-known > >>host-key (via your install-image-CD) and then u could change the host-k= ey=20 > >>in a > >>remotely controlled way individually and note down the signature? Maybe= my > >>secret informer (lets call him Rasmus or RK) wants to come public... :-) > > > >These are valid if probably overly paranoid points. :) > [/snip] >=20 > i have a question. perhaps i'm misunderstanding something with how SSH=20 > works, but how would having a "standard freebsd private key" benefit=20 > anyone? if you wanted to impersonate a newly installed freebsd machine,= =20 > then all you'd need is that freely-available private key. plus you'd get= =20 > a bunch of clueless admins who had their machines installed by a=20 > dedicated server provider, and who'd never change their host key, which= =20 > would effectively ruin SSH for their purposes. >=20 > unless i've seriously missed the boat somewhere (it's happened before!)= =20 > i think a better solution would still be random key generation with a=20 > nice little option to email the key signature somewhere that the new=20 > admin could pick it up. it's still fraught with impersonation danger for= =20 > the paranoid, but imo it's a better idea than having a not-so-private=20 > key on install. I interpreted the suggestion is something to be done via custom install media. There's no chance in hell the freebsd project would install a default key since it's such an obviously bad idea. -- Brooks --H8ygTp4AXg6deix2 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFE2ePvXY6L6fI4GtQRAn2xAJ48YiIC7YN4OuPvcDMZevqzm+7/EgCgq2Jl nebczo980bTeAegcV4AYzIM= =PrLI -----END PGP SIGNATURE----- --H8ygTp4AXg6deix2-- From owner-freebsd-security@FreeBSD.ORG Wed Aug 9 15:11:24 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5A19016A4DF for ; Wed, 9 Aug 2006 15:11:24 +0000 (UTC) (envelope-from arne_woerner@yahoo.com) Received: from web30314.mail.mud.yahoo.com (web30314.mail.mud.yahoo.com [209.191.69.76]) by mx1.FreeBSD.org (Postfix) with SMTP id E7BF643D82 for ; Wed, 9 Aug 2006 15:11:07 +0000 (GMT) (envelope-from arne_woerner@yahoo.com) Received: (qmail 65082 invoked by uid 60001); 9 Aug 2006 15:11:07 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=BHvkiCa+RHbMc+VV+4DDhEcXBGjP5U1f8Eve6DwmaVKtPIZzvpNd+enqERXpA8km1p80OfkrpjsmKtYtA4bDvRLhLH20OC6x+TiTv10T0p4QwEKJ+chiCb5Mz/wS6gekKtJWxPGid22EQEj6rKFh4p03Zd0LOrAaXaze45tDgxs= ; Message-ID: <20060809151107.65080.qmail@web30314.mail.mud.yahoo.com> Received: from [213.54.65.30] by web30314.mail.mud.yahoo.com via HTTP; Wed, 09 Aug 2006 08:11:06 PDT Date: Wed, 9 Aug 2006 08:11:06 -0700 (PDT) From: "R. B. Riddick" To: Brooks Davis In-Reply-To: <20060809130842.GA7832@lor.one-eyed-alien.net> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Cc: freebsd-security@freebsd.org, Doug Barton Subject: Re: seeding dev/random in 5.5 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Aug 2006 15:11:24 -0000 --- Brooks Davis wrote: > On Wed, Aug 09, 2006 at 12:17:35AM -0700, R. B. Riddick wrote: > These are valid if probably overly paranoid points. :) > Hmm... Oki Doke... But why use ssh, if u do not really care, if u connect to the right host? Maybe the postmen know telecom-men? ;-) > > * But what if the postman (see first point) know already the host-key from > > reading the CD? Then he could log in to ur boxes... > > This isn't true. The host key lets you impersonate the host. It > does not do anything related to log in (unless you use host based > auth). > Ooch! I wrote something wrong. :-) Most likely I meant: If the postman knows the secret part of the host-key, his host could still pretend to be the real host... -Arne __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From owner-freebsd-security@FreeBSD.ORG Wed Aug 9 15:18:06 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7ABA516A4DA for ; Wed, 9 Aug 2006 15:18:06 +0000 (UTC) (envelope-from arne_woerner@yahoo.com) Received: from web30304.mail.mud.yahoo.com (web30304.mail.mud.yahoo.com [209.191.69.66]) by mx1.FreeBSD.org (Postfix) with SMTP id 5974343D97 for ; Wed, 9 Aug 2006 15:17:46 +0000 (GMT) (envelope-from arne_woerner@yahoo.com) Received: (qmail 81658 invoked by uid 60001); 9 Aug 2006 15:17:45 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:Received:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=CExpF9/5cdmisoJIBV0X/nbk3vXsPkSvWLQKFz7qyJFGRDbWStvrZNsvS+HRpgXCnQjR54ALN0Kvvgddzea7jlgKIUATx52j8hA6a5eCossdK5I1slcYPCq7SZaEYjmOh4q9f1/H2PUxuC0yrdzyR/h7TrnXnbfLOyZcI+gfZGY= ; Message-ID: <20060809151745.81656.qmail@web30304.mail.mud.yahoo.com> Received: from [213.54.65.30] by web30304.mail.mud.yahoo.com via HTTP; Wed, 09 Aug 2006 08:17:45 PDT Date: Wed, 9 Aug 2006 08:17:45 -0700 (PDT) From: "R. B. Riddick" To: fwaggle , Brooks Davis In-Reply-To: <44D9E348.3060604@hungryhacker.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Cc: freebsd-security@freebsd.org Subject: Re: seeding dev/random in 5.5 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Aug 2006 15:18:06 -0000 --- fwaggle wrote: > i have a question. perhaps i'm misunderstanding something with how SSH > works, but how would having a "standard freebsd private key" benefit > anyone? if you wanted to impersonate a newly installed freebsd machine, > then all you'd need is that freely-available private key. plus you'd get > a bunch of clueless admins who had their machines installed by a > dedicated server provider, and who'd never change their host key, which > would effectively ruin SSH for their purposes. > Hmm... I was refering to the special problem of the beginner of this thread... As far as I understood him, he creates very special CDs, that are copied to the to-be-updated-box, that is buried very deeply in a computing centre. Those CDs may contain his special install-host-key without the problems u describe... > unless i've seriously missed the boat somewhere (it's happened before!) > i think a better solution would still be random key generation with a > nice little option to email the key signature somewhere that the new > admin could pick it up. it's still fraught with impersonation danger for > the paranoid, but imo it's a better idea than having a not-so-private > key on install. > Hmm... But then he would have the problem with a more complicated operation procedure, which has to be translated into hollandish-language (which is astonishingly quite similar to Africaans)... -Arne __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From owner-freebsd-security@FreeBSD.ORG Thu Aug 10 17:37:16 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8428916A4DD for ; Thu, 10 Aug 2006 17:37:16 +0000 (UTC) (envelope-from freebsd4@fadesa.es) Received: from fuego.fadesa.es (fuego.fadesa.es [195.55.55.9]) by mx1.FreeBSD.org (Postfix) with ESMTP id B097443D73 for ; Thu, 10 Aug 2006 17:37:10 +0000 (GMT) (envelope-from freebsd4@fadesa.es) Received: (from root@localhost) by fuego.fadesa.es (8.9.3p2/8.8.8) id TAA00094 for ; Thu, 10 Aug 2006 19:30:43 +0200 Received: from tierra.fadesa.es(195.55.55.7) by fuego.fadesa.es Thu, 10 Aug 06 19:30:19 +0200 Received: from [195.55.55.6] (filemon.fadesa.es [195.55.55.6] (may be forged)) by tierra.fadesa.es (8.9.3p2/8.8.8) with ESMTP id TAA31737 for ; Thu, 10 Aug 2006 19:36:32 +0200 Message-ID: <44DB6E98.8010701@fadesa.es> Date: Thu, 10 Aug 2006 19:36:24 +0200 From: =?ISO-8859-1?Q?=22Jos=E9_M=2E_Fandi=F1o=22?= User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.13) Gecko/20060417 X-Accept-Language: gl, es, en MIME-Version: 1.0 To: freebsd-security@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Logged: Logged by tierra.fadesa.es as TAA31737 at Thu Aug 10 19:36:32 2006 Subject: atheros chips dangerous? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Aug 2006 17:37:16 -0000 Hello, Possibly some of you will have read the news about "Hijacking a Macbook in 60 Seconds or Less"[1]. At this time I was searching a wireless card for my server and I wonder how this can affect to the combination FreeBSD+ath(4). The ath_hal page states that FreeBSD use a binary driver and I think it is located in this file[2]. Unlike OpenBSD which affirms that they have reverse engineering[3] the drivers would I be at risk if I use atheros based wireless cards with FreeBSD? all comments will be appreciated. Thank you. [1] http://blog.washingtonpost.com/securityfix/2006/08/hijacking_a_macbook_in_60_seco_1.html [2] http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/contrib/dev/ath/public/i386-elf.hal.o.uu [3] http://www.onlamp.com/pub/a/bsd/2006/04/27/openbsd-3_9.html From owner-freebsd-security@FreeBSD.ORG Thu Aug 10 17:39:09 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DED2A16A4DD for ; Thu, 10 Aug 2006 17:39:09 +0000 (UTC) (envelope-from phk@phk.freebsd.dk) Received: from phk.freebsd.dk (phk.freebsd.dk [130.225.244.222]) by mx1.FreeBSD.org (Postfix) with ESMTP id 48D4343D5C for ; Thu, 10 Aug 2006 17:39:05 +0000 (GMT) (envelope-from phk@phk.freebsd.dk) Received: from critter.freebsd.dk (critter.freebsd.dk [192.168.48.2]) by phk.freebsd.dk (Postfix) with ESMTP id DFD321703F; Thu, 10 Aug 2006 17:39:03 +0000 (UTC) To: =?ISO-8859-1?Q?=22Jos=E9_M=2E_Fandi=F1o=22?= From: "Poul-Henning Kamp" In-Reply-To: Your message of "Thu, 10 Aug 2006 19:36:24 +0200." <44DB6E98.8010701@fadesa.es> Date: Thu, 10 Aug 2006 17:39:03 +0000 Message-ID: <19127.1155231543@critter.freebsd.dk> Cc: freebsd-security@freebsd.org Subject: Re: atheros chips dangerous? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Aug 2006 17:39:10 -0000 In message <44DB6E98.8010701@fadesa.es>, =?ISO-8859-1?Q?=22Jos=E9_M=2E_Fandi=F1 o=22?= writes: > Unlike OpenBSD which affirms that they have reverse engineering[3] >the drivers would I be at risk if I use atheros based wireless cards >with FreeBSD? The Atheros driver in FreeBSD is maintained and compiled by Sam Leffler, who has been around since BSD 4.2 in the early eighties sometimes. I trust Sam. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. From owner-freebsd-security@FreeBSD.ORG Thu Aug 10 19:10:58 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2595116A4DE for ; Thu, 10 Aug 2006 19:10:58 +0000 (UTC) (envelope-from bvowk@math.ualberta.ca) Received: from 3jane.math.ualberta.ca (3jane.math.ualberta.ca [129.128.206.44]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8FC3243D53 for ; Thu, 10 Aug 2006 19:10:57 +0000 (GMT) (envelope-from bvowk@math.ualberta.ca) Received: from 3jane.math.ualberta.ca (localhost.math.ualberta.ca [127.0.0.1]) by 3jane.math.ualberta.ca (8.13.6/8.13.6) with ESMTP id k7AJAhwK094893; Thu, 10 Aug 2006 13:10:43 -0600 (MDT) (envelope-from bvowk@math.ualberta.ca) Received: from localhost (bvowk@localhost) by 3jane.math.ualberta.ca (8.13.6/8.13.6/Submit) with ESMTP id k7AJAhUH094890; Thu, 10 Aug 2006 13:10:43 -0600 (MDT) (envelope-from bvowk@math.ualberta.ca) X-Authentication-Warning: 3jane.math.ualberta.ca: bvowk owned process doing -bs Date: Thu, 10 Aug 2006 13:10:43 -0600 (MDT) From: Barkley Vowk To: Poul-Henning Kamp In-Reply-To: <19127.1155231543@critter.freebsd.dk> Message-ID: <20060810130331.X94142@3jane.math.ualberta.ca> References: <19127.1155231543@critter.freebsd.dk> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-security@freebsd.org, =?ISO-8859-1?Q?=22Jos=E9_M=2E_Fandi=F1o=22?= Subject: Re: atheros chips dangerous? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Aug 2006 19:10:58 -0000 On Thu, 10 Aug 2006, Poul-Henning Kamp wrote: > The Atheros driver in FreeBSD is maintained and compiled by Sam Leffler, > who has been around since BSD 4.2 in the early eighties sometimes. > > I trust Sam. I don't think that quite answers his question however. Its not so much a matter of trusting Sam, but a matter of trusting that Sam had enough access to the binary objects in question to have eliminated the errors in them. While I see that his name is in the copyright notice on the contrib code, I don't see anything to indicate that most of the code isn't shared between most platforms. So there might be a good chance that whatever bugs affect the OsX drivers, also affect the freebsd ones. That being said, I do trust Sam, and code written by Sam. I don't know however if this blob of code I'm loading was actually written by Sam, or just wrapped to work on freebsd by Sam. From owner-freebsd-security@FreeBSD.ORG Thu Aug 10 19:26:52 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4B8B216A4DD for ; Thu, 10 Aug 2006 19:26:52 +0000 (UTC) (envelope-from phk@phk.freebsd.dk) Received: from phk.freebsd.dk (phk.freebsd.dk [130.225.244.222]) by mx1.FreeBSD.org (Postfix) with ESMTP id DF39D43D4C for ; Thu, 10 Aug 2006 19:26:51 +0000 (GMT) (envelope-from phk@phk.freebsd.dk) Received: from critter.freebsd.dk (critter.freebsd.dk [192.168.48.2]) by phk.freebsd.dk (Postfix) with ESMTP id 46CC61703F; Thu, 10 Aug 2006 19:26:50 +0000 (UTC) To: Barkley Vowk From: "Poul-Henning Kamp" In-Reply-To: Your message of "Thu, 10 Aug 2006 13:10:43 CST." <20060810130331.X94142@3jane.math.ualberta.ca> Date: Thu, 10 Aug 2006 19:26:50 +0000 Message-ID: <19518.1155238010@critter.freebsd.dk> Cc: freebsd-security@freebsd.org, =?ISO-8859-1?Q?=22Jos=E9_M=2E_Fandi=F1o=22?= Subject: Re: atheros chips dangerous? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Aug 2006 19:26:52 -0000 In message <20060810130331.X94142@3jane.math.ualberta.ca>, Barkley Vowk writes: >On Thu, 10 Aug 2006, Poul-Henning Kamp wrote: > >> The Atheros driver in FreeBSD is maintained and compiled by Sam Leffler, >> who has been around since BSD 4.2 in the early eighties sometimes. >> >> I trust Sam. > >I don't think that quite answers his question however. Its not so much a >matter of trusting Sam, but a matter of trusting that Sam had enough >access to the binary objects in question to have eliminated the errors in >them. Sam compiled those binaries, he has the source code. And it is a matter of trust. Unless you are willing to stand up can swear that you have never run a single line of code which you have not inspected and throught about yourself, then you implicitly have to trust the programmer. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. From owner-freebsd-security@FreeBSD.ORG Fri Aug 11 07:10:25 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B4ACC16A4DD for ; Fri, 11 Aug 2006 07:10:25 +0000 (UTC) (envelope-from ady@fwd.ady.ro) Received: from nf-out-f131.google.com (nf-out-f131.google.com [64.233.182.131]) by mx1.FreeBSD.org (Postfix) with ESMTP id 67C7A43D53 for ; Fri, 11 Aug 2006 07:10:21 +0000 (GMT) (envelope-from ady@fwd.ady.ro) Received: by nf-out-f131.google.com with SMTP id x9so36386nfb for ; Fri, 11 Aug 2006 00:10:20 -0700 (PDT) Received: by 10.78.107.8 with SMTP id f8mr2046029huc; Fri, 11 Aug 2006 00:10:19 -0700 (PDT) Received: by 10.78.159.8 with HTTP; Fri, 11 Aug 2006 00:10:19 -0700 (PDT) Message-ID: <9e01a0da0608110010nb48e90fra21f149b836d32fa@mail.gmail.com> Date: Fri, 11 Aug 2006 10:10:19 +0300 From: "Adrian Penisoara" Sender: ady@fwd.ady.ro To: freebsd-isp@freebsd.org In-Reply-To: <20060810204943.GG2164@rabbit> MIME-Version: 1.0 References: <20060810132435.GB2636@rabbit> <44DB9955.10102@FreeBSD.org> <20060810204943.GG2164@rabbit> X-Google-Sender-Auth: 8f3946871f48b086 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-security@freebsd.org Subject: Re: Ports/source dance X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Aug 2006 07:10:25 -0000 Hi, On 8/10/06, Mark Bucciarelli wrote: > > > There's a scary security alert from yesterday out and no port > update so I judged it to be isp-related. I looked for > ports-security list but didn't see one. > > You know, that might be a very good ideea -- e.g. have a security team and list for ports as we have one for the base distribution. There should be enough volunteers. What would the FreeBSD security officer say about this ? Regards, Adrian. Ady (@freebsd.ady.ro) From owner-freebsd-security@FreeBSD.ORG Fri Aug 11 09:03:56 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5342516A4DA for ; Fri, 11 Aug 2006 09:03:56 +0000 (UTC) (envelope-from freebsd4@fadesa.es) Received: from fuego.fadesa.es (fuego.fadesa.es [195.55.55.9]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5FEF143D45 for ; Fri, 11 Aug 2006 09:03:54 +0000 (GMT) (envelope-from freebsd4@fadesa.es) Received: (from root@localhost) by fuego.fadesa.es (8.9.3p2/8.8.8) id KAA27779 for ; Fri, 11 Aug 2006 10:57:23 +0200 Received: from tierra.fadesa.es(195.55.55.7) by fuego.fadesa.es Fri, 11 Aug 06 10:57:15 +0200 Received: from [195.55.55.6] (filemon.fadesa.es [195.55.55.6] (may be forged)) by tierra.fadesa.es (8.9.3p2/8.8.8) with ESMTP id LAA06819 for ; Fri, 11 Aug 2006 11:03:19 +0200 Message-ID: <44DC47D7.2050908@fadesa.es> Date: Fri, 11 Aug 2006 11:03:19 +0200 From: =?ISO-8859-1?Q?=22Jos=E9_M=2E_Fandi=F1o=22?= User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.13) Gecko/20060417 X-Accept-Language: gl, es, en MIME-Version: 1.0 To: freebsd-security@freebsd.org References: <19518.1155238010@critter.freebsd.dk> In-Reply-To: <19518.1155238010@critter.freebsd.dk> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Logged: Logged by tierra.fadesa.es as LAA06819 at Fri Aug 11 11:03:19 2006 Subject: Re: atheros chips dangerous? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Aug 2006 09:03:56 -0000 Poul-Henning Kamp wrote: > In message <20060810130331.X94142@3jane.math.ualberta.ca>, Barkley Vowk writes: > >>On Thu, 10 Aug 2006, Poul-Henning Kamp wrote: >> >>>The Atheros driver in FreeBSD is maintained and compiled by Sam Leffler, >>>who has been around since BSD 4.2 in the early eighties sometimes. >>> >>>I trust Sam. >> >>I don't think that quite answers his question however. Its not so much a >>matter of trusting Sam, but a matter of trusting that Sam had enough >>access to the binary objects in question to have eliminated the errors in >>them. > > Sam compiled those binaries, he has the source code. > > And it is a matter of trust. from the phk's comments I deduce that it was a NDA between Atheros and FreeBSD. In my opinion the difference is that with NDA you place trust in a few persons (the ones with the code), whilst with open source drivers the code can be reviewed by all people with enough knowledge about the subject and since peer review is an important concept in FOSS quality (and security) it would be desirable to have free code. this answers to my question, thanks you. From owner-freebsd-security@FreeBSD.ORG Fri Aug 11 09:24:28 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2D53216A4DD for ; Fri, 11 Aug 2006 09:24:28 +0000 (UTC) (envelope-from phk@phk.freebsd.dk) Received: from phk.freebsd.dk (phk.freebsd.dk [130.225.244.222]) by mx1.FreeBSD.org (Postfix) with ESMTP id C490C43D6A for ; Fri, 11 Aug 2006 09:24:27 +0000 (GMT) (envelope-from phk@phk.freebsd.dk) Received: from critter.freebsd.dk (critter.freebsd.dk [192.168.48.2]) by phk.freebsd.dk (Postfix) with ESMTP id D59C61703F; Fri, 11 Aug 2006 09:24:25 +0000 (UTC) To: =?ISO-8859-1?Q?=22Jos=E9_M=2E_Fandi=F1o=22?= From: "Poul-Henning Kamp" In-Reply-To: Your message of "Fri, 11 Aug 2006 11:03:19 +0200." <44DC47D7.2050908@fadesa.es> Date: Fri, 11 Aug 2006 09:24:25 +0000 Message-ID: <38802.1155288265@critter.freebsd.dk> Cc: freebsd-security@freebsd.org Subject: Re: atheros chips dangerous? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Aug 2006 09:24:28 -0000 In message <44DC47D7.2050908@fadesa.es>, =?ISO-8859-1?Q?=22Jos=E9_M=2E_Fandi=F1 o=22?= writes: >> Sam compiled those binaries, he has the source code. >> > And it is a matter of trust. > >from the phk's comments I deduce that it was a NDA between Atheros >and FreeBSD. The NDA is between Atheros and Sam Leffler. >In my opinion the difference is that with NDA you place trust in >a few persons (the ones with the code), whilst with open source >drivers the code can be reviewed by all people with enough >knowledge about the subject and since peer review is an important >concept in FOSS quality (and security) it would be desirable >to have free code. While that is certainly true, I also feel that the fact that Atheros has actively tried to work with the FOSS people to get a good driver should be credited to them. Other vendors have been totally impossible to work with. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. From owner-freebsd-security@FreeBSD.ORG Fri Aug 11 10:28:44 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EAC4816A4DA for ; Fri, 11 Aug 2006 10:28:44 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8C83943D55 for ; Fri, 11 Aug 2006 10:28:44 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id 3491546C1D; Fri, 11 Aug 2006 06:28:43 -0400 (EDT) Date: Fri, 11 Aug 2006 11:28:43 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: Poul-Henning Kamp In-Reply-To: <38802.1155288265@critter.freebsd.dk> Message-ID: <20060811112511.T45647@fledge.watson.org> References: <38802.1155288265@critter.freebsd.dk> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-security@freebsd.org, =?ISO-8859-1?Q?Jos=E9_M=2E_Fandi=F1o?= Subject: Re: atheros chips dangerous? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Aug 2006 10:28:45 -0000 On Fri, 11 Aug 2006, Poul-Henning Kamp wrote: >> In my opinion the difference is that with NDA you place trust in a few >> persons (the ones with the code), whilst with open source drivers the code >> can be reviewed by all people with enough knowledge about the subject and >> since peer review is an important concept in FOSS quality (and security) it >> would be desirable to have free code. > > While that is certainly true, I also feel that the fact that Atheros has > actively tried to work with the FOSS people to get a good driver should be > credited to them. > > Other vendors have been totally impossible to work with. Something worth observing here is that many modern device drivers, especially more complex cards with significant offload of functionality to the card, have closed source components -- the firmware for the device. The HAL is a tiny wrapper around programming of a few very specific elements of the hardware behavior to do with software radio power/frequency, etc. Compared to the size of the closed source chunk in the firmware of many device drivers (ipw, many RAID controllers, etc, for example), it is miniscule, and is reviewed and maintained by an open source person. You could argue that this is significantly more forthcoming than many other vendors, for whom firmware binaries are entirely closed source. Robert N M Watson Computer Laboratory University of Cambridge From owner-freebsd-security@FreeBSD.ORG Fri Aug 11 10:52:51 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D7E4B16A4E2; Fri, 11 Aug 2006 10:52:51 +0000 (UTC) (envelope-from phk@phk.freebsd.dk) Received: from phk.freebsd.dk (phk.freebsd.dk [130.225.244.222]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7D5FE43D4C; Fri, 11 Aug 2006 10:52:51 +0000 (GMT) (envelope-from phk@phk.freebsd.dk) Received: from critter.freebsd.dk (critter.freebsd.dk [192.168.48.2]) by phk.freebsd.dk (Postfix) with ESMTP id D3A491703F; Fri, 11 Aug 2006 10:52:49 +0000 (UTC) To: Robert Watson From: "Poul-Henning Kamp" In-Reply-To: Your message of "Fri, 11 Aug 2006 11:28:43 +0100." <20060811112511.T45647@fledge.watson.org> Date: Fri, 11 Aug 2006 10:52:49 +0000 Message-ID: <50306.1155293569@critter.freebsd.dk> Cc: freebsd-security@freebsd.org, =?ISO-8859-1?Q?Jos=E9_M=2E_Fandi=F1o?= Subject: Re: atheros chips dangerous? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Aug 2006 10:52:51 -0000 In message <20060811112511.T45647@fledge.watson.org>, Robert Watson writes: >Something worth observing here is that many modern device drivers, especially >more complex cards with significant offload of functionality to the card, have >closed source components [...] Not to mention regulatory requirements that the hardware not be configured in certain parts of spectrum or power levels. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. From owner-freebsd-security@FreeBSD.ORG Fri Aug 11 08:46:51 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C2B3C16A4F8 for ; Fri, 11 Aug 2006 08:46:51 +0000 (UTC) (envelope-from jm.fandino@fadesa.es) Received: from fuego.fadesa.es (fuego.fadesa.es [195.55.55.9]) by mx1.FreeBSD.org (Postfix) with ESMTP id D704243D49 for ; Fri, 11 Aug 2006 08:46:50 +0000 (GMT) (envelope-from jm.fandino@fadesa.es) Received: (from root@localhost) by fuego.fadesa.es (8.9.3p2/8.8.8) id KAA18218 for ; Fri, 11 Aug 2006 10:40:19 +0200 Received: from tierra.fadesa.es(195.55.55.7) by fuego.fadesa.es Fri, 11 Aug 06 10:40:02 +0200 Received: from [195.55.55.6] (filemon.fadesa.es [195.55.55.6] (may be forged)) by tierra.fadesa.es (8.9.3p2/8.8.8) with ESMTP id KAA04412 for ; Fri, 11 Aug 2006 10:46:19 +0200 Message-ID: <44DC43DB.5060904@fadesa.es> Date: Fri, 11 Aug 2006 10:46:19 +0200 From: =?ISO-8859-1?Q?=22Jos=E9_M=2E_Fandi=F1o=22?= User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.13) Gecko/20060417 X-Accept-Language: gl, es, en MIME-Version: 1.0 To: freebsd-security@freebsd.org References: <19518.1155238010@critter.freebsd.dk> In-Reply-To: <19518.1155238010@critter.freebsd.dk> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Logged: Logged by tierra.fadesa.es as KAA04412 at Fri Aug 11 10:46:19 2006 X-Mailman-Approved-At: Fri, 11 Aug 2006 11:32:35 +0000 Subject: Re: atheros chips dangerous? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Aug 2006 08:46:51 -0000 Poul-Henning Kamp wrote: > In message <20060810130331.X94142@3jane.math.ualberta.ca>, Barkley Vowk writes: > >>On Thu, 10 Aug 2006, Poul-Henning Kamp wrote: >> >>>The Atheros driver in FreeBSD is maintained and compiled by Sam Leffler, >>>who has been around since BSD 4.2 in the early eighties sometimes. >>> >>>I trust Sam. >> >>I don't think that quite answers his question however. Its not so much a >>matter of trusting Sam, but a matter of trusting that Sam had enough >>access to the binary objects in question to have eliminated the errors in >>them. > > Sam compiled those binaries, he has the source code. > > And it is a matter of trust. from the phk's comments I deduce that it was a NDA between Atheros and FreeBSD. In my opinion the difference is that with NDA you place trust in a few persons (the ones with the code), whilst with open source drivers the code can be reviewed by all people with enough knowledge about the subject and since peer review is an important concept in FOSS quality (and security) it would be desirable to have free code. this answers to my question, thanks you. From owner-freebsd-security@FreeBSD.ORG Fri Aug 11 16:53:50 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3F41816A4DA for ; Fri, 11 Aug 2006 16:53:50 +0000 (UTC) (envelope-from morganw@chemikals.org) Received: from ms-smtp-02.southeast.rr.com (ms-smtp-02.southeast.rr.com [24.25.9.101]) by mx1.FreeBSD.org (Postfix) with ESMTP id C9D3C43D4C for ; Fri, 11 Aug 2006 16:53:49 +0000 (GMT) (envelope-from morganw@chemikals.org) Received: from volatile.chemikals.org (cpe-024-211-118-154.sc.res.rr.com [24.211.118.154]) by ms-smtp-02.southeast.rr.com (8.13.6/8.13.6) with ESMTP id k7BGrXIT006059; Fri, 11 Aug 2006 12:53:33 -0400 (EDT) Received: from localhost (morganw@localhost [127.0.0.1]) by volatile.chemikals.org (8.13.6/8.13.6) with ESMTP id k7BGrXIZ077467; Fri, 11 Aug 2006 12:53:33 -0400 (EDT) (envelope-from morganw@chemikals.org) Date: Fri, 11 Aug 2006 12:53:33 -0400 (EDT) From: Wesley Morgan To: =?iso-8859-1?Q?Jos=E9_M=2E_Fandi=F1o?= , freebsd-security@freebsd.org In-Reply-To: <38802.1155288265@critter.freebsd.dk> Message-ID: <20060811123921.K43265@volatile.chemikals.org> References: <38802.1155288265@critter.freebsd.dk> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Virus-Scanned: Symantec AntiVirus Scan Engine Cc: Subject: Re: atheros chips dangerous? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Aug 2006 16:53:50 -0000 On Fri, 11 Aug 2006, Poul-Henning Kamp wrote: > In message <44DC47D7.2050908@fadesa.es>, =?ISO-8859-1?Q?=22Jos=E9_M=2E_Fandi=F1 > o=22?= writes: > >>> Sam compiled those binaries, he has the source code. >>> >> And it is a matter of trust. >> >> from the phk's comments I deduce that it was a NDA between Atheros >> and FreeBSD. > > The NDA is between Atheros and Sam Leffler. > >> In my opinion the difference is that with NDA you place trust in >> a few persons (the ones with the code), whilst with open source >> drivers the code can be reviewed by all people with enough >> knowledge about the subject and since peer review is an important >> concept in FOSS quality (and security) it would be desirable >> to have free code. > > While that is certainly true, I also feel that the fact that > Atheros has actively tried to work with the FOSS people to get > a good driver should be credited to them. > > Other vendors have been totally impossible to work with. I agree, the Atheros driver is fantastic. The driver may be "binary" in some ways, but I think we got the best of both worlds. The vendor is providing every scrap of information necessary without having to give away trade secrets, and FreeBSD got a driver authored by a developer who is probably one of the most qualified people in the world to work on it. I know I go out of my way to purchase and recommend Atheros-based wireless devices because of this. Anyone who simply makes the blanket assumption that because something is "FOSS" that it gets more peer review need only to look at some of the oldest open source projects around, such as sendmail or XFree/Xorg, to realize that security problems can persist for years without being discovered. -- This .signature sanitized for your protection From owner-freebsd-security@FreeBSD.ORG Fri Aug 11 17:00:52 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4CA5016A587 for ; Fri, 11 Aug 2006 17:00:52 +0000 (UTC) (envelope-from tom.yerex@science.ubc.ca) Received: from spam.science.ubc.ca (spam.science.ubc.ca [142.103.151.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id E33B843D45 for ; Fri, 11 Aug 2006 17:00:51 +0000 (GMT) (envelope-from tom.yerex@science.ubc.ca) Received: from ASSP-nospam (localhost.science.ubc.ca [127.0.0.1]) by spam.science.ubc.ca (Postfix) with ESMTP id 13B8217DC0 for ; Fri, 11 Aug 2006 10:00:44 -0700 (PDT) Received: from 10.15.2.15 ([10.15.2.15] helo=gable.science.ubc.ca) by ASSP-nospam ; 11 Aug 06 17:00:30 -0000 From: Tom Yerex To: freebsd-security@freebsd.org Date: 11-Aug-2006 10:00:30 PDT Message-ID: X-MIMETrack: Serialize by Router on GABLE/UBC(Release 7.0.1|January 17, 2006) at 11/08/2006 10:00:46 AM Content-Disposition: inline MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Tom Yerex is out of the office. X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Aug 2006 17:00:52 -0000 I will be out of the office starting 08/11/2006 and will not return until 08/14/2006. I will periodically check my voice messages and email. If there is an emergency, please phone 604-822-6080 and leave a message. Thank you, Tom Yerex. From owner-freebsd-security@FreeBSD.ORG Fri Aug 11 17:01:06 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2319416A4DA for ; Fri, 11 Aug 2006 17:01:06 +0000 (UTC) (envelope-from danderse@flux.utah.edu) Received: from bas.flux.utah.edu (bas.flux.utah.edu [155.98.60.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id B566E43D46 for ; Fri, 11 Aug 2006 17:01:05 +0000 (GMT) (envelope-from danderse@flux.utah.edu) Received: from bas.flux.utah.edu (localhost [127.0.0.1]) by bas.flux.utah.edu (8.13.6/8.12.11) with ESMTP id k7BH0kph072979; Fri, 11 Aug 2006 11:00:46 -0600 (MDT) (envelope-from danderse@bas.flux.utah.edu) Received: (from danderse@localhost) by bas.flux.utah.edu (8.13.6/8.13.6/Submit) id k7BH0kpU072978; Fri, 11 Aug 2006 11:00:46 -0600 (MDT) (envelope-from danderse) Date: Fri, 11 Aug 2006 11:00:46 -0600 From: "David G. Andersen" To: Wesley Morgan Message-ID: <20060811170046.GA94399@cs.utah.edu> References: <38802.1155288265@critter.freebsd.dk> <20060811123921.K43265@volatile.chemikals.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20060811123921.K43265@volatile.chemikals.org> User-Agent: Mutt/1.4.2.2i Cc: freebsd-security@freebsd.org, "Jos? M. Fandi?o" Subject: Re: atheros chips dangerous? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Aug 2006 17:01:06 -0000 Wesley Morgan just mooed: > I agree, the Atheros driver is fantastic. The driver may be "binary" in > some ways, but I think we got the best of both worlds. The vendor is > providing every scrap of information necessary without having to give away > trade secrets, and FreeBSD got a driver authored by a developer who is > probably one of the most qualified people in the world to work on it. I > know I go out of my way to purchase and recommend Atheros-based wireless > devices because of this. > It's not just trade secrets - it's FCC regulations, as phk alluded to. Customers are not allowed to have the ability to configure a device to operate outside its allowed frequency and power range. -Dave -- work: dga@cs.cmu.edu me: dga@pobox.com Carnegie Mellon University http://www.angio.net/ I do not accept unsolicited commercial email. Do not spam me. From owner-freebsd-security@FreeBSD.ORG Fri Aug 11 17:54:54 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C897A16A4DA for ; Fri, 11 Aug 2006 17:54:54 +0000 (UTC) (envelope-from kloranger@net-temps.com) Received: from phobos.net-temps.com (phobos.net-temps.com [64.95.77.96]) by mx1.FreeBSD.org (Postfix) with ESMTP id DB2A443D4C for ; Fri, 11 Aug 2006 17:54:53 +0000 (GMT) (envelope-from kloranger@net-temps.com) Received: from localhost (localhost [127.0.0.1]) by phobos.net-temps.com (Postfix) with ESMTP id 96AB73F42E; Fri, 11 Aug 2006 13:54:52 -0400 (EDT) Received: from phobos.net-temps.com ([127.0.0.1]) by localhost (phobos.net-temps.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 37191-05; Fri, 11 Aug 2006 13:54:51 -0400 (EDT) Received: from pcf703372b76ab (unknown [192.168.1.35]) by phobos.net-temps.com (Postfix) with ESMTP id D1F523F480; Fri, 11 Aug 2006 13:54:50 -0400 (EDT) From: "Kris_loranger" To: "'Tom Yerex'" , Date: Fri, 11 Aug 2006 13:56:51 -0400 Message-ID: <005a01c6bd6f$864dc120$2301a8c0@pcf703372b76ab> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.6626 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869 In-Reply-To: X-Virus-Scanned: by amavisd-new at net-temps.com Cc: Subject: RE: Tom Yerex is out of the office. X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Aug 2006 17:54:54 -0000 Cool, Now everyone knows you won't be watching your systems until Sunday. -Kris -----Original Message----- From: owner-freebsd-security@freebsd.org [mailto:owner-freebsd-security@freebsd.org] On Behalf Of Tom Yerex Sent: Friday, August 11, 2006 1:00 PM To: freebsd-security@freebsd.org Subject: Tom Yerex is out of the office. I will be out of the office starting 08/11/2006 and will not return until 08/14/2006. I will periodically check my voice messages and email. If there is an emergency, please phone 604-822-6080 and leave a message. Thank you, Tom Yerex. _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" From owner-freebsd-security@FreeBSD.ORG Fri Aug 11 18:24:32 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CF80316A4F2 for ; Fri, 11 Aug 2006 18:24:32 +0000 (UTC) (envelope-from tom.yerex@science.ubc.ca) Received: from spam.science.ubc.ca (spam.science.ubc.ca [142.103.151.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id C74DF43E23 for ; Fri, 11 Aug 2006 18:22:35 +0000 (GMT) (envelope-from tom.yerex@science.ubc.ca) Received: from ASSP-nospam (localhost.science.ubc.ca [127.0.0.1]) by spam.science.ubc.ca (Postfix) with ESMTP id 65CF317E61 for ; Fri, 11 Aug 2006 11:22:11 -0700 (PDT) Received: from 10.15.2.15 ([10.15.2.15] helo=gable.science.ubc.ca) by ASSP-nospam ; 11 Aug 06 18:22:10 -0000 In-Reply-To: <005a01c6bd6f$864dc120$2301a8c0@pcf703372b76ab> To: freebsd-security@freebsd.org MIME-Version: 1.0 X-Mailer: Lotus Notes Release 7.0.1 January 17, 2006 Message-ID: From: Tom Yerex Date: Fri, 11 Aug 2006 11:22:09 -0700 X-MIMETrack: Serialize by Router on GABLE/UBC(Release 7.0.1|January 17, 2006) at 11/08/2006 11:22:11 AM, Serialize complete at 11/08/2006 11:22:11 AM Content-Type: text/plain; charset="US-ASCII" X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: RE: Tom Yerex is out of the office. X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Aug 2006 18:24:33 -0000 Sorry about that list! Tom. "Kris_loranger" 11/08/2006 10:54 AM To "'Tom Yerex'" , cc Subject RE: Tom Yerex is out of the office. Cool, Now everyone knows you won't be watching your systems until Sunday. -Kris -----Original Message----- From: owner-freebsd-security@freebsd.org [mailto:owner-freebsd-security@freebsd.org] On Behalf Of Tom Yerex Sent: Friday, August 11, 2006 1:00 PM To: freebsd-security@freebsd.org Subject: Tom Yerex is out of the office. I will be out of the office starting 08/11/2006 and will not return until 08/14/2006. I will periodically check my voice messages and email. If there is an emergency, please phone 604-822-6080 and leave a message. Thank you, Tom Yerex. _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" From owner-freebsd-security@FreeBSD.ORG Fri Aug 11 18:50:02 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7E05616A4E5 for ; Fri, 11 Aug 2006 18:50:02 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from mail2.fluidhosting.com (mx24.fluidhosting.com [204.14.89.7]) by mx1.FreeBSD.org (Postfix) with SMTP id DEE6843D49 for ; Fri, 11 Aug 2006 18:50:01 +0000 (GMT) (envelope-from dougb@FreeBSD.org) Received: (qmail 2923 invoked by uid 399); 11 Aug 2006 18:50:01 -0000 Received: from localhost (HELO ?192.168.0.3?) (dougb@dougbarton.us@127.0.0.1) by localhost with SMTP; 11 Aug 2006 18:50:01 -0000 Message-ID: <44DCD156.6030108@FreeBSD.org> Date: Fri, 11 Aug 2006 11:49:58 -0700 From: Doug Barton Organization: http://www.FreeBSD.org/ User-Agent: Thunderbird 1.5.0.5 (X11/20060729) MIME-Version: 1.0 To: Wesley Morgan References: <38802.1155288265@critter.freebsd.dk> <20060811123921.K43265@volatile.chemikals.org> In-Reply-To: <20060811123921.K43265@volatile.chemikals.org> X-Enigmail-Version: 0.94.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-security@freebsd.org, =?ISO-8859-1?Q?=22Jos=E9_M=2E_Fandi=F1o=22?= Subject: Re: atheros chips dangerous? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Aug 2006 18:50:02 -0000 Wesley Morgan wrote: > I agree, the Atheros driver is fantastic. The driver may be "binary" in > some ways, but I think we got the best of both worlds. The vendor is > providing every scrap of information necessary without having to give > away trade secrets, and FreeBSD got a driver authored by a developer who > is probably one of the most qualified people in the world to work on it. > I know I go out of my way to purchase and recommend Atheros-based > wireless devices because of this. > > Anyone who simply makes the blanket assumption that because something is > "FOSS" that it gets more peer review need only to look at some of the > oldest open source projects around, such as sendmail or XFree/Xorg, to > realize that security problems can persist for years without being > discovered. I can't resist the urge to add a "me too" on all points here, especially the part about going out of my way to use and recommend Atheros bits. These guys are a model for how hardware vendors can successfully interact with the open source community for mutual benefit. Doug -- This .signature sanitized for your protection From owner-freebsd-security@FreeBSD.ORG Sat Aug 12 11:20:28 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C5D1016A4E0; Sat, 12 Aug 2006 11:20:28 +0000 (UTC) (envelope-from simon@zaphod.nitro.dk) Received: from mx.nitro.dk (zarniwoop.nitro.dk [83.92.207.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4FBC143D45; Sat, 12 Aug 2006 11:20:27 +0000 (GMT) (envelope-from simon@zaphod.nitro.dk) Received: from zaphod.nitro.dk (unknown [192.168.3.39]) by mx.nitro.dk (Postfix) with ESMTP id 1F5FE2DDCDC; Sat, 12 Aug 2006 11:20:26 +0000 (UTC) Received: by zaphod.nitro.dk (Postfix, from userid 3000) id 977811141D; Sat, 12 Aug 2006 13:20:25 +0200 (CEST) Date: Sat, 12 Aug 2006 13:20:25 +0200 From: "Simon L. Nielsen" To: Adrian Penisoara Message-ID: <20060812112024.GA1076@zaphod.nitro.dk> References: <20060810132435.GB2636@rabbit> <44DB9955.10102@FreeBSD.org> <20060810204943.GG2164@rabbit> <9e01a0da0608110010nb48e90fra21f149b836d32fa@mail.gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <9e01a0da0608110010nb48e90fra21f149b836d32fa@mail.gmail.com> User-Agent: Mutt/1.5.11 Cc: freebsd-isp@freebsd.org, freebsd-security@freebsd.org Subject: Re: Ports security [was: Ports/source dance] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Aug 2006 11:20:28 -0000 On 2006.08.11 10:10:19 +0300, Adrian Penisoara wrote: > On 8/10/06, Mark Bucciarelli wrote: > > > >There's a scary security alert from yesterday out and no port > >update so I judged it to be isp-related. I looked for > >ports-security list but didn't see one. > > You know, that might be a very good ideea -- e.g. have a security team and > list for ports as we have one for the base distribution. There should be > enough volunteers. > > What would the FreeBSD security officer say about this ? I was not on freebsd-isp, so I hadn't seen the start of this thread. Ports security issues should go to either freebsd-ports@, freebsd-security@, or directly to the FreeBSD Security Team at secteam@FreeBSD.org, if you want to catch the attention of the Security Team. I don't currently see enough volume with regards to ports security issues to warrant a separate mailing list. I think using freebsd-security@ should be fine, and we can always create a new list if needed. With regards to a separate security team for ports, it has been discussed in the past, but so far hasn't been created mainly since it haven't been a problem for secteam members working on ports just being part of the "normal" secteam, while only/mostly working on ports issues. It would be very nice if more people helped out with the ports side of FreeBSD security, but when we had the last call for volunteers among committers there weren't a lot of people volunteering to help out with ports as part of the Security Team. That said, it's certainly no requirement to be a committer or to be part of secteam to help out. Just create VuXML entries [1] [2] and send them to freebsd-vuxml@FreeBSD.org or secteam@FreeBSD.org for review and commit, or fix issues and send patches as PR's where secteam is CC'ed. -- Simon L. Nielsen FreeBSD Deputy Security Officer From owner-freebsd-security@FreeBSD.ORG Sat Aug 12 11:48:30 2006 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AE2D716A4DD for ; Sat, 12 Aug 2006 11:48:30 +0000 (UTC) (envelope-from ady@fwd.ady.ro) Received: from nf-out-f131.google.com (nf-out-f131.google.com [64.233.182.131]) by mx1.FreeBSD.org (Postfix) with ESMTP id BE30943D6D for ; Sat, 12 Aug 2006 11:48:12 +0000 (GMT) (envelope-from ady@fwd.ady.ro) Received: by nf-out-f131.google.com with SMTP id x9so59559nfb for ; Sat, 12 Aug 2006 04:48:11 -0700 (PDT) Received: by 10.78.127.6 with SMTP id z6mr2555780huc; Sat, 12 Aug 2006 04:48:10 -0700 (PDT) Received: by 10.78.159.8 with HTTP; Sat, 12 Aug 2006 04:48:10 -0700 (PDT) Message-ID: <9e01a0da0608120448t7a82d8b9y8379a194d8d14a52@mail.gmail.com> Date: Sat, 12 Aug 2006 14:48:10 +0300 From: "Adrian Penisoara" Sender: ady@fwd.ady.ro To: "Simon L. Nielsen" In-Reply-To: <20060812112024.GA1076@zaphod.nitro.dk> MIME-Version: 1.0 References: <20060810132435.GB2636@rabbit> <44DB9955.10102@FreeBSD.org> <20060810204943.GG2164@rabbit> <9e01a0da0608110010nb48e90fra21f149b836d32fa@mail.gmail.com> <20060812112024.GA1076@zaphod.nitro.dk> X-Google-Sender-Auth: 1784d768a9642a9d Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-security@freebsd.org, freebsd-doc@freebsd.org Subject: Re: Ports security [was: Ports/source dance] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Aug 2006 11:48:30 -0000 Hi, On 8/12/06, Simon L. Nielsen wrote: > > > > > What would the FreeBSD security officer say about this ? > > I was not on freebsd-isp, so I hadn't seen the start of this thread. > > Ports security issues should go to either freebsd-ports@, > freebsd-security@, or directly to the FreeBSD Security Team at > secteam@FreeBSD.org, if you want to catch the attention of the > Security Team. > > I don't currently see enough volume with regards to ports security > issues to warrant a separate mailing list. I think using > freebsd-security@ should be fine, and we can always create a new list > if needed. > > With regards to a separate security team for ports, it has been > discussed in the past, but so far hasn't been created mainly since it > haven't been a problem for secteam members working on ports just being > part of the "normal" secteam, while only/mostly working on ports > issues. > > It would be very nice if more people helped out with the ports side of > FreeBSD security, but when we had the last call for volunteers among > committers there weren't a lot of people volunteering to help out with > ports as part of the Security Team. > > That said, it's certainly no requirement to be a committer or to be > part of secteam to help out. Just create VuXML entries [1] [2] and > send them to freebsd-vuxml@FreeBSD.org or secteam@FreeBSD.org for > review and commit, or fix issues and send patches as PR's where > secteam is CC'ed. -- > Simon L. Nielsen > FreeBSD Deputy Security Officer > Thanks for the well-written response. I think at least part of it should make it into the FreeBSD Security Information page ( http://www.freebsd.org/security/ ) since currently there is just a simple reference towards VuXML for ports security. My 2cents, Adrian Penisoara Ady (@freebsd.ady.ro, @rofug.ro)