From owner-freebsd-security Sun Feb 15 00:44:12 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id AAA24429 for freebsd-security-outgoing; Sun, 15 Feb 1998 00:44:12 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from idiom.com (idiom.com [140.174.82.4]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id AAA24423 for ; Sun, 15 Feb 1998 00:44:09 -0800 (PST) (envelope-from muir@idiom.com) Received: (from muir@localhost) by idiom.com (8.8.7/8.8.5) id XAA11526 for freebsd-security@FreeBSD.ORG; Sat, 14 Feb 1998 23:47:02 -0800 (PST) Date: Sat, 14 Feb 1998 23:47:02 -0800 (PST) From: David Muir Sharnoff Message-Id: <199802150747.XAA11526@idiom.com> To: freebsd-security@FreeBSD.ORG Subject: Firewall generation. Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk I've just built a perl module that generates ipfw commands to build firewalls. This is still hot off the presses so I wouldn't mind people taking a poke at it to make sure it does that I think it does. One of the things I think it does is protect you against all spoofing of your own IP addresses including land attack. If you want to take a look, grab it out of CPAN (.../authors/David_Muir_Sharnoff/modules/BSD-Ipfwgen-1.0.tar.gz) or from ftp://ftp.idiom.com/users/muir/CPAN/modules/BSD-Ipfwgen-1.0.tar.gz -Dave To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message From owner-freebsd-security Fri Feb 20 08:46:50 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id IAA20306 for freebsd-security-outgoing; Fri, 20 Feb 1998 08:46:50 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from passer.osg.gov.bc.ca (passer.osg.gov.bc.ca [142.32.110.29]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA20188 for ; Fri, 20 Feb 1998 08:46:12 -0800 (PST) (envelope-from cschuber@passer.osg.gov.bc.ca) Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.8.8/8.6.10) id IAA19753 for ; Fri, 20 Feb 1998 08:41:53 -0800 (PST) Message-Id: <199802201641.IAA19753@passer.osg.gov.bc.ca> Received: from localhost(127.0.0.1), claiming to be "passer.osg.gov.bc.ca" via SMTP by localhost, id smtpdaantsa; Fri Feb 20 08:41:52 1998 X-Mailer: exmh version 2.0gamma 1/27/96 Reply-to: Cy Schubert - ITSD Open Systems Group X-Sender: cschuber To: freebsd-security@FreeBSD.ORG Subject: [Fwd: MIT Kerberos V5 R1.0.5 is released] Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 20 Feb 1998 08:41:41 -0800 From: Cy Schubert - ITSD Open Systems Group Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk FYI Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 UNIX Support OV/VM: BCSC02(CSCHUBER) ITSD BITNET: CSCHUBER@BCSC02.BITNET Government of BC Internet: cschuber@uumail.gov.bc.ca Cy.Schubert@gems8.gov.bc.ca ------- Forwarded Message Forwarded: Fri, 20 Feb 1998 08:41:10 -0800 Forwarded: pcmacdon@uumail.gov.bc.ca Forwarded: Steven.Radin@gems9.gov.bc.ca Forwarded: ron.heron@gems2.gov.bc.ca Return-Path: owner-bugtraq@NETSPACE.ORG Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.8.8/8.6.10) id LAA06053 for ; Thu, 19 Feb 1998 11:03:50 -0800 (PST) Received: from orca.gov.bc.ca(142.32.102.25) via SMTP by passer.osg.gov.bc.ca, id smtpdaajlia; Thu Feb 19 11:03:41 1998 Received: from brimstone.netspace.org by orca.gov.bc.ca (5.4R3.10/200.1.1.4) id AA07564; Thu, 19 Feb 1998 11:02:48 -0800 Received: from unknown@netspace.org (port 64013 [128.148.157.6]) by brimstone.netspace.org with ESMTP id <97897-4321>; Thu, 19 Feb 1998 13:56:26 -0500 Received: from NETSPACE.ORG by NETSPACE.ORG (LISTSERV-TCP/IP release 1.8c) with spool id 7801243 for BUGTRAQ@NETSPACE.ORG; Thu, 19 Feb 1998 13:48:00 -0500 Received: from brimstone.netspace.org (brimstone.netspace.org [128.148.157.143]) by netspace.org (8.8.7/8.8.2) with ESMTP id NAA31689 for ; Thu, 19 Feb 1998 13:35:36 -0500 Received: from unknown@netspace.org (port 64013 [128.148.157.6]) by brimstone.netspace.org with ESMTP id <80950-2140>; Thu, 19 Feb 1998 13:36:04 -0500 Approved-By: aleph1@DFW.NET Received: from odin.appliedtheory.com (odin.appliedtheory.com [204.168.18.21]) by netspace.org (8.8.7/8.8.2) with ESMTP id LAA16943 for ; Thu, 19 Feb 1998 11:33:55 -0500 Received: from appliedtheory.com (blizzard@localhost [127.0.0.1]) by odin.appliedtheory.com (8.8.7/8.8.7) with ESMTP id LAA19156 for ; Thu, 19 Feb 1998 11:32:57 -0500 X-Mailer: Mozilla 4.04 [en] (X11; I; Linux 2.0.33 i586) Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="------------3EA54CB021FA14B43F0 00AED" Message-Id: <34EC5EB9.22EBEB7A@appliedtheory.com> Date: Thu, 19 Feb 1998 16:32:57 +0000 Reply-To: Christopher Blizzard Sender: Bugtraq List From: Christopher Blizzard Organization: AppliedTheory Communications, Inc Subject: [Fwd: MIT Kerberos V5 R1.0.5 is released] To: BUGTRAQ@NETSPACE.ORG This is a multi-part message in MIME format. - --------------3EA54CB021FA14B43F000AED Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit - -- - ------------ Christopher Blizzard AppliedTheory Communications, Inc. http://odin.appliedtheory.com/ blizzard@appliedtheory.com - ------------ - --------------3EA54CB021FA14B43F000AED Content-Type: message/rfc822 Content-Transfer-Encoding: 7bit Content-Disposition: inline Return-Path: Received: from franklin.appliedtheory.com (franklin.appliedtheory.com [192.77.173.116]) by odin.appliedtheory.com (8.8.7/8.8.7) with ESMTP id XAA21759 for ; Tue, 17 Feb 1998 23:29:50 -0500 Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28]) by franklin.appliedtheory.com (8.8.8/8.8.8) with SMTP id XAA12019 for ; Tue, 17 Feb 1998 23:30:36 -0500 (EST) Received: from TESLA-COIL.MIT.EDU by MIT.EDU with SMTP id AA28454; Tue, 17 Feb 98 22:51:39 EST Received: by tesla-coil.MIT.EDU (SMI-8.6/4.7) id WAA27390; Tue, 17 Feb 1998 22:51:10 -0500 Date: Tue, 17 Feb 1998 22:51:10 -0500 Message-Id: <199802180351.WAA27390@tesla-coil.MIT.EDU> To: kerberos-announce@MIT.EDU, kerberos@MIT.EDU From: Tom Yu Subject: MIT Kerberos V5 R1.0.5 is released The MIT Kerberos Team is proud to announce the availability of MIT Kerberos V5 Release 1.0.5. This release is a bug-fix release only; there are no feature enhancements over the 1.0.4 release. The following bugs were fixed: * A buffer size problem in klogind that was causing some redisplay problems under Irix has been fixed. [krb5-appl/527] * v4rcp no longer explicitly refers to sys_errlist. * Buffer overruns have been repaired in ftpd. * ftpd now no longer has a name collision with the native log_wtmp() function on some platforms. * A buffer overrun in telnetd has been fixed. * ksu no longer allows the use of an expired cached ticket. [krb5-clients/545] * The KDC now checks the length of incoming krb4 packets to avoid overruns. * The KDC actually returns a valid error packet in cases where it had failed to in the past, which could cause coredumps. * A logic bug in the gssapi library that caused krb5_gss_wrap_size_limit() to return an incorrect size has been fixed. * The gssapi library now caches its rcache, preventing a file descriptor leak. [krb5-libs/370] * Memory leaks, freeing of freed memory, and failure to check the return values of memory-allocating functions have been repaired in the library. [krb5-libs/518] * The "errno" member a db internal structure has been renamed to avoid conflicting with a macro definition of "errno" in glibc. * The profile parser has been vastly improved to strip trailing whitespace and provide a real quoting mechanism. * A goof in the previous fencepost error fix to the pty library has been fixed. Getting Kerberos V5 1.0.5 ========================= The simplest way to get the new 1.0.5 release is via the Web. Use the following URL: http://web.mit.edu/network/kerberos-form.html Alternatively, you may retrieve the release using FTP: FTP to athena-dist.mit.edu, in /pub/kerberos. Get the file README.KRB5-1.0.5. It will contain instructions on how to obtain the 1.0.5 release. - ---------- Tom Yu MIT Information Systems/Kerberos Development Team - --------------3EA54CB021FA14B43F000AED-- ------- End of Forwarded Message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message From owner-freebsd-security Fri Feb 20 12:43:12 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA28410 for freebsd-security-outgoing; Fri, 20 Feb 1998 12:43:12 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from burka.rdy.com (dima@burka.rdy.com [205.149.163.30]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA28291 for ; Fri, 20 Feb 1998 12:42:31 -0800 (PST) (envelope-from dima@burka.rdy.com) Received: by burka.rdy.com id MAA28551; (8.8.8/RDY) Fri, 20 Feb 1998 12:42:12 -0800 (PST) Message-Id: <199802202042.MAA28551@burka.rdy.com> Subject: Re: [Fwd: MIT Kerberos V5 R1.0.5 is released] In-Reply-To: <199802201641.IAA19753@passer.osg.gov.bc.ca> from Cy Schubert - ITSD Open Systems Group at "Feb 20, 98 08:41:41 am" To: cschuber@uumail.gov.bc.ca Date: Fri, 20 Feb 1998 12:42:11 -0800 (PST) Cc: freebsd-security@FreeBSD.ORG X-Class: Fast Organization: HackerDome Reply-To: dima@best.net From: dima@best.net (Dima Ruban) X-Mailer: ELM [version 2.4ME+ PL38 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk I'm about to put krb5+freebsd patches to ftp://burka.rdy.com/pub/krb5/ (note - the old patches for 1.0.4 won't work, since kerberos dudes changes some stuff and included one of my patches) Cy Schubert - ITSD Open Systems Group writes: > FYI > > > Regards, Phone: (250)387-8437 > Cy Schubert Fax: (250)387-5766 > UNIX Support OV/VM: BCSC02(CSCHUBER) > ITSD BITNET: CSCHUBER@BCSC02.BITNET > Government of BC Internet: cschuber@uumail.gov.bc.ca > Cy.Schubert@gems8.gov.bc.ca > > > ------- Forwarded Message > > Forwarded: Fri, 20 Feb 1998 08:41:10 -0800 > Forwarded: pcmacdon@uumail.gov.bc.ca > Forwarded: Steven.Radin@gems9.gov.bc.ca > Forwarded: ron.heron@gems2.gov.bc.ca > Return-Path: owner-bugtraq@NETSPACE.ORG > Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.8.8/8.6.10) > id LAA06053 for ; Thu, 19 Feb 1998 > 11:03:50 -0800 (PST) > Received: from orca.gov.bc.ca(142.32.102.25) > via SMTP by passer.osg.gov.bc.ca, id smtpdaajlia; Thu Feb 19 11:03:41 > 1998 > Received: from brimstone.netspace.org by orca.gov.bc.ca > (5.4R3.10/200.1.1.4) > id AA07564; Thu, 19 Feb 1998 11:02:48 -0800 > Received: from unknown@netspace.org (port 64013 [128.148.157.6]) by > brimstone.netspace.org with ESMTP id <97897-4321>; Thu, 19 Feb 1998 > 13:56:26 -0500 > Received: from NETSPACE.ORG by NETSPACE.ORG (LISTSERV-TCP/IP release > 1.8c) with > spool id 7801243 for BUGTRAQ@NETSPACE.ORG; Thu, 19 Feb 1998 > 13:48:00 > -0500 > Received: from brimstone.netspace.org (brimstone.netspace.org > [128.148.157.143]) by netspace.org (8.8.7/8.8.2) with ESMTP id > NAA31689 for ; Thu, 19 Feb 1998 > 13:35:36 -0500 > Received: from unknown@netspace.org (port 64013 [128.148.157.6]) by > brimstone.netspace.org with ESMTP id <80950-2140>; Thu, 19 > Feb 1998 > 13:36:04 -0500 > Approved-By: aleph1@DFW.NET > Received: from odin.appliedtheory.com (odin.appliedtheory.com > [204.168.18.21]) > by netspace.org (8.8.7/8.8.2) with ESMTP id LAA16943 for > ; Thu, 19 Feb 1998 11:33:55 -0500 > Received: from appliedtheory.com (blizzard@localhost [127.0.0.1]) by > odin.appliedtheory.com (8.8.7/8.8.7) with ESMTP id LAA19156 > for > ; Thu, 19 Feb 1998 11:32:57 -0500 > X-Mailer: Mozilla 4.04 [en] (X11; I; Linux 2.0.33 i586) > Mime-Version: 1.0 > Content-Type: multipart/mixed; boundary="------------3EA54CB021FA14B43F0 > 00AED" > Message-Id: <34EC5EB9.22EBEB7A@appliedtheory.com> > Date: Thu, 19 Feb 1998 16:32:57 +0000 > Reply-To: Christopher Blizzard > Sender: Bugtraq List > From: Christopher Blizzard > Organization: AppliedTheory Communications, Inc > Subject: [Fwd: MIT Kerberos V5 R1.0.5 is released] > To: BUGTRAQ@NETSPACE.ORG > > This is a multi-part message in MIME format. > - --------------3EA54CB021FA14B43F000AED > Content-Type: text/plain; charset=us-ascii > Content-Transfer-Encoding: 7bit > > - -- > > - ------------ > Christopher Blizzard > AppliedTheory Communications, Inc. > http://odin.appliedtheory.com/ > blizzard@appliedtheory.com > - ------------ > - --------------3EA54CB021FA14B43F000AED > Content-Type: message/rfc822 > Content-Transfer-Encoding: 7bit > Content-Disposition: inline > > Return-Path: > Received: from franklin.appliedtheory.com (franklin.appliedtheory.com > [192.77.173.116]) > by odin.appliedtheory.com (8.8.7/8.8.7) with ESMTP id XAA21759 > for ; Tue, 17 Feb 1998 > 23:29:50 -0500 > Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28]) > by franklin.appliedtheory.com (8.8.8/8.8.8) with SMTP id > XAA12019 > for ; Tue, 17 Feb 1998 23:30:36 > -0500 (EST) > Received: from TESLA-COIL.MIT.EDU by MIT.EDU with SMTP > id AA28454; Tue, 17 Feb 98 22:51:39 EST > Received: by tesla-coil.MIT.EDU (SMI-8.6/4.7) id WAA27390; Tue, 17 Feb > 1998 22:51:10 -0500 > Date: Tue, 17 Feb 1998 22:51:10 -0500 > Message-Id: <199802180351.WAA27390@tesla-coil.MIT.EDU> > To: kerberos-announce@MIT.EDU, kerberos@MIT.EDU > From: Tom Yu > Subject: MIT Kerberos V5 R1.0.5 is released > > The MIT Kerberos Team is proud to announce the availability of MIT > Kerberos V5 Release 1.0.5. This release is a bug-fix release only; > there are no feature enhancements over the 1.0.4 release. > The following bugs were fixed: > > * A buffer size problem in klogind that was causing some redisplay > problems under Irix has been fixed. [krb5-appl/527] > > * v4rcp no longer explicitly refers to sys_errlist. > > * Buffer overruns have been repaired in ftpd. > > * ftpd now no longer has a name collision with the native log_wtmp() > function on some platforms. > > * A buffer overrun in telnetd has been fixed. > > * ksu no longer allows the use of an expired cached > ticket. [krb5-clients/545] > > * The KDC now checks the length of incoming krb4 packets to avoid > overruns. > > * The KDC actually returns a valid error packet in cases where it had > failed to in the past, which could cause coredumps. > > * A logic bug in the gssapi library that caused > krb5_gss_wrap_size_limit() to return an incorrect size has been > fixed. > > * The gssapi library now caches its rcache, preventing a file > descriptor leak. [krb5-libs/370] > > * Memory leaks, freeing of freed memory, and failure to check the > return values of memory-allocating functions have been repaired in the > library. [krb5-libs/518] > > * The "errno" member a db internal structure has been renamed to avoid > conflicting with a macro definition of "errno" in glibc. > > * The profile parser has been vastly improved to strip trailing > whitespace and provide a real quoting mechanism. > > * A goof in the previous fencepost error fix to the pty library has > been fixed. > > Getting Kerberos V5 1.0.5 > ========================= > > The simplest way to get the new 1.0.5 release is via the Web. Use the > following URL: > > http://web.mit.edu/network/kerberos-form.html > > Alternatively, you may retrieve the release using FTP: > > FTP to athena-dist.mit.edu, in /pub/kerberos. Get the file > README.KRB5-1.0.5. It will contain instructions on how to > obtain the 1.0.5 release. > > - ---------- > Tom Yu > MIT Information Systems/Kerberos Development Team > > - --------------3EA54CB021FA14B43F000AED-- > > ------- End of Forwarded Message > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe security" in the body of the message > -- dima To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message From owner-freebsd-security Sat Feb 21 11:17:38 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA02773 for freebsd-security-outgoing; Sat, 21 Feb 1998 11:17:38 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from ns.frihet.com (root@frihet.bayarea.net [205.219.92.1]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA02768 for ; Sat, 21 Feb 1998 11:17:30 -0800 (PST) (envelope-from tweten@ns.frihet.com) Received: from ns.frihet.com (tweten@localhost [127.0.0.1]) by ns.frihet.com (8.8.8/8.8.8) with ESMTP id LAA15953 for ; Sat, 21 Feb 1998 11:13:37 -0800 (PST) (envelope-from tweten@ns.frihet.com) Message-Id: <199802211913.LAA15953@ns.frihet.com> X-Mailer: exmh version 2.0.1 12/23/97 Reply-To: "David E. Tweten" To: freebsd-security@FreeBSD.ORG Subject: Find, Rm, and Root's Crontab Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sat, 21 Feb 1998 11:13:36 -0800 From: "David E. Tweten" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk I'm being overwhelmed by exmh "#" files, so I investigated why they haven't seemed to go away on another machine since it was upgraded from Freebsd 1.1.5 (!) to the latest Stable. The answer is a very paranoid sounding and not very informative set of comment lines in /etc/daily. My next step was a search of the FreeBSD security e-mail archives. I don't seem to get along well enough with the mail archive search engine to be able to make it show an entire thread. It did find Chris Layne's forward of the original message pointing out that find and rm in /etc/daily constitute s security hole, given the weaknesses of each. The search engine didn't tell me anything about any decision as to what should be done. The original Linux poster's solution is offensive to me (sings all, dances all, deletes all, and written in Pearl). Potential solutions that appeal more to my simpler-is-better sensibilities are: fixing find not to get confused, and writing (in C!) an rm subset look-alike that won't follow symbolic links. A search of the Gnats data base failed to turn up any evidence of a choice having been made. So, what's the plan? Are we going to do anything beyond distributing /etc/daily with junk file elimination disabled? If so, what? And can I help? -- David E. Tweten | 2047-bit PGP fingerprint: | tweten@frihet.com 12141 Atrium Drive | E9 59 E7 5C 6B 88 B8 90 | tweten@and.com Saratoga, CA 95070-3162 | 65 30 2A A4 A0 BC 49 AE | (408) 446-4131 Those who make good products sell products; those who don't, sell solutions. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message From owner-freebsd-security Sat Feb 21 11:43:53 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA07615 for freebsd-security-outgoing; Sat, 21 Feb 1998 11:43:53 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from fledge.watson.org (root@FLEDGE.RES.CMU.EDU [128.2.91.116]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA07586 for ; Sat, 21 Feb 1998 11:43:42 -0800 (PST) (envelope-from robert@cyrus.watson.org) Received: from cyrus.watson.org (cyrus.pr.watson.org [192.0.2.4]) by fledge.watson.org (8.8.8/8.6.10) with SMTP id OAA05663; Sat, 21 Feb 1998 14:42:54 -0500 (EST) Date: Sat, 21 Feb 1998 14:42:53 -0500 (EST) From: Robert Watson Reply-To: Robert Watson To: "David E. Tweten" cc: freebsd-security@FreeBSD.ORG Subject: Re: Find, Rm, and Root's Crontab In-Reply-To: <199802211913.LAA15953@ns.frihet.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk I have actually found that the best and most enjoyable solution to /tmp-cleaning is to use an MFS-based /tmp. Cleaned every boot, performs well for temporary files, lives in swap, etc. I would like a nice age-based removal procedure for files in /tmp, but have not seen a good one around. On Sat, 21 Feb 1998, David E. Tweten wrote: > I'm being overwhelmed by exmh "#" files, so I investigated why they haven't > seemed to go away on another machine since it was upgraded from Freebsd 1.1.5 > (!) to the latest Stable. The answer is a very paranoid sounding and not > very informative set of comment lines in /etc/daily. > > My next step was a search of the FreeBSD security e-mail archives. I don't > seem to get along well enough with the mail archive search engine to be able > to make it show an entire thread. It did find Chris Layne's forward of the > original message pointing out that find and rm in /etc/daily constitute s > security hole, given the weaknesses of each. The search engine didn't tell > me anything about any decision as to what should be done. > > The original Linux poster's solution is offensive to me (sings all, dances > all, deletes all, and written in Pearl). Potential solutions that appeal > more to my simpler-is-better sensibilities are: fixing find not to get > confused, and writing (in C!) an rm subset look-alike that won't follow > symbolic links. A search of the Gnats data base failed to turn up any > evidence of a choice having been made. > > So, what's the plan? Are we going to do anything beyond distributing > /etc/daily with junk file elimination disabled? If so, what? And can I help? > -- > David E. Tweten | 2047-bit PGP fingerprint: | tweten@frihet.com > 12141 Atrium Drive | E9 59 E7 5C 6B 88 B8 90 | tweten@and.com > Saratoga, CA 95070-3162 | 65 30 2A A4 A0 BC 49 AE | (408) 446-4131 > Those who make good products sell products; those who don't, sell solutions. > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe security" in the body of the message > Robert N Watson Carnegie Mellon University http://www.cmu.edu/ SafePort Network Services http://www.safeport.com/ robert@fledge.watson.org http://www.watson.org/~robert/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message From owner-freebsd-security Sat Feb 21 13:28:58 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id NAA20894 for freebsd-security-outgoing; Sat, 21 Feb 1998 13:28:58 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from ns.frihet.com (root@frihet.bayarea.net [205.219.92.1]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA20813 for ; Sat, 21 Feb 1998 13:28:44 -0800 (PST) (envelope-from tweten@ns.frihet.com) Received: from ns.frihet.com (tweten@localhost [127.0.0.1]) by ns.frihet.com (8.8.8/8.8.8) with ESMTP id LAA16982; Sat, 21 Feb 1998 11:57:05 -0800 (PST) (envelope-from tweten@ns.frihet.com) Message-Id: <199802211957.LAA16982@ns.frihet.com> X-Mailer: exmh version 2.0.1 12/23/97 Reply-To: "David E. Tweten" To: Robert Watson cc: freebsd-security@FreeBSD.ORG Subject: Re: Find, Rm, and Root's Crontab Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sat, 21 Feb 1998 11:57:04 -0800 From: "David E. Tweten" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk robert@cyrus.watson.org said: >I have actually found that the best and most enjoyable solution to / >tmp-cleaning is to use an MFS-based /tmp. I agree. I use it. My problem isn't /tmp cleaning. It's cleaning #* files, *~ files, core files, etc. from wherever they hide. My exmh #* files, for example, live under my home directory in the messages' original folders from before they were "deleted" by exmh. The problem that used to be solved by find and rm, before we discovered that they constitute unsafe computing, is (old) junk files wherever they may be found. So, again, did FreeBSD decide to do anything more than comment out junk file removal in /etc/daily? If so, is it done and what is it? If not, can I help? -- David E. Tweten | 2047-bit PGP fingerprint: | tweten@frihet.com 12141 Atrium Drive | E9 59 E7 5C 6B 88 B8 90 | tweten@and.com Saratoga, CA 95070-3162 | 65 30 2A A4 A0 BC 49 AE | (408) 446-4131 Those who make good products sell products; those who don't, sell solutions. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message