From owner-freebsd-security Sun Mar 1 07:39:17 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id HAA23993 for freebsd-security-outgoing; Sun, 1 Mar 1998 07:39:17 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from GndRsh.aac.dev.com (GndRsh.aac.dev.com [207.149.232.62]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA23988 for ; Sun, 1 Mar 1998 07:39:14 -0800 (PST) (envelope-from rgrimes@GndRsh.aac.dev.com) Received: (from rgrimes@localhost) by GndRsh.aac.dev.com (8.8.8/8.8.8) id HAA02703; Sun, 1 Mar 1998 07:37:56 -0800 (PST) (envelope-from rgrimes) From: "Rodney W. Grimes" Message-Id: <199803011537.HAA02703@GndRsh.aac.dev.com> Subject: Re: Question In-Reply-To: <199803010551.VAA18342@kjsl.com> from Javier Henderson at "Feb 28, 98 09:51:46 pm" To: javier@kjsl.com (Javier Henderson) Date: Sun, 1 Mar 1998 07:37:56 -0800 (PST) Cc: chris@u2.todiefor.com, freebsd-security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL32 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk > Christopher J Ceska writes: > > > What would be a good method to have two servers run the same passwd file? > > Run VMS? > > Oh, sorry, wrong crowd. > > Seriously, has anyone thought about writing something > equivalent to VMS clusters? This is not a veiled attempt at starting a > my-os-is-better-than-yours war. Maybe something useful could come of > an educated discussion of the advantages of VMS clusters. We would kill for the equivlent of the VMS DLM (Distributed Lock Manager) and the required mods to the SCSI code to pass DLM messages accross an UW SCSI bus. Our clients would also kill for it!!! Yes, we have thought about it, no we can't fund it, yes, we would use it! > > -jav, VMS geek, FreeBSD apprentice - rwg, VMS, Domain/OS, AOS/VS, etc, etc Geek -- Rod Grimes rgrimes@gndrsh.aac.dev.com Accurate Automation, Inc. Reliable computers for FreeBSD To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message From owner-freebsd-security Sun Mar 1 09:08:44 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA04326 for freebsd-security-outgoing; Sun, 1 Mar 1998 09:08:44 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from firewall.ftf.dk (root@mail.ftf.dk [129.142.64.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA04317 for ; Sun, 1 Mar 1998 09:08:40 -0800 (PST) (envelope-from regnauld@deepo.prosa.dk) Received: from mail.prosa.dk ([192.168.100.2]) by firewall.ftf.dk (8.7.6/8.7.3) with ESMTP id TAA08368; Sun, 1 Mar 1998 19:58:00 +0100 Received: from deepo.prosa.dk (deepo.prosa.dk [192.168.100.10]) by mail.prosa.dk (8.8.5/8.8.5/prosa-1.1) with ESMTP id SAA24007; Sun, 1 Mar 1998 18:17:04 +0100 (CET) Received: (from regnauld@localhost) by deepo.prosa.dk (8.8.7/8.8.5/prosa-1.1) id SAA16342; Sun, 1 Mar 1998 18:07:41 +0100 (CET) Message-ID: <19980301180741.41835@deepo.prosa.dk> Date: Sun, 1 Mar 1998 18:07:41 +0100 From: Philippe Regnauld To: Robert Watson Cc: freebsd-security@FreeBSD.ORG Subject: Re: Question References: <199803010644.WAA18503@kjsl.com> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Mailer: Mutt 0.88e In-Reply-To: ; from Robert Watson on Sun, Mar 01, 1998 at 02:16:09AM -0500 X-Operating-System: FreeBSD 2.2.5-RELEASE i386 Organization: PROSA Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk Robert Watson writes: > > A cool clustering system for a BSD would be very nice to have -- on any of > these levels. They tend to involve a lot of expensive research, though, I > understand. QNX does it too. But QNX was built from the ground up with that concept (and others, like process migration) in mind, AFAIK. And the price shows (though it's rather affordable when you consider joke-OSes like NT). -- -[ Philippe Regnauld / sysadmin / regnauld@deepo.prosa.dk / +55.4N +11.3E ]- «Pluto placed his bad dog at the entrance of Hades to keep the dead IN and the living OUT! The archetypical corporate firewall?» - S. Kelly Bootle, ("MYTHOLOGY", in Marutukku distrib) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message From owner-freebsd-security Sun Mar 1 15:52:43 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id PAA26721 for freebsd-security-outgoing; Sun, 1 Mar 1998 15:52:43 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from whorfin.sjca.edu (whorfin.sjca.edu [199.89.180.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA26697 for ; Sun, 1 Mar 1998 15:52:32 -0800 (PST) (envelope-from skia@whorfin.sjca.edu) Received: (from skia@localhost) by whorfin.sjca.edu (8.8.7/8.8.5) id SAA11772; Sun, 1 Mar 1998 18:52:14 -0500 (EST) Date: Sun, 1 Mar 1998 18:52:14 -0500 (EST) Message-Id: <199803012352.SAA11772@whorfin.sjca.edu> From: Joshua Scott Emmons To: freebsd-security@FreeBSD.ORG Subject: sync passwds Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk -----BEGIN PGP SIGNED MESSAGE----- Anybody know of a good way to sync passwords between FreeBSD and NT? - -- Josh Emmons...j-emmons@sjca.edu _____________________________ Numeric stability is probably not all that important when you're guessing. ----------------------------- -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Processed by Mailcrypt 3.3, an Emacs/PGP interface iQCVAwUBNPn0qCK4cfbHT7PxAQFuXwP+NzikBgiLf6ig5N27pgiM79E9X9P/6xgg /55eBvVCWFK11tVxFyKhWk9OugJQlwwWquJbNh6FRhdIkeWu24ONrPQ3OBgvK45/ P4t011vK8iDXyqhoQaqY1ZtUtfr+N3XfBNLN/jjmWEBrLYaoo6ishsvboAt9g54O NEwmZVrQACE= =x5SK -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message From owner-freebsd-security Sun Mar 1 18:02:37 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id SAA17369 for freebsd-security-outgoing; Sun, 1 Mar 1998 18:02:37 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from onyx.atipa.com (user19382@ns.atipa.com [208.128.22.10]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id SAA17315 for ; Sun, 1 Mar 1998 18:02:26 -0800 (PST) (envelope-from freebsd@atipa.com) Received: (qmail-queue invoked by uid 1018); 2 Mar 1998 02:10:53 -0000 Date: Sun, 1 Mar 1998 19:10:53 -0700 (MST) From: Atipa X-Sender: freebsd@dot.ishiboo.com To: "Jordan K. Hubbard" cc: Andrew McNaughton , freebsd-security@FreeBSD.ORG Subject: Re: crypto tunnel - international In-Reply-To: <13614.888689218@time.cdrom.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk Jordan, OpenBSD has photurisd and ipsec built-in. These utilities are designed to maintain encypted tunnels and pipes, with dynamically changing keys. They have a special device built into the kernel (enc0) for encrypted data transport. tun0 can be used, but enc0 is definitely preferrable. OpenBSD uses des, md5, sha1, and Blowfish (for password encryption). They also take great care to provide a very high-entropy pool for creating keys and such. Kevin On Sat, 28 Feb 1998, Jordan K. Hubbard wrote: > > Some of our customers faced this problem as well, and the simplest thing > > to use was OpenBSD. Since OpenBSD has cryptography built in to the OS, it > > is very easy to set up secure tunneling. > > Can you explain *precisely* what you mean by "cryptography built in to > the OS?" > > > OpenBSD is a product of Canada, so they can use full-strength > > cryptography. Once it is installed in the US, it is non-exportable, but > > the international sites can download directly from Canada :) > > And we've been exporting said crypto from ftp.freebsd.org as well, > which is in a region of the U.S. which falls under Judge Patel's decision. > I really don't see what OpenBSD can export which we cannot and it would > be really nifty if you could give us details on what is missing from > FreeBSD. > > Jordan > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message From owner-freebsd-security Sun Mar 1 19:51:28 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id TAA02599 for freebsd-security-outgoing; Sun, 1 Mar 1998 19:51:28 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from fang.cs.sunyit.edu (root@fang.cs.sunyit.edu [192.52.220.66]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id TAA02586 for ; Sun, 1 Mar 1998 19:51:16 -0800 (PST) (envelope-from perlsta@cs.sunyit.edu) Received: from win95.local.sunyit.edu (A-T34.rh.sunyit.edu [150.156.210.241]) by fang.cs.sunyit.edu (8.8.5/8.7.3) with SMTP id XAA13386; Sun, 1 Mar 1998 23:52:55 GMT Message-ID: <022901bd458d$ea1398a0$0600a8c0@win95.local.sunyit.edu> From: "Alfred Perlstein" To: "Joshua Scott Emmons" , Subject: Re: sync passwds Date: Sun, 1 Mar 1998 22:47:24 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.2106.4 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk samba has some means of doing this, i would suggest looking there. and i would also suggest using freebsd as the master, from what i hear NT is easily tricked when it comes to remote password stuff. -Alfred -----Original Message----- From: Joshua Scott Emmons To: freebsd-security@FreeBSD.ORG Date: Sunday, March 01, 1998 2:58 PM Subject: sync passwds >-----BEGIN PGP SIGNED MESSAGE----- > > >Anybody know of a good way to sync passwords between FreeBSD and NT? > > >- -- > Josh Emmons...j-emmons@sjca.edu > _____________________________ > Numeric stability is probably > not all that important when > you're guessing. > ----------------------------- > >-----BEGIN PGP SIGNATURE----- >Version: 2.6.2 >Comment: Processed by Mailcrypt 3.3, an Emacs/PGP interface > >iQCVAwUBNPn0qCK4cfbHT7PxAQFuXwP+NzikBgiLf6ig5N27pgiM79E9X9P/6xgg >/55eBvVCWFK11tVxFyKhWk9OugJQlwwWquJbNh6FRhdIkeWu24ONrPQ3OBgvK45/ >P4t011vK8iDXyqhoQaqY1ZtUtfr+N3XfBNLN/jjmWEBrLYaoo6ishsvboAt9g54O >NEwmZVrQACE= >=x5SK >-----END PGP SIGNATURE----- > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message From owner-freebsd-security Mon Mar 2 05:49:09 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id FAA15641 for freebsd-security-outgoing; Mon, 2 Mar 1998 05:49:09 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from gizmo.dimension.net (gizmo.dimension.net [209.12.7.20]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id FAA15632 for ; Mon, 2 Mar 1998 05:49:05 -0800 (PST) (envelope-from jaitken@dimension.net) Received: (from jaitken@localhost) by gizmo.dimension.net (8.8.5/8.8.7) id IAA14781; Mon, 2 Mar 1998 08:48:58 -0500 (EST) From: Jeff Aitken Message-Id: <199803021348.IAA14781@gizmo.dimension.net> Subject: Re: sync passwds In-Reply-To: <199803012352.SAA11772@whorfin.sjca.edu> from Joshua Scott Emmons at "Mar 1, 98 06:52:14 pm" To: j-emmons@sjca.edu (Joshua Scott Emmons) Date: Mon, 2 Mar 1998 08:48:57 -0500 (EST) Cc: freebsd-security@FreeBSD.ORG Reply-to: jaitken@dimension.net X-Mailer: ELM [version 2.4ME+ PL26 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk Joshua Scott Emmons writes: > Anybody know of a good way to sync passwords between FreeBSD and NT? Yes; my company makes a software package that does exactly that. See http://www.syntunix.com for more information. -- Jeff Aitken jaitken@dimension.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message From owner-freebsd-security Mon Mar 2 08:33:45 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id IAA04382 for freebsd-security-outgoing; Mon, 2 Mar 1998 08:33:45 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from diablo.adm.lv (diablo.adm.lv [195.122.3.13]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA04377 for ; Mon, 2 Mar 1998 08:33:36 -0800 (PST) (envelope-from rt@adm.lv) Received: from dark (dark.adm.lv [195.122.3.3]) by diablo.adm.lv (1.2.3/ADM 2.5) with SMTP id SAA06900 for ; Mon, 2 Mar 1998 18:48:31 +0200 (EET) Message-Id: <3.0.5.32.19980302183121.0085b330@mail.adm.lv> Date: Mon, 02 Mar 1998 18:31:21 +0200 To: freebsd-security@FreeBSD.ORG From: Raimonds Treimanis Subject: ARP Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk Hello! Can anybody explain me - is it possible to disable dynamic arp discovery on FreeBSD box. I just want that box to accept connections from certain known boxes on LAN and disable any posibility to fake IP address. So, i'm ifconfing ethernet device with -arp otption, which, as written in man, should disable use of ARP, and reading MAC addresses of some listed hosts with 'arp -f somefile' Unfortunately seems that if host is not listed in ARP tables system lookups its address anyway. Only way to avoid it was to write some nonexistent MAC address for those IP address, and it worked while i was trying to connect FROM that FreeBSD box. But if connection was initiated from that other host FreeBSD with great plesure accepted new MAC address for that host, deleting old value in ARP table without any problems, despite all MANs and DOCs :( With best wishes, Raimonds Treimanis. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message From owner-freebsd-security Mon Mar 2 09:54:07 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA14881 for freebsd-security-outgoing; Mon, 2 Mar 1998 09:54:07 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from i-planet.i-planet.com (iplanet-T1-gw.mv.best.net [206.86.192.226]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA14873 for ; Mon, 2 Mar 1998 09:54:03 -0800 (PST) (envelope-from chris@i-planet.com) Received: from i-planet.com (chris [192.168.0.200]) by i-planet.i-planet.com (8.8.7/8.8.7) with ESMTP id JAA27538; Mon, 2 Mar 1998 09:55:40 -0800 (PST) Date: Mon, 2 Mar 1998 09:55:40 -0800 (PST) From: "Chris Andrichak" Message-Id: <199803021755.JAA27538@i-planet.i-planet.com> To: "Joshua Scott Emmons" Cc: freebsd-security@FreeBSD.ORG Reply-To: chris@i-planet.com X-Mailer: PonyEspresso 3.0 Subject: Re: sync passwds Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk "Joshua Scott Emmons" wrote: ]Date: Sun, 1 Mar 1998 18:52:14 -0500 (EST) ]-----BEGIN PGP SIGNED MESSAGE----- ] ] ]Anybody know of a good way to sync passwords between FreeBSD and NT? ] Here's one thing: http://www.cis.ksu.edu/~mikhail/Passwd/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message From owner-freebsd-security Mon Mar 2 13:13:40 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id NAA13404 for freebsd-security-outgoing; Mon, 2 Mar 1998 13:13:40 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from onizuka.tb.9715.org (eqOkj5D6VwsAJNNHLLFNAJQnkJAdNafe@onizuka.tb.9715.org [194.97.84.67]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA13387 for ; Mon, 2 Mar 1998 13:13:21 -0800 (PST) (envelope-from torstenb@onizuka.tb.9715.org) Received: by onizuka.tb.9715.org via sendmail with stdio id for ; Mon, 2 Mar 1998 22:13:03 +0100 (CET) Message-Id: From: torstenb@onizuka.tb.9715.org (Torsten Blum) Subject: Re: OpenBSD Security Advisory: mmap() Problem In-Reply-To: <199802280635.WAA02412@cwsys.cwsent.com> from Cy Schubert - ITSD Open Systems Group at "Feb 27, 98 10:35:36 pm" To: cschuber@uumail.gov.bc.ca Date: Mon, 2 Mar 1998 22:13:03 +0100 (CET) Cc: wollman@khavrinen.lcs.mit.edu, cschuber@uumail.gov.bc.ca, freebsd-security@FreeBSD.ORG, roell@xig.com X-Mailer: ELM [version 2.4ME+ PL32 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk Cy Schubert - ITSD Open Systems Group wrote: > I've already talked to them about the upcoming release of their new products. > They've told me that they're dropping support for FreeBSD and focusing on > Linux because FreeBSD doesn't sell X servers. According to Thomas Roell this is not true and XiG will continue to support Xaccel on FreeBSD. > It will be unlikely that they'll make any changes. I don't think so. Thomas told me, that he'll fix Xaccel (if he hasn't already). I don't know in which release or if there will be a binary patch available. You have to ask XiG. (I don't work for XiG or have any relationship with XiG - beside being a happy Xaccel user) -tb To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message From owner-freebsd-security Mon Mar 2 13:43:32 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id NAA20273 for freebsd-security-outgoing; Mon, 2 Mar 1998 13:43:32 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from burka.rdy.com (dima@burka.rdy.com [205.149.163.30]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA20253 for ; Mon, 2 Mar 1998 13:43:23 -0800 (PST) (envelope-from dima@burka.rdy.com) Received: by burka.rdy.com id NAA08118; (8.8.8/RDY) Mon, 2 Mar 1998 13:42:50 -0800 (PST) Message-Id: <199803022142.NAA08118@burka.rdy.com> Subject: Re: OpenBSD Security Advisory: mmap() Problem In-Reply-To: from Torsten Blum at "Mar 2, 98 10:13:03 pm" To: torstenb@onizuka.tb.9715.org (Torsten Blum) Date: Mon, 2 Mar 1998 13:42:50 -0800 (PST) Cc: cschuber@uumail.gov.bc.ca, wollman@khavrinen.lcs.mit.edu, freebsd-security@FreeBSD.ORG, roell@xig.com X-Class: Fast Organization: HackerDome Reply-To: dima@best.net From: dima@best.net (Dima Ruban) X-Mailer: ELM [version 2.4ME+ PL38 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk That was my exact impression after conversation with Thomas. Torsten Blum writes: > Cy Schubert - ITSD Open Systems Group wrote: > > > I've already talked to them about the upcoming release of their new products. > > They've told me that they're dropping support for FreeBSD and focusing on > > Linux because FreeBSD doesn't sell X servers. > > According to Thomas Roell this is not true and XiG will continue to support > Xaccel on FreeBSD. > > > It will be unlikely that they'll make any changes. > > I don't think so. Thomas told me, that he'll fix Xaccel (if he hasn't already). > I don't know in which release or if there will be a binary patch available. > You have to ask XiG. > (I don't work for XiG or have any relationship with XiG - beside being a > happy Xaccel user) > > -tb > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe security" in the body of the message > -- dima To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message From owner-freebsd-security Mon Mar 2 14:08:57 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id OAA27567 for freebsd-security-outgoing; Mon, 2 Mar 1998 14:08:57 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from fog.XiG.com ([207.247.80.136]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA27471 for ; Mon, 2 Mar 1998 14:08:15 -0800 (PST) (envelope-from roell@xig.com) Received: (from smap@localhost) by fog.XiG.com (8.8.3/8.7.3) id PAA12413; Mon, 2 Mar 1998 15:07:40 -0700 (MST) X-Authentication-Warning: fog.XiG.com: smap set sender to using -f Received: from xeno.xig.com(192.168.208.221) by fog.XiG.com via smap (V1.3) id sma012410; Mon Mar 2 15:07:36 1998 Received: (from roell@localhost) by xeno.xig.com (8.8.5/8.6.12) id PAA06438; Mon, 2 Mar 1998 15:07:19 -0700 (MST) Date: Mon, 2 Mar 1998 15:07:19 -0700 (MST) Message-Id: <199803022207.PAA06438@xeno.xig.com> From: Thomas Roell MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit To: dima@best.net Cc: torstenb@onizuka.tb.9715.org (Torsten Blum), cschuber@uumail.gov.bc.ca, wollman@khavrinen.lcs.mit.edu, freebsd-security@FreeBSD.ORG, roell@xig.com Subject: Re: OpenBSD Security Advisory: mmap() Problem In-Reply-To: <199803022142.NAA08118@burka.rdy.com> References: <199803022142.NAA08118@burka.rdy.com> X-Mailer: VM 6.20 under Emacs 19.34.1 Reply-To: thomas@xig.com Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk In your message of 2 March 1998 you write: > That was my exact impression after conversation with Thomas. Kind of got the very same impression after talking a lot to myself. Wonder to whom Mr. Cy Schubert talked too. - Thomas -- Thomas Roell /\ An imperfect plan executed violently Xi Graphics / \/\ _ is far superior to a perfect plan. thomas@xig.com / / \ \ / Oelch! \ \ George Patton To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message From owner-freebsd-security Mon Mar 2 15:34:37 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id PAA17226 for freebsd-security-outgoing; Mon, 2 Mar 1998 15:34:37 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from passer.osg.gov.bc.ca (passer.osg.gov.bc.ca [142.32.110.29]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA17152 for ; Mon, 2 Mar 1998 15:34:06 -0800 (PST) (envelope-from cschuber@passer.osg.gov.bc.ca) Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.8.8/8.6.10) id PAA07671; Mon, 2 Mar 1998 15:32:04 -0800 (PST) Message-Id: <199803022332.PAA07671@passer.osg.gov.bc.ca> Received: from localhost(127.0.0.1), claiming to be "passer.osg.gov.bc.ca" via SMTP by localhost, id smtpdaaEzha; Mon Mar 2 15:32:03 1998 X-Mailer: exmh version 2.0gamma 1/27/96 Reply-to: Cy Schubert - ITSD Open Systems Group X-Sender: cschuber To: thomas@xig.com cc: dima@best.net, torstenb@onizuka.tb.9715.org (Torsten Blum), cschuber@uumail.gov.bc.ca, wollman@khavrinen.lcs.mit.edu, freebsd-security@FreeBSD.ORG, roell@xig.com, cy@passer.osg.gov.bc.ca Subject: Re: OpenBSD Security Advisory: mmap() Problem In-reply-to: Your message of "Mon, 02 Mar 1998 15:07:19 MST." <199803022207.PAA06438@xeno.xig.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Mon, 02 Mar 1998 15:30:42 -0800 From: Cy Schubert - ITSD Open Systems Group Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk > In your message of 2 March 1998 you write: > > > That was my exact impression after conversation with Thomas. > > Kind of got the very same impression after talking a lot to > myself. Wonder to whom Mr. Cy Schubert talked too. > > - Thomas > -- > Thomas Roell /\ An imperfect plan executed violently > Xi Graphics / \/\ _ is far superior to a perfect plan. > thomas@xig.com / / \ \ > / Oelch! \ \ George Patton > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe security" in the body of the message I spoke to Patrick. I've since spoken to Kyle (Sales) and Andrew Bergen (Sales Manager). XiG will continue to support the X server however it is doubtful that support Motif and CDE will continue, though the chance of Motif support is a little better than CDE. The final decision has not been made. This thread should probaby stop on FreeBSD-Security and continue elsewhere. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 UNIX Support OV/VM: BCSC02(CSCHUBER) ITSD BITNET: CSCHUBER@BCSC02.BITNET Government of BC Internet: cschuber@uumail.gov.bc.ca Cy.Schubert@gems8.gov.bc.ca To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message From owner-freebsd-security Tue Mar 3 05:20:27 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id FAA07683 for freebsd-security-outgoing; Tue, 3 Mar 1998 05:20:27 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from sunoco.rust.net (sunoco.gle.verio.net [209.69.71.11]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id FAA07668; Tue, 3 Mar 1998 05:20:22 -0800 (PST) (envelope-from mlucas@verio.net) Received: from absolution.rust.net (absolution.gle.verio.net [209.69.72.132]) by sunoco.rust.net (8.8.5/8.8.5) with SMTP id IAA22355; Tue, 3 Mar 1998 08:29:52 GMT Message-Id: <199803030829.IAA22355@sunoco.rust.net> X-Sender: mwlucas@sunoco.rust.net X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0 Demo Date: Tue, 03 Mar 1998 20:17:26 -0500 To: freebsd-questions@FreeBSD.ORG From: "mlucas@verio.net" Subject: vpn & fwtk Cc: freebsd-security@FreeBSD.ORG Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk Hello, I have a client who wants to use fwtk for a firewall. No problem. He also wants VPN capability, which is not supported by fwtk. Is there something I can do with FreeBSD to provide a vpn? I suspect that OpenBSD could do it, with the kernel's built-in strong encryption, but I don't want to use OpenBSD. FreeBSD has earned my trust. Thanks, Michael To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message From owner-freebsd-security Tue Mar 3 06:34:38 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id GAA15878 for freebsd-security-outgoing; Tue, 3 Mar 1998 06:34:38 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from fallout.campusview.indiana.edu (fallout.campusview.indiana.edu [149.159.1.1]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA15873; Tue, 3 Mar 1998 06:34:35 -0800 (PST) (envelope-from jfieber@indiana.edu) Received: from localhost (jfieber@localhost) by fallout.campusview.indiana.edu (8.8.7/8.8.7) with SMTP id JAA29111; Tue, 3 Mar 1998 09:34:32 -0500 (EST) Date: Tue, 3 Mar 1998 09:34:32 -0500 (EST) From: John Fieber To: "mlucas@verio.net" cc: freebsd-questions@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: vpn & fwtk In-Reply-To: <199803030829.IAA22355@sunoco.rust.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk On Tue, 3 Mar 1998, mlucas@verio.net wrote: > Is there something I can do with FreeBSD to provide a vpn? There is a Linux HOWTO on creating a vpn using ppp and ssh. I doubt there would be any problems doing it on FreeBSD, but I have not tried it. -john To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message From owner-freebsd-security Tue Mar 3 06:39:22 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id GAA17248 for freebsd-security-outgoing; Tue, 3 Mar 1998 06:39:22 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from firewall.ftf.dk (root@mail.ftf.dk [129.142.64.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA17166; Tue, 3 Mar 1998 06:38:51 -0800 (PST) (envelope-from regnauld@deepo.prosa.dk) Received: from mail.prosa.dk ([192.168.100.2]) by firewall.ftf.dk (8.7.6/8.7.3) with ESMTP id RAA01903; Tue, 3 Mar 1998 17:28:23 +0100 Received: from deepo.prosa.dk (deepo.prosa.dk [192.168.100.10]) by mail.prosa.dk (8.8.5/8.8.5/prosa-1.1) with ESMTP id PAA27228; Tue, 3 Mar 1998 15:47:35 +0100 (CET) Received: (from regnauld@localhost) by deepo.prosa.dk (8.8.7/8.8.5/prosa-1.1) id PAA25509; Tue, 3 Mar 1998 15:37:50 +0100 (CET) Message-ID: <19980303153750.53856@deepo.prosa.dk> Date: Tue, 3 Mar 1998 15:37:50 +0100 From: Philippe Regnauld To: "mlucas@verio.net" Cc: freebsd-questions@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: vpn & fwtk References: <199803030829.IAA22355@sunoco.rust.net> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Mailer: Mutt 0.88e In-Reply-To: <199803030829.IAA22355@sunoco.rust.net>; from mlucas@verio.net on Tue, Mar 03, 1998 at 08:17:26PM -0500 X-Operating-System: FreeBSD 2.2.5-RELEASE i386 Organization: PROSA Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk mlucas@verio.net writes: > Hello, > > I have a client who wants to use fwtk for a firewall. No problem. > > He also wants VPN capability, which is not supported by fwtk. Skip. /usr/ports/security/skip -- -[ Philippe Regnauld / sysadmin / regnauld@deepo.prosa.dk / +55.4N +11.3E ]- «Pluto placed his bad dog at the entrance of Hades to keep the dead IN and the living OUT! The archetypical corporate firewall?» - S. Kelly Bootle, ("MYTHOLOGY", in Marutukku distrib) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message From owner-freebsd-security Tue Mar 3 08:12:33 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id IAA03432 for freebsd-security-outgoing; Tue, 3 Mar 1998 08:12:33 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from buffnet4.buffnet.net (buffnet4.buffnet.net [205.246.19.13]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA03423; Tue, 3 Mar 1998 08:12:20 -0800 (PST) (envelope-from shovey@buffnet.net) Received: from buffnet11.buffnet.net (buffnet11.buffnet.net [205.246.19.55]) by buffnet4.buffnet.net (8.7.5/8.7.3) with SMTP id LAA25252; Tue, 3 Mar 1998 11:12:35 -0500 (EST) Date: Tue, 3 Mar 1998 11:12:01 -0500 (EST) From: Steve Hovey To: "mlucas@verio.net" cc: freebsd-questions@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: vpn & fwtk In-Reply-To: <199803030829.IAA22355@sunoco.rust.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk Isnt VPN something you do with radius? On Tue, 3 Mar 1998, mlucas@verio.net wrote: > Hello, > > I have a client who wants to use fwtk for a firewall. No problem. > > He also wants VPN capability, which is not supported by fwtk. > > Is there something I can do with FreeBSD to provide a vpn? > > I suspect that OpenBSD could do it, with the kernel's built-in strong > encryption, but I don't want to use OpenBSD. FreeBSD has earned my trust. > > Thanks, > Michael > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > ------------------------------------------------------------------ Steve Hovey Chief Engineer BuffNET More Than Just a Connection! ------------------------------------------------------------------ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message From owner-freebsd-security Tue Mar 3 18:09:53 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id SAA23753 for freebsd-security-outgoing; Tue, 3 Mar 1998 18:09:53 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from tardis.gallifrey.gov (slip166-72-87-44.ny.us.ibm.net [166.72.87.44]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id SAA23629; Tue, 3 Mar 1998 18:09:05 -0800 (PST) (envelope-from Josh.Pincus@ibm.net) Received: (from froboz@localhost) by tardis.gallifrey.gov (8.8.8/8.8.8) id VAA06979; Tue, 3 Mar 1998 21:06:59 -0500 (EST) From: Josh Pincus Message-Id: <199803040206.VAA06979@tardis.gallifrey.gov> Subject: Re: vpn & fwtk In-Reply-To: <199803030829.IAA22355@sunoco.rust.net> from "mlucas@verio.net" at "Mar 3, 98 08:17:26 pm" To: mlucas@verio.net Date: Tue, 3 Mar 1998 21:06:59 -0500 (EST) Cc: freebsd-questions@FreeBSD.ORG, freebsd-security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL32 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk > > I suspect that OpenBSD could do it, with the kernel's built-in strong > encryption, but I don't want to use OpenBSD. FreeBSD has earned my trust. ~~~~~~~~~~~~~~~~~~~~~~~~~~~ Right on, dude! JP -- Happy FreeBSD user since birth. > > Thanks, > Michael > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe security" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message From owner-freebsd-security Thu Mar 5 23:03:15 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id XAA18736 for freebsd-security-outgoing; Thu, 5 Mar 1998 23:03:15 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from joshua.enteract.com (joshua.enteract.com [207.229.129.5]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id XAA18173 for ; Thu, 5 Mar 1998 23:01:53 -0800 (PST) (envelope-from tqbf@secnet.com) From: tqbf@secnet.com Received: (qmail 20696 invoked by uid 1004); 6 Mar 1998 07:01:51 -0000 Message-ID: <19980306070151.20695.qmail@joshua.enteract.com> Subject: DIVERT Sockets... To: freebsd-security@FreeBSD.ORG Date: Fri, 6 Mar 1998 01:01:51 -0600 (CST) Reply-To: tqbf@secnet.com X-Mailer: ELM [version 2.4ME+ PL32 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk Hey there. I have a question, hopefully not a heads-up: IP "divert" processing in ip_input() causes IP option processing to be skipped (basically, "divert" sockets are just a "goto" in the IP processing code that say "process this packet as if it was ours"). I am wondering if y'all see the same problem I do here, which is that IPDIVERT doesn't reset ip_nhops to zero before "accepting" packets for input. Recall that "ip_nhops" specifies whether the current packet causes a source route to be recorded; if ip_nhops is nonzero, ip_srcroute will return a reversed recorded route from the last accepted source-routed packet. Each time a new valid packet is accepted, "ip_nhops" is supposed to be reset to zero. The TCP input code blindly calls ip_srcroute() when a connection is being established to see if the SYN connection-soliciting packet was source routed; if it was, it uses the recorded route for all future packets for this connection. Because of the IPDIVERT hack, it seems to me that anyone can send a source routed packet right before a diverted SYN packet, and that SYN packet will follow the reverse of the source route. On networks that don't drop source routed packets, this would allow remote attackers to hijack arbitrary connections remotely without direct network access to the path those connections take. I don't know enough about IPDIVERT to tell if this is the case; I am trying to wade through the code to see if divert sockets modifies IP output not to send source routed packets. ----------------------------------------------------------------------------- Thomas H. Ptacek Secure Networks, Inc. ----------------------------------------------------------------------------- http://www.enteract.com/~tqbf "mmm... sacrilicious" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message