From owner-freebsd-security Sun May 3 14:39:16 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id OAA02548 for freebsd-security-outgoing; Sun, 3 May 1998 14:39:16 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from ns2.sminter.com.ar (ns2.sminter.com.ar [200.10.100.11]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA02500 for ; Sun, 3 May 1998 14:39:02 -0700 (PDT) (envelope-from Recabarren!fpscha@ns2.sminter.com.ar) Received: (from uucp@localhost) by ns2.sminter.com.ar (8.8.5/8.8.4) id SAA26819 for freebsd.org!freebsd-security; Sun, 3 May 1998 18:37:26 -0300 (GMT) >Received: (from fpscha@localhost) by localhost.schapachnik.com.ar (8.8.5/8.8.5) id SAA00317; Sun, 3 May 1998 18:18:04 -0300 (ARST) From: "Fernando P. Schapachnik" Message-Id: <199805032118.SAA00317@localhost.schapachnik.com.ar> Subject: Why aren't security fixes posted to security-announce? To: freebsd-security@FreeBSD.ORG Date: Sun, 3 May 1998 18:18:04 -0300 (ARST) Reply-To: fpscha@schapachnik.com.ar X-Mailer: ELM [version 2.4ME+ PL22 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk *** A similar message has already been posted some days before. As I didn't received it, I assume nobody has. Sorry if this is not the case. *** Hello: I like to know if there is a good reason for not posting to announce or security-announce those bugs/fixes mailed to security. I'm not talking about open issues that may help an attacker, but about those which has a fix or workaround. In this situation we can find Niall Smart's "Vulnerability in OpenBSD, FreeBSD-stable lprm", Dima Ruban's patch to BIND related with "Re: Any news on this?: CA-98.05 Multiple Vulnerabilities in BIND" and Vasim Valejev's "Example of RFC-1644 attack", just to quote a few I received in the past few weeks. Thanks and regards. Fernando P. Schapachnik fpscha@schapachnik.com.ar To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message From owner-freebsd-security Mon May 4 09:40:27 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA01869 for freebsd-security-outgoing; Mon, 4 May 1998 09:40:27 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from arutam.inch.com (ns.inch.com [207.240.140.101]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA01845 for ; Mon, 4 May 1998 09:40:10 -0700 (PDT) (envelope-from spork@inch.com) Received: from shell.inch.com (spork@inch.com [207.240.140.100]) by arutam.inch.com (8.8.5/8.8.5) with SMTP id MAA06198 for ; Mon, 4 May 1998 12:40:07 -0400 (EDT) Date: Mon, 4 May 1998 12:40:07 -0400 (EDT) From: Charles Sprickman To: freebsd-security@FreeBSD.ORG Subject: Re: TOG and xterm problem (fwd) Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk Just an FYI, the updates are available in binary form: ftp://ftp.xfree86.org/pub/XFree86/3.3.2/binaries/FreeBSD-2.2.x/X3321upd.tgz Charles ~~~~~~~~~ ~~~~~~~~~~~ Charles Sprickman Internet Channel INCH System Administration Team (212)243-5200 spork@inch.com access@inch.com ---------- Forwarded message ---------- Date: Sun, 3 May 1998 23:55:24 -0700 From: Trevor Johnson To: BUGTRAQ@NETSPACE.ORG Subject: Re: TOG and xterm problem seen on www.xfree86.org: [3 May 1998] The Open Group recently released a security advisory concerning vulnerabilities in the xterm program and in the Xaw (Athena Widget) library. These particular problems are associated with buffer overflows in the code that processes the inputMethod and preeditType resources in both xterm and the Xaw library, and the *Keymap resources in xterm. The Xaw problems affect any setuid-root binaries that use the Xaw library (including xterm). The inputMethod and preeditType problems affect all releases of XFree86 from 3.0 to 3.3.2 (inclusive). The *Keymap problem affects all releases of XFree86 up to and including 3.3.2. The Open Group's fixes for these problems are currently available only to its members (XFree86 is not a member). XFree86 is independently releasing its own fixes for these problems. A source patch [1] is available now. Updated binaries for some OSs are also available now, and others will be available soon. The updated binaries can be found in the X3321upd.tgz files in the appropriate subdirectories of the XFree86 3.3.2 binaries directory [2]. Information about installing the updated binaries can be found in an updated version of the XFree86 3.3.2 Release Notes [3]. Note that it is important to follow the instructions in those notes carefully, and that both the updated xterm program and Xaw library must be installed to fix the problem with xterm. Also, the X332bin.tgz and X332lib.tgz files in the XFree86 3.3.2 binaries subdirectories still contain the original buggy versions. When doing an new XFree86 3.3.2 installation it is important to extract the X3321upd.tgz after extracting the others. [1] ftp://ftp.xfree86.org/pub/XFree86/3.3.2/fixes/3.3.2-patch1 [2] ftp://ftp.xfree86.org/pub/XFree86/3.3.2/binaries [3] http://www.xfree86.org/3.3.2/RELNOTES.html ___ Trevor Johnson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message From owner-freebsd-security Tue May 5 09:53:21 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA19497 for freebsd-security-outgoing; Tue, 5 May 1998 09:53:21 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from burka.rdy.com (dima@burka.rdy.com [205.149.163.30]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA19420 for ; Tue, 5 May 1998 09:53:01 -0700 (PDT) (envelope-from dima@burka.rdy.com) Received: by burka.rdy.com id JAA04984; (8.8.8/RDY) Tue, 5 May 1998 09:53:02 -0700 (PDT) Received: from flea.best.net by burka.rdy.com with ESMTP id IAA04598; (8.8.8/RDY) Tue, 5 May 1998 08:03:34 -0700 (PDT) Received: from brimstone.netspace.org (brimstone.netspace.org [128.148.157.143]) by flea.best.net (8.8.8/8.7.3) with ESMTP id IAA18657 for ; Tue, 5 May 1998 08:03:03 -0700 (PDT) Received: from unknown@netspace.org (port 55626 [128.148.157.6]) by brimstone.netspace.org with ESMTP id <273-8300>; Tue, 5 May 1998 11:00:24 -0400 Received: from NETSPACE.ORG by NETSPACE.ORG (LISTSERV-TCP/IP release 1.8c) with spool id 690838 for BUGTRAQ@NETSPACE.ORG; Tue, 5 May 1998 10:52:33 -0400 Received: from brimstone.netspace.org (brimstone.netspace.org [128.148.157.143]) by netspace.org (8.8.7/8.8.2) with ESMTP id KAA04319 for ; Tue, 5 May 1998 10:39:32 -0400 Received: from unknown@netspace.org (port 55626 [128.148.157.6]) by brimstone.netspace.org with ESMTP id <80672-8298>; Tue, 5 May 1998 10:40:40 -0400 Approved-By: aleph1@NATIONWIDE.NET Received: from rf900.physics.usyd.edu.au (rf900.physics.usyd.edu.au [129.78.129.109]) by netspace.org (8.8.7/8.8.2) with ESMTP id JAA31257 for ; Tue, 5 May 1998 09:52:16 -0400 Received: (from dawes@localhost) by rf900.physics.usyd.edu.au (8.8.5/8.8.2) id XAA02150; Tue, 5 May 1998 23:52:11 +1000 (EST) Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.69 Message-ID: <19980505235211.58182@rf900.physics.usyd.edu.au> Date: Tue, 5 May 1998 23:52:11 +1000 Reply-To: David Dawes From: David Dawes Subject: xterm and Xaw library vulnerability (XFree86 advisory) To: BUGTRAQ@NETSPACE.ORG Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= XFree86-SA-1998:01 Security Advisory The XFree86 Project, Inc. Topic: xterm and Xaw library vulnerability Announced: 3 May 1998 Affects: All XFree86 versions up to and including 3.3.2 Corrected: XFree86 3.3.2 patch 1 XFree86 only: no Patches: ftp://ftp.xfree86.org/pub/XFree86/3.3.2/fixes/3.3.2-patch1 ============================================================================= I. Background Xterm is a terminal emulator that is part of the core X Window System, and is included in every XFree86 release. Xaw is the Athena Widgets library. It is also part of the core X Window System, and is also included in every XFree86 release. The Open Group X Project Team recently provided a vendor advisory released by CERT as VB-98.04 regarding vulnerabilities in xterm and the Xaw library. The XFree86 Project has developed a patch to XFree86 version 3.3.2, the latest release of the software based on X11R6.3. II. Problem Description Problems exist in both the xterm program and the Xaw library that allow user supplied data to cause buffer overflows in both the xterm program and any program that uses the Xaw library. These buffer overflows are associated with the processing of data related to the inputMethod and preeditType resources (for both xterm and Xaw) and the *Keymap resources (for xterm). III. Impact Exploiting these buffer overflows with xterm when it is installed setuid-root or with any setuid-root program that uses the Xaw library can allow an unprivileged user to gain root access to the system. These vulnerabilities can only be exploited by individuals with access to the local system. Setuid-root programs that use variants of the Xaw library (like Xaw3d) may also be vulnerable to the Xaw problems. The only setuid-root program using the Xaw library that is supplied as part of the standard XFree86 distributions is xterm. Other distributions may include other such programs, including variants of xterm. IV. Workaround The setuid-root programs affected by these problems can be made safe by removing their setuid bit. This should be done for xterm and any setuid-root program that uses the Xaw library: # chmod 0755 /usr/X11R6/bin/xterm # chmod 0755 Note that implementing this workaround may reduce the functionality of the affected programs. V. Solution The Open Group's fixes for these problems are currently available only to its members (XFree86 is not a member). XFree86 has independently released its own fixes for these problems. A source patch is available now at ftp://ftp.xfree86.org/pub/XFree86/3.3.2/fixes/3.3.2-patch1. Updated binaries for most OSs are also available. The updated binaries can be found in the X3321upd.tgz files in the appropriate subdirectories of the XFree86 3.3.2 binaries directory (ftp://ftp.xfree86.org/pub/XFree86/3.3.2/binaries/). Information about installing the updated binaries can be found in an updated version of the XFree86 3.3.2 Release Notes. A text copy of this can be found at ftp://ftp.xfree86.org/pub/XFree86/3.3.2/RELNOTES. An on-line copy can be viewed at http://www.xfree86.org/3.3.2/RELNOTES.html. Note that it is important to follow the instructions in those notes carefully, and that both the updated xterm program and Xaw library must be installed to fix the problem with xterm. Also, the X332bin.tgz and X332lib.tgz files in the XFree86 3.3.2 binaries subdirectories still contain the original buggy versions. When doing a new XFree86 3.3.2 installation it is important to extract the X3321upd.tgz after extracting the others. VI. Checksums The following is a list of MD5 digital signatures for the source patch, release notes file and updated binaries. Filename MD5 Digital Signature ---------------------------------------------------------------------- 3.3.2-patch1 e5a66e732d62cf23007d6b939281028a RELNOTES 06d07b8d884b651b131787ec15d04b59 FreeBSD-2.2.x/X3321upd.tgz cc2eeeecbaaf72d95776d12e42f1a111 FreeBSD-3.0/X3321upd.tgz 94b45261d8eb6da4e30580a42338c47e Interactive/X3321upd.tgz f6ed6adc516af50303af4d70f0a93fbe Linux-axp/X3321upd.tgz 0fc81d4308f989ea050e84ca7a7c3362 Linux-ix86-glibc/X3321upd.tgz bf6b7ddebadd188331c9624dfedf6aa9 Linux-ix86/X3321upd.tgz 89ac8668a891bcdee8df1ea36fe06248 LynxOS/X3321upd.tgz aa065051fe9747b5f36625f3ca956210 NetBSD-1.3/X3321upd.tgz 7dc31e8e7a230717338cd3587c6e9c9c OpenBSD/X3321upd.tgz 9267e76495edadb26621defe368bce2e SVR4.0/X3321upd.tgz 54c34dc2de7f789d29063a23b709f0c1 Solaris/X3321upd.tgz c102e2912ad7e9571d361083af0de170 UnixWare/X3321upd.tgz bf492604de594cdf2ebe9c78552005e8 These checksums only apply for files obtained from ftp.xfree86.org and its mirrors. VII. Credits Richard Braakman Analysis of the xterm problems and fixes for them. Tom Dickey Integration of xterm fixes. Paulo Cesar Pereira de Andrade Xaw fixes. ============================================================================= The XFree86 Project, Inc Web Site: http://www.xfree86.org/ PGP Key: ftp://ftp.xfree86.org/pub/XFree86/Security/key.asc Advisories: ftp://ftp.xfree86.org/pub/XFree86/Security/ Security notifications: security@xfree86.org General support contact: xfree86@xfree86.org ============================================================================= -----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv iQCVAwUBNU3aWknJJ0YV1q5pAQE93QP+LkxhHphL6CpgX/lCJmFR25L2qf8430wk D530Ih0nmIG86Y9zY6i9BMzgH9nfRl7v6dSX+Ch/+oiR68tyY1LBbuwMSpD+V672 qWuTHYQEJ9ZrrUFf1vc1V2gFKkDy+rMpqyEU6ZShBzPXZ66Lc7dINbf05GZGBdbm EKjSwesIj/M= =4dNY -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message From owner-freebsd-security Wed May 6 17:40:15 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id RAA28288 for freebsd-security-outgoing; Wed, 6 May 1998 17:40:15 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from thuule.pair.com (thuule.pair.com [209.68.1.107]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id RAA28171; Wed, 6 May 1998 17:39:42 -0700 (PDT) (envelope-from asr@millburn.net) Received: from localhost (asr@localhost) by thuule.pair.com (8.8.8/8.6.12) with SMTP id UAA29041; Wed, 6 May 1998 20:39:39 -0400 (EDT) X-Envelope-To: freebsd-security@freebsd.org Date: Wed, 6 May 1998 20:39:39 -0400 (EDT) From: Adam Rothschild X-Sender: asr@thuule.pair.com To: freebsd-net@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: NAT woes! Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk Hey everyone... I'm trying to setup the following, and I'm failing miserably. Internal network -[ed0]- FreeBSD (2.2.5) box -[ex0]- public IP 192.168.0.0/24 1.2.3.4 - FreeBSD box blocks all incoming connections, except on TCP port 25 Here's what I have. Note that the NAT for internal machines accessing the 'net works nicely. However, I can't figure out how to allow tcp port 25 into the box on it's public interface [ex0]. o FreeBSD box is assigned 192.168.0.1 on the ed0 interface, and 1.2.3.4 on the ex0 interface. o The following script is executed to initiate things: natd -log -redirect_address 192.168.0.0 0.0.0.0 -n ex0 -u ipfw -f flush ipfw add divert natd all from any to any ipfw add pass all from any to any Any help would be GREATLY appreciated!!! Thanks, Adam To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message From owner-freebsd-security Thu May 7 05:08:49 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id FAA04539 for freebsd-security-outgoing; Thu, 7 May 1998 05:08:49 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from osku.suutari.iki.fi (kn6-045.ktvlpr.inet.fi [194.197.169.45]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id FAA04390; Thu, 7 May 1998 05:07:15 -0700 (PDT) (envelope-from ari@osku.suutari.iki.fi) Received: from localhost (ari@localhost) by osku.suutari.iki.fi (8.8.7/8.8.5) with SMTP id PAA27980; Thu, 7 May 1998 15:06:18 +0300 (EET DST) Date: Thu, 7 May 1998 15:06:18 +0300 (EET DST) From: Ari Suutari To: Adam Rothschild cc: freebsd-net@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: NAT woes! In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk On Wed, 6 May 1998, Adam Rothschild wrote: Hi, > natd -log -redirect_address 192.168.0.0 0.0.0.0 -n ex0 -u I would leave -redirect_address out since it is not required for accepting incoming connection and also because it doesn't map networks - it maps host addresses. > ipfw -f flush > ipfw add divert natd all from any to any add "via ex0" to end of this rule to pass only packets of ex0 to natd. Ari Lappeenranta, Finland To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message From owner-freebsd-security Fri May 8 18:29:19 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id SAA29992 for freebsd-security-outgoing; Fri, 8 May 1998 18:29:19 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from wraith.cs.uow.edu.au (root@wraith.cs.uow.edu.au [130.130.64.1]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id SAA29954 for ; Fri, 8 May 1998 18:29:06 -0700 (PDT) (envelope-from ncb05@uow.edu.au) Received: from banshee.cs.uow.edu.au (ncb05@banshee.cs.uow.edu.au [130.130.188.1]) by wraith.cs.uow.edu.au (8.9.0.Beta5/8.9.0.Beta5) with SMTP id LAA23005; Sat, 9 May 1998 11:25:19 +1000 (EST) Date: Sat, 9 May 1998 11:25:17 +1000 (EST) From: Nicholas Charles Brawn X-Sender: ncb05@banshee.cs.uow.edu.au To: Sanjit Roy cc: freebsd-security@FreeBSD.ORG Subject: Re: how safe is FreeBSD 2.2.5 In-Reply-To: <3553963E.F2C5DE6@phy.iitkgp.ernet.in> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk [moving this to freebsd-security] On Sat, 9 May 1998, Sanjit Roy wrote: > I need some advise regarding the security level in FreeBSD. Lately, a > lot of students in my university campus have been into hacking activity. > I have a Linux (kernel 1.2.8) system on one of my mail gateways and it's > a piece of cake becoming 'root' on that machine. I immediately need to > upgrade that to either REDHAT Linux 5.0 or FreeBSD 2.2.5. I have both > the flavours of unix available with me. > > What I want to know is : > > 1. which of the two is more secure? As always this is a debatable topic. What it comes down to is the security features incorporated and/or available with the OS, the attitude of the developers to fixing bug and or security problems, and above all, the skill of the person administrating the machine (in securing it). I think you should go with FreeBSD. :) > 2. Is shadow util really effective in Linux. Don't know if there's one > in FreeBSD? Haven't used linux in a while so I couldn't help you there. But FreeBSD has shadowing incorporated from the get-go. The two files, or rather four(?) you have in FreeBSD are: /etc/passwd (shadowed). /etc/master.passwd (root-only readable file with the password's md5'd). /etc/pwd.db (something I haven't really looked into, but it contains gecos-related information). /etc/spwd.db (root-only readable file containing information similar to above but also password strings). > 3. what do i have to do/install to make my system secure i.e, what are > the available patches and where do i get them? ftp://ftp.freebsd.org/pub/FreeBSD/CERT. > > Hoping to hear from you soon. > Sanjit. > fiber@phy.iitkgp.ernet.in > regards, Nicholas Brawn -- Email: ncb05@uow.edu.au - DE 30 33 D3 16 91 C8 8D A7 F8 70 03 B7 77 1A 2A http://rabble.uow.edu.au/~nick - public key available on request. Nicholas Brawn - Computer Science Undergraduate, University of Wollongong. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message From owner-freebsd-security Fri May 8 22:39:07 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id WAA27403 for freebsd-security-outgoing; Fri, 8 May 1998 22:39:07 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from fang.cs.sunyit.edu (perlsta@fang.cs.sunyit.edu [192.52.220.66]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id WAA27393 for ; Fri, 8 May 1998 22:39:01 -0700 (PDT) (envelope-from perlsta@fang.cs.sunyit.edu) Received: from localhost (perlsta@localhost) by fang.cs.sunyit.edu (8.8.5/8.7.3) with SMTP id AAA26320; Sat, 9 May 1998 00:39:09 GMT Date: Sat, 9 May 1998 00:39:09 +0000 (GMT) From: Alfred Perlstein To: Nicholas Charles Brawn cc: Sanjit Roy , freebsd-security@FreeBSD.ORG Subject: Re: how safe is FreeBSD 2.2.5 In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk there were a few problems with the "stock" 2.2.5 release in terms of security. the 2.2.6 release is much better from what i've heard. you also have the option installing a 2.2.5 machine and cvsuping, or dowloading a "SNAP" release of a lterer dated 2.2.6 release. i think you should look at: (ftp URLS) releng22.freebsd.org (not sure about this one) current.freebsd.org (this one is most likely around) and of course: ftp.freebsd.org you can get SNAP relases from those sites. -Alfred On Sat, 9 May 1998, Nicholas Charles Brawn wrote: > > [moving this to freebsd-security] > > On Sat, 9 May 1998, Sanjit Roy wrote: > > > I need some advise regarding the security level in FreeBSD. Lately, a > > lot of students in my university campus have been into hacking activity. > > I have a Linux (kernel 1.2.8) system on one of my mail gateways and it's > > a piece of cake becoming 'root' on that machine. I immediately need to > > upgrade that to either REDHAT Linux 5.0 or FreeBSD 2.2.5. I have both > > the flavours of unix available with me. > > > > What I want to know is : > > > > 1. which of the two is more secure? > > As always this is a debatable topic. What it comes down to is the security > features incorporated and/or available with the OS, the attitude of the > developers to fixing bug and or security problems, and above all, the > skill of the person administrating the machine (in securing it). > > I think you should go with FreeBSD. :) > > > 2. Is shadow util really effective in Linux. Don't know if there's one > > in FreeBSD? > > Haven't used linux in a while so I couldn't help you there. But FreeBSD > has shadowing incorporated from the get-go. The two files, or rather > four(?) you have in FreeBSD are: > > /etc/passwd (shadowed). > /etc/master.passwd (root-only readable file with the password's md5'd). > /etc/pwd.db (something I haven't really looked into, but it contains > gecos-related information). > /etc/spwd.db (root-only readable file containing information similar to > above but also password strings). > > > 3. what do i have to do/install to make my system secure i.e, what are > > the available patches and where do i get them? > > ftp://ftp.freebsd.org/pub/FreeBSD/CERT. > > > > > Hoping to hear from you soon. > > Sanjit. > > fiber@phy.iitkgp.ernet.in > > > > regards, > > Nicholas Brawn > > -- > Email: ncb05@uow.edu.au - DE 30 33 D3 16 91 C8 8D A7 F8 70 03 B7 77 1A 2A > http://rabble.uow.edu.au/~nick - public key available on request. > Nicholas Brawn - Computer Science Undergraduate, University of Wollongong. > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message