From owner-freebsd-security Sun Nov 29 11:59:24 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA27689 for freebsd-security-outgoing; Sun, 29 Nov 1998 11:59:24 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from weathership.homeport.org (weathership.homeport.org [207.31.235.99]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA27684 for ; Sun, 29 Nov 1998 11:59:22 -0800 (PST) (envelope-from adam@weathership.homeport.org) Received: (from adam@localhost) by weathership.homeport.org (8.8.8/8.8.5) id PAA18640; Sun, 29 Nov 1998 15:09:48 -0500 (EST) Message-ID: <19981129150948.A18609@weathership.homeport.org> Date: Sun, 29 Nov 1998 15:09:48 -0500 From: Adam Shostack To: Robert Watson , CyberPsychotic Cc: freebsd-security@FreeBSD.ORG Subject: Re: Detecting remote host type and so on.. References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93i In-Reply-To: ; from Robert Watson on Sat, Nov 28, 1998 at 04:35:27PM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, Nov 28, 1998 at 04:35:27PM -0500, Robert Watson wrote: | On Sat, 28 Nov 1998, CyberPsychotic wrote: | | > Hello people, | > This is probably abit offtopic, but anyway, That is not good when someone | > could figure out what platform you're running your Apache on. Recently I | > checked site http://www.netcraft.com which could tell you what server and | > on what platform you're running. They don't provide source for the code, | > so I just put my sniffer on, and pushed the button (they have webform) to | > see what that will do. All that box did, was a connection to my 80 port | > and issuing command HEAD / HTTP/1.0. All what comes for responce is: | | As far as I can tell, it is almost impossible to disguise the operating | system that you are running. Most platforms display distinctive banners, | have quirks in their IP implementation, or just made different design | choices that may be distinguished remotely (for example, choices about | timeouts, fragmentation issues, etc). While you can attempt to hide the Two tools that do this are queso (at Apostools.org, if memory serves), and nmap2 (currently in closed beta.) Also, Tony Osborne has been working on a paper based on ICMP differences. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Nov 29 14:41:59 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id OAA11027 for freebsd-security-outgoing; Sun, 29 Nov 1998 14:41:59 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from frmug.org (frmug-gw.frmug.org [193.56.58.252]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA11021 for ; Sun, 29 Nov 1998 14:41:53 -0800 (PST) (envelope-from roberto@keltia.freenix.fr) Received: (from uucp@localhost) by frmug.org (8.9.1/frmug-2.3/nospam) with UUCP id XAA28627 for freebsd-security@FreeBSD.ORG; Sun, 29 Nov 1998 23:41:40 +0100 (CET) (envelope-from roberto@keltia.freenix.fr) Received: by keltia.freenix.fr (Postfix, from userid 101) id 3A19E1534; Sun, 29 Nov 1998 22:42:00 +0100 (CET) Date: Sun, 29 Nov 1998 22:42:00 +0100 From: Ollivier Robert To: freebsd-security@FreeBSD.ORG Subject: Re: Would this make FreeBSD more secure? & sendmail changes in OpenBSD 2.4 Message-ID: <19981129224200.A13724@keltia.freenix.fr> Mail-Followup-To: freebsd-security@FreeBSD.ORG References: <199811162114.PAA06569@s07.sa.fedex.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.94.16i In-Reply-To: <199811162114.PAA06569@s07.sa.fedex.com>; from William McVey on Mon, Nov 16, 1998 at 03:13:54PM -0600 X-Operating-System: FreeBSD 3.0-CURRENT/ELF ctm#4829 AMD-K6 MMX @ 200 MHz Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org According to William McVey: > To strip the setuid root bit from the delivery agent will require > the daemon to be privileged so that it can setuid to the user who's > mail is being handled. I would say a setuid root program that no-one > but the MTA can execute is the lesser of two evils. There is a third way, coming RSN near FreeBSD: Postfix (also known in another life as VMailer), made by W. Venema doesn't require setuid-root MDA (like mail.local and procmail) at all! 414 [23:16] root@keltia:local/bin# ll procma* -rwxr-xr-x 1 root mail 52392 Nov 16 22:24 procmail* Send mail to local user: -=-=- 383 [23:17] roberto@keltia:net/mtr> echo foo| mail roberto send-mail: sendmail_service: open maildrop/5488D14BE -=-=- Log from procmail: -=-=- >From roberto@keltia.freenix.fr Mon Nov 23 23:17:10 1998 Folder: /var/mail/roberto 403 -=-=- Mail log: -=-=- Nov 23 23:17:10 keltia postfix/pickup[18162]: 7542114C0: sender=101/roberto Nov 23 23:17:10 keltia postfix/cleanup[18415]: 7542114C0: message-id=<19981123221710.7542114C0@keltia.freenix.fr> Nov 23 23:17:10 keltia postfix/qmgr[18163]: 7542114C0: from=, size=305 (queue active) Nov 23 23:17:11 keltia postfix/local[18417]: 7542114C0: to=, relay=local, delay=1, status=sent ("|/usr/local/bin/procmail") -=-=- -- Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- roberto@keltia.freenix.fr FreeBSD keltia.freenix.fr 3.0-CURRENT #2: Sun Nov 8 01:22:20 CET 1998 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Nov 29 18:57:38 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id SAA06460 for freebsd-security-outgoing; Sun, 29 Nov 1998 18:57:38 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from cliff.mfn.org (cliff.mfn.org [204.238.179.8]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id SAA06455 for ; Sun, 29 Nov 1998 18:57:34 -0800 (PST) (envelope-from measl@support.mfn.org) X-Message1: Missouri FreeNet does not relay. If this email X-Message2: is unsolicited bulk or commercial, please report X-Message3: this abuse promptly to abuse@mfn.org. Thank You. X-ORIGINIP: 204.238.179.36 X-ORIGINDNS: support.mfn.org Received: from support.mfn.org (support.mfn.org [204.238.179.36]) by cliff.mfn.org (8.8.7/8.8.7) with ESMTP id UAA00754; Sun, 29 Nov 1998 20:57:22 -0600 (CST) (envelope-from measl@support.mfn.org) Posted-Date: Sun, 29 Nov 1998 20:57:22 -0600 (CST) Received: (from measl@localhost) by support.mfn.org (8.8.7/8.8.7) id UAA00552; Sun, 29 Nov 1998 20:57:19 -0600 (CST) (envelope-from measl) Date: Sun, 29 Nov 1998 20:57:19 -0600 (CST) From: "J.A. Terranson" Message-Id: <199811300257.UAA00552@support.mfn.org> To: freebsd-security@FreeBSD.ORG, freebsd-questions@freebesd.org Subject: IPFW Message Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Good Evening, I am sitting here watching a *large* screen of the following messages... ipfw: 65500 Deny P:54 24.88.34.57 204.238.179.10 What does the "P:54" mean? We've been using IPFW for about 6 months now, and have never seen it, but I am rather uncomfortable watching the screen scroll message after message... Please respond directly, as I am not subscribed... Thank you. J.A. Terranson sysadmin@mfn.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Nov 29 22:22:00 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id WAA22353 for freebsd-security-outgoing; Sun, 29 Nov 1998 22:21:37 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from colin.muc.de (colin.muc.de [193.174.4.1]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id WAA22340 for ; Sun, 29 Nov 1998 22:21:18 -0800 (PST) (envelope-from lutz@muc.de) Received: from tavari.muc.de ([193.174.4.22]) by colin.muc.de with SMTP id <140550-1>; Mon, 30 Nov 1998 07:21:02 +0100 Received: (from daemon@localhost) by tavari.muc.de (8.8.8/8.8.7) id HAA26165; Mon, 30 Nov 1998 07:16:48 +0100 (CET) Received: from ripley(192.168.42.202) by morranon via smap (V2.1) id xma026163; Mon, 30 Nov 98 07:16:40 +0100 From: "Lutz Albers" To: "J.A. Terranson" , , Subject: RE: IPFW Message Date: Mon, 30 Nov 1998 07:15:36 +0100 Message-ID: <000401be1c28$d8853270$ca2aa8c0@ripley.tavari.muc.de> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2377.0 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2120.0 In-Reply-To: <199811300257.UAA00552@support.mfn.org> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > I am sitting here watching a *large* screen of the following > messages... > > ipfw: 65500 Deny P:54 24.88.34.57 204.238.179.10 > > What does the "P:54" mean? We've been using IPFW for about 6 months > now, and have never seen it, but I am rather uncomfortable watching > the screen scroll message after message... Attempting to use packets with the IP protocol set to 54 (which is unknown to the system). You might try to get a newer version of /etc/protocols from IANA to see if this defined somewhere. ciao lutz -- Lutz Albers, lutz@muc.de, pgp key available from Do not take life too seriously, you will never get out of it alive. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Nov 29 22:51:32 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id WAA24324 for freebsd-security-outgoing; Sun, 29 Nov 1998 22:51:32 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from ol.kyrnet.kg (ol.kyrnet.kg [195.254.160.10]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id WAA24310 for ; Sun, 29 Nov 1998 22:51:14 -0800 (PST) (envelope-from fygrave@tigerteam.net) Received: from gizmo.kyrnet.kg (IDENT:fygrave@gizmo.kyrnet.kg [192.168.1.125]) by ol.kyrnet.kg (8.9.1a/8.9.1) with ESMTP id LAA27778; Mon, 30 Nov 1998 11:20:23 +0600 Received: from localhost (fygrave@localhost) by gizmo.kyrnet.kg (8.9.1a/8.9.1) with ESMTP id LAA01531; Mon, 30 Nov 1998 11:49:00 +0500 X-Authentication-Warning: gizmo.kyrnet.kg: fygrave owned process doing -bs Date: Mon, 30 Nov 1998 11:48:59 +0500 (KGT) From: CyberPsychotic X-Sender: fygrave@gizmo.kyrnet.kg To: Robert Watson cc: freebsd-security@FreeBSD.ORG Subject: Re: Detecting remote host type and so on.. In-Reply-To: Message-ID: Confirm-receipt-to: fygrave@usa.net MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ~ As far as I can tell, it is almost impossible to disguise the operating ~ system that you are running. Most platforms display distinctive banners, ~ have quirks in their IP implementation, or just made different design ~ choices that may be distinguished remotely (for example, choices about ~ timeouts, fragmentation issues, etc). yeap. That's what I was told, is used at netcraft.com software to figure the type of remote system. Also, I was told that port of FreeBSD utility : queso ( I haven't yet found it among the ports of my originally FreeBSD 2.2.6 machine,but searching the web now), which does the similar thing... hmm.. very interesting. ~ While you can attempt to hide the ~ platform by disabling as many services as possible, removing banners, and ~ hiding behind a firewall that reformats packets and connections, there is ~ really not a whole lot to do. I find leaving the information there is ~ often more useful than not -- attempting to exploit a bug doesn't require ~ knowledge of the OS/version (try all versions you have an exploit for :), ~ but having the version information there can be useful in debugging ~ interoperability problems. Well, I still don't think that's a good idea to let outsiders know what type of system you're running.. it's like having the room with a bunch of bells and discussing the matter whether the light should be turned on or off. :) consider the following: if the attacker knows the type of my OS/architecture he could just preinstall the similar and then find the vulneriabilities which could let him it. later on, he could use them just one by one till he either find an unclosed/unfixed one or is out of them... now consider the attacker doesn't have this info... first thing he'd probably do is portscan. Then he'd try ALL_OS/architecture sploits to see if he could work it out, and that would definetely make more noise and attract addmin attention. This could be called 'security through obsurity(sp?)', but I am sure if you have even 10+ machines to manage, you can not keep them all up-to-date. (well, FreeBSD ones, yes, since you can make a cronjob for cvsup, but if they all are of different platform). but having lots of noize in your logfile would definetely give you a hint that there's something not good with this service and should be urgently upgraded/fixed or closed till upgrade. Especially when you count in, that most of discovered security holes on most platfroms (except FreeBSD/Linux maybe some others, I am unaware of, since they have non-moderated security mailing lists) gets published about a WEEK after the discovery. Enough time to let people play with your box right? :) ~ Sort of like having the sendmail version there -- makes it easier to debug ~ problems, and lets you use wholesale network scanners to find old ~ versions; well.. yep.. that's also the matter..:) easier mainterance vs. strong security. I guess SNMP is still would be the best here if you want to bias your setup to the former thing. However using SNMP you need to really care of firewalling and stuff, since it's very unsecure thing for open-wide network, so far I know. ~ but for someone to try to exploit a bug they just try it out. ~ If you care a whole bunch, it could probably be cleaned up a bit, but I'm ~ not sure its worth the trouble. If you think the server says too much, ~ look at what your average WWW browser spews to the server :). :) well, clients are usually on lame Windog box.:) and there's always a way to spoof it by the way :) Fyodor PS: Thanks alot to everyone else who responded in private way. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Nov 30 00:09:09 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id AAA01208 for freebsd-security-outgoing; Mon, 30 Nov 1998 00:09:09 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from info.laosb.org (info.laosb.org [206.170.208.7]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id AAA01203 for ; Mon, 30 Nov 1998 00:09:08 -0800 (PST) (envelope-from jon@info.laosb.org) Received: from localhost (jon@localhost) by info.laosb.org (8.8.5/8.8.5) with SMTP id RAA28277; Fri, 26 Apr 1996 17:39:20 -0700 Date: Fri, 26 Apr 1996 17:39:20 -0700 (PDT) From: Jon To: CyberPsychotic cc: Robert Watson , freebsd-security@FreeBSD.ORG Subject: Re: Detecting remote host type and so on.. In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 30 Nov 1998, CyberPsychotic wrote: > ~ As far as I can tell, it is almost impossible to disguise the operating > ~ system that you are running. Most platforms display distinctive banners, > ~ have quirks in their IP implementation, or just made different design > ~ choices that may be distinguished remotely (for example, choices about > ~ timeouts, fragmentation issues, etc). > > > yeap. That's what I was told, is used at netcraft.com software to figure > the type of remote system. Also, I was told that port of FreeBSD utility : > queso ( I haven't yet found it among the ports of my originally FreeBSD > 2.2.6 machine,but searching the web now), which does the similar thing... > hmm.. very interesting. www.apostols.org/projectz/queso/ Above does what you want. It should compile on FreeBSD (did on my 2.2.7-stable) > > ~ While you can attempt to hide the > ~ platform by disabling as many services as possible, removing banners, and > ~ hiding behind a firewall that reformats packets and connections, there is > ~ really not a whole lot to do. I find leaving the information there is > ~ often more useful than not -- attempting to exploit a bug doesn't require > ~ knowledge of the OS/version (try all versions you have an exploit for :), > ~ but having the version information there can be useful in debugging > ~ interoperability problems. > > > Well, I still don't think that's a good idea to let outsiders know what > type of system you're running.. it's like having the room with a bunch of > bells and discussing the matter whether the light should be turned on or > off. :) consider the following: Whenever you use a stock system, you open yourself up to all the vulnerabilities of said system. If you had a custom system, you would not be as readily vulnerable to various attacks. Thus is the trade off of using a commonly available system. > > if the attacker knows the type of my OS/architecture he could just > preinstall the similar and then find the vulneriabilities which could let > him it. later on, he could use them just one by one till he either find an > unclosed/unfixed one or is out of them... > now consider the attacker doesn't have this info... first thing he'd > probably do is portscan. Then he'd try ALL_OS/architecture sploits to see > if he could work it out, and that would definetely make more noise and > attract addmin attention. This could be called 'security through > obsurity(sp?)', but I am sure if you have even 10+ machines to manage, you > can not keep them all up-to-date. (well, FreeBSD ones, yes, since you can > make a cronjob for cvsup, but if they all are of different platform). See above. > > but having lots of noize in your logfile would definetely give you a hint > that there's something not good with this service and should be urgently > upgraded/fixed or closed till upgrade. Especially when you count in, that > most of discovered security holes on most platfroms (except FreeBSD/Linux > maybe some others, I am unaware of, since they have non-moderated security > mailing lists) gets published about a WEEK after the discovery. Enough > time to let people play with your box right? :) > Hopefully those holes go public on bugtraq giving the admin's a fighting chance. One of the problems with security is that when a remote hole goes public, dozens of attackers are awake whereas the one admin may be asleep allowing a penetration. Worse is when it does not go public... > > > ~ Sort of like having the sendmail version there -- makes it easier to debug > ~ problems, and lets you use wholesale network scanners to find old > ~ versions; > > well.. yep.. that's also the matter..:) easier mainterance vs. strong > security. I guess SNMP is still would be the best here if you want to > bias your setup to the former thing. However using SNMP you need to really > care of firewalling and stuff, since it's very unsecure thing for > open-wide network, so far I know. Well personally, the way I see it is the only person who needs to know the version is the admin but that leads into another mess... > > > ~ but for someone to try to exploit a bug they just try it out. > ~ If you care a whole bunch, it could probably be cleaned up a bit, but I'm > ~ not sure its worth the trouble. If you think the server says too much, > ~ look at what your average WWW browser spews to the server :). > > :) well, clients are usually on lame Windog box.:) and there's always a > way to spoof it by the way :) > > > Fyodor > > PS: Thanks alot to everyone else who responded in private way. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Nov 30 01:02:55 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id BAA05595 for freebsd-security-outgoing; Mon, 30 Nov 1998 01:02:55 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from ol.kyrnet.kg (ol.kyrnet.kg [195.254.160.10]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id BAA05584 for ; Mon, 30 Nov 1998 01:02:49 -0800 (PST) (envelope-from fygrave@tigerteam.net) Received: from gizmo.kyrnet.kg (IDENT:fygrave@gizmo.kyrnet.kg [192.168.1.125]) by ol.kyrnet.kg (8.9.1a/8.9.1) with ESMTP id NAA28128; Mon, 30 Nov 1998 13:32:08 +0600 Received: from localhost (fygrave@localhost) by gizmo.kyrnet.kg (8.9.1a/8.9.1) with ESMTP id OAA03905; Mon, 30 Nov 1998 14:00:46 +0500 X-Authentication-Warning: gizmo.kyrnet.kg: fygrave owned process doing -bs Date: Mon, 30 Nov 1998 14:00:46 +0500 (KGT) From: CyberPsychotic X-Sender: fygrave@gizmo.kyrnet.kg To: Adam Shostack cc: Robert Watson , freebsd-security@FreeBSD.ORG Subject: Re: Detecting remote host type and so on.. In-Reply-To: <19981129150948.A18609@weathership.homeport.org> Message-ID: Confirm-receipt-to: fygrave@usa.net MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ~ Two tools that do this are queso (at Apostools.org, if memory serves), ~ and nmap2 (currently in closed beta.) Also, Tony Osborne has been ~ working on a paper based on ICMP differences. ~ yeah. thanks. well 'DESCR' for queso gives pretty clear answer for my question, thanks for points: --[cut here]-- How we can determine the remote OS using simple tcp packets? Well, it's easy, they're packets that don't make any sense, so the RFCs don't clearly state what to answer in these kind of situations. Facing this ambiguous, each TCP/IP stack takes a different approach to the problem, and this way, we get a different response. In some cases (like Linux, to name one) some programming mistakes make the OS detectable. QueSO sends: 0 SYN * THIS IS VALID, used to verify LISTEN 1 SYN+ACK 2 FIN 3 FIN+ACK 4 SYN+FIN 5 PSH 6 SYN+XXX+YYY * XXX & YYY are unused TCP flags -more- http://www.apostols.org/projectz/queso/ --[cut here]-- well, I think that there could be the similar differences in responces for badly-formed ICMP packets as well as for other stuff.. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Nov 30 05:22:20 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id FAA25004 for freebsd-security-outgoing; Mon, 30 Nov 1998 05:22:20 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from caboose.zip.com.au (caboose.zip.com.au [203.12.97.11]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id FAA24999 for ; Mon, 30 Nov 1998 05:22:18 -0800 (PST) (envelope-from jp@zip.com.au) Received: from star (cartman78.zip.com.au [61.8.20.206]) by caboose.zip.com.au (8.9.1/8.9.1) with SMTP id AAA25982 for ; Tue, 1 Dec 1998 00:22:05 +1100 Message-Id: <4.1.19981201001727.00c5f5d0@pop3.zip.com.au> X-Sender: jp@pop3.zip.com.au X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Tue, 01 Dec 1998 00:19:38 +1100 To: freebsd-security@FreeBSD.ORG From: John Paul Lonie Subject: IPFW Sample rule sets Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello all, I am wondering if anyone can point me to a list of sample IPFW rule sets. Other then one ones in rc.firewall ;-) Thanks for any help. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Nov 30 05:44:34 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id FAA27320 for freebsd-security-outgoing; Mon, 30 Nov 1998 05:44:34 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from 2.hot.cl (node1e2d.a2000.nl [62.108.30.45]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id FAA27295 for ; Mon, 30 Nov 1998 05:44:25 -0800 (PST) (envelope-from niels@hot.cl) Received: from localhost (niels@localhost) by 2.hot.cl (8.8.8/HOTCL) with SMTP id OAA28926; Mon, 30 Nov 1998 14:43:10 +0100 (CET) (envelope-from niels@hot.cl) Date: Mon, 30 Nov 1998 14:43:10 +0100 (CET) From: Niels Kroon To: John Paul Lonie cc: freebsd-security@FreeBSD.ORG Subject: Re: IPFW Sample rule sets In-Reply-To: <4.1.19981201001727.00c5f5d0@pop3.zip.com.au> Message-ID: X-Location: Amsterdam The Netherlands MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 1 Dec 1998, John Paul Lonie wrote: > Hello all, > > I am wondering if anyone can point me to a list of sample IPFW rule sets. > > Other then one ones in rc.firewall ;-) > > Thanks for any help. http://www.metronet.com/~pgilley/freebsd/ipfw contains 4 sample rulesets there is a link to this site from http://www.freebsd.org/~jkb/howto.html which is the new (html) version of the FreeBSD Security Howto Niels To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Nov 30 06:21:49 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id GAA01328 for freebsd-security-outgoing; Mon, 30 Nov 1998 06:21:49 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from ol.kyrnet.kg (ol.kyrnet.kg [195.254.160.10]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA01313 for ; Mon, 30 Nov 1998 06:21:41 -0800 (PST) (envelope-from mlists@gizmo.kyrnet.kg) Received: from gizmo.kyrnet.kg (IDENT:mlists@gizmo.kyrnet.kg [192.168.1.125]) by ol.kyrnet.kg (8.9.1a/8.9.1) with ESMTP id SAA29203; Mon, 30 Nov 1998 18:51:07 +0600 Received: from localhost (mlists@localhost) by gizmo.kyrnet.kg (8.9.1a/8.9.1) with ESMTP id TAA05126; Mon, 30 Nov 1998 19:19:45 +0500 Date: Mon, 30 Nov 1998 19:19:45 +0500 (KGT) From: CyberPsychotic Reply-To: fygrave@tigerteam.net To: John Paul Lonie cc: freebsd-security@FreeBSD.ORG Subject: Re: IPFW Sample rule sets In-Reply-To: <4.1.19981201001727.00c5f5d0@pop3.zip.com.au> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ~ Hello all, ~ ~ I am wondering if anyone can point me to a list of sample IPFW rule sets. ~ ~ Other then one ones in rc.firewall ;-) ~ here's what I use.Not perfect (I would appreciate any hints even). But it works for me fairly well. consider my scheme as following: BSD --ed0--| box |--ppp-- internet ed0, say has 1.1.1.1/(net 255.255.255.0) IP ppp0, say has 1.1.2.1 IP 1.1.3.1, is IP of my secondary nameserver add deny log all from 1.1.1.0:255.255.255.0 to any in via ppp0 <-- no spoof add deny log all from 1.1.2.1:255.255.255.255 to any in via ed0 add deny all from 192.168.0.0:255.255.0.0 to any via ppp0 <-- no iternal IP add deny all from 172.16.0.0:255.240.0.0 to any via ppp0 add deny all from 10.0.0.0:255.0.0.0 to any via ppp0 add pass all from 1.1.1.2 to any <----- I want this dude to di anything add pass all from any to 1.1.1.2 <---- including caring of his security add deny udp from 1.1.1.3 137 to any <-- there are some Windog machines in add deny udp from 1.1.1.3 138 to any <-- lan which broadcast UDP/netbios packs, and thus fill my log with junk. add pass tcp from any to any established <-- any estabilished conn. should go add pass tcp from 1.1.2.1 to any <--------- I want to use all tcp stuff add pass tcp from 1.1.1.0/24 to any <------- so my lan does. add pass tcp from any to 1.1.2.1 25 <------- sendmail add pass tcp from any to 1.1.1.1 25 add pass tcp from 1.1.3.1 to 1.1.1.1 53 setup add pass tcp from any to 1.1.1.1 80 <--- web add pass tcp from any to 1.1.2.1 80 add pass tcp from any to 1.1.2.1 1024-65535 <-- I don't run X so it add pass tcp from any to 1.1.1.0/24 1024-65535 <-- should be quite safe, and allow non-passive ftp add pass log tcp from any to 1.1.1.1 113 setup donno why but i want add pass log tcp from any to 1.1.2.1 113 setup to see who does ident lookup add pass log tcp from any to 1.1.1.4 23 setup I want to allow telnet add pass tcp from any to 1.1.1.4 25 setup and sendmail to some iternal box add pass udp from any to 1.1.2.1 53 <---------- I had to allow this to make DNS working. add pass udp from 1.1.2.1 to any 53 <--- not all UDP responces I want to be passed out. add pass udp from 1.1.1.1 53 to any <--- add pass udp from any to 1.1.1.4 53 <-- other box which will want DNS lookups. add pass udp from 1.1.1.4 to any 53 add pass udp from any 53 to 1.1.1.1 1024-65535 <-- that's actually what I had to leave for allowing DNS queries replys, should be safe enough, right? add pass udp from any 53 to 1.1.1.4 1024-65535 add pass udp from any 123 to 1.1.2.1 timeserver add pass udp from 1.1.2.1 to any 123 add pass udp from any 3130 to 1.1.2.1 3130 squid things, not sure of this piece tho... add pass udp from 1.1.2.1 3130 to any 3130 add pass icmp from 1.1.2.1 to any <--- ICMP should not be dangerous, right? add pass icmp from any to 1.1.2.1 add pass icmp from 1.1.1.4 to any add pass icmp from any to 1.1.1.4 add pass log icmp from any to any <--- others should also work, but I should know who tried it. add deny log all from any to any <---- everything else I want to have logged and denied. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Nov 30 09:54:14 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA20079 for freebsd-security-outgoing; Mon, 30 Nov 1998 09:54:14 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from anubis.nosc.mil (anubis.nosc.mil [198.253.16.34]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA20074 for ; Mon, 30 Nov 1998 09:54:13 -0800 (PST) (envelope-from swann@anubis.nosc.mil) Received: from localhost (swann@localhost) by anubis.nosc.mil (8.8.7/8.8.7) with SMTP id MAA16236; Mon, 30 Nov 1998 12:46:18 -0500 (EST) Date: Mon, 30 Nov 1998 12:46:18 -0500 (EST) From: David B Swann To: Christoph Kukulies cc: freebsd-security@FreeBSD.ORG Subject: Re: cgi-bin/phf* security hole in apache In-Reply-To: <199811261619.RAA25745@gilberto.physik.RWTH-Aachen.DE> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org The phf security hole allowed remote users to execute commands running as the same ID as the web server. If your web server runs as root, as many systems do, they could execute commands as root on your system. You should NEVER run a web server as root, IMHO. I had people from Italy, Russia, and the US download my password file using this exploit. They also tried other things like running the ps command. I assume they were trying to determine the ID that the web server was running. A few other things failed to work, but I only got error messages in the log file. I don't know WHAT they actually tried. Since I was using shadow password files, I feel safe that they could not crack a password. I've used this exploit to go THROUGH a firewal and download a password file from a system. This was at the remote site's request though. __________________________________________________________________________ | Bryan Swann (swann@nosc.mil) 803/566-0086 803/554-0015 (Fax) | | Eagan McAllister Associates, Inc. | | | | "Everything must be working perfectly, cause I don't smell any smoke" | -------------------------------------------------------------------------- On Thu, 26 Nov 1998, Christoph Kukulies wrote: > > Could someone explain the effect of the 'phf*' security hole > (severeness) in earlier apache versions? I detected someone > having tried to test it against my httpd on several machines > (net wide scan). > > -- > Chris Christoph P. U. Kukulies kuku@gil.physik.rwth-aachen.de > http://blues.physik.rwth-aachen.de/hammond.html > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Nov 30 11:17:56 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA00590 for freebsd-security-outgoing; Mon, 30 Nov 1998 11:17:56 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from gilberto.physik.RWTH-Aachen.DE (gilberto.physik.rwth-aachen.de [137.226.30.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA00585 for ; Mon, 30 Nov 1998 11:17:54 -0800 (PST) (envelope-from kuku@gilberto.physik.RWTH-Aachen.DE) Received: (from kuku@localhost) by gilberto.physik.RWTH-Aachen.DE (8.8.8/8.8.7) id UAA12899; Mon, 30 Nov 1998 20:17:45 +0100 (MET) (envelope-from kuku) Message-ID: <19981130201745.A12844@gil.physik.rwth-aachen.de> Date: Mon, 30 Nov 1998 20:17:45 +0100 From: Christoph Kukulies To: David B Swann , Christoph Kukulies Cc: freebsd-security@FreeBSD.ORG Subject: Re: cgi-bin/phf* security hole in apache References: <199811261619.RAA25745@gilberto.physik.RWTH-Aachen.DE> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.91 In-Reply-To: ; from David B Swann on Mon, Nov 30, 1998 at 12:46:18PM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, Nov 30, 1998 at 12:46:18PM -0500, David B Swann wrote: > The phf security hole allowed remote users to execute commands running as > the same ID as the web server. If your web server runs as root, as many > systems do, they could execute commands as root on your system. You > should NEVER run a web server as root, IMHO. Well, I was relying on the way it is installed under FreeBSD and I believe it *is* started as root, though I assume it forks/execs under uid nobody. At least the 1.3 version of apache. > > I had people from Italy, Russia, and the US download my password file > using this exploit. They also tried other things like running the ps > command. I assume they were trying to determine the ID that the web > server was running. A few other things failed to work, but I only got > error messages in the log file. I don't know WHAT they actually tried. > Since I was using shadow password files, I feel safe that they could not > crack a password. > > I've used this exploit to go THROUGH a firewal and download a password > file from a system. This was at the remote site's request though. > -- Chris Christoph P. U. Kukulies kuku@gil.physik.rwth-aachen.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Nov 30 11:56:55 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA06041 for freebsd-security-outgoing; Mon, 30 Nov 1998 11:56:55 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from cliff.mfn.org (cliff.mfn.org [204.238.179.8]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA06010 for ; Mon, 30 Nov 1998 11:56:48 -0800 (PST) (envelope-from measl@mfn.org) X-Message1: Missouri FreeNet does not relay. If this email X-Message2: is unsolicited bulk or commercial, please report X-Message3: this abuse promptly to abuse@mfn.org. Thank You. X-ORIGINIP: 204.238.179.36 X-ORIGINDNS: support.mfn.org Received: from support.mfn.org (support.mfn.org [204.238.179.36]) by cliff.mfn.org (8.8.7/8.8.7) with SMTP id NAA02012; Mon, 30 Nov 1998 13:53:20 -0600 (CST) (envelope-from measl@mfn.org) Posted-Date: Mon, 30 Nov 1998 13:53:20 -0600 (CST) Date: Mon, 30 Nov 1998 13:53:18 -0600 (CST) From: Missouri FreeNet Administration To: Lutz Albers cc: freebsd-security@FreeBSD.ORG, freebsd-questions@freebesd.org Subject: RE: IPFW Message In-Reply-To: <000401be1c28$d8853270$ca2aa8c0@ripley.tavari.muc.de> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org n Sure enough, protocol 54 is the "Next Hop Resolution Protocol"... Now why I am getting this protocol from someone's dial-up connection is a totally different question, although I think I can guess the answer ;-o Thanks! J.A. Terranson sysadmin@mfn.org On Mon, 30 Nov 1998, Lutz Albers wrote: :Date: Mon, 30 Nov 1998 07:15:36 +0100 :From: Lutz Albers :To: "J.A. Terranson" , freebsd-security@FreeBSD.ORG, : freebsd-questions@freebesd.org :Subject: RE: IPFW Message : :> I am sitting here watching a *large* screen of the following :> messages... :> :> ipfw: 65500 Deny P:54 24.88.34.57 204.238.179.10 :> :> What does the "P:54" mean? We've been using IPFW for about 6 months :> now, and have never seen it, but I am rather uncomfortable watching :> the screen scroll message after message... : :Attempting to use packets with the IP protocol set to 54 (which is unknown :to the system). You might try to get a newer version of /etc/protocols from :IANA to see if this defined somewhere. : :ciao : lutz :-- :Lutz Albers, lutz@muc.de, pgp key available from :Do not take life too seriously, you will never get out of it alive. : : Yours, J.A. Terranson sysadmin@mfn.org support@mfn.org -- If the Government wants us to behave, they should set a better example! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Nov 30 12:38:13 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA11936 for freebsd-security-outgoing; Mon, 30 Nov 1998 12:38:13 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from anubis.nosc.mil (anubis.nosc.mil [198.253.16.34]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA11927 for ; Mon, 30 Nov 1998 12:38:08 -0800 (PST) (envelope-from swann@anubis.nosc.mil) Received: from localhost (swann@localhost) by anubis.nosc.mil (8.8.7/8.8.7) with SMTP id PAA26219; Mon, 30 Nov 1998 15:31:36 -0500 (EST) Date: Mon, 30 Nov 1998 15:31:36 -0500 (EST) From: David B Swann To: Christoph Kukulies cc: freebsd-security@FreeBSD.ORG Subject: Re: cgi-bin/phf* security hole in apache In-Reply-To: <19981130201745.A12844@gil.physik.rwth-aachen.de> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org It's been awhile since I've played with apache, but it can run as any ID that you desire. I generally set it up to run as an ordinary user and then I don't allow that user to write to ANY of the files on the system, except my counter files and any other file that MUST be writable by the web server (like the output of a form CGI script). Also realize that an ordinary user can gather some important info about the system. The PS command can give an intruder knowledge about the processes on your system. An even the password file can give the user VALID accounts on the system. Luckily, I never saw anyone trying to exploit any of the IDs that were downloaded. I have TCP wrappers and a few other packages that I use to monitor access. __________________________________________________________________________ | Bryan Swann (swann@nosc.mil) 803/566-0086 803/554-0015 (Fax) | | Eagan McAllister Associates, Inc. | | | | "Everything must be working perfectly, cause I don't smell any smoke" | -------------------------------------------------------------------------- On Mon, 30 Nov 1998, Christoph Kukulies wrote: > On Mon, Nov 30, 1998 at 12:46:18PM -0500, David B Swann wrote: > > The phf security hole allowed remote users to execute commands running as > > the same ID as the web server. If your web server runs as root, as many > > systems do, they could execute commands as root on your system. You > > should NEVER run a web server as root, IMHO. > > Well, I was relying on the way it is installed under FreeBSD > and I believe it *is* started as root, though I assume it forks/execs > under uid nobody. At least the 1.3 version of apache. > > > > > I had people from Italy, Russia, and the US download my password file > > using this exploit. They also tried other things like running the ps > > command. I assume they were trying to determine the ID that the web > > server was running. A few other things failed to work, but I only got > > error messages in the log file. I don't know WHAT they actually tried. > > Since I was using shadow password files, I feel safe that they could not > > crack a password. > > > > I've used this exploit to go THROUGH a firewal and download a password > > file from a system. This was at the remote site's request though. > > > -- > Chris Christoph P. U. Kukulies kuku@gil.physik.rwth-aachen.de > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Nov 30 15:27:57 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id PAA02400 for freebsd-security-outgoing; Mon, 30 Nov 1998 15:27:57 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from whistle.com (s205m131.whistle.com [207.76.205.131]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA02378; Mon, 30 Nov 1998 15:27:51 -0800 (PST) (envelope-from archie@whistle.com) Received: (from smap@localhost) by whistle.com (8.7.5/8.6.12) id PAA08052; Mon, 30 Nov 1998 15:26:30 -0800 (PST) Received: from bubba.whistle.com( 207.76.205.7) by whistle.com via smap (V2.0) id xma008044; Mon, 30 Nov 98 15:26:07 -0800 Received: (from archie@localhost) by bubba.whistle.com (8.8.7/8.6.12) id PAA15601; Mon, 30 Nov 1998 15:26:06 -0800 (PST) From: Archie Cobbs Message-Id: <199811302326.PAA15601@bubba.whistle.com> Subject: Re: Deny for spec. MAC-address In-Reply-To: <003a01be19e1$c9f0f3a0$030a0a0a@valeric.sivma.ru> from Sivma at "Nov 27, 98 11:41:42 am" To: info@sivma.ru (Sivma) Date: Mon, 30 Nov 1998 15:26:06 -0800 (PST) Cc: freebsd-security@FreeBSD.ORG, freebsd-net@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL38 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Sivma writes: > I want to deny access for machine with specifed MAC-address. > How can I do it? I don't know of any easy way to do this. The quickest & dirtiest would be a kernel hack. -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Nov 30 16:30:06 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id QAA13266 for freebsd-security-outgoing; Mon, 30 Nov 1998 16:30:06 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from omahpop1.omah.uswest.net (omahpop1.omah.uswest.net [204.26.64.1]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id QAA13158 for ; Mon, 30 Nov 1998 16:29:58 -0800 (PST) (envelope-from opsys@open-systems.net) Received: (qmail 11322 invoked by alias); 1 Dec 1998 00:29:45 -0000 Delivered-To: fixup-freebsd-security@freebsd.org@fixme Received: (qmail 11311 invoked by uid 0); 1 Dec 1998 00:29:43 -0000 Received: from dialupe196.ne.uswest.net (HELO pinkfloyd.open-systems.net) (209.180.99.196) by omahpop1.omah.uswest.net with SMTP; 1 Dec 1998 00:29:43 -0000 Date: Mon, 30 Nov 1998 18:29:45 -0600 (CST) From: "Open Systems Inc." To: freebsd-security@FreeBSD.ORG Subject: chflags sappnd and secure level 3 question... Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Ok apparently I dont quite grawk what the problem is here. I have a firewall box running secure level 3. With ALL the log files in /var/log/* set with sappnd. But newsyslog keeps spitting out: From: root (Cron Daemon) To: root Subject: Cron /usr/sbin/newsyslog X-Cron-Env: X-Cron-Env: X-Cron-Env: X-Cron-Env: X-Cron-Env: Status: RO newsyslog: can't start new log: Operation not permitted I thought sappnd would allow root to append files. Do I have that part right? newsyslog cant rotate the logs. Does the /var/log dir need to be set sappnd itself? I guess ill go try that. Thanks, Chris "If you aim the gun at your foot and pull the trigger, it's UNIX's job to ensure reliable delivery of the bullet to where you aimed the gun (in this case, Mr. Foot)." -- Terry Lambert, FreeBSD-Hackers mailing list. ===================================| Open Systems FreeBSD Consulting. FreeBSD 2.2.7 is available now! | Phone: 402-573-9124 -----------------------------------| 3335 N. 103 Plaza #14, Omaha, NE 68134 FreeBSD: The power to serve! | E-Mail: opsys@open-systems.net http://www.freebsd.org | Consulting, Network Engineering, Security ===================================| http://open-systems.net -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQENAzPemUsAAAEH/06iF0BU8pMtdLJrxp/lLk3vg9QJCHajsd25gYtR8X1Px1Te gWU0C4EwMh4seDIgK9bzFmjjlZOEgS9zEgia28xDgeluQjuuMyUFJ58MzRlC2ONC foYIZsFyIqdjEOCBdfhH5bmgB5/+L5bjDK6lNdqD8OAhtC4Xnc1UxAKq3oUgVD/Z d5UJXU2xm+f08WwGZIUcbGcaonRC/6Z/5o8YpLVBpcFeLtKW5WwGhEMxl9WDZ3Kb NZH6bx15WiB2Q/gZQib3ZXhe1xEgRP+p6BnvF364I/To9kMduHpJKU97PH3dU7Mv CXk2NG3rtOgLTEwLyvtBPqLnbx35E0JnZc0k5YkABRO0JU9wZW4gU3lzdGVtcyA8 b3BzeXNAb3Blbi1zeXN0ZW1zLm5ldD4= =BBjp -----END PGP PUBLIC KEY BLOCK----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Nov 30 17:28:47 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id RAA21761 for freebsd-security-outgoing; Mon, 30 Nov 1998 17:28:47 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from fledge.watson.org (FLEDGE.RES.CMU.EDU [128.2.93.229]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id RAA21731 for ; Mon, 30 Nov 1998 17:28:42 -0800 (PST) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.8.8/8.8.8) with SMTP id UAA19678; Mon, 30 Nov 1998 20:28:08 -0500 (EST) Date: Mon, 30 Nov 1998 20:28:08 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: "Open Systems Inc." cc: freebsd-security@FreeBSD.ORG Subject: Re: chflags sappnd and secure level 3 question... In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 30 Nov 1998, Open Systems Inc. wrote: > Ok apparently I dont quite grawk what the problem is here. > I have a firewall box running secure level 3. > With ALL the log files in /var/log/* set with sappnd. > But newsyslog keeps spitting out: > > From: root (Cron Daemon) > To: root > Subject: Cron /usr/sbin/newsyslog > X-Cron-Env: > X-Cron-Env: > X-Cron-Env: > X-Cron-Env: > X-Cron-Env: > Status: RO > > newsyslog: can't start new log: Operation not permitted > > I thought sappnd would allow root to append files. Do I have that part > right? > > newsyslog cant rotate the logs. Does the /var/log dir need to be set > sappnd itself? > > I guess ill go try that. The 'rotate log' behavior consists (I assume) of the following: 1. Delete the oldest log if desired 2. Rename old logs to bump up their count 3. Rename current log to an old log name (optionally compress and so on) 4. Create a new log file with the appropriate permissions, etc, and write out a restart line. 5. Send a -HUP to syslogd so it opens the new log files Depending on the flags on the directory, etc, this is not going to be so happy in a high secure level. I suspect that there is no reasonable way to manage log rotation in a high secure level, and as a result it is probably desirable to rotate the logs at boot but not otherwise. Either that, or use remote logging. I'm not sure I see a way that has local log rotation occuring once the securelevel is raised -- otherwise I could just rename the logs to something innocuous (like /usr/sbin/somereasonablelookingbinaryname) and create my own files there with whatever contents I like. This is logically fairly similar to being able to modify the logs. Robert N Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: 03 01 DD 8E 15 67 48 73 25 6D 10 FC EC 68 C1 1C Carnegie Mellon University http://www.cmu.edu/ TIS Labs at Network Associates, Inc. http://www.tis.com/ SafePort Network Services http://www.safeport.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Nov 30 21:51:59 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id VAA16488 for freebsd-security-outgoing; Mon, 30 Nov 1998 21:51:59 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from apollo.backplane.com (apollo.backplane.com [209.157.86.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id VAA16471; Mon, 30 Nov 1998 21:51:56 -0800 (PST) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.9.1/8.9.1) id VAA02953; Mon, 30 Nov 1998 21:51:45 -0800 (PST) (envelope-from dillon) Date: Mon, 30 Nov 1998 21:51:45 -0800 (PST) From: Matthew Dillon Message-Id: <199812010551.VAA02953@apollo.backplane.com> To: freebsd-current@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: kmem, tty, bind security enhancements commit. Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Now that everyone is backfrom thanksgiving and 2.2.8 is out the door, I'd like to commit the following changes to -current. These are as previously discussed and the changes have also been running on most of BEST's machines for a couple of weeks now so I'd like to commit them. I'd like someone to sign off on the concept. Eivind? Bruce? Jordan? (1) Add a 'kmem' and 'tty' dummy user to master.passwd. adjust inetd.conf to run identd and ntalkd using the new dummy user's to sandbox the kmem and tty group rights required. This also involves removing the getuid() test in talkd.c (2) Add a 'bind' user and a 'bind' group to master.passwd Use bind-8's -u and -g features to run named as bind:bind in the default rc.conf: named_flags="-u bind -g bind" (Or find a way to figure out whether this uid/gid exists and use the options or not use the options based on that, which is more compatible with prior installations but adds complexity that will quickly become stale. I suggest simply making it the default in the CVS tree). Cavet: in a multi-interface situation, with an interface that is brought up later, and so forth, named will not be able to automatically rebind and must be restarted. (Also ensure that named.conf is either group-bind-readable or world readable). However, I consider this a major, major improvement in security. I think it's worth the hassle and the vast majority of installations are not complex enough for it to matter. Those that are typically run a custom bind configuration anyway. USER and GROUP ID's I suggest: uid 4 for user 'tty' uid 5 for user 'kmem' (group kmem is uid 2, but the operator user already uses that user id so lets use uid 5, which is the operator group, for kmem). uid 53 for user bind, uid 53 for group bind Matthew Dillon Engineering, HiWay Technologies, Inc. & BEST Internet Communications & God knows what else. (Please include original email in any response) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Dec 1 06:19:30 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id GAA02255 for freebsd-security-outgoing; Tue, 1 Dec 1998 06:19:30 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from unix1.it-datacntr.louisville.edu (unix1.it-datacntr.louisville.edu [136.165.4.27]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA02246 for ; Tue, 1 Dec 1998 06:19:26 -0800 (PST) (envelope-from k.stevenson@louisville.edu) Received: from homer.louisville.edu (ktstev01@homer.louisville.edu [136.165.1.20]) by unix1.it-datacntr.louisville.edu (8.8.8/8.8.7) with ESMTP id JAA36124; Tue, 1 Dec 1998 09:19:11 -0500 Received: (from ktstev01@localhost) by homer.louisville.edu (8.8.8/8.8.8) id JAA11807; Tue, 1 Dec 1998 09:19:10 -0500 (EST) Message-ID: <19981201091910.A2864@homer.louisville.edu> Date: Tue, 1 Dec 1998 09:19:10 -0500 From: Keith Stevenson To: "Open Systems Inc." Cc: freebsd-security@FreeBSD.ORG Subject: Re: chflags sappnd and secure level 3 question... References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.2i In-Reply-To: ; from Open Systems Inc. on Mon, Nov 30, 1998 at 06:29:45PM -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, Nov 30, 1998 at 06:29:45PM -0600, Open Systems Inc. wrote: > > Ok apparently I dont quite grawk what the problem is here. > I have a firewall box running secure level 3. > With ALL the log files in /var/log/* set with sappnd. > But newsyslog keeps spitting out: > > newsyslog: can't start new log: Operation not permitted > > I thought sappnd would allow root to append files. Do I have that part > right? True, sappnd will allow root (or any other user with sufficient permission) to _append_ to a file. Newsyslog, however, doesn't append. A quick reading of the newsyslog source (/usr/src/usr.sbin/newsyslog/newsyslog.c on my system) shows that newsyslog actually does a rename(2) on the file as it rotates the file. Since this syscall modifies the file's inode, it is forbidden at high securelevels. If you want newsyslog to be able to rotate the log files in a high security environment you will need to use the uappnd flag. This will prevent non-root processes from doing anything other than appending to the file. Root can do whatever root wants. This is probably not a good solution for a firewall, since it effectively negates most of the security benefits of running at the high securelevel. In my environment, I have the luxury of a regularly scheduled downtime period. (It's bad for the uptime statistics, but wonderful for getting work done!) During these scheduled downtime periods, I take the servers to single user mode and run a script which removes the sappnd flags, runs newsyslog, and then replaces the sappnd flags. (I've removed newsylog from my crontab.) Regards, --Keith Stevenson-- -- Keith Stevenson System Programmer - Data Center Services - University of Louisville k.stevenson@louisville.edu PGP key fingerprint = 4B 29 A8 95 A8 82 EA A2 29 CE 68 DE FC EE B6 A0 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Dec 1 10:13:55 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA26587 for freebsd-security-outgoing; Tue, 1 Dec 1998 10:13:55 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from carp.gbr.epa.gov (carp.gbr.epa.gov [204.46.159.110]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA26580 for ; Tue, 1 Dec 1998 10:13:52 -0800 (PST) (envelope-from mjenkins@carp.gbr.epa.gov) Received: (from mjenkins@localhost) by carp.gbr.epa.gov (8.8.8/8.8.8) id MAA09897; Tue, 1 Dec 1998 12:13:38 -0600 (CST) (envelope-from mjenkins) Date: Tue, 1 Dec 1998 12:13:38 -0600 (CST) From: Mike Jenkins Message-Id: <199812011813.MAA09897@carp.gbr.epa.gov> To: k.stevenson@louisville.edu, opsys@open-systems.net Subject: Re: chflags sappnd and secure level 3 question... Cc: freebsd-security@FreeBSD.ORG In-Reply-To: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 1 Dec 1998 Keith Stevenson wrote: > True, sappnd will allow root (or any other user with sufficient permission) to > _append_ to a file. Newsyslog, however, doesn't append. A quick reading of > the newsyslog source (/usr/src/usr.sbin/newsyslog/newsyslog.c on my system) > shows that newsyslog actually does a rename(2) on the file as it rotates the > file. Since this syscall modifies the file's inode, it is forbidden at high > securelevels. Hmm. I think it has less to do with the security level [see init(8)] and more to do with having the appnd flag set. For example: % sysctl kern.securelevel kern.securelevel: -1 % touch junk % chflags uappnd junk % mv junk j2 mv: rename junk to j2: Operation not permitted % touch junk touch: junk: Operation not permitted % rm junk override rw-r--r-- mjenkins/mjenkins uappnd for junk? y rm: junk: Operation not permitted % chflags nouappnd junk % mv junk j2 % rm j2 On Mon, 30 Nov 1998 "Open Systems Inc." wrote: > newsyslog: can't start new log: Operation not permitted > > I thought sappnd would allow root to append files. Do I have that part > right? > > newsyslog cant rotate the logs. Does the /var/log dir need to be set > sappnd itself? Since system immutable and system append-only flags may not be turned off in secure levels, you'll have to rotate your logs in single-user mode after turning off the append-only flag as Keith suggests. Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Dec 1 10:50:57 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA01359 for freebsd-security-outgoing; Tue, 1 Dec 1998 10:50:57 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from ns1.yes.no (ns1.yes.no [195.204.136.10]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA01334; Tue, 1 Dec 1998 10:50:50 -0800 (PST) (envelope-from eivind@bitbox.follo.net) Received: from bitbox.follo.net (bitbox.follo.net [195.204.143.218]) by ns1.yes.no (8.9.1a/8.9.1) with ESMTP id TAA05736; Tue, 1 Dec 1998 19:50:30 +0100 (CET) Received: (from eivind@localhost) by bitbox.follo.net (8.8.8/8.8.6) id TAA22081; Tue, 1 Dec 1998 19:50:29 +0100 (MET) Message-ID: <19981201195028.A21015@follo.net> Date: Tue, 1 Dec 1998 19:50:28 +0100 From: Eivind Eklund To: Matthew Dillon , freebsd-current@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: kmem, tty, bind security enhancements commit. References: <199812010551.VAA02953@apollo.backplane.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.2i In-Reply-To: <199812010551.VAA02953@apollo.backplane.com>; from Matthew Dillon on Mon, Nov 30, 1998 at 09:51:45PM -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, Nov 30, 1998 at 09:51:45PM -0800, Matthew Dillon wrote: > Now that everyone is backfrom thanksgiving and 2.2.8 is out the > door, I'd like to commit the following changes to -current. These > are as previously discussed and the changes have also been running > on most of BEST's machines for a couple of weeks now so I'd like > to commit them. > > I'd like someone to sign off on the concept. Eivind? Bruce? Jordan? [on running identd as kmem, ntalkd as tty, and bind as bind/bind] Sounds good to me, as long as it does not require changes to existing installations (which I couldn't see it needing from your description). I'm somewhat surprised at the getuid() test in ntalkd being there at all - it seems like this should have been done with permissions instead of getuid(), and shouldn't be needed anyway. However, I don't have the SCCS repository (yet), so I can't see why it was introduced - it has been there (in slightly changing incarnation) since 4.4 lite. Your user/group suggestion looks good - too bad operator is screwed up. Eivind. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Dec 1 11:10:50 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA04258 for freebsd-security-outgoing; Tue, 1 Dec 1998 11:10:50 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from bcnfwdmzn.boehringer-ingelheim.es (bcnfwdmzn.boehringer-ingelheim.es [195.77.47.2]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id LAA04248 for ; Tue, 1 Dec 1998 11:10:45 -0800 (PST) (envelope-from webmaster@healthnet-sl.es) Received: from portal.boehringer-ingelheim.es by bcnfwdmzn.boehringer-ingelheim.es via smtpd (for hub.FreeBSD.ORG [204.216.27.18]) with SMTP; 1 Dec 1998 19:44:52 UT Received: from bcnfwpubn.boehringer-ingelheim.es (i97.boehringer-ingelheim.es [195.77.47.97]) by portal.boehringer-ingelheim.es (8.8.8/8.8.8) with SMTP id UAA06327 for ; Tue, 1 Dec 1998 20:10:30 +0100 (CET) Message-ID: <36643E77.7B682BB9@healthnet-sl.es> Received: from i97.boehringer-ingelheim.es ([195.77.47.97]) by bcnfwpubn.boehringer-ingelheim.es via smtpd (for portal.boehringer-ingelheim.es [195.77.47.34]) with SMTP; 1 Dec 1998 19:44:48 UT Date: Tue, 01 Dec 1998 20:07:35 +0100 From: Carlos Amengual X-Mailer: Mozilla 4.03 [es] (WinNT; I) MIME-Version: 1.0 To: freebsd-security@FreeBSD.ORG Subject: Weird adduser behavior ? Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Last saturday, the "daily run output" script showed the results of my addition of a new user to the password file (let's call him "newuser") using the adduser script, but I was surprised with this replacement in the group file: < beginners:*:1005:user_a,user_b > beginners:*:user_a,user_b: ... > newuser:*:1015:newuser The new "newuser" group was expected because I chose that when executing adduser, but I did not touch the group file so I understand that the other change (that gave GID zero to "beginners" group -a simulated name for the actual group-, obviously a group for non-privileged users) was made by the adduser script. Anyone else has observed such behavior with adduser ? Carlos Amengual Healthnet SL To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Dec 1 12:58:10 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA15529 for freebsd-security-outgoing; Tue, 1 Dec 1998 12:58:10 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from apollo.backplane.com (apollo.backplane.com [209.157.86.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA15510; Tue, 1 Dec 1998 12:58:07 -0800 (PST) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.9.1/8.9.1) id MAA10204; Tue, 1 Dec 1998 12:57:43 -0800 (PST) (envelope-from dillon) Date: Tue, 1 Dec 1998 12:57:43 -0800 (PST) From: Matthew Dillon Message-Id: <199812012057.MAA10204@apollo.backplane.com> To: Eivind Eklund Cc: freebsd-current@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: kmem, tty, bind security enhancements commit. References: <199812010551.VAA02953@apollo.backplane.com> <19981201195028.A21015@follo.net> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org :> Now that everyone is backfrom thanksgiving and 2.2.8 is out the :> door, I'd like to commit the following changes to -current. These :> are as previously discussed and the changes have also been running :> on most of BEST's machines for a couple of weeks now so I'd like :> to commit them. :> :> I'd like someone to sign off on the concept. Eivind? Bruce? Jordan? : :[on running identd as kmem, ntalkd as tty, and bind as bind/bind] : :Sounds good to me, as long as it does not require changes to existing :installations (which I couldn't see it needing from your description). I'm :somewhat surprised at the getuid() test in ntalkd being there at all - it :... Excellent. I'll commit it in. I don't expect it will have any effect on pre-existing systems since most people customize their passwd/group/inetd.conf files rather then sync them from /usr/src/etc -Matt :Eivind. :To Unsubscribe: send mail to majordomo@FreeBSD.org :with "unsubscribe freebsd-security" in the body of the message Matthew Dillon Engineering, HiWay Technologies, Inc. & BEST Internet Communications & God knows what else. (Please include original email in any response) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Dec 1 13:43:48 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id NAA20573 for freebsd-security-outgoing; Tue, 1 Dec 1998 13:43:48 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from apollo.backplane.com (apollo.backplane.com [209.157.86.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA20554; Tue, 1 Dec 1998 13:43:45 -0800 (PST) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.9.1/8.9.1) id NAA10640; Tue, 1 Dec 1998 13:43:33 -0800 (PST) (envelope-from dillon) Date: Tue, 1 Dec 1998 13:43:33 -0800 (PST) From: Matthew Dillon Message-Id: <199812012143.NAA10640@apollo.backplane.com> To: freebsd-current@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: kmem, tty, bind security enhancements commit. Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I've committed the kmem, tty, and bind sandboxes. This is inclusive of changing rc.conf to run bind in the sandbox which could be somewhat controversial but, I think, necessary. I accidently created a /usr/src/etc/namedb/s directory and cvs add'd it, then realized that it shouldn't be in the source tree (mtree handles creating it in production). I've cvs deleted it but it will not commit the deletion to the server. i.e. 'cvs commit' thinks there is nothing to do. Very odd. I'd appreciate it if a cvs god looked at that! Added bonus: comsat can also be run in the tty sandbox, and it is enabled by default so that's good! Thanks, -Matt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Dec 1 15:48:23 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id PAA05578 for freebsd-security-outgoing; Tue, 1 Dec 1998 15:48:23 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from smtp.interlog.com (smtp.interlog.com [207.34.202.37]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA05573 for ; Tue, 1 Dec 1998 15:48:22 -0800 (PST) (envelope-from paulg@interlog.com) Received: from shell1.interlog.com (paulg@shell1.interlog.com [207.34.202.8]) by smtp.interlog.com (8.9.1/8.9.1) with SMTP id SAA24658 for ; Tue, 1 Dec 1998 18:48:06 -0500 (EST) Date: Tue, 1 Dec 1998 18:48:09 -0500 (EST) From: Paul Griffith To: freebsd-security@FreeBSD.ORG Subject: OpenBSD vs FreeBSD Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Can anyone pointme a URL that compares OpenBSD and FreeBSD. I am looking at setting a IP packet filter this weekend when I get my cable modem installed. I plan use a deny be default stance, and just allow in : FTP, DNS, SMTP, and WWW - maybe SSH in the future. Everthing else get locked down. Paul Griffith <> paulg@interlog.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Dec 1 16:25:44 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id QAA11888 for freebsd-security-outgoing; Tue, 1 Dec 1998 16:25:44 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from shell6.ba.best.com (shell6.ba.best.com [206.184.139.137]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA11881 for ; Tue, 1 Dec 1998 16:25:43 -0800 (PST) (envelope-from jkb@shell6.ba.best.com) Received: (from jkb@localhost) by shell6.ba.best.com (8.9.0/8.9.0/best.sh) id QAA12990; Tue, 1 Dec 1998 16:24:50 -0800 (PST) Message-ID: <19981201162450.C10475@best.com> Date: Tue, 1 Dec 1998 16:24:50 -0800 From: "Jan B. Koum " To: Paul Griffith , freebsd-security@FreeBSD.ORG Subject: Re: OpenBSD vs FreeBSD References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.2i In-Reply-To: ; from Paul Griffith on Tue, Dec 01, 1998 at 06:48:09PM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, Dec 01, 1998 at 06:48:09PM -0500, Paul Griffith wrote: > > Can anyone pointme a URL that compares OpenBSD and FreeBSD. I am looking > at setting a IP packet filter this weekend when I get my cable modem > installed. I plan use a deny be default stance, and just allow in : FTP, > DNS, SMTP, and WWW - maybe SSH in the future. Everthing else get locked > down. > > > Paul Griffith <> paulg@interlog.com > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message IP packet filter in both FreeBSD 3.0 and OpenBSD would be done using the same software: IP filter written by Darren Reed. FreeBSD 2.2 also has ipfw (in addition to ipf) - ip packet filter which has been in FreeBSD for a while now. Off topic: your subject line is very inappropriate for this forum. I hope this thread will not turn into yet another flame war or some such. Do you really expect people here, on this list to say "Use OpenBSD" or "Use Linux" or etc? -- Yan I don't have the password .... + Jan Koum But the path is chainlinked .. | Spelled Jan, pronounced Yan. There. So if you've got the time .... | Web: http://www.best.com/~jkb Set the tone to sync ......... + OS: http://www.FreeBSD.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Dec 2 05:19:39 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id FAA20060 for freebsd-security-outgoing; Wed, 2 Dec 1998 05:19:39 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from megaweapon.zigg.com (megaweapon.zigg.com [206.114.60.8]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id FAA19928; Wed, 2 Dec 1998 05:19:35 -0800 (PST) (envelope-from matt@zigg.com) Received: from localhost (matt@localhost) by megaweapon.zigg.com (8.8.8/8.8.8) with ESMTP id IAA23868; Wed, 2 Dec 1998 08:19:08 -0500 (EST) (envelope-from matt@zigg.com) Date: Wed, 2 Dec 1998 08:19:08 -0500 (EST) From: Matt Behrens To: Matthew Dillon cc: freebsd-current@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: kmem, tty, bind security enhancements commit In-Reply-To: <199812012143.NAA10640@apollo.backplane.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 1 Dec 1998, Matthew Dillon wrote: : I accidently created a /usr/src/etc/namedb/s directory and cvs add'd : it, then realized that it shouldn't be in the source tree (mtree handles : creating it in production). I've cvs deleted it but it will not commit : the deletion to the server. i.e. 'cvs commit' thinks there is nothing : to do. Very odd. I'd appreciate it if a cvs god looked at that! directory adds and commits, AFAIK, do not need to be committed. Then again, our CVS server at work (running Linux, blech) has a few phantom directories that I had to just remove from the box directly. :) Matt Behrens | If only I could learn Japanese and get my Servant of Karen Behrens | hands on all 200 Sailor Moon episodes and Engineer, Nameless IRC Network | all the movies, I think my life would I eat Penguins for breakfast. | finally be complete. . . . . . . . . . . To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Dec 2 06:48:55 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id GAA29773 for freebsd-security-outgoing; Wed, 2 Dec 1998 06:48:55 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from obie.softweyr.com ([204.68.178.33]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA29768 for ; Wed, 2 Dec 1998 06:48:52 -0800 (PST) (envelope-from wes@softweyr.com) Received: from softweyr.com (zaphod.softweyr.com [204.68.178.35]) by obie.softweyr.com (8.8.8/8.8.8) with ESMTP id HAA22269; Wed, 2 Dec 1998 07:52:06 -0700 (MST) (envelope-from wes@softweyr.com) Message-ID: <36655402.179B7941@softweyr.com> Date: Wed, 02 Dec 1998 07:51:46 -0700 From: Wes Peters Organization: Softweyr llc X-Mailer: Mozilla 4.5 [en] (X11; U; FreeBSD 3.0-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: "Jan B. Koum" CC: Paul Griffith , freebsd-security@FreeBSD.ORG Subject: System recommendations (was Re: OpenBSD vs FreeBSD) References: <19981201162450.C10475@best.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org "Jan B. Koum" wrote: > > Off topic: your subject line is very inappropriate for Thank you for pointing this out. A more appropriate subject might have been "FreeBSD/OpenBSD comparison" or something of that nature. Let's not setup a fight where one isn't wanted. > this forum. I hope this thread will not turn into > yet another flame war or some such. I think (hope) we've moved beyond that, pretty much. > Do you really expect people here, on this list to say > "Use OpenBSD" or "Use Linux" or etc? Well, the former much more likely than the latter. For instance, if Paul had mentioned he needed to run this on a Mac or a SPARC, I think most here would've been happy to point out OpenBSD would meet his needs quite well. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC http://www.softweyr.com/~softweyr wes@softweyr.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Dec 2 22:16:03 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id WAA04475 for freebsd-security-outgoing; Wed, 2 Dec 1998 22:16:03 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from burka.rdy.com (burka.rdy.com [205.149.163.30]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id WAA04434 for ; Wed, 2 Dec 1998 22:16:00 -0800 (PST) (envelope-from dima@burka.rdy.com) Received: (from dima@localhost) by burka.rdy.com (8.9.1/RDY&DVV) id WAA02265 for security@freebsd.org; Wed, 2 Dec 1998 22:15:47 -0800 (PST) Message-Id: <199812030615.WAA02265@burka.rdy.com> Subject: mail.local To: security@FreeBSD.ORG Date: Wed, 2 Dec 1998 22:15:47 -0800 (PST) X-Class: Fast Organization: HackerDome Reply-To: dima@best.net From: dima@best.net (Dima Ruban) X-Mailer: ELM [version 2.4ME+ PL43 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hey guys! Could somebody remind me of outcome of removing suid bit from mail.local discussion? -- dima To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Dec 3 08:44:41 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id IAA24877 for freebsd-security-outgoing; Thu, 3 Dec 1998 08:44:41 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from cc181716-a.hwrd1.md.home.com (cc181716-a.hwrd1.md.home.com [24.3.18.63]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA24872 for ; Thu, 3 Dec 1998 08:44:39 -0800 (PST) (envelope-from woodford@cc181716-a.hwrd1.md.home.com) Received: from localhost (woodford@localhost) by cc181716-a.hwrd1.md.home.com (8.9.1a/8.9.1a) with SMTP id LAA07735 for ; Thu, 3 Dec 1998 11:52:26 -0500 Date: Thu, 3 Dec 1998 11:52:25 -0500 (EST) From: Bill Woodford To: ML FreeBSD Security Subject: Re: mail.local In-Reply-To: <199812030615.WAA02265@burka.rdy.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 2 Dec 1998, Dima Ruban wrote: | Could somebody remind me of outcome of removing suid bit from mail.local | discussion? Hmmm, if you remove it, I believe local mail delivery will cease due to permission problems. -- Bill Woodford * woodford@cc181716-a.hwrd1.md.home.com * ICQ:14076169 Volunteer Coordinator, Otakon 99: Convention of Otaku Generation "Windows Multitasking: Messing up several things at once." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Dec 3 09:45:21 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA00763 for freebsd-security-outgoing; Thu, 3 Dec 1998 09:45:21 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from fledge.watson.org (FLEDGE.RES.CMU.EDU [128.2.93.229]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA00660 for ; Thu, 3 Dec 1998 09:44:14 -0800 (PST) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.8.8/8.8.8) with SMTP id MAA12863; Thu, 3 Dec 1998 12:36:37 -0500 (EST) Date: Thu, 3 Dec 1998 12:36:36 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: Bill Woodford cc: ML FreeBSD Security Subject: Re: mail.local In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 3 Dec 1998, Bill Woodford wrote: > | Could somebody remind me of outcome of removing suid bit from mail.local > | discussion? > > Hmmm, if you remove it, I believe local mail delivery will cease due to > permission problems. That is my memory of the conclusions, at least when sendmail is not executing mail.local. If sendmail is executing it (and sendmail is running as root) then I think it does behave correctly, at least when sendmail is running as a daemon. I'm not sure if it behaves correctly when sendmail is running setuid from a normal user account as invoked by, say, pine. My feeling is more and more that we should be using protocols such as IMAP for mail access rather than try to fit everything into the context of file system permissions, as that requires us to come up with warped program behavior (such as making more things setuid than actually need to be :). It might be interesting to rewrite an imap daemon to use UNIX daemon sockets and ephemeral credential information to authenticate the user, and similarly have a local SMTP-style domain socket also using ephemeral data for authentication. BSD (and other Unices also) provide us with a lot of tools to make life easier than we actually take advantage of :). Robert N Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: 03 01 DD 8E 15 67 48 73 25 6D 10 FC EC 68 C1 1C Carnegie Mellon University http://www.cmu.edu/ TIS Labs at Network Associates, Inc. http://www.tis.com/ SafePort Network Services http://www.safeport.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Dec 3 10:21:21 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA04142 for freebsd-security-outgoing; Thu, 3 Dec 1998 10:21:21 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from tgn2.tgn.net (tgn2.tgn.net [205.241.85.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA04135 for ; Thu, 3 Dec 1998 10:21:19 -0800 (PST) (envelope-from butlermd@tgn.net) Received: from dial64.brazoria.tgn.net (dial64.brazoria.tgn.net [207.43.27.94]) by tgn2.tgn.net (8.8.5/8.8.8) with SMTP id MAA05391 for ; Thu, 3 Dec 1998 12:21:01 -0600 (CST) From: butlermd@tgn.net (Michael Butler) To: security@FreeBSD.ORG Subject: Syslog.conf setup... Date: Thu, 03 Dec 1998 12:20:27 -0600 Organization: Texas GulfNet Reply-To: butlermd@tgn.net Message-ID: <366bd20f.60547965@mail.tgn.net> X-Mailer: Forte Agent 1.5/32.451 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by hub.freebsd.org id KAA04136 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Howdy, Reading the man pages and poking at the www and experimenting leaves me still confused on *just how* I can configure my syslog to separate logs by function. They grow at different rates and I want to use newsyslog (no man page tho I have a newsyslog.cf in /etc) to manage them. I want to de-complicate my messages file. Most often I watch my logs looking at either mail, ftp, popper, or whatever so I figger this way I can filter some of the noise... wish I could tail selected multiple files too... grumble grumble I see references to entries like this with the !program but don't see the difference from: ftp.* /var/log/ftpd -- and # Save ftpd transactions along with mail and news !ftpd *.* /var/log/spoolerr -- except for the log file name >From # man syslog.conf: "...blocks of lines separated by program specifications, with each line containing two fields: the selector field which specifies the types of messages and priorities..." ....hmmmm looking again, there's a difference between *facility* and *program* and the names ftp vs ftpd are expained. Still... it ain't logging what I expect it to. Any ideas on aq&d look at my file would be appreciated. ------------------- # cat /etc/syslog.conf # level ordered list (higher to lower): # emerg, alert, crit, err, warning, notice and debug *.err;kern.debug;auth.notice;mail.crit /dev/console *.warning;kern.debug;lpr,auth.info;mail.none /var/log/messages auth.*,authpriv.* /var/log/authlog ftp.* /var/log/ftpd finger.* /var/log/fingerd mail.*,popper.none /var/log/maillog popper.* /var/log/popper lpr.* /var/log/lpd cron.* /var/log/cron telnet.* /var/log/telnet *.emerg * #*.err * #*.alert * #*.notice;auth.debug * # # Entered 10/12/95 # local6.debug /home1/xyplex/local6.msg !startslip *.* /var/log/slip.log #+@+@+@+@+@++ # Save ftpd transactions along with mail and news #!ftpd #*.* /var/log/spoolerr TIA ____________________________________________________________ Michael Butler, Texas GulfNet, | www.tgn.net 908 South Brooks, PO Box 2089 | Brazoria, TX 77422-2089 | Voice 409-798-NETT Part of the Pointecom International| FAX 409-798-6398 Network and the Global Internet | To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Dec 3 10:45:41 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA06818 for freebsd-security-outgoing; Thu, 3 Dec 1998 10:45:41 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from rembrandt.esys.ca (rembrandt.esys.ca [198.161.92.18]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA06813 for ; Thu, 3 Dec 1998 10:45:39 -0800 (PST) (envelope-from lyndon@execmail.com) Received: from execmail.com (zappa.esys.ca [198.161.92.28]) by rembrandt.esys.ca (2.0.4/SMS 2.0.4) with ESMTP id LAA14212; Thu, 3 Dec 1998 11:44:49 -0700 Message-Id: <199812031844.LAA14212@rembrandt.esys.ca> Date: Thu, 3 Dec 1998 11:44:46 -0700 From: Lyndon Nerenberg Subject: Re: mail.local To: robert+freebsd@cyrus.watson.org cc: robert@cyrus.watson.org, woodford@cc181716-a.hwrd1.md.home.com, security@FreeBSD.ORG In-Reply-To: MIME-Version: 1.0 Content-Type: TEXT/plain; CHARSET=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 3 Dec, Robert Watson wrote: > It might be interesting to rewrite an imap daemon to use > UNIX daemon sockets and ephemeral credential information to authenticate > the user, and similarly have a local SMTP-style domain socket also using > ephemeral data for authentication. I'm not sure that's necessary (or wanted). If the mail clients talk to the IMAP server by doing a fork/exec of imapd, and uses pipes to communicate with it, you can always use pre-authentication based on the real uid that imapd was execed as. The U of Washington server already supports this. Not that I'm a big fan of pre-authentication. You still have to support communication with remote servers no matter what, so you have to have the code to handle AUTHENTICATE. If you want cached credentials, use Kerberos. (This is how we run our email in-house.) And you're now saying "but Kerberos is a pain to administer." As it's deployed, I agree. That argument vanishes if someone writes a user-friendly administration front-end to Kerberos to hand-hold a site through the intial setup of the Kerberos environment. Make that part easy, and lots of people will start using it. (And the recent PAM work will make the use of Kerberos much more attractive.) The other part of the equation is the rewrite of the existing mail client (/usr/bin/Mail) to speak IMAP. I don't see that being a really big problem. (Usenet already proved this in the filesystem newsstore to NNTP migration.) A couple of times now I've actually started on adding IMAP to /usr/bin/Mail, however because I develop commercial IMAP software for a living, I wouldn't be able to release the source freely (the "tainted code" problem). This shouldn't prevent someone with a good understanding of how the c-client library works from doing the work, though. -- Finger lyndon@execmail.com for PGP key. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Dec 3 11:09:13 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA09315 for freebsd-security-outgoing; Thu, 3 Dec 1998 11:09:13 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from cafe.affinity-systems.ab.ca (cafe.affinity-systems.ab.ca [207.229.6.99]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA09310 for ; Thu, 3 Dec 1998 11:09:08 -0800 (PST) (envelope-from jbourne@cafe.affinity-systems.ab.ca) Received: (from jbourne@localhost) by cafe.affinity-systems.ab.ca (8.9.1a/8.9.1/asi-redhat) id MAA20486; Thu, 3 Dec 1998 12:08:30 -0700 Date: Thu, 3 Dec 1998 12:08:28 -0700 (MST) From: Jim Bourne To: Bill Woodford cc: ML FreeBSD Security Subject: Re: mail.local In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 3 Dec 1998, Bill Woodford wrote: > > On Wed, 2 Dec 1998, Dima Ruban wrote: > | Could somebody remind me of outcome of removing suid bit from mail.local > | discussion? > > Hmmm, if you remove it, I believe local mail delivery will cease due to > permission problems. If you remove the suid bit from mail.local, it cannot seteuid to the user which it is delivering mail as. Say your sendmail runs as user mail group mail, it exec's mail.local and feeds mail.local the text in question, mail.local then does a seteuid to the user the mail is being delivered to and then revokes all other root privledges and opens, writes, and closes the mail spool file. umm, IIRC that is... But then again, I use procmail anyways. it's much nicer having my mail filtered via procmail then all dumped in my spool file :) Regards, Jim > > -- > Bill Woodford * woodford@cc181716-a.hwrd1.md.home.com * ICQ:14076169 > Volunteer Coordinator, Otakon 99: Convention of Otaku Generation > "Windows Multitasking: Messing up several things at once." > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > -- James Bourne | Email:jbourne@affinity-systems.ab.ca Affinity Systems Inc. | WWW:http://www.affinty-systems.ab.ca Everything Unix | Linux-The choice of a GNU generation ---------------------------------------------------------------------- Unix System Administration, System programming, Network Administration To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Dec 3 12:09:05 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA15643 for freebsd-security-outgoing; Thu, 3 Dec 1998 12:09:05 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from rembrandt.esys.ca (rembrandt.esys.ca [198.161.92.18]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA15638 for ; Thu, 3 Dec 1998 12:09:03 -0800 (PST) (envelope-from lyndon@execmail.com) Received: from execmail.com (zappa.esys.ca [198.161.92.28]) by rembrandt.esys.ca (2.0.4/SMS 2.0.4) with ESMTP id NAA18594; Thu, 3 Dec 1998 13:08:36 -0700 Message-Id: <199812032008.NAA18594@rembrandt.esys.ca> Date: Thu, 3 Dec 1998 13:08:33 -0700 From: Lyndon Nerenberg Subject: Re: mail.local To: jbourne@affinity-systems.ab.ca cc: woodford@cc181716-a.hwrd1.md.home.com, security@FreeBSD.ORG In-Reply-To: MIME-Version: 1.0 Content-Type: TEXT/plain; CHARSET=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 3 Dec, Jim Bourne wrote: > > Say your sendmail runs as user mail group mail, it exec's mail.local and > feeds mail.local the text in question, mail.local then does a seteuid to the > user the mail is being delivered to and then revokes all other root > privledges and opens, writes, and closes the mail spool file. umm, IIRC > that is... Not any more. As of 8.9, mail.local has to handle multiple recipients (for LMTP). It explicitly chowns the mailbox files, and thus assumes it's being invoked as root. (Look inside the deliver() function for the details.) -- Finger lyndon@execmail.com for PGP key. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Dec 3 12:30:31 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA17699 for freebsd-security-outgoing; Thu, 3 Dec 1998 12:30:31 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from fledge.watson.org (FLEDGE.RES.CMU.EDU [128.2.93.229]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA17683 for ; Thu, 3 Dec 1998 12:30:28 -0800 (PST) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.8.8/8.8.8) with SMTP id PAA13950; Thu, 3 Dec 1998 15:29:12 -0500 (EST) Date: Thu, 3 Dec 1998 15:29:12 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: Lyndon Nerenberg cc: woodford@cc181716-a.hwrd1.md.home.com, security@FreeBSD.ORG Subject: Re: mail.local In-Reply-To: <199812031844.LAA14212@rembrandt.esys.ca> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 3 Dec 1998, Lyndon Nerenberg wrote: > Not that I'm a big fan of pre-authentication. You still have to support > communication with remote servers no matter what, so you have to have > the code to handle AUTHENTICATE. If you want cached credentials, use > Kerberos. (This is how we run our email in-house.) And you're now > saying "but Kerberos is a pain to administer." As it's deployed, I > agree. That argument vanishes if someone writes a user-friendly > administration front-end to Kerberos to hand-hold a site through the > intial setup of the Kerberos environment. Make that part easy, and lots > of people will start using it. (And the recent PAM work will make the > use of Kerberos much more attractive.) Kerberos is easy -- it's finding clients that support KerberosIV under UNIX that's hard. That is, I have yet to find a copy of the Pine 3.9x Kerberos IV patches that compile cleanly under FreeBSD, and I don't have time to write them myself. What I should really do is upgrade to K5 (which has native support under more recent versions of Pine), but I don't believe that the CMU Cyrus server supports K5, only K4. I would have migrated all of the users of my system to the cyrus server long ago if pine 3.9x didn't keep asking for passwords and sending them in the clear text to my cyrus server. :) Robert N Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: 03 01 DD 8E 15 67 48 73 25 6D 10 FC EC 68 C1 1C Carnegie Mellon University http://www.cmu.edu/ TIS Labs at Network Associates, Inc. http://www.tis.com/ SafePort Network Services http://www.safeport.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Dec 3 12:53:31 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA20439 for freebsd-security-outgoing; Thu, 3 Dec 1998 12:53:31 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from burka.rdy.com (burka.rdy.com [205.149.163.30]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA20412 for ; Thu, 3 Dec 1998 12:53:21 -0800 (PST) (envelope-from dima@burka.rdy.com) Received: (from dima@localhost) by burka.rdy.com (8.9.1/RDY&DVV) id MAA07064; Thu, 3 Dec 1998 12:53:05 -0800 (PST) Message-Id: <199812032053.MAA07064@burka.rdy.com> Subject: Re: mail.local In-Reply-To: from Bill Woodford at "Dec 3, 1998 11:52:25 am" To: woodford@cc181716-a.hwrd1.md.home.com (Bill Woodford) Date: Thu, 3 Dec 1998 12:53:04 -0800 (PST) Cc: security@FreeBSD.ORG X-Class: Fast Organization: HackerDome Reply-To: dima@best.net From: dima@best.net (Dima Ruban) X-Mailer: ELM [version 2.4ME+ PL43 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Bill Woodford writes: > > On Wed, 2 Dec 1998, Dima Ruban wrote: > | Could somebody remind me of outcome of removing suid bit from mail.local > | discussion? > > Hmmm, if you remove it, I believe local mail delivery will cease due to > permission problems. Nah, this is not the problem. sendmail.cf should be fixed. > > -- > Bill Woodford * woodford@cc181716-a.hwrd1.md.home.com * ICQ:14076169 > Volunteer Coordinator, Otakon 99: Convention of Otaku Generation > "Windows Multitasking: Messing up several things at once." > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > -- dima To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Dec 3 12:56:01 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA20825 for freebsd-security-outgoing; Thu, 3 Dec 1998 12:56:01 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from burka.rdy.com (burka.rdy.com [205.149.163.30]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA20774 for ; Thu, 3 Dec 1998 12:55:56 -0800 (PST) (envelope-from dima@burka.rdy.com) Received: (from dima@localhost) by burka.rdy.com (8.9.1/RDY&DVV) id MAA07083; Thu, 3 Dec 1998 12:55:19 -0800 (PST) Message-Id: <199812032055.MAA07083@burka.rdy.com> Subject: Re: mail.local In-Reply-To: from Robert Watson at "Dec 3, 1998 12:36:36 pm" To: robert+freebsd@cyrus.watson.org Date: Thu, 3 Dec 1998 12:55:19 -0800 (PST) Cc: woodford@cc181716-a.hwrd1.md.home.com, security@FreeBSD.ORG X-Class: Fast Organization: HackerDome Reply-To: dima@best.net From: dima@best.net (Dima Ruban) X-Mailer: ELM [version 2.4ME+ PL43 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Robert Watson writes: > On Thu, 3 Dec 1998, Bill Woodford wrote: > > > | Could somebody remind me of outcome of removing suid bit from mail.local > > | discussion? > > > > Hmmm, if you remove it, I believe local mail delivery will cease due to > > permission problems. > > That is my memory of the conclusions, at least when sendmail is not > executing mail.local. If sendmail is executing it (and sendmail is > running as root) then I think it does behave correctly, at least when > sendmail is running as a daemon. I'm not sure if it behaves correctly > when sendmail is running setuid from a normal user account as invoked by, > say, pine. My feeling is more and more that we should be using protocols Yeah, it works allright. We've had this change for about 3-4 month (I think) here and there's no problems. > such as IMAP for mail access rather than try to fit everything into the > context of file system permissions, as that requires us to come up with > warped program behavior (such as making more things setuid than actually > need to be :). It might be interesting to rewrite an imap daemon to use > UNIX daemon sockets and ephemeral credential information to authenticate > the user, and similarly have a local SMTP-style domain socket also using > ephemeral data for authentication. BSD (and other Unices also) provide us > with a lot of tools to make life easier than we actually take advantage of > :). Well, it's a totally different discussion. Let's concentrate on a problems one at a time :-) > > Robert N Watson > > robert@fledge.watson.org http://www.watson.org/~robert/ > PGP key fingerprint: 03 01 DD 8E 15 67 48 73 25 6D 10 FC EC 68 C1 1C > > Carnegie Mellon University http://www.cmu.edu/ > TIS Labs at Network Associates, Inc. http://www.tis.com/ > SafePort Network Services http://www.safeport.com/ > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > -- dima To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Dec 3 12:59:51 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA21585 for freebsd-security-outgoing; Thu, 3 Dec 1998 12:59:51 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from lariat.lariat.org (lariat.lariat.org [206.100.185.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA21570 for ; Thu, 3 Dec 1998 12:59:48 -0800 (PST) (envelope-from brett@lariat.org) Received: (from brett@localhost) by lariat.lariat.org (8.8.8/8.8.6) id NAA04659; Thu, 3 Dec 1998 13:54:14 -0700 (MST) Message-Id: <4.1.19981203135009.04047ea0@127.0.0.1> X-Sender: brett@127.0.0.1 X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Thu, 03 Dec 1998 13:51:48 -0700 To: Robert Watson , Bill Woodford From: Brett Glass Subject: Re: mail.local Cc: ML FreeBSD Security In-Reply-To: References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 12:36 PM 12/3/98 -0500, Robert Watson wrote: >> Hmmm, if you remove it, I believe local mail delivery will cease due to >> permission problems. Why not use a group permission to allow access to mailboxes only? This would contain the damage that could be done by subverting an suid program. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Dec 3 13:00:21 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id NAA21862 for freebsd-security-outgoing; Thu, 3 Dec 1998 13:00:21 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from burka.rdy.com (burka.rdy.com [205.149.163.30]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA21820 for ; Thu, 3 Dec 1998 13:00:14 -0800 (PST) (envelope-from dima@burka.rdy.com) Received: (from dima@localhost) by burka.rdy.com (8.9.1/RDY&DVV) id MAA07104; Thu, 3 Dec 1998 12:59:45 -0800 (PST) Message-Id: <199812032059.MAA07104@burka.rdy.com> Subject: Re: mail.local In-Reply-To: from Robert Watson at "Dec 3, 1998 3:29:12 pm" To: robert+freebsd@cyrus.watson.org Date: Thu, 3 Dec 1998 12:59:45 -0800 (PST) Cc: lyndon@execmail.com, woodford@cc181716-a.hwrd1.md.home.com, security@FreeBSD.ORG X-Class: Fast Organization: HackerDome Reply-To: dima@best.net From: dima@best.net (Dima Ruban) X-Mailer: ELM [version 2.4ME+ PL43 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Robert Watson writes: > Kerberos is easy -- it's finding clients that support KerberosIV under > UNIX that's hard. That is, I have yet to find a copy of the Pine 3.9x > Kerberos IV patches that compile cleanly under FreeBSD, and I don't have > time to write them myself. What I should really do is upgrade to K5 > (which has native support under more recent versions of Pine), but I don't > believe that the CMU Cyrus server supports K5, only K4. I would have > migrated all of the users of my system to the cyrus server long ago if > pine 3.9x didn't keep asking for passwords and sending them in the clear > text to my cyrus server. :) If you use kerberos, I'd really suggest you on moving to K5. Much nicer and much more flexible in administration. > > Robert N Watson > > robert@fledge.watson.org http://www.watson.org/~robert/ > PGP key fingerprint: 03 01 DD 8E 15 67 48 73 25 6D 10 FC EC 68 C1 1C > > Carnegie Mellon University http://www.cmu.edu/ > TIS Labs at Network Associates, Inc. http://www.tis.com/ > SafePort Network Services http://www.safeport.com/ > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > -- dima To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Dec 3 13:19:38 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id NAA25214 for freebsd-security-outgoing; Thu, 3 Dec 1998 13:19:38 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from mail.onclick.net ([203.41.60.2]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id NAA25205 for ; Thu, 3 Dec 1998 13:19:33 -0800 (PST) (envelope-from vlad@onclick.net) Message-Id: <199812032119.NAA25205@hub.freebsd.org> Received: from vlad [203.41.60.151] by mail.onclick.net (SMTPD32-4.06) id A1583F501FC; Fri, 04 Dec 1998 07:23:36 +1000 X-Sender: vlad@mail.onclick.net X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0 Demo Date: Fri, 04 Dec 1998 08:16:45 +1100 To: freebsd-security@FreeBSD.ORG From: vlad Subject: auth 7c36154e subscribe freebsd-security vlad@onclick.net Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org auth 7c36154e subscribe freebsd-security vlad@onclick.net ---------------------------------------------- onClick The Complete Internet Solution Phone: +61 2 9906 2147 Fax: +61 2 9906 8786 http://www.onclick.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Dec 3 14:28:35 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id OAA05473 for freebsd-security-outgoing; Thu, 3 Dec 1998 14:28:35 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from fledge.watson.org (FLEDGE.RES.CMU.EDU [128.2.93.229]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA05437 for ; Thu, 3 Dec 1998 14:28:26 -0800 (PST) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.8.8/8.8.8) with SMTP id RAA14742; Thu, 3 Dec 1998 17:27:46 -0500 (EST) Date: Thu, 3 Dec 1998 17:27:46 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: Dima Ruban cc: lyndon@execmail.com, woodford@cc181716-a.hwrd1.md.home.com, security@FreeBSD.ORG Subject: Re: mail.local In-Reply-To: <199812032059.MAA07104@burka.rdy.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 3 Dec 1998, Dima Ruban wrote: > Robert Watson writes: > > Kerberos is easy -- it's finding clients that support KerberosIV under > > UNIX that's hard. That is, I have yet to find a copy of the Pine 3.9x > > Kerberos IV patches that compile cleanly under FreeBSD, and I don't have > > time to write them myself. What I should really do is upgrade to K5 > > (which has native support under more recent versions of Pine), but I don't > > believe that the CMU Cyrus server supports K5, only K4. I would have > > migrated all of the users of my system to the cyrus server long ago if > > pine 3.9x didn't keep asking for passwords and sending them in the clear > > text to my cyrus server. :) > > If you use kerberos, I'd really suggest you on moving to K5. > Much nicer and much more flexible in administration. I would certainly like to move to K5, but that's not an insignificant amount of trouble in terms of transitioning. Speaking of KerberosV, is it likely that FreeBSD will shift to shipping K4 instead of K5 by default at some point? K4 is the most common in all the environments I regularly use (here at CMU anyway) but K5 certainly has advantages (including, I believe, better support for multihomed hosts in the form of not using the IP in tickets/authenticators?) I would guess that the transition would be easier now that we have PAM? Robert N Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: 03 01 DD 8E 15 67 48 73 25 6D 10 FC EC 68 C1 1C Carnegie Mellon University http://www.cmu.edu/ TIS Labs at Network Associates, Inc. http://www.tis.com/ SafePort Network Services http://www.safeport.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Dec 3 15:49:38 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id PAA13939 for freebsd-security-outgoing; Thu, 3 Dec 1998 15:49:38 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from burka.rdy.com (burka.rdy.com [205.149.163.30]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA13934 for ; Thu, 3 Dec 1998 15:49:36 -0800 (PST) (envelope-from dima@burka.rdy.com) Received: (from dima@localhost) by burka.rdy.com (8.9.1/RDY&DVV) id PAA07878; Thu, 3 Dec 1998 15:49:09 -0800 (PST) Message-Id: <199812032349.PAA07878@burka.rdy.com> Subject: Re: mail.local In-Reply-To: from Robert Watson at "Dec 3, 1998 5:27:46 pm" To: robert+freebsd@cyrus.watson.org Date: Thu, 3 Dec 1998 15:49:08 -0800 (PST) Cc: dima@best.net, lyndon@execmail.com, woodford@cc181716-a.hwrd1.md.home.com, security@FreeBSD.ORG X-Class: Fast Organization: HackerDome Reply-To: dima@best.net From: dima@best.net (Dima Ruban) X-Mailer: ELM [version 2.4ME+ PL43 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Robert Watson writes: > > If you use kerberos, I'd really suggest you on moving to K5. > > Much nicer and much more flexible in administration. > > I would certainly like to move to K5, but that's not an insignificant > amount of trouble in terms of transitioning. Speaking of KerberosV, is > it likely that FreeBSD will shift to shipping K4 instead of K5 by default > at some point? K4 is the most common in all the environments I regularly You mean from K4 to K5 by default? Yes, hopefully. Me and markm are still working on it. > use (here at CMU anyway) but K5 certainly has advantages (including, I > believe, better support for multihomed hosts in the form of not using the > IP in tickets/authenticators?) > > I would guess that the transition would be easier now that we have PAM? I don't know much about PAM stuff > > Robert N Watson > > robert@fledge.watson.org http://www.watson.org/~robert/ > PGP key fingerprint: 03 01 DD 8E 15 67 48 73 25 6D 10 FC EC 68 C1 1C > > Carnegie Mellon University http://www.cmu.edu/ > TIS Labs at Network Associates, Inc. http://www.tis.com/ > SafePort Network Services http://www.safeport.com/ > -- dima To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Dec 3 16:26:11 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id QAA21655 for freebsd-security-outgoing; Thu, 3 Dec 1998 16:26:11 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from frmug.org (frmug-gw.frmug.org [193.56.58.252]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA21559 for ; Thu, 3 Dec 1998 16:26:01 -0800 (PST) (envelope-from roberto@keltia.freenix.fr) Received: (from uucp@localhost) by frmug.org (8.9.1/frmug-2.3/nospam) with UUCP id BAA02944 for security@FreeBSD.ORG; Fri, 4 Dec 1998 01:25:44 +0100 (CET) (envelope-from roberto@keltia.freenix.fr) Received: by keltia.freenix.fr (Postfix, from userid 101) id CB59E14BE; Fri, 4 Dec 1998 00:44:19 +0100 (CET) Date: Fri, 4 Dec 1998 00:44:19 +0100 From: Ollivier Robert To: ML FreeBSD Security Subject: Re: mail.local Message-ID: <19981204004419.A8445@keltia.freenix.fr> Mail-Followup-To: ML FreeBSD Security References: <4.1.19981203135009.04047ea0@127.0.0.1> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.94.16i In-Reply-To: <4.1.19981203135009.04047ea0@127.0.0.1>; from Brett Glass on Thu, Dec 03, 1998 at 01:51:48PM -0700 X-Operating-System: FreeBSD 3.0-CURRENT/ELF ctm#4856 AMD-K6 MMX @ 200 MHz Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org According to Brett Glass: > Why not use a group permission to allow access to mailboxes only? This would > contain the damage that could be done by subverting an suid program. Or wait one week and install VM^H^HPostfix which doesn't need the setuid bit at all (and of course has a lot of nice features). -- Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- roberto@keltia.freenix.fr FreeBSD keltia.freenix.fr 3.0-CURRENT #2: Sun Nov 8 01:22:20 CET 1998 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Dec 3 16:37:50 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id QAA23992 for freebsd-security-outgoing; Thu, 3 Dec 1998 16:37:50 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from apollo.backplane.com (apollo.backplane.com [209.157.86.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA23986 for ; Thu, 3 Dec 1998 16:37:49 -0800 (PST) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.9.1/8.9.1) id QAA01449; Thu, 3 Dec 1998 16:37:10 -0800 (PST) (envelope-from dillon) Date: Thu, 3 Dec 1998 16:37:10 -0800 (PST) From: Matthew Dillon Message-Id: <199812040037.QAA01449@apollo.backplane.com> To: Robert Watson Cc: Dima Ruban , lyndon@execmail.com, woodford@cc181716-a.hwrd1.md.home.com, security@FreeBSD.ORG Subject: Re: mail.local References: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Eeek! I like KRB5! I don't even want to think about revisiting KRB4. -Matt : :On Thu, 3 Dec 1998, Dima Ruban wrote: : :> Robert Watson writes: :> > Kerberos is easy -- it's finding clients that support KerberosIV under :> > UNIX that's hard. That is, I have yet to find a copy of the Pine 3.9x :> > Kerberos IV patches that compile cleanly under FreeBSD, and I don't have :> > time to write them myself. What I should really do is upgrade to K5 :> > (which has native support under more recent versions of Pine), but I don't :> > believe that the CMU Cyrus server supports K5, only K4. I would have :> > migrated all of the users of my system to the cyrus server long ago if :> > pine 3.9x didn't keep asking for passwords and sending them in the clear :> > text to my cyrus server. :) :> :> If you use kerberos, I'd really suggest you on moving to K5. :> Much nicer and much more flexible in administration. : :I would certainly like to move to K5, but that's not an insignificant :amount of trouble in terms of transitioning. Speaking of KerberosV, is :it likely that FreeBSD will shift to shipping K4 instead of K5 by default :at some point? K4 is the most common in all the environments I regularly :use (here at CMU anyway) but K5 certainly has advantages (including, I :believe, better support for multihomed hosts in the form of not using the :IP in tickets/authenticators?) : :I would guess that the transition would be easier now that we have PAM? : : Robert N Watson : :robert@fledge.watson.org http://www.watson.org/~robert/ :PGP key fingerprint: 03 01 DD 8E 15 67 48 73 25 6D 10 FC EC 68 C1 1C :... Matthew Dillon Engineering, HiWay Technologies, Inc. & BEST Internet Communications & God knows what else. (Please include original email in any response) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Dec 3 19:57:31 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id TAA14226 for freebsd-security-outgoing; Thu, 3 Dec 1998 19:57:31 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from fledge.watson.org (FLEDGE.RES.CMU.EDU [128.2.93.229]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id TAA14221 for ; Thu, 3 Dec 1998 19:57:29 -0800 (PST) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.8.8/8.8.8) with SMTP id WAA16049; Thu, 3 Dec 1998 22:55:15 -0500 (EST) Date: Thu, 3 Dec 1998 22:55:15 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: Matthew Dillon cc: Dima Ruban , lyndon@execmail.com, woodford@cc181716-a.hwrd1.md.home.com, security@FreeBSD.ORG Subject: Re: mail.local In-Reply-To: <199812040037.QAA01449@apollo.backplane.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 3 Dec 1998, Matthew Dillon wrote: > Eeek! I like KRB5! I don't even want to think about revisiting KRB4. Needless to say, when I said replace K5 with K4 as the default, I really meant replace K4 with K5 as the default :). Robert N Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: 03 01 DD 8E 15 67 48 73 25 6D 10 FC EC 68 C1 1C Carnegie Mellon University http://www.cmu.edu/ TIS Labs at Network Associates, Inc. http://www.tis.com/ SafePort Network Services http://www.safeport.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Dec 3 21:15:14 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id VAA20607 for freebsd-security-outgoing; Thu, 3 Dec 1998 21:15:14 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from gjp.erols.com (alex-va-n008c079.moon.jic.com [206.156.18.89]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id VAA20602 for ; Thu, 3 Dec 1998 21:15:12 -0800 (PST) (envelope-from gjp@gjp.erols.com) Received: from gjp.erols.com (localhost.erols.com [127.0.0.1]) by gjp.erols.com (8.9.1/8.8.7) with ESMTP id AAA55919; Fri, 4 Dec 1998 00:12:37 -0500 (EST) (envelope-from gjp@gjp.erols.com) X-Mailer: exmh version 2.0.1 12/23/97 To: Robert Watson cc: Bill Woodford , ML FreeBSD Security From: "Gary Palmer" Subject: Re: mail.local In-reply-to: Your message of "Thu, 03 Dec 1998 12:36:36 EST." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 04 Dec 1998 00:12:37 -0500 Message-ID: <55915.912748357@gjp.erols.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Robert Watson wrote in message ID : > On Thu, 3 Dec 1998, Bill Woodford wrote: > say, pine. My feeling is more and more that we should be using protocols > such as IMAP for mail access rather than try to fit everything into the Please don't use IMAP. It is a bloated ``designed by committee'' protocol and looks like a nightmare to impliment in an efficient (scalable) fashion. Makes me want to write my own protocol :( Gary -- Gary Palmer FreeBSD Core Team Member FreeBSD: Turning PC's into workstations. See http://www.FreeBSD.ORG/ for info To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Dec 3 23:15:44 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id XAA00231 for freebsd-security-outgoing; Thu, 3 Dec 1998 23:15:44 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from aniwa.sky (p39-nas1.wlg.ihug.co.nz [216.100.145.39]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id XAA00225 for ; Thu, 3 Dec 1998 23:15:40 -0800 (PST) (envelope-from andrew@squiz.co.nz) Received: from localhost (andrew@localhost) by aniwa.sky (8.8.8/8.8.7) with ESMTP id TAA16593 for ; Fri, 4 Dec 1998 19:51:36 +1300 (NZDT) (envelope-from andrew@squiz.co.nz) Date: Fri, 4 Dec 1998 19:51:34 +1300 (NZDT) From: Andrew McNaughton X-Sender: andrew@aniwa.sky Reply-To: andrew@squiz.co.nz To: FreeBSD Security Subject: IMAP (was Re: mail.local) In-Reply-To: <55915.912748357@gjp.erols.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 4 Dec 1998, Gary Palmer wrote: > Robert Watson wrote in message ID > : > > On Thu, 3 Dec 1998, Bill Woodford wrote: > > say, pine. My feeling is more and more that we should be using protocols > > such as IMAP for mail access rather than try to fit everything into the > > Please don't use IMAP. It is a bloated ``designed by committee'' protocol and > looks like a nightmare to impliment in an efficient (scalable) fashion. Makes > me want to write my own protocol :( When I read the IMAP rfc some time back, It took me about 15 minutes to realise that there'd be lots of machines out there with open guest accounts for things like ftp:ftp and guest:guest and that logging in as one of these would give (unpriviledged) read access to any file in the system. These users would normally not be expected to have access to the whole file tree, and in many cases the systems running mail servers are configured without the expectation of untrusted users rummaging through the file system. I've been told that some IMAP servers have good restrictions on what file areas can be accessed by what users, but I don't know which ones. I contacted the people that put out the imap-uw software and the guy was pretty prickly about my suggesting it was a problem. He was of the opinion that world read perms on files mean that it's OK for the world to have read access. So, does anyone know an IMAP server which can be set up to limit which areas of the file system are accessible, and preferably that can run of a passwd file other than the system one? Andrew McNaughton To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Dec 4 07:05:52 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id HAA09633 for freebsd-security-outgoing; Fri, 4 Dec 1998 07:05:52 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA09627 for ; Fri, 4 Dec 1998 07:05:45 -0800 (PST) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.1/8.9.1) id KAA01908; Fri, 4 Dec 1998 10:05:21 -0500 (EST) (envelope-from wollman) Date: Fri, 4 Dec 1998 10:05:21 -0500 (EST) From: Garrett Wollman Message-Id: <199812041505.KAA01908@khavrinen.lcs.mit.edu> To: andrew@squiz.co.nz Cc: FreeBSD Security Subject: IMAP (was Re: mail.local) In-Reply-To: References: <55915.912748357@gjp.erols.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org < said: > areas can be accessed by what users, but I don't know which ones. I > contacted the people that put out the imap-uw software and the guy was > pretty prickly about my suggesting it was a problem. He was of the > opinion that world read perms on files mean that it's OK for the world to > have read access. Sounds like Crispin to me... One of the original Unix-Haters. He should stick to hacking TOPS-20. -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Dec 4 07:16:54 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id HAA10737 for freebsd-security-outgoing; Fri, 4 Dec 1998 07:16:54 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from ocean.campus.luth.se (ocean.campus.luth.se [130.240.194.116]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA10728; Fri, 4 Dec 1998 07:16:47 -0800 (PST) (envelope-from karpen@ocean.campus.luth.se) Received: (from karpen@localhost) by ocean.campus.luth.se (8.9.1/8.9.1) id QAA27344; Fri, 4 Dec 1998 16:14:06 +0100 (CET) (envelope-from karpen) From: Mikael Karpberg Message-Id: <199812041514.QAA27344@ocean.campus.luth.se> Subject: Re: mail.local In-Reply-To: <55915.912748357@gjp.erols.com> from Gary Palmer at "Dec 4, 98 00:12:37 am" To: gpalmer@FreeBSD.ORG (Gary Palmer) Date: Fri, 4 Dec 1998 16:14:06 +0100 (CET) Cc: security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL32 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org According to Gary Palmer: > Please don't use IMAP. It is a bloated ``designed by committee'' > protocol and looks like a nightmare to impliment in an efficient > (scalable) fashion. Makes me want to write my own protocol :( I haven't used any of those postoffice protocols. I just use Real Mailboxes(tm). Neither have I written any implementations of such protocols, si I really don't know much about it. But people I talk to tend to think that IMAP is the way to go. Now, I don't know, but if I remember correctly, the thing goes: It's works. It's secure. POP isn't. What do you suggest instead of IMAP, and what's wrong with it? /Mikael To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Dec 4 07:40:46 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id HAA13428 for freebsd-security-outgoing; Fri, 4 Dec 1998 07:40:46 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from fledge.watson.org (FLEDGE.RES.CMU.EDU [128.2.93.229]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA13423 for ; Fri, 4 Dec 1998 07:40:45 -0800 (PST) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.8.8/8.8.8) with SMTP id KAA19923; Fri, 4 Dec 1998 10:40:17 -0500 (EST) Date: Fri, 4 Dec 1998 10:40:17 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: Andrew McNaughton cc: FreeBSD Security Subject: Re: IMAP (was Re: mail.local) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I personally like the CMU Cyrus server, but it's not designed to be a drop in replacement for an existing UNIX-style mail system; instead it assumes a sealed server machine and manages its own file trees and spool code. It performs quite well, and supports spiffy things like shared folders, ACLs on directories, quotas, integration with newspools so as to push newsgroups into IMAP-style message folders, direct delivery to a particular folder if the ACL is set right (see my reply-to above), etc. However, because of its design, it may not be appropriate for all users (not a drop-in replacement, requires some sendmail.cf changes) It's kerberos support is nice -- the users don't need accounts on the machine, you can just tell the server to auto-create folders for users who authenticate against a kerberos identity. There are also PAM and radius patches around (or maybe PAM is included by now) so it can fit well into a lot of the larger authentication environments available. It supports KerberosIV-based encryption and authentication (as well as passwords), and someone wrote an SSL proxy so that it may be used with the secure IMAP options in IE and Netscape. On Fri, 4 Dec 1998, Andrew McNaughton wrote: > On Fri, 4 Dec 1998, Gary Palmer wrote: > > > Robert Watson wrote in message ID > > : > > > On Thu, 3 Dec 1998, Bill Woodford wrote: > > > say, pine. My feeling is more and more that we should be using protocols > > > such as IMAP for mail access rather than try to fit everything into the > > > > Please don't use IMAP. It is a bloated ``designed by committee'' protocol and > > looks like a nightmare to impliment in an efficient (scalable) fashion. Makes > > me want to write my own protocol :( > > When I read the IMAP rfc some time back, It took me about 15 minutes > to realise that there'd be lots of machines out there with open guest > accounts for things like ftp:ftp and guest:guest and that logging in as > one of these would give (unpriviledged) read access to any file in the > system. These users would normally not be expected to have access to the > whole file tree, and in many cases the systems running mail servers are > configured without the expectation of untrusted users rummaging through > the file system. > > I've been told that some IMAP servers have good restrictions on what file > areas can be accessed by what users, but I don't know which ones. I > contacted the people that put out the imap-uw software and the guy was > pretty prickly about my suggesting it was a problem. He was of the > opinion that world read perms on files mean that it's OK for the world to > have read access. > > So, does anyone know an IMAP server which can be set up to limit which > areas of the file system are accessible, and preferably that can run of a > passwd file other than the system one? > > Andrew McNaughton > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > Robert N Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: 03 01 DD 8E 15 67 48 73 25 6D 10 FC EC 68 C1 1C Carnegie Mellon University http://www.cmu.edu/ TIS Labs at Network Associates, Inc. http://www.tis.com/ SafePort Network Services http://www.safeport.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Dec 4 08:24:37 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id IAA19054 for freebsd-security-outgoing; Fri, 4 Dec 1998 08:24:37 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from xiphias.pdc.kth.se (xiphias.pdc.kth.se [130.237.221.226]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA19049 for ; Fri, 4 Dec 1998 08:24:34 -0800 (PST) (envelope-from jas@pdc.kth.se) Received: (from jas@localhost) by xiphias.pdc.kth.se (8.8.5/8.8.5) id RAA14631; Fri, 4 Dec 1998 17:24:01 +0100 (MET) To: andrew@squiz.co.nz Cc: FreeBSD Security Subject: Re: IMAP (was Re: mail.local) References: From: Simon Josefsson In-Reply-To: Andrew McNaughton's message of "Fri, 4 Dec 1998 19:51:34 +1300 (NZDT)" Mime-Version: 1.0 Date: 04 Dec 1998 17:23:59 +0100 Message-ID: Lines: 23 User-Agent: Gnus/5.070061 (Pterodactyl Gnus v0.61) XEmacs/21.0 (Poitou) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Andrew McNaughton writes: > So, does anyone know an IMAP server which can be set up to limit which > areas of the file system are accessible, and preferably that can run of a > passwd file other than the system one? Cyrus IMAPD for instance. There is nothing in the IMAP protocol that says you have to export your file system to the world -- it's just a protocol for transfering messages (basicly). If you configure your IMAP to export everything to the world it will, but you really can't blaim the design of IMAP or the IMAP RFC for that. By default the Cyrus IMAPD store the article in /var/spool/imap (or similar), and there are user configurable ACL's in the protocol (similar to AFS ACL's) restricting access to the mailboxes. The UWash server is designed to export the entire unix file system via IMAP, this is a design choice and if you don't like it, configure it not to or use another IMAP server. /s To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Dec 4 08:47:34 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id IAA22084 for freebsd-security-outgoing; Fri, 4 Dec 1998 08:47:34 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from rembrandt.esys.ca (rembrandt.esys.ca [198.161.92.18]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA22078 for ; Fri, 4 Dec 1998 08:47:32 -0800 (PST) (envelope-from lyndon@execmail.com) Received: from execmail.com (zappa.esys.ca [198.161.92.28]) by rembrandt.esys.ca (2.0.4/SMS 2.0.4) with ESMTP id JAA01566; Fri, 4 Dec 1998 09:47:10 -0700 Message-Id: <199812041647.JAA01566@rembrandt.esys.ca> Date: Fri, 4 Dec 1998 09:47:06 -0700 From: Lyndon Nerenberg Subject: Re: IMAP (was Re: mail.local) To: andrew@squiz.co.nz cc: security@FreeBSD.ORG In-Reply-To: MIME-Version: 1.0 Content-Type: TEXT/plain; CHARSET=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > So, does anyone know an IMAP server which can be set up to limit which > areas of the file system are accessible, and preferably that can run of a > passwd file other than the system one? Just about everything other than the U Washington server. Start with /usr/ports/mail/cyrus. Or, for one commercial alternative, see http://www.execmail.com/. (We don't have a FreeBSD port, but that would change if someone said "Here's a P.O. for FreeBSD binary.") Our server can run with it's own account database - e.e. a true blackbox mail server with only root and the system admins in the password file. If you want more advertising, contact me privately or see the web page. --lyndon -- Finger lyndon@execmail.com for PGP key. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Dec 4 09:18:52 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA25922 for freebsd-security-outgoing; Fri, 4 Dec 1998 09:18:52 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from rembrandt.esys.ca (rembrandt.esys.ca [198.161.92.18]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA25914 for ; Fri, 4 Dec 1998 09:18:51 -0800 (PST) (envelope-from lyndon@execmail.com) Received: from execmail.com (zappa.esys.ca [198.161.92.28]) by rembrandt.esys.ca (2.0.4/SMS 2.0.4) with ESMTP id KAA02852; Fri, 4 Dec 1998 10:18:20 -0700 Message-Id: <199812041718.KAA02852@rembrandt.esys.ca> Date: Fri, 4 Dec 1998 10:18:17 -0700 From: Lyndon Nerenberg Subject: Re: IMAP (was Re: mail.local) To: robert+freebsd@cyrus.watson.org cc: robert@cyrus.watson.org, andrew@squiz.co.nz, security@FreeBSD.ORG In-Reply-To: MIME-Version: 1.0 Content-Type: TEXT/plain; CHARSET=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 4 Dec, Robert Watson wrote: > > I personally like the CMU Cyrus server, but it's not designed to be a drop > in replacement for an existing UNIX-style mail system; Well, with all due respect to /var/mail/$user, it's about time to put that old war-horse out to pasture. (How many people read usenet out of /var/spool/news these days?) Some people complain that IMAP is complex. Ever looked at the part of the POSIX standard that describes the format of "system mailboxes?" Ugh :-P Writing the IMAP server to deal with this out isn't going to be a trivial task. Nor is it insurmountable. There's a lot of freely available code that can be used as the base. And there's no shortage of mail clients out there these days. Given the number of security issues that have revolved around UNIX mail in the past, the effort we put into creating a well-designed message store will pay off in spades down the road. Now, I shouldn't have to say this here, but ... don't confuse IMAP *implementations* with the IMAP protocol. Yes, there are some horrible IMAP servers out there. I like them less that you, because every time they screw up and get in the press, I have to do damage control to convince people that *our* server isn't affected by any of it ... IMAP isn't simple to do. Many good things aren't. We, at least, should have the talent pool to do this right, n'est-ce pas? Of course POP3 is an alternative, if all you want is a simple maildrop protocol. POP3 will also shortly support SASL security mechanisms, so it's capable of being as secure as IMAP. It would be a shame to lose all the functionality that IMAP provides, though. As I mentioned previously, I'm in a bad position to contribute code. I do, however, have quite a bit of experience designing and implementing this stuff, and I'm willing to contribute whatever I can to the engineering of a new mailstore. If it works, great! If it doesn't, at least we know. Who's willing to put up? (And where do we move the discussion? This isn't really about -security any more.) --lyndon -- Finger lyndon@execmail.com for PGP key. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Dec 4 09:35:56 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA28571 for freebsd-security-outgoing; Fri, 4 Dec 1998 09:35:56 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from haldjas.folklore.ee (Haldjas.folklore.ee [193.40.6.121]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA28559 for ; Fri, 4 Dec 1998 09:35:47 -0800 (PST) (envelope-from narvi@haldjas.folklore.ee) Received: from haldjas.folklore.ee (haldjas.folklore.ee [172.17.2.1] (may be forged)) by haldjas.folklore.ee (8.8.8/8.8.4) with SMTP id TAA14865; Fri, 4 Dec 1998 19:34:53 +0200 (EET) Date: Fri, 4 Dec 1998 19:34:53 +0200 (EET) From: Narvi To: Simon Josefsson cc: andrew@squiz.co.nz, FreeBSD Security Subject: Re: IMAP (was Re: mail.local) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 4 Dec 1998, Simon Josefsson wrote: > Andrew McNaughton writes: > > > So, does anyone know an IMAP server which can be set up to limit which > > areas of the file system are accessible, and preferably that can run of a > > passwd file other than the system one? > > Cyrus IMAPD for instance. There is nothing in the IMAP protocol that > says you have to export your file system to the world -- it's just a > protocol for transfering messages (basicly). > > If you configure your IMAP to export everything to the world it will, > but you really can't blaim the design of IMAP or the IMAP RFC for > that. > > By default the Cyrus IMAPD store the article in /var/spool/imap (or > similar), and there are user configurable ACL's in the protocol > (similar to AFS ACL's) restricting access to the mailboxes. > > The UWash server is designed to export the entire unix file system via > IMAP, this is a design choice and if you don't like it, configure it > not to or use another IMAP server. > > /s > Shouldn't the FreeBSD port "by-default" configure it in a secure way, that is, the file system import disabled? Sander There is no love, no good, no happiness and no future - all these are just illusions. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Dec 4 17:36:28 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id RAA18556 for freebsd-security-outgoing; Fri, 4 Dec 1998 17:36:28 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from ns2.lit.edu.tw (ns2.lit.edu.tw [192.192.77.5]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id RAA18549 for ; Fri, 4 Dec 1998 17:36:23 -0800 (PST) (envelope-from bsdsecurity.bbs@ns2.lit.edu.tw) From: bsdsecurity.bbs@ns2.lit.edu.tw Received: (from bbs@localhost) by ns2.lit.edu.tw (8.8.8/8.8.8) id JAA12508 for freebsd-security@freebsd.org; Sat, 5 Dec 1998 09:46:26 +0800 (CST) (envelope-from bsdsecurity.bbs@ns2.lit.edu.tw) Date: Sat, 5 Dec 1998 09:46:26 +0800 (CST) Message-Id: <199812050146.JAA12508@ns2.lit.edu.tw> X-Authentication-Warning: ns2.lit.edu.tw: bbs set sender to bsdsecurity.bbs@ns2.lit.edu.tw using -f Reply-To: bsdsecurity.bbs@ns2.lit.edu.tw To: freebsd-security@FreeBSD.ORG Subject: subscribe list X-Disclaimer: 地下祕密組織對本信內容恕不負責。 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org subscrlibe list -- ※ Origin: 地下祕密組織 ◆ Post From: ns2.lit.edu.tw To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Dec 4 19:33:29 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id TAA27995 for freebsd-security-outgoing; Fri, 4 Dec 1998 19:33:29 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from frmug.org (frmug-gw.frmug.org [193.56.58.252]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id TAA27980 for ; Fri, 4 Dec 1998 19:32:54 -0800 (PST) (envelope-from roberto@keltia.freenix.fr) Received: (from uucp@localhost) by frmug.org (8.9.1/frmug-2.3/nospam) with UUCP id EAA18314 for security@FreeBSD.ORG; Sat, 5 Dec 1998 04:32:31 +0100 (CET) (envelope-from roberto@keltia.freenix.fr) Received: by keltia.freenix.fr (Postfix, from userid 101) id 0B68714BE; Sat, 5 Dec 1998 02:42:02 +0100 (CET) Date: Sat, 5 Dec 1998 02:42:02 +0100 From: Ollivier Robert To: FreeBSD Security Subject: Re: IMAP (was Re: mail.local) Message-ID: <19981205024202.A15122@keltia.freenix.fr> Mail-Followup-To: FreeBSD Security References: <55915.912748357@gjp.erols.com> <199812041505.KAA01908@khavrinen.lcs.mit.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.94.16i In-Reply-To: <199812041505.KAA01908@khavrinen.lcs.mit.edu>; from Garrett Wollman on Fri, Dec 04, 1998 at 10:05:21AM -0500 X-Operating-System: FreeBSD 3.0-CURRENT/ELF ctm#4856 AMD-K6 MMX @ 200 MHz Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org According to Garrett Wollman: > Sounds like Crispin to me... One of the original Unix-Haters. He > should stick to hacking TOPS-20. Yes, the same guy who said that 1777 is good for /var/mail. Yeah right. -- Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- roberto@keltia.freenix.fr FreeBSD keltia.freenix.fr 3.0-CURRENT #2: Sun Nov 8 01:22:20 CET 1998 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Dec 4 22:53:30 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id WAA13628 for freebsd-security-outgoing; Fri, 4 Dec 1998 22:53:30 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from yonge.cs.toronto.edu (yonge.cs.toronto.edu [128.100.1.8]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id WAA13445; Fri, 4 Dec 1998 22:53:25 -0800 (PST) (envelope-from dholland@cs.toronto.edu) Received: from qew.cs.toronto.edu ([128.100.1.13]) by yonge.cs.toronto.edu with SMTP id <86515-637>; Sat, 5 Dec 1998 01:53:07 -0500 Received: by qew.cs.toronto.edu id <37814-15902>; Sat, 5 Dec 1998 01:52:55 -0500 Subject: Re: kmem, tty, bind security enhancements commit. From: David Holland To: eivind@yes.no (Eivind Eklund) Date: Sat, 5 Dec 1998 01:52:49 -0500 Cc: dillon@apollo.backplane.com, freebsd-current@FreeBSD.ORG, freebsd-security@FreeBSD.ORG In-Reply-To: <19981201195028.A21015@follo.net> from "Eivind Eklund" at Dec 1, 98 01:50:28 pm X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Message-Id: <98Dec5.015255edt.37814-15902@qew.cs.toronto.edu> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > I'm somewhat surprised at the getuid() test in ntalkd being there > at all - it seems like this should have been done with permissions > instead of getuid(), and shouldn't be needed anyway. It looks to me like a broken version of the test many inetd-spawned daemons have to make sure they're not accidentally run on the command line. Normally there'd be a getpeername() on stdin or something, but there isn't. -- - David A. Holland | (please continue to send non-list mail to dholland@cs.utoronto.ca | dholland@hcs.harvard.edu. yes, I moved.) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Dec 5 11:16:21 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA02720 for freebsd-security-outgoing; Sat, 5 Dec 1998 11:16:21 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from roble.com (roble.com [207.5.40.50]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA02714 for ; Sat, 5 Dec 1998 11:16:19 -0800 (PST) (envelope-from sendmail@roble.com) Received: from localhost (localhost [127.0.0.1]) by roble.com (Roble) with SMTP id LAA23235 for ; Sat, 5 Dec 1998 11:16:17 -0800 (PST) Date: Sat, 5 Dec 1998 11:16:17 -0800 (PST) From: Roger Marquis X-Sender: Roger Marquis Reply-To: Roger Marquis To: security@FreeBSD.ORG Subject: Re: Syslog.conf setup In-Reply-To: <199812050136.RAA18568@hub.freebsd.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org butlermd@tgn.net (Michael Butler) wrote: > Reading the man pages and poking at the www and experimenting leaves > me still confused on *just how* I can configure my syslog to separate > logs by function. They grow at different rates and I want to use > newsyslog (no man page tho I have a newsyslog.cf in /etc) to manage > them. Try this syslog.conf. It references every facility: -------------------------------------------------------------------- syslog,auth,local7,local5.debug;daemon.notice;local6.info;user.none /dev/console kern.debug /var/log/kern.messages daemon.debug /var/log/daemon.messages user.debug /var/log/user.messages syslog,cron.info /var/cron/log auth.debug /var/log/auth.messages news.debug /var/log/news.messages mail.info /var/log/mail.messages uucp.notice /var/log/uucp.messages local0.debug /var/log/local0.messages local1.debug /var/log/local1.messages local2.warning /var/log/local2.messages local3.debug /var/log/local3.messages local4.debug /var/log/local4.messages local5.debug /var/log/local5.messages local6.debug /var/log/local6.messages local7.debug /var/log/local7.messages ftp.debug /var/log/ftp.messages ntp.debug /var/log/ntp.messages authpriv,lpr.debug /var/log/misc.messages *.debug,local2.none @loghost2 -------------------------------------------------------------------- > I see references to entries like this with the !program but don't see > the difference from: > ftp.* /var/log/ftpd This example is trying to use "*" as a log level, which is incorrect. You can use "*" to indicate all facilities but not all log levels. Debug is the equivalent to "*" in this case: ftp.debug /var/log/ftpd And don't forget to rotate those logfiles. We use a cron script: -------------------------------------------------------------------- # # rotate logfiles -gt 1MB # for i in /var/log/*messages ; do if [ "`du -s $i| awk '{print $1}'`" -gt 1000 ]; then #echo "rotating $i" if [ -f $i.10 ]; then cp $i.10 $i.11 ;fi if [ -f $i.9 ]; then cp $i.9 $i.10 ;fi if [ -f $i.8 ]; then cp $i.8 $i.9 ;fi if [ -f $i.7 ]; then cp $i.7 $i.8 ;fi if [ -f $i.6 ]; then cp $i.6 $i.7 ;fi if [ -f $i.5 ]; then cp $i.5 $i.6 ;fi if [ -f $i.4 ]; then cp $i.4 $i.5 ;fi if [ -f $i.3 ]; then cp $i.3 $i.4 ;fi if [ -f $i.2 ]; then cp $i.2 $i.3 ;fi if [ -f $i.1 ]; then cp $i.1 $i.2 ;fi if [ -f $i.0 ]; then cp $i.0 $i.1 ;fi cp $i $i.0 cp /dev/null $i fi done -------------------------------------------------------------------- Finally, a bourne shell script is the best way to quickly walk through all the logs (in order of most recently updated): -------------------------------------------------------------------- #!/bin/sh PATH=/bin:/usr/ucb:/usr/bin LOGDIR=/var/log if [ -f /usr/local/bin/less ]; then LESS=-cim PAGER=/usr/local/bin/less elif [ "$PAGER" != "" ]; then continue else PAGER=more fi #### last logins last -53 >/tmp/last.$$ #### which logfiles FILES=" \ /tmp/last.$$ $HOME/.procmail/log \ `ls -lt1 $LOGDIR/*messages|grep -v http|awk '{print $NF}'` \ /usr/aset/reports/latest/*.rpt /etc/dumpdates \ `ls -lt1 $LOGDIR/http*messages|awk '{print $NF}'` \ `ls -lt1 $LOGDIR/*messages.[0-9]|grep -v http|awk '{print $NF}'` " ##### view already VIEW="" for i in $FILES ;do if [ -s $i ]; then VIEW="${VIEW} $i" fi done $PAGER $VIEW #### cleanup rm -f /tmp/last.$$ -------------------------------------------------------------------- Roger Marquis Roble Systems Consulting http://www.roble.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Dec 5 13:01:43 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id NAA10646 for freebsd-security-outgoing; Sat, 5 Dec 1998 13:01:43 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from Relay.Romania.EU.net (main.RO.EU.net [193.226.128.1]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA10631 for ; Sat, 5 Dec 1998 13:01:36 -0800 (PST) (envelope-from Liviu.Ionescu@Romania.EU.net) Received: from ilg-mobile (ilg-home.RO.EU.net [193.226.149.3]) by Relay.Romania.EU.net (8.9.1/8.9.1/EUI_RO-AntiSpam) with SMTP id WAA16478; Sat, 5 Dec 1998 22:59:57 +0200 (EET) Reply-To: From: "Liviu Ionescu" To: "'Roger Marquis'" , Subject: RE: Syslog.conf setup Date: Sat, 5 Dec 1998 23:01:19 +0200 Message-ID: <008a01be2092$695450c0$0395e2c1@ilg-mobile> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2377.0 In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0 Importance: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > This example is trying to use "*" as a log level, which is incorrect. > You can use "*" to indicate all facilities but not all log levels. from the 3.0 syslog.conf man page: An asterisk ("*'') can be used to specify all facilities all levels or all programs. I just used it a few minutes ago and it worked. however, if for any reasons you have to remain portable with other syslog daemons (like Solaris), you should use .debug instead. regards, Liviu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Dec 5 13:33:31 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id NAA13399 for freebsd-security-outgoing; Sat, 5 Dec 1998 13:33:31 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from phluffy.fks.bt (net25-cust202.pdx.wantweb.net [24.236.25.202]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA13392 for ; Sat, 5 Dec 1998 13:33:29 -0800 (PST) (envelope-from myke@ees.com) Received: from localhost (myke@localhost) by phluffy.fks.bt (8.8.8/8.8.8) with ESMTP id NAA01582; Sat, 5 Dec 1998 13:32:50 -0800 (PST) (envelope-from myke@ees.com) Date: Sat, 5 Dec 1998 13:32:50 -0800 (PST) From: Mike Holling X-Sender: myke@phluffy.fks.bt To: ilg@Romania.EU.net cc: "'Roger Marquis'" , security@FreeBSD.ORG Subject: RE: Syslog.conf setup In-Reply-To: <008a01be2092$695450c0$0395e2c1@ilg-mobile> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > This example is trying to use "*" as a log level, which is incorrect. > > You can use "*" to indicate all facilities but not all log levels. I wasted an afternoon once figuring this out, the man pages don't make it as clear as it should be. Basically, "*" is valid for facilities, but not for levels. A level means "log everything at this level and above". Since debug is the lowest level, it catches everything. If you wanted to catch every single message, you would use *.debug Hope this helps. - Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message