From owner-freebsd-security Sun Nov 21 2:24:13 1999 Delivered-To: freebsd-security@freebsd.org Received: from icon.iconomic.com (iconomic.com [194.191.122.98]) by hub.freebsd.org (Postfix) with ESMTP id CDAB114F4B for ; Sun, 21 Nov 1999 02:24:04 -0800 (PST) (envelope-from ast@marabu.ch) Received: (from uucp@localhost) by icon.iconomic.com (8.9.2/8.9.2/ast-19990501) with UUCP id LAA15473 for security@FreeBSD.ORG; Sun, 21 Nov 1999 11:24:02 +0100 (MET) Received: (from uucp@localhost) by hawk.marabu.ch (8.8.8/8.8.8) with UUCP id LAA22156 for security@FreeBSD.ORG; Sun, 21 Nov 1999 11:16:02 +0100 (MET) (envelope-from ast@marabu.ch) Received: by marabu.marabu.ch (8.7.5/990131-ast-8.0) id LAA24043; Sun, 21 Nov 1999 11:14:09 +0100 (CET) Message-Id: <199911211014.LAA24043@marabu.marabu.ch> MIME-Version: 1.0 (NeXT Mail 3.3 v124.8483.6) Content-Type: text/plain X-Nextstep-Mailer: Mail 3.3 (Enhance 2.0b6) Received: by NeXT.Mailer (1.124.8483.6) From: Adrian Steinmann Date: Sun, 21 Nov 99 11:14:07 +0100 To: security@FreeBSD.ORG Subject: Re: ipfw and ifconfig X-Organization: Steinmann Consulting, Apollostrasse 21, 8032 Zurich X-Phone-Numbers: Switzerland, Tel +41 1 380 30 83 Fax +41 1 380 30 85 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org The discussion on why FreeBSD does ifconfig before ipfw and if it is secure depending on whether the kernel denies by default prompts me to propose that we add to /etc/rc.firewallthe boilerplate attached below: it takes down the interfaces to (re)load the rules, ignores HUP so reloading via net is possible, and of course brings back up the interfaces after reloading. This makes the reloading of IPFW rules look like an "atomic transaction" from the outside, and TCP sessions are not erroniously denied due to race conditions. We've done good mileage using this, but as always, YMMV. Adrian _________________________________________________________________________ Dr. Adrian Steinmann Steinmann Consulting Apollostrasse 21 8032 Zurich Tel +41 1 380 30 83 Fax +41 1 380 30 85 Mailto:ast@marabu.ch ############ # routine to set interfaces down and up interfaces () { if [ "x$firewall_quiet" = "xYES" ]; then ifcreport=":" else ifcreport=/sbin/ifconfig fi case "x$1" in xup) for i in `/sbin/ifconfig -dl`; do ( /sbin/ifconfig $i | /usr/bin/fgrep -qs inet ) 2>/dev/null && ( /sbin/ifconfig $i up && $ifcreport $i ) done ;; xdown) for i in `/sbin/ifconfig -ul`; do ( /sbin/ifconfig $i | /usr/bin/fgrep -qs inet ) 2>/dev/null && ( /sbin/ifconfig $i down && $ifcreport $i ) done ;; *) echo "USAGE: interfaces [up|down]" >&2 ;; esac } # interfaces () ############ # START trap : 1 interfaces down .... rules ... ############ # DONE interfaces up # record what we have done $fwcmd show 2>&1 | /usr/bin/logger To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Nov 21 4: 0:34 1999 Delivered-To: freebsd-security@freebsd.org Received: from freebsd.navon.org.il (freebsd.navon.org.il [192.117.131.10]) by hub.freebsd.org (Postfix) with ESMTP id 8DBF6151D3 for ; Sun, 21 Nov 1999 04:00:25 -0800 (PST) (envelope-from retal@freebsd.navon.org.il) Received: from localhost (retal@localhost) by freebsd.navon.org.il (8.9.3/8.9.3) with ESMTP id OAA13508 for ; Sun, 21 Nov 1999 14:04:39 +0200 (IST) (envelope-from retal@freebsd.navon.org.il) Date: Sun, 21 Nov 1999 14:04:39 +0200 (IST) From: retal To: security@freebsd.org Subject: What is the different between Openssh to SSH-1.2.X Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org i dont seems to understand what is the different between Openssh To SSh-1.2.27 or lower... Is Openssh is more secured or something? Retal, To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Nov 21 4: 8:11 1999 Delivered-To: freebsd-security@freebsd.org Received: from pawn.primelocation.net (pawn.primelocation.net [205.161.238.235]) by hub.freebsd.org (Postfix) with ESMTP id 969FA14F4B for ; Sun, 21 Nov 1999 04:08:07 -0800 (PST) (envelope-from cdf.lists@fxp.org) Received: by pawn.primelocation.net (Postfix, from userid 1016) id DA0689B22; Sun, 21 Nov 1999 07:08:06 -0500 (EST) Received: from localhost (localhost [127.0.0.1]) by pawn.primelocation.net (Postfix) with ESMTP id CA6B9BA21; Sun, 21 Nov 1999 07:08:06 -0500 (EST) Date: Sun, 21 Nov 1999 07:08:06 -0500 (EST) From: "Chris D. Faulhaber" X-Sender: cdf.lists@pawn.primelocation.net To: retal Cc: security@freebsd.org Subject: Re: What is the different between Openssh to SSH-1.2.X In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, 21 Nov 1999, retal wrote: > i dont seems to understand what is the different between Openssh > To SSh-1.2.27 or lower... > Is Openssh is more secured or something? http://www.openssh.com ----- Chris D. Faulhaber | All the true gurus I've met never System/Network Administrator, | claimed they were one, and always Reality Check Information, Inc. | pointed to someone better. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Nov 21 7: 4:35 1999 Delivered-To: freebsd-security@freebsd.org Received: from hub.freebsd.org (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id EA9F014C8B for ; Sun, 21 Nov 1999 07:03:13 -0800 (PST) (envelope-from green@FreeBSD.org) Received: from localhost (green@localhost [127.0.0.1]) by hub.freebsd.org (8.9.3/8.9.3) with ESMTP id JAA33592; Sun, 21 Nov 1999 09:58:19 -0500 (EST) (envelope-from green@FreeBSD.org) Date: Sun, 21 Nov 1999 09:58:19 -0500 (EST) From: Brian Fundakowski Feldman X-Sender: green@green.myip.org To: "Chris D. Faulhaber" Cc: retal , security@FreeBSD.org Subject: Re: What is the different between Openssh to SSH-1.2.X In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, 21 Nov 1999, Chris D. Faulhaber wrote: > On Sun, 21 Nov 1999, retal wrote: > > > i dont seems to understand what is the different between Openssh > > To SSh-1.2.27 or lower... > > Is Openssh is more secured or something? > > http://www.openssh.com You know, I can't see why people don't read the pkg/DESCR... It's even easier than going to the web page. (not saying you don't read it but the original poster.) > > ----- > Chris D. Faulhaber | All the true gurus I've met never > System/Network Administrator, | claimed they were one, and always > Reality Check Information, Inc. | pointed to someone better. -- Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! / green@FreeBSD.org `------------------------------' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Nov 21 9:17:42 1999 Delivered-To: freebsd-security@freebsd.org Received: from game.over.net (game.over.net [193.189.189.100]) by hub.freebsd.org (Postfix) with ESMTP id 5243814D34 for ; Sun, 21 Nov 1999 09:17:37 -0800 (PST) (envelope-from tomaz.borstnar@over.net) Received: from [193.189.182.217] ([193.189.182.217]:46597 "EHLO user") by mail.over.net with ESMTP id ; Sun, 21 Nov 1999 18:17:05 +0100 Message-Id: <4.2.2.19991121180438.021c3840@193.189.189.100> X-Sender: tmail@193.189.189.100 X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2 Date: Sun, 21 Nov 1999 18:06:55 -0100 To: freebsd-security@freebsd.org From: Tomaz Borstnar Subject: OpenSSH & AllowHosts In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello! OpenSSH is nice, works fine, but I miss AllowHosts feature. I know it can be done via packet filtering, but 100% compatibility with usual ssh would be nice. Anyone knows if this will be added? Tomaz ---- Tomaz Borstnar "Love is the answer to the final question you ask" - Unknown To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Nov 21 9:28:19 1999 Delivered-To: freebsd-security@freebsd.org Received: from funky.monkey.org (funky.monkey.org [63.77.239.12]) by hub.freebsd.org (Postfix) with ESMTP id A716E14D34 for ; Sun, 21 Nov 1999 09:28:10 -0800 (PST) (envelope-from dugsong@monkey.org) Received: by funky.monkey.org (Postfix, from userid 1001) id 7349A15188; Sun, 21 Nov 1999 12:24:27 -0500 (EST) Received: from localhost (localhost [127.0.0.1]) by funky.monkey.org (Postfix) with ESMTP id 5CFC814A01; Sun, 21 Nov 1999 12:24:27 -0500 (EST) Date: Sun, 21 Nov 1999 12:24:27 -0500 (EST) From: Dug Song To: Tomaz Borstnar Cc: freebsd-security@freebsd.org Subject: Re: OpenSSH & AllowHosts In-Reply-To: <4.2.2.19991121180438.021c3840@193.189.189.100> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, 21 Nov 1999, Tomaz Borstnar wrote: > OpenSSH is nice, works fine, but I miss AllowHosts feature. actually, AllowHosts/DenyHosts was specifically removed in favor of tcp-wrappers LIBWRAP support, which provides a more standard interface for access control. see hosts_access(5) for details. > I know it can be done via packet filtering, but 100% compatibility > with usual ssh would be nice. Anyone knows if this will be added? OpenSSH intentionally deviates from the original SSH in many ways - see http://violet.ibs.com.au/openssh/files/UPGRADING for a brief summary. -d. --- http://www.monkey.org/~dugsong/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Nov 21 9:41:52 1999 Delivered-To: freebsd-security@freebsd.org Received: from ikhala.tcimet.net (ikhala.tcimet.net [198.109.166.215]) by hub.freebsd.org (Postfix) with ESMTP id B83691524E for ; Sun, 21 Nov 1999 09:41:48 -0800 (PST) (envelope-from dervish@ikhala.tcimet.net) Received: (from dervish@localhost) by ikhala.tcimet.net (8.9.3/8.9.3) id NAA05708; Sun, 21 Nov 1999 13:10:19 -0500 (EST) (envelope-from dervish) Date: Sun, 21 Nov 1999 13:10:19 -0500 From: Bush Doctor To: Tomaz Borstnar Cc: freebsd-security@FreeBSD.ORG Subject: Re: OpenSSH & AllowHosts Message-ID: <19991121131019.A5689@ikhala.tcimet.net> References: <4.2.2.19991121180438.021c3840@193.189.189.100> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <4.2.2.19991121180438.021c3840@193.189.189.100>; from tomaz.borstnar@over.net on Sun, Nov 21, 1999 at 06:06:55PM -0100 X-Operating-System: FreeBSD 4.0-CURRENT i386 X-PGP-Fingerprint: 2C CE A5 D7 FA 4D D5 FD 9A CC 2B 23 04 46 48 F8 X-PGP-Keyid: 09E39259 WWW-Home-Page: http://ikhala.tcimet.net/dervish Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org The computer muse inspired Tomaz Borstnar to say: > Hello! > > OpenSSH is nice, works fine, but I miss AllowHosts feature. I know it can > be done via packet filtering, but 100% compatibility with usual ssh would > be nice. Anyone knows if this will be added? Don't know if it will be added, but you should consider using hosts.allow and hosts.deny if you have tcp_wrapper installed. > > Tomaz > ---- > Tomaz Borstnar > "Love is the answer to the final question you ask" - Unknown > > #:^) -- bush doctor harder than the rest ... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Nov 21 9:52:16 1999 Delivered-To: freebsd-security@freebsd.org Received: from megaweapon.zigg.com (megaweapon.zigg.com [206.114.60.8]) by hub.freebsd.org (Postfix) with ESMTP id 5F86C14BF8 for ; Sun, 21 Nov 1999 09:52:07 -0800 (PST) (envelope-from matt@zigg.com) Received: from localhost (matt@localhost) by megaweapon.zigg.com (8.9.3/8.9.3) with ESMTP id MAA01322; Sun, 21 Nov 1999 12:49:49 -0500 (EST) (envelope-from matt@zigg.com) Date: Sun, 21 Nov 1999 12:49:48 -0500 (EST) From: Matt Behrens To: Dug Song Cc: Tomaz Borstnar , freebsd-security@freebsd.org Subject: Re: OpenSSH & AllowHosts In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Today, Dug Song wrote: : OpenSSH intentionally deviates from the original SSH in many ways - see : : http://violet.ibs.com.au/openssh/files/UPGRADING : : for a brief summary. One deviation I know I'd appreciate would be DH/DSA support instead of perpetually being tied to RSA. I did some OpenBSD mailing list searches and haven't found anything concerning this; was this ever discussed? Matt Behrens Owner/Administrator, zigg.com Chief Engineer, Nameless IRC Network To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Nov 21 14:31:37 1999 Delivered-To: freebsd-security@freebsd.org Received: from pacific.int.topsecret.net (gill.apk.net [207.54.148.62]) by hub.freebsd.org (Postfix) with ESMTP id D798715840; Sun, 21 Nov 1999 14:30:01 -0800 (PST) (envelope-from gill@topsecret.net) Received: from localhost (gill@localhost) by pacific.int.topsecret.net (8.9.3/8.9.3) with ESMTP id OAA08780; Sat, 20 Nov 1999 14:47:59 -0500 (EST) (envelope-from gill@topsecret.net) X-Authentication-Warning: pacific.int.topsecret.net: gill owned process doing -bs Date: Sat, 20 Nov 1999 14:47:59 -0500 (EST) From: James Gill X-Sender: gill@pacific.int.topsecret.net To: Craig Garner Cc: Eivind Eklund , Nate Williams , Matthew Dillon , security@FreeBSD.ORG Subject: Re: Disabling FTP (was Re: Why not sandbox BIND?) In-Reply-To: <3836E8E3.E9F9E009@home.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I'm wandering into an ongoing discussion in -security with some personal observations and -advocacy but here goes: As a relative newbie, having ftpd on by default makes perfect sense. Few newbies are going to be building a machine to place into mission-critical service that day. I would venture that most folks play around with FreeBSD on a scratch system (sandbox? ;-)) for at least a little while first. I use FTP between systems regualrly and having cleartext passwords on the LAN isn't a *huge* issue in most cases...and if you've got concerns with cleartext passwords xmitted over your LAN you have probably got more pressing issues to be dealing with. That said, the person who first installs FreeBSD and wants to move files around who has to go in and figure out how to turn on ftpd is probably going to get _very_ frustrated. Especially when coming from a MS background in a plug-n-play world...converting these people is a gradual process, and throwing them in and expecting them to understand the underlying unix philosophies that are so different from the world they come from is going to cause more harm than good. Remember, if you take a server, boot it with an NT CD-ROM, accept all the defaults on the NT install and reboot, you've generally got a functioning server and if you do it five times you've got a functioning network. Albeit not the most secure, and not the ideal configuration but it does WORK and from there you can begin to make config changes. Maybe FreeBSD doesn't need to be *so* simplistic, but understanding that this is one of the major reasons why NT is very successful in the business world, especially the small business world (where folks try to use their computers for other ends than just making them talk to one another and can't afford full-time administrators) is something to consider when debating turning off services that most people will consider "basic" cheers, --gill On Sat, 20 Nov 1999, Craig Garner wrote: ->Eivind Eklund wrote: ->> ->> On Fri, Nov 12, 1999 at 05:31:14PM -0700, Nate Williams wrote: ->> > > > > Speaking of default system configurations - what do people think about ->> > > > > turning off the 'ftp' service in the default configuration? ->> > > > ->> > > > Personally, I don't like it. At least, not until SSH becomes a default ->> > > > protocol in the system, since otherwise there is no way to transfer ->> > > > files to/from FreeBSD boxes easily. ->> > > ->> > > You could still easily reenable ftpd if you need it. ->> > ->> > Or, you could still easily disable ftpd since you almost *always* need ->> > it right away. ->> ->> I've never, ever needed it. It transfers *cleartext* passwords. My ->> view is that it is not usable for anything but anonymous FTP. ->> ->> > > Given recent vulnerability history on many ftp daemons, I think it ->> > > might be safer to disable FTP by default. ->> > ->> > FreeBSD's ftpd is not succeptible. Given the argument, why don't we ->> > disable *ALL* network access, since all are suspect to breakins. :( (I'm ->> > kidding of course...) ->> ->> I am in favour of disabling all network access to boxes as they come ->> from install. As it is, we have a bunch of things that are most often ->> not necessary, and we're encouraging people (like poor misguided Nate ->> here ;) to run protocols that do not encrypt passwords. ->> ->> Any proposal to disable things that listen to the network in our ->> default setup will have my approval. ->> ->> Eivind. ->> ->If you think about it, why should someone who doesn't know how to turn ->something on and off have it on in the first place? I'm sure these ->ideas 'scare' newbie people who do not wish to read and figure out how ->to do this. I personally like to install a box, turn everything off, ->and then turn on what I need. -> ->Craig To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Nov 21 14:42:34 1999 Delivered-To: freebsd-security@freebsd.org Received: from wit395301.student.utwente.nl (wit395301.student.utwente.nl [130.89.235.121]) by hub.freebsd.org (Postfix) with ESMTP id 4916A1581A for ; Sun, 21 Nov 1999 14:42:31 -0800 (PST) (envelope-from jeroen@vangelderen.org) Received: from [10.235.121.14] (helo=vangelderen.org) by wit395301.student.utwente.nl with esmtp (Exim 2.05 #1) id 11pfgG-00023b-00; Sun, 21 Nov 1999 23:42:00 +0100 Message-ID: <3838750D.47B0B4C3@vangelderen.org> Date: Sun, 21 Nov 1999 23:41:17 +0100 From: "Jeroen C. van Gelderen" X-Mailer: Mozilla 4.61 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Matt Behrens Cc: Dug Song , Tomaz Borstnar , freebsd-security@FreeBSD.ORG Subject: Re: OpenSSH & AllowHosts References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Matt Behrens wrote: > : OpenSSH intentionally deviates from the original SSH in many ways - see > : > : http://violet.ibs.com.au/openssh/files/UPGRADING > : > : for a brief summary. > > One deviation I know I'd appreciate would be DH/DSA support instead > of perpetually being tied to RSA. I did some OpenBSD mailing list > searches and haven't found anything concerning this; was this ever > discussed? DH/DSA can not be supported in the SSH version 1.x protocol. It is in the SSH 2.0 protocol but I doubt OpenSSH will support that in the very near future because it would entail a significant rewrite. Cheers, Jeroen -- Jeroen C. van Gelderen - jeroen@vangelderen.org Interesting read: http://www.vcnet.com/bms/ JLF To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Nov 21 15: 2:25 1999 Delivered-To: freebsd-security@freebsd.org Received: from ns1.yes.no (ns1.yes.no [195.204.136.10]) by hub.freebsd.org (Postfix) with ESMTP id A543B14E47 for ; Sun, 21 Nov 1999 15:02:19 -0800 (PST) (envelope-from eivind@bitbox.follo.net) Received: from bitbox.follo.net (bitbox.follo.net [195.204.143.218]) by ns1.yes.no (8.9.3/8.9.3) with ESMTP id AAA00561; Mon, 22 Nov 1999 00:02:19 +0100 (CET) Received: (from eivind@localhost) by bitbox.follo.net (8.8.8/8.8.6) id AAA15608; Mon, 22 Nov 1999 00:02:09 +0100 (MET) Date: Mon, 22 Nov 1999 00:02:09 +0100 From: Eivind Eklund To: Nate Williams Cc: security@FreeBSD.ORG Subject: Re: Disabling FTP (was Re: Why not sandbox BIND?) Message-ID: <19991122000209.J602@bitbox.follo.net> References: <19991112173306.D76708@florence.pavilion.net> <19991112212912.Z57266@rucus.ru.ac.za> <199911121946.LAA24616@apollo.backplane.com> <199911122114.OAA20606@mt.sri.com> <19991113012855.A62879@fasterix.frmug.org> <199911130031.RAA21117@mt.sri.com> <19991120190417.I602@bitbox.follo.net> <199911201808.LAA10767@mt.sri.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <199911201808.LAA10767@mt.sri.com>; from nate@mt.sri.com on Sat, Nov 20, 1999 at 11:08:52AM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, Nov 20, 1999 at 11:08:52AM -0700, Nate Williams wrote: > > > Or, you could still easily disable ftpd since you almost *always* need > > > it right away. > > > > I've never, ever needed it. It transfers *cleartext* passwords. My > > view is that it is not usable for anything but anonymous FTP. > > So? *Most* of the FreeBSD boxes I setup are behind firewalls, or are > un-connected to the 'real' internet at first. Neither of these usually make it safe to transfer cleartext passwords. If you have a Windows box in your network with a "normal user" that recieve e-mail, you need to consider that network compromised. > I need something so I can transfer files to/from them to get them up > and running initially. There is this thing known as 'outbound ftp'. This is run by the little program located at /usr/bin/ftp, or, for the ports collection, by /usr/bin/fetch. The above mentioned programs are, from everything I've been able to gather based on doing various forms of support of the FreeBSD userbase, what normal users use. > > > FreeBSD's ftpd is not succeptible. Given the argument, why don't we > > > disable *ALL* network access, since all are suspect to breakins. :( (I'm > > > kidding of course...) > > > > I am in favour of disabling all network access to boxes as they come > > from install. > > NOT! Then we'd be worse than a windoze box. Drop your emotionalism and go with rational arguments, please. > I think most of you 'ISP' types are forgetting that *MOST* of the > FreeBSD boxes out there are installed by users, not big businesses. This is why I do NOT want to leave them high and dry by having them have their box rooted because YOU think it is convenient to have an insecure setup which THEY will never get any benefit from. For ISPs, I wouldn't see the present setup as a problem, because they are supposed to have people that know how to handle security. > Making the box unusable for most people, but 'secure' for a very small > portio of people is not a winning strategy. Most people do NOT need need network services running when they set up a new box. A lot of people get screwed by having extra services they do not need. Most users sit on the console of the box they are installing while doing initial setup, and most of those of them that feel they need access to the box from the network install ssh as their first thing to do in a shell on the box. Eivind. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Nov 21 15:24:44 1999 Delivered-To: freebsd-security@freebsd.org Received: from sand2.sentex.ca (sand2.sentex.ca [209.167.248.3]) by hub.freebsd.org (Postfix) with ESMTP id 356D414D30; Sun, 21 Nov 1999 15:24:37 -0800 (PST) (envelope-from mike@sentex.net) Received: from gravel (ospf-mdt.sentex.net [205.211.164.81]) by sand2.sentex.ca (8.8.8/8.8.8) with SMTP id SAA03311; Sun, 21 Nov 1999 18:24:34 -0500 (EST) (envelope-from mike@sentex.net) Message-Id: <4.1.19991121180544.04252f00@granite.sentex.ca> X-Sender: mdtancsa@granite.sentex.ca X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Sun, 21 Nov 1999 18:25:38 -0500 To: Eivind Eklund , Nate Williams From: Mike Tancsa Subject: Re: Disabling FTP (was Re: Why not sandbox BIND?) Cc: security@FreeBSD.ORG In-Reply-To: <19991122000209.J602@bitbox.follo.net> References: <199911201808.LAA10767@mt.sri.com> <19991112173306.D76708@florence.pavilion.net> <19991112212912.Z57266@rucus.ru.ac.za> <199911121946.LAA24616@apollo.backplane.com> <199911122114.OAA20606@mt.sri.com> <19991113012855.A62879@fasterix.frmug.org> <199911130031.RAA21117@mt.sri.com> <19991120190417.I602@bitbox.follo.net> <199911201808.LAA10767@mt.sri.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 06:02 PM 11/21/99 , Eivind Eklund wrote: >Most people do NOT need need network services running when they set up >a new box. A lot of people get screwed by having extra services they >do not need. > >Most users sit on the console of the box they are installing while >doing initial setup, and most of those of them that feel they need >access to the box from the network install ssh as their first thing to >do in a shell on the box. I think a lot of time could be spent trying best effort to protect end users from themselves (I am not thinking about ISPs here), and users will eventually either through carelessness or accident install something, or misconfigure something that will allow their system to be remotely compromised. But, even if you do disable potentially dangerous services, there is nothing to prevent the user from fumbling around and re-enabling it, there by subverting the original intent to protect them. Perhaps another strategy is just documentation. Add another section into the security man pages, or even put a reminder in big letters in the default MOTD reminding new users to understand the implications of installing certain services on their boxes. Especially these days when the majority of systems will be on some sort of potentially hostile network. The security(7) man page is an excellent guide for somewhat experienced users. However, for the class of user this thread seems to be talking about, I think its generally over their heads no ? Would the participants of this thread see merit in someone undertaking (e.g. me) writing a security document for a more novice user ? Something a little more extensive that http://www.freebsd.org/security/#tat and something a little more novice that security(7), especially with reference to clear text passwords. I think if the first time user is told right from the outset to think about security at the sysinstall page, and then reminded via the default MOTD, they might stand a better chance to be security conscious so that when they do use services like ftp and ftpd, they understand the implications. ---Mike ********************************************************************** Mike Tancsa, Network Admin * mike@sentex.net Sentex Communications Corp, * http://www.sentex.net/mike Cambridge, Ontario * 519 651 3400 Canada * To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Nov 21 15:45:43 1999 Delivered-To: freebsd-security@freebsd.org Received: from mls.gtonet.net (mls.gtonet.net [216.112.90.195]) by hub.freebsd.org (Postfix) with ESMTP id 9DCA214E3F for ; Sun, 21 Nov 1999 15:45:39 -0800 (PST) (envelope-from freebsd@gtonet.net) Received: from pld (holeyman@pld.gtonet.net [216.112.90.200]) by mls.gtonet.net (8.9.3/8.9.3) with SMTP id PAA00785 for ; Sun, 21 Nov 1999 15:45:39 -0800 (PST) (envelope-from freebsd@gtonet.net) From: "FreeBSD" To: Subject: RE: Disabling FTP (was Re: Why not sandbox BIND?) Date: Sun, 21 Nov 1999 15:45:45 -0800 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-reply-to: <4.1.19991121180544.04252f00@granite.sentex.ca> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > -----Original Message----- > From: owner-freebsd-security@FreeBSD.ORG > [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Mike Tancsa > Sent: Sunday, November 21, 1999 3:26 PM > To: Eivind Eklund; Nate Williams > Cc: security@FreeBSD.ORG > Subject: Re: Disabling FTP (was Re: Why not sandbox BIND?) > > > At 06:02 PM 11/21/99 , Eivind Eklund wrote: > >Most people do NOT need need network services running when they set up > >a new box. A lot of people get screwed by having extra services they > >do not need. > > > >Most users sit on the console of the box they are installing while > >doing initial setup, and most of those of them that feel they need > >access to the box from the network install ssh as their first thing to > >do in a shell on the box. > > I think a lot of time could be spent trying best effort to protect end > users from themselves (I am not thinking about ISPs here), and users will > eventually either through carelessness or accident install something, or > misconfigure something that will allow their system to be remotely > compromised. But, even if you do disable potentially dangerous services, > there is nothing to prevent the user from fumbling around and re-enabling > it, there by subverting the original intent to protect them. Perhaps > another strategy is just documentation. Add another section into the > security man pages, or even put a reminder in big letters in the default > MOTD reminding new users to understand the implications of installing > certain services on their boxes. Especially these days when the majority > of systems will be on some sort of potentially hostile network. > I disagree, partly anyway, I think it IS important to disable any and all potential security risks AND have the documentation tell them how to turn them on and what the implications of that would be. Better docs? You bet, great idea. Blurb in the MOTD? Sure, sounds great! Security has always been one of the best things about FreeBSD, lets not screw it up by enabling things that can compromise that. We don't have new users install BIND 8.1.2 and TELL them to patch to P5, we just compile 8.2.2-P5 on install instead. Why would we enable the holes and just tell them to disable them? > The security(7) man page is an excellent guide for somewhat experienced > users. However, for the class of user this thread seems to be talking > about, I think its generally over their heads no ? Would the participants > of this thread see merit in someone undertaking (e.g. me) writing a > security document for a more novice user ? Something a little more > extensive that http://www.freebsd.org/security/#tat and something a little > more novice that security(7), especially with reference to clear text > passwords. I think if the first time user is told right from the outset to > think about security at the sysinstall page, and then reminded via the > default MOTD, they might stand a better chance to be security conscious so > that when they do use services like ftp and ftpd, they understand the > implications. I agree, and there are many great pages out there for FreeBSD security, but it makes more sense to teach them about security by disabling the services and teaching them about security while teaching them how to enable them. > > ---Mike > ********************************************************************** > Mike Tancsa, Network Admin * mike@sentex.net > Sentex Communications Corp, * http://www.sentex.net/mike > Cambridge, Ontario * 519 651 3400 > Canada * > FreeBSD freebsd@gtonet.net "LinSUX is only free if your time is worthless" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Nov 21 16:42:52 1999 Delivered-To: freebsd-security@freebsd.org Received: from isr4033.urh.uiuc.edu (isr4033.urh.uiuc.edu [130.126.208.49]) by hub.freebsd.org (Postfix) with SMTP id 243EC14C20 for ; Sun, 21 Nov 1999 16:42:48 -0800 (PST) (envelope-from ftobin@uiuc.edu) Received: (qmail 19778 invoked by uid 1000); 22 Nov 1999 00:42:47 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 22 Nov 1999 00:42:47 -0000 Date: Sun, 21 Nov 1999 18:42:47 -0600 (CST) From: Frank Tobin X-Sender: ftobin@isr4033.urh.uiuc.edu To: FreeBSD-security Mailing List Subject: RE: Disabling FTP (was Re: Why not sandbox BIND?) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org FreeBSD, at 15:45 on Sun, 21 Nov 1999, wrote: > I disagree, partly anyway, I think it IS important to disable any and all > potential security risks AND have the documentation tell them how to turn > them on and what the implications of that would be. Better docs? You bet, > great idea. Blurb in the MOTD? Sure, sounds great! Security has always been > one of the best things about FreeBSD, lets not screw it up by enabling > things that can compromise that. We don't have new users install BIND 8.1.2 > and TELL them to patch to P5, we just compile 8.2.2-P5 on install instead. > Why would we enable the holes and just tell them to disable them? The bind example is not a good one, as there is not a difference in functionality; the primary point that I think that the person you were replying to was that new users need functionality instead a non-functionality in their new box. They expecting certain things to be there when they install a box, such as telnetd, ftpd, and sendmail. These daemon's are not holes, as you state; they are access points. I feel the best solution overall is to make this an option upon install. Something in the likes of "enable standard internet services?", with a blurb _there_ about the implications of choosing/not choosing the option. -- Frank Tobin http://www.neverending.org/~ftobin/ "To learn what is good and what is to be valued, those truths which cannot be shaken or changed." Myst: The Book of Atrus OpenPGP: 4F86 3BBB A816 6F0A 340F 6003 56FF D10A 260C 4FA3 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Nov 21 17: 5:41 1999 Delivered-To: freebsd-security@freebsd.org Received: from ns1.yes.no (ns1.yes.no [195.204.136.10]) by hub.freebsd.org (Postfix) with ESMTP id DFB6B14E3F for ; Sun, 21 Nov 1999 17:05:38 -0800 (PST) (envelope-from eivind@bitbox.follo.net) Received: from bitbox.follo.net (bitbox.follo.net [195.204.143.218]) by ns1.yes.no (8.9.3/8.9.3) with ESMTP id CAA01901; Mon, 22 Nov 1999 02:05:33 +0100 (CET) Received: (from eivind@localhost) by bitbox.follo.net (8.8.8/8.8.6) id CAA16217; Mon, 22 Nov 1999 02:05:33 +0100 (MET) Date: Mon, 22 Nov 1999 02:05:32 +0100 From: Eivind Eklund To: Mike Tancsa Cc: Nate Williams , security@FreeBSD.ORG Subject: Re: Disabling FTP (was Re: Why not sandbox BIND?) Message-ID: <19991122020532.M602@bitbox.follo.net> References: <19991112173306.D76708@florence.pavilion.net> <19991112212912.Z57266@rucus.ru.ac.za> <199911121946.LAA24616@apollo.backplane.com> <199911122114.OAA20606@mt.sri.com> <19991113012855.A62879@fasterix.frmug.org> <199911130031.RAA21117@mt.sri.com> <19991120190417.I602@bitbox.follo.net> <199911201808.LAA10767@mt.sri.com> <19991122000209.J602@bitbox.follo.net> <4.1.19991121180544.04252f00@granite.sentex.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <4.1.19991121180544.04252f00@granite.sentex.ca>; from mike@sentex.net on Sun, Nov 21, 1999 at 06:25:38PM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, Nov 21, 1999 at 06:25:38PM -0500, Mike Tancsa wrote: > At 06:02 PM 11/21/99 , Eivind Eklund wrote: > >Most people do NOT need need network services running when they set up > >a new box. A lot of people get screwed by having extra services they > >do not need. > > > >Most users sit on the console of the box they are installing while > >doing initial setup, and most of those of them that feel they need > >access to the box from the network install ssh as their first thing to > >do in a shell on the box. > > I think a lot of time could be spent trying best effort to protect end > users from themselves (I am not thinking about ISPs here), and users will > eventually either through carelessness or accident install something, or > misconfigure something that will allow their system to be remotely > compromised. But, even if you do disable potentially dangerous services, > there is nothing to prevent the user from fumbling around and re-enabling > it, there by subverting the original intent to protect them. Sure. However, this is something we can never guard against. Let me come with an analogy: Consider FreeBSD as a car. We are presently selling a variant which is pre-trimmed to be able to drive over the median strip (the protective strip between different directions of traffic in a highway), and will do so quite smoothly and automatically, without the driver even intending to do more than get to the gas-station on the other side (and not noticing that he actually ends up crossing through traffic - the windows are made of the same stuff as peril sensitive sunglasses). I consider it reasonable to have the driver flip a switch to be able to drive that way; others consider it reasonable to have the switch enabled by default, saying "Those that don't want the feature can easily turn it off, while newbies may not know how to do so - besides, I drive almost every car I buy across the median strip the moment I get it." (paraphrase). > Perhaps another strategy is just documentation. Add another section > into the security man pages, or even put a reminder in big letters > in the default MOTD reminding new users to understand the > implications of installing certain services on their boxes. > Especially these days when the majority of systems will be on some > sort of potentially hostile network. I think documentation is clearly necessary, but not as the only thing to do. However, I am fairly certain that I am outvoted (or at least outshouted) on the disable-network-services-by-default issue; this does not mean I won't keep giving my support to anybody that want to do this. > The security(7) man page is an excellent guide for somewhat experienced > users. However, for the class of user this thread seems to be talking > about, I think its generally over their heads no ? Would the participants > of this thread see merit in someone undertaking (e.g. me) writing a > security document for a more novice user? Definately! Go for it! Eivind. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Nov 21 17:17:50 1999 Delivered-To: freebsd-security@freebsd.org Received: from mls.gtonet.net (mls.gtonet.net [216.112.90.195]) by hub.freebsd.org (Postfix) with ESMTP id E9C3814EF1 for ; Sun, 21 Nov 1999 17:17:46 -0800 (PST) (envelope-from freebsd@gtonet.net) Received: from pld (holeyman@pld.gtonet.net [216.112.90.200]) by mls.gtonet.net (8.9.3/8.9.3) with SMTP id RAA01035 for ; Sun, 21 Nov 1999 17:17:47 -0800 (PST) (envelope-from freebsd@gtonet.net) From: "FreeBSD" To: Subject: RE: Disabling FTP (was Re: Why not sandbox BIND?) Date: Sun, 21 Nov 1999 17:17:54 -0800 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-reply-to: Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I think you misunderstood my intention, I'm not saying named is a hole, it's a service that sometimes is a security risk just as ftpd, telnetd and fingerd (add your favorites here) could be. NOT everyone needs/uses/wants ftpd, sendmail or telnetd, in fact, People are discouraged from using telnet in favor of the more secure ssh/openssh alternative. Very few people need to run an ftpd, and most users don't run their own mail servers, they use their ISP's. Maybe the warezpups, who are still stuck on LinSUX believe that (potentially) insecure services should be started by default so they don't have to bother reading about how to enable them so they can continue their continuous down/uploads, but I prefer to enable the things I need rather than disable the things I don't. Anyone who cant enable a service they need should read the man page, a relevant web page, check a help channel on irc or a newsgroup. It just makes no sense to enable a bunch of stuff most people don't need that could come back to bite them later, rather than have them disabled from the setup and enabled as needed. At least give them an option during the install to configure for a "more-secure install" (disabled) or "less-secure install" (enabled) I'm sure I know which most would chose. Just my 2 cents, FreeBSD freebsd@gtonet.net "LinSUX is only free if your time is worthless" > -----Original Message----- > From: owner-freebsd-security@FreeBSD.ORG > [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Frank Tobin > Sent: Sunday, November 21, 1999 4:43 PM > To: FreeBSD-security Mailing List > Subject: RE: Disabling FTP (was Re: Why not sandbox BIND?) > > > FreeBSD, at 15:45 on Sun, 21 Nov 1999, wrote: > > > I disagree, partly anyway, I think it IS important to disable > any and all > > potential security risks AND have the documentation tell them > how to turn > > them on and what the implications of that would be. Better > docs? You bet, > > great idea. Blurb in the MOTD? Sure, sounds great! Security has > always been > > one of the best things about FreeBSD, lets not screw it up by enabling > > things that can compromise that. We don't have new users > install BIND 8.1.2 > > and TELL them to patch to P5, we just compile 8.2.2-P5 on > install instead. > > Why would we enable the holes and just tell them to disable them? > > The bind example is not a good one, as there is not a difference in > functionality; the primary point that I think that the person you were > replying to was that new users need functionality instead a > non-functionality in their new box. They expecting certain things to be > there when they install a box, such as telnetd, ftpd, and sendmail. These > daemon's are not holes, as you state; they are access points. > > I feel the best solution overall is to make this an option upon > install. Something in the likes of "enable standard internet services?", > with a blurb _there_ about the implications of choosing/not choosing the > option. > > -- > Frank Tobin http://www.neverending.org/~ftobin/ > > "To learn what is good and what is to be valued, > those truths which cannot be shaken or changed." Myst: The Book of Atrus > > OpenPGP: 4F86 3BBB A816 6F0A 340F 6003 56FF D10A 260C 4FA3 > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Nov 21 21:47:46 1999 Delivered-To: freebsd-security@freebsd.org Received: from spock.org (cm-24-25-148-191.nycap.rr.com [24.25.148.191]) by hub.freebsd.org (Postfix) with ESMTP id E6AC514F6C for ; Sun, 21 Nov 1999 21:47:36 -0800 (PST) (envelope-from jon@spock.org) Received: (from jon@localhost) by spock.org serial EF600Q3T-B7F8823AAA53941F7T for freebsd-security@FreeBSD.ORG; Mon, 22 Nov 1999 00:47:35 -0500 (EST) (envelope-from jon) Date: Mon, 22 Nov 1999 00:47:35 -0500 From: Jonathan Chen To: freebsd-security@FreeBSD.ORG Subject: Re: Disabling FTP (was Re: Why not sandbox BIND?) Message-ID: References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: telnet In-Reply-To: ; from freebsd@gtonet.net on Sun, Nov 21, 1999 at 05:17:54PM -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org [ random-rant-mode=on] ftpd and telnetd is just as much a security risk as sshd. Alright, before everyone starts flaming me for this somewhat exaggerated statement, hear me out. Here's some reasons I think ftpd/telnetd is not as great a security hole as some people may be saying and why, IMHO, it should not be disabled by default. 1) ftpd/telnetd, by themselves, does not give unwanted guests a window of entry any more than sshd. 2) the code base for ftpd and telnetd combined is smaller than sshd. Plus, sshd may call external libraries like rasraf. Tell me which one is easier to audit for buffer overflows. 3) People who have no need to use ftpd (or telnetd) does not use ftpd/telnetd. Thus, cleartext password is never transmitted over these protocols. 4) FreeBSD comes with skey. The security conscious may choose to use it. With PAM this is very easy. 5) The same people who doesn't know about sending plain text passwords is also more likely to give away that password to someone else using other means. The solution is education, not disabling services. 6) Instead of disabling the service altogether, it is perhaps better to simply insert a "220- this protocol transmits password in clear text, use with caution. consult your sysadmin if you don't know what that meant" on the ftp greeting message. 7) Picture this scenario: Sysadmin installs freebsd machine. ssh is not installed for whatever reasons (ie, crypto laws/time/firewall-unable to grab source). Now this same sysadmin heads over to a near by building to setup a user machine. Boss: "I need to transfer this stuff to the new machine, NOW!" Admin: "no problem. I haven't installed sshd there yet, but I should be able to ftp the stuff over. Don't worry about the clear text password going through the network because our internal network is relatively secure, and I can change the password after I get back to the console anyway. In the mean time, if someone sniffs the password and tries it, I should be able to get back to the console in time to detect and stop this without any damage." Computer: "ftp: connection refused." Boss: "What the heck?!?" Admin: "Donno, let me telnet in and check." [ logs in to new machine ] Admin: "Hmm... appears someone changed inetd.conf so ftpd is disable by default. Now what should I do? Should I run over back to the other building and make my boss wait 20 minutes, or do I send the clear root password over the network?" 8) IMHO, ssh gives too many people too much false sense of security. How many times have you ssh'ed from a Windows (or otherwise unsecure) machine? How many times have you ssh'ed from a machine that other people admins? How many times have you blindly pressed "yes" when it asks you to accept a new host key? If a windows machine with an email client makes the whole network insecure, then it is also reasonable to conclude that any ssh client on a windows machine with an email client may also be trojaned or has a running key capture driver. 9) While in a perfect world every person who sets up a freebsd box would know how to turn on/off services, that is certainly not true in the world I live in. Certain users may have certain expectations about what a machine should be able to do out of the box. Sure you can document it to your heart's content, but the fact remains that people don't always RTFM, or may not know where the relevant portions of the FM is. 10) Whatever happened to "Unix was not designed to stop people from doing stupid things"? ;) (can't remember who that quote was from) [ quasi-fair-mode=on, rant-mode=stuck ] So there'll always be those people who have the "if it ain't broke, don't fix it" attitude and go on using telnet/ftp. Disabling these services by default may make some of them use ssh or other more secure protocols, but it might just make some others turn it back on or switch to another OS. Disabling ftpd/telnetd also has other effects like making the host less appealing to someone doing a port scan. While I'm sure many of you will have different opinions on this matter, I think I is not unreasonable to have an extension to sysinstall that let people turn on/off inetd services, much like daemons started at boot time. Users setting up freebsd would get this menu and thus be able to select whatever choices they want. Just my $0.002 on this whole issue. -- (o_ 1-2-1-2-1-2-1-2-1-2-1-2-1-2-1-2-1-2-1-2-1-2-1-2-1-2-1-2-1-2 _o) \\\_\ Jonathan Chen jon@spock.org /_/// <____) The surest protection against temptation is cowardice. --MT (____> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Nov 21 22: 3: 3 1999 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 4B29E14C1A for ; Sun, 21 Nov 1999 22:02:54 -0800 (PST) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id BAA27409; Mon, 22 Nov 1999 01:02:31 -0500 (EST) (envelope-from robert@cyrus.watson.org) Date: Mon, 22 Nov 1999 01:02:31 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: Dug Song Cc: Tomaz Borstnar , freebsd-security@freebsd.org Subject: Re: OpenSSH & AllowHosts In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, 21 Nov 1999, Dug Song wrote: > > I know it can be done via packet filtering, but 100% compatibility > > with usual ssh would be nice. Anyone knows if this will be added? > > OpenSSH intentionally deviates from the original SSH in many ways - see > > http://violet.ibs.com.au/openssh/files/UPGRADING > I've noticed that OpenSSH also seems to handle hostnames in ssh_known_hosts differently--I have a fairly extensive ssh_known_hosts file distributed across my machines to account for all the hosts I regularly connect to. I found that the new OpenSSH ignores the hostname-based entries and adds new IP-based entries automatically, with minimal warning. Is it doing all lookups based on IP and adding the key as a new host key, or is it copying the old entry to a new entry with new name? The first would seem to be fairly insecure (as the warning is not very loud and doesn't request confirmation); the second is not documented in the UPGRADING file and a little alarming :-). Any clarification here would be much appreciated--if it is absorbing new host keys without asking for confirmation, even though host keys are already present with a by-name lookup, I'm not sure I like the behavior--names are more likely to remain consistent in the world of NATs, dynamic IPs with DNS update, etc. Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Nov 22 2:16:46 1999 Delivered-To: freebsd-security@freebsd.org Received: from wit395301.student.utwente.nl (wit395301.student.utwente.nl [130.89.235.121]) by hub.freebsd.org (Postfix) with ESMTP id 1DB31158F9; Mon, 22 Nov 1999 02:16:41 -0800 (PST) (envelope-from jeroen@vangelderen.org) Received: from [10.235.121.14] (helo=vangelderen.org) by wit395301.student.utwente.nl with esmtp (Exim 2.05 #1) id 11pqWM-0003NJ-00; Mon, 22 Nov 1999 11:16:30 +0100 Message-ID: <383917D8.32C2AAE4@vangelderen.org> Date: Mon, 22 Nov 1999 11:15:52 +0100 From: "Jeroen C. van Gelderen" X-Mailer: Mozilla 4.61 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Mike Tancsa Cc: Eivind Eklund , Nate Williams , security@FreeBSD.ORG Subject: Re: Disabling FTP (was Re: Why not sandbox BIND?) References: <199911201808.LAA10767@mt.sri.com> <19991112173306.D76708@florence.pavilion.net> <19991112212912.Z57266@rucus.ru.ac.za> <199911121946.LAA24616@apollo.backplane.com> <199911122114.OAA20606@mt.sri.com> <19991113012855.A62879@fasterix.frmug.org> <199911130031.RAA21117@mt.sri.com> <19991120190417.I602@bitbox.follo.net> <199911201808.LAA10767@mt.sri.com> <4.1.19991121180544.04252f00@granite.sentex.ca> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Mike Tancsa wrote: > I think a lot of time could be spent trying best effort to protect end > users from themselves (I am not thinking about ISPs here), and users will > eventually either through carelessness or accident install something, or > misconfigure something that will allow their system to be remotely > compromised. But, even if you do disable potentially dangerous services, > there is nothing to prevent the user from fumbling around and re-enabling > it, there by subverting the original intent to protect them. This is not just about stupid end-users. Even experienced users can get bitten by this. The enabled services introduce a window of opportunity and can be easily forgotten. This is exactly the reason why your average firewall defaults to deny-all-except instead of allow-all-except... > Perhaps > another strategy is just documentation. Add another section into the > security man pages, or even put a reminder in big letters in the default > MOTD reminding new users to understand the implications of installing > certain services on their boxes. Especially these days when the majority > of systems will be on some sort of potentially hostile network. > > The security(7) man page is an excellent guide for somewhat experienced > users. However, for the class of user this thread seems to be talking > about, I think its generally over their heads no ? Would the participants > of this thread see merit in someone undertaking (e.g. me) writing a > security document for a more novice user ? Go for it! > Something a little more > extensive that http://www.freebsd.org/security/#tat and something a little > more novice that security(7), especially with reference to clear text > passwords. I think if the first time user is told right from the outset to > think about security at the sysinstall page, and then reminded via the > default MOTD, they might stand a better chance to be security conscious so > that when they do use services like ftp and ftpd, they understand the > implications. Hmm, so what are you going to tell the newbee? Turn off any services you don't need and turn on any services you do need? Now consider a box with the various services disabled by default. The advice gets simpler, doesn't it? Cheers, Jeroen -- Jeroen C. van Gelderen - jeroen@vangelderen.org Interesting read: http://www.vcnet.com/bms/ JLF To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Nov 22 2:31:39 1999 Delivered-To: freebsd-security@freebsd.org Received: from wit395301.student.utwente.nl (wit395301.student.utwente.nl [130.89.235.121]) by hub.freebsd.org (Postfix) with ESMTP id 693CB14E1E; Mon, 22 Nov 1999 02:31:29 -0800 (PST) (envelope-from jeroen@vangelderen.org) Received: from [10.235.121.14] (helo=vangelderen.org) by wit395301.student.utwente.nl with esmtp (Exim 2.05 #1) id 11pqjS-0003P5-00; Mon, 22 Nov 1999 11:30:02 +0100 Message-ID: <38391B04.9F5FD39D@vangelderen.org> Date: Mon, 22 Nov 1999 11:29:24 +0100 From: "Jeroen C. van Gelderen" X-Mailer: Mozilla 4.61 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: James Gill Cc: Craig Garner , Eivind Eklund , Nate Williams , Matthew Dillon , security@FreeBSD.ORG Subject: Re: Disabling FTP (was Re: Why not sandbox BIND?) References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org James Gill wrote: > As a relative newbie, having ftpd on by default makes perfect sense. Are you saying that you cannot manually enable ftpd if you need it? > Few newbies are going to be building a machine to place into > mission-critical service that day. Good for them, but it's not the newbies we primarily target methinks. > I would venture that most folks play around with FreeBSD on a scratch > system (sandbox? ;-)) for at least a little while first. I use FTP > between systems regualrly and having cleartext passwords on the LAN > isn't a *huge* issue in most cases... Exactly, so you can just *enable* ftpd while you are munging with the config. This renders the box insecure but at least you explicitly authorized the act of enabling. Isn't muning configuration files the first thing you do when you install a FreeBSD box? It is for me. > and if you've got concerns with cleartext passwords xmitted over > your LAN you have probably got more pressing issues to be dealing > with. Wrong assumption. > That said, the person who first installs FreeBSD and wants to move > files around who has to go in and figure out how to turn on ftpd > is probably going to get _very_ frustrated. So? He's supposed to read the documentation or telnet to port 20/21 or start with Linux first. > Especially when coming from a MS background in a plug-n-play > world...converting these people is a gradual process, and throwing > them in and expecting them to understand the underlying unix > philosophies that are so different from the world they come from > is going to cause more harm than good. People expect UNIX to be secure, so this argument doesn't really hold, does it? Hmm, makes me think: does Solaris ship with ftpd enabled by default? Cheers, Jeroen -- Jeroen C. van Gelderen - jeroen@vangelderen.org Interesting read: http://www.vcnet.com/bms/ JLF To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Nov 22 3: 3: 8 1999 Delivered-To: freebsd-security@freebsd.org Received: from isr4033.urh.uiuc.edu (isr4033.urh.uiuc.edu [130.126.208.49]) by hub.freebsd.org (Postfix) with SMTP id CB5AE14C21 for ; Mon, 22 Nov 1999 03:03:05 -0800 (PST) (envelope-from ftobin@uiuc.edu) Received: (qmail 23017 invoked by uid 1000); 22 Nov 1999 11:01:51 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 22 Nov 1999 11:01:51 -0000 Date: Mon, 22 Nov 1999 05:01:50 -0600 (CST) From: Frank Tobin X-Sender: ftobin@isr4033.urh.uiuc.edu To: security@FreeBSD.ORG Subject: Re: Disabling FTP (was Re: Why not sandbox BIND?) In-Reply-To: <38391B04.9F5FD39D@vangelderen.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Jeroen C. van Gelderen, at 11:29 on Mon, 22 Nov 1999, wrote: > > As a relative newbie, having ftpd on by default makes perfect sense. > > Are you saying that you cannot manually enable ftpd if you need it? Nope, you aren't going to be able to manually enable ftpd if you're a newbie to unix. You could, but how are you going to find out how? A newbie will think that ftpd is part of 'base unix', and expect it to be functional when they install. > Good for them, but it's not the newbies we primarily target methinks. FreeBSD doesn't attempt to target newbies, but why make it difficult for them to get a functional box? > Exactly, so you can just *enable* ftpd while you are munging with the > config. This renders the box insecure but at least you explicitly > authorized the act of enabling. You're making a real bold statement that just opening up ftpd leaves the box wide open. This is not a good assumption. As one person stated before, it is not the ftpd being up that renders a box insecure, but the sending of cleartext passwords to it is the problem. If you don't send cleartext passwords to it, you're not at risk. > Isn't muning configuration files the first thing you do when you > install a FreeBSD box? It is for me. That's great! Me too! So what's the problem with turning off what you don't need then not turn off then? I never found it a real pain to do so (just fetch a pre-configured inetd.conf to do the job, and voila, tightened system). > So? He's supposed to read the documentation or telnet to port 20/21 > or start with Linux first. Which documentation? There is so much out there that a newbie isn't going to know where to look. Sure, we've all been trained "read the README" file before you install a particular application, but aren't things so much nicer so you don't have to? Good application design doesn't make a new user learn the full system before he gets a chance to use it. Actually, I think FreeBSD is an easier OS to use than Linux, but that's another issue. We're discussing FreeBSD here. Let's not start discussions like "well, FreeBSD isn't meant to do this, so we won't even contemplate it." > People expect UNIX to be secure, so this argument doesn't really > hold, does it? This may just be me, but I think people expect unix to be a powerhouse of tools more than a secure box; heck, use DOS if you want network security. :) > Hmm, makes me think: does Solaris ship with ftpd enabled by default? Solaris ships with a _whole_ bunch of thing enabled by default. A _lot_ more than FreeBSD. I think it seems clear by now that people on both sides of the trenches of this debate have hunkered in, and won't budge. Linux distributors Red Hat and Mandrake solved the issue by presenting the user an option at install time similar to "do you want server/workstation/custom machine". I vote that we do something similar; just present the user an option at install time. I don't think anyone has objections to this solution. -- Frank Tobin http://www.neverending.org/~ftobin/ "To learn what is good and what is to be valued, those truths which cannot be shaken or changed." Myst: The Book of Atrus OpenPGP: 4F86 3BBB A816 6F0A 340F 6003 56FF D10A 260C 4FA3 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Nov 22 3:53:41 1999 Delivered-To: freebsd-security@freebsd.org Received: from wit395301.student.utwente.nl (wit395301.student.utwente.nl [130.89.235.121]) by hub.freebsd.org (Postfix) with ESMTP id 6059E14C12 for ; Mon, 22 Nov 1999 03:53:36 -0800 (PST) (envelope-from jeroen@vangelderen.org) Received: from [10.235.121.14] (helo=vangelderen.org) by wit395301.student.utwente.nl with esmtp (Exim 2.05 #1) id 11ps1k-0003Ug-00; Mon, 22 Nov 1999 12:53:00 +0100 Message-ID: <38392E75.860D36D@vangelderen.org> Date: Mon, 22 Nov 1999 12:52:21 +0100 From: "Jeroen C. van Gelderen" X-Mailer: Mozilla 4.61 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Frank Tobin Cc: security@FreeBSD.ORG Subject: Re: Disabling FTP (was Re: Why not sandbox BIND?) References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Frank Tobin wrote: > > Good for them, but it's not the newbies we primarily target methinks. > > FreeBSD doesn't attempt to target newbies, but why make it difficult for > them to get a functional box? Because I'd value security more than newbee friendlyness. > > Exactly, so you can just *enable* ftpd while you are munging with the > > config. This renders the box insecure but at least you explicitly > > authorized the act of enabling. > > You're making a real bold statement that just opening up ftpd leaves the > box wide open. This is not a good assumption. As one person stated > before, it is not the ftpd being up that renders a box insecure, but > the sending of cleartext passwords to it is the problem. If you don't > send cleartext passwords to it, you're not at risk. Yes you are at risk. Anything that runs on your system is a potential security risk, especially those things that run as root. The BIND and Sendmail exploits didn't require someone logging into the system, did they? Services you don't need *are* a security risk. Question is whether we want to install that risk by default... > > Isn't muning configuration files the first thing you do when you > > install a FreeBSD box? It is for me. > > That's great! Me too! So what's the problem with turning off what you > don't need then not turn off then? I never found it a real pain to do so > (just fetch a pre-configured inetd.conf to do the job, and voila, > tightened system). Because one might forget. Because I don't like the window of opportunity. Because it's a potential security risk that doesn't do us any good. Because you have to get in to enable extra services anyway, you might as well enable all services you need. > > So? He's supposed to read the documentation or telnet to port 20/21 > > or start with Linux first. > > Which documentation? Got a point :-) > There is so much out there that a newbie isn't going > to know where to look. Sure, we've all been trained "read the README" > file before you install a particular application, but aren't things so > much nicer so you don't have to? Good application design doesn't make a > new user learn the full system before he gets a chance to use it. If it's really a newbee, he won't expect ftp to run on the system. After all he's coming from a Windoze background. If he's coming from Linux, he's capable to enable ftpd. > > People expect UNIX to be secure, so this argument doesn't really > > hold, does it? > > This may just be me, but I think people expect unix to be a powerhouse of > tools more than a secure box; heck, use DOS if you want network > security. :) :-) > > Hmm, makes me think: does Solaris ship with ftpd enabled by default? > > Solaris ships with a _whole_ bunch of thing enabled by default. A _lot_ > more than FreeBSD. Well, that means we can do better then :-) > I think it seems clear by now that people on both sides of the trenches of > this debate have hunkered in, and won't budge. Linux distributors Red Hat > and Mandrake solved the issue by presenting the user an option at install > time similar to "do you want server/workstation/custom machine". I vote > that we do something similar; just present the user an option at install > time. I don't think anyone has objections to this solution. Sounds fine: [x] newbie mode ;-) Cheers, Jeroen -- Jeroen C. van Gelderen - jeroen@vangelderen.org Interesting read: http://www.vcnet.com/bms/ JLF To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Nov 22 4: 7:46 1999 Delivered-To: freebsd-security@freebsd.org Received: from megaweapon.zigg.com (megaweapon.zigg.com [206.114.60.8]) by hub.freebsd.org (Postfix) with ESMTP id BFAFB14C48 for ; Mon, 22 Nov 1999 04:07:42 -0800 (PST) (envelope-from matt@zigg.com) Received: from localhost (matt@localhost) by megaweapon.zigg.com (8.9.3/8.9.3) with ESMTP id HAA02741; Mon, 22 Nov 1999 07:05:27 -0500 (EST) (envelope-from matt@zigg.com) Date: Mon, 22 Nov 1999 07:05:26 -0500 (EST) From: Matt Behrens To: "Jeroen C. van Gelderen" Cc: Tomaz Borstnar , freebsd-security@FreeBSD.ORG Subject: Re: OpenSSH & AllowHosts In-Reply-To: <3838750D.47B0B4C3@vangelderen.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Yesterday, Jeroen C. van Gelderen wrote: : DH/DSA can not be supported in the SSH version 1.x protocol. It is : in the SSH 2.0 protocol but I doubt OpenSSH will support that in : the very near future because it would entail a significant rewrite. I feared as much. Oh well, here's hoping we'll all be free on September 20. :-) Matt Behrens Owner/Administrator, zigg.com Chief Engineer, Nameless IRC Network To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Nov 22 6:44:57 1999 Delivered-To: freebsd-security@freebsd.org Received: from po6.andrew.cmu.edu (PO6.ANDREW.CMU.EDU [128.2.10.106]) by hub.freebsd.org (Postfix) with ESMTP id 7795F152A3 for ; Mon, 22 Nov 1999 06:44:48 -0800 (PST) (envelope-from tcrimi+@andrew.cmu.edu) Received: (from postman@localhost) by po6.andrew.cmu.edu (8.9.3/8.9.3) id JAA02216 for security@FreeBSD.ORG; Mon, 22 Nov 1999 09:44:46 -0500 (EST) Received: via switchmail; Mon, 22 Nov 1999 09:44:46 -0500 (EST) Received: from unix7.andrew.cmu.edu via qmail ID ; Mon, 22 Nov 1999 09:43:51 -0500 (EST) Received: from unix7.andrew.cmu.edu via qmail ID ; Mon, 22 Nov 1999 09:43:42 -0500 (EST) Received: from mms.4.60.Jun.27.1996.03.02.53.sun4.51.EzMail.2.0.CUILIB.3.45.SNAP.NOT.LINKED.unix7.andrew.cmu.edu.sun4m.54 via MS.5.6.unix7.andrew.cmu.edu.sun4_51; Mon, 22 Nov 1999 09:43:42 -0500 (EST) Message-ID: Date: Mon, 22 Nov 1999 09:43:42 -0500 (EST) From: Thomas Valentino Crimi To: security@FreeBSD.ORG Subject: Re: Disabling FTP (was Re: Why not sandbox BIND?) Cc: In-Reply-To: References: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Excerpts from FreeBSD-Security: 22-Nov-99 Re: Disabling FTP (was Re: .. by Frank Tobin@uiuc.edu > You're making a real bold statement that just opening up ftpd leaves the > box wide open. This is not a good assumption. As one person stated > before, it is not the ftpd being up that renders a box insecure, but > the sending of cleartext passwords to it is the problem. If you don't > send cleartext passwords to it, you're not at risk. Another question is: How far away are we from integrated IPSec? And doesn't the usefulness of encrypted protocols such as ssh (except for when you want MORE security on top of encrypted packets I'd imagine) begin to diminish as boxes switch from v4 -> v6. Not something that will happen overnight, but once FreeBSD ships IPSec, using cleartext protocols no longer means instant password sniffing. This prospect seems very exciting to me, certian protocols stayed a long time without becoming truly secure and soon they will be in one fair swoop. You'll still need ssh for all the boxes which do not / will never support IPSec. -- Tom To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Nov 22 6:58:24 1999 Delivered-To: freebsd-security@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id 81327158C0 for ; Mon, 22 Nov 1999 06:58:21 -0800 (PST) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.3/8.9.3) id JAA84314; Mon, 22 Nov 1999 09:58:10 -0500 (EST) (envelope-from wollman) Date: Mon, 22 Nov 1999 09:58:10 -0500 (EST) From: Garrett Wollman Message-Id: <199911221458.JAA84314@khavrinen.lcs.mit.edu> To: Jonathan Chen Cc: freebsd-security@FreeBSD.ORG Subject: Re: Disabling FTP (was Re: Why not sandbox BIND?) In-Reply-To: References: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org < said: > 3) People who have no need to use ftpd (or telnetd) does not use > ftpd/telnetd. Thus, cleartext password is never transmitted over these > protocols. Even people who do use ftp/telnet can do so securely if they install authentication. (Hint: `telnetd -a user'.) -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Nov 22 7:13: 9 1999 Delivered-To: freebsd-security@freebsd.org Received: from inbox.org (inbox.org [216.22.145.8]) by hub.freebsd.org (Postfix) with ESMTP id 5F68D14DB3 for ; Mon, 22 Nov 1999 07:13:06 -0800 (PST) (envelope-from bsd@a.servers.aozilla.com) Received: from localhost (bsd@localhost) by inbox.org (8.9.3/8.9.3) with SMTP id KAA17331; Mon, 22 Nov 1999 10:12:49 -0500 (EST) Date: Mon, 22 Nov 1999 10:12:49 -0500 (EST) From: "Mr. K." X-Sender: bsd@inbox.org To: "Jeroen C. van Gelderen" Cc: Frank Tobin , security@FreeBSD.ORG Subject: Re: Disabling FTP (was Re: Why not sandbox BIND?) In-Reply-To: <38392E75.860D36D@vangelderen.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 22 Nov 1999, Jeroen C. van Gelderen wrote: > Frank Tobin wrote: > > > Good for them, but it's not the newbies we primarily target methinks. > > > > FreeBSD doesn't attempt to target newbies, but why make it difficult for > > them to get a functional box? > > Because I'd value security more than newbee friendlyness. > If you're not a newbie, you're not going to do a standard install anyway. We could argue over whether or not the majority of people are going to turn telnet on or off (I'd argue on), but we're not arguing over security, we're arguing over typing a few keys on the keyboard. The only place the default really matters is people who are newbies and don't know any better. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Nov 22 7:20: 6 1999 Delivered-To: freebsd-security@freebsd.org Received: from inbox.org (inbox.org [216.22.145.8]) by hub.freebsd.org (Postfix) with ESMTP id 9ACCE14DB3 for ; Mon, 22 Nov 1999 07:19:51 -0800 (PST) (envelope-from bsd@a.servers.aozilla.com) Received: from localhost (bsd@localhost) by inbox.org (8.9.3/8.9.3) with SMTP id KAA17543; Mon, 22 Nov 1999 10:19:51 -0500 (EST) Date: Mon, 22 Nov 1999 10:19:51 -0500 (EST) From: "Mr. K." X-Sender: bsd@inbox.org To: "Jeroen C. van Gelderen" Cc: Frank Tobin , security@FreeBSD.ORG Subject: Re: Disabling FTP (was Re: Why not sandbox BIND?) In-Reply-To: <38392E75.860D36D@vangelderen.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > I think it seems clear by now that people on both sides of the trenches of > > this debate have hunkered in, and won't budge. Linux distributors Red Hat > > and Mandrake solved the issue by presenting the user an option at install > > time similar to "do you want server/workstation/custom machine". I vote > > that we do something similar; just present the user an option at install > > time. I don't think anyone has objections to this solution. > > Sounds fine: > [x] newbie mode > ;-) > Would this be hard to do? Could someone give me a pointer of where I could look to find out how to change the install procedure? If it's easy maybe I could add a few options like this into the installation and submit them. If it's hard, well, I withdraw the offer :). To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Nov 22 8:47:29 1999 Delivered-To: freebsd-security@freebsd.org Received: from funky.monkey.org (funky.monkey.org [63.77.239.12]) by hub.freebsd.org (Postfix) with ESMTP id 04D2414CCC for ; Mon, 22 Nov 1999 08:47:12 -0800 (PST) (envelope-from provos@monkey.org) Received: by funky.monkey.org (Postfix, from userid 1007) id B028715184; Mon, 22 Nov 1999 11:41:32 -0500 (EST) Received: from localhost (localhost [127.0.0.1]) by funky.monkey.org (Postfix) with ESMTP id A205A14A01; Mon, 22 Nov 1999 11:41:32 -0500 (EST) Date: Mon, 22 Nov 1999 11:41:32 -0500 (EST) From: Niels Provos To: Robert Watson Cc: Dug Song , Tomaz Borstnar , freebsd-security@freebsd.org Subject: Re: OpenSSH & AllowHosts In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 22 Nov 1999, Robert Watson wrote: > regularly connect to. I found that the new OpenSSH ignores the > hostname-based entries and adds new IP-based entries automatically, with > minimal warning. Is it doing all lookups based on IP and adding the key It does not ignore them. It does additional checking with the IP address. You can disable this behaviour by setting CheckHostIP = no in your config file. > asking for confirmation, even though host keys are already present with a > by-name lookup, I'm not sure I like the behavior--names are more likely to > remain consistent in the world of NATs, dynamic IPs with DNS update, etc. IP address are only added if the host key associated with the domain name matches. Did you actually encounter any problems with this? Yes, there are many NATed networks and dynamic IPs out there, but most of them are not used for remote login. As I said set CheckHostIP = no solves this, if it is a problem for you. Niels. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Nov 22 9:16:38 1999 Delivered-To: freebsd-security@freebsd.org Received: from gatekeeper.veriohosting.com (gatekeeper.veriohosting.com [192.41.0.2]) by hub.freebsd.org (Postfix) with ESMTP id 9655A15376; Mon, 22 Nov 1999 09:16:19 -0800 (PST) (envelope-from hart@iserver.com) Received: by gatekeeper.veriohosting.com; Mon, 22 Nov 1999 10:16:06 -0700 (MST) Received: from unknown(192.168.1.109) by gatekeeper.veriohosting.com via smap (V3.1.1) id xma021900; Mon, 22 Nov 99 10:15:50 -0700 Received: (hart@localhost) by anchovy.orem.iserver.com (8.9.3) id KAA23562; Mon, 22 Nov 1999 10:13:25 -0700 (MST) Date: Mon, 22 Nov 1999 10:13:25 -0700 (MST) From: Paul Hart X-Sender: hart@anchovy.orem.iserver.com To: Eivind Eklund Cc: freebsd-security@FreeBSD.ORG Subject: Re: Disabling FTP In-Reply-To: <19991122000209.J602@bitbox.follo.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 22 Nov 1999, Eivind Eklund wrote: > This is why I do NOT want to leave them high and dry by having them > have their box rooted because YOU think it is convenient to have an > insecure setup which THEY will never get any benefit from. Why are we equating running ftpd with root compromise? I would recommend turning it off if you have no need for it, but I don't see how having it enabled necessarily means you're going to be rooted. Sure your passwords can be sniffed, but the frank reality is that most end users (and they're running Windows) just don't care or are unable to appreciate the danger. I would vote for leaving ftpd and telnetd turned on in the vanilla install, since I think the vanilla install needs to strike a delicate balance between security and usability. Inexperienced users will have enough running to see how FreeBSD works without undue exposure, and experienced users have only a few things to turn off if they're worried about them. Paul Hart -- Paul Robert Hart ><8> ><8> ><8> Verio Web Hosting, Inc. hart@iserver.com ><8> ><8> ><8> http://www.iserver.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Nov 22 9:39:39 1999 Delivered-To: freebsd-security@freebsd.org Received: from ns1.yes.no (ns1.yes.no [195.204.136.10]) by hub.freebsd.org (Postfix) with ESMTP id 50F9014C0A for ; Mon, 22 Nov 1999 09:39:20 -0800 (PST) (envelope-from eivind@bitbox.follo.net) Received: from bitbox.follo.net (bitbox.follo.net [195.204.143.218]) by ns1.yes.no (8.9.3/8.9.3) with ESMTP id SAA18885; Mon, 22 Nov 1999 18:38:21 +0100 (CET) Received: (from eivind@localhost) by bitbox.follo.net (8.8.8/8.8.6) id SAA20989; Mon, 22 Nov 1999 18:38:21 +0100 (MET) Date: Mon, 22 Nov 1999 18:38:21 +0100 From: Eivind Eklund To: Paul Hart Cc: freebsd-security@FreeBSD.ORG Subject: Re: Disabling FTP Message-ID: <19991122183821.D602@bitbox.follo.net> References: <19991122000209.J602@bitbox.follo.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: ; from hart@iserver.com on Mon, Nov 22, 1999 at 10:13:25AM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, Nov 22, 1999 at 10:13:25AM -0700, Paul Hart wrote: > On Mon, 22 Nov 1999, Eivind Eklund wrote: > > > This is why I do NOT want to leave them high and dry by having them > > have their box rooted because YOU think it is convenient to have an > > insecure setup which THEY will never get any benefit from. > > Why are we equating running ftpd with root compromise? Due to the number of previous holes in default enabled services. I'd not take a bet that all services running in FreeBSD by default are secure at less than 10:1 odds - would you? > I would recommend turning it off if you have no need for it, but I > don't see how having it enabled necessarily means you're going to be > rooted. It doesn't necessarily mean that - but it means a strongly increased chance of the above scenario, and it includes cases that could easily have been avoided by us being cautious. Eivind. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Nov 22 10:22: 8 1999 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 43C1114BCC for ; Mon, 22 Nov 1999 10:21:50 -0800 (PST) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id NAA30289; Mon, 22 Nov 1999 13:21:10 -0500 (EST) (envelope-from robert@cyrus.watson.org) Date: Mon, 22 Nov 1999 13:21:10 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: Niels Provos Cc: Dug Song , Tomaz Borstnar , freebsd-security@freebsd.org Subject: Re: OpenSSH & AllowHosts In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 22 Nov 1999, Niels Provos wrote: > On Mon, 22 Nov 1999, Robert Watson wrote: > > regularly connect to. I found that the new OpenSSH ignores the > > hostname-based entries and adds new IP-based entries automatically, with > > minimal warning. Is it doing all lookups based on IP and adding the key > It does not ignore them. It does additional checking with the IP address. > You can disable this behaviour by setting CheckHostIP = no in your config > file. > > > asking for confirmation, even though host keys are already present with a > > by-name lookup, I'm not sure I like the behavior--names are more likely to > > remain consistent in the world of NATs, dynamic IPs with DNS update, etc. > IP address are only added if the host key associated with the domain name > matches. Did you actually encounter any problems with this? Yes, there This is what I wanted to know--that is, that existing host keys were being used. Limited use of dynamic IPs with DNS update is something that may end in the near-term future, and is something that probably should not be relied on. For example, my boxes off of a DSL line in my home currently have static IPs, but Bell Atlantic will be moving to PPPoE and dynamic IPs in the not-so-distant future. It's also not clear to my that IP checking improves security--instead it could cause bogus errors in the presence of dynamic update or changing IPs. Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Nov 22 11:38:55 1999 Delivered-To: freebsd-security@freebsd.org Received: from shell.monmouth.com (shell.monmouth.com [205.231.236.9]) by hub.freebsd.org (Postfix) with ESMTP id 11F2014D90 for ; Mon, 22 Nov 1999 11:38:52 -0800 (PST) (envelope-from pechter@pechter.dyndns.org) Received: from pechter.dyndns.org (bg-tc-ppp90.monmouth.com [209.191.60.91]) by shell.monmouth.com (8.9.3/8.9.3) with ESMTP id OAA19582; Mon, 22 Nov 1999 14:36:28 -0500 (EST) Received: (from pechter@localhost) by pechter.dyndns.org (8.9.3/8.9.3) id OAA05868; Mon, 22 Nov 1999 14:37:56 -0500 (EST) (envelope-from pechter) From: Bill Pechter Message-Id: <199911221937.OAA05868@pechter.dyndns.org> Subject: Re: Disabling FTP (was Re: Why not sandbox BIND?) In-Reply-To: <38391B04.9F5FD39D@vangelderen.org> from "Jeroen C. van Gelderen" at "Nov 22, 1999 11:29:24 am" To: jeroen@vangelderen.org (Jeroen C. van Gelderen), security@freebsd.org Date: Mon, 22 Nov 1999 14:37:30 -0500 (EST) Reply-To: bpechter@shell.monmouth.com X-Phone-Number: 908-389-3592 X-OS-Type: FreeBSD 4.0-CURRENT X-Mailer: ELM [version 2.4ME+ PL43 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > People expect UNIX to be secure, so this argument doesn't really > hold, does it? > > Hmm, makes me think: does Solaris ship with ftpd enabled by default? > > Cheers, > Jeroen > -- > Jeroen C. van Gelderen - jeroen@vangelderen.org > Interesting read: http://www.vcnet.com/bms/ JLF > Solaris not only ships with ftpd enabled, it alllows ftp connections from root (no ftpusers) by default. (Found this out on my install of Solaris 7 Server 8/99 last week). 8-) Bill --- bpechter@shell.monmouth.com|pechter@pechter.dyndns.org Three things never anger: First, the one who runs your DEC, The one who does Field Service and the one who signs your check. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Nov 22 12: 2:25 1999 Delivered-To: freebsd-security@freebsd.org Received: from pericles.IPAustralia.gov.au (pericles.IPAustralia.gov.au [202.14.186.30]) by hub.freebsd.org (Postfix) with ESMTP id E758F152B2 for ; Mon, 22 Nov 1999 12:02:20 -0800 (PST) (envelope-from Stanley.Hopcroft@ipaustralia.gov.au) Received: (from smap@localhost) by pericles.IPAustralia.gov.au (8.9.3/8.9.3) id HAA04602 for ; Tue, 23 Nov 1999 07:02:19 +1100 (EST) (envelope-from Stanley.Hopcroft@ipaustralia.gov.au) X-Authentication-Warning: pericles.IPAustralia.gov.au: smap set sender to using -f Received: from noteshub01.aipo.gov.au(10.0.100.21) by pericles.IPAustralia.gov.au via smap (V2.0) id xma004596; Tue, 23 Nov 99 07:02:00 +1100 Received: by noteshub01.aipo.gov.au(Lotus SMTP MTA v4.6.3 (778.2 1-4-1999)) id 4A256831.00739A73 ; Tue, 23 Nov 1999 07:02:41 +1000 X-Lotus-FromDomain: IP_AUSTRALIA From: Stanley.Hopcroft@ipaustralia.gov.au To: freebsd-security@freebsd.org Message-ID: <4A256831.00739943.00@noteshub01.aipo.gov.au> Date: Tue, 23 Nov 1999 07:02:44 +1000 Subject: What is the status of the Skip port for 3.x Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org To: freebsd-security@freebsd.org cc: Dear Ladies and Gentlemen, I am writing to ask please would you let me know if the skip port for FreeBSD 3.x is working reliably ? The last letters I noticed about this in the archive referred to kernel panics. Please would you let me know about any very basic guides to setting up VPNs with skip ? Thank you, Yours sincerely. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Nov 22 12: 9:14 1999 Delivered-To: freebsd-security@freebsd.org Received: from lily.ezo.net (lily.ezo.net [206.102.130.13]) by hub.freebsd.org (Postfix) with ESMTP id C4AB3152C6 for ; Mon, 22 Nov 1999 12:09:09 -0800 (PST) (envelope-from jflowers@ezo.net) Received: from lily.ezo.net (jflowers@localhost.ezo.net [127.0.0.1]) by lily.ezo.net (8.8.7/8.8.7) with SMTP id PAA19833; Mon, 22 Nov 1999 15:08:16 -0500 (EST) Date: Mon, 22 Nov 1999 15:08:15 -0500 (EST) From: Jim Flowers To: Stanley.Hopcroft@ipaustralia.gov.au Cc: freebsd-security@FreeBSD.ORG Subject: Re: What is the status of the Skip port for 3.x In-Reply-To: <4A256831.00739943.00@noteshub01.aipo.gov.au> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Skip is alive and well for 3.x. Just use the port. Easiest if you first install packages for gmake and xview Setup of VPN's is part black art but mostly just careful reading of the documentation. Search maillist under skip. You may also have to comment out the last depend in the Makefile if you used the xview package instead of the port. Jim Flowers #4 ISP on C|NET, #1 in Ohio On Tue, 23 Nov 1999 Stanley.Hopcroft@ipaustralia.gov.au wrote: > > To: freebsd-security@freebsd.org > cc: > > > Dear Ladies and Gentlemen, > > I am writing to ask please would you let me know if the skip port for FreeBSD > 3.x is working reliably ? > > The last letters I noticed about this in the archive referred to kernel panics. > > Please would you let me know about any very basic guides to setting up VPNs with > skip ? > > Thank you, > > Yours sincerely. > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Nov 22 13:17:34 1999 Delivered-To: freebsd-security@freebsd.org Received: from penelope.skunk.org (penelope.skunk.org [208.133.204.51]) by hub.freebsd.org (Postfix) with ESMTP id 412FE14D89 for ; Mon, 22 Nov 1999 13:17:28 -0800 (PST) (envelope-from ben@penelope.skunk.org) Received: from localhost (ben@localhost) by penelope.skunk.org (8.9.3/8.9.3) with ESMTP id QAA92084 for ; Mon, 22 Nov 1999 16:25:39 -0500 (EST) Date: Mon, 22 Nov 1999 16:25:39 -0500 (EST) From: Ben Rosengart To: security@freebsd.org Subject: BIND Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org So are there no plans to integrate BIND 8.2.2p5 into -stable? I just installed 8.2.2p5 from ports, and it seemed kind of messy. And there's no NO_BIND flag in /etc/make.conf equivalent to NO_SENDMAIL, which would make it easier (I guess that's because of libresolv?). -- Ben Rosengart UNIX Systems Engineer, Skunk Group StarMedia Network, Inc. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Nov 22 16:18:11 1999 Delivered-To: freebsd-security@freebsd.org Received: from ws74.webct.com (ws74.webct.com [209.87.17.104]) by hub.freebsd.org (Postfix) with ESMTP id 8417215962 for ; Mon, 22 Nov 1999 16:18:00 -0800 (PST) (envelope-from dfoo@ca.webct.com) Received: from ca.webct.com (localhost [127.0.0.1]) by ws74.webct.com (8.9.3/8.9.3) with ESMTP id QAA17813 for ; Mon, 22 Nov 1999 16:16:26 -0800 (PST) (envelope-from dfoo@ca.webct.com) Message-ID: <3839DCDA.8E5FF87E@ca.webct.com> Date: Mon, 22 Nov 1999 16:16:26 -0800 From: Darren Foo Reply-To: dfoo@ca.webct.com Organization: ULT Canada X-Mailer: Mozilla 4.7 [en] (X11; U; FreeBSD 3.3-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: security@freebsd.org Subject: BIND 8.2.2P5 Upgrade Instructions? Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Are there instructions somewhere on how to upgrade from 8.x.x to the latest bind? I don't want to break my current DNS server. -- Darren Foo To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Nov 22 16:29:14 1999 Delivered-To: freebsd-security@freebsd.org Received: from pawn.primelocation.net (pawn.primelocation.net [205.161.238.235]) by hub.freebsd.org (Postfix) with ESMTP id C3FC514BC2 for ; Mon, 22 Nov 1999 16:29:12 -0800 (PST) (envelope-from cdf.lists@fxp.org) Received: by pawn.primelocation.net (Postfix, from userid 1016) id C537E9B36; Mon, 22 Nov 1999 19:29:10 -0500 (EST) Received: from localhost (localhost [127.0.0.1]) by pawn.primelocation.net (Postfix) with ESMTP id B484DBA21; Mon, 22 Nov 1999 19:29:10 -0500 (EST) Date: Mon, 22 Nov 1999 19:29:10 -0500 (EST) From: "Chris D. Faulhaber" X-Sender: cdf.lists@pawn.primelocation.net To: Darren Foo Cc: security@freebsd.org Subject: Re: BIND 8.2.2P5 Upgrade Instructions? In-Reply-To: <3839DCDA.8E5FF87E@ca.webct.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 22 Nov 1999, Darren Foo wrote: > Are there instructions somewhere on how to upgrade from 8.x.x to the > latest bind? I don't want to break my current DNS server. > > cd /usr/ports/net/bind8 && make install echo 'named_program="/usr/local/sbin/named"' >> /etc/rc.conf (you may have to link /etc/namedb/named.conf -> /etc/named.conf) ----- Chris D. Faulhaber | All the true gurus I've met never System/Network Administrator, | claimed they were one, and always Reality Check Information, Inc. | pointed to someone better. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Nov 22 20:45:12 1999 Delivered-To: freebsd-security@freebsd.org Received: from csw.csw.net (csw.csw.net [209.136.201.8]) by hub.freebsd.org (Postfix) with ESMTP id A19EC15054 for ; Mon, 22 Nov 1999 20:45:02 -0800 (PST) (envelope-from lambert@troi.csw.net) Received: from eqos2.os2warp.org (aslit1-29.cswnet.com [209.136.175.93]) by csw.csw.net (8.8.8/8.8.8) with SMTP id WAA18061 for ; Mon, 22 Nov 1999 22:44:48 -0600 (CST) (envelope-from lambert@troi.csw.net) Message-Id: <199911230444.WAA18061@csw.csw.net> From: lambert@troi.csw.net Date: Mon, 22 Nov 1999 21:55:15 -0600 To: security@FreeBSD.ORG In-Reply-To: Subject: Re: BIND 8.2.2P5 Upgrade Instructions? X-Mailer: MR/2 Internet Cruiser Edition for OS/2 v2.00 c00 (Unregistered) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In , on 11/22/99 at 07:29 PM, "Chris D. Faulhaber" said: >On Mon, 22 Nov 1999, Darren Foo wrote: >> Are there instructions somewhere on how to upgrade from 8.x.x to the >> latest bind? I don't want to break my current DNS server. >> >> >cd /usr/ports/net/bind8 && make install >echo 'named_program="/usr/local/sbin/named"' >> /etc/rc.conf >(you may have to link /etc/namedb/named.conf -> /etc/named.conf) Before you do a production machine, make sure you don't have names that are both CNAMEs and MX records. It will now refuse the domain file and that domain could be down until you figure it out. I ran 8.2.2P5 against the same zone files on a seperate machine first. I had a lot of fixing to do. The previous admin was MX happy and they had never turned up as a problem before. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Nov 23 0: 1:45 1999 Delivered-To: freebsd-security@freebsd.org Received: from pacific.int.topsecret.net (gill.apk.net [207.54.148.62]) by hub.freebsd.org (Postfix) with ESMTP id B8F9514A2D; Tue, 23 Nov 1999 00:00:07 -0800 (PST) (envelope-from gill@topsecret.net) Received: from localhost (gill@localhost) by pacific.int.topsecret.net (8.9.3/8.9.3) with ESMTP id LAA02890; Mon, 22 Nov 1999 11:59:51 -0500 (EST) (envelope-from gill@topsecret.net) X-Authentication-Warning: pacific.int.topsecret.net: gill owned process doing -bs Date: Mon, 22 Nov 1999 11:59:51 -0500 (EST) From: James Gill X-Sender: gill@pacific.int.topsecret.net To: "Jeroen C. van Gelderen" Cc: Craig Garner , Eivind Eklund , Nate Williams , Matthew Dillon , security@FreeBSD.ORG Subject: Re: Disabling FTP In-Reply-To: <38391B04.9F5FD39D@vangelderen.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Some very compelling arguments in this discussion. The only undisputed solution seems to be a question in the setup program about if you want default services installed. This discussion seems to bring out a pair of issues for consideration: 1) shutting all services off by default and 2) brand-newbie level documentation describing what to do in the first 24 hours after install for a sound and secure and reliable system is lacking. On Mon, 22 Nov 1999, Jeroen C. van Gelderen wrote: ->James Gill wrote: ->> As a relative newbie, having ftpd on by default makes perfect sense. -> ->Are you saying that you cannot manually enable ftpd if you need it? Yes. First sencence, fourth word: newbie. Newbie to FreeBSD, newbie to unix. I'm not a numbskull, I'm just not yet oriented to the environment. -> ->> Few newbies are going to be building a machine to place into ->> mission-critical service that day. -> ->Good for them, but it's not the newbies we primarily target methinks. -> tell that to -advocacy. ->> I would venture that most folks play around with FreeBSD on a scratch ->> system (sandbox? ;-)) for at least a little while first. I use FTP ->> between systems regualrly and having cleartext passwords on the LAN ->> isn't a *huge* issue in most cases... -> ->Exactly, so you can just *enable* ftpd while you are munging with the ->config. This renders the box insecure but at least you explicitly ->authorized the act of enabling. -> ->Isn't muning configuration files the first thing you do when you ->install a FreeBSD box? It is for me. -> Once I got FreeBSD installed the first thing I wanted to know was how to make it do what I wanted it to do. So I started learning how to config my account, mail tools, desktop, and eventually DNS. Somewhere after that comes Mail (Qmail methinks), Webserver (Apache), and then maybe an FTP server (?). I have yet to touch the inetd.conf but I have used FTP daily to transfer files between boxes. The earlier argument to turn off *all* services and let folks learn how to turn on everything one by one works best here. If you're not going to make it so that a fresh install performs a baseline of assumed services, shut them all off and force a little RTFM. Admittedly, I hadn't bothered to doso regarding the ftpd I am running by default (but again, i'm not running it on a publicly accessable system). ->> That said, the person who first installs FreeBSD and wants to move ->> files around who has to go in and figure out how to turn on ftpd ->> is probably going to get _very_ frustrated. -> ->So? He's supposed to read the documentation or telnet to port 20/21 ->or start with Linux first. -> ->> Especially when coming from a MS background in a plug-n-play ->> world...converting these people is a gradual process, and throwing ->> them in and expecting them to understand the underlying unix ->> philosophies that are so different from the world they come from ->> is going to cause more harm than good. -> ->People expect UNIX to be secure, so this argument doesn't really ->hold, does it? -> I see that we have different approaches here. You would crack the docs before trying anything, I would try it and see if it worked already. Generally, for me, reading the docs or manpages without a concept of what I'm looking for just makes me more confused than ever. As for starting with Linux, well, I did but per numerous discussions I've seen in -questions over the last few months, the install didn't go well and once I got things installed I couldn't figure out how or what to do and eventually gave up for a couple of years. If someone doesn't know to/how/what to edit in inetd.conf, why would they know to telnet to port 20/21? And while people do expect this OS to be secure, I would venture that more people expect it to be *functional*. And if what I've said seems largely ridiculous, it is probably less of a technical issue and more of a social one: http://www.theonion.com/onion3542/aurora_tekken3.html Sadly, my world is microwaves and McDonalds and FedEx and not mom's winter chili. --gill To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Nov 23 2:19:18 1999 Delivered-To: freebsd-security@freebsd.org Received: from verdi.nethelp.no (verdi.nethelp.no [158.36.41.162]) by hub.freebsd.org (Postfix) with SMTP id CAB7214CFD for ; Tue, 23 Nov 1999 02:19:14 -0800 (PST) (envelope-from sthaug@nethelp.no) Received: (qmail 61260 invoked by uid 1001); 23 Nov 1999 10:19:04 +0000 (GMT) To: gill@topsecret.net Cc: security@FreeBSD.ORG Subject: Re: Disabling FTP (was Re: Why not sandbox BIND?) From: sthaug@nethelp.no In-Reply-To: Your message of "Sat, 20 Nov 1999 14:47:59 -0500 (EST)" References: X-Mailer: Mew version 1.05+ on Emacs 19.34.2 Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Date: Tue, 23 Nov 1999 11:19:04 +0100 Message-ID: <61255.943352344@verdi.nethelp.no> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > As a relative newbie, having ftpd on by default makes perfect sense. Few > newbies are going to be building a machine to place into mission-critical > service that day. As a person responsible for network security I am amazed and disgusted at the number of boxes running open source OSes that are connected to the net - by students and others - and that are, basically, wide open. SMTP open for relaying, IMAP or POP3 servers with well known holes, etc. There boxes may not be used for mission-critical functions - but because they are open, they are a danger for their surroundings. They are being misused for spamming, are being used as breakin entry points, etc. And new boxes are popping up all the time. For me it makes perfect sense that these services should be turned off by default, and that you have to actually *do* something to turn it on. Steinar Haug, Nethelp consulting, sthaug@nethelp.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Nov 23 6:16:59 1999 Delivered-To: freebsd-security@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id 0566C14C8D for ; Tue, 23 Nov 1999 06:16:54 -0800 (PST) (envelope-from cy@cschuber.net.gov.bc.ca) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id GAA00696; Tue, 23 Nov 1999 06:16:49 -0800 Received: from cschuber.net.gov.bc.ca(142.31.240.113), claiming to be "cwsys.cwsent.com" via SMTP by point.osg.gov.bc.ca, id smtpda00694; Tue Nov 23 06:16:34 1999 Received: (from uucp@localhost) by cwsys.cwsent.com (8.9.3/8.9.1) id GAA50530; Tue, 23 Nov 1999 06:16:32 -0800 (PST) Message-Id: <199911231416.GAA50530@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpdw50526; Tue Nov 23 06:16:31 1999 X-Mailer: exmh version 2.1.1 10/15/1999 Reply-To: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-OS: FreeBSD 3.3-RELEASE X-Sender: cy To: Ben Rosengart Cc: security@FreeBSD.ORG Subject: Re: BIND In-reply-to: Your message of "Mon, 22 Nov 1999 16:25:39 EST." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 23 Nov 1999 06:16:30 -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message , Ben R osengart writes: > So are there no plans to integrate BIND 8.2.2p5 into -stable? I just > installed 8.2.2p5 from ports, and it seemed kind of messy. And there's > no NO_BIND flag in /etc/make.conf equivalent to NO_SENDMAIL, which would > make it easier (I guess that's because of libresolv?). Alternatively you can extract a newer bind into /usr/src/contrib/bind, then cd to the various bind directories and make or make world. I haven't specifically tried this with bind, however this technique did work with CVS a couple of years ago. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Sun/DEC Team, UNIX Group Internet: Cy.Schubert@uumail.gov.bc.ca ITSD Cy.Schubert@gems8.gov.bc.ca Province of BC "e**(i*pi)+1=0" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Nov 23 6:39:19 1999 Delivered-To: freebsd-security@freebsd.org Received: from vinyl.sentex.ca (vinyl.sentex.ca [209.112.4.14]) by hub.freebsd.org (Postfix) with ESMTP id C97C114BF4 for ; Tue, 23 Nov 1999 06:39:15 -0800 (PST) (envelope-from mike@sentex.net) Received: from granite.sentex.net (granite-atm.sentex.ca [209.112.4.1]) by vinyl.sentex.ca (8.9.3/8.9.3) with ESMTP id JAA00783; Tue, 23 Nov 1999 09:38:46 -0500 (EST) (envelope-from mike@sentex.net) Received: from simoeon (simeon.sentex.ca [209.112.4.47]) by granite.sentex.net (8.8.8/8.6.9) with SMTP id JAA13087; Tue, 23 Nov 1999 09:38:46 -0500 (EST) Message-Id: <3.0.5.32.19991123093720.01d02aa0@staff.sentex.ca> X-Sender: mdtpop@staff.sentex.ca X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32) Date: Tue, 23 Nov 1999 09:37:20 -0500 To: lambert@troi.csw.net, security@FreeBSD.ORG From: Mike Tancsa Subject: Re: BIND 8.2.2P5 Upgrade Instructions? In-Reply-To: <199911230444.WAA18061@csw.csw.net> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 09:55 PM 11/22/99 -0600, lambert@troi.csw.net wrote: >In , on >11/22/99 > at 07:29 PM, "Chris D. Faulhaber" said: > >>On Mon, 22 Nov 1999, Darren Foo wrote: > >>> Are there instructions somewhere on how to upgrade from 8.x.x to the >>> latest bind? I don't want to break my current DNS server. >>> >>> > >>cd /usr/ports/net/bind8 && make install >>echo 'named_program="/usr/local/sbin/named"' >> /etc/rc.conf > >>(you may have to link /etc/namedb/named.conf -> /etc/named.conf) > >Before you do a production machine, make sure you don't have names that >are both CNAMEs and MX records. It will now refuse the domain file and >that domain could be down until you figure it out. > >I ran 8.2.2P5 against the same zone files on a seperate machine first. I >had a lot of fixing to do. The previous admin was MX happy and they had >never turned up as a problem before. > From the default named.conf, I think the option below will change it to the previous behaviour. multiple-cnames no; // if yes, then a name my have more // than one CNAME RR. This use // is non-standard and is not // recommended, but it is available // because previous releases supported // it and it was used by large sites // for load balancing. ---Mike ------------------------------------------------------------------------ Mike Tancsa, tel +1 519 651 3400 Network Administrator, mike@sentex.net Sentex Communications www.sentex.net Cambridge, Ontario Canada To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Nov 23 7:37:51 1999 Delivered-To: freebsd-security@freebsd.org Received: from mail.xmission.com (mail.xmission.com [198.60.22.22]) by hub.freebsd.org (Postfix) with ESMTP id 49EA915083 for ; Tue, 23 Nov 1999 07:37:49 -0800 (PST) (envelope-from wes@softweyr.com) Received: from [204.68.178.39] (helo=softweyr.com) by mail.xmission.com with esmtp (Exim 3.03 #1) id 11qI0X-0000DR-00; Tue, 23 Nov 1999 08:37:30 -0700 Message-ID: <383AB4B8.1FB571F6@softweyr.com> Date: Tue, 23 Nov 1999 08:37:28 -0700 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.7 [en] (X11; U; FreeBSD 3.1-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: James Gill Cc: security@FreeBSD.ORG Subject: Re: Disabling FTP References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org James Gill wrote: > > Yes. First sencence, fourth word: newbie. Newbie to FreeBSD, newbie to > unix. I'm not a numbskull, I'm just not yet oriented to the > environment. That's OK, we like newbies to FreeBSD too. ;^) > ->Good for them, but it's not the newbies we primarily target methinks. > -> > > tell that to -advocacy. If they can't install it, they won't ever stay with it. The solution to this is to create install profiles, including a "clueless newbie" install that turns on everything but warns them this can be dangerous. A little doco that explains WHY it's dangerous wouldn't hurt. > Once I got FreeBSD installed the first thing I wanted to know was how to > make it do what I wanted it to do. So I started learning how to config my > account, mail tools, desktop, and eventually DNS. Somewhere after that > comes Mail (Qmail methinks), Webserver (Apache), and then maybe an FTP > server (?). I have yet to touch the inetd.conf but I have used FTP daily > to transfer files between boxes. Not at all unusual, I suspect. Most newbies to the UNIX environment aren't going to know what a great tool ssh (and scp) are, or that they're easier to use than ftp, telnet, etc., once configured with keys. We should view this as an opportunity to teach the newbies, rather than cramming something down their throats. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Nov 23 7:55:28 1999 Delivered-To: freebsd-security@freebsd.org Received: from lambic.physics.montana.edu (lambic.physics.montana.edu [153.90.192.128]) by hub.freebsd.org (Postfix) with ESMTP id 079BA14BD7 for ; Tue, 23 Nov 1999 07:55:15 -0800 (PST) (envelope-from handy@lambic.physics.montana.edu) Received: from localhost (handy@localhost) by lambic.physics.montana.edu (8.9.3/8.9.3) with ESMTP id IAA11309; Tue, 23 Nov 1999 08:53:06 -0700 (MST) (envelope-from handy@lambic.physics.montana.edu) Date: Tue, 23 Nov 1999 08:53:06 -0700 (MST) From: Brian Handy To: Wes Peters Cc: James Gill , security@FreeBSD.ORG Subject: Re: Disabling FTP In-Reply-To: <383AB4B8.1FB571F6@softweyr.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >> tell that to -advocacy. > >If they can't install it, they won't ever stay with it. The solution to >this is to create install profiles, including a "clueless newbie" install >that turns on everything but warns them this can be dangerous. A little >doco that explains WHY it's dangerous wouldn't hurt. Seems to me the solution is even simpler than that -- there's a question in the [emphasis] "NOVICE" [/emphasis] install that asks if you want to turn on anonymous ftp. Why not just extend that a bit to ask if you want ftpd turned on at all, and put the appropriate hook in rc.conf like we do with so many other things? Brian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Nov 23 13:28:12 1999 Delivered-To: freebsd-security@freebsd.org Received: from alcanet.com.au (border.alcanet.com.au [203.62.196.10]) by hub.freebsd.org (Postfix) with ESMTP id 0A80B15415 for ; Tue, 23 Nov 1999 13:28:02 -0800 (PST) (envelope-from jeremyp@gsmx07.alcatel.com.au) Received: by border.alcanet.com.au id <40336>; Wed, 24 Nov 1999 08:19:35 +1100 Content-return: prohibited Date: Wed, 24 Nov 1999 08:26:25 +1100 From: Peter Jeremy Subject: Re: Disabling FTP (was Re: Why not sandbox BIND?) In-reply-to: To: "Mr. K." Cc: security@FreeBSD.ORG Reply-To: peter.jeremy@alcatel.com.au Message-Id: <99Nov24.081935est.40336@border.alcanet.com.au> MIME-version: 1.0 X-Mailer: Mutt 1.0pre3i Content-type: text/plain; charset=us-ascii References: <38392E75.860D36D@vangelderen.org> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 1999-Nov-23 02:19:51 +1100, Mr. K. wrote: >> > I think it seems clear by now that people on both sides of the trenches of >> > this debate have hunkered in, and won't budge. Linux distributors Red Hat >> > and Mandrake solved the issue by presenting the user an option at install >> > time similar to "do you want server/workstation/custom machine". I vote >> > that we do something similar; just present the user an option at install >> > time. I don't think anyone has objections to this solution. >> >> Sounds fine: >> [x] newbie mode >> ;-) >> > >Would this be hard to do? Not particularly hard. > Could someone give me a pointer of where I >could look to find out how to change the install procedure? /usr/src/release/sysinstall/install.c currently prompts "Do you want to allow anonymous FTP connections to this machine?" It would be fairly simple to add a couple of additional questions before this point "Do you want to allow {FTP,TELNET,...} connections to this machine?", and edit inetd.conf appropriately. You should also make relevant changes to the help files. Peter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Nov 23 14:21:12 1999 Delivered-To: freebsd-security@freebsd.org Received: from mail.ulstu.ru (ns.ulstu.ru [62.76.34.36]) by hub.freebsd.org (Postfix) with ESMTP id 425121546C for ; Tue, 23 Nov 1999 14:20:50 -0800 (PST) (envelope-from vlad@high.net.ru) Received: from hq.spc.high ([195.151.42.225]) by mail.ulstu.ru (8.8.5-MVC-230198/8.8.7) with ESMTP id BAA81456 for ; Wed, 24 Nov 1999 01:20:31 +0300 (MSK) (envelope-from vlad@high.net.ru) Received: by hq.spc.high (Postfix, from userid 1000) id 2838D23E; Tue, 23 Nov 1999 23:57:40 +0300 (MSK) Date: Tue, 23 Nov 1999 23:57:39 +0300 From: Vlad Skvortsov To: freebsd-security@freebsd.org Subject: bind vulnerabilities Message-ID: <19991123235738.D595@high.net.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0pre3i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Sorry for probably a bit stupid question (I've been out of lists for a while). Are patches for named already in -current or -stable ? -- Vlad Skvortsov, vss@ulstu.ru, vlad@high.net.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Nov 23 15: 4:15 1999 Delivered-To: freebsd-security@freebsd.org Received: from sand2.sentex.ca (sand2.sentex.ca [209.167.248.3]) by hub.freebsd.org (Postfix) with ESMTP id D0F8815254; Tue, 23 Nov 1999 15:04:06 -0800 (PST) (envelope-from mike@sentex.net) Received: from gravel (ospf-mdt.sentex.net [205.211.164.81]) by sand2.sentex.ca (8.8.8/8.8.8) with SMTP id SAA21030; Tue, 23 Nov 1999 18:02:07 -0500 (EST) (envelope-from mike@sentex.net) Message-Id: <4.1.19991123175926.04d892f0@granite.sentex.ca> X-Sender: mdtancsa@granite.sentex.ca X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Tue, 23 Nov 1999 18:02:05 -0500 To: Vlad Skvortsov , freebsd-security@FreeBSD.ORG From: Mike Tancsa Subject: Re: bind vulnerabilities Cc: current@FreeBSD.ORG In-Reply-To: <19991123235738.D595@high.net.ru> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 03:57 PM 11/23/99 , Vlad Skvortsov wrote: > Sorry for probably a bit stupid question (I've been out of lists for > a while). Are patches for named already in -current or -stable ? > No they have not to either. Use it out of the ports. Be sure to adjust named-xfer "/usr/local/libexec/named-xfer"; // _PATH_XFER accordingly in your named.conf file. This raises a question, why has the new BIND not been committed to current at least ? I am not complaining, just curious as to the rationale ? ---Mike ********************************************************************** Mike Tancsa, Network Admin * mike@sentex.net Sentex Communications Corp, * http://www.sentex.net/mike Cambridge, Ontario * 519 651 3400 Canada * To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Nov 23 15:14:36 1999 Delivered-To: freebsd-security@freebsd.org Received: from ind.alcatel.com (postal.xylan.com [208.8.0.248]) by hub.freebsd.org (Postfix) with ESMTP id C203E14A17 for ; Tue, 23 Nov 1999 15:14:34 -0800 (PST) (envelope-from wes@softweyr.com) Received: from mailhub.xylan.com (mailhub [198.206.181.70]) by ind.alcatel.com (8.9.3+Sun/8.9.1 (ind.alcatel.com 3.0 [OUT])) with SMTP id PAA23803; Tue, 23 Nov 1999 15:13:20 -0800 (PST) X-Origination-Site: Received: from omni.xylan.com by mailhub.xylan.com (SMI-8.6/SMI-SVR4 (mailhub 2.1 [HUB])) id PAA06043; Tue, 23 Nov 1999 15:13:20 -0800 Received: from softweyr.com (dyn0.utah.xylan.com) by omni.xylan.com (4.1/SMI-4.1 (xylan engr [SPOOL])) id AA26281; Tue, 23 Nov 99 15:13:16 PST Message-Id: <383B1F8C.60DC2726@softweyr.com> Date: Tue, 23 Nov 1999 16:13:16 -0700 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.7 [en] (X11; U; FreeBSD 3.1-RELEASE i386) X-Accept-Language: en Mime-Version: 1.0 To: Brian Handy Cc: James Gill , security@FreeBSD.ORG Subject: Re: Disabling FTP References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Brian Handy wrote: > > >> tell that to -advocacy. > > > >If they can't install it, they won't ever stay with it. The solution to > >this is to create install profiles, including a "clueless newbie" install > >that turns on everything but warns them this can be dangerous. A little > >doco that explains WHY it's dangerous wouldn't hurt. > > Seems to me the solution is even simpler than that -- there's a question > in the [emphasis] "NOVICE" [/emphasis] install that asks if you want to > turn on anonymous ftp. Why not just extend that a bit to ask if you want > ftpd turned on at all, and put the appropriate hook in rc.conf like we do > with so many other things? There may be as many as 20 little knobs to turn on and off; this is NOT going to SIMPLIFY the install. At a glance, ftp, telnet, shell, login, finger, ntalk, ident, and smtp are all ones to put in the Q&A, and that's just glancing through /etc/inetd.conf quickly. A newbie isn't going to know what to do about any of them. So, you give them a button that says "I'm a newbie, let me install an OPEN system" and then point them at a document that tells them what the differences between the "Newbie OPEN" install and the "Expert Closed" install are, and why they differ. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Nov 23 15:23: 4 1999 Delivered-To: freebsd-security@freebsd.org Received: from isr4033.urh.uiuc.edu (isr4033.urh.uiuc.edu [130.126.208.49]) by hub.freebsd.org (Postfix) with SMTP id 4E4F115436 for ; Tue, 23 Nov 1999 15:22:59 -0800 (PST) (envelope-from ftobin@uiuc.edu) Received: (qmail 32098 invoked by uid 1000); 23 Nov 1999 23:21:51 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 23 Nov 1999 23:21:51 -0000 Date: Tue, 23 Nov 1999 17:21:51 -0600 (CST) From: Frank Tobin X-Sender: ftobin@isr4033.urh.uiuc.edu To: security@FreeBSD.ORG Subject: Re: Disabling FTP In-Reply-To: <383B1F8C.60DC2726@softweyr.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Wes Peters, at 16:13 on Tue, 23 Nov 1999, wrote: > There may be as many as 20 little knobs to turn on and off; this is NOT > going to SIMPLIFY the install. At a glance, ftp, telnet, shell, login, > finger, ntalk, ident, and smtp are all ones to put in the Q&A, and that's > just glancing through /etc/inetd.conf quickly. A newbie isn't going to > know what to do about any of them. So, you give them a button that says > "I'm a newbie, let me install an OPEN system" and then point them at a > document that tells them what the differences between the "Newbie OPEN" > install and the "Expert Closed" install are, and why they differ. I aagree with Wes; we're not trying to configure the entire system during install; rather, it seems we would like to choose from one of two inetd.conf's, one that has services enabled, and one that doesn't. And let's please not use demeaning radio boxes like "newbie open" and "expert closed"; rather something along the lines of "services open (recommended for novices)" and "services closed (recommended for minimal security risk)". -- Frank Tobin http://www.neverending.org/~ftobin/ "To learn what is good and what is to be valued, those truths which cannot be shaken or changed." Myst: The Book of Atrus OpenPGP: 4F86 3BBB A816 6F0A 340F 6003 56FF D10A 260C 4FA3 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Nov 23 15:57: 1 1999 Delivered-To: freebsd-security@freebsd.org Received: from critter.freebsd.dk (critter.freebsd.dk [212.242.40.131]) by hub.freebsd.org (Postfix) with ESMTP id 287C81542A; Tue, 23 Nov 1999 15:56:55 -0800 (PST) (envelope-from phk@critter.freebsd.dk) Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.9.3/8.9.2) with ESMTP id AAA31377; Wed, 24 Nov 1999 00:54:16 +0100 (CET) (envelope-from phk@critter.freebsd.dk) To: Brian Somers Cc: Dan Nelson , Forrest Aldrich , freebsd-current@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: ps on 4.0-current In-reply-to: Your message of "Tue, 23 Nov 1999 23:52:49 GMT." <199911232352.XAA01547@hak.lan.Awfulhak.org> Date: Wed, 24 Nov 1999 00:54:15 +0100 Message-ID: <31375.943401255@critter.freebsd.dk> From: Poul-Henning Kamp Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <199911232352.XAA01547@hak.lan.Awfulhak.org>, Brian Somers writes: >> In the last episode (Nov 23), Brian Somers said: >> > $ ps jtva >> > USER PID PPID PGID SESS JOBC STAT TT TIME COMMAND >> > root 222 1 222 9dac40 0 Is+ va 0:00.01 (getty) >> > $ sudo ps jtva >> > USER PID PPID PGID SESS JOBC STAT TT TIME COMMAND >> > root 222 1 222 9dac40 0 Is+ va 0:00.01 /usr/libexec/getty Pc tt >> > $ head -1 /etc/motd >> > FreeBSD 4.0-CURRENT (HAK) #9: Mon Nov 22 01:09:55 GMT 1999 >> > >> > This looks a bit wrong.... >> >> Now that does look weird. After a bit more investigation, it looks >> like you can only get the full commandline of your own processes. Root >> can see all commandlines. >Any comments Poul ? Is this anything to do with the recent command >line buffering ? Yes, I changed it to this behaviour at warners asking (I think he had the security-meister hard-hat on at the time). I'm personally leaning towards the opinion that the argv is public property and should be visible, but then again, I can see the point in hiding it in some circumstances. I'll stick a sysctl in there which defaults to the "open" position and people who need to hide it can set it to "close" to do so. Will this satisfy everybody ? Warner ? -- Poul-Henning Kamp FreeBSD coreteam member phk@FreeBSD.ORG "Real hackers run -current on their laptop." FreeBSD -- It will take a long time before progress goes too far! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Nov 23 18:58:31 1999 Delivered-To: freebsd-security@freebsd.org Received: from ind.alcatel.com (postal.xylan.com [208.8.0.248]) by hub.freebsd.org (Postfix) with ESMTP id 020DB150BF for ; Tue, 23 Nov 1999 18:58:28 -0800 (PST) (envelope-from wes@softweyr.com) Received: from mailhub.xylan.com (mailhub [198.206.181.70]) by ind.alcatel.com (8.9.3+Sun/8.9.1 (ind.alcatel.com 3.0 [OUT])) with SMTP id SAA26454; Tue, 23 Nov 1999 18:56:28 -0800 (PST) X-Origination-Site: Received: from omni.xylan.com by mailhub.xylan.com (SMI-8.6/SMI-SVR4 (mailhub 2.1 [HUB])) id SAA23171; Tue, 23 Nov 1999 18:56:28 -0800 Received: from softweyr.com (dyn0.utah.xylan.com) by omni.xylan.com (4.1/SMI-4.1 (xylan engr [SPOOL])) id AA08320; Tue, 23 Nov 99 18:56:26 PST Message-Id: <383B53DA.1A8D7A65@softweyr.com> Date: Tue, 23 Nov 1999 19:56:26 -0700 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.7 [en] (X11; U; FreeBSD 3.1-RELEASE i386) X-Accept-Language: en Mime-Version: 1.0 To: Frank Tobin Cc: security@FreeBSD.ORG Subject: Re: Disabling FTP References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Frank Tobin wrote: > > Wes Peters, at 16:13 on Tue, 23 Nov 1999, wrote: > > > There may be as many as 20 little knobs to turn on and off; this is NOT > > going to SIMPLIFY the install. At a glance, ftp, telnet, shell, login, > > finger, ntalk, ident, and smtp are all ones to put in the Q&A, and that's > > just glancing through /etc/inetd.conf quickly. A newbie isn't going to > > know what to do about any of them. So, you give them a button that says > > "I'm a newbie, let me install an OPEN system" and then point them at a > > document that tells them what the differences between the "Newbie OPEN" > > install and the "Expert Closed" install are, and why they differ. > > I aagree with Wes; we're not trying to configure the entire system during > install; rather, it seems we would like to choose from one of two > inetd.conf's, one that has services enabled, and one that doesn't. And > let's please not use demeaning radio boxes like "newbie open" and "expert > closed"; rather something along the lines of "services open (recommended > for novices)" and "services closed (recommended for minimal security > risk)". Well, I didn't mean to put: +-----------------------------------------+ | Select Installation Cluefulness | | | | [ ] Clueless Newbie, No Security | | | | [ ] UNIX God, I'll Expose Myself | | | | +------+ | | | OK | | | +------+ | +-----------------------------------------+ in the installation, regardless of how amusing it might be. ;^) I meant something more along the lines of the following in the "Beginner" installation track. (Which, by the way, I always use, and I've installed every version of FreeBSD except 2.2.8) +------------------------------------------------------------------+ | Select Installation Mode | | | | A "standard" UNIX installation includes a number of network | | services that may leave your system open to intruders. Some of | | these services are quite useful, but have insecure features like | | sending passwords across the network unencrypted. At this point | | you may choose to enable the standard complement of services, or | | you may choose to configure to use only the "ssh" protocol, | | which provides for secure remote login and file transfers. | | | | The differences between the two installations are outlined in | | /usr/share/doc/install/security.txt, and in Section X.Y of the | | FreeBSD Handbook. You may install the system securely and then | | enable the features you need, or install it open and disable the | | features you do not require. | | | | [ ] Standard network services enabled | | | | [ ] Secure installation | | | | +------+ | | | OK | | | +------+ | +------------------------------------------------------------------+ I don't think this needs to be in any of the other installation paths; for the "experts" we should just chose one of the two above. Now we can argue about which one that might be. ;^) -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Nov 23 19:16:24 1999 Delivered-To: freebsd-security@freebsd.org Received: from forrie.net (forrie.net [216.67.12.69]) by hub.freebsd.org (Postfix) with ESMTP id 9BDD415188; Tue, 23 Nov 1999 19:16:12 -0800 (PST) (envelope-from forrie@forrie.com) Received: from Forrest (getbent@forrie.ne.mediaone.net [24.128.72.15]) by forrie.net (8.9.3/8.9.3) with ESMTP id WAA04353; Tue, 23 Nov 1999 22:14:46 -0500 (EST) Message-Id: <4.2.2.19991123220915.00ab0c00@216.67.12.69> X-Sender: forrie@216.67.12.69 X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2 Date: Tue, 23 Nov 1999 22:10:44 -0500 To: freebsd-current@FreeBSD.ORG From: Forrest Aldrich Subject: Re: ps on 4.0-current Cc: security@FreeBSD.ORG In-Reply-To: <31375.943401255@critter.freebsd.dk> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I seem to recall that conversation here in the mailing list. How about a system configuration variable that determines what info like ps (and friends) can access? Personally, I would just prefer to leave it be. There are too many other potential problems with scripts and such that depend upon the info PS provides. *shrug* :) _F At 12:54 AM 11/24/99 +0100, Poul-Henning Kamp wrote: >In message <199911232352.XAA01547@hak.lan.Awfulhak.org>, Brian Somers writes: > >> In the last episode (Nov 23), Brian Somers said: > >> > $ ps jtva > >> > USER PID PPID PGID SESS JOBC STAT TT TIME COMMAND > >> > root 222 1 222 9dac40 0 Is+ va 0:00.01 (getty) > >> > $ sudo ps jtva > >> > USER PID PPID PGID SESS JOBC STAT TT TIME COMMAND > >> > root 222 1 222 9dac40 0 Is+ va 0:00.01 > /usr/libexec/getty Pc tt > >> > $ head -1 /etc/motd > >> > FreeBSD 4.0-CURRENT (HAK) #9: Mon Nov 22 01:09:55 GMT 1999 > >> > > >> > This looks a bit wrong.... > >> > >> Now that does look weird. After a bit more investigation, it looks > >> like you can only get the full commandline of your own processes. Root > >> can see all commandlines. > > >Any comments Poul ? Is this anything to do with the recent command > >line buffering ? > >Yes, I changed it to this behaviour at warners asking (I think he had >the security-meister hard-hat on at the time). > >I'm personally leaning towards the opinion that the argv is public >property and should be visible, but then again, I can see the point >in hiding it in some circumstances. > >I'll stick a sysctl in there which defaults to the "open" position >and people who need to hide it can set it to "close" to do so. > >Will this satisfy everybody ? > >Warner ? > >-- >Poul-Henning Kamp FreeBSD coreteam member >phk@FreeBSD.ORG "Real hackers run -current on their laptop." >FreeBSD -- It will take a long time before progress goes too far! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Nov 23 19:28:56 1999 Delivered-To: freebsd-security@freebsd.org Received: from cheddar.netmonger.net (cheddar.netmonger.net [209.54.21.140]) by hub.freebsd.org (Postfix) with ESMTP id 8C0C514E51; Tue, 23 Nov 1999 19:28:34 -0800 (PST) (envelope-from chris@cheddar.netmonger.net) Received: (from chris@localhost) by cheddar.netmonger.net (8.8.8/8.8.8) id WAA12875; Tue, 23 Nov 1999 22:28:14 -0500 (EST) Message-ID: <19991123222813.A12570@netmonger.net> Date: Tue, 23 Nov 1999 22:28:13 -0500 From: Christopher Masto To: Poul-Henning Kamp Cc: freebsd-current@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: ps on 4.0-current Mail-Followup-To: Poul-Henning Kamp , freebsd-current@FreeBSD.ORG, security@FreeBSD.ORG References: <199911232352.XAA01547@hak.lan.Awfulhak.org> <31375.943401255@critter.freebsd.dk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.91.1i In-Reply-To: <31375.943401255@critter.freebsd.dk>; from Poul-Henning Kamp on Wed, Nov 24, 1999 at 12:54:15AM +0100 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Nov 24, 1999 at 12:54:15AM +0100, Poul-Henning Kamp wrote: > I'm personally leaning towards the opinion that the argv is public > property and should be visible, but then again, I can see the point > in hiding it in some circumstances. > > I'll stick a sysctl in there which defaults to the "open" position > and people who need to hide it can set it to "close" to do so. Please. Thank you. Not everyone wears the sysadmin hat with the face shield and gas mask, as much as it may currently be in style. If it can work both ways, even better. -- Christopher Masto Senior Network Monkey NetMonger Communications chris@netmonger.net info@netmonger.net http://www.netmonger.net Free yourself, free your machine, free the daemon -- http://www.freebsd.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Nov 23 20:23:23 1999 Delivered-To: freebsd-security@freebsd.org Received: from alcanet.com.au (border.alcanet.com.au [203.62.196.10]) by hub.freebsd.org (Postfix) with ESMTP id AF655154EE for ; Tue, 23 Nov 1999 20:23:19 -0800 (PST) (envelope-from jeremyp@gsmx07.alcatel.com.au) Received: by border.alcanet.com.au id <40333>; Wed, 24 Nov 1999 15:15:34 +1100 Content-return: prohibited Date: Wed, 24 Nov 1999 15:22:07 +1100 From: Peter Jeremy Subject: Re: Disabling FTP In-reply-to: <383B53DA.1A8D7A65@softweyr.com> To: Wes Peters Cc: security@FreeBSD.ORG Reply-To: peter.jeremy@alcatel.com.au Message-Id: <99Nov24.151534est.40333@border.alcanet.com.au> MIME-version: 1.0 X-Mailer: Mutt 1.0pre3i Content-type: text/plain; charset=us-ascii References: <383B53DA.1A8D7A65@softweyr.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 1999-Nov-24 13:56:26 +1100, Wes Peters wrote: >I meant something more along the lines of the following in the "Beginner" >installation track. > +------------------------------------------------------------------+ > | Select Installation Mode | ... > | The differences between the two installations are outlined in | > | /usr/share/doc/install/security.txt, and in Section X.Y of the | > | FreeBSD Handbook. Which is a bit difficult to see until you've finished the install :-) `Press F1 for more details' would be nicer (though we're restricted in how much can be compressed onto a single floppy). > | [ ] Standard network services enabled | > | | > | [ ] Secure installation | | | | [ ] Custom service selection... | Which brings up another menu letting you turn on/off any of the inetd services and normal daemons (sendmail, bind, NTP) > Now we can argue about which one that might be. ;^) I prefer the green bikeshed, personally :-). Peter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Nov 23 21:21:43 1999 Delivered-To: freebsd-security@freebsd.org Received: from zippy.cdrom.com (zippy.cdrom.com [204.216.27.228]) by hub.freebsd.org (Postfix) with ESMTP id 732E714F51; Tue, 23 Nov 1999 21:21:40 -0800 (PST) (envelope-from jkh@zippy.cdrom.com) Received: from localhost (localhost [127.0.0.1]) by zippy.cdrom.com (8.9.3/8.9.3) with ESMTP id VAA04632; Tue, 23 Nov 1999 21:22:03 -0800 (PST) (envelope-from jkh@zippy.cdrom.com) To: Kris Kennaway Cc: security@FreeBSD.ORG Subject: Re: Overflow in banner(1) In-reply-to: Your message of "Tue, 23 Nov 1999 21:15:35 PST." Date: Tue, 23 Nov 1999 21:22:03 -0800 Message-ID: <4628.943420923@localhost> From: "Jordan K. Hubbard" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > I'll commit this tomorrow (just wanted to get in a 'first post!' :-).. Hahahah. Now that made me laugh. You go, Kris! :-) - Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Nov 23 23: 3: 3 1999 Delivered-To: freebsd-security@freebsd.org Received: from overcee.netplex.com.au (overcee.netplex.com.au [202.12.86.7]) by hub.freebsd.org (Postfix) with ESMTP id 9056915548; Tue, 23 Nov 1999 23:02:53 -0800 (PST) (envelope-from peter@netplex.com.au) Received: from netplex.com.au (localhost [127.0.0.1]) by overcee.netplex.com.au (Postfix) with ESMTP id 96DAD1C6D; Wed, 24 Nov 1999 15:02:52 +0800 (WST) (envelope-from peter@netplex.com.au) X-Mailer: exmh version 2.1.1 10/15/1999 To: Christopher Masto Cc: Poul-Henning Kamp , freebsd-current@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: ps on 4.0-current In-Reply-To: Message from Christopher Masto of "Tue, 23 Nov 1999 22:28:13 EST." <19991123222813.A12570@netmonger.net> Date: Wed, 24 Nov 1999 15:02:52 +0800 From: Peter Wemm Message-Id: <19991124070252.96DAD1C6D@overcee.netplex.com.au> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Christopher Masto wrote: > On Wed, Nov 24, 1999 at 12:54:15AM +0100, Poul-Henning Kamp wrote: > > I'm personally leaning towards the opinion that the argv is public > > property and should be visible, but then again, I can see the point > > in hiding it in some circumstances. > > > > I'll stick a sysctl in there which defaults to the "open" position > > and people who need to hide it can set it to "close" to do so. > > Please. Thank you. > > Not everyone wears the sysadmin hat with the face shield and gas mask, > as much as it may currently be in style. If it can work both ways, > even better. Definately! This is NOT AN ACCEPTABLE CHANGE BY DEFAULT! Cheers, -Peter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Nov 23 23:25:29 1999 Delivered-To: freebsd-security@freebsd.org Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2]) by hub.freebsd.org (Postfix) with ESMTP id 2FEFD14C8E; Tue, 23 Nov 1999 23:25:26 -0800 (PST) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.9.3/8.9.1) id XAA14764; Tue, 23 Nov 1999 23:23:20 -0800 (PST) (envelope-from dillon) Date: Tue, 23 Nov 1999 23:23:20 -0800 (PST) From: Matthew Dillon Message-Id: <199911240723.XAA14764@apollo.backplane.com> To: Peter Wemm Cc: Christopher Masto , Poul-Henning Kamp , freebsd-current@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: ps on 4.0-current References: <19991124070252.96DAD1C6D@overcee.netplex.com.au> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org :> > and people who need to hide it can set it to "close" to do so. :> :> Please. Thank you. :> :> Not everyone wears the sysadmin hat with the face shield and gas mask, :> as much as it may currently be in style. If it can work both ways, :> even better. : :Definately! This is NOT AN ACCEPTABLE CHANGE BY DEFAULT! : :Cheers, :-Peter I'm trying to figure out how what started as a fix to a panic turned into such a big mess. And I don't even think the panic has even been fixed --- it's just been made more obscure. There is a big difference between -e, which very few people use and which is an obvious security risk simply because people do not realize it is available, and displaying argv from a user-run ps which everyone is used to doing. When I first suggested removing -e I did so both for security reasons and because it would have been trivial to do. What we have at the moment is something entirely different. I would be for removing -e, but I would be adamantly opposed to restricting the display of command line arguments - not even with an opt-in sysctl. It's just added baggage. And I don't see much point in trying to make ps and top run faster. They are plenty fast enough already (well, maybe not top, but that's for other reasons unrelated to the display of command line arguments). ps *already* delves (or delved) into kvm to retrieve command line arguments only for processes not swapped out, meaning that running ps never causes processes or data to be swapped in unless you specify the 'f' option. In otherwords, nothing ps does blocks. I can't imagine how changing the way arguments are fetched by encumbering procfs with even more junk would generate a sufficient boost in performance to be either noticeable visually or worth doing at all. It would be nice if the procfs panics were fixed, but not at the cost of all of this. -Matt Matthew Dillon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Nov 24 0: 3:55 1999 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 64A76150BE; Wed, 24 Nov 1999 00:03:44 -0800 (PST) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id BAA12114; Wed, 24 Nov 1999 01:01:13 -0700 (MST) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id BAA19058; Wed, 24 Nov 1999 01:01:33 -0700 (MST) Message-Id: <199911240801.BAA19058@harmony.village.org> To: Poul-Henning Kamp Subject: Re: ps on 4.0-current Cc: freebsd-current@FreeBSD.ORG, security@FreeBSD.ORG In-reply-to: Your message of "Wed, 24 Nov 1999 00:54:15 +0100." <31375.943401255@critter.freebsd.dk> References: <31375.943401255@critter.freebsd.dk> Date: Wed, 24 Nov 1999 01:01:33 -0700 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <31375.943401255@critter.freebsd.dk> Poul-Henning Kamp writes: : Warner ? Like I've said in private mail to many different people on this issue, there needs to be a sysctl which controls this, and it needs to be open by default. There are many cases where unwanted information is disclosed inadvertantly by these arguments. It invades the privacy of the users to do so. I don't want anybody to find out that I'm sending mail to joe@greco.com because they can see my ps args, for example, or that my chat script is doing stupid things and putting the password on the command line. or if I'm aiding law enforcement looking for the string "SecreTTWarEzz" to see who is posting them from my machine, I don't want anyone to know what I'm looking for. People generally take care to not include sensitive information on the command line, but sometimes this can't be helped. Not all will agree with this, and it is a change from the past so there needs to be a sysctl to control this. And given that it is a radical change from the past, it needs to default to open. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Nov 24 0: 4:20 1999 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 399FB15180 for ; Wed, 24 Nov 1999 00:04:07 -0800 (PST) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id BAA12123; Wed, 24 Nov 1999 01:03:23 -0700 (MST) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id BAA19086; Wed, 24 Nov 1999 01:03:43 -0700 (MST) Message-Id: <199911240803.BAA19086@harmony.village.org> To: John Hay Subject: Re: Overflow in banner(1) Cc: security@FreeBSD.ORG In-reply-to: Your message of "Sat, 24 Nov 1999 09:58:51 +0200." <199911240758.JAA96963@zibbi.mikom.csir.co.za> References: <199911240758.JAA96963@zibbi.mikom.csir.co.za> Date: Wed, 24 Nov 1999 01:03:43 -0700 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <199911240758.JAA96963@zibbi.mikom.csir.co.za> John Hay writes: : > In message <19991123224424.B51939@dragon.nuxi.com> "David O'Brien" writes: : > : On Tue, Nov 23, 1999 at 09:15:35PM -0800, Kris Kennaway wrote: : > : > - (void)fgets(message, sizeof(message), stdin); : > : > + (void)fgets(message, MAXMSG, stdin); : > : : > : There is nothing wrong with the original line here. Please don't change : > : things that are fine just to change them. We don't want to ofuscate the fix. : > : > In fact, the original line is safer than the replaced line. It is : > safer because message's size might change form MAXMSG to MAXBUF or 24. : > If you hardwire MAXMSG like this, painful experience has shown that : > you will get burned. : : Well the original line is plain wrong if Brian's patch is being used, : because there message is a pointer and the size of a pointer is 4. But the line is wrong in kris' message because he has a fixed buffer. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Nov 24 0:11:44 1999 Delivered-To: freebsd-security@freebsd.org Received: from critter.freebsd.dk (critter.freebsd.dk [212.242.40.131]) by hub.freebsd.org (Postfix) with ESMTP id F273915115; Wed, 24 Nov 1999 00:11:37 -0800 (PST) (envelope-from phk@critter.freebsd.dk) Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.9.3/8.9.2) with ESMTP id JAA33191; Wed, 24 Nov 1999 09:11:20 +0100 (CET) (envelope-from phk@critter.freebsd.dk) To: Warner Losh Cc: freebsd-current@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: ps on 4.0-current In-reply-to: Your message of "Wed, 24 Nov 1999 01:01:33 MST." <199911240801.BAA19058@harmony.village.org> Date: Wed, 24 Nov 1999 09:11:20 +0100 Message-ID: <33189.943431080@critter.freebsd.dk> From: Poul-Henning Kamp Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <199911240801.BAA19058@harmony.village.org>, Warner Losh writes: >Not all will agree with this, and it is a change from the past so >there needs to be a sysctl to control this. And given that it is a >radical change from the past, it needs to default to open. Now, I can't tell if you wore the security-master hard-hat in this email or not, and I see some quite divergent australian positions, so I will sit tight until I see a little bit more of a consensus. Poul-Henning -- Poul-Henning Kamp FreeBSD coreteam member phk@FreeBSD.ORG "Real hackers run -current on their laptop." FreeBSD -- It will take a long time before progress goes too far! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Nov 24 0:16:45 1999 Delivered-To: freebsd-security@freebsd.org Received: from critter.freebsd.dk (critter.freebsd.dk [212.242.40.131]) by hub.freebsd.org (Postfix) with ESMTP id E61F815157; Wed, 24 Nov 1999 00:16:36 -0800 (PST) (envelope-from phk@critter.freebsd.dk) Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.9.3/8.9.2) with ESMTP id JAA33219; Wed, 24 Nov 1999 09:15:06 +0100 (CET) (envelope-from phk@critter.freebsd.dk) To: Matthew Dillon Cc: Peter Wemm , Christopher Masto , freebsd-current@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: ps on 4.0-current In-reply-to: Your message of "Tue, 23 Nov 1999 23:23:20 PST." <199911240723.XAA14764@apollo.backplane.com> Date: Wed, 24 Nov 1999 09:15:06 +0100 Message-ID: <33217.943431306@critter.freebsd.dk> From: Poul-Henning Kamp Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <199911240723.XAA14764@apollo.backplane.com>, Matthew Dillon writes: > I'm trying to figure out how what started as a fix to a panic turned into > such a big mess. And I don't even think the panic has even been fixed --- > it's just been made more obscure. The panic hasn't been fixed, as has been repeatedly stated, but at least a SMP machine doesn't panic when you run the 3rd command they teach you in any "UNIX for dummies" book. > In otherwords, nothing ps does blocks. I can't imagine how changing > the way arguments are fetched by encumbering procfs with even more > junk would generate a sufficient boost in performance to be either > noticeable visually or worth doing at all. Matt, lets talk about this when you have examined the code in some detail. > It would be nice if the procfs panics were fixed, but not at the cost > of all of this. The procfs panics are not fixed, I know that Allan Cox has looked at it. Poul-Henning -- Poul-Henning Kamp FreeBSD coreteam member phk@FreeBSD.ORG "Real hackers run -current on their laptop." FreeBSD -- It will take a long time before progress goes too far! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Nov 24 1: 5:36 1999 Delivered-To: freebsd-security@freebsd.org Received: from overcee.netplex.com.au (overcee.netplex.com.au [202.12.86.7]) by hub.freebsd.org (Postfix) with ESMTP id 97AA514D3F; Wed, 24 Nov 1999 01:05:28 -0800 (PST) (envelope-from peter@netplex.com.au) Received: from netplex.com.au (localhost [127.0.0.1]) by overcee.netplex.com.au (Postfix) with ESMTP id 9689C1C6D; Wed, 24 Nov 1999 17:05:23 +0800 (WST) (envelope-from peter@netplex.com.au) X-Mailer: exmh version 2.1.1 10/15/1999 To: Warner Losh Cc: Poul-Henning Kamp , freebsd-current@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: ps on 4.0-current In-Reply-To: Message from Warner Losh of "Wed, 24 Nov 1999 01:01:33 MST." <199911240801.BAA19058@harmony.village.org> Date: Wed, 24 Nov 1999 17:05:23 +0800 From: Peter Wemm Message-Id: <19991124090523.9689C1C6D@overcee.netplex.com.au> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Warner Losh wrote: > In message <31375.943401255@critter.freebsd.dk> Poul-Henning Kamp writes: > : Warner ? [.. reasons for and against ..] > Not all will agree with this, and it is a change from the past so > there needs to be a sysctl to control this. And given that it is a > radical change from the past, it needs to default to open. > > Warner Without wanting to get "please send patches" (I fear sysinstall as much as anyone), I think it would be really nice to create a place where we can set a default 'security profile' or something which arranges for these sorts of things to be set according to the role of the machine. For example, in "workstation" mode, the reasonable default is "open", because typically there is one user on the box (other than root) and that person has root access. Excessive hiding info from that user just means that they'll have to use root more, or will give up the idea of using a mortal user entirely and run everything as root (a Really Bad idea, think of Windoze and viruses etc etc). In a dedicated server role, again it might be appropriate to default it to "open" (dedicated server being something like a squid box), again there will be a couple of sysadmin type users or people who have to monitor things. Hiding information gains nothing there either. In other roles, including something like a shell server box with presumably hostile users (you reasonably have to assume this), you want everything you possibly can to be locked down. Oh for ACL's, privilige attributes, etc. It would solve this sort of thing nicely so that you could allow admin users to see what's going on (including a ps -ax and see what the users are running) without having to constantly (ab)use root and the dangers of overusing that. Cheers, -Peter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Nov 24 5:54:33 1999 Delivered-To: freebsd-security@freebsd.org Received: from postman.lipetsk.ru (postman.lipetsk.ru [195.34.224.68]) by hub.freebsd.org (Postfix) with ESMTP id 7A226150E5 for ; Wed, 24 Nov 1999 05:54:29 -0800 (PST) (envelope-from skynick@stu.lipetsk.su) Received: from lstu by relay.lipetsk.ru with UUCP id <16990-8897>; Wed, 24 Nov 1999 16:52:55 +0300 Received: from corsair.stu.lipetsk.ru (root@corsair.lstu [192.168.15.51]) by maverick.stu.int (8.9.3/8.8.5) with ESMTP id QAA02104 for Wed, 24 Nov 1999 16:51:19 +0300 (MSK) Received: from skynick (root@loopback [127.0.0.1]) by corsair.stu.lipetsk.ru (8.9.3/8.9.2) with SMTP id QAA23057 for ; Wed, 24 Nov 1999 16:51:13 +0300 (MSK) (envelope-from skynick@stu.lipetsk.su) Message-ID: <007801bf3682$fca3e0f0$131fa8c0@skynick.am.lstu> From: "Nick A. Leuta" To: Subject: Re: Disabling FTP (was Re: Why not sandbox BIND?) Date: Wed, 24 Nov 1999 16:51:19 +0300 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.2106.4 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 22 Nov 1999 00:47:35 -0500, Jonathan Chen said: >1) ftpd/telnetd, by themselves, does not give unwanted guests a window of > entry any more than sshd. >3) People who have no need to use ftpd (or telnetd) does not use > ftpd/telnetd. Thus, cleartext password is never transmitted over these > protocols. Hmm... Ftp/telnet is not only services what usually needed... And ssh not only the way to resolve problems with sniffing danger... The security of standard protocols like telnet/ftp/pop3/smtp/etc can be improved by using SSL/TLS (OpenSSL presents in ports), for example telnets/pop3s/smtps... SSLTelnet (client and daemon) presents in ports, pop3 and smtp (telnet also) can be wrapped through any ssl wrapper (stunnel, bjorb presents in ports too, of course... :-) ). Also there are SSLftp (ftpd and client with ssl support), it does not present in ports, but it possible to patch standard FreeBSD ftpd or port SSLftp to FreeBSD... =================== * Paranoya is a professional illness of system administrators SkyNick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Nov 24 8: 1:19 1999 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id E6C661525E; Wed, 24 Nov 1999 08:01:00 -0800 (PST) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id JAA13435; Wed, 24 Nov 1999 09:00:57 -0700 (MST) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id JAA20734; Wed, 24 Nov 1999 09:01:20 -0700 (MST) Message-Id: <199911241601.JAA20734@harmony.village.org> To: Poul-Henning Kamp Subject: Re: ps on 4.0-current Cc: freebsd-current@FreeBSD.ORG, security@FreeBSD.ORG In-reply-to: Your message of "Wed, 24 Nov 1999 09:11:20 +0100." <33189.943431080@critter.freebsd.dk> References: <33189.943431080@critter.freebsd.dk> Date: Wed, 24 Nov 1999 09:01:20 -0700 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <33189.943431080@critter.freebsd.dk> Poul-Henning Kamp writes: : In message <199911240801.BAA19058@harmony.village.org>, Warner Losh writes: : : >Not all will agree with this, and it is a change from the past so : >there needs to be a sysctl to control this. And given that it is a : >radical change from the past, it needs to default to open. : : Now, I can't tell if you wore the security-master hard-hat in this : email or not, and I see some quite divergent australian positions, : so I will sit tight until I see a little bit more of a consensus. It was with my hat on, but lemme explain a little how I got here. Before the recent changes to ps, procfs used to not disclose the command line. When it was modified to be used with a ps that didn't need to be set[gu]id it lost this. I wanted to see it restored for those people that had depended on this, but realized that it would be unpopular (and unnecessary) for many people. As part of the change to restore the behavior, I wanted the sysctl. Now that it is half there, I'd like the other half to complete the picture. The reason that it was a big deal to me was that on the old system if you turned off the setuidness of ps, w, et al you would block disclosure of args/env vars, etc, but still have access to process lists. With the change, there was no way to do this which represented a weakening of the overall system on the whole, despite the strenth added by taking the setgid bit off ps. sef has sent me patches that I've not had a chance to review that appear to implement this. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Nov 24 8:12: 2 1999 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 49E9514E7C; Wed, 24 Nov 1999 08:11:46 -0800 (PST) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id JAA13471; Wed, 24 Nov 1999 09:11:40 -0700 (MST) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id JAA20799; Wed, 24 Nov 1999 09:12:02 -0700 (MST) Message-Id: <199911241612.JAA20799@harmony.village.org> To: Peter Wemm Subject: Re: ps on 4.0-current Cc: Poul-Henning Kamp , freebsd-current@FreeBSD.ORG, security@FreeBSD.ORG In-reply-to: Your message of "Wed, 24 Nov 1999 17:05:23 +0800." <19991124090523.9689C1C6D@overcee.netplex.com.au> References: <19991124090523.9689C1C6D@overcee.netplex.com.au> Date: Wed, 24 Nov 1999 09:12:02 -0700 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <19991124090523.9689C1C6D@overcee.netplex.com.au> Peter Wemm writes: : For example, in "workstation" mode, the reasonable default is "open", : because typically there is one user on the box (other than root) and that : person has root access. Excessive hiding info from that user just means : that they'll have to use root more, or will give up the idea of using a mortal : user entirely and run everything as root (a Really Bad idea, think of Windoze : and viruses etc etc). True. : In a dedicated server role, again it might be appropriate to default : it to "open" (dedicated server being something like a squid box), : again there will be a couple of sysadmin type users or people who : have to monitor things. Hiding information gains nothing there : either. I disagree with this, but that is because I've rarely seen a totally dedicated server. A simple fileserver that does nothing else would want to be open in this respect since few people have accounts. : In other roles, including something like a shell server box with presumably : hostile users (you reasonably have to assume this), you want everything you : possibly can to be locked down. Firewall, dialup boxes, dns servers, etc are good candidates to be locked down. : Oh for ACL's, privilige attributes, etc. It would solve this sort of thing : nicely so that you could allow admin users to see what's going on : (including a ps -ax and see what the users are running) without having to : constantly (ab)use root and the dangers of overusing that. sef suggested this be a procfs mount option. I think I like this more than the sysctl option, but don't strong opinion either way (sysctl is more like most of the rest of the system, while a mount option would be harder to change on the fly). Having it be a mount option would make it possible to have a GID that the files are "owned" by that could be 'operator' so that operators can see the args, and possibly other things. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Nov 24 8:18:13 1999 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 3A300152B1; Wed, 24 Nov 1999 08:18:02 -0800 (PST) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id JAA13506; Wed, 24 Nov 1999 09:17:37 -0700 (MST) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id JAA20883; Wed, 24 Nov 1999 09:18:01 -0700 (MST) Message-Id: <199911241618.JAA20883@harmony.village.org> Subject: Re: ps on 4.0-current To: freebsd-current@FreeBSD.ORG, security@FreeBSD.ORG In-reply-to: Your message of "Wed, 24 Nov 1999 09:01:20 MST." <199911241601.JAA20734@harmony.village.org> References: <199911241601.JAA20734@harmony.village.org> <33189.943431080@critter.freebsd.dk> Date: Wed, 24 Nov 1999 09:18:00 -0700 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <199911241601.JAA20734@harmony.village.org> Warner Losh writes: : sef has sent me patches that I've not had a chance to review that : appear to implement this. Actually, these patches do something else. My mistake for reading them before caffeine. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Nov 24 8:23:33 1999 Delivered-To: freebsd-security@freebsd.org Received: from pau-amma.whistle.com (pau-amma.whistle.com [207.76.205.64]) by hub.freebsd.org (Postfix) with ESMTP id AC1DD14FB9 for ; Wed, 24 Nov 1999 08:23:14 -0800 (PST) (envelope-from dhw@whistle.com) Received: (from dhw@localhost) by pau-amma.whistle.com (8.9.2/8.9.2) id IAA25297 for security@FreeBSD.ORG; Wed, 24 Nov 1999 08:22:53 -0800 (PST) Date: Wed, 24 Nov 1999 08:22:53 -0800 (PST) From: David Wolfskill Message-Id: <199911241622.IAA25297@pau-amma.whistle.com> To: security@FreeBSD.ORG Subject: Re: ps on 4.0-current In-Reply-To: <19991124090523.9689C1C6D@overcee.netplex.com.au> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Date: Wed, 24 Nov 1999 17:05:23 +0800 >From: Peter Wemm [Redirected only to -security, from -security & -current. dhw] >For example, in "workstation" mode, the reasonable default is "open", >because typically there is one user on the box (other than root) and that >person has root access.... >In a dedicated server role, again it might be appropriate to default it to >"open" (dedicated server being something like a squid box), again there will be >a couple of sysadmin type users or people who have to monitor things. Hiding >information gains nothing there either. Right, though I'd think that encouraging folks to address the matter of "services not offered" on the box in question would be A Good Thing. For example, our news server doesn't provide SMTP services. And my home NAT/firewall box rejects AUTH requests, accepts things I want it to, and drops everything else on the floor (to time out whenever). (Of course, I'd expect more experienced admins to tend toward this model anyway. But less experienced ones can often use a bit of guidance. Unfortunately, the less-experienced folk can be overwhelmed by the magnitude of text telling them how to do things....) >In other roles, including something like a shell server box with presumably >hostile users (you reasonably have to assume this), you want everything you >possibly can to be locked down. And *then* some! >Oh for ACL's, privilige attributes, etc. It would solve this sort of thing >nicely so that you could allow admin users to see what's going on >(including a ps -ax and see what the users are running) without having to >constantly (ab)use root and the dangers of overusing that. True, though it would seem that allowing certain capabilities based on membership in some (set of) group(s) could help just enough to get by -- that is, so that the lack of the ACLs &c. never gets quite so painful that someone gets around to writing code to fix it. :-{ Cheers, david -- David Wolfskill dhw@whistle.com UNIX System Administrator voice: (650) 577-7158 pager: (888) 347-0197 FAX: (650) 372-5915 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Nov 24 8:41:55 1999 Delivered-To: freebsd-security@freebsd.org Received: from norampac.com (norampac.com [207.164.26.36]) by hub.freebsd.org (Postfix) with SMTP id D1FC61522E for ; Wed, 24 Nov 1999 08:41:33 -0800 (PST) (envelope-from pccb@yahoo.com) Received: from yahoo.com ([191.1.50.105]) by HQ1.norampac.com; Wed, 24 Nov 1999 11:40:18 -0500 Message-ID: <383C13F2.D3285A71@yahoo.com> Date: Wed, 24 Nov 1999 11:36:02 -0500 From: Pierre Chiu Organization: Norampac Inc. X-Mailer: Mozilla 4.7 [en] (WinNT; U) X-Accept-Language: en MIME-Version: 1.0 To: security@FreeBSD.ORG Subject: NFS Question Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Just need to clarify something here. I read some articles that discuss how easy to hack a box running a mis-config NFS server or exploit some NFS holes. Based on that, for every new installation, I always enter "NO" for NFS during installation, and comment out the NFS file system in the kernel and recompile it. Now, am I going too far? Or the default installation is already secure? I don't have the answer and need some input. These days, a lot of freebsd boxes are standalone and there is no need to share filesystem with another *unix box. For those guys who need it, I am pretty sure they knew how to turn this baby on. Peace =) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Nov 24 9:21:13 1999 Delivered-To: freebsd-security@freebsd.org Received: from scaup.prod.itd.earthlink.net (scaup.prod.itd.earthlink.net [207.217.121.49]) by hub.freebsd.org (Postfix) with ESMTP id 4F76E15064 for ; Wed, 24 Nov 1999 09:21:04 -0800 (PST) (envelope-from prmoyer@mail.earthlink.net) Received: from mail.earthlink.net (ip181.wilmington3.de.pub-ip.psi.net [38.30.157.181]) by scaup.prod.itd.earthlink.net (8.9.3/8.9.3) with ESMTP id JAA26910; Wed, 24 Nov 1999 09:20:57 -0800 (PST) Message-Id: <199911241720.JAA26910@scaup.prod.itd.earthlink.net> From: "Philip R. Moyer" Reply-To: pmoyer@hyperon.com To: Pierre Chiu Cc: freebsd-security@freebsd.org Subject: Re: NFS Question In-reply-to: Your message of "Wed, 24 Nov 1999 11:36:02 EST." <383C13F2.D3285A71@yahoo.com> Date: Wed, 24 Nov 1999 12:21:57 -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Based on that, for every new installation, I always enter "NO" for NFS >during installation, and comment out the NFS file system in the kernel >and recompile it. > >Now, am I going too far? Or the default installation is already secure? >I don't have the answer and need some input. I don't think that's unreasonable at all. I never turn on NFS on any of my installations. Like I say when I'm teaching at conferences, NFS stands for "No Security". (Note - the following is based on Sun's NFS implementation, not BSD's.) The problems arise because of the authentication sequence. When you want to mount a remote filesystem, you first connect to mountd, which authenticates the remote connection and generates a filehandle. Then you connect to nfsd and present the filehandle that mountd generated. Unfortunately, the filehandles are a) sniffable, b) guessable, and c) never regenerated (*). That means that once you have access, you *always* have access, because you can store the valid filehandle and re-present it to mountd later. You can also spoof portmapper into requesting a filehandle for you, which is why your IDS/firewall/tcpdump will frequently see scans for portmapper/sunrpc services. (The idea being that the local machine usually has permission to mount its own filesystems, so the spoofed request via portmapper will succeed). * - This is an oversimplification, I realize. Now, I haven't tried these attacks against a generic FreeBSD box (Hmmmm, he says, eyeing the box on the floor that he's configuring) so I can't say if the out-of-box configuration is secure. You may have answered this yourself, though, when you said you don't need the service on your installations. If you don't need it, it doesn't hurt to not have it. Now I'm curious. How *does* the BSD NFS implementation work? I'll have to go grovel around and see if it's the same as I described above. Cheers, Phil Philip R. Moyer, CISSP V:302.235.2141 Senior Security Consultant F:302.996.5818 Hyperon Consulting (http://www.hyperon.com) E:pmoyer@hyperon.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Nov 24 9:30:29 1999 Delivered-To: freebsd-security@freebsd.org Received: from critter.freebsd.dk (critter.freebsd.dk [212.242.40.131]) by hub.freebsd.org (Postfix) with ESMTP id 2EE1E1506E; Wed, 24 Nov 1999 09:30:19 -0800 (PST) (envelope-from phk@critter.freebsd.dk) Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.9.3/8.9.2) with ESMTP id SAA35711; Wed, 24 Nov 1999 18:29:31 +0100 (CET) (envelope-from phk@critter.freebsd.dk) To: Warner Losh Cc: freebsd-current@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: ps on 4.0-current In-reply-to: Your message of "Wed, 24 Nov 1999 09:18:00 MST." <199911241618.JAA20883@harmony.village.org> Date: Wed, 24 Nov 1999 18:29:30 +0100 Message-ID: <35709.943464570@critter.freebsd.dk> From: Poul-Henning Kamp Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <199911241618.JAA20883@harmony.village.org>, Warner Losh writes: >In message <199911241601.JAA20734@harmony.village.org> Warner Losh writes: >: sef has sent me patches that I've not had a chance to review that >: appear to implement this. > >Actually, these patches do something else. My mistake for reading >them before caffeine. So please explain the logic you want implemented once people have stopped haggeling about it, it is rather trivial. I pressume we want the same policy for /proc/*/cmdline as for the sysctl ps(1) uses ? -- Poul-Henning Kamp FreeBSD coreteam member phk@FreeBSD.ORG "Real hackers run -current on their laptop." FreeBSD -- It will take a long time before progress goes too far! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Nov 24 9:48:15 1999 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id A100614F80; Wed, 24 Nov 1999 09:48:02 -0800 (PST) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id KAA13769; Wed, 24 Nov 1999 10:46:16 -0700 (MST) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id KAA21366; Wed, 24 Nov 1999 10:46:40 -0700 (MST) Message-Id: <199911241746.KAA21366@harmony.village.org> To: Poul-Henning Kamp Subject: Re: ps on 4.0-current Cc: freebsd-current@FreeBSD.ORG, security@FreeBSD.ORG In-reply-to: Your message of "Wed, 24 Nov 1999 18:29:30 +0100." <35709.943464570@critter.freebsd.dk> References: <35709.943464570@critter.freebsd.dk> Date: Wed, 24 Nov 1999 10:46:40 -0700 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <35709.943464570@critter.freebsd.dk> Poul-Henning Kamp writes: : So please explain the logic you want implemented once people have : stopped haggeling about it, it is rather trivial. OK. I'll likely state what I'd like to see as a patch. : I pressume we want the same policy for /proc/*/cmdline as for the : sysctl ps(1) uses ? Yes. I'll firm this up later today and send an exact proposal out so we can kill this. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Nov 24 9:53:13 1999 Delivered-To: freebsd-security@freebsd.org Received: from vinyl.sentex.ca (vinyl.sentex.ca [209.112.4.14]) by hub.freebsd.org (Postfix) with ESMTP id AD1C11525E for ; Wed, 24 Nov 1999 09:53:11 -0800 (PST) (envelope-from mike@sentex.net) Received: from granite.sentex.net (granite-atm.sentex.ca [209.112.4.1]) by vinyl.sentex.ca (8.9.3/8.9.3) with ESMTP id MAA55159 for ; Wed, 24 Nov 1999 12:52:31 -0500 (EST) (envelope-from mike@sentex.net) Received: from simoeon (simeon.sentex.ca [209.112.4.47]) by granite.sentex.net (8.8.8/8.6.9) with SMTP id MAA22269 for ; Wed, 24 Nov 1999 12:52:31 -0500 (EST) Message-Id: <3.0.5.32.19991124125057.01902100@staff.sentex.ca> X-Sender: mdtpop@staff.sentex.ca X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32) Date: Wed, 24 Nov 1999 12:50:57 -0500 To: freebsd-security@freebsd.org From: Mike Tancsa Subject: L2TP Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Has anyone connected to a Cisco or SMS-1000 using L2TP ? If so, how / what software did you use. Thanks, ---Mike ------------------------------------------------------------------------ Mike Tancsa, tel +1 519 651 3400 Network Administrator, mike@sentex.net Sentex Communications www.sentex.net Cambridge, Ontario Canada To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Nov 24 12: 3:19 1999 Delivered-To: freebsd-security@freebsd.org Received: from quasar.pucrs.br (quasar.pucrs.br [200.132.10.5]) by hub.freebsd.org (Postfix) with ESMTP id BD85B15082 for ; Wed, 24 Nov 1999 12:01:36 -0800 (PST) (envelope-from mwp@pucrs.br) Received: from pucrs.br (clapton.pucrs.br [200.132.13.11]) by quasar.pucrs.br (8.9.1a/8.9.1) with ESMTP id RAA57394 for ; Wed, 24 Nov 1999 17:59:30 -0300 Message-ID: <383C447A.934944D4@pucrs.br> Date: Wed, 24 Nov 1999 18:03:06 -0200 From: Mauricio Westendorff Pegoraro X-Mailer: Mozilla 4.5 [en] (X11; I; SunOS 5.7 sun4m) X-Accept-Language: en MIME-Version: 1.0 To: FreeBSD Security Subject: Squid conf in ipfw machine Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi. I'm trying to configure a squid proxy (v2) in a machine with ipfw. I'm getting the following messages: 1999/11/24 17:51:39| helperOpenServers: Starting 5 'dnsserver' processes 1999/11/24 17:51:39| commBind: Cannot bind socket FD 1 to 127.0.0.1:0: (49) Can't assign requested address 1999/11/24 17:51:39| commBind: Cannot bind socket FD 1 to 127.0.0.1:0: (49) Can't assign requested address 1999/11/24 17:51:39| ipcCreate: Failed to create child FD. 1999/11/24 17:51:39| WARNING: Cannot run '/usr/local/libexec/dnsserver' process. And this is my ipfw rules: 00100 allow ip from any to any via lo0 00200 deny ip from 127.0.0.0/8 to 127.0.0.0/8 00300 divert 8668 ip from any to any via xl0 00400 deny log tcp from any to any 6667-7180 via xl0 00500 deny log tcp from any to any 6667-7180 via fxp0 00600 deny log udp from any to any 4000 via xl0 00700 deny log udp from any to any 4000 via fxp0 00800 deny log ip from 192.168.0.0/16 to any in recv xl0 00900 deny log ip from 172.16.0.0/12 to any in recv xl0 01000 deny log ip from 10.0.0.0/8 to any in recv xl0 01100 deny log tcp from any to any 111 in recv xl0 01200 deny log tcp from any to any 8080 in recv xl0 65535 allow ip from any to any <---- this rule was set by my manager. I've nothing to do with this default... Anyone out there could tell me what is the basic mistake I'm doing? I have all services, except telnetd, closed in inetd.conf. Is there any problem in this? I mean, does squid need any service of inetd to run? Thanks for any help. MauricioWP. ----------------------------- Mauricio Westendorff Pegoraro PUCRS - Brazil Unix Team To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Nov 24 16:53:10 1999 Delivered-To: freebsd-security@freebsd.org Received: from ind.alcatel.com (postal.xylan.com [208.8.0.248]) by hub.freebsd.org (Postfix) with ESMTP id DD971152A6; Wed, 24 Nov 1999 16:52:57 -0800 (PST) (envelope-from wes@softweyr.com) Received: from mailhub.xylan.com (mailhub [198.206.181.70]) by ind.alcatel.com (8.9.3+Sun/8.9.1 (ind.alcatel.com 3.0 [OUT])) with SMTP id QAA12722; Wed, 24 Nov 1999 16:51:51 -0800 (PST) X-Origination-Site: Received: from omni.xylan.com by mailhub.xylan.com (SMI-8.6/SMI-SVR4 (mailhub 2.1 [HUB])) id QAA00469; Wed, 24 Nov 1999 16:51:51 -0800 Received: from softweyr.com (dyn0.utah.xylan.com) by omni.xylan.com (4.1/SMI-4.1 (xylan engr [SPOOL])) id AA16766; Wed, 24 Nov 99 16:51:47 PST Message-Id: <383C8823.8438567B@softweyr.com> Date: Wed, 24 Nov 1999 17:51:47 -0700 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.7 [en] (X11; U; FreeBSD 3.1-RELEASE i386) X-Accept-Language: en Mime-Version: 1.0 To: Warner Losh Cc: Peter Wemm , Poul-Henning Kamp , freebsd-current@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: ps on 4.0-current References: <19991124090523.9689C1C6D@overcee.netplex.com.au> <199911241612.JAA20799@harmony.village.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Warner Losh wrote: > > In message <19991124090523.9689C1C6D@overcee.netplex.com.au> Peter Wemm writes: > : > : In a dedicated server role, again it might be appropriate to default > : it to "open" (dedicated server being something like a squid box), > : again there will be a couple of sysadmin type users or people who > : have to monitor things. Hiding information gains nothing there > : either. > > I disagree with this, but that is because I've rarely seen a totally > dedicated server. A simple fileserver that does nothing else would > want to be open in this respect since few people have accounts. > > : In other roles, including something like a shell server box with presumably > : hostile users (you reasonably have to assume this), you want everything you > : possibly can to be locked down. > > Firewall, dialup boxes, dns servers, etc are good candidates to be > locked down. Firewall, web, dns, news, etc. servers are good candidates to be open because there should not be any "normal" user accounts on them, only administration accounts. And darned few of those. I think this is what Peter was getting at. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Nov 25 6:17:26 1999 Delivered-To: freebsd-security@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id 71ADA14BB7; Thu, 25 Nov 1999 06:17:24 -0800 (PST) (envelope-from cy@cschuber.net.gov.bc.ca) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id GAA12182; Thu, 25 Nov 1999 06:17:23 -0800 Received: from cschuber.net.gov.bc.ca(142.31.240.113), claiming to be "cwsys.cwsent.com" via SMTP by point.osg.gov.bc.ca, id smtpda12178; Thu Nov 25 06:17:05 1999 Received: (from uucp@localhost) by cwsys.cwsent.com (8.9.3/8.9.1) id GAA61801; Thu, 25 Nov 1999 06:17:03 -0800 (PST) Message-Id: <199911251417.GAA61801@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpdo57748; Thu Nov 25 06:16:04 1999 X-Mailer: exmh version 2.1.1 10/15/1999 Reply-To: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-OS: FreeBSD 3.3-RELEASE X-Sender: cy To: security-officer@freebsd.org Cc: freebsd-security@freebsd.org Subject: Sendmail Patch PR 15088 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Thu, 25 Nov 1999 06:16:02 -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Just an FYI. I've submitted PR 15088 to request the implementation of Gregory Shapiro's Sendmail aliases patch to plug a DoS hole. Any chance this could be committed before 3.4 is released? Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Sun/DEC Team, UNIX Group Internet: Cy.Schubert@uumail.gov.bc.ca ITSD Cy.Schubert@gems8.gov.bc.ca Province of BC "e**(i*pi)+1=0" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Nov 25 11:42:51 1999 Delivered-To: freebsd-security@freebsd.org Received: from critter.freebsd.dk (critter.freebsd.dk [212.242.40.131]) by hub.freebsd.org (Postfix) with ESMTP id B515114C86; Thu, 25 Nov 1999 11:42:40 -0800 (PST) (envelope-from phk@critter.freebsd.dk) Received: from critter.freebsd.dk (localhost [127.0.0.1]) by critter.freebsd.dk (8.9.3/8.9.2) with ESMTP id TAA00788; Thu, 25 Nov 1999 19:53:28 +0100 (CET) (envelope-from phk@critter.freebsd.dk) To: Warner Losh Cc: freebsd-current@freebsd.org, security@freebsd.org Subject: Re: ps on 4.0-current In-reply-to: Your message of "Wed, 24 Nov 1999 01:01:33 MST." <199911240801.BAA19058@harmony.village.org> Date: Thu, 25 Nov 1999 19:53:28 +0100 Message-ID: <786.943556008@critter.freebsd.dk> From: Poul-Henning Kamp Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org As I've understood the conclusion of this thread, we want a sysctl, and we want it open as default. This patch should do that. Once Warner nods in the vertical direction it will be committed. Poul-Henning Index: kern/kern_exec.c =================================================================== RCS file: /home/ncvs/src/sys/kern/kern_exec.c,v retrieving revision 1.103 diff -u -r1.103 kern_exec.c --- kern_exec.c 1999/11/16 20:31:51 1.103 +++ kern_exec.c 1999/11/25 18:32:41 @@ -77,6 +77,9 @@ SYSCTL_LONG(_kern, OID_AUTO, ps_arg_cache_limit, CTLFLAG_RW, &ps_arg_cache_limit, ""); +int ps_argsopen = 1; +SYSCTL_INT(_kern, OID_AUTO, ps_argsopen, CTLFLAG_RW, &ps_argsopen, 0, ""); + /* * Each of the items is a pointer to a `const struct execsw', hence the * double pointer here. Index: kern/kern_proc.c =================================================================== RCS file: /home/ncvs/src/sys/kern/kern_proc.c,v retrieving revision 1.61 diff -u -r1.61 kern_proc.c --- kern_proc.c 1999/11/21 19:03:09 1.61 +++ kern_proc.c 1999/11/25 18:31:51 @@ -633,7 +633,7 @@ if (!p) return (0); - if (p_trespass(curproc, p)) + if ((!ps_argsopen) && p_trespass(curproc, p)) return (0); if (req->newptr && curproc != p) Index: miscfs/procfs/procfs_status.c =================================================================== RCS file: /home/ncvs/src/sys/miscfs/procfs/procfs_status.c,v retrieving revision 1.18 diff -u -r1.18 procfs_status.c --- procfs_status.c 1999/11/21 19:03:19 1.18 +++ procfs_status.c 1999/11/25 18:32:22 @@ -183,7 +183,7 @@ * Linux behaviour is to return zero-length in this case. */ - if (p->p_args && !p_trespass(curp, p)) { + if (p->p_args && (ps_argsopen || !p_trespass(curp, p))) { bp = p->p_args->ar_args; buflen = p->p_args->ar_length; buf = 0; Index: sys/proc.h =================================================================== RCS file: /home/ncvs/src/sys/sys/proc.h,v retrieving revision 1.92 diff -u -r1.92 proc.h --- proc.h 1999/11/21 19:03:20 1.92 +++ proc.h 1999/11/25 18:31:16 @@ -384,6 +384,7 @@ extern int whichidqs; /* Bit mask summary of non-empty Q's. */ extern u_long ps_arg_cache_limit; +extern int ps_argsopen; struct proc *pfind __P((pid_t)); /* Find process by id. */ struct pgrp *pgfind __P((pid_t)); /* Find process group by id. */ -- Poul-Henning Kamp FreeBSD coreteam member phk@FreeBSD.ORG "Real hackers run -current on their laptop." FreeBSD -- It will take a long time before progress goes too far! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Nov 25 12: 2:50 1999 Delivered-To: freebsd-security@freebsd.org Received: from alcanet.com.au (border.alcanet.com.au [203.62.196.10]) by hub.freebsd.org (Postfix) with ESMTP id 780F114DD1 for ; Thu, 25 Nov 1999 12:02:45 -0800 (PST) (envelope-from jeremyp@gsmx07.alcatel.com.au) Received: by border.alcanet.com.au id <40324>; Fri, 26 Nov 1999 06:55:41 +1100 Content-return: prohibited Date: Fri, 26 Nov 1999 07:02:33 +1100 From: Peter Jeremy Subject: Port probing: TCP/37907 To: freebsd-security@FreeBSD.ORG Reply-To: peter.jeremy@alcatel.com.au Message-Id: <99Nov26.065541est.40324@border.alcanet.com.au> MIME-version: 1.0 X-Mailer: Mutt 1.0pre3i Content-type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Does anyone recognize a service that uses TCP/37907? It doesn't show up in /etc/services and looks a bit dodgy to me. Peter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Nov 25 17: 1:46 1999 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 2B95D14E2F; Thu, 25 Nov 1999 17:01:41 -0800 (PST) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id SAA18379; Thu, 25 Nov 1999 18:01:40 -0700 (MST) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id SAA00614; Thu, 25 Nov 1999 18:01:20 -0700 (MST) Message-Id: <199911260101.SAA00614@harmony.village.org> To: Poul-Henning Kamp Subject: Re: ps on 4.0-current Cc: freebsd-current@freebsd.org, security@freebsd.org In-reply-to: Your message of "Thu, 25 Nov 1999 19:53:28 +0100." <786.943556008@critter.freebsd.dk> References: <786.943556008@critter.freebsd.dk> Date: Thu, 25 Nov 1999 18:01:20 -0700 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <786.943556008@critter.freebsd.dk> Poul-Henning Kamp writes: : As I've understood the conclusion of this thread, we want a : sysctl, and we want it open as default. This patch should : do that. : : Once Warner nods in the vertical direction it will be committed. The head is oscillating with and against the gravity well of the planet earth while I'm in the standing position. Looks good to me. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Nov 26 0:43:46 1999 Delivered-To: freebsd-security@freebsd.org Received: from nic.mmc.net.ge (nic.mmc.net.ge [212.72.145.2]) by hub.freebsd.org (Postfix) with ESMTP id 787CC14F92 for ; Fri, 26 Nov 1999 00:43:39 -0800 (PST) (envelope-from dima@mmc.net.ge) Received: from mmc.net.ge (wondy.mmc.net.ge [212.72.145.9]) by nic.mmc.net.ge (8.9.3/8.9.3) with ESMTP id MAA35203 for ; Fri, 26 Nov 1999 12:43:33 +0500 (GET) Message-ID: <383E47D5.7B264ECB@mmc.net.ge> Date: Fri, 26 Nov 1999 12:41:57 +0400 From: Dima X-Mailer: Mozilla 4.7 [en] (Win95; I) X-Accept-Language: en,ru MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: Commands execution loging Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I have several users with shell (bash, sh) in my FreeBSD 3.2 system. I'd like to log all commands (for security reasons) they type and execute. Is there any possibility to pass all commands to syslog? I know about .bash_history and .history, but they are stored in users directory and without time of command execution, and I want to have records like "user time command". Dima To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Nov 26 0:51:46 1999 Delivered-To: freebsd-security@freebsd.org Received: from smtp.interact.se (smtp1.interact.se [193.15.98.9]) by hub.freebsd.org (Postfix) with ESMTP id D713A14F98 for ; Fri, 26 Nov 1999 00:51:42 -0800 (PST) (envelope-from je@interact.se) Received: from wolfie.interact.se (wolfie.interact.se [193.15.98.202]) by smtp.interact.se (InterACT Mailer) with ESMTP id JAA28337; Fri, 26 Nov 1999 09:52:58 +0100 (CET) Date: Fri, 26 Nov 1999 09:51:08 +0100 (CET) From: Jonas Eriksson To: Dima Cc: freebsd-security@FreeBSD.ORG Subject: Re: Commands execution loging In-Reply-To: <383E47D5.7B264ECB@mmc.net.ge> Message-ID: X-Mascot: Homer Simpson MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 26 Nov 1999, Dima wrote: > I have several users with shell (bash, sh) in my FreeBSD 3.2 system. I'd > like to log all commands (for security reasons) they type and execute. > Is there any possibility to pass all commands to syslog? I know about > .bash_history and .history, but they are stored in users directory and > without time of command execution, and I want to have records like > "user time command". Check accton(8) and lastcomm(1) You could also search for this subject in the maillinglist archives. -- Jonas Eriksson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Nov 26 1:13:51 1999 Delivered-To: freebsd-security@freebsd.org Received: from trinity.euromedia.pl (trinity.euromedia.pl [212.160.118.18]) by hub.freebsd.org (Postfix) with ESMTP id 6D00114DCB for ; Fri, 26 Nov 1999 01:13:41 -0800 (PST) (envelope-from ) Received: from pc4.euromedia.pl ([212.160.118.24]:3588 "EHLO pc4" ident: "NO-IDENT-SERVICE[2]" smtp-auth: "rafal" TLS-CIPHER: TLS-CCERT: ) by trinity.euromedia.pl with ESMTP id ; Fri, 26 Nov 1999 10:17:05 +0100 Message-ID: <000901bf37ee$8bf9a0c0$1876a0d4@euromedia.pl> From: =?iso-8859-1?Q?Rafa=B3_Banaszkiewicz?= To: "Dima" , References: <383E47D5.7B264ECB@mmc.net.ge> Subject: Odp: Commands execution loging Date: Fri, 26 Nov 1999 10:13:33 +0100 Organization: EMEDIA - Internet Content Provider MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2417.2000 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > I have several users with shell (bash, sh) in my FreeBSD 3.2 system. I'd > like to log all commands (for security reasons) they type and execute. > Is there any possibility to pass all commands to syslog? I know about > .bash_history and .history, but they are stored in users directory and > without time of command execution, and I want to have records like > "user time command". You have to turn on accounting (in example - in /etc/defaults/rc.conf file), so all user commands are logged into /var/account/acct , savacct , usracct > > Dima > /* signature.c */ void main() { printf("###\t###\t###\n\r# #\t# #\t# \n\r###\t###\t## \n\r# #\t# #\t# \n\r"); return; } To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Nov 26 7:21:30 1999 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id A365815060 for ; Fri, 26 Nov 1999 07:21:20 -0800 (PST) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id KAA50821; Fri, 26 Nov 1999 10:21:17 -0500 (EST) (envelope-from robert@cyrus.watson.org) Date: Fri, 26 Nov 1999 10:21:17 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: David Wolfskill Cc: security@FreeBSD.ORG Subject: Re: ps on 4.0-current In-Reply-To: <199911241622.IAA25297@pau-amma.whistle.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 24 Nov 1999, David Wolfskill wrote: > >Oh for ACL's, privilige attributes, etc. It would solve this sort of thing > >nicely so that you could allow admin users to see what's going on > >(including a ps -ax and see what the users are running) without having to > >constantly (ab)use root and the dangers of overusing that. > > True, though it would seem that allowing certain capabilities based on > membership in some (set of) group(s) could help just enough to get by -- > that is, so that the lack of the ACLs &c. never gets quite so painful > that someone gets around to writing code to fix it. :-{ The painful thing is getting ACLs into the underlying storage mechanism, not writing kernel ACL support -- I've finished the framework in the kernel, libraries, some userland utilities, and even default evaluation routines for file systems to call. I just don't want to screw around with FFS storage and soft updates :-). Given my current code, it would be easy to extend procfs to use the ACL support -- right now all file systems return EOPNOTSUPP for vop_getacl and vop_setacl, but you could easily tie a struct acl to the pnodes in procfs and set the default ACL on /proc in /etc/rc.something -- all children could inherit that ACL and the permissions would be set correctly (i.e., u::rwx, g:operator:rx, etc). I'll tar up my existing ACL code and make it available sometime this evening -- it'll be downloadable from http://www.watson.org/fbsd-hardening/posix1e/acl currently not useful for anyone but someone wanting to modify file systems to support ACLs :-) Also, it's modulo 3.3-RELEASE as 4.0-CURRENT was way too unstable when I started work. Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Nov 26 7:44:42 1999 Delivered-To: freebsd-security@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id BBE1014BE6 for ; Fri, 26 Nov 1999 07:44:33 -0800 (PST) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.3/8.9.3) id KAA60836; Fri, 26 Nov 1999 10:44:22 -0500 (EST) (envelope-from wollman) Date: Fri, 26 Nov 1999 10:44:22 -0500 (EST) From: Garrett Wollman Message-Id: <199911261544.KAA60836@khavrinen.lcs.mit.edu> To: Robert Watson Cc: David Wolfskill , security@FreeBSD.ORG Subject: Re: ps on 4.0-current In-Reply-To: References: <199911241622.IAA25297@pau-amma.whistle.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org < said: > The painful thing is getting ACLs into the underlying storage mechanism, > not writing kernel ACL support -- I've finished the framework in the > kernel, libraries, some userland utilities, and even default evaluation > routines for file systems to call. I just don't want to screw around with > FFS storage and soft updates :-). I think it would be a Great Thing if this were incorporated into -current before the feature freeze (which is coming up RSN). Even if it's not implemented in any file systems yet, it would be good to get the API fixed and out in public so that people can write their software to it. It might also be the motivating factor to actually getting a filesystem hacker to work on that side of things. -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Nov 26 12:45:40 1999 Delivered-To: freebsd-security@freebsd.org Received: from anarcat.dyndns.org (phobos.IRO.UMontreal.CA [132.204.20.20]) by hub.freebsd.org (Postfix) with ESMTP id 40CA615E21 for ; Fri, 26 Nov 1999 12:45:25 -0800 (PST) (envelope-from spidey@anarcat.dyndns.org) Received: by anarcat.dyndns.org (Postfix, from userid 1000) id 6DCA41B33; Thu, 25 Nov 1999 22:44:40 -0500 (EST) From: Spidey MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <14398.543.747440.547183@anarcat.dyndns.org> Date: Thu, 25 Nov 1999 22:44:31 -0500 (EST) To: relapz Cc: freebsd-security@FreeBSD.ORG Subject: Re: Fwd: ssh-1.2.27 remote buffer overflow - exploitable (VD#7) References: <199911160357.UAA01885@harmony.village.org> X-Mailer: VM 6.72 under 21.1 "20 Minutes to Nikko" XEmacs Lucid (patch 2) Reply-To: Spidey Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --- Big Brother told relapz to write, at 11:27 of November 16: > seeing as we are on the OpenSSH/ssh front, i've decided to ditch ssh in > favour of OpenSSH. > > However, I seem to be getting some odd errors when someone connects to the > new OpenSSH server daemon: > > Nov 16 11:18:35 <4.4> frosty sshd[1146]: set class 'default' resource > limit datasize: Operation not permitted > Nov 16 11:18:35 <4.4> frosty sshd[1146]: set class 'default' resource > limit stacksize: Operation not permitted > Nov 16 11:18:35 <4.4> frosty sshd[1146]: set class 'default' resource > limit maxproc: Operation not permitted > Nov 16 11:18:35 <4.4> frosty sshd[1146]: set class 'default' resource > limit openfiles: Operation not permitted > > Can someone shed some light on what exactly causes these? Should i be > worried about a misconfig or is this normal. thanx, I found out that putting 'UseLogin yes' in the config file solved the problem. Does anybody knows the implications of using that options? Thanks the AnarCat -- Si l'image donne l'illusion de savoir C'est que l'adage pretend que pour croire, L'important ne serait que de voir Lofofora To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Nov 26 17: 3:51 1999 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id E478F155B2 for ; Fri, 26 Nov 1999 17:03:47 -0800 (PST) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id UAA53758; Fri, 26 Nov 1999 20:03:28 -0500 (EST) (envelope-from robert@cyrus.watson.org) Date: Fri, 26 Nov 1999 20:03:27 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: Garrett Wollman Cc: David Wolfskill , security@FreeBSD.ORG Subject: ACLs for FreeBSD (was: Re: ps on 4.0-current) In-Reply-To: <199911261544.KAA60836@khavrinen.lcs.mit.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 26 Nov 1999, Garrett Wollman wrote: > < said: > > > The painful thing is getting ACLs into the underlying storage mechanism, > > not writing kernel ACL support -- I've finished the framework in the > > kernel, libraries, some userland utilities, and even default evaluation > > routines for file systems to call. I just don't want to screw around with > > FFS storage and soft updates :-). > > I think it would be a Great Thing if this were incorporated into > -current before the feature freeze (which is coming up RSN). Even if > it's not implemented in any file systems yet, it would be good to get > the API fixed and out in public so that people can write their > software to it. It might also be the motivating factor to actually > getting a filesystem hacker to work on that side of things. Ok -- I've put online the second pass code at http://www.watson.org/fbsd-hardening/posix1e/acl/ It includes vnode interface patches, syscall interface patches + syscall implementations, some kernel support code, a userland library, and incomplete userland utilities (getfacl, but no setfacl at this time) and some userland test code. It's under a 2-clause BSD-style license, and currently based on 3.3-RELEASE, although with some simple modifications, should run under 4.0 just fine. I don't currently have a 4.0 build machine around (in DC not in Massachusetts), so haven't tried. Because this is pretty preliminary, I'm open to questions/comments/etc. This is after a bit of thought however, so I'd welcome questions about design choices, but should have fairly legitimate answers for them :-). The primary goal was to maintain POSIX.1e compliance while also keeping in mind decent performance and a couple of BSD-isms (possible to have fd's on directories). Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Nov 26 17:41:26 1999 Delivered-To: freebsd-security@freebsd.org Received: from lunar.gwebnet.com (lunar.galaxy-web.com [216.106.52.2]) by hub.freebsd.org (Postfix) with ESMTP id 4409715223 for ; Fri, 26 Nov 1999 17:41:14 -0800 (PST) (envelope-from freebsd-security@security-source.net) Received: from LORDOAK (OptikNerve@dhcp9399202.columbus.rr.com [24.93.99.202]) by lunar.gwebnet.com (8.9.3/8.9.3) with SMTP id TAA05061 for ; Fri, 26 Nov 1999 19:41:08 -0600 (CST) Message-ID: <004d01bf3878$5dd319d0$ca635d18@LORDOAK> From: "freebsd" To: Subject: Date: Fri, 26 Nov 1999 20:40:11 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2918.2701 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2918.2701 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org subscribe freebsd-security To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Nov 26 19:26: 2 1999 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 8FD3B153FE for ; Fri, 26 Nov 1999 19:25:47 -0800 (PST) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id WAA54155; Fri, 26 Nov 1999 22:25:55 -0500 (EST) (envelope-from robert@cyrus.watson.org) Date: Fri, 26 Nov 1999 22:25:55 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: freebsd-security@freebsd.org Subject: ACLs 0.1 for FreeBSD 3.3-RELEASE Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org (To freebsd-security@freebsd.org, but Bcc'd to posix1e@cyrus.watson.org) Due to interest on freebsd-security and a number of personal emails to me, I've decided I'd go ahead and put online my current work on ACLs for FreeBSD. It is available for download at http://www.watson.org/fbsd-hardening/posix1e/acl/ Currently I don't have support in the underlying file system (a common complaint these days :-), but much of the rest of the code is there, in a hopefully POSIX.1e compliant form. It's available under a 2-clause BSD-style license, so should be incorporatable in open-source and commercial software, and may be useful beyond the BSD arena. It is a 0.1 release, meaning that there are chunks missing (setfacl implementation, the fine-grained ACL manipulation library routines, man pages), but a lot is also there. We hope to get something resembling this into 4.0-CURRENT of FreeBSD before the code freeze, even if the underlying file systems don't support it, so that it would be easier for people to add support for it with a firm and well-distributed API. Feel free to download, inspect, and complain. Feel free also to submit code fixes, new features, and make constructive suggestions :-). Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Nov 26 21:31:23 1999 Delivered-To: freebsd-security@freebsd.org Received: from tgn2.tgn.net (tgn2.tgn.net [205.241.85.2]) by hub.freebsd.org (Postfix) with ESMTP id C30DE14E13 for ; Fri, 26 Nov 1999 21:31:19 -0800 (PST) (envelope-from mike@tgn.net) Received: from murphy26.tgn.net (murphy26.tgn.net [209.127.44.26]) by tgn2.tgn.net (8.9.3/8.8.8) with SMTP id XAA11302 for ; Fri, 26 Nov 1999 23:31:59 -0600 (CST) From: Michael Butler To: security@FreeBSD.ORG Subject: Password fille fields Date: Fri, 26 Nov 1999 23:29:06 -0600 Organization: Never been. Reply-To: mike@tgn.net Message-ID: <9jqu3sobm3d01806qqnfb4knj4b0cpv5ib@4ax.com> X-Mailer: Forte Agent 1.7/32.534 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi all I made a quick pass, filling in what I have seen called the "GECOS" fields in the password file but it wasn't inherently obvious just-how it is all laid out. Specifically where the Name field is as shown in a finger will be separated into sub-fields with commas. Otherwise the fields are separated cleanly with ":". I see an Office and Home Phone fields show in finger when I add into the Name field with commas. My plan is to take a unique account number and apply it into each email account record in passwd. So if user "woody" has a second account "buzzltyr" I can place the same billing account ID in both records to make it easier, come delete or disable time. I have no pw.conf (if that matters). Is there a database field description .conf file somewhere? TIA To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Nov 26 21:35:40 1999 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 2803A14D55 for ; Fri, 26 Nov 1999 21:35:34 -0800 (PST) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id AAA54608; Sat, 27 Nov 1999 00:35:37 -0500 (EST) (envelope-from robert@cyrus.watson.org) Date: Sat, 27 Nov 1999 00:35:36 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: Michael Butler Cc: security@FreeBSD.ORG Subject: Re: Password fille fields In-Reply-To: <9jqu3sobm3d01806qqnfb4knj4b0cpv5ib@4ax.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 26 Nov 1999, Michael Butler wrote: > Hi all > > I made a quick pass, filling in what I have seen called the > "GECOS" fields in the password file but it wasn't inherently obvious > just-how it is all laid out. > > Specifically where the Name field is as shown in a finger will > be separated into sub-fields with commas. Otherwise the fields are > separated cleanly with ":". > > I see an Office and Home Phone fields show in finger when I > add into the Name field with commas. > man 5 passwd > My plan is to take a unique account number and apply it into > each email account record in passwd. So if user "woody" has a second > account "buzzltyr" I can place the same billing account ID in both > records to make it easier, come delete or disable time. > > I have no pw.conf (if that matters). Is there a database field > description .conf file somewhere? Users can modify their GECOS entries via chpass, etc, etc. You'll either need to disable this capability or store the information somewhere else. Given privacy concerns with billing information, somewhere else is probably a good idea. Consider postgresql :-). Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Nov 27 0:14: 8 1999 Delivered-To: freebsd-security@freebsd.org Received: from ints.ru (ints.ru [194.67.173.1]) by hub.freebsd.org (Postfix) with ESMTP id 2414414CA3 for ; Sat, 27 Nov 1999 00:13:55 -0800 (PST) (envelope-from ilmar@ints.ru) Received: (from uucp@localhost) by ints.ru (8.9.2/8.9.2) id LAA23007; Sat, 27 Nov 1999 11:13:54 +0300 (MSK) Received: from ws-ilmar.ints.ru(194.67.173.16) via SMTP by ints.ru, id smtpdj23005; Sat Nov 27 11:13:48 1999 Received: from localhost (localhost [127.0.0.1]) by ws-ilmar.ints.ru (8.9.3/8.9.3) with ESMTP id LAA25068; Sat, 27 Nov 1999 11:13:47 +0300 (MSK) Date: Sat, 27 Nov 1999 11:13:46 +0300 (MSK) From: "Ilmar S. Habibulin" To: Robert Watson Cc: freebsd-security@FreeBSD.ORG Subject: Re: ACLs 0.1 for FreeBSD 3.3-RELEASE In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 26 Nov 1999, Robert Watson wrote: > Currently I don't have support in the underlying file system (a common > complaint these days :-), but much of the rest of the code is there, in a > hopefully POSIX.1e compliant form. It's available under a 2-clause > BSD-style license, so should be incorporatable in open-source and > commercial software, and may be useful beyond the BSD arena. It is a 0.1 > release, meaning that there are chunks missing (setfacl implementation, > the fine-grained ACL manipulation library routines, man pages), but a lot > is also there. We hope to get something resembling this into 4.0-CURRENT > of FreeBSD before the code freeze, even if the underlying file systems > don't support it, so that it would be easier for people to add support for > it with a firm and well-distributed API. Feel free to download, inspect, > and complain. Feel free also to submit code fixes, new features, and make > constructive suggestions :-). And how about including MAC or CAP code in -current? MAC code lacks only fs support right now. CAP exists only as some syscalls, i just don't have time now. It would be verrry nice to have all your posix.1e work in the main source tree. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Nov 27 13: 1:55 1999 Delivered-To: freebsd-security@freebsd.org Received: from anarcat.dyndns.org (phobos.IRO.UMontreal.CA [132.204.20.20]) by hub.freebsd.org (Postfix) with ESMTP id 6FF7A14F47 for ; Sat, 27 Nov 1999 13:01:40 -0800 (PST) (envelope-from spidey@anarcat.dyndns.org) Received: by anarcat.dyndns.org (Postfix, from userid 1000) id D3A351902; Sat, 27 Nov 1999 15:59:49 -0500 (EST) From: Spidey MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <14400.17989.189233.907961@anarcat.dyndns.org> Date: Sat, 27 Nov 1999 15:59:49 -0500 (EST) To: freebsd-security@freebsd.org Subject: localhost X-Mailer: VM 6.72 under 21.1 "20 Minutes to Nikko" XEmacs Lucid (patch 2) Reply-To: Spidey Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi! Regarding the previous thread about the DNS problems. I seem to suffer (I think) the same configuration problems. # nslookup myhost.dyndns.org Server: localhost Address: 127.0.0.1 Non-authoritative answer: Name: myhost.dyndns.org Address: 207.162.101.21 # nslookup localhost Server: localhost Address: 127.0.0.1 Name: localhost.dyndns.org Address: 127.0.0.1 # The fact that I have a dynamic IP, and that I use dyndns.org services sure gives me trouble, but there's surely a way to get over this. Is there some good DNS tutorial or doc out there? I have the following relevant config in named and such: /etc/resolv.conf: nameserver 127.0.0.1 /etc/namedb/named.conf: options { directory "/var/namedb"; }; zone "." { type hint; file "named.root"; }; zone "0.0.127.IN-ADDR.ARPA" { type master; file "localhost.rev"; }; logging { channel sys_secure { syslog auth; severity info; }; category default { default_syslog; default_debug; }; category security { sys_secure; default_syslog; default_debug; }; }; /var/namedb/localhost.rev: ; From: @(#)localhost.rev 5.1 (Berkeley) 6/30/90 ; $FreeBSD: src/etc/namedb/PROTO.localhost.rev,v 1.4.2.1 1999/08/29 14:19:29 pet er Exp $ ; ; This file is automatically edited by the `make-localhost' script in ; the /etc/namedb directory. ; @ IN SOA myhost.dyndns.org. root.myhost.dyndns.org. ( 19991025 ; Serial 3600 ; Refresh 900 ; Retry 3600000 ; Expire 3600 ) ; Minimum IN NS myhost.dyndns.org. 1 IN PTR localhost. root IN CNAME localhost localhost. IN A 127.0.0.1 oh... and: /etc/host.conf # $FreeBSD: src/etc/host.conf,v 1.5.2.1 1999/08/29 14:18:44 peter Exp $ # First try the /etc/hosts file hosts # Now try the nameserver next. bind # If you have YP/NIS configured, uncomment the next line # nis /etc/hosts # $FreeBSD: src/etc/hosts,v 1.9.2.1 1999/08/29 14:18:44 peter Exp $ 127.0.0.1 myhost.dyndns.org localhost For the time being, I have disabled named (partly because of the latest security concerns about it) and put my ISP's nameservers in /etc/resolv.conf However, I'm still wondering which 'domain' to put into /etc/resolv.conf, since "myhost.dyndns.org" gives me: $ nslookup localhost Server: my.isp.org Address: 123.456.789.123 *** my.isp.org can't find localhost: Non-existent host/domain $ Thanks for any input or redirection. AnarCat. -- Si l'image donne l'illusion de savoir C'est que l'adage pretend que pour croire, L'important ne serait que de voir Lofofora To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Nov 27 14:26:58 1999 Delivered-To: freebsd-security@freebsd.org Received: from quasar.pucrs.br (quasar.pucrs.br [200.132.10.5]) by hub.freebsd.org (Postfix) with ESMTP id 3A96D14BDC for ; Sat, 27 Nov 1999 14:26:45 -0800 (PST) (envelope-from mwp@pucrs.br) Received: from pucrs.br (clapton.pucrs.br [200.132.13.11]) by quasar.pucrs.br (8.9.1a/8.9.1) with ESMTP id UAA37970 for ; Sat, 27 Nov 1999 20:25:04 -0300 Message-ID: <38405B15.64786825@pucrs.br> Date: Sat, 27 Nov 1999 20:28:38 -0200 From: Mauricio Westendorff Pegoraro X-Mailer: Mozilla 4.5 [en] (X11; I; SunOS 5.7 sun4m) X-Accept-Language: en MIME-Version: 1.0 Cc: freebsd-security@FreeBSD.ORG Subject: Question about lo0 References: <14400.17989.189233.907961@anarcat.dyndns.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi. I had some problems when I installed and started squid. It was starting okay but after a few seconds it's gone, crashed, with a message that it could not bind a process to localhost when starting '(dns server)'. With help of this freebsd-security list (thanks Oleg Y. Ivanov) and some 'research', I found the problem was the misconfigured lo0 interface. In other words: Before I solve the problem my 'ifconfig lo0' was: lo0: flags=8049 mtu 16384 Then my localhost was pointing to the machine that was serving dns to my local server. So, I've 'ifconfig lo0 127.0.0.1' and all worked correctly, I mean squid started okay without crashing a few seconds later. Now, when I, 'ifconfig lo0' it shows: lo0: flags=8049 mtu 16384 inet 127.0.0.1 netmask 0xff000000 And, as you can see, lo0 is pointing to its proper adress and not somewhere else. My question is: why the lo0 interface wasn't configured when the system started? It was a problem (bug) when freebsd tryied to configure lo0? Or, by default, freebsd doesn't 'autoconfigure' lo0? There are some mails in the list about problems with localhost. Wouldn't they be someway related with this lo0 misconfiguration problem? Please, don't get me wrong. It's only thoughts. It was a long time since I last worked with FreeBSD, so there are many new things (good things and 'problem' things) in release 3.3 I'm not aware yet, which I'd like to know/understand (in last couple years I've been working only with Solaris, AIX and Linux). Regards, MauricioWP. ----------------------------- Mauricio Westendorff Pegoraro PUCRS - Brazil Unix Team To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message