From owner-freebsd-announce Tue Jan 25 13:10:52 2000 Delivered-To: freebsd-announce@freebsd.org Received: from wall.polstra.com (rtrwan160.accessone.com [206.213.115.74]) by hub.freebsd.org (Postfix) with ESMTP id F22E91536C for ; Tue, 25 Jan 2000 13:10:39 -0800 (PST) (envelope-from jdp@polstra.com) Received: from vashon.polstra.com (vashon.polstra.com [206.213.73.13]) by wall.polstra.com (8.9.3/8.9.3) with ESMTP id NAA18733 for ; Tue, 25 Jan 2000 13:10:38 -0800 (PST) (envelope-from jdp@polstra.com) Received: (from jdp@localhost) by vashon.polstra.com (8.9.3/8.9.1) id NAA25605 for freebsd-announce@freebsd.org; Tue, 25 Jan 2000 13:10:38 -0800 (PST) (envelope-from jdp@polstra.com) Message-ID: X-Mailer: XFMail 1.3 [p0] on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 Date: Tue, 25 Jan 2000 13:10:38 -0800 (PST) Organization: Polstra & Co., Inc. From: John Polstra To: freebsd-announce@freebsd.org Subject: cvsup8.freebsd.org out of service until further notice Sender: owner-freebsd-announce@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Due to some unanticipated system problems, cvsup8.FreeBSD.org will be out of service until futher notice. John --- John Polstra jdp@polstra.com John D. Polstra & Co., Inc. Seattle, Washington USA "Disappointment is a good sign of basic intelligence." -- Chögyam Trungpa This is the moderated mailing list freebsd-announce. The list contains announcements of new FreeBSD capabilities, important events and project milestones. See also the FreeBSD Web pages at http://www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-announce" in the body of the message From owner-freebsd-announce Wed Jan 26 6: 9:32 2000 Delivered-To: freebsd-announce@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 608) id 2FF3B150B5; Wed, 26 Jan 2000 06:09:29 -0800 (PST) To: freebsd-announce@freebsd.org Cc: rab@pike.cdrom.com Subject: BSD BOF at New York Linuxworld, Feb 3rd Date: Tue, 25 Jan 2000 16:36:22 -0800 From: "Robert A. Bruce" Sender: owner-freebsd-announce@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org There is going to be a BSD BOF at the New York Linuxworld on Thursday, February 3rd, from 5:30pm to 8:30pm. We are in room 1D05, Jacob Javits Convention Center. The room is located near the conference area in the lower (2nd level down) of Javits. You do not need to be a Linuxworld attendee to come to the BOF. Everyone is welcome. There will be representatives from BSDi, FreeBSD, NetBSD and OpenBSD. There will be installation CDROMs, free food, and even free Daemon Horns! There will be plenty of technical information available. This is a great opportunity to meet some of the leaders in the BSD community, and ask any questions you may have. This BOF is being co-sponsored by BSDi, Walnut Creek CDROM, and BUNY (BSD Users of New York). This is the moderated mailing list freebsd-announce. The list contains announcements of new FreeBSD capabilities, important events and project milestones. See also the FreeBSD Web pages at http://www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-announce" in the body of the message From owner-freebsd-announce Wed Jan 26 13:27:46 2000 Delivered-To: freebsd-announce@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 11D0E14E3C for ; Wed, 26 Jan 2000 13:27:22 -0800 (PST) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id OAA01199 for ; Wed, 26 Jan 2000 14:27:20 -0700 (MST) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id OAA02351 for ; Wed, 26 Jan 2000 14:26:57 -0700 (MST) Message-Id: <200001262126.OAA02351@harmony.village.org> To: freebsd-announce@freebsd.org Subject: Welcome a new member to the Security Officer Team Date: Wed, 26 Jan 2000 14:26:56 -0700 From: Warner Losh Sender: owner-freebsd-announce@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- As part of our continuing efforts to improve the overall security of FreeBSD, we have decided that we must expand the security focus of the Security Officer position to include the FreeBSD ports collection. To facilitate this, we are pleased to announce that effective immediately Kris Kennaway has joined the Security Officer team to coordinate security issues in the FreeBSD ports collection. Kris will be working to enhance the safety of the FreeBSD ports collection. He will coordinate with the various security services to help ensure a secure ports collection. Warner -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface iQCVAwUBOI9mcFUuHi5z0oilAQF5kQP8CQAVXZ/LiWOQDEraasZaREfGxLhkAKar cmcLc8nzTOU1wxcG/hThL7WJHLpTbnjjqeoi9YdY4qOtryr8GQTAXJ9FqttA9RRi MkDkcYinDckRoT3nMUhnks0tgAGuRTI1kshvuS7io+41d++B5dP8aFZAhAe7xb5Z OtEah8ok9Es= =Ddqb -----END PGP SIGNATURE----- This is the moderated mailing list freebsd-announce. The list contains announcements of new FreeBSD capabilities, important events and project milestones. See also the FreeBSD Web pages at http://www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-announce" in the body of the message From owner-freebsd-announce Fri Jan 28 1: 6:18 2000 Delivered-To: freebsd-announce@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 1B20214E5E; Fri, 28 Jan 2000 01:05:58 -0800 (PST) (envelope-from security-officer@freebsd.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id CAA10273; Fri, 28 Jan 2000 02:01:24 -0700 (MST) (envelope-from security-officer@freebsd.org) Received: (from root@localhost) by harmony.village.org (8.9.3/8.8.3) id CAA60307; Fri, 28 Jan 2000 02:01:36 -0700 (MST) Date: Fri, 28 Jan 2000 02:01:36 -0700 (MST) Message-Id: <200001280901.CAA60307@harmony.village.org> From: FreeBSD Security Officer Subject: FreeBSD Security Advisory: FreeBSD-SA-00:02.procfs Reply-To: security-officer@freebsd.org From: FreeBSD Security Officer Sender: owner-freebsd-announce@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:01 Security Advisory FreeBSD, Inc. Topic: Old procfs hole incompletely filled Category: core Module: make Announced: 2000-01-24 Affects: All versions before the correction date. Corrected: 2000-01-20 FreeBSD only: NO Patches: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:02/procfs.patch I. Background procfs provides access to other processes memory spaces. This is intended to be used in debugging and has many safeguards built into it to prevent abuse. II. Problem Description In January 1997 a fatal flaw in *BSD procfs code (leading to a local root compromise) was discussed on various security forums. The exploit code dealt with /proc/pid/mem interface. Since then *BSD kernels contained a simple fix which was meant to close this hole. Unfortunately, throughout these three years it was still possible to abuse /proc/pid/mem in a similar, though more complicated fashion, which could lead to local root compromise. III. Impact Local users can gain root access. IV. Workaround You can unmount /proc. In both 3.x-stable and 4.0-current this will break truss and gcore. In 3.x-stable systems only it will reduce the amount of information ps reports. V. Solution Apply the following patch Index: sys/filedesc.h =================================================================== RCS file: /base/FreeBSD-CVS/src/sys/sys/filedesc.h,v retrieving revision 1.15.2.1 diff -u -r1.15.2.1 filedesc.h --- filedesc.h 1999/08/29 16:32:22 1.15.2.1 +++ filedesc.h 2000/01/20 21:39:29 @@ -139,6 +139,7 @@ int fsetown __P((pid_t, struct sigio **)); void funsetown __P((struct sigio *)); void funsetownlst __P((struct sigiolst *)); +void setugidsafety __P((struct proc *p)); #endif #endif Index: kern/kern_descrip.c =================================================================== RCS file: /base/FreeBSD-CVS/src/sys/kern/kern_descrip.c,v retrieving revision 1.58.2.3 diff -u -r1.58.2.3 kern_descrip.c --- kern_descrip.c 1999/11/18 08:09:08 1.58.2.3 +++ kern_descrip.c 2000/01/20 21:40:00 @@ -984,6 +984,62 @@ } /* + * For setuid/setgid programs we don't want to people to use that setuidness + * to generate error messages which write to a file which otherwise would + * otherwise be off limits to the proces. + * + * This is a gross hack to plug the hole. A better solution would involve + * a special vop or other form of generalized access control mechanism. We + * go ahead and just reject all procfs file systems accesses as dangerous. + * + * Since setugidsafety calls this only for fd 0, 1 and 2, this check is + * sufficient. We also don't for setugidness since we know we are. + */ +static int +is_unsafe(struct file *fp) +{ + if (fp->f_type == DTYPE_VNODE && + ((struct vnode *)(fp->f_data))->v_tag == VT_PROCFS) + return (1); + return (0); +} + +/* + * Make this setguid thing safe, if at all possible. + */ +void +setugidsafety(p) + struct proc *p; +{ + struct filedesc *fdp = p->p_fd; + struct file **fpp; + char *fdfp; + register int i; + + /* Certain daemons might not have file descriptors. */ + if (fdp == NULL) + return; + + fpp = fdp->fd_ofiles; + fdfp = fdp->fd_ofileflags; + for (i = 0; i <= fdp->fd_lastfile; i++, fpp++, fdfp++) { + if (i > 2) + break; + if (*fpp != NULL && is_unsafe(*fpp)) { + if (*fdfp & UF_MAPPED) + (void) munmapfd(p, i); + (void) closef(*fpp, p); + *fpp = NULL; + *fdfp = 0; + if (i < fdp->fd_freefile) + fdp->fd_freefile = i; + } + } + while (fdp->fd_lastfile > 0 && fdp->fd_ofiles[fdp->fd_lastfile] == NULL) + fdp->fd_lastfile--; +} + +/* * Close any files on exec? */ void Index: kern/kern_exec.c =================================================================== RCS file: /base/FreeBSD-CVS/src/sys/kern/kern_exec.c,v retrieving revision 1.93.2.3 diff -u -r1.93.2.3 kern_exec.c --- kern_exec.c 1999/08/29 16:25:58 1.93.2.3 +++ kern_exec.c 2000/01/20 21:39:29 @@ -281,6 +281,7 @@ if (attr.va_mode & VSGID) p->p_ucred->cr_gid = attr.va_gid; setsugid(p); + setugidsafety(p); } else { if (p->p_ucred->cr_uid == p->p_cred->p_ruid && p->p_ucred->cr_gid == p->p_cred->p_rgid) VI. Credits We are republishing a heavily edited FEAR security advisory (number 1) entitled "*BSD procfs vulnerability". More information about FEAR can be found at http://www.fear.pl. We would like to thank nergal@idea.avet.com.pl for sending a preliminary version of the advisory to us in time to correct the problem. ============================================================================= FreeBSD, Inc. Web Site: http://www.freebsd.org/ Confidential contacts: security-officer@freebsd.org Security notifications: security-notifications@freebsd.org Security public discussion: freebsd-security@freebsd.org PGP Key: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/public_key.asc Notice: Any patches in this document may not apply cleanly due to modifications caused by digital signature or mailer software. Please reference the URL listed at the top of this document for original copies of all patches if necessary. ============================================================================= -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface iQCVAwUBOJFWeFUuHi5z0oilAQHo2AP+N4GDREEmjxy6RUvt+G3cRe1Sx4yxr/Jd q70D5Icp3JlcJgxGfWFqGGvt8yx9xMm6d57mFDltdvPKr0TY0n0bY39BJlRAto9n gn8BJJvQ0WQ15ctOQKIsGwGJqHvA+p4qAHYFE3sUIZn6oMz5//C5OmaC7mFtrycY TI64bNR+0F8= =/F89 -----END PGP SIGNATURE----- This is the moderated mailing list freebsd-announce. The list contains announcements of new FreeBSD capabilities, important events and project milestones. See also the FreeBSD Web pages at http://www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-announce" in the body of the message From owner-freebsd-announce Sat Jan 29 22:43: 4 2000 Delivered-To: freebsd-announce@freebsd.org Received: from zippy.cdrom.com (zippy.cdrom.com [204.216.27.228]) by hub.freebsd.org (Postfix) with ESMTP id 5F7231577E for ; Sat, 29 Jan 2000 22:42:59 -0800 (PST) (envelope-from jkh@zippy.cdrom.com) Received: from zippy.cdrom.com (jkh@localhost [127.0.0.1]) by zippy.cdrom.com (8.9.3/8.9.3) with ESMTP id WAA68958 for ; Sat, 29 Jan 2000 22:43:28 -0800 (PST) (envelope-from jkh@zippy.cdrom.com) Date: Sat, 29 Jan 2000 22:43:22 -0800 Message-ID: <68950.949214602.1@zippy.cdrom.com> From: "Jordan K. Hubbard" Subject: FreeBSD 4.0 now in code freeze. MIME-Version: 1.0 Content-Type: multipart/digest; boundary="----- =_aaaaaaaaaa" Content-Description: Blind Carbon Copy Sender: owner-freebsd-announce@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org ------- =_aaaaaaaaaa Content-Type: message/rfc822 Content-Description: Original Message To: committers@freebsd.org Subject: FreeBSD 4.0 now in code freeze. Date: Sat, 29 Jan 2000 22:43:22 -0800 Message-ID: <68950.949214602@zippy.cdrom.com> From: "Jordan K. Hubbard" MIME-Version: 1.0 Dear committers, As previously scheduled, we are now in code freeze on the -current (HEAD) source tree. The ports and doc trees are unaffected by this announcement, as it is up to Satoshi and Nik to decide when and if to declare their own freeze dates. The code freeze will last for a full 30 days, during which time NO commits may be made to the -current src branch without my express approval. The one exception to this rule is documentation - changes to manual pages and other associated docs may be made during the code freeze without advance approval if those changes are also immediately pertinent to FreeBSD 4.0-RELEASE. This special dispensation for docs should also not be taken as blanket permission to make wholesale changes to the doc building infrastructure or go on reformatting rampages. It is expected that you will all use your discretion during the code freeze and not use this as an excuse to do large-scale work which should really have occurred well before now. While a 30 day freeze is also somewhat longer than most we've done in the past, I think that we still have quite a bit of "rock polishing" to do on the -current branch before it's really ready to go out as a full release and we're certainly never going to get to that stage if people keep breaking -current left and right. As of now, that mad rush to get features into 4.0 has ended and it's just critical bug fixes and cosmetic work (of a low-risk nature only) until the release date of March 1st. To get a change approved by me, simply email me the diffs and a short description of what you're trying to fix. If it's an intrusive or risky change, I'm also going to ask you to give me a list of the upsides and downsides you can calculate for the change going in vs not going in, and providing this in your first message will save us both an extra exchange of email. As with all previous code freezes, I'm also far more likely to decide in favor of a change if it arrives at the beginning rather than the end of code freeze given that testing time is obviously a factor in my risk-assessment. Remember that, all you procrastinators out there. :-) Depending on the change, I may also insist on seeing a full buildworld, on both the Alpha and x86 platforms, with my own eyes before granting approval and I expect to be keeping a number of test/build boxes working overtime during this period for the purpose. I want -current to be buildable on a far more reliable basis than it has been lately so that people can actually update and test the bits at regular intervals during the freeze. The reason I don't just branch 4.0 off the mainline, an obvious alternative, is that it would result in all the post-4.0-release feedback generating immediate merge work for the project. The 4.0-stable branch will be created sometime before the release of 4.1, depending on the rate and type of feedback we get from this upcoming release. We have 30 days to make sure that feedback is predominantly positive, so enough said by me and let's get to it! :) - Jordan ------- =_aaaaaaaaaa-- This is the moderated mailing list freebsd-announce. The list contains announcements of new FreeBSD capabilities, important events and project milestones. See also the FreeBSD Web pages at http://www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-announce" in the body of the message