From owner-freebsd-security Sun Jun 4 5:25:46 2000 Delivered-To: freebsd-security@freebsd.org Received: from aurora.scoop.co.nz (aurora.scoop.co.nz [203.96.152.68]) by hub.freebsd.org (Postfix) with ESMTP id 8CE3837B50B for ; Sun, 4 Jun 2000 05:25:42 -0700 (PDT) (envelope-from andrew@scoop.co.nz) Received: from localhost (localhost [127.0.0.1]) by aurora.scoop.co.nz (8.9.3/8.9.3) with SMTP id AAA13640; Mon, 5 Jun 2000 00:25:27 +1200 (NZST) Date: Mon, 5 Jun 2000 00:25:27 +1200 (NZST) From: Andrew McNaughton Reply-To: andrew@scoop.co.nz To: Robert Gash Cc: freebsd-security@FreeBSD.ORG Subject: Re: Recommendations for alternative tripwire options In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 31 May 2000, Robert Gash wrote: > Has anyone found any decent systems like tripwire available under the GNU > GPL? It's not a replacement for tripwire, but there's a tool out there called L5, written by hobbit which could provide a good base for such a system, and is possibly a better place to start if you expect to do a lot of customization of what gets monitored and what gets done with the change lists. L5 basically provides for producing lists of changes in files and directories. It doesn't have any of the rules for which areas it should be monitoring, and it doesn't have code for notifying the administrator and so forth. Andrew -- Andrew McNaughton andrew@squiz.co.nz To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Jun 4 5:45:38 2000 Delivered-To: freebsd-security@freebsd.org Received: from smtp1.interact.se (smtp1.interact.se [193.15.98.9]) by hub.freebsd.org (Postfix) with ESMTP id A7BE237B535 for ; Sun, 4 Jun 2000 05:45:34 -0700 (PDT) (envelope-from je@interact.se) Received: from wolfie.interact.se (je@wolfie.interact.se [193.15.98.202]) by smtp1.interact.se (InterACT Mailer) with ESMTP id OAA07129; Sun, 4 Jun 2000 14:45:19 +0200 (CEST) Date: Sun, 4 Jun 2000 14:43:17 +0200 (CEST) From: Jonas Eriksson X-Sender: je@localhost To: Andrew McNaughton Cc: Robert Gash , freebsd-security@FreeBSD.ORG Subject: Re: Recommendations for alternative tripwire options In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > >On Wed, 31 May 2000, Robert Gash wrote: > >> Has anyone found any decent systems like tripwire available under the GNU >> GPL? > >It's not a replacement for tripwire, but there's a tool out there called >L5, written by hobbit which could provide a good base for such a system, >and is possibly a better place to start if you expect to do a lot of >customization of what gets monitored and what gets done with the change >lists. > >L5 basically provides for producing lists of changes in files and >directories. It doesn't have any of the rules for which areas it should >be monitoring, and it doesn't have code for notifying the administrator >and so forth. > There is alot of tools like Tripwire, just search for tripwire on freshmeat.net http://freshmeat.net/search.php3?query=tripwire -- Jonas Eriksson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Jun 4 7:59:31 2000 Delivered-To: freebsd-security@freebsd.org Received: from bsdie.rwsystems.net (bsdie.rwsystems.net [209.197.223.2]) by hub.freebsd.org (Postfix) with ESMTP id 4DEC137BA2D for ; Sun, 4 Jun 2000 07:59:26 -0700 (PDT) (envelope-from jwyatt@rwsystems.net) Received: from bsdie.rwsystems.net([209.197.223.2]) (1598 bytes) by bsdie.rwsystems.net via sendmail with P:esmtp/R:bind_hosts/T:inet_zone_bind_smtp (sender: ) id for ; Sun, 4 Jun 2000 09:55:26 -0500 (CDT) (Smail-3.2.0.106 1999-Mar-31 #1 built 1999-Aug-7) Date: Sun, 4 Jun 2000 09:55:24 -0500 (CDT) From: James Wyatt To: Jonas Eriksson Cc: Andrew McNaughton , Robert Gash , freebsd-security@FreeBSD.ORG Subject: Re: Recommendations for alternative tripwire options In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, 4 Jun 2000, Jonas Eriksson wrote: > >On Wed, 31 May 2000, Robert Gash wrote: > > Missing attribution for: > >> Has anyone found any decent systems like tripwire available under the GNU > >> GPL? > > > >It's not a replacement for tripwire, but there's a tool out there called > >L5, written by hobbit which could provide a good base for such a system, [ ... ] > > There is alot of tools like Tripwire, just search for tripwire > on freshmeat.net > > http://freshmeat.net/search.php3?query=tripwire Yes, but is anyone *using* any of them besides their respective not-here-inventors? Looking at FreshMeat.net can be a power tool, but some junk exists and I'd rather try something that someone has gotten into at least 3rd or 4th gear under FreeBSD. I went through a similar search looking for a syslog that kept binary-record-format logfiles a while back. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jun 5 3:33:39 2000 Delivered-To: freebsd-security@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id 207B237B52C for ; Mon, 5 Jun 2000 03:33:29 -0700 (PDT) (envelope-from des@flood.ping.uio.no) Received: (from des@localhost) by flood.ping.uio.no (8.9.3/8.9.3) id MAA74587; Mon, 5 Jun 2000 12:32:17 +0200 (CEST) (envelope-from des@flood.ping.uio.no) To: "jason schwab" Cc: freebsd-security@FreeBSD.ORG, petef@databits.net, ghandi@mindless.com, amb78@nmia.com, nmlug@swcp.com Subject: Re: Syslog question... References: <20000603041431.2547.qmail@hotmail.com> From: Dag-Erling Smorgrav Date: 05 Jun 2000 12:32:17 +0200 In-Reply-To: "jason schwab"'s message of "Fri, 02 Jun 2000 23:14:31 EST" Message-ID: Lines: 24 User-Agent: Gnus/5.0802 (Gnus v5.8.2) Emacs/20.4 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org "jason schwab" writes: > I am going to have two public machines; and one machine > that will do nothing except be a backup of syslog from both > the public machines. on the syslog backup machine; is there > any way to have different files from the logs coming from > the different hosts? I dont want all the logs from both > machines into the same files on to the logging backup > machine.... If you want to use the stock FreeBSD syslogd, you'll have to run multiple instances of syslogd with separate config files. Short of hacking syslogd to allow the UDP port to be specified on the command line and/or in the config file, the easiest way to do this is assign multiple IP addresses to the logging machine and run each instance of syslogd in a separate jail with a separate IP address. If you build a static syslogd binary, the jail need not contain much: /etc/syslog.conf, an empty /var/run directory, and your log files. If I were you, though, I'd take a look at the various other syslogd implementations out there (ssyslogd and msyslogd at least). DES -- Dag-Erling Smorgrav - des@flood.ping.uio.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jun 5 3:37:55 2000 Delivered-To: freebsd-security@freebsd.org Received: from Athena.za.net (athena.za.net [196.30.167.200]) by hub.freebsd.org (Postfix) with ESMTP id BE40D37C117 for ; Mon, 5 Jun 2000 03:37:42 -0700 (PDT) (envelope-from jus@security.za.net) Received: from localhost (jus@localhost) by Athena.za.net (8.9.3/8.9.3) with ESMTP id MAA00325; Mon, 5 Jun 2000 12:36:32 +0200 (SAST) (envelope-from jus@security.za.net) X-Authentication-Warning: Athena.za.net: jus owned process doing -bs Date: Mon, 5 Jun 2000 12:36:31 +0200 (SAST) From: Justin Stanford X-Sender: jus@Athena.za.net To: Dag-Erling Smorgrav Cc: jason schwab , freebsd-security@FreeBSD.ORG, petef@databits.net, ghandi@mindless.com, amb78@nmia.com, nmlug@swcp.com Subject: Re: Syslog question... In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Syslog-ng is great. Supports logging over tcp streams to any and all kinds of files, etc. Regards, jus -- Justin Stanford 082 7402741 jus@security.za.net www.security.za.net IT Security and Solutions On 5 Jun 2000, Dag-Erling Smorgrav wrote: > "jason schwab" writes: > > I am going to have two public machines; and one machine > > that will do nothing except be a backup of syslog from both > > the public machines. on the syslog backup machine; is there > > any way to have different files from the logs coming from > > the different hosts? I dont want all the logs from both > > machines into the same files on to the logging backup > > machine.... > > If you want to use the stock FreeBSD syslogd, you'll have to run > multiple instances of syslogd with separate config files. Short of > hacking syslogd to allow the UDP port to be specified on the command > line and/or in the config file, the easiest way to do this is assign > multiple IP addresses to the logging machine and run each instance of > syslogd in a separate jail with a separate IP address. If you build a > static syslogd binary, the jail need not contain much: > /etc/syslog.conf, an empty /var/run directory, and your log files. > > If I were you, though, I'd take a look at the various other syslogd > implementations out there (ssyslogd and msyslogd at least). > > DES > -- > Dag-Erling Smorgrav - des@flood.ping.uio.no > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jun 5 4:40:28 2000 Delivered-To: freebsd-security@freebsd.org Received: from eltex.ru (eltex-gw2.nw.ru [195.19.203.86]) by hub.freebsd.org (Postfix) with ESMTP id 331F037B75E for ; Mon, 5 Jun 2000 04:40:23 -0700 (PDT) (envelope-from ark@eltex.ru) Received: from yaksha.eltex.ru (root@yaksha.eltex.ru [195.19.198.2]) by eltex.ru (8.9.3/8.9.3) with SMTP id PAA55351; Mon, 5 Jun 2000 15:38:52 +0400 (MSD) Received: by yaksha.eltex.ru (ssmtp TIS-0.6alpha, 19 Jan 2000); Mon, 5 Jun 2000 15:38:38 +0400 Received: from undisclosed-intranet-sender id xma017468; Mon, 5 Jun 00 15:38:25 +0400 Date: Mon, 5 Jun 2000 15:37:15 +0400 Message-Id: <200006051137.PAA12911@paranoid.eltex.spb.ru> From: ark@eltex.ru Organization: "Klingon Imperial Intelligence Service" Subject: Re: Syslog question... To: jus@security.za.net Cc: petef@databits.net, ghandi@mindless.com, amb78@nmia.com, nmlug@swcp.com, des@flood.ping.uio.no, jasonschwab@hotmail.com, freebsd-security@FreeBSD.ORG Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- nuqneH, I prefer nsyslogd and i like it much more than syslog-ng. It is not written in ++ at least ;) _ _ _ _ _ _ _ {::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_ (##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_| [||] [||] [||] Do i believe in Bible? Hell,man,i've seen one! -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBOTuQ6KH/mIJW9LeBAQEFPgQAmnmqVmLFs2CrTfzzcVfXDDxH0nj7uSsJ 51MFMbhn4dqChFsHVIKt6FgWbic4tDmgxVgwMFNtUV3wdHbASFkvJYWnnQT4d5A4 vTqKFArsCMwdN8v1bArthMXRwkmdB7iFIgK4tPzDzHvKcpSNtZWGDaET8iwJHR8m S7rle4dzTkU= =pFM9 -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Jun 5 9:11:50 2000 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 1515E37C1E7 for ; Mon, 5 Jun 2000 09:11:44 -0700 (PDT) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id MAA12550; Mon, 5 Jun 2000 12:11:43 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Mon, 5 Jun 2000 12:11:43 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: freebsd-security@FreeBSD.org Cc: trustedbsd-discuss@TrustedBSD.org Subject: cvs commit: src/sys/kern kern_mib.c kern_prot.c src/sys/sys systm.h (fwd) Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org As part of a flurry of commits to FreeBSD 5.0-CURRENT relating to improved authorization structure, capabilities framework, et al, I committed a patch that adds a sysctl disabling suser_xxx(), the call that authorizes uid0 processes to make use of special privilege. Setting the sysctl at this point is not particularly productive, but can be an enlightening experience. To try out, cvs update or cvsup to the latest 5.0-CURRENT tree, and as root: sysctl -w kern.suser_permitted=0 An important note is that without capabilities present and appropriately configured, shutdown will panic the system as some processes die before init, which upsets the kernel. The current set of capabilities patches do not apply cleanly, and I need to go through and update for recent commits. Poligraph text should be out on the list by this evening now that I've had a chance to gather together a variety of comments. I invite criticism, discussion, and suggestions :-). Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services ---------- Forwarded message ---------- Date: Mon, 5 Jun 2000 07:53:55 -0700 (PDT) From: Robert Watson To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/kern kern_mib.c kern_prot.c src/sys/sys systm.h rwatson 2000/06/05 07:53:55 PDT Modified files: sys/kern kern_mib.c kern_prot.c sys/sys systm.h Log: o Introduce kern.suser_permitted, a sysctl that disables the suser_xxx() returning anything but EPERM. o suser is enabled by default; once disabled, cannot be reenabled o To be used in alternative security models where uid0 does not connote additional privileges o Should be noted that uid0 still has some additional powers as it owns many important files and executables, so suffers from the same fundamental security flaws as securelevels. This is fixed with MAC integrity protection code (in progress) o Not safe for consumption unless you are *really* sure you don't want things like shutdown to work, et al :-) Obtained from: TrustedBSD Project Revision Changes Path 1.33 +25 -1 src/sys/kern/kern_mib.c 1.57 +3 -1 src/sys/kern/kern_prot.c 1.115 +2 -1 src/sys/sys/systm.h To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jun 6 3:39:17 2000 Delivered-To: freebsd-security@freebsd.org Received: from aurora.scoop.co.nz (aurora.scoop.co.nz [203.96.152.68]) by hub.freebsd.org (Postfix) with ESMTP id 0DC2A37B517 for ; Tue, 6 Jun 2000 03:39:13 -0700 (PDT) (envelope-from andrew@scoop.co.nz) Received: from localhost (localhost [127.0.0.1]) by aurora.scoop.co.nz (8.9.3/8.9.3) with SMTP id WAA09076; Tue, 6 Jun 2000 22:38:37 +1200 (NZST) Date: Tue, 6 Jun 2000 22:38:37 +1200 (NZST) From: Andrew McNaughton Reply-To: andrew@scoop.co.nz To: Matt Heckaman Cc: Brett Glass , Matthew Dillon , Mike Tancsa , freebsd-security@FreeBSD.ORG Subject: Re: FreeBSDDEATH.c.txt (mmap dirty page no check bug) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 2 Jun 2000, Matt Heckaman wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Fri, 2 Jun 2000, Brett Glass wrote: > [...] > : An interesting related point: By default, the current sysinstall doesn't > : create a separate /tmp. It leaves /tmp as a directory in the rather small > : root partition. An action as simple as downloading a large file via Lynx > : (which downloads to /tmp and then moves files to a destination) is > : enough to overflow the root partition. > > I would like to see a system where it choose defaults based on two > classes, we'll call them "workstation" and "server" for the purpose of > this discussion. The defaults now are fairly decent for a workstation with > the addition of /tmp mentioned herein. > > However, I've see alot of people new to FreeBSD get bit HARD by those > defaults especially in any system that delivers e-mail to /var/mail. The > default for /var is horribly low, I never did understand that myself. It > would be nice to say "are you are server or workstation" and then spit out > some better default variables based on the answer. Perhaps more to the point, there should be a little more information available at the time about what the implications of the options are. A 'server' option built for a machine where lots of users have shell accounts and mail (big /var and /tmp) is going to be quite inappropriate for a typical dedicated webserver. Absence of /tmp is a pretty major oversight for any machine. Putting it on the root partition is doubly so. If there's no sepsrate partition it should at least be an alias to /var/tmp or something of the sort. -- Andrew McNaughton andrew@squiz.co.nz To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jun 6 3:54:12 2000 Delivered-To: freebsd-security@freebsd.org Received: from closed-networks.com (closed-networks.com [195.153.248.242]) by hub.freebsd.org (Postfix) with SMTP id ACFDA37C007 for ; Tue, 6 Jun 2000 03:54:04 -0700 (PDT) (envelope-from udp@closed-networks.com) Received: (qmail 57392 invoked by uid 1021); 6 Jun 2000 11:00:43 -0000 Date: Tue, 6 Jun 2000 12:00:17 +0100 From: User Datagram Protocol To: Andrew McNaughton Subject: Re: FreeBSDDEATH.c.txt (mmap dirty page no check bug) Message-ID: <20000606120017.R48148@closed-networks.com> Reply-To: User Datagram Protocol References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: ; from andrew@scoop.co.nz on Tue, Jun 06, 2000 at 10:38:37PM +1200 X-Echelon: MI6 Cobra GCHQ Panavia MI5 Timberline IRA NSA Mossad CIA Copperhead Organization: Closed Networks Limited, London, UK Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org What are people's feelings on using mfs for /tmp, like BSD/OS does? > Absence of /tmp is a pretty major oversight for any machine. Putting it > on the root partition is doubly so. If there's no sepsrate partition it > should at least be an alias to /var/tmp or something of the sort. > -- > Andrew > McNaughton andrew@squiz.co.nz -- Bruce M. Simpson aka 'udp' Security Analyst & UNIX Development Engineer WWW: www.closed-networks.com/~udp Dundee www.packetfactory.net/~udp United Kingdom email: udp@closed-networks.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jun 6 5:10:17 2000 Delivered-To: freebsd-security@freebsd.org Received: from vuurwerk.nl (envy.vuurwerk.nl [194.178.232.112]) by hub.freebsd.org (Postfix) with SMTP id 4BC8B37B57D for ; Tue, 6 Jun 2000 05:10:06 -0700 (PDT) (envelope-from petervd@vuurwerk.nl) Received: (qmail 83641 invoked from network); 6 Jun 2000 12:10:00 -0000 Received: from kesteren.vuurwerk.nl (HELO vuurwerk.nl) (194.178.232.59) by envy.vuurwerk.nl with SMTP; 6 Jun 2000 12:10:00 -0000 Received: (qmail 36670 invoked by uid 11109); 6 Jun 2000 12:10:00 -0000 Mail-Followup-To: freebsd-security@FreeBSD.ORG Date: Tue, 6 Jun 2000 14:10:00 +0200 From: Peter van Dijk To: freebsd-security@FreeBSD.ORG Subject: Re: FreeBSDDEATH.c.txt (mmap dirty page no check bug) Message-ID: <20000606141000.H36228@vuurwerk.nl> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: ; from andrew@scoop.co.nz on Tue, Jun 06, 2000 at 10:38:37PM +1200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, Jun 06, 2000 at 10:38:37PM +1200, Andrew McNaughton wrote: [snip] > > Absence of /tmp is a pretty major oversight for any machine. Putting it > on the root partition is doubly so. If there's no sepsrate partition it > should at least be an alias to /var/tmp or something of the sort. To /usr/tmp, please, then. /var/tmp is designed to be not cleaned out on reboots. Greetz, Peter. -- petervd@vuurwerk.nl - Peter van Dijk [student:developer:madly in love] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jun 6 7:40:49 2000 Delivered-To: freebsd-security@freebsd.org Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2]) by hub.freebsd.org (Postfix) with ESMTP id 7A08837B52C for ; Tue, 6 Jun 2000 07:40:45 -0700 (PDT) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.9.3/8.9.1) id HAA93503; Tue, 6 Jun 2000 07:40:41 -0700 (PDT) (envelope-from dillon) Date: Tue, 6 Jun 2000 07:40:41 -0700 (PDT) From: Matthew Dillon Message-Id: <200006061440.HAA93503@apollo.backplane.com> To: Peter van Dijk Cc: freebsd-security@FreeBSD.ORG Subject: Re: FreeBSDDEATH.c.txt (mmap dirty page no check bug) References: <20000606141000.H36228@vuurwerk.nl> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org :On Tue, Jun 06, 2000 at 10:38:37PM +1200, Andrew McNaughton wrote: :[snip] :> :> Absence of /tmp is a pretty major oversight for any machine. Putting it :> on the root partition is doubly so. If there's no sepsrate partition it :> should at least be an alias to /var/tmp or something of the sort. : :To /usr/tmp, please, then. : :/var/tmp is designed to be not cleaned out on reboots. : :Greetz, Peter. It should be /var/tmp. It's bad enough that some bozo created two standard locations for temporary files (/tmp and /var/tmp), we don't want to add a third. Frankly, it makes no sense to have more then one. In every machine I've ever configured for the last umpteen years I've created a /var/tmp partition and softlinked /tmp to it. Programs make no real distinction in functionality except perhaps a couple of minor ones in our tree. You wind up having to put tonnes of space in both anyway so they might as well be the same. It just doesn't make any sense to separate them out nor does it make sense to introduce yet another 'standard' location for tmp. The cron job should generally just use a find -mtime ... -delete for /tmp rather then attempt to wipe it entirely. There should be no distinction in functionality. So it should be /var/tmp with /tmp a softlink. Works just dandy even in single-user mode (you create a degenerate /var/tmp in / so you get a working tmp even if /var is not mounted). -Matt Matthew Dillon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jun 6 8: 0:49 2000 Delivered-To: freebsd-security@freebsd.org Received: from testbed.baileylink.net (testbed.baileylink.net [63.71.213.24]) by hub.freebsd.org (Postfix) with ESMTP id E135A37BA54 for ; Tue, 6 Jun 2000 08:00:44 -0700 (PDT) (envelope-from brad@testbed.baileylink.net) Received: (from brad@localhost) by testbed.baileylink.net (8.9.3/8.9.3) id KAA64938 for freebsd-security@FreeBSD.ORG; Tue, 6 Jun 2000 10:01:20 -0500 (CDT) (envelope-from brad) Date: Tue, 6 Jun 2000 10:01:19 -0500 From: Brad Guillory To: freebsd-security@FreeBSD.ORG Subject: Re: FreeBSDDEATH.c.txt (mmap dirty page no check bug) Message-ID: <20000606100119.B56528@baileylink.net> References: <20000606141000.H36228@vuurwerk.nl> <200006061440.HAA93503@apollo.backplane.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <200006061440.HAA93503@apollo.backplane.com>; from dillon@apollo.backplane.com on Tue, Jun 06, 2000 at 07:40:41AM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I would suggest checking a file's atime over mtime. Of course this will not work if you visit every file on a periodic basis (tar, grep whatever). BMG On Tue, Jun 06, 2000 at 07:40:41AM -0700, Matthew Dillon wrote: > > :On Tue, Jun 06, 2000 at 10:38:37PM +1200, Andrew McNaughton wrote: > :[snip] > :> > :> Absence of /tmp is a pretty major oversight for any machine. Putting it > :> on the root partition is doubly so. If there's no sepsrate partition it > :> should at least be an alias to /var/tmp or something of the sort. > : > :To /usr/tmp, please, then. > : > :/var/tmp is designed to be not cleaned out on reboots. > : > :Greetz, Peter. > > It should be /var/tmp. It's bad enough that some bozo created two > standard locations for temporary files (/tmp and /var/tmp), we don't > want to add a third. > > Frankly, it makes no sense to have more then one. In every machine > I've ever configured for the last umpteen years I've created a /var/tmp > partition and softlinked /tmp to it. Programs make no real distinction > in functionality except perhaps a couple of minor ones in our tree. > You wind up having to put tonnes of space in both anyway so they might > as well be the same. It just doesn't make any sense to separate them > out nor does it make sense to introduce yet another 'standard' location > for tmp. > > The cron job should generally just use a find -mtime ... -delete for > /tmp rather then attempt to wipe it entirely. There should be no > distinction in functionality. > > So it should be /var/tmp with /tmp a softlink. Works just dandy even > in single-user mode (you create a degenerate /var/tmp in / so you get > a working tmp even if /var is not mounted). > > -Matt > Matthew Dillon > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- __O | Information wants to be free! | __O Bike _-\<,_ | FreeBSD:The Power to Serve (easily) | _-\<,_ to (_)/ (_) | OpenBSD:The Power to Serve (securely) | (_)/ (_) Work To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jun 6 8:12:25 2000 Delivered-To: freebsd-security@freebsd.org Received: from peak.mountin.net (peak.mountin.net [207.227.119.2]) by hub.freebsd.org (Postfix) with ESMTP id BFF6037B82B for ; Tue, 6 Jun 2000 08:12:21 -0700 (PDT) (envelope-from jeff-ml@mountin.net) Received: (from daemon@localhost) by peak.mountin.net (8.9.1/8.9.1) id KAA26280; Tue, 6 Jun 2000 10:12:17 -0500 (CDT) (envelope-from jeff-ml@mountin.net) Received: from dial-76.max1.wa.cyberlynk.net(207.227.118.76) by peak.mountin.net via smap (V1.3) id sma026277; Tue Jun 6 10:11:55 2000 Message-Id: <4.3.2.20000606094636.00cd3ec0@207.227.119.2> X-Sender: jeff-ml@207.227.119.2 X-Mailer: QUALCOMM Windows Eudora Version 4.3 Date: Tue, 06 Jun 2000 10:09:58 -0500 To: Peter van Dijk , freebsd-security@FreeBSD.ORG From: "Jeffrey J. Mountin" Subject: Re: FreeBSDDEATH.c.txt (mmap dirty page no check bug) In-Reply-To: <20000606141000.H36228@vuurwerk.nl> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 02:10 PM 6/6/00 +0200, Peter van Dijk wrote: >On Tue, Jun 06, 2000 at 10:38:37PM +1200, Andrew McNaughton wrote: >[snip] > > > > Absence of /tmp is a pretty major oversight for any machine. Putting it > > on the root partition is doubly so. If there's no sepsrate partition it > > should at least be an alias to /var/tmp or something of the sort. > >To /usr/tmp, please, then. Another bad default idea. >/var/tmp is designed to be not cleaned out on reboots. And for those that wish to mount /usr read only? I agree with Peter about those installing for a server application knowing what they should do. Any proposed changes to the default settings will be met with resistance by some. Why not, they can't possibly work for everyone, so then someone else can complain and so and so forth. A simple text stating "Depending on your application a separate /var and /tmp partition may be desirable." Leave it up the person installing to actually change it and choose a size for it. Those building a server they *should* have a clue as to what the system's needs will be. Don't think we should even try to guess a difference between a server and workstation, since *what* the server is used for makes a hell of a lot of difference. If it's only for DNS, then the current defaults should work quite well, but for a server doing mail and shell accounts... etc. A no-win situation. Jeff Mountin - jeff@mountin.net Systems/Network Administrator FreeBSD - the power to serve To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jun 6 10:13:12 2000 Delivered-To: freebsd-security@freebsd.org Received: from aurora.scoop.co.nz (aurora.scoop.co.nz [203.96.152.68]) by hub.freebsd.org (Postfix) with ESMTP id 4CDBB37B575 for ; Tue, 6 Jun 2000 10:13:07 -0700 (PDT) (envelope-from andrew@scoop.co.nz) Received: from localhost (localhost [127.0.0.1]) by aurora.scoop.co.nz (8.9.3/8.9.3) with SMTP id FAA23139; Wed, 7 Jun 2000 05:12:44 +1200 (NZST) Date: Wed, 7 Jun 2000 05:12:44 +1200 (NZST) From: Andrew McNaughton Reply-To: andrew@scoop.co.nz To: "Jeffrey J. Mountin" Cc: Peter van Dijk , freebsd-security@FreeBSD.ORG Subject: Re: FreeBSDDEATH.c.txt (mmap dirty page no check bug) In-Reply-To: <4.3.2.20000606094636.00cd3ec0@207.227.119.2> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 6 Jun 2000, Jeffrey J. Mountin wrote: > I agree with Peter about those installing for a server application knowing > what they should do. Any proposed changes to the default settings will be > met with resistance by some. Why not, they can't possibly work for > everyone, so then someone else can complain and so and so forth. I half agree. Given the level of knowledge currently required to set up any server on FreeBSD, changing the partition defaults is going to be inadequate step at best towards the needs of beginner adminstrators. That said, it's a bit of a shame that the ease of setting up standard server configurations does not match the ease of running them. I saw a site on the net once that allowed you to step through several pages of setup configuration options, and at the end you got some sort of downlaodable linux install disk image ready to insert and leave the installation to complete itself, with or without CD at hand. Intall disks with large parts of the configuration encoded on them would allow distribution of ready-made servers for simple installations like routers, mail hosts, dns servers and so forth. Whether existing users of FreeBSD who don't need this care about it's existence I don't know. Sometimes though I wish I could reccomend FreeBSD to a wider range of users for small network administration. -- Andrew McNaughton andrew@squiz.co.nz To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jun 6 10:26:23 2000 Delivered-To: freebsd-security@freebsd.org Received: from moek.pir.net (moek.pir.net [209.192.237.190]) by hub.freebsd.org (Postfix) with ESMTP id E326E37B8B1 for ; Tue, 6 Jun 2000 10:26:18 -0700 (PDT) (envelope-from pir@pir.net) Received: from pir by moek.pir.net with local (Exim) id 12zN7E-0006ga-00 for freebsd-security@FreeBSD.ORG; Tue, 06 Jun 2000 13:26:12 -0400 Date: Tue, 6 Jun 2000 13:26:11 -0400 From: Peter Radcliffe To: freebsd-security@FreeBSD.ORG Subject: Re: FreeBSDDEATH.c.txt (mmap dirty page no check bug) Message-ID: <20000606132611.B24457@pir.net> Reply-To: freebsd-security@freebsd.org Mail-Followup-To: freebsd-security@FreeBSD.ORG References: <4.3.2.20000606094636.00cd3ec0@207.227.119.2> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: ; from andrew@scoop.co.nz on Wed, Jun 07, 2000 at 05:12:44AM +1200 X-fish: < X-Copy-On-Listmail: Please do NOT Cc: me on list mail. Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Andrew McNaughton probably said: > Intall disks with large parts of the configuration encoded on them would > allow distribution of ready-made servers for simple installations like > routers, mail hosts, dns servers and so forth. > > Whether existing users of FreeBSD who don't need this care about it's > existence I don't know. Sometimes though I wish I could reccomend FreeBSD > to a wider range of users for small network administration. nroff -man /usr/src/release/sysinstall/sysinstall.8 I'm already using instal.cfg stuff to build standard machines for desktops and dual boot laptops at work. P. -- pir pir@pir.net pir@net.tufts.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jun 6 15:43:38 2000 Delivered-To: freebsd-security@freebsd.org Received: from vuurwerk.nl (envy.vuurwerk.nl [194.178.232.112]) by hub.freebsd.org (Postfix) with SMTP id 7DEC937B5B2 for ; Tue, 6 Jun 2000 15:43:32 -0700 (PDT) (envelope-from petervd@vuurwerk.nl) Received: (qmail 88445 invoked from network); 6 Jun 2000 22:43:28 -0000 Received: from kesteren.vuurwerk.nl (HELO vuurwerk.nl) (194.178.232.59) by envy.vuurwerk.nl with SMTP; 6 Jun 2000 22:43:28 -0000 Received: (qmail 37594 invoked by uid 11109); 6 Jun 2000 22:43:28 -0000 Mail-Followup-To: freebsd-security@FreeBSD.ORG Date: Wed, 7 Jun 2000 00:43:28 +0200 From: Peter van Dijk To: freebsd-security@FreeBSD.ORG Subject: Re: FreeBSDDEATH.c.txt (mmap dirty page no check bug) Message-ID: <20000607004328.F37217@vuurwerk.nl> References: <20000606141000.H36228@vuurwerk.nl> <200006061440.HAA93503@apollo.backplane.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: <200006061440.HAA93503@apollo.backplane.com>; from dillon@apollo.backplane.com on Tue, Jun 06, 2000 at 07:40:41AM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, Jun 06, 2000 at 07:40:41AM -0700, Matthew Dillon wrote: > > :On Tue, Jun 06, 2000 at 10:38:37PM +1200, Andrew McNaughton wrote: > :[snip] > :> > :> Absence of /tmp is a pretty major oversight for any machine. Putting it > :> on the root partition is doubly so. If there's no sepsrate partition it > :> should at least be an alias to /var/tmp or something of the sort. > : > :To /usr/tmp, please, then. > : > :/var/tmp is designed to be not cleaned out on reboots. > : > :Greetz, Peter. > > It should be /var/tmp. It's bad enough that some bozo created two > standard locations for temporary files (/tmp and /var/tmp), we don't > want to add a third. I agree wholeheartedly with you. I was, therefore, not giving an opinion, just interpreting man hier :) Greetz, Peter. -- petervd@vuurwerk.nl - Peter van Dijk [student:developer:madly in love] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jun 6 20: 6:33 2000 Delivered-To: freebsd-security@freebsd.org Received: from sanson.reyes.somos.net (freyes.static.inch.com [216.223.199.224]) by hub.freebsd.org (Postfix) with ESMTP id 05B7137B635 for ; Tue, 6 Jun 2000 20:06:31 -0700 (PDT) (envelope-from fran@reyes.somos.net) Received: from tomasa (tomasa.reyes.somos.net [10.0.0.11]) by sanson.reyes.somos.net (8.9.3/8.9.3) with SMTP id XAA18095 for ; Tue, 6 Jun 2000 23:00:23 -0400 (EDT) (envelope-from fran@reyes.somos.net) Message-Id: <200006070300.XAA18095@sanson.reyes.somos.net> From: "Francisco Reyes" To: "freebsd-security@FreeBSD.ORG" Date: Tue, 06 Jun 2000 22:22:32 -0400 Reply-To: "Francisco Reyes" X-Mailer: PMMail 2000 Professional (2.10.2010) For Windows 98 (4.10.2222) In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Subject: Restricting user to a directory Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I want to make a "test" login ID for some people in a project I am working on. Basically I just want them to be able to login and only see their own directory. Can this be done with login.conf or loging_conf? I read the man page, but it should would help to find a mini tutorial or how to for those files. I couldn't not even find how to change a user's login class. :-( Would using a shell that has a restricted mode be the easiest way? I believe Bash has this capability. I didn't seem to find it in tcsh. This is a 3.X box so no Jail.. After searching.. I bumped into chroot, but when I try is from a regular ID it gives the error "operation not permited". Suggestions or links on using login.conf or chroot? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jun 6 20:21:39 2000 Delivered-To: freebsd-security@freebsd.org Received: from postfix1.free.fr (postfix1.free.fr [212.27.32.21]) by hub.freebsd.org (Postfix) with ESMTP id 5F39137BBED for ; Tue, 6 Jun 2000 20:21:35 -0700 (PDT) (envelope-from usebsd@free.fr) Received: from safi (paris11-nas2-42-97.dial.proxad.net [212.27.42.97]) by postfix1.free.fr (Postfix) with SMTP id E920F28027; Wed, 7 Jun 2000 05:21:32 +0200 (MEST) From: "mouss" To: "Matthew Dillon" , "Peter van Dijk" Cc: Subject: RE: FreeBSDDEATH.c.txt (mmap dirty page no check bug) Date: Wed, 7 Jun 2000 05:33:20 +0200 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200 In-Reply-To: <200006061440.HAA93503@apollo.backplane.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Matthew Dillon wrote > > It should be /var/tmp. yes. and if ever someone thinks it should go to /usr/tmp, then I see no reason to have a /var. also, the BSD/OS mfs proposal is not that god. This limits the size of /tmp, and uses mfs for things that do not need to be in mfs. the first thing I used to do on BSD/OS was to remove the mfs mount and to softlink /var/tmp to /tmp. > It's bad enough that some bozo created two > standard locations for temporary files (/tmp and /var/tmp), we don't > want to add a third. and may be someday, we'll have a /usr/local/tmp, /usr/src/tmp, ... yes, ther's an opportunity for a tmp dir in every directory, but that's not a sufficient reason to create it. one could also say that many tmp dirs are needed, just to "organize" that tmp stuff. then you'll see /TMP, /Tmp, ... /TEMP, /WINDOWS/TEMP. and why not /*/"temporary internet files"... only one tmp dir is needed, and it's called a tmp dir. ther's no need for "find / |grep tmp" to find temporary files. > Frankly, it makes no sense to have more then one. I fully, completely, infinitely, ..., agree. >In every machine I've ever configured for the last umpteen years I've created > a /var/tmp partition and softlinked /tmp to it. so did I. I even think this should be the default... for me /var is the partition that contains the "other" stuff, and thus the "remaining" space. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jun 6 21:26: 2 2000 Delivered-To: freebsd-security@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id 94D2B37B536 for ; Tue, 6 Jun 2000 21:25:58 -0700 (PDT) (envelope-from Cy.Schubert@uumail.gov.bc.ca) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id VAA21059; Tue, 6 Jun 2000 21:24:53 -0700 Received: from passer.osg.gov.bc.ca(142.32.110.29) via SMTP by point.osg.gov.bc.ca, id smtpda21057; Tue Jun 6 21:24:45 2000 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.9.3/8.9.1) id VAA75717; Tue, 6 Jun 2000 21:24:45 -0700 (PDT) Received: from cwsys9.cwsent.com(10.2.2.1), claiming to be "cwsys.cwsent.com" via SMTP by passer9.cwsent.com, id smtpdL75715; Tue Jun 6 21:24:40 2000 Received: (from uucp@localhost) by cwsys.cwsent.com (8.10.1/8.9.1) id e574Od303232; Tue, 6 Jun 2000 21:24:39 -0700 (PDT) Message-Id: <200006070424.e574Od303232@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpdKj3228; Tue Jun 6 21:24:35 2000 X-Mailer: exmh version 2.1.1 10/15/1999 Reply-To: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-OS: FreeBSD 4.0-STABLE X-Sender: cy To: "mouss" Cc: "Matthew Dillon" , "Peter van Dijk" , freebsd-security@FreeBSD.ORG Subject: Re: FreeBSDDEATH.c.txt (mmap dirty page no check bug) In-reply-to: Your message of "Wed, 07 Jun 2000 05:33:20 +0200." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 06 Jun 2000 21:24:34 -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message , "mouss" writes: > > Matthew Dillon wrote > > > > It should be /var/tmp. > > yes. and if ever someone thinks it should go to /usr/tmp, then I see > no reason to have a /var. /usr/tmp has been historically (recent history) symlinked to /var/tmp. Agreed, why have another temporary directory? > > also, the BSD/OS mfs proposal is not that god. This limits the size of /tmp, > and uses mfs for things that do not need to be in mfs. > the first thing I used to do on BSD/OS was to remove the mfs mount and to > softlink /var/tmp to /tmp. I disagree with this. /tmp is cleared at boot while /var/tmp is not. The reason for this is to have files remain across boot. mfs is generally (arguably on some O/S's) faster than writing data to disk. (If writing to disk is faster than using mfs, assuming there's enough memory to support a decently sized mfs, then there's something seriously wrong with the O/S). Some operating systems by default, e.g. Solaris, use mfs (tmpfs) for /tmp. I happen to like the separation of the two. Having more temporary filesystems than we already have is obviously ridicules. From a security standpoint a shared temporary filesystem coupled with applications written as they are can be an invitation for compromise. Suggestions ranging from no temporary filesystem at all to subdirectories in /tmp for each user have been discussed on FreeBSD-security and BUGTRAQ for many years. Of course for root /var/run reduces the risk. The concept of a virtual temporary filesystem for each user, e.g. /tmp as and address space addressable by a single process group and only sharable by that process group or even a single process, might go a long way to mitigate some of the risk. That being said, compatibility with legacy applications will be broken so once again we're stuck with a shared temporary filesystem. But I digress. > > > > It's bad enough that some bozo created two > > standard locations for temporary files (/tmp and /var/tmp), we don't > > want to add a third. > > and may be someday, we'll have a /usr/local/tmp, /usr/src/tmp, ... > yes, ther's an opportunity for a tmp dir in every directory, but that's > not a sufficient reason to create it. one could also say that many tmp dirs > are needed, > just to "organize" that tmp stuff. then you'll see /TMP, /Tmp, ... /TEMP, > /WINDOWS/TEMP. > and why not /*/"temporary internet files"... > > only one tmp dir is needed, and it's called a tmp dir. ther's no need for > "find / |grep tmp" > to find temporary files. I don't think anyone is suggesting this. If they are, then they need to see a good psychiatrist or stop using mind altering drugs. Anyone in their right mind would make a mess like this. I think that the person who originally started this thread was ignorant and didn't understand the difference between /tmp and /var/tmp. Users on the other hand can set environment variables to put temporary files to anywhere they have write access to. If a user is afraid of some shared temporary filesystem race condition in an application or a symlink exploit they can already create a ~/tmp and set TMP, TMPDIR, or any other environment variable to anything they want, assuming they can write to it. In short, you may have this problem and not even realize it. > > > > Frankly, it makes no sense to have more then one. > > I fully, completely, infinitely, ..., agree. Unless you want to have temporary files to be saved across boot. Now if they're not removed at boot, what makes them temporary? In the case of /var/tmp, if they're older than N days or haven't been access for N days, they're nuked. This of course raises other security issues. > > >In every machine I've ever configured for the last umpteen years I've > created > > a /var/tmp partition and softlinked /tmp to it. > > so did I. I even think this should be the default... for me /var is the > partition > that contains the "other" stuff, and thus the "remaining" space. From a security standpoint there should be no world writable directories whatsoever, even with the sticky bit turned on, however in today's environment, given that compatibility with other unixces might be desireable, this may be unreasonable. At the very least root and semi-privileged accounts, e.g. oracle, should absolutely never use a directory that other users can write to. In the long term I think an admirable goal would be to eliminate /tmp and /var/tmp forever. I believe Theo and co. at OpenBSD are working toward this ultimate goal. If anyone thinks I've contradicted myself in this note, my intention was to open the discussion to a wider range of possibilities than is currently being discussed. On one hand we have compatibility with other UNIX systems out there and in the other extreme we have a more secure solution. Then of course there's the middle ground, wherever that may be. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/DEC Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jun 6 23:12:19 2000 Delivered-To: freebsd-security@freebsd.org Received: from tellurus.tellurian.com.au (tellurus.tellurian.com.au [203.20.69.193]) by hub.freebsd.org (Postfix) with ESMTP id 7A3EB37B6EE for ; Tue, 6 Jun 2000 23:12:14 -0700 (PDT) (envelope-from john@tellurus.tellurian.com.au) Received: (from john@localhost) by tellurus.tellurian.com.au (8.8.5/8.7.3) id PAA25984; Wed, 7 Jun 2000 15:52:29 +0930 (CST) From: John Brazel Message-Id: <200006070622.PAA25984@tellurus.tellurian.com.au> Subject: Re: FreeBSDDEATH.c.txt (mmap dirty page no check bug) To: Cy.Schubert@uumail.gov.bc.ca Date: Wed, 7 Jun 100 15:52:28 +0930 (CST) Cc: freebsd-security@FreeBSD.org In-Reply-To: <200006070424.e574Od303232@cwsys.cwsent.com> from "Cy Schubert - ITSD Open Systems Group" at Jun 6, 0 09:24:34 pm X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > >From a security standpoint a shared temporary filesystem coupled with > applications written as they are can be an invitation for compromise. > Suggestions ranging from no temporary filesystem at all to > subdirectories in /tmp for each user have been discussed on > FreeBSD-security and BUGTRAQ for many years. Of course for root > /var/run reduces the risk. The concept of a virtual temporary > filesystem for each user, e.g. /tmp as and address space addressable by > a single process group and only sharable by that process group or even > a single process, might go a long way to mitigate some of the risk. What exactly ARE all the risks? At the risk of 'over-enthusiasm' (for want of a better phrase), would a purpose-written, security-oriented filesystem solve it? Something like /tmp, but with an embedded sticky bit (permanently set) and the inability to create symlinks (the symlink(2) syscall would return ENOSYS for that filesystem). The question, of course, is, would this fix enough of the problems to warrant all the effort? At the very least, backward compatibility wouldn't be affected. J. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Jun 6 23:55:13 2000 Delivered-To: freebsd-security@freebsd.org Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2]) by hub.freebsd.org (Postfix) with ESMTP id 63F6337B8C4 for ; Tue, 6 Jun 2000 23:55:10 -0700 (PDT) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.9.3/8.9.1) id XAA97086; Tue, 6 Jun 2000 23:55:03 -0700 (PDT) (envelope-from dillon) Date: Tue, 6 Jun 2000 23:55:03 -0700 (PDT) From: Matthew Dillon Message-Id: <200006070655.XAA97086@apollo.backplane.com> To: Cy Schubert - ITSD Open Systems Group Cc: "mouss" , "Peter van Dijk" , freebsd-security@FreeBSD.ORG Subject: Re: FreeBSDDEATH.c.txt (mmap dirty page no check bug) References: <200006070424.e574Od303232@cwsys.cwsent.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org :> also, the BSD/OS mfs proposal is not that god. This limits the size of /tmp, :> and uses mfs for things that do not need to be in mfs. :> the first thing I used to do on BSD/OS was to remove the mfs mount and to :> softlink /var/tmp to /tmp. : :I disagree with this. /tmp is cleared at boot while /var/tmp is not. :The reason for this is to have files remain across boot. Maybe on your system it is, but try running a multi-user system that way and you will quickly find your /var/tmp filled up to the brim. Or, worse, you will find one of the two tmp directories filling up while the other remains entirely empty, or vise-versa depending on which programs your users run. The argument that we should have two tmp's because one should be treated differently from the other doesn't hold any water. There should be one tmp, period. Since programs tend to use /var/tmp and /tmp interchangeably these days, one has to be a symlink to the other. But trying to classify the two as having to have different characteristics only creates sysadmin headaches. What it comes down to is that it is far easier and far more robust to have a single (larger) temporary filesystem to maintain then to have two. :mfs is generally (arguably on some O/S's) faster than writing data to :disk. (If writing to disk is faster than using mfs, assuming there's MFS is a terrible idea for /tmp. Each page in an MFS filesystem eats *TWO* pages of physical memory (until swapped). This means that the active dataset (what processes have accessed recently) eats twice as much physical memory as it needs to. MFS also needlessly loads down the VM system when it does start to stress memory. Simple things like someone tar xvf'ing a large distribution in /tmp can bring the machine to its knees with an MFS partition where the same operation on a normal filesystem would barely glitch most of the resource meters. MFS would be my *LAST* choice for a tmp. Like it or not, /tmp and /var/tmp are here to stay. /usr/tmp doesn't exist on most systems (thank god!), so it would be stupid of us to add it in. -Matt Matthew Dillon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jun 7 0:44: 7 2000 Delivered-To: freebsd-security@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id 65E0437B688 for ; Wed, 7 Jun 2000 00:44:02 -0700 (PDT) (envelope-from Cy.Schubert@uumail.gov.bc.ca) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id AAA21638; Wed, 7 Jun 2000 00:42:58 -0700 Received: from passer.osg.gov.bc.ca(142.32.110.29) via SMTP by point.osg.gov.bc.ca, id smtpda21636; Wed Jun 7 00:42:53 2000 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.9.3/8.9.1) id AAA76505; Wed, 7 Jun 2000 00:42:53 -0700 (PDT) Received: from cwsys9.cwsent.com(10.2.2.1), claiming to be "cwsys.cwsent.com" via SMTP by passer9.cwsent.com, id smtpdZ76503; Wed Jun 7 00:42:41 2000 Received: (from uucp@localhost) by cwsys.cwsent.com (8.10.1/8.9.1) id e577gfm04277; Wed, 7 Jun 2000 00:42:41 -0700 (PDT) Message-Id: <200006070742.e577gfm04277@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpdFq4273; Wed Jun 7 00:42:32 2000 X-Mailer: exmh version 2.1.1 10/15/1999 Reply-To: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-OS: FreeBSD 4.0-STABLE X-Sender: cy To: Matthew Dillon Cc: Cy Schubert - ITSD Open Systems Group , "mouss" , "Peter van Dijk" , freebsd-security@FreeBSD.ORG Subject: Re: FreeBSDDEATH.c.txt (mmap dirty page no check bug) In-reply-to: Your message of "Tue, 06 Jun 2000 23:55:03 PDT." <200006070655.XAA97086@apollo.backplane.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 07 Jun 2000 00:42:32 -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <200006070655.XAA97086@apollo.backplane.com>, Matthew Dillon writes: > :> also, the BSD/OS mfs proposal is not that god. This limits the size of /tm > p, > :> and uses mfs for things that do not need to be in mfs. > :> the first thing I used to do on BSD/OS was to remove the mfs mount and to > :> softlink /var/tmp to /tmp. > : > :I disagree with this. /tmp is cleared at boot while /var/tmp is not. > :The reason for this is to have files remain across boot. > :mfs is generally (arguably on some O/S's) faster than writing data to > :disk. (If writing to disk is faster than using mfs, assuming there's > > MFS is a terrible idea for /tmp. Each page in an MFS filesystem eats > *TWO* pages of physical memory (until swapped). This means that the > active dataset (what processes have accessed recently) eats twice > as much physical memory as it needs to. MFS also needlessly loads > down the VM system when it does start to stress memory. Simple > things like someone tar xvf'ing a large distribution in /tmp can bring > the machine to its knees with an MFS partition where the same operation > on a normal filesystem would barely glitch most of the resource meters. > > MFS would be my *LAST* choice for a tmp. Is this because one page is in the cache and the other is in MFS? I can see that would be a problem. > > Like it or not, /tmp and /var/tmp are here to stay. /usr/tmp doesn't > exist on most systems (thank god!), so it would be stupid of us to add > it in. I didn't say that I wanted /usr/tmp! /usr/tmp is an ancient idea that was replaced by /var/tmp in the last ice age. Why would we want /usr/tmp? If we're going to do that let's have a /usr/spool and /usr/adm. /tmp and /var/tmp doesn't hold much water either. Most applications support the use of TMP and TMPDIR environment variables. Applications that don't support a TMP environment variable should be changed. /tmp and /var/tmp is a concept that is past its prime and should be retired lieu of a more secure paradigm. Anything less than this must be considered unacceptable in a secure operating system. So far no one has convinced me that /tmp and/or /var/tmp cannot be phased out. I have not seen any good arguments to keep them over the long term. Don't forget, applications can be changed to use the new paradigm. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/DEC Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jun 7 0:53:48 2000 Delivered-To: freebsd-security@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id 395A937BA0A for ; Wed, 7 Jun 2000 00:53:40 -0700 (PDT) (envelope-from Cy.Schubert@uumail.gov.bc.ca) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id AAA21662; Wed, 7 Jun 2000 00:52:58 -0700 Received: from passer.osg.gov.bc.ca(142.32.110.29) via SMTP by point.osg.gov.bc.ca, id smtpda21660; Wed Jun 7 00:52:53 2000 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.9.3/8.9.1) id AAA76549; Wed, 7 Jun 2000 00:52:53 -0700 (PDT) Received: from cwsys9.cwsent.com(10.2.2.1), claiming to be "cwsys.cwsent.com" via SMTP by passer9.cwsent.com, id smtpdR76547; Wed Jun 7 00:52:42 2000 Received: (from uucp@localhost) by cwsys.cwsent.com (8.10.1/8.9.1) id e577qfD04339; Wed, 7 Jun 2000 00:52:41 -0700 (PDT) Message-Id: <200006070752.e577qfD04339@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpdse4331; Wed Jun 7 00:52:01 2000 X-Mailer: exmh version 2.1.1 10/15/1999 Reply-To: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-OS: FreeBSD 4.0-STABLE X-Sender: cy To: John Brazel Cc: Cy.Schubert@uumail.gov.bc.ca, freebsd-security@FreeBSD.ORG Subject: Re: FreeBSDDEATH.c.txt (mmap dirty page no check bug) In-reply-to: Your message of "Wed, 07 Jun 2000 15:52:28 +0930." <200006070622.PAA25984@tellurus.tellurian.com.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 07 Jun 2000 00:52:01 -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <200006070622.PAA25984@tellurus.tellurian.com.au>, John Brazel write s: > > >From a security standpoint a shared temporary filesystem coupled with > > applications written as they are can be an invitation for compromise. > > Suggestions ranging from no temporary filesystem at all to > > subdirectories in /tmp for each user have been discussed on > > FreeBSD-security and BUGTRAQ for many years. Of course for root > > /var/run reduces the risk. The concept of a virtual temporary > > filesystem for each user, e.g. /tmp as and address space addressable by > > a single process group and only sharable by that process group or even > > a single process, might go a long way to mitigate some of the risk. > > What exactly ARE all the risks? At the risk of 'over-enthusiasm' > (for want of a better phrase), would a purpose-written, > security-oriented filesystem solve it? Symlinks, hard links, and race conditions are the risks. Mount flags for existing filesystems would another idea. > > Something like /tmp, but with an embedded sticky bit (permanently > set) and the inability to create symlinks (the symlink(2) syscall > would return ENOSYS for that filesystem). And, inability to create hard links, inability to execute, inability to create/use device files, pipes, sockets, etc. In short anything that could be used to "trick" an application to do anything or write to files it wasn't designed to do, would be required. This of course would limit the usefulness of /tmp and /var/tmp. Replacing /tmp & co. with a non-shared temporary filesystem approach (could be a tmp directory in the user's home directory) is the easiest and simplest approach to solve the /tmp problem. > > The question, of course, is, would this fix enough of the problems > to warrant all the effort? At the very least, backward compatibility > wouldn't be affected. Any solution would affect backward compatibility to one degree or another. For example, inability to create symlinks could be considered a compatibility issue for some applications -- limited compatibility issues. Limiting /tmp to only directories and non-executable regular files with only one link to them would have many more compatibility issues. Replacing /tmp with some other approach would have the most compatibility issues, none of which are insurmountable. As with many security models, it all depends on how much we're willing to give up to gain a secure system. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/DEC Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jun 7 1: 1: 2 2000 Delivered-To: freebsd-security@freebsd.org Received: from relay.uvd.chel.su (uvd.chel.su [195.54.2.174]) by hub.freebsd.org (Postfix) with ESMTP id DCA8537B7DF for ; Wed, 7 Jun 2000 01:00:31 -0700 (PDT) (envelope-from lw@pd.chel.ru) Received: from isergeya.uvd.chel.su (isergeya.uvd.chel.su [192.168.200.123]) by relay.uvd.chel.su (Postfix) with ESMTP id 68F5962D13 for ; Wed, 7 Jun 2000 14:00:12 +0600 (YEKST) Date: Wed, 7 Jun 2000 13:59:35 +0500 From: "Sergey A. Ivanov" X-Mailer: The Bat! (v1.44) UNREG / CD5BF9353B3B7091 Reply-To: "Sergey A. Ivanov" X-Priority: 3 (Normal) Message-ID: <717264718.20000607135935@pd.chel.ru> To: freebsd-security@freeBSD.ORG Subject: cvsup of internat stuff Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello freebsd-security! Is cvsup.internat.freebsd.org still exist or i must cvsup crypto from other site? cvsup2.internat.freebsd.org seems don't working too. Best regards, Sergey mailto:lw@pd.chel.ru ICQ UIN: 49432691 http://lw.narod.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jun 7 1:53:36 2000 Delivered-To: freebsd-security@freebsd.org Received: from zeta.qmw.ac.uk (zeta.qmw.ac.uk [138.37.6.6]) by hub.freebsd.org (Postfix) with ESMTP id 8E2E937B881 for ; Wed, 7 Jun 2000 01:53:32 -0700 (PDT) (envelope-from d.m.pick@qmw.ac.uk) Received: from xi.css.qmw.ac.uk ([138.37.8.11]) by zeta.qmw.ac.uk with esmtp (Exim 3.02 #1) id 12zbZi-00003j-00; Wed, 07 Jun 2000 09:52:34 +0100 Received: from cgaa180 by xi.css.qmw.ac.uk with local (Exim 1.92 #1) id 12zbZi-0000w9-00; Wed, 7 Jun 2000 09:52:34 +0100 X-Mailer: exmh version 2.0.2 2/24/98 To: Matthew Dillon Cc: Cy Schubert - ITSD Open Systems Group , "mouss" , "Peter van Dijk" , freebsd-security@FreeBSD.ORG Subject: Re: FreeBSDDEATH.c.txt (mmap dirty page no check bug) In-reply-to: Your message of "Tue, 06 Jun 2000 23:55:03 PDT." <200006070655.XAA97086@apollo.backplane.com> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Date: Wed, 07 Jun 2000 09:52:34 +0100 From: David Pick Message-Id: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Maybe on your system it is, but try running a multi-user system tha= t > way and you will quickly find your /var/tmp filled up to the brim. = Or, > worse, you will find one of the two tmp directories filling up whil= e > the other remains entirely empty, or vise-versa depending on which > programs your users run. > = > The argument that we should have two tmp's because one should be > treated differently from the other doesn't hold any water. There > should be one tmp, period. Since programs tend to use /var/tmp = > and /tmp interchangeably these days, one has to be a symlink to the= > other. But trying to classify the two as having to have different > characteristics only creates sysadmin headaches. > = > What it comes down to is that it is far easier and far more robust = to > have a single (larger) temporary filesystem to maintain then to hav= e = > two. I think I have to agree with Matthews comments here. Generally, one filesystem for temporary files uses disc space better and means there are a smaller number of filesystems that can get filled up by rampant "temporary" file creations. Personally, I prefer a separate filesystem (on disc, not in memory) in most cases, to avoid rampant temporary files screwing up the logs, but if not I think "/var" is the best bet. "/usr" is not a good idea because I think it's a good idea to mount "/usr" read-only if possible. If you really want to make the distinction between "/tmp" and "/var/tmp" in terms of files being automatically cleared, I suggest that a "temp" filesystem called (for example) "/temp" could have a directory in it called "temporally_temporary" which could be cleared, and: /var/tmp -> /temp /tmp -> /temp/temporally_temporary or, if there is no separate filesystem, a similar: /tmp -> /var/tmp/temporally_temporary -- = David Pick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jun 7 2:58: 5 2000 Delivered-To: freebsd-security@freebsd.org Received: from zibbi.mikom.csir.co.za (zibbi.mikom.csir.co.za [146.64.24.58]) by hub.freebsd.org (Postfix) with ESMTP id 6F8B937B988 for ; Wed, 7 Jun 2000 02:57:56 -0700 (PDT) (envelope-from jhay@zibbi.mikom.csir.co.za) Received: (from jhay@localhost) by zibbi.mikom.csir.co.za (8.10.1/8.10.1) id e579s3w90068; Wed, 7 Jun 2000 11:54:03 +0200 (SAT) From: John Hay Message-Id: <200006070954.e579s3w90068@zibbi.mikom.csir.co.za> Subject: Re: cvsup of internat stuff In-Reply-To: <717264718.20000607135935@pd.chel.ru> from "Sergey A. Ivanov" at "Jun 7, 2000 01:59:35 pm" To: lw@pd.chel.ru (Sergey A. Ivanov) Date: Wed, 7 Jun 2000 11:54:03 +0200 (SAT) Cc: freebsd-security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Hello freebsd-security! > > Is cvsup.internat.freebsd.org still exist or i must cvsup crypto > from other site? cvsup2.internat.freebsd.org seems don't working too. > Both of them seems to be working for me. What is the problem? John -- John Hay -- John.Hay@mikom.csir.co.za To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jun 7 3: 8:30 2000 Delivered-To: freebsd-security@freebsd.org Received: from ns1.aha.ru (ns1.aha.ru [195.2.80.142]) by hub.freebsd.org (Postfix) with ESMTP id A987137B89A for ; Wed, 7 Jun 2000 03:08:26 -0700 (PDT) (envelope-from amarkelov@futures.msk.ru) X-BodyDigest: 1379bbed6b07f39f42b535f95e8e0077 Received: from sunny.aha.ru (sunny.aha.ru [195.2.83.112]) by ns1.aha.ru (8.9.3/8.9.3/aha-r/0.04B) with ESMTP id OAA24481 for ; Wed, 7 Jun 2000 14:08:21 +0400 (MSD) Received: from futures.msk.ru (focus.futures.msk.ru [195.2.76.180]) by sunny.aha.ru (8.9.3/8.9.3) with ESMTP id OAA66135 for ; Wed, 7 Jun 2000 14:07:58 +0400 (MSD) Message-ID: <393E1EF4.91EF9861@futures.msk.ru> Date: Wed, 07 Jun 2000 14:07:48 +0400 From: "Alex N. Markelov" Reply-To: amarkelov@futures.msk.ru Organization: Folium Ltd. X-Mailer: Mozilla 4.7 [en] (WinNT; U) X-Accept-Language: ru,en MIME-Version: 1.0 To: freebsd-security@FreeBSD.ORG Subject: PGPnet Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi freebsd-security, I have installed last international version of PGP 6.5.1i and want to discover do we have any package under FreeBSD to work with other computers securing comminucation with PGPnet. In 'what's new' of the version of PGP I see it works with Cisco routers (IOS 12.0(4) and later with IPsec TripleDES) and Linux FreeS/WAN. Do we have anything to work with? Best regards, Alex. PS I know about ssh ;). To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jun 7 4:44:50 2000 Delivered-To: freebsd-security@freebsd.org Received: from burka.carrier.kiev.ua (burka.carrier.kiev.ua [193.193.193.107]) by hub.freebsd.org (Postfix) with ESMTP id 0D4BF37B657 for ; Wed, 7 Jun 2000 04:44:45 -0700 (PDT) (envelope-from netch@lucky.net) Received: from netch@localhost by burka.carrier.kiev.ua id ORB91449; Wed, 7 Jun 2000 14:44:22 +0300 (EEST) (envelope-from netch) Date: Wed, 7 Jun 2000 14:44:21 +0300 From: Valentin Nechayev To: Matthew Dillon , freebsd-security@FreeBSD.ORG Subject: Re: FreeBSDDEATH.c.txt (mmap dirty page no check bug) Message-ID: <20000607144421.A82711@lucky.net> Reply-To: netch@lucky.net References: <200006070424.e574Od303232@cwsys.cwsent.com> <200006070655.XAA97086@apollo.backplane.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <200006070655.XAA97086@apollo.backplane.com>; from dillon@apollo.backplane.com on Tue, Jun 06, 2000 at 11:55:03PM -0700 X-42: On Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Tue, Jun 06, 2000 at 23:55:03, dillon wrote about "Re: FreeBSDDEATH.c.txt (mmap dirty page no check bug)": > Maybe on your system it is, but try running a multi-user system that > way and you will quickly find your /var/tmp filled up to the brim. Or, Of course, of course. It is general problem of any public-accessable resource. Do you think you can really fix this world? Or do you try to emit /tmp as philosophical category? > MFS is a terrible idea for /tmp. Each page in an MFS filesystem eats > *TWO* pages of physical memory (until swapped). This means that the It is problem of one broken realization, isn't it? -- NVA To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jun 7 4:54:41 2000 Delivered-To: freebsd-security@freebsd.org Received: from jello.geekspace.com (216-064-051-142.inaddr.vitts.com [216.64.51.142]) by hub.freebsd.org (Postfix) with SMTP id 1EF9A37B738 for ; Wed, 7 Jun 2000 04:54:34 -0700 (PDT) (envelope-from psion@geekspace.com) Received: (qmail 694 invoked from network); 7 Jun 2000 11:57:36 -0000 Received: from nh050.inr.net (HELO geekspace.com) (216.64.66.50) by 216-064-051-142.inaddr.vitts.com with SMTP; 7 Jun 2000 11:57:36 -0000 Message-ID: <393E3710.363AC6CF@geekspace.com> Date: Wed, 07 Jun 2000 07:50:40 -0400 From: Chris Williams X-Mailer: Mozilla 4.72 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 Cc: freebsd-security@FreeBSD.ORG Subject: Re: FreeBSDDEATH.c.txt (mmap dirty page no check bug) References: <200006070424.e574Od303232@cwsys.cwsent.com> <200006070655.XAA97086@apollo.backplane.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I have to wonder, with all this discussion about one tmp being cleared at boot and the other not...Do FreeBSD users really reboot so often that this is an important case? ;) Isn't it kind of, well, short-sighted, to rely on cleaning something out at boot-time on a system which could potentailly see uptime measured in years? I would think it's even sillier to say that your security relies on /tmp being cleared at boot -- does that mean FreeBSD needs to be rebooted every x days to remain secure? Please. If this is the case, something is a lot more seriously wrong than having two /tmps.. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jun 7 5:45:22 2000 Delivered-To: freebsd-security@freebsd.org Received: from burka.carrier.kiev.ua (burka.carrier.kiev.ua [193.193.193.107]) by hub.freebsd.org (Postfix) with ESMTP id 8F25A37B52B for ; Wed, 7 Jun 2000 05:45:16 -0700 (PDT) (envelope-from netch@lucky.net) Received: from netch@localhost by burka.carrier.kiev.ua id PRK99342 for freebsd-security@FreeBSD.ORG; Wed, 7 Jun 2000 15:45:12 +0300 (EEST) (envelope-from netch) Date: Wed, 7 Jun 2000 15:45:12 +0300 From: Valentin Nechayev To: freebsd-security@FreeBSD.ORG Subject: Re: FreeBSDDEATH.c.txt (mmap dirty page no check bug) Message-ID: <20000607154512.B82711@lucky.net> Reply-To: netch@lucky.net References: <200006070424.e574Od303232@cwsys.cwsent.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <200006070424.e574Od303232@cwsys.cwsent.com>; from Cy.Schubert@uumail.gov.bc.ca on Tue, Jun 06, 2000 at 09:24:34PM -0700 X-42: On Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Tue, Jun 06, 2000 at 21:24:34, Cy.Schubert wrote about "Re: FreeBSDDEATH.c.txt (mmap dirty page no check bug)": > >From a security standpoint there should be no world writable > directories whatsoever, even with the sticky bit turned on, however in > today's environment, given that compatibility with other unixces might > be desireable, this may be unreasonable. At the very least root and > semi-privileged accounts, e.g. oracle, should absolutely never use a > directory that other users can write to. For one big security hole named Unix, it is true. FreeBSD is not an exception. But it is simple to extend existing interface, i.e., for O_DONTFOLLOWMID and O_NOSPECIAL flag in open(), and disable most of such exploits without risk of race condition. Of course, full solution should be more complicated. > If anyone thinks I've contradicted myself in this note, my intention > was to open the discussion to a wider range of possibilities than is > currently being discussed. On one hand we have compatibility with > other UNIX systems out there and in the other extreme we have a more > secure solution. Then of course there's the middle ground, wherever > that may be. Well, and what is your alternative to /tmp/.X11-unix? -- NVA To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jun 7 6: 5:15 2000 Delivered-To: freebsd-security@freebsd.org Received: from granger.mail.mindspring.net (granger.mail.mindspring.net [207.69.200.148]) by hub.freebsd.org (Postfix) with ESMTP id 6C68937B93C for ; Wed, 7 Jun 2000 06:05:11 -0700 (PDT) (envelope-from david.dagon@mindspring.com) Received: from mindspring.com (user-38ld0dk.dialup.mindspring.com [209.86.129.180]) by granger.mail.mindspring.net (8.9.3/8.8.5) with ESMTP id JAA08185; Wed, 7 Jun 2000 09:04:55 -0400 (EDT) Message-ID: <393E4B39.354DCDA4@mindspring.com> Date: Wed, 07 Jun 2000 09:16:41 -0400 From: David Dagon Reply-To: dagon@cc.gatech.edu X-Mailer: Mozilla 4.73 [en] (X11; U; Linux 2.3.99-pre7 i686) X-Accept-Language: en MIME-Version: 1.0 To: Chris Williams Cc: freebsd-security@FreeBSD.ORG Subject: Re: FreeBSDDEATH.c.txt (mmap dirty page no check bug) References: <200006070424.e574Od303232@cwsys.cwsent.com> <200006070655.XAA97086@apollo.backplane.com> <393E3710.363AC6CF@geekspace.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Chris Williams wrote: > > I have to wonder, with all this discussion about one tmp being cleared > at boot and the other not...Do FreeBSD users really reboot so often that > this is an important case? ;) > In the late 70s, /tmp was frequently on a small, fast disk, often a RAM disk. It was usually used for small, quick access jobs, such as output from the multiple passes of cc. /usr/tmp (now /var/tmp) was slower, but often with larger capacity, and was used for jobs like sort, and such. The hier(7) pages only give reboot as a key difference between the two. But some systems may been configured to give faster access to /tmp. (Others might just as well be soft linked to /var/tmp, but that's up to the sysadmin.) So expected speed of access and general lifetime of the files are two factors that hier(7) does not discuss. I think you've made an excellent point. In these days where a single-spindle holds gigs and gigs, and the entire system resides on a single drive, the separation between /tmp and /var/tmp seems less important. And of course depending on a reboot as part of system security does not seem wise. On this matter, I reread with interest McKusick (et al.)'s book on 4.4BSD: Use of dedicated memory to support a RAM disk exclusively is a poor use of resources. The system can improve overall throughput by using the memory for the locations with high access rates. . . . [in efficiency of memory-to-memory copy noted for RAM storage] . . . The 4.4BSD system avoids these problems by building its RAM-disk filesystem in pageable memory, insted of in dedicated memory. The goal is to provide the speed benefits of a RAM disk without paying the performance penalty . . . The /tmp filesystem can be allocated a virtual address space that is larger than the physical memory on the machine. s. 8.4. (Yes, yes, there are differences between FreeBSD and 4.4). It seems that the idea behind /tmp is that it's supposed to be fast. This could mean a RAM disk, an MFS (ack!), or even just locating /tmp on another spindle so it does not contend with /usr traffic. Since it competes for resources, /tmp is cleaned regularly (most often, but not exclusively, after a reboot). One should use /tmp for transient or easily recreated information. So, it strikes me that there are still differences between /tmp and /var/tmp--expected speed of access (which may be a myth these days), and the anticipated lifetime of transient files. Maybe most sysadmins don't care to honor this distinction, and just sym link the two. But having two systems allows for tweaks. -- David dagon@cc.gatech.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jun 7 6:13:40 2000 Delivered-To: freebsd-security@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id 8471A37BC73 for ; Wed, 7 Jun 2000 06:13:36 -0700 (PDT) (envelope-from Cy.Schubert@uumail.gov.bc.ca) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id GAA22732; Wed, 7 Jun 2000 06:12:27 -0700 Received: from passer.osg.gov.bc.ca(142.32.110.29) via SMTP by point.osg.gov.bc.ca, id smtpda22730; Wed Jun 7 06:12:17 2000 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.9.3/8.9.1) id GAA78241; Wed, 7 Jun 2000 06:12:16 -0700 (PDT) Received: from cwsys9.cwsent.com(10.2.2.1), claiming to be "cwsys.cwsent.com" via SMTP by passer9.cwsent.com, id smtpdp78239; Wed Jun 7 06:11:54 2000 Received: (from uucp@localhost) by cwsys.cwsent.com (8.10.1/8.9.1) id e57DBsW08744; Wed, 7 Jun 2000 06:11:54 -0700 (PDT) Message-Id: <200006071311.e57DBsW08744@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpdzl8739; Wed Jun 7 06:11:10 2000 X-Mailer: exmh version 2.1.1 10/15/1999 Reply-To: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-OS: FreeBSD 4.0-STABLE X-Sender: cy To: netch@lucky.net Cc: Matthew Dillon , freebsd-security@FreeBSD.ORG Subject: Re: FreeBSDDEATH.c.txt (mmap dirty page no check bug) In-reply-to: Your message of "Wed, 07 Jun 2000 14:44:21 +0300." <20000607144421.A82711@lucky.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 07 Jun 2000 06:11:09 -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org n message <20000607144421.A82711@lucky.net>, Valentin Nechayev writes: > Tue, Jun 06, 2000 at 23:55:03, dillon wrote about "Re: FreeBSDDEATH.c.txt (m > map dirty page no check bug)": > > > Maybe on your system it is, but try running a multi-user system that > > way and you will quickly find your /var/tmp filled up to the brim. Or, > > Of course, of course. > It is general problem of any public-accessable resource. > Do you think you can really fix this world? Or do you try to emit /tmp > as philosophical category? Agreed. That's why the whole concept of /tmp and /var/tmp is flawed. In my original reply in this thread I tried to take a broad as view and conciliatory view as possible to satisfy all points of view and hopefully have people consider (gently nudge) the idea of the more secure approach of no /tmp as an option. My orignal tactic obviously did not work I am now showing my true colours by insisting (like everyone else does) that /tmp and /var/tmp as we know them be retired, to be replaced by a paradigm that is more secure. Any less is invitation for disaster! Replacement candidates for /tmp and /var/tmp are: 1. Each user has a subdirectory in /tmp as /tmp/$USER. An idea brought forth to BUGTRAQ by Theo de Raadt of the OpenBSD project. 2. Each user maintains their own /tmp as $HOME/tmp or some such thing. An idea I had discussed with my co-workers a number of years ago. > > > MFS is a terrible idea for /tmp. Each page in an MFS filesystem eats > > *TWO* pages of physical memory (until swapped). This means that the > > It is problem of one broken realization, isn't it? Compaq back when they were Digital and Sun both claim that their MFS and TMPFS, respectively, are faster than disk. Agreed, the FreeBSD MFS implementation is very much broken. I'm not sure whether md pseudo-devices are stable enough production yet. Anyone on this list with good or bad experience with the new md pseudo-devices? Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/DEC Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC I To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jun 7 6:53:31 2000 Delivered-To: freebsd-security@freebsd.org Received: from borderware.com (gateway.borderware.com [207.236.65.226]) by hub.freebsd.org (Postfix) with ESMTP id A359337BCBB for ; Wed, 7 Jun 2000 06:53:13 -0700 (PDT) (envelope-from bmw@borderware.com) Received: by gateway.borderware.com id <117121>; Wed, 7 Jun 2000 09:51:18 -0400 From: "Bruce M. Walker" Message-Id: <00Jun7.095118edt.117121@gateway.borderware.com> Subject: Re: FreeBSDDEATH.c.txt (mmap dirty page no check bug) In-Reply-To: <200006071311.e57DBsW08744@cwsys.cwsent.com> from Cy Schubert - ITSD Open Systems Group at "Jun 7, 2000 06:11:09 am" To: freebsd-security@FreeBSD.ORG Date: Wed, 7 Jun 2000 09:53:05 -0400 (EDT) X-Mailer: ELM [version 2.4ME+ PL66 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Cy Schubert - ITSD Open Systems Group wrote: > Replacement candidates for /tmp and /var/tmp are: > > 1. Each user has a subdirectory in /tmp as /tmp/$USER. An idea brought > forth to BUGTRAQ by Theo de Raadt of the OpenBSD project. > > 2. Each user maintains their own /tmp as $HOME/tmp or some such thing. > An idea I had discussed with my co-workers a number of years ago. #1 I'll buy into. I have actually implemented that for an HPUX-based MIS system using a Progress db. All users have their own "playpen" and cron sweeps up the all-too-frequent cores and printer temps. #2 is *not* going to cut it when the user homes are NFS-mounted from a central server(s). On the other hand, it's a good idea when the server has more resources than the workstation (terabyte FC-disks over gigabit ether). Is this topic not drifting away from being strictly "freebsd-security"? -bmw To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jun 7 7:52:47 2000 Delivered-To: freebsd-security@freebsd.org Received: from ns1.via-net-works.net.ar (ns1.via-net-works.net.ar [200.10.100.10]) by hub.freebsd.org (Postfix) with ESMTP id E753937B8A5 for ; Wed, 7 Jun 2000 07:52:39 -0700 (PDT) (envelope-from fpscha@ns1.via-net-works.net.ar) Received: (from fpscha@localhost) by ns1.via-net-works.net.ar (8.9.3/8.9.3) id LAA16205 for freebsd-security@freebsd.org; Wed, 7 Jun 2000 11:52:36 -0300 (GMT) From: Fernando Schapachnik Message-Id: <200006071452.LAA16205@ns1.via-net-works.net.ar> Subject: IPFilter question To: freebsd-security@freebsd.org Date: Wed, 7 Jun 2000 11:52:34 -0300 (GMT) Reply-To: Fernando Schapachnik X-Mailer: ELM [version 2.4ME+ PL40 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi: I've read the ipf-howto whose URL was published in the list a few month ago and used it to construt a FW. Everything was fine except for: Using keep state with icmp doesn't allow traceroutes. The solution I found was to let icmp types 0 and 11 in. Is this supposed to work this way or I misconfigured something? Shouldn't `keep state' be enough to let traceroute work? On one of the last chapters of the howto I found a very interesting section on how to build and `invisible' FW using IPFilter and bridging. The document stated it could be done with OpenBSD. Does any body know if this can be done with FreeBSD? Thanks and kind regards! Fernando P. Schapachnik Administración de la red VIA NET.WORKS ARGENTINA S.A. fernando@via-net-works.net.ar (54-11) 4323-3333 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jun 7 8:26:44 2000 Delivered-To: freebsd-security@freebsd.org Received: from zeta.qmw.ac.uk (zeta.qmw.ac.uk [138.37.6.6]) by hub.freebsd.org (Postfix) with ESMTP id 5BC8137B5B3 for ; Wed, 7 Jun 2000 08:26:39 -0700 (PDT) (envelope-from d.m.pick@qmw.ac.uk) Received: from xi.css.qmw.ac.uk ([138.37.8.11]) by zeta.qmw.ac.uk with esmtp (Exim 3.02 #1) id 12zhir-0003lt-00; Wed, 07 Jun 2000 16:26:25 +0100 Received: from cgaa180 by xi.css.qmw.ac.uk with local (Exim 1.92 #1) id 12zhis-0001Hq-00; Wed, 7 Jun 2000 16:26:26 +0100 X-Mailer: exmh version 2.0.2 2/24/98 To: Fernando Schapachnik Cc: freebsd-security@freebsd.org Subject: Re: IPFilter question In-reply-to: Your message of "Wed, 07 Jun 2000 11:52:34 -0300." <200006071452.LAA16205@ns1.via-net-works.net.ar> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Date: Wed, 07 Jun 2000 16:26:26 +0100 From: David Pick Message-Id: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Using keep state with icmp doesn't allow traceroutes. The = > solution I found was to let icmp types 0 and 11 in. Is this supposed = > to work this way or I misconfigured something? Shouldn't `keep state' b= e = > enough to let traceroute work? The problem is that traceroute works by sending out IP packets with gradually increasing TTL values and gathering the ICMP error reports that are generated as each packet gets so far and the TTL counts down to zero. So the ICMP responses come back from the intermediate router that dropped the output packet. So the source address of the ICMP packet is unpredictable, and the "keep-state" rule only puts in the *destination* IP address as the source address for the returning packets.= The same comments apply to *all* ICMP packets: for example blocking ICMP responses from intermediate routers will also break the MTU path discovery mechanism. Interesting point: could "keep-state" generate a rule that would allow ICMP packets with a destination that matches the source address of the outbound packet, but without any check on the returning source address? This would allow us to block ICMPs being used for back-channel communication unless we're unlucky enough that the sender manages to match the (source) address of an outgoing packet during the time window the kept state entry was in place. -- = David Pick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jun 7 8:52: 7 2000 Delivered-To: freebsd-security@freebsd.org Received: from ns1.via-net-works.net.ar (ns1.via-net-works.net.ar [200.10.100.10]) by hub.freebsd.org (Postfix) with ESMTP id C84D537B5B3 for ; Wed, 7 Jun 2000 08:52:01 -0700 (PDT) (envelope-from fpscha@ns1.via-net-works.net.ar) Received: (from fpscha@localhost) by ns1.via-net-works.net.ar (8.9.3/8.9.3) id MAA18656; Wed, 7 Jun 2000 12:51:07 -0300 (GMT) From: Fernando Schapachnik Message-Id: <200006071551.MAA18656@ns1.via-net-works.net.ar> Subject: Re: IPFilter question In-Reply-To: from David Pick at "Jun 7, 0 04:26:26 pm" To: D.M.Pick@qmw.ac.uk (David Pick) Date: Wed, 7 Jun 2000 12:51:03 -0300 (GMT) Cc: fpscha@via-net-works.net.ar, freebsd-security@freebsd.org Reply-To: Fernando Schapachnik X-Mailer: ELM [version 2.4ME+ PL40 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org En un mensaje anterior, David Pick escribió: > > > Using keep state with icmp doesn't allow traceroutes. The > > solution I found was to let icmp types 0 and 11 in. Is this supposed > > to work this way or I misconfigured something? Shouldn't `keep state' be > > enough to let traceroute work? > > The problem is that traceroute works by sending out IP packets with > gradually increasing TTL values and gathering the ICMP error reports > that are generated as each packet gets so far and the TTL counts down > to zero. So the ICMP responses come back from the intermediate router > that dropped the output packet. So the source address of the ICMP > packet is unpredictable, and the "keep-state" rule only puts in the > *destination* IP address as the source address for the returning packets. That must be it! So in theory you don't need to allow icmp-type 0 (echo reply) because that is what the keep state icmp is for, right? Thank you! Fernando P. Schapachnik Administración de la red VIA NET.WORKS ARGENTINA S.A. fernando@via-net-works.net.ar (54-11) 4323-3333 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jun 7 8:59: 4 2000 Delivered-To: freebsd-security@freebsd.org Received: from aurora.scoop.co.nz (aurora.scoop.co.nz [203.96.152.68]) by hub.freebsd.org (Postfix) with ESMTP id 9660F37BCF2 for ; Wed, 7 Jun 2000 08:58:55 -0700 (PDT) (envelope-from andrew@scoop.co.nz) Received: from localhost (localhost [127.0.0.1]) by aurora.scoop.co.nz (8.9.3/8.9.3) with SMTP id DAA15791; Thu, 8 Jun 2000 03:58:01 +1200 (NZST) Date: Thu, 8 Jun 2000 03:58:01 +1200 (NZST) From: Andrew McNaughton Reply-To: andrew@scoop.co.nz To: Francisco Reyes Cc: "freebsd-security@FreeBSD.ORG" Subject: Re: Restricting user to a directory In-Reply-To: <200006070300.XAA18095@sanson.reyes.somos.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 6 Jun 2000, Francisco Reyes wrote: > I want to make a "test" login ID for some people in a project I > am working on. > Basically I just want them to be able to login and only see > their own directory. chroot is possible, but it means you will have to put any binaries and libraries they need into their directory structure (Can be hard links to files elsewhere on the same device). It can be a bit of work to set up for ad hoc use. It would be nice to have an install script for setting up a basic chroot environment, which probably suggests that someone will have done it. > Can this be done with login.conf or loging_conf? > I read the man page, but it should would help to find a mini > tutorial or how to for those files. > I couldn't not even find how to change a user's login class. :-( root@yourhost# chpass > Would using a shell that has a restricted mode be the easiest > way? I believe Bash has this capability. > I didn't seem to find it in tcsh. There is a restricted shell that comes with sendmail (smrsh), but I'm not sure how appropriate it is. Might not be much easier to set up than chroot. > This is a 3.X box so no Jail.. > > After searching.. I bumped into chroot, but when I try is from a > regular ID it gives the error "operation not permited". chroot as root and then su to the appropriate user. You need to set up various binaries and libraries in the chroot area first in order for it to work. Andrew -- Andrew McNaughton andrew@squiz.co.nz To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jun 7 9:14:12 2000 Delivered-To: freebsd-security@freebsd.org Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2]) by hub.freebsd.org (Postfix) with ESMTP id 5068A37BA89 for ; Wed, 7 Jun 2000 09:14:04 -0700 (PDT) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.9.3/8.9.1) id JAA01082; Wed, 7 Jun 2000 09:13:42 -0700 (PDT) (envelope-from dillon) Date: Wed, 7 Jun 2000 09:13:42 -0700 (PDT) From: Matthew Dillon Message-Id: <200006071613.JAA01082@apollo.backplane.com> To: Valentin Nechayev Cc: freebsd-security@FreeBSD.ORG Subject: Re: FreeBSDDEATH.c.txt (mmap dirty page no check bug) References: <200006070424.e574Od303232@cwsys.cwsent.com> <200006070655.XAA97086@apollo.backplane.com> <20000607144421.A82711@lucky.net> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org :Of course, of course. :It is general problem of any public-accessable resource. :Do you think you can really fix this world? Or do you try to emit /tmp :as philosophical category? : :> MFS is a terrible idea for /tmp. Each page in an MFS filesystem eats :> *TWO* pages of physical memory (until swapped). This means that the : :It is problem of one broken realization, isn't it? : :-- :NVA No, I think its a problem with concept. Modern systems like ours have a VM page cache which can cache anything -- including normal filesystems. Normal filesystems aren't quite as fast as MFS (even with an async mount) because we assume, rightly, that certain pieces of data can be flushed more quickly in order to leave more memory available to other things. The concept of 'MFS' in general could be rephrased to be 'forcing the system to use more memory to cache a filesytem at the cost of making less memory available to programs and other filesystems'. If a person wants that tradeoff, then it would be just as easy to implement with a normal filesystem simply by turning off the update daemon (for that filesystem), turning off write-behind (for that filesystem), and either increasing the size of the buffer cache to accomodate more dirty pages or disassociating the dirty filesystem pages from the buffer cache (making them look like dirty mmap'd pages). And then using an async mount. A memory filesystem, even the best implemented one you could write, is best used in situations where you don't *have* a local disk in the first place. -Matt Matthew Dillon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jun 7 9:49:22 2000 Delivered-To: freebsd-security@freebsd.org Received: from bart.esiee.fr (bart.esiee.fr [147.215.1.20]) by hub.freebsd.org (Postfix) with ESMTP id 8719D37B9A2 for ; Wed, 7 Jun 2000 09:49:19 -0700 (PDT) (envelope-from bonnetf@bart.esiee.fr) Received: (from bonnetf@localhost) by bart.esiee.fr (8.10.1/8.10.1) id e57GnEg12368; Wed, 7 Jun 2000 18:49:14 +0200 (MEST) From: Frank Bonnet Message-Id: <200006071649.e57GnEg12368@bart.esiee.fr> Subject: Re: Restricting user to a directory To: andrew@scoop.co.nz Date: Wed, 07 Jun 2000 18:49:14 MEST Cc: fran@reyes.somos.net, freebsd-security@FreeBSD.ORG In-Reply-To: ; from "Andrew McNaughton" at Jun 8, 2000 3:58 am X-Mailer: Elm [revision: 212.5] Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org well it "seems" that bash should be configured as a restricted shell at compile time see at http://dept-info.labri.u-bordeaux.fr/~strandh/Teaching/USI/Common/Bash/bashref_65.html -- Frank Bonnet Groupe ESIEE Paris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jun 7 10: 2:40 2000 Delivered-To: freebsd-security@freebsd.org Received: from penchev.staff.orbitel.bg (ns.orbitel.bg [195.24.32.2]) by hub.freebsd.org (Postfix) with SMTP id 8BF7E37BD96 for ; Wed, 7 Jun 2000 10:02:32 -0700 (PDT) (envelope-from roam@orbitel.bg) Received: (qmail 33165 invoked from network); 7 Jun 2000 17:02:07 -0000 Received: from localhost.staff.orbitel.bg (HELO localhost) (127.0.0.1) by localhost.staff.orbitel.bg with SMTP; 7 Jun 2000 17:02:07 -0000 Date: Wed, 7 Jun 2000 20:02:07 +0300 (EEST) From: Peter Pentchev X-Sender: roam@ringwraith.oblivion.bg To: Frank Bonnet Cc: andrew@scoop.co.nz, fran@reyes.somos.net, freebsd-security@FreeBSD.ORG Subject: Re: Restricting user to a directory In-Reply-To: <200006071649.e57GnEg12368@bart.esiee.fr> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org not really. bash should be configured at runtime as to whether to *allow* invocation as a restricted shell; most precompiled versions of bash come with this capability. From there, just start it as rbash or bash -r, and it runs restricted. G'luck, Peter On Wed, 7 Jun 2000, Frank Bonnet wrote: > > well it "seems" that bash should be configured as a restricted shell > at compile time > see at > http://dept-info.labri.u-bordeaux.fr/~strandh/Teaching/USI/Common/Bash/bashref_65.html > > -- > Frank Bonnet > Groupe ESIEE Paris > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jun 7 10:22:41 2000 Delivered-To: freebsd-security@freebsd.org Received: from grimreaper.grondar.za (grimreaper.grondar.za [196.7.18.138]) by hub.freebsd.org (Postfix) with ESMTP id 607E037BDBA for ; Wed, 7 Jun 2000 10:22:29 -0700 (PDT) (envelope-from mark@grondar.za) Received: from grimreaper.grondar.za (localhost [127.0.0.1]) by grimreaper.grondar.za (8.9.3/8.9.3) with ESMTP id TAA01498; Wed, 7 Jun 2000 19:22:10 +0200 (SAST) (envelope-from mark@grimreaper.grondar.za) Message-Id: <200006071722.TAA01498@grimreaper.grondar.za> To: "Sergey A. Ivanov" Cc: freebsd-security@FreeBSD.ORG Subject: Re: cvsup of internat stuff References: <717264718.20000607135935@pd.chel.ru> In-Reply-To: <717264718.20000607135935@pd.chel.ru> ; from "Sergey A. Ivanov" "Wed, 07 Jun 2000 13:59:35 +0500." Date: Wed, 07 Jun 2000 19:22:10 +0200 From: Mark Murray Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Is cvsup.internat.freebsd.org still exist or i must cvsup crypto > from other site? cvsup2.internat.freebsd.org seems don't working too. This is a cvs question, not a security one. BUT - both are running; maybe you just need to try one closer to home. See www.freebsd.org. M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jun 7 10:27:22 2000 Delivered-To: freebsd-security@freebsd.org Received: from closed-networks.com (closed-networks.com [195.153.248.242]) by hub.freebsd.org (Postfix) with SMTP id 437EB37BB75 for ; Wed, 7 Jun 2000 10:27:14 -0700 (PDT) (envelope-from udp@closed-networks.com) Received: (qmail 67664 invoked by uid 1021); 7 Jun 2000 17:33:54 -0000 Date: Wed, 7 Jun 2000 18:33:24 +0100 From: User Datagram Protocol To: Peter Pentchev Subject: Re: Restricting user to a directory Message-ID: <20000607183324.L65725@closed-networks.com> Reply-To: User Datagram Protocol References: <200006071649.e57GnEg12368@bart.esiee.fr> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: ; from roam@orbitel.bg on Wed, Jun 07, 2000 at 08:02:07PM +0300 X-Echelon: MI6 Cobra GCHQ Panavia MI5 Timberline IRA NSA Mossad CIA Copperhead Organization: Closed Networks Limited, London, UK Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org What about SYSV-style invocation with argv[0] == "/bin/rsh" ? Ick. On Wed, Jun 07, 2000 at 08:02:07PM +0300, Peter Pentchev wrote: > not really. bash should be configured at runtime as to whether to *allow* > invocation as a restricted shell; most precompiled versions of bash come > with this capability. > From there, just start it as rbash or bash -r, and it runs restricted. -- Bruce M. Simpson aka 'udp' Security Analyst & UNIX Development Engineer WWW: www.closed-networks.com/~udp Dundee www.packetfactory.net/~udp United Kingdom email: udp@closed-networks.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jun 7 16:18: 4 2000 Delivered-To: freebsd-security@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id 303D037B8C2; Wed, 7 Jun 2000 16:17:56 -0700 (PDT) From: FreeBSD Security Advisories Subject: FreeBSD Security Advisory: FreeBSD-SA-00:21.ssh Reply-To: security-advisories@freebsd.org From: FreeBSD Security Advisories Message-Id: <20000607231756.303D037B8C2@hub.freebsd.org> Date: Wed, 7 Jun 2000 16:17:56 -0700 (PDT) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:21 Security Advisory FreeBSD, Inc. Topic: ssh port listens on extra network port Category: ports Module: ssh Announced: 2000-06-07 Credits: Jan Koum Affects: Ports collection. Corrected: 2000-04-21 FreeBSD only: Yes I. Background SSH is an implementation of the Secure Shell protocol for providing encrypted and authenticated communication between networked machines. II. Problem Description A patch added to the FreeBSD SSH port on 2000-01-14 incorrectly configured the SSH daemon to listen on an additional network port, 722, in addition to the usual port 22. This change was made as part of a patch to allow the SSH server to listen on multiple ports, but the option was incorrectly enabled by default. This may cause a violation of security policy if the additional port is not subjected to the same access-controls (e.g. firewallling) as the standard SSH port. Note this is not a vulnerability associated with the SSH software itself, and it is not likely to be a risk for the majority of installations, since a remote user must still have valid SSH credentials in order to access the SSH server on the alternate port. The risk is that users may be able to access the SSH server from IP addresses which are prohibited to connect to the standard port. The ssh port is not installed by default, nor is it "part of FreeBSD" as such: it is part of the FreeBSD ports collection, which contains nearly 3300 third-party applications in a ready-to-install format. The ports collection shipped with FreeBSD 4.0 contains this problem since it was discovered after the release. FreeBSD makes no claim about the security of these third-party applications, although an effort is underway to provide a security audit of the most security-critical ports. FreeBSD 4.0 ships with OpenSSH, a free implementation of the SSH protocol, included within the base system. OpenSSH does not suffer from this misconfiguration. III. Impact Remote users with valid SSH credentials may access the ssh server on a non-standard port, potentially bypassing IP address access controls on the standard SSH port. If you have not chosen to install the ssh port/package, or installed it prior to 2000-01-14 or after 2000-04-21, then your system is not vulnerable to this problem. IV. Workaround One of the following: 1) Comment out the line "Port 722" in /usr/local/etc/ssh_config and restart sshd 2) Add filtering rules to your perimeter firewall, or on the local machine (using ipfw or ipf) to limit connections to port 722. 3) Deinstall the ssh port/package, if you you have installed it. V. Solution One of the following: 1) Upgrade your entire ports collection and rebuild the ssh port. 2) download a new port skeleton for the ssh port from: http://www.freebsd.org/ports/ and use it to rebuild the port. Note that packages are not provided for the ssh port. 3) Use the portcheckout utility to automate option (2) above. The portcheckout port is available in /usr/ports/devel/portcheckout or the package can be obtained from: ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBOT7XFlUuHi5z0oilAQGr3wP7BQ30DoHXJiazMr41C77p+hSJIOnVAIKG wGhJVf1mjVh3ZNaxurZYJX9NvJASsKsG1GG8yFu3Y8fOVQ96UJ50eaeGc+5kS6S7 1PjN3P3almsEynBZSwX9VyUPWMvevFPgUfZIOLVnF6V/qiJKqROq04OQ5M2wqpj3 ab8z1IzJbGE= =bpMe -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jun 7 16:21:27 2000 Delivered-To: freebsd-security@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id 5748337B8CA; Wed, 7 Jun 2000 16:21:17 -0700 (PDT) From: FreeBSD Security Advisories Subject: FreeBSD Security Advisory: FreeBSD-SA-00:22.apsfilter Reply-To: security-advisories@freebsd.org From: FreeBSD Security Advisories Message-Id: <20000607232117.5748337B8CA@hub.freebsd.org> Date: Wed, 7 Jun 2000 16:21:17 -0700 (PDT) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:22 Security Advisory FreeBSD, Inc. Topic: apsfilter allows users to execute arbitrary commands as user lpd Category: ports Module: apsfilter Announced: 2000-06-07 Credits: Fixed by vendor. Affects: Ports collection. Corrected: 2000-04-29 Vendor status: Updated version released. FreeBSD only: NO I. Background apsfilter is a print filter which automatically handles the conversion of various types of file into a format understood by the printer. II. Problem Description The apsfilter port, versions 5.4.1 and below, contain a vulnerability which allow local users to execute arbitrary commands as the user running lpd, user root in a default FreeBSD installation. The apsfilter software allows users to specify their own filter configurations, which are read in an insecure manner and may be used to elevate privileges. The apsfilter port is not installed by default, nor is it "part of FreeBSD" as such: it is part of the FreeBSD ports collection, which contains over 3300 third-party applications in a ready-to-install format. The ports collection shipped with FreeBSD 4.0 contains this problem since it was discovered after the release. FreeBSD makes no claim about the security of these third-party applications, although an effort is underway to provide a security audit of the most security-critical ports. III. Impact Local users can cause arbitrary commands to be executed as root. If you have not chosen to install the apsfilter port/package, then your system is not vulnerable to this problem. IV. Workaround Deinstall the apsfilter port/package, if you you have installed it. V. Solution One of the following: 1) Upgrade your entire ports collection and rebuild the apsfilter port. 2) Deinstall the old package and install a new package dated after the correction date, obtained from: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/print/apsfilter-5.4.2.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/print/apsfilter-5.4.2.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/print/apsfilter-5.4.2.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/print/apsfilter-5.4.2.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/print/apsfilter-5.4.2.tgz 3) download a new port skeleton for the apsfilter port from: http://www.freebsd.org/ports/ and use it to rebuild the port. 4) Use the portcheckout utility to automate option (3) above. The portcheckout port is available in /usr/ports/devel/portcheckout or the package can be obtained from: ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBOT7YnFUuHi5z0oilAQExcgP/T7U8rtKfUE6sn3QiLrhVueX/h06gvUtp aSwqtd4EVS8FMbnMARs+TAcrLUVQBaHf7RA0LtIHhD441HNUmC0mbtL0GJQr1tI4 3H5tfqav7y3C0PiLe+4yy4HPjhOcZtOneldIf76hU+HiaCwWo6uBvv7ue3z1IIJQ o6BuABiKzE0= =S7V8 -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jun 7 17:17:41 2000 Delivered-To: freebsd-security@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id C549937BF12; Wed, 7 Jun 2000 17:17:16 -0700 (PDT) From: FreeBSD Security Advisories Subject: FreeBSD Security Advisory: FreeBSD-SA-00:21.ssh [REVISED] Reply-To: security-advisories@freebsd.org From: FreeBSD Security Advisories Message-Id: <20000608001716.C549937BF12@hub.freebsd.org> Date: Wed, 7 Jun 2000 17:17:16 -0700 (PDT) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:21 Security Advisory FreeBSD, Inc. Topic: ssh port listens on extra network port [REVISED] Category: ports Module: ssh Announced: 2000-06-07 Credits: Jan Koum Affects: Ports collection. Corrected: 2000-04-21 FreeBSD only: Yes I. Background SSH is an implementation of the Secure Shell protocol for providing encrypted and authenticated communication between networked machines. II. Problem Description A patch added to the FreeBSD SSH port on 2000-01-14 incorrectly configured the SSH daemon to listen on an additional network port, 722, in addition to the usual port 22. This change was made as part of a patch to allow the SSH server to listen on multiple ports, but the option was incorrectly enabled by default. This may cause a violation of security policy if the additional port is not subjected to the same access-controls (e.g. firewallling) as the standard SSH port. Note this is not a vulnerability associated with the SSH software itself, and it is not likely to be a risk for the majority of installations, since a remote user must still have valid SSH credentials in order to access the SSH server on the alternate port. The risk is that users may be able to access the SSH server from IP addresses which are prohibited to connect to the standard port. The ssh port is not installed by default, nor is it "part of FreeBSD" as such: it is part of the FreeBSD ports collection, which contains over 3300 third-party applications in a ready-to-install format. The ports collection shipped with FreeBSD 4.0 contains this problem since it was discovered after the release. FreeBSD makes no claim about the security of these third-party applications, although an effort is underway to provide a security audit of the most security-critical ports. FreeBSD 4.0 ships with OpenSSH, a free implementation of the SSH protocol, included within the base system. OpenSSH does not suffer from this misconfiguration. III. Impact Remote users with valid SSH credentials may access the ssh server on a non-standard port, potentially bypassing IP address access controls on the standard SSH port. If you have not chosen to install the ssh port/package, or installed it prior to 2000-01-14 or after 2000-04-21, then your system is not vulnerable to this problem. IV. Workaround One of the following: 1) Comment out the line "Port 722" in /usr/local/etc/sshd_config and restart sshd 2) Add filtering rules to your perimeter firewall, or on the local machine (using ipfw or ipf) to limit connections to port 722. 3) Deinstall the ssh port/package, if you you have installed it. V. Solution One of the following: 1) Upgrade your entire ports collection and rebuild the ssh port. 2) download a new port skeleton for the ssh port from: http://www.freebsd.org/ports/ and use it to rebuild the port. Note that packages are not provided for the ssh port. 3) Use the portcheckout utility to automate option (2) above. The portcheckout port is available in /usr/ports/devel/portcheckout or the package can be obtained from: ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz VI. Revision History v1.0 2000-06-07 Initial release v1.1 2000-06-07 Corrected typo in name of sshd config file -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBOT7lF1UuHi5z0oilAQHLaQP+LyCyEfrzDh63awRl8swXzHLpYib1upd+ nUbctw+HOc7GfWGCUFfzhTUWvuwjqx43reE1XSX5ETXm4nVKwMDCum35FomlrUB+ 3LQeXHgsogeTmGzNoWqaJBhvC7ffMBWZrW4JFokasyWbOgJhhWiklBRVojkale0Y e+CNOgK3f3U= =no4A -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jun 7 17:21:42 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 1A4B937BE56 for ; Wed, 7 Jun 2000 17:21:38 -0700 (PDT) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id RAA08919 for ; Wed, 7 Jun 2000 17:21:38 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Wed, 7 Jun 2000 17:21:38 -0700 (PDT) From: Kris Kennaway To: security@freebsd.org Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-00:21.ssh In-Reply-To: <20000607231756.303D037B8C2@hub.freebsd.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 7 Jun 2000, FreeBSD Security Advisories wrote: > 1) Comment out the line "Port 722" in /usr/local/etc/ssh_config and > restart sshd This should have been sshd_config, not ssh_config. Thanks to Nate Williams for pointing it out - the revised advisory just issued contains the correction. Kris ---- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jun 7 18:21:29 2000 Delivered-To: freebsd-security@freebsd.org Received: from mta01.onebox.com (mta01.onebox.com [216.33.158.208]) by hub.freebsd.org (Postfix) with ESMTP id E8AC237B84C; Wed, 7 Jun 2000 18:21:22 -0700 (PDT) (envelope-from chutima_s@zdnetonebox.com) Received: from onebox.com ([216.33.158.146]) by mta01.onebox.com (InterMail v4.01.01.07 201-229-111-110) with SMTP id <20000608012122.FWOT23976.mta01@onebox.com>; Wed, 7 Jun 2000 18:21:22 -0700 Received: from [203.107.232.70] by onebox.com with HTTP; Wed, 07 Jun 2000 18:21:22 -0700 Date: Wed, 07 Jun 2000 18:21:22 -0700 Subject: How to automatic transfer file without security weakness. From: "Chutima S." To: freebsd-net@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Message-Id: <20000608012122.FWOT23976.mta01@onebox.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Dear all, Currently in my all system I used rcp and rsh with cron to automatatic transfer file. But I think it may be some weakness of security. I read man page of rcp and rsh found something like kerboros authentication. And someone mention about ssh. How could I deploy them in my system. Thks, -- Chutima Subsirin chutima_s@zdnetonebox.com - email ___________________________________________________________________ To get your own FREE ZDNet Onebox - FREE voicemail, email, and fax, all in one place - sign up today at http://www.zdnetonebox.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jun 7 18:35:51 2000 Delivered-To: freebsd-security@freebsd.org Received: from dfw-smtpout2.email.verio.net (dfw-smtpout2.email.verio.net [129.250.36.42]) by hub.freebsd.org (Postfix) with ESMTP id 5C49F37B5AE for ; Wed, 7 Jun 2000 18:35:44 -0700 (PDT) (envelope-from bokr@accessone.com) Received: from [129.250.38.64] (helo=dfw-mmp4.email.verio.net) by dfw-smtpout2.email.verio.net with esmtp (Exim 3.12 #7) id 12zrEV-00003n-00; Thu, 08 Jun 2000 01:35:43 +0000 Received: from [204.250.68.168] (helo=gazelle) by dfw-mmp4.email.verio.net with smtp (Exim 3.12 #7) id 12zrET-00062s-00; Thu, 08 Jun 2000 01:35:42 +0000 Message-Id: <3.0.5.32.20000607183556.00908730@mail.accessone.com> X-Sender: bokr@mail.accessone.com X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32) Date: Wed, 07 Jun 2000 18:35:56 -0700 To: Cy Schubert - ITSD Open Systems Group From: Bengt Richter Subject: Re: FreeBSDDEATH.c.txt (mmap dirty page no check bug) Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <200006071311.e57DBsW08744@cwsys.cwsent.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 06:11 2000-06-07 -0700 Cy Schubert - ITSD Open Systems Group wrote: [...] > >Replacement candidates for /tmp and /var/tmp are: > >1. Each user has a subdirectory in /tmp as /tmp/$USER. An idea brought > forth to BUGTRAQ by Theo de Raadt of the OpenBSD project. > >2. Each user maintains their own /tmp as $HOME/tmp or some such thing. > An idea I had discussed with my co-workers a number of years ago. > I have an inkling of a third way, for backwards compatibility with #2. Suppose you create a pseudo-device (/dev/home ?) whose only purpose is to support a pseudo-file-system, whose only purpose is to return $USER-dependent symbolic links? (A new kind of symbolic link might be more efficient, but I'm looking for a way to do it within current mechanisms). /dev/home/xxx would be mounted at /yyy to get the effect of opening /yyy/file to be opening $HOME/xxx/file. For our case, use tmp for both xxx and yyy. That's the sketch, anyway. The above deals with (hidden) partitioning of the /tmp namespace, but does not address the hint-carrying aspect of "tmp." As other posts have mentioned, "tmp" might mean: a. You want a fast small scratch file b. It might not be small c. You want garbage collection service d. Access may be very public, so think twice Other usage hints might be: e. You want sequential read-only access with huge read-ahead buffering for a jitter-glitch-free multimedia stream f. You want a no-persistent-cleartext-guaranteed file You can easily expand on this, but my point is that maybe namespace, access control, and performance tuning goals should be separated (at least for discussion purposes ;-) so that if there is going to be changes, solutions will be implemented in appropriate contexts. One way of specifying something about a file is by saying it applies to all files in a particular namespace (or subspace: e.g., leading dot, trailing .vbs :) or directory. Another is to mark the files with attribute flags or ACLs. Another is to pass arguments to access functions like open(), or ioctl(), etc. Another is to wrap it in some new object. Etc., etc. If we don't identify what we're doing, and the options, we won't think about them until a legacy pinches. HTH. Regards, Bengt Richter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jun 7 19:16:19 2000 Delivered-To: freebsd-security@freebsd.org Received: from server1.mich.com (server1.mich.com [198.108.16.2]) by hub.freebsd.org (Postfix) with ESMTP id 3F50837B5F5; Wed, 7 Jun 2000 19:16:15 -0700 (PDT) (envelope-from will@almanac.yi.org) Received: from almanac.yi.org (pm012-013.dialup.bignet.net [64.79.82.29]) by server1.mich.com (8.9.3/8.9.3) with ESMTP id WAA09130; Wed, 7 Jun 2000 22:16:11 -0400 Received: by almanac.yi.org (Postfix, from userid 1000) id 92BAC195D; Wed, 7 Jun 2000 22:15:15 -0400 (EDT) Date: Wed, 7 Jun 2000 22:15:15 -0400 From: Will Andrews To: "Chutima S." Cc: freebsd-net@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: How to automatic transfer file without security weakness. Message-ID: <20000607221515.G20875@argon.gryphonsoft.com> References: <20000608012122.FWOT23976.mta01@onebox.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: <20000608012122.FWOT23976.mta01@onebox.com>; from chutima_s@zdnetonebox.com on Wed, Jun 07, 2000 at 06:21:22PM -0700 X-Operating-System: FreeBSD 5.0-CURRENT i386 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Jun 07, 2000 at 06:21:22PM -0700, Chutima S. wrote: > Currently in my all system I used rcp and rsh with cron > to automatatic transfer file. But I think it may be some > weakness of security. man 1 scp ..with ssh installed. -- Will Andrews GCS/E/S @d- s+:+>+:- a--->+++ C++ UB++++ P+ L- E--- W+++ !N !o ?K w--- ?O M+ V-- PS+ PE++ Y+ PGP+>+++ t++ 5 X++ R+ tv+ b++>++++ DI+++ D+ G++>+++ e->++++ h! r-->+++ y? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jun 7 20: 7: 4 2000 Delivered-To: freebsd-security@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id 1E2F037B8AC for ; Wed, 7 Jun 2000 20:06:59 -0700 (PDT) (envelope-from Cy.Schubert@uumail.gov.bc.ca) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id UAA24898; Wed, 7 Jun 2000 20:06:50 -0700 Received: from passer.osg.gov.bc.ca(142.32.110.29) via SMTP by point.osg.gov.bc.ca, id smtpda24896; Wed Jun 7 20:06:46 2000 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.9.3/8.9.1) id UAA00954; Wed, 7 Jun 2000 20:06:46 -0700 (PDT) Received: from cwsys9.cwsent.com(10.2.2.1), claiming to be "cwsys.cwsent.com" via SMTP by passer9.cwsent.com, id smtpdwGl952; Wed Jun 7 20:06:17 2000 Received: (from uucp@localhost) by cwsys.cwsent.com (8.10.1/8.9.1) id e5836GM02334; Wed, 7 Jun 2000 20:06:16 -0700 (PDT) Message-Id: <200006080306.e5836GM02334@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpdkd2330; Wed Jun 7 20:05:32 2000 X-Mailer: exmh version 2.1.1 10/15/1999 Reply-To: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-OS: FreeBSD 4.0-STABLE X-Sender: cy To: Bengt Richter Cc: Cy Schubert - ITSD Open Systems Group , freebsd-security@FreeBSD.ORG Subject: Re: FreeBSDDEATH.c.txt (mmap dirty page no check bug) In-reply-to: Your message of "Wed, 07 Jun 2000 18:35:56 PDT." <3.0.5.32.20000607183556.00908730@mail.accessone.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 07 Jun 2000 20:05:32 -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <3.0.5.32.20000607183556.00908730@mail.accessone.com>, Bengt Richter writes: > At 06:11 2000-06-07 -0700 Cy Schubert - ITSD Open Systems Group wrote: > [...] > > > >Replacement candidates for /tmp and /var/tmp are: > > > >1. Each user has a subdirectory in /tmp as /tmp/$USER. An idea brought > > forth to BUGTRAQ by Theo de Raadt of the OpenBSD project. > > > >2. Each user maintains their own /tmp as $HOME/tmp or some such thing. > > An idea I had discussed with my co-workers a number of years ago. > > > > I have an inkling of a third way, for backwards compatibility with #2. > Suppose you create a pseudo-device (/dev/home ?) whose only purpose is > to support a pseudo-file-system, whose only purpose is to return > $USER-dependent symbolic links? (A new kind of symbolic link might > be more efficient, but I'm looking for a way to do it within current > mechanisms). /dev/home/xxx would be mounted at /yyy to get the effect of > opening /yyy/file to be opening $HOME/xxx/file. For our case, use tmp for > both xxx and yyy. That's the sketch, anyway. Except that $HOME is not understood in the kernel. This would overly complicate the kernel. A simpler approach would be to have a /tmp address space that would be addressable by any process with the same UID. When the last process belonging to a UID terminates, the UID's /tmp address space would be freed, deleting any files in the UID's /tmp. Only the UID and root would have access to the UID's /tmp. Root would have access via a portal-like filesystem that would map all users /tmp filesystems. Rather than having the kernel manage this new filesystem, have an automounter-like process manage the filesystem. This way the filesystem could be mapped to a users subdirectory implementing the policy outlined above and making the auto cleanup discussed above optional. Rather than implementing the policy I outlined above this same daemon could be used to implement the policy you outlined. The beauty of this is that flexible, even individualised policy definition and complexity would now be external to the kernel, using the same kernel interface that amd uses. We have a base of code to start with too: amd. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/DEC Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Jun 7 20:27:23 2000 Delivered-To: freebsd-security@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id A943937B946 for ; Wed, 7 Jun 2000 20:27:20 -0700 (PDT) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.3/8.9.3) id XAA73356; Wed, 7 Jun 2000 23:27:12 -0400 (EDT) (envelope-from wollman) Date: Wed, 7 Jun 2000 23:27:12 -0400 (EDT) From: Garrett Wollman Message-Id: <200006080327.XAA73356@khavrinen.lcs.mit.edu> To: Cy Schubert - ITSD Open Systems Group Cc: Bengt Richter , freebsd-security@FreeBSD.ORG Subject: Re: FreeBSDDEATH.c.txt (mmap dirty page no check bug) In-Reply-To: <200006080306.e5836GM02334@cwsys.cwsent.com> References: <3.0.5.32.20000607183556.00908730@mail.accessone.com> <200006080306.e5836GM02334@cwsys.cwsent.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org < said: > We have a base of code to start with too: amd. man hlfsd -GAWollman To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jun 8 1:19:49 2000 Delivered-To: freebsd-security@freebsd.org Received: from penry.dugard.org (adsl-151-200-15-151.bellatlantic.net [151.200.15.151]) by hub.freebsd.org (Postfix) with ESMTP id A844637BB05 for ; Thu, 8 Jun 2000 01:19:41 -0700 (PDT) (envelope-from dave@dugard.org) Received: from localhost (dave@localhost) by penry.dugard.org (8.9.3/6.6.6) with ESMTP id EAA50217; Thu, 8 Jun 2000 04:19:39 -0400 (EDT) (envelope-from dave@dugard.org) Date: Thu, 8 Jun 2000 04:19:34 -0400 (EDT) From: Dave To: freebsd-security@FreeBSD.ORG Cc: chutima_s@zdnetonebox.com Subject: Re: How to automatic transfer file without security weakness. In-Reply-To: <20000608012122.FWOT23976.mta01@onebox.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 k - go here http://www.freebsddiary.org/secure-file-copy.html read learn Dave _______ pgp key: http://www.dugard.org/dave.pgp.asc "No Sane man will dance. " - Cicero (106-43 B.C.) On Wed, 7 Jun 2000, Chutima S. wrote: > Dear all, > > Currently in my all system I used rcp and rsh with cron > to automatatic transfer file. But I think it may be some > weakness of security. > > I read man page of rcp and rsh found something like > kerboros authentication. And someone mention about ssh. > > How could I deploy them in my system. > > Thks, > -- > Chutima Subsirin > chutima_s@zdnetonebox.com - email > > > ___________________________________________________________________ > To get your own FREE ZDNet Onebox - FREE voicemail, email, and fax, > all in one place - sign up today at http://www.zdnetonebox.com > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.0i for non-commercial use Charset: noconv iQA/AwUBOT9XGoZz2iHxXqnlEQJNLQCgjhpdZSgnVinpmGUeO5Eeqr9hJS0AoKrS SlqqEWeuJPjVVyDFX6OdM/gK =cGyi -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jun 8 7:39: 2 2000 Delivered-To: freebsd-security@freebsd.org Received: from vtopus.cs.vt.edu (vtopus.cs.vt.edu [128.173.40.24]) by hub.freebsd.org (Postfix) with ESMTP id 2B78037BB22; Thu, 8 Jun 2000 07:38:53 -0700 (PDT) (envelope-from dhagan@cs.vt.edu) Received: from localhost (dhagan@localhost) by vtopus.cs.vt.edu (8.10.1/8.10.1) with ESMTP id e58Ecoo01870; Thu, 8 Jun 2000 10:38:51 -0400 (EDT) Date: Thu, 8 Jun 2000 10:38:50 -0400 (EDT) From: Daniel Hagan To: "Chutima S." Cc: freebsd-net@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: How to automatic transfer file without security weakness. In-Reply-To: <20000608012122.FWOT23976.mta01@onebox.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 7 Jun 2000, Chutima S. wrote: > Currently in my all system I used rcp and rsh with cron > to automatatic transfer file. But I think it may be some > weakness of security. Check rdist(1) also. Under FreeBSD you can use -P to specify a rsh replacement (i.e. -P ssh) which would give you the benefits of rdist's semi-smart updates and using ssh for security. Daniel -- Daniel Hagan Computer Science CSE dhagan@cs.vt.edu http://www.cs.vt.edu/~dhagan/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jun 8 9:18: 6 2000 Delivered-To: freebsd-security@freebsd.org Received: from ocis.ocis.net (ocis.ocis.net [209.52.173.1]) by hub.freebsd.org (Postfix) with ESMTP id E105637C0A6 for ; Thu, 8 Jun 2000 09:17:59 -0700 (PDT) (envelope-from vdrifter@ocis.ocis.net) Received: from localhost (vdrifter@localhost) by ocis.ocis.net (8.9.3/8.9.3) with ESMTP id JAA05194 for ; Thu, 8 Jun 2000 09:17:56 -0700 Date: Thu, 8 Jun 2000 09:17:49 -0700 (PDT) From: John F Cuzzola To: freebsd-security@FreeBSD.ORG Subject: ipfw & keep-state Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi all, I'm interested in using the keep-state/check-state options with ipfw. I'm curious however what rules are dynamically created and whether I have control over them, specifically with divert rules. I use divert/natd heavily and I was wondering what happens with a rule like: ipfw divert 7000 ip from any to 200.45.1.7 ipfw divert 7000 ip from 192.168.3.2 to any keep-state (natd would be listening on port 7000 providing static-NAT from 200.45.1.7 to 192.168.3.2) Just curious, thanks JohnC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jun 8 9:24:18 2000 Delivered-To: freebsd-security@freebsd.org Received: from ox.slug.louisville.edu (ox.slug.louisville.edu [136.165.47.38]) by hub.freebsd.org (Postfix) with ESMTP id 9C77037B619 for ; Thu, 8 Jun 2000 09:24:13 -0700 (PDT) (envelope-from pdbeal01@slug.louisville.edu) Received: from pdbeal01 by ox.slug.louisville.edu with local (Exim 3.12 #1 (Debian)) id 13056K-0000xE-00; Thu, 08 Jun 2000 12:24:12 -0400 Date: Thu, 8 Jun 2000 12:24:12 -0400 From: Phillip Beal To: freebsd-security@freebsd.org Cc: Phillip Beal Subject: NATD? Message-ID: <20000608122412.B3470@slug.louisville.edu> Mail-Followup-To: Phillip Beal , freebsd-security@freebsd.org Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="eJnRUKwClWJh1Khz" Content-Disposition: inline User-Agent: Mutt/1.2i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --eJnRUKwClWJh1Khz Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, I am currentl running a FreeBSD 3.4 firewall on my @Home cable modem. The machine runs fine as a firewall. However I'd need to change something within NATD. Here's my problem I have an internal computer that connects to bnetd whihc is running on the firewall. I want the firewall to translate the connection from the inside computer to the outside IP on a different port. Normally it connects with udp onto port 6112 and I want the firewall to translate this into the outside ip port 6102. I was told NATD would do it since that translates ip's and portnumbers for internal and external ip's. =20 Is there anywhere I can get some more info about setting this up? Thanks, --=20 Phillip Beal Evil Genius In Training=09 Electrical and Computer Engineering "God, Root, what is difference?"=20 S+LUG Vice-President -Userfriendly.org GPG Key fingerprint =3D 3335 BF29 5180 42DF D7BB 484C 78E0 B0F3 6FB9 81D0 --eJnRUKwClWJh1Khz Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE5P8iseOCw82+5gdARAslAAJ0TXj5NuTHHqIzzQMDqOm9Q+CnYUgCeLnWs A3J/7leHU994ZP20Mj4Zod4= =OCXQ -----END PGP SIGNATURE----- --eJnRUKwClWJh1Khz-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jun 8 9:43: 1 2000 Delivered-To: freebsd-security@freebsd.org Received: from whale.sunbay.crimea.ua (sunbay-10BASE-T.cris.net [212.110.130.67]) by hub.freebsd.org (Postfix) with ESMTP id 6CB0237B89C for ; Thu, 8 Jun 2000 09:42:52 -0700 (PDT) (envelope-from ru@whale.sunbay.crimea.ua) Received: (from ru@localhost) by whale.sunbay.crimea.ua (8.9.3/1.13) id TAA02310; Thu, 8 Jun 2000 19:42:15 +0300 (EEST) Date: Thu, 8 Jun 2000 19:42:15 +0300 From: Ruslan Ermilov To: John F Cuzzola Cc: freebsd-security@FreeBSD.ORG Subject: Re: ipfw & keep-state Message-ID: <20000608194215.A1347@sunbay.com> Mail-Followup-To: John F Cuzzola , freebsd-security@FreeBSD.ORG References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: ; from vdrifter@ocis.ocis.net on Thu, Jun 08, 2000 at 09:17:49AM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, Jun 08, 2000 at 09:17:49AM -0700, John F Cuzzola wrote: > > Hi all, > I'm interested in using the keep-state/check-state options with ipfw. I'm > curious however what rules are dynamically created and whether I have > control over them, specifically with divert rules. I use divert/natd > heavily and I was wondering what happens with a rule like: > > ipfw divert 7000 ip from any to 200.45.1.7 > ipfw divert 7000 ip from 192.168.3.2 to any keep-state > > (natd would be listening on port 7000 providing static-NAT from 200.45.1.7 > to 192.168.3.2) > If you put `check-state' rule before `keep-state', this will probably be very interesting. There is a common problem with firewalls/NATS. People usually prohibit intranet traffic through external interface, and at the same time use external interface for NAT purposes. The problem is that when IP packet comes back and is dealiased, it is passed to firewall again as "coming in through public interface with intranet destination address", and results in PR conf/13769. I am going to test this right now, and commit the changes to rc.firewall if this seems to work. -- Ruslan Ermilov Oracle Developer/DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jun 8 9:44:42 2000 Delivered-To: freebsd-security@freebsd.org Received: from whale.sunbay.crimea.ua (sunbay-10BASE-T.cris.net [212.110.130.67]) by hub.freebsd.org (Postfix) with ESMTP id 2398637B8D8 for ; Thu, 8 Jun 2000 09:44:34 -0700 (PDT) (envelope-from ru@whale.sunbay.crimea.ua) Received: (from ru@localhost) by whale.sunbay.crimea.ua (8.9.3/1.13) id TAA02365; Thu, 8 Jun 2000 19:43:45 +0300 (EEST) Date: Thu, 8 Jun 2000 19:43:44 +0300 From: Ruslan Ermilov To: Phillip Beal Cc: freebsd-security@freebsd.org Subject: Re: NATD? Message-ID: <20000608194344.B1347@sunbay.com> Mail-Followup-To: Phillip Beal , freebsd-security@freebsd.org References: <20000608122412.B3470@slug.louisville.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <20000608122412.B3470@slug.louisville.edu>; from pdbeal@louisville.edu on Thu, Jun 08, 2000 at 12:24:12PM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, Jun 08, 2000 at 12:24:12PM -0400, Phillip Beal wrote: > Hi, > > I am currentl running a FreeBSD 3.4 firewall on my @Home cable modem. > The machine runs fine as a firewall. However I'd need to change > something within NATD. Here's my problem > > I have an internal computer that connects to bnetd whihc is running on > the firewall. I want the firewall to translate the connection from the > inside computer to the outside IP on a different port. Normally it > connects with udp onto port 6112 and I want the firewall to translate > this into the outside ip port 6102. I was told NATD would do it since > that translates ip's and portnumbers for internal and external ip's. > > Is there anywhere I can get some more info about setting this up? > Sure, just read ipfw(8) and natd(8) manual pages. -- Ruslan Ermilov Oracle Developer/DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jun 8 11:15: 9 2000 Delivered-To: freebsd-security@freebsd.org Received: from dfw-smtpout3.email.verio.net (dfw-smtpout3.email.verio.net [129.250.36.43]) by hub.freebsd.org (Postfix) with ESMTP id 3DF7F37C0CB for ; Thu, 8 Jun 2000 11:14:41 -0700 (PDT) (envelope-from bokr@accessone.com) Received: from [129.250.38.63] (helo=dfw-mmp3.email.verio.net) by dfw-smtpout3.email.verio.net with esmtp (Exim 3.12 #7) id 1306pC-0004wM-00; Thu, 08 Jun 2000 18:14:38 +0000 Received: from [204.250.68.168] (helo=gazelle) by dfw-mmp3.email.verio.net with smtp (Exim 3.12 #7) id 1306p6-0005rT-00; Thu, 08 Jun 2000 18:14:37 +0000 Message-Id: <3.0.5.32.20000608111501.009018a0@mail.accessone.com> X-Sender: bokr@mail.accessone.com (Unverified) X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32) Date: Thu, 08 Jun 2000 11:15:01 -0700 To: Cy Schubert - ITSD Open Systems Group From: Bengt Richter Subject: Re: FreeBSDDEATH.c.txt (mmap dirty page no check bug) Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <200006080306.e5836GM02334@cwsys.cwsent.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 20:05 2000-06-07 -0700 Cy Schubert - ITSD Open Systems Group wrote: >In message <3.0.5.32.20000607183556.00908730@mail.accessone.com>, Bengt >Richter > writes: >> At 06:11 2000-06-07 -0700 Cy Schubert - ITSD Open Systems Group wrote: >> [...] >> > >> >Replacement candidates for /tmp and /var/tmp are: >> > >> >1. Each user has a subdirectory in /tmp as /tmp/$USER. An idea brought >> > forth to BUGTRAQ by Theo de Raadt of the OpenBSD project. >> > >> >2. Each user maintains their own /tmp as $HOME/tmp or some such thing. >> > An idea I had discussed with my co-workers a number of years ago. >> > >> >> I have an inkling of a third way, for backwards compatibility with #2. >> Suppose you create a pseudo-device (/dev/home ?) whose only purpose is >> to support a pseudo-file-system, whose only purpose is to return ----------------^^^^^^^^^^^^^^^^^^ >> $USER-dependent symbolic links? (A new kind of symbolic link might >> be more efficient, but I'm looking for a way to do it within current >> mechanisms). /dev/home/xxx would be mounted at /yyy to get the effect of -------------------------^^^^[1]-------^^^^^^^ ^[1]: Oops, the /xxx info should not go there (nor as mount call opt where it actually would go). That would make it the same for all. Better from a config file with xxx for each user. Then a mount_home could do the whole setup job analogous to mount_mfs. >> opening /yyy/file to be opening $HOME/xxx/file. For our case, use tmp for >> both xxx and yyy. That's the sketch, anyway. > >Except that $HOME is not understood in the kernel. This would overly >complicate the kernel. > I didn't mean for the kernel to have access to $HOME per se (ick). The /dev/home device driver would cache "$HOME" info passed to it during initialization. This would effectively create a file system on the device and write data to it. And it wouldn't be $HOME per se, it would be the default working directories from the password file, for every user. This could be done via an ioctl interface. This could all be bundled in mount_home. Per second thought above, there would be a config file to give each user a /tmp location relative to the default directory read from the pw file, BTW, this would mean that daemons like mysqld would/could make use of redirected /tmp as well. Giving /dev/home multiple units could allow multiple mounts for redirecting other mount points similarly. Putting a leading slash on the otherwise relative paths could be made to let you redirect to arbitrary locations (just thought of that), which might help integrate with some legacy situations. >A simpler approach would be to have a /tmp address space that would be >addressable by any process with the same UID. When the last process >belonging to a UID terminates, the UID's /tmp address space would be >freed, deleting any files in the UID's /tmp. Only the UID and root >would have access to the UID's /tmp. Root would have access via a >portal-like filesystem that would map all users /tmp filesystems. > /dev/home and its file system would provide generalized redirection of any mount point to any point in a current user's default working directory tree (or anywhere), rather than being tmp-specific, so it's a different approach. >Rather than having the kernel manage this new filesystem, have an >automounter-like process manage the filesystem. This way the I thought mounting once would be simple, but that's interesting. I thought to pretend that /dev/home was a new type of memory file device, to allow making it as small and simple as possible, and make a file system do most of the work of interfacing. Alternatively, /dev/home could be intialized with what would amount to a compressed image of an ordinary very small mfs containing the links, (constructed to facilitate the hidden UID-dependent view generation) and mount that read-only as an apparently normal mfs, thus making use of an existing file system. An entry in fstab could kick off mount_home, unless maybe there is a problem timing the move from use of ordinary /tmp during startup to using UID-directed /tmp. >filesystem could be mapped to a users subdirectory implementing the >policy outlined above and making the auto cleanup discussed above >optional. Rather than implementing the policy I outlined above this >same daemon could be used to implement the policy you outlined. The >beauty of this is that flexible, even individualised policy definition >and complexity would now be external to the kernel, using the same >kernel interface that amd uses. > >We have a base of code to start with too: amd. > I would wonder about overhead, and what it would take to make it work in non-NFS systems. What I had in mind was to do something as minimal as possible. Perhaps another round or two of comments would be productive. Seems like we're getting somewhere :) Regards, Bengt Richter BTW, is C++ (or are particular C++ features) verboten for writing device drivers or file systems? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jun 8 11:48:27 2000 Delivered-To: freebsd-security@freebsd.org Received: from dfw-smtpout3.email.verio.net (dfw-smtpout3.email.verio.net [129.250.36.43]) by hub.freebsd.org (Postfix) with ESMTP id 5ACE437BA5E for ; Thu, 8 Jun 2000 11:48:24 -0700 (PDT) (envelope-from bokr@accessone.com) Received: from [129.250.38.64] (helo=dfw-mmp4.email.verio.net) by dfw-smtpout3.email.verio.net with esmtp (Exim 3.12 #7) id 1307Lo-0001LL-00; Thu, 08 Jun 2000 18:48:20 +0000 Received: from [204.250.68.168] (helo=gazelle) by dfw-mmp4.email.verio.net with smtp (Exim 3.12 #7) id 1307Lm-0005fY-00; Thu, 08 Jun 2000 18:48:19 +0000 Message-Id: <3.0.5.32.20000608114835.0090d210@mail.accessone.com> X-Sender: bokr@mail.accessone.com X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32) Date: Thu, 08 Jun 2000 11:48:35 -0700 To: Garrett Wollman From: Bengt Richter Subject: Re: FreeBSDDEATH.c.txt (mmap dirty page no check bug) Cc: freebsd-security@FreeBSD.ORG, Cy Schubert - ITSD Open Systems Group In-Reply-To: <200006080327.XAA73356@khavrinen.lcs.mit.edu> References: <200006080306.e5836GM02334@cwsys.cwsent.com> <3.0.5.32.20000607183556.00908730@mail.accessone.com> <200006080306.e5836GM02334@cwsys.cwsent.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 23:27 2000-06-07 -0400 Garrett Wollman wrote: >< said: > >> We have a base of code to start with too: amd. > >man hlfsd > Functionally, I guess I re-invented another wheel, but implementation-wise, I wonder if my approach wouldn't be leaner? Does one need to configure for NFS in order to use hlfsd? Some systems might not be configured for NFS, yet want to have /tmp redirection. Regards, Bengt Richter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jun 8 12:46:59 2000 Delivered-To: freebsd-security@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id 1788E37B681 for ; Thu, 8 Jun 2000 12:46:54 -0700 (PDT) (envelope-from Cy.Schubert@uumail.gov.bc.ca) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id MAA27685; Thu, 8 Jun 2000 12:46:16 -0700 Received: from passer.osg.gov.bc.ca(142.32.110.29) via SMTP by point.osg.gov.bc.ca, id smtpda27683; Thu Jun 8 12:46:13 2000 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.9.3/8.9.1) id MAA10848; Thu, 8 Jun 2000 12:46:13 -0700 (PDT) Received: from cwsys9.cwsent.com(10.2.2.1), claiming to be "cwsys.cwsent.com" via SMTP by passer9.cwsent.com, id smtpdK10832; Thu Jun 8 12:45:55 2000 Received: (from uucp@localhost) by cwsys.cwsent.com (8.10.2/8.9.1) id e58Jjss09448; Thu, 8 Jun 2000 12:45:54 -0700 (PDT) Message-Id: <200006081945.e58Jjss09448@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpdaH9440; Thu Jun 8 12:44:59 2000 X-Mailer: exmh version 2.1.1 10/15/1999 Reply-To: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-OS: FreeBSD 4.0-STABLE X-Sender: cy To: Garrett Wollman Cc: Cy Schubert - ITSD Open Systems Group , Bengt Richter , freebsd-security@FreeBSD.ORG Subject: Re: FreeBSDDEATH.c.txt (mmap dirty page no check bug) In-reply-to: Your message of "Wed, 07 Jun 2000 23:27:12 EDT." <200006080327.XAA73356@khavrinen.lcs.mit.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Thu, 08 Jun 2000 12:44:59 -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <200006080327.XAA73356@khavrinen.lcs.mit.edu>, Garrett Wollman write s: > < Cy.Schubert@uumail.gov.bc.ca> said: > > > We have a base of code to start with too: amd. > > man hlfsd This might just work. My initial test plan will be to chmod 700 /tmp (on the test system /var/tmp --> /tmp) and set TMP to /ntmp/username (for now) in /etc/profile and /etc/csh.cshrc. If that doesn't cause too much gas, completely replacing /tmp would be the next step in my test plan. If all this works satisfactorily, I'll submit a PR to completely replace /tmp with the new structure. I don't think we want the new structure to live in /tmp as I think /tmp should be deleted and a new name be chosen for the new tmp. Otherwise it would be too confusing. This reminds me, replacing /var/mail with a similar mechanism should also be in the queue shortly. I'll tackle this one first, however. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/DEC Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jun 8 13:50:33 2000 Delivered-To: freebsd-security@freebsd.org Received: from cactus.fi.uba.ar (cactus.fi.uba.ar [157.92.49.108]) by hub.freebsd.org (Postfix) with ESMTP id EB3F437C04E for ; Thu, 8 Jun 2000 13:50:21 -0700 (PDT) (envelope-from fgleiser@cactus.fi.uba.ar) Received: from cactus.fi.uba.ar (cactus.fi.uba.ar [157.92.49.108]) by cactus.fi.uba.ar (8.9.3/8.9.3) with ESMTP id RAA26409; Thu, 8 Jun 2000 17:49:10 GMT (envelope-from fgleiser@cactus.fi.uba.ar) Date: Thu, 8 Jun 2000 17:49:10 +0000 (GMT) From: Fernando Gleiser To: Fernando Schapachnik Cc: freebsd-security@FreeBSD.ORG Subject: Re: IPFilter question In-Reply-To: <200006071452.LAA16205@ns1.via-net-works.net.ar> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 7 Jun 2000, Fernando Schapachnik wrote: > Hi: > I've read the ipf-howto whose URL was published in the list a > few month ago and used it to construt a FW. Everything was fine except > for: > > Using keep state with icmp doesn't allow traceroutes. The > solution I found was to let icmp types 0 and 11 in. Is this supposed > to work this way or I misconfigured something? Shouldn't `keep state' be > enough to let traceroute work? You don't need to allow icmp type 0. It is covered by the keep state. You also need to allow incoming ICMP type 3 (unreachable) codes 0, 1, 3, 9, 10 and 13 for traceroute to work properly. You also need to allow ICMP type 3 code 4 (unreachable: need to frag) for path MTU discovery to work. If you have further questions, mail me privately and I'll give you my phone number (I live in Bs As also). Fer To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Jun 8 23:59:45 2000 Delivered-To: freebsd-security@freebsd.org Received: from berlin.axl.net (berlin.axl.net [216.66.11.23]) by hub.freebsd.org (Postfix) with SMTP id 36DCF37C232 for ; Thu, 8 Jun 2000 23:59:42 -0700 (PDT) (envelope-from matt@axl.net) Received: (qmail 42148 invoked by uid 85); 9 Jun 2000 07:04:47 -0000 Received: from matt@axl.net by berlin.axl.net with scan4virus-0.19 (sweep: 1.8/3.33. . Clean. Processed in 0.63168 secs); 09/06/2000 07:04:46 Received: from ws-01.matthennigus.lightningdsl.net (HELO sinister) (216.66.30.66) by berlin.axl.net with SMTP; 9 Jun 2000 07:04:46 -0000 From: "Matthew B. Henniges" To: Subject: RE: FreeBSDDEATH.c.txt (mmap dirty page no check bug) Date: Fri, 9 Jun 2000 03:03:02 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <3.0.5.32.20000607183556.00908730@mail.accessone.com> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org And what of suid programs? Do they use the users tmp(and possible fall to symlink/race/whatever..) or do they use a different one(roots?) do suid programs all use roots /tmp, no matter who runs them? Matthew B. Henniges CoPresident Axl.net Communications http://www.axl.net (203) 552-1714 > -----Original Message----- > From: owner-freebsd-security@FreeBSD.ORG > [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Bengt Richter > Sent: Wednesday, June 07, 2000 9:36 PM > To: Cy Schubert - ITSD Open Systems Group > Cc: freebsd-security@FreeBSD.ORG > Subject: Re: FreeBSDDEATH.c.txt (mmap dirty page no check bug) > > > At 06:11 2000-06-07 -0700 Cy Schubert - ITSD Open Systems Group wrote: > [...] > > > >Replacement candidates for /tmp and /var/tmp are: > > > >1. Each user has a subdirectory in /tmp as /tmp/$USER. An idea brought > > forth to BUGTRAQ by Theo de Raadt of the OpenBSD project. > > > >2. Each user maintains their own /tmp as $HOME/tmp or some such thing. > > An idea I had discussed with my co-workers a number of years ago. > > > > I have an inkling of a third way, for backwards compatibility with #2. > Suppose you create a pseudo-device (/dev/home ?) whose only purpose is > to support a pseudo-file-system, whose only purpose is to return > $USER-dependent symbolic links? (A new kind of symbolic link might > be more efficient, but I'm looking for a way to do it within current > mechanisms). /dev/home/xxx would be mounted at /yyy to get the effect of > opening /yyy/file to be opening $HOME/xxx/file. For our case, use tmp for > both xxx and yyy. That's the sketch, anyway. > > The above deals with (hidden) partitioning of the /tmp namespace, but does > not address the hint-carrying aspect of "tmp." As other posts > have mentioned, > "tmp" might mean: > a. You want a fast small scratch file > b. It might not be small > c. You want garbage collection service > d. Access may be very public, so think twice > Other usage hints might be: > e. You want sequential read-only access with huge read-ahead > buffering for a jitter-glitch-free multimedia stream > f. You want a no-persistent-cleartext-guaranteed file > > You can easily expand on this, but my point is that maybe > namespace, access > control, and performance tuning goals should be separated (at least for > discussion purposes ;-) so that if there is going to be changes, solutions > will be implemented in appropriate contexts. > > One way of specifying something about a file is by saying it > applies to all > files in a particular namespace (or subspace: e.g., leading dot, trailing > .vbs :) > or directory. Another is to mark the files with attribute flags or ACLs. > Another is to pass arguments to access functions like open(), or > ioctl(), etc. > Another is to wrap it in some new object. Etc., etc. If we don't identify > what we're doing, and the options, we won't think about them > until a legacy > pinches. > HTH. > > Regards, > Bengt Richter > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jun 9 3:22: 4 2000 Delivered-To: freebsd-security@freebsd.org Received: from hera.ik.bme.hu (hera.ik.bme.hu [152.66.243.132]) by hub.freebsd.org (Postfix) with ESMTP id AFC9E37B624 for ; Fri, 9 Jun 2000 03:21:51 -0700 (PDT) (envelope-from mohacsi@hera.ik.bme.hu) Received: from localhost (mohacsi@localhost) by hera.ik.bme.hu (8.9.3/8.9.3) with ESMTP id MAA03082 for ; Fri, 9 Jun 2000 12:22:52 +0200 (MET DST) Date: Fri, 9 Jun 2000 12:22:52 +0200 (MET DST) From: Mohacsi Janos To: freebsd-security@FreeBSD.ORG Subject: Where is openssl manual? Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, Where can I find the openssl manual? Or examples to use it? Thanks, Janos Mohacsi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jun 9 4:30: 9 2000 Delivered-To: freebsd-security@freebsd.org Received: from MCSMTP.MC.VANDERBILT.EDU (mcsmtp.mc.Vanderbilt.Edu [160.129.93.202]) by hub.freebsd.org (Postfix) with SMTP id 0C76137BD67 for ; Fri, 9 Jun 2000 04:30:07 -0700 (PDT) (envelope-from George.Giles@mcmail.vanderbilt.edu) Received: by MCSMTP.MC.VANDERBILT.EDU(Lotus SMTP MTA v4.6.6 (890.1 7-16-1999)) id 862568F9.003E568B ; Fri, 9 Jun 2000 06:20:53 -0500 X-Lotus-FromDomain: VANDERBILT From: George.Giles@mcmail.vanderbilt.edu To: freebsd-security@freebsd.org Message-ID: <862568F9.003E54A8.00@MCSMTP.MC.VANDERBILT.EDU> Date: Fri, 9 Jun 2000 06:27:56 -0500 Subject: Firewall Problem Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I have enabled the simple firewall configuration on my kernel (FreeBSD 3.4). I only allow ftp 21, and ssh 22 as incoming connections. I am using postfix instead of sendmail, yet incoming mail connections occur. Why? I also use natd to allow my private network out. When I run a nmap I also see the sunrpc port 111, and X at 6000. Please advise. George To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jun 9 4:36:51 2000 Delivered-To: freebsd-security@freebsd.org Received: from Athena.za.net (athena.za.net [196.30.167.200]) by hub.freebsd.org (Postfix) with ESMTP id D153837B618 for ; Fri, 9 Jun 2000 04:36:20 -0700 (PDT) (envelope-from jus@security.za.net) Received: from localhost (jus@localhost) by Athena.za.net (8.9.3/8.9.3) with ESMTP id NAA12811; Fri, 9 Jun 2000 13:34:22 +0200 (SAST) (envelope-from jus@security.za.net) X-Authentication-Warning: Athena.za.net: jus owned process doing -bs Date: Fri, 9 Jun 2000 13:34:22 +0200 (SAST) From: Justin Stanford X-Sender: jus@Athena.za.net To: George.Giles@mcmail.vanderbilt.edu Cc: freebsd-security@freebsd.org Subject: Re: Firewall Problem In-Reply-To: <862568F9.003E54A8.00@MCSMTP.MC.VANDERBILT.EDU> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org You can kill the portmapper (port 111) in /etc/rc.conf by placing an override in there (find the override in /etc/defaults/rc.conf). Port 6000 is your X server - its best to firewall out 6000. -- Justin Stanford 082 7402741 jus@security.za.net www.security.za.net IT Security and Solutions On Fri, 9 Jun 2000 George.Giles@mcmail.vanderbilt.edu wrote: > > > I have enabled the simple firewall configuration on my kernel (FreeBSD 3.4). I > only allow ftp 21, and ssh 22 as incoming connections. I am using postfix > instead of sendmail, yet incoming mail connections occur. Why? > > I also use natd to allow my private network out. > > When I run a nmap I also see the sunrpc port 111, and X at 6000. > > Please advise. > > George > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jun 9 5: 7:30 2000 Delivered-To: freebsd-security@freebsd.org Received: from MCSMTP.MC.VANDERBILT.EDU (mcsmtp.mc.Vanderbilt.Edu [160.129.93.202]) by hub.freebsd.org (Postfix) with SMTP id 5B05E37B5BF for ; Fri, 9 Jun 2000 05:07:27 -0700 (PDT) (envelope-from George.Giles@mcmail.vanderbilt.edu) Received: by MCSMTP.MC.VANDERBILT.EDU(Lotus SMTP MTA v4.6.6 (890.1 7-16-1999)) id 862568F9.0041BFC9 ; Fri, 9 Jun 2000 06:58:09 -0500 X-Lotus-FromDomain: VANDERBILT From: George.Giles@mcmail.vanderbilt.edu To: freebsd-security@freebsd.org Message-ID: <862568F9.0041BE16.00@MCSMTP.MC.VANDERBILT.EDU> Date: Fri, 9 Jun 2000 07:05:12 -0500 Subject: libsafe Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I have been using libsafe-1.3 from ATT on my linux boxes (it works well). I want to get it's functionality on FreeBSD. The code itself does not compile. Any advice? George To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jun 9 5:58:26 2000 Delivered-To: freebsd-security@freebsd.org Received: from sol.cc.u-szeged.hu (sol.cc.u-szeged.hu [160.114.8.24]) by hub.freebsd.org (Postfix) with ESMTP id EF9C537B99E for ; Fri, 9 Jun 2000 05:58:15 -0700 (PDT) (envelope-from sziszi@petra.hos.u-szeged.hu) Received: from petra.hos.u-szeged.hu by sol.cc.u-szeged.hu (8.9.3+Sun/SMI-SVR4) id OAA13049; Fri, 9 Jun 2000 14:58:42 +0200 (MET DST) Received: from sziszi by petra.hos.u-szeged.hu with local (Exim 3.12 #1 (Debian)) id 130OMX-0000hc-00 for ; Fri, 09 Jun 2000 14:58:13 +0200 Date: Fri, 9 Jun 2000 14:58:13 +0200 From: Szilveszter Adam To: freebsd-security@FreeBSD.ORG Subject: Re: Where is openssl manual? Message-ID: <20000609145813.C32033@petra.hos.u-szeged.hu> Mail-Followup-To: freebsd-security@FreeBSD.ORG References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii User-Agent: Mutt/1.0.1i In-Reply-To: ; from mohacsi@ik.bme.hu on Fri, Jun 09, 2000 at 12:22:52PM +0200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, Jun 09, 2000 at 12:22:52PM +0200, Mohacsi Janos wrote: > Hi, > Where can I find the openssl manual? Or examples to use it? > Thanks, > Janos Mohacsi Hello! See /usr/src/crypto/openssl/ if you have the source installed. The docs are there just are not installed because Kris says there is some name collision with existing ones. If not, you can view it online at http://www.freebsd.org/cgi/cvsweb.cgi/src/crypto/openssl Also see: www.openssl.org Minden jokat! -- Regards: Szilveszter ADAM Szeged University Szeged Hungary To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jun 9 6:50:14 2000 Delivered-To: freebsd-security@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id A565A37C3AC for ; Fri, 9 Jun 2000 06:50:10 -0700 (PDT) (envelope-from Cy.Schubert@uumail.gov.bc.ca) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id GAA30820; Fri, 9 Jun 2000 06:50:08 -0700 Received: from passer.osg.gov.bc.ca(142.32.110.29) via SMTP by point.osg.gov.bc.ca, id smtpda30814; Fri Jun 9 06:49:48 2000 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.9.3/8.9.1) id GAA17069; Fri, 9 Jun 2000 06:49:47 -0700 (PDT) Received: from cwsys9.cwsent.com(10.2.2.1), claiming to be "cwsys.cwsent.com" via SMTP by passer9.cwsent.com, id smtpdo17067; Fri Jun 9 06:49:13 2000 Received: (from uucp@localhost) by cwsys.cwsent.com (8.10.2/8.9.1) id e59DnCf13738; Fri, 9 Jun 2000 06:49:12 -0700 (PDT) Message-Id: <200006091349.e59DnCf13738@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpdR13731; Fri Jun 9 06:48:37 2000 X-Mailer: exmh version 2.1.1 10/15/1999 Reply-To: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-OS: FreeBSD 4.0-STABLE X-Sender: cy To: "Matthew B. Henniges" Cc: freebsd-security@FreeBSD.ORG, dillon@apollo.backplane.com Subject: Re: FreeBSDDEATH.c.txt (mmap dirty page no check bug) In-reply-to: Your message of "Fri, 09 Jun 2000 03:03:02 EDT." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 09 Jun 2000 06:48:36 -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message , "Matthew B. Henniges" w rites: > And what of suid programs? Do they use the users tmp(and possible fall to > symlink/race/whatever..) > > or do they use a different one(roots?) > > do suid programs all use roots /tmp, no matter who runs them? Very good point. SUID programs do inherit the parent's environment. The wider and a couple of others have discussed here will require significant architecture changes to FreeBSD. I think for now, 1. Matt Dillon's suggestion of symlinking /var/tmp to /tmp on its own filesystem is the most secure option we have right now without gutting the whole system. This should be committed to FreeBSD. (My apologies Matt for stomping all over you. That was totally uncalled for.) 2. The hlfs/amd option I advocate will suffer from what you discuss. Turning off SUID is not an option. 3. A special "temporary" filesystem that would isolate users temporary filesystem address spaces from each other would be the ultimate solution, however I don't have enough FreeBSD kernel experience to tackle this -- if this was an MVS kernel, that would be another matter... Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/DEC Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jun 9 7:11:22 2000 Delivered-To: freebsd-security@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id 0C80637C38B for ; Fri, 9 Jun 2000 07:11:20 -0700 (PDT) (envelope-from Cy.Schubert@uumail.gov.bc.ca) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id HAA30880; Fri, 9 Jun 2000 07:10:48 -0700 Received: from passer.osg.gov.bc.ca(142.32.110.29) via SMTP by point.osg.gov.bc.ca, id smtpda30878; Fri Jun 9 07:10:47 2000 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.9.3/8.9.1) id HAA17185; Fri, 9 Jun 2000 07:10:47 -0700 (PDT) Received: from cwsys9.cwsent.com(10.2.2.1), claiming to be "cwsys.cwsent.com" via SMTP by passer9.cwsent.com, id smtpdb17161; Fri Jun 9 07:10:12 2000 Received: (from uucp@localhost) by cwsys.cwsent.com (8.10.2/8.9.1) id e59EACY13836; Fri, 9 Jun 2000 07:10:12 -0700 (PDT) Message-Id: <200006091410.e59EACY13836@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpdX13818; Fri Jun 9 07:09:56 2000 X-Mailer: exmh version 2.1.1 10/15/1999 Reply-To: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-OS: FreeBSD 4.0-STABLE X-Sender: cy To: Matthew Dillon Cc: freebsd-security@freebsd.org Subject: Apologies Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 09 Jun 2000 07:09:56 -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Matt, I apologise for stomping all over you earlier this week. Rather than using my head I was using my emotions. I hope you can forgive me for being such an ass toward you. Unfortunately you're not the only one I need to apologise to. I apologise to the list for my behaviour this past week. (Now I need to apologise to my wife and a co-worker. Both of those will be a lot tougher to do). Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/DEC Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jun 9 8:22:40 2000 Delivered-To: freebsd-security@freebsd.org Received: from moek.pir.net (moek.pir.net [209.192.237.190]) by hub.freebsd.org (Postfix) with ESMTP id 63ADE37C402 for ; Fri, 9 Jun 2000 08:22:36 -0700 (PDT) (envelope-from pir@pir.net) Received: from pir by moek.pir.net with local (Exim) id 130Qc4-0007DI-00 for freebsd-security@freebsd.org; Fri, 09 Jun 2000 11:22:24 -0400 Date: Fri, 9 Jun 2000 11:22:24 -0400 From: Peter Radcliffe To: freebsd-security@freebsd.org Subject: Re: Firewall Problem Message-ID: <20000609112223.A27490@pir.net> Reply-To: freebsd-security@freebsd.org Mail-Followup-To: freebsd-security@freebsd.org References: <862568F9.003E54A8.00@MCSMTP.MC.VANDERBILT.EDU> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: ; from jus@security.za.net on Fri, Jun 09, 2000 at 01:34:22PM +0200 X-fish: < X-Copy-On-Listmail: Please do NOT Cc: me on list mail. Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Justin Stanford probably said: > You can kill the portmapper (port 111) in /etc/rc.conf by placing an > override in there (find the override in /etc/defaults/rc.conf). > > Port 6000 is your X server - its best to firewall out 6000. In this day and age I _strongly_ suggest starting X with '-nolisten tcp' and using the unix domain socket to talk to the X server. This even works cleanly with X forwarding over ssh. This will stop X clients on another machine displaying on your's (unless you use ssh forwarding) but I never do that anyway ... P. -- pir pir@pir.net pir@net.tufts.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jun 9 8:44: 8 2000 Delivered-To: freebsd-security@freebsd.org Received: from obie.softweyr.com (obie.softweyr.com [204.68.178.33]) by hub.freebsd.org (Postfix) with ESMTP id 6DC2A37BB8C for ; Fri, 9 Jun 2000 08:44:02 -0700 (PDT) (envelope-from wes@softweyr.com) Received: from softweyr.com (Foolstrustident!@homer.softweyr.com [204.68.178.39]) by obie.softweyr.com (8.8.8/8.8.8) with ESMTP id JAA08237; Fri, 9 Jun 2000 09:43:42 -0600 (MDT) (envelope-from wes@softweyr.com) Message-ID: <394110C3.59081AE@softweyr.com> Date: Fri, 09 Jun 2000 09:44:03 -0600 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.7 [en] (X11; U; FreeBSD 4.0-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: Mohacsi Janos Cc: freebsd-security@FreeBSD.ORG Subject: Re: Where is openssl manual? References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Mohacsi Janos wrote: > > Hi, > Where can I find the openssl manual? Or examples to use it? Uh, in /usr/src/crypto/openssl/{doc,demos}? The doco is in pod files; you can use pod2man or pod2html to convert them to something useful. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jun 9 8:59: 5 2000 Delivered-To: freebsd-security@freebsd.org Received: from turtle.looksharp.net (cc360882-a.strhg1.mi.home.com [24.2.221.22]) by hub.freebsd.org (Postfix) with ESMTP id 1979F37BACF for ; Fri, 9 Jun 2000 08:59:02 -0700 (PDT) (envelope-from bsdx@looksharp.net) Received: from localhost (bsdx@localhost) by turtle.looksharp.net (8.9.3/8.9.3) with ESMTP id LAA04158; Fri, 9 Jun 2000 11:58:48 -0400 (EDT) (envelope-from bsdx@looksharp.net) Date: Fri, 9 Jun 2000 11:58:48 -0400 (EDT) From: Adam To: George.Giles@mcmail.vanderbilt.edu Cc: freebsd-security@FreeBSD.ORG Subject: Re: Firewall Problem In-Reply-To: <862568F9.003E54A8.00@MCSMTP.MC.VANDERBILT.EDU> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 9 Jun 2000 George.Giles@mcmail.vanderbilt.edu wrote: > >I have enabled the simple firewall configuration on my kernel (FreeBSD 3.4). I ^^^^^^ try closed instead, it sounds more appropriate. >only allow ftp 21, and ssh 22 as incoming connections. I am using postfix >instead of sendmail, yet incoming mail connections occur. Why? > >I also use natd to allow my private network out. > >When I run a nmap I also see the sunrpc port 111, and X at 6000. > >Please advise. > >George > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jun 9 11:34:48 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 9153637B81F; Fri, 9 Jun 2000 11:34:44 -0700 (PDT) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id LAA47252; Fri, 9 Jun 2000 11:34:44 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Fri, 9 Jun 2000 11:34:44 -0700 (PDT) From: Kris Kennaway To: George.Giles@mcmail.vanderbilt.edu Cc: freebsd-security@freebsd.org Subject: Re: libsafe In-Reply-To: <862568F9.0041BE16.00@MCSMTP.MC.VANDERBILT.EDU> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 9 Jun 2000 George.Giles@mcmail.vanderbilt.edu wrote: > I have been using libsafe-1.3 from ATT on my linux boxes (it works > well). I want to get it's functionality on FreeBSD. The code itself > does not compile. Any advice? Get porting.. Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jun 9 12:26:27 2000 Delivered-To: freebsd-security@freebsd.org Received: from web206.mail.yahoo.com (web206.mail.yahoo.com [128.11.68.106]) by hub.freebsd.org (Postfix) with SMTP id 3D8C537C401 for ; Fri, 9 Jun 2000 12:26:15 -0700 (PDT) (envelope-from hho321@yahoo.com) Received: (qmail 19549 invoked by uid 60001); 9 Jun 2000 19:26:12 -0000 Message-ID: <20000609192612.19548.qmail@web206.mail.yahoo.com> Received: from [216.33.112.208] by web206.mail.yahoo.com; Fri, 09 Jun 2000 12:26:12 PDT Date: Fri, 9 Jun 2000 12:26:12 -0700 (PDT) From: Hugh Ho Subject: subscribe freebsd-security To: FreeBSD-security@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org subscribe freebsd-security __________________________________________________ Do You Yahoo!? Yahoo! Photos -- now, 100 FREE prints! http://photos.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jun 9 12:43:13 2000 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [12.23.109.2]) by hub.freebsd.org (Postfix) with ESMTP id 5BB8D37C809; Fri, 9 Jun 2000 12:42:58 -0700 (PDT) (envelope-from brett@lariat.org) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id NAA09442; Fri, 9 Jun 2000 13:42:51 -0600 (MDT) Message-Id: <4.3.2.7.2.20000609134215.049ed650@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Fri, 09 Jun 2000 13:42:48 -0600 To: Kris Kennaway , George.Giles@mcmail.vanderbilt.edu From: Brett Glass Subject: Re: libsafe Cc: freebsd-security@FreeBSD.ORG In-Reply-To: References: <862568F9.0041BE16.00@MCSMTP.MC.VANDERBILT.EDU> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 12:34 PM 6/9/2000, Kris Kennaway wrote: >On Fri, 9 Jun 2000 George.Giles@mcmail.vanderbilt.edu wrote: > >> I have been using libsafe-1.3 from ATT on my linux boxes (it works >> well). I want to get it's functionality on FreeBSD. The code itself >> does not compile. Any advice? > >Get porting.. Or, better, reimplement from first principles so that the result is not under the GPL. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jun 9 13:12:52 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id D388537B678; Fri, 9 Jun 2000 13:12:50 -0700 (PDT) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id NAA68034; Fri, 9 Jun 2000 13:12:50 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Fri, 9 Jun 2000 13:12:50 -0700 (PDT) From: Kris Kennaway To: Brett Glass Cc: George.Giles@mcmail.vanderbilt.edu, freebsd-security@FreeBSD.ORG Subject: Re: libsafe In-Reply-To: <4.3.2.7.2.20000609134215.049ed650@localhost> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 9 Jun 2000, Brett Glass wrote: > At 12:34 PM 6/9/2000, Kris Kennaway wrote: > > >On Fri, 9 Jun 2000 George.Giles@mcmail.vanderbilt.edu wrote: > > > >> I have been using libsafe-1.3 from ATT on my linux boxes (it works > >> well). I want to get it's functionality on FreeBSD. The code itself > >> does not compile. Any advice? > > > >Get porting.. > > Or, better, reimplement from first principles so that the result is not > under the GPL. LGPL. Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jun 9 18:22:23 2000 Delivered-To: freebsd-security@freebsd.org Received: from silby.com (cb34181-a.mdsn1.wi.home.com [24.14.173.39]) by hub.freebsd.org (Postfix) with SMTP id B89D437BBE5 for ; Fri, 9 Jun 2000 18:22:10 -0700 (PDT) (envelope-from silby@silby.com) Received: (qmail 14394 invoked by uid 1000); 10 Jun 2000 01:22:07 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 10 Jun 2000 01:22:07 -0000 Date: Fri, 9 Jun 2000 20:22:07 -0500 (CDT) From: Mike Silbersack To: security@freebsd.org Subject: Mbuf waiting mfc to 3 Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Well, it's been nearly a month since I posted the mbuf waiting MFC for 3.4 to -net, although I haven't heard any complaints about it messing up systems, there have been a few complaints on bugtraq of mbuf exhaustion attacks which would be much less serious with it. :) In any case, the patch is still available at http://www.silby.com/patches/mbuf-wait-mfc-2.patch for review. I'm fairly confident in its reliability, but I'd prefer a few more people to test it if they have the time. If there are no negative complaints, I'd like to get it committed before the end of next week to ensure that we don't miss getting it into 3.5. There are no changes between this patch and the last one I posted other than a single version line I had messed up in the previous one, so if you're currently testing that one, there's no need to download this one. Please post your experiences with it in any case, though. The small memory leak I alluded to in my previous posting of the patch has been found and committed seperately (as it affected 3,4, and 5.) So, please CVSUP before testing this patch to ensure you're seeing its true colors. Thanks, Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jun 9 19:28: 0 2000 Delivered-To: freebsd-security@freebsd.org Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2]) by hub.freebsd.org (Postfix) with ESMTP id B3C6237B631 for ; Fri, 9 Jun 2000 19:27:55 -0700 (PDT) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.9.3/8.9.1) id TAA16746; Fri, 9 Jun 2000 19:27:53 -0700 (PDT) (envelope-from dillon) Date: Fri, 9 Jun 2000 19:27:53 -0700 (PDT) From: Matthew Dillon Message-Id: <200006100227.TAA16746@apollo.backplane.com> To: Cy Schubert - ITSD Open Systems Group Cc: freebsd-security@FreeBSD.ORG Subject: Re: Apologies References: <200006091410.e59EACY13836@cwsys.cwsent.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org : :Matt, I apologise for stomping all over you earlier this week. Rather :than using my head I was using my emotions. I hope you can forgive me :for being such an ass toward you. : :Unfortunately you're not the only one I need to apologise to. I :apologise to the list for my behaviour this past week. : :(Now I need to apologise to my wife and a co-worker. Both of those :will be a lot tougher to do). : : :Regards, Phone: (250)387-8437 :Cy Schubert Fax: (250)387-5766 No problem, I'm bullet-proof now :-) -Matt Matthew Dillon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jun 9 21:15:14 2000 Delivered-To: freebsd-security@freebsd.org Received: from darren2.lnk.telstra.net (darren2.lnk.telstra.net [139.130.53.33]) by hub.freebsd.org (Postfix) with ESMTP id 8A2EB37C6DD for ; Fri, 9 Jun 2000 21:15:07 -0700 (PDT) (envelope-from darrenr@reed.wattle.id.au) Received: (from root@localhost) by darren2.lnk.telstra.net (8.9.1/8.8.7) id EAA24334 for ; Sat, 10 Jun 2000 04:15:03 GMT From: Darren Reed Message-Id: <200006100414.OAA04399@avalon.reed.wattle.id.au> Subject: cybercop scan from 202.106.149.47 To: security@freebsd.org Date: Sat, 10 Jun 2000 14:14:30 +1000 (EST) X-Mailer: ELM [version 2.4ME+ PL37 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org did anyone else get that syslog message ? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jun 9 22:48:26 2000 Delivered-To: freebsd-security@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id AF78E37C673; Fri, 9 Jun 2000 22:48:15 -0700 (PDT) (envelope-from Cy.Schubert@uumail.gov.bc.ca) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id WAA00725; Fri, 9 Jun 2000 22:48:14 -0700 Received: from passer.osg.gov.bc.ca(142.32.110.29) via SMTP by point.osg.gov.bc.ca, id smtpda00723; Fri Jun 9 22:48:01 2000 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.9.3/8.9.1) id WAA31111; Fri, 9 Jun 2000 22:48:01 -0700 (PDT) Received: from cwsys9.cwsent.com(10.2.2.1), claiming to be "cwsys.cwsent.com" via SMTP by passer9.cwsent.com, id smtpdG31109; Fri Jun 9 22:47:55 2000 Received: (from uucp@localhost) by cwsys.cwsent.com (8.10.2/8.9.1) id e5A5lt931850; Fri, 9 Jun 2000 22:47:55 -0700 (PDT) Message-Id: <200006100547.e5A5lt931850@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpdx31841; Fri Jun 9 22:47:39 2000 X-Mailer: exmh version 2.1.1 10/15/1999 Reply-To: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-OS: FreeBSD 4.0-STABLE X-Sender: cy To: freebsd-security@freebsd.org Cc: security-officer@freebsd.org Subject: OpenSSH's UseLogin option allows remote access with root privilege. (fwd) Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 09 Jun 2000 22:47:38 -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This is probably important enough to be posted here too. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/DEC Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC ------- Forwarded Message Forwarded: Fri, 09 Jun 2000 22:34:14 -0700 Forwarded: jlcthibo@uumail.gov.bc.ca Return-Path: cschuber@osg.gov.bc.ca Delivery-Date: Fri Jun 9 21:18:50 2000 Received: (from uucp@localhost) by cwsys.cwsent.com (8.10.2/8.9.1) id e5A4Io631010 for ; Fri, 9 Jun 2000 21:18:50 -0700 (PDT) Received: from passer9.cwsent.com(10.2.2.2), claiming to be "passer.osg.gov.bc.ca" via SMTP by cwsys9.cwsent.com, id smtpdS31003; Fri Jun 9 21:18:47 2000 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.9.3/8.9.1) id VAA30166 for ; Fri, 9 Jun 2000 21:18:46 -0700 (PDT) Resent-Message-Id: <200006100418.VAA30166@passer.osg.gov.bc.ca> Received: from localhost.osg.gov.bc.ca(127.0.0.1), claiming to be "passer.osg.gov.bc.ca" via SMTP by localhost.osg.gov.bc.ca, id smtpdJ30158; Fri Jun 9 21:17:46 2000 Delivery-Date: Fri, 09 Jun 2000 21:17:45 -0700 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.9.3/8.9.1) id VAA30150 for ; Fri, 9 Jun 2000 21:17:45 -0700 (PDT) Received: from point.osg.gov.bc.ca(142.32.102.44) via SMTP by passer.osg.gov.bc.ca, id smtpdN30132; Fri Jun 9 21:16:52 2000 Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id VAA00379 for ; Fri, 9 Jun 2000 21:16:52 -0700 Received: from lists.securityfocus.com(207.126.127.68) via SMTP by point.osg.gov.bc.ca, id smtpda00375; Fri Jun 9 21:16:43 2000 Received: from lists.securityfocus.com (lists.securityfocus.com [207.126.127.68]) by lists.securityfocus.com (Postfix) with ESMTP id 266921F3BE; Fri, 9 Jun 2000 21:03:01 -0700 (PDT) Received: from LISTS.SECURITYFOCUS.COM by LISTS.SECURITYFOCUS.COM (LISTSERV-TCP/IP release 1.8d) with spool id 10520414 for BUGTRAQ@LISTS.SECURITYFOCUS.COM; Fri, 9 Jun 2000 21:01:17 -0700 Approved-By: aleph1@SECURITYFOCUS.COM Delivered-To: bugtraq@lists.securityfocus.com Received: from securityfocus.com (mail.securityfocus.com [207.126.127.78]) by lists.securityfocus.com (Postfix) with SMTP id 9A5721EED8 for ; Fri, 9 Jun 2000 08:06:43 -0700 (PDT) Received: (qmail 3224 invoked by alias); 9 Jun 2000 15:06:53 -0000 Delivered-To: BUGTRAQ@SECURITYFOCUS.COM Received: (qmail 3213 invoked from network); 9 Jun 2000 15:06:51 -0000 Received: from nbgdi5-145-253-148-010.arcor-ip.net (HELO folly.informatik.uni-erlangen.de) (145.253.148.10) by mail.securityfocus.com with SMTP; 9 Jun 2000 15:06:51 -0000 Received: by folly.informatik.uni-erlangen.de (Postfix, from userid 31451) id 9656EF97; Fri, 9 Jun 2000 17:06:30 +0200 (CEST) Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i Message-ID: <20000609170629.A4933@folly.informatik.uni-erlangen.de> Date: Fri, 9 Jun 2000 17:06:30 +0200 Reply-To: Markus Friedl Sender: Bugtraq List From: Markus Friedl Subject: OpenSSH's UseLogin option allows remote access with root privilege. X-To: misc@openbsd.org, openssh-unix-dev@mindrot.org To: BUGTRAQ@SECURITYFOCUS.COM Resent-To: cy@passer.osg.gov.bc.ca Resent-Date: Fri, 09 Jun 2000 21:17:46 -0700 Resent-From: Cy Schubert OpenSSH's UseLogin option allows remote access with root privilege. 1. Systems affected: The default installation of OpenSSH is not vulnerable, since UseLogin defaults to 'no'. However, if UseLogin is enabled, all versions of OpenSSH prior to 2.1.1 are affected. 2. Description: If the UseLogin option is enabled the OpenSSH server (sshd) does not switch to the uid of the user logging in. Instead, sshd relies on login(1) to do the job. However, if the user specifies a command for remote execution login(1) cannot be used and sshd fails to set the correct user id. The command is run with the same privilege as sshd (usually with root privilege). 3. Impact: If the administrator enables UseLogin users can get privileged access to the server running sshd. 4. Short Term Solution: Do not enable UseLogin on your machines or disable UseLogin again in /etc/sshd_config: UseLogin no 5. Solution: Upgrade to OpenSSH-2.1.1 or apply the attached patch. OpenSSH-2.1.1 is available from www.openssh.com. Appendix: 1. OpenSSH-1.2.2 - --- sshd.c.orig Thu Jan 20 18:58:39 2000 +++ sshd.c Tue Jun 6 10:12:00 2000 @@ -2231,6 +2231,10 @@ struct stat st; char *argv[10]; + /* login(1) is only called if we execute the login shell */ + if (options.use_login && command != NULL) + options.use_login = 0; + f = fopen("/etc/nologin", "r"); if (f) { /* /etc/nologin exists. Print its contents and exit. */ 2. OpenSSH-1.2.3 - --- sshd.c.orig Mon Mar 6 22:11:17 2000 +++ sshd.c Tue Jun 6 10:14:07 2000 @@ -2250,6 +2250,10 @@ struct stat st; char *argv[10]; + /* login(1) is only called if we execute the login shell */ + if (options.use_login && command != NULL) + options.use_login = 0; + f = fopen("/etc/nologin", "r"); if (f) { /* /etc/nologin exists. Print its contents and exit. */ 3. OpenSSH-2.1.0 - --- session.c.orig Wed May 3 20:03:07 2000 +++ session.c Tue Jun 6 10:10:50 2000 @@ -744,6 +744,10 @@ struct stat st; char *argv[10]; + /* login(1) is only called if we execute the login shell */ + if (options.use_login && command != NULL) + options.use_login = 0; + f = fopen("/etc/nologin", "r"); if (f) { /* /etc/nologin exists. Print its contents and exit. */ EOF ------- End of Forwarded Message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Jun 9 23:37:49 2000 Delivered-To: freebsd-security@freebsd.org Received: from darren2.lnk.telstra.net (darren2.lnk.telstra.net [139.130.53.33]) by hub.freebsd.org (Postfix) with ESMTP id 40B8337BBBE for ; Fri, 9 Jun 2000 23:37:43 -0700 (PDT) (envelope-from darrenr@reed.wattle.id.au) Received: (from root@localhost) by darren2.lnk.telstra.net (8.9.1/8.8.7) id GAA24505; Sat, 10 Jun 2000 06:37:39 GMT From: Darren Reed Message-Id: <200006100637.QAA04633@avalon.reed.wattle.id.au> Subject: Re: cybercop scan from 202.106.149.47 In-Reply-To: <000d01bfd29e$2b6eca50$0100007f@localhost.cell2000.net> from Steven Alexander at "Jun 9, 0 10:38:55 pm" To: steve@cell2000.net Date: Sat, 10 Jun 2000 16:37:26 +1000 (EST) Cc: security@freebsd.org X-Mailer: ELM [version 2.4ME+ PL37 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In some email I received from Steven Alexander, sie wrote: [Charset iso-8859-1 unsupported, filtering to ASCII...] > The Cybercop security scanner does certain things to make itself loud (to > prevent unauthorized scanning), that message is one of them. If you weren't > scanning your machine then someone (202.106.149.47) was. Sigh. Sorry for being so obscure. I got that message from syslogd on a freebsd.org machine whilst I was logged into that box. Why else would I have sent it to a freebsd list ? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Jun 10 8:20:53 2000 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 3268E37B8AE for ; Sat, 10 Jun 2000 08:20:48 -0700 (PDT) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id LAA04520; Sat, 10 Jun 2000 11:20:28 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Sat, 10 Jun 2000 11:20:28 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: Darren Reed Cc: security@freebsd.org Subject: Re: cybercop scan from 202.106.149.47 In-Reply-To: <200006100414.OAA04399@avalon.reed.wattle.id.au> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, 10 Jun 2000, Darren Reed wrote: > did anyone else get that syslog message ? NAI's vulnerability scanner, CyberCop, will notify the machine being scanned that the scanning is occurring. When doing so, it chooses a level of emerg, resulting in syslogd sending the message to all users. In recent versions of FreeBSD, I believe the default arguments to syslogd cause it to ignore network-sourced syslog packets (-s?). For whatever reason, freefall's /etc has not been updated to do that. It sounds like someone grabbed a copy of CyberCop and is using it to scan for potential targets, not knowing that it causes bright lights to flash :-). There should also be lots of other evidence of the scan in the system logs. Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Jun 10 10:23: 9 2000 Delivered-To: freebsd-security@freebsd.org Received: from burka.carrier.kiev.ua (burka.carrier.kiev.ua [193.193.193.107]) by hub.freebsd.org (Postfix) with ESMTP id 8E8DE37B512 for ; Sat, 10 Jun 2000 10:22:15 -0700 (PDT) (envelope-from snar@lucky.net) Received: from snar@localhost by burka.carrier.kiev.ua id UIM57625; Sat, 10 Jun 2000 20:22:01 +0300 (EEST) (envelope-from snar) Date: Sat, 10 Jun 2000 20:22:01 +0300 From: Alexandre Snarskii To: George.Giles@mcmail.vanderbilt.edu Cc: freebsd-security@freebsd.org Subject: Re: libsafe Message-ID: <20000610202201.B53081@lucky.net> References: <862568F9.0041BE16.00@MCSMTP.MC.VANDERBILT.EDU> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: <862568F9.0041BE16.00@MCSMTP.MC.VANDERBILT.EDU>; from George.Giles@mcmail.vanderbilt.edu on Fri, Jun 09, 2000 at 07:05:12AM -0500 X-NCC-RegID: ua.luckynet Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, Jun 09, 2000 at 07:05:12AM -0500, George.Giles@mcmail.vanderbilt.edu wrote: > > > I have been using libsafe-1.3 from ATT on my linux boxes (it works well). I want > to get it's functionality on FreeBSD. The code itself does not compile. Any > advice? Use libparanoia from ports collection/security. -- Alexander Snarskii the source code is included. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Jun 10 10:34:58 2000 Delivered-To: freebsd-security@freebsd.org Received: from hormann.tzo.cc (cvg-29-15-234.cinci.rr.com [24.29.15.234]) by hub.freebsd.org (Postfix) with ESMTP id F1C3C37B50B for ; Sat, 10 Jun 2000 10:34:54 -0700 (PDT) (envelope-from ghormann@alumni.indiana.edu) Received: from localhost (ghormann@localhost) by hormann.tzo.cc (8.9.3/8.9.3) with ESMTP id NAA01536 for ; Sat, 10 Jun 2000 13:37:55 -0400 (EDT) (envelope-from ghormann@alumni.indiana.edu) X-Authentication-Warning: hormann.tzo.cc: ghormann owned process doing -bs Date: Sat, 10 Jun 2000 13:37:50 -0400 (EDT) From: Greg Hormann X-Sender: ghormann@hormann.tzo.cc To: security@freebsd.org Subject: Setting up simple firewall with ipfw Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I'm try to setup a simple little firewall for my stand alone FreeBSD-4.0 box. Most of what I want seems to be working, but I'm having a few problems I would appreciate some help with. (I'm *extremely* new to firewalls.) 1) This box obtains its internet address via dhcp. Because of that, I've been using "any to any via ed0". This box is dual homed, and at some point in time I'd like to use natd to make this box a gateway for my internal network. Is there a more secure way to set things up when using dhcp? 2) I can't get logging working to help me trouble shoot my problems. (IPFIREWALL_VERBOSE is in the kernel.) -- It may works, and I don't know where to look for it. Its not appear on the console, and after looking and the man page, i still couldn't figure it out. sysctl net.inet.ip.fw returns: net.inet.ip.fw.enable: 1 net.inet.ip.fw.one_pass: 1 net.inet.ip.fw.debug: 1 net.inet.ip.fw.verbose: 1 net.inet.ip.fw.verbose_limit: 0 net.inet.ip.fw.dyn_buckets: 256 net.inet.ip.fw.curr_dyn_buckets: 256 net.inet.ip.fw.dyn_count: 0 net.inet.ip.fw.dyn_max: 1000 net.inet.ip.fw.dyn_ack_lifetime: 300 net.inet.ip.fw.dyn_syn_lifetime: 20 net.inet.ip.fw.dyn_fin_lifetime: 20 net.inet.ip.fw.dyn_rst_lifetime: 5 net.inet.ip.fw.dyn_short_lifetime: 5 3) I'm having trouble getting ftp/ssh traffic through my firewall. (I can get out, but not in.) When trying to ftp or ssh in, I receive "TCP/IP Failure" I currently have the following rules: (Remember, I'm using dhcp hence so many "any to any" 00100 108 7771 allow tcp from any to any via ed0 established 00100 114 15516 allow ip from any to any via lo0 00200 1 44 allow tcp from any to any 25 via ed0 00200 0 0 deny ip from any to 127.0.0.0/8 00300 0 0 allow tcp from any to any 23 via ed0 00400 0 0 allow tcp from any to any 22 setup 00500 0 0 allow udp from any to any 22 00600 0 0 allow tcp from any 22 to any 00700 0 0 allow tcp from any to any 20 via ed0 00800 0 0 allow tcp from any to any 21 via ed0 00900 0 0 allow tcp from any to any 80 via ed0 01000 0 0 allow tcp from any to any 220 via ed0 01100 0 0 allow tcp from any to any 546 01200 0 0 allow udp from any to any 56 01300 4 176 allow tcp from any to any 110 01400 5 220 deny log tcp from any to any 1-1024 via ed0 65000 14 1701 allow ip from any to any 65535 6 672 deny ip from any to any Thanks in advance, Greg. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Jun 10 11:44:13 2000 Delivered-To: freebsd-security@freebsd.org Received: from hormann.tzo.cc (cvg-29-15-234.cinci.rr.com [24.29.15.234]) by hub.freebsd.org (Postfix) with ESMTP id 683E037B86F for ; Sat, 10 Jun 2000 11:44:09 -0700 (PDT) (envelope-from ghormann@alumni.indiana.edu) Received: from localhost (ghormann@localhost) by hormann.tzo.cc (8.9.3/8.9.3) with ESMTP id OAA01834; Sat, 10 Jun 2000 14:46:22 -0400 (EDT) (envelope-from ghormann@alumni.indiana.edu) X-Authentication-Warning: hormann.tzo.cc: ghormann owned process doing -bs Date: Sat, 10 Jun 2000 14:46:20 -0400 (EDT) From: Greg Hormann X-Sender: ghormann@hormann.tzo.cc To: John F Cuzzola Cc: security@freebsd.org Subject: Re: Setting up simple firewall with ipfw In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Thanks. ssh/ftp now work correctly through the firewall. Logging still doesn't work. (Its not showing up in /var/log/* or the console. I've tried playing with net.inet.ip.fw.verbose_limit, but that didn't help either. As for the first question, I think I may have figured it out. Haven't tried it yet, but I could have my firewall script figure out the current ip from ifconfig. Then, I would just need to call my firewall script each time a new IP address was assigned. (Should be easy using hooks from dhclient) Thanks again. Greg. On Sat, 10 Jun 2000, John F Cuzzola wrote: > > *** by default firewall messages are logged in /var/log/messages(I > think). I usually create a seperate file for firewall logging > (/var/log/firewall.log) then change /etc/syslogd.conf appropriately > > *** you have rules with the same numbers (two rules 100 & 200). In my > experience with FreeBSD 4 this sometimes causes problems. Renumber your > rules so each one has its own unique rule number. Your ssh setup looks > like it should work. SSH only uses tcp so the rule: > > 00500 0 0 allow udp from any to any 22 > can be deleted. > > as for ftp. When you are using true ftp (instead of passive) a connection > is made FROM a computer port 20 TO you on some port. So the rules: > > > 00700 0 0 allow tcp from any to any 20 via ed0 > > 00800 0 0 allow tcp from any to any 21 via ed0 > > are almost right. Rule 700 should read: > ipfw add 700 allow tcp from any 20 to any via ed0 > (the port 20 comes from the host you are contacting it doesn't connect > back to you on port 20) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Jun 10 12: 4:23 2000 Delivered-To: freebsd-security@freebsd.org Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2]) by hub.freebsd.org (Postfix) with ESMTP id 1437537BD4F for ; Sat, 10 Jun 2000 12:04:18 -0700 (PDT) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.9.3/8.9.1) id MAA22680; Sat, 10 Jun 2000 12:04:15 -0700 (PDT) (envelope-from dillon) Date: Sat, 10 Jun 2000 12:04:15 -0700 (PDT) From: Matthew Dillon Message-Id: <200006101904.MAA22680@apollo.backplane.com> To: Greg Hormann Cc: John F Cuzzola , security@FreeBSD.ORG Subject: Re: Setting up simple firewall with ipfw References: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org You also need to allow ICMP messages through, or TCP will not be able to do path-mtu-discovery. I usually let pings through as well. add ..... allow icmp from any to any icmptypes 0,3,5,8,11,12,13,14 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Jun 10 13:22:18 2000 Delivered-To: freebsd-security@freebsd.org Received: from verdi.nethelp.no (verdi.nethelp.no [158.36.41.162]) by hub.freebsd.org (Postfix) with SMTP id DE41F37BD19 for ; Sat, 10 Jun 2000 13:22:12 -0700 (PDT) (envelope-from sthaug@nethelp.no) Received: (qmail 89463 invoked by uid 1001); 10 Jun 2000 20:19:16 +0000 (GMT) To: dillon@apollo.backplane.com Cc: ghormann@alumni.indiana.edu, vdrifter@ocis.ocis.net, security@FreeBSD.ORG Subject: Re: Setting up simple firewall with ipfw From: sthaug@nethelp.no In-Reply-To: Your message of "Sat, 10 Jun 2000 12:04:15 -0700 (PDT)" References: <200006101904.MAA22680@apollo.backplane.com> X-Mailer: Mew version 1.05+ on Emacs 19.34.2 Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Date: Sat, 10 Jun 2000 22:19:16 +0200 Message-ID: <89461.960668356@verdi.nethelp.no> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > You also need to allow ICMP messages through, or TCP will not be > able to do path-mtu-discovery. I usually let pings through as well. > > add ..... allow icmp from any to any icmptypes 0,3,5,8,11,12,13,14 I can sort of understand 12 (Parameter Problem), but why on earth do you want to allow 13 and 14 (Timestamp/Timestamp Reply)? Steinar Haug, Nethelp consulting, sthaug@nethelp.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Jun 10 13:59: 4 2000 Delivered-To: freebsd-security@freebsd.org Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2]) by hub.freebsd.org (Postfix) with ESMTP id AC16137BD68 for ; Sat, 10 Jun 2000 13:58:57 -0700 (PDT) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.9.3/8.9.1) id NAA23380; Sat, 10 Jun 2000 13:58:43 -0700 (PDT) (envelope-from dillon) Date: Sat, 10 Jun 2000 13:58:43 -0700 (PDT) From: Matthew Dillon Message-Id: <200006102058.NAA23380@apollo.backplane.com> To: sthaug@nethelp.no Cc: ghormann@alumni.indiana.edu, vdrifter@ocis.ocis.net, security@FreeBSD.ORG Subject: Re: Setting up simple firewall with ipfw References: <200006101904.MAA22680@apollo.backplane.com> <89461.960668356@verdi.nethelp.no> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org :> You also need to allow ICMP messages through, or TCP will not be :> able to do path-mtu-discovery. I usually let pings through as well. :> :> add ..... allow icmp from any to any icmptypes 0,3,5,8,11,12,13,14 : :I can sort of understand 12 (Parameter Problem), but why on earth do :you want to allow 13 and 14 (Timestamp/Timestamp Reply)? : :Steinar Haug, Nethelp consulting, sthaug@nethelp.no Well... why not? A host-redirect ICMP is dangerous. A timestamp/reply ICMP is not. -Matt Matthew Dillon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Jun 10 22:13:41 2000 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 10CEC37B9C9; Sat, 10 Jun 2000 22:13:37 -0700 (PDT) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id WAA27021; Sat, 10 Jun 2000 22:13:37 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Sat, 10 Jun 2000 22:13:36 -0700 (PDT) From: Kris Kennaway To: Cy Schubert - ITSD Open Systems Group Cc: freebsd-security@freebsd.org, security-officer@freebsd.org Subject: Re: OpenSSH's UseLogin option allows remote access with root privilege. (fwd) In-Reply-To: <200006100547.e5A5lt931850@cwsys.cwsent.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 9 Jun 2000, Cy Schubert - ITSD Open Systems Group wrote: > This is probably important enough to be posted here too. Thanks, I've fixed it in 5.0 and 4.0 Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message