From owner-freebsd-security Sun Feb 17 10:23:43 2002 Delivered-To: freebsd-security@freebsd.org Received: from excalibur.skynet.be (excalibur.skynet.be [195.238.3.135]) by hub.freebsd.org (Postfix) with ESMTP id 2F34637B402 for ; Sun, 17 Feb 2002 10:23:41 -0800 (PST) Received: from skynet.be (dialup96.herentals.skynet.be [195.238.28.96]) by excalibur.skynet.be (8.11.6/8.11.6/Skynet-OUT-2.16) with ESMTP id g1HINY828744; Sun, 17 Feb 2002 19:23:34 +0100 (MET) (envelope-from ) Message-ID: <3C6FF51C.4090602@skynet.be> Date: Sun, 17 Feb 2002 19:23:24 +0100 From: Raf Schietekat Reply-To: Raf_Schietekat@ieee.org User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.4) Gecko/20011019 Netscape6/6.2 X-Accept-Language: en-us MIME-Version: 1.0 To: freebsd-security@FreeBSD.ORG Subject: Re: as they advise the Sponsor. References: <200202162009.g1GK90C96120@mail.visp.co.nz> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Courtesy warning about the apparent twofold spam from brett@softwarecreations.co.nz on 2002-02-16: virus-admin@ieee.org wrote: > InterScan has detected a virus PE_Magistr.A in the file (CHG_REG.EXE) > in the mail traffic sent to you by owner-freebsd-security@FreeBSD.ORG Raf Schietekat To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Feb 17 10:39:36 2002 Delivered-To: freebsd-security@freebsd.org Received: from energyhq.homeip.net (213-97-200-73.uc.nombres.ttd.es [213.97.200.73]) by hub.freebsd.org (Postfix) with ESMTP id 8530237B402 for ; Sun, 17 Feb 2002 10:39:27 -0800 (PST) Received: by energyhq.homeip.net (Postfix, from userid 1001) id F29313FC49; Sun, 17 Feb 2002 19:39:36 +0100 (CET) Date: Sun, 17 Feb 2002 19:39:36 +0100 From: Miguel Mendez To: Raf_Schietekat@ieee.org Cc: freebsd-security@FreeBSD.ORG Subject: Re: as they advise the Sponsor. Message-ID: <20020217193936.A25423@energyhq.homeip.net> References: <200202162009.g1GK90C96120@mail.visp.co.nz> <3C6FF51C.4090602@skynet.be> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="LZvS9be/3tNcYl/X" Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <3C6FF51C.4090602@skynet.be>; from sky92136@skynet.be on Sun, Feb 17, 2002 at 07:23:24PM +0100 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --LZvS9be/3tNcYl/X Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Feb 17, 2002 at 07:23:24PM +0100, Raf Schietekat wrote: > Courtesy warning about the apparent twofold spam from=20 > brett@softwarecreations.co.nz on 2002-02-16: WTF, could we stop all this crap everytime a LookOut user sends an infected message to any of the freebsd-* lists? I mean, do we really care? After all, it only affects Windows users ;-) If it depended on me, Outlook users would be banned from posting here.=20 Cheers, --=20 Miguel Mendez - flynn@energyhq.homeip.net GPG Public Key :: http://energyhq.homeip.net/files/pubkey.txt EnergyHQ :: http://www.energyhq.tk FreeBSD - The power to serve! --LZvS9be/3tNcYl/X Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8b/jnnLctrNyFFPERAsODAJsEp84i0rwGxpvNsHbwAdvlch3EOQCfe3Iy Mc2vHFANnv3UVQRlisDDNVc= =++10 -----END PGP SIGNATURE----- --LZvS9be/3tNcYl/X-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Feb 17 10:47:19 2002 Delivered-To: freebsd-security@freebsd.org Received: from mailsrv.otenet.gr (mailsrv.otenet.gr [195.170.0.5]) by hub.freebsd.org (Postfix) with ESMTP id 405CA37B400 for ; Sun, 17 Feb 2002 10:47:13 -0800 (PST) Received: from hades.hell.gr (patr530-a188.otenet.gr [212.205.215.188]) by mailsrv.otenet.gr (8.12.2/8.12.2) with ESMTP id g1HIl49b023895; Sun, 17 Feb 2002 20:47:07 +0200 (EET) Received: (from charon@localhost) by hades.hell.gr (8.11.6/8.11.6) id g1HFseT05641; Sun, 17 Feb 2002 17:54:40 +0200 (EET) (envelope-from keramida@freebsd.org) Date: Sun, 17 Feb 2002 17:54:40 +0200 From: Giorgos Keramidas To: Ryan Burglehaus Cc: freebsd-security@freebsd.org Subject: Re: Reliable shell logs Message-ID: <20020217155440.GA4397@hades.hell.gr> References: <20020216173804.GD44003@squall.waterspout.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.25i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On 2002-02-16 14:20, Ryan Burglehaus wrote: > Anyone else getting viruses from this list? > One attempted a couple of weeks ago and two more attempted today. > Whats up?! Just like every subscriber of the list, I received the .EXE attachments too. But what harm can they make? I'm running a workstation whose OS is FreeBSD. I might just add to my .procmailrc a couple of rules to automagically save all messages with .EXE attachments to a Mutt folder called +junkmail and be done with the virii :) /me clickety click [ add rule to top of .procmailrc ] Giorgos Keramidas FreeBSD Documentation Project keramida@{freebsd.org,ceid.upatras.gr} http://www.FreeBSD.org/docproj/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Feb 17 15:12: 4 2002 Delivered-To: freebsd-security@freebsd.org Received: from leaf.lumiere.net (leaf.lumiere.net [208.44.192.100]) by hub.freebsd.org (Postfix) with ESMTP id 6AC9137B402; Sun, 17 Feb 2002 15:11:59 -0800 (PST) Received: by leaf.lumiere.net (Postfix, from userid 1082) id 4A39DCD36; Sun, 17 Feb 2002 15:11:54 -0800 (PST) Date: Sun, 17 Feb 2002 15:11:54 -0800 From: Derrick John Klise To: freebsd-security@freebsd.org, freebsd-ports@freebsd.org Subject: Re: does Xvnc from ports obey hosts.allow? Message-ID: <20020217151154.A89128@leaf.lumiere.net> References: <20020216232604.B26063@cowbert.2y.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20020216232604.B26063@cowbert.2y.net>; from sirmoo@cowbert.2y.net on Sat, Feb 16, 2002 at 11:26:04PM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sat, Feb 16, 2002 at 11:26:04PM -0500, Peter C. Lai wrote: > I know Wolfram Golger wrote a patch for Xvnc 3.3.2r2 back in 1998 > allowing one to compile Xvnc to use tcpwrappers. > > Is this patch native with the ports version of Xvnc, and does it > automagically build with this or not? (since > tcpwrappers already come installed with freebsd). The Xvnc library isn't linked with libwrap (which, if I remember correctly, is the tcpwrapper library): addled(ttyp4)~> ldd /usr/X11R6/bin/Xvnc /usr/X11R6/bin/Xvnc: libz.so.2 => /usr/lib/libz.so.2 (0x2815b000) libm.so.2 => /usr/lib/libm.so.2 (0x28168000) libc.so.4 => /usr/lib/libc.so.4 (0x28184000) addled(ttyp4)~> So I'm pretty sure it doesn't (include the patch). -- Derrick John Klise "I went into a general store, and they wouldn't sell me anything specific". -- Steven Wright To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Feb 17 18:44:17 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.cise.ufl.edu (beach.cise.ufl.edu [128.227.205.211]) by hub.freebsd.org (Postfix) with ESMTP id ACB1637B404 for ; Sun, 17 Feb 2002 18:44:10 -0800 (PST) Received: from cise.ufl.edu (waterspout.cise.ufl.edu [128.227.205.52]) by mail.cise.ufl.edu (Postfix) with ESMTP id CF51069B1 for ; Sun, 17 Feb 2002 21:44:08 -0500 (EST) To: security@freebsd.org Subject: Dynamic-IP IPSEC support with racoon (was Re: Questions (Rants?) ...) X-mailer: nmh-1.0.3/vi Date: Sun, 17 Feb 2002 21:44:08 -0500 From: "James F. Hranicky" Message-Id: <20020218024408.CF51069B1@mail.cise.ufl.edu> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Well, after cooling down from my rant, it seems I've been able to get dynamic IP IPSEC support working with racoon and x509 certs. Currently, I run setkey on the clients like so: spdadd client.X.X.X server.X.X.X any -P out ipsec esp/transport/client.X.X.X-server.X.X.X/use; spdadd server.X.X.X client.X.X.X any -P in ipsec esp/transport/server.X.X.X-client.X.X.X/use; The racoon.conf is at the end of the message. What I'm having trouble with is getting any version of PGPNet or the IPSEC software that comes with w2k to work with the setup. It's hard to determine which has been more frustrating: - with PGPNet, the BSD box actually thought the two had an IPSEC connection established, but PGPNet didn't. Tried 7.0.3 and 7.1 . - with w2k, no matter what I do it doesn't like my certs (error 798: no extensible auth cert found). I've imported my CA cert and the personal cert into the right places (I think (?!?)) using the MMC console, and started up the IPSEC listening service, but no go. Note I have a self-signed CA certs that I generated with OSSL. If anyone can give me pointers on getting IPSEC working on w2k (especially the default w2k stuff), I'd appreciate it. ---------------------------------------------------------------------- | Jim Hranicky, Senior SysAdmin UF/CISE Department | | E314D CSE Building Phone (352) 392-1499 | | jfh@cise.ufl.edu http://www.cise.ufl.edu/~jfh | ---------------------------------------------------------------------- -------------------------------- racoon.conf -------------------------------- path include "/usr/local/etc/racoon" ; path pre_shared_key "/usr/local/etc/racoon/psk.txt" ; path certificate "/usr/local/lib/ssl/certs" ; padding { maximum_length 20; # maximum padding length. randomize off; # enable randomize length. strict_check off; # enable strict check. exclusive_tail off; # extract last one octet. } # Specification of default various timer. timer { # These value can be changed per remote node. counter 5; # maximum trying count to send. interval 20 sec; # maximum interval to resend. persend 1; # the number of packets per a send. # timer for waiting to complete each phase. phase1 30 sec; phase2 15 sec; } remote anonymous { exchange_mode aggressive,main; doi ipsec_doi; situation identity_only; my_identifier asn1dn ; certificate_type x509 "cert.pem" "key.pem"; generate_policy on; nonce_size 16; lifetime time 1 hour; # sec,min,hour initial_contact on; support_mip6 on; proposal_check obey; # obey, strict or claim proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method rsasig ; dh_group 2 ; } } sainfo anonymous { pfs_group 1; lifetime time 1 hour; encryption_algorithm 3des ; authentication_algorithm hmac_sha1; compression_algorithm deflate ; } -------------------------------- racoon.conf -------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Feb 17 22:16:40 2002 Delivered-To: freebsd-security@freebsd.org Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2]) by hub.freebsd.org (Postfix) with ESMTP id 86CBC37B405 for ; Sun, 17 Feb 2002 22:16:38 -0800 (PST) Received: (from dillon@localhost) by apollo.backplane.com (8.11.6/8.9.1) id g1I6Gc511474; Sun, 17 Feb 2002 22:16:38 -0800 (PST) (envelope-from dillon) Date: Sun, 17 Feb 2002 22:16:38 -0800 (PST) From: Matthew Dillon Message-Id: <200202180616.g1I6Gc511474@apollo.backplane.com> To: security@freebsd.org Subject: security bug / kernel tty buffer overflow Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Neelkanth Natu posted this message on hackers. There are two places in kern/tty_pty.c that test ICANON against tp->t_iflag instead of tp->t_lflag. I have comitted a fix to -current with a 3-day MFC to -stable. This should probably go into the security branch at some point. -Matt Matthew Dillon :From: Neelkanth Natu :Subject: bug in ptcwrite() :To: freebsd-hackers@FreeBSD.ORG :Date: Sun, 17 Feb 2002 13:52:40 -0800 (PST) : :Hi, : :The following code in ptcwrite() in kern/tty_pty.c is supposed to prevent :the tty input buffer overflow (for certain cases): : : 612 if ((tp->t_rawq.c_cc + tp->t_canq.c_cc) >= TTYHOG - 2 && : 613 (tp->t_canq.c_cc > 0 || !(tp->t_iflag&ICANON))) { : 614 wakeup(TSA_HUP_OR_INPUT(tp)); : 615 goto block; : 616 } : :But the ICANON flag is set in tp->t_lflag and not tp->t_iflag. The ICRNL flag :in tp->t_iflag has the same value as the ICANON flag in tp->t_lflag (0x100). :This leads to input buffer overflow as soon as the ICRNL bit is set in :tp->t_iflag, and there are more than 1024 characters that telnet/ssh wants :to write to the pty. : :I discovered this problem when using libreadline because it changes the :terminal settings every time it is begins/finishes reading a line. : :Has anyone else seen a similar problem ? I saw identical behavior on NetBSD :too. Please CC me as I am not on the mailing list. : :thanks :Neel To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sun Feb 17 23: 6:38 2002 Delivered-To: freebsd-security@freebsd.org Received: from riker.skynet.be (riker.skynet.be [195.238.3.132]) by hub.freebsd.org (Postfix) with ESMTP id B679C37B416 for ; Sun, 17 Feb 2002 23:06:27 -0800 (PST) Received: from skynet.be (dialup69.herentals.skynet.be [195.238.28.69]) by riker.skynet.be (8.11.6/8.11.6/Skynet-OUT-2.16) with ESMTP id g1I76Cc03939; Mon, 18 Feb 2002 08:06:12 +0100 (MET) (envelope-from ) Message-ID: <3C70A7E1.5080900@skynet.be> Date: Mon, 18 Feb 2002 08:06:09 +0100 From: Raf Schietekat Reply-To: Raf_Schietekat@ieee.org User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.4) Gecko/20011019 Netscape6/6.2 X-Accept-Language: en-us MIME-Version: 1.0 To: Miguel Mendez Cc: freebsd-security@FreeBSD.ORG Subject: Re: as they advise the Sponsor. References: <200202162009.g1GK90C96120@mail.visp.co.nz> <3C6FF51C.4090602@skynet.be> <20020217193936.A25423@energyhq.homeip.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Miguel Mendez wrote: >[...] > WTF, could we stop all this crap everytime a LookOut user sends an > infected message to any of the freebsd-* lists? I mean, do we really > care? After all, it only affects Windows users ;-) > > If it depended on me, Outlook users would be banned from posting here. > > Cheers, Yeah, good idea, nuke all them Billysoft suckers and save the world! Meanwhile, how about if I sent an innocent FreeBSD user an attack (this looked like a Trojan horse, not an Outlook worm/virus (?), after my forwarding cum "virus" filtering service released it to me)? Would s/he be protected by what Java would call a sand box? I don't think so. Unix security may be based more on marginality than on technical prowess, and little if any progress seems to be being made. What good does it do to me as an ordinary user that the superuser is safe and smug about his continued service, if all my personal stuff goes down the drain? Raf Schietekat Running Netscape 6.2 (because I still can) on MS Windows 2000 Professional on my laptop (because I have to). To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Feb 18 0: 3:33 2002 Delivered-To: freebsd-security@freebsd.org Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by hub.freebsd.org (Postfix) with ESMTP id 73B4337B416 for ; Mon, 18 Feb 2002 00:03:31 -0800 (PST) Received: by elvis.mu.org (Postfix, from userid 1192) id 53B27AE6FF; Mon, 18 Feb 2002 00:03:31 -0800 (PST) Date: Mon, 18 Feb 2002 00:03:31 -0800 From: Alfred Perlstein To: security@freebsd.org Subject: using ipsec on dynamic addresses? Message-ID: <20020218080331.GT12136@elvis.mu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.27i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I'm looking to secure a wireless LAN. It looks like this: _______________________ _____________ / Wireless Lan \ \ / / xl0->DSL/internet < >- _|_<-ethernet->fxp0 router xl1->LAN \ Laptop-A Laptop-B etc / wireless \____________| '---------------------' base-station What I think I want to do is: block traffic going _through_ fxp0 but not _into_ fxp0, generate keys for each laptop on the router, give each laptop its own key, have the laptops DHCP an address, have laptops authenticate via the key and negotiate secure connections, finally be done with this nightmare. I don't really need any hooks into dhclient I think I can figure that out on my own, it's just the key generation thing and dynamic addresses that seem to be a real pain. Anyone aware of any howtos on doing this? thanks, -Alfred To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Feb 18 6:54:45 2002 Delivered-To: freebsd-security@freebsd.org Received: from energyhq.homeip.net (213-97-200-73.uc.nombres.ttd.es [213.97.200.73]) by hub.freebsd.org (Postfix) with ESMTP id 2C78337B404 for ; Mon, 18 Feb 2002 06:54:41 -0800 (PST) Received: by energyhq.homeip.net (Postfix, from userid 1001) id 5AC353FC49; Mon, 18 Feb 2002 15:53:34 +0100 (CET) Date: Mon, 18 Feb 2002 15:53:34 +0100 From: Miguel Mendez To: Raf_Schietekat@ieee.org Cc: freebsd-security@FreeBSD.ORG Subject: Re: as they advise the Sponsor. Message-ID: <20020218155334.A29845@energyhq.homeip.net> References: <200202162009.g1GK90C96120@mail.visp.co.nz> <3C6FF51C.4090602@skynet.be> <20020217193936.A25423@energyhq.homeip.net> <3C70A7E1.5080900@skynet.be> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="liOOAslEiF7prFVr" Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <3C70A7E1.5080900@skynet.be>; from sky92136@skynet.be on Mon, Feb 18, 2002 at 08:06:09AM +0100 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --liOOAslEiF7prFVr Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Feb 18, 2002 at 08:06:09AM +0100, Raf Schietekat wrote: Hi Raf, I'm not sure if you just missed my point or you are trolling, but I'll bite :-) > Yeah, good idea, nuke all them Billysoft suckers and save the world!=20 > Meanwhile, how about if I sent an innocent FreeBSD user an attack (this= =20 > looked like a Trojan horse, not an Outlook worm/virus (?), after my=20 > forwarding cum "virus" filtering service released it to me)? Would s/he= =20 Well, you have a point here, as we all know: Security is a process, not a product. But you seem to forget one thing. FreeBSD is *not* by any means a mainstream OS. And that means that the people who use it usually know what they're doing, at least to the point of not executing a file they got from a stranger. Even if they did, all they could lose is the files they own, which, of course, should be backed up somewhere if they are worth anything. Considering the fact the 9 out of 10 computers run some MS OS, the probability that a clueless user is running BSD is almost 0. > be protected by what Java would call a sand box? I don't think so. Unix= =20 > security may be based more on marginality than on technical prowess, and= =20 > little if any progress seems to be being made. What good does it do to=20 > me as an ordinary user that the superuser is safe and smug about his=20 > continued service, if all my personal stuff goes down the drain? I see two cases where this could apply. Someone who just installed MacOS X and for some weird reason decided to play with permissions and the typical moron who joins a unix irc channel and says:"EYE HAEV INSTALLED TEH MANDRAEK!!!!". Well, not really, but you get the point. It is pretty safe to assume that those running BSD are worth their salt. I think Theo de Raadt once said it pretty nicely:"If you are too stupid to read documentation go and run Linux", it wasn't exactly those words, but that was the meaning. And no, I don't expect my mother to be a unix guru, but the freebsd-security list is a technical discussion forum, not the place for newbies. > Raf Schietekat > Running Netscape 6.2 (because I still can) on MS Windows 2000=20 > Professional on my laptop (because I have to). ^^^^^^^ My deepest sympathies :-P Cheers, --=20 Miguel Mendez - flynn@energyhq.homeip.net GPG Public Key :: http://energyhq.homeip.net/files/pubkey.txt EnergyHQ :: http://www.energyhq.tk FreeBSD - The power to serve! --liOOAslEiF7prFVr Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8cRVtnLctrNyFFPERAtrSAKCauDejlcT/c6PYxwbqcrWXW7q6zwCfd22k YpxZ5XgV9nRgNQaFFvirmu8= =w1YX -----END PGP SIGNATURE----- --liOOAslEiF7prFVr-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Feb 18 7: 1: 2 2002 Delivered-To: freebsd-security@freebsd.org Received: from dreamflow.nl (dreamflow.nl [62.58.36.22]) by hub.freebsd.org (Postfix) with SMTP id B9B4E37B404 for ; Mon, 18 Feb 2002 07:00:57 -0800 (PST) Received: (qmail 28555 invoked by uid 1000); 18 Feb 2002 15:00:55 -0000 Date: Mon, 18 Feb 2002 16:00:55 +0100 From: Bart Matthaei To: security@freebsd.org Subject: Re: as they advise the Sponsor. Message-ID: <20020218160055.J8375@heresy.dreamflow.nl> References: <200202162009.g1GK90C96120@mail.visp.co.nz> <3C6FF51C.4090602@skynet.be> <20020217193936.A25423@energyhq.homeip.net> <3C70A7E1.5080900@skynet.be> <20020218155334.A29845@energyhq.homeip.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="y0ulUmNC+osPPQO6" Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020218155334.A29845@energyhq.homeip.net>; from flynn@energyhq.homeip.net on Mon, Feb 18, 2002 at 03:53:34PM +0100 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --y0ulUmNC+osPPQO6 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Feb 18, 2002 at 03:53:34PM +0100, Miguel Mendez wrote: [wibble] Let's quit this discussion shall we ? It's of no use to the freebsd-security community, so direct it to /dev/null instead of this list. Thank you :) Useless mail is as bad as virusmail ;) With regards, Bart=20 --=20 Bart Matthaei bart@dreamflow.nl=20 Support wildlife -- vote for an orgy. :-) --y0ulUmNC+osPPQO6 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8cRcmgcc6pR+tCegRAlxTAKCN+D0DBahT68X0R2dRARKpUMLFiwCgpvst FhvvKy2qu5EzY1cC3aIZxJ4= =sNiU -----END PGP SIGNATURE----- --y0ulUmNC+osPPQO6-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Feb 18 7: 7: 8 2002 Delivered-To: freebsd-security@freebsd.org Received: from daemon.cyberdoom.org (ip212-226-145-19.adsl.kpnqwest.fi [212.226.145.19]) by hub.freebsd.org (Postfix) with ESMTP id A1CF837B400 for ; Mon, 18 Feb 2002 07:07:03 -0800 (PST) Received: by daemon.cyberdoom.org (Postfix, from userid 1) id B04DBD7419E; Mon, 18 Feb 2002 17:07:01 +0200 (EET) Received: from daemon (daemon [212.226.145.19]) by daemon.cyberdoom.org (Postfix) with ESMTP id EF416773B9F; Mon, 18 Feb 2002 17:06:59 +0200 (EET) Date: Mon, 18 Feb 2002 17:06:59 +0200 (EET) From: Dan Airinen X-X-Sender: To: Bart Matthaei Cc: Subject: Re: as they advise the Sponsor. In-Reply-To: <20020218160055.J8375@heresy.dreamflow.nl> Message-ID: <20020218170620.W77571-100000@daemon.cyberdoom.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-AntiVirus: scanned for viruses by AMaViS 0.2.1 (http://amavis.org/) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I agree ;-) On Mon, 18 Feb 2002, Bart Matthaei wrote: > On Mon, Feb 18, 2002 at 03:53:34PM +0100, Miguel Mendez wrote: > [wibble] > > Let's quit this discussion shall we ? It's of no use to the freebsd-security > community, so direct it to /dev/null instead of this list. Thank you > :) > > Useless mail is as bad as virusmail ;) > > With regards, > > Bart > > -- > Bart Matthaei bart@dreamflow.nl > > Support wildlife -- vote for an orgy. :-) > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Feb 18 11:19:15 2002 Delivered-To: freebsd-security@freebsd.org Received: from yez.hyperreal.org (dsl027-182-008.sfo1.dsl.speakeasy.net [216.27.182.8]) by hub.freebsd.org (Postfix) with SMTP id F162737B400 for ; Mon, 18 Feb 2002 11:19:08 -0800 (PST) Received: (qmail 2194 invoked by uid 1000); 18 Feb 2002 19:19:50 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 18 Feb 2002 19:19:50 -0000 Date: Mon, 18 Feb 2002 11:19:50 -0800 (PST) From: Brian Behlendorf X-X-Sender: brian@localhost To: Miguel Mendez Cc: freebsd-security@FreeBSD.ORG Subject: Re: as they advise the Sponsor. In-Reply-To: <20020218155334.A29845@energyhq.homeip.net> Message-ID: <20020218111251.C2156-100000@localhost> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, 18 Feb 2002, Miguel Mendez wrote: > FreeBSD is *not* by any means a mainstream OS. And that means that the > people who use it usually know what they're doing, at least to the point > of not executing a file they got from a stranger. I dunno, I end up doing "make install" in my ports tree or "pkg_add" of a package as root all the time, in both cases executing code written by people I've never met and usually don't even know the names of. I trust that those who've been given access to the FreeBSD ports three and package collections are trusted by the community, FSV of "trusted" and "community". I don't have the time to audit all of the code myself - I'm putting faith in the inherent security of an open process, which has no guarantees of reliability. Though this is leagues away from, say, running a random executable I got via email, I still fear that the biggest threat to the security of my FreeBSD laptop would be a rogue actor within a trusted circle. Of course this is much much better than having to trust one company whose business interests are to always cover up or minimize the amount of knowlege about security holes. This is probably going way off topic. Brian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Feb 18 12:51:26 2002 Delivered-To: freebsd-security@freebsd.org Received: from picard.skynet.be (picard.skynet.be [195.238.3.131]) by hub.freebsd.org (Postfix) with ESMTP id 0C9C637B402 for ; Mon, 18 Feb 2002 12:51:22 -0800 (PST) Received: from skynet.be (dialup180.herentals.skynet.be [195.238.28.180]) by picard.skynet.be (8.11.6/8.11.6/Skynet-OUT-2.16) with ESMTP id g1IKp2818600; Mon, 18 Feb 2002 21:51:02 +0100 (MET) (envelope-from ) Message-ID: <3C716934.7080203@skynet.be> Date: Mon, 18 Feb 2002 21:51:00 +0100 From: Raf Schietekat Reply-To: Raf_Schietekat@ieee.org User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.4) Gecko/20011019 Netscape6/6.2 X-Accept-Language: en-us MIME-Version: 1.0 To: freebsd-security@FreeBSD.ORG Subject: Re: as they advise the Sponsor. References: <20020218170620.W77571-100000@daemon.cyberdoom.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Dan Airinen wrote: > I agree ;-) Shucks, now I can't reply to Miguel! Just this then: what OS needs enemies if its friends don't want it to go mainstream? Raf Schietekat To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Feb 18 13:12:52 2002 Delivered-To: freebsd-security@freebsd.org Received: from dreamflow.nl (dreamflow.nl [62.58.36.22]) by hub.freebsd.org (Postfix) with SMTP id 1DB6E37B417 for ; Mon, 18 Feb 2002 13:12:42 -0800 (PST) Received: (qmail 47839 invoked by uid 1000); 18 Feb 2002 21:12:40 -0000 Date: Mon, 18 Feb 2002 22:12:40 +0100 From: Bart Matthaei To: Raf_Schietekat@ieee.org Cc: security@freebsd.org Subject: Re: as they advise the Sponsor. Message-ID: <20020218221240.P8375@heresy.dreamflow.nl> References: <20020218170620.W77571-100000@daemon.cyberdoom.org> <3C716934.7080203@skynet.be> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="H1spWtNR+x+ondvy" Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <3C716934.7080203@skynet.be>; from sky92136@skynet.be on Mon, Feb 18, 2002 at 09:51:00PM +0100 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --H1spWtNR+x+ondvy Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Feb 18, 2002 at 09:51:00PM +0100, Raf Schietekat wrote: > Shucks, now I can't reply to Miguel! Just this then: what OS needs=20 > enemies if its friends don't want it to go mainstream? Don't we all agree that this is off-topic ? Then why does everybody keep discussing this stuff here ? :-) I don't feel the need of reading useless email I dont care about. I subscribed to this list to get trivial discussions/info about freebsd security. Discuss this kind of foolishness in freebsd-general (?), or where-ever it belongs. But not here. Thank you, again. With regards, Bart --=20 Bart Matthaei bart@dreamflow.nl=20 Support wildlife -- vote for an orgy. --H1spWtNR+x+ondvy Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8cW5Igcc6pR+tCegRAmTYAJ0Z971F0ETavT+BBrwxXQunUljy1wCfWSRt nv2Uwzd93nOcxjlJ8j4toFI= =1VYP -----END PGP SIGNATURE----- --H1spWtNR+x+ondvy-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Feb 18 13:18:59 2002 Delivered-To: freebsd-security@freebsd.org Received: from smtp-server3.tampabay.rr.com (smtp-server3.tampabay.rr.com [65.32.1.41]) by hub.freebsd.org (Postfix) with ESMTP id A916437B434; Mon, 18 Feb 2002 13:18:39 -0800 (PST) Received: from mercenary (65.35.126.255.melbourne-ubr-b.cfl.rr.com [65.35.126.255]) by smtp-server3.tampabay.rr.com (8.11.2/8.11.2) with SMTP id g1ILIb424637; Mon, 18 Feb 2002 16:18:37 -0500 (EST) Message-ID: <003001c1b8b9$7d5bbff0$ff7e2341@mercenary> From: "David" To: "Alfred Perlstein" , References: <20020218080331.GT12136@elvis.mu.org> Subject: Re: using ipsec on dynamic addresses? Date: Mon, 18 Feb 2002 15:18:54 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 Disposition-Notification-To: "David" X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org this is not security related, please redirect this to freebsd-questions@freebsd.org I believe is the mailing list... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon Feb 18 14:30: 5 2002 Delivered-To: freebsd-security@freebsd.org Received: from mm01snlnto.sandia.gov (mm01snlnto.sandia.gov [132.175.109.20]) by hub.freebsd.org (Postfix) with SMTP id 0620537B405 for ; Mon, 18 Feb 2002 14:29:58 -0800 (PST) Received: from 132.175.109.4 by mm01snlnto.sandia.gov with ESMTP ( Tumbleweed MMS SMTP Relay (MMS v4.7)); Mon, 18 Feb 2002 15:29:12 -0700 X-Server-Uuid: 95b8ca9b-fe4b-44f7-8977-a6cb2d3025ff Received: from ES01SNLNT.sandia.gov (es01snlnt.sandia.gov [134.253.130.4]) by mailgate2.sandia.gov (8.12.1/8.12.1) with ESMTP id g1IMTsmu015438 for ; Mon, 18 Feb 2002 15: 29:54 -0700 (MST) Received: by ES01SNLNT.sandia.gov with Internet Mail Service ( 5.5.2653.19) id ; Mon, 18 Feb 2002 15:29:54 -0700 Message-ID: <2E714B3E290FAD4AB8D63ABD2F33BC99BD1A10@ES01SNLNT.sandia.gov> From: "Tejada, Phillip" To: "'freebsd-security@FreeBSD.ORG'" Subject: Date: Mon, 18 Feb 2002 15:29:54 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) X-Filter-Version: 1.8 (sass2426) X-WSS-ID: 106F5FB2725129-01-01 Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C1B8CB.C9A4B0D0" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C1B8CB.C9A4B0D0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7bit auth f614faca subscribe freebsd-security-notifications ptejad@sandia.gov auth f9c89828 subscribe freebsd-security ptejad@sandia.gov ------_=_NextPart_001_01C1B8CB.C9A4B0D0 Content-Type: text/html; charset=iso-8859-1 Content-Transfer-Encoding: 7bit

auth f614faca subscribe freebsd-security-notifications ptejad@sandia.gov

auth f9c89828 subscribe freebsd-security ptejad@sandia.gov

------_=_NextPart_001_01C1B8CB.C9A4B0D0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Feb 19 3: 7:26 2002 Delivered-To: freebsd-security@freebsd.org Received: from fe040.worldonline.dk (fe040.worldonline.dk [212.54.64.205]) by hub.freebsd.org (Postfix) with SMTP id 1CC7237B400 for ; Tue, 19 Feb 2002 03:07:19 -0800 (PST) Received: (qmail 32481 invoked by uid 0); 19 Feb 2002 11:07:17 -0000 Received: from 213.237.14.128.adsl.ho.worldonline.dk (HELO dpws) (213.237.14.128) by fe040.worldonline.dk with SMTP; 19 Feb 2002 11:07:17 -0000 Message-ID: <006c01c1b936$228f6540$0301a8c0@dpws> From: "Dennis Pedersen" To: , "James F. Hranicky" References: <20020218024408.CF51069B1@mail.cise.ufl.edu> Subject: Re: Dynamic-IP IPSEC support with racoon (was Re: Questions (Rants?) ...) Date: Tue, 19 Feb 2002 12:11:09 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ----- Original Message ----- From: "James F. Hranicky" To: Sent: Monday, February 18, 2002 3:44 AM Subject: Dynamic-IP IPSEC support with racoon (was Re: Questions (Rants?) ...) > > Well, after cooling down from my rant, it seems I've been able to > get dynamic IP IPSEC support working with racoon and x509 certs. > Currently, I run setkey on the clients like so: > > spdadd client.X.X.X server.X.X.X any -P out ipsec > esp/transport/client.X.X.X-server.X.X.X/use; > spdadd server.X.X.X client.X.X.X any -P in ipsec > esp/transport/server.X.X.X-client.X.X.X/use; This is probaly a bit O.T but i can't seem to find my answer else where so here goes. What is the last options for in the setkey policy? (use or require for example) the dokumentation dos'nt mention much about it. Is it for multible tunnels or? Regards Dennis To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Feb 19 13: 2: 0 2002 Delivered-To: freebsd-security@freebsd.org Received: from brain-stream.com (brain-stream.com [209.95.107.206]) by hub.freebsd.org (Postfix) with ESMTP id 1995637B404 for ; Tue, 19 Feb 2002 13:01:53 -0800 (PST) Received: from laptop.pobox.com (h00609708e398.ne.mediaone.net [24.128.187.79]) by brain-stream.com (8.9.3/8.9.3) with ESMTP id NAA07114 for ; Tue, 19 Feb 2002 13:01:43 -0800 (PST) Message-Id: <5.1.0.14.2.20020219160112.025494f0@pop.earthlink.net> X-Sender: bdelong@pop.earthlink.net (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Tue, 19 Feb 2002 16:01:42 -0500 To: freebsd-security@FreeBSD.ORG From: "B.K. DeLong" Subject: SSHD problems: Forked child when logging in locally Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi all - No one at questions@ has answered this yet so I figured I'd pass it your way: I recently lost the ability to ssh into my firewall from the local side of the network, though ironically I can still ssh to it from the outside. I'm running FreeBSD 4.5-STABLE and OpenSSH_3.0.2. When I try to ssh into the machine (192.168.2.1) from my Win98 SE laptop using ssh2 in SecureCRT 3.3 (192.168.2.11) my authlog shows: sshd[90]: debug1: Forked child 178. Then I close SecureCRT since nothing shows up in the window. Several seconds after I close it, this appears in my authlod: sshd[178]: Connection from 192.168.2.11 port 2696 sshd[178]: Connection from 192.168.2.11 port 2696 sshd[178]: Did not receive identification string from 192.168.2.11. sshd[178]: debug1: Calling cleanup 0x805ef04(0x0) I tried the same with putty on the same machine....with exactly the same results. My hosts.allow should be all set: sshd : 192.168.2.0/255.255.255.0 : allow And my ipf.rules file is setup correctly: ######################################## # INSIDE INTERFACE (xl1) [192.168.2.1] # ######################################## # Incoming Traffic #Allow in all TCP, UDP and ICMP traffic & keep state pass in quick on xl1 proto tcp from 192.168.2.0/24 to any keep state pass in quick on xl1 proto udp from 192.168.2.0/24 to any keep state pass in quick on xl1 proto icmp from 192.168.2.0/24 to any keep state block in log quick on xl1 all # Outgoing Traffic #Allow out all TCP, UDP, and ICMP traffic & keep state pass out quick on xl1 proto tcp from any to 192.168.2.0/24 keep state pass out quick on xl1 proto udp from any to 192.168.2.0/24 keep state pass out quick on xl1 proto icmp from any to 192.168.2.0/24 keep state block out log quick on xl1 all ------------------------------------------------- Any ideas? Thanks in advance. -- B.K. DeLong bkdelong@pobox.com 617.877.3271 http://www.brain-stream.com Play. http://www.the-leaky-cauldron.org Potter. http://www.attrition.org Security. http://www.artemisiabotanicals.com Herb. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Feb 19 13:23:48 2002 Delivered-To: freebsd-security@freebsd.org Received: from fia168-94.dsl.hccnet.nl (fia168-94.dsl.hccnet.nl [62.251.94.168]) by hub.freebsd.org (Postfix) with ESMTP id 487EF37B416 for ; Tue, 19 Feb 2002 13:23:46 -0800 (PST) Received: by fia168-94.dsl.hccnet.nl (Postfix, from userid 1000) id 8C1D492; Tue, 19 Feb 2002 22:24:08 +0100 (CET) Content-Type: text/plain; charset="iso-8859-15" From: Simon Siemonsma To: freebsd-security@freebsd.org Date: Tue, 19 Feb 2002 22:24:06 +0100 X-Mailer: KMail [version 1.3.2] MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: <20020219212408.8C1D492@fia168-94.dsl.hccnet.nl> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org unsubscribe freebsd-security To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Feb 19 13:41: 1 2002 Delivered-To: freebsd-security@freebsd.org Received: from walter.dfmm.org (walter.dfmm.org [209.151.233.240]) by hub.freebsd.org (Postfix) with ESMTP id 69D0237B405 for ; Tue, 19 Feb 2002 13:40:54 -0800 (PST) Received: (qmail 27146 invoked by uid 1000); 19 Feb 2002 21:40:49 -0000 Received: from localhost (sendmail-bs@127.0.0.1) by localhost with SMTP; 19 Feb 2002 21:40:49 -0000 Date: Tue, 19 Feb 2002 13:40:45 -0800 (PST) From: Jason Stone X-X-Sender: To: "B.K. DeLong" Cc: Subject: Re: SSHD problems: Forked child when logging in locally In-Reply-To: <5.1.0.14.2.20020219160112.025494f0@pop.earthlink.net> Message-ID: <20020219133712.A75605-100000@walter> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > I recently lost the ability to ssh into my firewall from the local > side of the network, though ironically I can still ssh to it from the > outside. > > I'm running FreeBSD 4.5-STABLE and OpenSSH_3.0.2. > > When I try to ssh into the machine (192.168.2.1) from my Win98 SE > laptop using ssh2 in SecureCRT 3.3 (192.168.2.11) my authlog shows: My first guess is broken name resolution - maybe the firewall machine is using extrernal dns servers, and so it can resolve real ip's right away, but your private ip's (192.168.) can't resolve, so the server hangs. Verify this by either a) running "host 192.168.2.11" on the firewall box, or b) just waiting a really long time for the login to work - don't get frustrated and close the window - give it like half an hour to actually give you a prompt. -Jason ----------------------------------------------------------------------- I worry about my child and the Internet all the time, even though she's too young to have logged on yet. Here's what I worry about. I worry that 10 or 15 years from now, she will come to me and say "Daddy, where were you when they took freedom of the press away from the Internet?" -- Mike Godwin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: See https://private.idealab.com/public/jason/jason.gpg iD8DBQE8csZhswXMWWtptckRAvCCAJ9sgKrt5+5HYmr0EnbIhDxc6VnoGACgo5JI 1VTixXabCaozMssnIpRQrQM= =udfU -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Feb 19 16:13:41 2002 Delivered-To: freebsd-security@freebsd.org Received: from brain-stream.com (brain-stream.com [209.95.107.206]) by hub.freebsd.org (Postfix) with ESMTP id CB07B37B400 for ; Tue, 19 Feb 2002 16:13:24 -0800 (PST) Received: from pantalaimon.pobox.com (h00609708e398.ne.mediaone.net [24.128.187.79]) by brain-stream.com (8.9.3/8.9.3) with ESMTP id QAA22712; Tue, 19 Feb 2002 16:13:22 -0800 (PST) Message-Id: <5.1.0.14.2.20020219191246.01887020@pop.earthlink.net> X-Sender: bkdelong@pop.earthlink.net X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Tue, 19 Feb 2002 19:13:17 -0500 To: Jason Stone From: "B.K. DeLong" Subject: Re: SSHD problems: Forked child when logging in locally Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <20020219133712.A75605-100000@walter> References: <5.1.0.14.2.20020219160112.025494f0@pop.earthlink.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 01:40 PM 02/19/2002 -0800, you wrote: >My first guess is broken name resolution - maybe the firewall machine is >using extrernal dns servers, and so it can resolve real ip's right away, >but your private ip's (192.168.) can't resolve, so the server hangs. Thanks. I added the definitions to /etc/hosts and that worked. Still learning.... -- B.K. DeLong bkdelong@pobox.com 617.877.3271 http://www.brain-stream.com Play. http://www.the-leaky-cauldron.org Potter. http://www.attrition.org Security. http://www.artemisiabotanicals.com Herb. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Feb 19 16:18:10 2002 Delivered-To: freebsd-security@freebsd.org Received: from smtp.sambolian.net.nz (203-79-83-205.cable.paradise.net.nz [203.79.83.205]) by hub.freebsd.org (Postfix) with ESMTP id D635537B416 for ; Tue, 19 Feb 2002 16:18:00 -0800 (PST) Received: by smtp.sambolian.net.nz (Postfix, from userid 80) id 0E0EE10306; Wed, 20 Feb 2002 13:20:32 +1300 (NZDT) Received: from 192.168.0.1 ( [192.168.0.1]) as user andy@imap.sambolian.net.nz by webmail.sambolian.net.nz with HTTP; Wed, 20 Feb 2002 13:20:31 +1300 Message-ID: <1014164431.3c72ebcff08c3@webmail.sambolian.net.nz> Date: Wed, 20 Feb 2002 13:20:31 +1300 From: andy@sambolian.net.nz To: freebsd-security@freebsd.org Subject: SSH proxy MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit User-Agent: Internet Messaging Program (IMP) 3.0 X-Originating-IP: 192.168.0.1 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi I have a fbsd gateway at home through which I share our cable modem with my flatmates. They have their own boxes on the lan and ssh to them from work. At the moment we log into the gateway and from there ssh to the box we want. I have made a shell script to automate this, and have set it as the default shell for our accounts on the gateway. It all works well but I would like to know if there is a better way and also if there is a security rish with the way I have done it now. Here is the script.... #!/bin/sh echo echo --------------------------------------- echo ------------ SSH Proxy ---------------- echo --------------------------------------- echo SSH=/usr/bin/ssh DEFAULTUSER=`whoami` DEFAULTHOST=`cat ~/.sshproxyhost 2> /dev/null` echo -n Enter username [${DEFAULTUSER}]: read USERNAME echo -n Enter host [${DEFAULTHOST}]: read HOSTNAME if [ -z ${USERNAME} ]; then USERNAME=${DEFAULTUSER} fi if [ -z ${HOSTNAME} ]; then HOSTNAME=${DEFAULTHOST} fi if [ -z ${HOSTNAME} ]; then echo "Can not determine the hostname" exit 1 fi echo ${HOSTNAME} > ~/.sshproxyhost ${SSH} -l ${USERNAME} ${HOSTNAME} exit 0 cheers Andrew ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Feb 19 16:29: 6 2002 Delivered-To: freebsd-security@freebsd.org Received: from goofy.epylon.com (sf-gw.epylon.com [63.93.9.98]) by hub.freebsd.org (Postfix) with ESMTP id 71EFE37B400 for ; Tue, 19 Feb 2002 16:28:59 -0800 (PST) Received: by goofy.epylon.lan with Internet Mail Service (5.5.2653.19) id ; Tue, 19 Feb 2002 16:28:58 -0800 Message-ID: <657B20E93E93D4118F9700D0B73CE3EA02FFF442@goofy.epylon.lan> From: Jason DiCioccio To: "'andy@sambolian.net.nz'" , freebsd-security@freebsd.org Subject: RE: SSH proxy Date: Tue, 19 Feb 2002 16:28:50 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 One thing i can think of, which might not have any security implications if you're running it as their login shell through sshd. But, you'll probably want to set stuff like PATH and LD_LIBRARY_PATH in the script (more importantly path) so that the path couldn't be poisoned and the script couldn't be tricked into going to find those binaries in other places. Might not affect you in this case, but usually a good thing to do. Cheers, - -JD- - -----Original Message----- From: andy@sambolian.net.nz [mailto:andy@sambolian.net.nz] Sent: Tuesday, February 19, 2002 4:21 PM To: freebsd-security@freebsd.org Subject: SSH proxy Hi I have a fbsd gateway at home through which I share our cable modem with my flatmates. They have their own boxes on the lan and ssh to them from work. At the moment we log into the gateway and from there ssh to the box we want. I have made a shell script to automate this, and have set it as the default shell for our accounts on the gateway. It all works well but I would like to know if there is a better way and also if there is a security rish with the way I have done it now. Here is the script.... #!/bin/sh echo echo --------------------------------------- echo ------------ SSH Proxy ---------------- echo --------------------------------------- echo SSH=/usr/bin/ssh DEFAULTUSER=`whoami` DEFAULTHOST=`cat ~/.sshproxyhost 2> /dev/null` echo -n Enter username [${DEFAULTUSER}]: read USERNAME echo -n Enter host [${DEFAULTHOST}]: read HOSTNAME if [ -z ${USERNAME} ]; then USERNAME=${DEFAULTUSER} fi if [ -z ${HOSTNAME} ]; then HOSTNAME=${DEFAULTHOST} fi if [ -z ${HOSTNAME} ]; then echo "Can not determine the hostname" exit 1 fi echo ${HOSTNAME} > ~/.sshproxyhost ${SSH} -l ${USERNAME} ${HOSTNAME} exit 0 cheers Andrew - ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQA/AwUBPHLvlr8+wXo6G32BEQKT9gCfaa5n1Xbe+l7ceFSCUISG+7PdylUAnjJW VLpWe+A2rtwJUT/LGlONiFZA =JW7W -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Feb 19 17: 8:43 2002 Delivered-To: freebsd-security@freebsd.org Received: from cithaeron.argolis.org (bgm-66-67-16-161.stny.rr.com [66.67.16.161]) by hub.freebsd.org (Postfix) with ESMTP id 4D9EE37B402 for ; Tue, 19 Feb 2002 17:08:34 -0800 (PST) Received: from localhost (piechota@localhost) by cithaeron.argolis.org (8.11.6/8.11.4) with ESMTP id g1K189L00804; Tue, 19 Feb 2002 20:08:10 -0500 (EST) (envelope-from piechota@argolis.org) X-Authentication-Warning: cithaeron.argolis.org: piechota owned process doing -bs Date: Tue, 19 Feb 2002 20:08:09 -0500 (EST) From: Matt Piechota To: andy@sambolian.net.nz Cc: freebsd-security@FreeBSD.ORG Subject: Re: SSH proxy In-Reply-To: <1014164431.3c72ebcff08c3@webmail.sambolian.net.nz> Message-ID: <20020219200558.F710-100000@cithaeron.argolis.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, 20 Feb 2002 andy@sambolian.net.nz wrote: > I have a fbsd gateway at home through which I share our cable modem with my > flatmates. They have their own boxes on the lan and ssh to them from work. At > the moment we log into the gateway and from there ssh to the box we want. I > have made a shell script to automate this, and have set it as the default shell > for our accounts on the gateway. It all works well but I would like to know if > there is a better way and also if there is a security rish with the way I have > done it now. Here is the script.... If you're allowed out of work on multiple ports, you could always forward a series of ports to the individual machines. That way you miss the middle box. Then all you have to do is ssh -pPORT cable_gateway to get to the different machines. -- Matt Piechota To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Feb 19 17:48:48 2002 Delivered-To: freebsd-security@freebsd.org Received: from scanner.secnap.net (scanner.secnap.net [216.241.67.74]) by hub.freebsd.org (Postfix) with ESMTP id 3E08B37B405 for ; Tue, 19 Feb 2002 17:48:43 -0800 (PST) Received: from MIKELT (mikelt.scheidell.org [192.168.3.6] (may be forged)) by scanner.secnap.net (8.11.6/8.11.6) with SMTP id g1K1maA78125 for ; Tue, 19 Feb 2002 20:48:36 -0500 (EST) (envelope-from scheidell@secnap.net) Message-ID: <00a001c1b9b0$b6cbb270$0603a8c0@MIKELT> From: "Michael Scheidell" To: References: <02021413401002.02159@hercules.avint.net> <200202142212.g1EMC4p25832@giganda.komkon.org> Subject: Re: sendmail ; bogus letters Date: Tue, 19 Feb 2002 20:48:35 -0500 Organization: Secnap Network Security, LLC. MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org While I do like th ewokr julian does at spamcop, if what you say is true, then everon using that list should know that they can be denied 100% email if someone decides to spoof complaints (revenge reports) Most rbl's are good_ let you know how thye list, why they list and at least say they doublecheck. I got hit by a 'you are a spammer' bounce when complainig to an admin about spam! finally tracked it down to selwart.?sp? list. says its been on the list since 94. With more people using the free lists (without checking them) and more spam (500% increase this year) this means more people are going to loose email. email to him and replies (I will share if anyone wants to know) Q'I am rabidly anti spam - how did we get listed' A'you use an ip address that is leased by uunet and the admin of your system sounds like a troll' (yep, his list blocks ALL uunet addresses, and he wouldn't even consider a client who never spammed because he thought he was a troll) so, I have a 100% solution, the SECNAP rbl. it lista (by cname) all 223 /8 CIDR blocks. you use it like any other rbl, and since every routable (and reserved) ip address is in the rbl, it pretty much means you won't get spammed! (ps, yes, spam is a security issue, its the easiest way to deliver a trojan to an luser but the sendmail questions need to be taken to another list anyway try comp.mail.sendmail usenet list. -- Michael Scheidell SECNAP Network Security, LLC (561) 368-9561 scheidell@secnap.net http://www.secnap.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Feb 19 19:52:29 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.gcfn.org (mail.gcfn.org [164.107.107.13]) by hub.freebsd.org (Postfix) with ESMTP id 4B71037B41A for ; Tue, 19 Feb 2002 19:52:23 -0800 (PST) Received: from acme.gcfn.org (login [164.107.107.11]) by mail.gcfn.org (8.9.3/8.9.3) with ESMTP id WAA18414; Tue, 19 Feb 2002 22:50:46 -0500 (EST) Received: (from kennsmit@localhost) by acme.gcfn.org (8.8.7/8.8.3) id WAA24325; Tue, 19 Feb 2002 22:50:45 -0500 (EST) Date: Tue, 19 Feb 2002 22:47:32 -0500 (EST) From: Kenneth Smith Reply-To: Kenneth Smith Subject: Re: SSH proxy (fwd) To: andy@sambolian.net.nz Cc: freebsd-security@FreeBSD.ORG Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; CHARSET=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I use a similar setup to what Matt is describing using an appliance firewall and I would call port forwarding. It has worked well for application. E-mail me directly for more information. ---------- Forwarded message ---------- Date: Tue, 19 Feb 2002 20:08:09 -0500 (EST) From: Matt Piechota To: andy@sambolian.net.nz Cc: freebsd-security@FreeBSD.ORG Subject: Re: SSH proxy On Wed, 20 Feb 2002 andy@sambolian.net.nz wrote: > I have a fbsd gateway at home through which I share our cable modem with my > flatmates. They have their own boxes on the lan and ssh to them from work. At > the moment we log into the gateway and from there ssh to the box we want. I > have made a shell script to automate this, and have set it as the default shell > for our accounts on the gateway. It all works well but I would like to know if > there is a better way and also if there is a security rish with the way I have > done it now. Here is the script.... If you're allowed out of work on multiple ports, you could always forward a series of ports to the individual machines. That way you miss the middle box. Then all you have to do is ssh -pPORT cable_gateway to get to the different machines. -- Matt Piechota To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue Feb 19 22:45:40 2002 Delivered-To: freebsd-security@freebsd.org Received: from smtp017.mail.yahoo.com (smtp017.mail.yahoo.com [216.136.174.114]) by hub.freebsd.org (Postfix) with SMTP id 059FB37B421 for ; Tue, 19 Feb 2002 22:43:22 -0800 (PST) Received: from l228ppp190.ksc.net.th (HELO thailifetime) (203.155.228.190) by smtp.mail.vip.sc5.yahoo.com with SMTP; 20 Feb 2002 06:43:17 -0000 Message-ID: <01d601c1b9d9$37eceb80$82e29bcb@thailifetime> From: "faststep_3" To: Subject: Work From Home Free Information Date: Wed, 20 Feb 2002 13:36:25 +0700 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_01D3_01C1BA13.97B8CC20" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_01D3_01C1BA13.97B8CC20 Content-Type: text/plain; charset="windows-874" Content-Transfer-Encoding: quoted-printable Work From Home Free Information WHo DO YOU KNOW IN .....INDIA - CHAINA? USA-Europe-Africa-Asia:-Taiwan-Hongkong Korea-Japan-Malasia-Pakistan-Bangdesh Multibillion Dollar International Company Expanding Rapidly, needs your help EARN US$ 500-$1500 A MONTH PART TIME $1,000-$5,000 A MONTH FULL - TIME TEL.6627520011 / 6691112270 E-mail;muimint@yahoo.com www.thailifetime.com/somporn www.herbalife.com Work from your home -country all around the world =E0=C7=C5=D2 10-15 =B9=D2=B7=D5 ... =C1=D5=A4=D8=B3=A4=E8=D2 =CB=D2=A1=B7=E8=D2=B9=A1=D3=C5=D1=A7=CB=D2=A7=D2=B9=B9=CD=A1=E0=C7=C5=D2 = =CB=C3=D7=CD=C3=D2=C2=E4=B4=E9=E0=CA=C3=D4=C1 =E4=C1=E8=B5=E9=CD=A7=CB=D2=CD=D5=A1=B5=E8=CD=E4=BB = =B7=E8=D2=B9=CA=D2=C1=D2=C3=B6=B7=D3=C3=D2=C2=E4=B4=E9=B6=D6=A7 =B9=CD=A1=E0=C7=C5=D2 5,000-30,000 =BA=D2=B7/=E0=B4=D7=CD=B9 =E0=B5=E7=C1=E0=C7=C5=D2 30,000-110,000 =BA=D2=B7/=E0=B4=D7=CD=B9 =CA=D2=C1=D2=C3=B6=E0=C5=D7=CD=A1=E0=C7=C5=D2=B7=D3=A7=D2=B9, = =B7=D3=A7=D2=B9=B7=D5=E8=BA=E9=D2=B9=CB=C3=D7=CD=CD=D4=B9=E0=B5=CD=C3=EC=E0= =B9=E7=B5 =B9=D1=A1=B8=D8=C3=A1=D4=A8 =E1=BE=B7=C2=EC =BE=C2=D2=BA=D2=C5 = =E0=C0=CA=D1=AA=A1=C3 =CA=B6=D2=BB=B9=D4=A1 =C7=D4=C8=C7=A1=C3 = =B7=B9=D2=C2=A4=C7=D2=C1 =B9=D1=A1=BA=D1=AD=AA=D5 =BE=B9=D1=A1=A7=D2=B9=BA=C3=D4=C9=D1=B7 =A2=E9=D2=C3=D2=AA=A1=D2=C3 = =B9=D1=A1=C8=D6=A1=C9=D2 =B9=D1=A1=A4=CD=C1=BE=D4=C7=E0=B5=CD=C3=EC = =B9=D1=A1=A2=D2=C2=BB=C3=D0=A1=D1=B9 =B5=D4=B4=B5=E8=CD =A4=D8=B3=CA=C1=BE=C3 66 91112 270 , 66 2752 00 = 11 www.thailifetime.com/somporn=20 *=CB=D2=A1=B7=E8=D2=B9=E3=AA=E9=CD=D4=B9=E0=B5=CD=C3=EC=E0=B9=E7=B5=E4=B4= =E9 =E0=C3=D2=A8=D0=BE=D4=A8=D2=C3=B3=D2=E0=BB=E7=B9=BE=D4=E0=C8=C9 ------=_NextPart_000_01D3_01C1BA13.97B8CC20 Content-Type: text/html; charset="windows-874" Content-Transfer-Encoding: quoted-printable
Work From Home Free = Information
 
WHo DO YOU KNOW IN .....INDIA -=20 CHAINA?
USA-Europe-Africa-Asia:-Taiwan-Hongkong
Korea-Japan-Malasia= -Pakistan-Bangdesh
Multibillion=20 Dollar International Company
Expanding Rapidly, needs your = help
 
EARN US$ 500-$1500 A MONTH PART=20 TIME
$1,000-$5,000 A MONTH FULL - TIME
 
TEL.6627520011    =20 /   6691112270
E-mail;muimint@yahoo.com
www.thailifetime.com/somporn=       =20 www.herbalife.com
 
Work from your home -country all around = the=20 world
 

=E0=C7=C5=D2 10-15 =B9=D2=B7=D5 ... = =C1=D5=A4=D8=B3=A4=E8=D2
=CB=D2=A1=B7=E8=D2=B9=A1=D3=C5=D1=A7=CB=D2=A7= =D2=B9=B9=CD=A1=E0=C7=C5=D2=20 =CB=C3=D7=CD=C3=D2=C2=E4=B4=E9=E0=CA=C3=D4=C1
=E4=C1=E8=B5=E9=CD=A7=CB= =D2=CD=D5=A1=B5=E8=CD=E4=BB = =B7=E8=D2=B9=CA=D2=C1=D2=C3=B6=B7=D3=C3=D2=C2=E4=B4=E9=B6=D6=A7
=B9=CD= =A1=E0=C7=C5=D2=20 5,000-30,000 =BA=D2=B7/=E0=B4=D7=CD=B9
=E0=B5=E7=C1=E0=C7=C5=D2 = 30,000-110,000=20 =BA=D2=B7/=E0=B4=D7=CD=B9
=CA=D2=C1=D2=C3=B6=E0=C5=D7=CD=A1=E0=C7=C5=D2= =B7=D3=A7=D2=B9, = =B7=D3=A7=D2=B9=B7=D5=E8=BA=E9=D2=B9=CB=C3=D7=CD=CD=D4=B9=E0=B5=CD=C3=EC=E0= =B9=E7=B5
=B9=D1=A1=B8=D8=C3=A1=D4=A8=20 =E1=BE=B7=C2=EC =BE=C2=D2=BA=D2=C5 =E0=C0=CA=D1=AA=A1=C3 = =CA=B6=D2=BB=B9=D4=A1 =C7=D4=C8=C7=A1=C3 =B7=B9=D2=C2=A4=C7=D2=C1 = =B9=D1=A1=BA=D1=AD=AA=D5
=BE=B9=D1=A1=A7=D2=B9=BA=C3=D4=C9=D1=B7 = =A2=E9=D2=C3=D2=AA=A1=D2=C3=20 =B9=D1=A1=C8=D6=A1=C9=D2 =B9=D1=A1=A4=CD=C1=BE=D4=C7=E0=B5=CD=C3=EC = =B9=D1=A1=A2=D2=C2=BB=C3=D0=A1=D1=B9
 
=B5=D4=B4=B5=E8=CD =A4=D8=B3=CA=C1=BE=C3   66 91112 = 270  ,  66 2752 00 11
www.thailifetime.com/somporn= =20
*=CB=D2=A1=B7=E8=D2=B9=E3=AA=E9=CD=D4=B9=E0=B5=CD=C3=EC=E0=B9=E7=B5=E4= =B4=E9 = =E0=C3=D2=A8=D0=BE=D4=A8=D2=C3=B3=D2=E0=BB=E7=B9=BE=D4=E0=C8=C9 ------=_NextPart_000_01D3_01C1BA13.97B8CC20-- _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Feb 20 7:56: 7 2002 Delivered-To: freebsd-security@freebsd.org Received: from mm01snlnto.sandia.gov (mm01snlnto.sandia.gov [132.175.109.20]) by hub.freebsd.org (Postfix) with SMTP id D9AFC37B400; Wed, 20 Feb 2002 07:55:58 -0800 (PST) Received: from 132.175.109.4 by mm01snlnto.sandia.gov with ESMTP ( Tumbleweed MMS SMTP Relay (MMS v4.7)); Wed, 20 Feb 2002 08:55:05 -0700 X-Server-Uuid: 95b8ca9b-fe4b-44f7-8977-a6cb2d3025ff Received: from ES01SNLNT.sandia.gov (es01snlnt.sandia.gov [134.253.130.4]) by mailgate2.sandia.gov (8.12.1/8.12.1) with ESMTP id g1KFtqmu000096; Wed, 20 Feb 2002 08:55:52 -0700 (MST) Received: by ES01SNLNT.sandia.gov with Internet Mail Service ( 5.5.2653.19) id ; Wed, 20 Feb 2002 08:55:51 -0700 Message-ID: <2E714B3E290FAD4AB8D63ABD2F33BC99BD1A29@ES01SNLNT.sandia.gov> From: "Tejada, Phillip" To: "'majordomo@freeBSD.org'" Cc: freebsd-security@FreeBSD.ORG Subject: Date: Wed, 20 Feb 2002 08:55:49 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) X-Filter-Version: 1.8 (sass2426) X-WSS-ID: 106D1953221971-01-01 Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C1BA27.10CBB100" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C1BA27.10CBB100 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7bit unsubscribe freebsd-security ptejad@sandia.gov end God, I hate unmoderated, undigested groups. Let me outta here!! ------_=_NextPart_001_01C1BA27.10CBB100 Content-Type: text/html; charset=iso-8859-1 Content-Transfer-Encoding: 7bit
unsubscribe freebsd-security ptejad@sandia.gov
end
 
God, I hate unmoderated, undigested groups.  Let me outta here!!
------_=_NextPart_001_01C1BA27.10CBB100-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Feb 20 7:58: 0 2002 Delivered-To: freebsd-security@freebsd.org Received: from theinternet.com.au (c20631.kelvn1.qld.optusnet.com.au [203.164.207.8]) by hub.freebsd.org (Postfix) with ESMTP id EEEBB37B404; Wed, 20 Feb 2002 07:57:47 -0800 (PST) Received: (from akm@localhost) by theinternet.com.au (8.11.6/8.11.4) id g1KFvVN24672; Thu, 21 Feb 2002 01:57:31 +1000 (EST) (envelope-from akm) Date: Thu, 21 Feb 2002 01:57:31 +1000 From: Andrew Kenneth Milton To: "Tejada, Phillip" Cc: "'majordomo@freeBSD.org'" , freebsd-security@FreeBSD.ORG Subject: Re: your mail Message-ID: <20020221015731.B90065@zeus.theinternet.com.au> References: <2E714B3E290FAD4AB8D63ABD2F33BC99BD1A29@ES01SNLNT.sandia.gov> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <2E714B3E290FAD4AB8D63ABD2F33BC99BD1A29@ES01SNLNT.sandia.gov>; from ptejad@sandia.gov on Wed, Feb 20, 2002 at 08:55:49AM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org +-------[ Tejada, Phillip ]---------------------- | unsubscribe freebsd-security ptejad@sandia.gov | end | | God, I hate unmoderated, undigested groups. Let me outta here!! Not as much as we hate people that can't read simple instructions. -- Totally Holistic Enterprises Internet| | Andrew Milton The Internet (Aust) Pty Ltd | | ACN: 082 081 472 ABN: 83 082 081 472 | M:+61 416 022 411 | Carpe Daemon PO Box 837 Indooroopilly QLD 4068 |akm@theinternet.com.au| To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Feb 20 8: 0:18 2002 Delivered-To: freebsd-security@freebsd.org Received: from proxy.centtech.com (moat.centtech.com [206.196.95.10]) by hub.freebsd.org (Postfix) with ESMTP id 0769A37B400; Wed, 20 Feb 2002 08:00:05 -0800 (PST) Received: from sprint.centtech.com (sprint.centtech.com [10.177.173.31]) by proxy.centtech.com (8.11.6/8.11.6) with ESMTP id g1KFxnK00386; Wed, 20 Feb 2002 09:59:49 -0600 (CST) Received: from centtech.com (proton [10.177.173.77]) by sprint.centtech.com (8.9.3+Sun/8.9.3) with ESMTP id JAA29262; Wed, 20 Feb 2002 09:59:48 -0600 (CST) Message-ID: <3C73C788.110D70D7@centtech.com> Date: Wed, 20 Feb 2002 09:58:00 -0600 From: Eric Anderson Reply-To: anderson@centtech.com Organization: Centaur Technology X-Mailer: Mozilla 4.78 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en MIME-Version: 1.0 To: Andrew Kenneth Milton Cc: "'majordomo@freeBSD.org'" , freebsd-security@freebsd.org Subject: Re: your mail References: <2E714B3E290FAD4AB8D63ABD2F33BC99BD1A29@ES01SNLNT.sandia.gov> <20020221015731.B90065@zeus.theinternet.com.au> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I think the .gov explains a lot.. :) Andrew Kenneth Milton wrote: > > +-------[ Tejada, Phillip ]---------------------- > | unsubscribe freebsd-security ptejad@sandia.gov > | end > | > | God, I hate unmoderated, undigested groups. Let me outta here!! > > Not as much as we hate people that can't read simple instructions. > > -- > Totally Holistic Enterprises Internet| | Andrew Milton > The Internet (Aust) Pty Ltd | | > ACN: 082 081 472 ABN: 83 082 081 472 | M:+61 416 022 411 | Carpe Daemon > PO Box 837 Indooroopilly QLD 4068 |akm@theinternet.com.au| > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- ------------------------------------------------------------------ Eric Anderson anderson@centtech.com Centaur Technology If at first you don't succeed, sky diving is probably not for you. ------------------------------------------------------------------ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Feb 20 8: 1: 6 2002 Delivered-To: freebsd-security@freebsd.org Received: from theinternet.com.au (c20631.kelvn1.qld.optusnet.com.au [203.164.207.8]) by hub.freebsd.org (Postfix) with ESMTP id 59D9837B405 for ; Wed, 20 Feb 2002 08:00:54 -0800 (PST) Received: (from akm@localhost) by theinternet.com.au (8.11.6/8.11.4) id g1KG0j424768; Thu, 21 Feb 2002 02:00:45 +1000 (EST) (envelope-from akm) Date: Thu, 21 Feb 2002 02:00:45 +1000 From: Andrew Kenneth Milton To: Andrew Kenneth Milton Cc: "Tejada, Phillip" , freebsd-security@FreeBSD.ORG Subject: Re: your mail Message-ID: <20020221020045.C90065@zeus.theinternet.com.au> References: <2E714B3E290FAD4AB8D63ABD2F33BC99BD1A29@ES01SNLNT.sandia.gov> <20020221015731.B90065@zeus.theinternet.com.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020221015731.B90065@zeus.theinternet.com.au>; from akm@theinternet.com.au on Thu, Feb 21, 2002 at 01:57:31AM +1000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org +-------[ Andrew Kenneth Milton ]---------------------- | +-------[ Tejada, Phillip ]---------------------- | | unsubscribe freebsd-security ptejad@sandia.gov | | end | | | | God, I hate unmoderated, undigested groups. Let me outta here!! | | Not as much as we hate people that can't read simple instructions. D'oh, I should read the headers first next time... -- Totally Holistic Enterprises Internet| | Andrew Milton The Internet (Aust) Pty Ltd | | ACN: 082 081 472 ABN: 83 082 081 472 | M:+61 416 022 411 | Carpe Daemon PO Box 837 Indooroopilly QLD 4068 |akm@theinternet.com.au| To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Feb 20 8: 4:26 2002 Delivered-To: freebsd-security@freebsd.org Received: from scorpio.drkshdw.org (user4.net011.fl.sprint-hsd.net [207.30.203.4]) by hub.freebsd.org (Postfix) with ESMTP id AC92237B405 for ; Wed, 20 Feb 2002 08:04:15 -0800 (PST) Received: (from root@localhost) by scorpio.drkshdw.org (8.11.6/8.11.6) id g1KG4CF45455; Wed, 20 Feb 2002 11:04:12 -0500 (EST) (envelope-from scorpio@drkshdw.org) Received: from scorpio (jeff.home.lan [192.168.134.2]) by scorpio.DrkShdw.org (8.11.6/8.11.6+AntiVirus) with SMTP id g1KG49T45447; Wed, 20 Feb 2002 11:04:10 -0500 (EST) (envelope-from scorpio@drkshdw.org) Message-ID: <000d01c1ba28$66784220$0286a8c0@home.lan> From: "Jeff Palmer" To: Cc: References: <2E714B3E290FAD4AB8D63ABD2F33BC99BD1A29@ES01SNLNT.sandia.gov> <20020221015731.B90065@zeus.theinternet.com.au> <3C73C788.110D70D7@centtech.com> Subject: Re: your mail Date: Wed, 20 Feb 2002 11:05:21 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Virus-Scanned: by AMaViS perl-11 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Typical. A .gov who gets upset over petty issues. You gotta love the whole 'I know it's a security list, but.. well.. security isn't as important as my clean mailbox is!' mentality. > I think the .gov explains a lot.. :) > > > > Andrew Kenneth Milton wrote: > > > > +-------[ Tejada, Phillip ]---------------------- > > | unsubscribe freebsd-security ptejad@sandia.gov > > | end > > | > > | God, I hate unmoderated, undigested groups. Let me outta here!! > > > > Not as much as we hate people that can't read simple instructions. > > > > -- > > Totally Holistic Enterprises Internet| | Andrew Milton > > The Internet (Aust) Pty Ltd | | > > ACN: 082 081 472 ABN: 83 082 081 472 | M:+61 416 022 411 | Carpe Daemon > > PO Box 837 Indooroopilly QLD 4068 |akm@theinternet.com.au| > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > -- > ------------------------------------------------------------------ > Eric Anderson anderson@centtech.com Centaur Technology > If at first you don't succeed, sky diving is probably not for you. > ------------------------------------------------------------------ > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Feb 20 8: 9:17 2002 Delivered-To: freebsd-security@freebsd.org Received: from relay2.san1.aens.net (relay2.san1.aens.net [192.215.81.75]) by hub.freebsd.org (Postfix) with ESMTP id 3EA1137B417 for ; Wed, 20 Feb 2002 08:09:04 -0800 (PST) Received: from sinet001.PEAKtechnical.com ([207.252.187.100]) by relay2.san1.aens.net (8.9.3/8.9.3) with ESMTP id QAA02869; Wed, 20 Feb 2002 16:08:56 GMT Message-ID: From: "Sorisio,Chris" To: "'Jeff Palmer'" Cc: "'freebsd-security@freebsd.org'" Subject: RE: your mail Date: Wed, 20 Feb 2002 11:08:55 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C1BA28.E53EC980" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C1BA28.E53EC980 Content-Type: text/plain; charset="iso-8859-1" How about the "One guy said a stupid thing so let's all go and comment on it!" mentality? No offense meant, guys, but may we close this thread now? Thanks. -----Original Message----- From: Jeff Palmer [mailto:scorpio@drkshdw.org] Sent: Wednesday, February 20, 2002 11:05 AM To: freebsd-security@freebsd.org Cc: ptejad@sandia.gov Subject: Re: your mail Typical. A .gov who gets upset over petty issues. You gotta love the whole 'I know it's a security list, but.. well.. security isn't as important as my clean mailbox is!' mentality. ------_=_NextPart_001_01C1BA28.E53EC980 Content-Type: text/html; charset="iso-8859-1" RE: your mail

How about the "One guy said a stupid thing so let's all go and comment on it!" mentality?

No offense meant, guys, but may we close this thread now?

Thanks.


-----Original Message-----
From: Jeff Palmer [mailto:scorpio@drkshdw.org]
Sent: Wednesday, February 20, 2002 11:05 AM
To: freebsd-security@freebsd.org
Cc: ptejad@sandia.gov
Subject: Re: your mail



Typical.

A .gov who gets upset over petty issues.
You gotta love the whole 'I know it's a security list, but..  well..
security isn't as important as my clean mailbox is!' mentality.

------_=_NextPart_001_01C1BA28.E53EC980-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed Feb 20 8:29:34 2002 Delivered-To: freebsd-security@freebsd.org Received: from scorpio.drkshdw.org (user4.net011.fl.sprint-hsd.net [207.30.203.4]) by hub.freebsd.org (Postfix) with ESMTP id 6BA9537B400 for ; Wed, 20 Feb 2002 08:29:24 -0800 (PST) Received: (from root@localhost) by scorpio.drkshdw.org (8.11.6/8.11.6) id g1KGTN345533; Wed, 20 Feb 2002 11:29:23 -0500 (EST) (envelope-from scorpio@drkshdw.org) Received: from scorpio (jeff.home.lan [192.168.134.2]) by scorpio.DrkShdw.org (8.11.6/8.11.6+AntiVirus) with SMTP id g1KGTKT45524; Wed, 20 Feb 2002 11:29:20 -0500 (EST) (envelope-from scorpio@drkshdw.org) Message-ID: <002d01c1ba2b$eade93e0$0286a8c0@home.lan> From: "Jeff Palmer" To: "Sorisio,Chris" , References: Subject: Re: your mail Date: Wed, 20 Feb 2002 11:30:32 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_002A_01C1BA02.01DDD260" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Virus-Scanned: by AMaViS perl-11 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_002A_01C1BA02.01DDD260 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable RE: your mailTechnically, this discussion does belong in -security as = it's this mindset that KEEPS the internet as insecure as it is. The entire mentality of "well, I'd keep up with the security stuff, = but I don't like to get all those emails" is just sickening. Limiting = your knowledge to keep your mailbox clean is definately not = security-oriented logic. The fact that this particular individual had a .gov address just served = as a comedic relief as well. Simply look at any of the well known = defacement archives. Take a look at .gov website defacements. Not even = counting actual 'hacked' sites, You might actually smile if you sit back = and consider what just happened. Lord knows this list NEVER gets off topic. Sorry for 'spamming' you. Feel free to add me to your procmail recipe, or your MTA's ruleset for = /dev/null ----- Original Message -----=20 From: Sorisio,Chris=20 To: 'Jeff Palmer'=20 Cc: 'freebsd-security@freebsd.org'=20 Sent: Wednesday, February 20, 2002 11:08 AM Subject: RE: your mail How about the "One guy said a stupid thing so let's all go and comment = on it!" mentality?=20 No offense meant, guys, but may we close this thread now?=20 Thanks.=20 -----Original Message-----=20 From: Jeff Palmer [mailto:scorpio@drkshdw.org]=20 Sent: Wednesday, February 20, 2002 11:05 AM=20 To: freebsd-security@freebsd.org=20 Cc: ptejad@sandia.gov=20 Subject: Re: your mail=20 Typical.=20 A .gov who gets upset over petty issues.=20 You gotta love the whole 'I know it's a security list, but.. well..=20 security isn't as important as my clean mailbox is!' mentality.=20 ------=_NextPart_000_002A_01C1BA02.01DDD260 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable RE: your mail
Technically,  this discussion does belong in = -security as=20 it's this mindset that KEEPS the internet as insecure as it = is.
 
The entire mentality of "well,  I'd keep up = with the=20 security stuff,  but I don't like to get all those emails" is just=20 sickening. Limiting your knowledge to keep your mailbox clean is = definately not=20 security-oriented logic.
 
The fact that this particular individual had a .gov = address=20 just served as a comedic relief as well.  Simply look at any of the = well=20 known defacement archives.  Take a look at .gov website = defacements. =20 Not even counting actual 'hacked' sites, You might actually smile if you = sit=20 back and consider what just happened.
 
Lord knows this list NEVER gets off = topic.
Sorry for 'spamming' you.
 
Feel free to add me to your procmail recipe,  = or your=20 MTA's ruleset for /dev/null
 
----- Original Message -----
From:=20 Sorisio,Chris =
Sent: Wednesday, February 20, = 2002 11:08=20 AM
Subject: RE: your mail

How about the "One guy said a stupid thing so let's = all go and=20 comment on it!" mentality?

No offense meant, guys, but may we close this thread = now?

Thanks.


-----Original Message-----
From: Jeff=20 Palmer [mailto:scorpio@drkshdw.org]=20
Sent: Wednesday, February 20, 2002 11:05 AM =
To: freebsd-security@freebsd.org= =20
Cc: ptejad@sandia.gov =
Subject: Re: your mail



Typical.

A .gov who gets upset over petty issues. =
You gotta love the whole 'I know it's a security list, = but.. =20 well..
security isn't as important as my = clean mailbox=20 is!' mentality.

------=_NextPart_000_002A_01C1BA02.01DDD260-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Feb 21 2:26:46 2002 Delivered-To: freebsd-security@freebsd.org Received: from musubi.org (abunai.musubi.org [64.81.53.11]) by hub.freebsd.org (Postfix) with ESMTP id 3143337B400 for ; Thu, 21 Feb 2002 02:26:41 -0800 (PST) Received: from musubi.org (localhost [127.0.0.1]) by musubi.org (8.12.1/8.12.1) with ESMTP id g1LAQeL2089838 for ; Thu, 21 Feb 2002 02:26:40 -0800 (PST)?g (envelope-from jay@musubi.org)ś Received: from localhost (jay@localhost) by musubi.org (8.12.1/8.12.1/Submit) with ESMTP id g1LAQerV089835 for ; Thu, 21 Feb 2002 02:26:40 -0800 (PST)?g (envelope-from jay@musubi.org) Date: Thu, 21 Feb 2002 02:26:40 -0800 (PST) From: jay To: freebsd-security@FreeBSD.ORG Subject: ipf and IPFILTER_DEFAULT_BLOCK Message-ID: <20020221021005.H27119-100000@spam.musubi.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org i built a 4.5 kernel with the IPFILTER_DEFAULT_BLOCK option and after rebooting found that i had full access in and out of the server (ssh and other services worked), but could not ping or otherwise connect to localhost/127.0.0.1. (got a "sendto: no route to host" error). after my initial rules didn't work (they work on my openbsd firewall), i tried it with these rules... pass out quick on fxp0 proto icmp all pass in quick on fxp0 proto icmp all etc, etc... but still no luck. this happened with udp and tcp as well. ifconfig and netstat -rn showed everything as being normal... ipmon logged no packets being blocked (i had the log option in my rules) i rebuilt the kernel without IPFILTER_DEFAULT_BLOCK and i could ping localhost again. so... am i on crack or can anyone reproduce this? =jay To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Feb 21 2:32:50 2002 Delivered-To: freebsd-security@freebsd.org Received: from caligula.anu.edu.au (caligula.anu.edu.au [150.203.224.42]) by hub.freebsd.org (Postfix) with ESMTP id E677B37B402 for ; Thu, 21 Feb 2002 02:32:47 -0800 (PST) Received: (from avalon@localhost) by caligula.anu.edu.au (8.9.3/8.9.3) id VAA11118; Thu, 21 Feb 2002 21:32:28 +1100 (EST) From: Darren Reed Message-Id: <200202211032.VAA11118@caligula.anu.edu.au> Subject: Re: ipf and IPFILTER_DEFAULT_BLOCK To: jay@musubi.org (jay) Date: Thu, 21 Feb 2002 21:32:28 +1100 (Australia/ACT) Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <20020221021005.H27119-100000@spam.musubi.org> from "jay" at Feb 21, 2002 02:26:40 AM X-Mailer: ELM [version 2.5 PL1] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In some mail from jay, sie said: > > i built a 4.5 kernel with the IPFILTER_DEFAULT_BLOCK option and after > rebooting found that i had full access in and out of the server (ssh and > other services worked), but could not ping or otherwise connect to > localhost/127.0.0.1. (got a "sendto: no route to host" error). > > after my initial rules didn't work (they work on my openbsd firewall), > i tried it with these rules... > > pass out quick on fxp0 proto icmp all > pass in quick on fxp0 proto icmp all > etc, etc... > > but still no luck. this happened with udp and tcp as well. > ifconfig and netstat -rn showed everything as being normal... > ipmon logged no packets being blocked (i had the log option in my rules) > > i rebuilt the kernel without IPFILTER_DEFAULT_BLOCK and i could ping > localhost again. so... am i on crack or can anyone reproduce this? Did you do build from scratch each time? I don't know if IPFILTER_DEFAULT_BLOCK ends up in a .h file and if it doesn't, you need to either remove the right .o files or do a "make clean" each time. Darren To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Feb 21 2:33: 8 2002 Delivered-To: freebsd-security@freebsd.org Received: from musubi.org (abunai.musubi.org [64.81.53.11]) by hub.freebsd.org (Postfix) with ESMTP id 9F83637B402 for ; Thu, 21 Feb 2002 02:33:02 -0800 (PST) Received: from musubi.org (localhost [127.0.0.1]) by musubi.org (8.12.1/8.12.1) with ESMTP id g1LAX2L2089897 for ; Thu, 21 Feb 2002 02:33:02 -0800 (PST)?g (envelope-from jay@musubi.org)ś Received: from localhost (jay@localhost) by musubi.org (8.12.1/8.12.1/Submit) with ESMTP id g1LAX26P089894 for ; Thu, 21 Feb 2002 02:33:02 -0800 (PST)?g (envelope-from jay@musubi.org) Date: Thu, 21 Feb 2002 02:33:02 -0800 (PST) From: jay To: freebsd-security@FreeBSD.ORG Subject: Re: ipf and IPFILTER_DEFAULT_BLOCK In-Reply-To: <20020221021005.H27119-100000@spam.musubi.org> Message-ID: <20020221023106.S27119-100000@spam.musubi.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org oops. i forgot to mention that i got the same results trying to ping the IP of fxp0 and also tried out rules allowing traffic in and out of lo0. On Thu, 21 Feb 2002, jay wrote: > i built a 4.5 kernel with the IPFILTER_DEFAULT_BLOCK option and after > rebooting found that i had full access in and out of the server (ssh and > other services worked), but could not ping or otherwise connect to > localhost/127.0.0.1. (got a "sendto: no route to host" error). > > after my initial rules didn't work (they work on my openbsd firewall), > i tried it with these rules... > > pass out quick on fxp0 proto icmp all > pass in quick on fxp0 proto icmp all > etc, etc... > > but still no luck. this happened with udp and tcp as well. > ifconfig and netstat -rn showed everything as being normal... > ipmon logged no packets being blocked (i had the log option in my rules) > > i rebuilt the kernel without IPFILTER_DEFAULT_BLOCK and i could ping > localhost again. so... am i on crack or can anyone reproduce this? > > =jay > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Feb 21 2:40:51 2002 Delivered-To: freebsd-security@freebsd.org Received: from musubi.org (abunai.musubi.org [64.81.53.11]) by hub.freebsd.org (Postfix) with ESMTP id 25E5B37B400 for ; Thu, 21 Feb 2002 02:40:49 -0800 (PST) Received: from musubi.org (localhost [127.0.0.1]) by musubi.org (8.12.1/8.12.1) with ESMTP id g1LAekL2089944; Thu, 21 Feb 2002 02:40:46 -0800 (PST)?g (envelope-from jay@musubi.org)ś Received: from localhost (jay@localhost) by musubi.org (8.12.1/8.12.1/Submit) with ESMTP id g1LAekVK089941; Thu, 21 Feb 2002 02:40:46 -0800 (PST)?g (envelope-from jay@musubi.org) Date: Thu, 21 Feb 2002 02:40:46 -0800 (PST) From: jay To: Darren Reed Cc: freebsd-security@FreeBSD.ORG Subject: Re: ipf and IPFILTER_DEFAULT_BLOCK In-Reply-To: <200202211032.VAA11118@caligula.anu.edu.au> Message-ID: <20020221023532.R27119-100000@spam.musubi.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, 21 Feb 2002, Darren Reed wrote: > Did you do build from scratch each time? > > I don't know if IPFILTER_DEFAULT_BLOCK ends up in a .h file and if it > doesn't, you need to either remove the right .o files or do a "make clean" > each time. ah, i didn't do a make clean. i'll try that next week. i think i'm way out of the maintenance window now. oops. thanks! =jay To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Feb 21 5:58:54 2002 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 2EA8437B416; Thu, 21 Feb 2002 05:58:28 -0800 (PST) Received: (from nectar@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g1LDwS416782; Thu, 21 Feb 2002 05:58:28 -0800 (PST) (envelope-from security-advisories@freebsd.org) Date: Thu, 21 Feb 2002 05:58:28 -0800 (PST) Message-Id: <200202211358.g1LDwS416782@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: nectar set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Ports Security Advisory FreeBSD-SA-02:12.squid Reply-To: security-advisories@freebsd.org Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:12 Security Advisory FreeBSD, Inc. Topic: multiple security vulnerabilities in squid port Category: ports Module: squid24 Announced: 2002-02-21 Credits: Jouko Pynnonen Henrik Nordstrom Affects: Ports collection prior to the correction date Corrected: 2002-02-19 13:46:22 UTC FreeBSD only: NO I. Background The Squid Internet Object Cache is a web proxy/cache. II. Problem Description The following security vulnerabilities are known to exist in versions of Squid prior to 2.4-STABLE4 (port version 2.4_8): 1) The optional SNMP monitoring interface suffers from a memory leak. The FreeBSD port does not normally include this code, but it can be enabled with a compile-time option. 2) A buffer overflow exists in the code charged with parsing the authentication portion of FTP URLs. 3) The optional HTCP interface can not be properly disabled at run-time. The FreeBSD port does not normally include this code, but it can be enabled with a compile-time option. The squid port is not installed by default, nor is it "part of FreeBSD" as such: it is part of the FreeBSD ports collection, which contains thousands of third-party applications in a ready-to-install format. The ports collection shipped with FreeBSD 4.5 contains this problem since it was discovered after the release. FreeBSD makes no claim about the security of these third-party applications, although an effort is underway to provide a security audit of the most security-critical ports. III. Impact 1) An attacker with the ability to send packets to the Squid SNMP port can cause Squid to run out of memory and crash. (NOTE: The FreeBSD port does not have SNMP enabled by default.) 2) An authorized user of the squid proxy may submit a specially crafted ftp:// request in order to crash the squid process, causing a denial of service. It may also be possible to cause the execution of arbitrary code with the privilege level of the squid process, although no such exploits are known to exist at this time. 3) Unauthorized users may utilize cache resources by using HTCP. (NOTE: The FreeBSD port does not have HTCP enabled by default.) IV. Workaround 1) As regards the SNMP issue, the following configuration statement will disable the SNMP support altogether: snmp_port 0 2) Optionally, set up a firewall rule to block incoming packets to the Squid SNMP port (normally, UDP port 3401) from untrusted hosts. 3) For the second vulnerability, deny forwarding of non-anonymous FTP URLs by inserting the following rules at the top of squid.conf, prior to any http_access allow lines: acl non_anonymous_ftp url_regex -i ftp://[^/@]*@ http_access deny non_anonymous_ftp 4) No workaround exists for the HTCP issue except to set up a firewall rule to block incoming packets to the Squid HTCP port (normally, UDP port 4827) from untrusted hosts. 5) Alternatively, deinstall the squid port/package. V. Solution Do one of the following: 1) Upgrade your entire ports collection and rebuild the port. 2) Deinstall the old package and install a new package dated after the correction date, obtained from the following directories: [i386] ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/ squid-2.4_8.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/ squid-2.4_8.tgz [alpha] Packages are not automatically generated for the alpha architecture at this time due to lack of build resources. NOTE: It may be several days before updated packages are available. 3) Download a new port skeleton for the squid port from: http://www.freebsd.org/ports/ and use it to rebuild the port. 4) Use the portcheckout utility to automate option (3) above. The portcheckout port is available in /usr/ports/devel/portcheckout or the package can be obtained from: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/Latest/portcheckout.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/Latest/portcheckout.tgz VI. Correction details The following list contains the revision numbers of each file that was corrected in the FreeBSD ports collection. Path Revision - ------------------------------------------------------------------------- ports/www/squid24/Makefile 1.87 ports/www/squid24/distinfo 1.63 - ------------------------------------------------------------------------- VII. References -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iQCVAwUBPHT5kVUuHi5z0oilAQFGvwQAj+u0n0OOsV7hxxkMEgCBaZg/LBJWmOkR FwOCxy27eSgSdEqoZcNpZlPM+aFUf6r9bWbg5+S66R+kLb7cMOblgZX69YoU6kn7 QedUoHyBWYuoNd5pBG1VJmyW4NZrQ4vPOM7bdfddSNxt1YpW5P0NNjPaTTmBe96E tZg1bT4hXhM= =N1OC -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Feb 21 7: 4:49 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.univr.it (mail.univr.it [157.27.6.110]) by hub.freebsd.org (Postfix) with SMTP id D9E2537B404 for ; Thu, 21 Feb 2002 07:04:46 -0800 (PST) Received: (qmail 5100 invoked from network); 21 Feb 2002 15:01:11 -0000 Received: from morpheus.univr.it (HELO morpheus) (157.27.6.83) by mail.univr.it with SMTP; 21 Feb 2002 15:01:11 -0000 Message-ID: <003f01c1bae8$8abb1520$53061b9d@univr.it> From: "Alberto Manzoni" To: Subject: FreeBSD Ports Security Advisory FreeBSD-SA-02:12.squid Date: Thu, 21 Feb 2002 16:00:46 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >4) No workaround exists for the HTCP issue except to set up a firewall >rule to block incoming packets to the Squid HTCP port (normally, UDP >port 4827) from untrusted hosts. No way setting htcp_port 0 ?? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu Feb 21 7: 9:29 2002 Delivered-To: freebsd-security@freebsd.org Received: from peitho.fxp.org (peitho.fxp.org [209.26.95.40]) by hub.freebsd.org (Postfix) with ESMTP id 237B537B402 for ; Thu, 21 Feb 2002 07:09:26 -0800 (PST) Received: by peitho.fxp.org (Postfix, from userid 1501) id 9EFEA1366A; Thu, 21 Feb 2002 10:09:25 -0500 (EST) Date: Thu, 21 Feb 2002 10:09:25 -0500 From: Chris Faulhaber To: Alberto Manzoni Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Ports Security Advisory FreeBSD-SA-02:12.squid Message-ID: <20020221150925.GA43867@peitho.fxp.org> Mail-Followup-To: Chris Faulhaber , Alberto Manzoni , freebsd-security@freebsd.org References: <003f01c1bae8$8abb1520$53061b9d@univr.it> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="FL5UXtIhxfXey3p5" Content-Disposition: inline In-Reply-To: <003f01c1bae8$8abb1520$53061b9d@univr.it> User-Agent: Mutt/1.3.24i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --FL5UXtIhxfXey3p5 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Feb 21, 2002 at 04:00:46PM +0100, Alberto Manzoni wrote: > >4) No workaround exists for the HTCP issue except to set up a firewall > >rule to block incoming packets to the Squid HTCP port (normally, UDP > >port 4827) from untrusted hosts. >=20 > No way setting htcp_port 0 ?? >=20 Not according to the advisory released by the squid developers (and referenced in our advisory): http://www.squid-cache.org/Advisories/SQUID-2002_1.txt --=20 Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org --FL5UXtIhxfXey3p5 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: FreeBSD: The Power To Serve iEYEARECAAYFAjx1DaUACgkQObaG4P6BelC26gCfRsnCLzL9/ibnjhhXvE9p2/ng GjsAn2GbYhsIs0kW9opGxbQVkuHzMiWA =R2Jb -----END PGP SIGNATURE----- --FL5UXtIhxfXey3p5-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Feb 22 3:21:33 2002 Delivered-To: freebsd-security@freebsd.org Received: from smtp1.oskarmobil.cz (smtp1.oskarmobil.cz [217.77.161.133]) by hub.freebsd.org (Postfix) with ESMTP id EEEF237B447 for ; Fri, 22 Feb 2002 03:21:21 -0800 (PST) Received: from wh01ex01.ceskymobil.cz (wh01ex01.oskarmobil.cz [172.20.116.17]) by smtp1.oskarmobil.cz (8.11.2/8.11.1) with ESMTP id g1MBF5g55420 for ; Fri, 22 Feb 2002 12:15:05 +0100 (CET) (envelope-from Milon.Papezik@oskarmobil.cz) Received: by wh01ex01.oskarmobil.cz with Internet Mail Service (5.5.2653.19) id ; Fri, 22 Feb 2002 12:18:13 +0100 Message-ID: From: =?ISO-8859-2?Q?Milo=F2_Pape=BE=EDk?= To: "'freebsd-security@freebsd.org'" Subject: Third /tmp location ? Date: Fri, 22 Feb 2002 12:18:02 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="ISO-8859-2" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi all, I was very surprised when I found on freshly installed 4.5RELEASE third world writable directory /usr/tmp. Is there any real reason for this "likely to be forgotten" location ? Why is on out of box installation ? Isn't the /tmp and /var/tmp enough pain ? Thanks in advance, Milon -- milon.papezik@oskarmobil.cz To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Feb 22 3:28:45 2002 Delivered-To: freebsd-security@freebsd.org Received: from axl.seasidesoftware.co.za (axl.seasidesoftware.co.za [196.31.7.201]) by hub.freebsd.org (Postfix) with ESMTP id 70EE237B404 for ; Fri, 22 Feb 2002 03:28:42 -0800 (PST) Received: from sheldonh (helo=axl.seasidesoftware.co.za) by axl.seasidesoftware.co.za with local-esmtp (Exim 3.33 #1) id 16eDvV-000DMd-00; Fri, 22 Feb 2002 13:31:45 +0200 From: Sheldon Hearn To: =?ISO-8859-2?Q?Milo=F2_Pape=BE=EDk?= Cc: "'freebsd-security@freebsd.org'" Subject: Re: Third /tmp location ? In-reply-to: Your message of "Fri, 22 Feb 2002 12:18:02 +0100." Date: Fri, 22 Feb 2002 13:31:45 +0200 Message-ID: <51374.1014377505@axl.seasidesoftware.co.za> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, 22 Feb 2002 12:18:02 +0100, =?ISO-8859-2?Q?Milo=F2_Pape=BE=EDk?= wrote: > I was very surprised when I found on freshly installed 4.5RELEASE third > world writable directory /usr/tmp. Rushed changes to sysinstall. Speak to Matt Dillon . Ciao, Sheldon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Feb 22 3:34:35 2002 Delivered-To: freebsd-security@freebsd.org Received: from smtp1.oskarmobil.cz (smtp1.oskarmobil.cz [217.77.161.133]) by hub.freebsd.org (Postfix) with ESMTP id F35F437B405; Fri, 22 Feb 2002 03:34:27 -0800 (PST) Received: from wh01ex01.ceskymobil.cz (wh01ex01.oskarmobil.cz [172.20.116.17]) by smtp1.oskarmobil.cz (8.11.2/8.11.1) with ESMTP id g1MBSBg56378; Fri, 22 Feb 2002 12:28:11 +0100 (CET) (envelope-from Milon.Papezik@oskarmobil.cz) Received: by wh01ex01.oskarmobil.cz with Internet Mail Service (5.5.2653.19) id ; Fri, 22 Feb 2002 12:31:19 +0100 Message-ID: From: =?ISO-8859-2?Q?Milo=F2_Pape=BE=EDk?= To: "'dillon@freebsd.org'" Cc: "'freebsd-security@freebsd.org'" Subject: RE: Third /tmp location ? Date: Fri, 22 Feb 2002 12:31:18 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="ISO-8859-2" Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi Matt, can the /usr/tmp be safely deleted ? can we put this to 4.5 errata ? Thanks in advance, Milon -- milon.papezik@oskarmobil.cz -----Original Message----- From: Sheldon Hearn [mailto:sheldonh@starjuice.net] Sent: Friday, February 22, 2002 12:32 PM To: Milo=F2 Pape=BE=EDk Cc: 'freebsd-security@freebsd.org' Subject: Re: Third /tmp location ?=20 On Fri, 22 Feb 2002 12:18:02 +0100, = =3D?ISO-8859-2?Q?Milo=3DF2_Pape=3DBE=3DEDk?=3D wrote: > I was very surprised when I found on freshly installed 4.5RELEASE = third > world writable directory /usr/tmp. Rushed changes to sysinstall. Speak to Matt Dillon = . Ciao, Sheldon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Feb 22 10:34:27 2002 Delivered-To: freebsd-security@freebsd.org Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2]) by hub.freebsd.org (Postfix) with ESMTP id 57DD437B400; Fri, 22 Feb 2002 10:34:22 -0800 (PST) Received: (from dillon@localhost) by apollo.backplane.com (8.11.6/8.9.1) id g1MIYKW18033; Fri, 22 Feb 2002 10:34:20 -0800 (PST) (envelope-from dillon) Date: Fri, 22 Feb 2002 10:34:20 -0800 (PST) From: Matthew Dillon Message-Id: <200202221834.g1MIYKW18033@apollo.backplane.com> To: =?ISO-8859-2?Q?Milo=F2_Pape=BE=EDk?= Cc: "'dillon@freebsd.org'" , "'freebsd-security@freebsd.org'" Subject: Re: RE: Third /tmp location ? References: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Huh? I never created a /usr/tmp. What created it? -Matt Matthew Dillon :Hi Matt, : :can the /usr/tmp be safely deleted ? :can we put this to 4.5 errata ? : : Thanks in advance, : Milon :-- :milon.papezik@oskarmobil.cz : : :-----Original Message----- :From: Sheldon Hearn [mailto:sheldonh@starjuice.net] :Sent: Friday, February 22, 2002 12:32 PM :To: Miloň Papeľík :Cc: 'freebsd-security@freebsd.org' :Subject: Re: Third /tmp location ? : : : : :On Fri, 22 Feb 2002 12:18:02 +0100, =?ISO-8859-2?Q?Milo=F2_Pape=BE=EDk?= :wrote: : :> I was very surprised when I found on freshly installed 4.5RELEASE third :> world writable directory /usr/tmp. : :Rushed changes to sysinstall. Speak to Matt Dillon . : :Ciao, :Sheldon. : :To Unsubscribe: send mail to majordomo@FreeBSD.org :with "unsubscribe freebsd-security" in the body of the message : To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Feb 22 10:53:22 2002 Delivered-To: freebsd-security@freebsd.org Received: from post.mail.nl.demon.net (post-11.mail.nl.demon.net [194.159.73.21]) by hub.freebsd.org (Postfix) with ESMTP id 4DFDE37B404 for ; Fri, 22 Feb 2002 10:53:19 -0800 (PST) Received: from [212.238.194.207] (helo=mailhost.raggedclown.net) by post.mail.nl.demon.net with esmtp (Exim 3.33 #1) id 16eKoo-000PEJ-00 for freebsd-security@freebsd.org; Fri, 22 Feb 2002 18:53:18 +0000 Received: from angel.raggedclown.net (angel.raggedclown.intra [192.168.1.7]) by mailhost.raggedclown.net (Ragged Clown Mail Gateway [buffy]) with ESMTP id 593F113040 for ; Fri, 22 Feb 2002 19:53:17 +0100 (CET) Received: by angel.raggedclown.net (Ragged Clown Host [angel], from userid 1005) id 2D918225C1; Fri, 22 Feb 2002 19:53:17 +0100 (CET) Date: Fri, 22 Feb 2002 19:53:17 +0100 From: Cliff Sarginson To: "'freebsd-security@freebsd.org'" Subject: Re: Third /tmp location ? Message-ID: <20020222185317.GA6328@raggedclown.net> References: Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.3.27i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, Feb 22, 2002 at 12:18:02PM +0100, Milo? Pape?ík wrote: > Hi all, > > I was very surprised when I found on freshly installed 4.5RELEASE third > world writable directory /usr/tmp. > > Is there any real reason for this "likely to be forgotten" location ? > Why is on out of box installation ? Isn't the /tmp and /var/tmp enough pain > ? > The only light I can throw on this is that in one of my regular forays into getting KDE to work properly I discovered it made a complaint about /usr/tmp not being writable. I throw this into the maelstrom of speculation. (and no I don't have /tmp symlinked to /usr/tmp). -- Regards Cliff Sarginson -- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Feb 22 14:25:23 2002 Delivered-To: freebsd-security@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id D9BD137B417; Fri, 22 Feb 2002 14:25:10 -0800 (PST) Received: by flood.ping.uio.no (Postfix, from userid 2602) id 91B445343; Fri, 22 Feb 2002 23:25:08 +0100 (CET) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: arch@freebsd.org Subject: OpenPAM From: Dag-Erling Smorgrav Date: 22 Feb 2002 23:25:07 +0100 Message-ID: Lines: 15 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/21.1 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org OpenPAM Cantaloupe is now available at along with an integration patch for FreeBSD-CURRENT. Since the two previous releases have solicited absolutely no feedback other than to point out a broken link on the project's web page, I assume that everybody is happy with the code, and that nobody will object when I import it into CVS and ditch Linux-PAM later this weekend. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Feb 22 15:17:14 2002 Delivered-To: freebsd-security@freebsd.org Received: from smtp1.oskarmobil.cz (smtp1.oskarmobil.cz [217.77.161.133]) by hub.freebsd.org (Postfix) with ESMTP id 89A0937B402 for ; Fri, 22 Feb 2002 15:17:08 -0800 (PST) Received: from wh01ex01.ceskymobil.cz (wh01ex01.oskarmobil.cz [172.20.116.17]) by smtp1.oskarmobil.cz (8.11.2/8.11.1) with ESMTP id g1MNAlg95539; Sat, 23 Feb 2002 00:10:48 +0100 (CET) (envelope-from Milon.Papezik@oskarmobil.cz) Received: by wh01ex01.oskarmobil.cz with Internet Mail Service (5.5.2653.19) id ; Sat, 23 Feb 2002 00:13:57 +0100 Message-ID: From: =?ISO-8859-2?Q?Milo=F2_Pape=BE=EDk?= To: "'Matthew Dillon'" Cc: "'freebsd-security@freebsd.org'" Subject: RE: RE: Third /tmp location ? Date: Sat, 23 Feb 2002 00:13:55 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="ISO-8859-2" Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, I simply installed 4.5R from ISO image with separate /, /usr, /var and /home. After some configuration I run automated security check (script) and it reported 3rd world writable directory /usr/tmp. That was quite a surprise to me, especially with respect to the debate over it some time ago on this list. Is the /usr/tmp really used for somethink usefull ? Thanks in advance, Milon -- milon.papezik@oskarmobil.cz -----Original Message----- From: Matthew Dillon [mailto:dillon@apollo.backplane.com] Sent: Friday, February 22, 2002 7:34 PM To: Milo=F2 Pape=BE=EDk Cc: 'dillon@freebsd.org'; 'freebsd-security@freebsd.org' Subject: Re: RE: Third /tmp location ?=20 Huh? I never created a /usr/tmp. What created it? -Matt Matthew Dillon=20 :Hi Matt, : :can the /usr/tmp be safely deleted ? :can we put this to 4.5 errata ? : : Thanks in advance, : Milon :-- :milon.papezik@oskarmobil.cz : : :-----Original Message----- :From: Sheldon Hearn [mailto:sheldonh@starjuice.net] :Sent: Friday, February 22, 2002 12:32 PM :To: Milo=F2 Pape=BE=EDk :Cc: 'freebsd-security@freebsd.org' :Subject: Re: Third /tmp location ?=20 : : : : :On Fri, 22 Feb 2002 12:18:02 +0100, = =3D?ISO-8859-2?Q?Milo=3DF2_Pape=3DBE=3DEDk?=3D :wrote: : :> I was very surprised when I found on freshly installed 4.5RELEASE = third :> world writable directory /usr/tmp. : :Rushed changes to sysinstall. Speak to Matt Dillon = . : :Ciao, :Sheldon. : :To Unsubscribe: send mail to majordomo@FreeBSD.org :with "unsubscribe freebsd-security" in the body of the message : To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Feb 22 15:25:35 2002 Delivered-To: freebsd-security@freebsd.org Received: from obsecurity.dyndns.org (adsl-64-169-107-10.dsl.lsan03.pacbell.net [64.169.107.10]) by hub.freebsd.org (Postfix) with ESMTP id 5621037B416 for ; Fri, 22 Feb 2002 15:25:30 -0800 (PST) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id D8E1B66C32; Fri, 22 Feb 2002 15:25:29 -0800 (PST) Date: Fri, 22 Feb 2002 15:25:29 -0800 From: Kris Kennaway To: =?iso-8859-1?Q?Milon_Papez=EDk?= Cc: 'Matthew Dillon' , "'freebsd-security@freebsd.org'" Subject: Re: RE: Third /tmp location ? Message-ID: <20020222152529.A16356@xor.obsecurity.org> References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="EVF5PPMfhYS0aIcm" Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: ; from Milon.Papezik@oskarmobil.cz on Sat, Feb 23, 2002 at 12:13:55AM +0100 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --EVF5PPMfhYS0aIcm Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Feb 23, 2002 at 12:13:55AM +0100, Milon Papez=EDk wrote: > Hi, >=20 > I simply installed 4.5R from ISO image with separate /, /usr, /var and > /home. >=20 > After some configuration I run automated security check (script) > and it reported 3rd world writable directory /usr/tmp. > That was quite a surprise to me, especially with respect > to the debate over it some time ago on this list. Hmm.. there are faint bells ringing in my head somewhere which are telling me it might be something to do with pkg_add: I think I've seen this once or twice before, but it didn't bother me enough to track it down. It's pretty likely I'm just randomly associating but if anyone is looking into this it might be something to check. Kris --EVF5PPMfhYS0aIcm Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8dtNpWry0BWjoQKURAjwmAKCzcSZVJj1X2NLeZ1SdRNa9x1sT7gCguUhx tSGchzuVAZ3k4Iy6Uf2kdIE= =BsBi -----END PGP SIGNATURE----- --EVF5PPMfhYS0aIcm-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Feb 22 15:27:33 2002 Delivered-To: freebsd-security@freebsd.org Received: from obsecurity.dyndns.org (adsl-64-169-107-10.dsl.lsan03.pacbell.net [64.169.107.10]) by hub.freebsd.org (Postfix) with ESMTP id A8AE837B400 for ; Fri, 22 Feb 2002 15:27:14 -0800 (PST) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 4446566C32; Fri, 22 Feb 2002 15:27:14 -0800 (PST) Date: Fri, 22 Feb 2002 15:27:14 -0800 From: Kris Kennaway To: Kris Kennaway Cc: =?iso-8859-1?Q?Milon_Papez=EDk?= , 'Matthew Dillon' , "'freebsd-security@freebsd.org'" Subject: Re: RE: Third /tmp location ? Message-ID: <20020222152714.B16356@xor.obsecurity.org> References: <20020222152529.A16356@xor.obsecurity.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="61jdw2sOBCFtR2d/" Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020222152529.A16356@xor.obsecurity.org>; from kris@obsecurity.org on Fri, Feb 22, 2002 at 03:25:29PM -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --61jdw2sOBCFtR2d/ Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Feb 22, 2002 at 03:25:29PM -0800, Kris Kennaway wrote: > On Sat, Feb 23, 2002 at 12:13:55AM +0100, Milon Papez=EDk wrote: > > Hi, > >=20 > > I simply installed 4.5R from ISO image with separate /, /usr, /var and > > /home. > >=20 > > After some configuration I run automated security check (script) > > and it reported 3rd world writable directory /usr/tmp. > > That was quite a surprise to me, especially with respect > > to the debate over it some time ago on this list. >=20 > Hmm.. there are faint bells ringing in my head somewhere which are > telling me it might be something to do with pkg_add: I think I've seen > this once or twice before, but it didn't bother me enough to track it > down. It's pretty likely I'm just randomly associating but if anyone > is looking into this it might be something to check. Well, 10 seconds in the code shows this: /* Find a good place to play. */ static char * find_play_pen(char *pen, off_t sz) { char *cp; struct stat sb; if (pen[0] && isdir(dirname(pen)) =3D=3D TRUE && (min_free(dirname(pen)= ) >=3D sz)) return pen; else if ((cp =3D getenv("PKG_TMPDIR")) !=3D NULL && stat(cp, &sb) !=3D = FAIL && (min_free(cp) >=3D sz)) sprintf(pen, "%s/instmp.XXXXXX", cp); else if ((cp =3D getenv("TMPDIR")) !=3D NULL && stat(cp, &sb) !=3D FAIL= && (min_free(cp) >=3D sz)) sprintf(pen, "%s/instmp.XXXXXX", cp); else if (stat("/var/tmp", &sb) !=3D FAIL && min_free("/var/tmp") >=3D s= z) strcpy(pen, "/var/tmp/instmp.XXXXXX"); else if (stat("/tmp", &sb) !=3D FAIL && min_free("/tmp") >=3D sz) strcpy(pen, "/tmp/instmp.XXXXXX"); else if ((stat("/usr/tmp", &sb) =3D=3D SUCCESS || mkdir("/usr/tmp", 017= 77) =3D=3D SUCCESS) && min_free ("/usr/tmp") >=3D sz) strcpy(pen, "/usr/tmp/instmp.XXXXXX"); else { cleanup(0); errx(2, __FUNCTION__ ": can't find enough temporary space to extract the files, please set your\= n" "PKG_TMPDIR environment variable to a location with at least %ld bytes\n" "free", (long)sz); return NULL; } return pen; } If /var/tmp and /tmp aren't big enough to extract the package it creates /usr/tmp and uses it. Kris --61jdw2sOBCFtR2d/ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8dtPRWry0BWjoQKURAhNMAJ0XNdozTO1AshKkERwxFdxU/EvDNQCfWwHv W4JN/QXWzrss/bhbTPjmfKI= =Ce0P -----END PGP SIGNATURE----- --61jdw2sOBCFtR2d/-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Feb 22 17:35:21 2002 Delivered-To: freebsd-security@freebsd.org Received: from smtp1.oskarmobil.cz (smtp1.oskarmobil.cz [217.77.161.133]) by hub.freebsd.org (Postfix) with ESMTP id 5BCB437B402 for ; Fri, 22 Feb 2002 17:35:11 -0800 (PST) Received: from wh01ex01.ceskymobil.cz (wh01ex01.oskarmobil.cz [172.20.116.17]) by smtp1.oskarmobil.cz (8.11.2/8.11.1) with ESMTP id g1N1SYg98447; Sat, 23 Feb 2002 02:28:34 +0100 (CET) (envelope-from Milon.Papezik@oskarmobil.cz) Received: by wh01ex01.oskarmobil.cz with Internet Mail Service (5.5.2653.19) id ; Sat, 23 Feb 2002 02:31:44 +0100 Message-ID: From: =?iso-8859-1?Q?Milon_Papez=EDk?= To: "'Kris Kennaway'" Cc: "'Matthew Dillon'" , "'freebsd-security@freebsd.org'" Subject: RE: RE: Third /tmp location ? Date: Sat, 23 Feb 2002 02:31:42 +0100 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, I think that no utility shall create world writable directories on the fly. It shall report an error and probably point out that environment variable can be set. Also there seems to be too many places where hardcoded use of '/usr/tmp' is attempted: --------- # cd /usr/src # find . -type f -name *.[hc] -exec grep -n 'usr/tmp' {} \; -print 1127: variable_set2(VAR_PKG_TMPDIR, "/usr/tmp", 0); ./release/sysinstall/install.c 270: char *cp = msgGetInput("/usr/tmp/etc", "Under which directory do you wish to save your current /etc?"); 455: saved_etc = "/usr/tmp/etc"; ./release/sysinstall/installUpgrade.c 296: val = msgGetInput("/usr/tmp", "Please enter the name of a temporary directory containing\n" ./release/sysinstall/media.c 141: variable_set2(VAR_PKG_TMPDIR, "/usr/tmp", 0); ./release/sysinstall/package.c 730: char dumptmp[] = "/usr/tmp/hlfsd.dump.XXXXXX"; ./contrib/amd/hlfsd/homedir.c 539: /* ddtfile is now something like "/usr/tmp/xfer.ddt.XXXXXX" */ ./contrib/bind/bin/named-xfer/named-xfer.c 25: "/usr/tmp", ./contrib/bind/port/freebsd/include/prand_conf.h 125: char *dirs[] = {"/tmp", "/usr/tmp", "/var/tmp", ".", "/", ./contrib/bind/port/prand_conf/prand_conf.c 121: /* Try /usr/tmp, then /tmp. */ 167: /* Try /usr/tmp, then /tmp. */ ./contrib/binutils/libiberty/choose-temp.c 7:#define P_tmpdir "/usr/tmp" ./contrib/binutils/libiberty/tmpnam.c 5092: if (access ("/usr/tmp", R_OK | W_OK) == 0) 5093: base = "/usr/tmp/"; ./contrib/gcc/config/mips/mips.c 123: /* Try /usr/tmp even though it usually doesn't exist on FreeBSD. */ 170: /* Try /usr/tmp even though it usually doesn't exist on FreeBSD. */ ./contrib/gcc/choose-temp.c 1709: otherwise, in /usr/tmp or /tmp; ./contrib/gcc/gcc.c 50: sprintf(arena_name, "/usr/tmp/objc_%05u", (unsigned)getpid()); ./contrib/libobjc/thr-irix.c 24:#define _PATH_MROUTED_DUMP "/usr/tmp/mrouted.dump" 25:#define _PATH_MROUTED_CACHE "/usr/tmp/mrouted.cache" ./usr.sbin/mrouted/pathnames.h 60: else if ((stat("/usr/tmp", &sb) == SUCCESS || mkdir("/usr/tmp", 01777) == SUCCESS) && min_free("/usr/tmp") >= sz) 61: strcpy(pen, "/usr/tmp/instmp.XXXXXX"); ./usr.sbin/pkg_install/lib/pen.c 70: * /usr/tmp/zoo 5 tmp/zoo ./usr.bin/locate/code/locate.code.c 290: (void) remove ("/usr/tmp/tstuu/spool1/core"); 291: (void) remove ("/usr/tmp/tstuu/spool2/core"); 333: e = fopen ("/usr/tmp/tstuu/pty1", "w"); 353: e = fopen ("/usr/tmp/tstuu/pty2", "w"); 426: e = fopen ("/usr/tmp/tstuu/pty1", "w"); 444: e = fopen ("/usr/tmp/tstuu/pty2", "w"); 524: (void) execl ("uucico", "uucico", "-I", "/usr/tmp/tstuu/Config1", 570: (void) execl ("uucico", "uucico", "-I", "/usr/tmp/tstuu/Config2", 712: if (access ("/usr/tmp/tstuu/spool1/core", R_OK) == 0) 714: if (access ("/usr/tmp/tstuu/spool2/core", R_OK) == 0) 854:/* We must make /usr/tmp/tstuu world writeable or we won't be able to 862: if (mkdir ((char *) "/usr/tmp/tstuu", 870: if (mkdir ((char *) "/usr/tmp/tstuu/spool1", IPUBLIC_DIRECTORY_MODE) != 0 877: if (mkdir ((char *) "/usr/tmp/tstuu/spool2", IPUBLIC_DIRECTORY_MODE) != 0 886: e = xfopen ("/usr/tmp/tstuu/Config1", "w"); 890: fprintf (e, "spool /usr/tmp/tstuu/spool1\n"); 891: fprintf (e, "lockdir /usr/tmp/tstuu/spool1\n"); 892: fprintf (e, "sysfile /usr/tmp/tstuu/System1\n"); 893: fprintf (e, "sysfile /usr/tmp/tstuu/System1.2\n"); 894: fprintf (e, "portfile /usr/tmp/tstuu/Port1\n"); 895: (void) remove ("/usr/tmp/tstuu/Log1"); 897: fprintf (e, "logfile /usr/tmp/tstuu/Log1\n"); 899: fprintf (e, "%s\n", "logfile /usr/tmp/tstuu/Log1/%s/%s"); 901: fprintf (e, "statfile /usr/tmp/tstuu/Stats1\n"); 902: fprintf (e, "debugfile /usr/tmp/tstuu/Debug1\n"); 903: fprintf (e, "callfile /usr/tmp/tstuu/Call1\n"); 904: fprintf (e, "pubdir /usr/tmp/tstuu\n"); 916: e = xfopen ("/usr/tmp/tstuu/System1", "w"); 923: e = xfopen ("/usr/tmp/tstuu/System1.2", "w"); 934: eprog = xfopen ("/usr/tmp/tstuu/Chat1", "w"); 945: if (chmod ("/usr/tmp/tstuu/Chat1", 948: perror ("chmod (/usr/tmp/tstuu/Chat1)"); 952: fprintf (e, "chat-program /usr/tmp/tstuu/Chat1 \\P \\S\n"); 974: e = xfopen ("/usr/tmp/tstuu/Port1", "w"); 981: e = xfopen ("/usr/tmp/tstuu/Call1", "w"); 992: e = xfopen ("/usr/tmp/tstuu/Config2", "w"); 996: fprintf (e, "spool /usr/tmp/tstuu/spool2\n"); 997: fprintf (e, "lockdir /usr/tmp/tstuu/spool2\n"); 998: fprintf (e, "sysfile /usr/tmp/tstuu/System2\n"); 999: (void) remove ("/usr/tmp/tstuu/Log2"); 1001: fprintf (e, "logfile /usr/tmp/tstuu/Log2\n"); 1003: fprintf (e, "%s\n", "logfile /usr/tmp/tstuu/Log2/%s/%s"); 1005: fprintf (e, "statfile /usr/tmp/tstuu/Stats2\n"); 1006: fprintf (e, "debugfile /usr/tmp/tstuu/Debug2\n"); 1007: fprintf (e, "passwdfile /usr/tmp/tstuu/Pass2\n"); 1008: fprintf (e, "pubdir /usr/tmp/tstuu\n"); 1020: e = xfopen ("/usr/tmp/tstuu/System2", "w"); 1030: eprog = xfopen ("/usr/tmp/tstuu/Chat2", "w"); 1038: if (chmod ("/usr/tmp/tstuu/Chat2", 1041: perror ("chmod (/usr/tmp/tstuu/Chat2"); 1045: fprintf (e, "called-chat-program /bin/sh /usr/tmp/tstuu/Chat2 \\Y\n"); 1050: e = xfopen ("/usr/tmp/tstuu/Pass2", "w"); 1059: zuucp1 = "./uucp -I /usr/tmp/tstuu/Config1 -r"; 1060: zuux1 = "./uux -I /usr/tmp/tstuu/Config1 -r"; 1069: zuucp2 = "./uucp -I /usr/tmp/tstuu/Config2 -r"; 1070: zuux2 = "./uux -I /usr/tmp/tstuu/Config2 -r"; 1076: zfrom = "/usr/tmp/tstuu/from1"; 1080: zto = "/usr/tmp/tstuu/to1"; 1095: zfrom = "/usr/tmp/tstuu/from2"; 1096: zto = "/usr/tmp/tstuu/to2"; 1111: zfrom = "/usr/tmp/tstuu/from3"; 1112: zto = "/usr/tmp/tstuu/to3"; 1124: zfrom = "/usr/tmp/tstuu/from4"; 1128: zto = "/usr/tmp/tstuu/to4"; 1140: zfrom = "/usr/tmp/tstuu/from5"; 1144: zto = "/usr/tmp/tstuu/to5"; 1166: zfrom = "/usr/tmp/tstuu/spool2/to6\\*"; 1167: zfrom1 = "/usr/tmp/tstuu/spool2/to6.1"; 1168: zfrom2 = "/usr/tmp/tstuu/spool2/to6.2"; 1173: (void) remove ("/usr/tmp/tstuu/to6.1"); 1174: (void) remove ("/usr/tmp/tstuu/to6.2"); 1176: sprintf (ab, "%s %s!%s /usr/tmp/tstuu", zuucp1, zsys, zfrom); 1193: zto = "/usr/tmp/tstuu"; 1194: zto1 = "/usr/tmp/tstuu/to7.1"; 1195: zto2 = "/usr/tmp/tstuu/to7.2"; 1198: umake_file ("/usr/tmp/tstuu/spool1/to7.1", 150); 1199: umake_file ("/usr/tmp/tstuu/spool1/to7.2", 155); 1203: sprintf (ab, "%s test1!/usr/tmp/tstuu/spool1/to7.\\* %s", zuucp2, 1211: umake_file ("/usr/tmp/tstuu/from8", 30); 1212: sprintf (ab, "%s - test2!cat < /usr/tmp/tstuu/from8", zuux1); 1229: ucheck_file ("/usr/tmp/tstuu/to1", "test 1", 0); 1233: ucheck_file ("/usr/tmp/tstuu/to2", "test 2", 3); 1236: ucheck_file ("/usr/tmp/tstuu/to3", "test 3", 5); 1243: ucheck_file ("/usr/tmp/tstuu/to4", "test 4", 7); 1248: ucheck_file ("/usr/tmp/tstuu/to6.1", "test 6.1", 100); 1249: ucheck_file ("/usr/tmp/tstuu/to6.2", "test 6.2", 101); 1263: zto1 = "/usr/tmp/tstuu/to7.1"; 1264: zto2 = "/usr/tmp/tstuu/to7.2"; ./gnu/libexec/uucp/tstuu.c 363:#define L_tmpnam 32 /* power of 2 > sizeof("/usr/tmp/xxxxxxxxxxxxxxx") */ ./gnu/usr.bin/rcs/lib/conf.h ------------ Soudn't all this bee axed or better changed to use of standard library functions and eventually additional environment variables ? Milon -- milon.papezik@oskarmobil.cz -----Original Message----- From: Kris Kennaway [mailto:kris@obsecurity.org] Sent: Saturday, February 23, 2002 12:27 AM To: Kris Kennaway Cc: Milon Papezík; 'Matthew Dillon'; 'freebsd-security@freebsd.org' Subject: Re: RE: Third /tmp location ? On Fri, Feb 22, 2002 at 03:25:29PM -0800, Kris Kennaway wrote: > On Sat, Feb 23, 2002 at 12:13:55AM +0100, Milon Papezík wrote: > > Hi, > > > > I simply installed 4.5R from ISO image with separate /, /usr, /var and > > /home. > > > > After some configuration I run automated security check (script) > > and it reported 3rd world writable directory /usr/tmp. > > That was quite a surprise to me, especially with respect > > to the debate over it some time ago on this list. > > Hmm.. there are faint bells ringing in my head somewhere which are > telling me it might be something to do with pkg_add: I think I've seen > this once or twice before, but it didn't bother me enough to track it > down. It's pretty likely I'm just randomly associating but if anyone > is looking into this it might be something to check. Well, 10 seconds in the code shows this: /* Find a good place to play. */ static char * find_play_pen(char *pen, off_t sz) { char *cp; struct stat sb; if (pen[0] && isdir(dirname(pen)) == TRUE && (min_free(dirname(pen)) >= sz)) return pen; else if ((cp = getenv("PKG_TMPDIR")) != NULL && stat(cp, &sb) != FAIL && (min_free(cp) >= sz)) sprintf(pen, "%s/instmp.XXXXXX", cp); else if ((cp = getenv("TMPDIR")) != NULL && stat(cp, &sb) != FAIL && (min_free(cp) >= sz)) sprintf(pen, "%s/instmp.XXXXXX", cp); else if (stat("/var/tmp", &sb) != FAIL && min_free("/var/tmp") >= sz) strcpy(pen, "/var/tmp/instmp.XXXXXX"); else if (stat("/tmp", &sb) != FAIL && min_free("/tmp") >= sz) strcpy(pen, "/tmp/instmp.XXXXXX"); else if ((stat("/usr/tmp", &sb) == SUCCESS || mkdir("/usr/tmp", 01777) == SUCCESS) && min_free ("/usr/tmp") >= sz) strcpy(pen, "/usr/tmp/instmp.XXXXXX"); else { cleanup(0); errx(2, __FUNCTION__ ": can't find enough temporary space to extract the files, please set your\n" "PKG_TMPDIR environment variable to a location with at least %ld bytes\n" "free", (long)sz); return NULL; } return pen; } If /var/tmp and /tmp aren't big enough to extract the package it creates /usr/tmp and uses it. Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Feb 22 18:18:37 2002 Delivered-To: freebsd-security@freebsd.org Received: from obsecurity.dyndns.org (adsl-64-169-107-10.dsl.lsan03.pacbell.net [64.169.107.10]) by hub.freebsd.org (Postfix) with ESMTP id E445137B41A for ; Fri, 22 Feb 2002 18:18:31 -0800 (PST) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 769A566C32; Fri, 22 Feb 2002 18:18:31 -0800 (PST) Date: Fri, 22 Feb 2002 18:18:31 -0800 From: Kris Kennaway To: =?iso-8859-1?Q?Milon_Papez=EDk?= Cc: 'Kris Kennaway' , 'Matthew Dillon' , "'freebsd-security@freebsd.org'" Subject: Re: RE: Third /tmp location ? Message-ID: <20020222181831.B17981@xor.obsecurity.org> References: Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="envbJBWh7q8WU6mo" Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: ; from Milon.Papezik@oskarmobil.cz on Sat, Feb 23, 2002 at 02:31:42AM +0100 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --envbJBWh7q8WU6mo Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Feb 23, 2002 at 02:31:42AM +0100, Milon Papez=EDk wrote: > Hi, >=20 > I think that no utility shall create world writable directories on the fl= y. > It shall report an error and probably point out that environment variable > can be set. >=20 > Also there seems to be too many places where hardcoded use of '/usr/tmp' = is > attempted: Well, certainly utilities shouldn't be creating the directory on the fly but I don't see any major problems with using it as a fallback if it exists, since if it's there then it's a valid directory to use for temporary files. However, everything which uses a temporary directory should respect the canonical TMPDIR environment variable to allow the location to be user-specified. There are probably quite a few places which don't do this. This isn't really a security issue though, and should be taken to one of the code discussion lists if you want to take it further. Kris --envbJBWh7q8WU6mo Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8dvv2Wry0BWjoQKURAulKAJ9q/FEp6SX2GRG4I2i2bH4rb3XtxgCfYHDl PMreddCneT6SIsfg6fE6bVs= =MgcM -----END PGP SIGNATURE----- --envbJBWh7q8WU6mo-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Feb 22 18:27:43 2002 Delivered-To: freebsd-security@freebsd.org Received: from intense.net (server.intense.net [199.217.236.1]) by hub.freebsd.org (Postfix) with ESMTP id 27ECE37B400 for ; Fri, 22 Feb 2002 18:27:35 -0800 (PST) Received: from bob ([209.248.134.245]) by intense.net (8.8.8/8.8.8) with SMTP id UAA64702; Fri, 22 Feb 2002 20:27:28 -0600 (CST) Message-ID: <023101c1bc11$ddc49b40$6c01a8c0@mpcsecurity.com> From: "Robert Herrold" To: "Kris Kennaway" , "Milon Papezík" Cc: "'Kris Kennaway'" , "'Matthew Dillon'" , "'freebsd-security@freebsd.org'" References: <20020222181831.B17981@xor.obsecurity.org> Subject: Re: RE: Third /tmp location ? Date: Fri, 22 Feb 2002 20:29:06 -0600 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ----- Original Message ----- From: "Kris Kennaway" To: "Milon Papezík" Cc: "'Kris Kennaway'" ; "'Matthew Dillon'" ; "'freebsd-security@freebsd.org'" Sent: Friday, February 22, 2002 8:18 PM Subject: Re: RE: Third /tmp location ? This isn't really a security issue though, and should be taken to one of the code discussion lists if you want to take it further. Kris I disagree. This world writable tmp directory is vanilla with a fresh install. I don't think this is something to take lightly at all. Robert Herrold Senior Network Engineer Metropark Communications INC 10405 Baur Blvd Suite A St Louis MO 63132 314-439-1900 voice 314-439-1313 fax http://www.metropark.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri Feb 22 20:24:27 2002 Delivered-To: freebsd-security@freebsd.org Received: from obsecurity.dyndns.org (adsl-64-169-107-10.dsl.lsan03.pacbell.net [64.169.107.10]) by hub.freebsd.org (Postfix) with ESMTP id D9ADA37B404 for ; Fri, 22 Feb 2002 20:24:23 -0800 (PST) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 5969566C32; Fri, 22 Feb 2002 20:24:23 -0800 (PST) Date: Fri, 22 Feb 2002 20:24:23 -0800 From: Kris Kennaway To: Robert Herrold Cc: Kris Kennaway , =?iso-8859-1?Q?Milon_Papez=EDk?= , 'Matthew Dillon' , "'freebsd-security@freebsd.org'" Subject: Re: RE: Third /tmp location ? Message-ID: <20020222202422.A19056@xor.obsecurity.org> References: <20020222181831.B17981@xor.obsecurity.org> <023101c1bc11$ddc49b40$6c01a8c0@mpcsecurity.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="k1lZvvs/B4yU6o8G" Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <023101c1bc11$ddc49b40$6c01a8c0@mpcsecurity.com>; from bobber@intense.net on Fri, Feb 22, 2002 at 08:29:06PM -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --k1lZvvs/B4yU6o8G Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Feb 22, 2002 at 08:29:06PM -0600, Robert Herrold wrote: > This isn't really a security issue though, and should be taken to one > of the code discussion lists if you want to take it further. >=20 > Kris >=20 > I disagree. This world writable tmp directory is vanilla with a fresh > install. I don't think this is something to take lightly at all. I was referring to the email I was immediately responding to, regarding fixing /tmp usage in other applications in the tree. Regarding the mkdir() in pkg_add, one should be careful in just removing it, because the default /tmp and /var/tmp directories are probably not large enough to be able to install huge packages like e.g. tetex, because pkg_add unpacks the package in the temporary directory before installing. We have a number of packages which are over 100MB in size, compressed, and if you don't have a temporary directory available with enough space, installation from sysinstall will fail. Kris --k1lZvvs/B4yU6o8G Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8dxl2Wry0BWjoQKURAhLQAJ0WNs9I+bT2AX2jIZVd7TecMx6VzwCglC2X gCmYeg3BUAlt4Dhps0soj5Q= =Q06l -----END PGP SIGNATURE----- --k1lZvvs/B4yU6o8G-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Feb 23 4:39:30 2002 Delivered-To: freebsd-security@freebsd.org Received: from lyris.bestnet.net (lyris.bestnet.net [216.15.129.82]) by hub.freebsd.org (Postfix) with SMTP id D8E6A37B417 for ; Sat, 23 Feb 2002 04:37:51 -0800 (PST) X-Mailer: Lyris Web Interface Date: Sat, 23 Feb 2002 04:47:33 -0600 Subject: Three Free Psychology/Self-Improvement Software Downloads To: "mindmedia" From: "bruce@mindmedia.com" List-Unsubscribe: Reply-To: "mindmedia" Message-Id: Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org MIND MEDIA REVIEW No.43 Introductory Edition Edited by Mead Rose Copy Editor: Will Penna ****************************************************************** When you think about self-improvement, think Mind Media! To visit our site, tune your favorite web browser to: http://www.mindmedia.com ****************************************************************** IN THIS SPECIAL ISSUE! ++ WELCOME TO MIND MEDIA -- HOME OF PERSONAL DEVELOPMENT ON THE WEB by Bruce Ehrlich, Founder of the Mindware Catalog ++ THREE FREE SOFTWARE DOWNLOADS YOU THAT WILL CHANGE YOUR LIFE -- DOWNLOAD SITES BELOW ++ FIVE SOFTWARE DOWNLOAD WEB SITES WORTH HAVING ON YOUR HARD DRIVE by Bruce Eisner ++ FIVE MINDWARE ONLINE APPLICATIONS YOU CAN VISIT TODAY by Bruce Eisner ++ FIVE FAVORITE MIND MEDIA PRODUCTS by the Mind Media Staff +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+-+--+--+--+--+--+--+ WELCOME TO MIND MEDIA -- HOME OF PERSONAL DEVELOPMENT ON THE WEB by Bruce Ehrlich, Founder of the Mindware Catalog This is a special issue of the Mindware Review. The Mindware Review is one of the longest running Internet newsletters -- having sent out its first issue to subscribers in early 1995. The publication is written by the Mind Media staff and is sent to a subscriber list which has now grown to over 100,000. I am sending it to you because you visited Mind Media Life-Enhancment Network so I know you are interested in what I call Mindware. Please excuse me if I sent it to you in error, Mind Media Review is about "Mindware" -- a term I coined back in 1988 to describe software that I had been collecting while I was finishing my doctorate in P.M. Actually, just when I was going to write my dissertation, I decided to start a small "side-business" called the Mindware catalog. The 32 page color catalog grew from a circulation of 5000 for issue mailed out in the spring of '88 to 500,000 mailed in the summer of 1994 -- our last issue. In a strange twist, the first issue of the Mindware catalog was called The Mindware Review -- which was the hot idea of a marketing company I had hired to put out the first issue. When I found out I could print 50,000 catalogs for about twice as much as 5,000, I left that company and found a local designer named Scott Sandow who was a great layout artist but an also had been in business and marketing his entire life. As someone who had come from Grad School (I didn't know the difference between an invoice and a purchase order), I was glad to have him spend hours with me figuring out what this mindware thing was all about and who would be interested in using it. This is an excerpt from the "Letter from the President" from that second Mindware catalog. "Welcome to Mindware! An extra dimension has been added to your personal computer with the arrival of a new genre of software we call mind appliances. These mind appliances cover many areas but share a common purpose: the enhancement of human intelligence in all its aspects - - and so our name became,"Mindware." Mindware was conceived and created to be more than a business in the normal sense. We sincerely believe that anyone can benefit from this new relationship between computers and the mind! By the time we had grown to half a million catalogs, we were the first catalog to have sold a CD-ROM drive along with CD-ROMs to play in them and also the first to sell voice recognition software. In a sense, we were kind of a "Sharper Image" of computer software as well as a self- improvement catalog. One half-million catalogs costs a lot to mail. Our post office bill was so large, I thought we should be given red carpet treatment at the post office -- but we had to stand in line like everyone else. Our team at Mindware was always dreaming of starting something like America Online or even to be given a section of AOL or than equally prominent CompuServe in order to replace or at least supplement the catalog. My main assistant at the time,Thad Atkins had a couple of friends who were starting a company to do catalogs on something called the World Wide Web. When I ordered an ISDN line and started browsing, I was sure that this was where I wanted real estate. So as the web began to become more than just a place for scientists, we were one of the earliest online. Our first web site was at mindware.com but we decided to create a larger site called the Mind Media Life- Enhancement Network so that we could feature more than just the Mindware Catalog Online. In 1995, we stopped printing catalogs and went entirely online. The same year, I came out with the first email edition of the Mindware Review. At the time there were only about a hundred online newsletters and so were actually read and even enjoyed (I got a lot of email asking questions when I wrote something which is how I know). But by the end of the decade, the Internet revolution occurred -- which actually made it more difficult for us in many ways. All of the good programmers and web artists were suddenly working for large corporations that formerly only had stores and advertised on TV. Search engines were selling ranking -- and we didn't have the money to pay. From less than twenty online catalogs that were around when we started, now there were 200,000. Many of them started what became known as the "dot comers" -- people who had made money in other businesses and now were getting Venture Capital which allowed them to out spend us by huge factors. Perhaps the one of the strangest stories of my twelve years in the computer human potential business was an event that took place in the fall of 1999. It was right in the middle of the Internet boom -- when you drove through Silicon Valley and saw billboards from VC companies. A woman called me. She told me that she had an online art gallery but that her first love was personal development -- the kind of products and services that we provide. She then told me she represented someone in the "self-help" field whose name I would instantly recognize. He had acquired a publicly traded shell (a stock in which the company no longer exists but which is still listed on a stock exchange -- a fast way of raising public money is to buy one of these "shells" and put your company and a few others together into it.). She was looking for a few good personal development sites which you could join together under this self-improvement figure. At one point, she had me on the line with a gentleman who asked me what my gross sales were. He had seen my business plan, which is posted on our web site and mistakenly took our projections based on one million dollars investment as our current earnings. When he found out we weren't making the projected figure, he hurriedly got off the phone. Who was the mysterious man? A few months afterward, Anthony Robbins launched his high-profile web site -- Dreamlife.com. And here is an excerpt from a January 10, 2000 Newsweek Magazine (International Edition) -- http://www.rickross.com/reference/general/general162.html -- article: "This much is clear: if success is the goal, the gurus have found it. Anthony Robbins leads the pack. Of all the gurus, he's most focused on the Net. Last summer Robbins took control of a publicly traded shell company whose stock cost just pennies a share and announced plans to build a self- improvement Web site, Dreamlife.com. The site still isn't operational, but investors don't seem to mind. Last week its stock stood at $16 a share, putting Robbins's stake at more than $300 million." Well Robbins site was slick and "did everything right" -- from personalized membership to an online interactive tutorial which identified the parts of life that needed improvement, complete with Tony Robbins voice and picture to guide you. I joined the site and was bombarded with Newsletters on a daily basis. Now in one of the business plans I wrote, before the Internet became so fashionable -- I suggested that Mind Media approach individuals such a Robbins, Deepak Chopra Stephen Covey. In "The 7 Habits of Highly Effective People, and John Gray, the former Hindu monk from right here in Mind Media Country, Santa Cruz, California -- who wrote "Men Are From Mars, Women Are From Venus," with the idea of Mind Media using its expertise to give them a web presence. So when the VC money flowed like wine and all of the big guys jumped aboard, little Mind Media remained pretty much a slowly evolving web organism as it always had been. Well in mid-2001, a year after its launch, Dreamlife.com was dead. And Mind Media is still here.. Back in 1990, one of the software publishers I featured on in the Mindware Catalog, Bert Shaw, sent me this quotation which still hands on my bulletin board. "Nothing in this world can take the place of persistence. Talent will not; nothing is more common than unsuccessful men with talent. Genius will not; unrewarded genius is almost a proconservation alone will not; the world is full of educated derelicts." The saying had nobody it was attributed to, so I decided to look it up on the web as I was wring this, I found out it was said by good old "Silent" Calvin Coolidge himself, so I thought about taking it down since he doesn't have much of a reputation] as he had articulated an idea missed by many in the trendy self- improvement arena. So this special issue is dedicated to the future of what I called Mindware back in 1988. Its come a long way. In this issue, I'll start with three free programs we give away on our site. Then I'm going to take sections of two previous issues to introduce you to five great downloads on the Web (not on our site) and five of the best of the online applications And finally I'll put in a plug for five of my favorite Mind Media Products. So I'm still carrying the torch Mindware. My dream is to make our West into a portal dedicated to the use of computers as mind appliances -- for individual success and personal development and the enhancement of the diverse aspects of human intelligence. How is that for perseverance? +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+-+--+--+--+--+--+--+ THREE FREE SOFTWARE DOWNLOADS YOU THAT MAY CHANGE YOUR LIFE Here are three free software give-always from mind media They all can be found on our "Specials Page" http://www.mindmedia.com/specials.html. 1) The first is the ever-popular Mindviewer -- a very close follow up to the original Mind Prober which was published in the mid-1980's: MINDVIEWER GIVES YOU X-RAY VISION INTO ANYONE'S HIDDEN PERSONALITY AND PRIVATE FANTASIES "Gain the advantage in personal and business relationships Reveals the secrets of winning people's trust Developed by an eminent team of psychologists "I was impressed by the reports it produced. In fact, I thought it pegged me pretty darn close to how I perceive myself. After showing the reports to a couple of close (and I mean close) friends, they agreed with Mindviewer's analysis completely. Of course I clipped out the section "Top Secret Sex Fantasies." -- Ron Albright, Computer Shopper Uncover anyone's hidden personality with the best-selling self- improvement program of all time. After using Mindviewer, you will feel like you have x- ray vision into parts of people that normally they can keep hidden. People hide behind masks. With Mindviewer, you gain accurate insight into the true nature of your friends, family, employees, associates. Find out what makes them tick, what gets them angry-- even how to shape their behavior. Developed by Drs. James and Kathy Johnson, a renowned husband/wife psychologist team, the program is both entertaining and enlightening. And its analysis hits home in a big way. Using the program is simple, yet the complex psychometric equations taken from personality psychology make the program uncannily accurate. Mindviewer asks you a series of multiple- choice questions about yourself or someone you wish to know better. Then you get a detailed profile of your subject, which can be viewed on the screen or printed as a detailed 3-5 page report custom-generated from the results. Run Mindviewer on your best friends and see if you get some new angle on them. Run Mindviewer on your boss for advice on important matters like how to get that raise or next promotion. Or try the program on your spouse or lover to reveal some hidden fantasies that just might warm up your relationship. You'll have fun finding out what Mindviewer can do for you! A free download at download at http://www.mindmedia.com/mv.com 2) Another of our featured downloads is called Brainworks and it helps you determine which hemisphere of the brain you use --left or right or perhaps a bit of both. WHAT BRAIN HEMISPHERE DO YOU PREFER? ARE YOU MORE VISUAL OR AUDITORY? DISCOVER YOUR PERSONALITY STYLE Do you know whether you prefer your left hemisphere or your right hemisphere? When you think, do you think visually or in sounds? The answer to these two key questions can unlock important secrets to your personality. Secrets, which can give help you to become more successful and effective in everything that you do. Mind Media Life Enhancement Network is pleased to give you, for a limited time, Brain Works, a simple to use software program which answer the two questions we asked at the beginning, and then give you much more. You'll get a complete report which you can read on screen or print, how your unique preferences for right or left hemisphere and for visual or auditory thinking styles make up your unique personality style. But more important, you'll get guidance and important tips on how you can be more effective in your learning, in relating to others and in achieving your goals with maximum success. When you download Brain Works, you get a free subscription to Mind Media Review Newsletter with information on the cutting edge software, CD-ROMs and new technologies in computers and the mind. Back issues of this important publication are available on our site. The questionnaire is visual, short and fun. And you never get the same set of questions twice. The report invaluable! Print it out and keep it for future reverence. For a limited time only, Mind Media Life Enhancement Network presents Brain Work, a revealing mind revealing software program absolutely FREE! Download it now at http://www.mindmedia.com/brain.html The last is called IQ Smarts and it gives you four IQ scores instead of one and helps you build your IQ by several points -- up to 15 says the publishers. TURBOCHARGE YOUR BRAIN WITH IQ SMARTS MEASURE YOUR IQ - THEN RAISE IT DRAMATICALLY RAISE YOUR IQ BY 15 POINTS OR MORE Discover your hidden strengths At last, here is a computer program that can not only measures your IQ, and whether you are left or right brained-- it actually raises your IQ. And it will raise it not just a tiny amount but to a dimension that you never dreamed possible. From the psychological and programming genius of Dr. James Johnson -- founder of the pioneer Human Edge Software -- comes IQ SMARTS, dramatic new advance intelligence. The software is based on major breakthroughs in the brain sciences. You?ll get exercises specially designed to develop your brain the same way aerobics, Nautilus, and other fitness programs have given us the ability to develop our body. Until now, these exercises have been available only from professionals with programs costing many thousands of dollars. Now these life- changing exercises are available with IQ SMARTS. IQ SMARTS begins by measuring all aspects of your intelligence through a short test. In the multi-page report you print out, you are told: Your overall IQ score Your "common sense" intelligence IQ score Your "book smarts" intelligence IQ Your "thinking creativity" intelligence score After explaining exactly what these scores mean, the program tells you exactly where you are strongest and targets weaknesses for improvement. IQ SMARTS explains what these strengths and weaknesses mean for your everyday life. Then, you are given a personalized training program that includes exercises, skills and procedures that are specific to your unique makeup and that are guaranteed to improve your ability to think and be creative. The user interface friendly and easy to use and you?ll be building brain cells in minutes after running the program. With this remarkable program, you can actually raise your intelligence by 15 points or more in as little as three weeks. This increase can mean the difference between success and failure in many careers and can lead a better and richer life. Download Spot http://www.mindmedia.com/iqsmart.html +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+-+--+--+--+--+--+-- FIVE SOFTWARE DOWNLOAD WEB SITES WORTH HAVING ON YOUR HARD DRIVE If you're at all like me, you love to download and try new software. However as you might have discovered, you only really find a few programs that you continue using and want to keep on your hard drive. Today, I'm going to show some of the programs that I kept on my computer. In addition to being winners, I have tried to choose programs from a variety of different sub-categories of the genre that I call "mindware." They are all worth a download. 1. http://www.goalpro.com/index.cfm?ID=50571 The people who publish GoalPro 5.0 calls it "The most effective success- management application available" and the funny thing is -- they may be right! I've been working on a special feature article covering my personal search trying to find the perfect program or combination of programs to accomplish the increasingly difficult task of managing my personal information. And GoalPro software in tandem with Microsoft Outlook is the combo that I use. But you don't have to use GoalPro on a PC. The people at GoalPro have kept up with the state-of-the-art and are offering GoalPro with most of its features intact as an on-line application. So Macintosh and Linux users as well as anyone who has access to the web can begin using GoalPro right now. What does the program do? Well it's hard to describe all of what it does briefly and so next month this publication will have a feature length review of GoalPro. In summary, it guides you through the process of listing and clarifying your most important life objectives. You a set of concrete goals to reach each of these objectives and also create short term tasks for reaching the objectives and goals. The program not only helps you create your "success tree" of objectives, goals and tasks, it sets up a regular daily and separate weekend routine where you visit these lists and determine how you are doing. This is called Success Coach and it's pretty darn useful. There's even a past-due management system where people who set too many tasks or procrastinate -- - people such as myself -- can evaluate and reschedule missed deadlines. Download a free thirty-day trial -- you might want to keep using it. 2. http://www.store-mindjet.com/affiliate.cfm?aff=PEZEVOBFQNFJ A mind map is a visual representation of the relationship between related ideas. The typical map starts with a central idea, word or concept. Then, around the central word you draw five to ten main ideas that relate to that word. You then take each of those child words and again draw the five to ten main ideas that relate to each of those words until you have an excellent visual model of the idea you are trying to understand or express. MindManager 3.7 is perhaps the best tool for creating mind-maps that has yet been devised, Whether you're trying to solve a problem, prioritize your daily activities, organize multiple projects or make a simple to-do list, MindManager will help. Here's some of the wide range of uses for the program: you can prepare speeches and presentations quickly and easily, plan and track complex tasks and projects, share project information with others, via MindManager's unique Internet conferencing, create web sites and/or site maps using the web site export features, track progress on projects visually, to quickly see how far along you are, organize multiple projects at once, take notes efficiently and easily reorganize them and more. Download a free full-featured demo -- or a smaller version which downloads quicker and try it for 21 days. There are a wealth of resources on-line to help you learn the skill of mapping your mind. So if you want the big picture, he's a place to start drawing it. 3.http://www.brain.com Josh Reynolds's Brain.com focuses on mental performance enhancement with its premier thinkFast software. Now thinkFast is an on-line application and brain.com has become an on-line brain-enhancement community. In 1995,the Global Idea Bank listed my idea of the "mini- mind gym" http://www.globalideasbank.org/BOV/BV-488.HTML. The principle is that by using your brain, you can increase your mental fitness. Mind Media's IQ Builder and thinkFast software featured on brain.com work along these principles. They both give you a variety of mental tests which focus on a spectrum of mental abilities. By increasing the difficulty over trials, you "build mental muscle." Now thinkFast has become an on-line application and added features which take the idea of mental fitness workouts further. thinkFast is the perfect mind-mini gym and allows you to measure and save your improvements on-line. It "works you out" on a wide variety of mental skills. The program even includes your own Personal Tutor who coaches you to greater mental heights. 4. http://www.acal.com Stressmaster by Acel Self-Growth Software is about more than just stress. Modules contained within this ambitious Windows program include: Define Goals, Design Life, Overcome Additions, Change My State of Mind, Calm Anger, Cope with Daily Stress and several more. Some of the modules take you through interactive exercises that help you deal with various problem areas. Each of the modules written output is recorded in a master Self Discovery Journal. This is one of the best of the growing number of programs aimed toward self-therapy, StressMaster is available for a 30-day free trial. 5. http://brainstorming.org/ablemind/index.html ThinkWorld's Ablemind Streaming Idea Generator is the latest in the genre of brainstorming software and works in conjunction with the company's Brainstorming 101 seminar. You can download a demo version of the program, which contains a subset of the program's 87 million idea cards. The idea cards, which the program generates upon demand, consist of three words - a verb adjective and a noun. For example here are a few of the cards I drew: bevel postmodern shirts, lighten leather cans, vibrate instant televisions, These phrases might seem a bit meaningless but they are there to make you think. The company gives a few examples. Pump basketball shoes, they say, would have made people laugh twenty years ago. Now, after tens of millions of basketball shoes sold, people would think the idea pure genius. A few more examples among the millions possible from Able's software: project Celluloid images, navigate electronic documents. Well the arguments pretty convincing that this software can make me money. I'm going to file my patent for a vibrating instant television tomorrow. . +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+-+--+--+--+--+--+-- FIVE MINDWARE ONLINE APPLICATIONS YOU CAN VISIT TODAY by Bruce Eisner The Internet is always issuing new and trendy buzzwords and so you have probably started hearing that the next wave on the Web is online applications. In fact, online applications have arrived and will revolutionize the way that you will use the interactive self- improvement and personal-development tools which is the essence of the meaning of this new genre of Mindware tools. Since the beginning of personal computing, there have always been a number of competing operating systems which you can chose from to run your PC. In the past twenty years CPM, OS/2, the BeOS, the Macintosh, many flavors of UNIX along with several flavors of Windows. It has been a situation akin to the Biblical tower of Babel and so computer users for the most part chose Windows along those "who think different" picking the Mac. And the third most popular desktop operating system, Linux. Many people have chose Windows as an operating system because there are hundreds of times as many applications made for it than for the Mac or Linux or the others. Most computer users have dreamed of a day when it didn't matter what operating system you ran, you could use whatever application you wanted on any computer. Online applications are rapidly making this dream a reality. Online applications are built to work within a computer browser so that the application runs on the web server and any web-enabled computer can use them. In addition to their universality of use, these applications can also be upgraded by system administrator of the web server, virtually eliminating the need to constantly buy and install upgrades to every one of your software applications. Confined at first to a small group of mainstream software applications such as accounting software, utilities, online greeting card generators and the like, online applications are now becoming available for the kind of software that I like to write about. So here are five web online applications worth a visit. I've written about some of them before and their here again because they help broaden the range of possible scope of what you can look at today. Five Self-Improvement Online Applications worth a Visit 1.http://www.living-software.com The first personal development online application I'm going to review is by an Israeli team headed by C.E.O Doron Zzur. The link above is to a beta of the most sophisticated self-therapy tool created for the computer and it runs on any machine you care to try it on! After registering, the program prompts you with the question, "How Do You Feel Today." You answer by writing down what psychologists are fond of calling "your issues" and then you are introduced to four helpers in cartoon form. You can choose any of them and they will converse with you and help you clarify your problem and think about it in different terms. Each of the helpers is a different kind of personality and can give advices, which might even contradict the other very different personality. By then noting changes as they occur, you involve yourself in an ongoing process. This process can lead to improvements in attitude and mood as the brainstorming helps you become familiar with your "issue." And with familiarity comes relief by looking at something you here-to-fore avoided. This is a beta and has some rough edges but the good part is that it is free. Also information collected will help to make this site even better. Eventually Mr. Dzur hopes to turn this into a paid service. He was inspired to go into this line of work by a very significant personal crisis in his life, which occurred after his wife passed away with cancer several years ago. He founded this company to make available to the public ways of quickly responding to stressful life crises. His company has board of consulting psychologists and the site is worth a visit or several. 2. http://app.brain.com/member/join.cfm Josh Reynolds's Brain.com focuses on mental performance enhancement with its premier thinkFast software. Now thinkFast is an online application and brain.com has become an online brain-enhancement community. In 1995,the Global Idea Bank listed my idea of the "mini- mind gym" http://www.globalideasbank.org/BOV/BV-488.html was listed for voting.The basic principle is that by using your brain, you can increase your mental fitness by exersing it, just as you do physical muscles. Mind Media's IQ Builder and thinkFast software featured on brain.com work along these principles. They both give you a variety of mental tests, which focus on a spectrum of mental abilities. By increasing the difficulty over trials, you "build mental muscle." Now thinkFast has become an online application and added features, which take the idea of mental fitness workouts further. ThinkFast is the perfect mind-mini gym and allows you to measure and save your improvements online. It "works you out" on a wide variety of mental skills. The program even includes your own Personal Tutor who coaches you to greater mental heights. 3.http://www.goalpro.com/index.cfm?ID=50571 I've written a lot in June and July about GoalPro - which I consider one of the most helpful software programs I've used to help me organize for success. I'm featuring it here again because you've got to look around the site to find that in addition to the software version, there's an online version of GoalPro you can purchase as a subscription which allows anyone including Mac and Linux users to use this significant program. Here's what I wrote in June: The people who publish GoalPro 5.0 calls it "The most effective success management application available" and the funny thing is - - they may be right! GoalPro software in tandem with Microsoft Outlook is the combo that I use. But you don't have to use GoalPro on a PC. The people at GoalPro have kept up with the state-of-the- art and are offering GoalPro with most of its features intact as an online application. So Macintosh and Linux users as well as anyone who has access to the web can begin using GoalPro right now. What does the program do? Well it's hard to describe all of what it does briefly and so next month this publication will have a feature length review of GoalPro. In short, it guides you through the process of listing and clarifying your most important life objectives. You list a set of concrete goals to reach each of these objectives and also create short term tasks for reaching the objectives and goals. The program not only helps you create your "success tree" of objectives, goals and tasks, it sets up a regular daily and separate weekend routine where you visit these lists and determine how you are doing. This is called Success Coach and it's pretty darn useful. There's even a past-due management system where people who set too many tasks or procrastinate can evaluate and reschedule missed deadlines. Download a free thirty-day trial - - you might want to keep using it -- I did. 4. http://www.timecontrol.cc Panella Strategies: Success-Centered Time Management Power and Power Marketing Principles is not an exactly an online application but I put it here because it relies on the multimedia capabilities of the web to deliver an extensive library of time management principles developed by Vince Panella. During the past 18 years, his profit and time-building programs have influenced thousands of companies and tens of thousands of people in 25 countries around the world. The application- like section is called the Time Control Room and it has series of modules which take several days to learn (Panella finds that most people who take other time management courses don't learn anything because they are presented two quickly so they are forgotten just as quickly. Real Audio lectures by Vince Panella are supplemented by written materials available for download and the program together works very well. The cost is $20 per month but readers of this column can email mailto:psi@accelernet.net and get yearlong subscription for only $49.95 if you mention that Robert Galpren, Editor-In-Cheif from the Mind Media review sent you. 5.http://www.ansir.com -- Ashir.com is more than a web site, it is one premier example of Mindware online app. Ashir.com starts with a personality test which uses a unique system called the Ansir Style of Relating. You take the test after registering and are rated on 14 different personality attributes. Here is what they say about their test. "Discover your Self- truth and potential! It's free, challenging, and enlightening! But be warned, this serious test has 2,744 possible combinations and is ranked-by participants and Members alike-among the toughest and most accurate on the Web. Self-honesty is key. Read Profile Briefs first, then learn much, much more with Profiles In Depth absolutely free! Once you take the test, you are presented with a unique perspective on yourself and also become part of the Asir community. It is fun, fascinating and most of all - worth a visit. +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+-+--+--+--+--+--+-- FIVE FAVORITE MIND MEDIA PRODUCTS by the Mind Media Staff Here are the most popular Mind Media products of all time favorite from actual sales figures. 1) Most often on the order list -- our Top Twenty Software Programs from the Famous Mindware Catalog http://www.mindmedia.com/catalog/pub/bundles.html 2) For those of you who want the highest quality Mindware CD-ROM based mental tests -- Be Sure to Get the Superstar Suite! Five multimedia tests originally published] by Virtual Knowledge, Inc available at http://www.mindmedia.com/customer3.html 3) Always Popular -- Mind Prober 3.0 at http://wwww.mindmedia.com/probind.html came in third 4) The State-of-the-Art CD-ROM by Psychologist Sam Keen --Your Mythic Journey http://www.mindmedia.com/mythicj.html 5) Five Multimedia CD-ROMs for Personal and Professional Success -- Full Interactive Video Courses on a Disk! Titles: Manage Time, Organize For Success, Manage Stress, Attitude for Success and Communicate! http://www.mindmedia.com/catalog/pub/cdrom.html +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ Digital River -- the world's largest electronic download company has taken over administration of our electronic download catalog. This means that you get their 30 money back guarantee and their technical support staff is on call 24/7 to insure that if you pay for your download you get your download. Just go to http://www.digitalriver.com/dr/v2/ec_Main.Entry?SP=10007&SID=30169 &CID=0 We hope you enjoy the work our staff has done to enrich the product descriptions of the programs you can download there include Mind Prober 3.0 and our Top Ten Windows Best-Sellers -. . .-- ... --- ..-. - .... . .-- .. .-. . -.. Mind Media, Inc. 849 Almar Ave. Suite C-125 Santa Cruz, CA 95060 You can order securely on our web site or Call toll free during weekdays at 1-800-818-9445 Or Internationally:1+831+4260762 Or FAX 1+831+426-8519 +--+--+--+--+--+--+--+--+--+--+--+--+--+--+ Thank you for reading and stay tuned for more! For comments or contributions, send e-mail to Mead Rose mailto:web@mindmedia.com Copyright 2002, Mind Media, Inc. -. . .-- ... --- ..-. - .... . .-- .. .-. . -.. --- You are currently subscribed to mindmedia as: freebsd-security@freebsd.org To unsubscribe send a blank email to leave-mindmedia-473503X@lyris.bestnet.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Feb 23 8: 2: 9 2002 Delivered-To: freebsd-security@freebsd.org Received: from bilver.wjv.com (spdsl-033.wanlogistics.net [63.209.115.33]) by hub.freebsd.org (Postfix) with ESMTP id CB8AD37B400 for ; Sat, 23 Feb 2002 08:02:05 -0800 (PST) Received: (from bv@localhost) by bilver.wjv.com (8.11.6/8.11.6) id g1NG20O59466 for security@FreeBSD.ORG; Sat, 23 Feb 2002 11:02:00 -0500 (EST) (envelope-from bv) Date: Sat, 23 Feb 2002 11:01:59 -0500 From: Bill Vermillion To: security@FreeBSD.ORG Subject: Re: Re: Third /tmp location ? Message-ID: <20020223160159.GA59042@wjv.com> Reply-To: bv@wjv.com References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.25i Organization: W.J.Vermillion / Orlando - Winter Park Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > Date: Sat, 23 Feb 2002 00:13:55 +0100 > From: =?ISO-8859-2?Q?Milo=F2_Pape=BE=EDk?= > Subject: RE: RE: Third /tmp location ? > I simply installed 4.5R from ISO image with separate /, /usr, /var and > /home. > After some configuration I run automated security check (script) > and it reported 3rd world writable directory /usr/tmp. > That was quite a surprise to me, especially with respect > to the debate over it some time ago on this list. > Is the /usr/tmp really used for somethink usefull ? I would think man 7 hier will answer that for you in a hurry. Yes it really is usefull. > To Unsubscribe: send mail to majordomo@FreeBSD.org > with unsubscribe freebsd-security-digest in the body of the message -- Bill Vermillion - bv @ wjv . com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Feb 23 11:58:39 2002 Delivered-To: freebsd-security@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id C306D37B400 for ; Sat, 23 Feb 2002 11:58:36 -0800 (PST) Received: by flood.ping.uio.no (Postfix, from userid 2602) id 03F1E5341; Sat, 23 Feb 2002 20:58:34 +0100 (CET) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: bv@wjv.com Cc: security@FreeBSD.ORG Subject: Re: Third /tmp location ? References: <20020223160159.GA59042@wjv.com> From: Dag-Erling Smorgrav Date: 23 Feb 2002 20:58:33 +0100 In-Reply-To: <20020223160159.GA59042@wjv.com> Message-ID: Lines: 11 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/21.1 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Bill Vermillion writes: > > Is the /usr/tmp really used for somethink usefull ? > I would think man 7 hier will answer that for you in a hurry. > Yes it really is usefull. Bzzzt. FreeBSD has never had /usr/tmp, and all software that expects /usr/tmp has been changed to use /var/tmp instead. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Feb 23 12:49:30 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.westbend.net (ns1.westbend.net [216.47.253.3]) by hub.freebsd.org (Postfix) with ESMTP id 8E2CF37B404 for ; Sat, 23 Feb 2002 12:49:24 -0800 (PST) Received: from admin0 (WBIw010.westbend.net [216.47.253.30]) by mail.westbend.net (8.11.6/8.11.6) with SMTP id g1NKmeX33664; Sat, 23 Feb 2002 14:48:40 -0600 (CST) (envelope-from hetzels@westbend.net) Message-ID: <000501c1bcab$84ff2df0$1efd2fd8@westbend.net> From: "Scot W. Hetzel" To: "Kris Kennaway" Cc: "Milon Papezík" , "'Matthew Dillon'" , "'freebsd-security@freebsd.org'" References: <20020222152529.A16356@xor.obsecurity.org> <20020222152714.B16356@xor.obsecurity.org> Subject: Re: RE: Third /tmp location ? Date: Sat, 23 Feb 2002 14:48:52 -0600 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 X-Virus-Scanned: by amavisd-milter (http://amavis.org/) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org From: "Kris Kennaway" How about patching find_play_pen to set a variable to say that /usr/tmp was created by the pkg_install tools and then when the pkg_install tools call leave_playpen, /usr/tmp is removed only if the variable is set. attached is a untested patch for pen.c. Scot begin 666 pen.c-patch M26YD97@Z('!E;BYC"CT]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T] M/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T*4D-3(&9I;&4Z M("]H;VUE+VYC=G,O7!E;BAV;VED*0H@>PI 0" M-#PHK(" @('T@96QS92!I9B H;6MD:7(H(B]U6]U"@B8V]U;&1N)W0@2!D M:7(@)R5S)R(L(%!E;DQO8V%T:6]N*3L*( EP;W!096XH4&5N3&]C871I;VXI M.PHK(" @('T**R @("!I9B H8W)E871E7W5S; Sat, 23 Feb 2002 14:27:15 -0800 (PST) Received: from abc.ro (goanga.com [193.231.240.30]) by rage.abc.ro (8.11.3/8.11.3) with ESMTP id g1NMRDv50912 for ; Sun, 24 Feb 2002 00:27:13 +0200 (EET) (envelope-from andrei@abc.ro) Message-ID: <3C781741.744669C9@abc.ro> Date: Sun, 24 Feb 2002 00:27:13 +0200 From: ANdrei Organization: Cronon AG - tech department X-Mailer: Mozilla 4.78 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: de, ro, en MIME-Version: 1.0 To: freebsd-security@FreeBSD.ORG Subject: Re: Third /tmp location ? References: <20020222152529.A16356@xor.obsecurity.org> <20020222152714.B16356@xor.obsecurity.org> <000501c1bcab$84ff2df0$1efd2fd8@westbend.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org everybody id talking about a world writable /usr/tmp... surprisingly, i had one too, though i never created one (pkg_add probably did), but it 's not world writable... on my machine one user mainly logs on, and the dir has this user as owner, and permissions 755... weird, huh? at least when you consider that i can do pkg_add only as root... aloha, ANdrei To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Feb 23 15:58:41 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx0.mail.uk.easynet.net (mx0.mail.uk.easynet.net [195.40.1.39]) by hub.freebsd.org (Postfix) with ESMTP id AB54737B400 for ; Sat, 23 Feb 2002 15:58:35 -0800 (PST) Received: from dial2.mail.uk.easynet.net ([195.40.1.235]) by mx0.mail.uk.easynet.net with smtp (Exim 3.33 #4) id 16elzU-000H5Y-00 for freebsd-security@FreeBSD.ORG; Sat, 23 Feb 2002 23:54:08 +0000 Received: (qmail 25378 invoked from network); 23 Feb 2002 23:58:29 -0000 Received: from fish.nerds.org.uk (HELO fish) ([217.204.218.162]) (envelope-sender ) by dial2.mail.uk.easynet.net (qmail-ldap-1.03) with SMTP; 23 Feb 2002 23:58:29 -0000 Message-ID: <002b01c1bcc6$a952b1c0$a2daccd9@nerds.org.uk> From: "Lee Brotherston" To: "'freebsd-security@freebsd.org'" Subject: ipf transparently Date: Sun, 24 Feb 2002 00:03:17 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Apologies in advance if I'm missing something really obvious here. But I've setup my FreeBSD box to be a bridge, and has both ipfw and ipf compiled into the kernel. The bridging works perfectly and if I set the following using sysctl I can filter the bridged traffic with ipfw fine. net.link.ether.bridge_ipfw: 1 However I have not been able to find where to set a similar option to allow ipf to filter the traffic. I tried just applying some rules incase, and they had no effect. Any ideas more than welcome ;) Thanks Lee To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Feb 23 16: 8:58 2002 Delivered-To: freebsd-security@freebsd.org Received: from coc-ias.coc-snt.com.br (200-206-240-101.dsl.telesp.net.br [200.206.240.101]) by hub.freebsd.org (Postfix) with ESMTP id 5055F37B405; Sat, 23 Feb 2002 16:08:22 -0800 (PST) Received: from portugalmail.com (1Cust46.tnt59.dfw5.da.uu.net [67.203.43.46]) by coc-ias.coc-snt.com.br (8.11.1/8.8.7) with SMTP id g1O19DT15262; Sat, 23 Feb 2002 22:09:16 -0300 Message-Id: <200202240109.g1O19DT15262@coc-ias.coc-snt.com.br> To: From: d7354@portugalmail.com Subject: Burn fat with no effort Date: Sat, 23 Feb 2002 19:00:51 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2615.200 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Tone your Abs, Thighs, Arms, and more with NO EFFORT ! Don't have time to workout? Tired of all those products that have you get down on the floor? Tired of backaches caused by sit-ups!? NO MORE... READ ON! *TRIM AND TONE YOUR TUMMY IN TIME FOR THE SUMMER! *WORKOUT WHILE WATCHING TV, AT THE COMPUTER, OR EVEN AT THE MALL! *TONE YOUR MUSCLES WHILE AT WORK, HOME, OR EVEN ON THE ROAD! *EAT WHAT YOU WANT THIS HOLIDAY SEASON THEN SHED THE EXTRA FAT! *LOOK AMAZING IN YOUR BEACH WEAR NEXT SUMMER! For complete information: http://www2.software4you2002.com/tv/ Bonus! Order by February 28, 2002 and receive your choice of one of the following "FREE Gifts". 1. Satellite System. $149.95 Value! 2. Digital Cellular Phone. $99.95 Value! +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ To opt-Out: http://www2.software4you2002.com/options To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Feb 23 16:17:30 2002 Delivered-To: freebsd-security@freebsd.org Received: from obsecurity.dyndns.org (adsl-64-169-107-10.dsl.lsan03.pacbell.net [64.169.107.10]) by hub.freebsd.org (Postfix) with ESMTP id 4546237B402 for ; Sat, 23 Feb 2002 16:17:25 -0800 (PST) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id A981C66C32; Sat, 23 Feb 2002 16:17:24 -0800 (PST) Date: Sat, 23 Feb 2002 16:17:24 -0800 From: Kris Kennaway To: "Scot W. Hetzel" Cc: Kris Kennaway , =?iso-8859-1?Q?Milon_Papez=EDk?= , 'Matthew Dillon' , "'freebsd-security@freebsd.org'" Subject: Re: RE: Third /tmp location ? Message-ID: <20020223161724.A32157@xor.obsecurity.org> References: <20020222152529.A16356@xor.obsecurity.org> <20020222152714.B16356@xor.obsecurity.org> <000501c1bcab$84ff2df0$1efd2fd8@westbend.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="k+w/mQv8wyuph6w0" Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <000501c1bcab$84ff2df0$1efd2fd8@westbend.net>; from hetzels@westbend.net on Sat, Feb 23, 2002 at 02:48:52PM -0600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --k+w/mQv8wyuph6w0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Feb 23, 2002 at 02:48:52PM -0600, Scot W. Hetzel wrote: > From: "Kris Kennaway" >=20 > How about patching find_play_pen to set a variable to say that /usr/tmp w= as > created by the pkg_install tools and then when the pkg_install tools call > leave_playpen, /usr/tmp is removed only if the variable is set. That might be the best idea. > attached is a untested patch for pen.c. It's best to include patches directly so they can be read inline, but thanks..I'll try and take a look at it. Kris --k+w/mQv8wyuph6w0 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8eDEUWry0BWjoQKURApLcAJ9L6BhZN9MMGWQirwFWclBuNevMowCfeD/Y b5SueLgrvBLKD/IV55VI3uE= =mGLC -----END PGP SIGNATURE----- --k+w/mQv8wyuph6w0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Feb 23 16:18:24 2002 Delivered-To: freebsd-security@freebsd.org Received: from obsecurity.dyndns.org (adsl-64-169-107-10.dsl.lsan03.pacbell.net [64.169.107.10]) by hub.freebsd.org (Postfix) with ESMTP id 1AB6537B421 for ; Sat, 23 Feb 2002 16:17:55 -0800 (PST) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 9F4DA66C76; Sat, 23 Feb 2002 16:17:54 -0800 (PST) Date: Sat, 23 Feb 2002 16:17:54 -0800 From: Kris Kennaway To: Dag-Erling Smorgrav Cc: bv@wjv.com, security@FreeBSD.ORG Subject: Re: Third /tmp location ? Message-ID: <20020223161754.B32157@xor.obsecurity.org> References: <20020223160159.GA59042@wjv.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="5/uDoXvLw7AC5HRs" Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: ; from des@ofug.org on Sat, Feb 23, 2002 at 08:58:33PM +0100 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --5/uDoXvLw7AC5HRs Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Feb 23, 2002 at 08:58:33PM +0100, Dag-Erling Smorgrav wrote: > Bill Vermillion writes: > > > Is the /usr/tmp really used for somethink usefull ? > > I would think man 7 hier will answer that for you in a hurry. > > Yes it really is usefull. >=20 > Bzzzt. FreeBSD has never had /usr/tmp, and all software that expects > /usr/tmp has been changed to use /var/tmp instead. Well, this isn't true. Kris --5/uDoXvLw7AC5HRs Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8eDEyWry0BWjoQKURArfRAJoDSFJc/TP8SE5GhWRLp7PkBvIuGwCgvHm7 suYAXBgTqhl7SN/Wvw9UP38= =UAXj -----END PGP SIGNATURE----- --5/uDoXvLw7AC5HRs-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Feb 23 16:28:52 2002 Delivered-To: freebsd-security@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id E4EBB37B417 for ; Sat, 23 Feb 2002 16:28:41 -0800 (PST) Received: by flood.ping.uio.no (Postfix, from userid 2602) id 7FE165341; Sun, 24 Feb 2002 01:28:40 +0100 (CET) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: Kris Kennaway Cc: bv@wjv.com, security@FreeBSD.ORG Subject: Re: Third /tmp location ? References: <20020223160159.GA59042@wjv.com> <20020223161754.B32157@xor.obsecurity.org> From: Dag-Erling Smorgrav Date: 24 Feb 2002 01:28:39 +0100 In-Reply-To: <20020223161754.B32157@xor.obsecurity.org> Message-ID: Lines: 14 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/21.1 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Kris Kennaway writes: > On Sat, Feb 23, 2002 at 08:58:33PM +0100, Dag-Erling Smorgrav wrote: > > Bzzzt. FreeBSD has never had /usr/tmp, and all software that expects > > /usr/tmp has been changed to use /var/tmp instead. > Well, this isn't true. Check for yourself; BSD.usr.dist has never had a tmp entry. There may have been a time when it was created by sysinstall, but ISTR it was deprecated in 1997 or 1998 because it made it harder to mount /usr read-only. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Feb 23 16:40:38 2002 Delivered-To: freebsd-security@freebsd.org Received: from obsecurity.dyndns.org (adsl-64-169-107-10.dsl.lsan03.pacbell.net [64.169.107.10]) by hub.freebsd.org (Postfix) with ESMTP id BEEEA37B404 for ; Sat, 23 Feb 2002 16:40:35 -0800 (PST) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 3EB9E66C32; Sat, 23 Feb 2002 16:40:35 -0800 (PST) Date: Sat, 23 Feb 2002 16:40:35 -0800 From: Kris Kennaway To: Dag-Erling Smorgrav Cc: Kris Kennaway , bv@wjv.com, security@FreeBSD.ORG Subject: Re: Third /tmp location ? Message-ID: <20020223164034.A32672@xor.obsecurity.org> References: <20020223160159.GA59042@wjv.com> <20020223161754.B32157@xor.obsecurity.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="AqsLC8rIMeq19msA" Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: ; from des@ofug.org on Sun, Feb 24, 2002 at 01:28:39AM +0100 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --AqsLC8rIMeq19msA Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Feb 24, 2002 at 01:28:39AM +0100, Dag-Erling Smorgrav wrote: > Kris Kennaway writes: > > On Sat, Feb 23, 2002 at 08:58:33PM +0100, Dag-Erling Smorgrav wrote: > > > Bzzzt. FreeBSD has never had /usr/tmp, and all software that expects > > > /usr/tmp has been changed to use /var/tmp instead. > > Well, this isn't true. >=20 > Check for yourself; BSD.usr.dist has never had a tmp entry. There may > have been a time when it was created by sysinstall, but ISTR it was > deprecated in 1997 or 1998 because it made it harder to mount /usr > read-only. I'm not disputing that part, but your second assertion. There have already been examples posted showing where this is false (and it's already been agreed that they should be fixed). Kris --AqsLC8rIMeq19msA Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE8eDaCWry0BWjoQKURAjLIAJ9oYWyVcRbBrgMptSZUgusPgLvn9ACfavzD mgmiecnDuAnkI2gZPaMtZK0= =T5Us -----END PGP SIGNATURE----- --AqsLC8rIMeq19msA-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Feb 23 18: 7:53 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.westbend.net (ns1.westbend.net [216.47.253.3]) by hub.freebsd.org (Postfix) with ESMTP id 516DA37B400 for ; Sat, 23 Feb 2002 18:07:44 -0800 (PST) Received: from admin0 (admin0.westbend.net [216.47.253.17]) by mail.westbend.net (8.11.6/8.11.6) with ESMTP id g1O27eX40986 for ; Sat, 23 Feb 2002 20:07:40 -0600 (CST) (envelope-from hetzels@westbend.net) Message-ID: <008d01c1bcd7$e6f39c40$11fd2fd8@westbend.net> From: "Scot W. Hetzel" To: "'freebsd-security@freebsd.org'" References: <20020222152529.A16356@xor.obsecurity.org> <20020222152714.B16356@xor.obsecurity.org> <000501c1bcab$84ff2df0$1efd2fd8@westbend.net> <20020223161724.A32157@xor.obsecurity.org> Subject: Re: RE: Third /tmp location ? Date: Sat, 23 Feb 2002 20:06:41 -0600 Organization: West Bend Interent MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4807.1700 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 X-Virus-Scanned: by amavisd-milter (http://amavis.org/) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >On Sat, Feb 23, 2002 at 02:48:52PM -0600, Scot W. Hetzel wrote: >> How about patching find_play_pen to set a variable to say that /usr/tmp was >> created by the pkg_install tools and then when the pkg_install tools call >> leave_playpen, /usr/tmp is removed only if the variable is set. > >That might be the best idea. > >> attached is a untested patch for pen.c. > >It's best to include patches directly so they can be read inline, but >thanks..I'll try and take a look at it. > Here's the patch inline for others to review: Index: pen.c =================================================================== RCS file: /home/ncvs/src/usr.sbin/pkg_install/lib/pen.c,v retrieving revision 1.31.2.6 diff -u -r1.31.2.6 pen.c --- pen.c 22 Nov 2001 17:40:36 -0000 1.31.2.6 +++ pen.c 23 Feb 2002 20:34:31 -0000 @@ -34,6 +34,9 @@ static char PenLocation[FILENAME_MAX]; static char Previous[FILENAME_MAX]; +/* did we create the /usr/tmp directory */ +static int create_usr_tmp; + char * where_playpen(void) { @@ -47,6 +50,8 @@ char *cp; struct stat sb; + create_usr_tmp=0; + if (pen[0] && isdir(dirname(pen)) == TRUE && (min_free(dirname(pen)) >= sz)) return pen; else if ((cp = getenv("PKG_TMPDIR")) != NULL && stat(cp, &sb) != FAIL && (min_free(cp) >= sz)) @@ -57,9 +62,12 @@ strcpy(pen, "/var/tmp/instmp.XXXXXX"); else if (stat("/tmp", &sb) != FAIL && min_free("/tmp") >= sz) strcpy(pen, "/tmp/instmp.XXXXXX"); - else if ((stat("/usr/tmp", &sb) == SUCCESS || mkdir("/usr/tmp", 01777) == SUCCESS) && min_free("/usr/tmp") >= sz) + else if (stat("/usr/tmp", &sb) == SUCCESS && min_free("/usr/tmp") >= sz) { strcpy(pen, "/usr/tmp/instmp.XXXXXX"); - else { + } else if (mkdir("/usr/tmp", 01777) == SUCCESS && min_free("/usr/tmp") >= sz) { + strcpy(pen, "/usr/tmp/instmp.XXXXXX"); + create_usr_tmp=1; + } else { cleanup(0); errx(2, __FUNCTION__ ": can't find enough temporary space to extract the files, please set your\n" @@ -161,6 +169,10 @@ if (PenLocation[0] == '/' && vsystem("rm -rf %s", PenLocation)) warnx("couldn't remove temporary dir '%s'", PenLocation); popPen(PenLocation); + } + if (create_usr_tmp) { + if ( rmdir(/usr/tmp") == FAIL ) + warnx("couldn't remove /usr/tmp"); } signal(SIGINT, oldsig); } To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Feb 23 18:27:42 2002 Delivered-To: freebsd-security@freebsd.org Received: from scorpio.drkshdw.org (user4.net011.fl.sprint-hsd.net [207.30.203.4]) by hub.freebsd.org (Postfix) with ESMTP id 1598137B402 for ; Sat, 23 Feb 2002 18:27:37 -0800 (PST) Received: from scorpio (jeff.home.lan [192.168.134.2]) by scorpio.drkshdw.org (8.11.6/8.11.6) with SMTP id g1O2RXK05245 for ; Sat, 23 Feb 2002 21:27:34 -0500 (EST) (envelope-from scorpio@drkshdw.org) Message-ID: <003b01c1bcda$d4f06020$0286a8c0@home.lan> From: "Jeff Palmer" To: Subject: Couple of concerns with default rc.firewall Date: Sat, 23 Feb 2002 21:27:39 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0038_01C1BCB0.EB9BB240" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_0038_01C1BCB0.EB9BB240 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi all. I have a few concerns with the default /etc/rc.firewall. It's fairly common practice (and typically considered to be the most = secure practice) to build a default-to-deny firewall. Only traffic that = yous pecifically allow, can pass. Taking this into consideration, I checked 'man firewall' and find that = it too, agrees with the above. Having said that... is where we get into my problem. I compile my kernel with ipfw support. Without the default_to_allow. = and use a slightly modified "simple" configuration. This, by default = denies all incoming icmp. So, I again referred back to 'man firewall' and again, it agrees with = my thinking.. Certain ICMP types are beneficial, and should not be = denied (especially considering most users probably aren't "into" = security so they use a default firewall if any at all.) Is there any reason in particular, that ALL icmp traffic is denied by = default, except for using the 'open' ruleset? Or is this just a simple oversight, that needs to be examined? Thanks in advance for any feedback. Also, thanks for NOT flaming me if I've missed something obvious. ------=_NextPart_000_0038_01C1BCB0.EB9BB240 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Hi all.
 
I have a few concerns with the default=20 /etc/rc.firewall.
It's fairly common practice (and typically = considered to be=20 the most secure practice) to build a default-to-deny firewall.  = Only=20 traffic that yous pecifically allow, can pass.
 
Taking this into consideration,  I checked 'man = firewall'=20 and find that it too, agrees with the above.
 
Having said that... is where we get into my=20 problem.
I compile my kernel with ipfw support.  = Without the=20 default_to_allow. and use a slightly modified "simple" = configuration. =20 This,  by default denies all incoming icmp.
So, I again referred back to 'man=20 firewall' and again,  it agrees with my=20 thinking..  Certain ICMP types are beneficial, and should not be = denied=20 (especially considering most users probably aren't "into" security  = so they=20 use a default firewall if any at all.)
 
Is there any reason in particular,  that ALL = icmp traffic=20 is denied by default,   except for using the 'open'=20 ruleset?
Or is this just a simple oversight,  that needs = to be=20 examined?
 
Thanks in advance for any feedback.
Also,   thanks for NOT flaming me if I've = missed=20 something obvious.
 
------=_NextPart_000_0038_01C1BCB0.EB9BB240-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat Feb 23 23:15:31 2002 Delivered-To: freebsd-security@freebsd.org Received: from caligula.anu.edu.au (caligula.anu.edu.au [150.203.224.42]) by hub.freebsd.org (Postfix) with ESMTP id 29BD537B402 for ; Sat, 23 Feb 2002 23:15:29 -0800 (PST) Received: (from avalon@localhost) by caligula.anu.edu.au (8.9.3/8.9.3) id SAA12448; Sun, 24 Feb 2002 18:15:24 +1100 (EST) From: Darren Reed Message-Id: <200202240715.SAA12448@caligula.anu.edu.au> Subject: Re: ipf transparently To: lee.brotherston@uk.easynet.net (Lee Brotherston) Date: Sun, 24 Feb 2002 18:15:24 +1100 (Australia/ACT) Cc: freebsd-security@FreeBSD.ORG ('freebsd-security@freebsd.org') In-Reply-To: <002b01c1bcc6$a952b1c0$a2daccd9@nerds.org.uk> from "Lee Brotherston" at Feb 24, 2002 12:03:17 AM X-Mailer: ELM [version 2.5 PL1] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In some mail from Lee Brotherston, sie said: > > Apologies in advance if I'm missing something really obvious here. > But I've setup my FreeBSD box to be a bridge, and has both ipfw and > ipf compiled into the kernel. The bridging works perfectly and if I > set the following using sysctl I can filter the bridged traffic with > ipfw fine. > > net.link.ether.bridge_ipfw: 1 > > However I have not been able to find where to set a similar option to > allow ipf to filter the traffic. I tried just applying some rules > incase, and they had no effect. Someone (probably me) needs to make the bridge hooks work for ipf. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message