From owner-freebsd-security Sun May 19 0:31:29 2002 Delivered-To: freebsd-security@freebsd.org Received: from localhost.com (hkg-tgn-rwe-vty5.as.wcom.net [63.12.174.5]) by hub.freebsd.org (Postfix) with SMTP id 59D0737B400 for ; Sun, 19 May 2002 00:31:18 -0700 (PDT) From: FreeBSD-security@FreeBSD.org Reply-To: pni123456789@hotmail.com To: FreeBSD-security@FreeBSD.org Date: Sun, 19 May 2002 15:00:45 +0700 Subject: Çѹ¹Õé¤Ø³ÃÙéÊÖ¡ÍÂèÒ§äà 19/5/2002 15:00:45 X-Mailer: QuickSender 1.05 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Message-Id: <20020519073118.59D0737B400@hub.freebsd.org> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Dear FreeBSD-security =2C =C7=D1=B9=B9=D5=E9 =A4=D8=B3=C3=D9=E9=CA=D6=A1=C7=E8=D2=E0=A7=D4=B9=E0=B4=D7=CD=B9=B7=D5=E8=A4=D8=B3=E4=B4=E9=C3=D1=BA=E4=C1=E8=A4=D8=E9=C1=A4=E8=D2=A1=D1=BA=A4=C7=D2=C1=CA=D2=C1=D2=C3=B6=A2=CD=A7=A4=D8=B3 =C7=D1=B9=B9=D5=E9 =A4=D8=B3=C3=D9=E9=CA=D6=A1=C7=E8=D2=E0=BE=D7=E8=CD=B9=C3=E8=C7=C1=A7=D2=B9=A1=E9=D2=C7=CB=B9=E9=D2 =E3=B9=A2=B3=D0=B7=D5=E8=A4=D8=B3=CD=C2=D9=E8=B7=D5=E8=E0=B4=D4=C1 =B7=D1=E9=A7 =E6=B7=D5=E8 =A4=D8=B3=C1=D5=A4=C7=D2=C1=CA=D2=C1=D2=C3=B6=A1=C7=E8=D2 =C7=D1=B9=B9=D5=E9 =A4=D8=B3=C3=D9=E9=CA=D6=A1=E0=CB=B9=D7=E8=CD=C2=A1=D1=BA=A1=D2=C3=B7=D3=A7=D2=B9 =E1=C5=E9=C7=C1=CD=A7=CB=D2=CB=B9=B7=D2=A7=B7=D5=E8=B4=D5=A1=C7=E8=D2=E3=B9=CD=B9=D2=A4=B5 =C7=D1=B9=B9=D5=E9 =A4=D8=B3=C3=D9=E9=CA=D6=A1=CD=C2=D2=A1=C1=D5=AA=D5=C7=B5=B7=D5=E8=B4=D5=A1=C7=E8=D2=C7=D1=B9=B9=D5=E9 =CB=D2=A1=A4=D8=B3=B5=CD=BA=C7=E8=D2=E3=AA=E8 =E0=BE=D5=C2=A7=A2=E9=CD=E3=B4=A2=E9=CD=CB=B9=D6=E8=A7 =E0=C7=BB=E4=AB=B5=EC=B9=D5=E9=A4=A7=AA=E8=C7=C2=A4=D8=B3=E4=B4=E9 http=3A=2F=2Fwww=2Ethaiworkathome=2Ecom=2Finformation =CB=D2=A1=A4=D8=B3=B5=E9=CD=A7=A1=D2=C3=CA=D4=E8=A7=B7=D5=E8=B4=D5=A1=C7=E8=D2=E3=B9=CD=B9=D2=A4=B5 =E1=B5=E8=A4=D8=B3=C1=D4=E4=B4=E9=E0=BB=C5=D5=E8=C2=B9=E1=BB=C5=A7=CB=C3=D7=CD=E1=C1=E9=E1=B5=E8=A8=D0=A4=D4=B4 =B7=D8=A1=CD=C2=E8=D2=A7=E3=B9=AA=D5=C7=D4=B5=A1=E7=A8=D0=E4=C1=E8=E0=BB=C5=D5=E8=C2=B9=E1=BB=C5=A7 =22=A2=CD=CD=C0=D1=C2=CB=D2=A1=A2=E9=CD=A4=C7=D2=C1=B9=D5=E9=B6=D9=A1=CA=E8=A7=E4=BB=C2=D1=A7=A4=D8=B3=E2=B4=C2=BA=D1=A7=E0=CD=D4=AD =CB=D2=A1=A4=D8=B3=B5=E9=CD=A7=A1=D2=C3=E3=CB=E9=C3=D2=C2=AA=D7=E8=CD=B6=D9=A1=C5=BA=CD=CD=A1 =09=A1=C3=D8=B3=D2 click =B7=D5=E8=B9=D5=E8 http=3A=2F=2Fwww=2Ethaiworkathome=2Ecom=2Funsubscribe=2Easp To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 20 2:37:42 2002 Delivered-To: freebsd-security@freebsd.org Received: from sdns.kv.ukrtel.net (sdns.kv.ukrtel.net [195.5.27.246]) by hub.freebsd.org (Postfix) with ESMTP id 5C48B37B412; Mon, 20 May 2002 02:37:32 -0700 (PDT) Received: from vega.vega.com (195.5.51.243 [195.5.51.243]) by sdns.kv.ukrtel.net with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21) id J9KHZYD4; Mon, 20 May 2002 12:39:22 +0300 Received: from FreeBSD.org (big_brother.vega.com [192.168.1.1]) by vega.vega.com (8.11.6/8.11.3) with ESMTP id g4K9bPc01988; Mon, 20 May 2002 12:37:25 +0300 (EEST) (envelope-from sobomax@FreeBSD.org) Message-ID: <3CE8C3E2.EBF4EC8F@FreeBSD.org> Date: Mon, 20 May 2002 12:37:38 +0300 From: Maxim Sobolev Organization: Vega International Capital X-Mailer: Mozilla 4.79 [en] (Windows NT 5.0; U) X-Accept-Language: en,uk,ru MIME-Version: 1.0 To: developers@FreeBSD.org Cc: security@FreeBSD.org, nectar@FreeBSD.org Subject: Is 4.3 security branch officially "out of commission"? Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Folks, I was notified by the members of the local FreeBSD community (we have a very strong presence of FreeBSD in ISP circles here) that seemingly 4.3 security branch isn't supported anymore, even though there was no official announcement about decommissioning. Particularly, exec() stdio security vulnerability (rev.1.137 src/sys/kern/kern_descrip.c, rev.1.162 src/sys/kern/kern_exec.c and rev.1.41 src/sys/sys/filedesc.h) was MFC'ed to 4.5 and 4.4, but not to 4.3. Nedless to say that they are very disappointed by that fact, because 4.3 is not that outdated and still used just fine on production machines. Could someone clarify the situation, and correct it if it was just a mistake. Thanks! -Maxim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 20 2:51: 8 2002 Delivered-To: freebsd-security@freebsd.org Received: from star.rila.bg (star.rila.bg [194.141.1.32]) by hub.freebsd.org (Postfix) with ESMTP id 5A8E237B408 for ; Mon, 20 May 2002 02:51:01 -0700 (PDT) Received: from star.rila.bg (vlady@localhost [127.0.0.1]) by star.rila.bg (8.11.6/8.11.4) with SMTP id g4K9oxa19053 for ; Mon, 20 May 2002 12:50:59 +0300 (EEST) (envelope-from vladimirt@rila.bg) Date: Mon, 20 May 2002 12:50:59 +0300 From: Vladimir Terziev To: freebsd-security@FreeBSD.ORG Subject: Problem applying FreeBSD-SA-02:21.tcpip patch Message-Id: <20020520125059.0aa3ed34.vladimirt@rila.bg> X-Mailer: Sylpheed version 0.7.4 (GTK+ 1.2.7; i386-unknown-freebsd4.5) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, I've tryed to apply FreeBSD-SA-02:21.tcpip patch to my 4.5-STABLE system, but I've got an error: Patching file sys/netinet/ip_output.c using Plan A... Hunk #1 failed at 124. Hunk #2 succeeded at 186 (offset 1 line). Hunk #3 succeeded at 213 (offset 3 lines). 1 out of 3 hunks failed--saving rejects to sys/netinet/ip_output.c.rej Does anybody have an idea why I've got the above? Vladimir To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 20 3: 9: 5 2002 Delivered-To: freebsd-security@freebsd.org Received: from midway.uchicago.edu (midway.uchicago.edu [128.135.12.12]) by hub.freebsd.org (Postfix) with ESMTP id 308D137B408; Mon, 20 May 2002 03:08:57 -0700 (PDT) Received: from there (adsl-67-37-234-147.dsl.chcgil.ameritech.net [67.37.234.147]) by midway.uchicago.edu (8.12.2/8.12.2) with SMTP id g4KA8uKl000787; Mon, 20 May 2002 05:08:56 -0500 (CDT) Message-Id: <200205201008.g4KA8uKl000787@midway.uchicago.edu> Content-Type: text/plain; charset="koi8-r" From: David Syphers Reply-To: dsyphers@uchicago.edu To: Maxim Sobolev , developers@FreeBSD.ORG Subject: Re: Is 4.3 security branch officially "out of commission"? Date: Mon, 20 May 2002 05:08:56 -0500 X-Mailer: KMail [version 1.3.2] Cc: security@FreeBSD.ORG, nectar@FreeBSD.ORG References: <3CE8C3E2.EBF4EC8F@FreeBSD.org> In-Reply-To: <3CE8C3E2.EBF4EC8F@FreeBSD.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Monday 20 May 2002 04:37 am, Maxim Sobolev wrote: > Folks, > > I was notified by the members of the local FreeBSD community (we have > a very strong presence of FreeBSD in ISP circles here) that seemingly > 4.3 security branch isn't supported anymore, even though there was no > official announcement about decommissioning. See http://www.freebsd.org/security/index.html. I quote --- At this time, security advisories are being released for: FreeBSD 4.4-RELEASE FreeBSD 4.5-RELEASE FreeBSD 4.5-STABLE Older releases are not maintained and users are strongly encouraged to upgrade to one of the supported releases mentioned above. --- As Kris Kennaway mentioned on May 8 (security@ archives...), the official lifetimes of the security branches are not long, although the security team may choose to extend support longer as a courtesy, presumably if they have the manpower and interest. -David -- Everyone who believes in telekinesis, raise my hand... Center for Cosmological Physics The University of Chicago To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 20 3:31: 4 2002 Delivered-To: freebsd-security@freebsd.org Received: from sdns.kv.ukrtel.net (sdns.kv.ukrtel.net [195.5.27.246]) by hub.freebsd.org (Postfix) with ESMTP id 027A537B407; Mon, 20 May 2002 03:30:44 -0700 (PDT) Received: from vega.vega.com (195.5.51.243 [195.5.51.243]) by sdns.kv.ukrtel.net with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21) id J9KHZYGD; Mon, 20 May 2002 13:32:34 +0300 Received: from FreeBSD.org (big_brother.vega.com [192.168.1.1]) by vega.vega.com (8.11.6/8.11.3) with ESMTP id g4KAUZc02695; Mon, 20 May 2002 13:30:35 +0300 (EEST) (envelope-from sobomax@FreeBSD.org) Message-ID: <3CE8D057.BEA07F0@FreeBSD.org> Date: Mon, 20 May 2002 13:30:47 +0300 From: Maxim Sobolev Organization: Vega International Capital X-Mailer: Mozilla 4.79 [en] (Windows NT 5.0; U) X-Accept-Language: en,uk,ru MIME-Version: 1.0 To: dsyphers@uchicago.edu Cc: developers@FreeBSD.ORG, security@FreeBSD.ORG, nectar@FreeBSD.ORG Subject: Re: Is 4.3 security branch officially "out of commission"? References: <3CE8C3E2.EBF4EC8F@FreeBSD.org> <200205201008.g4KA8uKl000787@midway.uchicago.edu> Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org David Syphers wrote: > > On Monday 20 May 2002 04:37 am, Maxim Sobolev wrote: > > Folks, > > > > I was notified by the members of the local FreeBSD community (we have > > a very strong presence of FreeBSD in ISP circles here) that seemingly > > 4.3 security branch isn't supported anymore, even though there was no > > official announcement about decommissioning. > > See http://www.freebsd.org/security/index.html. I quote > --- > At this time, security advisories are being released for: > > FreeBSD 4.4-RELEASE > FreeBSD 4.5-RELEASE > FreeBSD 4.5-STABLE > > Older releases are not maintained and users are strongly encouraged to > upgrade to one of the supported releases mentioned above. > --- > > As Kris Kennaway mentioned on May 8 (security@ archives...), the official > lifetimes of the security branches are not long, although the security team > may choose to extend support longer as a courtesy, presumably if they have > the manpower and interest. I see. What is the official procedure when somebody not from the security team want to maintain older releases? For example, as I said there is significant push from the local community to merge recent security fixes into older releases, so that it is likely that they could provide to me with tested patches for older releases they are interested in. May I merge them into 4.3 security branch without my commit bit being suspended for inappropriate MFCs into security branch? -Maxim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 20 4: 2:31 2002 Delivered-To: freebsd-security@freebsd.org Received: from svr-ganmtc-appserv-mgmt.ncf.coxexpress.com (svr-ganmtc-appserv-mgmt.ncf.coxexpress.com [24.136.46.5]) by hub.freebsd.org (Postfix) with ESMTP id 5D0AC37B403 for ; Mon, 20 May 2002 04:02:27 -0700 (PDT) Received: from darkstar.doublethink.cx (cpe-oca-24-136-59-202-cmcpe.ncf.coxexpress.com [24.136.59.202]) by svr-ganmtc-appserv-mgmt.ncf.coxexpress.com (8.11.4/8.11.4) with ESMTP id g4KB2K702360; Mon, 20 May 2002 07:02:21 -0400 Received: by darkstar.doublethink.cx (Postfix, from userid 1000) id 2AF4158F; Mon, 20 May 2002 07:02:15 -0400 (EDT) Date: Mon, 20 May 2002 07:02:15 -0400 From: Chris Faulhaber To: Vladimir Terziev Cc: freebsd-security@FreeBSD.ORG Subject: Re: Problem applying FreeBSD-SA-02:21.tcpip patch Message-ID: <20020520110215.GA30713@darkstar.doublethink.cx> Mail-Followup-To: Chris Faulhaber , Vladimir Terziev , freebsd-security@FreeBSD.ORG References: <20020520125059.0aa3ed34.vladimirt@rila.bg> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="Kj7319i9nmIyA2yE" Content-Disposition: inline In-Reply-To: <20020520125059.0aa3ed34.vladimirt@rila.bg> User-Agent: Mutt/1.3.28i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --Kj7319i9nmIyA2yE Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, May 20, 2002 at 12:50:59PM +0300, Vladimir Terziev wrote: > Hi, >=20 > I've tryed to apply FreeBSD-SA-02:21.tcpip patch to my 4.5-STABLE system,= but I've got an error: >=20 > Patching file sys/netinet/ip_output.c using Plan A... > Hunk #1 failed at 124. > Hunk #2 succeeded at 186 (offset 1 line). > Hunk #3 succeeded at 213 (offset 3 lines). > 1 out of 3 hunks failed--saving rejects to sys/netinet/ip_output.c.rej >=20 > Does anybody have an idea why I've got the above? >=20 According to the advisory the patch only applies to 4.5-RELEASE, 4-STABLE between 2001-12-28 10:08:33 UTC and 2002-02-20 14:57:41 UTC. Is your 4.5-STABLE in this range, if not, you are not vulnerable and are attempting to patch a system that does not need it. --=20 Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org --Kj7319i9nmIyA2yE Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: FreeBSD: The Power To Serve iEYEARECAAYFAjzo17cACgkQObaG4P6BelC1XwCeOWaVtmnkhguWf8hG3w8wwApE O2AAn0PwrrJzgwtTqKTvEGxP+JPaUkkC =pdqd -----END PGP SIGNATURE----- --Kj7319i9nmIyA2yE-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 20 4:27:44 2002 Delivered-To: freebsd-security@freebsd.org Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by hub.freebsd.org (Postfix) with ESMTP id B909137B408; Mon, 20 May 2002 04:27:33 -0700 (PDT) Received: from madman.nectar.cc (madman.nectar.cc [10.0.1.111]) by gw.nectar.cc (Postfix) with ESMTP id 203A651; Mon, 20 May 2002 06:27:33 -0500 (CDT) Received: from madman.nectar.cc (localhost [IPv6:::1]) by madman.nectar.cc (8.12.3/8.11.6) with ESMTP id g4KBRWpd057975; Mon, 20 May 2002 06:27:32 -0500 (CDT) (envelope-from nectar@madman.nectar.cc) Received: (from nectar@localhost) by madman.nectar.cc (8.12.3/8.12.3/Submit) id g4KBRWs1057974; Mon, 20 May 2002 06:27:32 -0500 (CDT) Date: Mon, 20 May 2002 06:27:32 -0500 From: "Jacques A. Vidrine" To: Maxim Sobolev Cc: developers@FreeBSD.org, security@FreeBSD.org, dsyphers@uchicago.edu Subject: Re: Is 4.3 security branch officially "out of commission"? Message-ID: <20020520112732.GA57935@madman.nectar.cc> References: <3CE8C3E2.EBF4EC8F@FreeBSD.org> <200205201008.g4KA8uKl000787@midway.uchicago.edu> <3CE8D057.BEA07F0@FreeBSD.org> <3CE8C3E2.EBF4EC8F@FreeBSD.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3CE8D057.BEA07F0@FreeBSD.org> <3CE8C3E2.EBF4EC8F@FreeBSD.org> User-Agent: Mutt/1.3.99i X-Url: http://www.nectar.cc/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, May 20, 2002 at 12:37:38PM +0300, Maxim Sobolev wrote: > I was notified by the members of the local FreeBSD community (we have > a very strong presence of FreeBSD in ISP circles here) that seemingly > 4.3 security branch isn't supported anymore, even though there was no > official announcement about decommissioning. See : The FreeBSD Security Officer Team provides security advisories for the following releases of FreeBSD: * The most recent official release of FreeBSD. * FreeBSD-stable, when at least 2 releases are based on it. * The previous FreeBSD-stable when a "new stable" does not yet have 2 releases based on it. At this time, security advisories are being released for: * FreeBSD 4.4-RELEASE * FreeBSD 4.5-RELEASE * FreeBSD 4.5-STABLE This also implies that when 4.6-RELEASE `ships', that 4.4-RELEASE will no longer be `officially' supported by the FreeBSD Security Officer Team. Note that as time and resources allow, we do try to merge to older branches. On Mon, May 20, 2002 at 01:30:47PM +0300, Maxim Sobolev wrote: > What is the official procedure when somebody not from the security > team want to maintain older releases? For example, as I said there is > significant push from the local community to merge recent security > fixes into older releases, so that it is likely that they could > provide to me with tested patches for older releases they are > interested in. May I merge them into 4.3 security branch without my > commit bit being suspended for inappropriate MFCs into security > branch? You may not make commits to RELENG_4_* without security-officer approval. However, if you have well-tested patches for older branches, you shall almost certainly get approval or the team shall commit them for you. Of course, this will not magically turn the old branch into `supported', and it is strongly recommended that folks update to a newer release in order to benefit not only from security fixes but from all the various other major fixes and improvements that occur over time to 4.x. Cheers, -- Jacques A. Vidrine http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 20 8:11:23 2002 Delivered-To: freebsd-security@freebsd.org Received: from bodb.mc.mpls.visi.com (bodb.mc.mpls.visi.com [208.42.156.104]) by hub.freebsd.org (Postfix) with ESMTP id F2E0A37B40A; Mon, 20 May 2002 08:11:09 -0700 (PDT) Received: from sheol.localdomain (hawkeyd-fw.dsl.visi.com [208.42.101.193]) by bodb.mc.mpls.visi.com (Postfix) with ESMTP id 1D5155BBE; Mon, 20 May 2002 10:10:46 -0500 (CDT) Received: (from hawkeyd@localhost) by sheol.localdomain (8.11.6/8.11.6) id g4KFAes00586; Mon, 20 May 2002 10:10:40 -0500 (CDT) (envelope-from hawkeyd) Date: Mon, 20 May 2002 10:10:40 -0500 (CDT) Message-Id: <200205201510.g4KFAes00586@sheol.localdomain> Mime-Version: 1.0 X-Newsreader: knews 1.0b.1 Reply-To: hawkeyd@visi.com Organization: if (!FIFO) if (!LIFO) break; References: <200205201008.g4KA8uKl000787_midway.uchicago.edu@ns.sol.net> <3CE8D057.BEA07F0_FreeBSD.org@ns.sol.net> In-Reply-To: <3CE8D057.BEA07F0_FreeBSD.org@ns.sol.net> From: hawkeyd@visi.com (D J Hawkey Jr) Subject: Re: Is 4.3 security branch officially "out of commission"? X-Original-Newsgroups: sol.lists.freebsd.security To: sobomax@freebsd.org, freebsd-security@freebsd.org Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In article <3CE8D057.BEA07F0_FreeBSD.org@ns.sol.net>, sobomax@FreeBSD.ORG writes: > David Syphers wrote: >> >> On Monday 20 May 2002 04:37 am, Maxim Sobolev wrote: >> > Folks, >> > >> > I was notified by the members of the local FreeBSD community (we have >> > a very strong presence of FreeBSD in ISP circles here) that seemingly >> > 4.3 security branch isn't supported anymore, even though there was no >> > official announcement about decommissioning. >> >> See http://www.freebsd.org/security/index.html. I quote >> --- >> At this time, security advisories are being released for: >> >> FreeBSD 4.4-RELEASE >> FreeBSD 4.5-RELEASE >> FreeBSD 4.5-STABLE >> >> Older releases are not maintained and users are strongly encouraged to >> upgrade to one of the supported releases mentioned above. >> --- >> >> As Kris Kennaway mentioned on May 8 (security@ archives...), the official >> lifetimes of the security branches are not long, although the security team >> may choose to extend support longer as a courtesy, presumably if they have >> the manpower and interest. > > I see. > > What is the official procedure when somebody not from the security > team want to maintain older releases? For example, as I said there is > significant push from the local community to merge recent security > fixes into older releases, so that it is likely that they could > provide to me with tested patches for older releases they are > interested in. May I merge them into 4.3 security branch without my > commit bit being suspended for inappropriate MFCs into security > branch? > > -Maxim Quite apart from what Jacques an Kris lay down as the Official Party Line(tm), you might want to look at http://www.visi.com/~hawkeyd/freebsd-backports.html It's my own small effort to provide what you - and I - are looking for. Dave -- Windows: "Where do you want to go today?" Linux: "Where do you want to go tomorrow?" FreeBSD: "Are you guys coming, or what?" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 20 9: 8:34 2002 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 4F18837B40E; Mon, 20 May 2002 09:08:06 -0700 (PDT) Received: (from jedgar@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g4KG86X23936; Mon, 20 May 2002 09:08:06 -0700 (PDT) (envelope-from security-advisories@freebsd.org) Date: Mon, 20 May 2002 09:08:06 -0700 (PDT) Message-Id: <200205201608.g4KG86X23936@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: jedgar set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-02:24.k5su Reply-To: security-advisories@freebsd.org Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:24.k5su Security Advisory The FreeBSD Project Topic: k5su utility does not honor `wheel' group Category: kerberos5 Module: kerberos5/usr.bin/k5su Announced: 2002-05-20 Credits: jmallet@FreeBSD.org Affects: FreeBSD 4.4-RELEASE FreeBSD 4.5-RELEASE FreeBSD-STABLE prior to the correction date Corrected: 2002-05-15 12:51:30 UTC (RELENG_4) 2002-05-15 12:56:21 UTC (RELENG_4_5) 2002-05-15 13:04:00 UTC (RELENG_4_4) FreeBSD only: YES I. Background The k5su utility is a SU utility similar to su(1), and is used to switch privileges after authentication using Kerberos 5 or the local passwd(5) file. k5su is installed as part of the `krb5' distribution, or when building from source with MAKE_KERBEROS5 set. Neither of these are default settings. II. Problem Description Historically, the BSD SU utility only allows users who are members of group `wheel' (group-ID 0) to obtain superuser privileges. The k5su utility, however, does not honor this convention and does not verify group membership if a user has successfully authenticated. k5su also lacks other features of su(1), such as checking for password expiration, implementing login classes, and checking for the target user's login shell in /etc/shells. III. Impact Contrary to the expectations of many BSD system administrators, users not in group `wheel' may use k5su to attempt to obtain superuser privileges. Note that this would require knowledge of the root account password, or an explicit entry in the Kerberos 5 `.k5login' ACL for the root account. IV. Solution Remove the set-user-ID bit from the k5su utility: # chmod u-s /usr/bin/k5su This will completely disable k5su. Sites which wish to use Kerberos 5 authentication for SU and are comfortable with its limitations may choose to leave the set-user-ID bit enabled. As of the correction date, FreeBSD (including the upcoming 4.6-RELEASE) will install k5su if requested, but the set-user-ID bit will not be enabled by default. See also the ENABLE_SUID_K5SU option in make.conf(5). VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Path Revision Branch - ------------------------------------------------------------------------- src/UPDATING RELENG_4 1.73.2.67 RELENG_4_5 1.73.2.50.2.12 RELENG_4_4 1.73.2.43.2.12 src/etc/defaults/make.conf RELENG_4 1.97.2.65 RELENG_4_5 1.97.2.59.2.1 RELENG_4_4 1.97.2.58.2.1 src/kerberos5/usr.bin/k5su/Makefile RELENG_4 1.73.2.67 RELENG_4_5 1.97.2.59.2.1 RELENG_4_4 1.1.2.2.2.1 src/share/man/man5/make.conf.5 RELENG_4 1.12.2.16 RELENG_4_5 1.12.2.12.2.1 RELENG_4_4 1.12.2.10.2.1 - ------------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) Comment: FreeBSD: The Power To Serve iQCVAwUBPOkdtFUuHi5z0oilAQFd1wP8CUxrBx+DJhQZqLpOocpF4yd8IWclz4Uu 8I8LT5RaWNKMrOt9FB6/jGthRFNqTL72XeDaezxT72IFSUHIpF9wI87aKNVDknPp vQxh0Pr8/8EqvOLhvT6Hu/20xKrBZe2bht/lUQ/HxrgriaZteTAMfMYL653xgP5U M+0f/mfSm3w= =lTOo -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 20 9:11:36 2002 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id E4C8537B40B; Mon, 20 May 2002 09:08:14 -0700 (PDT) Received: (from jedgar@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g4KG8EC23988; Mon, 20 May 2002 09:08:14 -0700 (PDT) (envelope-from security-advisories@freebsd.org) Date: Mon, 20 May 2002 09:08:14 -0700 (PDT) Message-Id: <200205201608.g4KG8EC23988@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: jedgar set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-02:25.bzip2 Reply-To: security-advisories@freebsd.org Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:25 Security Advisory The FreeBSD Project Topic: bzip2 contains multiple security vulnerabilities Category: core/ports Module: bzip2 Announced: 2002-05-20 Credits: Volker Schmidt, Philippe Troin Affects: FreeBSD 4.4-RELEASE, FreeBSD 4.5-RELEASE, FreeBSD 4.5-STABLE prior to the correction date. bzip2 port prior to bzip2-1.0.2 Corrected: 2002-02-18 09:12:53 UTC (4.5-STABLE, RELENG_4) 2002-02-23 18:28:09 UTC (4.5-RELEASE-p1, RELENG_4_5) 2002-02-23 18:33:18 UTC (4.4-RELEASE-p8, RELENG_4_4) 2002-02-22 13:21:22 UTC (bzip2 port) FreeBSD only: NO I. Background bzip2 is an advanced block-sorting file compression utility. II. Problem Description When creating a file during decompression, the bzip2 utility failed to use the O_EXCL flag, potentially overwriting files without warning. In addition, the bzip2 utility did not securely create new files causing a race condition between creating the file and setting the correct permissions. When compressing a file pointed to by a symbolic link, the bzip2 utility incorrectly stored the permissions of the symbolic link instead of the file. This may result in potentially lax file permissions (rwxr-xr-x), causing the decompressed file to be world-readable. bzip2 was incorporated into FreeBSD prior to FreeBSD 4.4-RELEASE. Previous versions of FreeBSD did not contain bzip2 and are unaffected unless bzip2 was installed from the ports collection or manually by the system administrator. III. Impact 1) Files may be inadvertently overwritten without warning. 2) Due to the race condition between creating files and setting proper permissions, a local user may be able to read the contents of files regardless of their intended permissions. 3) Decompressed files that were originally pointed to by a symbolic link may end up with in incorrect permissions, allowing local users to view their contents. IV. Workaround 1) Deinstall the bzip2 port/package if you have it installed. V. Solution [FreeBSD 4.4 or 4.5 base system] 1) Upgrade your vulnerable system to 4.5-STABLE or the RELENG_4_4 or RELENG_4_5 security branch dated after the respective correction dates. 2) To patch your present system, download the relevant patch from the below location, and execute the following commands as root: # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:25/bzip2.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:25/bzip2.patch.asc Verify the detached PGP signature using your PGP utility. This patch has been verified to apply to FreeBSD 4.4-RELEASE and 4.5-RELEASE. # cd /usr/src # patch -p < /path/to/patch # cd lib/libbz2 # make depend && make all install # cd ../../usr.bin/bzip2 # make depend && make all install 3) FreeBSD 4.4-RELEASE and 4.5-RELEASE systems: An experimental upgrade package is available for users who wish to provide testing and feedback on the binary upgrade process. This package may be installed on FreeBSD 4.4-RELEASE and 4.5-RELEASE systems only, and is intended for use on systems for which source patching is not practical or convenient. If you use the upgrade package, feedback (positive or negative) to security-officer@FreeBSD.org is requested so we can improve the process for future advisories. During the installation procedure, backup copies are made of the files which are replaced by the package. These backup copies will be reinstalled if the package is removed, reverting the system to a pre-patched state. # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-02.25/security-patch-bzip2-02.25.tgz # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-02.25/security-patch-bzip2-02.25.tgz.asc Verify the detached PGP signature using your PGP utility. # pkg_add security-patch-bzip2-02.25.tgz [ports] 1) Upgrade your entire ports collection and rebuild the bzip2 port. 2) Deinstall the old package and install a new package dated after the correction date, obtained from the following directories: [i386] ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/archivers/ ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/archivers/ [alpha] Packages are not automatically generated for the alpha architecture at this time due to lack of build resources. NOTE: It may be several days before updated packages are available. Be sure to check the file creation date on the package, because the version number of the software has not changed. 3) Download a new port skeleton for the bzip2 port from: http://www.freebsd.org/ports/ and use it to rebuild the port. 4) Use the portcheckout utility to automate option (3) above. The portcheckout port is available in /usr/ports/devel/portcheckout or the package can be obtained from: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/Latest/portcheckout.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/Latest/portcheckout.tgz VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. [Ports collection] Path Revision - ------------------------------------------------------------------------- ports/archivers/bzip2/Makefile 1.36 ports/archivers/bzip2/distinfo 1.10 ports/archivers/bzip2/pkg-descr 1.5 ports/archivers/bzip2/pkg-plist 1.14 - ------------------------------------------------------------------------- [Base system] Branch Path Revision - ------------------------------------------------------------------------- RELENG_4 src/contrib/bzip2/CHANGES 1.1.1.1.2.2 src/contrib/bzip2/FREEBSD-upgrade 1.1.2.1 src/contrib/bzip2/LICENSE 1.1.1.1.2.2 src/contrib/bzip2/Makefile 1.1.1.1.2.2 src/contrib/bzip2/Makefile-libbz2_so 1.1.1.1.2.2 src/contrib/bzip2/README 1.1.1.1.2.2 src/contrib/bzip2/README.COMPILATION.PROBLEMS 1.1.1.1.2.2 src/contrib/bzip2/Y2K_INFO 1.1.1.1.2.1 src/contrib/bzip2/blocksort.c 1.1.1.1.2.2 src/contrib/bzip2/bzip2.1 1.1.1.1.2.2 src/contrib/bzip2/bzip2.c 1.1.1.1.2.2 src/contrib/bzip2/bzip2recover.c 1.1.1.1.2.2 src/contrib/bzip2/bzlib.c 1.1.1.1.2.2 src/contrib/bzip2/bzlib.h 1.1.1.1.2.2 src/contrib/bzip2/bzlib_private.h 1.1.1.1.2.2 src/contrib/bzip2/compress.c 1.1.1.1.2.2 src/contrib/bzip2/crctable.c 1.1.1.1.2.2 src/contrib/bzip2/decompress.c 1.1.1.1.2.2 src/contrib/bzip2/dlltest.c 1.1.1.1.2.2 src/contrib/bzip2/huffman.c 1.1.1.1.2.2 src/contrib/bzip2/libbz2.def 1.1.1.1.2.1 src/contrib/bzip2/makefile.msc 1.1.1.1.2.2 src/contrib/bzip2/manual.texi 1.1.1.1.2.2 src/contrib/bzip2/randtable.c 1.1.1.1.2.2 src/contrib/bzip2/sample1.bz2.uu 1.1.1.1.2.2 src/contrib/bzip2/sample1.ref.gz.uu 1.1.1.1.2.2 src/contrib/bzip2/sample2.bz2.uu 1.1.1.1.2.2 src/contrib/bzip2/sample2.ref.gz.uu 1.1.1.1.2.1 src/contrib/bzip2/sample3.bz2.uu 1.1.1.1.2.2 src/contrib/bzip2/sample3.ref.gz.uu 1.1.1.1.2.1 src/contrib/bzip2/spewG.c 1.1.1.1.2.1 src/contrib/bzip2/unzcrash.c 1.1.1.1.2.1 src/contrib/bzip2/words0 1.1.1.1.2.1 src/contrib/bzip2/words1 1.1.1.1.2.1 src/contrib/bzip2/words2 1.1.1.1.2.1 src/contrib/bzip2/words3 1.1.1.1.2.2 RELENG_4_5 src/sys/conf/newvers.sh 1.44.2.20.2.2 src/contrib/bzip2/CHANGES 1.1.1.1.2.1.4.1 src/contrib/bzip2/FREEBSD-upgrade 1.1.4.1 src/contrib/bzip2/LICENSE 1.1.1.1.2.1.4.1 src/contrib/bzip2/Makefile 1.1.1.1.2.1.4.1 src/contrib/bzip2/Makefile-libbz2_so 1.1.1.1.2.1.4.1 src/contrib/bzip2/README 1.1.1.1.2.1.4.1 src/contrib/bzip2/README.COMPILATION.PROBLEMS 1.1.1.1.2.1.4.1 src/contrib/bzip2/Y2K_INFO 1.1.1.1.2.1 src/contrib/bzip2/blocksort.c 1.1.1.1.2.1.4.1 src/contrib/bzip2/bzip2.1 1.1.1.1.2.1.4.1 src/contrib/bzip2/bzip2.c 1.1.1.1.2.1.4.1 src/contrib/bzip2/bzip2recover.c 1.1.1.1.2.1.4.1 src/contrib/bzip2/bzlib.c 1.1.1.1.2.1.4.1 src/contrib/bzip2/bzlib.h 1.1.1.1.2.1.4.1 src/contrib/bzip2/bzlib_private.h 1.1.1.1.2.1.4.1 src/contrib/bzip2/compress.c 1.1.1.1.2.1.4.1 src/contrib/bzip2/crctable.c 1.1.1.1.2.1.4.1 src/contrib/bzip2/decompress.c 1.1.1.1.2.1.4.1 src/contrib/bzip2/dlltest.c 1.1.1.1.2.1.4.1 src/contrib/bzip2/huffman.c 1.1.1.1.2.1.4.1 src/contrib/bzip2/libbz2.def 1.1.1.1.2.1 src/contrib/bzip2/makefile.msc 1.1.1.1.2.1.4.1 src/contrib/bzip2/manual.texi 1.1.1.1.2.1.4.1 src/contrib/bzip2/randtable.c 1.1.1.1.2.1.4.1 src/contrib/bzip2/sample1.bz2.uu 1.1.1.1.2.1.4.1 src/contrib/bzip2/sample1.ref.gz.uu 1.1.1.1.2.1.4.1 src/contrib/bzip2/sample2.bz2.uu 1.1.1.1.2.1.4.1 src/contrib/bzip2/sample2.ref.gz.uu 1.1.1.1.2.1 src/contrib/bzip2/sample3.bz2.uu 1.1.1.1.2.1.4.1 src/contrib/bzip2/sample3.ref.gz.uu 1.1.1.1.2.1 src/contrib/bzip2/spewG.c 1.1.1.1.2.1 src/contrib/bzip2/unzcrash.c 1.1.1.1.2.1 src/contrib/bzip2/words0 1.1.1.1.2.1 src/contrib/bzip2/words1 1.1.1.1.2.1 src/contrib/bzip2/words2 1.1.1.1.2.1 src/contrib/bzip2/words3 1.1.1.1.2.1.4.1 RELENG_4_4 src/sys/conf/newvers.sh 1.44.2.17.2.7 src/contrib/bzip2/CHANGES 1.1.1.1.2.1.2.1 src/contrib/bzip2/FREEBSD-upgrade 1.1.6.1 src/contrib/bzip2/LICENSE 1.1.1.1.2.1.2.1 src/contrib/bzip2/Makefile 1.1.1.1.2.1.2.1 src/contrib/bzip2/Makefile-libbz2_so 1.1.1.1.2.1.2.1 src/contrib/bzip2/README 1.1.1.1.2.1.2.1 src/contrib/bzip2/README.COMPILATION.PROBLEMS 1.1.1.1.2.1.2.1 src/contrib/bzip2/Y2K_INFO 1.1.1.1.2.1 src/contrib/bzip2/blocksort.c 1.1.1.1.2.1.2.1 src/contrib/bzip2/bzip2.1 1.1.1.1.2.1.2.1 src/contrib/bzip2/bzip2.c 1.1.1.1.2.1.2.1 src/contrib/bzip2/bzip2recover.c 1.1.1.1.2.1.2.1 src/contrib/bzip2/bzlib.c 1.1.1.1.2.1.2.1 src/contrib/bzip2/bzlib.h 1.1.1.1.2.1.2.1 src/contrib/bzip2/bzlib_private.h 1.1.1.1.2.1.2.1 src/contrib/bzip2/compress.c 1.1.1.1.2.1.2.1 src/contrib/bzip2/crctable.c 1.1.1.1.2.1.2.1 src/contrib/bzip2/decompress.c 1.1.1.1.2.1.2.1 src/contrib/bzip2/dlltest.c 1.1.1.1.2.1.2.1 src/contrib/bzip2/huffman.c 1.1.1.1.2.1.2.1 src/contrib/bzip2/libbz2.def 1.1.1.1.2.1 src/contrib/bzip2/makefile.msc 1.1.1.1.2.1.2.1 src/contrib/bzip2/manual.texi 1.1.1.1.2.1.2.1 src/contrib/bzip2/randtable.c 1.1.1.1.2.1.2.1 src/contrib/bzip2/sample1.bz2.uu 1.1.1.1.2.1.2.1 src/contrib/bzip2/sample1.ref.gz.uu 1.1.1.1.2.1.2.1 src/contrib/bzip2/sample2.bz2.uu 1.1.1.1.2.1.2.1 src/contrib/bzip2/sample2.ref.gz.uu 1.1.1.1.2.1 src/contrib/bzip2/sample3.bz2.uu 1.1.1.1.2.1.2.1 src/contrib/bzip2/sample3.ref.gz.uu 1.1.1.1.2.1 src/contrib/bzip2/spewG.c 1.1.1.1.2.1 src/contrib/bzip2/unzcrash.c 1.1.1.1.2.1 src/contrib/bzip2/words0 1.1.1.1.2.1 src/contrib/bzip2/words1 1.1.1.1.2.1 src/contrib/bzip2/words2 1.1.1.1.2.1 src/contrib/bzip2/words3 1.1.1.1.2.1.2.1 - ------------------------------------------------------------------------- All files in src/contrib/bzip2 have identical revision numbers on their respective branches but do not contain the revision number in the source code. VII. References -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) Comment: FreeBSD: The Power To Serve iQCVAwUBPOkduVUuHi5z0oilAQHJtAP/ZoPk981NwyoAzX+BlL9EM0JAl9bYBSmp lgoSORQhK2Cu5DxqOt1J1GIu3748qrAU4+YkZ5JkucA6UgzDFd+mLcQbE57qrDCs rweqLHipm/fjQ8MXFbs5O2ZlrAPTauAiBYk60OtHEoYe5SE70By4zy8o0jzoKo8H 5dXKGYTnve0= =UUGE -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 20 10:19: 3 2002 Delivered-To: freebsd-security@freebsd.org Received: from softweyr.com (softweyr.com [65.88.244.127]) by hub.freebsd.org (Postfix) with ESMTP id E39C037B406; Mon, 20 May 2002 10:18:19 -0700 (PDT) Received: from 66-75-153-50.san.rr.com ([66.75.153.50] helo=softweyr.com) by softweyr.com with esmtp (Exim 3.35 #1) id 179qnU-000Jn3-00; Mon, 20 May 2002 11:18:13 -0600 Message-ID: <3CE93084.7C6ADAFF@softweyr.com> Date: Mon, 20 May 2002 10:21:08 -0700 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.78 [en] (X11; U; Linux 2.4.2 i386) X-Accept-Language: en MIME-Version: 1.0 To: Maxim Sobolev Cc: dsyphers@uchicago.edu, developers@FreeBSD.ORG, security@FreeBSD.ORG, nectar@FreeBSD.ORG Subject: Re: Is 4.3 security branch officially "out of commission"? References: <3CE8C3E2.EBF4EC8F@FreeBSD.org> <200205201008.g4KA8uKl000787@midway.uchicago.edu> <3CE8D057.BEA07F0@FreeBSD.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Maxim Sobolev wrote: > > David Syphers wrote: > > > > On Monday 20 May 2002 04:37 am, Maxim Sobolev wrote: > > > Folks, > > > > > > I was notified by the members of the local FreeBSD community (we have > > > a very strong presence of FreeBSD in ISP circles here) that seemingly > > > 4.3 security branch isn't supported anymore, even though there was no > > > official announcement about decommissioning. > > > > See http://www.freebsd.org/security/index.html. I quote > > --- > > At this time, security advisories are being released for: > > > > FreeBSD 4.4-RELEASE > > FreeBSD 4.5-RELEASE > > FreeBSD 4.5-STABLE > > > > Older releases are not maintained and users are strongly encouraged to > > upgrade to one of the supported releases mentioned above. > > --- > > > > As Kris Kennaway mentioned on May 8 (security@ archives...), the official > > lifetimes of the security branches are not long, although the security team > > may choose to extend support longer as a courtesy, presumably if they have > > the manpower and interest. > > I see. > > What is the official procedure when somebody not from the security > team want to maintain older releases? For example, as I said there is > significant push from the local community to merge recent security > fixes into older releases, so that it is likely that they could > provide to me with tested patches for older releases they are > interested in. May I merge them into 4.3 security branch without my > commit bit being suspended for inappropriate MFCs into security > branch? Once you've obtained the permission of the security officer, you may commit any change to a _RELEASE tag. There is an historical precedent here, the last time we took 2+ years to get the next major release out the door. Security fixes and such were maintained in the 2.2.x branch for quite some time while 3.0 was being worked on and after it was released but not deemed stable enough for production work by a large number of users. This time we actually have a CVS mechanism in place to help. ;^) Maxim, if this is important enough to you to become a 4.3 maintenance coordinator or some other such fancy title, perhaps you should propose that to the Security Officer. In the meantime, I think he will be quite interested to see proposed patches and MFC/MFS's. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 20 10:26:43 2002 Delivered-To: freebsd-security@freebsd.org Received: from sdns.kv.ukrtel.net (sdns.kv.ukrtel.net [195.5.27.246]) by hub.freebsd.org (Postfix) with ESMTP id 1E53E37B6F4 for ; Mon, 20 May 2002 10:25:03 -0700 (PDT) Received: from vega.vega.com (195.5.51.243 [195.5.51.243]) by sdns.kv.ukrtel.net with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21) id J9KHZZCN; Mon, 20 May 2002 20:26:53 +0300 Received: from FreeBSD.org (big_brother.vega.com [192.168.1.1]) by vega.vega.com (8.11.6/8.11.3) with ESMTP id g4KHOwc03847; Mon, 20 May 2002 20:24:58 +0300 (EEST) (envelope-from sobomax@FreeBSD.org) Message-ID: <3CE93172.F9E3954A@FreeBSD.org> Date: Mon, 20 May 2002 20:25:06 +0300 From: Maxim Sobolev Organization: Vega International Capital X-Mailer: Mozilla 4.79 [en] (Windows NT 5.0; U) X-Accept-Language: en,uk,ru MIME-Version: 1.0 To: hawkeyd@visi.com Cc: freebsd-security@freebsd.org Subject: Re: Is 4.3 security branch officially "out of commission"? References: <200205201008.g4KA8uKl000787_midway.uchicago.edu@ns.sol.net> <3CE8D057.BEA07F0_FreeBSD.org@ns.sol.net> <200205201510.g4KFAes00586@sheol.localdomain> Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org D J Hawkey Jr wrote: > > In article <3CE8D057.BEA07F0_FreeBSD.org@ns.sol.net>, > sobomax@FreeBSD.ORG writes: > > David Syphers wrote: > >> > >> On Monday 20 May 2002 04:37 am, Maxim Sobolev wrote: > >> > Folks, > >> > > >> > I was notified by the members of the local FreeBSD community (we have > >> > a very strong presence of FreeBSD in ISP circles here) that seemingly > >> > 4.3 security branch isn't supported anymore, even though there was no > >> > official announcement about decommissioning. > >> > >> See http://www.freebsd.org/security/index.html. I quote > >> --- > >> At this time, security advisories are being released for: > >> > >> FreeBSD 4.4-RELEASE > >> FreeBSD 4.5-RELEASE > >> FreeBSD 4.5-STABLE > >> > >> Older releases are not maintained and users are strongly encouraged to > >> upgrade to one of the supported releases mentioned above. > >> --- > >> > >> As Kris Kennaway mentioned on May 8 (security@ archives...), the official > >> lifetimes of the security branches are not long, although the security team > >> may choose to extend support longer as a courtesy, presumably if they have > >> the manpower and interest. > > > > I see. > > > > What is the official procedure when somebody not from the security > > team want to maintain older releases? For example, as I said there is > > significant push from the local community to merge recent security > > fixes into older releases, so that it is likely that they could > > provide to me with tested patches for older releases they are > > interested in. May I merge them into 4.3 security branch without my > > commit bit being suspended for inappropriate MFCs into security > > branch? > > > > -Maxim > > Quite apart from what Jacques an Kris lay down as the Official Party > Line(tm), you might want to look at > > http://www.visi.com/~hawkeyd/freebsd-backports.html > > It's my own small effort to provide what you - and I - are looking for. Nice, thank you for the pointer. While I like the idea, but I think that implementation is somewhat suboptimal for you and for all who might use this service, as over the time number of patches will grow and interdependencies between those patches will become more and more complex. In my vision the better way would be to set-up cvs repositiry and cvsup service on top it, then import FreeBSD releases onto vendor branches, set up branches with exactly the same names as FreeBSD's original oned (i.e. RELENG_4_1_0, RELENG_4_2_0 etc) and apply your backported patches to those brahches. Then, someone with the existing already unsupported FreeBSD source tree could point his cvsup to your server and get *all* backported fixes for his particular version. Of course there should be list of such fixes, prefferable in the cvs itself, so that people could verify which fixes did they get. If you are interested, I'm ready to help you with setting this up. Thanks! -Maxim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 20 11: 6:33 2002 Delivered-To: freebsd-security@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id C098C37B445 for ; Mon, 20 May 2002 11:04:42 -0700 (PDT) Received: (from peter@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g4KI4g144958 for security@freebsd.org; Mon, 20 May 2002 11:04:42 -0700 (PDT) (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 20 May 2002 11:04:42 -0700 (PDT) Message-Id: <200205201804.g4KI4g144958@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: security@FreeBSD.org Subject: Current problem reports assigned to you Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Current FreeBSD problem reports No matches to your query To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 20 11:57:37 2002 Delivered-To: freebsd-security@freebsd.org Received: from sccrmhc03.attbi.com (sccrmhc03.attbi.com [204.127.202.63]) by hub.freebsd.org (Postfix) with ESMTP id ECD8437B406; Mon, 20 May 2002 11:57:20 -0700 (PDT) Received: from blossom.cjclark.org ([12.234.91.48]) by sccrmhc03.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020520185720.LMVG19355.sccrmhc03.attbi.com@blossom.cjclark.org>; Mon, 20 May 2002 18:57:20 +0000 Received: (from cjc@localhost) by blossom.cjclark.org (8.11.6/8.11.6) id g4KIvFQ02050; Mon, 20 May 2002 11:57:15 -0700 (PDT) (envelope-from crist.clark@attbi.com) X-Authentication-Warning: blossom.cjclark.org: cjc set sender to crist.clark@attbi.com using -f Date: Mon, 20 May 2002 11:57:15 -0700 From: "Crist J. Clark" To: Wes Peters Cc: Maxim Sobolev , dsyphers@uchicago.edu, developers@FreeBSD.ORG, security@FreeBSD.ORG, nectar@FreeBSD.ORG Subject: Re: Is 4.3 security branch officially "out of commission"? Message-ID: <20020520115715.E1468@blossom.cjclark.org> Reply-To: "Crist J. Clark" References: <3CE8C3E2.EBF4EC8F@FreeBSD.org> <200205201008.g4KA8uKl000787@midway.uchicago.edu> <3CE8D057.BEA07F0@FreeBSD.org> <3CE93084.7C6ADAFF@softweyr.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3CE93084.7C6ADAFF@softweyr.com>; from wes@softweyr.com on Mon, May 20, 2002 at 10:21:08AM -0700 X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Mon, May 20, 2002 at 10:21:08AM -0700, Wes Peters wrote: > Maxim Sobolev wrote: [snip] > > What is the official procedure when somebody not from the security > > team want to maintain older releases? For example, as I said there is > > significant push from the local community to merge recent security > > fixes into older releases, so that it is likely that they could > > provide to me with tested patches for older releases they are > > interested in. May I merge them into 4.3 security branch without my > > commit bit being suspended for inappropriate MFCs into security > > branch? > > Once you've obtained the permission of the security officer, you may > commit any change to a _RELEASE tag. ITYM, "you may commit any change to a RELENG_4_? branch." A *_RELEASE tag should never ever, ever be touched. But to repeat, you just need an, Approved by: security-officer@ On any commits to a RELENG_?_? branch. (Not to confuse things, but re@ can also approve non-security changes that are deemed critical bug-fixes to these branches.) -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 20 13:50:14 2002 Delivered-To: freebsd-security@freebsd.org Received: from bran.mc.mpls.visi.com (bran.mc.mpls.visi.com [208.42.156.103]) by hub.freebsd.org (Postfix) with ESMTP id E6E2C37B403; Mon, 20 May 2002 13:50:05 -0700 (PDT) Received: from sheol.localdomain (hawkeyd-fw.dsl.visi.com [208.42.101.193]) by bran.mc.mpls.visi.com (Postfix) with ESMTP id D5EEB4A58; Mon, 20 May 2002 15:50:04 -0500 (CDT) Received: (from hawkeyd@localhost) by sheol.localdomain (8.11.6/8.11.6) id g4KKo0a63470; Mon, 20 May 2002 15:50:00 -0500 (CDT) (envelope-from hawkeyd) Date: Mon, 20 May 2002 15:50:00 -0500 From: D J Hawkey Jr To: Maxim Sobolev Cc: freebsd-security@FreeBSD.org Subject: Re: Is 4.3 security branch officially "out of commission"? Message-ID: <20020520155000.A63427@sheol.localdomain> Reply-To: hawkeyd@visi.com References: <200205201008.g4KA8uKl000787_midway.uchicago.edu@ns.sol.net> <3CE8D057.BEA07F0_FreeBSD.org@ns.sol.net> <200205201510.g4KFAes00586@sheol.localdomain> <3CE93172.F9E3954A@FreeBSD.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <3CE93172.F9E3954A@FreeBSD.org>; from sobomax@FreeBSD.org on Mon, May 20, 2002 at 08:25:06PM +0300 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On May 20, at 08:25 PM, Maxim Sobolev wrote: > > D J Hawkey Jr wrote: > > > > > What is the official procedure when somebody not from the security > > > team want to maintain older releases? For example, as I said there is > > > significant push from the local community to merge recent security > > > fixes into older releases, so that it is likely that they could > > > provide to me with tested patches for older releases they are > > > interested in. May I merge them into 4.3 security branch without my > > > commit bit being suspended for inappropriate MFCs into security > > > branch? > > > > > > -Maxim > > > > Quite apart from what Jacques an Kris lay down as the Official Party > > Line(tm), you might want to look at > > > > http://www.visi.com/~hawkeyd/freebsd-backports.html > > > > It's my own small effort to provide what you - and I - are looking for. > > Nice, thank you for the pointer. While I like the idea, but I think > that implementation is somewhat suboptimal for you and for all who > might use this service, as over the time number of patches will grow > and interdependencies between those patches will become more and more > complex. Agreed. To a small degree, it already has. > In my vision the better way would be to set-up cvs repositiry and > cvsup service on top it, then import FreeBSD releases onto vendor > branches, set up branches with exactly the same names as FreeBSD's > original oned (i.e. RELENG_4_1_0, RELENG_4_2_0 etc) and apply your > backported patches to those brahches. Then, someone with the existing > already unsupported FreeBSD source tree could point his cvsup to your > server and get *all* backported fixes for his particular version. Of > course there should be list of such fixes, prefferable in the cvs > itself, so that people could verify which fixes did they get. This would be a better solution, indeed. But, from my own narrow point- of-view, - This widens the scope of what I'm already providing. That is, my stuff confines itself to the kernel. As the introduction states, it's geared to those who cannot or will not build their world. I chose that rather narrow focus because: - I have neither the DASD, the bandwidth, nor the time, to pull this off as it should be done, though I do have a desire to so. - Real Life(tm) is more demanding than Virtual Life(tm) right now. > If you are interested, I'm ready to help you with setting this up. May be another season or so... > Thanks! > -Maxim Dave -- ______________________ ______________________ \__________________ \ D. J. HAWKEY JR. / __________________/ \________________/\ hawkeyd@visi.com /\________________/ http://www.visi.com/~hawkeyd/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Mon May 20 18:12:27 2002 Delivered-To: freebsd-security@freebsd.org Received: from softweyr.com (softweyr.com [65.88.244.127]) by hub.freebsd.org (Postfix) with ESMTP id A8FDE37B408; Mon, 20 May 2002 18:12:19 -0700 (PDT) Received: from nextgig-9.customer.nethere.net ([209.132.102.169] helo=softweyr.com) by softweyr.com with esmtp (Exim 3.35 #1) id 179yCI-000K8M-00; Mon, 20 May 2002 19:12:18 -0600 Message-ID: <3CE99EEC.49EF91E2@softweyr.com> Date: Mon, 20 May 2002 18:12:12 -0700 From: Wes Peters Organization: Softweyr LLC X-Mailer: Mozilla 4.78 [en] (X11; U; Linux 2.4.2 i386) X-Accept-Language: en MIME-Version: 1.0 To: "Crist J. Clark" Cc: Maxim Sobolev , dsyphers@uchicago.edu, developers@FreeBSD.ORG, security@FreeBSD.ORG, nectar@FreeBSD.ORG Subject: Re: Is 4.3 security branch officially "out of commission"? References: <3CE8C3E2.EBF4EC8F@FreeBSD.org> <200205201008.g4KA8uKl000787@midway.uchicago.edu> <3CE8D057.BEA07F0@FreeBSD.org> <3CE93084.7C6ADAFF@softweyr.com> <20020520115715.E1468@blossom.cjclark.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org "Crist J. Clark" wrote: > > On Mon, May 20, 2002 at 10:21:08AM -0700, Wes Peters wrote: > > Maxim Sobolev wrote: > > [snip] > > > > What is the official procedure when somebody not from the security > > > team want to maintain older releases? For example, as I said there is > > > significant push from the local community to merge recent security > > > fixes into older releases, so that it is likely that they could > > > provide to me with tested patches for older releases they are > > > interested in. May I merge them into 4.3 security branch without my > > > commit bit being suspended for inappropriate MFCs into security > > > branch? > > > > Once you've obtained the permission of the security officer, you may > > commit any change to a _RELEASE tag. > > ITYM, "you may commit any change to a RELENG_4_? branch." A *_RELEASE > tag should never ever, ever be touched. Yes, that is EXACTLY what I mean. Thanks for catching this, Crist. > But to repeat, you just need an, > > Approved by: security-officer@ > > On any commits to a RELENG_?_? branch. (Not to confuse things, but re@ > can also approve non-security changes that are deemed critical > bug-fixes to these branches.) I suspect anything that has a local or remote exploit, or that removes a crash, will be OK'd as well. We're all in agreement this is a good idea that just needs some manpower. I'm certain we'll also agree that Maxim stepping up to handle RELENG_4_3 is a Very Good Thing. -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue May 21 8:15:32 2002 Delivered-To: freebsd-security@freebsd.org Received: from smtp.msc.com (smtp.msc.com [12.96.21.5]) by hub.freebsd.org (Postfix) with ESMTP id AD51337B419 for ; Tue, 21 May 2002 08:15:25 -0700 (PDT) Received: from pcjfn.msc.com (pcjfn.msc.com [192.246.38.111]) by smtp.msc.com (8.12.3/8.12.3) with ESMTP id g4LFFNXR076278 for ; Tue, 21 May 2002 10:15:23 -0500 (CDT) (envelope-from jfn@pcjfn.msc.com) Received: from localhost (jfn@localhost) by pcjfn.msc.com (8.9.3/8.9.3) with ESMTP id KAA27732 for ; Tue, 21 May 2002 10:15:18 -0500 (CDT) Date: Tue, 21 May 2002 10:15:18 -0500 (CDT) From: "J.F. Noonan" To: Subject: ipfw report munger? Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Scanned-By: MIMEDefang 2.8 (www dot roaringpenguin dot com slash mimedefang) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I've recently switched from ipfilter to ipfw on fbsd and was wondering if anyone had any code for slapping ipfw logs into summary form. thanks, -- Joseph F. Noonan Rigaku/MSC Inc. jfn@msc.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Tue May 21 15:43: 4 2002 Delivered-To: freebsd-security@freebsd.org Received: from empty1.ekahuna.com (empty1.ekahuna.com [198.144.200.196]) by hub.freebsd.org (Postfix) with ESMTP id A82C637B405 for ; Tue, 21 May 2002 15:42:57 -0700 (PDT) Received: from pc-02 (pc02.ekahuna.com [198.144.200.197]) by empty1.ekahuna.com (Post.Office MTA v3.5.3 release 223 ID# 0-0U10L2S100V35) with ESMTP id com for ; Tue, 21 May 2002 15:42:57 -0700 From: "Philip J. Koenig" Organization: The Electric Kahuna Organization To: security@FreeBSD.ORG Date: Tue, 21 May 2002 15:42:56 -0700 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:25.bzip2 Reply-To: pjklist@ekahuna.com In-reply-to: <200205201608.g4KG8Ee23981@freefall.freebsd.org> X-mailer: Pegasus Mail for Win32 (v3.12c) Message-ID: <20020521224257147.AAA419@empty1.ekahuna.com@pc02.ekahuna.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Regarding security advisory FreeBSD-SA-02:25: > Topic: bzip2 contains multiple security vulnerabilities > > 1) Upgrade your vulnerable system to 4.5-STABLE or the RELENG_4_4 or > RELENG_4_5 security branch dated after the respective correction dates. [...] > VI. Correction details > > The following list contains the revision numbers of each file that was > corrected in FreeBSD. > > [Base system] > > Branch > Path Revision > - ------------------------------------------------------------------------- > RELENG_4 > src/contrib/bzip2/CHANGES 1.1.1.1.2.2 > src/contrib/bzip2/FREEBSD-upgrade 1.1.2.1 > src/contrib/bzip2/LICENSE 1.1.1.1.2.2 > src/contrib/bzip2/Makefile 1.1.1.1.2.2 > src/contrib/bzip2/Makefile-libbz2_so 1.1.1.1.2.2 > src/contrib/bzip2/README 1.1.1.1.2.2 > src/contrib/bzip2/README.COMPILATION.PROBLEMS 1.1.1.1.2.2 > src/contrib/bzip2/Y2K_INFO 1.1.1.1.2.1 > src/contrib/bzip2/blocksort.c 1.1.1.1.2.2 > src/contrib/bzip2/bzip2.1 1.1.1.1.2.2 > src/contrib/bzip2/bzip2.c 1.1.1.1.2.2 > src/contrib/bzip2/bzip2recover.c 1.1.1.1.2.2 > src/contrib/bzip2/bzlib.c 1.1.1.1.2.2 > src/contrib/bzip2/bzlib.h 1.1.1.1.2.2 > src/contrib/bzip2/bzlib_private.h 1.1.1.1.2.2 > src/contrib/bzip2/compress.c 1.1.1.1.2.2 > src/contrib/bzip2/crctable.c 1.1.1.1.2.2 > src/contrib/bzip2/decompress.c 1.1.1.1.2.2 > src/contrib/bzip2/dlltest.c 1.1.1.1.2.2 > src/contrib/bzip2/huffman.c 1.1.1.1.2.2 > src/contrib/bzip2/libbz2.def 1.1.1.1.2.1 > src/contrib/bzip2/makefile.msc 1.1.1.1.2.2 > src/contrib/bzip2/manual.texi 1.1.1.1.2.2 > src/contrib/bzip2/randtable.c 1.1.1.1.2.2 > src/contrib/bzip2/sample1.bz2.uu 1.1.1.1.2.2 > src/contrib/bzip2/sample1.ref.gz.uu 1.1.1.1.2.2 > src/contrib/bzip2/sample2.bz2.uu 1.1.1.1.2.2 > src/contrib/bzip2/sample2.ref.gz.uu 1.1.1.1.2.1 > src/contrib/bzip2/sample3.bz2.uu 1.1.1.1.2.2 > src/contrib/bzip2/sample3.ref.gz.uu 1.1.1.1.2.1 > src/contrib/bzip2/spewG.c 1.1.1.1.2.1 > src/contrib/bzip2/unzcrash.c 1.1.1.1.2.1 > src/contrib/bzip2/words0 1.1.1.1.2.1 > src/contrib/bzip2/words1 1.1.1.1.2.1 > src/contrib/bzip2/words2 1.1.1.1.2.1 > src/contrib/bzip2/words3 1.1.1.1.2.2 [...] > All files in src/contrib/bzip2 have identical revision numbers on > their respective branches but do not contain the revision number in > the source code. I just updated the system on 5/20 but wanted to verify that it has the right bzip version. Unfortunately (as noted above) the source doesn't contain any version numbers. Also, the newest file date under src/contrib/bzip2 is 2/18/2002. Is this correct? Thx, Phil -- Philip J. Koenig pjklist@ekahuna.com Electric Kahuna Systems -- Computers & Communications for the New Millenium To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 22 1:36:54 2002 Delivered-To: freebsd-security@freebsd.org Received: from cnvbrlx01.net.cnv.at (ws166.cnv.at [212.51.224.166]) by hub.freebsd.org (Postfix) with ESMTP id 601AB37B40A for ; Wed, 22 May 2002 01:36:18 -0700 (PDT) Received: from cnvbrlx01.net.cnv.at (localhost [127.0.0.1]) by cnvbrlx01.net.cnv.at (8.12.1/8.12.1) with ESMTP id g4M8UaJZ014574; Wed, 22 May 2002 10:30:36 +0200 Received: from slashtom.slash10.com (fritz.intra.vtg.at [10.254.0.234]) by cnvbrlx01.net.cnv.at (8.12.1/8.12.1) with ESMTP id g4M8UZVo014569; Wed, 22 May 2002 10:30:36 +0200 Message-Id: <5.1.0.14.0.20020522104354.00b02fa8@alpha.slash10.net> X-Sender: tf@alpha.slash10.net X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Wed, 22 May 2002 10:51:41 +0200 To: freebsd-security@freeBSD.ORG From: Thomas Fritz Subject: Racoon not synchronizing keys? (was: none) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi again! Forgot the subject the first time... I already got an answer to my question, which stated, that I should use manual keys instead. But that's not an option for me. Is there really no other solution? Thanks /tom >Hi there! > >On the URL http://www.onlamp.com/pub/a/bsd/2001/12/10/ipsec.html I found >this warning below: > >One other word of warning -- if you reboot one of the hosts, and suddenly >have connectivity problems, flush the keys on both machines by running >setkey -F. It's possible for the keys to get out of sync. > > >Is there any way to overcome this problem without flushing the keys by hand? > > >Thanks in advance > >/tom To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 22 3:40:48 2002 Delivered-To: freebsd-security@freebsd.org Received: from scorpio.axelspringer.com.pl (scorpio.axelspringer.com.pl [195.205.251.68]) by hub.freebsd.org (Postfix) with SMTP id 30D5437B411 for ; Wed, 22 May 2002 03:40:43 -0700 (PDT) Received: (qmail 7519 invoked by uid 504); 22 May 2002 10:40:38 -0000 Received: from poncki.int.axelspringer.com.pl (HELO sluuuuurp) (192.168.0.230) by 0 with SMTP; 22 May 2002 10:40:37 -0000 Date: Wed, 22 May 2002 12:40:37 +0200 From: Tomasz Pi³at X-Mailer: The Bat! (v1.60k) Personal Reply-To: Tomasz Pi³at Organization: AXEL SPRINGER POLSKA Sp. z o.o. X-Priority: 3 (Normal) Message-ID: <74711162.20020522124037@redakcja.pl> To: security@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:25.bzip2 In-Reply-To: <20020521224257147.AAA419@empty1.ekahuna.com@pc02.ekahuna.com> References: <20020521224257147.AAA419@empty1.ekahuna.com@pc02.ekahuna.com> MIME-Version: 1.0 Content-Type: text/plain; charset=Windows-1250 Content-Transfer-Encoding: 8bit X-Virus-Scanned: This message was scanned with antivirus software. X-Is-Local: Yes Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Philip, Wednesday, May 22, 2002, 12:42:56 AM, you wrote: PJK> Regarding security advisory FreeBSD-SA-02:25: PJK> I just updated the system on 5/20 but wanted to verify that it has PJK> the right bzip version. Unfortunately (as noted above) the source PJK> doesn't contain any version numbers. Also, the newest file date PJK> under src/contrib/bzip2 is 2/18/2002. Is this correct? Affects: FreeBSD 4.4-RELEASE, FreeBSD 4.5-RELEASE, FreeBSD 4.5-STABLE prior to the correction date. bzip2 port prior to bzip2-1.0.2 Corrected: 2002-02-18 09:12:53 UTC (4.5-STABLE, RELENG_4) ^^^^^^^^^^ 2002-02-22 13:21:22 UTC (bzip2 port) HTH, Ponc -- Tomasz "Poncki" Pi³at poncki(a)redakcja.pl To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 22 5:20:42 2002 Delivered-To: freebsd-security@freebsd.org Received: from gw.nectar.cc (gw.nectar.cc [208.42.49.153]) by hub.freebsd.org (Postfix) with ESMTP id BBB1737B400 for ; Wed, 22 May 2002 05:20:34 -0700 (PDT) Received: from madman.nectar.cc (madman.nectar.cc [10.0.1.111]) by gw.nectar.cc (Postfix) with ESMTP id 44E904A; Wed, 22 May 2002 07:20:34 -0500 (CDT) Received: from madman.nectar.cc (localhost [IPv6:::1]) by madman.nectar.cc (8.12.3/8.11.6) with ESMTP id g4MCKYNX071591; Wed, 22 May 2002 07:20:34 -0500 (CDT) (envelope-from nectar@madman.nectar.cc) Received: (from nectar@localhost) by madman.nectar.cc (8.12.3/8.12.3/Submit) id g4MCKXRR071590; Wed, 22 May 2002 07:20:33 -0500 (CDT) Date: Wed, 22 May 2002 07:20:33 -0500 From: "Jacques A. Vidrine" To: "Philip J. Koenig" Cc: security@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:25.bzip2 Message-ID: <20020522122033.GE71381@madman.nectar.cc> References: <200205201608.g4KG8Ee23981@freefall.freebsd.org> <20020521224257147.AAA419@empty1.ekahuna.com@pc02.ekahuna.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020521224257147.AAA419@empty1.ekahuna.com@pc02.ekahuna.com> User-Agent: Mutt/1.3.99i X-Url: http://www.nectar.cc/ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, May 21, 2002 at 03:42:56PM -0700, Philip J. Koenig wrote: > I just updated the system on 5/20 but wanted to verify that it has > the right bzip version. bzip2 --version You want version 1.0.2. Hmm, the version was only mentioned in passing in the advisory -- sorry! -- Jacques A. Vidrine http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 22 5:46:22 2002 Delivered-To: freebsd-security@freebsd.org Received: from mx1.dev.itouchnet.net (devco.net [196.15.188.2]) by hub.freebsd.org (Postfix) with ESMTP id 3D9DD37B40B for ; Wed, 22 May 2002 05:46:10 -0700 (PDT) Received: from nobody by mx1.dev.itouchnet.net with scanned_ok (Exim 3.33 #2) id 17AVZl-000C1O-00 for freebsd-security@freebsd.org; Wed, 22 May 2002 14:50:45 +0200 Received: from shell.devco.net ([196.15.188.7]) by mx1.dev.itouchnet.net with esmtp (Exim 3.33 #2) id 17AVZk-000C19-00; Wed, 22 May 2002 14:50:44 +0200 Received: from bvi by shell.devco.net with local (Exim 3.33 #4) id 17AVVM-000NwW-00; Wed, 22 May 2002 14:46:12 +0200 Date: Wed, 22 May 2002 14:46:12 +0200 From: Barry Irwin To: Thomas Fritz Cc: freebsd-security@freeBSD.ORG Subject: Re: Racoon not synchronizing keys? (was: none) Message-ID: <20020522144612.N89347@itouchlabs.com> References: <5.1.0.14.0.20020522104354.00b02fa8@alpha.slash10.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <5.1.0.14.0.20020522104354.00b02fa8@alpha.slash10.net>; from tf@slash10.com on Wed, May 22, 2002 at 10:51:41AM +0200 X-Checked: This message has been scanned for any virusses and unauthorized attachments. X-iScan-ID: 46210-1022071845-29960@mx1.dev.itouchnet.net version $Name: REL_2_0_2 $ Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org The short, but not quite so perfect answer, is to adjust the lifeimes in your racoon.conf. There are two lifetimes, the IKE lifetime which can be kept short ( like 60 seconds) as this is only used for covering the negotiation of keys for the IPSEC SA's. The IPSEC SA is the second lifetime, the suggestions are that this should be kept fairly short, as each time the keys are changed, it reduces the window of opportunity that an intruder has to view your data. However, by keeping thse short as well, you would have to wait on average n/2 time units for the IPSEC SA to expire, and to be re-negotaited. One thing I have seen is the explicit KEY_EXPIRE message in the racoon debug logs. Would be nice to know how to send these explicity :-) Okay, not as helpful as I intended, but worth voicing anyway. Barry On Wed 2002-05-22 (10:51), Thomas Fritz wrote: > Hi again! > > Forgot the subject the first time... > > I already got an answer to my question, which stated, > that I should use manual keys instead. > > But that's not an option for me. > > Is there really no other solution? > > Thanks > /tom > > > >Hi there! > > > >On the URL http://www.onlamp.com/pub/a/bsd/2001/12/10/ipsec.html I found > >this warning below: > > > >One other word of warning -- if you reboot one of the hosts, and suddenly > >have connectivity problems, flush the keys on both machines by running > >setkey -F. It's possible for the keys to get out of sync. > > > > > >Is there any way to overcome this problem without flushing the keys by hand? > > > > > >Thanks in advance > > > >/tom > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > > -- Barry Irwin bvi@itouchlabs.com +27214875177 Systems Administrator: Networks And Security Itouch Labs http://www.itouchlabs.com South Africa To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 22 12:30:38 2002 Delivered-To: freebsd-security@freebsd.org Received: from r4k.net (r4k.net [212.26.197.210]) by hub.freebsd.org (Postfix) with ESMTP id E47E237B413 for ; Wed, 22 May 2002 12:30:33 -0700 (PDT) Received: from shell.r4k.net (localhost [127.0.0.1]) by r4k.net (Postfix) with ESMTP id 232BB22EFF for ; Wed, 22 May 2002 21:30:33 +0200 (CEST) Received: (from _@localhost) by shell.r4k.net (8.12.2/8.12.2/Submit) id g4MJUXVN087627 for freebsd-security@freebsd.org; Wed, 22 May 2002 21:30:33 +0200 (CEST) Date: Wed, 22 May 2002 21:30:33 +0200 From: Stephanie Wehner <_@r4k.net> To: freebsd-security@freebsd.org Subject: getgpid & getsid work from within a jail Message-ID: <20020522193033.GG78314@r4k.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.25i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, [this was mailed to security-officer@ already and I submitted a pr with a patch, but this is not really a serious problem and I have some questions, which you might answer] Just accidently stumbled across two (minor) problem with the freebsd jail when looking at kern_prot.c. I verified this by setting up a small jail. The system I was using is 4.6-RC cvsupd yesterday evening. It is possible to obtain the process group id and the session id of processes running outside the current jail. This is due to the fact that getsid and getgpid in sys/kern/kern_prot.c do not check if the pid that is found is within the current jail. I've submitted a test program and a patch via send-pr. Please note that this fix returns ESRCH when the process is not found and not EPERM. This is related to another problem: It is possible to verify the existance of a certain process id outside the current jail by various means. I personally see this as a minor problem, although I'm not sure if you feel this is a problem. There are some inconsistencies in the code, which either deny the existance of the process (like ps) or return permission denied instead of not found: root@testjail:~ # kill 67 bash: kill: (67) - Operation not permitted root@testjail:~ # kill 68 bash: kill: (68) - No such process root@testjail:~ # ktrace -p 67 ktrace: ktrace.out: Operation not permitted root@testjail:~ # ktrace -p 68 ktrace: ktrace.out: No such process ...I did not provide a patch for this as I wasn't sure how you want to handle this problem. Also I have been wondering why the prison check is not done within pfind (see kern_proc.c) itself ? I suppose there must be a reason for it ? btw, I've been asking myself this as well with the ps_showallprocs flag. bye, Stephanie --<> _@r4k.net <>------------------<> FreeBSD <>------------------- #3 - Anime Law of Sonic Amplification, First Law of Anime Acoustics In space, loud sounds, like explosions, are even louder because there is no air to get in the way. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 22 12:43:15 2002 Delivered-To: freebsd-security@freebsd.org Received: from r4k.net (r4k.net [212.26.197.210]) by hub.freebsd.org (Postfix) with ESMTP id E969837B412 for ; Wed, 22 May 2002 12:43:10 -0700 (PDT) Received: from shell.r4k.net (localhost [127.0.0.1]) by r4k.net (Postfix) with ESMTP id 7140522EFE for ; Wed, 22 May 2002 21:43:04 +0200 (CEST) Received: (from _@localhost) by shell.r4k.net (8.12.2/8.12.2/Submit) id g4MJh4gK087850 for freebsd-security@freebsd.org; Wed, 22 May 2002 21:43:04 +0200 (CEST) Date: Wed, 22 May 2002 21:43:04 +0200 From: Stephanie Wehner <_@r4k.net> To: freebsd-security@freebsd.org Subject: file flags in /modules Message-ID: <20020522194304.GA70619@r4k.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.25i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, Actually this reminded me of something else :) (wanted to post this earlier but since I only just got a fbsd test box again I kind of forgot) Is there any particular reason why the immutable flag is turned on for /kernel, but not for any loadable modules ? root@beyond:/modules # ls -lo /kernel -r-xr-xr-x 1 root wheel schg 4124312 May 22 11:02 /kernel root@beyond:/modules # ls -lo linux.ko -r-xr-xr-x 1 root wheel - 98290 May 22 11:02 linux.ko I usually turn this on, as it seems to me protecting /modules/* is as important, but it appears that this is turned off by default. thx, bye, Stephanie --<> _@r4k.net <>------------------<> FreeBSD <>------------------- #3 - Anime Law of Sonic Amplification, First Law of Anime Acoustics In space, loud sounds, like explosions, are even louder because there is no air to get in the way. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 22 13:10: 4 2002 Delivered-To: freebsd-security@freebsd.org Received: from energyhq.homeip.net (213-97-200-73.uc.nombres.ttd.es [213.97.200.73]) by hub.freebsd.org (Postfix) with ESMTP id 118FB37B40A for ; Wed, 22 May 2002 13:09:58 -0700 (PDT) Received: from energyhq.homeip.net (213-97-200-73.uc.nombres.ttd.es [213.97.200.73]) by energyhq.homeip.net (Postfix) with ESMTP id 9292C3FCA9; Wed, 22 May 2002 22:09:58 +0200 (CEST) Received: (from flynn@localhost) by energyhq.homeip.net (8.12.3/8.12.3/Submit) id g4MK9vKh039547; Wed, 22 May 2002 22:09:57 +0200 (CEST) Date: Wed, 22 May 2002 22:09:57 +0200 From: Miguel Mendez To: Stephanie Wehner <_@r4k.net> Cc: freebsd-security@freebsd.org Subject: Re: file flags in /modules Message-ID: <20020522220957.B38022@energyhq.homeip.net> Mail-Followup-To: Stephanie Wehner <_@r4k.net>, freebsd-security@freebsd.org References: <20020522194304.GA70619@r4k.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="QRj9sO5tAVLaXnSD" Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020522194304.GA70619@r4k.net>; from _@r4k.net on Wed, May 22, 2002 at 09:43:04PM +0200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --QRj9sO5tAVLaXnSD Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, May 22, 2002 at 09:43:04PM +0200, Stephanie Wehner wrote: Hi, > Is there any particular reason why the immutable flag is turned on for=20 > /kernel, but not for any loadable modules ?=20 FWIW, this is what it looks like for 5.0-DP1 flynn@kajsa# pwd /boot/kernel flynn@kajsa# ls -lo kernel linux.ko=20 -r-xr-xr-x 1 root wheel - 3046892 May 15 19:48 kernel -r-xr-xr-x 1 root wheel - 98535 May 15 19:48 linux.ko But I agree that it might be better if the install process chflagged kernel and modules by default. It's a trivial patch, anyway. Cheers, --=20 Miguel Mendez - flynn@energyhq.homeip.net GPG Public Key :: http://energyhq.homeip.net/files/pubkey.txt EnergyHQ :: http://www.energyhq.tk FreeBSD - The power to serve! --QRj9sO5tAVLaXnSD Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE86/sVnLctrNyFFPERAq5gAKCUVoyqohoKYXrTpH/dkUbZO/RmHACgipFt GxtR3L6jq417jltXCWPyxlE= =nEE4 -----END PGP SIGNATURE----- --QRj9sO5tAVLaXnSD-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 22 15:43:50 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.deltanet.com (mail.deltanet.com [216.237.144.132]) by hub.freebsd.org (Postfix) with ESMTP id 95B4437B405 for ; Wed, 22 May 2002 15:43:45 -0700 (PDT) Received: from mammoth.eat.frenchfries.net (da001d0308.lax-ca.osd.concentric.net [64.0.145.53]) by mail.deltanet.com (8.11.6/8.11.6) with ESMTP id g4MMMYO23152 for ; Wed, 22 May 2002 15:22:35 -0700 Received: by mammoth.eat.frenchfries.net (Postfix, from userid 1000) id 6DDF952A6; Wed, 22 May 2002 15:41:53 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mammoth.eat.frenchfries.net (Postfix) with ESMTP id 6B46A529A; Wed, 22 May 2002 15:41:53 -0700 (PDT) Date: Wed, 22 May 2002 15:41:53 -0700 (PDT) From: Paul Herman X-X-Sender: pherman@mammoth.eat.frenchfries.net To: Stephanie Wehner <_@r4k.net> Cc: freebsd-security@FreeBSD.ORG Subject: Re: file flags in /modules In-Reply-To: <20020522194304.GA70619@r4k.net> Message-ID: <20020522151939.I51256-100000@mammoth.eat.frenchfries.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, 22 May 2002, Stephanie Wehner wrote: > Is there any particular reason why the immutable flag is turned > on for /kernel, but not for any loadable modules ? Facetious answer: Yes. To make you think more about security. :-) Informative answer: What good would it do? Assuming securelevel > 0, the kernel won't let you kldload(2) modules anyway. You could rightly argue that someone could overwrite a particular module and then reboot the machine in order to have it loaded, but then /modules wouldn't be your only worry. You'd have to protect many files, including but not limited to: /modules /etc/rc /etc/rc.* /usr/local/etc/rc.d/* /boot/* /bin, /sbin, /usr/lib, and so on... Which renders systems less usable than most people would like. You don't want to go down that road. securelevel is a nice comprimise for most people, but it has its limitations. If this is important to you, you might look into mandatory access control systems used in trusted systems, like TrustedBSD. -Paul. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 22 16:43:19 2002 Delivered-To: freebsd-security@freebsd.org Received: from r4k.net (r4k.net [212.26.197.210]) by hub.freebsd.org (Postfix) with ESMTP id 9DEC937B401 for ; Wed, 22 May 2002 16:43:15 -0700 (PDT) Received: from shell.r4k.net (localhost [127.0.0.1]) by r4k.net (Postfix) with ESMTP id 3C7AB22EFA; Thu, 23 May 2002 01:43:09 +0200 (CEST) Received: (from _@localhost) by shell.r4k.net (8.12.2/8.12.2/Submit) id g4MNh8Aq091077; Thu, 23 May 2002 01:43:08 +0200 (CEST) Date: Thu, 23 May 2002 01:43:08 +0200 From: Stephanie Wehner <_@r4k.net> To: Paul Herman Cc: freebsd-security@FreeBSD.ORG Subject: Re: file flags in /modules Message-ID: <20020522234308.GA88468@r4k.net> References: <20020522194304.GA70619@r4k.net> <20020522151939.I51256-100000@mammoth.eat.frenchfries.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020522151939.I51256-100000@mammoth.eat.frenchfries.net> User-Agent: Mutt/1.3.25i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > On Wed, 22 May 2002, Stephanie Wehner wrote: > > > Is there any particular reason why the immutable flag is turned > > on for /kernel, but not for any loadable modules ? > > You could rightly argue that someone could overwrite a particular > module and then reboot the machine in order to have it loaded, but > then /modules wouldn't be your only worry. You'd have to protect > many files, including but not limited to: sure. but it's not the same to replace a userland program then to load your own kernel code (which as you pointed out is indeed not possible if the security level has been raised) and which is what would happen if I overwrote a kernel module and rebooted your box. I just found it a bit half hearted that this flag was set by default for /kernel, but not for /modules/*. Perhaps giving someone who is less familar with this the wrong impression. (eg using this secure, even more secure, whatever setting I've seen in sysinstall lately) That's all. :) bye, Stephanie --<> _@r4k.net <>------------------<> FreeBSD <>------------------- #3 - Anime Law of Sonic Amplification, First Law of Anime Acoustics In space, loud sounds, like explosions, are even louder because there is no air to get in the way. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 22 17:15:54 2002 Delivered-To: freebsd-security@freebsd.org Received: from spork.pantherdragon.org (spork.pantherdragon.org [206.29.168.146]) by hub.freebsd.org (Postfix) with ESMTP id 456EE37B422 for ; Wed, 22 May 2002 17:15:44 -0700 (PDT) Received: from spark.techno.pagans (spark.techno.pagans [4.61.202.145]) by spork.pantherdragon.org (Postfix) with ESMTP id 6BD4F471DA; Wed, 22 May 2002 17:15:42 -0700 (PDT) Received: from pantherdragon.org (speck.techno.pagans [172.21.42.2]) by spark.techno.pagans (Postfix) with ESMTP id 3991126C17; Wed, 22 May 2002 17:15:40 -0700 (PDT) Message-ID: <3CEC34AC.4F2EEEB5@pantherdragon.org> Date: Wed, 22 May 2002 17:15:40 -0700 From: Darren Pilgrim X-Mailer: Mozilla 4.76 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Stephanie Wehner <_@r4k.net> Cc: freebsd-security@freebsd.org Subject: Re: file flags in /modules References: <20020522194304.GA70619@r4k.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Stephanie Wehner wrote: > Is there any particular reason why the immutable flag is turned on for > /kernel, but not for any loadable modules ? To make it harder to accidentally overwrite the kernel. There's no real security gain. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Wed May 22 22:30: 8 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.npubs.com (npubs.com [207.111.208.224]) by hub.freebsd.org (Postfix) with ESMTP id 2967537B403 for ; Wed, 22 May 2002 22:30:02 -0700 (PDT) Received: 8.12.2-(Neptune) From: "Nielsen" To: Subject: 'jailer' for managing jails MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-Id: <20020523053002.2967537B403@hub.freebsd.org> Date: Wed, 22 May 2002 22:30:02 -0700 (PDT) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Since the discussion here often revolves around jails, here's something I put together for managing jails. Comments welcome. http://memberwebs.com/nielsen/freebsd/jailer/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 23 3:16:16 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.cscoms.com (mail.cscoms.com [202.183.255.23]) by hub.freebsd.org (Postfix) with ESMTP id 2E23B37B41B for ; Thu, 23 May 2002 03:14:38 -0700 (PDT) Received: from mail.cscoms.com (dial-301.ras-2.bkk.c.cscoms.com [203.170.146.175]) by mail.cscoms.com (8.11.1/8.11.1) with SMTP id g4NAEZJ26662 for ; Thu, 23 May 2002 17:14:36 +0700 (GMT) Message-Id: <1022149137.300@cscoms.com> Date: Thu, 23 May 2002 17:18:57 0700 To: FreeBSD-security@FreeBSD.org From: "richy" Subject: §Ò¹ Part Time ÊÃéÒ§ÃÒÂä´é´Õ ãªéà·¤â¹âÅÂշӧҹ᷹¤Ø³ MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org §Ò¹ Part Time ãªéà·¤â¹âÅÂշӧҹ᷹¤Ø³ äÁè¡ÃзºµèͪÕÇÔµ»ÃШÓÇѹ¢Í§¤Ø³ äÁèÇèҤس¨Ðà»ç¹ã¤Ã ¤Ø³µéͧ¡ÒçҹÍÂèÒ§¹ÕéËÃ×Íà»ÅèÒ ?? - âÍ¡ÒÊ·Õè¨Ðà»ç¹à¨éҢͧ¡Ô¨¡ÒÃẺ§èÒ æ - ÁÕ¸ØáԨ¢Í§µ¹àͧº¹ Internet ( E-Commerce ) - à»Ô´´Óà¹Ô¹§Ò¹µÅÍ´ 24 ªÑèÇâÁ§µèÍÇѹ 7ÇѹµèÍÊÑ»´ÒËì 365Çѹã¹Ë¹Ö觻ÕäÁèÁÕÇѹËÂØ´ - à§Ô¹Å§·Ø¹µèÓ ÃÒÂä´éÊÙ§ Part Time 15,000 ºÒ·¢Öé¹ä»µèÍà´×͹ / Full Time 45,000 ºÒ·¢Öé¹ä» - äÁèµéͧ¨éÒ§¾¹Ñ¡§Ò¹¢Ò äÁèµéͧ»Ç´ËÑÇàÃ×èͧ¢Ö鹤èÒáç ¡ÒùѴËÂØ´§Ò¹ áÅÐäÁèµéͧ¨èÒÂÊÇÑÊ´Ô¡Òà - ãªéà·¤â¹âÅÂշӧҹ᷹¤Ø³ äÁè¡ÃзºµèÍ¡ÒôÓà¹Ô¹ªÕÇÔµ»ÃШÓÇѹ¢Í§¤Ø³ à¾Õ§á¤èÇѹÅÐ 2-3 ªÑèÇâÁ§ - ·Ó§Ò¹¨Ò¡·Õèä˹¡çä´é áµèÊÒÁÒöÁÕ¸ØáԨä´é·ÑèÇâÅ¡ - äÁèµéͧ¡Ñ¡µØ¹ÊÔ¹¤éÒ äÁèàÊÕ觵èͷع¨Á - ÁÕÃкº¨Ñ´Êè§ÊÔ¹¤éÒ ·Ñé§ã¹áÅеèÒ§»ÃÐà·È - äÁèãªè¡Òà Knock Door ¢ÒÂÊÔ¹¤éÒ áµèÅÙ¡¤éÒ¨ÐÇÔè§à¢éÒÁÒËҤس ÏÅÏ ¶éҤسÍÂÒ¡ÁÕ¡Ô¨¡ÒâͧµÑÇàͧáÅÐÂѧÊÒÁÒöãªéàÇÅÒÊèǹãË­è¡ÑºÊÔ觷Õè¤Ø³ªÍº ¤Ø³·Óä´éá¹è¹Í¹ ¾ºàÃÒä´é·Õè¹Õè http://www.thaiworkathome.com/win â·Ã 0-2277-7850 µèÍ 57 ==¤Ø³ÍÒ¨ã¹ä´é¾ºã¹ÊÔ觷Õè¤Ø³ËÒÁҹҹ㹪ÕÇÔµ¡Ò÷ӧҹ== ¢ÍÍÀÑÂËÒ¡¤Ø³äÁèµéͧ¡ÒÃáµèä´éÃѺ mail ¹Õé ËÒ¡äÁèµéͧ¡ÒÃÃѺ¢èÒÇÊÒèҡàÃÒÍÕ¡ ¡ÃØ³Ò CLICK ä»·Õè http://www.thaiworkathome.com/unsubscribe.asp ¡ÃÍ¡ email-address ¢Í§·èÒ¹ áÅÐ submit To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 23 5:12:28 2002 Delivered-To: freebsd-security@freebsd.org Received: from saigon.cpd.ufsm.br (saigon.cpd.ufsm.br [200.18.32.130]) by hub.freebsd.org (Postfix) with ESMTP id A249B37B40B for ; Thu, 23 May 2002 05:12:15 -0700 (PDT) Received: from marcio by saigon.cpd.ufsm.br with local (Exim 3.16 #7) id 17ArRZ-0005Vu-00; Thu, 23 May 2002 09:11:45 -0300 Date: Thu, 23 May 2002 09:11:45 -0300 (GRNLNDST) From: Marcio d'Avila Scheibler To: Nielsen Cc: freebsd-security@FreeBSD.ORG Subject: Re: 'jailer' for managing jails In-Reply-To: <20020523053002.2967537B403@hub.freebsd.org> Message-ID: X-Mailer: Pine 4.05 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I've read your manpage and found it interesting. Some time ago I wrote some scripts to help jail configuration and management, but I think for start and stop your solution seems to be cleaner. For those scripts I have an text file called "jailtab", where each line defines one jail, with following fields: - jail hostname - jail root dir - jail ip address - jail default started command ("/bin/sh /etc/rc", but from now "/usr/local/sbin/jailer" :-) ) This file prevents you from needing to enter all those parameters whe using the scripts. By the way, scripts are the following: - jail-start [command] # starts the jail - jail-stop # needs HOST (not jail) /proc - jail-procfs Date: Wed, 22 May 2002 22:30:02 -0700 (PDT) > From: Nielsen > To: freebsd-security@FreeBSD.ORG > Subject: 'jailer' for managing jails > > Since the discussion here often revolves around jails, here's something I > put together for managing jails. Comments welcome. > > http://memberwebs.com/nielsen/freebsd/jailer/ > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > > ------------------------------------------------------------------------------ Marcio d'Avila Scheibler - Divisao de Suporte (marcio@cpd.ufsm.br) Centro de Processamento de Dados - Campus Universitario - CEP 97105-900 Universidade Federal de Santa Maria - RS - Brasil ============================================================================= To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 23 11:37:59 2002 Delivered-To: freebsd-security@freebsd.org Received: from foster.2gaap.net (foster.2gaap.net [63.89.76.5]) by hub.freebsd.org (Postfix) with ESMTP id 4136F37B400; Thu, 23 May 2002 11:37:40 -0700 (PDT) Received: from aaadist.com ([24.206.16.96]) by foster.2gaap.net (8.11.6/8.11.2) with ESMTP id g4NIaCS10341; Thu, 23 May 2002 14:36:12 -0400 Message-ID: <4147-220025423183611576@aaadist.com> To: "Address Spider" From: "Jeff Martin" Subject: Vellums,Bonds, Mylars, & Inks for Design Professionals Date: Thu, 23 May 2002 14:36:11 -0400 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_84815C5ABAF209EF376268C8" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ------=_NextPart_84815C5ABAF209EF376268C8 Content-type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable AAA Distributors, Inc=2E 1-800-426-9967 Fax:1-301-698-0146 Vellums, Bonds, Mylars & Inks for=20 CADD/Design Professionals =20 PROMOTION Till May 31, 2002 NEW CUSTOMERS ONLY------1st ORDER ONLY We accept Visa, Master Card, American Express and Discover HP Designjet Plotter 24=94 Roll = 30=94 Roll 36=94 Roll * 18 # Translucent Bond 150=92 length-4 rolls/ctn Reg=2E 12=2E69 = Reg=2E 15=2E86 Reg=2E 19=2E03 = NOW 9=2E07 NOW 11=2E34 NOW 13=2E60 =20 * * 4 mil Double Matte Mylar 125=92 length 1= Roll/ctn Reg=2E 111=2E38 Reg=2E139=2E09 Reg=2E 166=2E95 = NOW 77=2E03 NOW 96=2E2= 8 NOW 115=2E54 *Minimum order: 2 ctn of 18 # translucent bond ** Minimum order: 2 rolls of 4 mil double matte Mylar CALL FOR OUR HP BRAND INKJET CARTRIDGE PRICER - 1800-426-9967 Diazo Blueprint Paper Size # of Sheets Pac= ks/Ctn Cost 18=94 x 24=94 = 250 sheets/pack 4 packs/ctn $ 31=2E12 24=94 x 36=94 = 250 sheets/pack 2 packs/ctn 58=2E08 30=94 x 42=94 = 250 sheets/pack 1 pack/ctn 84=2E55 CARTON LOTS ONLY=2E SPECIFY DESIRED SPEED WHEN ORDERING 20 # Bond for Engineering Copiers like OCE, Xerox, & other Large Document = Copiers/Plotters Siz= e Rolls/ctn Cost 24=94 = x 500=92 2/ctn NOW $20=2E00 Reg=2E $24=2E32 30=94 = x 500=92 2/ctn NOW 26=2E00 Reg=2E 31=2E27 36=94 = x 500=92 2/ctn NOW 30=2E00 Reg=2E 36=2E47 Carton lots only=2E Minimum order 2 cartons=2E CALL FOR OUR TONER & CUT SHEET PRICERS If you would like to be removed from our database simply click here then h= it send=2E =20 ------=_NextPart_84815C5ABAF209EF376268C8 Content-Type: text/html; charset=US-ASCII Content-Transfer-Encoding: quoted-printable AAA Distributors

AAA Distributors, Inc=2E  1-800-426-9967=20 Fax:1-301-698-0146

Vellums, Bonds, Mylars & Inks f= or

CADD/Design=20 Professionals

 

PROMOTION Till May 31, 2002

NEW CUSTOMERS ONLY------1st=20 ORDER ONLY

We accept Visa, Master Card, Americ= an Express=20 and Discover

HP Designjet Plotter &= nbsp;           &nb= sp;            = ;            &= nbsp;   24=94 Roll        30=94 Roll<= /b>         36=94 Roll

* = 18 # Translucent Bond 150=92= length-4=20 rolls/ctn          Reg=2E 12=2E69&= nbsp;    Reg=2E 15=2E86      Reg=2E= 19=2E03

            &n= bsp;           &nbs= p;            =             &n= bsp;           &nbs= p;            =             &n= bsp;       =20 NOW 9=2E07     NOW 11=2E34  NOW  13=2E60=

&n= bsp;

            &n= bsp;           &nbs= p;      * * 4 mil Double Matte Mylar= 125=92 length 1=20 Roll/ctn    Reg=2E 111=2E38   Reg=2E139=2E09 &nbs= p;   Reg=2E 166=2E95

            &n= bsp;           &nbs= p;            =             &n= bsp;           &nbs= p;            =             &n= bsp;            &nb= sp;            = ;              = ; NOW 77=2E03 NOW 96=2E28   NOW 115=2E54

*Minimum order: 2 ctn of 18 #  translucent bond

** Minimum order:  2 rolls of  4 mil double matte Mylar

CALL FOR OUR HP BRAND INKJET CARTRIDGE PRICER - 1800-426-9967

Diazo Blueprint Paper  &n= bsp;    Size             &n= bsp; # of Sheets         = ;    Packs/Ctn       &nb= sp; Cost

            = ;            &= nbsp;           &nb= sp;            = ;        =20 18=94 x 24=94       250 sheets/pack = ;    4 packs/ctn        = $ 31=2E12

            = ;            &= nbsp;           &nb= sp;            = ;        =20 24=94 x 36=94       250 sheets/pack = ;    2 packs/ctn       &= nbsp;   58=2E08

            = ;            &= nbsp;           &nb= sp;            = ;        =20 30=94 x 42=94       250 sheets/pack = ;    1 pack/ctn       &n= bsp;     84=2E55

CARTON LOTS ONLY=2E SPECIFY DESIRED SPEED WHEN ORDERING

20 # Bond for Engineering Copiers like OCE, X= erox, &=20 other Large Document Copiers/Plotters

         &nb= sp;            = ;            &= nbsp;           &nb= sp;            = ;             Size          &nb= sp;      Rolls/ctn      =             &n= bsp;  Cost

            = ;            &= nbsp;           &nb= sp;            = ;            &= nbsp;     =20 24=94 x 500=92           =   2/ctn   =20         NOW $20=2E00 Reg=2E $24=2E= 32

            = ;            &= nbsp;           &nb= sp;            = ;            &= nbsp;     =20 30=94 x 500=92         &n= bsp;   2/ctn        &nbs= p;   NOW   26=2E00 Reg=2E  =20 31=2E27

            = ;            &= nbsp;           &nb= sp;            = ;            &= nbsp;     =20 36=94 x 500=92         &n= bsp;   2/ctn        = ;    NOW   30=2E00 Reg=2E   36=2E= 47

Carton lots only=2E  Minimum o= rder 2 cartons=2E

CALL FOR OUR TONER & CUT SHEET PRI= CERS

If you would like to be removed from our database simply click here then h= it=20 send=2E

 

------=_NextPart_84815C5ABAF209EF376268C8-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Thu May 23 15:29:43 2002 Delivered-To: freebsd-security@freebsd.org Received: from mail.npubs.com (npubs.com [207.111.208.224]) by hub.freebsd.org (Postfix) with ESMTP id 332BF37B404 for ; Thu, 23 May 2002 15:29:38 -0700 (PDT) Received: 8.12.2-(Neptune) From: "Nielsen" To: "Marcio d'Avila Scheibler" Cc: References: Subject: Re: 'jailer' for managing jails MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-Id: <20020523222938.332BF37B404@hub.freebsd.org> Date: Thu, 23 May 2002 15:29:38 -0700 (PDT) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Yes, I have scripts too. And ".conf" files for the jails. We've also extended it to encompass more than jails. So we end up with "units" that we can move to various machines. Those support stop, start, restart, firewall, mounting various directories from the host, listing all processes in a jail (from the host), listing all jails running etc... I'll post those soon to my site. I thought that would be more of a topic for an "ISP" list. Cheers Nate ----- Original Message ----- From: "Marcio d'Avila Scheibler" To: "Nielsen" Cc: Sent: Thursday, May 23, 2002 6:12 Subject: Re: 'jailer' for managing jails > > I've read your manpage and found it interesting. > Some time ago I wrote some scripts to help jail configuration > and management, but I think for start and stop your > solution seems to be cleaner. > > For those scripts I have an text file called "jailtab", where > each line defines one jail, with following fields: > > - jail hostname > - jail root dir > - jail ip address > - jail default started command ("/bin/sh /etc/rc", but from > now "/usr/local/sbin/jailer" :-) ) > > This file prevents you from needing to enter all those parameters > whe using the scripts. > > By the way, scripts are the following: > > - jail-start [command] # starts the jail > - jail-stop # needs HOST (not jail) /proc > - jail-procfs > - jail-install > Performs "make install" from host /usr/src as is told in > jail manpage > > - jail-config > Performs some config steps as is told in jail manpage (timezone, > root password, etc...) and also copies a list of files > defined in a "filelist" config file. > > Let me now if you have interest in add and improve this > modest contrib, I send you a tarball with scripts and sample > "jailtab" file. In this case feel free to change jail-start > and jail-stop to handle "jailer"... > > > On Wed, 22 May 2002, Nielsen wrote: > > > Date: Wed, 22 May 2002 22:30:02 -0700 (PDT) > > From: Nielsen > > To: freebsd-security@FreeBSD.ORG > > Subject: 'jailer' for managing jails > > > > Since the discussion here often revolves around jails, here's something I > > put together for managing jails. Comments welcome. > > > > http://memberwebs.com/nielsen/freebsd/jailer/ > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > > > -------------------------------------------------------------------------- ---- > Marcio d'Avila Scheibler - Divisao de Suporte (marcio@cpd.ufsm.br) > Centro de Processamento de Dados - Campus Universitario - CEP 97105-900 > Universidade Federal de Santa Maria - RS - Brasil > ============================================================================ = > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 24 9:17:54 2002 Delivered-To: freebsd-security@freebsd.org Received: from one.czart.pl (server1.czart.pl [62.233.144.1]) by hub.freebsd.org (Postfix) with ESMTP id A778937B404 for ; Fri, 24 May 2002 09:17:51 -0700 (PDT) Received: by one.czart.pl (Postfix, from userid 1000) id 27AF9138BA; Fri, 24 May 2002 19:27:54 +0200 (CEST) Date: Fri, 24 May 2002 19:27:54 +0200 From: Krzysztof Zaremba To: freebsd-security@freebsd.org Subject: subscribe Message-ID: <20020524192754.A93358@ONE.czart.pl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org . -- +-------------------+------------------------+ | Krzysztof Zaremba | e-mail: zark@k.pl | | ISP KorbanK | | +-------------------+------------------------+ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 24 12:15: 7 2002 Delivered-To: freebsd-security@freebsd.org Received: from gte.net (airserver1.airpartsupply.com [194.72.134.170]) by hub.freebsd.org (Postfix) with SMTP id C199037B406; Fri, 24 May 2002 12:13:00 -0700 (PDT) Reply-To: Message-ID: <026c13c16b1d$3745a8e4$5ab42ad7@pmrlnp> From: To: Cc: , , , , , , , , , Subject: Make $100,000 a Month on eBay! Date: Fri, 24 May 0102 08:55:19 +1000 MiME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 Importance: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hello! Do you sell on Ebay? If so, you could be making up to $100,000 per month? This is no hype and no scam. Recieving over 1.5 billion page views per month, Ebay is the ULTIMATE venue for selling virtually anything and making huge profits with almost no effort. But you have to know what to sell and how to sell. That's where I come in. As a leading expert in internet marketing and the owner of several profitable auction-based businesses, the manual that I have written provides easy to understand and detailed instructions for maximizing your profits with selling strategies that are PROVEN WINNERS. If you've read any other books on Ebay, you know that all of them are designed for the computer idiot and the auction novice. They tell you how to register, how to list an item, how to avoid fraud, etc. This is not the information you need to make millions on Ebay. You need to learn effective SELLING STRATEGIES not read a photocopy of Ebay help files! My manual assumes that you already know your way around Ebay; you don't need any specialized computer knowledge, but you should be familiar with buying and selling on ebay auctions. I'm not going to waste your time teaching you how to register - I'm going to pass on the SECRET SELLING TECHNIQUES that I use each and every day to bring in hundreds of thousands of dollars selling my products on internet auctions. The manual comes as a complete course with the following lessons: Make a Fortune on eBay™ Make a Fortune on eBay™ is filled with page after page of vital eBay™ marketing information. This valuable eBook is terrific for the eBay™ user to get the right eBay™ information and have an instant edge over other more experienced eBay™ Sellers Advanced Selling on eBay™ Advanced Selling on eBay™ has more vital information to make their auction a success. This eBook has many topics to ensure that they get the maximum potential from their auctions. Advanced Selling on eBay™ goes into more detailed information than it's sister eBook Make a Fortune on eBay™. 16 eBay™ Forms "16 eBay™ Forms" is a must. These forms will help them track, analyze and record their auctions. It contains 16 forms with full instructions. This E-Book also contains the forms in printer friendly version, so they can print them for immediate use. Wholesale Sources Wholesale Sources is the final eBook in the eBay™ Marketing eCourse. It contains wholesale distributors from the United States, Mexico, Hong Kong, Taiwan, Asia and the Philippines. Armed with this eBook your customers will have over 10,000,000 wholesale products at their finger tips.. This manual is designed for individuals looking to form an online business for extra income or as a full-time job making hundreds of thousands of dollars on Ebay. Contained in the manual are WINNING STRATEGIES for selling on Ebay auctions. The manual is not designed for Ebay novices and does not teach the "basics" such as registering, putting an item online, buying an item, etc. This manual is designed to make Ebay users into successful and wealthy entrepreneurs! Not only will you be able to make THOUSANDS with the information in these eBooks, you will also receive FULL Resellers rights. This is not an affiliate program where you get 20 or 30%... you keep all the money generated from your eCourse sales. You can sell this eCourse as many times as you want for whatever price you choose. There is NO LIMIT on how much you can make from this incredible product! To order the eCourse click on the link below http://pheromone-labs.com/ebook.htm If above link doesn't work click here: http://www.pheromone-labs.com/ebook.htm Thank you for your time and I hope to hear from you soon! James Milton President of Phoenix Marketing 4291EbrT5-749BHfm3269edBW9-838MXwm7932waMK4-453NAzq0841wQVk5-l57 *** Thank you for being a part of another great offer from Phoenix Marketing. If you feel you don't belong on our opt-in list or would like to remove yourself please send an email to: affiliate1@btamail.net.cn and make sure to have "REMOVE" in the subject line. Thank you. 7624EmKy5-656oCsa6341LSbO2-150dCTq2028FWWg5-44l43 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Fri May 24 20:16:30 2002 Delivered-To: freebsd-security@freebsd.org Received: from papa.tanu.org (kame195.kame.net [203.178.141.195]) by hub.freebsd.org (Postfix) with ESMTP id 7708237B408 for ; Fri, 24 May 2002 20:16:27 -0700 (PDT) Received: from localhost ([3ffe:501:4819:cafe:260:1dff:fe21:f766]) by papa.tanu.org (8.11.6/8.11.6) with ESMTP id g4P3GML41844; Sat, 25 May 2002 12:16:22 +0900 (JST) (envelope-from sakane@kame.net) To: jerry_murdock@yahoo.com Cc: FreeBSD-Security@FreeBSD.ORG Subject: Re: Racoon SA Hard/Soft Lifetimes In-Reply-To: Your message of "Wed, 15 May 2002 21:02:14 -0700 (PDT)" <20020516040214.97098.qmail@web14606.mail.yahoo.com> References: <20020516040214.97098.qmail@web14606.mail.yahoo.com> X-Mailer: Cue version 0.6 (011026-1440/sakane) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Message-Id: <20020525122004P.sakane@kame.net> Date: Sat, 25 May 2002 12:20:04 +0900 From: Shoichi Sakane X-Dispatcher: imput version 20000228(IM140) Lines: 12 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > I've successfully got a 2day old -Stable build to talk IPSEC/IKE with a > Sonicwall, but things fall apart when the SAs hit the soft lifetime limit. > > A new SA is successfully negotiated with the Sonicwall when the soft lifetime > runs out, but the Sonicwall then ignores anything coming into it on the "old" > SA(which FBSD uses until the hard lifetime runs out). if your system has "net.key.preferred_oldsa" system wide value, you can configure the kernel using new SA immediately. try like the following, # sysctl -w net.key.preferred_oldsa=0 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat May 25 3:40:19 2002 Delivered-To: freebsd-security@freebsd.org Received: from www.sibinfo.ru (sibinfo.ict.nsk.su [193.124.243.29]) by hub.freebsd.org (Postfix) with ESMTP id E6E5137B406; Sat, 25 May 2002 03:29:33 -0700 (PDT) Received: from ser ([192.168.0.32]) by www.sibinfo.ru (8.9.3/8.9.3) with SMTP id UAA23647 for ; Wed, 22 May 2002 20:15:11 +0700 Message-ID: <002c01c20193$cca04130$2000a8c0@sibinfocenter.sibinfo.ru> From: "List Manager" To: Subject: =?koi8-r?B?6c7Gz9LNwcPJz87Oz8Ug0MnT2M3P?= Date: Wed, 22 May 2002 20:23:02 +0700 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0029_01C201CE.78EB4310" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_0029_01C201CE.78EB4310 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: quoted-printable =20 =20 =20 =20 =F3=E9=E2=E9=EE=E6=EF=E3=E5=EE=F4=F2 =20 =20 =F2=C1=D3=D0=C9=D3=C1=CE=C9=C5 =CB=D5=D2=D3=CF=D7 =20 =20 =EB=CF=CE=D3=D5=CC=D8=D4=C1=C3=C9=C9=20 =20 =E4=C9=DA=C1=CA=CE-=D3=D4=D5=C4=C9=D1 =20 =20 =F5=D7=C1=D6=C1=C5=CD=D9=C5 =C7=CF=D3=D0=CF=C4=C1!=20 =F3=E9=E2=E9=EE=E6=EF=E3=E5=EE=F4=F2 - = =C1=D7=D4=CF=D2=C9=DA=CF=D7=C1=CE=CE=D9=CA =D5=DE=C5=C2=CE=D9=CA = =C3=C5=CE=D4=D2 Oracle =C9 Microsoft, =D0=D2=C9=C7=CC=C1=DB=C1=C5=D4 = IT-=D3=D0=C5=C3=C9=C1=CC=C9=D3=D4=CF=D7 =D0=D2=CF=CA=D4=C9 = =CF=C2=D5=DE=C5=CE=C9=C5 =D7 =EE=CF=D7=CF=D3=C9=C2=C9=D2=D3=CB=C5 =D0=CF = =D0=D2=CF=C7=D2=C1=CD=CD=C1=CD =D0=CF=C4=C7=CF=D4=CF=D7=CB=C9 Oracle, = Microsoft, Sun Microsystems, Cisco, Rational Software.=20 =E4=C5=D7=C9=DA =F3=E9=E2=E9=EE=E6=EF=E3=E5=EE=F4=F2=C1: = "=ED=D9 =D5=DE=C9=CD =D4=CF=CD=D5, =DE=C5=CD =D3=C1=CD=C9 = =D7=CC=C1=C4=C5=C5=CD =D0=D2=CF=C6=C5=D3=D3=C9=CF=CE=C1=CC=D8=CE=CF".=20 =F3=E9=E2=E9=EE=E6=EF=E3=E5=EE=F4=F2 - =DC=D4=CF = =D5=DE=C5=C2=CE=D9=CA =C3=C5=CE=D4=D2, =D7 =CB=CF=D4=CF=D2=CF=CD = =D3=C5=D2=D4=C9=C6=C9=C3=C9=D2=CF=D7=C1=CE=CE=D9=C5 = =D4=D2=C5=CE=C5=D2=D9 =D1=D7=CC=D1=C0=D4=D3=D1 = =C4=C5=CA=D3=D4=D7=D5=C0=DD=C9=CD=C9 = =D2=C1=DA=D2=C1=C2=CF=D4=DE=C9=CB=C1=CD=C9 = =D0=D2=CF=C7=D2=C1=CD=CD=CE=CF=C7=CF =CF=C2=C5=D3=D0=C5=DE=C5=CE=C9=D1 = =C9 =CB=CF=CE=D3=D5=CC=D8=D4=C1=CE=D4=C1=CD=C9 =D2=D1=C4=C1 = =CB=D2=D5=D0=CE=C5=CA=DB=C9=C8 =D2=CF=D3=D3=C9=CA=D3=CB=C9=C8 = =CB=CF=CD=D0=C1=CE=C9=CA. =F3=CF=D4=D2=D5=C4=CE=C9=CB=C9 = =F3=E9=E2=E9=EE=E6=EF=E3=E5=EE=F4=F2=C1 =C7=CF=D4=CF=D7=D9 = =D7=D9=D0=CF=CC=CE=C9=D4=D8 =C4=CC=D1 =F7=C1=D3 =D7=C5=D3=D8 = =C3=C9=CB=CC =D2=C1=C2=CF=D4 =D0=CF =D3=CF=DA=C4=C1=CE=C9=C0 = =CB=CF=CD=D0=CC=C5=CB=D3=CE=D9=C8 =D0=D2=CF=C7=D2=C1=CD=CD=CE=D9=C8 = =D3=C9=D3=D4=C5=CD, =CF=CB=C1=DA=C1=D4=D8 =F7=C1=CD = =CB=CF=CE=D3=D5=CC=D8=D4=C1=C3=C9=CF=CE=CE=D9=C5 =D5=D3=CC=D5=C7=C9 = =D0=CF =D0=D2=C9=CF=C2=D2=C5=D4=C5=CE=C9=C0 =C9 = =CE=C1=D3=D4=D2=CF=CA=CB=C5 =D0=C1=CB=C5=D4=C1 = =D0=D2=CF=C7=D2=C1=CD=CD=CE=D9=C8 =D3=D2=C5=C4=D3=D4=D7 Oracle =C9 = Microsoft. =F0=D2=C9=C7=CC=C1=DB=C1=C5=CD =F7=C1=D3 =CE=C1 = =C1=D7=D4=CF=D2=C9=DA=CF=D7=C1=CE=CE=D9=C5 =CB=D5=D2=D3=D9 Oracle: =EE=C1=C9=CD=C5=CE=CF=D7=C1=CE=C9=C5 =CB=D5=D2=D3=C1 = =E4=C1=D4=C1=20 =F7=D7=C5=C4=C5=CE=C9=C5 =D7 Oracle: SQL =C9 PL/SQL = 3-7 =C9=C0=CE=D1 =20 =E1=C4=CD=C9=CE=C9=D3=D4=D2=C1=D4=CF=D2 Oracle8i, = =DE=C1=D3=D4=D8 1A: =E1=D2=C8=C9=D4=C5=CB=D4=D5=D2=C1 =C9 = =E1=C4=CD=C9=CE=C9=D3=D4=D2=C9=D2=CF=D7=C1=CE=C9=C5 10-14 =C9=C0=CE=D1 =20 =E1=C4=CD=C9=CE=C9=D3=D4=D2=C1=D4=CF=D2 Oracle8i, = =DE=C1=D3=D4=D8 1B: =D2=C5=DA=C5=D2=D7=CE=CF=C5 = =CB=CF=D0=C9=D2=CF=D7=C1=CE=C9=C5 =C9 = =D7=CF=D3=D3=D4=C1=CE=CF=D7=CC=C5=CE=C9=C5 15-18 =C9=C0=CE=D1=20 =E1=C4=CD=C9=CE=C9=D3=D4=D2=C1=D4=CF=D2 Oracle8i, = =DE=C1=D3=D4=D8 3: =C1=C4=CD=C9=CE=C9=D3=D4=D2=C9=D2=CF=D7=C1=CE=C9=C5 = =D3=C5=D4=C5=CA 19-20 =C9=C0=CE=D1 =20 =E1=C4=CD=C9=CE=C9=D3=D4=D2=C1=D4=CF=D2 Oracle8i, = =DE=C1=D3=D4=D8 2: = =D0=D2=CF=C9=DA=D7=CF=C4=C9=D4=C5=CC=D8=CE=CF=D3=D4=D8 =C9 = =CE=C1=D3=D4=D2=CF=CA=CB=C1 =20 Oracle 9i Application Server: = =E1=C4=CD=C9=CE=C9=D3=D4=D2=C9=D2=CF=D7=C1=CE=C9=C5 27-28 =CD=C1=D1 =20 Oracle 9i Application Server: = =F2=C1=DA=D2=C1=C2=CF=D4=CB=C1 Web-=D0=D2=C9=CC=CF=D6=C5=CE=C9=CA =D3 = =D0=CF=CD=CF=DD=D8=C0 PL/SQL 29-30 =CD=C1=D1=20 Oracle Forms Developer 6i: Build Internet Applications = I 10-14 =C9=C0=CE=D1=20 Oracle Reports Developer 6i: Build Internet Reports = 17-21 =C9=C0=CE=D1 =20 Oracle Forms Developer 6i: Build Internet Applications = II 24-26 =C9=C0=CE=D1 =20 =CE=C1 =C1=D7=D4=CF=D2=C9=DA=CF=D7=C1=CE=CE=D9=C5 = =CB=D5=D2=D3=D9 Microsoft: =EE=C1=C9=CD=C5=CE=CF=D7=C1=CE=C9=C5 =CB=D5=D2=D3=C1 = =E4=C1=D4=C1=20 Adminisreting a Microsoft SQL Server 2000 Database 3-7 = =C9=C0=CE=D1 =20 Programming a Microsoft SQL Server 2000 Database 10-14 = =C9=C0=CE=D1 =20 Implementing and Managing Microsoft Exchange 2000 = 17-21 =CD=C1=CA=20 Designing Microsoft Exchange 2000 for the Enterprise = 24-26 =CD=C1=CA=20 =CE=C1 =C1=D7=D4=CF=D2=C9=DA=CF=D7=C1=CE=CE=D9=C5 = =CB=D5=D2=D3=D9 Cisco (=D3=CF=D7=CD=C5=D3=D4=CE=CF =D3 = =F2=E5=E4=E3=E5=EE=F4=F2): =EE=C1=C9=CD=C5=CE=CF=D7=C1=CE=C9=C5 =CB=D5=D2=D3=C1 = =E4=C1=D4=C1=20 =E9=D3=D0=CF=CC=D8=DA=CF=D7=C1=CE=C9=C5 = =D3=C5=D4=C5=D7=CF=C7=CF =CF=C2=CF=D2=D5=C4=CF=D7=C1=CE=C9=D1 Cisco = 24-28 =C9=C0=CE=D1=20 =F0=CF=D3=D4=D2=CF=C5=CE=C9=C5 = =CD=C1=D3=DB=D4=C1=C2=C9=D2=D5=C5=CD=D9=C8 =D3=C5=D4=C5=CA Cisco 1-5 = =C9=C0=CC=D1 =20 =CE=C1 =C1=D7=D4=CF=D2=C9=DA=CF=D7=C1=CE=CE=D9=C5 = =CB=D5=D2=D3=D9 Sun (=D3=CF=D7=CD=C5=D3=D4=CE=CF =D3 = =F2=E5=E4=E3=E5=EE=F4=F2): =EE=C1=C9=CD=C5=CE=CF=D7=C1=CE=C9=C5 =CB=D5=D2=D3=C1 = =E4=C1=D4=C1=20 =EF=D3=CE=CF=D7=D9 =D3=C9=D3=D4=C5=CD=CE=CF=C7=CF = =C1=C4=CD=C9=CE=C9=D3=D4=D2=C9=D2=CF=D7=C1=CE=C9=D1 Solaris 8 18-21 = =C9=C0=CE=D1=20 =F3=C9=D3=D4=C5=CD=CE=CF=C5 = =C1=C4=CD=C9=CE=C9=D3=D4=D2=C9=D2=CF=D7=C1=CE=C9=C5 Solaris 8 = (=FE=C1=D3=D4=D8 I) 24-28 =C9=C0=CE=D1=20 =F3=C9=D3=D4=C5=CD=CE=CF=C5 = =C1=C4=CD=C9=CE=C9=D3=D4=D2=C9=D2=CF=D7=C1=CE=C9=C5 Solaris 8 = (=FE=C1=D3=D4=D8 II) 1-5 =C9=C0=CC=D1=20 =F3=C5=D4=C5=D7=CF=C5 = =C1=C4=CD=C9=CE=C9=D3=D4=D2=C9=D2=CF=D7=C1=CE=C9=C5 Solaris 8 TCP/IP =20 =CE=C1 =CB=D5=D2=D3=D9 Rational Software = (=D3=CF=D7=CD=C5=D3=D4=CE=CF =D3 =F5=EB=E3 =E9=CE=D4=C5=D2=C6=C5=CA=D3): = =EE=C1=C9=CD=C5=CE=CF=D7=C1=CE=C9=C5 =CB=D5=D2=D3=C1 = =E4=C1=D4=C1=20 =E7=D2=D5=D0=D0=CF=D7=C1=D1 = =D2=C1=DA=D2=C1=C2=CF=D4=CB=C1 =D3=CC=CF=D6=CE=CF=CA = =C9=CE=C6=CF=D2=CD=C1=C3=C9=CF=CE=CE=CF=CA =D3=C9=D3=D4=C5=CD=D9 =D3 = =C9=D3=D0=CF=CC=D8=DA=CF=D7=C1=CE=C9=C5=CD Rational Suite =20 = =EF=C2=DF=C5=CB=D4=CE=CF-=CF=D2=C9=C5=CE=D4=C9=D2=CF=D7=C1=CE=CE=D9=CA = =C1=CE=C1=CC=C9=DA =C9 =D0=D2=CF=C5=CB=D4=C9=D2=CF=D7=C1=CE=C9=C5 = =C9=CE=C6=CF=D2=CD=C1=C3=C9=CF=CE=CE=D9=C8 =D3=C9=D3=D4=C5=CD =D3 = =D0=CF=CD=CF=DD=D8=C0 Rational Rose 17-21 =C9=C0=CE=D1=20 =D4=C5=CC=C5=C6=CF=CE =D5=DE=C5=C2=CE=CF=C7=CF = =C3=C5=CE=D4=D2=C1: (3832) 333-629=20 =C1=C4=D2=C5=D3: =EE=CF=D7=CF=D3=C9=C2=C9=D2=D3=CB, = =EC=C1=D7=D2=C5=CE=D4=D8=C5=D7=C1, 6=20 =20 =E4=C1=CE=CE=C1=D1 =D2=C1=D3=D3=D9=CC=CB=C1 =CE=C5 = =D1=D7=CC=D1=C5=D4=D3=D1 =D3=D0=C1=CD=CF=CD.=20 =F7=C1=DB =C1=C4=D2=C5=D3 =C2=D9=CC =D0=CF=CC=D5=DE=C5=CE = =C9=DA =CF=D4=CB=D2=D9=D4=D9=C8 =C9=D3=D4=CF=DE=CE=C9=CB=CF=D7.=20 =E5=D3=CC=C9 =F7=D9 =CE=C5 =D6=C5=CC=C1=C5=D4=C5 = =D0=CF=CC=D5=DE=C1=D4=D8 =C9=CE=C6=CF=D2=CD=C1=C3=C9=C0 = =CE=C1=DB=C5=C7=CF =D3=C5=D2=D7=C5=D2=C1, =D0=C5=D2=C5=DB=CC=C9=D4=C5 = =D0=C9=D3=D8=CD=CF =D0=CF =C1=C4=D2=C5=D3=D5:unsubscribe@sibinfo.ru.=20 =E5=D3=CC=C9 =F7=C1=D3 =C9=CE=D4=C5=D2=C5=D3=D5=C0=D4 = =CE=CF=D7=CF=D3=D4=C9 =C1=D7=D4=CF=D2=C9=DA=CF=D7=C1=CE=CE=CF=C7=CF = =CF=C2=D5=DE=C5=CE=C9=D1, =C1 =D4=C1=CB =D6=C5 =D3=C1=CD=D9=C5 = =D0=C5=D2=C5=C4=CF=D7=D9=C5 =C5=D6=C5=CE=C5=C4=C5=CC=D8=CE=D9=C5 = IT-=CE=CF=D7=CF=D3=D4=C9, =F7=D9 =CD=CF=D6=C5=D4=C5 = =D0=CF=C4=D0=C9=D3=C1=D4=D8=D3=D1 =CE=C1 =CE=CF=D7=CF=D3=D4=C9 = =CB=CF=CD=D0=C1=CE=C9=C9 "=F3=C9=C2=C9=CE=C6=CF=C3=C5=CE=D4=D2" =D0=CF = =C1=C4=D2=C5=D3=D5: http://www.sibinfo.ru/ =20 =20 =20 =20 www.sibinfo.ru courses@sibinfo.ru =20 =20 ------=_NextPart_000_0029_01C201CE.78EB4310 Content-Type: text/html; charset="koi8-r" Content-Transfer-Encoding: quoted-printable


  =F3=E9=E2=E9=EE=E6=EF=E3=E5=EE=F4=F2
   
  =F2=C1=D3=D0=C9=D3=C1=CE=C9=C5=20 =CB=D5=D2=D3=CF=D7
   
  =EB=CF=CE=D3=D5=CC=D8=D4=C1=C3=C9=C9
   
  =E4=C9=DA=C1=CA=CE-=D3=D4=D5=C4=C9=D1=20


=F5=D7=C1=D6=C1=C5=CD=D9=C5 = =C7=CF=D3=D0=CF=C4=C1!

=F3=E9=E2=E9=EE=E6=EF=E3=E5=EE=F4=F2 - = =C1=D7=D4=CF=D2=C9=DA=CF=D7=C1=CE=CE=D9=CA =D5=DE=C5=C2=CE=D9=CA = =C3=C5=CE=D4=D2=20 Oracle =C9 Microsoft, =D0=D2=C9=C7=CC=C1=DB=C1=C5=D4 = IT-=D3=D0=C5=C3=C9=C1=CC=C9=D3=D4=CF=D7 =D0=D2=CF=CA=D4=C9 = =CF=C2=D5=DE=C5=CE=C9=C5 =D7=20 =EE=CF=D7=CF=D3=C9=C2=C9=D2=D3=CB=C5 =D0=CF = =D0=D2=CF=C7=D2=C1=CD=CD=C1=CD =D0=CF=C4=C7=CF=D4=CF=D7=CB=C9 Oracle, = Microsoft, Sun=20 Microsystems, Cisco, Rational Software.

=E4=C5=D7=C9=DA=20 =F3=E9=E2=E9=EE=E6=EF=E3=E5=EE=F4=F2=C1: = "=ED=D9 =D5=DE=C9=CD =D4=CF=CD=D5, =DE=C5=CD =D3=C1=CD=C9 = =D7=CC=C1=C4=C5=C5=CD=20 =D0=D2=CF=C6=C5=D3=D3=C9=CF=CE=C1=CC=D8=CE=CF".
=F3=E9=E2=E9=EE=E6=EF=E3=E5=EE=F4=F2 - = =DC=D4=CF =D5=DE=C5=C2=CE=D9=CA =C3=C5=CE=D4=D2, =D7 = =CB=CF=D4=CF=D2=CF=CD=20 =D3=C5=D2=D4=C9=C6=C9=C3=C9=D2=CF=D7=C1=CE=CE=D9=C5 = =D4=D2=C5=CE=C5=D2=D9 =D1=D7=CC=D1=C0=D4=D3=D1 = =C4=C5=CA=D3=D4=D7=D5=C0=DD=C9=CD=C9 = =D2=C1=DA=D2=C1=C2=CF=D4=DE=C9=CB=C1=CD=C9=20 =D0=D2=CF=C7=D2=C1=CD=CD=CE=CF=C7=CF = =CF=C2=C5=D3=D0=C5=DE=C5=CE=C9=D1 =C9 = =CB=CF=CE=D3=D5=CC=D8=D4=C1=CE=D4=C1=CD=C9 =D2=D1=C4=C1 = =CB=D2=D5=D0=CE=C5=CA=DB=C9=C8 =D2=CF=D3=D3=C9=CA=D3=CB=C9=C8=20 =CB=CF=CD=D0=C1=CE=C9=CA.

=F3=CF=D4=D2=D5=C4=CE=C9=CB=C9 =F3=E9=E2=E9=EE=E6=EF=E3=E5=EE=F4=F2=C1 = =C7=CF=D4=CF=D7=D9 =D7=D9=D0=CF=CC=CE=C9=D4=D8 =C4=CC=D1 =F7=C1=D3 = =D7=C5=D3=D8=20 =C3=C9=CB=CC =D2=C1=C2=CF=D4 =D0=CF =D3=CF=DA=C4=C1=CE=C9=C0 = =CB=CF=CD=D0=CC=C5=CB=D3=CE=D9=C8 =D0=D2=CF=C7=D2=C1=CD=CD=CE=D9=C8 = =D3=C9=D3=D4=C5=CD, =CF=CB=C1=DA=C1=D4=D8 =F7=C1=CD=20 =CB=CF=CE=D3=D5=CC=D8=D4=C1=C3=C9=CF=CE=CE=D9=C5 = =D5=D3=CC=D5=C7=C9 =D0=CF =D0=D2=C9=CF=C2=D2=C5=D4=C5=CE=C9=C0 =C9 = =CE=C1=D3=D4=D2=CF=CA=CB=C5 =D0=C1=CB=C5=D4=C1=20 =D0=D2=CF=C7=D2=C1=CD=CD=CE=D9=C8 =D3=D2=C5=C4=D3=D4=D7 = Oracle =C9 Microsoft.

=F0=D2=C9=C7=CC=C1=DB=C1=C5=CD =F7=C1=D3 =CE=C1 = =C1=D7=D4=CF=D2=C9=DA=CF=D7=C1=CE=CE=D9=C5 =CB=D5=D2=D3=D9=20 Oracle:

=EE=C1=C9=CD=C5=CE=CF=D7=C1=CE=C9=C5 = =CB=D5=D2=D3=C1 =E4=C1=D4=C1
=F7=D7=C5=C4=C5=CE=C9=C5 =D7=20 Oracle: SQL =C9 PL/SQL 3-7 =C9=C0=CE=D1=20
=E1=C4=CD=C9=CE=C9=D3=D4=D2=C1=D4=CF=D2 = Oracle8i, =DE=C1=D3=D4=D8 1A: =E1=D2=C8=C9=D4=C5=CB=D4=D5=D2=C1 =C9=20 = =E1=C4=CD=C9=CE=C9=D3=D4=D2=C9=D2=CF=D7=C1=CE=C9=C5 10-14 =C9=C0=CE=D1=20
=E1=C4=CD=C9=CE=C9=D3=D4=D2=C1=D4=CF=D2 = Oracle8i, =DE=C1=D3=D4=D8 1B: =D2=C5=DA=C5=D2=D7=CE=CF=C5 = =CB=CF=D0=C9=D2=CF=D7=C1=CE=C9=C5=20 =C9 =D7=CF=D3=D3=D4=C1=CE=CF=D7=CC=C5=CE=C9=C5 = 15-18=20 =C9=C0=CE=D1
=E1=C4=CD=C9=CE=C9=D3=D4=D2=C1=D4=CF=D2 = Oracle8i, =DE=C1=D3=D4=D8 3: = =C1=C4=CD=C9=CE=C9=D3=D4=D2=C9=D2=CF=D7=C1=CE=C9=C5=20 =D3=C5=D4=C5=CA 19-20 =C9=C0=CE=D1=20
=E1=C4=CD=C9=CE=C9=D3=D4=D2=C1=D4=CF=D2 = Oracle8i, =DE=C1=D3=D4=D8 2: = =D0=D2=CF=C9=DA=D7=CF=C4=C9=D4=C5=CC=D8=CE=CF=D3=D4=D8 =C9=20 =CE=C1=D3=D4=D2=CF=CA=CB=C1  
Oracle 9i=20 Application Server: = =E1=C4=CD=C9=CE=C9=D3=D4=D2=C9=D2=CF=D7=C1=CE=C9=C5

27-28 =CD=C1=D1

Oracle 9i=20 Application Server: =F2=C1=DA=D2=C1=C2=CF=D4=CB=C1 = Web-=D0=D2=C9=CC=CF=D6=C5=CE=C9=CA =D3 =D0=CF=CD=CF=DD=D8=C0=20 PL/SQL 29-30=20 =CD=C1=D1
Oracle=20 Forms Developer 6i: Build Internet Applications I = 10-14=20 =C9=C0=CE=D1
Oracle=20 Reports Developer 6i: Build Internet = Reports 17-21 =C9=C0=CE=D1=20
Oracle=20 Forms Developer 6i: Build Internet Applications = II 24-26 =C9=C0=CE=D1=20

=CE=C1=20 =C1=D7=D4=CF=D2=C9=DA=CF=D7=C1=CE=CE=D9=C5 =CB=D5=D2=D3=D9 = Microsoft:

=EE=C1=C9=CD=C5=CE=CF=D7=C1=CE=C9=C5 = =CB=D5=D2=D3=C1 =E4=C1=D4=C1
Adminisreting a Microsoft SQL Server 2000=20 Database 3-7 =C9=C0=CE=D1=20
Programming a Microsoft SQL Server 2000=20 Database 10-14 =C9=C0=CE=D1=20
Implementing and Managing Microsoft Exchange = 2000=20 17-21=20 =CD=C1=CA
Designing=20 Microsoft Exchange 2000 for the Enterprise = 24-26=20 =CD=C1=CA

=CE=C1=20 =C1=D7=D4=CF=D2=C9=DA=CF=D7=C1=CE=CE=D9=C5 =CB=D5=D2=D3=D9 = Cisco (=D3=CF=D7=CD=C5=D3=D4=CE=CF =D3=20 =F2=E5=E4=E3=E5=EE=F4=F2):

=EE=C1=C9=CD=C5=CE=CF=D7=C1=CE=C9=C5 = =CB=D5=D2=D3=C1 =E4=C1=D4=C1
=E9=D3=D0=CF=CC=D8=DA=CF=D7=C1=CE=C9=C5 = =D3=C5=D4=C5=D7=CF=C7=CF =CF=C2=CF=D2=D5=C4=CF=D7=C1=CE=C9=D1 = Cisco 24-28=20 =C9=C0=CE=D1
=F0=CF=D3=D4=D2=CF=C5=CE=C9=C5=20 =CD=C1=D3=DB=D4=C1=C2=C9=D2=D5=C5=CD=D9=C8 = =D3=C5=D4=C5=CA Cisco 1-5 =C9=C0=CC=D1=20

=CE=C1=20 =C1=D7=D4=CF=D2=C9=DA=CF=D7=C1=CE=CE=D9=C5 =CB=D5=D2=D3=D9 = Sun (=D3=CF=D7=CD=C5=D3=D4=CE=CF =D3 = =F2=E5=E4=E3=E5=EE=F4=F2):

=EE=C1=C9=CD=C5=CE=CF=D7=C1=CE=C9=C5 = =CB=D5=D2=D3=C1 =E4=C1=D4=C1
=EF=D3=CE=CF=D7=D9=20 =D3=C9=D3=D4=C5=CD=CE=CF=C7=CF = =C1=C4=CD=C9=CE=C9=D3=D4=D2=C9=D2=CF=D7=C1=CE=C9=D1 Solaris = 8 18-21=20 =C9=C0=CE=D1
=F3=C9=D3=D4=C5=CD=CE=CF=C5=20 =C1=C4=CD=C9=CE=C9=D3=D4=D2=C9=D2=CF=D7=C1=CE=C9=C5 = Solaris 8 (=FE=C1=D3=D4=D8 I) 24-28=20 =C9=C0=CE=D1
=F3=C9=D3=D4=C5=CD=CE=CF=C5=20 =C1=C4=CD=C9=CE=C9=D3=D4=D2=C9=D2=CF=D7=C1=CE=C9=C5 = Solaris 8 (=FE=C1=D3=D4=D8 II) 1-5=20 =C9=C0=CC=D1
=F3=C5=D4=C5=D7=CF=C5=20 =C1=C4=CD=C9=CE=C9=D3=D4=D2=C9=D2=CF=D7=C1=CE=C9=C5 = Solaris 8 TCP/IP  

=CE=C1=20 =CB=D5=D2=D3=D9 Rational Software = (=D3=CF=D7=CD=C5=D3=D4=CE=CF =D3 =F5=EB=E3 =E9=CE=D4=C5=D2=C6=C5=CA=D3): =

=EE=C1=C9=CD=C5=CE=CF=D7=C1=CE=C9=C5 = =CB=D5=D2=D3=C1 =E4=C1=D4=C1
=E7=D2=D5=D0=D0=CF=D7=C1=D1=20 =D2=C1=DA=D2=C1=C2=CF=D4=CB=C1 =D3=CC=CF=D6=CE=CF=CA = =C9=CE=C6=CF=D2=CD=C1=C3=C9=CF=CE=CE=CF=CA =D3=C9=D3=D4=C5=CD=D9 =D3 = =C9=D3=D0=CF=CC=D8=DA=CF=D7=C1=CE=C9=C5=CD=20 Rational Suite  
=EF=C2=DF=C5=CB=D4=CE=CF-=CF=D2=C9=C5=CE=D4=C9=D2=CF=D7=C1=CE=CE= =D9=CA =C1=CE=C1=CC=C9=DA =C9 =D0=D2=CF=C5=CB=D4=C9=D2=CF=D7=C1=CE=C9=C5 = =C9=CE=C6=CF=D2=CD=C1=C3=C9=CF=CE=CE=D9=C8 = =D3=C9=D3=D4=C5=CD =D3 =D0=CF=CD=CF=DD=D8=C0 Rational Rose 17-21=20 =C9=C0=CE=D1

=D4=C5=CC=C5=C6=CF=CE =D5=DE=C5=C2=CE=CF=C7=CF = =C3=C5=CE=D4=D2=C1: (3832) 333-629=20
=C1=C4=D2=C5=D3: = =EE=CF=D7=CF=D3=C9=C2=C9=D2=D3=CB, =EC=C1=D7=D2=C5=CE=D4=D8=C5=D7=C1, 6 =

=E4=C1=CE=CE=C1=D1 =D2=C1=D3=D3=D9=CC=CB=C1 = =CE=C5 =D1=D7=CC=D1=C5=D4=D3=D1 =D3=D0=C1=CD=CF=CD.
=F7=C1=DB = =C1=C4=D2=C5=D3 =C2=D9=CC=20 =D0=CF=CC=D5=DE=C5=CE =C9=DA =CF=D4=CB=D2=D9=D4=D9=C8 = =C9=D3=D4=CF=DE=CE=C9=CB=CF=D7.

=E5=D3=CC=C9 =F7=D9 =CE=C5 = =D6=C5=CC=C1=C5=D4=C5 =D0=CF=CC=D5=DE=C1=D4=D8=20 =C9=CE=C6=CF=D2=CD=C1=C3=C9=C0 =CE=C1=DB=C5=C7=CF = =D3=C5=D2=D7=C5=D2=C1, =D0=C5=D2=C5=DB=CC=C9=D4=C5 =D0=C9=D3=D8=CD=CF = =D0=CF =C1=C4=D2=C5=D3=D5:unsubscribe@sibinfo.ru.=20

=E5=D3=CC=C9 =F7=C1=D3 = =C9=CE=D4=C5=D2=C5=D3=D5=C0=D4 =CE=CF=D7=CF=D3=D4=C9 = =C1=D7=D4=CF=D2=C9=DA=CF=D7=C1=CE=CE=CF=C7=CF =CF=C2=D5=DE=C5=CE=C9=D1, = =C1 =D4=C1=CB=20 =D6=C5 =D3=C1=CD=D9=C5 =D0=C5=D2=C5=C4=CF=D7=D9=C5 = =C5=D6=C5=CE=C5=C4=C5=CC=D8=CE=D9=C5 IT-=CE=CF=D7=CF=D3=D4=C9, =F7=D9 = =CD=CF=D6=C5=D4=C5 =D0=CF=C4=D0=C9=D3=C1=D4=D8=D3=D1 =CE=C1=20 =CE=CF=D7=CF=D3=D4=C9 =CB=CF=CD=D0=C1=CE=C9=C9 = "=F3=C9=C2=C9=CE=C6=CF=C3=C5=CE=D4=D2" =D0=CF =C1=C4=D2=C5=D3=D5: http://www.sibinfo.ru/=


3D""
=20
www.sibinfo.ru
courses@sibinfo.ru
------=_NextPart_000_0029_01C201CE.78EB4310-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat May 25 6:33:25 2002 Delivered-To: freebsd-security@freebsd.org Received: from web14603.mail.yahoo.com (web14603.mail.yahoo.com [216.136.224.83]) by hub.freebsd.org (Postfix) with SMTP id 0A95737B405 for ; Sat, 25 May 2002 06:33:16 -0700 (PDT) Message-ID: <20020525133315.86705.qmail@web14603.mail.yahoo.com> Received: from [66.156.12.58] by web14603.mail.yahoo.com via HTTP; Sat, 25 May 2002 06:33:15 PDT Date: Sat, 25 May 2002 06:33:15 -0700 (PDT) From: Jerry Murdock Subject: Re: Racoon SA Hard/Soft Lifetimes To: Shoichi Sakane Cc: FreeBSD-Security@FreeBSD.ORG In-Reply-To: <20020525122004P.sakane@kame.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --- Shoichi Sakane wrote: > > I've successfully got a 2day old -Stable build to talk IPSEC/IKE with a > > Sonicwall, but things fall apart when the SAs hit the soft lifetime limit. > > > > > A new SA is successfully negotiated with the Sonicwall when the soft > lifetime > > runs out, but the Sonicwall then ignores anything coming into it on the > "old" > > SA(which FBSD uses until the hard lifetime runs out). > > if your system has "net.key.preferred_oldsa" system wide value, > you can configure the kernel using new SA immediately. > > try like the following, > # sysctl -w net.key.preferred_oldsa=0 Sounds like exactly what I was looking for, unfortunately it doesn't seem to have any effect. I still see the counters for the old SA incrementing, and nothing going out the new SA until the old one expires completely. For now, I've modified racoon to set the soft lifetime to "hard lifetime - 10 seconds." The value seems to work quite well for the connection in question with no apparent key-renegotiation packet loss. Thanks, Jerry __________________________________________________ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-security Sat May 25 9:16:27 2002 Delivered-To: freebsd-security@freebsd.org Received: from ns1.mgul.ac.ru (ns1.mgul.ac.ru [193.233.63.19]) by hub.freebsd.org (Postfix) with ESMTP id 2AEE437B409 for ; Sat, 25 May 2002 09:16:17 -0700 (PDT) Received: from gosha.home.ru ([195.34.45.212]) (authenticated bits=0) by ns1.mgul.ac.ru (8.12.3/8.12.3) with ESMTP id g4PGFl6x068846 for ; Sat, 25 May 2002 20:16:05 +0400 (MSD) Date: Sat, 25 May 2002 20:15:46 +0400 From: "Andrey V. Pevnev" X-Mailer: The Bat! (v1.60c) Personal Reply-To: "Andrey V. Pevnev" Organization: Moscow State Forestry University X-Priority: 3 (Normal) Message-ID: <18122081000.20020525201546@mgul.ac.ru> To: security@FreeBSD.ORG Subject: Fwd: File Locking Local Denial of Service; Impact on sendmail In-Reply-To: <200205232339.g4NNd2le022795@services.sendmail.org> References: <200205232339.g4NNd2le022795@services.sendmail.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Status: No, hits=-6.5 required=5 tests=IN_REP_TO,PGP_SIGNATURE X-Scanned-By: MIMEDefang 2.12 (www dot roaringpenguin dot com slash mimedefang) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a forwarded message From: Gregory Neil Shapiro To: sendmail-announce@sendmail.org Date: Friday, May 24, 2002, 3:38:59 AM Subject: File Locking Local Denial of Service; Impact on sendmail ===8<==============Original message text=============== -----BEGIN PGP SIGNED MESSAGE----- File Locking Local Denial of Service Impact on sendmail Reported by lumpy Introduction ============ Any application which uses either flock() or fcntl() style locking or other APIs that use one of these locking methods (such as open() with O_EXLOCK and O_SHLOCK) on files readable by other local untrusted users may be susceptible to local denial of service attacks. Since this attack requires a user to use their own account to lock a file, it is extremely easy to find the user responsible. In all likelihood, users would not be foolish enough to use this type of denial of service. The Problem =========== Both locking types allow users who can open a file to apply a shared (read) lock on that file. This prevents any other process from obtaining an exclusive (write) lock on that file. Additionally, the flock() method allows users to obtain exclusive locks on files which they can open for reading. fcntl() locks require the file to opened for writing which offers somewhat better protection. While a process holds an exclusive lock on a file, no other process can obtain an exclusive or shared lock on that file. Although both flock() and fcntl() locks are advisory, their use to avoid data corruption makes them essentially compulsory for many programs. Detection ========= The process holding locks can be found using tools which read process file descriptor tables. One such tool is lsof, available from: ftp://vic.cc.purdue.edu/pub/tools/unix/lsof/ With this tool, you can find the process or processes holding a shared or exclusive lock on a file: # lsof /etc/settings COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME lockit 25472 badguy 3rW VREG 116,131072 1841 292 /etc/settings In this example, user badguy's lockit process (pid 25472) has /etc/settings opened for 'r'eading and has obtained an exclusive ('W'rite) lock as shown by the FD column. If this were an attack, the administrator could kill the offending process to drop the lock. Workaround ========== Since both locking methods are susceptible to a denial of service attack, simply switching to fcntl() based locking on all systems would not solve the problem. However, as long as a user can not open a file, they can not lock it. Therefore, the workaround is to protect all files which are locked by applications such that they can not be opened by untrusted users. Sendmail File Locking ===================== File locking is used throughout sendmail for a variety of files including aliases, maps, statistics, and the pid file. Any user who can open one of these files can prevent sendmail or it's associated utilities, e.g., makemap or newaliases, from operating properly. This can also affect sendmail's ability to update status files such as statistics files. For system which use flock() for file locking, a user's ability to obtain an exclusive lock prevents other sendmail processes from reading certain files such as alias or map databases. You can determine which locking system is used by sendmail from the output of: sendmail -bt -d0.10 < /dev/null | grep HASFLOCK If HASFLOCK is in the output, your system is using flock() for locking. Otherwise, it is using fcntl() for locking. On the following operating systems, sendmail uses flock() by default: SunOS 4, Ultrix, Tru64 UNIX 4.X and earlier, NeXTstep, Darwin, Mac OS X, Mach386, Convex OS, RISC/OS, Linux 1.3.95 and later, Sony NEWS, and all BSD-based systems On all other operating systems, sendmail uses fcntl() for locking by default. Since queue files should already have restricted permissions, the only files that need adjustment are alias, map, statistics, and pid files. These files should be owned by root or the trusted user specified in the TrustedUser option. Changing the permissions to be only readable and writable by that user is sufficient to avoid the denial of service. For example, depending on the paths you use, these commands would be used: chmod 0640 /etc/mail/aliases /etc/mail/aliases.{db,pag,dir} chmod 0640 /etc/mail/*.{db,pag,dir} chmod 0640 /etc/mail/statistics /var/log/sendmail.st chmod 0600 /var/run/sendmail.pid /etc/mail/sendmail.pid If /var/run/ is cleared on reboots, you will need to place the last chmod command for the pid file in the sendmail startup script after sendmail is started. If the permissions 0640 are used, be sure that only trusted users belong to the group assigned to those files. Otherwise, files should not even be group readable. Note that the denial of service on the plain text aliases file (/etc/mail/aliases) only prevents newaliases from rebuilding the aliases file. The same is true for the database files on systems which use fcntl() style locking. Since it does not interfere with normal operations, sites may chose to leave these files readable. Also, it is not necessary to protect the text files associated with map databases as makemap does not lock those files. sendmail 8.12.4 will change the default permissions for newly created map and alias database files to mode 0640. Also, the installation process will create the statistics file with mode 0600 if it does not already exist. Finally, the pid file will be created with mode 0600 as well. A future version of sendmail will introduce a feature to limit the amount of time spent waiting for a file lock. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iQCVAwUBPO162cApykAW9MzpAQG4gQP+PUDUr4h+J62M1SylpaN31QabVN8eo51g Q8JwR57vu4udqiCDuKUulzO4V6ZvZak79XeKqZBR55J6cVfD1nMz5UXKfHKaa3Yt NucCYywQvyRFGQUF5aKZKMBRBxpn8xgm7r8bhUX6T0oxdMk7iAic/V5cv5CjY0ER AbAl3Rru/YE= =Unr9 -----END PGP SIGNATURE----- ===8<===========End of original message text=========== -- Best regards, MSFU LAN Admin Andrey mailto:andrey@mgul.ac.ru http://www.mgul.ac.ru/~andrey To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message