From owner-freebsd-security@FreeBSD.ORG Sun May 11 00:14:56 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1A57A37B484 for ; Sun, 11 May 2003 00:14:56 -0700 (PDT) Received: from mail.panaso.com (mail.panaso.com [199.60.48.162]) by mx1.FreeBSD.org (Postfix) with SMTP id 7EE5043F85 for ; Sun, 11 May 2003 00:14:55 -0700 (PDT) (envelope-from tbaur@panaso.com) Received: (qmail 36693 invoked from network); 11 May 2003 07:14:55 -0000 Received: from unknown (HELO localhost) (127.0.0.1) by localhost.panaso.com with SMTP; 11 May 2003 07:14:55 -0000 Date: Sun, 11 May 2003 00:14:55 -0700 (PDT) From: Tim Baur To: freebsd-security@freebsd.org In-Reply-To: Message-ID: <0305110011080.81995@neobe.cnanfb.pbz> References: X-PGP: 0x44DB0D83 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: Re: md5 hash request: X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 May 2003 07:14:56 -0000 On Sun, 11 May 2003, Arie J. Gerszt wrote: > Does anybody have the md5 has value of /usr/bin/netstat of a FreeBSD 4.4 > RELEASE #0 which whas securely boxed? http://www.knowngoods.org maintains a fairly large database of known good 'stock install' md5's for various flavors. it appears accurate. Platform: FreeBSD 4.4 Release (i386) File: /usr/bin/netstat MD5: f1c9546b968943cf6e9975aa28bb3b0d SHA-1: 46f800450771f47a9fd0dc75a79eade254a037f5 Size: 89216 (bytes) -tbaur From owner-freebsd-security@FreeBSD.ORG Sun May 11 11:03:23 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 44B3D37B401 for ; Sun, 11 May 2003 11:03:23 -0700 (PDT) Received: from eterna.binary.net (eterna.binary.net [216.229.0.25]) by mx1.FreeBSD.org (Postfix) with ESMTP id A222A43FB1 for ; Sun, 11 May 2003 11:03:22 -0700 (PDT) (envelope-from goatee@binary.net) Received: from matrix.binary.net (matrix.binary.net [216.229.0.2]) by eterna.binary.net (Postfix) with ESMTP id 5D383B4381; Sun, 11 May 2003 13:03:15 -0500 (CDT) Received: by matrix.binary.net (Postfix, from userid 1021) id 48BDB102817; Sun, 11 May 2003 13:03:21 -0500 (CDT) Date: Sun, 11 May 2003 13:03:21 -0500 From: Blaine Kahle To: Brett Glass Message-ID: <20030511180321.GB37652@binary.net> References: <4.3.2.7.2.20030509110012.03940680@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4.3.2.7.2.20030509110012.03940680@localhost> User-Agent: Mutt/1.4.1i cc: freebsd-security@freebsd.org Subject: Re: Hacked? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 May 2003 18:03:23 -0000 On Fri, May 09, 2003 at 11:01:21AM -0600, Brett Glass wrote: > At 08:25 AM 5/9/2003, Bjoern A. Zeeb wrote: > > >this asumes that truss is ok ;-) perhaps take the truss from your > >other 4.7 machine ... > > Yes, you do have to be careful of this. I recently investigated a > machine that had been "owned," and when truss was applied to some > commands (e.g. netstat) it produced no output. I'm showing that truss'ing netstat produces no output on several versions of FreeBSD that I have installed. Is this correct behavior? The truss and netstat binaries both check out when compared to the listings at http://www.knowngoods.org/ -- Blaine Kahle blaine@binary.net 0x178AA0E0 From owner-freebsd-security@FreeBSD.ORG Sun May 11 13:19:49 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0502137B404 for ; Sun, 11 May 2003 13:19:49 -0700 (PDT) Received: from mta7.pltn13.pbi.net (mta7.pltn13.pbi.net [64.164.98.8]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5386643FF3 for ; Sun, 11 May 2003 13:19:48 -0700 (PDT) (envelope-from mbsd@pacbell.net) Received: from atlas (adsl-64-166-22-125.dsl.snfc21.pacbell.net [64.166.22.125]) by mta7.pltn13.pbi.net (8.12.9/8.12.3) with ESMTP id h4BKJkp8010690; Sun, 11 May 2003 13:19:46 -0700 (PDT) Date: Sun, 11 May 2003 13:19:46 -0700 (PDT) From: =?ISO-8859-1?Q?Mikko_Ty=F6l=E4j=E4rvi?= X-X-Sender: mikko@atlas.home To: Blaine Kahle In-Reply-To: <20030511180321.GB37652@binary.net> Message-ID: <20030511131555.E37892@atlas.home> References: <4.3.2.7.2.20030509110012.03940680@localhost> <20030511180321.GB37652@binary.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-security@freebsd.org Subject: Re: Hacked? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 May 2003 20:19:49 -0000 On Sun, 11 May 2003, Blaine Kahle wrote: > On Fri, May 09, 2003 at 11:01:21AM -0600, Brett Glass wrote: > > At 08:25 AM 5/9/2003, Bjoern A. Zeeb wrote: > > > > >this asumes that truss is ok ;-) perhaps take the truss from your > > >other 4.7 machine ... > > > > Yes, you do have to be careful of this. I recently investigated a > > machine that had been "owned," and when truss was applied to some > > commands (e.g. netstat) it produced no output. > > I'm showing that truss'ing netstat produces no output on several > versions of FreeBSD that I have installed. Is this correct behavior? The > truss and netstat binaries both check out when compared to the listings > at http://www.knowngoods.org/ You can't trace setuid/setgid programs. Netstat is setgid kmem. If you really need to truss it, make a copy and run it as a user with the requisite privileges (or root). $.02, /Mikko From owner-freebsd-security@FreeBSD.ORG Sun May 11 15:15:44 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7B8CB37B401 for ; Sun, 11 May 2003 15:15:44 -0700 (PDT) Received: from mail.schatti.ch (zux183-070.adsl.green.ch [80.254.183.70]) by mx1.FreeBSD.org (Postfix) with ESMTP id B8C4F43FA3 for ; Sun, 11 May 2003 15:15:42 -0700 (PDT) (envelope-from freebsdquestions@schatti.ch) Received: from localhost (localhost [127.0.0.1]) (uid 1002) by mail.schatti.ch with local; Mon, 12 May 2003 00:19:29 +0200 From: freebsdquestions@schatti.ch To: freebsd-security@freebsd.org Date: Mon, 12 May 2003 00:19:29 +0200 Mime-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Sender: freebsdquestions@schatti.ch Message-ID: Subject: X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 May 2003 22:15:44 -0000 Hi all! Short question: could anyone point me to documents regarding topics: jails! & nat & (ipfw|ip tables) - I'm in process to build a new system... Planned layout: NET---router/nat-----gateway:freebsd5.x/nat--------inner net | | | | | L- apache/php (lo_alias1) | L------ mail server (lo_alias2) L----------- djbdns (lo_alias3) Any hints, do's and dont's ? what about natd/ipnat ? which is better for dynamic rules ? Especially: how to manage that in conjunction with multiple jails ?? TIA, Slim From owner-freebsd-security@FreeBSD.ORG Sun May 11 18:25:34 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 32DEC37B401 for ; Sun, 11 May 2003 18:25:34 -0700 (PDT) Received: from pimout2-ext.prodigy.net (pimout2-ext.prodigy.net [207.115.63.101]) by mx1.FreeBSD.org (Postfix) with ESMTP id CBF0B43FCB for ; Sun, 11 May 2003 18:25:32 -0700 (PDT) (envelope-from metrol@metrol.net) Received: from metlap (adsl-67-121-60-9.dsl.anhm01.pacbell.net [67.121.60.9]) h4C1PU3T075700 for ; Sun, 11 May 2003 21:25:31 -0400 From: Michael Collette To: FreeBSD Security Date: Sun, 11 May 2003 18:25:06 -0700 User-Agent: KMail/1.5.1 References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200305111825.07340.metrol@metrol.net> Subject: Re: Gateway config X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 May 2003 01:25:34 -0000 On Sunday 11 May 2003 03:19 pm, freebsdquestions@schatti.ch wrote: > Hi all! > > Short question: could anyone point me to documents regarding topics: > jails! & nat & (ipfw|ip tables) - I'm in process to build a new system... > Planned layout: > > NET---router/nat-----gateway:freebsd5.x/nat--------inner net > > | | L- apache/php (lo_alias1) > | > | L------ mail server (lo_alias2) > > L----------- djbdns (lo_alias3) > > Any hints, do's and dont's ? what about natd/ipnat ? which is better for > dynamic rules ? Especially: how to manage that in conjunction with multiple > jails ?? Helps having a subject on these things, especially if a discussion gets brewing. I have yet to see any really good articles on the web concerning Jail setups. The AbsoluteBSD book has a really sweet walk through in getting jails up and running. Not much information on how to get your jails updated though, which I had hoped to research a little bit further. I did happen upon the following doing a quick Googling about... FreeBSD Jail Software and Docs http://memberwebs.com/nielsen/freebsd/jails/ FreeBSD Jail Scripts http://jailnotes.cg.nu/zcripts/ And the really well written man page... man 8 jail I too would be curious to see anything additional that you might find on the subject. The basic concepts are reasonable enough, but there are a few devilish details I'd like to see more of. One item that I'm kind of curious about, and betting others might be as well. What do you mean by "dynamic rules"? Dynamic in what sense? Dynamic as in stateful firewall, or IP, or what? Later on, -- "Outside of a dog, a book is man's best friend. Inside of a dog, it's too dark to read." - Groucho Marx From owner-freebsd-security@FreeBSD.ORG Mon May 12 04:40:56 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0341137B404 for ; Mon, 12 May 2003 04:40:55 -0700 (PDT) Received: from relay2.mecon.ar (relay2.mecon.ar [168.101.16.11]) by mx1.FreeBSD.org (Postfix) with ESMTP id 75CCB43FF9 for ; Mon, 12 May 2003 04:40:53 -0700 (PDT) (envelope-from fernando@mecon.gov.ar) Received: from racing.mecon.ar (racing.mecon.ar [168.101.133.15]) by relay2.mecon.ar (8.12.6p2/8.12.6) with ESMTP id h4CBenBU030632; Mon, 12 May 2003 08:40:50 -0300 (ART) (envelope-from fernando@mecon.gov.ar) Received: from racing.mecon.ar (meyosp.mecon.gov.ar [10.11.0.149]) by racing.mecon.ar (8.12.6/8.12.6) with ESMTP id h4CBeisb029910; Mon, 12 May 2003 08:40:44 -0300 (ART) (envelope-from fernando@mecon.gov.ar) Received: from bal740r0.mecon.gov.ar (bal740r0.mecon.ar [10.11.1.11]) by racing.mecon.ar (8.12.6/8.12.6) with ESMTP id h4CBeiBn029907; Mon, 12 May 2003 08:40:44 -0300 (ART) (envelope-from fernando@mecon.gov.ar) Received: from bal740r0.mecon.gov.ar (localhost [127.0.0.1]) by bal740r0.mecon.gov.ar (8.12.6/8.12.6) with ESMTP id h4CBei8w000349; Mon, 12 May 2003 08:40:44 -0300 (ART) (envelope-from fernando@mecon.gov.ar) Received: (from fpscha@localhost) by bal740r0.mecon.gov.ar (8.12.6/8.12.6/Submit) id h4CBegRJ000348; Mon, 12 May 2003 08:40:42 -0300 (ART) (envelope-from fernando@mecon.gov.ar) X-Authentication-Warning: bal740r0.mecon.gov.ar: fpscha set sender to fernando@mecon.gov.ar using -f Date: Mon, 12 May 2003 08:40:42 -0300 From: Fernando Schapachnik To: Michael Collette Message-ID: <20030512114042.GA321@bal740r0.mecon.gov.ar> References: <200305100617.44245.metrol@metrol.net> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <200305100617.44245.metrol@metrol.net> User-Agent: Mutt/1.4.1i X-OS: FreeBSD 4.7 - http://www.freebsd.org cc: FreeBSD Security Subject: Re: Down the MPD road X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 May 2003 11:40:56 -0000 En un mensaje anterior, Michael Collette escribió: > While connected, when I attempt to browse around the public Internet some > pages just don't load, where others do. No rhyme or reason, and nothing > showing up in my logging of all denied packets via ipfw. For example, I can > hit CNN without a problem, then when I try news.google it never loads a page. > I can hit the main Yahoo page, but any of their other sites won't go. Really > odd. Looks like a MTU problem. I suggest you ping with different packet sizes and see which is the smallest size that doesn't get throught. Some web servers use the Don't Fragment bit on, and packets get discarted. If the application you are interested in works right, maybe it be worth to made some batch on the XP side to alter the routing table so the default route doesn't point to the VPN. Good luck. Fernando. From owner-freebsd-security@FreeBSD.ORG Mon May 12 08:30:49 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 705FF37B401 for ; Mon, 12 May 2003 08:30:49 -0700 (PDT) Received: from cactus.fi.uba.ar (cactus.fi.uba.ar [157.92.49.108]) by mx1.FreeBSD.org (Postfix) with ESMTP id 359F343FCB for ; Mon, 12 May 2003 08:30:48 -0700 (PDT) (envelope-from fgleiser@cactus.fi.uba.ar) Received: from cactus.fi.uba.ar (cactus.fi.uba.ar [157.92.49.108]) by cactus.fi.uba.ar (8.12.3/8.12.3) with ESMTP id h4CFSfOX084591; Mon, 12 May 2003 12:28:41 -0300 (ART) (envelope-from fgleiser@cactus.fi.uba.ar) Date: Mon, 12 May 2003 12:28:41 -0300 (ART) From: Fernando Gleiser To: Peter Elsner In-Reply-To: <5.2.0.9.2.20030510151347.017a2f48@mail.servplex.com> Message-ID: <20030512122559.L81766-100000@cactus.fi.uba.ar> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Spam-Status: No, hits=-103.3 required=5.0 tests=IN_REP_TO,USER_IN_WHITELIST version=2.53 X-Spam-Checker-Version: SpamAssassin 2.53 (1.174.2.15-2003-03-30-exp) cc: freebsd-security@FreeBSD.ORG Subject: Re: Hacked? (UPDATE) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 May 2003 15:30:49 -0000 You may find the following article useful: Starting from Scratch: Formatting and Reinstalling after a Security Incident http://www.securityfocus.com/infocus/1692 Fer From owner-freebsd-security@FreeBSD.ORG Mon May 12 11:02:56 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 117F937B40E for ; Mon, 12 May 2003 11:02:56 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id C430C43FE0 for ; Mon, 12 May 2003 11:02:54 -0700 (PDT) (envelope-from owner-bugmaster@freebsd.org) Received: from freefall.freebsd.org (peter@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id h4CI2sUp036013 for ; Mon, 12 May 2003 11:02:54 -0700 (PDT) (envelope-from owner-bugmaster@freebsd.org) Received: (from peter@localhost) by freefall.freebsd.org (8.12.9/8.12.9/Submit) id h4CI2sBr036007 for security@freebsd.org; Mon, 12 May 2003 11:02:54 -0700 (PDT) Date: Mon, 12 May 2003 11:02:54 -0700 (PDT) Message-Id: <200305121802.h4CI2sBr036007@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: peter set sender to owner-bugmaster@freebsd.org using -f From: FreeBSD bugmaster To: security@FreeBSD.org Subject: Current problem reports assigned to you X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 May 2003 18:02:56 -0000 Current FreeBSD problem reports No matches to your query From owner-freebsd-security@FreeBSD.ORG Mon May 12 11:29:11 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 68A5837B401 for ; Mon, 12 May 2003 11:29:11 -0700 (PDT) Received: from mail.schatti.ch (zux183-070.adsl.green.ch [80.254.183.70]) by mx1.FreeBSD.org (Postfix) with ESMTP id 926D643F93 for ; Mon, 12 May 2003 11:29:08 -0700 (PDT) (envelope-from freebsdquestions@schatti.ch) Received: from localhost (localhost [127.0.0.1]) (uid 1002) by mail.schatti.ch with local; Mon, 12 May 2003 20:37:15 +0200 From: freebsdquestions@schatti.ch To: freebsd-security@FreeBSD.org Date: Mon, 12 May 2003 20:37:15 +0200 Mime-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Sender: freebsdquestions@schatti.ch Message-ID: Subject: Re: Gateway config X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 May 2003 18:29:11 -0000 >On Sunday 11 May 2003 03:19 pm, freebsdquestions@schatti.ch wrote: >> Hi all! >> >> Short question: could anyone point me to documents regarding topics: >> jails! & nat & (ipfw|ip tables) - I'm in process to build a new system... >> Planned layout: >> >> NET---router/nat-----gateway:freebsd5.x/nat--------inner net >> >> | | L- apache/php (lo_alias1) >> | >> | L------ mail server (lo_alias2) >> >> L----------- djbdns (lo_alias3) >> >> Any hints, do's and dont's ? what about natd/ipnat ? which is better for >> dynamic rules ? Especially: how to manage that in conjunction with >multiple >> jails ?? > >Helps having a subject on these things, especially if a discussion gets >brewing. > >I have yet to see any really good articles on the web concerning Jail >setups. >The AbsoluteBSD book has a really sweet walk through in getting jails up >and >running. Not much information on how to get your jails updated though, >which >I had hoped to research a little bit further. > >I did happen upon the following doing a quick Googling about... > >FreeBSD Jail Software and Docs >http://memberwebs.com/nielsen/freebsd/jails/> > >FreeBSD Jail Scripts >http://jailnotes.cg.nu/zcripts > >And the really well written man page... >man 8 jail > >I too would be curious to see anything additional that you might find on >the >subject. The basic concepts are reasonable enough, but there are a few >devilish details I'd like to see more of. > >One item that I'm kind of curious about, and betting others might be as >well. >What do you mean by "dynamic rules"? Dynamic in what sense? Dynamic as in >stateful firewall, or IP, or what? Also, I'd like to see examples of devfs-configurations, and how they are stored/restored.. Dynamic: In sense of 'stateful firewall'; where to put the rules:before or after nat ? If anyone has some sort of scripts for jails, devfs - feel free to send me those. thx Slim From owner-freebsd-security@FreeBSD.ORG Mon May 12 13:04:45 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 848DF37B409 for ; Mon, 12 May 2003 13:04:45 -0700 (PDT) Received: from la-mail2.digilink.net (la2.digilink.net [205.147.0.102]) by mx1.FreeBSD.org (Postfix) with ESMTP id E6B6243FD7 for ; Mon, 12 May 2003 13:04:44 -0700 (PDT) (envelope-from metrol@metrol.net) Received: from metrol@metrol.net (metrol@[205.147.16.59]) by la-mail2.digilink.net (8.12.9/8.12.9) with ESMTP id h4CK4hLR020253 for ; Mon, 12 May 2003 13:04:44 -0700 (PDT) From: Michael Collette To: FreeBSD Security Date: Mon, 12 May 2003 13:04:24 -0700 User-Agent: KMail/1.5.1 References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="windows-1251" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200305121304.24979.metrol@metrol.net> Subject: Re: Down the MPD road X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 May 2003 20:04:45 -0000 On Saturday 10 May 2003 01:48 pm, Olivier Cherrier wrote: > > > Here is where we descend into Windows-bashing. For some STUPID > > > reason, when a Windows box connects to a VPN via PPTP, the Windows > > > box's default route is adjusted to go through the VPN connection. > > > This is fortunately fixable (Windows has a ROUTE command), but it > > > requires your users to have half a clue: > > > > > > route delete 0.0.0.0 > > > route add 0.0.0.0 mask 0.0.0.0 gateway metric 1 > > > route add [InsideNetwork] mask [InsideMask] gateway > > > > [far end of VPN > > > > > tunnel] metric 1 > > > > I cannot test this right now, so it is quite probable that you are > > right, but couldn't this be controlled by the Properties >> Networking > > > > >> Internet Protocol (TCP/IP) >> Properties >> Advanced >> General >> > > >> Use default gateway on remote network? > > Yes, this checkbox allows to NOT route all the traffic to the > VPN server. No need of 'route delete, route add ...' scripts. I did this, and it does correct the immediate problem. Of course, it also creates a new glitchy. My mail server sits in the DMZ, which is of course on a different subnet than the secure network. I'm bringing in those outside users directly into the secure network, as they very definitely need resources from there. Without being able to configure routing from the secure network, those users can't route to the DMZ. In that DMZ I have pop3 and ldap restricted to internal use only, while SMTP is opened up wide. The problem compounds a bit when dealing with SMTP securities which is presently configured to restrict relaying to only those IPs that we own. So, the firewall prevents pop3 and ldap, while the mail server itself restricts the relaying. Unless the user is able to route to this server via the internal network this dog just don't hunt. Is there perhaps some part of this I'm missing? Thanks, -- "Outside of a dog, a book is man's best friend. Inside of a dog, it's too dark to read." - Groucho Marx From owner-freebsd-security@FreeBSD.ORG Mon May 12 14:30:51 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 496FD37B401 for ; Mon, 12 May 2003 14:30:51 -0700 (PDT) Received: from ardilla.dyndns.org (213-96-75-241.uc.nombres.ttd.es [213.96.75.241]) by mx1.FreeBSD.org (Postfix) with ESMTP id BFCB043F93 for ; Mon, 12 May 2003 14:30:49 -0700 (PDT) (envelope-from magura@ardilla.dyndns.org) Received: from [192.168.0.2] (gato [192.168.0.2]) by ardilla.dyndns.org (8.12.6p2/8.12.6) with ESMTP id h4CLc6u5050577 for ; Mon, 12 May 2003 23:38:07 +0200 (CEST) (envelope-from magura@ardilla.dyndns.org) From: Omar Lopez To: FreeBSD Security Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-8YNPzBrABqZg8JANGFlE" Organization: Message-Id: <1052775063.532.18.camel@croconout.casa.net> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.2.3 Date: 12 May 2003 23:31:03 +0200 Subject: OpenSSH-portable <= 3.6.1p1 bug? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 May 2003 21:30:51 -0000 --=-8YNPzBrABqZg8JANGFlE Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi: I Read these security advisory. http://lab.mediaservice.net/advisory/2003-01-openssh.txt Is my FreeBSD 5.0 afected? What other versions are afected? Thanks. --=-8YNPzBrABqZg8JANGFlE Content-Type: application/pgp-signature; name=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQA+wBKXv31fw66k0LsRApH8AJ0ec8pgmfS6r6+oJylDtjZvOXbpygCggUxP VvDR7O9hyrEVwB5qMxt91XM= =ZYvJ -----END PGP SIGNATURE----- --=-8YNPzBrABqZg8JANGFlE-- From owner-freebsd-security@FreeBSD.ORG Mon May 12 16:04:28 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2CCF337B401 for ; Mon, 12 May 2003 16:04:28 -0700 (PDT) Received: from meitner.wh.uni-dortmund.de (meitner.wh.uni-dortmund.de [129.217.129.133]) by mx1.FreeBSD.org (Postfix) with ESMTP id 675A243FE5 for ; Mon, 12 May 2003 16:04:27 -0700 (PDT) (envelope-from michaelnottebrock@gmx.net) Received: from lofi.dyndns.org (pc2-105.intern.meitner [10.3.12.105]) by meitner.wh.uni-dortmund.de (Postfix) with ESMTP id 389CA16768B for ; Tue, 13 May 2003 01:04:26 +0200 (CEST) Received: from kiste.my.domain (kiste.my.domain [192.168.8.4]) (authenticated bits=0) by lofi.dyndns.org (8.12.6p2/8.12.6) with ESMTP id h4CN4PeN061393 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO) for ; Tue, 13 May 2003 01:04:25 +0200 (CEST) (envelope-from michaelnottebrock@gmx.net) From: Michael Nottebrock To: FreeBSD Security Date: Tue, 13 May 2003 01:04:21 +0200 User-Agent: KMail/1.5.2 MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Boundary-02=_5hCw+F4Amma5a4f"; charset="us-ascii" Content-Transfer-Encoding: 7bit Message-Id: <200305130104.25177.michaelnottebrock@gmx.net> X-Virus-Scanned: by amavisd-new Subject: xdelta files for security patches X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 May 2003 23:04:28 -0000 --Boundary-02=_5hCw+F4Amma5a4f Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Content-Description: signed data Content-Disposition: inline Has xdelta (in ports under misc/xdelta) ever been considered as a means of= =20 delivering binary patches for security updates? It seems to be a pretty neat. =2D-=20 Regards, Michael Nottebrock --Boundary-02=_5hCw+F4Amma5a4f Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQA+wCh5Xhc68WspdLARAuWyAJ9t3bCdd2J3e3dkMhylqqe8n1HwlACgmpBd MGur12P6VLVIwclLp+sEGFQ= =kPxD -----END PGP SIGNATURE----- --Boundary-02=_5hCw+F4Amma5a4f-- From owner-freebsd-security@FreeBSD.ORG Mon May 12 16:35:28 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5EACB37B401 for ; Mon, 12 May 2003 16:35:28 -0700 (PDT) Received: from mta03-svc.ntlworld.com (mta03-svc.ntlworld.com [62.253.162.43]) by mx1.FreeBSD.org (Postfix) with ESMTP id 20A1643FAF for ; Mon, 12 May 2003 16:35:27 -0700 (PDT) (envelope-from colin.percival@wadham.ox.ac.uk) Received: from piii600.wadham.ox.ac.uk ([81.103.196.4]) by mta03-svc.ntlworld.comESMTP <20030512233525.TNMN11246.mta03-svc.ntlworld.com@piii600.wadham.ox.ac.uk>; Tue, 13 May 2003 00:35:25 +0100 Message-Id: <5.0.2.1.1.20030513001702.02e4a018@popserver.sfu.ca> X-Sender: cperciva@popserver.sfu.ca X-Mailer: QUALCOMM Windows Eudora Version 5.0.2 Date: Tue, 13 May 2003 00:35:23 +0100 To: Michael Nottebrock , FreeBSD Security From: Colin Percival In-Reply-To: <200305130104.25177.michaelnottebrock@gmx.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Subject: Re: xdelta files for security patches X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 May 2003 23:35:28 -0000 At 01:04 13/05/2003 +0200, Michael Nottebrock wrote: >Has xdelta (in ports under misc/xdelta) ever been considered as a means of >delivering binary patches for security updates? > >It seems to be a pretty neat. Using some form of binary diffs is on my todo list for FreeBSD Update (security/freebsd-update), but it's not a matter of critical importance. Right now updating from 4.7-RELEASE to the latest binaries takes around 30 MB, depending upon which install set you chose (nocrypt, crypt, kerberos4, kerberos5); good binary diffs would probably reduce this to around 5 MB. That said, I'm not sure if I would choose xdelta. Colin Percival From owner-freebsd-security@FreeBSD.ORG Mon May 12 17:04:24 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AFB6B37B401 for ; Mon, 12 May 2003 17:04:24 -0700 (PDT) Received: from tomts21-srv.bellnexxia.net (tomts21-srv.bellnexxia.net [209.226.175.183]) by mx1.FreeBSD.org (Postfix) with ESMTP id CCA9643FA3 for ; Mon, 12 May 2003 17:04:23 -0700 (PDT) (envelope-from melange@yip.org) Received: from lust.inside.int ([65.95.44.178]) by tomts21-srv.bellnexxia.netESMTP <20030513000422.UGVD15637.tomts21-srv.bellnexxia.net@lust.inside.int> for ; Mon, 12 May 2003 20:04:22 -0400 Received: from yip.org (localhost.inside.int [127.0.0.1]) by lust.inside.int (8.12.9/8.12.7) with ESMTP id h4D075eH031705 for ; Mon, 12 May 2003 20:07:08 -0400 (EDT) (envelope-from melange@yip.org) Message-ID: <3EC03726.105@yip.org> Date: Mon, 12 May 2003 20:07:02 -0400 From: Bob K User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.2b) Gecko/20021016 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-security@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: [Fwd: Re: Down the MPD road] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 May 2003 00:04:25 -0000 Made a typo in the cc: line. Coffee time, I guess. -------- Original Message -------- Date: Mon, 12 May 2003 19:52:17 -0400 From: Bob K To: Michael Collette CC: freebsd.-security@freebsd.org Subject: Re: Down the MPD road > I did this, and it does correct the immediate problem. Of course, it > also > creates a new glitchy. > > My mail server sits in the DMZ, which is of course on a different > subnet than > the secure network. I'm bringing in those outside users directly into > the > secure network, as they very definitely need resources from there. > > Without being able to configure routing from the secure network, those > users > can't route to the DMZ. In that DMZ I have pop3 and ldap restricted to > internal use only, while SMTP is opened up wide. The problem > compounds a bit > when dealing with SMTP securities which is presently configured to > restrict > relaying to only those IPs that we own. > > So, the firewall prevents pop3 and ldap, while the mail server itself > restricts the relaying. Unless the user is able to route to this > server via > the internal network this dog just don't hunt. > > Is there perhaps some part of this I'm missing? Workaround: Take a box inside the secure network and have it NAT mail & LDAP connections from the MPD'd range to the mail server. Then have your MPD'd users use that box. You can use ipfw+natd to do this; something like: natd -redirect_address ma.il.ser.ver 0.0.0.0 ipfw add divert 8668 tcp from mpd.ra.ng.es/bits to int.er.nal.ip \ 25,110,389 in recv enet0 ipfw add divert 8668 tcp from ma.il.ser.ver 25,110,389 to int.er.nal.ip in recv enet0 If resources aren't scarce, you could even use the box that's running mpd to do it. (if anyone can spot problems with this aside from the accounting difficulties, please let me know) A better solution, methinks, would be an internal mail/ldap server in the secure range, with the one in the DMZ doing nothing but relaying mail to/from the internal network. From owner-freebsd-security@FreeBSD.ORG Mon May 12 17:12:28 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E414A37B401 for ; Mon, 12 May 2003 17:12:28 -0700 (PDT) Received: from meitner.wh.uni-dortmund.de (meitner.wh.uni-dortmund.de [129.217.129.133]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2832643FA3 for ; Mon, 12 May 2003 17:12:28 -0700 (PDT) (envelope-from michaelnottebrock@gmx.net) Received: from lofi.dyndns.org (pc2-105.intern.meitner [10.3.12.105]) by meitner.wh.uni-dortmund.de (Postfix) with ESMTP id 20CA01676CF; Tue, 13 May 2003 02:12:27 +0200 (CEST) Received: from kiste.my.domain (kiste.my.domain [192.168.8.4]) (authenticated bits=0) by lofi.dyndns.org (8.12.6p2/8.12.6) with ESMTP id h4D0CQeN061714 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO); Tue, 13 May 2003 02:12:26 +0200 (CEST) (envelope-from michaelnottebrock@gmx.net) From: Michael Nottebrock To: Colin Percival , FreeBSD Security Date: Tue, 13 May 2003 02:12:25 +0200 User-Agent: KMail/1.5.2 References: <5.0.2.1.1.20030513001702.02e4a018@popserver.sfu.ca> In-Reply-To: <5.0.2.1.1.20030513001702.02e4a018@popserver.sfu.ca> MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Boundary-02=_qhDw+lzlyu6OYlS"; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200305130212.26302.michaelnottebrock@gmx.net> X-Virus-Scanned: by amavisd-new Subject: Re: xdelta files for security patches X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 May 2003 00:12:29 -0000 --Boundary-02=_qhDw+lzlyu6OYlS Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Description: signed data Content-Disposition: inline On Tuesday 13 May 2003 01:35, Colin Percival wrote: > At 01:04 13/05/2003 +0200, Michael Nottebrock wrote: > >Has xdelta (in ports under misc/xdelta) ever been considered as a means = of > >delivering binary patches for security updates? > > > >It seems to be a pretty neat. > > Using some form of binary diffs is on my todo list for FreeBSD Update > (security/freebsd-update) As an embarrassing matter of fact, I totally forgot about your work. Thanks= =20 for reminding me! =2D-=20 Regards, Michael Nottebrock --Boundary-02=_qhDw+lzlyu6OYlS Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQA+wDhqXhc68WspdLARAgcTAJ42tu4ULrvonD1ATmWkKT9W6gwuhwCeM6+8 aRrLyIsLLgDjA8VDpJpijUw= =qhG0 -----END PGP SIGNATURE----- --Boundary-02=_qhDw+lzlyu6OYlS-- From owner-freebsd-security@FreeBSD.ORG Mon May 12 18:52:26 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DB37237B401 for ; Mon, 12 May 2003 18:52:26 -0700 (PDT) Received: from testequity.com (postal.testequity.com [205.147.14.100]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0C4CE43FB1 for ; Mon, 12 May 2003 18:52:26 -0700 (PDT) (envelope-from metrol@metrol.net) Received: from metlap [205.147.14.249] by testequity.com with ESMTP (SMTPD32-7.13) id AF6DE4001EC; Mon, 12 May 2003 18:50:37 -0700 From: Michael Collette To: FreeBSD Security Date: Mon, 12 May 2003 18:52:07 -0700 User-Agent: KMail/1.5.1 References: <3EC03726.105@yip.org> In-Reply-To: <3EC03726.105@yip.org> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200305121852.07018.metrol@metrol.net> Subject: Re: [Fwd: Re: Down the MPD road] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 May 2003 01:52:27 -0000 On Monday 12 May 2003 05:07 pm, Bob K wrote: > Made a typo in the cc: line. Coffee time, I guess. Oh boy, this mail had me running for the coffee pot. > > Is there perhaps some part of this I'm missing? > > Workaround: Take a box inside the secure network and have it NAT mail & > LDAP connections from the MPD'd range to the mail server. Then have > your MPD'd users use that box. > > You can use ipfw+natd to do this; something like: > > natd -redirect_address ma.il.ser.ver 0.0.0.0 > > ipfw add divert 8668 tcp from mpd.ra.ng.es/bits to int.er.nal.ip \ > 25,110,389 in recv enet0 > > ipfw add divert 8668 tcp from ma.il.ser.ver 25,110,389 to int.er.nal.ip > in recv enet0 > > If resources aren't scarce, you could even use the box that's running > mpd to do it. It seems I've run into a false alarm. Turns out the user's mail box on the server had a dinked message which wouldn't let him pull down. Once I fixed the dinked message, all was well. Even without having remote gateway enabled. A bit of a concern here, as by all reasoning it shouldn't be able to hop the subnet without some way to route the packets. Seems like this is the part in a How-To where "something magical happens" to the packets. Your mail did get me thinking that it might work out a bit more securely to have mpd running in a jail either on the gateway or on a box behind. I can definitely see where you're going with your suggestion, and even though it doesn't seem needed now, it might still be a worthwhile lockdown to look into. > (if anyone can spot problems with this aside from the accounting > difficulties, please let me know) > > A better solution, methinks, would be an internal mail/ldap server in > the secure range, with the one in the DMZ doing nothing but relaying > mail to/from the internal network. I do have plans to do something very similar to this in the very near future. I was considering having pop3 running in the DMZ with fetchmail bringing in from there to a server in the secure network running IMAP. SMTP would have to remain in the DMZ in order to get a proper reverse DNS for them pickier servers out there though. If there's a more creative means for doing this I would LOVE to hear about it. That, or what other folks might consider best practices for placement of the mail server within the topography. Thanks again for a creative idea here. Later on, -- "Outside of a dog, a book is man's best friend. Inside of a dog, it's too dark to read." - Groucho Marx From owner-freebsd-security@FreeBSD.ORG Tue May 13 12:05:21 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 087F137B401 for ; Tue, 13 May 2003 12:05:21 -0700 (PDT) Received: from cowbert.2y.net (d46h180.public.uconn.edu [137.99.46.180]) by mx1.FreeBSD.org (Postfix) with SMTP id 03D0A43FA3 for ; Tue, 13 May 2003 12:05:20 -0700 (PDT) (envelope-from sirmoo@cowbert.2y.net) Received: (qmail 9096 invoked by uid 1001); 13 May 2003 19:05:19 -0000 Date: Tue, 13 May 2003 15:05:19 -0400 From: "Peter C. Lai" To: Omar Lopez Message-ID: <20030513190519.GU67769@cowbert.2y.net> References: <1052775063.532.18.camel@croconout.casa.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1052775063.532.18.camel@croconout.casa.net> User-Agent: Mutt/1.4i cc: FreeBSD Security Subject: Re: OpenSSH-portable <= 3.6.1p1 bug? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: peter.lai@uconn.edu List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 May 2003 19:05:21 -0000 I think this explains it pretty well: (it's under section 3. of the advisory you posted).
NOTE. FreeBSD uses both a different PAM implementation and a different PAM support in OpenSSH: it doesn't seem to be vulnerable to this particular timing leak issue. All OpenSSH-portable releases <= OpenSSH_3.6.1p1 compiled with PAM support enabled (./configure --with-pam) are vulnerable to this information leak. The PAMAuthenticationViaKbdInt directive doesn't need to be enabled in sshd_config.
Howevever, it lists MACOSX as "unconfirmed". I thought MACOSX used the FreeBSD ssh implementation. On Mon, May 12, 2003 at 11:31:03PM +0200, Omar Lopez wrote: > Hi: > I Read these security advisory. > http://lab.mediaservice.net/advisory/2003-01-openssh.txt > Is my FreeBSD 5.0 afected? What other versions are afected? > > Thanks. > -- Peter C. Lai University of Connecticut Dept. of Molecular and Cell Biology Yale University School of Medicine SenseLab | Research Assistant http://cowbert.2y.net/ From owner-freebsd-security@FreeBSD.ORG Wed May 14 01:07:30 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 85C8537B401 for ; Wed, 14 May 2003 01:07:30 -0700 (PDT) Received: from mta02-svc.ntlworld.com (mta02-svc.ntlworld.com [62.253.162.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 22CC643F75 for ; Wed, 14 May 2003 01:07:29 -0700 (PDT) (envelope-from colin.percival@wadham.ox.ac.uk) Received: from piii600.wadham.ox.ac.uk ([81.103.196.4]) by mta02-svc.ntlworld.comESMTP <20030514080727.PPZP9882.mta02-svc.ntlworld.com@piii600.wadham.ox.ac.uk>; Wed, 14 May 2003 09:07:27 +0100 Message-Id: <5.0.2.1.1.20030514085255.01df92a0@popserver.sfu.ca> X-Sender: cperciva@popserver.sfu.ca X-Mailer: QUALCOMM Windows Eudora Version 5.0.2 Date: Wed, 14 May 2003 09:07:24 +0100 To: Colin Percival , Michael Nottebrock , FreeBSD Security From: Colin Percival In-Reply-To: <5.0.2.1.1.20030513001702.02e4a018@popserver.sfu.ca> References: <200305130104.25177.michaelnottebrock@gmx.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Subject: Re: xdelta files for security patches X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 May 2003 08:07:30 -0000 At 00:35 13/05/2003 +0100, I wrote: > Using some form of binary diffs is on my todo list for FreeBSD Update > (security/freebsd-update), but it's not a matter of critical > importance. Right now updating from 4.7-RELEASE to the latest binaries > takes around 30 MB, depending upon which install set you chose (nocrypt, > crypt, kerberos4, kerberos5); good binary diffs would probably reduce > this to around 5 MB. > That said, I'm not sure if I would choose xdelta. Of course, when I wrote this, I had no idea that I was about to write a binary diff/patch utility in 12 hours. In doing so, I've lost quite a bit of respect for xdelta; ok, my code is about five times slower and has a larger memory footprint, but it produces diffs 35% smaller and weighs in at a massive 281 lines (in contrast to the thousands of lines of code in xdelta). I'll be adding this into FreeBSD Update in the near future. If anyone wants the code for other purposes, feel free to contact me. Colin Percival From owner-freebsd-security@FreeBSD.ORG Wed May 14 02:09:07 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6CF4F37B401 for ; Wed, 14 May 2003 02:09:07 -0700 (PDT) Received: from gandalf.online.bg (gandalf.online.bg [217.75.128.9]) by mx1.FreeBSD.org (Postfix) with SMTP id 5D2F143FAF for ; Wed, 14 May 2003 02:09:05 -0700 (PDT) (envelope-from roam@ringlet.net) Received: (qmail 13834 invoked from network); 14 May 2003 09:02:57 -0000 Received: from office.sbnd.net (HELO straylight.ringlet.net) (217.75.140.130) by gandalf.online.bg with SMTP; 14 May 2003 09:02:57 -0000 Received: (qmail 7831 invoked by uid 1000); 14 May 2003 09:06:30 -0000 Date: Wed, 14 May 2003 12:06:29 +0300 From: Peter Pentchev To: Colin Percival Message-ID: <20030514090629.GA81399@straylight.oblivion.bg> Mail-Followup-To: Colin Percival , Michael Nottebrock , FreeBSD Security References: <200305130104.25177.michaelnottebrock@gmx.net> <5.0.2.1.1.20030514085255.01df92a0@popserver.sfu.ca> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="rwEMma7ioTxnRzrJ" Content-Disposition: inline In-Reply-To: <5.0.2.1.1.20030514085255.01df92a0@popserver.sfu.ca> User-Agent: Mutt/1.5.4i cc: FreeBSD Security Subject: Re: xdelta files for security patches X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 May 2003 09:09:07 -0000 --rwEMma7ioTxnRzrJ Content-Type: text/plain; charset=windows-1251 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, May 14, 2003 at 09:07:24AM +0100, Colin Percival wrote: > At 00:35 13/05/2003 +0100, I wrote: > > Using some form of binary diffs is on my todo list for FreeBSD Update= =20 > >(security/freebsd-update), but it's not a matter of critical=20 > >importance. Right now updating from 4.7-RELEASE to the latest binaries= =20 > >takes around 30 MB, depending upon which install set you chose (nocrypt,= =20 > >crypt, kerberos4, kerberos5); good binary diffs would probably reduce=20 > >this to around 5 MB. > > That said, I'm not sure if I would choose xdelta. >=20 > Of course, when I wrote this, I had no idea that I was about to write a= =20 > binary diff/patch utility in 12 hours. In doing so, I've lost quite a bi= t=20 > of respect for xdelta; ok, my code is about five times slower and has a= =20 > larger memory footprint, but it produces diffs 35% smaller and weighs in = at=20 > a massive 281 lines (in contrast to the thousands of lines of code in=20 > xdelta). > I'll be adding this into FreeBSD Update in the near future. If anyone= =20 > wants the code for other purposes, feel free to contact me. When I read this thread yesterday, I was going to suggest taking a look at the rsync code. Still, it sounds like your code is much simpler than the rsync algorithm described at http://rsync.samba.org/tech_report/. This is probably a good thing :) G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@sbnd.net roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 =2Esiht ekil ti gnidaer eb d'uoy ,werbeH ni erew ecnetnes siht fI --rwEMma7ioTxnRzrJ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQE+wgcV7Ri2jRYZRVMRAmmjAJ42b4+FglNv1RbinU0HHM1Ctm4XrQCfToJj rUlnjioSNW6UZOlgkRY0F9U= =cx8U -----END PGP SIGNATURE----- --rwEMma7ioTxnRzrJ-- From owner-freebsd-security@FreeBSD.ORG Wed May 14 06:07:43 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AD37E37B401 for ; Wed, 14 May 2003 06:07:43 -0700 (PDT) Received: from mta03-svc.ntlworld.com (mta03-svc.ntlworld.com [62.253.162.43]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7EADC43F85 for ; Wed, 14 May 2003 06:07:42 -0700 (PDT) (envelope-from colin.percival@wadham.ox.ac.uk) Received: from piii600.wadham.ox.ac.uk ([81.103.196.4]) by mta03-svc.ntlworld.comESMTP <20030514130740.LQOY11246.mta03-svc.ntlworld.com@piii600.wadham.ox.ac.uk>; Wed, 14 May 2003 14:07:40 +0100 Message-Id: <5.0.2.1.1.20030514135429.01dec350@popserver.sfu.ca> X-Sender: cperciva@popserver.sfu.ca X-Mailer: QUALCOMM Windows Eudora Version 5.0.2 Date: Wed, 14 May 2003 14:07:38 +0100 To: Peter Pentchev , Colin Percival From: Colin Percival In-Reply-To: <20030514090629.GA81399@straylight.oblivion.bg> References: <5.0.2.1.1.20030514085255.01df92a0@popserver.sfu.ca> <200305130104.25177.michaelnottebrock@gmx.net> <5.0.2.1.1.20030514085255.01df92a0@popserver.sfu.ca> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed cc: FreeBSD Security Subject: Re: xdelta files for security patches X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 May 2003 13:07:44 -0000 At 12:06 14/05/2003 +0300, Peter Pentchev wrote: >When I read this thread yesterday, I was going to suggest taking a look >at the rsync code. Still, it sounds like your code is much simpler than >the rsync algorithm described at http://rsync.samba.org/tech_report/. >This is probably a good thing :) Rsync solves a problem much harder than binary diffs -- rsync constructs half-blind binary diffs. The old and new files are on different machines, so rsync uses a clever statistical sampling trick to locate large common sections which the two files share. xdelta uses the same method, but when we have both files in the same place we can do much better by using a suffix sort. Colin Percival From owner-freebsd-security@FreeBSD.ORG Wed May 14 08:04:20 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7831637B401 for ; Wed, 14 May 2003 08:04:20 -0700 (PDT) Received: from computinginnovations.com (dsl081-142-072.chi1.dsl.speakeasy.net [64.81.142.72]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7CAE043FB1 for ; Wed, 14 May 2003 08:04:19 -0700 (PDT) (envelope-from derek@computinginnovations.com) Received: from p4.computinginnovations.com (dhcp-192-168-1-121.computinginnovations.com [192.168.1.121]) h4EF4Ivp077727 for ; Wed, 14 May 2003 10:04:18 -0500 (CDT) Message-Id: <5.2.1.1.2.20030514095822.00a800c0@computinginnovations.com> X-Sender: derek@computinginnovations.com X-Mailer: QUALCOMM Windows Eudora Version 5.2.1 Date: Wed, 14 May 2003 10:04:19 -0500 To: freebsd-security@freebsd.org From: Derek Ragona Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Subject: su-ing error with FreeBSD 5.0 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 May 2003 15:04:20 -0000 On a couple servers I have one running 5.0 Release, another running 5.0 Stable I have a problem with su. If I login to the server using a regular account, then su - to root, then I try to su - to any other account, other than the one I originally logged in as the su works but with this error: su: No controlling tty (open /dev/tty: Permission denied) su: warning: won't have full job control With this error, it makes it pretty bad to use this way. Do I have something not configured correctly? Or is there something I need to do more in the 5.0 configuration -Derek derek@computinginnovations.com From owner-freebsd-security@FreeBSD.ORG Wed May 14 08:18:16 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 38E6E37B401 for ; Wed, 14 May 2003 08:18:16 -0700 (PDT) Received: from s-smtp-osl-01.bluecom.no (s-smtp-osl-01.bluecom.no [62.101.193.35]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2B92343F85 for ; Wed, 14 May 2003 08:18:15 -0700 (PDT) (envelope-from erik@pentadon.com) Received: from erik (tromso-dhcp-234-175.bluecom.no [62.101.234.175]) by s-smtp-osl-01.bluecom.no (Postfix) with ESMTP id 82BEF1635E8; Wed, 14 May 2003 17:18:12 +0200 (CEST) From: "Erik Paulsen Skålerud" To: "'Derek Ragona'" , Date: Wed, 14 May 2003 17:15:20 +0200 Message-ID: <000701c31a2b$a33ff720$0a00000a@yes.no> X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4510 Importance: Normal In-Reply-To: <5.2.1.1.2.20030514095822.00a800c0@computinginnovations.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Subject: RE: su-ing error with FreeBSD 5.0 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 May 2003 15:18:16 -0000 > On a couple servers I have one running 5.0 Release, another > running 5.0 > Stable I have a problem with su. 5.0-STABLE does not exist, are you talking about 5.0-CURRENT or 5.1-BETA? > Do I have something not configured correctly? Or is there > something I need > to do more in the 5.0 configuration Well, you could try to ask freebsd-questions@freebsd.org, wich is the relevant list for asking this question. Or if this is a problem only related to the (probably?) 5.0-CURRENT server, try asking current@freebsd.org Erik. From owner-freebsd-security@FreeBSD.ORG Wed May 14 17:34:11 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6CA1737B401 for ; Wed, 14 May 2003 17:34:11 -0700 (PDT) Received: from sccrmhc01.attbi.com (sccrmhc01.attbi.com [204.127.202.61]) by mx1.FreeBSD.org (Postfix) with ESMTP id 90FB543F3F for ; Wed, 14 May 2003 17:34:10 -0700 (PDT) (envelope-from crist.clark@attbi.com) Received: from blossom.cjclark.org (12-234-159-107.client.attbi.com[12.234.159.107]) by attbi.com (sccrmhc01) with ESMTP id <2003051500340800100do51pe>; Thu, 15 May 2003 00:34:08 +0000 Received: from blossom.cjclark.org (localhost. [127.0.0.1]) by blossom.cjclark.org (8.12.8p1/8.12.3) with ESMTP id h4F0Y7ki083791; Wed, 14 May 2003 17:34:07 -0700 (PDT) (envelope-from crist.clark@attbi.com) Received: (from cjc@localhost) by blossom.cjclark.org (8.12.8p1/8.12.8/Submit) id h4F0Y5Hj083790; Wed, 14 May 2003 17:34:05 -0700 (PDT) X-Authentication-Warning: blossom.cjclark.org: cjc set sender to crist.clark@attbi.com using -f Date: Wed, 14 May 2003 17:34:05 -0700 From: "Crist J. Clark" To: xskoba1@kremilek.gyrec.cz Message-ID: <20030515003405.GA83387@blossom.cjclark.org> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.1i X-URL: http://people.freebsd.org/~cjc/ cc: freebsd-security@freebsd.org Subject: Re: bridge and firewall X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: "Crist J. Clark" List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 May 2003 00:34:11 -0000 On Thu, May 08, 2003 at 12:39:11PM +0200, xskoba1@kremilek.gyrec.cz wrote: > Can anyone help with this. Bridge is enabled, even in sysctl. Firewall is > enabled and configured. But my reality is done this way.. > > > Cisco > (NATing > 192.168.1.0/24) ---- Freebsd Bridge (Public IP) ------ stations > (Public IP) (NATing 172.16.0.0/24 192.168.1.xx > or something similar) 172.16.0.xx and on > one public IP one private witch even one > public IP... > > ok... it looks horribly, but I am not having time to change it... we are > going to change IPS and so on... > > so... what are the rules which should be added > > users are permited to connect inside.... to public IP trough SSH > named is on FreeBSD and used by inner adress (192... 172...) > > and firewall than behaves strangely... > > thanks for any idea, unless you want me to reconfigure it at all... it is > a school and I am not having time until holiday Bridged packets only go through firewall processing on input. If you have a, divert natd ip from any to any via if0 (Where if0 is the external interface) it will not work since packets going out the interface never hit that rule. -- Crist J. Clark | cjclark@alum.mit.edu | cjclark@jhu.edu http://people.freebsd.org/~cjc/ | cjc@freebsd.org From owner-freebsd-security@FreeBSD.ORG Fri May 16 18:47:18 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7F55B37B401; Fri, 16 May 2003 18:47:18 -0700 (PDT) Received: from smtp-relay2.barrysworld.com (smtp-relay2.barrysworld.com [213.221.172.236]) by mx1.FreeBSD.org (Postfix) with ESMTP id B754F43FBD; Fri, 16 May 2003 18:47:17 -0700 (PDT) (envelope-from killing@barrysworld.com) Received: from [213.221.181.50] (helo=barrysworld.com) by smtp-relay2.barrysworld.com with esmtp (Exim 4.12) id 19Gqmm-0003HK-00; Sat, 17 May 2003 02:46:56 +0100 Received: from gromit [212.211.104.19] by barrysworld.com with ESMTP (SMTPD32-7.15) id A53A1F99014A; Sat, 17 May 2003 02:49:46 +0100 Message-ID: <001f01c31c1e$7e00e3d0$9f00a8c0@mshome.net> From: "Killing" To: , Date: Sat, 17 May 2003 03:46:15 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 1 X-MSMail-Priority: High X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Subject: open and euid security flaw in 5.0-Current? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 May 2003 01:47:18 -0000 On a FreeBSD 5.0 the behaviour of screen when connecting to other users sessions have changed. Previously: 1. login as userA start a screen as userA and disconnect 2. login as root su - userA "screen -r" 3. result failure as userA cant access the ttyX with such a message Current: 1. login as userA start a screen as userA and disconnect 2. login as root su - userA "screen -r" 3. result failure as userA cant access the ttyX but no message After looking around in screen's code I found that after doing a seteuid( userA ) an open on root's terminal is still succeseding. Surely this is a problem as when running euid userA there should be no access to ruid's files? Steve / K From owner-freebsd-security@FreeBSD.ORG Sat May 17 07:24:38 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 653C937B401; Sat, 17 May 2003 07:24:38 -0700 (PDT) Received: from smtp-relay1.barrysworld.com (ns1.barrysworld.com [213.221.172.238]) by mx1.FreeBSD.org (Postfix) with ESMTP id D26E743F3F; Sat, 17 May 2003 07:24:36 -0700 (PDT) (envelope-from killing@barrysworld.com) Received: from [213.221.181.50] (helo=barrysworld.com) by smtp-relay1.barrysworld.com with esmtp (Exim 4.12) id 19H2br-00052o-00; Sat, 17 May 2003 15:24:27 +0100 Received: from gromit [212.211.96.14] by barrysworld.com with ESMTP (SMTPD32-7.15) id A6C04FF00288; Sat, 17 May 2003 15:27:12 +0100 Message-ID: <006d01c31c88$4e8ae000$9f00a8c0@mshome.net> From: "Killing" To: "Robert Watson" References: Date: Sat, 17 May 2003 16:23:42 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 cc: freebsd-hackers@freebsd.org cc: freebsd-security@freebsd.org Subject: Re: open and euid security flaw in 5.0-Current? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 May 2003 14:24:38 -0000 Thanks for that Robert will do some more investigation as it does break screen :( Steve /k ----- Original Message ----- From: "Robert Watson" To: "Killing" Cc: ; Sent: Saturday, May 17, 2003 6:55 AM Subject: Re: open and euid security flaw in 5.0-Current? > On Sat, 17 May 2003, Killing wrote: > > > On a FreeBSD 5.0 the behaviour of screen when connecting to other > > users sessions have changed. Previously: > > 1. login as userA start a screen as userA and disconnect > > 2. login as root su - userA "screen -r" > > 3. result failure as userA cant access the ttyX with such a message > > Current: > > 1. login as userA start a screen as userA and disconnect > > 2. login as root su - userA "screen -r" > > 3. result failure as userA cant access the ttyX but no message > > > > After looking around in screen's code I found that after doing a > > seteuid( userA ) an open on root's terminal is still succeseding. > > > > Surely this is a problem as when running euid userA there should be no > > access to ruid's files? > > I'm not sure this is the bug (feature?) you think it is. It sounds like > you think this might be a mis-evaluation of file permissions more > generally relating to saved vs. effective vs. real credentials. Based on > the fact that other devfs permissions work properly, I actually don't > think it's that. What you're seeing is derived from changes in the > behavior of /dev as a result of devfs in 5.x. This is a result of > special-case handling in devfs_access(): > > error = vaccess(vp->v_type, de->de_mode, de->de_uid, de->de_gid, > ap->a_mode, ap->a_cred, NULL); > if (!error) > return (error); > if (error != EACCES) > return (error); > /* We do, however, allow access to the controlling terminal */ > if (!(ap->a_td->td_proc->p_flag & P_CONTROLT)) > return (error); > if (ap->a_td->td_proc->p_session->s_ttyvp == de->de_vnode) > return (0); > return (error); > > It's worth noting, though, that you can accomplish much the same thing by > opening /dev/tty, which even on RELENG_4, permits you to open your own > controlling terminal without going through the permission checks on the > device node for the terminal itself. This reflects the fact that /dev > entries are not the actual object, just references to an underlying > object, and access through any of the VFS layer objects is sufficient. > I'm not entirely sure this is desirable in all cases, but it's apparently > not specific to FreeBSD. For example a Linux 2.2 box I have access to > permits this: > > [rwatson@viking /dev]# su nobody > bash$ cat / > bash$ tty > /dev/pts/0 > bash$ cat /dev/pts/0 > cat: /dev/pts/0: Permission denied > bash$ cat /dev/tty > ... > > So does one of Juli's Linux 2.4 boxes. So our permitting direct access to > the tty via it's normal name is more liberal than is usual, but the tty > access via /dev/tty is common across all platforms. We could easily fix > the more liberal direct access issue by removing the code, but I'm > wondering why it's there in the first place. I've CC'd Poul-Henning Kamp, > author of our current devfs, to see. > > Robert N M Watson FreeBSD Core Team, TrustedBSD Projects > robert@fledge.watson.org Network Associates Laboratories > > > > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" > From owner-freebsd-security@FreeBSD.ORG Wed May 14 08:34:53 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F2C7037B401 for ; Wed, 14 May 2003 08:34:52 -0700 (PDT) Received: from cthulu.compt.com (cthulu.compt.com [209.115.146.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1BD7C43F93 for ; Wed, 14 May 2003 08:34:52 -0700 (PDT) (envelope-from tkonefal@compt.com) Message-ID: <3EC26221.9070201@compt.com> Date: Wed, 14 May 2003 11:34:57 -0400 From: tomasz konefal MIME-Version: 1.0 To: freebsd-security@freebsd.org References: <5.2.1.1.2.20030514095822.00a800c0@computinginnovations.com> In-Reply-To: <5.2.1.1.2.20030514095822.00a800c0@computinginnovations.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Sat, 17 May 2003 08:10:19 -0700 Subject: Re: su-ing error with FreeBSD 5.0 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 May 2003 15:34:53 -0000 Derek Ragona wrote: > On a couple servers I have one running 5.0 Release, another running 5.0 > Stable I have a problem with su. > > If I login to the server using a regular account, then su - to root, > then I try to su - to any other account, other than the one I originally > logged in as the su works but with this error: > > su: No controlling tty (open /dev/tty: Permission denied) > su: warning: won't have full job control > > With this error, it makes it pretty bad to use this way. > > Do I have something not configured correctly? Or is there something I > need to do more in the 5.0 configuration from: http://www.freebsd.org/releases/5.0R/errata.html --snip-- /dev/tty Permissions FreeBSD 5.0-RELEASE has a minor bug in how the permissions of /dev/tty are handled. This can be triggered by logging in as a non-root, non-tty group user, and using su(1) to switch to a second non-root, non-tty group user. ssh(1) will fail because it cannot open /dev/tty. This bug has been fixed in 5.0-CURRENT. --snip-- this sounds similar to what you are experiencing. might want to check into 5.0-CURRENT. cheers, twkonefal -- Tomasz Konefal Systems Administrator Command Post and Transfer Corp. 416-585-9995 x.349 From owner-freebsd-security@FreeBSD.ORG Fri May 16 22:55:52 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5F0F437B401; Fri, 16 May 2003 22:55:52 -0700 (PDT) Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 795B843F75; Fri, 16 May 2003 22:55:51 -0700 (PDT) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (localhost [127.0.0.1]) by fledge.watson.org (8.12.9/8.12.9) with ESMTP id h4H5tWOn037680; Sat, 17 May 2003 01:55:32 -0400 (EDT) (envelope-from robert@fledge.watson.org) Received: from localhost (robert@localhost)h4H5tVY1037677; Sat, 17 May 2003 01:55:32 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Sat, 17 May 2003 01:55:31 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: Killing In-Reply-To: <001f01c31c1e$7e00e3d0$9f00a8c0@mshome.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Mailman-Approved-At: Sat, 17 May 2003 08:10:19 -0700 cc: freebsd-hackers@freebsd.org cc: freebsd-security@freebsd.org Subject: Re: open and euid security flaw in 5.0-Current? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 May 2003 05:55:52 -0000 On Sat, 17 May 2003, Killing wrote: > On a FreeBSD 5.0 the behaviour of screen when connecting to other > users sessions have changed. Previously: > 1. login as userA start a screen as userA and disconnect > 2. login as root su - userA "screen -r" > 3. result failure as userA cant access the ttyX with such a message > Current: > 1. login as userA start a screen as userA and disconnect > 2. login as root su - userA "screen -r" > 3. result failure as userA cant access the ttyX but no message > > After looking around in screen's code I found that after doing a > seteuid( userA ) an open on root's terminal is still succeseding. > > Surely this is a problem as when running euid userA there should be no > access to ruid's files? I'm not sure this is the bug (feature?) you think it is. It sounds like you think this might be a mis-evaluation of file permissions more generally relating to saved vs. effective vs. real credentials. Based on the fact that other devfs permissions work properly, I actually don't think it's that. What you're seeing is derived from changes in the behavior of /dev as a result of devfs in 5.x. This is a result of special-case handling in devfs_access(): error = vaccess(vp->v_type, de->de_mode, de->de_uid, de->de_gid, ap->a_mode, ap->a_cred, NULL); if (!error) return (error); if (error != EACCES) return (error); /* We do, however, allow access to the controlling terminal */ if (!(ap->a_td->td_proc->p_flag & P_CONTROLT)) return (error); if (ap->a_td->td_proc->p_session->s_ttyvp == de->de_vnode) return (0); return (error); It's worth noting, though, that you can accomplish much the same thing by opening /dev/tty, which even on RELENG_4, permits you to open your own controlling terminal without going through the permission checks on the device node for the terminal itself. This reflects the fact that /dev entries are not the actual object, just references to an underlying object, and access through any of the VFS layer objects is sufficient. I'm not entirely sure this is desirable in all cases, but it's apparently not specific to FreeBSD. For example a Linux 2.2 box I have access to permits this: [rwatson@viking /dev]# su nobody bash$ cat / bash$ tty /dev/pts/0 bash$ cat /dev/pts/0 cat: /dev/pts/0: Permission denied bash$ cat /dev/tty ... So does one of Juli's Linux 2.4 boxes. So our permitting direct access to the tty via it's normal name is more liberal than is usual, but the tty access via /dev/tty is common across all platforms. We could easily fix the more liberal direct access issue by removing the code, but I'm wondering why it's there in the first place. I've CC'd Poul-Henning Kamp, author of our current devfs, to see. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Network Associates Laboratories From owner-freebsd-security@FreeBSD.ORG Sat May 17 17:05:38 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 70EF137B401 for ; Sat, 17 May 2003 17:05:38 -0700 (PDT) Received: from smtp-relay2.barrysworld.com (smtp-relay2.barrysworld.com [213.221.172.236]) by mx1.FreeBSD.org (Postfix) with ESMTP id 63DDA43FA3 for ; Sat, 17 May 2003 17:05:37 -0700 (PDT) (envelope-from killing@barrysworld.com) Received: from [213.221.181.50] (helo=barrysworld.com) by smtp-relay2.barrysworld.com with esmtp (Exim 4.12) id 19HBfH-0006yS-00 for freebsd-security@freebsd.org; Sun, 18 May 2003 01:04:35 +0100 Received: from gromit [212.211.96.3] by barrysworld.com with ESMTP (SMTPD32-7.15) id AEBD4264014A; Sun, 18 May 2003 01:07:25 +0100 Message-ID: <00b801c31cd9$5c31bbb0$9f00a8c0@mshome.net> From: "Killing" To: References: <5.2.1.1.2.20030514095822.00a800c0@computinginnovations.com> <3EC26221.9070201@compt.com> Date: Sun, 18 May 2003 02:03:25 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Subject: Re: su-ing error with FreeBSD 5.0 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 May 2003 00:05:38 -0000 Its the opposite to what Im experiencing in fact. In all previous versions of FreeBSD it does in fact give said error when using the procedure layed out. But under 5.0-current it doesnt give any error yet screen still fails to attach. I want to look @ the exact reason for this further but havent had chance, real life and all :P Steve ----- Original Message ----- From: "tomasz konefal" To: Sent: Wednesday, May 14, 2003 4:34 PM Subject: Re: su-ing error with FreeBSD 5.0 > Derek Ragona wrote: > > > On a couple servers I have one running 5.0 Release, another running 5.0 > > Stable I have a problem with su. > > > > If I login to the server using a regular account, then su - to root, > > then I try to su - to any other account, other than the one I originally > > logged in as the su works but with this error: > > > > su: No controlling tty (open /dev/tty: Permission denied) > > su: warning: won't have full job control > > > > With this error, it makes it pretty bad to use this way. > > > > Do I have something not configured correctly? Or is there something I > > need to do more in the 5.0 configuration > > from: http://www.freebsd.org/releases/5.0R/errata.html > --snip-- > /dev/tty Permissions > > FreeBSD 5.0-RELEASE has a minor bug in how the permissions of /dev/tty > are handled. This can be triggered by logging in as a non-root, non-tty > group user, and using su(1) to switch to a second non-root, non-tty > group user. ssh(1) will fail because it cannot open /dev/tty. This bug > has been fixed in 5.0-CURRENT. > --snip-- > > this sounds similar to what you are experiencing. might want to check > into 5.0-CURRENT. > > cheers, > twkonefal > > > -- > Tomasz Konefal > Systems Administrator > Command Post and Transfer Corp. > 416-585-9995 x.349 > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > From owner-freebsd-security@FreeBSD.ORG Sat May 17 17:15:03 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7AFA737B401; Sat, 17 May 2003 17:15:03 -0700 (PDT) Received: from smtp-relay1.barrysworld.com (ns1.barrysworld.com [213.221.172.238]) by mx1.FreeBSD.org (Postfix) with ESMTP id 89D0543F85; Sat, 17 May 2003 17:15:02 -0700 (PDT) (envelope-from killing@barrysworld.com) Received: from [213.221.181.50] (helo=barrysworld.com) by smtp-relay1.barrysworld.com with esmtp (Exim 4.12) id 19HBok-00027g-00; Sun, 18 May 2003 01:14:22 +0100 Received: from gromit [212.211.96.3] by barrysworld.com with ESMTP (SMTPD32-7.15) id A10740700254; Sun, 18 May 2003 01:17:11 +0100 Message-ID: <012201c31cda$b9dafa50$9f00a8c0@mshome.net> From: "Killing" To: "Robert Watson" , "Poul-Henning Kamp" References: <6557.1053197031@critter.freebsd.dk> Date: Sun, 18 May 2003 02:13:41 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 cc: freebsd-hackers@freebsd.org cc: freebsd-security@freebsd.org Subject: Re: open and euid security flaw in 5.0-Current? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 May 2003 00:15:03 -0000 I'll look at screen more carfully, hopefully on monday evening. As what its doing atm is succeding its access checks for the controlling terminal but then failing to actually reattach. I agree that there really should be no need for the wrapper I have which traps the screen tty dev access error and acts on it. Thanks for all the feedback guys. Steve ----- Original Message ----- From: "Poul-Henning Kamp" To: "Robert Watson" Cc: "Killing" ; ; Sent: Saturday, May 17, 2003 7:43 PM Subject: Re: open and euid security flaw in 5.0-Current? > In message , Robe > rt Watson writes: > > > >On Sat, 17 May 2003, Killing wrote: > > > >> Thanks for that Robert will do some more investigation as it does break > >> screen :( > > > >Try replacing the devfs_access() contents with solely a call to: > > > > return (vaccess(vp->v_type, de->de_mode, de->de_uid, de->de_gid, > > ap->a_mode ,ap->a_cred, NULL)); > > > >This should restore the traditional access controls for the controlling > >terminal. Again, I'm not sure what the rationale is for the new access > >controls, and want to find out before we make any changes to the base > >system, but it does strike me that screen breaking is gratuitous :-). > > This is one of those areas, where the hackish way (ie: /dev/tty) > which something were implemented, leaves us with the problem of > guessing what the underlying intent actually was/is. > > It used to be that /dev/tty had its own pseudo device driver, which > would do weird stunts to act on the applicable real tty device driver > for the controlling terminal of the current process. > > The resulting semantics of this is that a process can always open its > controlling terminal, by opening "/dev/tty", but inconsistently, is > not guaranteed to be able open it by name: > > ssh machine -l user1 > ... > user1% date > /dev/tty # works > user1% date > `tty` # works > user1% ls -l `tty` > crw--w---- 1 user1 tty 5, 1 May 17 20:24 /dev/ttyp1 > user1% su - user2 > user2% date > /dev/tty # works > user2% date > `tty` # doesn't work. > > The change I did, was to use the "on demand device creation" feature > of DEVFS, to make /dev/tty a sort of "variant symlink" to the current > process' controlling terminal device, and thereby getting rid of a > lot of hackish code, which amongst other things, complicated locking. > > critter phk> ls -l /dev/tty `tty` > crw--w---- 1 phk tty 5, 3 May 17 20:40 /dev/tty > crw--w---- 1 phk tty 5, 3 May 17 20:40 /dev/ttyp3 > > This means that VOP_OPEN checked against the _real_ permissions of > the tty breaking the the following scenario: > > ssh machine -l user1 > ... > user1% ls -l `tty` > crw--w---- 1 user1 tty 5, 1 May 17 20:24 /dev/ttyp1 > user1% su - user2 > # user2 has no access to /dev/ttyp1, so /dev/tty cannot > # be opened. > > Therefore, the access check was changed to always allowing the > controlling terminal to be opened resulting in the following > much simpler semantics: > > % date > /dev/tty # always works. > % date > `tty` # always works. > > This IMO, reflects the intentions of the original /dev/tty, and > since it is simpler and contains no exceptions, I also think it > correctly reflects the "UNIX[*] philosophy" much better than > the previous behaviour. > > I have no idea why or what screen(1) is doing, but from your > description it seems to rely on the undocumented fact that in certain > specific situations > user2% date > `/dev/tty' > would fail. > > In my eyes, that is a clear bug in screen(1). > > Poul-Henning > > -- > Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 > phk@FreeBSD.ORG | TCP/IP since RFC 956 > FreeBSD committer | BSD since 4.3-tahoe > Never attribute to malice what can adequately be explained by incompetence. > From owner-freebsd-security@FreeBSD.ORG Sat May 17 19:14:56 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DF03D37B401; Sat, 17 May 2003 19:14:56 -0700 (PDT) Received: from smtp-relay2.barrysworld.com (smtp-relay2.barrysworld.com [213.221.172.236]) by mx1.FreeBSD.org (Postfix) with ESMTP id D9D8E43F3F; Sat, 17 May 2003 19:14:55 -0700 (PDT) (envelope-from killing@barrysworld.com) Received: from [213.221.181.50] (helo=barrysworld.com) by smtp-relay2.barrysworld.com with esmtp (Exim 4.12) id 19HDgW-0004k0-00; Sun, 18 May 2003 03:14:00 +0100 Received: from gromit [212.211.96.3] by barrysworld.com with ESMTP (SMTPD32-7.15) id AD0F451F014A; Sun, 18 May 2003 03:16:47 +0100 Message-ID: <000501c31ceb$6f3d5a90$9f00a8c0@mshome.net> From: "Killing" To: "Killing" , "Robert Watson" , "Poul-Henning Kamp" , , References: <6557.1053197031@critter.freebsd.dk> <012201c31cda$b9dafa50$9f00a8c0@mshome.net> Date: Sun, 18 May 2003 04:13:16 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 cc: freebsd-hackers@freebsd.org cc: freebsd-security@freebsd.org Subject: Re: open and euid security flaw in 5.0-Current? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 May 2003 02:14:57 -0000 Ok I figgered out the problem here with screen. Whats happening is when userA does su - userB -c "screen -r " screen checks the permissions on /dev/ttyX to ensure that it has permission on it which of course with the new impementation it does. What happens next is it tells the running screen process to attach to /dev/ttyX but this is euid and ruid userB unlike the testing screen process which was euid userB but ruid userA. So when the running screen process gets the message to attach to /dev/ttyX it doesnt have permission to do so and hence fails. From a screen point of view I see two ways to avoid this: 1. set ruid / rgid = euid / rgid this may have other implications as the current code for this check does: xseteuid(real_uid); xsetegid(real_gid); fi = fopen(name, mode); xseteuid(eff_uid); xsetegid(eff_gid); 2. change the way screen notifies the other process to connect to a tty so it can have feedback of the success or failure. Im not sure I like either so I suppose the question is: Is there a way to check access to the tty without setting ruid = euid? For a hack the current patch to screen seems to do the trick but Im unsure of the full impications to this if Juergen or Michael could comment it would be appreciated. *** os.h Sun May 18 03:08:38 2003 --- os.h.orig Sun May 18 03:10:18 2003 *************** *** 163,169 **** #if defined(HAVE_SETEUID) || defined(HAVE_SETREUID) ! # if defined(__FreeBSD__) && __FreeBSD_version < 500113 || !defined(__FreeBSD__) ! # define USE_SETEUID ! # endif #endif --- 163,167 ---- #if defined(HAVE_SETEUID) || defined(HAVE_SETREUID) ! # define USE_SETEUID #endif ----- Original Message ----- From: "Killing" To: "Robert Watson" ; "Poul-Henning Kamp" Cc: ; Sent: Sunday, May 18, 2003 2:13 AM Subject: Re: open and euid security flaw in 5.0-Current? > I'll look at screen more carfully, hopefully on monday evening. As what > its doing atm is succeding its access checks for the controlling terminal > but then failing to actually reattach. I agree that there really should be > no need for the wrapper I have which traps the screen tty dev access > error and acts on it. > > Thanks for all the feedback guys. > > Steve > ----- Original Message ----- > From: "Poul-Henning Kamp" > To: "Robert Watson" > Cc: "Killing" ; ; > > Sent: Saturday, May 17, 2003 7:43 PM > Subject: Re: open and euid security flaw in 5.0-Current? > > > > In message , > Robe > > rt Watson writes: > > > > > >On Sat, 17 May 2003, Killing wrote: > > > > > >> Thanks for that Robert will do some more investigation as it does break > > >> screen :( > > > > > >Try replacing the devfs_access() contents with solely a call to: > > > > > > return (vaccess(vp->v_type, de->de_mode, de->de_uid, de->de_gid, > > > ap->a_mode ,ap->a_cred, NULL)); > > > > > >This should restore the traditional access controls for the controlling > > >terminal. Again, I'm not sure what the rationale is for the new access > > >controls, and want to find out before we make any changes to the base > > >system, but it does strike me that screen breaking is gratuitous :-). > > > > This is one of those areas, where the hackish way (ie: /dev/tty) > > which something were implemented, leaves us with the problem of > > guessing what the underlying intent actually was/is. > > > > It used to be that /dev/tty had its own pseudo device driver, which > > would do weird stunts to act on the applicable real tty device driver > > for the controlling terminal of the current process. > > > > The resulting semantics of this is that a process can always open its > > controlling terminal, by opening "/dev/tty", but inconsistently, is > > not guaranteed to be able open it by name: > > > > ssh machine -l user1 > > ... > > user1% date > /dev/tty # works > > user1% date > `tty` # works > > user1% ls -l `tty` > > crw--w---- 1 user1 tty 5, 1 May 17 20:24 /dev/ttyp1 > > user1% su - user2 > > user2% date > /dev/tty # works > > user2% date > `tty` # doesn't work. > > > > The change I did, was to use the "on demand device creation" feature > > of DEVFS, to make /dev/tty a sort of "variant symlink" to the current > > process' controlling terminal device, and thereby getting rid of a > > lot of hackish code, which amongst other things, complicated locking. > > > > critter phk> ls -l /dev/tty `tty` > > crw--w---- 1 phk tty 5, 3 May 17 20:40 /dev/tty > > crw--w---- 1 phk tty 5, 3 May 17 20:40 /dev/ttyp3 > > > > This means that VOP_OPEN checked against the _real_ permissions of > > the tty breaking the the following scenario: > > > > ssh machine -l user1 > > ... > > user1% ls -l `tty` > > crw--w---- 1 user1 tty 5, 1 May 17 20:24 /dev/ttyp1 > > user1% su - user2 > > # user2 has no access to /dev/ttyp1, so /dev/tty cannot > > # be opened. > > > > Therefore, the access check was changed to always allowing the > > controlling terminal to be opened resulting in the following > > much simpler semantics: > > > > % date > /dev/tty # always works. > > % date > `tty` # always works. > > > > This IMO, reflects the intentions of the original /dev/tty, and > > since it is simpler and contains no exceptions, I also think it > > correctly reflects the "UNIX[*] philosophy" much better than > > the previous behaviour. > > > > I have no idea why or what screen(1) is doing, but from your > > description it seems to rely on the undocumented fact that in certain > > specific situations > > user2% date > `/dev/tty' > > would fail. > > > > In my eyes, that is a clear bug in screen(1). > > > > Poul-Henning > > > > -- > > Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 > > phk@FreeBSD.ORG | TCP/IP since RFC 956 > > FreeBSD committer | BSD since 4.3-tahoe > > Never attribute to malice what can adequately be explained by > incompetence. > > > > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" >