From owner-freebsd-security@FreeBSD.ORG Mon Jun 7 05:50:15 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 20DBE16A4CE for ; Mon, 7 Jun 2004 05:50:15 +0000 (GMT) Received: from mx2.rbr.ru (ns2.rbr.ru [217.69.197.89]) by mx1.FreeBSD.org (Postfix) with SMTP id 7CF4843D1F for ; Mon, 7 Jun 2004 05:50:10 +0000 (GMT) (envelope-from mv@rbr.ru) Received: by mx2.rbr.ru (Postfix, from userid 1002) id AA65E111; Mon, 7 Jun 2004 09:50:01 +0400 (MSD) Received: from GWMAIL.bank.rbr.ru (unknown [172.20.0.7]) by mx2.rbr.ru (Postfix) with SMTP id 7E036E3 for ; Mon, 7 Jun 2004 09:50:01 +0400 (MSD) Received: from mv (mv.rbr.ru [172.20.0.34]) by GWMAIL.bank.rbr.ru; Mon, 07 Jun 2004 09:48:27 +0400 To: freebsd-security@freebsd.org References: <20040529190052.25D1916A4CF@hub.freebsd.org> Message-ID: From: "Michael Vlasov" Organization: RBR Content-Type: text/plain; format=flowed; delsp=yes; charset=koi8-r MIME-Version: 1.0 Date: Mon, 07 Jun 2004 09:49:51 +0400 In-Reply-To: <20040529190052.25D1916A4CF@hub.freebsd.org> User-Agent: Opera M2/7.50 (Win32, build 3658) Content-Transfer-Encoding: quoted-printable Subject: Re: freebsd-security Digest, Vol 61, Issue 3 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Jun 2004 05:50:15 -0000 On Sat, 29 May 2004 12:00:52 -0700 (PDT), =20 wrote: Hello ! Today i see in snort logs : [**] [1:528:4] BAD-TRAFFIC loopback traffic [**] [Classification: Potentially Bad Traffic] [Priority: 2] 06/07-09:44:39.044590 127.0.0.1:80 -> 10.6.148.173:1566 TCP TTL:128 TOS:0x0 ID:577 IpLen:20 DgmLen:40 ***A*R** Seq: 0x0 Ack: 0x75830001 Win: 0x0 TcpLen: 20 [Xref =3D> http://rr.sans.org/firewall/egress.php] [**] [1:528:4] BAD-TRAFFIC loopback traffic [**] [Classification: Potentially Bad Traffic] [Priority: 2] 06/07-09:44:39.075824 127.0.0.1:80 -> 10.6.249.83:1299 TCP TTL:128 TOS:0x0 ID:578 IpLen:20 DgmLen:40 ***A*R** Seq: 0x0 Ack: 0x568A0001 Win: 0x0 TcpLen: 20 [Xref =3D> http://rr.sans.org/firewall/egress.php] [**] [1:528:4] BAD-TRAFFIC loopback traffic [**] [Classification: Potentially Bad Traffic] [Priority: 2] 06/07-09:44:39.107072 127.0.0.1:80 -> 10.6.96.121:1032 TCP TTL:128 TOS:0x0 ID:579 IpLen:20 DgmLen:40 ***A*R** Seq: 0x0 Ack: 0x37920001 Win: 0x0 TcpLen: 20 [Xref =3D> http://rr.sans.org/firewall/egress.php] Why ? ;-) > Send freebsd-security mailing list submissions to > freebsd-security@freebsd.org > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.freebsd.org/mailman/listinfo/freebsd-security > or, via email, send a message with subject or body 'help' to > freebsd-security-request@freebsd.org > > You can reach the person managing the list at > freebsd-security-owner@freebsd.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of freebsd-security digest..." > > > Today's Topics: > > 1. X & securelevel=3D3 (bofn) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Sat, 29 May 2004 05:43:23 +0200 > From: "bofn" > Subject: X & securelevel=3D3 > To: freebsd-security@freebsd.org > Message-ID: > Content-Type: text/plain; charset=3D"ISO-8859-1" > > > running (4-Stable) > > Hi, > > short form question: > how does one run XDM under securelevel>0 ? > > long version: > i've searched for an answer on how to run Xfree/Xorg at a securelevel > the X server likes access to /dev/io and some other resources but is no= t > granted access after security is switched on. > one way of doing it seems to be to start it before setting the =20 > securelevel, but > then is doesnt allow a restart of X. > the other option seems to be the Aperture patch, ported in 2001 with no= =20 > recent > updates and no longer usable against the current software. > > 2nd part of the question.. > cd writing needs direct access to /dev/ and that is also not =20 > allowed in > secure more. > how can one give selective access to only allow (RW) access to one or t= wo > devices ? > > if there is no way of doing these things with configs and such, can =20 > anyone > point me at the relevant source code that controls these functions so i= =20 > can add > this specific functionality. > > > Cheers > * Anna > > > ------------------------------ > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to =20 > "freebsd-security-unsubscribe@freebsd.org" > > End of freebsd-security Digest, Vol 61, Issue 3 > ***********************************************