From owner-freebsd-security@FreeBSD.ORG Sun Nov 27 07:12:48 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3DABB16A41F for ; Sun, 27 Nov 2005 07:12:48 +0000 (GMT) (envelope-from sirmoo@cowbert.2y.net) Received: from cowbert.2y.net (d46h180.public.uconn.edu [137.99.46.180]) by mx1.FreeBSD.org (Postfix) with SMTP id 8E6AE43D5C for ; Sun, 27 Nov 2005 07:12:47 +0000 (GMT) (envelope-from sirmoo@cowbert.2y.net) Received: (qmail 4088 invoked by uid 1001); 27 Nov 2005 07:12:46 -0000 Date: Sun, 27 Nov 2005 02:12:46 -0500 From: "Peter C. Lai" To: Bitbucket Message-ID: <20051127071246.GG326@cowbert.2y.net> References: <20051121204239.GC326@cowbert.2y.net> <002601c5eef1$1f91b920$6501a8c0@llama> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <002601c5eef1$1f91b920$6501a8c0@llama> User-Agent: Mutt/1.5.6i Cc: freebsd-security@freebsd.org Subject: Re: Need urgent help regarding security X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Nov 2005 07:12:48 -0000 On Tue, Nov 22, 2005 at 12:13:03AM +0100, Bitbucket wrote: > > > > You can also couple this with port-knocking (or even just port-knocking > > on 22). > > Just out of curiosity, has anyone implemented this in fbsd? > I would love to implement this for my machines. > > -D doorman (doorman.sf.net) is in ports. tumbler (tumbler.sf.net) was one of the original implementations discussed in linux journal and dr. dobbs (and in perl, altho may require a perl pcap module). I haven't tried any of these myself, but you might find them interesting. http://www.portknocking.org/view/implementations/implementations for an extensive listing. -- Peter C. Lai Dept. of Neurobiology | SenseLab Yale University School of Medicine http://cowbert.2y.net/ From owner-freebsd-security@FreeBSD.ORG Sun Nov 27 08:57:39 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 43E5116A41F for ; Sun, 27 Nov 2005 08:57:39 +0000 (GMT) (envelope-from sziszi@bsd.hu) Received: from mta02.mail.t-online.hu (mta02.mail.t-online.hu [195.228.240.51]) by mx1.FreeBSD.org (Postfix) with ESMTP id B4DC943D4C for ; Sun, 27 Nov 2005 08:57:38 +0000 (GMT) (envelope-from sziszi@bsd.hu) Received: from momo.buza.adamsfamily.xx (catv540001A4.pool.t-online.hu [84.0.1.164]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.t-online.hu (Postfix) with ESMTP for ; Sun, 27 Nov 2005 09:57:36 +0100 (CET) Received: from momo.buza.adamsfamily.xx (localhost.buza.adamsfamily.xx [127.0.0.1]) by momo.buza.adamsfamily.xx (8.13.4/8.13.4) with ESMTP id jAR8vYts001852 for ; Sun, 27 Nov 2005 09:57:35 +0100 (CET) (envelope-from sziszi@bsd.hu) Received: (from sziszi@localhost) by momo.buza.adamsfamily.xx (8.13.4/8.13.4/Submit) id jAR8vYCO001851 for freebsd-security@freebsd.org; Sun, 27 Nov 2005 09:57:34 +0100 (CET) (envelope-from sziszi@bsd.hu) X-Authentication-Warning: momo.buza.adamsfamily.xx: sziszi set sender to sziszi@bsd.hu using -f Date: Sun, 27 Nov 2005 09:57:31 +0100 From: Szilveszter Adam To: freebsd-security@freebsd.org Message-ID: <20051127085729.GA947@momo.buza.adamsfamily.xx> Mail-Followup-To: Szilveszter Adam , freebsd-security@freebsd.org References: <20051126224530.GD27757@cirb503493.alcatel.com.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20051126224530.GD27757@cirb503493.alcatel.com.au> User-Agent: Mutt/1.5.11 Subject: Re: Reflections on Trusting Trust X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Nov 2005 08:57:39 -0000 Hello Peter, On Sun, Nov 27, 2005 at 09:45:30AM +1100, Peter Jeremy wrote: > Overall, I believe FreeBSD could be improved by: > - Formulating and promulgating a policy for the protection and use of > FreeBSD Project DNS, keys and certificates. (The public version of > the policy does not go into explicit details but should allow an > independent observer to verify its adequacy). > - Creating a FreeBSD Release Engineering key which is used to sign > official e-mails from the release engineering team - in particular > -RELEASE announcements. > - Tying all the FreeBSD Project keys together by cross-signing them all. > - Arranging for a wider range of signatures on FreeBSD Project keys > (the SO key's already meets this). > - Investigate obtaining a X.509 certificate for the FreeBSD Project Very much seconded. The security advisories web page, for example, should be available over HTTPS and verifiable by a certificate issued by a recognized CA. Perhaps the releases page should be the same. > - Signing ISO images with a Project key and/or certificate in addition > to providing MD5 checksums. > - Investigate providing authenticated protocols for updating FreeBSD. Also, one should not forget the currently present FTP infrastructure either. While the content is publicly available, their integrity should be verifiable. The same goes for ports distfiles: ideally the should be signed, at least the checksums. The pkg_* tools AFAIK already have sig checking capability for the binary packages, but somehow this should be extended to the "build from source" version as well, particularly since this seems to be the more often used method. -- Regards: Szilveszter ADAM Budapest Hungary From owner-freebsd-security@FreeBSD.ORG Sun Nov 27 18:21:22 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3811C16A41F for ; Sun, 27 Nov 2005 18:21:22 +0000 (GMT) (envelope-from PeterJeremy@optushome.com.au) Received: from mail28.syd.optusnet.com.au (mail28.syd.optusnet.com.au [211.29.133.169]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1D8BD43D55 for ; Sun, 27 Nov 2005 18:21:20 +0000 (GMT) (envelope-from PeterJeremy@optushome.com.au) Received: from cirb503493.alcatel.com.au (c220-239-19-236.belrs4.nsw.optusnet.com.au [220.239.19.236]) by mail28.syd.optusnet.com.au (8.12.11/8.12.11) with ESMTP id jARILHeO009268 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Mon, 28 Nov 2005 05:21:19 +1100 Received: from cirb503493.alcatel.com.au (localhost.alcatel.com.au [127.0.0.1]) by cirb503493.alcatel.com.au (8.12.10/8.12.10) with ESMTP id jARILGHh030480; Mon, 28 Nov 2005 05:21:16 +1100 (EST) (envelope-from pjeremy@cirb503493.alcatel.com.au) Received: (from pjeremy@localhost) by cirb503493.alcatel.com.au (8.12.10/8.12.9/Submit) id jARILGwk030479; Mon, 28 Nov 2005 05:21:16 +1100 (EST) (envelope-from pjeremy) Date: Mon, 28 Nov 2005 05:21:16 +1100 From: Peter Jeremy To: Ian G Message-ID: <20051127182116.GA30426@cirb503493.alcatel.com.au> References: <20051126224530.GD27757@cirb503493.alcatel.com.au> <4389D072.2030502@iang.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4389D072.2030502@iang.org> User-Agent: Mutt/1.4.2.1i X-PGP-Key: http://members.optusnet.com.au/peterjeremy/pubkey.asc Cc: freebsd-security@freebsd.org Subject: Re: Reflections on Trusting Trust X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Nov 2005 18:21:22 -0000 On Sun, 2005-Nov-27 15:27:46 +0000, Ian G wrote: >1. On the wider scope of your post I'd say that you >did not present a need for an x.509 certificate >that I could see. PGP and X.509 have totally different trust models. The PGP Web of Trust relies on each individual knowing and trusting a number of other individuals - a newcomer or someone who is fairly isolated is unlikely to have sufficient links to be able to fully participate. OTOH, the X.509 model requires that the individual trust a central Authority - which might be simpler for a newcomer. (I'm not going to get into a debate on the reliability or reputation of current CAs). >> - Signing ISO images with a Project key and/or certificate in addition >> to providing MD5 checksums. > >No, all you need to do is include the checksums >in a signed announcement. In fact, that's all >that a common digital signature does, so you'd >have to look at why you want more digital sigs... It's trivial to verify an announcement signature when you receive the e-mail. Doing so afterwards can be more problematic. Yesterday, I grabbed the (signed) 6.0-RELEASE announcement from the mailing list archive (http://lists.freebsd.org/pipermail/freebsd-announce/2005-November/001023.html). Whilst the signature was still intact, the content has been changed so the signature no longer verifies. (The changes are presumably mechanical changes as part of its conversion from text to HTML but undoing them would be difficult). -- Peter Jeremy From owner-freebsd-security@FreeBSD.ORG Sun Nov 27 21:02:14 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C7F6D16A41F for ; Sun, 27 Nov 2005 21:02:14 +0000 (GMT) (envelope-from wxs@syn.csh.rit.edu) Received: from syn.csh.rit.edu (syn.csh.rit.edu [129.21.60.158]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5653343D8F for ; Sun, 27 Nov 2005 21:01:52 +0000 (GMT) (envelope-from wxs@syn.csh.rit.edu) Received: from syn.csh.rit.edu (localhost [127.0.0.1]) by syn.csh.rit.edu (8.13.3/8.13.1) with ESMTP id jARL2pS6034354; Sun, 27 Nov 2005 16:02:51 -0500 (EST) (envelope-from wxs@syn.csh.rit.edu) Received: (from wxs@localhost) by syn.csh.rit.edu (8.13.3/8.13.1/Submit) id jARL2aAC034353; Sun, 27 Nov 2005 16:02:36 -0500 (EST) (envelope-from wxs) Date: Sun, 27 Nov 2005 16:02:36 -0500 From: Wesley Shields To: Szilveszter Adam , freebsd-security@freebsd.org Message-ID: <20051127210236.GA28643@csh.rit.edu> References: <20051126224530.GD27757@cirb503493.alcatel.com.au> <20051127085729.GA947@momo.buza.adamsfamily.xx> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20051127085729.GA947@momo.buza.adamsfamily.xx> User-Agent: Mutt/1.5.11 Cc: Subject: Re: Reflections on Trusting Trust X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Nov 2005 21:02:14 -0000 On Sun, Nov 27, 2005 at 09:57:31AM +0100, Szilveszter Adam wrote: > Hello Peter, > > On Sun, Nov 27, 2005 at 09:45:30AM +1100, Peter Jeremy wrote: > > - Signing ISO images with a Project key and/or certificate in addition > > to providing MD5 checksums. > > - Investigate providing authenticated protocols for updating FreeBSD. > > Also, one should not forget the currently present FTP infrastructure > either. While the content is publicly available, their integrity should > be verifiable. The same goes for ports distfiles: ideally the should be > signed, at least the checksums. The pkg_* tools AFAIK already have sig > checking capability for > the binary packages, but somehow this should be extended to the "build > from source" version as well, particularly since this seems to be the > more often used method. Ports distfiles are recorded with MD5 (and SHA256 now that it's in the base of 6.x, though it can be added via a port to other versions) signatures. I'm not entirely sure of the pkg_* tools doing signature verification but it would be nice to have. -- WXS From owner-freebsd-security@FreeBSD.ORG Mon Nov 28 06:29:34 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C5C3A16A41F for ; Mon, 28 Nov 2005 06:29:34 +0000 (GMT) (envelope-from sem@FreeBSD.org) Received: from relay-a12.mbrd.ru (relay-a12.mbrd.ru [194.117.71.34]) by mx1.FreeBSD.org (Postfix) with ESMTP id 52EC043D45 for ; Mon, 28 Nov 2005 06:29:34 +0000 (GMT) (envelope-from sem@FreeBSD.org) Received: from msd.mbrd.ru ([172.16.4.9]) by relay-a12.mbrd.ru with esmtp (Exim 4.x) id 1EgcW4-00049f-I0 for freebsd-security@freebsd.org; Mon, 28 Nov 2005 09:29:32 +0300 Message-ID: <438AA3CB.2080903@FreeBSD.org> Date: Mon, 28 Nov 2005 09:29:31 +0300 From: Sergey Matveychuk User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-security@freebsd.org Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit Subject: ports/89596 : PORT UPDATE: www/joomla 1.0.3 -> 1.0.4 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Nov 2005 06:29:34 -0000 Note: Joomla 1.0.4 Contains fixes for 6 Security Vunerabilities. -- Sem. From owner-freebsd-security@FreeBSD.ORG Mon Nov 28 11:37:57 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F084216A41F for ; Mon, 28 Nov 2005 11:37:57 +0000 (GMT) (envelope-from listuser@seifried.org) Received: from mail.seifried.org (ip-216-234-189-11.tera-byte.com [216.234.189.11]) by mx1.FreeBSD.org (Postfix) with ESMTP id 119CE43D5F for ; Mon, 28 Nov 2005 11:37:56 +0000 (GMT) (envelope-from listuser@seifried.org) Received: by mail.seifried.org (Postfix, from userid 91) id 5FD4E6E0328; Mon, 28 Nov 2005 04:30:27 -0700 (MST) Received: from pooptop (unknown [68.149.166.57]) by mail.seifried.org (Postfix) with ESMTP id 0DBB56E0321 for ; Mon, 28 Nov 2005 04:30:25 -0700 (MST) Message-ID: <000e01c5f410$2de67820$1300110a@pooptop> From: "Kurt Seifried" To: References: <20051126224530.GD27757@cirb503493.alcatel.com.au><4389D072.2030502@iang.org> <20051127182116.GA30426@cirb503493.alcatel.com.au> Date: Mon, 28 Nov 2005 04:37:57 -0700 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2670 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670 X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on srv05.seifried.org X-Spam-Level: X-Spam-Status: No, score=0.1 required=3.0 tests=RCVD_IN_SORBS_DUL autolearn=no version=3.0.4 Subject: Re: Reflections on Trusting Trust X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Kurt Seifried List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Nov 2005 11:37:58 -0000 One interesting note, I downloaded the PGP key for the freebsd security officer from freebsd.org just now, then tried to download all the signing keys, only 3 were available on PGP's key server. You should have people upload their keys. On another note I am available to sign PGP keys (proving your key/identity is an excercise left to the reader =), I have had mine signed by the Mandrake (now Mandriva) security key which is widely available (on cd/etc) for verification. Kurt From owner-freebsd-security@FreeBSD.ORG Mon Nov 28 20:51:51 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 478F916A41F for ; Mon, 28 Nov 2005 20:51:51 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id BF77243D90 for ; Mon, 28 Nov 2005 20:51:45 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id 677DE46B35; Mon, 28 Nov 2005 15:51:40 -0500 (EST) Date: Mon, 28 Nov 2005 20:51:40 +0000 (GMT) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: Peter Jeremy In-Reply-To: <20051126224530.GD27757@cirb503493.alcatel.com.au> Message-ID: <20051128204550.Y14247@fledge.watson.org> References: <20051126224530.GD27757@cirb503493.alcatel.com.au> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-security@freebsd.org Subject: Re: Reflections on Trusting Trust X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Nov 2005 20:51:51 -0000 On Sun, 27 Nov 2005, Peter Jeremy wrote: > or "How do I know my copy of FreeBSD is the same as yours?" > > I have recently been meditating on the issue of validating X.509 root > certificates. An obvious extension to that is validating FreeBSD > itself. This topic has come up countless times over the years, and one of the recurring debates that comes up with it is what it is the "Project" wants to promise, and whether we want to get into the business of managing lots of keying material. Like or not, the weaker the promises you make, the easier they are to keep :-). The concept of even a security officer key has always made me somewhat nervous -- clearly, this is a "valuable" key, but it's also one that has to be made available to anyone who is going to sign a security advisory. We have persistently signed security advisories, errata notes, and release announcements for the past few years, and the release announcements have included release checksums. I think it would be useful to go quite a bit further, but I think we should be careful to do it for pragmatic reasons, and to be very clear on what it is we are doing by signing things, how hard we are willing to try to protect the keying material, and so on. Robert N M Watson From owner-freebsd-security@FreeBSD.ORG Tue Nov 29 15:36:56 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B484616A41F for ; Tue, 29 Nov 2005 15:36:56 +0000 (GMT) (envelope-from suporte@wahtec.com.br) Received: from galois.wahtec.com.br (galois.wahtec.com.br [200.96.65.150]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6B6CD43D46 for ; Tue, 29 Nov 2005 15:36:50 +0000 (GMT) (envelope-from suporte@wahtec.com.br) Received: (qmail 17680 invoked by uid 98); 29 Nov 2005 15:40:39 -0000 Received: from 127.0.0.1 by brasil.intranet (envelope-from , uid 1024) with qmail-scanner-1.24 (f-prot: 4.4.7/3.14.13. spamassassin: 2.63. Clear:RC:1(127.0.0.1):. Processed in 0.107409 secs); 29 Nov 2005 15:40:39 -0000 X-Qmail-Scanner-Mail-From: suporte@wahtec.com.br via brasil.intranet X-Qmail-Scanner: 1.24 (Clear:RC:1(127.0.0.1):. Processed in 0.107409 secs) Received: from unknown (HELO rickderringer) (arisjr@unknown) by unknown with SMTP; 29 Nov 2005 15:40:39 -0000 Message-ID: <002601c5f4fa$b5115320$e403000a@rickderringer> From: "aristeu" To: References: <20051129120151.5A2FB16A420@hub.freebsd.org> Date: Tue, 29 Nov 2005 13:36:31 -0200 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Subject: Re: Reflections on Trusting Trust X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Nov 2005 15:36:56 -0000 I'm new here, and I've posted only once. I just want to add my "just another user" opinion on this... Signing security advisories that sends the hashes for a file does a nice job. I think the only problem that exists is the package/ports deployment. I belive we can't trust only on hashes for this (tar already does a fine job on integrity...), because it can be easily circunvented. Maybe trusting this it is the real weakest link... One thing that could do a good job is default install gnupg and pre-install some important pgp public keys on ISOs releases, on root's profile... This pre-installed keys can be used by users, ports or pkg_tools, while installing or updating packages/ports. Who will sign is another problem, but I think it will improove things a bit anyway, minimising mitm attacks. My mom used to say "always prefer the pre-installed pub keys...". []'s aristeu From owner-freebsd-security@FreeBSD.ORG Tue Nov 29 18:33:57 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BA57916A41F for ; Tue, 29 Nov 2005 18:33:57 +0000 (GMT) (envelope-from PeterJeremy@optushome.com.au) Received: from mail08.syd.optusnet.com.au (mail08.syd.optusnet.com.au [211.29.132.189]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8E68343D58 for ; Tue, 29 Nov 2005 18:33:56 +0000 (GMT) (envelope-from PeterJeremy@optushome.com.au) Received: from cirb503493.alcatel.com.au (c220-239-19-236.belrs4.nsw.optusnet.com.au [220.239.19.236]) by mail08.syd.optusnet.com.au (8.12.11/8.12.11) with ESMTP id jATIXqZH013785 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Wed, 30 Nov 2005 05:33:54 +1100 Received: from cirb503493.alcatel.com.au (localhost.alcatel.com.au [127.0.0.1]) by cirb503493.alcatel.com.au (8.12.10/8.12.10) with ESMTP id jATIXqHh033597; Wed, 30 Nov 2005 05:33:52 +1100 (EST) (envelope-from pjeremy@cirb503493.alcatel.com.au) Received: (from pjeremy@localhost) by cirb503493.alcatel.com.au (8.12.10/8.12.9/Submit) id jATIXpK5033596; Wed, 30 Nov 2005 05:33:51 +1100 (EST) (envelope-from pjeremy) Date: Wed, 30 Nov 2005 05:33:51 +1100 From: Peter Jeremy To: aristeu Message-ID: <20051129183351.GB32006@cirb503493.alcatel.com.au> References: <20051129120151.5A2FB16A420@hub.freebsd.org> <002601c5f4fa$b5115320$e403000a@rickderringer> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <002601c5f4fa$b5115320$e403000a@rickderringer> User-Agent: Mutt/1.4.2.1i X-PGP-Key: http://members.optusnet.com.au/peterjeremy/pubkey.asc Cc: freebsd-security@freebsd.org Subject: Re: Reflections on Trusting Trust X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Nov 2005 18:33:57 -0000 On Tue, 2005-Nov-29 13:36:31 -0200, aristeu wrote: >I think the only problem that exists is the package/ports deployment. I >belive we can't trust only on hashes for this (tar already does a fine job >on integrity...), because it can be easily circunvented. Can you explain what you mean here. Virtually all distfiles needed to build a port have MD5 and maybe SHA-256 hashes embedded in the ports tree. The only way to easily circumvent these is to subvert the ports tree - which gets back to the issue of trusting the FreeBSD distribution. I agree that there's currently no integrity checking on packages. (And, BTW, tar has no integrity checks). >One thing that could do a good job is default install gnupg and pre-install >some important pgp public keys on ISOs releases, on root's profile... ... >My mom used to say "always prefer the pre-installed pub keys...". I don't believe this solves anything. The biggest problem is ensuring that you can trust your initial keyring or root certificate collection. Putting "trusted" keys on an ISO only gives you circular trust - you trust that the ISO image came from the people who made it. There's no easy way to verify that it came from the FreeBSD Project. The FreeBSD project also discourages the inclusion of GPL code in the base system, making gnupg unattractive as a base system candidate. Finally, PGP does not have the concept of "important" keys - this is closer to the X.509 model. The base system already includes tools for handling X.509 signatures (openssl) and there is already a collection of X.509 keys embedded in the ports system (security/ca-roots). -- Peter Jeremy From owner-freebsd-security@FreeBSD.ORG Tue Nov 29 20:49:24 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DDD5416A420 for ; Tue, 29 Nov 2005 20:49:24 +0000 (GMT) (envelope-from suporte@wahtec.com.br) Received: from galois.wahtec.com.br (galois.wahtec.com.br [200.96.65.150]) by mx1.FreeBSD.org (Postfix) with ESMTP id D28CA43D79 for ; Tue, 29 Nov 2005 20:49:20 +0000 (GMT) (envelope-from suporte@wahtec.com.br) Received: (qmail 29408 invoked by uid 98); 29 Nov 2005 20:53:07 -0000 Received: from 127.0.0.1 by brasil.intranet (envelope-from , uid 1024) with qmail-scanner-1.24 (f-prot: 4.4.7/3.14.13. spamassassin: 2.63. Clear:RC:1(127.0.0.1):. Processed in 0.108622 secs); 29 Nov 2005 20:53:07 -0000 X-Qmail-Scanner-Mail-From: suporte@wahtec.com.br via brasil.intranet X-Qmail-Scanner: 1.24 (Clear:RC:1(127.0.0.1):. Processed in 0.108622 secs) Received: from unknown (HELO rickderringer) (arisjr@unknown) by unknown with SMTP; 29 Nov 2005 20:53:07 -0000 Message-ID: <000201c5f526$5a000400$e403000a@rickderringer> From: "aristeu" To: Date: Tue, 29 Nov 2005 18:49:11 -0200 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Subject: RE: Reflections on Trusting Trust X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Nov 2005 20:49:25 -0000 > Can you explain what you mean here. Virtually all distfiles needed to > build a port have MD5 and maybe SHA-256 hashes embedded in the ports > tree. The only way to easily circumvent these is to subvert the ports > tree - which gets back to the issue of trusting the FreeBSD distribution. > I agree that there's currently no integrity checking on packages. > (And, BTW, tar has no integrity checks). Anyone who is between you and freebsd cvsup server can make his own ports tree repository. That being done, he just need to redirect your connection and wait 'til your next cvsup sync is done. About the tar.bz2 archives or what ever you use with tar, yes, if a file is corrupted it doesn't finish decompressing... nice check, huh... :P well, was a joke, sort of. > I don't believe this solves anything. The biggest problem is ensuring > that you can trust your initial keyring or root certificate > collection. Putting "trusted" keys on an ISO only gives you circular > trust - you trust that the ISO image came from the people who made it. There must be a beggining. Or else people will need to go to the headquarters to get the CD or to the CA to get their certificate. Root certficates don't expire? > There's no easy way to verify that it came from the FreeBSD Project. > The FreeBSD project also discourages the inclusion of GPL code in the > base system, making gnupg unattractive as a base system candidate. > Finally, PGP does not have the concept of "important" keys - this is > closer to the X.509 model. The base system already includes tools for > handling X.509 signatures (openssl) and there is already a collection >of X.509 keys embedded in the ports system (security/ca-roots). It's the easiest way I could think of, without inserting another trust point (CA's infraestructure and the people who work on them). I'm not against X.509 signatures, I like them as I like pub key. BUT you need to know that, yet, installing a ca-root certificates port, downloading a public key or resynching your ports tree implies on network transmission of certificates, keys, or hashes. MITM can be done in all that. The part I dont like is that a hash is just a hash. No one owns it. About the GNU part an user from this list, sent me an email telling me there is an BSD license solution comming soon. Thanks markzero for the note. http://netbsd-soc.sourceforge.net/projects/bpg/ Well, anyway, for me, public keys or certificates must be pre-installed on the ISO release and hashes serves only for integrity check, nothing more. []'s aristeu From owner-freebsd-security@FreeBSD.ORG Tue Nov 29 21:00:06 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4F88B16A43C for ; Tue, 29 Nov 2005 21:00:06 +0000 (GMT) (envelope-from cperciva@freebsd.org) Received: from pd2mo1so.prod.shaw.ca (shawidc-mo1.cg.shawcable.net [24.71.223.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9786F43D80 for ; Tue, 29 Nov 2005 20:58:36 +0000 (GMT) (envelope-from cperciva@freebsd.org) Received: from pd4mr7so.prod.shaw.ca (pd4mr7so-qfe3.prod.shaw.ca [10.0.141.84]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0IQQ005F0I947T80@l-daemon> for freebsd-security@freebsd.org; Tue, 29 Nov 2005 13:58:16 -0700 (MST) Received: from pn2ml3so.prod.shaw.ca ([10.0.121.147]) by pd4mr7so.prod.shaw.ca (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0IQQ007HFI946U00@pd4mr7so.prod.shaw.ca> for freebsd-security@freebsd.org; Tue, 29 Nov 2005 13:58:16 -0700 (MST) Received: from [192.168.0.60] ([24.87.209.6]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0IQQ00L2TI937PE0@l-daemon> for freebsd-security@freebsd.org; Tue, 29 Nov 2005 13:58:16 -0700 (MST) Date: Tue, 29 Nov 2005 12:58:15 -0800 From: Colin Percival In-reply-to: <000201c5f526$5a000400$e403000a@rickderringer> To: aristeu Message-id: <438CC0E7.9020409@freebsd.org> MIME-version: 1.0 Content-type: text/plain; charset=ISO-8859-1 Content-transfer-encoding: 7bit X-Accept-Language: en-us, en X-Enigmail-Version: 0.93.0.0 References: <000201c5f526$5a000400$e403000a@rickderringer> User-Agent: Mozilla Thunderbird 1.0.7 (X11/20051001) Cc: freebsd-security@freebsd.org Subject: Re: Reflections on Trusting Trust X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Nov 2005 21:00:06 -0000 aristeu wrote: >> Can you explain what you mean here. Virtually all distfiles needed to >> build a port have MD5 and maybe SHA-256 hashes embedded in the ports >> tree. The only way to easily circumvent these is to subvert the ports >> tree - which gets back to the issue of trusting the FreeBSD distribution. >> I agree that there's currently no integrity checking on packages. >> (And, BTW, tar has no integrity checks). > > Anyone who is between you and freebsd cvsup server can make his own ports > tree repository. That being done, he just need to redirect your connection > and wait 'til your next cvsup sync is done. This is why I wrote portsnap. Colin Percival From owner-freebsd-security@FreeBSD.ORG Tue Nov 29 21:04:28 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6C93516A429 for ; Tue, 29 Nov 2005 21:04:28 +0000 (GMT) (envelope-from markzero@corolla.ath.cx) Received: from addr9.addr.com (addr9.addr.com [38.113.244.40]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0F89E43DBD for ; Tue, 29 Nov 2005 21:03:09 +0000 (GMT) (envelope-from markzero@corolla.ath.cx) Received: from logik.internal.network (localhost [127.0.0.1]) by addr9.addr.com (8.12.11/8.12.8/Submit) with ESMTP id jATL2J77080895; Tue, 29 Nov 2005 13:02:20 -0800 (PST) Received: by logik.internal.network (Postfix, from userid 1001) id 6287F651E; Tue, 29 Nov 2005 21:02:13 +0000 (GMT) Date: Tue, 29 Nov 2005 21:02:13 +0000 From: markzero To: aristeu Message-ID: <20051129210213.GA543@logik.internal.network> References: <000201c5f526$5a000400$e403000a@rickderringer> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="ZGiS0Q5IWpPtfppv" Content-Disposition: inline In-Reply-To: <000201c5f526$5a000400$e403000a@rickderringer> X-GPG-Key: http://darklogik.org/pub/pgp/pgp.txt X-Fingerprint: 0160 A46A 9A48 D3B0 C92F B690 17FB 4B72 0207 ED43 X-ADDRSpamFilter: Passed, probability (0%) X-ADDRSignature: 25C5375B Cc: freebsd-security@freebsd.org Subject: Re: Reflections on Trusting Trust X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Nov 2005 21:04:28 -0000 --ZGiS0Q5IWpPtfppv Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable > About the GNU part an user from this list, sent me an email telling me th= ere > is an BSD license solution comming soon. Thanks markzero for the note. >=20 > http://netbsd-soc.sourceforge.net/projects/bpg/ It was actually meant to be posted to the list as well, but I forgot to add the CC: line, oops.. M --=20 pgp: http://www.darklogik.org/pub/pgp/pgp.txt 0160 A46A 9A48 D3B0 C92F B690 17FB 4B72 0207 ED43 --ZGiS0Q5IWpPtfppv Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iQIVAwUBQ4zB1Bf7S3ICB+1DAQpaEg/+O2a5NOAzjY4+f9pGEAjUml5CW6StSbXl 2YugFLVbJNzf/nGYjdsY9IxpCp1tzyKtIyS0MWu2Tevl8so7zlNwAwNzI6NCzx5R lTeRgEOiy3BAXgaCwzLEsgnTZzcL8fh7rAIR2qex/kIGSApDtdg7W7bb7UI9wdaM sjZZIwA3USVDRsfIBVyfaKtha/KfcOil9c1DOw+81y8xlla4QybZ+f424Fjdkc9m 23pYq3De3sq7wiqYrYvikPkhlYK417vDVM9mpmNNa1nd31foiADUXvkCeT4RhOot a/Ibl/EVFB9VSwu3TndE7NOKWlqeNFe9Caz9tN393HOtxcjLFoKXvREtkgk1sCuB rI79nH58kayDydDJ/fZhbEo76WVViZYRYqLk+X/LOYUDfmFjPzByFPfTthJxyM6+ aGJH6SvIU1g5iAOfvO+H6+6SZtzYl8ud6Ebvf9/Nd5RhFi55ler/KTtrXizMrWPZ NU9T7d++jX8E3FywYVdO6JBlOL4QTrGKXb9I63MaAA6cm4IJ7gfP0aO8fn7MdEeq TRqQQeMfxgHz5Fho8odWSAwW0IIBnY4Ibd9bMz1sWodxFlhSkdBrl4DvOGxaZHPJ GJq+kQJdQX97h1JBpXPeB/IuciQri/xAWpe/6mij83us7DiPtVtTDEOxX0BEFKuH N3gymbrziKE= =4IrT -----END PGP SIGNATURE----- --ZGiS0Q5IWpPtfppv-- From owner-freebsd-security@FreeBSD.ORG Tue Nov 29 23:27:05 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 606CE16A420 for ; Tue, 29 Nov 2005 23:27:05 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id EC01B43D7D for ; Tue, 29 Nov 2005 23:27:04 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: from obsecurity.dyndns.org (elvis.mu.org [192.203.228.196]) by elvis.mu.org (Postfix) with ESMTP id AE8991A3C28; Tue, 29 Nov 2005 15:27:04 -0800 (PST) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id E327051314; Tue, 29 Nov 2005 18:27:03 -0500 (EST) Date: Tue, 29 Nov 2005 18:27:03 -0500 From: Kris Kennaway To: aristeu Message-ID: <20051129232703.GA60060@xor.obsecurity.org> References: <20051129120151.5A2FB16A420@hub.freebsd.org> <002601c5f4fa$b5115320$e403000a@rickderringer> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="EVF5PPMfhYS0aIcm" Content-Disposition: inline In-Reply-To: <002601c5f4fa$b5115320$e403000a@rickderringer> User-Agent: Mutt/1.4.2.1i Cc: freebsd-security@freebsd.org Subject: Re: Reflections on Trusting Trust X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Nov 2005 23:27:05 -0000 --EVF5PPMfhYS0aIcm Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Nov 29, 2005 at 01:36:31PM -0200, aristeu wrote: > I'm new here, and I've posted only once. I just want to add my "just=20 > another user" opinion on this... >=20 > Signing security advisories that sends the hashes for a file does a nice= =20 > job. >=20 > I think the only problem that exists is the package/ports deployment. I= =20 > belive we can't trust only on hashes for this (tar already does a fine jo= b=20 > on integrity...), because it can be easily circunvented. Maybe trusting= =20 > this it is the real weakest link... I'd be happy to work with someone who can implement a solution for the package side. The important thing to keep in mind is that packages are built automatically on many distributed machines. Any solution for signing packages would therefore need to also be automated, e.g. signing them automatically when the packages are pulled back from the build client to server. Kris --EVF5PPMfhYS0aIcm Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFDjOPHWry0BWjoQKURAp5aAJ0XVkDRkRHqAoRd8BwSLF3TGbW9OACfXY2q 2AJSefUV4wqflt2F5PgY92c= =Ylsy -----END PGP SIGNATURE----- --EVF5PPMfhYS0aIcm-- From owner-freebsd-security@FreeBSD.ORG Tue Nov 29 23:33:27 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 53CB416A41F for ; Tue, 29 Nov 2005 23:33:27 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id 54CA143D58 for ; Tue, 29 Nov 2005 23:33:17 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: from obsecurity.dyndns.org (elvis.mu.org [192.203.228.196]) by elvis.mu.org (Postfix) with ESMTP id 314411A4D79; Tue, 29 Nov 2005 15:33:17 -0800 (PST) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 8C79051330; Tue, 29 Nov 2005 18:33:16 -0500 (EST) Date: Tue, 29 Nov 2005 18:33:16 -0500 From: Kris Kennaway To: Kris Kennaway Message-ID: <20051129233316.GA60287@xor.obsecurity.org> References: <20051129120151.5A2FB16A420@hub.freebsd.org> <002601c5f4fa$b5115320$e403000a@rickderringer> <20051129232703.GA60060@xor.obsecurity.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="bg08WKrSYDhXBjb5" Content-Disposition: inline In-Reply-To: <20051129232703.GA60060@xor.obsecurity.org> User-Agent: Mutt/1.4.2.1i Cc: freebsd-security@freebsd.org, aristeu Subject: Re: Reflections on Trusting Trust X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Nov 2005 23:33:27 -0000 --bg08WKrSYDhXBjb5 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Nov 29, 2005 at 06:27:03PM -0500, Kris Kennaway wrote: > On Tue, Nov 29, 2005 at 01:36:31PM -0200, aristeu wrote: > > I'm new here, and I've posted only once. I just want to add my "just=20 > > another user" opinion on this... > >=20 > > Signing security advisories that sends the hashes for a file does a nic= e=20 > > job. > >=20 > > I think the only problem that exists is the package/ports deployment. I= =20 > > belive we can't trust only on hashes for this (tar already does a fine = job=20 > > on integrity...), because it can be easily circunvented. Maybe trusting= =20 > > this it is the real weakest link... >=20 > I'd be happy to work with someone who can implement a solution for the > package side. Also, pkg_sign(1) has existed for a long time, but needs the support infrastructure to make it usable. Kris --bg08WKrSYDhXBjb5 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFDjOU8Wry0BWjoQKURAkVYAJwPgTppYQakS50yfy1WJ1RqAzwb2ACffmLL hCER8btPzPW2BBnJN3zHems= =kYcs -----END PGP SIGNATURE----- --bg08WKrSYDhXBjb5-- From owner-freebsd-security@FreeBSD.ORG Tue Nov 29 23:44:36 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AC2B216A427 for ; Tue, 29 Nov 2005 23:44:36 +0000 (GMT) (envelope-from cperciva@freebsd.org) Received: from pd4mo3so.prod.shaw.ca (shawidc-mo1.cg.shawcable.net [24.71.223.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2E8AE43E07 for ; Tue, 29 Nov 2005 23:43:14 +0000 (GMT) (envelope-from cperciva@freebsd.org) Received: from pd3mr2so.prod.shaw.ca (pd3mr2so-qfe3.prod.shaw.ca [10.0.141.178]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0IQQ001E6PW0N190@l-daemon> for freebsd-security@freebsd.org; Tue, 29 Nov 2005 16:43:12 -0700 (MST) Received: from pn2ml7so.prod.shaw.ca ([10.0.121.151]) by pd3mr2so.prod.shaw.ca (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0IQQ003YNPW0NLK0@pd3mr2so.prod.shaw.ca> for freebsd-security@freebsd.org; Tue, 29 Nov 2005 16:43:12 -0700 (MST) Received: from [192.168.0.60] (S0106006067227a4a.vc.shawcable.net [24.87.209.6]) by l-daemon (iPlanet Messaging Server 5.2 HotFix 1.18 (built Jul 28 2003)) with ESMTP id <0IQQ0058QPVZH1@l-daemon> for freebsd-security@freebsd.org; Tue, 29 Nov 2005 16:43:12 -0700 (MST) Date: Tue, 29 Nov 2005 15:43:11 -0800 From: Colin Percival In-reply-to: <20051129232703.GA60060@xor.obsecurity.org> To: Kris Kennaway Message-id: <438CE78F.303@freebsd.org> MIME-version: 1.0 Content-type: text/plain; charset=ISO-8859-1 Content-transfer-encoding: 7bit X-Accept-Language: en-us, en X-Enigmail-Version: 0.93.0.0 References: <20051129120151.5A2FB16A420@hub.freebsd.org> <002601c5f4fa$b5115320$e403000a@rickderringer> <20051129232703.GA60060@xor.obsecurity.org> User-Agent: Mozilla Thunderbird 1.0.7 (X11/20051001) Cc: freebsd-security@freebsd.org, aristeu Subject: Re: Reflections on Trusting Trust X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Nov 2005 23:44:37 -0000 Kris Kennaway wrote: > I'd be happy to work with someone who can implement a solution for the > package side. The important thing to keep in mind is that packages > are built automatically on many distributed machines. Any solution > for signing packages would therefore need to also be automated, > e.g. signing them automatically when the packages are pulled back from > the build client to server. Even before you get to that point, you have to worry about making sure that the build clients are secure. One possibility which worries me a great deal is that a trojan in the build code for a low-profile port (e.g., misc/my-port-which-nobody-else-uses) could allow an attacker to gain control of a build client (and then insert trojans into packages which are built there). Of course, there are some mechanisms which can be used -- for example, jails -- but I'm not willing to trust the security of every system which ever installs FreeBSD packages to the hope that nobody will ever find a security flaw which permits a jailbreak. Once Xen is more mature, I imagine that it will be very useful for performing such builds securely. Colin Percival From owner-freebsd-security@FreeBSD.ORG Tue Nov 29 23:45:41 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 546A416A41F for ; Tue, 29 Nov 2005 23:45:41 +0000 (GMT) (envelope-from cperciva@freebsd.org) Received: from pd4mo3so.prod.shaw.ca (shawidc-mo1.cg.shawcable.net [24.71.223.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id C8A9E43D77 for ; Tue, 29 Nov 2005 23:44:59 +0000 (GMT) (envelope-from cperciva@freebsd.org) Received: from pd5mr8so.prod.shaw.ca (pd5mr8so-qfe3.prod.shaw.ca [10.0.141.184]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0IQQ001NQPYPN390@l-daemon> for freebsd-security@freebsd.org; Tue, 29 Nov 2005 16:44:49 -0700 (MST) Received: from pn2ml7so.prod.shaw.ca ([10.0.121.151]) by pd5mr8so.prod.shaw.ca (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0IQQ00H5VPYPRL80@pd5mr8so.prod.shaw.ca> for freebsd-security@freebsd.org; Tue, 29 Nov 2005 16:44:49 -0700 (MST) Received: from [192.168.0.60] (S0106006067227a4a.vc.shawcable.net [24.87.209.6]) by l-daemon (iPlanet Messaging Server 5.2 HotFix 1.18 (built Jul 28 2003)) with ESMTP id <0IQQ00FMGPYONG@l-daemon> for freebsd-security@freebsd.org; Tue, 29 Nov 2005 16:44:49 -0700 (MST) Date: Tue, 29 Nov 2005 15:44:46 -0800 From: Colin Percival In-reply-to: <20051129233316.GA60287@xor.obsecurity.org> To: Kris Kennaway Message-id: <438CE7EE.4010005@freebsd.org> MIME-version: 1.0 Content-type: text/plain; charset=ISO-8859-1 Content-transfer-encoding: 7bit X-Accept-Language: en-us, en X-Enigmail-Version: 0.93.0.0 References: <20051129120151.5A2FB16A420@hub.freebsd.org> <002601c5f4fa$b5115320$e403000a@rickderringer> <20051129232703.GA60060@xor.obsecurity.org> <20051129233316.GA60287@xor.obsecurity.org> User-Agent: Mozilla Thunderbird 1.0.7 (X11/20051001) Cc: freebsd-security@freebsd.org, aristeu Subject: Re: Reflections on Trusting Trust X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Nov 2005 23:45:41 -0000 Kris Kennaway wrote: > Also, pkg_sign(1) has existed for a long time, but needs the support > infrastructure to make it usable. Last I heard, pkg_sign(1) became non-functional when we changed from gzipped tarballs to bzip2ed tarballs for packages. Colin Percival From owner-freebsd-security@FreeBSD.ORG Wed Nov 30 00:04:10 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3A9AC16A41F; Wed, 30 Nov 2005 00:04:10 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id BE6E443D96; Wed, 30 Nov 2005 00:03:45 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: from obsecurity.dyndns.org (elvis.mu.org [192.203.228.196]) by elvis.mu.org (Postfix) with ESMTP id 544B31A4D83; Tue, 29 Nov 2005 16:03:27 -0800 (PST) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id B4CE6513A2; Tue, 29 Nov 2005 19:03:26 -0500 (EST) Date: Tue, 29 Nov 2005 19:03:26 -0500 From: Kris Kennaway To: Colin Percival Message-ID: <20051130000326.GA60924@xor.obsecurity.org> References: <20051129120151.5A2FB16A420@hub.freebsd.org> <002601c5f4fa$b5115320$e403000a@rickderringer> <20051129232703.GA60060@xor.obsecurity.org> <20051129233316.GA60287@xor.obsecurity.org> <438CE7EE.4010005@freebsd.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="C7zPtVaVf+AK4Oqc" Content-Disposition: inline In-Reply-To: <438CE7EE.4010005@freebsd.org> User-Agent: Mutt/1.4.2.1i Cc: freebsd-security@freebsd.org, aristeu , Kris Kennaway Subject: Re: Reflections on Trusting Trust X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Nov 2005 00:04:10 -0000 --C7zPtVaVf+AK4Oqc Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Nov 29, 2005 at 03:44:46PM -0800, Colin Percival wrote: > Kris Kennaway wrote: > > Also, pkg_sign(1) has existed for a long time, but needs the support > > infrastructure to make it usable. >=20 > Last I heard, pkg_sign(1) became non-functional when we changed from > gzipped tarballs to bzip2ed tarballs for packages. Yeah, that could well be true. Kris --C7zPtVaVf+AK4Oqc Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFDjOxOWry0BWjoQKURAhCwAKC6pWkMoicDvPB767nhB7n2P0wfJwCdFiYg cquZvIJAVj0kGQKSMubs7Xk= =H4jn -----END PGP SIGNATURE----- --C7zPtVaVf+AK4Oqc-- From owner-freebsd-security@FreeBSD.ORG Wed Nov 30 00:07:56 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CA2FD16A427; Wed, 30 Nov 2005 00:07:56 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id 265A343E01; Wed, 30 Nov 2005 00:06:24 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: from obsecurity.dyndns.org (elvis.mu.org [192.203.228.196]) by elvis.mu.org (Postfix) with ESMTP id E20F61A3C29; Tue, 29 Nov 2005 16:05:52 -0800 (PST) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 406B9513A2; Tue, 29 Nov 2005 19:05:52 -0500 (EST) Date: Tue, 29 Nov 2005 19:05:52 -0500 From: Kris Kennaway To: Colin Percival Message-ID: <20051130000552.GB60924@xor.obsecurity.org> References: <20051129120151.5A2FB16A420@hub.freebsd.org> <002601c5f4fa$b5115320$e403000a@rickderringer> <20051129232703.GA60060@xor.obsecurity.org> <438CE78F.303@freebsd.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="4bRzO86E/ozDv8r1" Content-Disposition: inline In-Reply-To: <438CE78F.303@freebsd.org> User-Agent: Mutt/1.4.2.1i Cc: freebsd-security@freebsd.org, aristeu , Kris Kennaway Subject: Re: Reflections on Trusting Trust X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Nov 2005 00:07:57 -0000 --4bRzO86E/ozDv8r1 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Nov 29, 2005 at 03:43:11PM -0800, Colin Percival wrote: > Kris Kennaway wrote: > > I'd be happy to work with someone who can implement a solution for the > > package side. The important thing to keep in mind is that packages > > are built automatically on many distributed machines. Any solution > > for signing packages would therefore need to also be automated, > > e.g. signing them automatically when the packages are pulled back from > > the build client to server. >=20 > Even before you get to that point, you have to worry about making sure > that the build clients are secure. One possibility which worries me a > great deal is that a trojan in the build code for a low-profile port > (e.g., misc/my-port-which-nobody-else-uses) could allow an attacker to > gain control of a build client (and then insert trojans into packages > which are built there). They're closed systems that I keep up-to-date with security fixes, but yes, this is something that we do not defend against. As you note, it's not really practical to at the moment, so the best we can do is just keep it in mind and look for other things to fix. Kris --4bRzO86E/ozDv8r1 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFDjOzfWry0BWjoQKURAgQOAKC90Ql8HdO0AjWSUg/djwA52C0VTgCgqT3d 9shbc/Up3l1AMJ6MvR4pHLs= =JtkB -----END PGP SIGNATURE----- --4bRzO86E/ozDv8r1-- From owner-freebsd-security@FreeBSD.ORG Wed Nov 30 02:07:42 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0268716A41F for ; Wed, 30 Nov 2005 02:07:42 +0000 (GMT) (envelope-from cperciva@freebsd.org) Received: from pd3mo3so.prod.shaw.ca (shawidc-mo1.cg.shawcable.net [24.71.223.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 55DC943D72 for ; Wed, 30 Nov 2005 02:07:31 +0000 (GMT) (envelope-from cperciva@freebsd.org) Received: from pd3mr2so.prod.shaw.ca (pd3mr2so-qfe3.prod.shaw.ca [10.0.141.178]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0IQQ007KIWKI63D0@l-daemon> for freebsd-security@freebsd.org; Tue, 29 Nov 2005 19:07:30 -0700 (MST) Received: from pn2ml8so.prod.shaw.ca ([10.0.121.152]) by pd3mr2so.prod.shaw.ca (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0IQQ00760WKIZ0A0@pd3mr2so.prod.shaw.ca> for freebsd-security@freebsd.org; Tue, 29 Nov 2005 19:07:30 -0700 (MST) Received: from [192.168.0.60] (S0106006067227a4a.vc.shawcable.net [24.87.209.6]) by l-daemon (iPlanet Messaging Server 5.2 HotFix 1.18 (built Jul 28 2003)) with ESMTP id <0IQQ00K93WKHZ8@l-daemon> for freebsd-security@freebsd.org; Tue, 29 Nov 2005 19:07:30 -0700 (MST) Date: Tue, 29 Nov 2005 18:07:29 -0800 From: Colin Percival In-reply-to: <20051130000552.GB60924@xor.obsecurity.org> To: Kris Kennaway Message-id: <438D0961.40307@freebsd.org> MIME-version: 1.0 Content-type: text/plain; charset=ISO-8859-1 Content-transfer-encoding: 7bit X-Accept-Language: en-us, en X-Enigmail-Version: 0.93.0.0 References: <20051129120151.5A2FB16A420@hub.freebsd.org> <002601c5f4fa$b5115320$e403000a@rickderringer> <20051129232703.GA60060@xor.obsecurity.org> <438CE78F.303@freebsd.org> <20051130000552.GB60924@xor.obsecurity.org> User-Agent: Mozilla Thunderbird 1.0.7 (X11/20051001) Cc: freebsd-security@freebsd.org, aristeu Subject: Re: Reflections on Trusting Trust X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Nov 2005 02:07:42 -0000 Kris Kennaway wrote: > On Tue, Nov 29, 2005 at 03:43:11PM -0800, Colin Percival wrote: >>Even before you get to that point, you have to worry about making sure >>that the build clients are secure. One possibility which worries me a >>great deal is that a trojan in the build code for a low-profile port >>(e.g., misc/my-port-which-nobody-else-uses) could allow an attacker to >>gain control of a build client (and then insert trojans into packages >>which are built there). > > They're closed systems that I keep up-to-date with security fixes, but > yes, this is something that we do not defend against. As you note, > it's not really practical to at the moment, so the best we can do is > just keep it in mind and look for other things to fix. Yes and no. Fixing other potential security risks is good, but not if it leads users to think that the packages are more trustworthy than they really are. In particular, if we started distributing signed packages, I suspect that most people would assume that the signatures guaranteed that the packages were good, rather than simply ensuring that the packages hadn't been modified with after they were built. If we're going to sign anything, we need to ensure not just that we're signing what we think we're signing, but also that we're signing what the *end users* think that we're signing. Colin Percival From owner-freebsd-security@FreeBSD.ORG Wed Nov 30 03:25:14 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D527216A41F; Wed, 30 Nov 2005 03:25:14 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6DF7843D5E; Wed, 30 Nov 2005 03:25:01 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: from obsecurity.dyndns.org (elvis.mu.org [192.203.228.196]) by elvis.mu.org (Postfix) with ESMTP id 9BB6D1A3C1A; Tue, 29 Nov 2005 19:25:00 -0800 (PST) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 03D59514DF; Tue, 29 Nov 2005 22:25:00 -0500 (EST) Date: Tue, 29 Nov 2005 22:24:59 -0500 From: Kris Kennaway To: Colin Percival Message-ID: <20051130032459.GA63255@xor.obsecurity.org> References: <20051129120151.5A2FB16A420@hub.freebsd.org> <002601c5f4fa$b5115320$e403000a@rickderringer> <20051129232703.GA60060@xor.obsecurity.org> <438CE78F.303@freebsd.org> <20051130000552.GB60924@xor.obsecurity.org> <438D0961.40307@freebsd.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="LQksG6bCIzRHxTLp" Content-Disposition: inline In-Reply-To: <438D0961.40307@freebsd.org> User-Agent: Mutt/1.4.2.1i Cc: freebsd-security@freebsd.org, aristeu , Kris Kennaway Subject: Re: Reflections on Trusting Trust X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Nov 2005 03:25:15 -0000 --LQksG6bCIzRHxTLp Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Nov 29, 2005 at 06:07:29PM -0800, Colin Percival wrote: > Kris Kennaway wrote: > > On Tue, Nov 29, 2005 at 03:43:11PM -0800, Colin Percival wrote: > >>Even before you get to that point, you have to worry about making sure > >>that the build clients are secure. One possibility which worries me a > >>great deal is that a trojan in the build code for a low-profile port > >>(e.g., misc/my-port-which-nobody-else-uses) could allow an attacker to > >>gain control of a build client (and then insert trojans into packages > >>which are built there). > >=20 > > They're closed systems that I keep up-to-date with security fixes, but > > yes, this is something that we do not defend against. As you note, > > it's not really practical to at the moment, so the best we can do is > > just keep it in mind and look for other things to fix. >=20 > Yes and no. Fixing other potential security risks is good, but not if > it leads users to think that the packages are more trustworthy than they > really are. In particular, if we started distributing signed packages, > I suspect that most people would assume that the signatures guaranteed > that the packages were good, rather than simply ensuring that the packages > hadn't been modified with after they were built. >=20 > If we're going to sign anything, we need to ensure not just that we're > signing what we think we're signing, but also that we're signing what the > *end users* think that we're signing. Seems to me that ignorance and a false sense of security is bad wherever it appears, so all we can do is try our best to educate users about what they're getting. Kris --LQksG6bCIzRHxTLp Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFDjRuLWry0BWjoQKURArdGAKCynAKo6gfljOGuzJEcjU4eubE+UQCgyOj2 vxf02W2w9DcqG8RVODJYGRE= =JN/P -----END PGP SIGNATURE----- --LQksG6bCIzRHxTLp-- From owner-freebsd-security@FreeBSD.ORG Wed Nov 30 08:55:33 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 657D116A420 for ; Wed, 30 Nov 2005 08:55:33 +0000 (GMT) (envelope-from adamsz@mailpont.hu) Received: from mailpont.hu (mailpont.hu [217.20.133.14]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0C22743D6D for ; Wed, 30 Nov 2005 08:55:31 +0000 (GMT) (envelope-from adamsz@mailpont.hu) Received: by mailpont.hu (Postfix, from userid 1005) id 8955640E4CE; Wed, 30 Nov 2005 09:55:28 +0100 (CET) Received: from www.mailpont.hu (localhost [127.0.0.1]) by mailpont.hu (Postfix) with ESMTP id 57CD440E4F6 for ; Wed, 30 Nov 2005 09:55:24 +0100 (CET) Received: from 193.68.33.1 (SquirrelMail authenticated user adamsz@mailpont.hu); by www.mailpont.hu with HTTP; Wed, 30 Nov 2005 09:55:24 +0100 (CET) Message-ID: <4155.193.68.33.1.1133340924.squirrel@193.68.33.1> In-Reply-To: <438CE78F.303@freebsd.org> References: <20051129120151.5A2FB16A420@hub.freebsd.org> <002601c5f4fa$b5115320$e403000a@rickderringer> <20051129232703.GA60060@xor.obsecurity.org> <438CE78F.303@freebsd.org> Date: Wed, 30 Nov 2005 09:55:24 +0100 (CET) From: =?iso-8859-2?Q?=C1d=E1m_Szilveszter?= To: freebsd-security@freebsd.org User-Agent: SquirrelMail/1.4.3a X-Mailer: SquirrelMail/1.4.3a MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-2 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on prometheus X-Spam-Level: X-Spam-Status: No, score=-2.8 required=5.0 tests=ALL_TRUSTED autolearn=ham version=3.0.3 Subject: Re: Reflections on Trusting Trust X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Nov 2005 08:55:33 -0000 On Sze, November 30, 2005 12:43 am, Colin Percival mondta: > Even before you get to that point, you have to worry about making sure > that the build clients are secure. One possibility which worries me a > great deal is that a trojan in the build code for a low-profile port > (e.g., misc/my-port-which-nobody-else-uses) could allow an attacker to > gain control of a build client (and then insert trojans into packages > which are built there). Which practically begs the question: could we, pretty please, change the defaults and stop encouraging people from downloading distfiles and compiling them when using the ports tree as *root*? (shudder) There is exactly zero reason for this that I can think of apart from some "well it's more convenient that way" arguments. With the current model of using ports (and packages too) every single BO or whatever in eg fetch or libfetch becomes a sure-fire remote root vulnerability, because all FreeBSD machines use fetch to retrieve stuff from random sites on the Internet (MASTERSITEs are all over the place) as root. A security worst-practice. (Well, not all of them... I use a non-priviledged user to do that, which is now becoming more and more practical, but earlier there used to be all kinds of nasties in the build processes of certain ports which you only noticed if you were non-root...) (Of course, we could go even further and start compartmentalising access rights because eg a user with port-install rights should have no permission to touch the base system, in partcular system binaries and the contents of /etc, but this would also require saying farewell to some really bizarre things like "openssh from ports overwriting the one in the base" which would be really a good idea btw.) Best regards, Sz. ----------------------------------------------------- 1 GByte ingyenes e-mail és webtárhely a MailPont-tól! Miért fizetnél érte, ha nálunk teljesen ingyen van? Regisztrálj te is magadnak! - www.MailPont.hu - From owner-freebsd-security@FreeBSD.ORG Wed Nov 30 09:02:55 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 04B7016A422 for ; Wed, 30 Nov 2005 09:02:55 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0E0CC43D45 for ; Wed, 30 Nov 2005 09:02:50 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: from obsecurity.dyndns.org (elvis.mu.org [192.203.228.196]) by elvis.mu.org (Postfix) with ESMTP id 635D31A3C25; Wed, 30 Nov 2005 01:02:50 -0800 (PST) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 0075351314; Wed, 30 Nov 2005 04:02:48 -0500 (EST) Date: Wed, 30 Nov 2005 04:02:48 -0500 From: Kris Kennaway To: ?d?m Szilveszter Message-ID: <20051130090247.GA68049@xor.obsecurity.org> References: <20051129120151.5A2FB16A420@hub.freebsd.org> <002601c5f4fa$b5115320$e403000a@rickderringer> <20051129232703.GA60060@xor.obsecurity.org> <438CE78F.303@freebsd.org> <4155.193.68.33.1.1133340924.squirrel@193.68.33.1> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="huq684BweRXVnRxX" Content-Disposition: inline In-Reply-To: <4155.193.68.33.1.1133340924.squirrel@193.68.33.1> User-Agent: Mutt/1.4.2.1i Cc: freebsd-security@freebsd.org Subject: Re: Reflections on Trusting Trust X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Nov 2005 09:02:55 -0000 --huq684BweRXVnRxX Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Nov 30, 2005 at 09:55:24AM +0100, ?d?m Szilveszter wrote: > On Sze, November 30, 2005 12:43 am, Colin Percival mondta: > > Even before you get to that point, you have to worry about making sure > > that the build clients are secure. One possibility which worries me a > > great deal is that a trojan in the build code for a low-profile port > > (e.g., misc/my-port-which-nobody-else-uses) could allow an attacker to > > gain control of a build client (and then insert trojans into packages > > which are built there). >=20 > Which practically begs the question: could we, pretty please, change the > defaults and stop encouraging people from downloading distfiles and > compiling them when using the ports tree as *root*? (shudder) There is > exactly zero reason for this that I can think of apart from some "well > it's more convenient that way" arguments. And of course that some ports don't build as non-root :-) If you're willing to fix them (there may be a lot), I could schedule a full port build done as non-root so you can start work. Kris --huq684BweRXVnRxX Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFDjWq3Wry0BWjoQKURArmKAJ4isEMkIoaUSw6WYzcbuvqMLHnk9gCfVUpQ 5btEz+JfJJjKTSmhbTqnStU= =QoQw -----END PGP SIGNATURE----- --huq684BweRXVnRxX-- From owner-freebsd-security@FreeBSD.ORG Wed Nov 30 09:19:32 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D34F116A41F for ; Wed, 30 Nov 2005 09:19:32 +0000 (GMT) (envelope-from sirmoo@cowbert.2y.net) Received: from cowbert.2y.net (d46h180.public.uconn.edu [137.99.46.180]) by mx1.FreeBSD.org (Postfix) with SMTP id 4804043D55 for ; Wed, 30 Nov 2005 09:19:32 +0000 (GMT) (envelope-from sirmoo@cowbert.2y.net) Received: (qmail 50218 invoked by uid 1001); 30 Nov 2005 09:19:31 -0000 Date: Wed, 30 Nov 2005 04:19:31 -0500 From: "Peter C. Lai" To: ?d?m Szilveszter Message-ID: <20051130091931.GJ326@cowbert.2y.net> References: <20051129120151.5A2FB16A420@hub.freebsd.org> <002601c5f4fa$b5115320$e403000a@rickderringer> <20051129232703.GA60060@xor.obsecurity.org> <438CE78F.303@freebsd.org> <4155.193.68.33.1.1133340924.squirrel@193.68.33.1> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4155.193.68.33.1.1133340924.squirrel@193.68.33.1> User-Agent: Mutt/1.5.6i Cc: freebsd-security@freebsd.org Subject: Re: Reflections on Trusting Trust X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Nov 2005 09:19:32 -0000 On Wed, Nov 30, 2005 at 09:55:24AM +0100, ?d?m Szilveszter wrote: > really bizarre things like "openssh from ports overwriting the one in the > base" which would be really a good idea btw.) Except, sometimes, we really DO want to OVERRIDE_BASE :) -- Peter C. Lai Dept. of Neurobiology | SenseLab Yale University School of Medicine http://cowbert.2y.net/ From owner-freebsd-security@FreeBSD.ORG Wed Nov 30 09:32:05 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4E48E16A41F for ; Wed, 30 Nov 2005 09:32:05 +0000 (GMT) (envelope-from adamsz@mailpont.hu) Received: from mailpont.hu (mailpont.hu [217.20.133.14]) by mx1.FreeBSD.org (Postfix) with ESMTP id 37A2643D69 for ; Wed, 30 Nov 2005 09:32:04 +0000 (GMT) (envelope-from adamsz@mailpont.hu) Received: by mailpont.hu (Postfix, from userid 1005) id 94D1840E468; Wed, 30 Nov 2005 10:32:01 +0100 (CET) Received: from www.mailpont.hu (localhost [127.0.0.1]) by mailpont.hu (Postfix) with ESMTP id B53E440E460 for ; Wed, 30 Nov 2005 10:31:58 +0100 (CET) Received: from 193.68.33.1 (SquirrelMail authenticated user adamsz@mailpont.hu); by www.mailpont.hu with HTTP; Wed, 30 Nov 2005 10:31:58 +0100 (CET) Message-ID: <3067.193.68.33.1.1133343118.squirrel@193.68.33.1> In-Reply-To: <20051130090247.GA68049@xor.obsecurity.org> References: <20051129120151.5A2FB16A420@hub.freebsd.org> <002601c5f4fa$b5115320$e403000a@rickderringer> <20051129232703.GA60060@xor.obsecurity.org> <438CE78F.303@freebsd.org> <4155.193.68.33.1.1133340924.squirrel@193.68.33.1> <20051130090247.GA68049@xor.obsecurity.org> Date: Wed, 30 Nov 2005 10:31:58 +0100 (CET) From: =?iso-8859-2?Q?=C1d=E1m_Szilveszter?= To: freebsd-security@freebsd.org User-Agent: SquirrelMail/1.4.3a X-Mailer: SquirrelMail/1.4.3a MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-2 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on prometheus X-Spam-Level: X-Spam-Status: No, score=-2.8 required=5.0 tests=ALL_TRUSTED autolearn=ham version=3.0.3 Subject: Re: Reflections on Trusting Trust X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Nov 2005 09:32:05 -0000 On Sze, November 30, 2005 10:02 am, Kris Kennaway mondta: > And of course that some ports don't build as non-root :-) Which still does not explain fetching :-) But yes, this may be a problem. (I have not been aware of them, most likely because I have not used them) > If you're willing to fix them (there may be a lot), I could schedule a > full port build done as non-root so you can start work. (I know, wrong answer, but this is all I can come up with) I am probably not the right person for doing all of this, although a test run surely would not hurt. That way everybody (including maintainers) can see if their ports have a problem. Until now, many perhaps do not even know. If there will be such a build, I will surely take the time to look through the results and try my hand at fixing some, however. Best regards, Sz. ----------------------------------------------------- 1 GByte ingyenes e-mail és webtárhely a MailPont-tól! Miért fizetnél érte, ha nálunk teljesen ingyen van? Regisztrálj te is magadnak! - www.MailPont.hu - From owner-freebsd-security@FreeBSD.ORG Wed Nov 30 12:39:45 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1AA5216A41F for ; Wed, 30 Nov 2005 12:39:45 +0000 (GMT) (envelope-from andreas.nemeth@aporem.net) Received: from imap1u.univie.ac.at (murder.univie.ac.at [131.130.1.183]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6A67E43D53 for ; Wed, 30 Nov 2005 12:39:43 +0000 (GMT) (envelope-from andreas.nemeth@aporem.net) Received: from attic.mat.univie.ac.at (attic.mat.univie.ac.at [131.130.16.122]) by imap1u.univie.ac.at (8.12.10/8.12.10) with ESMTP id jAUCaBHr046959 for ; Wed, 30 Nov 2005 13:36:13 +0100 (CET) From: Andreas Nemeth To: freebsd-security@freebsd.org Date: Wed, 30 Nov 2005 13:36:10 +0100 User-Agent: KMail/1.7.1 References: <20051129120151.5A2FB16A420@hub.freebsd.org> <438CE78F.303@freebsd.org> <4155.193.68.33.1.1133340924.squirrel@193.68.33.1> In-Reply-To: <4155.193.68.33.1.1133340924.squirrel@193.68.33.1> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-2" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200511301336.10782.andreas.nemeth@aporem.net> Subject: Re: Reflections on Trusting Trust X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Nov 2005 12:39:45 -0000 On Wednesday 30 November 2005 09:55, =C1d=E1m Szilveszter wrote: > Which practically begs the question: could we, pretty please, change the > defaults and stop encouraging people from downloading distfiles and > compiling them when using the ports tree as *root*? (shudder) There is > exactly zero reason for this that I can think of apart from some "well > it's more convenient that way" arguments. With the current model of using > ports (and packages too) every single BO or whatever in eg fetch or > libfetch becomes a sure-fire remote root vulnerability, because all > FreeBSD machines use fetch to retrieve stuff from random sites on the > Internet (MASTERSITEs are all over the place) as root. A security > worst-practice.=20 Second that. But I feel a little uneasy about making /usr/ports/ group=20 writeable for wheel or giving it to a "normal" user on the system. What about creating a user called "ports" or something more compelling? Mos= t=20 daemons have their own uids, so why not "the daemon" for downloading an=20 compiling? > (Of course, we could go even further and start compartmentalising access > rights because eg a user with port-install rights should have no > permission to touch the base system, in partcular system binaries and the > contents of /etc, but this would also require saying farewell to some > really bizarre things like "openssh from ports overwriting the one in the > base" which would be really a good idea btw.) And what about the +INSTALL and +DEINSTALL scripts, some ports want to run?= =20 Those I've seen, ensure that a certain user exists. Therefore they roam=20 around in /etc. BTW, those scripts fail (of course), if /tmp is mounted with the noexec=20 option. So the nightmare begins with root re-mounting /tmp rw, fetching the= =20 distfiles and storing and executing shell scripts on /tmp... > Best regards, > Sz. Best regards, Andreas From owner-freebsd-security@FreeBSD.ORG Wed Nov 30 13:43:50 2005 Return-Path: X-Original-To: freebsd-security@FreeBSD.org Delivered-To: freebsd-security@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 880AC16A41F for ; Wed, 30 Nov 2005 13:43:50 +0000 (GMT) (envelope-from netchild@FreeBSD.org) Received: from www.ebusiness-leidinger.de (jojo.ms-net.de [84.16.236.246]) by mx1.FreeBSD.org (Postfix) with ESMTP id B343943D58 for ; Wed, 30 Nov 2005 13:43:49 +0000 (GMT) (envelope-from netchild@FreeBSD.org) Received: from Andro-Beta.Leidinger.net (p54A5E727.dip.t-dialin.net [84.165.231.39]) (authenticated bits=0) by www.ebusiness-leidinger.de (8.13.1/8.13.1) with ESMTP id jAUDHBBf011867; Wed, 30 Nov 2005 14:17:12 +0100 (CET) (envelope-from netchild@FreeBSD.org) Received: from localhost (localhost [127.0.0.1]) by Andro-Beta.Leidinger.net (8.13.3/8.13.3) with ESMTP id jAUDhhAW061783; Wed, 30 Nov 2005 14:43:43 +0100 (CET) (envelope-from netchild@FreeBSD.org) Received: from pslux.cec.eu.int (pslux.cec.eu.int [158.169.9.14]) by webmail.leidinger.net (Horde MIME library) with HTTP; Wed, 30 Nov 2005 14:43:43 +0100 Message-ID: <20051130144343.od5die60gsw4k0k0@netchild.homeip.net> X-Priority: 3 (Normal) Date: Wed, 30 Nov 2005 14:43:43 +0100 From: Alexander Leidinger To: Kurt Seifried References: <20051126224530.GD27757@cirb503493.alcatel.com.au><4389D072.2030502@iang.org> <20051127182116.GA30426@cirb503493.alcatel.com.au> <000e01c5f410$2de67820$1300110a@pooptop> In-Reply-To: <000e01c5f410$2de67820$1300110a@pooptop> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: 7bit User-Agent: Internet Messaging Program (IMP) H3 (4.0.3) / FreeBSD-4.11 X-Virus-Scanned: by amavisd-new X-Mailman-Approved-At: Wed, 30 Nov 2005 13:44:33 +0000 Cc: freebsd-security@FreeBSD.org Subject: Re: Reflections on Trusting Trust X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Nov 2005 13:43:50 -0000 Kurt Seifried wrote: > should have people upload their keys. On another note I am available > to sign PGP keys (proving your key/identity is an excercise left to > the reader =), or to the signer... the keys are available in the handbook (either from www.freebsd.org or in raw from http://cvsweb.freebsd.org/doc) and sending them to the @FreeBSD.org address should put them in to the hands of their owners (and if not, it doesn't matter, they just don't get your signature on their key). And AFAIK this is all PGP is supposed to verify, that the person behind "user@example.tld" is the same as the person with access to the secret key for this address. Please correct me if I'm wrong and PGP also is supposed to e.g. verify that the name is the same as on the passport or whatever way of personal identification is available where the owner of the key to sign lives). But this assumes the signer trusts the FreeBSD.org security: Access to the FreeBSD.org machines is only granted with a known ssh v2 key. Such a key is put in place by an admin, who got the key in a secure manner (either via a PGP signed mail or uploaded to such a machine via scp by an already trusted person). Without ssh access there's no way to insert a key into the CVS repository. My Alexander@Leidinger.net key is also available from https://keyserver.pgp.com (I just noticed that my @FreeBSD.org key is not available there... I should correct this). I verified (by inspecting the fingerprint) that the key which is available from there is my own one before acknowledging their verification procedure (see https://keyserver.pgp.com/vkd/VKDVerificationPGPCom.html for the drawbacks of their approach). Bye, Alexander. -- http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137 The human mind treats a new idea the way the body treats a strange protein: it rejects it. -- P. Medawar From owner-freebsd-security@FreeBSD.ORG Wed Nov 30 13:56:34 2005 Return-Path: X-Original-To: freebsd-security@FreeBSD.org Delivered-To: freebsd-security@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0E5AD16A424; Wed, 30 Nov 2005 13:56:34 +0000 (GMT) (envelope-from Alexander@Leidinger.net) Received: from www.ebusiness-leidinger.de (jojo.ms-net.de [84.16.236.246]) by mx1.FreeBSD.org (Postfix) with ESMTP id CCF5343D76; Wed, 30 Nov 2005 13:56:15 +0000 (GMT) (envelope-from Alexander@Leidinger.net) Received: from Andro-Beta.Leidinger.net (p54A5E727.dip.t-dialin.net [84.165.231.39]) (authenticated bits=0) by www.ebusiness-leidinger.de (8.13.1/8.13.1) with ESMTP id jAUDNts3011901; Wed, 30 Nov 2005 14:24:13 +0100 (CET) (envelope-from Alexander@Leidinger.net) Received: from localhost (localhost [127.0.0.1]) by Andro-Beta.Leidinger.net (8.13.3/8.13.3) with ESMTP id jAUDoHHp063016; Wed, 30 Nov 2005 14:50:17 +0100 (CET) (envelope-from Alexander@Leidinger.net) Received: from pslux.cec.eu.int (pslux.cec.eu.int [158.169.9.14]) by webmail.leidinger.net (Horde MIME library) with HTTP; Wed, 30 Nov 2005 14:50:17 +0100 Message-ID: <20051130145017.895dszmso48oskcg@netchild.homeip.net> X-Priority: 3 (Normal) Date: Wed, 30 Nov 2005 14:50:17 +0100 From: Alexander Leidinger To: Kris Kennaway References: <20051129120151.5A2FB16A420@hub.freebsd.org> <002601c5f4fa$b5115320$e403000a@rickderringer> <20051129232703.GA60060@xor.obsecurity.org> <438CE78F.303@freebsd.org> <20051130000552.GB60924@xor.obsecurity.org> <438D0961.40307@freebsd.org> <20051130032459.GA63255@xor.obsecurity.org> In-Reply-To: <20051130032459.GA63255@xor.obsecurity.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: 7bit User-Agent: Internet Messaging Program (IMP) H3 (4.0.3) / FreeBSD-4.11 X-Virus-Scanned: by amavisd-new X-Mailman-Approved-At: Wed, 30 Nov 2005 13:59:00 +0000 Cc: freebsd-security@FreeBSD.org, aristeu , Colin Percival Subject: Re: Reflections on Trusting Trust X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Nov 2005 13:56:34 -0000 Kris Kennaway wrote: > On Tue, Nov 29, 2005 at 06:07:29PM -0800, Colin Percival wrote: >> If we're going to sign anything, we need to ensure not just that we're >> signing what we think we're signing, but also that we're signing what the >> *end users* think that we're signing. > > Seems to me that ignorance and a false sense of security is bad > wherever it appears, so all we can do is try our best to educate users > about what they're getting. By printing a nice text every time someone installs a signed package? Noisy and annoying, but because of this nobody is allowed to say they didn't knowed about it. Bye, Alexander. -- http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137 HARTLEY'S SECOND LAW: Never sleep with anyone crazier than yourself. My corollary: The completely psychotic have all the fun. From owner-freebsd-security@FreeBSD.ORG Wed Nov 30 15:02:16 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 09AE716A420 for ; Wed, 30 Nov 2005 15:02:16 +0000 (GMT) (envelope-from suporte@wahtec.com.br) Received: from galois.wahtec.com.br (galois.wahtec.com.br [200.96.65.150]) by mx1.FreeBSD.org (Postfix) with ESMTP id B02D743D6B for ; Wed, 30 Nov 2005 15:01:47 +0000 (GMT) (envelope-from suporte@wahtec.com.br) Received: (qmail 48913 invoked by uid 98); 30 Nov 2005 15:05:41 -0000 Received: from 127.0.0.1 by brasil.intranet (envelope-from , uid 1024) with qmail-scanner-1.24 (f-prot: 4.4.7/3.14.13. spamassassin: 2.63. Clear:RC:1(127.0.0.1):. Processed in 0.11006 secs); 30 Nov 2005 15:05:41 -0000 X-Qmail-Scanner-Mail-From: suporte@wahtec.com.br via brasil.intranet X-Qmail-Scanner: 1.24 (Clear:RC:1(127.0.0.1):. Processed in 0.11006 secs) Received: from unknown (HELO rickderringer) (arisjr@unknown) by unknown with SMTP; 30 Nov 2005 15:05:41 -0000 Message-ID: <008a01c5f5be$f6ff3940$e403000a@rickderringer> From: "aristeu" To: "Kris Kennaway" References: <20051129120151.5A2FB16A420@hub.freebsd.org> <002601c5f4fa$b5115320$e403000a@rickderringer> <20051129232703.GA60060@xor.obsecurity.org> <438CE78F.303@freebsd.org> <20051130000552.GB60924@xor.obsecurity.org> <438D0961.40307@freebsd.org> <20051130032459.GA63255@xor.obsecurity.org> Date: Wed, 30 Nov 2005 13:01:38 -0200 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Cc: freebsd-security@freebsd.org Subject: Re: Reflections on Trusting Trust X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Nov 2005 15:02:16 -0000 >> Yes and no. Fixing other potential security risks is good, but not if >> it leads users to think that the packages are more trustworthy than they >> really are. In particular, if we started distributing signed packages, >> I suspect that most people would assume that the signatures guaranteed >> that the packages were good, rather than simply ensuring that the >> packages >> hadn't been modified with after they were built. >> >> If we're going to sign anything, we need to ensure not just that we're >> signing what we think we're signing, but also that we're signing what the >> *end users* think that we're signing. > >Seems to me that ignorance and a false sense of security is bad >wherever it appears, so all we can do is try our best to educate users >about what they're getting. I think that with a clear policy the ports and packages could be singned. Something like a banner during installation of a port "This key ensures that this port was made/arranged by an official freebsd port mantainer. The freebsd security team does not take responsability for its contents since it was not scrutinized by them. Good luck!", or, for packages, a similar message saying the package was built on freebsd infrastructure, but the freebsd team don`t take responsability fot its contents, bla, bla... I don't know what kind of authentication with port mantainers do you have, but I think between you guys and the port mantainers must exist some good scheme. This part is OK. now is just the freebsd server and end users part. Sign it with a "ports system" secret key, and a public key pre-installed on clients. The secret key well guarded on ports system core... Simple as that, it can mitigate some problems. I realy dont think signing things ensure that a port or package is secure, but but makes a hell of a better job proving that it came from where it saids it came than loose hashes. Other than that, "security by omission", if exists this, won't solve anything. I know the freebsd-update and portsnap (potsnap I just discovered in this thread) solutions are good. I'm wishing this to be the freebsd standard. I don't wanna push things, and I know things don't work this way. I just wanned to show an end user opinion, on the reflections topic... :) that said, I'm gone.... Thanks and best regards, --aristeu From owner-freebsd-security@FreeBSD.ORG Wed Nov 30 15:51:47 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 186E916A426; Wed, 30 Nov 2005 15:51:47 +0000 (GMT) (envelope-from chris@haakonia.hitnet.rwth-aachen.de) Received: from ms-dienst.rz.rwth-aachen.de (ms-2.rz.RWTH-Aachen.DE [134.130.3.131]) by mx1.FreeBSD.org (Postfix) with ESMTP id 813B743D75; Wed, 30 Nov 2005 15:51:41 +0000 (GMT) (envelope-from chris@haakonia.hitnet.rwth-aachen.de) Received: from r220-1 (r220-1.rz.RWTH-Aachen.DE [134.130.3.31]) by ms-dienst.rz.rwth-aachen.de (iPlanet Messaging Server 5.2 Patch 2 (built Jul 14 2004)) with ESMTP id <0IQR00L25YPXGE@ms-dienst.rz.rwth-aachen.de>; Wed, 30 Nov 2005 16:51:34 +0100 (MET) Received: from relay.rwth-aachen.de ([134.130.3.1]) by r220-1 (MailMonitor for SMTP v1.2.2 ) ; Wed, 30 Nov 2005 16:51:32 +0100 (MET) Received: from bigboss.hitnet.rwth-aachen.de (bigspace.hitnet.RWTH-Aachen.DE [137.226.181.2]) by relay.rwth-aachen.de (8.13.3/8.13.3/1) with ESMTP id jAUFpW5N012563; Wed, 30 Nov 2005 16:51:32 +0100 (MET) Received: from lorien.hitnet.rwth-aachen.de ([137.226.181.92] helo=haakonia.hitnet.rwth-aachen.de) by bigboss.hitnet.rwth-aachen.de with esmtp (Exim 3.35 #1 (Debian)) id 1EhUF2-0004CD-00; Wed, 30 Nov 2005 16:51:32 +0100 Received: by haakonia.hitnet.rwth-aachen.de (Postfix, from userid 1001) id C94B33F40B; Wed, 30 Nov 2005 16:51:30 +0100 (CET) Date: Wed, 30 Nov 2005 16:51:30 +0100 From: Christian Brueffer In-reply-to: <20051130144343.od5die60gsw4k0k0@netchild.homeip.net> To: Alexander Leidinger Message-id: <20051130155130.GA4632@unixpages.org> MIME-version: 1.0 Content-type: multipart/signed; boundary=qMm9M+Fa2AknHoGS; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-disposition: inline User-Agent: Mutt/1.5.11 X-Operating-System: FreeBSD 6.0-STABLE X-PGP-Key: http://people.FreeBSD.org/~brueffer/brueffer.key.asc X-PGP-Fingerprint: A5C8 2099 19FF AACA F41B B29B 6C76 178C A0ED 982D References: <20051126224530.GD27757@cirb503493.alcatel.com.au> <4389D072.2030502@iang.org> <20051127182116.GA30426@cirb503493.alcatel.com.au> <000e01c5f410$2de67820$1300110a@pooptop> <20051130144343.od5die60gsw4k0k0@netchild.homeip.net> Cc: freebsd-security@FreeBSD.org, Kurt Seifried Subject: Re: Reflections on Trusting Trust X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Nov 2005 15:51:47 -0000 --qMm9M+Fa2AknHoGS Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Nov 30, 2005 at 02:43:43PM +0100, Alexander Leidinger wrote: > Kurt Seifried wrote: >=20 > >should have people upload their keys. On another note I am available=20 > >to sign PGP keys (proving your key/identity is an excercise left to=20 > >the reader =3D), >=20 > or to the signer... the keys are available in the handbook (either from > www.freebsd.org or in raw from http://cvsweb.freebsd.org/doc) and sending > them to the @FreeBSD.org address should put them in to the hands of their > owners (and if not, it doesn't matter, they just don't get your signature= on > their key). And AFAIK this is all PGP is supposed to verify, that the per= son > behind "user@example.tld" is the same as the person with access to the > secret key for this address. Please correct me if I'm wrong and PGP also = is > supposed to e.g. verify that the name is the same as on the passport or > whatever way of personal identification is available where the owner of t= he > key to sign lives). >=20 Well, at least to me it's also about "does the name on the key and the private key owner match?" I wouldn't sign a foreign key without having checked an official document containing a photo first (passport, drivers license etc). - Christian --=20 Christian Brueffer chris@unixpages.org brueffer@FreeBSD.org GPG Key: http://people.freebsd.org/~brueffer/brueffer.key.asc GPG Fingerprint: A5C8 2099 19FF AACA F41B B29B 6C76 178C A0ED 982D --qMm9M+Fa2AknHoGS Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFDjcqCbHYXjKDtmC0RAsGsAJ0fMU6X/rU7gHPFNx9ohwnafcjj+ACffQL0 hcnxr469ot7gAyk7jg4MDIg= =a5qY -----END PGP SIGNATURE----- --qMm9M+Fa2AknHoGS-- From owner-freebsd-security@FreeBSD.ORG Wed Nov 30 17:58:53 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8855B16A420 for ; Wed, 30 Nov 2005 17:58:53 +0000 (GMT) (envelope-from PeterJeremy@optushome.com.au) Received: from mail01.syd.optusnet.com.au (mail01.syd.optusnet.com.au [211.29.132.182]) by mx1.FreeBSD.org (Postfix) with ESMTP id D4D5A43D62 for ; Wed, 30 Nov 2005 17:58:51 +0000 (GMT) (envelope-from PeterJeremy@optushome.com.au) Received: from cirb503493.alcatel.com.au (c220-239-19-236.belrs4.nsw.optusnet.com.au [220.239.19.236]) by mail01.syd.optusnet.com.au (8.12.11/8.12.11) with ESMTP id jAUHwaZF031492 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Thu, 1 Dec 2005 04:58:39 +1100 Received: from cirb503493.alcatel.com.au (localhost.alcatel.com.au [127.0.0.1]) by cirb503493.alcatel.com.au (8.12.10/8.12.10) with ESMTP id jAUHwaHh035121; Thu, 1 Dec 2005 04:58:36 +1100 (EST) (envelope-from pjeremy@cirb503493.alcatel.com.au) Received: (from pjeremy@localhost) by cirb503493.alcatel.com.au (8.12.10/8.12.9/Submit) id jAUHwa1G035120; Thu, 1 Dec 2005 04:58:36 +1100 (EST) (envelope-from pjeremy) Date: Thu, 1 Dec 2005 04:58:36 +1100 From: Peter Jeremy To: Andreas Nemeth Message-ID: <20051130175835.GD32006@cirb503493.alcatel.com.au> References: <20051129120151.5A2FB16A420@hub.freebsd.org> <438CE78F.303@freebsd.org> <4155.193.68.33.1.1133340924.squirrel@193.68.33.1> <200511301336.10782.andreas.nemeth@aporem.net> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <200511301336.10782.andreas.nemeth@aporem.net> User-Agent: Mutt/1.4.2.1i X-PGP-Key: http://members.optusnet.com.au/peterjeremy/pubkey.asc Cc: freebsd-security@freebsd.org Subject: Re: Reflections on Trusting Trust X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Nov 2005 17:58:53 -0000 On Wed, 2005-Nov-30 13:36:10 +0100, Andreas Nemeth wrote: >On Wednesday 30 November 2005 09:55, Ádám Szilveszter wrote: >> Which practically begs the question: could we, pretty please, change the >> defaults and stop encouraging people from downloading distfiles and >> compiling them when using the ports tree as *root*? > >Second that. But I feel a little uneasy about making /usr/ports/ group >writeable for wheel or giving it to a "normal" user on the system. By default, /usr/ports is used to store: - A checked-out copy of the ports tree as stored in CVS. - INDEX-* This is hard-wired in the Makefile infrastructure - Compilation/work directories - overridable with WRKDIRPREFIX - distfiles - overridable with DISTDIR - packages - overridable with PACKAGES - portupgrade's INDEX*.db - overridable with PORTS_DBDIR Rather than making /usr/ports writable by anyone other than root (if you don't want to), you can create alternative locations for distfiles, work directories (and package directories) so a normal used can download and compile ports. At one stage, editors/openoffice.org-1.1 wouldn't build if WRKDIRPREFIX was set but that has been fixed. I haven't run into any other problems (though it might be interesting for the build cluster to verify that). Note that the only ports-related file that can't be moved out of the ports tree is 'INDEX'. This is annoying (I'd like to be able to RO export /usr/ports across several FreeBSD variants) but 'make index' only uses information within the ports tree and so isn't dangerous. >And what about the +INSTALL and +DEINSTALL scripts, some ports want to run? I don't think any package management system has managed to avoid needing scripts to handle some functions. This is primarily an issue if you are installing a package because the scripts come out of your ports tree if you built the port. (AFAIK, no ports create these scripts on the fly). >Those I've seen, ensure that a certain user exists. Therefore they roam >around in /etc. And, hence, require root privileges. >BTW, those scripts fail (of course), if /tmp is mounted with the noexec >option. I think the solution to this is to set PKG_TMPDIR somewhere else. -- Peter Jeremy From owner-freebsd-security@FreeBSD.ORG Wed Nov 30 18:15:35 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D0C3316A41F; Wed, 30 Nov 2005 18:15:35 +0000 (GMT) (envelope-from PeterJeremy@optushome.com.au) Received: from mail15.syd.optusnet.com.au (mail15.syd.optusnet.com.au [211.29.132.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4FDE343D5C; Wed, 30 Nov 2005 18:15:34 +0000 (GMT) (envelope-from PeterJeremy@optushome.com.au) Received: from cirb503493.alcatel.com.au (c220-239-19-236.belrs4.nsw.optusnet.com.au [220.239.19.236]) by mail15.syd.optusnet.com.au (8.12.11/8.12.11) with ESMTP id jAUIFVUi011686 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Thu, 1 Dec 2005 05:15:31 +1100 Received: from cirb503493.alcatel.com.au (localhost.alcatel.com.au [127.0.0.1]) by cirb503493.alcatel.com.au (8.12.10/8.12.10) with ESMTP id jAUIFVHh035163; Thu, 1 Dec 2005 05:15:31 +1100 (EST) (envelope-from pjeremy@cirb503493.alcatel.com.au) Received: (from pjeremy@localhost) by cirb503493.alcatel.com.au (8.12.10/8.12.9/Submit) id jAUIFUu7035162; Thu, 1 Dec 2005 05:15:30 +1100 (EST) (envelope-from pjeremy) Date: Thu, 1 Dec 2005 05:15:30 +1100 From: Peter Jeremy To: Alexander Leidinger Message-ID: <20051130181530.GE32006@cirb503493.alcatel.com.au> References: <20051127182116.GA30426@cirb503493.alcatel.com.au> <000e01c5f410$2de67820$1300110a@pooptop> <20051130144343.od5die60gsw4k0k0@netchild.homeip.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20051130144343.od5die60gsw4k0k0@netchild.homeip.net> User-Agent: Mutt/1.4.2.1i X-PGP-Key: http://members.optusnet.com.au/peterjeremy/pubkey.asc Cc: freebsd-security@freebsd.org, Kurt Seifried Subject: Re: Reflections on Trusting Trust X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Nov 2005 18:15:35 -0000 On Wed, 2005-Nov-30 14:43:43 +0100, Alexander Leidinger wrote: >Kurt Seifried wrote: > >>should have people upload their keys. On another note I am available >>to sign PGP keys (proving your key/identity is an excercise left to >>the reader =), > >or to the signer... the keys are available in the handbook (either from >www.freebsd.org or in raw from http://cvsweb.freebsd.org/doc) But how do I know that the data I download from *.freebsd.org hasn't been tampered with? Either by a MITM attack between me and the real *.freebsd.org site or a DNS attack redirecting me to a third site. This was the nub of my original posting. > And AFAIK this is all PGP is supposed to verify, that the person >behind "user@example.tld" is the same as the person with access to the >secret key for this address. PGP is susceptable to MITM attacks - Ann asks Bruce for his public key. Mallory intercepts the request and substitutes his own public key. He can then intercept, alter and re-sign following exchanges so neither Ann nor Bruce realise they have an intruder. >But this assumes the signer trusts the FreeBSD.org security: If you don't trust the FreeBSD Project you wouldn't run FreeBSD. > Without ssh access there's no way to insert a key into the CVS >repository. Assuming no security holes in the infrastructure... How can I tell that my private copy of the FreeBSD Project's CVS repository is the same as the one on whatever.FreeBSD.org? -- Peter Jeremy From owner-freebsd-security@FreeBSD.ORG Wed Nov 30 18:42:57 2005 Return-Path: X-Original-To: freebsd-security@FreeBSD.org Delivered-To: freebsd-security@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F1EA716A41F for ; Wed, 30 Nov 2005 18:42:56 +0000 (GMT) (envelope-from netchild@FreeBSD.org) Received: from www.ebusiness-leidinger.de (jojo.ms-net.de [84.16.236.246]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6AD2F43D62 for ; Wed, 30 Nov 2005 18:42:55 +0000 (GMT) (envelope-from netchild@FreeBSD.org) Received: from Andro-Beta.Leidinger.net (p54A5E727.dip.t-dialin.net [84.165.231.39]) (authenticated bits=0) by www.ebusiness-leidinger.de (8.13.1/8.13.1) with ESMTP id jAUIGGmV013721; Wed, 30 Nov 2005 19:16:17 +0100 (CET) (envelope-from netchild@FreeBSD.org) Received: from Magellan.Leidinger.net (Magellan.Leidinger.net [192.168.1.1]) by Andro-Beta.Leidinger.net (8.13.3/8.13.3) with ESMTP id jAUIgoYB017097; Wed, 30 Nov 2005 19:42:50 +0100 (CET) (envelope-from netchild@FreeBSD.org) Date: Wed, 30 Nov 2005 19:42:50 +0100 From: Alexander Leidinger To: Peter Jeremy Message-ID: <20051130194250.255d2e18@Magellan.Leidinger.net> In-Reply-To: <20051130181530.GE32006@cirb503493.alcatel.com.au> References: <20051127182116.GA30426@cirb503493.alcatel.com.au> <000e01c5f410$2de67820$1300110a@pooptop> <20051130144343.od5die60gsw4k0k0@netchild.homeip.net> <20051130181530.GE32006@cirb503493.alcatel.com.au> Organization: FreeBSD X-Mailer: Sylpheed-Claws 1.9.100 (GTK+ 2.8.7; i386-portbld-freebsd7.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new X-Mailman-Approved-At: Wed, 30 Nov 2005 18:45:05 +0000 Cc: freebsd-security@FreeBSD.org, Kurt Seifried Subject: Re: Reflections on Trusting Trust X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Nov 2005 18:42:57 -0000 On Thu, 1 Dec 2005 05:15:30 +1100 Peter Jeremy wrote: > On Wed, 2005-Nov-30 14:43:43 +0100, Alexander Leidinger wrote: > >Kurt Seifried wrote: > > > >>should have people upload their keys. On another note I am available > >>to sign PGP keys (proving your key/identity is an excercise left to > >>the reader =), > > > >or to the signer... the keys are available in the handbook (either from > >www.freebsd.org or in raw from http://cvsweb.freebsd.org/doc) > > But how do I know that the data I download from *.freebsd.org hasn't > been tampered with? Either by a MITM attack between me and the real > *.freebsd.org site or a DNS attack redirecting me to a third site. > This was the nub of my original posting. Yes, I know. But if you get the same *wrong* data (for the PGP keys it's relatively easy to verify) from several locations (cvsup*.FreeBSD.org + cvsweb.freebsd.org + www.freebsd.org, don't forget to check if they point to a reasonable amount of different IP's; the printed handbook and the handbook on the release CDs), then you have other things to worry about... > > And AFAIK this is all PGP is supposed to verify, that the person > >behind "user@example.tld" is the same as the person with access to the > >secret key for this address. > > PGP is susceptable to MITM attacks - Ann asks Bruce for his public > key. Mallory intercepts the request and substitutes his own public > key. He can then intercept, alter and re-sign following exchanges so > neither Ann nor Bruce realise they have an intruder. Yes, in theory. In practice there's a point where you either say "I trust this", or you say "if I can't trust this from this point on, I don't have to worry about it, since I'm busted already". See above. > >But this assumes the signer trusts the FreeBSD.org security: > > If you don't trust the FreeBSD Project you wouldn't run FreeBSD. > > > Without ssh access there's no way to insert a key into the CVS > >repository. > > Assuming no security holes in the infrastructure... How can I tell Yes. > that my private copy of the FreeBSD Project's CVS repository is the > same as the one on whatever.FreeBSD.org? Assuming enough resources: ATM only by downloading all and diffing them. If they all match, you are either busted already since the attacker controls too much, or you can say the probability is high enough that you got a copy of the original repository. Bye, Alexander. -- http://www.Leidinger.net Alexander @ Leidinger.net GPG fingerprint = C518 BC70 E67F 143F BE91 3365 79E2 9C60 B006 3FE7 From owner-freebsd-security@FreeBSD.ORG Wed Nov 30 19:38:20 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F170416A41F for ; Wed, 30 Nov 2005 19:38:20 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id A8EF143D55 for ; Wed, 30 Nov 2005 19:38:12 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: from obsecurity.dyndns.org (elvis.mu.org [192.203.228.196]) by elvis.mu.org (Postfix) with ESMTP id 202421A3C28; Wed, 30 Nov 2005 11:38:12 -0800 (PST) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 6B26153492; Wed, 30 Nov 2005 14:38:11 -0500 (EST) Date: Wed, 30 Nov 2005 14:38:11 -0500 From: Kris Kennaway To: Peter Jeremy Message-ID: <20051130193811.GA76243@xor.obsecurity.org> References: <20051129120151.5A2FB16A420@hub.freebsd.org> <438CE78F.303@freebsd.org> <4155.193.68.33.1.1133340924.squirrel@193.68.33.1> <200511301336.10782.andreas.nemeth@aporem.net> <20051130175835.GD32006@cirb503493.alcatel.com.au> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="J2SCkAp4GZ/dPZZf" Content-Disposition: inline In-Reply-To: <20051130175835.GD32006@cirb503493.alcatel.com.au> User-Agent: Mutt/1.4.2.1i Cc: freebsd-security@freebsd.org, Andreas Nemeth Subject: Re: Reflections on Trusting Trust X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Nov 2005 19:38:21 -0000 --J2SCkAp4GZ/dPZZf Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Thu, Dec 01, 2005 at 04:58:36AM +1100, Peter Jeremy wrote: > Note that the only ports-related file that can't be moved out of the > ports tree is 'INDEX'. Set INDEXFILE. Kris --J2SCkAp4GZ/dPZZf Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFDjf+jWry0BWjoQKURArsaAKD2VcsfB5aPEuqw0eRBOLaGXAu8LQCg7I4f 1aTqS/tvJ7oOJQtxgiF6cxY= =SHZ4 -----END PGP SIGNATURE----- --J2SCkAp4GZ/dPZZf-- From owner-freebsd-security@FreeBSD.ORG Thu Dec 1 00:50:50 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B58F616A41F for ; Thu, 1 Dec 2005 00:50:50 +0000 (GMT) (envelope-from iwan@staff.usd.ac.id) Received: from staff.usd.ac.id (staff.usd.ac.id [202.152.7.132]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5F9BD43D49 for ; Thu, 1 Dec 2005 00:50:49 +0000 (GMT) (envelope-from iwan@staff.usd.ac.id) Received: from webmail.usd.ac.id (webmail.usd.ac.id [202.152.7.139]) by staff.usd.ac.id (8.11.0/8.11.0) with ESMTP id jB10vTa09104 for ; Thu, 1 Dec 2005 07:57:30 +0700 Received: from 202.65.114.229 (proxying for 172.21.200.51) (SquirrelMail authenticated user iwan) by webmail.usd.ac.id with HTTP; Thu, 1 Dec 2005 08:05:17 -0000 (UTC) Message-ID: <52765.202.65.114.229.1133424317.squirrel@webmail.usd.ac.id> Date: Thu, 1 Dec 2005 08:05:17 -0000 (UTC) From: iwan@staff.usd.ac.id To: freebsd-security@freebsd.org User-Agent: SquirrelMail/1.4.5 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Subject: exploiting kernel X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Dec 2005 00:50:50 -0000 Hi, Can kernel's freeBSD exploited by tools hacking ? If true, can I know how to fix this problem, and what tools can do that. Thanks alot From owner-freebsd-security@FreeBSD.ORG Thu Dec 1 03:52:18 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2EA5F16A41F for ; Thu, 1 Dec 2005 03:52:18 +0000 (GMT) (envelope-from timothy@open-networks.net) Received: from titan.open-networks.net (ns.open-networks.net [202.173.176.254]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9CC5B43D60 for ; Thu, 1 Dec 2005 03:52:17 +0000 (GMT) (envelope-from timothy@open-networks.net) Received: from [192.168.1.200] (unknown [192.168.1.1]) by titan.open-networks.net (Postfix) with ESMTP id B34FEB83C; Thu, 1 Dec 2005 13:52:21 +1000 (EST) Message-ID: <438E7375.5030100@open-networks.net> Date: Thu, 01 Dec 2005 13:52:21 +1000 From: Timothy Smith User-Agent: Mozilla Thunderbird 1.0.7 (X11/20051130) X-Accept-Language: en-us, en MIME-Version: 1.0 To: iwan@staff.usd.ac.id References: <52765.202.65.114.229.1133424317.squirrel@webmail.usd.ac.id> In-Reply-To: <52765.202.65.114.229.1133424317.squirrel@webmail.usd.ac.id> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-security@freebsd.org Subject: Re: exploiting kernel X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Dec 2005 03:52:18 -0000 iwan@staff.usd.ac.id wrote: >Hi, >Can kernel's freeBSD exploited by tools hacking ? If true, >can I know how to fix this problem, and what tools can do >that. > >Thanks alot > > > >_______________________________________________ >freebsd-security@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-security >To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > > > > thats a bit like asking how long is a piece of string. the port chkrootkit can help tell you if a root kit has been installed on your system, thats all i can tell you with the information you gave. From owner-freebsd-security@FreeBSD.ORG Thu Dec 1 05:25:04 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C723516A42C for ; Thu, 1 Dec 2005 05:25:04 +0000 (GMT) (envelope-from iwan@staff.usd.ac.id) Received: from staff.usd.ac.id (staff.usd.ac.id [202.152.7.132]) by mx1.FreeBSD.org (Postfix) with ESMTP id ECE8443D81 for ; Thu, 1 Dec 2005 05:24:48 +0000 (GMT) (envelope-from iwan@staff.usd.ac.id) Received: from webmail.usd.ac.id (webmail.usd.ac.id [202.152.7.139]) by staff.usd.ac.id (8.11.0/8.11.0) with ESMTP id jB15V7a11450; Thu, 1 Dec 2005 12:31:12 +0700 Received: from 202.65.114.229 (proxying for 172.21.200.3) (SquirrelMail authenticated user iwan) by webmail.usd.ac.id with HTTP; Thu, 1 Dec 2005 12:39:02 -0000 (UTC) Message-ID: <63365.202.65.114.229.1133440742.squirrel@webmail.usd.ac.id> In-Reply-To: <438E7375.5030100@open-networks.net> References: <52765.202.65.114.229.1133424317.squirrel@webmail.usd.ac.id> <438E7375.5030100@open-networks.net> Date: Thu, 1 Dec 2005 12:39:02 -0000 (UTC) From: iwan@staff.usd.ac.id To: "Timothy Smith" User-Agent: SquirrelMail/1.4.5 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Cc: freebsd-security@freebsd.org Subject: Re: exploiting kernel X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Dec 2005 05:25:04 -0000 I'm sorry my english makes confuse, my email mean: I need to know about kernel's freebsd exploiting to securing my box. And I need to know how hackers do that (and what kind of tools they used) either. Thanks. > iwan@staff.usd.ac.id wrote: > >>Hi, >>Can kernel's freeBSD exploited by tools hacking ? If >> true, >>can I know how to fix this problem, and what tools can do >>that. >> >>Thanks alot >> >> >> >>_______________________________________________ >>freebsd-security@freebsd.org mailing list >>http://lists.freebsd.org/mailman/listinfo/freebsd-security >>To unsubscribe, send any mail to >> "freebsd-security-unsubscribe@freebsd.org" >> >> >> >> > thats a bit like asking how long is a piece of string. > the port chkrootkit can help tell you if a root kit has > been installed > on your system, thats all i can tell you with the > information you gave. > From owner-freebsd-security@FreeBSD.ORG Thu Dec 1 05:38:33 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 41C5616A41F for ; Thu, 1 Dec 2005 05:38:33 +0000 (GMT) (envelope-from PeterJeremy@optushome.com.au) Received: from mail18.syd.optusnet.com.au (mail18.syd.optusnet.com.au [211.29.132.199]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5E44243D5A for ; Thu, 1 Dec 2005 05:38:31 +0000 (GMT) (envelope-from PeterJeremy@optushome.com.au) Received: from cirb503493.alcatel.com.au (c220-239-19-236.belrs4.nsw.optusnet.com.au [220.239.19.236]) by mail18.syd.optusnet.com.au (8.12.11/8.12.11) with ESMTP id jB15cS3F007584 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Thu, 1 Dec 2005 16:38:29 +1100 Received: from cirb503493.alcatel.com.au (localhost.alcatel.com.au [127.0.0.1]) by cirb503493.alcatel.com.au (8.12.10/8.12.10) with ESMTP id jB15cRHh035769; Thu, 1 Dec 2005 16:38:27 +1100 (EST) (envelope-from pjeremy@cirb503493.alcatel.com.au) Received: (from pjeremy@localhost) by cirb503493.alcatel.com.au (8.12.10/8.12.9/Submit) id jB15cRo7035768; Thu, 1 Dec 2005 16:38:27 +1100 (EST) (envelope-from pjeremy) Date: Thu, 1 Dec 2005 16:38:26 +1100 From: Peter Jeremy To: Kris Kennaway Message-ID: <20051201053826.GF32006@cirb503493.alcatel.com.au> References: <20051129120151.5A2FB16A420@hub.freebsd.org> <438CE78F.303@freebsd.org> <4155.193.68.33.1.1133340924.squirrel@193.68.33.1> <200511301336.10782.andreas.nemeth@aporem.net> <20051130175835.GD32006@cirb503493.alcatel.com.au> <20051130193811.GA76243@xor.obsecurity.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20051130193811.GA76243@xor.obsecurity.org> User-Agent: Mutt/1.4.2.1i X-PGP-Key: http://members.optusnet.com.au/peterjeremy/pubkey.asc Cc: freebsd-security@freebsd.org Subject: Re: Reflections on Trusting Trust X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Dec 2005 05:38:33 -0000 On Wed, 2005-Nov-30 14:38:11 -0500, Kris Kennaway wrote: >On Thu, Dec 01, 2005 at 04:58:36AM +1100, Peter Jeremy wrote: > >> Note that the only ports-related file that can't be moved out of the >> ports tree is 'INDEX'. > >Set INDEXFILE. INDEXFILE always appears to be prepended with ${.CURDIR} or ${PORTSDIR} This means you can change it's name but you can't move it out of the ports tree. Symlinks won't work because 'make index' begins with rm -f ${.CURDIR}/${INDEXFILE} (thought 'make INDEX' avoids this). -- Peter Jeremy From owner-freebsd-security@FreeBSD.ORG Thu Dec 1 05:51:38 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9247A16A41F for ; Thu, 1 Dec 2005 05:51:38 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3E76543D55 for ; Thu, 1 Dec 2005 05:51:38 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: from obsecurity.dyndns.org (elvis.mu.org [192.203.228.196]) by elvis.mu.org (Postfix) with ESMTP id 1F8E31A3C25; Wed, 30 Nov 2005 21:51:38 -0800 (PST) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 576B2515B4; Thu, 1 Dec 2005 00:51:37 -0500 (EST) Date: Thu, 1 Dec 2005 00:51:37 -0500 From: Kris Kennaway To: Peter Jeremy Message-ID: <20051201055137.GA84687@xor.obsecurity.org> References: <20051129120151.5A2FB16A420@hub.freebsd.org> <438CE78F.303@freebsd.org> <4155.193.68.33.1.1133340924.squirrel@193.68.33.1> <200511301336.10782.andreas.nemeth@aporem.net> <20051130175835.GD32006@cirb503493.alcatel.com.au> <20051130193811.GA76243@xor.obsecurity.org> <20051201053826.GF32006@cirb503493.alcatel.com.au> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="3MwIy2ne0vdjdPXF" Content-Disposition: inline In-Reply-To: <20051201053826.GF32006@cirb503493.alcatel.com.au> User-Agent: Mutt/1.4.2.1i Cc: freebsd-security@freebsd.org, Kris Kennaway Subject: Re: Reflections on Trusting Trust X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Dec 2005 05:51:38 -0000 --3MwIy2ne0vdjdPXF Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Dec 01, 2005 at 04:38:26PM +1100, Peter Jeremy wrote: > On Wed, 2005-Nov-30 14:38:11 -0500, Kris Kennaway wrote: > >On Thu, Dec 01, 2005 at 04:58:36AM +1100, Peter Jeremy wrote: > > > >> Note that the only ports-related file that can't be moved out of the > >> ports tree is 'INDEX'. > > > >Set INDEXFILE. >=20 > INDEXFILE always appears to be prepended with ${.CURDIR} or ${PORTSDIR} > This means you can change it's name but you can't move it out of the > ports tree. Symlinks won't work because 'make index' begins with > rm -f ${.CURDIR}/${INDEXFILE} (thought 'make INDEX' avoids this). Hmm, I think you're right..we should fix this. Probably we have to add a new variable like INDEXPATH for backwards compatibility. Can you submit a PR noting the problem so it doesn't get forgotten? Kris --3MwIy2ne0vdjdPXF Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFDjo9pWry0BWjoQKURAl7zAKCSHKF9ola8lmRNG1JIQ0Ee+iMrpwCePyVN iWIqjbMNFT+KWjmQVg+KNgw= =GW1V -----END PGP SIGNATURE----- --3MwIy2ne0vdjdPXF-- From owner-freebsd-security@FreeBSD.ORG Thu Dec 1 06:15:36 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2550316A41F; Thu, 1 Dec 2005 06:15:36 +0000 (GMT) (envelope-from PeterJeremy@optushome.com.au) Received: from mail07.syd.optusnet.com.au (mail07.syd.optusnet.com.au [211.29.132.188]) by mx1.FreeBSD.org (Postfix) with ESMTP id 95FE243D53; Thu, 1 Dec 2005 06:15:34 +0000 (GMT) (envelope-from PeterJeremy@optushome.com.au) Received: from cirb503493.alcatel.com.au (c220-239-19-236.belrs4.nsw.optusnet.com.au [220.239.19.236]) by mail07.syd.optusnet.com.au (8.12.11/8.12.11) with ESMTP id jB16FUhr003583 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Thu, 1 Dec 2005 17:15:32 +1100 Received: from cirb503493.alcatel.com.au (localhost.alcatel.com.au [127.0.0.1]) by cirb503493.alcatel.com.au (8.12.10/8.12.10) with ESMTP id jB16FUHh035819; Thu, 1 Dec 2005 17:15:30 +1100 (EST) (envelope-from pjeremy@cirb503493.alcatel.com.au) Received: (from pjeremy@localhost) by cirb503493.alcatel.com.au (8.12.10/8.12.9/Submit) id jB16FUuD035818; Thu, 1 Dec 2005 17:15:30 +1100 (EST) (envelope-from pjeremy) Date: Thu, 1 Dec 2005 17:15:30 +1100 From: Peter Jeremy To: Alexander Leidinger Message-ID: <20051201061530.GG32006@cirb503493.alcatel.com.au> References: <20051127182116.GA30426@cirb503493.alcatel.com.au> <000e01c5f410$2de67820$1300110a@pooptop> <20051130144343.od5die60gsw4k0k0@netchild.homeip.net> <20051130181530.GE32006@cirb503493.alcatel.com.au> <20051130194250.255d2e18@Magellan.Leidinger.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20051130194250.255d2e18@Magellan.Leidinger.net> User-Agent: Mutt/1.4.2.1i X-PGP-Key: http://members.optusnet.com.au/peterjeremy/pubkey.asc Cc: freebsd-security@freebsd.org Subject: Re: Reflections on Trusting Trust X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Dec 2005 06:15:36 -0000 On Wed, 2005-Nov-30 19:42:50 +0100, Alexander Leidinger wrote: > But if you get the same *wrong* data (for the PGP keys it's >relatively easy to verify) from several locations (cvsup*.FreeBSD.org + >cvsweb.freebsd.org + www.freebsd.org, don't forget to check if they >point to a reasonable amount of different IP's; Keep in mind that for most people these addresses will all go through a single ISP. You need to to check several locations via several different paths (eg home and work or maybe cross-check with a friend who uses a different ISP). > the printed handbook >and the handbook on the release CDs), then you have other things to >worry about... I agree that if Agent Smith is out to get you then you have problems. >Assuming enough resources: ATM only by downloading all and diffing >them. If they all match, you are either busted already since the >attacker controls too much, or you can say the probability is high >enough that you got a copy of the original repository. This is non-trivial because the repository is not static and CVS doesn't store transaction logs that would allow you to reproduce the repository state at a point in time. -- Peter Jeremy From owner-freebsd-security@FreeBSD.ORG Thu Dec 1 06:42:46 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 42AAC16A41F for ; Thu, 1 Dec 2005 06:42:46 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: from elvis.mu.org (elvis.mu.org [192.203.228.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6303D43D60 for ; Thu, 1 Dec 2005 06:42:45 +0000 (GMT) (envelope-from kris@obsecurity.org) Received: from obsecurity.dyndns.org (elvis.mu.org [192.203.228.196]) by elvis.mu.org (Postfix) with ESMTP id 34E881A3C1A; Wed, 30 Nov 2005 22:42:45 -0800 (PST) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 8F609512D8; Thu, 1 Dec 2005 01:42:44 -0500 (EST) Date: Thu, 1 Dec 2005 01:42:44 -0500 From: Kris Kennaway To: iwan@staff.usd.ac.id Message-ID: <20051201064244.GA85286@xor.obsecurity.org> References: <52765.202.65.114.229.1133424317.squirrel@webmail.usd.ac.id> <438E7375.5030100@open-networks.net> <63365.202.65.114.229.1133440742.squirrel@webmail.usd.ac.id> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="qDbXVdCdHGoSgWSk" Content-Disposition: inline In-Reply-To: <63365.202.65.114.229.1133440742.squirrel@webmail.usd.ac.id> User-Agent: Mutt/1.4.2.1i Cc: Timothy Smith , freebsd-security@freebsd.org Subject: Re: exploiting kernel X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Dec 2005 06:42:46 -0000 --qDbXVdCdHGoSgWSk Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Thu, Dec 01, 2005 at 12:39:02PM -0000, iwan@staff.usd.ac.id wrote: > I'm sorry my english makes confuse, my email mean: > I need to know about kernel's freebsd exploiting to > securing my box. And I need to know how hackers do that > (and what kind of tools they used) either. www.freebsd.org/security Kris --qDbXVdCdHGoSgWSk Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFDjptkWry0BWjoQKURAiE9AJ9cKyyssgTSxGTa8Atocv9QRsGkIwCgiq8g GRFx/Wx8G8uK3d+2Hq1aDxE= =mxQv -----END PGP SIGNATURE----- --qDbXVdCdHGoSgWSk-- From owner-freebsd-security@FreeBSD.ORG Thu Dec 1 07:41:19 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C9DCD16A41F for ; Thu, 1 Dec 2005 07:41:19 +0000 (GMT) (envelope-from timothy@open-networks.net) Received: from titan.open-networks.net (ns.open-networks.net [202.173.176.254]) by mx1.FreeBSD.org (Postfix) with ESMTP id F12C143D72 for ; Thu, 1 Dec 2005 07:41:18 +0000 (GMT) (envelope-from timothy@open-networks.net) Received: from [192.168.1.200] (unknown [192.168.1.1]) by titan.open-networks.net (Postfix) with ESMTP id 12C00B83D; Thu, 1 Dec 2005 17:41:23 +1000 (EST) Message-ID: <438EA922.9030905@open-networks.net> Date: Thu, 01 Dec 2005 17:41:22 +1000 From: Timothy Smith User-Agent: Mozilla Thunderbird 1.0.7 (X11/20051130) X-Accept-Language: en-us, en MIME-Version: 1.0 To: iwan@staff.usd.ac.id References: <52765.202.65.114.229.1133424317.squirrel@webmail.usd.ac.id> <438E7375.5030100@open-networks.net> <63365.202.65.114.229.1133440742.squirrel@webmail.usd.ac.id> In-Reply-To: <63365.202.65.114.229.1133440742.squirrel@webmail.usd.ac.id> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-security@freebsd.org Subject: Re: exploiting kernel X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Dec 2005 07:41:19 -0000 iwan@staff.usd.ac.id wrote: >I'm sorry my english makes confuse, my email mean: >I need to know about kernel's freebsd exploiting to >securing my box. And I need to know how hackers do that >(and what kind of tools they used) either. > >Thanks. > > > >>iwan@staff.usd.ac.id wrote: >> >> >> >>>Hi, >>>Can kernel's freeBSD exploited by tools hacking ? If >>>true, >>>can I know how to fix this problem, and what tools can do >>>that. >>> >>>Thanks alot >>> >>> >>> >>>_______________________________________________ >>>freebsd-security@freebsd.org mailing list >>>http://lists.freebsd.org/mailman/listinfo/freebsd-security >>>To unsubscribe, send any mail to >>>"freebsd-security-unsubscribe@freebsd.org" >>> >>> >>> >>> >>> >>> >>thats a bit like asking how long is a piece of string. >>the port chkrootkit can help tell you if a root kit has >>been installed >>on your system, thats all i can tell you with the >>information you gave. >> >> >> > > > > for security, generally the kernel and base is not the biggest concern, it is ports. read this section on keeping your ports up to date http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ports-using.html and this info is on securing the system in general http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/security-advisories.html http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/securing-freebsd.html if you have already been broken into, some details on what happened will help us advise you on what they probably used. From owner-freebsd-security@FreeBSD.ORG Thu Dec 1 09:26:43 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8B17C16A41F for ; Thu, 1 Dec 2005 09:26:43 +0000 (GMT) (envelope-from lists-freebsd@silverwraith.com) Received: from keylime.silverwraith.com (keylime.silverwraith.com [69.55.228.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 47FFB43D5C for ; Thu, 1 Dec 2005 09:26:43 +0000 (GMT) (envelope-from lists-freebsd@silverwraith.com) Received: from avleen by keylime.silverwraith.com with local (Exim 4.41 (FreeBSD)) id 1EhkiB-000JgB-2F for freebsd-security@freebsd.org; Thu, 01 Dec 2005 01:26:43 -0800 Date: Thu, 1 Dec 2005 01:26:43 -0800 From: Avleen Vig To: freebsd-security@freebsd.org Message-ID: <20051201092642.GK17354@silverwraith.com> References: <52765.202.65.114.229.1133424317.squirrel@webmail.usd.ac.id> <438E7375.5030100@open-networks.net> <63365.202.65.114.229.1133440742.squirrel@webmail.usd.ac.id> <438EA922.9030905@open-networks.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <438EA922.9030905@open-networks.net> User-Agent: mutt-ng/devel-r535 (FreeBSD) Subject: Re: exploiting kernel X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Dec 2005 09:26:43 -0000 On Thu, Dec 01, 2005 at 05:41:22PM +1000, Timothy Smith wrote: > for security, generally the kernel and base is not the biggest concern, it is ports. > read this section on keeping your ports up to date > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ports-using.html > > and this info is on securing the system in general > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/security-advisories.html > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/securing-freebsd.html > > if you have already been broken into, some details on what happened > will help us advise you on what they probably used. I think he's asking "How do I break into a freebsd box?". I'm very wary of answering such questions, even when someone is asking for the pupose of securing a box. From owner-freebsd-security@FreeBSD.ORG Thu Dec 1 12:29:56 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AF0BF16A420; Thu, 1 Dec 2005 12:29:56 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 06E3E43D53; Thu, 1 Dec 2005 12:29:55 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id 9428246BCF; Thu, 1 Dec 2005 07:29:54 -0500 (EST) Date: Thu, 1 Dec 2005 12:29:54 +0000 (GMT) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: Peter Jeremy In-Reply-To: <20051130181530.GE32006@cirb503493.alcatel.com.au> Message-ID: <20051201115100.M95395@fledge.watson.org> References: <20051127182116.GA30426@cirb503493.alcatel.com.au> <000e01c5f410$2de67820$1300110a@pooptop> <20051130144343.od5die60gsw4k0k0@netchild.homeip.net> <20051130181530.GE32006@cirb503493.alcatel.com.au> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-security@freebsd.org, Kurt Seifried , Alexander Leidinger Subject: Re: Reflections on Trusting Trust X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Dec 2005 12:29:56 -0000 On Thu, 1 Dec 2005, Peter Jeremy wrote: >> But this assumes the signer trusts the FreeBSD.org security: > > If you don't trust the FreeBSD Project you wouldn't run FreeBSD. > >> Without ssh access there's no way to insert a key into the CVS >> repository. > > Assuming no security holes in the infrastructure... How can I tell that > my private copy of the FreeBSD Project's CVS repository is the same as > the one on whatever.FreeBSD.org? I think this is actually the real core of the issue: what we want is improved confidence of safe delivery in the presence of limited attackers on the wire. That is, we would like to be able to tell the user that, yes, if they managed to get a first FreeBSD ISO in some uncorrupted form (from a trusted vendor, or even from an initially insecure download, which is what 99% will be), from then on they will get source updates generated using keying material that matches something on that ISO, only packages that generated using keying material that matches something on that ISO, etc. I agree with the basic concept that, despite the infrastructural complexities and desire to avoid promising more than we can really provide, that there are incremental transport and packaging improvements we can make that will provide for safer delivery of our parts to the user. Whether it's using portsnap's signature mechanism, signatures on packages, an https download option for pulling down updates, SSL wrappings for cvsup, or whatever, it seems like we can do better. If we do go down the route of things like https, X509, and all that I think we should be very careful to distinguish the CERT chain and roots used for our own purposes, and for normal SSL use, such that if our update chain or package chain is compromised, it doesn't mean a FreeBSD user is immediately vulnerable to more general SSL attacks against other entities (ie., www.mybank.com). Robert N M Watson From owner-freebsd-security@FreeBSD.ORG Thu Dec 1 07:48:01 2005 Return-Path: X-Original-To: freebsd-security@FreeBSD.org Delivered-To: freebsd-security@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3670A16A41F for ; Thu, 1 Dec 2005 07:48:01 +0000 (GMT) (envelope-from netchild@FreeBSD.org) Received: from www.ebusiness-leidinger.de (jojo.ms-net.de [84.16.236.246]) by mx1.FreeBSD.org (Postfix) with ESMTP id 276A843D5A for ; Thu, 1 Dec 2005 07:47:59 +0000 (GMT) (envelope-from netchild@FreeBSD.org) Received: from Andro-Beta.Leidinger.net (p54A5F67A.dip.t-dialin.net [84.165.246.122]) (authenticated bits=0) by www.ebusiness-leidinger.de (8.13.1/8.13.1) with ESMTP id jB17LFUf021585; Thu, 1 Dec 2005 08:21:16 +0100 (CET) (envelope-from netchild@FreeBSD.org) Received: from localhost (localhost [127.0.0.1]) by Andro-Beta.Leidinger.net (8.13.3/8.13.3) with ESMTP id jB17luVZ061144; Thu, 1 Dec 2005 08:47:56 +0100 (CET) (envelope-from netchild@FreeBSD.org) Received: from pslux.cec.eu.int (pslux.cec.eu.int [158.169.9.14]) by webmail.leidinger.net (Horde MIME library) with HTTP; Thu, 01 Dec 2005 08:47:56 +0100 Message-ID: <20051201084756.rtmyuy7uvqoo44ck@netchild.homeip.net> X-Priority: 3 (Normal) Date: Thu, 01 Dec 2005 08:47:56 +0100 From: Alexander Leidinger To: Peter Jeremy References: <20051127182116.GA30426@cirb503493.alcatel.com.au> <000e01c5f410$2de67820$1300110a@pooptop> <20051130144343.od5die60gsw4k0k0@netchild.homeip.net> <20051130181530.GE32006@cirb503493.alcatel.com.au> <20051130194250.255d2e18@Magellan.Leidinger.net> <20051201061530.GG32006@cirb503493.alcatel.com.au> In-Reply-To: <20051201061530.GG32006@cirb503493.alcatel.com.au> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: 7bit User-Agent: Internet Messaging Program (IMP) H3 (4.0.3) / FreeBSD-4.11 X-Virus-Scanned: by amavisd-new X-Mailman-Approved-At: Thu, 01 Dec 2005 12:42:21 +0000 Cc: freebsd-security@FreeBSD.org Subject: Re: Reflections on Trusting Trust X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Dec 2005 07:48:01 -0000 Peter Jeremy wrote: > On Wed, 2005-Nov-30 19:42:50 +0100, Alexander Leidinger wrote: >> But if you get the same *wrong* data (for the PGP keys it's >> relatively easy to verify) from several locations (cvsup*.FreeBSD.org + >> cvsweb.freebsd.org + www.freebsd.org, don't forget to check if they >> point to a reasonable amount of different IP's; > > Keep in mind that for most people these addresses will all go through > a single ISP. You need to to check several locations via several > different paths (eg home and work or maybe cross-check with a friend > who uses a different ISP). Yes. >> the printed handbook >> and the handbook on the release CDs), then you have other things to >> worry about... > > I agree that if Agent Smith is out to get you then you have problems. > >> Assuming enough resources: ATM only by downloading all and diffing >> them. If they all match, you are either busted already since the >> attacker controls too much, or you can say the probability is high >> enough that you got a copy of the original repository. > > This is non-trivial because the repository is not static and CVS > doesn't store transaction logs that would allow you to reproduce the > repository state at a point in time. I didn't sayd it's easy. And you need a little bit of knowledge. But then you "just" need to "diff -ru" and review the differences. This is not a "true/false" test, so you need to do an amount of work and understand the results. I agree that this can be improved, but if you need this confidence *now*: it's not that hard, just time consuming (depending on the amount of data you want to verify, and at least for the pgp keys it's easy, since this part of the repository doesn't change that often). Bye, Alexander. -- http://www.Leidinger.net/ Alexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org/ netchild @ FreeBSD.org : PGP ID = 72077137 Look out! Behind you! From owner-freebsd-security@FreeBSD.ORG Fri Dec 2 00:46:10 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D614E16A41F for ; Fri, 2 Dec 2005 00:46:10 +0000 (GMT) (envelope-from trent.mcgrath@unix.net) Received: from smtpauth04.mail.atl.earthlink.net (smtpauth04.mail.atl.earthlink.net [209.86.89.64]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5269043D49 for ; Fri, 2 Dec 2005 00:46:10 +0000 (GMT) (envelope-from trent.mcgrath@unix.net) Received: from [24.233.181.65] (helo=[192.168.1.3]) by smtpauth04.mail.atl.earthlink.net with asmtp (Exim 4.34) id 1Ehz3e-00071M-4W; Thu, 01 Dec 2005 19:45:50 -0500 Message-ID: <438F990C.2090402@unix.net> Date: Thu, 01 Dec 2005 19:45:00 -0500 From: Trent McGrath User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915 X-Accept-Language: en-us, en, ja MIME-Version: 1.0 To: iwan@staff.usd.ac.id References: <52765.202.65.114.229.1133424317.squirrel@webmail.usd.ac.id> <438E7375.5030100@open-networks.net> <63365.202.65.114.229.1133440742.squirrel@webmail.usd.ac.id> In-Reply-To: <63365.202.65.114.229.1133440742.squirrel@webmail.usd.ac.id> Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------ms030909000609010906090601" X-ELNK-Trace: 364c4688019bdb4ee18d290b65f2f456239a348a220c2609bee5838141e84336bc9a484293f62b382601a10902912494350badd9bab72f9c350badd9bab72f9c X-Originating-IP: 24.233.181.65 Cc: freebsd-security@freebsd.org Subject: Re: exploiting kernel X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: trent.mcgrath@unix.net List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Dec 2005 00:46:11 -0000 This is a cryptographically signed message in MIME format. --------------ms030909000609010906090601 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit http://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/security.html /etc/rc.conf kern_securelevel_enable="YES" kern_securelevel="1" and chflags(1) http://www.freebsd.org/cgi/man.cgi?query=chflags&apropos=0&sektion=0&manpath=FreeBSD+5.4-RELEASE&format=html Thank You, Trent McGrath MIT PGP Key ID: 0xECCF4586 Key fingerprint: 9A 50 CC 42 80 04 84 C0 39 2B 4C F5 FE 99 F7 6B EC CF 45 86 iwan@staff.usd.ac.id wrote: > I'm sorry my english makes confuse, my email mean: > I need to know about kernel's freebsd exploiting to > securing my box. And I need to know how hackers do that > (and what kind of tools they used) either. > > Thanks. > > >>iwan@staff.usd.ac.id wrote: >> >> >>>Hi, >>>Can kernel's freeBSD exploited by tools hacking ? If >>>true, >>>can I know how to fix this problem, and what tools can do >>>that. >>> >>>Thanks alot >>> >>> >>> >>>_______________________________________________ >>>freebsd-security@freebsd.org mailing list >>>http://lists.freebsd.org/mailman/listinfo/freebsd-security >>>To unsubscribe, send any mail to >>>"freebsd-security-unsubscribe@freebsd.org" >>> >>> >>> >>> >> >>thats a bit like asking how long is a piece of string. >>the port chkrootkit can help tell you if a root kit has >>been installed >>on your system, thats all i can tell you with the >>information you gave. >> > > > > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > > --------------ms030909000609010906090601 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIPyjCC BMgwggQxoAMCAQICBAIAApswDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCVVMxGDAWBgNV BAoTD0dURSBDb3Jwb3JhdGlvbjEcMBoGA1UEAxMTR1RFIEN5YmVyVHJ1c3QgUm9vdDAeFw0w MjA4MjcxOTA3MDBaFw0wNjAyMjMyMzU5MDBaMIHcMQswCQYDVQQGEwJHQjEXMBUGA1UEChMO Q29tb2RvIExpbWl0ZWQxHTAbBgNVBAsTFENvbW9kbyBUcnVzdCBOZXR3b3JrMUYwRAYDVQQL Ez1UZXJtcyBhbmQgQ29uZGl0aW9ucyBvZiB1c2U6IGh0dHA6Ly93d3cuY29tb2RvLm5ldC9y ZXBvc2l0b3J5MR8wHQYDVQQLExYoYykyMDAyIENvbW9kbyBMaW1pdGVkMSwwKgYDVQQDEyND b21vZG8gQ2xhc3MgMyBTZWN1cml0eSBTZXJ2aWNlcyBDQTCCASIwDQYJKoZIhvcNAQEBBQAD ggEPADCCAQoCggEBALEeYGbgQwaeJ2gvApnHiN+F69tl7NRJZ3ouH83cFSzWHqzynUY6XQPA PQUsWhgNWSVCo3LArSjSrTwx4ksH+16Y66gz1mmyWp7qLEmmJi5M8MyrQNKq3ixOgbW6e7hc 0Hu9R/XABtLA5NdH22JAr6EcUQMY27jQu5THPHnqJWSuJhnhPGZHZ5Kde1WrNMJ1btknjp2M 8B3aa5yGBKKQteqdjM/7OUOo8BgtnvcZECycL+HQsf/XWcTNQDL514HbURzyQVKBQbGDuMgJ /pkiR4BPnMuu4CjVHKxwR7Alq6E4Qhdr+mpujV95+PYpAzCkbkbUhV2qQJk4dtseAX3lDKUC AwEAAaOCAacwggGjMEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHA6Ly93d3cucHVibGljLXRydXN0 LmNvbS9jZ2ktYmluL0NSTC8yMDA2L2NkcC5jcmwwHQYDVR0OBBYEFPZSIhcVEwgDWb8YlZ9I tLnp/vhmMIGSBgNVHSAEgYowgYcwSQYKKoZIhvhjAQIBBTA7MDkGCCsGAQUFBwIBFi1odHRw Oi8vd3d3LnB1YmxpYy10cnVzdC5jb20vQ1BTL09tbmlSb290Lmh0bWwwOgYMKwYBBAGyMQEC AQMBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vc2VjdXJlLmNvbW9kby5uZXQvQ1AwWAYDVR0j BFEwT6FJpEcwRTELMAkGA1UEBhMCVVMxGDAWBgNVBAoTD0dURSBDb3Jwb3JhdGlvbjEcMBoG A1UEAxMTR1RFIEN5YmVyVHJ1c3QgUm9vdIICAaMwKwYDVR0QBCQwIoAPMjAwMjA4MjcxOTA3 MzFagQ8yMDA1MDIyMzIzNTkwMFowDgYDVR0PAQH/BAQDAgHmMA8GA1UdEwQIMAYBAf8CAQAw DQYJKoZIhvcNAQEFBQADgYEAtqewenGL4LqzgR42MnqGGNbxq005CHEGWmegSwHlMEBtibWe Faqxx/QKxlwO6TfeqJfH3M7Ncft0AgfcXxUnCFMHdtS5BunCd1AeysmwwkaBgACtRKpc1iDZ VTK+Vpbx6r2g47wNgDrqzPuaV+14pTY9VurR53TKNMPPsVHp4AwwggV7MIIEY6ADAgECAhEA 4fWXKHr+0Yjq6hgMkNH0OzANBgkqhkiG9w0BAQUFADCB3DELMAkGA1UEBhMCR0IxFzAVBgNV BAoTDkNvbW9kbyBMaW1pdGVkMR0wGwYDVQQLExRDb21vZG8gVHJ1c3QgTmV0d29yazFGMEQG A1UECxM9VGVybXMgYW5kIENvbmRpdGlvbnMgb2YgdXNlOiBodHRwOi8vd3d3LmNvbW9kby5u ZXQvcmVwb3NpdG9yeTEfMB0GA1UECxMWKGMpMjAwMiBDb21vZG8gTGltaXRlZDEsMCoGA1UE AxMjQ29tb2RvIENsYXNzIDMgU2VjdXJpdHkgU2VydmljZXMgQ0EwHhcNMDUwMjEzMDAwMDAw WhcNMDYwMjEzMjM1OTU5WjCB3zE1MDMGA1UECxMsQ29tb2RvIFRydXN0IE5ldHdvcmsgLSBQ RVJTT05BIE5PVCBWQUxJREFURUQxRjBEBgNVBAsTPVRlcm1zIGFuZCBDb25kaXRpb25zIG9m IHVzZTogaHR0cDovL3d3dy5jb21vZG8ubmV0L3JlcG9zaXRvcnkxHzAdBgNVBAsTFihjKTIw MDMgQ29tb2RvIExpbWl0ZWQxFjAUBgNVBAMTDVRyZW50IE1jR3JhdGgxJTAjBgkqhkiG9w0B CQEWFnRyZW50Lm1jZ3JhdGhAdW5peC5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB AJ0gDi8LH2wIo6Za5C0fj7cMJ3La4UFpqNH7zNAuAv5b9LroouBIcYxoFE+zSL/o34X5sgso hMZ82xw4IX4Jo5r7HcPn41YGrtmRlsqdA40/jBSgU2ylvzJDCymRIiYd/Cd/EU6qaya6Q7zA mXmCdRldVgWfnemQ+Weqtcu+zovVAgMBAAGjggG1MIIBsTAfBgNVHSMEGDAWgBT2UiIXFRMI A1m/GJWfSLS56f74ZjAdBgNVHQ4EFgQUZETYY/elclyYG2QbS89wcjoTtdUwDgYDVR0PAQH/ BAQDAgWgMAwGA1UdEwEB/wQCMAAwIAYDVR0lBBkwFwYIKwYBBQUHAwQGCysGAQQBsjEBAwUC MEYGA1UdIAQ/MD0wOwYMKwYBBAGyMQECAQEBMCswKQYIKwYBBQUHAgEWHWh0dHBzOi8vc2Vj dXJlLmNvbW9kby5uZXQvQ1BTMIGwBgNVHR8EgagwgaUwOKA2oDSGMmh0dHA6Ly9jcmwuY29t b2RvLm5ldC9DbGFzczNTZWN1cml0eVNlcnZpY2VzXzIuY3JsMDqgOKA2hjRodHRwOi8vY3Js LmNvbW9kb2NhLmNvbS9DbGFzczNTZWN1cml0eVNlcnZpY2VzXzIuY3JsMC2gK6ApgSdDbGFz czNTZWN1cml0eVNlcnZpY2VzXzJAY3JsLmNvbW9kby5uZXQwEQYJYIZIAYb4QgEBBAQDAgUg MCEGA1UdEQQaMBiBFnRyZW50Lm1jZ3JhdGhAdW5peC5uZXQwDQYJKoZIhvcNAQEFBQADggEB AI7oJI5fzi+UIheBLE+o+NOXMpu6xdfIURbGBys2uP/uHFQ/ihM06WFUYMUnb4ZEDuTLXtdF l1vp2bGBkxNVgQ3an1QwxGNn1RhH+OmSVDXtiadUPW5LCaQy+qi/MJg6SG7HIoimi0+nLiWz GI417RLBxtLisUHfwfMnEFCi1KRE300QkT0MheM3molYX1V9aYApr6FS/XhEDZMQmzUKEb6O LYXZNHqIxGtb4+RL6IgiE/C/ZaP4xPI/GR/5K9M9DvwwErb18Vcc1yddoU+aMpKrP/eBbQmv HS3zrRmq6J7vknZNuhxVusCV+vcCljjhRzalAUDRC/EKWNXZe3StpEwwggV7MIIEY6ADAgEC AhEA4fWXKHr+0Yjq6hgMkNH0OzANBgkqhkiG9w0BAQUFADCB3DELMAkGA1UEBhMCR0IxFzAV BgNVBAoTDkNvbW9kbyBMaW1pdGVkMR0wGwYDVQQLExRDb21vZG8gVHJ1c3QgTmV0d29yazFG MEQGA1UECxM9VGVybXMgYW5kIENvbmRpdGlvbnMgb2YgdXNlOiBodHRwOi8vd3d3LmNvbW9k by5uZXQvcmVwb3NpdG9yeTEfMB0GA1UECxMWKGMpMjAwMiBDb21vZG8gTGltaXRlZDEsMCoG A1UEAxMjQ29tb2RvIENsYXNzIDMgU2VjdXJpdHkgU2VydmljZXMgQ0EwHhcNMDUwMjEzMDAw MDAwWhcNMDYwMjEzMjM1OTU5WjCB3zE1MDMGA1UECxMsQ29tb2RvIFRydXN0IE5ldHdvcmsg LSBQRVJTT05BIE5PVCBWQUxJREFURUQxRjBEBgNVBAsTPVRlcm1zIGFuZCBDb25kaXRpb25z IG9mIHVzZTogaHR0cDovL3d3dy5jb21vZG8ubmV0L3JlcG9zaXRvcnkxHzAdBgNVBAsTFihj KTIwMDMgQ29tb2RvIExpbWl0ZWQxFjAUBgNVBAMTDVRyZW50IE1jR3JhdGgxJTAjBgkqhkiG 9w0BCQEWFnRyZW50Lm1jZ3JhdGhAdW5peC5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ AoGBAJ0gDi8LH2wIo6Za5C0fj7cMJ3La4UFpqNH7zNAuAv5b9LroouBIcYxoFE+zSL/o34X5 sgsohMZ82xw4IX4Jo5r7HcPn41YGrtmRlsqdA40/jBSgU2ylvzJDCymRIiYd/Cd/EU6qaya6 Q7zAmXmCdRldVgWfnemQ+Weqtcu+zovVAgMBAAGjggG1MIIBsTAfBgNVHSMEGDAWgBT2UiIX FRMIA1m/GJWfSLS56f74ZjAdBgNVHQ4EFgQUZETYY/elclyYG2QbS89wcjoTtdUwDgYDVR0P AQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwIAYDVR0lBBkwFwYIKwYBBQUHAwQGCysGAQQBsjEB AwUCMEYGA1UdIAQ/MD0wOwYMKwYBBAGyMQECAQEBMCswKQYIKwYBBQUHAgEWHWh0dHBzOi8v c2VjdXJlLmNvbW9kby5uZXQvQ1BTMIGwBgNVHR8EgagwgaUwOKA2oDSGMmh0dHA6Ly9jcmwu Y29tb2RvLm5ldC9DbGFzczNTZWN1cml0eVNlcnZpY2VzXzIuY3JsMDqgOKA2hjRodHRwOi8v Y3JsLmNvbW9kb2NhLmNvbS9DbGFzczNTZWN1cml0eVNlcnZpY2VzXzIuY3JsMC2gK6ApgSdD bGFzczNTZWN1cml0eVNlcnZpY2VzXzJAY3JsLmNvbW9kby5uZXQwEQYJYIZIAYb4QgEBBAQD AgUgMCEGA1UdEQQaMBiBFnRyZW50Lm1jZ3JhdGhAdW5peC5uZXQwDQYJKoZIhvcNAQEFBQAD ggEBAI7oJI5fzi+UIheBLE+o+NOXMpu6xdfIURbGBys2uP/uHFQ/ihM06WFUYMUnb4ZEDuTL XtdFl1vp2bGBkxNVgQ3an1QwxGNn1RhH+OmSVDXtiadUPW5LCaQy+qi/MJg6SG7HIoimi0+n LiWzGI417RLBxtLisUHfwfMnEFCi1KRE300QkT0MheM3molYX1V9aYApr6FS/XhEDZMQmzUK Eb6OLYXZNHqIxGtb4+RL6IgiE/C/ZaP4xPI/GR/5K9M9DvwwErb18Vcc1yddoU+aMpKrP/eB bQmvHS3zrRmq6J7vknZNuhxVusCV+vcCljjhRzalAUDRC/EKWNXZe3StpEwxggReMIIEWgIB ATCB8jCB3DELMAkGA1UEBhMCR0IxFzAVBgNVBAoTDkNvbW9kbyBMaW1pdGVkMR0wGwYDVQQL ExRDb21vZG8gVHJ1c3QgTmV0d29yazFGMEQGA1UECxM9VGVybXMgYW5kIENvbmRpdGlvbnMg b2YgdXNlOiBodHRwOi8vd3d3LmNvbW9kby5uZXQvcmVwb3NpdG9yeTEfMB0GA1UECxMWKGMp MjAwMiBDb21vZG8gTGltaXRlZDEsMCoGA1UEAxMjQ29tb2RvIENsYXNzIDMgU2VjdXJpdHkg U2VydmljZXMgQ0ECEQDh9Zcoev7RiOrqGAyQ0fQ7MAkGBSsOAwIaBQCgggLBMBgGCSqGSIb3 DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTA1MTIwMjAwNDUwMFowIwYJKoZI hvcNAQkEMRYEFEm6Vf49qghaPoucsZWGH/op1fUvMFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZI hvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3 DQMCAgEoMIIBAwYJKwYBBAGCNxAEMYH1MIHyMIHcMQswCQYDVQQGEwJHQjEXMBUGA1UEChMO Q29tb2RvIExpbWl0ZWQxHTAbBgNVBAsTFENvbW9kbyBUcnVzdCBOZXR3b3JrMUYwRAYDVQQL Ez1UZXJtcyBhbmQgQ29uZGl0aW9ucyBvZiB1c2U6IGh0dHA6Ly93d3cuY29tb2RvLm5ldC9y ZXBvc2l0b3J5MR8wHQYDVQQLExYoYykyMDAyIENvbW9kbyBMaW1pdGVkMSwwKgYDVQQDEyND b21vZG8gQ2xhc3MgMyBTZWN1cml0eSBTZXJ2aWNlcyBDQQIRAOH1lyh6/tGI6uoYDJDR9Dsw ggEFBgsqhkiG9w0BCRACCzGB9aCB8jCB3DELMAkGA1UEBhMCR0IxFzAVBgNVBAoTDkNvbW9k byBMaW1pdGVkMR0wGwYDVQQLExRDb21vZG8gVHJ1c3QgTmV0d29yazFGMEQGA1UECxM9VGVy bXMgYW5kIENvbmRpdGlvbnMgb2YgdXNlOiBodHRwOi8vd3d3LmNvbW9kby5uZXQvcmVwb3Np dG9yeTEfMB0GA1UECxMWKGMpMjAwMiBDb21vZG8gTGltaXRlZDEsMCoGA1UEAxMjQ29tb2Rv IENsYXNzIDMgU2VjdXJpdHkgU2VydmljZXMgQ0ECEQDh9Zcoev7RiOrqGAyQ0fQ7MA0GCSqG SIb3DQEBAQUABIGAggnwcd7Q6PxR26YvZ0QW5mbCUl/U0YROJDCCjgmSBhuSXAgoAKLjqmaG IbFcpdWR7MDChfHVbKQnWsY5Yw+TvfbVxYo3zmXiMSWOJrS9JXkgsApoRVVUlz0O35ScJ0bK aDcCRBfdvjElw1GF40AAn+ixiqZIOS9L23Q9knGwtGUAAAAAAAA= --------------ms030909000609010906090601-- From owner-freebsd-security@FreeBSD.ORG Fri Dec 2 05:24:21 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1CCA516A41F for ; Fri, 2 Dec 2005 05:24:21 +0000 (GMT) (envelope-from dr2867@pacbell.net) Received: from smtp109.sbc.mail.mud.yahoo.com (smtp109.sbc.mail.mud.yahoo.com [68.142.198.208]) by mx1.FreeBSD.org (Postfix) with SMTP id 449B543D5C for ; Fri, 2 Dec 2005 05:24:18 +0000 (GMT) (envelope-from dr2867@pacbell.net) Received: (qmail 24467 invoked from network); 2 Dec 2005 05:24:17 -0000 Received: from unknown (HELO ?192.168.0.190?) (dr2867.business@pacbell.net@68.126.181.25 with plain) by smtp109.sbc.mail.mud.yahoo.com with SMTP; 2 Dec 2005 05:24:17 -0000 Message-ID: <438FDA92.4080306@pacbell.net> Date: Thu, 01 Dec 2005 21:24:34 -0800 From: Daniel Rudy User-Agent: Mozilla/5.0 (X11R6; UNIX; FreeBSD/i386 5.4-RELEASE-p7; en-US; ja-JP; rv:1.7.12) Gecko/20050915 MultiZilla/1.6.2.0c Mnenhy/0.7.2.0 X-Accept-Language: en-us, en, ja MIME-Version: 1.0 To: iwan@staff.usd.ac.id References: <52765.202.65.114.229.1133424317.squirrel@webmail.usd.ac.id> In-Reply-To: <52765.202.65.114.229.1133424317.squirrel@webmail.usd.ac.id> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: freebsd-security@freebsd.org Subject: Re: exploiting kernel X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Dec 2005 05:24:21 -0000 At about the time of 12/1/2005 12:05 AM, iwan@staff.usd.ac.id stated the following: > Hi, > Can kernel's freeBSD exploited by tools hacking ? If true, > can I know how to fix this problem, and what tools can do > that. > > Thanks alot > > > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > Absolutely. There is no such thing as bug proof software. All software has bugs or flaws in them. Generally, when a security related bug is discovered, the programmers fix the problem, then make a patch available by any one of several means. Then a security advisory is issued. As for the bug, it depends on the nature of the bug to determine how to exploit it. Unchecked buffers are suseptible to buffer overflow attacks, etc. It all depends on the nature of the code and any details that the programmer overlooked. Even well written software, when subjected to different types of abuse, will fail in unexpected and spetacular ways. Unfortunately, you cannot secure against future unknown security problems in software. The best that you can do it mitigate the risks of compromise as much as possible by using ACLs, chflags, securelevel, jails, and other security related features of the operating system. The other participents on this list have provided you with a number of resources to secure your system. I strongly suggest that you use them. Later. -- Daniel Rudy From owner-freebsd-security@FreeBSD.ORG Fri Dec 2 12:43:50 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E0EA916A422 for ; Fri, 2 Dec 2005 12:43:50 +0000 (GMT) (envelope-from pietro.cerutti@gmail.com) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.207]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6C36943D55 for ; Fri, 2 Dec 2005 12:43:50 +0000 (GMT) (envelope-from pietro.cerutti@gmail.com) Received: by wproxy.gmail.com with SMTP id i22so58694wra for ; Fri, 02 Dec 2005 04:43:49 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=MpbPzrdaNBSSnOiHmqH3NXDb/ZF7mHiAhZjWDAMBPySGhA/8MoS6Lc338TuyVHVv43TaEo0xVHFYxv/RV3/v5QC3UYxEi/vw0OwAng28s00Rw2jMkleYrfzBpPH/d5O3M+3UYijclwQH7HBlAQV30ESL5Q9/6613GKYgk23ppEY= Received: by 10.64.204.17 with SMTP id b17mr1426831qbg; Fri, 02 Dec 2005 04:43:49 -0800 (PST) Received: by 10.64.150.18 with HTTP; Fri, 2 Dec 2005 04:43:49 -0800 (PST) Message-ID: Date: Fri, 2 Dec 2005 13:43:49 +0100 From: Pietro Cerutti To: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Subject: acroread security problem X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Dec 2005 12:43:51 -0000 Dear all, I think there's a security problem with the acroread plugin for firefox. I'm using sysutils/pwsafe to manage my passwords. A feature of this tool is that it can copy the requested password to the X clipboard, allowing the user to paste it (eg. in a password box), never seeing the pass in clear. When I load a PDF document in Firefox, the acroread process lives on even after the PDF document is closed: $ pgrep acroread 17260 and reads anything I copy in the X clipboard. So when I use pwsafe to get a password, the pass is sent to the acroread process: $ pwsafe -p gmail Going to copy password to X selection Enter passphrase for /home/piter/.pwsafe.dat: [xxx] You are ready to paste the password for gmail from PRIMARY and CLIPBOARD Press any key when done Sending password for gmail to acroread@gahr via CLIPBOARD and this is done automatically. Note that I dind't touch any key after writing the main password of pwsafe (noted [xxx] in the code above). Can anyone explain this behaviour? Thank you very much, best regards. [list of ports installed] www/firefox: firefox-1.5,1 www/linuxpluginwrapper: linuxpluginwrapper-20050910 print/acroread7: acroread7-7.0.1 -- Pietro Cerutti Beansidhe - SwiSS Death / Thrash Metal Windows: "Where do you want to go today?" Linux: "Where do you want to go tomorrow?" FreeBSD: "Are you guys coming or what?" From owner-freebsd-security@FreeBSD.ORG Fri Dec 2 12:58:13 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DE40116A420 for ; Fri, 2 Dec 2005 12:58:13 +0000 (GMT) (envelope-from pietro.cerutti@gmail.com) Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.207]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5AB7F43D76 for ; Fri, 2 Dec 2005 12:58:11 +0000 (GMT) (envelope-from pietro.cerutti@gmail.com) Received: by zproxy.gmail.com with SMTP id i11so483935nzh for ; Fri, 02 Dec 2005 04:58:10 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=EcKWUofkWj5jW3TxPvFF+s0LVYTccb5PsUS8DL6cYdhIwjd1JlnWDmbRCgFqM/UXHI3NtRLT6TXQjDCUIdrHT0IGElVA0NpnvBgpJO6EEL0UH3FwIVBZwxIM41cvS7HiRVhXXWSuEosPg/HSwDLF/pWnUog7yJ6qZyFWseQPj9Y= Received: by 10.64.193.4 with SMTP id q4mr1449813qbf; Fri, 02 Dec 2005 04:58:10 -0800 (PST) Received: by 10.64.150.18 with HTTP; Fri, 2 Dec 2005 04:58:09 -0800 (PST) Message-ID: Date: Fri, 2 Dec 2005 13:58:09 +0100 From: Pietro Cerutti To: freebsd-security@freebsd.org In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: Subject: Fwd: acroread security problem X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Dec 2005 12:58:14 -0000 Sorry guys, the problem is the same with acroread standalone, not only with the plugin! Thanx, best regards.. ---------- Forwarded message ---------- From: Pietro Cerutti Date: 2-dic-2005 13.43 Subject: acroread security problem To: freebsd-security@freebsd.org Dear all, I think there's a security problem with the acroread plugin for firefox. I'm using sysutils/pwsafe to manage my passwords. A feature of this tool is that it can copy the requested password to the X clipboard, allowing the user to paste it (eg. in a password box), never seeing the pass in clear. When I load a PDF document in Firefox, the acroread process lives on even after the PDF document is closed: $ pgrep acroread 17260 and reads anything I copy in the X clipboard. So when I use pwsafe to get a password, the pass is sent to the acroread process: $ pwsafe -p gmail Going to copy password to X selection Enter passphrase for /home/piter/.pwsafe.dat: [xxx] You are ready to paste the password for gmail from PRIMARY and CLIPBOARD Press any key when done Sending password for gmail to acroread@gahr via CLIPBOARD and this is done automatically. Note that I dind't touch any key after writing the main password of pwsafe (noted [xxx] in the code above). Can anyone explain this behaviour? Thank you very much, best regards. [list of ports installed] www/firefox: firefox-1.5,1 www/linuxpluginwrapper: linuxpluginwrapper-20050910 print/acroread7: acroread7-7.0.1 -- Pietro Cerutti Beansidhe - SwiSS Death / Thrash Metal Windows: "Where do you want to go today?" Linux: "Where do you want to go tomorrow?" FreeBSD: "Are you guys coming or what?" -- Pietro Cerutti Beansidhe - SwiSS Death / Thrash Metal Windows: "Where do you want to go today?" Linux: "Where do you want to go tomorrow?" FreeBSD: "Are you guys coming or what?" From owner-freebsd-security@FreeBSD.ORG Sat Dec 3 00:15:00 2005 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 06E7916A41F for ; Sat, 3 Dec 2005 00:15:00 +0000 (GMT) (envelope-from iwan@staff.usd.ac.id) Received: from staff.usd.ac.id (staff.usd.ac.id [202.152.7.132]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9E41943D55 for ; Sat, 3 Dec 2005 00:14:58 +0000 (GMT) (envelope-from iwan@staff.usd.ac.id) Received: from webmail.usd.ac.id (webmail.usd.ac.id [202.152.7.139]) by staff.usd.ac.id (8.11.0/8.11.0) with ESMTP id jB30LYa21102 for ; Sat, 3 Dec 2005 07:21:35 +0700 Received: from 202.65.114.229 (proxying for 172.21.200.51) (SquirrelMail authenticated user iwan) by webmail.usd.ac.id with HTTP; Sat, 3 Dec 2005 07:29:24 -0000 (UTC) Message-ID: <65298.202.65.114.229.1133594964.squirrel@webmail.usd.ac.id> Date: Sat, 3 Dec 2005 07:29:24 -0000 (UTC) From: iwan@staff.usd.ac.id To: freebsd-security@freebsd.org User-Agent: SquirrelMail/1.4.5 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Subject: RE:exploting kernel --thanks X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 03 Dec 2005 00:15:00 -0000 Thanks to all of you who support me in this topic. regards, iwan