From owner-freebsd-security@FreeBSD.ORG Sun Mar 15 23:50:18 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 012D51065670 for ; Sun, 15 Mar 2009 23:50:18 +0000 (UTC) (envelope-from freebsd001@pc.jgr.de) Received: from pc.jgr.de (pc.jgr.de [194.233.111.194]) by mx1.freebsd.org (Postfix) with ESMTP id 60A1C8FC14 for ; Sun, 15 Mar 2009 23:50:16 +0000 (UTC) (envelope-from freebsd001@pc.jgr.de) Received: from pc.jgr.de (localhost [127.0.0.1]) by pc.jgr.de (8.13.6/8.13.6) with ESMTP id n2FNoHJ9006602 for ; Mon, 16 Mar 2009 00:50:17 +0100 (CET) (envelope-from freebsd001@pc.jgr.de) Received: (from root@localhost) by pc.jgr.de (8.13.6/8.13.6/Submit) id n2FNoGnk006601 for freebsd-security@freebsd.org; Mon, 16 Mar 2009 00:50:16 +0100 (CET) (envelope-from freebsd001@pc.jgr.de) Date: Mon, 16 Mar 2009 00:50:16 +0100 (CET) From: freebsd001@pc.jgr.de Message-Id: <200903152350.n2FNoGnk006601@pc.jgr.de> To: Subject: Re: emacs installs a lot of 777 directories X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Mar 2009 23:50:18 -0000 March 16, 2009 Dear Giorgos, thank you for coming back to the emacs issue. I deinstalled emacs by means of pkg_delete -v -d, deleted by hand /usr/local/share/emacs to make sure that nothing is left, logged in as user "nutzer", and did su to root: > id uid=1006(nutzer) gid=1000(user) groups=1000(user),0(wheel) > su Password: >id uid=0(root) gid=0(wheel) groups=0(wheel),5(operator) > Then, I did cd to /usr/ports/editors/emacs and did make and make install. The result is as follows: >pwd /usr/local/share/emacs/22.3 >ll total 22 drwxrwxrwx 5 nutzer wheel 3072 Mar 15 23:52 etc drwxr-xr-x 4 nutzer wheel 512 Mar 15 23:53 leim drwxrwxrwx 20 nutzer wheel 13312 Mar 15 23:53 lisp drwxr-xr-x 2 root wheel 512 Mar 15 23:52 site-lisp > There are some rwx directories as originally mentioned in the thread, and several directories as well as the files in these directories are not owned by root, but by nutzer. If I log in as another user in the group wheel, do su, and repeat the procedure, the files are owned by the other user I log in. As I have only limited console access or find the console access inconvenient, I have installed many ports by logging in as a user in the group wheel and doing su to root. But only emacs related files are owned by somebody else than expected. With best regards Joachim Griesche freebsd001@pc.jgr.de From owner-freebsd-security@FreeBSD.ORG Sun Mar 15 20:16:48 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5B5881065672 for ; Sun, 15 Mar 2009 20:16:48 +0000 (UTC) (envelope-from keramida@freebsd.org) Received: from poseidon.ceid.upatras.gr (poseidon.ceid.upatras.gr [150.140.141.169]) by mx1.freebsd.org (Postfix) with ESMTP id C5F948FC0A for ; Sun, 15 Mar 2009 20:16:47 +0000 (UTC) (envelope-from keramida@freebsd.org) Received: from mail.ceid.upatras.gr (unknown [10.1.0.143]) by poseidon.ceid.upatras.gr (Postfix) with ESMTP id 4A897EB512E; Sun, 15 Mar 2009 21:54:47 +0200 (EET) Received: from localhost (europa.ceid.upatras.gr [127.0.0.1]) by mail.ceid.upatras.gr (Postfix) with ESMTP id 2E3504509B; Sun, 15 Mar 2009 21:54:47 +0200 (EET) X-Virus-Scanned: amavisd-new at ceid.upatras.gr Received: from mail.ceid.upatras.gr ([127.0.0.1]) by localhost (europa.ceid.upatras.gr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kvjMD0jxeiqn; Sun, 15 Mar 2009 21:54:47 +0200 (EET) Received: from kobe.laptop (adsl126-96.kln.forthnet.gr [77.49.245.96]) by mail.ceid.upatras.gr (Postfix) with ESMTP id D0C724503F; Sun, 15 Mar 2009 21:54:46 +0200 (EET) Received: from kobe.laptop (kobe.laptop [127.0.0.1]) by kobe.laptop (8.14.3/8.14.3) with ESMTP id n2FJsjQu071108; Sun, 15 Mar 2009 21:54:45 +0200 (EET) (envelope-from keramida@freebsd.org) Received: (from keramida@localhost) by kobe.laptop (8.14.3/8.14.3/Submit) id n2FJshOZ071107; Sun, 15 Mar 2009 21:54:43 +0200 (EET) (envelope-from keramida@freebsd.org) From: Giorgos Keramidas To: freebsd001@pc.jgr.de In-Reply-To: <200903062256.n26MuA2r085728@pc.jgr.de> (freebsd's message of "Fri, 6 Mar 2009 23:56:10 +0100 (CET)") Date: Sun, 15 Mar 2009 21:30:44 +0200 Message-ID: <87ljr61t3v.fsf@kobe.laptop> References: <200903062256.n26MuA2r085728@pc.jgr.de> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.0.91 (berkeley-unix) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha1; protocol="application/pgp-signature" X-Mailman-Approved-At: Mon, 16 Mar 2009 02:39:55 +0000 Cc: freebsd-security@freebsd.org Subject: Re: emacs installs a lot of 777 directories X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Mar 2009 20:16:48 -0000 --=-=-= On Fri, 6 Mar 2009 23:56:10 +0100 (CET), freebsd001@pc.jgr.de wrote: > Dear list members, > > I am not only wondering about the permissions of several emacs-related > directories as it has recently been mentioned in this thread, but also > about the ownership of several emacs-related files. This seems to be a local installation glitch. >>find . -not -user root | head -n 3 > ./emacs/22.3/etc > ./emacs/22.3/etc/GNUS-NEWS > ./emacs/22.3/etc/fr-drdref.ps > >>find . -not -user root | wc -l > 2643 % uname -vr 8.0-CURRENT FreeBSD 8.0-CURRENT #0: Fri Mar 13 16:39:47 EET 2009 build@kobe:/usr/obj/usr/src/sys/KOBE % pwd /usr/local/share % find . -not -user root -exec ls -ld {} + | head -3 -rw-rw-r-- 1 games games 0 Mar 14 19:06 ./games/glines.Large.scores -rw-rw-r-- 1 games games 0 Mar 14 19:06 ./games/glines.Medium.scores -rw-rw-r-- 1 games games 0 Mar 14 19:06 ./games/glines.Small.scores % find . -not -user root -a -not -user games -exec ls -ld {} + % So the only files that are not owned by root here are those owned by the `games' user. You have many hundreds of files owned by != root users. Who owns those files, and do yu remember how the relevant ports have been installed? --=-=-= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (FreeBSD) iEYEARECAAYFAkm9V2sACgkQ1g+UGjGGA7b+DgCfa27SHWngKM0Zc5bWLMt2Tk92 ZI8AnRRW9dMY9wEK0FxONod2/qSkFfin =LFMD -----END PGP SIGNATURE----- --=-=-=-- From owner-freebsd-security@FreeBSD.ORG Mon Mar 16 19:31:24 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1D1B61065672 for ; Mon, 16 Mar 2009 19:31:24 +0000 (UTC) (envelope-from ltning@anduin.net) Received: from mail.anduin.net (mail.anduin.net [213.225.74.249]) by mx1.freebsd.org (Postfix) with ESMTP id D224F8FC14 for ; Mon, 16 Mar 2009 19:31:23 +0000 (UTC) (envelope-from ltning@anduin.net) Received: from [212.62.248.148] (helo=[192.168.2.171]) by mail.anduin.net with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.69 (FreeBSD)) (envelope-from ) id 1LjIWu-000LCO-5A; Mon, 16 Mar 2009 20:31:20 +0100 Message-Id: <253C16FF-5287-4941-8DFB-AB07D57E3C90@anduin.net> From: =?ISO-8859-1?Q?Eirik_=D8verby?= To: freebsd001@pc.jgr.de In-Reply-To: <200903152350.n2FNoGnk006601@pc.jgr.de> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v931) Date: Mon, 16 Mar 2009 20:31:21 +0100 References: <200903152350.n2FNoGnk006601@pc.jgr.de> X-Mailer: Apple Mail (2.931) Cc: freebsd-security@freebsd.org Subject: Re: emacs installs a lot of 777 directories X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Mar 2009 19:31:24 -0000 On 16. mars. 2009, at 00.50, freebsd001@pc.jgr.de wrote: > March 16, 2009 > Dear Giorgos, > > thank you for coming back to the emacs issue. I deinstalled > emacs by means of pkg_delete -v -d, deleted by hand > /usr/local/share/emacs to make sure that nothing is left, > logged in as user "nutzer", and did su to root: > >> id > uid=1006(nutzer) gid=1000(user) groups=1000(user),0(wheel) >> su > Password: Try 'su -' instead of 'su'. There might be some environment issues; I've seen similar behavior when making that mistake myself. Not sure if it'll explain the 777, but the owner should be the correct one then. /Eirik > >> id > uid=0(root) gid=0(wheel) groups=0(wheel),5(operator) >> > > Then, I did cd to /usr/ports/editors/emacs and did make and > make install. The result is as follows: > >> pwd > /usr/local/share/emacs/22.3 >> ll > total 22 > drwxrwxrwx 5 nutzer wheel 3072 Mar 15 23:52 etc > drwxr-xr-x 4 nutzer wheel 512 Mar 15 23:53 leim > drwxrwxrwx 20 nutzer wheel 13312 Mar 15 23:53 lisp > drwxr-xr-x 2 root wheel 512 Mar 15 23:52 site-lisp >> > > There are some rwx directories as originally mentioned in > the thread, and several directories as well as the files in > these directories are not owned by root, but by nutzer. > > If I log in as another user in the group wheel, do su, and > repeat the procedure, the files are owned by the other user > I log in. > > As I have only limited console access or find the console > access inconvenient, I have installed many ports by logging > in as a user in the group wheel and doing su to root. But > only emacs related files are owned by somebody else than > expected. > > With best regards > Joachim Griesche > > freebsd001@pc.jgr.de > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org > " > From owner-freebsd-security@FreeBSD.ORG Tue Mar 17 17:02:27 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8934A106568E for ; Tue, 17 Mar 2009 17:02:27 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [65.122.17.42]) by mx1.freebsd.org (Postfix) with ESMTP id 62B478FC23 for ; Tue, 17 Mar 2009 17:02:27 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [65.122.17.41]) by cyrus.watson.org (Postfix) with ESMTPS id 1D5C046B03; Tue, 17 Mar 2009 13:02:27 -0400 (EDT) Date: Tue, 17 Mar 2009 17:02:27 +0000 (GMT) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: =?ISO-8859-15?Q?Zahemszky_G=E1bor?= In-Reply-To: <20090307183701.4b42830e@Picasso.Zahemszky.HU> Message-ID: References: <20090307183701.4b42830e@Picasso.Zahemszky.HU> User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="621616949-854990551-1237309347=:72545" Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD and MAC X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Mar 2009 17:02:28 -0000 This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --621616949-854990551-1237309347=:72545 Content-Type: TEXT/PLAIN; charset=ISO-8859-2; format=flowed Content-Transfer-Encoding: 8BIT On Sat, 7 Mar 2009, Zahemszky Gábor wrote: > I have two simple questions about the Mandatory Access Control framework of > FreeBSD: > > a) what has happened with the SEBSD modul? When will be available (or will > it be at all) in the system (or can I find one for an up-to-date kernel: 7.x > or up)? > > b) when will be the "options MAC" in the GENERIC kernel, or why not? (I > think, more people can test the MAC-modules, if they don't need to config a > kernel for it.) Dear Gábor: Right now no one is maintaining the SEBSD module; this is unfortunate, but largely a property of people having enough time. If this is something you can contribute to (or anyone else who's interested) I'm happy to provide pointers and advice. Most of the MAC Framework dependencies for SEBSD were merged back into the base tree, but it would need quite a bit of adaptation to move forward to FreeBSD7/8. Also, SEBSD uses what are now quite old SELinux parts, so those would also need updating (although I guess that isn't required). Feel free to ask questions here, or on the trustedbsd-discuss mailing list. "options MAC" is believed to cause a significant performance loss on 7.x and earlier; we're currently working to address that with the hope of shipping "options MAC" in GENERIC starting with FreeBSD 8.0. I've not re-benchmarked in a few months but we've merged a number of improvements that should be getting us close. For example, whereas previously MAC automatically allocated memory to hold security labels for objects, now it only allocates memory when policies are registered that specifically require labels on those object types. On a similar note, the locking for the MAC Framework itself has been significantly optimized over the last few weeks to lower overhead, and there are more changes in the works. We'll probably pause and take stock sometime in the next month and see what performance regressions remain. Robert N M Watson Computer Laboratory University of Cambridge --621616949-854990551-1237309347=:72545-- From owner-freebsd-security@FreeBSD.ORG Tue Mar 17 19:15:34 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 95DA4106564A for ; Tue, 17 Mar 2009 19:15:34 +0000 (UTC) (envelope-from ipfreak@yahoo.com) Received: from web52105.mail.re2.yahoo.com (web52105.mail.re2.yahoo.com [206.190.48.108]) by mx1.freebsd.org (Postfix) with SMTP id BFBD88FC13 for ; Tue, 17 Mar 2009 19:15:33 +0000 (UTC) (envelope-from ipfreak@yahoo.com) Received: (qmail 5045 invoked by uid 60001); 17 Mar 2009 19:15:33 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1237317333; bh=zP4twluzHgTpx2pPOEQb2r13cIpMaxUtloJG0B3ueMo=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type; b=wQO/g2i8LBHtaDfXEO/9m2DonGCBR0wBS2/XgBUG0cTc6NE/bqbbqgGq7x0EtlMuriOGDYbVzSJyu+u/eI9JClE/e/csbh3Sz86Gx9j8YBv5JjuF+ns9r8F9uWnHDGCCMX83qkFyiyS7ZWCkNHT3bUQ0c6yp/3Ec8cBLpF4buFo= DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type; b=ViZ+ALUA8bMNS51BkBDm/1RsZBD7Dcn9js491oKSnlxxr5bUFUqY8VL1apnps8N7ezi3mcAlK8gmSWGmPFEEAhtS6Vabwy0X/7LAIqOOyNs/Nx61QVLoNmmAdCiondsz1VZ+Bz2UQ79ZSs/wjRzsk2cB3Tzhv8jA+3upSPzLlho=; Message-ID: <25680.4880.qm@web52105.mail.re2.yahoo.com> X-YMail-OSG: 5lwLWmIVM1lPn8qb1vFMYWmOzYokLhsDFrA2TjXmEwd98kifTflvLvkwPlkfPmaHaQDILkca6.dwm.Uy_4Xnv7nkU8wGNIZuTa9yGNwGKYohpUnLrVyBzqjbQM6dhxpIrXRH05.kDZDOWyqdMuZqLBpcLv.tezMI_D7zy2XhsoqO5LjDVS7G98e.9hP1 Received: from [72.83.166.249] by web52105.mail.re2.yahoo.com via HTTP; Tue, 17 Mar 2009 12:15:32 PDT X-Mailer: YahooMailWebService/0.7.289.1 Date: Tue, 17 Mar 2009 12:15:32 -0700 (PDT) From: gahn To: freebsd security , freebsd general questions MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: Subject: ipfw and carp X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: ipfreak@yahoo.com List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Mar 2009 19:15:35 -0000 Hi all: Did any one use ipfw with CARP before? is there anything specific about ipfw configurations working with CARP? I have two servers and they configured with CARP. they are working fine except i can't turn on ipfw. I have the exact same configuration except ip addresses; those same rule sets of ipfw work on one server but not on another. Thanks all From owner-freebsd-security@FreeBSD.ORG Tue Mar 17 19:23:29 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C22D8106564A for ; Tue, 17 Mar 2009 19:23:29 +0000 (UTC) (envelope-from ipfreak@yahoo.com) Received: from web52107.mail.re2.yahoo.com (web52107.mail.re2.yahoo.com [206.190.48.110]) by mx1.freebsd.org (Postfix) with SMTP id E59CC8FC18 for ; Tue, 17 Mar 2009 19:23:28 +0000 (UTC) (envelope-from ipfreak@yahoo.com) Received: (qmail 76555 invoked by uid 60001); 17 Mar 2009 19:23:28 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1237317808; bh=DowQnrpyTv8a7ZTVPO+xDwsezBipKwvrmXqwfe4/ufM=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=39tzVsKkyStbbZFa+PamOlY8BaelxiDMcB5xHaaL2j+ZejxBLtKHou2gTT16+3wsHuGdh9+5kXhbTBWMR+t0SQm3kXi993mNGcjPzNBj3LULdP/0anfvcmw8c0xciLwjr4T5G2ZAleXkpkbDdrrwZKBa+xufHWqh/f6tYb6Rgb0= DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=T+KHEdRcC5NlK8kgCHFK5yIpS+3vc5AH0toeEvAy2+UgZKR/wsjtUgrMHvleDorS6bxYT/Alsz4dKaOEo05n/YtpcXA2PRYGJKvUszvAB5B5lRzGX6ebr10Fv64YIGTJsNVYaqRuwXyQK7dbBUYD+iffZewtZ5mziEV7iakszb8=; Message-ID: <303326.75880.qm@web52107.mail.re2.yahoo.com> X-YMail-OSG: dEsjYnAVM1lzRTOlkaoP4B2NQ0jVKHc4dXe.DAic7jLayTF1GD477RU5IrCAw.ADb2buhKBqKxe2QbLsg7WNxgMB2Icne488MUw3MAIyZjbHcwmpL0DKtzcwlgpZVPsqOBK8VgSCMZKd91o.eRokC7lp_57cTGTd2dpjbazeOEJKJKCavPFqgkT4baUNGKc.Qr_HsGyLYFSHJXsH07VCgsiGh.oQRy.K Received: from [72.83.166.249] by web52107.mail.re2.yahoo.com via HTTP; Tue, 17 Mar 2009 12:23:28 PDT X-Mailer: YahooMailWebService/0.7.289.1 Date: Tue, 17 Mar 2009 12:23:28 -0700 (PDT) From: gahn To: freebsd security , freebsd general questions In-Reply-To: <25680.4880.qm@web52105.mail.re2.yahoo.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: Subject: Re: ipfw and carp X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: ipfreak@yahoo.com List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Mar 2009 19:23:30 -0000 Sorry I meant the same rules I used on another machine (working fine) would not work for those machines with CARP activated. I didn't change anything except IP addresses. Also instead of physical interfaces, I put rules on carp interface. --- On Tue, 3/17/09, gahn wrote: > From: gahn > Subject: ipfw and carp > To: "freebsd security" , "freebsd general questions" > Date: Tuesday, March 17, 2009, 12:15 PM > Hi all: > > Did any one use ipfw with CARP before? is there anything > specific about ipfw configurations working with CARP? I have > two servers and they configured with CARP. they are working > fine except i can't turn on ipfw. > > I have the exact same configuration except ip addresses; > those same rule sets of ipfw work on one server but not on > another. > > Thanks all > > > > > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to > "freebsd-security-unsubscribe@freebsd.org" From owner-freebsd-security@FreeBSD.ORG Wed Mar 18 19:02:28 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 926141065677 for ; Wed, 18 Mar 2009 19:02:28 +0000 (UTC) (envelope-from gabriele.modena@gmail.com) Received: from mail-bw0-f164.google.com (mail-bw0-f164.google.com [209.85.218.164]) by mx1.freebsd.org (Postfix) with ESMTP id 1DA388FC12 for ; Wed, 18 Mar 2009 19:02:27 +0000 (UTC) (envelope-from gabriele.modena@gmail.com) Received: by bwz8 with SMTP id 8so182200bwz.43 for ; Wed, 18 Mar 2009 12:02:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=Z8Gm4/75Q9L0Dsm/gY8h1WBgQrkdUMaQUY9XfEj//XU=; b=fotYaLAXFE14FimQKNKWEIekyCcnTsgG9xGnHttzJOkTeqMTTAq01dM9KCwIKUDLmw sjLTiCZIdqHH8/XGWh/aDFErKS+hA8yGmjKZ6Z8DmEPXNRthx5CLnXRN45KrInQPOWEB p/ifUJJVzCwTojp9Ls1Hokr6lSSGhT1i+2Iqg= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=TcwlbElEwvvzxZRE6tKCcyGh4dD+sPRTsjTr3YRzrkXnGprQCz+D80D8GlA6iUjDHi 5E+ly/DIoH/KTP5z+8d/cC2F1Y8YGms5Xed6CGFyPniIDvlPmaYHwAGGvnowpjVCMRMy x5QAHLT6iZWdnS2XwwL9QLDhAznn8bPoZoOW8= MIME-Version: 1.0 Received: by 10.204.118.138 with SMTP id v10mr498024bkq.208.1237401075049; Wed, 18 Mar 2009 11:31:15 -0700 (PDT) In-Reply-To: References: <20090307183701.4b42830e@Picasso.Zahemszky.HU> Date: Wed, 18 Mar 2009 19:31:14 +0100 Message-ID: <1fe1d5d60903181131n73580c78r1045c376874f4470@mail.gmail.com> From: Gabriele Modena To: Robert Watson Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Mailman-Approved-At: Wed, 18 Mar 2009 20:45:56 +0000 Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD and MAC X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Mar 2009 19:02:29 -0000 2009/3/17 Robert Watson : Dear Robert; > Right now no one is maintaining the SEBSD module; this is unfortunate, bu= t > largely a property of people having enough time. =C2=A0If this is somethi= ng you > can contribute to (or anyone else who's interested) I'm happy to provide > pointers and advice. Could this be a valid Google Summer of Code project? I am about to write a proposal for this summer; my idea was related to semantic file systems (in a way to combine my interest in kernel hacking to my current research interest in information retrieval) and I am still reading background literature about that. If there is interest from the community, SEBSD/TrustedBSD would be another area I would like to work on. In the past I worked a bit (at a hobbyst level) with SELinux and I have a background in security and (linux) kernel hacking. In both cases I am interested in working on FreeBSD during the summer with or without a Google's grant. Thanks, kind regards. From owner-freebsd-security@FreeBSD.ORG Wed Mar 18 22:06:30 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C72ED106566C for ; Wed, 18 Mar 2009 22:06:30 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [65.122.17.42]) by mx1.freebsd.org (Postfix) with ESMTP id 97AC58FC12 for ; Wed, 18 Mar 2009 22:06:30 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [65.122.17.41]) by cyrus.watson.org (Postfix) with ESMTPS id DB3F246B49; Wed, 18 Mar 2009 18:06:29 -0400 (EDT) Date: Wed, 18 Mar 2009 22:06:29 +0000 (GMT) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: Gabriele Modena In-Reply-To: <1fe1d5d60903181131n73580c78r1045c376874f4470@mail.gmail.com> Message-ID: References: <20090307183701.4b42830e@Picasso.Zahemszky.HU> <1fe1d5d60903181131n73580c78r1045c376874f4470@mail.gmail.com> User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="621616949-101934716-1237413989=:99520" Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD and MAC X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 18 Mar 2009 22:06:40 -0000 This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --621616949-101934716-1237413989=:99520 Content-Type: TEXT/PLAIN; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8BIT On Wed, 18 Mar 2009, Gabriele Modena wrote: > 2009/3/17 Robert Watson : > >> Right now no one is maintaining the SEBSD module; this is unfortunate, but >> largely a property of people having enough time.  If this is something you >> can contribute to (or anyone else who's interested) I'm happy to provide >> pointers and advice. > > Could this be a valid Google Summer of Code project? > > I am about to write a proposal for this summer; my idea was related to > semantic file systems (in a way to combine my interest in kernel hacking to > my current research interest in information retrieval) and I am still > reading background literature about that. > > If there is interest from the community, SEBSD/TrustedBSD would be another > area I would like to work on. In the past I worked a bit (at a hobbyst > level) with SELinux and I have a background in security and (linux) kernel > hacking. > > In both cases I am interested in working on FreeBSD during the summer with > or without a Google's grant. Yes, I think this would be a good GSoC project, although it is quite large so I think you'd need to break it up into parts and plan not to complete all of them in one summer. I think the first step would be to slide the current SEBSD port forward to a newer FreeBSD version, then work towards updating the SEBSD parts from new Linux parts. It would also be worth chatting with NSA (et al) about whether non-GPL'd kernel parts are available. I know there's some on-going OpenSolaris porting work, and CDDL and GPL mix like water and oil, as I understand it, so there may be. I would be happy to lend technical advice to a project to do the above updates, and I suspect more hands would turn up once someone was clearly driving things forwards, GSoC project or not. The advice I'm giving all students, btw, is that if you're submitting a proposal based on one of our project ideas on the web page, consider submitting multiple proposals, as in previous years we've found ourselves having to pick just one of several promising students because they all picked the same idea and there was really room for only one instance of the project. Since you're talking about proposing ideas not on the list, that caution probably doesn't apply in the same way, but submitting multiple proposals (given enough time invested in each) likely will improve the chances that we can select you. Thanks, Robert N M Watson Computer Laboratory University of Cambridge --621616949-101934716-1237413989=:99520-- From owner-freebsd-security@FreeBSD.ORG Thu Mar 19 04:50:08 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 87EB1106564A for ; Thu, 19 Mar 2009 04:50:08 +0000 (UTC) (envelope-from keramida@ceid.upatras.gr) Received: from poseidon.ceid.upatras.gr (poseidon.ceid.upatras.gr [150.140.141.169]) by mx1.freebsd.org (Postfix) with ESMTP id 314028FC16 for ; Thu, 19 Mar 2009 04:50:08 +0000 (UTC) (envelope-from keramida@ceid.upatras.gr) Received: from mail.ceid.upatras.gr (unknown [10.1.0.143]) by poseidon.ceid.upatras.gr (Postfix) with ESMTP id 4626AEB5944; Thu, 19 Mar 2009 06:31:36 +0200 (EET) Received: from localhost (europa.ceid.upatras.gr [127.0.0.1]) by mail.ceid.upatras.gr (Postfix) with ESMTP id 3593C45088; Thu, 19 Mar 2009 06:31:36 +0200 (EET) X-Virus-Scanned: amavisd-new at ceid.upatras.gr Received: from mail.ceid.upatras.gr ([127.0.0.1]) by localhost (europa.ceid.upatras.gr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LaIHKs7IF2CT; Thu, 19 Mar 2009 06:31:36 +0200 (EET) Received: from kobe.laptop (adsl126-96.kln.forthnet.gr [77.49.245.96]) by mail.ceid.upatras.gr (Postfix) with ESMTP id E1DEF4503F; Thu, 19 Mar 2009 06:31:35 +0200 (EET) Received: from kobe.laptop (kobe.laptop [127.0.0.1]) by kobe.laptop (8.14.3/8.14.3) with ESMTP id n2J4VYW4017667; Thu, 19 Mar 2009 06:31:34 +0200 (EET) (envelope-from keramida@ceid.upatras.gr) Received: (from keramida@localhost) by kobe.laptop (8.14.3/8.14.3/Submit) id n2J4VXLE017666; Thu, 19 Mar 2009 06:31:33 +0200 (EET) (envelope-from keramida@ceid.upatras.gr) From: Giorgos Keramidas To: Eirik =?iso-8859-1?Q?=D8verby?= References: <200903152350.n2FNoGnk006601@pc.jgr.de> <253C16FF-5287-4941-8DFB-AB07D57E3C90@anduin.net> Date: Thu, 19 Mar 2009 06:31:32 +0200 In-Reply-To: <253C16FF-5287-4941-8DFB-AB07D57E3C90@anduin.net> ("Eirik =?iso-8859-1?Q?=D8verby=22's?= message of "Mon, 16 Mar 2009 20:31:21 +0100") Message-ID: <871vsub0bf.fsf@kobe.laptop> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.0.91 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Cc: freebsd001@pc.jgr.de, freebsd-security@freebsd.org Subject: Re: emacs installs a lot of 777 directories X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Mar 2009 04:50:08 -0000 On Mon, 16 Mar 2009 20:31:21 +0100, Eirik =D8verby wrot= e: > On 16. mars. 2009, at 00.50, freebsd001@pc.jgr.de wrote: >> Dear Giorgos, >> thank you for coming back to the emacs issue. I deinstalled >> emacs by means of pkg_delete -v -d, deleted by hand >> /usr/local/share/emacs to make sure that nothing is left, >> logged in as user "nutzer", and did su to root: >> >>> id >> uid=3D1006(nutzer) gid=3D1000(user) groups=3D1000(user),0(wheel) >>> su >> Password: > > Try 'su -' instead of 'su'. > There might be some environment issues; I've seen similar behavior > when making that mistake myself. This is correct. `su -' should be preferred when installing stuff :) From owner-freebsd-security@FreeBSD.ORG Thu Mar 19 10:45:11 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3944C106564A for ; Thu, 19 Mar 2009 10:45:11 +0000 (UTC) (envelope-from ntarmos@cs.uoi.gr) Received: from gaia.cs.uoi.gr (gaia.cs.uoi.gr [195.130.121.201]) by mx1.freebsd.org (Postfix) with ESMTP id A471F8FC1B for ; Thu, 19 Mar 2009 10:45:10 +0000 (UTC) (envelope-from ntarmos@cs.uoi.gr) Received: from zeus.cs.uoi.gr (zeus.cs.uoi.gr [195.130.121.11]) by gaia.cs.uoi.gr (8.14.1/8.14.1) with ESMTP id n2JAQB3X064786 for ; Thu, 19 Mar 2009 12:26:16 +0200 (EET) (envelope-from ntarmos@cs.uoi.gr) Received: from zeus.cs.uoi.gr (localhost [127.0.0.1]) by zeus.cs.uoi.gr (8.13.5/8.13.5) with ESMTP id n2JAQ6pd015676 for ; Thu, 19 Mar 2009 12:26:11 +0200 (EET) Received: (from ntarmos@localhost) by zeus.cs.uoi.gr (8.13.5/8.13.5/Submit) id n2JAQ6JM015675 for freebsd-security@freebsd.org; Thu, 19 Mar 2009 12:26:06 +0200 (EET) X-Authentication-Warning: zeus.cs.uoi.gr: ntarmos set sender to ntarmos@cs.uoi.gr using -f Date: Thu, 19 Mar 2009 12:26:06 +0200 From: Nikos Ntarmos To: freebsd-security@freebsd.org Message-ID: <20090319102606.GA27912@ace.cs.uoi.gr> References: <200903062256.n26MuA2r085728@pc.jgr.de> <87ljr61t3v.fsf@kobe.laptop> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <87ljr61t3v.fsf@kobe.laptop> Organization: Computer Science Dept., U. of Ioannina, Greece WWW-Homepage: http://ntarmos.dyndns.org/ X-PGP-Fingerprint: 9680 60A7 DE60 0298 B1F0 9B22 9BA2 7569 CF95 160A Office-Phone: +30-26510-98866 GPS-Info: 39.617660N, 20.838790E User-Agent: Mutt/1.5.18 (2008-05-17) X-Virus-Scanned: ClamAV 0.91.2/9134/Thu Mar 19 04:56:25 2009 on gaia.cs.uoi.gr X-Virus-Status: Clean X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-3.0 (gaia.cs.uoi.gr [195.130.121.201]); Thu, 19 Mar 2009 12:26:16 +0200 (EET) X-Mailman-Approved-At: Thu, 19 Mar 2009 11:20:39 +0000 Subject: Re: emacs installs a lot of 777 directories X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Mar 2009 10:45:11 -0000 On Sun, Mar 15, 2009 at 09:30:44PM +0200, Giorgos Keramidas wrote: > On Fri, 6 Mar 2009 23:56:10 +0100 (CET), freebsd001@pc.jgr.de wrote: > > Dear list members, > > > > I am not only wondering about the permissions of several emacs-related > > directories as it has recently been mentioned in this thread, but also > > about the ownership of several emacs-related files. > > This seems to be a local installation glitch. > > >>find . -not -user root | head -n 3 > > ./emacs/22.3/etc > > ./emacs/22.3/etc/GNUS-NEWS > > ./emacs/22.3/etc/fr-drdref.ps > > > >>find . -not -user root | wc -l > > 2643 That's probably due to the fact that emacs uses something along the lines of 'tar -chf - ... | tar -xvf - ...' to copy the files, followed (in some cases) by a chown to $LOGNAME (or if that is not set, to $USERNAME). If you just 'su', LOGNAME remains set to what it was before (i.e. nutzer), while 'su -' will clear that out. Cheers. \n\n From owner-freebsd-security@FreeBSD.ORG Thu Mar 19 12:16:18 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CA6D2106564A for ; Thu, 19 Mar 2009 12:16:18 +0000 (UTC) (envelope-from keramida@ceid.upatras.gr) Received: from poseidon.ceid.upatras.gr (poseidon.ceid.upatras.gr [150.140.141.169]) by mx1.freebsd.org (Postfix) with ESMTP id 402FA8FC08 for ; Thu, 19 Mar 2009 12:16:18 +0000 (UTC) (envelope-from keramida@ceid.upatras.gr) Received: from mail.ceid.upatras.gr (unknown [10.1.0.143]) by poseidon.ceid.upatras.gr (Postfix) with ESMTP id 4D2A0EB55D3; Thu, 19 Mar 2009 14:16:17 +0200 (EET) Received: from localhost (europa.ceid.upatras.gr [127.0.0.1]) by mail.ceid.upatras.gr (Postfix) with ESMTP id 37D7045088; Thu, 19 Mar 2009 14:16:17 +0200 (EET) X-Virus-Scanned: amavisd-new at ceid.upatras.gr Received: from mail.ceid.upatras.gr ([127.0.0.1]) by localhost (europa.ceid.upatras.gr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RR8C5cSs4K7c; Thu, 19 Mar 2009 14:16:17 +0200 (EET) Received: from kobe.laptop (adsl126-96.kln.forthnet.gr [77.49.245.96]) by mail.ceid.upatras.gr (Postfix) with ESMTP id D28EB4503F; Thu, 19 Mar 2009 14:16:16 +0200 (EET) Received: from kobe.laptop (kobe.laptop [127.0.0.1]) by kobe.laptop (8.14.3/8.14.3) with ESMTP id n2JCGGT4030673; Thu, 19 Mar 2009 14:16:16 +0200 (EET) (envelope-from keramida@ceid.upatras.gr) Received: (from keramida@localhost) by kobe.laptop (8.14.3/8.14.3/Submit) id n2JCGFLx030670; Thu, 19 Mar 2009 14:16:15 +0200 (EET) (envelope-from keramida@ceid.upatras.gr) From: Giorgos Keramidas To: Nikos Ntarmos References: <200903062256.n26MuA2r085728@pc.jgr.de> <87ljr61t3v.fsf@kobe.laptop> <20090319102606.GA27912@ace.cs.uoi.gr> Date: Thu, 19 Mar 2009 14:16:04 +0200 In-Reply-To: <20090319102606.GA27912@ace.cs.uoi.gr> (Nikos Ntarmos's message of "Thu, 19 Mar 2009 12:26:06 +0200") Message-ID: <87eiwtwvwb.fsf@kobe.laptop> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.0.91 (berkeley-unix) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha1; protocol="application/pgp-signature" Cc: freebsd-security@freebsd.org Subject: Re: emacs installs a lot of 777 directories X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Mar 2009 12:16:19 -0000 --=-=-= On Thu, 19 Mar 2009 12:26:06 +0200, Nikos Ntarmos wrote: >On Sun, Mar 15, 2009 at 09:30:44PM +0200, Giorgos Keramidas wrote: >>On Fri, 6 Mar 2009 23:56:10 +0100 (CET), freebsd001@pc.jgr.de wrote: >>> Dear list members, >>> >>> I am not only wondering about the permissions of several emacs-related >>> directories as it has recently been mentioned in this thread, but also >>> about the ownership of several emacs-related files. >> >> This seems to be a local installation glitch. >> >>>>find . -not -user root | head -n 3 >>> ./emacs/22.3/etc >>> ./emacs/22.3/etc/GNUS-NEWS >>> ./emacs/22.3/etc/fr-drdref.ps >>> >>>>find . -not -user root | wc -l >>> 2643 > > That's probably due to the fact that emacs uses something along the > lines of 'tar -chf - ... | tar -xvf - ...' to copy the files, followed > (in some cases) by a chown to $LOGNAME (or if that is not set, to > $USERNAME). If you just 'su', LOGNAME remains set to what it was > before (i.e. nutzer), while 'su -' will clear that out. Yep, that's exactly what the Emacs build glue does. One of the directories mentioned in the permission listings of the thread includes `leim/'. The source of `emacs/leim/Makefile.in' installs files with tar and chown: 240 tar -chf - quail/* ja-dic \ 241 | (cd ${INSTALLDIR}; umask 0; tar -xvf - && cat > /dev/null) ;\ ... 264 find ${INSTALLDIR} -exec chown $${installuser} '{}' ';' There are probably better ways to install a configurable list of files, i.e. by using a `manifest' of some sort and piping the list through xargs to ${INSTALLDIR} and ${INSTALLDATA} macros. This would require extensive changes to the vendor source though. It may be worth the effort if someone is interested to hack Emacs sources, so anyone interested in this sort of change to the GNU sources of Emacs should try taking this up with the `emacs-devel' mailing list. That's the right place to discuss potential improvements to Emacs sources, so that all the other platforms where Emacs works can benefit too :-) Having said that, fixing the makefiles of Emacs won't really solve the potential problems of *all* ports when plain `su' is used to install ports. So while it it a good idea for someone who wants to start hacking Emacs code, the general rule of "install only with `su -'" still applies for every other port in our tree. --=-=-= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (FreeBSD) iEYEARECAAYFAknCN48ACgkQ1g+UGjGGA7YSygCgjy5BqZZmsuMgJMKXfCDU+ZtU 4TYAnjdWcFPgWQYUUmNh1SYZabM4E81k =ETeL -----END PGP SIGNATURE----- --=-=-=-- From owner-freebsd-security@FreeBSD.ORG Thu Mar 19 15:14:37 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A0B8B106566B for ; Thu, 19 Mar 2009 15:14:37 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [220.233.188.227]) by mx1.freebsd.org (Postfix) with ESMTP id EE07B8FC15 for ; Thu, 19 Mar 2009 15:14:36 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from localhost (localhost [127.0.0.1]) by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id n2JEnTP1063932; Fri, 20 Mar 2009 01:49:30 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Fri, 20 Mar 2009 01:49:29 +1100 (EST) From: Ian Smith To: Giorgos Keramidas In-Reply-To: <871vsub0bf.fsf@kobe.laptop> Message-ID: <20090320013025.W95588@sola.nimnet.asn.au> References: <200903152350.n2FNoGnk006601@pc.jgr.de> <253C16FF-5287-4941-8DFB-AB07D57E3C90@anduin.net> <871vsub0bf.fsf@kobe.laptop> MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="0-1643226900-1237474169=:95588" Cc: freebsd001@pc.jgr.de, Eirik =?iso-8859-1?Q?=D8verby?= , freebsd-security@freebsd.org Subject: Re: emacs installs a lot of 777 directories X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Mar 2009 15:14:39 -0000 This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --0-1643226900-1237474169=:95588 Content-Type: TEXT/PLAIN; charset=iso-8859-1 Content-Transfer-Encoding: 8BIT On Thu, 19 Mar 2009, Giorgos Keramidas wrote: > On Mon, 16 Mar 2009 20:31:21 +0100, Eirik Øverby wrote: > > On 16. mars. 2009, at 00.50, freebsd001@pc.jgr.de wrote: > >> Dear Giorgos, > >> thank you for coming back to the emacs issue. I deinstalled > >> emacs by means of pkg_delete -v -d, deleted by hand > >> /usr/local/share/emacs to make sure that nothing is left, > >> logged in as user "nutzer", and did su to root: > >> > >>> id > >> uid=1006(nutzer) gid=1000(user) groups=1000(user),0(wheel) > >>> su > >> Password: > > > > Try 'su -' instead of 'su'. > > There might be some environment issues; I've seen similar behavior > > when making that mistake myself. > > This is correct. `su -' should be preferred when installing stuff :) Absolutely - but I can't find where it(7) actually says that? cheers, Ian --0-1643226900-1237474169=:95588-- From owner-freebsd-security@FreeBSD.ORG Thu Mar 19 15:36:29 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7B9F01065675 for ; Thu, 19 Mar 2009 15:36:29 +0000 (UTC) (envelope-from freebsd001@pc.jgr.de) Received: from mypc.dca.jgr.de (mypc.dca.jgr.de [195.177.53.42]) by mx1.freebsd.org (Postfix) with ESMTP id DF5248FC23 for ; Thu, 19 Mar 2009 15:36:28 +0000 (UTC) (envelope-from freebsd001@pc.jgr.de) Received: from mypc.dca.jgr.de (localhost [127.0.0.1]) by mypc.dca.jgr.de (8.13.6/8.13.6) with ESMTP id n2JFaSSI099575 for ; Thu, 19 Mar 2009 16:36:28 +0100 (CET) (envelope-from freebsd001@pc.jgr.de) Received: (from root@localhost) by mypc.dca.jgr.de (8.13.6/8.13.6/Submit) id n2JFYtME099569 for freebsd-security@freebsd.org; Thu, 19 Mar 2009 16:34:55 +0100 (CET) (envelope-from freebsd001@pc.jgr.de) Date: Thu, 19 Mar 2009 16:34:55 +0100 (CET) From: freebsd001@pc.jgr.de Message-Id: <200903191534.n2JFYtME099569@mypc.dca.jgr.de> To: Subject: Re: emacs installs a lot of 777 directories X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Mar 2009 15:36:29 -0000 March 19, 2009 Dear list members, thank you for the detailed explanation why I got a strange ownership of emacs related files. I am afraid that my question about ownership has moved the thread from permissions to ownership. I would like to remember that the question that was originally posted by Randy Bush in this thread was about 777 directories. These 777 directories also exist on my system - even after pkg_delete -v -d -a, rm -rvf /usr/local, and a fresh installation of emacs via make fetch-recursive, make, and make install in /usr/ports/editors/emacs (ports version FreeBSD: ports/UPDATING,v 1.790 2009/03/16 22:33:17 beat Exp). With best regards Joachim Griesche freebsd001@pc.jgr.de From owner-freebsd-security@FreeBSD.ORG Thu Mar 19 19:23:48 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 638521065675 for ; Thu, 19 Mar 2009 19:23:48 +0000 (UTC) (envelope-from keramida@freebsd.org) Received: from poseidon.ceid.upatras.gr (poseidon.ceid.upatras.gr [150.140.141.169]) by mx1.freebsd.org (Postfix) with ESMTP id 0A9228FC1E for ; Thu, 19 Mar 2009 19:23:47 +0000 (UTC) (envelope-from keramida@freebsd.org) Received: from mail.ceid.upatras.gr (unknown [10.1.0.143]) by poseidon.ceid.upatras.gr (Postfix) with ESMTP id 0A9B2EB5753; Thu, 19 Mar 2009 21:23:47 +0200 (EET) Received: from localhost (europa.ceid.upatras.gr [127.0.0.1]) by mail.ceid.upatras.gr (Postfix) with ESMTP id E2D1145088; Thu, 19 Mar 2009 21:23:46 +0200 (EET) X-Virus-Scanned: amavisd-new at ceid.upatras.gr Received: from mail.ceid.upatras.gr ([127.0.0.1]) by localhost (europa.ceid.upatras.gr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xinWZQ0el9eK; Thu, 19 Mar 2009 21:23:46 +0200 (EET) Received: from kobe.laptop (adsl38-146.kln.forthnet.gr [77.49.165.146]) by mail.ceid.upatras.gr (Postfix) with ESMTP id 8DF8C4503F; Thu, 19 Mar 2009 21:23:46 +0200 (EET) Received: from kobe.laptop (kobe.laptop [127.0.0.1]) by kobe.laptop (8.14.3/8.14.3) with ESMTP id n2JJNjhq017081; Thu, 19 Mar 2009 21:23:45 +0200 (EET) (envelope-from keramida@freebsd.org) Received: (from keramida@localhost) by kobe.laptop (8.14.3/8.14.3/Submit) id n2JJNgoU017080; Thu, 19 Mar 2009 21:23:42 +0200 (EET) (envelope-from keramida@freebsd.org) From: Giorgos Keramidas To: Ian Smith References: <200903152350.n2FNoGnk006601@pc.jgr.de> <253C16FF-5287-4941-8DFB-AB07D57E3C90@anduin.net> <871vsub0bf.fsf@kobe.laptop> <20090320013025.W95588@sola.nimnet.asn.au> Date: Thu, 19 Mar 2009 21:23:42 +0200 In-Reply-To: <20090320013025.W95588@sola.nimnet.asn.au> (Ian Smith's message of "Fri, 20 Mar 2009 01:49:29 +1100 (EST)") Message-ID: <87ab7hpb9d.fsf@kobe.laptop> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.0.91 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailman-Approved-At: Thu, 19 Mar 2009 19:35:32 +0000 Cc: freebsd001@pc.jgr.de, Eirik =?iso-8859-1?Q?=D8verby?= , freebsd-security@freebsd.org Subject: Re: emacs installs a lot of 777 directories X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Mar 2009 19:23:48 -0000 On Fri, 20 Mar 2009 01:49:29 +1100 (EST), Ian Smith wrote: >On Thu, 19 Mar 2009, Giorgos Keramidas wrote: >> This is correct. `su -' should be preferred when installing stuff :) > > Absolutely - but I can't find where it(7) actually says that? It's more or less a rite of passage for FreeBSD admins, like "don't run `rm -fr /' if you are unsure of what it does". For a better reason see the post by Nikos Ntarmos and my reply to that :-)