From owner-freebsd-security@FreeBSD.ORG Sat Oct 17 22:56:24 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 75B8C1065670 for ; Sat, 17 Oct 2009 22:56:24 +0000 (UTC) (envelope-from avalon@coombs.anu.edu.au) Received: from out1.smtp.messagingengine.com (out1.smtp.messagingengine.com [66.111.4.25]) by mx1.freebsd.org (Postfix) with ESMTP id 4DD998FC16 for ; Sat, 17 Oct 2009 22:56:23 +0000 (UTC) Received: from compute2.internal (compute2.internal [10.202.2.42]) by gateway1.messagingengine.com (Postfix) with ESMTP id 8A5EBABE18; Sat, 17 Oct 2009 18:36:51 -0400 (EDT) Received: from web6.messagingengine.com ([10.202.2.215]) by compute2.internal (MEProxy); Sat, 17 Oct 2009 18:36:51 -0400 Received: by web6.messagingengine.com (Postfix, from userid 99) id 4357899422; Sat, 17 Oct 2009 18:36:53 -0400 (EDT) Message-Id: <1255819013.8559.1340620221@webmail.messagingengine.com> X-Sasl-Enc: xyk8FF8KmAL9BGBV+1UucXzvpvx99jsczAY2kRtjCV6b 1255819013 From: "Darren Reed" To: "johnea" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii" X-Mailer: MessagingEngine.com Webmail Interface References: <21075_1254443471_4AC549CE_21075_106_1_4AC545C3.9020608@johnea.net> In-Reply-To: <21075_1254443471_4AC549CE_21075_106_1_4AC545C3.9020608@johnea.net> Date: Sun, 18 Oct 2009 00:36:53 +0200 X-Mailman-Approved-At: Sun, 18 Oct 2009 03:31:17 +0000 Cc: freebsd-security@freebsd.org Subject: Re: openssh concerns X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: avalon@coombs.anu.edu.au List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Oct 2009 22:56:24 -0000 If this hasn't been mentioned already, disable password logins in sshd_config and require RSA authentication only. I do this on all hosts I administer that are internet accessible and it allows me to confidently ignore all of the password guessing attacks, resulting in peace of mind. Darren RSAAuthentication yes PubkeyAuthentication yes PasswordAuthentication no ChallengeResponseAuthentication no From owner-freebsd-security@FreeBSD.ORG Sun Oct 18 12:36:27 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx2.freebsd.org (mx2.freebsd.org [IPv6:2001:4f8:fff6::35]) by hub.freebsd.org (Postfix) with ESMTP id 53E00106566C for ; Sun, 18 Oct 2009 12:36:27 +0000 (UTC) (envelope-from cperciva@freebsd.org) Received: from xps.daemonology.net (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx2.freebsd.org (Postfix) with SMTP id CE6AB14DD0B for ; Sun, 18 Oct 2009 12:36:26 +0000 (UTC) Received: (qmail 40176 invoked from network); 18 Oct 2009 12:36:26 -0000 Received: from unknown (HELO xps.daemonology.net) (127.0.0.1) by localhost with SMTP; 18 Oct 2009 12:36:26 -0000 Message-ID: <4ADB0BCA.8050904@freebsd.org> Date: Sun, 18 Oct 2009 05:36:26 -0700 From: FreeBSD Security Officer Organization: FreeBSD Project User-Agent: Thunderbird 2.0.0.23 (X11/20090919) MIME-Version: 1.0 To: freebsd security , FreeBSD Stable X-Enigmail-Version: 0.96.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: Subject: HEADS UP: FreeBSD 6.3 EoL coming soon X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: security-officer@freebsd.org List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Oct 2009 12:36:27 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all, On January 31st, FreeBSD 6.3 will reach its End of Life and will no longer be supported by the FreeBSD Security Team. Users of this release are strongly encouraged to upgrade to a newer release before that date -- more conservative users will probably wish to upgrade to FreeBSD 6.4 or FreeBSD 7.1 (which are both extended-support branches), while others will probably wish to upgrade to FreeBSD 7.2 or the upcoming FreeBSD 8.0. The freebsd-update(8) utility can be used to upgrade i386 and amd64 systems from 6.3-RELEASE (or 6.3-RELEASE-pX for some X) to 6.4-RELEASE using binary updates (i.e., without compiling from source) as described in the 6.4-RELEASE announcement; given an adequate internet connection, this process usually takes 15 minutes or less. The current supported branches and expected EoL dates are: +---------------------------------------------------------------------+ | Branch | Release | Type | Release date | Estimated EoL | |-----------+------------+--------+-----------------+-----------------| |RELENG_6 |n/a |n/a |n/a |November 30, 2010| |-----------+------------+--------+-----------------+-----------------| |RELENG_6_3 |6.3-RELEASE |Extended|January 18, 2008 |January 31, 2010 | |---------------------------------------------------------------------| |RELENG_6_4 |6.4-RELEASE |Extended|November 18, 2008|November 30, 2010| |---------------------------------------------------------------------| |RELENG_7 |n/a |n/a |n/a |last release + 2y| |-----------+------------+--------+-----------------+-----------------| |RELENG_7_1 |7.1-RELEASE |Extended|January 4, 2009 |January 31, 2011 | |-----------+------------+--------+-----------------+-----------------| |RELENG_7_2 |7.2-RELEASE |Normal |May 4, 2009 |May 31, 2010 | +---------------------------------------------------------------------+ When FreeBSD 8.0-RELEASE is released, it will receive "Normal" support, i.e., it will be supported for at least 12 months. - -- Colin Percival Security Officer, FreeBSD | freebsd.org | The power to serve Founder / author, Tarsnap | tarsnap.com | Online backups for the truly paranoid -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (FreeBSD) iEYEARECAAYFAkrbC8oACgkQFdaIBMps37KQOQCgmnXQGtI/hKlFCT+dKAXzGX90 gi4An0uC5y3SLNtrTxOvYD6HqpnrR99k =fl+f -----END PGP SIGNATURE----- From owner-freebsd-security@FreeBSD.ORG Sat Oct 24 18:28:49 2009 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7FA2A1065676; Sat, 24 Oct 2009 18:28:49 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) Received: from 0.mx.codelabs.ru (0.mx.codelabs.ru [144.206.177.45]) by mx1.freebsd.org (Postfix) with ESMTP id 287EC8FC1A; Sat, 24 Oct 2009 18:28:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=codelabs.ru; s=two; h=Date:From:To:Cc:Subject:Message-ID: Reply-To:References:MIME-Version:Content-Type:In-Reply-To: Sender; bh=LNfkm+WDFnC+JsT3PkXsito2XZ9FzUI4/kmL4A7DFK8=; b=ijC4O GfZTJJ8bOg4WluXBWDw1RlXrbIeYWmRRz6cksvXl/TYHiPdz2pUbqN3GGJsQljvF Z1wKwb1hedBvT7XzCMUM8c9YEY3yilOXy0ZuZad6fRvTa07iMyjBnQKe7cLPyaav aT14Jq5YahWel+5uVJ0zuqLtyZfLhhQ1ztBsnGtEUT/gppVCHCX7bqcB0T1DIdEf /OYC0FdbRdHpyUIXMpcayZB+gXz2IjvRNf6+/WEEEz2awZfCiwJhOaPSgkpfuE1u 2/Dwk0vzA68E0i6QaPYJxHlbh2xGSwu7terTY8Uqf0PhmTyku8CWpwkZszCnEbr0 cmZjKnm6+Wh3mANdA== Received: from void.codelabs.ru (void.codelabs.ru [144.206.177.25]) by 0.mx.codelabs.ru with esmtpsa (TLSv1:AES256-SHA:256) id 1N1lM7-000EOD-Kp; Sat, 24 Oct 2009 22:28:47 +0400 Date: Sat, 24 Oct 2009 22:28:45 +0400 From: Eygene Ryabinkin To: bug-followup@freebsd.org Message-ID: References: <48DE5CC0.9000708@localhost.inse.ru> <48DF6735.4030906@quip.cz> <4bESZpNwE3z/DdlE2fwK/BXzQSo@2MQ0uKCiT7mdMUuLeUzs8Nv3ToQ> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Sender: rea-fbsd@codelabs.ru Cc: freebsd-security@freebsd.org, simon@freebsd.org, miwi@freebsd.org Subject: Re: ports/126853: ports-mgmt/portaudit: speed up audit of installed packages X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: rea-fbsd@codelabs.ru List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 24 Oct 2009 18:28:49 -0000 Fri, May 01, 2009 at 10:42:21PM +0400, Eygene Ryabinkin wrote: > Gentlemen, good day. > > Just a reminder about this PR -- it is already a bit old. But it is > still viable and kicking on many machines of mine. I am seeing speedups > from 10x to 26x comparing to the plain portaudit. Since VuXML database > will only grow, this will be good to consider these patches and (likely) > integrate them into main trees. > > Could someone, please, look at the patches? I had uploaded slightly > modified patches to the old locations. Most of changes were cosmetic: > whitespace and so on. No real code was changed. Hmm, I am going to be a bit nasty this time -- the PR lies for 1.5 years and no one really looked at it. Though, Simon and Martin promised to do so. If you really don't want this patch to go in -- just say, I'll try to rework it to suit the project's needs. But for me it is rediculous that no one is really interested in speeding up the stuff: number of installed ports and number of VuXML entries will only grow and the patch provides great opportunity to keep things very fast for the vast amount of time. Sorry for a slightly harsh tone, but I am really disappointed with the handling of this PR. -- Eygene _ ___ _.--. # \`.|\..----...-'` `-._.-'_.-'` # Remember that it is hard / ' ` , __.--' # to read the on-line manual )/' _/ \ `-_, / # while single-stepping the kernel. `-'" `"\_ ,_.-;_.-\_ ', fsc/as # _.-'_./ {_.' ; / # -- FreeBSD Developers handbook {_.-``-' {_/ #