From owner-freebsd-security@freebsd.org Wed Jul 3 00:49:21 2019 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CE59815E26A2 for ; Wed, 3 Jul 2019 00:49:20 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 70C0B77F2B; Wed, 3 Jul 2019 00:49:20 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 945) id 5E6AF1A7C4; Wed, 3 Jul 2019 00:49:20 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-19:09.iconv Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20190703004920.5E6AF1A7C4@freefall.freebsd.org> Date: Wed, 3 Jul 2019 00:49:20 +0000 (UTC) X-Rspamd-Queue-Id: 70C0B77F2B X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.89 / 15.00]; local_wl_from(0.00)[freebsd.org]; NEURAL_HAM_MEDIUM(-0.98)[-0.983,0]; NEURAL_HAM_SHORT(-0.91)[-0.911,0]; ASN(0.00)[asn:11403, ipnet:96.47.64.0/20, country:US]; NEURAL_HAM_LONG(-1.00)[-0.999,0] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Jul 2019 00:49:21 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-19:09.iconv Security Advisory The FreeBSD Project Topic: iconv buffer overflow Category: core Module: libc Announced: 2019-07-02 Credits: Andrea Venturoli , NetFence Affects: All supported versions of FreeBSD. Corrected: 2019-07-03 00:01:38 UTC (stable/12, 12.0-STABLE) 2019-07-03 00:00:39 UTC (releng/12.0, 12.0-RELEASE-p7) 2019-07-03 00:03:14 UTC (stable/11, 11.3-PRERELEASE) 2019-07-03 00:00:39 UTC (releng/11.3, 11.3-RC3-p1) 2019-07-03 00:00:39 UTC (releng/11.2, 11.2-RELEASE-p11) CVE Name: CVE-2019-5600 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The iconv(3) API converts text data from one character encoding to another and is available as part of the standard C library (libc). II. Problem Description With certain inputs, iconv may write beyond the end of the output buffer. III. Impact Depending on the way in which iconv is used, an attacker may be able to create a denial of service, provoke incorrect program behavior, or induce a remote code execution. iconv is a libc library function and the nature of possible attacks will depend on the way in which iconv is used by applications or daemons. IV. Workaround No workaround is available. Stack canaries (-fstack-protector), which are enabled by default, provide a degreee of defense against code injection but not against denial of service. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Restart any potentially affected daemons. Perform one of the following: 1) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/SA-19:09/iconv.patch # fetch https://security.FreeBSD.org/patches/SA-19:09/iconv.patch.asc # gpg --verify iconv.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . Restart all daemons that use the library, or reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/12/ r349622 releng/12.0/ r349621 stable/11/ r349624 releng/11.3/ r349621 releng/11.2/ r349621 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl0b9WBfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n 5cK8qg//bXSYMJQUBC0POTT5zGXSAmXfKjxbCi4N67cfTrQkEvW672QX4Jw9smkK D3PwyQs8QWIwsXL69rRgKDFHhPplOmTkx1vaPrA3DckYliwNvLRV3I6G2bRnx3E3 DoAyDmBvFK5lJWa3WxbCpeJA69yZ/JbX1Yw6HsRLk74hGkfvlkruKkfxsNjXzaq4 0+d+ZYs/vRDmIW5/R/bYy1+iyDamyCMl2xXtlZBKrGe6lhj8Vi4/evJjipFtskc2 RnGKolNoZQc03pgX0QS2JZDb+ay23elkOCbhYPqGr1f++M95oOktX3epsJNSH++u pmJ72FNRsnZSVFxoX7o14eh4k6OGYIvGFSkXQ9VG1NV7PQO8VZAQk9gw264O/1Mi 2aW88e78GLallQOg32VM+Ybys9MamBHByiYRz+GXhh91gg9WPJK5Imt0ExUuukGn SS65SW1AhO72xC2eplbM0pQY0FNn8l+QA4XjhqNfW03gPSvPwbdYhbSDXm9bgV3W +VnW2R0tekgiD3glf9GwXMKizostS67jvpJyEDqvx3A1Dx3R2sJ27/6c5HDLpJss hrhEbqnJhudl10gQTdK9hkFg1LeqxFCYhsw0NDb7PgRWeu3MZcLP6pO3wy/aacfd OyGJWeqTzKZ4o596OyrTsYIa75MymN3/PkdfDYfRMU0GdAo+acQ= =ItWl -----END PGP SIGNATURE----- From owner-freebsd-security@freebsd.org Wed Jul 3 00:49:25 2019 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EF6C615E26D7 for ; Wed, 3 Jul 2019 00:49:24 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 91F2777F36; Wed, 3 Jul 2019 00:49:24 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 945) id 7EEE81A7D0; Wed, 3 Jul 2019 00:49:24 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-19:10.ufs Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20190703004924.7EEE81A7D0@freefall.freebsd.org> Date: Wed, 3 Jul 2019 00:49:24 +0000 (UTC) X-Rspamd-Queue-Id: 91F2777F36 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.89 / 15.00]; local_wl_from(0.00)[freebsd.org]; NEURAL_HAM_MEDIUM(-0.98)[-0.983,0]; NEURAL_HAM_SHORT(-0.91)[-0.911,0]; ASN(0.00)[asn:11403, ipnet:96.47.64.0/20, country:US]; NEURAL_HAM_LONG(-1.00)[-0.999,0] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Jul 2019 00:49:25 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-19:10.ufs Security Advisory The FreeBSD Project Topic: Kernel stack disclosure in UFS/FFS Category: core Module: Kernel Announced: 2019-07-02 Credits: David G. Lawrence Affects: All supported versions of FreeBSD. Corrected: 2019-05-10 23:45:16 UTC (stable/12, 12.0-STABLE) 2019-07-02 00:02:16 UTC (releng/12.0, 12.0-RELEASE-p7) 2019-05-10 23:46:42 UTC (stable/11, 11.2-STABLE) 2019-07-02 00:02:16 UTC (releng/11.2, 11.2-RELEASE-p11) CVE Name: CVE-2019-5601 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The Berkeley Fast File System (FFS) is an implementation of the UNIX File System (UFS) filesystem used by FreeBSD. II. Problem Description A bug causes up to three bytes of kernel stack memory to be written to disk as uninitialized directory entry padding. This data can be viewed by any user with read access to the directory. Additionally, a malicious user with write access to a directory can cause up to 254 bytes of kernel stack memory to be exposed. III. Impact Some amount of the kernel stack is disclosed and written out to the filesystem. IV. Workaround No workaround is available but systems not using UFS/FFS are not affected. V. Solution Special note: This update also adds the -z flag to fsck_ffs to have it scrub the leaked information in the name padding of existing directories. It only needs to be run once on each UFS/FFS filesystem after a patched kernel is installed and running. Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Perform one of the following: 1) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install Afterwards, reboot the system and run: # fsck -t ufs -f -p -T ufs:-z to clean up your existing filesystems. 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 12.x] # fetch https://security.FreeBSD.org/patches/SA-19:10/ufs.12.patch # fetch https://security.FreeBSD.org/patches/SA-19:10/ufs.12.patch.asc # gpg --verify ufs.12.patch.asc [FreeBSD 11.x] # fetch https://security.FreeBSD.org/patches/SA-19:10/ufs.11.patch # fetch https://security.FreeBSD.org/patches/SA-19:10/ufs.11.patch.asc # gpg --verify ufs.11.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system and run: # fsck -t ufs -f -p -T ufs:-z to clean up your existing filesystems. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/12/ r347474 releng/12.0/ r349623 stable/11/ r347475 releng/11.2/ r349623 - ------------------------------------------------------------------------- Note: This patch was applied to the stable/11 branch before the branch point for releng/11.3. As such, no patch is needed for any 11.3-BETA or -RC. To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl0b9WVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n 5cJgRhAAic+yb4boY5k2TotBe9xBBO2VEGwvcolARpvUg+78ya4RGh1d3FBH5R36 N6uEvaAclrRsPHnDSeCD3BVmQkWBzD5a7t+z+m5Siye+01mA4XjKycNDl9BXm7sT t01GP7TPBmaJZ45RPqT4M/iB1Ulud0kdKvi/apwDLbqJrbzcuxyBNs+wiQhbG2Ip 07REBqabnsL8dV2ysPtBlHd1nxyNyyF8EzkDUKYUWDnwPxzlrfrJAt+F7sneRrPf tL3UsN+qh3JThI39CjFWPllVRv412QCFBDmGXHdbm+mWrxIecX5pUEoLfQQLJ82x 03TOYbZpu4d4CvgeSEXl3VkbHl6F6u/ii8ls/7aUDNnZcHWamraP84aJpLBG2cUa ExDDL6K0x1LMhlGWxjGr0qp2ObdQ0sKTgQZ/RUmJO4pc4zuPc0yY3jOv4U+kP2G/ znHEVVRs8/X95OYA0fdvnG0rOdcKGdqKEDxeTvFhyvxM372erT/dMz9flGnptA51 30eAwyKmzj5Mzpo5y/NARyGLRTfOB2F6++BFrlqbsKCXcyK1R5jtxu1TLaliPvA/ Aux8D4OQHIXIGk/sVQSJKOO4oH6U7S2aNtYTxaYHAJrtbC9udnyjVau2txlObEZr pCbd+a02Btid0bBRUSFYugl4XHtakTVvtu93Fa19wASYDnZJIUE= =uUz9 -----END PGP SIGNATURE----- From owner-freebsd-security@freebsd.org Wed Jul 3 00:49:28 2019 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C420915E271B for ; Wed, 3 Jul 2019 00:49:28 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 6C4CF77F44; Wed, 3 Jul 2019 00:49:28 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 945) id 576CA1A7DE; Wed, 3 Jul 2019 00:49:28 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-19:11.cd_ioctl Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20190703004928.576CA1A7DE@freefall.freebsd.org> Date: Wed, 3 Jul 2019 00:49:28 +0000 (UTC) X-Rspamd-Queue-Id: 6C4CF77F44 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.89 / 15.00]; local_wl_from(0.00)[freebsd.org]; NEURAL_HAM_MEDIUM(-0.98)[-0.983,0]; NEURAL_HAM_SHORT(-0.91)[-0.911,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]; NEURAL_HAM_LONG(-1.00)[-0.999,0] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Jul 2019 00:49:29 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-19:11.cd_ioctl Security Advisory The FreeBSD Project Topic: Privilege escalation in cd(4) driver Category: core Module: kernel Announced: 2019-07-02 Credits: Alex Fortune Affects: All supported versions of FreeBSD. Corrected: 2019-07-03 00:11:31 UTC (stable/12, 12.0-STABLE) 2019-07-02 00:03:55 UTC (releng/12.0, 12.0-RELEASE-p7) 2019-07-03 00:12:50 UTC (stable/11, 11.3-PRERELEASE) 2019-07-02 00:03:55 UTC (releng/11.3, 11.3-RC3-p1) 2019-07-02 00:03:55 UTC (releng/11.2, 11.2-RELEASE-p11) CVE Name: CVE-2019-5602 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The cd(4) driver implements a number of ioctls to permit low-level access to the media in the CD-ROM device. The Linux emulation layer provides a corresponding set of ioctls, some of which are implemented as wrappers of native cd(4) ioctls. These ioctls are available to users in the operator group, which gets read-only access to cd(4) devices by default. II. Problem Description To implement one particular ioctl, the Linux emulation code used a special interface present in the cd(4) driver which allows it to copy subchannel information directly to a kernel address. This interface was erroneously made accessible to userland, allowing users with read access to a cd(4) device to arbitrarily overwrite kernel memory when some media is present in the device. III. Impact A user in the operator group can make use of this interface to gain root privileges on a system with a cd(4) device when some media is present in the device. IV. Workaround devfs.conf(5) and devfs.rules(5) can be used to remove read permissions from cd(4) devices. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Perform one of the following: 1) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install Afterwards, reboot the system. 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 12.x] # fetch https://security.FreeBSD.org/patches/SA-19:11/cd_ioctl.12.patch # fetch https://security.FreeBSD.org/patches/SA-19:11/cd_ioctl.12.patch.asc # gpg --verify cd_ioctl.12.patch.asc [FreeBSD 11.x] # fetch https://security.FreeBSD.org/patches/SA-19:11/cd_ioctl.11.patch # fetch https://security.FreeBSD.org/patches/SA-19:11/cd_ioctl.11.patch.asc # gpg --verify cd_ioctl.11.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/12/ r349628 releng/12.0/ r349625 stable/11/ r349629 releng/11.3/ r349625 releng/11.2/ r349625 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl0b9WtfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n 5cK+nBAAqVz2kEviqpD6wTqwmDexacApQ8aRrnxUDA/PSU/ZStdU3/E3OHAEwMOr k3qNBbMYUO5alXyLfe9Gv2iP2eTD8QP6xafMiwvcMxS2aJe6ieRmRTLUbep0QBEN weIaafjvIlLElJTWb9Rr5CTUs6sSdq7Jc84dHPHSOQehhkCFydTdHCaYtvRS2tg1 YYyzMdTlT1VRCL3Rb6iHkqLG7JKX1fTLsPxXGqv/IjYAcDREZjVNhxjvcsQsMQxD 2tTBDVZZLJBOHshGg/kyCRB++d36JNED0kb7/lfohGBvZS6wtmbe9z3a1+S4MN9i sxNdLc4a/Qr3iP4SzgGf6YuD/BmXg/7HWZnBj220VncVHYjQThAZih0VDUSy9zBy EplpqcRYebzvAQkq63e2LE66rveX58L7KAzZDG2QJUrPDJAfxgdc1fslgm/+/Yck /lHVG8gxJNr+tpC80vKxssS7WhNUnd1zThKa2D5rrFnsWUR5da66mxJelUrq+vPT bhs/nHOzqqXpojh+j/8a6q8Wi2CDSGnJ9vtt0FZu7SG0/r7hlUAAuI0o9VJV/Uh4 CyJeVlJ65+4bUm+k9qFBxsmd7S08f1Z6UND8/1ffFOYm4POVJcRa1wUswYjXPfjp Sf0rZ5vCq8TG7EOcdMHqHBgAumx3gAXj+I73Lwm73vnP4jMoqmw= =Bc/8 -----END PGP SIGNATURE----- From owner-freebsd-security@freebsd.org Wed Jul 3 01:55:34 2019 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3FA6815E6F27 for ; Wed, 3 Jul 2019 01:55:34 +0000 (UTC) (envelope-from rfg@tristatelogic.com) Received: from outgoing.tristatelogic.com (segfault.tristatelogic.com [69.62.255.118]) by mx1.freebsd.org (Postfix) with ESMTP id DE43084B0F for ; Wed, 3 Jul 2019 01:55:32 +0000 (UTC) (envelope-from rfg@tristatelogic.com) Received: by segfault.tristatelogic.com (Postfix, from userid 1237) id 5F4FD4E70C; Tue, 2 Jul 2019 18:55:26 -0700 (PDT) From: "Ronald F. Guilmette" To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-19:11.cd_ioctl In-Reply-To: <20190703004928.576CA1A7DE@freefall.freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <12531.1562118926.1@segfault.tristatelogic.com> Date: Tue, 02 Jul 2019 18:55:26 -0700 Message-ID: <12532.1562118926@segfault.tristatelogic.com> X-Rspamd-Queue-Id: DE43084B0F X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; spf=pass (mx1.freebsd.org: domain of rfg@tristatelogic.com designates 69.62.255.118 as permitted sender) smtp.mailfrom=rfg@tristatelogic.com X-Spamd-Result: default: False [-6.09 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.996,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; DMARC_NA(0.00)[tristatelogic.com]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; IP_SCORE(-2.90)[ip: (-7.61), ipnet: 69.62.128.0/17(-3.81), asn: 14051(-3.02), country: US(-0.06)]; MX_GOOD(-0.01)[mx1.tristatelogic.com]; NEURAL_HAM_SHORT(-0.98)[-0.982,0]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:14051, ipnet:69.62.128.0/17, country:US]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Jul 2019 01:55:34 -0000 In message <20190703004928.576CA1A7DE@freefall.freebsd.org>, freebsd-security@freebsd.org wrote: >Topic: Privilege escalation in cd(4) driver >... >devfs.conf(5) and devfs.rules(5) can be used to remove read permissions from >cd(4) devices. Would it be accurate to say that another possible workaround would be to simply remove the optical drive from the system(s) entirely? (I dunno about anybody else, but I personally don't even hardly use the bloody things anymore anyway.) From owner-freebsd-security@freebsd.org Wed Jul 3 03:02:28 2019 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5236F15BE56C for ; Wed, 3 Jul 2019 03:02:28 +0000 (UTC) (envelope-from srs0=uqfc=va=lafn.org=bc979@sermon-archive.info) Received: from mail.sermon-archive.info (sermon-archive.info [71.177.216.148]) by mx1.freebsd.org (Postfix) with ESMTP id 65F6886C7E for ; Wed, 3 Jul 2019 03:02:27 +0000 (UTC) (envelope-from srs0=uqfc=va=lafn.org=bc979@sermon-archive.info) Received: from [192.168.1.144] (96-8-177-190.block0.gvtc.com [96.8.177.190]) by mail.sermon-archive.info (Postfix) with ESMTPSA id 45dm9k6mgvz2fjSb for ; Tue, 2 Jul 2019 20:02:18 -0700 (PDT) From: Doug Hardie Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (1.0) Date: Tue, 2 Jul 2019 22:02:18 -0500 Subject: Re: FreeBSD Security Advisory FreeBSD-SA-19:10.ufs Message-Id: References: <20190703004924.8A5411A7D5@freefall.freebsd.org> In-Reply-To: <20190703004924.8A5411A7D5@freefall.freebsd.org> To: freebsd-security@freebsd.org X-Mailer: iPad Mail (16F203) X-Virus-Scanned: clamav-milter 0.100.2 at mail X-Virus-Status: Clean X-Rspamd-Queue-Id: 65F6886C7E X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; spf=pass (mx1.freebsd.org: domain of srs0=uqfc=va=lafn.org=bc979@sermon-archive.info designates 71.177.216.148 as permitted sender) smtp.mailfrom=srs0=uqfc=va=lafn.org=bc979@sermon-archive.info X-Spamd-Result: default: False [-0.92 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-0.83)[-0.835,0]; FROM_HAS_DN(0.00)[]; MV_CASE(0.50)[]; R_SPF_ALLOW(-0.20)[+ip4:71.177.216.148]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-0.99)[-0.985,0]; IP_SCORE(-0.09)[asn: 5650(-0.39), country: US(-0.06)]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MX_GOOD(-0.01)[sermon-archive.info]; RCVD_IN_DNSWL_NONE(0.00)[148.216.177.71.list.dnswl.org : 127.0.10.0]; NEURAL_SPAM_SHORT(0.40)[0.400,0]; FORGED_SENDER(0.30)[bc979@lafn.org,srs0=uqfc=va=lafn.org=bc979@sermon-archive.info]; RCVD_NO_TLS_LAST(0.10)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:5650, ipnet:71.177.216.0/23, country:US]; FROM_NEQ_ENVFROM(0.00)[bc979@lafn.org,srs0=uqfc=va=lafn.org=bc979@sermon-archive.info]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-Mailman-Approved-At: Wed, 03 Jul 2019 10:04:42 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Jul 2019 03:02:28 -0000 >=20 > # freebsd-update fetch > # freebsd-update install >=20 > Afterwards, reboot the system and run: >=20 > # fsck -t ufs -f -p -T ufs:-z >=20 > to clean up your existing filesystems. After rebooting the system I get: master# fsck -t ufs -f -p -T ufs:-z /dev/ada0p2: NO WRITE ACCESS /dev/ada0p2: UNEXPECTED INCONSISTENCY; RUN fsck MANUALLY. Is this expected result or is there a problem here? =E2=80=94 Doug From owner-freebsd-security@freebsd.org Wed Jul 3 09:05:34 2019 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 54D7A15CCF4E; Wed, 3 Jul 2019 09:05:34 +0000 (UTC) (envelope-from grarpamp@gmail.com) Received: from mail-io1-xd43.google.com (mail-io1-xd43.google.com [IPv6:2607:f8b0:4864:20::d43]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 6981869E98; Wed, 3 Jul 2019 09:05:33 +0000 (UTC) (envelope-from grarpamp@gmail.com) Received: by mail-io1-xd43.google.com with SMTP id u13so3073500iop.0; Wed, 03 Jul 2019 02:05:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=oYV9irRwxmKAIylx4EvJWUJjALFORwe/s/SPbFyKwCk=; b=J1+qSzdFBFp7NOdXv84lUu6gVTVjYT1Q04WWQ6QdEgHO0/osX8LZykygFerVzKnKvq wmC+Rz2QJhgp6tqto1MJsk9o2qYsENTVEaNBJ9sRGvq3+ziQYz9Olz4tCWr4+rLrF3Ax BemcmJL6Ks4UHRoVA35Ej9/XvlbIAUPG6CH3+8PsZpqzXyEfnE0EZYt8o+ev2+bassZy 2y7RSToO7O4v6TmCBClgCCBpffXlvXYz6qwTvngIGcqwK1eMzu7Mi2GpdTdc3uhTzcNp 9eS9LX1IU5K320NryAeJ8tvUT0QywdbIadrnLC4iKZJzpI6Vnu85lmF5gjockBlDppsN w+ng== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=oYV9irRwxmKAIylx4EvJWUJjALFORwe/s/SPbFyKwCk=; b=T/IkDyVb9xPx6iWhLRNtojehsgrMOakUVvPTz0kFkIbOVD0aHYRCHLy/X160ZwX9zy 18pogLwiiD350uGMjeBFN2JLYFWPPJ0An2uDQI87EAPnRHV2F1u+SB4QtNWl0nU89/af QsY5NVSKt76HtqrMoyr1w1Y2yNj23l1YdMQugY5I9hrb2yVWeI9ULe4Xi3leiiWeqFPU ck7vGnqO5gsKAVgO/NG4+iGj7GWxBgxN8VEeXtieBdnrSEwUud22mjqQft6bh8KEEFEx U8naijXLBnBPmt11s/5VongoWc1zr433gyBrUVeOenO7xdNMm6In2/iB9x4YXDhfUXZm mXqw== X-Gm-Message-State: APjAAAUsr2fWE8EMpmb3iP6X9ZTTKy3tYHrtOxmLhqfn9HDBcNiOn93C PZu1E8Vd1t1xre19t7K0XGRaPLQ/DggM9f+jO0vcmbxi X-Google-Smtp-Source: APXvYqy2y7gSYoZ4cFbdpQ28vA/4w/T3uIggJujGxNH7tN7Hjn4H4m7Em+6F8JQCmuRY1KtXOSyujaRPGPv0MRJFkvo= X-Received: by 2002:a5d:9d58:: with SMTP id k24mr12033625iok.116.1562144732490; Wed, 03 Jul 2019 02:05:32 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a02:81c6:0:0:0:0:0 with HTTP; Wed, 3 Jul 2019 02:05:31 -0700 (PDT) In-Reply-To: References: <20190618235535.GY32970@gmail.com> From: grarpamp Date: Wed, 3 Jul 2019 05:05:31 -0400 Message-ID: Subject: Re: CVE-2019-5599 SACK Slowness (FreeBSD 12 using the RACK TCP Stack) To: freebsd-security@freebsd.org Cc: freebsd-questions@freebsd.org, jtl@freebsd.org, freebsd-core@freebsd.org, info@freebsdfoundation.org Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 6981869E98 X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=J1+qSzdF; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of grarpamp@gmail.com designates 2607:f8b0:4864:20::d43 as permitted sender) smtp.mailfrom=grarpamp@gmail.com X-Spamd-Result: default: False [-4.57 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.998,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; FREEMAIL_FROM(0.00)[gmail.com]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCPT_COUNT_FIVE(0.00)[5]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; RCVD_IN_DNSWL_NONE(0.00)[3.4.d.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; IP_SCORE(-0.79)[ip: (1.60), ipnet: 2607:f8b0::/32(-3.15), asn: 15169(-2.36), country: US(-0.06)]; NEURAL_HAM_SHORT(-0.77)[-0.771,0]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_TLS_LAST(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0] X-Mailman-Approved-At: Wed, 03 Jul 2019 10:15:25 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Jul 2019 09:05:34 -0000 On 6/24/19, grarpamp wrote: > On 6/18/19, grarpamp wrote: >> https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md >> As it is not in the current .md, when was the issue >> discovered by Netflix / Looney? > > One week has gone by, so asking again... This is now into *third* week and *third* time this very simple questions has been asked pursuant "actual discussion around disclosure policies", from two public and at least one private party, with zero response. Optics fogging up. Escalating as such. Thanks. > When was the issue discovered by Netflix / Looney? > When did FreeBSD become aware of the issue? From owner-freebsd-security@freebsd.org Wed Jul 3 14:08:10 2019 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B603915D4E10 for ; Wed, 3 Jul 2019 14:08:09 +0000 (UTC) (envelope-from markjdb@gmail.com) Received: from mail-io1-xd2b.google.com (mail-io1-xd2b.google.com [IPv6:2607:f8b0:4864:20::d2b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id DEB6C75032 for ; Wed, 3 Jul 2019 14:08:08 +0000 (UTC) (envelope-from markjdb@gmail.com) Received: by mail-io1-xd2b.google.com with SMTP id h6so5095846ioh.3 for ; Wed, 03 Jul 2019 07:08:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=nKFnPzr0JshS9O7fcoakyc/LT7ivT+CSkeR1mIpsR8E=; b=pHQVgjVE+ubfPu5i77wA/KcHM0Snqb7K3LxWP7+oLRpOlQD35grHWLGTNeDKqYze4u x7ZpVJL2pRPFa3C1KgZsyHXLTC4Vz+8mBEq88JajVymSemVAtBzjY5XEU2sXRAgjztbV /aXcyXa7rmQf9pNcJZIUZvGWClruUDKhPZ0SJNeMBMtI6oI5SCaQ/ZeS4HeLSng9kay4 7T/64rgx0dttVQG+I6W3tBTsWvFLu4JlWvz5kAZw0oxAK1DndjnYWHaFkWyL1gbB9eaJ uQNm6nCKOP4sZVCLUQz/Y6ZRsh0uiX7+m0KVoPGuGeF7ftL18hW2Xbw4BE6Cx8QLQGmt zVnA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:from:to:cc:subject:message-id :references:mime-version:content-disposition:in-reply-to:user-agent; bh=nKFnPzr0JshS9O7fcoakyc/LT7ivT+CSkeR1mIpsR8E=; b=bR0+98aosdXp6MEZKoE83ydJH26RBXUa82yy1rlNBqrsl8TxwOzI3Rd1o8z4J96MQm R15lItPULmyPttGjCZXvVIHo+BKFJUf43p9V7Yfkkz95ahUP4Abii/umUr1WJqv+kozo mNCwnm3IT1qlAiqT5XhhRCeB084AYGOxxJgp8b8BVr1PMzTpSA5tSgUiw/rsn/Z3vNzz cc7UPDnVxeFJAH+QcuoccDquKGhKHaNutfu5pQLIMWhLNEfdLiDih3LyX65d5bjIOkMM b7/cLLhkO5futKylIY/B0GkFcdhGIAEdHdSrsn7jPzFHwc/vOsyOtfayh3HHFzZ59MPQ bzmw== X-Gm-Message-State: APjAAAWSy3vfv97POwXeECbGDMFmUrqSFt3UjYV419IZepWfcBuyT3dj ofADqmio/rzHYQL3z8AFDlIgxnW5 X-Google-Smtp-Source: APXvYqwWm6xiktaHCYSatHSlylrv4o9u8M5xCx/itLV/zdnQnTAtsHAsVyBpAnjtErNmKXgyni0dWg== X-Received: by 2002:a6b:5106:: with SMTP id f6mr6044514iob.15.1562162888270; Wed, 03 Jul 2019 07:08:08 -0700 (PDT) Received: from raichu (toroon0560w-lp140-05-70-29-85-38.dsl.bell.ca. [70.29.85.38]) by smtp.gmail.com with ESMTPSA id v26sm2049343iom.88.2019.07.03.07.08.07 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Wed, 03 Jul 2019 07:08:07 -0700 (PDT) Sender: Mark Johnston Date: Wed, 3 Jul 2019 10:08:05 -0400 From: Mark Johnston To: "Ronald F. Guilmette" Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-19:11.cd_ioctl Message-ID: <20190703140805.GC83276@raichu> References: <20190703004928.576CA1A7DE@freefall.freebsd.org> <12532.1562118926@segfault.tristatelogic.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <12532.1562118926@segfault.tristatelogic.com> User-Agent: Mutt/1.12.0 (2019-05-25) X-Rspamd-Queue-Id: DEB6C75032 X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=pHQVgjVE; spf=pass (mx1.freebsd.org: domain of markjdb@gmail.com designates 2607:f8b0:4864:20::d2b as permitted sender) smtp.mailfrom=markjdb@gmail.com X-Spamd-Result: default: False [-5.46 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com]; FORGED_SENDER(0.30)[markj@freebsd.org,markjdb@gmail.com]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; FROM_NEQ_ENVFROM(0.00)[markj@freebsd.org,markjdb@gmail.com]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_SHORT(-0.97)[-0.968,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; DMARC_NA(0.00)[freebsd.org]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[b.2.d.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; IP_SCORE(-2.78)[ip: (-8.33), ipnet: 2607:f8b0::/32(-3.15), asn: 15169(-2.37), country: US(-0.06)]; MID_RHS_NOT_FQDN(0.50)[] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Jul 2019 14:08:10 -0000 On Tue, Jul 02, 2019 at 06:55:26PM -0700, Ronald F. Guilmette wrote: > In message <20190703004928.576CA1A7DE@freefall.freebsd.org>, > freebsd-security@freebsd.org wrote: > > >Topic: Privilege escalation in cd(4) driver > >... > >devfs.conf(5) and devfs.rules(5) can be used to remove read permissions from > >cd(4) devices. > > Would it be accurate to say that another possible workaround would be to > simply remove the optical drive from the system(s) entirely? That's correct. Note though that the problem can only be triggered when some media is present in the drive in the first place. > (I dunno about anybody else, but I personally don't even hardly use the > bloody things anymore anyway.) From owner-freebsd-security@freebsd.org Wed Jul 3 14:41:51 2019 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 94F3215D5D92 for ; Wed, 3 Jul 2019 14:41:51 +0000 (UTC) (envelope-from carpeddiem@gmail.com) Received: from mail-io1-f49.google.com (mail-io1-f49.google.com [209.85.166.49]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id C9E1276668 for ; Wed, 3 Jul 2019 14:41:50 +0000 (UTC) (envelope-from carpeddiem@gmail.com) Received: by mail-io1-f49.google.com with SMTP id r185so5346586iod.6 for ; Wed, 03 Jul 2019 07:41:50 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ohRv5PZ6le0qWR72ys6dx/2QM8+Uu8T+Yp3XoAG1BYo=; b=t+6AoELVrlSkeUYEYWsY0wL2FfeiwywhXYAFW39fdfLqPEfSWn1sl9FVWl+dK9u9mS 8t7qixanj96iK2K4tG9FDGLDE7FF6dV2gwOKnkxP+9DnE7YHTQHry+OknZLNlxM1TosH 1Jbf5FM3qL+qIiuL3HIXwNRdwrRZV3MqO1F8bnHfLvwGS38jWqRkXvBFh4tV0lBIgRqi n/jL0Rvzo/6TbTbH9HH979cIxUHMCiYdx2Nsgdt6HcpFChuizE6s1/EJmWOAiXCQkwuF LjwF9lAM3y5nFpp1+r5ZhuGujnTnOYyKlT+rw+vaiK2MOT3Yck6HxSM/nFTplHTbVi1S 6ZcQ== X-Gm-Message-State: APjAAAVVQJc6jZo1FtbojWoa+ZgMMJdbB9lh7zB9MMhMgWo6dzA1Hesx 6Wv/S/p32earwQqcIJPtRjxKAoEP9AsaGb9vG8M= X-Google-Smtp-Source: APXvYqyGTlcK7llhLc1ly33InhQM7MT8Ckn6p2wgwItIGWAAB34ZHqBoOpq5KWhQ5/GWT8ynijRF3ZM172FnqPaDubw= X-Received: by 2002:a6b:b497:: with SMTP id d145mr26544099iof.17.1562164904080; Wed, 03 Jul 2019 07:41:44 -0700 (PDT) MIME-Version: 1.0 References: <20190703004924.8A5411A7D5@freefall.freebsd.org> In-Reply-To: From: Ed Maste Date: Wed, 3 Jul 2019 06:41:11 -0400 Message-ID: Subject: Re: FreeBSD Security Advisory FreeBSD-SA-19:10.ufs To: Doug Hardie Cc: freebsd-security@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: C9E1276668 X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; spf=pass (mx1.freebsd.org: domain of carpeddiem@gmail.com designates 209.85.166.49 as permitted sender) smtp.mailfrom=carpeddiem@gmail.com X-Spamd-Result: default: False [-5.60 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:209.85.128.0/17]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; DMARC_NA(0.00)[freebsd.org]; MIME_TRACE(0.00)[0:+]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[49.166.85.209.list.dnswl.org : 127.0.5.0]; NEURAL_HAM_SHORT(-0.91)[-0.914,0]; RCVD_TLS_LAST(0.00)[]; FORGED_SENDER(0.30)[emaste@freebsd.org,carpeddiem@gmail.com]; R_DKIM_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US]; FROM_NEQ_ENVFROM(0.00)[emaste@freebsd.org,carpeddiem@gmail.com]; IP_SCORE(-2.67)[ip: (-7.48), ipnet: 209.85.128.0/17(-3.45), asn: 15169(-2.37), country: US(-0.06)]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Jul 2019 14:41:51 -0000 On Wed, 3 Jul 2019 at 06:05, Doug Hardie wrote: > > > Afterwards, reboot the system and run: > > > > # fsck -t ufs -f -p -T ufs:-z > > > > to clean up your existing filesystems. > > After rebooting the system I get: > > master# fsck -t ufs -f -p -T ufs:-z > /dev/ada0p2: NO WRITE ACCESS > /dev/ada0p2: UNEXPECTED INCONSISTENCY; RUN fsck MANUALLY. > > Is this expected result or is there a problem here? Thanks for reporting this - it looks like some more detail will need to be added to the SA. The fsck needs to be run without the filesystem being mounted read-write, most likely in single user mode. I brought a test system down to single user mode, remounted / as read-only, and ran the fsck command as follows: # shutdown now ... Enter full pathname of shell or RETURN for /bin/sh: # mount -u -o ro / # fsck -t ufs -f -p -T ufs:-z /dev/ufsid/5bf225f5889c157d: 28576 files, 304757 used, 27570235 free (899 frags, 3446167 blocks, 0.0% fragmentation) # exit From owner-freebsd-security@freebsd.org Wed Jul 3 15:00:21 2019 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4991915D67D1 for ; Wed, 3 Jul 2019 15:00:21 +0000 (UTC) (envelope-from mike@sentex.net) Received: from pyroxene.sentex.ca (unknown [IPv6:2607:f3e0:0:3::18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "pyroxene.sentex.ca", Issuer "Let's Encrypt Authority X3" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 59014772B0 for ; Wed, 3 Jul 2019 15:00:20 +0000 (UTC) (envelope-from mike@sentex.net) Received: from [192.168.43.29] ([192.168.43.29]) by pyroxene.sentex.ca (8.15.2/8.15.2) with ESMTPS id x63F0IHH054172 (version=TLSv1.2 cipher=AES128-SHA bits=128 verify=NO) for ; Wed, 3 Jul 2019 11:00:19 -0400 (EDT) (envelope-from mike@sentex.net) Subject: Re: FreeBSD Security Advisory FreeBSD-SA-19:10.ufs To: freebsd-security@freebsd.org References: <20190703004924.8A5411A7D5@freefall.freebsd.org> From: mike tancsa Message-ID: <64088617-ef63-d1b7-06a0-7f73d685769e@sentex.net> Date: Wed, 3 Jul 2019 11:00:19 -0400 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.7.2 MIME-Version: 1.0 In-Reply-To: <20190703004924.8A5411A7D5@freefall.freebsd.org> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Content-Language: en-US X-Rspamd-Queue-Id: 59014772B0 X-Spamd-Bar: + Authentication-Results: mx1.freebsd.org; spf=pass (mx1.freebsd.org: domain of mike@sentex.net designates 2607:f3e0:0:3::18 as permitted sender) smtp.mailfrom=mike@sentex.net X-Spamd-Result: default: False [1.65 / 15.00]; ARC_NA(0.00)[]; RDNS_NONE(1.00)[]; RCVD_TLS_ALL(0.00)[]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f3e0::/32]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-0.48)[-0.479,0]; DMARC_NA(0.00)[sentex.net]; NEURAL_SPAM_SHORT(0.21)[0.211,0]; MX_GOOD(-0.01)[cached: smtp.sentex.ca]; NEURAL_HAM_MEDIUM(-0.82)[-0.819,0]; IP_SCORE(-0.45)[ipnet: 2000::/3(-1.47), asn: 12874(-0.83), country: IT(0.03)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:12874, ipnet:2000::/3, country:IT]; HFILTER_HOSTNAME_UNKNOWN(2.50)[]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Jul 2019 15:00:21 -0000 On 7/2/2019 8:49 PM, FreeBSD Security Advisories wrote: > Special note: This update also adds the -z flag to fsck_ffs to have it scrub > the leaked information in the name padding of existing directories. It only > needs to be run once on each UFS/FFS filesystem after a patched kernel is > installed and running. > > # freebsd-update install > > Afterwards, reboot the system and run: > > # fsck -t ufs -f -p -T ufs:-z > > to clean up your existing filesystems. > Doesnt this need to be run in single user mode with the file system not mounted RW ?     ---Mike From owner-freebsd-security@freebsd.org Wed Jul 3 15:20:58 2019 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6CE2815D71C0 for ; Wed, 3 Jul 2019 15:20:58 +0000 (UTC) (envelope-from srs0=uqfc=va=lafn.org=bc979@sermon-archive.info) Received: from mail.sermon-archive.info (sermon-archive.info [71.177.216.148]) by mx1.freebsd.org (Postfix) with ESMTP id 90F6A77F7E; Wed, 3 Jul 2019 15:20:57 +0000 (UTC) (envelope-from srs0=uqfc=va=lafn.org=bc979@sermon-archive.info) Received: from [192.168.1.144] (96-8-177-190.block0.gvtc.com [96.8.177.190]) by mail.sermon-archive.info (Postfix) with ESMTPSA id 45f4Yz6JcWz2fjRr; Wed, 3 Jul 2019 08:20:55 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (1.0) Subject: Re: FreeBSD Security Advisory FreeBSD-SA-19:10.ufs From: Doug Hardie X-Mailer: iPad Mail (16F203) In-Reply-To: Date: Wed, 3 Jul 2019 10:20:54 -0500 Cc: freebsd-security@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: References: <20190703004924.8A5411A7D5@freefall.freebsd.org> To: Ed Maste X-Virus-Scanned: clamav-milter 0.100.2 at mail X-Virus-Status: Clean X-Rspamd-Queue-Id: 90F6A77F7E X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; spf=pass (mx1.freebsd.org: domain of srs0=uqfc=va=lafn.org=bc979@sermon-archive.info designates 71.177.216.148 as permitted sender) smtp.mailfrom=srs0=uqfc=va=lafn.org=bc979@sermon-archive.info X-Spamd-Result: default: False [-0.72 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-0.90)[-0.896,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:71.177.216.148]; MV_CASE(0.50)[]; MIME_GOOD(-0.10)[text/plain]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-0.97)[-0.974,0]; NEURAL_SPAM_SHORT(0.65)[0.651,0]; IP_SCORE(-0.09)[asn: 5650(-0.38), country: US(-0.06)]; MX_GOOD(-0.01)[cached: sermon-archive.info]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[148.216.177.71.list.dnswl.org : 127.0.10.0]; FORGED_SENDER(0.30)[bc979@lafn.org,srs0=uqfc=va=lafn.org=bc979@sermon-archive.info]; RCVD_NO_TLS_LAST(0.10)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:5650, ipnet:71.177.216.0/23, country:US]; FROM_NEQ_ENVFROM(0.00)[bc979@lafn.org,srs0=uqfc=va=lafn.org=bc979@sermon-archive.info]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-Mailman-Approved-At: Wed, 03 Jul 2019 15:53:14 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Jul 2019 15:20:58 -0000 On Jul 3, 2019, at 05:41, Ed Maste wrote: >=20 >> On Wed, 3 Jul 2019 at 06:05, Doug Hardie wrote: >>=20 >>> Afterwards, reboot the system and run: >>>=20 >>> # fsck -t ufs -f -p -T ufs:-z >>>=20 >>> to clean up your existing filesystems. >>=20 >> After rebooting the system I get: >>=20 >> master# fsck -t ufs -f -p -T ufs:-z >> /dev/ada0p2: NO WRITE ACCESS >> /dev/ada0p2: UNEXPECTED INCONSISTENCY; RUN fsck MANUALLY. >>=20 >> Is this expected result or is there a problem here? >=20 > Thanks for reporting this - it looks like some more detail will need > to be added to the SA. The fsck needs to be run without the filesystem > being mounted read-write, most likely in single user mode. >=20 > I brought a test system down to single user mode, remounted / as > read-only, and ran the fsck command as follows: >=20 > # shutdown now > ... > Enter full pathname of shell or RETURN for /bin/sh: > # mount -u -o ro / > # fsck -t ufs -f -p -T ufs:-z > /dev/ufsid/5bf225f5889c157d: 28576 files, 304757 used, 27570235 free > (899 frags, 3446167 blocks, 0.0% fragmentation) > # exit That is going to be a bit tricky to do on a headless server that is remote. = None of mine have consoles. They are all accessed via SSH. Any ideas how t= his situation can be handled? =E2=80=94 Doug= From owner-freebsd-security@freebsd.org Wed Jul 3 16:31:29 2019 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 34F5915D913B for ; Wed, 3 Jul 2019 16:31:29 +0000 (UTC) (envelope-from carpeddiem@gmail.com) Received: from mail-io1-f53.google.com (mail-io1-f53.google.com [209.85.166.53]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 64A9C83185 for ; Wed, 3 Jul 2019 16:31:27 +0000 (UTC) (envelope-from carpeddiem@gmail.com) Received: by mail-io1-f53.google.com with SMTP id k8so6324750iot.1 for ; Wed, 03 Jul 2019 09:31:27 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=tqtMB59p2JKS7OguUXaQU5frX9bsDb8EB3mzRG0Usus=; b=D+OVWx2UVHErsBG06zp8uvvWYs/x6d8pn4hyx22PB4UNuQA5SlABwOuVZueMGs27R1 NZeS8LjinJ1Se2KzkaUgHurK6OLPgZ6mX6uoMI13WxsgRWgp2eWObIaz7UcUK0MeJd7/ hR5s1ER/h1KgE25ykXCEqaYmraKZ9PMBJVPmGj+9aqqu2C4v/Vb24qQ43v+hQH0PqiBf cYg1tKgpLX1RxW6nFsvp0oTc01Oh7+u0pxRBb2pzldQujvv37sl8svBHLDi9KfZ5KRrC EKAeO3mqyEs96kZ7NE4Wlh0uOiuXI6Vdjxe5YliWFUiAgiC+6LtVjTLqKxq0U0e5C70i RTuQ== X-Gm-Message-State: APjAAAXDmSuoTEY+VKXYCVwAfdBgaJfbr7tGAGPtCPZMS9pjr7Q8xz68 H1Nwux69jfom6Ve9rvIJQPWruqClQe9webBICa0rLuX2 X-Google-Smtp-Source: APXvYqwIAxIpd6HA2pvWYG71TU4kaIHyjEzbanPu1QPFlCW6cZuhoOH++TEfJmkm89wHhpQV++XambRr/QjU3/Qz/w8= X-Received: by 2002:a5d:9047:: with SMTP id v7mr5773226ioq.18.1562171412145; Wed, 03 Jul 2019 09:30:12 -0700 (PDT) MIME-Version: 1.0 References: <20190703004924.8A5411A7D5@freefall.freebsd.org> In-Reply-To: From: Ed Maste Date: Wed, 3 Jul 2019 08:29:38 -0400 Message-ID: Subject: Re: FreeBSD Security Advisory FreeBSD-SA-19:10.ufs To: Doug Hardie Cc: freebsd-security@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 64A9C83185 X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; spf=pass (mx1.freebsd.org: domain of carpeddiem@gmail.com designates 209.85.166.53 as permitted sender) smtp.mailfrom=carpeddiem@gmail.com X-Spamd-Result: default: False [-4.85 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:209.85.128.0/17]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; DMARC_NA(0.00)[freebsd.org]; MIME_TRACE(0.00)[0:+]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[53.166.85.209.list.dnswl.org : 127.0.5.0]; NEURAL_HAM_SHORT(-0.94)[-0.940,0]; RCVD_TLS_LAST(0.00)[]; FORGED_SENDER(0.30)[emaste@freebsd.org,carpeddiem@gmail.com]; RWL_MAILSPIKE_POSSIBLE(0.00)[53.166.85.209.rep.mailspike.net : 127.0.0.17]; R_DKIM_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US]; FROM_NEQ_ENVFROM(0.00)[emaste@freebsd.org,carpeddiem@gmail.com]; IP_SCORE(-1.90)[ip: (-3.63), ipnet: 209.85.128.0/17(-3.45), asn: 15169(-2.38), country: US(-0.06)]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Jul 2019 16:31:29 -0000 On Wed, 3 Jul 2019 at 11:21, Doug Hardie wrote: > > That is going to be a bit tricky to do on a headless server that is remote. None of mine have consoles. They are all accessed via SSH. Any ideas how this situation can be handled? Probably an rc.d script with BEFORE: root that invokes the fsck command - something along the lines of the following (as yet untested and missing error checking etc.): #!/bin/sh # # PROVIDE: fsck_ufs # BEFORE: root # REQUIRE: fsck # KEYWORD: nojail . /etc/rc.subr name="fsck_ufs" desc="fsck UFS filesystems for FreeBSD-SA-19:10.ufs" start_cmd="fsck_ufs_start" stop_cmd=":" fsck_ufs_start() { fsck -t ufs -f -p -T ufs:-z } load_rc_config $name run_rc_command "$1" From owner-freebsd-security@freebsd.org Wed Jul 3 17:18:18 2019 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C261715DAB55 for ; Wed, 3 Jul 2019 17:18:17 +0000 (UTC) (envelope-from gordon@tetlows.org) Received: from mail-qt1-x82b.google.com (mail-qt1-x82b.google.com [IPv6:2607:f8b0:4864:20::82b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 254E48571B for ; Wed, 3 Jul 2019 17:18:16 +0000 (UTC) (envelope-from gordon@tetlows.org) Received: by mail-qt1-x82b.google.com with SMTP id d17so3134696qtj.8 for ; Wed, 03 Jul 2019 10:18:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tetlows.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=OeKPhUuUhlmRom18KOklGCuqkOLvq/H2apfNDViaB+g=; b=Equ7eHJFjcN9Ugj8LW2lsewfEdRh6S8pI0K2lVcTBpqDThTAYCZzmP1EcJpbGM2JMV 4DICEltCDqQ5Ke1K6ChP0a8qcETGIJaSKv6qy0ERdz69NYvFj6JpsWcceDuR5h1SjeES uQgadSaUe695w9yRrXPefye9CTTAqVGPJTCAY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=OeKPhUuUhlmRom18KOklGCuqkOLvq/H2apfNDViaB+g=; b=LHZ8LSeTDG+C/4jTG65eusUv7aT6/+C8rovlnhhlANymB0e4XCn9tagXL4885eoxTV b4qo8rtjbj4uYP2cMmkUe8/yRAS3I2t3LhZwbx7N7o6BCH0yOuLi+1duyZ7ddgGD9kj7 OPHtcb0k9bIpyXdSYxrdF8D0nIXq7BN3vYuEKEGDxtMqwfTfN3pnK8RxI2ifuyZQuk7n pxKgHv4g0eUiEnyYqHMVs4YpXKhRKX+RNw/bEN1vHLu6nRKoTGp6c/d2b0nqkK8R0jU/ Bh2Mzrf02cZmLuVAoQN/CsyJRZuf+F9DU91MxqV87YifiGt7o/rIyPJ9fMPYWoVXaycJ bySw== X-Gm-Message-State: APjAAAXHeG+T+QrdzAkaIV/sXegLVSIrW/Ji3FR2q6wB7x48QHHKHeTD y2vXpMvPPCDHt4AvngtDXp2F X-Google-Smtp-Source: APXvYqyQtywX9tKkM9cKQWBc7XlYZdjO8zt0AkYmq6aWEWVDWRP2/J7tY3HZepUM1HiHTgteX09aTw== X-Received: by 2002:ac8:2f66:: with SMTP id k35mr31766291qta.174.1562174295368; Wed, 03 Jul 2019 10:18:15 -0700 (PDT) Received: from gmail.com ([2607:fc50:0:7900:0:dead:beef:cafe]) by smtp.gmail.com with ESMTPSA id y9sm872365qki.116.2019.07.03.10.18.13 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 03 Jul 2019 10:18:14 -0700 (PDT) Date: Wed, 3 Jul 2019 10:18:12 -0700 From: Gordon Tetlow To: Shawn Webb Cc: grarpamp , freebsd-security@freebsd.org, freebsd-questions@freebsd.org Subject: Re: CVE-2019-5599 SACK Slowness (FreeBSD 12 using the RACK TCP Stack) Message-ID: <20190703171812.GM32970@gmail.com> References: <20190618235535.GY32970@gmail.com> <20190619000655.2gde4u5i5ter5exu@mutt-hbsd> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="TegBI+r9roYdcP94" Content-Disposition: inline In-Reply-To: <20190619000655.2gde4u5i5ter5exu@mutt-hbsd> User-Agent: Mutt/1.12.0 (2019-05-25) X-Rspamd-Queue-Id: 254E48571B X-Spamd-Bar: --------- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=tetlows.org header.s=google header.b=Equ7eHJF; dmarc=pass (policy=none) header.from=tetlows.org; spf=pass (mx1.freebsd.org: domain of gordon@tetlows.org designates 2607:f8b0:4864:20::82b as permitted sender) smtp.mailfrom=gordon@tetlows.org X-Spamd-Result: default: False [-9.11 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[tetlows.org:+]; DMARC_POLICY_ALLOW(-0.50)[tetlows.org,none]; MX_GOOD(-0.01)[cached: alt1.aspmx.l.google.com]; SIGNED_PGP(-2.00)[]; NEURAL_HAM_SHORT(-1.00)[-0.999,0]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; IP_SCORE(-3.00)[ip: (-9.42), ipnet: 2607:f8b0::/32(-3.16), asn: 15169(-2.38), country: US(-0.06)]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[tetlows.org:s=google]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[b.2.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; FREEMAIL_CC(0.00)[gmail.com] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Jul 2019 17:18:18 -0000 --TegBI+r9roYdcP94 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Sorry for the late response, only so many hours in the day. On Tue, Jun 18, 2019 at 08:06:55PM -0400, Shawn Webb wrote: > It appears that Netflix's advisory (as of this writing) does not > include a timeline of events. Would FreeBSD be able to provide its > event timeline with regards to CVE-2019-5599? I don't generally document a timeline of events from our side. This particular disclosure was a bit unusual as it wasn't external but instead was an internal FreeBSD developer the security team often works with. As such, our process was a bit out of sync with normal (as much as we have a normal with our current processes). All of that said, we got notice in early June, about 10 days before public disclosure. > Were any FreeBSD derivatives given advanced notice? If so, which ones? They were not. I would like to get to a point where we feel we could give some sort of heads up for downstream, but we aren't there yet. Best, Gordon --TegBI+r9roYdcP94 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQGTBAABCgB9FiEEuyjUCzYO7pNq7RVv5fe8y6O93fgFAl0c409fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEJC MjhENDBCMzYwRUVFOTM2QUVEMTU2RkU1RjdCQ0NCQTNCRERERjgACgkQ5fe8y6O9 3fgf3AgAmWoZy3EXl/ROMzh2xg8e+63ZqyA8Ugvk/sp/moH7YbAUo6IbrpdWeqMS ExyKeGJ1s5x2aizvUJCDlzSfh2xf/NIEDd6962U3r2leSC66LWR7rZrNkpxgxIfZ TST4rFb03aO1DhtQRMA4hZYo/VFW9w7sQOqJIxRjimq2rRrs2bB+d3QoE7EM2GGi /H9Y8QxGAEE9+kmSsDqlP5KHTTOWjkxEGHeQl1h+kLkm08AVS24z1k1MWvLNYoUK bXB3O4Kdq4iSneGhD43YKA1RXiw07mltib5VVKNHDDuyS+aUXMrq/Qo+6nMKnOtU 1GzNbaezukSHbf7DYoaH2BuQD9h8Tw== =V7Bz -----END PGP SIGNATURE----- --TegBI+r9roYdcP94-- From owner-freebsd-security@freebsd.org Thu Jul 4 02:51:12 2019 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AD52115E7143; Thu, 4 Jul 2019 02:51:12 +0000 (UTC) (envelope-from grarpamp@gmail.com) Received: from mail-io1-xd41.google.com (mail-io1-xd41.google.com [IPv6:2607:f8b0:4864:20::d41]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D2356755BA; Thu, 4 Jul 2019 02:51:10 +0000 (UTC) (envelope-from grarpamp@gmail.com) Received: by mail-io1-xd41.google.com with SMTP id w25so9693117ioc.8; Wed, 03 Jul 2019 19:51:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=NnpNhlEKq6ndRRjmzdo/B5FJGFEE/3jNzOG9z+U73YE=; b=G3H85mzcZvwKrEcFMvZ5IBqx66SupcCudO2nKdtrpLx+2m/+Tr0CLcy26ULHnTuEn5 kFhtpTaLBj2WCPA0CioqwS2Eq+hpbkdHuZBm5i0AXlmdZdlGOtbHHx+dICZk4SbHQEvu jrxkFPIF30pBnvFR351X66MZEV4O8MiFuBV/SySfHqUKV00kAa2TMji8mMsC2iRoCszZ UIybRlJRUYZ1ciK7EQBLz+Is4dnPUfuaF0MaNNT8c7FazRFPfk/Ih1NBpHN6PzvczTz3 h2/7aaKD03vaanvYO3YgYAS0Ie902BeP/50bo4xfST/QFuobIPq2hDvhr37UsqA1yv3I WWEw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=NnpNhlEKq6ndRRjmzdo/B5FJGFEE/3jNzOG9z+U73YE=; b=pfko83srgOnUZ6Yt6ncKrDJonA2joDxW8E8LMpGNwbhpjODwHlrMzbM4N09nsPUlz5 g2hdjFS34Q9V2JFMgD2C+Z5K28mdwNZjzhbVuvcqep0xmvQ2078gFRmb45l7oTKaYwVN 8TFJupZeqGnv5sYL+cmuM+6Qwpi0ATMQd43tvafYL7xEMu3E9fLmRfxScfEXAOKZbR1B AQbzw6NVyEhs5ucNF3y+7T3EBYV9BAc5JbxjO9nWLLtVekgMeb4OrXVN50s2K17HLaMx S+0f49Q6QIC90LGMOIUWoHzxYS4QCxcD3ylqImxptNhJ9eD5TXAo/u1OWwj+zxptGweu RMqw== X-Gm-Message-State: APjAAAW2ZfTRCdbXsdhUr2oLEwioMx6DV271WYioY+vYojWAgMs7b68q VC3hDuuSGAfeipRhW5t+bsKzPNhz4jiQvugmoZp3i72r X-Google-Smtp-Source: APXvYqx6z8+Yg7P4ysKYRQHiHm+TPva78VEs1ptLcZMaMwsk4KdrJebXFi49Wxr9FWWQPg6K6bmikyngCWfCDe4yDYY= X-Received: by 2002:a5d:8404:: with SMTP id i4mr2492944ion.146.1562208669702; Wed, 03 Jul 2019 19:51:09 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a02:81c6:0:0:0:0:0 with HTTP; Wed, 3 Jul 2019 19:51:09 -0700 (PDT) In-Reply-To: References: <20190618235535.GY32970@gmail.com> From: grarpamp Date: Wed, 3 Jul 2019 22:51:09 -0400 Message-ID: Subject: Re: CVE-2019-5599 SACK Slowness (FreeBSD 12 using the RACK TCP Stack) To: freebsd-security@freebsd.org Cc: freebsd-questions@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: D2356755BA X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=G3H85mzc; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of grarpamp@gmail.com designates 2607:f8b0:4864:20::d41 as permitted sender) smtp.mailfrom=grarpamp@gmail.com X-Spamd-Result: default: False [-4.30 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; FREEMAIL_FROM(0.00)[gmail.com]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; IP_SCORE(-0.80)[ip: (1.59), ipnet: 2607:f8b0::/32(-3.16), asn: 15169(-2.39), country: US(-0.06)]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com]; RCVD_IN_DNSWL_NONE(0.00)[1.4.d.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; NEURAL_HAM_SHORT(-0.49)[-0.487,0]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_TLS_LAST(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0] X-Mailman-Approved-At: Thu, 04 Jul 2019 04:05:44 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Jul 2019 02:51:12 -0000 >>> https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md >> discussion around disclosure policies > In today's world of parallel discovery, leaks, sec org infiltration by > adversary, surveillance, no crypto, rapid automated exploit, etc... > to wait for patch, polish, and press release advert, to not disclose, > afford users local action up to immediate offlining for safety and wait, > to draw upon entire community pool that has time*ability factor to fix... is > thought by many [users] as irresponsible to users. There is no tone. And > of course this one isn't currently a remote or local root. But what if it > was... > For those interested or new, there's lots of historical discussion with > and without tone that can be found on any seclist, yet is no universal.. https://www.zdnet.com/article/firefox-zero-day-was-used-in-attack-against-coinbase-employees-not-its-users/ https://tech.slashdot.org/story/15/09/04/206228/bugzilla-breached-private-vulnerability-data-stolen A recent Firefox zero-day that has made headlines across the tech news world this week was actually used in attacks against Coinbase employees, and not the company's users. Furthermore, the attacks used not one, but two Firefox zero-days, according to Philip Martin, a member of the Coinbase security team, which reported the attacks to Mozilla. One was an RCE reported by a Google Project Zero security researcher to Mozilla in April, and the second was a sandbox escape that was spotted in the wild by the Coinbase team together with the RCE, on Monday. The question here is how an attacker managed to get hold of the details for the RCE vulnerability and use it for his attacks after the vulnerability was privately reported to Mozilla by Google. The attacker could have found the Firefox RCE on his own, he could have bribed a Mozilla/Google insider, hacked a Mozilla/Google employee and viewed details about the RCE, or hacked Mozilla's bug tracker, like another attacker did in 2015. > https://www.freebsd.org/security/ > https://www.freebsd.org/security/charter.html > https://svnweb.freebsd.org/doc/head/en_US.ISO8859-1/htdocs/security/ > > The charter last marked current 2002... is there any actual and > posted mandatory timeliness disclosure trigger component? > One that gets overall reviewed for user input say every N-years? > Perhaps something more security focused than the general... > > https://www.research.net/r/freebsd2019 From owner-freebsd-security@freebsd.org Thu Jul 4 04:37:40 2019 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9BDF715C2E47 for ; Thu, 4 Jul 2019 04:37:40 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from eg.sd.rdtc.ru (eg.sd.rdtc.ru [IPv6:2a03:3100:c:13::5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "eg.sd.rdtc.ru", Issuer "eg.sd.rdtc.ru" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 7479B80C85; Thu, 4 Jul 2019 04:37:29 +0000 (UTC) (envelope-from eugen@grosbein.net) X-Envelope-From: eugen@grosbein.net X-Envelope-To: emaste@freebsd.org Received: from [10.58.0.4] (dadv@[10.58.0.4]) by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTPS id x644b81I049806 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Thu, 4 Jul 2019 11:37:08 +0700 (+07) (envelope-from eugen@grosbein.net) Subject: Re: FreeBSD Security Advisory FreeBSD-SA-19:10.ufs To: Ed Maste , Doug Hardie References: <20190703004924.8A5411A7D5@freefall.freebsd.org> Cc: freebsd-security@freebsd.org From: Eugene Grosbein Message-ID: <02d4f9e8-f01f-aba1-1000-432a821a04d7@grosbein.net> Date: Thu, 4 Jul 2019 11:37:06 +0700 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 7479B80C85 X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; spf=permerror (mx1.freebsd.org: domain of eugen@grosbein.net uses mechanism not recognized by this client) smtp.mailfrom=eugen@grosbein.net X-Spamd-Result: default: False [0.34 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.34)[-0.340,0]; MX_INVALID(0.50)[greylisted]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; TO_DN_SOME(0.00)[]; NEURAL_HAM_LONG(-0.32)[-0.318,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[grosbein.net]; NEURAL_SPAM_SHORT(0.55)[0.549,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; R_SPF_PERMFAIL(0.00)[]; IP_SCORE(0.05)[asn: 29072(0.22), country: RU(0.01)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:29072, ipnet:2a03:3100::/32, country:RU]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Jul 2019 04:37:40 -0000 03.07.2019 19:29, Ed Maste wrote: > On Wed, 3 Jul 2019 at 11:21, Doug Hardie wrote: >> >> That is going to be a bit tricky to do on a headless server that is remote. None of mine have consoles. They are all accessed via SSH. Any ideas how this situation can be handled? > > Probably an rc.d script with BEFORE: root that invokes the fsck > command - something along the lines of the following (as yet untested > and missing error checking etc.): > > #!/bin/sh > # > > # PROVIDE: fsck_ufs > # BEFORE: root > # REQUIRE: fsck > # KEYWORD: nojail > > . /etc/rc.subr > > name="fsck_ufs" > desc="fsck UFS filesystems for FreeBSD-SA-19:10.ufs" > start_cmd="fsck_ufs_start" > stop_cmd=":" > > fsck_ufs_start() > { > fsck -t ufs -f -p -T ufs:-z > } > > load_rc_config $name > run_rc_command "$1" We should resurrect "early" rc.d script. Its removal in 6.x as opposed to rewrite was a mistake as such script is irreplaceable for multiple situations including pretty ordinary ones like enabling kernel crashdumps to gmirror. From owner-freebsd-security@freebsd.org Thu Jul 4 09:22:50 2019 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B83BE15CE1A4 for ; Thu, 4 Jul 2019 09:22:50 +0000 (UTC) (envelope-from tomek.cedro@gmail.com) Received: from mail-oi1-f170.google.com (mail-oi1-f170.google.com [209.85.167.170]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id C5309884B4; Thu, 4 Jul 2019 09:22:49 +0000 (UTC) (envelope-from tomek.cedro@gmail.com) Received: by mail-oi1-f170.google.com with SMTP id 65so4406372oid.13; Thu, 04 Jul 2019 02:22:49 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=iaoCo5RyQE81m8RPNhrqPTa7L4f/83ERyvRJbpYYCCk=; b=ZTWOQcsPHf5SMbhe8kDcZqkqWw4qvmQsVUmie9YoIGIUV/YAA3bcUfa6kS80lh3Oy/ ugE6XCSgqlDw/vkjf6Y72ByxK3qfhzy2wkQKkg6pRkPMCx6c0CZBDYgANcf+aA09AxLf 2rMN5tbYcQtNlUfZP1Z51N39E9+OUDamK7Ig6KEUwPNgv6RC08Wx6eVIgdASK0g73pPl sCs6/RyvI2iN9CFNsai3iLYpdHb5QfRr5rlHN/zESEfiowlkA1i+AG2eU7ClgHv+pqkd cOEsGHANa4NkGxOP6yCT49rSiv7XaJXXETRQSGQYuItVYemkaqBynxKT9oKcDSq+ToAR PsKw== X-Gm-Message-State: APjAAAUR/C22R/aESio3o7IxJpERWP33l433deM9F3deIthsXcEvdkYt XXbHXqHqydo4ahfBkwMzIvjtPNfeNU/Smczr8ySZjQ== X-Google-Smtp-Source: APXvYqw85kgSW4Mx3OpR5uzl7Is1+Kq4w4EWwUctgTccsSFHnznnHWW/pgB8RO4QiDQT8nh5K3aZbay94QOuEuaYS/Q= X-Received: by 2002:aca:d594:: with SMTP id m142mr1258563oig.168.1562232167944; Thu, 04 Jul 2019 02:22:47 -0700 (PDT) MIME-Version: 1.0 References: <20190703004924.8A5411A7D5@freefall.freebsd.org> <02d4f9e8-f01f-aba1-1000-432a821a04d7@grosbein.net> In-Reply-To: <02d4f9e8-f01f-aba1-1000-432a821a04d7@grosbein.net> From: CeDeROM Date: Thu, 4 Jul 2019 11:22:36 +0200 Message-ID: Subject: Re: FreeBSD Security Advisory FreeBSD-SA-19:10.ufs To: Eugene Grosbein Cc: Ed Maste , Doug Hardie , freebsd-security@freebsd.org X-Rspamd-Queue-Id: C5309884B4 X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; spf=pass (mx1.freebsd.org: domain of tomekcedro@gmail.com designates 209.85.167.170 as permitted sender) smtp.mailfrom=tomekcedro@gmail.com X-Spamd-Result: default: False [-4.28 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.996,0]; TAGGED_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; R_SPF_ALLOW(-0.20)[+ip4:209.85.128.0/17]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; RCVD_TLS_LAST(0.00)[]; DMARC_NA(0.00)[tlen.pl]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com]; NEURAL_HAM_SHORT(-0.98)[-0.982,0]; RCVD_IN_DNSWL_NONE(0.00)[170.167.85.209.list.dnswl.org : 127.0.5.0]; IP_SCORE(-1.30)[ip: (-0.57), ipnet: 209.85.128.0/17(-3.46), asn: 15169(-2.39), country: US(-0.06)]; FORGED_SENDER(0.30)[cederom@tlen.pl,tomekcedro@gmail.com]; MIME_TRACE(0.00)[0:+,1:+]; R_DKIM_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US]; FROM_NEQ_ENVFROM(0.00)[cederom@tlen.pl,tomekcedro@gmail.com]; RCVD_COUNT_TWO(0.00)[2] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Jul 2019 09:22:51 -0000 On Thu, Jul 4, 2019, 06:37 Eugene Grosbein wrote: > We should resurrect "early" rc.d script. Its removal in 6.x as opposed to > rewrite was a mistake > as such script is irreplaceable for multiple situations including pretty > ordinary ones > like enabling kernel crashdumps to gmirror. > +1 :-) > -- CeDeROM, SQ7MHZ, http://www.tomek.cedro.info From owner-freebsd-security@freebsd.org Thu Jul 4 04:06:13 2019 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 62E6E15E8A7F; Thu, 4 Jul 2019 04:06:13 +0000 (UTC) (envelope-from grarpamp@gmail.com) Received: from mail-io1-xd42.google.com (mail-io1-xd42.google.com [IPv6:2607:f8b0:4864:20::d42]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 7C65877EF0; Thu, 4 Jul 2019 04:06:12 +0000 (UTC) (envelope-from grarpamp@gmail.com) Received: by mail-io1-xd42.google.com with SMTP id e5so5613789iok.4; Wed, 03 Jul 2019 21:06:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc; bh=jNRuH5mOxaD+sUVMiJP+Bim8OjxnfZmPgqSPt4bhh68=; b=FWZ7CvcSAaY+ML0f/hbZW5NWh9ChYTcsToYytm6cb4aUr1TnrvOUnieOszmnpTR+1f CJXJAbNlJ59GBD3lRxWgXx/ze1kh2hzR3lcte8md97c3anqYD35yrxkF8k9mC6kchXmt A8QccPm11D9Ols4Pqi+tkv/fIn6zKdyjQ8A/a4XD66l7iC2sKvmICrIy92+d/BJOurwX GWWFaf1h5Bj4XgSygICxCf7J6pe+PppsYSMXoaRZR4TbLXpguyByggvGlWHQ2+AQs47h Xwt8Drt6Cu/rOFBHjRZCKYlMjaWYWdZ7WA4E+lVpK1GLDZHfjKPodRcWzE66Qcy0POlY 8pQw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=jNRuH5mOxaD+sUVMiJP+Bim8OjxnfZmPgqSPt4bhh68=; b=mAgG6mzLVZmLD8avk3JP9RSBOH71SG0bIFcPL0LVR3nY7s4Jm0quOWhOVkgwhicUeT As+RMsRXw15LDQlGCquq1SIVbmOWp7ephTiuuWknLexRw/QQxtI7sdMNw9g0nXzZTJBK I++Xmrg5vDRHqlPbavT5PQ1TW94uEMDEaFKjFLTxk5birZNh0c8i8bWglYrefP9/Nq0P 9Lh/62P2OpicJFhsVyyh6nzoG+RcseXxJ+t/n8o7rQ1O7kDhVbOr9dblOJj7LA57+xF1 8G29BaOS7zE+H46bokPuQtrqKwHNEkCBka+ubvD2i5Vj81IXiBMEuYeU+SWN06K/I6Qs CC/Q== X-Gm-Message-State: APjAAAX2N6mllE9hRNuxJUUkQam3UTdN9l74jCKm//VMQ9Yj+JE6cefE AgK5pOVCwq28Uhijg7LiaCwIqy8iq839IsxdIl+rE6gG X-Google-Smtp-Source: APXvYqxbmoXPC/tW3JkmPfPMEDuoe4MrIovEaYBBbxgaFvYxgSu3+yOfR4J01PHROAVhtibtmlFRK7InMQSDIqekGj8= X-Received: by 2002:a5e:8618:: with SMTP id z24mr13860677ioj.174.1562213171574; Wed, 03 Jul 2019 21:06:11 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a02:81c6:0:0:0:0:0 with HTTP; Wed, 3 Jul 2019 21:06:10 -0700 (PDT) From: grarpamp Date: Thu, 4 Jul 2019 00:06:10 -0400 Message-ID: Subject: Review of FreeBSD Security Advisory Process: Incl Heads Up, Dates, Etc [cont: 5599 SACK} To: freebsd-security@freebsd.org Cc: freebsd-questions@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 7C65877EF0 X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=FWZ7CvcS; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of grarpamp@gmail.com designates 2607:f8b0:4864:20::d42 as permitted sender) smtp.mailfrom=grarpamp@gmail.com X-Spamd-Result: default: False [-4.35 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.998,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; FREEMAIL_FROM(0.00)[gmail.com]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; IP_SCORE(-0.81)[ip: (1.58), ipnet: 2607:f8b0::/32(-3.16), asn: 15169(-2.39), country: US(-0.06)]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com]; RCVD_IN_DNSWL_NONE(0.00)[2.4.d.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; NEURAL_HAM_SHORT(-0.54)[-0.540,0]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_TLS_LAST(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0] X-Mailman-Approved-At: Thu, 04 Jul 2019 10:42:54 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Jul 2019 04:06:13 -0000 Continued from beginnings in: https://lists.freebsd.org/pipermail/freebsd-security/2019-June/009996.html > I don't generally document a timeline of events from our side. There would be benefit to further transparency with some new data fields in FreeBSD advisories, leading to metrics analysis by userbase and project, appropriate resource allocation efficacies, etc. Date_Discovered: Date of original discovery by discoverer. Date_Received: Date project received notification (or observed any info), regardless from external or internal source. Issue should also be posted heads up to lists at this Received time. For apprise those users wishing or needing to performing necessary local review and action prior to formal fix from FreeBSD upstream. And for putting out to community the call to fix. Date_Advisory: Already present as "Announced:" fix. Also ends up being a bit more efficient as fewer cycles need spent on deciding and managing what to witholding timing sched contracts, under whatever questionable premises readily found searching net from thread above. To the extent any of this have possibly applied in the past. Heads Up on receipt, and include targeted fix timeframe guideline for readers based on expected class of fix difficulty selected from prior convened and published policy guide table of difficulties and dependencies. Heads Up and interim are naturally not expected to be a polished Advisory. > This > particular disclosure was a bit unusual as it wasn't external but > instead was an internal FreeBSD developer the security team often works > with. Seems this SACK Discovery was came from Netflix while in that external dev role, not from in purely internal to FreeBSD dev role. And Received was from not Netflix official team role, but by this liason. Fine and moot though, as datestream handling above should apply to all cases. > As such, our process was a bit out of sync with normal (as much as > we have a normal with our current processes). All of that said, we got > notice in early June, about 10 days before public disclosure. Community can ascertain visit any needs adjustments therein with by inclusion of dates and passthrough above. >> Were any FreeBSD derivatives given advanced notice? If so, which ones? > > They were not. I would like to get to a point where we feel we could > give some sort of heads up for downstream, but we aren't there yet. Whether push, or pull via subscribe, derivative third parties are a bit secondary to the closer FreeBSD community processes. ie: Does Linux Kernel push to all 1000 linux distro teams? Probably not, a bit out of scope, so they pull (distro being the derivative depend of kernel there). Again mooted simplicity with better date and passthrough above. From owner-freebsd-security@freebsd.org Thu Jul 4 14:23:25 2019 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 10FC415D6C70 for ; Thu, 4 Jul 2019 14:23:25 +0000 (UTC) (envelope-from wfc@mintsol.com) Received: from scully.mintsol.com (scully.mintsol.com [199.182.77.206]) by mx1.freebsd.org (Postfix) with ESMTP id 1F32393919 for ; Thu, 4 Jul 2019 14:23:24 +0000 (UTC) (envelope-from wfc@mintsol.com) Received: from mintsol.com (officecc.mintsol.com [96.85.114.33]) by scully.mintsol.com with esmtp; Thu, 04 Jul 2019 10:18:16 -0400 id 00AB6D54.000000005D1E0AA8.0000FAC0 Received: from localhost (localhost [127.0.0.1]) (IDENT: uid 1002) by mintsol.com with esmtp; Thu, 04 Jul 2019 10:18:16 -0400 id 00000929.5D1E0AA8.0000C81A Date: Thu, 4 Jul 2019 10:18:16 -0400 (EDT) From: Walter Cramer To: freebsd-security@freebsd.org Subject: ?Minor Security Issue - DNS, /etc/hosts, freebsd-update, ?pkg In-Reply-To: <20190703004928.525251A7DC@freefall.freebsd.org> Message-ID: <20190704093847.U44480@mulder.mintsol.com> References: <20190703004928.525251A7DC@freefall.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 1F32393919 X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; spf=pass (mx1.freebsd.org: domain of wfc@mintsol.com designates 199.182.77.206 as permitted sender) smtp.mailfrom=wfc@mintsol.com X-Spamd-Result: default: False [-5.11 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+a:scully.mintsol.com]; MV_CASE(0.50)[]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; DMARC_NA(0.00)[mintsol.com]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MX_GOOD(-0.01)[bmx01.pofox.com]; NEURAL_HAM_SHORT(-0.96)[-0.963,0]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:22768, ipnet:199.182.77.0/24, country:US]; IP_SCORE(-2.44)[ip: (-6.38), ipnet: 199.182.77.0/24(-3.19), asn: 22768(-2.55), country: US(-0.06)]; SUBJECT_HAS_QUESTION(0.00)[] X-Mailman-Approved-At: Thu, 04 Jul 2019 14:44:34 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Jul 2019 14:23:25 -0000 Suspected severity: Low. Systems with inattentive administrators may not receive the latest updates, and no obvious error messages will point out the problem. Situation discovered in: A few older 11.2-RELEASE FreeBSD systems, with /etc/hosts entries like this: 96.47.72.72 ftp.freebsd.org 96.47.72.71 pkg.freebsd.org (Those are now obsolete. Originally, they were added to simplify firewall rules and rule-loading, and as a DNS hijack defense.) Resulting problem: `freebsd-update fetch` sometimes "sees" the latest (11.2-RELEASE-p11) version of 11.2. Other times, it "sees" the older 11.2-RELEASE-p10. So, if a sysadmin relied on `freebsd-update` to tell him when systems needed updating, he could be unaware of un-patched, vulnerable systems. NOT verified: Whether the obsolete /etc/hosts entry for pkg.freebsd.org actually causes any problems. (Or if `pkg` is aware of the problem, and silently doing all the right things.) Suggested Fixes... - Have `freebsd-update`, `pkg`, and similar utilities double-check for DNS information that is obsolete or conflicting, and warn the user. - Have any obsolete - but still-active - pkg or update servers advertise their obsolete status, and `freebsd-update` and `pkg` notice that, and warn the user. From owner-freebsd-security@freebsd.org Thu Jul 4 18:36:06 2019 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CCF3315DB6B5 for ; Thu, 4 Jul 2019 18:36:05 +0000 (UTC) (envelope-from rollingbits@gmail.com) Received: from mail-qk1-x735.google.com (mail-qk1-x735.google.com [IPv6:2607:f8b0:4864:20::735]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 9F4766D0B4 for ; Thu, 4 Jul 2019 18:36:04 +0000 (UTC) (envelope-from rollingbits@gmail.com) Received: by mail-qk1-x735.google.com with SMTP id r6so6195998qkc.0 for ; Thu, 04 Jul 2019 11:36:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=content-transfer-encoding:from:mime-version:subject:message-id:date :to; bh=v9I6rJwVfhHvYcDSeH1lDfUNkvzSWiigr/OzxfoNSUI=; b=iAexxANn1SKcwNdBDKePMVjSStc28NrlpYKUZQYO0xgXOsfQU3pqrLV0ledom1yeWJ x+aDR/BvbrgPYX/ifjV0zmZlTkc5RUFISQp5hhb4VfoozAmFGuwhp3o/v7Qtaj34arCp LcFH0QF8FsQaTUhQxHEP4CcVLYDnbQj63yf4qGjkpZ+D7qySpqw5Zu1jqFLWuzokQZPZ T07BkDOrmlnAzi9uaREvRlNBpfVosZ8nAZLrsgXdZpz8xW59leduGrBGis5qbpSQn33m vqjlc2tFNAIzDDajZk/w3/QTdw+tyBZSvlkwq/1Xo4uE6MpzbQyYCa1EWNtefISo6L3t Qkgw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:content-transfer-encoding:from:mime-version :subject:message-id:date:to; bh=v9I6rJwVfhHvYcDSeH1lDfUNkvzSWiigr/OzxfoNSUI=; b=ZxiRMSYT3M2Sais9NrBBg5py5haZzk0HChMAYZ3AKEgVwV2ocXDa8ab4dx9Yu2MjJH VZOfMHWSUEwTy/alMXRznF17ZxkXk01Hao0sB/AvNwZO0epiXmGXj0UykZKMU93pdB1S gE0gpPvyTUakSNPieQqo+ovTiTfQsNM1/0s8ehOKDzXYMukMzy4h/AUgdyl4CnZy7iRt h1skGpkv4pK9SPLvJXRXmd1tc0yfrm3sHbyNvaS2muYKh+ILThajDKY4z0pRoebsrnO3 qKg7IYaXIB8ZUH+TmJK4cgBsnngSeO9uUFR40L4EurDu/LRQLzo1wrqTEKT3IoMxpUNG 4w3w== X-Gm-Message-State: APjAAAVuUzSy8kwfgdoznwEv8pyzxqAjmUlwARE0x6qZaBdvYZsAmduQ KdXuxsQsTv7a6qAWKESze+Rp0aTD X-Google-Smtp-Source: APXvYqx4Jug2USsSEv7GVERWR2sx7Hhbz4lthU2O/Xil51/Wrt6EULrMEUyG6geLouoV5iDLG8MiAA== X-Received: by 2002:a37:5d6:: with SMTP id 205mr36077452qkf.388.1562265363704; Thu, 04 Jul 2019 11:36:03 -0700 (PDT) Received: from ?IPv6:2804:389:202c:634d:e984:6567:5a36:38a8? ([2804:389:202c:634d:e984:6567:5a36:38a8]) by smtp.gmail.com with ESMTPSA id j61sm2609913qte.47.2019.07.04.11.36.02 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 04 Jul 2019 11:36:02 -0700 (PDT) From: =?utf-8?Q?Lucas_Nali_de_Magalh=C3=A3es?= Mime-Version: 1.0 (1.0) Subject: disable wlan/wifi Message-Id: <56E4124B-B1EE-406C-B6E2-3EDD097483E7@gmail.com> Date: Thu, 4 Jul 2019 15:36:00 -0300 To: freebsd-security@freebsd.org X-Mailer: iPhone Mail (16F203) X-Rspamd-Queue-Id: 9F4766D0B4 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=iAexxANn; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of rollingbits@gmail.com designates 2607:f8b0:4864:20::735 as permitted sender) smtp.mailfrom=rollingbits@gmail.com X-Spamd-Result: default: False [-6.42 / 15.00]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; MV_CASE(0.50)[]; TO_DN_NONE(0.00)[]; FREEMAIL_FROM(0.00)[gmail.com]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com]; NEURAL_HAM_SHORT(-0.89)[-0.890,0]; FROM_EQ_ENVFROM(0.00)[]; RCVD_TLS_LAST(0.00)[]; MIME_TRACE(0.00)[0:+,1:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; MID_RHS_MATCH_FROM(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; IP_SCORE(-3.02)[ip: (-9.47), ipnet: 2607:f8b0::/32(-3.17), asn: 15169(-2.39), country: US(-0.06)]; RCVD_IN_DNSWL_NONE(0.00)[5.3.7.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0] Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Jul 2019 18:36:06 -0000 Hi. I started a bug report to request a way to disable wlan/wifi but I think I'm= better writing here first: my inability to disable wlan/wifi is becoming a s= ecurity issue for me here (I'm still learning how to use the Bugzilla web in= terface). Long story short: wifi never goes away. Please help. I disable the services I don't use since ages. Never stopped to think about w= ifi use until I needed it recently, though. So I thought that if I don't con= figure it stays out of use (waiting for a configuration). But I found that i= t's always used if it was found, and the drive loads a default configuration= if not said otherwise. Both the default configuration (that is wrong for my= side of the planet) and the default on option is an issue for me. The defau= lt on is an issue because it created an interface that went unobserved until= it was needed. When the wifi drive is loaded it loads the wlan stack and configures the har= dware. And because I'm not on USA the default configuration is not right for= me. More than that, the drive is both a little unstable and a little limite= d. My keyboard has a key combination to disable wifi but the drive (urtw on = FreeBSD 12) don't have an option to be disabled. That said, I expect to not c= reate a storm when I do my request. I think this is a security issue because= this enables exploits of the wireless/network stacks without administrator i= ntervention. All this been said, I still need to say that I'm about to move and this comp= uter will probably stay off for a long time after that. Lc --=20 rollingbits =E2=80=94 =F0=9F=93=A7 rollingbits@gmail.com =F0=9F=93=A7 rollin= gbits@terra.com.br =F0=9F=93=A7 rollingbits@yahoo.com =F0=9F=93=A7 rollingbi= ts@globo.com =F0=9F=93=A7 rollingbits@icloud.com= From owner-freebsd-security@freebsd.org Fri Jul 5 06:07:09 2019 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0BD0115E5D90; Fri, 5 Jul 2019 06:07:09 +0000 (UTC) (envelope-from peter@rulingia.com) Received: from vtr.rulingia.com (vtr.rulingia.com [IPv6:2001:19f0:5801:ebe:5400:1ff:fe53:30fd]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "vtr.rulingia.com", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id DF19687196; Fri, 5 Jul 2019 06:07:07 +0000 (UTC) (envelope-from peter@rulingia.com) Received: from server.rulingia.com (ppp59-167-167-3.static.internode.on.net [59.167.167.3]) by vtr.rulingia.com (8.15.2/8.15.2) with ESMTPS id x6566w47076464 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 5 Jul 2019 16:07:03 +1000 (AEST) (envelope-from peter@rulingia.com) X-Bogosity: Ham, spamicity=0.000000 Received: from server.rulingia.com (localhost.rulingia.com [127.0.0.1]) by server.rulingia.com (8.15.2/8.15.2) with ESMTPS id x6566qO9005650 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 5 Jul 2019 16:06:52 +1000 (AEST) (envelope-from peter@server.rulingia.com) Received: (from peter@localhost) by server.rulingia.com (8.15.2/8.15.2/Submit) id x6566q9c005649; Fri, 5 Jul 2019 16:06:52 +1000 (AEST) (envelope-from peter) Date: Fri, 5 Jul 2019 16:06:52 +1000 From: Peter Jeremy To: grarpamp Cc: freebsd-security@freebsd.org, freebsd-questions@freebsd.org Subject: Re: Review of FreeBSD Security Advisory Process: Incl Heads Up, Dates, Etc [cont: 5599 SACK} Message-ID: <20190705060652.GA2974@server.rulingia.com> References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="vtzGhvizbBRQ85DL" Content-Disposition: inline In-Reply-To: X-PGP-Key: http://www.rulingia.com/keys/peter.pgp User-Agent: Mutt/1.12.0 (2019-05-25) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Jul 2019 06:07:09 -0000 --vtzGhvizbBRQ85DL Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2019-Jul-04 00:06:10 -0400, grarpamp wrote: >Continued from beginnings in: >https://lists.freebsd.org/pipermail/freebsd-security/2019-June/009996.html > >> I don't generally document a timeline of events from our side. > >There would be benefit to further transparency with >some new data fields in FreeBSD advisories, >leading to metrics analysis by userbase and project, >appropriate resource allocation efficacies, etc. Security Officer is a volunteer position and their time is valuable. What benefits would be gained by requiring them to do more work to provide information that is mostly already available elsewhere? >Date_Discovered: Date of original discovery by discoverer. This will be in the linked CVE. >Date_Received: Date project received notification (or >observed any info), regardless from external or internal source. How/why is this relevant? I agree that the project has been ignored in some cases but that is generally discussed separately. >Issue should also be posted heads up to lists at this Received >time. Definitely not. Early advice of vulnerabilities is very much "need to know= ". Unless someone's expertise is required to rectify the vulnerability, details regarding the vulnerability should remain private. The discoverers may choose to publish early information, in which case, the Project may choose to publicly reference that information. >Also ends up being a bit more efficient as fewer cycles need spent >on deciding and managing what to witholding timing sched contracts, >under whatever questionable premises readily found searching >net from thread above. To the extent any of this have possibly >applied in the past. Public announcement dates are generally not under Project control - where a vulnerability affects multiple vendors, there is almost always general agreement on a common announcement date. If the Project leaks information about unannounced vulnerabilities, it will stop receiving advance information about vulnerabilities - this definitely will adversely impact the Project. --=20 Peter Jeremy --vtzGhvizbBRQ85DL Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEE7rKYbDBnHnTmXCJ+FqWXoOSiCzQFAl0e6PRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEVF QjI5ODZDMzA2NzFFNzRFNjVDMjI3RTE2QTU5N0EwRTRBMjBCMzQACgkQFqWXoOSi CzTGIBAAhGVuXkwZBmyot3uql88LVElS8HTNzNFWnSxJZmWTposSVjrer4W2nWlK 5lXb1y82Yccuq57BOrSxFLPzBh58/IuaedxB0tG6NhpDT6T3jYLJYfdi7993uJ/x eRs90GswHybFHSjC5YtFYw5ZP8+mro1LBw1gGZbD71ZNx93BCSWHjIuQLHECmWgo 3g5wCwnoj3dZxojECjzrPChDm/uEWysEQphH8pLNWtqcYgfx3m5LAu3jpsJHDDYn AONh3TAtb/5xVA00SAmiu1GqdCo/94nTuvcyMQgPxycWRRpNEHQ7x6e3pLLJk5lm jmt6bxqWmYzLBR9oeNFlD8lTld9J35SCB/X9pSK6PigQDXe2gpOED3wzSvP4/E8W xFzuqJFUmNn7dCyUT8Z4SuNp8bS7i3m8rvZCJNR98K2uQFuVSWE3L+e1JjtoTVde SitC0I9MZKe/ZbHoTJtcku+FSuL+ivyW185NRHPVTf7gKjJb2f2jVwvzpHPXAwN3 2o1JB8FuPIZ1X4gBUg1LK9mJgnN035wkJypGM/tYpjgqhyHcUm8VcllSYfBUiKZi b67N2IGPtS8Cv79MayQd6rpDTpVXppN85Q2r0PW7kssXhdKC7pgfLzl+f7huSHUz 6CEJE2QP/xa8oBABn2/HR7ZKqMY327fSR7M+fvjwWrGuq5mWORU= =mjnj -----END PGP SIGNATURE----- --vtzGhvizbBRQ85DL-- From owner-freebsd-security@freebsd.org Fri Jul 5 13:40:05 2019 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E33E315CAFDD for ; Fri, 5 Jul 2019 13:40:04 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: from mail-qk1-x72e.google.com (mail-qk1-x72e.google.com [IPv6:2607:f8b0:4864:20::72e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id DF8B06FE5B for ; Fri, 5 Jul 2019 13:40:03 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: by mail-qk1-x72e.google.com with SMTP id r4so7830726qkm.13 for ; Fri, 05 Jul 2019 06:40:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hardenedbsd.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=n57ItuspKavykNHI2zSNhC7AsDqJ1lNtuUspNySBywQ=; b=GLwIwarlhnwBNDB1GICXP8ZSWEyN0XBpq/Kt/vxZCAaqdjPtP9bd3aP5jvRzmgMKYj TWO8GLn/DF8TiBA5BYvFvtMxCgv6FPz0l/MX5/ITgHTlkBJ1w27PMx+M/fKSiVLfIsLE XAVrXtIl+fHzEfeops426TisDzrHEEfytW1zZ6dkqb+4p+fdCpZ711yLgKj0qY/KVuyr my0+He2hCQa7x0agXJdkt4SDc/ccMA1xgDjvX/E+acXIb6BSMx4jMg4laNP8SRrueth9 wgFBV1hxDynN2lPNu0xma8DotB508pmddcFEaa5g3DhAIWATpEjX3AgHQ5HuLaGuyd1S SR9w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=n57ItuspKavykNHI2zSNhC7AsDqJ1lNtuUspNySBywQ=; b=LvQWoNdnRRtBQUdbTuRiizbfSYVQgOaK2iruTA4+Nqn7nRSCOfVTHwBFt3NssaElRp ZN8n8hdPJdcVadn7ALNgRiIdcbciE9mWvAdxiCKyoo+WFn2ehmBve4PaICvbcZHmRbF5 /5izrw8FX+C2ERpCRpIBxexiArrGKlPkgAbDo4z+T0AVFWH4AfSlZSbRRwRUj6OKJMOX DnmPwcSBJIbP8+F8ce4LUcEHF57HUYGWAx1JD2t6vsYVqjBZ2NIgufPhujvjfoBJOZ4S ehykBaVeTp0wES5HJRsGgGWzJm433PFlM+Z+zXgM3wDbaLFZ0G74qXK+ktdv9tw/KiiR m/pQ== X-Gm-Message-State: APjAAAUM61qaNZ5z4puRSHB/bDeqBZmViAgUjDxQr+WYtsPpWMyP8y4J EoJqvDPMmASacRqYtQgdEVZD+A== X-Google-Smtp-Source: APXvYqwQpcn8qMYDXgihemwCLzJS6/GLBfFxuqIe0udLABOfoHqgGbFD2d65WK7jPdHxvLkrD2nGsA== X-Received: by 2002:a05:620a:5a4:: with SMTP id q4mr3255312qkq.64.1562334003128; Fri, 05 Jul 2019 06:40:03 -0700 (PDT) Received: from mutt-hbsd ([151.196.118.239]) by smtp.gmail.com with ESMTPSA id c192sm3708649qkg.33.2019.07.05.06.40.01 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Fri, 05 Jul 2019 06:40:02 -0700 (PDT) Date: Fri, 5 Jul 2019 09:40:01 -0400 From: Shawn Webb To: Gordon Tetlow Cc: grarpamp , freebsd-security@freebsd.org, freebsd-questions@freebsd.org Subject: Re: CVE-2019-5599 SACK Slowness (FreeBSD 12 using the RACK TCP Stack) Message-ID: <20190705134001.bba2y4dxqirs6xe6@mutt-hbsd> References: <20190618235535.GY32970@gmail.com> <20190619000655.2gde4u5i5ter5exu@mutt-hbsd> <20190703171812.GM32970@gmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="tuidbrfgys2o5z5i" Content-Disposition: inline In-Reply-To: <20190703171812.GM32970@gmail.com> X-Operating-System: FreeBSD mutt-hbsd 13.0-CURRENT-HBSD FreeBSD 13.0-CURRENT-HBSD X-PGP-Key: http://pgp.mit.edu/pks/lookup?op=vindex&search=0xFF2E67A277F8E1FA User-Agent: NeoMutt/20180716 X-Rspamd-Queue-Id: DF8B06FE5B X-Spamd-Bar: -------- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=hardenedbsd.org header.s=google header.b=GLwIwarl; spf=pass (mx1.freebsd.org: domain of shawn.webb@hardenedbsd.org designates 2607:f8b0:4864:20::72e as permitted sender) smtp.mailfrom=shawn.webb@hardenedbsd.org X-Spamd-Result: default: False [-8.10 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; RCVD_COUNT_THREE(0.00)[3]; MX_GOOD(-0.01)[cached: alt1.aspmx.l.google.com]; DKIM_TRACE(0.00)[hardenedbsd.org:+]; NEURAL_HAM_SHORT(-0.99)[-0.988,0]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; IP_SCORE(-3.00)[ip: (-9.41), ipnet: 2607:f8b0::/32(-3.16), asn: 15169(-2.39), country: US(-0.06)]; MIME_TRACE(0.00)[0:+,1:+]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_TLS_LAST(0.00)[]; RECEIVED_SPAMHAUS_PBL(0.00)[239.118.196.151.zen.spamhaus.org : 127.0.0.10]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[hardenedbsd.org:s=google]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; DMARC_NA(0.00)[hardenedbsd.org]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[e.2.7.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; MID_RHS_NOT_FQDN(0.50)[]; FREEMAIL_CC(0.00)[gmail.com] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Jul 2019 13:40:05 -0000 --tuidbrfgys2o5z5i Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jul 03, 2019 at 10:18:12AM -0700, Gordon Tetlow wrote: > Sorry for the late response, only so many hours in the day. Completely understood. Thanks for taking the time to respond! >=20 > On Tue, Jun 18, 2019 at 08:06:55PM -0400, Shawn Webb wrote: > > It appears that Netflix's advisory (as of this writing) does not > > include a timeline of events. Would FreeBSD be able to provide its > > event timeline with regards to CVE-2019-5599? >=20 > I don't generally document a timeline of events from our side. This > particular disclosure was a bit unusual as it wasn't external but > instead was an internal FreeBSD developer the security team often works > with. As such, our process was a bit out of sync with normal (as much as > we have a normal with our current processes). All of that said, we got > notice in early June, about 10 days before public disclosure. Perhaps this might be a good time to start keeping records for future vulnerability reports, regardless of source of disclosure. Does FreeBSD publish its vulnerability response process documentation? If not, would FreeBSD be open to such transparency? >=20 > > Were any FreeBSD derivatives given advanced notice? If so, which ones? >=20 > They were not. I would like to get to a point where we feel we could > give some sort of heads up for downstream, but we aren't there yet. Sounds good. Let me know how I can help. I'm at your service. Thanks, --=20 Shawn Webb Cofounder / Security Engineer HardenedBSD Tor-ified Signal: +1 443-546-8752 Tor+XMPP+OTR: lattera@is.a.hacker.sx GPG Key ID: 0xFF2E67A277F8E1FA GPG Key Fingerprint: D206 BB45 15E0 9C49 0CF9 3633 C85B 0AF8 AB23 0FB2 --tuidbrfgys2o5z5i Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAl0fUysACgkQ/y5nonf4 4fqdtw//QSywCw8aWbQBTlMD4f3xQ9YuTMCmx7hYmR60UEI70NcOKuu/2zEZW6Id 4jAX4TErpHnGQ3Fe1e8dquZHE53KLz4mbE1LF2NwWmbWdcyTi7siaXKSYxDALQo4 1cH4A523oxOlbwTCfWmvwoEQMSxZ0riWIyXzubVW1joOUel8OE11ev1g9DtLj8J8 2TWJIN1dnqlbmRIH7bq5UFqDAo2awhIYd3tq9TVqTLpfiq5AjCy7GRrhEo+l7unO lIl5CeZP+47yUZlBUsegMKiA59JoMACZBBVHV4fhv4Yc790pN1RSc5l2ja34dwEC 4BSRkH5ZDN+tkP1NChNaiMNLw8Xqa4fcOIJy4TiZlFbGzwZKx65u3fKwVinBIq4T kn2o368ALXGPFCOJCvjYlKRgjV0msEZ81aKMLyNRycaSJN7cK+BqOsagASnjiJ3w EtRxnjslXGSkwxrvde95CTpsTvdtdXaH62gZrhWgjwD0tfOyHR6pAkEmFXvX+tao qIey3nH4fPF/BvIsbIYMlBNOyyZ6liuTN/pANmGkIg8CjJcKBAbLbpfWqz2+sqa9 GDKPBrLEyf7pi4EbJfB+saU89kbz3nBWS8tseOWRBxKXwtVWoDmeY+fDJHVAUpXs nYPt+sPskLQ0bbuIWj1sZsTBHUVqrPIrYMZgmf3YWCV36R+L9a0= =8P8a -----END PGP SIGNATURE----- --tuidbrfgys2o5z5i-- From owner-freebsd-security@freebsd.org Fri Jul 5 14:52:59 2019 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 55B3315CC977; Fri, 5 Jul 2019 14:52:59 +0000 (UTC) (envelope-from dan@langille.org) Received: from clavin1.langille.org (clavin1.langille.org [162.208.116.86]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "clavin.langille.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 39F2872B32; Fri, 5 Jul 2019 14:52:57 +0000 (UTC) (envelope-from dan@langille.org) Received: from (clavin1.int.langille.org (clavin1.int.unixathome.org [10.4.7.7]) (Authenticated sender: hidden) with ESMTPSA id E1B821A1EC ; Fri, 5 Jul 2019 14:52:42 +0000 (UTC) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (1.0) Subject: Re: CVE-2019-5599 SACK Slowness (FreeBSD 12 using the RACK TCP Stack) From: Dan Langille X-Mailer: iPhone Mail (16F203) In-Reply-To: <20190705134001.bba2y4dxqirs6xe6@mutt-hbsd> Date: Fri, 5 Jul 2019 07:52:32 -0700 Cc: Gordon Tetlow , freebsd-security@freebsd.org, grarpamp , freebsd-questions@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: References: <20190618235535.GY32970@gmail.com> <20190619000655.2gde4u5i5ter5exu@mutt-hbsd> <20190703171812.GM32970@gmail.com> <20190705134001.bba2y4dxqirs6xe6@mutt-hbsd> To: Shawn Webb X-Rspamd-Queue-Id: 39F2872B32 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dmarc=pass (policy=none) header.from=langille.org; spf=pass (mx1.freebsd.org: domain of dan@langille.org designates 162.208.116.86 as permitted sender) smtp.mailfrom=dan@langille.org X-Spamd-Result: default: False [-6.62 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:162.208.116.86]; MV_CASE(0.50)[]; MIME_GOOD(-0.10)[text/plain]; IP_SCORE(-3.50)[ip: (-9.49), ipnet: 162.208.116.0/22(-4.93), asn: 11403(-3.02), country: US(-0.06)]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCPT_COUNT_FIVE(0.00)[5]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MX_GOOD(-0.01)[in2-smtp.messagingengine.com,in1-smtp.messagingengine.com,in2-smtp.messagingengine.com,in1-smtp.messagingengine.com,in2-smtp.messagingengine.com,in1-smtp.messagingengine.com,in2-smtp.messagingengine.com,in1-smtp.messagingengine.com,in2-smtp.messagingengine.com,in1-smtp.messagingengine.com]; DMARC_POLICY_ALLOW(-0.50)[langille.org,none]; NEURAL_HAM_SHORT(-0.82)[-0.816,0]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:11403, ipnet:162.208.116.0/22, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Jul 2019 14:52:59 -0000 > On Jul 5, 2019, at 6:40 AM, Shawn Webb wrote:= >=20 >> On Wed, Jul 03, 2019 at 10:18:12AM -0700, Gordon Tetlow wrote: >> Sorry for the late response, only so many hours in the day. >=20 > Completely understood. Thanks for taking the time to respond! >=20 >>=20 >>> On Tue, Jun 18, 2019 at 08:06:55PM -0400, Shawn Webb wrote: >>> It appears that Netflix's advisory (as of this writing) does not >>> include a timeline of events. Would FreeBSD be able to provide its >>> event timeline with regards to CVE-2019-5599? >>=20 >> I don't generally document a timeline of events from our side. This >> particular disclosure was a bit unusual as it wasn't external but >> instead was an internal FreeBSD developer the security team often works >> with. As such, our process was a bit out of sync with normal (as much as >> we have a normal with our current processes). All of that said, we got >> notice in early June, about 10 days before public disclosure. >=20 > Perhaps this might be a good time to start keeping records for future > vulnerability reports, regardless of source of disclosure. >=20 > Does FreeBSD publish its vulnerability response process documentation? > If not, would FreeBSD be open to such transparency? You=E2=80=99re asking volunteers, performing a very time-consuming task, to d= o even more work. The demands of security officer are pretty onerous as it is. >=20 >>=20 >>> Were any FreeBSD derivatives given advanced notice? If so, which ones? >>=20 >> They were not. I would like to get to a point where we feel we could >> give some sort of heads up for downstream, but we aren't there yet. >=20 > Sounds good. Let me know how I can help. I'm at your service. >=20 > Thanks, >=20 > --=20 > Shawn Webb > Cofounder / Security Engineer > HardenedBSD >=20 > Tor-ified Signal: +1 443-546-8752 > Tor+XMPP+OTR: lattera@is.a.hacker.sx > GPG Key ID: 0xFF2E67A277F8E1FA > GPG Key Fingerprint: D206 BB45 15E0 9C49 0CF9 3633 C85B 0AF8 AB23 0FB2 From owner-freebsd-security@freebsd.org Fri Jul 5 15:02:58 2019 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 47A7315CCFFD for ; Fri, 5 Jul 2019 15:02:58 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: from mail-qt1-x82d.google.com (mail-qt1-x82d.google.com [IPv6:2607:f8b0:4864:20::82d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 5893A731E2 for ; Fri, 5 Jul 2019 15:02:57 +0000 (UTC) (envelope-from shawn.webb@hardenedbsd.org) Received: by mail-qt1-x82d.google.com with SMTP id d17so10019011qtj.8 for ; Fri, 05 Jul 2019 08:02:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hardenedbsd.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=//NzIcfmrRger7v8XgJV5imhhYpSDpajqKUyP0w3wzQ=; b=Fuf3m4RYTtM04zeafU+Ov/QkPD+DKsqOUHq4ZvNHsG+w54JIDdtk0sTMnw9aPlGsJt wkbnsHfF+2rjgIOvIvvaJneRg8Dhwo2Ue2q/1ZVBwXb3s42+mCa/4nnRFrP4FpLDfAKA YkNEOGTRAhgL95vNG9OVtfIc/PQLW/t5J4aii7bSmJqvfU2bSuysTDkXYYHo4Y9Ldkhl JT58MXTIHxz1qVU2AiO5eSAuQ+RtQGke+sHbeMxXv2FFyRU4IuO0idTR7CZY+UO20jW6 cGcgLpfa7TxEy8+lLtU93nBb23FYYMZU+01P8vdjg/VIJWd1CiYo8T//8Xe2MlwcDX2R cAzQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=//NzIcfmrRger7v8XgJV5imhhYpSDpajqKUyP0w3wzQ=; b=ag0uvl2irsf60BgKwv5BLLrXtAsBMJfelz73A4Wy/J2XWU6RxeGeQW6aamu2YOLnbX i/zov1qdaVlTbjbfKqX2Hzs0FT8z9ao7wF4838BhAvmnD7DFkA7b3hPHS5HUbwVii48R zVNyhZx/lq5CIr3MhsZ4e90GhLteCovTKkD14xaP94rcFd7vTsW6vl+3jqzP+EsEWoOd NxFYGVbbIlN4+8j4vI8TWpaXPthmnx3UJYZW/IeQMKWTAtcSmQ4Sfqif6QjQfeyfUQ+e DeXIqsRiPGUFacoz7f2FVVssyaBjeNf6OlR5BNCzCCLviybbRiTdNCaiVYIGRZB1AeZt V8Cw== X-Gm-Message-State: APjAAAVlpjxefPJkkpak2HAqbMlO6h5jY/sdewpOzlQBFxiM48mza7Ka LnGLKdPkShHTamWALWyPmv7NIg== X-Google-Smtp-Source: APXvYqyJfuOrtYROJE2hOt528lu33rqJDQkLEnV7tmOTzjcgMoV1hQTloeJao2PKtXkM88At521Rtw== X-Received: by 2002:a0c:f20e:: with SMTP id h14mr77056qvk.246.1562338976258; Fri, 05 Jul 2019 08:02:56 -0700 (PDT) Received: from mutt-hbsd ([151.196.118.239]) by smtp.gmail.com with ESMTPSA id t76sm1064119qke.79.2019.07.05.08.02.55 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Fri, 05 Jul 2019 08:02:55 -0700 (PDT) Date: Fri, 5 Jul 2019 11:02:55 -0400 From: Shawn Webb To: Dan Langille Cc: Gordon Tetlow , freebsd-security@freebsd.org, grarpamp , freebsd-questions@freebsd.org Subject: Re: CVE-2019-5599 SACK Slowness (FreeBSD 12 using the RACK TCP Stack) Message-ID: <20190705150255.ozwxy63tuuwckhvi@mutt-hbsd> References: <20190618235535.GY32970@gmail.com> <20190619000655.2gde4u5i5ter5exu@mutt-hbsd> <20190703171812.GM32970@gmail.com> <20190705134001.bba2y4dxqirs6xe6@mutt-hbsd> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="drukitpqpgrpce7b" Content-Disposition: inline In-Reply-To: X-Operating-System: FreeBSD mutt-hbsd 13.0-CURRENT-HBSD FreeBSD 13.0-CURRENT-HBSD X-PGP-Key: http://pgp.mit.edu/pks/lookup?op=vindex&search=0xFF2E67A277F8E1FA User-Agent: NeoMutt/20180716 X-Rspamd-Queue-Id: 5893A731E2 X-Spamd-Bar: -------- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=hardenedbsd.org header.s=google header.b=Fuf3m4RY; spf=pass (mx1.freebsd.org: domain of shawn.webb@hardenedbsd.org designates 2607:f8b0:4864:20::82d as permitted sender) smtp.mailfrom=shawn.webb@hardenedbsd.org X-Spamd-Result: default: False [-8.09 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; RCPT_COUNT_FIVE(0.00)[5]; RCVD_COUNT_THREE(0.00)[3]; MX_GOOD(-0.01)[cached: alt1.aspmx.l.google.com]; DKIM_TRACE(0.00)[hardenedbsd.org:+]; NEURAL_HAM_SHORT(-0.97)[-0.974,0]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; IP_SCORE(-3.00)[ip: (-9.41), ipnet: 2607:f8b0::/32(-3.16), asn: 15169(-2.40), country: US(-0.06)]; RECEIVED_SPAMHAUS_PBL(0.00)[239.118.196.151.zen.spamhaus.org : 127.0.0.10]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[hardenedbsd.org:s=google]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; DMARC_NA(0.00)[hardenedbsd.org]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[d.2.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; MID_RHS_NOT_FQDN(0.50)[] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Jul 2019 15:02:58 -0000 --drukitpqpgrpce7b Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jul 05, 2019 at 07:52:32AM -0700, Dan Langille wrote: > > On Jul 5, 2019, at 6:40 AM, Shawn Webb wro= te: > >=20 > >> On Wed, Jul 03, 2019 at 10:18:12AM -0700, Gordon Tetlow wrote: > >> Sorry for the late response, only so many hours in the day. > >=20 > > Completely understood. Thanks for taking the time to respond! > >=20 > >>=20 > >>> On Tue, Jun 18, 2019 at 08:06:55PM -0400, Shawn Webb wrote: > >>> It appears that Netflix's advisory (as of this writing) does not > >>> include a timeline of events. Would FreeBSD be able to provide its > >>> event timeline with regards to CVE-2019-5599? > >>=20 > >> I don't generally document a timeline of events from our side. This > >> particular disclosure was a bit unusual as it wasn't external but > >> instead was an internal FreeBSD developer the security team often works > >> with. As such, our process was a bit out of sync with normal (as much = as > >> we have a normal with our current processes). All of that said, we got > >> notice in early June, about 10 days before public disclosure. > >=20 > > Perhaps this might be a good time to start keeping records for future > > vulnerability reports, regardless of source of disclosure. > >=20 > > Does FreeBSD publish its vulnerability response process documentation? > > If not, would FreeBSD be open to such transparency? >=20 > You???re asking volunteers, performing a very time-consuming task, to do = even more work. >=20 > The demands of security officer are pretty onerous as it is. Hey Dan, My intent was not to task anyone or add to their burden. I apologize if that is how my questions were perceived upon receipt. My goal was to perhaps start a dialogue, brainstorming ways to improve processes along the way. As a downstream derivative of FreeBSD, one who will indeed be in the same place as FreeBSD with regards to security announcements, disclosures, timelines, etc, we at HardenedBSD would like to learn =66rom the experiences of others. The only way to learn from others is to collaborate with them--the true intent of my questions. However, if FreeBSD would not like help with regards to security, or would not like to impart of their wisdom to others, perhaps this would be a good place to end the discussion. Even if you mean well and have the best of intentions, they eat you alive. Thanks and may you have a wonderful weekend, --=20 Shawn Webb Cofounder / Security Engineer HardenedBSD Tor-ified Signal: +1 443-546-8752 Tor+XMPP+OTR: lattera@is.a.hacker.sx GPG Key ID: 0xFF2E67A277F8E1FA GPG Key Fingerprint: D206 BB45 15E0 9C49 0CF9 3633 C85B 0AF8 AB23 0FB2 --drukitpqpgrpce7b Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAl0fZpkACgkQ/y5nonf4 4fo+3BAAmKRZbDi0azyq3LTsta6OkQpSaYjYJvc1JYjZgVnS89dGdEF8iwxPC2bv zgWDW0o1KkrXqj02IuNKracSJdNy/Oem8av/ju1U1O1+rJe3eLkv4JN/afVDl3h2 IZf6ZWPSEG5GgLkwkZ1E3AZtwAZSEsE2VREGc1bcfWR/OHpayQ5bU5qJ4YX2Y4lE 86sB4Y4Q8o/yQ4VIS77ikFX8ayRYJg40kwgRT2/w8EfFYcRRB937NRIJRH4By+8K NVluHVeUW2zPxY+lEGMA3FcdfRudLUMDVX9nODDoDalorVrEWasK+VJAIXnJCzOF YtlcO5xkOgUVv9O7dXNXySbNK+OD0VmBU4BOYouLpAc5ZH3s+gc/XJw6qO2u9eFm vhb27n5Xh7jO0yDbZQWEpnLQCdcYd3Sb/mdUtU7s0eS81QOhH1jtRXB/FDuzWQ02 b9WK1X24Odzv+KidvLpEQDRvPQlKq2UKD2Xxnpx4nuDXewk+9F/Ipvpx1Rwsi5+o 9OhXpjh6Yuvs7TYyG+0A/KZsI05Q4Je8kIDYW0J3oEetywf7CRID9fN7g0k35dN5 QcIf2deET0IqrlopIp24ofiA7JTgbGcbZa3+lrJI28jBHDXQrzPIdkDqRXq8KGkh D/UVK1F6IJdC8PtIdOcPiW3jonW1+FBImBHbInXXWYSWcFJpilc= =H4bX -----END PGP SIGNATURE----- --drukitpqpgrpce7b-- From owner-freebsd-security@freebsd.org Fri Jul 5 17:22:48 2019 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2AA2115D040C for ; Fri, 5 Jul 2019 17:22:48 +0000 (UTC) (envelope-from jhellenthal@dataix.net) Received: from mail-io1-xd42.google.com (mail-io1-xd42.google.com [IPv6:2607:f8b0:4864:20::d42]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B712F80E1B for ; Fri, 5 Jul 2019 17:22:46 +0000 (UTC) (envelope-from jhellenthal@dataix.net) Received: by mail-io1-xd42.google.com with SMTP id j5so1209356ioj.8 for ; Fri, 05 Jul 2019 10:22:46 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:date:to:cc:subject:reply-to:references :content-disposition:in-reply-to:message-id; bh=kOgDeU5L1fRpb3uOUfpEUNmtRNEHA7oSSE3oLXAeAx4=; b=Qaz0+iEQgUnnZE9Nyv+H21OK7zLxRxJxGOlhZVuRLB+hkwWrcJMUm75pEkjMIJu75+ sIodeidXtTgBhHzFu++NzUQRoFhTQGac6aXnumej52w3dtAtirf6OTYVGjSJSpmO/T9h COHsBiDTDxBUisAhwKo0p+q0I5iMQ1bVj08webzlXE7FvKINczphKMp3UBbdsARdJmtb ahWfXEVGxWfHo5o8k+QDCZaxN2rGINHouujIYFbo6b7XfkcM8XLQXc0Il+oVtgoxYTfj DB6FgMhFHRl9fhvxpAzHOPLr3ETfLi9pcpFU7tarYcwSMBQIASe0qsp8rqBnQ14plpus uugw== X-Gm-Message-State: APjAAAXbg9FtsRmjJ84FfWw8b8Ecm81zx6HFM0Dq1HLfIQMFRbJl1o5H Gi9ZFpbj0i6HV7wm9KlaYpdlunW+Qsc= X-Google-Smtp-Source: APXvYqz0ln22xoqWYtjA9IeJkn4pS8qbQ+jfw/MET9UQclhyksgW7938hkOWkFDzt9hkV0bredzPQw== X-Received: by 2002:a5e:d615:: with SMTP id w21mr656594iom.0.1562347365791; Fri, 05 Jul 2019 10:22:45 -0700 (PDT) Received: from DataIX.net (cpe-65-30-192-150.wi.res.rr.com. [65.30.192.150]) by smtp.gmail.com with ESMTPSA id v13sm8008205ioq.13.2019.07.05.10.22.44 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 05 Jul 2019 10:22:44 -0700 (PDT) From: "J. Hellenthal" X-Google-Original-From: "J. Hellenthal" Date: Fri, 5 Jul 2019 12:22:43 -0500 To: Walter Cramer Cc: freebsd-security@freebsd.org Subject: Re: ?Minor Security Issue - DNS, /etc/hosts, freebsd-update, ?pkg Reply-To: jhellenthal@DataIX.net References: <20190703004928.525251A7DC@freefall.freebsd.org> <20190704093847.U44480@mulder.mintsol.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="mxktcol6gdwwqprk" Content-Disposition: inline In-Reply-To: <20190704093847.U44480@mulder.mintsol.com> X-OpenPGP-Key-Id: 0x32EEFB045CE0A708 X-OpenPGP-Key-Fingerprint: 781B 622C 0AA6 FDF8 B46F 3B31 32EE FB04 5CE0 A708 Message-Id: <20190705172243.D0A7B4C710E0@DataIX.net> X-Rspamd-Queue-Id: B712F80E1B X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.85 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; HAS_REPLYTO(0.00)[jhellenthal@DataIX.net]; TO_DN_SOME(0.00)[]; MISSING_MIME_VERSION(2.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; REPLYTO_ADDR_EQ_FROM(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[dataix.net:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[dataix.net,reject]; MX_GOOD(-0.01)[alt1.aspmx.l.google.com,aspmx.l.google.com,aspmx2.googlemail.com,alt2.aspmx.l.google.com,aspmx3.googlemail.com]; SIGNED_PGP(-2.00)[]; NEURAL_HAM_SHORT(-0.94)[-0.940,0]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; MID_RHS_MATCH_FROM(0.00)[]; SUBJECT_HAS_QUESTION(0.00)[]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[dataix.net:s=net]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[2.4.d.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; IP_SCORE(-0.80)[ip: (1.59), ipnet: 2607:f8b0::/32(-3.16), asn: 15169(-2.40), country: US(-0.06)] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Jul 2019 17:22:48 -0000 --mxktcol6gdwwqprk Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable And in what revision besides an administrators local modifications suggest that those werre ever a part of the source trree ? For reference ... https://svnweb.freebsd.org/base/stable/11/etc/hosts?view=3Dlog Quite frankly the FreeBSD source committers are much more knowledged thann your insight suggests... Facts plz ... On Thu, Jul 04, 2019 at 10:18:16AM -0400, Walter Cramer wrote: > Suspected severity: Low. Systems with inattentive administrators may not > receive the latest updates, and no obvious error messages will point out = the > problem. >=20 > Situation discovered in: A few older 11.2-RELEASE FreeBSD systems, with > /etc/hosts entries like this: >=20 > 96.47.72.72 ftp.freebsd.org > 96.47.72.71 pkg.freebsd.org >=20 > (Those are now obsolete. Originally, they were added to simplify firewall > rules and rule-loading, and as a DNS hijack defense.) >=20 > Resulting problem: `freebsd-update fetch` sometimes "sees" the latest > (11.2-RELEASE-p11) version of 11.2. Other times, it "sees" the older > 11.2-RELEASE-p10. So, if a sysadmin relied on `freebsd-update` to tell h= im > when systems needed updating, he could be unaware of un-patched, vulnerab= le > systems. >=20 > NOT verified: Whether the obsolete /etc/hosts entry for pkg.freebsd.org > actually causes any problems. (Or if `pkg` is aware of the problem, and > silently doing all the right things.) >=20 > Suggested Fixes... > - Have `freebsd-update`, `pkg`, and similar utilities double-check for D= NS > information that is obsolete or conflicting, and warn the user. > - Have any obsolete - but still-active - pkg or update servers advertise > their obsolete status, and `freebsd-update` and `pkg` notice that, and wa= rn > the user. > _______________________________________________ > freebsd-security@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.or= g" --=20 The fact that there's a Highway to Hell but only a Stairway to Heaven says = a lot about anticipated traffic volume. --mxktcol6gdwwqprk Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQFUBAEBCAA+FiEEeBtiLAqm/fi0bzsxMu77BFzgpwgFAl0fh2MgFIAAAAAAFgAB amhlbGxlbnRoYWxARGF0YUlYLm5ldCEACgkQMu77BFzgpwgmdAgAjellRpzCVpr9 CQug8uBqaiIJBmVTpyS218R7e80aPcjLy9y+2Lbf10a7v+xh93WOE1B5krfFrA/3 /d16xlUxMnqDXUVhyZiD7ao5sA1AG8KZ1bCAMNAF5zjcOZq4KCVyqCL77nk+ILgo r9YEDZkHiptOwGhXS0KewtlX8dumIm6LluvbQL86iLup6ZHA/h6qQD+2fa9Lspw9 l57yhxEzhA6M94J5JAWUd63Y0Ewes1N0kd1ASgVNjuReuTTs+LsICq/lVOAxYEJE 1ArwASAWOQ56xawzahPSFV8XJcrSuLPpbdpnbxnLjcasnNbgOSWZU2WL8katMnGb JhE62010+Q== =5uTD -----END PGP SIGNATURE----- --mxktcol6gdwwqprk-- From owner-freebsd-security@freebsd.org Fri Jul 5 21:24:25 2019 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 58AA715D4F7A; Fri, 5 Jul 2019 21:24:25 +0000 (UTC) (envelope-from grarpamp@gmail.com) Received: from mail-io1-xd44.google.com (mail-io1-xd44.google.com [IPv6:2607:f8b0:4864:20::d44]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id DF9868A778; Fri, 5 Jul 2019 21:24:24 +0000 (UTC) (envelope-from grarpamp@gmail.com) Received: by mail-io1-xd44.google.com with SMTP id f4so6338994ioh.6; Fri, 05 Jul 2019 14:24:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=XVNdXQPAnBN2O/48V4jHqzYpKvyC5qVXpUWTzRXrLQY=; b=pWIq8km1fz5GmdgHuVLVrZTWLgTFCXHYw5Tnt8+yRt8t1jxaVXs+AStxhsCLIdaK6H pE+iyh7C/Hvj4nlIlHkwc+47dkfb+amK+RQAYKpArGb5PdD9mvUCIIsV5tp5TUvQhov4 F7Aae/JCKd0PtB1SaRBE4zSD97UXGUhGFqZSQ1W4ct9D+TP11tbsg0Gg4MfAqOQ6ynP5 crzuZx7bpxl1b2npUFSd35jKPf2ZM6h4KuGQSi62R6+VFXcpwE4OTw8whZCjLjknz92m DhAi3POQu6ro4g8Rp42YxyeOAdqLw2LcJghlgQUYQmcm1YBFIjMlBHMLUlXj1N8mcmUR ZFZg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=XVNdXQPAnBN2O/48V4jHqzYpKvyC5qVXpUWTzRXrLQY=; b=UtyKpGUPYTOep7ZITWtBgfU1CXaKvIvVYCEQrup2MNql1MT5FvCogGK/Xmzn6zQFEr AgHkJgkFKCtBwSET14x0ixfem69DG383kF/YcqTTHndD9l01ujV2bj4cTLVMVEVgQ/Kv nq7jDsoLCKd4w4fuZLQqXcfQvumddY3KRQceS6wImcG8QIwMYtEOuXWZIoibzI0UzZ9M xiJKR1Xs3/yy5z2WSsoGEBmS1AbTiAN0S1KuhJt7iGWwE1nT/1CM79nVCAw4NQMQ/lA6 LFEKE8/dbl9DM/11SCHwZd9Z+NB/4HkVl8xzQr5WqJ6Qf+4WbEBO9MybcIi/ApdMZp/f K5BA== X-Gm-Message-State: APjAAAX/39H9ZC8rX7paDNOvEdXVNorocrTJoyX7HE7X6Y8UKh/QlIq0 2ESH60KaEiLo3sGE0M8JScXrZGLWjU0VLISUnUROs66d X-Google-Smtp-Source: APXvYqyeWqjROikDjezXzZqCdfrbAFmx00SIaFmiYzq/hEWz4LmxsjC6MuH6/yF0BjsnxZ4rediMODctu2FMLBuLZCw= X-Received: by 2002:a5d:9752:: with SMTP id c18mr6578945ioo.22.1562361863828; Fri, 05 Jul 2019 14:24:23 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a02:81c6:0:0:0:0:0 with HTTP; Fri, 5 Jul 2019 14:24:23 -0700 (PDT) In-Reply-To: <20190705060652.GA2974@server.rulingia.com> References: <20190705060652.GA2974@server.rulingia.com> From: grarpamp Date: Fri, 5 Jul 2019 17:24:23 -0400 Message-ID: Subject: Re: Review of FreeBSD Security Advisory Process: Incl Heads Up, Dates, Etc [cont: 5599 SACK} To: freebsd-security@freebsd.org Cc: freebsd-questions@freebsd.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: DF9868A778 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-6.93 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; NEURAL_HAM_SHORT(-0.93)[-0.932,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; REPLY(-4.00)[] X-Mailman-Approved-At: Fri, 05 Jul 2019 22:04:03 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Jul 2019 21:24:25 -0000 On 7/5/19, Peter Jeremy wrote: > On 2019-Jul-04 00:06:10 -0400, grarpamp wrote: >>Continued from beginnings in: >>https://lists.freebsd.org/pipermail/freebsd-security/2019-June/009996.htm= l > What benefits would be gained by Some have been, and more can be by others, outlined in the ongoing threads. > Security Officer is a volunteer position and their time is valuable. > requiring them to do more work to provide information Date_Received adding is not "more work" in any real sense. FreeBSD Project knows when it becomes aware of an issue, readily available in the very same email headers, forum post headers, etc... a minute's cut and paste into an Advisory. That's an easy first step. > that is mostly already available elsewhere? In the Subject example, and many others, no. Discovered and Received dates are often not given. >>Date_Discovered: Date of original discovery by discoverer. > This will be in the linked CVE. It is not present in the current CVE or Netflix or FreeBSD infosheets. If some external discoverer wants to play silly and coy with that Date_Discovered info, fine. However once Date_Received occurs as above, FreeBSD project should be denoting its Date_Received. >>Date_Received: Date project received notification (or >>observed any info), regardless from external or internal source. > > How/why is this relevant? Already explained... it is critical datapoint for user base to review evaluate community allocation of resources to appropriate levels of security response. They might choose months, weeks, days. But without Date_Received, everyone is left in dark, and allocations potentially not wherever they should be to meet general needs. > I agree that the project has been ignored > in some cases but that is generally discussed separately. FreeBSD ignored by external fake security purveyors? If that is the meaning, that would be a good thing, hopefully due to FreeBSD doing things toward real security that counter that. >>Issue should also be posted heads up to lists at this Received >>time. > > Definitely not. Early advice of vulnerabilities is very much "need to > know". Utterly False. If you are the owner... user, admin, entity or even customer with data or services running on... a vulnerable system, it is absolutely without question your need to know. Further, if FreeBSD is not posting a heads up upon its Date_Received of what it knows so far, it is putting itself in very questionable position of claiming to knowing best for all when in fact it does not even know for one, instead of rightly setting those decisions off to systems owners as best suits their own needs via heads up post. > Unless someone's expertise is required to rectify the vulnerability, > details regarding the vulnerability should remain private. What external does is up to them. Yet as herein, once it hits FreeBSD's doorstep, FreeBSD's responsibility is to users first and foremost to point of exclusivly. > The discoverers may > choose to publish early information As above, that's upon them and their cred game. Not forgetting that those discoverers that withold often get caught and look silly. > in which case, the Project may choose > to publicly reference that information. If FreeBSD is independant, it can refer and publish whatever it knows, when it knows it. If it is not, then those aspects of FreeBSD need very serious opening up to sunlight and review by the entire community. Same if FreeBSD were subject to "Donation Capture", that would need reviewed extremely closely. > Public announcement dates are generally not under Project control - where= a > vulnerability affects multiple vendors, there is almost always general > agreement on a common announcement date. This is a game, a fake news show meant to make the interviewees look good, typically monied vendors of closed proprietary garbage smelly swiss cheese product, everyone knows it, so just stop. > If the Project leaks information > about unannounced vulnerabilities, it will stop receiving advance > information about vulnerabilities - this definitely will adversely impact > the Project. If FreeBSD is or wants to playing the [vendor] game, wants to become a closed system, subject to such others, etc... it will never be known for pushing the much needed opensource HW and SW philosophy envelope any further ahead into the light through its openness action or even activism. There are enough closed models out there already. Don't let those closed actors fool and play you into their dark traps. FreeBSD hopefully is, and must be, better than that. Here's another example of secrecy serving no one other than dark forces (in this case, literally TLA's and nefarious actors around the world against owners users customers)... https://zerodium.com/program.html FreeBSD LPE is only worth $50,000, that's less than Windows. One can of course discuss in a separate thread the LoC vs Funds vs Usercount vs Fruits of Vuln therein. The the question of what great results from if FreeBSD community and or foundation funds just one fulltime dedicated security reviewer at $50k/yr... and how that news and results might generate more donations in turn... >> Does FreeBSD publish its vulnerability response process documentation? >> If not, would FreeBSD be open to such transparency? > You=E2=80=99re asking volunteers, performing a very time-consuming task, = to do even more work. That would be another great first step. And it's easily done and opened to entire community contribution via the Wiki, such that works doesn't have to come down to just N existing volunteers. Part of doing things such as these in the open, a wiki list of oppurtunitie= s, processes, etc is that it allows you to call for participants, new volunteers, people can drop by and see what interests them, can evaluate if they would like to add resources to gain from that investment [in their own system] in turn, etc.