From owner-freebsd-security@freebsd.org Wed Jul 24 13:48:39 2019 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 2E303A8911 for ; Wed, 24 Jul 2019 13:48:39 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1054C83877; Wed, 24 Jul 2019 13:48:39 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 945) id F2E02E4F4; Wed, 24 Jul 2019 13:48:38 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-19:12.telnet Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20190724134838.F2E02E4F4@freefall.freebsd.org> Date: Wed, 24 Jul 2019 13:48:38 +0000 (UTC) X-Rspamd-Queue-Id: 1054C83877 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.96 / 15.00]; local_wl_from(0.00)[freebsd.org]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; NEURAL_HAM_SHORT(-0.96)[-0.961,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]; NEURAL_HAM_LONG(-1.00)[-1.000,0] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Jul 2019 13:48:39 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-19:12.telnet Security Advisory The FreeBSD Project Topic: telnet(1) client multiple vulnerabilities Category: contrib Module: contrib/telnet Announced: 2019-07-24 Credits: Juniper Networks Affects: All supported versions of FreeBSD. Corrected: 2019-07-19 15:37:29 UTC (stable/12, 12.0-STABLE) 2019-07-24 12:51:52 UTC (releng/12.0, 12.0-RELEASE-p8) 2019-07-19 15:27:53 UTC (stable/11, 11.2-STABLE) 2019-07-24 12:51:52 UTC (releng/11.2, 11.2-RELEASE-p12) 2019-07-24 12:51:52 UTC (releng/11.3, 11.3-RELEASE-p1) CVE Name: CVE-2019-0053 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The telnet(1) command is a TELNET protocol client, used primarily to establish terminal sessions across a network. II. Problem Description Insufficient validation of environment variables in the telnet client supplied in FreeBSD can lead to stack-based buffer overflows. A stack- based overflow is present in the handling of environment variables when connecting via the telnet client to remote telnet servers. This issue only affects the telnet client. Inbound telnet sessions to telnetd(8) are not affected by this issue. III. Impact These buffer overflows may be triggered when connecting to a malicious server, or by an active attacker in the network path between the client and server. Specially crafted TELNET command sequences may cause the execution of arbitrary code with the privileges of the user invoking telnet(1). IV. Workaround Do not use telnet(1) to connect to untrusted machines or over an untrusted network. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Perform one of the following: 1) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/SA-19:12/telnet.patch # fetch https://security.FreeBSD.org/patches/SA-19:12/telnet.patch.asc # gpg --verify telnet.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/12/ r350139 releng/12.0/ r350281 stable/11/ r350140 releng/11.2/ r350281 releng/11.3/ r350281 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl04WltfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n 5cLOzA//YxRZNUr+d8B+t6DnBUbVvthJiY9sQ1YPXUIJmp4QA7wvXr5UjURw+6qv raxEp6JmF06wZK4RjeIFckQD6s2wnjO5VHO80Zbs0nD4NejQGeDAIlVdKqofOtJv bBQNSY3vPAtumyfElc+N19rKetAjGbsUjOMbn87GlWrit4lqcavBQsdmSlQB5gVA dFAFsVxr+ujjATnrCmIpFiaDk0unyJ7Gtz7jiM9I8xZueJtM49/9kNCFFLKCMUl8 HpB2k0cb18GVNJoKtzo1nELOM/oIJVO5HZt1fmYG/RgeL1BSyzg4q/5jXJQopJ2h Qax7fmMP+RpGGrfp9Uom63tj79eQk2NirpUtfAaYkfGKzj6fNcq/7jxZfbobx0R8 uTiF88mlv2/SGxpo11Z/QBqOSYTQtjDRYJvjCo77g7YW8HauECC3tiklpPfFOIO8 m5qNOORKI74Do377GBF3gxDF2T8ILwj1j7nKHf3apotvQXJkkbpWBG7ADRTFcZWd PMKdYiDPHV33YmCAg9tOAqV4O7TvaB07ZLKiI6kuSBtPVrazB8Az/oRJwfF6JQ6g 4ZdinyCrXWYrWslkW8402GKCERFFYJUvwLSUqHxYMRgZWPy9zf/mH56vh4bleYnP kz2X7OgtB3Juu0Uzwv927+KZuyzitniaPlLe9tsyBwXFbUM+BrY= =LWVf -----END PGP SIGNATURE----- From owner-freebsd-security@freebsd.org Wed Jul 24 13:48:45 2019 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E763CA894B for ; Wed, 24 Jul 2019 13:48:45 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id C0C52838DB; Wed, 24 Jul 2019 13:48:45 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 945) id 70500E538; Wed, 24 Jul 2019 13:48:44 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-19:13.pts Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20190724134844.70500E538@freefall.freebsd.org> Date: Wed, 24 Jul 2019 13:48:44 +0000 (UTC) X-Rspamd-Queue-Id: C0C52838DB X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.96 / 15.00]; local_wl_from(0.00)[freebsd.org]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; NEURAL_HAM_SHORT(-0.96)[-0.961,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]; NEURAL_HAM_LONG(-1.00)[-1.000,0] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Jul 2019 13:48:46 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-19:13.pts Security Advisory The FreeBSD Project Topic: pts(4) write-after-free Category: core Module: kernel Announced: 2019-07-24 Credits: syzkaller Affects: All supported versions of FreeBSD. Corrected: 2019-07-07 14:19:46 UTC (stable/12, 12.0-STABLE) 2019-07-24 12:53:06 UTC (releng/12.0, 12.0-RELEASE-p8) 2019-07-07 14:20:14 UTC (stable/11, 11.2-STABLE) 2019-07-24 12:53:06 UTC (releng/11.2, 11.2-RELEASE-p12) 2019-07-24 12:53:06 UTC (releng/11.3, 11.3-RELEASE-p1) CVE Name: CVE-2019-5606 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The posix_openpt(2) system call allocates a pseudo-terminal device and returns a descriptor referencing that device. Such a descriptor may be configured such that a SIGIO signal will be sent to a designated process or process group when the device is ready to perform I/O. II. Problem Description The code which handles a close(2) of a descriptor created by posix_openpt(2) fails to undo the configuration which causes SIGIO to be raised. This bug can lead to a write-after-free of kernel memory. III. Impact The bug permits malicious code to trigger a write-after-free, which may be used to gain root privileges or escape a jail. IV. Workaround No workaround is available. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Perform one of the following: 1) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r +10min "Security update" 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/SA-19:13/pts.patch # fetch https://security.FreeBSD.org/patches/SA-19:13/pts.patch.asc # gpg --verify pts.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/12/ r349805 releng/12.0/ r350282 stable/11/ r349806 releng/11.2/ r350282 releng/11.3/ r350282 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl04Wl9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n 5cLZDA//SGC+7Vghtofm/CzylIXhC1drFOxNYJOF7KEJqDwsRR3U9S99Q9NBWS5+ e+/vJzvV0+epZNQXDlit5a76jGwy4fNuutNh0J3APHe/l0Zp/PhM56IwRWQgqAkQ hF67xhHxFZs8AH6/bw21N4IkRrAZHmrrCY8ubZArjoUi0gCoFzAYRw1Nh/JTQoLS IGuqUFaMZWKvu3aeJiikLjHiJUMRAY7sxh+iSBSp99dsLkASqQZtx1grmosljttN fuD7qO2f067EWUpC50JTbNt9V7za854hrlOp8jn1g51O4fWWJoEEL2/0VUeOO+fr aGS9UNal25NPr2zGzx2t0u1VNE3/YKoZ0tq+mQYtaXke32ZO15Ufby0YcLU4DF8d dU1ZoG2AGbWmBqgQ982hocq5Dn0r5yCHXDeEGguE1DsfyBuUEZw6zfYRtzIQ0swk wDrdETxpIMa8jaSGtDw2bilrLNRIVqYkXBJftC3fpXhlz6PyU6bZaFm00xrs7z1D EJMkuIWho9oMqLTU7bZNHv7JD4G3ziTF1h2tGXGcEKp02ImNZQnw3w5PBberFgto H4uJQCWgFqqddkjnSidX3Uj676LC99ERDEUlqi+xnXMmBScJnQuRtiUdbpOCkPD2 gLJmcyy7qjKw87i8KaQF5hUcym2D9xygbUV+I4RT93jR2DCVBA0= =Cpu+ -----END PGP SIGNATURE----- From owner-freebsd-security@freebsd.org Wed Jul 24 13:48:51 2019 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 8303FA8982 for ; Wed, 24 Jul 2019 13:48:51 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 3AE9883962; Wed, 24 Jul 2019 13:48:51 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 945) id DCB93E59D; Wed, 24 Jul 2019 13:48:50 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-19:14.freebsd32 Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20190724134850.DCB93E59D@freefall.freebsd.org> Date: Wed, 24 Jul 2019 13:48:50 +0000 (UTC) X-Rspamd-Queue-Id: 3AE9883962 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.96 / 15.00]; local_wl_from(0.00)[freebsd.org]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; NEURAL_HAM_SHORT(-0.96)[-0.961,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]; NEURAL_HAM_LONG(-1.00)[-1.000,0] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Jul 2019 13:48:51 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-19:14.freebsd32 Security Advisory The FreeBSD Project Topic: Kernel memory disclosure in freebsd32_ioctl Category: core Module: kernel Announced: 2019-07-24 Credits: Ilja van Sprundel, IOActive Affects: FreeBSD 11.2 and FreeBSD 11.3 Corrected: 2019-07-22 18:14:34 UTC (stable/11, 11.2-STABLE) 2019-07-24 12:54:10 UTC (releng/11.2, 11.2-RELEASE-p12) 2019-07-24 12:54:10 UTC (releng/11.3, 11.3-RELEASE-p1) CVE Name: CVE-2019-5605 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The FreeBSD kernel supports executing 32-bit applications on a 64-bit kernel, including the ioctl(2) interface. II. Problem Description Due to insufficient initialization of memory copied to userland in the components listed above small amounts of kernel memory may be disclosed to userland processes. III. Impact A user who can invoke 32-bit FreeBSD ioctls may be able to read the contents of small portions of kernel memory. Such memory might contain sensitive information, such as portions of the file cache or terminal buffers. This information might be directly useful, or it might be leveraged to obtain elevated privileges in some way; for example, a terminal buffer might include a user-entered password. IV. Workaround No workaround is available. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Perform one of the following: 1) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r +10min "Security update" 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/SA-19:14/freebsd32.patch # fetch https://security.FreeBSD.org/patches/SA-19:14/freebsd32.patch.asc # gpg --verify freebsd32.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/11/ r350217 releng/11.2/ r350283 releng/11.3/ r350283 - ------------------------------------------------------------------------- Note: This issue was addressed in a different way prior to the branch point for stable/12. As such, no patch is needed for FreeBSD 12.x. To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl04WmNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n 5cIavw//emdRXVNpGREW1FfUvWmUPpdgk6rFck9nEG0KUKYCcfhqN83BN9XtqaWu lBQ1jbB/CsalwL6Gpn2yuMvgS8W4yUidyPHLpzuoAThlsy5bHID1/oRftJt0T0BS kHbTD0tTUt3QDV51FoLBjvXfjRRb8xJ+wIGJ0NzOscWgjgu6JPUysHEJD3+vSOKN X3qJd3zcoYqswcvuhoVE2cFrSaZKEyIi1pJVr9CGItQTWXIisgdXdGYTnBdZU8jq iJGaI1BXiNUl/p/21JA32T+ZD7cdMtx6KiuoKlY7Bzgj7Qk3XW7xsQsYu724LIJT pVhIxntMrQSak7wIaqNPGR/FgkkKDsoo6iCHXlGxXv6tLg7pnioZIaHhc5+UZqmT 8I0UogWhQZS03/nwFRVDLPp+ka2P0g2gsm/dX1UVuucMT+hGeqn2c/iaSU76duoR qavRPjLPJDnfVrpXhpqco9rq1+UwA/1uSNe0cFX0ArX040hCReDsMphcxgrkZ0sD u71Px2ZLE5rpWmFd8LD0X2y1l4OEcTmoTPUtJxHlVrMFztuNbAlRnyCxTV8c2uId zN44wRj6c2ZEV/w+kBVTV+L7NSt1eHDZ5tgUL7boEOylEgkHTl30aZ8nV2wvpaM3 1Y/IwBnGmI4iNLMnRoIDlac6rR3dMUS4gtH+lkfxlBri9Qc3Qso= =8LlB -----END PGP SIGNATURE----- From owner-freebsd-security@freebsd.org Wed Jul 24 13:49:10 2019 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 9A58AA89BA for ; Wed, 24 Jul 2019 13:49:10 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id BDC0783A05; Wed, 24 Jul 2019 13:48:57 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 945) id 867B5E5CA; Wed, 24 Jul 2019 13:48:57 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-19:15.mqueuefs Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20190724134857.867B5E5CA@freefall.freebsd.org> Date: Wed, 24 Jul 2019 13:48:57 +0000 (UTC) X-Rspamd-Queue-Id: BDC0783A05 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.96 / 15.00]; local_wl_from(0.00)[freebsd.org]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; NEURAL_HAM_SHORT(-0.96)[-0.961,0]; ASN(0.00)[asn:11403, ipnet:96.47.64.0/20, country:US]; NEURAL_HAM_LONG(-1.00)[-1.000,0] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Jul 2019 13:49:10 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-19:15.mqueuefs Security Advisory The FreeBSD Project Topic: Reference count overflow in mqueue filesystem Category: core Module: kernel Announced: 2019-07-24 Credits: Mateusz Guzik Affects: All supported versions of FreeBSD. Corrected: 2019-07-23 21:12:32 UTC (stable/12, 12.0-STABLE) 2019-07-24 12:55:16 UTC (releng/12.0, 12.0-RELEASE-p8) 2019-07-23 21:15:28 UTC (stable/11, 11.2-STABLE) 2019-07-24 12:55:16 UTC (releng/11.2, 11.2-RELEASE-p12) 2019-07-24 12:55:16 UTC (releng/11.3, 11.3-RELEASE-p1) CVE Name: CVE-2019-5603 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background mqueuefs(5) implements POSIX message queue file system which can be used by processes as a communication mechanism. 'struct file' represents open files, directories, sockets and other entities. II. Problem Description System calls operating on file descriptors obtain a reference to relevant struct file which due to a programming error was not always put back, which in turn could be used to overflow the counter of affected struct file. III. Impact A local user can use this flaw to obtain access to files, directories, sockets etc. opened by processes owned by other users. If obtained struct file represents a directory from outside of user's jail, it can be used to access files outside of the jail. If the user in question is a jailed root they can obtain root privileges on the host system. IV. Workaround No workaround is available. Note that the mqueuefs file system is not enabled by default. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Perform one of the following: 1) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r +10min "Security update" 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/SA-19:15/mqueuefs.patch # fetch https://security.FreeBSD.org/patches/SA-19:15/mqueuefs.patch.asc # gpg --verify mqueuefs.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/12/ r350261 releng/12.0/ r350284 stable/11/ r350263 releng/11.2/ r350284 releng/11.3/ r350284 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl04WmdfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n 5cIWpBAAg9BmPamkj7wLJODR8SvNk+qYqEbYeakiSGnvXllz2l+qI2dhMVsuQRGQ ko7VY0P2Wuh68UiiDG63Oq3hbOWPPkL1axk6n275rZSdoVj856tjrHjnUtP3UX5S WQUKRAREjhVjM9dAOwCYrmAmcpX4SkslklhfiR6AR62t4eptMlfJ6ACQATs6FPnX WRdyDe7yq0mL4UHWg+PvotQ+rxGiynwgVRMXwaglKOldGOuPOeuj7azM4nb6/qkN GjJlJOIRwfU1/sXVII3cCzndnCrz5A0sSttg4JK+uzneJNze+rOghGbyQ9F046z9 H0M0Ae6M74UCyioyoTrQgvivWvATtNRkLBoRfvHQUNGSt6bS9g1F0N5J7NCgaIPx vos7P4vnRM1avEAAnAhmm9eYAkO5VLmTb1ry5vOY1o2viesN3P0URcj7o+JIipaA Kqlff154N2nJmCkT0BJ3m+80GWeAnwqli/LvAIruXxc2hqgWLh7wO+71mraPrV5Z 2+IiuLPMF18FdpTBjhXyX5zCtW7t7uARgZLJMjM+hTXc7aAer7746XY5JyXfRsa9 jLVWHlff2YoF7DySyDIC7+ONfPIHGgr45imdJgJ9Cxu31ZBmCjesNR4x1DCKgLvT KnpBvofWIkIb8sEikEnXMfrHqoP/RtVtK73GlmT7sbH9PDQPUYw= =ehKK -----END PGP SIGNATURE----- From owner-freebsd-security@freebsd.org Wed Jul 24 13:49:31 2019 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 6BBDEA8A11 for ; Wed, 24 Jul 2019 13:49:31 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id E6BC683AEE; Wed, 24 Jul 2019 13:49:05 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 945) id 13861E612; Wed, 24 Jul 2019 13:49:05 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-19:16.bhyve Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20190724134905.13861E612@freefall.freebsd.org> Date: Wed, 24 Jul 2019 13:49:05 +0000 (UTC) X-Rspamd-Queue-Id: E6BC683AEE X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.96 / 15.00]; local_wl_from(0.00)[freebsd.org]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; NEURAL_HAM_SHORT(-0.96)[-0.961,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Jul 2019 13:49:31 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-19:16.bhyve Security Advisory The FreeBSD Project Topic: Bhyve out-of-bounds read in XHCI device Category: core Module: bhyve Announced: 2019-07-24 Credits: Reno Robert Affects: All supported versions of FreeBSD. Corrected: 2019-07-23 17:48:37 UTC (stable/12, 12.0-STABLE) 2019-07-24 12:56:06 UTC (releng/12.0, 12.0-RELEASE-p8) 2019-07-23 17:48:37 UTC (stable/11, 11.2-STABLE) 2019-07-24 12:56:06 UTC (releng/11.2, 11.2-RELEASE-p12) 2019-07-24 12:56:06 UTC (releng/11.3, 11.3-RELEASE-p1) CVE Name: CVE-2019-5604 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background bhyve(8) is a hypervisor that supports running a variety of virtual machines (guests). bhyve includes an emulated XHCI device. II. Problem Description The pci_xhci_device_doorbell() function does not validate the 'epid' and 'streamid' provided by the guest, leading to an out-of-bounds read. III. Impact A misbehaving bhyve guest could crash the system or access memory that it should not be able to. IV. Workaround No workaround is available, however systems not using bhyve(8) for virtualization are not vulnerable. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. No reboot is required. Rather the bhyve(8) process for vulnerable virtual machines should be restarted. Perform one of the following: 1) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install Restart any bhyve virtual machines or reboot the system. 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/SA-19:16/bhyve.patch # fetch https://security.FreeBSD.org/patches/SA-19:16/bhyve.patch.asc # gpg --verify bhyve.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . Restart any bhyve virtual machines, or reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/12/ r350246 releng/12.0/ r350285 stable/11/ r350247 releng/11.2/ r350285 releng/11.3/ r350285 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl04WmtfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n 5cI+Jw//TcrKrFaXkEJtqzspjoeK9YKwNwj30ewdb/Ph3GdcgVoQmfJVsWPcmcM9 +dewKdl7gGLhVhoJ+3f3oFzlDcqSxFLHcNwSW5J7P8Zt+7ZpQzwH8pfB6S8T1Nk6 77Sv5hYrjy8kdSh6Z/c8BkAQrhEFYO09xej8ekQ1B+iL2N4ErexpCNTMKlP96pGS 0/4tso5gdcwrc1t6HHGffFkjItgnE8Lvgr1ZsSHbcRGAc3nqy3n21U+VH+fecAzK 0NBO3HQeCbRIEdAms3jMLcAJGrs60VBN0nnWqLxlGBb10hY7Si0NkgbWOP2g/Elf J+K4SHTFXbhIGrpsrEdvSVPvytQ8gKOSys5luvtLjt0Yhll08eEUDVzaIk//Hsak BcUSlKHULLkVTJZvdZAHUMHJOMPpSAh61DuFcM+pxAt5E9rmgX+HnPBs1yLbgd23 NaQadFC126T+AW5W5GyOs2BIEo4bdTNHqONF7gmR4a5bv6/7GWZz/QNsep43jDZH 43lur9mts+/1LUCD1s4DkMniNMaGt28GMNa44PgQVzHI7NU/gdVe25TLnAv+X9lO aAkV/WAyszux/Io2G2DfJNTc8Am/xRzFBvmydOnbMtzw8X/xgxB1/0ysl51O9Bdw OhfpMygAsxbG0e8y5VuhpuoHd8/vIoBmA0z+u1tt4zxJIXgqSgE= =/161 -----END PGP SIGNATURE----- From owner-freebsd-security@freebsd.org Wed Jul 24 13:49:44 2019 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 58863A8A4A for ; Wed, 24 Jul 2019 13:49:44 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 0828083B94; Wed, 24 Jul 2019 13:49:11 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 945) id 3424EE65F; Wed, 24 Jul 2019 13:49:10 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-19:17.fd Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20190724134910.3424EE65F@freefall.freebsd.org> Date: Wed, 24 Jul 2019 13:49:10 +0000 (UTC) X-Rspamd-Queue-Id: 0828083B94 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.96 / 15.00]; local_wl_from(0.00)[freebsd.org]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; NEURAL_HAM_SHORT(-0.96)[-0.961,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]; NEURAL_HAM_LONG(-1.00)[-1.000,0] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Jul 2019 13:49:44 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-19:17.fd Security Advisory The FreeBSD Project Topic: File description reference count leak Category: core Module: unix Announced: 2019-07-24 Credits: Mark Johnston Affects: All supported versions of FreeBSD. Corrected: 2019-07-22 19:25:05 UTC (stable/12, 12.0-STABLE) 2019-07-24 12:57:49 UTC (releng/12.0, 12.0-RELEASE-p8) 2019-07-22 19:27:23 UTC (stable/11, 11.2-STABLE) 2019-07-24 12:57:49 UTC (releng/11.2, 11.2-RELEASE-p12) 2019-07-24 12:57:49 UTC (releng/11.3, 11.3-RELEASE-p1) CVE Name: CVE-2019-5607 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background UNIX-domain sockets are used for inter-process communication. It is possible to use UNIX-domain sockets to transfer rights, encoded as file descriptors, to another process. Rights are encapsulated in control messages, and multiple such messages may be transmitted with a single system call. II. Problem Description If a process attempts to transmit rights over a UNIX-domain socket and an error causes the attempt to fail, references acquired on the rights are not released and are leaked. This bug can be used to cause the reference counter to wrap around and free the corresponding file structure. III. Impact A local user can exploit the bug to gain root privileges or escape from a jail. IV. Workaround No workaround is available. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Perform one of the following: 1) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r +10min "Rebooting for a security update" 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 11.2] # fetch https://security.FreeBSD.org/patches/SA-19:17/fd.11.2.patch # fetch https://security.FreeBSD.org/patches/SA-19:17/fd.11.2.patch.asc # gpg --verify fd.11.2.patch.asc [FreeBSD 11.3] # fetch https://security.FreeBSD.org/patches/SA-19:17/fd.11.patch # fetch https://security.FreeBSD.org/patches/SA-19:17/fd.11.patch.asc # gpg --verify fd.11.patch.asc [FreeBSD 12.0] # fetch https://security.FreeBSD.org/patches/SA-19:17/fd.12.patch # fetch https://security.FreeBSD.org/patches/SA-19:17/fd.12.patch.asc # gpg --verify fd.12.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/12/ r350222 releng/12.0/ r350286 stable/11/ r350223 releng/11.2/ r350286 releng/11.3/ r350286 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl04WnBfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n 5cIOTQ/+KQMGXwNiuMVNib5ErewD9QdT48NYaU/hYUub3VMAfQltvWmbiPw7zXj7 yJGm9FxWrMvZ6hFnKskV60u9d7PMYkOv4nzcaFgPoadByXXlALQGd/ansrZFyTJr bDeBs7J3dM/VnH/lSlPc/LlbnH4iN+gj6SSqpsWAIdq99VIviAnzHTr7SniGfXul hP+5+xSlfAYOKuH7jM1+gpuld9kR2QzGObiUJ6gfJk+I41C90tSJHb3v+DCanyrM N2NXKbkgRtZoaIItiqZVIKHJP+VaHOnHCBq3uEbj2+OR7I5yFkDYdQbTiWVU1bl0 9Ps/5LPDEiQYQqgCGadzZyqyEHvoPFy2vWvc1GFya6cV1L3gtM51C713ci2Xa3NK ZknS4bIC2Nhtrf9PcFJRkMKW8OOdwYi/2vL9I4W/PAs2EV3thQivBB7dH9TYRTdC BWP2tFM+isibjezJfj2RAjdAq0Kln0U+4AkNWgNNToyzSNFJ0LBtvzlgS7mmtuN0 mA9n7tYyQM5vCXEQqcC3hIkJSeNE2Sj4/RVd8oo1Ngh1el0AFTJ2aq+QowG/lWO/ pK1lvOQXMPElbSSxCytqALWY995VRxmEUO/TF6pCgsRDIXxx+eSf1XrtT2d1+Na7 nzt511Ho9/F4Uwbih7u+IhnWReB2Da0djLBWUtOc+HsMLQZVAUk= =juJj -----END PGP SIGNATURE----- From owner-freebsd-security@freebsd.org Wed Jul 24 16:58:15 2019 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1CC77B23BC for ; Wed, 24 Jul 2019 16:58:15 +0000 (UTC) (envelope-from rsimmons0@gmail.com) Received: from mail-lj1-x234.google.com (mail-lj1-x234.google.com [IPv6:2a00:1450:4864:20::234]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1D36D8ED4A for ; Wed, 24 Jul 2019 16:58:14 +0000 (UTC) (envelope-from rsimmons0@gmail.com) Received: by mail-lj1-x234.google.com with SMTP id p17so45207794ljg.1 for ; Wed, 24 Jul 2019 09:58:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=4yl01B6V8nwdi2SHQfK2Xdq9J4SokDr8ln5eOgJn0ig=; b=gd5Pe1Asm2wKZKYGbWJATTXYU4PLgvUv/NqyABHWFvFUlQp2RDe7+dVZqWxETjUiad QqSi7mkzkrQFStSr2MkF4Jr1Q1PS5Gc39Y17eQaD5sgqvYStZgQkR62E/ZjNxt2cAGtm 7GyGyedMN4+FugZNycIWXO2xQPzsPjg5IFt/oaqto6xbibLya2fLX6feGdPVkR4CrjRA GifI0i9XvqFgYel6P00Juy9jdQ4X7/ZybtPIjUL7Mgwh64ixzZUaot+MJP+UO41gigQx zYrW6DUTHxbTZwWlQA1QbVD4CDqy5lk41dEkXy86hU7jYo3O35QkmBOSDtWUhp7JcHHn VXYg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=4yl01B6V8nwdi2SHQfK2Xdq9J4SokDr8ln5eOgJn0ig=; b=MEMCC8rhgj7h2s+PwmMc5Rp1fy8dNxXHz4S9QmDFCn13q02z/PlujtHbEQGS5IYi3M noPTNd4bGADAfQzGxVCjLndy36aHYf0HiqVhJv7zRy4D6JMRaVYM3YCVFFsMqJhDUHPl 1qqAxVGTDr1+vkH7CAN+uALCQHo9wCydP2OE4Ilyv/F2vabM2vTjBMeI5zVydgHtkIYt KMsSDQECsVz4TTd6BdfAfyDoQ7fJd1VtAqdavbnP72JFTGgURVTB1Dn9LfZKQcof7GOC hgJpYdiFHdwjazx61l0OmUslV10fFfL4yn6upLxzc22HBy62wkvMOtcIK5sAGcVsek2q 0Kqg== X-Gm-Message-State: APjAAAWnCSs6GTFO++ZiA6ANX2Z5EN4B3pN1p2/9ZEBCL5XjGbDALT1j 597NWOxqvpDfsKz8blHBrE0b8PPBrx6thvl9R6hFYKbK X-Google-Smtp-Source: APXvYqw6HN5AoqISxRfQB4FZxzkwgqd5d4GQyvGgpf/niNJ790vcKbfUoFpSILvfOiI8VXe9KPUVPla6NgmkW28MO8U= X-Received: by 2002:a2e:91c5:: with SMTP id u5mr43687839ljg.65.1563987488520; Wed, 24 Jul 2019 09:58:08 -0700 (PDT) MIME-Version: 1.0 From: Robert Simmons Date: Wed, 24 Jul 2019 12:57:57 -0400 Message-ID: Subject: Old Stuff To: freebsd-security@freebsd.org X-Rspamd-Queue-Id: 1D36D8ED4A X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=gd5Pe1As; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of rsimmons0@gmail.com designates 2a00:1450:4864:20::234 as permitted sender) smtp.mailfrom=rsimmons0@gmail.com X-Spamd-Result: default: False [-6.96 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36]; FREEMAIL_FROM(0.00)[gmail.com]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCVD_TLS_LAST(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; RCVD_IN_DNSWL_NONE(0.00)[4.3.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.5.4.1.0.0.a.2.list.dnswl.org : 127.0.5.0]; MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com]; IP_SCORE(-2.98)[ip: (-9.41), ipnet: 2a00:1450::/32(-2.99), asn: 15169(-2.43), country: US(-0.05)]; NEURAL_HAM_SHORT(-0.98)[-0.976,0]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; RCVD_COUNT_TWO(0.00)[2]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Jul 2019 16:58:15 -0000 I wonder if FreeBSD should drop support for 32bit? Clean out and remove all of it. It should make the code base easier to maintain, cleaner, and safer. In this same vein, let's deprecate and remove things like telnet and ftp. From owner-freebsd-security@freebsd.org Wed Jul 24 17:23:48 2019 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 826D3B2C4F for ; Wed, 24 Jul 2019 17:23:48 +0000 (UTC) (envelope-from aaron@heyaaron.com) Received: from mail-ua1-x931.google.com (mail-ua1-x931.google.com [IPv6:2607:f8b0:4864:20::931]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 152358FFF9 for ; Wed, 24 Jul 2019 17:23:47 +0000 (UTC) (envelope-from aaron@heyaaron.com) Received: by mail-ua1-x931.google.com with SMTP id a97so18717320uaa.9 for ; Wed, 24 Jul 2019 10:23:47 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=fkIZ7gOxMchez0kq2LjmXitb7hXFwhpjD+DhitKbYTE=; b=h10D+cbsGDN5j8SMvADDSEPfbD0ZzQ0Wpds4l6flkhQdlgze2dL1pmtauwQWbcYhKv jdQPmig2TS9N67s4Kev7QLfrc7Gtz8vSCsd4zYKOrwgQ5+t/lCpRdEvJnLHmUA2vHbPX /0g7rn9JAsfEfdQNfnHe5TG1sHU/YYCH+mjzmXgRkgfJ7nE8b2LsMYbwVw0WF19/PopH KYC7bd8DW7A7OfC5SMLD66qS+GEA/7O5V6WjK8uU0uf6dI0SYYuOunea3zFk+sspPqco a8l9FcOOuqRgS95OyzUlL4mwxu6tln5JHuJJePBxgdCRo3RslYEaFXl5cURR/lZZ+MqT AsIQ== X-Gm-Message-State: APjAAAUC2a5f/982N4XV+lAICEcd7V+5yRsk/Orms9ePj8b676Kapzx0 VwwhGsDB434YJt3B7wjZRUY8XEnGZfNvg63yP0fcA2J9 X-Google-Smtp-Source: APXvYqz4RQWKhdRf4/dPW6dK17C0maXrsJqZYfrdCyYWFFgV94k0fN8acQavQwziiv5WHybK0C+gTE2V0Qie4BrS9MA= X-Received: by 2002:ab0:7384:: with SMTP id l4mr42689664uap.8.1563989026035; Wed, 24 Jul 2019 10:23:46 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: "Aaron C. de Bruyn" Date: Wed, 24 Jul 2019 10:23:29 -0700 Message-ID: Subject: Re: Old Stuff To: Robert Simmons Cc: freebsd-security@freebsd.org X-Rspamd-Queue-Id: 152358FFF9 X-Spamd-Bar: ------ X-Spamd-Result: default: False [-6.92 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[heyaaron.com:s=201609]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; MX_GOOD(-0.01)[alt1.aspmx.l.google.com,aspmx.l.google.com,aspmx3.googlemail.com,aspmx5.googlemail.com,aspmx2.googlemail.com,alt2.aspmx.l.google.com,aspmx4.googlemail.com]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[heyaaron.com:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[heyaaron.com,reject]; RCVD_IN_DNSWL_NONE(0.00)[1.3.9.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; NEURAL_HAM_SHORT(-0.99)[-0.985,0]; IP_SCORE(-2.92)[ip: (-9.05), ipnet: 2607:f8b0::/32(-3.09), asn: 15169(-2.43), country: US(-0.05)]; FREEMAIL_TO(0.00)[gmail.com]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_COUNT_TWO(0.00)[2] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Jul 2019 17:23:48 -0000 Why remove telnet and FTP? Sure--it's insecure if you're using it over the internet, but I use it on my laptop at least a few times per year. I have a small 8-port switch where I plug in my laptop, then plug in an APC UPS and access it via telnet (and use FTP as well) to upgrade the firmware from a version that only supports SSHv1 to something newer. It's not insecure when used in that manner. -A On Wed, Jul 24, 2019 at 9:58 AM Robert Simmons wrote: > I wonder if FreeBSD should drop support for 32bit? Clean out and remove all > of it. It should make the code base easier to maintain, cleaner, and safer. > > In this same vein, let's deprecate and remove things like telnet and ftp. > _______________________________________________ > freebsd-security@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org > " > From owner-freebsd-security@freebsd.org Wed Jul 24 17:26:50 2019 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1885AB2DE9 for ; Wed, 24 Jul 2019 17:26:50 +0000 (UTC) (envelope-from mozolevsky@gmail.com) Received: from mail-ot1-x332.google.com (mail-ot1-x332.google.com [IPv6:2607:f8b0:4864:20::332]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 27FCD682CB for ; Wed, 24 Jul 2019 17:26:49 +0000 (UTC) (envelope-from mozolevsky@gmail.com) Received: by mail-ot1-x332.google.com with SMTP id d17so48720620oth.5 for ; Wed, 24 Jul 2019 10:26:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=+7cJqFVXXuIZVPE9gzKykCQn/bQP1yQ0XmvanB1iNpI=; b=Ubfl7zARJTz8gMUxzxBMC34OfuG7aX7DEXSaanNvEBRBYeC+Je5ULlGZMkUvr95QfF 5kj/cwfy/CttVO6gcxM0Ncga+m/wXXG03I5TYwGAOihfSBj7Yj0NsuTXTtS17Ipm5ZLg EjCBvT/9uqEavH2nCwldSD6Dhy2hQ5fOHQFbt15rL1scsqKSC2i1mKBsvfs8WnAnuXi8 RViTrqStO45px04ThlhWBpc/Q06b9VuiGZHKS38s3/UMwogZXsLrM+80xSdqcY6IWTVW us8ytNFO4l/x6MR40S/F5/zpQ55K8mcD0zuvKoEDEb4vMHKUDQaOdqn+sHts/1K12sBS 2z8w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=+7cJqFVXXuIZVPE9gzKykCQn/bQP1yQ0XmvanB1iNpI=; b=p09VlB+i3UyJgR+UJrhSk+tR5cE9pJu1dP+wKbvFDg31d7p5aPlU9k2J+SFqCpCObx DUcypQLPrj4lnt6SEqIic4UmVTNk50G7CEEdHEao8bsoYuIakf8usukbHMAT0/J3gs2o bruUrK4q+vqwy5C8SxFXsopOFjKqvJWfbOAL7VVBxeoE3UPCqy1/T+9l+RVKsBl1X591 b/A7UXLOsxXdzWHCw9mhgxHEa8hzxf/JELqfW737emmPbUv63cqQk+Wr8pFT9knx62Xl ftWDhgLduyouw2zUWtru2ob6KwiW7kAJPGraYNvHDNu/Vja6eZLoFM26BOHHQvbBpAky t6aw== X-Gm-Message-State: APjAAAUIhQKI3zbLH+2YyiVp/JnDLyasxwFu9zWpG5oDmQv/NJ8L307S Ss3EiCNaI1gd0K818CsYj78O60+U6oEBNVHP07U= X-Google-Smtp-Source: APXvYqxPF68Wx+UteICD6sk/EAwX0d1tSDMopAIOV4ftMx6gHBuMTD378lwhA+sSRqfI4RY4eM628ieT4mFfFFJVJYI= X-Received: by 2002:a9d:30c3:: with SMTP id r3mr59382287otg.141.1563989208321; Wed, 24 Jul 2019 10:26:48 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a4a:8788:0:0:0:0:0 with HTTP; Wed, 24 Jul 2019 10:26:47 -0700 (PDT) In-Reply-To: References: From: Igor Mozolevsky Date: Wed, 24 Jul 2019 18:26:47 +0100 Message-ID: Subject: Re: Old Stuff To: Robert Simmons Cc: "freebsd-security@freebsd.org" X-Rspamd-Queue-Id: 27FCD682CB X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=Ubfl7zAR; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of mozolevsky@gmail.com designates 2607:f8b0:4864:20::332 as permitted sender) smtp.mailfrom=mozolevsky@gmail.com X-Spamd-Result: default: False [-6.98 / 15.00]; TO_DN_EQ_ADDR_SOME(0.00)[]; TO_DN_SOME(0.00)[]; FREEMAIL_FROM(0.00)[gmail.com]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; RCVD_COUNT_THREE(0.00)[3]; MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_HAM_SHORT(-0.96)[-0.957,0]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; FREEMAIL_TO(0.00)[gmail.com]; FROM_EQ_ENVFROM(0.00)[]; IP_SCORE(-3.01)[ip: (-9.47), ipnet: 2607:f8b0::/32(-3.09), asn: 15169(-2.43), country: US(-0.05)]; MIME_TRACE(0.00)[0:+,1:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[2.3.3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; RCVD_TLS_LAST(0.00)[] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Jul 2019 17:26:50 -0000 On Wednesday, 24 July 2019, Robert Simmons wrote: Lolz, right? :- > I wonder if FreeBSD should drop support for 32bit? Clean out and remove all > of it. It should make the code base easier to maintain, cleaner, and safer. Because nobody has a 32bit computer nowadays??? Similarly, you got any empirical evidence to back up the "... safer" part of your speculation? > In this same vein, let's deprecate and remove things like telnet and ftp. How does the saying go, "if you think that encryption is the solution to your problem then you don't understand neither encryption nor your problem"? I would hazard a guess that over 95% of encrypted traffic needn't be encrypted at all, but no commercial interest developed "integrity over http" so we all have to suffer "encryption under http" instead. -- Igor M. From owner-freebsd-security@freebsd.org Wed Jul 24 17:29:27 2019 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 667D0B2FDB for ; Wed, 24 Jul 2019 17:29:27 +0000 (UTC) (envelope-from luke@solentwholesale.com) Received: from mail-io1-xd2c.google.com (mail-io1-xd2c.google.com [IPv6:2607:f8b0:4864:20::d2c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D63A368533 for ; Wed, 24 Jul 2019 17:29:25 +0000 (UTC) (envelope-from luke@solentwholesale.com) Received: by mail-io1-xd2c.google.com with SMTP id j6so16134897ioa.5 for ; Wed, 24 Jul 2019 10:29:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=solentwholesale-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=5tXaqbJn7UZ2VUja3f/aMktL52h61sY6qX59VRDb4IM=; b=wEjtzlBiQvawaCrfXUS/HqH9OrcsNOLcMGN/p3VcMevZRM01/NGCe4u76jN1fNuhGb XjnSPFS4s3ZI7kh2r8PfmmLr50s6qVKyOnBJ+vdQ1RfmBIG68VGbPpT6qhsawmxoNnK5 BzbEMxCxBHoPQcBaHUjZTdGfeNpnguNh2nzMkFNWL5LZQhg94gHINcS8dwe8yUtrPNXd y9IzgHZlQLWgcX6Z6ydP7YxZgG8RcCSL5TNkqHXy5zVGHbg4hkbD1KoxlchK5zdB0gJI fWETfQHQ/X58z71vQRNJ2EnvpDcPyyl3obsrXT+Vf/USlFOrLZNRxwJL/JrV0aw0y/e0 +rGw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=5tXaqbJn7UZ2VUja3f/aMktL52h61sY6qX59VRDb4IM=; b=MwgSPlda+ukq8Qh6SvqRaeyH5SXJDWzKRupCgquJHvz8IBDV5CjlclnR0a/4QBPFa5 VbVff2Cp03WXCG7nJ6dVIop7XGOfVJrTT9LltghkMeb0DEiP0AUnVbV1AzAQA3UfK0l6 bm86LY8WRvJDBGnJ/iHF8a03DwhBfLtyZFwvkWLLbw3H7atMaiklq+xJ4sfSVxPb2Bop Tb0wqnHeV1GsFgXceLY1eX1Vnn6uh6RLI0pMEic4l3tOvkxKxaC8TDOY6zIUJTmee4PW vYU98LDoP1wjPvTGAwczqxUOX1PalPgX86F43CFYj4jeWH4kgYEv/63ypGD5CORtCFnx cl8w== X-Gm-Message-State: APjAAAVU5zp/ce2ZZrVrpdK17XT/q+Hxsf4/8eRtBo4XjetnfCoPiAlL h2FFF60AkWC7uUG8iwjWmFB61DSr9fFyQZLG0vpMuQ== X-Google-Smtp-Source: APXvYqw0vdYg3wtn0g5t7ciclrInJZ1xIVzPokDOsR7I9bcSLlBmEvMOS9da5qr5zicsH7yBHMnb2OG8SN5pvOisi8o= X-Received: by 2002:a5d:87c6:: with SMTP id q6mr8184073ios.115.1563989364970; Wed, 24 Jul 2019 10:29:24 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Luke Crooks Date: Wed, 24 Jul 2019 18:29:12 +0100 Message-ID: Subject: Re: Old Stuff To: Robert Simmons Cc: freebsd-security@freebsd.org X-Rspamd-Queue-Id: D63A368533 X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=solentwholesale-com.20150623.gappssmtp.com header.s=20150623 header.b=wEjtzlBi; spf=softfail (mx1.freebsd.org: 2607:f8b0:4864:20::d2c is neither permitted nor denied by domain of luke@solentwholesale.com) smtp.mailfrom=luke@solentwholesale.com X-Spamd-Result: default: False [-5.31 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[solentwholesale-com.20150623.gappssmtp.com:s=20150623]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; NEURAL_HAM_SHORT(-0.98)[-0.978,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; DMARC_NA(0.00)[solentwholesale.com]; R_SPF_SOFTFAIL(0.00)[~all]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[solentwholesale-com.20150623.gappssmtp.com:+]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[c.2.d.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; MX_GOOD(-0.01)[ASPMX3.GOOGLEMAIL.com,ALT2.ASPMX.L.GOOGLE.com,ASPMX.L.GOOGLE.com,ALT1.ASPMX.L.GOOGLE.com,ASPMX2.GOOGLEMAIL.com]; IP_SCORE(-2.03)[ip: (-4.56), ipnet: 2607:f8b0::/32(-3.09), asn: 15169(-2.43), country: US(-0.05)]; FREEMAIL_TO(0.00)[gmail.com]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_COUNT_TWO(0.00)[2] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Jul 2019 17:29:27 -0000 Clearly you underestimate the technical debt for both hardware and software technologies, still very much in use today. Luke Crooks Solent Wholesale Carpets On Wed, 24 Jul 2019, 17:58 Robert Simmons, wrote: > I wonder if FreeBSD should drop support for 32bit? Clean out and remove all > of it. It should make the code base easier to maintain, cleaner, and safer. > > In this same vein, let's deprecate and remove things like telnet and ftp. > _______________________________________________ > freebsd-security@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org > " > From owner-freebsd-security@freebsd.org Wed Jul 24 18:46:38 2019 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id BBE3FB4A05 for ; Wed, 24 Jul 2019 18:46:38 +0000 (UTC) (envelope-from rsimmons0@gmail.com) Received: from mail-lf1-x12a.google.com (mail-lf1-x12a.google.com [IPv6:2a00:1450:4864:20::12a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 7DD6F6D06E for ; Wed, 24 Jul 2019 18:46:37 +0000 (UTC) (envelope-from rsimmons0@gmail.com) Received: by mail-lf1-x12a.google.com with SMTP id q26so32700993lfc.3 for ; Wed, 24 Jul 2019 11:46:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=SQ6flhiOiVe7+zjAHI1p/yrReAuChexXR5ah8EzTTaE=; b=gMUrU6PWfrE3aeeoUD4Ww428WrWAQgY15RoR1tgb8+n6oNZxBLapy5D1JWONKnBi2t J2G3ZXXHO6Q0YG94o6gOk5Sy40y2tX4oo7/fhEnYDd/2pOVAiyAQbdZBQ6TGU78eF1zm oHRIiFZBcATTy516aCVsBORnhTuRIJxsUbAUebXDrRuG1tw5Nxrris6CpCUOCWyUI6KU YtAA7z30QW6TftoaZva09KMuCBsFD7ZxTB03z+v4qUu5jsILYvVsTSyBljItPHDXyX9J qpj3i4+P8yYmTI6iKgvBYKZnoguZLsTKtp15LK9USkusgQmJqvuc5jmrcoeJmNWDOCbs 5oIA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=SQ6flhiOiVe7+zjAHI1p/yrReAuChexXR5ah8EzTTaE=; b=V5MlcOxc+dPnBIMhk0MvQKjOeg1ImwnWVP4nD8FcAqla14xu8HAAd3UTRWUUg5vOai p1Fz+/JUTfhPyi9NVCOE3+c9tGaO3oSgRNd1v6HEdWaremOC6nNiTb8SzM91f0EqPrm5 UPABvpBzq24OzRobtm0YQtLjpAoHfQTw08MSd+PRHdRU7VfF5FnG5rWFbrbfK8+gM/Z7 4fqumepXGuXo+fC8Oyp0+7HML4yHI1el+emUSjd8b/V4DMemVyoofOpep6b3gMJGo1y6 6djVMG842+gOUF7YT29VNUeZTD5fq20usYLIzkwzMCEyp3OTo7H6nrvGbU0kwKm+FmMl 0hCQ== X-Gm-Message-State: APjAAAX8xdLdSn2ICoNTGM/6TRxw+IREYIgpoP48oj2k6qV5IAbOFfBn TaPAT3T0YEafeVyWgK8OY/IkojqiQ3yudIl960jBkP0w X-Google-Smtp-Source: APXvYqyOeDDRDiV0V0DxDjDq5xKC6S1e2IA/MsjHT5xGPH7giawRogJY1sSgUTwJFkrb+Vh3/m5op5vwYv11/31VEqw= X-Received: by 2002:a05:6512:1d2:: with SMTP id f18mr38295760lfp.173.1563993995850; Wed, 24 Jul 2019 11:46:35 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Robert Simmons Date: Wed, 24 Jul 2019 14:46:24 -0400 Message-ID: Subject: Re: Old Stuff To: Luke Crooks Cc: freebsd-security@freebsd.org X-Rspamd-Queue-Id: 7DD6F6D06E X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=gMUrU6PW; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of rsimmons0@gmail.com designates 2a00:1450:4864:20::12a as permitted sender) smtp.mailfrom=rsimmons0@gmail.com X-Spamd-Result: default: False [-6.89 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36]; FREEMAIL_FROM(0.00)[gmail.com]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; NEURAL_HAM_SHORT(-0.92)[-0.919,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com]; RCVD_TLS_LAST(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[a.2.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.5.4.1.0.0.a.2.list.dnswl.org : 127.0.5.0]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; RCVD_COUNT_TWO(0.00)[2]; IP_SCORE(-2.96)[ip: (-9.34), ipnet: 2a00:1450::/32(-2.99), asn: 15169(-2.43), country: US(-0.05)]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Jul 2019 18:46:38 -0000 I am and am not. Ubuntu has made this choice recently. I doubt I am alone in my thinking. I fully expected instant pushback on both suggestions. On Wed, Jul 24, 2019, 13:29 Luke Crooks wrote: > Clearly you underestimate the technical debt for both hardware and > software technologies, still very much in use today. > > > > Luke Crooks > Solent Wholesale Carpets > > On Wed, 24 Jul 2019, 17:58 Robert Simmons, wrote: > >> I wonder if FreeBSD should drop support for 32bit? Clean out and remove >> all >> of it. It should make the code base easier to maintain, cleaner, and >> safer. >> >> In this same vein, let's deprecate and remove things like telnet and ftp. >> _______________________________________________ >> freebsd-security@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-security >> To unsubscribe, send any mail to " >> freebsd-security-unsubscribe@freebsd.org" >> > From owner-freebsd-security@freebsd.org Wed Jul 24 18:57:03 2019 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 00F25B4FEC for ; Wed, 24 Jul 2019 18:57:03 +0000 (UTC) (envelope-from rsimmons0@gmail.com) Received: from mail-lj1-x22c.google.com (mail-lj1-x22c.google.com [IPv6:2a00:1450:4864:20::22c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 360C56DB17 for ; Wed, 24 Jul 2019 18:57:01 +0000 (UTC) (envelope-from rsimmons0@gmail.com) Received: by mail-lj1-x22c.google.com with SMTP id x25so45583042ljh.2 for ; Wed, 24 Jul 2019 11:57:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=qGDV6E7uownCDScIcWJQkq8+zHGFgq5PK7JyH7dYTs8=; b=uLOCHBBWRuUGSzLXkGGb31gGoVIddVbYnrBgdR0C5TOr+mb1f5XlDtFvi7+NHMsyyk LE8QVYhJ/IFvD4uAFL4rQZjrWni+kd2ZEr/n2pnBstyR6hVo1OO8uJIHe87D3pH0b7qk ZRim5tGo4y2bRbx10p6nK5BIcRP1ZCFzOxnvIIZdcfeMGfmStrJtF/GuYTgZwWACVUdw f+v+m4y5A39KG89eq0S+aBaEsQ6eXQNjO/RNDEFi1Zd+ihRArny+5hWyw99UK5sRec27 UPqEL3ODxNBY8o0oFWXFhp3TWl28dbtX23Yz4rh0leWtGtiQMLsiT0ayFZeO0HZhhQKe lgWA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=qGDV6E7uownCDScIcWJQkq8+zHGFgq5PK7JyH7dYTs8=; b=alWUnwHSdKhGbKPL61SjiRcRcXK7IcYyz9Vg9I1vY4xZT5xGME/uAtjI3FAPiev0fj bSln/YMPpYtjfxCsiSiffMj6BleoAclpEA5kLL9mxf08WR8D5j/vFbNLeCrqtSRwaDCx ktRzOmH6j3SimOwgNvUdqzDv/UyLatZVgJRulI7SNdn4QNSXR0p1X3IFghgmSNp0tJ8Y cEN1Hn4q14K651gPO2mX09tgl0mR3n6xijYU7Y4hRFyNYSdMTJFxvJwvDwbKbS0227rG Fq3qUx7tbrYVd041Y42Ui4B2NBJZljeFHBvbNOKjmS0+RKQxwnESc+1P/MIGXsuh8KgV VaTQ== X-Gm-Message-State: APjAAAV4kK1aWU/33Bq+r4iRolRpTk1oX04yHYvJII/evrtAsHiYMR38 ZAgZBDpnGaXOb5zgiOJ3aSX5uC9aGLkiJXnU+kH6g08u X-Google-Smtp-Source: APXvYqze+ECEGtpwrExcgwGyDzpPvUybqR0ktK4F+N9Uub1jUYmTfFqrMXDtdQU9g5YfywUDS6WNjWuGW2VYuREdJB4= X-Received: by 2002:a2e:9a82:: with SMTP id p2mr45020852lji.64.1563994619080; Wed, 24 Jul 2019 11:56:59 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Robert Simmons Date: Wed, 24 Jul 2019 14:56:47 -0400 Message-ID: Subject: Re: Old Stuff To: "freebsd-security@freebsd.org" X-Rspamd-Queue-Id: 360C56DB17 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=uLOCHBBW; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of rsimmons0@gmail.com designates 2a00:1450:4864:20::22c as permitted sender) smtp.mailfrom=rsimmons0@gmail.com X-Spamd-Result: default: False [-6.99 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36]; FREEMAIL_FROM(0.00)[gmail.com]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCPT_COUNT_ONE(0.00)[1]; RCVD_TLS_LAST(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; RCVD_IN_DNSWL_NONE(0.00)[c.2.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.5.4.1.0.0.a.2.list.dnswl.org : 127.0.5.0]; TO_DN_EQ_ADDR_ALL(0.00)[]; IP_SCORE(-3.00)[ip: (-9.55), ipnet: 2a00:1450::/32(-2.99), asn: 15169(-2.43), country: US(-0.05)]; NEURAL_HAM_SHORT(-0.97)[-0.975,0]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; RCVD_COUNT_TWO(0.00)[2]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Jul 2019 18:57:03 -0000 The safer part of my speculation is specifically based on being less code to maintain overall. More resources devoted to a smaller code base. On Wed, Jul 24, 2019 at 1:26 PM Igor Mozolevsky wrote: > > > On Wednesday, 24 July 2019, Robert Simmons wrote: > > Lolz, right? :- > > > I wonder if FreeBSD should drop support for 32bit? Clean out and remove > all > > of it. It should make the code base easier to maintain, cleaner, and > safer. > > Because nobody has a 32bit computer nowadays??? Similarly, you got any > empirical evidence to back up the "... safer" part of your speculation? > > > In this same vein, let's deprecate and remove things like telnet and ftp. > > > How does the saying go, "if you think that encryption is the solution to > your problem then you don't understand neither encryption nor your > problem"? I would hazard a guess that over 95% of encrypted traffic needn't > be encrypted at all, but no commercial interest developed "integrity over > http" so we all have to suffer "encryption under http" instead. > > > -- > > Igor M. From owner-freebsd-security@freebsd.org Wed Jul 24 19:06:03 2019 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 32DF1B5610 for ; Wed, 24 Jul 2019 19:06:03 +0000 (UTC) (envelope-from aaron@heyaaron.com) Received: from mail-vs1-xe2a.google.com (mail-vs1-xe2a.google.com [IPv6:2607:f8b0:4864:20::e2a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 428E76E1A0 for ; Wed, 24 Jul 2019 19:06:02 +0000 (UTC) (envelope-from aaron@heyaaron.com) Received: by mail-vs1-xe2a.google.com with SMTP id v129so32065973vsb.11 for ; Wed, 24 Jul 2019 12:06:02 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=QgQQJFTZwfQh+qSJNrY6bzwTxscF8HNnbf66PI9Hy+U=; b=U8hemHeCquKhpT3Gu8hifsvxp8JDDIvhZyj5r69M8Vz1Ob5tDXTD6rEfQUXpjN0Jpu K1a9sg8GeD+KN4HmhZkj/yesrY5eOBRfP/MsSON55IX0D0Db5LPfOm5CcChgLBfw5agJ +DH/gFyiwQ11Pjaj/bd2cn8Mtpxip2ZzSImoZPP18jUYd/l831IhvGbOFkw/Ywfaep/7 0SYAFaZOG4m+8zKnJf4zXD0wER7DOwXbV3BXhJ8gzFKSeDhRCHlYgGyOmMaVEZ6cKXhB hGGClTng42Yyg4L24s3TNkD9uMWf344vr/sgMI7ABW+VNTjtOC4KibGtlUlzvVmNXyyc AboQ== X-Gm-Message-State: APjAAAVNdL+pS8Oe7gPNRoLLcTUKjlNfZi/VffNoDi3vNQcl498F3w8m /DOSZCkmXR0FbNoVisJiniC9liXqorievEulUOr+PlR+4zA= X-Google-Smtp-Source: APXvYqyEmVufqg72DWgGKXtIYH5Ya35i8HhkfF2ydJ5s3KG/oV6SIVsBMERVB1jT/pB+zjOIoZb0OhxK1sRji8Z3LQc= X-Received: by 2002:a67:f713:: with SMTP id m19mr10980446vso.183.1563995161177; Wed, 24 Jul 2019 12:06:01 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: "Aaron C. de Bruyn" Date: Wed, 24 Jul 2019 12:05:45 -0700 Message-ID: Subject: Re: Old Stuff To: Robert Simmons Cc: Luke Crooks , freebsd-security@freebsd.org X-Rspamd-Queue-Id: 428E76E1A0 X-Spamd-Bar: ------- X-Spamd-Result: default: False [-7.02 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[heyaaron.com:s=201609]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MX_GOOD(-0.01)[cached: alt1.aspmx.l.google.com]; DKIM_TRACE(0.00)[heyaaron.com:+]; RCVD_IN_DNSWL_NONE(0.00)[a.2.e.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; NEURAL_HAM_SHORT(-0.95)[-0.947,0]; DMARC_POLICY_ALLOW(-0.50)[heyaaron.com,reject]; IP_SCORE(-3.06)[ip: (-9.74), ipnet: 2607:f8b0::/32(-3.09), asn: 15169(-2.43), country: US(-0.05)]; FREEMAIL_TO(0.00)[gmail.com]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_COUNT_TWO(0.00)[2] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Jul 2019 19:06:03 -0000 Ubuntu made the decision, then rolled it back (partially) due to community outcry. (https://itsfoss.com/ubuntu-19-10-drops-32-bit-support/) If your reason for wanting to drop support is "Ubuntu is doing it", my response would be "cool story bro". Can you state what you are trying to accomplish by dropping support so the merits can be debated? -A On Wed, Jul 24, 2019 at 11:47 AM Robert Simmons wrote: > I am and am not. Ubuntu has made this choice recently. I doubt I am alone > in my thinking. I fully expected instant pushback on both suggestions. > > On Wed, Jul 24, 2019, 13:29 Luke Crooks wrote: > > > Clearly you underestimate the technical debt for both hardware and > > software technologies, still very much in use today. > > > > > > > > Luke Crooks > > Solent Wholesale Carpets > > > > On Wed, 24 Jul 2019, 17:58 Robert Simmons, wrote: > > > >> I wonder if FreeBSD should drop support for 32bit? Clean out and remove > >> all > >> of it. It should make the code base easier to maintain, cleaner, and > >> safer. > >> > >> In this same vein, let's deprecate and remove things like telnet and > ftp. > >> _______________________________________________ > >> freebsd-security@freebsd.org mailing list > >> https://lists.freebsd.org/mailman/listinfo/freebsd-security > >> To unsubscribe, send any mail to " > >> freebsd-security-unsubscribe@freebsd.org" > >> > > > _______________________________________________ > freebsd-security@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org > " > From owner-freebsd-security@freebsd.org Wed Jul 24 19:09:26 2019 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 0B11DB5911 for ; Wed, 24 Jul 2019 19:09:26 +0000 (UTC) (envelope-from rsimmons0@gmail.com) Received: from mail-lf1-x135.google.com (mail-lf1-x135.google.com [IPv6:2a00:1450:4864:20::135]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id C07D26E56B for ; Wed, 24 Jul 2019 19:09:24 +0000 (UTC) (envelope-from rsimmons0@gmail.com) Received: by mail-lf1-x135.google.com with SMTP id b17so32730934lff.7 for ; Wed, 24 Jul 2019 12:09:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=1+r4S9xHc20n25JTR4V1naIOQVNS4GUa+WJ/iFANbbo=; b=DOfq6ISeu/xLM2Duoqi5uxgPlVGg3KbAbzUQAnHaw4b0RtZtWZWACG87yf5DTWd0eQ qscyu+1fQEh9BcM/2oNFBHfpkSGSUp0SMGxotZ4bx1N2+dGov6enE+TRxtsOWSzfNbMV NXPSVwqWypKeAWHiTkrxgsvuWOj8QFyQSYZHI9d13cDmbFLTdmKKeZl6gR3hJtneofyr KAhE+HkvryIoZyE9a/WIa5bYkpe033rBjg32iGgNaAWU7V/h6qH1RpLOUz429nhdlgGS v+vb/khaRL2e3/RNaibuGCNAhFoT6BE5omjtOUGiKAbKsc7EPqrQUGidijJ0i5B/pyEp WdLw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=1+r4S9xHc20n25JTR4V1naIOQVNS4GUa+WJ/iFANbbo=; b=qWHQCd0QBnPT2LsbNo/RzyRWxdIkkfmrglRh+7fsJNjpCYG/u8uXburzY3rAwokN3S RnJK2BzbqR8PQhlswgJZ0Y4OHZ3o+iZXD4JODGXac/D79lMv8sOUe7Q6tB4DlaEy1yBh btLxAtH1CepmiFLW+U5A9InqILEgfevlvCFkAxlzSvjxeJDIJqXW1faRfixp77/wtl4J wiSrnON/F+Sp2kHoa0zFUOEbiaUeYR4z5NE27eJLSkwWxYFNkwOgt8sRMOdvqXks8+ZV GNZKwOMDfzBTM6hBtpvXK3gAnDZhElTmzQNUhDCorVCWUbMKyQ1lBnSRlfzNIx1XovS4 u6bA== X-Gm-Message-State: APjAAAU4TfxMpIJU5SUV+HPRhrqBlaZoz0ZeeaKtGtiHREdwEhaVDf0/ lo3gPlgQMLS1FRhtJRL4KXAssT9ila0Kpj8NKcX9xyN4 X-Google-Smtp-Source: APXvYqy+qiOzKBRPiGfWiAYqpGTgOguCFF+SSoT+nbB/+9c/Nvx8Vni/vCZbpiyPZABayUBMJd6q3wyVxPjiT/hcyXw= X-Received: by 2002:ac2:5a01:: with SMTP id q1mr25797572lfn.46.1563995363158; Wed, 24 Jul 2019 12:09:23 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Robert Simmons Date: Wed, 24 Jul 2019 15:09:12 -0400 Message-ID: Subject: Re: Old Stuff To: "Aaron C. de Bruyn" Cc: Luke Crooks , freebsd-security@freebsd.org X-Rspamd-Queue-Id: C07D26E56B X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=DOfq6ISe; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of rsimmons0@gmail.com designates 2a00:1450:4864:20::135 as permitted sender) smtp.mailfrom=rsimmons0@gmail.com X-Spamd-Result: default: False [-6.95 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36]; FREEMAIL_FROM(0.00)[gmail.com]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; RCVD_IN_DNSWL_NONE(0.00)[5.3.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.5.4.1.0.0.a.2.list.dnswl.org : 127.0.5.0]; RCVD_TLS_LAST(0.00)[]; NEURAL_HAM_SHORT(-0.95)[-0.947,0]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; RCVD_COUNT_TWO(0.00)[2]; IP_SCORE(-2.99)[ip: (-9.49), ipnet: 2a00:1450::/32(-2.99), asn: 15169(-2.43), country: US(-0.05)]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Jul 2019 19:09:26 -0000 Yes, to reduce the code base complexity so that resources can be focused on a smaller code base. On Wed, Jul 24, 2019 at 3:06 PM Aaron C. de Bruyn wrote: > Ubuntu made the decision, then rolled it back (partially) due to community > outcry. (https://itsfoss.com/ubuntu-19-10-drops-32-bit-support/) > If your reason for wanting to drop support is "Ubuntu is doing it", my > response would be "cool story bro". > Can you state what you are trying to accomplish by dropping support so the > merits can be debated? > > -A > > On Wed, Jul 24, 2019 at 11:47 AM Robert Simmons > wrote: > >> I am and am not. Ubuntu has made this choice recently. I doubt I am alone >> in my thinking. I fully expected instant pushback on both suggestions. >> >> On Wed, Jul 24, 2019, 13:29 Luke Crooks wrote: >> >> > Clearly you underestimate the technical debt for both hardware and >> > software technologies, still very much in use today. >> > >> > >> > >> > Luke Crooks >> > Solent Wholesale Carpets >> > >> > On Wed, 24 Jul 2019, 17:58 Robert Simmons, wrote: >> > >> >> I wonder if FreeBSD should drop support for 32bit? Clean out and remove >> >> all >> >> of it. It should make the code base easier to maintain, cleaner, and >> >> safer. >> >> >> >> In this same vein, let's deprecate and remove things like telnet and >> ftp. >> >> _______________________________________________ >> >> freebsd-security@freebsd.org mailing list >> >> https://lists.freebsd.org/mailman/listinfo/freebsd-security >> >> To unsubscribe, send any mail to " >> >> freebsd-security-unsubscribe@freebsd.org" >> >> >> > >> _______________________________________________ >> freebsd-security@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-security >> To unsubscribe, send any mail to " >> freebsd-security-unsubscribe@freebsd.org" >> > From owner-freebsd-security@freebsd.org Wed Jul 24 19:29:26 2019 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 862F3B6175 for ; Wed, 24 Jul 2019 19:29:26 +0000 (UTC) (envelope-from stephen.wall@redcom.com) Received: from smtp1.redcom.com (smtp1.redcom.com [192.86.3.143]) by mx1.freebsd.org (Postfix) with ESMTP id 02E866F7AA for ; Wed, 24 Jul 2019 19:29:25 +0000 (UTC) (envelope-from stephen.wall@redcom.com) Received: from localhost (localhost [127.0.0.1]) by smtp1.redcom.com (Postfix) with ESMTP id D204EA317 for ; Wed, 24 Jul 2019 15:29:19 -0400 (EDT) X-Virus-Scanned: amavisd-new at redcom.com Received: from smtp1.redcom.com ([127.0.0.1]) by localhost (smtp1.redcom.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AuQxy4x1pL33 for ; Wed, 24 Jul 2019 15:29:17 -0400 (EDT) Received: from pie.redcom.com (pie [192.168.33.15]) by smtp1.redcom.com (Postfix) with ESMTP id 4A112A2D1 for ; Wed, 24 Jul 2019 15:29:17 -0400 (EDT) Received: from exch-02.redcom.com (exch-03.redcom.com [192.168.32.32]) by pie.redcom.com (8.11.7p1+Sun/8.10.2) with ESMTP id x6OJTHf03346 for ; Wed, 24 Jul 2019 15:29:17 -0400 (EDT) Received: from exch-02.redcom.com (fd00::ccaa:c259:22f8:6f4b) by exch-03.redcom.com (fd00::8549:68c0:3d5f:ee62) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.330.5; Wed, 24 Jul 2019 15:29:16 -0400 Received: from exch-02.redcom.com ([fe80::ccaa:c259:22f8:6f4b]) by exch-02.redcom.com ([fe80::ccaa:c259:22f8:6f4b%12]) with mapi id 15.00.1473.003; Wed, 24 Jul 2019 15:29:16 -0400 From: "Wall, Stephen" To: "freebsd-security@freebsd.org" Subject: RE: Old Stuff Thread-Topic: Old Stuff Thread-Index: AQHVQkELTef/j3zLO0aBV4HMvyHzv6baR5CA///Ys2A= Date: Wed, 24 Jul 2019 19:29:16 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [192.168.84.20] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Rspamd-Queue-Id: 02E866F7AA X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; spf=pass (mx1.freebsd.org: domain of stephen.wall@redcom.com designates 192.86.3.143 as permitted sender) smtp.mailfrom=stephen.wall@redcom.com X-Spamd-Result: default: False [-2.53 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.96)[-0.956,0]; HAS_XOIP(0.00)[]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:192.86.3.143/32]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; DMARC_NA(0.00)[redcom.com]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-0.99)[-0.994,0]; IP_SCORE(-0.01)[country: US(-0.05)]; MX_GOOD(-0.01)[smtp1.redcom.com]; NEURAL_HAM_SHORT(-0.36)[-0.361,0]; RCVD_IN_DNSWL_NONE(0.00)[143.3.86.192.list.dnswl.org : 127.0.10.0]; TO_DN_EQ_ADDR_ALL(0.00)[]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:46679, ipnet:192.86.3.0/24, country:US]; RCVD_COUNT_SEVEN(0.00)[7] X-Mailman-Approved-At: Wed, 24 Jul 2019 20:04:30 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Jul 2019 19:29:26 -0000 > From: owner-freebsd-security@freebsd.org [mailto:owner-freebsd- > security@freebsd.org] On Behalf Of Aaron C. de Bruyn via freebsd- > security > Subject: Re: Old Stuff >=20 >On Wed, Jul 24, 2019 at 9:58 AM Robert Simmons wrote= : > >> I wonder if FreeBSD should drop support for 32bit? Clean out and remove = all >> of it. It should make the code base easier to maintain, cleaner, and saf= er. >> >> In this same vein, let's deprecate and remove things like telnet and ftp= . > > Why remove telnet and FTP? Why not? It's not difficult to install ftp as needed from the ports tree = - there are a number of clients and servers available there, including a ne= wer version of tnftp, which is what appears in freebsd base. I can't imagi= ne it would be very difficult to migrate the base telnet to ports, either. = It'd be a bit less cruft in the base system that has to be maintained. Th= at applies to tftp as well. Unless the base system is actually using any of them. I don't know that. > From: owner-freebsd-security@freebsd.org [mailto:owner-freebsd- > security@freebsd.org] On Behalf Of Igor Mozolevsky > Subject: Re: Old Stuff >=20 > On Wednesday, 24 July 2019, Robert Simmons wrote: > > I wonder if FreeBSD should drop support for 32bit? Clean out and remove= all > > of it. It should make the code base easier to maintain, cleaner, and sa= fer. >=20 > Because nobody has a 32bit computer nowadays??? Similarly, you got any > empirical evidence to back up the "... safer" part of your speculation? I have to agree with Igor here - there are still 32-bit SOCs out there inte= nded for embedded use. It's likely there are commercial users of FreeBSD de= veloping for those platforms. -spw From owner-freebsd-security@freebsd.org Wed Jul 24 20:17:18 2019 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B9E07B747E for ; Wed, 24 Jul 2019 20:17:18 +0000 (UTC) (envelope-from aaron@heyaaron.com) Received: from mail-vs1-xe36.google.com (mail-vs1-xe36.google.com [IPv6:2607:f8b0:4864:20::e36]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id C102671EBD for ; Wed, 24 Jul 2019 20:17:17 +0000 (UTC) (envelope-from aaron@heyaaron.com) Received: by mail-vs1-xe36.google.com with SMTP id j26so32223089vsn.10 for ; Wed, 24 Jul 2019 13:17:17 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=1VlyWO1lpEsJ/7K53qpFhM767E64O0fDyUuKyMN29hY=; b=Nmn5RSMp2ZetIVQH/CAZ4TvUYagY3ZAR19597zZ5YrTrfzM3BYV+mEOH285SzGY/PD L8L6i/9Wgk/uyiOmXtP90AmtVjfQXIIwAaYaaJLq6bssCHmAHFkMKJt1xYRFLzn3Fk/Q EISfN/k9d9pu5KK0QIMH0v6rn+LmF5V7ySiBuJ7C6NJp14qVkZwPBkaAUkYU5uctzDnK E+3tN3+7p3gQrZhfAyRc+UjWlzSyVU2ZpYDxgB5rmIVBozPJOTbNPp19kl/IdwuAGJW7 2xXYIm51uNthj8dyUo6EcdWJLvONwcAPrBVIMUC++lZHVBOQ85ml0Y6sefXCzrj7WmRW Lu1A== X-Gm-Message-State: APjAAAUqfCGzz/o8BpwKw4hWDUzYzFsEwfewQq0g6y0MWmDOU+hOKMeF g+PRR0gbXUIno7jNI2wMS5jKIafcl2I4gzlbfTeqFg== X-Google-Smtp-Source: APXvYqxogIgff5Nk2LkaudKrFVyFBbyy7XCAq75whn/ctWUzFCpKKr/X1alsG1gWyJCEtJoIyp3wG1LUs+crLGx2evQ= X-Received: by 2002:a67:c994:: with SMTP id y20mr53712510vsk.231.1563999436793; Wed, 24 Jul 2019 13:17:16 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: "Aaron C. de Bruyn" Date: Wed, 24 Jul 2019 13:17:00 -0700 Message-ID: Subject: Re: Old Stuff To: Robert Simmons Cc: Luke Crooks , freebsd-security@freebsd.org X-Rspamd-Queue-Id: C102671EBD X-Spamd-Bar: ------- X-Spamd-Result: default: False [-7.01 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[heyaaron.com:s=201609]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MX_GOOD(-0.01)[cached: alt1.aspmx.l.google.com]; DKIM_TRACE(0.00)[heyaaron.com:+]; RCVD_IN_DNSWL_NONE(0.00)[6.3.e.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; NEURAL_HAM_SHORT(-0.94)[-0.944,0]; DMARC_POLICY_ALLOW(-0.50)[heyaaron.com,reject]; IP_SCORE(-3.06)[ip: (-9.71), ipnet: 2607:f8b0::/32(-3.09), asn: 15169(-2.43), country: US(-0.05)]; FREEMAIL_TO(0.00)[gmail.com]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_COUNT_TWO(0.00)[2] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Jul 2019 20:17:18 -0000 On Wed, Jul 24, 2019 at 12:09 PM Robert Simmons wrote: > Yes, to reduce the code base complexity so that resources can be focused > on a smaller code base. > That seems like several completely different arguments. Codebase complexity, available resources, and "a smaller code base". So why does removing telnet and FTP solve or partially solve codebase complexity whereas removing sh or curl not solve the problem? As for available resources, is that currently a problem? Is there no telnet or FTP maintainer? Are they complaining they're overworked with a flood of changes to the telnet protocol (have there been any changes in the last 2 decades)? Why is "a smaller code base" a goal? Shouldn't it be more along the lines of "the smallest most efficient code base necessary to support feature x, use-case y, or project z"? I'm being a bit snarky with this, but you could solve all the problems you listed by distributing an OS that simply had an 'ls' command and that's it. No login. No vi. No video support. No nothing. It just boots to a prompt and allows you to type 'ls'. Much smaller codebase, less complexity, tons of resources for a very small project. Maybe I misunderstood based on Stephen's earlier reply though. If the case is simply removing it from the base to ports, I would have less of an issue. It means a bit more work on my end, but at least the functionality is available. I would think it would have a minor impact on users coming over from Windows, Linux, or other BSDs with the former two being less inclined to dive in and compile from source or even know/understand ports initially. -A From owner-freebsd-security@freebsd.org Wed Jul 24 20:18:08 2019 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E4FBAB75D8 for ; Wed, 24 Jul 2019 20:18:08 +0000 (UTC) (envelope-from niels@kobschaetzki.net) Received: from wout4-smtp.messagingengine.com (wout4-smtp.messagingengine.com [64.147.123.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 484DC72166 for ; Wed, 24 Jul 2019 20:18:07 +0000 (UTC) (envelope-from niels@kobschaetzki.net) Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.west.internal (Postfix) with ESMTP id 6A685406; Wed, 24 Jul 2019 16:18:05 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute7.internal (MEProxy); Wed, 24 Jul 2019 16:18:05 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= kobschaetzki.net; h=references:from:to:cc:subject:in-reply-to :date:message-id:mime-version:content-type :content-transfer-encoding; s=fm3; bh=rwrsJZ3HSI6ac1tpFD54Jqlc1f 4s5TX5ytlFwbVa7nI=; b=VhFvLKqyY2cVokeh3lVBJdEDVppTLEw5W3D7rM8WJ3 AgU8RGAfXXWbzycO04w+YVW0niarp7PuBM+UtCnyQpsf0BnqC4zrR1q58vc0lulX 8PWknWuFYiufXQkc7JIdOslp2NOrKyRLF6ny+Dc4DADxhwRCC+kvhaaKKMOyVuQC ZHlaQ/4wHmO6L2QjOZTVCYEJ1IeC4tMNkhaEXg6d5ZzUz5lhYvG8zQrbBPRNiWUa sq2F+dKFL+5NI/XoSEqfuLzIkjYGSrUPv2kKX9kg7Z9LpYo5mDJNPlrMraEtr4+1 bvAHGN+2qqLjGkW54s5WtmwcrYS8fA4govsPbCw1DuoQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; bh=rwrsJZ3HSI6ac1tpFD54Jqlc1f4s5TX5ytlFwbVa7 nI=; b=VQuaUYvbNtnzh0bEufeJKu2nvJRoo04nkzIKMfC0Rm3w+WKfOWJdMfdP/ 8OOH3QDRRuhfnMc6E0jg+PCUKCfP+OGXhI++izzhlI+HYYV1KmrG0JA7JxvZkvjl CNLNgXfpTYF1LALrKBfBk9WZr7D3c6L/LeUBGHVj7tyvFF0DTLuQ6xTntJLHI03P Rf+h5gIPEWwBegdbA0Ikrs0mmwFjrCPTBscGhwaqTnFvonemsBAH5NSfi0eeOvhq sPoH+XBT9DEr0ROMeFDYmw7/9wbYqP8D1adEpyka/sXe6TZCfv5bCNoRlc/F8VYd X80d5vSDgtPT7A4vZJRob+cQ+wOFg== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduvddrkedtgddugeefucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepfhgfhffvufgjfffkgggtgfesthhqredttderjeenucfhrhhomheppfhivghl shcumfhosghstghhmohtiihkihcuoehnihgvlhhssehkohgsshgthhgrvghtiihkihdrnh gvtheqnecuffhomhgrihhnpehfrhgvvggsshgurdhorhhgpdhithhsfhhoshhsrdgtohhm necukfhppeeluddrieehrddukeelrddvvdeknecurfgrrhgrmhepmhgrihhlfhhrohhmpe hnihgvlhhssehkohgsshgthhgrvghtiihkihdrnhgvthenucevlhhushhtvghrufhiiigv pedt X-ME-Proxy: Received: from netcat (ip5b41bde4.dynamic.kabel-deutschland.de [91.65.189.228]) by mail.messagingengine.com (Postfix) with ESMTPA id 71F80380079; Wed, 24 Jul 2019 16:18:03 -0400 (EDT) References: User-agent: mu4e 1.2.0; emacs 26.2 From: =?utf-8?Q?Niels=20Kobsch=C3=A4tzki?= To: "Aaron C. de Bruyn" Cc: Robert Simmons , freebsd-security@freebsd.org, Luke Crooks Subject: Re: Old Stuff In-reply-to: Date: Wed, 24 Jul 2019 22:17:45 +0200 Message-ID: <878ssnnq52.fsf@kobschaetzki.net> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 484DC72166 X-Spamd-Bar: ------- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=kobschaetzki.net header.s=fm3 header.b=VhFvLKqy; dkim=pass header.d=messagingengine.com header.s=fm3 header.b=VQuaUYvb; spf=pass (mx1.freebsd.org: domain of niels@kobschaetzki.net designates 64.147.123.20 as permitted sender) smtp.mailfrom=niels@kobschaetzki.net X-Spamd-Result: default: False [-7.00 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[kobschaetzki.net:s=fm3,messagingengine.com:s=fm3]; RECEIVED_SPAMHAUS_PBL(0.00)[228.189.65.91.zen.spamhaus.org : 127.0.0.11]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; R_SPF_ALLOW(-0.20)[+ip4:64.147.123.20]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[kobschaetzki.net]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; TO_DN_SOME(0.00)[]; RCVD_COUNT_THREE(0.00)[4]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[kobschaetzki.net:+,messagingengine.com:+]; MX_GOOD(-0.01)[in2-smtp.messagingengine.com,in1-smtp.messagingengine.com,in2-smtp.messagingengine.com,in1-smtp.messagingengine.com]; NEURAL_HAM_SHORT(-0.98)[-0.982,0]; IP_SCORE(-3.41)[ip: (-9.29), ipnet: 64.147.123.0/24(-4.88), asn: 11403(-2.84), country: US(-0.05)]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:11403, ipnet:64.147.123.0/24, country:US]; FREEMAIL_CC(0.00)[gmail.com]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_IN_DNSWL_LOW(-0.10)[20.123.147.64.list.dnswl.org : 127.0.5.1] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Jul 2019 20:18:09 -0000 I have the feeling that the FreeBSD-userbase and the Ubuntu-userbase differs. And the rollback is probably mostly because Steam threatened to drop support for Ubuntu. Does FreeBSD have a native Steam-client? Loosing wine-support might hurt but my guess is that it still wouldn't be that bad. I'd prefer to have an additional 32-bit operating system out there for that old hardware. But this role might be fulfilled by NetBSD as well. Dropping old stuff like telnet and ftp from base is imho good as long as they move then to ports. I wouldn't like to loose telnet because I am still not that comfortable in using netcat as a telnet-replacement when I need to do debugging with some mail server for example that doesn't support yet transport encryption. Niels Aaron C. de Bruyn via freebsd-security write= s: > Ubuntu made the decision, then rolled it back (partially) due to community > outcry. (https://itsfoss.com/ubuntu-19-10-drops-32-bit-support/) > If your reason for wanting to drop support is "Ubuntu is doing it", my > response would be "cool story bro". > Can you state what you are trying to accomplish by dropping support so the > merits can be debated? > > -A > > On Wed, Jul 24, 2019 at 11:47 AM Robert Simmons wro= te: > >> I am and am not. Ubuntu has made this choice recently. I doubt I am alone >> in my thinking. I fully expected instant pushback on both suggestions. >> >> On Wed, Jul 24, 2019, 13:29 Luke Crooks wrote: >> >> > Clearly you underestimate the technical debt for both hardware and >> > software technologies, still very much in use today. >> > >> > >> > >> > Luke Crooks >> > Solent Wholesale Carpets >> > >> > On Wed, 24 Jul 2019, 17:58 Robert Simmons, wrote: >> > >> >> I wonder if FreeBSD should drop support for 32bit? Clean out and remo= ve >> >> all >> >> of it. It should make the code base easier to maintain, cleaner, and >> >> safer. >> >> >> >> In this same vein, let's deprecate and remove things like telnet and >> ftp. >> >> _______________________________________________ >> >> freebsd-security@freebsd.org mailing list >> >> https://lists.freebsd.org/mailman/listinfo/freebsd-security >> >> To unsubscribe, send any mail to " >> >> freebsd-security-unsubscribe@freebsd.org" >> >> >> > >> _______________________________________________ >> freebsd-security@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-security >> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.o= rg >> " >> > _______________________________________________ > freebsd-security@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.or= g" --=20 Sch=C3=B6ne Gr=C3=BC=C3=9Fe Niels From owner-freebsd-security@freebsd.org Wed Jul 24 20:22:19 2019 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id AC463B798F for ; Wed, 24 Jul 2019 20:22:19 +0000 (UTC) (envelope-from rsimmons0@gmail.com) Received: from mail-lf1-x12a.google.com (mail-lf1-x12a.google.com [IPv6:2a00:1450:4864:20::12a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id CA38A726A8 for ; Wed, 24 Jul 2019 20:22:18 +0000 (UTC) (envelope-from rsimmons0@gmail.com) Received: by mail-lf1-x12a.google.com with SMTP id b17so32861882lff.7 for ; Wed, 24 Jul 2019 13:22:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=zBdJI/uPx/PVe+6s74AL27rQbB3kwzXADYglrKFd0VE=; b=rh8ALMNSqotS+C/+d0udywn0wm8siV4YnDvhpl6JBCAZq7lHAKIRwGpPPv+4dlmrHY YwS/NytbrUrNbtiKcK3LnER1lfvar6XoyaQTmgs99A8S7zDh6d/nxnp6q5p1fYdCBjam aNInnRfvmzx9TvACWTedT7qZnqk1W0zhlcwAdwykRdYSSRBB4UwaAXj/7GX659fSWLR2 86gdALppduTJYM7Z4W8DmYIDChmVDmi0/nSs+FK15U7grAIb6eMZDRKFUYUtKUpghh6Z ycVSRHCm4TIjQ8XfA0Ls37Y2pXInxlR1n0BH6C7G+32HIShyiNzC20RPqMLZJc2KAwf3 o/ZQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=zBdJI/uPx/PVe+6s74AL27rQbB3kwzXADYglrKFd0VE=; b=k4ZR+vPGOPEMC3wHyL6NptNLPgZBqf02nM/y13SOpS73lmoqLjKCi0w/lqHmE7N6yk IrMngWfDHq/zbhX5Eqw5AQn9bGCHtVdmNCV6W16xgvI5+PAYpYlGKlfloxBlOYk77FwI qzCNBEBpKDuK69sUMDaPyeXm2CxjcBfLMlnxSfrQoSwRrce6A59plEciAbR7rjfwzr53 UY/77BPbrLohUBNboSyU4JndTtZB8A1PbY2eTpbPDlCq6eS7Hhtd42mk8J3Era4S0Rcf kfydfLlcVGh2TtcZ/nhoRoyQw6EMB0ScdxU7oWsCAN0uGKMET6wuFc44rIbQT1Kd1nY8 GO5A== X-Gm-Message-State: APjAAAW4FGzG2o/ODpAT8l6XErj0Kpt1EJi6MSRGB9MLXmGNePrwcBBA tbJD37BNll22cyPd4GRhC3C4EqDQNQ2TiXZjNOE+M0VO X-Google-Smtp-Source: APXvYqwlV676W2uneRpGicM329tkp4+D8QqPQbAN7cuDtzpUrpcrJ3HA5geRRBnniWOepBeXOCUqvQlT3YbjsTOqmEQ= X-Received: by 2002:a19:7509:: with SMTP id y9mr39220903lfe.117.1563999737187; Wed, 24 Jul 2019 13:22:17 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Robert Simmons Date: Wed, 24 Jul 2019 16:22:06 -0400 Message-ID: Subject: Re: Old Stuff To: "Aaron C. de Bruyn" Cc: Luke Crooks , freebsd-security@freebsd.org X-Rspamd-Queue-Id: CA38A726A8 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=rh8ALMNS; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of rsimmons0@gmail.com designates 2a00:1450:4864:20::12a as permitted sender) smtp.mailfrom=rsimmons0@gmail.com X-Spamd-Result: default: False [-6.84 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36]; FREEMAIL_FROM(0.00)[gmail.com]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; RCVD_IN_DNSWL_NONE(0.00)[a.2.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.5.4.1.0.0.a.2.list.dnswl.org : 127.0.5.0]; RCVD_TLS_LAST(0.00)[]; NEURAL_HAM_SHORT(-0.86)[-0.861,0]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; RCVD_COUNT_TWO(0.00)[2]; IP_SCORE(-2.97)[ip: (-9.36), ipnet: 2a00:1450::/32(-2.99), asn: 15169(-2.43), country: US(-0.05)]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Jul 2019 20:22:19 -0000 You're correct. I did make two separate suggestion in the same email. My suggestion about ftp and telnet is not based on code base complexity. I'm only using that argument for dropping 32bit. On Wed, Jul 24, 2019 at 4:17 PM Aaron C. de Bruyn wrote: > On Wed, Jul 24, 2019 at 12:09 PM Robert Simmons > wrote: > >> Yes, to reduce the code base complexity so that resources can be focused >> on a smaller code base. >> > > That seems like several completely different arguments. Codebase > complexity, available resources, and "a smaller code base". > > So why does removing telnet and FTP solve or partially solve codebase > complexity whereas removing sh or curl not solve the problem? > > As for available resources, is that currently a problem? Is there no > telnet or FTP maintainer? Are they complaining they're overworked with a > flood of changes to the telnet protocol (have there been any changes in the > last 2 decades)? > > Why is "a smaller code base" a goal? Shouldn't it be more along the lines > of "the smallest most efficient code base necessary to support feature x, > use-case y, or project z"? > > I'm being a bit snarky with this, but you could solve all the problems you > listed by distributing an OS that simply had an 'ls' command and that's > it. No login. No vi. No video support. No nothing. It just boots to a > prompt and allows you to type 'ls'. Much smaller codebase, less > complexity, tons of resources for a very small project. > > Maybe I misunderstood based on Stephen's earlier reply though. If the > case is simply removing it from the base to ports, I would have less of an > issue. It means a bit more work on my end, but at least the functionality > is available. I would think it would have a minor impact on users coming > over from Windows, Linux, or other BSDs with the former two being less > inclined to dive in and compile from source or even know/understand ports > initially. > > -A > > From owner-freebsd-security@freebsd.org Wed Jul 24 20:33:04 2019 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 8F674B7FAF for ; Wed, 24 Jul 2019 20:33:04 +0000 (UTC) (envelope-from freebsd-security-local@be-well.ilk.org) Received: from be-well.ilk.org (be-well.ilk.org [23.30.133.173]) by mx1.freebsd.org (Postfix) with ESMTP id 58383730DB for ; Wed, 24 Jul 2019 20:33:04 +0000 (UTC) (envelope-from freebsd-security-local@be-well.ilk.org) Received: by be-well.ilk.org (Postfix, from userid 1147) id 2AE4633C28; Wed, 24 Jul 2019 16:32:56 -0400 (EDT) From: Lowell Gilbert To: "Wall\, Stephen" Cc: "freebsd-security\@freebsd.org" Subject: Re: Old Stuff References: Date: Wed, 24 Jul 2019 16:32:55 -0400 In-Reply-To: (Stephen Wall's message of "Wed, 24 Jul 2019 19:29:16 +0000") Message-ID: <444l3bxjew.fsf@be-well.ilk.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain X-Rspamd-Queue-Id: 58383730DB X-Spamd-Bar: ++ Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [2.84 / 15.00]; ARC_NA(0.00)[]; FROM_HAS_DN(0.00)[]; NEURAL_SPAM_SHORT(0.71)[0.712,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[ilk.org]; AUTH_NA(1.00)[]; NEURAL_SPAM_MEDIUM(0.90)[0.903,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; MX_GOOD(-0.01)[cached: be-well.ilk.org]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_SPAM_LONG(0.16)[0.163,0]; R_SPF_NA(0.00)[]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:7922, ipnet:23.30.0.0/15, country:US]; MID_RHS_MATCH_FROM(0.00)[]; IP_SCORE(0.08)[ip: (0.15), ipnet: 23.30.0.0/15(0.10), asn: 7922(0.17), country: US(-0.05)]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Jul 2019 20:33:04 -0000 "Wall, Stephen" writes: >> From: owner-freebsd-security@freebsd.org [mailto:owner-freebsd- >> security@freebsd.org] On Behalf Of Aaron C. de Bruyn via freebsd- >> security >> Subject: Re: Old Stuff >> >>On Wed, Jul 24, 2019 at 9:58 AM Robert Simmons wrote: >> >>> I wonder if FreeBSD should drop support for 32bit? Clean out and remove all >>> of it. It should make the code base easier to maintain, cleaner, and safer. >>> >>> In this same vein, let's deprecate and remove things like telnet and ftp. >> >> Why remove telnet and FTP? > > Why not? It's not difficult to install ftp as needed from the ports > tree - there are a number of clients and servers available there, > including a newer version of tnftp, which is what appears in freebsd > base. I can't imagine it would be very difficult to migrate the base > telnet to ports, either. It'd be a bit less cruft in the base system > that has to be maintained. That applies to tftp as well. > > Unless the base system is actually using any of them. I don't know that. If I recall correctly, the base has knobs for not building them, so it must work okay without them. I think there would be some complaints if they were moved to ports, but not many. >> From: owner-freebsd-security@freebsd.org [mailto:owner-freebsd- >> security@freebsd.org] On Behalf Of Igor Mozolevsky >> Subject: Re: Old Stuff >> >> On Wednesday, 24 July 2019, Robert Simmons wrote: >> > I wonder if FreeBSD should drop support for 32bit? Clean out and remove all >> > of it. It should make the code base easier to maintain, cleaner, and safer. >> >> Because nobody has a 32bit computer nowadays??? Similarly, you got any >> empirical evidence to back up the "... safer" part of your speculation? > > I have to agree with Igor here - there are still 32-bit SOCs out there > intended for embedded use. It's likely there are commercial users of > FreeBSD developing for those platforms. Quite a few, in fact. Ditching 32-bit is not a practical idea. From owner-freebsd-security@freebsd.org Wed Jul 24 21:04:55 2019 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B18A3B8BB8 for ; Wed, 24 Jul 2019 21:04:55 +0000 (UTC) (envelope-from rfg@tristatelogic.com) Received: from outgoing.tristatelogic.com (segfault.tristatelogic.com [69.62.255.118]) by mx1.freebsd.org (Postfix) with ESMTP id CE69D748C0 for ; Wed, 24 Jul 2019 21:04:54 +0000 (UTC) (envelope-from rfg@tristatelogic.com) Received: by segfault.tristatelogic.com (Postfix, from userid 1237) id E787A4E69A; Wed, 24 Jul 2019 14:04:46 -0700 (PDT) From: "Ronald F. Guilmette" To: freebsd-security@freebsd.org Subject: Re: Old Stuff In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <80935.1564002286.1@segfault.tristatelogic.com> Content-Transfer-Encoding: quoted-printable Date: Wed, 24 Jul 2019 14:04:46 -0700 Message-ID: <80936.1564002286@segfault.tristatelogic.com> X-Rspamd-Queue-Id: CE69D748C0 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; spf=pass (mx1.freebsd.org: domain of rfg@tristatelogic.com designates 69.62.255.118 as permitted sender) smtp.mailfrom=rfg@tristatelogic.com X-Spamd-Result: default: False [-6.04 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; DMARC_NA(0.00)[tristatelogic.com]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; IP_SCORE(-2.89)[ip: (-7.58), ipnet: 69.62.128.0/17(-3.79), asn: 14051(-3.01), country: US(-0.05)]; MX_GOOD(-0.01)[mx1.tristatelogic.com]; NEURAL_HAM_SHORT(-0.95)[-0.946,0]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:14051, ipnet:69.62.128.0/17, country:US]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Jul 2019 21:04:55 -0000 In message Robert Simmons wrote: >I am and am not. Ubuntu has made this choice recently. I doubt I am alone >in my thinking. I fully expected instant pushback on both suggestions. Ubuntu removed telnet and ftp?? Somebody alert the media. Regards, rfg From owner-freebsd-security@freebsd.org Wed Jul 24 21:46:50 2019 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 2759CB9DB7 for ; Wed, 24 Jul 2019 21:46:50 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from hz.grosbein.net (hz.grosbein.net [IPv6:2a01:4f8:c2c:26d8::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 6770376C1B for ; Wed, 24 Jul 2019 21:46:49 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from eg.sd.rdtc.ru (eg.sd.rdtc.ru [IPv6:2a03:3100:c:13:0:0:0:5]) by hz.grosbein.net (8.15.2/8.15.2) with ESMTPS id x6OLkjXN054740 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 24 Jul 2019 21:46:46 GMT (envelope-from eugen@grosbein.net) X-Envelope-From: eugen@grosbein.net X-Envelope-To: rsimmons0@gmail.com Received: from [10.58.0.4] ([10.58.0.4]) by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTPS id x6OLkgDE047267 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Thu, 25 Jul 2019 04:46:42 +0700 (+07) (envelope-from eugen@grosbein.net) Subject: Re: Old Stuff To: Robert Simmons , freebsd-security@freebsd.org References: From: Eugene Grosbein Message-ID: <338e8ede-9a14-0122-00c1-27c38687422f@grosbein.net> Date: Thu, 25 Jul 2019 04:46:37 +0700 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=0.3 required=5.0 tests=BAYES_00,LOCAL_FROM, SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-Report: * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * -0.0 SPF_PASS SPF: sender matches SPF record * 2.6 LOCAL_FROM From my domains X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on hz.grosbein.net X-Rspamd-Queue-Id: 6770376C1B X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; spf=permerror (mx1.freebsd.org: domain of eugen@grosbein.net uses mechanism not recognized by this client) smtp.mailfrom=eugen@grosbein.net X-Spamd-Result: default: False [-2.82 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; MX_INVALID(0.50)[cached]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[grosbein.net]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; R_SPF_PERMFAIL(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_HAM_SHORT(-0.47)[-0.468,0]; IP_SCORE(-0.75)[ipnet: 2a01:4f8::/29(-1.92), asn: 24940(-1.82), country: DE(-0.01)]; FREEMAIL_TO(0.00)[gmail.com]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:24940, ipnet:2a01:4f8::/29, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Jul 2019 21:46:50 -0000 24.07.2019 23:57, Robert Simmons wrote: > I wonder if FreeBSD should drop support for 32bit? Not yet. > Clean out and remove all of it. It should make the code base easier to maintain, cleaner, and safer. And it would impossible to run FreeBSD for 32 bit platforms such as MIPS32 or i386-based virtual machine guests that use noticeable less memory than amd64. FreeBSD has appliances other than desktops. > In this same vein, let's deprecate and remove things like telnet and ftp. They are still in use, for telco hardware etc. They are also perfectly safe while running over IPSEC or isolated vlans. From owner-freebsd-security@freebsd.org Wed Jul 24 21:54:22 2019 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 4C926BA0DC for ; Wed, 24 Jul 2019 21:54:22 +0000 (UTC) (envelope-from dan@langille.org) Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 98D277723C for ; Wed, 24 Jul 2019 21:54:20 +0000 (UTC) (envelope-from dan@langille.org) Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id DA7D820FBE; Wed, 24 Jul 2019 17:54:13 -0400 (EDT) Received: from imap36 ([10.202.2.86]) by compute4.internal (MEProxy); Wed, 24 Jul 2019 17:54:13 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=langille.org; h= mime-version:message-id:in-reply-to:references:date:from:to:cc :subject:content-type; s=fm1; bh=3K9sQw/mrG5XAmvxGEd5YgRte39xyLy AnpKmdbsqlWA=; b=rSr/8IHYGwE+twbiDksxRA2i/vevrBiGpPZfxBUGiL2UwLa VY9Kk2+J4x1VPXcr+M3EgPBgg6UXLY54qg30Bo/xRorlbZRmg9HrPrPBzLGrzCIs tm7dimqGSYIJzBzT2KfN/sdFCLgNwEMnF8t1WgqnqiM5/CHZb8BPWxjHDojssK6W Qr15awIK3+zfsiFEfWmNySvxLlaLYkH8iWDH4q8s3Pio7lL5qyR0xSF3KrHSiqeL YTKwm6Nnl7DoCC9w5fUNV+q+RHeEOHwovRmICe5iPx2NA5hoU6HKthsg0x55OJui wiLL/Fu1LJMaiQpE1HfFdLynMEHc8Oxxi+c8dSA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=3K9sQw /mrG5XAmvxGEd5YgRte39xyLyAnpKmdbsqlWA=; b=fHxNX/WI7oHVYoM4mJoswd kyv4UYSMec6PfHjfQaizATG3YcrnBSyT7HukpGf2y6hzUL7Y3HPhQvKmlIcRPnEI aFUAvW+gSffwdj4OudUrt8ggkpOE5lp00E4cvPgNTp1tjYSVXt3GxD6754A6/TRW dlMj6BmiuuDRoySLGVkJb6ou4fiGcYeMG9fa+hfXfpFlU/ChziO8XVt9NFHAB3Tr nsxIuoeJit0zJb2AZ0yxfoPom6YGgnbEp8miowIn45yNt0opcKCgYe+x1saJJCaC AaD4YzYvY8cHESATKXXt/QhgFT0FtaDQknQuZnfiKxluYwUhkcmevoPSwXaZXsiA == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduvddrkedtgdduiedvucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepofgfggfkjghffffhvffutgesthdtredtreertdenucfhrhhomhepfdffrghn ucfnrghnghhilhhlvgdfuceouggrnheslhgrnhhgihhllhgvrdhorhhgqeenucfrrghrrg hmpehmrghilhhfrhhomhepuggrnheslhgrnhhgihhllhgvrdhorhhgnecuvehluhhsthgv rhfuihiivgeptd X-ME-Proxy: Received: by mailuser.nyi.internal (Postfix, from userid 501) id 38CF912200A2; Wed, 24 Jul 2019 17:54:13 -0400 (EDT) X-Mailer: MessagingEngine.com Webmail Interface User-Agent: Cyrus-JMAP/3.1.6-736-gdfb8e44-fmstable-20190718v2 Mime-Version: 1.0 Message-Id: In-Reply-To: References: Date: Wed, 24 Jul 2019 17:54:12 -0400 From: "Dan Langille" To: "Robert Simmons" Cc: freebsd-security@freebsd.org Subject: Re: Old Stuff Content-Type: text/plain X-Rspamd-Queue-Id: 98D277723C X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=langille.org header.s=fm1 header.b=rSr/8IHY; dkim=pass header.d=messagingengine.com header.s=fm3 header.b=fHxNX/WI; dmarc=pass (policy=none) header.from=langille.org; spf=pass (mx1.freebsd.org: domain of dan@langille.org designates 66.111.4.27 as permitted sender) smtp.mailfrom=dan@langille.org X-Spamd-Result: default: False [-6.54 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[langille.org:s=fm1,messagingengine.com:s=fm3]; XM_UA_NO_VERSION(0.01)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:66.111.4.27]; MV_CASE(0.50)[]; MIME_GOOD(-0.10)[text/plain]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; NEURAL_HAM_SHORT(-0.95)[-0.954,0]; RCVD_COUNT_THREE(0.00)[4]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[langille.org:+,messagingengine.com:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[langille.org,none]; MX_GOOD(-0.01)[in2-smtp.messagingengine.com,in1-smtp.messagingengine.com,in2-smtp.messagingengine.com,in1-smtp.messagingengine.com,in2-smtp.messagingengine.com,in1-smtp.messagingengine.com,in2-smtp.messagingengine.com,in1-smtp.messagingengine.com,in2-smtp.messagingengine.com,in1-smtp.messagingengine.com,in2-smtp.messagingengine.com,in1-smtp.messagingengine.com,in2-smtp.messagingengine.com,in1-smtp.messagingengine.com]; FREEMAIL_TO(0.00)[gmail.com]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:11403, ipnet:66.111.4.0/24, country:US]; IP_SCORE(-3.49)[ip: (-9.77), ipnet: 66.111.4.0/24(-4.79), asn: 11403(-2.84), country: US(-0.05)]; MID_RHS_WWW(0.50)[]; RCVD_IN_DNSWL_LOW(-0.10)[27.4.111.66.list.dnswl.org : 127.0.5.1] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Jul 2019 21:54:22 -0000 On Wed, Jul 24, 2019, at 12:58 PM, Robert Simmons wrote: > I wonder if FreeBSD should drop support for 32bit? Clean out and remove all > of it. It should make the code base easier to maintain, cleaner, and safer. > > In this same vein, let's deprecate and remove things like telnet and ftp. Please no. I use telnet on a near daily basis. -- Dan Langille dan@langille.org From owner-freebsd-security@freebsd.org Wed Jul 24 21:58:59 2019 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 64A1DBA282 for ; Wed, 24 Jul 2019 21:58:59 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from hz.grosbein.net (hz.grosbein.net [IPv6:2a01:4f8:c2c:26d8::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id EBC1E774C1 for ; Wed, 24 Jul 2019 21:58:58 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from eg.sd.rdtc.ru (eg.sd.rdtc.ru [IPv6:2a03:3100:c:13:0:0:0:5]) by hz.grosbein.net (8.15.2/8.15.2) with ESMTPS id x6OLwtIr054900 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 24 Jul 2019 21:58:56 GMT (envelope-from eugen@grosbein.net) X-Envelope-From: eugen@grosbein.net X-Envelope-To: rsimmons0@gmail.com Received: from [10.58.0.4] ([10.58.0.4]) by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTPS id x6OLwqpc047340 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Thu, 25 Jul 2019 04:58:52 +0700 (+07) (envelope-from eugen@grosbein.net) Subject: Re: Old Stuff To: Robert Simmons , Luke Crooks References: Cc: freebsd-security@freebsd.org From: Eugene Grosbein Message-ID: <0d846875-5cd9-b28c-51fc-7535d2dca301@grosbein.net> Date: Thu, 25 Jul 2019 04:58:46 +0700 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=0.3 required=5.0 tests=BAYES_00,LOCAL_FROM, SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.2 X-Spam-Report: * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1% * [score: 0.0000] * 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record * -0.0 SPF_PASS SPF: sender matches SPF record * 2.6 LOCAL_FROM From my domains X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on hz.grosbein.net X-Rspamd-Queue-Id: EBC1E774C1 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; spf=permerror (mx1.freebsd.org: domain of eugen@grosbein.net uses mechanism not recognized by this client) smtp.mailfrom=eugen@grosbein.net X-Spamd-Result: default: False [-2.86 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; MX_INVALID(0.50)[cached]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; TO_DN_SOME(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[grosbein.net]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; R_SPF_PERMFAIL(0.00)[]; NEURAL_HAM_SHORT(-0.51)[-0.511,0]; IP_SCORE(-0.75)[ipnet: 2a01:4f8::/29(-1.92), asn: 24940(-1.82), country: DE(-0.01)]; FREEMAIL_TO(0.00)[gmail.com]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:24940, ipnet:2a01:4f8::/29, country:DE]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Jul 2019 21:58:59 -0000 25.07.2019 1:46, Robert Simmons wrote: > I am and am not. Ubuntu has made this choice recently. I doubt I am alone > in my thinking. I fully expected instant pushback on both suggestions. Why do you refer to Ubuntu? They don't have many tools in their base that real networking unix box must have (tcpdump etc.) without need to download extra packages. From owner-freebsd-security@freebsd.org Wed Jul 24 23:11:17 2019 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id CABABBBE52 for ; Wed, 24 Jul 2019 23:11:17 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Received: from smtp-out-no.shaw.ca (smtp-out-no.shaw.ca [64.59.134.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "Client", Issuer "CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id B755882D33 for ; Wed, 24 Jul 2019 23:11:16 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Received: from spqr.komquats.com ([70.67.125.17]) by shaw.ca with ESMTPA id qQPfhFwzlUIS2qQPghFbKV; Wed, 24 Jul 2019 17:11:14 -0600 X-Authority-Analysis: v=2.3 cv=N41X6F1B c=1 sm=1 tr=0 a=VFtTW3WuZNDh6VkGe7fA3g==:117 a=VFtTW3WuZNDh6VkGe7fA3g==:17 a=jpOVt7BSZ2e4Z31A5e1TngXxSK0=:19 a=IkcTkHD0fZMA:10 a=xqWC_Br6kY4A:10 a=0o9FgrsRnhwA:10 a=pGLkceISAAAA:8 a=Snfk7bwtAAAA:8 a=Obti7KXxAAAA:8 a=NCTs95MgAAAA:8 a=6I5d2MoRAAAA:8 a=YxBL1-UpAAAA:8 a=y9hrzrLY-WXcW14Ft8IA:9 a=QEXdDO2ut3YA:10 a=Yv49N18b_qppuEWVRl0Q:22 a=eHkphwI4ZSSV5F0HjaM_:22 a=hYRRbbiOsBaTAZtwW5r4:22 a=IjZwj45LgO3ly-622nXo:22 a=Ia-lj3WSrqcvXOmTRaiG:22 Received: from [IPv6:2605:8d80:406:2713:63c1:7aa8:b3ba:9a0e] (unknown [72.143.219.248]) by spqr.komquats.com (Postfix) with ESMTPSA id 3F16E16AC; Wed, 24 Jul 2019 16:11:10 -0700 (PDT) Date: Wed, 24 Jul 2019 16:09:52 -0700 In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Subject: Re: Old Stuff To: freebsd-security@freebsd.org, Robert Simmons , "Aaron C. de Bruyn" CC: Luke Crooks From: Cy Schubert Message-ID: X-CMAE-Envelope: MS4wfKh98lRluA71IDMkpopR+SnmrkJ38z/p5q3Os9sT66RPwfUS1xvvJzVW8jCYC5Gb/RfKsqUzyfuVyAg73BRYzVQCyhoMArFhTK40e3RsbPkWgY33bsK5 OK6PyR2IbqoRzZBj8JeSUg+bf4XAPrT4SeXF9LUFjdFSxvg0Xwhv4ctt3dwgIb5BF2addTdA4IAcmTPzsqFwygFI84sF5dL+o0aFdaQqueVc/oU7z3EuiL4/ E2IacKEFpipi/pkIheiqwA== X-Rspamd-Queue-Id: B755882D33 X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-5.53 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; TO_DN_SOME(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MX_GOOD(-0.01)[spqr.komquats.com]; NEURAL_HAM_SHORT(-0.92)[-0.918,0]; RCVD_IN_DNSWL_NONE(0.00)[12.134.59.64.list.dnswl.org : 127.0.5.0]; R_SPF_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:6327, ipnet:64.59.128.0/20, country:CA]; MID_RHS_MATCH_FROM(0.00)[]; IP_SCORE(-2.50)[ip: (-6.68), ipnet: 64.59.128.0/20(-3.22), asn: 6327(-2.51), country: CA(-0.09)]; RECEIVED_SPAMHAUS_PBL(0.00)[17.125.67.70.zen.spamhaus.org : 127.0.0.11] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Jul 2019 23:11:17 -0000 On July 24, 2019 12:09:12 PM PDT, Robert Simmons wr= ote: >Yes, to reduce the code base complexity so that resources can be >focused on >a smaller code base=2E > >On Wed, Jul 24, 2019 at 3:06 PM Aaron C=2E de Bruyn >wrote: > >> Ubuntu made the decision, then rolled it back (partially) due to >community >> outcry=2E (https://itsfoss=2Ecom/ubuntu-19-10-drops-32-bit-support/) >> If your reason for wanting to drop support is "Ubuntu is doing it", >my >> response would be "cool story bro"=2E >> Can you state what you are trying to accomplish by dropping support >so the >> merits can be debated? >> >> -A >> >> On Wed, Jul 24, 2019 at 11:47 AM Robert Simmons >> wrote: >> >>> I am and am not=2E Ubuntu has made this choice recently=2E I doubt I a= m >alone >>> in my thinking=2E I fully expected instant pushback on both >suggestions=2E >>> >>> On Wed, Jul 24, 2019, 13:29 Luke Crooks >wrote: >>> >>> > Clearly you underestimate the technical debt for both hardware and >>> > software technologies, still very much in use today=2E >>> > >>> > >>> > >>> > Luke Crooks >>> > Solent Wholesale Carpets >>> > >>> > On Wed, 24 Jul 2019, 17:58 Robert Simmons, >wrote: >>> > >>> >> I wonder if FreeBSD should drop support for 32bit? Clean out and >remove >>> >> all >>> >> of it=2E It should make the code base easier to maintain, cleaner, >and >>> >> safer=2E >>> >> >>> >> In this same vein, let's deprecate and remove things like telnet >and >>> ftp=2E >>> >> _______________________________________________ >>> >> freebsd-security@freebsd=2Eorg mailing list >>> >> https://lists=2Efreebsd=2Eorg/mailman/listinfo/freebsd-security >>> >> To unsubscribe, send any mail to " >>> >> freebsd-security-unsubscribe@freebsd=2Eorg" >>> >> >>> > >>> _______________________________________________ >>> freebsd-security@freebsd=2Eorg mailing list >>> https://lists=2Efreebsd=2Eorg/mailman/listinfo/freebsd-security >>> To unsubscribe, send any mail to " >>> freebsd-security-unsubscribe@freebsd=2Eorg" >>> >> >_______________________________________________ >freebsd-security@freebsd=2Eorg mailing list >https://lists=2Efreebsd=2Eorg/mailman/listinfo/freebsd-security >To unsubscribe, send any mail to >"freebsd-security-unsubscribe@freebsd=2Eorg" This reminds me of a discussion I had with a manager at a company I develo= ped IBM mainframe software at=2E His point was this exactly, in order to re= duce expenses through the reduction of staff=2E Given the "staff" on the Fr= eeBSD project are all volunteers, the vast majority of which work on projec= ts/code of our choosing, I don't see your point=2E --=20 Pardon the typos and autocorrect, small keyboard in use=2E Cheers, Cy Schubert FreeBSD UNIX: Web: http://www=2EFreeBSD=2Eorg The need of the many outweighs the greed of the few=2E From owner-freebsd-security@freebsd.org Wed Jul 24 23:26:09 2019 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 98B29BC4EE for ; Wed, 24 Jul 2019 23:26:09 +0000 (UTC) (envelope-from mozolevsky@gmail.com) Received: from mail-ot1-x331.google.com (mail-ot1-x331.google.com [IPv6:2607:f8b0:4864:20::331]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D7A19837D6 for ; Wed, 24 Jul 2019 23:26:07 +0000 (UTC) (envelope-from mozolevsky@gmail.com) Received: by mail-ot1-x331.google.com with SMTP id j11so25429604otp.10 for ; Wed, 24 Jul 2019 16:26:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=X0gcOMJ4Ecnsifiw/594pNRcMiy9mZDyOJ1VSUPLy9A=; b=Bw5efnlmQR3oVt0oIhYlKBksSnkwF9CkT3Jt8V6U8I/n9eqCCsOknFpRgKu0TPZIyw ilVUgU/V2VYT5F+iAUE+2vlSd33PiMUq7PPi0DGVU0UDtLXBaxmmpwG3q5A3QZGdC4fq tqsV5h6OQW6sQzQXJQSuoCV9cdhbjuphf8qJvDx8OsrOBRQiEDNEKIiEZgNZPdytQFah QPAv8uWHw25enByMefRrUHM7Dcs+JXZN0UCo/yuxnNX0AL7uWym9uPuKfROXBXGjsuXP WdAGPR3wAvC5FXeaH6v7aAb/7GzforWMlOYYBNHQ2gTdc088Fc7mxpsCkEcz4mEIMR2W WB6A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=X0gcOMJ4Ecnsifiw/594pNRcMiy9mZDyOJ1VSUPLy9A=; b=ZdSxnSMtEKPiINcGuL0XOoAOHbhTmHE2jefXD/iu+iRFTX4P9QYhHUPVFMpnoeNWTz 9ZxI70FFqZNfvjXe9DOwv/ipo3qiSU4KGLfS6R7hpJ2fGUuoe8iagRI3AcPatLsGsDDC Oy4eye6M4FidAyg7SD4DQC67humiktM2VhF2rm5b8r7qzk4R4jX18Mu7RMigLAI0PROA RPDN/Y8qEq8+0sPIVk4z8PBpW2TziW29UaHs5R33I+aKzO6Dz1iUBwl8XUCmiZgQ59wO qvF6VGcO3SRS8OhPvwDJU2Wc0+77Rv/tw0niA1OYA6aQ+L1odC7DlWVuArOHx7SWBzGt sEfQ== X-Gm-Message-State: APjAAAVP06aeK/vRJpXyTeiF7eY64A+8hZ+M9LySTGEaQ4Yap59Npu5t c5ArWNA/jvRNlyvju4MCDPu9XgnZSjq6bebcfvCbNA== X-Google-Smtp-Source: APXvYqw80sELQJ9v+DG4NkGEY1eJydUwFabLa9C6A7T9XKnm3JeBtUTP16RGY3p14BGfl2bu4P2RZt0KBg0ANt5BIwc= X-Received: by 2002:a9d:30c3:: with SMTP id r3mr60554805otg.141.1564010767003; Wed, 24 Jul 2019 16:26:07 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Igor Mozolevsky Date: Thu, 25 Jul 2019 00:25:30 +0100 Message-ID: Subject: Re: Old Stuff To: Robert Simmons Cc: "Aaron C. de Bruyn" , freebsd security , Luke Crooks Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: D7A19837D6 X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=Bw5efnlm; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of mozolevsky@gmail.com designates 2607:f8b0:4864:20::331 as permitted sender) smtp.mailfrom=mozolevsky@gmail.com X-Spamd-Result: default: False [-6.87 / 15.00]; FREEMAIL_FROM(0.00)[gmail.com]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; TO_DN_ALL(0.00)[]; MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; NEURAL_HAM_SHORT(-0.99)[-0.987,0]; FREEMAIL_TO(0.00)[gmail.com]; FROM_EQ_ENVFROM(0.00)[]; RCVD_TLS_LAST(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[1.3.3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; IP_SCORE(-2.87)[ip: (-8.77), ipnet: 2607:f8b0::/32(-3.09), asn: 15169(-2.43), country: US(-0.05)]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Jul 2019 23:26:09 -0000 On Wed, 24 Jul 2019 at 20:09, Robert Simmons wrote: > > Yes, to reduce the code base complexity so that resources can be focused on > a smaller code base. > > On Wed, Jul 24, 2019 at 3:06 PM Aaron C. de Bruyn > wrote: > > > Ubuntu made the decision, then rolled it back (partially) due to community > > outcry. (https://itsfoss.com/ubuntu-19-10-drops-32-bit-support/) > > If your reason for wanting to drop support is "Ubuntu is doing it", my > > response would be "cool story bro". > > Can you state what you are trying to accomplish by dropping support so the > > merits can be debated? > > > > -A Please don't top post, makes replying in context a major PITA! Optimise resource allocation for the code base by writing better code, not by dropping functional parts---code should be simple so as to make errors obvious, and yes, that includes proper design comments in the code too (compare solaris code when that was released to _even current_ FreeBSD code---developers in the former went through painstaking process to explain even the "obvious" things in *plain English,* where as with most FOSS the approach is "well, duh!!! it's obvious why bother writing up???" and the answer is: "it might be obvious now, but (a) how do I know the code reflects the coder's intent, (b) that intent was correct in the first place, and (c) how much do you have to re-learn when you come back to the code in a month, or a year (and I'm not even talking about someone else trying to figure out what the code does when the coder `disappears')?") The short of it is---write quality code, not look for things to trim, if you want better quality software. We had similar discussion already when Rust was being discussed a while back, and one of the "big" reasons was "better," yet it's demonstrably equally easy to write crappy code in the latter. -- Igor M. From owner-freebsd-security@freebsd.org Thu Jul 25 00:27:03 2019 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 2A139BDBD4 for ; Thu, 25 Jul 2019 00:27:03 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Received: from smtp-out-no.shaw.ca (smtp-out-no.shaw.ca [64.59.134.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "Client", Issuer "CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id C243685902 for ; Thu, 25 Jul 2019 00:27:00 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Received: from spqr.komquats.com ([70.67.125.17]) by shaw.ca with ESMTPA id qRazhGXUhUIS2qRb0hFqzV; Wed, 24 Jul 2019 18:26:58 -0600 X-Authority-Analysis: v=2.3 cv=N41X6F1B c=1 sm=1 tr=0 a=VFtTW3WuZNDh6VkGe7fA3g==:117 a=VFtTW3WuZNDh6VkGe7fA3g==:17 a=jpOVt7BSZ2e4Z31A5e1TngXxSK0=:19 a=IkcTkHD0fZMA:10 a=xqWC_Br6kY4A:10 a=0o9FgrsRnhwA:10 a=NCTs95MgAAAA:8 a=pGLkceISAAAA:8 a=6I5d2MoRAAAA:8 a=YxBL1-UpAAAA:8 a=gWbQ5hvYUvsegHUX94YA:9 a=QEXdDO2ut3YA:10 a=hYRRbbiOsBaTAZtwW5r4:22 a=IjZwj45LgO3ly-622nXo:22 a=Ia-lj3WSrqcvXOmTRaiG:22 Received: from [IPv6:2605:8d80:406:2713:63c1:7aa8:b3ba:9a0e] (unknown [72.143.219.5]) by spqr.komquats.com (Postfix) with ESMTPSA id BD910156; Wed, 24 Jul 2019 17:26:52 -0700 (PDT) Date: Wed, 24 Jul 2019 15:54:09 -0700 In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Subject: Re: Old Stuff To: freebsd-security@freebsd.org, Luke Crooks , Robert Simmons From: Cy Schubert Message-ID: X-CMAE-Envelope: MS4wfIwwTYRKx3WrmY8O5Gr9pfv0rNT9PYplkYx9QmxtKf1i0YQH/P/EoIr9Nveq/bdf6ZTras85IXvC6x4vF7ZnbY5ntfTL1FWSOCToq0Pw7h4yrWMg8yb1 aW4H+w2z0RzHzfp2Lh7HFVLRM7Q03YZleQS4Eo5kEKv1syqkG43wnZMVt/CBo52pjsMmWuQexjSBfgcS9K4gak6UnNxa6ei4NfzMn+dD4rKm5obv4gukgDgp X-Rspamd-Queue-Id: C243685902 X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-5.61 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; RCPT_COUNT_THREE(0.00)[3]; TO_DN_SOME(0.00)[]; FROM_HAS_DN(0.00)[]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MX_GOOD(-0.01)[cached: spqr.komquats.com]; NEURAL_HAM_SHORT(-0.98)[-0.977,0]; RCVD_IN_DNSWL_NONE(0.00)[13.134.59.64.list.dnswl.org : 127.0.5.0]; R_SPF_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:6327, ipnet:64.59.128.0/20, country:CA]; MID_RHS_MATCH_FROM(0.00)[]; IP_SCORE(-2.52)[ip: (-6.81), ipnet: 64.59.128.0/20(-3.22), asn: 6327(-2.51), country: CA(-0.09)]; RECEIVED_SPAMHAUS_PBL(0.00)[17.125.67.70.zen.spamhaus.org : 127.0.0.11] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Jul 2019 00:27:03 -0000 On July 24, 2019 10:29:12 AM PDT, Luke Crooks = wrote: >Clearly you underestimate the technical debt for both hardware and >software >technologies, still very much in use today=2E > > > >Luke Crooks >Solent Wholesale Carpets > >On Wed, 24 Jul 2019, 17:58 Robert Simmons, wrote: > >> I wonder if FreeBSD should drop support for 32bit? Clean out and >remove all >> of it=2E It should make the code base easier to maintain, cleaner, and >safer=2E >> >> In this same vein, let's deprecate and remove things like telnet and >ftp=2E >> _______________________________________________ >> freebsd-security@freebsd=2Eorg mailing list >> https://lists=2Efreebsd=2Eorg/mailman/listinfo/freebsd-security >> To unsubscribe, send any mail to >"freebsd-security-unsubscribe@freebsd=2Eorg >> " >> >_______________________________________________ >freebsd-security@freebsd=2Eorg mailing list >https://lists=2Efreebsd=2Eorg/mailman/listinfo/freebsd-security >To unsubscribe, send any mail to >"freebsd-security-unsubscribe@freebsd=2Eorg" Ahh, the latest rowhammer attack, rambled=2E Avoid the use of RAM=2E --=20 Pardon the typos and autocorrect, small keyboard in use=2E Cheers, Cy Schubert FreeBSD UNIX: Web: http://www=2EFreeBSD=2Eorg The need of the many outweighs the greed of the few=2E From owner-freebsd-security@freebsd.org Thu Jul 25 01:07:51 2019 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 9303BBECFB for ; Thu, 25 Jul 2019 01:07:51 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Received: from smtp-out-so.shaw.ca (smtp-out-so.shaw.ca [64.59.136.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "Client", Issuer "CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id DB701871C4 for ; Thu, 25 Jul 2019 01:07:50 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Received: from spqr.komquats.com ([70.67.125.17]) by shaw.ca with ESMTPA id qSEUh41vvSrVcqSEWh8WOc; Wed, 24 Jul 2019 19:07:48 -0600 X-Authority-Analysis: v=2.3 cv=L5ZjvNb8 c=1 sm=1 tr=0 a=VFtTW3WuZNDh6VkGe7fA3g==:117 a=VFtTW3WuZNDh6VkGe7fA3g==:17 a=kj9zAlcOel0A:10 a=0o9FgrsRnhwA:10 a=YxBL1-UpAAAA:8 a=NCTs95MgAAAA:8 a=pGLkceISAAAA:8 a=6I5d2MoRAAAA:8 a=ZqvuCeoMMw3L5V4JmDgA:9 a=CjuIK1q_8ugA:10 a=Ia-lj3WSrqcvXOmTRaiG:22 a=hYRRbbiOsBaTAZtwW5r4:22 a=IjZwj45LgO3ly-622nXo:22 Received: from slippy.cwsent.com (slippy [10.1.1.91]) by spqr.komquats.com (Postfix) with ESMTPS id 1CEC7190; Wed, 24 Jul 2019 18:07:45 -0700 (PDT) Received: from slippy.cwsent.com (localhost [127.0.0.1]) by slippy.cwsent.com (8.15.2/8.15.2) with ESMTP id x6P17jBV084323; Wed, 24 Jul 2019 18:07:45 -0700 (PDT) (envelope-from Cy.Schubert@cschubert.com) Received: from slippy (cy@localhost) by slippy.cwsent.com (8.15.2/8.15.2/Submit) with ESMTP id x6P17jms084320; Wed, 24 Jul 2019 18:07:45 -0700 (PDT) (envelope-from Cy.Schubert@cschubert.com) Message-Id: <201907250107.x6P17jms084320@slippy.cwsent.com> X-Authentication-Warning: slippy.cwsent.com: cy owned process doing -bs X-Mailer: exmh version 2.9.0 11/07/2018 with nmh-1.7.1 Reply-to: Cy Schubert From: Cy Schubert X-os: FreeBSD X-Sender: cy@cwsent.com X-URL: http://www.cschubert.com/ To: Cy Schubert cc: freebsd-security@freebsd.org, Luke Crooks , Robert Simmons Subject: Re: Old Stuff In-reply-to: References: Comments: In-reply-to Cy Schubert message dated "Wed, 24 Jul 2019 15:54:09 -0700." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 24 Jul 2019 18:07:45 -0700 X-CMAE-Envelope: MS4wfN0ovxSaMdteLJy4BAUaaIwKIFTSGoEUjyLAkwBYNy1zy7/9ZOh5TFtp6d5d+OAhaJL/gpMk16rbVWiuGQhXMrtaFjWmoMhMdUYTF5WOi+e5EPFrjW5f XQfGmcJBbVWwP8I50HDBQehQzPzok6ZEQb28jhGYazl6w7v1uc+PsK9czacx5vQ87wcSfgMJoFnKpQYonNdK4AmoghFIU72bGPKovIzM4aRdvPe8JFJ8jRSM X-Rspamd-Queue-Id: DB701871C4 X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-4.91 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_COUNT_FIVE(0.00)[5]; HAS_REPLYTO(0.00)[Cy.Schubert@cschubert.com]; RCPT_COUNT_THREE(0.00)[4]; TO_DN_SOME(0.00)[]; MV_CASE(0.50)[]; FROM_HAS_DN(0.00)[]; MIME_GOOD(-0.10)[text/plain]; HAS_XAW(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; REPLYTO_EQ_FROM(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MX_GOOD(-0.01)[cached: spqr.komquats.com]; NEURAL_HAM_SHORT(-0.91)[-0.913,0]; RCVD_IN_DNSWL_NONE(0.00)[137.136.59.64.list.dnswl.org : 127.0.5.0]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_SPF_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:6327, ipnet:64.59.128.0/20, country:CA]; RCVD_TLS_LAST(0.00)[]; IP_SCORE(-2.39)[ip: (-6.13), ipnet: 64.59.128.0/20(-3.22), asn: 6327(-2.50), country: CA(-0.09)]; RECEIVED_SPAMHAUS_PBL(0.00)[17.125.67.70.zen.spamhaus.org : 127.0.0.11] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Jul 2019 01:07:51 -0000 In message , Cy Schubert wr ites: > On July 24, 2019 10:29:12 AM PDT, Luke Crooks wrot > e: > >Clearly you underestimate the technical debt for both hardware and > >software > >technologies, still very much in use today. > > > > > > > >Luke Crooks > >Solent Wholesale Carpets > > > >On Wed, 24 Jul 2019, 17:58 Robert Simmons, wrote: > > > >> I wonder if FreeBSD should drop support for 32bit? Clean out and > >remove all > >> of it. It should make the code base easier to maintain, cleaner, and > >safer. > >> > >> In this same vein, let's deprecate and remove things like telnet and > >ftp. > >> _______________________________________________ > >> freebsd-security@freebsd.org mailing list > >> https://lists.freebsd.org/mailman/listinfo/freebsd-security > >> To unsubscribe, send any mail to > >"freebsd-security-unsubscribe@freebsd.org > >> " > >> > >_______________________________________________ > >freebsd-security@freebsd.org mailing list > >https://lists.freebsd.org/mailman/listinfo/freebsd-security > >To unsubscribe, send any mail to > >"freebsd-security-unsubscribe@freebsd.org" > > Ahh, the latest rowhammer attack, rambled. Avoid the use of RAM. ^^^^^^^ rambleed > > > -- > Pardon the typos and autocorrect, small keyboard in use. ^^^^^^^^^^^ > Cheers, > Cy Schubert > FreeBSD UNIX: Web: http://www.FreeBSD.org > > The need of the many outweighs the greed of the few. > -- Cheers, Cy Schubert FreeBSD UNIX: Web: http://www.FreeBSD.org The need of the many outweighs the greed of the few. From owner-freebsd-security@freebsd.org Thu Jul 25 13:38:03 2019 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 17F7EA4FCE for ; Thu, 25 Jul 2019 13:38:03 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from zxy.spb.ru (zxy.spb.ru [195.70.199.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 36C2D83342 for ; Thu, 25 Jul 2019 13:38:02 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from slw by zxy.spb.ru with local (Exim 4.86 (FreeBSD)) (envelope-from ) id 1hqdwP-000Ara-5u; Thu, 25 Jul 2019 16:37:53 +0300 Date: Thu, 25 Jul 2019 16:37:53 +0300 From: Slawa Olhovchenkov To: Robert Simmons Cc: "freebsd-security@freebsd.org" Subject: Re: Old Stuff Message-ID: <20190725133753.GL47119@zxy.spb.ru> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.24 (2015-08-30) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: slw@zxy.spb.ru X-SA-Exim-Scanned: No (on zxy.spb.ru); SAEximRunCond expanded to false X-Rspamd-Queue-Id: 36C2D83342 X-Spamd-Bar: ++ Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [2.70 / 15.00]; ARC_NA(0.00)[]; TO_DN_EQ_ADDR_SOME(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; NEURAL_SPAM_SHORT(0.16)[0.155,0]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; DMARC_NA(0.00)[zxy.spb.ru]; AUTH_NA(1.00)[]; NEURAL_SPAM_MEDIUM(0.96)[0.958,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MX_GOOD(-0.01)[zxy.spb.ru]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_SPAM_LONG(0.70)[0.696,0]; R_SPF_NA(0.00)[]; FREEMAIL_TO(0.00)[gmail.com]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:5495, ipnet:195.70.192.0/19, country:RU]; MID_RHS_MATCH_FROM(0.00)[]; IP_SCORE(0.00)[country: RU(0.01)]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Jul 2019 13:38:03 -0000 On Wed, Jul 24, 2019 at 02:56:47PM -0400, Robert Simmons wrote: > The safer part of my speculation is specifically based on being less code > to maintain overall. More resources devoted to a smaller code base. Best of all is completly remove any code: no code -- no hole. > On Wed, Jul 24, 2019 at 1:26 PM Igor Mozolevsky > wrote: > > > > > > > On Wednesday, 24 July 2019, Robert Simmons wrote: > > > > Lolz, right? :- > > > > > I wonder if FreeBSD should drop support for 32bit? Clean out and remove > > all > > > of it. It should make the code base easier to maintain, cleaner, and > > safer. > > > > Because nobody has a 32bit computer nowadays??? Similarly, you got any > > empirical evidence to back up the "... safer" part of your speculation? > > > > > In this same vein, let's deprecate and remove things like telnet and ftp. > > > > > > How does the saying go, "if you think that encryption is the solution to > > your problem then you don't understand neither encryption nor your > > problem"? I would hazard a guess that over 95% of encrypted traffic needn't > > be encrypted at all, but no commercial interest developed "integrity over > > http" so we all have to suffer "encryption under http" instead. > > > > > > -- > > > > Igor M. > _______________________________________________ > freebsd-security@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" From owner-freebsd-security@freebsd.org Thu Jul 25 15:13:22 2019 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id DB518A6D2F for ; Thu, 25 Jul 2019 15:13:22 +0000 (UTC) (envelope-from michelle@sorbs.net) Received: from hades.sorbs.net (hades.sorbs.net [72.12.213.40]) by mx1.freebsd.org (Postfix) with ESMTP id 332B986BE2 for ; Thu, 25 Jul 2019 15:13:20 +0000 (UTC) (envelope-from michelle@sorbs.net) MIME-version: 1.0 Content-transfer-encoding: 7BIT Content-type: text/plain; CHARSET=US-ASCII; format=flowed Received: from isux.com (gate.mhix.org [203.206.128.220]) by hades.sorbs.net (Oracle Communications Messaging Server 7.0.5.29.0 64bit (built Jul 9 2013)) with ESMTPSA id <0PV700822C6KZI20@hades.sorbs.net> for freebsd-security@freebsd.org; Thu, 25 Jul 2019 07:27:57 -0700 (PDT) Subject: Re: Old Stuff To: freebsd-security@freebsd.org References: From: Michelle Sullivan Message-id: Date: Fri, 26 Jul 2019 00:12:36 +1000 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:51.0) Gecko/20100101 Firefox/51.0 SeaMonkey/2.48 In-reply-to: X-Rspamd-Queue-Id: 332B986BE2 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; spf=pass (mx1.freebsd.org: domain of michelle@sorbs.net designates 72.12.213.40 as permitted sender) smtp.mailfrom=michelle@sorbs.net X-Spamd-Result: default: False [-2.22 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; URIBL_BLOCKED(0.00)[mhix.org.multi.uribl.com]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+a:hades.sorbs.net]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; MIME_TRACE(0.00)[0:+]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.00)[-0.998,0]; DMARC_NA(0.00)[sorbs.net]; MX_GOOD(-0.01)[battlestar.sorbs.net,anaconda.sorbs.net,ninja.sorbs.net,catapilla.sorbs.net,scorpion.sorbs.net,desperado.sorbs.net]; NEURAL_HAM_SHORT(-0.24)[-0.239,0]; RCVD_IN_DNSWL_NONE(0.00)[40.213.12.72.list.dnswl.org : 127.0.10.0]; NEURAL_HAM_MEDIUM(-0.99)[-0.989,0]; IP_SCORE(-0.28)[ip: (-0.70), ipnet: 72.12.192.0/19(-0.37), asn: 11114(-0.29), country: US(-0.05)]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; CTE_CASE(0.50)[]; ASN(0.00)[asn:11114, ipnet:72.12.192.0/19, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Jul 2019 15:13:22 -0000 Robert Simmons wrote: > I wonder if FreeBSD should drop support for 32bit? Clean out and remove all > of it. It should make the code base easier to maintain, cleaner, and safer. I should just *plonk* .. not going to though... because I'm curious, have you actually written, edited or even reviewed code? Especially OS code? I'm going to tell you now you might as well treat the questions as non-rhetorical because I'm not going to read the reply. There are too many embedded devices using 32 bit to even take this seriously. (hint: consider what you gain or lose by designing low power/low heat/low resource devices on 32 and 64 bit.. especially when they don't have storage systems (hard drives) and any more than a few hundred *meg* of RAM.) > In this same vein, let's deprecate and remove things like telnet and ftp. > This is neither here nor there as they are available in Ports. -- Michelle Sullivan http://www.mhix.org/ From owner-freebsd-security@freebsd.org Thu Jul 25 20:01:45 2019 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id D02A8AD1D4 for ; Thu, 25 Jul 2019 20:01:45 +0000 (UTC) (envelope-from lyndon@orthanc.ca) Received: from orthanc.ca (orthanc.ca [IPv6:2607:f2f8:abf8::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "orthanc.ca", Issuer "Let's Encrypt Authority X3" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id E1E5492F40 for ; Thu, 25 Jul 2019 20:01:43 +0000 (UTC) (envelope-from lyndon@orthanc.ca) Received: from orthanc.ca (localhost [127.0.0.1]) by orthanc.ca (OpenSMTPD) with ESMTP id d8b11eea; Thu, 25 Jul 2019 13:01:38 -0700 (PDT) From: Lyndon Nerenberg To: Robert Simmons cc: "Aaron C. de Bruyn" , freebsd-security@freebsd.org, Luke Crooks , Lyndon Nerenberg Subject: Re: Old Stuff In-reply-to: References: Comments: In-reply-to Robert Simmons message dated "Wed, 24 Jul 2019 15:09:12 -0400." MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <3854.1564084898.1@orthanc.ca> Date: Thu, 25 Jul 2019 13:01:38 -0700 Message-ID: <40c90d985eea5429@orthanc.ca> X-Rspamd-Queue-Id: E1E5492F40 X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; spf=pass (mx1.freebsd.org: domain of lyndon@orthanc.ca designates 2607:f2f8:abf8::2 as permitted sender) smtp.mailfrom=lyndon@orthanc.ca X-Spamd-Result: default: False [-1.20 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.36)[-0.361,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f2f8:abf8::2]; NEURAL_HAM_LONG(-0.98)[-0.979,0]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; DMARC_NA(0.00)[orthanc.ca]; RCPT_COUNT_FIVE(0.00)[5]; TO_MATCH_ENVRCPT_SOME(0.00)[]; NEURAL_SPAM_SHORT(0.52)[0.519,0]; MX_GOOD(-0.01)[orthanc.ca]; IP_SCORE(-0.07)[asn: 25795(-0.29), country: US(-0.05)]; FREEMAIL_TO(0.00)[gmail.com]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:25795, ipnet:2607:f2f8::/32, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Jul 2019 20:01:45 -0000 Robert Simmons writes: > Yes, to reduce the code base complexity so that resources can be focused on > a smaller code base. Might I suggest you begin by rolling back LLVM?