From owner-freebsd-security@freebsd.org Mon Oct 7 05:02:12 2019 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id D22FC13E3B1; Mon, 7 Oct 2019 05:02:12 +0000 (UTC) (envelope-from grarpamp@gmail.com) Received: from mail-io1-xd44.google.com (mail-io1-xd44.google.com [IPv6:2607:f8b0:4864:20::d44]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 46mpHl4ty6z4Ght; Mon, 7 Oct 2019 05:02:11 +0000 (UTC) (envelope-from grarpamp@gmail.com) Received: by mail-io1-xd44.google.com with SMTP id a1so25759128ioc.6; Sun, 06 Oct 2019 22:02:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=krAdp5ji7OQTkHc1grZKzNJQxUgJxz+niKClH4r1PL0=; b=BOLYhvyQpc/i5MeVioalPufhO2TNcvgQSQPHORNKX2LHCHyC0tWwFvps6N84ZWXkhm RxBOdg8a+733nqRNG7wOe1kutWUwrwZiTZXZ8ChgbQwD0lBnFZD3ZABc4820oF75+bD8 Hz1rgi4aokZ5l8D5AxaenQPDVe/7fUHVsL5CzwXKJVLt9NhztPaSVydh3oDAmod6tYrs nsjueYZtGCn+s3gAc9jYqrQiTcEzqTZXSHh8aXtBGUmZsjv+s9sUkR4gH978I+3pdjZP etEJgNQ01wkcYMKcZhsos1R5nkU/O/DouiGtcrvu8Lavat2sy2XWzQzXFK+I7Sd8h8o9 QsTQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=krAdp5ji7OQTkHc1grZKzNJQxUgJxz+niKClH4r1PL0=; b=lR4AIElnI1iFQJF4vNWR91OaEbRo3s/tTQPQgFtBW0tzgJcZdqsUYeH24n/ngpVFPQ P4ByaEB72Ffj74JQaPN5j3LpSULsZcIzKMkOqkH2G9S+LW/9vw36TOU5DqCyfA8dDRzM +G55vpCedWj6x1l6Xm59ZpQAWEch+6SwEwd9RA0Pvv5UNdsiLis+5JF5GZWZuEtRNEyL lZjrCqeOTsv8ENDyddzK1lznxG6c/wausz4YofiXdWehPP0f0tuHS8H9TcflCFrKMC57 Rh3wqQFL9G5qf/3K9QP3I8NKavRRRZ/HUXIHMm75qBS+2HK8Tnj9ueWqR1vQno/NvWCG GIKg== X-Gm-Message-State: APjAAAW59ufi8sohKTJ5VwOFnv9mHhAQvEV+pCb0lwvDo+NzKQRC0dqn M2ZH9ML/+Q/MUkLDDD8W2MSFJxF6JXDSXora8zF75ujd X-Google-Smtp-Source: APXvYqzNej+dfbHo+pSRYs1IECoWVsvMEuJlOevt0Ohg5Mc6ETBAF1yl2BpjXyljNPr+3/dAHl4JtdCukEZ+rjtCy0Y= X-Received: by 2002:a5e:aa09:: with SMTP id s9mr23353917ioe.22.1570424530189; Sun, 06 Oct 2019 22:02:10 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a02:9f01:0:0:0:0:0 with HTTP; Sun, 6 Oct 2019 22:02:09 -0700 (PDT) In-Reply-To: References: From: grarpamp Date: Mon, 7 Oct 2019 01:02:09 -0400 Message-ID: Subject: Re: AMD Secure Encrypted Virtualization - FreeBSD Status? To: freebsd-security@freebsd.org Cc: freebsd-current@freebsd.org, freebsd-virtualization@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 46mpHl4ty6z4Ght X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=BOLYhvyQ; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of grarpamp@gmail.com designates 2607:f8b0:4864:20::d44 as permitted sender) smtp.mailfrom=grarpamp@gmail.com X-Spamd-Result: default: False [-2.00 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; FREEMAIL_FROM(0.00)[gmail.com]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCVD_COUNT_TWO(0.00)[2]; TO_MATCH_ENVRCPT_ALL(0.00)[]; IP_SCORE_FREEMAIL(0.00)[]; IP_SCORE(0.00)[ip: (2.24), ipnet: 2607:f8b0::/32(-2.55), asn: 15169(-2.15), country: US(-0.05)]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; RCVD_IN_DNSWL_NONE(0.00)[4.4.d.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; FROM_EQ_ENVFROM(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_ALL(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Oct 2019 05:02:12 -0000 Although somewhat different from the virtualization part of the subject, both... - AMD (Secure Memory Encryption, and Memory Guard) on both EPYC and Ryzen Pro today and - Intel (Multi Key Total Memory Encryption) likely on Xeon in the near future ... also do seem to have some OS dependant bits that would be needing configuration and awareness. You can search them both. This is one of Intel's papers on its version of memory encryption... https://software.intel.com/sites/default/files/managed/a5/16/Multi-Key-Total-Memory-Encryption-Spec.pdf From owner-freebsd-security@freebsd.org Mon Oct 7 07:43:09 2019 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id EBAB1F9DB4; Mon, 7 Oct 2019 07:43:09 +0000 (UTC) (envelope-from grarpamp@gmail.com) Received: from mail-io1-xd44.google.com (mail-io1-xd44.google.com [IPv6:2607:f8b0:4864:20::d44]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 46mssS5FCtz4PNS; Mon, 7 Oct 2019 07:43:08 +0000 (UTC) (envelope-from grarpamp@gmail.com) Received: by mail-io1-xd44.google.com with SMTP id c25so26354255iot.12; Mon, 07 Oct 2019 00:43:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=U8VnsNCGQag82DKgQZKjyNayOQ84NuSUYRyOjAwTieE=; b=dDYaF8ndmmZFe4sWKj+/LPaQyknvyEvvoJ6+AZ1HHnJghIrCrhDoWwQA0mORdBKrw9 CJ6cGVkIO12nUMv7s/dUmlIvJGqq73txKNnqJj2TxstvzsgXdNApjcoiwdz+jqOnz5JY 5qZV6vgRFWyC9X48ifnLvf5Zeu9nGOtevhbx60BMuXnTEw8WH2fSm7iv03DofOL4OSSP hJk+m8powgTiBsAVGkT5J/EZvXczxxwvQ/mdc6zNdUbzsLl9NzKoZxN6WDFSt60ggr9T JR17wpeBB9NvzotFwIptHe49ewtG51aJT7uk6/4LVvzVYmLAmK9X0NHgKS89fWuu8rYG EyZQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=U8VnsNCGQag82DKgQZKjyNayOQ84NuSUYRyOjAwTieE=; b=SIPSfYA/OnBbU//jRd1BUv7pWI5Jpjz/PBtEg79TxhKcW2qXkiCGGYZPM1MbkfLTwf g7t63U7eWPZXxwgiwoKh1aL2K4RWRFCS0taV2JcvRNy8LlKQojSczCWMO7geOmhrJpxJ ZLH+KgXbRo6F2uAA+3qUWsG2zuDsZxqRlODOgw21r8TITzcabx7sxrLzgIlPQ0OvO+JT KKzEZLV24jKXxgooTYoFrZJmal0WmFidMe0VZrjApAfmpbcBlNf0ZD/QlqPpLNJk7f7y K9iI450ggAnRyOTEV8BzwWNVeq2t97mkiSwEXlD4oxriMyy+fVjde51WDHXKvpW5rQlv 9q4w== X-Gm-Message-State: APjAAAU+qsdf7z0loOJs3hU6H/2PCgvu08MaRDpcyPpd/WgcpT9gDcl7 KUeElAAmjHhayaLuW0kCesrDr4lDMIQ2V83Bc7db8ttC X-Google-Smtp-Source: APXvYqw//rlGXkVUEHgQeNG+enBUytlvevfIOd9BlxTlEjm6yg08DIfsaIXn1jv/7qoEvU9zQEBGuHcznUA+pGZ0WLc= X-Received: by 2002:a5e:aa09:: with SMTP id s9mr23738904ioe.22.1570434187286; Mon, 07 Oct 2019 00:43:07 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a02:9f01:0:0:0:0:0 with HTTP; Mon, 7 Oct 2019 00:43:06 -0700 (PDT) In-Reply-To: References: From: grarpamp Date: Mon, 7 Oct 2019 03:43:06 -0400 Message-ID: Subject: Re: Git/Mtn for FreeBSD, PGP WoT Sigs, Merkel Hash Tree Based To: freebsd-security@freebsd.org Cc: freebsd-hackers@freebsd.org, freebsd-questions@freebsd.org, freebsd-current@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 46mssS5FCtz4PNS X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=dDYaF8nd; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of grarpamp@gmail.com designates 2607:f8b0:4864:20::d44 as permitted sender) smtp.mailfrom=grarpamp@gmail.com X-Spamd-Result: default: False [-3.00 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c]; FREEMAIL_FROM(0.00)[gmail.com]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; IP_SCORE_FREEMAIL(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; IP_SCORE(0.00)[ip: (2.27), ipnet: 2607:f8b0::/32(-2.55), asn: 15169(-2.15), country: US(-0.05)]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; RCVD_IN_DNSWL_NONE(0.00)[4.4.d.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Oct 2019 07:43:10 -0000 On 10/4/19, Igor Mozolevsky wrote: > On Fri, 20 Sep 2019 at 22:01, grarpamp wrote: >> >> For consideration... >> https://lists.freebsd.org/pipermail/freebsd-security/2019-September/010099.html >> >> SVN really may not offer much in the way of native >> internal self authenticating repo to cryptographic levels >> of security against bitrot, transit corruption and repo ops, >> external physical editing, have much signing options, etc. >> Similar to blockchain and ZFS hash merkle-ization, >> signing the repo init and later points tags commits, >> along with full verification toolset, is useful function. > > > > > Isn't UNIX(TM) philosophy that a program should do one thing and do it > well? Just because people can't be bothered to learn to use multiple > tools to do *multiple* tasks on the same dataset, is not a reason, let > alone "the reason," to increase any program complexity to orders of > N^M^K^L so that one "foo checkout" does all the things one wants! Was r353001 cryptosigned so people can verify it with a second standalone multiple tool called "PGP", after the first standalone multiple tool called "repo checkout"? Was it crypto chained back into a crypto history so they could treat it as a secure diff (the function of a third standalone multiple tool "diff a b") instead of as entirely separate (and space wasting set of) unlinked independant assertions / issuances as to a state? How much time does that take over time each time vs perhaps loading signed set of keys into repo client config. Is LOGO and tape better because less complex tool than C and disk. > When crypto invalidates a repo, how would it be different > from seeing non ASCII characters in plain ASCII files, or sudden > refusal to compile > one way or another you'd still need to restore > from BACKUP Backup is separate, and indeed a fine practice to help keep for when all sorts of horrors can happen. > crypto IS NOT a substitute for good data keeping > practices. Who said that it was. However it can be a wrapper of proof / certification / detection / assurance / integrity / test over them... a good thing to have there, as opposed to nothing. > Also, what empirical data do you have for repo bitrot/transit > corruption that is NOT caught by underlying media? Why are people even bothering to sha-2 or sign iso's, or reproducible builds? There is some integrity function there. Else just quit doing those too then. Many sources people can find, just search... https://www.zdnet.com/article/dram-error-rates-nightmare-on-dimm-street/ http://www.cs.toronto.edu/~bianca/papers/sigmetrics09.pdf http://www.cs.toronto.edu/~bianca/papers/ASPLOS2012.pdf https://www.jedec.org/sites/default/files/Barbara_A_summary.pdf https://en.wikipedia.org/wiki/Data_degradation https://en.wikipedia.org/wiki/ECC_memory https://en.wikipedia.org/wiki/Soft_error Already have RowHammer too, who is researching DiskHammer? Yes, there does need to be current baseline studies made in 2020 across all of say Google, Amazon, Facebook global datacenters... fiber, storage, ram, etc. It is surely not zero errors otherwise passed. Then note all the users who do not run any media, memory, and cables capable of detecting and or correcting garbage. And the claims or data, about "checksums / digests / hashes" that fall short of at least 2^128 odds that strong crypto based repositories can provide. Many do not, and should not, accept less as sufficient standards. What is the worth of your data and instructions producted with some software from some repositories from some hops. Though error is only part of entire possible subject, still however... Lower some risks there too by raising some crypto bars. Be sure to expand "external physical editiing" hinted to include malicious, even by both local and remote adversarial actors, and or those acting outside of established practice. Some crypto repositories require additionally compromise of committer and or distribution private key to impart trust downstream, all of which leaves nice audit, instead of just sneaking in a "vi foo.rcs" or binary equivalent. Cryptographic defense in depth, not prayer. [Sorry not sure which is better mail list] From owner-freebsd-security@freebsd.org Sat Sep 21 17:41:30 2019 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 35D4812ABBF; Sat, 21 Sep 2019 17:41:30 +0000 (UTC) (envelope-from danielsh@apache.org) Received: from wout1-smtp.messagingengine.com (wout1-smtp.messagingengine.com [64.147.123.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 46bHvF1bgSz3Jhx; Sat, 21 Sep 2019 17:41:28 +0000 (UTC) (envelope-from danielsh@apache.org) Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.west.internal (Postfix) with ESMTP id 83148356; Sat, 21 Sep 2019 13:41:26 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Sat, 21 Sep 2019 13:41:26 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=ULKGKc KSdU85tjJHpaMRoQu/DWd8r8FHge9knP2DPIs=; b=rMitsi8HpB6vqVAqteN+oM 5WBInHxkPRNCn9wlEodVqhqbA3g9BZExn8gsxooIHLsE2OL5KApIKE5N4lOsJ9Ub FmZ1ivncO9wYFYGtnMLjToWYf4Rl4n20e9obIucra969MTQcAb+Hy1F3ZP4cvAwN GszQBgmFoQaULpwMGvmGJ3Wg079AZAdfh5SYd3+Jeu9+3bchBgkYsXwY8hDQ5sFa RtXBFlqZP+MGZSSPi8FscePCuUIGgBD7MNzrjA40q/WVHo1RuV2VFZG02mip6nt+ AIDBU2WdOVZkifnPPzguwkBPCgbY3m7Bj7Kl0vm4ITMTYxUmCJczFPHNvxAdQe8Q == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedufedrvdeggdduudeiucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpeffhffvuffkfhggtggujggfsehttd dttddtredvnecuhfhrohhmpeffrghnihgvlhcuufhhrghhrghfuceouggrnhhivghlshhh segrphgrtghhvgdrohhrgheqnecukfhppeejledrudejiedrkedurdefgeenucfrrghrrg hmpehmrghilhhfrhhomhepuggrnhhivghlshhhsegrphgrtghhvgdrohhrghenucevlhhu shhtvghrufhiiigvpedt X-ME-Proxy: Received: from tarpaulin.shahaf.local2 (bzq-79-176-81-34.red.bezeqint.net [79.176.81.34]) by mail.messagingengine.com (Postfix) with ESMTPA id AA927D6005F; Sat, 21 Sep 2019 13:41:25 -0400 (EDT) Received: by tarpaulin.shahaf.local2 (Postfix, from userid 1005) id 46bHv72r16zZf; Sat, 21 Sep 2019 17:41:23 +0000 (UTC) From: Daniel Shahaf To: freebsd-hackers@freebsd.org Cc: freebsd-security@freebsd.org, freebsd-questions@freebsd.org Subject: Re: Git/Mtn for FreeBSD, PGP WoT Sigs, Merkel Hash Tree Based Message-ID: <20190921174123.66q4coslqqx5axct@tarpaulin.shahaf.local2> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20170113 (1.7.2) X-Rspamd-Queue-Id: 46bHvF1bgSz3Jhx X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=messagingengine.com header.s=fm3 header.b=rMitsi8H; dmarc=none; spf=softfail (mx1.freebsd.org: 64.147.123.24 is neither permitted nor denied by domain of danielsh@apache.org) smtp.mailfrom=danielsh@apache.org X-Spamd-Result: default: False [-5.88 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[messagingengine.com:s=fm3]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; DMARC_NA(0.00)[apache.org]; R_SPF_SOFTFAIL(0.00)[~all]; RCVD_COUNT_THREE(0.00)[4]; IP_SCORE(-3.48)[ip: (-9.78), ipnet: 64.147.123.0/24(-4.90), asn: 11403(-2.68), country: US(-0.05)]; DKIM_TRACE(0.00)[messagingengine.com:+]; RCVD_IN_DNSWL_LOW(-0.10)[24.123.147.64.list.dnswl.org : 127.0.5.1]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:11403, ipnet:64.147.123.0/24, country:US]; RCVD_TLS_LAST(0.00)[]; RECEIVED_SPAMHAUS_PBL(0.00)[34.81.176.79.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.10] X-Mailman-Approved-At: Sat, 12 Oct 2019 23:27:58 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Sat, 21 Sep 2019 17:41:30 -0000 X-Original-Date: Sat, 21 Sep 2019 17:41:23 +0000 X-List-Received-Date: Sat, 21 Sep 2019 17:41:30 -0000 grarpamp wrote on Fri, Sep 20, 2019 at 17:04:08 -0400: > How does one know their entire copy of repo obtained on > DVD, "mirror", or elsewhere cryptographically > matches the authoritative repo... If someone wanted to add "signed commits" functionality to svn, I think that would be possible and even not too hard. From owner-freebsd-security@freebsd.org Fri Oct 4 17:22:53 2019 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B7DD3133F33; Fri, 4 Oct 2019 17:22:53 +0000 (UTC) (envelope-from mozolevsky@gmail.com) Received: from mail-oi1-f196.google.com (mail-oi1-f196.google.com [209.85.167.196]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 46lGsm6nWxz4bcn; Fri, 4 Oct 2019 17:22:52 +0000 (UTC) (envelope-from mozolevsky@gmail.com) Received: by mail-oi1-f196.google.com with SMTP id m16so6427466oic.5; Fri, 04 Oct 2019 10:22:52 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=41wyONT/jCdqrWpuHx9S2fZxmUxyz8x4I6gNx8g+wDY=; b=QfBonVy4g/NBdC/cabH+29DxmW65GmPbYT4Hd93kAKZJLNGSxfceglOq8+WWiD95jL lGx1SfYJ6QLUPaqj7A+hqyV4AfD2GOkLqu2xdW7BaDqv2ubLIlyOvqvbei29CXP9Ha3I r/hXvuwgaWn4IHoTLHHXdHKCBk7oly0SP0tMceQEEb9X1txzRNGgrVWN/2rh4uVaQIZ+ OV2LPs9KMcPGTBposm67tTSzHd/gFabuKfmJOeYmdKPFwXH0MnyzpBsKDu3fFHk4DuND BvNKh4pA6zEkjOWIs3MU6qBh5+8hd5j/Hljr2bJp1VedECHgCtPMl+FjAC8lDl5hmXUi s40Q== X-Gm-Message-State: APjAAAU2zlk2oEbVg+BN9hp01HEzOI8OC1L015xhL6QCMLToSlA9Tv/B zWVNpCieK2fGgUr1LjYfnkgBhzbFodE/exvVTw0= X-Google-Smtp-Source: APXvYqxvmFiP1WFGsjumxxVTM8b2C+Xrs/aEMpKFzP+ffmovWHhci+pq4iFK8R/58EWaCUfPyAL7a4PQSv237JoKkoY= X-Received: by 2002:aca:304b:: with SMTP id w72mr7731009oiw.126.1570209771415; Fri, 04 Oct 2019 10:22:51 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Igor Mozolevsky Date: Fri, 4 Oct 2019 18:22:15 +0100 Message-ID: Subject: Re: Git/Mtn for FreeBSD, PGP WoT Sigs, Merkel Hash Tree Based To: grarpamp Cc: freebsd security , Hackers freeBSD , freebsd-questions@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 46lGsm6nWxz4bcn X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of mozolevsky@gmail.com designates 209.85.167.196 as permitted sender) smtp.mailfrom=mozolevsky@gmail.com X-Spamd-Result: default: False [-3.09 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; R_SPF_ALLOW(-0.20)[+ip4:209.85.128.0/17:c]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; MIME_TRACE(0.00)[0:+]; DMARC_NA(0.00)[hybrid-lab.co.uk]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[196.167.85.209.list.dnswl.org : 127.0.5.0]; IP_SCORE(-1.09)[ipnet: 209.85.128.0/17(-3.27), asn: 15169(-2.16), country: US(-0.05)]; FORGED_SENDER(0.30)[igor@hybrid-lab.co.uk,mozolevsky@gmail.com]; FREEMAIL_TO(0.00)[gmail.com]; RWL_MAILSPIKE_POSSIBLE(0.00)[196.167.85.209.rep.mailspike.net : 127.0.0.17]; R_DKIM_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US]; FROM_NEQ_ENVFROM(0.00)[igor@hybrid-lab.co.uk,mozolevsky@gmail.com]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-Mailman-Approved-At: Sat, 12 Oct 2019 23:27:58 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Oct 2019 17:22:53 -0000 On Fri, 20 Sep 2019 at 22:01, grarpamp wrote: > > For consideration... > > SVN really may not offer much in the way of native > internal self authenticating repo to cryptographic levels > of security against bitrot, transit corruption and repo ops, > external physical editing, have much signing options, etc. > Similar to blockchain and ZFS hash merkle-ization, > signing the repo init and later points tags commits, > along with full verification toolset, is useful function. Isn't UNIX(TM) philosophy that a program should do one thing and do it well? Just because people can't be bothered to learn to use multiple tools to do *multiple* tasks on the same dataset, is not a reason, let alone "the reason," to increase any program complexity to orders of N^M^K^L so that one "foo checkout" does all the things one wants! Incidentally, how does that saying go, if you think "crypto" is the solution to your problem, then ... (I'm slightly paraphrasing, of course). When crypto invalidates a repo, how would it be different from seeing non ASCII characters in plain ASCII files, or sudden refusal to compile---one way or another you'd still need to restore from BACKUP, hence crypto IS NOT a substitute for good data keeping practices. Also, what empirical data do you have for repo bitrot/transit corruption that is NOT caught by underlying media? -- Igor M. From owner-freebsd-security@freebsd.org Thu Oct 3 16:10:31 2019 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 323F013A32C for ; Thu, 3 Oct 2019 16:10:31 +0000 (UTC) (envelope-from tomek@cedro.info) Received: from mail-oi1-x22c.google.com (mail-oi1-x22c.google.com [IPv6:2607:f8b0:4864:20::22c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 46kdJk1Wqpz4KXq for ; Thu, 3 Oct 2019 16:10:29 +0000 (UTC) (envelope-from tomek@cedro.info) Received: by mail-oi1-x22c.google.com with SMTP id k20so3132053oih.3 for ; Thu, 03 Oct 2019 09:10:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cedro.info; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=eYf9oxxQZdDL7vXxUmH7b6XP1sfkcPLw/YTel8yYW8A=; b=eIOwY12FJOX3Ia6eF1H2ovQ5qS6E0thvp5i6RocffHr8A0JiZ+D6iQDqJSVd4sbMbO pORUP3LLu3TWDK/Z6RHQyb+rEUL9v/BZGGXiUgyXGkHC2V3XDQZdv7+r50YUVMdD+RHV MYDFpcMNpeBfqX9QsMj4fHDWcmIhAqGh81dtbNtTBb5e7WpmeM+N/m04UBqLgcJpxm5z 6sX4gAJBhknZOkXrJIyBZyjaWsiGEwhRVB2A3Qy3vbtHRmgk5ZklvFg14szeewVutXFM DC7H4NtEhSepW158EjRnIKQfzeNsNEL5MyQ8UW5/JSUZiR8NnWZl68hba65UNPjA5TJc kj5g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=eYf9oxxQZdDL7vXxUmH7b6XP1sfkcPLw/YTel8yYW8A=; b=HzgCiJAux4otsviI1c1VG7vggloDUxYO6UYW44QTaMs19b5OEMwm6mONeZwRPk7q1q ckD+F5O8FQu9MuSpEBbMtGnCwDKtS+txReK/MHba5LgU0tQpXtF+/5rf0k/ziwuu9T0M UA7uRmNujduJWyPTHfcu+HHKNTXQqlWx2MgTbu0Aw13TyEaWs0sACJWecMCAv8IWjMFJ 3JgD4oTJ3TgG1R5cIuUGff9BxUxDzRHgz/8NX62LsCF2CbooKNCj7WtcGQvhQTrej0BS 1VYwAo0c/Qj9ipTttLrQHHvCdzoBWd/iLABXj8agBw+6YrZlK9/InOzZG7AoeHmT0iIy WeyA== X-Gm-Message-State: APjAAAW5ilWq/DHnZWHt4meymEC1BopnCozoe+sILj1AwTBmndC50JRa H/rbj2V7aHs1F7utKu6qPh40xfcEPGU= X-Google-Smtp-Source: APXvYqyLFAyM0OH55NaPViUrN0YK14rd6vZ9896h7CYPV1DL6OPCWmHrHyhXbR0KVNh0zpJC7Yep3Q== X-Received: by 2002:aca:618a:: with SMTP id v132mr3465908oib.89.1570119028751; Thu, 03 Oct 2019 09:10:28 -0700 (PDT) Received: from mail-ot1-f49.google.com (mail-ot1-f49.google.com. [209.85.210.49]) by smtp.gmail.com with ESMTPSA id r19sm854027ota.79.2019.10.03.09.10.28 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 03 Oct 2019 09:10:28 -0700 (PDT) Received: by mail-ot1-f49.google.com with SMTP id 89so2740487oth.13; Thu, 03 Oct 2019 09:10:28 -0700 (PDT) X-Received: by 2002:a9d:6084:: with SMTP id m4mr3767722otj.6.1570119028165; Thu, 03 Oct 2019 09:10:28 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Tomasz CEDRO Date: Thu, 3 Oct 2019 18:10:16 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: AMD Secure Encrypted Virtualization - FreeBSD Status? To: grarpamp Cc: freebsd-security@freebsd.org, freebsd-current@freebsd.org, freebsd-virtualization@freebsd.org X-Rspamd-Queue-Id: 46kdJk1Wqpz4KXq X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=cedro.info header.s=google header.b=eIOwY12F; dmarc=none; spf=none (mx1.freebsd.org: domain of tomek@cedro.info has no SPF policy when checking 2607:f8b0:4864:20::22c) smtp.mailfrom=tomek@cedro.info X-Spamd-Result: default: False [-2.97 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[cedro.info:s=google]; NEURAL_HAM_MEDIUM(-1.00)[-0.998,0]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; TO_DN_SOME(0.00)[]; NEURAL_HAM_LONG(-1.00)[-0.999,0]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; DMARC_NA(0.00)[cedro.info]; URI_COUNT_ODD(1.00)[3]; RCVD_COUNT_THREE(0.00)[4]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[cedro.info:+]; RCVD_IN_DNSWL_NONE(0.00)[c.2.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; R_SPF_NA(0.00)[]; FREEMAIL_TO(0.00)[gmail.com]; FROM_EQ_ENVFROM(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_TLS_ALL(0.00)[]; IP_SCORE(-2.68)[ip: (-8.60), ipnet: 2607:f8b0::/32(-2.57), asn: 15169(-2.16), country: US(-0.05)] X-Mailman-Approved-At: Sat, 12 Oct 2019 23:27:58 +0000 Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Oct 2019 16:10:31 -0000 would be really nice also to get UEFI BOOT compatible with SECURE BOOT :-) -- CeDeROM, SQ7MHZ, http://www.tomek.cedro.info From owner-freebsd-security@freebsd.org Mon Oct 7 10:58:42 2019 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 6134712AD95; Mon, 7 Oct 2019 10:58:42 +0000 (UTC) (envelope-from mozolevsky@gmail.com) Received: from mail-ot1-f44.google.com (mail-ot1-f44.google.com [209.85.210.44]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 46myC52Vd1z3MFb; Mon, 7 Oct 2019 10:58:41 +0000 (UTC) (envelope-from mozolevsky@gmail.com) Received: by mail-ot1-f44.google.com with SMTP id g13so10550845otp.8; Mon, 07 Oct 2019 03:58:41 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ZQglkprzouiwdiyAqljwW4pNNdxzzgvG/tHZdTtHdaU=; b=kWXM75kO1SxWARv4a3o10n3Ix+8f7RzsuCToBRnDzipBJ8tBP/mndA+83GEd3ewP0I cHgTKJ+lubq7QvgjtJtgcHNuCsQ0tXMzxmtP1ENjnpH0ABkNUDe/tlRJpwXCMTaF8GN+ /a3Aj75biS8V7/tJaDn1c17UCdw3uT3FLVbcfXhSWHCtxamF7jPmk0VVK5yEFGhVPNyW J1OCnwU6Nf7uIGlyaPu16S6kT+BGZAPzJDLf25Poyc3QAk+txFDbXt3EeuZHAForruNt wL/WBOpmbnlqaYbQGTg5FtH1UTYXyc5uuwwh/kfIML/UPOPA129Lg++tiV13maaN2tNI kzQw== X-Gm-Message-State: APjAAAV/YZM28xdYFcPtkfffpru8FfJ6G4lkntsx27Z23kUysN+PjXj8 9FUcdNiKHWCR/C38rB1XZTsjemYvrgaV+hjPijo= X-Google-Smtp-Source: APXvYqxqjKwyq2Gd531raW3AljdxW03f+jemi8TfQhP1/wW0XvWTxTQOEtS8WiW6KKETkJXNjj/cyLRCGG+KBLe476k= X-Received: by 2002:a05:6830:22d7:: with SMTP id q23mr20407346otc.65.1570445919800; Mon, 07 Oct 2019 03:58:39 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Igor Mozolevsky Date: Mon, 7 Oct 2019 11:58:03 +0100 Message-ID: Subject: Re: Git/Mtn for FreeBSD, PGP WoT Sigs, Merkel Hash Tree Based To: grarpamp Cc: freebsd security , Hackers freeBSD , freebsd-questions@freebsd.org, freebsd-current Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 46myC52Vd1z3MFb X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of mozolevsky@gmail.com designates 209.85.210.44 as permitted sender) smtp.mailfrom=mozolevsky@gmail.com X-Spamd-Result: default: False [-3.17 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:209.85.128.0/17]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; MIME_TRACE(0.00)[0:+]; DMARC_NA(0.00)[hybrid-lab.co.uk]; RWL_MAILSPIKE_GOOD(0.00)[44.210.85.209.rep.mailspike.net : 127.0.0.18]; RCPT_COUNT_FIVE(0.00)[5]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[44.210.85.209.list.dnswl.org : 127.0.5.0]; IP_SCORE(-1.17)[ip: (-0.41), ipnet: 209.85.128.0/17(-3.26), asn: 15169(-2.14), country: US(-0.05)]; FORGED_SENDER(0.30)[igor@hybrid-lab.co.uk,mozolevsky@gmail.com]; FREEMAIL_TO(0.00)[gmail.com]; R_DKIM_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US]; FROM_NEQ_ENVFROM(0.00)[igor@hybrid-lab.co.uk,mozolevsky@gmail.com]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-Mailman-Approved-At: Sat, 12 Oct 2019 23:27:58 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Oct 2019 10:58:42 -0000 On Mon, 7 Oct 2019 at 08:43, grarpamp wrote: > > On 10/4/19, Igor Mozolevsky wrote: > > On Fri, 20 Sep 2019 at 22:01, grarpamp wrote: > >> > >> For consideration... > >> https://lists.freebsd.org/pipermail/freebsd-security/2019-September/010099.html > >> > >> SVN really may not offer much in the way of native > >> internal self authenticating repo to cryptographic levels > >> of security against bitrot, transit corruption and repo ops, > >> external physical editing, have much signing options, etc. > >> Similar to blockchain and ZFS hash merkle-ization, > >> signing the repo init and later points tags commits, > >> along with full verification toolset, is useful function. > > > > > > > > > > Isn't UNIX(TM) philosophy that a program should do one thing and do it > > well? Just because people can't be bothered to learn to use multiple > > tools to do *multiple* tasks on the same dataset, is not a reason, let > > alone "the reason," to increase any program complexity to orders of > > N^M^K^L so that one "foo checkout" does all the things one wants! > > Was r353001 cryptosigned so people can verify it with > a second standalone multiple tool called "PGP", after the > first standalone multiple tool called "repo checkout"? > Was it crypto chained back into a crypto history so they could > treat it as a secure diff (the function of a third standalone multiple > tool "diff a b") instead of as entirely separate (and space wasting > set of) unlinked independant assertions / issuances as to a state? > How much time does that take over time each time vs > perhaps loading signed set of keys into repo client config. I'm guessing they are rhetorical questions; but you ought to look up how to do tool chaining in any flavour in UNIX(TM). > Is LOGO and tape better because less complex tool than C and disk. For some people, perhaps. > > crypto IS NOT a substitute for good data keeping > > practices. > > Who said that it was. However it can be a wrapper of > proof / certification / detection / assurance / integrity / test > over them... a good thing to have there, as opposed to nothing. What is the specific risk model you're mitigating---all you say is hugely speculative?! > > Also, what empirical data do you have for repo bitrot/transit > > corruption that is NOT caught by underlying media? > > Why are people even bothering to sha-2 or sign iso's, or > reproducible builds? There is some integrity function there. > Else just quit doing those too then. Funny you should say that, Microsoft, for example, don't checksum their ISOs for the OSes. You missed the point about reproducible builds entirely: given code A from Alice and package B from Bob, Charlie can compile package C from A and verify that C is identical to B, a simple `diff' of binaries is sufficient for that! The problem is that a lot of the time code A itself is buggy to such degree that it's vulnerable to attack (recall Heartbleed, for example). Crappy code is not mitigated by any layer of additional integrity checking of the same crappy code! > Many sources people can find, just search... > https://www.zdnet.com/article/dram-error-rates-nightmare-on-dimm-street/ > http://www.cs.toronto.edu/~bianca/papers/sigmetrics09.pdf > http://www.cs.toronto.edu/~bianca/papers/ASPLOS2012.pdf > https://www.jedec.org/sites/default/files/Barbara_A_summary.pdf > https://en.wikipedia.org/wiki/Data_degradation > https://en.wikipedia.org/wiki/ECC_memory > https://en.wikipedia.org/wiki/Soft_error I don't bother with second-hand rumors on WikiPedia so I'm not even going to bother looking there, but as for the rest, seriously, you're quoting a study of DDR1 and DDR2??? I have it on good authority that when at least one manufactured moved to smaller die process for DDR3 they saw the error rates plummet to their own surprise (as they were expecting the opposite) and now we're on DDR4, and what's the die size there?.. Perhaps you need to look into the error rates of EDO RAM et al too? In any event, ECC, integrity checking etc is done on the underlying media to detect and in some cases correct errors so you have to worry less about it at higher levels, so getting so obsessed by it is just silly especially advocating for a tool to do it all in one go! Here's a question to ponder: if code set X, certificate Y, and signed digest Z are stored on one media (remote server in your case), and your computed digest doesn't match digest Z, what part was corrupt, X, Y, or Z, or your checksumming? > Already have RowHammer too, who is researching DiskHammer? And RowHammer has been successfully demonstrated in a production environment? How exactly are you planning on timing the attack vector to get RAM cell data when you (a) don't know when that cell will be occupied by what you want, nor (b) where that cell is going to be in the first place? Go ask any scientist who works for pharma to explain the difference between "works in a lab" and "works in the real world"... > Yes, there does need to be current baseline studies made > in 2020 across all of say Google, Amazon, Facebook global > datacenters... fiber, storage, ram, etc. It is surely not zero > errors otherwise passed. Perhaps you need to "tell" Google, Amazon, Facebook, et al about that, and then come back to us with the results of those studies? To sum up, you're advocating for extra effort with no empirical data nor a decent risk model to justify the effort, good luck! -- Igor M. From owner-freebsd-security@freebsd.org Wed Aug 7 01:17:10 2019 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A56E7B9580 for ; Wed, 7 Aug 2019 01:17:10 +0000 (UTC) (envelope-from fgont@si6networks.com) Received: from fgont.go6lab.si (fgont.go6lab.si [91.239.96.14]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 463DBG38JWz41hv; Wed, 7 Aug 2019 01:17:09 +0000 (UTC) (envelope-from fgont@si6networks.com) Received: from [192.168.1.17] (ppp-94-69-228-26.home.otenet.gr [94.69.228.26]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by fgont.go6lab.si (Postfix) with ESMTPSA id 55AB384B3D; Wed, 7 Aug 2019 03:17:06 +0200 (CEST) Subject: Re: FreeBSD Security Advisory FreeBSD-SA-19:19.mldv2 To: freebsd-security@freebsd.org, FreeBSD Security Advisories References: <20190806183211.EE35BEE16@freefall.freebsd.org> From: Fernando Gont Openpgp: preference=signencrypt Autocrypt: addr=fgont@si6networks.com; prefer-encrypt=mutual; keydata= mQINBE5so2gBEACzBQBLUy8nzgAzSZn6ViXT6TmZBFNYNqTpPRvTVtUqF6+tkI+IEd9N2E8p pXUXCd0W4dkxz6o7pagnK63m4QSueggvp881RVVHOF8oTSHOdnGxLfLeLNJFKE1FOutU3vod GK/wG/Fwzkv9MebdXpMlLV8nnJuAt66XGl/lU1JrNfrKO4SoYQi4TsB/waUQcygh7OR/PEO0 EttiU8kZUbZNv58WH+PAj/rdZCrgUSiGXiWUQQKShqKnJxLuAcTcg5YRwL8se/V6ciW0QR9i /sr52gSmLLbW5N3hAoO+nv1V/9SjJAUvzXu43k8sua/XlCXkqU7uLj41CRR72JeUZ4DQsYfP LfNPC98ZGTVxbWbFtLXxpzzDDT8i3uo7w1LJ2Ij/d5ezcARqw01HGljWWxnidUrjbTpxkJ9X EllcsH94mer728j/HKzC9OcTuz6WUBP3Crgl6Q47gY5ZIiF0lsmd9/wxbaq5NiJ+lGuBRZrD v0dQx9KmyI0/pH2AF8cW897/6ypvcyD/1/11CJcN+uAGIrklwJlVpRSbKbFtGC6In592lhu7 wnK8cgyP5cTU+vva9+g6P1wehi4bylXdlKc6mMphbtSA+T3WBNP557+mh3L62l4pGaEGidcZ DLYT2Ud18eAJmxU3HnM8P3iZZgeoK7oqgb53/eg96vkONXNIOwARAQABtCVGZXJuYW5kbyBH b250IDxmZ29udEBzaTZuZXR3b3Jrcy5jb20+iQJBBBMBAgArAhsjBQkSzAMABgsJCAcDAgYV CAIJCgsEFgIDAQIeAQIXgAUCTmylpQIZAQAKCRCuJQ1VHU50kv7wD/9fuNtTfxSLk3B3Hs3p ixTy8YXVjdkVwWlnJjFd7BOWmg7sI+LDhpjGfT6+ddOiwkumnvUZpObodj4ysH0i8c7P4C5t F9yu7WjklSlrB5Rth2CGChg5bKt541z2WHkFFxys9qBLmCSYDeKQkzLqhCjIUJizY2kOJ2GI MnSFDzJjhSFEh//oW830Y8fel1xnf/NVF+lBVtRMtMOfoWUqDjvP3sJ1G4zgkDCnF0CfncLx +hq2Mv26Uq9OTzvLH9aSQQ/f067BOkKAJKsfHdborX4E96ISTz57/4xECRSMr5dVsKVm4Y// uVIsb+L5z+a32FaiBZIAKDgnJO7Z8j6CV5e5yfuBTtX52Yi9HjYYqnYJGSDxYd6igD4bWu+7 xmJPHjkdqZgGV6dQIgiUfqkU+s5Cv350vK48CMaT/ZLo2BdsMhWsmaHmb+waePUMyq6E4E9x 9Js+EJb9ZiCfxS9exgieZQpet1L36IvhiwByvkQM009ywfa30JeMOltUtfLi5V06WQWsTzPL 5C+4cpkguSuAJVDTctjCA0moIeVDOpJ8WH9voQ4IeWapQnX35OIoj1jGJqqYdx65gc1ygbyx b8vw+pJ9E5GLse5TQnYifOWpXzX9053dtbwp/2OVhU4KLlzfCPCEsoTyfu9nIZxdI2PMwiL5 M85BfjX4NmwBLmPGoLkCDQRObKNoARAAqqXCkr250BchRDmi+05F5UQFgylUh10XTAJxBeaQ UNtdxZiZRm6jgomSrqeYtricM9t9K0qb4X2ZXmAMW8o8AYW3RrQHTjcBwMnAKzUIEXXWaLfG cid/ygmvWzIHgMDQKP+MUq1AGQrnvt/MRLvZLyczAV1RTXS58qNaxtaSpc3K/yrDozh/a4pu WcUsVvIkzyx43sqcwamDSBb6U8JFoZizuLXiARLLASgyHrrCedNIZdWSx0z0iHEpZIelA2ih AGLiSMtmtikVEyrJICgO81DkKNCbBbPg+7fi23V6M24+3syHk3IdQibTtBMxinIPyLFF0byJ aGm0fmjefhnmVJyCIl/FDkCHprVhTme57G2/WdoGnUvnT7mcwDRb8XY5nNRkOJsqqLPemKjz kx8mXdQbunXtX9bKyVgd1gIl+LLsxbdzRCch773UBVoortPdK3kMyLtZ4uMeDX3comjx+6VL bztUdJ1Zc9/njwVG8fgmQ+0Kj5+bzQfUY+MmX0HTXIx3B4R1I1a8QoOwi1N+iZNdewV5Zfq+ 29NlQLnVPjCRCKbaz9k6RJ2oIti55YUI6zSsL3lmlOXsRbXN5bRswFczkNSCJxJMlDiyAUIC WOay7ymzvgzPa+BY/mYn94vRaurDQ4/ljOfj6oqgfjts+dJev4Jj89vp8MQI3KJpZPEAEQEA AYkCJQQYAQIADwUCTmyjaAIbDAUJEswDAAAKCRCuJQ1VHU50km4xEACho45PZrUjY4Zl2opR DFNo5a6roTOPpgwO9PcBb3I5F8yX2Dnew+9OhgWXbBhAFq4DCx+9Gjs43Bn60qbZTDbLGJ/m 8N4PwEiq0e5MKceYcbetEdEUWhm5L6psU9ZZ82GR3UGxPXYe+oifEoJjOXQ39avf9S8p3yKP Diil0E79rn7LbJjMcgMLyjFg9SDoJ6pHLtniJoDhEAaSSgeV7Y745+gyMIdtQmrFHfqrFdjq D6G0HE+Z68ywc5KN67YxhvhBmSycs1ZSKAXv1zLDlXdmjHDHkU3xMcB+RkuiTba8yRFYwb/n j62CC4NhFTuIKOc4ta3dJsyXTGh/hO9UjWUnmAGfd0fnzTBZF8Qlnw/8ftx5lt4/O+eqY1EN RITScnPzXE/wMOlTtdkddQ+QN6xt6jyR2XtAIi7aAFHypIqA3lLI9hF9x+lj4UQ2yA9LqpoX 6URpPOd13JhAyDe47cwsP1u9Y+OBvQTVLSvw7Liu2b4KjqL4lx++VdBi7dXsjJ6kjIRjI6Lb WVpxe8LumMCuVDepTafBZ49gr7Fgc4F9ZSCo6ChgQNLn6WDzIkqFX+42KuHz90AHWhuW+KZR 1aJylERWeTcMCGUSBptd48KniWmD6kPKpzwoMkJtEXTuO2lVuborxzwuqOTNuYg9lWDl7zKt wPI9brGzquUHy4qRrA== Message-ID: <016f565b-9281-dc14-651a-bcd2245f0544@si6networks.com> User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 MIME-Version: 1.0 In-Reply-To: <20190806183211.EE35BEE16@freefall.freebsd.org> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 463DBG38JWz41hv X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-6.92 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; NEURAL_HAM_SHORT(-0.93)[-0.927,0]; REPLY(-4.00)[]; NEURAL_HAM_LONG(-1.00)[-0.996,0] X-Mailman-Approved-At: Sat, 12 Oct 2019 23:27:58 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Wed, 07 Aug 2019 01:17:10 -0000 X-Original-Date: Wed, 7 Aug 2019 04:05:02 +0300 X-List-Received-Date: Wed, 07 Aug 2019 01:17:10 -0000 Folks, Since FreeBSD ships with IPv6 support enabled by default, aren't all systems affected, one way or another? Thanks, Fernando > ============================================================================= > FreeBSD-SA-19:19.mldv2 Security Advisory > The FreeBSD Project > > Topic: ICMPv6 / MLDv2 out-of-bounds memory access > > Category: core > Module: net > Announced: 2019-08-06 > Credits: CJD of Apple > Affects: All supported versions of FreeBSD. > Corrected: 2019-08-06 17:13:41 UTC (stable/12, 12.0-STABLE) > 2019-08-06 17:11:17 UTC (releng/12.0, 12.0-RELEASE-p9) > 2019-08-06 17:15:46 UTC (stable/11, 11.3-STABLE) > 2019-08-06 17:11:17 UTC (releng/11.3, 11.3-RELEASE-p2) > 2019-08-06 17:11:17 UTC (releng/11.2, 11.2-RELEASE-p13) > CVE Name: CVE-2019-5608 > > For general information regarding FreeBSD Security Advisories, > including descriptions of the fields above, security branches, and the > following sections, please visit . > > I. Background > > MLDv2 is the Multicast Listener Discovery protocol, version 2. It is used > by IPv6 routers to discover multicast listeners. > > II. Problem Description > > The ICMPv6 input path incorrectly handles cases where an MLDv2 listener > query packet is internally fragmented across multiple mbufs. > > III. Impact > > A remote attacker may be able to cause an out-of-bounds read or write that > may cause the kernel to attempt to access an unmapped page and subsequently > panic. > > IV. Workaround > > No workaround is available. Systems not using IPv6 are not affected. > > V. Solution > > Perform one of the following: > > Upgrade your vulnerable system to a supported FreeBSD stable or > release / security branch (releng) dated after the correction date, > and reboot. > > 1) To update your vulnerable system via a binary patch: > > Systems running a RELEASE version of FreeBSD on the i386 or amd64 > platforms can be updated via the freebsd-update(8) utility: > > # freebsd-update fetch > # freebsd-update install > # shutdown -r +10min "Reboot for security update" > > 2) To update your vulnerable system via a source code patch: > > The following patches have been verified to apply to the applicable > FreeBSD release branches. > > a) Download the relevant patch from the location below, and verify the > detached PGP signature using your PGP utility. > > [FreeBSD 11.2, FreeBSD 11.3] > # fetch https://security.FreeBSD.org/patches/SA-19:19/mldv2.11.patch > # fetch https://security.FreeBSD.org/patches/SA-19:19/mldv2.11.patch.asc > # gpg --verify mldv2.11.patch.asc > > [FreeBSD 12.0] > # fetch https://security.FreeBSD.org/patches/SA-19:19/mldv2.12.patch > # fetch https://security.FreeBSD.org/patches/SA-19:19/mldv2.12.patch.asc > # gpg --verify mldv2.12.patch.asc > > b) Apply the patch. Execute the following commands as root: > > # cd /usr/src > # patch < /path/to/patch > > c) Recompile your kernel as described in > and reboot the > system. > > VI. Correction details > > The following list contains the correction revision numbers for each > affected branch. > > Branch/path Revision > ------------------------------------------------------------------------- > stable/12/ r350648 > releng/12.0/ r350644 > stable/11/ r350650 > releng/11.3/ r350644 > releng/11.2/ r350644 > ------------------------------------------------------------------------- > > To see which files were modified by a particular revision, run the > following command, replacing NNNNNN with the revision number, on a > machine with Subversion installed: > > # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base > > Or visit the following URL, replacing NNNNNN with the revision number: > > > > VII. References > > > > The latest revision of this advisory is available at > > _______________________________________________ > freebsd-security-notifications@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-security-notifications > To unsubscribe, send any mail to "freebsd-security-notifications-unsubscribe@freebsd.org" > -- Fernando Gont SI6 Networks e-mail: fgont@si6networks.com PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492 From owner-freebsd-security@freebsd.org Sun Sep 1 17:46:33 2019 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id D7404E04C8 for ; Sun, 1 Sep 2019 17:46:33 +0000 (UTC) (envelope-from brnrd@freebsd.org) Received: from smtp01.qsp.nl (smtp01.qsp.nl [193.254.214.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 46M0yK3xJ3z4b0w for ; Sun, 1 Sep 2019 17:46:33 +0000 (UTC) (envelope-from brnrd@freebsd.org) Received: from mail.brnrd.eu (unknown [193.164.217.85]) by smtp01.qsp.nl (Postfix) with ESMTPSA id 6559E184D1 for ; Sun, 1 Sep 2019 19:46:31 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=brnrd.eu; h=date:from:to:subject:message-id; s=default; bh=erKZNK8y/BpZFcMHgRw9/HBY+j7Q8Je6OpfG0jiaWxs=; b=UXI+s3N+LIoS1fph5ovapMhFCODXou6PfOrpCyWQj6y3UKqhsFaOLW7/z6eY4oLzoYZeF89BV/fnX9WuWX9ZRuY15N3aF+TZA4egq7ULtEdshU5h4goNAKlIVGeyzGPKwczOccBEsKYVtICb+TVdwY+cCwKIDbGz+vfvLejR3/od/zK8Bel4oD9FU29XraMRF0T0qRaZ3QWg+LGXaPa221C7+zkpjC0FNZHDGNP7lm118yHlLZfYe4y6VodW8WnATLEN8Y3nHyi5Q9BVWN6jKMZG3w0bqS6jKt0IxZjFvl1xoDNknSpYAB5TQCYl3NYC/zL0LeuRjsbZ3na+CIjxgw== Received: by brnrd.eu (OpenSMTPD) with ESMTPSA id 1961586f TLS version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO for ; Sun, 1 Sep 2019 19:46:30 +0200 (CEST) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit From: Bernard Spil To: freebsd-security@freebsd.org Subject: MFH requests for mariadb103 and mariadb104 Message-ID: X-Sender: brnrd@freebsd.org User-Agent: Roundcube Webmail/1.3.9 X-Rspamd-Queue-Id: 46M0yK3xJ3z4b0w X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-2.97 / 15.00]; local_wl_from(0.00)[freebsd.org]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; NEURAL_HAM_SHORT(-0.97)[-0.974,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; ASN(0.00)[asn:12315, ipnet:193.254.214.0/23, country:NL] X-Mailman-Approved-At: Sat, 12 Oct 2019 23:27:58 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Sun, 01 Sep 2019 17:46:33 -0000 X-Original-Date: Sun, 01 Sep 2019 17:46:30 +0000 X-List-Received-Date: Sun, 01 Sep 2019 17:46:33 -0000 Hi, Forgot to add MFH 2019Q3 to https://svnweb.freebsd.org/ports?view=revision&revision=510703 https://svnweb.freebsd.org/ports?view=revision&revision=510711 Cheers, Bernard. From owner-freebsd-security@freebsd.org Tue Aug 20 22:01:45 2019 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id F3E1DE2670 for ; Tue, 20 Aug 2019 22:01:44 +0000 (UTC) (envelope-from ian@freebsd.org) Received: from outbound2m.ore.mailhop.org (outbound2m.ore.mailhop.org [54.149.155.156]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 46ClBJ4RnGz48kN for ; Tue, 20 Aug 2019 22:01:44 +0000 (UTC) (envelope-from ian@freebsd.org) ARC-Seal: i=1; a=rsa-sha256; t=1566338503; cv=none; d=outbound.mailhop.org; s=arc-outbound20181012; b=fE2yDXMYl+xNKZsR+MVNchiYpSoqJgJI04DgKeC7zmjU+RQUftxIrI6u4pWhvrQazF2VH9DMIoC1/ vqS4D3u9I/yF22U2z8L9jmEK5pGBKoScOKkV8mjAIBeTsIelzTguTzclmn9QsIB8AGFAckjHkHfDyu RR9cQAGDH65R02Im/UIY4kw8KeSggBvDcmULCinpwL61OMZqTRwQYjnGJEprXtmlhSXago5NIkOx1v 3nxKvv+37zWaJPYq7KHdWP3zobxsTdotDV7m3U7uAGj+pWu9yowI4PXV+mbZ2uzrZPNkQ8WK84TkPg GC2MESFPCqG/SOKnGH56ggRRplnJodA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=outbound.mailhop.org; s=arc-outbound20181012; h=content-transfer-encoding:mime-version:content-type:references:in-reply-to: date:cc:to:from:subject:message-id:dkim-signature:from; bh=ABIqVPr2u8Ujx+vBa+OdbASKAJ00dLkpgYgEHnN3inQ=; b=PL9xdcHGcuLFIUHaboktvuN9vRbqtwxnS+H8wJ62qqAmLfYBpzZLVlG59YtQnKbEbGph6Jansctr6 UFvOBLawmLLML0KRNGrE+4BkVe2np6TJ1KtH/EjqVTxUJETuu94iOT0F/M7uF7vD8aiXDkIaLYuDQ5 t077uIPFIhneSK719mReOV5OAF6l7WQ/94oCOqGGLTxwajEIj2tjcYFs5kacMjzaYXnHivUOl+1ACm iyJcNAD0kxcR7nRJA2+h3T93wCPqnLO7JFYleGFEWhDbTDGToCCwF3ivtRmBi1aOCSl3B0FgELm+Oy DxzEdHNWTLveiromGCT91nG6AhJTsTg== ARC-Authentication-Results: i=1; outbound4.ore.mailhop.org; spf=softfail smtp.mailfrom=freebsd.org smtp.remote-ip=67.177.211.60; dmarc=none header.from=freebsd.org; arc=none header.oldest-pass=0; DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outbound.mailhop.org; s=dkim-high; h=content-transfer-encoding:mime-version:content-type:references:in-reply-to: date:cc:to:from:subject:message-id:from; bh=ABIqVPr2u8Ujx+vBa+OdbASKAJ00dLkpgYgEHnN3inQ=; b=iLK4IRv+Lq/iZtcE6ozi0mvBT8fLmneU3zxqQXLMvpuzQXYGTakdJNafH/nEEkVoeUrJ7VMNp8kyp qc+5M4CJXNC41nGrD7XT48WE7qZp802l8q9LLdW3qpgX9Sh6qaJiMOaYNvHhCC2TI2UheqqPv7r+ZC i8yXtPFKv955kirl0Rs+2seKss9W0Dl6h+zMLc1s70Gg4lrjLCrT+/sGfHe+SmF1P7NGeE8OT68uYS zhwzhuasD0XdNm9EhO1Xee+WsBW6Dl2r3iMhK/PShF6cYbUARdqVkIislhDcFGZrZHwimrrw3JRnbB MrLh2qmTVBBpbALhS9Rc1dDzWPdnlTA== X-MHO-RoutePath: aGlwcGll X-MHO-User: 1602e52c-c396-11e9-85ec-13b9aae3a1d2 X-Report-Abuse-To: https://support.duocircle.com/support/solutions/articles/5000540958-duocircle-standard-smtp-abuse-information X-Originating-IP: 67.177.211.60 X-Mail-Handler: DuoCircle Outbound SMTP Received: from ilsoft.org (unknown [67.177.211.60]) by outbound4.ore.mailhop.org (Halon) with ESMTPSA id 1602e52c-c396-11e9-85ec-13b9aae3a1d2; Tue, 20 Aug 2019 22:01:42 +0000 (UTC) Received: from rev (rev [172.22.42.240]) by ilsoft.org (8.15.2/8.15.2) with ESMTP id x7KM1dgZ081449; Tue, 20 Aug 2019 16:01:39 -0600 (MDT) (envelope-from ian@freebsd.org) Message-ID: <1909279dfc6002f6c21ff8e92ca2925511dca322.camel@freebsd.org> Subject: Re: FreeBSD Security Advisory FreeBSD-SA-19:23.midi From: Ian Lepore To: Eugene Grosbein , freebsd-security@freebsd.org Cc: Freebsd hackers list In-Reply-To: References: <20190820201257.7A9D41F8B7@freefall.freebsd.org> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.28.5 FreeBSD GNOME Team Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 46ClBJ4RnGz48kN X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-2.98 / 15.00]; local_wl_from(0.00)[freebsd.org]; NEURAL_HAM_MEDIUM(-1.00)[-0.998,0]; NEURAL_HAM_SHORT(-0.98)[-0.983,0]; ASN(0.00)[asn:16509, ipnet:54.148.0.0/15, country:US]; NEURAL_HAM_LONG(-1.00)[-1.000,0] X-Mailman-Approved-At: Sat, 12 Oct 2019 23:27:58 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Tue, 20 Aug 2019 22:01:45 -0000 X-Original-Date: Tue, 20 Aug 2019 16:01:39 -0600 X-List-Received-Date: Tue, 20 Aug 2019 22:01:45 -0000 On Wed, 2019-08-21 at 04:55 +0700, Eugene Grosbein wrote: > 21.08.2019 3:12, FreeBSD Security Advisories wrote: > > [skip] > > > IV. Workaround > > > > No workaround is available. Custom kernels without "device sound" > > are not vulnerable. > > Is it true that there is no way to disable vulnerable and unneeded > device driver > built in GENERIC other that through rebuilding the kernel? > > I remember that pre-4.x versions of FreeBSD had visual VGA-based pre- > boot configurator > allowing to disable any compiled-in device driver. Don't > device.hints(5) or loader(8) have means to do so? > > These days GENERIC have LOTS of drivers and it's convenient but > unsafe. > "No workaround" just seems to be wrong. Aside from setting the disabled hint to turn off the driver (or using devctl to turn it off on a live system), the exploit also requires opening /dev/midistat, so a viable workaround is to change its permissions so that users can't open it. -- Ian From owner-freebsd-security@freebsd.org Tue Sep 10 01:44:52 2019 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 71B4AE9190 for ; Tue, 10 Sep 2019 01:44:52 +0000 (UTC) (envelope-from wollman@hergotha.csail.mit.edu) Received: from hergotha.csail.mit.edu (tunnel82308-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:ccb::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 46S7BW3FYZz4vp2 for ; Tue, 10 Sep 2019 01:44:51 +0000 (UTC) (envelope-from wollman@hergotha.csail.mit.edu) Received: from hergotha.csail.mit.edu (localhost [127.0.0.1]) by hergotha.csail.mit.edu (8.15.2/8.15.2) with ESMTP id x8A1ig0L034765; Mon, 9 Sep 2019 21:44:43 -0400 (EDT) (envelope-from wollman@hergotha.csail.mit.edu) Received: (from wollman@localhost) by hergotha.csail.mit.edu (8.15.2/8.15.2/Submit) id x8A1igXq034764; Mon, 9 Sep 2019 21:44:42 -0400 (EDT) (envelope-from wollman) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Message-ID: <23927.10.5222.629103@hergotha.csail.mit.edu> From: Garrett Wollman To: Victor Sudakov Cc: freebsd-security@freebsd.org Subject: Re: Let's Encrypt In-Reply-To: <20190910005231.GA23163@admin.sibptus.ru> References: <20190908145835.GA67269@admin.sibptus.ru> <20190909090605.GA97856@admin.sibptus.ru> <20190910005231.GA23163@admin.sibptus.ru> X-Mailer: VM 8.2.0b under 26.2 (amd64-portbld-freebsd11.3) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (hergotha.csail.mit.edu [127.0.0.1]); Mon, 09 Sep 2019 21:44:43 -0400 (EDT) X-Spam-Status: No, score=-0.8 required=5.0 tests=ALL_TRUSTED, HEADER_FROM_DIFFERENT_DOMAINS autolearn=disabled version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on hergotha.csail.mit.edu X-Rspamd-Queue-Id: 46S7BW3FYZz4vp2 X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=fail reason="No valid SPF, No valid DKIM" header.from=bimajority.org (policy=none); spf=permerror (mx1.freebsd.org: domain of wollman@hergotha.csail.mit.edu uses mechanism not recognized by this client) smtp.mailfrom=wollman@hergotha.csail.mit.edu X-Spamd-Result: default: False [-3.24 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; DMARC_POLICY_SOFTFAIL(0.10)[bimajority.org : No valid SPF, No valid DKIM,none]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; R_SPF_PERMFAIL(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; IP_SCORE(-1.54)[ipnet: 2001:470::/32(-4.46), asn: 6939(-3.17), country: US(-0.05)]; FORGED_SENDER(0.30)[wollman@bimajority.org,wollman@hergotha.csail.mit.edu]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:6939, ipnet:2001:470::/32, country:US]; FROM_NEQ_ENVFROM(0.00)[wollman@bimajority.org,wollman@hergotha.csail.mit.edu]; RCVD_COUNT_TWO(0.00)[2] X-Mailman-Approved-At: Sat, 12 Oct 2019 23:27:58 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Tue, 10 Sep 2019 01:44:52 -0000 X-Original-Date: Mon, 9 Sep 2019 21:44:42 -0400 X-List-Received-Date: Tue, 10 Sep 2019 01:44:52 -0000 < said: > Trond Endrest=F8l wrote: >>=20 >> #minute=09hour=09mday=09month=09wday=09who=09command >>=20 >> 52=094=091=09*=09*=09root=09certbot renew --quiet --pre-hook "servic= e apache24 stop" --post-hook "service apache24 start" >> 52=091=0915=09*=09*=09root=09certbot renew --quiet --pre-hook "servi= ce apache24 stop" --post-hook "service apache24 start" > Is it safe to run certbot as root=3F=20 I can't speak to certbot (I currently use acmetool) but in general, the thing that certbot does requires the ability to signal whatever process is using the certificates, which is normally going to be a web server but might be a mail server, name server, RADIUS server, or some other application -- as shown in the example above. So if you don't run it as root (probably smart) you'll need to find another way to tell the TLS server application to reload its certificates when needed. -GAWollman From owner-freebsd-security@freebsd.org Thu Oct 3 20:32:37 2019 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 9997513FD9A for ; Thu, 3 Oct 2019 20:32:37 +0000 (UTC) (envelope-from tomek@cedro.info) Received: from mail-ot1-x335.google.com (mail-ot1-x335.google.com [IPv6:2607:f8b0:4864:20::335]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 46kl785mtYz4hCD for ; Thu, 3 Oct 2019 20:32:36 +0000 (UTC) (envelope-from tomek@cedro.info) Received: by mail-ot1-x335.google.com with SMTP id c10so3468949otd.9 for ; Thu, 03 Oct 2019 13:32:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cedro.info; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=b1VV6VCDh0McNccdZXiyMdDdQ3nk1nObf+12RvEqMb0=; b=dB7S3Cdw8lpHiC+lmQysWY8GO9c1MDBr9egfIEdhsCFHVQFP4wEPEztmyOrLfSx5eW bMXU6IkYxiKf9i3DpworVHZQKV/km/ZQA8fw6V4+sI763adYGI5EKiz6R7SswZxA/l5x d/ogkVGz6is6ckrj/rAFVkQWDdIeyaUv/Am9SDBaojhxDywYluXVRJogchll2VxxGgt9 FE4Z/d0WNp6R1Kk3PQHyhZrltbJf1OHPCmNoUx/yiQIaMDVk6+WrHeG2PZeQyCySO2pB GZg9zdeBSX525QLLibshaDnQ7Of7wPWbzWMJEDXvFu5J/EKnXQtORAzHoCTnMueI8r1n lgGg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=b1VV6VCDh0McNccdZXiyMdDdQ3nk1nObf+12RvEqMb0=; b=WOm230IojtZ24OT9RDL2GpwgysMxzJAhp6BT13nbR4KbO41XNKT0TIJQV4kjzoMWeO xaJt1HRqmdxjVi2KDaC+CHnVW95Wlj6SRa5RND34tpg2DR4uTvLxxQSifpEewOUAqWhV 88D+RQ4w07H2hVQ/AzdIBy+hBZ/dl0pZIYr4BHfropkVO4MvufHiOYmwA3H9ceK+9nEU RbqHL7hk6wzkp4sj0LewclFPBMds0Srro/T1srix+XGGpVC9McF+fZyU5h1lMI4n3vht wt7aZ1vN7hsnyUEqkybvEU8xPbvp3TjPMMdniSVQpLpmb+6V2ARjJS8mtYZF9SN0XLVD K9tg== X-Gm-Message-State: APjAAAVAeGAKjtwRrOCjFcSiBzNe44WHkGGNno33C/+MtTZCe2PFqapi bBMGggdC4mRpU/5psfg2LRJW3+hVBH4= X-Google-Smtp-Source: APXvYqy4Phg2t3Lnpo8faedCrMWrbA/xMVSDuDutSFiQBvNmbi/FGtJdQyNPZNBu1IRCYxM2JZf8/Q== X-Received: by 2002:a9d:2f09:: with SMTP id h9mr7677339otb.21.1570134755421; Thu, 03 Oct 2019 13:32:35 -0700 (PDT) Received: from mail-oi1-f169.google.com (mail-oi1-f169.google.com. [209.85.167.169]) by smtp.gmail.com with ESMTPSA id n4sm1138284oij.9.2019.10.03.13.32.34 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 03 Oct 2019 13:32:34 -0700 (PDT) Received: by mail-oi1-f169.google.com with SMTP id k9so3848617oib.7; Thu, 03 Oct 2019 13:32:34 -0700 (PDT) X-Received: by 2002:aca:72d2:: with SMTP id p201mr4417825oic.45.1570134754274; Thu, 03 Oct 2019 13:32:34 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Tomasz CEDRO Date: Thu, 3 Oct 2019 22:32:21 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: AMD Secure Encrypted Virtualization - FreeBSD Status? To: "Clay Daniels Jr." Cc: grarpamp , freebsd-security@freebsd.org, "freebsd-current@freebsd.org" , freebsd-virtualization@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 46kl785mtYz4hCD X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=cedro.info header.s=google header.b=dB7S3Cdw; dmarc=none; spf=none (mx1.freebsd.org: domain of tomek@cedro.info has no SPF policy when checking 2607:f8b0:4864:20::335) smtp.mailfrom=tomek@cedro.info X-Spamd-Result: default: False [-2.20 / 15.00]; TO_DN_EQ_ADDR_SOME(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; RCPT_COUNT_FIVE(0.00)[5]; RCVD_COUNT_THREE(0.00)[4]; DKIM_TRACE(0.00)[cedro.info:+]; FREEMAIL_TO(0.00)[gmail.com]; FROM_EQ_ENVFROM(0.00)[]; IP_SCORE(-2.40)[ip: (-7.20), ipnet: 2607:f8b0::/32(-2.57), asn: 15169(-2.16), country: US(-0.05)]; SUBJECT_ENDS_QUESTION(1.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; MIME_TRACE(0.00)[0:+]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[cedro.info:s=google]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; TAGGED_RCPT(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; DMARC_NA(0.00)[cedro.info]; MIME_GOOD(-0.10)[text/plain]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[5.3.3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; R_SPF_NA(0.00)[]; FREEMAIL_CC(0.00)[gmail.com]; RCVD_TLS_ALL(0.00)[]; SUSPICIOUS_RECIPS(1.50)[] X-Mailman-Approved-At: Sat, 12 Oct 2019 23:27:58 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Oct 2019 20:32:37 -0000 On Thu, Oct 3, 2019 at 10:29 PM Clay Daniels Jr. wrote: > Just whose secure keys do you suggest? I go to a lot of trouble to disable secure boot so I can load any operating system I want. The goal would be not to disable secure boot and have FreeBSD running with a secured bootloader :-) At the moment we have insecure boot + insecure kernel + possible encrypted data partition.. -- CeDeROM, SQ7MHZ, http://www.tomek.cedro.info From owner-freebsd-security@freebsd.org Mon Sep 16 23:02:29 2019 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1531CEF10D; Mon, 16 Sep 2019 23:02:29 +0000 (UTC) (envelope-from grarpamp@gmail.com) Received: from mail-io1-xd42.google.com (mail-io1-xd42.google.com [IPv6:2607:f8b0:4864:20::d42]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 46XMFw1vLlz4GY1; Mon, 16 Sep 2019 23:02:28 +0000 (UTC) (envelope-from grarpamp@gmail.com) Received: by mail-io1-xd42.google.com with SMTP id f12so2918382iog.12; Mon, 16 Sep 2019 16:02:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc :content-transfer-encoding; bh=ABHAaOdC0ZGtWKBW0F8L2MVhuSDFYtQmUjNQDZ63w6Y=; b=YxekkMpkesfeLSLZfVTtB2R65wPtzY5sKkzpFmODv45ZXnQ7AINCK2yTswOrdKJZEy 1mh64p550EOMqB4AVaoW8I++XB4q3cZ8XtVb1Nhs1OHSux9pDYx+3ldGp5iQ5ZWxIYld //WvthA6nV0ZLnb3n61KoPzu+S+qr/OqANieTtGPsOycyGR6i45RMiitrINsHGlT5Cxc FAL3vW4Oi/2045EbPoEZoPd3J5fV4J45IQW/M5vNlnGVkH4owE9dq1aX0G1/vjaQQbbM s2iExCKaA7JExv4t9Z9xU5hrlgrfGIyVBTEzg4tdY+t7XpUAYO3AOuDXRyAFneTXTYGo Bs1Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc :content-transfer-encoding; bh=ABHAaOdC0ZGtWKBW0F8L2MVhuSDFYtQmUjNQDZ63w6Y=; b=r366W8occ62dfxNfjgD+c2cGuPUowP5UeL/COigfmQ6O6G+pCqPU7435PJum2WvoQM eJX9hIOUe/2539KUPbGGt0jwfiwEkFXaZkD4pQOlkIPGDCDaj/iqTTxZNR6AxkiZImHo X2BT4jWAtFMtpAmLeNfjaE3NwwmRPx7cLHUaljKmprGt8SRwbI3x/e5fU/u/loGYfUTQ Mp1asFDc9Zqg4q8th9fkdYXBxMIEljGmStOcMCdN4Gzy8BrUZlyURDTwYiOXu0tw69sq WthDCmhWLN0ASNg43Mf7D23llLKpnlhI7PGsA6rkUK3/yTVTaWuOuYZnHGLkn5RRj2BS AKdA== X-Gm-Message-State: APjAAAXNJIaSa8HFwi61VNJgF/lGfJbB4l9jwjC7eACqWGh8RfudLUY7 FG2GVEjacZgu4yxIawTJqi8TatfcHVfMnWu3xBHRjoJm X-Google-Smtp-Source: APXvYqzeBiEO3CvRLg8+qKXHJpkgUZdiix/TyECxE6bjxyooUQ6lflFiaw4q+oWoTuUTedorhbQ48caEGeQkUmJTEdw= X-Received: by 2002:a5d:97cf:: with SMTP id k15mr302746ios.151.1568674946952; Mon, 16 Sep 2019 16:02:26 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a02:9f01:0:0:0:0:0 with HTTP; Mon, 16 Sep 2019 16:02:26 -0700 (PDT) From: grarpamp Message-ID: Subject: Git/Mtn for FreeBSD, PGP WoT Sigs, Merkel Hash Tree Based To: freebsd-security@freebsd.org Cc: freebsd-questions@freebsd.org, freebsd-hackers@freebsd.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 46XMFw1vLlz4GY1 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=YxekkMpk; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of grarpamp@gmail.com designates 2607:f8b0:4864:20::d42 as permitted sender) smtp.mailfrom=grarpamp@gmail.com X-Spamd-Result: default: False [-3.00 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; FREEMAIL_FROM(0.00)[gmail.com]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; IP_SCORE_FREEMAIL(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; IP_SCORE(0.00)[ip: (2.20), ipnet: 2607:f8b0::/32(-2.69), asn: 15169(-2.24), country: US(-0.05)]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; RCVD_IN_DNSWL_NONE(0.00)[2.4.d.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0] X-Mailman-Approved-At: Sat, 12 Oct 2019 23:27:58 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Mon, 16 Sep 2019 23:02:29 -0000 X-Original-Date: Mon, 16 Sep 2019 19:02:26 -0400 X-List-Received-Date: Mon, 16 Sep 2019 23:02:29 -0000 For consideration... SVN really may not offer much in the way of native internal self authenticating repo to cryptographic levels of security against bitrot, transit corruption and repo ops, external physical editing, have much signing options, etc. Similar to blockchain and ZFS hash merkle-ization, signing the repo init and later points tags commits, along with full verification toolset, is useful function. https://www.monotone.ca/ https://en.wikipedia.org/wiki/Monotone_(software) https://git-scm.com/ https://en.wikipedia.org/wiki/Git Maintaining the kernel's web of trust https://lwn.net/Articles/798230/ Distributing kernel developer PGP keys via pgpkeys.git https://lkml.org/lkml/2019/8/30/597 Signing patch flow https://lwn.net/Articles/737093/ Compromised security happens https://lwn.net/Articles/464233/ https://security.stackexchange.com/questions/67920/how-safe-are-signed-git-= tags-only-as-safe-as-sha-1-or-somehow-safer https://stackoverflow.com/questions/28792784/why-does-git-use-a-cryptograph= ic-hash-function http://fossil-scm.org/index.html/doc/trunk/www/hashpolicy.wiki https://ericsink.com/vcbe/html/cryptographic_hashes.html https://svn.haxx.se/dev/archive-2015-06/0052.shtml http://git.661346.n2.nabble.com/Verifying-the-whole-repository-td1368311.ht= ml https://shattered.io/ https://www.youtube.com/watch?v=3DG8wQ88d85s4 https://en.wikipedia.org/wiki/Data_degradation https://git-scm.com/docs/git-fsck https://marc.info/?l=3Dgit&m=3D118143549107708 https://en.wikipedia.org/wiki/Comparison_of_version-control_software https://en.wikipedia.org/wiki/Deterministic_compilation https://www.monotone.ca/monotone.html#Trust-Evaluation-Hooks How does one know their entire copy of repo obtained on DVD, "mirror", or elsewhere cryptographically matches the authoritative repo... that any commits were actually signed off on... or that any reproducible builds are even reproducing the main repo... etc... cannot be done without secure crypto infrastructure at the very core. "User also knows that even if someone should break into the shared hosting server and tamper with the database, they won=E2=80=99t be able to inject malicious code into the project, because all revisions are signed by the team members, and he has set his Trust Evaluation Hooks so he doesn=E2=80=99t trust the server key for signing revisions. In monotone, the important trust consideration is on the signed content, rather than on the replication path by which that content arrived in your database." Note also CVS, which some BSD's still use (ahem: Open, Net), is even worse than SVN with zero protection at all in any component regarding this subject. It really time to migrate repo tech to year 2020. From owner-freebsd-security@freebsd.org Sun Sep 8 22:31:01 2019 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 35C10E57F5 for ; Sun, 8 Sep 2019 22:31:01 +0000 (UTC) (envelope-from lolo@agneau.org) Received: from bergerie.agneau.org (bergerie.agneau.org [78.193.23.109]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 46RQxH3j0cz4CMS for ; Sun, 8 Sep 2019 22:30:59 +0000 (UTC) (envelope-from lolo@agneau.org) Received: from chimere.bergerie.agneau.org (chimere.bergerie.agneau.org [10.0.1.13]) by bergerie.agneau.org (Postfix) with SMTP id 4827C1E9D87; Mon, 9 Sep 2019 00:30:51 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=agneau.org; s=obelix; t=1567981851; bh=Wgj3UF+4TapD16oxZDjDofiQbRUqe62U+O4gJ+DBSys=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=J60xLVp+3prnviV6IRAHOkNGxtedtOLJnprTaCZQLRZ7KE3n/EeJJ2dQoTfwrqV6n /KPuoJFjoukgDy5LmLu+/p5DIQa2XSjNLphncN+L4GNKqsxXWsXVo64Kpxd+Rjbdcv Mfij5qBiTz4Qpull8GDN/tf/LHeki1DVzJPQWHW8= From: Laurent Frigault To: Victor Sudakov Cc: freebsd-security@freebsd.org Subject: Re: Let's Encrypt Message-ID: <20190908223051.GA27412@chimere.bergerie.agneau.org> References: <20190908145835.GA67269@admin.sibptus.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20190908145835.GA67269@admin.sibptus.ru> X-Powered-By: UUCP User-Agent: Mutt/1.10.0 (2018-05-17) X-Rspamd-Queue-Id: 46RQxH3j0cz4CMS X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=agneau.org header.s=obelix header.b=J60xLVp+; dmarc=none; spf=pass (mx1.freebsd.org: domain of lolo@agneau.org designates 78.193.23.109 as permitted sender) smtp.mailfrom=lolo@agneau.org X-Spamd-Result: default: False [-2.59 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.998,0]; R_DKIM_ALLOW(-0.20)[agneau.org:s=obelix]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:78.193.23.109/32]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[agneau.org]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[agneau.org:+]; RCPT_COUNT_TWO(0.00)[2]; IP_SCORE(-0.39)[asn: 12322(-1.97), country: FR(-0.00)]; FORGED_SENDER(0.30)[lfrigault@agneau.org,lolo@agneau.org]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:12322, ipnet:78.192.0.0/11, country:FR]; FROM_NEQ_ENVFROM(0.00)[lfrigault@agneau.org,lolo@agneau.org]; RCVD_COUNT_TWO(0.00)[2] X-Mailman-Approved-At: Sat, 12 Oct 2019 23:27:58 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Sun, 08 Sep 2019 22:31:01 -0000 X-Original-Date: Mon, 9 Sep 2019 00:30:51 +0200 X-List-Received-Date: Sun, 08 Sep 2019 22:31:01 -0000 On Sun, Sep 08, 2019 at 09:58:35PM +0700, Victor Sudakov wrote: > Which client is now recommended to work with Let's Encrypt? > > I see numerous clients in the ports tree, some deleted, some renamed... > Which one is good? I've been using security/dehydrated for years. Never had any problem with it. -- Laurent Frigault |