From owner-freebsd-security Tue Sep 19 19:07:40 1995 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id TAA11705 for security-outgoing; Tue, 19 Sep 1995 19:07:40 -0700 Received: from s4.elec.uq.edu.au (clary@s4.elec.uq.edu.au [130.102.96.4]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id TAA11697 for ; Tue, 19 Sep 1995 19:07:09 -0700 Received: (from clary@localhost) by s4.elec.uq.edu.au (8.6.12/8.6.12) id MAA09083 for freebsd-security@freebsd.org; Wed, 20 Sep 1995 12:04:48 +1000 From: Clary Harridge Message-Id: <199509200204.MAA09083@s4.elec.uq.edu.au> Subject: crack for freebsd To: freebsd-security@freebsd.org Date: Wed, 20 Sep 1995 12:04:47 +1000 (EST) X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 392 Sender: owner-security@freebsd.org Precedence: bulk Hi can someone please tell me -- Is there a version of crack somewhere which knows how to handle the current FreeBSD encryption algorithms. I would like to be able to check for dumb user passwords. -- regards Dept. of Electrical Engineering, Clary Harridge University of Queensland, QLD, Australia, 4072 Phone: +61-7-365-3636 Fax: +61-7-365-4999 INTERNET: clary@elec.uq.edu.au From owner-freebsd-security Tue Sep 19 19:40:09 1995 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id TAA12730 for security-outgoing; Tue, 19 Sep 1995 19:40:09 -0700 Received: from palmer.demon.co.uk (palmer.demon.co.uk [158.152.50.150]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id TAA12707 for ; Tue, 19 Sep 1995 19:39:55 -0700 Received: from localhost (localhost [127.0.0.1]) by palmer.demon.co.uk (8.6.11/8.6.11) with SMTP id DAA01450 ; Wed, 20 Sep 1995 03:38:25 +0100 To: Clary Harridge cc: freebsd-security@freebsd.org Subject: Re: crack for freebsd In-reply-to: Your message of "Wed, 20 Sep 1995 12:04:47 +1000." <199509200204.MAA09083@s4.elec.uq.edu.au> Date: Wed, 20 Sep 1995 03:38:20 +0100 Message-ID: <1448.811564700@palmer.demon.co.uk> From: Gary Palmer Sender: owner-security@freebsd.org Precedence: bulk In message <199509200204.MAA09083@s4.elec.uq.edu.au>, Clary Harridge writes: >Is there a version of crack somewhere which knows how to handle the >current FreeBSD encryption algorithms. You mean the MD5 system that comes in the base installation? Not that I know of. Best way to check for weak user passwords is to use something like `npasswd', which runs the password through a dictionary scan before it allows them to set it... Gary From owner-freebsd-security Tue Sep 19 22:56:25 1995 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id WAA18551 for security-outgoing; Tue, 19 Sep 1995 22:56:25 -0700 Received: from grunt.grondar.za (grunt.grondar.za [196.7.18.129]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id WAA18524 for ; Tue, 19 Sep 1995 22:56:10 -0700 Received: from grumble.grondar.za (grumble.grondar.za [196.7.18.130]) by grunt.grondar.za (8.6.12/8.6.9) with ESMTP id HAA00948; Wed, 20 Sep 1995 07:55:41 +0200 Received: from localhost (localhost [127.0.0.1]) by grumble.grondar.za (8.6.12/8.6.9) with SMTP id HAA03406; Wed, 20 Sep 1995 07:55:38 +0200 Message-Id: <199509200555.HAA03406@grumble.grondar.za> X-Authentication-Warning: grumble.grondar.za: Host localhost didn't use HELO protocol To: Clary Harridge cc: freebsd-security@FreeBSD.org Subject: Re: crack for freebsd Date: Wed, 20 Sep 1995 07:55:38 +0200 From: Mark Murray Sender: owner-security@FreeBSD.org Precedence: bulk > Hi > can someone please tell me -- > > Is there a version of crack somewhere which knows how to handle the > current FreeBSD encryption algorithms. > > I would like to be able to check for dumb user passwords. Any version of crack will work, as long as you link against FreeBSD's -lcrypt. This libriary is a link to the current encryption scheme, so upgrading libcrypt MD5 -> DES will be transparent to all apps (including crack). M -- Mark Murray 46 Harvey Rd, Claremont, Cape Town 7700, South Africa +27 21 61-3768 GMT+0200 Finger mark@grumble.grondar.za for PGP key From owner-freebsd-security Wed Sep 20 06:28:47 1995 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id GAA02528 for security-outgoing; Wed, 20 Sep 1995 06:28:47 -0700 Received: from irbs.irbs.com (irbs.com [199.182.75.129]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id GAA02523 for ; Wed, 20 Sep 1995 06:28:40 -0700 Received: (from jc@localhost) by irbs.irbs.com (8.6.12/8.6.6) id JAA28080; Wed, 20 Sep 1995 09:21:32 -0400 From: John Capo Message-Id: <199509201321.JAA28080@irbs.irbs.com> Subject: Re: crack for freebsd To: mark@grondar.za (Mark Murray) Date: Wed, 20 Sep 1995 09:21:32 -0400 (EDT) Cc: clary@s4.elec.uq.edu.au, freebsd-security@FreeBSD.org In-Reply-To: <199509200555.HAA03406@grumble.grondar.za> from "Mark Murray" at Sep 20, 95 07:55:38 am X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 639 Sender: owner-security@FreeBSD.org Precedence: bulk Mark Murray writes: > > > Hi > > can someone please tell me -- > > > > Is there a version of crack somewhere which knows how to handle the > > current FreeBSD encryption algorithms. > > > > I would like to be able to check for dumb user passwords. > > Any version of crack will work, as long as you link against FreeBSD's > -lcrypt. This libriary is a link to the current encryption scheme, so > upgrading libcrypt MD5 -> DES will be transparent to all apps (including > crack). > Crack does not parse master.passwd correctly either. Mail me if you would like the modified parser. I don't have diffs. John Capo IRBS Engineering From owner-freebsd-security Wed Sep 20 09:42:58 1995 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id JAA19727 for security-outgoing; Wed, 20 Sep 1995 09:42:58 -0700 Received: from ibp.ibp.fr (ibp.ibp.fr [132.227.60.30]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id JAA19722 for ; Wed, 20 Sep 1995 09:42:43 -0700 Received: from blaise.ibp.fr (blaise.ibp.fr [132.227.60.1]) by ibp.ibp.fr (8.6.12/jtpda-5.0) with ESMTP id SAA04473 ; Wed, 20 Sep 1995 18:41:30 +0200 Received: from (uucp@localhost) by blaise.ibp.fr (8.6.12/jtpda-5.0) with UUCP id SAA09870 ; Wed, 20 Sep 1995 18:41:30 +0200 Received: (from roberto@localhost) by keltia.Freenix.FR (8.7/keltia-uucp-2.5) id JAA18979; Wed, 20 Sep 1995 09:20:51 +0200 (MET DST) From: Ollivier Robert Message-Id: <199509200720.JAA18979@keltia.Freenix.FR> Subject: Re: crack for freebsd To: mark@grondar.za (Mark Murray) Date: Wed, 20 Sep 1995 09:20:51 +0200 (MET DST) Cc: clary@s4.elec.uq.edu.au, freebsd-security@FreeBSD.org In-Reply-To: <199509200555.HAA03406@grumble.grondar.za> from "Mark Murray" at Sep 20, 95 07:55:38 am X-Operating-System: FreeBSD 2.2-CURRENT ctm#1085 X-Mailer: ELM [version 2.4 PL24 ME7a+] MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-security@FreeBSD.org Precedence: bulk It seems that Mark Murray said: > Any version of crack will work, as long as you link against FreeBSD's > -lcrypt. This libriary is a link to the current encryption scheme, so > upgrading libcrypt MD5 -> DES will be transparent to all apps (including > crack). Hmm, you'll have to deal with longer-than-2-characters salt and a much longer password. And the structure of the encrypted password is different (magic # and separators). Here is the code I used for my su-like tool (gives root priv. to some persons -- written in a list -- with the guy own password). #ifdef __FreeBSD__ /* cope with MD5 based crypt(3) */ if (!strncmp (calife->pw_passwd, "$1$", 3)) /* MD5 */ { char * pp = (char *) xalloc (1, strlen (calife->pw_passwd) + 1); char * md5_salt; char * md5_pass; strcpy (pp, calife->pw_passwd + 3); md5_salt = strtok (pp, "$"); md5_pass = strtok (NULL, "$"); if (md5_pass == NULL || md5_salt == NULL || (strlen (md5_salt) > 8)) /* garbled password */ { syslog (LOG_AUTH | LOG_ERR, "GARBLED PASSWORD %s to unknown %s on %s", name, user_to_be, tty); fprintf (stderr, "Bad password string.\n"); fflush (stderr); exit (8); } MESSAGE_1 ("MD5 password found, salt=%s\n", md5_salt); strcpy (salt, md5_salt); free (pp); } else { #endif /* !__FreeBSD__ */ strncpy (salt, calife->pw_passwd, 2); salt [2] = '\0'; #ifdef __FreeBSD__ } #endif /* __FreeBSD__ */ -- Ollivier ROBERT -=- The daemon is FREE! -=- roberto@keltia.frmug.fr.net FreeBSD keltia.Freenix.FR 2.2-CURRENT #1: Sun Sep 10 18:50:19 MET DST 1995 From owner-freebsd-security Thu Sep 21 11:13:34 1995 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id LAA23512 for security-outgoing; Thu, 21 Sep 1995 11:13:34 -0700 Received: from puli.cisco.com (puli.cisco.com [171.69.1.174]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id LAA23506 for ; Thu, 21 Sep 1995 11:13:32 -0700 Received: (pst@localhost) by puli.cisco.com (8.6.8+c/8.6.5) id LAA12006; Thu, 21 Sep 1995 11:13:01 -0700 Date: Thu, 21 Sep 1995 11:13:01 -0700 From: Paul Traina Message-Id: <199509211813.LAA12006@puli.cisco.com> To: avalon@cheops.anu.edu.au, security@freebsd.org In-Reply-To: roberto@keltia.freenix.fr's message of 19 Sep 1995 15:55:07 PST Subject: IP Filter version 2.8 Sender: owner-security@freebsd.org Precedence: bulk Should we be incorporating Darren's new code into FreeBSD? It makes more sense to do that than to continue with Ugen's work on top of the old code. However, I know that Darren has license issues that need to be resolved. Is there some way we can get this good code into the base distribution of FreeBSD in a fashion that will be acceptable to both him and us? Paul Path: cronkite.cisco.com!newsgate.cisco.com From: roberto@keltia.freenix.fr (Ollivier Robert) Newsgroups: cisco.external.bsd.free.hackers Date: 19 Sep 1995 15:55:07 PST Sender: owner-hackers@FreeBSD.ORG Organization: Internet-USENET Gateway at cisco Systems MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Lines: 70 ------- start of forwarded message ------- From: avalon@cheops.anu.edu.au (Darren Reed) Newsgroups: comp.sys.sun.admin,comp.security.unix,alt.security Subject: IP Filter version 2.8 Date: 16 Sep 1995 02:05:02 +1000 Organization: Coombs Computing Unit, ANU Announcing IP Filter version 2.8 What is IP Filter ? Quick answer: a free packet filter which can be incorporated into any of the supported operating systems, providing IP packet level filtering per interface. What's that mean to me ? It means you can build it into your network servers which have more than a single ethernet interface to protect your servers and internal networks from IP spoofing and other attacks which defeat service level access control methods. Also, if you're confident enough, you can use this package to help build your own firewall. I'd recommend using the TIS Firewall Toolkit in conjunction with this package if you think you're capable of this. For more information, details and examples of filter rules, see: http://coombs.anu.edu.au/~avalon/ip-filter.html New to this release: * Solaris 2.4 (on ethernet interfaces ONLY) is now supported except for the return-rst and return-icmp options; * Can now (optionally) log the first 128 bytes of a packet (if present), including the packet header; * ipmon can now generate log entries with names in place of numerical hostname and port data by using the -N command line option; * ipmon can now optionally log output through syslog using the new -s command line option; * IPSO Basic Security Options filtering; * In-kernel filtering can be turned on/off; * Regression testing to check the correctness of the filter; * IP test program (ipsend) is now included with the package to allow the administrator to send arbitary IP packets, or replay packet sequences at the filter - runs on Linux, *BSD, Solaris2 and SunOS 4.1.x; * Compacts IP header into a directly filterable form; * Three-way filtering results, allowing packets which don't match any rule to be counted and subjected to a general policy of denial or permission; * Perl script suggesting rules (and other changes needed) that you'll need to protect yourself from IP spoofing. darren ------- end of forwarded message ------- -- Ollivier ROBERT -=- The daemon is FREE! -=- roberto@keltia.frmug.fr.net FreeBSD keltia.Freenix.FR 2.2-CURRENT #1: Sun Sep 10 18:50:19 MET DST 1995 From owner-freebsd-security Thu Sep 21 12:52:31 1995 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id MAA25941 for security-outgoing; Thu, 21 Sep 1995 12:52:31 -0700 Received: from irbs.irbs.com (irbs.com [199.182.75.129]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id MAA25936 for ; Thu, 21 Sep 1995 12:52:28 -0700 Received: (from jc@localhost) by irbs.irbs.com (8.6.12/8.6.6) id PAA10417; Thu, 21 Sep 1995 15:52:00 -0400 From: John Capo Message-Id: <199509211952.PAA10417@irbs.irbs.com> Subject: Re: IP Filter version 2.8 To: pst@cisco.com (Paul Traina) Date: Thu, 21 Sep 1995 15:52:00 -0400 (EDT) Cc: avalon@cheops.anu.edu.au, security@freebsd.org In-Reply-To: <199509211813.LAA12006@puli.cisco.com> from "Paul Traina" at Sep 21, 95 11:13:01 am X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 1188 Sender: owner-security@freebsd.org Precedence: bulk Paul Traina writes: > > Should we be incorporating Darren's new code into FreeBSD? It makes > more sense to do that than to continue with Ugen's work on top of > the old code. I hacked it into the kernel last night. Its pretty nice. Good logging, test suite, no console printf's. I vote yes. > > However, I know that Darren has license issues that need to be resolved. > Is there some way we can get this good code into the base distribution of > FreeBSD in a fashion that will be acceptable to both him and us? > I don't see that in his license. /* * (C)opyright 1993, 1994, 1995 by Darren Reed. * * The author accepts no responsibility for the use of this software and * provides it on an ``as is'' basis without express or implied warranty. * * Redistribution and use in source and binary forms are permitted * provided that this notice is preserved and due credit is given * to the original author and the contributors. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * * I hate legaleese, don't you ? */ John Capo From owner-freebsd-security Thu Sep 21 12:53:39 1995 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id MAA25989 for security-outgoing; Thu, 21 Sep 1995 12:53:39 -0700 Received: from rocky.sri.MT.net (sri.MT.net [204.94.231.129]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id MAA25983 for ; Thu, 21 Sep 1995 12:53:36 -0700 Received: (from nate@localhost) by rocky.sri.MT.net (8.6.12/8.6.12) id NAA02796; Thu, 21 Sep 1995 13:55:21 -0600 Date: Thu, 21 Sep 1995 13:55:21 -0600 From: Nate Williams Message-Id: <199509211955.NAA02796@rocky.sri.MT.net> To: Paul Traina Cc: avalon@cheops.anu.edu.au, security@freebsd.org Subject: Re: IP Filter version 2.8 In-Reply-To: <199509211813.LAA12006@puli.cisco.com> References: <199509211813.LAA12006@puli.cisco.com> Sender: owner-security@freebsd.org Precedence: bulk Paul Traina writes: > Should we be incorporating Darren's new code into FreeBSD? Hmm, I'm looking at it now since I'm in the process of setting up a FreeBSD fire-wall at work. > However, I know that Darren has license issues that need to be resolved. > Is there some way we can get this good code into the base distribution of > FreeBSD in a fashion that will be acceptable to both him and us? Remind me again what the licensing problems are. Here is the license in the new code. /* * (C)opyright 1993, 1994, 1995 by Darren Reed. * * The author accepts no responsibility for the use of this software and * provides it on an ``as is'' basis without express or implied warranty. * * Redistribution and use in source and binary forms are permitted * provided that this notice is preserved and due credit is given * to the original author and the contributors. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * * I hate legaleese, don't you ? */ Nate From owner-freebsd-security Thu Sep 21 12:54:16 1995 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id MAA26032 for security-outgoing; Thu, 21 Sep 1995 12:54:16 -0700 Received: from puli.cisco.com (puli.cisco.com [171.69.1.174]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id MAA26027 for ; Thu, 21 Sep 1995 12:54:15 -0700 Received: from localhost.cisco.com (localhost.cisco.com [127.0.0.1]) by puli.cisco.com (8.6.8+c/8.6.5) with SMTP id MAA16651; Thu, 21 Sep 1995 12:53:06 -0700 Message-Id: <199509211953.MAA16651@puli.cisco.com> To: John Capo Cc: avalon@cheops.anu.edu.au, security@freebsd.org Subject: Re: IP Filter version 2.8 In-Reply-To: Your message of "Thu, 21 Sep 1995 15:52:00 EDT." <199509211952.PAA10417@irbs.irbs.com> Date: Thu, 21 Sep 1995 12:53:06 -0700 From: Paul Traina Sender: owner-security@freebsd.org Precedence: bulk Ah, it seems that the world may have changed again. I thought Darren had made it shareware. Paul From: John Capo Subject: Re: IP Filter version 2.8 Paul Traina writes: > > Should we be incorporating Darren's new code into FreeBSD? It makes > more sense to do that than to continue with Ugen's work on top of > the old code. I hacked it into the kernel last night. Its pretty nice. Good logging, test suite, no console printf's. I vote yes. > > However, I know that Darren has license issues that need to be resolved. > Is there some way we can get this good code into the base distribution of > FreeBSD in a fashion that will be acceptable to both him and us? > I don't see that in his license. /* * (C)opyright 1993, 1994, 1995 by Darren Reed. * * The author accepts no responsibility for the use of this software and * provides it on an ``as is'' basis without express or implied warranty. * * Redistribution and use in source and binary forms are permitted * provided that this notice is preserved and due credit is given * to the original author and the contributors. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * * I hate legaleese, don't you ? */ John Capo From owner-freebsd-security Thu Sep 21 17:11:28 1995 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id RAA06153 for security-outgoing; Thu, 21 Sep 1995 17:11:28 -0700 Received: from Root.COM (implode.Root.COM [198.145.90.17]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id RAA06140 for ; Thu, 21 Sep 1995 17:11:23 -0700 Received: from corbin.Root.COM (corbin [198.145.90.34]) by Root.COM (8.6.12/8.6.5) with ESMTP id RAA00804; Thu, 21 Sep 1995 17:09:59 -0700 Received: from localhost (localhost [127.0.0.1]) by corbin.Root.COM (8.6.12/8.6.5) with SMTP id RAA00191; Thu, 21 Sep 1995 17:12:25 -0700 Message-Id: <199509220012.RAA00191@corbin.Root.COM> To: John Capo cc: pst@cisco.com (Paul Traina), avalon@cheops.anu.edu.au, security@freebsd.org Subject: Re: IP Filter version 2.8 In-reply-to: Your message of "Thu, 21 Sep 95 15:52:00 EDT." <199509211952.PAA10417@irbs.irbs.com> From: David Greenman Reply-To: davidg@Root.COM Date: Thu, 21 Sep 1995 17:12:11 -0700 Sender: owner-security@freebsd.org Precedence: bulk >Paul Traina writes: >> >> Should we be incorporating Darren's new code into FreeBSD? It makes >> more sense to do that than to continue with Ugen's work on top of >> the old code. > >I hacked it into the kernel last night. Its pretty nice. Good >logging, test suite, no console printf's. I vote yes. > >> >> However, I know that Darren has license issues that need to be resolved. >> Is there some way we can get this good code into the base distribution of >> FreeBSD in a fashion that will be acceptable to both him and us? >> > >I don't see that in his license. It used to be restricted so that people couldn't use it commercially. I spent several rounds of email with him trying to convince him to change it. It looks as though I was successful (although I didn't know it until now). Cool! :-) -DG From owner-freebsd-security Thu Sep 21 17:33:49 1995 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id RAA06541 for security-outgoing; Thu, 21 Sep 1995 17:33:49 -0700 Received: from irbs.irbs.com (irbs.com [199.182.75.129]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id RAA06536 for ; Thu, 21 Sep 1995 17:33:45 -0700 Received: (from jc@localhost) by irbs.irbs.com (8.6.12/8.6.6) id UAA16442 for freebsd-security@freebsd.org; Thu, 21 Sep 1995 20:33:43 -0400 From: John Capo Message-Id: <199509220033.UAA16442@irbs.irbs.com> Subject: IP Filter version 2.8 kernel patches To: freebsd-security@freebsd.org Date: Thu, 21 Sep 1995 20:33:42 -0400 (EDT) X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 773 Sender: owner-security@freebsd.org Precedence: bulk I have put the patches needed to compile this package into a -current kernel in freefall.cdrom.com/incoming/ip_fil2.8a-patches. My mods do affect the lkm interface a bit and are untested. The unpatched version is advertised to work as an lkm. I have not tested that either. Unfortunately I have lost the repository address so I put a virgin copy in freefall.cdrom.com/incoming/ip-fil2.8a.tar.gz. This is a nice package. Paul Traina has asked if this should replace the Danny/Ugen ip_fw package. I think it should. If the decision is made to not replace ip_fw, I think this package should be a config option and be in the tree. Either way, I volunteer to `own' this one. These patches applied cleanly against a sup at 0000 GMT, 9/22. John Capo IRBS Engineering From owner-freebsd-security Thu Sep 21 20:24:20 1995 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id UAA12724 for security-outgoing; Thu, 21 Sep 1995 20:24:20 -0700 Received: from cheops.anu.edu.au (avalon@cheops.anu.edu.au [150.203.76.24]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id UAA12715 for ; Thu, 21 Sep 1995 20:24:12 -0700 Message-Id: <199509220324.UAA12715@freefall.freebsd.org> Received: by cheops.anu.edu.au (1.37.109.16/16.2) id AA171830073; Fri, 22 Sep 1995 13:21:13 +1000 From: Darren Reed Subject: Re: IP Filter version 2.8 To: davidg@Root.COM Date: Fri, 22 Sep 1995 13:21:12 +1000 (EST) Cc: jc@irbs.com, pst@cisco.com, security@freebsd.org In-Reply-To: <199509220012.RAA00191@corbin.Root.COM> from "David Greenman" at Sep 21, 95 05:12:11 pm X-Mailer: ELM [version 2.4 PL23] Content-Type: text Content-Length: 1627 Sender: owner-security@freebsd.org Precedence: bulk In some mail from David Greenman, sie said: > > >Paul Traina writes: > >> > >> Should we be incorporating Darren's new code into FreeBSD? It makes > >> more sense to do that than to continue with Ugen's work on top of > >> the old code. > > > >I hacked it into the kernel last night. Its pretty nice. Good > >logging, test suite, no console printf's. I vote yes. > > > >> > >> However, I know that Darren has license issues that need to be resolved. > >> Is there some way we can get this good code into the base distribution of > >> FreeBSD in a fashion that will be acceptable to both him and us? > >> > > > >I don't see that in his license. > > It used to be restricted so that people couldn't use it commercially. I > spent several rounds of email with him trying to convince him to change it. > It looks as though I was successful (although I didn't know it until now). > Cool! :-) Just looking at the top of .c and .h files, it should read: * Redistribution and use in source and binary forms are permitted * provided that this notice is preserved and due credit is given * to the original author and the contributors. and not * Redistribution and use in source and binary forms are permitted * provided that this notice is preserved and due credit is given * to the original author and the contributors. The author accepts no * responsibility and is not changed in any way. (the later makes no sense). Anyway, I'd appreciate any bug fixes or patches that you can feed back to me so that it can be fitted to FreeBSD systems which don't include it as part of the distribution. cheers, darren From owner-freebsd-security Thu Sep 21 23:44:10 1995 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id XAA17167 for security-outgoing; Thu, 21 Sep 1995 23:44:10 -0700 Received: from relay.philips.nl (ns.philips.nl [130.144.65.1]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id XAA17161 for ; Thu, 21 Sep 1995 23:44:07 -0700 Received: (from smap@localhost) by relay.philips.nl (8.6.9/8.6.9-950414) id IAA14790; Fri, 22 Sep 1995 08:43:22 +0200 Received: from unknown(130.144.198.1) by relay.philips.nl via smap (V1.3+ESMTP) with SMTP id sma014773; Fri Sep 22 08:42:56 1995 Received: from spooky.lss.cp.philips.com by cnps.lss.cp.philips.com with smtp (Smail3.1.28.1 #1) id m0sw2ie-0001CjC; Fri, 22 Sep 95 08:40 MET Received: by spooky.lss.cp.philips.com (Smail3.1.29.1 #1) id m0sw1oz-000HnfC; Fri, 22 Sep 95 08:42 MET DST Message-Id: From: guido@spooky.lss.cp.philips.com (Guido van Rooij) Subject: Re: IP Filter version 2.8 To: pst@cisco.com (Paul Traina) Date: Fri, 22 Sep 1995 08:42:52 +0200 (MET DST) Cc: avalon@cheops.anu.edu.au, security@freebsd.org In-Reply-To: <199509211813.LAA12006@puli.cisco.com> from "Paul Traina" at Sep 21, 95 11:13:01 am Reply-To: Guido.vanRooij@nl.cis.philips.com (Guido van Rooij) X-Mailer: ELM [version 2.4 PL21] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 303 Sender: owner-security@freebsd.org Precedence: bulk Paul Traina wrote: > > Should we be incorporating Darren's new code into FreeBSD? It makes > more sense to do that than to continue with Ugen's work on top of > the old code. > I agree. Darren's code is more used and thus it'll get more bugfixes and updates. I don't know about licenses. -Guido From owner-freebsd-security Thu Sep 21 23:55:23 1995 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id XAA17543 for security-outgoing; Thu, 21 Sep 1995 23:55:23 -0700 Received: from relay.philips.nl (ns.philips.nl [130.144.65.1]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id XAA17538 for ; Thu, 21 Sep 1995 23:55:19 -0700 Received: (from smap@localhost) by relay.philips.nl (8.6.9/8.6.9-950414) id IAA15670; Fri, 22 Sep 1995 08:54:45 +0200 Received: from unknown(130.144.198.1) by relay.philips.nl via smap (V1.3+ESMTP) with SMTP id sma015628; Fri Sep 22 08:53:39 1995 Received: from spooky.lss.cp.philips.com by cnps.lss.cp.philips.com with smtp (Smail3.1.28.1 #1) id m0sw2t0-000164C; Fri, 22 Sep 95 08:51 MET Received: by spooky.lss.cp.philips.com (Smail3.1.29.1 #1) id m0sw1zJ-000HnfC; Fri, 22 Sep 95 08:53 MET DST Message-Id: From: guido@spooky.lss.cp.philips.com (Guido van Rooij) Subject: Re: IP Filter version 2.8 To: Guido.vanRooij@nl.cis.philips.com Date: Fri, 22 Sep 1995 08:53:33 +0200 (MET DST) Cc: pst@cisco.com, avalon@cheops.anu.edu.au, security@freebsd.org In-Reply-To: from "Guido van Rooij" at Sep 22, 95 08:42:52 am Reply-To: Guido.vanRooij@nl.cis.philips.com (Guido van Rooij) X-Mailer: ELM [version 2.4 PL21] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 438 Sender: owner-security@freebsd.org Precedence: bulk Guido van Rooij wrote: > > Paul Traina wrote: > > > > Should we be incorporating Darren's new code into FreeBSD? It makes > > more sense to do that than to continue with Ugen's work on top of > > the old code. > > > > I agree. Darren's code is more used and thus it'll get more bugfixes > and updates. > > I don't know about licenses. > Btw: do not forget that Darren's code has no accounting possibilities. Ugen's has. -Guido From owner-freebsd-security Fri Sep 22 00:25:41 1995 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id AAA18333 for security-outgoing; Fri, 22 Sep 1995 00:25:41 -0700 Received: from cheops.anu.edu.au (avalon@cheops.anu.edu.au [150.203.76.24]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id AAA18322 for ; Fri, 22 Sep 1995 00:25:35 -0700 Message-Id: <199509220725.AAA18322@freefall.freebsd.org> Received: by cheops.anu.edu.au (1.37.109.16/16.2) id AA269294535; Fri, 22 Sep 1995 17:22:15 +1000 From: Darren Reed Subject: Re: IP Filter version 2.8 To: Guido.vanRooij@nl.cis.philips.com Date: Fri, 22 Sep 1995 17:22:15 +1000 (EST) Cc: pst@cisco.com, security@freebsd.org In-Reply-To: from "Guido van Rooij" at Sep 22, 95 08:53:33 am X-Mailer: ELM [version 2.4 PL23] Content-Type: text Content-Length: 689 Sender: owner-security@freebsd.org Precedence: bulk In some mail from Guido van Rooij, sie said: > > Guido van Rooij wrote: > > > > Paul Traina wrote: > > > > > > Should we be incorporating Darren's new code into FreeBSD? It makes > > > more sense to do that than to continue with Ugen's work on top of > > > the old code. > > > > > > > I agree. Darren's code is more used and thus it'll get more bugfixes > > and updates. > > > > I don't know about licenses. > > > > Btw: do not forget that Darren's code has no accounting possibilities. > Ugen's has. What are the requirements for accounting ? And why is an in-kernel mod. used for this rather than something like NNstat ? NNstat is much more powerful for this role. darren From owner-freebsd-security Fri Sep 22 03:15:58 1995 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id DAA23921 for security-outgoing; Fri, 22 Sep 1995 03:15:58 -0700 Received: from relay.philips.nl (ns.philips.nl [130.144.65.1]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id DAA23911 for ; Fri, 22 Sep 1995 03:15:40 -0700 Received: (from smap@localhost) by relay.philips.nl (8.6.9/8.6.9-950414) id MAA01191; Fri, 22 Sep 1995 12:15:04 +0200 Received: from unknown(130.144.198.1) by relay.philips.nl via smap (V1.3+ESMTP) with SMTP id sma001131; Fri Sep 22 12:13:49 1995 Received: from spooky.lss.cp.philips.com by cnps.lss.cp.philips.com with smtp (Smail3.1.28.1 #1) id m0sw60k-0001p8C; Fri, 22 Sep 95 12:11 MET Received: by spooky.lss.cp.philips.com (Smail3.1.29.1 #1) id m0sw572-000HneC; Fri, 22 Sep 95 12:13 MET DST Message-Id: From: guido@spooky.lss.cp.philips.com (Guido van Rooij) Subject: Re: IP Filter version 2.8 To: avalon@coombs.anu.edu.au (Darren Reed) Date: Fri, 22 Sep 1995 12:13:44 +0200 (MET DST) Cc: Guido.vanRooij@nl.cis.philips.com, pst@cisco.com, security@freebsd.org In-Reply-To: <199509220725.AAA18322@freefall.freebsd.org> from "Darren Reed" at Sep 22, 95 05:22:15 pm Reply-To: Guido.vanRooij@nl.cis.philips.com (Guido van Rooij) X-Mailer: ELM [version 2.4 PL21] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 322 Sender: owner-security@freebsd.org Precedence: bulk > What are the requirements for accounting ? > > And why is an in-kernel mod. used for this rather than something like > NNstat ? NNstat is much more powerful for this role. > Ugens code gives the possiblility to do acounting based on specific ip ranges and interfaces. If you want the manpage, give a yell. -Guido From owner-freebsd-security Fri Sep 22 18:54:03 1995 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id SAA24878 for security-outgoing; Fri, 22 Sep 1995 18:54:03 -0700 Received: from psi.wsl.sinica.edu.tw (psi.wsl.sinica.edu.tw [140.109.7.34]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id SAA24855 for ; Fri, 22 Sep 1995 18:53:56 -0700 Received: (from ywliu@localhost) by psi.wsl.sinica.edu.tw (8.6.11/8.6.9) id KAA19544 for security@freebsd.org; Sat, 23 Sep 1995 10:08:06 GMT From: Yen-Wei Liu Message-Id: <199509231008.KAA19544@psi.wsl.sinica.edu.tw> Subject: cron 3.0pl1-20: URGENT SECURITY FIX (fwd) from Linux-security To: security@freebsd.org Date: Sat, 23 Sep 1995 10:08:04 +0000 () X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 2689 Sender: owner-security@freebsd.org Precedence: bulk Hi, The following message comes from linux-security mailing list. Actually this message just reminds me of two issues : 1) That mailing list has a fairly high traffic. Compared with it, FreeBSD security is much more silent. Does this mean FreeBSD is more secure, or Linux is more vulnerable ? (Didn't mean to offend any OS.) 2) Is there anybody subscribing to the mailing list too ? They have discussed several security issues, such as this cron vulnerability. Does FreeBSD suffer the same vulnerabilities as Linux does? Yen-Wei Liu Forwarded message: > From owner-linux-security@tarsier.cv.nrao.edu Fri Sep 22 07:49:39 1995 > Date: Wed, 20 Sep 1995 20:43:25 -0500 (CDT) > From: Aleph One > To: linux-security@tarsier.cv.nrao.edu > Subject: cron 3.0pl1-20: URGENT SECURITY FIX (fwd) > Message-Id: > Mime-Version: 1.0 > Content-Type: TEXT/PLAIN; charset=US-ASCII > Sender: owner-linux-security@tarsier.cv.nrao.edu > Precedence: list > > Anyone know anything more? > > Aleph One / aleph1@dfw.net > http://underground.org/ > KeyID 1024/948FD6B5 > Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01 > > ---------- Forwarded message ---------- > Date: Thu, 21 Sep 95 01:58 BST > From: Ian Jackson > To: Debian package announcements > Subject: cron 3.0pl1-20: URGENT SECURITY FIX > > There is a major security hole in cron 3.0pl1-19 and earlier, allowing > any user to gain access to the `root' group. On many (most?) systems > this will quickly allow them to gain superuser access. > > I am currently uploading cron-3.0pl1-20.deb using my 2400-baud modem. > In the meantime, please disable your cron daemon: > > # killall cron > # chmod 400 /usr/sbin/cron > > Ian M.: please replace the cron in the binary directory with this one > immediately. The source will arrive tomorrow - my modem is too slow > to get it uploaded today. > > If you download from Incoming, please check the file size - the binary > package file is 27737 bytes. > > cron (3.0pl1-20); priority=URGENT > > * cron now uses initgroups when running jobs. Bug#1400. AARGH! > > -- Ian Jackson Thu, 21 Sep 1995 01:44:11 +0100 > > 169cec1ee4387c994798608385826363 cron-3.0pl1-20.deb > e9b26cb21aac62dcee5d443ce6dd7ab4 cron-3.0pl1-20.diff.gz > 29655e14fff95cd477f1b3775d85d8d2 cron-3.0pl1-20.tar.gz > -rw-r--r-- 1 root root 27737 Sep 21 01:52 cron-3.0pl1-20.deb > -rw-rw-r-- 1 ian ian 10093 Sep 21 01:50 cron-3.0pl1-20.diff.gz > -rw-rw-r-- 1 ian ian 66738 Sep 21 01:50 cron-3.0pl1-20.tar.gz > From owner-freebsd-security Fri Sep 22 20:33:16 1995 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id UAA18256 for security-outgoing; Fri, 22 Sep 1995 20:33:16 -0700 Received: from haven.uniserve.com (haven.uniserve.com [198.53.215.121]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id UAA18226 for ; Fri, 22 Sep 1995 20:33:10 -0700 Received: by haven.uniserve.com id <30867>; Fri, 22 Sep 1995 20:34:36 +0100 Date: Fri, 22 Sep 1995 20:34:33 -0700 (PDT) From: Tom Samplonius To: Yen-Wei Liu cc: security@freebsd.org Subject: Re: cron 3.0pl1-20: URGENT SECURITY FIX (fwd) from Linux-security In-Reply-To: <199509231008.KAA19544@psi.wsl.sinica.edu.tw> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org Precedence: bulk On Sat, 23 Sep 1995, Yen-Wei Liu wrote: > Hi, > > The following message comes from linux-security mailing list. Actually > this message just reminds me of two issues : > > 1) That mailing list has a fairly high traffic. Compared with it, FreeBSD > security is much more silent. Does this mean FreeBSD is more secure, > or Linux is more vulnerable ? (Didn't mean to offend any OS.) Who's to say? If there are holes, no ones found them, or they aren't there. > 2) Is there anybody subscribing to the mailing list too ? They have > discussed several security issues, such as this cron vulnerability. > Does FreeBSD suffer the same vulnerabilities as Linux does? Often not. FreeBSD comes out of the BSD4.4 lite code release which has been beaten on for years. FreeBSD does not appear to affected by this bug. I just had cron, run "groups" and I received an e-mail message showing my groups, rather than root's groups. Tom From owner-freebsd-security Sat Sep 23 02:17:23 1995 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id CAA19819 for security-outgoing; Sat, 23 Sep 1995 02:17:23 -0700 Received: from mpp.minn.net (mpp.Minn.Net [204.157.201.242]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id CAA19811 for ; Sat, 23 Sep 1995 02:17:16 -0700 Received: (from mpp@localhost) by mpp.minn.net (8.6.11/8.6.9) id EAA26891; Sat, 23 Sep 1995 04:16:04 -0500 From: Mike Pritchard Message-Id: <199509230916.EAA26891@mpp.minn.net> Subject: Re: cron 3.0pl1-20: URGENT SECURITY FIX (fwd) from Linux-security To: mighty.hoffmann@psi.wsl.sinica.edu.tw (Yen-Wei Liu) Date: Sat, 23 Sep 1995 04:16:04 -0500 (CDT) Cc: security@freebsd.org In-Reply-To: <199509231008.KAA19544@psi.wsl.sinica.edu.tw> from "Yen-Wei Liu" at Sep 23, 95 10:08:04 am X-Mailer: ELM [version 2.4 PL24 ME7a] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 1380 Sender: owner-security@freebsd.org Precedence: bulk Yen-Wei Liu wrote: > > Hi, > > The following message comes from linux-security mailing list. > ... > > > There is a major security hole in cron 3.0pl1-19 and earlier, allowing > > any user to gain access to the `root' group. On many (most?) systems > > this will quickly allow them to gain superuser access. > > > > ... > > cron (3.0pl1-20); priority=URGENT > > > > * cron now uses initgroups when running jobs. Bug#1400. AARGH! > > > > -- Ian Jackson Thu, 21 Sep 1995 01:44:11 +0100 I've attached the the relevant code segment from .../cron/do_command.c below. FreeBSD doesn't suffer from the problem because "BSD" is defined at this point via a #include of sys/param.h, and initgroups does get called. Just in case anyone is wondering, LOGNAME is not settable by the user, so there isn't a way to fake initgroups into giving the user the wrong group list by setting LOGNAME to some other user. ... /* set our directory, uid and gid. Set gid first, since once * we set uid, we've lost root privledges. */ chdir(env_get("HOME", e->envp)); # if defined(BSD) initgroups(env_get("LOGNAME", e->envp), e->gid); # endif setgid(e->gid); setuid(e->uid); /* we aren't root after this... */ /* exec the command. */ ... -- Mike Pritchard mpp@mpp.minn.net "Go that way. Really fast. If something gets in your way, turn"