From owner-freebsd-security Sun Feb 9 08:12:08 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id IAA22287 for security-outgoing; Sun, 9 Feb 1997 08:12:08 -0800 (PST) Received: from www.trifecta.com (www.trifecta.com [206.245.150.3]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id IAA22278 for ; Sun, 9 Feb 1997 08:12:03 -0800 (PST) Received: (from dev@localhost) by www.trifecta.com (8.7.5/8.6.12) id LAA02531; Sun, 9 Feb 1997 11:13:03 -0500 (EST) Date: Sun, 9 Feb 1997 11:13:03 -0500 (EST) From: Dev Chanchani To: David Greenman cc: tqbf@enteract.com, sadmin@roundtable.cif.rochester.edu, freebsd-security@FreeBSD.ORG Subject: Re: 2.1.7 In-Reply-To: <199702090655.WAA07032@root.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Sat, 8 Feb 1997, David Greenman wrote: > crt0 is static and part of every binary. > > The real problem is with what crt0 calls - _startup_setlocale() in libc, > which does a getenv of PATH_LOCALE and copies it to a stack buffer without > bounds checking. I removed the getenv call from the libc code, so this attack > simply doesn't exist anymore. Anything that is built shared/dynamic will > get the new libc and thus will no longer be vulnerable. _startup_setlocale() actually does the getenv from PATH_LOCALE, however, _startup_setrunlocale() actually copies PATH_LOCALE over name[1024]. I was under the impression that re-building libc would not work because such utilities as ping, at, etc are built statically, thus having the buggy code in the utilities. From owner-freebsd-security Sun Feb 9 09:36:05 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id JAA25340 for security-outgoing; Sun, 9 Feb 1997 09:36:05 -0800 (PST) Received: from phobos.frii.com (phobos.frii.com [204.144.241.1]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id JAA25335 for ; Sun, 9 Feb 1997 09:36:02 -0800 (PST) From: gnat@frii.com Received: from elara.frii.com (elara.frii.com [204.144.241.9]) by phobos.frii.com (8.8.4/8.8.4) with ESMTP id KAA29083 for ; Sun, 9 Feb 1997 10:34:48 -0700 (MST) Received: (from gnat@localhost) by elara.frii.com (8.8.4/8.6.9) id KAA15856; Sun, 9 Feb 1997 10:34:48 -0700 (MST) Date: Sun, 9 Feb 1997 10:34:48 -0700 (MST) Message-Id: <199702091734.KAA15856@elara.frii.com> To: FreeBSD Security Subject: Re: 2.1.7? In-Reply-To: <19970209151337.60980@usn.blaze.net.au> References: <199702082101.QAA21606@roundtable.cif.rochester.edu> <19970209151337.60980@usn.blaze.net.au> Mime-Version: 1.0 (generated by tm-edit 7.103) Content-Type: text/plain; charset=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk David Nugent writes: > So, it really doesn't require a "release" to obtain the > sources - just set up CVSUP and go. Be that as it may, I seriously hope that a formal release is issued soon. I've had problems rebuilding libc on 2.1.5, related to the DNS resolution code, and am basing all my hopes now on being able to forcibly upgrade the entire system from a prebuilt release. Nat From owner-freebsd-security Sun Feb 9 10:50:02 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id KAA29671 for security-outgoing; Sun, 9 Feb 1997 10:50:02 -0800 (PST) Received: from cwsys.cwent.com (0@cschuber.net.gov.bc.ca [142.31.240.113]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id KAA29644 for ; Sun, 9 Feb 1997 10:49:58 -0800 (PST) Received: (from uucp@localhost) by cwsys.cwent.com (8.8.5/8.6.10) id KAA02001; Sun, 9 Feb 1997 10:49:32 -0800 (PST) Message-Id: <199702091849.KAA02001@cwsys.cwent.com> Received: from localhost.cwent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwent.com, id smtpd001998; Sun Feb 9 18:49:27 1997 Reply-to: cys@mailhost.wlc.com X-Mailer: Xmh To: gnat@frii.com cc: FreeBSD Security Subject: Re: 2.1.7? In-reply-to: Your message of "Sun, 09 Feb 1997 10:34:48 MST." <199702091734.KAA15856@elara.frii.com> Date: Sun, 09 Feb 1997 10:49:27 -0800 From: Cy Schubert Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > David Nugent writes: > > So, it really doesn't require a "release" to obtain the > > sources - just set up CVSUP and go. > > Be that as it may, I seriously hope that a formal release is issued > soon. I've had problems rebuilding libc on 2.1.5, related to the DNS > resolution code, and am basing all my hopes now on being able to > forcibly upgrade the entire system from a prebuilt release. When I used 2.1.5 I was able to rebuild everything, including libc and the resolver. What kind of problem are you having? Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 UNIX Support OV/VM: BCSC02(CSCHUBER) ITSD BITNET: CSCHUBER@BCSC02.BITNET Government of BC Internet: cschuber@uumail.gov.bc.ca cschuber@bcsc02.gov.bc.ca "Quit spooling around, JES do it." From owner-freebsd-security Sun Feb 9 10:58:25 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id KAA00299 for security-outgoing; Sun, 9 Feb 1997 10:58:25 -0800 (PST) Received: from freon.republic.k12.mo.us (rholland@freon.republic.k12.mo.us [204.184.196.100]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id KAA00292 for ; Sun, 9 Feb 1997 10:58:19 -0800 (PST) Received: (from rholland@localhost) by freon.republic.k12.mo.us (8.8.5/8.6.9) id MAA02371; Sun, 9 Feb 1997 12:57:33 -0600 Date: Sun, 9 Feb 1997 12:57:33 -0600 (CST) From: Richard Holland To: freebsd-security@FreeBSD.ORG Subject: buffer overruns In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk With all of this locale stuff going on, it made me realize that I actually don't know what a buffer overrun is. However I am learning C at the moment and have a basic idea down: I know what in C, a variable takes up a certain amount of memory, like type char is usually 1 byte, so stating char var; in your code sets aside 1 byte of memory aside. So if you then said var = 'blah' You would step into other memory addresses right? So the set locale bug is this only put differently. It allocates X amount of bytes for the buffer, and people put to much junk into it, causing it to step into other memory addresses. If I am right here, How would you know just how far you have to go over and what the characters need to be once you get thus far? Of course I could be totally wrong here. Realize that I am just now covering pointers in the book I am reading on C :) ///////////////////////////////////////////////////////////////////////////// Richard A. Holland * Systems Administrator rholland@freon.republic.k12.mo.us * UNIX consulting HANGER@getonthe.net * Network Security hangar@irc --------------------(FreeBSD,OpenBSD,NetBSD,Linux,AIX)---------------------- From owner-freebsd-security Sun Feb 9 12:10:24 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id MAA04884 for security-outgoing; Sun, 9 Feb 1997 12:10:24 -0800 (PST) Received: from alpha.risc.org (trt-on10-45.netcom.ca [207.181.83.173]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id MAA04873 for ; Sun, 9 Feb 1997 12:10:16 -0800 (PST) Received: from localhost (taob@localhost) by alpha.risc.org (8.8.4/8.8.4) with SMTP id PAA18341; Sun, 9 Feb 1997 15:09:26 -0500 (EST) Date: Sun, 9 Feb 1997 15:09:25 -0500 (EST) From: Brian Tao To: Richard Holland cc: freebsd-security@FreeBSD.ORG Subject: Re: buffer overruns In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Sun, 9 Feb 1997, Richard Holland wrote: > > So the set locale bug is this only put differently. It allocates X > amount of bytes for the buffer, and people put to much junk into it, > causing it to step into other memory addresses. Essentially, yes. Specifically, you can overrun the allocated amount of memory so that it clobbers the return address from the function (i.e., where the next piece of code is found once your function returns) and points it to a new piece of code you just inserted with the overflow data. > If I am right here, How would you know just how far you have to go > over and what the characters need to be once you get thus far? It is obviously best not to go over by even one byte. :) -- Brian Tao (BT300, taob@risc.org) "Though this be madness, yet there is method in't" From owner-freebsd-security Sun Feb 9 12:12:00 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id MAA04952 for security-outgoing; Sun, 9 Feb 1997 12:12:00 -0800 (PST) Received: from alpha.risc.org (trt-on10-45.netcom.ca [207.181.83.173]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id MAA04943 for ; Sun, 9 Feb 1997 12:11:56 -0800 (PST) Received: from localhost (taob@localhost) by alpha.risc.org (8.8.4/8.8.4) with SMTP id PAA18346; Sun, 9 Feb 1997 15:10:59 -0500 (EST) Date: Sun, 9 Feb 1997 15:10:58 -0500 (EST) From: Brian Tao To: Craig Shaver cc: security@freebsd.org Subject: Re: Don't fulminate, be productive In-Reply-To: <32FD0078.3F54BC7E@progroup.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Sat, 8 Feb 1997, Craig Shaver wrote: > > Did Marc Slemko use perl scripts? Do you have an email addr for > Marc? Do you think he would let others have access to the tools he > used? No, I was just kidding. I'm pretty sure Marc didn't use perl scripts for his work on Apache. ;-) He's at marcs@znep.com, and I think he reads this list too. -- Brian Tao (BT300, taob@risc.org) "Though this be madness, yet there is method in't" From owner-freebsd-security Sun Feb 9 13:27:12 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id NAA10116 for security-outgoing; Sun, 9 Feb 1997 13:27:12 -0800 (PST) Received: from scanner.worldgate.com (scanner.worldgate.com [198.161.84.3]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id NAA10109 for ; Sun, 9 Feb 1997 13:27:09 -0800 (PST) Received: from znep.com (uucp@localhost) by scanner.worldgate.com (8.8.5/8.7.3) with UUCP id OAA18887 for freebsd-security@FreeBSD.org; Sun, 9 Feb 1997 14:27:02 -0700 (MST) Received: from localhost (marcs@localhost) by alive.ampr.ab.ca (8.7.5/8.7.3) with SMTP id OAA12390 for ; Sun, 9 Feb 1997 14:26:32 -0700 (MST) Date: Sun, 9 Feb 1997 14:26:31 -0700 (MST) From: Marc Slemko X-Sender: marcs@alive.ampr.ab.ca To: freebsd-security@FreeBSD.org Subject: Re: buffer overruns In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk On Sun, 9 Feb 1997, Brian Tao wrote: > On Sun, 9 Feb 1997, Richard Holland wrote: > > > > So the set locale bug is this only put differently. It allocates X > > amount of bytes for the buffer, and people put to much junk into it, > > causing it to step into other memory addresses. > > Essentially, yes. Specifically, you can overrun the allocated > amount of memory so that it clobbers the return address from the > function (i.e., where the next piece of code is found once your > function returns) and points it to a new piece of code you just > inserted with the overflow data. While that is currently one of the most popular methods of exploiting overflows, it is important to remember that is _not_ the only method; there are many, many others. This is the reason why it is so difficult for people who fix them to say "yes, this is a big hole" or "no, you don't have to worry about this. If and how it can be exploited depends on many things, including architecture, compiler, optimization, etc. Some, like the problem with man in the -current tree a while ago, almost certainly could be exploited and you could gain root if root ever used man. It wasn't in any release, so I didn't make a big deal about it but just got it fixed. Other problems would take hours of analysis before you could be confident that there is absolutely no way to exploit it. For anyone unfamiliar with the basic concepts, consider the following code: int main (int argc, char *argv[]) { int give_root_shell=0; char t[1]; strcpy(t, argv[1]); if (give_root_shell) system("/bin/sh"); return 0; } Compile it without any optimization, then run it with a command line argument of 'x'. (eg. "./a.out x"). Then run it with a command line argument of 'xx'. The first shouldn't give you a shell, the second often will. Then compile it with -O. Now you will likely not be able to get a 'xx' because the compiler may well optimize out give_root_shell entirely. Note that very few buffer overflows are as trivial as this, but if you play around with it a bit you can quickly see how complex it can be to figure out. From owner-freebsd-security Sun Feb 9 14:15:50 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id OAA12929 for security-outgoing; Sun, 9 Feb 1997 14:15:50 -0800 (PST) Received: from burka.carrier.kiev.ua (snar@burka.carrier.kiev.ua [193.193.193.100]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id OAA12857 for ; Sun, 9 Feb 1997 14:15:21 -0800 (PST) Received: (from snar@localhost) by burka.carrier.kiev.ua (8.8.4/8.who.cares.1) id AAA11849; Mon, 10 Feb 1997 00:13:52 +0200 (EET) Date: Mon, 10 Feb 1997 00:13:52 +0200 (EET) From: Alexander Snarskii Message-Id: <199702092213.AAA11849@burka.carrier.kiev.ua> To: rholland@freon.republic.k12.mo.us (Richard Holland) Cc: freebsd-security@freebsd.org Subject: Re: buffer overruns X-Newsreader: TIN [UNIX 1.3 unoff BETA release 960917] MIME-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 8bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk In article you wrote: RH> With all of this locale stuff going on, it made me realize that I RH>actually don't know what a buffer overrun is. However I am learning C at RH>the moment and have a basic idea down: RH>I know what in C, a variable takes up a certain amount of memory, like RH>type char is usually 1 byte, so stating char var; in your code sets aside RH>1 byte of memory aside. So if you then said var = 'blah' You would step C is not a Pascal :) You have two types of operations: 'operators', which are always works with fixed-length data ( in your primer 'var' can be char* , but with that assignment you'll never got stack violation, just because that instruction translates into movl
,$%bp ) and functions, which can really damage stack frames ( also in your primer: int function() { char var; [...] strcpy(&var,"blah"); [...] return 0; } will really do so. ) RH>into other memory addresses right? So the set locale bug is this only RH>put differently. It allocates X amount of bytes for the buffer, and RH>people put to much junk into it, causing it to step into other memory RH>addresses. Noone operator can damage stack. Functions can. But, they're not 'allocate' some amounts of the memory, they just writes some data to the some location. More than, due to the processor architecture, most variables, which are used in the programs are in the stack segment, so, you will not necessary to broke the 'nearest' stack frame, as in primer, you can broke _any_ of the stack frames in your program.... And, the worst thing - when you writes some data somewhere, you can not check ( on the C-level of programming ), does this byte/word/dword now overwrites some stack frame or not... But, you can check this in the assembler level, and, more than, the patches to libc to most 'insecure' functions ( such as strcpy and sprintf, f.e. ) are published in the -hackers list today. ( You can find it with www.freebsd.org/search.html by subject "Increasing overall security" ) -- Alexander Snarskii the source code is included. From owner-freebsd-security Sun Feb 9 15:01:51 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id PAA16129 for security-outgoing; Sun, 9 Feb 1997 15:01:51 -0800 (PST) Received: from mexico.brainstorm.eu.org (root@mexico.brainstorm.fr [193.56.58.253]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id PAA16119 for ; Sun, 9 Feb 1997 15:01:41 -0800 (PST) Received: from brasil.brainstorm.eu.org (brasil.brainstorm.fr [193.56.58.33]) by mexico.brainstorm.eu.org (8.8.4/8.8.4) with ESMTP id AAA03828 for ; Mon, 10 Feb 1997 00:01:26 +0100 Received: (from uucp@localhost) by brasil.brainstorm.eu.org (8.8.4/8.6.12) with UUCP id AAA16030 for freebsd-security@FreeBSD.ORG; Mon, 10 Feb 1997 00:00:50 +0100 Received: (from roberto@localhost) by keltia.freenix.fr (8.8.5/keltia-uucp-2.9) id XAA28665; Sun, 9 Feb 1997 23:14:33 +0100 (CET) Message-ID: <19970209231433.QS19404@keltia.freenix.fr> Date: Sun, 9 Feb 1997 23:14:33 +0100 From: roberto@keltia.freenix.fr (Ollivier Robert) To: freebsd-security@FreeBSD.ORG Subject: Re: buffer overruns References: X-Mailer: Mutt 0.60,1-3,9 Mime-Version: 1.0 X-Operating-System: FreeBSD 3.0-CURRENT ctm#2999 In-Reply-To: ; from Richard Holland on Feb 9, 1997 12:57:33 -0600 Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk According to Richard Holland: > If I am right here, How would you know just how far you have to go over > and what the characters need to be once you get thus far? Of course I > could be totally wrong here. Realize that I am just now covering > pointers in the book I am reading on C :) Many of the buffer overruns comes from the fact that many "temporary" buffers are allocated from the stack as automatic variables like this: int foo (...) { char tmp [100]; Now imagine tmp is filled with something like this: strcpy (tmp, getenv("SOME_VARIABLE")); If you put enough characters in $SOME_VARIABLE, you could trash, the return address that is usually just before the automatic variables... Realize that the the standard entry instructions for many functions is pushl %bp movl %sp,%bp subl NN,%sp /* where NN is the space for automatic vars */ So the stack will look like this: return address before the call saved %bp ... automatic variables (NN bytes approx.) So if you able to calculate how many bytes the automatic variables will take and put enough data in tmp to overrun all variables *and* the return address, you'll be able to change that return address, making it pointing to a portion of code of *your* doing, like "setuid (0); exec ("/bin/sh");" Most of the buffer overruns are just that, enough data to trash the stack then the exploit code itself. The trick is to calculate offsets just to make the saved %sp from the previous call point to your code. The easiest way to close all this bugs is to make the stack non executable (from a processor standpoint) but I'm not sure you can do it in Intel processors. PS: I'm not sure at all I got the ASM syntax right, I'm still thinking in MASM mode than in GAS mode (reversed operands and all that). PPS: sometimes it pays off to have been an ASM programmer before a C one and to look at what the compiler outputs for a given code... :-) PPPS: ok, it was ASM/370 then 68XXX before even playing with Intel. -- Ollivier ROBERT -=- The daemon is FREE! -=- roberto@keltia.freenix.fr FreeBSD keltia.freenix.fr 3.0-CURRENT #39: Sun Feb 2 22:12:44 CET 1997 From owner-freebsd-security Sun Feb 9 15:27:25 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id PAA17337 for security-outgoing; Sun, 9 Feb 1997 15:27:25 -0800 (PST) Received: from kirk.edmweb.com (kirk.edmweb.com [204.244.190.1]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id PAA17332 for ; Sun, 9 Feb 1997 15:27:22 -0800 (PST) Received: from bitbucket (bitbucket.edmweb.com [204.244.190.9]) by kirk.edmweb.com (8.8.5/8.7.3) with ESMTP id PAA16790; Sun, 9 Feb 1997 15:27:15 -0800 (PST) Received: from localhost by bitbucket with smtp id m0vtieT-000CGkC (Debian Smail-3.2 1996-Jul-4 #2); Sun, 9 Feb 1997 15:27:17 -0800 (PST) Date: Sun, 9 Feb 1997 15:27:14 -0800 (PST) From: Steve Reid X-Sender: steve@bitbucket Reply-To: Steve Reid To: Marc Slemko cc: freebsd-security@FreeBSD.org Subject: Re: buffer overruns In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk > > [snip] points it to a new piece of code you just inserted with the > > overflow data. > While that is currently one of the most popular methods of exploiting > overflows, it is important to remember that is _not_ the only method; IIRC, the RTM internet worm exploited an overflow in fingerd by overwriting the filename string for the local finger program with "/bin/sh", which caused it to execute a shell instead of a regular finger. No return address manipulation was required. From owner-freebsd-security Sun Feb 9 16:07:19 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id QAA20473 for security-outgoing; Sun, 9 Feb 1997 16:07:19 -0800 (PST) Received: from rover.village.org (rover.village.org [204.144.255.49]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id QAA20467 for ; Sun, 9 Feb 1997 16:07:14 -0800 (PST) Received: from rover.village.org [127.0.0.1] by rover.village.org with esmtp (Exim 0.56 #1) id E0vtjGr-0004Gc-00; Sun, 9 Feb 1997 17:06:57 -0700 To: Marc Slemko Subject: Re: buffer overruns Cc: freebsd-security@freebsd.org In-reply-to: Your message of "Sun, 09 Feb 1997 14:26:31 MST." References: Date: Sun, 09 Feb 1997 17:06:56 -0700 From: Warner Losh Message-Id: Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk In message Marc Slemko writes: : While that is currently one of the most popular methods of exploiting : overflows, it is important to remember that is _not_ the only method; Yes /tmp races are also fun. There are a bunch of orthers too: not dripping privs, revoking privs incorrectly, etc. So are using features indented for another purpose to hide, conceal or conquer. :-) Most of the sendmail and lpr/lpd bugs fall into this last category. Warner From owner-freebsd-security Sun Feb 9 22:51:32 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id WAA13260 for security-outgoing; Sun, 9 Feb 1997 22:51:32 -0800 (PST) Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.2.228.19]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id WAA13248 for ; Sun, 9 Feb 1997 22:51:27 -0800 (PST) Received: (from bde@localhost) by godzilla.zeta.org.au (8.8.3/8.6.9) id RAA25451; Mon, 10 Feb 1997 17:46:03 +1100 Date: Mon, 10 Feb 1997 17:46:03 +1100 From: Bruce Evans Message-Id: <199702100646.RAA25451@godzilla.zeta.org.au> To: freebsd-security@FreeBSD.org, roberto@keltia.freenix.fr Subject: Re: buffer overruns Sender: owner-security@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk >The easiest way to close all this bugs is to make the stack non executable >(from a processor standpoint) but I'm not sure you can do it in Intel >processors. Non-executable stack and data segments are natural for Intel processors. I remember when I first tried crashme under Minix. It went nowhere because the data/stack segment was separate from the code segment (and execute-protected). I had to compile crashme with common I&D to work. Bruce From owner-freebsd-security Sun Feb 9 23:48:26 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id XAA16377 for security-outgoing; Sun, 9 Feb 1997 23:48:26 -0800 (PST) Received: from char-star.rdist.org (char-star.rdist.org [206.54.252.22]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id XAA16370 for ; Sun, 9 Feb 1997 23:48:23 -0800 (PST) From: tqbf@enteract.com Received: (qmail 22013 invoked by uid 1001); 10 Feb 1997 07:49:14 -0000 Date: 10 Feb 1997 07:49:14 -0000 Message-ID: <19970210074914.22012.qmail@char-star.rdist.org> To: roberto@keltia.freenix.fr, freebsd-security@freebsd.org Subject: Re: buffer overruns In-Reply-To: <19970209231433.QS19404@keltia.freenix.fr> Reply-To: tqbf@enteract.com Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk In article <19970209231433.QS19404@keltia.freenix.fr>, you wrote: >If you put enough characters in $SOME_VARIABLE, you could trash, the return >address that is usually just before the automatic variables... Usually? =) You're overwriting (everyone seems to have a different term for this) your call-stack-frame/procedure-activation-record, which is a structure describing the routine's caller's state. One of the bits of information in that state is the address to return to after the procedure ends. What's a situation in which the information from the stack frame is not adjacent to the procedure's automatic variables? >So if you able to calculate how many bytes the automatic variables will >take and put enough data in tmp to overrun all variables *and* the return >address, you'll be able to change that return address, making it pointing This is much simpler than you're making it sound. I don't need to calculate anything, and, if I take the time to calculate anything, it takes a trivial amount of data to accomplish this. First, if I know roughly how large the buffer I'm overflowing is (by reading the source, or by trial and error looking for segfaults), I can ensure the stack frame is overwritten entirely with forged addresses simply by filling the end of the buffer, along with a couple hundred bytes after the buffer, with return addresses. I don't usually need to calculate where these return addresses point to. If I'm exploiting a typical stack overflow, I already know that the data I've spewed at the program is sitting somewhere in the stack segment, which starts at a specific address regardless of the program. If I make an offset from some sane base-stack-address value a configurable option in my exploit, trial and error will eventually show me a good address to jump to to take over the program. Recall now that I'm almost always jumping to some address pointing into the buffer that I've thrown at the program (this is where I usually have the most control over what's in the memory space of the process I'm trying to take over). Obviously, if I have to jump *exactly* to the first machine instruction of my real exploit code (whatever is generating a shell for me), I've got a real challenge - it'll take thousands of attempts to find the right address without the ability to pull the program up in a debugger. However, I can maximize my acceptable margin of error by filling most of my buffer up with valid instructions. If I hit *any* of these instructions, the processor will simply execute the instruction, fetch the next one, execute it, etc, etc, until eventually I've "slid" into my real exploit code. If the buffer I'm overflowing is 2048 bytes long, I can fill it with about 2000 1 byte null-ops, then 40 bytes of real exploit code (execve()), and then enough return addresses to ensure that the stack frame is trashed. I now have a 2000-byte margin of error. Of course, if I'm in a situation with a limited amount of space in which to inject my code, I can always pull the program up in a debugger, find out *exactly* where the buffer I'm overflowing starts in memory, and engineer a more careful exploit. Often, this isn't even necessary, as I've got enough space in the stack to trample after a few procedures have been called that I can simply fill the buffer entirely with return addresses, and tack a few K worth of opcodes into the stack after the buffer. This technique (which, along with some other ingenious tricks, was first published in the Linux i386 splitvt exploit) almost *always* works without modification. In fact, because most programs don't use too much stack space, if I have a valid stack address, more often than not, I'll be able to get an exploit working without significant trial and error. crt0 worked for me, by cutting and pasting the exploit code from lpr's card() routine, on the first try. Really, the only thing that varies between programs is the number of bytes I have to pad the return addresses with, as they're often misaligned by a byte or two. These methods are documented, exceedingly simple to execute once you're familiar with them, and aren't time consuming. Stack overruns are, at this point, trivial to exploit for most people with elementary C coding ability. >The easiest way to close all this bugs is to make the stack non executable >(from a processor standpoint) but I'm not sure you can do it in Intel >processors. You'll have to make every other region of memory that a calling process could potentially control non-executable as well. It's a gross assumption to say that I, being the caller of any given program, only have influence over the contents of that program's stack. -- ---------------- Thomas Ptacek at EnterAct, L.L.C., Chicago, IL [tqbf@enteract.com] ---------------- exit(main(kfp->kargc, argv, environ)); From owner-freebsd-security Sun Feb 9 23:51:28 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id XAA16457 for security-outgoing; Sun, 9 Feb 1997 23:51:28 -0800 (PST) Received: from char-star.rdist.org (char-star.rdist.org [206.54.252.22]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id XAA16452 for ; Sun, 9 Feb 1997 23:51:26 -0800 (PST) From: tqbf@enteract.com Received: (qmail 22119 invoked by uid 1001); 10 Feb 1997 07:52:17 -0000 Date: 10 Feb 1997 07:52:17 -0000 Message-ID: <19970210075217.22118.qmail@char-star.rdist.org> To: marcs@znep.com, freebsd-security@freebsd.org Subject: Re: Don't fulminate, be productive In-Reply-To: Reply-To: tqbf@enteract.com Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk In article , you wrote: >Essentially what I did is go through the entire source line by line, >looking for anything that stood out as being suspicious. Those things >include: If you used "grep()" or pattern-searching in your editor to do this, you just missed the lpr card() hole. while(*c) *p++ = *c++; -- ---------------- Thomas Ptacek at EnterAct, L.L.C., Chicago, IL [tqbf@enteract.com] ---------------- exit(main(kfp->kargc, argv, environ)); From owner-freebsd-security Mon Feb 10 00:29:17 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id AAA18458 for security-outgoing; Mon, 10 Feb 1997 00:29:17 -0800 (PST) Received: from shadows.aeon.net (shadows.aeon.net [194.100.41.1]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id AAA18452; Mon, 10 Feb 1997 00:28:55 -0800 (PST) Received: (from bsdisp@localhost) by shadows.aeon.net (8.8.5/8.8.3) id KAA26392; Mon, 10 Feb 1997 10:25:05 +0200 (EET) From: mika ruohotie Message-Id: <199702100825.KAA26392@shadows.aeon.net> Subject: Re: Problems? or denial of service attack? To: sadmin@roundtable.cif.rochester.edu (Security Administrator) Date: Mon, 10 Feb 1997 10:25:05 +0200 (EET) Cc: rls@mail.id.net, walth@scanners.tec.mn.us, slaterm@excel.tnet.com.au, questions@freebsd.org, isp@freebsd.org, security@freebsd.org In-Reply-To: <199702082055.PAA21546@roundtable.cif.rochester.edu> from Security Administrator at "Feb 8, 97 03:55:41 pm" X-Mailer: ELM [version 2.4ME+ PL22 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > > I don't build a machine with less than 128MB of swap, 43 is nothing, > We've got a machine with 128 Megs of on-board RAM. We STILL decided to > install twice the amount of cache (256 megs) split between two disks hmm... a while ago i fired up a machine with 128 megs ram and 4 scsi disks, each carrying 128 megs swap, total 512 megs swap. and when i will be adding more drives i will put those into the swap chain too... there's never "too much" swap i guess, specially since the drives comes cheapo. also i wonder the general filesystem setup the person has in his server, even though this might be slightly off topic, and basic knowledge, i think it doesnt hurt to say it out loud. =) i trust you isp people run your /var/mail on separate filesystem, right? (even going for several filesystems between clients is not too paranoid) the first thing an isp has to consider is someone attacking with denial of service attempts. and general question, how much mail space would be the "good" amount per customer? one/two/three megs? (assuming client doesnt save email on the server side) should the quota include mail space? should i restrict the mail size? i personally would quota, and give one meg max. mickey -- mika ruohotie super systems, finland net/sys admin mickey@supsys.fi mika@aeon.net From owner-freebsd-security Mon Feb 10 01:26:53 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id BAA21220 for security-outgoing; Mon, 10 Feb 1997 01:26:53 -0800 (PST) Received: from scanner.worldgate.com (scanner.worldgate.com [198.161.84.3]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id BAA21213 for ; Mon, 10 Feb 1997 01:26:50 -0800 (PST) Received: from znep.com (uucp@localhost) by scanner.worldgate.com (8.8.5/8.7.3) with UUCP id CAA18363; Mon, 10 Feb 1997 02:26:46 -0700 (MST) Received: from localhost (marcs@localhost) by alive.ampr.ab.ca (8.7.5/8.7.3) with SMTP id CAA16470; Mon, 10 Feb 1997 02:24:36 -0700 (MST) Date: Mon, 10 Feb 1997 02:24:35 -0700 (MST) From: Marc Slemko X-Sender: marcs@alive.ampr.ab.ca To: tqbf@enteract.com cc: freebsd-security@freebsd.org Subject: Re: Don't fulminate, be productive In-Reply-To: <19970210075217.22118.qmail@char-star.rdist.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On 10 Feb 1997 tqbf@enteract.com wrote: > In article , you wrote: > >Essentially what I did is go through the entire source line by line, > >looking for anything that stood out as being suspicious. Those things > >include: > > If you used "grep()" or pattern-searching in your editor to do this, you > just missed the lpr card() hole. > > while(*c) *p++ = *c++; Of course. That is why I said line-by-line and why I don't find scripts overly useful. What I _do_ do is, after I go through the source, do a quick grep on certain keywords to help find some of the things I may have missed. That one is an easy one to spot when scanning through the source manually, since it just screams out "playing wiht string pointers". When I was looking through some of the FreeBSD sources a while back, I first looked through the source line by line, then did a grep to see if I could notice anything I missed in my first run, then did a diff with the OpenBSD source to see if I missed anything that was fixed there. 90% of security holes are easy to find in stuff like FreeBSD right now. When the obvious ones get fixed, it will be more like 90% being hard to find. From owner-freebsd-security Mon Feb 10 01:59:56 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id BAA22526 for security-outgoing; Mon, 10 Feb 1997 01:59:56 -0800 (PST) Received: from hda.hda.com (ip36-max1-fitch.ziplink.net [199.232.245.36]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id BAA22521 for ; Mon, 10 Feb 1997 01:59:52 -0800 (PST) Received: (from dufault@localhost) by hda.hda.com (8.6.12/8.6.12) id EAA08773; Mon, 10 Feb 1997 04:54:36 -0500 From: Peter Dufault Message-Id: <199702100954.EAA08773@hda.hda.com> Subject: Re: buffer overruns In-Reply-To: <19970209231433.QS19404@keltia.freenix.fr> from Ollivier Robert at "Feb 9, 97 11:14:33 pm" To: roberto@keltia.freenix.fr (Ollivier Robert) Date: Mon, 10 Feb 1997 04:54:35 -0500 (EST) Cc: freebsd-security@freebsd.org X-Mailer: ELM [version 2.4ME+ PL25 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > The easiest way to close all this bugs is to make the stack non executable > (from a processor standpoint) but I'm not sure you can do it in Intel > processors. Is the stack executable? I've been assuming the exploits modify the stack to return to a built up call to "system" or something else in the library with their own args setup. I've been assuming that executing data isn't part of modern exploits. Has anyone seen modifications to gcc to generate guard bands around automatics and stack check sequences? The automatics can be checked when they come into / go out of existence, and stack integrity at return time. It won't stop the exploits, but it will make them harder, and you will get "security" dumps from setuid programs if you require that setuid programs be compiled that way (and linked against a separate "secure" library compiled that way also). You could even hack things so that setuid would fail for "insecure" executables. The idea is simple enough that someone must have tried it. -- Peter Dufault (dufault@hda.com) Realtime Machine Control and Simulation HD Associates, Inc. Voice: 508 433 6936 From owner-freebsd-security Mon Feb 10 03:58:55 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id DAA27631 for security-outgoing; Mon, 10 Feb 1997 03:58:55 -0800 (PST) Received: from char-star.rdist.org (char-star.rdist.org [206.54.252.22]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id DAA27625 for ; Mon, 10 Feb 1997 03:58:51 -0800 (PST) From: tqbf@enteract.com Received: (qmail 27808 invoked by uid 1001); 10 Feb 1997 11:59:41 -0000 Date: 10 Feb 1997 11:59:41 -0000 Message-ID: <19970210115941.27807.qmail@char-star.rdist.org> To: dufault@hda.com, freebsd-security@freebsd.org Subject: Re: buffer overruns In-Reply-To: <199702100954.EAA08773@hda.hda.com> Reply-To: tqbf@enteract.com Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk In article <199702100954.EAA08773@hda.hda.com>, you wrote: >Is the stack executable? I've been assuming the exploits modify Yes. >the stack to return to a built up call to "system" or something system() is a library routine that decays to an execve() (which is a system call) of /bin/sh with arguments indicating the command line to be run. There's no guarantee that system() will even be accessible from any given program, let alone that it'll be at some fixed address. System calls are always accessed the same way (on FreeBSD, either lcall(7,0) or int 80h). >else in the library with their own args setup. I've been assuming >that executing data isn't part of modern exploits. You're assuming that the exploits overwrite the return address to point to system("/bin/sh"), and some how manipulate the stack to have the correct arguments. They don't. Stack ovverun exploits overwrite the return address to point to some region of memory (usually the stack) that the attacker has control over; the attacker ensures that that area of memory contains executable opcodes that will do what the attacker wants (usually execve()'ing a shell). >Has anyone seen modifications to gcc to generate guard bands around >automatics and stack check sequences? The automatics can be checked On SunOS, yep. It broke alot of things we tried compiling. -- ---------------- Thomas Ptacek at EnterAct, L.L.C., Chicago, IL [tqbf@enteract.com] ---------------- exit(main(kfp->kargc, argv, environ)); From owner-freebsd-security Mon Feb 10 04:38:05 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id EAA00383 for security-outgoing; Mon, 10 Feb 1997 04:38:05 -0800 (PST) Received: from nic.follonett.no (nic.follonett.no [194.198.43.10]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id EAA00372 for ; Mon, 10 Feb 1997 04:37:46 -0800 (PST) Received: (from uucp@localhost) by nic.follonett.no (8.8.5/8.8.3) with UUCP id NAA24345; Mon, 10 Feb 1997 13:36:14 +0100 (MET) Received: from oo7 (oo7.dimaga.com [192.0.0.65]) by dimaga.com (8.7.5/8.7.2) with SMTP id NAA11244; Mon, 10 Feb 1997 13:11:20 +0100 (MET) Message-Id: <3.0.32.19970210131120.00a34940@dimaga.com> X-Sender: eivind@dimaga.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Mon, 10 Feb 1997 13:11:21 +0100 To: roberto@keltia.freenix.fr (Ollivier Robert) From: Eivind Eklund Subject: Re: buffer overruns Cc: freebsd-security@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk At 11:14 PM 2/9/97 +0100, Ollivier Robert wrote: >The easiest way to close all this bugs is to make the stack non executable >(from a processor standpoint) but I'm not sure you can do it in Intel >processors. Yes, you can. This, however, involve a lot more segment operations than FreeBSD presently use, which will seriously hurt performance, as well as being a pain to implement. Eivind Eklund perhaps@yes.no http://maybe.yes.no/perhaps/ eivind@freebsd.org From owner-freebsd-security Mon Feb 10 04:54:42 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id EAA00892 for security-outgoing; Mon, 10 Feb 1997 04:54:42 -0800 (PST) Received: from agora.rdrop.com (root@agora.rdrop.com [199.2.210.241]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id EAA00887 for ; Mon, 10 Feb 1997 04:54:40 -0800 (PST) Received: from hda.hda.com by agora.rdrop.com with smtp (Smail3.1.29.1 #17) id m0vtvFl-0008yJC; Mon, 10 Feb 97 04:54 PST Received: (from dufault@localhost) by hda.hda.com (8.6.12/8.6.12) id HAA08991; Mon, 10 Feb 1997 07:44:31 -0500 From: Peter Dufault Message-Id: <199702101244.HAA08991@hda.hda.com> Subject: Re: buffer overruns In-Reply-To: <19970210115941.27807.qmail@char-star.rdist.org> from "tqbf@enteract.com" at "Feb 10, 97 11:59:41 am" To: tqbf@enteract.com Date: Mon, 10 Feb 1997 07:44:31 -0500 (EST) Cc: dufault@hda.com, freebsd-security@freebsd.org X-Mailer: ELM [version 2.4ME+ PL25 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > >Is the stack executable? I've been assuming the exploits modify > > Yes. > > >the stack to return to a built up call to "system" or something > > system() is a library routine that decays to an execve() (which is a > system call) of /bin/sh... (Yes - that's why I said "or something") (...) > >Has anyone seen modifications to gcc to generate guard bands around > >automatics and stack check sequences? The automatics can be checked > > On SunOS, yep. It broke alot of things we tried compiling. If you went that far you know the answer to my next two part question: is it realistic and doable to require suid programs to be text-execute only? Peter -- Peter Dufault (dufault@hda.com) Realtime Machine Control and Simulation HD Associates, Inc. Voice: 508 433 6936 From owner-freebsd-security Mon Feb 10 11:21:07 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id LAA19409 for security-outgoing; Mon, 10 Feb 1997 11:21:07 -0800 (PST) Received: from fabius.globecomm.net (fabius.globecomm.net [207.51.48.6]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id LAA19355 for ; Mon, 10 Feb 1997 11:20:24 -0800 (PST) Received: from daytona.disb.com.my ([202.190.129.52]) by fabius.globecomm.net (8.8.5/8.8.0) with ESMTP id OAA24541 for ; Mon, 10 Feb 1997 14:20:01 -0500 (EST) Message-Id: <199702101920.OAA24541@fabius.globecomm.net> From: "M.C Wong" To: Subject: Writing buffer overwrite on FreeBSD ? Date: Tue, 11 Feb 1997 03:12:00 +0800 X-MSMail-Priority: Normal X-Priority: 3 X-Mailer: Microsoft Internet Mail 4.70.1155 MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Dear Sir/Madam, With reference to http://www.l0pht.com/advisories/bufero.html, I wonder if anyone manage to make 2nd cut of the program used in the tutorial (syslog_test_2.c) throws out a SIGTRAP ? Similarly for the 3rd cut and the final program which runs smoothly from begining to end and not causing any error. Am I reading the codes wrongly ? I understand the code was originally written on BSDI system but thought the similarity between it and FreeBSD should exhibit the same bahaviour when executing the codes. Not! Have someone had any experience in writing similar buffer overun test code that actually works on a FreeBSD box ? Appreciate sharing of such information if available. Regards, M.C Wong From owner-freebsd-security Mon Feb 10 12:50:21 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id MAA24180 for security-outgoing; Mon, 10 Feb 1997 12:50:21 -0800 (PST) Received: from gvr.win.tue.nl (root@gvr.win.tue.nl [131.155.210.19]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id MAA24047 for ; Mon, 10 Feb 1997 12:49:50 -0800 (PST) Received: (from guido@localhost) by gvr.win.tue.nl (8.8.5/8.8.2) id VAA14184; Mon, 10 Feb 1997 21:48:31 +0100 (MET) From: Guido van Rooij Message-Id: <199702102048.VAA14184@gvr.win.tue.nl> Subject: Re: Writing buffer overwrite on FreeBSD ? In-Reply-To: <199702101920.OAA24541@fabius.globecomm.net> from "M.C Wong" at "Feb 11, 97 03:12:00 am" To: mcwong@imail.com (M.C Wong) Date: Mon, 10 Feb 1997 21:48:31 +0100 (MET) Cc: security@freebsd.org X-Mailer: ELM [version 2.4ME+ PL28 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk M.C Wong wrote: > Dear Sir/Madam, > > With reference to http://www.l0pht.com/advisories/bufero.html, I wonder > if anyone manage to make 2nd cut of the program used in the tutorial > (syslog_test_2.c) throws out a SIGTRAP ? Similarly for the 3rd cut and > the final program which runs smoothly from begining to end and not > causing any error. Am I reading the codes wrongly ? > > I understand the code was originally written on BSDI system but thought > the similarity between it and FreeBSD should exhibit the same bahaviour > when executing the codes. Not! > > Have someone had any experience in writing similar buffer overun test > code that actually works on a FreeBSD box ? > > Appreciate sharing of such information if available. > This was a bug in syslog() sme time ago and has been fixed since 1995/09/15: revision 1.4 date: 1995/09/15 13:53:39; author: peter; state: Exp; lines: +86 -18 Fix security bugs with a "new approach", using stdio's powerful buffer control hooks. It is similar to an unrolled multi-part snprintf(), in that a "FILE *" is attached to a string buffer. There is also an optimisation for the case where the syslog format string does not contain %m, which should improve performance of "informational" logging, like from ftpd. -Guido From owner-freebsd-security Mon Feb 10 13:14:40 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id NAA25456 for security-outgoing; Mon, 10 Feb 1997 13:14:40 -0800 (PST) Received: from rover.village.org (rover.village.org [204.144.255.49]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id NAA25446 for ; Mon, 10 Feb 1997 13:14:34 -0800 (PST) Received: from rover.village.org [127.0.0.1] by rover.village.org with esmtp (Exim 0.56 #1) id E0vu32S-0005Rj-00; Mon, 10 Feb 1997 14:13:24 -0700 To: tqbf@enteract.com Subject: Re: buffer overruns Cc: roberto@keltia.freenix.fr, freebsd-security@freebsd.org In-reply-to: Your message of "10 Feb 1997 07:49:14 GMT." <19970210074914.22012.qmail@char-star.rdist.org> References: <19970210074914.22012.qmail@char-star.rdist.org> Date: Mon, 10 Feb 1997 14:13:23 -0700 From: Warner Losh Message-Id: Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk In message <19970210074914.22012.qmail@char-star.rdist.org> tqbf@enteract.com writes: : You'll have to make every other region of memory that a calling process : could potentially control non-executable as well. It's a gross assumption : to say that I, being the caller of any given program, only have influence : over the contents of that program's stack. >From years of debugging experience we know that it is possible to overflow veriables in the data segment, trashing out the pointer that follows the buffer. Once you do that, then you may be able to use that pointer to write data anywhere in the program.... Found quite a few bugs in code I've worked on that were like this :-(. Warner From owner-freebsd-security Mon Feb 10 13:15:46 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id NAA25523 for security-outgoing; Mon, 10 Feb 1997 13:15:46 -0800 (PST) Received: from rover.village.org (rover.village.org [204.144.255.49]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id NAA25518 for ; Mon, 10 Feb 1997 13:15:39 -0800 (PST) Received: from rover.village.org [127.0.0.1] by rover.village.org with esmtp (Exim 0.56 #1) id E0vu34M-0005Rv-00; Mon, 10 Feb 1997 14:15:22 -0700 To: Marc Slemko Subject: Re: Don't fulminate, be productive Cc: tqbf@enteract.com, freebsd-security@freebsd.org In-reply-to: Your message of "Mon, 10 Feb 1997 02:24:35 MST." References: Date: Mon, 10 Feb 1997 14:15:22 -0700 From: Warner Losh Message-Id: Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk In message Marc Slemko writes: : 90% of security holes are easy to find in stuff like FreeBSD right now. : When the obvious ones get fixed, it will be more like 90% being hard to : find. I'd wager that about 95% of the security problems in FreeBSD could solved by going over the OpenBSD cvs logs carefully and applying those patches. Theo and co have been very careful in their audits of their programs. Warner From owner-freebsd-security Mon Feb 10 13:18:52 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id NAA25697 for security-outgoing; Mon, 10 Feb 1997 13:18:52 -0800 (PST) Received: from rover.village.org (rover.village.org [204.144.255.49]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id NAA25685 for ; Mon, 10 Feb 1997 13:18:47 -0800 (PST) Received: from rover.village.org [127.0.0.1] by rover.village.org with esmtp (Exim 0.56 #1) id E0vu37M-0005S4-00; Mon, 10 Feb 1997 14:18:28 -0700 To: tqbf@enteract.com Subject: Re: buffer overruns Cc: dufault@hda.com, freebsd-security@freebsd.org In-reply-to: Your message of "10 Feb 1997 11:59:41 GMT." <19970210115941.27807.qmail@char-star.rdist.org> References: <19970210115941.27807.qmail@char-star.rdist.org> Date: Mon, 10 Feb 1997 14:18:27 -0700 From: Warner Losh Message-Id: Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk In message <19970210115941.27807.qmail@char-star.rdist.org> tqbf@enteract.com writes: : In article <199702100954.EAA08773@hda.hda.com>, you wrote: : >Is the stack executable? I've been assuming the exploits modify : : Yes. The problem width making the stack non-executable is that it breaks gcc generated code. It will place trampoline code on the stack for a variety of things, and then jump to that code. Exceptions and nested scopes come to mind for when this happens, but it has been a while since I checked this out. Also, SunOS implements a lazy link for shared libraries. When the program starts to execute, it has a bunch of jumps to a routine that fixes up the jumps to the right place and then jumps there itself. Warner From owner-freebsd-security Mon Feb 10 13:22:59 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id NAA25988 for security-outgoing; Mon, 10 Feb 1997 13:22:59 -0800 (PST) Received: from rover.village.org (rover.village.org [204.144.255.49]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id NAA25983 for ; Mon, 10 Feb 1997 13:22:55 -0800 (PST) Received: from rover.village.org [127.0.0.1] by rover.village.org with esmtp (Exim 0.56 #1) id E0vu3AO-0005Se-00; Mon, 10 Feb 1997 14:21:36 -0700 To: Peter Dufault Subject: Re: buffer overruns Cc: tqbf@enteract.com, freebsd-security@freebsd.org In-reply-to: Your message of "Mon, 10 Feb 1997 07:44:31 EST." <199702101244.HAA08991@hda.hda.com> References: <199702101244.HAA08991@hda.hda.com> Date: Mon, 10 Feb 1997 14:21:36 -0700 From: Warner Losh Message-Id: Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk In message <199702101244.HAA08991@hda.hda.com> Peter Dufault writes: : is it realistic and doable to require suid programs to be text-execute only? I'm not sure you can do this. You'll need to have the shared libraries mappeded executable, as well as .text section of the program. If you then disallow execution of the stack area and the data area, you might be able to do it. Modulo all those cool tricks that I talked about before. But you still aren't 100% safe. Since pointers to functions can be stored in memory, you are still at risk of a buffer overflow that overwrites one of them that is later jumped to. Just to think of one example. Warner From owner-freebsd-security Mon Feb 10 14:02:04 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id OAA28152 for security-outgoing; Mon, 10 Feb 1997 14:02:04 -0800 (PST) Received: from www.trifecta.com (www.trifecta.com [206.245.150.3]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id OAA28145 for ; Mon, 10 Feb 1997 14:01:59 -0800 (PST) Received: (from dev@localhost) by www.trifecta.com (8.7.5/8.6.12) id RAA07799; Mon, 10 Feb 1997 17:02:56 -0500 (EST) Date: Mon, 10 Feb 1997 17:02:56 -0500 (EST) From: Dev Chanchani To: Warner Losh cc: Marc Slemko , tqbf@enteract.com, freebsd-security@freebsd.org Subject: Re: Don't fulminate, be productive In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Mon, 10 Feb 1997, Warner Losh wrote: > I'd wager that about 95% of the security problems in FreeBSD could > solved by going over the OpenBSD cvs logs carefully and applying > those patches. Theo and co have been very careful in their audits of > their programs. Warner, I would agree, there is much to be learned by diff'ing the openbsd source tree with the freebsd tree. However, I was under the impression that openbsd is more a derivative of netbsd than freebsd. But, I guess most of the utilities would yield interesting diff's. Dev Chanchani From owner-freebsd-security Mon Feb 10 14:02:15 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id OAA28167 for security-outgoing; Mon, 10 Feb 1997 14:02:15 -0800 (PST) Received: from www.trifecta.com (www.trifecta.com [206.245.150.3]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id OAA28125 for ; Mon, 10 Feb 1997 14:01:17 -0800 (PST) Received: (from dev@localhost) by www.trifecta.com (8.7.5/8.6.12) id RAA07786; Mon, 10 Feb 1997 17:01:09 -0500 (EST) Date: Mon, 10 Feb 1997 17:01:09 -0500 (EST) From: Dev Chanchani To: "M.C Wong" cc: security@freebsd.org Subject: Re: Writing buffer overwrite on FreeBSD ? In-Reply-To: <199702101920.OAA24541@fabius.globecomm.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk M.C Wong, The code you are talking about deals with a buffer overflow in syslog. This overflow was fixed a long time ago in Freebsd and your system is probably not vulerable to that particlular overflow anymore. Dev Chanchani On Tue, 11 Feb 1997, M.C Wong wrote: > Dear Sir/Madam, > > With reference to http://www.l0pht.com/advisories/bufero.html, I wonder > if anyone manage to make 2nd cut of the program used in the tutorial > (syslog_test_2.c) throws out a SIGTRAP ? Similarly for the 3rd cut and > the final program which runs smoothly from begining to end and not > causing any error. Am I reading the codes wrongly ? > > I understand the code was originally written on BSDI system but thought > the similarity between it and FreeBSD should exhibit the same bahaviour > when executing the codes. Not! > > Have someone had any experience in writing similar buffer overun test > code that actually works on a FreeBSD box ? > > Appreciate sharing of such information if available. > > Regards, > > M.C Wong > From owner-freebsd-security Mon Feb 10 14:22:35 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id OAA29066 for security-outgoing; Mon, 10 Feb 1997 14:22:35 -0800 (PST) Received: from rover.village.org (rover.village.org [204.144.255.49]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id OAA29058 for ; Mon, 10 Feb 1997 14:22:29 -0800 (PST) Received: from rover.village.org [127.0.0.1] by rover.village.org with esmtp (Exim 0.56 #1) id E0vu479-0005XM-00; Mon, 10 Feb 1997 15:22:19 -0700 To: Dev Chanchani Subject: Re: Don't fulminate, be productive Cc: freebsd-security@freebsd.org In-reply-to: Your message of "Mon, 10 Feb 1997 17:02:56 EST." References: Date: Mon, 10 Feb 1997 15:22:19 -0700 From: Warner Losh Message-Id: Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk In message Dev Chanchani writes: : tree with the freebsd tree. However, I was under the impression that : openbsd is more a derivative of netbsd than freebsd. But, I guess most of : the utilities would yield interesting diff's. So far in my efforts in this area, I've found that there are three types of programs in the FreeBSD: 1) Those in FreeBSD and not in OpenBSD (eg ppp) 2) Those in Both, but with different implementations (yp?) 3) Those that have a common ancestor (most of the system). Most of the programs fall into the 3) cat. These are very easy to merge the diffs. When I talk about the CVS tree, I talk about going to the OpenBSD cvs tree, doing a cvs diff -r 1.3 -r 1.4 -u xxx.c | (cd /usr/FreeBSD/... ; patch -p0) to get the changes into FreeBSD. I'm not diffing the trees, per se. Once I have them applied, I sometimes do a diff to see what, if anything, I missed. I also look at the logs to see all the previous/future fixes that were made to this program and try to batch them up, since OpenBSD's commits tend to not solve all the problems with a given program in a single commit (which is what one generally expects of any software effort). OpenBSD started with the NetBSD tree, then added a lot of the cool stuff from FreeBSD and a lot of their own work. All three systems are more alike than different. However, the differences can be in very important detail cases :-). What is really needed is for someone to do a line by line review of the cat 1 and cat 2 programs, since I'm not looking at them too closely (except for the little work I did on ppp) or at all. Warner From owner-freebsd-security Mon Feb 10 17:27:06 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id RAA01481 for security-outgoing; Mon, 10 Feb 1997 17:27:06 -0800 (PST) Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.2.228.19]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id RAA01476 for ; Mon, 10 Feb 1997 17:27:01 -0800 (PST) Received: (from bde@localhost) by godzilla.zeta.org.au (8.8.3/8.6.9) id MAA28254; Tue, 11 Feb 1997 12:23:40 +1100 Date: Tue, 11 Feb 1997 12:23:40 +1100 From: Bruce Evans Message-Id: <199702110123.MAA28254@godzilla.zeta.org.au> To: dufault@hda.com, roberto@keltia.freenix.fr Subject: Re: buffer overruns Cc: freebsd-security@freebsd.org Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk >Is the stack executable? I've been assuming the exploits modify Yes. >the stack to return to a built up call to "system" or something >else in the library with their own args setup. I've been assuming >that executing data isn't part of modern exploits. It is, at least under FreeBSD and (apparently) under Linux. FreeBSD still uses the 1980'ish method of putting the signal trampoline on the user stack to execute, so the code segment has to extend to nearly the end of the user stack, although the code segment can be completely separate on i386's. In fact, the code segment still extends to the end of the user area (2 user-readable, user-executable pages above the user stack) to support the 1970'ish (:-) method of putting the signal trampoline in the user area. >Has anyone seen modifications to gcc to generate guard bands around >automatics and stack check sequences? The automatics can be checked >when they come into / go out of existence, and stack integrity at >return time. It won't stop the exploits, but it will make them >harder, and you will get "security" dumps from setuid programs if >you require that setuid programs be compiled that way (and linked >against a separate "secure" library compiled that way also). I haven't seen anything. Perhaps something could be hacked into the existing profiling support. I added a -mprofiler-epilogue call to FreeBSD's gcc. It results in calls to a profiling function `mexitcount' before each normal function returns. This would be a good to check the return address and other stuff in the caller's frame. >You could even hack things so that setuid would fail for >"insecure" executables. How about a masks for acceptable syscalls in the kernel and in non-auto storage. Some setuid processes could give up privilege for critical syscalls like exec() and mmap() early and permanently. The user-mode mask would be set when critical functions are called and cleared when the functions return normally. General stack exploits would have difficulties finding the mask. Encrypt the mask to make this harder. Bruce From owner-freebsd-security Mon Feb 10 20:00:19 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id UAA09858 for security-outgoing; Mon, 10 Feb 1997 20:00:19 -0800 (PST) Received: (from mpp@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id UAA09848; Mon, 10 Feb 1997 20:00:07 -0800 (PST) From: Mike Pritchard Message-Id: <199702110400.UAA09848@freefall.freebsd.org> Subject: Re: Don't fulminate, be productive To: imp@village.org (Warner Losh) Date: Mon, 10 Feb 1997 20:00:07 -0800 (PST) Cc: marcs@znep.com, tqbf@enteract.com, freebsd-security@freebsd.org In-Reply-To: from "Warner Losh" at Feb 10, 97 02:15:22 pm X-Mailer: ELM [version 2.4 PL24] Content-Type: text Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Warner Losh wrote: > > In message Marc Slemko writes: > : 90% of security holes are easy to find in stuff like FreeBSD right now. > : When the obvious ones get fixed, it will be more like 90% being hard to > : find. > > I'd wager that about 95% of the security problems in FreeBSD could > solved by going over the OpenBSD cvs logs carefully and applying > those patches. Theo and co have been very careful in their audits of > their programs. > > Warner As a warning to others. I basically blindly committed some security fixes to calendar from OpenBSD without much testing and found out that they didn't work as expected. Your milage may vary. -- Mike Pritchard mpp@FreeBSD.org "Go that way. Really fast. If something gets in your way, turn" From owner-freebsd-security Tue Feb 11 03:05:40 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id DAA14911 for security-outgoing; Tue, 11 Feb 1997 03:05:40 -0800 (PST) Received: from pdx1.world.net (pdx1.world.net [192.243.32.18]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id DAA14872 for ; Tue, 11 Feb 1997 03:04:18 -0800 (PST) From: proff@suburbia.net Received: from suburbia.net (suburbia.net [203.4.184.1]) by pdx1.world.net (8.7.5/8.7.3) with SMTP id DAA22186 for ; Tue, 11 Feb 1997 03:05:02 -0800 (PST) Received: (qmail 4924 invoked by uid 110); 11 Feb 1997 11:03:07 -0000 Message-ID: <19970211110307.4923.qmail@suburbia.net> Subject: Re: Don't fulminate, be productive In-Reply-To: from Dev Chanchani at "Feb 10, 97 05:02:56 pm" To: dev@trifecta.com (Dev Chanchani) Date: Tue, 11 Feb 1997 22:03:06 +1100 (EST) Cc: security@freebsd.org X-Mailer: ELM [version 2.4ME+ PL28 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > On Mon, 10 Feb 1997, Warner Losh wrote: > > > I'd wager that about 95% of the security problems in FreeBSD could > > solved by going over the OpenBSD cvs logs carefully and applying > > those patches. Theo and co have been very careful in their audits of > > their programs. They have, but I prefer to not examine the OpenBSD base until after auditing the FreeBSD base personally, least it give you a false sense of security. I'm not saying Theo et al haven't done a lot of work, but when doing security analysis an uncontaminated perspective is important. Also, I strongly disagree with the egrep 'strcpy|sprintf' etc approach. Line by line code-flow-review is the only way to do it. -- Prof. Julian Assange |If you want to build a ship, don't drum up people |together to collect wood and don't assign them tasks proff@iq.org |and work, but rather teach them to long for the endless proff@gnu.ai.mit.edu |immensity of the sea. -- Antoine de Saint Exupery From owner-freebsd-security Tue Feb 11 18:29:48 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id SAA11464 for security-outgoing; Tue, 11 Feb 1997 18:29:48 -0800 (PST) Received: from postoffice.cso.uiuc.edu (postoffice.cso.uiuc.edu [128.174.5.11]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id SAA11457 for ; Tue, 11 Feb 1997 18:29:43 -0800 (PST) Received: from alecto.physics.uiuc.edu (alecto.physics.uiuc.edu [128.174.83.167]) by postoffice.cso.uiuc.edu (8.8.5/8.8.5) with SMTP id UAA75538 for <@mailhost.uiuc.edu:freebsd-security@freebsd.org>; Tue, 11 Feb 1997 20:29:31 -0600 Received: by alecto.physics.uiuc.edu (940816.SGI.8.6.9/940406.SGI) for freebsd-security@freebsd.org id UAA20055; Tue, 11 Feb 1997 20:26:15 -0600 From: igor@alecto.physics.uiuc.edu (Igor Roshchin) Message-Id: <199702120226.UAA20055@alecto.physics.uiuc.edu> Subject: httpd gets SIGSERV - is it a security problem ? To: freebsd-security@freebsd.org Date: Tue, 11 Feb 1997 20:26:14 -0600 (CST) X-Mailer: ELM [version 2.4 PL24] Content-Type: text Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Hello! Sorry if this should be going to a different maillist or a newsgroup... I see it for a while, that time to time httpd (a forked child) gets some interrupt (often, or even always - 6) and dumps the core. E.g. today I found : Feb 11 18:10:26 kurort /kernel: pid 15919 (httpd), uid 65534: exited on signal 6 (from the syslog) and from the httpd log: [Tue Feb 11 18:10:26 1997] httpd: caught SIGSEGV, dumping core Nothing else... Any idea what it can be ? I was wondering if it can be some security hole ? i am running apache 1.2b6, with 2.1.6.1 (even after 020597) Thanks. IgoR aka StR From owner-freebsd-security Tue Feb 11 22:17:55 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id WAA05441 for security-outgoing; Tue, 11 Feb 1997 22:17:55 -0800 (PST) Received: from scanner.worldgate.com (scanner.worldgate.com [198.161.84.3]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id WAA05414 for ; Tue, 11 Feb 1997 22:17:50 -0800 (PST) Received: from znep.com (uucp@localhost) by scanner.worldgate.com (8.8.5/8.7.3) with UUCP id XAA10242; Tue, 11 Feb 1997 23:17:45 -0700 (MST) Received: from localhost (marcs@localhost) by alive.ampr.ab.ca (8.7.5/8.7.3) with SMTP id XAA02393; Tue, 11 Feb 1997 23:18:29 -0700 (MST) Date: Tue, 11 Feb 1997 23:18:29 -0700 (MST) From: Marc Slemko X-Sender: marcs@alive.ampr.ab.ca To: Igor Roshchin cc: freebsd-security@freebsd.org Subject: Re: httpd gets SIGSERV - is it a security problem ? In-Reply-To: <199702120226.UAA20055@alecto.physics.uiuc.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Possibly a security hole, but probably not. All the message means is that Apache tried to write memory where it shouldn't. It _is_ a bug in Apache. Where is it? If I knew that I would fix it. If someone can control the data that is placed in the memory which is overwritten, it is possible that it could be a security risk. Most likely, it is simply a bug. If this is repeatable (even if it is just at random intervals) and you are willing to spend a bit of time, mail me and I will walk you through debugging where it is happening so we can get a fix in place if it hasn't already been fixed. If you were running anything before 1.2b6 it would be more likely that it could be a security hole. I did a line by line review of the source tree which resulted in a large number of changes in 1.2b6 to improve security, including adding Apache's own snprintf function to use (portability issues; many platforms don't have snprintf). All or close to all of the obvious holes in the Apache source tree were fixed. I have no doubt that some remain, but I can now say with confidence that Apache is a lot better in this regards than many other servers. Note that a security hole would almost certainly only result in compromising the account of the user that you run Apache as, not root, assuming you follow several practices. I will assume that Apache runs as httpd and that you start Apache from root: - don't ever make the Apache binary owned by or writeable by httpd. - do not make any directory where Apache writes log files writable by anyone other than someone you trust to have root. Most of them should NOT be writable by httpd; the exceptions are ones that Apache opens on the fly while running as httpd. - if you send logs to a program (eg. 'TransferLog |/bin/foobar') be aware that the program runs as root. If anyone ever finds a reason to suspect a security hole in Apache, I encourage you to mail me either at this address or at marc@apache.org with the details. On Tue, 11 Feb 1997, Igor Roshchin wrote: > > Hello! > > Sorry if this should be going to a different maillist or > a newsgroup... > I see it for a while, that time to time httpd (a forked child) > gets some interrupt (often, or even always - 6) and dumps the core. > > E.g. today I found : > Feb 11 18:10:26 kurort /kernel: pid 15919 (httpd), uid 65534: exited on signal 6 > (from the syslog) > and from the httpd log: > > [Tue Feb 11 18:10:26 1997] httpd: caught SIGSEGV, dumping core > > Nothing else... > > Any idea what it can be ? > I was wondering if it can be some security hole ? > > i am running apache 1.2b6, > with 2.1.6.1 (even after 020597) > > Thanks. > > IgoR > aka StR > From owner-freebsd-security Wed Feb 12 01:51:15 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id BAA19092 for security-outgoing; Wed, 12 Feb 1997 01:51:15 -0800 (PST) Received: from mailserv.tversu.ac.ru (root@mailserv.tversu.ac.ru [193.233.128.3]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id BAA19084 for ; Wed, 12 Feb 1997 01:51:03 -0800 (PST) Received: from localhost (vadim@localhost) by mailserv.tversu.ac.ru (8.6.12/8.6.12) with SMTP id MAA19096 for ; Wed, 12 Feb 1997 12:51:56 +0300 Date: Wed, 12 Feb 1997 12:51:56 +0300 (MSK) From: Vadim Kolontsov To: freebsd-security@freebsd.org Subject: new bugs with strcpy() Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Hello, Today morning I've take a look to some freebsd sources... It looks like we have many potential holes in source tree (it takes only 15 minutes to find them) For example, tftpd: ====== int validate_access(char **filep, intmode) { . . . static char pathname[MAXPATHLEN]; char *filename = *filep; . . . sprintf(pathname, "%s/%s", dirp->name, filename); . . . } (of course, tftpd runs as nobody by default, but when you'll get access to the system you can use another exploit...) libmytinfo: =========== void _tcapconv() { char buf[MAX_LINE+1]; . . . s = strcpy(buf, other_non_function_keys); . . . } (other_non_function_keys is "ok=" entry in termcap; remember, that you can have your own ~username/.termcap!) It looks that we need to check whole source tree carefully.. Or at least apply patches to libc's strcpy() that checks stack frame. Best regards, Vadim. -------------------------------------------------------------------------- Vadim Kolontsov SysAdm/Programmer Tver Regional Center of New Information Technologies Networks Lab From owner-freebsd-security Wed Feb 12 08:07:03 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id IAA06986 for security-outgoing; Wed, 12 Feb 1997 08:07:03 -0800 (PST) Received: from zwei.siemens.at (zwei.siemens.at [193.81.246.12]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id IAA06965 for ; Wed, 12 Feb 1997 08:06:52 -0800 (PST) Received: from sol1.gud.siemens.co.at (root@[10.1.143.100]) by zwei.siemens.at (8.7.5/8.7.3) with SMTP id RAA04515 for ; Wed, 12 Feb 1997 17:07:26 +0100 (MET) Received: from ws2301.gud.siemens.co.at by sol1.gud.siemens.co.at with smtp (Smail3.1.28.1 #7 for ) id m0vuhBl-00021hC; Wed, 12 Feb 97 17:05 MET Received: by ws2301.gud.siemens.co.at (1.37.109.16/1.37) id AA076933342; Wed, 12 Feb 1997 17:02:22 +0100 From: "Hr.Ladavac" Message-Id: <199702121602.AA076933342@ws2301.gud.siemens.co.at> Subject: Raw partition access rights To: freebsd-security@freebsd.org Date: Wed, 12 Feb 1997 17:02:22 +0100 (MEZ) X-Mailer: ELM [version 2.4 PL24 ME8a] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Hi all, it just occured to me, maybe it's an idiocy, but it might work on some boxes. I did not try it on FreeBSD. Assume there is a volume which is not mounted -nodev. Assume I create a device node for a raw disk partition. Assume that I give this node read and write permissions for me. Assume that I have a hacked fsck which can change metadata for chosen files on a partition it can read and write. Metadata such as owner, group, mode bits. Since I have just created a device special file, I should be able to open this raw partition for read and write. I then let my fsck loose. You are screwed. Tell me this is impossible. Please :) /Marino From owner-freebsd-security Wed Feb 12 10:47:07 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id KAA19197 for security-outgoing; Wed, 12 Feb 1997 10:47:07 -0800 (PST) Received: from hydrogen.nike.efn.org (resnet.uoregon.edu [128.223.170.28]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id KAA19158 for ; Wed, 12 Feb 1997 10:46:28 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hydrogen.nike.efn.org (8.8.4/8.8.4) with SMTP id KAA21046; Wed, 12 Feb 1997 10:45:57 -0800 (PST) Date: Wed, 12 Feb 1997 10:45:57 -0800 (PST) From: John-Mark Gurney Reply-To: John-Mark Gurney To: "Hr.Ladavac" cc: freebsd-security@freebsd.org Subject: Re: Raw partition access rights In-Reply-To: <199702121602.AA076933342@ws2301.gud.siemens.co.at> Message-ID: X-PGP-Fingerprint: B7 EC EF F8 AE ED A7 31 96 7A 22 B3 D8 56 36 F4 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Wed, 12 Feb 1997, Hr.Ladavac wrote: > Hi all, > > it just occured to me, maybe it's an idiocy, but it might work on > some boxes. I did not try it on FreeBSD. > > Assume there is a volume which is not mounted -nodev. > Assume I create a device node for a raw disk partition. > Assume that I give this node read and write permissions for me. > Assume that I have a hacked fsck which can change metadata for chosen > files on a partition it can read and write. Metadata such as owner, > group, mode bits. > > Since I have just created a device special file, I should be able to open > this raw partition for read and write. I then let my fsck loose. You are > screwed. yes.. this is possible... > Tell me this is impossible. Please :) well.. you told us to assume that you created the node file... :) but under freebsd non-root users can't create node files... so it doesn't work under freebsd.. for more info see mknod(2)... ttyl... John-Mark gurney_j@efn.org http://resnet.uoregon.edu/~gurney_j/ Modem/FAX: (541) 683-6954 (FreeBSD Box) Live in Peace, destroy Micro$oft, support free software, run FreeBSD (unix) From owner-freebsd-security Wed Feb 12 11:19:05 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id LAA21056 for security-outgoing; Wed, 12 Feb 1997 11:19:05 -0800 (PST) Received: from fireball.blast.net (fireball.blast.net [204.141.163.53]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id LAA21051 for ; Wed, 12 Feb 1997 11:19:03 -0800 (PST) Received: from flashpoint.blast.net (flashpoint.blast.net [204.141.163.62]) by fireball.blast.net (8.8.5/8.8.5) with ESMTP id OAA05159 for ; Wed, 12 Feb 1997 14:21:18 -0500 (EST) Message-Id: <199702121921.OAA05159@fireball.blast.net> From: "Patrick McPartland" To: Subject: security programs Date: Wed, 12 Feb 1997 14:19:09 -0500 X-MSMail-Priority: Normal X-Priority: 3 X-Mailer: Microsoft Internet Mail 4.70.1155 MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Hello, Are there other security packages like cops104 for FreeBSD. Tiger? Pat ********************************************************** Patrick McPartland Research Engineer mcp@blast.net Mark A. Fry & Associates voice: 908-534-5881 Home of BLASTNET fax: 908-534-6928 URL: http://www.blast.net ********************************************************** From owner-freebsd-security Wed Feb 12 13:34:57 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id NAA27266 for security-outgoing; Wed, 12 Feb 1997 13:34:57 -0800 (PST) Received: from dns.pinpt.com (dns.pinpt.com [205.179.195.1]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id NAA27260 for ; Wed, 12 Feb 1997 13:34:52 -0800 (PST) Received: from journeyman (gatemaster.pinpt.com [205.179.195.65]) by dns.pinpt.com (8.6.12/8.6.12) with SMTP id NAA13618; Wed, 12 Feb 1997 13:33:28 -0800 Date: Wed, 12 Feb 97 13:33:22 Pacific Standard Time From: "Sean J. Schluntz" Subject: Re: security programs To: freebsd-security@freebsd.org, Patrick McPartland X-Mailer: Chameleon ATX 6.0, Standards Based IntraNet Solutions, NetManage Inc. X-Priority: 3 (Normal) References: <199702121921.OAA05159@fireball.blast.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk --- On Wed, 12 Feb 1997 14:19:09 -0500 Patrick McPartland wrote: > Hello, > Are there other security packages like cops104 for FreeBSD. Tiger? ---------------End of Original Message----------------- I've used Cops and Satan to hit my network looking for holes. If there are any other packages to try I would like to hear as well! -Sean ---------------------------------------------------------------------- Sean J. Schluntz Manager, Support Services ph. 408.997.6900 x222 PinPoint Software Corporation fx. 408.323.2300 6155 Almaden Expressway, Suite 100 San Jose, CA. 95120 http://www.pinpt.com/ Local Time Sent: 02/12/97 13:33:22 ---------------------------------------------------------------------- From owner-freebsd-security Wed Feb 12 13:47:28 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id NAA28092 for security-outgoing; Wed, 12 Feb 1997 13:47:28 -0800 (PST) Received: from fireball.blast.net (fireball.blast.net [204.141.163.53]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id NAA28076 for ; Wed, 12 Feb 1997 13:47:14 -0800 (PST) Received: from flashpoint.blast.net (flashpoint.blast.net [204.141.163.62]) by fireball.blast.net (8.8.5/8.8.5) with ESMTP id QAA13309 for ; Wed, 12 Feb 1997 16:49:29 -0500 (EST) Message-Id: <199702122149.QAA13309@fireball.blast.net> From: "Patrick McPartland" To: Subject: security consulting Date: Wed, 12 Feb 1997 16:47:22 -0500 X-MSMail-Priority: Normal X-Priority: 3 X-Mailer: Microsoft Internet Mail 4.70.1155 MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Please recommend so security people available for network security consulting and building. pat mcp@blast.net From owner-freebsd-security Wed Feb 12 14:32:17 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id OAA00288 for security-outgoing; Wed, 12 Feb 1997 14:32:17 -0800 (PST) Received: from mexico.brainstorm.eu.org (root@mexico.brainstorm.fr [193.56.58.253]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id OAA00194 for ; Wed, 12 Feb 1997 14:31:58 -0800 (PST) Received: from brasil.brainstorm.eu.org (brasil.brainstorm.fr [193.56.58.33]) by mexico.brainstorm.eu.org (8.8.4/8.8.4) with ESMTP id XAA02331 for ; Wed, 12 Feb 1997 23:31:51 +0100 Received: (from uucp@localhost) by brasil.brainstorm.eu.org (8.8.4/8.6.12) with UUCP id XAA32743 for freebsd-security@FreeBSD.org; Wed, 12 Feb 1997 23:31:32 +0100 Received: (from roberto@localhost) by keltia.freenix.fr (8.8.5/keltia-uucp-2.9) id XAA12653; Wed, 12 Feb 1997 23:18:25 +0100 (CET) Message-ID: <19970212231824.WG64502@keltia.freenix.fr> Date: Wed, 12 Feb 1997 23:18:24 +0100 From: roberto@keltia.freenix.fr (Ollivier Robert) To: freebsd-security@FreeBSD.org Subject: Re: Raw partition access rights References: <199702121602.AA076933342@ws2301.gud.siemens.co.at> X-Mailer: Mutt 0.60,1-3,9 Mime-Version: 1.0 X-Operating-System: FreeBSD 3.0-CURRENT ctm#2999 In-Reply-To: <199702121602.AA076933342@ws2301.gud.siemens.co.at>; from Hr.Ladavac on Feb 12, 1997 17:02:22 +0100 Sender: owner-security@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk According to Hr.Ladavac: > Tell me this is impossible. Please :) Special files like block/character devices creation is restricted to root. See mknod(2) Mknod() requires super-user privileges. -- Ollivier ROBERT -=- The daemon is FREE! -=- roberto@keltia.freenix.fr FreeBSD keltia.freenix.fr 3.0-CURRENT #39: Sun Feb 2 22:12:44 CET 1997 From owner-freebsd-security Thu Feb 13 00:34:02 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id AAA26637 for security-outgoing; Thu, 13 Feb 1997 00:34:02 -0800 (PST) Received: from minor.stranger.com (stranger.vip.best.com [204.156.129.250]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id AAA26627 for ; Thu, 13 Feb 1997 00:33:57 -0800 (PST) Received: from dog.farm.org (dog.farm.org [207.111.140.47]) by minor.stranger.com (8.6.12/8.6.12) with ESMTP id AAA22875; Thu, 13 Feb 1997 00:44:54 -0800 Received: (from dk@localhost) by dog.farm.org (8.7.5/dk#3) id AAA05430; Thu, 13 Feb 1997 00:36:23 -0800 (PST) Date: Thu, 13 Feb 1997 00:36:23 -0800 (PST) From: Dmitry Kohmanyuk Message-Id: <199702130836.AAA05430@dog.farm.org> To: dev@trifecta.com (Dev Chanchani) Cc: freebsd-security@freebsd.org Subject: Re: 2.1.7 Newsgroups: cs-monolit.gated.lists.freebsd.security Organization: FARM Computing Association Reply-To: dk+@ua.net X-Newsreader: TIN [version 1.2 PL2] Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk In article you wrote: > > The real problem is with what crt0 calls - _startup_setlocale() in libc, > > which does a getenv of PATH_LOCALE and copies it to a stack buffer without > > bounds checking. I removed the getenv call from the libc code, so this attack > > simply doesn't exist anymore. Anything that is built shared/dynamic will > > get the new libc and thus will no longer be vulnerable. > I was under the impression that re-building libc would not work because > such utilities as ping, at, etc are built statically, thus having the > buggy code in the utilities. Hmm, I have just thought about the following: in / fs: /bin -> /usr/bin /sbin -> /usr/sbin then: / fs has /usr with statically-linked /usr/bin and /usr/sbin /usr fs has /usr/bin and /usr/sbin with dynamically-linked versions of the same utilities. this has the advantage of all binaries using dynamic libs when running multiuser. The space overhead should be pretty small, and changes to source tree pretty simple... Can be a bit tricky to install, though. (and doesn't work for those who don't have /usr mounted separately.) (btw, on my recently compiled 2.2 system, there is /usr/sbin/rtquery (dynamic) and /sbin/rtquery (static), /usr/sbin/routed (dynamic) and /sbin/routed (static), /usr/sbin/ipftest and /sbin/ipftest (both dynamic). ) opinions? -- "Reality is a poor escapism for people who cannot handle roleplaying" -- toriver@pvv.unit.no (Tor Iver Wilhelmsen) From owner-freebsd-security Thu Feb 13 14:43:50 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id OAA14878 for security-outgoing; Thu, 13 Feb 1997 14:43:50 -0800 (PST) Received: from profane.iq.org (profane.iq.org [203.4.184.217]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id OAA14780 for ; Thu, 13 Feb 1997 14:43:23 -0800 (PST) Received: (from proff@localhost) by profane.iq.org (8.8.4/8.8.2) id JAA00545; Fri, 14 Feb 1997 09:37:31 +1100 (EST) From: Julian Assange Message-Id: <199702132237.JAA00545@profane.iq.org> Subject: trusting dns addresses In-Reply-To: <330334BD.41C67EA6@village.org> from Warner Losh at "Feb 13, 97 08:35:25 am" To: imp@village.org (Warner Losh) Date: Fri, 14 Feb 1997 09:37:31 +1100 (EST) Cc: security@freebsd.org X-Mailer: ELM [version 2.4ME+ PL28 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > If you can't trust your resolver, then you are likely going to have a > lot of problems all over the system. Not if you have applied all of my patches. > This attack requires there to be a bug in the resolver in order to even > have a chance of succeeding. If that were the case, better to fix the > resolver than to fix all places in the source tree where it returns > data. I strongly disagree with this view. The problem should be fixed in both places. Trusting a protocol independent resolver to always return 4 byte addresses is nothing but bad programming. In fact, at the moment, despite the additional length checks, it can return 16 byte ipv6 addresses. No doubt as other protocols are added in the future we will see other lengths. I don't trust the resolver code, and I don't trust that even if is trust-worthy now (which it isn't due to ipv6 addresses), that it will be trust-worthy tomorrow. Further, the whole idea on having a BSD-style copyright on the sources is to encourage spread of the source code to other areas. This spread may well occur without the latest allegedly trust-worthy resolver library. It's bad. Its shoddy. It is a security hole now and likely one into the future and across domains. It breaks encapsulation. It needs be addressed. -- Prof. Julian Assange |If you want to build a ship, don't drum up people |together to collect wood and don't assign them tasks proff@iq.org |and work, but rather teach them to long for the endless proff@gnu.ai.mit.edu |immensity of the sea. -- Antoine de Saint Exupery From owner-freebsd-security Thu Feb 13 15:04:53 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id PAA16723 for security-outgoing; Thu, 13 Feb 1997 15:04:53 -0800 (PST) Received: from rover.village.org (rover.village.org [204.144.255.49]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id PAA16716 for ; Thu, 13 Feb 1997 15:04:48 -0800 (PST) Received: from rover.village.org [127.0.0.1] by rover.village.org with esmtp (Exim 0.56 #1) id E0vvABU-0001Vm-00; Thu, 13 Feb 1997 16:03:20 -0700 To: Julian Assange Subject: Re: trusting dns addresses Cc: security@freebsd.org In-reply-to: Your message of "Fri, 14 Feb 1997 09:37:31 +1100." <199702132237.JAA00545@profane.iq.org> References: <199702132237.JAA00545@profane.iq.org> Date: Thu, 13 Feb 1997 16:03:20 -0700 From: Warner Losh Message-Id: Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk In message <199702132237.JAA00545@profane.iq.org> Julian Assange writes: : > This attack requires there to be a bug in the resolver in order to even : > have a chance of succeeding. If that were the case, better to fix the : > resolver than to fix all places in the source tree where it returns : > data. : : I strongly disagree with this view. The problem should be fixed in : both places. Trusting a protocol independent resolver to always : return 4 byte addresses is nothing but bad programming. In fact, at : the moment, despite the additional length checks, it can return 16 byte : ipv6 addresses. No doubt as other protocols are added in the future : we will see other lengths. This was the point that I missed. I didn't think it was possible to have anything but a 4 byte quantity in an A record which is returned. Are you saying that gethostbyname will return AA records as well as A records? Wow, that sounds like a bug to me. However, that's the sort of thing that attackers might take advantage of... : It's bad. Its shoddy. It is a security hole now and likely one into : the future and across domains. It breaks encapsulation. It needs : be addressed. This is more of a defensive programming issue rather than a known hole exploit fix. the current sockaddr_in structure has 8 bytes of padding on the end, which will cause at most 4 extra bytes to be written outside of the buffer. I have trouble seeing how one would exploit that. Wouldn't be be better to issue a diagnostic and halt (for programs) or return -1/NULL (for libs) than to truncate the reply and keep going? In any event, it is sloppy and wouldn't hurt to fix, especially given the patches that you've submitted. Warner From owner-freebsd-security Thu Feb 13 22:59:04 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id WAA12509 for security-outgoing; Thu, 13 Feb 1997 22:59:04 -0800 (PST) Received: from agora.rdrop.com (root@agora.rdrop.com [199.2.210.241]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id WAA12493 for ; Thu, 13 Feb 1997 22:59:01 -0800 (PST) Received: from rover.village.org by agora.rdrop.com with smtp (Smail3.1.29.1 #17) id m0vvHbi-00092AC; Thu, 13 Feb 97 22:58 PST Received: from rover.village.org [127.0.0.1] by rover.village.org with esmtp (Exim 0.56 #1) id E0vvHbl-00026f-00; Thu, 13 Feb 1997 23:58:57 -0700 To: security@freebsd.org Subject: blowfish passwords in FreeBSD Date: Thu, 13 Feb 1997 23:58:56 -0700 From: Warner Losh Message-Id: Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk OpenBSD just committed a new encryption method using blowfish. This has a much larger salt space as well as a much harder to break encryption scheme. Preliminary indications are that it looks really good. They implemented this much like md5, but with its own code. I think we should bring this into FreeBSD. What do others think? Warner From owner-freebsd-security Fri Feb 14 00:10:05 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id AAA16883 for security-outgoing; Fri, 14 Feb 1997 00:10:05 -0800 (PST) Received: from main.gbdata.com ([207.113.12.23]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id AAA16855 for ; Fri, 14 Feb 1997 00:09:57 -0800 (PST) Received: (from gclarkii@localhost) by main.gbdata.com (8.8.5/8.6.9) id CAA26293; Fri, 14 Feb 1997 02:11:23 -0600 (CST) From: Gary Clark II Message-Id: <199702140811.CAA26293@main.gbdata.com> Subject: Re: blowfish passwords in FreeBSD To: imp@village.org (Warner Losh) Date: Fri, 14 Feb 1997 02:11:22 -0600 (CST) Cc: security@freebsd.org In-Reply-To: from Warner Losh at "Feb 13, 97 11:58:56 pm" X-Mailer: ELM [version 2.4ME+ PL22 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Warner Losh wrote: > > OpenBSD just committed a new encryption method using blowfish. This > has a much larger salt space as well as a much harder to break > encryption scheme. Preliminary indications are that it looks really > good. They implemented this much like md5, but with its own code. > > I think we should bring this into FreeBSD. What do others think? > > Warner > Warner, Did they post the location of any white papers? I'd like to read about it. Gary -- Gary Clark II (N5VMF) | I speak only for myself and "maybe" my company gclarkii@GBData.COM | Member of the FreeBSD Doc Team Providing Internet and ISP startups mail info@GBData.COM for information FreeBSD FAQ at ftp://ftp.FreeBSD.ORG/pub/FreeBSD/docs/freebsd-faq.ascii From owner-freebsd-security Fri Feb 14 00:49:27 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id AAA18883 for security-outgoing; Fri, 14 Feb 1997 00:49:27 -0800 (PST) Received: from bofh.cybercity.dk (relay.cybercity.dk [195.8.128.254]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id AAA18876 for ; Fri, 14 Feb 1997 00:49:24 -0800 (PST) Received: from critter.dk.tfs.com ([140.145.230.252]) by bofh.cybercity.dk (8.8.3/8.7.3) with ESMTP id JAA09014; Fri, 14 Feb 1997 09:51:44 +0100 (MET) Received: from critter.dk.tfs.com (localhost [127.0.0.1]) by critter.dk.tfs.com (8.8.2/8.8.2) with ESMTP id JAA08678; Fri, 14 Feb 1997 09:50:43 +0100 (MET) To: Warner Losh cc: security@FreeBSD.ORG Subject: Re: blowfish passwords in FreeBSD In-reply-to: Your message of "Thu, 13 Feb 1997 23:58:56 MST." Date: Fri, 14 Feb 1997 09:50:43 +0100 Message-ID: <8676.855910243@critter.dk.tfs.com> From: Poul-Henning Kamp Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk In message , Warner Losh writes: > >OpenBSD just committed a new encryption method using blowfish. This >has a much larger salt space as well as a much harder to break >encryption scheme. Preliminary indications are that it looks really >good. They implemented this much like md5, but with its own code. > >I think we should bring this into FreeBSD. What do others think? We already have a submission for SSH (?) passwords in a PR, they should be merged and documented. -- Poul-Henning Kamp | phk@FreeBSD.ORG FreeBSD Core-team. http://www.freebsd.org/~phk | phk@login.dknet.dk Private mailbox. whois: [PHK] | phk@tfs.com TRW Financial Systems, Inc. Power and ignorance is a disgusting cocktail. From owner-freebsd-security Fri Feb 14 01:14:56 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id BAA20466 for security-outgoing; Fri, 14 Feb 1997 01:14:56 -0800 (PST) Received: from gw-nl1.philips.com (gw-nl1.philips.com [192.68.44.33]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id BAA20457 for ; Fri, 14 Feb 1997 01:14:52 -0800 (PST) Received: (from nobody@localhost) by gw-nl1.philips.com (8.6.10/8.6.10-0.994n-08Nov95) id KAA00126; Fri, 14 Feb 1997 10:14:32 +0100 Received: from unknown(130.139.36.3) by gw-nl1.philips.com via smap (V1.3+ESMTP) with ESMTP id sma029913; Fri Feb 14 10:13:51 1997 Received: from bsd.lss.cp.philips.com (bsd.lss.cp.philips.com [130.144.199.33]) by smtprelay.nl.cis.philips.com (8.6.10/8.6.10-1.2.1m-970131) with SMTP id KAA04596; Fri, 14 Feb 1997 10:13:50 +0100 Received: by bsd.lss.cp.philips.com (8.8.3/1.63) id KAA25549; Fri, 14 Feb 1997 10:13:49 +0100 (MET) From: Guido.vanRooij@nl.cis.philips.com (Guido van Rooij) Message-Id: <199702140913.KAA25549@bsd.lss.cp.philips.com> Subject: Re: blowfish passwords in FreeBSD To: imp@village.org (Warner Losh) Date: Fri, 14 Feb 1997 10:13:49 +0100 (MET) Cc: security@FreeBSD.org In-Reply-To: from Warner Losh at "Feb 13, 97 11:58:56 pm" X-Mailer: ELM [version 2.4ME+ PL22 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk Warner Losh wrote: > > OpenBSD just committed a new encryption method using blowfish. This > has a much larger salt space as well as a much harder to break > encryption scheme. Preliminary indications are that it looks really > good. They implemented this much like md5, but with its own code. > > I think we should bring this into FreeBSD. What do others think? It depends. I would very much like it to be compatible with the OpenBSD stuff. Did they adapt the $$ scheme and allocate a new number? Further, I think we should not adapt to every new password scheme around. It would make the password system unecessarily complex as we will have to support every scheme simultaneously. So perhaps first a close look at the new stuff should be taken. -Guido From owner-freebsd-security Fri Feb 14 02:18:24 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id CAA23200 for security-outgoing; Fri, 14 Feb 1997 02:18:24 -0800 (PST) Received: from alcatel.fr (mail.alcatel.fr [194.133.58.131]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id CAA23195 for ; Fri, 14 Feb 1997 02:18:18 -0800 (PST) Received: from alcatel.fr (gatekeeper-ssn.alcatel.fr [155.132.180.244]) by mailgate.alcatel.fr (8.8.5/8.8.5) with ESMTP id MAA03627; Fri, 14 Feb 1997 12:22:55 +0100 Received: from dnscit.cit.alcatel.fr (dnscit.cit.alcatel.fr [139.54.100.2]) by nsfhh5.alcatel.fr (8.7.3/8.7.3) with SMTP id LAA28567; Fri, 14 Feb 1997 11:17:45 +0100 (MET) Received: from dnsvz.vz.cit.alcatel.fr by dnscit.cit.alcatel.fr (SMI-8.6/SMI-SVR4) id LAA04859; Fri, 14 Feb 1997 11:19:57 +0100 Received: from bcv64s3e.vz.cit.alcatel.fr by dnsvz.vz.cit.alcatel.fr (SMI-8.6/SMI-SVR4) id LAA00207; Fri, 14 Feb 1997 11:03:53 +0100 Received: from bcv64wc1.velizy by bcv64s3e.vz.cit.alcatel.fr (SMI-8.6/SMI-SVR4) id LAA20635; Fri, 14 Feb 1997 11:16:09 +0100 From: luc.lewy@vz.cit.alcatel.fr (Luc.LEWY) Message-Id: <199702141016.LAA20635@bcv64s3e.vz.cit.alcatel.fr> Subject: Re: blowfish passwords in FreeBSD To: gclarkii@main.gbdata.com (Gary Clark II) Date: Fri, 14 Feb 1997 11:16:09 +0100 (MET) Cc: imp@village.org, security@FreeBSD.ORG In-Reply-To: <199702140811.CAA26293@main.gbdata.com> from "Gary Clark II" at Feb 14, 97 02:11:22 am MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Gary Clark II wrote: > > Did they post the location of any white papers? I'd like to read about > it. mm.. DrDobbs Journal write a very good article on this subject few years ago.. I'll post its reference when I'll find it again.. > Gary fifi... -- Guezou "fifi..." Philippe email: guezou_p@epita.fr pguezou@iway.fr luc.lewy@vz.cit.alcatel.fr From owner-freebsd-security Fri Feb 14 03:14:47 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id DAA26914 for security-outgoing; Fri, 14 Feb 1997 03:14:47 -0800 (PST) Received: from gadget.nla.gov.au (gadget.nla.gov.au [203.4.201.52]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id DAA26907 for ; Fri, 14 Feb 1997 03:14:44 -0800 (PST) Received: from localhost (cmakin@localhost) by gadget.nla.gov.au (8.8.4/8.8.4) with SMTP id WAA28875 for ; Fri, 14 Feb 1997 22:14:38 +1100 (EST) X-Authentication-Warning: gadget.nla.gov.au: cmakin owned process doing -bs Date: Fri, 14 Feb 1997 22:14:38 +1100 (EST) From: Carl Makin To: security@freebsd.org Subject: Re: blowfish passwords in FreeBSD In-Reply-To: <199702140913.KAA25549@bsd.lss.cp.philips.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Fri, 14 Feb 1997, Guido van Rooij wrote: > Warner Losh wrote: > > OpenBSD just committed a new encryption method using blowfish. This > > has a much larger salt space as well as a much harder to break > Further, I think we should not adapt to every new password scheme around. Along this topic, has anyone looked at Sunsoft's "PAM" (Pluggable Authentication Modules). RedHat Linux 4.1 has an implementation. PAM looks like it has the possibility of supporting these schemes reasonably cheaply. Carl. -- Carl Makin (VK1KCM) C.Makin@nla.gov.au 'Work +61 6 262 1576' "Speaking for myself only!" 'If you want to make your spouse pay attention to what you say... Talk in your sleep!' From owner-freebsd-security Fri Feb 14 03:55:16 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id DAA28167 for security-outgoing; Fri, 14 Feb 1997 03:55:16 -0800 (PST) Received: from agora.rdrop.com (root@agora.rdrop.com [199.2.210.241]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id DAA28143 for ; Fri, 14 Feb 1997 03:55:12 -0800 (PST) Received: from rover.village.org by agora.rdrop.com with smtp (Smail3.1.29.1 #17) id m0vvHXz-000924C; Thu, 13 Feb 97 22:55 PST Received: from rover.village.org [127.0.0.1] by rover.village.org with esmtp (Exim 0.56 #1) id E0vvHTv-000254-00; Thu, 13 Feb 1997 23:50:51 -0700 To: Vadim Kolontsov Subject: Re: new bugs with strcpy() Cc: freebsd-security@freebsd.org In-reply-to: Your message of "Wed, 12 Feb 1997 12:51:56 +0300." References: Date: Thu, 13 Feb 1997 23:50:51 -0700 From: Warner Losh Message-Id: Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk In message Vadim Kolontsov writes: : For example, : static char pathname[MAXPATHLEN]; : sprintf(pathname, "%s/%s", dirp->name, filename); : } : : (of course, tftpd runs as nobody by default, but when you'll get : access to the system you can use another exploit...) And you are overflowing a static buffer which is *MUCH* harder to exploit than the stack overflows that we've read so much about. None the less, I'll be committing a fix for this at some point soon. Can't be too careful :-) : It looks that we need to check whole source tree carefully.. : Or at least apply patches to libc's strcpy() that checks stack frame. Yes. That's true. Such an effort is going on. Thanks for pointing out possible problems... Warner From owner-freebsd-security Fri Feb 14 07:25:52 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id HAA10826 for security-outgoing; Fri, 14 Feb 1997 07:25:52 -0800 (PST) Received: from rover.village.org (rover.village.org [204.144.255.49]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id HAA10813 for ; Fri, 14 Feb 1997 07:25:44 -0800 (PST) Received: from rover.village.org [127.0.0.1] by rover.village.org with esmtp (Exim 0.56 #1) id E0vvPVi-0002e9-00; Fri, 14 Feb 1997 08:25:14 -0700 To: Gary Clark II Subject: Re: blowfish passwords in FreeBSD Cc: security@freebsd.org In-reply-to: Your message of "Fri, 14 Feb 1997 02:11:22 CST." <199702140811.CAA26293@main.gbdata.com> References: <199702140811.CAA26293@main.gbdata.com> Date: Fri, 14 Feb 1997 08:25:14 -0700 From: Warner Losh Message-Id: Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk In message <199702140811.CAA26293@main.gbdata.com> Gary Clark II writes: : Did they post the location of any white papers? I'd like to read about : it. I've not seen any, but The Applied Cryptography book has the description of the encryption technique in it. Warner From owner-freebsd-security Fri Feb 14 07:28:54 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id HAA10989 for security-outgoing; Fri, 14 Feb 1997 07:28:54 -0800 (PST) Received: from rover.village.org (rover.village.org [204.144.255.49]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id HAA10982 for ; Fri, 14 Feb 1997 07:28:50 -0800 (PST) Received: from rover.village.org [127.0.0.1] by rover.village.org with esmtp (Exim 0.56 #1) id E0vvPYw-0002eL-00; Fri, 14 Feb 1997 08:28:34 -0700 To: Guido.vanRooij@nl.cis.philips.com (Guido van Rooij) Subject: Re: blowfish passwords in FreeBSD Cc: security@freebsd.org In-reply-to: Your message of "Fri, 14 Feb 1997 10:13:49 +0100." <199702140913.KAA25549@bsd.lss.cp.philips.com> References: <199702140913.KAA25549@bsd.lss.cp.philips.com> Date: Fri, 14 Feb 1997 08:28:34 -0700 From: Warner Losh Message-Id: Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk In message <199702140913.KAA25549@bsd.lss.cp.philips.com> Guido van Rooij writes: : It depends. I would very much like it to be compatible with the : OpenBSD stuff. Did they adapt the $$ scheme and allocate a new number? Yes. They are using $2$. : Further, I think we should not adapt to every new password scheme around. : It would make the password system unecessarily complex as we will : have to support every scheme simultaneously. So perhaps first a close : look at the new stuff should be taken. I agree with that statement. However, with people breaking 40 and 48 bit keys in under three weeks now by brute force, a stronger password scheme is needed. I think that this is just such a scheme. I also agree that we should take a close look at this stuff with an eye towards merging it in. The need currently isn't urgent to bring this in, so it can wait a few days/weeks while the code review goes on. Warner From owner-freebsd-security Fri Feb 14 07:49:09 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id HAA12080 for security-outgoing; Fri, 14 Feb 1997 07:49:09 -0800 (PST) Received: from labs.usn.blaze.net.au (labs.usn.blaze.net.au [203.17.53.30]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id HAA12072 for ; Fri, 14 Feb 1997 07:49:02 -0800 (PST) Received: (from davidn@localhost) by labs.usn.blaze.net.au (8.8.5/8.8.5) id CAA19987; Sat, 15 Feb 1997 02:48:33 +1100 (EST) Message-ID: <19970215024833.30067@usn.blaze.net.au> Date: Sat, 15 Feb 1997 02:48:33 +1100 From: David Nugent To: Warner Losh Cc: security@FreeBSD.ORG Subject: Re: blowfish passwords in FreeBSD References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.61 In-Reply-To: ; from Warner Losh on Feb 02, 1997 at 11:58:56PM Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Feb 02, 1997 at 11:58:56PM, Warner Losh wrote: > OpenBSD just committed a new encryption method using blowfish. This > has a much larger salt space as well as a much harder to break > encryption scheme. Preliminary indications are that it looks really > good. They implemented this much like md5, but with its own code. > > I think we should bring this into FreeBSD. What do others think? The more the merrier. :-) Wasn't there some discussion a while back about a way of selecting the encryption type? And I don't mean by using the current symlink method - I mean at runtime, parhaps as a configurable option. The $n$ encoding would seem to be a good way of decoding and recognising the correct decode routine, but the ability of selecting and easily changing the system default would be nice. Perhaps even adding to it. BTW, I'm open to ideas on a configurable authentication system as well. BSDI login.conf compatibility is no longer an option since they've changed it twice and look like doing it again for BSDI 3.1. So this opens up the discussion again for perhaps a better design. I looked at PAM in some depth recently and while it looks interesting enough, I think it is an overkill. We can already do most of what PAM can do via login.conf - actually, in a nicer way imho, although it isn't as easy or simple to switch modules at runtime as you can with PAM. I'm just a little nervous about having an authentication system use something that isn't simple *in principle*, and PAM is anything but that. Regards, David Nugent - Unique Computing Pty Ltd - Melbourne, Australia Voice +61-3-9791-9547 Data/BBS +61-3-9792-3507 3:632/348@fidonet davidn@freebsd.org davidn@blaze.net.au http://www.blaze.net.au/~davidn/ From owner-freebsd-security Fri Feb 14 07:55:03 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id HAA12341 for security-outgoing; Fri, 14 Feb 1997 07:55:03 -0800 (PST) Received: from labs.usn.blaze.net.au (labs.usn.blaze.net.au [203.17.53.30]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id HAA12332 for ; Fri, 14 Feb 1997 07:54:48 -0800 (PST) Received: (from davidn@localhost) by labs.usn.blaze.net.au (8.8.5/8.8.5) id CAA19999; Sat, 15 Feb 1997 02:54:32 +1100 (EST) Message-ID: <19970215025432.32611@usn.blaze.net.au> Date: Sat, 15 Feb 1997 02:54:32 +1100 From: David Nugent To: Carl Makin Cc: security@freebsd.org Subject: Re: blowfish passwords in FreeBSD References: <199702140913.KAA25549@bsd.lss.cp.philips.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.61 In-Reply-To: ; from Carl Makin on Feb 02, 1997 at 10:14:38PM Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Feb 02, 1997 at 10:14:38PM, Carl Makin wrote: > > Further, I think we should not adapt to every new password scheme around. > > Along this topic, has anyone looked at Sunsoft's "PAM" (Pluggable > Authentication Modules). RedHat Linux 4.1 has an implementation. Yes. See also previous comments. > PAM looks like it has the possibility of supporting these schemes > reasonably cheaply. Not cheaply. In fact, from a browse through the existing PAM modules it blows it out into featuritis land. Nor does it seem to scale features to specific users or methods of access as login.conf does, although I quite agree that this could be easily done (it just doesn't seem to be part of the basic system). I just don't see the need to have one entire module handle, for example, /etc/nologin. It's only a few lines of code, for heaven's sake! Regards, David Nugent - Unique Computing Pty Ltd - Melbourne, Australia Voice +61-3-9791-9547 Data/BBS +61-3-9792-3507 3:632/348@fidonet davidn@freebsd.org davidn@blaze.net.au http://www.blaze.net.au/~davidn/ From owner-freebsd-security Fri Feb 14 08:21:37 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id IAA13648 for security-outgoing; Fri, 14 Feb 1997 08:21:37 -0800 (PST) Received: from cold.org (cold.org [206.81.134.103]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id IAA13643 for ; Fri, 14 Feb 1997 08:21:33 -0800 (PST) Received: from localhost (brandon@localhost) by cold.org (8.8.5/8.8.3) with SMTP id JAA03850; Fri, 14 Feb 1997 09:21:17 -0700 (MST) Date: Fri, 14 Feb 1997 09:21:17 -0700 (MST) From: Brandon Gillespie To: Warner Losh cc: security@freebsd.org Subject: Re: blowfish passwords in FreeBSD In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Thu, 13 Feb 1997, Warner Losh wrote: > OpenBSD just committed a new encryption method using blowfish. This > has a much larger salt space as well as a much harder to break > encryption scheme. Preliminary indications are that it looks really > good. They implemented this much like md5, but with its own code. > > I think we should bring this into FreeBSD. What do others think? How does it compare to SHA? We've had SHA encryption sitting in PR for a few months now, it uses the $2$ 'id'. -Brandon From owner-freebsd-security Fri Feb 14 08:38:55 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id IAA14562 for security-outgoing; Fri, 14 Feb 1997 08:38:55 -0800 (PST) Received: from labs.usn.blaze.net.au (labs.usn.blaze.net.au [203.17.53.30]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id IAA14529; Fri, 14 Feb 1997 08:38:30 -0800 (PST) Received: (from davidn@localhost) by labs.usn.blaze.net.au (8.8.5/8.8.5) id DAA20076; Sat, 15 Feb 1997 03:38:12 +1100 (EST) Message-ID: <19970215033810.19932@usn.blaze.net.au> Date: Sat, 15 Feb 1997 03:38:10 +1100 From: David Nugent To: freebsd-security@freebsd.org, freebsd-current@freebsd.org Subject: [root@server.blaze.net.au: server security check output] Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.61 Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk -----Forwarded message from System Administrator ----- ~ server setuid diffs: 25c25 < -r-sr-xr-x 5 root bin 294912 Feb 9 02:17:20 1997 /usr/bin/hoststat --- > -r-sr-xr-x 5 root bin 294912 Feb 15 00:51:48 1997 /usr/bin/hoststat 34c34 < -r-sr-xr-x 5 root bin 294912 Feb 9 02:17:20 1997 /usr/bin/mailq --- > -r-sr-xr-x 5 root bin 294912 Feb 15 00:51:48 1997 /usr/bin/mailq 37c37 < -r-sr-xr-x 5 root bin 294912 Feb 9 02:17:20 1997 /usr/bin/newaliases --- > -r-sr-xr-x 5 root bin 294912 Feb 15 00:51:48 1997 /usr/bin/newaliases 114,115c114,115 < -r-sr-xr-x 5 root bin 294912 Feb 9 02:17:20 1997 /usr/sbin/purgestat < -r-sr-xr-x 5 root bin 294912 Feb 9 02:17:20 1997 /usr/sbin/sendmail --- > -r-sr-xr-x 5 root bin 294912 Feb 15 00:51:48 1997 /usr/sbin/purgestat > -r-sr-xr-x 5 root bin 294912 Feb 15 00:51:48 1997 /usr/sbin/sendmail ~ -----End of forwarded message----- This is the second time I've seen this since I last built world - something has "touched" sendmail. It doesn't appear to have been hacked, and I even checked the md5 against what it was originally when I last installed sendmail and it hasn't changed. But suddenly the file date has been modified, and only a couple of hours ago. This makes me a little nervous. Nothing in any log indicates a problem; in fact, /var/log/maillog shows no activity for a couple of minutes previous to a couple of minutes after the mtime: Feb 15 01:50:10 server sendmail[26963]: BAA26959: to=ronno, ctladdr=root (0/0), delay=00:00:05, xdelay=00:00:00, mailer=local, stat=Sent Feb 15 01:53:32 server sendmail[26258]: BAA26258: from=root, size=2555, class=0, pri=32555, nrcpts=1, msgid=<199702141445.BAA26258@server. blaze.net.au>, relay=root@localhost Anyone else seen this, or might offer a clue as to what is going on? The sendmail executable in /usr/obj seems to not have been touched, nor any of the directories, and it certainly has the original md5 as well. The system is running -current, built from sources ~6th of Feb and (obviously) sendmail 8.8.5. It is a fairly busy mail server and does a fair amount of mail forwarding in addition to handling local users. There is only one event I can find that might explain it, which I just came across. One of our dialup users dialed in and ran sendmail -q, obviously to force queue delivery. In his tcsh .history file I find: Sat Feb 15 00:51:35 1997 sendmail -q Oh well, chflags is good for something. :-) This would appear to be Yet Another Sendmail Bug. Regards, David Nugent - Unique Computing Pty Ltd - Melbourne, Australia Voice +61-3-9791-9547 Data/BBS +61-3-9792-3507 3:632/348@fidonet davidn@freebsd.org davidn@blaze.net.au http://www.blaze.net.au/~davidn/ From owner-freebsd-security Fri Feb 14 10:04:35 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id KAA19658 for security-outgoing; Fri, 14 Feb 1997 10:04:35 -0800 (PST) Received: from rocky.mt.sri.com (rocky.mt.sri.com [206.127.76.100]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id KAA19629 for ; Fri, 14 Feb 1997 10:04:27 -0800 (PST) Received: (from nate@localhost) by rocky.mt.sri.com (8.7.5/8.7.3) id LAA00515; Fri, 14 Feb 1997 11:04:14 -0700 (MST) Date: Fri, 14 Feb 1997 11:04:14 -0700 (MST) Message-Id: <199702141804.LAA00515@rocky.mt.sri.com> From: Nate Williams MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit To: Warner Losh Cc: security@freebsd.org Subject: Re: blowfish passwords in FreeBSD In-Reply-To: References: Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > OpenBSD just committed a new encryption method using blowfish. This > has a much larger salt space as well as a much harder to break > encryption scheme. Preliminary indications are that it looks really > good. They implemented this much like md5, but with its own code. > > I think we should bring this into FreeBSD. What do others think? I think DES and MD5 are enough in the default distribution. You *can* have too much of a good thing, and it hasn't been shown that MD5 is breakable, and DES is only for abackwards compatability. Trying to support 3 encryption routines is loke trying to support three init routines. :) Nate From owner-freebsd-security Fri Feb 14 10:24:07 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id KAA21809 for security-outgoing; Fri, 14 Feb 1997 10:24:07 -0800 (PST) Received: from phaedrus.uchicago.edu (phaedrus.uchicago.edu [128.135.21.10]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id KAA21747 for ; Fri, 14 Feb 1997 10:24:01 -0800 (PST) Received: (from sfarrell@localhost) by phaedrus.uchicago.edu (8.8.5/8.7.3) id MAA27773; Fri, 14 Feb 1997 12:30:23 -0600 To: Brandon Gillespie Cc: Warner Losh , security@freebsd.org Subject: Re: blowfish passwords in FreeBSD References: Mime-Version: 1.0 (generated by tm-edit 7.89) Content-Type: text/plain; charset=US-ASCII From: stephen farrell Date: 14 Feb 1997 12:30:22 -0600 In-Reply-To: Brandon Gillespie's message of Fri, 14 Feb 1997 09:21:17 -0700 (MST) Message-ID: <87sp2zkzpd.fsf@phaedrus.uchicago.edu> Lines: 17 X-Mailer: Gnus v5.2.25/XEmacs 19.14 Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Brandon Gillespie writes: > > On Thu, 13 Feb 1997, Warner Losh wrote: > > OpenBSD just committed a new encryption method using blowfish. This > > has a much larger salt space as well as a much harder to break > > encryption scheme. Preliminary indications are that it looks really > > good. They implemented this much like md5, but with its own code. > > > > I think we should bring this into FreeBSD. What do others think? > > How does it compare to SHA? We've had SHA encryption sitting in PR for a > few months now, it uses the $2$ 'id'. here's a pretty cool URL for htis stuff: From owner-freebsd-security Fri Feb 14 10:24:23 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id KAA21840 for security-outgoing; Fri, 14 Feb 1997 10:24:23 -0800 (PST) Received: from smtp-relay-1.Adobe.COM (smtp-relay-1.adobe.com [192.150.11.1]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id KAA21835 for ; Fri, 14 Feb 1997 10:24:18 -0800 (PST) Received: by smtp-relay-1.Adobe.COM (8.7.5) with ESMTP id KAA27475; Fri, 14 Feb 1997 10:22:34 -0800 (PST) Received: by inner-relay-2.Adobe.COM (8.7.5) with ESMTP id KAA05430; Fri, 14 Feb 1997 10:22:29 -0800 (PST) Received: by elroy.corp.Adobe.COM (8.7.5) with SMTP id KAA09942; Fri, 14 Feb 1997 10:23:34 -0800 (PST) Message-Id: <3.0.32.19970214102333.00793180@elroy> X-Sender: rlevenbe@elroy X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Fri, 14 Feb 1997 10:23:34 -0800 To: security@freebsd.org From: Richard Levenberg Subject: Re: blowfish passwords in FreeBSD Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk For a complete description of Blowfish try: http://www.counterpane.com/blowfish.html richardl ================================================ Richard Levenberg Adobe Systems Incorporated A7 Computer Expert Classification richardl@adobe.com ================================================ -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAzBh+iEAAAEEANPybuG4Jm++3Ke+J7A2RJTrsY0HWriQkFHILqq9GlyjBs3P RHM6hBioeM5V+8sP1Fh1PqYoD+G5Io5HbmQY+KJc++ojNHTvp+/D6LZOh/tpzceX cNc2/ntdhsSSbxr8RCO0rbd62t9QefEFnWO2XjoEQ0Yg4596W0HY/DnEtuzpAAUT tCZSaWNoYXJkIExldmVuYmVyZyA8cmljaGFyZGxAYWRvYmUuY29tPg== =r/Xv -----END PGP PUBLIC KEY BLOCK----- From owner-freebsd-security Fri Feb 14 10:29:10 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id KAA22339 for security-outgoing; Fri, 14 Feb 1997 10:29:10 -0800 (PST) Received: from rover.village.org (rover.village.org [204.144.255.49]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id KAA22301 for ; Fri, 14 Feb 1997 10:28:56 -0800 (PST) Received: from rover.village.org [127.0.0.1] by rover.village.org with esmtp (Exim 0.56 #1) id E0vvSMx-0002qb-00; Fri, 14 Feb 1997 11:28:23 -0700 To: Nate Williams Subject: Re: blowfish passwords in FreeBSD Cc: security@freebsd.org In-reply-to: Your message of "Fri, 14 Feb 1997 11:04:14 MST." <199702141804.LAA00515@rocky.mt.sri.com> References: <199702141804.LAA00515@rocky.mt.sri.com> Date: Fri, 14 Feb 1997 11:28:22 -0700 From: Warner Losh Message-Id: Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk In message <199702141804.LAA00515@rocky.mt.sri.com> Nate Williams writes: : I think DES and MD5 are enough in the default distribution. You *can* : have too much of a good thing, and it hasn't been shown that MD5 is : breakable, and DES is only for abackwards compatability. The main motivation for doing this in OpenBSD was Theo knowing people that had broken MD5. He further asserts that many of his friends are able to break the MD5 passwords easily by brute force. Mostly due to the small salt space that made huge dictionary attacks possible. : Trying to support 3 encryption routines is loke trying to support three : init routines. :) Well, that's true. We should relegate MD5 to the scrap heap then :-). Actually, one of the features of the new sutff is a HUGE salt sapce that make it impossible to store a dictionary on anything short of a multiple terrabyte media. Warner From owner-freebsd-security Fri Feb 14 11:24:08 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id LAA25469 for security-outgoing; Fri, 14 Feb 1997 11:24:08 -0800 (PST) Received: from grackle.grondar.za (8t4c8Xiq/cPn8HFYbswzZFsHNPL+WA25@grackle.grondar.za [196.7.18.131]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id LAA25417 for ; Fri, 14 Feb 1997 11:24:01 -0800 (PST) Received: from grackle.grondar.za (fenPMqkpI2FSVH8sAFmQHeT2W/SgiGzb@localhost [127.0.0.1]) by grackle.grondar.za (8.8.5/8.8.4) with ESMTP id VAA18249; Fri, 14 Feb 1997 21:23:10 +0200 (SAT) Message-Id: <199702141923.VAA18249@grackle.grondar.za> X-Mailer: exmh version 2.0gamma 1/27/96 To: Poul-Henning Kamp cc: security@freebsd.org Subject: Re: blowfish passwords in FreeBSD Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 14 Feb 1997 21:23:05 +0200 From: Mark Murray Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Poul-Henning Kamp wrote: > In message , Warner Losh writes: > > > >OpenBSD just committed a new encryption method using blowfish. This > >has a much larger salt space as well as a much harder to break > >encryption scheme. Preliminary indications are that it looks really > >good. They implemented this much like md5, but with its own code. > > > >I think we should bring this into FreeBSD. What do others think? > > We already have a submission for SSH (?) passwords in a PR, they > should be merged and documented. You mean SHA (secure hash algorithm). I have this FreeBSD ready. This method expands on PHK's MD5 passwd(5) scheme where an encrypted passwd that is not DES looks like $n$sssss$pppppppppp. Where n is a number 1=MD5 2=SHA 3-??= sssss is salt ppppppppp is the encrypred passwd. The code has hooks to make it extensible for other hash types. How does the OpenBSD Blowfish method fit into _that_? FWIW, our _current_ DES passwd scheme has a method that extends the salt dramatically. (this is documented). if the salt begins with an "_" underscore char, then the next 8 (!) chars are salt. They are (sort of) uudecoded to provide two 24 bit numbers. One is common-or- garden salt, the other is iteration count. You want someone to work hard do crack your password? Set the count high. Look in the secure/lib/libcrypt/test dir for test code and check out the secure crypt(3) manpage for docs. M -- Mark Murray PGP key fingerprint = 80 36 6E 40 83 D6 8A 36 This .sig is umop ap!sdn. BC 06 EA 0E 7A F2 CE CE From owner-freebsd-security Fri Feb 14 11:28:28 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id LAA25728 for security-outgoing; Fri, 14 Feb 1997 11:28:28 -0800 (PST) Received: from grackle.grondar.za (iRAe3PKMBYySwR6+GM0+jGSqJKD3IfQp@grackle.grondar.za [196.7.18.131]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id LAA25717 for ; Fri, 14 Feb 1997 11:28:21 -0800 (PST) Received: from grackle.grondar.za (PpyYfEtyltR3nsHCajfiSctJ4mfLy1lC@localhost [127.0.0.1]) by grackle.grondar.za (8.8.5/8.8.4) with ESMTP id VAA18273; Fri, 14 Feb 1997 21:27:58 +0200 (SAT) Message-Id: <199702141927.VAA18273@grackle.grondar.za> X-Mailer: exmh version 2.0gamma 1/27/96 To: Brandon Gillespie cc: security@freebsd.org Subject: Re: blowfish passwords in FreeBSD Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 14 Feb 1997 21:27:55 +0200 From: Mark Murray Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Brandon Gillespie wrote: > On Thu, 13 Feb 1997, Warner Losh wrote: > > OpenBSD just committed a new encryption method using blowfish. This > > has a much larger salt space as well as a much harder to break > > encryption scheme. Preliminary indications are that it looks really > > good. They implemented this much like md5, but with its own code. > > > > I think we should bring this into FreeBSD. What do others think? > > How does it compare to SHA? We've had SHA encryption sitting in PR for a > few months now, it uses the $2$ 'id'. I have your scheme commit-ready now. It looks like we'll have too merge in this as well. M -- Mark Murray PGP key fingerprint = 80 36 6E 40 83 D6 8A 36 This .sig is umop ap!sdn. BC 06 EA 0E 7A F2 CE CE From owner-freebsd-security Fri Feb 14 11:45:09 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id LAA26863 for security-outgoing; Fri, 14 Feb 1997 11:45:09 -0800 (PST) Received: from kirk.edmweb.com (kirk.edmweb.com [204.244.190.1]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id LAA26857 for ; Fri, 14 Feb 1997 11:45:04 -0800 (PST) Received: from bitbucket (bluesmoke.edmweb.com [204.244.190.8]) by kirk.edmweb.com (8.8.5/8.7.3) with ESMTP id LAA01594; Fri, 14 Feb 1997 11:44:54 -0800 (PST) Received: from localhost by bitbucket with smtp id m0vvTYw-000CDpC (Debian Smail-3.2 1996-Jul-4 #2); Fri, 14 Feb 1997 11:44:50 -0800 (PST) Date: Fri, 14 Feb 1997 11:44:48 -0800 (PST) From: Steve Reid X-Sender: steve@bluesmoke To: Warner Losh cc: Gary Clark II , security@freebsd.org Subject: Re: blowfish passwords in FreeBSD In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > I've not seen any, but The Applied Cryptography book has the > description of the encryption technique in it. Also: http://www.counterpane.com/blowfish.html From owner-freebsd-security Fri Feb 14 12:48:11 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id MAA00234 for security-outgoing; Fri, 14 Feb 1997 12:48:11 -0800 (PST) Received: from ratatosk.algonet.se (mailgw.algonet.se [194.213.74.38]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id MAA00223 for ; Fri, 14 Feb 1997 12:48:05 -0800 (PST) Received: from (tomei.algonet.se [194.213.74.114]) by ratatosk.algonet.se (8.7.4/hdw.1.0) with ESMTP id VAA15815; Fri, 14 Feb 1997 21:48:24 +0100 (MET) Received: from (mal@bengt.algonet.se [194.213.74.14]) by tomei.algonet.se (8.7.4/) with ESMTP id VAA04215; Fri, 14 Feb 1997 21:48:22 +0100 (MET) Received: (mal@localhost) by bengt (SMI-8.6/8.6.12) id VAA08594; Fri, 14 Feb 1997 21:48:22 +0100 Date: Fri, 14 Feb 1997 21:48:22 +0100 Message-Id: <199702142048.VAA08594@bengt> From: Mats Lofkvist To: freebsd-security@FreeBSD.ORG Subject: Re: blowfish passwords in FreeBSD Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > OpenBSD just committed a new encryption method using blowfish. This > has a much larger salt space as well as a much harder to break > encryption scheme. Preliminary indications are that it looks really > good. They implemented this much like md5, but with its own code. > > I think we should bring this into FreeBSD. What do others think? > > Warner Why did they feel the need for something better than md5? Is there any known weaknesses in md5? 128 bits is enough to make md5 extremely secure until someone finds a serious flaw in the algorithm, brute force attacks will probably never be a problem. _ Mats Lofkvist mal@algonet.se From owner-freebsd-security Fri Feb 14 12:48:23 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id MAA00266 for security-outgoing; Fri, 14 Feb 1997 12:48:23 -0800 (PST) Received: from cold.org (cold.org [206.81.134.103]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id MAA00257 for ; Fri, 14 Feb 1997 12:48:20 -0800 (PST) Received: from localhost (brandon@localhost) by cold.org (8.8.5/8.8.3) with SMTP id NAA04390; Fri, 14 Feb 1997 13:48:14 -0700 (MST) Date: Fri, 14 Feb 1997 13:48:14 -0700 (MST) From: Brandon Gillespie To: Mark Murray cc: security@freebsd.org Subject: Re: blowfish passwords in FreeBSD In-Reply-To: <199702141927.VAA18273@grackle.grondar.za> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > I have your scheme commit-ready now. It looks like we'll have too merge > in this as well. Actually, I'd like to also submit a patch for 'passwd' that reads something like /etc/passwd.conf for a 'preference', where the file simply contains 'best' 'DES' or a $x$ prefix. If it is 'best' it'll use the best/latest algorithm, DES is obvious, otherwise it just prefixes the '$x$' string in the file to the salt. I'd like this because for me, I have many older DES passwords from upgrades, and I'd like to migrate to better passwords but right now if DES exists as an option, it is always given encryption preference in 'passwd'.. -Brandon Gillespie From owner-freebsd-security Fri Feb 14 12:54:11 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id MAA00502 for security-outgoing; Fri, 14 Feb 1997 12:54:11 -0800 (PST) Received: from bofh.cybercity.dk (bofh.cybercity.dk [195.8.128.254]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id MAA00492 for ; Fri, 14 Feb 1997 12:54:05 -0800 (PST) Received: from critter.dk.tfs.com (phk.cybercity.dk [195.8.133.247]) by bofh.cybercity.dk (8.8.3/8.7.3) with ESMTP id VAA08940; Fri, 14 Feb 1997 21:56:31 +0100 (MET) Received: from critter.dk.tfs.com (localhost [127.0.0.1]) by critter.dk.tfs.com (8.8.2/8.8.2) with ESMTP id UAA09914; Fri, 14 Feb 1997 20:56:09 +0100 (MET) To: Mark Murray cc: security@freebsd.org Subject: Re: blowfish passwords in FreeBSD In-reply-to: Your message of "Fri, 14 Feb 1997 21:23:05 +0200." <199702141923.VAA18249@grackle.grondar.za> Date: Fri, 14 Feb 1997 20:56:08 +0100 Message-ID: <9912.855950168@critter.dk.tfs.com> From: Poul-Henning Kamp Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk In message <199702141923.VAA18249@grackle.grondar.za>, Mark Murray writes: >> We already have a submission for SSH (?) passwords in a PR, they >> should be merged and documented. > >You mean SHA (secure hash algorithm). I have this FreeBSD ready. Well, if OpenBSD committed first, $2$ should stay assigned to whatever they used if to, and we should import their code. You should commit $3$ to SHA then. (I know I've been sitting on this forever :-( >This method expands on PHK's MD5 passwd(5) scheme where an encrypted >passwd that is not DES looks like $n$sssss$pppppppppp. Actually: $%d$%s$%s The length of the salt or output isn't constrained generally, only per algorithm. -- Poul-Henning Kamp | phk@FreeBSD.ORG FreeBSD Core-team. http://www.freebsd.org/~phk | phk@login.dknet.dk Private mailbox. whois: [PHK] | phk@tfs.com TRW Financial Systems, Inc. Power and ignorance is a disgusting cocktail. From owner-freebsd-security Fri Feb 14 12:56:08 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id MAA00648 for security-outgoing; Fri, 14 Feb 1997 12:56:08 -0800 (PST) Received: from grackle.grondar.za (WpHLAAnjAwqHM/llDbuaSXJ0LIOqCADn@grackle.grondar.za [196.7.18.131]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id MAA00614 for ; Fri, 14 Feb 1997 12:55:58 -0800 (PST) Received: from grackle.grondar.za (xxJbUMlog3cqsrLrhF4N39E4KiuWjGgZ@localhost [127.0.0.1]) by grackle.grondar.za (8.8.5/8.8.4) with ESMTP id WAA18587; Fri, 14 Feb 1997 22:55:36 +0200 (SAT) Message-Id: <199702142055.WAA18587@grackle.grondar.za> X-Mailer: exmh version 2.0gamma 1/27/96 To: Brandon Gillespie cc: security@freebsd.org Subject: Re: blowfish passwords in FreeBSD Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 14 Feb 1997 22:55:26 +0200 From: Mark Murray Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Brandon Gillespie wrote: > > I have your scheme commit-ready now. It looks like we'll have too merge > > in this as well. > > Actually, I'd like to also submit a patch for 'passwd' that reads > something like /etc/passwd.conf for a 'preference', where the file simply > contains 'best' 'DES' or a $x$ prefix. If it is 'best' it'll use the > best/latest algorithm, DES is obvious, otherwise it just prefixes the > '$x$' string in the file to the salt. I'd like this because for me, I > have many older DES passwords from upgrades, and I'd like to migrate to > better passwords but right now if DES exists as an option, it is always > given encryption preference in 'passwd'.. I'd like to extend this a bit. DES has some options; vanilla and estended (and extended has an iteration count). Extended DES is recognisable by a longer cryptstream "_ssssiiiippppppppppp" where ssss is salt, iiii is iteration and ppppppp is hashed password. iiii and ssss are (sort of) uuencoded, M -- Mark Murray PGP key fingerprint = 80 36 6E 40 83 D6 8A 36 This .sig is umop ap!sdn. BC 06 EA 0E 7A F2 CE CE From owner-freebsd-security Fri Feb 14 13:09:43 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id NAA01408 for security-outgoing; Fri, 14 Feb 1997 13:09:43 -0800 (PST) Received: from bofh.cybercity.dk (bofh.cybercity.dk [195.8.128.254]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id NAA01402 for ; Fri, 14 Feb 1997 13:09:36 -0800 (PST) Received: from critter.dk.tfs.com (phk.cybercity.dk [195.8.133.247]) by bofh.cybercity.dk (8.8.3/8.7.3) with ESMTP id WAA09757; Fri, 14 Feb 1997 22:12:13 +0100 (MET) Received: from critter.dk.tfs.com (localhost [127.0.0.1]) by critter.dk.tfs.com (8.8.2/8.8.2) with ESMTP id WAA10480; Fri, 14 Feb 1997 22:11:18 +0100 (MET) To: Warner Losh cc: Nate Williams , security@freebsd.org Subject: Re: blowfish passwords in FreeBSD In-reply-to: Your message of "Fri, 14 Feb 1997 11:28:22 MST." Date: Fri, 14 Feb 1997 22:11:17 +0100 Message-ID: <10478.855954677@critter.dk.tfs.com> From: Poul-Henning Kamp Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk In message , Warner Losh writes: >In message <199702141804.LAA00515@rocky.mt.sri.com> Nate Williams writes: >: I think DES and MD5 are enough in the default distribution. You *can* >: have too much of a good thing, and it hasn't been shown that MD5 is >: breakable, and DES is only for abackwards compatability. > >The main motivation for doing this in OpenBSD was Theo knowing people >that had broken MD5. He further asserts that many of his friends are >able to break the MD5 passwords easily by brute force. Mostly due to >the small salt space that made huge dictionary attacks possible. The space between what Theo claims and what he actually can produce when pushed is currently used to store the 98% of the universe that science can't account for. A rather quick calculation will show you that we are indeed talking >huge< dictionary attacks. Theos problem is that it has not been "seriously analysed" and that somebody has used the word "weak" in a paper about md5. >: Trying to support 3 encryption routines is loke trying to support three >: init routines. :) > >Well, that's true. We should relegate MD5 to the scrap heap then >:-). Actually, one of the features of the new sutff is a HUGE salt >sapce that make it impossible to store a dictionary on anything short >of a multiple terrabyte media. The problem isn't the size of the salt, but the quality. We should start to get the salt from /dev/random, that would >REALLY< be an improvement... -- Poul-Henning Kamp | phk@FreeBSD.ORG FreeBSD Core-team. http://www.freebsd.org/~phk | phk@login.dknet.dk Private mailbox. whois: [PHK] | phk@tfs.com TRW Financial Systems, Inc. Power and ignorance is a disgusting cocktail. From owner-freebsd-security Fri Feb 14 14:51:37 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id OAA07495 for security-outgoing; Fri, 14 Feb 1997 14:51:37 -0800 (PST) Received: from world.celsiustech.se (world.celsiustech.se [139.58.230.10]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id OAA07485 for ; Fri, 14 Feb 1997 14:51:29 -0800 (PST) Received: (from maja@localhost) by world.celsiustech.se (8.8.5/8.7.3) id XAA15930; Fri, 14 Feb 1997 23:51:13 +0100 (MET) Date: Fri, 14 Feb 1997 23:51:12 +0100 (MET) From: Mats O Jansson X-Sender: maja@world To: Poul-Henning Kamp cc: Warner Losh , Nate Williams , security@FreeBSD.ORG Subject: Re: blowfish passwords in FreeBSD In-Reply-To: <10478.855954677@critter.dk.tfs.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Fri, 14 Feb 1997, Poul-Henning Kamp wrote: > The space between what Theo claims and what he actually can produce > when pushed is currently used to store the 98% of the universe that > science can't account for. > Have you talked with Theo about his claim? Can you prove what you claim? In my opinon you don't like Theo and this just your way to show it. > > -- > Poul-Henning Kamp | phk@FreeBSD.ORG FreeBSD Core-team. > http://www.freebsd.org/~phk | phk@login.dknet.dk Private mailbox. > whois: [PHK] | phk@tfs.com TRW Financial Systems, Inc. > Power and ignorance is a disgusting cocktail. > -moj ------------------------------------------------------------------------------ Mats O Jansson, CelsiusTech Systems, Jaerfaella, Sweden email: maja@celsiustech.se (or moj@stacken.kth.se) From owner-freebsd-security Fri Feb 14 15:50:14 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id PAA11958 for security-outgoing; Fri, 14 Feb 1997 15:50:14 -0800 (PST) Received: from homeport.org (lighthouse.homeport.org [205.136.65.198]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id PAA11953 for ; Fri, 14 Feb 1997 15:50:08 -0800 (PST) Received: (adam@localhost) by homeport.org (8.8.5/8.6.9) id SAA18988; Fri, 14 Feb 1997 18:47:14 -0500 (EST) From: Adam Shostack Message-Id: <199702142347.SAA18988@homeport.org> Subject: Re: blowfish passwords in FreeBSD In-Reply-To: <199702142048.VAA08594@bengt> from Mats Lofkvist at "Feb 14, 97 09:48:22 pm" To: mal@bengt.algonet.se (Mats Lofkvist) Date: Fri, 14 Feb 1997 18:47:14 -0500 (EST) Cc: freebsd-security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL27 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Mats Lofkvist wrote: | > OpenBSD just committed a new encryption method using blowfish. This | > has a much larger salt space as well as a much harder to break | > encryption scheme. Preliminary indications are that it looks really | > good. They implemented this much like md5, but with its own code. | > | > I think we should bring this into FreeBSD. What do others think? | > | > Warner | | Why did they feel the need for something better than md5? | Is there any known weaknesses in md5? 128 bits is enough to make md5 | extremely secure until someone finds a serious flaw in the algorithm, | brute force attacks will probably never be a problem. Hans Dobbertin has found weaknesses in MD5. "The Status of MD5 after a recent attack", CryptoBytes, The technical newsletter of RSA labs, vol 2, summer 1996. The paper can probably be found on www.rsa.com. Due to the nature of hashes, you can use the birthday attack to find two messages with the same hash in 1/2 of searches of 64 bits of the space. This does not get you a a new message whose digest matches a chosen message's digest. Its also worth noting that hashes are designed to be one way functions, ciphers like Blowfish are not. Though they can be converted back and forth, there can be subtilties that should be addressed. Use of sha-1 or RIPEMD-160 would probably be a better choice than Blowfish. I say that without having studied OpenBSD's choice very closely. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From owner-freebsd-security Fri Feb 14 16:05:34 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id QAA13105 for security-outgoing; Fri, 14 Feb 1997 16:05:34 -0800 (PST) Received: from dfw.dfw.net (aleph1@dfw.dfw.net [198.175.15.10]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id QAA13095 for ; Fri, 14 Feb 1997 16:05:26 -0800 (PST) Received: from localhost by dfw.dfw.net (4.1/SMI-4.1) id AA25184; Fri, 14 Feb 97 18:05:28 CST Date: Fri, 14 Feb 1997 18:05:28 -0600 (CST) From: Aleph One To: Mats Lofkvist Cc: freebsd-security@freebsd.org Subject: Re: blowfish passwords in FreeBSD In-Reply-To: <199702142048.VAA08594@bengt> Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Fri, 14 Feb 1997, Mats Lofkvist wrote: > Why did they feel the need for something better than md5? > Is there any known weaknesses in md5? 128 bits is enough to make md5 > extremely secure until someone finds a serious flaw in the algorithm, > brute force attacks will probably never be a problem. Well pseudo-collision have been found in MD5. It has also been estimated that for 10 million 1994 dollars you could build a collision search machine that could find a collision in 24 days on average. Of curse this doesnt mean much to anyone using MD5 for their passwords. For 10 million the'll just brake into you place and take the machine. People are starting to belive MD5 is not as secure anymore, and looking at other alternatives. Even Rivest has said so. > Mats Lofkvist > mal@algonet.se > > Aleph One / aleph1@dfw.net http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01 From owner-freebsd-security Fri Feb 14 18:13:23 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id SAA20536 for security-outgoing; Fri, 14 Feb 1997 18:13:23 -0800 (PST) Received: from pdx1.world.net (pdx1.world.net [192.243.32.18]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id SAA20531 for ; Fri, 14 Feb 1997 18:13:18 -0800 (PST) From: proff@suburbia.net Received: from suburbia.net (suburbia.net [203.4.184.1]) by pdx1.world.net (8.7.5/8.7.3) with SMTP id SAA12768 for ; Fri, 14 Feb 1997 18:14:47 -0800 (PST) Received: (qmail 1799 invoked by uid 110); 15 Feb 1997 02:12:45 -0000 Message-ID: <19970215021245.1798.qmail@suburbia.net> Subject: Re: blowfish passwords in FreeBSD In-Reply-To: <199702142048.VAA08594@bengt> from Mats Lofkvist at "Feb 14, 97 09:48:22 pm" To: mal@bengt.algonet.se (Mats Lofkvist) Date: Sat, 15 Feb 1997 13:12:45 +1100 (EST) Cc: security@freebsd.org X-Mailer: ELM [version 2.4ME+ PL28 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > Why did they feel the need for something better than md5? > Is there any known weaknesses in md5? 128 bits is enough to make md5 > extremely secure until someone finds a serious flaw in the algorithm, > brute force attacks will probably never be a problem. Further, md5 as a signature algorithm is exportable, while blowfish is not. md5 does have some flaws, but not in this context. -- Prof. Julian Assange |If you want to build a ship, don't drum up people |together to collect wood and don't assign them tasks proff@iq.org |and work, but rather teach them to long for the endless proff@gnu.ai.mit.edu |immensity of the sea. -- Antoine de Saint Exupery From owner-freebsd-security Fri Feb 14 22:41:22 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id WAA04192 for security-outgoing; Fri, 14 Feb 1997 22:41:22 -0800 (PST) Received: from bofh.cybercity.dk (bofh.cybercity.dk [195.8.128.254]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id WAA04183 for ; Fri, 14 Feb 1997 22:41:10 -0800 (PST) Received: from critter.dk.tfs.com (phk.cybercity.dk [195.8.133.247]) by bofh.cybercity.dk (8.8.3/8.7.3) with ESMTP id HAA24754; Sat, 15 Feb 1997 07:43:39 +0100 (MET) Received: from critter.dk.tfs.com (localhost [127.0.0.1]) by critter.dk.tfs.com (8.8.2/8.8.2) with ESMTP id HAA11723; Sat, 15 Feb 1997 07:42:50 +0100 (MET) To: Mats Lofkvist cc: freebsd-security@freebsd.org Subject: Re: blowfish passwords in FreeBSD In-reply-to: Your message of "Fri, 14 Feb 1997 21:48:22 +0100." <199702142048.VAA08594@bengt> Date: Sat, 15 Feb 1997 07:42:49 +0100 Message-ID: <11721.855988969@critter.dk.tfs.com> From: Poul-Henning Kamp Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk In message <199702142048.VAA08594@bengt>, Mats Lofkvist writes: >> OpenBSD just committed a new encryption method using blowfish. This >> has a much larger salt space as well as a much harder to break >> encryption scheme. Preliminary indications are that it looks really >> good. They implemented this much like md5, but with its own code. >> >> I think we should bring this into FreeBSD. What do others think? >> >> Warner > >Why did they feel the need for something better than md5? >Is there any known weaknesses in md5? 128 bits is enough to make md5 >extremely secure until someone finds a serious flaw in the algorithm, >brute force attacks will probably never be a problem. Because Theo is paranoid. -- Poul-Henning Kamp | phk@FreeBSD.ORG FreeBSD Core-team. http://www.freebsd.org/~phk | phk@login.dknet.dk Private mailbox. whois: [PHK] | phk@tfs.com TRW Financial Systems, Inc. Power and ignorance is a disgusting cocktail. From owner-freebsd-security Fri Feb 14 22:46:13 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id WAA04474 for security-outgoing; Fri, 14 Feb 1997 22:46:13 -0800 (PST) Received: from bofh.cybercity.dk (bofh.cybercity.dk [195.8.128.254]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id WAA04465 for ; Fri, 14 Feb 1997 22:46:02 -0800 (PST) Received: from critter.dk.tfs.com (phk.cybercity.dk [195.8.133.247]) by bofh.cybercity.dk (8.8.3/8.7.3) with ESMTP id HAA24975; Sat, 15 Feb 1997 07:48:34 +0100 (MET) Received: from critter.dk.tfs.com (localhost [127.0.0.1]) by critter.dk.tfs.com (8.8.2/8.8.2) with ESMTP id HAA11769; Sat, 15 Feb 1997 07:47:40 +0100 (MET) To: Mats O Jansson cc: Warner Losh , Nate Williams , security@FreeBSD.ORG Subject: Re: blowfish passwords in FreeBSD In-reply-to: Your message of "Fri, 14 Feb 1997 23:51:12 +0100." Date: Sat, 15 Feb 1997 07:47:40 +0100 Message-ID: <11767.855989260@critter.dk.tfs.com> From: Poul-Henning Kamp Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk In message , Mats O Jansson wri tes: >On Fri, 14 Feb 1997, Poul-Henning Kamp wrote: > >> The space between what Theo claims and what he actually can produce >> when pushed is currently used to store the 98% of the universe that >> science can't account for. >> >Have you talked with Theo about his claim? Can you prove what you claim? >In my opinon you don't like Theo and this just your way to show it. Yes, yes, no. Go look in RFC-1810 and src/lib/libc/gen/crypt.c, then take out your calculator and see that Theo is blowing smoke. -- Poul-Henning Kamp | phk@FreeBSD.ORG FreeBSD Core-team. http://www.freebsd.org/~phk | phk@login.dknet.dk Private mailbox. whois: [PHK] | phk@tfs.com TRW Financial Systems, Inc. Power and ignorance is a disgusting cocktail. From owner-freebsd-security Fri Feb 14 23:00:13 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id XAA05239 for security-outgoing; Fri, 14 Feb 1997 23:00:13 -0800 (PST) Received: from bofh.cybercity.dk (bofh.cybercity.dk [195.8.128.254]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id XAA05221 for ; Fri, 14 Feb 1997 23:00:08 -0800 (PST) Received: from critter.dk.tfs.com (phk.cybercity.dk [195.8.133.247]) by bofh.cybercity.dk (8.8.3/8.7.3) with ESMTP id IAA25575; Sat, 15 Feb 1997 08:02:45 +0100 (MET) Received: from critter.dk.tfs.com (localhost [127.0.0.1]) by critter.dk.tfs.com (8.8.2/8.8.2) with ESMTP id IAA11821; Sat, 15 Feb 1997 08:01:56 +0100 (MET) To: Aleph One cc: Mats Lofkvist , freebsd-security@FreeBSD.org Subject: Re: blowfish passwords in FreeBSD In-reply-to: Your message of "Fri, 14 Feb 1997 18:05:28 CST." Date: Sat, 15 Feb 1997 08:01:55 +0100 Message-ID: <11819.855990115@critter.dk.tfs.com> From: Poul-Henning Kamp Sender: owner-security@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk In message , Aleph One wr ites: >On Fri, 14 Feb 1997, Mats Lofkvist wrote: > >> Why did they feel the need for something better than md5? >> Is there any known weaknesses in md5? 128 bits is enough to make md5 >> extremely secure until someone finds a serious flaw in the algorithm, >> brute force attacks will probably never be a problem. > >Well pseudo-collision have been found in MD5. It has also been estimated >that for 10 million 1994 dollars you could build a collision search >machine that could find a collision in 24 days on average. Of curse this >doesnt mean much to anyone using MD5 for their passwords. For 10 million >the'll just brake into you place and take the machine. People are starting >to belive MD5 is not as secure anymore, and looking at other alternatives. >Even Rivest has said so. Correct, but on the scale of things we are using it for here: hashing of passwords, this is largely irrelevant. We only use MD5 because it is a complex operation that scambles bits well and it is hard to parallelize (See the complaint in RFC-1810). In other places where you protect things much more valuable with just a single iteration of MD5, I would say that the published weaknesses are to be taken serious. The important thing is if it is possible and feasible for a d00de with a fast PC or even hundred to brute force a password. (Remember that it is usually easier to guess peoples password anyway, since people generally choose lousy passwords. The only thing a strong hash protects is good passwords.) For this purpose our current MD5 based algorithm is fine and it can be exported without trouble. I have heard and seen very good passwords that was DES-scrambled be found by brute-force, I have yet to hear the first report about that happening with MD5. But I'm all for having more algorithms, simply because that adds another bit to the to work for the crackers if they would want to precompute dictionaries. I'm all against Theo calling MD5 unsecure, and I know he does it merely to spread Fear, Doubt and Uncertainty and because it gives such a nice hollow sound when be bangs his chest like he does. I bet he hasn't even run any significant analysis to see if he by accident have introduced lost the decorrelation of the output of blowfish... I did that with MD5, the strongest correlation between any one bit from input to output over a 10000000 sample was 0.00029 and the strongets two bit correlation was 0.00031, what is Theo's numbers ? -- Poul-Henning Kamp | phk@FreeBSD.ORG FreeBSD Core-team. http://www.freebsd.org/~phk | phk@login.dknet.dk Private mailbox. whois: [PHK] | phk@tfs.com TRW Financial Systems, Inc. Power and ignorance is a disgusting cocktail. From owner-freebsd-security Fri Feb 14 23:03:13 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id XAA05383 for security-outgoing; Fri, 14 Feb 1997 23:03:13 -0800 (PST) Received: from bofh.cybercity.dk (bofh.cybercity.dk [195.8.128.254]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id XAA05373 for ; Fri, 14 Feb 1997 23:03:06 -0800 (PST) Received: from critter.dk.tfs.com (phk.cybercity.dk [195.8.133.247]) by bofh.cybercity.dk (8.8.3/8.7.3) with ESMTP id IAA25743; Sat, 15 Feb 1997 08:05:43 +0100 (MET) Received: from critter.dk.tfs.com (localhost [127.0.0.1]) by critter.dk.tfs.com (8.8.2/8.8.2) with ESMTP id IAA11873; Sat, 15 Feb 1997 08:04:54 +0100 (MET) To: proff@suburbia.net cc: mal@bengt.algonet.se (Mats Lofkvist), security@FreeBSD.ORG Subject: Re: blowfish passwords in FreeBSD In-reply-to: Your message of "Sat, 15 Feb 1997 13:12:45 +1100." <19970215021245.1798.qmail@suburbia.net> Date: Sat, 15 Feb 1997 08:04:54 +0100 Message-ID: <11871.855990294@critter.dk.tfs.com> From: Poul-Henning Kamp Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk In message <19970215021245.1798.qmail@suburbia.net>, proff@suburbia.net writes: >> Why did they feel the need for something better than md5? >> Is there any known weaknesses in md5? 128 bits is enough to make md5 >> extremely secure until someone finds a serious flaw in the algorithm, >> brute force attacks will probably never be a problem. > >Further, md5 as a signature algorithm is exportable, while blowfish is >not. md5 does have some flaws, but not in this context. Theo belives he can export anything just because he is in Canada. -- Poul-Henning Kamp | phk@FreeBSD.ORG FreeBSD Core-team. http://www.freebsd.org/~phk | phk@login.dknet.dk Private mailbox. whois: [PHK] | phk@tfs.com TRW Financial Systems, Inc. Power and ignorance is a disgusting cocktail. From owner-freebsd-security Fri Feb 14 23:18:55 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id XAA07333 for security-outgoing; Fri, 14 Feb 1997 23:18:55 -0800 (PST) Received: from maslow.cia-g.com (root@maslow.cia-g.com [206.206.162.5]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id XAA07323 for ; Fri, 14 Feb 1997 23:18:47 -0800 (PST) Received: from maslow.cia-g.com (lithium@maslow.cia-g.com [206.206.162.5]) by maslow.cia-g.com (8.8.5/8.7.3) with SMTP id AAA19161; Sat, 15 Feb 1997 00:18:41 -0700 (MST) Date: Sat, 15 Feb 1997 00:18:41 -0700 (MST) From: Stephen Fisher To: Warner Losh cc: security@freebsd.org Subject: Re: blowfish passwords in FreeBSD In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Where has this been used before though? MD5 and especially DES have been time proven and tested and white papers have been written, and people have studied them to death already. On Thu, 13 Feb 1997, Warner Losh wrote: > OpenBSD just committed a new encryption method using blowfish. This > has a much larger salt space as well as a much harder to break > encryption scheme. Preliminary indications are that it looks really > good. They implemented this much like md5, but with its own code. > > I think we should bring this into FreeBSD. What do others think? From owner-freebsd-security Sat Feb 15 04:15:50 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id EAA18726 for security-outgoing; Sat, 15 Feb 1997 04:15:50 -0800 (PST) Received: from mexico.brainstorm.eu.org (root@mexico.brainstorm.fr [193.56.58.253]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id EAA18703 for ; Sat, 15 Feb 1997 04:15:43 -0800 (PST) Received: from brasil.brainstorm.eu.org (brasil.brainstorm.fr [193.56.58.33]) by mexico.brainstorm.eu.org (8.8.4/8.8.4) with ESMTP id NAA10310 for ; Sat, 15 Feb 1997 13:15:32 +0100 Received: (from uucp@localhost) by brasil.brainstorm.eu.org (8.8.4/8.6.12) with UUCP id NAA28908 for freebsd-security@freebsd.org; Sat, 15 Feb 1997 13:14:43 +0100 Received: (from roberto@localhost) by keltia.freenix.fr (8.8.5/keltia-uucp-2.9) id KAA26000; Sat, 15 Feb 1997 10:41:11 +0100 (CET) Message-ID: <19970215104111.CY55466@keltia.freenix.fr> Date: Sat, 15 Feb 1997 10:41:11 +0100 From: roberto@keltia.freenix.fr (Ollivier Robert) To: freebsd-security@FreeBSD.ORG Subject: Re: blowfish passwords in FreeBSD References: <199702142048.VAA08594@bengt> X-Mailer: Mutt 0.60,1-3,9 Mime-Version: 1.0 X-Operating-System: FreeBSD 3.0-CURRENT ctm#2999 In-Reply-To: ; from Aleph One on Feb 14, 1997 18:05:28 -0600 Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk According to Aleph One: > Well pseudo-collision have been found in MD5. It has also been estimated > that for 10 million 1994 dollars you could build a collision search > machine that could find a collision in 24 days on average. Of curse this > doesnt mean much to anyone using MD5 for their passwords. For 10 million There is a good description of RIPEMD-160 in the DDJ on compression / encryption. Seems to be a good algorithm. -- Ollivier ROBERT -=- The daemon is FREE! -=- roberto@keltia.freenix.fr FreeBSD keltia.freenix.fr 3.0-CURRENT #39: Sun Feb 2 22:12:44 CET 1997 From owner-freebsd-security Sat Feb 15 07:09:27 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id HAA27680 for security-outgoing; Sat, 15 Feb 1997 07:09:27 -0800 (PST) Received: from rover.village.org (rover.village.org [204.144.255.49]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id HAA27675 for ; Sat, 15 Feb 1997 07:09:23 -0800 (PST) Received: from rover.village.org [127.0.0.1] by rover.village.org with esmtp (Exim 0.56 #1) id E0vvljp-0004WN-00; Sat, 15 Feb 1997 08:09:17 -0700 To: Stephen Fisher Subject: Re: blowfish passwords in FreeBSD Cc: security@freebsd.org In-reply-to: Your message of "Sat, 15 Feb 1997 00:18:41 MST." References: Date: Sat, 15 Feb 1997 08:09:17 -0700 From: Warner Losh Message-Id: Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk In message Stephen Fisher writes: : Where has this been used before though? MD5 and especially DES have been : time proven and tested and white papers have been written, and people have : studied them to death already. I don't have the references. However, reports have come in that brute force has cracked 40 and 48 bit keys in less than a month. Next stop 56 bit keys :-). Warner From owner-freebsd-security Sat Feb 15 08:11:36 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id IAA00331 for security-outgoing; Sat, 15 Feb 1997 08:11:36 -0800 (PST) Received: from ocean.campus.luth.se (ocean.campus.luth.se [130.240.194.116]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id IAA00325 for ; Sat, 15 Feb 1997 08:11:31 -0800 (PST) Received: (from karpen@localhost) by ocean.campus.luth.se (8.7.5/8.7.3) id RAA04441; Sat, 15 Feb 1997 17:12:45 +0100 (MET) From: Mikael Karpberg Message-Id: <199702151612.RAA04441@ocean.campus.luth.se> Subject: Re: blowfish passwords in FreeBSD To: imp@village.org (Warner Losh) Date: Sat, 15 Feb 1997 17:12:44 +0100 (MET) Cc: lithium@cia-g.com, security@freebsd.org In-Reply-To: from Warner Losh at "Feb 15, 97 08:09:17 am" X-Mailer: ELM [version 2.4ME+ PL22 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk According to Warner Losh: > Stephen Fisher writes: > : Where has this been used before though? MD5 and especially DES have been > : time proven and tested and white papers have been written, and people have > : studied them to death already. > > I don't have the references. > > However, reports have come in that brute force has cracked 40 and 48 > bit keys in less than a month. Next stop 56 bit keys :-). Try http://www.42.org/challenge/ :-) /Mikael From owner-freebsd-security Sat Feb 15 08:28:16 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id IAA02719 for security-outgoing; Sat, 15 Feb 1997 08:28:16 -0800 (PST) Received: from bofh.cybercity.dk (bofh.cybercity.dk [195.8.128.254]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id IAA02689 for ; Sat, 15 Feb 1997 08:28:03 -0800 (PST) Received: from critter.dk.tfs.com (phk.cybercity.dk [195.8.133.247]) by bofh.cybercity.dk (8.8.3/8.7.3) with ESMTP id RAA24630; Sat, 15 Feb 1997 17:30:40 +0100 (MET) Received: from critter.dk.tfs.com (localhost [127.0.0.1]) by critter.dk.tfs.com (8.8.2/8.8.2) with ESMTP id RAA13476; Sat, 15 Feb 1997 17:29:56 +0100 (MET) To: Warner Losh cc: Stephen Fisher , security@FreeBSD.ORG Subject: Re: blowfish passwords in FreeBSD In-reply-to: Your message of "Sat, 15 Feb 1997 08:09:17 MST." Date: Sat, 15 Feb 1997 17:29:56 +0100 Message-ID: <13474.856024196@critter.dk.tfs.com> From: Poul-Henning Kamp Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk In message , Warner Losh writes: >In message Stephen > Fisher writes: >: Where has this been used before though? MD5 and especially DES have been >: time proven and tested and white papers have been written, and people have >: studied them to death already. > >I don't have the references. > >However, reports have come in that brute force has cracked 40 and 48 >bit keys in less than a month. Next stop 56 bit keys :-). I have personally witnessed a P5/60 with a ISA card with some ASIC's break a well chosen password that was DES encrypted using bruteforce. It took slightly less than 3 hours. -- Poul-Henning Kamp | phk@FreeBSD.ORG FreeBSD Core-team. http://www.freebsd.org/~phk | phk@login.dknet.dk Private mailbox. whois: [PHK] | phk@tfs.com TRW Financial Systems, Inc. Power and ignorance is a disgusting cocktail. From owner-freebsd-security Sat Feb 15 09:36:11 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id JAA06153 for security-outgoing; Sat, 15 Feb 1997 09:36:11 -0800 (PST) Received: from horst.bfd.com (horst.bfd.com [204.160.242.10]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id JAA06145 for ; Sat, 15 Feb 1997 09:36:03 -0800 (PST) Received: from harlie (bastion.bfd.com [204.160.242.14]) by horst.bfd.com (8.8.5/8.7.3) with SMTP id JAA03733; Sat, 15 Feb 1997 09:33:19 -0800 (PST) Date: Sat, 15 Feb 1997 09:33:18 -0800 (PST) From: "Eric J. Schwertfeger" X-Sender: ejs@harlie To: Warner Losh cc: Stephen Fisher , security@freebsd.org Subject: Re: blowfish passwords in FreeBSD In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Sat, 15 Feb 1997, Warner Losh wrote: > However, reports have come in that brute force has cracked 40 and 48 > bit keys in less than a month. Next stop 56 bit keys :-). 4 hours and 13 days, if I remember correctly, If you're referring to RSA's contest (challenge? They HAD to know that it would be broken). From owner-freebsd-security Sat Feb 15 10:53:59 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id KAA08962 for security-outgoing; Sat, 15 Feb 1997 10:53:59 -0800 (PST) Received: from kithrup.com (kithrup.com [205.179.156.40]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id KAA08955 for ; Sat, 15 Feb 1997 10:53:55 -0800 (PST) Received: (from sef@localhost) by kithrup.com (8.6.8/8.6.6) id KAA17343; Sat, 15 Feb 1997 10:53:51 -0800 Date: Sat, 15 Feb 1997 10:53:51 -0800 From: Sean Eric Fagan Message-Id: <199702151853.KAA17343@kithrup.com> To: phk@critter.dk.tfs.com Subject: Re: blowfish passwords in FreeBSD Newsgroups: kithrup.freebsd.security In-Reply-To: <11871.855990294.kithrup.freebsd.security@critter.dk.tfs.com> References: Your message of "Sat, 15 Feb 1997 13:12:45 +1100." <19970215021245.1798.qmail@suburbia.net> Organization: Kithrup Enterprises, Ltd. Cc: security@freebsd.org Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk In article <11871.855990294.kithrup.freebsd.security@critter.dk.tfs.com> you write: >Theo belives he can export anything just because he is in Canada. It's probably worth mentioning that the new US regulations on what can be exported are frightening (although, admittedly, they were explained to me by John Gilmore, who is more than slightly biased against them ;)). In particular, John makes a point that *any code that protects against malicious attack* is prohibited by the new regulations, whether it uses cryptography or not. In other words, MD5 and buffer overflow patches are now as exportable as RSA -- namely, not without a license from the gov't. (I've also seen people claim that only code that does cryptography is covered. However, it's also quite possible that MD5 is no longer exportable, even when used as a one-way hash, if it is to be used for password "encryption.") Not that I expect this to stop anyone ;). From owner-freebsd-security Sat Feb 15 11:32:50 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id LAA10139 for security-outgoing; Sat, 15 Feb 1997 11:32:50 -0800 (PST) Received: from gvr.win.tue.nl (root@gvr.win.tue.nl [131.155.210.19]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id LAA10133 for ; Sat, 15 Feb 1997 11:32:46 -0800 (PST) Received: (from guido@localhost) by gvr.win.tue.nl (8.8.5/8.8.2) id UAA15006; Sat, 15 Feb 1997 20:31:33 +0100 (MET) From: Guido van Rooij Message-Id: <199702151931.UAA15006@gvr.win.tue.nl> Subject: Re: blowfish passwords in FreeBSD In-Reply-To: <199702151853.KAA17343@kithrup.com> from Sean Eric Fagan at "Feb 15, 97 10:53:51 am" To: sef@Kithrup.COM (Sean Eric Fagan) Date: Sat, 15 Feb 1997 20:31:33 +0100 (MET) Cc: phk@critter.dk.tfs.com, security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL28 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Sean Eric Fagan wrote: > > In other words, MD5 and buffer overflow patches are now as exportable as RSA > -- namely, not without a license from the gov't. > If that is true, it's time to set up the main repository in other country with less brain-damaged governments. -Guido From owner-freebsd-security Sat Feb 15 12:08:51 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id MAA11398 for security-outgoing; Sat, 15 Feb 1997 12:08:51 -0800 (PST) Received: from mail.calweb.com (mail.calweb.com [208.131.56.11]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id MAA11390 for ; Sat, 15 Feb 1997 12:08:46 -0800 (PST) Received: from hell.gigo.com (jfesler@hell.gigo.com [207.173.133.59]) by mail.calweb.com (8.8.5/8.8.5) with SMTP id MAA22882; Sat, 15 Feb 1997 12:07:25 -0800 (PST) Message-Id: <3.0.32.19970215120859.006d5a78@pop.calweb.com> X-Sender: jfesler@pop.calweb.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Sat, 15 Feb 1997 12:09:17 -0800 To: Guido van Rooij , sef@Kithrup.COM (Sean Eric Fagan) From: Jason Fesler Subject: Re: blowfish passwords in FreeBSD Cc: phk@critter.dk.tfs.com, security@FreeBSD.ORG Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk At 08:31 PM 2/15/97 +0100, Guido van Rooij wrote: >Sean Eric Fagan wrote: >> >> In other words, MD5 and buffer overflow patches are now as exportable as RSA >> -- namely, not without a license from the gov't. >> > >If that is true, it's time to set up the main repository in other country >with less brain-damaged governments. As an american who is stuck wiht this gov't, I'd agree. I know if I had any hot ideas that required encryption, I'd move out of the country before developing the product :(. The USA gov't doesn't seem to have a clue on what it governs.. :( From owner-freebsd-security Sat Feb 15 13:09:20 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id NAA13381 for security-outgoing; Sat, 15 Feb 1997 13:09:20 -0800 (PST) Received: from rover.village.org (rover.village.org [204.144.255.49]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id NAA13375 for ; Sat, 15 Feb 1997 13:09:11 -0800 (PST) Received: from rover.village.org [127.0.0.1] by rover.village.org with esmtp (Exim 0.56 #1) id E0vvrM0-0004pv-00; Sat, 15 Feb 1997 14:09:04 -0700 To: Poul-Henning Kamp Subject: Re: blowfish passwords in FreeBSD Cc: security@freebsd.org In-reply-to: Your message of "Sat, 15 Feb 1997 08:04:54 +0100." <11871.855990294@critter.dk.tfs.com> References: <11871.855990294@critter.dk.tfs.com> Date: Sat, 15 Feb 1997 14:09:04 -0700 From: Warner Losh Message-Id: Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk In message <11871.855990294@critter.dk.tfs.com> Poul-Henning Kamp writes: : Theo belives he can export anything just because he is in Canada. He can. That's what Candian law states. He's looked into it. More importantly, others unrelated to the OpenBSD project have looked into it and have recieved the necessary permissions to export their cryptographic code. Canada's law have a loophole for non-commercial products. The code must have some Canadian content (that is, the code must be written by someone in Canada), I believe. http://insight.mcmaster.ca/org/efc/pages/doc/crypto-export.html is where I got my details from. See point number 3 which covers freely distributable software.... Warner P.S. The new US regulations are likely so vague and overreaching as to be declared unconstitutional, imho. The older, less restrictive ones were recently so declared. From owner-freebsd-security Sat Feb 15 14:46:19 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id OAA18034 for security-outgoing; Sat, 15 Feb 1997 14:46:19 -0800 (PST) Received: from bofh.cybercity.dk (bofh.cybercity.dk [195.8.128.254]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id OAA18029 for ; Sat, 15 Feb 1997 14:46:15 -0800 (PST) Received: from critter.dk.tfs.com (phk.cybercity.dk [195.8.133.247]) by bofh.cybercity.dk (8.8.3/8.7.3) with ESMTP id XAA18870 for ; Sat, 15 Feb 1997 23:48:45 +0100 (MET) Received: from critter.dk.tfs.com (localhost [127.0.0.1]) by critter.dk.tfs.com (8.8.2/8.8.2) with ESMTP id XAA14436 for ; Sat, 15 Feb 1997 23:48:08 +0100 (MET) To: security@freebsd.org Subject: changing password... Reply-to: phk@freebsd.org Date: Sat, 15 Feb 1997 23:48:07 +0100 Message-ID: <14434.856046887@critter.dk.tfs.com> From: Poul-Henning Kamp Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Why don't we have an option for /usr/bin/passwd to input a precoded password ? $ passwd -c phk Please enter encrypted password: $1$8cEEj84y$GCYmM39miP8Fc9K8iAHTI/ Please reenter: $1$8cEEj84y$GCYmM39miP8Fc9K8iAHTI/ $ I know that this is a good way to hose yourself, but it would also have some useful features I think. Comments ? -- Poul-Henning Kamp | phk@FreeBSD.ORG FreeBSD Core-team. http://www.freebsd.org/~phk | phk@login.dknet.dk Private mailbox. whois: [PHK] | phk@tfs.com TRW Financial Systems, Inc. Future will arrive by its own means, progress not so. From owner-freebsd-security Sat Feb 15 14:57:54 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id OAA19680 for security-outgoing; Sat, 15 Feb 1997 14:57:54 -0800 (PST) Received: from narcissus.ml.org (root@brosenga.Pitzer.edu [134.173.120.201]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id OAA19658; Sat, 15 Feb 1997 14:57:46 -0800 (PST) Received: (from ben@localhost) by narcissus.ml.org (8.7.5/8.7.3) id OAA11733; Sat, 15 Feb 1997 14:57:45 -0800 (PST) Date: Sat, 15 Feb 1997 14:57:43 -0800 (PST) From: Snob Art Genre To: phk@FreeBSD.ORG cc: security@FreeBSD.ORG Subject: Re: changing password... In-Reply-To: <14434.856046887@critter.dk.tfs.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Sat, 15 Feb 1997, Poul-Henning Kamp wrote: > > Why don't we have an option for /usr/bin/passwd to input a precoded > password ? > > $ passwd -c phk > Please enter encrypted password: $1$8cEEj84y$GCYmM39miP8Fc9K8iAHTI/ > Please reenter: $1$8cEEj84y$GCYmM39miP8Fc9K8iAHTI/ > $ > > I know that this is a good way to hose yourself, but it would also > have some useful features I think. > > Comments ? Well, root can already do it with vipw, and why would anyone else need to? > -- > Poul-Henning Kamp | phk@FreeBSD.ORG FreeBSD Core-team. > http://www.freebsd.org/~phk | phk@login.dknet.dk Private mailbox. > whois: [PHK] | phk@tfs.com TRW Financial Systems, Inc. > Future will arrive by its own means, progress not so. > Ben "You have your mind on computers, it seems." From owner-freebsd-security Sat Feb 15 15:02:59 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id PAA20946 for security-outgoing; Sat, 15 Feb 1997 15:02:59 -0800 (PST) Received: from bofh.cybercity.dk (bofh.cybercity.dk [195.8.128.254]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id PAA20917 for ; Sat, 15 Feb 1997 15:02:54 -0800 (PST) Received: from critter.dk.tfs.com (phk.cybercity.dk [195.8.133.247]) by bofh.cybercity.dk (8.8.3/8.7.3) with ESMTP id AAA20139; Sun, 16 Feb 1997 00:05:24 +0100 (MET) Received: from critter.dk.tfs.com (localhost [127.0.0.1]) by critter.dk.tfs.com (8.8.2/8.8.2) with ESMTP id AAA14514; Sun, 16 Feb 1997 00:04:47 +0100 (MET) To: Snob Art Genre cc: security@FreeBSD.ORG Subject: Re: changing password... In-reply-to: Your message of "Sat, 15 Feb 1997 14:57:43 PST." Date: Sun, 16 Feb 1997 00:04:47 +0100 Message-ID: <14512.856047887@critter.dk.tfs.com> From: Poul-Henning Kamp Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk In message , Snob Art Genre writes: >On Sat, 15 Feb 1997, Poul-Henning Kamp wrote: > >> >> Why don't we have an option for /usr/bin/passwd to input a precoded >> password ? >> >> $ passwd -c phk >> Please enter encrypted password: $1$8cEEj84y$GCYmM39miP8Fc9K8iAHTI/ >> Please reenter: $1$8cEEj84y$GCYmM39miP8Fc9K8iAHTI/ >> $ >> >> I know that this is a good way to hose yourself, but it would also >> have some useful features I think. >> >> Comments ? > >Well, root can already do it with vipw, and why would anyone else need to? Across an unsecure network it beats typing your password in cleartext... -- Poul-Henning Kamp | phk@FreeBSD.ORG FreeBSD Core-team. http://www.freebsd.org/~phk | phk@login.dknet.dk Private mailbox. whois: [PHK] | phk@tfs.com TRW Financial Systems, Inc. Power and ignorance is a disgusting cocktail. From owner-freebsd-security Sat Feb 15 15:05:43 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id PAA21567 for security-outgoing; Sat, 15 Feb 1997 15:05:43 -0800 (PST) Received: from narcissus.ml.org (root@brosenga.Pitzer.edu [134.173.120.201]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id PAA21540 for ; Sat, 15 Feb 1997 15:05:36 -0800 (PST) Received: (from ben@localhost) by narcissus.ml.org (8.7.5/8.7.3) id PAA11778; Sat, 15 Feb 1997 15:05:28 -0800 (PST) Date: Sat, 15 Feb 1997 15:05:28 -0800 (PST) From: Snob Art Genre To: Poul-Henning Kamp cc: security@FreeBSD.ORG Subject: Re: changing password... In-Reply-To: <14512.856047887@critter.dk.tfs.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Sun, 16 Feb 1997, Poul-Henning Kamp wrote: > In message , Snob Art Genre writes: > >On Sat, 15 Feb 1997, Poul-Henning Kamp wrote: > > > >> > >> Why don't we have an option for /usr/bin/passwd to input a precoded > >> password ? > >> > >> $ passwd -c phk > >> Please enter encrypted password: $1$8cEEj84y$GCYmM39miP8Fc9K8iAHTI/ > >> Please reenter: $1$8cEEj84y$GCYmM39miP8Fc9K8iAHTI/ > >> $ > >> > >> I know that this is a good way to hose yourself, but it would also > >> have some useful features I think. > >> > >> Comments ? > > > >Well, root can already do it with vipw, and why would anyone else need to? > > Across an unsecure network it beats typing your password in cleartext... Ah, that's very clever. How do you hash it in a way that the password file would like? Is it just a matter of running the password through md5 and prepending "$1$"? > -- > Poul-Henning Kamp | phk@FreeBSD.ORG FreeBSD Core-team. > http://www.freebsd.org/~phk | phk@login.dknet.dk Private mailbox. > whois: [PHK] | phk@tfs.com TRW Financial Systems, Inc. > Power and ignorance is a disgusting cocktail. > Ben "You have your mind on computers, it seems." From owner-freebsd-security Sat Feb 15 15:07:00 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id PAA21951 for security-outgoing; Sat, 15 Feb 1997 15:07:00 -0800 (PST) Received: from bofh.cybercity.dk (bofh.cybercity.dk [195.8.128.254]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id PAA21900 for ; Sat, 15 Feb 1997 15:06:53 -0800 (PST) Received: from critter.dk.tfs.com (phk.cybercity.dk [195.8.133.247]) by bofh.cybercity.dk (8.8.3/8.7.3) with ESMTP id AAA20419; Sun, 16 Feb 1997 00:09:29 +0100 (MET) Received: from critter.dk.tfs.com (localhost [127.0.0.1]) by critter.dk.tfs.com (8.8.2/8.8.2) with ESMTP id AAA14535; Sun, 16 Feb 1997 00:08:50 +0100 (MET) To: Snob Art Genre cc: security@FreeBSD.ORG Subject: Re: changing password... In-reply-to: Your message of "Sat, 15 Feb 1997 15:05:28 PST." Date: Sun, 16 Feb 1997 00:08:50 +0100 Message-ID: <14533.856048130@critter.dk.tfs.com> From: Poul-Henning Kamp Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk In message , Snob Art Genre writes: >On Sun, 16 Feb 1997, Poul-Henning Kamp wrote: > >> In message , Snob Art Genre writes: >> >On Sat, 15 Feb 1997, Poul-Henning Kamp wrote: >> > >> >> >> >> Why don't we have an option for /usr/bin/passwd to input a precoded >> >> password ? >> >> >> >> $ passwd -c phk >> >> Please enter encrypted password: $1$8cEEj84y$GCYmM39miP8Fc9K8iAHTI/ >> >> Please reenter: $1$8cEEj84y$GCYmM39miP8Fc9K8iAHTI/ >> >> $ >> >> >> >> I know that this is a good way to hose yourself, but it would also >> >> have some useful features I think. >> >> >> >> Comments ? >> > >> >Well, root can already do it with vipw, and why would anyone else need to? >> >> Across an unsecure network it beats typing your password in cleartext... > >Ah, that's very clever. How do you hash it in a way that the password >file would like? Is it just a matter of running the password through md5 >and prepending "$1$"? man 3 crypt -- Poul-Henning Kamp | phk@FreeBSD.ORG FreeBSD Core-team. http://www.freebsd.org/~phk | phk@login.dknet.dk Private mailbox. whois: [PHK] | phk@tfs.com TRW Financial Systems, Inc. Power and ignorance is a disgusting cocktail. From owner-freebsd-security Sat Feb 15 15:32:58 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id PAA24278 for security-outgoing; Sat, 15 Feb 1997 15:32:58 -0800 (PST) Received: from pollux.or.signature.nl (pollux.or.signature.nl [194.229.138.194]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id PAA24270 for ; Sat, 15 Feb 1997 15:32:52 -0800 (PST) Received: from pc01.or.signature.nl (pc01.or.signature.nl [194.229.138.195]) by pollux.or.signature.nl (8.8.3/bs) with SMTP id AAA14535; Sun, 16 Feb 1997 00:32:00 +0100 (MET) Message-Id: <1.5.4.16.19970215233120.09df75f2@pollux.or.signature.nl> X-Sender: bit@pollux.or.signature.nl X-Mailer: Windows Eudora Light Version 1.5.4 (16) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Sat, 15 Feb 1997 23:31:20 +0000 To: Snob Art Genre From: Bart Smit Subject: Re: changing password... Cc: security@FreeBSD.ORG Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk At 02:57 PM 2/15/97 -0800, Snob Art Genre wrote: >On Sat, 15 Feb 1997, Poul-Henning Kamp wrote: >> Why don't we have an option for /usr/bin/passwd to input a precoded >> password ? >Well, root can already do it with vipw, and why would anyone else need to? Example: to change my my password securely when I had to log in from another location. I like the idea. As far as I can see it doesn't hurt to have it. Bart From owner-freebsd-security Sat Feb 15 15:51:09 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id PAA25485 for security-outgoing; Sat, 15 Feb 1997 15:51:09 -0800 (PST) Received: from perki0.connect.com.au (perki0.connect.com.au [192.189.54.85]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id PAA25475; Sat, 15 Feb 1997 15:51:04 -0800 (PST) Received: from nemeton.UUCP (uucp@localhost) by perki0.connect.com.au with UUCP id KAA18215 (8.7.6h/IDA-1.6); Sun, 16 Feb 1997 10:51:01 +1100 (EST) Received: from localhost.nemeton.com.au (localhost.nemeton.com.au [127.0.0.1]) by nemeton.com.au (8.8.5/8.8.5) with SMTP id KAA01118; Sun, 16 Feb 1997 10:47:17 +1100 (EST) Message-Id: <199702152347.KAA01118@nemeton.com.au> To: phk@freebsd.org cc: security@freebsd.org Subject: Re: changing password... In-reply-to: <14434.856046887@critter.dk.tfs.com> Date: Sun, 16 Feb 1997 10:47:16 +1100 From: Giles Lean Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Sat, 15 Feb 1997 23:48:07 +0100 Poul-Henning Kamp wrote: > Why don't we have an option for /usr/bin/passwd to input a precoded > password ? > > $ passwd -c phk > Please enter encrypted password: $1$8cEEj84y$GCYmM39miP8Fc9K8iAHTI/ > Please reenter: $1$8cEEj84y$GCYmM39miP8Fc9K8iAHTI/ > $ Yes please! I'm tired of working out how different Unix flavours lock the password database when writing localised adduser scripts. Giles From owner-freebsd-security Sat Feb 15 16:06:35 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id QAA26691 for security-outgoing; Sat, 15 Feb 1997 16:06:35 -0800 (PST) Received: from mail.calweb.com (mail.calweb.com [208.131.56.11]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id QAA26670; Sat, 15 Feb 1997 16:06:27 -0800 (PST) Received: from hell.gigo.com (jfesler@hell.gigo.com [207.173.133.59]) by mail.calweb.com (8.8.5/8.8.5) with SMTP id QAA20816; Sat, 15 Feb 1997 16:05:35 -0800 (PST) Message-Id: <3.0.1.32.19970215160537.006e1dec@pop.calweb.com> X-Sender: jfesler@pop.calweb.com X-Mailer: Windows Eudora Pro Version 3.0.1 (32) Date: Sat, 15 Feb 1997 16:05:37 -0800 To: phk@freebsd.org, security@freebsd.org From: Jason Fesler Subject: Re: changing password... In-Reply-To: <14434.856046887@critter.dk.tfs.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk At 11:48 PM 2/15/97 +0100, Poul-Henning Kamp wrote: > >Why don't we have an option for /usr/bin/passwd to input a precoded >password ? Hmm, I thought that's what we use chpass for ... :-) It is willing to take a command-line encrypted password for the argument. I'm using it on a www password change routine. From owner-freebsd-security Sat Feb 15 16:27:17 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id QAA27990 for security-outgoing; Sat, 15 Feb 1997 16:27:17 -0800 (PST) Received: from bofh.cybercity.dk (bofh.cybercity.dk [195.8.128.254]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id QAA27980 for ; Sat, 15 Feb 1997 16:27:07 -0800 (PST) Received: from critter.dk.tfs.com (phk.cybercity.dk [195.8.133.247]) by bofh.cybercity.dk (8.8.3/8.7.3) with ESMTP id BAA25786; Sun, 16 Feb 1997 01:29:13 +0100 (MET) Received: from critter.dk.tfs.com (localhost [127.0.0.1]) by critter.dk.tfs.com (8.8.2/8.8.2) with ESMTP id BAA14685; Sun, 16 Feb 1997 01:28:37 +0100 (MET) To: Jason Fesler cc: security@freebsd.org Subject: Re: changing password... In-reply-to: Your message of "Sat, 15 Feb 1997 16:05:37 PST." <3.0.1.32.19970215160537.006e1dec@pop.calweb.com> Date: Sun, 16 Feb 1997 01:28:37 +0100 Message-ID: <14683.856052917@critter.dk.tfs.com> From: Poul-Henning Kamp Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk In message <3.0.1.32.19970215160537.006e1dec@pop.calweb.com>, Jason Fesler writes: >At 11:48 PM 2/15/97 +0100, Poul-Henning Kamp wrote: >> >>Why don't we have an option for /usr/bin/passwd to input a precoded >>password ? > >Hmm, I thought that's what we use chpass for ... :-) >It is willing to take a command-line encrypted password for >the argument. I'm using it on a www password change routine. Yes, but only root can use the -p option on chpass, right ? -- Poul-Henning Kamp | phk@FreeBSD.ORG FreeBSD Core-team. http://www.freebsd.org/~phk | phk@login.dknet.dk Private mailbox. whois: [PHK] | phk@tfs.com TRW Financial Systems, Inc. Power and ignorance is a disgusting cocktail. From owner-freebsd-security Sat Feb 15 16:47:59 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id QAA29510 for security-outgoing; Sat, 15 Feb 1997 16:47:59 -0800 (PST) Received: from mail.calweb.com (mail.calweb.com [208.131.56.11]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id QAA29504 for ; Sat, 15 Feb 1997 16:47:56 -0800 (PST) Received: from hell.gigo.com (jfesler@hell.gigo.com [207.173.133.59]) by mail.calweb.com (8.8.5/8.8.5) with SMTP id QAA29422; Sat, 15 Feb 1997 16:47:08 -0800 (PST) Message-Id: <3.0.1.32.19970215164545.006e35c8@pop.calweb.com> X-Sender: jfesler@pop.calweb.com X-Mailer: Windows Eudora Pro Version 3.0.1 (32) Date: Sat, 15 Feb 1997 16:45:45 -0800 To: Poul-Henning Kamp , Jason Fesler From: Jason Fesler Subject: Re: changing password... Cc: security@freebsd.org In-Reply-To: <14683.856052917@critter.dk.tfs.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk At 01:28 AM 2/16/97 +0100, Poul-Henning Kamp wrote: >>Hmm, I thought that's what we use chpass for ... :-) >>It is willing to take a command-line encrypted password for >>the argument. I'm using it on a www password change routine. > >Yes, but only root can use the -p option on chpass, right ? Hmm, point taken. I didn't look closely enough at the man page; I merely used it for the application I needed. It was actually a blessing for me - previously, I was using a hacked-up version of "passwd". Thank goodness for having source code :-). From owner-freebsd-security Sat Feb 15 17:29:03 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id RAA02640 for security-outgoing; Sat, 15 Feb 1997 17:29:03 -0800 (PST) Received: from agora.rdrop.com (root@agora.rdrop.com [199.2.210.241]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id RAA02635 for ; Sat, 15 Feb 1997 17:29:01 -0800 (PST) Received: by agora.rdrop.com (Smail3.1.29.1 #17) id m0vvvPU-0008zXC; Sat, 15 Feb 97 17:28 PST Message-Id: From: batie@agora.rdrop.com (Alan Batie) Subject: Re: changing password... To: bit@signature.nl (Bart Smit) Date: Sat, 15 Feb 1997 17:28:56 -0800 (PST) Cc: ben@narcissus.ml.org, security@freebsd.org In-Reply-To: <1.5.4.16.19970215233120.09df75f2@pollux.or.signature.nl> from "Bart Smit" at Feb 15, 97 11:31:20 pm X-Mailer: ELM [version 2.4 PL24 ME8a] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > Example: to change my my password securely when I had to log in from another > location. How did you get logged in in the first place? Either you're using something like ssh and it's all secure, or you're logging in in the clear, and you open it up regardless. If users can do it, I'll spend my time fixing their passwords after they break them... -- Alan Batie ______ It's not my fault! It's some guy batie@agora.rdrop.com \ / named "General Protection"! +1 503 452-0960 \ / --Ratbert PGP FP: DE 3C 29 17 C0 49 \/ 7A 27 40 A5 3C 37 4A DA 52 B9 It is my policy to avoid purchase of any products from companies which use unrequested email advertisements or telephone solicitation. From owner-freebsd-security Sat Feb 15 17:56:43 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id RAA05196 for security-outgoing; Sat, 15 Feb 1997 17:56:43 -0800 (PST) Received: from genesis.atrad.adelaide.edu.au (genesis.atrad.adelaide.edu.au [129.127.96.120]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id RAA05190 for ; Sat, 15 Feb 1997 17:56:38 -0800 (PST) Received: (from msmith@localhost) by genesis.atrad.adelaide.edu.au (8.8.2/8.7.3) id MAA03343; Sun, 16 Feb 1997 12:26:05 +1030 (CST) From: Michael Smith Message-Id: <199702160156.MAA03343@genesis.atrad.adelaide.edu.au> Subject: Re: blowfish passwords in FreeBSD In-Reply-To: <19970215024833.30067@usn.blaze.net.au> from David Nugent at "Feb 15, 97 02:48:33 am" To: davidn@labs.usn.blaze.net.au (David Nugent) Date: Sun, 16 Feb 1997 12:26:04 +1030 (CST) Cc: imp@village.org, security@freebsd.org X-Mailer: ELM [version 2.4ME+ PL28 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk David Nugent stands accused of saying: > > I looked at PAM in some depth recently and while it looks > interesting enough, I think it is an overkill. We can already The biggest gripes I have with PAM are that it's not adequately documented anywhere, and that none of the modules I've seen were written with portability in mind, so whilst it's a neat model, it's not offering any sort of cross-platform portability for authentication modules. > do most of what PAM can do via login.conf - actually, in a > nicer way imho, although it isn't as easy or simple to switch > modules at runtime as you can with PAM. IMHO, PAM's biggest strength is that it completely removes authentication from the application's domain; you have an API which is driven in the same fashion regardless of the authentication method(s) required. > I'm just a little > nervous about having an authentication system use something > that isn't simple *in principle*, and PAM is anything but that. In principle, I'd say that PAM _is_ simple. I've only studied the "Linux-PAM" implementation, and _it_ is anything but simple, agreed. However I feel that an API-compatible implementation for the BSD environment could be done in a realtively tidy fashion. (And I may have to put my code where my mouth is 8) > David Nugent - Unique Computing Pty Ltd - Melbourne, Australia -- ]] Mike Smith, Software Engineer msmith@gsoft.com.au [[ ]] Genesis Software genesis@gsoft.com.au [[ ]] High-speed data acquisition and (GSM mobile) 0411-222-496 [[ ]] realtime instrument control. (ph) +61-8-8267-3493 [[ ]] Unix hardware collector. "Where are your PEZ?" The Tick [[ From owner-freebsd-security Sat Feb 15 18:08:03 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id SAA05946 for security-outgoing; Sat, 15 Feb 1997 18:08:03 -0800 (PST) Received: from bofh.cybercity.dk (bofh.cybercity.dk [195.8.128.254]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id SAA05923 for ; Sat, 15 Feb 1997 18:07:56 -0800 (PST) Received: from critter.dk.tfs.com (phk.cybercity.dk [195.8.133.247]) by bofh.cybercity.dk (8.8.3/8.7.3) with ESMTP id DAA02878; Sun, 16 Feb 1997 03:10:25 +0100 (MET) Received: from critter.dk.tfs.com (localhost [127.0.0.1]) by critter.dk.tfs.com (8.8.2/8.8.2) with ESMTP id DAA15019; Sun, 16 Feb 1997 03:09:48 +0100 (MET) To: batie@agora.rdrop.com (Alan Batie) cc: bit@signature.nl (Bart Smit), ben@narcissus.ml.org, security@freebsd.org Subject: Re: changing password... In-reply-to: Your message of "Sat, 15 Feb 1997 17:28:56 PST." Date: Sun, 16 Feb 1997 03:09:48 +0100 Message-ID: <15017.856058988@critter.dk.tfs.com> From: Poul-Henning Kamp Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk In message , Alan Batie writes: >> Example: to change my my password securely when I had to log in from another >> location. > >How did you get logged in in the first place? Either you're using something >like ssh and it's all secure, or you're logging in in the clear, and you >open it up regardless. ... but wanting to close it right now... -- Poul-Henning Kamp | phk@FreeBSD.ORG FreeBSD Core-team. http://www.freebsd.org/~phk | phk@login.dknet.dk Private mailbox. whois: [PHK] | phk@tfs.com TRW Financial Systems, Inc. Power and ignorance is a disgusting cocktail. From owner-freebsd-security Sat Feb 15 19:02:38 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id TAA07889 for security-outgoing; Sat, 15 Feb 1997 19:02:38 -0800 (PST) Received: from sendero.i-connect.net ([206.190.144.100]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id TAA07868 for ; Sat, 15 Feb 1997 19:02:26 -0800 (PST) Received: (from shimon@localhost) by sendero.i-connect.net (8.8.5/8.8.4) id UAA22638; Sat, 15 Feb 1997 20:01:11 -0800 (PST) Message-ID: X-Mailer: XFMail 1.1-alpha [p0] on FreeBSD Content-Type: text/plain; charset=iso-8859-8 Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <1.5.4.16.19970215233120.09df75f2@pollux.or.signature.nl> Date: Sat, 15 Feb 1997 19:48:11 -0800 (PST) Organization: iConnect Corp. From: Simon Shapiro To: Bart Smit Subject: Re: changing password... Cc: security@FreeBSD.ORG, Snob Art Genre Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Hi Bart Smit; On 15-Feb-97 you wrote: > At 02:57 PM 2/15/97 -0800, Snob Art Genre wrote: > >On Sat, 15 Feb 1997, Poul-Henning Kamp wrote: > >> Why don't we have an option for /usr/bin/passwd to input a precoded > >> password ? > >Well, root can already do it with vipw, and why would anyone else need to? > > Example: to change my my password securely when I had to log in from > another location. SSH From owner-freebsd-security Sat Feb 15 19:04:10 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id TAA08049 for security-outgoing; Sat, 15 Feb 1997 19:04:10 -0800 (PST) Received: from eel.dataplex.net (eel.dataplex.net [208.2.87.2]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id TAA08040 for ; Sat, 15 Feb 1997 19:04:04 -0800 (PST) Received: from [208.2.87.3] (shrimp [208.2.87.3]) by eel.dataplex.net (8.7.5/8.6.9) with ESMTP id VAA09645; Sat, 15 Feb 1997 21:03:52 -0600 (CST) X-Sender: rkw@mail.dataplex.net Message-Id: In-Reply-To: <15017.856058988@critter.dk.tfs.com> References: Your message of "Sat, 15 Feb 1997 17:28:56 PST." Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Sat, 15 Feb 1997 21:03:53 -0600 To: Poul-Henning Kamp From: Richard Wackerbarth Subject: Re: changing password... Cc: security@freebsd.org Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk >In message , Alan Batie writes: >>> Example: to change my my password securely when I had to log in from >>>another >>> location. >> >>How did you get logged in in the first place? Either you're using something >>like ssh and it's all secure, or you're logging in in the clear, and you >>open it up regardless. > >... but wanting to close it right now... This proposal would allow it. login: my_name passwd: Clear_text_1 passwd -c $n$Hash_of_Clear_text_2$ [real work here] logoff [next time] login: my_name passwd: Clear_text_2 passwd -c $n$Hash_of_Clear_text_3$ [real work here] etc. From owner-freebsd-security Sat Feb 15 20:29:27 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id UAA11951 for security-outgoing; Sat, 15 Feb 1997 20:29:27 -0800 (PST) Received: from narcissus.ml.org (root@brosenga.Pitzer.edu [134.173.120.201]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id UAA11942 for ; Sat, 15 Feb 1997 20:29:24 -0800 (PST) Received: (from ben@localhost) by narcissus.ml.org (8.7.5/8.7.3) id UAA13482; Sat, 15 Feb 1997 20:29:19 -0800 (PST) Date: Sat, 15 Feb 1997 20:29:19 -0800 (PST) From: Snob Art Genre To: Richard Wackerbarth cc: Poul-Henning Kamp , security@FreeBSD.ORG Subject: Re: changing password... In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Sat, 15 Feb 1997, Richard Wackerbarth wrote: > >In message , Alan Batie writes: > >>> Example: to change my my password securely when I had to log in from > >>>another > >>> location. > >> > >>How did you get logged in in the first place? Either you're using something > >>like ssh and it's all secure, or you're logging in in the clear, and you > >>open it up regardless. > > > >... but wanting to close it right now... > > This proposal would allow it. If you want one-time passwords, this seems sort of clunky. Why not use S-Key or the like? > login: my_name > passwd: Clear_text_1 > > passwd -c $n$Hash_of_Clear_text_2$ > > [real work here] > logoff > > [next time] > > login: my_name > passwd: Clear_text_2 > > passwd -c $n$Hash_of_Clear_text_3$ > > [real work here] > > etc. > > > Ben "You have your mind on computers, it seems."