From owner-freebsd-security Mon Jul 14 02:47:32 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id CAA11068 for security-outgoing; Mon, 14 Jul 1997 02:47:32 -0700 (PDT) Received: from tao.sinanet.com.tw ([139.175.55.224]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id CAA11062 for ; Mon, 14 Jul 1997 02:47:29 -0700 (PDT) Received: (from ywliu1@localhost) by tao.sinanet.com.tw (8.8.5/8.8.5) id RAA16175 for security@freebsd.org; Mon, 14 Jul 1997 17:49:22 +0800 (CST) From: Hoffmann Yen-Wei Liu Message-Id: <199707140949.RAA16175@tao.sinanet.com.tw> Subject: About www.internic.net To: security@freebsd.org Date: Mon, 14 Jul 1997 17:49:22 +0800 (CST) X-Mailer: ELM [version 2.4ME+ PL31 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Hi, I know this has nothing to do with FreeBSD. But I think it's important to you : have you ever checked up www.internic.net ? The DNS servers have been spoofed and changed to alternic.net. I don't know since when this happened. Yen-Wei Liu From owner-freebsd-security Mon Jul 14 03:38:46 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id DAA12866 for security-outgoing; Mon, 14 Jul 1997 03:38:46 -0700 (PDT) Received: from dfw.dfw.net (aleph1@dfw.dfw.net [198.175.15.10]) by hub.freebsd.org (8.8.5/8.8.5) with SMTP id DAA12859 for ; Mon, 14 Jul 1997 03:38:42 -0700 (PDT) Received: from localhost by dfw.dfw.net (4.1/SMI-4.1) id AA00419; Mon, 14 Jul 97 05:39:47 CDT Date: Mon, 14 Jul 1997 05:39:46 -0500 (CDT) From: Aleph One To: Hoffmann Yen-Wei Liu Cc: security@FreeBSD.ORG Subject: Re: About www.internic.net In-Reply-To: <199707140949.RAA16175@tao.sinanet.com.tw> Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Alternic is poisoning DNS caches. Upgrade to bind 8.1.1 or 4.9.6. On Mon, 14 Jul 1997, Hoffmann Yen-Wei Liu wrote: > Hi, > > I know this has nothing to do with FreeBSD. But I think it's important > to you : have you ever checked up www.internic.net ? The DNS servers > have been spoofed and changed to alternic.net. I don't know since > when this happened. > > > Yen-Wei Liu > Aleph One / aleph1@dfw.net http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01 From owner-freebsd-security Mon Jul 14 04:13:23 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id EAA14297 for security-outgoing; Mon, 14 Jul 1997 04:13:23 -0700 (PDT) Received: from kspu.kaluga.ru (kspu.kaluga.ru [195.90.136.193]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id EAA14275 for ; Mon, 14 Jul 1997 04:13:13 -0700 (PDT) Received: by kspu.kaluga.ru id OAA14011; (8.8.5/vak/1.9) Mon, 14 Jul 1997 14:44:11 +0400 (MSD) Date: Mon, 14 Jul 97 10:44:11 +0000 From: king@kspu.kaluga.ru (Oleg V. King) To: security@FreeBSD.ORG Message-ID: References: <199707140949.RAA16175@tao.sinanet.com.tw> Subject: Re: About www.internic.net X-Mailer: BML [UNIX Beauty Mail v.1.39] Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Hi! > I know this has nothing to do with FreeBSD. But I think it's important > to you : have you ever checked up www.internic.net ? The DNS servers > have been spoofed and changed to alternic.net. I don't know since > when this happened. Only one: upgrade all DNSes to BIND. I had talk with Bill Clinton from bill@whitehouse.gov on irc yesterday. _This_ Bill Clinton was from Nizhny Novgorod, Russia. May be, next is armstrong@moon? :-) > Yen-Wei Liu Oleg King. p.s. My DNS (BIND) is not vulnerable. Same to you and all people. From owner-freebsd-security Mon Jul 14 04:49:09 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id EAA15693 for security-outgoing; Mon, 14 Jul 1997 04:49:09 -0700 (PDT) Received: from verdi.nethelp.no (verdi.nethelp.no [195.1.171.130]) by hub.freebsd.org (8.8.5/8.8.5) with SMTP id EAA15684 for ; Mon, 14 Jul 1997 04:48:52 -0700 (PDT) From: sthaug@nethelp.no Received: (qmail 1026 invoked by uid 1001); 14 Jul 1997 11:48:43 +0000 (GMT) To: aleph1@dfw.net Cc: ywliu1@tao.sinanet.com.tw, security@FreeBSD.ORG Subject: Re: About www.internic.net In-Reply-To: Your message of "Mon, 14 Jul 1997 05:39:46 -0500 (CDT)" References: X-Mailer: Mew version 1.05+ on Emacs 19.28.2 Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Date: Mon, 14 Jul 1997 13:48:43 +0200 Message-ID: <1024.868880923@verdi.nethelp.no> Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > Alternic is poisoning DNS caches. Upgrade to bind 8.1.1 or 4.9.6. > > > I know this has nothing to do with FreeBSD. But I think it's important > > to you : have you ever checked up www.internic.net ? The DNS servers > > have been spoofed and changed to alternic.net. I don't know since > > when this happened. What specific problem are you seeing? We're running 8.1.1 and 4.9.6 here. I checked www.internic.net (alias www.ds.internic.net), and it seems quite normal to me. Steinar Haug, Nethelp consulting, sthaug@nethelp.no From owner-freebsd-security Mon Jul 14 09:33:25 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id JAA00572 for security-outgoing; Mon, 14 Jul 1997 09:33:25 -0700 (PDT) Received: from super-g.inch.com (super-g.inch.com [207.240.140.161]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id JAA00558 for ; Mon, 14 Jul 1997 09:33:19 -0700 (PDT) Received: from localhost (spork@localhost) by super-g.inch.com (8.8.5/8.8.5) with SMTP id MAA13865; Mon, 14 Jul 1997 12:51:44 GMT Date: Mon, 14 Jul 1997 12:51:43 +0000 (GMT) From: spork X-Sender: spork@super-g.inch.com To: Aleph One cc: Hoffmann Yen-Wei Liu , security@FreeBSD.ORG Subject: Re: About www.internic.net In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Any word on when this might be brought into the -stable tree? Charles On Mon, 14 Jul 1997, Aleph One wrote: > Alternic is poisoning DNS caches. Upgrade to bind 8.1.1 or 4.9.6. > > On Mon, 14 Jul 1997, Hoffmann Yen-Wei Liu wrote: > > > Hi, > > > > I know this has nothing to do with FreeBSD. But I think it's important > > to you : have you ever checked up www.internic.net ? The DNS servers > > have been spoofed and changed to alternic.net. I don't know since > > when this happened. > > > > > > Yen-Wei Liu > > > > Aleph One / aleph1@dfw.net > http://underground.org/ > KeyID 1024/948FD6B5 > Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01 > From owner-freebsd-security Tue Jul 15 09:47:43 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id JAA09574 for security-outgoing; Tue, 15 Jul 1997 09:47:43 -0700 (PDT) Received: from passer.osg.gov.bc.ca (passer.osg.gov.bc.ca [142.32.110.29]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id JAA09568 for ; Tue, 15 Jul 1997 09:47:39 -0700 (PDT) Received: from localhost (cschuber@localhost) by passer.osg.gov.bc.ca (8.8.5/8.6.10) with SMTP id JAA08215 for ; Tue, 15 Jul 1997 09:47:24 -0700 (PDT) Message-Id: <199707151647.JAA08215@passer.osg.gov.bc.ca> X-Authentication-Warning: passer.osg.gov.bc.ca: cschuber@localhost didn't use HELO protocol Reply-to: cschuber@uumail.gov.bc.ca X-Mailer: MH X-Sender: cschuber To: freebsd-security@freebsd.org Subject: CERT Vendor-Initiated Bulletin VB-97.05 - Vul in Lynx Temporary Files Date: Tue, 15 Jul 1997 09:47:23 -0700 From: Cy Schubert - ITSD Open Systems Group Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk This is for those of you who have installed the Lynx port. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 UNIX Support OV/VM: BCSC02(CSCHUBER) ITSD BITNET: CSCHUBER@BCSC02.BITNET Government of BC Internet: cschuber@uumail.gov.bc.ca cschuber@bcsc02.gov.bc.ca "Quit spooling around, JES do it." ------- Forwarded Message Return-Path: cert_mailer@cert.org Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.8.5/8.6.10) id IAA07727 for ; Tue, 15 Jul 1997 08:10:52 -0700 (PDT) Received: from orca.gov.bc.ca(142.32.102.25) via SMTP by passer.osg.gov.bc.ca, id smtpdAAAaahrka; Tue Jul 15 08:10:47 1997 Received: from coal.cert.org by orca.gov.bc.ca (5.4R3.10/200.1.1.4) id AA06824; Tue, 15 Jul 1997 08:10:45 -0700 Received: (from cert-advisory@localhost) by coal.cert.org (8.6.12/CERT) id KAA20123 for cert-advisory-queue-5; Tue, 15 Jul 1997 10:50:45 -0400 Date: Tue, 15 Jul 1997 10:50:45 -0400 Message-Id: <199707151450.KAA20123@coal.cert.org> From: CERT Bulletin To: cert-advisory@cert.org Subject: CERT Vendor-Initiated Bulletin VB-97.05 - Vul in Lynx Temporary Files Reply-To: cert-advisory-request@cert.org Organization: CERT(sm) Coordination Center - +1 412-268-7090 - -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= CERT* Vendor-Initiated Bulletin VB-97.05 July 15, 1997 Topic: Vulnerability in Lynx Temporary Files Source: Jim Spath To aid in the wide distribution of essential security information, the CERT Coordination Center is forwarding the following information from Jim Spath, who coordinated this bulletin with several members of the lynx-dev mailing list. They urge you to act on this information as soon as possible. information is included in the forwarded text below; please contact them if you have any questions or need further information. Questions about the bulletin only can be sent to Jim Spath ; questions about Lynx can be sent to . =======================FORWARDED TEXT STARTS HERE============================ I. Description Lynx typically stores persistent temporary files in /tmp on Un*x systems. The filenames Lynx chooses can be predicted, and another user on the system may be able to exploit a race condition to replace the temporary file with a symbolic link or with another file. Installed versions of Lynx where a directory writeable by other users (such as /tmp on a machine to which multiple users have access) is used to store files during download are vulnerable. This vulnerability can only be exploited by a user with access to an account on the machine running Lynx. II. Impact A malicious user with access to the same machine as other Lynx users may be able to cause another user's Lynx process to overwrite another file. It may also be possible to replace the contents of a downloaded file with a file other than the one the user downloaded, or to cause the user to print a file other than the one selected for printing. III. Workarounds A workaround for Lynx 2.7.1 is described in the "solutions" section below. IV. Solutions There are several ways to solve this problem. A. The best solution to the problem is to apply the FOTEMODS patch set and to ensure that /tmp/ on your system is a "sticky directory." If you cannot apply this patch set, if your system does not support sticky directories, or if you cannot make /tmp/ a sticky directory, you must use one of the other solutions below. B. The other solution to this problem is to change the setting of TEMP_SPACE from the default ("/tmp/") to non-world-writeable directories. To do this with unpatched Lynx version 2.7.1: 1. Lynx can be rebuilt with the "#define TEMP_SPACE" in lynx2-7-1/userdefs.h changed from "/tmp" to point to a directory only writeable by the user executing Lynx. 2. The LYNX_TEMP_SPACE environment variable may be set before shell startup files (.profile, .cshrc, or equivalent) or into the system profile (/etc/profile or equivalent). As an aid to allowing Lynx to find user-specific temp. directories, Lynx 2.7.1 will replace "~" in the temp. space allocation with the path to the user's home directory. Individual users may also set the LYNX_TEMP_SPACE environment variable to point to another place known to be unwriteable by other users (for instance a subdirectory of the users' home directory, or a mode 0700 directory of a "sticky" /tmp). To do this with Lynx 2.7.1 with the FOTEMODS patch set applied: You may use any of the methods listed for "vanilla" Lynx 2.7.1. You may also use "$USER" in TEMP_SPACE (or $LYNX_TEMP_SPACE) to specify user-specific temp. directories such as /tmp/$USER/. The FOTEMODS patch set includes the changes described above as well as other fixes and feature enhancements. It can be found at: http://www.slcc.edu/lynx/fote/patches/ The FOTEMODS patches avoid any pre-existing filenames for new temporary files, thus skipping any symbolic link which may have been created with an upcoming temporary filename. These patches also allow the administrator or user to define TEMP_SPACE (or the LYNX_TEMP_SPACE environment variable) as "/tmp/$USER" (for example) for pre-existing directories that correspond to accounts' usernames and have protections/ACLs set for access only by the appropriate users. This patch set also does chmod(600) for temporary files which Lynx creates, but the account should be set up with an equivalent umask before invoking Lynx. C. One other solution (a source code patch) for this problem, by Klaus Weide, can be found at: http://www.slcc.edu/lynx/klaus/temp/ However, this patch should be considered "alpha" quality code, and its author is not supporting it at this time. The next release of Lynx will eliminate this vulnerability. Interested parties should subscribe to and read the LYNX-DEV mailing list (send mail to majordomo@sig.net with "subscribe lynx-dev" as the body) for information about this release. V. Contact information If you believe you have found a security problem with the current version of Lynx, we urge you to forward it to the LYNX-DEV mailing list at . The LYNX-DEV mailing list (with further information about this vulnerability) is archived at: http://www.flora.org/lynx-dev/ Lynx security information is available at: http://www.crl.com/~subir/lynx/security.html General information about Lynx is available at: http://lynx.browser.org/ On-line help and documentation about Lynx is available using the (h)elp command. More help is available in the source distribution. Should your questions not be answered by these means, further questions may be directed to . Please don't contact Lynx developers personally about Lynx-related issues; please use either the mailing list or the "help" addresses given above. ========================FORWARDED TEXT ENDS HERE============================= If you believe that your system has been compromised, contact the CERT Coordination Center or your representative in the Forum of Incident Response and Security Teams (FIRST). See http://www.first.org/team-info/. We strongly urge you to encrypt any sensitive information you send by email. The CERT Coordination Center can support a shared DES key and PGP. Contact the CERT staff for more information. Location of CERT PGP key ftp://info.cert.org/pub/CERT_PGP.key CERT Contact Information - - ------------------------ Email cert@cert.org Phone +1 412-268-7090 (24-hour hotline) CERT personnel answer 8:30-5:00 p.m. EST (GMT-5)/EDT(GMT-4), and are on call for emergencies during other hours. Fax +1 412-268-6989 Postal address CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh PA 15213-3890 USA CERT publications, information about FIRST representatives, and other security-related information are available from http://www.cert.org/ ftp://info.cert.org/pub/ CERT advisories and bulletins are also posted on the USENET newsgroup comp.security.announce To be added to our mailing list for CERT advisories and bulletins, send your email address to cert-advisory-request@cert.org In the subject line, type SUBSCRIBE your-email-address * Registered U.S. Patent and Trademark Office. The CERT Coordination Center is part of the Software Engineering Institute (SEI). The SEI is sponsored by the U. S. Department of Defense. This file: ftp://info.cert.org/pub/cert_bulletins/VB-97.05.lynx - -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBM8qS6nVP+x0t4w7BAQFOYQP/TMhu9GTxPTLGalOBpV3JLmzaQ1IgTPsr T9SbI4Oa+x+ALF1Y4Hr4gHmkI0OnWZiK2uPOXyGwpnswnSA4JutXQ8wbj5EyrTDr pnfCdzrxhalhc52BGOpfZFVjZp4lfoXc+jy8Y+cWG69UoHley9U1cnLLvcHL2dqs nBO3FUe/1k4= =ikIU - -----END PGP SIGNATURE----- ------- End of Forwarded Message From owner-freebsd-security Fri Jul 18 08:40:46 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id IAA28628 for security-outgoing; Fri, 18 Jul 1997 08:40:46 -0700 (PDT) Received: from itsdsv1.enc.edu (itsdsv1.enc.edu [207.95.42.241]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id IAA28623 for ; Fri, 18 Jul 1997 08:40:43 -0700 (PDT) Received: from localhost (owensc@localhost) by itsdsv1.enc.edu (8.7.5/8.7.3) with SMTP id LAA27887 for ; Fri, 18 Jul 1997 11:35:49 -0400 (EDT) Date: Fri, 18 Jul 1997 09:20:46 -0400 (EDT) From: Charles Owens To: questions list FreeBSD Subject: how to make -K the default for su and 'r' tools? Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII ReSent-Date: Fri, 18 Jul 1997 11:35:24 -0400 (EDT) ReSent-From: Charles Owens ReSent-To: freebsd-security@freebsd.org ReSent-Message-ID: Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Folks, In 2.1.7 on (maybe 2.1.6 also?) the 'r' (rlogin, rsh, etc.) commands seem to always want to attempt some sort of Kerberos interaction even though I've not set Kerberos up. Su and rlogin produce annoying warning messages. Rsh hangs. For all of these commands, the '-K' flag will disable all Kerberos authentification attempts, but how may I make this the default? Some programs I rely on make calls to rsh, and, since the program doesn't know to include the -K flag, this problem cause the whole shebang to hang. Yes, I could hack code and recompile, but this seems a bit messy. A system-wide no-Kerberos-at-all setting somewhere would be much preferred. FYI, I'm using 2.2-970618-RELENG, trying rsh to other 2.2-970618-RELENG boxes and a 2.1.5-something box as well. Thanks, --- ------------------------------------------------------------------------- Charles Owens Email: owensc@enc.edu "I read somewhere to learn is to Information Technology Services remember... and I've learned that Eastern Nazarene College we've all forgot..." - King's X ------------------------------------------------------------------------- From owner-freebsd-security Fri Jul 18 16:25:46 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id QAA23402 for security-outgoing; Fri, 18 Jul 1997 16:25:46 -0700 (PDT) Received: from burgundy.eecs.harvard.edu (dholland@burgundy.eecs.harvard.edu [140.247.60.165]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id QAA23397 for ; Fri, 18 Jul 1997 16:25:44 -0700 (PDT) Received: (from dholland@localhost) by burgundy.eecs.harvard.edu (8.8.5/8.8.5) id TAA05583; Fri, 18 Jul 1997 19:23:50 -0400 (EDT) From: David Holland Message-Id: <199707182323.TAA05583@burgundy.eecs.harvard.edu> Subject: Re: Security Model/Target for FreeBSD or 4.4? To: tqbf@enteract.com Date: Fri, 18 Jul 1997 19:23:50 -0400 (EDT) Cc: grr@shandakor.tharsis.com, adam@homeport.org, robert@cyrus.watson.org, freebsd-security@FreeBSD.ORG, tech@openbsd.org In-Reply-To: <199707160242.VAA01426@enteract.com> from "Thomas H. Ptacek" at Jul 15, 97 09:42:23 pm X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > > I don't want to sound like a grinch, but this seems like a poor direction > > to be headed in. The kernel is blessedly free of "special values" for > > UID's and GID's. Like one really special UID=0 (*) and done with it. > > The problem is that the "one really special value" breaks least-privilege > in a severe way, causing programs like "rlogin" and "ping" to mysteriously > require complete access to the system, even though their functionality is > minimal. This is true. However, attempts at least privilege need to be thought out very carefully - it's very easy to end up with huge additional complexity with no increment in security. For instance, the privilege to let ping bind a raw socket can, in the presence of NFS, easily be converted to access to just about any account on the system including possibly root. In the presence of NIS it becomes immediately equivalent to full root access... you get the idea. So if you make ping setgid to some_group_with_raw_socket_privs, you add a lot of complexity, and a lot of obscurity to make the sysadmin's life harder, and you might gain nothing back in security. I'm not saying that it's not worth trying, just that one shouldn't plow ahead without thinking. -- - David A. Holland | VINO project home page: dholland@eecs.harvard.edu | http://www.eecs.harvard.edu/vino From owner-freebsd-security Fri Jul 18 22:55:26 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id WAA08873 for security-outgoing; Fri, 18 Jul 1997 22:55:26 -0700 (PDT) Received: from enteract.com (enteract.com [206.54.252.1]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id WAA08867 for ; Fri, 18 Jul 1997 22:55:23 -0700 (PDT) Received: (from tqbf@localhost) by enteract.com (8.8.5/8.7.6) id AAA00747; Sat, 19 Jul 1997 00:55:09 -0500 (CDT) From: "Thomas H. Ptacek" Message-Id: <199707190555.AAA00747@enteract.com> Subject: Re: Security Model/Target for FreeBSD or 4.4? To: dholland@eecs.harvard.edu (David Holland) Date: Sat, 19 Jul 1997 00:55:09 -0500 (CDT) Cc: tqbf@enteract.com, grr@shandakor.tharsis.com, adam@homeport.org, robert@cyrus.watson.org, freebsd-security@freebsd.org, tech@openbsd.org Reply-To: tqbf@enteract.com In-Reply-To: <199707182323.TAA05583@burgundy.eecs.harvard.edu> from "David Holland" at Jul 18, 97 07:23:50 pm X-Mailer: ELM [version 2.4 PL24 ME8a] Content-Type: text Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > out very carefully - it's very easy to end up with huge additional > complexity with no increment in security. You're right. In many environments, there may not be a significant gain in security; however, in some environments, there may be something to be gained, and, in this case, the added complexity is minimal. I look forward to Mr. de Raadt sharing his concept for arbitrary restrictions on privileged port access without kernel modifications. ---------------- Thomas Ptacek at EnterAct, L.L.C., Chicago, IL [tqbf@enteract.com] ---------------- "If you're so special, why aren't you dead?"