From owner-freebsd-security Sun Dec 21 00:55:03 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id AAA18468 for security-outgoing; Sun, 21 Dec 1997 00:55:03 -0800 (PST) (envelope-from owner-freebsd-security) Received: from plum.cyber.com.au (plum.cyber.com.au [203.7.155.24]) by hub.freebsd.org (8.8.7/8.8.7) with SMTP id AAA18460 for ; Sun, 21 Dec 1997 00:54:58 -0800 (PST) (envelope-from darrenr@cyber.com.au) Received: (from darrenr@localhost) by plum.cyber.com.au (8.6.12/8.6.6) id TAA09356; Sun, 21 Dec 1997 19:54:14 +1100 From: Darren Reed Message-Id: <199712210854.TAA09356@plum.cyber.com.au> Subject: Re: Kernel options for FW? To: cschuber@uumail.gov.bc.ca Date: Sun, 21 Dec 1997 19:54:13 +1100 (EST) Cc: adam@homeport.org, firewall-wizards@nfr.net, freebsd-security@freebsd.org In-Reply-To: <199712191538.HAA00996@cwsys.cwsent.com> from "Cy Schubert - ITSD Open Systems Group" at Dec 19, 97 07:37:59 am X-Mailer: ELM [version 2.4 PL23] Content-Type: text Sender: owner-freebsd-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk In some mail I received from Cy Schubert - ITSD Open Systems Group, sie wrote > > > options IPFORWSRCRT=0 //Turn off source routing. > > Under FreeBSD you would use, > > ipfw deny ... ipoptions ssrr > ipfw deny ... ipoptions lsrr > ipfw deny ... ipoptions rr Or if using IP Filter on FreeBSD: block in all with ipopt lsrr block in all with ipopt ssrr (You shouldn't need to block the Record-Route option (rr) as it doesn't actually effect routing, just records it). > > options IPNOPRIVPORTS //Remove concept of priv'd ports so BIND doesn't > > //need to run as root. > > There is no equivalent in FreeBSD-stable. I'm not sure whether -current has > it. I've posted a bunch of patches for BIND 8.1.1 which allow config options to change the user it runs as and to have it run chroot'd, so this should not be as much of a worry. > > options IPFILTER_DEFAULT_BLOCK //Put my FW policy in the kernel. > > The FreeBSD default is BLOCK and is defined as rule 65535. If you wish to > make the default PASS, then you'd define rule 65534 with the pass option. Since I'm at `fault' or `to blame' here, I'll add a comment or two. In my experience, defaulting to block in a system which isn't sold as a firewall caused more problems than it was worth ;) And so, IP Filter for FreeBSD requires the same. From owner-freebsd-security Sun Dec 21 03:02:13 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id DAA23493 for security-outgoing; Sun, 21 Dec 1997 03:02:13 -0800 (PST) (envelope-from owner-freebsd-security) Received: from plum.cyber.com.au (plum.cyber.com.au [203.7.155.24]) by hub.freebsd.org (8.8.7/8.8.7) with SMTP id DAA23486 for ; Sun, 21 Dec 1997 03:01:54 -0800 (PST) (envelope-from darrenr@cyber.com.au) Received: (from darrenr@localhost) by plum.cyber.com.au (8.6.12/8.6.6) id WAA11110; Sun, 21 Dec 1997 22:01:36 +1100 From: Darren Reed Message-Id: <199712211101.WAA11110@plum.cyber.com.au> Subject: Re: Kernel options for FW? To: adam@homeport.org Date: Sun, 21 Dec 1997 22:01:36 +1100 (EST) Cc: firewall-wizards@nfr.net, freebsd-security@FreeBSD.ORG In-Reply-To: <199712181615.LAA14478@homeport.org> from "Adam Shostack" at Dec 18, 97 11:15:02 am X-Mailer: ELM [version 2.4 PL23] Content-Type: text Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk In some mail I received from Adam Shostack, sie wrote > > (This is not meant to spark a religious war. I'm asking for help > configuring a kernel, and comparing kernel security features between > FreeBSD and NetBSD to make a reasonable decision.) > > On Netbsd, I'd enable the following options. I can't find equivilents > to these on FreeBSD. Do they exist, and what are they? Also, I know > Freebsd sets kernel security wrong (-1) by default, and that needs to > be fixed. Are there other things that I should know about on Freebsd > to do everything right? I'm using FreeBSD 2.2.5 here... > options IPFORWSRCRT=0 //Turn off source routing. net.inet.ip.sourceroute: 0 > options IPNOPRIVPORTS //Remove concept of priv'd ports so BIND doesn't > //need to run as root. net.inet.ip.portrange.lowfirst: 1023 net.inet.ip.portrange.lowlast: 600 net.inet.ip.portrange.first: 1024 Might be worth investigating for what these can offer to you. I've not played with these but it might be interesting :-) Although, I think these affect what binding to port 0 does... [...] You should check that the following sysctl variable is off unless you need it on: net.inet.ip.forwarding You might also want to think about net.inet.ip.redirect From owner-freebsd-security Sun Dec 21 06:59:42 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id GAA06153 for security-outgoing; Sun, 21 Dec 1997 06:59:42 -0800 (PST) (envelope-from owner-freebsd-security) Received: from gw.sut.ru (gw.sut.ru [194.190.126.49]) by hub.freebsd.org (8.8.7/8.8.7) with SMTP id GAA06135 for ; Sun, 21 Dec 1997 06:59:35 -0800 (PST) (envelope-from koala.lanck.ru!uwl@lanck.ru) Received: from lanck.ru (lanck.ru [194.226.196.66]) by gw.sut.ru (8.6.12/8.6.12) with ESMTP id RAA01559 for ; Sun, 21 Dec 1997 17:58:46 +0300 Received: by lanck.ru with UUCP id RAA24131; (8.8.5/vak/1.9) Sun, 21 Dec 1997 17:52:58 +0300 (MSK) Received: (from uwl@localhost) by koala.lanck.ru (8.8.5/8.6.12) id RAA07798; Sun, 21 Dec 1997 17:51:44 +0300 Message-ID: <19971221175143.12552@koala.lanck.ru> Date: Sun, 21 Dec 1997 17:51:43 +0300 From: Vladimir Uralsky To: freebsd-security@FreeBSD.ORG Subject: cvsup? Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.79e X-Operating-System: Linux 2.0.29 i586 Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Hi! I have some troubles with cvsup utility. I never use it before. I'm running FreeBSD-2.2.2 and want to upgrade a kernel to -stable. What tag must I use? What are another useful options? I obtain a 2.2.5 kernel sources, but they seems not a -stable. For example the identcpu.c not contain a update about f00f bug, but CERT advisory describe it must be in. Sorry if it isn't a topic for this mailing list. -- Vova. From owner-freebsd-security Sun Dec 21 09:27:19 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id JAA13428 for security-outgoing; Sun, 21 Dec 1997 09:27:19 -0800 (PST) (envelope-from owner-freebsd-security) Received: from mercury.acs.unt.edu (mercury.acs.unt.edu [129.120.1.1]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id JAA13414 for ; Sun, 21 Dec 1997 09:27:01 -0800 (PST) (envelope-from john@www.cas.unt.edu) Received: from www.cas.unt.edu (www.cas.unt.edu [129.120.3.150]) by mercury.acs.unt.edu (8.8.8/8.8.8) with ESMTP id LAA03135; Sun, 21 Dec 1997 11:26:53 -0600 (CST) Received: (from john@localhost) by www.cas.unt.edu (8.8.7/8.6.9) id LAA20168; Sun, 21 Dec 1997 11:26:30 -0600 (CST) From: john Message-Id: <199712211726.LAA20168@www.cas.unt.edu> Subject: Re: cvsup? To: uwl@koala.lanck.ru (Vladimir Uralsky) Date: Sun, 21 Dec 1997 11:26:29 -0600 (CST) Cc: freebsd-security@freebsd.org In-Reply-To: <19971221175143.12552@koala.lanck.ru> from "Vladimir Uralsky" at Dec 21, 97 05:51:43 pm X-Mailer: ELM [version 2.4 PL25 PGP3 *ALPHA*] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > I have some troubles with cvsup utility. I never use it before. I'm > running FreeBSD-2.2.2 and want to upgrade a kernel to -stable. > What tag must I use? for stable (the URL below has this information) use the tag: RELENG_2_2 > What are another useful options? refer to http://www.freebsd.org/handbook/cvsup.html From owner-freebsd-security Sun Dec 21 10:34:53 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id KAA17256 for security-outgoing; Sun, 21 Dec 1997 10:34:53 -0800 (PST) (envelope-from owner-freebsd-security) Received: from prefetch.san.rr.com (ns1.san.rr.com [204.210.0.2]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id KAA17250; Sun, 21 Dec 1997 10:34:50 -0800 (PST) (envelope-from Studded@dal.net) Received: from dal.net (dt051n19.san.rr.com [204.210.32.25]) by prefetch.san.rr.com (8.8.7/8.8.8) with ESMTP id KAA11669; Sun, 21 Dec 1997 10:33:34 -0800 (PST) Message-ID: <349D60FB.E7AF91A7@dal.net> Date: Sun, 21 Dec 1997 10:33:31 -0800 From: Studded X-Mailer: Mozilla 4.04 [en] (X11; I; FreeBSD 2.2.5-STABLE i386) MIME-Version: 1.0 To: Vladimir Uralsky , freebsd-questions@freebsd.org CC: freebsd-security@freebsd.org Subject: Re: cvsup? References: <19971221175143.12552@koala.lanck.ru> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Vladimir Uralsky wrote: > > Hi! > > I have some troubles with cvsup utility. I never use it before. I'm > running FreeBSD-2.2.2 and want to upgrade a kernel to -stable. What tag > must I use? What are another useful options? I obtain a 2.2.5 kernel > sources, but they seems not a -stable. For example the identcpu.c not > contain a update about f00f bug, but CERT advisory describe it must be > in. > > Sorry if it isn't a topic for this mailing list. Your question actually belongs on freebsd-questions@freebsd.org, which is where I've sent a copy for you. :) If your system is 2.2.2 and you upgrade to 2.2.5-Stable kernel sources, you may introduce conflicts between your kernel and userland programs. If you use ipfw, 2.2.2 systems are not compatible with 2.2.5 kernels at all for example. You would be much better off upgrading the whole system to 2.2.5-Stable. Also, if you don't upgrade often you can avoid having to set up cvsup by getting your sources at the snapshot server, releng22.freebsd.org. If you need help upgrading via make world, please take a look at http://home.san.rr.com/freebsd/upgrade.html. I've rewritten the "Upgrading from source" page that's on www.freebsd.org to include more recent information. If you have console access, you could also use the floppy/sysinstall method of upgrading, like what you or someone did to install FreeBSD. Either way, good luck, :) Doug From owner-freebsd-security Sun Dec 21 13:08:44 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id NAA27181 for security-outgoing; Sun, 21 Dec 1997 13:08:44 -0800 (PST) (envelope-from owner-freebsd-security) Received: from burka.rdy.com (dima@burka.rdy.com [205.149.163.30]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id NAA27171 for ; Sun, 21 Dec 1997 13:08:42 -0800 (PST) (envelope-from dima@burka.rdy.com) Received: by burka.rdy.com id NAA15294; (8.8.8/RDY) Sun, 21 Dec 1997 13:08:31 -0800 (PST) Message-Id: <199712212108.NAA15294@burka.rdy.com> Subject: Re: cvsup? In-Reply-To: <19971221175143.12552@koala.lanck.ru> from Vladimir Uralsky at "Dec 21, 97 05:51:43 pm" To: uwl@koala.lanck.ru (Vladimir Uralsky) Date: Sun, 21 Dec 1997 13:08:31 -0800 (PST) Cc: freebsd-security@FreeBSD.ORG X-Class: Fast Organization: HackerDome Reply-To: dima@best.net From: dima@best.net (Dima Ruban) X-Mailer: ELM [version 2.4ME+ PL32 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Vladimir Uralsky writes: > Hi! > > I have some troubles with cvsup utility. I never use it before. I'm > running FreeBSD-2.2.2 and want to upgrade a kernel to -stable. What tag > must I use? What are another useful options? I obtain a 2.2.5 kernel > sources, but they seems not a -stable. For example the identcpu.c not > contain a update about f00f bug, but CERT advisory describe it must be > in. (cd /usr/src && make update) should work. Also, I don't know about 2.2.2 but it would be usefull if you set these in /etc/make.conf (in case it's not already there) CVS_UPDATE= yes SUP= /usr/local/bin/cvsup SUPFLAGS= -g -L 2 -z SUPFILE= /usr/share/examples/cvsup/standard-supfile SUPFILE1= /usr/share/examples/cvsup/secure-supfile SUPFILE2= /usr/share/examples/cvsup/ports-supfile > > Sorry if it isn't a topic for this mailing list. > > -- > Vova. > -- dima From owner-freebsd-security Mon Dec 22 07:30:06 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id HAA29017 for security-outgoing; Mon, 22 Dec 1997 07:30:06 -0800 (PST) (envelope-from owner-freebsd-security) Received: from passer.osg.gov.bc.ca (passer.osg.gov.bc.ca [142.32.110.29]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id HAA28976 for ; Mon, 22 Dec 1997 07:30:00 -0800 (PST) (envelope-from cy@cschuber.net.gov.bc.ca) Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.8.8/8.6.10) id HAA13219; Mon, 22 Dec 1997 07:29:47 -0800 (PST) Received: from cschuber.net.gov.bc.ca(142.31.240.113), claiming to be "cwsys.cwsent.com" via SMTP by passer.osg.gov.bc.ca, id smtpdaavlia; Mon Dec 22 07:29:39 1997 Received: (from uucp@localhost) by cwsys.cwsent.com (8.8.8/8.6.10) id HAA01093; Mon, 22 Dec 1997 07:29:31 -0800 (PST) Message-Id: <199712221529.HAA01093@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpd001083; Mon Dec 22 15:28:37 1997 X-Mailer: exmh version 2.0zeta 7/24/97 Reply-to: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-Sender: cy To: "John S. Dyson" cc: mike@smith.net.au (Mike Smith), dhawk@river.org, freebsd-security@freebsd.org Subject: Re: Is this something to worry about? In-reply-to: Your message of "Tue, 16 Dec 1997 22:38:16 EST." <199712170338.WAA01537@dyson.iquest.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Mon, 22 Dec 1997 07:28:36 -0800 Sender: owner-freebsd-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Sorry for the lateness of this reply. I just got around to reading the messages from the various mailing lists I've subscribed to. I get this behavior consistently under 2.2.2 when running restore. If I restore a file I can repeat this 100% of the time. Another way to repeat this 100% of the time is to use GDB and set a breakpoint in a program. My questions are, is this a VM fix or a PROCFS fix? Do you feel comfortable enough with the fix to have this merged into -stable by the time that 2.2.6 is released? > Mike Smith said: > > > Background: today I did a make and install in /usr/ports/x11/XFree86 > > > and XFree86-contrib and I thought I hadn't touched /usr/bin > > > but noticed this later in the day: > > > > > > -r-xr-xr-x 1 bin bin 123 Dec 6 07:02 linux > > > -r-xr-xr-x 1 bin bin 122 Dec 6 07:02 qcam > > > -r-xr-xr-x 1 bin bin 16384 Dec 16 05:00 tail > > > -r-xr-xr-x 1 bin bin 126976 Dec 16 10:55 awk > > > -r-xr-xr-x 1 bin bin 12288 Dec 16 11:35 du > > > > > > That the last three files there were modified today. I'm not aware of > > > anything on the system that would have modified 'tail' at 5am. > > > > This is a "feature" of the system; occasionally executables appear to > > be written to while they're running. Nobody has been able to work out > > why; the write doesn't appear to change any of the actual contents of > > the file. > > > I think that it has been fixed in the 3.0 line of code. Let me know if there > is ANY of this happening on -current! > > -- > John | Never try to teach a pig to sing, > dyson@freebsd.org | it just makes you look stupid, and > jdyson@nc.com | it irritates the pig. > Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 UNIX Support OV/VM: BCSC02(CSCHUBER) ITSD BITNET: CSCHUBER@BCSC02.BITNET Government of BC Internet: cschuber@uumail.gov.bc.ca Cy.Schubert@gems8.gov.bc.ca "Quit spooling around, JES do it." From owner-freebsd-security Mon Dec 22 09:22:17 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id JAA07545 for security-outgoing; Mon, 22 Dec 1997 09:22:17 -0800 (PST) (envelope-from owner-freebsd-security) Received: from godzilla.zeta.org.au (godzilla.zeta.org.au [203.2.228.19]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id JAA07527 for ; Mon, 22 Dec 1997 09:22:10 -0800 (PST) (envelope-from bde@zeta.org.au) Received: (from bde@localhost) by godzilla.zeta.org.au (8.8.7/8.6.9) id EAA32525; Tue, 23 Dec 1997 04:17:59 +1100 Date: Tue, 23 Dec 1997 04:17:59 +1100 From: Bruce Evans Message-Id: <199712221717.EAA32525@godzilla.zeta.org.au> To: cschuber@uumail.gov.bc.ca, toor@dyson.iquest.net Subject: Re: Is this something to worry about? Cc: dhawk@river.org, freebsd-security@FreeBSD.ORG, mike@smith.net.au Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk >I get this behavior consistently under 2.2.2 when running restore. If I >restore a file I can repeat this 100% of the time. Another way to repeat this >100% of the time is to use GDB and set a breakpoint in a program. > >My questions are, is this a VM fix or a PROCFS fix? Do you feel comfortable >enough with the fix to have this merged into -stable by the time that 2.2.6 is >released? The gdb fix is both: #dyson 97/04/05 18:29:49 # # Modified: sys/i386/i386 trap.c # sys/miscfs/procfs procfs_mem.c # sys/vm vm_fault.c vm_map.c vm_map.h vm_prot.h # Log: # Fix the gdb executable modify problem. Thanks to the detective work # by Alan Cox , and his description of the problem. # # The bug was primarily in procfs_mem, but the mistake likely happened # due to the lack of vm system support for the operation. I added # better support for selective marking of page dirty flags so that # vm_map_pageable(wiring) will not cause this problem again. # # The code in procfs_mem is now less bogus (but maybe still a little # so.) # # Revision Changes Path # 1.89 +7 -7 src/sys/i386/i386/trap.c # 1.24 +47 -80 src/sys/miscfs/procfs/procfs_mem.c # 1.67 +11 -9 src/sys/vm/vm_fault.c # 1.73 +11 -3 src/sys/vm/vm_map.c # 1.25 +7 -4 src/sys/vm/vm_map.h # 1.8 +2 -1 src/sys/vm/vm_prot.h There is also at least one fix to the fix. I don't know anything about the restore problem. restore doesn't seem to use procfs. I'm not comfortable merging anything into -stable, since I never run it. Bruce From owner-freebsd-security Mon Dec 22 10:04:47 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id KAA11311 for security-outgoing; Mon, 22 Dec 1997 10:04:47 -0800 (PST) (envelope-from owner-freebsd-security) Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id KAA11034 for security@freebsd.org; Mon, 22 Dec 1997 10:02:15 -0800 (PST) (envelope-from owner-bugmaster@freebsd.org) Date: Mon, 22 Dec 1997 10:02:15 -0800 (PST) Message-Id: <199712221802.KAA11034@hub.freebsd.org> From: FreeBSD bugmaster To: security Subject: Current problem reports assigned to you Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Current FreeBSD problem reports Critical problems Serious problems S Submitted Tracker Resp. Description ------------------------------------------------------------------------------- o [1997/11/20] kern/5103 security-officerIt appears to be possible to lockup a Fre 1 problem total. Non-critical problems From owner-freebsd-security Tue Dec 23 13:57:44 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id NAA13151 for security-outgoing; Tue, 23 Dec 1997 13:57:44 -0800 (PST) (envelope-from owner-freebsd-security) Received: from gvr.gvr.org (root@gvr.gvr.org [194.151.74.97]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id NAA13144 for ; Tue, 23 Dec 1997 13:57:39 -0800 (PST) (envelope-from guido@gvr.org) Received: (from guido@localhost) by gvr.gvr.org (8.8.6/8.8.5) id WAA08209; Tue, 23 Dec 1997 22:45:17 +0100 (MET) From: Guido van Rooij Message-Id: <199712232145.WAA08209@gvr.gvr.org> Subject: Re: land.c patch for 2.2.5-RELEASE In-Reply-To: from Jonah Kowall at "Dec 19, 97 07:14:32 pm" To: jkowall@coffeehaus.net (Jonah Kowall) Date: Tue, 23 Dec 1997 22:45:17 +0100 (MET) Cc: freebsd-security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL32 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Jonah Kowall wrote: > Does anyone have the "final" patch released, as well as the final F00F > patch for the kernel. Sorry to bother you busy bees, but I am in > desperate need of the land patch asap. > There has been an advisory on the f00f stuff. A land advisory is in the make. The felling is that the -current solution is not the right one. You can apply the solution in -current to -stable though. -Guido From owner-freebsd-security Thu Dec 25 17:27:23 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id RAA12275 for security-outgoing; Thu, 25 Dec 1997 17:27:23 -0800 (PST) (envelope-from owner-freebsd-security) Received: from gw.sut.ru (gw.sut.ru [194.190.126.49]) by hub.freebsd.org (8.8.7/8.8.7) with SMTP id RAA12223 for ; Thu, 25 Dec 1997 17:26:33 -0800 (PST) (envelope-from koala.lanck.ru!uwl@lanck.ru) Received: from lanck.ru (lanck.ru [194.226.196.66]) by gw.sut.ru (8.6.12/8.6.12) with ESMTP id EAA27560 for ; Fri, 26 Dec 1997 04:24:38 +0300 Received: by lanck.ru with UUCP id EAA25843; (8.8.5/vak/1.9) Fri, 26 Dec 1997 04:20:40 +0300 (MSK) Received: (from uwl@localhost) by koala.lanck.ru (8.8.5/8.6.12) id DAA17036; Fri, 26 Dec 1997 03:45:07 +0300 Message-ID: <19971226034507.34247@koala.lanck.ru> Date: Fri, 26 Dec 1997 03:45:07 +0300 From: Vladimir Uralsky To: freebsd-security@FreeBSD.ORG Subject: Re: land.c patch for 2.2.5-RELEASE References: <199712232145.WAA08209@gvr.gvr.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.79e In-Reply-To: <199712232145.WAA08209@gvr.gvr.org>; from Guido van Rooij on Tue, Dec 23, 1997 at 10:45:17PM +0100 X-Operating-System: Linux 2.0.29 i586 Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Tue, Dec 23, 1997 at 10:45:17PM +0100, Guido van Rooij wrote: > There has been an advisory on the f00f stuff. A land advisory is in the make. > The felling is that the -current solution is not the right one. > You can apply the solution in -current to -stable though. Is it really necessary now? My system was cvsuped to -stable 2 days ago and it's steady again land. -- Vova.