From owner-freebsd-audit Wed Jan 5 11:34:46 2000 Delivered-To: freebsd-audit@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id F0E8914F4F; Wed, 5 Jan 2000 11:34:44 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id DE2861CD625 for ; Wed, 5 Jan 2000 11:34:44 -0800 (PST) (envelope-from kris@hub.freebsd.org) Date: Wed, 5 Jan 2000 11:34:44 -0800 (PST) From: Kris Kennaway To: audit@freebsd.org Subject: Ping? Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Whatever happened to all the initial enthusiasm about this project? We got all these offers of assistance, but (with one notable exception), no follow-through. Where are all the patches? Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Wed Jan 5 12:35:22 2000 Delivered-To: freebsd-audit@freebsd.org Received: from kronos.alcnet.com (kronos.alcnet.com [63.69.28.22]) by hub.freebsd.org (Postfix) with ESMTP id 10BA815447; Wed, 5 Jan 2000 12:35:03 -0800 (PST) (envelope-from kbyanc@posi.net) X-Provider: ALC Communications, Inc. http://www.alcnet.com/ Received: from localhost (kbyanc@localhost) by kronos.alcnet.com (8.9.3/8.9.3/antispam) with ESMTP id PAA66102; Wed, 5 Jan 2000 15:35:01 -0500 (EST) Date: Wed, 5 Jan 2000 15:35:01 -0500 (EST) From: Kelly Yancey X-Sender: kbyanc@kronos.alcnet.com To: Kris Kennaway Cc: audit@FreeBSD.ORG Subject: Re: Ping? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Wed, 5 Jan 2000, Kris Kennaway wrote: > Whatever happened to all the initial enthusiasm about this project? We got > all these offers of assistance, but (with one notable exception), no > follow-through. Where are all the patches? > > Kris > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-audit" in the body of the message > I'm still alive, but working on the audit project web site right now. Kelly -- Kelly Yancey - kbyanc@posi.net - Richmond, VA Analyst / E-business Development, Bell Industries http://www.bellind.com/ Maintainer, BSD Driver Database http://www.posi.net/freebsd/drivers/ Coordinator, Team FreeBSD http://www.posi.net/freebsd/Team-FreeBSD/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Wed Jan 5 14:23:59 2000 Delivered-To: freebsd-audit@freebsd.org Received: from spirit.jaded.net (spirit.jaded.net [216.94.113.12]) by hub.freebsd.org (Postfix) with ESMTP id 25C6A14C0A; Wed, 5 Jan 2000 14:23:56 -0800 (PST) (envelope-from dan@spirit.jaded.net) Received: (from dan@localhost) by spirit.jaded.net (8.9.3/8.9.3) id RAA04376; Wed, 5 Jan 2000 17:29:10 -0500 (EST) Date: Wed, 5 Jan 2000 17:29:10 -0500 From: Dan Moschuk To: Kris Kennaway Cc: audit@FreeBSD.ORG Subject: Re: Ping? Message-ID: <20000105172910.G3893@spirit.jaded.net> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: ; from kris@hub.freebsd.org on Wed, Jan 05, 2000 at 11:34:44AM -0800 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG | Whatever happened to all the initial enthusiasm about this project? We got | all these offers of assistance, but (with one notable exception), no | follow-through. Where are all the patches? | | Kris Indeed. I think I'm going to full steam ahead and try and get as much "kernel hardening" as I can in time for 4.0-RELEASE. -- Dan Moschuk (TFreak!dan@freebsd.org) "Waste not fresh tears on old griefs." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sat Jan 8 3:13:12 2000 Delivered-To: freebsd-audit@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id E61351510E; Sat, 8 Jan 2000 03:13:10 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id D92531CD82D; Sat, 8 Jan 2000 03:13:10 -0800 (PST) (envelope-from kris@hub.freebsd.org) Date: Sat, 8 Jan 2000 03:13:10 -0800 (PST) From: Kris Kennaway To: Brad Knowles Cc: audit@freebsd.org Subject: Re: Ping? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Wed, 5 Jan 2000, Brad Knowles wrote: > I'm still interested, but I need some assistance in determining > how I would be able to apply my skills in a useful manner. The first thing we should probably do, which I've started here myself, is to finally go through the entire OpenBSD cvs repository and merge over all of their remaining fixes. I'm about halfway through bin/ after a day or two's work. Of course, this is no substitute for auditing the code ourselves (if nothing else, our codebase is slightly divergent from theirs), which will also be done, but it's a good way to get most of the problems fixed quickly. The ports tree should also have some sort of attention paid to it - I need to bug Satoshi to provide a list of set[gu]id files from bento. The most helpful thing for you to do is to become familiar with how to identify and fix buffer overflows, race conditions and other common security pitfalls - there were a few references posted in the early days of this list which you should be able to dig out (I probably still have the posts if theyre not archived) otherwise I can hunt down a more comprehensive list of references. Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sat Jan 8 3:13:54 2000 Delivered-To: freebsd-audit@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id 7A5491505B; Sat, 8 Jan 2000 03:13:53 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 6BADF1CD82D; Sat, 8 Jan 2000 03:13:53 -0800 (PST) (envelope-from kris@hub.freebsd.org) Date: Sat, 8 Jan 2000 03:13:53 -0800 (PST) From: Kris Kennaway To: Kelly Yancey Cc: audit@FreeBSD.ORG Subject: Re: Ping? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Wed, 5 Jan 2000, Kelly Yancey wrote: > I'm still alive, but working on the audit project web site right now. Cool, got anything to show us yet? :) Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sat Jan 8 3:15: 7 2000 Delivered-To: freebsd-audit@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id E1F0C1527E; Sat, 8 Jan 2000 03:15:06 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id D44CD1CD82D; Sat, 8 Jan 2000 03:15:06 -0800 (PST) (envelope-from kris@hub.freebsd.org) Date: Sat, 8 Jan 2000 03:15:06 -0800 (PST) From: Kris Kennaway To: Dan Moschuk Cc: audit@FreeBSD.ORG Subject: Re: Ping? In-Reply-To: <20000105172910.G3893@spirit.jaded.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Wed, 5 Jan 2000, Dan Moschuk wrote: > I think I'm going to full steam ahead and try and get as much "kernel > hardening" as I can in time for 4.0-RELEASE. Sounds good. Hmm, I never did get back to you about the arc4random thing..I'll try and remember what I had to say and mail you tomorrow. Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sat Jan 8 9:58:24 2000 Delivered-To: freebsd-audit@freebsd.org Received: from erouter0.it-datacntr.louisville.edu (erouter0.it-datacntr.louisville.edu [136.165.1.36]) by hub.freebsd.org (Postfix) with ESMTP id 2970C1502F for ; Sat, 8 Jan 2000 09:58:23 -0800 (PST) (envelope-from k.stevenson@louisville.edu) Received: from osaka.louisville.edu (osaka.louisville.edu [136.165.1.114]) by erouter0.it-datacntr.louisville.edu (Postfix) with ESMTP id 5866B24D25; Sat, 8 Jan 2000 12:58:22 -0500 (EST) Received: by osaka.louisville.edu (Postfix, from userid 15) id 8A9AE18605; Sat, 8 Jan 2000 12:58:03 -0500 (EST) Date: Sat, 8 Jan 2000 12:58:03 -0500 From: Keith Stevenson To: Kris Kennaway Cc: Kelly Yancey , audit@FreeBSD.ORG Subject: Re: Ping? Message-ID: <20000108125803.B45587@osaka.louisville.edu> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0pre3i In-Reply-To: Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sat, Jan 08, 2000 at 03:13:53AM -0800, Kris Kennaway wrote: > On Wed, 5 Jan 2000, Kelly Yancey wrote: > > > I'm still alive, but working on the audit project web site right now. > > Cool, got anything to show us yet? :) Not just yet. Kelly, MarkM, and I just worked out the hosting arrangements. Hopefully, I'll have all of the infrastructure Kelly requested set up in the next few days so he can get to work. Regards, --Keith Stevenson-- -- Keith Stevenson System Programmer - Data Center Services - University of Louisville k.stevenson@louisville.edu PGP key fingerprint = 4B 29 A8 95 A8 82 EA A2 29 CE 68 DE FC EE B6 A0 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sat Jan 8 22:10:41 2000 Delivered-To: freebsd-audit@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id EBFE3152A8; Sat, 8 Jan 2000 22:10:38 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id D9F0D1CD82B for ; Sat, 8 Jan 2000 22:10:38 -0800 (PST) (envelope-from kris@hub.freebsd.org) Date: Sat, 8 Jan 2000 22:10:38 -0800 (PST) From: Kris Kennaway To: audit@freebsd.org Subject: ldconfig and mkstemp Message-ID: MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="0-1380141598-947398238=:33985" Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. Send mail to mime@docserver.cac.washington.edu for more info. --0-1380141598-947398238=:33985 Content-Type: TEXT/PLAIN; charset=US-ASCII This patch removes the tempfile race in ldconfig..please review Kris --0-1380141598-947398238=:33985 Content-Type: TEXT/PLAIN; charset=US-ASCII; name=patch Content-Transfer-Encoding: BASE64 Content-ID: Content-Description: Content-Disposition: attachment; filename=patch SW5kZXg6IGxkY29uZmlnLmMNCj09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0NClJD UyBmaWxlOiAvaG9tZS9uY3ZzL3NyYy9zYmluL2xkY29uZmlnL2xkY29uZmln LmMsdg0KcmV0cmlldmluZyByZXZpc2lvbiAxLjMwDQpkaWZmIC11IC1yMS4z MCBsZGNvbmZpZy5jDQotLS0gbGRjb25maWcuYwkxOTk5LzA4LzI4IDAwOjEz OjIxCTEuMzANCisrKyBsZGNvbmZpZy5jCTIwMDAvMDEvMDkgMDU6NTA6MDkN CkBAIC00NjUsMTUgKzQ2NSwxMCBAQA0KIAkJZXJyeCgxLCAic3RyX2luZGV4 KCVkKSAhPSBzdHJ0YWJfc3ooJWQpIiwgc3RyX2luZGV4LCBzdHJ0YWJfc3op Ow0KIAl9DQogDQotCXRtcGZpbGUgPSBjb25jYXQoaGludHNfZmlsZSwgIi5Y WFhYWFgiLCAiIik7DQotCWlmICgodG1wZmlsZSA9IG1rdGVtcCh0bXBmaWxl KSkgPT0gTlVMTCkgew0KLQkJd2FybigiJXMiLCB0bXBmaWxlKTsNCi0JCXJl dHVybiAtMTsNCi0JfQ0KLQ0KKwl0bXBmaWxlID0gY29uY2F0KGhpbnRzX2Zp bGUsICIuWFhYWFhYWFhYWCIsICIiKTsNCiAJdW1hc2soMCk7CS8qIENyZWF0 ZSB3aXRoIGV4YWN0IHBlcm1pc3Npb25zICovDQotCWlmICgoZmQgPSBvcGVu KHRtcGZpbGUsIE9fUkRXUnxPX0NSRUFUfE9fVFJVTkMsIDA0NDQpKSA9PSAt MSkgew0KLQkJd2FybigiJXMiLCBoaW50c19maWxlKTsNCisJaWYgKChmZCA9 IG1rc3RlbXAodG1wZmlsZSkpID09IC0xKSB7DQorCQl3YXJuKCIlcyIsIHRt cGZpbGUpOw0KIAkJcmV0dXJuIC0xOw0KIAl9DQogDQo= --0-1380141598-947398238=:33985-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sat Jan 8 23: 2:52 2000 Delivered-To: freebsd-audit@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id 41FFC14C1E; Sat, 8 Jan 2000 23:02:44 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 1707D1CD826 for ; Sat, 8 Jan 2000 23:02:44 -0800 (PST) (envelope-from kris@hub.freebsd.org) Date: Sat, 8 Jan 2000 23:02:44 -0800 (PST) From: Kris Kennaway To: audit@freebsd.org Subject: Re: ldconfig and mkstemp In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="0-2022599711-947401364=:55612" Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. Send mail to mime@docserver.cac.washington.edu for more info. --0-2022599711-947401364=:55612 Content-Type: TEXT/PLAIN; charset=US-ASCII On Sat, 8 Jan 2000, Kris Kennaway wrote: > This patch removes the tempfile race in ldconfig..please review Oops, forgot the fcmod.. Kris --0-2022599711-947401364=:55612 Content-Type: TEXT/PLAIN; charset=US-ASCII; name=patch Content-Transfer-Encoding: BASE64 Content-ID: Content-Description: Content-Disposition: attachment; filename=patch SW5kZXg6IGxkY29uZmlnLmMNCj09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0NClJD UyBmaWxlOiAvaG9tZS9uY3ZzL3NyYy9zYmluL2xkY29uZmlnL2xkY29uZmln LmMsdg0KcmV0cmlldmluZyByZXZpc2lvbiAxLjMwDQpkaWZmIC11IC1yMS4z MCBsZGNvbmZpZy5jDQotLS0gbGRjb25maWcuYwkxOTk5LzA4LzI4IDAwOjEz OjIxCTEuMzANCisrKyBsZGNvbmZpZy5jCTIwMDAvMDEvMDkgMDY6Mjk6MDQN CkBAIC00NjUsMTcgKzQ2NSwxMyBAQA0KIAkJZXJyeCgxLCAic3RyX2luZGV4 KCVkKSAhPSBzdHJ0YWJfc3ooJWQpIiwgc3RyX2luZGV4LCBzdHJ0YWJfc3op Ow0KIAl9DQogDQotCXRtcGZpbGUgPSBjb25jYXQoaGludHNfZmlsZSwgIi5Y WFhYWFgiLCAiIik7DQotCWlmICgodG1wZmlsZSA9IG1rdGVtcCh0bXBmaWxl KSkgPT0gTlVMTCkgew0KLQkJd2FybigiJXMiLCB0bXBmaWxlKTsNCi0JCXJl dHVybiAtMTsNCi0JfQ0KLQ0KKwl0bXBmaWxlID0gY29uY2F0KGhpbnRzX2Zp bGUsICIuWFhYWFhYWFhYWCIsICIiKTsNCiAJdW1hc2soMCk7CS8qIENyZWF0 ZSB3aXRoIGV4YWN0IHBlcm1pc3Npb25zICovDQotCWlmICgoZmQgPSBvcGVu KHRtcGZpbGUsIE9fUkRXUnxPX0NSRUFUfE9fVFJVTkMsIDA0NDQpKSA9PSAt MSkgew0KLQkJd2FybigiJXMiLCBoaW50c19maWxlKTsNCisJaWYgKChmZCA9 IG1rc3RlbXAodG1wZmlsZSkpID09IC0xKSB7DQorCQl3YXJuKCIlcyIsIHRt cGZpbGUpOw0KIAkJcmV0dXJuIC0xOw0KIAl9DQorCWZjaG1vZChmZCwgMDQ0 NCk7DQogDQogCWlmICh3cml0ZShmZCwgJmhkciwgc2l6ZW9mKHN0cnVjdCBo aW50c19oZWFkZXIpKSAhPQ0KIAkJCQkJCXNpemVvZihzdHJ1Y3QgaGludHNf aGVhZGVyKSkgew0K --0-2022599711-947401364=:55612-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message