From owner-freebsd-security@FreeBSD.ORG Sun Oct 23 22:16:34 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 40FCF1065670 for ; Sun, 23 Oct 2011 22:16:34 +0000 (UTC) (envelope-from outermarkerps@hotmail.com) Received: from dub0-omc3-s3.dub0.hotmail.com (dub0-omc3-s3.dub0.hotmail.com [157.55.2.12]) by mx1.freebsd.org (Postfix) with ESMTP id CEEEE8FC0C for ; Sun, 23 Oct 2011 22:16:33 +0000 (UTC) Received: from DUB107-W53 ([157.55.2.7]) by dub0-omc3-s3.dub0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675); Sun, 23 Oct 2011 15:04:27 -0700 Message-ID: X-Originating-IP: [46.107.90.175] From: Alex Stockman To: Date: Mon, 24 Oct 2011 00:04:26 +0200 Importance: Normal MIME-Version: 1.0 X-OriginalArrivalTime: 23 Oct 2011 22:04:27.0300 (UTC) FILETIME=[BB44AE40:01CC91CF] Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: decrypting freebsd bsd with mdecrypt X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 23 Oct 2011 22:16:34 -0000 Gentlemen (and ladies of course)=2C I'm now faced with a problem of restoring FreeBSD bdes-encrypted backups un= der Debian. Any ideas what exact parameters (algorythm=2C mode=2C key-mode etc) I need = to be able to read them? Many thanks OM = From owner-freebsd-security@FreeBSD.ORG Thu Oct 27 02:16:51 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 23C411065674 for ; Thu, 27 Oct 2011 02:16:51 +0000 (UTC) (envelope-from harrycoin@aol.com) Received: from imr-mb01.mx.aol.com (imr-mb01.mx.aol.com [64.12.207.164]) by mx1.freebsd.org (Postfix) with ESMTP id DFB148FC0C for ; Thu, 27 Oct 2011 02:16:50 +0000 (UTC) Received: from mtaout-db04.r1000.mx.aol.com (mtaout-db04.r1000.mx.aol.com [172.29.51.196]) by imr-mb01.mx.aol.com (8.14.1/8.14.1) with ESMTP id p9R26arQ003726 for ; Wed, 26 Oct 2011 22:06:36 -0400 Received: from [192.168.11.103] (unknown [64.4.171.39]) by mtaout-db04.r1000.mx.aol.com (MUA/Third Party Client Interface) with ESMTPA id D8A29E000087 for ; Wed, 26 Oct 2011 22:06:35 -0400 (EDT) Message-ID: <4EA8BC9D.9020406@aol.com> Date: Wed, 26 Oct 2011 21:06:21 -0500 From: Harry Coin User-Agent: Mozilla/5.0 (Windows NT 6.0; rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1 MIME-Version: 1.0 To: freebsd-security@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit x-aol-global-disposition: G X-AOL-SCOLL-SCORE: 0:2:351243424:93952408 X-AOL-SCOLL-URL_COUNT: 0 x-aol-sid: 3039ac1d33c44ea8bcab46f1 X-AOL-IP: 64.4.171.39 Subject: 8-stable nfs+lerberos security hole X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Oct 2011 02:16:51 -0000 Kindly note Re: "[kernel security routines using] getpwnam_r buf too small-- nfs assigns root:user to krb5 clients" PR http://www.freebsd.org/cgi/query-pr.cgi?pr=162009 With patches. There was another related PR. In short, the getpw*_r routines call for a user buffer in which to put all the strings associated with a passwd structure. Many routines allow only 128 bytes for this. Others in the kernel use 1024 or 2048. Not alot of guidance there to work with, eh? Long gecos info, long principal names, etc causes these routines to fail.. but the error doesn't seem to prevent non privileged nfs clients using kerberos security from creating files. And, those files are owned root:user. Sometimes user:root. Either way, not so good. Thanks Harry Coin