From owner-freebsd-security@FreeBSD.ORG Mon May 21 05:19:00 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 2C4421065764 for ; Mon, 21 May 2012 05:19:00 +0000 (UTC) (envelope-from bounces+73574-f30d-freebsd-security=freebsd.org@sendgrid.me) Received: from o3.shared.sendgrid.net (o3.shared.sendgrid.net [208.117.48.85]) by mx1.freebsd.org (Postfix) with SMTP id 9912C8FC12 for ; Mon, 21 May 2012 05:18:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sendgrid.info; h= message-id:date:from:mime-version:to:subject:content-type :content-transfer-encoding; s=smtpapi; bh=LH8AV1+lzfj8J4SyTfQMvE QNHtw=; b=QNht6B8u9ZjAtlP00eKDfKehlUzk+nnzO8rBnNCqM4u16x5KC8CVvM kwDcp8NCaJzLhLprxRYd0L9fSawTp4gj5clDJ+jmwTmkyDqijxbMngXGWzsVLYIU kk0bNqdEkfbCc5pXLAstqsEl1nRl+hOhm0tnX8QpSb/MW2RAjbr/Y= Received: by 10.4.35.220 with SMTP id mf8.22148.4FB9D03B3 Mon, 21 May 2012 00:18:51 -0500 (CDT) Received: from mail.tarsnap.com (unknown [10.8.49.124]) by mi4 (SG) with ESMTP id 4fb9d03b.4626.21f132b for ; Mon, 21 May 2012 00:18:51 -0500 (CST) Received: (qmail 44281 invoked from network); 21 May 2012 05:11:44 -0000 Received: from unknown (HELO clamshell.daemonology.net) (127.0.0.1) by mail.tarsnap.com with ESMTP; 21 May 2012 05:11:44 -0000 Received: (qmail 24687 invoked from network); 21 May 2012 05:18:01 -0000 Received: from unknown (HELO clamshell.daemonology.net) (127.0.0.1) by clamshell.daemonology.net with SMTP; 21 May 2012 05:18:01 -0000 Message-ID: <4FB9D009.1000704@freebsd.org> Date: Sun, 20 May 2012 22:18:01 -0700 From: Colin Percival User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:12.0) Gecko/20120509 Thunderbird/12.0.1 MIME-Version: 1.0 To: freebsd security X-Enigmail-Version: 1.5pre Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Sendgrid-EID: 5qVSvszVOIE6PbdhSmXigMotnDv2KVF2pFB0fKg9JzpPJtIk/1JjUQ0yoXl0YfxWuZ6KYPP4Ms4HHlyVDiFLh1S58Ay+V7r097PT05lhWjhS80qsereXV3CsZyKuejxC6wbMOChYTNojfcpQb1mvVqO63jen0CBJHqyDDA9gLnI= Subject: New FreeBSD Security Officer X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 May 2012 05:19:00 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all, When I took over from Jacques Vidrine as FreeBSD Security Officer in August 2005, I had three goals: Adding FreeBSD Update to the base system as an officially supported tool; keeping the FreeBSD Update and Portsnap build and mirror systems running smoothly; and ensuring that we maintain the high quality of our security advisories and patches. I've definitely achieved the first two, and while Jacques' shoes have been hard to fill, I hope you will agree that we haven't done badly on the third. Most of the credit for this goes to all the FreeBSD developers who have served on the Security Team over the past 80 months: Marcus Alves Grando, Qing Li, Xin Li, Remko Lodder, George V. Neville-Neil, Simon L. Nielsen, Philip Paeps, Christian S.J. Peron, Tom Rhodes, Guido van Rooij, Stanislav Sedov, Dag-Erling Smorgrav, Jacques Vidrine, Robert Watson, Martin Wilke, and Bjoern A. Zeeb. For administrative reasons I've often been the person committing security patches to the tree, and I think this misleads some people into thinking that I do all of the work; nothing could be further from the truth. Regrettably, like most FreeBSD developers I have commitments outside of FreeBSD, and as my online backup service (Tarsnap) has grown, so too have its demands on my time. I recently came to the conclusion that I could no longer give the role of Security Officer the time it deserved -- and more importantly, the availability to handle important issues on short notice -- and as such I decided that it was time for my term as Security Officer to come to an end. While I'll be remaining on the Security Team to offer opinions and advice about security issues, and I'll still be managing the FreeBSD Update and Portsnap bits, it's time to let someone else drive the bus. I asked the FreeBSD Core Team to offer the Security Officer role to Simon Nielsen, and I am happy to say that they agreed and Simon accepted the position. Simon has been a FreeBSD committer since July 2003, a member of the FreeBSD Security Team since October 2004, and a Deputy Security Officer - -- taking responsibility for pushing out security advisories when I have been temporarily unavailable -- since August 2005; I think it's safe to say that Simon is more prepared for this position than any new FreeBSD Security Officer has ever been. Thank you for all the support and bug reports you've provided over the years, and please join me in welcoming Simon to his new role. Sincerely, Colin Percival - -- Security Officer Emeritus, FreeBSD | The power to serve Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAk+50AkACgkQOM7KaQxqam5DtgCghpDZc7VqDGCerYOrfUfZmeH4 e+wAn2aoQp2Yd/FbZCzHqefDcGxDpbiF =nQfr -----END PGP SIGNATURE----- From owner-freebsd-security@FreeBSD.ORG Tue May 22 07:06:26 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 64BB2106566B for ; Tue, 22 May 2012 07:06:26 +0000 (UTC) (envelope-from mahdieh.salamat@gmail.com) Received: from mail-pb0-f54.google.com (mail-pb0-f54.google.com [209.85.160.54]) by mx1.freebsd.org (Postfix) with ESMTP id 3B6878FC08 for ; Tue, 22 May 2012 07:06:26 +0000 (UTC) Received: by pbbro2 with SMTP id ro2so8601541pbb.13 for ; Tue, 22 May 2012 00:06:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=XnXVYV/OT31pJjIMgOtDaYCwRuKaaFN+aUF10/AXkuY=; b=r/QWbzXHsKpj+CubnavMe+D1CBQpzUsYWpAz3GlN+asf9yaV75IXP6giS8YjLENs+s xkVgxiXqWg88GxMAxfdKwvp8fPvZPCaL2/9fekW39Z8RhX3Jj5DHxJMP56tOm/jgfKh3 J2DdtcgjgZvZAbqNm2Wl+OwJShsuy/d2ERobYY5LY+2qYyZOzQhi269SQTY4aog/DwgB 4kn41QVo5QCzykaTv7Dv22GS+uYf8Y+p8d8J+q9hKMGFpjZky4t21Qa2OAbnL+edc8jo TAkXaz2BjDSScL78FCnrLaHl/SHMyfTbgzz4LxqlGlLt0x3c52kbSfJvuvlJoPlYCGWn 3QBA== MIME-Version: 1.0 Received: by 10.68.130.196 with SMTP id og4mr37692217pbb.36.1337670385824; Tue, 22 May 2012 00:06:25 -0700 (PDT) Received: by 10.68.132.129 with HTTP; Tue, 22 May 2012 00:06:25 -0700 (PDT) Date: Tue, 22 May 2012 00:06:25 -0700 Message-ID: From: mahdieh salamat To: freebsd-security@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Lock FreeBSD partitions X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 May 2012 07:06:26 -0000 Hi all. I don't know I should ask my question here or not,I want to lock my partitons by geli or gbde, but I want that after boot users don't force to enter the passphrase. In other wise the partitions are locked but seems that they aren't lock. I need it for security that if any one try to mount partitions by CD or flash can't do it. Thanks From owner-freebsd-security@FreeBSD.ORG Tue May 22 13:25:38 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id F173E106564A for ; Tue, 22 May 2012 13:25:38 +0000 (UTC) (envelope-from feld@feld.me) Received: from feld.me (unknown [IPv6:2607:f4e0:100:300::2]) by mx1.freebsd.org (Postfix) with ESMTP id B7B788FC0A for ; Tue, 22 May 2012 13:25:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=feld.me; s=blargle; h=In-Reply-To:Message-Id:From:Mime-Version:Date:References:Subject:To:Content-Type; bh=dkKed3svjNc9sypH/vOOAAVbrJwsGMQpl7eqgFVzXuQ=; b=oQO1ei4oOTrxrxXuCsy7rjW2UuK2CDnrQ+ntV4p9qhypT4nfjtTzuHm1K0wvB2htUgyc44Rg24kptLhFcbdjBZBc5WVT61JISADPV/6+j0kGgs4IBFTr4ih7HFgpdi+9; Received: from localhost ([127.0.0.1] helo=mwi1.coffeenet.org) by feld.me with esmtp (Exim 4.77 (FreeBSD)) (envelope-from ) id 1SWp5f-000Ir5-DB for freebsd-security@freebsd.org; Tue, 22 May 2012 08:25:38 -0500 Received: from feld@feld.me by mwi1.coffeenet.org (Archiveopteryx 3.1.4) with esmtpa id 1337693125-3288-3287/5/19; Tue, 22 May 2012 13:25:25 +0000 Content-Type: text/plain; charset=utf-8; format=flowed; delsp=yes To: freebsd-security@freebsd.org References: Date: Tue, 22 May 2012 08:25:25 -0500 Mime-Version: 1.0 From: Mark Felder Message-Id: In-Reply-To: User-Agent: Opera Mail/11.64 (FreeBSD) X-SA-Score: -1.5 Subject: Re: Lock FreeBSD partitions X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 May 2012 13:25:39 -0000 On Tue, 22 May 2012 02:06:25 -0500, mahdieh salamat wrote: > Hi all. I don't know I should ask my question here or not,I want to lock > my > partitons by geli or gbde, but I want that after boot users don't force > to > enter the passphrase. In other wise the partitions are locked but seems > that they aren't lock. I need it for security that if any one try to > mount > partitions by CD or flash can't do it. > Thanks Are you saying you want them encrypted but automatically decrypted during the boot process, but if someone tries to load the system via a LiveCD or other method they wouldn't be able to mount the partitions without the passphrase?