From owner-freebsd-security@FreeBSD.ORG Mon Jun 18 13:32:00 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 896F41065672; Mon, 18 Jun 2012 13:32:00 +0000 (UTC) (envelope-from vladimir.budnev@gmail.com) Received: from mail-ee0-f54.google.com (mail-ee0-f54.google.com [74.125.83.54]) by mx1.freebsd.org (Postfix) with ESMTP id EAB4B8FC1C; Mon, 18 Jun 2012 13:31:59 +0000 (UTC) Received: by eeke49 with SMTP id e49so1766939eek.13 for ; Mon, 18 Jun 2012 06:31:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; bh=4IVveufQahBI4PavzNqUKTYA3i3jOhcJnZCP26+GaoQ=; b=edoBDNV8/U3F9+I42G0xEOXjpz/F08279mKEfazo/w1xTchEod2tJ1RQJ5tjIphDSI Ic1oExMdkCd9pEjxFYaJKl2b0dWdPtEd7tFt3l8G96VNPTkqsTxgXvZGtsRtAqIkx5iG ryEsFaAV5cecEU2EsBn6jM68SyCX9Rgkx84aboHxPcPcxWAVXC/cQrE3T1Jh6NXf6rev o4I7Fr99Ckw24+6qpf/zouiwNPCW8TgpJ4Do688TUsJsrBf7CV1vbgXe5D8Hfz6mt7Yz LrmrpUaivFZhmO7Vq769HvoLtIKyz3fR7Pb1v3le2lBMtDbZCe/b04wQAbqF46Nz2jiT qF4Q== Received: by 10.152.104.171 with SMTP id gf11mr14679123lab.5.1340026319020; Mon, 18 Jun 2012 06:31:59 -0700 (PDT) Received: from [192.168.66.106] ([80.253.27.98]) by mx.google.com with ESMTPS id j3sm11477718lbh.0.2012.06.18.06.31.57 (version=SSLv3 cipher=OTHER); Mon, 18 Jun 2012 06:31:58 -0700 (PDT) Message-ID: <4FDF2DCA.2020105@gmail.com> Date: Mon, 18 Jun 2012 17:31:54 +0400 From: Budnev Vladimir User-Agent: Mozilla/5.0 (X11; Linux i686; rv:12.0) Gecko/20120428 Thunderbird/12.0.1 MIME-Version: 1.0 To: freebsd-questions@freebsd.org, freebsd-security@freebsd.org Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Cc: Subject: (Free 7.2) "su -l" didnt prompt password.Is it possbile? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Jun 2012 13:32:00 -0000 Hello everyone. We'v noticed some strange situation. After reboot and login, system didn't ask for password while switchig with su -l. In details, there was root login from terminal and one from ssh. Terminal login was directly as root(via ip-console), and ssh was as user, then attemped switch to root with su -l, and there were NO password request,no prompt at all. At the same time login from terminal accepted root password, first I thought that means password wasn't empty, but system even with empty password should print "Password:"..and that time it was nothing absolultey. We even logged out and then su -l again. And It looked such way: %su -l St-serv# St-serv# exit %su -l St-serv# We'v been shocked and hurried a bit and changed root password without /etc/master.passwd backup for explorations. After chagning password we cant no reprocude such behaviour. It's also should be noticed that system was booting after unsafe power shutdown, and there was fs-check running in background(accroding to logs), corrected cleared some files(searching by inum resulted to nothing). sysctl -a gave such string: <118>Starting background file system checks in 60 seconds. <118> and in /var/log/messages we could see: Jun 15 14:57:39 St-serv kernel: em0: link state changed to UP Jun 15 14:57:49 St-serv login: ROOT LOGIN (root) ON ttyv0 Jun 15 14:58:47 St-serv fsck: /dev/ad0s1e: 71 files, 11 used, 2538508 free (84 frags, 317303 blocks, 0.0% fragmentation) Jun 15 15:02:31 St-serv fsck: /dev/ad0s1f: 264646 files, 1378041 used, 60368113 free (43545 frags, 7540571 blocks, 0.1% fragmentation) Jun 15 15:03:31 St-serv su: zimmer to root on /dev/ttyp0 Jun 15 15:03:43 St-serv fsck: /dev/ad0s1d: INCORRECT BLOCK COUNT I=1931747 (897632 should be 897600) (CORRECTED) Jun 15 15:03:43 St-serv fsck: /dev/ad0s1d: INCORRECT BLOCK COUNT I=1931748 (1865184 should be 1865120) (CORRECTED) Jun 15 15:03:43 St-serv fsck: /dev/ad0s1d: INCORRECT BLOCK COUNT I=2284637 (4 should be 0) (CORRECTED) Jun 15 15:03:43 St-serv fsck: /dev/ad0s1d: INCORRECT BLOCK COUNT I=2284713 (4 should be 0) (CORRECTED) Jun 15 15:03:43 St-serv fsck: /dev/ad0s1d: UNREF FILE I=23557 OWNER=root MODE=100644 Jun 15 15:03:43 St-serv fsck: /dev/ad0s1d: SIZE=0 MTIME=Jun 9 18:51 2012 (CLEARED) Jun 15 15:03:43 St-serv fsck: /dev/ad0s1d: UNREF FILE I=1931319 OWNER=root MODE=100640 Jun 15 15:03:43 St-serv fsck: /dev/ad0s1d: SIZE=728 MTIME=Jul 26 17:37 2011 (CLEARED) <...> I'v googled and found only one thread with su didnt'asking for password, that one was abut jails, but this time we have a 100% garanty that we didnt put any virtual enviroments. So the thing that scares is, mb this is symptop of server rootkit? (We'v found nothing unusual in logs but it means nothing...) Or there is some other explanation why su could not ask password? Thanks in advance PS Duplicated question to freebsd-questions and freebsd-security because unsure which one it should be send. From owner-freebsd-security@FreeBSD.ORG Mon Jun 18 14:41:39 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id AD4CB106564A; Mon, 18 Jun 2012 14:41:39 +0000 (UTC) (envelope-from vladimir.budnev@gmail.com) Received: from mail-lb0-f182.google.com (mail-lb0-f182.google.com [209.85.217.182]) by mx1.freebsd.org (Postfix) with ESMTP id AC7928FC12; Mon, 18 Jun 2012 14:41:38 +0000 (UTC) Received: by lbon10 with SMTP id n10so5383583lbo.13 for ; Mon, 18 Jun 2012 07:41:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type; bh=lv+DveBaBYnwPnL1HKXhUBLy0j7bf0LUG2E5ZGzWLSQ=; b=aMhlUtVzT+C261EUtBTRF8mr7htdWZfNR72K8ZFsGLbzbK0ApHp8FdFCMug3lbgknt mdr5MGjtpkCTDFfJ9HA7lSLDHm9/6+72SqtFXUXCrZgqhx8W7EdEI9ID4jA27inDrA/2 8vrlobSaWy0GQ3/ZvlX+lL/yLg798RzPcIiQEs7bPibt8vXV2R5ZL1rAJ4JVtThV0AYp UbSUOzW2BKY1pvKaZbVWMWm4zLUCVzC9N2qr0iNN1rcsHa3jhXTtMFj521REWrIz8Yzs L+LuOB1k+roLm1mIJh8D7B/qzI2Iqx6EW0QwiGbtoP6HUqB+gRG5dUiJzzQBbhPvrdVn 6Byw== Received: by 10.112.40.36 with SMTP id u4mr6587063lbk.70.1340030497617; Mon, 18 Jun 2012 07:41:37 -0700 (PDT) Received: from [192.168.66.106] ([80.253.27.98]) by mx.google.com with ESMTPS id hm7sm27567233lab.12.2012.06.18.07.41.35 (version=SSLv3 cipher=OTHER); Mon, 18 Jun 2012 07:41:36 -0700 (PDT) Message-ID: <4FDF3E1E.8040100@gmail.com> Date: Mon, 18 Jun 2012 18:41:34 +0400 From: Budnev Vladimir User-Agent: Mozilla/5.0 (X11; Linux i686; rv:12.0) Gecko/20120428 Thunderbird/12.0.1 MIME-Version: 1.0 To: Chris Rees References: <4FDF2DCA.2020105@gmail.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-security@freebsd.org, freebsd-questions@freebsd.org Subject: Re: (Free 7.2) "su -l" didnt prompt password.Is it possbile? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Jun 2012 14:41:39 -0000 18.06.2012 18:32, Chris Rees ???????: > > > On Jun 18, 2012 2:34 PM, "Budnev Vladimir" > wrote: > > > > Hello everyone. > > We'v noticed some strange situation. After reboot and login, system > didn't ask for password while switchig with su -l. > > > > In details, there was root login from terminal and one from ssh. > > Terminal login was directly as root(via ip-console), and ssh was as > user, then attemped switch to root with su -l, and there were NO > password request,no prompt at all. At the same time login from > terminal accepted root password, first I thought that means password > wasn't empty, but system even with empty password should print > "Password:"..and that time it was nothing absolultey. > > Empty password behaviour is for no prompt, so what you are seeing is > normal, and means that you did indeed have a empty password. > Interesintg could it be that master.passwd file corrupted (after power shutdown) and fsck corrected in background.. which resulted in such behaviour. The strange thing with possibly empty password is that login from ip-console accepted correct password. So dont sure about empty...It seems like su was accepting any password at that time. > > Check your logs very carefully over the past few weeks to make sure no > one has broken in. > Yeah, seems we are forced to mount disks to another system and check for changes in critical system tools. Argh....and then anyway redeploy system. > > Chris > From owner-freebsd-security@FreeBSD.ORG Mon Jun 18 14:43:03 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 3EC471065670 for ; Mon, 18 Jun 2012 14:43:03 +0000 (UTC) (envelope-from jhellenthal@dataix.net) Received: from mail-yx0-f182.google.com (mail-yx0-f182.google.com [209.85.213.182]) by mx1.freebsd.org (Postfix) with ESMTP id DAF508FC1A for ; Mon, 18 Jun 2012 14:43:02 +0000 (UTC) Received: by yenl8 with SMTP id l8so4416988yen.13 for ; Mon, 18 Jun 2012 07:43:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dataix.net; s=rsa; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to; bh=rKYZFQLDZXEubICnBVRx9tej0LnDPzBvsr4rRm7+xE8=; b=QIuOEa2fpobAqc1D2w/lepSzBSdRJ6VoHa5b6yT8iDBFiVOYDYldYAf1fuP/b0no03 vfhpyGj35FVZN7kyXecVN3AS26E9ntABzwWGGN/mPJ59/BdjxGbo8VsZiBCU+48VPW3m VNgUFsipUIreoDHVvVeKE4JekqTAlGpzxCxbE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:x-gm-message-state; bh=rKYZFQLDZXEubICnBVRx9tej0LnDPzBvsr4rRm7+xE8=; b=P1JxqpBwhnGYe3ZFranrr7W0ko06Bb6x2iLEUgemOTLObZvX80XXuXgSJInGcgQZdO qkaDrxIZqKs5G5dnjRsHqnaPZYwN9M/Xcy+8517srdj62wAPvobpZhrHw0k7Fs8VriLU L6a0MQI1A3MIiAvcoOpY98uZw0E3vJ3BQpWsCp7xy4O5BzwqhpBYOgDCw9nHdNtPBqI1 oSDG5y9+5kdgflxHF1msEhp/cOjecXxzUSPFT6ZXCdRxJt8GlVpNmxjB5NPrgVxfm9pc WWHxwishwe7RWQFRSpcAVVmL9Y2GlDkw+zDNETxKl/dkZbUHxpJ0DlHG8lbHRevuJM+I /lIg== Received: by 10.50.186.196 with SMTP id fm4mr8638321igc.34.1340030581925; Mon, 18 Jun 2012 07:43:01 -0700 (PDT) Received: from DataIX.net (75-128-120-86.dhcp.aldl.mi.charter.com. [75.128.120.86]) by mx.google.com with ESMTPS id pp4sm15953110igb.5.2012.06.18.07.43.01 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 18 Jun 2012 07:43:01 -0700 (PDT) Received: from DataIX.net (localhost [127.0.0.1]) by DataIX.net (8.14.5/8.14.5) with ESMTP id q5IEgxoY076181 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 18 Jun 2012 10:43:00 -0400 (EDT) (envelope-from jhellenthal@DataIX.net) Received: (from jh@localhost) by DataIX.net (8.14.5/8.14.5/Submit) id q5IEgxcM076180; Mon, 18 Jun 2012 10:42:59 -0400 (EDT) (envelope-from jhellenthal@DataIX.net) Date: Mon, 18 Jun 2012 10:42:59 -0400 From: Jason Hellenthal To: Budnev Vladimir Message-ID: <20120618144259.GB74775@DataIX.net> References: <4FDF2DCA.2020105@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4FDF2DCA.2020105@gmail.com> X-Gm-Message-State: ALoCoQl5WSKVRKy9/KQfGyiazJuNUtJoRfPnrt2xXoQ8Qz421blj3hQYo1O+B0V4Nt0ThQ8EqsVK Cc: freebsd-security@freebsd.org, freebsd-questions@freebsd.org Subject: Re: (Free 7.2) "su -l" didnt prompt password.Is it possbile? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Jun 2012 14:43:03 -0000 On Mon, Jun 18, 2012 at 05:31:54PM +0400, Budnev Vladimir wrote: > Hello everyone. > We'v noticed some strange situation. After reboot and login, system > didn't ask for password while switchig with su -l. > > In details, there was root login from terminal and one from ssh. > Terminal login was directly as root(via ip-console), and ssh was as > user, then attemped switch to root with su -l, and there were NO > password request,no prompt at all. At the same time login from terminal > accepted root password, first I thought that means password wasn't > empty, but system even with empty password should print "Password:"..and > that time it was nothing absolultey. We even logged out and then su -l > again. > > And It looked such way: > > %su -l > St-serv# > St-serv# exit > %su -l > St-serv# > > We'v been shocked and hurried a bit and changed root password without > /etc/master.passwd backup for explorations. > After chagning password we cant no reprocude such behaviour. > > It's also should be noticed that system was booting after unsafe power > shutdown, and there was fs-check running in background(accroding to > logs), corrected cleared some files(searching by inum resulted to nothing). > > sysctl -a gave such string: > <118>Starting background file system checks in 60 seconds. > <118> > > and in /var/log/messages we could see: > Jun 15 14:57:39 St-serv kernel: em0: link state changed to UP > Jun 15 14:57:49 St-serv login: ROOT LOGIN (root) ON ttyv0 > Jun 15 14:58:47 St-serv fsck: /dev/ad0s1e: 71 files, 11 used, 2538508 > free (84 frags, 317303 blocks, 0.0% fragmentation) > Jun 15 15:02:31 St-serv fsck: /dev/ad0s1f: 264646 files, 1378041 used, > 60368113 free (43545 frags, 7540571 blocks, 0.1% fragmentation) > Jun 15 15:03:31 St-serv su: zimmer to root on /dev/ttyp0 > Jun 15 15:03:43 St-serv fsck: /dev/ad0s1d: INCORRECT BLOCK COUNT > I=1931747 (897632 should be 897600) (CORRECTED) > Jun 15 15:03:43 St-serv fsck: /dev/ad0s1d: INCORRECT BLOCK COUNT > I=1931748 (1865184 should be 1865120) (CORRECTED) > Jun 15 15:03:43 St-serv fsck: /dev/ad0s1d: INCORRECT BLOCK COUNT > I=2284637 (4 should be 0) (CORRECTED) > Jun 15 15:03:43 St-serv fsck: /dev/ad0s1d: INCORRECT BLOCK COUNT > I=2284713 (4 should be 0) (CORRECTED) > Jun 15 15:03:43 St-serv fsck: /dev/ad0s1d: UNREF FILE I=23557 > OWNER=root MODE=100644 > Jun 15 15:03:43 St-serv fsck: /dev/ad0s1d: SIZE=0 MTIME=Jun 9 18:51 > 2012 (CLEARED) > Jun 15 15:03:43 St-serv fsck: /dev/ad0s1d: UNREF FILE I=1931319 > OWNER=root MODE=100640 > Jun 15 15:03:43 St-serv fsck: /dev/ad0s1d: SIZE=728 MTIME=Jul 26 17:37 > 2011 (CLEARED) > <...> > > > I'v googled and found only one thread with su didnt'asking for password, > that one was abut jails, but this time we have a 100% garanty that we > didnt put any virtual enviroments. > > So the thing that scares is, mb this is symptop of server rootkit? (We'v > found nothing unusual in logs but it means nothing...) Or there is some > other explanation why su could not ask password? > The only thing I can think of ATM is .. did you recently perform and upgrade from source with this system ? mergemaster ? The reason why I ask is that when doing such things the master.passwd is compared to the default master.passwd which has no passowrd set. If a merge when wrong then there is a possibility that it was set back to defaults by accident. I also see that your system booted up and did a fsck(8). There is a chance that something wierd happened here as well. > > Thanks in advance > > PS Duplicated question to freebsd-questions and freebsd-security because > unsure which one it should be send. > > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" -- - (2^(N-1)) From owner-freebsd-security@FreeBSD.ORG Mon Jun 18 14:32:31 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A577F106566C; Mon, 18 Jun 2012 14:32:31 +0000 (UTC) (envelope-from utisoft@gmail.com) Received: from mail-bk0-f54.google.com (mail-bk0-f54.google.com [209.85.214.54]) by mx1.freebsd.org (Postfix) with ESMTP id B599C8FC1C; Mon, 18 Jun 2012 14:32:30 +0000 (UTC) Received: by bkvi18 with SMTP id i18so5093941bkv.13 for ; Mon, 18 Jun 2012 07:32:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=BMKQxg8fFQM3rqF9ieFbKtwflo4Wr70o6b2AqVHH71Q=; b=YNSYCZUvGZ1mZey1U6g3uHrPuMZAAsfllSe83CsloZ9q94Q0/Qde7AAvm6OWMf9SQB YG7oPA27nj3nH+ier/TypzD0gzKRAR4OXYd2DUoBNfQdwROHsMauj1jaYba5qgqKTsto oFgLGjfsDeTCIDduhCp7DGpyOz50jNmm9m0Q5YNf9sMwVZhJCSarvWbWrRz3TeEtZcv6 ntugSjPOdRNpb5Gtiw4NBKXsQvunAn45XDKsbJRcEB45f47RdVQjdoHUHRUWhZkqG2Nz Mg1CZX0iAWV/l380Da7jUqfcMYx4GOlAYw1+iAW8k7LX2oTQTSetzaCV6LkMLwgszTXr YoDw== MIME-Version: 1.0 Received: by 10.204.154.193 with SMTP id p1mr6372777bkw.102.1340029949430; Mon, 18 Jun 2012 07:32:29 -0700 (PDT) Received: by 10.204.171.138 with HTTP; Mon, 18 Jun 2012 07:32:29 -0700 (PDT) Received: by 10.204.171.138 with HTTP; Mon, 18 Jun 2012 07:32:29 -0700 (PDT) In-Reply-To: <4FDF2DCA.2020105@gmail.com> References: <4FDF2DCA.2020105@gmail.com> Date: Mon, 18 Jun 2012 15:32:29 +0100 Message-ID: From: Chris Rees To: Budnev Vladimir X-Mailman-Approved-At: Mon, 18 Jun 2012 17:02:09 +0000 Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-security@freebsd.org, freebsd-questions@freebsd.org Subject: Re: (Free 7.2) "su -l" didnt prompt password.Is it possbile? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Jun 2012 14:32:31 -0000 On Jun 18, 2012 2:34 PM, "Budnev Vladimir" wrote: > > Hello everyone. > We'v noticed some strange situation. After reboot and login, system didn't ask for password while switchig with su -l. > > In details, there was root login from terminal and one from ssh. > Terminal login was directly as root(via ip-console), and ssh was as user, then attemped switch to root with su -l, and there were NO password request,no prompt at all. At the same time login from terminal accepted root password, first I thought that means password wasn't empty, but system even with empty password should print "Password:"..and that time it was nothing absolultey. Empty password behaviour is for no prompt, so what you are seeing is normal, and means that you did indeed have a empty password. Check your logs very carefully over the past few weeks to make sure no one has broken in. Chris From owner-freebsd-security@FreeBSD.ORG Mon Jun 18 15:27:28 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 3D2061065670; Mon, 18 Jun 2012 15:27:28 +0000 (UTC) (envelope-from bah@bananmonarki.se) Received: from feeder.usenet4all.se (1-1-1-38a.far.sth.bostream.se [82.182.32.53]) by mx1.freebsd.org (Postfix) with ESMTP id 96D5C8FC0A; Mon, 18 Jun 2012 15:27:26 +0000 (UTC) Received: from kw.news4all.se (c80-217-70-175.bredband.comhem.se [80.217.70.175]) by feeder.usenet4all.se (8.13.1/8.13.1) with ESMTP id q5IFRJv6036577; Mon, 18 Jun 2012 17:27:19 +0200 (CEST) (envelope-from bah@bananmonarki.se) Message-ID: <4FDF4879.9040509@bananmonarki.se> Date: Mon, 18 Jun 2012 17:25:45 +0200 From: Bernt Hansson User-Agent: Mozilla/5.0 (X11; FreeBSD i386; rv:12.0) Gecko/20120607 Thunderbird/12.0.1 MIME-Version: 1.0 To: Budnev Vladimir References: <4FDF2DCA.2020105@gmail.com> <4FDF3E1E.8040100@gmail.com> In-Reply-To: <4FDF3E1E.8040100@gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Mon, 18 Jun 2012 17:08:31 +0000 Cc: freebsd-security@freebsd.org, freebsd-questions@freebsd.org, Chris Rees Subject: Re: (Free 7.2) "su -l" didnt prompt password.Is it possbile? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Jun 2012 15:27:28 -0000 On 2012-06-18 16:41, Budnev Vladimir wrote: > The strange thing with possibly empty password is that login from > ip-console accepted correct password. So dont sure about empty...It > seems like su was accepting any password at that time. That is the behavior with an empty password. The login would accept any password. From owner-freebsd-security@FreeBSD.ORG Mon Jun 18 17:33:20 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 75F55106566B for ; Mon, 18 Jun 2012 17:33:20 +0000 (UTC) (envelope-from jhs@berklix.com) Received: from tower.berklix.org (tower.berklix.org [83.236.223.114]) by mx1.freebsd.org (Postfix) with ESMTP id F032B8FC21 for ; Mon, 18 Jun 2012 17:33:19 +0000 (UTC) Received: from mart.js.berklix.net (p5DCBD5E0.dip.t-dialin.net [93.203.213.224]) (authenticated bits=0) by tower.berklix.org (8.14.2/8.14.2) with ESMTP id q5IHX5ZH087680; Mon, 18 Jun 2012 17:33:05 GMT (envelope-from jhs@berklix.com) Received: from fire.js.berklix.net (fire.js.berklix.net [192.168.91.41]) by mart.js.berklix.net (8.14.3/8.14.3) with ESMTP id q5IHWqK2085761; Mon, 18 Jun 2012 19:32:54 +0200 (CEST) (envelope-from jhs@berklix.com) Received: from fire.js.berklix.net (localhost [127.0.0.1]) by fire.js.berklix.net (8.14.4/8.14.4) with ESMTP id q5IHWXU1090894; Mon, 18 Jun 2012 19:32:40 +0200 (CEST) (envelope-from jhs@fire.js.berklix.net) Message-Id: <201206181732.q5IHWXU1090894@fire.js.berklix.net> To: Jason Hellenthal From: "Julian H. Stacey" Organization: http://berklix.com BSD Unix Linux Consultancy, Munich Germany User-agent: EXMH on FreeBSD http://berklix.com/free/ X-URL: http://www.berklix.com In-reply-to: Your message "Mon, 18 Jun 2012 10:42:59 EDT." <20120618144259.GB74775@DataIX.net> Date: Mon, 18 Jun 2012 19:32:32 +0200 Sender: jhs@berklix.com Cc: freebsd-security@freebsd.org, Budnev Vladimir Subject: Re: (Free 7.2) "su -l" didnt prompt password.Is it possbile? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Jun 2012 17:33:20 -0000 > The only thing I can think of ATM is .. did you recently perform and > upgrade from source with this system ? mergemaster ? Most mis dials on the phone network used to be proven to be human not machine, despite people said they were careful & had not made mistakes. Never underestimate human error. I've know test hosts that were off line & someone zeroed out the root pwd while sys was under debug/repair, to save a visiting expert needing a tmp root pwd. (A bad habit, but its's been known). Then some time later one discovers it is Still zeroed out ;-) ... To err is human, to BSD is divine ;-) Cheers, Julian -- Julian Stacey, BSD Unix Linux C Sys Eng Consultants Munich http://berklix.com Reply below not above, cumulative like a play script, & indent with "> ". Format: Plain text. Not HTML, multipart/alternative, base64, quoted-printable. Mail from @yahoo dumped @berklix. http://berklix.org/yahoo/ From owner-freebsd-security@FreeBSD.ORG Mon Jun 18 21:37:42 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 50DC4106566C for ; Mon, 18 Jun 2012 21:37:42 +0000 (UTC) (envelope-from simon@FreeBSD.org) Received: from emx.nitro.dk (emx.nitro.dk [IPv6:2a01:4f8:120:7384::102]) by mx1.freebsd.org (Postfix) with ESMTP id D987E8FC14 for ; Mon, 18 Jun 2012 21:37:41 +0000 (UTC) Received: from mailscan.leto.nitro.dk (mailscan.leto.nitro.dk [127.0.1.4]) by emx.nitro.dk (Postfix) with ESMTP id 1376428548A for ; Mon, 18 Jun 2012 21:37:41 +0000 (UTC) Received: from emx.nitro.dk ([127.0.1.2]) by mailscan.leto.nitro.dk (mailscan.leto.nitro.dk [127.0.1.4]) (amavisd-new, port 10024) with LMTP id wIXCS60b3ESd for ; Mon, 18 Jun 2012 21:37:39 +0000 (UTC) Received: from [192.168.4.24] (unknown [46.7.100.49]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by emx.nitro.dk (Postfix) with ESMTPSA id 2C2C0285489 for ; Mon, 18 Jun 2012 21:37:39 +0000 (UTC) From: "Simon L. B. Nielsen" Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Date: Mon, 18 Jun 2012 22:37:38 +0100 Message-Id: <497105EC-3223-4E59-A6E6-F810A15BCA5C@FreeBSD.org> To: freebsd-security@freebsd.org Mime-Version: 1.0 (Apple Message framework v1278) X-Mailer: Apple Mail (2.1278) Subject: Update for FreeBSD Security Advisory FreeBSD-SA-12:04.sysret for 8.1 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Jun 2012 21:37:42 -0000 Hello, Just a quick heads up that it turned out that the patch for Update for = FreeBSD-SA-12:04.sysret applied incorrectly to FreeBSD 8.1 (releng/8.1). = The patch applied, but in the wrong location. Note that this is ONLY for FreeBSD 8.1. Other branches are OK. As this is public, and rather obvious if you really look at the code in = 8.1, I decided to commit the fix as soon as possible, so it is in = releng/8.1 now as r237241 + r237242. freebsd-update does not yet have the update, but builds are running. An = advisory update will be sent out once freebsd-update will have the patch = too. If you want to hand apply the patch you can get it from = http://svnweb.freebsd.org/base/releng/8.1/sys/amd64/amd64/trap.c?view=3Dpa= tch&r1=3D237241&r2=3D237240&pathrev=3D237241 assuming you already have = the original patch applied. PS. Sorry for the lack of PGP signature, but my mail program is not = cooperating and I would rather fix the issue than battle with a mail = program. --=20 Simon L. B. Nielsen FreeBSD Security Officer From owner-freebsd-security@FreeBSD.ORG Mon Jun 18 22:16:15 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9B5591065672 for ; Mon, 18 Jun 2012 22:16:15 +0000 (UTC) (envelope-from oliver.pntr@gmail.com) Received: from mail-yw0-f54.google.com (mail-yw0-f54.google.com [209.85.213.54]) by mx1.freebsd.org (Postfix) with ESMTP id 5A6AC8FC08 for ; Mon, 18 Jun 2012 22:16:15 +0000 (UTC) Received: by yhgm50 with SMTP id m50so4949359yhg.13 for ; Mon, 18 Jun 2012 15:16:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=4wjvyZ6ka1B/XtqM7+BXnusS4QZI6ef2AOgV2ou+hWs=; b=xfMxWBcD9EbPBTygYk9UW7ntsBClZxYf8rGa2Fpenbn5A/6UIqxpjp+9CZVZzGaQDd o4Bn9u1+OxL4A7WlsNDYcX8ZDvSZaaPJgYqowibyA2mY7pPCY6sLplZYGpCQ6OwJDWWw Srhz0D6w593wfAG0kdfAM32UdybTQ8nLujjcj/tZL6KJAOtcTGlWeTts2SuCaq8UF6Bc ZOK3DQ5NlV9ZTBAz96JZqW2U6+C0fG5llvCj0uq2bKzO+NhUmZcKdgeZ1Q0t7gj0HfL3 hzLanHYzRj5DWTOV9QcSfUyetPpZpMSw+BZcxfxitbFpA1OXIBMvTEZ1fiSFCRlUMra9 LjlA== MIME-Version: 1.0 Received: by 10.101.175.1 with SMTP id c1mr6190269anp.10.1340057774718; Mon, 18 Jun 2012 15:16:14 -0700 (PDT) Received: by 10.236.46.233 with HTTP; Mon, 18 Jun 2012 15:16:14 -0700 (PDT) Date: Tue, 19 Jun 2012 00:16:14 +0200 Message-ID: From: Oliver Pinter To: freebsd-security@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Subject: FYI: Fwd: [Dailydave] CANVAS SYSRET Module X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Jun 2012 22:16:15 -0000 ---------- Forwarded message ---------- From: Alex McGeorge Date: Mon, 18 Jun 2012 10:10:09 -0400 Subject: [Dailydave] CANVAS SYSRET Module To: dailydave@lists.immunityinc.com, canvas@lists.immunityinc.com Aloha lists, There has been a lot of talk about the SYSRET vulnerability [1] recently and even some pretty good write ups [2]. Of course the best discussion of this bug will undoubtedly come from Rafal at his BlackHat talk in Vegas [3]. For those of you who are eager to see an exploit for this vulnerability in action we've got you covered: http://partners.immunityinc.com/movies/SYSRET-v2.mov . The exploit has been available since Friday to CANVAS Early Updates (CEU) customers for their FreeBSD privilege escalation pleasure, courtesy of our Unix exploit development team. For CEU inquiries please email admin@immunityinc.com . We were chatting about this on Friday, do other people see FreeBSD in the enterprise on pen-tests? Outside of a few NAS solutions I've seen it employed in source control and for other important tasks (DNS, FTP). Now that Linux is so common place is FreeBSD considered exotic? Cheers, -AlexM [1] http://www.kb.cert.org/vuls/id/649219 [2] http://blog.xen.org/index.php/2012/06/13/the-intel-sysret-privilege-escalation/ [3] https://www.blackhat.com/html/bh-us-12/bh-us-12-briefings.html#Wojtczuk -- Alex McGeorge Immunity Inc. 1130 Washington Avenue 8th Floor Miami Beach, Florida 33139 P: 786.220.0600 From owner-freebsd-security@FreeBSD.ORG Tue Jun 19 14:10:07 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 6F9B0106566B for ; Tue, 19 Jun 2012 14:10:07 +0000 (UTC) (envelope-from sidetripping@gmail.com) Received: from mail-pz0-f54.google.com (mail-pz0-f54.google.com [209.85.210.54]) by mx1.freebsd.org (Postfix) with ESMTP id 3DF7D8FC16 for ; Tue, 19 Jun 2012 14:10:07 +0000 (UTC) Received: by dadv36 with SMTP id v36so9084356dad.13 for ; Tue, 19 Jun 2012 07:10:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=UU+FUGn1qWCUXWU5+a3a8WvPg/xAxAH62T+wzGlnJ2M=; b=o/yjQLlrK2Mm4o/7HBWvmqkSYoDKex134sj4T6lOJffOrEK6rV1izaDDg51upubMo2 src3E75xpitk8QM2S8cXwPH8YvQzcIJbx6AgkDZSOPVJVtl/T2Pknbf6MSLLcpVyctUC nauHmX/Cxptj/YtQsstx+i3pL/qUM8wKFCpdGR50Yc0Ul2HxQiO4P9ktwazsIO7apY5i 2S2aJiEi+sKzbCVr/+ZjhQIhC1JT9ZUuaDLC4IovtpgxY1X/oiT+YouLGxrCkBQNwT1j ZcYTY+S+JbFQUEfvDRJWpwutBYcH+KJmGgvVPBP7S4sHBf23vB+MIkuX5EWUkHhR72xN 21rA== MIME-Version: 1.0 Received: by 10.68.237.74 with SMTP id va10mr64461959pbc.46.1340115006554; Tue, 19 Jun 2012 07:10:06 -0700 (PDT) Received: by 10.66.79.73 with HTTP; Tue, 19 Jun 2012 07:10:06 -0700 (PDT) Date: Tue, 19 Jun 2012 16:10:06 +0200 Message-ID: From: ian ivy To: freebsd-security@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Default password encryption method. X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Jun 2012 14:10:07 -0000 Hello, By default FreeBSD uses MD5 to encrypt passwords. MD5 is believed to be more secure than e.g. DES but less than e.g. SHA512. Currently several major Linux distributions, uses a SHA512 mechanism. Suse Linux also offers a blowfish. Some Debian based distributions use MD5-based algorithm compatible with the one used by recent releases of FreeBSD - but mostly this variable (* MD5_CRYPT_ENAB*) is deprecated, and SHA512-based algorithm is used. Of course, in FreeBSD we can change the MD5 for example to BLF, but, it will be not a better solution to use SHA512 by default? From owner-freebsd-security@FreeBSD.ORG Tue Jun 19 14:15:50 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 763821065670 for ; Tue, 19 Jun 2012 14:15:50 +0000 (UTC) (envelope-from max@mxcrypt.com) Received: from mail-qc0-f182.google.com (mail-qc0-f182.google.com [209.85.216.182]) by mx1.freebsd.org (Postfix) with ESMTP id 2B5A78FC14 for ; Tue, 19 Jun 2012 14:15:50 +0000 (UTC) Received: by qcsg15 with SMTP id g15so4304162qcs.13 for ; Tue, 19 Jun 2012 07:15:49 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:x-gm-message-state; bh=J5255/sgbeKDS9fMJOHhANdrrecTLn2lZmKowEVZAh8=; b=CVyGZAkRbIR2hFgaaqubka1y1TIo8GRNq/vCJa1IOugHulqbL4PldXXSYrwQDJNRL0 JNvBIfjEgYfM6uPlrrOLYt7r2tqsFeEOdDdz2uwkRoT7rcCnxn3TpOdf+nOsfVumonwl e0l8ykrJ0w/Z5SCwpC41ceeb1Hwqfy0gn4ZWrIHmUl1RQ1exOAN8/xzD7nnJqCDebQ8s Br38USTLg4HRfux3/e0unWzkgY58T5JB0r0iiyz98BuKtLQcpewHERldSlMtZ875bH28 P5l6z0Cm6FN8snFHN8NUP8FzOGCzzbBLtJRRkNJpF5vQOKAC7uRGdFmqrCEW70ECb4Sd Wlbw== Received: by 10.224.70.144 with SMTP id d16mr34423391qaj.45.1340115348990; Tue, 19 Jun 2012 07:15:48 -0700 (PDT) MIME-Version: 1.0 Received: by 10.229.224.82 with HTTP; Tue, 19 Jun 2012 07:15:18 -0700 (PDT) In-Reply-To: References: From: Maxim Khitrov Date: Tue, 19 Jun 2012 10:15:18 -0400 Message-ID: To: ian ivy Content-Type: text/plain; charset=UTF-8 X-Gm-Message-State: ALoCoQmIt1In2eDE8ajv5/lpuSjKtOVCbg6zqZm4ng9VPG1N7EMCMJucx2MjDiq41xBm6hlVPIDg Cc: freebsd-security@freebsd.org Subject: Re: Default password encryption method. X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Jun 2012 14:15:50 -0000 On Tue, Jun 19, 2012 at 10:10 AM, ian ivy wrote: > Hello, > > By default FreeBSD uses MD5 to encrypt passwords. MD5 is believed to be > more secure than e.g. DES but less than e.g. SHA512. Currently several > major Linux distributions, uses a SHA512 mechanism. Suse Linux also offers > a blowfish. > > Some Debian based distributions use MD5-based algorithm compatible with the > one > used by recent releases of FreeBSD - but mostly this variable (* > MD5_CRYPT_ENAB*) > is deprecated, and SHA512-based algorithm is used. > > Of course, in FreeBSD we can change the MD5 for example to BLF, > but, it will be not a better solution to use SHA512 by default? This has been discussed recently in the following thread: http://lists.freebsd.org/pipermail/freebsd-security/2012-June/006271.html - Max From owner-freebsd-security@FreeBSD.ORG Tue Jun 19 14:35:37 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 470351065670; Tue, 19 Jun 2012 14:35:37 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 2DF208FC17; Tue, 19 Jun 2012 14:35:37 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q5JEZbmt006650; Tue, 19 Jun 2012 14:35:37 GMT (envelope-from security-advisories@freebsd.org) Received: (from simon@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q5JEZbaa006648; Tue, 19 Jun 2012 14:35:37 GMT (envelope-from security-advisories@freebsd.org) Date: Tue, 19 Jun 2012 14:35:37 GMT Message-Id: <201206191435.q5JEZbaa006648@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: simon set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Precedence: bulk Cc: Subject: FreeBSD Security Advisory FreeBSD-SA-12:04.sysret [REVISED] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Reply-To: freebsd-security@freebsd.org List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Jun 2012 14:35:37 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-12:04.sysret Security Advisory The FreeBSD Project Topic: Privilege escalation when returning from kernel Category: core Module: sys_amd64 Announced: 2012-06-12 Credits: Rafal Wojtczuk, John Baldwin Affects: All supported versions of FreeBSD Corrected: 2012-06-12 12:10:10 UTC (RELENG_7, 7.4-STABLE) 2012-06-12 12:10:10 UTC (RELENG_7_4, 7.4-RELEASE-p9) 2012-06-12 12:10:10 UTC (RELENG_8, 8.3-STABLE) 2012-06-12 12:10:10 UTC (RELENG_8_3, 8.3-RELEASE-p3) 2012-06-12 12:10:10 UTC (RELENG_8_2, 8.2-RELEASE-p9) 2012-06-18 21:00:54 UTC (RELENG_8_1, 8.1-RELEASE-p12) 2012-06-12 12:10:10 UTC (RELENG_9, 9.0-STABLE) 2012-06-12 12:10:10 UTC (RELENG_9_0, 9.0-RELEASE-p3) CVE Name: CVE-2012-0217 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . 0. Revision History v1.0 2012-06-12 Initial release. v1.1 2012-06-19 Corrected patch FreeBSD 8.1. I. Background The FreeBSD operating system implements a rings model of security, where privileged operations are done in the kernel, and most applications request access to these operations by making a system call, which puts the CPU into the required privilege level and passes control to the kernel. II. Problem Description FreeBSD/amd64 runs on CPUs from different vendors. Due to varying behaviour of CPUs in 64 bit mode a sanity check of the kernel may be insufficient when returning from a system call. III. Impact Successful exploitation of the problem can lead to local kernel privilege escalation, kernel data corruption and/or crash. To exploit this vulnerability, an attacker must be able to run code with user privileges on the target system. IV. Workaround No workaround is available. However FreeBSD/amd64 running on AMD CPUs is not vulnerable to this particular problem. Systems with 64 bit capable CPUs, but running the 32 bit FreeBSD/i386 kernel are not vulnerable, nor are systems running on different processor architectures. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 7-STABLE, 8-STABLE, or 9-STABLE, or to the RELENG_7_4, RELENG_8_3, RELENG_8_2, RELENG_8_1, or RELENG_9_0 security branch dated after the correction date. 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to FreeBSD 7.4, 8.3, 8.2, 8.1 and 9.0 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [7.4, 8.3, 8.2, 9.0] # fetch http://security.FreeBSD.org/patches/SA-12:04/sysret.patch # fetch http://security.FreeBSD.org/patches/SA-12:04/sysret.patch.asc [8.1] # fetch http://security.FreeBSD.org/patches/SA-12:04/sysret-81.patch # fetch http://security.FreeBSD.org/patches/SA-12:04/sysret-81.patch.asc [8.1 if original sysret.patch has been applied] # fetch http://security.FreeBSD.org/patches/SA-12:04/sysret-81-correction.patch # fetch http://security.FreeBSD.org/patches/SA-12:04/sysret-81-correction.patch.asc b) Apply the patch. # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. 3) To update your vulnerable system via a binary patch: Systems running 7.4-RELEASE, 8.3-RELEASE, 8.2-RELEASE, 8.1-RELEASE, or 9.0-RELEASE on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. CVS: Branch Revision Path - ------------------------------------------------------------------------- RELENG_7 src/sys/amd64/amd64/trap.c 1.319.2.14 RELENG_7_4 src/UPDATING 1.507.2.36.2.11 src/sys/conf/newvers.sh 1.72.2.18.2.14 src/sys/amd64/amd64/trap.c 1.319.2.12.2.2 RELENG_8 src/sys/amd64/amd64/trap.c 1.332.2.24 RELENG_8_3 src/UPDATING 1.632.2.26.2.5 src/sys/conf/newvers.sh 1.83.2.15.2.7 src/sys/amd64/amd64/trap.c 1.332.2.21.2.2 RELENG_8_2 src/UPDATING 1.632.2.19.2.11 src/sys/conf/newvers.sh 1.83.2.12.2.14 src/sys/amd64/amd64/trap.c 1.332.2.14.2.2 RELENG_8_1 src/UPDATING 1.632.2.14.2.15 src/sys/conf/newvers.sh 1.83.2.10.2.16 src/sys/amd64/amd64/trap.c 1.332.2.10.2.3 RELENG_9 src/sys/amd64/amd64/trap.c 1.357.2.9 RELENG_9_0 src/UPDATING 1.702.2.4.2.5 src/sys/conf/newvers.sh 1.95.2.4.2.7 src/sys/amd64/amd64/trap.c 1.357.2.2.2.3 - ------------------------------------------------------------------------- Subversion: Branch/path Revision - ------------------------------------------------------------------------- stable/7/ r236953 releng/7.4/ r236953 stable/8/ r236953 releng/8.3/ r236953 releng/8.2/ r236953 releng/8.1/ r237242 stable/9/ r236953 releng/9.0/ r236953 - ------------------------------------------------------------------------- VII. References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0217 The latest revision of this advisory is available at http://security.FreeBSD.org/advisories/FreeBSD-SA-12:04.sysret.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 iEYEARECAAYFAk/gjHQACgkQFdaIBMps37KutQCgkcp+lqFuJ3/fQKUemn80suW5 u/wAn2VLxY5LoUPNsN2eUHYB4GMz0AHl =tQOk -----END PGP SIGNATURE----- From owner-freebsd-security@FreeBSD.ORG Tue Jun 19 18:14:01 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E8514106564A for ; Tue, 19 Jun 2012 18:14:01 +0000 (UTC) (envelope-from simon@qxnitro.org) Received: from mail-bk0-f54.google.com (mail-bk0-f54.google.com [209.85.214.54]) by mx1.freebsd.org (Postfix) with ESMTP id 64C678FC0C for ; Tue, 19 Jun 2012 18:14:01 +0000 (UTC) Received: by bkvi18 with SMTP id i18so6766408bkv.13 for ; Tue, 19 Jun 2012 11:14:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qxnitro.org; s=google; h=mime-version:sender:x-originating-ip:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; bh=M+27C4Tqm9EB8y1CiKJZURpQ60/Yo+CN9Z2+MxF3JL4=; b=pbovrrvJ+yrBrmexbCPkb9bV6b72Yc+trCEt7CFWczwIWB/TsbCPOFK+iRG6ubRlmH F/SrnzEtNRTiF4F/2iyTcX+ArrZ2wAd7BKsph2Pmg+0LUlhAwFDhsE2Mq/pZYHRFqnap Os37tmzPP9T0rflus8jnV1QZHjYWQVxqWOC4A= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:sender:x-originating-ip:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :x-gm-message-state; bh=M+27C4Tqm9EB8y1CiKJZURpQ60/Yo+CN9Z2+MxF3JL4=; b=d8xkc7nnjzr9l+mt/LrtgqNF4IXsDYVnPR1XPuqtMyh3yZ0SRdIqf1MO7xUfM0HgqP 6HV+nNEtk5trbYK+Sd8Z5tLevUT5oDkY0z4Jn6ud/jWNsZ/byRPjcJ6072s1iIT7jgHy YwEGqsd4bgnjBuFP/PmRNGkFGK46MH/skLApiGC/ZiExX77idMlvueIuvbhPI9aFoMrn pA9xhbB0dS7jKbvYbBz7f5mFcKyiDeF0dn/n02D3lHFCdOiOe/4sS5wTwJB2r18Fzubk f4dZN9RDcPYKSGlrum37L1RHUzL/y0OA/vZ5F4XZab/vgSwwELHup1LKfLZ0W3Bkx8HW 4mdg== MIME-Version: 1.0 Received: by 10.204.154.138 with SMTP id o10mr6616719bkw.34.1340129640265; Tue, 19 Jun 2012 11:14:00 -0700 (PDT) Sender: simon@qxnitro.org Received: by 10.205.39.199 with HTTP; Tue, 19 Jun 2012 11:14:00 -0700 (PDT) X-Originating-IP: [78.152.219.166] Received: by 10.205.39.199 with HTTP; Tue, 19 Jun 2012 11:14:00 -0700 (PDT) In-Reply-To: References: Date: Tue, 19 Jun 2012 19:14:00 +0100 X-Google-Sender-Auth: ARt4uncsL-6lOqzhRLlUFHEfzqw Message-ID: From: "Simon L. B. Nielsen" To: Maxim Khitrov X-Gm-Message-State: ALoCoQnU57c/x9yYlBK+mM6YdFB0nEaoHPSfL77c5sqR1U+2jS9dAPozEiehxJPSuXTfzbehZv56 Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-security@freebsd.org, ian ivy Subject: Re: Default password encryption method. X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Jun 2012 18:14:02 -0000 On Jun 19, 2012 3:16 PM, "Maxim Khitrov" wrote: > > On Tue, Jun 19, 2012 at 10:10 AM, ian ivy wrote: > > Hello, > > > > By default FreeBSD uses MD5 to encrypt passwords. MD5 is believed to be > > more secure than e.g. DES but less than e.g. SHA512. Currently several > > major Linux distributions, uses a SHA512 mechanism. Suse Linux also offers > > a blowfish. > > > > Some Debian based distributions use MD5-based algorithm compatible with the > > one > > used by recent releases of FreeBSD - but mostly this variable (* > > MD5_CRYPT_ENAB*) > > is deprecated, and SHA512-based algorithm is used. > > > > Of course, in FreeBSD we can change the MD5 for example to BLF, > > but, it will be not a better solution to use SHA512 by default? > > This has been discussed recently in the following thread: > > http://lists.freebsd.org/pipermail/freebsd-security/2012-June/006271.html The FreeBSD Security Team is also looking at (/poking people to look at) solutions which will improve the the time it takes to brute force passwords significantly more. -- Simon From owner-freebsd-security@FreeBSD.ORG Tue Jun 19 18:16:05 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id B4DBE1065670; Tue, 19 Jun 2012 18:16:05 +0000 (UTC) (envelope-from steven@pyro.eu.org) Received: from falkenstein-2.sn.de.cluster.ok24.net (falkenstein-2.sn.de.cluster.ok24.net [IPv6:2002:4e2f:2f89:2::1]) by mx1.freebsd.org (Postfix) with ESMTP id 611B08FC08; Tue, 19 Jun 2012 18:16:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=pyro.eu.org; s=06.2012; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:References:Subject:CC:To:MIME-Version:From:Date:Message-ID; bh=dkN5lDvC+28Kz8hSVJkhQ5NtngXuUBSeWFVkvFJdUk8=; b=CbQEAaff4dAJ08TDlLdn1BtNcy9WBx+b8/Iw1bfj3pk0QSYbqXHZnhxOHhxqa/6S2PL5miS/EFF6cMwuVv0N6s7ftm9bfLcnZ16dhzZUL3jgI4+gbZrQTXchb3P2dUAv1fqRZ+d5W4kiI/l9yJ0arQZGm6E4wBkeV7cPUKI2J9Y=; X-Spam-Status: No, score=-1.1 required=2.0 tests=ALL_TRUSTED, BAYES_00, DKIM_ADSP_DISCARD, TVD_RCVD_IP Received: from 188-220-33-66.zone11.bethere.co.uk ([188.220.33.66] helo=guisborough-1.rcc.uk.cluster.ok24.net) by falkenstein-2.sn.de.cluster.ok24.net with esmtp (Exim 4.72) (envelope-from ) id 1Sh2y7-0002fz-7E; Tue, 19 Jun 2012 19:16:04 +0100 X-Spam-Status: No, score=-4.4 required=2.0 tests=ALL_TRUSTED, AWL, BAYES_00, DKIM_POLICY_SIGNALL Received: from [192.168.0.110] (helo=[192.168.0.9]) by guisborough-1.rcc.uk.cluster.ok24.net with esmtpsa (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.69) (envelope-from ) id 1Sh2y2-0003RD-9x; Tue, 19 Jun 2012 19:15:58 +0100 Message-ID: <4FE0C1DA.2080809@pyro.eu.org> Date: Tue, 19 Jun 2012 19:15:54 +0100 From: Steven Chamberlain User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.16) Gecko/20120503 Icedove/3.0.11 MIME-Version: 1.0 To: freebsd-security@freebsd.org References: <497105EC-3223-4E59-A6E6-F810A15BCA5C@FreeBSD.org> In-Reply-To: <497105EC-3223-4E59-A6E6-F810A15BCA5C@FreeBSD.org> X-Enigmail-Version: 1.0.1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: bz@freebsd.org, "Simon L. B. Nielsen" Subject: Re: Update for FreeBSD Security Advisory FreeBSD-SA-12:04.sysret for 8.1 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Jun 2012 18:16:05 -0000 Hi, Thanks a lot of looking into this! On 18/06/12 22:37, Simon L. B. Nielsen wrote: > Note that this is ONLY for FreeBSD 8.1. Other branches are OK. Having seen the correct fix now, I'm starting to wonder if the commit to RELENG_7_4 was really okay too? http://svnweb.freebsd.org/base/releng/7.4/sys/amd64/amd64/trap.c?annotate=236953#l975 The inserted code does not appear at the end of the function, like it does now in all other versions including 8.1 which is the most similar. I expect this would at least trap if the exploit was attempted, but then it would omit the rest of the function, including userret(); would that have consequences? Thanks, Regards, -- Steven Chamberlain steven@pyro.eu.org From owner-freebsd-security@FreeBSD.ORG Tue Jun 19 18:44:28 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 55A661065670; Tue, 19 Jun 2012 18:44:28 +0000 (UTC) (envelope-from simon@FreeBSD.org) Received: from emx.nitro.dk (emx.nitro.dk [IPv6:2a01:4f8:120:7384::102]) by mx1.freebsd.org (Postfix) with ESMTP id D83E38FC18; Tue, 19 Jun 2012 18:44:27 +0000 (UTC) Received: from mailscan.leto.nitro.dk (mailscan.leto.nitro.dk [127.0.1.4]) by emx.nitro.dk (Postfix) with ESMTP id 0ADA02869CA; Tue, 19 Jun 2012 18:44:27 +0000 (UTC) Received: from emx.nitro.dk ([127.0.1.2]) by mailscan.leto.nitro.dk (mailscan.leto.nitro.dk [127.0.1.4]) (amavisd-new, port 10024) with LMTP id YZ-MaOmkCCd5; Tue, 19 Jun 2012 18:44:22 +0000 (UTC) Received: from [192.168.4.24] (unknown [46.7.100.49]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by emx.nitro.dk (Postfix) with ESMTPSA id 1AB002869C8; Tue, 19 Jun 2012 18:44:22 +0000 (UTC) Mime-Version: 1.0 (Apple Message framework v1278) Content-Type: text/plain; charset=iso-8859-1 From: "Simon L. B. Nielsen" In-Reply-To: <4FE0C1DA.2080809@pyro.eu.org> Date: Tue, 19 Jun 2012 19:44:22 +0100 Content-Transfer-Encoding: quoted-printable Message-Id: References: <497105EC-3223-4E59-A6E6-F810A15BCA5C@FreeBSD.org> <4FE0C1DA.2080809@pyro.eu.org> To: Steven Chamberlain X-Mailer: Apple Mail (2.1278) Cc: freebsd-security@freebsd.org, bz@freebsd.org Subject: Re: Update for FreeBSD Security Advisory FreeBSD-SA-12:04.sysret for 8.1 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Jun 2012 18:44:28 -0000 On 19 Jun 2012, at 19:15, Steven Chamberlain wrote: > On 18/06/12 22:37, Simon L. B. Nielsen wrote: >> Note that this is ONLY for FreeBSD 8.1. Other branches are OK. >=20 > Having seen the correct fix now, I'm starting to wonder if the commit = to > RELENG_7_4 was really okay too? >=20 > = http://svnweb.freebsd.org/base/releng/7.4/sys/amd64/amd64/trap.c?annotate=3D= 236953#l975 >=20 > The inserted code does not appear at the end of the function, like it > does now in all other versions including 8.1 which is the most = similar. >=20 > I expect this would at least trap if the exploit was attempted, but = then > it would omit the rest of the function, including userret(); would = that > have consequences? =46rom what our "kernel experts" (jhb/kib - sorry can't recall who = checked this), it should still work fine in the location it is in for = 7.4. --=20 Simon L. B. Nielsen From owner-freebsd-security@FreeBSD.ORG Tue Jun 19 18:47:41 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 92E19106566B; Tue, 19 Jun 2012 18:47:41 +0000 (UTC) (envelope-from jhb@freebsd.org) Received: from bigwig.baldwin.cx (bigknife-pt.tunnel.tserv9.chi1.ipv6.he.net [IPv6:2001:470:1f10:75::2]) by mx1.freebsd.org (Postfix) with ESMTP id 640178FC0C; Tue, 19 Jun 2012 18:47:41 +0000 (UTC) Received: from jhbbsd.localnet (unknown [209.249.190.124]) by bigwig.baldwin.cx (Postfix) with ESMTPSA id C86E1B962; Tue, 19 Jun 2012 14:47:40 -0400 (EDT) From: John Baldwin To: freebsd-security@freebsd.org Date: Tue, 19 Jun 2012 14:44:35 -0400 User-Agent: KMail/1.13.5 (FreeBSD/8.2-CBSD-20110714-p13; KDE/4.5.5; amd64; ; ) References: <497105EC-3223-4E59-A6E6-F810A15BCA5C@FreeBSD.org> <4FE0C1DA.2080809@pyro.eu.org> In-Reply-To: <4FE0C1DA.2080809@pyro.eu.org> MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <201206191444.35285.jhb@freebsd.org> X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.7 (bigwig.baldwin.cx); Tue, 19 Jun 2012 14:47:40 -0400 (EDT) Cc: bz@freebsd.org, "Simon L. B. Nielsen" , Steven Chamberlain Subject: Re: Update for FreeBSD Security Advisory FreeBSD-SA-12:04.sysret for 8.1 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Jun 2012 18:47:41 -0000 On Tuesday, June 19, 2012 2:15:54 pm Steven Chamberlain wrote: > Hi, > > Thanks a lot of looking into this! > > On 18/06/12 22:37, Simon L. B. Nielsen wrote: > > Note that this is ONLY for FreeBSD 8.1. Other branches are OK. > > Having seen the correct fix now, I'm starting to wonder if the commit to > RELENG_7_4 was really okay too? > > http://svnweb.freebsd.org/base/releng/7.4/sys/amd64/amd64/trap.c?annotate=236953#l975 > > The inserted code does not appear at the end of the function, like it > does now in all other versions including 8.1 which is the most similar. > > I expect this would at least trap if the exploit was attempted, but then > it would omit the rest of the function, including userret(); would that > have consequences? It would perhaps be best to occur at the end of the function to be consistent. However, the fix is functionally correct in this case. -- John Baldwin From owner-freebsd-security@FreeBSD.ORG Wed Jun 20 10:42:56 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 3405A106566B for ; Wed, 20 Jun 2012 10:42:56 +0000 (UTC) (envelope-from sidetripping@gmail.com) Received: from mail-pz0-f54.google.com (mail-pz0-f54.google.com [209.85.210.54]) by mx1.freebsd.org (Postfix) with ESMTP id 04F8C8FC18 for ; Wed, 20 Jun 2012 10:42:55 +0000 (UTC) Received: by dadv36 with SMTP id v36so10477749dad.13 for ; Wed, 20 Jun 2012 03:42:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=Fc4vjRo/9TcNY8RLIcSpdYYn+T9tsYd8ann6SQe7Tyg=; b=BN8s9K8UqBF5wZuSYR8gT2Ir6QoTTgIKswE5UZWOVt8qDYYggBXjnl1ctQASjAd/43 oJhJCnC1dhS/59LpCcUNPz65R0B7oVa/LZHXphmfGPa/VkAQlqKfVUNBMRmnRIPA70xB lu9XIrRG5PJQAKZAV3/s2cevMLIHlfQdtLzVBoCYFx9lTCMF0UxFG15dwg3GW+eBklen 1iqV598Eqzkliv6K9naX4mTAV6038beNPZBr8V9lgyffMGWfMlz6xNG84IhqzmeVU6NV wc1pcp2BjGkV2u2C7v3wKI7W1/vSwAA01E++mXYvYaiGLrZU/BiQw8xiXAefLd8v32Kq K7ng== MIME-Version: 1.0 Received: by 10.68.232.170 with SMTP id tp10mr4787268pbc.59.1340188975441; Wed, 20 Jun 2012 03:42:55 -0700 (PDT) Received: by 10.66.23.71 with HTTP; Wed, 20 Jun 2012 03:42:55 -0700 (PDT) In-Reply-To: References: Date: Wed, 20 Jun 2012 12:42:55 +0200 Message-ID: From: ian ivy To: Maxim Khitrov Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-security@freebsd.org Subject: Re: Default password encryption method. X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Jun 2012 10:42:56 -0000 Hi Max, Thanks for the link. I did not notice, that it was already discussed. Best regards! From owner-freebsd-security@FreeBSD.ORG Thu Jun 21 19:38:18 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 61CB21065672 for ; Thu, 21 Jun 2012 19:38:18 +0000 (UTC) (envelope-from astounding@gmail.com) Received: from mail-lb0-f182.google.com (mail-lb0-f182.google.com [209.85.217.182]) by mx1.freebsd.org (Postfix) with ESMTP id CFFA38FC15 for ; Thu, 21 Jun 2012 19:38:17 +0000 (UTC) Received: by lbon10 with SMTP id n10so3176684lbo.13 for ; Thu, 21 Jun 2012 12:38:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=KV5csiK8//XkD/cz7E5Kg5mMeJbSQfgOMVHXqrmEKpk=; b=O8udXd+Nk4Aw7bL6z2cQJH/U3PTqDrx9YoXKEV2PuMHHHy68BgWU4hSdj6drpFRXUf Tuvp3riwEtpRPHMuLFsNQMExMmcdiNVpdGaBtv3orIDB92gBOMQ8gjZuha1ogLTG5L0f CwyV7bDmt/G6mFpa3xnL/2xz8Tm8q0d0ZctmrclYPIsPcgWR9ggeIfEKHM+VxAgc9Ogj un55C+6DXLxUjQLOwJxHgT6U5wtWfYWjOggUaQa11qex/L+jBKNArTwSAVi9NX+EouDx /ZxBChSfWRW3y3pV50gk4QFWHPZB12sIudIzzdFyw6WQidGER5JwH+MRFi0UtVAWMDmK ggXA== MIME-Version: 1.0 Received: by 10.152.105.173 with SMTP id gn13mr27589502lab.20.1340307496518; Thu, 21 Jun 2012 12:38:16 -0700 (PDT) Received: by 10.112.26.2 with HTTP; Thu, 21 Jun 2012 12:38:16 -0700 (PDT) In-Reply-To: References: Date: Thu, 21 Jun 2012 13:38:16 -0600 Message-ID: From: "Aaron D. Gifford" To: freebsd-security@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Subject: Re: Default password encryption method. X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Jun 2012 19:38:18 -0000 On Tue, Jun 19, 2012 at 12:14 PM, Simon L. B. Nielsen wrote: ..snip... > The FreeBSD Security Team is also looking at (/poking people to look at) > solutions which will improve the the time it takes to brute force passwords > significantly more. > > -- > Simon I'd love to see PBKDF2 as a password hashing method. Yes, it's meant for deriving key material, but it can function similarly. It has the flexibility of allowing different hashes being used for the HMAC PRNG portion, and the ability to vary/specify the number of iterations. No, it's not memory complex like scrypt, but personally I prefer to not yet have memory usage involved. I could foresee PBKDF-HMAC-SHA512 or PBKDF-HMAC-SHA256. I would select the quantity of output to match the hash size selected (i.e. if I use HMAC-SHA512 for the PRNG portion of PBKDF2, I would have PBKDF2 generate 512 bits of output to store in my password database). PBKDF2(pseudo-random-function, password, salt, iterations, output-size) I'd offer HMAC-SHA256 and HMAC-SHA512 initially for the pseudo-random-function parameter. And I'd select output-size as mentioned above, 256 bits for HMAC-SHA256, etc. As for iterations, how hard would it be to allow for more variation in the base-64 encoded salt field in the master password database such that for a PBKDF2 scheme, the field used as salt would actually be three fields, an 4-bit pseudo-random-function selector and a 32-bit unsigned integer number of iterations (or 36 bits, which base-64 encoded would be 6 characters) followed by a variable length salt (i.e. any length permitted by the master password database structure up to the '$' character delimiter)? Or one could simply define separate algorithms for each PRF (pseudo-random-function) available. But, storing the number of iterations with the stored salt has the benefit of not requiring a new algorithm be defined when one wants to increase the default security level of hashed passwords. One merely need to change a system setting to default to use more iterations. And password databases from other systems with a higher or lower setting would still be readable and usable. Brainstorming session over... for now. Aaron out. From owner-freebsd-security@FreeBSD.ORG Fri Jun 22 13:44:10 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C2EC1106564A for ; Fri, 22 Jun 2012 13:44:10 +0000 (UTC) (envelope-from jhs@berklix.com) Received: from tower.berklix.org (tower.berklix.org [83.236.223.114]) by mx1.freebsd.org (Postfix) with ESMTP id 4FAD88FC16 for ; Fri, 22 Jun 2012 13:44:10 +0000 (UTC) Received: from mart.js.berklix.net (p5DCBDCF3.dip.t-dialin.net [93.203.220.243]) (authenticated bits=0) by tower.berklix.org (8.14.2/8.14.2) with ESMTP id q5MDi8gk061428 for ; Fri, 22 Jun 2012 13:44:09 GMT (envelope-from jhs@berklix.com) Received: from fire.js.berklix.net (fire.js.berklix.net [192.168.91.41]) by mart.js.berklix.net (8.14.3/8.14.3) with ESMTP id q5MDhu8N008035 for ; Fri, 22 Jun 2012 15:43:58 +0200 (CEST) (envelope-from jhs@berklix.com) Received: from fire.js.berklix.net (localhost [127.0.0.1]) by fire.js.berklix.net (8.14.4/8.14.4) with ESMTP id q5MDhmvS045187 for ; Fri, 22 Jun 2012 15:43:54 +0200 (CEST) (envelope-from jhs@fire.js.berklix.net) Message-Id: <201206221343.q5MDhmvS045187@fire.js.berklix.net> To: freebsd-security@freebsd.org From: "Julian H. Stacey" Organization: http://berklix.com BSD Linux Unix Consultancy, Munich Germany User-agent: EXMH on FreeBSD http://www.berklix.com/free/ X-URL: http://www.berklix.com/~jhs/cv/ Date: Fri, 22 Jun 2012 15:43:47 +0200 Sender: jhs@berklix.com Subject: / owned by bin causes sshd to complain bad ownership X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Jun 2012 13:44:10 -0000 Hi freebsd-security@freebsd.org On an 8.3-RELEASE running sshd, /var/log/auth.log Jun 22 12:54:06 lapr sshd[57505]: Authentication refused: bad ownership or modes for directory / Until I did chown 0:0 / ( It was previously drwxr-xr-x 25 bin bin 1024 Jun 20 19:53 ./ ) The chown is consistent with all of 8.3 /bin also being root & not bin, BUT Over use of Root seems Bad. Our ownership scheme has degraded compared to early 1980s Unix, where most bin & lib files & dirs were owned by bin, except for - a few SUID bins that Needed root - occasional administrator droppings, temporary accidental files that glared at the eyeball, as root, cos near all else was just bin. IMO very little in a system should be user root. Apologies, but to guide replies : (after threads burnt by a troll on another list) I'd not appreciate replies just along the lines of "It has to be to satisfy existing software". I'd much rather receive replies along lines of "What would be best ownership scheme, advantages & disadvantages + should we change anything ?" Cheers, Julian -- Julian Stacey, BSD Unix Linux C Sys Eng Consultants Munich http://berklix.com Reply below not above, cumulative like a play script, & indent with "> ". Format: Plain text. Not HTML, multipart/alternative, base64, quoted-printable. Mail from @yahoo dumped @berklix. http://berklix.org/yahoo/ From owner-freebsd-security@FreeBSD.ORG Fri Jun 22 15:59:34 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7E41F106566B for ; Fri, 22 Jun 2012 15:59:34 +0000 (UTC) (envelope-from jhellenthal@dataix.net) Received: from mail-yx0-f182.google.com (mail-yx0-f182.google.com [209.85.213.182]) by mx1.freebsd.org (Postfix) with ESMTP id 262F28FC15 for ; Fri, 22 Jun 2012 15:59:34 +0000 (UTC) Received: by yenl8 with SMTP id l8so1959037yen.13 for ; Fri, 22 Jun 2012 08:59:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dataix.net; s=rsa; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to; bh=iq3oT2b5YZUrdtBlZ3GoSTBB1irWpHfozuAQBzhjP54=; b=VBG14dNjL30Z2kauvAVcBa1xi9qCr2/uY0dlJ0+t6ikCokChqAYTS/TpY21I8p199q orSSnSodaPE/cWDTPloGAjKBlxMKLI/MSviJooJWqN9wNEaDCZ6MVAqBiT+0f8P+NtO3 1BBp6QpDrOG/91hLuGVx9ym2MDZINx4xZb2Ww= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:x-gm-message-state; bh=iq3oT2b5YZUrdtBlZ3GoSTBB1irWpHfozuAQBzhjP54=; b=Nvs+Jg0PuCLzX1gb2Tv2sXCFKmGkYz37rE3gkJgwmNPQY1yjwZEm2MpvHzZkBhU9m3 ssLGBK2Lu3oX1TOUqgXwCy5sTBg/nkBgUQfMtdwh1fSI648Zt4b+JqJX5NZkddr7cvPj /zbdrO+3FZEL56jSuDVAHSFwJM+WVlbpbCol0Ys0OM8sjQywG+RCrlqmI2iK5VyrBmlt d1Beqhw1KnIDt2kvvPqcPzrMN0CvNSpHp4mskhpFaxEMjWfS0buptj9iaMI110AV60cD sp4WhhCiG2zZYUvGRMHa2pcyVBvq2mzI7878nTj2r2gxptmnwvC3/Rak4Dvp5Z+UU742 EPsQ== Received: by 10.50.161.198 with SMTP id xu6mr2225894igb.69.1340380773392; Fri, 22 Jun 2012 08:59:33 -0700 (PDT) Received: from DataIX.net (75-128-120-86.dhcp.aldl.mi.charter.com. [75.128.120.86]) by mx.google.com with ESMTPS id ut5sm39736854igc.13.2012.06.22.08.59.32 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 22 Jun 2012 08:59:32 -0700 (PDT) Received: from DataIX.net (localhost [127.0.0.1]) by DataIX.net (8.14.5/8.14.5) with ESMTP id q5MFxUT2020762 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 22 Jun 2012 11:59:30 -0400 (EDT) (envelope-from jhellenthal@DataIX.net) Received: (from jh@localhost) by DataIX.net (8.14.5/8.14.5/Submit) id q5MFxT5R020753; Fri, 22 Jun 2012 11:59:29 -0400 (EDT) (envelope-from jhellenthal@DataIX.net) Date: Fri, 22 Jun 2012 11:59:28 -0400 From: Jason Hellenthal To: "Julian H. Stacey" Message-ID: <20120622155928.GA9983@DataIX.net> References: <201206221343.q5MDhmvS045187@fire.js.berklix.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <201206221343.q5MDhmvS045187@fire.js.berklix.net> X-Gm-Message-State: ALoCoQnQimFPXLa0S7gG/3764e0+oMxetz5pS3KHEs0Rv2QI7PH1sn/dlegqBYcn2WdBuHwX4mY0 Cc: freebsd-security@freebsd.org Subject: Re: / owned by bin causes sshd to complain bad ownership X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Jun 2012 15:59:34 -0000 On Fri, Jun 22, 2012 at 03:43:47PM +0200, Julian H. Stacey wrote: > Hi freebsd-security@freebsd.org > On an 8.3-RELEASE running sshd, /var/log/auth.log > Jun 22 12:54:06 lapr sshd[57505]: Authentication refused: > bad ownership or modes for directory / > Until I did > chown 0:0 / > ( It was previously > drwxr-xr-x 25 bin bin 1024 Jun 20 19:53 ./ > ) > The chown is consistent with all of 8.3 /bin also being root & not bin, > > BUT > > Over use of Root seems Bad. > Our ownership scheme has degraded compared to early 1980s Unix, where > most bin & lib files & dirs were owned by bin, except for > - a few SUID bins that Needed root > - occasional administrator droppings, > temporary accidental files that glared at the eyeball, > as root, cos near all else was just bin. > > IMO very little in a system should be user root. > > Apologies, but to guide replies : > (after threads burnt by a troll on another list) > I'd not appreciate replies just along the lines of > "It has to be to satisfy existing software". > I'd much rather receive replies along lines of > "What would be best ownership scheme, advantages & > disadvantages + should we change anything ?" > What are you currently using this in that is the cause of the problem ? Is this a jail, physical system, VM ... It is not really clear why you would want to change the permissions of root:wheel of / on any of these. root is the owner of the system ... it is pretty much a standard if not already that root owns everything so I am not really following why. openssh in itself... I am glad it does this. If a system has been compromised by changing owner:group of / then it denies access to the whole system. This is a security benefit. Security principles are well laid out and have not changed in a long time. Vering away from those principles will cause a LOT of administrative overhead as most software out there can expect a sane environment if / is root:wheel -- - (2^(N-1)) From owner-freebsd-security@FreeBSD.ORG Fri Jun 22 16:36:56 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 38781106564A for ; Fri, 22 Jun 2012 16:36:56 +0000 (UTC) (envelope-from feld@feld.me) Received: from feld.me (unknown [IPv6:2607:f4e0:100:300::2]) by mx1.freebsd.org (Postfix) with ESMTP id 0EAE68FC0A for ; Fri, 22 Jun 2012 16:36:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=feld.me; s=blargle; h=In-Reply-To:Message-Id:From:Mime-Version:Date:References:Subject:To:Content-Type; bh=r6OlrHvqjQVbi88+wY4cGFyG1ZJv1NtJ/GnlImsClWM=; b=ZEo6ySH2wvnO3ldobCf/GItOn6vOCBPm2rsJoCnQKNQVKXuRICKnpIUPMqVv6+Wkxt2QrPnOZzg66iq0Ov5jEeEjE5VtY55A7nuc9TcEv0LXyrM1nptvKBEP4eiNfJyc; Received: from localhost ([127.0.0.1] helo=mwi1.coffeenet.org) by feld.me with esmtp (Exim 4.77 (FreeBSD)) (envelope-from ) id 1Si6qt-000Haj-Bh for freebsd-security@freebsd.org; Fri, 22 Jun 2012 11:36:55 -0500 Received: from feld@feld.me by mwi1.coffeenet.org (Archiveopteryx 3.1.4) with esmtpa id 1340383014-94480-94479/5/45; Fri, 22 Jun 2012 16:36:54 +0000 Content-Type: text/plain; charset=utf-8; format=flowed; delsp=yes To: freebsd-security@freebsd.org References: <201206221343.q5MDhmvS045187@fire.js.berklix.net> <20120622155928.GA9983@DataIX.net> Date: Fri, 22 Jun 2012 11:36:53 -0500 Mime-Version: 1.0 From: Mark Felder Message-Id: In-Reply-To: <20120622155928.GA9983@DataIX.net> User-Agent: Opera Mail/12.00 (FreeBSD) X-SA-Score: -1.5 Subject: Re: / owned by bin causes sshd to complain bad ownership X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Jun 2012 16:36:56 -0000 On Fri, 22 Jun 2012 10:59:28 -0500, Jason Hellenthal wrote: > > Security principles are well laid out and have not changed in a long > time. Vering away from those principles will cause a LOT of > administrative overhead as most software out there can expect a sane > environment if / is root:wheel Well he claims that bin owned everything back in the day and I didn't touch a *nix system until long after the time he describes. I can't imagine the benefit or functionality of a system with bin owning everything.... if everything precious is owned by bin, and bin isn't a standard system user, someone would have to elevate to root to do anything nasty. In the current setup you'd have to elevate to root to do something nasty. I see no benefit in binaries or libraries being owned by bin. From owner-freebsd-security@FreeBSD.ORG Fri Jun 22 17:15:49 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6525F106566C for ; Fri, 22 Jun 2012 17:15:49 +0000 (UTC) (envelope-from jhs@berklix.com) Received: from tower.berklix.org (tower.berklix.org [83.236.223.114]) by mx1.freebsd.org (Postfix) with ESMTP id F09A68FC0C for ; Fri, 22 Jun 2012 17:15:48 +0000 (UTC) Received: from mart.js.berklix.net (p5DCBDCF3.dip.t-dialin.net [93.203.220.243]) (authenticated bits=0) by tower.berklix.org (8.14.2/8.14.2) with ESMTP id q5MHFfpF062921 for ; Fri, 22 Jun 2012 17:15:41 GMT (envelope-from jhs@berklix.com) Received: from fire.js.berklix.net (fire.js.berklix.net [192.168.91.41]) by mart.js.berklix.net (8.14.3/8.14.3) with ESMTP id q5MHFUNj009018 for ; Fri, 22 Jun 2012 19:15:30 +0200 (CEST) (envelope-from jhs@berklix.com) Received: from fire.js.berklix.net (localhost [127.0.0.1]) by fire.js.berklix.net (8.14.4/8.14.4) with ESMTP id q5MHFPJW052099 for ; Fri, 22 Jun 2012 19:15:30 +0200 (CEST) (envelope-from jhs@fire.js.berklix.net) Message-Id: <201206221715.q5MHFPJW052099@fire.js.berklix.net> To: freebsd-security@freebsd.org From: "Julian H. Stacey" Organization: http://berklix.com BSD Unix Linux Consultancy, Munich Germany User-agent: EXMH on FreeBSD http://berklix.com/free/ X-URL: http://www.berklix.com In-reply-to: Your message "Fri, 22 Jun 2012 11:59:28 EDT." <20120622155928.GA9983@DataIX.net> Date: Fri, 22 Jun 2012 19:15:25 +0200 Sender: jhs@berklix.com Subject: Re: / owned by bin causes sshd to complain bad ownership X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Jun 2012 17:15:49 -0000 Jason Hellenthal wrote: > > On Fri, Jun 22, 2012 at 03:43:47PM +0200, Julian H. Stacey wrote: > > Hi freebsd-security@freebsd.org > > On an 8.3-RELEASE running sshd, /var/log/auth.log > > Jun 22 12:54:06 lapr sshd[57505]: Authentication refused: > > bad ownership or modes for directory / > > Until I did > > chown 0:0 / > > ( It was previously > > drwxr-xr-x 25 bin bin 1024 Jun 20 19:53 ./ > > ) > > The chown is consistent with all of 8.3 /bin also being root & not bin, > > > > BUT > > > > Over use of Root seems Bad. > > Our ownership scheme has degraded compared to early 1980s Unix, where > > most bin & lib files & dirs were owned by bin, except for > > - a few SUID bins that Needed root > > - occasional administrator droppings, > > temporary accidental files that glared at the eyeball, > > as root, cos near all else was just bin. > > > > IMO very little in a system should be user root. > > > > Apologies, but to guide replies : > > (after threads burnt by a troll on another list) > > I'd not appreciate replies just along the lines of > > "It has to be to satisfy existing software". > > I'd much rather receive replies along lines of > > "What would be best ownership scheme, advantages & > > disadvantages + should we change anything ?" > > > > What are you currently using this in that is the cause of the problem ? > > Is this a jail, physical system, VM ... Physical. > It is not really clear why you would want to change the permissions of > root:wheel of / on any of these. To Increase security. More visual prompting of when juniot admins blunder& cerate junk as root A SUID with bin has less power than a SUID with uid=root Currently every binary in the system is one bit away from the jackpot, SUID root, why not convert most binaries to uid=bin, thenmost binaries are 2 bits away from jackpot, more safety in event of a blunder too. > root is the owner of the system ... it Only because it currently is, & you'r used to it ;-) Remember back a few decades, Think more deeply, Why do you think it _needs_ to be ? Unix didnt used to Want that, it was usualy a blunder when it occured. look at /etc/passwd root: entry has the shell, bin: entry is more limited, just has /sbin/nologin The question is WHY did FreeBSD switch to promote everything to root ? That it did so Way back proves nothing, Cos further back Unix was bin. It used to be a junior admin blunder to make everything root ;-) IMO it still smells suspiciously like it. I'd like to derate most binaries to have less privelige - bin not root. > is pretty much a standard if not already that root owns everything so I > am not really following why. > > openssh in itself... I am glad it does this. If a system has been > compromised by changing owner:group of / then it denies access to the > whole system. This is a security benefit. > > Security principles are well laid out and have not changed in a long > time. Vering away from those principles will cause a LOT of > administrative overhead as most software out there can expect a sane > environment if / is root:wheel Why FreeBSD needs everything root is beyond me, reduces security a bit IMO. Sure FreeBSD currently wants everything root, but want != need. Cheers, Julian -- Julian Stacey, BSD Unix Linux C Sys Eng Consultants Munich http://berklix.com Reply below not above, cumulative like a play script, & indent with "> ". Format: Plain text. Not HTML, multipart/alternative, base64, quoted-printable. Mail from @yahoo dumped @berklix. http://berklix.org/yahoo/ From owner-freebsd-security@FreeBSD.ORG Fri Jun 22 17:38:12 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 192431065673 for ; Fri, 22 Jun 2012 17:38:12 +0000 (UTC) (envelope-from des@des.no) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id CCC8B8FC14 for ; Fri, 22 Jun 2012 17:38:11 +0000 (UTC) Received: from ds4.des.no (smtp.des.no [194.63.250.102]) by smtp.des.no (Postfix) with ESMTP id 1994D6274; Fri, 22 Jun 2012 17:38:05 +0000 (UTC) Received: by ds4.des.no (Postfix, from userid 1001) id 9E596884A; Fri, 22 Jun 2012 19:38:04 +0200 (CEST) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: "Julian H. Stacey" References: <201206221343.q5MDhmvS045187@fire.js.berklix.net> Date: Fri, 22 Jun 2012 19:38:04 +0200 In-Reply-To: <201206221343.q5MDhmvS045187@fire.js.berklix.net> (Julian H. Stacey's message of "Fri, 22 Jun 2012 15:43:47 +0200") Message-ID: <86mx3v2qo3.fsf@ds4.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-security@freebsd.org Subject: Re: / owned by bin causes sshd to complain bad ownership X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Jun 2012 17:38:12 -0000 "Julian H. Stacey" writes: > On an 8.3-RELEASE running sshd, /var/log/auth.log=20 > Jun 22 12:54:06 lapr sshd[57505]: Authentication refused: > bad ownership or modes for directory / sshd requires that the user's authorized_keys, the directory it's in (~/.ssh) and all its ancestor directories be owned by either the user or root. > Until I did > chown 0:0 / > ( It was previously > drwxr-xr-x 25 bin bin 1024 Jun 20 19:53 ./ > ) I don't see why / should be owned by bin; bin is intended for system binaries and libraries, i.e. {,/usr}/{bin,sbin,lib,libexec}, except those that need to be setuid or setgid. The directories themselves should probably still be owned by root:wheel. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no From owner-freebsd-security@FreeBSD.ORG Fri Jun 22 17:25:24 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 4AD941065673 for ; Fri, 22 Jun 2012 17:25:24 +0000 (UTC) (envelope-from fahad@budacom.net) Received: from vms173001pub.verizon.net (vms173001pub.verizon.net [206.46.173.1]) by mx1.freebsd.org (Postfix) with ESMTP id 273C18FC18 for ; Fri, 22 Jun 2012 17:25:23 +0000 (UTC) Received: from [192.168.1.13] ([unknown] [71.189.7.103]) by vms173001.mailsrvcs.net (Sun Java(tm) System Messaging Server 7u2-7.02 32bit (built Apr 16 2009)) with ESMTPA id <0M6100ERQ4DLLQ5W@vms173001.mailsrvcs.net> for freebsd-security@freebsd.org; Fri, 22 Jun 2012 12:25:02 -0500 (CDT) Message-id: <4FE4AA67.4060900@budacom.net> Date: Fri, 22 Jun 2012 10:24:55 -0700 From: Fahad User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:13.0) Gecko/20120615 Thunderbird/13.0.1 MIME-version: 1.0 To: freebsd-security@freebsd.org References: <201206221343.q5MDhmvS045187@fire.js.berklix.net> <20120622155928.GA9983@DataIX.net> In-reply-to: Content-type: text/plain; charset=UTF-8; format=flowed Content-transfer-encoding: 7bit X-Mailman-Approved-At: Fri, 22 Jun 2012 17:58:42 +0000 Subject: Re: / owned by bin causes sshd to complain bad ownership X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Jun 2012 17:25:24 -0000 As Mark put it, if everything is owned by bin you would need to be root to do anything. Where is the benefit in this ?, you mentioned stupid junior admins , well in that case have a better hiring process , no need to obfuscate the current setup. On 06/22/2012 09:36 AM, Mark Felder wrote: > On Fri, 22 Jun 2012 10:59:28 -0500, Jason Hellenthal > wrote: > >> >> Security principles are well laid out and have not changed in a long >> time. Vering away from those principles will cause a LOT of >> administrative overhead as most software out there can expect a sane >> environment if / is root:wheel > > Well he claims that bin owned everything back in the day and I didn't > touch a *nix system until long after the time he describes. I can't > imagine the benefit or functionality of a system with bin owning > everything.... if everything precious is owned by bin, and bin isn't a > standard system user, someone would have to elevate to root to do > anything nasty. In the current setup you'd have to elevate to root to > do something nasty. > > I see no benefit in binaries or libraries being owned by bin. > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to > "freebsd-security-unsubscribe@freebsd.org" From owner-freebsd-security@FreeBSD.ORG Fri Jun 22 18:10:22 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8D272106566B for ; Fri, 22 Jun 2012 18:10:22 +0000 (UTC) (envelope-from jhs@berklix.com) Received: from tower.berklix.org (tower.berklix.org [83.236.223.114]) by mx1.freebsd.org (Postfix) with ESMTP id E9EC58FC17 for ; Fri, 22 Jun 2012 18:10:21 +0000 (UTC) Received: from mart.js.berklix.net (p5DCBDCF3.dip.t-dialin.net [93.203.220.243]) (authenticated bits=0) by tower.berklix.org (8.14.2/8.14.2) with ESMTP id q5MIAIuG063337; Fri, 22 Jun 2012 18:10:19 GMT (envelope-from jhs@berklix.com) Received: from fire.js.berklix.net (fire.js.berklix.net [192.168.91.41]) by mart.js.berklix.net (8.14.3/8.14.3) with ESMTP id q5MIA7ai009303; Fri, 22 Jun 2012 20:10:07 +0200 (CEST) (envelope-from jhs@berklix.com) Received: from fire.js.berklix.net (localhost [127.0.0.1]) by fire.js.berklix.net (8.14.4/8.14.4) with ESMTP id q5MI9tuR054055; Fri, 22 Jun 2012 20:10:01 +0200 (CEST) (envelope-from jhs@fire.js.berklix.net) Message-Id: <201206221810.q5MI9tuR054055@fire.js.berklix.net> To: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= From: "Julian H. Stacey" Organization: http://berklix.com BSD Unix Linux Consultancy, Munich Germany User-agent: EXMH on FreeBSD http://berklix.com/free/ X-URL: http://www.berklix.com In-reply-to: Your message "Fri, 22 Jun 2012 19:38:04 +0200." <86mx3v2qo3.fsf@ds4.des.no> Date: Fri, 22 Jun 2012 20:09:55 +0200 Sender: jhs@berklix.com Cc: freebsd-security@freebsd.org Subject: Re: / owned by bin causes sshd to complain bad ownership X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Jun 2012 18:10:22 -0000 Hi, =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= wrote: > "Julian H. Stacey" writes: > > On an 8.3-RELEASE running sshd, /var/log/auth.log > > Jun 22 12:54:06 lapr sshd[57505]: Authentication refused: > > bad ownership or modes for directory / > > sshd requires that the user's authorized_keys, the directory it's in > (~/.ssh) and all its ancestor directories be owned by either the user or > root. Yes, I don't question the "user or" that's fine It's the final "root" I find strange. I guess whoever wrote sshd was so used to "root" they never considered "bin" could be better. > > > Until I did > > chown 0:0 / > > ( It was previously > > drwxr-xr-x 25 bin bin 1024 Jun 20 19:53 ./ > > ) > > I don't see why / should be owned by bin; Actually, I'd agree to some extent, It doesnt Need to be, would mostly look more orthogonal & optically matching alongside binary files in same directory also owned by bin. > bin is intended for system > binaries and libraries, i.e. {,/usr}/{bin,sbin,lib,libexec}, except > those that need to be setuid or setgid. Agreed. That's the why it used to be way back on Unix, & what I suggest would be better if we returned to, but at least on my systems here, all the binaries seem to be owned by root. eg currently: cd /usr/src/usr.bin/wc ; make install install -s -o root -g wheel -m 555 wc /usr/bin install -o root -g wheel -m 444 wc.1.gz /usr/share/man/man1 > The directories themselves > should probably still be owned by root:wheel. I'd prefer bin by default, though some directories eg for daemons might need root. But I'd happily compromise on just getting binaries back to be owned by bin for now. SShd is not so much what I'my targeting for now, more that sshd is how I noticed the issue of binary file ownership. > DES > -- > Dag-Erling Smørgrav - des@des.no Cheers, Julian -- Julian Stacey, BSD Unix Linux C Sys Eng Consultants Munich http://berklix.com Reply below not above, cumulative like a play script, & indent with "> ". Format: Plain text. Not HTML, multipart/alternative, base64, quoted-printable. Mail from @yahoo dumped @berklix. http://berklix.org/yahoo/ From owner-freebsd-security@FreeBSD.ORG Fri Jun 22 18:12:27 2012 Return-Path: Delivered-To: freebsd-security@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id DE3F21065673 for ; Fri, 22 Jun 2012 18:12:27 +0000 (UTC) (envelope-from gad@FreeBSD.org) Received: from smtp5.server.rpi.edu (smtp5.server.rpi.edu [128.113.2.225]) by mx1.freebsd.org (Postfix) with ESMTP id 9B74B8FC18 for ; Fri, 22 Jun 2012 18:12:27 +0000 (UTC) Received: from gilead.netel.rpi.edu (gilead.netel.rpi.edu [128.113.124.121]) by smtp5.server.rpi.edu (8.13.1/8.13.1) with ESMTP id q5MICCv7016323; Fri, 22 Jun 2012 14:12:12 -0400 Message-ID: <4FE4B57C.1040701@FreeBSD.org> Date: Fri, 22 Jun 2012 14:12:12 -0400 From: Garance A Drosehn User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.1.9) Gecko/20100722 Eudora/3.0.4 MIME-Version: 1.0 To: "Julian H. Stacey" References: <201206221715.q5MHFPJW052099@fire.js.berklix.net> In-Reply-To: <201206221715.q5MHFPJW052099@fire.js.berklix.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Bayes-Prob: 0.0001 (Score 0) X-RPI-SA-Score: 3.30 (***) [Hold at 11.00] COMBINED_FROM, J_CHICKENPOX_33, J_CHICKENPOX_34, J_CHICKENPOX_45, RATWARE_GECKO_BUILD X-CanItPRO-Stream: outgoing X-Canit-Stats-ID: 50502646 - f0da2e78843c X-Scanned-By: CanIt (www . roaringpenguin . com) on 128.113.2.225 Cc: freebsd-security@FreeBSD.org Subject: Re: / owned by bin causes sshd to complain bad ownership X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Jun 2012 18:12:28 -0000 On 6/22/12 1:15 PM, Julian H. Stacey wrote: > Jason Hellenthal wrote: > >> It is not really clear why you would want to change the permissions of >> root:wheel of / on any of these. >> > To Increase security. > More visual prompting of when juniot admins blunder& cerate > junk as root > A SUID with bin has less power than a SUID with uid=root > Currently every binary in the system is one bit away from the jackpot, > SUID root, why not convert most binaries to uid=bin, thenmost binaries > are 2 bits away from jackpot, more safety in event of a blunder too. > SUID binaries are one issue. The directory '/' is not a SUID binary. The issue for sshd is ownership of the directory '/'. >> root is the owner of the system ... it >> > Only because it currently is,& you're used to it ;-) > Remember back a few decades, Think more deeply, Why do you think it > _needs_ to be ? Unix didnt used to Want that, it was usually a > blunder when it occured. > > look at /etc/passwd > root: entry has the shell, > bin: entry is more limited, just has /sbin/nologin > > The question is WHY did FreeBSD switch to promote everything to root ? > That it did so Way back proves nothing, > Cos further back Unix was bin. > At one time I read that having directories/files owned by root was a security benefit when considering the -maproot= for NFS exports. All unix systems recognize UID=0 means root, and there is no other UID which all unix systems agree on. Disclaimer: I rarely use NFS, so I don't really pay attention to the details. I may have the wrong idea for what the advantage is, but it was some kind of connection with UID=0 and NFS exports or imports. I don't think you have shown any benefit by having directories owned by bin instead of root. I think the check in sshd is fine as it is. -- Garance Alistair Drosehn = gad@gilead.netel.rpi.edu Senior Systems Programmer or gad@freebsd.org Rensselaer Polytechnic Institute or drosih@rpi.edu From owner-freebsd-security@FreeBSD.ORG Fri Jun 22 18:34:41 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4D89510657B9 for ; Fri, 22 Jun 2012 18:34:41 +0000 (UTC) (envelope-from ohauer@gmx.de) Received: from mailout-de.gmx.net (mailout-de.gmx.net [213.165.64.22]) by mx1.freebsd.org (Postfix) with SMTP id 982078FC08 for ; Fri, 22 Jun 2012 18:34:40 +0000 (UTC) Received: (qmail invoked by alias); 22 Jun 2012 18:34:34 -0000 Received: from p578be941.dip0.t-ipconnect.de (EHLO [192.168.0.100]) [87.139.233.65] by mail.gmx.net (mp010) with SMTP; 22 Jun 2012 20:34:34 +0200 X-Authenticated: #1956535 X-Provags-ID: V01U2FsdGVkX1+u0UoyYcWuSZrfRw+UZG6QKRUt0dd+Iw6tmUrVsA ZJ/Fa7W5xJcX9l Message-ID: <4FE4BABA.2020802@gmx.de> Date: Fri, 22 Jun 2012 20:34:34 +0200 From: olli hauer User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:13.0) Gecko/20120614 Thunderbird/13.0.1 MIME-Version: 1.0 To: freebsd-security@freebsd.org References: <201206221343.q5MDhmvS045187@fire.js.berklix.net> In-Reply-To: <201206221343.q5MDhmvS045187@fire.js.berklix.net> X-Enigmail-Version: 1.4.2 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 7bit X-Y-GMX-Trusted: 0 Subject: Re: / owned by bin causes sshd to complain bad ownership X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Jun 2012 18:34:41 -0000 On 2012-06-22 15:43, Julian H. Stacey wrote: > Hi freebsd-security@freebsd.org > On an 8.3-RELEASE running sshd, /var/log/auth.log > Jun 22 12:54:06 lapr sshd[57505]: Authentication refused: > bad ownership or modes for directory / > Until I did > chown 0:0 / > ( It was previously > drwxr-xr-x 25 bin bin 1024 Jun 20 19:53 ./ > ) > The chown is consistent with all of 8.3 /bin also being root & not bin, > > BUT > > Over use of Root seems Bad. > Our ownership scheme has degraded compared to early 1980s Unix, where > most bin & lib files & dirs were owned by bin, except for > - a few SUID bins that Needed root > - occasional administrator droppings, > temporary accidental files that glared at the eyeball, > as root, cos near all else was just bin. > > IMO very little in a system should be user root. > > Apologies, but to guide replies : > (after threads burnt by a troll on another list) > I'd not appreciate replies just along the lines of > "It has to be to satisfy existing software". > I'd much rather receive replies along lines of > "What would be best ownership scheme, advantages & > disadvantages + should we change anything ?" > Hm, I just found an old Dennis_v5 release from 1974 and / was set to 0:3 which is today root:sys and not to 2:2 If you look hard enough you will can find the v5root.tar.gz from 1974 on unixarchive.cn-k dot de or some other mirrors ;) -- Regards, olli From owner-freebsd-security@FreeBSD.ORG Fri Jun 22 21:42:34 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EC8841065672 for ; Fri, 22 Jun 2012 21:42:34 +0000 (UTC) (envelope-from clbuisson@orange.fr) Received: from smtp.smtpout.orange.fr (smtp01.smtpout.orange.fr [80.12.242.123]) by mx1.freebsd.org (Postfix) with ESMTP id 8CD0C8FC14 for ; Fri, 22 Jun 2012 21:42:34 +0000 (UTC) Received: from localhost ([92.162.141.186]) by mwinf5d53 with ME id RZiY1j00641W1Bw03ZiYcJ; Fri, 22 Jun 2012 23:42:33 +0200 Message-ID: <4FE4E6C8.2030300@orange.fr> Date: Fri, 22 Jun 2012 23:42:32 +0200 From: Claude Buisson User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.9.2.28) Gecko/20120315 Thunderbird/3.1.20 MIME-Version: 1.0 To: freebsd-security@freebsd.org References: <201206221343.q5MDhmvS045187@fire.js.berklix.net> <4FE4BABA.2020802@gmx.de> In-Reply-To: <4FE4BABA.2020802@gmx.de> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: / owned by bin causes sshd to complain bad ownership X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Jun 2012 21:42:35 -0000 On 06/22/2012 20:34, olli hauer wrote: > On 2012-06-22 15:43, Julian H. Stacey wrote: >> Hi freebsd-security@freebsd.org >> On an 8.3-RELEASE running sshd, /var/log/auth.log >> Jun 22 12:54:06 lapr sshd[57505]: Authentication refused: >> bad ownership or modes for directory / >> Until I did >> chown 0:0 / >> ( It was previously >> drwxr-xr-x 25 bin bin 1024 Jun 20 19:53 ./ >> ) >> The chown is consistent with all of 8.3 /bin also being root& not bin, >> >> BUT >> >> Over use of Root seems Bad. >> Our ownership scheme has degraded compared to early 1980s Unix, where >> most bin& lib files& dirs were owned by bin, except for >> - a few SUID bins that Needed root >> - occasional administrator droppings, >> temporary accidental files that glared at the eyeball, >> as root, cos near all else was just bin. >> >> IMO very little in a system should be user root. >> >> Apologies, but to guide replies : >> (after threads burnt by a troll on another list) >> I'd not appreciate replies just along the lines of >> "It has to be to satisfy existing software". >> I'd much rather receive replies along lines of >> "What would be best ownership scheme, advantages& >> disadvantages + should we change anything ?" >> > > > > Hm, I just found an old Dennis_v5 release from 1974 and / was set to 0:3 which is today root:sys and not to 2:2 > > If you look hard enough you will can find the v5root.tar.gz from 1974 on unixarchive.cn-k dot de or some other mirrors ;) > > cvsweb.cgi/src/etc/mtree/BSD.root.dist?only_with_tag=MAIN Revision 1.29: download - view: text, markup, annotated - select for diffs Mon Sep 14 08:34:45 1998 UTC (13 years, 9 months ago) by obrien Branches: MAIN Diff to: previous 1.28: preferred, colored Changes since revision 1.28: +6 -6 lines Change file ownership from bin.bin to root.wheel. This is the start of it for FreeBSD, going from 2.2.X to 3.X > -- > Regards, > olli You are welcom, Claude Buisson From owner-freebsd-security@FreeBSD.ORG Fri Jun 22 23:28:34 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 31C4D1065670 for ; Fri, 22 Jun 2012 23:28:34 +0000 (UTC) (envelope-from lambert@netmon.tcworks.net) Received: from netmon.tcworks.net (netmon.tcworks.net [65.66.76.14]) by mx1.freebsd.org (Postfix) with ESMTP id EDA3B8FC0A for ; Fri, 22 Jun 2012 23:28:33 +0000 (UTC) Received: from netmon.tcworks.net (localhost [127.0.0.1]) by netmon.tcworks.net (8.14.5/8.14.5) with ESMTP id q5MNBeSv041608 for ; Fri, 22 Jun 2012 18:11:40 -0500 (CDT) (envelope-from lambert@netmon.tcworks.net) Received: (from lambert@localhost) by netmon.tcworks.net (8.14.5/8.14.5/Submit) id q5MNBeF7041603 for freebsd-security@freebsd.org; Fri, 22 Jun 2012 18:11:40 -0500 (CDT) (envelope-from lambert) Date: Fri, 22 Jun 2012 18:11:40 -0500 From: Scott Lambert To: freebsd-security@freebsd.org Message-ID: <20120622231140.GH8651@netmon.tcworks.net> Mail-Followup-To: freebsd-security@freebsd.org References: <20120622155928.GA9983@DataIX.net> <201206221715.q5MHFPJW052099@fire.js.berklix.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <201206221715.q5MHFPJW052099@fire.js.berklix.net> User-Agent: Mutt/1.5.21 (2010-09-15) Subject: Re: / owned by bin causes sshd to complain bad ownership X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Jun 2012 23:28:34 -0000 On Fri, Jun 22, 2012 at 07:15:25PM +0200, Julian H. Stacey wrote: > Jason Hellenthal wrote: > > > > On Fri, Jun 22, 2012 at 03:43:47PM +0200, Julian H. Stacey wrote: > > > Over use of Root seems Bad. > > > Our ownership scheme has degraded compared to early 1980s Unix, where > > > most bin & lib files & dirs were owned by bin, except for > > > - a few SUID bins that Needed root > > > - occasional administrator droppings, > > > temporary accidental files that glared at the eyeball, > > > as root, cos near all else was just bin. > > > > > > IMO very little in a system should be user root. > > > > > > Apologies, but to guide replies : > > > (after threads burnt by a troll on another list) > > > I'd not appreciate replies just along the lines of > > > "It has to be to satisfy existing software". > > > I'd much rather receive replies along lines of > > > "What would be best ownership scheme, advantages & > > > disadvantages + should we change anything ?" > > > > > > > It is not really clear why you would want to change the permissions of > > root:wheel of / on any of these. > > To Increase security. > More visual prompting of when juniot admins blunder& cerate > junk as root > A SUID with bin has less power than a SUID with uid=root > Currently every binary in the system is one bit away from the jackpot, > SUID root, why not convert most binaries to uid=bin, thenmost binaries > are 2 bits away from jackpot, more safety in event of a blunder too. > > > root is the owner of the system ... it > > Only because it currently is, & you'r used to it ;-) > Remember back a few decades, Think more deeply, Why do you think it > _needs_ to be ? Unix didnt used to Want that, it was usualy a blunder when > it occured. > > look at /etc/passwd > root: entry has the shell, > bin: entry is more limited, just has /sbin/nologin Would not a 0:0 / (or all system directory entries) help limit the damage possible if a junior admin sets suid on a random, possibly bogus, bin:bin binary? -- Scott Lambert KC5MLE Unix SysAdmin lambert@lambertfam.org From owner-freebsd-security@FreeBSD.ORG Sat Jun 23 02:04:51 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id CCF13106566C for ; Sat, 23 Jun 2012 02:04:51 +0000 (UTC) (envelope-from jhellenthal@dataix.net) Received: from mail-yx0-f182.google.com (mail-yx0-f182.google.com [209.85.213.182]) by mx1.freebsd.org (Postfix) with ESMTP id 732D58FC0C for ; Sat, 23 Jun 2012 02:04:51 +0000 (UTC) Received: by yenl8 with SMTP id l8so2380869yen.13 for ; Fri, 22 Jun 2012 19:04:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dataix.net; s=rsa; h=date:from:to:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to; bh=T57A+cpXIYqeoDqoAFLF0WbUVP07D+acFwhsFj8uic8=; b=DGjTi4DMa8LH/Qd/ky4rkG5LsJw3HLREAhqrUSDt57ucYjoeUVqH7gXib1e+hmaC9t Ym/lo7MLNKRlzucu7EGmDAp750GQowtRU/Fj3l4/LduuldB42BMsf2fXiwqfQxIQ5EW3 58DgjCXaJqqOH+Pe/rabt+87BnaMn43MEGyhI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=date:from:to:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:x-gm-message-state; bh=T57A+cpXIYqeoDqoAFLF0WbUVP07D+acFwhsFj8uic8=; b=eyV5csD0VDkeuHixJjUYxUEUMvdBVlVDinQrBqa2P6qg0WyqKYkbJvyzBfVtCrRsFS B7KPHRyteluKZRXYg2nuMoGtkpaRUq9q1OLrrcMO31QF0yq5tUmZ/k6EuzocZd9T8CiL 4LCUQwGzUeYq0lt/c0JeEZ2TDNkk61xffH/yE02bTpx+aVel3QnKMPnrD61D2snBol5/ +3V15qmzfe8R7Qm0rfM8XjUyE67PPD3i5xjdo+Me65u4L9MVVA47AGcyX87r9nYfuvcj 5WCNh5cKZAL8AECcW21J7hC4L/SBSfnIZavpof+cqAC3RI8LIYsUgWPVToqPdmGFd8MX 0Wgw== Received: by 10.50.237.9 with SMTP id uy9mr3328864igc.40.1340417090565; Fri, 22 Jun 2012 19:04:50 -0700 (PDT) Received: from DataIX.net (75-128-120-86.dhcp.aldl.mi.charter.com. [75.128.120.86]) by mx.google.com with ESMTPS id ut5sm2061442igc.13.2012.06.22.19.04.49 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 22 Jun 2012 19:04:50 -0700 (PDT) Received: from DataIX.net (localhost [127.0.0.1]) by DataIX.net (8.14.5/8.14.5) with ESMTP id q5N24lnP079697 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Fri, 22 Jun 2012 22:04:47 -0400 (EDT) (envelope-from jhellenthal@DataIX.net) Received: (from jh@localhost) by DataIX.net (8.14.5/8.14.5/Submit) id q5N24lf8079696 for freebsd-security@freebsd.org; Fri, 22 Jun 2012 22:04:47 -0400 (EDT) (envelope-from jhellenthal@DataIX.net) Date: Fri, 22 Jun 2012 22:04:47 -0400 From: Jason Hellenthal To: freebsd-security@freebsd.org Message-ID: <20120623020447.GA64202@DataIX.net> References: <20120622155928.GA9983@DataIX.net> <201206221715.q5MHFPJW052099@fire.js.berklix.net> <20120622231140.GH8651@netmon.tcworks.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20120622231140.GH8651@netmon.tcworks.net> X-Gm-Message-State: ALoCoQm1e9tkiZSYnAFQKcFYVw9nuD+FBlNl80ORRzD9HF3Ncbc5l2YOjQx81y2ZhVpHDdG6Srrm Subject: Re: / owned by bin causes sshd to complain bad ownership X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 Jun 2012 02:04:51 -0000 On Fri, Jun 22, 2012 at 06:11:40PM -0500, Scott Lambert wrote: > On Fri, Jun 22, 2012 at 07:15:25PM +0200, Julian H. Stacey wrote: > > Jason Hellenthal wrote: > > > > > > On Fri, Jun 22, 2012 at 03:43:47PM +0200, Julian H. Stacey wrote: > > > > Over use of Root seems Bad. > > > > Our ownership scheme has degraded compared to early 1980s Unix, where > > > > most bin & lib files & dirs were owned by bin, except for > > > > - a few SUID bins that Needed root > > > > - occasional administrator droppings, > > > > temporary accidental files that glared at the eyeball, > > > > as root, cos near all else was just bin. > > > > > > > > IMO very little in a system should be user root. > > > > > > > > Apologies, but to guide replies : > > > > (after threads burnt by a troll on another list) > > > > I'd not appreciate replies just along the lines of > > > > "It has to be to satisfy existing software". > > > > I'd much rather receive replies along lines of > > > > "What would be best ownership scheme, advantages & > > > > disadvantages + should we change anything ?" > > > > > > > > > > It is not really clear why you would want to change the permissions of > > > root:wheel of / on any of these. > > > > To Increase security. > > More visual prompting of when juniot admins blunder& cerate > > junk as root > > A SUID with bin has less power than a SUID with uid=root > > Currently every binary in the system is one bit away from the jackpot, > > SUID root, why not convert most binaries to uid=bin, thenmost binaries > > are 2 bits away from jackpot, more safety in event of a blunder too. > > > > > root is the owner of the system ... it > > > > Only because it currently is, & you'r used to it ;-) > > Remember back a few decades, Think more deeply, Why do you think it > > _needs_ to be ? Unix didnt used to Want that, it was usualy a blunder when > > it occured. > > > > look at /etc/passwd > > root: entry has the shell, > > bin: entry is more limited, just has /sbin/nologin > > Would not a 0:0 / (or all system directory entries) help limit the > damage possible if a junior admin sets suid on a random, possibly > bogus, bin:bin binary? > Lets not forget here that some SUID binaries need root:0 access to the system ... those that are accessing master.passwd for instance. Or those that drop prives to nobody after using root access. Are you bound and determined as an admin that you will ultimately seek out and set those seperate from what you want the system to have. Madatory Access Controls are much better suited for the problem you are trying to solve rather than changing security principles in an unforgiving manner. -- - (2^(N-1)) From owner-freebsd-security@FreeBSD.ORG Sat Jun 23 14:03:46 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D81C9106564A for ; Sat, 23 Jun 2012 14:03:46 +0000 (UTC) (envelope-from des@des.no) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id 97F508FC1A for ; Sat, 23 Jun 2012 14:03:46 +0000 (UTC) Received: from ds4.des.no (smtp.des.no [194.63.250.102]) by smtp.des.no (Postfix) with ESMTP id 7F5296501; Sat, 23 Jun 2012 14:03:45 +0000 (UTC) Received: by ds4.des.no (Postfix, from userid 1001) id 2E8C6893A; Sat, 23 Jun 2012 16:03:45 +0200 (CEST) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: "Julian H. Stacey" References: <201206221810.q5MI9tuR054055@fire.js.berklix.net> Date: Sat, 23 Jun 2012 16:03:44 +0200 In-Reply-To: <201206221810.q5MI9tuR054055@fire.js.berklix.net> (Julian H. Stacey's message of "Fri, 22 Jun 2012 20:09:55 +0200") Message-ID: <86hau22khr.fsf@ds4.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-security@freebsd.org Subject: Re: / owned by bin causes sshd to complain bad ownership X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 Jun 2012 14:03:46 -0000 "Julian H. Stacey" writes: > I don't question the "user or" that's fine It's the final "root" I > find strange. I guess whoever wrote sshd was so used to "root" > they never considered "bin" could be better. Maybe they did, and decided it wasn't. I'm firmly of the opinion that it isn't. You also have to consider the cost of maintaining a list of "safe" owners, and the fact that this list may vary from OS to OS. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no From owner-freebsd-security@FreeBSD.ORG Sat Jun 23 15:27:29 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E35C71065828 for ; Sat, 23 Jun 2012 15:27:29 +0000 (UTC) (envelope-from des@des.no) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id A25FF8FC20 for ; Sat, 23 Jun 2012 15:27:29 +0000 (UTC) Received: from ds4.des.no (smtp.des.no [194.63.250.102]) by smtp.des.no (Postfix) with ESMTP id AC7166531; Sat, 23 Jun 2012 15:27:28 +0000 (UTC) Received: by ds4.des.no (Postfix, from userid 1001) id 7B71F895B; Sat, 23 Jun 2012 17:27:28 +0200 (CEST) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: Fahad References: <201206221343.q5MDhmvS045187@fire.js.berklix.net> <20120622155928.GA9983@DataIX.net> <4FE4AA67.4060900@budacom.net> Date: Sat, 23 Jun 2012 17:27:27 +0200 In-Reply-To: <4FE4AA67.4060900@budacom.net> (fahad@budacom.net's message of "Fri, 22 Jun 2012 10:24:55 -0700") Message-ID: <86vciiyrog.fsf@ds4.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-security@freebsd.org Subject: Re: / owned by bin causes sshd to complain bad ownership X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 Jun 2012 15:27:30 -0000 Fahad writes: > As Mark put it, if everything is owned by bin you would need to be > root to do anything. No. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no From owner-freebsd-security@FreeBSD.ORG Sat Jun 23 15:35:47 2012 Return-Path: Delivered-To: freebsd-security@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 35121106566B; Sat, 23 Jun 2012 15:35:47 +0000 (UTC) (envelope-from des@des.no) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id E77D88FC12; Sat, 23 Jun 2012 15:35:46 +0000 (UTC) Received: from ds4.des.no (smtp.des.no [194.63.250.102]) by smtp.des.no (Postfix) with ESMTP id 2C4E56538; Sat, 23 Jun 2012 15:35:46 +0000 (UTC) Received: by ds4.des.no (Postfix, from userid 1001) id EEB10895F; Sat, 23 Jun 2012 17:35:45 +0200 (CEST) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: Garance A Drosehn References: <201206221715.q5MHFPJW052099@fire.js.berklix.net> <4FE4B57C.1040701@FreeBSD.org> Date: Sat, 23 Jun 2012 17:35:45 +0200 In-Reply-To: <4FE4B57C.1040701@FreeBSD.org> (Garance A. Drosehn's message of "Fri, 22 Jun 2012 14:12:12 -0400") Message-ID: <86r4t6yram.fsf@ds4.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.3 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-security@FreeBSD.org, "Julian H. Stacey" Subject: Re: / owned by bin causes sshd to complain bad ownership X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 Jun 2012 15:35:47 -0000 Garance A Drosehn writes: > At one time I read that having directories/files owned by root was a > security benefit when considering the -maproot=3D for NFS exports. > All unix systems recognize UID=3D0 means root, and there is no other > UID which all unix systems agree on. Disclaimer: I rarely use NFS, > so I don't really pay attention to the details. I may have the wrong > idea for what the advantage is, but it was some kind of connection > with UID=3D0 and NFS exports or imports. -maproot=3Dfoo means that requests coming from root on the client are treated as if the came from the user "foo" instead. If binaries are owned by bin, root on the client can su to bin and modify them. If they are owned by root and the server maps root to an unprivileged user (e.g. "nobody"), root on the client can't touch them. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no From owner-freebsd-security@FreeBSD.ORG Sat Jun 23 22:07:05 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id EBA751065670 for ; Sat, 23 Jun 2012 22:07:05 +0000 (UTC) (envelope-from jhs@berklix.com) Received: from tower.berklix.org (tower.berklix.org [83.236.223.114]) by mx1.freebsd.org (Postfix) with ESMTP id 7418D8FC0A for ; Sat, 23 Jun 2012 22:07:04 +0000 (UTC) Received: from mart.js.berklix.net (p5DCBCCD3.dip.t-dialin.net [93.203.204.211]) (authenticated bits=0) by tower.berklix.org (8.14.2/8.14.2) with ESMTP id q5NM6pvJ081911; Sat, 23 Jun 2012 22:06:52 GMT (envelope-from jhs@berklix.com) Received: from fire.js.berklix.net (fire.js.berklix.net [192.168.91.41]) by mart.js.berklix.net (8.14.3/8.14.3) with ESMTP id q5NM6dcA016401; Sun, 24 Jun 2012 00:06:39 +0200 (CEST) (envelope-from jhs@berklix.com) Received: from fire.js.berklix.net (localhost [127.0.0.1]) by fire.js.berklix.net (8.14.4/8.14.4) with ESMTP id q5NM6R96068381; Sun, 24 Jun 2012 00:06:33 +0200 (CEST) (envelope-from jhs@fire.js.berklix.net) Message-Id: <201206232206.q5NM6R96068381@fire.js.berklix.net> To: Fahad From: "Julian H. Stacey" Organization: http://berklix.com BSD Unix Linux Consultancy, Munich Germany User-agent: EXMH on FreeBSD http://berklix.com/free/ X-URL: http://www.berklix.com In-reply-to: Your message "Fri, 22 Jun 2012 10:24:55 PDT." <4FE4AA67.4060900@budacom.net> Date: Sun, 24 Jun 2012 00:06:27 +0200 Sender: jhs@berklix.com Cc: freebsd-security@freebsd.org Subject: Re: / owned by bin causes sshd to complain bad ownership X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 Jun 2012 22:07:06 -0000 Hi, Reference: > From: Fahad > Date: Fri, 22 Jun 2012 10:24:55 -0700 > Message-id: <4FE4AA67.4060900@budacom.net> Fahad wrote: > As Mark put it, if everything is owned by bin you would need to be root > to do anything. False. most bins have o+rx eg -r-xr-xr-x 1 root wheel 8680 Jun 22 20:08 /usr/bin/wc* Cheers, Julian -- Julian Stacey, BSD Unix Linux C Sys Eng Consultants Munich http://berklix.com Reply below not above, cumulative like a play script, & indent with "> ". Format: Plain text. Not HTML, multipart/alternative, base64, quoted-printable. Mail from @yahoo dumped @berklix. http://berklix.org/yahoo/ From owner-freebsd-security@FreeBSD.ORG Sat Jun 23 22:14:59 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BC315106566B for ; Sat, 23 Jun 2012 22:14:59 +0000 (UTC) (envelope-from jhs@berklix.com) Received: from tower.berklix.org (tower.berklix.org [83.236.223.114]) by mx1.freebsd.org (Postfix) with ESMTP id 2BA6D8FC0C for ; Sat, 23 Jun 2012 22:14:58 +0000 (UTC) Received: from mart.js.berklix.net (pD9FBE5BA.dip.t-dialin.net [217.251.229.186]) (authenticated bits=0) by tower.berklix.org (8.14.2/8.14.2) with ESMTP id q5NMEuos081960; Sat, 23 Jun 2012 22:14:57 GMT (envelope-from jhs@berklix.com) Received: from fire.js.berklix.net (fire.js.berklix.net [192.168.91.41]) by mart.js.berklix.net (8.14.3/8.14.3) with ESMTP id q5NMEjFE016436; Sun, 24 Jun 2012 00:14:45 +0200 (CEST) (envelope-from jhs@berklix.com) Received: from fire.js.berklix.net (localhost [127.0.0.1]) by fire.js.berklix.net (8.14.4/8.14.4) with ESMTP id q5NMEJjo068539; Sun, 24 Jun 2012 00:14:39 +0200 (CEST) (envelope-from jhs@fire.js.berklix.net) Message-Id: <201206232214.q5NMEJjo068539@fire.js.berklix.net> To: olli hauer From: "Julian H. Stacey" Organization: http://berklix.com BSD Unix Linux Consultancy, Munich Germany User-agent: EXMH on FreeBSD http://berklix.com/free/ X-URL: http://www.berklix.com In-reply-to: Your message "Fri, 22 Jun 2012 20:34:34 +0200." <4FE4BABA.2020802@gmx.de> Date: Sun, 24 Jun 2012 00:14:19 +0200 Sender: jhs@berklix.com Cc: freebsd-security@freebsd.org Subject: Re: / owned by bin causes sshd to complain bad ownership X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 Jun 2012 22:14:59 -0000 > If you look hard enough you will can find the v5root.tar.gz from 1974 on unixarchive.cn-k dot de or some other mirrors ;) http://unixarchive.cn-k.de/PDP-11/Distributions/research/Dennis_v5/ This looks an interesting site, Thanks Olli :-) Cheers, Julian -- Julian Stacey, BSD Unix Linux C Sys Eng Consultants Munich http://berklix.com Reply below not above, cumulative like a play script, & indent with "> ". Format: Plain text. Not HTML, multipart/alternative, base64, quoted-printable. Mail from @yahoo dumped @berklix. http://berklix.org/yahoo/