From owner-freebsd-security@freebsd.org Sun Aug 6 21:58:56 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 088F1DCC4DD for ; Sun, 6 Aug 2017 21:58:56 +0000 (UTC) (envelope-from mlists@mail.ru) Received: from fallback.mail.ru (fallback12.m.smailru.net [94.100.179.29]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 9DF4D6F8D8 for ; Sun, 6 Aug 2017 21:58:53 +0000 (UTC) (envelope-from mlists@mail.ru) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mail.ru; s=mail2; h=References:In-Reply-To:Content-Type:Message-ID:Reply-To:Date:MIME-Version:Subject:Cc:To:From; bh=cqRKXP3jwL0HU6dUkh4aA3/z26rqBErrKdiafthywV8=; b=adnZobSDoooaAYlPl09eK7xz6qYlREULC/OCHUyOTn9rdC5jaBIwQypS5M4HPOMysqfYlr4H1LbSbddxr4UVf2o7iEN9/6+Of/OJvHLD02Oqdb1CJ8V/St8nzuR7pdgFrpyHU+N7xq1zbkCdvdnCujJK659+vUSxyU0hkxf2GVw=; Received: from [10.161.63.10] (port=46324 helo=f387.i.mail.ru) by fallback12.m.smailru.net with esmtp (envelope-from ) id 1deTZL-0004b6-FT; Mon, 07 Aug 2017 00:58:43 +0300 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mail.ru; s=mail2; h=References:In-Reply-To:Content-Type:Message-ID:Reply-To:Date:MIME-Version:Subject:Cc:To:From; bh=cqRKXP3jwL0HU6dUkh4aA3/z26rqBErrKdiafthywV8=; b=adnZobSDoooaAYlPl09eK7xz6qYlREULC/OCHUyOTn9rdC5jaBIwQypS5M4HPOMysqfYlr4H1LbSbddxr4UVf2o7iEN9/6+Of/OJvHLD02Oqdb1CJ8V/St8nzuR7pdgFrpyHU+N7xq1zbkCdvdnCujJK659+vUSxyU0hkxf2GVw=; Received: by f387.i.mail.ru with local (envelope-from ) id 1deTZA-0005Pi-T6; Mon, 07 Aug 2017 00:58:33 +0300 Received: by e.mail.ru with HTTP; Mon, 07 Aug 2017 00:58:32 +0300 From: =?UTF-8?B?TWFpbCBMaXN0cw==?= To: =?UTF-8?B?RGFnLUVybGluZyBTbcO4cmdyYXY=?= Cc: =?UTF-8?B?ZnJlZWJzZC1zZWN1cml0eQ==?= , =?UTF-8?B?TWljaGVsbGUgU3VsbGl2YW4=?= , =?UTF-8?B?QmlnIExlYm93c2tp?= Subject: =?UTF-8?B?UmVbMl06IERlZkNvbiBsZWN0dXJlIEJTRCBLZXJuIFZ1bG5z?= MIME-Version: 1.0 X-Mailer: Mail.Ru Mailer 1.0 Date: Mon, 07 Aug 2017 00:58:32 +0300 Reply-To: =?UTF-8?B?TWFpbCBMaXN0cw==?= X-Priority: 3 (Normal) Message-ID: <1502056712.286617076@f387.i.mail.ru> X-7FA49CB5: 0D63561A33F958A507E69B648BC0B5BD2846D652C78C6964D9682C915FBC3DD6725E5C173C3A84C319E4056B2CD7D1D0968FF8748BF48F211337B709B3801B10C4224003CC836476C0CAF46E325F83A50BF2EBBBDD9D6B0F2AF38021CC9F462D574AF45C6390F7469DAA53EE0834AAEE X-Mailru-Sender: A8CA7AD2802F574B0A76188E7CE1FD408143C3FD66C1831E4B32A8712D473225337EAD0BE5A96838A1FEF3B4069FE81083193231EC7EC0AE77D8BEBA1145ED8A9654EF9EE9506939084FC5D43BF2ED4F3F47A34ADFEC1A42FE54A48919C7EC2BD0169805F923CF22AE208404248635DF X-Mras: OK X-Spam: undefined In-Reply-To: <867eyoshn0.fsf@desk.des.no> References: <26de0aed-8151-6105-188f-ad0c6c6cf8b8@erdgeist.org> <867eyoshn0.fsf@desk.des.no> X-7FA49CB5: 0D63561A33F958A5B893B76805C0B4EE39AA636D419BA76FCB26EFDF319C6187462275124DF8B9C99B0B8D173C204012BD9CCCA9EDD067B1EDA766A37F9254B7 X-Mras: OK Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: base64 X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 06 Aug 2017 21:58:56 -0000 CgoKPk1vbmRheSwgSnVseSAzMSwgMjAxNyA0OjIwIFBNIFVUQyBmcm9tIERhZy1FcmxpbmcgU23D uHJncmF2IDxkZXNAZGVzLm5vPjoKPgo+QmlnIExlYm93c2tpIDwgc3Bhbmt0aGVzcGFtQGdtYWls LmNvbSA+IHdyaXRlczoKPj4gRGFnLUVybGluZyBTbcO4cmdyYXYgPCBkZXNAZGVzLm5vID4gd3Jp dGVzOgo+PiA+IFRoZXJlIGFyZSBkZWNhZGVzIG9mIGhpc3RvcnkgaGVyZSBvZiB3aGljaCB5b3Ug YXJlIGNsZWFybHkgdW5hd2FyZS4KPj4gPiBZb3UgbWF5IGhhdmUgdGhlIGJlc3Qgb2YgaW50ZW50 aW9ucywgYnV0IG5vdGhpbmcgZ29vZCB3aWxsIGNvbWUgb2YKPj4gPiByYWlzaW5nIHRoaXMgdG9w aWMgaGVyZSBhbmQgbm93LiAgSnVzdCBkcm9wIGl0Lgo+PiBEZXMsIHBsZWFzZSwgc3RvcCBkb2lu ZyB0aGF0LiBZb3UncmUgZ3JlYXRlc3QgZXhhbXBsZSBvZiBjYW50LWJlLWRvbmUKPj4gYWJvdXQg YWxtb3N0IGFueXRoaW5nIGFueW9uZSBhc2tzIGZvciBvbiB0aGlzIGxpc3QuCj4+Cj4+IE1pY2hl bGxlLCBwbGVhc2UsIGRvbid0IHN0b3AuIEtlZXAgdGFsa2luZywga2VlcCBhc2tpbmcsIGFuZCBt YXliZSBvbmUKPj4gZGF5IGEgbmV3IGJyZWVkIG9mIHBlb3BsZSB3aG8gZG9uJ3QgY2FyZSBhYm91 dCBjYW50LWJlLWRvbmUgb3IKPj4gJ2RlY2FkZXMgb2YgaGlzdG9yeScgd2lsbCBnZXQgdGhpbmdz IGRvbmUuCj4KPk5vLiAgWW91IHRydWx5IGhhdmUgbm8gaWRlYS4gIFlvdSdyZSBwb3VyaW5nIGdh c29saW5lIG9uIGEgZmlyZSBhbmQKPmluYWR2ZXJ0YW50bHkgaW5zdWx0aW5nIGV2ZXJ5b25lIGlu dm9sdmVkLgo+Cj5Db21lIHNlZSBtZSBhdCBhIGNvbiBhbmQgd2UgY2FuIGRpc2N1c3MgaXQgb3Zl ciBhIGJlZXIuICBCdXQgbm90IGhlcmUuIApSZW1pbmQgbWUgLSB3aG8gYXJlIHlvdSB0byBzZXQg dGhlIHN0YW5kYXJkcyB3aGF0IHBlb3BsZSBjYW4gdGVsbCBhbmQgd2hhdCBub3QgPwoKSSdtIG9m ZiB0aGlzIGxpc3QuIFRoaXMgaXMgcmlkaWN1bG91cy4gQW4gaW1wb3J0YW50IHRvcGljIGtpbGxl ZCBieSBzb21lIGRpY2toZWFkLgo+Cj4KPkRFUwo+LS0gCj5EYWctRXJsaW5nIFNtw7hyZ3JhdiAt ICBkZXNAZGVzLm5vCj5fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fXwo+ZnJlZWJzZC1zZWN1cml0eUBmcmVlYnNkLm9yZyBtYWlsaW5nIGxpc3QKPmh0dHBzOi8v bGlzdHMuZnJlZWJzZC5vcmcvbWFpbG1hbi9saXN0aW5mby9mcmVlYnNkLXNlY3VyaXR5Cj5UbyB1 bnN1YnNjcmliZSwgc2VuZCBhbnkgbWFpbCB0byAiIGZyZWVic2Qtc2VjdXJpdHktdW5zdWJzY3Jp YmVAZnJlZWJzZC5vcmcgIgoKQmVzdCByZWdhcmRzLApNYWlsIExpc3RzCm1saXN0c0BtYWlsLnJ1 Cg== From owner-freebsd-security@freebsd.org Sun Aug 6 22:16:36 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CD534DCD727 for ; Sun, 6 Aug 2017 22:16:36 +0000 (UTC) (envelope-from justin@coffman.tech) Received: from NAM03-CO1-obe.outbound.protection.outlook.com (mail-co1nam03on0134.outbound.protection.outlook.com [104.47.40.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "Microsoft IT SSL SHA2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 81F65709C8 for ; Sun, 6 Aug 2017 22:16:35 +0000 (UTC) (envelope-from justin@coffman.tech) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=coffman.tech; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=gcCGee70Ki7gwbledMfaIOqmcU9q5VioTIlrtYtzXUU=; b=IdWhbOByhzYYwaUNph5wBEHz3TeHNTRoMFH+lViWuuQba4CFuQXoOWcK8JT0Xtnv5oS2N2KPuXrV413fqEtiNmwyrFmRAv72zOEmVxE1cckcrKHhkc0OTDBrWtwnGU8WW4P2qiNwy9NrgckZ4e9QVu9Apuawely4DpbnKseyks0= Received: from CY1PR15MB0507.namprd15.prod.outlook.com (10.163.235.152) by CY1PR15MB0506.namprd15.prod.outlook.com (10.163.235.151) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.1.1320.16; Sun, 6 Aug 2017 22:16:33 +0000 Received: from CY1PR15MB0507.namprd15.prod.outlook.com ([10.163.235.152]) by CY1PR15MB0507.namprd15.prod.outlook.com ([10.163.235.152]) with mapi id 15.01.1320.012; Sun, 6 Aug 2017 22:16:33 +0000 From: Justin Coffman To: "freebsd-security@freebsd.org" Subject: RE: Re[2]: DefCon lecture BSD Kern Vulns Thread-Topic: Re[2]: DefCon lecture BSD Kern Vulns Thread-Index: AQHTDv9IEQbwUXx++0qLBfvMGQRp3aJ342dw Date: Sun, 6 Aug 2017 22:16:32 +0000 Message-ID: References: <26de0aed-8151-6105-188f-ad0c6c6cf8b8@erdgeist.org> <867eyoshn0.fsf@desk.des.no> <1502056712.286617076@f387.i.mail.ru> In-Reply-To: <1502056712.286617076@f387.i.mail.ru> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=justin@coffman.tech; x-originating-ip: [23.120.29.137] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; CY1PR15MB0506; 6:P9NtAH+E/2in3QD4MXRqWhZO+3TANk6DiL2589WcIEnAgCegkEFxOTx/kb8MV8H8/eEosJXShfXCTBB1DvBwTvhazXxM5vKc/PQcsJ+Y3abPLZAOVe/sYesaCpV7LfRqHZGkKnLaynLginIR1tPLZz11wzWPIBru6fCC3DbxVQSj1o/3LgqDRLd1sX5nHSlk3jg0oeYYj3OfKUJEjyxdG5pnD3Z+A1qrjhdjJJ05pm3FvjeocehAwYVzmmIPMR+/2ZqAhDpln2wZZ436k+Hi8Cb+2/bxYKI2QNwJL+JcvbJWkH9Jf9eMRX9ilY+5wPSZ/LEmgZvSekJK+sBP96PX0A==; 5:7Su7k/CylmrTWPAaCGcl/cwnH6TWR9wiyo9TGhf7pKxaKBxbPg+m51fqhTP1y0FLU2HtVPH9tMOrxA8HA9KH4DmfklTOGL8dR3cTOiqJb6YL1jNdiPMTDij1zamVrDt6gAVpQxVQgLpQIGHA4qH2rg==; 24:6WeP2vHQ58eNdrA4AchfLFedsZRvQMkPxIS6Tqb9WuVlkUSP2+cbcjPZC5xEe1pH0zjjdhR/UlQi0bxEdrZG80oog3sSc9SQenxPUpSE/GY=; 7:/Q0Un13onhZqwkGgndy+b2+tDWQG6iEkIeQ6XAlNaaDlL2RwmvBf0dvVj1h1GjEyb33NplekONGsPcpNw7D1NPDbOkoXNcL3c+bjk6+j7/LMgWqVGVgplqSLIg6ZTDzzXM5qkhaOf54mQB9eVkWfH6PAJI4kaLclUUkQs3qMUWg1F9J881N2odRsXH1n6lw6FaIa/kJ2lgp8q1z3shF8cHe91b8CDlwZdwbwPpWXa3E= x-ms-exchange-antispam-srfa-diagnostics: SSOS; x-ms-office365-filtering-correlation-id: 63f84011-8211-4464-4f18-08d4dd18cbae x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254152)(2017082002075)(300000503095)(300135400095)(2017052603031)(201703131423075)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095); SRVR:CY1PR15MB0506; x-ms-traffictypediagnostic: CY1PR15MB0506: x-exchange-antispam-report-test: UriScan:; x-microsoft-antispam-prvs: x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(601004)(2401047)(8121501046)(5005006)(100000703101)(100105400095)(93006095)(93001095)(10201501046)(3002001)(6041248)(201703131423075)(201703061421075)(2016111802025)(20161123562025)(20161123558100)(20161123560025)(20161123564025)(20161123555025)(6043046)(6072148)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:CY1PR15MB0506; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:CY1PR15MB0506; x-forefront-prvs: 039178EF4A x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(39450400003)(39400400002)(189002)(199003)(377454003)(5640700003)(229853002)(74316002)(93886004)(189998001)(77096006)(66066001)(14454004)(2950100002)(6916009)(55016002)(9686003)(6116002)(3846002)(7736002)(102836003)(305945005)(6436002)(25786009)(2501003)(86362001)(99286003)(2351001)(106356001)(53936002)(3660700001)(97736004)(6246003)(7696004)(33656002)(105586002)(2900100001)(101416001)(8676002)(68736007)(38730400002)(54356999)(76176999)(81166006)(110136004)(81156014)(50986999)(8936002)(508600001)(3280700002)(6506006)(5660300001)(2906002); DIR:OUT; SFP:1102; SCL:1; SRVR:CY1PR15MB0506; H:CY1PR15MB0507.namprd15.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; received-spf: None (protection.outlook.com: coffman.tech does not designate permitted sender hosts) spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-OriginatorOrg: coffman.tech X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Aug 2017 22:16:32.9734 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: f4e59414-f867-4c87-a750-c2e088450489 X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR15MB0506 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 06 Aug 2017 22:16:36 -0000 PiA+TW9uZGF5LCBKdWx5IDMxLCAyMDE3IDQ6MjAgUE0gVVRDIGZyb20gRGFnLUVybGluZyBTbcO4 cmdyYXYNCj4gPGRlc0BkZXMubm8+Og0KPiA+DQo+ID5CaWcgTGVib3dza2kgPCBzcGFua3RoZXNw YW1AZ21haWwuY29tID4gd3JpdGVzOg0KPiA+PiBEYWctRXJsaW5nIFNtw7hyZ3JhdiA8IGRlc0Bk ZXMubm8gPiB3cml0ZXM6DQo+ID4+ID4gVGhlcmUgYXJlIGRlY2FkZXMgb2YgaGlzdG9yeSBoZXJl IG9mIHdoaWNoIHlvdSBhcmUgY2xlYXJseSB1bmF3YXJlLg0KPiA+PiA+IFlvdSBtYXkgaGF2ZSB0 aGUgYmVzdCBvZiBpbnRlbnRpb25zLCBidXQgbm90aGluZyBnb29kIHdpbGwgY29tZSBvZg0KPiA+ PiA+IHJhaXNpbmcgdGhpcyB0b3BpYyBoZXJlIGFuZCBub3cuICBKdXN0IGRyb3AgaXQuDQo+ID4+ IERlcywgcGxlYXNlLCBzdG9wIGRvaW5nIHRoYXQuIFlvdSdyZSBncmVhdGVzdCBleGFtcGxlIG9m IGNhbnQtYmUtZG9uZQ0KPiA+PiBhYm91dCBhbG1vc3QgYW55dGhpbmcgYW55b25lIGFza3MgZm9y IG9uIHRoaXMgbGlzdC4NCj4gPj4NCj4gPj4gTWljaGVsbGUsIHBsZWFzZSwgZG9uJ3Qgc3RvcC4g S2VlcCB0YWxraW5nLCBrZWVwIGFza2luZywgYW5kIG1heWJlDQo+ID4+IG9uZSBkYXkgYSBuZXcg YnJlZWQgb2YgcGVvcGxlIHdobyBkb24ndCBjYXJlIGFib3V0IGNhbnQtYmUtZG9uZSBvcg0KPiA+ PiAnZGVjYWRlcyBvZiBoaXN0b3J5JyB3aWxsIGdldCB0aGluZ3MgZG9uZS4NCj4gPg0KPiA+Tm8u ICBZb3UgdHJ1bHkgaGF2ZSBubyBpZGVhLiAgWW91J3JlIHBvdXJpbmcgZ2Fzb2xpbmUgb24gYSBm aXJlIGFuZA0KPiA+aW5hZHZlcnRhbnRseSBpbnN1bHRpbmcgZXZlcnlvbmUgaW52b2x2ZWQuDQo+ ID4NCj4gPkNvbWUgc2VlIG1lIGF0IGEgY29uIGFuZCB3ZSBjYW4gZGlzY3VzcyBpdCBvdmVyIGEg YmVlci4gIEJ1dCBub3QgaGVyZS4NCj4gUmVtaW5kIG1lIC0gd2hvIGFyZSB5b3UgdG8gc2V0IHRo ZSBzdGFuZGFyZHMgd2hhdCBwZW9wbGUgY2FuIHRlbGwgYW5kIHdoYXQNCj4gbm90ID8NCj4gDQo+ IEknbSBvZmYgdGhpcyBsaXN0LiBUaGlzIGlzIHJpZGljdWxvdXMuIEFuIGltcG9ydGFudCB0b3Bp YyBraWxsZWQgYnkgc29tZSBkaWNraGVhZC4NCg0KQXMgYSBjb21wbGV0ZSBuZXdjb21lciB0byB0 aGlzIGxpc3QsIHNlZWluZyBhIGZhaXJseSB3ZWxsLXdyaXR0ZW4gbWVzc2FnZSByZXNwb25kZWQg dG8gaW4gc3VjaCBhbiBhcnJvZ2FudCBhbmQsIGZyYW5rbHksIGlkaW90aWMgbWFubmVyIGRvZXMg bm90IHJlZmxlY3Qgd2VsbCB1cG9uIHRoaXMgcHJvamVjdC4NCg0KIlRoZXJlIGFyZSBkZWNhZGVz IG9mIGhpc3RvcnkgaGVyZSBvZiB3aGljaCB5b3UgYXJlIGNsZWFybHkgdW5hd2FyZS4iDQoiTm8u ICBZb3UgdHJ1bHkgaGF2ZSBubyBpZGVhLiINCg0KV2FzIHlvdXIgaW50ZW50IHRvIHNvdW5kIGxp a2UgYSBrbm93LWl0LWFsbCBoaXBzdGVyPyBJZiBub3QsIHJlY29uc2lkZXIgeW91ciBhcHByb2Fj aC4gSWYgc28sIFNFUklPVVNMWSByZWNvbnNpZGVyIHlvdXIgYXBwcm9hY2guDQoNCk1pY2hlbGxl IGhhcyBhIHBvaW50LiBJIHN1Ym1pdHRlZCBhIFBSIG9uIGEgcG9ydCBhbmQgd2FpdGVkIFRXTyBZ RUFSUyB0byBiZSB0b2xkICJ5b3VyIHBhdGNoIGlzIGluIHRoZSB3cm9uZyBmb3JtLiIgVGhlcmUg YXJlIHJlYXNvbmFibGUgYW5kIHJlYWxpc3RpYyBjcml0aWNpc21zIHRoYXQgZGVtYW5kIHJlYXNv bmFibGUgcmVzcG9uc2VzLiBEYWcsIHlvdXIgcmVzcG9uc2UgZmVsbCBGQVIgc2hvcnQgaW4gdGhl IHJlYXNvbmFibGVuZXNzIHRlc3QuDQo= From owner-freebsd-security@freebsd.org Mon Aug 7 10:40:44 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 69C38DCA585 for ; Mon, 7 Aug 2017 10:40:44 +0000 (UTC) (envelope-from michelle@sorbs.net) Received: from hades.sorbs.net (hades.sorbs.net [72.12.213.40]) by mx1.freebsd.org (Postfix) with ESMTP id 46F5C64CB5 for ; Mon, 7 Aug 2017 10:40:43 +0000 (UTC) (envelope-from michelle@sorbs.net) MIME-version: 1.0 Content-transfer-encoding: 8BIT Content-type: text/plain; charset=UTF-8; format=flowed Received: from isux.com (firewall.isux.com [213.165.190.213]) by hades.sorbs.net (Oracle Communications Messaging Server 7.0.5.29.0 64bit (built Jul 9 2013)) with ESMTPSA id <0OUB00H2HA0RZ700@hades.sorbs.net> for freebsd-security@freebsd.org; Mon, 07 Aug 2017 03:48:29 -0700 (PDT) Subject: Re: DefCon lecture BSD Kern Vulns To: Mail Lists , =?UTF-8?Q?Dag-Erling_Sm=c3=b8rgrav?= Cc: freebsd-security , Big Lebowski References: <26de0aed-8151-6105-188f-ad0c6c6cf8b8@erdgeist.org> <867eyoshn0.fsf@desk.des.no> <1502056712.286617076@f387.i.mail.ru> From: Michelle Sullivan Message-id: Date: Mon, 07 Aug 2017 12:40:34 +0200 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:51.0) Gecko/20100101 Firefox/51.0 SeaMonkey/2.48 In-reply-to: <1502056712.286617076@f387.i.mail.ru> X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Aug 2017 10:40:44 -0000 Mail Lists wrote: > > > > Monday, July 31, 2017 4:20 PM UTC from Dag-Erling Smørgrav > : > > Big Lebowski > writes: > > Dag-Erling Smørgrav > writes: > > > There are decades of history here of which you are clearly > unaware. > > > You may have the best of intentions, but nothing good will come of > > > raising this topic here and now. Just drop it. > > Des, please, stop doing that. You're greatest example of > cant-be-done > > about almost anything anyone asks for on this list. > > > > Michelle, please, don't stop. Keep talking, keep asking, and > maybe one > > day a new breed of people who don't care about cant-be-done or > > 'decades of history' will get things done. > > No. You truly have no idea. You're pouring gasoline on a fire and > inadvertantly insulting everyone involved. > > Come see me at a con and we can discuss it over a beer. But not here. > > Remind me - who are you to set the standards what people can tell and > what not ? > > I'm off this list. This is ridiculous. An important topic killed by > some dickhead. Don't be like that, it is important, but there is a lot of bad blood as well... one can only ask from time to time. -- Michelle Sullivan http://www.mhix.org/ From owner-freebsd-security@freebsd.org Mon Aug 7 21:08:12 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 265F3DC8B38 for ; Mon, 7 Aug 2017 21:08:12 +0000 (UTC) (envelope-from mlists@mail.ru) Received: from fallback.mail.ru (fallback7.mail.ru [94.100.181.128]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 9F33F82CE6 for ; Mon, 7 Aug 2017 21:08:10 +0000 (UTC) (envelope-from mlists@mail.ru) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mail.ru; s=mail2; h=References:In-Reply-To:Content-Type:Message-ID:Reply-To:Date:MIME-Version:Subject:Cc:To:From; bh=I7hmC5k19ydC8GzU7j1RRaWzMQVWIrkR1I9/sOQJlG0=; b=ZwhSgFOOAQ18TU1RYJ6fitzi7wvQVIFh7WHD0bugpkfC24afHqTSOn96XmNUOELXn+pKv0IZ+ij8Vjo8Pzd4xPU4Q9+TVBeAfaQSKQqOWcvUsLLFabDkqF6UbFnvBvOEgTS8cM6v7ksXVPhU8+36fDXBXbKRaVRpPEV/lf9RzX0=; Received: from [10.161.22.12] (port=51382 helo=f281.i.mail.ru) by fallback7.mail.ru with esmtp (envelope-from ) id 1depFu-000472-MA for freebsd-security@freebsd.org; Tue, 08 Aug 2017 00:08:06 +0300 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mail.ru; s=mail2; h=References:In-Reply-To:Content-Type:Message-ID:Reply-To:Date:MIME-Version:Subject:Cc:To:From; bh=I7hmC5k19ydC8GzU7j1RRaWzMQVWIrkR1I9/sOQJlG0=; b=ZwhSgFOOAQ18TU1RYJ6fitzi7wvQVIFh7WHD0bugpkfC24afHqTSOn96XmNUOELXn+pKv0IZ+ij8Vjo8Pzd4xPU4Q9+TVBeAfaQSKQqOWcvUsLLFabDkqF6UbFnvBvOEgTS8cM6v7ksXVPhU8+36fDXBXbKRaVRpPEV/lf9RzX0=; Received: by f281.i.mail.ru with local (envelope-from ) id 1depFl-00089K-Po; Tue, 08 Aug 2017 00:07:58 +0300 Received: by e.mail.ru with HTTP; Tue, 08 Aug 2017 00:07:57 +0300 From: =?UTF-8?B?TWFpbCBMaXN0cw==?= To: =?UTF-8?B?SnVzdGluIENvZmZtYW4=?= Cc: =?UTF-8?B?ZnJlZWJzZC1zZWN1cml0eUBmcmVlYnNkLm9yZw==?= Subject: =?UTF-8?B?UmVbNF06IERlZkNvbiBsZWN0dXJlIEJTRCBLZXJuIFZ1bG5z?= MIME-Version: 1.0 X-Mailer: Mail.Ru Mailer 1.0 Date: Tue, 08 Aug 2017 00:07:57 +0300 Reply-To: =?UTF-8?B?TWFpbCBMaXN0cw==?= X-Priority: 3 (Normal) Message-ID: <1502140077.38672730@f281.i.mail.ru> X-7FA49CB5: 0D63561A33F958A5E2AECAB80E5B780819577E3A9403C97842C34BB212CE4A8D725E5C173C3A84C3E76BCF12F50286D6237E3634FD34B5A3843AE0F20224B8D0C4224003CC836476C0CAF46E325F83A50BF2EBBBDD9D6B0F2AF38021CC9F462D574AF45C6390F7469DAA53EE0834AAEE X-Mailru-Sender: A8CA7AD2802F574B0A76188E7CE1FD4052375E315CF9BEB661EE98C87587476548C8349BF2B1FB5800A3655CE2C2AAC883193231EC7EC0AE77D8BEBA1145ED8A9654EF9EE9506939084FC5D43BF2ED4F3F47A34ADFEC1A42FE54A48919C7EC2BD0169805F923CF22AE208404248635DF X-Mras: OK X-Spam: undefined In-Reply-To: References: <26de0aed-8151-6105-188f-ad0c6c6cf8b8@erdgeist.org> <1502056712.286617076@f387.i.mail.ru> X-Mras: OK Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: base64 X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 07 Aug 2017 21:08:12 -0000 CgoKPlN1bmRheSwgQXVndXN0ICA2LCAyMDE3IDEwOjE3IFBNIFVUQyBmcm9tIEp1c3RpbiBDb2Zm bWFuIHZpYSBmcmVlYnNkLXNlY3VyaXR5IDxmcmVlYnNkLXNlY3VyaXR5QGZyZWVic2Qub3JnPjoK Pgo+PiA+TW9uZGF5LCBKdWx5IDMxLCAyMDE3IDQ6MjAgUE0gVVRDIGZyb20gRGFnLUVybGluZyBT bcO4cmdyYXYKPj4gPCBkZXNAZGVzLm5vID46Cj4+ID4KPj4gPkJpZyBMZWJvd3NraSA8ICBzcGFu a3RoZXNwYW1AZ21haWwuY29tID4gd3JpdGVzOgo+PiA+PiBEYWctRXJsaW5nIFNtw7hyZ3JhdiA8 ICBkZXNAZGVzLm5vID4gd3JpdGVzOgo+PiA+PiA+IFRoZXJlIGFyZSBkZWNhZGVzIG9mIGhpc3Rv cnkgaGVyZSBvZiB3aGljaCB5b3UgYXJlIGNsZWFybHkgdW5hd2FyZS4KPj4gPj4gPiBZb3UgbWF5 IGhhdmUgdGhlIGJlc3Qgb2YgaW50ZW50aW9ucywgYnV0IG5vdGhpbmcgZ29vZCB3aWxsIGNvbWUg b2YKPj4gPj4gPiByYWlzaW5nIHRoaXMgdG9waWMgaGVyZSBhbmQgbm93LiAgSnVzdCBkcm9wIGl0 Lgo+PiA+PiBEZXMsIHBsZWFzZSwgc3RvcCBkb2luZyB0aGF0LiBZb3UncmUgZ3JlYXRlc3QgZXhh bXBsZSBvZiBjYW50LWJlLWRvbmUKPj4gPj4gYWJvdXQgYWxtb3N0IGFueXRoaW5nIGFueW9uZSBh c2tzIGZvciBvbiB0aGlzIGxpc3QuCj4+ID4+Cj4+ID4+IE1pY2hlbGxlLCBwbGVhc2UsIGRvbid0 IHN0b3AuIEtlZXAgdGFsa2luZywga2VlcCBhc2tpbmcsIGFuZCBtYXliZQo+PiA+PiBvbmUgZGF5 IGEgbmV3IGJyZWVkIG9mIHBlb3BsZSB3aG8gZG9uJ3QgY2FyZSBhYm91dCBjYW50LWJlLWRvbmUg b3IKPj4gPj4gJ2RlY2FkZXMgb2YgaGlzdG9yeScgd2lsbCBnZXQgdGhpbmdzIGRvbmUuCj4+ID4K Pj4gPk5vLiAgWW91IHRydWx5IGhhdmUgbm8gaWRlYS4gIFlvdSdyZSBwb3VyaW5nIGdhc29saW5l IG9uIGEgZmlyZSBhbmQKPj4gPmluYWR2ZXJ0YW50bHkgaW5zdWx0aW5nIGV2ZXJ5b25lIGludm9s dmVkLgo+PiA+Cj4+ID5Db21lIHNlZSBtZSBhdCBhIGNvbiBhbmQgd2UgY2FuIGRpc2N1c3MgaXQg b3ZlciBhIGJlZXIuICBCdXQgbm90IGhlcmUuCj4+IFJlbWluZCBtZSAtIHdobyBhcmUgeW91IHRv IHNldCB0aGUgc3RhbmRhcmRzIHdoYXQgcGVvcGxlIGNhbiB0ZWxsIGFuZCB3aGF0Cj4+IG5vdCA/ Cj4+IAo+PiBJJ20gb2ZmIHRoaXMgbGlzdC4gVGhpcyBpcyByaWRpY3Vsb3VzLiBBbiBpbXBvcnRh bnQgdG9waWMga2lsbGVkIGJ5IHNvbWUgZGlja2hlYWQuCj4KPkFzIGEgY29tcGxldGUgbmV3Y29t ZXIgdG8gdGhpcyBsaXN0LCBzZWVpbmcgYSBmYWlybHkgd2VsbC13cml0dGVuIG1lc3NhZ2UgcmVz cG9uZGVkIHRvIGluIHN1Y2ggYW4gYXJyb2dhbnQgYW5kLCBmcmFua2x5LCBpZGlvdGljIG1hbm5l ciBkb2VzIG5vdCByZWZsZWN0IHdlbGwgdXBvbiB0aGlzIHByb2plY3QuCnRoZSBuZXh0IHF1ZXN0 aW9uIGlzLCBvZiBjb3Vyc2U6IHdoeSB3b3VsZCBhbnlvbmUgd2FudCB0byBzaGlmdCBkaXNjdXNz aW9uIG92ZXIgc2VjdXJpdHkgaW4gZ2VuZXJhbCBhd2F5IGZyb20gdGhlIHB1YmxpYywgYW5kIGlu dG8gaGlzIG93biwgc2VjcmV0aXZlIG1lZXRpbmdzID8KCkkgbGVhdmUgdGhlIGFuc3dlciBmb3Ig ZXZlcnlvbmUgdG8gZGVjaWRlIGZvciB0aGVtc2VsdmVzLgpXaGF0IEkgc2F3IG9uIHRoZSBkZWZj b24gc2xpZGUsIGlzIGxheW1hbi1saWtlIGNvZGUgcXVhbGl0eS4gRXZlbiBJICghKSBjb3VsZCBk byBhIGxvdCBiZXR0ZXIuClRoaXMgaXMgX19yaWRpY3Vsb3VzX18uCgpUaGUgRnJlZWJzZCBmb3Vu ZGF0aW9uIGhhcyBtb25leSAoSSBoZWFyZCAxbWlsbGlvbiBmcm9tIHRoZSBXaGF0c2FwcCBmb3Vu ZGVyID8pLiAKCldoYXQgSSB0aGluayBpcyBoYXBwZW5pbmcgaGVyZSBieSB0aGlzIGlkaW90aWMs IGRlbW9yYWxpc2luZyBhbmQgdW5jb25zdHJ1Y3RpdmUgYW5kIGNvbnZlcnNhdGlvbi1kZXN0cm95 aW5nIGFwcHJvYWNoIG9mIE1yIGRlcyBTbW9lcmVicmVhZCBpcyB0aGUgZm9sbG93aW5nOiB3ZSAo dGhlIHVzZXJzIG9yIG90aGVycykgYXJlIGJlaW5nIHBhdHJvbmlzZWQgYnkgc29tZSBtZW1iZXJz ICguLikgYXMgdGhleSBiZWxpZXZlIGl0IGlzIHVzdXMgdG8gaGF2ZSB0aGUgcGVvcGxlIHdhdGNo ZWQgb3ZlciAtIGlmIHRoZXkgYWxsIGRvIHdoYXQgaXMgImZvciB0aGUgZ3JlYXRlciBnb29kIiwg aWYgdGhleSBhbGwgZG8gd2hhdCB0aGUgImdvdmVybm9ycyIgdGhpbmsgaXMgbWVhbnQgZm9yIHVz IHRvIGRvLiBNciBEZXMgc2VlbXMgYSB0eXBpY2FsIGZpZ3VyZSBpbiByZXByZXNlbnRpbmcvc3Vw cG9ydGluZyBzZWNyZXQgc2VydmljZXMgc28gdGhhdCAiaGlzIHdvcmxkIiBpcyBmaW5lLiBNZWFu aW5nLCB0aGUgYmxvY2thZ2Ugb2YgZGlzY3Vzc2lvbiBhbmQgb2YgYXJndW1lbnRzIGhhcyBvbmx5 IE9ORSByZWFzb246IHNlZSBkYXMgRHJpdHRlIFJlaWNoIC0gdGhlIFRoaXJkIFJlaWNrLiBFdGMu IGV0Yy4KCkkgd2lsbCBub3QgY29udGludWUgdXNpbmcgZnJlZWJzZCB3aGVuIEkgaGF2ZSB0aGUg aW1wcmVzc2lvbiB0aGF0IHRoaXMgaXMgd2hhdCBpcyBnb2luZyBvbi4gQ2VydGFpbmx5IG5vdC4g CgoKCj4KPiJUaGVyZSBhcmUgZGVjYWRlcyBvZiBoaXN0b3J5IGhlcmUgb2Ygd2hpY2ggeW91IGFy ZSBjbGVhcmx5IHVuYXdhcmUuIgo+Ik5vLiAgWW91IHRydWx5IGhhdmUgbm8gaWRlYS4iCj4KPldh cyB5b3VyIGludGVudCB0byBzb3VuZCBsaWtlIGEga25vdy1pdC1hbGwgaGlwc3Rlcj8gSWYgbm90 LCByZWNvbnNpZGVyIHlvdXIgYXBwcm9hY2guIElmIHNvLCBTRVJJT1VTTFkgcmVjb25zaWRlciB5 b3VyIGFwcHJvYWNoLgo+Cj5NaWNoZWxsZSBoYXMgYSBwb2ludC4gSSBzdWJtaXR0ZWQgYSBQUiBv biBhIHBvcnQgYW5kIHdhaXRlZCBUV08gWUVBUlMgdG8gYmUgdG9sZCAieW91ciBwYXRjaCBpcyBp biB0aGUgd3JvbmcgZm9ybS4iIFRoZXJlIGFyZSByZWFzb25hYmxlIGFuZCByZWFsaXN0aWMgY3Jp dGljaXNtcyB0aGF0IGRlbWFuZCByZWFzb25hYmxlIHJlc3BvbnNlcy4gRGFnLCB5b3VyIHJlc3Bv bnNlIGZlbGwgRkFSIHNob3J0IGluIHRoZSByZWFzb25hYmxlbmVzcyB0ZXN0Lgo+X19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KPmZyZWVic2Qtc2VjdXJpdHlA ZnJlZWJzZC5vcmcgbWFpbGluZyBsaXN0Cj5odHRwczovL2xpc3RzLmZyZWVic2Qub3JnL21haWxt YW4vbGlzdGluZm8vZnJlZWJzZC1zZWN1cml0eQo+VG8gdW5zdWJzY3JpYmUsIHNlbmQgYW55IG1h aWwgdG8gIiBmcmVlYnNkLXNlY3VyaXR5LXVuc3Vic2NyaWJlQGZyZWVic2Qub3JnICIKCkJlc3Qg cmVnYXJkcywKTWFpbCBMaXN0cwptbGlzdHNAbWFpbC5ydQo= From owner-freebsd-security@freebsd.org Tue Aug 8 02:52:57 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DBDC7DB5130 for ; Tue, 8 Aug 2017 02:52:57 +0000 (UTC) (envelope-from dewayne.geraghty@heuristicsystems.com.au) Received: from hermes.heuristicsystems.com.au (hermes.heuristicsystems.com.au [203.41.22.115]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "hermes.heuristicsystems.com.au", Issuer "Heuristic Systems Type 4 Host CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 172B56ACA1 for ; Tue, 8 Aug 2017 02:52:55 +0000 (UTC) (envelope-from dewayne.geraghty@heuristicsystems.com.au) Received: from [10.0.5.3] (ewsw01.hs [10.0.5.3]) (authenticated bits=0) by hermes.heuristicsystems.com.au (8.15.2/8.15.2) with ESMTPSA id v782ovmU013618 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT); Tue, 8 Aug 2017 12:50:58 +1000 (AEST) (envelope-from dewayne.geraghty@heuristicsystems.com.au) X-Authentication-Warning: b3.hs: Host ewsw01.hs [10.0.5.3] claimed to be [10.0.5.3] Subject: Re: DefCon lecture BSD Kern Vulns Cc: Mark Linimon References: <26de0aed-8151-6105-188f-ad0c6c6cf8b8@erdgeist.org> <1502056712.286617076@f387.i.mail.ru> <1502140077.38672730@f281.i.mail.ru> From: Dewayne Geraghty To: "freebsd-security@freebsd.org" Message-ID: <548e8f01-7150-b8e9-8ef1-474dc81edc62@heuristicsystems.com.au> Date: Tue, 8 Aug 2017 12:50:58 +1000 User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Thunderbird/52.2.0 In-Reply-To: <1502140077.38672730@f281.i.mail.ru> Content-Language: en-AU MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Aug 2017 02:52:58 -0000 From owner-freebsd-security@freebsd.org Tue Aug 8 05:38:26 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3DCECDC345E for ; Tue, 8 Aug 2017 05:38:26 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 9AFED70320 for ; Tue, 8 Aug 2017 05:38:24 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from localhost (localhost [127.0.0.1]) by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id v785cCr7098911; Tue, 8 Aug 2017 15:38:13 +1000 (EST) (envelope-from smithi@nimnet.asn.au) Date: Tue, 8 Aug 2017 15:38:12 +1000 (EST) From: Ian Smith To: Dewayne Geraghty cc: "freebsd-security@freebsd.org" , Mark Linimon Subject: Re: DefCon lecture BSD Kern Vulns In-Reply-To: <548e8f01-7150-b8e9-8ef1-474dc81edc62@heuristicsystems.com.au> Message-ID: <20170808153637.Y58816@sola.nimnet.asn.au> References: <26de0aed-8151-6105-188f-ad0c6c6cf8b8@erdgeist.org> <1502056712.286617076@f387.i.mail.ru> <1502140077.38672730@f281.i.mail.ru> <548e8f01-7150-b8e9-8ef1-474dc81edc62@heuristicsystems.com.au> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Aug 2017 05:38:26 -0000 On Tue, 8 Aug 2017, Dewayne Geraghty wrote: > > Indeed, there are times when it's best to say nothing :) From owner-freebsd-security@freebsd.org Wed Aug 9 07:09:47 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 30947DC4D01 for ; Wed, 9 Aug 2017 07:09:47 +0000 (UTC) (envelope-from orjan.tonder@gmail.com) Received: from mail-lf0-x22a.google.com (mail-lf0-x22a.google.com [IPv6:2a00:1450:4010:c07::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id ACAE5652CB for ; Wed, 9 Aug 2017 07:09:46 +0000 (UTC) (envelope-from orjan.tonder@gmail.com) Received: by mail-lf0-x22a.google.com with SMTP id g25so24143352lfh.1 for ; Wed, 09 Aug 2017 00:09:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=vR6YMlIPC/YGARx40ce325HVIggcL3qYIqWaSCIxKzc=; b=Da1azVDrxO/1S4ioqrOhIAov+yETDW50RjIscDEK5k05ZdIg42SaaQbreH6uFp98PR bEAIfwD2Tt0MRL+AqCjH9uGdLe+BEFsfIZodDGEyAhory9a4PdBSFLx9ZVgbxC+DeCzc kqkQOOEdemYAZ6l+g7qjw4bgLk7mzjIDe0wzPFZIIEhoBpOy3+GwO4yO+rqvfKTMyERp ziWzo9D07KLUq3Qz6/dwIxaOm3mn2OvHmG6TOxr+BEeduI/XZEUiBVdW7+vr53WLg0sH kgTebcl8PfgCdbm6p+lXlO+DxmSdnrnIP4Yhm5V8zTxnZHTbCiAUnrKORowHb3i5gFdC D/Kw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=vR6YMlIPC/YGARx40ce325HVIggcL3qYIqWaSCIxKzc=; b=J9xDIjZ+8xaGt38T1vzNCguktJW9kUz3mBuhUJs+arL5Iav3DdbUEYAdhNZMrGpvlo /JQn7UuVHYARNSmDSf2Ru+QP89dAqJshnZKb6cm2V0CQesf1UnL7xKIC9OiQX4ttXpZ5 OOpRxEgjhMkXX3rMSDFIyFpzVWqoFs07x195sapMIJBlpH85wRRUCW9TVKlIJtwkkAKR 5JpE1+/7wc3pt5lK3fFvibCjbP9nS6CcfiWoU7bev0TntlPJe9bUQqAZZBAxRt4mibss 0ckDRxixGsWNqjX3FwyxZh4my9ZO6U17KM1diROK+oRy8pFTyZUHjChTJr9olEJrDOuM qzmA== X-Gm-Message-State: AHYfb5i2eMvuCC056WekFMeHnMoLB8wD458F+/1kkfggvgRC40zmMQ1w qRgso247b/dH0iWcr4NDlA+PrMjFw3epPoA= X-Received: by 10.25.20.224 with SMTP id 93mr2176995lfu.140.1502262584391; Wed, 09 Aug 2017 00:09:44 -0700 (PDT) MIME-Version: 1.0 Received: by 10.25.206.7 with HTTP; Wed, 9 Aug 2017 00:09:43 -0700 (PDT) From: =?UTF-8?B?w5hyamFuIFTDuG5kZXI=?= Date: Wed, 9 Aug 2017 09:09:43 +0200 Message-ID: Subject: Re: DefCon lecture BSD Kern Vulns To: freebsd-security@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 Aug 2017 07:09:47 -0000 If one are too fix all of what Ilja van Sprundel pointed out here we need too put aside difference and work along side with each other, the newbie and the professor needs too talk the same language. It should't be this way that a bug that has been adressed two years ago get's no attention at all, and after two years it gets a brushed of because it didn't follow the right form what ever that means. Problem is that this pro person who said it wasn't the right form, killed of a patch that might have been a good solution on the problem with no guidance or anything. For all that the person who did this knew he brushed of someone that could have been a real asset, i never submit bug reports anymore cause of this. Why should i they are never followed up any how, mainly cause i am still just a newbie. my suggestion too all of you invite people into your code into the secret security world, let them try. And secret security people stop blaming the other bsd for this and that and see what they are doing, there is still alot too learn. -- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1 mQENBFUByQgBCAChgKlX3wlCovKXZG//oGdpVCFxiC8X6kSWC2pvdfcxgII/corC o2ndED6Zp9AEzBjT46ilzbwJkxPWB+Qq4oucj5zLSUrWb0pIszCWksFhOKEqJ87D lR0UXBpR5a9+SYqydVgRsyZmHGDAyWnneKvcp6MlYcsqYogC9xYJjK2K0r91f9pn vsQmiLJcNMPVWxQ+w7pEQFtntoHcKbZ0LaEG/hhEN2fOA8SNa3FYQ2bexLVtgFhR q+5VYyO89XWHH20ovoltRUOR7XvXNAY4GT6jMwi7QJ9FTTPFy7v1uGrBJbuDZ2fM gegRMbykNBtadztATpGAw9+be4879Cfzt6d7ABEBAAG0N8OYcmphbiBUw7huZGVy IChyZWFsIG5hbWUga2V5KSA8b3JqYW4udG9uZGVyQGdtYWlsLmNvbT6JATgEEwEC ACIFAlUByQgCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEJVR+IZRCu10 wuMH/2INhf+aLPTdH0xD9DLNQJXlxofhkKZtWxBLeHCcl0lHFjHDC65OQ/pyuqQZ KyevSdRo21uXv72YcAPLuCqxsuIOvpNoUpS36Cat8K8wK0zLS3XQlZI/wvP6qWse W/OYGM2VGuG7Sn5Mjx8BcSiUiAItfNTy+Ao1LIldywOtjHIaKDK5y+Ml4PWkSk1q H77XoIS/6QKDmAQzpOYoNgnR4R4pucHVrriCWW5A3vWktK4prcO8SI3Ci88JmL5v imDITMOFwlNBQD4j7e3T/qwBZ5DGsnQ4s4fe8Xd1sFx4UYRompH485RrUAWLJ+wS 65hEUQ9jx9w/68iDSr5PXI6Peaw= =1oDp -----END PGP PUBLIC KEY BLOCK----- From owner-freebsd-security@freebsd.org Thu Aug 10 00:38:14 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 233A8DD8FE7 for ; Thu, 10 Aug 2017 00:38:14 +0000 (UTC) (envelope-from rollingbits@gmail.com) Received: from mail-it0-x22a.google.com (mail-it0-x22a.google.com [IPv6:2607:f8b0:4001:c0b::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id DE151661C7 for ; Thu, 10 Aug 2017 00:38:13 +0000 (UTC) (envelope-from rollingbits@gmail.com) Received: by mail-it0-x22a.google.com with SMTP id 76so5946648ith.0 for ; Wed, 09 Aug 2017 17:38:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=FZOCylcZ4EzPp8phHjtvlBJMJV3Oa9zKJa8R+nDUjyI=; b=QlZ0BxAvSC/ClDra0d8FyEEVkaQtZt1RV0/tfJi2gB/psxipOx/KQBZVM+uAWOSP5S F/xe1NPgvFVfMOGJljEwvg53JyRfA33BXIvhcbJED/Zfk77/DmP1qNG9PkESCW0aNnn1 II38d+HXMkZAHCitUbFtSsmg//0FPKr/KCKEAnvx+182pTQu9xHRbLI4yAwPVvMO+425 B7z/foMCjg3gP7IXfW2jgwyBOYhF/S3EyY0jX6ps2nvVCVHkWP2mBpdl86ARSBropPQx 3Ibgfq9iK7etMGKtXKPdneZIDaEwZlKE2UJin2fXN7QU/g7DSW309NK3kuHGksIT3FB2 el3g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=FZOCylcZ4EzPp8phHjtvlBJMJV3Oa9zKJa8R+nDUjyI=; b=JK2rmd79Dolq8WL+f4MGX63yaBmW03ITsTXa6ie6/pgTAt8w+t/IrIfrIQrTAaEr15 sCA/s7ENXgYYngKa7a8tLfq5YBgU0u5pN2lzHEmG/TPB0kjXWC5NJ6BgIC5THl6DQCL3 AV3aWTsofARXCrstrOULmq6A12TJ8aJjXd94YABsnU9HnvbyE/phyZ9+aKEL5JI28Aas sxSsqHPd2EpgU/WTut0F5USJG3fgA6nADVXJJM4+Ry/xCIhQYfsML7vVhqjxHyZxcYAg wNFsJf+rOTeOQ/13+4cM3C6u4CiTXP287L4xJMymVAzQNrUYb+WOp0NgYEXsCpb1O4qf We0A== X-Gm-Message-State: AHYfb5gG8HAoIemk8xtkKQ6ebX4IJO4U0OGpO6hCT/V2hf1tW0oKK7dZ 7FJiulN/j0Kgvl76ZlryxuIZ7MFH4A== X-Received: by 10.36.69.73 with SMTP id y70mr10012357ita.94.1502325493148; Wed, 09 Aug 2017 17:38:13 -0700 (PDT) MIME-Version: 1.0 Received: by 10.36.112.143 with HTTP; Wed, 9 Aug 2017 17:38:12 -0700 (PDT) Received: by 10.36.112.143 with HTTP; Wed, 9 Aug 2017 17:38:12 -0700 (PDT) In-Reply-To: References: <26de0aed-8151-6105-188f-ad0c6c6cf8b8@erdgeist.org> <86y3r4ubvx.fsf@desk.des.no> <84c3e9d0-3d44-b310-a946-96eb0c54e79d@sorbs.net> <861sowy5ay.fsf@desk.des.no> From: "rollingbits (Lucas)" Date: Wed, 9 Aug 2017 21:38:12 -0300 Message-ID: Subject: Re: DefCon lecture BSD Kern Vulns To: freebsd-security@freebsd.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Aug 2017 00:38:14 -0000 ---------- Forwarded message ---------- From: "rollingbits (Lucas)" Date: Aug 9, 2017 9:36 PM Subject: Re: DefCon lecture BSD Kern Vulns To: "Dag-Erling Sm=C3=B8rgrav" Cc: On Jul 31, 2017 12:50 PM, "Dag-Erling Sm=C3=B8rgrav" wrote: Michelle Sullivan writes: > People should talk between, and maybe people should put security and > co-operation before pride and empires... [...] There are decades of history here of which you are clearly unaware. Your may have the best of intentions, but nothing good will come of raising this topic here and now. Just drop it. History continues... our lives are more connected. More peoples are involved. There are decades of examples of hacking and computer insecurities. l also think this project should be more aware of security. Some times I think that another period of plain bug hunting as happened in the long 4.x series will make wonders to the system. l ended here because of this mythical series, even. Other times I just think I misunderstood the engineering process: a bug hunting and integration phases are hidden somewere l still don't know. --=20 rollingbits -- =F0=9F=93=A7 rollingbits@gmail.com =F0=9F=93=A7 rollingbits@= terra.com.br =F0=9F=93=A7 rollingbits@yahoo.com =F0=9F=93=A7 rollingbits@globo.com From owner-freebsd-security@freebsd.org Thu Aug 10 07:28:26 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D8C39DC7E40 for ; Thu, 10 Aug 2017 07:28:26 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id BB44573BDD; Thu, 10 Aug 2017 07:28:26 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 1035) id 7A2021B5C4; Thu, 10 Aug 2017 07:28:25 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-17:06.openssh Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20170810072825.7A2021B5C4@freefall.freebsd.org> Date: Thu, 10 Aug 2017 07:28:25 +0000 (UTC) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Aug 2017 07:28:27 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-17:06.openssh Security Advisory The FreeBSD Project Topic: OpenSSH Denial of Service vulnerability Category: contrib Module: OpenSSH Announced: 2017-08-10 Affects: All supported versions of FreeBSD. Corrected: 2017-08-10 06:36:37 UTC (stable/11, 11.1-STABLE) 2017-08-10 06:59:07 UTC (releng/11.1, 11.1-RELEASE-p1) 2017-08-10 06:59:26 UTC (releng/11.0, 11.0-RELEASE-p12) 2017-08-10 06:36:37 UTC (stable/10, 10.3-STABLE) 2017-08-10 06:59:43 UTC (releng/10.3, 10.3-RELEASE-p21) CVE Name: CVE-2016-6515 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background OpenSSH is an implementation of the SSH protocol suite, providing an encrypted and authenticated transport for a variety of services, including remote shell access. OpenSSH supports a built-in password authentication method, which is enabled with PasswordAuthentication. This option is disabled by default on FreeBSD. II. Problem Description There is no limit on the password length. III. Impact A remote attacker may be able to cause an affected SSH server to use excessive amount of CPU by sending very long passwords, when PasswordAuthentication is enabled by the system administrator. IV. Workaround Disable PasswordAuthentication in /etc/ssh/sshd_config and restart sshd. This is the default FreeBSD configuration. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Restart SSH service. 2) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install Restart SSH service. 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/SA-17:06/openssh.patch # fetch https://security.FreeBSD.org/patches/SA-17:06/openssh.patch.asc # gpg --verify openssh.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . Restart the SSH daemon, or reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/10/ r322341 releng/10.3/ r322344 stable/11/ r322341 releng/11.0/ r322343 releng/11.1/ r322342 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.21 (FreeBSD) iQIzBAEBCgAdFiEEHPf/b631yp++G4yy7Wfs1l3PaucFAlmMBgIACgkQ7Wfs1l3P aucJdxAA08okYfV547zvlAnX0t2lzVY7k0EDpXJChmmOjTwcvWODXMCyfTzP0EQb E7QjGushlfGU8tgCrbcFf46r2NgDRlqf5/+QK/fIohcQNwfKwJV0J5oeICzTwwOY rAjgeg03T785nSiF/WyX3NsdWv/uVvJqalAqfohj4O1YUEkZPezDUdcys+ESvqAW ujEQId1sD3wlHcwZweFmN60hzHuqR2o6+/3G8aT9ZZG3v46nM6moZiUyF5vh1hEl 16y86kyAIrTb0cCpsUL3M6ajQ15y/EQEzQBCqMedGdWlJzOFZyxgsCikcCw+07pr u0NCrzq37E+8hQGFQk5ZoZxQb/8xaReQACi+RZeJAevWX0vOni6dCSWPMy6WqXOf D8CzEcZiT+fYB4/zev/xPxlF5onEw4gbTkgbu1KLvBD9AgSKu7MdPoxkpyOwolMs nAC084kl+yYJuxHAr7W58VdGPFDOHsvG6YYWQ4nwKjJqKGi24eOGQkOPUtBuJRYA Q8ISdE0VXiMmND0vhLNDh0Gjbupz3nBNoawGAGy9OsNqRhQ6ioYIte67Ku+ev7nz ydS8P72ExWuYQHsyVIoJviAAFnSPA2H15/tCES5Di8SkeLik7tQrI3SHOH0qd328 dl0l2VGnnWYsAgGa68Xksn/DZd07cdpp5q1GitqvMPeDBb8/Iaw= =FxJQ -----END PGP SIGNATURE----- From owner-freebsd-security@freebsd.org Fri Aug 11 02:41:35 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9395FCFFEDE; Fri, 11 Aug 2017 02:41:35 +0000 (UTC) (envelope-from marquis@roble.com) Received: from mx5.roble.com (mx5.roble.com [209.237.23.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx5.roble.com", Issuer "mx5.roble.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 88D1D80447; Fri, 11 Aug 2017 02:41:35 +0000 (UTC) (envelope-from marquis@roble.com) Received: from roble.com (roble.com [209.237.23.50]) by mx5.roble.com (Postfix) with ESMTP id 6CCF03D451; Thu, 10 Aug 2017 19:41:29 -0700 (PDT) Date: Thu, 10 Aug 2017 19:41:29 -0700 (PDT) From: Roger Marquis To: freebsd-security@freebsd.org cc: freebsd-pkg@freebsd.org Subject: pkg audit false negatives Message-ID: MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset=US-ASCII X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Aug 2017 02:41:35 -0000 In the past pkg-audit and even pkg-version have not been reliable tools where installed ports or packages have been subsequently discontinued or renamed. Today, however, I notice that dovecot2 is still showing up in the output of pkg-version despite the port having been renamed to dovecot (without the numeric suffix) several days ago. Does this mean there has been a policy change? If so does it cover pkg-audit as well? Roger From owner-freebsd-security@freebsd.org Fri Aug 11 15:14:33 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9D6D2DD5288; Fri, 11 Aug 2017 15:14:33 +0000 (UTC) (envelope-from remko@FreeBSD.org) Received: from smtp-out.elvandar.org (gandalf.elvandar.org [149.210.225.204]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 40F3F76269; Fri, 11 Aug 2017 15:14:32 +0000 (UTC) (envelope-from remko@FreeBSD.org) Received: from mail1.elvandar.org (mail1.elvandar.org [IPv6:2001:470:d701::3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp-out.elvandar.org (Postfix) with ESMTPS id 0C0E44707BD; Fri, 11 Aug 2017 17:14:29 +0200 (CEST) Received: from [10.0.2.17] (f239026.upc-f.chello.nl [80.56.239.26]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail1.elvandar.org (Postfix) with ESMTPSA id 45B7620C39; Fri, 11 Aug 2017 17:14:28 +0200 (CEST) From: Remko Lodder Message-Id: Content-Type: multipart/signed; boundary="Apple-Mail=_053F32CE-BC04-4500-AC9C-41D79BFFB0AC"; protocol="application/pgp-signature"; micalg=pgp-sha512 Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Subject: Re: pkg audit false negatives Date: Fri, 11 Aug 2017 17:14:28 +0200 In-Reply-To: Cc: freebsd-security@freebsd.org, freebsd-pkg@freebsd.org To: Roger Marquis References: X-Mailer: Apple Mail (2.3273) X-Rspamd-Queue-Id: 0C0E44707BD X-Spamd-Result: default: False [-6.43 / 15.00] RCVD_NO_TLS_LAST(0.00)[] HAS_ATTACHMENT(0.00)[] RCVD_COUNT_TWO(0.00)[2] FROM_HAS_DN(0.00)[] DMARC_NA(0.00)[FreeBSD.org] BAYES_HAM(-3.00)[100.00%] RCPT_COUNT_THREE(0.00)[3] MV_CASE(0.50)[] R_SPF_SOFTFAIL(0.00)[~all] TO_DN_SOME(0.00)[] MID_RHS_MATCH_FROM(0.00)[] TO_MATCH_ENVRCPT_ALL(0.00)[] RCVD_VIA_SMTP_AUTH(0.00)[] ARC_NA(0.00)[] ASN(0.00)[asn:6939, ipnet:2001:470::/32, country:US] FROM_EQ_ENVFROM(0.00)[] RECEIVED_SPAMHAUS(0.00)[26.239.56.80.zen.spamhaus.org] IP_SCORE(-3.73)[ip: (-8.76), ipnet: 2001:470::/32(-6.86), asn: 6939(-2.29), country: US(-0.74)] MIME_GOOD(-0.20)[multipart/signed,text/plain] R_DKIM_NA(0.00)[] X-Rspamd-Server: mx2.jr-hosting.nl X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Aug 2017 15:14:33 -0000 --Apple-Mail=_053F32CE-BC04-4500-AC9C-41D79BFFB0AC Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Hi Roger, > On 11 Aug 2017, at 04:41, Roger Marquis wrote: >=20 > In the past pkg-audit and even pkg-version have not been reliable = tools > where installed ports or packages have been subsequently discontinued = or > renamed. Today, however, I notice that dovecot2 is still showing up = in > the output of pkg-version despite the port having been renamed to > dovecot (without the numeric suffix) several days ago. Yes, there is a difference between renaming a port, and renaming the = vuxml (which is the database behind pkg audit etc.) entries. The entries are listed as = =E2=80=98dovecot2-*=E2=80=99 there and when renaming a port these entries should ideally be renamed too. It seems that that was not under consideration at the name change = moment(s). I=E2=80=99ll try to look into this (starting by prodding the person(s) = who did the rename) and asking them to rename the entries in vuxml as well. >=20 > Does this mean there has been a policy change? If so does it cover > pkg-audit as well? There had been no policy change. The application backend is just = matching on what was recorded at the moment it was added. Thanks for the notification though, we should add that to the = porters-handbook. Cheers REmko >=20 > Roger > _______________________________________________ > freebsd-security@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to = "freebsd-security-unsubscribe@freebsd.org" --Apple-Mail=_053F32CE-BC04-4500-AC9C-41D79BFFB0AC Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJZjcnUAAoJEHE1jtY/d0B5a7wP/jwjkobRgj1I4m471O5zFjEk h/gWhQlALUQSEOO2R/s4UlQDVDtbq4y+4IW0NVGBjps5JiYF8IQNMLtdhsM59TU+ XyQ+qLJKecTCX/pxIdgHg0ZwMnl5mvtozixMR41DVVHogxfaPjyiH0YhHBz0VMhG Q6P9sqY0N1aTBEg60yd0BB5zJ5OY4N3MX+sODxDif114RHly5codset2HRnESUhm Isv7bBw0463M2zjOHE94NuAJy7/bkep6IZ7HjyWAy6yBcIQ9AlHq9LzKvIlL7cZ4 ZBsbHQH7/4jwBzEZYJhu9mIyQn2nCHtmaFEyNpyhghBf/wms0p8y6X/shkLty/HP KaFGZ67azT0mtDR7XCrlNm3ciHeCC/xBWA9LVna+JFNuO5k2UKZn8wTYe34Ix+jl AVuPs2YvWFPrEtvOyi3rvlRABYajYr3pYZjDXZAnS0HBfxQcOAUlTljudoyJv/IV zn0raWOKKGsICYqn0ZndN3LOL6NmLXfZAR8+o6DzP5NCn3zMgNudK7y38uiAcTTy jeLW+O2Eeh+doxW5pHRJQqcjmE/ukZ8kksYankZpScX5joU6DO+XhvmaMH+6pVJ+ dqw9iX4FiW5rrCiIRgsprLl3eFDn67tzM+n7n5yaNlw9ICk2n12BK28K8iqOi5Ct /FCTg4Z5AiqNuCvh23uH =QAqC -----END PGP SIGNATURE----- --Apple-Mail=_053F32CE-BC04-4500-AC9C-41D79BFFB0AC-- From owner-freebsd-security@freebsd.org Fri Aug 11 18:45:47 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AE613DE0F9C; Fri, 11 Aug 2017 18:45:47 +0000 (UTC) (envelope-from remko@FreeBSD.org) Received: from smtp-out.elvandar.org (gandalf.elvandar.org [149.210.225.204]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 57CC482B69; Fri, 11 Aug 2017 18:45:46 +0000 (UTC) (envelope-from remko@FreeBSD.org) Received: from mail1.elvandar.org (f239026.upc-f.chello.nl [80.56.239.26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp-out.elvandar.org (Postfix) with ESMTPS id 3EE4F4707BD; Fri, 11 Aug 2017 20:45:43 +0200 (CEST) Received: from [10.0.2.17] (f239026.upc-f.chello.nl [80.56.239.26]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail1.elvandar.org (Postfix) with ESMTPSA id 636CF20CEA; Fri, 11 Aug 2017 20:45:42 +0200 (CEST) From: Remko Lodder Message-Id: Content-Type: multipart/signed; boundary="Apple-Mail=_46158FDB-4140-4B4D-98CB-BD699CFEF515"; protocol="application/pgp-signature"; micalg=pgp-sha512 Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Subject: Re: pkg audit false negatives Date: Fri, 11 Aug 2017 20:45:41 +0200 In-Reply-To: Cc: freebsd-security@freebsd.org, freebsd-pkg@freebsd.org To: Roger Marquis References: X-Mailer: Apple Mail (2.3273) X-Rspamd-Queue-Id: 3EE4F4707BD X-Spamd-Result: default: False [2.24 / 15.00] MID_RHS_MATCH_FROM(0.00)[] MV_CASE(0.50)[] TO_MATCH_ENVRCPT_ALL(0.00)[] TO_DN_SOME(0.00)[] RCVD_VIA_SMTP_AUTH(0.00)[] FROM_EQ_ENVFROM(0.00)[] ONCE_RECEIVED(0.10)[] RCVD_COUNT_ONE(0.00)[1] BAYES_HAM(-0.66)[82.73%] ARC_NA(0.00)[] ASN(0.00)[asn:6830, ipnet:80.56.0.0/16, country:AT] RCPT_COUNT_THREE(0.00)[3] RCVD_TLS_ALL(0.00)[] RECEIVED_SPAMHAUS(0.00)[26.239.56.80.zen.spamhaus.org] R_DKIM_NA(0.00)[] FROM_HAS_DN(0.00)[] MIME_GOOD(-0.20)[multipart/signed,text/plain] HAS_ATTACHMENT(0.00)[] RBL_SENDERSCORE(2.00)[26.239.56.80.bl.score.senderscore.com] IP_SCORE(0.50)[ip: (0.25), ipnet: 80.56.0.0/16(0.35), asn: 6830(2.20), country: AT(-0.30)] REPLY(-2.00)[] RBL_SPAMHAUS_PBL(2.00)[26.239.56.80.zen.spamhaus.org : 127.0.0.11] R_SPF_SOFTFAIL(0.00)[~all] DMARC_NA(0.00)[FreeBSD.org] X-Rspamd-Server: mx1.jr-hosting.nl X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Aug 2017 18:45:47 -0000 --Apple-Mail=_46158FDB-4140-4B4D-98CB-BD699CFEF515 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Hi Roger, > On 11 Aug 2017, at 17:14, Remko Lodder wrote: >=20 > Hi Roger, >=20 >> On 11 Aug 2017, at 04:41, Roger Marquis wrote: >>=20 >> In the past pkg-audit and even pkg-version have not been reliable = tools >> where installed ports or packages have been subsequently discontinued = or >> renamed. Today, however, I notice that dovecot2 is still showing up = in >> the output of pkg-version despite the port having been renamed to >> dovecot (without the numeric suffix) several days ago. >=20 It had been resolved for dovecot (it will now match both variants, since = people might still have the old variant of the port installed) and there is a new paragraph = added to the porters handbook which tells that we need to have a look at the vuxml entries. Hope this solves your issue, Remko --Apple-Mail=_46158FDB-4140-4B4D-98CB-BD699CFEF515 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJZjftVAAoJEHE1jtY/d0B5XxcP/0JRzGvtDdWeHacANuSPSCVx Yqzu7ni4k1NFJ6FNz1hRxgT2954mExr8ccOGZ9TyGih+sTORgNaCwvQHpVcgF/SW jjr/AFjQktUmsbZEeKMrHW8nQrGpcZ8xChTvvSTjKBduGq95YQX8lb2HUzmI+IzG SIOMsyn3kZxBfhL4cHb/2OYsXL4OfvsUKCXYQHs271i2uTuQ9Zr+7ejli1i+AcwJ lI1HHOZiQXC8Ai25vKowG5s6wY2rSvi3F7zkj+UdWxHLWq0G6pTUgVMX/2dulfhi KdJIGiyS8kVw0ilZzmqSsYpOr8GeIt5qjOGXvVnLOtU8GKclfJ+5xe5yccfvzgcP OPZl2IrzdWDlgiV2gdgjv7sljYxPG5P3iMSnuXeVvqEjhxdqQaIRk80IbwftuUXA ZeK3CNk8ch23uhZ2+15agVVMwfupC4MSb3LWOl7jMgUmji4Ldwn35CB9wdK00qre 3UJNSovWowbSh8Wq6V1lCiAS3D2aUzljAt+Zw51G1uvThQIgmMH0GoyBvBgMY+By ZhYttoZ8YP7UlFElBwGnRSpkkhk2JvI5AOmmMuBlAoG6hfo6zwN1y0gR3rtuJsUF A9Piwl/82VWiTdb7DR7JiJsOsOZyzS3xwvKSuzdSeNYWXZ0xP1hFcH8ydBeK/ieb G6JBfjDAwVJwuLHTyQ1/ =ZsdQ -----END PGP SIGNATURE----- --Apple-Mail=_46158FDB-4140-4B4D-98CB-BD699CFEF515-- From owner-freebsd-security@freebsd.org Fri Aug 11 21:47:38 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2F61DDC8F1F; Fri, 11 Aug 2017 21:47:38 +0000 (UTC) (envelope-from marquis@roble.com) Received: from mx5.roble.com (mx5.roble.com [209.237.23.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx5.roble.com", Issuer "mx5.roble.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 0FBFE65D19; Fri, 11 Aug 2017 21:47:37 +0000 (UTC) (envelope-from marquis@roble.com) Received: from roble.com (roble.com [209.237.23.50]) by mx5.roble.com (Postfix) with ESMTP id 1C8E43D04E; Fri, 11 Aug 2017 14:47:37 -0700 (PDT) Date: Fri, 11 Aug 2017 14:47:37 -0700 (PDT) From: Roger Marquis To: Remko Lodder cc: freebsd-security@freebsd.org, freebsd-pkg@freebsd.org Subject: Re: pkg audit false negatives In-Reply-To: Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Aug 2017 21:47:38 -0000 > It had been resolved for dovecot (it will now match both variants, since people might still have > the old variant of the port installed) and there is a new paragraph added to the porters handbook > which tells that we need to have a look at the vuxml entries. Thanks Remko. > Hope this solves your issue, It may for renamed ports/pkgs but doesn't appear to for deprecations. Once ports are dropped they do not show up in pkg-audit despite having been installed via pkg and/or ports. That's the false negative that appears to still be a problem. Roger From owner-freebsd-security@freebsd.org Fri Aug 11 21:55:19 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2EC2EDC987F; Fri, 11 Aug 2017 21:55:19 +0000 (UTC) (envelope-from remko@FreeBSD.org) Received: from smtp-out.elvandar.org (smtp-out.elvandar.org [IPv6:2a01:7c8:aaba:ae::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id DACC466336; Fri, 11 Aug 2017 21:55:18 +0000 (UTC) (envelope-from remko@FreeBSD.org) Received: from mail1.elvandar.org (mail1.elvandar.org [IPv6:2001:470:d701::3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp-out.elvandar.org (Postfix) with ESMTPS id CB9274707BD; Fri, 11 Aug 2017 23:55:16 +0200 (CEST) Received: from [10.0.2.17] (f239026.upc-f.chello.nl [80.56.239.26]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail1.elvandar.org (Postfix) with ESMTPSA id 7922020D7F; Fri, 11 Aug 2017 23:55:14 +0200 (CEST) From: Remko Lodder Message-Id: Content-Type: multipart/signed; boundary="Apple-Mail=_23F4A11B-E020-4A3F-8299-6D007D46EEFD"; protocol="application/pgp-signature"; micalg=pgp-sha512 Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Subject: Re: pkg audit false negatives Date: Fri, 11 Aug 2017 23:55:13 +0200 In-Reply-To: Cc: freebsd-security@freebsd.org, freebsd-pkg@freebsd.org To: Roger Marquis References: X-Mailer: Apple Mail (2.3273) X-Rspamd-Queue-Id: CB9274707BD X-Spamd-Result: default: False [-3.41 / 15.00] RCVD_NO_TLS_LAST(0.00)[] HAS_ATTACHMENT(0.00)[] RCVD_COUNT_TWO(0.00)[2] FROM_HAS_DN(0.00)[] DMARC_NA(0.00)[FreeBSD.org] BAYES_HAM(-0.00)[23.92%] RCPT_COUNT_THREE(0.00)[3] MV_CASE(0.50)[] R_SPF_SOFTFAIL(0.00)[~all] TO_DN_SOME(0.00)[] MID_RHS_MATCH_FROM(0.00)[] TO_MATCH_ENVRCPT_ALL(0.00)[] RCVD_VIA_SMTP_AUTH(0.00)[] ARC_NA(0.00)[] ASN(0.00)[asn:6939, ipnet:2001:470::/32, country:US] FROM_EQ_ENVFROM(0.00)[] RECEIVED_SPAMHAUS(0.00)[26.239.56.80.zen.spamhaus.org] IP_SCORE(-3.71)[ip: (-8.72), ipnet: 2001:470::/32(-6.83), asn: 6939(-2.27), country: US(-0.74)] MIME_GOOD(-0.20)[multipart/signed,text/plain] R_DKIM_NA(0.00)[] X-Rspamd-Server: mx2.jr-hosting.nl X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Aug 2017 21:55:19 -0000 --Apple-Mail=_23F4A11B-E020-4A3F-8299-6D007D46EEFD Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 > On 11 Aug 2017, at 23:47, Roger Marquis wrote: >=20 >> It had been resolved for dovecot (it will now match both variants, = since people might still have >> the old variant of the port installed) and there is a new paragraph = added to the porters handbook >> which tells that we need to have a look at the vuxml entries. >=20 > Thanks Remko. No problemo :) >=20 >> Hope this solves your issue, >=20 > It may for renamed ports/pkgs but doesn't appear to for deprecations. > Once ports are dropped they do not show up in pkg-audit despite having > been installed via pkg and/or ports. That's the false negative that > appears to still be a problem. Ports / pkgs that get renamed are now changed and/or added in VuXML as = well. So the old variant and the new variant of the name=E2=80=99s would both = be listed in pkg audit. pkg audit parses VuXML, it also does a check on what is locally = registered in it=E2=80=99s database. For example if you have a/b installed. And that has a marking in VuXML : = b then it would hit on the package you have. If a/b gets removed for some = reason, and it is still in VuXML and you have it locally registered. Then it would be still be matched = (or should). If an entry is removed from the ports/pkg tree=E2=80=99s and it is also = removed from VuXML, then yes, it will no longer get marked in your local installation. That=E2=80=99s a bit of = a chicken and egg basically. Although I do not recall that it ever happened that ports that are no longer = there, are removed from VuXML as well. (And I follow that since 2004). Do you have a more concrete example that we can dive into to see what is = going on/going wrong? Cheers Remko >=20 > Roger --Apple-Mail=_23F4A11B-E020-4A3F-8299-6D007D46EEFD Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJZjifBAAoJEHE1jtY/d0B5CRkP/iPVVWv9ZhpTFjXCf2duTnsP zaHYlZVlBZ3dPOEd/F5maMQ5Q/Mf1MdBEjt3vai10BgHNDE6bplIn7j1XMRh9y3R qxPFOJNFKH7GJ9vcsQzv8VcsrIY1cYpCaEbveBJDJr53R7Yiq6LY049P5HdMZF3l qdY8jJbNdBxr8RVO7fTZMexz/VpQdOC6vTThhoC08eBkx6dFd5r2Gfjl1d4fF5dB 1tfowdISFN2ghVtF1tjh8MfDYvcCjQ1ay/7mdSrACjvqdqTF21i6IQ88PVMZI8nV iiBpJRFLxCPxRKkFmTZbkWnykMpc+SoU/UjgIWIBGXW8bJA96y/Z8UmWgPkYEycd 1SUOj+wBIjldUj8hyv+29jDQMpV5Y2hZQ+AXzUwdS8pt8zKK54XDHXGDVl7nSviF pSrB18xvGUDDRIpnWNNxuXY0LyVjh+U2UY1gSc1AC1OcMJbvypaCiOWIa3ksfmCX 4poeECse8Xn51V++DZvUyy9Xn9fRd+uP233gdNMvZfEHzHQxe98gjyuOk7Jab24q dPeTMHltbaeEA3GRb1KUIv/Tvf4P7qN3mo53mopaYbInD5myO5LOtUhCY3aova+L OaZqdzkzcjqlQcxW4YV/mQcjmvKWKFhwFfinJ5xkTXn7+Y3+v0Cf1gCLff32AMog Gpiu/aQ1iTEdwcElJfzk =RYqE -----END PGP SIGNATURE----- --Apple-Mail=_23F4A11B-E020-4A3F-8299-6D007D46EEFD-- From owner-freebsd-security@freebsd.org Sat Aug 12 00:37:57 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BBA25DD30D0; Sat, 12 Aug 2017 00:37:57 +0000 (UTC) (envelope-from marquis@roble.com) Received: from mx5.roble.com (mx5.roble.com [209.237.23.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx5.roble.com", Issuer "mx5.roble.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id AC4286B744; Sat, 12 Aug 2017 00:37:57 +0000 (UTC) (envelope-from marquis@roble.com) Received: from roble.com (roble.com [209.237.23.50]) by mx5.roble.com (Postfix) with ESMTP id C82053D395; Fri, 11 Aug 2017 17:37:56 -0700 (PDT) Date: Fri, 11 Aug 2017 17:37:56 -0700 (PDT) From: Roger Marquis To: Remko Lodder cc: freebsd-security@freebsd.org, freebsd-pkg@freebsd.org Subject: Re: pkg audit false negatives In-Reply-To: Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Aug 2017 00:37:57 -0000 On Fri, 11 Aug 2017, Remko Lodder wrote: > If an entry is removed from the ports/pkg tree?s and it is also removed > from VuXML, then yes, it will no longer get marked in your local > installation. That?s a bit of a chicken and egg basically. Although I do > not recall that it ever happened that ports that are no longer there, are > removed from VuXML as well. (And I follow that since 2004). > > Do you have a more concrete example that we can dive into to see what is > going on/going wrong? Should be able to find missing vulxml entries for most anything that has been deprecated from the ports tree but most of the ones I've seen are for web programming languages, particularly php. For example when php5X was dropped it also disappeared from vulxml, with no small number of servers still using it. If those sites depended on pkg-audit to tell them they had a vulnerability, well, they were out of luck. There was no warning, no error, no disclaimer, pkg-audit did and still does nothing different than it would for a non-vulnerable port or package. There may be more vulnerabilities in the wild from non-packaged base as it is larger but at least people are working on that. Pkg-audit tracking of installed but deprecated ports OTOH, seems to have fallen through the cracks. Even the FreeBSD Foundation and the ports-security teams appear to be ignoring this issue. Roger Marquis From owner-freebsd-security@freebsd.org Sat Aug 12 07:57:48 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8E073DC4AA3; Sat, 12 Aug 2017 07:57:48 +0000 (UTC) (envelope-from remko@FreeBSD.org) Received: from smtp-out.elvandar.org (smtp-out.elvandar.org [IPv6:2a01:7c8:aaba:ae::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 435A67C5A4; Sat, 12 Aug 2017 07:57:48 +0000 (UTC) (envelope-from remko@FreeBSD.org) Received: from mail1.elvandar.org (f239026.upc-f.chello.nl [80.56.239.26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp-out.elvandar.org (Postfix) with ESMTPS id 682E14707BD; Sat, 12 Aug 2017 09:57:44 +0200 (CEST) Received: from [10.0.2.17] (f239026.upc-f.chello.nl [80.56.239.26]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail1.elvandar.org (Postfix) with ESMTPSA id C32E320E86; Sat, 12 Aug 2017 09:57:43 +0200 (CEST) From: Remko Lodder Message-Id: <0F48B4BB-BB2C-479D-9F43-006D73C1E218@FreeBSD.org> Content-Type: multipart/signed; boundary="Apple-Mail=_1BF0E537-26DA-423B-BF15-15AC7FE0F0CE"; protocol="application/pgp-signature"; micalg=pgp-sha512 Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Subject: Re: pkg audit false negatives Date: Sat, 12 Aug 2017 09:57:43 +0200 In-Reply-To: Cc: freebsd-security@freebsd.org, freebsd-pkg@freebsd.org To: Roger Marquis References: X-Mailer: Apple Mail (2.3273) X-Rspamd-Queue-Id: 682E14707BD X-Spamd-Result: default: False [3.58 / 15.00] RBL_SPAMHAUS_PBL(2.00)[26.239.56.80.zen.spamhaus.org : 127.0.0.11] IP_SCORE(0.49)[ip: (0.25), ipnet: 80.56.0.0/16(0.34), asn: 6830(2.17), country: AT(-0.30)] HAS_ATTACHMENT(0.00)[] DMARC_NA(0.00)[FreeBSD.org] FROM_HAS_DN(0.00)[] BAYES_HAM(-1.31)[90.15%] MV_CASE(0.50)[] RCPT_COUNT_THREE(0.00)[3] R_SPF_SOFTFAIL(0.00)[~all] MID_RHS_MATCH_FROM(0.00)[] TO_DN_SOME(0.00)[] TO_MATCH_ENVRCPT_ALL(0.00)[] RCVD_VIA_SMTP_AUTH(0.00)[] ARC_NA(0.00)[] ASN(0.00)[asn:6830, ipnet:80.56.0.0/16, country:AT] FROM_EQ_ENVFROM(0.00)[] RECEIVED_SPAMHAUS(0.00)[26.239.56.80.zen.spamhaus.org] ONCE_RECEIVED(0.10)[] RCVD_TLS_ALL(0.00)[] MIME_GOOD(-0.20)[multipart/signed,text/plain] RCVD_COUNT_ONE(0.00)[1] R_DKIM_NA(0.00)[] RBL_SENDERSCORE(2.00)[26.239.56.80.bl.score.senderscore.com] X-Rspamd-Server: mx2.jr-hosting.nl X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Aug 2017 07:57:48 -0000 --Apple-Mail=_1BF0E537-26DA-423B-BF15-15AC7FE0F0CE Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii > On 12 Aug 2017, at 02:37, Roger Marquis wrote: > > On Fri, 11 Aug 2017, Remko Lodder wrote: > >> If an entry is removed from the ports/pkg tree?s and it is also removed >> from VuXML, then yes, it will no longer get marked in your local >> installation. That?s a bit of a chicken and egg basically. Although I do >> not recall that it ever happened that ports that are no longer there, are >> removed from VuXML as well. (And I follow that since 2004). >> Do you have a more concrete example that we can dive into to see what is >> going on/going wrong? > > Should be able to find missing vulxml entries for most anything that has > been deprecated from the ports tree but most of the ones I've seen are > for web programming languages, particularly php. I do not think that holds: 17521 php -- multiple vulnerabilities 17522 17523 17524 php55 17525 5.5.38 17526 This is an entry from svnweb, for php55, which was added in 2016(07-26). So this entry is there. Thus it did not disappear from VuXML at least. Can you show such a packet from your local installation(s) and present a ``pkg audit -F`` along side it. I would also like to see a detailed pkg info from the affected pkg. Thanks a lot in advance, Remko > > For example when php5X was dropped it also disappeared from vulxml, with > no small number of servers still using it. If those sites depended on > pkg-audit to tell them they had a vulnerability, well, they were out of > luck. There was no warning, no error, no disclaimer, pkg-audit did and > still does nothing different than it would for a non-vulnerable port or > package. > > There may be more vulnerabilities in the wild from non-packaged base as > it is larger but at least people are working on that. Pkg-audit > tracking of installed but deprecated ports OTOH, seems to have fallen > through the cracks. Even the FreeBSD Foundation and the ports-security > teams appear to be ignoring this issue. > > Roger Marquis --Apple-Mail=_1BF0E537-26DA-423B-BF15-15AC7FE0F0CE Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJZjrT4AAoJEHE1jtY/d0B5OFYP/R3Zlv0rIzluQXnqbcA/L5wI aHZqFA0aeDOKjNv7RwwzuU/nltJteo775++svkVsEKvtiCBOaQ9M0fGOWWHiQETc XpgD/3QeNgh94eMhPxZnJ+kcnRE915EDpSbiYkbxbMvi2+yvdM0qvxIzZtVJqgoo Enb7LtoLLxFxMp0CZdYs5YnVqMGVFn6Ce66VqtT7e1jOUvHQFk5UeJOxxPwE4tBL kwsP2cl5swTBfjbkQx6wh8JnWIHxM/htnB1556u79QzXPUAa+Bn0bgviz30N10oV IycI7Mu1uTRbD+o4GuXPbjpYG/7+/nwD9kv8yYOotdkCIYvPfyVcVJXlxy8Leo4T erq9cnk2aHaL0TjjFmXHyzFhkufcIph009AxhSZ6SffavOGcK24DpdjuKG72HcUj 0QKGcDmXgp/Qyv50SUeQ+2VyoFRIAgnj8ev2lnxOthZ7fSwJr8Cs4lGvFEnHBsmV hLVYMiS2CdUMMJhNd1PgOoQ2lThk72Du0x6Suq2GTTcbojebIJWincNhTBFlZMl2 VVZDUDLFJDtZPdtAjrjHSIBjibgrNS0RD3uqmW/7xfQ7YKpUhoJQw+gWJvnmxmaz 1F8g3DbVKz1ndiicYxW4E4BSM1IliZ/T5xbSRxFskbNwWvfUj71zl3SPphFw6kP8 uyyHjfgfS7YqMaax7KFy =SYla -----END PGP SIGNATURE----- --Apple-Mail=_1BF0E537-26DA-423B-BF15-15AC7FE0F0CE--