From owner-freebsd-bugs@FreeBSD.ORG  Tue Sep  9 07:00:12 2008
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 92EA51065684
	for <freebsd-bugs@hub.freebsd.org>;
	Tue,  9 Sep 2008 07:00:12 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 6F6098FC1B
	for <freebsd-bugs@hub.freebsd.org>;
	Tue,  9 Sep 2008 07:00:12 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m8970CDq006181
	for <freebsd-bugs@freefall.freebsd.org>; Tue, 9 Sep 2008 07:00:12 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m8970Cdw006180;
	Tue, 9 Sep 2008 07:00:12 GMT (envelope-from gnats)
Resent-Date: Tue, 9 Sep 2008 07:00:12 GMT
Resent-Message-Id: <200809090700.m8970Cdw006180@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Dan Mahoney <danm@prime.gushi.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 5486E106567A
	for <FreeBSD-gnats-submit@freebsd.org>;
	Tue,  9 Sep 2008 06:54:57 +0000 (UTC)
	(envelope-from danm@prime.gushi.org)
Received: from prime.gushi.org (prime.gushi.org [72.9.101.130])
	by mx1.freebsd.org (Postfix) with ESMTP id E1AD48FC15
	for <FreeBSD-gnats-submit@freebsd.org>;
	Tue,  9 Sep 2008 06:54:56 +0000 (UTC)
	(envelope-from danm@prime.gushi.org)
Received: from prime.gushi.org (localhost [127.0.0.1])
	by prime.gushi.org (8.14.1/8.14.1) with ESMTP id m896a3Er004160
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
	for <FreeBSD-gnats-submit@freebsd.org>;
	Tue, 9 Sep 2008 02:36:05 -0400 (EDT)
	(envelope-from danm@prime.gushi.org)
Received: (from danm@localhost)
	by prime.gushi.org (8.14.1/8.13.8/Submit) id m896a2XR004149;
	Tue, 9 Sep 2008 02:36:02 -0400 (EDT) (envelope-from danm)
Message-Id: <200809090636.m896a2XR004149@prime.gushi.org>
Date: Tue, 9 Sep 2008 02:36:02 -0400 (EDT)
From: Dan Mahoney <danm@prime.gushi.org>
To: FreeBSD-gnats-submit@FreeBSD.org
X-Send-Pr-Version: 3.113
Cc: 
Subject: kern/127230: Feature request to add UID and/or GID logging data to
	ipfw logging with uid rules.
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: Dan Mahoney <danm@prime.gushi.org>
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Sep 2008 07:00:12 -0000


>Number:         127230
>Category:       kern
>Synopsis:       Feature request to add UID and/or GID logging data to ipfw logging with uid rules.
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Tue Sep 09 07:00:12 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator:     Dan Mahoney
>Release:        FreeBSD 6.2-PRERELEASE i386
>Organization:
Gushi Systems
>Environment:
System: FreeBSD prime.gushi.org 6.2-PRERELEASE FreeBSD 6.2-PRERELEASE #0: Thu Jan 18 02:05:07 EST 2007 danm@prime.gushi.org:/usr/src/sys/i386/compile/PRIME6 i386

Note: The system I'm on is 6.2, but this will likely apply to -CURRENT or -STABLE (although a patch for 6.x would be appreciated).

I have the following rule set up in ipfw to limit the exposure of bad php 
scripts and trojans that try to send mail directly.

allow tcp from any to any dst-port 25 uid root
deny log tcp from any to any dst-port 25 out

However, the log messages I get look like this:

Sep  8 13:21:11 <security.info> prime kernel: ipfw: 610 Deny TCP 
72.9.101.130:58117 209.85.133.114:25 out via em0
Sep  8 13:21:16 <security.info> prime kernel: ipfw: 610 Deny TCP 
72.9.101.130:56672 202.12.31.144:25 out via em0

Which is to say, they don't include the UID -- and I have several hundred 
sites, each with its own UID.

Yes, I could go ahead and set up a thousand "deny" rules, one for each UID 
-- but being able to log this info (since it IS being checked) would be 
great.

>Description:

>How-To-Repeat:

Per jeremy chadwick, I am referenceing the following thread on the mailing lists:

http://lists.freebsd.org/pipermail/freebsd-hackers/2008-September/025920.html

>Fix:

Pray this gets included :)

>Release-Note:
>Audit-Trail:
>Unformatted: