From owner-svn-doc-head@FreeBSD.ORG  Sat Nov 17 10:02:23 2012
Return-Path: <owner-svn-doc-head@FreeBSD.ORG>
Delivered-To: svn-doc-head@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
 by hub.freebsd.org (Postfix) with ESMTP id 78E5D7A3;
 Sat, 17 Nov 2012 10:02:23 +0000 (UTC)
 (envelope-from gavin@FreeBSD.org)
Received: from svn.freebsd.org (svn.freebsd.org
 [IPv6:2001:1900:2254:2068::e6a:0])
 by mx1.freebsd.org (Postfix) with ESMTP id 5E8E58FC12;
 Sat, 17 Nov 2012 10:02:23 +0000 (UTC)
Received: from svn.freebsd.org (localhost [127.0.0.1])
 by svn.freebsd.org (8.14.5/8.14.5) with ESMTP id qAHA2N99076029;
 Sat, 17 Nov 2012 10:02:23 GMT (envelope-from gavin@svn.freebsd.org)
Received: (from gavin@localhost)
 by svn.freebsd.org (8.14.5/8.14.5/Submit) id qAHA2N2C076027;
 Sat, 17 Nov 2012 10:02:23 GMT (envelope-from gavin@svn.freebsd.org)
Message-Id: <201211171002.qAHA2N2C076027@svn.freebsd.org>
From: Gavin Atkinson <gavin@FreeBSD.org>
Date: Sat, 17 Nov 2012 10:02:23 +0000 (UTC)
To: doc-committers@freebsd.org, svn-doc-all@freebsd.org,
 svn-doc-head@freebsd.org
Subject: svn commit: r40052 - head/en_US.ISO8859-1/htdocs/news
X-SVN-Group: doc-head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-doc-head@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: SVN commit messages for the doc tree for head
 <svn-doc-head.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-doc-head>,
 <mailto:svn-doc-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-doc-head>
List-Post: <mailto:svn-doc-head@freebsd.org>
List-Help: <mailto:svn-doc-head-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-doc-head>,
 <mailto:svn-doc-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Nov 2012 10:02:23 -0000

Author: gavin
Date: Sat Nov 17 10:02:22 2012
New Revision: 40052
URL: http://svnweb.freebsd.org/changeset/doc/40052

Log:
  Add page detailing the FreeBSD infrastructure security compromise,
  announced November 2012.
  
  Approved by:	core, so (simon, blanket)

Added:
  head/en_US.ISO8859-1/htdocs/news/2012-compromise.xml   (contents, props changed)
Modified:
  head/en_US.ISO8859-1/htdocs/news/Makefile

Added: head/en_US.ISO8859-1/htdocs/news/2012-compromise.xml
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/en_US.ISO8859-1/htdocs/news/2012-compromise.xml	Sat Nov 17 10:02:22 2012	(r40052)
@@ -0,0 +1,217 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE html PUBLIC "-//FreeBSD//DTD XHTML 1.0 Transitional-Based Extension//EN"
+"http://www.FreeBSD.org/XML/doc/share/xml/xhtml10-freebsd.dtd" [
+<!ENTITY title "FreeBSD.org intrusion announced November 17th 2012">
+]>
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <head>
+    <title>&title;</title>
+
+    <cvs:keyword xmlns:cvs="http://www.FreeBSD.org/XML/CVS">$FreeBSD$</cvs:keyword>
+  </head>
+
+  <body class="navinclude.about">
+
+    <table class="tblbasic">
+      <tbody>
+      <tr>
+	<td><h2 align="center"><a name="announce">Security Incident on
+	    FreeBSD Infrastructure</a></h2>
+
+	  <b>From:</b> FreeBSD Security Officer &lt;security-officer@FreeBSD.org&gt;<br />
+	  <b>To:</b> FreeBSD Security &lt;FreeBSD-security@FreeBSD.org&gt;<br />
+	  <b>Bcc:</b> freebsd-announce@freebsd.org, freebsd-security-notifications@FreeBSD.org<br />
+	  <b>Reply-To:</b> secteam@FreeBSD.org<br />
+	  <b>Subject:</b> Security Incident on FreeBSD Infrastructure<br />
+
+	  <p>On Sunday 11th of November, an intrusion was detected on two
+	    machines within the FreeBSD.org cluster.  The affected machines
+	    were taken offline for analysis.  Additionally, a large portion
+	    of the remaining infrastructure machines were also taken offline
+	    as a precaution.</p>
+
+	  <p>We have found no evidence of any modifications that would put
+	    any end user at risk.  However, we do urge all users to read the
+	    report available at
+	    <a href="/news/2012-compromise.html">http://www.freebsd.org/news/2012-compromise.html</a>
+	    and decide on any required actions themselves.  We will continue
+	    to update that page as further information becomes known.  We do
+	    not currently believe users have been affected given current
+	    forensic analysis, but we will provide updated information if
+	    this changes.</p>
+   
+	  <p>As a result of this event, a number of operational security
+	    changes are being made at the FreeBSD Project, in order to
+	    further improve our resilience to potential attacks.  We plan,
+	    therefore, to more rapidly deprecate a number of legacy services,
+	    such as cvsup distribution of FreeBSD source, in favour of our
+	    more robust Subversion, freebsd-update, and portsnap models.</p>
+
+	  <p>More information is available at
+	    <a href="/news/2012-compromise.html">http://wwww.freebsd.org/news/2012-compromise.html</a></p>
+
+	  <p>Saturday November 17th, 2012</p>
+	</td>
+      </tr>
+      </tbody>
+    </table>
+    <br />
+
+    <h2><a name="toc">Table of Contents</a></h2>
+
+    <ul>
+      <li><a href="#announce">Announcement</a></li>
+      <li><a href="#details">Initial Details</a></li>
+      <li><a href="#impact">What is the Impact?</a></li>
+      <li><a href="#done">What has FreeBSD.org done about this?</a></li>
+      <li><a href="#recommend">Recommendations</a></li>
+    </ul>
+
+    <p>More details will be added here as they become available.</p>
+
+    <h2><a name="details">Initial details</a></h2>
+
+    <p>On Sunday 11th November 2012, two machines within the FreeBSD.org
+      infrastructure were found to have been compromised.  These machines
+      were head nodes for the legacy third-party package building
+      infrastructure.  It is believed that the compromise may have occurred
+      as early as the 19th September 2012.</p>
+
+    <p>The compromise is believed to have occurred due to the leak of an
+      SSH key from a developer who legitimately had access to the machines
+      in question, and was not due to any vulnerability or code exploit
+      within FreeBSD.</p>
+
+    <p>To understand the impact of this compromise, you must first
+      understand that the FreeBSD operating system is divided into two
+      parts: the "base" maintained by the FreeBSD community, and a large
+      collection of third-party "packages" distributed by the Project.
+      The kernel, system libraries, compiler, core command-line tools
+      (e.g., SSH client), and daemons (e.g., sshd(8)) are all in the
+      "base".  Most information in this advisory refers only to
+      third-party packages distributed by the Project.</p>
+
+    <p>No part of the base FreeBSD system has been put at risk.  At no
+      point has the intruder modified any part of the FreeBSD base system
+      software in any way.  However, the attacker had access sufficient
+      to potentially allow the compromise of third-party packages.  No
+      evidence of this has been found during in-depth analysis, however
+      the FreeBSD Project is taking an extremely conservative view on this
+      and is working on the assumption that third-party packages generated
+      and distributed within a specific window could theoretically have
+      been modified.</p>
+
+    <h2><a name="impact">What is the Impact?</a></h2>
+
+    <p>If you are running a system that has had no third-party packages
+      installed or updated on it between the 19th September and 11th
+      November 2012, you have no reason to worry.</p>
+
+    <p>The Source, Ports and Documentation Subversion repositories have been
+      audited, and we are confident that no changes have been made to them.
+      Any users relying on them for updates have no reason to worry.</p>
+
+    <p>We have verified the state of FreeBSD packages and releases currently
+      available on ftp.FreeBSD.org.  All package sets for existing versions
+      of FreeBSD and all available releases have been validated and we can
+      confirm that the currently available packages and releases have not
+      been modified in any way.</p>
+
+    <p>A package set for the upcoming FreeBSD 9.1-RELEASE had been uploaded
+      to the FTP distribution sites in preparation for 9.1-RELEASE.  We are
+      unable to verify the integrity of this package set, and therefore it
+      has been removed and will be rebuilt.  Please note that as these
+      packages were for a future release, the standard <q>pkg_add -r</q>
+      tools to install packages could not have downloaded these packages
+      unless they were requested explicitly.</p>
+
+    <p>We unfortunately cannot guarantee the integrity of any packages
+      available for installation between 19th September 2012 and 11th
+      November 2012, or of any ports compiled from trees obtained via any
+      means other than through svn.freebsd.org or one of its mirrors.
+      Although we have no evidence to suggest any tampering took place
+      and believe such interference is unlikely, we have to recommend you
+      consider reinstalling any machine from scratch, using trusted
+      sources.</p>
+
+    <p>We can confirm that the freebsd-update(8) binary upgrade mechanism is
+      unaffected, as it uses an entirely separate infrastructure.  We have
+      also verified that the most recently-available portsnap(8) snapshot
+      matches the ports Subversion repository, and so can be fully trusted.
+      Please note that as a precaution, newer portsnap(8) snapshots are
+      currently not being generated.</p>
+
+    <h2><a name="done">What has FreeBSD.org done about this?</a></h2>
+
+    <p>As soon as the incident came to light, the FreeBSD Cluster
+      Administration team took the following actions:</p>
+
+    <ul>
+      <li>Power down the compromised machines.</li>
+      <li>Power down all machines on which the attacker may have had
+        access.</li>
+      <li>Audit the SVN and Perforce repositories to:
+	<ul>
+	  <li>Verify that there had been no server intrusion.</li>
+	  <li>Verify that no malicious commits had been made to the
+	    repository.</li>
+	  <li>Verify that the SVN repository exactly matched a known-clean
+	    off-site copy.</li>
+	  </ul>
+	</li>
+      <li>Verify that all FreeBSD base release media and install files on
+	the master FTP distribution sites are clean.</li>
+      <li>Verify all package sets available have checksums that match
+	known-good copies stored off-site.</li>
+      <li>The package set built for the upcoming 9.1-RELEASE did not have
+	an offsite backup to verify against.  These have been deleted, and
+	will be rebuilt before 9.1 is released.</li>
+      <li>All suspect machines are being either reinstalled, retired, or
+	thoroughly audited before being brought back online.</li>
+    </ul>
+
+    <h2><a name="recommend">At this time, we recommend:</a></h2>
+
+    <ul>
+      <li>If you use the already-deprecated cvsup/csup distribution
+	mechanisms, you should stop now.</li>
+      <li>If you were using cvsup/csup for ports, you should switch to
+	portsnap(8) right away.  ports developers should be using
+	Subversion already.  Further information on preferred mechanisms
+	for obtaining and updating the ports tree can be found at
+	<a href="/doc/handbook/ports-using.html">
+	  http://www.freebsd.org/doc/handbook/ports-using.html</a></li>
+      <li>If you were using cvs/anoncvs/cvsup/csup for src, you should
+	consider either freebsd-update(8) for signed binary distribution
+	or Subversion for source.  Please see the chapter on <a
+	  href="/doc/handbook/updating-upgrading.html">updating
+	FreeBSD from source</a> in the handbook.  Further details on
+	using Subversion and a list of official mirrors can be found
+	at <a href="/doc/handbook/svn.html">
+	  http://www.freebsd.org/doc/handbook/svn.html</a></li>
+      <li>If you use portsnap(8), you should <tt>portsnap fetch &amp;&amp;
+	portsnap extract</tt> to the most recent snapshot.  The most recent
+	portsnap(8) snapshot has been verified to exactly match the audited
+	Subversion repository.  Please note that as a precaution, portsnap(8)
+	updates have been suspended temporarily.</li>
+      <li>Follow best practice security policies to determine how your
+	organization may be affected.</li>
+      <li>Conduct an audit of your system that uses FreeBSD.org provided
+	binary packages. Anything that may have been installed during the
+	affected period should be considered suspect.  Although we have no
+	evidence of any tampering of any packages, you may wish to consider
+	rebuilding any affected machine from scratch, or if that is not
+	possible, rebuild your ports/packages.</li>
+      </ul>
+
+    <p>If you have any further questions about this announcement, please
+      contact the <a href="mailto:FreeBSD-security@FreeBSD.org">
+	FreeBSD-security@FreeBSD.org</a> mailing list, or for questions
+      where public mailing list distribution is inappropriate,
+      please contact the <a href="mailto:secteam@FreeBSD.org">FreeBSD
+	Security Team</a>.</p>
+
+    <p>This page will be updated as further information is known.</p>
+  </body>
+</html>

Modified: head/en_US.ISO8859-1/htdocs/news/Makefile
==============================================================================
--- head/en_US.ISO8859-1/htdocs/news/Makefile	Sat Nov 17 06:02:41 2012	(r40051)
+++ head/en_US.ISO8859-1/htdocs/news/Makefile	Sat Nov 17 10:02:22 2012	(r40052)
@@ -24,6 +24,9 @@ DOCS+= press-rel-9.xml
 # The yearly State of the Union address
 DOCS+= sou1999.xml
 
+# Details of the FreeBSD.org 2012 Infrastructure compromise
+DOCS+= 2012-compromise.xml
+
 INDEXLINK= news.html
 
 DEPENDSET.DEFAULT=	transtable news press