From owner-freebsd-stable@FreeBSD.ORG Fri Oct 24 20:08:23 2014 Return-Path: <owner-freebsd-stable@FreeBSD.ORG> Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 6894ADAD; Fri, 24 Oct 2014 20:08:23 +0000 (UTC) Received: from anubis.delphij.net (anubis.delphij.net [IPv6:2001:470:1:117::25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "anubis.delphij.net", Issuer "StartCom Class 1 Primary Intermediate Server CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 479C47B5; Fri, 24 Oct 2014 20:08:23 +0000 (UTC) Received: from zeta.ixsystems.com (unknown [12.229.62.2]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by anubis.delphij.net (Postfix) with ESMTPSA id ECF2E1490E; Fri, 24 Oct 2014 13:08:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=delphij.net; s=anubis; t=1414181303; x=1414195703; bh=5JmaQmIs/xjXd4p51mXWd1FTHxAPDZDxeyoAE1TpzZk=; h=Date:From:Reply-To:To:CC:Subject:References:In-Reply-To; b=cPxdkKoT72tQlMwAYTTPRqTRayCAQEwnmHLZfdTbnW8CU/5qqPy0XpXu3bpaa5xIX s9Dpm5dOVPR7U5ArWP83n0h/W1LVk1NGFSnO+1O99NtyUzCnQLgeRJvOFNShGcnGXY w/uY2h/C7v9OBLz5oe80lT+vDaKzQpAEChvOB/Wo= Message-ID: <544AB1B6.2050302@delphij.net> Date: Fri, 24 Oct 2014 13:08:22 -0700 From: Xin Li <delphij@delphij.net> Reply-To: d@delphij.net Organization: The FreeBSD Project MIME-Version: 1.0 To: Jim Pirzyk <pirzyk@freeBSD.org>, Adrian Chadd <adrian@freebsd.org> Subject: Re: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-14:11.crypt References: <201410222107.s9ML7nLC010739@freefall.freebsd.org> <F0DAE32B-34CF-4191-9070-A517ACDC6E2A@freeBSD.org> <op.xn8j96kqkndu52@ronaldradial.radialsg.local> <AC160955-2FEC-49FA-9E1F-B4DE948DCF00@freeBSD.org> <op.xn8lzxyvkndu52@ronaldradial.radialsg.local> <23061782-21F6-4509-9362-2DAEED692F72@freeBSD.org> <CAJ-VmomUNDHgvmaMZqzgA2tFwnP+s8x8LQCfUtAhTnpC6oYVZg@mail.gmail.com> <2FDC7048-E9A3-443B-BC38-CDE776CA1212@freeBSD.org> In-Reply-To: <2FDC7048-E9A3-443B-BC38-CDE776CA1212@freeBSD.org> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit Cc: FreeBSD Stable Mailing List <freebsd-stable@freebsd.org>, Ronald Klop <ronald-lists@klop.ws>, des@freebsd.org X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org> List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-stable>, <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable/> List-Post: <mailto:freebsd-stable@freebsd.org> List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help> List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, <mailto:freebsd-stable-request@freebsd.org?subject=subscribe> X-List-Received-Date: Fri, 24 Oct 2014 20:08:23 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 10/24/14 12:37, Jim Pirzyk wrote: > Is he the current security officer? If so it would have been nice > to see these issues addressed in the Errata announcement. He is. All Errata notifications are signed by Security Officer by the way. > I still don’t understand the reasons for backing out a change after > 20 years. No, it's a change about 8 months ago, not 20 years, and that change happened 8 months ago changed the default that was there for 13 years, which is also what everybody else do right now, and is known to break poorly written applications. > - JimP > > On Oct 24, 2014, at 12:43 PM, Adrian Chadd <adrian@freebsd.org> > wrote: > >> You mean like des@ ? >> >> >> >> -adrian >> >> On 24 October 2014 09:18, Jim Pirzyk <pirzyk@freebsd.org> wrote: >>> That statement is really irrelevant because this is the >>> submitter, what was the crypt() behavior back in the 2.0 days? >>> Did anyone in FreeBSD verify this statement? Why was that >>> behavior not restored, as opposed to chaining the default >>> encryption algorithm. If login.conf was lost, mangled, etc in >>> the old days, you would still get md5/sha1/…/etc encryption, >>> now you just get DES. >>> >>> I think the security implications of this change should have >>> required a bigger review, like at least sign off from >>> security-officer@freebsd.org >>> >>> If this was a POSIX compatibility issue, that should have been >>> evaluated and reviewed properly. It feels there were not >>> enough eyes on this change and if as you say this is not >>> affected the default passwd algorithm, that should have also >>> been noted in the Errata note. >>> >>> - JimP >>> >>> On Oct 24, 2014, at 8:48 AM, Ronald Klop <ronald-lists@klop.ws> >>> wrote: >>> >>>> Hi, >>>> >>>> I have nothing to do with the actual coding, but please >>>> reread comment 7 from the bug report: 'This doesn't have >>>> anything common with system default password encryption, this >>>> is realized using /etc/login.conf and applications like >>>> passwd, etc.' >>>> >>>> Regards, Ronald. >>>> >>>> On Fri, 24 Oct 2014 15:21:48 +0200, Jim Pirzyk >>>> <pirzyk@freebsd.org> wrote: >>>> >>>>> I think this should be reopened and reverted. This is the >>>>> wrong answer and has not taken into account the history of >>>>> crypt() on FreeBSD. I point you to the svn log: >>>>> >>>>> http://svnweb.freebsd.org/base?view=revision&revision=4246 >>>>> >>>>> and >>>>> >>>>> http://www.freebsd.org/releases/2.0/notes.html >>>>> >>>>> If password security for FreeBSD is all you need, and you >>>>> have no requirement for copying encrypted passwords from >>>>> different hosts (Suns, DEC machines, etc) into FreeBSD >>>>> password entries, then FreeBSD's MD5 based security may be >>>>> all you require! We feel that our default security model >>>>> is more than a match for DES, and without any messy export >>>>> issues to deal with. If you're outside (or even inside) >>>>> the U.S., give it a try! >>>>> >>>>> We are reversing 20+ years of FreeBSD progress. >>>>> >>>>> - JimP >>>>> >>>>> On Oct 24, 2014, at 8:11 AM, Ronald Klop >>>>> <ronald-lists@klop.ws> wrote: >>>>> >>>>>> See: >>>>>> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=192277 >>>>>> >>>>>> Regards, Ronald. >>>>>> >>>>>> On Fri, 24 Oct 2014 13:14:20 +0200, Jim Pirzyk >>>>>> <pirzyk@freebsd.org> wrote: >>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> I was wondering if there is more information about this >>>>>>> change? FreeBSD changed the default away from DES to >>>>>>> MD5 back in the 1.1.5 -> 2.0 transition. It seems to >>>>>>> me a downgrade and rewarding bad programming to be >>>>>>> changing back to DES now. Also the proper course of >>>>>>> action is to correct programs that make the wrong >>>>>>> assumption about what crypt() changes. >>>>>>> >>>>>>> Thanks >>>>>>> >>>>>>> - JimP >>>>>>> >>>>>>> On Oct 22, 2014, at 4:07 PM, FreeBSD Errata Notices >>>>>>> <errata-notices@freebsd.org> wrote: >>>>>>> >>>>>>>> Signed PGP part >>>>>>>> ============================================================================= >>>>>>>> >>>>>>>> FreeBSD-EN-14:11.crypt Errata Notice >>>>>>>> The FreeBSD Project >>>>>>>> >>>>>>>> Topic: crypt(3) default hashing algorithm >>>>>>>> >>>>>>>> Category: core Module: libcrypt >>>>>>>> Announced: 2014-10-22 Affects: FreeBSD >>>>>>>> 9.3 and FreeBSD 10.0-STABLE after 2014-05-11 and >>>>>>>> before 2014-10-16. Corrected: 2014-10-13 >>>>>>>> 15:56:47 UTC (stable/10, 10.1-PRERELEASE) 2014-10-16 >>>>>>>> 21:39:04 UTC (releng/10.1, 10.1-RC3) 2014-10-16 >>>>>>>> 21:39:04 UTC (releng/10.1, 10.1-RC2-p2) 2014-10-16 >>>>>>>> 21:39:04 UTC (releng/10.1, 10.1-RC1-p2) 2014-10-16 >>>>>>>> 21:39:04 UTC (releng/10.1, 10.1-BETA3-p2) 2014-10-21 >>>>>>>> 21:09:54 UTC (stable/9, 9.3-STABLE) 2014-10-21 >>>>>>>> 23:50:46 UTC (releng/9.3, 9.3-RELEASE-p4) >>>>>>>> >>>>>>>> For general information regarding FreeBSD Errata >>>>>>>> Notices and Security Advisories, including >>>>>>>> descriptions of the fields above, security branches, >>>>>>>> and the following sections, please visit >>>>>>>> <URL:http://security.freebsd.org/>. >>>>>>>> >>>>>>>> I. Background >>>>>>>> >>>>>>>> The crypt(3) function performs password hashing. >>>>>>>> Different algorithms of varying strength are >>>>>>>> available, with older, weaker algorithms being >>>>>>>> retained for compatibility. >>>>>>>> >>>>>>>> The crypt(3) function was originally based on the DES >>>>>>>> encryption algorithm and generated a 13-character >>>>>>>> hash from an eight-character password (longer >>>>>>>> passwords were truncated) and a two-character salt. >>>>>>>> >>>>>>>> II. Problem Description >>>>>>>> >>>>>>>> In recent FreeBSD releases, the default algorithm for >>>>>>>> crypt(3) was changed to SHA-512, which generates a >>>>>>>> much longer hash than the traditional DES-based >>>>>>>> algorithm. >>>>>>>> >>>>>>>> III. Impact >>>>>>>> >>>>>>>> Many applications assume that crypt(3) always returns >>>>>>>> a traditional DES hash, and blindly copy it into a >>>>>>>> short buffer without bounds checks. This may lead to >>>>>>>> a variety of undesirable results including, at worst, >>>>>>>> crashing the application. >>>>>>>> >>>>>>>> IV. Workaround >>>>>>>> >>>>>>>> No workaround is available. >>>>>>>> >>>>>>>> V. Solution >>>>>>>> >>>>>>>> Perform one of the following: >>>>>>>> >>>>>>>> 1) Upgrade your system to a supported FreeBSD stable >>>>>>>> or release / security branch (releng) dated after the >>>>>>>> correction date. >>>>>>>> >>>>>>>> 2) To update your present system via a source code >>>>>>>> patch: >>>>>>>> >>>>>>>> The following patches have been verified to apply to >>>>>>>> the applicable FreeBSD release branches. >>>>>>>> >>>>>>>> a) Download the relevant patch from the location >>>>>>>> below, and verify the detached PGP signature using >>>>>>>> your PGP utility. >>>>>>>> >>>>>>>> # fetch >>>>>>>> http://security.FreeBSD.org/patches/EN-14:11/crypt.patch >>>>>>>> >>>>>>>> # fetch http://security.FreeBSD.org/patches/EN-14:11/crypt.patch.asc >>>>>>>> # gpg --verify crypt.patch.asc >>>>>>>> >>>>>>>> b) Apply the patch. Execute the following commands >>>>>>>> as root: >>>>>>>> >>>>>>>> # cd /usr/src # patch < /path/to/patch >>>>>>>> >>>>>>>> c) Recompile the operating system using buildworld >>>>>>>> and installworld as described in >>>>>>>> <URL:http://www.FreeBSD.org/handbook/makeworld.html>. >>>>>>>> >>>>>>>> >>>>>>>> Restart all deamons using the library, or reboot the system. >>>>>>>> >>>>>>>> 3) To update your system via a binary patch: >>>>>>>> >>>>>>>> Systems running a RELEASE version of FreeBSD on the >>>>>>>> i386 or amd64 platforms can be updated via the >>>>>>>> freebsd-update(8) utility: >>>>>>>> >>>>>>>> # freebsd-update fetch # freebsd-update install >>>>>>>> >>>>>>>> VI. Correction details >>>>>>>> >>>>>>>> The following list contains the revision numbers of >>>>>>>> each file that was corrected in FreeBSD. >>>>>>>> >>>>>>>> Branch/path >>>>>>>> Revision >>>>>>>> ------------------------------------------------------------------------- >>>>>>>> >>>>>>>> stable/9/ r273425 >>>>>>>> releng/9.3/ >>>>>>>> r273438 stable/10/ >>>>>>>> r273043 releng/10.1/ >>>>>>>> r273187 >>>>>>>> ------------------------------------------------------------------------- >>>>>>>> >>>>>>>> >>>>>>>> To see which files were modified by a particular revision, run the >>>>>>>> following command, replacing NNNNNN with the revision >>>>>>>> number, on a machine with Subversion installed: >>>>>>>> >>>>>>>> # svn diff -cNNNNNN --summarize >>>>>>>> svn://svn.freebsd.org/base >>>>>>>> >>>>>>>> Or visit the following URL, replacing NNNNNN with the >>>>>>>> revision number: >>>>>>>> >>>>>>>> <URL:http://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> >>>>>>>> >>>>>>>> >>>>>>>> VII. References >>>>>>>> >>>>>>>> The latest revision of this Errata Notice is >>>>>>>> available at >>>>>>>> http://security.FreeBSD.org/advisories/FreeBSD-EN-14:11.crypt.asc >>>>>>>> >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> freebsd-announce@freebsd.org mailing list >>>>>>>> http://lists.freebsd.org/mailman/listinfo/freebsd-announce >>>>>>>> >>>>>>>> To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org" >>>>>>> >>>>>>> --- @(#) $Id: dot.signature,v 1.15 2007/12/27 15:06:13 >>>>>>> pirzyk Exp $ __o jim@pirzyk.org >>>>>>> -------------------------------------------------- >>>>>>> _'\<,_ (*)/ (*) I'd rather be out biking. >>>>> >>>>> --- @(#) $Id: dot.signature,v 1.15 2007/12/27 15:06:13 >>>>> pirzyk Exp $ __o jim@pirzyk.org >>>>> -------------------------------------------------- _'\<,_ >>>>> (*)/ (*) I'd rather be out biking. >>> >>> --- @(#) $Id: dot.signature,v 1.15 2007/12/27 15:06:13 pirzyk >>> Exp $ __o jim@pirzyk.org >>> -------------------------------------------------- _'\<,_ (*)/ >>> (*) I'd rather be out biking. >>> > > --- @(#) $Id: dot.signature,v 1.15 2007/12/27 15:06:13 pirzyk Exp > $ __o jim@pirzyk.org > -------------------------------------------------- _'\<,_ (*)/ (*) > I'd rather be out biking. > - -- Xin LI <delphij@delphij.net> https://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0 iQIcBAEBCgAGBQJUSrG2AAoJEJW2GBstM+nsL7wP/Rxu+1ZCXTbGerqNXwbOMOgq 4sxqYb1qzbu5VUS07D8eJ85+IoLtzPM+2kXWerfE38tDRBl7rTTXzcgNV73VhJnX 01mV7J2KHJYZhW0hK3xCTkMn2Z9Ib/wT+u1I7OrcqrQNOA3ROkKUB39KLMP2tISB ae1kvooO59yywi4+YTHXN0fY8BSSCvTYfRGL32/qhFU4j1X7ZWQ1CipBESbMg5C2 7o1cgPGNjdLO4jMlkANM6YyvX2ZfbTURMHlWrX+NdXjJdxs0EUtEyVTMRG5XkCGw FrXYRurpNq8U6wF/8RPhDO/qARDI7566sdQv2EnZmFdAudRcwLlk8Hc9xrhgjwWA 4r5CsmSNJsji6Xwymb+zUXGmNgXo/6HOClEDv+hmbzVILJtTUwEp0hrAPhL2szjQ QtTb3E4ulkyZ8ma4tdjfg+Jm+CClVpnV+PJCoFY9q1gKdyb9V9LPlhUALiBPilhI r3kQJaYgy01LRy2ydwV1+Zai4LPQrpfKeXiqr6C+WXtaOX9ea2CYzrRgVb1jnP0y MLr1E+CP7OqCLLgpnC5MXzeZtDueZGE5+6hrorKl04nuyMb7lDlnArF+adSztJS3 xduboTNpHXBwi6gcEW8oYMKY8x6c8fl1dYUYrgsClOMNpycPE/R2mmZd2LVX73kd buDBmofRCYTGJgbtzf51 =ljm9 -----END PGP SIGNATURE-----