From owner-freebsd-security Tue Jun 25 23:22:34 2002 Delivered-To: freebsd-security@freebsd.org Received: from mta2-rme.xtra.co.nz (mta2-rme.xtra.co.nz [210.86.15.130]) by hub.freebsd.org (Postfix) with ESMTP id E7EBA37B415 for ; Tue, 25 Jun 2002 23:22:14 -0700 (PDT) Received: from netxsecure.net ([210.54.78.112]) by mta2-rme.xtra.co.nz with ESMTP id <20020626062213.INJT25388.mta2-rme.xtra.co.nz@netxsecure.net> for ; Wed, 26 Jun 2002 18:22:13 +1200 Message-ID: <3D195F1E.13BAA57A@netxsecure.net> Date: Wed, 26 Jun 2002 18:28:46 +1200 From: "Michael A. Williams" Reply-To: mike@netxsecure.net X-Mailer: Mozilla 4.76 [en] (X11; U; FreeBSD 4.4-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: freebsd security Subject: Updated Anti-Trojan kernel patches for FreeBSD 4.6 Release. Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, Updated kernel option signed_exec patches for FreeBSD 4.6 Release are available from: http://www.trojanproof.org/sigexec-fbsd4.6r-0.1.tgz The relevant CVS revisions are: $FreeBSD: src/sys/i386/conf/GENERIC,v 1.246.2.42 2002/05/04 06:47:24 msmith Exp $ $FreeBSD: src/sys/conf/options,v 1.191.2.40 2002/04/30 17:48:08 tmm Exp $ $FreeBSD: src/sys/kern/kern_exec.c,v 1.107.2.14 2002/04/21 13:06:23 nectar Exp $ $FreeBSD: src/sys/kern/kern_linker.c,v 1.41.2.3 2001/11/21 17:50:35 luigi Exp $ Note that this is our original inline reference code simply updated for FreeBSD 4.6 and not the new V2 code which is still available as a beta only for OpenBSD 3.1 Release. We are working on a FreeBSD upgrade to the V2 code. Also Note that to apply these patches to the 4.6 Stable branch as of this date the /sys/i386/conf/GENERIC file in stable has been updated to 1.246.2.43 Simply do not apply the GENERIC.diff patch we have supplied if your tracking stable and instead make sure to add the following option to your kernel config file: options SIGNED_EXEC #md5 signature check exec Regards, Mike. -- Michael A. Williams Security Software Engineering and InfoSec Manager NetXSecure NZ Limited, http://www.nxs.co.nz Ph: +64.3.318.2973 Fax: +64.3.318.2975 Mob: +64.21.995.914 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message