From owner-freebsd-questions Wed Aug 27 06:37:23 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id GAA03427 for questions-outgoing; Wed, 27 Aug 1997 06:37:23 -0700 (PDT) Received: from cs.iastate.edu (cs.iastate.edu [129.186.3.1]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id GAA03419 for ; Wed, 27 Aug 1997 06:37:21 -0700 (PDT) Received: from popeye.cs.iastate.edu (popeye.cs.iastate.edu [129.186.3.4]) by cs.iastate.edu (8.8.5/8.7.1) with ESMTP id IAA04921; Wed, 27 Aug 1997 08:37:16 -0500 (CDT) Received: from localhost (ghelmer@localhost) by popeye.cs.iastate.edu (8.8.5/8.7.1) with SMTP id IAA25070; Wed, 27 Aug 1997 08:37:14 -0500 (CDT) X-Authentication-Warning: popeye.cs.iastate.edu: ghelmer owned process doing -bs Date: Wed, 27 Aug 1997 08:37:13 -0500 (CDT) From: Guy Helmer To: Doug White cc: Ricardo Mart{inez Zapata , freebsd-questions@FreeBSD.ORG Subject: Re: Hi! In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Tue, 26 Aug 1997, Doug White wrote: > On Tue, 26 Aug 1997, Ricardo Mart{inez Zapata wrote: > > > Can you helpme? im trying to know about the security bugs in > > FreeBSD 2.2.2. > > Hopefully, there isn't any. I don't think there is any major root > accesses in the system, AFAIK. > > There are the usual suspects through, primarily the r* utilities and the > echo, chargen, and discard programs in /etc/inetd.conf, old versions of > Sendmail, et. al. /usr/bin/suidperl on 2.2.2 and prior versions (and, if you have perl 5.003 or prior versions installed, /usr/local/bin/suidperl) contain well-known buffer overflows. It is a good thing to turn off the setuid bit on those two files; ref CERT advisory 97.17 (ftp://info.cert.org/pub/cert_advisories/CA-97.17.sperl). Fixes for these are in 2.2-stable for /usr/bin/suidperl and the perl-5.004 package contains the fix for /usr/local/bin/suidperl. (I still don't trust having a suidperl around, though :-) A compromise is possible via procfs, so a kernel should be rebuilt with patches applied or /proc should not be mounted (but that may break ps, w, and maybe other commands); ref FreeBSD security advisory 97:04 (ftp://freebsd.org/pub/CERT/advisories/FreeBSD-SA-97%3A04.procfs.asc). Fixes for this are in 2.2-stable as well. echo and chargen denial-of-service issues have been fixed since 2.1, I believe. sendmail 8.8.5 is in FreeBSD 2.2.2, and AFAIK doesn't have any major security problems on a typical FreeBSD installation. There have been a lot of merges of patches for buffer overflows from OpenBSD for various setuid programs and privileged daemons, and I believe someone recently committed additional buffer overflow patches for /usr/bin/suidperl as well. I'm fairly certain that these have been merged into the 2.2-stable tree, so a current 2.2-releng installation or a build from a cvsup'ed 2.2-stable source tree would be a good way to make sure one's 2.2 system is completely up-to-date on security patches. Hope this helps, Guy Helmer Guy Helmer, Computer Science Graduate Student - ghelmer@cs.iastate.edu Iowa State University http://www.cs.iastate.edu/~ghelmer Research Assistant, Scalable Computing Laboratory, Ames Laboratory