Re: auditing users within a jail

2018-03-14 Thread Mateusz Piotrowski 
On Sun, 11 Mar 2018 22:17:47 -0500
Christian Peron  wrote:

>However, it is possible for processes in jails to produce audit
>records. The processes just need an audit mask. Since audit masks
>(configurations) are inherited across forks, you could set a global
>audit configuration for the jail using the following tool (or
>something like it):
>
>https://github.com/csjayp/setaudit (I just dropped it on to github)

FYI, I'll submit a new setaudit port if Christian decides to pull in my
enhancements.
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"

Re: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-18:03.speculative_execution

2018-03-14 Thread Mike Tancsa 
On 3/14/2018 12:29 AM, FreeBSD Security Advisories wrote:
> Affects:All supported versions of FreeBSD.
> Corrected:  2018-02-17 18:00:01 UTC (stable/11, 11.1-STABLE)
> 2018-03-14 04:00:00 UTC (releng/11.1, 11.1-RELEASE-p8)

Hi,
Are these corrections just AMD64 ? Or does it fix it on i386 as well ?

---Mike

-- 
---
Mike Tancsa, tel +1 519 651 3400 x203
Sentex Communications, m...@sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"

Re: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-18:03.speculative_execution

2018-03-14 Thread Gordon Tetlow 
The Special Note in the advisory discusses this:

Special Note:   Speculative execution vulnerability mitigation is a work
in progress.  This advisory addresses the most significant
issues for FreeBSD 11.1 on amd64 CPUs.  We expect to update
this advisory to include 10.x for amd64 CPUs.  Future
FreeBSD
releases will address this issue on i386 and other CPUs.
freebsd-update will include changes on i386 as part of this
update due to common code changes shared between amd64 and
i386, however it contains no functional changes for i386 (in
particular, it does not mitigate the issue on i386).

On Wed, Mar 14, 2018 at 7:06 AM, Mike Tancsa  wrote:

> On 3/14/2018 12:29 AM, FreeBSD Security Advisories wrote:
> > Affects:All supported versions of FreeBSD.
> > Corrected:  2018-02-17 18:00:01 UTC (stable/11, 11.1-STABLE)
> > 2018-03-14 04:00:00 UTC (releng/11.1, 11.1-RELEASE-p8)
>
> Hi,
> Are these corrections just AMD64 ? Or does it fix it on i386 as
> well ?
>
> ---Mike
>
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"

Re: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-18:03.speculative_execution

2018-03-14 Thread Mike Tancsa 
On 3/14/2018 11:58 AM, Gordon Tetlow wrote:
> The Special Note in the advisory discusses this:

Sorry about that, my old person eyes missed over that section twice
somehow  :(

---Mike

> 
> Special Note:   Speculative execution vulnerability mitigation is a work
>                 in progress.  This advisory addresses the most significant
>                 issues for FreeBSD 11.1 on amd64 CPUs.  We expect to update
>                 this advisory to include 10.x for amd64 CPUs.  Future
> FreeBSD
>                 releases will address this issue on i386 and other CPUs.
>                 freebsd-update will include changes on i386 as part of this
>                 update due to common code changes shared between amd64 and
>                 i386, however it contains no functional changes for i386 (in
>                 particular, it does not mitigate the issue on i386).
> 
> On Wed, Mar 14, 2018 at 7:06 AM, Mike Tancsa  > wrote:
> 
> On 3/14/2018 12:29 AM, FreeBSD Security Advisories wrote:
> > Affects:        All supported versions of FreeBSD.
> > Corrected:      2018-02-17 18:00:01 UTC (stable/11, 11.1-STABLE)
> >                 2018-03-14 04:00:00 UTC (releng/11.1, 11.1-RELEASE-p8)
> 
> Hi,
>         Are these corrections just AMD64 ? Or does it fix it on i386
> as well ?
> 
>         ---Mike
> 


-- 
---
Mike Tancsa, tel +1 519 651 3400 x203
Sentex Communications, m...@sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"

Re: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-18:03.speculative_execution

2018-03-14 Thread Lowell Gilbert 
Mike Tancsa  writes:

> On 3/14/2018 12:29 AM, FreeBSD Security Advisories wrote:
>> Affects:All supported versions of FreeBSD.
>> Corrected:  2018-02-17 18:00:01 UTC (stable/11, 11.1-STABLE)
>> 2018-03-14 04:00:00 UTC (releng/11.1, 11.1-RELEASE-p8)
>
>   Are these corrections just AMD64 ? Or does it fix it on i386 as well ?

AMD64 only. This was noted in a "Special Note" rather than the more
typical locations in the advisory.
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"