Re: probably remote exploit
Mike Hoskins wrote: > > On Fri, 20 Jul 2001, Tom wrote: > > > But if a backdoor is installed, you can't trust cvsup, or make either. > > Any binary could have been tampered with. For instance, I would make a > > backdoor make that would detect that an installworld is underway, and > > always make sure that a backdoored copy of of "login" and another copy of > > "make". > > What? Everyone can't just do a quick check against the saved tripwire > checksums on CD-R? ;) Seriously. While checksuming an entire system can > be impractical, keeping checksums for a barebones set of administrative > tools can be a lifesaver. You need to boot off of the CDROM first, otherwise you might have an evil kernel module loaded that can send bogus data to your checksummer when it reads from the disk. It's not quite as easy as just mounting the CD and running the checksums. -- \ |_ _|__ __|_ \ __| Jason Andresen[EMAIL PROTECTED] |\/ | ||/ _| Network and Distributed Systems Engineer _| _|___| _| _|_\___| Office: 703-883-7755 To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
Re: probably remote exploit
And you need to be sure that you really _are_ booting off the CD, not booting a hacked kernel from the hard disk which detects that you have a bootable CD in the drive and assumes that you're trying to boot off CD to clean up your system, so _pretends_ to be booting off the CD except when you come to run the checksum utility on the CD. Etc etc. And, of course, if it's a CD-RW, this evil kernel module could just virally infect it :-) Note that one might often want to config a machine so it won't boot from removable media (so that random idiots with access to the front panel can't boot some other OS from CD or floppy), so this scenario isn't _totally_ nuts (only, say, 99.98% nuts). A hassled sysadmin might well put in a CD and reboot without watching too closely, forgetting that the BIOS config will cause the CD to be disregarded. Nick Barnes At 2001-07-23 14:01:40+, Jason Andresen writes: > Mike Hoskins wrote: > > > > On Fri, 20 Jul 2001, Tom wrote: > > > > > But if a backdoor is installed, you can't trust cvsup, or make either. > > > Any binary could have been tampered with. For instance, I would make a > > > backdoor make that would detect that an installworld is underway, and > > > always make sure that a backdoored copy of of "login" and another copy of > > > "make". > > > > What? Everyone can't just do a quick check against the saved tripwire > > checksums on CD-R? ;) Seriously. While checksuming an entire system can > > be impractical, keeping checksums for a barebones set of administrative > > tools can be a lifesaver. > > You need to boot off of the CDROM first, otherwise you might have an > evil > kernel module loaded that can send bogus data to your checksummer when > it > reads from the disk. It's not quite as easy as just mounting the CD and > running the checksums. > > -- > \ |_ _|__ __|_ \ __| Jason Andresen[EMAIL PROTECTED] > |\/ | ||/ _| Network and Distributed Systems Engineer > _| _|___| _| _|_\___| Office: 703-883-7755 > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-stable" in the body of the message > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
Re: is "stable" "stable"?
On Mon, 23 Jul 2001, A. L. Meyers wrote: > do you suggest that if someone wants "stable-stable" not just > "stable" he should cvsup RELENG_4_3 instead of RELENG_4? I suggest you spend half the time reading documentation and trying to actually understand the FreeBSD build hierarchy you do posting messages here about what 'stable' is and/or what -STABLE should be called. (No offense, but this thread is a dead horse. If you'd take a few seconds to search past list archives, you'd already know that.) Later, -Mike -- Log analysis mailing list: http://www.adept.org/mailinglists.html#logwatchers To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
Re: is "stable" "stable"?
Mike Hoskins <[EMAIL PROTECTED]>: >On Sun, 22 Jul 2001, Steve Lumos wrote: > >> It is very easy for a reasonable person to read (or more likely skim >> [tell me you don't do it]) the description of -STABLE in the handbook >> and conclude that it means what it sounds like, and then feel >> bamboozled when they get here. > >I've been known to skim a doc or two, but something this critical isn't >the place to skim. If the individual in question wishes to deploy a >highly stable environment, one would think that individual would take >great care - including following the suggestions made earlier by others >(regression testing, staging, etc.). > >If you're not willing to actually read docs, regression test, stage, and >do 'work' in general... Well, one could argue you get the amount of >stability you deserve. > >Later, >-Mike OK, but I don't really think that's a reason not to make the documentation clear. There are plenty of people who aren't mission critical, but just interested who end up losing when they don't have to. If you guys want to take it upon yourself to teach them a lesson, I suppose that's fine, but I was assuming that wasn't the case. Of course I butted in because I read the documentation and didn't get out of it any indication that -STABLE wasn't where I wanted to be. Certainly, the phrases: "the stable branch is effectively a bug-fix stream relative to the previous release", and "[-RELEASE is] really just a ``snapshot'' from the -STABLE branch that we put on CDROM," sure sound like where I want to be. I claim that there is a certain amount of stability being advertised there. If -STABLE was ALWAYS meant to be what you guys say, then I don't think whoever wrote that section of the handbook knew it. I notice that the changes have already appeared in the handbook at freebsd.org. Although it is much better, it keeps a lot of the same language and just adds qualification. For example, why do you want: "Any changes to this branch will have debuted in FreeBSD-CURRENT first, helping to reduce (but not eliminate) the chance that the changes will cause problems," instead of "Changes to this branch have not been widely tested and should not be depended on to work." You should also change the text in -CURRENT. The phrase "if you are new to FreeBSD, you are most likely going to want to think twice about running it" should be moved from -CURRENT to -STABLE but even stronger, like "unless you *really know what you are doing*, think twice before tracking -STABLE". Then replace that paragraph in -CURRENT with something like: "As you are reading this, keep in mind that FreeBSD-CURRENT is the ``bleeding edge'' of FreeBSD development and is not intended for users". And while you're making changes, statements like: "The current ports tree officially supports only FreeBSD-current and FreeBSD-stable." on http://freebsd.org/ports/ certainly don't help. That page even goes out of its way to push -STABLE: "Note that it will only change just enough files to enable ports/packages to be used; for a full upgrade to -STABLE, please refer to the synchronizing your source tree section of the handbook." Access to bugfixed ports is the main reason why I ever considered tracking -STABLE. I'm not whining about -STABLE, but then again I didn't lose. However, I think the current attitude toward people who end up losing after basically being led to -STABLE by the documentation is bad. It might be a good idea to add "NOTE: Since this documentation may be out of date with respect to -STABLE, you should never consider tracking it until you have read freebsd-stable for a couple of weeks." Steve To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
Re: is "stable" "stable"?
hi, there! On Mon, 23 Jul 2001, Steve Lumos wrote: > I'm not whining about -STABLE, but then again I didn't lose. However, > I think the current attitude toward people who end up losing after > basically being led to -STABLE by the documentation is bad. It might > be a good idea to add "NOTE: Since this documentation may be out of > date with respect to -STABLE, you should never consider tracking it > until you have read freebsd-stable for a couple of weeks." this happened because RELENG_4_3 is quite new idea (it is actually the first -RELEASE branch) and seems that handbook is really out of sync with real world /fjoe To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
Re: problem with burncd
On 2001.07.21 13:58 Patrik Sundberg wrote: > On Sat, Jul 21, 2001 at 07:36:17PM +0200, Patrik Sundberg wrote: > > hi, > > > > i have the following problem with burncd running: > > FreeBSD radiac.mine.nu 4.3-STABLE FreeBSD 4.3-STABLE #10: Sat Jul 21 > 00:20:25 > > CEST 2001 [EMAIL PROTECTED]:/usr/src/sys/compile/RADIAC i386 > > > > # burncd -f /dev/acd0c -s 12 -t audio featherweight.wav fixate > > next writeable LBA 0 > > writing from file featherweight.wav size 62876 KB > > written this track 62879 KB (100%) total 62879 KB > > fixating CD, please wait.. > > burncd: ioctl(CDRIOCCLOSEDISK): Input/output error > > > > the drive used is: > > acd0: CD-RW at ata1-slave using PIO4 > > > > is the drive unsupported? is anyone working on a fix? seems the CRX140E > is > > working (looking through mailingarchieves). > > found out that it works great if not in testmode (without -t). no > problems. > a better errormessage from burncd would be helpful if this is intended > behaviour (i don't know much about cd writers). > > -- > ---. > Patrik Sundberg email: [EMAIL PROTECTED] || [EMAIL PROTECTED] | > Phone: +46 13 178567 || +46 707 602240| > .---> UNIX consultant | > |-> Applied Physics and Electrical Engineering student | > `--' > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-stable" in the body of the message > If you read further back in the mailing list two weeks ago this same issue wasw addressed.. The problem is known and is fixed in current.. The message is below form Seren Schmidt.. As far as when the MFC will be completed I don't know.. >Its a known issue, and it is fixed in -current. I'll MFC the changes >when I get some spare time, but things are messy around here right now, >and I have to use my time on payjobs... > >-Søren -- Jake Roersma Network Engineer Triton Technologies Inc. (800)-837-4253/364-8761 To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
Re: is "stable" "stable"?
On Mon, 23 Jul 2001, Max Khon wrote: > hi, there! > > On Mon, 23 Jul 2001, Steve Lumos wrote: > > > I'm not whining about -STABLE, but then again I didn't lose. However, > > I think the current attitude toward people who end up losing after > > basically being led to -STABLE by the documentation is bad. It might > > be a good idea to add "NOTE: Since this documentation may be out of > > date with respect to -STABLE, you should never consider tracking it > > until you have read freebsd-stable for a couple of weeks." > > this happened because RELENG_4_3 is quite new idea (it is actually the > first -RELEASE branch) and seems that handbook is really out of sync with > real world > > /fjoe > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-stable" in the body of the message > Hello again! Guess what - I *did* carefully read the handbook before cvsupping stable. I *never* expected stable to be perfect but I did expect it to be "stable". All the docs I saw presented moving from RELEASE to STABLE as the normal course of action. No doc I remember mentioned a third tree. Maybe I misunderstood but my understanding was that a release is something like a snapshot from the stable branch. Well as we have an SMP server I was (sorry, but it's true) shocked to see big problems on production SMP machines due to some problems with stable soon after I subscribed. My mild problem was only with one executable pod2man, part of perl. So I just got nibbled. Now I am told that sysadmins should extensively test stable to make sure it is stable. My conclusions: 1. "Stable" should really be stable or be called something else. 2. The new "release" tree is apparently the real "stable" tree. 3. The handbook does not yet fully and accurately reflect the current situation and inform users sufficiently to enable them to decide rationally. All this is meant in completely positive ways. I like FreeBSD. Cheers! Lucien To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
Re: is "stable" "stable"?
On Mon, 23 Jul 2001, A. L. Meyers wrote: > It seems to me that it would be in the very best interest of > FreeBSD to apply whatever quality controls are appropriate to > ensure that "stable" means what it says. You're checking out the head of a development tree. It will never be stable in your sense. As mentioned before it might theoretically be best to rename "stable" but it needs a volunteer (you?) to do the work to fix all the breakage which will result. > Do you seriously expect > all users to go thru the testing procedures enumerated below? Then use a point release with the security patches applied. > Most probably expect such things to be done by developers before > new and/or improved code is incorporated into "stable". Like I said, the testing matrix of the x86 platforms are way too damn fucking big. Do you know how many different flavors of intel eepro100 chips alone are out there? Do you think that any of the fxp developers have a full matrix of all of them? Do you even think that the people who are -current have all of them? Multiply that just by the number of x86 motherboards out there and you will get some idea of what kind of testing matrix we're talking about. Of course, are you volunteering to do QA on code before it goes into stable? If you've got the hardware and the manpower then maybe we can do something about it. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
Re: High interrupt rate
Thu, Jul 19, 2001 at 20:35:42, rrs (Rob Schulhof) wrote about "High interrupt rate": > I'm puzzled why my system is spending 1% of CPU on system interrupts when > completely idle. I even with avery thing killed except kernel proceses top > and vmstat show 0.8% is spent servicing interrupts. A 'vmstat -i' shows the > only interrupts set are the CLK and RTC. Anybody come across this? I'm > assuming it's a hardware problem. One my system constantly shows 12% interrupt time. LA does not reflect this. Possibly state checking interferes with some external activity. One should know that these times are very approximate. /netch To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
Re: High interrupt rate
Hello, Thanks for reply. I found that using the i8254 clock rather than the TSC clock seemed to solve the problem, but perhaps it's merely coincidence. --Rob On Mon, 23 Jul 2001, Valentin Nechayev wrote: > Date: Mon, 23 Jul 2001 19:56:55 +0300 > From: Valentin Nechayev <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Subject: Re: High interrupt rate > > Thu, Jul 19, 2001 at 20:35:42, rrs (Rob Schulhof) wrote about "High interrupt >rate": > > > I'm puzzled why my system is spending 1% of CPU on system interrupts when > > completely idle. I even with avery thing killed except kernel proceses top > > and vmstat show 0.8% is spent servicing interrupts. A 'vmstat -i' shows the > > only interrupts set are the CLK and RTC. Anybody come across this? I'm > > assuming it's a hardware problem. > > One my system constantly shows 12% interrupt time. LA does not reflect this. > Possibly state checking interferes with some external activity. > One should know that these times are very approximate. > > > /netch > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
Re: is "stable" "stable"?
On Mon, 23 Jul 2001, Steve Lumos wrote: > "the stable branch is effectively a bug-fix stream relative to the > previous release" True. > "[-RELEASE is] really just a ``snapshot'' from the -STABLE branch that > we put on CDROM," Well, it is really a snapshot, that's true again. Maybe it would be helpful to indicate that some amount of effort goes into ensuring the 'snapshot' is release-quality (I.e. code freezes, etc.). > sure sound like where I want to be. Actually, the user you describe as just 'ending up' places vs. actually RTFMing and making informed decissions sounds like a newbie. With that in mind, I'd suggest reading: http://www.freebsd.org/projects/newbies.html Specifically, "If you haven't installed yet, look for the *latest mainstream release*." "Latest mainstream release" being a link to (at present) 4.3R. No one suggested that people so easily confused by development cycles actually try to install non-release releases. > I claim that there is a certain amount of stability being advertised > there. Correct. It's advertised, and is present. -STABLE is more 'stable' than -CURRENT. > "Any changes to this branch will have debuted in FreeBSD-CURRENT > first, helping to reduce (but not eliminate) the chance that the > changes will cause problems," Correct. > "Changes to this branch have not been widely tested and should not > be depended on to work." Hmm. Speak for yourself, and your apparent lack of clue. Personally, I have many working -STABLE boxes. > I'm not whining about -STABLE, but then again I didn't lose. However, > I think the current attitude toward people who end up losing after > basically being led to -STABLE by the documentation is bad. It might > be a good idea to add "NOTE: Since this documentation may be out of > date with respect to -STABLE, you should never consider tracking it > until you have read freebsd-stable for a couple of weeks." I don't have attitude toward people that 'lose'. I don't think anyone does. That's why you see hundreds of messages in list archives from individuals offering suggestions and help to those that have 'lost'. I do, however, have mass attitude toward individuals who fail then attempt to blame the failure on something other than themselves. It is suggested that users track relevant mailing lists for whichever branch they choose. In short, it's suggested users actually attempt to understand what they use. It may be worth noting that the official Handbook install procedure links to installation floppies for the current -RELEASE. Again, noone suggests users incapable of RTFMing run non-release releases. I can't stress this enough. Personally, I think the current naming convention makes a lot of sense. I also think that, no matter what names you chose for the branches, someone will dissent. I'm all for removing actual inconsistencies in the documentation. However, if this is really just an attempt to have things worded 'your way', I could argue I want it 'my way' (anyone could). Many of the places you cite above say exactly what they should say. I'm glad to know some work has been done to clarify past points of confusion (kudos to the docs team), I just hope time isn't wasted rewriting documentation for the sake of pleasing everyone (vs. saying what needs to be said)... As we all know, that's an endless battle. Later, -Mike -- Log analysis mailing list: http://www.adept.org/mailinglists.html#logwatchers To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
RE: Is FreeBSD more secure than Windows NT or Windows 2000?
This is a couple days old by now, but for the record, yes, there is a program that is standard amongst Windows NT/2000 systems integrators that will reset your admin password in a jiffy. Very handy. Also, I'm not sure about this password during reinstall. I've reinstalled NT and 2000 many times without being prompted for a password or losing access to my files later. Maybe the MSDN versions are different. Watch your backups too with 2000 machines... like a lot of systems, access to the backups means permissions-free access to the data. Anyway, I expect that this thread is done with, having used both fairly extensively, FreeBSD is better, because knowing exactly what is wrong is always better than never being sure if there is something wrong. On my Windows systems, I can never tell because Microsoft doesn't really like to release news about exploits if they don't have a patch available yet... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Lamont Granquist Sent: Saturday, July 21, 2001 4:14 PM To: Sung Nae Cho Cc: [EMAIL PROTECTED] Subject: Re: Is FreeBSD more secure than Windows NT or Windows 2000? yeah, okay, too much caffeine, too little sleep, too little food... sorry... for future reference, though, you should probably tone it down a bit when you're asking about O/S comparisons that are likely to produce kneejerk responses. comparing Microsquish and FreeBSD security is probably one of those topics. also to try to add a bit of information to this reply, I believe there's a utility which someone sells for a few hundred bucks which will let you boot from floppies and reset the local admin password on a Win2K box. for WinNT there are freeware utilities out there which will let you do this. for both of them there are freeware utilities which will let you boot from a floppy and read the NTFS partition (particularly to get/edit the NT equivalent of the password file). and of course there's also l0phtcrack... On Sat, 21 Jul 2001, Sung Nae Cho wrote: > Huh? > > I didn't think my previous message was offensive to anyone, no? Maybe > people ought to learn to read the messages with complete attention before > start throwing flames at each other! Or even consider reading the > follow ups. > > > Sung N. Cho > > > > > > On Sat, 21 Jul 2001, Lamont Granquist wrote: > > > > > On Sat, 21 Jul 2001, Sung Nae Cho wrote: > > > Simply reinstalling Windows NT will not let you read someone else's > > > file. > > > > yeah, so just rip the drive out, stick it into a FBSD box and mount it > > using NTFS. > > > > the "security" feature of NT where it tries to make sure that you have a > > login on the box to be able to do anything is really, really annoying. I > > managed to lock myself out of my laptop (switched from domain to workgroup > > and lost my cached domain credentials) and didn't have a local admin > > password and couldn't fucking change the password. It was, of course, > > more than trivial to dual boot into FBSD and mount the partition under > > NTFS and get at all my files. But there's no tools out there to hack the > > new active directory passwords and the tools for hacking the old SAM files > > didn't work on W2K. So, the reportcard on W2K security in this way is > > that it gets a big F- on security *and* gets a big F- on administrative > > utility. FreeBSD at least acknowledges that you don't have any security > > when you're on the console and lets you do administrative tasks with the > > proper incantations. > > > > and this isn't appropriate for freebsd-stable. take your trolling > > elsewhere please. > > > > > Now I think that's being secure all the way. > > > > you have no clue about security, go away. > > > > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > > with "unsubscribe freebsd-stable" in the body of the message > > > > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
Re: is "stable" "stable"?
On Mon, 23 Jul 2001, A. L. Meyers wrote: > Guess what - I *did* carefully read the handbook before cvsupping > stable. Ahh, I see. So... You read, http://www.freebsd.org/doc/en_US.ISO8859-1/books/ \ handbook/current-stable.html Under, "20.2.2.3 Using FreeBSD-STABLE" Which states, "Join the FreeBSD-stable mailing list <[EMAIL PROTECTED]>. This will keep you informed of build-dependencies that may appear in FreeBSD-STABLE or any other issues requiring special attention." Upon reading this, you tracked -stable for awhile and after seeing there weren't known problems with your intended architecture (possibly utilizing list archives as well) proceeded with your install. Correct? > Now I am told that sysadmins should extensively test stable to > make sure it is stable. My conclusions: My conclusion (sorry, no offense!): "More people should learn how to read past a 3rd-grade level." Later, -Mike -- Log analysis mailing list: http://www.adept.org/mailinglists.html#logwatchers To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
