http://www.spiegel.de/media/media-35663.pdf
"PANT SPARTY is a backdoor in the SSH daemon for *NIX, based on
OpenSSH portable"
+local copy (pdf).
Daniel
[demime 1.01d removed an attachment of type application/pdf which had a name of
media-35663.pdf]
http://www.openwall.com/lists/oss-security/2015/01/07/5
Does someone can confirm this vulnerability? It's probably the problem
of "OpenBSD-derived (?) pax".
Best regards,
Daniel
2015-01-06 8:27 GMT+01:00 whoami toask :
> Hello,
>
> isn't there too much SUID/SGID files on a default OpenBSD install?
No.
I think you don't understand how SGID works. A small example:
155910 84 -r-xr-sr-x4 root crontab 41752 Aug 8 08:06
/usr/bin/at/usr/bin/at
If you run 'at' a
2014-12-18 19:37 GMT+01:00 andrew fabbro :
> On Thu, Dec 18, 2014 at 10:24 AM, Adam Thompson
> wrote:
>>
>> The list of VPS providers where OpenBSD will run, more or less correctly,
>> more or less all of the time, is actually very big. It will even run
>> correctly all of the time on a fairly la
2014-11-02 16:49 GMT+01:00 :
> Hi,
>
> From what I gather, RBAC / MAC isn't really necessary unless you add people
> to your system that you don't really trust (ref. Nick Holland @
> http://marc.info/?l=openbsd-misc&m=139321387226212). But what about FreeBSD's
> Capsicum?
http://www.openbsdfo
ln /bin/pax /bin/tar?
http://cyclone.thelanguage.org/
http://en.wikipedia.org/wiki/Cyclone_(programming_language)
http://trevorjim.com/papers/usenix2002.pdf
http://homes.cs.washington.edu/~djg/papers/cyclone-cuj.pdf
Best regards,
Daniel
2014-09-13 19:27 GMT+02:00 why not :
> hello
>
> Besides NTRU is having a GPL licence,
https://github.com/NTRUOpenSourceProject/ntru-crypto/issues/4
https://github.com/tbuktu/libntru
but:
http://blog.cr.yp.to/20140213-ideal.html
Daniel
2014-06-29 13:40 GMT+02:00 Antoine Jacoutot :
> So first you comment on Ian's GSoC and now on systemd... thai is confusing.
> I don't care about systemd we will never have it. We just need some
> interfaces
> that are currently only implemented in systemd.
This is the right approach to the subj
2014-06-29 1:05 GMT+02:00 ian kremlin :
>> that bsd is being crowded out, a thought that had not crossed my mind.
>> I wanted to know, before assuming that it is the case everywhere, do
>> people really not like systemd and is it really hurting bsd? If so,
>> I'd be interested in doing something ab
2014-02-19 3:32 GMT+01:00 Theo de Raadt :
>>2014-02-17 22:12 GMT+01:00 Miod Vallat :
and of course PAM:
http://blackhatlibrary.net/Hooking_PAM
>>>
>>> Well, there's a reason why OpenBSD does not embed PAM. It has to do with
>>> software giving people enough rope to hang themselves.
>
2014-02-18 20:10 GMT+01:00 Dmitrij D. Czarkoff :
> Giancarlo Razzolini said:
>> ... What we are discussing is if it is possible, using
>> LD_PRELOAD, to inject code on the execution of any given programs, and
>> to be able to hide the fact that the machine has a rootkit installed
>> using t
2014-02-18 18:42 GMT+01:00 Giancarlo Razzolini :
> Em 18-02-2014 14:36, Dmitrij D. Czarkoff escreveu:
>> You perfectly demonstrated your ability to alter the code that will be
>> run with your privileges. Still, it is useless as the injected code
>> will be running with your privileges, so this has
Hi Giancarlo,
Maybe I'm totally wrong here:
2014-02-17 20:20 GMT+01:00 Theo de Raadt :
>>2014-02-16 23:36 GMT+01:00 Frank Brodbeck :
>>> I am not sure what point it is you are trying to make but:
>>>
>>> $ LD_PRELOAD=./id0 sh
>>> \u@\h:\w\n$ id -un
>>> root
>>> \u@\h:\w\n$ less /etc/master.passw
2014-02-17 20:20 GMT+01:00 Theo de Raadt :
Theo,
I think went wrong with this topic.
Firstly, I don't know of any vulnerability in order to gain privilege
(e.g. uid 0) using LD_PRELOAD. I want it to be clearly defined. And
yes, shown trick with LD_PRELOAD was cheap and didn't give any root
rights
2014-02-17 22:12 GMT+01:00 Miod Vallat :
>> and of course PAM:
>>
>> http://blackhatlibrary.net/Hooking_PAM
>
> Well, there's a reason why OpenBSD does not embed PAM. It has to do with
> software giving people enough rope to hang themselves.
PAM its just API. You can write small and simple pam_bsd
2014-02-17 21:49 GMT+01:00 Marc Espie :
> On Mon, Feb 17, 2014 at 07:48:44PM +, Miod Vallat wrote:
>> > Attacks with LD_PRELOAD are very old and can
>> > be performed on any OS where you have dynamic linking (Linux, *BSD
>> > etc.), so yes, OpenBSD is "vulnerable" to th
2014-02-17 21:25 GMT+01:00 Theo de Raadt :
>>2014-02-17 20:48 GMT+01:00 Miod Vallat :
Attacks with LD_PRELOAD are very old and can
be performed on any OS where you have dynamic linking (Linux, *BSD
etc.), so yes, OpenBSD is "vulnerable" to this type of stuff.
2014-02-17 20:48 GMT+01:00 Miod Vallat :
>> Attacks with LD_PRELOAD are very old and can
>> be performed on any OS where you have dynamic linking (Linux, *BSD
>> etc.), so yes, OpenBSD is "vulnerable" to this type of stuff.
>
> You forgot to mention that the value of LD_PRE
And it never was a threat?
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0872
http://www.cvedetails.com/cve/CVE-2006-6164/
Daniel
2014-02-16 23:36 GMT+01:00 Frank Brodbeck :
> I am not sure what point it is you are trying to make but:
>
> $ LD_PRELOAD=./id0 sh
> \u@\h:\w\n$ id -un
> root
> \u@\h:\w\n$ less /etc/master.passwd
> /etc/master.passwd: Permission denied
> \u@\h:\w\n$ ls -l /etc/master.passwd
> -rw--- 1 root w
2014-02-17 15:49 GMT+01:00 Giancarlo Razzolini :
>> Solution: static linking of critical binaries.
>>
>> I hope that my explanation was helpful.
>>
>> best regards,
>> Daniel
>>
> Static linking does solves the issue with this particular rootkit, but
> won't help with kmod rootkits. The truth is t
2014-02-17 13:15 GMT+01:00 :
> On 16. februar 2014 at 10:11 PM, "Daniel Cegiełka"
> wrote:
>
> try this:
>
> --- cat id0.c ---
> int getuid(){return 0;}
> int geteuid(){return 0;}
> int getgid(){return 0;}
> int getegid(){return 0;}
> --- end cut ---
try this:
--- cat id0.c ---
int getuid(){return 0;}
int geteuid(){return 0;}
int getgid(){return 0;}
int getegid(){return 0;}
--- end cut ---
# shell (as normal user):
id -un
cc -shared id0.c -o id0
LD_PRELOAD=./id0 sh
id -un
best,
Daniel
2014-02-16 22:36 GMT+01:00 :
> Hello!
>
> Came across
I agree with the fact that we have no solution to this problem, and
probably will not find it quickly (or ever). I do not want to shout
that now we have to do something. I want to make people aware that
even with signify still need to keep limited trust.
best,
Daniel
2014-02-04 Marc Espie :
> signify(1) makes things more transparent: no chain of trust, pure keys.
>
> One cool thing is that the signatures are small enough that they can be
> embedded directly in the package (which already has sha256 for everything).
>
> This has the advantage of decentralization
2014-02-04 Otto Moerbeek :
> On Tue, Feb 04, 2014 at 03:41:09PM +0100, Daniel Cegie?ka wrote:
>
> I believe that in -current, the pubkey comes from /etc/signify.
>
> -Otto
yes, but man pkg_sign:
-s signify|x509 [-s cert] -s privkey
Specify signature parameters for signe
2014-02-04 Kim Twain :
> Does pkg_add automatically check these signatures, or, as of now, I'd need
> to manually download the packages, verify them with signify and then install
> them locally with pkg_add?
from man pkg:
If a package is digitally signed:
o pkg_add checks that its packing
2014/1/16 Jack Woehr :
> Daniel Cegiełka wrote:
>>
>> http://goteo.org/project/gnupg-new-website-and-infrastructure
>>
>> Why do not you do such a campaign?
>
>
> I think Theo has answered this previously. His point was that he doesn't
> want to spend
http://goteo.org/project/gnupg-new-website-and-infrastructure
Why do not you do such a campaign? Wow.. new website and
infrastructure for GnuPG. Result: more then 24k USD in three weeks. So
where OpenBSD/OpenSSH are worse than GnuPG? Guys, your problem is not
the OpenBSD foundation, but the total
30 matches
Mail list logo
