search for: chchile

Hi, first sorry for cross-posting but I thought this patch might interest -CURRENT users as well as people concerned by security. I wrote a patch that integrates ProPolice/SSP into FreeBSD, one step further than it has been realized so far. It is available here : http://tataz.chchile.org/~tataz/FreeBSD/SSP/ Everything is explained on the web page, but I will repeat some informations here. The patchset is splitted in two parts to ease the review of the patch. The -propolice patch is only the original ProPolice patch for GCC 3.4.4 applied on FreeBSD source tree. The -freebsd...

...ld like to use stack smashing protection in order to harden my boxes and avoid many potential exploits. I've known about ProPolice/SSP for a while now (from the Gentoo world) and am aware that FreeBSD 7.0 doesn't yet support it though I know of Jeremy Le Hen's patches (http://tataz.chchile.org/~tataz/FreeBSD/SSP/). Some time after 7.0 is released I'd like to upgrade and apply SSP throughout kernel, userland and ports while I'm at it. However, being an unsupported patchset and all, I have some concerns which I'd like some feedback on well before I embark on this projec...

...ould add that, while not directly important for the FreeBSD OS since it doesn't use autotools stuffs, it is for users that don't use the stock OpenSSH provided with FreeBSD. Thanks for your work, keep on ! :-) Best regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > -------------- next part -------------- Index: configure.ac =================================================================== RCS file: /cvs/openssh/configure.ac,v retrieving revision 1.296 diff -u -p -u -r1.296 configure.ac --- configure.ac 22 Sep 2005 10:19:54 -0000 1.296 +++ confi...

...on of `xstrdup' % ftpd.o(.text+0x1460): first defined here % /usr/obj/usr/src/tmp/usr/bin/ld: Warning: size of symbol `xstrdup' changed from 44 in ftpd.o to 70 in /usr/obj/usr/src/tmp/usr/lib/libssh.a(xmalloc.o) %%% Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org >

----- Forwarded message from Damien Miller <djm@cvs.openbsd.org> ----- Subject: OpenSSH 4.0 released From: Damien Miller <djm@cvs.openbsd.org> Date: Wed, 9 Mar 2005 02:54:13 -0700 (MST) To: announce@openbsd.org X-Original-To: jeremie@le-hen.org Delivered-To: tataz@tataz.chchile.org X-Loop: announce@openbsd.org Precedence: list OpenSSH 4.0 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. We w...

Hello. I once read somewhere that it's possible to limit SSH pubkeys to 'tunnel-only'. I can't seem to find any information about this in any of the usual places. I'm going to be deploying a few servers in a couple of days and I'd like them to log to a central server over an SSH tunnel (using syslog-ng) however I'd like to prevent actual logins (hence

Hi, I am trying to setup ipsec tunnel between Freebsd (host1) and Linux (host2) systems.And I also interested in executing some ipsec test cases( Like TAHI conformance test suite) on the same connection. Please, suggest me some details regarding this setup and Specify any materials which can be obtained from from any locations(site).. I have enabled IPSec support for FreeBSD (4.11 Release) and

Hello, I think there was already a thread on this. I just want to raise the question again if anyone has successfully booted an gdbe-encrypted filesystem (everything encrypted except the bootloader). The passphrase is entered at the bootloader prompt or embedded in the bootloader. I appreciate any tips. Thanks, - ronnel

hi I am trying to stop the application running in the VM from the host machine.....that means by typing some command in the host machine, (script or using some API''s or sending some signal to VM from the host), i want stop application running in the VM.......is there any way to do this.....if anybody know this please help me....... I want this because......I want to take VM consistent

Hello, I was playing around with geli an gbde after last EuroBSDCon. I liked the idea of encrypting my data which resides in /home/$user. Since this is a "single" user laptop i intended to encrypt the whole /home partition. Well no problems with that. But i wanted the lockfile or keyfile on a seperate usb disc. Which would be mounted or used during boot of the system. I also used

Hi folks, I think we need to update compat5x binary to fix FreeBSD-SA-05:21.openssl, but will the binaries built by ``make universe'' be identical with actual build on Alpha, Sparc64, etc? (Yes, I'm volunteering to do the work iff they are identical ;-) Cheers, -- Xin LI <delphij frontfree net> http://www.delphij.net/ See complete headers for GPG key and other information.

Hi all, ?Is there any app like denyhosts[1] but intended for MySQLd service? We have a mysql ports (3306) opened for remote connections, and obviously the /var/db/mysql/machine_name.log is full of these kind of entries: ........... 936012 Connect Access denied for user 'user'@'85.19.95.10' (using password: YES) 936013 Connect Access denied for user

Hello, I'm wondering about closing some information leaks in FreeBSD jails from the "outside world". Not that critical (depends on the application), but a simple user, with restricted devfs in the jail (devfsrules_jail for example from /etc/defaults/devfs.rules) can figure out the following: - network interfaces related data, via ifconfig, which contains everything, but the

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 I really do not agree with adding it to the base system. Just because you guys use sudo does not mean other people do. In fact many people do not have a use for sudo at all. Not every one gives out root accounts. You are only adding another utility In that can possibly be used to escalate privileges. Every time I secure a system I spend some time

Hello Greg, I am writing you, because I saw your responses to a couple of messages on the freebsd-security mailing list related to freebsd vpn and nat. My situations is rather unique, and I am needing an expert's eyes to glance at it and confirm whether it is doable or not. I have a simple diagram that illustrates what I am trying to do, and it is located here (about 40k):

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-05:21.openssl Security Advisory The FreeBSD Project Topic: Potential SSL 2.0 rollback Category: contrib Module: openssl Announced: 2005-10-11

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Everyone, On October 31st, FreeBSD 5.3 and FreeBSD 5.4 will have reached their End of Life and will no longer be supported by the FreeBSD Security Team. Users of either of those FreeBSD releases are strongly encouraged to upgrade to FreeBSD 5.5 or FreeBSD 6.1 before that date. In addition, the FreeBSD 6.0 End of Life is presently scheduled

Good Day! I think we have a serious problem. One of our old server running FreeBSD 4.9 have been compromised and is now connected to an ircd server.. 195.204.1.132.6667 ESTABLISHED However, we still haven't brought the server down in an attempt to track the intruder down. Right now we are clueless as to what we need to do.. Most of our servers are running legacy operating systems(old

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-07:01.jail Security Advisory The FreeBSD Project Topic: Jail rc.d script privilege escalation Category: core Module: etc_rc.d Announced: