search for: drosehn

Yo All! Well I work on a diverse number of OS's with a diverse number of clients. Some use F-Secure, SecureCRT, PuTTY, SSH.COM. OpenSSH, etc. with a wide variety of versions between each, some from source, some from rpms, etc... Basically a lot of legacy stuff that no one has the time to update. In fact I am working on a couple of OpenSSH config problems in the last few days. Sometimes we

I have an initial port of the SSH client. Only one known issue with it. sigaddset(), sigempty(), and sigprocmask() don't exist on NeXT without using libposix which I'm now avoiding (thanks, Garance A Drosehn) like the plague because it conflicts too much. Only thing this affects is the readpass.c file at this point. Which means if you ctrl-C out of the password prompt you mess up your current tty. I have simple [v]snprint() that work like a charm, along with a putenv() (since NeXT lacks even a seten...

While using 5.1-RELEASE, I find that if my application program seg faults, it produces "programname.core"; but it is 0 bytes. I ran the exact same program on another machine that was running 4.4-RELEASE, and I do get a core file that I can use with gdb. I'd really appreciate if someone could help me resolve this. Additional details: - It is not specific to the application

...ted my machine to the status as of this morning, and that didn't seem to help much. I'm running on a single-CPU Athlon (i386, not amd64) machine. Are other people here running nessus (2.2.6) with the "registered plugins"? (not the commercial registration). -- Garance Alistair Drosehn = gad@gilead.netel.rpi.edu Senior Systems Programmer or gad@freebsd.org Rensselaer Polytechnic Institute or drosih@rpi.edu

Hi folks, While investigating OpenBSD's cron implementation, I found that they set the systemwide crontab (a.k.a. /etc/crontab) to be readable by the superuser only. The attached patch will bring this to FreeBSD by moving crontab out from BIN1 group and install it along with master.passwd. This change should not affect the current cron(1) behavior. Cheers, -- Xin LI <delphij frontfree

...that is significant. The partition is mounted: /dev/ad0s2g on /usr (ufs, local, soft-updates) This is only a test system, so it isn't much of a problem for me. I just thought that it was odd enough that I should mention it. Has anyone else seen behavior like this? -- Garance Alistair Drosehn = gad@gilead.netel.rpi.edu Senior Systems Programmer or gad@freebsd.org Rensselaer Polytechnic Institute or drosih@rpi.edu

i am invoking op from a python proggy which does an op.system() of op chmod 640 /usr/local/etc/tac_plus.conf i get "Permission denied by op" % ls -l /usr/local/etc/op.access -r-------- 1 root wheel 149 Jan 13 07:41 /usr/local/etc/op.access % cat /usr/local/etc/op.access # 2007.01.13 # #DEFAULT users=src # chown /usr/sbin/chown $* ; users=src chmod /bin/chmod $* ; users=src

I got email yesterday from a user who had run 'from' and got the message "No mail in /home/stevev/$USER" (where $USER was that person's username). At first I thought he had pilfered my .bashrc, but on further investigation I discovered that my home directory path had been compiled in to sshd, because the configuration tests assume that the directory part of $MAIL is the

Hello! [Cc to stable@, for wider audience] The plan is two axe two old networking protocols from FreeBSD head/, meaning that FreeBSD 11.0-RELEASE, available in couple of years would be shipped without them. 1) AppleTalk Last time claimed to be supported by vendor in 2007[1]. In practice had very little use since 90th. Discontinued by major routing equipment vendors since 2009[2].

All: I'm posting this to FreeBSD-security (rather than FreeBSD-net) because the problems I'm seeing appear to have been caused by spyware, and because they constitute a possible avenue for denial of service on FreeBSD machines with default installs of the operating system. Several of the FreeBSD machines on our network began to act strangely during the past week. Some have started to

Hi, first sorry for cross-posting but I thought this patch might interest -CURRENT users as well as people concerned by security. I wrote a patch that integrates ProPolice/SSP into FreeBSD, one step further than it has been realized so far. It is available here : http://tataz.chchile.org/~tataz/FreeBSD/SSP/ Everything is explained on the web page, but I will repeat some informations here.

I'm just getting into regular use with cvsup (way over do on that one), and I tried to specify a tag=. in the cvsup file. Here's the file: # This file specifies src files are to be uploaded. *default host=cvsup2.FreeBSD.org # *default tag=RELENG_5_1_0_RELEASE *default tag=. *default prefix=/usr *default release=cvs delete use-rel-suffix compress *default base=/usr/local/etc/cvsup

...;& defined(HAVE_SETREUID) */ + +/* putenv: + * implementation of putenv, from the comp.sys.next.programmers + * FAQ list and misc-source repository. I believe it comes + * from Thomas Funke <thf at zelator.in-berlin.de>. Includes + * some mods from Garance Drosehn <gad at eclipse.its.rpi.edu>. + */ +#if !defined(HAVE_SETENV) && !defined(HAVE_PUTENV) +int putenv(char *s) +{ + int nlen; + char *cptr; + char **nenv, **eptr; + extern char **environ; + + /* first see if there is any environment setup. If not, + * create it with this single...

I spent some time debugging a failing Scp that turned out to be caused by the remote shell producing messages on Standard Output that aren't part of the SCP protocol. Scp from a remote system works by running another Scp on the remote system. The remote Scp writes SCP protocol messages (and file data) to its Standard Output, which the local Scp sees as Standard Input. But it's

All, Given the amount of NULL-pointer dereference vulnerabilities in the FreeBSD kernel that have been discovered of late, I've started looking at a way to generically protect against the code execution possibilities of such bugs. By disallowing userland to map pages at address 0x0 (and a bit beyond), it is possible to make such NULL-pointer deref bugs mere DoS'es instead of code

Dear FreeBSD users and system administrators, While the FreeBSD Security Team has traditionally been very good at investigating and responding to security issues in FreeBSD, this only solves half of the security problem: Unless users and administrators of FreeBSD systems apply the security patches provided, the advisories issued accomplish little beyond alerting potential attackers to the

Friends, Sorry to write this to a developer mailing list. I have already approached some OpenSSH/OpenBSD core members on this, including Markus Friedl, Theo de Raadt, and Niels Provos, but they have chosen not to bring the issue up on the mailing list. I am not aware of any other forum where I would reach the OpenSSH developers, so I will post this here. As you know, I have been using the SSH

I'd like to address several issues raised by people in relation to my notice of the ssh(R) trademark to the OpenSSH group. Also, I would like to make a proposal to the community for resolving this issue (included at the end). First, I'll answer a number of questions and arguments presented in the discussion. > "the SSH Corp trademark registration in the US is for a logo

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Everyone, On October 31st, FreeBSD 5.3 and FreeBSD 5.4 will have reached their End of Life and will no longer be supported by the FreeBSD Security Team. Users of either of those FreeBSD releases are strongly encouraged to upgrade to FreeBSD 5.5 or FreeBSD 6.1 before that date. In addition, the FreeBSD 6.0 End of Life is presently scheduled

First, I hope that this message is not considered flame bait. As someone who has used FreeBSD for for 5+ years now, I have a genuine interest in the integrity of our source code. Second, I hope that this message is not taken as any form of insult or finger pointing. Software without bugs does not exist, and I think we all know that. Acknowledging that point and working to mitigate the risks