similar to: -1 and friends

Hi folks, While investigating OpenBSD's cron implementation, I found that they set the systemwide crontab (a.k.a. /etc/crontab) to be readable by the superuser only. The attached patch will bring this to FreeBSD by moving crontab out from BIN1 group and install it along with master.passwd. This change should not affect the current cron(1) behavior. Cheers, -- Xin LI <delphij frontfree

All: I'm posting this to FreeBSD-security (rather than FreeBSD-net) because the problems I'm seeing appear to have been caused by spyware, and because they constitute a possible avenue for denial of service on FreeBSD machines with default installs of the operating system. Several of the FreeBSD machines on our network began to act strangely during the past week. Some have started to

i am invoking op from a python proggy which does an op.system() of op chmod 640 /usr/local/etc/tac_plus.conf i get "Permission denied by op" % ls -l /usr/local/etc/op.access -r-------- 1 root wheel 149 Jan 13 07:41 /usr/local/etc/op.access % cat /usr/local/etc/op.access # 2007.01.13 # #DEFAULT users=src # chown /usr/sbin/chown $* ; users=src chmod /bin/chmod $* ; users=src

While using 5.1-RELEASE, I find that if my application program seg faults, it produces "programname.core"; but it is 0 bytes. I ran the exact same program on another machine that was running 4.4-RELEASE, and I do get a core file that I can use with gdb. I'd really appreciate if someone could help me resolve this. Additional details: - It is not specific to the application

I'm trying to get nessus setup for doing some internal security checking. I installed the ports for nessus and nessus-plugins, and everything worked as expected. I then registered for the full feed of plugins, which got me up to over 10,000 plugins. I restarted nessus, and it didn't work at all. I am running without X11, so I'm doing batch runs. I already have nmap installed, so I

I have a test 4.x-stable system that I recently rebooted into. The last time I had updated it was May 3rd. I cvsup'ed it, did the buildworld/installworlds, and everything seemed fine. I then thought I would update all the ports. When upgrading XFree86, the /usr partition ran out of disk space. Now the partition shows up as: (21) df -k Filesystem 1K-blocks Used Avail Capacity

I got email yesterday from a user who had run 'from' and got the message "No mail in /home/stevev/$USER" (where $USER was that person's username). At first I thought he had pilfered my .bashrc, but on further investigation I discovered that my home directory path had been compiled in to sshd, because the configuration tests assume that the directory part of $MAIL is the

I spent some time debugging a failing Scp that turned out to be caused by the remote shell producing messages on Standard Output that aren't part of the SCP protocol. Scp from a remote system works by running another Scp on the remote system. The remote Scp writes SCP protocol messages (and file data) to its Standard Output, which the local Scp sees as Standard Input. But it's

I'm just getting into regular use with cvsup (way over do on that one), and I tried to specify a tag=. in the cvsup file. Here's the file: # This file specifies src files are to be uploaded. *default host=cvsup2.FreeBSD.org # *default tag=RELENG_5_1_0_RELEASE *default tag=. *default prefix=/usr *default release=cvs delete use-rel-suffix compress *default base=/usr/local/etc/cvsup

Dear FreeBSD users and system administrators, While the FreeBSD Security Team has traditionally been very good at investigating and responding to security issues in FreeBSD, this only solves half of the security problem: Unless users and administrators of FreeBSD systems apply the security patches provided, the advisories issued accomplish little beyond alerting potential attackers to the

Hello! [Cc to stable@, for wider audience] The plan is two axe two old networking protocols from FreeBSD head/, meaning that FreeBSD 11.0-RELEASE, available in couple of years would be shipped without them. 1) AppleTalk Last time claimed to be supported by vendor in 2007[1]. In practice had very little use since 90th. Discontinued by major routing equipment vendors since 2009[2].

Yo All! I understand why we do not have sftp in openssh, but it would be nice if we could make it so that when an SSH.COM scp2 client makes a connection to an OpenSSH V2 daemon that it does not hang.... Any ideas or do I need to dig a bit on this? Here is what the sshd says when I conenct to it from scp2: debug: session_open: session 0: link with channel 0 debug: confirm session debug:

Yo All! I have been playing with SSH 2.2.0 from www.ssh.com. I can not connect to openssh 2.2.1p1 using Ver 2 protocol from ssh Ver 2.2.0. Ver 1 works fine. See below for the debug output from both ends If I force hmac-md5 (-m hmac-md5) from the sender it works! The other 3 choices fail: hmac-sha1; hmac-md5-96; and none. I have no problem connecting to this openssh host (hobbes) from

Yo Andrew! What version of Openssh are you trying? RGDS GARY On Mon, 12 Jun 2000, Andrew McGill wrote: > Date: Mon, 12 Jun 2000 15:26:53 +0200 > From: Andrew McGill <andrewm at datrix.co.za> > To: djm at ibs.com.au > Cc: gem at rellim.com > Subject: Openssh on SCO Openserver Release 5 > > Hi there > > Your e-mail address appears in the README for openssh,

Hi, first sorry for cross-posting but I thought this patch might interest -CURRENT users as well as people concerned by security. I wrote a patch that integrates ProPolice/SSP into FreeBSD, one step further than it has been realized so far. It is available here : http://tataz.chchile.org/~tataz/FreeBSD/SSP/ Everything is explained on the web page, but I will repeat some informations here.

Yo All! Sorry if this is obvious but I am new to openssh. I have used the original ssh for a while and am familiar with it (and it's restrictive license). I am trying to port openssh-1.2.1pre24 on to SCO UnixWare 7.1.0. I will post the small patches when it is really running. Two problems, SCO has no /dev/random so I installed egd-0.6. It usually works but sometimes dies. I have sent

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 1.2.1pre25 is out. Please use a mirror: http://violet.ibs.com.au/openssh/files/MIRRORS.html The following mirrors already have it: ftp://ftp.localhost.ca/pub/openssh/files/ ftp://thermo.stat.ncsu.edu/pub/openssh/files/ http://www.firedrake.org/openssh/files/ Changes: - - "Corrupted check bytes on input" when using triple DES has been

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 1.2.1pre25 is out. Please use a mirror: http://violet.ibs.com.au/openssh/files/MIRRORS.html The following mirrors already have it: ftp://ftp.localhost.ca/pub/openssh/files/ ftp://thermo.stat.ncsu.edu/pub/openssh/files/ http://www.firedrake.org/openssh/files/ Changes: - - "Corrupted check bytes on input" when using triple DES has been

Yo All! openssh-SNAP-20010209.tar.gz fails to compile on Slackware. Patch at the end of this message. Here is the error: gcc -o sftp sftp.o sftp-client.o sftp-common.o sftp-int.o log-client.o -L. -Lopenbsd-compat/ -L/usr/local/ssl/lib -L/usr/local/ssl -lssh -lopenbsd-compat -lcrypt -lz -lnsl -lutil -lcrypto -lwrap openbsd-compat//libopenbsd-compat.a(bsd-arc4random.o): In function

Yo All! I was just looking at the "other" SSH for ideas. There is one thing in their install that would be nice. When they do a 'make install' they check to see if a host key already exists and if it does not they create one and install it. This sure makes life simple and should be simple to code in the Makefile. RGDS GARY