similar to: [patch] LOCKED_PASSWD_STRING for FreeBSD

Hi, first sorry for cross-posting but I thought this patch might interest -CURRENT users as well as people concerned by security. I wrote a patch that integrates ProPolice/SSP into FreeBSD, one step further than it has been realized so far. It is available here : http://tataz.chchile.org/~tataz/FreeBSD/SSP/ Everything is explained on the web page, but I will repeat some informations here.

Hi list, (Please Cc: me in your replies because I'm not subscribed to this list.) While trying to build lukemftpd staticaly on FreeBSD, I got a link-time error. Libssh.a indeed provides the "xmalloc" symbol (I suppose there are more). I wonder if this is whether intentional or not. It is a very common function name, and I think it would be worth renaming it to something like

Hi there, I'm still running 6.2 on various servers without any tweaks (GENERIC kernel, binary updates via freebsd-update etc.) but lots of ports (apache, postgresql, diablo-jdk etc.) and would like to use stack smashing protection in order to harden my boxes and avoid many potential exploits. I've known about ProPolice/SSP for a while now (from the Gentoo world) and am aware that

Hi, I am trying to setup ipsec tunnel between Freebsd (host1) and Linux (host2) systems.And I also interested in executing some ipsec test cases( Like TAHI conformance test suite) on the same connection. Please, suggest me some details regarding this setup and Specify any materials which can be obtained from from any locations(site).. I have enabled IPSec support for FreeBSD (4.11 Release) and

Hello. I once read somewhere that it's possible to limit SSH pubkeys to 'tunnel-only'. I can't seem to find any information about this in any of the usual places. I'm going to be deploying a few servers in a couple of days and I'd like them to log to a central server over an SSH tunnel (using syslog-ng) however I'd like to prevent actual logins (hence

----- Forwarded message from Damien Miller <djm@cvs.openbsd.org> ----- Subject: OpenSSH 4.0 released From: Damien Miller <djm@cvs.openbsd.org> Date: Wed, 9 Mar 2005 02:54:13 -0700 (MST) To: announce@openbsd.org X-Original-To: jeremie@le-hen.org Delivered-To: tataz@tataz.chchile.org X-Loop: announce@openbsd.org Precedence: list OpenSSH 4.0 has just been released. It will be available

Hello, I think there was already a thread on this. I just want to raise the question again if anyone has successfully booted an gdbe-encrypted filesystem (everything encrypted except the bootloader). The passphrase is entered at the bootloader prompt or embedded in the bootloader. I appreciate any tips. Thanks, - ronnel

hi I am trying to stop the application running in the VM from the host machine.....that means by typing some command in the host machine, (script or using some API''s or sending some signal to VM from the host), i want stop application running in the VM.......is there any way to do this.....if anybody know this please help me....... I want this because......I want to take VM consistent

Hello, I was playing around with geli an gbde after last EuroBSDCon. I liked the idea of encrypting my data which resides in /home/$user. Since this is a "single" user laptop i intended to encrypt the whole /home partition. Well no problems with that. But i wanted the lockfile or keyfile on a seperate usb disc. Which would be mounted or used during boot of the system. I also used

Hi folks, I think we need to update compat5x binary to fix FreeBSD-SA-05:21.openssl, but will the binaries built by ``make universe'' be identical with actual build on Alpha, Sparc64, etc? (Yes, I'm volunteering to do the work iff they are identical ;-) Cheers, -- Xin LI <delphij frontfree net> http://www.delphij.net/ See complete headers for GPG key and other information.

I just wanted to inform that there is new patch donated by Walter Karshat which implements packet overhead and MPU computations to the rate table. See diff for details on arguments. No tc binary available yet at I have to compile it on system with older glibc (not everyone use 2.3.2). ------------------------------- Martin Devera aka devik Linux kernel QoS/HTB maintainer

Hi list, I''m new to this list, I just subscribed because I have some ackward about IPRoute2. First, while playing with NetFilter'' "MARK" target, I met a weird behaviour once I tried to use this marks in the RPDB : the packets where successfully marked, but it seemed that RPDB didn''t succed in matching them (for those who already know the answer, I only used

Dear all, Maybe somebody can help me to understand my problem: Inside a R script, I try to export the graphic results of 'bwplot' in some jpeg files. The data source ('main') is a mix of numeric and factor values the "analysis_bwplot()" contains the loops (i and j) and calls the "analysis_var_var_bwplot()" method. "analysis_var_var_bwplot()" uses

Hello, I current have a FreeBSD 4.8 bridge firewall that sits between 7 servers and the internet. The servers are being attacked with syn floods and go down multiple times a day. The 7 servers belong to a client, who runs redhat. I am trying to find a way to do some kind of syn flood protection inside the firewall. Any suggestions would be greatly appreciated. -- Ryan James ryan@mac2.net

Hi all, ?Is there any app like denyhosts[1] but intended for MySQLd service? We have a mysql ports (3306) opened for remote connections, and obviously the /var/db/mysql/machine_name.log is full of these kind of entries: ........... 936012 Connect Access denied for user 'user'@'85.19.95.10' (using password: YES) 936013 Connect Access denied for user

Hello, I'm wondering about closing some information leaks in FreeBSD jails from the "outside world". Not that critical (depends on the application), but a simple user, with restricted devfs in the jail (devfsrules_jail for example from /etc/defaults/devfs.rules) can figure out the following: - network interfaces related data, via ifconfig, which contains everything, but the

I was wondering if there's any non-executable stack patch for FreeBSD's kernel. I searched in google but all I got was some questions in freebsd-security back from 2001 and an answer saying someone heard about a project like this, but no information at all. Is there any patch like PaX or Openwall available for FreeBSD? I dont want to discuss if its useless or not since there're a

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 I really do not agree with adding it to the base system. Just because you guys use sudo does not mean other people do. In fact many people do not have a use for sudo at all. Not every one gives out root accounts. You are only adding another utility In that can possibly be used to escalate privileges. Every time I secure a system I spend some time

This is possibly the dumbest question I have asked ever, but how do you set ACLs on files within a ZFS filesystem? Trying to use setfacl(1) diverts me to the acl(5) manpage; well, I know that I need to use NFSv4 style ACLs, but where is the utility to do so? This is on Solaris 10 Update 2. Thanks, Ceri -- That must be wonderful! I don''t understand it at all.

I just ran into what I'd describe as an unexpected side-effect. I don't think it's necessarily a bug, and I don't need any assistance in working around it, but this information might be useful to others for troubleshooting. This was using OpenSSH built under Solaris 2.5.1, and running under 2.5.1 or 8. The symptom was that after upgrading from 3.7.1p1 to 3.7.1p2, some accounts