similar to: Request for freebsd-update

Hi. Any chance of getting a binary distribution compiled with "options MAC"? I seem to remember some talk of enabling MAC by default in late 2005 but I'm not sure it went anywhere. cheers, MC

Hi. This is mostly hypothetical, just because I want to see how knowledgeable people would go about achieving it: I want to sandbox Mozilla Firefox. For the sake of example, I'm running it under my own user account. The idea is that it should be allowed to connect to the X server, it should be allowed to write to ~/.mozilla and /tmp. I expect some configurations would want access to audio

Hello. Has anyone here ever successfully set up a jail for X apps, connecting to an external X server? I'm trying an experimental sandbox setup here. I have a jail running on an aliased IP on my local machine and X programs connect out of the jail to my local X server via an SSH tunneled TCP connection. All other packets to and from the jail are denied by the packet filter. The trouble I am

Greetings, Peter and the Security Officers team, There is a minor security vulnerability in cvs prior 1.11.10, as described in CAN-2003-0977: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0977 On December 10th, 2003, itojun has imported cvs 1.11.10 into NetBSD, as the follows: http://mail-index.netbsd.org/source-changes/2003/12/10/0025.html

In response to popular demand, I am now providing both GENERIC and SMP kernels via FreeBSD Update to people running FreeBSD 5.3. To take advantage of this on your FreeBSD 5.3 (and only 5.3!) SMP system, run the following commands as root: # touch /boot/kernel/SMP # freebsd-update fetch (this should mention downloading a new /boot/kernel/SMP file) # freebsd-update install (likewise, this should

> Date: Sat, 29 Oct 2005 07:34:28 -0700 > From: Colin Percival <cperciva@freebsd.org> > Subject: Re: Is the server portion of freebsd-update open source? > To: markzero <mark@darklogik.org> > Cc: freebsd-security@freebsd.org > Message-ID: <43638874.2020004@freebsd.org> > Content-Type: text/plain; charset=ISO-8859-1 > > markzero wrote: > > No this

I want only to ignore the arp request for alias ip ,at the same time I don't want disable the arp function of the interface ? How do ? thanks! --------------------------------- DO YOU YAHOO!? ÑÅ»¢Ãâ·ÑGÓÊÏ䣭ÖйúµÚÒ»¾øÎÞÀ¬»øÓʼþɧÈų¬´óÓÊÏä From vova at fbsd.ru Fri Jul 1 13:12:10 2005 From: vova at fbsd.ru (Vladimir Grebenschikov) Date: Fri Jul 1 13:12:12 2005 Subject: how to ignore

I'd like to request information about the FreeBSD native firewall software Does the firewall attends to the security certification at International Computer Security Association (ICSA Labs Firewall Certification Program) Labs or Trust Technology Assessment Program (TTAP) or similar programs? Thanks for your attention Fernando Castro fcastro@smsweb.com.br

Of course, I wanted to say not OPTION but CHOICE :-) Peter Rosa ----- Original Message ----- From: "Peter Rosa" <prosa@pro.sk> To: <matthew@starbreaker.net> Cc: "FreeBSD Questions" <freebsd-questions@freebsd.org> Sent: Saturday, July 26, 2003 7:33 PM Subject: Re: suid bit files and securing FreeBSD > Hello Matthew, > > thank you very much.

freebsd-security-request@freebsd.org wrote: > Send freebsd-security mailing list submissions to > freebsd-security@freebsd.org > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.freebsd.org/mailman/listinfo/freebsd-security > or, via email, send a message with subject or body 'help' to > freebsd-security-request@freebsd.org > > You

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-08:07.amd64 Security Advisory The FreeBSD Project Topic: amd64 swapgs local privilege escalation Category: core Module: sys_amd64_amd64

It sounds like the SMP kernel I provided for FreeBSD 5.3 was quite popular, so I've started building an SMP kernel for FreeBSD 5.4 as well, in addition to the usual GENERIC kernel. To take advantage of this on your FreeBSD 5.4 SMP system, run the following commands as root: # touch /boot/kernel/SMP # freebsd-update fetch # freebsd-update install # echo 'bootfile="SMP"'

Hello. I have been investigating a 'secure' Firefox solution. The cache, history and other files are kept on an encrypted slice and swap is encrypted also. The problem I am having is that I know the shell commands required to unmount /tmp, create providers with GELI with one-time keys, remount /tmp, activate swap etc. but I don't know the correct way to get this done automatically on

Hi, while testing racoon on Linux (based on the ported ipsec-tools) the following issue appeared: Racoon did not verify the RSA Signatures during Phase 1 in either main or aggressive mode. Authentication was possible using a correct certificate and a wrong private key. I have verified the below problem using racoon-20030711 on FreeBSD 4.9. I will test it using the SNAP Kit but suspect it to be

Hi, sorry for cross-mailing. Reply-to: set to freebsd-net. I have seen some discussion on freebsd-security etc. about some parts of the subject. I have seen older messages in archives. Regularly the same questions seem to come up. I have not found an all-including description of the answer to s.th. like: "Can anybody tell me the order packets get processed in kernel related to IPSec,

On Mon, 21 Jun 2004, Vladimir Merzliakov wrote: > Is it ok sending this results for FreeBSD5.1 at daily/weekly based to this > mail list? A better list for it would be the llvmbugs list for now. I beginning to think that we need a new test results mailing list. We have 3 instances of the nightly tester going now (x86/linux, sparc, ppc) and may have more in the future. The nightly tester

Umm. First of all, I *AM* a member of this list, unless someone else unsubcribed me. If so, please put me back on. I've gone through my archives and I am very clearly subscribed to the list. The monthly freebsd.org mailing list memberships reminder tells me I am. List Password // URL ---- --------

This message was sent to bugtraq today: While playing around with FreeBSD 5.4 and jailing I discovered that it was possible to put an ethernet interface into promiscious mode from within the jailed environment, allowing a packetsniffer to gather data not meant for the jailed box. This also affects FreeBSD 5.3 (tested) but not FreeBSD 4.x This can be reproduced on boxes where BPF support is

> Subject: Re: [FreeBSD-Announce] FreeBSD Security Advisory > FreeBSD-SA-07:04.file > Date: Thu, 24 May 2007 15:37:36 +0200 > From: Dag-Erling Sm?rgrav <des@des.no> > To: Brian A. Seklecki <bseklecki@collaborativefusion.com> > CC: FreeBSD Security Advisories <security-advisories@freebsd.org>, > freebsd-security@freebsd.org > References:

Hello Just a little reminder that the FreeBSD Security list only has the address freebsd-security@FreeBSD.org, and not security@FreeBSD.org. The address security@FreeBSD.org is for the FreeBSD Security Team. If anyone is interested in the reason for this, see this thread from last year: http://docs.freebsd.org/cgi/mid.cgi?20040407154220.GA5651 . -- Simon L. Nielsen FreeBSD Security Team