similar to: About the FreeBSD Security Advisories

Hello, For some reason, I thought little about the "clear" command today.. Let's say a privileged user (root) logs on, edit a sensitive file (e.g, a file containing a password, running vipw, etc) .. then runs clear and logout. Then anyone can press the scroll-lock command, scroll back up and read the sensitive information.. Isn't "clear" ment to clear the

Hi, First of all, I know that not dropping SYN/FIN isn't really a big deal, it just makes no sense. But since it doesn't make any sense, I don't see the reason why not to discard them. I'm running pf on FreeBSD 5.4-RELEASE-p3 and I scrub any traffic. I've read some other posts on google and as far as I can tell, clearly invalid packets (like packets with SYN/RST set) is

Heya.. By reading my /usr/local/etc/apache2/httpd.conf, I can find out that my Apache is running as the user "www" and the group "www" .. Yet, when I run sockstat, it tells me one of the forks are runned as root and listening on port 80 as well as the other forks are runned by www:www.. If I got a lot of users connecting to my server on port 80, will thier requests ever be

Heya.. Yesterday someone "attacked" by box by connection to several ports.. In other words, a simple portscan.. yet, since my box has "log_in_vain" enabled, so it tries to log everything to /var/log/messages, since the logfile got full and the size went over 100K, it tried to rotate the log to save diskspace. (Apr 16 21:00:00 omikron newsyslog[32137]: logfile turned over due

Hello.. I've asked this question before without getting any further help really.. When a new user is added using "adduser" on 5.x (havn't really checked if it's the same under 4.x or not), the default homedir permission is 755 (drwxr-xr-x) which to me, looks a bit insecure? It's of course pretty easy to solve it by a simple chmod, but yet, isn't there anyway to

Dear list, A few days ago one of my machines were attacked by a DDoS-attack using UDP on random ports.. When I later on analyzed the logs, I found this in my dmesg: xl0: initialization of the rx ring failed (55) xl0: initialization of the rx ring failed (55) xl0: initialization of the rx ring failed (55) I tried to find out on google what it ment, but without any luck. What does that mean and

Dear list, About a week ago, right after 5.4-RELEASE was released, I received a mail from Gentoo Linux's security announcement list about a flaw in tcpdump and gzip. Since none of them are operating system related, I assumed a -p1 and -p2 of the 5.4-RELEASE. Instead, we got a patch for the HTT security issue so I wonder, is the FreeBSD version of tcpdump and/or gzip are secured or simply

Hello List! We're having trouble making call deflection on ISDN PRI. We would like to transfer a call to an external extension but keeping the callerid of the caller so it can be presented to the receiver of the transferred call. At the time we're using Zaptel 1.4.5.1, Asterisk 1.4.11 and Digium hardware TE420B. We've ordered the service (CD) from the phone company. The

https://bugzilla.mindrot.org/show_bug.cgi?id=3147 Bug ID: 3147 Summary: Confusing error message when the public key is missing. Product: Portable OpenSSH Version: -current Hardware: All OS: OpenBSD Status: NEW Severity: trivial Priority: P5 Component: ssh

Hello. Dont know is this list right for this topic, but dont know witch one is. So I got 6.3-STABLE-200807-amd64-disc1.iso I have installed it cd /usr/ports/net/cvsup-without-gui/ make install make clean #cvsup some-stable-sup-file Connected to cvsup.xxxxxx.ru Bus error (core dumped) I cant get fresh src and ports trees and cant compile fresh 6.X-stable system with athlon64 optimization. :(

Heya folks First of all, sorry if this isn't the correct list, but yet, I think spam is a kind of network attack and should be treated as a security issue.. I run a working mail server using Postfix, MySQL, Courier-IMAP, SpamAssassin and ClamAV (amavisd-new) .. I've checked the configuration file for SpamAssassin, but yet I havn't find any good solution for spam.. Sure, spam will

I'm just getting into regular use with cvsup (way over do on that one), and I tried to specify a tag=. in the cvsup file. Here's the file: # This file specifies src files are to be uploaded. *default host=cvsup2.FreeBSD.org # *default tag=RELENG_5_1_0_RELEASE *default tag=. *default prefix=/usr *default release=cvs delete use-rel-suffix compress *default base=/usr/local/etc/cvsup

At 12:44 AM 9/12/2003 -0400, Adam Weinberger wrote: >New categories are added slowly to the cvsup category lists. It's best >to cvsup using ports-all, and add the directories you don't want (such >as languages: "ports/french*" etc.) to the refuse file. How is having a refuse file slowing down CVSup down best? The fact is a category does not appear often and for those

I couldn't compile any thing after upgrading 4.6.2 to 4.8 via cvsup I also updated ports via cvsup And nothing would compile, nothing, just error after error I cd /usr/ports did a -"make clean"- (which takes over an hour on my machine) Now all my compile problems have gone away I think I will cd to /usr/ports after doing anything with cvsup or any install, just in case or am I

Hello, freebsd-security. I'm trying to build 4.8-RELEASE-p7 to distribute it trought my clients. What am I doing: #cd /usr/share/examples/cvsup #cvsup standard-supfile (after I've done necessary changes) #cd /usr/src #make buildworld Thus, I have /usr/obj "populated with the output of ``make buildworld''" as it described in man 7 release. Then, I have read

Hi. I am looking for an IPv6 capable CVSUP mirror. I found a discussion from one year ago where it was stated that CVSUP was not IPv6-capable. Does anyone know if this has changed? Sam -- Samuel Tardieu -- sam@rfc1149.net -- http://www.rfc1149.net/sam

Hello, I am very new to FreeBSD and just installed 4.8 release. I want to upgrade this to stable. I have printed some of the pages out for makeworld and CVSUP, I am wondering what the best method for doing the updates are, downloading the individual packages and installing or using the CVSUP to do this? Currently I used mostly Red Hat Linux but have wanted to give this a try for some time

CVSup is slow, insecure, and a memory hog. However, until now it's been the only option for keeping an up-to-date ports tree, and (thanks to all of the recent work on vuxml and portaudit) it has become quite obvious that keeping an up-to-date ports tree is very important. To provide a secure, lightweight, and fast alternative to CVSup, I've written portsnap. As the name suggests, this

Greetings, A fresh install of 7 followed by a cvsup to 7.2-PRE on the 26th results in an inability to build Xorg on the system. A cvsup only an hour ago provides no solution. An attempt at the following: cd /usr/ports/x11/xorg-minimal make produces the following error: ... checking pkg-config files for X11 are available... yes checking for LIBDRM... yes checking for DRI2PROTO... yes checking

Hello Mike, i got these error when i`m tried to cvsup my box (4.7 STABLE) to 4.8, these error showed up in the make buildworld step, at stage 4: populating /usr/obj/usr/src/i386/usr/include. and this is my supfile: *default host=cvsup12.FreeBSD.org *default base=/usr/local/etc/cvsup *default prefix=/usr *default release=cvs *default tag=RELENG_4 *default delete use-rel-suffix *default