Root exploit for FreeBSD
Anton Shterenlikht
FreeBSD isn't much used within the University (I understand) and has a
(comparatively) poor security record. Most recently, for example:
http://www.h-online.com/security/news/item/Root-exploit-for-FreeBSD-873352.html
--
Anton Shterenlikht
Room 2.6, Queen's Building
Mech Eng Dept
Bristol University
University Walk, Bristol BS8 1TR, UK
Tel: +44 (0)117 331 5944
Fax: +44 (0)117 929 4423
_______________________________________________
freebsd...@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-curre...@freebsd.org"
Kamigishi Rei
> > From my information security manager:
>
> FreeBSD isn't much used within the University (I understand) and has a
> (comparatively) poor security record. Most recently, for example:
>
> http://www.h-online.com/security/news/item/Root-exploit-for-FreeBSD-873352.html
>
>
--
Kamigishi Rei
KREI-RIPE
Bill Moran
> >From my information security manager:
>
> FreeBSD isn't much used within the University (I understand) and has a
> (comparatively) poor security record. Most recently, for example:
>
> http://www.h-online.com/security/news/item/Root-exploit-for-FreeBSD-873352.html
Are you trying to make your infosec guy look like an idiot? Does he
realize that FreeBSD has a grand total of 16 security problems for all
of 2009? Hell, Microsoft has that many in an average month.
If he can find something (other than OpenBSD) with a better record than
that, I'd love to hear about it.
--
Bill Moran
http://www.potentialtech.com
http://people.collaborativefusion.com/~wmoran/
Michael Butler
>>From my information security manager:
>
> FreeBSD isn't much used within the University (I understand) and has a
> (comparatively) poor security record. Most recently, for example:
>
> http://www.h-online.com/security/news/item/Root-exploit-for-FreeBSD-873352.html
Without wanting to get into any "flame wars", I will only say this ..
I find this kind of unsubstantiated speculation extremely disappointing.
It speaks not only to an apparent lack of knowledge about FreeBSD but
also about any alternative operating system.
Subject closed,
imb
Mike Tancsa
> >From my information security manager:
>
> FreeBSD isn't much used within the University (I
> understand) and has a
> (comparatively) poor security record. Most recently, for example:
>
>
>http://www.h-online.com/security/news/item/Root-exploit-for-FreeBSD-873352.html
>
Some say... world flat... some say roundish. There are lots of
opinions to choose from. It would be nice to see an actual properly
designed study quoted... or even some raw data referenced. and I am
not talking about something vendor sponsored that examines such track records.
In the case of the above mentioned zero day exploit someone posted, I
think FreeBSD did a GREAT job at getting a fast unofficial patch out
and then 2 days later an official advisory and patch out. Take a
look at their actual track record at http://www.freebsd.org/security
and judge for yourself based on that. Note, a good chunk of whats
there is common across multiple operating systems (e.g ntpd, BIND, openssl etc)
There are lots of reasons why someone might use or not use FreeBSD.
In my _opinion_, a "poor security record" is not one of them... But
judge for yourself based on their actual track record.
---Mike
--------------------------------------------------------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mi...@sentex.net
Providing Internet since 1994 www.sentex.net
Cambridge, Ontario Canada www.sentex.net/mike
Steve Bertrand
> In response to Anton Shterenlikht <me...@bristol.ac.uk>:
>
>> >From my information security manager:
>>
>> FreeBSD isn't much used within the University (I understand) and has a
>> (comparatively) poor security record. Most recently, for example:
>>
>> http://www.h-online.com/security/news/item/Root-exploit-for-FreeBSD-873352.html
>
> Are you trying to make your infosec guy look like an idiot?
He doesn't really have to _try_, does he?
I have always thought that an infosec person should *know* what they
have running within their own network, and furthermore, gather his
comparative analysis from somewhere other than the
dept-of-some-guys-blog. Perhaps these are not the job requirements of a
security person.
Steve
Dag-Erling Smørgrav
> From my information security manager:
>
> FreeBSD isn't much used within the University (I understand) and has a
> (comparatively) poor security record. Most recently, for
> example:
"comparatively", compared to what? Windows? Linux? We beat them both
into the ground. He is speaking from ignorance.
DES
--
Dag-Erling Smørgrav - d...@des.no
joe
Anton Shterenlikht wrote:
>>From my information security manager:
>
> FreeBSD isn't much used within the University (I understand) and has a
> (comparatively) poor security record. Most recently, for example:
>
> http://www.h-online.com/security/news/item/Root-exploit-for-FreeBSD-873352.html
>
>
>
>
>
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Kevin Wilcox
> >From my information security manager:
>
> FreeBSD isn't much used within the University (I understand) and has a
> (comparatively) poor security record. Most recently, for example:
>
> http://www.h-online.com/security/news/item/Root-exploit-for-FreeBSD-873352.html
Wow.
Just...wow.
FreeBSD's security record, the rate at which fixes occur, the ports
system and the overall sanity of the environment is *precisely* why we
have been migrating from RHEL to FreeBSD at my University (I'm
employed by the University, not a student).
I would be quite curious as to which operating system is serving as
the baseline for this comparison. I would also be quite curious as to
whether the manager making said statement is responsible for central
IT services or is locked into providing services by a particular
vendor.
kmw
--
Beware the leader who bangs the drums of war in order to whip the
citizenry into a patriotic fervor, for patriotism is indeed a
double-edged sword. It both emboldens the blood, just as it narrows
the mind. And when the drums of war have reached a fever pitch and the
blood boils with hate and the mind has closed, the leader will have no
need in seizing the rights of the citizenry. Rather, the citizenry,
infused with fear and blinded by patriotism, will offer up all of
their rights unto the leader and gladly so - Unattributed, post 9/11
Julian Elischer
>>From my information security manager:
>
> FreeBSD isn't much used within the University (I understand) and has a
> (comparatively) poor security record. Most recently, for example:
>
> http://www.h-online.com/security/news/item/Root-exploit-for-FreeBSD-873352.html
yeah we know, but really, quoting security as a reason not to use it
is a bit like quoting flat tyres (British spelling to those USA'ns
reading) as a reason to not buy a Jag. Every OS has them and in fact
we are better than many.
Anton Shterenlikht
> In response to Anton Shterenlikht <me...@bristol.ac.uk>:
>
> > >From my information security manager:
> >
> > FreeBSD isn't much used within the University (I understand) and has a
> > (comparatively) poor security record. Most recently, for example:
> >
> > http://www.h-online.com/security/news/item/Root-exploit-for-FreeBSD-873352.html
>
> Are you trying to make your infosec guy look like an idiot? Does he
> realize that FreeBSD has a grand total of 16 security problems for all
> of 2009? Hell, Microsoft has that many in an average month.
>
> If he can find something (other than OpenBSD) with a better record than
> that, I'd love to hear about it.
I was just stressed after being forced by him
to explain why I wanted firewall exceptions
for two ports to my FreeBSD portscluster nodes.
I explained the reasons and that was settled.
I wouldn't be surprised if I'm the sole fbsd user
at my Uni. The situation with computing is not
great and getting worse.
The Uni is, of course,
addicted to Microsoft, but having realised all
the problems with that, lately the policy has
been to deny (!) MS users admin access to their
own desktops. The situation is just ridiculous -
if a MS user wants to install a piece of software
on their PC he/she has to ask for permission,
and then wait until some computer officer would
come and do install for them.
Also recently, well.. about a year ago, no
host (!) could be accessed from outside the
Uni firewall. Special exception has to be
obtained even for ssh. There is only one dedicated
sun server which accepts only ssh. The users
are supposed to dial to this frontend server
first, and from there to hosts on the local net.
Honestly, the situation is so bad that I
sometimes wonder - perhaps it's me who is mad.
It seems IT services look at anybody who
wants to escape MS with suspicion at best.
I had to fight a long battle, well.. I had
some support from other academics, to have
a linux class in my Faculty. Here the
opposition wasn't so much security, as
"why would any undegraduate need linux",
as if MS solutions are a pinnacle of human thought.
And from I understand it's going to get worse.
Apparently the IT services are drawing up
plans to completely forbid use of "non-autorized"
OS. I imagine fbsd will not be authorized.
So I'm anticipating another battle already.
Perhaps I should start putting together
some statistics to make my case more forcefully.
many thanks for your support, as always
--
Anton Shterenlikht
Room 2.6, Queen's Building
Mech Eng Dept
Bristol University
University Walk, Bristol BS8 1TR, UK
Tel: +44 (0)117 331 5944
Fax: +44 (0)117 929 4423
Svein Skogen (Listmail Account)
Hash: SHA1
Chargen wrote:
> On Thu, Dec 10, 2009 at 5:21 PM, Anton Shterenlikht <me...@bristol.ac.uk> wrote:
>> On Thu, Dec 10, 2009 at 09:51:22AM -0500, Bill Moran wrote:
>>> In response to Anton Shterenlikht <me...@bristol.ac.uk>:
>
>> I had to fight a long battle, well.. I had
>> some support from other academics, to have
>> a linux class in my Faculty. Here the
>> opposition wasn't so much security, as
>> "why would any undegraduate need linux",
>> as if MS solutions are a pinnacle of human thought.
>
> This is getting so funny..
>
> Next topic please.
>
> Peace.
What bothers me is that some of these worshipers (be that demon,
penguin, apple, or windows) simple cannot fathom the old "right tool for
the right job" saying...
//Svein
- --
- --------+-------------------+-------------------------------
/"\ |Svein Skogen | sv...@d80.iso100.no
\ / |Solberg �stli 9 | PGP Key: 0xE5E76831
X |2020 Skedsmokorset | sv...@jernhuset.no
/ \ |Norway | PGP Key: 0xCE96CE13
| | sv...@stillbilde.net
ascii | | PGP Key: 0x58CD33B6
ribbon |System Admin | svein-l...@stillbilde.net
Campaign|stillbilde.net | PGP Key: 0x22D494A4
+-------------------+-------------------------------
|msn messenger: | Mobile Phone: +47 907 03 575
|sv...@jernhuset.no | RIPE handle: SS16503-RIPE
- --------+-------------------+-------------------------------
If you really are in a hurry, mail me at
svein-...@stillbilde.net
This mailbox goes directly to my cellphone and is checked
even when I'm not in front of my computer.
- ------------------------------------------------------------
Picture Gallery:
https://gallery.stillbilde.net/v/svein/
- ------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkshKgUACgkQODUnwSLUlKQepACgkDgvRoCEbJvrRbfkCa3YrF9P
c/IAoKNxVaAcoVn/cEYUg0yIJgf6k+ek
=oGMp
-----END PGP SIGNATURE-----
Paul Schmehl
<me...@bristol.ac.uk> wrote:
>
>> From my information security manager:
>
> FreeBSD isn't much used within the University (I understand) and has a
> (comparatively) poor security record. Most recently, for example:
>
>
> http://www.h-online.com/security/news/item/Root-exploit-for-FreeBSD-873352.ht
> ml
>
Please pass this to your information security manager:
>From one information security manager to another, you're an idiot.
--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
*******************************************
"It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead." Thomas Jefferson
Jason
On Thu, Dec 10, 2009 at 11:05:16AM -0600, Paul Schmehl thus spake:
>--On Thursday, December 10, 2009 08:41:41 -0600 Anton Shterenlikht
><me...@bristol.ac.uk> wrote:
>
>>
>>> From my information security manager:
>>
>> FreeBSD isn't much used within the University (I understand) and has a
>> (comparatively) poor security record. Most recently, for example:
>>
>>
>> http://www.h-online.com/security/news/item/Root-exploit-for-FreeBSD-873352.ht
>> ml
>>
>
>Please pass this to your information security manager:
>
>>From one information security manager to another, you're an idiot.
>
>--
>Paul Schmehl, Senior Infosec Analyst
>As if it wasn't already obvious, my opinions
>are my own and not those of my employer.
>*******************************************
>"It is as useless to argue with those who have
>renounced the use of reason as to administer
>medication to the dead." Thomas Jefferson
>
>_______________________________________________
>freebsd-...@freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>To unsubscribe, send any mail to "freebsd-questi...@freebsd.org"
>
--
i am a mutthead
Julian H. Stacey
> preserve my sanity.
A tip for those threatened with no BSD box at work:
FreeBSD runs fine _inside_ a box that looks like a multi sheet scanner.
OK, slow, but invisible to managers who require MS only.
These scanners often lie abandoned in company junk rooms (& cheap
on web), as people know they used to need MS's abandoned NT (= Not
There) operating system. Well they do ... until one installs BSD.
Credit to David M. who did the FreeBSD work. Pictures of hardware
to look for in junk rooms: http://www.berklix.com/scanjet/
Cheers,
Julian
--
Julian Stacey: BSD Unix Linux C Sys Eng Consultants Munich http://berklix.com
Mail plain text not quoted-printable, HTML or Base64: http://asciiribbon.org
J Sisson
> Perhaps I should start putting together
> some statistics to make my case more forcefully.
>
I fought the same battle at the Univ. I attended (as a student). They were
an M$ shop as well and had issues with me running OpenBSD. I stuck to it
and finally got a "straight" answer from the Dean of CS: "I don't know
anything about OpenBSD...please just use Windows and be like everyone
else!".
Odd, I thought that one role of higher education is to teach critical
thinking, which by definition means disagreements will (and should!) occur.
Apparently I was wrong.
I later took a independent study at the same Univ. I wanted to compare
security records for various OS's (FreeBSD and OpenBSD being listed in
there). This was rejected in favor of me doing security research for
Windows...so I wrote a program to demonstrate why Admins shouldn't blindly
trust even system code (Windows Server 2003...stuff like netstat and task
manager) and demonstrated that to the graduate level network security class
(I was an undergrad at the time). I completely gave up when the grad
students followed suit with the dean and tried arguing with me that my code
was "hacked together specifically to exhibit the behavior I was trying to
demonstrate"...as if it wasn't *real* and it couldn't be used to a malicious
user's advantage.
I guess it doesn't exist in the security world (according to the previously
mentioned grad students) if it's not "mainstream thinking"...I feel sorry
for the companies that depend on those idiots for security.
If they've bought into M$ FUD, no amount of statistics/code/demonstrations
will help. I'd skip the statistics in favor of putting together a resume.
Kevin Wilcox
> I was just stressed after being forced by him
> to explain why I wanted firewall exceptions
> for two ports to my FreeBSD portscluster nodes.
> I explained the reasons and that was settled.
Anton, I don't know about the UK, Great Britain or England, but in US
Universities, this is fairly common. It just serves as a sanity check
for the many, many requests central IT tends to get regarding allowing
ingress traffic for faculty/staff machines, and it gives the firewall
guys documentation that such-and-such machine should be receiving
inbound traffic on specific ports.
> The Uni is, of course,
> addicted to Microsoft, but having realised all
> the problems with that, lately the policy has
> been to deny (!) MS users admin access to their
> own desktops. The situation is just ridiculous -
> if a MS user wants to install a piece of software
> on their PC he/she has to ask for permission,
> and then wait until some computer officer would
> come and do install for them.
Again, I don't know about the UK, Great Britain or England, but in the
US this is also quite common, at least with regards to University
owned hardware. The first responsibility is to protect the network and
existing services. Sadly, many groups fail to provide the next step,
that being a relatively quick, easy way to have approved software
installed for users, and a method for having non-approved software
scrutinised and either approved or rejected.
> Also recently, well.. about a year ago, no
> host (!) could be accessed from outside the
> Uni firewall. Special exception has to be
> obtained even for ssh. There is only one dedicated
> sun server which accepts only ssh. The users
> are supposed to dial to this frontend server
> first, and from there to hosts on the local net.
Again, quite common. Most Universities here do not provide
public-facing IP addresses without some sort of application and
approval process. For example, we have a handful of machines that are
public facing but most of our hardware sits inside site-only networks.
To access those machines you either have to be on-campus or you have
to connect via VPN (and yes, we support Windows, Mac, Linux, Solaris,
*BSD).
Having an SSH proxy isn't an entirely bad idea, though I can see where
performance may be hindered.
> I had to fight a long battle, well.. I had
> some support from other academics, to have
> a linux class in my Faculty. Here the
> opposition wasn't so much security, as
> "why would any undegraduate need linux",
> as if MS solutions are a pinnacle of human thought.
That's a pretty fair question and one that I hope you would have asked
yourself before you made the push for the class.
> And from I understand it's going to get worse.
> Apparently the IT services are drawing up
> plans to completely forbid use of "non-autorized"
> OS. I imagine fbsd will not be authorized.
> So I'm anticipating another battle already.
Does this extend to computers used for academic research, student
owned computers being used on campus, etc?
Perhaps it's because we're conditioned to think this way but a lot of
us at universities in the US see a lot of this as being commonplace
and to *not* do them is generally considered bad security practice.
kmw
--
Beware the leader who bangs the drums of war in order to whip the
citizenry into a patriotic fervor, for patriotism is indeed a
double-edged sword. It both emboldens the blood, just as it narrows
the mind. And when the drums of war have reached a fever pitch and the
blood boils with hate and the mind has closed, the leader will have no
need in seizing the rights of the citizenry. Rather, the citizenry,
infused with fear and blinded by patriotism, will offer up all of
their rights unto the leader and gladly so - Unattributed, post 9/11
Daniel Braniss
>
> FreeBSD isn't much used within the University (I understand)
I sometimes wonder the validity of such statements, since
we use it on 99% of our servers, the work-stations run Linux.
Then again, we are concidered a more theoretical than practical school :-)
and has a
> (comparatively) poor security record. Most recently, for example:
>
> http://www.h-online.com/security/news/item/Root-exploit-for-FreeBSD-873352.html
as many have explained, connecting a computer to the network has its risks,
and FreeBSD has a great security record.
my 2c.
danny
--
Daniel Braniss e-mail: da...@cs.huji.ac.il
Manager of Computing Facilities
The Selim and Rachel Benin School of phone: +972 2 658 4385
Engineering and Computer Science Fax: +972 2 561 7723
The Hebrew University of Jerusalem
Edmond Safra Campus, Givat Ram, Israel
Matthew Seaman
> On Fri, 11 Dec 2009 01:42:36 -0600, "Sam Fourman Jr." <sfou...@gmail.com> wrote:
>> I have tried looking around and OpenBSD appears to be the undisputed
>> #1 track record in terms of security and FreeBSD is #2 (I didn't count
>> dragonflyBSD)
>
> VMS would be #0, then? :-)
I dunno. Haven't seen many MS-DOS exploits recently either...
Matthew
--
Dr Matthew J Seaman MA, D.Phil. Flat 3
7 Priory Courtyard
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW, UK
Anton Shterenlikht
>
> I'm starting to wonder if the security manager really said what Anton
> claims he said, or Anton is filtering his perceptions through the anger he
> feels at being restricted in his ability to operate freely. If the latter
> is the case, you'd better adjust to it. It's the world of the future.
> You can do whatever you want at home, but on the corporate network you
> either follow the rules or lose your access.
yes, he did, I can forward you our communication off list if you wish.
--
Anton Shterenlikht
Room 2.6, Queen's Building
Mech Eng Dept
Bristol University
University Walk, Bristol BS8 1TR, UK
Tel: +44 (0)117 331 5944
Fax: +44 (0)117 929 4423
$witch
<me...@bristol.ac.uk> wrote:
>> From my information security manager:
>
> FreeBSD isn't much used within the University (I understand) and has a
> (comparatively) poor security record. ......
>
>
Hi,
almost all of you remark how FreeBSD is more-secure-than-others-OS, will
add nothing to varius comments.
but i look in syslogs of some FreeBSD internet server and there is a great
evidence that some "botnets" are (again) tryng simple combination of
uid/pwd.
starting from Dec 8 01:00:34 (CET) hundreds of zombies are looking for a
valid username.
it mean that most of the matter is our; the FreeBSD users.
we are the only ones that will (or will not) patch the systems;
i love the FreeBSD security while it is MOSTLY based on KNOWLEDGE of users
than on a PERFECT code.
cheers
Alessandro
--
"If 386BSD had been available when I started on Linux, Linux would
probably never had happened." Linus Torvalds
Polytropon
> starting from Dec 8 01:00:34 (CET) hundreds of zombies are looking for a
> valid username.
For example "Administrator"... :-)
> i love the FreeBSD security while it is MOSTLY based on KNOWLEDGE of users
> than on a PERFECT code.
Security is not a state, it's a process, involving many
considerations; "the user" is one of the most important
ones. Even "perfectly secure" code can't cope with human
stupidity.
--
Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...
Dag-Erling Smørgrav
> but i look in syslogs of some FreeBSD internet server and there is a
> great evidence that some "botnets" are (again) tryng simple
> combination of uid/pwd.
>
> starting from Dec 8 01:00:34 (CET) hundreds of zombies are looking
> for a valid username.
Starting from Dec 8? This has been going on for years, and it is not
targeted at FreeBSD; they attack anything that runs an SSH server. Of
course, on current OpenSSH versions, it will get them nowhere, because
there is no partial confirmation, so they have to guess at the user
*and* the password, instead of first searching for an existing user and
*then* guessing at the password.
(on certain OSes - but not FreeBSD - running certain older OpenSSH
versions, you could figure out if the user existed, even if you didn't
have thee right password)
DES
--
Dag-Erling Smørgrav - d...@des.no
Svein Skogen (Listmail Account)
Hash: SHA1
Dag-Erling Smørgrav wrote:
> $witch <a.spi...@rfc1925.net> writes:
>> but i look in syslogs of some FreeBSD internet server and there is a
>> great evidence that some "botnets" are (again) tryng simple
>> combination of uid/pwd.
>>
>> starting from Dec 8 01:00:34 (CET) hundreds of zombies are looking
>> for a valid username.
>
> Starting from Dec 8? This has been going on for years, and it is not
> targeted at FreeBSD; they attack anything that runs an SSH server. Of
> course, on current OpenSSH versions, it will get them nowhere, because
> there is no partial confirmation, so they have to guess at the user
> *and* the password, instead of first searching for an existing user and
> *then* guessing at the password.
>
> (on certain OSes - but not FreeBSD - running certain older OpenSSH
> versions, you could figure out if the user existed, even if you didn't
> have thee right password)
The easiest way of brute-forcing access to a FreeBSD server includes
locating the sysadmin and applying the common desk drawer. It's that simple.
//Svein
- --
- --------+-------------------+-------------------------------
/"\ |Svein Skogen | sv...@d80.iso100.no
\ / |Solberg Østli 9 | PGP Key: 0xE5E76831
X |2020 Skedsmokorset | sv...@jernhuset.no
/ \ |Norway | PGP Key: 0xCE96CE13
| | sv...@stillbilde.net
ascii | | PGP Key: 0x58CD33B6
ribbon |System Admin | svein-l...@stillbilde.net
Campaign|stillbilde.net | PGP Key: 0x22D494A4
+-------------------+-------------------------------
|msn messenger: | Mobile Phone: +47 907 03 575
|sv...@jernhuset.no | RIPE handle: SS16503-RIPE
- --------+-------------------+-------------------------------
If you really are in a hurry, mail me at
svein-...@stillbilde.net
This mailbox goes directly to my cellphone and is checked
even when I'm not in front of my computer.
- ------------------------------------------------------------
Picture Gallery:
https://gallery.stillbilde.net/v/svein/
- ------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAksiUHcACgkQODUnwSLUlKT/MwCfdWQsuwr8EIOkJOJsrXFTmTAY
KroAn0pGiF4vbGgcfQqp6IwVULGqYcQk
=7Qj5
-----END PGP SIGNATURE-----
Dag-Erling Smørgrav
> The easiest way of brute-forcing access to a FreeBSD server includes
> locating the sysadmin and applying the common desk drawer. It's that
> simple.
*laugh*
I thought you were more of a baseball bat kind of guy :)
DES
--
Dag-Erling Smørgrav - d...@des.no
Stacey Son
On Dec 10, 2009, at 8:41 AM, Anton Shterenlikht wrote:
>> From my information security manager:
>
> FreeBSD isn't much used within the University (I understand) and has a
> (comparatively) poor security record. Most recently, for example:
>
> http://www.h-online.com/security/news/item/Root-exploit-for-FreeBSD-873352.html
From http://www.serverwatch.com/eur/article.php/3850401/FreeBSD-Shines-While-Apple-Fails.htm
> All software has bugs, but it's how people react when things go wrong that you can judge them. Did the FreeBSD folks sit around and do nothing? Did they busy themselves with other things and leave 8.0, 7.1 and 7.0 users vulnerable to pwnage? No, they did not! A matter of hours later Colin Percival, FreeBSD's security officer, made this announcement:
>
> A short time ago a 'local root' exploit was posted to the full-disclosure mailing list; as the name suggests, this allows a local user to execute arbitrary code as root ... since exploit code is already widely available I want to make a patch available ASAP.
> And with that, he released said patch.
>
So what OS does your information security manager run on his {desk,lap}top?
-stacey._______________________________________________
Jerry McAllister
> Polytropon wrote:
> > On Fri, 11 Dec 2009 01:42:36 -0600, "Sam Fourman Jr." <sfou...@gmail.com>
> > wrote:
> >> I have tried looking around and OpenBSD appears to be the undisputed
> >> #1 track record in terms of security and FreeBSD is #2 (I didn't count
> >> dragonflyBSD)
> >
> > VMS would be #0, then? :-)
>
> I dunno. Haven't seen many MS-DOS exploits recently either...
Chuckle Chuckle Chuckle.
I haven't either.
Don't see much MS-DOS network activity either...
////jerry
>
> Matthew
>
> --
> Dr Matthew J Seaman MA, D.Phil. Flat 3
> 7 Priory Courtyard
> PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
> Kent, CT11 9PW, UK
>
Polytropon
> On Fri, Dec 11, 2009 at 08:49:42AM +0000, Matthew Seaman wrote:
>
> > Polytropon wrote:
> > > On Fri, 11 Dec 2009 01:42:36 -0600, "Sam Fourman Jr." <sfou...@gmail.com>
> > > wrote:
> > >> I have tried looking around and OpenBSD appears to be the undisputed
> > >> #1 track record in terms of security and FreeBSD is #2 (I didn't count
> > >> dragonflyBSD)
> > >
> > > VMS would be #0, then? :-)
> >
> > I dunno. Haven't seen many MS-DOS exploits recently either...
>
> Chuckle Chuckle Chuckle.
> I haven't either.
> Don't see much MS-DOS network activity either...
Lemme check...
C:\>ne2000 -w 0x65 0xC 0x300
C:\>doslynx
:b
echo Looking for Sybille...
goto b
Ah, there it was! :-)
--
Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...
Svein Skogen (Listmail Account)
Hash: SHA1
Dag-Erling Smørgrav wrote:
> "Svein Skogen" <svein-l...@stillbilde.net> writes:
>> The easiest way of brute-forcing access to a FreeBSD server includes
>> locating the sysadmin and applying the common desk drawer. It's that
>> simple.
>
> *laugh*
>
> I thought you were more of a baseball bat kind of guy :)
Desk drawers are easier found around the sysadmin, and that means you
don't have to carry suspicious evidence around the city. ;)
//Svein
iEYEARECAAYFAksikO8ACgkQODUnwSLUlKT6XwCeLkdjul97Z3I4sC4l0QPmlaPB
fJcAn37Lr0NX/LFafzmNNTvg+9rDUzSB
=HlBm
-----END PGP SIGNATURE-----
Kevin Oberman
> From: Matthew Seaman <m.se...@infracaninophile.co.uk>
> Sender: owner-free...@freebsd.org
>
> Polytropon wrote:
> > On Fri, 11 Dec 2009 01:42:36 -0600, "Sam Fourman Jr." <sfou...@gmail.com> wrote:
> >> I have tried looking around and OpenBSD appears to be the undisputed
> >> #1 track record in terms of security and FreeBSD is #2 (I didn't count
> >> dragonflyBSD)
> >
> > VMS would be #0, then? :-)
>
> I dunno. Haven't seen many MS-DOS exploits recently either...
I'm sure that there are systems happily running MSDOS, but I bet not too
many are networked.
I know that there is still a lot of VMS out there and that it has
remained a cash cow for HP. It lived on primarily in the banking and
financial sector, though I guess the use is dropping since HP recently
outsourced support to India and that lead to the retirement of the last
of the original VMS developers, Andy Goldstein.
Also, the the end of TECO as Andy was responsible for porting it to
almost every platform DEC ever sold (RSX, RSTS, VMS, TOPS-10 and
TOPS-20, RT-11, and several others) and continued to maintain it until
his retirement. (Most readers of this list probably don't even remember
TECO.)
And, for may years VMS had major network security problems, especially
the infamous default DECNET/DECNET account that lead to may compromises
and the second major network worm, Worms Against Nuclear Killers. (I
won't use the acronym so as not to offend our British readers. I found
out about that when the BBC interviewed me about it and I was told that
I could not utter the word.)
--
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: obe...@es.net Phone: +1 510 486-8634
Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
Ulf Zimmermann
> > Date: Fri, 11 Dec 2009 08:49:42 +0000
> > From: Matthew Seaman <m.se...@infracaninophile.co.uk>
> > Sender: owner-free...@freebsd.org
> >
> > Polytropon wrote:
> > > On Fri, 11 Dec 2009 01:42:36 -0600, "Sam Fourman Jr." <sfou...@gmail.com> wrote:
> > >> I have tried looking around and OpenBSD appears to be the undisputed
> > >> #1 track record in terms of security and FreeBSD is #2 (I didn't count
> > >> dragonflyBSD)
> > >
> > > VMS would be #0, then? :-)
> >
> > I dunno. Haven't seen many MS-DOS exploits recently either...
>
> I'm sure that there are systems happily running MSDOS, but I bet not too
> many are networked.
>
> I know that there is still a lot of VMS out there and that it has
> remained a cash cow for HP. It lived on primarily in the banking and
> financial sector, though I guess the use is dropping since HP recently
> outsourced support to India and that lead to the retirement of the last
> of the original VMS developers, Andy Goldstein.
Just go to Fry's Electronic. Most of their systems are still MS-Dos with
Novell for network, running text based inventory/quote/sales app.
>
> Also, the the end of TECO as Andy was responsible for porting it to
> almost every platform DEC ever sold (RSX, RSTS, VMS, TOPS-10 and
> TOPS-20, RT-11, and several others) and continued to maintain it until
> his retirement. (Most readers of this list probably don't even remember
> TECO.)
>
> And, for may years VMS had major network security problems, especially
> the infamous default DECNET/DECNET account that lead to may compromises
> and the second major network worm, Worms Against Nuclear Killers. (I
> won't use the acronym so as not to offend our British readers. I found
> out about that when the BBC interviewed me about it and I was told that
> I could not utter the word.)
> --
> R. Kevin Oberman, Network Engineer
> Energy Sciences Network (ESnet)
> Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
> E-mail: obe...@es.net Phone: +1 510 486-8634
> Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
> _______________________________________________
> freebsd...@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "freebsd-curre...@freebsd.org"
>
--
Regards, Ulf.
---------------------------------------------------------------------
Ulf Zimmermann, 1525 Pacific Ave., Alameda, CA-94501, #: 510-865-0204
You can find my resume at: http://www.Alameda.net/~ulf/resume.html
James Phillips
> Date: Fri, 11 Dec 2009 08:49:42 +0000
> From: Matthew Seaman <m.se...@infracaninophile.co.uk>
<SNIP!>
> Polytropon wrote:
> > On Fri, 11 Dec 2009 01:42:36 -0600, "Sam Fourman Jr."
> <sfou...@gmail.com>
> wrote:
> >> I have tried looking around and OpenBSD appears to
> be the undisputed
> >> #1 track record in terms of security and FreeBSD
> is #2 (I didn't count
> >> dragonflyBSD)
> >
> > VMS would be #0, then? :-)
>
> I dunno.� Haven't seen many MS-DOS exploits recently
> either...
>
> ��� Matthew
>
MS-DOS doesn't have root exploits because they are not needed.
-james
__________________________________________________________________
Looking for the perfect gift? Give the gift of Flickr!
Robert Huff
Ulf Zimmermann writes:
> Just go to Fry's Electronic. Most of their systems are still
> MS-Dos with Novell for network, running text based
> inventory/quote/sales app.
Ca _lot_ of small businesses have something similar.
Robert Huff
Randy Bush
> evidence that some "botnets" are (again) tryng simple combination of
> uid/pwd.
/usr/ports/security/sshguard-*
randy
M. Warner Losh
Bill Moran <wmo...@potentialtech.com> writes:
: In response to Anton Shterenlikht <me...@bristol.ac.uk>:
:
: > >From my information security manager:
: >
: > FreeBSD isn't much used within the University (I understand) and has a
: > (comparatively) poor security record. Most recently, for example:
: >
: > http://www.h-online.com/security/news/item/Root-exploit-for-FreeBSD-873352.html
: Are you trying to make your infosec guy look like an idiot? Does he
: realize that FreeBSD has a grand total of 16 security problems for all
: of 2009? Hell, Microsoft has that many in an average month.
And many of them were for code supplied by others...
: If he can find something (other than OpenBSD) with a better record than
: that, I'd love to hear about it.
Are you sure that OpenBSD has a better record?
Warner
Sam Fourman Jr.
> Are you sure that OpenBSD has a better record?
I found this for loose reference.
http://en.wikipedia.org/wiki/OpenBSD#Security_and_code_auditing
I will say that even though on the surface OpenBSD appears to have a
better track record security wise
I tend to use FreeBSD for my desktop needs because of things like
Nvidia Graphics (esp now that there is amd64 support)
also wine works in FreeBSD and some of my clinets still run windows apps.
I find FreeBSD is the middle ground the world needs between Linix and OpenBSD
Sam Fourman Jr.
Fourman Networks
Rolf Nielsen
>> Are you sure that OpenBSD has a better record?
>
>
> I found this for loose reference.
> http://en.wikipedia.org/wiki/OpenBSD#Security_and_code_auditing
>
> I will say that even though on the surface OpenBSD appears to have a
> better track record security wise
> I tend to use FreeBSD for my desktop needs because of things like
> Nvidia Graphics (esp now that there is amd64 support)
Where's that? The Nvidia site says nothing about it yet, and the
makefile for x11/nvidia-driver still says ONLY_FOR_ARCHS=i386. I'm
eagerly waiting for it, but I can't find anything other than a forum
post (I don't have the address handy at this computer, but I know it's
somewhere in the mailing list archive) from Zander at Nvidia corporation
saying it's on its way.
> also wine works in FreeBSD and some of my clinets still run windows apps.
>
> I find FreeBSD is the middle ground the world needs between Linix and OpenBSD
>
> Sam Fourman Jr.
> Fourman Networks
> _______________________________________________
> To unsubscribe, send any mail to "freebsd-questi...@freebsd.org"
George Liaskos
Dag-Erling Smørgrav
> Are you sure that OpenBSD has a better record?
They have a record of measuring others by a different yardstick...
DES
--
Dag-Erling Smørgrav - d...@des.no
Dag-Erling Smørgrav
> I'm sure that there are systems happily running MSDOS, but I bet not too
> many are networked.
That's a bet you're likely to lose - most of them are POS terminals,
industrial control applications etc.
DES
--
Dag-Erling Smørgrav - d...@des.no
Svein Skogen (Listmail Account)
Hash: SHA1
Dag-Erling Smørgrav wrote:
> "Kevin Oberman" <obe...@es.net> writes:
>> I'm sure that there are systems happily running MSDOS, but I bet not too
>> many are networked.
>
> That's a bet you're likely to lose - most of them are POS terminals,
> industrial control applications etc.
Add to that the lot of them that are running IPX/SPX protocol... ;)
//Svein
iEYEARECAAYFAksmK/gACgkQODUnwSLUlKSTbACgk63bpEw587FvI+sPpiC3BORP
GdoAnjT/o90mt0aNubLMsim9RfjIrtvR
=Rq2S
-----END PGP SIGNATURE-----
Dag-Erling Smørgrav
> Dag-Erling Smørgrav wrote:
> > "Kevin Oberman" <obe...@es.net> writes:
> > > I'm sure that there are systems happily running MSDOS, but I bet
> > > not too many are networked.
> > That's a bet you're likely to lose - most of them are POS terminals,
> > industrial control applications etc.
> Add to that the lot of them that are running IPX/SPX protocol... ;)
Damn you, I was this >< close to successfully repressing that memory!
DES
--
Dag-Erling Smørgrav - d...@des.no
Borja Marcos
On Dec 14, 2009, at 2:03 PM, Dag-Erling Sm�rgrav wrote:
> "Svein Skogen" <svein-l...@stillbilde.net> writes:
>> Dag-Erling Sm�rgrav wrote:
>>> "Kevin Oberman" <obe...@es.net> writes:
>>>> I'm sure that there are systems happily running MSDOS, but I bet
>>>> not too many are networked.
>>> That's a bet you're likely to lose - most of them are POS terminals,
>>> industrial control applications etc.
>> Add to that the lot of them that are running IPX/SPX protocol... ;)
>
> Damn you, I was this >< close to successfully repressing that memory!
I was avoiding to jump into this, but... Maybe this hilarious proposal will cure your pain, dude.
http://ietfdocs.potaroo.net/rfc/rfc1791.txt
I remember that around the early 90's I read one of those peecee magazine authors (maybe Jerry Pournelle) asking the IETF to, please, drop that TCP/IP thingy and instead choose a standard, widely used protocol for the Internet: IPX.
Let me touch more bad neurons for you: X.400 :)
Borja.
Dag-Erling Smørgrav
> http://ietfdocs.potaroo.net/rfc/rfc1791.txt
Priceless!
> I remember that around the early 90's I read one of those peecee
> magazine authors (maybe Jerry Pournelle) asking the IETF to, please,
> drop that TCP/IP thingy and instead choose a standard, widely used
> protocol for the Internet: IPX.
Umm, is IPX even routable?
Note that we still have IPX/SPX and NCP support in the kernel...
options IPX #IPX/SPX communications protocols
options NCP #NetWare Core protocol
DES
--
Dag-Erling Smørgrav - d...@des.no
Wes Peters
> Borja Marcos <bor...@sarenet.es> writes:
>> http://ietfdocs.potaroo.net/rfc/rfc1791.txt
>
> Priceless!
>
>> I remember that around the early 90's �I read one of those peecee
>> magazine authors (maybe Jerry Pournelle) asking the IETF to, please,
>> drop that TCP/IP thingy and instead choose a standard, widely used
>> protocol for the Internet: IPX.
>
> Umm, is IPX even routable?
Yup, it sure is. Xylan had IPX routing in their switch/routers when I
worked there, done by the same group that did IP routing. It was
bugly.
--
Against stupidity the very gods Themselves contend in vain.
Friedrich Schiller
Svein Skogen (Listmail Account)
Hash: SHA1
Rink Springer wrote:
> On Mon, Dec 14, 2009 at 07:32:55PM -0800, Wes Peters wrote:
>> 2009/12/14 Dag-Erling Sm?rgrav <d...@des.no>:
>>> Umm, is IPX even routable?
>> Yup, it sure is. Xylan had IPX routing in their switch/routers when I
>> worked there, done by the same group that did IP routing. It was
>> bugly.
>
> 3Com CoreBuilder's (at least the 3500 model) were also capable of fully
> routing IPX. Never tried it though, as IPX was obsoleted by that time
> anyway :-)
>
I cleared out some recipient adresses before answering this...
So does the higher featuresets of IOS (Cisco). I've actually done a fair
bit of that sort of routing (IPX, DECnet, and whatnot) for a living
"back then" before my health gave up on me (landing me on disability
pension).
As a matter of fact, you could even route NETBEUI if you encapsulated it
in something else (and thus i reality bridged it). We did that for a few
customers, over frame-relay, as late as 2001 (when I moved on to a
different part of the company).
Basically, any signal that you can connect to an interface on a router,
CAN be routed, provided your NOC team is creative enough.
//Svein
- --
- --------+-------------------+-------------------------------
/"\ |Svein Skogen | sv...@d80.iso100.no
\ / |Solberg �stli 9 | PGP Key: 0xE5E76831
X |2020 Skedsmokorset | sv...@jernhuset.no
/ \ |Norway | PGP Key: 0xCE96CE13
| | sv...@stillbilde.net
ascii | | PGP Key: 0x58CD33B6
ribbon |System Admin | svein-l...@stillbilde.net
Campaign|stillbilde.net | PGP Key: 0x22D494A4
+-------------------+-------------------------------
|msn messenger: | Mobile Phone: +47 907 03 575
|sv...@jernhuset.no | RIPE handle: SS16503-RIPE
- --------+-------------------+-------------------------------
If you really are in a hurry, mail me at
svein-...@stillbilde.net
This mailbox goes directly to my cellphone and is checked
even when I'm not in front of my computer.
- ------------------------------------------------------------
Picture Gallery:
https://gallery.stillbilde.net/v/svein/
- ------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAksnZnIACgkQODUnwSLUlKR4jwCgqiT+aISY+tlUgD0mwlPQwAJp
P4QAnimhUag3g63NnVSNkqYDw4LSc2BE
=kMty
-----END PGP SIGNATURE-----
Pierre Beyssac
Since upgrading my world with a -current built last night, cvsup
dumps core on me. Any idea?
It is a Intel/ATOM 330 box used in 64bit mode. Everything else on
the box runs fixe.
Recompiling cvsup + ezm3 didn't fix the problem; neither did trying
a libc from October.
% cvsup -gs standard-supfile
Connected to cvsup3.fr.FreeBSD.org
Updating collection src-all/cvs
Edit src/sbin/ipfw/ipfw.8
zsh: illegal hardware instruction (core dumped) cvsup -gs standard-supfile
% gdb cvsup cvsup.core
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd"...(no debugging symbols found)...
Core was generated by `cvsup'.
Program terminated with signal 4, Illegal instruction.
Reading symbols from /lib/libz.so.5...(no debugging symbols found)...done.
Loaded symbols for /lib/libz.so.5
Reading symbols from /lib/libm.so.5...(no debugging symbols found)...done.
Loaded symbols for /lib/libm.so.5
Reading symbols from /lib/libc.so.7...(no debugging symbols found)...done.
Loaded symbols for /lib/libc.so.7
Reading symbols from /libexec/ld-elf.so.1...(no debugging symbols found)...done.
Loaded symbols for /libexec/ld-elf.so.1
#0 0x00000008009ffe2b in gmtime_r () from /lib/libc.so.7
(gdb) where
#0 0x00000008009ffe2b in gmtime_r () from /lib/libc.so.7
#1 0x00000008009ff8be in gmtime_r () from /lib/libc.so.7
#2 0x0000000800a00596 in gmtime_r () from /lib/libc.so.7
#3 0x0000000800a007a8 in gmtime_r () from /lib/libc.so.7
#4 0x0000000800a03b98 in time () from /lib/libc.so.7
#5 0x00000008009ff53f in timeoff () from /lib/libc.so.7
#6 0x0000000800a00e17 in gmtime () from /lib/libc.so.7
#7 0x00000000004a643a in calloc ()
#8 0x000000000043aec7 in ?? ()
#9 0x0000000000448eaa in ?? ()
#10 0x0000000000409ece in ?? ()
#11 0x00000000004191a4 in ?? ()
#12 0x0000000000417cbe in ?? ()
#13 0x000000000041529f in ?? ()
#14 0x0000000000414d7a in ?? ()
#15 0x000000000049f980 in calloc ()
#16 0x000000000048fa3d in fnmatch ()
#17 0x00007fffffffd3c8 in ?? ()
#18 0x00007fffffffe930 in ?? ()
#19 0x00007fffffffea20 in ?? ()
#20 0x00007fffffffea00 in ?? ()
#21 0x0000000000000000 in ?? ()
#22 0x0000000000000000 in ?? ()
#23 0x00001fa00000037f in ?? ()
#24 0x0000000000000000 in ?? ()
#25 0x00000000006486c0 in ?? ()
#26 0x00000000006486c0 in ?? ()
#27 0x0000000000494d89 in fnmatch ()
--
Pierre Beyssac p...@fasterix.frmug.org
Gary Jennejohn
Pierre Beyssac <p...@fasterix.frmug.org> wrote:
> Since upgrading my world with a -current built last night, cvsup
> dumps core on me. Any idea?
>
> It is a Intel/ATOM 330 box used in 64bit mode. Everything else on
> the box runs fixe.
>
> Recompiling cvsup + ezm3 didn't fix the problem; neither did trying
> a libc from October.
>
I reported this everal weeks ago but there was never a satisfactory
resolution to the problem.
One poster (scf@) reported that using a 32-bit binary solves the problem.
In my experience running cvsup against a remote server (to keep a local
CVS tree up to date) works just fine.
Are you also running cvsupd and attaching to it?
I've found that not starting cvsupd in /etc/rc.conf and instead starting
it without -C in a shell script just before invoking cvsup works, so
I use something like this:
/usr/local/sbin/cvsupd&
sleep 1
/usr/local/bin/cvsup supfile
and have localhost in supfile.
Otherwise I suggest using csup, which does not exhibit any bugs.
---
Gary Jennejohn
Gary Jennejohn
Gary Jennejohn <gary.je...@freenet.de> wrote:
> On Tue, 15 Dec 2009 15:02:34 +0100
> Pierre Beyssac <p...@fasterix.frmug.org> wrote:
>
> > Since upgrading my world with a -current built last night, cvsup
> > dumps core on me. Any idea?
> >
> > It is a Intel/ATOM 330 box used in 64bit mode. Everything else on
> > the box runs fixe.
> >
> > Recompiling cvsup + ezm3 didn't fix the problem; neither did trying
> > a libc from October.
> >
>
> I reported this everal weeks ago but there was never a satisfactory
> resolution to the problem.
>
> One poster (scf@) reported that using a 32-bit binary solves the problem.
>
> In my experience running cvsup against a remote server (to keep a local
> CVS tree up to date) works just fine.
>
> Are you also running cvsupd and attaching to it?
>
> I've found that not starting cvsupd in /etc/rc.conf and instead starting
> it without -C in a shell script just before invoking cvsup works, so
> I use something like this:
>
> /usr/local/sbin/cvsupd&
> sleep 1
> /usr/local/bin/cvsup supfile
>
> and have localhost in supfile.
>
> Otherwise I suggest using csup, which does not exhibit any bugs.
>
One very important thing which I forgot to mention was that removing
/usr/share/zoneinfo/UTC seems to allow cvsup to run to completion.
Pierre Beyssac
> > Recompiling cvsup + ezm3 didn't fix the problem; neither did trying
> > a libc from October.
> I reported this everal weeks ago but there was never a satisfactory
> resolution to the problem.
>
> One poster (scf@) reported that using a 32-bit binary solves the problem.
Yes, I did that too, a 32bit cvsup binary I copied from another
-current machine works.
> In my experience running cvsup against a remote server (to keep a local
> CVS tree up to date) works just fine.
> Are you also running cvsupd and attaching to it?
No. I don't have a local server, cvsup is running against a remote
server.
More info:
When running from gdb, the error shows up as SIGSEGV on a callq to
an invalid address. Could this be a dynamic link error?
Here's a disassembly of the code; actually it seems to be somewhere
inside lib/libc/stdtime/localtime:timesub() (called by gmtime_r).
Program received signal SIGSEGV, Segmentation fault.
0x00000008009ffe2b in gmtime_r () from /lib/libc.so.7
0x00000008009ffe0b <gmtime_r+2171>: mov 1364798(%rip),%r14 # 0x800b4d150 <__thr_jtable+90512>
0x00000008009ffe12 <gmtime_r+2178>: mov %edx,%r13d
0x00000008009ffe15 <gmtime_r+2181>: mov (%r14),%rax
0x00000008009ffe18 <gmtime_r+2184>: mov %rax,0xee68(%rsp)
0x00000008009ffe20 <gmtime_r+2192>: xor %eax,%eax
0x00000008009ffe22 <gmtime_r+2194>: test %rdi,%rdi
0x00000008009ffe25 <gmtime_r+2197>: je 0x8009fff80 <gmtime_r+2544>
0x00000008009ffe2b <gmtime_r+2203>: callq 0x80095b4cc <signgam+181968>
0x00000008009ffe30 <gmtime_r+2208>: test %eax,%eax
0x00000008009ffe32 <gmtime_r+2210>: jne 0x8009fff52 <gmtime_r+2498>
(gdb) print signgam
$1 = 0
> Otherwise I suggest using csup, which does not exhibit any bugs.
True, I just did that following a private suggestion and it works just fine :-)
--
Pierre Beyssac p...@fasterix.frmug.org
Pierre Beyssac
> > Otherwise I suggest using csup, which does not exhibit any bugs.
> One very important thing which I forgot to mention was that removing
> /usr/share/zoneinfo/UTC seems to allow cvsup to run to completion.
Me too! So weird (even though my machine is configured with CET).
So the problem definitely seems to be time-related...
--
Pierre Beyssac p...@fasterix.frmug.org
Daniel O'Connor
> Since upgrading my world with a -current built last night, cvsup
> dumps core on me. Any idea?
<snip>
Please don't thread hijack, it breaks the flow of conversation and is
annoying.
ie don't just pick some random message and hit reply then change the
subject etc.. Your mail client adds headers which cause it to appear as
part of the original thread even though the subject has changed (this
is a feature)
--
Daniel O'Connor software and network engineer
for Genesis Software - http://www.gsoft.com.au
"The nice thing about standards is that there
are so many of them to choose from."
-- Andrew Tanenbaum
GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C