Re: security risk: ktrace(2) in FreeBSD prior to -current.

From: Brett Glass (brett@lariat.org)
Date: 07/01/02


Date: Mon, 01 Jul 2002 10:30:44 -0600
To: David Pick <d.m.pick@qmul.ac.uk>, security@FreeBSD.ORG
From: Brett Glass <brett@lariat.org>

At 08:43 AM 7/1/2002, David Pick wrote:

>At least we can build a binary update "package"
>for the "ports" version using a simple "make package"; it's
>harder for the version integrated into the base.

You can make a binary updater using the currently available
port. Just do

cd /usr/ports/security/openssh-portable && make -DOPENSSH_OVERWRITE_BASE package

Beware, though, that you'll also want to install the latest
OpenSSL "engine". I believe that you can make this into
a binary package as well.

>Please note that I have *not* asked for a binary update.
>I don't want to get flamed the way Brett does...

...for asking something reasonable? ;-)

Seriously: Please do ask. If we do not have up-to-date binary
packages, a large percentage of the new installs of FreeBSD
(both network installs and those from CD-ROM) will be vulnerable
from the start, even though the holes have long been identified.
This is not only unethical but also terrible for FreeBSD's
reputation.

Already, the Apache/FreeBSD worm is making the rounds. Why
allow new installs to be vulnerable?

--Brett

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message



Relevant Pages

  • Re: Help - Port 80 being targeted
    ... URLScan installs as an ISAPI filter. ... I have port 80 open firewalls don't do me any good! ... > What you're seeing could possibly be a nimda or code red worm scanning your ...
    (comp.security.firewalls)
  • Re: Help setting up COM port
    ... Did you look in device manager and see if there is a serial pointing device ... At which point it installs the drivers and hands ... over the port, preventing anything else from using the port. ... > port the GPS is connected. ...
    (microsoft.public.windowsxp.general)
  • Re: Configuring Exchange 2003 with Symantec Anti-Virus
    ... Exchange and is probably actually a tad bit better for scanning incoming ... It installs using the avapi and is very nice. ... > and have set up a new Exchange 2003 server. ... > can reconfigure Exchange to receive on antoher port (is changing the the ...
    (microsoft.public.exchange.misc)
  • Re: Re[2]: sendmail/postfix ports question
    ... What was going on with the port is beyond my ... >> The ports version of postfix by default installs all its configuration ... >> can do what I did and instruct postfix through its main.cfg to take the ... However, SendMail would not be installed, ...
    (freebsd-questions)
  • Re: Help getting Win98 software to run in XP ?
    ... i have a software program which is basically a radio decoder ... It decodes via dedicated hardware (com port to radio ... It installs OK. ... Some older Windows programs are just fundementally unsuited to running on ...
    (microsoft.public.windowsxp.help_and_support)