Slashdot Mirror

Oh, and while I'm ranting about the horribleness of Open Source security stuff, why is it that there is STILL no well-integrated filesystem crypto in any of the Open Source operating systems, including the security-oriented OpenBSD? No, loopback crypto kludges don't count at all.

What I find most troublesome is that Microsoft seems to be taking the lead in providing a means of control that goes beyond the ACL approach that has been traditional until now. It's an astute move for M$. If the rest of the world doesn't come up with an alternative, it will become all that much harder to dislodge Windows from the corporate desktop.

It tends to be complex to implement due to a lot of flexibility, and definitly has different goals (securing your systems, as opposed to securing profit of others), but it isn't as Microsoft would be the only one to improve their security model.

The champoin of freedom in a world which had become a matrix of digital prisons. The ones that stood up to it all without flinching. The Chinese...

It's in the freebsd handbook, in the sendmail section. it tells you to set sendmail_enable to none if you want to turn it off completely, or no if you want to just disable the daemon, but still wish to be able to send outgoing mail... you can find most basic stuff listed in the freebsd handbook, you really should be using it a lot in the beginning!

http://www.freebsd.org/doc/en_US.ISO8859-1/books/h andbook/mail-changingmta.html

You can not play games on it.
Is Quake 3 not good enough for you?

It cannot be used by my grandma.
Grandma can't use a toaster, what's your point?

It lacks a GUI of any note.
*looks over to freebsd box and sees KDE running*

There is no support available for it.
No support for wimps.

It is an assortment of fragmented OSes.
You must have it confused with Red Hat. The colours are similar and those might confuse you.

It cannot be run on the x86 platform.
*looks at Cyrix 6x86 PR-200 for the second time today*

You have to compile everything and know C.
*wonders why my install took less than 2 hours on a 486*

Support for the latest hardware is always poor.
*looks at nVidia drivers*

It is incompatiable with GNU/Linux.
Has the Linux-compat broken again?

It is dying.
Luckily, so are you.

See see the REQUIRED et.al. in /etc/rc.d/diskless for an example.

As all these scripts are under control of rcorder - it should be very easy to change its guts to do things parallel.

Or in other words - -you'll find more of an ready made bed in freebsd - and applying the linux article should in fact be easier than on linux itself :-)

Dw

See see the REQUIRED et.al. in /etc/rc.d/diskless for an example.

As all these scripts are under control of rcorder - it should be very easy to change its guts to do things parallel.

Or in other words - -you'll find more of an ready made bed in freebsd - and applying the linux article should in fact be easier than on linux itself :-)

Dw

There's a really nice solution for at least part of this problem already available: RCng. I don't know if it parallelizes the startup scripts, perhaps it could be hacked to do so, but it does its own dependency checking so you wouldn't have to invoke make (blech!).

So don't download the latest patch from them, instead use a trusted source, like this. Check the latest commits by nectar.

The FreeBSD team has released a related Security Advisory and issued patches for affected FreeBSD versions as well as OpenSSH in the ports tree.

Corrected:
2003-09-16 16:24:02 UTC (RELENG_4)
2003-09-16 16:27:57 UTC (RELENG_5_1)
2003-09-16 17:34:32 UTC (RELENG_5_0)
2003-09-16 16:24:02 UTC (RELENG_4_8)
2003-09-16 16:45:16 UTC (RELENG_4_7)
2003-09-16 17:44:15 UTC (RELENG_4_6)
2003-09-16 17:45:23 UTC (RELENG_4_5)
2003-09-16 17:46:02 UTC (RELENG_4_4)
2003-09-16 17:46:37 UTC (RELENG_4_3)
2003-09-16 12:43:09 UTC (ports/security/openssh)
2003-09-16 12:43:10 UTC (ports/security/openssh-portable)

Step 1, get the older 3.6.1p1 src rpm from any of the mirrow sites. and install. rpm -U openssh-3.6.1p1-1.src.rpm

Step 2: untar the the file in the source dir

cd /usr/src/redhat/SOURCES/

tar xzf openssh-3.6.1p1.tar.gz

Step 3: replace the buffer.c file with the one from here here

cd openssh-3.6.1p1/; cp /tmp/buffer.c .; cd ..; tar czf omniORB-4.0.2.tar.gz openssh-3.6.1p1/

Step 4: build the rpm. cd ../SPECS; rpmbuild -bb openssh.spec

Step 5: install, cd ../RPMs/i386; rpm -U --force openssh*; /etc/init.d/sshd restart

Thats it...

Patches are already available, for example from the FreeBSD CVS web. Personally, I'd rather apply it now than waiting for a detailed analysis of the exploit...

Speaking of bad versions.

0 Day SSH EXPLOIT out today..
CVS DIFF patch Here

Details are sketchy here

Redhat and others haven't released patches yet.

ChiefArcher

... And that attitude and/or belief is exactly why Linux will ultimately fail.

Like it or not, people need money to survive. Free spirit is one thing, but keeping something entirely free as in beer will ultimately kill it as the people behind it will have nothing to support their continued existence.

I dislike Microsoft as much as the next guy, but I realize that if I want viable alternatives, I have, or at least should, pay for them to show my support and to put food in the developers' mouths. That's why I buy every new version of Libranet Linux, and that's why I have a subscription to FreeBSD releases on CD via the FreeBSD Mall.

What to buy...what to buy...hmmm...hmmm...just can't decide how much I'd like to spend! I need to get my hands on a copy of BSD to host my site! Stat!

FreeBSD-svr4 emulation now ready for prime time. The only question is, does the SCO Unix-Linux License run on this emulator? And if so, does it thereby violate SCO's perve-and-grope^H^H^H^H^H^H^H^H^H^Hlook-and-feel claims?

"No commercial support"?

You mean like this:
Commercial Vendors - Consulting
Consultants for hire
?

There's always freebsd.org, and I don't see anything happening to them anytime soon.

And before anyone says "*BSD is dying and is teh suX0rs, Linux forever!" I'd just like to say that BSD isn't going anywhere. There is no x86 based server OS that is as stable, as secure, as highly configurable, as fast, and as powerful as FreeBSD.

As a former employee of BE Inc. I have to chime in here on one glaring pharse of utter bull-shit that you wrote in your post so everyone can see that your obviously not having any idea of what your talking about.

If BeOS were easily dual-booted, more people would consider BeOS applications (the "OS barrier" would erode), and eventually more would be written (the "applications barrier" would erode).

I assume you haven't tried BeOS as it was highly dual-bootable with a very good graphical boot manager, and easily configured. BeOS could even live within a file inside the fat32/ntfs filesystems. The ability to dual boot is a non-issue for BeOS systems as this was one of the primary design goals, to co-exist with other Operating Systems in world dominated by one OS.

MS currently maintains both barriers, but if they didn't, they wouldn't be able to maintain the monopoly against all the competing and/or superior products out there.

Microsoft did this (in BeOS's case) with lucrative rebate deals and other incentives what involved OEM's (like DELL) who would preload computers with an opperating system like windows98, or BeOS. Dell computer, for example, signed a typical OEM agreement with Microsoft that basicly meant every computer dell sold was attached with a license for a Microsoft OS, even if the computer didn't ship with the Microsoft OS. In this way Microsoft ensured that Dell didn't save any money by using an alternative OS, and thus was anti-competitive. This is not to mention the other parts of the Microsoft OEM agreement that stipulated that any computer covered by the OEM agreement (which was all computers produced) could not contain a bootloader that was non-MS, or the agreement regarding the discounts/rebaits would be nill in addition to the penalty the OEM would have to pay. In other words, Dell wouldn't get the discount on the Microsoft OS (money in their pockets), and would even be fined for contract violation.

What we really need is a competing OS that has a full suite of applications, both of which are freely developed by anyone who wishes to, rather than being controlled by a single corporation, and it will probably need to be possible to buy a computer with these pre-installed, for it to truly break both of the barriers mentioned above.

You mean like FreeBSD, or Finux? I belive those qualify as competing OS's, yet at the time of BeOS, they were still not hardly on Microsofts radar as they were not viable desktop replacments, and Microsoft was making most of its money of the desktop systems area, not servers. In regards to full suite of application, and not being controlled by any single entity. Hrm.. have you Looked at Red Hat recently? In regards to a single corporation controlling things, pulling strings; Have you considered that Linus is the single point of control for the Linux kernel? You can alter Finux all you want, but there is still one single pooint of control over it. As I have pointed out above, one of your foundation points (BeOS dual boot) is stupid, and not valid. So reinforcing any point on them is also not helping. Not to throw sand in your eyes, but I should point out that Finux is easily dual bootable too, as is Freebsd.

Then, the only barrier will be in the mind -- the fact that people don't yet know about the potential of the OS and its applications, or that they're not yet ready to accept it over what it replaces.

Why would anybody take the effort to replace something that currently works? YOu could give them a huge incentive such as security, or price. But when you have an investment in time with the currently installed (and industry dominant) OS, there would need to be an overwhelmings reason to justify changing that.

Now... MS products aren't all completely crap.
This is a true stament

But they must be seriously scared of anyone who can get their foot in the door, because a lot of their dominant products are dominant

The OS is going to also be DRM enabled and will detect the BIOS type.

Oh, really? I don't think so

Hard drives are less than a dollar a gig. This is $1300 for 500GB. You'd be better off buying a nice little shuttle box (small, like you want, not entirely hideous), tossing in two 250 GB drives, and having the whole thing cost less than $700.

Oh, and then you could put on a real operating system.

I can't imagine they'd start from scratch when there's code lying around to build upon. But that doesn't mean their modified version will be open source. Somehow I don't think the GPL will stand in their way.


Especially when there's code around with an extra 10-20 years of maturity under a more friendly (BSD) license.

Exhibits:

1
2
3

I believe Mplayer plays both of them.

http://www.freebsd.org/cgi/url.cgi?ports/multime di a/mplayer/pkg-descr

Don't forget the native Mozilla/Opera plugin while your there.

Xine would probably be fine as well.

I'm just wondering why FreeBSD is not used more for electronics. It's as small and fast as Linux and seems to have less copyright issues. I know that has been and is used in embedded devices. I'm just wondering what Linux's advantage over it is.

Thanks,
Strater
strater.ca

http://www.freebsd.org/platforms/amd64.html

This announcement means that I can (presumably) finally get Freenet running on my spare FreeBSD box. I hadn't been able to figure out how to get the quasi-official, not guaranteed to be functional, volunteer java ports (which may or may not actually include NIO, which Freenet uses) installed on FBSD. I'd pretty much given up.

This is great news, even if it's binary-only! My thanks to Sun and to the FreeBSD Java team.

FreeBSD has a linux emulation layer, for running linux applications

No, it doesn't.

"Yeah, but is this really emulation? No. It is an ABI implementation, not an emulation. There is no emulator (or simulator, to cut off the next question) involved." FreeBSD Handbook

They are running FreeBSD. This sort of pandering doesn't really do much for me, but at least these guys aren't pitching their 'Mozilla Coffee' with IIS.

Am I the only one who's a little bummed that this virus may have been stopped dead in it's tracks here? I mean, my inbox got slammed with crap just like everyone else's, but because nearly all of my systems are running relatively secure operating systems, I've just kinda chuckle each time another dozen mesages shows up automatically routed to my "Junk/virii" folder.

It is pure, gleeful schadenfeude for me to think of all the hapless PHBs and MSCSE CIOs who are finally being given a little hint as to just how vulnerable they've left their companies. In the short term yes, many people will be inconvenienced and possibly some critical systems knocked out. But these hapless companies and also the public sector will eventually be forced to learn, and that's ultimately a good thing for all of us.

The access control list feature is something that has been in Windows and Solaris for some time.

FreeBSD has had ACLs (in the 5.x branch) for some time as well.

From what I saw, the big news will be PAE (> 4Gb on Intel boxes) support, which good for commercial uses (we have a bunch of 8Gb Linux boxes that use PAE) but not likely a lot of folks have it on the desktop.

Check the FreeBSD open issues list to get a snapshot.

4.9 Release notes showing what is going in/being fixed

Rus

If SCO is bound and determined to commit public-relations and corporate suicide, all in one swell foop, I'm sure there are cleaner and quieter ways to go about it.

All this grandstanding (without presenting independently-verifiable proof of their claims, I think that's all they're doing) is only going to do one thing: Create a serious financial drain on the company in terms of court costs.

One interesting side effect to this whole mess may be that BSD-based OS's will get more attention. As far as I know, neither NetBSD, nor FreeBSD, nor OpenBSD have ever been the subject of lawsuits of the type that SCO is pushing.

Whatever happens, I think SCO has gone utterly, irretrievably bonkers if they think this kind of behavior will help them in any way. I feel sorry for the employees...

Redhat
Debian
SuSe
Apple
Linux-Mandrake
Gentoo
FreeBSD

As per the FSF recommedations, I only use free software

As far as I can see, the ACLs in FreeBSD/UFS2 (following the POSIX.1e proposal) just know the traditional read-write-execute/search permissions, only with more fine-grained possibilities to assign these rights to users and groups. However, the FreeBSD implementation seems to be flexible enough to support additional flags - in fact, the acl(3) manpage explicitly mentions nonportable functions for Netware style ACLs (and some others, like NTFS). I have no idea how to actually use that, however.

Sorry, but according to this manpage from 2.10BSD, the wheel group has been part of the `su root` algorithm since at least 1986. So you're saying that the rest of the world has been doing it wrong for all these years?

It sounds like you're describing bento, which Kris linked to in his email. If you ever wonder how a port build fails, or what it logs when it works, check bento!

FreeBSD is free, and , in my personal oppinion, quite as good as Linux with none of the comercialization (No, I am NOT trying to start a flamewar). Most Linux Programms will also run on FreeBSD Including Apache and Oracle as long as you install Linux Binary Emulation. For a production enviroment, you should use FreeBSD 4.8 ~STABLE, is is very stable.

There's my two cents.
Andrew

FreeBSD is free, and , in my personal oppinion, quite as good as Linux with none of the comercialization (No, I am NOT trying to start a flamewar). Most Linux Programms will also run on FreeBSD Including Apache and Oracle as long as you install Linux Binary Emulation. For a production enviroment, you should use FreeBSD 4.8 ~STABLE, is is very stable.

There's my two cents.
Andrew

> What's Debian GNU/Linux problem?

_Certification_. Debian is not certified to run lots of commercial products. And vendors deny to support this configuration.

I don't know why this guy are crying when FreeBSD gets only one year of support, SuSE gets 2 years(with no warranties) and Mandrake one year and a half(only for base packages).

If you need long time life distribution you should paid for it. Enterprise distributions like SuSE and Red Hat get five years of support and Mdk gets three.

But if you are a brave , you can make it yourself. This is Open/Free software ;-)

X is small and fast(at least XFree86 is). When you look at how much virtual memory it has mapped in. (using 'ps' for example). You also are seeing the amount of memory mapped in for the video frame buffer. Have a 32Mb video card? Well at *least* 32Mb of your virtual address space isn't mapping into system ram, it's mapped into video ram.

Also, with any application, the code space doesn't take system RAM in the same sense as data space does. Normally you map in pages of memory that point straight to the I/O device the executable exists on. (this is called mmap). You only have a few pages of system memory actually in-use, for the areas of the program that are currently executing or have executed recently. It's pretty easy to draw an analogy to this and swap memory, except this is a lot simpler to implement in a kernel.

I've build mini systems where XFree86 and Linux and a handful of fun apps ran in 4Mb of RAM. For a diskless system, you would want to use something like XIP (eXecute-In-Place). that way you don't have to go crazy loading in applications into system RAM or have funny mmap things that try to cache memory. (if it's all in RAM disk why are you caching RAM with more RAM? :)

Also check out the AgendaVR3 pda. I own one of these gizmos. The company is basically out of business, but their PDAs definently ran XFree86 and a ton of apps with only 8Mb of flash and 8Mb of RAM.

Of course. If XFree86 is still too big for you, there is always The MGR Window System. This fun program is designed to basically allow you to run multiple shells on the same screen in a graphical way, with each one having it's own font size if you want. It looks like monochrome X11, but it's a lot smaller. It also works over both telnet and ssh quite transparently. (all the GUI stuff is encoded in vt100-like escape codes). You can even do real graphics with it, look at this big screen shot if you don't believe me. Also it's open source, which is good because it probably hasn't used on linux after kernel version 1.2, have fun tinking with it. :)

V. Solution

<snip>

2) To patch your present system:

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility. The following patch
has been tested to apply to all FreeBSD 4.x releases and to FreeBSD
5.0-RELEASE.

# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA- 03:08/realpath.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA- 03:08/realpath.patch.asc

b) Apply the patch.

# cd /usr/src
# patch < /path/to/patch

c) Recompile your operating system as described in
<URL:http://www.freebsd.org/doc/handbook/makew orld.html>.

I'm not a Linux fanboy. I run OpenBSD on my home firewall/gateway, FreeBSD under VMware on my home PC, and am developing web applications (for work) on OpenBSD/sparc64. I also have an iBook running OSX and NetBSD.

Binary patches are in my eyes - the one thing holding back many people from deploying BSD in a production environment. Or at minimum me.

How can BSD be dying when it has a mascot like this?! Linux needs to get its act together if it's going to compete with the kind of hot chicks and gorgeous babes that BSD has to offer!

You just can't take Linux seriously when its fronted by losers like these. You Linux groupies need to find some sexy girls like her! I mean just look at this girl! Doesn't she make you hard? I know this little hottie floats my boat! This guy looks like he is about to cream his pants standing next to such a fox. As you can see, no man can resist this sexy little cock teaser. Even this old bearded Unix guru is apparently unable to take his eyes off her!

With sexy chicks like the lovely Ceren you will have people queuing up to buy open source products. Look! This guy can't get in there fast enough with her in the doorway! Come on, you must admit she is better than an overweight penguin! Don't you wish you could get one of these? Join the campaign for more cute open source babes today!

How can BSD be dying when it has a mascot like this?! Linux needs to get its act together if it's going to compete with the kind of hot chicks and gorgeous babes that BSD has to offer!

You just can't take Linux seriously when its fronted by losers like these. You Linux groupies need to find some sexy girls like her! I mean just look at this girl! Doesn't she make you hard? I know this little hottie floats my boat! This guy looks like he is about to cream his pants standing next to such a fox. As you can see, no man can resist this sexy little cock teaser. Even this old bearded Unix guru is apparently unable to take his eyes off her!

With sexy chicks like the lovely Ceren you will have people queuing up to buy open source products. Look! This guy can't get in there fast enough with her in the doorway! Come on, you must admit she is better than an overweight penguin! Don't you wish you could get one of these? Join the campaign for more cute open source babes today!

My reading of the issue on the FreeBSD advisory is that it is likely 10.1.x is affected by this too.

Can anyone confirm?

Is a fix from Apple likely? I would find it very disappointing if Apple have stopped issuing security fixes for this OS - even Microsoft support their previous generation products (Windows 2000 Professional, for example).

If not, given this affects the (open-source) Darwin core of the OS, is a patch to the affected library/ies a possibility?

It looks like I jumped the gun on this...On several levels...

First, wu-ftpd is not the ftp server in Mac OS X. lukemftpd is.

Second, the most relevant advisory is not the quoted one, but this one (which previously appeared on Slashdot): FreeBSD-SA-03:08.realpath.

As the name implies, the bug originates from FreeBSD, and potentially leaves a long list of programs vulnerable (listed in the advisory).

This means that the problem is broader than my original message anticipated. It means that other remote services may be vulnerable, including sftp.

Thanks to the anonymous user who brought my attention to my (pretty bad) mistake.

Please spread this information instead of the wrongful information in the parent post. Mod parent down.

I beg to differ. Do you know how many backdoors are in Microsoft products? Not many people do. In fact, I doubt anyone knows of all of them. The counter-argument against closed-source commercial binary-only software products is that it's harder to find binary backdoors than it is to find them in source code; even while using disassemblers and debugging tools. This compromise could have been prevented.

Take FreeBSD for example. Sure their mirrors may have been compromised in the past; but they have a solid architecture designed for managing a centralized repository. Only a very select few people have access to that system. You can bet that the ftp.gnu.org box had tens or hundreds of local accounts. The hackers might not have even directly compromised ftp.gnu.org. They could have hacked a workstation belonging to a developer, and worked their way back into that machine by trojaning ssh, storing the login/password information and logging in from a bounce-point.

Obviously the guys that hacked the machine understand the blackhat value in having complete and unfettered control of that server and its data. When the next vulnerability is discovered in the services provided by any FSF servers, you can bet these guys will be back with a vengance. What blows my mind is that the GNU/FSF crew don't have backups of the MAIN DISTRIBUTION SITE.

the portsystem is in a CVS repository too: cvsweb

So you can just check out the same revision / day as the system you want to clone, if you can't just copy it over.

It would be a whole lot better if the ports tree was frozen together with the OS when it's released

ftp://ftp.freebsd.org/pub/FreeBSD/releases/i386/IS O-IMAGES/