Solar Designer | 6 Jan 10:01 2006

crypt_blowfish 1.0

Hi,

Marko Kreen has discovered and reported a minor security bug in our
password hashing package, crypt_blowfish 0.4.7 and below.  In response
to this, I've released crypt_blowfish 1.0, with the bug fixed:

	http://www.openwall.com/crypt/

Since no other significant changes to the code have been made (or needed
to be made) in a long time (despite active use of crypt_blowfish in a
number of projects), I am considering this version mature enough to be
called 1.0.

The bug fixed with this release affected the way salts for extended
DES-based and for MD5-based password hashes were generated with the
crypt_gensalt*() family of functions.  It would result in a higher than
expected number of matching salts with large numbers of password hashes
of the affected types.  crypt_gensalt*()'s functionality for
Blowfish-based (bcrypt) hashes that crypt_blowfish itself implements and
for traditional DES-based crypt(3) hashes was not affected.

Since bcrypt hashes were not affected, default installs of Owl were not
affected either.  The specific impact this could have on non-default
installs of Owl is described in the latest Owl-current change log entry
for glibc:

	http://www.openwall.com/Owl/CHANGES-current.shtml

At this time, a similar glibc update for Owl 1.1-stable is not planned.
Instead, we're planning to make another official release of Owl which
(Continue reading)

Bernhard Fischer | 11 Jan 07:14 2006

ntpd terminates right after starting

Someone mailed problems with openntp last Dez. Now i am in the same
situation. Right after starting the daemon the forked child terminates
and that's it. Strace does not show me any usefull hints (socketpair()
is suspected for me to fail in this situation?).

The very strange thing is: i do have 2 machines (mostly the same
hardware and package releases) and only on one of them i can startup
ntpd. The problem is reproducible on the other one, when i use a kernel
with QOS (i have to use traffic-shaping on this gateway). I tried
several kernel options to isolate the reason, but without success for
now. I am only able to test outside office hours, because it is a
productive machine.

Anyone out there with the straight tipp for me?!?

Greetings
Bernhard

Solar Designer | 11 Jan 15:19 2006

Re: ntpd terminates right after starting

On Wed, Jan 11, 2006 at 07:14:56AM +0100, Bernhard Fischer wrote:
> Someone mailed problems with openntp last Dez.

Those were not "real" problems.  Some log file messages were confusing,
that's all.

> Now i am in the same
> situation. Right after starting the daemon the forked child terminates
> and that's it. Strace does not show me any usefull hints (socketpair()
> is suspected for me to fail in this situation?).
> 
> The very strange thing is: i do have 2 machines (mostly the same
> hardware and package releases) and only on one of them i can startup
> ntpd.

Now this does sound like a real problem.  Please place your strace
output on a private URL and post that.  We'll have a look.

Thanks,

--

-- 
Alexander Peslyak <solar at openwall.com>
GPG key ID: B35D3598  fp: 6429 0D7E F130 C13E C929  6447 73C3 A290 B35D 3598
http://www.openwall.com - bringing security into open computing environments

Bernhard Fischer | 12 Jan 08:46 2006

Re: ntpd terminates right after starting

Hi Alexander,

this behavior occurs not on every machine from mine as i said before,
but always when i activate the Link Eqaulizer net/sched/sch_teql.c
(CONFIG_NET_SCH_TEQL not as module) which itself generates a new teql
network-device. So what?!? Does it also count that there are 4 eths on
the problematic one and only 2 eths on the other one? I will test this
machine with the same network components.
strace does not show as much as hoped for. It would be more important to
see when/why the forked client terminates. I have to do more logging!

Here are the last 30 lines of strace from "ntpd -d -f /etc/ntpd.conf":
....
read(3, "J\211\213\4^CQ}\2\222\263\301G\267%F4\373U\276\341iZ\244"...,
32) = 32
close(3)                                = 0
getpid()                                = 408
getpid()                                = 408
getuid32()                              = 0
getpid()                                = 408
time(NULL)                              = 1137015810
getpid()                                = 408
stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=837, ...}) = 0
socketpair(PF_FILE, SOCK_STREAM, 0, [3, 4]) = 0
fork()                                  = 409
--- SIGCHLD (Child exited)  <at>  0 (0) ---
rt_sigaction(SIGTERM, {0x8049900, [TERM], SA_RESTORER|SA_RESTART,
0x256428}, {SIG_DFL}, 8) = 0
rt_sigaction(SIGINT, {0x8049900, [INT], SA_RESTORER|SA_RESTART,
0x256428}, {SIG_DFL}, 8) = 0
(Continue reading)

Solar Designer | 12 Jan 08:46 2006

Re: ntpd terminates right after starting

On Thu, Jan 12, 2006 at 08:46:14AM +0100, Bernhard Fischer wrote:
> strace does not show as much as hoped for. It would be more important to
> see when/why the forked client terminates. I have to do more logging!

You should be using "strace -fF".

> If you are interrested in more info (full strace, kernel config) please
> mail me and i will send it directly to you.

Yes, but I'd rather have others involved with Owl help deal with this, --
which is why I've suggested placing your stuff on a private URL + posting
that to the list instead of sending it all to me privately.

--

-- 
Alexander Peslyak <solar at openwall.com>
GPG key ID: B35D3598  fp: 6429 0D7E F130 C13E C929  6447 73C3 A290 B35D 3598
http://www.openwall.com - bringing security into open computing environments

Was I helpful?  Please give your feedback here: http://rate.affero.net/solar

Randy Greif | 14 Jan 21:16 2006
Picon

Settle


I am a first time user of any linux based system.
I am trying to install Owl on a server, Compaq PIII zeon 733 system the owl
1.1 iso I downloaded seems fine it boots the sytem up and brings it to a
login--password etc. seems to be no problem there. The install says to type
"settle" to install when I type settle it says command not found. I am a
complete novice  with this so remember I am a windows individual trying to
install Owl.

Randy Greif

--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.371 / Virus Database: 267.14.17/229 - Release Date: 1/13/2006

--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.371 / Virus Database: 267.14.17/229 - Release Date: 1/13/2006

Randy Greif | 14 Jan 21:27 2006
Picon

RE: Settle


Randy Greif
ERA Real Estate Professionals
3745 Center Point Road
Cedar Rapids, Iowa 52402
Office (319) 395-0411
Cell: (319) 389-2101
Fax: (319) 395-0417
randal.greif <at> era.com <mailto:randal.greif <at> era.com> 
Licensed in the state of Iowa

-----Original Message-----
From: Randy Greif [mailto:rcgreif <at> mcleodusa.net]
Sent: Saturday, January 14, 2006 2:16 PM
To: owl-users <at> lists.openwall.com
Subject: [owl-users] Settle

I am a first time user of any linux based system.
I am trying to install Owl on a server, Compaq PIII zeon 733 system the owl
1.1 iso I downloaded seems fine it boots the sytem up and brings it to a
login--password etc. seems to be no problem there. The install says to type
"settle" to install when I type settle it says command not found. I am a
complete novice  with this so remember I am a windows individual trying to
install Owl.

Randy Greif

--
No virus found in this outgoing message.
Checked by AVG Free Edition.
(Continue reading)

Solar Designer | 14 Jan 21:40 2006

Re: Settle

Randy,

"settle" is currently only available in Owl-current, not in the older
1.1 release.  The installation instructions that you see on the website
start with this remark:

"The instructions below apply to Owl-current snapshots dated 2005/08/08
and newer (until revised).  For older versions of Owl (such as the 1.1
release), please refer to Owl/doc/INSTALL as included in the "native"
tree for your version (that's /usr/src/world/native/Owl/doc/INSTALL on
the CDs)."

So you would need to refer to /usr/src/world/native/Owl/doc/INSTALL on
the CD, but unfortunately the installation procedure of Owl 1.1 assumes
prior experience with Linux.

So my advice is that you do one or both of the following:

1. Download the latest Owl-current ISO instead.  It's located under
current/iso/ on the mirrors listed at:

	http://www.openwall.com/Owl/DOWNLOAD.shtml

For the current version, the filename is Owl-current-20051208-i386.iso.gz

Then you would be able to use "settle".

2. Let us install the system and any application software for you
remotely.  You would only need to configure an IP address and a
temporary root password for the CD-booted system.  (Yes, this is a paid
(Continue reading)

Randy Greif | 14 Jan 22:24 2006
Picon

RE: Settle

Thanks
I thought I had the current
but it was the folder that was dated this month but the file was earlier
I will try the new one.

Randy

-----Original Message-----
From: Solar Designer [mailto:solar <at> openwall.com]
Sent: Saturday, January 14, 2006 2:41 PM
To: owl-users <at> lists.openwall.com
Subject: Re: [owl-users] Settle

Randy,

"settle" is currently only available in Owl-current, not in the older
1.1 release.  The installation instructions that you see on the website
start with this remark:

"The instructions below apply to Owl-current snapshots dated 2005/08/08
and newer (until revised).  For older versions of Owl (such as the 1.1
release), please refer to Owl/doc/INSTALL as included in the "native"
tree for your version (that's /usr/src/world/native/Owl/doc/INSTALL on
the CDs)."

So you would need to refer to /usr/src/world/native/Owl/doc/INSTALL on
the CD, but unfortunately the installation procedure of Owl 1.1 assumes
prior experience with Linux.

So my advice is that you do one or both of the following:
(Continue reading)

Solar Designer | 26 Jan 00:33 2006

Owl-current 2006/01/22 ISO; tcb 1.0; pam_mktemp 1.0.2; passwdqc for OpenBSD

Hi,

This is to announce several things at once:

1. There's a new Owl-current ISO-9660 image (dated 2006/01/22) available
for download under /pub/Owl/current/iso on the FTP mirrors:

	http://www.openwall.com/Owl/DOWNLOAD.shtml

Our new installer will now use the ncurses/CDK-based user interface with
colors by default on terminals which appear to be sufficiently capable.
There are command-line options to both "setup" and "settle" to disable
colors ("-b") or even force the dumb terminal interface ("-d").

Besides the installer, the following other packages have been
significantly updated since the last ISO snapshot (December 8, 2005):
man-pages (including the addition of POSIX man pages), Postfix, John the
Ripper, VIM, libnet, libnids, chkconfig, db4, gcc, man, hdparm,
diffstat, tcb, Linux-PAM, dialog, glibc, bash, Nmap, libutempter, and
strace.

Please refer to the change log for descriptions of these changes:

	http://www.openwall.com/Owl/CHANGES-current.shtml

This might be the last Owl-current snapshot to be made available before
the Owl 2.0 release.  Please test this extensively and provide your
feedback!

2. The tcb suite implementing our alternative password shadowing scheme
(Continue reading)


Gmane