FreeBSD IPSec stack contains backdoors?
-- Forwarded message -- From: Victor Lyapunov fullblastst...@gmail.com Date: 2010/12/15 Subject: FreeBSD IPSec stack contains backdoors? To: FreeBSD Mailing List freebsd-questions@freebsd.org Hi folks, Recently OpenBSD developer Gregory Perry disclosed information about possible backdoors in OpenBSD IPSec stack (see http://permalink.gmane.org/gmane.os.openbsd.tech/22557) In particular, Gregory Perry, who has been working on a OpenBSD -ish implementation of IPSec says a number of backdoors have been introduced into the code. As far as I am aware, FreeBSD contains considerable amount of code ported from OpenBSD. The question is: was the FreeBSD's ipsec code ported from OpenBSD's implementation? If so, what might be the impact of this? Thanks, Victor Lyapunov. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD IPSec stack contains backdoors?
The FreeBSD security officer team has already written an official response about this. Please have a look at: http://lists.freebsd.org/pipermail/freebsd-security/2010-December/005746.html Regards, Giorgos On Fri, 17 Dec 2010 14:28:37 +0600, Victor Lyapunov fullblastst...@gmail.com wrote: -- Forwarded message -- From: Victor Lyapunov fullblastst...@gmail.com Date: 2010/12/15 Subject: FreeBSD IPSec stack contains backdoors? To: FreeBSD Mailing List freebsd-questions@freebsd.org Hi folks, Recently OpenBSD developer Gregory Perry disclosed information about possible backdoors in OpenBSD IPSec stack (see http://permalink.gmane.org/gmane.os.openbsd.tech/22557) In particular, Gregory Perry, who has been working on a OpenBSD -ish implementation of IPSec says a number of backdoors have been introduced into the code. As far as I am aware, FreeBSD contains considerable amount of code ported from OpenBSD. The question is: was the FreeBSD's ipsec code ported from OpenBSD's implementation? If so, what might be the impact of this? Thanks, Victor Lyapunov. pgpj38p4qhlWi.pgp Description: PGP signature
Re: FreeBSD IPSec stack contains backdoors?
Reads like an unacceptable response to an issue that seems quite critical. On Fri, Dec 17, 2010 at 4:31 AM, Giorgos Keramidas keram...@freebsd.orgwrote: The FreeBSD security officer team has already written an official response about this. Please have a look at: http://lists.freebsd.org/pipermail/freebsd-security/2010-December/005746.html Regards, Giorgos On Fri, 17 Dec 2010 14:28:37 +0600, Victor Lyapunov fullblastst...@gmail.com wrote: -- Forwarded message -- From: Victor Lyapunov fullblastst...@gmail.com Date: 2010/12/15 Subject: FreeBSD IPSec stack contains backdoors? To: FreeBSD Mailing List freebsd-questions@freebsd.org Hi folks, Recently OpenBSD developer Gregory Perry disclosed information about possible backdoors in OpenBSD IPSec stack (see http://permalink.gmane.org/gmane.os.openbsd.tech/22557) In particular, Gregory Perry, who has been working on a OpenBSD -ish implementation of IPSec says a number of backdoors have been introduced into the code. As far as I am aware, FreeBSD contains considerable amount of code ported from OpenBSD. The question is: was the FreeBSD's ipsec code ported from OpenBSD's implementation? If so, what might be the impact of this? Thanks, Victor Lyapunov. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD IPSec stack contains backdoors?
Strange, reads like a totally reasoned response to me to an issue that is somewhere between a practical joke and something critical. I will go with the SECTeam's assessment. They have a proven track record for assessing and dealing with security issues. ---Mike On 12/17/2010 10:36 AM, Mike L wrote: Reads like an unacceptable response to an issue that seems quite critical. On Fri, Dec 17, 2010 at 4:31 AM, Giorgos Keramidas keram...@freebsd.orgwrote: The FreeBSD security officer team has already written an official response about this. Please have a look at: http://lists.freebsd.org/pipermail/freebsd-security/2010-December/005746.html Regards, Giorgos On Fri, 17 Dec 2010 14:28:37 +0600, Victor Lyapunov fullblastst...@gmail.com wrote: -- Forwarded message -- From: Victor Lyapunov fullblastst...@gmail.com Date: 2010/12/15 Subject: FreeBSD IPSec stack contains backdoors? To: FreeBSD Mailing List freebsd-questions@freebsd.org Hi folks, Recently OpenBSD developer Gregory Perry disclosed information about possible backdoors in OpenBSD IPSec stack (see http://permalink.gmane.org/gmane.os.openbsd.tech/22557) In particular, Gregory Perry, who has been working on a OpenBSD -ish implementation of IPSec says a number of backdoors have been introduced into the code. As far as I am aware, FreeBSD contains considerable amount of code ported from OpenBSD. The question is: was the FreeBSD's ipsec code ported from OpenBSD's implementation? If so, what might be the impact of this? Thanks, Victor Lyapunov. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD IPSec stack contains backdoors?
In response to Mike L jackoro...@gmail.com: Reads like an unacceptable response to an issue that seems quite critical. Go to hell. This whole thing has been completely blown out of proportion, and I'm sick of the FUD and all the other associated bullshit. As has already been revealed by people WHO WERE THERE who are willing to give actual details: The NSA and the FBI were using OpenBSD code to experiment with whether backdoors could be created. The did not submit their resultant code, and had no intention of doing so. It was an experiment, which is part of what open source is all about. You, Greg attention-whore Perry, and the mass-media all need to go back to snapping paparazzi photos of celebrities. Here, I formally double DES' bounty. If anyone can find any FBI inserted backdoors in such a way as to meet DES' criteria, I'll pay out the same as whatever he pays out. On Fri, Dec 17, 2010 at 4:31 AM, Giorgos Keramidas keram...@freebsd.orgwrote: The FreeBSD security officer team has already written an official response about this. Please have a look at: http://lists.freebsd.org/pipermail/freebsd-security/2010-December/005746.html Regards, Giorgos On Fri, 17 Dec 2010 14:28:37 +0600, Victor Lyapunov fullblastst...@gmail.com wrote: -- Forwarded message -- From: Victor Lyapunov fullblastst...@gmail.com Date: 2010/12/15 Subject: FreeBSD IPSec stack contains backdoors? To: FreeBSD Mailing List freebsd-questions@freebsd.org Hi folks, Recently OpenBSD developer Gregory Perry disclosed information about possible backdoors in OpenBSD IPSec stack (see http://permalink.gmane.org/gmane.os.openbsd.tech/22557) In particular, Gregory Perry, who has been working on a OpenBSD -ish implementation of IPSec says a number of backdoors have been introduced into the code. As far as I am aware, FreeBSD contains considerable amount of code ported from OpenBSD. The question is: was the FreeBSD's ipsec code ported from OpenBSD's implementation? If so, what might be the impact of this? Thanks, Victor Lyapunov. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org -- Bill Moran http://www.potentialtech.com http://people.collaborativefusion.com/~wmoran/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD IPSec stack contains backdoors?
On Fri, 17 Dec 2010 10:36:39 -0500, Mike L jackoro...@gmail.com wrote: On Fri, Dec 17, 2010 at 4:31 AM, Giorgos Keramidas keram...@freebsd.orgwrote: The FreeBSD security officer team has already written an official response about this. Please have a look at: http://lists.freebsd.org/pipermail/freebsd-security/2010-December/005746.html Reads like an unacceptable response to an issue that seems quite critical. On Fri, 17 Dec 2010 11:11:17 -0500, Mike Tancsa m...@sentex.net wrote: Strange, reads like a totally reasoned response to me to an issue that is somewhere between a practical joke and something critical. I will go with the SECTeam's assessment. They have a proven track record for assessing and dealing with security issues. Mike L, unacceptable or not this is the response of people who have been involved with FreeBSD security for a long time. I think their response is reasonable, given the out-of-scale proportions that the entire issue seems to have been blown into when magazine-style web sites picked it up and started 'decorating' the original email of Theo with their own view of what the message between the lines MIGHT have been. The role of the security officer team is not to take an issue that has been blown entirely out of proportion and add to the FUD. It's their responsibility to handle security incidents on a fact-based basis, and there are very little real facts out there about this particular theory right now. I don't know why you consider the security officer reply `unacceptable', but I'm relatively sure you will agree that they are quite sensible when they say: As always, anyone who believes that they have found a vulnerability affecting FreeBSD is requested to contact secteam at freebsd.org. I think that's a quite reasonable, sensible and down to earth thing to say. The rest of what the interwebs seems to be writing about these particular allegations are, to the best of my current knowledge, just a conspiracy theory trying to become as public as possible. I too will agree with Mike Tansa. I'll go 100% with the SECTeam’s assessment. They have a proven track record for assessing and dealing with security issues. Note: Let's keep the email traffic of security-officer down a bit. They don't really have to get Cc: copies of *all* the email messages of all the people subscribed to freebsd-questions. It's probably annoying and it may even turn out to be a waste of their time, or even obstruct them From seeing other, really *important* stuff about security issues. pgp7ilBx2zu2r.pgp Description: PGP signature
Re: FreeBSD IPSec stack contains backdoors?
On 17 December 2010 10:36, Mike L jackoro...@gmail.com wrote: Reads like an unacceptable response to an issue that seems quite critical. Here, let me re-iterate for those that may not have a copy of what you're saying is unacceptable in front of them: o we're aware there's talk about some projects possibly having been compromised a decade ago o we have ports of those projects in our project o the code that ends up in FreeBSD from those other projects rarely resembles the original project's code o in the porting process, bugs may unintentionally be introduced or removed o bugs present in the upstream project may not be found in FreeBSD's version o people are welcome and encouraged to look at the FreeBSD code, provide fixes and/or decide for themselves if they want to use it What more do you want them to say? How is this is not a perfectly reasonable response? Cutting security-officer@ out because I'm pretty sure Colin reads this list. kmw ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD IPSec stack contains backdoors?
Hi Mike L, Reads like an unacceptable response to an issue that seems quite critical. 1st.: Top posting on BSD lists is deprecated. 2nd: Serious security issues are best dealt with on security@ questions@ list was originally created for eg install program to point beginners at. 3rd.: OpenBSD FreeBSD etc are volunteer projects, Best be grateful when volunteers dedicate leisure time free of charge, to look at problems or allegations of problems. 4th _IF_ this is really quite critical to you, Yo can throw time or money at the problem to find a solution: Either: - Your leisure time to read parts of sources report back to security team, who I guess would be glad to co-ordinate if enough people volunteer to do a code read through. - Your employed time if your employer thinks its important. - Your money or your employers' if you have dependent customers There's various BSD consultants lists, eg I maintain a global geographic indexed list of consultants: http://www.berklix.com//consultants/ ( which also points to freebsd.org alphabetic consultants list ) ( No I'm not looking for work, busy elsewhere ) There's also various BSD etc foundations if you want to donate money indirect to pay toward a code review. On Fri, Dec 17, 2010 at 4:31 AM, Giorgos Keramidas keram...@freebsd.orgwrote: The FreeBSD security officer team has already written an official response about this. Please have a look at: http://lists.freebsd.org/pipermail/freebsd-security/2010-December/005746.html Regards, Giorgos On Fri, 17 Dec 2010 14:28:37 +0600, Victor Lyapunov fullblastst...@gmail.com wrote: -- Forwarded message -- From: Victor Lyapunov fullblastst...@gmail.com Date: 2010/12/15 Subject: FreeBSD IPSec stack contains backdoors? To: FreeBSD Mailing List freebsd-questions@freebsd.org Hi folks, Recently OpenBSD developer Gregory Perry disclosed information about possible backdoors in OpenBSD IPSec stack (see http://permalink.gmane.org/gmane.os.openbsd.tech/22557) In particular, Gregory Perry, who has been working on a OpenBSD -ish implementation of IPSec says a number of backdoors have been introduced into the code. As far as I am aware, FreeBSD contains considerable amount of code ported from OpenBSD. The question is: was the FreeBSD's ipsec code ported from OpenBSD's implementation? If so, what might be the impact of this? Thanks, Victor Lyapunov. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org Cheers, Julian -- Julian Stacey, BSD Unix Linux C Sys Eng Consultants Munich http://berklix.com Mail plain text; Not quoted-printable, or HTML or base 64. Avoid top posting, it cripples itemised cumulative responses. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
FreeBSD IPSec stack contains backdoors?
Hi folks, Recently OpenBSD developer Gregory Perry disclosed information about possible backdoors in OpenBSD IPSec stack (see http://permalink.gmane.org/gmane.os.openbsd.tech/22557) In particular, Gregory Perry, who has been working on a OpenBSD -ish implementation of IPSec says a number of backdoors have been introduced into the code. As far as I am aware, FreeBSD contains considerable amount of code ported from OpenBSD. The question is: was the FreeBSD's ipsec code ported from OpenBSD's implementation? If so, what might be the impact of this? Thanks, Victor Lyapunov. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD IPSec stack contains backdoors?
This is not so clear ! http://www.itworld.com/open-source/130820/openbsdfbi-allegations-denied-named-participant We should ask competent persons like Colin Percival… the FreeBSD Security Officer since 2005. He would have a point of view much more precise than anyone of us could have. ;-) Le 15 déc. 2010 à 15:23, Victor Lyapunov a écrit : Hi folks, Recently OpenBSD developer Gregory Perry disclosed information about possible backdoors in OpenBSD IPSec stack (see http://permalink.gmane.org/gmane.os.openbsd.tech/22557) In particular, Gregory Perry, who has been working on a OpenBSD -ish implementation of IPSec says a number of backdoors have been introduced into the code. As far as I am aware, FreeBSD contains considerable amount of code ported from OpenBSD. The question is: was the FreeBSD's ipsec code ported from OpenBSD's implementation? If so, what might be the impact of this? Thanks, Victor Lyapunov. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org –– - Grégory Bernard Director - --- www.osnet.eu --- -- Your provider of OpenSource appliances -- –– OSnetOSnetOSnetOSnetOSnetOSnetOSnetOSnetOSnetO ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD IPSec stack contains backdoors?
[Top posting edited out, with heavy elisions] On 12/15/10 17:55, bsd wrote: Le 15 déc. 2010 à 15:23, Victor Lyapunov a écrit : Recently OpenBSD developer Gregory Perry disclosed information about possible backdoors in OpenBSD IPSec stack As far as I am aware, FreeBSD contains considerable amount of code ported from OpenBSD. The question is: was the FreeBSD's ipsec code ported from OpenBSD's implementation? If so, what might be the impact of this? This is not so clear ! http://www.itworld.com/open-source/130820/openbsdfbi-allegations-denied-named-participant Possibly a little more information: http://www.theregister.co.uk/2010/12/15/openbsd_backdoor_claim/ We should ask competent persons like Colin Percival… the FreeBSD Security Officer since 2005. He would have a point of view much more precise than anyone of us could have. I have no doubt he's looking at it, but waiting until he knows something before making an announcement. Let him take as much time as he needs. Auditing the code seems a good idea, panicking about it a bad one. How many people actually use IPSec anyway? The one time I was forced to use it, it seemed like a hideous, designed by committee nightmare. (Having to set up incoming and outgoing crypto independently, who thought that was a good idea?) I'd always use something like OpenVPN by preference. -- Although the wombat is real and the dragon is not, few know what a wombat looks like, but everyone knows what a dragon looks like. -- Avram Davidson, _Adventures in Unhistory_ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD IPSec stack contains backdoors?
Even if it is FUD, seeing as there is smoke, a complete audit of said code, and subsystems must be completed for assurance On Wed, Dec 15, 2010 at 12:55 PM, bsd b...@todoo.biz wrote: This is not so clear ! http://www.itworld.com/open-source/130820/openbsdfbi-allegations-denied-named-participant We should ask competent persons like Colin Percival… the FreeBSD Security Officer since 2005. He would have a point of view much more precise than anyone of us could have. ;-) Le 15 déc. 2010 à 15:23, Victor Lyapunov a écrit : Hi folks, Recently OpenBSD developer Gregory Perry disclosed information about possible backdoors in OpenBSD IPSec stack (see http://permalink.gmane.org/gmane.os.openbsd.tech/22557) In particular, Gregory Perry, who has been working on a OpenBSD -ish implementation of IPSec says a number of backdoors have been introduced into the code. As far as I am aware, FreeBSD contains considerable amount of code ported from OpenBSD. The question is: was the FreeBSD's ipsec code ported from OpenBSD's implementation? If so, what might be the impact of this? Thanks, Victor Lyapunov. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org –– - Grégory Bernard Director - --- www.osnet.eu --- -- Your provider of OpenSource appliances -- –– OSnetOSnetOSnetOSnetOSnetOSnetOSnetOSnetOSnetO ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org