RE: Yikes! FreeBSD samba-3.0.26a_2, 1 is forbidden: "Remote Code Execution...
-Original Message- From: Tino Engel [mailto:[EMAIL PROTECTED] Sent: Sunday, 16 December 2007 4:53 AM To: Remko Lodder Cc: [EMAIL PROTECTED]; W. D.; [EMAIL PROTECTED]; freebsd-questions@freebsd.org Subject: Re: Yikes! FreeBSD samba-3.0.26a_2, 1 is forbidden: "Remote Code Execution... Remko Lodder schrieb: > On Fri, December 14, 2007 5:37 pm, W. D. wrote: > >> At 09:50 12/12/2007, Remko Lodder wrote: >> >>> W. D. wrote: >>> > > >> Well, it's been 2 days now. When will the code be updated >> in the FreeBSD ports? The version on the Samba website is >> 3.0.28. (http://www.Samba.org/) Why is the FreeBSD ports >> version stuck at 3.0.26a_2,1? >> > > I figure you have some spare time to help maintain these issues? > As you might be aware we are in the process of having a release > cycle and we are investigating which ports need to be upgraded > to do this properly without breaking an entire release. > > THAT takes a little including rebuilding ports. > > >> If there are fixes available already on the Samba websites, >> why can't they be integrated into the ports? >> > > They can, we are working on it Just have a little patience > > >> I neet to get a fileserver going right away. I would like >> to use Samba. Perhaps I should just load Windows on it? >> > > Ah yes make my day and make it happen, just dont come back whining in case > it does not do what you would have expected or something. If you need the > thing urgently install it manually and be done with it. > > >> It seems to me that leaving a port broken like this is >> very "unprofessional". I would expect more from the folks >> maintaing FreeBSD. >> > > Exactly; please go to the Windows team and install windows on your machine > to get more professional support, including paying for everything > > You tend to forget that we are volunteers and cannot handle it all; if you > know better, please step up and work on it else stfu. > > >> When is it going to be fixed? Does "soon" mean this century? >> This year? When? >> >> > > For you i'll make an exception for 2010... > > For every other person, we will have this incorporated ASAP. > > >> >> >> Start Here to Find It Fast!T -> >> http://www.US-Webmasters.com/best-start-page/ >> $8.77 Domain Names -> http://domains.us-webmasters.com/ >> >> >> *rofl* Perfect answer though... Regards, Tino ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" What's the fuss in using the latest Samba? Does using the latest ever possible makes your servers the best in the world? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Yikes! FreeBSD samba-3.0.26a_2, 1 is forbidden: "Remote Code Execution...
Remko Lodder schrieb: On Fri, December 14, 2007 5:37 pm, W. D. wrote: At 09:50 12/12/2007, Remko Lodder wrote: W. D. wrote: Well, it's been 2 days now. When will the code be updated in the FreeBSD ports? The version on the Samba website is 3.0.28. (http://www.Samba.org/) Why is the FreeBSD ports version stuck at 3.0.26a_2,1? I figure you have some spare time to help maintain these issues? As you might be aware we are in the process of having a release cycle and we are investigating which ports need to be upgraded to do this properly without breaking an entire release. THAT takes a little including rebuilding ports. If there are fixes available already on the Samba websites, why can't they be integrated into the ports? They can, we are working on it Just have a little patience I neet to get a fileserver going right away. I would like to use Samba. Perhaps I should just load Windows on it? Ah yes make my day and make it happen, just dont come back whining in case it does not do what you would have expected or something. If you need the thing urgently install it manually and be done with it. It seems to me that leaving a port broken like this is very "unprofessional". I would expect more from the folks maintaing FreeBSD. Exactly; please go to the Windows team and install windows on your machine to get more professional support, including paying for everything You tend to forget that we are volunteers and cannot handle it all; if you know better, please step up and work on it else stfu. When is it going to be fixed? Does "soon" mean this century? This year? When? For you i'll make an exception for 2010... For every other person, we will have this incorporated ASAP. Start Here to Find It Fast!™ -> http://www.US-Webmasters.com/best-start-page/ $8.77 Domain Names -> http://domains.us-webmasters.com/ *rofl* Perfect answer though... Regards, Tino ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: Yikes! FreeBSD samba-3.0.26a_2, 1 is forbidden: "Remote Code Execution...
> -Original Message- > From: Modulok [mailto:[EMAIL PROTECTED] > Sent: Friday, December 14, 2007 5:29 PM > To: Ted Mittelstaedt > Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; > [EMAIL PROTECTED]; FreeBSD-Questions@freebsd.org > Subject: Re: Yikes! FreeBSD samba-3.0.26a_2, 1 is forbidden: "Remote > Code Execution... > > > > Which is ever so irritating... > > In 40 years of lessons learned from the school of hard knocks in > relation to the design and evolution of both programming languages and > the software designs they implement, one truth has emerged: data > hiding increases the robustness of a program. Functions hide data, > classes hide data, namespaces hide data, the very concept of scope, > hides data. Yet, when we pull back and look at a slightly larger > picture of the interactions of programs themselves, we fail short of > carrying this idea through to a higher level. Package X depends on > package Y, but package Y depends on package Z, but package Z cannot be > installed because of a name conflict with package W. Update program X > and you could break what appears to be an un-related program J. Tough > luck. > > Code re-use is a good thing. Intricate, far-reaching dependencies are > not. While package managers attempt to mitigate the underlying issue, > using code re-use as an excuse for the fragility of a system design, > is unfortunate. I do not pretend to have all of the answers, but I > feel that current state of things could be much improved. The rot started years ago when Sun and others introduced the concept of dynamically loaded libraries. Time was that everything was statically compiled. An update to a library file would break nothing. But at the time, they had a problem - limited ram - available. This solved it with the tradeoff that updating would require recompiling a lot of stuff. Fast forward to today, when 2-4GB of RAM in a computer is standard. There's no penalty to statically linking all your libraries into a binary that isn't going to see more than 2-3 simultaneous instances in memory. But the thinking is still ossified back in the 80's as by default every program you build will dynalink. Ted No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.17.2/1184 - Release Date: 12/14/2007 11:29 AM ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Yikes! FreeBSD samba-3.0.26a_2, 1 is forbidden: "Remote Code Execution...
On 12/14/07, Ted Mittelstaedt <[EMAIL PROTECTED]> wrote: > > This happens from time to time with the FreeBSD ports system, and > there isn't any way to avoid it. Most open source software > today is written to depend on other open source software > packages. People don't like spending programming time > reinventing the wheel. As a result you have a large dependency > list which has deep roots as the dependent programs themselves > have even more dependencies. If just one single program in > that mess gets updated it will affect entire trees and many > other programs. > Which is ever so irritating... In 40 years of lessons learned from the school of hard knocks in relation to the design and evolution of both programming languages and the software designs they implement, one truth has emerged: data hiding increases the robustness of a program. Functions hide data, classes hide data, namespaces hide data, the very concept of scope, hides data. Yet, when we pull back and look at a slightly larger picture of the interactions of programs themselves, we fail short of carrying this idea through to a higher level. Package X depends on package Y, but package Y depends on package Z, but package Z cannot be installed because of a name conflict with package W. Update program X and you could break what appears to be an un-related program J. Tough luck. Code re-use is a good thing. Intricate, far-reaching dependencies are not. While package managers attempt to mitigate the underlying issue, using code re-use as an excuse for the fragility of a system design, is unfortunate. I do not pretend to have all of the answers, but I feel that current state of things could be much improved. That said, I think the volunteers, such as the package maintainers, are doing an excellent job within the confines of the system they are bound to. Sorry if this is off topic in relation to the samba issue, but one of the replies hit a sore spot of mine. I had to spill a few lines of my own. -Modulok- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
RE: Yikes! FreeBSD samba-3.0.26a_2, 1 is forbidden: "Remote Code Execution...
> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of W. D. > Sent: Friday, December 14, 2007 8:37 AM > To: [EMAIL PROTECTED] > Cc: Remko Lodder; [EMAIL PROTECTED]; FreeBSD-Questions@freebsd.org > Subject: Re: Yikes! FreeBSD samba-3.0.26a_2,1 is forbidden: "Remote Code > Execution... > > > I neet to get a fileserver going right away. I would like > to use Samba. Perhaps I should just load Windows on it? > Samba is a VERY EASY package to manually compile. It is NOT necessary to use the FreeBSD ports system to install it. It would probably be a good idea to look at the FreeBSD samba port and see what dependencies it calls for, then install those, before compiling Samba. But, you just follow the instructions in the Samba distribution and it will work fine. This happens from time to time with the FreeBSD ports system, and there isn't any way to avoid it. Most open source software today is written to depend on other open source software packages. People don't like spending programming time reinventing the wheel. As a result you have a large dependency list which has deep roots as the dependent programs themselves have even more dependencies. If just one single program in that mess gets updated it will affect entire trees and many other programs. This really isn't any different with commercial software. Most commercial software today uses many commercial libraries. When one of those libraries has a security hole, all the commercial programs that are built with that library now have that same security hole. That is why it is so easy to crack into Windows systems, because most of the time those commercial software developers don't "mark their stuff forbidden" like the Open Source community does. Money is at stake. Instead they just quietly release "updates" that close those holes months after the fact. In the meantime the spammers have been having a field day breaking into Windows systems and setting them up as zombies. > It seems to me that leaving a port broken like this is > very "unprofessional". I would expect more from the folks > maintaing FreeBSD. > It is much more "unprofessional" to do as the "professionals" do and simply pretend the problem doesen't exist, then release an update when they get around to it. I will close by saying that the crackers and criminals out there who find and exploit these security holes are the real ones causing the problem, they are the real people you should be "expecting more" from. They don't have your server schedule in mind when they release cracking scripts. If your a real IT manager, you should be very aware of this already, and be used to it. Railing against a bunch of wannabe criminals that break into things doesen't help, nor does bitching about the results of those criminal's actions to people who are trying to protect your ass from being exposed to them. All you can do is just sit back, wait for the dust to clear, and proceed forward when the fight between the black and white hats is over with for the moment. Ted No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.17.2/1184 - Release Date: 12/14/2007 11:29 AM ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: [Samba] Re: Yikes! FreeBSD samba-3.0.26a_2, 1 is forbidden: "Remote Code Execution...
On 12/14/2007, W. D. ([EMAIL PROTECTED]) wrote: When is it going to be fixed? Does "soon" mean this century? This year? When? Wow... someone needs to think before they speak. This is free software. You are in no position to make demands or whine about things like this. Besides - you're complaining to the wrong people - you need to find the FreeBSD ports maintainer for samba, and bug HIM (or her)... -- Best regards, Charles ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Yikes! FreeBSD samba-3.0.26a_2, 1 is forbidden: "Remote Code Execution...
On Fri, December 14, 2007 5:37 pm, W. D. wrote: > At 09:50 12/12/2007, Remko Lodder wrote: >>W. D. wrote: > Well, it's been 2 days now. When will the code be updated > in the FreeBSD ports? The version on the Samba website is > 3.0.28. (http://www.Samba.org/) Why is the FreeBSD ports > version stuck at 3.0.26a_2,1? I figure you have some spare time to help maintain these issues? As you might be aware we are in the process of having a release cycle and we are investigating which ports need to be upgraded to do this properly without breaking an entire release. THAT takes a little including rebuilding ports. > > If there are fixes available already on the Samba websites, > why can't they be integrated into the ports? They can, we are working on it Just have a little patience > > I neet to get a fileserver going right away. I would like > to use Samba. Perhaps I should just load Windows on it? Ah yes make my day and make it happen, just dont come back whining in case it does not do what you would have expected or something. If you need the thing urgently install it manually and be done with it. > > It seems to me that leaving a port broken like this is > very "unprofessional". I would expect more from the folks > maintaing FreeBSD. Exactly; please go to the Windows team and install windows on your machine to get more professional support, including paying for everything You tend to forget that we are volunteers and cannot handle it all; if you know better, please step up and work on it else stfu. > > When is it going to be fixed? Does "soon" mean this century? > This year? When? > For you i'll make an exception for 2010... For every other person, we will have this incorporated ASAP. > > > > > Start Here to Find It Fast! -> > http://www.US-Webmasters.com/best-start-page/ > $8.77 Domain Names -> http://domains.us-webmasters.com/ > > -- /"\ Best regards, | [EMAIL PROTECTED] \ / Remko Lodder | [EMAIL PROTECTED] Xhttp://www.evilcoder.org/ | / \ ASCII Ribbon Campaign | Against HTML Mail and News ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Yikes! FreeBSD samba-3.0.26a_2, 1 is forbidden: "Remote Code Execution...
On Fri, Dec 14, 2007 at 10:37:10AM -0600, W. D. wrote: > At 09:50 12/12/2007, Remko Lodder wrote: > >W. D. wrote: > Dang! When will this be fixed? > > > >>> Soon, there are patches available, we just need to make sure that it > >>> doesn't bite anything while we are in a ports-slush, hence the FORBIDDEN > >>> part. > >>> > >>> Best regards, > >>> Remko > >> > >> Hours? Days? Weeks? > >> > > > >The freebsd port will be up to date as soon as possible, there are fixes > >available already on the Samba websites.. > > > >Best regards, > >remko > > Well, it's been 2 days now. When will the code be updated > in the FreeBSD ports? The version on the Samba website is > 3.0.28. (http://www.Samba.org/) Why is the FreeBSD ports > version stuck at 3.0.26a_2,1? > > If there are fixes available already on the Samba websites, > why can't they be integrated into the ports? > > I neet to get a fileserver going right away. I would like > to use Samba. Perhaps I should just load Windows on it? > > It seems to me that leaving a port broken like this is > very "unprofessional". I would expect more from the folks > maintaing FreeBSD. > > When is it going to be fixed? Does "soon" mean this century? > This year? When? I guess, if you are in a hurry, you are welcome to do the work. It will get done as soon as the volunteers who maintain it get to doing it.If you need it sooner, then get busy and do it yourself. You won't assist them any by getting sarcastic and juvenile about it either. jerry > > > > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Yikes! FreeBSD samba-3.0.26a_2, 1 is forbidden: "Remote Code Execution...
> Well, it's been 2 days now. When will the code be updated > in the FreeBSD ports? The version on the Samba website is > 3.0.28. (http://www.Samba.org/) Why is the FreeBSD ports > version stuck at 3.0.26a_2,1? > > If there are fixes available already on the Samba websites, > why can't they be integrated into the ports? > > I neet to get a fileserver going right away. I would like > to use Samba. Perhaps I should just load Windows on it? > > It seems to me that leaving a port broken like this is > very "unprofessional". I would expect more from the folks > maintaing FreeBSD. > > When is it going to be fixed? Does "soon" mean this century? > This year? When? Would you like to give the maintainer some money to hurry your absolute and urgent need? This has been said more than enough times, but people have jobs that actually make them money, and henceforth their priority. Resorting to negative comments doesn't make the testing phase of an updated port go any faster. > I neet to get a fileserver going right away. I would like > to use Samba. Perhaps I should just load Windows on it? How about working with the maintainer, testing patches, and helping with the port? That certainly would be more beneficial to the community. ;P ~Paul ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
