| Damien Miller | Re: Allegations regarding OpenBSD IPSEC
Ignoring motive, and looking at opportunity:
We have never allowed US citizens or foreign citizens working in the US
to hack on crypto code (Niels Provos used to make trips to Canada to
develop OpenSSH for this reason), so direct interference in the crypto
code is unlikely. It would also be fairly obvious - the crypto code
works as pretty basic block transform API, and there aren't many places
where one could smuggle key bytes out. We always used arcrandom() for
generating random numbers when ...
| Dec 14, 6:30 pm 2010 |
| Scott Lowe | Allegations of FBI involvement in OpenBSD IPSEC
I'm posting this message in the spirit of honesty and transparency.
My name was recently involved in allegations of FBI involvement in the
development of OpenBSD IPSEC. For the record: I am not, nor have I ever been,
affiliated with or employed by the FBI or any other government agency. My
advocacy of OpenBSD has been strictly due to my appreciation of the project.
There is no secret agenda here.
--
Scott
| Dec 14, 7:16 pm 2010 |
| Loganaden Velvindron | Re: Fix for broken autonegociation for tl(4)
Hi Miod,
Here's the relevant part of the dmesg:
l0 at pci0 dev 16 function 0 "Olicom OC2326" rev 0x01: irq 10 address 00:00:24:
27:ca:61
ukphy0 at tl0 phy 0: Generic IEEE 802.3u media interface, rev. 0: OUI 0x000000,
model 0x0000
ukphy1 at tl0 phy 31: Generic IEEE 802.3u media interface, rev. 5: OUI 0x100014,
model 0x0001
//Logan
C-x-C-c
| Dec 14, 8:22 pm 2010 |
| Brandon Mercer | Re: Allegations regarding OpenBSD IPSEC
If this type of thing really did happen and this actually is going on
something as simple as systrace or dtrace would have found it correct?
Surely folks have monitored and audited the actual function and traffic that
goes across the wire... conversely amd has a "debugger" that'll get you
access to more goodies than you could imagine and just recently I discovered
a similar "debugger" on the wifi chip on my phone. Guess its better it
doesn't work anyhow ;)
Brandon
| Dec 14, 8:26 pm 2010 |
| Ted Unangst | small drm uvm diff
there is no reason for drm_bufs to be poking inside the vmspace on its
own, this is what the uvm_map_hint function is for.
Index: drm_bufs.c
===================================================================
RCS file: /cvs/src/sys/dev/pci/drm/drm_bufs.c,v
retrieving revision 1.46
diff -u -r1.46 drm_bufs.c
--- drm_bufs.c 15 Dec 2010 04:59:52 -0000 1.46
+++ drm_bufs.c 15 Dec 2010 05:04:30 -0000
@@ -922,7 +922,6 @@
{
struct drm_device_dma *dma = dev->dma;
struct drm_buf_map *request = ...
| Dec 14, 10:05 pm 2010 |
| Otto Moerbeek |
| Dec 14, 11:48 pm 2010 |
| patrick keshishian |
| Dec 15, 3:13 am 2010 |
| Gregory Edigarov | Re: Allegations regarding OpenBSD IPSEC
On Wed, 15 Dec 2010 07:48:46 +0100
I think if it leaks data, it must leak data somewhere, i.e. there must
be a server somewhere, and this server must have an ip.
so if you look at your traffic, and you will find an ip other then ip
of your server, you will know where the leak goes.
--
With best regards,
Gregory Edigarov
| Dec 15, 3:20 am 2010 |
| Brandon Mercer |
| Dec 15, 3:40 am 2010 |
| Stuart Henderson | Re: Allegations regarding OpenBSD IPSEC
That's not necessary, key data can be leaked in or alongside the
encrypted datastream itself, there's no need to send it anywhere.
And it doesn't have to be a whole key, just something that makes
things cryptanalysis simpler.
*If there's something there*. Remember these are still just
allegations at this stage.
| Dec 15, 3:54 am 2010 |
| Kenneth R Westerback | Re: nvi diff fixing a display glitch leading to crash
Right list for commentary. If your intent was to submit a bug report
then this is the wrong way.
While I was unable to reproduce with a file I tried to create, I was
able to reproduce with your test file. On various size xterms at
least.
Unfortunately I have no understanding of the nvi code so I can't say
if your diff is the optimal way to address the problem.
| Dec 15, 4:56 am 2010 |
| Todd C. Miller |
| Dec 15, 7:43 am 2010 |
| Claudio Jeker | dhclient-script and resolv.conf
This made me go nuts for a long time. As soon as you have two interfaces
running dhclient those two will start fighting over /etc/resolv.conf
which is realy bad when short lease times are used and one interface is
not getting new leases.
This diff extends the dhclient-script in such a way that dhclient will
only restore the "old" resolv.conf file if it actually is in charge of the
current file. With this the fighting does not stop but is less
noticable.
Index: ...
| Dec 15, 8:08 am 2010 |
| Owain Ainsworth | Re: small drm uvm diff
Yup, that's fine.
This was in place in this initial import of this code, suprised i've not
noticed and cleaned it up yet.
--
In Pocataligo, Georgia, it is a violation for a woman over 200 pounds
and attired in shorts to pilot or ride in an airplane.
| Dec 15, 8:33 am 2010 |
| Thomas Pfaff | Fw: cwm: xev_reconfig -> xu_reconfig
I sent the diff below to a few guys found in the cwm cvs log about a month
ago but no love, so I'm posting here.
The diff is not that important but here it is anyway. It came about when
looking through the cwm code trying to fix a few bugs that I've uncovered
(though I've been unsuccessful so far). More diffs like this to come, if
anyone cares.
BTW, who should I send things like this to, if not this list?
Begin forwarded message:
[...]
Move xev_reconfig from xevents.c to xutil.c and ...
| Dec 15, 10:33 am 2010 |
| Mnass Caroline (via ... |
| Dec 15, 11:23 am 2010 |
| Jason L. Wright | Re: Allegations regarding OpenBSD IPSEC
Subject: Allegations regarding OpenBSD IPSEC
Every urban lengend is made more real by the inclusion of real names,
dates, and times. Gregory Perry's email falls into this category. I
cannot fathom his motivation for writing such falsehood (delusions
of grandeur or a self-promotion attempt perhaps?)
I will state clearly that I did not add backdoors to the OpenBSD
operating system or the OpenBSD crypto framework (OCF). The code I
touched during that work relates mostly to device drivers to ...
| Dec 15, 11:27 am 2010 |
| Okan Demirmen | Re: Fw: cwm: xev_reconfig -> xu_reconfig
Hi Thomas,
There are a few clean-up diffs floating around the guys in the logs,
some of which has some of the stuff you have below. The clean-ups have
not been forgotten.
Cheers,
| Dec 15, 11:50 am 2010 |
| Kevin Chadwick | Re: Allegations regarding OpenBSD IPSEC
On Wed, 15 Dec 2010 10:27:31 -0800
Perhaps,
Promote his domains rank in google or the facebook link? (Does anyone
know if he always puts facebook links in mails)
Wants IPSEC audited for some reason?
Divert devs attention from something else?
If it's one of these reasons or any other alterior motive then that's
just dispicible.
However, NDAs often last for 10 years which either adds weight to
the well thought urban myth theory or to the possibility that it may be
I can't see how ...
| Dec 15, 12:04 pm 2010 |
| patrick keshishian |
| Dec 15, 12:26 pm 2010 |
| Peter N. M. Hansteen |
| Dec 15, 12:33 pm 2010 |
| patrick keshishian |
| Dec 15, 1:25 pm 2010 |
| Peter N. M. Hansteen |
| Dec 15, 1:31 pm 2010 |
| Damien Miller |
| Dec 15, 1:36 pm 2010 |
| Ted Unangst | Re: Allegations regarding OpenBSD IPSEC
The requirement that the bug still be exploitable in the current code
is a little much. A hidden side channel might possibly be quite
fragile and easily disarmed by accident without fixing the underlying
flaw, but that wouldn't invalidate the allegation. That part did read
a lot like hedging the bet.
An exploit like this that only worked pre-4.4 (to pick a random older
release for example) would still be very valuable.
| Dec 15, 1:54 pm 2010 |
| patrick keshishian | Re: Allegations regarding OpenBSD IPSEC
seriously?
# - that the OpenBSD Crypto Framework contains vulnerabilities
# which can be exploited by an eavesdropper to recover plaintext
# from an IPSec stream,
There is a big assumption about the alleged backdoor or
leak; i.e., that it is used to directly extract "plaintext"
out of an IPSEC stream. OK. Maybe reasonable.
# - that these vulnerabilities can be traced directly to code
# submitted by Jason Wright and / or other developers linked
# to Perry, and
Do they really ...
| Dec 15, 2:01 pm 2010 |
| Kevin Chadwick | Re: Allegations regarding OpenBSD IPSEC
On Wed, 15 Dec 2010 14:57:24 -0700
If your talking to me then I tried to make it clear that I was sitting
on the fence. I was going to go further but then figured that would be
leaning in one direction. I certainly wouldn't want to offend anyone I
don't know but I'm not going to defend them or help their case if I
don't know whether they're guilty or not either.
If your putting evidence forward, then logic dictates that the same
reasoning applies in that it doesn't clear you unquestionably ...
| Dec 15, 2:27 pm 2010 |
| Info |
| Dec 15, 2:55 pm 2010 |
| Tobias Weingartner | Re: Allegations regarding OpenBSD IPSEC
I've known Jason for quite a while, and nothing has ever
let me believe that I should question his character, motives
or otherwise make me believe he was not a straightforward
and honest person.
I think even in the USA a person is INNOCENT, until PROVEN
guilty. So in this case, you're the one that is out of
line. You're the one the onus of proof is on. Jason has
no need to give you evidence.
Quite frankly, dragging Jason (or anyone else) through the
mud in this fashion is completely ...
| Dec 15, 2:57 pm 2010 |
| Kenneth R Westerback | Read-only sd(4) devices -- good idea?
USB. Need I say more? :-)
I now have a USB device in hand which has a 'READONLY' physical switch on
the top. If set to READONLY, this device spews error messages when
writes are attempted. And the device freaks out so that ALL subsequent
i/o's fail.
I saw this:
http://lists.wpkg.org/pipermail/stgt/2010-March/003569.html
and hacked together the diff below to record the WRITE PROTECT info
that dev_spec provides. I unified the sd and st cases to use the same
flag.
The USB device is now ...
| Dec 15, 4:20 pm 2010 |
