From dk at farm.org Sun Jun 2 20:38:00 2002 From: dk at farm.org (Dmitry Kohmanyuk) Date: Sun, 2 Jun 2002 20:38:00 -0700 Subject: replacement disk for storagetek/clariion array In-Reply-To: <601EB3F56D368D41B89DC1A937FCCCFF496722@EMODEMAIL.emode.sf>; from Brandon Yu on Fri, May 31, 2002 at 03:43:18PM -0700 References: <601EB3F56D368D41B89DC1A937FCCCFF496722@EMODEMAIL.emode.sf> Message-ID: <20020602203800.A91948@farm.org> On Fri, May 31, 2002 at 03:43:18PM -0700, Brandon Yu wrote: > I found out that Storagetek drives are custom drives formatted with > 520byte/sectors (not the usual 512byte/sectors). So you have to buy the > drives from the Storagetek Channel reseller. You cannot just take a off the > shelf drive and format it yourself. Now to find a drive...I will need > luck!!! 520 bytes per sector is just another standard for SCSI drives - new Netapp drives use same block size; they are called `block check sum' I think. > -----Original Message----- > From: jhoney at flash.net [mailto:jhoney at flash.net] > Sent: Thursday, May 30, 2002 7:18 PM > To: baylisa at baylisa.org > Subject: Re: replacement disk for storagetek/clariion array > > > I used to work for a computer OEM that indeed ordered 'custom' drives with > special SCSI commands built into the drives ROM but such things are pretty > rare nowadays because most OEM consumers wised up and pushed back. The > drive mfgrs don't really like this either anyway. I wouldn't say it was > impossible that this drive is a 'special' drive but it is unlikely. I can't > imagine that it would have to come from the Storagetek factory with a > special format. For SCSI that sort of thing (formatting) is usually more in > the domain of the controller chip on the bus controller card (i.e., not on > the interface chip of the drive like IDE drives). That was one of the main > tenets of IDE. > > I'm just shooting from the hip here but it would seem to me there has to be > some utility/capability local on your system to support what you want to do. > Also, using the same model number frive might be a *real* good idea but I am > assuming you did that. Whether Storagetek would ever want you to know how > to do this might be the real issue. Be sure and share the answer if you > figure it out. > > Good luck. > > Brandon Yu wrote: > > > My array had a failed disk and I replaced it with a off the shelf 18gig > fibre scsi disk. Seems like the drive is recognized as being unformatted by > the array. > Does anyone know if I have to buy from Storagetek..something special about > the disk? > > From jxh at jxh.com Tue Jun 11 14:48:26 2002 From: jxh at jxh.com (Jim Hickstein) Date: Tue, 11 Jun 2002 14:48:26 -0700 Subject: BayLISA host moving Message-ID: <186330000.1023832106@jxh.mirapoint.com> The host www.baylisa.org will be off the air for a few hours this afternoon. If you have trouble reaching the web site, or sending mail to a baylisa list, please try again later on. From star at starshine.org Tue Jun 18 13:41:00 2002 From: star at starshine.org (Heather Stern) Date: Tue, 18 Jun 2002 13:41:00 -0700 Subject: Meeting 20 Thurs Jun, 7:30 pm Message-ID: <20020618204100.GA28682@starshine.org> Greetings all, and once again, it's time to slip it into your PDAs -- BayLISA meets this week. Specifically, on Thursday the 2-th, the third Thursday of the month. Topic - Python Is Worth Learning Speaker - Jim Dennis, Starshine Technical Services When - 7:30 pm until oh, 9:30 or so... expect to get out around 10. Where - Incyte Genomics HQ 3160 Porter Drive Palo Alto Porter Drive is between Foothill Expressway and El Camino, along Page Mill Rd. Travelling: south (From Foothill/280) -- turn right north (from El Camino) -- turn left It's the third driveway on the right: 1. Wall Street Journal 2. right next to 3 3. silver monolith with Lockheed Martin and Incyte Genomics logos on it - shiny enough that they're both hard to see. Incyte is the building in the back. We'll see you there if you can make it :) A bunch of us like to go out afterwards for pizza, sandwiches, snacks, drinks, and more conversation. Don't forget that we have a membership special if you bring new members that join at a meeting - $20 off your own membership or next renewal - and that we are welcoming new corporate memberships. -* Heather Stern * Arch (secretary) BayLISA Board * http://www.baylisa.org/ *- From star at starshine.org Wed Jun 19 16:27:40 2002 From: star at starshine.org (Heather Stern) Date: Wed, 19 Jun 2002 16:27:40 -0700 Subject: Sysadmin Picnic 14 July, 11 am til evening. Message-ID: <20020619232740.GA4006@starshine.org> How well we know that a sysadmin's life is not a picnic. However, once a year, BayLISA holds an actual outdoor picnic for its members and their colleagues. Spouses and children are also welcome. WHEN: next month Sunday June 14th. starting around 11 am... ending when the park closes. The park is not open at night. This makes it the weekend -before- BayLISA's regular monthly meeting in July, rather than after. WHERE: Oak Meadow Park Area 1 Los Gatos University Avenue & Blossom Hill Road. note. This has no relation whatsoever to the University Avenue found near Stanford, at least as far as I can tell. To get to Los Gatos in general: http://www.los-gatos.org/visitors/maps.html To get to Oak Meadow, a map: http://www.bjwrr.org/bjwrr-map.html note. Winchester Blvd is visible on the map, as is Hwy 9, so that should help place it. WHAT: There will be -- * a large barbecue grill ... wide enough to keep meat and veggies seperate. * power ... yes, and hubs too. * some drinks and miscellaneous barbecue/picnic type food ... if you want to be sure what sort of food or drink arrives, bring some to share. * an installfest / installathon / performance tune-up party. * this park is also home to the Billy Jones Wildcat Railroad, which can be ridden. http://www.los-gatos.ca.us/los_gatos/parks_and_rec/ billy_jones_rr/rr_desc.html INSTALLFEST YOU SAY? As if you could keep this many sysadmins showing up at the same time from having their recent copies of OpenBSD, FreeBSD, Linux this or that, etc. on hand anyway. Yes, it's an opportunity to pick the brains of your fellow admins, or mentor a few people yourself. All while enjoying a burger or three. Folks are welcome to bring whatever silly picnic toys they like. We ask that you keep water toys pointed away from the electronic toys though. Not too surprisingly, trons get way too excited when they get near water, and the computers don't like it much :( There will almost certainly be a Ham talk-in. Hams expected to attend, or anybody volunteering to arrive with food and/or help with setup and teardown, are welcome to post their rsvp to the BayLISA Wheels (blw at baylisa.org). -* Heather Stern * Arch (secretary) BayLISA Board * http://www.baylisa.org/ *- From david at catwhisker.org Mon Jun 24 15:29:26 2002 From: david at catwhisker.org (David Wolfskill) Date: Mon, 24 Jun 2002 15:29:26 -0700 (PDT) Subject: Fwd: [openssh-unix-announce] Re: Upcoming OpenSSH vulnerability Message-ID: <200206242229.g5OMTQ9g004284@bunrab.catwhisker.org> [Via freebsd-security at FreeBSD.ORG Mon Jun 24 14:36:45 2002] From: Markus Friedl To: openssh-unix-announce at mindrot.org, openssh-unix-dev at mindrot.org Subject: [openssh-unix-announce] Re: Upcoming OpenSSH vulnerability Reply-To: openssh at openssh.com Date: Mon, 24 Jun 2002 23:06:31 +0200 On Mon, Jun 24, 2002 at 03:00:10PM -0600, Theo de Raadt wrote: > Date: Mon, 24 Jun 2002 15:00:10 -0600 > From: Theo de Raadt > Subject: Upcoming OpenSSH vulnerability > To: bugtraq at securityfocus.com > Cc: announce at openbsd.org > Cc: dsi at iss.net > Cc: misc at openbsd.org > > There is an upcoming OpenSSH vulnerability that we're working on with > ISS. Details will be published early next week. > > However, I can say that when OpenSSH's sshd(8) is running with priv > seperation, the bug cannot be exploited. > > OpenSSH 3.3p was released a few days ago, with various improvements > but in particular, it significantly improves the Linux and Solaris > support for priv sep. However, it is not yet perfect. Compression is > disabled on some systems, and the many varieties of PAM are causing > major headaches. > > However, everyone should update to OpenSSH 3.3 immediately, and enable > priv seperation in their ssh daemons, by setting this in your > /etc/ssh/sshd_config file: > > UsePrivilegeSeparation yes > > Depending on what your system is, privsep may break some ssh > functionality. However, with privsep turned on, you are immune from > at least one remote hole. Understand? > > 3.3 does not contain a fix for this upcoming bug. > > If priv seperation does not work on your operating system, you need to > work with your vendor so that we get patches to make it work on your > system. Our developers are swamped enough without trying to support > the myriad of PAM and other issues which exist in various systems. > You must call on your vendors to help us. > > Basically, OpenSSH sshd(8) is something like 27000 lines of code. A > lot of that runs as root. But when UsePrivilegeSeparation is enabled, > the daemon splits into two parts. A part containing about 2500 lines > of code remains as root, and the rest of the code is shoved into a > chroot-jail without any privs. This makes the daemon less vulnerable > to attack. > > We've been trying to warn vendors about 3.3 and the need for privsep, > but they really have not heeded our call for assistance. They have > basically ignored us. Some, like Alan Cox, even went further stating > that privsep was not being worked on because "Nobody provided any info > which proves the problem, and many people dont trust you theo" and > suggested I "might be feeding everyone a trojan" (I think I'll publish > that letter -- it is just so funny). HP's representative was > downright rude, but that is OK because Compaq is retiring him. Except > for Solar Designer, I think none of them has helped the OpenSSH > portable developers make privsep work better on their systems. > Apparently Solar Designer is the only person who understands the need > for this stuff. > > So, if vendors would JUMP and get it working better, and send us > patches IMMEDIATELY, we can perhaps make a 3.3.1p release on Friday > which supports these systems better. So send patches by Thursday > night please. Then on Tuesday or Wednesday the complete bug report > with patches (and exploits soon after I am sure) will hit BUGTRAQ. > > Let me repeat: even if the bug exists in a privsep'd sshd, it is not > exploitable. Clearly we cannot yet publish what the bug is, or > provide anyone with the real patch, but we can try to get maximum > deployement of privsep, and therefore make it hurt less when the > problem is published. > > So please push your vendor to get us maximally working privsep patches > as soon as possible! > > We've given most vendors since Friday last week until Thursday to get > privsep working well for you so that when the announcement comes out > next week their customers are immunized. That is nearly a full week > (but they have already wasted a weekend and a Monday). Really I think > this is the best we can hope to do (this thing will eventually leak, > at which point the details will be published). > > Customers can judge their vendors by how they respond to this issue. > > OpenBSD and NetBSD users should also update to OpenSSH 3.3 right away. > On OpenBSD privsep works flawlessly, and I have reports that is also > true on NetBSD. All other systems appear to have minor or major > weaknesses when this code is running. > > (securityfocus postmaster; please post this through immediately, since > i have bcc'd over 30 other places..) _______________________________________________ openssh-unix-announce at mindrot.org mailing list http://www.mindrot.org/mailman/listinfo/openssh-unix-announce To Unsubscribe: send mail to majordomo at FreeBSD.org with "unsubscribe freebsd-security" in the body of the message