Bugtraq mailing list archives
Re: Gauntlet 5.0 BSDI warning
From: strange () CULTURAL COM (Strange)
Date: Mon, 18 Oct 1999 12:19:46 -0500
On Mon, 18 Oct 1999, Keith Young wrote:
This issue will appear if you do the following in sequence: 1) Install BSDI 3.1 2) Install Gauntlet 5.0 3) Install BSDI patch M310-049 4) Install Gauntlet 5.0 kernel patch level 2
According to the folks we asked at NAI in June about the Gauntlet install procedure (on all supported OSes), the install order to be used is: Install OS Install OS patches Install Gauntlet Install Gauntlet patches never install any OS patches again Because of that last nasty gotcha, we use a firewall builder box when we want to "patch" the firewalls. We then pull the newly-built drives, and swap them into the extant firewall box. Lather, rinse, repeat.
SOLUTIONS - A) Install M310-049 *before* installing Gauntlet 5.0.
Interestingly, this is what the vendor told us to *always* do, under *all* circumstances. I'd say that if you're going to apply vendor patches, you should assume you have to do a full Gauntlet reinstall because Gauntlet 5.0 replaces some key kernel items. Gauntlet 5.5 apparently avoids some of these issues by getting in front of the stack (much like ipf does) rather than replacing kernel code. OTOH, Mike Frantzen, in our summer-long "break the firewall" party, had some issues with some intentional 5.5 behaviors. Mike F. again deserves accolades for his magic ability to decompile code in his head.
1) # cp /usr/local/sys.gauntlet/i386/OBJ/ip_input.o /usr/src/sys/i386/OBJ 2) # sh /usr/local/sys.gauntlet/build_kernel/build_kernel 50.1 3) # reboot
I.e., a vendor patch replaced code that the gauntlet had already replaced. I am wondering if this is *really* a Gauntlet bug or a Gauntlet vendor documentation bug (they do not, as far as we could tell, make it plain that you should not apply vendor patches after installing the firewall). We got our clear answer only by calling support. -M Michael Brian Scher (MS683/MS3213) Anthropologist, Attorney, Policy Analyst Mainlining Internet Connectivity for Fun and Profit strange () netural com strange () cultural com strange () ispfh org Give me a compiler and a box to run it, and I can move the mail.
Current thread:
- Xerox DocuColor 4 LP D.O.S, (continued)
- Xerox DocuColor 4 LP D.O.S Jason Lutz (Oct 13)
- Security of "Virtual Network Computer" Mikael Olsson (Oct 12)
- Re: Security of "Virtual Network Computer" Cameron Simpson (Oct 12)
- Re: Security of "Virtual Network Computer" Dan Foster (Oct 12)
- Re: Security of "Virtual Network Computer" Luca Berra (Oct 13)
- Finjan Alert: WinNT.Infis Trojan by way of Tim Wieneke (Oct 13)
- The old "." problem nblasgen () NICK REFRACT COM (Oct 13)
- Re: The old "." problem David Zverina (Oct 14)
- Re: The old "." problem S.Faust (Oct 16)
- Gauntlet 5.0 BSDI warning Keith Young (Oct 18)
- Re: Gauntlet 5.0 BSDI warning Strange (Oct 18)
- Re: Gauntlet 5.0 BSDI warning Keith Young (Oct 18)
- Email virus on the prowel Albert Hopkins (Oct 19)
- Another Microsoft Java Flaw Disovered Gary McGraw (Oct 14)
- Administrivia Elias Levy (Oct 14)