svn commit: r40052 - head/en_US.ISO8859-1/htdocs/news
Gavin Atkinson
gavin at FreeBSD.org
Sat Nov 17 10:02:23 UTC 2012
Author: gavin
Date: Sat Nov 17 10:02:22 2012
New Revision: 40052
URL: http://svnweb.freebsd.org/changeset/doc/40052
Log:
Add page detailing the FreeBSD infrastructure security compromise,
announced November 2012.
Approved by: core, so (simon, blanket)
Added:
head/en_US.ISO8859-1/htdocs/news/2012-compromise.xml (contents, props changed)
Modified:
head/en_US.ISO8859-1/htdocs/news/Makefile
Added: head/en_US.ISO8859-1/htdocs/news/2012-compromise.xml
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/en_US.ISO8859-1/htdocs/news/2012-compromise.xml Sat Nov 17 10:02:22 2012 (r40052)
@@ -0,0 +1,217 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE html PUBLIC "-//FreeBSD//DTD XHTML 1.0 Transitional-Based Extension//EN"
+"http://www.FreeBSD.org/XML/doc/share/xml/xhtml10-freebsd.dtd" [
+<!ENTITY title "FreeBSD.org intrusion announced November 17th 2012">
+]>
+
+<html xmlns="http://www.w3.org/1999/xhtml">
+ <head>
+ <title>&title;</title>
+
+ <cvs:keyword xmlns:cvs="http://www.FreeBSD.org/XML/CVS">$FreeBSD$</cvs:keyword>
+ </head>
+
+ <body class="navinclude.about">
+
+ <table class="tblbasic">
+ <tbody>
+ <tr>
+ <td><h2 align="center"><a name="announce">Security Incident on
+ FreeBSD Infrastructure</a></h2>
+
+ <b>From:</b> FreeBSD Security Officer <security-officer at FreeBSD.org><br />
+ <b>To:</b> FreeBSD Security <FreeBSD-security at FreeBSD.org><br />
+ <b>Bcc:</b> freebsd-announce at freebsd.org, freebsd-security-notifications at FreeBSD.org<br />
+ <b>Reply-To:</b> secteam at FreeBSD.org<br />
+ <b>Subject:</b> Security Incident on FreeBSD Infrastructure<br />
+
+ <p>On Sunday 11th of November, an intrusion was detected on two
+ machines within the FreeBSD.org cluster. The affected machines
+ were taken offline for analysis. Additionally, a large portion
+ of the remaining infrastructure machines were also taken offline
+ as a precaution.</p>
+
+ <p>We have found no evidence of any modifications that would put
+ any end user at risk. However, we do urge all users to read the
+ report available at
+ <a href="/news/2012-compromise.html">http://www.freebsd.org/news/2012-compromise.html</a>
+ and decide on any required actions themselves. We will continue
+ to update that page as further information becomes known. We do
+ not currently believe users have been affected given current
+ forensic analysis, but we will provide updated information if
+ this changes.</p>
+
+ <p>As a result of this event, a number of operational security
+ changes are being made at the FreeBSD Project, in order to
+ further improve our resilience to potential attacks. We plan,
+ therefore, to more rapidly deprecate a number of legacy services,
+ such as cvsup distribution of FreeBSD source, in favour of our
+ more robust Subversion, freebsd-update, and portsnap models.</p>
+
+ <p>More information is available at
+ <a href="/news/2012-compromise.html">http://wwww.freebsd.org/news/2012-compromise.html</a></p>
+
+ <p>Saturday November 17th, 2012</p>
+ </td>
+ </tr>
+ </tbody>
+ </table>
+ <br />
+
+ <h2><a name="toc">Table of Contents</a></h2>
+
+ <ul>
+ <li><a href="#announce">Announcement</a></li>
+ <li><a href="#details">Initial Details</a></li>
+ <li><a href="#impact">What is the Impact?</a></li>
+ <li><a href="#done">What has FreeBSD.org done about this?</a></li>
+ <li><a href="#recommend">Recommendations</a></li>
+ </ul>
+
+ <p>More details will be added here as they become available.</p>
+
+ <h2><a name="details">Initial details</a></h2>
+
+ <p>On Sunday 11th November 2012, two machines within the FreeBSD.org
+ infrastructure were found to have been compromised. These machines
+ were head nodes for the legacy third-party package building
+ infrastructure. It is believed that the compromise may have occurred
+ as early as the 19th September 2012.</p>
+
+ <p>The compromise is believed to have occurred due to the leak of an
+ SSH key from a developer who legitimately had access to the machines
+ in question, and was not due to any vulnerability or code exploit
+ within FreeBSD.</p>
+
+ <p>To understand the impact of this compromise, you must first
+ understand that the FreeBSD operating system is divided into two
+ parts: the "base" maintained by the FreeBSD community, and a large
+ collection of third-party "packages" distributed by the Project.
+ The kernel, system libraries, compiler, core command-line tools
+ (e.g., SSH client), and daemons (e.g., sshd(8)) are all in the
+ "base". Most information in this advisory refers only to
+ third-party packages distributed by the Project.</p>
+
+ <p>No part of the base FreeBSD system has been put at risk. At no
+ point has the intruder modified any part of the FreeBSD base system
+ software in any way. However, the attacker had access sufficient
+ to potentially allow the compromise of third-party packages. No
+ evidence of this has been found during in-depth analysis, however
+ the FreeBSD Project is taking an extremely conservative view on this
+ and is working on the assumption that third-party packages generated
+ and distributed within a specific window could theoretically have
+ been modified.</p>
+
+ <h2><a name="impact">What is the Impact?</a></h2>
+
+ <p>If you are running a system that has had no third-party packages
+ installed or updated on it between the 19th September and 11th
+ November 2012, you have no reason to worry.</p>
+
+ <p>The Source, Ports and Documentation Subversion repositories have been
+ audited, and we are confident that no changes have been made to them.
+ Any users relying on them for updates have no reason to worry.</p>
+
+ <p>We have verified the state of FreeBSD packages and releases currently
+ available on ftp.FreeBSD.org. All package sets for existing versions
+ of FreeBSD and all available releases have been validated and we can
+ confirm that the currently available packages and releases have not
+ been modified in any way.</p>
+
+ <p>A package set for the upcoming FreeBSD 9.1-RELEASE had been uploaded
+ to the FTP distribution sites in preparation for 9.1-RELEASE. We are
+ unable to verify the integrity of this package set, and therefore it
+ has been removed and will be rebuilt. Please note that as these
+ packages were for a future release, the standard <q>pkg_add -r</q>
+ tools to install packages could not have downloaded these packages
+ unless they were requested explicitly.</p>
+
+ <p>We unfortunately cannot guarantee the integrity of any packages
+ available for installation between 19th September 2012 and 11th
+ November 2012, or of any ports compiled from trees obtained via any
+ means other than through svn.freebsd.org or one of its mirrors.
+ Although we have no evidence to suggest any tampering took place
+ and believe such interference is unlikely, we have to recommend you
+ consider reinstalling any machine from scratch, using trusted
+ sources.</p>
+
+ <p>We can confirm that the freebsd-update(8) binary upgrade mechanism is
+ unaffected, as it uses an entirely separate infrastructure. We have
+ also verified that the most recently-available portsnap(8) snapshot
+ matches the ports Subversion repository, and so can be fully trusted.
+ Please note that as a precaution, newer portsnap(8) snapshots are
+ currently not being generated.</p>
+
+ <h2><a name="done">What has FreeBSD.org done about this?</a></h2>
+
+ <p>As soon as the incident came to light, the FreeBSD Cluster
+ Administration team took the following actions:</p>
+
+ <ul>
+ <li>Power down the compromised machines.</li>
+ <li>Power down all machines on which the attacker may have had
+ access.</li>
+ <li>Audit the SVN and Perforce repositories to:
+ <ul>
+ <li>Verify that there had been no server intrusion.</li>
+ <li>Verify that no malicious commits had been made to the
+ repository.</li>
+ <li>Verify that the SVN repository exactly matched a known-clean
+ off-site copy.</li>
+ </ul>
+ </li>
+ <li>Verify that all FreeBSD base release media and install files on
+ the master FTP distribution sites are clean.</li>
+ <li>Verify all package sets available have checksums that match
+ known-good copies stored off-site.</li>
+ <li>The package set built for the upcoming 9.1-RELEASE did not have
+ an offsite backup to verify against. These have been deleted, and
+ will be rebuilt before 9.1 is released.</li>
+ <li>All suspect machines are being either reinstalled, retired, or
+ thoroughly audited before being brought back online.</li>
+ </ul>
+
+ <h2><a name="recommend">At this time, we recommend:</a></h2>
+
+ <ul>
+ <li>If you use the already-deprecated cvsup/csup distribution
+ mechanisms, you should stop now.</li>
+ <li>If you were using cvsup/csup for ports, you should switch to
+ portsnap(8) right away. ports developers should be using
+ Subversion already. Further information on preferred mechanisms
+ for obtaining and updating the ports tree can be found at
+ <a href="/doc/handbook/ports-using.html">
+ http://www.freebsd.org/doc/handbook/ports-using.html</a></li>
+ <li>If you were using cvs/anoncvs/cvsup/csup for src, you should
+ consider either freebsd-update(8) for signed binary distribution
+ or Subversion for source. Please see the chapter on <a
+ href="/doc/handbook/updating-upgrading.html">updating
+ FreeBSD from source</a> in the handbook. Further details on
+ using Subversion and a list of official mirrors can be found
+ at <a href="/doc/handbook/svn.html">
+ http://www.freebsd.org/doc/handbook/svn.html</a></li>
+ <li>If you use portsnap(8), you should <tt>portsnap fetch &&
+ portsnap extract</tt> to the most recent snapshot. The most recent
+ portsnap(8) snapshot has been verified to exactly match the audited
+ Subversion repository. Please note that as a precaution, portsnap(8)
+ updates have been suspended temporarily.</li>
+ <li>Follow best practice security policies to determine how your
+ organization may be affected.</li>
+ <li>Conduct an audit of your system that uses FreeBSD.org provided
+ binary packages. Anything that may have been installed during the
+ affected period should be considered suspect. Although we have no
+ evidence of any tampering of any packages, you may wish to consider
+ rebuilding any affected machine from scratch, or if that is not
+ possible, rebuild your ports/packages.</li>
+ </ul>
+
+ <p>If you have any further questions about this announcement, please
+ contact the <a href="mailto:FreeBSD-security at FreeBSD.org">
+ FreeBSD-security at FreeBSD.org</a> mailing list, or for questions
+ where public mailing list distribution is inappropriate,
+ please contact the <a href="mailto:secteam at FreeBSD.org">FreeBSD
+ Security Team</a>.</p>
+
+ <p>This page will be updated as further information is known.</p>
+ </body>
+</html>
Modified: head/en_US.ISO8859-1/htdocs/news/Makefile
==============================================================================
--- head/en_US.ISO8859-1/htdocs/news/Makefile Sat Nov 17 06:02:41 2012 (r40051)
+++ head/en_US.ISO8859-1/htdocs/news/Makefile Sat Nov 17 10:02:22 2012 (r40052)
@@ -24,6 +24,9 @@ DOCS+= press-rel-9.xml
# The yearly State of the Union address
DOCS+= sou1999.xml
+# Details of the FreeBSD.org 2012 Infrastructure compromise
+DOCS+= 2012-compromise.xml
+
INDEXLINK= news.html
DEPENDSET.DEFAULT= transtable news press
More information about the svn-doc-all
mailing list