From owner-doc-jp@jp.freebsd.org  Thu Jan 18 06:17:38 2001
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id GAA20092;
	Thu, 18 Jan 2001 06:17:38 +0900 (JST)
	(envelope-from owner-doc-jp@jp.FreeBSD.org)
Received: from eos.ocn.ne.jp (eos.ocn.ne.jp [210.190.142.171])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id GAA20087
	for <doc-jp@jp.freebsd.org>; Thu, 18 Jan 2001 06:17:37 +0900 (JST)
	(envelope-from hrs@eos.ocn.ne.jp)
Received: from mail.hrslab.yi.org (p0086-ip01funabasi.chiba.ocn.ne.jp [211.123.225.86])
	by eos.ocn.ne.jp (8.9.1a/OCN/) with ESMTP id GAA12524
	for <doc-jp@jp.freebsd.org>; Thu, 18 Jan 2001 06:17:32 +0900 (JST)
Received: from localhost (alph.hrslab.yi.org [192.168.0.10])
	by mail.hrslab.yi.org (8.9.3/3.7W/DomainMaster) with ESMTP id GAA91448
	for <doc-jp@jp.freebsd.org>; Thu, 18 Jan 2001 06:12:58 +0900 (JST)
	(envelope-from hrs@eos.ocn.ne.jp)
Date: Thu, 18 Jan 2001 06:12:51 +0900 (JST)
Message-Id: <20010118.061251.21937289.hrs@eos.ocn.ne.jp>
To: doc-jp@jp.freebsd.org
From: Hiroki Sato <hrs@eos.ocn.ne.jp>
In-Reply-To: <20010115222956.8DEDD37B400@hub.freebsd.org>
References: <20010115222956.8DEDD37B400@hub.freebsd.org>
X-Mailer: Mew version 1.95b97 on Emacs 20.7 / Mule 4.0 (HANANOEN)
Mime-Version: 1.0
Content-Type: Multipart/Mixed;
 boundary="--Next_Part(Thu_Jan_18_06:12:51_2001_463)--"
Content-Transfer-Encoding: 7bit
Reply-To: doc-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+000315
X-Sequence: doc-jp 7948
Subject: [doc-jp 7948] Re: ANNOUNCE: FreeBSD Security Advisory: FreeBSD-SA-01:01.openssh
Errors-To: owner-doc-jp@jp.freebsd.org
Sender: owner-doc-jp@jp.freebsd.org
X-Originator: hrs@eos.ocn.ne.jp

----Next_Part(Thu_Jan_18_06:12:51_2001_463)--
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit

$B:4F#!wEl5~M}2JBg3X$G$9!#(B

 $B$9$$$^$;$s!"3X2qA0$J$N$GH?1~$,CY$l$F$^$9!#(B
 01:01-03 $B$^$G$NK]Lu$G$9!#(B

----Next_Part(Thu_Jan_18_06:12:51_2001_463)--
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit


FreeBSD $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG(B
=============================================================================
FreeBSD-SA-01:01 (2001-01-15)
 * Hostile server OpenSSH agent/X11 forwarding
=============================================================================

 $B$3$N%a!<%k$O(B, announce-jp $B$KN.$l$?(B

  Subject: ANNOUNCE: FreeBSD Security Advisory: FreeBSD-SA-01:01.openssh
  From: FreeBSD Security Advisories <security-advisories@freebsd.org>
  Date: Mon, 15 Jan 2001 14:29:56 -0800 (PST)
  Message-Id: <20010115222956.8DEDD37B400@hub.freebsd.org>
  X-Sequence: announce-jp 656

 $B$rF|K\8lLu$7$?$b$N$G$9(B. 

 $B86J8$O(B PGP $B=pL>$5$l$F$$$^$9$,(B, $B$3$NF|K\8lLu$O(B PGP $B=pL>$5$l$F$$$^$;$s(B. 
 $B=$@5%Q%C%AEy$NFbMF$,2~cb$5$l$F$$$J$$$3$H$r3NG'$9$k$?$a$K(B PGP $B=pL>$N(B
 $B%A%'%C%/$r9T$J$&$K$O(B, $B86J8$r;2>H$7$F$/$@$5$$(B. 

 $BF|K\8lLu$*$h$S(B, $B%_%i!<%5%$%HMxMQ$N>\:Y$K$D$$$F$O(B, $BJ8Kv$N!V(BA. FreeBSD
 $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG$K$D$$$F!W$r$4Mw$/$@$5$$(B.


                                     [$BK]Lu<T(B: $B:4F#(B $B9-@8(B <hrs@jp.FreeBSD.org>]
--($B$3$3$+$i(B)

=============================================================================
FreeBSD-SA-01:01                                           Security Advisory
                                                                FreeBSD, Inc.

$B%H%T%C%/(B:	Hostile server OpenSSH agent/X11 forwarding

$BJ,N`(B:		core/ports
$B%b%8%e!<%k(B:	openssh
$B9pCNF|(B:		2001-01-15
$B%/%l%8%C%H(B:	Markus Friedl <markus@OpenBSD.org>
$B1F6AHO0O(B:	$B=$@5F|0JA0$N(B FreeBSD 4.1.1-STABLE
                $B=$@5F|0JA0$N(B Ports Collection
$B=$@5F|(B:		2000-11-14
$B%Y%s%@$NBP1~(B:	$B=$@5HG$,8x3+:Q$_(B
FreeBSD $B$K8GM-$+(B:	NO

I.   $BGX7J(B - Background

OpenSSH is an implementation of the SSH1 and SSH2 secure shell
protocols for providing encrypted and authenticated network access,
which is available free for unrestricted use. Versions of OpenSSH are
included in the FreeBSD ports collection and the FreeBSD base system.

OpenSSH $B$O(B, $BG'>Z$H0E9f2=$5$l$?%M%C%H%o!<%/%"%/%;%9$rDs6!$9$k(B
SSH1 $B$*$h$S(B SSH2 $B%;%-%e%"%7%'%k%W%m%H%3%k$N<BAu$G$9(B.
$B$3$l$O;HMQ$K@)8B$,$J$/%U%j!<$GMxMQ$G$-$k$b$N$G(B, $B$$$/$D$+$N%P!<%8%g%s$,(B
FreeBSD Ports Collection $B$H(B FreeBSD $B%Y!<%9%7%9%F%`$K4^$^$l$F$$$^$9(B.

II.  $BLdBj$N>\:Y(B - Problem Description

To quote the OpenSSH Advisory:

$B0J2<$O(B, OpenSSH $B%;%-%e%j%F%#4+9p$+$i$N0zMQ$G$9(B.

    If agent or X11 forwarding is disabled in the ssh client
    configuration, the client does not request these features
    during session setup.  This is the correct behaviour.

    However, when the ssh client receives an actual request   
    asking for access to the ssh-agent, the client fails to
    check whether this feature has been negotiated during session
    setup.  The client does not check whether the request is in
    compliance with the client configuration and grants access
    to the ssh-agent.  A similar problem exists in the X11
    forwarding implementation.

    ssh $B%/%i%$%"%s%H$N@_Dj$G(B ssh-agent $B$b$7$/$O(B X11 $B$NE>Aw$r(B
    $BL58z$K$7$F$$$k>l9g(B, ssh $B%/%i%$%"%s%H$O%;%7%g%s$N3NN);~$K(B
    $B$3$l$i$N5!G=$NMW5a$r9T$J$$$^$;$s(B.  $B$3$l$O@5$7$$F0:n$G$9(B.

    $B$7$+$7(B ssh $B%/%i%$%"%s%H$,(B ssh-agent $B$X$N%"%/%;%9MW5a$r(B
    $B<u$1$H$k>l9g$K$O(B, ssh $B%/%i%$%"%s%H$O%;%7%g%s$N3NN);~$K(B
    $B$3$l$i$N5!G=$,8r>D$5$l$F$$$k$+$I$&$+%A%'%C%/$7$^$;$s(B.
    $B$D$^$j(B, $B<u$1$H$C$?MW5a$,%/%i%$%"%s%H$N@_Dj$K9gCW$9$k$+$I$&$+(B,
    ssh-agent $B$X$N%"%/%;%9$r5v2D$9$k$+$I$&$+(B, $B$H$$$C$?%A%'%C%/$r(B
    ssh $B%/%i%$%"%s%H$,9T$J$o$J$$$N$G$9(B.  X11 $BE>Aw5!G=$N<BAu$K$b(B,
    $BN`;w$7$?LdBj$,B8:_$7$^$9(B.

All versions of FreeBSD 4.x prior to the correction date including
FreeBSD 4.1 and 4.1.1 are vulnerable to this problem, but it was
corrected prior to the release of FreeBSD 4.2.  For users of FreeBSD
3.x, OpenSSH is not installed by default, but is part of the FreeBSD
ports collection.

$B=$@5F|0JA0$N$9$Y$F$N(B FreeBSD 4.x, $B$D$^$j(B FreeBSD 4.1 $B$*$h$S(B
FreeBSD 4.1.1 $B$,(B, $B$3$NLdBj$KBP$7$F<eE@$r;}$C$F$$$^$9(B.
$B$3$N<eE@$O(B, FreeBSD 4.2 $B$N8x3+A0$KLdBj$O=$@5$5$l$^$7$?(B.
FreeBSD 3.x $B$G$O(B OpenSSH $B$OI8=`$G%$%s%9%H!<%k$5$l$k$b$N$G$O$J$/(B,
FreeBSD Ports Collection $B$N0l$D$H$7$FDs6!$5$l$F$$$^$9(B.

The base system and ports collections shipped with FreeBSD 4.2 do not
contain this problem since it was discovered before the release.

FreeBSD 4.2 $B$N8x3+A0$KLdBj$,H/8+!&=$@5$5$l$?$?$a(B,
FreeBSD 4.2 $B$H$H$b$K=P2Y$5$l$F$$$k(B FreeBSD $B%Y!<%9%7%9%F%`$*$h$S(B
Ports Collection $B$K$O(B, $B$3$NLdBj$K$h$k%;%-%e%j%F%#>e$N<eE@$O(B
$BB8:_$7$^$;$s(B.

III. $B1F6AHO0O(B - Impact

Hostile SSH servers can access your X11 display or your ssh-agent when
connected to, which may allow access to confidential data or other
network accounts, through snooping of password or keying material
through the X11 session, or reuse of the SSH credentials obtained
through the SSH agent.

$B0-0U$r;}$C$?(B SSH $B%5!<%P$O(B, $B@\B3;~$K@\B385$N(B X11 $B%G%#%9%W%l%$(B,
$B$b$7$/$O(B ssh-agent $B$K%"%/%;%9$9$k$3$H$,2DG=$G$9(B.  $B$3$l$O(B
X11 $B%;%7%g%s$rDL$8$F%Q%9%o!<%I$d0E9f80$K4XO"$9$k%G!<%?$rGA$-8+$?$j(B,
SSH $B%(!<%8%'%s%H$+$i$N(B SSH $BG'>Z>pJs$r:FMxMQ$9$k$3$H$G(B,
$B=EMW$J%G!<%?$dB>$N%M%C%H%o!<%/%"%+%&%s%H$X$N%"%/%;%9$r5v$97k2L$K(B
$B7k$SIU$/2DG=@-$,$"$j$^$9(B.

IV.  $B2sHrJ}K!(B - Workaround

Clear both the $DISPLAY and $SSH_AUTH_SOCK variables before connecting
to untrusted hosts. For example, in Bourne shell syntax:

% unset SSH_AUTH_SOCK; unset DISPLAY; ssh host

$B?.Mj$G$-$J$$%[%9%H$X@\B3$9$kA0$K(B, $DISPLAY $B$*$h$S(B $SSH_AUTH_SOCK $B4D6-JQ?t$N(B
$BN>J}$r:o=|$7$F$/$@$5$$(B.  $B$?$H$($P(B, Bourne $B%7%'%k$G$O<!$N$h$&$K$7$^$9(B.

% unset SSH_AUTH_SOCK; unset DISPLAY; ssh host

V.   $B2r7h:v(B - Solution

Upgrade the vulnerable system to 4.1.1-STABLE or 4.2-STABLE after the
correction date, or patch your current system source code and rebuild.

$B<eE@$r;}$C$?(B FreeBSD $B%7%9%F%`$r=$@5F|0J9_$N(B 4.1.1-STABLE $B$b$7$/$O(B
4.2-STABLE $B$K%"%C%W%0%l!<%I$9$k$+(B, $B$"$k$$$O8=:_MxMQCf$N%7%9%F%`$K(B
$B=$@5%Q%C%A$rE,MQ$7$F(B, $B%7%9%F%`$r:F9=C[$7$F$/$@$5$$(B.

To patch your present system: download the patch from the below
location and execute the following commands as root:

$BMxMQCf$N%7%9%F%`$K=$@5%Q%C%A$rE,MQ$9$k$K$O(B, $B0J2<$N>l=j$+$i(B
$B=$@5%Q%C%A$r%@%&%s%m!<%I$7(B, root $B8"8B$G<!$N%3%^%s%I$r<B9T$7$^$9(B.

# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:01/openssh.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:01/openssh.patch.asc

Verify the detached PGP signature using your PGP utility.

PGP $B%f!<%F%#%j%F%#$r;H$C$F(B PGP $B=pL>$r3NG'$7$^$9(B.

# cd /usr/src/crypto/openssh
# patch < /path/to/openssh.patch
# cd /usr/src/secure/lib/libssh
# make depend && make all
# cd /usr/src/secure/usr.bin/ssh
# make depend && make all install

[Ports collection]

One of the following:
$B<!$N$$$:$l$+$K=>$C$F$/$@$5$$(B.

1) Upgrade your entire ports collection and rebuild the OpenSSH port.
1) Ports Collection $BA4BN$r%"%C%W%0%l!<%I$7(B, OpenSSH $B$N(B port $B$r:F9=C[$7$^$9(B.

2) Deinstall the old package and install a new package dated after the
correction date, obtained from:
2) $B8E$$(B ($BLuCm(B: OpenSSH $B$N(B) package $B$r%7%9%F%`$+$i:o=|$7(B, $B=$@5F|0J9_$K(B
   $B:n@.$5$l$??7$7$$(B package $B$r0J2<$N>l=j$+$i<hF@$7$F%$%s%9%H!<%k$7$^$9(B.

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/security/openssh-2.2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/security/openssh-2.2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/security/openssh-2.2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/security/openssh-2.2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/security/openssh-2.2.0.tgz

NOTE: Due to an oversight the package version was not updated after
the security fix was applied, so be sure to install a package created
after the correction date.

$BCm0U(B: $B<j0c$$$N$?$a(B, $B%;%-%e%j%F%#LdBj=$@58e$N(B package $B$O(B
      $B%P!<%8%g%s$,99?7$5$l$F$$$^$;$s(B.  $B%$%s%9%H!<%k$7$h$&$H(B
      $B$7$F$$$k(B package $B$,=$@5F|0J9_$K:n@.$5$l$?$b$N$G$"$k$3$H$r(B
      $BI,$:3NG'$7$F$/$@$5$$(B.

3) download a new port skeleton for the OpenSSH port from:
3) OpenSSH $B$N?7$7$$(B port $B%9%1%k%H%s$r0J2<$N>l=j$+$i(B
   $B%@%&%s%m!<%I$7(B, $B$=$l$r;H$C$F(B port $B$r:F9=C[$7$^$9(B.

http://www.freebsd.org/ports/

and use it to rebuild the port.

4) Use the portcheckout utility to automate option (3) above. The
portcheckout port is available in /usr/ports/devel/portcheckout or the
package can be obtained from:
4) $B>e5-(B (3) $B$NA`:n$r<+F0E*$K9T$J$&(B portcheckout $B%f!<%F%#%j%F%#$r;H$$$^$9(B.
   portcheckout $B$N(B port $B$O(B /usr/ports/devel/portcheckout $B$K$"$j$^$9(B.
   $B$^$?(B, portcheckout $B$N(B package $B$,0J2<$N>l=j$+$iF~<j2DG=$G$9(B.

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz

A.   FreeBSD $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG$K$D$$$F(B

$BF|K\8lLu$O(B FreeBSD $BF|K\8l%I%-%e%a%s%F!<%7%g%s%W%m%8%'%/%H(B (doc-jp) $B$,(B
$B;29M$N$?$a$KDs6!$9$k$b$N$G$9(B.  $B2a5n$NF|K\8lHG%;%-%e%j%F%#4+9p$O(B

 http://www.FreeBSD.org/ja/security/

$B$K$^$H$a$i$l$F$$$^$9(B.  

$B$?$@$7(B, $BK]Lu<T$*$h$S(B doc-jp $B$O(B, $B$=$NFbMF$K$D$$$F$$$+$J$kJ]>Z$b(B
$B$$$?$7$^$;$s$N$G$4Cm0U$/$@$5$$(B.  $BF|K\8lLu$K$D$$$F$N$40U8+(B, $B$4MWK>(B,
$B$*Ld$$9g$o$;Ey$O(B doc-jp@jp.FreeBSD.org $B$^$G$*4j$$$7$^$9(B.

$B$3$N4+9p$NCf$G>R2p$5$l$F$$$k(B WWW $B%5%$%H(B http://www.FreeBSD.org/ $B$*$h$S(B
FTP $B%5%$%H(B ftp://ftp.FreeBSD.org/ $B$K$O(B, $BF|K\$N%_%i!<%5%$%H$,B8:_$7$^$9(B.
$B%M%C%H%o!<%/$N:.;($r4KOB$9$k$?$a(B, $B$^$:$O%_%i!<%5%$%H$NMxMQ$r(B
$B9MN8$9$k$h$&$*4j$$$7$^$9(B.

$BF|K\$N%_%i!<%5%$%H$rMxMQ$9$k$K$O(B,
http://www.FreeBSD.org/ $B$r(B http://www.jp.FreeBSD.org/www.freebsd.org/ $B$K(B,
ftp://ftp.FreeBSD.org/ $B$r(B ftp://ftp.jp.FreeBSD.org/ $B$K(B,
$B$=$l$>$lCV$-49$($F$/$@$5$$(B.

$BB>$NCO0h$r4^$`(B, $B%_%i!<%5%$%H$K4X$9$k>\:Y$O(B,

 http://www.FreeBSD.org/handbook/mirror.html ($B1QJ8(B)
 http://www.FreeBSD.org/ja/handbook/mirror.html ($BF|K\8lLu(B)

$B$K$^$H$a$i$l$F$$$^$9(B.

$hrs: announce-jp/FreeBSD-SA/01:01,v 1.1 2001/01/17 21:07:52 hrs Exp $

----Next_Part(Thu_Jan_18_06:12:51_2001_463)--
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit


FreeBSD $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG(B
=============================================================================
FreeBSD-SA-01:02 (2001-01-15)
 * syslog-ng remote denial-of-service
=============================================================================

 $B$3$N%a!<%k$O(B, announce-jp $B$KN.$l$?(B

  Subject: ANNOUNCE: FreeBSD Ports Security Advisory: FreeBSD-SA-01:02.syslog-ng
  From: FreeBSD Security Advisories <security-advisories@freebsd.org>
  Date: Mon, 15 Jan 2001 14:30:30 -0800 (PST)
  Message-Id: <20010115223030.F316B37B402@hub.freebsd.org>
  X-Sequence: announce-jp 657

 $B$rF|K\8lLu$7$?$b$N$G$9(B. 

 $B86J8$O(B PGP $B=pL>$5$l$F$$$^$9$,(B, $B$3$NF|K\8lLu$O(B PGP $B=pL>$5$l$F$$$^$;$s(B. 
 $B=$@5%Q%C%AEy$NFbMF$,2~cb$5$l$F$$$J$$$3$H$r3NG'$9$k$?$a$K(B PGP $B=pL>$N(B
 $B%A%'%C%/$r9T$J$&$K$O(B, $B86J8$r;2>H$7$F$/$@$5$$(B. 

 $BF|K\8lLu$*$h$S(B, $B%_%i!<%5%$%HMxMQ$N>\:Y$K$D$$$F$O(B, $BJ8Kv$N!V(BA. FreeBSD
 $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG$K$D$$$F!W$r$4Mw$/$@$5$$(B.


                                     [$BK]Lu<T(B: $B:4F#(B $B9-@8(B <hrs@jp.FreeBSD.org>]
--($B$3$3$+$i(B)

=============================================================================
FreeBSD-SA-01:02                                           Security Advisory
                                                                FreeBSD, Inc.

$B%H%T%C%/(B:	syslog-ng remote denial-of-service

$BJ,N`(B:		ports
$B%b%8%e!<%k(B:	syslog-ng
$B9pCNF|(B:		2001-01-15
$B%/%l%8%C%H(B:	Balazs Scheidler <bazsi@BALABIT.HU>
$B1F6AHO0O(B:	$B=$@5F|0JA0$N(B Ports Collection
$B=$@5F|(B:		2000-11-25
$B%Y%s%@$NBP1~(B:	$B=$@5HG$,8x3+:Q$_(B
FreeBSD $B$K8GM-$+(B:	NO

I.   $BGX7J(B - Background

syslog-ng is a replacement for the standard syslogd daemon, a service
for logging of local and remote system messages.

syslog-ng $B$O(B, $BI8=`$N(B syslogd $B%G!<%b%s$NBeBXIJ$G$9(B. $B$3$l$O(B
$B%m!<%+%k$*$h$S%j%b!<%H%7%9%F%`$N%a%C%;!<%8$r%m%0$K5-O?$9$k(B
$B%5!<%S%9$r<B8=$7$^$9(B.

II.  $BLdBj$N>\:Y(B - Problem Description

The syslog-ng port, versions prior to 1.4.9, contains a remote
vulnerability.  Due to incorrect log parsing, remote users may cause
syslog-ng to crash, causing a denial-of-service if the daemon is not
running under a watchdog process which will automatically restart it
in the event of failure.

syslog-ng port $B$N%P!<%8%g%s(B 1.4.9 $B$h$jA0$N$b$N$K$O(B, $B%j%b!<%H$+$i(B
$B0-MQ2DG=$J%;%-%e%j%F%#>e$N<eE@$,4^$^$l$F$$$^$9(B.  $B%m%0$N;z6g2r@O$K$"$k(B
$BITE,@Z$J%3!<%I$rMxMQ$9$k$3$H$G(B, $B%j%b!<%H$N%f!<%6$O(B syslog-ng $B$r(B
$B%/%i%C%7%e$5$;$k$3$H$,2DG=$G$9(B.  $B$=$N$?$a(B, syslog-ng $B%G!<%b%s$,(B
$B5!G=$7$J$/$J$C$?;~$K<+F0E*$K:F5/F0$r9T$J$&4F;k%W%m%;%9$,B8:_$7$J$$>l9g(B,
$B$3$l$O%5!<%S%9K832967b$KMxMQ$5$l$k2DG=@-$,$"$j$^$9(B.

The syslog-ng port is not installed by default, nor is it "part of
FreeBSD" as such: it is part of the FreeBSD ports collection, which
contains nearly 4500 third-party applications in a ready-to-install
format.  The ports collections shipped with FreeBSD 3.5.1 and 4.2
contain this problem since it was discovered after the releases.

FreeBSD makes no claim about the security of these third-party
applications, although an effort is underway to provide a security
audit of the most security-critical ports.

syslog-ng $B$N(B port $B$O%G%U%)%k%H$G%$%s%9%H!<%k$5$l$k$b$N$G$O$J$/(B,
$B!V(BFreeBSD $B%7%9%F%`$N0lIt!W$r9=@.$9$k$b$N$G$b$"$j$^$;$s(B.
$B$=$l$i$O(B 4500 $B$r1[$($k%5!<%I%Q!<%F%#@=%"%W%j%1!<%7%g%s$,$9$0$K(B
$B%$%s%9%H!<%k$G$-$k7A$G<}$a$i$l$F$$$k(B FreeBSD Ports Collection $B$N0lIt$G$9(B.
$B%j%j!<%98e$KLdBj$,8+$D$+$C$?$?$a(B, FreeBSD 3.5.1 $B$*$h$S(B 4.2 $B$H$H$b$K(B
$B=P2Y$5$l$?(B Ports Collection $B$O$3$NLdBj$r4^$s$G$$$^$9(B.

FreeBSD $B$G$O(B, $B$3$N$h$&$J%5!<%I%Q!<%F%#@=%"%W%j%1!<%7%g%s$N%;%-%e%j%F%#(B
$BLdBj$KBP$7$F(B, $BFC$K2?$+$r<gD%$9$k$3$H$O$"$j$^$;$s(B ($BLuCm(B: Ports Collection $B$K(B
$BF~$C$F$$$k$+$i$H$$$C$F(B, FreeBSD $B$N3+H/<T$?$A$,$=$N%"%W%j%1!<%7%g%s$,(B
$B0BA4$G$"$k$HI>2A$7$?$o$1$G$O$"$j$^$;$s(B).  $B$?$@$7(B, $B%;%-%e%j%F%#LdBj$KBP$7$F(B
$BBg$-$J1F6A$r;}$D$h$&$J(B ports $B$KBP$9$k%;%-%e%j%F%#4F::$rDs6!$9$Y$/(B,
$B8=:_EXNOCf$G$9(B.

III. $B1F6AHO0O(B - Impact

Malicious remote attackers may cause syslog-ng to crash, causing a
denial-of-service if the daemon is not running under a watchdog
process which will automatically restart it in the event of
failure.  The default installation of the port/package is therefore
vulnerable to this problem.

$B0-0U$r;}$C$?%j%b!<%H$N967b<T$O(B syslog-ng $B$r%/%i%C%7%e$5$;$k$3$H$,(B
$B$G$-$^$9(B.  $B$=$N$?$a(B, syslog-ng $B%G!<%b%s$,5!G=$7$J$/$J$C$?;~$K(B
$B<+F0E*$K:F5/F0$r9T$J$&4F;k%W%m%;%9$,B8:_$7$J$$>l9g$K(B, $B%5!<%S%9K832967b$r(B
$B9T$J$&$3$H$,2DG=$G$9(B.  $B$D$^$j(B syslog-ng port/package $B$N%G%U%)%k%H@_Dj$O(B,
$B$3$NLdBj$K$h$k%;%-%e%j%F%#>e$N<eE@$N1F6A$r<u$1$^$9(B.

If you have not chosen to install the syslog-ng port/package, then
your system is not vulnerable to this problem.

syslog-ng $B$N(B port/package $B$r%$%s%9%H!<%k$7$F$$$J$1$l$P(B
$B%7%9%F%`$K$3$NLdBj$K$h$k%;%-%e%j%F%#>e$N<eE@$O$"$j$^$;$s(B.

IV.  $B2sHrJ}K!(B - Workaround

Deinstall the syslog-ng port/package, if you have installed it.
syslog-ng $B$N(B port/package $B$,%$%s%9%H!<%k$5$l$F$$$k>l9g$O(B,
$B$=$l$r%7%9%F%`$+$i:o=|$7$F$/$@$5$$(B.

V.   $B2r7h:v(B - Solution

One of the following:
$B<!$N$$$:$l$+$K=>$C$F$/$@$5$$(B.

1) Upgrade your entire ports collection and rebuild the syslog-ng port.
1) Ports Collection $BA4BN$r%"%C%W%0%l!<%I$7(B, syslog-ng $B$N(B port $B$r(B
   $B:F9=C[$7$^$9(B.

2) Deinstall the old package and install a new package dated after the
correction date, obtained from:
2) $B8E$$(B ($BLuCm(B: syslog-ng $B$N(B) package $B$r%7%9%F%`$+$i:o=|$7(B, $B=$@5F|0J9_$K(B
   $B:n@.$5$l$??7$7$$(B package $B$r0J2<$N>l=j$+$i<hF@$7$F%$%s%9%H!<%k$7$^$9(B.

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/sysutils/syslog-ng-1.4.10.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/sysutils/syslog-ng-1.4.10.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/sysutils/syslog-ng-1.4.10.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/sysutils/syslog-ng-1.4.10.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/sysutils/syslog-ng-1.4.10.tgz

3) download a new port skeleton for the syslog-ng port from:
3) syslog-ng $B$N?7$7$$(B port $B%9%1%k%H%s$r0J2<$N>l=j$+$i(B
   $B%@%&%s%m!<%I$7(B, $B$=$l$r;H$C$F(B port $B$r:F9=C[$7$^$9(B.

http://www.freebsd.org/ports/

and use it to rebuild the port.

4) Use the portcheckout utility to automate option (3) above. The
portcheckout port is available in /usr/ports/devel/portcheckout or the
package can be obtained from:
4) $B>e5-(B (3) $B$NA`:n$r<+F0E*$K9T$J$&(B portcheckout $B%f!<%F%#%j%F%#$r;H$$$^$9(B.
   portcheckout $B$N(B port $B$O(B /usr/ports/devel/portcheckout $B$K$"$j$^$9(B.
   $B$^$?(B, portcheckout $B$N(B package $B$,0J2<$N>l=j$+$iF~<j2DG=$G$9(B.

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz


A.   FreeBSD $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG$K$D$$$F(B

$BF|K\8lLu$O(B FreeBSD $BF|K\8l%I%-%e%a%s%F!<%7%g%s%W%m%8%'%/%H(B (doc-jp) $B$,(B
$B;29M$N$?$a$KDs6!$9$k$b$N$G$9(B.  $B2a5n$NF|K\8lHG%;%-%e%j%F%#4+9p$O(B

 http://www.FreeBSD.org/ja/security/

$B$K$^$H$a$i$l$F$$$^$9(B.  

$B$?$@$7(B, $BK]Lu<T$*$h$S(B doc-jp $B$O(B, $B$=$NFbMF$K$D$$$F$$$+$J$kJ]>Z$b(B
$B$$$?$7$^$;$s$N$G$4Cm0U$/$@$5$$(B.  $BF|K\8lLu$K$D$$$F$N$40U8+(B, $B$4MWK>(B,
$B$*Ld$$9g$o$;Ey$O(B doc-jp@jp.FreeBSD.org $B$^$G$*4j$$$7$^$9(B.

$B$3$N4+9p$NCf$G>R2p$5$l$F$$$k(B WWW $B%5%$%H(B http://www.FreeBSD.org/ $B$*$h$S(B
FTP $B%5%$%H(B ftp://ftp.FreeBSD.org/ $B$K$O(B, $BF|K\$N%_%i!<%5%$%H$,B8:_$7$^$9(B.
$B%M%C%H%o!<%/$N:.;($r4KOB$9$k$?$a(B, $B$^$:$O%_%i!<%5%$%H$NMxMQ$r(B
$B9MN8$9$k$h$&$*4j$$$7$^$9(B.

$BF|K\$N%_%i!<%5%$%H$rMxMQ$9$k$K$O(B,
http://www.FreeBSD.org/ $B$r(B http://www.jp.FreeBSD.org/www.freebsd.org/ $B$K(B,
ftp://ftp.FreeBSD.org/ $B$r(B ftp://ftp.jp.FreeBSD.org/ $B$K(B,
$B$=$l$>$lCV$-49$($F$/$@$5$$(B.

$BB>$NCO0h$r4^$`(B, $B%_%i!<%5%$%H$K4X$9$k>\:Y$O(B,

 http://www.FreeBSD.org/handbook/mirror.html ($B1QJ8(B)
 http://www.FreeBSD.org/ja/handbook/mirror.html ($BF|K\8lLu(B)

$B$K$^$H$a$i$l$F$$$^$9(B.

$hrs: announce-jp/FreeBSD-SA/01:02,v 1.1 2001/01/17 21:07:52 hrs Exp $

----Next_Part(Thu_Jan_18_06:12:51_2001_463)--
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit


FreeBSD $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG(B
=============================================================================
FreeBSD-SA-01:03 (2001-01-15)
 * bash1 creates insecure temporary files
=============================================================================

 $B$3$N%a!<%k$O(B, announce-jp $B$KN.$l$?(B

  Subject: ANNOUNCE: FreeBSD Ports Security Advisory: FreeBSD-SA-01:03.bash1
  From: FreeBSD Security Advisories <security-advisories@freebsd.org>
  Date: Mon, 15 Jan 2001 14:31:17 -0800 (PST)
  Message-Id: <20010115223117.C334037B400@hub.freebsd.org>
  X-Sequence: announce-jp 658

 $B$rF|K\8lLu$7$?$b$N$G$9(B. 

 $B86J8$O(B PGP $B=pL>$5$l$F$$$^$9$,(B, $B$3$NF|K\8lLu$O(B PGP $B=pL>$5$l$F$$$^$;$s(B. 
 $B=$@5%Q%C%AEy$NFbMF$,2~cb$5$l$F$$$J$$$3$H$r3NG'$9$k$?$a$K(B PGP $B=pL>$N(B
 $B%A%'%C%/$r9T$J$&$K$O(B, $B86J8$r;2>H$7$F$/$@$5$$(B. 

 $BF|K\8lLu$*$h$S(B, $B%_%i!<%5%$%HMxMQ$N>\:Y$K$D$$$F$O(B, $BJ8Kv$N!V(BA. FreeBSD
 $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG$K$D$$$F!W$r$4Mw$/$@$5$$(B.


                                     [$BK]Lu<T(B: $B:4F#(B $B9-@8(B <hrs@jp.FreeBSD.org>]
--($B$3$3$+$i(B)

=============================================================================
FreeBSD-SA-01:03                                            Security Advisory
                                                                FreeBSD, Inc.

$B%H%T%C%/(B:	bash1 creates insecure temporary files

$BJ,N`(B:		ports
$B%b%8%e!<%k(B:	bash1
$B9pCNF|(B:		2001-01-15
$B1F6AHO0O(B:	$B=$@5F|0JA0$N(B Ports Collection
$B=$@5F|(B:		2000-11-29
$B%/%l%8%C%H(B:	$B$5$^$6$^$J?M!9(B
FreeBSD $B$K8GM-$+(B:	NO

I.   $BGX7J(B - Background

bash is an enhanced bourne-like shell.

bash $B$O(B bourne $B%7%'%kIw$N9b5!G=%7%'%k%W%m%0%i%`$G$9(B.

II.  $BLdBj$N>\:Y(B - Problem Description

The bash port, versions prior to the correction date, creates insecure
temporary files when the '<<' operator is used, by using a predictable
filename based on the process ID of the shell.  An attacker can
exploit this vulnerability to overwrite an arbitrary file writable by
the user running the shell.  The contents of the file are overwritten
with the text being entered using the '<<' operator, so it will
usually not be under the control of the attacker.

bash port $B$O(B, '<<' $B1i;;;R$,;H$o$l$?;~$K0l;~%U%!%$%k$r:n@.$7$^$9(B.
$B$7$+$7(B, $B=$@5F|0JA0$N%P!<%8%g%s$N(B bash port $B$O(B, $B0l;~%U%!%$%k$N:n@.;~$K(B
$B%7%'%k$N%W%m%;%9(B ID $B$K4p$E$/M=B,2DG=$J(B, $B0BA4$G$J$$%U%!%$%kL>$r;H$$$^$9(B.
$B$=$N$?$a(B, $B967b<T$O$3$N<eE@$r0-MQ$7$F(B, $B%7%'%k$r<B9T$7$F$$$k%f!<%6$K(B
$BG$0U$N%U%!%$%k$r>e=q$-$5$;$k$3$H$,2DG=$G$9(B.  $B>e=q$-$5$l$k%U%!%$%k$N(B
$BFbMF$O(B '<<' $B1i;;;R$r;H$C$FF~NO$5$l$?%F%-%9%H$K$J$k$?$a(B,
$BDL>o(B, $B967b<T$,<+M3$K@_Dj$9$k$3$H$O$G$-$^$;$s(B.

Therefore the likely impact of this vulnerability is a denial of
service since the attacker can cause critical files writable by the
user to be overwritten.  It is unlikely, although possible depending
on the circumstances in which the '<<' operator is used, that the
attacker could exploit the vulnerability to gain privileges (this
typically requires that they have control over the contents the target
file is overwritten with).

$B$7$?$,$C$F(B, $B$3$N%;%-%e%j%F%#>e$N<eE@$K$h$k:G$bBg$-$J1F6A$O(B,
$B967b<T$,BP>]$H$J$C$?%f!<%6$KBP$7$F(B, $B=EMW$J%U%!%$%k$r>e=q$-$5$;$k$3$H$,(B
$B$G$-$k$3$H$rMxMQ$7$?(B, $B%5!<%S%9K832967b$G$"$k$H9M$($i$l$^$9(B.
$B2DG=@-$ODc$$$N$G$9$,(B, '<<' $B1i;;;R$,;H$o$l$k>u67$K$h$C$F$O(B,
$B$3$N%;%-%e%j%F%#>e$N<eE@$rMxMQ$7$F9b$$8"8B$rF@$k$3$H$,$G$-$k$H$$$&(B
$B;v<B$bH]Dj$G$-$^$;$s(B ($B$3$&$$$C$?967b$N>l9g$ODL>o(B, $BBP>]$H$J$k%U%!%$%k$N(B
$B>e=q$-FbMF$r@)8f$G$-$kI,MW$,$"$j$^$9(B).

This is the same vulnerability as that described in advisory 00:76
relating to the tcsh/csh shells.

$B$3$l$O(B tcsh/csh $B%7%'%k$K4X$9$k%;%-%e%j%F%#4+9p(B 00:76 $B$G(B
$B=R$Y$i$l$F$$$k$b$N$HF1MM$N<eE@$G$9(B.

The bash1 port is not installed by default, nor is it "part of
FreeBSD" as such: it is part of the FreeBSD ports collection, which
contains nearly 4500 third-party applications in a ready-to-install
format. The ports collections shipped with FreeBSD 3.5.1 and 4.2 are
vulnerable to this problem since it was discovered after the releases.

FreeBSD makes no claim about the security of these third-party
applications, although an effort is underway to provide a security
audit of the most security-critical ports.

bash1 $B$N(B port $B$O%G%U%)%k%H$G%$%s%9%H!<%k$5$l$k$b$N$G$O$J$/(B,
$B!V(BFreeBSD $B%7%9%F%`$N0lIt!W$r9=@.$9$k$b$N$G$b$"$j$^$;$s(B.
$B$=$l$i$O(B 4500 $B$r1[$($k%5!<%I%Q!<%F%#@=%"%W%j%1!<%7%g%s$,$9$0$K(B
$B%$%s%9%H!<%k$G$-$k7A$G<}$a$i$l$F$$$k(B FreeBSD Ports Collection $B$N0lIt$G$9(B.
$B%j%j!<%98e$KLdBj$,8+$D$+$C$?$?$a(B, FreeBSD 3.5.1 $B$*$h$S(B 4.2 $B$H$H$b$K(B
$B=P2Y$5$l$?(B Ports Collection $B$O$3$NLdBj$r4^$s$G$$$^$9(B.

FreeBSD $B$G$O(B, $B$3$N$h$&$J%5!<%I%Q!<%F%#@=%"%W%j%1!<%7%g%s$N%;%-%e%j%F%#(B
$BLdBj$KBP$7$F(B, $BFC$K2?$+$r<gD%$9$k$3$H$O$"$j$^$;$s(B ($BLuCm(B: Ports Collection $B$K(B
$BF~$C$F$$$k$+$i$H$$$C$F(B, FreeBSD $B$N3+H/<T$?$A$,$=$N%"%W%j%1!<%7%g%s$,(B
$B0BA4$G$"$k$HI>2A$7$?$o$1$G$O$"$j$^$;$s(B).  $B$?$@$7(B, $B%;%-%e%j%F%#LdBj$KBP$7$F(B
$BBg$-$J1F6A$r;}$D$h$&$J(B ports $B$KBP$9$k%;%-%e%j%F%#4F::$rDs6!$9$Y$/(B,
$B8=:_EXNOCf$G$9(B.

III. $B1F6AHO0O(B - Impact

Unprivileged local users can cause an arbitrary file writable by a
victim to be overwritten when the victim invokes the '<<' operator in
bash1 (e.g. from within a shell script).

$B9b$$8"8B$r;}$?$J$$%m!<%+%k%f!<%6$O(B, $B967bBP>]$H$J$C$?%f!<%6$,(B
bash1 $B$N(B '<<' $B1i;;;R$r(B ($B$?$H$($P%7%'%k%9%/%j%W%H$NCf$G(B) $B;H$C$?;~(B,
$B$=$N%f!<%6$KG$0U$N%U%!%$%k$r>e=q$-$5$;$k$3$H$,2DG=$G$9(B.

If you have not chosen to install the bash1 port/package, then your
system is not vulnerable to this problem.

bash1 $B$N(B port/package $B$r%$%s%9%H!<%k$7$F$$$J$1$l$P(B
$B%7%9%F%`$K$3$NLdBj$K$h$k%;%-%e%j%F%#>e$N<eE@$O$"$j$^$;$s(B.

IV.  $B2sHrJ}K!(B - Workaround

Deinstall the bash1 port/package, if you have installed it.

bash1 $B$N(B port/package $B$,%$%s%9%H!<%k$5$l$F$$$k>l9g$O(B,
$B$=$l$r%7%9%F%`$+$i:o=|$7$F$/$@$5$$(B.

V.   $B2r7h:v(B - Solution

One of the following:
$B<!$N$$$:$l$+$K=>$C$F$/$@$5$$(B.

1) Upgrade your entire ports collection and rebuild the bash1 port.
1) Ports Collection $BA4BN$r%"%C%W%0%l!<%I$7(B, bash1 $B$N(B port $B$r:F9=C[$7$^$9(B.

2) Deinstall the old package and install a new package dated after the
correction date, obtained from the following directories:
2) $B8E$$(B ($BLuCm(B: bash1 $B$N(B) package $B$r%7%9%F%`$+$i:o=|$7(B, $B=$@5F|0J9_$K(B
   $B:n@.$5$l$??7$7$$(B package $B$r0J2<$N>l=j$+$i<hF@$7$F%$%s%9%H!<%k$7$^$9(B.

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/shells/bash-1.14.7.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/shells/bash-1.14.7.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/shells/bash-1.14.7.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/shells/bash-1.14.7.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/shells/bash-1.14.7.tgz

NOTE: Due to an oversight the package version was not updated after
the security fix was applied, so be sure to install a package created
after the correction date.

$BCm0U(B: $B<j0c$$$N$?$a(B, $B%;%-%e%j%F%#LdBj=$@58e$N(B package $B$O(B
      $B%P!<%8%g%s$,99?7$5$l$F$$$^$;$s(B.  $B%$%s%9%H!<%k$7$h$&$H(B
      $B$7$F$$$k(B package $B$,=$@5F|0J9_$K:n@.$5$l$?$b$N$G$"$k$3$H$r(B
      $BI,$:3NG'$7$F$/$@$5$$(B.

3) download a new port skeleton for the bash1 port from:
3) bash1 $B$N?7$7$$(B port $B%9%1%k%H%s$r0J2<$N>l=j$+$i(B
   $B%@%&%s%m!<%I$7(B, $B$=$l$r;H$C$F(B port $B$r:F9=C[$7$^$9(B.

http://www.freebsd.org/ports/

and use it to rebuild the port.

4) Use the portcheckout utility to automate option (3) above. The
portcheckout port is available in /usr/ports/devel/portcheckout or the
package can be obtained from:
4) $B>e5-(B (3) $B$NA`:n$r<+F0E*$K9T$J$&(B portcheckout $B%f!<%F%#%j%F%#$r;H$$$^$9(B.
   portcheckout $B$N(B port $B$O(B /usr/ports/devel/portcheckout $B$K$"$j$^$9(B.
   $B$^$?(B, portcheckout $B$N(B package $B$,0J2<$N>l=j$+$iF~<j2DG=$G$9(B.

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz

A.   FreeBSD $B%;%-%e%j%F%#4+9p(B $BF|K\8lHG$K$D$$$F(B

$BF|K\8lLu$O(B FreeBSD $BF|K\8l%I%-%e%a%s%F!<%7%g%s%W%m%8%'%/%H(B (doc-jp) $B$,(B
$B;29M$N$?$a$KDs6!$9$k$b$N$G$9(B.  $B2a5n$NF|K\8lHG%;%-%e%j%F%#4+9p$O(B

 http://www.FreeBSD.org/ja/security/

$B$K$^$H$a$i$l$F$$$^$9(B.  

$B$?$@$7(B, $BK]Lu<T$*$h$S(B doc-jp $B$O(B, $B$=$NFbMF$K$D$$$F$$$+$J$kJ]>Z$b(B
$B$$$?$7$^$;$s$N$G$4Cm0U$/$@$5$$(B.  $BF|K\8lLu$K$D$$$F$N$40U8+(B, $B$4MWK>(B,
$B$*Ld$$9g$o$;Ey$O(B doc-jp@jp.FreeBSD.org $B$^$G$*4j$$$7$^$9(B.

$B$3$N4+9p$NCf$G>R2p$5$l$F$$$k(B WWW $B%5%$%H(B http://www.FreeBSD.org/ $B$*$h$S(B
FTP $B%5%$%H(B ftp://ftp.FreeBSD.org/ $B$K$O(B, $BF|K\$N%_%i!<%5%$%H$,B8:_$7$^$9(B.
$B%M%C%H%o!<%/$N:.;($r4KOB$9$k$?$a(B, $B$^$:$O%_%i!<%5%$%H$NMxMQ$r(B
$B9MN8$9$k$h$&$*4j$$$7$^$9(B.

$BF|K\$N%_%i!<%5%$%H$rMxMQ$9$k$K$O(B,
http://www.FreeBSD.org/ $B$r(B http://www.jp.FreeBSD.org/www.freebsd.org/ $B$K(B,
ftp://ftp.FreeBSD.org/ $B$r(B ftp://ftp.jp.FreeBSD.org/ $B$K(B,
$B$=$l$>$lCV$-49$($F$/$@$5$$(B.

$BB>$NCO0h$r4^$`(B, $B%_%i!<%5%$%H$K4X$9$k>\:Y$O(B,

 http://www.FreeBSD.org/handbook/mirror.html ($B1QJ8(B)
 http://www.FreeBSD.org/ja/handbook/mirror.html ($BF|K\8lLu(B)

$B$K$^$H$a$i$l$F$$$^$9(B.

$hrs: announce-jp/FreeBSD-SA/01:03,v 1.1 2001/01/17 21:07:52 hrs Exp $

----Next_Part(Thu_Jan_18_06:12:51_2001_463)----
