Re: SUID permission on Bash script
per...@pluto.rain.com wrote: RW rwmailli...@googlemail.com wrote: On Sat, 29 Aug 2009 00:06:29 -0700 per...@pluto.rain.com wrote: Actually, absent some careful cooperation between the kernel and the interpreter to prevent a race condition ... isn't that the same issue that Matthew Seaman was saying was fixed years ago ... and is described in the follow-up: http://www.mail-archive.com/freebsd-questions@freebsd.org/msg185145.html That's entirely in the kernel, it doesn't require interpreter support. Er, I'm pretty sure it _does_ require support in the interpreter. It would do no good for the kernel to hand the interpreter an open descriptor if the interpreter did not somehow know to read the script from that open descriptor instead of opening the script file by name. This approach is exactly the careful cooperation between the kernel and the interpreter that I was referring to. Errr -- no. That's what fdescfs(5) is for. When the kernel execs the interpreter, it tells the script to open /dev/fd/5 (for example) and doing that just connects the script to the open file descriptor the kernel used previously to taste the magic number and the #! line of the script. As fdescfs(5) says: [...] the call: fd = open(/dev/fd/0, mode); and the call: fd = fcntl(0, F_DUPFD, 0); are equivalent. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: SUID permission on Bash script
Matthew Seaman m.sea...@infracaninophile.co.uk wrote: It would do no good for the kernel to hand the interpreter an open descriptor if the interpreter did not somehow know to read the script from that open descriptor instead of opening the script file by name. Errr -- no. That's what fdescfs(5) is for. When the kernel execs the interpreter, it tells the script to open /dev/fd/5 (for example) and doing that just connects the script to the open file descriptor the kernel used previously to taste the magic number and the #! line of the script. which -- again absent some special arrangement in the interpreter -- would cause the script to receive $0 as /dev/fd/5 instead of the actual name of the script, no? I'd expect this to at least break any messages that the script might try to produce via constructs like echo $0: whatever ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SUID permission on Bash script
Michael David Crawford m...@prgmr.com wrote: It's not that setuid shell scripts are really more inherently insecure than programs written in C. Actually, absent some careful cooperation between the kernel and the interpreter to prevent a race condition that can cause the interpreter to run (with elevated permissions) a completely different script than the one that was marked setuid, setuid scripts _are_ insecure in a way that _cannot_ be fixed by any degree of care that might be taken in the writing of the script. Check the hackers@ archives. It was discussed a little over a month ago. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SUID permission on Bash script
per...@pluto.rain.com wrote: Actually, absent some careful cooperation between the kernel and the interpreter to prevent a race condition that can cause the interpreter to run (with elevated permissions) a completely different script than the one that was marked setuid, setuid scripts _are_ insecure in a way that _cannot_ be fixed by any degree of care that might be taken in the writing of the script. Wow. I had no idea. A while back a coworker asked me to help figure out why he couldn't get his script to run setuid on Linux. Some investigation turned up that the Linux kernel explicitly forbids setuid programs whose first two bytes are # and !. So it disables even setuid scripts that don't use the shell, like Python or Perl scripts. I came across a page that explained all the different ways setuid scripts could screw up - one would have to be a rocket scientist to avoid all the potential pitfalls. Mike -- Michael David Crawford m...@prgmr.com prgmr.com - We Don't Assume You Are Stupid. Xen-Powered Virtual Private Servers: http://prgmr.com/xen ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SUID permission on Bash script
On Sat, 29 Aug 2009 00:17:24 -0700, Michael David Crawford m...@prgmr.com wrote: I came across a page that explained all the different ways setuid scripts could screw up - one would have to be a rocket scientist to avoid all the potential pitfalls. Hi Michael, It would be a very useful addition to the list archives if you pointed at the URI of the page. This way future readers will find it too :) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SUID permission on Bash script
On Sat, 29 Aug 2009 00:06:29 -0700 per...@pluto.rain.com wrote: Michael David Crawford m...@prgmr.com wrote: It's not that setuid shell scripts are really more inherently insecure than programs written in C. Actually, absent some careful cooperation between the kernel and the interpreter to prevent a race condition that can cause the interpreter to run (with elevated permissions) a completely different script than the one that was marked setuid, setuid scripts _are_ insecure in a way that _cannot_ be fixed by any degree of care that might be taken in the writing of the script. Check the hackers@ archives. It was discussed a little over a month ago. But is isn't that the same issue that Matthew Seaman was saying was fixed years ago (in the link I gave before), and is described in the follow-up: http://www.mail-archive.com/freebsd-questions@freebsd.org/msg185145.html That's entirely in the kernel, it doesn't require interpreter support. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SUID permission on Bash script
On Fri, Aug 28, 2009 at 08:10:59PM -0600, Tim Judd wrote: On 8/28/09, RW rwmailli...@googlemail.com wrote: On Fri, 28 Aug 2009 11:54:19 +0300 Giorgos Keramidas keram...@ceid.upatras.gr wrote: On Fri, 28 Aug 2009 09:24:35 +0100, Jeronimo Calvo jeronimocal...@googlemail.com wrote: As far as i know, using SUID, script must runs with root permissions... so i shoudnt get Permission denied, what im doing wrong?? No it must not. There are security reasons why shell scripts are not setuid-capable. You can find some of them in the archives of the mailing list, going back at least until 1997. I'm bit puzzled by this, previous threads have given the impression that this is a myth, for example: http://www.mail-archive.com/freebsd-questions@freebsd.org/msg185134.html So are scripts actually incapable of running setuid? Dunno, but this dawns on me.. what defines a script? I've always defined a script that starts with a #! shebang. So the script can be SUID, but the interpreter/shell isn't. Is that why it doesn't work? It doesn't work because the system does not allow it - for security reasons. You could fish around and defeat that but don't. The most common way to get around it is create a tiny binary that can run Setuid which merely invokes your script. The better way is to use Sudo as has been suggested already in this thread. jerry --Tim ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SUID permission on Bash script
RW wrote: On Sat, 29 Aug 2009 00:06:29 -0700 per...@pluto.rain.com wrote: Michael David Crawford m...@prgmr.com wrote: It's not that setuid shell scripts are really more inherently insecure than programs written in C. Actually, absent some careful cooperation between the kernel and the interpreter to prevent a race condition that can cause the interpreter to run (with elevated permissions) a completely different script than the one that was marked setuid, setuid scripts _are_ insecure in a way that _cannot_ be fixed by any degree of care that might be taken in the writing of the script. Check the hackers@ archives. It was discussed a little over a month ago. But is isn't that the same issue that Matthew Seaman was saying was fixed years ago (in the link I gave before), and is described in the follow-up: http://www.mail-archive.com/freebsd-questions@freebsd.org/msg185145.html That's entirely in the kernel, it doesn't require interpreter support. The race condition between the kernel opening the script and the interpreter doing so should certainly be fixed in any Unix or Linux distribution available today. Either, as above, by the kernel passing an open file descriptor to the invoked script, or simply by ignoring any setuid or setgid bits on interpreted scripts. There are other attacks against SUID scripts -- see for instance: http://www.tech-faq.com/suid-root-script-binary.shtml http://www.faqs.org/faqs/unix-faq/faq/part4/section-7.html most of which work by exploiting the sort of features of the scripting language that make it into a powerful and useful tool. Almost all of these sort of exploits can be avoided by careful programming -- for instance, always explicitly setting $IFS and $PATH to known good values, or using the one set of command line flags allowed on the #! line to block the '-i' trick (ie. use '#!/bin/sh --' which forces any subsequent items on the command line to be treated as files rather than command options). However, you (the programmer) would have to know all about the various tricks for exploiting suid-ness in order to counter them. The preferred way of running a script SUID is to write a very small C wrapper program that can be made SUID and that executes the script after gaining increased privileges. Done well, this is definitely the best and most secure approach. Note however that the C wrapper must be similarly as carefully written as a suid script or many of the same exploits could still be possible. So, unless you are an expert programmer and understand how to defend your code against attack, your best bet really is to just use sudo(8). Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: SUID permission on Bash script
Perhaps a better idea than a setuid shell script, would be to figure out just what it is about your script that really needs to be executed as root. When write a C program that can do just that one thing - and absolutely nothing else. If it takes any kind of input, or command line parameters, then it must validate them very carefully, to ensure that it's not being misused. Then your script could call that C program whenever it needs that privileged operation performed. Suppose you were to give the keys to your Lamborghini to a parking attendant. Wouldn't you want to trust that he wasn't going to sell your Lamborghini to a chop shop? Writing a setuid program is just like that: writing one poorly is like handing your race car keys to a car thief. He might not steal your car today, but if you're not careful about how you hand out your trust, he will someday. Mike -- Michael David Crawford m...@prgmr.com prgmr.com - We Don't Assume You Are Stupid. Xen-Powered Virtual Private Servers: http://prgmr.com/xen ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SUID permission on Bash script
RW rwmailli...@googlemail.com wrote: On Sat, 29 Aug 2009 00:06:29 -0700 per...@pluto.rain.com wrote: Actually, absent some careful cooperation between the kernel and the interpreter to prevent a race condition ... isn't that the same issue that Matthew Seaman was saying was fixed years ago ... and is described in the follow-up: http://www.mail-archive.com/freebsd-questions@freebsd.org/msg185145.html That's entirely in the kernel, it doesn't require interpreter support. Er, I'm pretty sure it _does_ require support in the interpreter. It would do no good for the kernel to hand the interpreter an open descriptor if the interpreter did not somehow know to read the script from that open descriptor instead of opening the script file by name. This approach is exactly the careful cooperation between the kernel and the interpreter that I was referring to. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
SUID permission on Bash script
Hi folks! Im trying to set up a reaaallly basic scrip to allow one user to shutdown my machine without root permisions, seting up SUID as follows: -rwsrwxr-- 1 root wheel 38 Aug 27 23:12 apagar.sh $ ./apagar.sh Permission denied content of script: cat apagar.sh ]#!/usr/local/bin/bash shutdown -p now As far as i know, using SUID, script must runs with root permissions... so i shoudnt get Permission denied, what im doing wrong?? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SUID permission on Bash script
On Fri, 28 Aug 2009 09:24:35 +0100, Jeronimo Calvo jeronimocal...@googlemail.com wrote: Hi folks! Im trying to set up a reaaallly basic scrip to allow one user to shutdown my machine without root permisions, seting up SUID as follows: -rwsrwxr-- 1 root wheel 38 Aug 27 23:12 apagar.sh $ ./apagar.sh Permission denied content of script: cat apagar.sh ]#!/usr/local/bin/bash shutdown -p now As far as i know, using SUID, script must runs with root permissions... so i shoudnt get Permission denied, what im doing wrong?? No it must not. There are security reasons why shell scripts are not setuid-capable. You can find some of them in the archives of the mailing list, going back at least until 1997. The good thing is that you don't need a shell script to do that. You can install `sudo' and give permission to the specific user to run: sudo shutdown -p now ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SUID permission on Bash script
Aham! so SUID can be applied to sh but it doesn't work!, there is not anyway to apply it? apart from installing sudo?, The thing is that installing sudo and adding that user into sudoers, that user will be capable to do any other SU tasks, apart of shutting down... wich i dont like :D (I know that SUID could be even worst if they edit the .sh file... but lets believe they dont even know that XD) Cheers! 2009/8/28 Giorgos Keramidas keram...@ceid.upatras.gr On Fri, 28 Aug 2009 09:24:35 +0100, Jeronimo Calvo jeronimocal...@googlemail.com wrote: Hi folks! Im trying to set up a reaaallly basic scrip to allow one user to shutdown my machine without root permisions, seting up SUID as follows: -rwsrwxr-- 1 root wheel 38 Aug 27 23:12 apagar.sh $ ./apagar.sh Permission denied content of script: cat apagar.sh ]#!/usr/local/bin/bash shutdown -p now As far as i know, using SUID, script must runs with root permissions... so i shoudnt get Permission denied, what im doing wrong?? No it must not. There are security reasons why shell scripts are not setuid-capable. You can find some of them in the archives of the mailing list, going back at least until 1997. The good thing is that you don't need a shell script to do that. You can install `sudo' and give permission to the specific user to run: sudo shutdown -p now ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SUID permission on Bash script
On Friday 28 August 2009 10:54:19 Giorgos Keramidas wrote: On Fri, 28 Aug 2009 09:24:35 +0100, Jeronimo Calvo jeronimocal...@googlemail.com wrote: Hi folks! Im trying to set up a reaaallly basic scrip to allow one user to shutdown my machine without root permisions, seting up SUID as follows: [snip] The good thing is that you don't need a shell script to do that. You can install `sudo' and give permission to the specific user to run: sudo shutdown -p now Or (assuming it doesn't grant too many other privileges) just put the user in group operator. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SUID permission on Bash script
On Fri, Aug 28, 2009 at 10:01:54AM +0100, Jeronimo Calvo wrote: 2009/8/28 Giorgos Keramidas keram...@ceid.upatras.gr On Fri, 28 Aug 2009 09:24:35 +0100, Jeronimo Calvo jeronimocal...@googlemail.com wrote: Im trying to set up a reaaallly basic scrip to allow one user to shutdown my machine without root permisions, seting up SUID as follows: -rwsrwxr-- 1 root wheel 38 Aug 27 23:12 apagar.sh $ ./apagar.sh Permission denied content of script: cat apagar.sh ]#!/usr/local/bin/bash shutdown -p now As far as i know, using SUID, script must runs with root permissions... so i shoudnt get Permission denied, what im doing wrong?? No it must not. There are security reasons why shell scripts are not setuid-capable. You can find some of them in the archives of the mailing list, going back at least until 1997. The good thing is that you don't need a shell script to do that. You can install `sudo' and give permission to the specific user to run: sudo shutdown -p now so SUID can be applied to sh but it doesn't work!, there is not anyway to apply it? apart from installing sudo?, The thing is that installing sudo and adding that user into sudoers, that user will be capable to do any other SU tasks, apart of shutting down... wich i dont like :D (I know that SUID could be even worst if they edit the .sh file... but lets believe they dont even know that XD) Please refrain from top-posting. It's both confusing and inconsiderate for anyone trying to read what you write or otherwise trying follow a discussion. First, as has already been pointed out, your approach is A Really Bad Idea and will lead nowhere so forget it. Second, you're misunderstanding sudo. From sudo(8): sudo allows a permitted user to execute a command as the superuser or another user, as specified in the sudoers file. Note the as specified. For example, if the sudoers file contains nothing but john ALL= NOPASSWD: /usr/sbin/shutdown then John (and only John) can use sudo to execute /usr/sbin/shutdown, but can't use sudo to execute any other commands. As an alternative to installing sudo, you can add your user to the operator group: pw groupmod operator -m john but be sure to understand the ramifications before doing so. -- George ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SUID permission on Bash script
On Fri, 28 Aug 2009 09:24:35 +0100, Jeronimo Calvo jeronimocal...@googlemail.com wrote: content of script: ]#!/usr/local/bin/bash ^ This ] doesn't belong to the script, does it? Furthermore, why do you employ bash for calling another program? It's standard to use sh (#!/bin/sh) if you don't use bash-specific commands and constructs, and I don't see them here. If you care for portablility, such a script is an absulute no-go. Furthermore, in order to perform shutdown -p now it's more convenient to use the sudo command (from ports) and add a rule (for maximum security) for the specific user who you want to be able to run this command. Finally, it's possible to place the user in question into the group operator, then he can perform the above command without needing (1st) sudo and (2nd) bash. Look at the permissions of the shutdown program: -r-sr-x--- 1 root operator /sbin/shutdown* Members of operator are +x for this binary. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SUID permission on Bash script
On Fri, 28 Aug 2009 11:54:19 +0300 Giorgos Keramidas keram...@ceid.upatras.gr wrote: On Fri, 28 Aug 2009 09:24:35 +0100, Jeronimo Calvo jeronimocal...@googlemail.com wrote: As far as i know, using SUID, script must runs with root permissions... so i shoudnt get Permission denied, what im doing wrong?? No it must not. There are security reasons why shell scripts are not setuid-capable. You can find some of them in the archives of the mailing list, going back at least until 1997. I'm bit puzzled by this, previous threads have given the impression that this is a myth, for example: http://www.mail-archive.com/freebsd-questions@freebsd.org/msg185134.html So are scripts actually incapable of running setuid? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SUID permission on Bash script
On 8/28/09, RW rwmailli...@googlemail.com wrote: On Fri, 28 Aug 2009 11:54:19 +0300 Giorgos Keramidas keram...@ceid.upatras.gr wrote: On Fri, 28 Aug 2009 09:24:35 +0100, Jeronimo Calvo jeronimocal...@googlemail.com wrote: As far as i know, using SUID, script must runs with root permissions... so i shoudnt get Permission denied, what im doing wrong?? No it must not. There are security reasons why shell scripts are not setuid-capable. You can find some of them in the archives of the mailing list, going back at least until 1997. I'm bit puzzled by this, previous threads have given the impression that this is a myth, for example: http://www.mail-archive.com/freebsd-questions@freebsd.org/msg185134.html So are scripts actually incapable of running setuid? Dunno, but this dawns on me.. what defines a script? I've always defined a script that starts with a #! shebang. So the script can be SUID, but the interpreter/shell isn't. Is that why it doesn't work? --Tim ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SUID permission on Bash script
On Fri, 28 Aug 2009 20:10:59 -0600, Tim Judd taj...@gmail.com wrote: Dunno, but this dawns on me.. what defines a script? I've always defined a script that starts with a #! shebang. So the script can be SUID, but the interpreter/shell isn't. Is that why it doesn't work? What is the difference of the script and the interpreter? The script is read and executed by the shell, the script itself isn't runnable at all. The itnerpreter specified by #! is executed and then starts to process the script. Is the interpreter running at SUID? Are the commands (child processes) that it executes (fork) running at SUID? But let us continue this consideration: If the shell process would be replaced by the command that is called, would it make a difference? Compare #!/bin/sh - this starts /bin/sh shutdown -p now - /bin/sh starts child shutdown to #!/bin/sh - this starts /bin/sh exec shutdown -p now- /bin/sh replaced by shutdown Hmmm... do I see this correctly? -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SUID permission on Bash script
On Sat, 29 Aug 2009 02:24:31 +0100, RW rwmailli...@googlemail.com wrote: On Fri, 28 Aug 2009 11:54:19 +0300 Giorgos Keramidas keram...@ceid.upatras.gr wrote: On Fri, 28 Aug 2009 09:24:35 +0100, Jeronimo Calvo jeronimocal...@googlemail.com wrote: As far as i know, using SUID, script must runs with root permissions... so i shoudnt get Permission denied, what im doing wrong?? No it must not. There are security reasons why shell scripts are not setuid-capable. You can find some of them in the archives of the mailing list, going back at least until 1997. I'm bit puzzled by this, previous threads have given the impression that this is a myth, for example: http://www.mail-archive.com/freebsd-questions@freebsd.org/msg185134.html So are scripts actually incapable of running setuid? If you hack at the kernel it may still be possible to run a script with setuid or setgid permissions. IMO there is still the possibility for many things to go wrong, especially with quick and dirty scripts. For example, what do you think will happen if a setuid script forgets to properly quote filenames in commands like: foo=$1 pidfile=/tmp/$foo.pid echo $$ $pidfile # cleanup my pidfile truncate -s $pidfile and then I run the script with: setuid.sh /etc/master.passwd /tmp/foo If you guessed that the pid value was not saved anywhere, that because of the lack of error checking nobody noticed, and that the final truncate command may have just wiped your `master.passwd' file your guess is probably right. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: SUID permission on Bash script
RW wrote: So are scripts actually incapable of running setuid? They aren't on Linux. I learned about that a while back when I investigated setuid scripts for a coworker. It's not that setuid shell scripts are really more inherently insecure than programs written in C. The problem is more that those who write such scripts tend not to observe the proper precautions. For example if you don't set the PATH explicitly, and you don't give absolute pathnames to all the subprograms you run, then a trojan that has the same name as some standard program can get run as root. If a program is going to be setuid at all, you really have to know what you're doing when you write it or else you'll find yourself opening a can of worms. Mike -- Michael David Crawford m...@prgmr.com prgmr.com - We Don't Assume You Are Stupid. Xen-Powered Virtual Private Servers: http://prgmr.com/xen ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org