Henrik Olsen wrote:
>
> On Sun, 16 Apr 2000, Harald Tveit Alvestrand wrote:
> > At 14:51 15.04.2000 +0200, Henrik Olsen wrote:
> > >On Sat, 15 Apr 2000, Brian J. Beesley wrote:
> > > > On 15 Apr 00, at 4:22, Henrik Olsen wrote:
> > > >
> > > > > I just tried downloading 20.3, both mprime and sprime, as well as tried
> > > > > with mprime 19.0.2 . None of them where able to detect the network as
> > > > > being available on a machine running Mandrake Linux, kernel version
> > > > > 2.2.14-15mdksecure, probably due to /proc/net not being readable by
> > > > > non-root on such a system, which is a bit of a bummer, as I as I don't
> > > > > want to have to run it as root. :(
> > > > >
> > > > > Does a solution exist for running mprime on such a system or will I have
> > > > > to use this one as well for SNFS sieving instead of GIMPS?
> >
> > Check /etc/fstab.
> > There's a line there that says something like
> >
> > none /proc proc something 0 0
> >
> > If you change "something" (whatever that is) to "defaults", and umount and
> > mount /proc, everyone can probably read it.
> It's already
> none /proc proc defaults 0 0
> in /etc/fstab, the 550 permissions for /proc/net isn't due to a mount
> option, but looks like it's modified in the source.
>
> > No idea why Mandrake would choose not to make it world readable....
> It's essentially a paranoid version of RedHat, which is actually a Good
> Thing (tm), as RH has more holes than a sieve out of the box.
>
> >
> > Harald
>
Hello,
It can even be done easier, mount /proc with the gid=(group id) and make
mersenne
member of this group
>From the docs wich comes with the security patches:
Restricted /proc
------------------
...
This option restricts the permissions on /proc so that non-root users
can
see their own processes only, and nothing about active network
connections,
unless they're in a special group. This group's id is specified via the
gid= mount option, and is 0 by default. (Note: if you're using identd,
you
will need to edit the inetd.conf line to run identd as this special
group.)
Also, this disables dmesg(8) for the users. You might want to use this
on an ISP shell server where privacy is an
issue.
....
As said before the security patch normally does not enable a secured
proc filesystem, the mandrake mdksec kernel does.
The mdksecure kernel has kernel moodule versions set, which makes
it possible to insert a module which is compiled elsewhere, this is
clearly less secure.
Kind regards, martijn
--
http://jkf.penguinpowered.com
Linux distributies voor maar
Fl 10 per CD, inclusief verzendkosten!
_________________________________________________________________
Unsubscribe & list info -- http://www.scruz.net/~luke/signup.htm
Mersenne Prime FAQ -- http://www.tasam.com/~lrwiman/FAQ-mers
