[please cc: me on replies]
Hi everyone,
I'm currently rewriting the section of the Securing Debian manual
concerned with the extended attributes of ext2/ext3. Before sending the
patch to Javier Fernández-Sanguino Peña I thought it may be worth asking
for comments here. It's far from being
Title: unsubscribe
unsubscribe
[EMAIL PROTECTED]
Mit freundlichen Grüssen
SEEBURGER AG
EDV-Abteilung/Rechenzentrum
Jochen Schötterl
--
SEEBURGER AG, Edisonstrasse 1, D-75015 Bretten, Germany
Fax:+49(0)7252 96- Fon:+49(0)7252 96-1204
Hi
On Thu, Mar 13, 2003 at 09:02:47PM +1100, Frederic Schutz wrote:
p A better solution is to use the capabilities, as described in ref
id=proactive. The capability of interest is called
ttCAP_LINUX_IMMUTABLE/tt: if you remove it from the capabilities
bounding set (using for example the
Hi
On Thu, Mar 13, 2003 at 10:22:19PM +1100, Frederic Schutz wrote:
On Thu, 13 Mar 2003, Alexander Reelsen wrote:
Are you sure on this one?
# sysctl -A | grep cap-bound
kernel.cap-bound = -257
Being it a sysctl parameter makes me wonder whether you can set things
runtime (if you
Sorry, this thread was not intended for debsec!
--
--
IN MY NAME:Dale Amon, CEO/MD
No Mushroom clouds over Islandone Society
London and New York. www.islandone.org
mourne:/# umount /proc
umount: /proc: device is busy
syslog-ng killed from another terminal outside the pbuilder login
mourne:/# umount /proc
mourne:/# exit
exit
umount: /proc: device is busy
umount: /var/cache/pbuilder/build/13579/proc: not mounted
Could not unmount /proc, there might be
I'm trying to do an automated build from a spec sheet
and am near my wits end. apt-get and dpkg are simply
too uppity. They decide what I should do. They are
disobedient programs. Bad program! Bad!
Is anyone aware of an utterly stupid and *obedient*
installer? One that simply takes a package name
On Thu, Mar 13, 2003 at 12:09:17PM -0500, Burton Windle wrote:
dpkg?
dpkg -i filename.deb
Not even close. For instance:
PKGLIST=modutils- another+ another2+
apt-get -y install $PKGLIST
will fail. If you you do it at the lower level:
PKGLIST1=modutils
for
On Mar 03 2003, Martynas Domarkas wrote:
Try this: http://www.htthost.com/ , but use it on your own risk. It is a
real security hole. Better is to ask system administrator open some
rules on firewall for you.
These kind of programs, if I read well we have at least corkscrew and
httptunnel that
The question is... is there any way to protect against this? I mean, how
would you differenciate on for example, a squid, the traffic of one of this
tunnels from the real traffic you want to allow?
There is a way to protect any particular form of tunnelling (i.e., if you
know that a particular
Vassilii Khachaturov wrote:
The question is... is there any way to protect against this? I mean, how
would you differenciate on for example, a squid, the traffic of one of this
tunnels from the real traffic you want to allow?
There is a way to protect any particular form of tunnelling (i.e., if
On Thu, 13 Mar 2003 12:21:44 +0100 Alexander Reelsen wrote:
Capabilities is the next section that I plan to write/rewrite :-) The
interesting point about capabilities is that once one of them has been
removed, it can not be added back -- so lcap can only remove capabilities,
and not add them
-Original Message-
From: Rich Puhek [mailto:[EMAIL PROTECTED]
Reminds me of a rumor I heard that someone was working on an NFS over
SMTP gateway. Would have pretty crappy latency, but the point was to
prove that a firewall is not a guarrantee of security.
Also worth considering
On Thu, 2003-03-13 at 18:31, Dale Amon wrote:
PKGLIST2=another.deb another2.deb
for $pkg in $PKGLIST1; do
^ - I think the problem is right there ;)
dpkg --install $pkg yes
done
--Chris
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
On Fri, Mar 14, 2003 at 01:11:10AM +0100, Christopher Taylor wrote:
On Thu, 2003-03-13 at 18:31, Dale Amon wrote:
PKGLIST2=another.deb another2.deb
for $pkg in $PKGLIST1; do
^ - I think the problem is right there ;)
dpkg --install $pkg yes
On Thu, Mar 13, 2003 at 05:52:48PM -0600, Jeff Hahn wrote:
Never underestimate the bandwidth of a station wagon full of tapes.
Or a single IBM magtape on a 707 ;-)
--
--
IN MY NAME:Dale Amon, CEO/MD
No Mushroom clouds
On Thu, Mar 13, 2003 at 10:22:19PM +1100, Frederic Schutz wrote:
Does it answer your questions or did I miss a real loophole in the
strategy that I described ?
If an attacker gets root and loads a kernel module, that module could
restore the immutable capability. You'd have to disable
I currently spend a lot of time hardening boxes, is this discussion based on
the released doc I can get off the debian web site? or a new draft?
Steven
-Original Message-
From: Peter Cordes [mailto:[EMAIL PROTECTED]
Sent: Friday, 14 March 2003 7:41
To: [EMAIL PROTECTED]
Subject: Re:
I have looked around for a screen lock
for the text mode virtual terminal
that activates automatically after
a certain amount of idle time
but could not find even one.
Does anyone know of any?
On Thu, Mar 13, 2003 at 06:48:58AM +, Aurelio Turco wrote:
I have looked around for a screen lock
for the text mode virtual terminal
that activates automatically after
a certain amount of idle time
but could not find even one.
Does anyone know of any?
vlock does the locking part. You
[please cc: me on replies]
Hi everyone,
I'm currently rewriting the section of the Securing Debian manual
concerned with the extended attributes of ext2/ext3. Before sending the
patch to Javier Fernández-Sanguino Peña I thought it may be worth asking
for comments here. It's far from being
Title: unsubscribe
unsubscribe
[EMAIL PROTECTED]
Mit freundlichen Grüssen
SEEBURGER AG
EDV-Abteilung/Rechenzentrum
Jochen Schötterl
--
SEEBURGER AG, Edisonstrasse 1, D-75015 Bretten, Germany
Fax:+49(0)7252 96- Fon:+49(0)7252 96-1204
Hi
On Thu, Mar 13, 2003 at 09:02:47PM +1100, Frederic Schutz wrote:
p A better solution is to use the capabilities, as described in ref
id=proactive. The capability of interest is called
ttCAP_LINUX_IMMUTABLE/tt: if you remove it from the capabilities
bounding set (using for example the
On Thu, 13 Mar 2003, Alexander Reelsen wrote:
attribute on your system anymore, even by the superuser ! A complete
strategy could be as follows:
enumlist
item Set the attributes 'a' and 'i' on any file you want;
item Add the command ttlcap CAP_LINUX_IMMUTABLE/tt to one of
Hi
On Thu, Mar 13, 2003 at 10:22:19PM +1100, Frederic Schutz wrote:
On Thu, 13 Mar 2003, Alexander Reelsen wrote:
Are you sure on this one?
# sysctl -A | grep cap-bound
kernel.cap-bound = -257
Being it a sysctl parameter makes me wonder whether you can set things
runtime (if you
mourne:/# umount /proc
umount: /proc: device is busy
syslog-ng killed from another terminal outside the pbuilder login
mourne:/# umount /proc
mourne:/# exit
exit
umount: /proc: device is busy
umount: /var/cache/pbuilder/build/13579/proc: not mounted
Could not unmount /proc, there might be
Sorry, this thread was not intended for debsec!
--
--
IN MY NAME:Dale Amon, CEO/MD
No Mushroom clouds over Islandone Society
London and New York. www.islandone.org
I'm trying to do an automated build from a spec sheet
and am near my wits end. apt-get and dpkg are simply
too uppity. They decide what I should do. They are
disobedient programs. Bad program! Bad!
Is anyone aware of an utterly stupid and *obedient*
installer? One that simply takes a package name
On Thu, Mar 13, 2003 at 12:09:17PM -0500, Burton Windle wrote:
dpkg?
dpkg -i filename.deb
Not even close. For instance:
PKGLIST=modutils- another+ another2+
apt-get -y install $PKGLIST
will fail. If you you do it at the lower level:
PKGLIST1=modutils
for
On Mar 03 2003, Martynas Domarkas wrote:
Try this: http://www.htthost.com/ , but use it on your own risk. It is a
real security hole. Better is to ask system administrator open some
rules on firewall for you.
These kind of programs, if I read well we have at least corkscrew and
httptunnel that
The question is... is there any way to protect against this? I mean, how
would you differenciate on for example, a squid, the traffic of one of this
tunnels from the real traffic you want to allow?
There is a way to protect any particular form of tunnelling (i.e., if you
know that a particular
Vassilii Khachaturov wrote:
The question is... is there any way to protect against this? I mean, how
would you differenciate on for example, a squid, the traffic of one of this
tunnels from the real traffic you want to allow?
There is a way to protect any particular form of tunnelling (i.e.,
On Thu, 13 Mar 2003 12:21:44 +0100 Alexander Reelsen wrote:
Capabilities is the next section that I plan to write/rewrite :-) The
interesting point about capabilities is that once one of them has been
removed, it can not be added back -- so lcap can only remove capabilities,
and not add them
On Thu, 2003-03-13 at 18:31, Dale Amon wrote:
PKGLIST2=another.deb another2.deb
for $pkg in $PKGLIST1; do
^ - I think the problem is right there ;)
dpkg --install $pkg yes
done
--Chris
On Fri, Mar 14, 2003 at 01:11:10AM +0100, Christopher Taylor wrote:
On Thu, 2003-03-13 at 18:31, Dale Amon wrote:
PKGLIST2=another.deb another2.deb
for $pkg in $PKGLIST1; do
^ - I think the problem is right there ;)
dpkg --install $pkg yes
On Thu, Mar 13, 2003 at 05:52:48PM -0600, Jeff Hahn wrote:
Never underestimate the bandwidth of a station wagon full of tapes.
Or a single IBM magtape on a 707 ;-)
--
--
IN MY NAME:Dale Amon, CEO/MD
No Mushroom clouds
36 matches
Mail list logo