On Mon, 2004-07-26 at 14:37 -0400, John Richard Moser wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
>
>
> Andres Salomon wrote:
> | On Sun, 25 Jul 2004 12:57:29 -0400, John Richard Moser wrote:
> |
[...]
>
> Did some digging. pipacs said that PAGEE
On Sun, 25 Jul 2004 12:57:29 -0400, John Richard Moser wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> I'm interested in discussing the viability of PaX on Debian. I'd like
> to discuss the changes to the base system that would be made, the costs
> in terms of overhead and compatibi
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=155529&repeatmerged=yes
On Thu, Aug 08, 2002 at 09:31:00PM -0400, Anthony DeRobertis wrote:
>
> http://online.securityfocus.com/archive/1/286087/2002-07-30/2002-08-05/0
>
> I haven't seen anything about this from Debian. They site "GNU libc
> 2.2.
I've crontabbed `DEBIAN_FRONTEND=noninteractive apt-get -q
dist-upgrade`. I've not yet had any problems w/ it; debconf questions
should use the default, and config files should not be overwritten. Of
course, this is w/ stable; I wouldn't trust this w/ testing/unstable.
On Thu, Aug 01, 2002
debian-security-announce sounds like the list you want.
On Sat, Mar 16, 2002 at 11:43:41PM +0530, Sandip Bhattacharya wrote:
>
> Pardon my ignorance, but I was under the impression that this list is only
> about official Security Announcements for Debian(DSA), and not a general
> discussion on s
debian-security-announce sounds like the list you want.
On Sat, Mar 16, 2002 at 11:43:41PM +0530, Sandip Bhattacharya wrote:
>
> Pardon my ignorance, but I was under the impression that this list is only
> about official Security Announcements for Debian(DSA), and not a general
> discussion on
Take a look at the St. Jude kernel module/model paper on sourceforge. I
haven't gotten the module to do anything other than hang the box (under
2.4), but the paper itself is interesting, and along the lines of what
you want. Essentially, privileged processes have certain syscalls
watched (sys_exe
Take a look at the St. Jude kernel module/model paper on sourceforge. I
haven't gotten the module to do anything other than hang the box (under
2.4), but the paper itself is interesting, and along the lines of what
you want. Essentially, privileged processes have certain syscalls
watched (sys_ex
argh, this sounds like the sort of thing that would've been useful
when i set up rsync on our company backup machine (as opposed to writing
a small shell that chrooted and ran rsync).
it doesn't appear to be in debian unstable; apt-cache shows no third
party module for it, and it's most definitely
argh, this sounds like the sort of thing that would've been useful
when i set up rsync on our company backup machine (as opposed to writing
a small shell that chrooted and ran rsync).
it doesn't appear to be in debian unstable; apt-cache shows no third
party module for it, and it's most definitel
I looked into it a while ago; at the time, I was using 2.4, and it
hadn't yet been ported (and I didn't have the time to do it). The paper
certainly was interesting, though. Cylant ran a contest a while back,
with a commercial product that sounded very similar to the St. Jude
model (plus a few ex
I looked into it a while ago; at the time, I was using 2.4, and it
hadn't yet been ported (and I didn't have the time to do it). The paper
certainly was interesting, though. Cylant ran a contest a while back,
with a commercial product that sounded very similar to the St. Jude
model (plus a few e
efault.
On Tue, Sep 18, 2001 at 04:24:05PM -0700, Micah Anderson wrote:
>
> Not all mutt users use vi, as a pager I use most, as an editor I use
> jed. These things can be configured.
>
>
> On Tue, 18 Sep 2001, Andres Salomon wrote:
>
> > Aside from the fact that
to classify
this as a remote exploit.
On Tue, Sep 18, 2001 at 05:01:59PM -0400, Aaron M. Ucko wrote:
>
> Andres Salomon <[EMAIL PROTECTED]> writes:
>
> > How is this a remote exploit?
>
> If I know somebody uses most as a pager for mail, I can send him or
> her a
efault.
On Tue, Sep 18, 2001 at 04:24:05PM -0700, Micah Anderson wrote:
>
> Not all mutt users use vi, as a pager I use most, as an editor I use
> jed. These things can be configured.
>
>
> On Tue, 18 Sep 2001, Andres Salomon wrote:
>
> > Aside from the fact that
to classify
this as a remote exploit.
On Tue, Sep 18, 2001 at 05:01:59PM -0400, Aaron M. Ucko wrote:
>
> Andres Salomon <[EMAIL PROTECTED]> writes:
>
> > How is this a remote exploit?
>
> If I know somebody uses most as a pager for mail, I can send him or
&g
ippl is also quite helpful. http://pltplp.net/ippl/.
On Wed, Aug 15, 2001 at 09:59:27AM +0200, J?rgen Persson wrote:
[...]
>
> > How can I find out, from where this attack is originating? Must I increase
> > the verbositiy level of sshd to achieve this?
>
> sshd might be able to do it. I'm log
ippl is also quite helpful. http://pltplp.net/ippl/.
On Wed, Aug 15, 2001 at 09:59:27AM +0200, J?rgen Persson wrote:
[...]
>
> > How can I find out, from where this attack is originating? Must I increase
> > the verbositiy level of sshd to achieve this?
>
> sshd might be able to do it. I'm lo
On Tue, Jul 10, 2001 at 09:05:18AM -0400, Jason Healy wrote:
>
> At 994738826s since epoch (07/10/01 02:20:26 -0400 UTC), Micah Anderson wrote:
> > These both seem like excellent practices, for the clueless in all of us -
> > can someone describe how this is done for sudo? How do you configure PAM
On Tue, Jul 10, 2001 at 09:05:18AM -0400, Jason Healy wrote:
>
> At 994738826s since epoch (07/10/01 02:20:26 -0400 UTC), Micah Anderson wrote:
> > These both seem like excellent practices, for the clueless in all of us -
> > can someone describe how this is done for sudo? How do you configure PA
As far as trusting their password choices, I'm not too worried about
password guessing attacks; if an admin gets a password past pam_cracklib.so
(without overriding it as root), I have doubts that someone's going to
guess the password. Admins using the same password for multiple accounts
is anothe
As far as trusting their password choices, I'm not too worried about
password guessing attacks; if an admin gets a password past pam_cracklib.so
(without overriding it as root), I have doubts that someone's going to
guess the password. Admins using the same password for multiple accounts
is anoth
This is completely off-topic at this point, but there are a few uses
of sudo. The original poster trusts his admins, and wants to give
them all root privs without the hassle of having them all use one
account. Sudo is not enforcing anything in this case, it is merely
a) allowing convenience by al
This is completely off-topic at this point, but there are a few uses
of sudo. The original poster trusts his admins, and wants to give
them all root privs without the hassle of having them all use one
account. Sudo is not enforcing anything in this case, it is merely
a) allowing convenience by a
A few quick searches on google turned up some rather interesting
kernel patches...
sockfs:
http://users.ox.ac.uk/~mbeattie/linux-kernel.html
I'm not quite sure what to make of this. Very interesting, but
I can't imagine having 1024 numbers/socket representations in a
directory is the best way to
A few quick searches on google turned up some rather interesting
kernel patches...
sockfs:
http://users.ox.ac.uk/~mbeattie/linux-kernel.html
I'm not quite sure what to make of this. Very interesting, but
I can't imagine having 1024 numbers/socket representations in a
directory is the best way to
On Tue, May 01, 2001 at 11:25:49AM +0100, Tim Haynes wrote:
>
> Andres Salomon <[EMAIL PROTECTED]> writes:
>
> > Perhaps I'm misunderstanding your proposition, but how is this different
> > than, say, having inetd listen on ports below 1024, and then
> > for
On Tue, May 01, 2001 at 10:11:45AM +, Adam Olsen wrote:
>
> On Tue, May 01, 2001 at 05:48:54AM -0400, Andres Salomon wrote:
> > Perhaps I'm misunderstanding your proposition, but how is this different
> > than, say, having inetd listen on ports below 1024, and then
&g
Perhaps I'm misunderstanding your proposition, but how is this different
than, say, having inetd listen on ports below 1024, and then
forking/changing to a different user once a connection is made to the port?
[EMAIL PROTECTED] drive2]# echo "finger stream tcp nowait nobody /usr/bin/id"
>> /etc/
On Tue, May 01, 2001 at 11:25:49AM +0100, Tim Haynes wrote:
>
> Andres Salomon <[EMAIL PROTECTED]> writes:
>
> > Perhaps I'm misunderstanding your proposition, but how is this different
> > than, say, having inetd listen on ports below 1024, and then
> >
On Tue, May 01, 2001 at 10:11:45AM +, Adam Olsen wrote:
>
> On Tue, May 01, 2001 at 05:48:54AM -0400, Andres Salomon wrote:
> > Perhaps I'm misunderstanding your proposition, but how is this different
> > than, say, having inetd listen on ports below 1024, and then
&g
Perhaps I'm misunderstanding your proposition, but how is this different
than, say, having inetd listen on ports below 1024, and then
forking/changing to a different user once a connection is made to the port?
[root@incandescent drive2]# echo "finger stream tcp nowait nobody /usr/bin/id" >>
/et
Ugh. Why did my apt-get dist-upgrades not mention or grab this package?
Btw, now that's it's installed, it's logging correctly..
On Fri, Apr 06, 2001 at 02:26:31PM -0500, Nathan E Norman wrote:
> X-Mailing-List: archive/latest/2255
> Resent-Sender: [EMAIL PROTECTED]
> Resent-Date: Fri, 06 Apr 2
Ugh. Why did my apt-get dist-upgrades not mention or grab this package?
Btw, now that's it's installed, it's logging correctly..
On Fri, Apr 06, 2001 at 02:26:31PM -0500, Nathan E Norman wrote:
> X-Mailing-List: <[EMAIL PROTECTED]> archive/latest/2255
> Resent-Sender: [EMAIL PROTECTED]
> Resent
This is a fairly common error w/ 2.4.x. Actually, error is the wrong
word; more like warning. The only reason you're seeing it is because
TCP_DEBUG is defined. If it's annoying, you can undefine it in
linux/include/net/tcp.h.
On Fri, Apr 06, 2001 at 12:03:40PM -0400, Noah L. Meyerhans wrote:
On Fri, Apr 06, 2001 at 11:06:26AM -0500, S.Salman Ahmed wrote:
>
> I've noticed the same problem on my firewall system which is running
> kernel-2.4.2 and sid:
>
> -rw-r-1 root adm 0 Mar 25 06:48 kern.log
> -rw-r-1 root adm 0 Mar 18 06:48 lpr.log
>
On Fri, Apr 06, 2001 at 10:55:52AM -0300, H?lio Alexandre Lopes Loureiro wrote:
>
> Verify if your "/etc/syslog.conf" is right:
>
> kern.* -/var/log/kern.log
They are, in fact, tabs. Actually, the syslog.conf file is the one
that came w/ debian's sysklogd package; i haven't touc
This is a fairly common error w/ 2.4.x. Actually, error is the wrong
word; more like warning. The only reason you're seeing it is because
TCP_DEBUG is defined. If it's annoying, you can undefine it in
linux/include/net/tcp.h.
On Fri, Apr 06, 2001 at 12:03:40PM -0400, Noah L. Meyerhans wrote
On Fri, Apr 06, 2001 at 11:06:26AM -0500, S.Salman Ahmed wrote:
>
> I've noticed the same problem on my firewall system which is running
> kernel-2.4.2 and sid:
>
> -rw-r-1 root adm 0 Mar 25 06:48 kern.log
> -rw-r-1 root adm 0 Mar 18 06:48 lpr.log
On Fri, Apr 06, 2001 at 10:55:52AM -0300, H?lio Alexandre Lopes Loureiro wrote:
>
> Verify if your "/etc/syslog.conf" is right:
>
> kern.* -/var/log/kern.log
They are, in fact, tabs. Actually, the syslog.conf file is the one
that came w/ debian's sysklogd package; i haven't tou
i was playing w/ a kernel driver when i noticed the following:
(machine 1)
-rw-r-1 root adm 0 Mar 25 06:49 /var/log/kern.log
-rw-r-1 root adm 2259 Mar 20 17:59 /var/log/kern.log.0
(machine 2)
-rw-r-1 root adm 0 Mar 25 06:49 /var
i was playing w/ a kernel driver when i noticed the following:
(machine 1)
-rw-r-1 root adm 0 Mar 25 06:49 /var/log/kern.log
-rw-r-1 root adm 2259 Mar 20 17:59 /var/log/kern.log.0
(machine 2)
-rw-r-1 root adm 0 Mar 25 06:49 /va
Check out
http://members.nbci.com/dsinet/network-sniffers/interface-promiscuity-obscurity.txt
The only other thing I can think of is, something (or someone) is resetting
interface flags (not even sure if that's still possible, the article's from
'98),
or there's some subtle bug in the nic's drive
On Fri, Mar 16, 2001 at 10:27:23PM -0600, JonesMB wrote:
>
> >Hi, Are you sure that this machine wasn't compromised ???
>
> this line made me wonder about what the correct output of ifconfig should
> be. I assume that if I am not listening on the port, the PROMISC entry
> should not be reporte
On Fri, Mar 16, 2001 at 09:04:47PM -0500, S.Salman Ahmed wrote:
>
> > "marlonsj" == marlonsj writes:
> marlonsj> Hi, Are you sure that this machine wasn't compromised ???
> marlonsj>
>
> Absolutely.
>
> I get the same behaviour from ifconfig on another sid machine (this one
> is
Check out
http://members.nbci.com/dsinet/network-sniffers/interface-promiscuity-obscurity.txt
The only other thing I can think of is, something (or someone) is resetting
interface flags (not even sure if that's still possible, the article's from '98),
or there's some subtle bug in the nic's drive
On Fri, Mar 16, 2001 at 10:27:23PM -0600, JonesMB wrote:
>
> >Hi, Are you sure that this machine wasn't compromised ???
>
> this line made me wonder about what the correct output of ifconfig should
> be. I assume that if I am not listening on the port, the PROMISC entry
> should not be report
On Fri, Mar 16, 2001 at 09:04:47PM -0500, S.Salman Ahmed wrote:
>
> > "marlonsj" == marlonsj writes:
> marlonsj> Hi, Are you sure that this machine wasn't compromised ???
> marlonsj>
>
> Absolutely.
>
> I get the same behaviour from ifconfig on another sid machine (this one
> is
This rather disturbs me, since I depend on sudo far too much..
- Forwarded message from Gossi The Dog <[EMAIL PROTECTED]> -
Delivered-To: [EMAIL PROTECTED]
Approved-By: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Delivered-To: bugtraq@securityfocus.com
Date: Fri, 23 Feb 2001
This rather disturbs me, since I depend on sudo far too much..
- Forwarded message from Gossi The Dog <[EMAIL PROTECTED]> -
Delivered-To: [EMAIL PROTECTED]
Approved-By: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Date: Fri, 23 Feb 2001 00:53:
Ooops. Mandrake cooker, and Debian unstable. In other words: glibc2.2
systems. glibc 2.1's resolver (/lib/libnss_db.so.2) appears unaffected.
This is why some of you aren't seeing it.
ii libc6 2.2-6 GNU C Library: Shared libraries and Timezone
try it w/ traceroute. lotsa fun, and it works
on mandrake, too.
things like this make me glad i don't have to deal w/ untrusted
customers that have shell access...
ii traceroute 1.4a8-1Traces the route taken by packets over a TCP
On Mon, Jan 08, 2001 at 11:13:49AM -0700, Kevin wr
Ooops. Mandrake cooker, and Debian unstable. In other words: glibc2.2
systems. glibc 2.1's resolver (/lib/libnss_db.so.2) appears unaffected.
This is why some of you aren't seeing it.
ii libc6 2.2-6 GNU C Library: Shared libraries and Timezone
--
To UNSUBSCRIBE, email to
try it w/ traceroute. lotsa fun, and it works
on mandrake, too.
things like this make me glad i don't have to deal w/ untrusted
customers that have shell access...
ii traceroute 1.4a8-1Traces the route taken by packets over a TCP
On Mon, Jan 08, 2001 at 11:13:49AM -0700, Kevin w
On Thu, Dec 28, 2000 at 04:46:00PM -0800, Joe Buck wrote:
>
> Notice that security holes fall into classes? One category of hole
> should be easy to eliminate from Debian by instituting a code auditing
> requirement. I'm referring to insecure creation of temporary files,
> allowing for symlink a
On Thu, Dec 28, 2000 at 04:46:00PM -0800, Joe Buck wrote:
>
> Notice that security holes fall into classes? One category of hole
> should be easy to eliminate from Debian by instituting a code auditing
> requirement. I'm referring to insecure creation of temporary files,
> allowing for symlink
On Wed, Dec 13, 2000 at 10:23:12AM -0800, Alex Swavely wrote:
>
> I think the point here is that the user WILL NOT read such documentation 90%
> of the time, regardless (which is why the RTFM Coffee Mug over at thinkgeek
> is so popular).
>
this is exactly why i think something like this would b
On Wed, Dec 13, 2000 at 10:23:12AM -0800, Alex Swavely wrote:
>
> I think the point here is that the user WILL NOT read such documentation 90%
> of the time, regardless (which is why the RTFM Coffee Mug over at thinkgeek
> is so popular).
>
this is exactly why i think something like this would
On Tue, Dec 12, 2000 at 08:41:30PM -0500, S.Salman Ahmed wrote:
>
> >>>>> "AS" == Andres Salomon <[EMAIL PROTECTED]> writes:
> AS> Oh, I totally agree; this would have to be on a per-package
> AS> basis, however. Hence, it would rely o
On Tue, Dec 12, 2000 at 07:27:32PM -0500, S.Salman Ahmed wrote:
>
> >>>>> "AS" == Andres Salomon <[EMAIL PROTECTED]> writes:
> AS>
> AS> The HOWTO, on the other hand, falls under the category of
> AS> know-what-you're-doing-
I believe he was talking about a hardening script, which would
imply some sort of automated script that removes setuid bits,
permissions, etc, throughout the filesystem. To this end, I agree
with Wichert; it's not needed in debian. Very few binaries are
setuid root, and permissions are generally
On Tue, Dec 12, 2000 at 08:41:30PM -0500, S.Salman Ahmed wrote:
>
> >>>>> "AS" == Andres Salomon <[EMAIL PROTECTED]> writes:
> AS> Oh, I totally agree; this would have to be on a per-package
> AS> basis, however. Hence, it would rely o
On Tue, Dec 12, 2000 at 07:27:32PM -0500, S.Salman Ahmed wrote:
>
> >>>>> "AS" == Andres Salomon <[EMAIL PROTECTED]> writes:
> AS>
> AS> The HOWTO, on the other hand, falls under the category of
> AS> know-what-you're-do
I believe he was talking about a hardening script, which would
imply some sort of automated script that removes setuid bits,
permissions, etc, throughout the filesystem. To this end, I agree
with Wichert; it's not needed in debian. Very few binaries are
setuid root, and permissions are generally
On Fri, Nov 17, 2000 at 03:46:19AM -0900, Ethan Benson wrote:
> On Fri, Nov 17, 2000 at 12:36:54PM +, thomas lakofski wrote:
> > fyi -- i've not tried it.
>
> i have, it does not work, i tried several different variations and
> failed to create any files in /var/spool/cron.
>
> i do not belie
On Fri, Nov 17, 2000 at 03:46:19AM -0900, Ethan Benson wrote:
> On Fri, Nov 17, 2000 at 12:36:54PM +, thomas lakofski wrote:
> > fyi -- i've not tried it.
>
> i have, it does not work, i tried several different variations and
> failed to create any files in /var/spool/cron.
>
> i do not beli
66 matches
Mail list logo
