[CentOS-announce] CESA-2008:0161 Important CentOS 5 i386 cups - security update
CentOS Errata and Security Advisory 2009:0161 https://rhn.redhat.com/errata/RHSA-2008-0161.html The following updated files have been uploaded and are currently syncing to the mirrors: i386: cups-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm src: cups-1.1.22-0.rc1.9.20.2.el4_6.5.src.rpm signature.asc Description: OpenPGP digital signature ___ CentOS-announce mailing list CentOS-announce@centos.org http://lists.centos.org/mailman/listinfo/centos-announce
RE: [CentOS-virt] Fwd: Fast clock under VMWare
chanms wrote: Hi everyone, I have been struggling with having the clock of Linux VM's (including CentOS 4.6 and 5.1) running very fast under VMWare, no matter what I have tried. My platform: - AMD Turion X2 TL-60 - AMD 690 chipset with integrated Radeon x1250 (probably doesn't concern in this case) - Windows Vista Ultimate x64, all Windows Update patches loaded (no SP1 yet) - 4GB RAM - VMWare Workstation 6.0.2 - BIOS has no options to disable power management, etc. On my host PC - C:\ProgramData\VMware\VMware Workstation\Config.ini, put in host.cpukHz = 200, host.noTSC = TRUE, ptsc.noTSC = TRUE - AMD's dual core optimizer loaded On CentOS 5.1 VM - use kernel options noapic nolapic nosmp clocksource=acpi_pm - use divider=10 option in the regular kernel - try the vm version of the kernel in centos-plus with the same kernel options in first line No matter what I try, the CentOS clocks are still fast - at a rate of almost 2 seconds for every 1 real second. What other things I can do in order to fix this? Did you try the 100Hz kernels in testing? -Ross __ This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof. ___ CentOS-virt mailing list CentOS-virt@centos.org http://lists.centos.org/mailman/listinfo/centos-virt
[CentOS-es] RE: Problema con Squid
Muchas gracias Michel, con find . -exec rm {} \; los pude borrar. Aun así sigo teniendo problemas, en el access.log encontré lo siguiente 2008-02-26 08:00:00 [4129] recalculating alarm in 30 seconds 2008-02-26 08:00:00 [4130] recalculating alarm in 30 seconds 2008-02-26 08:00:00 [4131] recalculating alarm in 30 seconds 2008-02-26 08:00:00 [4132] recalculating alarm in 30 seconds 2008-02-26 08:00:00 [4133] recalculating alarm in 30 seconds 2008-02-26 08:00:30 [4129] recalculating alarm in 30 seconds 2008-02-26 08:00:30 [4130] recalculating alarm in 30 seconds 2008-02-26 08:00:30 [4131] recalculating alarm in 30 seconds 2008-02-26 08:00:30 [4132] recalculating alarm in 30 seconds 2008-02-26 08:00:30 [4133] recalculating alarm in 30 seconds 2008-02-26 08:01:00 [4129] recalculating alarm in 30540 seconds 2008-02-26 08:01:00 [4130] recalculating alarm in 30540 seconds 2008-02-26 08:01:00 [4131] recalculating alarm in 30540 seconds 2008-02-26 08:01:00 [4132] recalculating alarm in 30540 seconds 2008-02-26 08:01:00 [4133] recalculating alarm in 30540 seconds 2008-02-26 08:05:33 [4129] squidGuard stopped (1204023933.343) 2008-02-26 08:05:33 [4131] squidGuard stopped (1204023933.343) 2008-02-26 08:05:33 [4130] squidGuard stopped (1204023933.343) 2008-02-26 08:05:33 [4133] squidGuard stopped (1204023933.343) 2008-02-26 08:05:33 [4132] squidGuard stopped (1204023933.345) 2008/02/26 08:05:36| Starting Squid Cache version 2.5.STABLE3 for i386-redhat-linux-gnu... 2008-02-26 08:05:36 [4669] (squidguard): can't write to logfile /var/log/squidguard/squidGuard.log 2008-02-26 08:05:36 [4669] init domainlist /etc/squid/filtros/denegados/porn/domains 2008-02-26 08:05:36 [4670] (squidguard): can't write to logfile /var/log/squidguard/squidGuard.log 2008-02-26 08:05:36 [4670] init domainlist /etc/squid/filtros/denegados/porn/domains 2008-02-26 08:05:36 [4671] (squidguard): can't write to logfile /var/log/squidguard/squidGuard.log 2008-02-26 08:05:36 [4671] init domainlist /etc/squid/filtros/denegados/porn/domains 2008-02-26 08:05:36 [4672] (squidguard): can't write to logfile /var/log/squidguard/squidGuard.log 2008-02-26 08:05:36 [4672] init domainlist /etc/squid/filtros/denegados/porn/domains 2008-02-26 08:05:36 [4673] (squidguard): can't write to logfile /var/log/squidguard/squidGuard.log 2008-02-26 08:05:36 [4673] init domainlist /etc/squid/filtros/denegados/porn/domains 2008-02-26 08:05:41 [4673] init urllist /etc/squid/filtros/denegados/porn/urls 2008-02-26 08:05:41 [4672] init urllist /etc/squid/filtros/denegados/porn/urls 2008-02-26 08:05:41 [4669] init urllist /etc/squid/filtros/denegados/porn/urls 2008-02-26 08:05:42 [4673] init expressionlist /etc/squid/filtros/denegados/porn/expressions 2008-02-26 08:05:42 [4673] init domainlist /etc/squid/filtros/denegados/hacking/domains 2008-02-26 08:05:42 [4673] init urllist /etc/squid/filtros/denegados/hacking/urls 2008-02-26 08:05:42 [4673] init domainlist /etc/squid/filtros/denegados/warez/domains 2008-02-26 08:05:42 [4673] init urllist /etc/squid/filtros/denegados/warez/urls 2008-02-26 08:05:42 [4673] init domainlist /etc/squid/filtros/denegados/music/domains 2008-02-26 08:05:42 [4671] init urllist /etc/squid/filtros/denegados/porn/urls 2008-02-26 08:05:42 [4672] init expressionlist /etc/squid/filtros/denegados/porn/expressions 2008-02-26 08:05:42 [4672] init domainlist /etc/squid/filtros/denegados/hacking/domains Y en squidguard.log 2008-02-26 09:52:44 [5233] init domainlist /etc/squid/filtros/denegados/porn/domains 2008-02-26 09:52:44 [5234] init domainlist /etc/squid/filtros/denegados/porn/domains 2008-02-26 09:52:44 [5235] init domainlist /etc/squid/filtros/denegados/porn/domains 2008-02-26 09:52:44 [5236] init domainlist /etc/squid/filtros/denegados/porn/domains 2008-02-26 09:52:44 [5237] init domainlist /etc/squid/filtros/denegados/porn/domains 2008-02-26 09:52:49 [5233] init urllist /etc/squid/filtros/denegados/porn/urls 2008-02-26 09:52:49 [5237] init urllist /etc/squid/filtros/denegados/porn/urls 2008-02-26 09:52:49 [5236] init urllist /etc/squid/filtros/denegados/porn/urls 2008-02-26 09:52:49 [5234] init urllist /etc/squid/filtros/denegados/porn/urls 2008-02-26 09:52:49 [5233] init expressionlist /etc/squid/filtros/denegados/porn/expressions 2008-02-26 09:52:49 [5233] init domainlist /etc/squid/filtros/denegados/hacking/domains 2008-02-26 09:52:49 [5233] init urllist /etc/squid/filtros/denegados/hacking/urls 2008-02-26 09:52:49 [5233] init domainlist /etc/squid/filtros/denegados/warez/domains 2008-02-26 09:52:49 [5233] init urllist /etc/squid/filtros/denegados/warez/urls 2008-02-26 09:52:49 [5233] init domainlist /etc/squid/filtros/denegados/music/domains 2008-02-26 09:52:49 [5237] init expressionlist /etc/squid/filtros/denegados/porn/expressions 2008-02-26 09:52:49 [5237] init domainlist /etc/squid/filtros/denegados/hacking/domains 2008-02-26 09:52:49 [5237] init urllist /etc/squid/filtros/denegados/hacking/urls
Re: [CentOS-es] RE: Problema con Squid
El squidguard no puede escribir en el fichero log , quizas problemas de permiso o puede ser selinux. 2008-02-26 08:05:36 [4669] (squidguard): can't write to logfile /var/log/squidguard/squidGuard.log On Tuesday 26 February 2008 09:48, Hector Martínez Romo wrote: Muchas gracias Michel, con find . -exec rm {} \; los pude borrar. Aun así sigo teniendo problemas, en el access.log encontré lo siguiente 2008-02-26 08:00:00 [4129] recalculating alarm in 30 seconds 2008-02-26 08:00:00 [4130] recalculating alarm in 30 seconds 2008-02-26 08:00:00 [4131] recalculating alarm in 30 seconds 2008-02-26 08:00:00 [4132] recalculating alarm in 30 seconds 2008-02-26 08:00:00 [4133] recalculating alarm in 30 seconds 2008-02-26 08:00:30 [4129] recalculating alarm in 30 seconds 2008-02-26 08:00:30 [4130] recalculating alarm in 30 seconds 2008-02-26 08:00:30 [4131] recalculating alarm in 30 seconds 2008-02-26 08:00:30 [4132] recalculating alarm in 30 seconds 2008-02-26 08:00:30 [4133] recalculating alarm in 30 seconds 2008-02-26 08:01:00 [4129] recalculating alarm in 30540 seconds 2008-02-26 08:01:00 [4130] recalculating alarm in 30540 seconds 2008-02-26 08:01:00 [4131] recalculating alarm in 30540 seconds 2008-02-26 08:01:00 [4132] recalculating alarm in 30540 seconds 2008-02-26 08:01:00 [4133] recalculating alarm in 30540 seconds 2008-02-26 08:05:33 [4129] squidGuard stopped (1204023933.343) 2008-02-26 08:05:33 [4131] squidGuard stopped (1204023933.343) 2008-02-26 08:05:33 [4130] squidGuard stopped (1204023933.343) 2008-02-26 08:05:33 [4133] squidGuard stopped (1204023933.343) 2008-02-26 08:05:33 [4132] squidGuard stopped (1204023933.345) 2008/02/26 08:05:36| Starting Squid Cache version 2.5.STABLE3 for i386-redhat-linux-gnu... 2008-02-26 08:05:36 [4669] (squidguard): can't write to logfile /var/log/squidguard/squidGuard.log 2008-02-26 08:05:36 [4669] init domainlist /etc/squid/filtros/denegados/porn/domains 2008-02-26 08:05:36 [4670] (squidguard): can't write to logfile /var/log/squidguard/squidGuard.log 2008-02-26 08:05:36 [4670] init domainlist /etc/squid/filtros/denegados/porn/domains 2008-02-26 08:05:36 [4671] (squidguard): can't write to logfile /var/log/squidguard/squidGuard.log 2008-02-26 08:05:36 [4671] init domainlist /etc/squid/filtros/denegados/porn/domains 2008-02-26 08:05:36 [4672] (squidguard): can't write to logfile /var/log/squidguard/squidGuard.log 2008-02-26 08:05:36 [4672] init domainlist /etc/squid/filtros/denegados/porn/domains 2008-02-26 08:05:36 [4673] (squidguard): can't write to logfile /var/log/squidguard/squidGuard.log 2008-02-26 08:05:36 [4673] init domainlist /etc/squid/filtros/denegados/porn/domains 2008-02-26 08:05:41 [4673] init urllist /etc/squid/filtros/denegados/porn/urls 2008-02-26 08:05:41 [4672] init urllist /etc/squid/filtros/denegados/porn/urls 2008-02-26 08:05:41 [4669] init urllist /etc/squid/filtros/denegados/porn/urls 2008-02-26 08:05:42 [4673] init expressionlist /etc/squid/filtros/denegados/porn/expressions 2008-02-26 08:05:42 [4673] init domainlist /etc/squid/filtros/denegados/hacking/domains 2008-02-26 08:05:42 [4673] init urllist /etc/squid/filtros/denegados/hacking/urls 2008-02-26 08:05:42 [4673] init domainlist /etc/squid/filtros/denegados/warez/domains 2008-02-26 08:05:42 [4673] init urllist /etc/squid/filtros/denegados/warez/urls 2008-02-26 08:05:42 [4673] init domainlist /etc/squid/filtros/denegados/music/domains 2008-02-26 08:05:42 [4671] init urllist /etc/squid/filtros/denegados/porn/urls 2008-02-26 08:05:42 [4672] init expressionlist /etc/squid/filtros/denegados/porn/expressions 2008-02-26 08:05:42 [4672] init domainlist /etc/squid/filtros/denegados/hacking/domains Y en squidguard.log 2008-02-26 09:52:44 [5233] init domainlist /etc/squid/filtros/denegados/porn/domains 2008-02-26 09:52:44 [5234] init domainlist /etc/squid/filtros/denegados/porn/domains 2008-02-26 09:52:44 [5235] init domainlist /etc/squid/filtros/denegados/porn/domains 2008-02-26 09:52:44 [5236] init domainlist /etc/squid/filtros/denegados/porn/domains 2008-02-26 09:52:44 [5237] init domainlist /etc/squid/filtros/denegados/porn/domains 2008-02-26 09:52:49 [5233] init urllist /etc/squid/filtros/denegados/porn/urls 2008-02-26 09:52:49 [5237] init urllist /etc/squid/filtros/denegados/porn/urls 2008-02-26 09:52:49 [5236] init urllist /etc/squid/filtros/denegados/porn/urls 2008-02-26 09:52:49 [5234] init urllist /etc/squid/filtros/denegados/porn/urls 2008-02-26 09:52:49 [5233] init expressionlist /etc/squid/filtros/denegados/porn/expressions 2008-02-26 09:52:49 [5233] init domainlist /etc/squid/filtros/denegados/hacking/domains 2008-02-26 09:52:49 [5233] init urllist /etc/squid/filtros/denegados/hacking/urls 2008-02-26 09:52:49 [5233] init domainlist /etc/squid/filtros/denegados/warez/domains 2008-02-26 09:52:49 [5233] init urllist /etc/squid/filtros/denegados/warez/urls 2008-02-26 09:52:49 [5233] init domainlist
Re: [CentOS-es] RE: Problema con Squid
--- Michel Bulgado [EMAIL PROTECTED] wrote: El squidguard no puede escribir en el fichero log , quizas problemas de permiso o puede ser selinux. 2008-02-26 08:05:36 [4669] (squidguard): can't write to logfile /var/log/squidguard/squidGuard.log sin embargo, ya hector dice que se puede escribir en ese fichero claro, existe una diferencia de casi 2 horas entre la hora de las entradas en ambos ficheros lo cual me induce a pensar que no se corresponden entre si, es decir, que una vez a las de la mañana el squidguard no podia escribir en sus logs pero que a las 10 ya podia escribir en ellos no obstante, me resulta muy extraño que en el fichero access.log aparezcan esos logs, me inclinaria a verlos en cache.log, pero no en acccess.log en fin, yo miraria en cache.log quien y porque se están creando esos ficheros en /var/tmp cu roger __ RedHat Certified ( RHCE ) Cisco Certified ( CCNA CCDA ) Be smarter than spam. See how smart SpamGuard is at giving junk email the boot with the All-new Yahoo! Mail. Click on Options in Mail and switch to New Mail today or register for free at http://mail.yahoo.ca ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] RAID 5 en CentOS 5
Hardy Beltran Monasterios escribió: El vie, 22-02-2008 a las 00:29 -0200, O. T. Suarez escribió: Hola: Por software lo puedes hacer y claro, necesitas que te reconozca todos los discos, en el modo de instalación gráfico es sencillo construir el RAID. Aunque si tu hardware es decente y hace RAID 5, yo me iría por ese caminio. Por lo que he leido ultimamente, a menos que tengas una buena controladora para armar el RAID (de las que cuestan mas de U$50 o vienen integradas en los boards de precio similar), que directamente lo hagas por software. El rendimiento hoy en dia no marca una diferencia entre el raid por software y el de las controladoras que se han puesto de moda hoy en dia (me recuerdan mucho los winmodems). Pienso igual que tu. Si son de esas controladoras baratas o de las que vienen integradas en las placas madre, seguro que no hay mayor diferencia. Al decir decente, Yo había pensado en controlladores de 200$us o mas :-) Saludos ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es Buen día, les comento, la tarjeta controladora no me dejo hacer nada por hardware, así que leí un poco y lo hice por software (2 veces) :( creo que la primera vez no entendí muy bien y me quedo un poco raro, pero bueno, la segunda vez ya lo cree como lo quería, pero ahora mi duda es porque el espacio me quedo muy cercano a la mitad del real, y otra vez que utilice el raid 5 por Hardware me quedo por el 70% del espacio real, yo supongo que al ser por software quita mas espacio real, otra duda que tengo es como probar el RAID hay alguna herramienta que me haga un test???, ahora vi en la administración de volúmenes lógicos y me aparecen los discos separados y me los muestra no inicializados, yo creo que es porque esa herramienta es solo para LVM's y al ser un arreglo diferente los marca asi, pero tengo la duda. Saludos y muchas gracias. -- Atte. Mauricio César Ramírez Torres. Soporte Frigus Bohn Querétaro. Tel. 296 4566. ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS] centos 5.1 install , 3ware raid card...
Tom Bishop wrote: Installing a new system using a 3ware card, raid 5 across 4 disks, partition, format went smothly and loaded the apps that I need, but for some reason it appears grub was not installed, or not completely. I am wanting to boot from the array, when installing grub on the loader it asks whether to install MBR on the first partition. Should I use the partition instead of the MBR? When I boot up in rescue mode and go to /boot/grub all I see is splashno other files. Any suggestions would be welcome...thanks. I will guess you've splurged on four 750GB drives...? Check on your partitioning, possibly using a tool like gparted. Very large partitions are not supported by MSDOS-style partition tables, you possibly want to look into a different partition formatting utility...gpt. http://lists.centos.org/pipermail/centos/2007-February/074986.html Jed ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] HD Failures
Jimmy Bradley wrote: I'm just curious if any one else has noticed this. I've bought hard drives from both Walmart and Best Buy. If I can wait, I order them from newegg.com. I'm beginning to think that the staff at both Walmart and Best Buy, somewhere along the supply line must dribble the drives like basket balls. The reason I say that is all the drives I have bought from those two places fail within a few months time. Has anyone else noticed that? Just curious You might want to consider them as possibly recycled drives. If you don't have a copy of SpinRite you can force the drive to check all the sectors with fdisk ... fdisk -f -y -c -c or if you are formatting, mkfs.ext3 -c -c will also do this check. This will byte-swap check and should force updates of SMART statistics and bad-sector detection on the drive. Jed ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ext3 errors
On Mon, 2008-02-25 at 18:11 -0600, Les Mikesell wrote: William L. Maltby wrote: snip If you use cpio, it can handle the hard links intelligently, IIRC. That may make this more feasible. Plus you can specify such things as depth to the find command feeding cpio so that even directories end up with good dates. Handling them intelligently and in a reasonable amount of time are 2 different things. The last time I tried to copy a backuppc archive much smaller than this I gave up after 3 days - and I've tried most of the possible file-oriented ways to do it, including cpio. Do you remember if you used the --link or -l parameter? That's the one that says hard link when possible rather than copying. That should prevent multiple copies of the same file when multiple hard links reference them. That should be faster than not doing so if there are lots of hard links. snip -- Bill ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] centos 5.1 install , 3ware raid card...
You can install grub loader on MBR which is safer and will mount the linux partitions whereever the OS is installed - Original Message - From: Jed Reynolds [EMAIL PROTECTED] To: CentOS mailing list centos@centos.org Sent: Tuesday, February 26, 2008 1:36 PM Subject: Re: [CentOS] centos 5.1 install , 3ware raid card... Tom Bishop wrote: Installing a new system using a 3ware card, raid 5 across 4 disks, partition, format went smothly and loaded the apps that I need, but for some reason it appears grub was not installed, or not completely. I am wanting to boot from the array, when installing grub on the loader it asks whether to install MBR on the first partition. Should I use the partition instead of the MBR? When I boot up in rescue mode and go to /boot/grub all I see is splashno other files. Any suggestions would be welcome...thanks. I will guess you've splurged on four 750GB drives...? Check on your partitioning, possibly using a tool like gparted. Very large partitions are not supported by MSDOS-style partition tables, you possibly want to look into a different partition formatting utility...gpt. http://lists.centos.org/pipermail/centos/2007-February/074986.html Jed ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS-announce Digest, Vol 36, Issue 13
Send CentOS-announce mailing list submissions to [EMAIL PROTECTED] To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] You can reach the person managing the list at [EMAIL PROTECTED] When replying, please edit your Subject line so it is more specific than Re: Contents of CentOS-announce digest... Today's Topics: 1. CESA-2008:0153 Important CentOS 3 i386 cups - security update (Tru Huynh) 2. CESA-2008:0153 Important CentOS 3 x86_64 cups - security update (Tru Huynh) -- Message: 1 Date: Mon, 25 Feb 2008 15:49:28 +0100 From: Tru Huynh [EMAIL PROTECTED] Subject: [CentOS-announce] CESA-2008:0153 Important CentOS 3 i386 cups - security update To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=us-ascii CentOS Errata and Security Advisory CESA-2008:0153 cups security update for CentOS 3 i386: https://rhn.redhat.com/errata/RHSA-2008-0153.html The following updated file has been uploaded and is currently syncing to the mirrors: i386: updates/i386/RPMS/cups-1.1.17-13.3.51.i386.rpm updates/i386/RPMS/cups-devel-1.1.17-13.3.51.i386.rpm updates/i386/RPMS/cups-libs-1.1.17-13.3.51.i386.rpm source: updates/SRPMS/cups-1.1.17-13.3.51.src.rpm You may update your CentOS-3 i386 installations by running the command: yum update cups\* Tru -- Tru Huynh (mirrors, CentOS-3 i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xBEFA581B -- next part -- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.centos.org/pipermail/centos-announce/attachments/20080225/431be91d/attachment-0001.bin -- Message: 2 Date: Mon, 25 Feb 2008 15:50:22 +0100 From: Tru Huynh [EMAIL PROTECTED] Subject: [CentOS-announce] CESA-2008:0153 Important CentOS 3 x86_64 cups - security update To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=us-ascii CentOS Errata and Security Advisory CESA-2008:0153 cups security update for CentOS 3 x86_64: https://rhn.redhat.com/errata/RHSA-2008-0153.html The following updated file has been uploaded and is currently syncing to the mirrors: x86_64: updates/x86_64/RPMS/cups-1.1.17-13.3.51.x86_64.rpm updates/x86_64/RPMS/cups-devel-1.1.17-13.3.51.x86_64.rpm updates/x86_64/RPMS/cups-libs-1.1.17-13.3.51.i386.rpm updates/x86_64/RPMS/cups-libs-1.1.17-13.3.51.x86_64.rpm source: updates/SRPMS/cups-1.1.17-13.3.51.src.rpm You may update your CentOS-3 x86_64 installations by running the command: yum update cups\* Tru -- Tru Huynh (mirrors, CentOS-3 i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xBEFA581B -- next part -- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.centos.org/pipermail/centos-announce/attachments/20080225/c28fe94b/attachment-0001.bin -- ___ CentOS-announce mailing list [EMAIL PROTECTED] http://lists.centos.org/mailman/listinfo/centos-announce End of CentOS-announce Digest, Vol 36, Issue 13 *** ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] sudo
Centos wrote: Hello unfortunately other users can change to my user name with sudo, how I can prevent it ? is there a command to prevent to change to only my user name ? DO NOT HIJACK THREADS ON A MAILING LIST. Post a fresh mail to centos@centos.org, don't just blindly reply to some mail and just change the subject. And yes, any user which is allowed to switch to root can also switch to any other user on the system. That's what root is allowed to do. See the manual page of /etc/sudoers on how to just enable specific commands (why do all of those users need to be root anyway?). Ralph pgpwzn5OL5THF.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SAMBA is driving me crazy
scaglietti amore wrote: that was it plus i had to set /selinux/enforce = 0im greatfull , thanks alot Craig Subject: RE: [CentOS] SAMBA is driving me crazy From: [EMAIL PROTECTED] To: centos@centos.org Date: Sun, 24 Feb 2008 15:09:24 -0700 dude, you need to give 'users' write access... chmod g+w /samba/Data -R Craig On Sun, 2008-02-24 at 19:27 +, scaglietti amore wrote: this is the output: drwxr-xr-x 2 wbc users 4096 Feb 22 23:39 /samba/Data __ Subject: RE: [CentOS] SAMBA is driving me crazy From: [EMAIL PROTECTED] To: centos@centos.org Date: Sat, 23 Feb 2008 15:54:50 -0700 On Sat, 2008-02-23 at 22:39 +, scaglietti amore wrote:i dont know how my e-mail was posted like that :) :)ok i tried to make it write list = @users i still get access denied or make sure that the disk is not full or write protectedthis is the conf:[global] workg roup = WORKGROUPserver string = storagenetbios name = sanshiro#interfaces = lo eth2#hosts allow = 127. 10.0.0. # logs split per machine# log file = /var/log/samba/%m.log# max 50KB per log file, then rotate# max log size = 50security = share# A publicly accessible directory, but read only, except for people in# the users group[Data]comment = data path = /samba/Data/public = yeswritable = yesread only = noprintable = nowrite list = @users what is output of ? ls -ld /samba/Data Craig How is *anyone* supposed to read that? Ralph pgp1vwdos2UpL.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Yum not updating kernel
Bob Taylor wrote: On Mon, 2008-02-25 at 23:44 -0500, Ross S. W. Walker wrote: Bob Taylor wrote: On Mon, 2008-02-25 at 12:10 -0800, Ray Van Dolson wrote: [snip] Well, exactarch=0 might work around this from a yum standpoint (as far as downloading the updates), but if RPM is complaining this is beyond the control of yum. As someone else mentioned, taking a look at your ~/.rpmmacros file would be interesting. It was empty. Also, could you post the output of: rpm -q --queryformat '%{NAME}-%{VERSION}-%{RELEASE}.%{ARCH}\n' kernel kernel-2.6.18-8.el5.i686 kernel-2.6.18-8.1.14.el5.i686 kernel-2.6.18-53.1.13.el5.i686 The last kernel was installed manually using --ignorearch. Bob, What's the output of, # rpm -q --queryformat '%{NAME}-%{VERSION}-%{RELEASE}.%{ARCH}\n' rpm rpm-4.4.2-47.el5.i386 The contents of, # cat /etc/rpm/platform i386-redhat-linux And the output of, # rpm --eval '%_arch' i386 Also, did you re-install rpm by forcing an upgrade in place of rpm with, I ran yum remove yum. I did not remove rpm nor did an rpm --force. what happens if you edit /etc/rpm/platform and change it too: i686-redhat-linux signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Lost my win dual boot
Stephen McManus [EMAIL PROTECTED] wrote: Finally got my install working, Centos didn't recognise my m/board NIC so I had to install another NIC. Now, I've lost the windows install. I need it for my Walkman and Palm. Never, ever got any distro to see the Tunsgsten E. I can see the Win in Grub but it says there's a file missing, insert system disk. Where have I seen that before? Anyway, how do I get into Grub and what do I need to add to make win bootable? Win is on sda2 amd Centos is on sda3 + 5. In the grub folder all it says in the system map is (hd0) /dev/sda. Nothing else. Ta. Steve. Working grub.conf for dual boot (CentOS 5 and Windows XP Home): # grub.conf generated by anaconda # # Note that you do not have to rerun grub after making changes to this file # NOTICE: You have a /boot partition. This means that # all kernel and initrd paths are relative to /boot/, eg. # root (hd0,2) # kernel /vmlinuz-version ro root=/dev/hda6 # initrd /initrd-version.img #boot=/dev/hda default=0 timeout=5 splashimage=(hd0,2)/grub/splash.xpm.gz hiddenmenu title CentOS (2.6.18-53.1.13.el5) root (hd0,2) kernel /vmlinuz-2.6.18-53.1.13.el5 ro root=LABEL=/ rhgb initrd /initrd-2.6.18-53.1.13.el5.img title CentOS (2.6.18-53.1.6.el5) root (hd0,2) kernel /vmlinuz-2.6.18-53.1.6.el5 ro root=LABEL=/ rhgb initrd /initrd-2.6.18-53.1.6.el5.img title Windoze rootnoverify (hd0,0) chainloader +1 with the following partition table (both Windoze and Linux on the same disk): [EMAIL PROTECTED] ~]# sudo fdisk -l /dev/hda Disk /dev/hda: 100.0 GB, 100030242816 bytes 255 heads, 63 sectors/track, 12161 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Device Boot Start End Blocks Id System /dev/hda1 * 11275102414067 HPFS/NTFS /dev/hda212761530 2048287+ c W95 FAT32 (LBA) /dev/hda315311563 265072+ 83 Linux /dev/hda41564 12161851284355 Extended /dev/hda515641824 2096451 82 Linux swap / Solaris /dev/hda61825443520972826 83 Linux /dev/hda74436 1216162059063+ 83 Linux Cheers, Dave -- Politics, n. Strife of interests masquerading as a contest of principles. -- Ambrose Bierce ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Logwatch showing entries for non existent services
I had removed Exim and installed Postfix yet Logwatch still shows an empty Exim section? Why is that still in the output? Thanks! jlc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Lost my win dual boot
Stephen McManus wrote: Finally got my install working, Centos didn't recognise my m/board NIC so I had to install another NIC. Now, I've lost the windows install. I need it for my Walkman and Palm. Never, ever got any distro to see the Tunsgsten E. I can see the Win in Grub but it says there's a file missing, insert system disk. Where have I seen that before? Anyway, how do I get into Grub and what do I need to add to make win bootable? Win is on sda2 amd Centos is on sda3 + 5. In the grub folder all it says in the system map is (hd0) /dev/sda. Nothing else. Ta. Steve. You need an entry like this for windows: title Windows rootnoverify (hd0,1) chainloader +1 (This is assuming that GRUB is on MBR and windows is all located on /dev/sda2) signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] bash - safely pass untrusted strings?
In bash, given a string assignment as follows, how do I add slashes automagically, so that it can be safely passed to another program? Notice that the assignment contains spaces, single-quotes and double-quotes, maybe god-only-knows-what-else. It's untrusted data. Yet I need to pass it all *safely*. The appropriate function in PHP is addslashes(); but what is the bash equivalent? EG: #! /bin/sh A=This isn't a \parameter\; B=`/path/to/somecommand.sh $A`; exit 0; Thanks, -Ben -- Only those who reach toward a goal are likely to achieve it. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] bash - safely pass untrusted strings?
On Tue, Feb 26, 2008 at 10:11 AM, Benjamin Smith [EMAIL PROTECTED] wrote: In bash, given a string assignment as follows, how do I add slashes automagically, so that it can be safely passed to another program? Notice that the assignment contains spaces, single-quotes and double-quotes, maybe god-only-knows-what-else. It's untrusted data. Yet I need to pass it all *safely*. The appropriate function in PHP is addslashes(); but what is the bash equivalent? EG: short answer: single quotes will handle all characters, except single quotes. long answer: man bash the section called QUOTING may help you figure a solution. #! /bin/sh A=This isn't a \parameter\; B=`/path/to/somecommand.sh $A`; exit 0; Thanks, -Ben HTH, -Bob ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Huge mailq
On Monday 25 February 2008, Christopher Chan wrote: Hmm...it will still build. To really fix it, you need to do one more step: rpm -e --nodeps sendmail Now that is a permanent solution. Like a hand grenade is a solution. Not likely to help him much, tho. =/ Doesn't even begin to address his situation since sendmail wasn't the problem to begin with. Seems to me that it's a bad idea to use NFS as a mail store. For example, the RedHat documentation specifically recommends strongly *against* it. Very flatly: Never put the mail spool directory, /var/spool/mail/, on an NFS shared volume. http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/security-guide/s1-server-mail.html Also, NFS has various locking problems which prevent its use in a proper mail cluster. Read up on sendmail's mbox vs qmail's maildir for more details. Not suggesting that you switch to qmail, with it's recompile the whole [EMAIL PROTECTED] thing every time you change a config option mentality, but it's useful information nonetheless, especially when you get into having multiple mail receipt hosts. The additional complexity of NFS is what seems to have caused this gentleman's problem - not only did sendmail itself have to work properly, so did NFS, DNS, and the spam filter. How to avoid it? Either: 1) Reduce complexity. (get rid of the need for DNS, NFS, etc. or 2) Beef up the various pieces so they don't fail - make sure you are using high quality servers and equipment, or 3) Increase redundancy, so that no single point of failure exists. Why is he depending on a single DNS server? Why is he using NFS, with it's implicit single-point-of-failure rather than GlusterFS, which provides multiple-primary-host redundancy and automatic failover? http://www.gluster.org/ -Ben -- -- Only those who reach toward a goal are likely to achieve it. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] bash - safely pass untrusted strings?
On Tuesday 26 February 2008, Bob Beers wrote: short answer: single quotes will handle all characters, except single quotes. long answer: man bash the section called QUOTING may help you figure a solution. I've read the man page. It helps if I already know the input - I don't have a problem with manually putting slashes in front of spaces and single quotes. But in this case, I don't know the input. It's untrusted data. There is no mechanism for escaping untrusted input? -Ben -- -- Only those who reach toward a goal are likely to achieve it. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] bash - safely pass untrusted strings?
Benjamin Smith wrote: There is no mechanism for escaping untrusted input? Correct. At least there's no magic quoting function. Ralph pgp3MLwLhKMwH.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] bash - safely pass untrusted strings?
Benjamin Smith wrote: On Tuesday 26 February 2008, Bob Beers wrote: short answer: single quotes will handle all characters, except single quotes. long answer: man bash the section called QUOTING may help you figure a solution. I've read the man page. It helps if I already know the input - I don't have a problem with manually putting slashes in front of spaces and single quotes. But in this case, I don't know the input. It's untrusted data. There is no mechanism for escaping untrusted input? You could try uuencode/uudecode and handling the uuencoded strings. -Ross __ This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] bash - safely pass untrusted strings?
On Tuesday 26 February 2008, Ralph Angenendt wrote: There is no mechanism for escaping untrusted input? Correct. At least there's no magic quoting function. Ok. So I'm going to have to pull up my sleeves and do this with sed/awk pipes. Got it. I'll quit looking for a simply solution to this (I thought) simple problem. Now for a more philosophical question WHY THE @!#! NOT?!?!? Bash is used, extensively in many cases, to deal with untrusted data. This can include random file names in user home directories, parameters on various scripts, etc. It's highly sensitive to being passed characters that have, over the past NN years, resulted in quite a number of security holes and problems. Yet there exists NO MECHANISM for simply ensuring that a given argument is an escaped string? How many homebrew ISP or hosting administration scripts could be compromised by simply putting a file in your home directory called ;rm -rf / ? This doesn't strike you as fundamentally borkeD? Why would we accept a work environment that is effectively laden with randomly placed, loaded rat traps? Not trying to bash (ahem) bash needlessly, but this is a problem that so smacks of 1977... I guess I just hadn't noticed how bad this was, since I started using PHP as shell scripts years ago to run everything, despite the mild performance hit. escapeshallarg() and addslashes() combined with a few backticks provides easy access to the power of the shell, and excellent don't need to worry about it security. This just blows my mind -Ben -- Only those who reach toward a goal are likely to achieve it. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] Huge mailq
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of nate Sent: Monday, February 25, 2008 21:47 To: centos@centos.org Subject: Re: [CentOS] Huge mailq Jason Pyeron wrote: Where should we start on preventing this type of problem? [EMAIL PROTECTED] mqueue]# find | wc -l 185259 /etc/init.d/sendmail stop chkconfig --level 2345 sendmail off find /var/spool/mqueue -type f -exec rm -f {} \; Funny, But we tried an even esier rm -rf / reboot That'll empty out your queue and you won't have to worry about it building up again, pesky thing! :) nate ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Principal Consultant 10 West 24th Street #100- - +1 (443) 269-1555 x333Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, purge the message from your system and notify the sender immediately. Any other use of the email by you is prohibited. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] bash - safely pass untrusted strings?
Benjamin Smith wrote: On Tuesday 26 February 2008, Ralph Angenendt wrote: There is no mechanism for escaping untrusted input? Correct. At least there's no magic quoting function. WHY THE @!#! NOT?!?!? Bash is used, extensively in many cases, to deal with untrusted data. This can include random file names in user home directories, parameters on various scripts, etc. It's highly sensitive to being passed characters that have, over the past NN years, resulted in quite a number of security holes and problems. Perl is probably better for this. Yet there exists NO MECHANISM for simply ensuring that a given argument is an escaped string? How many homebrew ISP or hosting administration scripts could be compromised by simply putting a file in your home directory called ;rm -rf / ? why would you do that... it'd be much more interesting to do something like ;usermod -u 0 mylogin -- Milton Calnek BSc, A/Slt(Ret.) [EMAIL PROTECTED] 306-717-8737 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] bash - safely pass untrusted strings?
On Tue, Feb 26, 2008 at 08:25:54AM -0800, Benjamin Smith alleged: On Tuesday 26 February 2008, Ralph Angenendt wrote: There is no mechanism for escaping untrusted input? Correct. At least there's no magic quoting function. Ok. So I'm going to have to pull up my sleeves and do this with sed/awk pipes. Got it. I'll quit looking for a simply solution to this (I thought) simple problem. Now for a more philosophical question WHY THE @!#! NOT?!?!? Bash is used, extensively in many cases, to deal with untrusted data. This can include random file names in user home directories, parameters on various scripts, etc. It's highly sensitive to being passed characters that have, over the past NN years, resulted in quite a number of security holes and problems. Yet there exists NO MECHANISM for simply ensuring that a given argument is an escaped string? How many homebrew ISP or hosting administration scripts could be compromised by simply putting a file in your home directory called ;rm -rf / ? It's not as bad as you think because of the order of operations. In all cases, these perform exactly as a string should regardless of inner characters. $ f='echo a; echo b' $ $f a; echo b $ dq=echo a; echo b; echo \`\ '\ \ $ $dq a; echo b; echo `\ '\ $ echo $dq echo a; echo b; echo `\ '\ $ `$dq` -bash: a;: command not found $ `echo $dq` a; echo b; echo `\ '\ -- Garrick Staples, GNU/Linux HPCC SysAdmin University of Southern California Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html pgpiCQkmQtQ1O.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SAMBA is driving me crazy
On Feb 26, 2008, at 9:04 AM, Ralph Angenendt wrote: scaglietti amore wrote: that was it plus i had to set /selinux/enforce = 0im greatfull , thanks alot Craig Subject: RE: [CentOS] SAMBA is driving me crazy From: [EMAIL PROTECTED] To: centos@centos.org Date: Sun, 24 Feb 2008 15:09:24 -0700 dude, you need to give 'users' write access... chmod g+w /samba/Data -R Craig On Sun, 2008-02-24 at 19:27 +, scaglietti amore wrote: this is the output: drwxr-xr-x 2 wbc users 4096 Feb 22 23:39 / samba/Data __ Subject: RE: [CentOS] SAMBA is driving me crazy From: [EMAIL PROTECTED] To: centos@centos.org Date: Sat, 23 Feb 2008 15:54:50 -0700 On Sat, 2008-02-23 at 22:39 +, scaglietti amore wrote: i dont know how my e-mail was posted like that :) :) ok i tried to make it write list = @usersi still get access denied or make sure that the disk is not full orwrite protectedthis is the conf: [global]workg roup = WORKGROUPserver string = storagenetbios name = sanshiro#interfaces = lo eth2#hosts allow = 127. 10.0.0.# logs split per machine# log file = / var/log/samba/%m.log# max 50KB per log file, then rotate # max log size = 50security = share# A publicly accessible directory, but read only, except for people in# the users group[Data]comment = data path = /samba/Data/public = yeswritable = yesread only = noprintable = nowrite list = @users what is output of ? ls -ld / samba/Data Craig How is *anyone* supposed to read that? thank goodness for perl -e 'while ( ) { $_ =~ s/([\S]+)/$1\n/g; print $_; }' :) -steve -- If this were played upon a stage now, I could condemn it as an improbable fiction. - Fabian, Twelfth Night, III,v ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] bash - safely pass untrusted strings?
Benjamin Smith wrote: On Tuesday 26 February 2008, Ralph Angenendt wrote: There is no mechanism for escaping untrusted input? Correct. At least there's no magic quoting function. Ok. So I'm going to have to pull up my sleeves and do this with sed/awk pipes. Got it. I'll quit looking for a simply solution to this (I thought) simple problem. Now for a more philosophical question WHY THE @!#! NOT?!?!? The shell is 'supposed' to be run by a user that is allowed to run any command he wants, and permission/trust issues are handled by the login/authentication process that happens before you get to the shell. If you give the shell a bad command under your own account, it's not supposed to second guess what you wanted. Bash is used, extensively in many cases, to deal with untrusted data. Why? This can include random file names in user home directories, parameters on various scripts, etc. It's highly sensitive to being passed characters that have, over the past NN years, resulted in quite a number of security holes and problems. If it hurts, don't do it. Build your own argument list and exec programs directly if you want to avoid shell command line parsing. Yet there exists NO MECHANISM for simply ensuring that a given argument is an escaped string? What does that mean? If you can define it you can make it happen, but who knows what characters at what depth of quoting will have some special meaning? How many homebrew ISP or hosting administration scripts could be compromised by simply putting a file in your home directory called ;rm -rf / ? Probably none that are still in business. This doesn't strike you as fundamentally borkeD? No, if you stop bad things from happening, you'll also stop good things. Why would we accept a work environment that is effectively laden with randomly placed, loaded rat traps? Not trying to bash (ahem) bash needlessly, but this is a problem that so smacks of 1977... The problem is that you aren't using the shell as intended. If you run it under your own user id, it does exactly what you tell it to do and there is no element of trust involved. I guess I just hadn't noticed how bad this was, since I started using PHP as shell scripts years ago to run everything, despite the mild performance hit. escapeshallarg() and addslashes() combined with a few backticks provides easy access to the power of the shell, and excellent don't need to worry about it security. Errr what??? Php has about the worst security history of any program around. This just blows my mind What would you like your computer to prevent you from doing to yourself? -- Les Mikesell [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] Logwatch showing entries for non existent services
Probably because the package removal does not remove log files. Try manually deleting the logs. I missed that obvious point, heh. grin Thanks, jlc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Mono installation
Hello everybody I´m trying to install mono and when i try to install the package libgdiplus throw the following error dependencies with libexif.so.9 and libungif.so.4. Im using local packages, i downloaded it from the redhat mono repository, I try with the bin installer in others distro mono repo and It throw the deps error with packages libgailutil.so.17 and libglitz.so.1 Finally I try with the centos extra respository and when i try to install libgdiplus it throw a dependecy error with lifgif.so.4 plaese can any body help me note: i need to install it from local rpms, not online regards Roilan __ ¿Con Mascota por primera vez? Sé un mejor Amigo. Entra en Yahoo! Respuestas http://es.answers.yahoo.com/info/welcome___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Mono installation
On Tue, Feb 26, 2008 at 9:29 AM, Roilan Cardoso Sánchez [EMAIL PROTECTED] wrote: Hello everybody I´m trying to install mono and when i try to install the package libgdiplus throw the following error dependencies with libexif.so.9 and libungif.so.4. Im using local packages, i downloaded it from the redhat mono repository, I try with the bin installer in others distro mono repo and It throw the deps error with packages libgailutil.so.17 and libglitz.so.1 Finally I try with the centos extra respository and when i try to install libgdiplus it throw a dependecy error with lifgif.so.4 plaese can any body help me note: i need to install it from local rpms, not online regards Roilan If you cannot install using yum from the CentOS repository, then go to: http://mirror.centos.org/centos/5/extras/ All mono-related rpms are in there. Akemi ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Yum not updating kernel
On Mon, 2008-02-25 at 22:46 -0800, John R Pierce wrote: Bob Taylor wrote: On Tue, 2008-02-26 at 00:19 -0500, Ross S. W. Walker wrote: Bob Taylor wrote: [snip] uname -imp: i686 i686 i386 Don't know why the kernel says it's an i386. Kernel bug? Gateway purchase? i386 is the architecture, in there you have processor flavors which can be i386 (generic), i486, i586 and i686 tuned. C5 only carries the generic i386 (default compile options) and the i686 tuned binaries, i586 tuned binaries are no longer being supported after C4. What does this say my cpu is: vendor_id : GenuineIntel cpu family : 6 model : 5 model name : Pentium II (Deschutes) [snip] The uname output is valid for your install, the question now is why rpm refuses to install valid architecture binaries on your system. So, my cpu is not an i686? a P-II should be. i686 is everything from the Pentium Pro onwards, including P-II, P-III, P4, core, and the various clones. it does NOT include the original Pentiums (p5 and p54) or 'pentium w/ MMX', those are i586. What is model : 5 above compared to p5? -- Bob Taylor ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: [CentOS-announce] CESA-2008:0161 Important CentOS 5 i386 cups - security update
On Tue, 2008-02-26 at 08:54 -0600, Johnny Hughes wrote: CentOS Errata and Security Advisory 2009:0161 https://rhn.redhat.com/errata/RHSA-2008-0161.html The following updated files have been uploaded and are currently syncing to the mirrors: i386: cups-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm cups-devel-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm cups-libs-1.1.22-0.rc1.9.20.2.el4_6.5.i386.rpm Uh-oh! Looks like I messed up somewhere. $ yum list cups\* snippity Installed Packages cups.i3861:1.2.4-11.14.el5_1.4 installed cups-libs.i386 1:1.2.4-11.14.el5_1.4 installed Available Packages cups-devel.i386 1:1.2.4-11.14.el5_1.4 updates cups-lpd.i3861:1.2.4-11.14.el5_1.4 updates $ rpm -q cups cups-1.2.4-11.14.el5_1.4 Fully up-to-date CentOS5. AFAIR, I used what CentOS5 delivers. Oh wait! I just noticed the repo tag - el4! *whew* Subject line got me. snip TIA -- Bill ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Mono installation
Roilan Cardoso Sánchez wrote: Hello everybody I´m trying to install mono and when i try to install the package libgdiplus throw the following error dependencies with libexif.so.9 and libungif.so.4. Im using local packages, i downloaded it from the redhat mono repository, I try with the bin installer in others distro mono repo and It throw the deps error with packages libgailutil.so.17 and libglitz.so.1 Finally I try with the centos extra respository and when i try to install libgdiplus it throw a dependecy error with lifgif.so.4 plaese can any body help me note: i need to install it from local rpms, not online regards Roilan giflib-4.1.3-7.1.el5.1 ... that provides libgif.so.4 ... maybe a typo on your part? Here is what you can do to figure out what you need to install for a package: yum --deplist libgdiplus | grep provider | sort | uniq That should give you a fairly good list of packages you would need ... if you get multiple arches (as an example i386 and i686 for the same package), you only need the best match (i686 and not i386). Also ... if more than one package is listed, you only need the newest one .. here the result of the above command: [EMAIL PROTECTED] ~]# yum deplist libgdiplus | grep provider | sort | uniq provider: fontconfig.i386 2.4.1-6.el5 provider: fontconfig.i386 2.4.1-7.el5 provider: freetype.i386 2.2.1-19.el5 provider: giflib.i386 4.1.3-7.1.el5.1 provider: glib2.i386 2.12.3-2.fc6 provider: glibc.i386 2.5-18 provider: glibc.i386 2.5-18.el5_1.1 provider: glibc.i686 2.5-18 provider: glibc.i686 2.5-18.el5_1.1 provider: libgdiplus.i386 1.1.17-1.el5.kb provider: libICE.i386 1.0.1-2.1 provider: libjpeg.i386 6b-37 provider: libpng.i386 2:1.2.10-7.0.2 provider: libpng.i386 2:1.2.10-7.1.el5_0.1 provider: libSM.i386 1.0.1-3.1 provider: libtiff.i386 3.8.2-7.el5 provider: libX11.i386 1.0.3-8.0.1.el5 provider: libXrender.i386 0.9.1-3.1 (you only need the newest fontconfig, libpng and the newest glibc.i686) signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Mono installation
I do it, but when i try to install gdiplus it thow and depes error with libgif.so.4 and i cant find it in centos extras - Mensaje original De: Akemi Yagi [EMAIL PROTECTED] Para: CentOS mailing list centos@centos.org Enviado: martes, 26 de febrero, 2008 13:19:18 Asunto: Re: [CentOS] Mono installation On Tue, Feb 26, 2008 at 9:29 AM, Roilan Cardoso Sánchez [EMAIL PROTECTED] wrote: Hello everybody I´m trying to install mono and when i try to install the package libgdiplus throw the following error dependencies with libexif.so.9 and libungif.so.4. Im using local packages, i downloaded it from the redhat mono repository, I try with the bin installer in others distro mono repo and It throw the deps error with packages libgailutil.so.17 and libglitz.so.1 Finally I try with the centos extra respository and when i try to install libgdiplus it throw a dependecy error with lifgif.so.4 plaese can any body help me note: i need to install it from local rpms, not online regards Roilan If you cannot install using yum from the CentOS repository, then go to: http://mirror.centos.org/centos/5/extras/ All mono-related rpms are in there. Akemi ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos __ ¿Con Mascota por primera vez? Sé un mejor Amigo. Entra en Yahoo! Respuestas http://es.answers.yahoo.com/info/welcome___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: auto seek a server
On Mon, 2008-02-25 at 13:45 -0500, Jerry Geis wrote: I am trying this command and I am getting an error of INvalid service. avahi-publish-service MyServer _tcp 80 myentry at 192.168.1.8 What is wrong with _tcp? I also tried tcp. http://0pointer.de/lennart/projects/mod_dnssd/ -- Ignacio Vazquez-Abrams [EMAIL PROTECTED] PLEASE don't CC me; I'm already subscribed signature.asc Description: This is a digitally signed message part ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] bash - safely pass untrusted strings?
Garrick Staples wrote: How many homebrew ISP or hosting administration scripts could be compromised by simply putting a file in your home directory called ;rm -rf / ? It's not as bad as you think because of the order of operations. In all cases, these perform exactly as a string should regardless of inner characters. He's probably thinking of a scripted operation that does a find . -print |xargs some_command (without print0) or a backtick or $(..) generated expansion. A lot of the usefulness of the shell happens because you can generate and reparse text programatically and have it become commands - and a side effect is that metacharacters that appear in the text get processed even if they aren't what you expected. I think it is kind of silly that common shell metacharacters are permitted in filenames, but there's not much you can do about it now. -- Les Mikesell [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: [CentOS-announce] CESA-2008:0161 Important CentOS 5 i386 cups - security update
On Tue, Feb 26, 2008 at 10:35 AM, William L. Maltby [EMAIL PROTECTED] wrote: On Tue, 2008-02-26 at 08:54 -0600, Johnny Hughes wrote: CentOS Errata and Security Advisory 2009:0161 Oh wait! I just noticed the repo tag - el4! *whew* Subject line got me. You know, the whole CentOS project builds on Johnny's typos. :-D ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] Yum not updating kernel
Bob Taylor wrote: On Mon, 2008-02-25 at 22:46 -0800, John R Pierce wrote: Bob Taylor wrote: On Tue, 2008-02-26 at 00:19 -0500, Ross S. W. Walker wrote: Bob Taylor wrote: [snip] uname -imp: i686 i686 i386 Don't know why the kernel says it's an i386. Kernel bug? Gateway purchase? i386 is the architecture, in there you have processor flavors which can be i386 (generic), i486, i586 and i686 tuned. C5 only carries the generic i386 (default compile options) and the i686 tuned binaries, i586 tuned binaries are no longer being supported after C4. What does this say my cpu is: vendor_id : GenuineIntel cpu family : 6 model : 5 model name : Pentium II (Deschutes) [snip] The uname output is valid for your install, the question now is why rpm refuses to install valid architecture binaries on your system. So, my cpu is not an i686? a P-II should be. i686 is everything from the Pentium Pro onwards, including P-II, P-III, P4, core, and the various clones. it does NOT include the original Pentiums (p5 and p54) or 'pentium w/ MMX', those are i586. What is model : 5 above compared to p5? The model refers to Pentium II, the family '6' refers to i686, the stepping is the sub-version of Pentium II which for yours has the nick name Deschutes. Here is the cpu info of a more recent quad core Intel. processor : 0 vendor_id : GenuineIntel cpu family : 6 model : 15 model name : Intel(R) Xeon(R) CPU X3220 @ 2.40GHz stepping: 7 This model is 10 cpu designs ahead, but still part of the i686 family, of course these 10 designs do not show the separate Pentium/Xeon/Pro tree lineages. I think they gave up giving the steppings nick names a long long time ago. -Ross __ This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] SAMBA is driving me crazy
sorry man :( but when i pasted those lines to the mail page they were organized i dont know how they end up like that :)regards Date: Tue, 26 Feb 2008 15:04:32 +0100 From: [EMAIL PROTECTED] To: centos@centos.org Subject: Re: [CentOS] SAMBA is driving me crazy scaglietti amore wrote: that was it plus i had to set /selinux/enforce = 0im greatfull , thanks alot Craig Subject: RE: [CentOS] SAMBA is driving me crazy From: [EMAIL PROTECTED] To: centos@centos.org Date: Sun, 24 Feb 2008 15:09:24 -0700 dude, you need to give 'users' write access... chmod g+w /samba/Data -R Craig On Sun, 2008-02-24 at 19:27 +, scaglietti amore wrote: this is the output: drwxr-xr-x 2 wbc users 4096 Feb 22 23:39 /samba/Data __ Subject: RE: [CentOS] SAMBA is driving me crazy From: [EMAIL PROTECTED] To: centos@centos.org Date: Sat, 23 Feb 2008 15:54:50 -0700 On Sat, 2008-02-23 at 22:39 +, scaglietti amore wrote: i dont know how my e-mail was posted like that :) :)ok i tried to make it write list = @usersi still get access denied or make sure that the disk is not full orwrite protectedthis is the conf:[global]workg roup = WORKGROUPserver string = storagenetbios name = sanshiro#interfaces = lo eth2 #hosts allow = 127. 10.0.0.# logs split per machine# log file = /var/log/samba/%m.log# max 50KB per log file, then rotate# max log size = 50security = share# A publicly accessible directory, but read only, except for people in# the users group [Data]comment = datapath = /samba/Data/public = yes writable = yesread only = noprintable = nowrite list = @users what is output of ? ls -ld /samba/Data Craig How is *anyone* supposed to read that? Ralph _ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] /etc/sysconfig/iptables on a stock CentOS 5 install
Greetings: i have a pretty stock CentOS 5 machine with ports 80 and 22 exposed, so my /etc/sysconfig/iptables file is pretty standard/straightforward. my question is: how is this config file initially generated? i'd like to re-create it, and add a couple of rules so i don't want to lose what's in there already. i see that my /etc/sysconfig/system-config-securitylevel has three entries, which explains how the port 80 and 22 rules get into the config: --enabled --port=22:tcp --port=80:tcp ... and i see the basic /etc/sysconfig/iptables-config file, but i'm unclear as to how the rest of the stuff gets in there: e.g.: # Firewall configuration written by system-config-securitylevel # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT -A RH-Firewall-1-INPUT -p 50 -j ACCEPT -A RH-Firewall-1-INPUT -p 51 -j ACCEPT -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 - j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 - j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Yum not updating kernel
On Tue, 2008-02-26 at 08:14 -0600, Johnny Hughes wrote: [snip] what happens if you edit /etc/rpm/platform and change it too: i686-redhat-linux Nothing. I downloaded the current rpm file this morning and ran rpm -Uvh --force /home/brtaylor/rpm-4.4.2-47.el5.i386.rpm. Rpm seems to behave oddly. I had downloaded the current kernel rpm and installed it with the command rpm -ivh --ignorearch [file] successfully. I can not remove it with the command rpm -e kernel-2.6.18-53.1.13 but can if I add .el5 to the end it does. Before I deleted it I ran the command rpm -ql kernel and all three kernels rpm files were listed including the kernel rpm which rpm -e said wasn't installed. This doesn't make sense to me. I have done the following: rpm -Uvh --force /home/brtaylor/rpm-4.4.2-47.el5.i386.rpm edit /etc/rpm/platform to i686-redhat-linux rpm -e kernel-2.6.18-53.1.13.el5 yum clean all yum upgrade kernel returned Installed: kernel.i686 0:2.6.18-53.1.13.el5 Complete! It looks like the problem may be in rpm after 4.4.2-37. Before I go to the rpm people, I need to confer with Ray Van Dolson who says his is the same as mine and he has no problem updating kernels. After Ray and I resolve this issue, I will send a last email to the list hopefully ending this subject with the resolution to this problem. -- Bob Taylor ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] bash - safely pass untrusted strings?
On Tue, Feb 26, 2008 at 12:45:41PM -0600, Les Mikesell alleged: Garrick Staples wrote: How many homebrew ISP or hosting administration scripts could be compromised by simply putting a file in your home directory called ;rm -rf / ? It's not as bad as you think because of the order of operations. In all cases, these perform exactly as a string should regardless of inner characters. He's probably thinking of a scripted operation that does a find . -print |xargs some_command (without print0) or a backtick or $(..) generated expansion. A lot of Yes, so was I. That's why I had some examples of string with quotes being evaluated by the shell. the usefulness of the shell happens because you can generate and reparse text programatically and have it become commands - and a side effect is that metacharacters that appear in the text get processed even if they aren't what you expected. I think it is kind of silly that common shell metacharacters are permitted in filenames, but there's not much you can do about it now. My point is that the problem isn't actually all that bad. Just like all languages, you have to know what you are doing. -- Garrick Staples, GNU/Linux HPCC SysAdmin University of Southern California Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html pgpfVtxAx1Qj5.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Yum not updating kernel
On Tue, Feb 26, 2008 at 11:19:36AM -0800, Bob Taylor alleged: I can not remove it with the command rpm -e kernel-2.6.18-53.1.13 but can if I add .el5 to the end it does. Before I deleted it I ran the That's correct. 53.1.13 is the not same as 53.1.13.el5. The version is 2.6.18 and the release is 53.1.13.el5. You can specify the version or version-release, but not different substrings. -- Garrick Staples, GNU/Linux HPCC SysAdmin University of Southern California Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html pgpGalSIbJl4z.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] bash - safely pass untrusted strings?
On Tuesday 26 February 2008, Les Mikesell wrote: WHY THE @!#! NOT?!?!? The shell is 'supposed' to be run by a user that is allowed to run any command he wants, and permission/trust issues are handled by the login/authentication process that happens before you get to the shell. If you give the shell a bad command under your own account, it's not supposed to second guess what you wanted. I'm not asking for this. I'm only asking for the option to be able to trust that a parameter is... a parameter. EG: file: script1.sh #! /bin/bash script2.sh $1 exit 0; file: script2.sh #! /bin/bash echo $1; $ script1.sh this\ parameter; I get output of this! script2 gets two parameters! I want a way for 1 parameter to STAY 1 parameter upon request, so that script2.sh would output this parameter, like file:script1.sh #! /bin/bash PassToShell2=escapethis $1; script2.sh $PassToShell; exit 0; Bash is used, extensively in many cases, to deal with untrusted data. Why? How about an installer script? How about a magical script copied from TLDP to rename all files in pwd? This can include random file names in user home directories, parameters on various scripts, etc. It's highly sensitive to being passed characters that have, over the past NN years, resulted in quite a number of security holes and problems. If it hurts, don't do it. Build your own argument list and exec programs directly if you want to avoid shell command line parsing. So, I'm supposed to know the contents of a user's home directory? And code for these in advance? Yet there exists NO MECHANISM for simply ensuring that a given argument is an escaped string? What does that mean? If you can define it you can make it happen, but who knows what characters at what depth of quoting will have some special meaning? Can I define it? Thought I did that already: http://us.php.net/manual/en/function.escapeshellarg.php Or its perl equivalent: http://search.cpan.org/~gaas/URI-1.35/URI/Escape.pm See how I'd like to see it in implementation in above example, passToShell2 How many homebrew ISP or hosting administration scripts could be compromised by simply putting a file in your home directory called ;rm -rf / ? Probably none that are still in business. Google bash howto for lots of vulnerable and problematic examples. Here's a beaut that fails if you have a file called -a in the pwd, see File re-namer. It's a renamer that doesn't, if the file contains any spaces, dashes, etc. http://tldp.org/HOWTO/Bash-Prog-Intro-HOWTO-12.html#ss12.1 Here's what I get: mv: invalid option -- a Try `mv --help' for more information. Or with a file with a space: echo blah d; echo blah d foo; The TLDP's example doesn't move file d foo. I get: mv: cannot stat `d': No such file or directory mv: cannot stat `foo': No such file or directory So I ask again: This doesn't strike you as fundamentally borkeD? The emperor wears no clothes! This doesn't strike you as fundamentally borkeD? No, if you stop bad things from happening, you'll also stop good things. Yes. But you don't have to stop the good things. I think the *OPTION* of saying parameter 1 is STILL parameter 1 is a good thing. If you want to leave things be, so be it. See my above example. Why would we accept a work environment that is effectively laden with randomly placed, loaded rat traps? Not trying to bash (ahem) bash needlessly, but this is a problem that so smacks of 1977... The problem is that you aren't using the shell as intended. If you run it under your own user id, it does exactly what you tell it to do and there is no element of trust involved. The problem, as I see it, is that the shell provides access variables without any means of preserving them as variables across calls and incantations. I guess I just hadn't noticed how bad this was, since I started using PHP as shell scripts years ago to run everything, despite the mild performance hit. escapeshallarg() and addslashes() combined with a few backticks provides easy access to the power of the shell, and excellent don't need to worry about it security. Errr what??? Php has about the worst security history of any program around. Thanks for confusing the issue with a red herring. Or should I ignore the buggy and probably vulnerable TLDP example above? Maybe a google search for bash escape vulnerability might illuminate the issue I speak of? This just blows my mind What would you like your computer to prevent you from doing to yourself? I hate to belabor it: give me the OPTION to trust that I can keep a single parameter as a single parameter across incantations and calls. If I'm looping thru a listing files, I should be able to trust that my $FILENAME variable contains the name of... a file! If I want to pass parameter 1 of my script to another script, that other script should be ABLE get my
Re: [CentOS] Yum not updating kernel [personal]
Ray Van Dolson please email me at [EMAIL PROTECTED] -- Bob Taylor ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] bash - safely pass untrusted strings?
On Tue, Feb 26, 2008 at 11:22:55AM -0800, Benjamin Smith alleged: On Tuesday 26 February 2008, Les Mikesell wrote: WHY THE @!#! NOT?!?!? The shell is 'supposed' to be run by a user that is allowed to run any command he wants, and permission/trust issues are handled by the login/authentication process that happens before you get to the shell. If you give the shell a bad command under your own account, it's not supposed to second guess what you wanted. I'm not asking for this. I'm only asking for the option to be able to trust that a parameter is... a parameter. EG: file: script1.sh #! /bin/bash script2.sh $1 exit 0; file: script2.sh #! /bin/bash echo $1; $ script1.sh this\ parameter; I get output of this! script2 gets two parameters! I want a way for 1 You need to quote the variable: #!/bin/bash echo $1 parameter to STAY 1 parameter upon request, so that script2.sh would output this parameter, like file:script1.sh #! /bin/bash PassToShell2=escapethis $1; script2.sh $PassToShell; exit 0; You are missing two sets of quotes: #!/bin/bash PassToShell2=escapethis $1 script2.sh $PassToShell [...snip blah blah rant...] http://tldp.org/HOWTO/Bash-Prog-Intro-HOWTO-12.html#ss12.1 Here's what I get: mv: invalid option -- a Try `mv --help' for more information. That's a bug in the script. It should be: mv -- $file $file$suffix Or with a file with a space: echo blah d; echo blah d foo; The TLDP's example doesn't move file d foo. I get: mv: cannot stat `d': No such file or directory mv: cannot stat `foo': No such file or directory So I ask again: This doesn't strike you as fundamentally borkeD? The emperor wears no clothes! Just another case of missing double quotes. It's the programmer that is borked, but the fundamentals :) [...snip more rants...] -- Garrick Staples, GNU/Linux HPCC SysAdmin University of Southern California Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html pgpbFMATCdIKj.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] bash - safely pass untrusted strings?
Are you trying to pass all parameters from one script to another or just the first one ($1). If it's the former, have you tried using $@? For the latter, $1 might work. Alfred ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Yum not updating kernel
Ross S. W. Walker wrote: Here is the cpu info of a more recent quad core Intel. processor : 0 vendor_id : GenuineIntel cpu family : 6 model : 15 model name : Intel(R) Xeon(R) CPU X3220 @ 2.40GHz stepping: 7 This model is 10 cpu designs ahead, but still part of the i686 family, of course these 10 designs do not show the separate Pentium/Xeon/Pro tree lineages. I think they gave up giving the steppings nick names a long long time ago. indeed, Xeon further confuses things, this is simply a brand name for a 'Server' CPU. There have been Xeon's that were Pentium-III based, then Pentium-4 based, and now new ones like that are Core2Duo based. and, further confusing things, the Pentium-4 variants weren't really P6 core based, they had a completely different internal architecture known as NetBurst, but Intel decided not to give it a seperate family designation for who-knows-what reason.The newest Core based CPUs are in fact derived from the Pentium-M laptop processor, which in turn was based on a redesign of the P6 (Pentium-III) guts, discarding the Netburst architecture. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Logwatch showing entries for non existent services
Joseph L. Casale wrote: Probably because the package removal does not remove log files. Try manually deleting the logs. I missed that obvious point, heh. grin Also remove exim from the list of services in logwatch.conf ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SAMBA is driving me crazy
scaglietti amore wrote: sorry man :( but when i pasted those lines to the mail page they were organized i dont know how they end up like that :) blame it on hotmail. your original message was in mime multipart, the HTML version had those lines seperated by BR (break) but the plaintext version generated by hotmail gets munged to run-on lines. friends don't let friends use MSN Hotmail. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] SAMBA is driving me crazy
shiii did anyone notice any failure today to open the hotmail.combefor 5 hours Date: Tue, 26 Feb 2008 11:51:50 -0800 From: [EMAIL PROTECTED] To: centos@centos.org Subject: Re: [CentOS] SAMBA is driving me crazy scaglietti amore wrote: sorry man :(but when i pasted those lines to the mail page they were organizedi dont know how they end up like that :) blame it on hotmail. your original message was in mime multipart, the HTML version had those lines seperated by BR (break) but the plaintext version generated by hotmail gets munged to run-on lines. friends don't let friends use MSN Hotmail. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos _ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Yum not updating kernel
Bob Taylor wrote: On Tue, 2008-02-26 at 08:14 -0600, Johnny Hughes wrote: [snip] what happens if you edit /etc/rpm/platform and change it too: i686-redhat-linux Nothing. I downloaded the current rpm file this morning and ran rpm -Uvh --force /home/brtaylor/rpm-4.4.2-47.el5.i386.rpm. Rpm seems to behave oddly. I had downloaded the current kernel rpm and installed it with the command rpm -ivh --ignorearch [file] successfully. I can not remove it with the command rpm -e kernel-2.6.18-53.1.13 but can if I add .el5 to the end it does. Before I deleted it I ran the command rpm -ql kernel and all three kernels rpm files were listed including the kernel rpm which rpm -e said wasn't installed. This doesn't make sense to me. I have done the following: rpm -Uvh --force /home/brtaylor/rpm-4.4.2-47.el5.i386.rpm edit /etc/rpm/platform to i686-redhat-linux rpm -e kernel-2.6.18-53.1.13.el5 yum clean all yum upgrade kernel returned Installed: kernel.i686 0:2.6.18-53.1.13.el5 Complete! It looks like the problem may be in rpm after 4.4.2-37. Before I go to the rpm people, I need to confer with Ray Van Dolson who says his is the same as mine and he has no problem updating kernels. After Ray and I resolve this issue, I will send a last email to the list hopefully ending this subject with the resolution to this problem. The problem was most likely the /etc/rpm/platform if it is i386 and not i686 then is will not allow i686 RPMS to be installed. That file should only be updated IF anaconda does an install or upgrade. It should only be i386 of it is installed on a pentium classic processor (or equivalent). That is the only cause of the incompatible arch. Nothing in centos except an install/upgrade via anaconda should ever tough that file, so once you change it, it should remain changed. Reboot a couple times and makes sure it (/etc/rpm/platform) stays the same. If it changes we need to figure out why. signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] SAMBA is driving me crazy
Ya know you can set hotmail to send in plain text which helps a lot with these mailing lists. -Ross From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of scaglietti amore Sent: Tuesday, February 26, 2008 3:04 PM To: CentOS mailing list Subject: RE: [CentOS] SAMBA is driving me crazy shiii did anyone notice any failure today to open the hotmail.com befor 5 hours Date: Tue, 26 Feb 2008 11:51:50 -0800 From: [EMAIL PROTECTED] To: centos@centos.org Subject: Re: [CentOS] SAMBA is driving me crazy scaglietti amore wrote: sorry man :( but when i pasted those lines to the mail page they were organized i dont know how they end up like that :) blame it on hotmail. your original message was in mime multipart, the HTML version had those lines seperated by BR (break) but the plaintext version generated by hotmail gets munged to run-on lines. friends don't let friends use MSN Hotmail. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Express yourself instantly with MSN Messenger! a href='http://clk.atdmt.com/AVE/go/onm00200471ave/direct/01/' target='_new'MSN Messenger __ This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: Huge mailq
Jason Pyeron wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of nate Sent: Monday, February 25, 2008 21:47 To: centos@centos.org Subject: Re: [CentOS] Huge mailq Jason Pyeron wrote: Where should we start on preventing this type of problem? [EMAIL PROTECTED] mqueue]# find | wc -l 185259 /etc/init.d/sendmail stop chkconfig --level 2345 sendmail off find /var/spool/mqueue -type f -exec rm -f {} \; Funny, But we tried an even esier rm -rf / reboot Eheh, but the ' reboot' part is rather useless as the reboot symlink should have disappeared once the 'rm -rf /' has done its magic ;). ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Pointer to simple mail server setup?
Hello. I need to set up a mail server for a small (~5 people) organization on CentOS 5.1. While I am very familiar with CentOS and Linux in general, I have zero experience in setting up a POP3(s)/SMTP mail server. I suppose eventually I'd like to do spam/virus filtering, but initially the simple sending/receiving of mail will be adequate. Can someone point me to a tutorial on setting up a mail server on CentOS 5? Thanks. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] SAMBA is driving me crazy
indeed it would i will look about it Ya know you can set hotmail to send in plain text which helps a lot with these mailing lists. -Ross From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of scaglietti amoreSent: Tuesday, February 26, 2008 3:04 PMTo: CentOS mailing listSubject: RE: [CentOS] SAMBA is driving me crazy shiii did anyone notice any failure today to open the hotmail.combefor 5 hours Date: Tue, 26 Feb 2008 11:51:50 -0800 From: [EMAIL PROTECTED] To: centos@centos.org Subject: Re: [CentOS] SAMBA is driving me crazy scaglietti amore wrote: sorry man :(but when i pasted those lines to the mail page they were organizedi dont know how they end up like that :) blame it on hotmail. your original message was in mime multipart, the HTML version had those lines seperated by BR (break) but the plaintext version generated by hotmail gets munged to run-on lines. friends don't let friends use MSN Hotmail. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Express yourself instantly with MSN Messenger! a href='http://clk.atdmt.com/AVE/go/onm00200471ave/direct/01/' target='_new'MSN Messenger This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof. _ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] bash - safely pass untrusted strings?
On Tuesday 26 February 2008, Garrick Staples wrote: I'm not asking for this. I'm only asking for the option to be able to trust that a parameter is... a parameter. EG: file: script1.sh #! /bin/bash script2.sh $1 exit 0; file: script2.sh #! /bin/bash echo $1; $ script1.sh this\ parameter; I get output of this! script2 gets two parameters! I want a way for 1 You need to quote the variable: #!/bin/bash echo $1 You missed the point. In script2.sh, $1 only contains the string this. There is no safe way to pass $1 (containing string this parameter) from script1 to script2 as a single, trustable parameter. You can't do it. Bash is incapable of passing a parameter safely. You can sorta do it with *$ in the case of spaces. But this is all but powerless against file names containing quotes or other special characters. See below Disney example. So $1 in script 1 contains this parameter. $1 in script 2 contains this. Instead, I have to hork it up with awk, sed, or something similar, and try to account for every possible interpreted character. (I'm feeling that powerful goodness already! =) parameter to STAY 1 parameter upon request, so that script2.sh would output this parameter, like file:script1.sh #! /bin/bash PassToShell2=escapethis $1; script2.sh $PassToShell; exit 0; You are missing two sets of quotes: #!/bin/bash PassToShell2=escapethis $1 script2.sh $PassToShell You missed the point here too. Maybe, to make it more clear, try this: #!/bin/bash PassToShell2=`escapethis $1`; script2.sh $PassToShell escapethis is intended to be a call, not a parameter. Please re-read my earlier note with this new understanding? [...snip blah blah rant...] http://tldp.org/HOWTO/Bash-Prog-Intro-HOWTO-12.html#ss12.1 Here's what I get: mv: invalid option -- a Try `mv --help' for more information. That's a bug in the script. It should be: mv -- $file $file$suffix Again, you're missing the point. (practice makes perfect?) While this -- on the mv line is a good way to work around the fact that -a is being interpreted, it doesn't change the fact that $file is unescaped. The -a can be part of a file called Disney Trip -a mother's journey.doc No amount of quoting the on the mv line will change the fact that there is no way to pass a parameter SAFELY. -a is an example that can be matched by files with quotes, doublequotes, dashes, semicolons and other characters. Never do we actually have a trustable value in $file, only an interpreted one. Bash is incapable of passing a parameter SAFELY. Here are the offending lines: for file in $* do mv ${file} $prefix$file done But you didn't read that, did you? Try it yourself! echo blah Disney trip -a mother\'s journey.doc; I tried the following code with the above example. Note the quotes! for file in $* do echo $file; done; called like: /bin/bash ../test.sh * Disney trip -a mother\'s journey.doc 5 parameters, one file. Whe! Bash is incapable of passing a parameter Safely. No amount of quoting will make TLDP's move a bunch of files script actually work reliably. Or with a file with a space: echo blah d; echo blah d foo; The TLDP's example doesn't move file d foo. I get: mv: cannot stat `d': No such file or directory mv: cannot stat `foo': No such file or directory Just another case of missing double quotes. (Sigh) You missed the point... (see above about bash being incapable of passing a parameter safely) Explain to me where 'ANY' amount 'of' quoting will fix this ? If only to yourself... You can sorta do it with `find -print0`, a whispered admission to a bloated, blaring, gaping white elephant of a problem. I'd like to have a informed discussion, which, apparently, you either aren't interested in, or aren't capable of. Maybe if I alter the case? bASH IS INCAPABLE OF PASSING A PARAMETER safely. bAsH iS iNcApAbLe Of PaSsInG a PaRaMeTeR sAfElY. I mean, argue with me if you want on how my scripts are implemented but the previous two (TRUE) sentences sound like a philosophical deficiency to me. But seriously, why do you consider this OK? Is it an ego thing? -Ben -- Only those who reach toward a goal are likely to achieve it. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Pointer to simple mail server setup?
On Tue, 26 Feb 2008 15:30:50 -0500 Steve Snyder [EMAIL PROTECTED] wrote: Can someone point me to a tutorial on setting up a mail server on CentOS 5? http://www.linuxhomenetworking.com/ -- MELVILLE THEATRE ~ Melville Sask ~ http://www.melvilletheatre.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] Yum not updating kernel
Johnny Hughes wrote: Bob Taylor wrote: On Tue, 2008-02-26 at 08:14 -0600, Johnny Hughes wrote: [snip] what happens if you edit /etc/rpm/platform and change it too: i686-redhat-linux Nothing. I downloaded the current rpm file this morning and ran rpm -Uvh --force /home/brtaylor/rpm-4.4.2-47.el5.i386.rpm. Rpm seems to behave oddly. I had downloaded the current kernel rpm and installed it with the command rpm -ivh --ignorearch [file] successfully. I can not remove it with the command rpm -e kernel-2.6.18-53.1.13 but can if I add .el5 to the end it does. Before I deleted it I ran the command rpm -ql kernel and all three kernels rpm files were listed including the kernel rpm which rpm -e said wasn't installed. This doesn't make sense to me. I have done the following: rpm -Uvh --force /home/brtaylor/rpm-4.4.2-47.el5.i386.rpm edit /etc/rpm/platform to i686-redhat-linux rpm -e kernel-2.6.18-53.1.13.el5 yum clean all yum upgrade kernel returned Installed: kernel.i686 0:2.6.18-53.1.13.el5 Complete! It looks like the problem may be in rpm after 4.4.2-37. Before I go to the rpm people, I need to confer with Ray Van Dolson who says his is the same as mine and he has no problem updating kernels. After Ray and I resolve this issue, I will send a last email to the list hopefully ending this subject with the resolution to this problem. The problem was most likely the /etc/rpm/platform if it is i386 and not i686 then is will not allow i686 RPMS to be installed. That file should only be updated IF anaconda does an install or upgrade. Good to note, I was under the impression that it might be set in the initrd in case a different kernel image is installed. It should only be i386 of it is installed on a pentium classic processor (or equivalent). Would anaconda even allow C5 to install on such a class cpu? That is the only cause of the incompatible arch. Nothing in centos except an install/upgrade via anaconda should ever tough that file, so once you change it, it should remain changed. Reboot a couple times and makes sure it (/etc/rpm/platform) stays the same. If it changes we need to figure out why. I think there may be a case or two of bad packages updating that file I believe these are some dumb Mozilla plugins though, googling got me these: http://dnmouse.webs.com/playdvdsmore.htm and here: http://www.fedorafaq.org/ The OP had a lot of kitchen sinks installed maybe a broken plugin was the cause of all that grief. Probably right around the time he installed that repo and things stopped working. -Ross __ This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] bash - safely pass untrusted strings?
On Tue, Feb 26, 2008 at 12:40:06PM -0800, Benjamin Smith alleged: I'd like to have a informed discussion, which, apparently, you either aren't interested in, or aren't capable of. *shrug* I thought we were having a discussion. I'll leave you to it and stay out of your way. -- Garrick Staples, GNU/Linux HPCC SysAdmin University of Southern California Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html pgpYmVprXjNmK.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Pointer to simple mail server setup?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Steve Snyder wrote: | Can someone point me to a tutorial on setting up a mail server on CentOS | 5? | qmailtoaster + qmailtoaster plus. http://www.qmailtoaster.org http://qtp.qmailtoaster.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD4DBQFHxH7e1ICPLt0IYTcRAhRzAJ9sfqsfuaWutxVFZagEyyVqeaMkGQCXch99 qJS6bXxWj/6M6cNIMDke6A== =Ccvb -END PGP SIGNATURE- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] /etc/sysconfig/iptables on a stock CentOS 5 install
Tom Laramee wrote: Greetings: i have a pretty stock CentOS 5 machine with ports 80 and 22 exposed, so my /etc/sysconfig/iptables file is pretty standard/straightforward. my question is: how is this config file initially generated? i'd like to re-create it, and add a couple of rules so i don't want to lose what's in there already. i see that my /etc/sysconfig/system-config-securitylevel has three entries, which explains how the port 80 and 22 rules get into the config: --enabled --port=22:tcp --port=80:tcp ... and i see the basic /etc/sysconfig/iptables-config file, but i'm unclear as to how the rest of the stuff gets in there: e.g.: # Firewall configuration written by system-config-securitylevel # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT -A RH-Firewall-1-INPUT -p 50 -j ACCEPT -A RH-Firewall-1-INPUT -p 51 -j ACCEPT -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT if you only want to add few simple rules, and if you know about iptables syntax, you can do something like # iptables-save iptables.tmp edit the resulting files to adjust to your needs, then load it: # iptables-restore iptables.tmp once you're happy, _backup_ /etc/sysconfig/iptables and do # iptables-save /etc/sysconfig/iptables Alternatively, use one of the available scripts or tools to create your configuration. In any case, be aware that a misconfiguration could result in blocking your own access. so better test on a machine not far from you. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] bash - safely pass untrusted strings?
Benjamin Smith wrote: On Tuesday 26 February 2008, Les Mikesell wrote: WHY THE @!#! NOT?!?!? The shell is 'supposed' to be run by a user that is allowed to run any command he wants, and permission/trust issues are handled by the login/authentication process that happens before you get to the shell. If you give the shell a bad command under your own account, it's not supposed to second guess what you wanted. I'm not asking for this. I'm only asking for the option to be able to trust that a parameter is... a parameter. EG: You can, but you have to know how many times shells will parse it. One layer of quoting is removed each time. Things inside single quotes are literal, double quotes still do variable expansion. file: script1.sh #! /bin/bash script2.sh $1 exit 0; file: script2.sh #! /bin/bash echo $1; $ script1.sh this\ parameter; I get output of this! script2 gets two parameters! I want a way for 1 parameter to STAY 1 parameter upon request, so that script2.sh would output this parameter, like One layer of quotes for each time it is parsed... The first is on the initial command line, so if you want to hold it together, put double quotes around $1. file:script1.sh #! /bin/bash PassToShell2=escapethis $1; script2.sh $PassToShell; exit 0; Bash is used, extensively in many cases, to deal with untrusted data. Why? How about an installer script? How about a magical script copied from TLDP to rename all files in pwd? These things run with the permissions of the user running them. Why should they be concerned about that person giving them untrusted embedded commands that they could just as easily run directly? This can include random file names in user home directories, parameters on various scripts, etc. It's highly sensitive to being passed characters that have, over the past NN years, resulted in quite a number of security holes and problems. If it hurts, don't do it. Build your own argument list and exec programs directly if you want to avoid shell command line parsing. So, I'm supposed to know the contents of a user's home directory? And code for these in advance? Code so you don't let the shell parse their names. It doesn't have to if you just want to hand them to some other program. Yet there exists NO MECHANISM for simply ensuring that a given argument is an escaped string? What does that mean? If you can define it you can make it happen, but who knows what characters at what depth of quoting will have some special meaning? Can I define it? Thought I did that already: http://us.php.net/manual/en/function.escapeshellarg.php Can you pass that via ssh to some other system(s) and have i/o redirection or variable expansions happen in the right places? Or its perl equivalent: http://search.cpan.org/~gaas/URI-1.35/URI/Escape.pm See how I'd like to see it in implementation in above example, passToShell2 What's the point? If you are in the shell already it's too late. If you are in some other program and don't want shell metacharacter processing to happen, don't feed it to the shell in the first place. How many homebrew ISP or hosting administration scripts could be compromised by simply putting a file in your home directory called ;rm -rf / ? Probably none that are still in business. Google bash howto for lots of vulnerable and problematic examples. Here's a beaut that fails if you have a file called -a in the pwd, see File re-namer. It's a renamer that doesn't, if the file contains any spaces, dashes, etc. There are any number of ways to do things wrong. I don't need to look up more of them. http://tldp.org/HOWTO/Bash-Prog-Intro-HOWTO-12.html#ss12.1 Here's what I get: mv: invalid option -- a Try `mv --help' for more information. Most programs accept -- as an option to end option parsing. But if you don't want this effect, don't start your filenames with a -. Or with a file with a space: echo blah d; echo blah d foo; The TLDP's example doesn't move file d foo. I get: mv: cannot stat `d': No such file or directory mv: cannot stat `foo': No such file or directory If you don't want the shell to split on spaces you can tell it not to. Or you can quote filenames correctly. Or not put spaces in filenames. So I ask again: This doesn't strike you as fundamentally borkeD? The emperor wears no clothes! No, it works the way I'd want it to work most of the time. And for the exceptions, you use quotes in the right places the right number of times. This doesn't strike you as fundamentally borkeD? No, if you stop bad things from happening, you'll also stop good things. Yes. But you don't have to stop the good things. You don't like the fact that the shell does things like splitting on white space? I think the *OPTION* of saying parameter 1 is STILL parameter 1 is a good thing. If you want to leave things be, so be it. See my above example. You can't do that
Re: [CentOS] bash - safely pass untrusted strings?
On Tuesday 26 February 2008, Bart Schaefer wrote: For someone who apparently has no idea what he's talking about, you sure say a lot. Sorry. It's how I think aloud. Sorry if I offended. No, you missed it. You need the quotes *everywhere* that a variable is referenced. Yes, I missed this point. I now see the error in my ways. In script2.sh, $1 only contains the string this. There is no safe way to pass $1 (containing string this parameter) from script1 to script2 as a single, trustable parameter. file: script1.sh #! /bin/bash script2.sh $1 # Doesn't help to quote in script2 if not quoted in script1 exit 0; file: script2.sh #! /bin/bash echo $1; This is the point that I missed. (hat in hand) Here are the offending lines: for file in $* do mv ${file} $prefix$file done for file in $@ do mv -- ${file} $prefix$file done No amount of quoting will make TLDP's move a bunch of files script actually work reliably. That was a bad URL to have pointed you to, because that's a horrible example of shell programming. I hope felix hudson has gotten a bit smarter since then. However, just because felix wrote a bad script does not make bash is incapable ... true, any more than you chanting it repeatedly does. It's a bad URL that's also very commonly referenced. Unless I'm terribly mistaken (again?), the only way I've been able to see loop thru a list of files work reliably is with find using the -print0 option, in cahoots with xargs. Is there any other way? -Ben -- Only those who reach toward a goal are likely to achieve it. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Yum not updating kernel
Ross S. W. Walker wrote: Johnny Hughes wrote: Bob Taylor wrote: On Tue, 2008-02-26 at 08:14 -0600, Johnny Hughes wrote: [snip] what happens if you edit /etc/rpm/platform and change it too: i686-redhat-linux Nothing. snip The problem was most likely the /etc/rpm/platform if it is i386 and not i686 then is will not allow i686 RPMS to be installed. That file should only be updated IF anaconda does an install or upgrade. Good to note, I was under the impression that it might be set in the initrd in case a different kernel image is installed. It should only be i386 of it is installed on a pentium classic processor (or equivalent). Would anaconda even allow C5 to install on such a class cpu? no ... and we have no i386 kernel ... no idea how that file got changed, but the only code to make it happen would be a pentium classic processor. C5 would just die, as there is not one. (c4 too) That is the only cause of the incompatible arch. Nothing in centos except an install/upgrade via anaconda should ever tough that file, so once you change it, it should remain changed. Reboot a couple times and makes sure it (/etc/rpm/platform) stays the same. If it changes we need to figure out why. I think there may be a case or two of bad packages updating that file I believe these are some dumb Mozilla plugins though, googling got me these: http://dnmouse.webs.com/playdvdsmore.htm and here: http://www.fedorafaq.org/ The OP had a lot of kitchen sinks installed maybe a broken plugin was the cause of all that grief. Probably right around the time he installed that repo and things stopped working. In both cases it seems that unixODBC-devel.i386 is the thing that possibly makes /etc/rpm/paltform angry. Let me research that. signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] Yum not updating kernel
Johnny Hughes wrote: Ross S. W. Walker wrote: Johnny Hughes wrote: Bob Taylor wrote: On Tue, 2008-02-26 at 08:14 -0600, Johnny Hughes wrote: [snip] what happens if you edit /etc/rpm/platform and change it too: i686-redhat-linux Nothing. snip The problem was most likely the /etc/rpm/platform if it is i386 and not i686 then is will not allow i686 RPMS to be installed. That file should only be updated IF anaconda does an install or upgrade. Good to note, I was under the impression that it might be set in the initrd in case a different kernel image is installed. It should only be i386 of it is installed on a pentium classic processor (or equivalent). Would anaconda even allow C5 to install on such a class cpu? no ... and we have no i386 kernel ... no idea how that file got changed, but the only code to make it happen would be a pentium classic processor. C5 would just die, as there is not one. (c4 too) That is the only cause of the incompatible arch. Nothing in centos except an install/upgrade via anaconda should ever tough that file, so once you change it, it should remain changed. Reboot a couple times and makes sure it (/etc/rpm/platform) stays the same. If it changes we need to figure out why. I think there may be a case or two of bad packages updating that file I believe these are some dumb Mozilla plugins though, googling got me these: http://dnmouse.webs.com/playdvdsmore.htm and here: http://www.fedorafaq.org/ The OP had a lot of kitchen sinks installed maybe a broken plugin was the cause of all that grief. Probably right around the time he installed that repo and things stopped working. In both cases it seems that unixODBC-devel.i386 is the thing that possibly makes /etc/rpm/paltform angry. Let me research that. I did a quick test and adding unixODBC-devel did nothing to my platform file on both Intel and AMD, so maybe it had a problem in the past and now it has become an urban legend. Maybe some other third party repo package mangled it. The OP's yum log should show what packages were installed when, so just need to trace it back to when it stopped working and look at what packages were installed and from where and test them out. -Ross __ This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] bash - safely pass untrusted strings?
Unless I'm terribly mistaken (again?), the only way I've been able to see loop thru a list of files work reliably is with find using the -print0 option, in cahoots with xargs. Is there any other way? -Ben -- If I understand you correctly, you are referring to the problem caused by spaces in filenames? Steve mentioned the environment variable IFS (individual field separator if memory serves me correctly). By default it's space, tab, or newline. You can change that in your script to be newline only in order to process file names with spaces in it, and then change it back afterwards (so save the value of $IFS at the beginning of the script to something like Default_IFS and then just prior to exiting the script reassign that value back to IFS to return it to its original state). If that's what you are looking at doing I'm sure someone here can fill in the blanks on that one. If not when I get to the office tomorrow I can have a look at some of my scripts where I had to do that and post sample code for you. Jacques B. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] Pointer to simple mail server setup?
Can someone point me to a tutorial on setting up a mail server on CentOS 5? Howtoforge has many. I have used their stuff successfully in the past... jlc ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] bash - safely pass untrusted strings?
On Tue, Feb 26, 2008 at 04:33:30PM -0600, Les Mikesell alleged: Does anyone have a quick reference to the order of operations as the shell parses a command line (variable parsing,i/o redirection, wildcard and variable expansion, splitting on IFS, quote removal, command substitution etc.)? That's really the first thing you need to know about the shell and if there is a simple description it must be buried in the middle of some obscure manual. This is from the EXPANSION section of the bash manpage: The order of expansions is: brace expansion, tilde expansion, parameter, variable and arithmetic expansion and command substitution (done in a left-to-right fashion), word splitting, and pathname expansion. -- Garrick Staples, GNU/Linux HPCC SysAdmin University of Southern California Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html pgpBfUi68N49G.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] bash - safely pass untrusted strings?
Garrick Staples wrote: On Tue, Feb 26, 2008 at 04:33:30PM -0600, Les Mikesell alleged: Does anyone have a quick reference to the order of operations as the shell parses a command line (variable parsing,i/o redirection, wildcard and variable expansion, splitting on IFS, quote removal, command substitution etc.)? That's really the first thing you need to know about the shell and if there is a simple description it must be buried in the middle of some obscure manual. This is from the EXPANSION section of the bash manpage: The order of expansions is: brace expansion, tilde expansion, parameter, variable and arithmetic expansion and command substitution (done in a left-to-right fashion), word splitting, and pathname expansion. That's one step in the bigger picture. I want the one that includes variable assignment, i/o redirection, quote removal, and a few other operations. I think I knew that a few decades ago, but now I don't even know where to look it up. -- Les Mikesell [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] bash - safely pass untrusted strings?
On Tue, Feb 26, 2008 at 05:30:12PM -0500, Jacques B. wrote: If I understand you correctly, you are referring to the problem caused by spaces in filenames? Steve mentioned the environment variable IFS (individual field separator if memory serves me correctly). By default it's space, tab, or newline. You can change that in your script to be newline only in order to process file names with spaces in it, and then change it back afterwards (so save the value of $IFS at the beginning of the script to something like Default_IFS and then just prior to exiting the script reassign that value back to IFS to return it to its original state). If that's what you are looking at You don't need to do any of that in a script, because scripts are run as a sub-process and don't impact the current environment. You only need to save/restore IFS if you're doing this as part of a larger script (or as a function called in the current shell). However, spaces AREN'T an issue with proper quoting. $ touch a file with spaces in $ touch another file $ ls a file with spaces in another file $ for a in * do echo File: $a done File: a file with spaces in File: another file Indeed, carriage returns aren't an issue either! $ a=$(echo a\nb) $ touch $a $ touch c $ ls a?b c [ Note the ? in the ls output; that's ls saying there's a funny character! ] $ for a in * do echo File: $a done File: a b File: c All works nicely. You only need to use find if you're doing things deep down in a directory tree. -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] bash - safely pass untrusted strings?
On Tue, Feb 26, 2008 at 03:30:02PM -0800, Benjamin Smith wrote: Exactly. Here's my example: $ ls -laFd * You're doing it wrong: ls -laFD -- * ls -l $file; You're doing it wrong: ls -l -- $file $ /bin/bash ./script3.sh * You're doing it wrong: bash ./script3.sh * (I already addressed why that is in an earlier message; you're doing two levels of shell parsing by calling the script in that odd way) -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: SAMBA is driving me crazy
on 2/26/2008 1:42 PM Ross S. W. Walker spake the following: Actually I recant that, one use to be able to do so, but not any more. One use to be able to display full headers too, but that is now missing as well. Oh well, Hotmail now officially sucks. Can't say I'm surprised, everything eventually sucks given enough time, I guess Microsoft is just accelerant. Microsoft is the 800 pound gorilla of software companies. You do it their way and you will like it!! -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] bash - safely pass untrusted strings?
On Tue, Feb 26, 2008 at 03:30:02PM -0800, Benjamin Smith alleged: File script3.sh contains the following: $ cat script3.sh #! /bin/sh for file in $* do ls -l $file; done Use $@ instead of $*. It will split up the way you want. pgpniM2ihOWs1.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: bash - safely pass untrusted strings?
Benjamin Smith wrote: It's obviously getting slipped on on the -b. Tried again: $ cat script3.sh #! /bin/bash for file in $* do ls -l -- $file; done $ /bin/bash ./script3.sh * -rw-r--r-- 1 bens nobody 5 2008-02-26 12:14 -b ls: cannot access Disney: No such file or directory ls: cannot access trip: No such file or directory ls: cannot access -a: No such file or directory ls: cannot access mother\'s: No such file or directory ls: cannot access journey.doc: No such file or directory -rwxr--r-- 1 bens nobody 103 2008-02-26 13:35 script1.sh -rwxr--r-- 1 bens nobody 26 2008-02-26 11:54 script2.sh -rw-r--r-- 1 bens nobody 57 2008-02-26 15:21 script3.sh -rw-r--r-- 1 bens nobody 55 2008-02-26 13:17 t Still has bad errors, properly quoted, otherwise legal file names. Redefine IFS? Still not properly quoted. What you need in the for ... line is the syntax that quotes each individual argument (so that embedded white space doesn't get treated as argument delimiters) while still maintaining $1 $2 $3 etc. as separate arguments. That's what $@ does: for file in $@ do ls -l -- $file done -- Bob Nichols NOSPAM is really part of my email address. Do NOT delete it. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] bash - safely pass untrusted strings?
On Tue, Feb 26, 2008 at 05:13:12PM -0600, Les Mikesell alleged: Garrick Staples wrote: On Tue, Feb 26, 2008 at 04:33:30PM -0600, Les Mikesell alleged: Does anyone have a quick reference to the order of operations as the shell parses a command line (variable parsing,i/o redirection, wildcard and variable expansion, splitting on IFS, quote removal, command substitution etc.)? That's really the first thing you need to know about the shell and if there is a simple description it must be buried in the middle of some obscure manual. This is from the EXPANSION section of the bash manpage: The order of expansions is: brace expansion, tilde expansion, parameter, variable and arithmetic expansion and command substitution (done in a left-to-right fashion), word splitting, and pathname expansion. That's one step in the bigger picture. I want the one that includes variable assignment, i/o redirection, quote removal, and a few other operations. I think I knew that a few decades ago, but now I don't even know where to look it up. That's pretty much the entire process for your basic expression. Quotes are obeyed the entire time, but are actually _removed_ after the expansion. And finally, file descriptors are opened the command is executed. I don't think you can write a simple list because the actual process is too complex. It would really be a tree or flowchart. -- Garrick Staples, GNU/Linux HPCC SysAdmin University of Southern California Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html pgp6KHTRvYxBq.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Logwatch showing entries for non existent services
Joseph L. Casale wrote: Hi, Maybe I don't understand Logwatch correctly. Doesn't it look for all possible services defined by the existence of the many service definitions, and if it finds a log, it reports it? This is the default behavior from what I gathered, my silly mistake was not cleaning the log file out after a service was removed. Thanks, jlc I know even if you do not use sendmail logwatch will still report, This is from the logwatch.conf q Service = -eximstats # Prevents execution of eximstats service, which # is a wrapper for the eximstats program. /q It is on by default so not sure what your seeing. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] NFSroot is acting strange in CentOS5
Hello all, I have observed a problem with a diskless PXE client I am attempting to configure. PXE/NFS/DHCP/TFTPd server is running CentOS5.1 and the Diskless workstation's root and kernel was extracted from a CentOS5.1 (custom kernel due to setting to enable Root File System support). Problem: When the diskless client boots and logs in I notice that my root user is being squashed, even if I have exported the root with the no_root_squash option. The exports file contains this line: /export/images *(rw,no_root_squash,no_subtree_check) 1. Creating a file as root gives it nobody permission: rw-r--r-- 1 65534 655340 Feb 26 16:30 foo 2. When I explicitly mount the same export from the booted workstation and create another file; this time, it is created as root: -rw-r--r-- 1 root root 0 Feb 26 16:31 bar 3. I checked the /proc/mounts and notice there are differences in the NFS options it has accepted during mount: rootfs / rootfs rw 0 0 /dev/root / nfs rw,vers=2,rsize=4096,wsize=4096,hard,nolock,proto=udp,timeo=11,retrans=2,sec=null,addr=192.16.10.5 0 0 192.16.10.5:/tftpboot /mnt/test nfs rw,vers=3,rsize=32768,wsize=32768,hard,proto=tcp,timeo=600,retrans=2,sec=sys,addr=192.168.16.5 0 0 4. I try to append NFS options to my APPEND line to force: NFS version3, change r/wsize, use tcp protocol and change the sec from null to sys (null seems to be the parameter that affects the NFS ownership/permission). My /tftpboot/pxelinux.cfg/default file contains the following: nfsroot=192.168.16.5:/export/images/centos51_x86-64,nfsversvers=3,tcp,rsize=32768,wsize=32768,sec=sys ip=dhcp 5. All options are honored except for the sec=sys option. Below is the output of the /proc/cmdline: /proc/cmdline: root=/dev/nfs rw nfsroot=192.168.16.5:/export/images/centos51_x86-64,nfsvers=3,tcp,rsize=32768,wsize=32768,sec=sys ip=dhcp BOOT_IMAGE=vmlinuz-2.6.18-custom-2.6.18-53.el5 6. But the /proc/mounts shows that the sec= parameter is still set to NULL. /proc/mounts: rootfs / rootfs rw 0 0 /dev/root / nfs rw,vers=3,rsize=3278,wsize=3478,hard,nolock,proto=tcp,timeo=11,retrans=2,sec=null,addr=192.168.16.5 0 0 Kernel versions: PXE server -- uname -a Linux qatest1 2.6.18-53.1.13.el5xen #1 SMP Tue Feb 12 13:33:07 EST 2008 x86_64 x86_64 x86_64 GNU/Linux Diskless Workstation's kernel and root are extracted from this: Linux localhost.localdomain 2.6.18-custom-2.6.18-53.el5 #1 SMP Wed Feb 20 08:45:23 PST 2008 x86_64 x86_64 x86_64 GNU/Linux Any help would be greatly appreciated. -- best, Vince ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Yum not updating kernel
On Tue, 2008-02-26 at 11:22 -0800, Garrick Staples wrote: On Tue, Feb 26, 2008 at 11:19:36AM -0800, Bob Taylor alleged: I can not remove it with the command rpm -e kernel-2.6.18-53.1.13 but can if I add .el5 to the end it does. Before I deleted it I ran the That's correct. 53.1.13 is the not same as 53.1.13.el5. The version is 2.6.18 and the release is 53.1.13.el5. You can specify the version or version-release, but not different substrings. Ah! Mystery resolved. Thanks! -- Bob Taylor ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Yum not updating kernel
On Tue, 2008-02-26 at 11:51 -0800, Ray Van Dolson wrote: [snip] It looks like the problem may be in rpm after 4.4.2-37. Before I go to the rpm people, I need to confer with Ray Van Dolson who says his is the same as mine and he has no problem updating kernels. After Ray and I resolve this issue, I will send a last email to the list hopefully ending this subject with the resolution to this problem. Bob, so it appears the above did work? It did. I don't recall what exactly I said was the same on my system as yours... but, my /etc/rpm/platform is: Mine reports the same as yours and I have no problem updating kernels. I believe this was in reference to uname -imp which mine results in i686 i686 i386 Notice the processor. By all accounts it should be i686. -- Bob Taylor ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: Yum not updating kernel
On Tue, 2008-02-26 at 10:33 -0800, Scott Silva wrote: [snip] The contents of, # cat /etc/rpm/platform i386-redhat-linux Good Shouldn't this be i686-redhat-linux ? Bingo! Better late than never! :-) That is exactly the problem! -- Bob Taylor ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Yum not updating kernel
On Tue, 2008-02-26 at 16:09 -0600, Johnny Hughes wrote: [snip] Would anaconda even allow C5 to install on such a class cpu? no ... and we have no i386 kernel ... no idea how that file got changed, but the only code to make it happen would be a pentium classic processor. C5 would just die, as there is not one. (c4 too) OK! Thanks Johnny. You just confirmed a bug here. Now I will, as time allows, see if I can discover why /etc/rpm/platform is incorrect. Since the file is in an rpm directory, shall I look at rpm? I promise *not* to begin another thread like this one! I'm a nice guy, really! -- Bob Taylor ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] Yum not updating kernel
On Tue, 2008-02-26 at 15:27 -0500, Ross S. W. Walker wrote: [snip] I think there may be a case or two of bad packages updating that file I believe these are some dumb Mozilla plugins though, googling got me these: http://dnmouse.webs.com/playdvdsmore.htm and here: http://www.fedorafaq.org/ The OP had a lot of kitchen sinks installed maybe a broken plugin was the cause of all that grief. Probably right around the time he installed that repo and things stopped working. I presume this comment is in regards to the above references? -- Bob Taylor ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Mono installation
Roilan Cardoso Sánchez wrote: I could finally install Mono completely, but when i try to run a winform bin it throw teh following error: An exception was thrown by the typw initializer for System.Windows.Forms.XplatUI --- System.TypeInitializationExceptio: Sistem.Drawing.GDIPlus .NET its a moving target. i'd suggest taking this up with a MONO support list. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Mono installation
I could finally install Mono completely, but when i try to run a winform bin it throw teh following error: An exception was thrown by the typw initializer for System.Windows.Forms.XplatUI --- System.TypeInitializationExceptio: Sistem.Drawing.GDIPlus - Original Message - From: Johnny Hughes [EMAIL PROTECTED] To: CentOS mailing list centos@centos.org Sent: Tuesday, February 26, 2008 1:37 PM Subject: Re: [CentOS] Mono installation ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.516 / Virus Database: 269.21.1/1299 - Release Date: 2/26/2008 9:08 AM __ LLama Gratis a cualquier PC del Mundo. Llamadas a fijos y móviles desde 1 céntimo por minuto. http://es.voice.yahoo.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos