Re: Changes in formal naming for NetBSD porting effort(s)

2003-12-17 Thread Kevin Kreamer 
[I am not subscribed to debian-bsd.]
On Dec 17, 2003, at 10:20, Branden Robinson wrote:
Given that we're going to be saddled with with a comprehension problem
anyway, I say we abandon the effort to be descriptive in the product
name.  I proposed having a correlation between the first letter of the
product name and the underlying BSD variant simply as a mnemonic
convenience for people who already know what the products are supposed
to be.
We don't have to *completely* give up the effort to be descriptive.  
How about just calling it:

Debian GNU/NBSD
Debian GNU/FBSD
Debian GNU/OBSD (if there's ever an OpenBSD port)
It would have the advantage of being recognizable to most people, 
without actually using 'NetBSD' or so anywhere in the name.

[ The following suggestion is possibly flameworthy.  Please consider 
the above separate from the below. ]

In the case of a NetBSD libc, you could use
Debian NBSD/NBSD
basically having the first half signify which libc is used.  However, 
if Debian is always going to use the GNU/ prefix, then perhaps make it 
something like

Debian GNU/NBSD/NBSD
with the third part signifying the libc used.
Kevin

Re: proposal: per-user temporary directories on by default?

2003-08-03 Thread Kevin Kreamer 
Tollef Fog Heen [EMAIL PROTECTED] writes:
 * Kevin Kreamer 
 [...]

 | [1] My solution as to how to get the path from libpam-tmpdir to
 | pam-tmpdir-helper was to pass it on the command line.  But, since
 | anyone can run pam-tmpdir-helper, anyone can create any tmpdir they
 | like anywhere on the system.  Very bad.

 Adding a sanity check that the base directory is owned by root, would
 that suffice?

 I think I'll have to think about this a little.

Ok, I've done some thinking on this as well, and this is what I've
come up with.  I don't think making sure that the base directory is
owned by root will protect you, as that would still allow an
attacker to put a tmpdir in most system areas.  What we really need
is to make sure that the tmpdir is created where the admin wants, not
where the user wants.

Since the helper has to be setuid, and has to runnable by anyone
(since the PAM stuff uses the permissions of whoever is logging in),
we can't pass the path into the helper.  It has to already know where
to make the path.  So, it seems to me that the best approach is to
have both pam_tmpdir.so and the helper read the configuration file
independently to find out where to put the tmpdir.  However, since
the helper won't know what service is being used, and therefore won't
know which pam.d file to read, we'll have to use a completely
independent config file (/etc/pam-tmpdir.conf or something like that).

What do you think?

Kevin



pgpWqpo21fdOd.pgp
Description: PGP signature

Re: proposal: per-user temporary directories on by default?

2003-08-02 Thread Kevin Kreamer 
Tollef Fog Heen [EMAIL PROTECTED] writes:
 ATM, TMPDIR is defined using #define in libpam-tmpdir's source.
 Patches for having that as a run-time configuration are accepted.

I recently posted to debian-devel a patch to do this (not sure
whether you saw it or not).  However, at the time, I didn't realise
that /sbin/pam-tmpdir-helper was a setuid root program.  Purely my
fault; I didn't check.  Anyway, that patch opens up a security hole[1],
so please don't apply it.

Thanks,
Kevin

[1] My solution as to how to get the path from libpam-tmpdir to
pam-tmpdir-helper was to pass it on the command line.  But, since
anyone can run pam-tmpdir-helper, anyone can create any tmpdir they
like anywhere on the system.  Very bad.



pgpys4KpeW8AX.pgp
Description: PGP signature

Re: proposal: per-user temporary directories on by default?

2003-07-30 Thread Kevin Kreamer 
Tollef Fog Heen [EMAIL PROTECTED] writes:
 ATM, TMPDIR is defined using #define in libpam-tmpdir's source.
 Patches for having that as a run-time configuration are accepted.

Attached is a patch to allow you to specify TMPDIR in the relevent
pam.d file, like so:

session   optional   pam_tmpdir.so tmpdir=/tmp/users

It does not (yet) expand ~, $HOME, or the like.  I'd like someone to
look it over to make sure I didn't open any security holes or cause
any stupid bugs.  (I do realise that it trusts the contents of the
pam.d file... not sure how paranoid to be about that.)

Thanks,
Kevin
Index: pam-tmpdir-helper.c
===
--- pam-tmpdir-helper.c	(revision 1)
+++ pam-tmpdir-helper.c	(working copy)
@@ -27,6 +27,8 @@
 
 #define SYSUSRTMP /tmp/user
 
+char *tmpdir;
+
 /* some syslogging */
 
 static void _log_err(int err, const char *format, ...)
@@ -47,48 +49,48 @@
   struct stat statbuf;
   mode_t old_umask;
 
-  ret = lstat(SYSUSRTMP,statbuf);
+  ret = lstat(tmpdir,statbuf);
   if (ret == -1  errno != ENOENT) {
-snprintf(logbuf,sizeof logbuf,lstat SYSUSRTMP failed: %s\n, strerror(errno));
+snprintf(logbuf,sizeof logbuf,lstat tmpdir failed: %s\n, strerror(errno));
 _log_err(LOG_NOTICE, %s, logbuf);
 return 1;
   } else if (ret != -1  statbuf.st_uid != 0) {
 /* Somebody else than root has grabbed /tmp/user.  Bad, bad, bad. */
 snprintf(logbuf,sizeof logbuf,%s is owned by uid %d instead of root  
-	(uid 0). Failed to create safe $TMPDIR\n, SYSUSRTMP, 
+	(uid 0). Failed to create safe $TMPDIR\n, tmpdir, 
  statbuf.st_uid);
 _log_err(LOG_ERR, %s, logbuf);
 return 1;
   } else if (ret != -1  !S_ISDIR(statbuf.st_mode)) {
-snprintf(logbuf,sizeof logbuf,%s is not a directory. Failed to create safe $TMPDIR\n, SYSUSRTMP);
+snprintf(logbuf,sizeof logbuf,%s is not a directory. Failed to create safe $TMPDIR\n, tmpdir);
 _log_err(LOG_NOTICE, %s, logbuf);
 return 1;
   } else if (ret != -1  ((statbuf.st_mode  S_IWGRP) || (statbuf.st_mode  S_IWOTH))) {
 snprintf(logbuf,sizeof logbuf,%s is group or world writable. 
-	 Failed to create safe $TMPDIR\n, SYSUSRTMP);
+	 Failed to create safe $TMPDIR\n, tmpdir);
 _log_err(LOG_NOTICE, %s, logbuf);
 return 1;
   } else if (ret != -1  !(statbuf.st_mode  S_IXOTH)) {
 snprintf(logbuf,sizeof logbuf,%s is not world searchable. 
-	 Failed to create safe $TMPDIR\n, SYSUSRTMP); 
+	 Failed to create safe $TMPDIR\n, tmpdir); 
 _log_err(LOG_NOTICE, %s, logbuf);
 return 1;
   } else if (ret == -1  errno == ENOENT) {
 old_umask = umask();
-if (mkdir(SYSUSRTMP,0711) == -1) {
-  snprintf(logbuf,sizeof logbuf,mkdir SYSUSRTMP failed: %s\n, strerror(errno));
+if (mkdir(tmpdir,0711) == -1) {
+  snprintf(logbuf,sizeof logbuf,mkdir tmpdir failed: %s\n, strerror(errno));
   _log_err(LOG_NOTICE, %s, logbuf);
   return 1;
 }
 umask(old_umask);
-if (chown(SYSUSRTMP,0,0) == -1) {
-  snprintf(logbuf,sizeof logbuf,chown 0:0 SYSUSRTMP failed: %s\n, strerror(errno));
+if (chown(tmpdir,0,0) == -1) {
+  snprintf(logbuf,sizeof logbuf,chown 0:0 tmpdir failed: %s\n, strerror(errno));
   _log_err(LOG_NOTICE, %s, logbuf);
   return 1;
 }
   }
 
-  if (snprintf(buf, sizeof buf, %s/%d,SYSUSRTMP,getuid()) == -1) {
+  if (snprintf(buf, sizeof buf, %s/%d,tmpdir,getuid()) == -1) {
 return 1;
   }
   ret = lstat(buf,statbuf);
@@ -131,5 +133,29 @@
 }
 
 int main(int argc, char **argv) {
+  /* Parse our command line arguments.  We assume that 
+   * we will either receive one argument (the tmpdir path),
+   * or none at all (in which case, we set tmpdir to be SYSUSRTMP).
+   */
+
+   if (argc == 2) {
+ if ((tmpdir = malloc(strlen(argv[1]) + 1)) == NULL) {
+   _log_err(LOG_ERR, malloc failed.  Out of memory.);
+   return 1;
+ }
+ strcpy(tmpdir, argv[1]);
+   } else if (argc == 1) {
+ if ((tmpdir = malloc(strlen(SYSUSRTMP) + 1)) == NULL) {
+   _log_err(LOG_ERR, malloc failed.  Out of memory.);
+   return 1;
+ }
+ strcpy(tmpdir, SYSUSRTMP);
+   } else {
+ _log_err(LOG_ERR, Incorrect number of arguments.  Giving up.);
+ return 1;
+   }
+
+  /* At this point, tmpdir should contain a valid TMPDIR path. */
+  
   return make_tmp_directory();
 }
Index: pam_tmpdir.c
===
--- pam_tmpdir.c	(revision 1)
+++ pam_tmpdir.c	(working copy)
@@ -43,7 +43,10 @@
 
 #define SYSUSRTMP /tmp/user
 #define PAM_TMPDIR_HELPER /sbin/pam-tmpdir-helper
+#define TMPDIR_INTRO tmpdir=
 
+char *tmpdir = NULL;
+
 static int set_environment(pam_handle_t *pamh);
 static int make_tmp_directory(pam_handle_t *pamh);
 
@@ -85,16 +88,45 @@
 #define PAM_ENV_SILENT  0x04
 #define PAM_NEW_ENV_FILE0x10
 
+static int set_tmpdir(int argc, const char **argv) {
+
+  int i;
+
+  /* Don't set tmpdir if it's already been set. */
+

Re: Advice needed : Oracle and Debian Linux

2003-06-20 Thread Kevin Kreamer 
Michael Meskes [EMAIL PROTECTED] writes:
 On Fri, Jun 20, 2003 at 12:53:34AM +1000, Russell Coker wrote:
 As for the support people, I don't think that necessarily makes it 
 impossible.  
 If you started up a company to produce a commercial distribution based on 
 Debian for running Oracle then having your people answer the phones at 
 Oracle 
 would be good for business...

 Not really. These people are on your pay roll but do not generate any
 revenue. So you have to have a lot of people busing this distro to run
 Oracle to make it work. 

If you charge per incident or such, then those people would generate
revenue.  Also, the ability to advertise that you have people at
Oracle answering questions could help generate revenue as well.

Basically, the assumption is that you would construct your business
plan so that it was good for business :-)

Kevin



pgphz6BJiSkod.pgp
Description: PGP signature

Re: security in testing

2003-05-14 Thread Kevin Kreamer 
Steve Langasek [EMAIL PROTECTED] writes:
 So where does that leave us?  If none of the people who are in a
 position to approve packages for inclusion in testing or
 testing-security are willing to commit resources to doing so, it seems
 the only other option that could have an effect is to submit a patch to
 the website, to add a skull and crossbones everywhere that testing is
 mentioned.

Disclaimer:  I'm just a lowly user.

If testing is just a release tool that isn't supposed to be used until
a freeze, why is it being offered up for use?  Wouldn't it be better
all around (disk space on mirrors, support questions about testing,
rooted boxes, threads like this, and such) to have the testing scripts
work on a private pool on some debian machine somewhere and not
mirrored out to the world?

Another question: does Debian provide to developers access to
machines on all 11 arches for building packages?

-- 
Kevin


pgpMJGPkyQ1wy.pgp
Description: PGP signature

Re: doc-html-w3

2001-09-23 Thread Kevin Kreamer 
On Sat, Sep 22, 2001 at 10:49:35PM -0500, Joseph Schlecht said:
 I would like to change doc-html-w3's name to one that is more descriptive of 
 its current and potential contents. I think that the name of this package is 
 currently too narrow; besides HTML, indicated by the name, it also contains 
 CSS2, SMIL, XPATH and many other recommendations. What do you think?

As a normal user, when I see doc-html-w3, I think of html-formatted 
documents about Emacs' w3 web browser.  I think a name change would be
appropriate, IMHO.
 
 Here are a couple of the names I've been kicking around:
a) doc-w3 (most general, my favorite; perhaps even doc-w3c)
b) doc-markup-w3 (but this name excludes style: CSS2, XSLT, etc)
c) doc-w3c-recommend
d) [your suggestion here]

doc-w3c looks best to me, but any would work as long as it is -w3c 
instead of -w3.

Kevin
-- 
Kevin Kreamer
FsckIt on openprojects.net