Re: Daemon umask
Mike Mestnik cheako+debian-secur...@mikemestnik.net wrote: Actually I'm unsure if a shell would be invoked in most cases. For example Apache starts as root and drops privs after opening up log files(I wish someone would fix this) and port 80(I wish this could be done with an ACL). Sorry, it's not clear to me what it is that you want fixed. Can you elaborate? Chris -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/rj1df9xmr7@news.roaima.co.uk
Re: how to fix rootkit?
On Wed, 2012-02-08 at 22:56, Chris Davies wrote: You can no longer trust the kernel [...] Milan P. Stanic m...@arvanta.net wrote: Of course, you are right here. But then I don't trust the CPU's. How we know that the manufacturer od CPU, Ethernet card or anything, didn't put some secret code into device [...] You don't. But since your scenario applies whether or not someone's system has been rooted, it should probably remain outside the scope of the discussion. Chris -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/2p4d09xej3@news.roaima.co.uk
Re: how to fix rootkit?
Milan P. Stanic m...@arvanta.net wrote: What about statically linked binaries on the external media (CD, DVD, USB ...) which is write protected with 'execute in place' mode? You can no longer trust the kernel. Therefore you cannot trust ANY application that runs under that kernel, either directly or indirectly. Period. Chris -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/g5bb09xbl5@news.roaima.co.uk
Re: Default valid shells and home dir permissions
Davit Avsharyan avshar...@gmail.com wrote: 1/ I'm wondering why most of the system users have valid shells by default ? /cat /etc/passwd | grep -E '(sh|bash)' | wc -l *21*/ That's not necessarily sufficient to determine valid shells: the absence of a shell definition implies the use of /bin/sh, so you need to check that, too. Something like this should probably give you a definitive list - SS=$(grep '^/' /etc/shells | xargs) for S in $SS ''; do getent passwd | awk -F: -v S=$S '{if ($7 == S) print $1, $7}' done Chris -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/djs2u8xfrv@news.roaima.co.uk
Re: Default valid shells and home dir permissions
Poison Bit poison...@gmail.com wrote: Why filter to those in /etc/shells ? I mean... the filter should be applied by the system :) Mainly because it's a convenient list of real shells, and some of the remote service applications require a shell to be in that list. FTP is one such that springs to mind. As a counter example, /bin/false is a possible shell but it doesn't provide a particularly useful environment for the user. You could change the scriptlet to check for the 7th column being either empty or an executable file if you preferred. But neither of both codes take in mind if there is sudo in the system, and what is gained in its config. I don't recall the OP mentioning access via sudo. (BICBW.) Also, neither of both codes think about ForceCommand in ssh... So I maybe listed as /bin/bash, but I me be able only of run /usr/bin/cal once as my shell and get kicked. ForceCommand requires an interactive shell-like login on the target, so I don't believe that's relevant here. Chris -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/uad3u8x037@news.roaima.co.uk
Re: Linux infected ?
Ralph Jenkin ralph.jen...@empoweredcomms.com.au wrote: Am I the only one thinking; Wine can actually manage to get infected by malware now? Cool. I've seen a fair number of discussions about this on usenet, so it's not new, no. Chris -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Rainbow tables on Linux?
Johan 'yosh' Marklund [EMAIL PROTECTED] wrote: the open source rainbow tables are about 121GB (if my memory serves me correctly) and are only available via bittorrent. I think it took me about 2 months to download them. http://www.antsight.com/zsl/rainbowcrack/ Out of interest, how long do you estimate it would have taken you to generate them locally? Chris -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]