Re: Daemon umask

2012-08-09 Thread Chris Davies 
Mike Mestnik cheako+debian-secur...@mikemestnik.net wrote:
 Actually I'm unsure if a shell would be invoked in most cases.  For
 example Apache starts as root and drops privs after opening up log
 files(I wish someone would fix this) and port 80(I wish this could be
 done with an ACL).

Sorry, it's not clear to me what it is that you want fixed. Can you
elaborate?

Chris


-- 
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/rj1df9xmr7@news.roaima.co.uk

Re: how to fix rootkit?

2012-02-09 Thread Chris Davies 

On Wed, 2012-02-08 at 22:56, Chris Davies wrote:
 You can no longer trust the kernel [...]

Milan P. Stanic m...@arvanta.net wrote:
 Of course, you are right here. But then I don't trust the CPU's. How we
 know that the manufacturer od CPU, Ethernet card or anything, didn't put
 some secret code into device [...]

You don't. But since your scenario applies whether or not someone's
system has been rooted, it should probably remain outside the scope of
the discussion.

Chris


-- 
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/2p4d09xej3@news.roaima.co.uk

Re: how to fix rootkit?

2012-02-08 Thread Chris Davies 
Milan P. Stanic m...@arvanta.net wrote:
 What about statically linked binaries on the external media (CD, DVD,
 USB ...) which is write protected with 'execute in place' mode?

You can no longer trust the kernel. Therefore you cannot trust
ANY application that runs under that kernel, either directly or
indirectly. Period.

Chris


-- 
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/g5bb09xbl5@news.roaima.co.uk

Re: Default valid shells and home dir permissions

2012-01-12 Thread Chris Davies 
Davit Avsharyan avshar...@gmail.com wrote:
 1/  I'm wondering why most of the system users have valid shells by 
 default ?
 /cat /etc/passwd | grep -E '(sh|bash)' | wc -l
 *21*/

That's not necessarily sufficient to determine valid shells: the absence
of a shell definition implies the use of /bin/sh, so you need to check
that, too.

Something like this should probably give you a definitive list -

SS=$(grep '^/' /etc/shells | xargs)
for S in $SS ''; do
getent passwd | awk -F: -v S=$S '{if ($7 == S) print $1, $7}'
done

Chris


-- 
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/djs2u8xfrv@news.roaima.co.uk

Re: Default valid shells and home dir permissions

2012-01-12 Thread Chris Davies 
Poison Bit poison...@gmail.com wrote:
 Why filter to those in /etc/shells ? I mean... the filter should be
 applied by the system :)

Mainly because it's a convenient list of real shells, and some of the
remote service applications require a shell to be in that list. FTP is
one such that springs to mind. As a counter example, /bin/false is a
possible shell but it doesn't provide a particularly useful environment
for the user. You could change the scriptlet to check for the 7th column
being either empty or an executable file if you preferred.


 But neither of both codes take in mind if there is sudo in the system,
 and what is gained in its config.

I don't recall the OP mentioning access via sudo. (BICBW.)


 Also, neither of both codes think about ForceCommand in ssh... So I
 maybe listed as /bin/bash, but I me be able only of run /usr/bin/cal
 once as my shell and get kicked.

ForceCommand requires an interactive shell-like login on the target,
so I don't believe that's relevant here.

Chris


-- 
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/uad3u8x037@news.roaima.co.uk

Re: Linux infected ?

2009-02-05 Thread Chris Davies 
Ralph Jenkin ralph.jen...@empoweredcomms.com.au wrote:
 Am I the only one thinking; Wine can actually manage to get infected by 
 malware now? Cool.

I've seen a fair number of discussions about this on usenet, so it's
not new, no.

Chris


-- 
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Re: Rainbow tables on Linux?

2008-10-24 Thread Chris Davies 
Johan 'yosh' Marklund [EMAIL PROTECTED] wrote:
 the open source rainbow tables are about 121GB (if my memory
 serves me correctly) and are only available via bittorrent.
 I think it took me about 2 months to download them.
 http://www.antsight.com/zsl/rainbowcrack/

Out of interest, how long do you estimate it would have taken you to
generate them locally?

Chris


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]