Re: Advisory description text
Hi, On 07.01. 13:54, Adam Majer wrote: Moritz Muehlenhoff wrote: CVE-2007-3382 It was discovered that single quotes (') in cookies were treated as a delimiter, which could lead to an information leak. CVE-2007-3385 It was discovered that the character sequence \ in cookies was handled incorrectly, which could lead to an information leak. CVE-2007-5461 It was discovered that the WebDAV servlet is vulnerable to absolute path traversal. First of all, this is not targeted at this specific advisory or any person writing this advisory. :) Generally, the first little bits of each and every CVE description above, as well as in other advisories sent out by Debian, is not needed. Please, remove the It was discovered that part from any templates that you may be using. That part is not needed. It is also implied and doesn't add anything to the advisory. I respectfully disagree. A short summary of what a CVE is about is very useful for everyone not intimately familiar with all CVEs. Remember that Debian is not only used by seasoned professionals who know all pertinent security advisory distribution channels by heart. A little redundancy is a good thing when humans are involved. Regards uLI -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How to prevent daemons from ever being started?
Hi, On 15.05. 17:09, Uwe Hermann wrote: What is the Debian way to prevent any daemon from ever starting, whether upon reboot, upon upgrade, upon new install etc. If your default runlevel is 2, delete the symlink to the respective init script in /etc/rc2.d or even in /etc/rc[2345].d. Just make sure that there is at least one such symlink still in place in any of /etc/rc[S0123456].d. If you do it like this no new symlinks will be created upon upgrade. Regards uLI -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Strange Apache log and mambo security - sexy executable
Hi, On 23.01. 07:46, Jose Marrero wrote: Apache configured with mod_rewrite to deny blank or fake referers is a good idea. How can you tell that a referrer is fake? Regards, uLI -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: PermitRootLogin enabled by default
On Wed, Jun 26, 2002 at 02:11:00PM +0200 or thereabouts, InfoEmergencias - Luis Gómez wrote: Messing up with sshd_config for all the privsep stuff, I've noticed that PermitRootLogin was set to yes in my three woody boxes. I usually consider this a problem (although it has been my fault - i should have checked and noticed this much time ago). What do you think of this? disallowing direct root logins via ssh provides for auditing. you will always know which user became root. this is why i keep PermitRootLogin turned off. regards, uLI -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: VI wrapper for SUDO?
hi, maybe i misunderstand the intention here, but isn't it pointless to restrict privileges of the editing process of /etc/aliases if you could just as well change root's alias to a program that's run whenever root receives email and, e. g., puts one's most favourite /etc/passwd in place of the original? regards, uLI On Thu, Nov 29, 2001 at 02:45:08PM -0800 or thereabouts, William R Ward wrote: A lazy sysadmin, not thinking through the ramifications, might put things like /usr/bin/vi /etc/aliases in the sudoers file, thinking that it limits access. But of course, vi has the :e command... Is there any kind of wrapper that can be used to allow sudo to grant editing access to only one file? I am thinking of something similar to vipw or visudo, but with security in mind; following this basic algorithm: 1. Using user privileges, Copy the desired file to a temp file owned by the real user. 2. Using user privileges, Edit the temp file. 3. Using root privileges, copy the temp file to the final location. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: VI wrapper for SUDO?
hi, maybe i misunderstand the intention here, but isn't it pointless to restrict privileges of the editing process of /etc/aliases if you could just as well change root's alias to a program that's run whenever root receives email and, e. g., puts one's most favourite /etc/passwd in place of the original? regards, uLI On Thu, Nov 29, 2001 at 02:45:08PM -0800 or thereabouts, William R Ward wrote: A lazy sysadmin, not thinking through the ramifications, might put things like /usr/bin/vi /etc/aliases in the sudoers file, thinking that it limits access. But of course, vi has the :e command... Is there any kind of wrapper that can be used to allow sudo to grant editing access to only one file? I am thinking of something similar to vipw or visudo, but with security in mind; following this basic algorithm: 1. Using user privileges, Copy the desired file to a temp file owned by the real user. 2. Using user privileges, Edit the temp file. 3. Using root privileges, copy the temp file to the final location.
Re: rogue Chinese crawler
On Fri, Nov 23, 2001 at 05:32:04PM + or thereabouts, Martin WHEELER wrote: Is anyone else having problems with the robot from openfind.com.tw ... Anyone know of a sure-fire robot killer under woody? as a first recourse you could instruct your firewall to deny all access from openfind.com.tw to your machine:80. regards, uLI