Re: .desktop arbitrary program execution
On Wed, Jan 19, 2005 at 12:49:57PM +0100, Florian Weimer wrote: > * Rick Moen: > > > Please advise this mailing list of which specific Linux or BSD MUA (or > > specific configuration thereof) is willing to execute a received > > binary or script attachment. > > mutt and Gnus are, in typical configurations. Most distributions > kindly add all these helpful mailcap entries. my mailcap file (made by Debian installation) doesn't have any of this capabilities. Cannot verify for others distributions but that's a Debian list here anyway ... -- Vincent Hanquez -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: chroot, su and sudo
On Mon, Jun 16, 2003 at 10:54:54AM +0200, Mario Ohnewald wrote: > Not even with sudo? Hmm, this way it will work -- Tab pgpNe4F7mIpKh.pgp Description: PGP signature
Re: chroot, su and sudo
On Mon, Jun 16, 2003 at 10:22:49AM +0200, Mario Ohnewald wrote: > Hello! > I want to chroot a application/gameserver. > > What is the better/securest way? > 1.) "Chroot /path" and then do a "su -s /bin/sh user -c start.sh" > or > 2.) "su -s /bin/sh user" and then do the "chroot /path" as normal user and > execute the "start.sh" in the chroot? > > Solution 2 does not need a root shell at all, why i think it is a little > more secure. > What do you think? WHat do u recommend? How would do solve this? You can't chroot as normal user. So solution 1. -- Tab pgpS2FUmQh0CN.pgp Description: PGP signature
Re: chroot, su and sudo
On Mon, Jun 16, 2003 at 10:54:54AM +0200, Mario Ohnewald wrote: > Not even with sudo? Hmm, this way it will work -- Tab pgp0.pgp Description: PGP signature
Re: chroot, su and sudo
On Mon, Jun 16, 2003 at 10:22:49AM +0200, Mario Ohnewald wrote: > Hello! > I want to chroot a application/gameserver. > > What is the better/securest way? > 1.) "Chroot /path" and then do a "su -s /bin/sh user -c start.sh" > or > 2.) "su -s /bin/sh user" and then do the "chroot /path" as normal user and > execute the "start.sh" in the chroot? > > Solution 2 does not need a root shell at all, why i think it is a little > more secure. > What do you think? WHat do u recommend? How would do solve this? You can't chroot as normal user. So solution 1. -- Tab pgp0.pgp Description: PGP signature
Re: syslog-ng[164]: STATS: dropped 0
On Thu, Dec 19, 2002 at 08:42:05AM -0500, David B Harris wrote: > But remove stating messages is not what I've done.. The patch drops ONLY "0 droppet packet" message. others are logged. > options { stats(3600); }; I've check the source and effectively there is an option like that. > # stats()num The number of seconds between two > # STATS. It seem to be an undocumented feature. grepping debian installed file don't help me a lot on that feature. > The snippet above will cause STATS to be reported every hour instead of > every ten minutes. > > If I recall correctly, setting it to 0 will disable it. from the changelog.gz: 2002-06-17 Balazs Scheidler <[EMAIL PROTECTED]> * src/main.c: stats_freq is checked against <= 0, instead of != -1 to disable stats reporting -- Tab pgp7AtUiFW4Jx.pgp Description: PGP signature
Re: syslog-ng[164]: STATS: dropped 0
On Thu, Dec 19, 2002 at 08:42:05AM -0500, David B Harris wrote: > But remove stating messages is not what I've done.. The patch drops ONLY "0 droppet packet" message. others are logged. > options { stats(3600); }; I've check the source and effectively there is an option like that. > # stats()num The number of seconds between two > # STATS. It seem to be an undocumented feature. grepping debian installed file don't help me a lot on that feature. > The snippet above will cause STATS to be reported every hour instead of > every ten minutes. > > If I recall correctly, setting it to 0 will disable it. from the changelog.gz: 2002-06-17 Balazs Scheidler <[EMAIL PROTECTED]> * src/main.c: stats_freq is checked against <= 0, instead of != -1 to disable stats reporting -- Tab msg08272/pgp0.pgp Description: PGP signature
Re: syslog-ng[164]: STATS: dropped 0
On Thu, Dec 19, 2002 at 08:42:38AM -0200, Samuel Lucas Vaz de Mello wrote: > Hi all! > > I'm getting this messages in the syslog: > > Dec 18 10:07:55 debian syslog-ng[164]: STATS: dropped 0 > Some idea about what this mean? > Regards, Hi, this message is syslog-ng notice message, which tell you it hasn't drop any /dev/log packets. (this feature seem not connected as far as I can see) You can rid of this message with something like that: filter f_syslog { not facility(auth, authpriv, kern) and \ not match("STATS: dropped 0")}; you probably better do something like that in the source code to avoid pattern matching on all syslog target packet, but you'll need a recompilation of your syslog-ng. :) --- src/main.c 2002-10-14 10:24:05.0 +0200 +++ src/main~.c 2002-12-19 12:29:08.0 +0100 @@ -130,7 +130,8 @@ { CAST(report_stats, self, c); - notice("STATS: dropped %i\n", pktbuf_dropped_pkts); + if (pktbuf_dropped_pkts) + notice("STATS: dropped %i\n", pktbuf_dropped_pkts); pktbuf_dropped_pkts = 0; io_callout(&self->backend->super, self->timeout, &self->super); } -- Tab
Re: syslog-ng[164]: STATS: dropped 0
On Thu, Dec 19, 2002 at 08:42:38AM -0200, Samuel Lucas Vaz de Mello wrote: > Hi all! > > I'm getting this messages in the syslog: > > Dec 18 10:07:55 debian syslog-ng[164]: STATS: dropped 0 > Some idea about what this mean? > Regards, Hi, this message is syslog-ng notice message, which tell you it hasn't drop any /dev/log packets. (this feature seem not connected as far as I can see) You can rid of this message with something like that: filter f_syslog { not facility(auth, authpriv, kern) and \ not match("STATS: dropped 0")}; you probably better do something like that in the source code to avoid pattern matching on all syslog target packet, but you'll need a recompilation of your syslog-ng. :) --- src/main.c 2002-10-14 10:24:05.0 +0200 +++ src/main~.c 2002-12-19 12:29:08.0 +0100 @@ -130,7 +130,8 @@ { CAST(report_stats, self, c); - notice("STATS: dropped %i\n", pktbuf_dropped_pkts); + if (pktbuf_dropped_pkts) + notice("STATS: dropped %i\n", pktbuf_dropped_pkts); pktbuf_dropped_pkts = 0; io_callout(&self->backend->super, self->timeout, &self->super); } -- Tab -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: ssh "banner"
On Fri, Oct 18, 2002 at 02:58:44PM +0200, [EMAIL PROTECTED] wrote: > Woody > > host:/home/przemol>telnet 192.168.x.y ssh > Trying 192.168.x.y... > Connected to 192.168.x.y. > Escape character is '^]'. > SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1 > > How can I disable the message ? you can't without modifiying the source. AFAIK, this "message" is used by client ssh to know if it is a ssh server -- Tab
Re: ssh "banner"
On Fri, Oct 18, 2002 at 02:58:44PM +0200, [EMAIL PROTECTED] wrote: > Woody > > host:/home/przemol>telnet 192.168.x.y ssh > Trying 192.168.x.y... > Connected to 192.168.x.y. > Escape character is '^]'. > SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1 > > How can I disable the message ? you can't without modifiying the source. AFAIK, this "message" is used by client ssh to know if it is a ssh server -- Tab -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: I dont understand that
On Sat, Sep 21, 2002 at 08:31:21AM +0200, Petar D Donchev wrote: > I have linux woody box with 2.2.20 kernel. > i receive some strange messages in my log like this: > > [snip] > > I use this bot to my local debian fmirror. > Any body knows what is the problem? > -- It's seem you have problem with ext2 inode lookup (maybe kernel bug). you should consider to upgrade to 2.2.22 or to 2.4 branch (2.4.19). debian-security is not the mailing list for that, kernel related problem (and particularly OOPS), should be send to: linux-kernel@vger.kernel.org -- Tab
Re: I dont understand that
On Sat, Sep 21, 2002 at 08:31:21AM +0200, Petar D Donchev wrote: > I have linux woody box with 2.2.20 kernel. > i receive some strange messages in my log like this: > > [snip] > > I use this bot to my local debian fmirror. > Any body knows what is the problem? > -- It's seem you have problem with ext2 inode lookup (maybe kernel bug). you should consider to upgrade to 2.2.22 or to 2.4 branch (2.4.19). debian-security is not the mailing list for that, kernel related problem (and particularly OOPS), should be send to: [EMAIL PROTECTED] -- Tab -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Converting Users from Solaris to (Debian-)Linux
On Fri, Aug 30, 2002 at 05:42:51PM +0200, Jan-Hendrik Palic wrote: > I have created a user test with pass test on Linux and Solaris: > > /etc/shadow on Linux: > test:$1$mT.fKI5L$Fgq6C.AKbkzGfCU.RDDqj.:11929:0:9:7:-1:-1:134549020 > > /etc/shadow on Solaris: > test:TCs9gC4bJy8rg:11929:: > > the hashes are quite different .. ;( you use MD5 password on your linuxbox. you should downgrade your crypt to normal hash password -- Tab
Re: Port 1433
On Sat, Aug 03, 2002 at 06:06:03PM +0100, Dale Amon wrote: > What would be interesting about Port 1433? I seem to be seeing > hits on it on different, well seperated networks. Is it a > destination for worms and virii? There is the MS SQL Server Worm which aim this port. -- Tab
Re: (fwd) OpenSSH trojan!
On Fri, Aug 02, 2002 at 05:10:11PM +0300, Halil Demirezen wrote: > I wanna make it clear. > > We are using OpenSSH_3.4p1 Debian 1:3.4p1-1, SSH protocols 1.5/2.0, > OpenSSL 0x0090603f > > > and we installed the ssh from the deb packages using > apt-get install utility. > > I wonder if there is any risk on this stable version of OpenSSH (Debian) > undependent from openbsd's source tarball? no, there's no (known) problem on the ssh Debian package. ONLY the ftp site of openbsd was trojaned ! -- Tab
Re: (fwd) OpenSSH trojan!
On Fri, Aug 02, 2002 at 03:36:53PM +0200, Florian Weimer wrote: > Vincent Hanquez <[EMAIL PROTECTED]> writes: > > > as the others said, no. > > only Openbsd source package has been trojaned > > No, both 3.4p1 and 3.2.2p1 (portable versions) have been changed, too. sorry i've forget a word. I was speaking of Openbsd's ftp. -- Tab
Re: (fwd) OpenSSH trojan!
On Fri, Aug 02, 2002 at 02:27:11PM +0300, Halil Demirezen wrote: > I installl my Debian system on 29th July. and i get the packets from > mirror security.debian... as anyone can say , should i be worried.? as the others said, no. only Openbsd source package has been trojaned -- Tab
Re: (fwd) OpenSSH trojan!
On Thu, Aug 01, 2002 at 08:06:21AM -0400, Raymond Wood wrote: > Hi, > > I have no idea if this affects Debian in any way, shape, or form > -- but better safe than sorry, so here it is FYI... > > Cheers, > Raymond AFAIK this doesn't affect debian package because .tar.gz was downloaded from ftp.fu-berlin.de originally. (see debian/copyright.head in the source package) -- Tab
Re: tcp syn flood and /proc configuration
On Wed, May 08, 2002 at 01:45:32AM +0800, Patrick Hsieh wrote: > > But this option seems to bring some side-effect. Is there any > alternative? imho the better way is to use syncookie. problems written on the ip-sysctl documentation are more or less normal. there's not a very good way to know if it's a syn flood or not, except on underload servers. for highly load servers (many new connection at once), I can't help. -- Tab -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: tcp syn flood and /proc configuration
On Tue, May 07, 2002 at 10:26:43PM +0800, Patrick Hsieh wrote: > Hello list, > > Is there anyone having any suggestion to tune the /proc/sys/net/ipv4/* > to avoid tcp syn flood attack? there a kernel option "IP: TCP syncookie support" to do that you can activate it with : echo 1 > /proc/sys/net/ipv4/tcp_syncookies hope it helps -- Tab -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: tcp syn flood and /proc configuration
On Wed, May 08, 2002 at 01:45:32AM +0800, Patrick Hsieh wrote: > > But this option seems to bring some side-effect. Is there any > alternative? imho the better way is to use syncookie. problems written on the ip-sysctl documentation are more or less normal. there's not a very good way to know if it's a syn flood or not, except on underload servers. for highly load servers (many new connection at once), I can't help. -- Tab -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: tcp syn flood and /proc configuration
On Tue, May 07, 2002 at 10:26:43PM +0800, Patrick Hsieh wrote: > Hello list, > > Is there anyone having any suggestion to tune the /proc/sys/net/ipv4/* > to avoid tcp syn flood attack? there a kernel option "IP: TCP syncookie support" to do that you can activate it with : echo 1 > /proc/sys/net/ipv4/tcp_syncookies hope it helps -- Tab -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Putty 0.45 vs. SSH Login
On Sun, May 05, 2002 at 07:23:29PM +0200, Tim van Erven wrote: > I don't know much about OpenSSH or PAM internals, but how about adding > an option to PAM to make authentication always fail for root and move > all this authentication stuff into PAM. you could use pam to deny root access with the pam_listfile module in /etc/pam.d/ssh add the line : authrequiredpam_listfile.so item=user sense=deny file=/etc/sshuser onerr=succeed and put the deny's user line by line you'll have the 1~3 delay then and a authentification failure for root without the 'PermitRootLogin no' -- Tab -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Putty 0.45 vs. SSH Login
On Sun, May 05, 2002 at 07:23:29PM +0200, Tim van Erven wrote: > I don't know much about OpenSSH or PAM internals, but how about adding > an option to PAM to make authentication always fail for root and move > all this authentication stuff into PAM. you could use pam to deny root access with the pam_listfile module in /etc/pam.d/ssh add the line : authrequiredpam_listfile.so item=user sense=deny file=/etc/sshuser onerr=succeed and put the deny's user line by line you'll have the 1~3 delay then and a authentification failure for root without the 'PermitRootLogin no' -- Tab -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Putty 0.45 vs. SSH Login
On Sun, May 05, 2002 at 09:33:36AM +0300, Rauno Linnamäe wrote: > Hi folks, > > When PermitRootLogin is set to no in /etc/ssh/sshd_config (as it > should be), tryimg to log in as root using PuTTY 0.45: 1. after typing > the correct password, the "Access denied" message line is returned > immediately it's in my humble opinion normal, because the acces denied is done by sshd and not by PAM > 2. after typing any other char string, there is a short (1-3 sec) > delay before the "Access denied" message line is returned. it's PAM who make this delay. try to change "auth required pam_unix.so" => "auth required pam_unix.so nodelay" in /etc/pam.d/ssh to remove the 2/3s delay -- Tab -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Putty 0.45 vs. SSH Login
On Sun, May 05, 2002 at 09:33:36AM +0300, Rauno Linnamäe wrote: > Hi folks, > > When PermitRootLogin is set to no in /etc/ssh/sshd_config (as it > should be), tryimg to log in as root using PuTTY 0.45: 1. after typing > the correct password, the "Access denied" message line is returned > immediately it's in my humble opinion normal, because the acces denied is done by sshd and not by PAM > 2. after typing any other char string, there is a short (1-3 sec) > delay before the "Access denied" message line is returned. it's PAM who make this delay. try to change "auth required pam_unix.so" => "auth required pam_unix.so nodelay" in /etc/pam.d/ssh to remove the 2/3s delay -- Tab -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]