Re: Crack and cops
On Sun, 17 Nov 1996, CoB SysAdmin wrote: > > I didn't notice crack or cops listed in the Debian 1.1 package listing. Both packages would be more than welcome to Debian. However, COPS would be more important since Debian 1.2 has qcrack (a high speed version of crack using hashing files). Currently, COPS and Crack are in my to-do list of packages to Debianize but if you feel a urgent need for them go ahead to package them. > I ftp'd crack and had trouble compiling it, discovered many others did, too; > found the glitch and fixed it. Yes, Crack is a pain but easily fixed. > So, it brings me to an interesting question: Is there a reason why cops > and crack aren't in a package yet, other than possibly not having a > maintainer? I figured that people might not like making a package like > crack quite so "plug-n-play", lest the baddie baddies get wind of it. It not a matter of Debian/Linux not accepting them, it matter of time. Most package developers aren't paid for their time, so it takes awhile for packages such as COPS and Crack to get packaged. > If the only impediment is that they need a maintainer, what do I need to > do to enlist? (Probably check the FAQ first, huh? Duh!) You got it! :) And good luck should you take on this job COPS is going to be a major pain in the *ss to debianize (in my opinion). Let me know if you decide to take on either package so we don't duplicate our efforts. --- "LEAR: Into her womb convey sterility! Dry up in her the organs on increase..." (King Lear) --- Patrick J. Edwards <[EMAIL PROTECTED]> http://www.cs.usask.ca/undergrads/pje120/ http://hup1.usask.ca:8000/ finger [EMAIL PROTECTED] for my PGP Key Key fingerprint = 9F 45 7D 6E C0 A4 B4 0D 48 C7 14 CA 23 B0 B4 F8 -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED]
Re: Crack and cops
-BEGIN PGP SIGNED MESSAGE- On Sun, 17 Nov 1996, CoB [EMAIL PROTECTED] (Joe Emenaker) wrote: > > I didn't notice crack or cops listed in the Debian 1.1 package listing. > > I ftp'd crack and had trouble compiling it, discovered many others did, too; > found the glitch and fixed it. > > So, it brings me to an interesting question: Is there a reason why cops > and crack aren't in a package yet, other than possibly not having a > maintainer? I figured that people might not like making a package like > crack quite so "plug-n-play", lest the baddie baddies get wind of it. qcrack is already in debian 1.2 (rex frozen), works well and has a good dictionnary. > > If the only impediment is that they need a maintainer, what do I need to > do to enlist? (Probably check the FAQ first, huh? Duh!) > Well, the FAQ about maintenance need was post lately... did you want a copy? :) - --- The trick isn't that free software are among the best, it's that commercial stuff aren't the best! - --- Fabien Ninoles aka Baffouille || Running Debian-Linux [EMAIL PROTECTED]|| Lover of MOO, mountains, http://www-edu.gel.usherb.ca/ninf01 || poetry and Freedom. - --- -BEGIN PGP SIGNATURE- Version: 2.6.3i Charset: noconv iQCVAwUBMpPPgFX6fc7jcjhFAQEEhwQAueQB/y0lJq05RPhunv5yrVyNKincER21 0ZiFVI6j4LjX1AMLg34VT7EUzMpySvQVAanfyMRIvWjog/FTlrAUNSbvQ+BZp9Rg BmqpKippKT7J7poG2XfaJy26tigu2ffZ2Snqm7Kisgtv6ahFGHEtBqSFpgax90MH 0b7YHPSHd6o= =ct7+ -END PGP SIGNATURE- -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED]
Re: Crack and cops
> > > Pardon my ignorance but what exactly are "crak" and "cops"? > > Cops: security checker. Cops does some cute things. First off, it checks for some obvious things like, say, your /var/spool/cron/crontabs dir being world-writable or your hosts.equiv file being world writable, etc It's got one really *cute* feature called "kuwang", I think. Basically, it's supposed to find ways that a user can gain root access through a *process*. For example, let's we've got three users on the system: "A", "B", and root. Let's also say that A's primary group is "X" but it's also in "Z". B's primary group is "Z" and is also in the "root" group. Further, let us assume that B was careless enough to turn on group write permissions for his/her .profile. So, we've got something like this: % ls -l /home/B/.profile -rwxrwxr-x BZ1534 Jan 17 12:34 .profile And let us assume the same of root: % ls -l /root/.profile -rwxrwxr-x root root 2543 Feb 23 16:32.profile Well, now, it's possible for user "A" to gain root privledges. A will be able to write to "B"s .profile and, hence, will be able to run anything as "B". This means that "A" (while running something as "B") will be able to write to "root"s .profile and will be able to run anything as root. I know this seems preposterous... like you need this impossible conspiracy of little misconfigurations to allow for a security hole of this nature... but it's really not that impossible. Imagine, for example, if you put a certain user in the "www" group to allow them to maintain a portion of your web site. Also imagine that you've added "www" to the "root" group so that certain CGI scripts will be able access some files that www doesn't normally have access to. Well, now you're more than half way there... and you got there by doing two things that, in themselves, didn't seem as all that unreasonable. So, to keep a long story from getting any longer, that is what kuwang is supposed to do. I'm not sure if it really *does*, since it's never found a hole like that on my machine yet. - Joe -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED]
Re: Crack and cops
On Tue, 19 Nov 1996 17:04:52 EST "Joe Feenin" ([EMAIL PROTECTED]) wrote: > Pardon my ignorance but what exactly are "crak" and "cops"? Crack: password cracker. Cops: security checker. Phil. -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED]
Re: Crack and cops
CoB SysAdmin (Joe Emenaker) <[EMAIL PROTECTED]> writes: > If the only impediment is that they need a maintainer Yes. > , what do I need to do to enlist? (Probably check the FAQ first, > huh? Duh!) See the Work Needing and Prospective Packages document. I'm not sure where it it kept, but it's posted to one of the lists (debian-devel?) on a regular basis. There you can make sure someone else hasn't claimed it, and can see how to become a maintainer. Note that there is a new qcrack package. I don't know how that relates to crack. -- Rob -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED]
Crack and cops
I didn't notice crack or cops listed in the Debian 1.1 package listing. I ftp'd crack and had trouble compiling it, discovered many others did, too; found the glitch and fixed it. So, it brings me to an interesting question: Is there a reason why cops and crack aren't in a package yet, other than possibly not having a maintainer? I figured that people might not like making a package like crack quite so "plug-n-play", lest the baddie baddies get wind of it. If the only impediment is that they need a maintainer, what do I need to do to enlist? (Probably check the FAQ first, huh? Duh!) - Joe -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED]
