Hi,
Xscreensaver has options that let you prevent screensavers from grabbing =
desktop images. If you run xscreensaver-demo, it's in the options tab. =
=46rom my brief look, none of the xlockmore modes grab the screen.
It's correct, but that grabbing desktop images is enable by default
On Wed, Jan 02, 2002 at 05:48:58PM +0100, Christian Hammers wrote:
Hello
Does anybody know a security bug for which this could be a hint?
(hostname and ip's faked for obvious reasons)
The server runs:
kernel 2.4.11-pre6
xined_2.1.8.8p3-1.1.deb
proftpd_1.2.4-2.deb
Quoting Alexey Vyskubov ([EMAIL PROTECTED]):
noexec has no good purpose, really. But it's intention was for
networked filesystems in certain environments, not a generalized
security tool.
It's very useful for mounting filesystems like vfat, where otherwise
all the files are
That's not my experience. I can only assume your /tmp filesystem,
like mine, is not vfat-like. Whereas this floppy is:
You probably have some additional settings somewhere (where?).
[terrapin] 02:52:29 ~$ sudo mount -t vfat /dev/fd0 /mnt
[terrapin] 02:52:55 ~$ sudo touch /mnt/a
[terrapin]
Alexey Vyskubov [EMAIL PROTECTED] wrote on 03/01/2002 (09:23) :
[terrapin] 08:46:52 ~$ sudo mount -o remount,noexec /tmp
Password:
[terrapin] 08:47:11 ~$ touch /tmp/a
[terrapin] 08:47:14 ~$ chmod +x /tmp/a
[terrapin] 08:47:17 ~$ ls -l /tmp/a
-rwxr-xr-x1 alexey alexey 0 ñÎ×
I find it interesting that the seg fault happened, then xinetd reported it
failed.
I wonder if its not proftp, but xinet...
just a thought.
g.
-Original Message-
From: Sven Hoexter [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 03, 2002 5:24 AM
To: [EMAIL PROTECTED]
Cc: Christian
On Thu, Jan 03, 2002 at 11:31:38AM -0500, Gary MacDougall wrote:
I find it interesting that the seg fault happened, then xinetd reported it
failed.
xinetd was proftpd's daddy:
ServerType inetd
bye,
-christian-
--
Christian HammersWESTEND GmbH - Aachen und Dueren
Right, and I think its strange that the parent process felt the need
to kill the child process. It might be justified if the child seg'd
or died, but i thought xinetd handled this with more grace than say
inetd... just curious, thats all.
g.
-Original Message-
From: Christian Hammers
On Thu, Jan 03, 2002 at 11:44:49AM -0500, Gary MacDougall wrote:
Right, and I think its strange that the parent process felt the need
to kill the child process. It might be justified if the child seg'd
or died, but i thought xinetd handled this with more grace than say
inetd... just curious,
On Thu, Jan 03, 2002 at 04:47:29PM +, Mark Lowes wrote:
I find it interesting that the seg fault happened, then xinetd reported it
failed.
Can you replicate the failure / segv in standalone mode?
Sadly not and the IP belongs a /16 network from UUNet so nearly no chance
to simply ask
ahhh ok, I should have read that. I missed it.
-Original Message-
From: Christian Hammers [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 03, 2002 11:50 AM
To: [EMAIL PROTECTED]
Subject: Re: [d-security] RE: strange proftpd segfault and conntrack_ftp
messages
On Thu, Jan 03, 2002
* Preben Randhol
| Alexey Vyskubov [EMAIL PROTECTED] wrote on 03/01/2002 (09:23) :
|
| [terrapin] 08:46:52 ~$ sudo mount -o remount,noexec /tmp
| Password:
| [terrapin] 08:47:11 ~$ touch /tmp/a
| [terrapin] 08:47:14 ~$ chmod +x /tmp/a
| [terrapin] 08:47:17 ~$ ls -l /tmp/a
| -rwxr-xr-x
Tollef Fog Heen [EMAIL PROTECTED] wrote on 03/01/2002 (18:09) :
* Preben Randhol
| what happens if you do:
|
| sh -x /tmp/a
It works just fine. That is part of why noexec is pointless.
Just as I thought.
Preben
--
() Join the worldwide campaign to protect fundamental human rights.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
In message [EMAIL PROTECTED], =3D?iso-8859-1?Q?Ben=
o=3DEEt?=3D =
Sibaud writes:
Hi,
Xscreensaver has options that let you prevent screensavers from grabbi=
Thank you for information. I will do chgrp cdrom /dev/hdc
and see what will happen after several apt-get upgrade.
--
Oohara Yuuma [EMAIL PROTECTED]
Graduate-school of Science, Kyoto University
PGP key (key ID F464A695) http://www.interq.or.jp/libra/oohara/pub-key.txt
Key fingerprint = 6142 8D07
Hi,
Xscreensaver has options that let you prevent screensavers from grabbing =
desktop images. If you run xscreensaver-demo, it's in the options tab. =
=46rom my brief look, none of the xlockmore modes grab the screen.
It's correct, but that grabbing desktop images is enable by default
On Wed, Jan 02, 2002 at 05:48:58PM +0100, Christian Hammers wrote:
Hello
Does anybody know a security bug for which this could be a hint?
(hostname and ip's faked for obvious reasons)
The server runs:
kernel 2.4.11-pre6
xined_2.1.8.8p3-1.1.deb
proftpd_1.2.4-2.deb
Quoting Alexey Vyskubov ([EMAIL PROTECTED]):
noexec has no good purpose, really. But it's intention was for
networked filesystems in certain environments, not a generalized
security tool.
It's very useful for mounting filesystems like vfat, where otherwise
all the files are
That's not my experience. I can only assume your /tmp filesystem,
like mine, is not vfat-like. Whereas this floppy is:
You probably have some additional settings somewhere (where?).
[terrapin] 02:52:29 ~$ sudo mount -t vfat /dev/fd0 /mnt
[terrapin] 02:52:55 ~$ sudo touch /mnt/a
[terrapin]
Alexey Vyskubov [EMAIL PROTECTED] wrote on 03/01/2002 (09:23) :
[terrapin] 08:46:52 ~$ sudo mount -o remount,noexec /tmp
Password:
[terrapin] 08:47:11 ~$ touch /tmp/a
[terrapin] 08:47:14 ~$ chmod +x /tmp/a
[terrapin] 08:47:17 ~$ ls -l /tmp/a
-rwxr-xr-x1 alexey alexey 0 ñÎ×
also sprach P Prince [EMAIL PROTECTED] [2001.12.30.1846 +0100]:
The eaisest and most failsafe way to secure bind is to install djbdns.
you are kidding me, right? the question was how to secure bind. the
asker wasn't in need of other religious beliefs.
while i strongly believe that djb is a real
On Thu, Jan 03, 2002 at 02:45:27PM +0100, Preben Randhol wrote:
Alexey Vyskubov [EMAIL PROTECTED] wrote on 03/01/2002 (09:23) :
[terrapin] 08:47:21 ~$ /tmp/a
bash: /tmp/a: Permission denied
what happens if you do:
sh -x /tmp/a
Or
$ cp /bin/echo /tmp
$ /lib/ld-linux.so.2 /tmp/echo foo
--
I find it interesting that the seg fault happened, then xinetd reported it
failed.
I wonder if its not proftp, but xinet...
just a thought.
g.
-Original Message-
From: Sven Hoexter [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 03, 2002 5:24 AM
To: debian-security@lists.debian.org
On Thu, Jan 03, 2002 at 11:31:38AM -0500, Gary MacDougall wrote:
I find it interesting that the seg fault happened, then xinetd reported it
failed.
xinetd was proftpd's daddy:
ServerType inetd
bye,
-christian-
--
Christian HammersWESTEND GmbH - Aachen und Dueren
Right, and I think its strange that the parent process felt the need
to kill the child process. It might be justified if the child seg'd
or died, but i thought xinetd handled this with more grace than say
inetd... just curious, thats all.
g.
-Original Message-
From: Christian Hammers
On Thu, Jan 03, 2002 at 11:44:49AM -0500, Gary MacDougall wrote:
Right, and I think its strange that the parent process felt the need
to kill the child process. It might be justified if the child seg'd
or died, but i thought xinetd handled this with more grace than say
inetd... just curious,
* Preben Randhol
| Alexey Vyskubov [EMAIL PROTECTED] wrote on 03/01/2002 (09:23) :
|
| [terrapin] 08:46:52 ~$ sudo mount -o remount,noexec /tmp
| Password:
| [terrapin] 08:47:11 ~$ touch /tmp/a
| [terrapin] 08:47:14 ~$ chmod +x /tmp/a
| [terrapin] 08:47:17 ~$ ls -l /tmp/a
| -rwxr-xr-x
Tollef Fog Heen [EMAIL PROTECTED] wrote on 03/01/2002 (18:09) :
* Preben Randhol
| what happens if you do:
|
| sh -x /tmp/a
It works just fine. That is part of why noexec is pointless.
Just as I thought.
Preben
--
() Join the worldwide campaign to protect fundamental human rights.
-Original Message-
From: Tollef Fog Heen [EMAIL PROTECTED]
To: debian-security@lists.debian.org
Date: 03 Jan 2002 17:34:02 +0100
Subject: Re: mounting /tmp noexec
snip
Toll:
It works just fine. That is part of why noexec is pointless.
/Toll:
it does serve to help anyone who is not so
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
In message [EMAIL PROTECTED], =3D?iso-8859-1?Q?Ben=
o=3DEEt?=3D =
Sibaud writes:
Hi,
Xscreensaver has options that let you prevent screensavers from grabbi=
ng
Thank you for information. I will do chgrp cdrom /dev/hdc
and see what will happen after several apt-get upgrade.
--
Oohara Yuuma [EMAIL PROTECTED]
Graduate-school of Science, Kyoto University
PGP key (key ID F464A695) http://www.interq.or.jp/libra/oohara/pub-key.txt
Key fingerprint = 6142 8D07
31 matches
Mail list logo