Hello!
I want to chroot a application/gameserver.
What is the better/securest way?
1.) "Chroot /path" and then do a "su -s /bin/sh user -c start.sh"
or
2.) "su -s /bin/sh user" and then do the "chroot /path" as normal user and
execute the "start.sh" in the chroot?
Solution 2 does not need a root
On Mon, Jun 16, 2003 at 10:22:49AM +0200, Mario Ohnewald wrote:
> Hello!
> I want to chroot a application/gameserver.
>
> What is the better/securest way?
> 1.) "Chroot /path" and then do a "su -s /bin/sh user -c start.sh"
> or
> 2.) "su -s /bin/sh user" and then do the "chroot /path" as normal u
maybe someone's using scanssh ?
apt-cache show scanssh
- Original Message -
From: "Halil Demirezen" <[EMAIL PROTECTED]>
To: "TiM" <[EMAIL PROTECTED]>
Cc:
Sent: Monday, June 16, 2003 11:00 AM
Subject: Re: Someone scanned my ssh daemon
Hi,
>-Original Message-
>From: Vincent Hanquez [mailto:[EMAIL PROTECTED]
>Sent: Monday, June 16, 2003 10:46 AM
>To: Mario Ohnewald
>Cc: debian-security@lists.debian.org
>Subject: Re: chroot, su and sudo
>
>
>On Mon, Jun 16, 2003 at 10:22:49AM +0200, Mario Ohnewald wrote:
>> Hello!
>> I wan
In article <[EMAIL PROTECTED]>
[EMAIL PROTECTED] writes:
>Hello!
>I want to chroot a application/gameserver.
>
>What is the better/securest way?
>1.) "Chroot /path" and then do a "su -s /bin/sh user -c start.sh"
>or
>2.) "su -s /bin/sh user" and then do the "chroot /path" as normal user and
>exec
On 15 Jun 2003 at 10:36, Noah Meyerhans wrote:
> In terms of protecting against breakin, it seems like a lot of people
> here have been advocating the grsecurity kernel patch. I have no
> experience with it, but the list of features certainly makes it sound
> like it will protect against some of
On Mon, Jun 16, 2003 at 10:54:54AM +0200, Mario Ohnewald wrote:
> Not even with sudo?
Hmm, this way it will work
--
Tab
pgpNe4F7mIpKh.pgp
Description: PGP signature
On Mon, Jun 16, 2003 at 10:22:49AM +0200, Mario Ohnewald wrote:
> I want to chroot a application/gameserver.
I played with pam_chroot recently... unfortunately I found
not much documentation about its intended usage. whether it
realy suits my needs, I don't know yet.
I'd like to read your comme
On Thu, Jun 05, 2003 at 10:32:59PM +0200, Vinai Kopp wrote:
> currently I'm setting up a gateway machine for a small office
> network. After the recent threads about rooted woody boxes I feel it
> would be iresponsible to set up a box without a grsecurity patched
> kernel.
> The problem is I also
On 16 Jun 2003 at 7:00, Halil Demirezen wrote:
> > My Debian box:
> > Connection closed by foreign host.
> > [EMAIL PROTECTED]:~> telnet xx.com 22
> > Trying 203.167.224....
> > Connected to xx.com.
> > Escape character is '^]'.
> > SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1
>
> To be bri
On Mon, 16 Jun 2003 at 14:26:33 +0200, Stefan Neufeind wrote:
> On 16 Jun 2003 at 7:00, Halil Demirezen wrote:
>
> > To be brief, I don't usually come accross that there is an exploit for
> > only effective to debian boxes. Plus, There are lots of ways to learn
> > what distribution you are runnin
Dear Friend,
Take advantage of unbelievable savings from Omaha Steaks! Right now
you can get delicious Omaha Steaks at 1/2 PRICE!
6 (6 oz.) Top Sirloins (#628CRL)
Reg. Price $52.99, E-mail Exclusive Price $26.49, Save $26.50!
http://offer.omahasteaks.com/cgi-bin10/DM/y/eUuO0Fjmf30IWt0wRU0Am
4 (
On Mon, 2003-06-16 at 15:26, Omaha Steaks wrote:
> Dear Friend,
>
Seriously,
Does Debian have much success in forcing these spammers to pay the
fin fees mentioned on the mailing list pages?
--
John Holroyd <[EMAIL PROTECTED]>
Demos Technosis Ltd
signature.asc
Description: This is a di
Why not just use the start-stop-daemon prog that comes with debian?
Using the --chuid and --chroot flags? I've used those to start MOHAA
servers with no issues? Anyone else know if this way is actually
secure?
thanks,
steve
On Mon, 2003-06-16 at 03:22, Mario Ohnewald wrote:
> Hello!
> I want
At 04:47 PM 6/16/2003 +, John Holroyd wrote:
On Mon, 2003-06-16 at 15:26, Omaha Steaks wrote:
> Dear Friend,
>
Seriously,
Does Debian have much success in forcing these spammers to pay the
fin fees mentioned on the mailing list pages?
Not sure about debian-security, but debian-user,
On Mon, Jun 16, 2003 at 12:43:26PM -0400, Hall Stevenson wrote:
> At 04:47 PM 6/16/2003 +, John Holroyd wrote:
> >On Mon, 2003-06-16 at 15:26, Omaha Steaks wrote:
> >> Dear Friend,
> >>
> >
> >
> >Seriously,
> >
> >Does Debian have much success in forcing these spammers to pay the
> >fin fe
I'm writing [unconfirmed] now when I've found new advisories or bugs but
haven't had time to fully research them and see if they really are
vulnerabilities and whether Debian is vulnerable (potato, woody, sarge,
sid). It seems that since mdz has been put on the Security Team proper
that he's releas
On Fri, Jun 13, 2003 at 07:44:39PM -0400, Matt Zimmerman wrote:
> Package: mikmod
> Vulnerability : buffer overflow
> Problem-Type : local
> Debian-specific: no
> CVE Id : CAN-2003-0427
>
> Ingo Saitz discovered a bug in mikmod whereby a long filename inside
> an archive file ca
On Sun, 15 Jun 2003 09:01:00 +0200, Florian Weimer wrote:
>Tim Peeler <[EMAIL PROTECTED]> writes:
>
>> I've come to the conclusion that the SSH1 protocol is the most
>> likely cause of this problem.
>
>Attacks on the SSH v1 protocol are relatively sophisticated. It's
>more likely that some token
Hello!
I want to chroot a application/gameserver.
What is the better/securest way?
1.) "Chroot /path" and then do a "su -s /bin/sh user -c start.sh"
or
2.) "su -s /bin/sh user" and then do the "chroot /path" as normal user and
execute the "start.sh" in the chroot?
Solution 2 does not need a root
On Mon, Jun 16, 2003 at 10:22:49AM +0200, Mario Ohnewald wrote:
> Hello!
> I want to chroot a application/gameserver.
>
> What is the better/securest way?
> 1.) "Chroot /path" and then do a "su -s /bin/sh user -c start.sh"
> or
> 2.) "su -s /bin/sh user" and then do the "chroot /path" as normal u
maybe someone's using scanssh ?
apt-cache show scanssh
- Original Message -
From: "Halil Demirezen" <[EMAIL PROTECTED]>
To: "TiM" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Monday, June 16, 2003 11:00 AM
Subject: Re: Someone scanned my ssh daemon
--
To UNSUBSCRIBE, email to [
Hi,
>-Original Message-
>From: Vincent Hanquez [mailto:[EMAIL PROTECTED]
>Sent: Monday, June 16, 2003 10:46 AM
>To: Mario Ohnewald
>Cc: [EMAIL PROTECTED]
>Subject: Re: chroot, su and sudo
>
>
>On Mon, Jun 16, 2003 at 10:22:49AM +0200, Mario Ohnewald wrote:
>> Hello!
>> I want to chroot a a
In article <[EMAIL PROTECTED]>
[EMAIL PROTECTED] writes:
>Hello!
>I want to chroot a application/gameserver.
>
>What is the better/securest way?
>1.) "Chroot /path" and then do a "su -s /bin/sh user -c start.sh"
>or
>2.) "su -s /bin/sh user" and then do the "chroot /path" as normal user and
>exec
On 15 Jun 2003 at 10:36, Noah Meyerhans wrote:
> In terms of protecting against breakin, it seems like a lot of people
> here have been advocating the grsecurity kernel patch. I have no
> experience with it, but the list of features certainly makes it sound
> like it will protect against some of
On Mon, Jun 16, 2003 at 10:54:54AM +0200, Mario Ohnewald wrote:
> Not even with sudo?
Hmm, this way it will work
--
Tab
pgp0.pgp
Description: PGP signature
On Thu, Jun 05, 2003 at 10:32:59PM +0200, Vinai Kopp wrote:
> currently I'm setting up a gateway machine for a small office
> network. After the recent threads about rooted woody boxes I feel it
> would be iresponsible to set up a box without a grsecurity patched
> kernel.
> The problem is I also
On Mon, Jun 16, 2003 at 10:22:49AM +0200, Mario Ohnewald wrote:
> I want to chroot a application/gameserver.
I played with pam_chroot recently... unfortunately I found
not much documentation about its intended usage. whether it
realy suits my needs, I don't know yet.
I'd like to read your comme
On 16 Jun 2003 at 7:00, Halil Demirezen wrote:
> > My Debian box:
> > Connection closed by foreign host.
> > [EMAIL PROTECTED]:~> telnet xx.com 22
> > Trying 203.167.224....
> > Connected to xx.com.
> > Escape character is '^]'.
> > SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1
>
> To be bri
On Mon, 16 Jun 2003 at 14:26:33 +0200, Stefan Neufeind wrote:
> On 16 Jun 2003 at 7:00, Halil Demirezen wrote:
>
> > To be brief, I don't usually come accross that there is an exploit for
> > only effective to debian boxes. Plus, There are lots of ways to learn
> > what distribution you are runnin
Dear Friend,
Take advantage of unbelievable savings from Omaha Steaks! Right now
you can get delicious Omaha Steaks at 1/2 PRICE!
6 (6 oz.) Top Sirloins (#628CRL)
Reg. Price $52.99, E-mail Exclusive Price $26.49, Save $26.50!
http://offer.omahasteaks.com/cgi-bin10/DM/y/eUuO0Fjmf30IWt0wRU0Am
4 (
On Mon, 2003-06-16 at 15:26, Omaha Steaks wrote:
> Dear Friend,
>
Seriously,
Does Debian have much success in forcing these spammers to pay the
fin fees mentioned on the mailing list pages?
--
John Holroyd <[EMAIL PROTECTED]>
Demos Technosis Ltd
signature.asc
Description: This is a di
Why not just use the start-stop-daemon prog that comes with debian?
Using the --chuid and --chroot flags? I've used those to start MOHAA
servers with no issues? Anyone else know if this way is actually
secure?
thanks,
steve
On Mon, 2003-06-16 at 03:22, Mario Ohnewald wrote:
> Hello!
> I want
At 04:47 PM 6/16/2003 +, John Holroyd wrote:
On Mon, 2003-06-16 at 15:26, Omaha Steaks wrote:
> Dear Friend,
>
Seriously,
Does Debian have much success in forcing these spammers to pay the
fin fees mentioned on the mailing list pages?
Not sure about debian-security, but debian-user, for e
On Mon, Jun 16, 2003 at 12:43:26PM -0400, Hall Stevenson wrote:
> At 04:47 PM 6/16/2003 +, John Holroyd wrote:
> >On Mon, 2003-06-16 at 15:26, Omaha Steaks wrote:
> >> Dear Friend,
> >>
> >
> >
> >Seriously,
> >
> >Does Debian have much success in forcing these spammers to pay the
> >fin fe
I'm writing [unconfirmed] now when I've found new advisories or bugs but
haven't had time to fully research them and see if they really are
vulnerabilities and whether Debian is vulnerable (potato, woody, sarge,
sid). It seems that since mdz has been put on the Security Team proper
that he's releas
On Fri, Jun 13, 2003 at 07:44:39PM -0400, Matt Zimmerman wrote:
> Package: mikmod
> Vulnerability : buffer overflow
> Problem-Type : local
> Debian-specific: no
> CVE Id : CAN-2003-0427
>
> Ingo Saitz discovered a bug in mikmod whereby a long filename inside
> an archive file ca
On Sun, 15 Jun 2003 09:01:00 +0200, Florian Weimer wrote:
>Tim Peeler <[EMAIL PROTECTED]> writes:
>
>> I've come to the conclusion that the SSH1 protocol is the most
>> likely cause of this problem.
>
>Attacks on the SSH v1 protocol are relatively sophisticated. It's
>more likely that some token
38 matches
Mail list logo
