On Sat, Jul 21, 2001 at 02:00:48PM -0700, Jacob Meuser wrote:
> On Sat, Jul 21, 2001 at 12:09:07AM -0800, Ethan Benson wrote:
> > On Fri, Jul 20, 2001 at 07:52:26PM -0700, Tim Uckun wrote:
> > > You really can not blame people for not hiring
> > > "expensive unix
unning the next time they reboot.
well people need to learn. you can't treat computers like toasters
anymore. deal with it.
--
Ethan Benson
http://www.alaska.net/~erbenson/
PGP signature
gain after all of these years i think ill bring up another
timeless quote:
"fool me once, shame on you, fool me twice shame on me"
--
Ethan Benson
http://www.alaska.net/~erbenson/
PGP signature
On Sat, Jul 21, 2001 at 02:00:48PM -0700, Jacob Meuser wrote:
> On Sat, Jul 21, 2001 at 12:09:07AM -0800, Ethan Benson wrote:
> > On Fri, Jul 20, 2001 at 07:52:26PM -0700, Tim Uckun wrote:
> > > You really can not blame people for not hiring
> > > "expensive unix
uch a mess security wise on the internet today.
that is sort of like saying `you really cannot blame people for not
hiring "expensive archetectural engineers" and letting some semi
competant carpenter design your 10 story office building'
--
Ethan Benson
http://www.alaska.net/~erbenso
uch a mess security wise on the internet today.
that is sort of like saying `you really cannot blame people for not
hiring "expensive archetectural engineers" and letting some semi
competant carpenter design your 10 story office building'
--
Ethan Benson
http://www.alaska.net/~erbenson/
PGP signature
er day, no doubt
looking for vulnerable rpc.statd.
incompetant `morons with root password' (i won't call them sysadmins)
who won't install security updates are really the worse problem.
--
Ethan Benson
http://www.alaska.net/~erbenson/
pgpDDr9QPRj2q.pgp
Description: PGP signature
er day, no doubt
looking for vulnerable rpc.statd.
incompetant `morons with root password' (i won't call them sysadmins)
who won't install security updates are really the worse problem.
--
Ethan Benson
http://www.alaska.net/~erbenson/
PGP signature
On Tue, Jul 17, 2001 at 12:29:45PM +0100, Nick Phillips wrote:
> On Tue, Jul 10, 2001 at 05:29:32AM -0800, Ethan Benson wrote:
>
> > nice to know pam_pwdfile gained md5 support, iirc it only did the
> > anchient crappy crypt before..
> >
> > now there just needs
On Tue, Jul 17, 2001 at 12:29:45PM +0100, Nick Phillips wrote:
> On Tue, Jul 10, 2001 at 05:29:32AM -0800, Ethan Benson wrote:
>
> > nice to know pam_pwdfile gained md5 support, iirc it only did the
> > anchient crappy crypt before..
> >
> > now there just needs
he machine anyway.
--
Ethan Benson
http://www.alaska.net/~erbenson/
pgpdf5hwLFoNd.pgp
Description: PGP signature
he machine anyway.
--
Ethan Benson
http://www.alaska.net/~erbenson/
PGP signature
g these questions try reading the sudo and sudoers man pages.
--
Ethan Benson
http://www.alaska.net/~erbenson/
pgp9Iv49kXrHf.pgp
Description: PGP signature
g these questions try reading the sudo and sudoers man pages.
--
Ethan Benson
http://www.alaska.net/~erbenson/
PGP signature
On Fri, Jul 13, 2001 at 01:40:41AM +0200, Tamas TEVESZ wrote:
> On Thu, 12 Jul 2001, Ethan Benson wrote:
>
> > ln -s / /place/chown/is/allowed/foo
> > sudo chown /place/chown/is/allowed/foo/etc/passwd
>
> it doesn't follow symlinks
define `it'
--
in that would solve it entirely though, how are you
restricting them to only chown files in a certain directory? does
that rule allow chown in subdirectories of that directory? if so
consider:
ln -s / /place/chown/is/allowed/foo
sudo chown /place/chown/is/allowed/foo/etc/passwd
--
E
On Fri, Jul 13, 2001 at 01:40:41AM +0200, Tamas TEVESZ wrote:
> On Thu, 12 Jul 2001, Ethan Benson wrote:
>
> > ln -s / /place/chown/is/allowed/foo
> > sudo chown /place/chown/is/allowed/foo/etc/passwd
>
> it doesn't follow symlinks
define `it'
--
certain that would solve it entirely though, how are you
restricting them to only chown files in a certain directory? does
that rule allow chown in subdirectories of that directory? if so
consider:
ln -s / /place/chown/is/allowed/foo
sudo chown /place/chown/is/allowed/foo/etc/passwd
--
Ethan Be
usually crashes before logging
anything anyway.
if your not using nfs you should remove the nfs-common package
anyway.
--
Ethan Benson
http://www.alaska.net/~erbenson/
pgpCJwzA8DzIc.pgp
Description: PGP signature
nd that statd usually crashes before logging
anything anyway.
if your not using nfs you should remove the nfs-common package
anyway.
--
Ethan Benson
http://www.alaska.net/~erbenson/
PGP signature
pted passwords.
> ==
nice to know pam_pwdfile gained md5 support, iirc it only did the
anchient crappy crypt before..
now there just needs to be a passwd command to work with this...
--
Ethan Benson
http://www.alaska.net/~erbenson/
pgpNQ1kIobzyQ.pgp
Description: PGP signature
pted passwords.
> ==
nice to know pam_pwdfile gained md5 support, iirc it only did the
anchient crappy crypt before..
now there just needs to be a passwd command to work with this...
--
Ethan Benson
http://www.alaska.net/~erbenson/
PGP signature
to
perform a thorough audit (especially when you find the case broken and
cut open...).
compare this to your envolope idea where the machine need not even be
shutdown and tell me which is more likely to go by unnoticed.
--
Ethan Benson
http://www.alaska.net/~erbenson/
pgpzrTKKDWLMY.pgp
Description: PGP signature
cause you to
perform a thorough audit (especially when you find the case broken and
cut open...).
compare this to your envolope idea where the machine need not even be
shutdown and tell me which is more likely to go by unnoticed.
--
Ethan Benson
http://www.alaska.net/~erbenson/
PGP signature
d use the password. When you were done, you'd
> change the password, write it down on a new piece of paper, and seal
> in in an evelope.
nice way to root a box without being detected, just bring along a new
envelope and nobody will be the wiser.
--
Ethan Benson
http://www.a
e and use the password. When you were done, you'd
> change the password, write it down on a new piece of paper, and seal
> in in an evelope.
nice way to root a box without being detected, just bring along a new
envelope and nobody will be the wiser.
--
Ethan Benson
http://www.alaska.net/~erbenson/
PGP signature
On Sat, Jul 07, 2001 at 10:31:56AM +, Jim Breton wrote:
> On Sat, Jul 07, 2001 at 01:56:56AM -0800, Ethan Benson wrote:
> > which may not work if you always type the
> > full path to /bin/su anyway.
>
> Hoping he doesn't:
>
> alias /bin/su='/var/tmp/hax
us and kept techs in
> the box where they did the least damage.
well thats different, if you write a well audited and secure script
for adding users then those allowed to run that won't necessarily be
root, still trusted to be sure, but not root.
--
Ethan Benson
http://www.alask
to compromise sooner or later.
> Ethan> sudo is a very large cannon which is difficult to keep aimed
> Ethan> away from the foot...
>
> That it is. But then, the root password is basically a very large
> cannon built into your shoe.
i would not go that far.
--
Ethan Ben
mpromise before you
su to root yourself, in which case you have saved yourself a
root compromise.
i have known people who have had root cracked due entirely to sudo.
--
Ethan Benson
http://www.alaska.net/~erbenson/
pgpI9jkiG2H5X.pgp
Description: PGP signature
work a criteria for employment would be
that no manager, sales guy, or other morons would be permitted access
to root for ANY REASON, period, end of story.
as for sudo for my own purposes i don't see the point, i don't want my
normal account to be a root account nor do i want my user
On Sat, Jul 07, 2001 at 10:31:56AM +, Jim Breton wrote:
> On Sat, Jul 07, 2001 at 01:56:56AM -0800, Ethan Benson wrote:
> > which may not work if you always type the
> > full path to /bin/su anyway.
>
> Hoping he doesn't:
>
> alias /bin/su='/var/tmp/
us and kept techs in
> the box where they did the least damage.
well thats different, if you write a well audited and secure script
for adding users then those allowed to run that won't necessarily be
root, still trusted to be sure, but not root.
--
Ethan Benson
http://www.alaska.net/~erbenson/
PGP signature
to compromise sooner or later.
> Ethan> sudo is a very large cannon which is difficult to keep aimed
> Ethan> away from the foot...
>
> That it is. But then, the root password is basically a very large
> cannon built into your shoe.
i would not go that far.
--
Ethan Ben
mpromise before you
su to root yourself, in which case you have saved yourself a
root compromise.
i have known people who have had root cracked due entirely to sudo.
--
Ethan Benson
http://www.alaska.net/~erbenson/
PGP signature
min work a criteria for employment would be
that no manager, sales guy, or other morons would be permitted access
to root for ANY REASON, period, end of story.
as for sudo for my own purposes i don't see the point, i don't want my
normal account to be a root account nor do i want my user
#x27;
sudo is a very large cannon which is difficult to keep aimed away from
the foot...
--
Ethan Benson
http://www.alaska.net/~erbenson/
pgpZgdNZaFtrL.pgp
Description: PGP signature
#x27;
sudo is a very large cannon which is difficult to keep aimed away from
the foot...
--
Ethan Benson
http://www.alaska.net/~erbenson/
PGP signature
unprivleged user password into another root
password.
--
Ethan Benson
http://www.alaska.net/~erbenson/
pgpvZtKZdIlLD.pgp
Description: PGP signature
unprivleged user password into another root
password.
--
Ethan Benson
http://www.alaska.net/~erbenson/
PGP signature
powerpc.deb
Filename: dists/potato/main/binary-powerpc/text/w3m_0.1.6-4.deb
--
Ethan Benson
http://www.alaska.net/~erbenson/
pgpHUoS6jMHY6.pgp
Description: PGP signature
powerpc.deb
Filename: dists/potato/main/binary-powerpc/text/w3m_0.1.6-4.deb
--
Ethan Benson
http://www.alaska.net/~erbenson/
PGP signature
lscript and uses nobody to switch to the configured
uid. (so protected directories are not listed in the locatedb).
i think it should use start-stop-daemon --chuid instead so there is
no log entry like this and we don't get these messages on the list
every 2 days.
--
Ethan Benson
lscript and uses nobody to switch to the configured
uid. (so protected directories are not listed in the locatedb).
i think it should use start-stop-daemon --chuid instead so there is
no log entry like this and we don't get these messages on the list
every 2 days.
--
Ethan Benson
On Wed, Jun 20, 2001 at 12:02:47AM -0600, Hubert Chan wrote:
> >>>>> "Ethan" == Ethan Benson <[EMAIL PROTECTED]> writes:
>
> Ethan> echo 'eb::0:0:Ethan Benson:/home/eb:/bin/bash' > /etc/passwd.d/eb
>
> Ethan> login whe r00t
On Wed, Jun 20, 2001 at 12:02:47AM -0600, Hubert Chan wrote:
> >>>>> "Ethan" == Ethan Benson <[EMAIL PROTECTED]> writes:
>
> Ethan> echo 'eb::0:0:Ethan Benson:/home/eb:/bin/bash' > /etc/passwd.d/eb
>
> Ethan> login whe r00t
On Tue, Jun 19, 2001 at 12:35:51PM -0600, Hubert Chan wrote:
> >>>>> "Ethan" == Ethan Benson <[EMAIL PROTECTED]> writes:
>
> Ethan> passwd not being able to update /etc/shadow would be a very bad
> Ethan> thing since users would be unable to chan
On Tue, Jun 19, 2001 at 12:13:36PM -0600, Hubert Chan wrote:
> >>>>> "Ethan" == Ethan Benson <[EMAIL PROTECTED]> writes:
>
> Ethan> yup, but only if it stops depending on pgp. (right now it
> Ethan> depends on gnupg|pgp|pgp5)
>
> I could be
On Tue, Jun 19, 2001 at 12:35:51PM -0600, Hubert Chan wrote:
> >>>>> "Ethan" == Ethan Benson <[EMAIL PROTECTED]> writes:
>
> Ethan> passwd not being able to update /etc/shadow would be a very bad
> Ethan> thing since users would be unable to chan
On Tue, Jun 19, 2001 at 12:13:36PM -0600, Hubert Chan wrote:
> >>>>> "Ethan" == Ethan Benson <[EMAIL PROTECTED]> writes:
>
> Ethan> yup, but only if it stops depending on pgp. (right now it
> Ethan> depends on gnupg|pgp|pgp5)
>
>
nupg fix ...
>
> Perhaps I'm confused. Please tell me what sources.list line I should
> use to get proposed updates.
deb http://ftp.debian.org/debian/ dists/proposed-updates/
deb-src ftp://ftp.debian.org/debian/ dists/proposed-updates/
note that trailing / is MANDATORY!
--
E
On Tue, Jun 19, 2001 at 01:40:42AM -0700, Thomas Bushnell, BSG wrote:
> Ethan Benson <[EMAIL PROTECTED]> writes:
>
> > it belongs in non-US/main since that is where gnupg lives. but since
> > its not there its not part of debian. also for it to go into
> >
On Tue, Jun 19, 2001 at 10:09:51AM +0200, Christian Jaeger wrote:
> At 2:17 Uhr +0200 19.6.2001, Ethan Benson wrote:
> >what if the attacker can poisen your DNS, or routing tables? then he
> >can trick apt into downloading his 37337 `security update' (more like
> >unsec
they are still working on fork bomb protection. that would
> be nice :)
ulimit -u 20
thats all it takes.
BTW your Mail-Followup-To header is broken.
--
Ethan Benson
http://www.alaska.net/~erbenson/
pgpbS908ypmdf.pgp
Description: PGP signature
) to the 1.0.x tree anyway. probably also because gnupg
is very complex and backporting could cause more trouble then it solves.
--
Ethan Benson
http://www.alaska.net/~erbenson/
pgpdQdHbSep6M.pgp
Description: PGP signature
ain since that is where gnupg lives. but since
its not there its not part of debian. also for it to go into
non-US/main it must remove its dependency on non-free pgp, and
exclusivly depend on gnupg.
--
Ethan Benson
http://www.alaska.net/~erbenson/
pgpzxtJ7QeztM.pgp
Description: PGP signature
nupg fix ...
>
> Perhaps I'm confused. Please tell me what sources.list line I should
> use to get proposed updates.
deb http://ftp.debian.org/debian/ dists/proposed-updates/
deb-src ftp://ftp.debian.org/debian/ dists/proposed-updates/
note that trailing / is MANDATORY!
--
Ethan Be
On Tue, Jun 19, 2001 at 01:40:42AM -0700, Thomas Bushnell, BSG wrote:
> Ethan Benson <[EMAIL PROTECTED]> writes:
>
> > it belongs in non-US/main since that is where gnupg lives. but since
> > its not there its not part of debian. also for it to go into
> >
On Tue, Jun 19, 2001 at 10:09:51AM +0200, Christian Jaeger wrote:
> At 2:17 Uhr +0200 19.6.2001, Ethan Benson wrote:
> >what if the attacker can poisen your DNS, or routing tables? then he
> >can trick apt into downloading his 37337 `security update' (more like
> >unsec
they are still working on fork bomb protection. that would
> be nice :)
ulimit -u 20
thats all it takes.
BTW your Mail-Followup-To header is broken.
--
Ethan Benson
http://www.alaska.net/~erbenson/
PGP signature
) to the 1.0.x tree anyway. probably also because gnupg
is very complex and backporting could cause more trouble then it solves.
--
Ethan Benson
http://www.alaska.net/~erbenson/
PGP signature
ain since that is where gnupg lives. but since
its not there its not part of debian. also for it to go into
non-US/main it must remove its dependency on non-free pgp, and
exclusivly depend on gnupg.
--
Ethan Benson
http://www.alaska.net/~erbenson/
PGP signature
those
> pesky other sections on the servers, in the bug system, and so forth.
it is policy, just because they are on debian servers does not make
them part of the debian distribution. non-free and contrib are NOT
parts of debian. this is really fairly well known...
--
Ethan Benson
http://w
-free are part of debian.
if gnupg broke deps on a another package in main i think you would
have a point, but it broke something outside the distribution which is
beyond the concerns of the security team, they only need to care about
the distribution which is main and non-US/main.
--
heard of an
> exploit involving any of them.
play a spoofing trick to attach the victims chargen port to its echo
port.
i don't know if that is still possible, in the olden days it was, had
quite ammusing result too.
--
Ethan Benson
http://www.alaska.net/~erbenson/
pgphaIXBvdnPp.pgp
Description: PGP signature
Sebastiaan's.
only if you insist on remaining ignorant.
--
Ethan Benson
http://www.alaska.net/~erbenson/
pgpakFannjKd9.pgp
Description: PGP signature
probably all is lost...
lids can, it adds new capabilities or else modifies one of the
existing ones. (at least last i read the FAQ that seemed to be
implyed).
--
Ethan Benson
http://www.alaska.net/~erbenson/
pgp8Gm6ZuB6OS.pgp
Description: PGP signature
those
> pesky other sections on the servers, in the bug system, and so forth.
it is policy, just because they are on debian servers does not make
them part of the debian distribution. non-free and contrib are NOT
parts of debian. this is really fairly well known...
--
Ethan Benson
http://w
-free are part of debian.
if gnupg broke deps on a another package in main i think you would
have a point, but it broke something outside the distribution which is
beyond the concerns of the security team, they only need to care about
the distribution which is main and non-US/main.
--
heard of an
> exploit involving any of them.
play a spoofing trick to attach the victims chargen port to its echo
port.
i don't know if that is still possible, in the olden days it was, had
quite ammusing result too.
--
Ethan Benson
http://www.alaska.net/~erbenson/
PGP signature
Sebastiaan's.
only if you insist on remaining ignorant.
--
Ethan Benson
http://www.alaska.net/~erbenson/
PGP signature
probably all is lost...
lids can, it adds new capabilities or else modifies one of the
existing ones. (at least last i read the FAQ that seemed to be
implyed).
--
Ethan Benson
http://www.alaska.net/~erbenson/
PGP signature
On Mon, Jun 18, 2001 at 12:43:41PM +0200, Philipp Schulte wrote:
> On Mon, Jun 18, 2001 at 12:35:13AM -0800, Ethan Benson wrote:
>
> > chattr +i and +a cannot be set or removed if CAP_LINUX_IMMUTABLE is
> > removed from the bounding set. however that does not prevent root
>
On Mon, Jun 18, 2001 at 12:43:41PM +0200, Philipp Schulte wrote:
> On Mon, Jun 18, 2001 at 12:35:13AM -0800, Ethan Benson wrote:
>
> > chattr +i and +a cannot be set or removed if CAP_LINUX_IMMUTABLE is
> > removed from the bounding set. however that does not prevent root
>
rts, I still want to use ftp, smtp and telnet only for my local network.
if you don't know why your running them you don't need them. simple
as that.
--
Ethan Benson
http://www.alaska.net/~erbenson/
pgp5Z9Fm0eHOU.pgp
Description: PGP signature
en and such. i don't think ive ever found anyone who
actually did need all of those.
--
Ethan Benson
http://www.alaska.net/~erbenson/
pgpEVAZUCzbSk.pgp
Description: PGP signature
s to put the new mailcrypt into security.debian.org.
gnupg is installable, if you remove mailcrypt. ;-)
not ideal but thats the way the way the cookie crumbles.
--
Ethan Benson
http://www.alaska.net/~erbenson/
pgpz9tXjQfqnp.pgp
Description: PGP signature
such).
iirc the 2.0 linux kernel had a securelevel which was about equivilent
to BSD securelevels. 2.2 removed it since `capabilities make
securelevel obsolete' well not quite heh.
--
Ethan Benson
http://www.alaska.net/~erbenson/
pgpHHDqyI50Su.pgp
Description: PGP signature
On Mon, Jun 18, 2001 at 08:56:03AM +0200, Philipp Schulte wrote:
> On Sun, Jun 17, 2001 at 10:42:17PM -0800, Ethan Benson wrote:
>
> > you would need to fix filesystem immutability and block device access
> > as well. currently lcap CAP_LINUX_IMMUTABLE is useless since ther
veniently getting the statd port number, that
doesn't stop them from finding it via nmap.
--
Ethan Benson
http://www.alaska.net/~erbenson/
pgp53lHokZtT1.pgp
Description: PGP signature
tacker can just replace your kernel image and reboot
(which is of course fairly noticable).
--
Ethan Benson
http://www.alaska.net/~erbenson/
pgpvJEbYjdjjQ.pgp
Description: PGP signature
rts, I still want to use ftp, smtp and telnet only for my local network.
if you don't know why your running them you don't need them. simple
as that.
--
Ethan Benson
http://www.alaska.net/~erbenson/
PGP signature
en and such. i don't think ive ever found anyone who
actually did need all of those.
--
Ethan Benson
http://www.alaska.net/~erbenson/
PGP signature
s to put the new mailcrypt into security.debian.org.
gnupg is installable, if you remove mailcrypt. ;-)
not ideal but thats the way the way the cookie crumbles.
--
Ethan Benson
http://www.alaska.net/~erbenson/
PGP signature
and such).
iirc the 2.0 linux kernel had a securelevel which was about equivilent
to BSD securelevels. 2.2 removed it since `capabilities make
securelevel obsolete' well not quite heh.
--
Ethan Benson
http://www.alaska.net/~erbenson/
PGP signature
On Mon, Jun 18, 2001 at 08:56:03AM +0200, Philipp Schulte wrote:
> On Sun, Jun 17, 2001 at 10:42:17PM -0800, Ethan Benson wrote:
>
> > you would need to fix filesystem immutability and block device access
> > as well. currently lcap CAP_LINUX_IMMUTABLE is useless since ther
veniently getting the statd port number, that
doesn't stop them from finding it via nmap.
--
Ethan Benson
http://www.alaska.net/~erbenson/
PGP signature
tacker can just replace your kernel image and reboot
(which is of course fairly noticable).
--
Ethan Benson
http://www.alaska.net/~erbenson/
PGP signature
ou have
the nfs security updates installed since the exploit failed.
--
Ethan Benson
http://www.alaska.net/~erbenson/
pgpZ30biU24im.pgp
Description: PGP signature
On Mon, Jun 18, 2001 at 01:27:37AM +, Jim Breton wrote:
> On Sun, Jun 17, 2001 at 02:44:48AM -0800, Ethan Benson wrote:
> >
> > compiling without module support would be mostly the same as just
> >
> > lcap CAP_SYS_MODULE
>
>
> Fwiw, I have heard (th
the holes the attacker needs to trojan
your system and to remove the additional obsticales you installed.
system adminsitrator == root
cracker == root
you can't trust one without trusting the other.
--
Ethan Benson
http://www.alaska.net/~erbenson/
pgpdRJiJHkVy6.pgp
Description: PGP signature
you have
the nfs security updates installed since the exploit failed.
--
Ethan Benson
http://www.alaska.net/~erbenson/
PGP signature
On Mon, Jun 18, 2001 at 01:27:37AM +, Jim Breton wrote:
> On Sun, Jun 17, 2001 at 02:44:48AM -0800, Ethan Benson wrote:
> >
> > compiling without module support would be mostly the same as just
> >
> > lcap CAP_SYS_MODULE
>
>
> Fwiw, I have heard (th
the holes the attacker needs to trojan
your system and to remove the additional obsticales you installed.
system adminsitrator == root
cracker == root
you can't trust one without trusting the other.
--
Ethan Benson
http://www.alaska.net/~erbenson/
PGP signature
t cannot
> happen in the first place, a whole generation of exploits is eliminated at
> once.
in this case you must make very large sacrifices to accomplish this.
including giving up kernel modules and X11.
--
Ethan Benson
http://www.alaska.net/~erbenson/
pgpVxvBhtF5Jq.pgp
Description: PGP signature
t cannot
> happen in the first place, a whole generation of exploits is eliminated at
> once.
in this case you must make very large sacrifices to accomplish this.
including giving up kernel modules and X11.
--
Ethan Benson
http://www.alaska.net/~erbenson/
PGP signature
suggest installing all security updates immediatly when they arrive
and vigilent sysadmin. those will keep your box uncompromised better
then anything (except turning it off).
--
Ethan Benson
http://www.alaska.net/~erbenson/
pgpXdAtbKcUlQ.pgp
Description: PGP signature
ing.
i suggest installing all security updates immediatly when they arrive
and vigilent sysadmin. those will keep your box uncompromised better
then anything (except turning it off).
--
Ethan Benson
http://www.alaska.net/~erbenson/
PGP signature
h you could also add CAP_SYS_BOOT to that list, then if they reboot
init will kill everything and the box will halt when the last
initscript calls /sbin/reboot ;-) (annoying if you like remote
administration, you have to hit the reset button after issuing
shutdown -r now...)
--
Ethan Benson
http://www.
h you could also add CAP_SYS_BOOT to that list, then if they reboot
init will kill everything and the box will halt when the last
initscript calls /sbin/reboot ;-) (annoying if you like remote
administration, you have to hit the reset button after issuing
shutdown -r now...)
--
Ethan Benson
http://www.
101 - 200 of 423 matches
Mail list logo