Re: Known vulnerabilities left open in Debian?

nerability that can cause a system compromise in a popular package. -- Jamie Heilman http://audible.transient.net/~jamie/ "Paranoia is a disease unto itself, and may I add, the person standing next to you may not be who they

Re: Known vulnerabilities left open in Debian?

nerability that can cause a system compromise in a popular package. -- Jamie Heilman http://audible.transient.net/~jamie/ "Paranoia is a disease unto itself, and may I add, the person standing next to you may not be who they

Re: pam doesn't see nis

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=204711

Re: pam doesn't see nis

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=204711 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: apache

ites, why not read the fine manual: http://httpd.apache.org/docs/logs.html -- Jamie Heilman http://audible.transient.net/~jamie/ "Most people wouldn't know music if it came up and bit them on the ass." -Frank Zappa

Re: apache

ites, why not read the fine manual: http://httpd.apache.org/docs/logs.html -- Jamie Heilman http://audible.transient.net/~jamie/ "Most people wouldn't know music if it came up and bit them on the ass." -Frank Zappa

Re: apache

date string could be used only > for file creation after apache process receives SIGUSR1. Grab the cronolog package, its easier and less intrusive. -- Jamie Heilman http://audible.transient.net/~jamie/ "We must be born with an intuition of mortality. Before we kn

Re: apache

date string could be used only > for file creation after apache process receives SIGUSR1. Grab the cronolog package, its easier and less intrusive. -- Jamie Heilman http://audible.transient.net/~jamie/ "We must be born with an intuition of mortality. Before we kn

Re: rpc.mountd

t finding those high ports... But, just pushing the port numbers down below 1024 won't solve anything. You're much better off filtering traffic to those ports with ipfilter and backing that up with a good tcp_wrappers configuration. -- Jamie Heilman http://audible.t

Re: rpc.mountd

ned by the portmapper. > and the second is about the apache sever, how can i disable http > trace ? thanks.. use google http://www.apacheweek.com/issues/03-01-24 Neither of these provide any additional security, why exactly do you think they are necessary? -- J

Re: OpenSSH and debian?

Phillip Hofmeister wrote: > The same information can be gathered from your MTA (if you are > running one) by doing an RCPT TO: and then an RSET. This is not universally true and is generally a matter of how the MTA is configured. -- Jamie Heilman http://audible.transie

Re: Secure remote syslogging?

Litzler Mihaly wrote: > How do you think switching a separate VLAN for this would be also secure > enough? Is it a must to use a dedicated device? Switching is done for speed, not security.

Re: Bug severity for substantial DoS vulnerability

ell, which I guess earns it a bonus point. -- Jamie Heilman http://audible.transient.net/~jamie/ "You came all this way, without saying squat, and now you're trying to tell me a '56 Chevy can beat a '47 Buick in a dead quarter mile? I liked you better when you weren't saying squat kid." -Buddy

Re: Cross site tracing and apache

Emmanuel Lacour wrote: > Is there someone having information about this web vulnerability, goals > and risks and how to disable it? google There's plenty of discussion out there on why this "vulnerability" isn't. -- Jamie Heilman http://audible.trans

Re: Cross site tracing and apache

Emmanuel Lacour wrote: > Is there someone having information about this web vulnerability, goals > and risks and how to disable it? google There's plenty of discussion out there on why this "vulnerability" isn't. -- Jamie Heilman http://audible.trans

Re: BCC fields shown

ram in exim ?? Maybe, or maybe the proper flags simply aren't being passed to your local injection program to tell it to abide by the behavior you expect. -- Jamie Heilman http://audible.transient.net/~jamie/ "I was in love once -- a Sinclair ZX-81. People said, &quo

Re: BCC fields shown

ram in exim ?? Maybe, or maybe the proper flags simply aren't being passed to your local injection program to tell it to abide by the behavior you expect. -- Jamie Heilman http://audible.transient.net/~jamie/ "I was in love once -- a Sinclair ZX-81. People said, &quo

Re: NIS(Client && Server) + Security

hose of you who tend and nurture your myopic little hatred of djb like its some kind of 100 year old bonsai), etc. And they don't crash every few days for no reason. -- Jamie Heilman http://audible.transient.net/~jamie/ "You came all this way, without saying squat, and n

Re: NIS(Client && Server) + Security

hose of you who tend and nurture your myopic little hatred of djb like its some kind of 100 year old bonsai), etc. And they don't crash every few days for no reason. -- Jamie Heilman http://audible.transient.net/~jamie/ "You came all this way, without saying squat, and n

Re: NIS(Client && Server) + Security

best tool for the job. (IMO, NIS is almost never the best tool in homogenous linux environments.) -- Jamie Heilman http://audible.transient.net/~jamie/ "Most people wouldn't know music if it came up and bit them on the ass." -Frank Zappa

Re: NIS(Client && Server) + Security

best tool for the job. (IMO, NIS is almost never the best tool in homogenous linux environments.) -- Jamie Heilman http://audible.transient.net/~jamie/ "Most people wouldn't know music if it came up and bit them on the ass."

Re: Where to install the firewall scripts

my script (which I wrote a long time ago and don't have anymore). Anyway, you get the idea. -- Jamie Heilman http://audible.transient.net/~jamie/ "You came all this way, without saying squat, and now you're trying to tell me a '56 Chevy can beat a '47 Bui

Re: Where to install the firewall scripts

my script (which I wrote a long time ago and don't have anymore). Anyway, you get the idea. -- Jamie Heilman http://audible.transient.net/~jamie/ "You came all this way, without saying squat, and now you're trying to tell me a '56 Chevy can beat a '47 Bui

Re: Removing stupid HTTP methods from Apache

nothing in apache (1.3 anyway) will service those by default. Otherwise, yeah, Limit and LimitExcept are the directives you're interested in. -- Jamie Heilman http://audible.transient.net/~jamie/ "I was in love once -- a Sinclair ZX-81. People said, "No, Holly,

Re: Removing stupid HTTP methods from Apache

nothing in apache (1.3 anyway) will service those by default. Otherwise, yeah, Limit and LimitExcept are the directives you're interested in. -- Jamie Heilman http://audible.transient.net/~jamie/ "I was in love once -- a Sinclair ZX-81. People said, "No, Holly,

Re: unknown udp port

meone please > confirm that? Yeah, that sounds like BIND. http://cr.yp.to/djbdns/forgery.html -- Jamie Heilman http://audible.transient.net/~jamie/ "I was in love once -- a Sinclair ZX-81. People said, "No, Holly, she's not for you." She was cheap, she was stu

Re: unknown udp port

meone please > confirm that? Yeah, that sounds like BIND. http://cr.yp.to/djbdns/forgery.html -- Jamie Heilman http://audible.transient.net/~jamie/ "I was in love once -- a Sinclair ZX-81. People said, "No, Holly, she's not for you." She was cheap, she was stu

SmartList sucks was Re: [OT] unsubscribe

ists already deployed. -- Jamie Heilman http://audible.transient.net/~jamie/ "Paranoia is a disease unto itself, and may I add, the person standing next to you may not be who they appear to be, so take precaution." -Sathington Willoughby

SmartList sucks was Re: [OT] unsubscribe

ists already deployed. -- Jamie Heilman http://audible.transient.net/~jamie/ "Paranoia is a disease unto itself, and may I add, the person standing next to you may not be who they appear to be, so take precaution." -Sathington

Re: "suspicious" apache log entries

Jamie Heilman wrote: > > [Sat Aug 31 21:03:49 2002] [error] [client 64.152.12.2] request failed: > > erroneous characters after protocol string: CONNECT > > mailb.microsoft.com:25 / HTTP/1.0 > > open proxy probe, standard Internet crapola, > http://www.monkeys.com/se

Re: "suspicious" apache log entries

> [Sat Aug 31 21:03:49 2002] [error] [client 64.152.12.2] request failed: > erroneous characters after protocol string: CONNECT > mailb.microsoft.com:25 / HTTP/1.0 open proxy probe, standard Internet crapola, http://www.monkeys.com/security/proxies/

Re: Permissions Required On hosts.allow ?

robably, to the lack of cohesion behind the various movements. But as I mentioned before, you'll probably want to examine subdomain from Wirex, SELinux, maybe LIDS, RSBAC, and doubtless there are others, but I'd start with those. -- Jamie Heilman http://audible.tr

Re: Permissions Required On hosts.allow ?

Joe Moore wrote: > Jamie Heilman wrote: > > Joe Moore wrote: > >> As to your later message: > >> setgroups() and initgroups() are not necessary. Already UID telnetd > >> is able to write to /var/run/utmp because of its membership in GID > >> utmp. &g

Re: Permissions Required On hosts.allow ?

stem isn't that broken, stop trying to fix it. There is no legitimate reason to jump through all these hoops just to hide your tcp wrappers configuration from your local users. If the requirements for your host dictate minimal access rights use an access control system thats been designed t

Re: Permissions Required On hosts.allow ?

is increased infrastructure. -- Jamie Heilman http://audible.transient.net/~jamie/ "Paranoia is a disease unto itself, and may I add, the person standing next to you may not be who they appear to be, so take precaution." -Sathington Willoughby

Re: Permissions Required On hosts.allow ?

fundamental vulnerability to compromise at all (by which I mean if the services you run and the configurations you run them with actually have exploitable bugs in them or not), but hey, at least your users won't be able to read those files. And thats, um, something. -- Jamie Heilman

Re: Permissions Required On hosts.allow ?

d > hosts.allow ... ? Obscuring your libwrap/tcpd configuration from your local users, at the expense of allowing services to run as seperate, non-privileged users is a bad idea. Privilege seperation provides a very tangible benefit, obfuscated config files do not. -- Jamie Heilman

Re: [d-security] Re: Apache chunk handling vulnerability and Apache 1.3.24-3

Christian Hammers wrote: > On Sat, Jun 22, 2002 at 11:50:10PM -0700, Jamie Heilman wrote: > > its not just mod_proxy, apache was vulnerable regardless > BTW: in the case that mod_proxy is not loaded: is it enough to just > backport the get_chunk_size function from http_protocol

Re: Apache chunk handling vulnerability and Apache 1.3.24-3

> Can someone clarify for me, please (not directly debian related, I know, > but...) - the patches appear to only be to the chunk-encoding functions > in mod_proxy. If mod_proxy isn't loaded, is apache still vulnerable? its not just mod_proxy, apache was vulnerable regardless --

Re: sources.list for potato

is your baby now, you wanna close that old bug out? Ben never did and its pretty much moot now as that bad package never made it into primetime. -- Jamie Heilman http://audible.transient.net/~jamie/ "We must be born with an intuition of mortality. Before we know the words

Re: Un-installing inetd on Woody.

can I circumvent this problem? apt-get install equivs -- Jamie Heilman http://audible.transient.net/~jamie/ "Paranoia is a disease unto itself, and may I add, the person standing next to you may not be who they appear to be, so take precaution."

Re: Un-installing inetd on Woody.

can I circumvent this problem? apt-get install equivs -- Jamie Heilman http://audible.transient.net/~jamie/ "Paranoia is a disease unto itself, and may I add, the person standing next to you may not be who they appear to be, so take precaution."

Re: [2] Mailserver HDD organization

[EMAIL PROTECTED] wrote: > now i have tried postfix and exim and i like both. > But wich is more secure? any body some knowledge about that? postfix has a better, more security concious, design

Re: [2] Mailserver HDD organization

[EMAIL PROTECTED] wrote: > now i have tried postfix and exim and i like both. > But wich is more secure? any body some knowledge about that? postfix has a better, more security concious, design -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [E

Re: Exim mail

e didn't use your root account, he used the nature of SMTP to trick you. http://rfc821.x42.com/ And no, you can't block telnet, unless you choose to not run a mail server at all. -- Jamie Heilman http://audible.transient.net/~jamie/ "Paranoia is a disease unto

Re: Exim mail

. He didn't use your root account, he used the nature of SMTP to trick you. http://rfc821.x42.com/ And no, you can't block telnet, unless you choose to not run a mail server at all. -- Jamie Heilman http://audible.transient.net/~jamie/ "Paranoia is a disease unto

Re: crc32 compensation attack

Micah Anderson wrote: > Got what appears to be a "crc32 compensation attack in my logs today, > about 10 minutes worth of these types of messages should I be > worried? Should I laugh at this feable attempt to break in? Should I > gnaw my fingernails with my shotgun on my lap? heh, http://www

Re: crc32 compensation attack

Micah Anderson wrote: > Got what appears to be a "crc32 compensation attack in my logs today, > about 10 minutes worth of these types of messages should I be > worried? Should I laugh at this feable attempt to break in? Should I > gnaw my fingernails with my shotgun on my lap? heh, http://ww

Re: Why do people do this? [Was fishingboat in root]

Jason Thomas wrote: > maybe ask the maintainer of the package to change it to something > meaningful! better yet, uninstall the package and boycott stupid behavior -- Jamie Heilman http://audible.transient.net/~jamie/ "It's almost impossible to overestimate

Re: Why do people do this? [Was fishingboat in root]

Jason Thomas wrote: > maybe ask the maintainer of the package to change it to something > meaningful! better yet, uninstall the package and boycott stupid behavior -- Jamie Heilman http://audible.transient.net/~jamie/ "It's almost impossible to overestimate

Re: snort 's logs go to /var/log/auth.log for some reason?

Dmitriy wrote: > How can I change this? man snort, note -s option man syslog.conf -- Jamie Heilman http://audible.transient.net/~jamie/ "...thats the metaphorical equivalent of flopping your wedding tackle into a lion's mouth and flicking his lovespuds wit

Re: snort 's logs go to /var/log/auth.log for some reason?

Dmitriy wrote: > How can I change this? man snort, note -s option man syslog.conf -- Jamie Heilman http://audible.transient.net/~jamie/ "...thats the metaphorical equivalent of flopping your wedding tackle into a lion's mouth and flicking his lovespuds wit

Re: Apache, mod_auth_pam, pam_krb4, and you

ich can bring more things to light. -- Jamie Heilman http://audible.transient.net/~jamie/ "You came all this way way without saying squat and now you're trying to tell me a '56 Chevy can beat a '47 Buick in a dead quarter mile? I liked you better when you weren't saying squat kid." -Buddy

Re: Apache, mod_auth_pam, pam_krb4, and you

ich can bring more things to light. -- Jamie Heilman http://audible.transient.net/~jamie/ "You came all this way way without saying squat and now you're trying to tell me a '56 Chevy can beat a '47 Buick in a dead quarter mile? I liked you better when you weren&#x

Re: Using BIND in a chroot enviro?

The Big Lebowski) > > > 2. author write like "alle shit then my" > > > > Uh, sure. > > Whatever the quote means, I don't need *another* DJB-war barely a fortnight > after the last one. Aww, but they contain the same addictive chemical found in t

Re: Using BIND in a chroot enviro?

seen The Big Lebowski) > > > 2. author write like "alle shit then my" > > > > Uh, sure. > > Whatever the quote means, I don't need *another* DJB-war barely a fortnight > after the last one. Aww, but they contain the same addictive chemical found in t

Re: Using BIND in a chroot enviro?

rds over 512 bytes that will require tcp transport or not, or if you need to allow zone transfers to outside parties, so the question of if you need to allow 53/tcp is already decided, all you have to do is recognise that fact. -- Jamie Heilman http://audible.transient.net/~jamie

Re: Using BIND in a chroot enviro?

records over 512 bytes that will require tcp transport or not, or if you need to allow zone transfers to outside parties, so the question of if you need to allow 53/tcp is already decided, all you have to do is recognise that fact. -- Jamie Heilman http://audible.transient.net/~ja

Re: Using BIND in a chroot enviro?

ur network further at all. -- Jamie Heilman http://audible.transient.net/~jamie/ "You came all this way way without saying squat and now you're trying to tell me a '56 Chevy can beat a '47 Buick in a dead quarter mile? I liked you better when you weren't saying squat kid." -Buddy

Re: Using BIND in a chroot enviro?

en up your network further at all. -- Jamie Heilman http://audible.transient.net/~jamie/ "You came all this way way without saying squat and now you're trying to tell me a '56 Chevy can beat a '47 Buick in a dead quarter mile? I liked you better when you wer

Re: rlinetd security

say there is no good reason *period* as I've been running several machines without a working inetd for a year or so now, simply don't have the need for it on most workstations in my situation. -- Jamie Heilman http://audible.transient.net/~jamie/ "You came all this way

Re: rlinetd security

say there is no good reason *period* as I've been running several machines without a working inetd for a year or so now, simply don't have the need for it on most workstations in my situation. -- Jamie Heilman http://audible.transient.net/~jamie/ "You came all this way

Re: rlinetd security

rve large queries, otherwise, you don't need it dnscache uses port 53 both tcp and udp - its the caching resolver -- Jamie Heilman http://audible.transient.net/~jamie/ "I was in love once -- a Sinclair ZX-81. People said, "No, Holly, she

Re: rlinetd security

till evangelize binary distro's and linux. -- Jamie Heilman http://audible.transient.net/~jamie/ "I was in love once -- a Sinclair ZX-81. People said, "No, Holly, she's not for you." She was cheap, she was stupid and she wouldn't load -- well, not for me, anyway." -Holly

Re: rlinetd security

rve large queries, otherwise, you don't need it dnscache uses port 53 both tcp and udp - its the caching resolver -- Jamie Heilman http://audible.transient.net/~jamie/ "I was in love once -- a Sinclair ZX-81. People said, "No, Holly, she

Re: rlinetd security

only unstable box actually needed inetd, and was only accessible from an internal network so I wasn't worried about inetd's underlying flaws wrt DoSability and lack of concurency limiting. If you use inetd on untrusted interface you are asking for pain, I thought that was fairly well un

Re: rlinetd security

only unstable box actually needed inetd, and was only accessible from an internal network so I wasn't worried about inetd's underlying flaws wrt DoSability and lack of concurency limiting. If you use inetd on untrusted interface you are asking for pain, I thought that was fairly well un

Re: Bind stop working right.

dns enter unstable a few days ago and you can always snag djbdns from http://cr.yp.to/djbdns.html -- Jamie Heilman http://audible.transient.net/~jamie/ "You came all this way way without saying squat and now you're trying to tell me a '56 Chevy can beat a '47

Re: Bind stop working right.

w maradns enter unstable a few days ago and you can always snag djbdns from http://cr.yp.to/djbdns.html -- Jamie Heilman http://audible.transient.net/~jamie/ "You came all this way way without saying squat and now you're trying to tell me a '56 Chevy can beat a &#x

Re: proftpd exploit??

t; Any solution?? > > Resource limits on the ftp server process? Or a DenyFilter of \*.*/ as is recommended on the proftpd.org web site. http://www.proftpd.org/critbugs.html -- Jamie Heilman http://audible.transient.net/~jamie/ "...thats the metaphorical equivalen

Re: Lprng version question

rflow bug fixed * getttext NLSPATH security bug fixed. * spool_file_perms security bug fixed. * Added setuid Linux bug work-around. -- Craig Small <> Sun, 15 Oct 2000 15:42:02 -0500 -- Jamie Heilman http://audible.transient.net/~jamie/ "We must be born with an in

Re: Lprng version question

rflow bug fixed * getttext NLSPATH security bug fixed. * spool_file_perms security bug fixed. * Added setuid Linux bug work-around. -- Craig Small <> Sun, 15 Oct 2000 15:42:02 -0500 -- Jamie Heilman http://audible.transient.net/~jamie/ "We must be born with an in

Re: psuedonymity and apache

to /myphatmp3archive/ then don't log it. Even then you're probably screwed as your upstream could conceivably log the activity. If, on the other hand, you just want to display your log files to the world sans the detailed connection information, just post-process them and

Re: psuedonymity and apache

to /myphatmp3archive/ then don't log it. Even then you're probably screwed as your upstream could conceivably log the activity. If, on the other hand, you just want to display your log files to the world sans the detailed connection information, just post-process them and

Re: Logging practices (and why does it suck in Debian?)

x27;m all for it, especially if somebody else can figure out how to make logger that does reliable and perhaps secure network transport. -- Jamie Heilman http://audible.transient.net/~jamie/ "...thats the metaphorical equivalent of flopping your wedding tackle into a lion&#

Re: Logging practices (and why does it suck in Debian?)

ke to see is a facility logger that could collect logs like traditional syslog but then would let me hand them to something like multilog to be stored on disk. -- Jamie Heilman http://audible.transient.net/~jamie/ "We must be born with an intuition of mortality. Before we kno

Re: Logging practices (and why does it suck in Debian?)

x27;m all for it, especially if somebody else can figure out how to make logger that does reliable and perhaps secure network transport. -- Jamie Heilman http://audible.transient.net/~jamie/ "...thats the metaphorical equivalent of flopping your wedding tackle into a lion&#

Re: Logging practices (and why does it suck in Debian?)

ke to see is a facility logger that could collect logs like traditional syslog but then would let me hand them to something like multilog to be stored on disk. -- Jamie Heilman http://audible.transient.net/~jamie/ "We must be born with an intuition of mortality. Before we kno

Re: Ports to block?

ocol works over TCP however, so if you're acting as a master you may have to open the tcp port to your slaves. Ofcourse if you're running BIND and you're concerned about security ... There are better servers than BIND and there are better ways to transfer zone information. --

Re: Ports to block?

ocol works over TCP however, so if you're acting as a master you may have to open the tcp port to your slaves. Ofcourse if you're running BIND and you're concerned about security ... There are better servers than BIND and there are better ways to transfer zone information. --

Re: NTP security

subject of securing NTP, has anyone gotten the autokey stuff to work the version of ntpd in stable? -- Jamie Heilman http://audible.transient.net/~jamie/ "...thats the metaphorical equivalent of flopping your wedding tackle into a lion's mouth and flicking his lovesp

Re: NTP security

the subject of securing NTP, has anyone gotten the autokey stuff to work the version of ntpd in stable? -- Jamie Heilman http://audible.transient.net/~jamie/ "...thats the metaphorical equivalent of flopping your wedding tackle into a lion's mouth and flicking his love

Re: NTP security

ata transfer over TCP but its not generally needed during normal operation. At any rate, it couldn't be done without modifiing the code, and finding somebody else to peer with who also had a modified server. -- Jamie Heilman http://audible.transient.net/~jamie/ &quo

Re: NTP security

ata transfer over TCP but its not generally needed during normal operation. At any rate, it couldn't be done without modifiing the code, and finding somebody else to peer with who also had a modified server. -- Jamie Heilman http://audible.transient.net/~jamie/ &quo

Re: NTP security

use tcp instead of udp ? No, UDP is intrinsic to how NTP works. -- Jamie Heilman http://audible.transient.net/~jamie/ "Paranoia is a disease unto itself, and may I add, the person standing next to you may not be who they appear t

Re: NTP security

use tcp instead of udp ? No, UDP is intrinsic to how NTP works. -- Jamie Heilman http://audible.transient.net/~jamie/ "Paranoia is a disease unto itself, and may I add, the person standing next to you may not be who they appear t

Re: NTP security

Rishi L Khan wrote: > Maybe use tcp wrappers? That's how I'd do it. Nope, ntpd doesn't link against libwrap and can't be run out of inetd. -- Jamie Heilman http://audible.transient.net/~jamie/ "I was in love once -- a Sinclair ZX-81. People said,

Re: NTP security

Rishi L Khan wrote: > Maybe use tcp wrappers? That's how I'd do it. Nope, ntpd doesn't link against libwrap and can't be run out of inetd. -- Jamie Heilman http://audible.transient.net/~jamie/ "I was in love once -- a Sinclair ZX-81. People said,

Re: NTP security

evel, which is unfortunate. You can at the protocol level however. Get the NTP documentation and read about the authentication options and the access control options. To control access at the transport level you will have to use firewalling rules. -- Jamie Heilman http://audible

Re: NTP security

evel, which is unfortunate. You can at the protocol level however. Get the NTP documentation and read about the authentication options and the access control options. To control access at the transport level you will have to use firewalling rules. -- Jamie Heilman http://audible

Re: Wrong DNS configuration. Which?

pening. It might be spam, it might be a misconfiguration on their end. -- Jamie Heilman http://audible.transient.net/~jamie/ "We must be born with an intuition of mortality. Before we know the words for it, before we know there are words, out we come bloodied and squ

Re: Wrong DNS configuration. Which?

pening. It might be spam, it might be a misconfiguration on their end. -- Jamie Heilman http://audible.transient.net/~jamie/ "We must be born with an intuition of mortality. Before we know the words for it, before we know there are words, out we come bloodied and squ

Re: OpenSSH and CVS

s pretty picky about those things, where unix clients aren't. For example a good CVSROOT is :ext:mycvsserver:/mycvs/root/path where as a bad one which will almost certainly make wincvs choke (these get stored in the CVS control files remember) is [EMAIL PROTECTED]:/mycvs/root/path. -- Jamie He

Re: OpenSSH and CVS

s pretty picky about those things, where unix clients aren't. For example a good CVSROOT is :ext:mycvsserver:/mycvs/root/path where as a bad one which will almost certainly make wincvs choke (these get stored in the CVS control files remember) is user@mycvsserver:/mycvs/root/path. -- Jamie He

Re: Debian or Linux 7???

han Redhat is no more secure than Solaris is no more secure than OpenBSD. We could make a lot of vague generalizations about default setup and what-not but its really just a waste of time. If you don't want to be hacked, learn how to prevent it. -- Jamie Heilman http://aud

Re: Debian or Linux 7???

e than Redhat is no more secure than Solaris is no more secure than OpenBSD. We could make a lot of vague generalizations about default setup and what-not but its really just a waste of time. If you don't want to be hacked, learn how to prevent it. -- Jamie Heilman

Re: Send a mail

> Well, I can't tell you how to change the 'from' entry in your MTA. man qmail-inject at any rate none of this is security related -jamie

Re: Send a mail

> Well, I can't tell you how to change the 'from' entry in your MTA. man qmail-inject at any rate none of this is security related -jamie -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: glibc LD_PRELOAD

IL PROTECTED] (/dev/pts/4) at 13:21 ... hrmmm polyphony:~# I have no idea if this has further reaching consequences, but ldd didn't used to actually execute the programs you ran it on. This seems to only affect sgid applications. -- Jamie Heilman http://audible.

Re: glibc LD_PRELOAD

@polyphony (/dev/pts/4) at 13:21 ... hrmmm polyphony:~# I have no idea if this has further reaching consequences, but ldd didn't used to actually execute the programs you ran it on. This seems to only affect sgid applications. -- Jamie Heilman http://audible.tra

  1   2   >