08:47:17 ~$ ls -l /tmp/a
| > -rwxr-xr-x1 alexey alexey 0 ñÎ× 3 08:47 /tmp/a
| > [terrapin] 08:47:21 ~$ /tmp/a
| > bash: /tmp/a: Permission denied
| > [terrapin] 08:47:25 ~$
|
| what happens if you do:
|
| sh -x /tmp/a
It works just fine. That is part of why noexec is point
08:47:17 ~$ ls -l /tmp/a
| > -rwxr-xr-x1 alexey alexey 0 ñÎ× 3 08:47 /tmp/a
| > [terrapin] 08:47:21 ~$ /tmp/a
| > bash: /tmp/a: Permission denied
| > [terrapin] 08:47:25 ~$
|
| what happens if you do:
|
| sh -x /tmp/a
It works just fine. That is part of why noexec is point
so, if you have users, then /home.
|
| /etc is written into by the kernel ( for mounts/unmounts )
ln -s /proc/mounts /etc/mtab
| /proc if you use it is writable
/proc is a kernel interface. It is not a real file system.
--
Tollef Fog Heen
Unix _IS_ user friendly... It's just selective about who its friends are.
so, if you have users, then /home.
|
| /etc is written into by the kernel ( for mounts/unmounts )
ln -s /proc/mounts /etc/mtab
| /proc if you use it is writable
/proc is a kernel interface. It is not a real file system.
--
Tollef Fog Heen
Unix _IS_ user friendly... It's just selective
r SSL (or you can use
cfd without SSL).
--
Tollef Fog Heen
Unix _IS_ user friendly... It's just selective about who its friends are.
r SSL (or you can use
cfd without SSL).
--
Tollef Fog Heen
Unix _IS_ user friendly... It's just selective about who its friends are.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
alert pages I see
| nothing about passwd.
| What should I do?
Send it to [EMAIL PROTECTED] That is a closed list which won't
make it public preliminary.
--
Tollef Fog Heen
You Can't Win
alert pages I see
| nothing about passwd.
| What should I do?
Send it to [EMAIL PROTECTED] That is a closed list which won't
make it public preliminary.
--
Tollef Fog Heen
You Can't Win
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
up Mozilla into separate packages, and the crypto
| code (ie, PSM) is in its own (optional) package. So I'm not even sure what
| the issue is anymore...
The Debian maintainer is the same as the Ximian one. He is working on
splitting the deb into multiple parts, but this takes time.
--
Tollef Fog
up Mozilla into separate packages, and the crypto
| code (ie, PSM) is in its own (optional) package. So I'm not even sure what
| the issue is anymore...
The Debian maintainer is the same as the Ximian one. He is working on
splitting the deb into multiple parts, but this takes time.
--
Tolle
ts the password
(but not the data).
--
Tollef Fog Heen
Unix _IS_ user friendly... It's just selective about who its friends are.
ts the password
(but not the data).
--
Tollef Fog Heen
Unix _IS_ user friendly... It's just selective about who its friends are.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
You should be able to unsubscribe at
http://www.debian.org/MailingLists/unsubscribe , have you tried that?
--
Tollef Fog Heen
Unix _IS_ user friendly... It's just selective about who its friends are.
:-)
You should be able to unsubscribe at
http://www.debian.org/MailingLists/unsubscribe , have you tried that?
--
Tollef Fog Heen
Unix _IS_ user friendly... It's just selective about who its friends are.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubsc
ailman supports this natively.
--
Tollef Fog Heen
Unix _IS_ user friendly... It's just selective about who its friends are.
ailman supports this natively.
--
Tollef Fog Heen
Unix _IS_ user friendly... It's just selective about who its friends are.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
*
| But a good one, it works!!
| Thanks!!
Nice to hear. :)
| Now, I wonder why this problem occours. I'll have to take a look at some RFC
| to figure out.. anyone who can point me in the right direction??
RFC 2481, iirc.
--
Tollef Fog Heen
Unix _IS_ user friendly... It's just
mpiled the kernel? If so, many firewalls and routers drop packages
with this set. It bit me, and I couldn't find out what it was - look
at whether /proc/sys/net/ipv4/tcp_ecn contains a 0 (which works here),
or a 1 (which causes some problems).
--
Tollef Fog Heen
Unix _IS_ user friendly...
*
| But a good one, it works!!
| Thanks!!
Nice to hear. :)
| Now, I wonder why this problem occours. I'll have to take a look at some RFC
| to figure out.. anyone who can point me in the right direction??
RFC 2481, iirc.
--
Tollef Fog Heen
Unix _IS_ user friendly... It's just
mpiled the kernel? If so, many firewalls and routers drop packages
with this set. It bit me, and I couldn't find out what it was - look
at whether /proc/sys/net/ipv4/tcp_ecn contains a 0 (which works here),
or a 1 (which causes some problems).
--
Tollef Fog Heen
Unix _IS_ user friendly...
* Jacob Meuser
| On Fri, Mar 02, 2001 at 11:39:15AM +0100, Tollef Fog Heen wrote:
| > * Ethan Benson
| >
| > Not everyone has a permanent internet connection.. It should probably
| > ask whether you want to have it in there.
| >
|
| I believe it becomes uncommented if one in
* Jacob Meuser
| On Fri, Mar 02, 2001 at 11:39:15AM +0100, Tollef Fog Heen wrote:
| > * Ethan Benson
| >
| > Not everyone has a permanent internet connection.. It should probably
| > ask whether you want to have it in there.
| >
|
| I believe it becomes uncommented if one in
here in r0
too,
|
| it was there but commented out by default? hrm i wonder why that is,
| it does not much good being commented out...
Not everyone has a permanent internet connection.. It should probably
ask whether you want to have it in there.
--
Tollef Fog Heen
Unix _IS_ user friendly... It
there in r0 too,
|
| it was there but commented out by default? hrm i wonder why that is,
| it does not much good being commented out...
Not everyone has a permanent internet connection.. It should probably
ask whether you want to have it in there.
--
Tollef Fog Heen
Unix _IS_ user friendly... It
I don't like playing around in the kernel, but by using
libc hooks and ld.so.preload, you can trace all this in userspace
without risking too much. The downside is that it doesn't work with
statically linked binaries.
Also, adding the pam-tmpdir-module might be a start as well.
--
hooks. I don't like playing around in the kernel, but by using
libc hooks and ld.so.preload, you can trace all this in userspace
without risking too much. The downside is that it doesn't work with
statically linked binaries.
Also, adding the pam-tmpdir-module might be a start as well.
--
Another reason is probably that you don't see the need for that
security, until somebody shows you how easy it is to read you mail,
passwords etc. And somebody does it to _all_ users.
--
Tollef Fog Heen
Unix _IS_ user friendly... It's just selective about who its friends are.
desk.
Another reason is probably that you don't see the need for that
security, until somebody shows you how easy it is to read you mail,
passwords etc. And somebody does it to _all_ users.
--
Tollef Fog Heen
Unix _IS_ user friendly... It's just selective about who its friends are.
--
* Javier Fernandez-Sanguino Peña
| Any thoughts?
There is a discussion on -devel about _limiting_ the number of task
packages, not increasing it. So until that one is finished, adding
four task- packages isn't a good idea, imho.
--
Tollef Fog Heen
Unix _IS_ user friendly... It
those with
priority: standard and higher.
--
Tollef Fog Heen
Unix _IS_ user friendly... It's just selective about who its friends are.
* Javier Fernandez-Sanguino Peña
| Any thoughts?
There is a discussion on -devel about _limiting_ the number of task
packages, not increasing it. So until that one is finished, adding
four task- packages isn't a good idea, imho.
--
Tollef Fog Heen
Unix _IS_ user friendly... It
those with
priority: standard and higher.
--
Tollef Fog Heen
Unix _IS_ user friendly... It's just selective about who its friends are.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
od idea, anyhow?
--
Tollef Fog Heen
Unix _IS_ user friendly... It's just selective about who its friends are.
m - I would _never_ install X on a
server. :)
--
Tollef Fog Heen
Unix _IS_ user friendly... It's just selective about who its friends are.
od idea, anyhow?
--
Tollef Fog Heen
Unix _IS_ user friendly... It's just selective about who its friends are.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
m - I would _never_ install X on a
server. :)
--
Tollef Fog Heen
Unix _IS_ user friendly... It's just selective about who its friends are.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
directory, if you first successfully authenticate using Kerberos.
--
Tollef Fog Heen
Unix _IS_ user friendly... It's just selective about who its friends are.
* Jure Mercun
| I Don't know, whether this can be exploited, but it's better to be
| sre.
It's not suid anything, so it can't be used for anything, but it's a
bug, yes. (I haven't confirmed it).
--
Tollef Fog Heen
Unix _IS_ user friendly... It's just selective about who its friends are.
home
directory, if you first successfully authenticate using Kerberos.
--
Tollef Fog Heen
Unix _IS_ user friendly... It's just selective about who its friends are.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
* Jure Mercun
| I Don't know, whether this can be exploited, but it's better to be
| sre.
It's not suid anything, so it can't be used for anything, but it's a
bug, yes. (I haven't confirmed it).
--
Tollef Fog Heen
Unix _IS_ user friendly... It's just
f you use it, make it check it's return values!
Right now, it changes the return value as well - so time(2) returns
for tomorrow.
compile with
gcc -ldl -fpic -shared fake-time.c -o fake-time.so
run with
LD_PRELOAD=./fake-time.so date
--
Tollef Fog Heen
Unix _IS_ user friendly... It's just selective about who its friends are.
And if you use it, make it check it's return values!
Right now, it changes the return value as well - so time(2) returns
for tomorrow.
compile with
gcc -ldl -fpic -shared fake-time.c -o fake-time.so
run with
LD_PRELOAD=./fake-time.so date
--
Tollef Fog Heen
Unix _IS_ user friendly...
ACE_TRACEME, 0, 1, 0);
execl("/bin/date", "/bin/date", NULL, (char *)0);
}
(from a post on bugtraq last year).
--
Tollef Fog Heen
Unix _IS_ user friendly... It's just selective about who its friends are.
ACE_TRACEME, 0, 1, 0);
execl("/bin/date", "/bin/date", NULL, (char *)0);
}
(from a post on bugtraq last year).
--
Tollef Fog Heen
Unix _IS_ user friendly... It's just selective about who its friends are.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subj
name, but I saw it on freshmeat some time ago.
--
Tollef Fog Heen
Unix _IS_ user friendly... It's just selective about who its friends are.
name, but I saw it on freshmeat some time ago.
--
Tollef Fog Heen
Unix _IS_ user friendly... It's just selective about who its friends are.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Fog Heen
Unix _IS_ user friendly... It's just selective about who its friends are.
Fog Heen
Unix _IS_ user friendly... It's just selective about who its friends are.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
And, if you for some reason are on a public terminal,
do _you_ trust the client? I wouldn't.
--
Tollef Fog Heen
Unix _IS_ user friendly... It's just selective about who its friends are.
And, if you for some reason are on a public terminal,
do _you_ trust the client? I wouldn't.
--
Tollef Fog Heen
Unix _IS_ user friendly... It's just selective about who its friends are.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe"
* Ethan Benson
| > Still, why does /var/lib/texmf/* need to be publically writeable?
|
| design flaws in tetex. see the BTS for a long discussion about it.
| its not trivial to fix unfortunatly.
what is texconfig - font - fontro, then?
--
Tollef Fog Heen
Unix _IS_ user friendly... I
* Ethan Benson
| > Still, why does /var/lib/texmf/* need to be publically writeable?
|
| design flaws in tetex. see the BTS for a long discussion about it.
| its not trivial to fix unfortunatly.
what is texconfig - font - fontro, then?
--
Tollef Fog Heen
Unix _IS_ user friendly... I
ry-all/editors/crypt++el_2.87-2.deb
Size: 35832
Installed-Size: 143
MD5sum: 5d1a32288c1012f7de8ca8d02bf00522
Description: Emacs-Lisp Code for handling compressed and encrypted files
Code for handling all sorts of compressed and encrypted files like:
.gz, .tar.gz, .Z, .zip, PGP etc.
--
Tollef Fo
ry-all/editors/crypt++el_2.87-2.deb
Size: 35832
Installed-Size: 143
MD5sum: 5d1a32288c1012f7de8ca8d02bf00522
Description: Emacs-Lisp Code for handling compressed and encrypted files
Code for handling all sorts of compressed and encrypted files like:
.gz, .tar.gz, .Z, .zip, PGP etc.
--
Tollef Fo
machine.
If the rest of the box is that old, it's probably more or less riddled
with holes. The _only_ thing to do after a root compromise is full
reinstall from known good media. It's faster and easier. And you
have to ability to switch to debian as well! :)
--
Tollef Fog Heen
Unix
* Nathan Valentine
| I wish I could remember where I read this so that I could
| provide a pointer. TCP/IP Illustrated V2.
"Design and implementation of the 4.4 BSD operating system" has
something about it, iirc. My book is about 500kms away, so I can't
check.
--
Tollef Fog H
current kernel be updated ASAP ?
>From the latest debian-newsletter:
* A fix for the capabilities-related local root compromise in kernel
2.2.15 was [21]backported into the Debian package of kernel
2.2.15.
--
Tollef Fog Heen
This is the unix version of the LoveBug virus and in th
and the current kernel be updated ASAP ?
>From the latest debian-newsletter:
* A fix for the capabilities-related local root compromise in kernel
2.2.15 was [21]backported into the Debian package of kernel
2.2.15.
--
Tollef Fog Heen
This is the unix version of the LoveBug virus and in th
* Rehak Tamas
| I think, slink is affected to, at least mine contains that string...
potato contains the string as well, so I guess it's vulnerable.
--
Tollef Fog Heen
This is the unix version of the LoveBug virus and in the spirit of such it
depends on the user community to prop
ors or
certification authorities.
http://www.fs.net>
--
Tollef Fog Heen
Unix _IS_ user friendly... It's just selective about who its friends are.
* Alexander Hvostov
| How do you do NFS over SSH? I'm interested.
I don't, but since you can do NFS over TCP, i guessed that you can
do NFS over SSH as well. Or, you can do samba over SSH. Or just
SFS.
--
Tollef Fog Heen
Unix _IS_ user friendly... It's just selectiv
-SSH should work ok. Still, one has to have one system
which one trusts if you are to remote administer it.
--
Tollef Fog Heen
Unix _IS_ user friendly... It's just selective about who its friends are.
* Peter Cordes
| You mean Xnest?
Yes, sorry, I didn't check and recalled the wrong name.
--
Tollef Fog Heen
Unix _IS_ user friendly... It's just selective about who its friends are.
t a
semi-priviledged-user could sudo to root and then change root's
password.
You will of course have to guard that password very well, as it
might give instant root.. :)
I find this a better solution than autochanging passwords.
--
Tollef Fog Heen
Unix _IS_ user friendly... It's
* Sergio Brandano
| I am using gdm. Let see how I can do that. Anyway, will this affect
| ssh?
Yes, but you can run Xev (X-in-a-window) and ssh from there. This
is safer as well if you are really paranoid, since then you trust
the remote sshd less.
--
Tollef Fog Heen
Unix _IS_ user
* Tim Haynes
| In any event letting on a valid username for "who owns this
| socket/connection" increases security risks, albeit not necessarily
| by much.
Then one can provide the numeric userid instead.
--
Tollef Fog Heen
Unix _IS_ user friendly... It's just selectiv
66 matches
Mail list logo