Re: Security problem: rbash isn't working on initial invocation

* Bob George ([EMAIL PROTECTED]) [020926 11:40]: > I'm using bash on Debian 'testing'. I've created a symlink /bin/rbash > that points to /bin/bash, and prior to upgrading to 3, it worked as > expected. Users could not do "cd .." and other restricted functions as > described in the manpage. I o

THANKS Re: Security in NON-US Woody Distribution.

Thanks for the replies on the crypto package for KDE. I queried the package manager just now and there it is in the uninstalled packages. I'll try it out tomorrow night. Thanks again. On Tue, 11 Jun 2002 21:51, Colin Watson wrote: > On Tue, Jun 11, 2002 at 06:55:54PM +1200, arthur_dent wrote: >

Re: Security in NON-US Woody Distribution.

On Tue, 11 Jun 2002 18:55:54 +1200 "arthur_dent" <[EMAIL PROTECTED]> wrote: > Is it because Debian provides source code to their programs which is > under export restriction from the U.S.? > If so, does that mean that anyone wishing to use some form of high > Encryption outside of the U.S. would b

Re: Security in NON-US Woody Distribution.

On Tue, Jun 11, 2002 at 06:55:54PM +1200, arthur_dent wrote: > Why is it that when I purchased the disks for Woody here in New > Zealand ( I dont know if it's the same elsewhere) I get a lot of > NON-US software that does not seem to have much security built in. > i.e. I cant even log into hotmail

Re: Security in NON-US Woody Distribution.

Why is it that when I purchased the disks for Woody here in New Zealand ( I dont know if it's the same elsewhere) I get a lot of NON-US software that does not seem to have much security built in. i.e. I cant even log into hotmail or my bank using Konqueror browser and when I click on 'securit

Re: Security Updates Sources

"Jean-Charles Preaux" <[EMAIL PROTECTED]> writes: > Hello > Just a little question : > is there a security updates sources for the woody release ? > as : > deb http://security.debian.org/ > potato/updates main contrib non-free > for the potato release ? > Which

Re: Security Updates Sources

On Sun, Jun 02, 2002 at 06:49:31PM -0300, [EMAIL PROTECTED] wrote: > On Fri, May 31, 2002 at 01:47:01PM +0100, Colin Watson wrote: > > On Fri, May 31, 2002 at 01:57:17PM +0200, Jean-Charles Preaux wrote: > > > Just a little question : > > > is there a security updates sources for the woody rele

Re: Security Updates Sources

On Fri, May 31, 2002 at 01:47:01PM +0100, Colin Watson wrote: > On Fri, May 31, 2002 at 01:57:17PM +0200, Jean-Charles Preaux wrote: > > Just a little question : > > is there a security updates sources for the woody release ? > > Not yet. There will be when it's released. In the mean

Re: Security Updates Sources

On Fri, May 31, 2002 at 01:57:17PM +0200, Jean-Charles Preaux wrote: > Just a little question : > is there a security updates sources for the woody release ? Not yet. There will be when it's released. -- Colin Watson [EMAIL PROTECTED] -- To UNSUBSCRIBE, em

Re: security updates for testing distibution

On Sun, Apr 07, 2002 at 11:25:54PM +0200, Christophe Courtois wrote: > > Anyhow, woody will be released Real Soon Now(tm), and then the > > security policy will be the same as it was for potato. > > Does it mean too that I must update from potato rather quickly after > Woody's release if I want

Re: security updates for testing distibution

> Anyhow, woody will be released Real Soon Now(tm), and then the > security policy will be the same as it was for potato. Does it mean too that I must update from potato rather quickly after Woody's release if I want all security releases ? Is the maintenance of potato totally stopped after 1st

Re: security updates for testing distibution

On Fri, Apr 05, 2002 at 09:40:41AM +0200, Hanspeter Roth wrote: > On Apr 04 at 18:08, John Hasler spoke: > > > Andrew writes: > > > Don't security updates also go to unstable? > > > > No. Security updates are almost always done by backporting the fix to the > > version of the package that is i

Re: security updates for testing distibution

On Fri, Apr 05, 2002 at 07:28:54AM -0800, Andrew Agno wrote: > Hanspeter Roth writes: > > But what about the testing distribution? Does it also get `implicit' > > security fixes by new versions? > > Or is it safer to stick with stable? > > Well, it follows the usual rules, so eventually things

Re: security updates for testing distibution

Hanspeter Roth writes: > But what about the testing distribution? Does it also get `implicit' > security fixes by new versions? > Or is it safer to stick with stable? Well, it follows the usual rules, so eventually things will filter down. In the meantime, I believe you have to grab things fro

Re: security updates for testing distibution

begin quoting what Anthony DeRobertis said on Fri, Apr 05, 2002 at 04:31:35AM -0500: > > Just change the 'testing' to 'woody' in your sources, then you > will stay with woody. Which will be stable soon. But after that > happens, change it back to "stable" Just to head off the next question:

Re: security updates for testing distibution

On Apr 05 at 04:31, Anthony DeRobertis spoke: > Just change the 'testing' to 'woody' in your sources, then you > will stay with woody. Which will be stable soon. But after that > happens, change it back to "stable" > > [ And, btw, getting security fixes into testing is now very important, >

Re: security updates for testing distibution

Can one switch back to stable without reinstalling the whole? Probably not. But you don't want to, woody will be soon! Just keep saying it, woody will be soon... woody will be soon... eventually, we'll convince ourselves that it is true ;-) Seriously --- we now have under 100 RC bugs in test

Re: security updates for testing distibution

On Apr 04 at 18:08, John Hasler spoke: > Andrew writes: > > Don't security updates also go to unstable? > > No. Security updates are almost always done by backporting the fix to the > version of the package that is in stable. The version in unstable is > almost always a more recent one. If i

Re: security updates for testing distibution

John Hasler writes: > Andrew writes: > > Don't security updates also go to unstable? > No. Security updates are almost always done by backporting the fix to the > version of the package that is in stable. The version in unstable is > almost always a more recent one. If it is vulnerable it w

Re: security updates for testing distibution

Andrew writes: > Don't security updates also go to unstable? No. Security updates are almost always done by backporting the fix to the version of the package that is in stable. The version in unstable is almost always a more recent one. If it is vulnerable it will be fixed when the maintainer u

Re: security updates for testing distibution

* Hanspeter Roth ([EMAIL PROTECTED]) spake thusly: > On Apr 04 at 22:57, Hans Ekbrand spoke: > > > On Thu, Apr 04, 2002 at 10:53:52PM +0200, Hanspeter Roth wrote: > > > Can one get security updates for the testing distribution? > > > > No. There is no such thing. > > Can one switch back to sta

Re: security updates for testing distibution

On Apr 04 at 22:57, Hans Ekbrand spoke: > On Thu, Apr 04, 2002 at 10:53:52PM +0200, Hanspeter Roth wrote: > > Can one get security updates for the testing distribution? > > No. There is no such thing. Can one switch back to stable without reinstalling the whole? -Hanspeter -- To UNSUBSCRIB

Re: security updates for testing distibution

On Thu, Apr 04, 2002 at 10:53:52PM +0200, Hanspeter Roth wrote: > Can one get security updates for the testing distribution? No. There is no such thing. -- Note that I use Debian version 3.0 Linux emac140 2.4.17 #1 sön feb 10 20:21:22 CET 2002 i686 unknown Hans Ekbrand pgp0sfSbtZ3Nj.pgp Descri

Re: security vs. potato?

> according to packages.debian.org/ssh2 there is no ssh2 package > available for potato/stable. > > i suppose this is a conundrum for the developers -- normally > security fixes are beamed back to potato in a hurry, but ssh > (version 1) has security troubles, and to fix them would > introduce a n

Re: security vs. potato?

will trillich wrote: > i suppose this is a conundrum for the developers -- normally > security fixes are beamed back to potato in a hurry, but ssh > (version 1) has security troubles, and to fix them would > introduce a new package (ssh2) which is against 'stable' > policy... As far as I know fixe

Re: security vs. potato?

On Wed, Feb 27, 2002 at 07:03:56AM -0600, will trillich wrote: > according to packages.debian.org/ssh2 there is no ssh2 package > available for potato/stable. > > i suppose this is a conundrum for the developers -- normally > security fixes are beamed back to potato in a hurry, but ssh > (version

Re: security ftp branch

Colin Watson wrote: On Sun, Dec 16, 2001 at 05:45:08PM -0700, Paul Scott wrote: Colin Watson wrote: On Sun, Dec 16, 2001 at 01:44:13PM -0700, Paul Scott wrote: deb http://security.debian.org woody/updates main contrib non-free Security updates won't be issued for woody on security.debian

Re: security ftp branch

On Sun, Dec 16, 2001 at 05:45:08PM -0700, Paul Scott wrote: > Colin Watson wrote: > > On Sun, Dec 16, 2001 at 01:44:13PM -0700, Paul Scott wrote: > >>deb http://security.debian.org woody/updates main contrib non-free > > > > Security updates won't be issued for woody on security.debian.org until >

Re: security ftp branch

Colin Watson wrote: On Sun, Dec 16, 2001 at 01:44:13PM -0700, Paul Scott wrote: This 404 Not Found Ign http://security.debian.org woody/updates/main Release results from the line deb http://security.debian.org woody/updates main contrib non-free in my /etc/apt/sources.list What am I miss

Re: security ftp branch

> This > > 404 Not Found > Ign http://security.debian.org woody/updates/main Release security.debian.org ONLY provides updates for stable. woody is the last branch to get security updates becuase it must pass through unstable without any critical bugs first. nate

Re: security ftp branch

On Sun, Dec 16, 2001 at 01:44:13PM -0700, Paul Scott wrote: > This > > 404 Not Found > Ign http://security.debian.org woody/updates/main Release > > results from the line > > deb http://security.debian.org woody/updates main contrib non-free > > in my /etc/apt/sources.list > > What am I miss

Re: security updates

On Sun, Nov 25, 2001 at 04:30:08PM -0800, nate wrote: [snip] > > no specialized updates are available for woody or sid. you > have to get the updates the same way you get everything else. > be aware that it may take a long time to get security updates > on woody as any new packages must go through

Re: security updates

Glenn Becker said: > Hi all, > > On the strength of what I read re: getting security updates in the > list archives, I put the following line in my /etc/apt/sources.list > file: > > deb http://security.debian.org woody/updates main contrib non-free security updates are only available for the RELEA

Re: security updates

Glenn Becker wrote: Hi all, On the strength of what I read re: getting security updates in the list archives, I put the following line in my /etc/apt/sources.list file: deb http://security.debian.org woody/updates main contrib non-free ... but all it generates when I apt-get update && apt-ge

Re: security updates

On Sun, Nov 25, 2001 at 06:48:19PM -0500, Glenn Becker wrote: > Hi all, > > On the strength of what I read re: getting security updates in the list > archives, I put the following line in my /etc/apt/sources.list file: > > deb http://security.debian.org woody/updates main contrib non-free > > .

Re: security for woody

On Fri, Oct 26, 2001 at 03:13:43PM -0400, Stephen Gran wrote: > Thus spake shock: > > pardons for asking this, but i can't remember or locate the answer. > > what entry should i use in sources.list for security updates to > > woody? > > > > thanks. > I have http://security.debian.org/debian-non-US

Re: security for woody

Thus spake shock: > pardons for asking this, but i can't remember or locate the answer. what > entry should i use in sources.list for security updates to woody? > > thanks. I have http://security.debian.org/debian-non-US woody/non-US main contrib in my sources.list file - works fine, although it

Re: security for woody

shock <[EMAIL PROTECTED]> writes: > pardons for asking this, but i can't remember or locate the answer. what > entry should i use in sources.list for security updates to woody? There are no security updates for woody, until it becomes stable. Security fixes are uploaded to unstable and then tric

Re: security for woody

You wont find any for woody. Security fixes are only done for potato. I will assume you already have those in your sources.list. KM - Original Message - From: "shock" <[EMAIL PROTECTED]> To: "Debian-User" Sent: Thursday, October 25, 2001 11:37 AM Subject: security for woody > pardons f

Re: Security Update

--- Mark Rompies <[EMAIL PROTECTED]> (2001-10-13 21:30): > I've just use Debian for the first time in my life. I want to upgrade the > applications or anything to mmake it more secure (i think it will use apps > >from security.debian.org). The problem is very simple: > > what commands should i t

Re: Security Update

Mark Rompies wrote: > Hi! > > I've just use Debian for the first time in my life. I want to upgrade the > applications or anything to mmake it more secure (i think it will use apps > from security.debian.org). The problem is very simple: > > what commands should i type from the console to updat

Re: Security Update

You must add a line in your sources list that points to security.debian.org. Then you can use apt-get Mark Rompies wrote: > > Hi! > > I've just use Debian for the first time in my life. I want to upgrade the > applications or anything to mmake it more secure (i think it will use apps > from s

Re: Security on debian

Linux Journal has a monthly column called the Paranoid Penguin. This month: GPG: The Best Free Crypto You Aren't Using Part 2 of 2. --- Scott Henson <[EMAIL PROTECTED]> wrote: > Can any one point me to the best books, how-to's, > articles, scripts, etc. on > hardening debian and making it really s

Re: Security on debian

Scott Henson wrote: > > Can any one point me to the best books, how-to's, articles, scripts, etc. on > hardening debian and making it really secure, but still easy to use? I was > looking on the debian site and I saw a security how-to, but for some reason > it would not let me access it. It said

Re: Security on debian

There are numerous ways of hardening a linux box - its not really debian spec. But anyhow, a good example of an all round hardening/security "patch" is the 'grsecurity' kernel patch (from www.securedlinux.org) which borrows heavily from solar designers openwall patch, and moddes the code, as wel

Re: Security Auditing Tool for Analysing Networks?

hi ya xio simple 1 minute audit... run nmap, nessus, etc.. http://www.linux-sec.net/Audit/nmap.test.gwif.html ( assumes your not behind a NAT fw ) you can spend the next week auditing it if yu want http://www.Linux-Sec.net/Audit/ have fun alvin On Sat, 29 Sep 2001, xi

Re: Security Auditing Tool for Analysing Networks?

On Sat, 29 Sep 2001 13:16:04 BST, xio writes: >Still, I would like to run a Security Auditing Tool against my machine, >to see if I missed anything. Any good tools out there you can >recommend? nessus for relatively thorough jobs, for the quick portscan nmap is your friend. Of course, that's n

Re: Security, SSH connection speed (DNS?) (was: Newbie Questions, Performance and security...)

Thanks a lot for the tips, I'll check it out! On Tue, 25 Sep 2001, Karsten M. Self wrote: > on Tue, Sep 25, 2001 at 11:27:01AM -0500, Alexander Wallace ([EMAIL > PROTECTED]) wrote: > > > My questions: Will I be in the safe side if I decide to use debian for > > an internet server to serve web/ma

Re: Security from others when server running

* [EMAIL PROTECTED] ([EMAIL PROTECTED]) [010903 12:39]: > Hi, I'm running a server in a public location, and the applications running > on the server run in their own virtual console (or an xterm window). However, > if someone came up and closed the xterm or hit ^C they could cancel the > server

Re: Security from others when server running

On Tue, Sep 04, 2001 at 07:25:47AM +0200, Robert Waldner wrote: > > (please, dont Cc me on list-mail) > > On Mon, 03 Sep 2001 17:10:31 PDT, Alvin Oga writes: > >extremely hard to protect a server if people have physical access You could try a guard with a Kalashnikov... Cliff

Re: Security from others when server running

(please, don´t Cc me on list-mail) On Mon, 03 Sep 2001 17:10:31 PDT, Alvin Oga writes: >extremely hard to protect a server if people have physical access >to it... > - they can hit ctrl-alt-delete > ( remove that option from /etc/inittab if you dont like anyone > rebooting it )

Re: Security from others when server running

hi ya extremely hard to protect a server if people have physical access to it... - they can just pull thepower cord... - they can hit ctrl-alt-delete ( remove that option from /etc/inittab if you dont like anyone rebooting it ) - they can pull nic wires .

Re: Security from others when server running

On Mon, 03 Sep 2001 15:33:50 EDT, [EMAIL PROTECTED] writes: >Hi, I'm running a server in a public location, and the applications running >on the server run in their own virtual console (or an xterm window). However, >if someone came up and closed the xterm or hit ^C they could cancel the >serve

Re: Security from others when server running

* [EMAIL PROTECTED] ([EMAIL PROTECTED]) spake thusly: > Hi, I'm running a server in a public location, and the applications running > on the server run in their own virtual console (or an xterm window). However, > if someone came up and closed the xterm or hit ^C they could cancel the > server o

Re: Security

On Thu, Aug 30, 2001 at 11:20:46PM -0400, greg wrote: > How about adding a security section to the distribution page ? > http://www.debian.org/distrib/packages... You'll need to contact debian-www about this, not debian-user. Try filing a bug against the 'www.debian.org' pseudo-package. Cheers,

Re: security report

On Mon, Jul 02, 2001 at 12:01:05PM -0400, Thomas J. Hamman wrote: > On Mon, Jul 02, 2001 at 11:41:30AM -0400, Faheem Mitha wrote: > > I got the following security audit of a machine I recently installed > > Debian 2.2r3 on. I have run apt-get update and apt-get upgrade on it. The > > most serious p

Re: Security manager (mozilla M18), trying to run as normal user

On Sat, Jul 07, 2001 at 11:17:36AM -0400, Carl Fink wrote: > And is there any way to get Mozilla to stop offering me an unwanted > "Netscape Search" pane when I type a URL into the address bar? Even with > "smart" URLs turned off, it still slows typing down so much it's very > irritating. > Yes.

Re: Security manager (mozilla M18), trying to run as normal user

And speaking of Mozilla, how does one change the style or size of the font that it uses for drawing menus, dialog box text, etc.? I've heard there is a GTK version of Mozilla, but the mozilla-browser package in unstable doesn't seem to be it. At least, it certainly pays no attention whatsoever to

Re: Security manager (mozilla M18), trying to run as normal user

On Sat, Jul 07, 2001 at 10:35:14AM -0400, Noah Meyerhans wrote: > I've been using Mozilla as my primary browser for close to a year at > this point, and with the current 0.9.x releases it absolutely blows > Netscape 4 away in terms of performance, stability, and features. Really? I find it abou

Re: Security manager (mozilla M18), trying to run as normal user

On Sat, Jul 07, 2001 at 09:10:23PM +1000, Davor Balder wrote: > I installed security manager for mozilla (Mozilla M18 under Potato, > normal direct modem connection-no proxies) a few days ago and am still > trying to run it as normal user. I have no problems running it as root, > but when I try

Re: security report

Dear People, Thanks for the responses to my somewhat clueless (in retrospect) post. I suppose I should have realised that the fixes were being applied to the stable version. I didn't realise Debian took things so seriously, though. (I don't think anyone else goes to so much trouble.) But I'm lear

Re: security report

Faheem Mitha writes: > I thought security vulnerabilities were supposed to be fixed in stable. They are. In most cases it is done by backporting the fix to the version already in stable. This was done to ssh some time ago. > And does anyone have thoughts about the other warnings reported? Alwa

Re: security report

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A long time ago, in a galaxy far, far way, someone said... > > Dear Debian People, > > I got the following security audit of a machine I recently installed > Debian 2.2r3 on. This looks like output from nessus. Take everything it reports with a grai

Re: security report

Faheem Mitha <[EMAIL PROTECTED]> writes: > I got the following security audit of a machine I recently installed > Debian 2.2r3 on. I have run apt-get update and apt-get upgrade on it. The > most serious problem appears to be with ssh. What should I do about this, > if anything? > > Should I upgr

Re: security report

On Mon, Jul 02, 2001 at 11:41:30AM -0400, Faheem Mitha wrote: > I got the following security audit of a machine I recently installed > Debian 2.2r3 on. I have run apt-get update and apt-get upgrade on it. The > most serious problem appears to be with ssh. What should I do about this, > if anything?

Re: security report

On Mon, Jul 02, 2001 at 11:41:30AM -0400, Faheem Mitha wrote: > > Dear Debian People, > > I got the following security audit of a machine I recently installed > Debian 2.2r3 on. I have run apt-get update and apt-get upgrade on it. The > most serious problem appears to be with ssh. What should I d

Re: security

hi ya chris easy answer that just takes a little reading ... ( no sw to load/run ) -- if the software apps you're using is listed on the top-xx list of exploited/attacked sw than its a few minutes for them to get in http://www.Linux-sec.net - check the top-xx list of vulnerabiliti

Re: security

On Friday, June 29, 2001 5:44 AM, [EMAIL PROTECTED] writed: > The problem is that I have been given an assignment from > my college's mis head to check their net security from my linux box They do indeed have a problem. -g

Re: security

Chris Parker writes: > The problem is that I have been given an assignment from my college's mis > head to check their net security from my linux box. You have this assignment in the form of a signed document, I hope. -- John Hasler [EMAIL PROTECTED] Dancing Horse Hill Elmwood, Wisconsin

Fwd: Re: security

The funny thing is that in another mail, he clarifies the situation: "Student here from a micro$oft school of thought and sick of it. " I'd have tried to hack my school computers, when I was there, if it wasn't because there were no computers at all... If you really want help with this projec

Re: security

If you are interested in this sort of thing Hacking Exposed SEcond Edition is an EXCELLENT read. I am not a windows guy and I don't know much about windows security except what I have read in that book. As far as general purpose stuff check out nmap. www.insecure.org. It is *the* portscanning u

Re: security

If you really want help with this project send a mail signed with a good trusted key that proves that you are who you say you are and really do work for this Uni. Otherwise I hope everyone on this list is smart enough to ignore you. On Fri, Jun 29, 2001 at 07:44:05AM -0500, Chris Parker wrote:

Re: security updates running sid

"Brad Cramer" <[EMAIL PROTECTED]> wrote: >What line should I put in my sources.lits file in order to get security >updates for sid? Do they come from the stable tree? No, they just go straight into unstable. You shouldn't need to do anything special. -- Colin Watson

Re: security updates running sid

Brad Cramer <[EMAIL PROTECTED]> writes: BC> What line should I put in my sources.lits file in order to get security BC> updates for sid? Do they come from the stable tree? No, updates to sid should always include whatever security fixes are relevant. There's no separate security-update tree for s

Re: security: PAP v CHAP

> Qn./ Which is more secure, PAP or CHAP? > > Some people said PAP, some told me CHAP. > If PAP is less secure, why most ISPs are using PAP for subscribers' > authentication? PAP sends your password in cleartext. CHAP uses an encrypted challenge-response method. Therefore, CHAP is more secure th

Re: [SECURITY] [DSA-047-1] multiple kernel problems

On Sun, Apr 15, 2001 at 05:21:38PM -0700, Karsten M. Self wrote: [snip DSA] > > Does anyone know: > > - If these problems effected other 2.2.x kernels? yes all of them. > - If they effected user-compiled kernels? yes. though some of the holes would not affect you depending on your kerne

Re: [SECURITY] [DSA-047-1] multiple kernel problems

"Karsten M. Self" wrote: > Does anyone know: > > - If these problems effected other 2.2.x kernels? > - If they effected user-compiled kernels? from what ive read, the answer is yes to both questions, unless user compiled kernels are 2.2.19 :) 2.2.18 is immune to a couple of those bugs provid

Re: [SECURITY] [DSA-047-1] multiple kernel problems

on Mon, Apr 16, 2001 at 02:08:20AM +0200, Wichert Akkerman ([EMAIL PROTECTED]) wrote: > -BEGIN PGP SIGNED MESSAGE- > > - > Debian Security Advisory DSA-047-1 [EMAIL PROTECTED] > http://www.debian.or

Re: Security in sources.list

On Sun, Apr 08, 2001 at 11:49:12AM +0100, Keith O'Connell wrote: > Hi, > > I have the following lines relating to security in my sources.list; > > deb http://security.debian.org stable/updates main contrib non-free > deb-src http://security.debian.org stable/updates main contrib non-free > deb ht

Re: Security trough paranoia

On Fri, Mar 30, 2001 at 05:13:12PM -0800, Ben Gertzfield wrote: ... > How exactly are you proposing to keep change shadow passwords back and > forth from MD5 without having the user re-input every password? > > This is Very Hard to Do. :) Well, it seems I didn't think of How Things Work and the w

Re: Security through paranoia 2

On Sat, Mar 31, 2001 at 06:02:09PM -0300, [EMAIL PROTECTED] wrote: > Some messages I received told me that some users already have > some of this "paranoid" tools tunned. Could we get this stuff together? > Maybe creating a sub-project or a workgroup to accomplish this? Is there > anything al

Re: Security through paranoia 2

In thinking about the possibility of creating a more secure version of debian linux, I wonder if suid programs should not be automatically compiled with Stack Guard (or the like) and linked to libs with Format Guard. The Stack Guard part would be really easy, although Format Guard may be a little t

Re: Security trough paranoia

DM> My main objection is to having defaults that are incompatible with DM> other unices and linux already has plenty of those. You can't satisfy everybode's defaults. For example FreeBSD already have md5 as default. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- |

Re: Security trough paranoia

On Fri, Mar 30, 2001 at 10:54:00PM -0500, Chad Miller wrote: > > How exactly are you proposing to keep change shadow passwords back and > > forth from MD5 without having the user re-input every password? > > > > This is Very Hard to Do. :) > > ...and if it were easy, we wouldn't be considering MD

Re: Security trough paranoia

> > "Dimitri" == Dimitri Maziuk <[EMAIL PROTECTED]> writes: > Dimitri> Ok, I'll buy that. Hopefully, (package ?) install script > Dimitri> will ask me if I want md5 passwords and will tell me to > Dimitri> run /usr/sbin/md5config if I change my mind later (the > Dimitri> way it

Re: Security trough paranoia

> "Dimitri" == Dimitri Maziuk <[EMAIL PROTECTED]> writes: Dimitri> Ok, I'll buy that. Hopefully, (package ?) install script Dimitri> will ask me if I want md5 passwords and will tell me to Dimitri> run /usr/sbin/md5config if I change my mind later (the Dimitri> way it is done w

Re: Security trough paranoia

Hi there, the lids patch is part of the unstable distribution, (lids-2.2.18 & lids-2.4.1). If you want to build a secure kernel-image for debian feel free to do it. On the LIDS-homepage there are patches including stealth and openwall4 patch. If If you wish them to be packaged I think I can do.

Re: Security through paranoia

On Fri, Mar 30, 2001 at 05:48:28PM -0300, [EMAIL PROTECTED] wrote: I think that this is generally a great idea. There is definately a need for a more secure system than the default, and besides, efforts to create a fortified port could lead to improvements in the standard distro as well. >

Re: Security trough paranoia

On Fri, Mar 30, 2001 at 05:03:18PM -0600, Steve Langasek wrote: ... > Since the use of md5 primarily affects updates made to the local > password/shadow file, the only scenarios where this even becomes a problem are > when using NIS, or when distributing copies of the same password/shadow file > to

Re: Security trough paranoia

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 30 Mar 2001, Steve Langasek wrote: > Which default is really going to better the Debian community as a whole? ObCorrection: 'Which default is really going to better serve the Debian community as a whole?' I have no illusions that using stron

Re: Security trough paranoia

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Dimitri, On Fri, 30 Mar 2001, Dimitri Maziuk wrote: > > * PAM must come with md5 hash enabled by default. > No. Think heterogeneous networks. Apologies if I've missed something glaringly obvious, but how does having a heterogeneous network c

Re: Security trough paranoia

On Fri, Mar 30, 2001 at 05:46:42PM -0300, [EMAIL PROTECTED] wrote: > * everything must be recompiled under stackguard > (http://www.immunix.org/stackguard.html). This would prevent the > famous > "stack smashing" attack. Shirley not everything! > * glibc must be patc

Re: Security: Compromised?

on Wed, Mar 21, 2001 at 01:05:42PM -0600, Dave Sherohman ([EMAIL PROTECTED]) wrote: > On Wed, Mar 21, 2001 at 07:39:18PM +0100, William Leese wrote: > > to me, this doesn't look good. half of these services i know i do not have > > installed, neither do they show up on a ps aux. I'm running tcpwr

Re: Security: Compromised?

On Wed, Mar 21, 2001 at 07:39:18PM +0100, William Leese wrote: > to me, this doesn't look good. half of these services i know i do not have > installed, neither do they show up on a ps aux. I'm running tcpwrappers and > portsentry, could this have something to do with it? Yes. portsentry listen

Re: Security: Compromised?

First you can check what binaries listen what port. As root use command: netstat -ap or probably netstat -ap | grep LISTEN P.S. I'm not sure if switch -p works on Debian. It works on Slackware 7.0 - probably it should work on Debian. > "WL" == William Leese <[EMAIL PROTECTED]> writes:

Re: security line for source.lists

On Tue, Mar 20, 2001 at 10:18:24AM -0500, Hall Stevenson wrote: > > Do you know about a good site to security for my > > source.lists file? security.debian.org isn't working for me. > > This came up last week when there were problems accessing the site. They > are supposed to be fixed now... are y

Re: security line for source.lists

> Do you know about a good site to security for my > source.lists file? security.debian.org isn't working for me. This came up last week when there were problems accessing the site. They are supposed to be fixed now... are you still unable to access it ?? Regardless, it was also mentioned that th

Re: Security Issue

On Tue, Mar 06, 2001 at 10:55:40AM -0800, Ken Sandell wrote: > Hey guys, I want to have User Read Only directories, but I want to have users > in the same group and have them still not be able to read any other users > home directories. > > Also, the folder ~user/web is where their web shit is a

Re: Security Related Questions

Quoting Benjamin Pharr ([EMAIL PROTECTED]): > At 07:26 AM 2/1/01 , you wrote: > >Quoting Benjamin Pharr ([EMAIL PROTECTED]): > > > I have a couple of security related questions for you. I have no need for > > > sunrpc/portmap, however, I have found it impossible to discern which > > > package thes

Re: Security Related Questions

At 07:26 AM 2/1/01 , you wrote: Quoting Benjamin Pharr ([EMAIL PROTECTED]): > I have a couple of security related questions for you. I have no need for > sunrpc/portmap, however, I have found it impossible to discern which > package these belong to. up to potato: /etc/init.d/portmap stop and th

<    3   4   5   6   7   8   9   10   >