What's VOS? Have I been missing out on something interesting??
-Original Message-
From: Thomas Charron [mailto:[EMAIL PROTECTED]]
Sent: Monday, April 24, 2000 1:27 AM
To: Jerry Eckert; [EMAIL PROTECTED]
Subject: Re: compromised system
> If only we still had the *real* *ics operating sy
> If only we still had the *real* *ics operating system -- Multics -- this
> wouldn't even be a problem. :)
One word..
VOS.. ;-P
**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body*
"Karl J. Runge" wrote:
> /bin/login needs to be able to change to the userid who is logging in
> (e.g. via something like setuid(2)). In some cases /bin/login is run
> by an unprivileged process.
Is there a semi-canonical list of the things that must run setuid on a
Linux system, and why? This
Derek Martin wrote:
>
> someone just asked
>if RH configures named to run as a non-root user. The named daemon binds
>to port 53, which is a "reserved" port, and requires root priviledges for
>this operation.
Is it possible for named to start run
At 08:16 PM 4/23/00 -0400, Benjamin Scott wrote:
>On Sun, 23 Apr 2000, Kenneth E. Lussier wrote:
> > One problem that I am faced with now it trying to learn more about
> > ipchains ( I know the basics already, but there is a lot more detail that
> > I would like to know) ...
>
> Such as...? Fo
The biggest problem that you *may* encounter depending upon your
configuration is going to be log/status/debug files. Of course, if you
ever decide to be a slave for anything, your problems will be more
complex.
- Marc
On Sun, 23 Apr 2000, Derek Martin wrote:
> Today, Marc Evans gleaned this in
Today, Marc Evans gleaned this insight:
> People should really consider running daemons like named in a chroot'ed
> environemnt (see http://www.psionic.com/papers/dns/ for example). You
> should also consult the INSTALL file in the source distribution, which
> discusses the -u, -g and -t options:
I recommend reading what is driving bind version 9:
http://www.isc.org/products/BIND/plans.html
- Marc
On Sun, 23 Apr 2000, Kenneth E. Lussier wrote:
> BIND has been around longer than I have, so most of my knowledge on the subject
> is in retrospect. However, from everything that I ha
On Sun, 23 Apr 2000, Kenneth E. Lussier wrote:
> One problem that I am faced with now it trying to learn more about
> ipchains ( I know the basics already, but there is a lot more detail that
> I would like to know) ...
Such as...? For general firewall theory, I'd say the O'Reilly book is
pre
BIND has been around longer than I have, so most of my knowledge on the subject
is in retrospect. However, from everything that I have read and heard from
people, there hasn't been a version of bind yet that hasn't had some sort of
major security vulnerability. I'm not sure if it is because the cr
What you are showing is quite true... for RH6.2. The system in question
is 6.1, and the errata for 6.1 only brings you up to P3.
>From RH's 6.1 Errata Page:
4. Relevant releases/architectures:
Red Hat Linux 6.1, all architectures
ftp://updates.redhat.com/6.1/i386/
I said that I wouldn't comment on Rob Zeiglers book because I haven't read it.
However, from what you have described, the book is an extension of the utility
that he has on the web for building a firewall script. I was never a big fan of
the tool because it bloated the script with far to many thin
On Sun, 23 Apr 2000, Derek Martin wrote:
> I deleted the message before I could reply to it, but someone just asked
> if RH configures named to run as a non-root user. The named daemon binds
> to port 53, which is a "reserved" port, and requires root priviledges for
> this operation.
It would
People should really consider running daemons like named in a chroot'ed
environemnt (see http://www.psionic.com/papers/dns/ for example). You
should also consult the INSTALL file in the source distribution, which
discusses the -u, -g and -t options:
User and Group ID
Specifying "-u"
I deleted the message before I could reply to it, but someone just asked
if RH configures named to run as a non-root user. The named daemon binds
to port 53, which is a "reserved" port, and requires root priviledges for
this operation.
There's no other reason that I'm aware of that named couldn
I've been cracked via bind 4 times over the past year. Each bind was a
different version. The last time was my workstation on a LAN at work. Yes,
the LAN should of been firewalled, but more important is to not run
services that you don't really need. For workstations, use the workstation
insta
On Sun, 23 Apr 2000, dsbelile <[EMAIL PROTECTED]> wrote:
>
> it's easy enough to figure out if you vulnerble to the bind sploit:
> issue
> : dig @victim.com version.bind chaos txt | grep \"8
>
> later! chris
Are you saying the current exploit is for ALL 8.* versions of BIND?
I was guessing
Found it no sooner then I sent the darned message..
I'm not sure what put the directive in httpd.conf, but the Files section
looked like this:
Order allow,deny
Deny from all
It was either shipped in the default install, or put there by linuxconf,
which I used to configure
Guys, this is probrably a one liner fix, but here's the scoop.
I have an in house network with 5 computers hooked up, 1 Win98, 1 NT
Workstation, 1 NT Server, 2 Linux. I recently began looking at porting some
of the ASP WAP pages I've been working on for work to Apache and PHP.
That's the
dsbelile wrote:
>
> it's easy enough to figure out if you vulnerble to the bind sploit:
> issue
> : dig @victim.com version.bind chaos txt | grep \"8
Oh, ah? Changing '@victim.com' to your own server, yes? And
how does one tell from the output whether one is vulnerable or
not?
--
#kenP-)}
it's easy enough to figure out if you vulnerble to the bind sploit:
issue
: dig @victim.com version.bind chaos txt | grep \"8
later! chris
**
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*bo
21 matches
Mail list logo
