SSLTelnet question
Hi, I just installed SSLTelnet on my site and it seems to work fine. One thing though, it stopped displaying /etc/issue.net to people logging in. Has anyone gotten around this bug | feature? -- Shane Wegner: [EMAIL PROTECTED] Tel: (604) 930-0530 Sysadmin, Continuum Systems: http://www.cm.nu Personal website: http://www.cm.nu/~shane ICQ UIN: 12 PGP: keyid: 2048/F5C2BD91 Fingerprint: 8C 48 B9 D8 53 BB D8 EF 76 BB DB A2 1C 0D 1D 87 pgpcDCgGoXiSO.pgp Description: PGP signature
dpkg error
Hi, I seem to be having problems with apt when it tries to update. dselect u Get ftp://ftp.debian.org unstable/contrib Packages Get ftp://non-us.debian.org unstable/non-US Packages Get ftp://ftp.debian.org unstable/main Packages Get ftp://ftp.debian.org unstable/non-free Packages Fetched 663k in 3s (177k/s) Updating package file cache... E: Line 3 in package file /var/state/apt/lists/ftp.debian.org_debian_dists_unstable_main_binary-i386_Packages is too long.(2) update available list script returned error exit status 100. Press RETURN to continue. Has anyone had this and if so, is there a fix? -- Shane Wegner: [EMAIL PROTECTED] Tel: (604) 930-0530 Sysadmin, Continuum Systems: http://www.cm.nu Personal website: http://www.cm.nu/~shane ICQ UIN: 12 PGP: keyid: 2048/F5C2BD91 Fingerprint: 8C 48 B9 D8 53 BB D8 EF 76 BB DB A2 1C 0D 1D 87 pgp1LNzOyRvSf.pgp Description: PGP signature
Replacing kernel header files
Hi, I understand Debian does not use links for directories such as /usr/include/linux to /usr/src/linux/include/linux etc but they are in the libc6-dev package. Is there any easy way to upgrade these header files without recompiling all of glibc with the new header files? I mean, I could just rm -r /usr/include/linux and ln -s /usr/src/linux/include/linux /usr/include/linux but the next time libc6dev gets upgraded it steamrolls over my header files. Any ideas would be greatly appreciated. -- Shane Wegner: [EMAIL PROTECTED] Tel: (604) 930-0530 Sysadmin, Continuum Systems: http://www.cm.nu Personal website: http://www.cm.nu/~shane ICQ UIN: 12 PGP: keyid: 2048/F5C2BD91 Fingerprint: 8C 48 B9 D8 53 BB D8 EF 76 BB DB A2 1C 0D 1D 87 pgpnZKnGOhX3c.pgp Description: PGP signature
Serial consoles
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I posted here a few months ago about getting the Debian installation process to work on a serial console over a null modem connection to a vt100 terminal. Someone replied suggesting I replace the linux image provided with a developement kernel and enabling serial consoles that way. I am installing from a dos partition which I'll delete later so I have base2_1.tgz, drv1440.bin, install.bat, linux, resc1440.bin, and root.bin in a dos directory. My question is will simply rebuilding that linux file as a developement kernel and editing install.bat appropriately be enough or do I need to modify anything on root.bin? Also, do I have to rebuild drv1440.bin with the 2.1 modules and what modules and kernel compile options should I enable for the Debian install program to go smoothly? - -- Shane Wegner: [EMAIL PROTECTED] Tel: (604) 930-0530 Sysadmin, Continuum Systems: http://www.cm.nu Personal website: http://www.cm.nu/~shane Celine Dion Fan site: http://www.celine.nu/ PGP key: http://www.cm.nu/~shane/pgp.txt ICQ UIN: 15706546 -BEGIN PGP SIGNATURE- Version: PGP for Personal Privacy 5.0 Charset: noconv iQA/AwUBNntZvcrVq/2G1RScEQLsygCfV1BUrmQlOozJU4rGf7mZgULKirYAn3xz qAAk9hRQ+dyLpFV1EKZ3fGiO =WJ/U -END PGP SIGNATURE-
Apache bandwidth module
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, Firstly, thanks for the help with the serial console under Debian. I got it working and did a full install over the serial port and it worked well. The dinstall program could use a refresh key though for this purpose. Like with pico's ctrl+l combo. Anyways, I installed the Apache package from potato and have a question about the throttle module. It is appairently a module to limit bandwidth per user, can it do the same thing per virtual host. It'd be extreemly useful if it could but I can't find much documentation on the subject. Thank you in advance for your assistance. - -- Shane Wegner: [EMAIL PROTECTED] Tel: (604) 930-0530 Sysadmin, Continuum Systems: http://www.cm.nu Personal website: http://www.cm.nu/~shane Celine Dion Fan site: http://www.celine.nu/ PGP key: http://www.cm.nu/~shane/pgp.txt ICQ UIN: 15706546 -BEGIN PGP SIGNATURE- Version: PGP for Personal Privacy 5.0 Charset: noconv iQA/AwUBNn6RVsrVq/2G1RScEQJJIACfZteuUFMQolGQBHFwntgU4CUAfbAAoLBa WK/Em+Ng/DHX3ltYau9Tyh+S =ya2h -END PGP SIGNATURE-
screen package
Hi, I am having a problem with the screen package. I installed the Debian package which links with ncurses, libc, libcrypt, and libutil and it is slower than the binary I had running on a slackware libc5 based system. For example, when I create a window or switch windows, there's about a one second delay before it does anything. I tried using a libc5 binary and it segfaulted even though I have the appropriate libc packages and ncurses3 packages installed. Then I compiled the source, still slow. I then tried compiling on a libc5 based system using a -static option on gcc which didn't work either. It complained about not being able to read /var/run/utmp. Is Debian handling terminals a bit differently somewhere to cause this delay. My load average is like 0.03 and there's lots of free ram so it's nothing like that. It's very confusing because I've tried it linked staticly and it produced the same result. Any ideas? -- Shane Wegner: [EMAIL PROTECTED] Tel: (604) 930-0530 Sysadmin, Continuum Systems: http://www.cm.nu Personal website: http://www.cm.nu/~shane Celine Dion Fan site: http://www.celine.nu/ PGP key: http://www.cm.nu/~shane/pgp.txt ICQ UIN: 15706546
libcrypt.so
-BEGIN PGP SIGNED MESSAGE- Hello, I am fairly new to glibc but as I understand it, there is a version of libcrypt which is faster than the normal crypt function with glibc. Appairently it is only available in the US and Canada but I didn't see it on non-us.debian.org either. Does anyone have any information on this crypt library and how it can be installed on a Debian system? - -- Shane Wegner: [EMAIL PROTECTED] Tel: (604) 930-0530 Sysadmin, Continuum Systems: http://www.cm.nu Personal website: http://www.cm.nu/~shane Celine Dion Fan site: http://www.celine.nu/ PGP key: http://www.cm.nu/~shane/pgp.txt ICQ UIN: 15706546 -BEGIN PGP SIGNATURE- Version: 2.6.3a Charset: noconv iQEVAwUBNoaZGlzLgRKaVg+xAQHniQf9El60ACnaaiohKYC7CkWqzLZCTaetnbIA HP4I5ePDdlMkNM0r2uvsxJuYTLy7m4JWLlLxAxjI6E5SmENo9Gy1keVFGBQQ+Yf/ fZ/86toUvuzd8SE2vg8FeSK+CD17XunA9uVXmxqJErN741Y7nql6B5a0ZJe8ySPW b2x3Knso1+NxoTcy+3z4abZFICwGhtwfo8HtCj+pRqPsfng1HQD9k78wVOcrMGPy g7SHt00KCFvwkGtTzJpBzdJJoHqsyeuOLu50XOhzSoadjZhJl9HtGpJ68Smvk2o2 0KPjO6KSI/qUEi4lrE9yiIAF3SwEAVa3oTqJq3ixeMdhl8hrIru8oA== =+F0D -END PGP SIGNATURE-
PGP question
Hi, I have a question about PGP which I am hoping someone can help me with. I live in Canada and I am wondering what version of PGP I should use. Being a Canadian citizen, I can download the US version or the international version I believe so I am wondering what version, technically speaking, gives the most flexability. I am currently using pgp 2.6.3-us due to the fact that it's opensource but am wondering if I am losing anything by that. Also, since I am running a multiuser system, is it ok to let others have access to PGP who may be outside the US or Canada when logged into my system? Thank in advance, Shane -- Shane Wegner: [EMAIL PROTECTED] Tel: (604) 930-0530 Sysadmin, Continuum Systems: http://www.cm.nu Personal website: http://www.cm.nu/~shane PGP key: http://www.cm.nu/~shane/pgp.shtml
Rvplayer
Hi, I have been trying to get the RealNetworks' real video player working for some time now. The g2 player in potato just segfaults and the realplayer5 deb does not seem to be available anymore. I am wondering if anyone knows either a) how to get g2 to work or b) where I can find a rvplayer 5.0 deb. It appears someone already filed a bug relating to the segfault but I imagine there's nothing the maintainer can do about it. Any assistance would be greatly appreciated. Best regards, Shane -- Shane Wegner: [EMAIL PROTECTED] Personal website: http://www.cm.nu/~shane Fax: (604) 930-0529 PGP: keyid: 2048/F5C2BD91 ICQ UIN: 12 Fingerprint: 8C 48 B9 D8 53 BB D8 EF 76 BB DB A2 1C 0D 1D 87 pgpXki4NplXXL.pgp Description: PGP signature
Help with screen
Hi all, I have been user the Screen program for over a year now and have encountered a problem I am having trouble getting around. I am using the screen-3.9.4-1 deb found in potato. I am using a dos telnet client which is a dec vt102 terminal emulator. Screen handles this fine but I recently extented the vt102 terminfo/termcap entries to incorperate the functions of the pc keyboard. In other words, I created a vt102-pc terminal entry to support 48 function keys, arrows, etc etc. Screen seems to override these settings however and my arrows don't work. I even tried creating a screen.vt102-pc terminal entry to no avail. The entry is below. vt102-pc|dec vt102 with PC keyboard extentions, use=vt102, kbs=^H, kcub1=\E[D, kcud1=\E[B, kcuf1=\E[C, kcuu1=\E[A, kdch1=\177, kend=\E[4~, kf1=\E[11~, kf10=\E[21~, kf11=\E[23~, kf12=\E[24~, kf13=\E[11;2~, kf14=\E[12;2~, kf15=\E[13;2~, kf16=\E[14;2~, kf17=\E[15;2~, kf18=\E[17;2~, kf19=\E[18;2~, kf2=\E[12~, kf20=\E[19;2~, kf21=\E[20;2~, kf22=\E[21;2~, kf23=\E[23;2~, kf24=\E[24;2~, kf25=\E[23~, kf26=\E[24~, kf27=\E[25~, kf28=\E[26~, kf29=\E[28~, kf3=\E[13~, kf30=\E[29~, kf31=\E[31~, kf32=\E[32~, kf33=\E[33~, kf34=\E[34~, kf35=\E[35~, kf36=\E[36~, kf37=\E[23;2~, kf38=\E[24;2~, kf39=\E[25;2~, kf4=\E[14~, kf40=\E[26;2~, kf41=\E[28;2~, kf42=\E[29;2~, kf43=\E[31;2~, kf44=\E[32;2~, kf45=\E[33;2~, kf46=\E[34;2~, kf47=\E[35;2~, kf48=\E[36;2~, kf5=\E[15~, kf6=\E[17~, kf7=\E[18~, kf8=\E[19~, kf9=\E[20~, khome=\E[H, kich1=\E[2~, knp=\E[6~, kpp=\E[5~, When I press the home key outside of screen, it receives \e[H, when inside screen, it receives \e[1~ which happens to be the vt100 home key. Is there any way to turn off this translation? To force screen to use whatever terminal I am in? Thanks in advance, Shane -- Shane Wegner: [EMAIL PROTECTED] Personal website: http://www.cm.nu/~shane Fax: (604) 930-0529 PGP: keyid: 2048/1C0FFA59 ICQ UIN: 12 Fingerprint: C6 5F B3 85 0B 11 30 F3 52 89 0C 6C 49 08 94 7B pgputVLGdEY3j.pgp Description: PGP signature
Installation question
Hi all, I have successfully installed a Debian system in the past but this one is a bit different. I am installing a minimal system on what will be a router. libc, kernel, ipchains, ssh, dhcp-relay, and that's about it. The harddrive I will be installing on is currently /dev/hdb on a working potato system. I want to mount /dev/hdb1 on /mnt and do the installation directly using the current Linux box. This is because the router doesn't have a video card or a floppy drive for that matter. Is it as easy as just unpacking the basexxx.tgz file on the mountpoint and then doing dchroot apt-get install to install the various packages. Is there anything else I need to do? Is ln /proc /mnt/proc safe as some setup programs might need it in the chrooted environment? Regards, Shane -- Shane Wegner: [EMAIL PROTECTED] Personal website: http://www.cm.nu/~shane Fax: (604) 930-0529 PGP: keyid: 2048/1C0FFA59 ICQ UIN: 12 Fingerprint: C6 5F B3 85 0B 11 30 F3 52 89 0C 6C 49 08 94 7B pgp2t9BcbjCMf.pgp Description: PGP signature
Keeping permissions after upgrade
Hi all, I was wondering if there is any mechanism in the Debian system to keep certain permissions on programs even after an apt upgrade. For example, ping is root.root 4755. I edit /etc/suid.conf to make is root.staff 4750 (same with crontab) and whenever the package containing that binary gets upgraded, there go my permissions. Any ideas greatly appreciated. -- Shane Wegner: [EMAIL PROTECTED] Sysadmin, Continuum Systems: http://www.cm.nu Tel: (604) 930-0530 Personal website: http://www.cm.nu/~shane Fax: (604) 930-0529 PGP: keyid: 2048/F5C2BD91 ICQ UIN: 12 Fingerprint: 8C 48 B9 D8 53 BB D8 EF 76 BB DB A2 1C 0D 1D 87 pgplUKX4aYPzm.pgp Description: PGP signature
two things
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I have two questions before installing Debian and was hoping someone here might know the answer to either one or both of these. Please cc me on replies for I am not subscribed to this list yet. 1) Many cable and xdsl modems now are using the DHCP protocol. I am wondering when doing a network install from ftp.debian.org or a mirror, if Debian can use dhcp to get on the net. I am using adsl and the only way I can get on the net is with the dhcpcd package. 2) When I installed slackware, I did it over a null-modem serial connection to an ms-dos machine running a program called telix. I do this because I use screen reading software to read the screen and as of yet, there is nothing available under Linux. Therefore, in slackware I log in as root and go. /sbin/agetty 9600 ttyS0 vt100 and do the whole setup remotely by running setup from the remote machine. Is this possible to do while using Debian? I understand that it goes into the setup program as soon as you boot the bootdisk or cdrom so you'd have to break out somehow and spawn the agetty and run it from the remote machine. Anyone have any hints on how to do it? Anyways, thanks in advance for your assistance. I'd really like to replace this slackware box with a Debian 2.1 box when it comes out due to the fact that it is more robust. - -- Shane Wegner: [EMAIL PROTECTED] Tel: 604-930-0530 Sysadmin, Continuum Systems: http://www.cm.nu Personal website: http://www.cm.nu/~shane Celine Dion Fan site: http://www.celine.nu/ PGP key: http://www.cm.nu/~shane/pgp.txt ICQ UIN: 15706546 -BEGIN PGP SIGNATURE- Version: PGP for Personal Privacy 5.0 Charset: noconv iQA/AwUBNiuX/srVq/2G1RScEQLzAACdGq/VYzLM6jbGh0MWpi94TWc7ptQAn2EJ qcpAvloGUuwBmfSfGkBFAaSm =NTtN -END PGP SIGNATURE-
Building PHP 4.0.1pl2(woody) on potato
Hi, As the subject suggests, I am attempting to build the php 4.0.1pl2 from woody on a potato system. After satisfying all build-depends, "debian/rules binary" failed with a strange error. All supporting libraries are taken from potato and therefore may be older than those in woody and that could be it. If anyone has had success in this area, I would appreciate hearing from you. /bin/sh /home/staff/shane/outgoing/php4/php4-4.0.1pl2/apache-build/libtool --silent --mode=link gcc -g -O2 -o libphp4.la -rpath /home/staff/shane/outgoing/php4/php4-4.0.1pl2/apache-build/libs -avoid-version -L/usr/X11R6/lib -R /usr/X11R6/lib stub.lo Zend/libZend.la sapi/apache/libsapi.la main/libmain.la ext/db/libdb.la ext/filepro/libfilepro.la ext/ftp/libftp.la ext/gettext/libgettext.la ext/pcre/libpcre.la ext/posix/libposix.la ext/session/libsession.la ext/standard/libstandard.la ext/sysvsem/libsysvsem.la ext/sysvshm/libsysvshm.la ext/zlib/libzlib.la -ldb -lpam -ldl -lz -lmm -lpcre -lX11 -lXpm -ljpeg -lresolv -lbind -lm -ldl -lcrypt -lnsl -lresolv -L/usr/lib -ljpeg -L/usr/X11R6/lib -lXpm -lX11 /usr/bin/ld: .libs/libphp4.so: undefined versioned symbol name __ns_name_unpack@@GLIBC_2.1 /usr/bin/ld: failed to set dynamic section sizes: Bad value collect2: ld returned 1 exit status make[2]: *** [libphp4.la] Error 1 make[2]: Leaving directory /home/staff/shane/outgoing/php4/php4-4.0.1pl2/apache-build' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory /home/staff/shane/outgoing/php4/php4-4.0.1pl2/apache-build' make: *** [build-apache-stamp] Error 2 Shane -- Shane Wegner: [EMAIL PROTECTED] Personal website: http://www.cm.nu/~shane/
Using verp with Debian's smartlist package
Hi all, A while ago, the Debian mailing lists at lists.debian.org went to using a different 'From ' line. The administrator said at the time that a VERP was being used. I am curious as to how a VERP can be implemented using smartlist with SendMail. It would have to use the [EMAIL PROTECTED] format I suppose. Has anyone successfully gotten this to work? Cheers, Shane -- Shane Wegner: [EMAIL PROTECTED] Personal website: http://www.cm.nu/~shane/
Re: Using verp with Debian's smartlist package
On Mon, Aug 07, 2000 at 11:40:35PM -0300, Rogerio Brito wrote: > On Aug 07 2000, Shane Wegner wrote: > > Has anyone successfully gotten this to work? > > Must you use sendmail? Would you be willing to use qmail? If > so, then qmail supports VERPs outta the box with its fast > mailing list manager, ezmlm (and its add-on, ezmlm-idx). I'd > recommend using them for both kick some major arse! :-) Well unless I am getting some significant features, I'd rather not learn a whole new mail system. I use some sendmail features which other mailers may not have such as login authentication for relaying and TLS encrypted sessions. These are even new for sendmail. Besides, can't it support VERP using the username+data construct anyway? Shane -- Shane Wegner: [EMAIL PROTECTED] Personal website: http://www.cm.nu/~shane/
Kernel 2.4, NFS, and 32 bit UIDs
Hi, I encountered a problem going to Linux 2.4 and am not sure what is the correct thing to do here. My nfs client sends -2 as the UID and GID when mounting a remote directory. This cannot be changed. Normally, this maps to nobody.nogroup uid 65534. However, on Linux 2.4, sending -2 maps to 4294967294 which on Debian is not mapped to a user id on a Debian system. Should the nobody user and nogroup group be set to id 4294967294? If so, what will that do on kernel 2.2? Cheers, Shane -- Shane Wegner: [EMAIL PROTECTED] http://www.cm.nu/~shane/ PGP: 1024D/FFE3035D A0ED DAC4 77EC D674 5487 5B5C 4F89 9A4E FFE3 035D
Re: help: how install sendmail 8.11 with old libc6
On Tue, Oct 24, 2000 at 06:35:57PM +0200, Jaume Teixi wrote: > hi, > > I have a potato server running oracle who uses sendmail and apache from > woody > Last week I switched sources.list to woody to upgrade sendmail and > apache. > This causes upgrade of libc6, as I succesfully upgraded on a other > server (a completelly woody one) I had no surprise.. but... > ...oracle 8.1.6 (release 2) doesn't works with libc6 2.1.95 > > So I need to downgrade to libc6 2.1.3 but then apache and sendmail > woodies ones doesnt' works now with libc6 2.1.3 As someone alrieady stated in another post, you'll have to grab the source from woody and recompile. I don't know what you have to do to Apache but I had to apply some changes to get sendmail running under potato. diff -aurN sendmail-8.11.1.orig/debian/local/site.config.m4.in sendmail-8.11.1/debian/local/site.config.m4.in --- sendmail-8.11.1.orig/debian/local/site.config.m4.in Mon Oct 2 00:30:54 2000 +++ sendmail-8.11.1/debian/local/site.config.m4.in Mon Oct 2 01:41:30 2000 @@ -59,12 +59,11 @@ # Note: sigh... this hits everything due to libsmutil/errstring.c define(`ac_cv_header_db_h', [EMAIL PROTECTED]@')dnl ifelse(ac_cv_header_db_h, `yes', - `APPENDDEF(`confINCDIRS', `-I/usr/include/db2')' `APPENDDEF(`confMAPDEF', `-DNEWDB')' - `APPENDDEF(`conf_makemap_LIBS', `-ldb2')' - `APPENDDEF(`conf_praliases_LIBS', `-ldb2')' - `APPENDDEF(`conf_sendmail_LIBS', `-ldb2')' - `APPENDDEF(`conf_vacation_LIBS', `-ldb2')' + `APPENDDEF(`conf_makemap_LIBS', `-ldb')' + `APPENDDEF(`conf_praliases_LIBS', `-ldb')' + `APPENDDEF(`conf_sendmail_LIBS', `-ldb')' + `APPENDDEF(`conf_vacation_LIBS', `-ldb')' ) # # NIS -- Shane Wegner: [EMAIL PROTECTED] http://www.cm.nu/~shane/ PGP: 1024D/FFE3035D A0ED DAC4 77EC D674 5487 5B5C 4F89 9A4E FFE3 035D
Navigating the new ftp.debian.org
Hi, A quick question about navigation of ftp.debian.org with package pools. I am curious as to the easiest way to get the source of a package from say woody when I am using potato. For example, when I wanted the source to php4, I was able to go into /debian/dists/woody/main/source/web;get php4_* and I had everything I needed. With pools, I can look at debian/pool/main/p/php4 but multiple versions for multiple distributions can exist for the same package. I was surprised Debian isn't providing symlinks into the pool from dists/woody. Cheers, Shane -- Shane Wegner: [EMAIL PROTECTED] http://www.cm.nu/~shane/ PGP: 1024D/FFE3035D A0ED DAC4 77EC D674 5487 5B5C 4F89 9A4E FFE3 035D
Problem with rescue disks
Hi, I am attempting to modify the Debian rescue flopy to be an emergency recovery for my system. Actually it's root.bin which I am modifying. I am having problems adding utilities. I need to add the raid tools as well as restore(8). When I chroot to the floppy and try a restore, it give me this. restore: error in loading shared libraries: restore: symbol fchown, version GLIBC_2.0 not defined in file libc.so.6 with link time reference Now, libc.so.6 on my potato system is 800k, the one on the boot floppy is only 400k. Is this some sort of stripped glibc? If so, how can I compile additional utilities against it. I am looking to add restore, raidtools2, and agetty. Can this be done? Shane -- Shane Wegner: [EMAIL PROTECTED] Personal website: http://www.cm.nu/~shane/ pgpUPXrKvEJxo.pgp Description: PGP signature
Excluding a directory with dump(8)
Hi all, I am having trouble figuring out how to exclude an entire directory in a filesystem dump using dump(8). Dump appears to only have an exclude inode option. The manpage says that one can use stat to find the inode numbers of files and directories. However, when I stat a directory and pass the inode number to dump -e, there is no noticable result. Shane -- Shane Wegner: [EMAIL PROTECTED] Personal website: http://www.cm.nu/~shane/
db2 installation
Hi all, I was just looking at IBM's DB2 package and would like to install it on Debian. However, it looks like it is going to use rpm to install the packages and as I understand it, you can't do that on Debian. Does anyone know of a db2 installer Debian package or how I can patch db2setup and db2_install so that they use alien to convert the rpm files to deb and then install them that way. If anyone has any experience with this, your suggestions would be greatly appreciated. Regards, Shane -- Shane Wegner: [EMAIL PROTECTED] Personal website: http://www.cm.nu/~shane Fax: (604) 930-0529 PGP: keyid: 2048/1C0FFA59 ICQ UIN: 12 Fingerprint: C6 5F B3 85 0B 11 30 F3 52 89 0C 6C 49 08 94 7B
apt-listchanges not running
Hi, After an upgrade, apt-listchanges isn't running on a dist-upgrade. I am using the latest everything from unstable. /etc/apt.conf.d/20-apt-listchanges contains the following. DPkg::Pre-Install-Pkgs { "/usr/bin/apt-listchanges --apt || test $? -ne 10"; }; DPkg::Tools::Options::/usr/bin/apt-listchanges::Version "2"; Is there anything else I need to look at? Regards, Shane -- Shane Wegner: [EMAIL PROTECTED] http://www.cm.nu/~shane/ PGP: 1024D/FFE3035D A0ED DAC4 77EC D674 5487 5B5C 4F89 9A4E FFE3 035D
sendmail and setgroups()
Hi, The current SendMail in unstable appears to be doing a setgroups() call when it does not have superuser privileges. I am getting the following on a regular basis from my lids kernel. LIDS: sendmail (9 2 inode 32909) pid 19760 user (8/8) on NULL tty: more CAP_SETGID violation: Try to setgroups,logging disabled for 10 seconds It only loggs this when setgroups() is called and the user is not root. Do you have any idea what this could be? Regards, Shane -- Shane Wegner: [EMAIL PROTECTED] http://www.cm.nu/~shane/ PGP: 1024D/FFE3035D A0ED DAC4 77EC D674 5487 5B5C 4F89 9A4E FFE3 035D
Re: sendmail and setgroups()
On Wed, May 02, 2001 at 03:42:55PM -0400, Richard A Nelson wrote: > On Wed, 2 May 2001, Shane Wegner wrote: > > The current SendMail in unstable appears to be doing a > > setgroups() call when it does not have superuser > > privileges. I am getting the following on a regular basis > > from my lids kernel. > > > > LIDS: sendmail (9 2 inode 32909) pid 19760 user (8/8) on > > NULL tty: more CAP_SETGID violation: Try to > > setgroups,logging disabled for 10 seconds > > > > It only loggs this when setgroups() is called and the user > > is not root. Do you have any idea what this could be? > > Yeah, its part of the recent security updates sendmail is pushing > for the 8.12.0 release. > > They've already received a report on this, I'll second it so we > can see if they'll do the SETGID only if running root. Thanks, here's the simple patch I used anyways if you're interested. diff -ur sendmail-8.12.0.Beta7.orig/sendmail/main.c sendmail-8.12.0.Beta7/sendmail/main.c --- sendmail-8.12.0.Beta7.orig/sendmail/main.c Mon Apr 2 15:55:00 2001 +++ sendmail-8.12.0.Beta7/sendmail/main.c Fri May 4 16:26:59 2001 @@ -2980,6 +2980,8 @@ /* reset group permissions; these can be set later */ emptygidset[0] = (to_real_uid || RunAsGid != 0) ? RunAsGid : getegid(); + if (geteuid == 0) + { if (setgroups(1, emptygidset) == -1 && geteuid() == 0) { syserr("drop_privileges: setgroups(1, %d) failed", @@ -3026,6 +3028,7 @@ syserr("drop_privileges: Unable to drop non-root set-user-id privileges"); rval = EX_OSERR; } + } } if (tTd(47, 5)) { -- Shane Wegner: [EMAIL PROTECTED] http://www.cm.nu/~shane/ PGP: 1024D/FFE3035D A0ED DAC4 77EC D674 5487 5B5C 4F89 9A4E FFE3 035D