Re: limit processes that a user can 'see'
Maxime Henrion wrote: > Hello, > > I have an idea that I would love to see applied in FreeBSD source code, > but as I'm not skilled enough to code it, I post it to see if you think > it makes sense, and if someone would be interested in coding this. It is > a security measure regarding 'ps' command. > > By using the 'ps' command, any user logged in the system can view all > the running processes, including root's one and processes of other > users. My idea is to limit a bit this behaviour. > > Through a sysctl variable, the root could restrict the list of > "readable" processes. By readable, I mean that it can be viewed. For > example, a value of 0 could mean no restriction, 1 would hide root > processes, 2 would restrict the visible processes to the processes > owned by users in the same group as the current user, and finally, 3 > would restrict the processes list to those owned by the current user > (this is the way I'd have done it if I was able to). > > Of course, there would be no limitation for the superuser. > > The modification must be done at a low enough level so that a user won't > be able to bypass this security measure by compiling another 'ps' so > patching 'ps' doesn't suffise (in fact, if it was, I would have done it > :-). > > What do you all think of this ? > > Best regards, > > Maxime Henrion > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-hackers" in the body of the message I think it is fascist, butit's your system. Have Fun, Sends Steve P.S.Known to to run wth at.deny and cron.deny set to known one with no trouble. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: limit processes that a user can 'see'
Poul-Henning Kamp wrote: > In message <[EMAIL PROTECTED]>, Maxime Henrion writes: > >Hello, > > > >I have an idea that I would love to see applied in FreeBSD source code, > >but as I'm not skilled enough to code it, I post it to see if you think > >it makes sense, and if someone would be interested in coding this. It is > >a security measure regarding 'ps' command. > > > >By using the 'ps' command, any user logged in the system can view all > >the running processes, including root's one and processes of other > >users. My idea is to limit a bit this behaviour. > > You can possibly make jail(8) do this for you... > > -- > Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 > [EMAIL PROTECTED] | TCP/IP since RFC 956 > FreeBSD coreteam member | BSD since 4.3-tahoe > Never attribute to malice what can adequately be explained by incompetence. > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-hackers" in the body of the message WHY WPULD ANYONE WANT TO DO THIS?? Have Fun, Sends Steve To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: UNSUBSCRIBE REMOVE
Chris Costello wrote: > On Saturday, August 26, 2000, [EMAIL PROTECTED] wrote: > > [2,640 lines removed] > > ... and this was at the bottom of the message you quoted: > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > > with "unsubscribe freebsd-hackers" in the body of the message > >At the very least, don't just mail a whole day's worth of data > back to the list with "UNSUBSCRIBE REMOVE" affixed to the subject > line. Don't you know how much bandwidth and money you're wasting > for people who have to pay for the amount of data they download? > >I'm sending this to the list because hopefully someone else > reading it and wanting to unsubscribe won't make the same > mistake. > > -- > |Chris Costello <[EMAIL PROTECTED]> > |Justify my text? I'm sorry but it has no excuse. > `- > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-hackers" in the body of the message But it's fun!!! IT's like some magic chamy ---Have aafun Send Steve (who goes back to mainly lurking!!!:) To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: I'm convinced 'gcc' is meant to be pronounced 'ARRRRGGGHHH!'
Dag-Erling Smorgrav wrote: > Will someone please inform the gcc developers of the last decade's > advances in C standardization? Yes, Virginia, ISO C (it's not ISO C > any more, and hasn't been since 1989) does support 'long long' and the > 'll' format. > > DES > -- > Dag-Erling Smorgrav - [EMAIL PROTECTED] > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-hackers" in the body of the message Sorry topost to everyone. I'll get my mailer fixed. But many times I have been comvinced that IEEE is indeed a primal scream! :) Have Fun, Sends Steve P.S. Back to lurking and hacking and amnsewering stacks of email. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: Sitting on hands (no longer Re: FreeBSD vs Linux, Solaris, and NT)
SteveB wrote: > Here's the thing about open software that still concerns me. My > background is with the major software development tools companies, so > that is my point of reference. It is great that code is available and > fixes are made and pushed out, but who is doing real testing of these > fixes. Sure the obvious problem is fixed, but what other problems has > it uncovered, what side effect has it created, and how about > compatibility with other software or drivers in this case. > > With commercial software (well at least the places I worked) nothing > could go out the door without a complete QA cycle performed on it. > Even the smallest of bug fixes couldn't be released without a QA > cycle. A full QA cycle was time consuming and expensive, so fixes sat > until there was a stack of them to QA'd as a group or they had to wait > until next upgrade. That way we knew state of the product. Yes, the > state of the product would include known bugs. The key was a known bug > and a known documented bug was as valuable as a fix. Sure a bug is > bad, but if it is documented you don't waste trying to make something > work that is known to be broke. > > So who is testing these fixes in open source world? Just seeing if > the problem at hand is gone isn't real testing, even claiming > thousands of people are now using it isn't enough. There can still be > lurking potentially data destroying bugs lurking. In the open source > world is there a official QA process or group. Is there a FreeBSD > test suite that releases go through. QA is unglamorous work, but > needs to be done. > > Steve B. > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > > Wes Peters > > Sent: Thursday, December 21, 2000 12:28 AM > > To: Michael C . Wu > > Cc: Dennis; Boris; Murray Stokely; [EMAIL PROTECTED] > > Subject: Sitting on hands (no longer Re: FreeBSD vs Linux, > > Solaris, and > > NT) > > > > > > "Michael C . Wu" wrote: > > > > > > On Tue, Dec 19, 2000 at 11:43:17AM -0500, Dennis scribbled: > > > | > > > | case and point: How many of us are sitting on our hands > > waiting for DG to > > > | have time to fix the latest snafu in the if_fxp driver? > > You cant blame him > > > | for having a job and earning a living, but the fact is > > that only he has > > > | enough experience with the part to do the job. We all > > have source, but who > > > | wants to spend a couple of weeks learning the > > intricacies of a very complex > > > | part to fix what amounts to a very small bug? > > > > > > Many of us do. > > > > I, in fact, once did. It was a great learning opportunity > > for me and only a > > minor pain in the butt for DG. I collected data and > > learned where the driver > > hung, he realized almost immediately what was causing the > > problem and sent me > > a quick pointer to aonther driver that already had the same > > problem sovled, > > and it took me another few minutes to isolate the code, > > test, and provide a > > patch. > > > > It is a shame how many think they cannot be of help in a > > situation like this, > > when in reality they can be extremely helpful. One of the > > most important > > skills you can learn and polish as an open source > > contributor is to write > > good bug reports or descriptions. Instead of saying "your > > driver don't work > > with my xyz123 rev A-11 card", say "the card initialization > > enters the loop > > in xyz123.c at line 413 (rev 1.4.2.27) and never returns; > > if I change to the > > to exit after 1 million tries, the system boots but the the > > xyz123 device > > isn't in the dmesg." Then include the full dmesg and > > perhaps your kernel > > config if that might have something to do with it. > > > > You'd be astonished just how helpful you CAN be, simply by > > tracking down an > > appropriate routine, adding a few printfs, and isolating > > where the problem > > is occurring. > > > > -- > > "Where am I, and what am I doing in this handbasket?" > > > > Wes Peters > >Softweyr LLC > > [EMAIL PROTECTED] > > http://softweyr.com/ > > > > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > > with "unsubscribe freebsd-hackers" in the body of the message > > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-hackers" in the body of the message Please tell me this again. My experience lots of bugs go out the door. Finding them is not easy. Some had dangerous secuiry flaws missed until one playing around with logs a lot and tries all sort of strange things somethings one ins't supposed to. One had an FTP secuirty flaw allowing multiple retests of password. That and a good dirctionary attack and one could drive the proverbial mack truck through. The Machine I trested had a good easy to remember but mixed langauage pawword so multiple attacks via dictionary showed in the log as about 500 attempts at root login w/ eventual failure. If the password tried on a dummy account (say Jay
Whoopsie! Hope I didn't jam everyone up...
My great plan of letting my mail spool file accumulate until I had all my new equipment like a new hard drive and Eudora and new browsers etc. uh, had a little uh...bug in it. My mail spool file got too big and my mail got bounced. I am pretty sure this affected only me. If it didn't I apologize. Anyway I used mail2web to clear it up and it seems to be working. Hopefully it didn't freak out postini or something. Anyway if anyone sent me mail and it bounced please retransmit. Sorry if anyone got clutter some bounce messages. Things should hopefully will now. Sorry to inflict people with my bad planning and please excuse the verbose apology. Have Fun, Sends Steve To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: Technical Differences of *BSD and Linux
Josef El-Rayes wrote: > Dear Arief, > > as you can see your questions are not very welcome on the mailinglists, therefore i >advice you to have a look at this book if you are interested in BSD's technical >background > > Title: The Design and Implementation of the 4.4BSD Operating System > > Authors: McKusick, Bostic, Karels and Quarterman > Publisher: Addison-Wesley > > 4.4BSD is what NetBSD, OpenBSD and FreeBSD are basing on. > > For Linux i cant help you. > > Take this approach to read about technicals issues yourself, by finding the >differences yourself you learn much more than being told. > > greets, josef > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-hackers" in the body of the message Overall this is not the place to go into all that Linux vs. BSD stuff. Usually hacker lists are for technical details. Although sometimes general issues like security will get floated. I don't know if I (1) Feel Competent Enough (2)Have the Time to throw together a *NIX reading list. Generally one can glean a lot of information by just putting oneself on several mailing lists. Some devoted to BSD, some to Linux and just lurking around. One can get a lot of useful information that way. If one really wanted to have fun, and I have thought of this. A "triple boot system" would be the real way to find out the differences and compare the *BSD, Linux and the Windows Universes. Oh well that is my 5 cents worth (inflation you know) and now I will go back to lurking. Have Fun, Sends Steve P.S. Does anyone ever do much on advocacy mailing lists? So far hackers is the best list for technical stuff about *BSD I know of. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: Technical Differences of *BSD and Linux
Paul Halliday wrote: > On Fri, 24 Jan 2003, Steve Kudlak wrote: > > > > If one really wanted to have fun, and I have > > thought of this. A "triple boot system" would > > be the real way to find out the differences and > > compare the *BSD, Linux and the Windows > > Universes. > > What a unique idea. > > http://www.maximumpc.com/features/feature_2002-09-24.html > > Paul H. > http://dp.penix.org > --- > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-hackers" in the body of the message I have seen these things before. The only problem is that they are kind of curiousities. It would be nice to have say a bunch of art tools, publishing tools and communications tools etc. running on each of these operating systems too. Anyway I don't think these sorts of questions belong on hackers. I would love to know where they could be discussed as right now having another alternative to the PC vs. MAC discussion in the publication world would be very nice. Like speaking of technical things has anyone brought up a raytrace/rendering or other fancy computer graphics system under FreeBSD? Have Fun, Sends Steve To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: Thanks (was: Linux - *BSD diff)
arief_mulya wrote: > Dear all, > > Well, > I've been receiving quite lots of nice and *warm* and joyful > email for the thread ;-) > > Some quite of enlightnment (including your email, Theo, it > gives me lots of enlightment, you surely is a funny guy ;-) > > After also lots of google clickings, I think I get the big > picture of it now. And I've also made my decision. For now, > I'm going to stick w/ Linux Kernel. And see how much can I > give in till I give up ;-) > > Thanks for all of the answers. > Special thanks for Rik van Riel and Bill Studenmund for your > kind insights and supports :-) > > There's a saying in Java-nese (not *that* Java) language: > > Mangan ora mangan kumpul. > > Which means, Have something to eat or not Have something to > eat, the important thing is to stick together. Forever. > > And that's what I felt about Linux Developers... if you know > what I mean :-) > > See you. > > Best Regards, > arief_mulya > -- > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-hackers" in the body of the message Steve emerges from lurking and declaims. Well it seems that "hackers" is the real alive BSD mailing list. If you ask a question it generally gets reasonably answered with a only an occasional snarl. I know it isn't a *nix internals list, but that information is helpful. It is also helpful when someone explains what they have actually done with something down to the details. The types I deal with are printer, publishers, artists and animators and so I have to have something of the "what will it do for me", when I suggest it. So knowing people have set up Ray Tracers and the like is helpful. Thanks and Have Fun, Sends Steve To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
He dares to Ask...
Is there a place where these *nix questions can be asked? Where I can ask why like how BSD like is the new MAC-OS? Like in the MAC OS boot-up what part is handled by BSD. If someone says my MAC hangs with the "Happy Mac" can I go down to the # prompt and start poking around and see what is wrong. Note I dare to ask these things here because as I lurk usually good information comes my way via this group. I certainly feel better about BSD and even giggle! Linux than WIndows which many of us are stuck with. Have Fun, Sends Steve To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
It used to be a quiet place
Until the HUMANS got out of contro! IN the original quote it was: "It used to be a quiet neighborhood until the monkeys got out of control. Oh well sigh...Have a good day folks. Have Fun, Sends Steve P.S. I hope this doesn't stop the real information one gets by lurking/occassional communicating here. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: FreeSBIE-0.9.0 (beta) released
Kris Kennaway wrote: > On Sat, Feb 15, 2003 at 10:13:41PM +0100, Dario Freni wrote: > > Fire up your download managers guys, I'm proud to announce that freesbie > > 0.9.0 livecd is out and ready for download at > > It might generate more enthusiasm for testing if you could briefly > mention what FreeSBIE does. > > Kris > > -- >Part 1.2Type: application/pgp-signature I agree, please, please, please, if something is available for testing, or if there is some interesting link or something it really helps if it is described and if one knows what one is getting into when one goes and does something. Have Fun, Sends Steve To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: I want to join your group
Sometimes one should just avoid the temptation to do something no matter how much one feels the other person seems to deserve it. Overall the do not answer things or start flames seems to be a good thing. Almost everytime I went "flame on" I regreted it. This is especially important in technical groups and areas...in my not so humble opinion. Have Fun, Sends Steve Bram Van Dam wrote: > At 13:29 5/03/2003, Joseph Contreras wrote: > >Hey doods, > > > >I've been into the warez scene for more than 4 months, and I am totally > >1337. I want to join your group. I've exchanged some warez stuff with a > >guy called Pull-Henneeng Kunt, who told me to come here. I'm now looking > >for a valid vmware key, and can swap it for some hot warez. > > > >P.S. : In warez we trust! > > > > Boy you're the lamer aren't you.. How old are ya? 10? > Request permission to flame this, err, person .. :P > > - Bram. > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-hackers" in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: FreeBSD usage in safety-critical environments
"Nelson, Trent ." wrote: > [Please include me directly as I'm not on the list] > > Hi, > > Has anyone had any experience with deploying FreeBSD in > safety-critical environments? Has any work been done attempting to certify > FreeBSD to any particular SIL? Is there any intention to do such a thing? > > If not FreeBSD, I'd be interested to hear if any has had exposure to > other BSD flavors being used in safety-critical environments. > > I've just been shown a report at work that has been commissioned by > the UK Health & Safety Executives and sponsored by the UK Ministry of > Defense and Safety Regulation Group of the UK Civil Aviation Authority > undertaking a preliminary assessment of Linux for safety-related systems. > The report 'identifies' that it would be possible to certify Linux to SIL 1 > and SIL 2 quite easily, and SIL 3 with a little work. > > I'd hate to think that this would be an arena where BSD couldn't > compete. I'd also hate to think that the tendency for big players such as > the MoD or DoD etc to lean towards Linux is based on the general Linux > 'hype', rather than technical merit... > > Regards, > > Trent. > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-hackers" in the body of the message Well I don't know if this belongs on questions or hackers but the question has enough technical merit to be interesting. For example to what level has BSD been certified. I remember doing this consulting project and mucking with the "low grade" in my opinion C-2 security that Sun OSes had and finding bugs in things like FTP logging and the like. I now do other things so I don't worry about that. :) But it is an interesting issue. I wonder if we should move it to chat? Have Fun, Sends Steve To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: FreeBSD usage in safety-critical environments
Craig Rodrigues wrote: > On Wed, Oct 09, 2002 at 01:08:46PM -0400, Nelson, Trent . wrote: > > > > The report 'identifies' that it would be possible to certify Linux to > > > SIL 1 > > > > and SIL 2 quite easily, and SIL 3 with a little work. > > I've seen this game before with other certification efforts, > ie. U.S. Federal Aviation Administration's DO-178B for certification > of software used in airborne systems and equipment. > > Certification is usually an expensive undertaking, so it usually requires > a company with enough $$$ to jump through all the hoops > of the certification process (ie. submitting to special tests, fixing the > bugs, etc.). No one would go through this > stuff unless there was an anticipated reward, ie. $$$. > WindRiver has done this kind of stuff for VxWorks. > > Now, if the UK govt. is looking to certify Linux, what version and > what vendor would they certify? Linux has a lot of buzz these days, > and there are a number of vendors who are trying to pitch it in > real-time and embedded systems markets, and many companies who are > providing Linux-based services. > > I'm sure that any FreeBSD could be certified, but the questions would be: > - which companies have the resources to submit to such an SIL certification > and jump through all the hoops? > - is there enough of a financial incentive to do so? > - has the UK govt heard of BSD, and would they even care if someone wanted to > certify it? > > Unfortunately marketing and mindshare plays a lot in these kinds of things. > > -- > Craig Rodrigues > http://www.gis.net/~craigr > [EMAIL PROTECTED] Is there a place for *BSD security freaks to go and discuss systems? I get lots of security questions, usually these are broad level questions and nothing like the "government authority certification body" sorts of things. Usually they are the usual user questions that come to systems people. The folks that faint when they see me reading FreeBSD hackers and go: "How can you read that..." As an aside right now my big thing is convincing people in remote areas that *nix, FreeBSD et al provide a clear and better alternative to windows. Have Fun, Sends Steve To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
C-2(Security) blues and the like
It has been a long time since I dealt with those arcane security matters. At least they are obscure and arcane to most people. Many consider me to be babbling when I go on about these things. If I start saying "rainbow books" (the NSA's security books are in different colors) many people assume that I am crazy.:) Most of the stuff I did involved C-2 security and all the logging and authentication stuff. An assumption seems to have been made that "logging in" via ftp was the same as logging in via tty or machine. This is not so. The ftp code "establishes a user" the login code gets the user a shell and all that. For awhile in some OSes with C-2 security if one was going to mount a dictionary attack on some user or ever root, ftp would have been away to go. It would allow one a large amount of attacks with logging. One would definitely get more than 3 attempts to "login". It was a way around C-2 security and was in my opinion a pretty serious compromise. Logging ftp "logins" and ftp use were proposed fixes. I just had to find the problems not fix them. Hmmm...maybe I will post this to BSD hackers and if someone says it is off topic I will shut up. Perhaps I should as this info is kind of old. But the important to watch for these little back door tricks. Note I have not as of late read the FreeBSD ftp code. Perhaps I should. Have Fun, Sends Steve To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Do I want users doing "x" and other tales...
Oh well those issues...Well it is an interersting question. My first thought is "what are your users like?..." how competent are they?; are they your family and friends?; a bunch of teenagers who you befriend/befriended you?; a group of locals who have decided to be a mini-ISP for? These are interesting questions. I don't know what the bsd-hacker folks will say. They did respond positively about my questions about ftp and C-2 security and whatever C-2 security is now a days. I never did start up a discussion on trusted bsd about secuirty. Perhaps I should have as these issues have floated around for me. Seeing as these are interesting issues I will post these along to the list as well. If they are things to be discussed there it can go on along with the other useful and interesting questions about terabyte SCSI drives and the like. If it should go on elsewhere some can point out where. Right now for me "hackers" has enough interesting stuff and there is enough traffic that I feel one get useful information and the like out of it. Have Fun, Sends Steve To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: Mac iBook OS10 + BSD
David Hunt wrote: > I have been using Linux (Slackware) for a number of years on my > desktop, and have never used BSD. From what I've gathered, BSD sounds > like the kind of OS I would like. > > I Now need to get a laptop, and have been thinking of getting a new > Mac Ibook, but OS 10 seems to lack some important features I > want/need, like virtual terminals, things I have grown quite used to. > > Would BSD be a good choice for the iBook as the third OS (along with > OS9 and OS10)? > > How much can BSD share things like utilities and config files with > OS10? Is there any special compatability due to the OSs being similar > in some ways? > > How should I plan my BSD intallation? Any special advantage of having > BSD on a Mac with OS10, as compared to Linux Slackware? > > -- > David Hunt <[EMAIL PROTECTED]> > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-newbies" in the body of the message This brings up an interesting question. Apple makes all sorts of noises about BSD being the basis of the MAC. If I get the bucks I may switch to a MAC. My question is how much of the BSD operating system can one get access to on a MAC running OS X? Has anyone done even simple things like started up cron jobs and the like to do housekeeping? Most of the MAC users I know, know BSD is there but haven't done much with it. IN fact there are noises one can't get at all the internals and the like. Does anyone have any details about all of this stuff. I know this is kind of general question to post on this list. But so far even lurking this list is often where real questions often get answered. Any pointers would be appreciated. Have Fun, Sends Steve To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
