Re: Got root?

On Wed, May 02, 2001 at 02:53:29AM +, Adam Olsen wrote: > Since there IS a way to do what he wanted, what would it take to make > it used by default? I'm sure everybody running BIND would feel alot > safer if it never ran as root, and such a practice would probably earn > Debian as a whole a

Re: Got root?

A few quick searches on google turned up some rather interesting kernel patches... sockfs: http://users.ox.ac.uk/~mbeattie/linux-kernel.html I'm not quite sure what to make of this. Very interesting, but I can't imagine having 1024 numbers/socket representations in a directory is the best way to

Lprng version question

Hello, I currently have lprng 3.6.12-8 installed on my system. The version installed is the one apt-get and dselect import via the source.list. According to a message sent to this list, [EMAIL PROTECTED], by the package maintainer I was left with the impression Debian 2.2r2 is ok. However, the

Re: Got root?

On Tue, May 01, 2001 at 12:11:30AM +, Jim Breton wrote: > On Sun, Apr 29, 2001 at 07:19:06AM -0400, Sunny Dubey wrote: > > I know that UNIX does it so that normal users can't seem like legit and > > important services, but there surely must be some better way of delegating > > a > > port bel

Re: Got root?

On Wed, May 02, 2001 at 02:53:29AM +, Adam Olsen wrote: > Since there IS a way to do what he wanted, what would it take to make > it used by default? I'm sure everybody running BIND would feel alot > safer if it never ran as root, and such a practice would probably earn > Debian as a whole a

Re: Got root?

Forgive my off & on following of this thread; this may have been mentioned. Wasn't there a kernel patch at one point detailed in Phrack or some such that bound the opening of certain priviledged ports to membership in certain groups? That is, if you belonged to group id 20 (say), you could ope

Re: Got root?

On Tue, May 01, 2001 at 12:11:30AM +, Jim Breton wrote: > On Sun, Apr 29, 2001 at 07:19:06AM -0400, Sunny Dubey wrote: > > I know that UNIX does it so that normal users can't seem like legit and > > important services, but there surely must be some better way of delegating a > > port below 1

Re: Got root?

On Sun, Apr 29, 2001 at 07:19:06AM -0400, Sunny Dubey wrote: > > I know that UNIX does it so that normal users can't seem like legit and > important services, but there surely must be some better way of delegating a > port below 1024 to a deamon. *DISCLAIMER* I do not know exactly what I'm talk

Re: Got root?

Forgive my off & on following of this thread; this may have been mentioned. Wasn't there a kernel patch at one point detailed in Phrack or some such that bound the opening of certain priviledged ports to membership in certain groups? That is, if you belonged to group id 20 (say), you could ope

Re: psuedonymity and apache

> I am interested in finding a way to make apache be pseudo-anonymous in its > logging. Personally I use the SetEnvIf and CustomLog directives to achieve areas of anonymity on my web site. (not to mention the possible performance savings) Details how to do that are in the apache docs. If you want

Re: Got root?

On Sun, Apr 29, 2001 at 07:19:06AM -0400, Sunny Dubey wrote: > > I know that UNIX does it so that normal users can't seem like legit and > important services, but there surely must be some better way of delegating a > port below 1024 to a deamon. *DISCLAIMER* I do not know exactly what I'm tal

Re: psuedonymity and apache

> I am interested in finding a way to make apache be pseudo-anonymous in its > logging. Personally I use the SetEnvIf and CustomLog directives to achieve areas of anonymity on my web site. (not to mention the possible performance savings) Details how to do that are in the apache docs. If you wan

psuedonymity and apache

I am interested in finding a way to make apache be pseudo-anonymous in its logging. Your actions would be traced to your pseudonym, but NEVER to your actual identity. I've got some php scripts that currently act on IP addresses to see if you've already done something so you don't do it

IP_MASQ:reverse ICMP: failed checksum from x.x.x.x!

hi there !! i got the message "IP-MASQ:reverse ICMP: failed checksum from IP!" today on our router... what does that mean ?? i tried to ping that ip and it was up... an nslookup brought nothing... after running an nmap on our router i saw 2 extra ports open with curios names... with the next nm

psuedonymity and apache

I am interested in finding a way to make apache be pseudo-anonymous in its logging. Your actions would be traced to your pseudonym, but NEVER to your actual identity. I've got some php scripts that currently act on IP addresses to see if you've already done something so you don't do it

IP_MASQ:reverse ICMP: failed checksum from x.x.x.x!

hi there !! i got the message "IP-MASQ:reverse ICMP: failed checksum from IP!" today on our router... what does that mean ?? i tried to ping that ip and it was up... an nslookup brought nothing... after running an nmap on our router i saw 2 extra ports open with curios names... with the next n

Re: Got root?

At 07:19 AM 4/29/01 -0400, you wrote: Hi I know that this might sound like a stupid question, but its one that has been bugging me. Why does UNIX continue to give root access to all deamons below port 1024? I know that UNIX does it so that normal users can't seem like legit and important servi

Re: Got root?

Andres Salomon <[EMAIL PROTECTED]> writes: > > The current method you describe was vulnerable to bugs concerning > > setuid(), as per the 2.2.15->16 bug found by sendmail - having come > > from root and called stuid() to become someone else, it was still > > possible to return to being root, at wh

Re: Got root?

At 07:19 AM 4/29/01 -0400, you wrote: >Hi > >I know that this might sound like a stupid question, but its one that has >been bugging me. > >Why does UNIX continue to give root access to all deamons below port 1024? > >I know that UNIX does it so that normal users can't seem like legit and >importa

Re: Got root?

On Tue, May 01, 2001 at 11:25:49AM +0100, Tim Haynes wrote: > > Andres Salomon <[EMAIL PROTECTED]> writes: > > > Perhaps I'm misunderstanding your proposition, but how is this different > > than, say, having inetd listen on ports below 1024, and then > > forking/changing to a different user once

Re: Got root?

On Tue, May 01, 2001 at 10:11:45AM +, Adam Olsen wrote: > > On Tue, May 01, 2001 at 05:48:54AM -0400, Andres Salomon wrote: > > Perhaps I'm misunderstanding your proposition, but how is this different > > than, say, having inetd listen on ports below 1024, and then > > forking/changing to a di

Re: Got root?

Andres Salomon <[EMAIL PROTECTED]> writes: > Perhaps I'm misunderstanding your proposition, but how is this different > than, say, having inetd listen on ports below 1024, and then > forking/changing to a different user once a connection is made to the > port? The current method you describe was

Re: Got root?

On Tue, May 01, 2001 at 05:48:54AM -0400, Andres Salomon wrote: > Perhaps I'm misunderstanding your proposition, but how is this different > than, say, having inetd listen on ports below 1024, and then > forking/changing to a different user once a connection is made to the port? > To use inetd, a

Re: Got root?

Perhaps I'm misunderstanding your proposition, but how is this different than, say, having inetd listen on ports below 1024, and then forking/changing to a different user once a connection is made to the port? [EMAIL PROTECTED] drive2]# echo "finger stream tcp nowait nobody /usr/bin/id" >> /etc/

Re: Got root?

Andres Salomon <[EMAIL PROTECTED]> writes: > > The current method you describe was vulnerable to bugs concerning > > setuid(), as per the 2.2.15->16 bug found by sendmail - having come > > from root and called stuid() to become someone else, it was still > > possible to return to being root, at w

Re: Got root?

On Tue, May 01, 2001 at 11:25:49AM +0100, Tim Haynes wrote: > > Andres Salomon <[EMAIL PROTECTED]> writes: > > > Perhaps I'm misunderstanding your proposition, but how is this different > > than, say, having inetd listen on ports below 1024, and then > > forking/changing to a different user once

Re: Got root?

On Tue, May 01, 2001 at 10:11:45AM +, Adam Olsen wrote: > > On Tue, May 01, 2001 at 05:48:54AM -0400, Andres Salomon wrote: > > Perhaps I'm misunderstanding your proposition, but how is this different > > than, say, having inetd listen on ports below 1024, and then > > forking/changing to a d

Re: Got root?

On Sun, Apr 29, 2001 at 07:19:06AM -0400, Sunny Dubey wrote: > > A while ago, I remember reading on slashdot about how TrustedBSD and OpenBSD > were different from each other. http://www.sigmasoft.com/cgi-bin/wilma/openbsd-misc use a "restricted files match" for Apr 2001 search for "acl" or "t

Re: Got root?

Andres Salomon <[EMAIL PROTECTED]> writes: > Perhaps I'm misunderstanding your proposition, but how is this different > than, say, having inetd listen on ports below 1024, and then > forking/changing to a different user once a connection is made to the > port? The current method you describe was

Re: Got root?

On Tue, May 01, 2001 at 05:48:54AM -0400, Andres Salomon wrote: > Perhaps I'm misunderstanding your proposition, but how is this different > than, say, having inetd listen on ports below 1024, and then > forking/changing to a different user once a connection is made to the port? > To use inetd,

Re: Got root?

Perhaps I'm misunderstanding your proposition, but how is this different than, say, having inetd listen on ports below 1024, and then forking/changing to a different user once a connection is made to the port? [root@incandescent drive2]# echo "finger stream tcp nowait nobody /usr/bin/id" >> /et

Re: Got root?

On Sun, Apr 29, 2001 at 07:19:06AM -0400, Sunny Dubey wrote: > > A while ago, I remember reading on slashdot about how TrustedBSD and OpenBSD > were different from each other. http://www.sigmasoft.com/cgi-bin/wilma/openbsd-misc use a "restricted files match" for Apr 2001 search for "acl" or "