Re: A question about Knark and modules

On Sun, Jun 17, 2001 at 07:55:40PM -0800, Ethan Benson wrote: > > a bit. lids makes system adminsitration utterly impossible. unless > you leave enough holes open which an attacker can use to bypass it > all. well nearly... at least you can prevent new or unknown process/files from acessing stu

Re: rlinetd security

On Mon, Jun 18, 2001 at 07:15:55PM +0200, Sebastiaan wrote: > I know you are right, but I have become curious now: if everyone says that > you do not need them, then where are they used for? And why are they still > installed by default? All those internal services are for testing/debugging, exce

Re: gnupg problem

On Mon, Jun 18, 2001 at 06:10:12PM -0700, Thomas Bushnell, BSG wrote: > Ethan Benson <[EMAIL PROTECTED]> writes: > > > On Mon, Jun 18, 2001 at 02:30:19PM -0700, Thomas Bushnell, BSG wrote: > > > > you know, what I've ment. Debian *distribution* is main and non-US/main > > > > > > Thene where are

Re: A question about Knark and modules

On Sun, Jun 17, 2001 at 07:55:40PM -0800, Ethan Benson wrote: > > a bit. lids makes system adminsitration utterly impossible. unless > you leave enough holes open which an attacker can use to bypass it > all. well nearly... at least you can prevent new or unknown process/files from acessing st

Re: gnupg problem

Hello, > > In fact, the only reason mailcrypt is in contrib is that it adapts to > the patent-restricted versions of gpg/pgp software. As far as its use > with gpg, it belongs in main. > A reading of the Debian Social Contract (section 5) contains the following concerning "contrib" and "non-fr

Re: gnupg problem

Ethan Benson <[EMAIL PROTECTED]> writes: > On Mon, Jun 18, 2001 at 02:30:19PM -0700, Thomas Bushnell, BSG wrote: > > > you know, what I've ment. Debian *distribution* is main and non-US/main > > > > Thene where are the security releases? > > security.debian.org > > mailcrypt is not in debian, i

Re: gnupg problem

On Mon, Jun 18, 2001 at 06:37:00PM -0500, Martin Maney wrote: > On Mon, Jun 18, 2001 at 10:48:27PM +0200, Petr Cech wrote: > > you know, what I've ment. Debian *distribution* is main and non-US/main > > Is that policy or your opinion? Last time I looked, there were still those > pesky other secti

Re: gnupg problem

On Mon, Jun 18, 2001 at 02:30:19PM -0700, Thomas Bushnell, BSG wrote: > > you know, what I've ment. Debian *distribution* is main and non-US/main > > Thene where are the security releases? security.debian.org mailcrypt is not in debian, its in contrib. niether contrib or non-free are part of de

Re: rlinetd security

On Mon, Jun 18, 2001 at 07:15:55PM +0200, Sebastiaan wrote: > I know you are right, but I have become curious now: if everyone says that > you do not need them, then where are they used for? And why are they still > installed by default? All those internal services are for testing/debugging, exc

Re: rlinetd security

On Mon, Jun 18, 2001 at 01:48:50PM -0400, Noah Meyerhans wrote: > > Why not? You've not given any reason at all. Do you know of any > malicious behavior that is made possible by leaving the services turned > on? The potential exists to use the chargen feature as a part of a DoS > attack, but I'

Re: rlinetd security

On Mon, Jun 18, 2001 at 09:06:07AM -0700, Pat Moffitt wrote: > That makes a lot of assumptions about my (or anyone else) understanding of > the system. For example, I have no clue what discard is used for. So, how > do I know if I have a package installed that will not work properly if I > disabl

Re: A question about Knark and modules

On Mon, Jun 18, 2001 at 06:41:59PM +0200, Christian Jaeger wrote: > > Well, if the 'apt-get update && apt-get upgrade' wrapper doesn't take > any input and resets the environment (is there anything else it > should take care of?) then even if called by the cracker it wouldn't > do anything else

Re: gnupg problem

On Mon, Jun 18, 2001 at 06:10:12PM -0700, Thomas Bushnell, BSG wrote: > Ethan Benson <[EMAIL PROTECTED]> writes: > > > On Mon, Jun 18, 2001 at 02:30:19PM -0700, Thomas Bushnell, BSG wrote: > > > > you know, what I've ment. Debian *distribution* is main and non-US/main > > > > > > Thene where are

Re: gnupg problem

On Mon, Jun 18, 2001 at 10:48:27PM +0200, Petr Cech wrote: > you know, what I've ment. Debian *distribution* is main and non-US/main Is that policy or your opinion? Last time I looked, there were still those pesky other sections on the servers, in the bug system, and so forth. -- You arguably h

Re: gnupg problem

Hello, > > In fact, the only reason mailcrypt is in contrib is that it adapts to > the patent-restricted versions of gpg/pgp software. As far as its use > with gpg, it belongs in main. > A reading of the Debian Social Contract (section 5) contains the following concerning "contrib" and "non-f

Re: gnupg problem

Ethan Benson <[EMAIL PROTECTED]> writes: > On Mon, Jun 18, 2001 at 02:30:19PM -0700, Thomas Bushnell, BSG wrote: > > > you know, what I've ment. Debian *distribution* is main and non-US/main > > > > Thene where are the security releases? > > security.debian.org > > mailcrypt is not in debian,

Re: gnupg problem

On Mon, Jun 18, 2001 at 06:37:00PM -0500, Martin Maney wrote: > On Mon, Jun 18, 2001 at 10:48:27PM +0200, Petr Cech wrote: > > you know, what I've ment. Debian *distribution* is main and non-US/main > > Is that policy or your opinion? Last time I looked, there were still those > pesky other sect

Re: gnupg problem

On Mon, Jun 18, 2001 at 02:30:19PM -0700, Thomas Bushnell, BSG wrote: > > you know, what I've ment. Debian *distribution* is main and non-US/main > > Thene where are the security releases? security.debian.org mailcrypt is not in debian, its in contrib. niether contrib or non-free are part of d

Re: rlinetd security

On Mon, Jun 18, 2001 at 01:48:50PM -0400, Noah Meyerhans wrote: > > Why not? You've not given any reason at all. Do you know of any > malicious behavior that is made possible by leaving the services turned > on? The potential exists to use the chargen feature as a part of a DoS > attack, but I

Re: rlinetd security

On Mon, Jun 18, 2001 at 09:06:07AM -0700, Pat Moffitt wrote: > That makes a lot of assumptions about my (or anyone else) understanding of > the system. For example, I have no clue what discard is used for. So, how > do I know if I have a package installed that will not work properly if I > disab

Re: A question about Knark and modules

On Mon, Jun 18, 2001 at 06:41:59PM +0200, Christian Jaeger wrote: > > Well, if the 'apt-get update && apt-get upgrade' wrapper doesn't take > any input and resets the environment (is there anything else it > should take care of?) then even if called by the cracker it wouldn't > do anything els

Re: gnupg problem

Petr Cech <[EMAIL PROTECTED]> writes: > On Mon, Jun 18, 2001 at 12:11:39PM -0700 , Thomas Bushnell, BSG wrote: > > Petr Cech <[EMAIL PROTECTED]> writes: > > > > > On Mon, Jun 18, 2001 at 10:55:04AM -0700 , Thomas Bushnell, BSG wrote: > > > > Debian is about a *distribution* and not a random assem

Re: gnupg problem

On Mon, Jun 18, 2001 at 03:41:20PM -0500 , Martin Maney wrote: > arose in a proposed-update (non-security related), do you think that package then it wouldn't (or a "fixed" conflicting package would be provided). But because we need this security update, then we need also a proposed-update > woul

Re: gnupg problem

On Mon, Jun 18, 2001 at 10:48:27PM +0200, Petr Cech wrote: > you know, what I've ment. Debian *distribution* is main and non-US/main Is that policy or your opinion? Last time I looked, there were still those pesky other sections on the servers, in the bug system, and so forth. -- You arguably

Re: gnupg problem

On Mon, Jun 18, 2001 at 12:11:39PM -0700 , Thomas Bushnell, BSG wrote: > Petr Cech <[EMAIL PROTECTED]> writes: > > > On Mon, Jun 18, 2001 at 10:55:04AM -0700 , Thomas Bushnell, BSG wrote: > > > Debian is about a *distribution* and not a random assemblage of > > > > OK, distribution. That's dists/

Re: rlinetd security

[EMAIL PROTECTED] (Martin Maney) writes: > On Mon, Jun 18, 2001 at 08:34:11PM +0100, Tim Haynes wrote: > > > Well, it depends. You can never tidy up a rooted box; the same > > mentality sort of applies all the way down - if you're setting up a > > box, why worry about installing this and uninstall

Re: gnupg problem

On Mon, Jun 18, 2001 at 08:45:12PM +0100, Tim Haynes wrote: > [EMAIL PROTECTED] (Thomas Bushnell, BSG) writes: > > Debian ought to offer security updates for the stable distribution, but > > it doesn't. Instead, it is only offering security updates for the > > packages in the stable distribution. T

Re: rlinetd security

On Mon, Jun 18, 2001 at 08:34:11PM +0100, Tim Haynes wrote: > Well, it depends. You can never tidy up a rooted box; the same mentality > sort of applies all the way down - if you're setting up a box, why worry > about installing this and uninstalling that, when your original > installation shouldn'

Re: gnupg problem

[EMAIL PROTECTED] (Thomas Bushnell, BSG) writes: > Debian ought to offer security updates for the stable distribution, but > it doesn't. Instead, it is only offering security updates for the > packages in the stable distribution. That's an understandable oversight, > but it is an oversight, and I

Re: rlinetd security

"Pat Moffitt" <[EMAIL PROTECTED]> writes: [snip] > Now that answers some questions. Much better. At least when I turn them > off I will have a clue about what might break. > > BTW, my philosophy on disabling unknown services/ports has been to > disable it and see if anything breaks. If something

Re: rlinetd security

"Noah L. Meyerhans" <[EMAIL PROTECTED]> writes: [snip] > > , btw. Why bother > > hooking /dev/{zero,null} onto the net with netcat when you can cause a fair > > bit of traffic with standard services that do much the same thing? > > Yes, but you

Re: gnupg problem

Petr Cech <[EMAIL PROTECTED]> writes: > On Mon, Jun 18, 2001 at 10:55:04AM -0700 , Thomas Bushnell, BSG wrote: > > Debian is about a *distribution* and not a random assemblage of > > OK, distribution. That's dists/potato/main/binary-/Packages If that's the *only* thing that counts as the Debian

Re: rlinetd security

"Noah L. Meyerhans" <[EMAIL PROTECTED]> writes: > On Mon, Jun 18, 2001 at 11:08:49AM -0700, Vineet Kumar wrote: > > > The argument below is pretty bad. Have you ever heard of anybody > > actually getting impaled by holding a sword poised at his belly and > > walking into grand central station at 5

RE: rlinetd security

> -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf > Of Tim Haynes > Sent: Monday, June 18, 2001 10:35 AM > To: Sebastiaan > Cc: Tim Haynes; [EMAIL PROTECTED]; debian-security@lists.debian.org > Subject: Re: rlinetd security > > > Sebastiaan <[EMAIL PROTECTED]>

Re: gnupg problem

Petr Cech <[EMAIL PROTECTED]> writes: > On Mon, Jun 18, 2001 at 12:11:39PM -0700 , Thomas Bushnell, BSG wrote: > > Petr Cech <[EMAIL PROTECTED]> writes: > > > > > On Mon, Jun 18, 2001 at 10:55:04AM -0700 , Thomas Bushnell, BSG wrote: > > > > Debian is about a *distribution* and not a random asse

Re: rlinetd security

On Mon, Jun 18, 2001 at 07:25:37PM +0100, Tim Haynes wrote: > But that said, I gather leaking one's timestamp is not a good thing > (leaking *anything* is not really any good). I'm no Kerberos user, but I > heard you can do time-dependent auth in that a given ticket is good until > . I wouldn't wan

Re: gnupg problem

On Mon, Jun 18, 2001 at 03:41:20PM -0500 , Martin Maney wrote: > arose in a proposed-update (non-security related), do you think that package then it wouldn't (or a "fixed" conflicting package would be provided). But because we need this security update, then we need also a proposed-update > wou

Re: gnupg problem

On Mon, Jun 18, 2001 at 10:55:04AM -0700 , Thomas Bushnell, BSG wrote: > Debian is about a *distribution* and not a random assemblage of OK, distribution. That's dists/potato/main/binary-/Packages Petr Cech -- Debian GNU/Linux maintainer - www.debian.{org,cz}

Re: rlinetd security

On Mon, Jun 18, 2001 at 11:08:49AM -0700, Vineet Kumar wrote: > The argument below is pretty bad. Have you ever heard of anybody > actually getting impaled by holding a sword poised at his belly and > walking into grand central station at 5:00pm going "'scuse me, pardon > me, 'scuse me, pardon *GGU

Re: gnupg problem

On Mon, Jun 18, 2001 at 12:11:39PM -0700 , Thomas Bushnell, BSG wrote: > Petr Cech <[EMAIL PROTECTED]> writes: > > > On Mon, Jun 18, 2001 at 10:55:04AM -0700 , Thomas Bushnell, BSG wrote: > > > Debian is about a *distribution* and not a random assemblage of > > > > OK, distribution. That's dists

Re: rlinetd security

Noah Meyerhans <[EMAIL PROTECTED]> writes: > On Mon, Jun 18, 2001 at 06:35:03PM +0100, Tim Haynes wrote: > > b) they shouldn't be. You'll have to check if they still appear by > > default [snip] > > Why not? You've not given any reason at all. Do you know of any malicious > behavior that is made

Re: rlinetd security

[EMAIL PROTECTED] (Martin Maney) writes: > On Mon, Jun 18, 2001 at 08:34:11PM +0100, Tim Haynes wrote: > > > Well, it depends. You can never tidy up a rooted box; the same > > mentality sort of applies all the way down - if you're setting up a > > box, why worry about installing this and uninstal

Re: gnupg problem

On Mon, Jun 18, 2001 at 08:45:12PM +0100, Tim Haynes wrote: > [EMAIL PROTECTED] (Thomas Bushnell, BSG) writes: > > Debian ought to offer security updates for the stable distribution, but > > it doesn't. Instead, it is only offering security updates for the > > packages in the stable distribution.

[no subject]

unsubscribe

Re: rlinetd security

On Mon, Jun 18, 2001 at 08:34:11PM +0100, Tim Haynes wrote: > Well, it depends. You can never tidy up a rooted box; the same mentality > sort of applies all the way down - if you're setting up a box, why worry > about installing this and uninstalling that, when your original > installation shouldn

Re: rlinetd security

I'm not adding anything new to this thread, only reiterating for those who seem to have missed previous reiterations: 'The more ports you leave open, the greater chance you have of being cracked.' 'If you don't know why you need it, you don't need it.' It seems reasonable that the default instal

Re: gnupg problem

Ethan Benson <[EMAIL PROTECTED]> writes: > gnupg is installable, if you remove mailcrypt. ;-) As explained in my previous mail, that is only adequate if the security team exists to support security in packages, but not the distribution as a whole.

Re: gnupg problem

Wichert Akkerman <[EMAIL PROTECTED]> writes: > Installing mailcrypt on security.debian.org would immediately suggest > that mailcrypt itself has a security problem, which is not true. > It's a bit of a catch 22. Well, this is a general problem then, which the security team should think about. Th

Re: gnupg problem

[EMAIL PROTECTED] (Thomas Bushnell, BSG) writes: > Debian ought to offer security updates for the stable distribution, but > it doesn't. Instead, it is only offering security updates for the > packages in the stable distribution. That's an understandable oversight, > but it is an oversight, and I

Re: rlinetd security

On Mon, Jun 18, 2001 at 06:35:03PM +0100, Tim Haynes wrote: > b) they shouldn't be. You'll have to check if they still appear by default > in unstable; I should hope they don't. (There's been discussion of this > before if you trawl some archives somewhere.) It's possible to use them all > legitima

Re: rlinetd security

Sebastiaan <[EMAIL PROTECTED]> writes: [snip] > > Again, if you don't know why you need it, you don't need it. > > I know you are right, but I have become curious now: if everyone says > that you do not need them, then where are they used for? And why are they > still installed by default? Good q

Re: rlinetd security

"Noah L. Meyerhans" <[EMAIL PROTECTED]> writes: [snip] > > , btw. Why bother > > hooking /dev/{zero,null} onto the net with netcat when you can cause a fair > > bit of traffic with standard services that do much the same thing? > > Yes, but yo

Re: gnupg problem

Petr Cech <[EMAIL PROTECTED]> writes: > On Mon, Jun 18, 2001 at 10:55:04AM -0700 , Thomas Bushnell, BSG wrote: > > Debian is about a *distribution* and not a random assemblage of > > OK, distribution. That's dists/potato/main/binary-/Packages If that's the *only* thing that counts as the Debia

Re: rlinetd security

On 18 Jun 2001, Tim Haynes wrote: > "Pat Moffitt" <[EMAIL PROTECTED]> writes: > > > That makes a lot of assumptions about my (or anyone else) understanding > > of the system. For example, I have no clue what discard is used for. So, > > how do I know if I have a package installed that will not wo

Re: rlinetd security

"Noah L. Meyerhans" <[EMAIL PROTECTED]> writes: > On Mon, Jun 18, 2001 at 11:08:49AM -0700, Vineet Kumar wrote: > > > The argument below is pretty bad. Have you ever heard of anybody > > actually getting impaled by holding a sword poised at his belly and > > walking into grand central station at

RE: rlinetd security

> -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf > Of Tim Haynes > Sent: Monday, June 18, 2001 10:35 AM > To: Sebastiaan > Cc: Tim Haynes; [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: Re: rlinetd security > > > Sebastiaan <[EMAIL PROTECTED]> writes: > >

Re: A question about Knark and modules

At 5:55 Uhr +0200 18.6.2001, Ethan Benson wrote: On Mon, Jun 18, 2001 at 03:03:06AM +0200, Christian Jaeger wrote: > ... install some special binaries to which you > grant many permissions. the thing is once you make exceptions for the system adminsistrator to use to maintain the you open the

Re: rlinetd security

On Mon, Jun 18, 2001 at 07:25:37PM +0100, Tim Haynes wrote: > But that said, I gather leaking one's timestamp is not a good thing > (leaking *anything* is not really any good). I'm no Kerberos user, but I > heard you can do time-dependent auth in that a given ticket is good until > . I wouldn't wa

Re: gnupg problem

On Mon, Jun 18, 2001 at 10:55:04AM -0700 , Thomas Bushnell, BSG wrote: > Debian is about a *distribution* and not a random assemblage of OK, distribution. That's dists/potato/main/binary-/Packages Petr Cech -- Debian GNU/Linux maintainer - www.debian.{org,cz}

Re: rlinetd security

On Mon, Jun 18, 2001 at 11:08:49AM -0700, Vineet Kumar wrote: > The argument below is pretty bad. Have you ever heard of anybody > actually getting impaled by holding a sword poised at his belly and > walking into grand central station at 5:00pm going "'scuse me, pardon > me, 'scuse me, pardon *GG

Re: rlinetd security

"Pat Moffitt" <[EMAIL PROTECTED]> writes: > That makes a lot of assumptions about my (or anyone else) understanding > of the system. For example, I have no clue what discard is used for. So, > how do I know if I have a package installed that will not work properly > if I disable that port. Yes, I

Re: rlinetd security

Noah Meyerhans <[EMAIL PROTECTED]> writes: > On Mon, Jun 18, 2001 at 06:35:03PM +0100, Tim Haynes wrote: > > b) they shouldn't be. You'll have to check if they still appear by > > default [snip] > > Why not? You've not given any reason at all. Do you know of any malicious > behavior that is made

No Subject

unsubscribe -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

RE: rlinetd security

That makes a lot of assumptions about my (or anyone else) understanding of the system. For example, I have no clue what discard is used for. So, how do I know if I have a package installed that will not work properly if I disable that port. Yes, I should go and research the issue but I only have

Re: rlinetd security

I'm not adding anything new to this thread, only reiterating for those who seem to have missed previous reiterations: 'The more ports you leave open, the greater chance you have of being cracked.' 'If you don't know why you need it, you don't need it.' It seems reasonable that the default insta

Re: gnupg problem

Ethan Benson <[EMAIL PROTECTED]> writes: > gnupg is installable, if you remove mailcrypt. ;-) As explained in my previous mail, that is only adequate if the security team exists to support security in packages, but not the distribution as a whole. -- To UNSUBSCRIBE, email to [EMAIL PROTECT

Re: gnupg problem

Wichert Akkerman <[EMAIL PROTECTED]> writes: > Installing mailcrypt on security.debian.org would immediately suggest > that mailcrypt itself has a security problem, which is not true. > It's a bit of a catch 22. Well, this is a general problem then, which the security team should think about. T

Re: rlinetd security

On Mon, Jun 18, 2001 at 06:35:03PM +0100, Tim Haynes wrote: > b) they shouldn't be. You'll have to check if they still appear by default > in unstable; I should hope they don't. (There's been discussion of this > before if you trawl some archives somewhere.) It's possible to use them all > legitim

Re: rlinetd security

Sebastiaan <[EMAIL PROTECTED]> writes: [snip] > > Again, if you don't know why you need it, you don't need it. > > I know you are right, but I have become curious now: if everyone says > that you do not need them, then where are they used for? And why are they > still installed by default? Good

Re: rlinetd security

On 18 Jun 2001, Tim Haynes wrote: > "Pat Moffitt" <[EMAIL PROTECTED]> writes: > > > That makes a lot of assumptions about my (or anyone else) understanding > > of the system. For example, I have no clue what discard is used for. So, > > how do I know if I have a package installed that will not w

Re: A question about Knark and modules

On Mon, Jun 18, 2001 at 03:52:46AM -0800, Ethan Benson wrote: > On Mon, Jun 18, 2001 at 12:43:41PM +0200, Philipp Schulte wrote: > > Ok, so just do make sure: http://www.lids.org/lids-howto/node53.html > > is claiming that CAP_SYS_RAWIO allows access to raw block devices. > > they are mistaken.

Re: A question about Knark and modules

At 5:55 Uhr +0200 18.6.2001, Ethan Benson wrote: >On Mon, Jun 18, 2001 at 03:03:06AM +0200, Christian Jaeger wrote: > > ... install some special binaries to which you > > grant many permissions. > >the thing is once you make exceptions for the system adminsistrator to >use to maintain the you op

Re: rlinetd security

"Pat Moffitt" <[EMAIL PROTECTED]> writes: > That makes a lot of assumptions about my (or anyone else) understanding > of the system. For example, I have no clue what discard is used for. So, > how do I know if I have a package installed that will not work properly > if I disable that port. Yes, I

RE: rlinetd security

That makes a lot of assumptions about my (or anyone else) understanding of the system. For example, I have no clue what discard is used for. So, how do I know if I have a package installed that will not work properly if I disable that port. Yes, I should go and research the issue but I only hav

Re: A question about Knark and modules

On Mon, Jun 18, 2001 at 03:52:46AM -0800, Ethan Benson wrote: > On Mon, Jun 18, 2001 at 12:43:41PM +0200, Philipp Schulte wrote: > > Ok, so just do make sure: http://www.lids.org/lids-howto/node53.html > > is claiming that CAP_SYS_RAWIO allows access to raw block devices. > > they are mistaken.

Re: A question about Knark and modules

On Mon, Jun 18, 2001 at 12:43:41PM +0200, Philipp Schulte wrote: > On Mon, Jun 18, 2001 at 12:35:13AM -0800, Ethan Benson wrote: > > > chattr +i and +a cannot be set or removed if CAP_LINUX_IMMUTABLE is > > removed from the bounding set. however that does not prevent root > > from messing with /

(no subject)

unsubscribe

Re: A question about Knark and modules

On Mon, Jun 18, 2001 at 12:35:13AM -0800, Ethan Benson wrote: > chattr +i and +a cannot be set or removed if CAP_LINUX_IMMUTABLE is > removed from the bounding set. however that does not prevent root > from messing with /dev/hda* directly, niether does CAP_SYS_RAWIO. > > there is no capabilit

RE: strange flickering ports

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi there are known bugs like this in nmap. But this should only apear when using nmap local. Michael Schwarzbach +--+ | /"\ | | \ /

Re: A question about Knark and modules

On Mon, Jun 18, 2001 at 12:43:41PM +0200, Philipp Schulte wrote: > On Mon, Jun 18, 2001 at 12:35:13AM -0800, Ethan Benson wrote: > > > chattr +i and +a cannot be set or removed if CAP_LINUX_IMMUTABLE is > > removed from the bounding set. however that does not prevent root > > from messing with

Re: rlinetd security

Ethan Benson <[EMAIL PROTECTED]> writes: > On Mon, Jun 18, 2001 at 10:53:06AM +0200, Sebastiaan wrote: > > Yes, that is a good question. I do not know where most of them are used > > for, but because they are always installed, I assumed that these are > > needed for correct system operation. But e

Re: rlinetd security

On Mon, Jun 18, 2001 at 10:53:06AM +0200, Sebastiaan wrote: > Yes, that is a good question. I do not know where most of them are used > for, but because they are always installed, I assumed that these are > needed for correct system operation. But even if I would disable these > ports, I still want

Re: rlinetd security

On Mon, 18 Jun 2001, Ethan Benson wrote: > On Mon, Jun 18, 2001 at 09:21:56AM +0200, Sebastiaan wrote: > > Hello, > > > > I found out that rlinetd seems like a great replacement for inetd, because > > it lets you choose which services may be available for the outside world > > and which only for

Re: rlinetd security

On Mon, Jun 18, 2001 at 09:21:56AM +0200, Sebastiaan wrote: > Hello, > > I found out that rlinetd seems like a great replacement for inetd, because > it lets you choose which services may be available for the outside world > and which only for the inner network. So, standard services like echo, >

Re: rlinetd security

Jason Thomas <[EMAIL PROTECTED]> writes upside-down: > this stuff can also be controlled using hosts.deny and hosts.allow. so > then any inetd prog will do! No it can't. There's a difference between not listening on the interface at all, and filtering it out by allowing them to connect to the por

Re: gnupg problem

On Mon, Jun 18, 2001 at 01:04:51AM -0700, Thomas Bushnell, BSG wrote: > The *security* team exists to make security updates to the current > stable release. Currently there is *not* an installable update for > gnupg. The only way (that I can think of right now) for fixing this > is to put the new

Re: A question about Knark and modules

On Mon, Jun 18, 2001 at 04:02:08AM -0300, Peter Cordes wrote: > > You need to keep it somewhere if you ever want to build more modules > that that kernel will load. I don't know why I assumed it would be > stored in the kernel image. it could be a separate file, encrpyted (like gpg private keys

Re: A question about Knark and modules

On Mon, Jun 18, 2001 at 08:56:03AM +0200, Philipp Schulte wrote: > On Sun, Jun 17, 2001 at 10:42:17PM -0800, Ethan Benson wrote: > > > you would need to fix filesystem immutability and block device access > > as well. currently lcap CAP_LINUX_IMMUTABLE is useless since there > > is no way to de

(no subject)

unsubscribe -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: A question about Knark and modules

On Mon, Jun 18, 2001 at 12:35:13AM -0800, Ethan Benson wrote: > chattr +i and +a cannot be set or removed if CAP_LINUX_IMMUTABLE is > removed from the bounding set. however that does not prevent root > from messing with /dev/hda* directly, niether does CAP_SYS_RAWIO. > > there is no capabili

Re: gnupg problem

Previously Thomas Bushnell, BSG wrote: > The *security* team exists to make security updates to the current > stable release. Currently there is *not* an installable update for > gnupg. The only way (that I can think of right now) for fixing this > is to put the new mailcrypt into security.debian

Re: gnupg problem

Wichert Akkerman <[EMAIL PROTECTED]> writes: > Previously Thomas Bushnell, BSG wrote: > > Ok, that's a fine reason. But then the working mailcrypt needs to be > > installed, or the security fix has only been half-done. > > There is a fixed mailcrypt in proposed-updates. That's great, but it do

Re: gnupg problem

Previously Thomas Bushnell, BSG wrote: > Ok, that's a fine reason. But then the working mailcrypt needs to be > installed, or the security fix has only been half-done. There is a fixed mailcrypt in proposed-updates. Wichert. -- ___

RE: strange flickering ports

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi there are known bugs like this in nmap. But this should only apear when using nmap local. Michael Schwarzbach +--+ | /"\ | | \ /

Re: rlinetd security

this stuff can also be controlled using hosts.deny and hosts.allow. so then any inetd prog will do! On Mon, Jun 18, 2001 at 09:21:56AM +0200, Sebastiaan wrote: > Hello, > > I found out that rlinetd seems like a great replacement for inetd, because > it lets you choose which services may be availa

rlinetd security

Hello, I found out that rlinetd seems like a great replacement for inetd, because it lets you choose which services may be available for the outside world and which only for the inner network. So, standard services like echo, daytime, chargen, ftp, etc. are only available for the LAN, while it is

Re: strange flickering ports

On Mon, Jun 18, 2001 at 09:14:54AM +0200, Sebastiaan wrote: > >Hi... > > > >I have a box with something listening to "flickering" ports. nmap > >reports various random ports open from run to run. I can't telnet to > >them and ID w/ netstat, because they're gone the instant nmap finds > >them. > H

re: strange flickering ports

>Hi... > >I have a box with something listening to "flickering" ports. nmap >reports various random ports open from run to run. I can't telnet to >them and ID w/ netstat, because they're gone the instant nmap finds >them. Hi, I have this regularily too. I would like to see this explained, but pe

Re: gnupg problem

Tim Potter <[EMAIL PROTECTED]> writes: > Thomas Bushnell BSG writes: > > > In this case, there needs to be a non-older version of mailcrypt > > available for potato. I don't know why conflicts were added to > > mailcrypt (nothing I noticed in either the public or private security > > lists menti

Re: gnupg problem

Thomas Bushnell BSG writes: > In this case, there needs to be a non-older version of mailcrypt > available for potato. I don't know why conflicts were added to > mailcrypt (nothing I noticed in either the public or private security > lists mentioned it, AFAICT). But assuming the conflicts are ne

  1   2   >