On Wed, Jun 20, 2001 at 12:02:47AM -0600, Hubert Chan wrote:
> Well, obviously my proposed scheme wouldn't work (because of the
> previously mentioned exploit), but the motivation behind the scheme
> was to reduce the number of SUID programs (because if you don't need
> it to be SUID, you're safer
[EMAIL PROTECTED] (Thomas Bushnell, BSG) writes:
> Florian Weimer <[EMAIL PROTECTED]> writes:
>
> > [EMAIL PROTECTED] (Thomas Bushnell, BSG) writes:
> >
> > > It's clear to me we need a virtual package for "pgp implementation"
> > > that both pgp and gnupg can provide.
> >
> > Uh, this doesn't
On Wed, Jun 20, 2001 at 12:02:47AM -0600, Hubert Chan wrote:
> Well, obviously my proposed scheme wouldn't work (because of the
> previously mentioned exploit), but the motivation behind the scheme
> was to reduce the number of SUID programs (because if you don't need
> it to be SUID, you're safer
[EMAIL PROTECTED] (Thomas Bushnell, BSG) writes:
> Florian Weimer <[EMAIL PROTECTED]> writes:
>
> > [EMAIL PROTECTED] (Thomas Bushnell, BSG) writes:
> >
> > > It's clear to me we need a virtual package for "pgp implementation"
> > > that both pgp and gnupg can provide.
> >
> > Uh, this doesn't
Hubert Chan <[EMAIL PROTECTED]> writes:
> But for the situation we are talking about, they would need to have the
> same interface, since a PGP front end needs to interact with the PGP
> program. So in the PGP front end depends on the "pgp implementation"
> virtual package, but the PGP program do
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> "Thomas" == Thomas Bushnell, BSG <[EMAIL PROTECTED]> writes:
Thomas> In order to have a virtual package, there is absolutely no need
Thomas> that the various packages that provide it have compatible or
Thomas> even remotely similar interfaces.
At 10:34 Uhr +0200 19.6.2001, Ethan Benson wrote:
On Tue, Jun 19, 2001 at 10:09:51AM +0200, Christian Jaeger wrote:
> But if the passwd command doesn't itself have the rights to access
> /etc/shadow but only the root login shell has (which only runs if
> called through sshd), then the cracker
Florian Weimer <[EMAIL PROTECTED]> writes:
> [EMAIL PROTECTED] (Thomas Bushnell, BSG) writes:
>
> > It's clear to me we need a virtual package for "pgp implementation"
> > that both pgp and gnupg can provide.
>
> Uh, this doesn't work. Even the PGP releases aren't completely
> compatible among
Hubert Chan <[EMAIL PROTECTED]> writes:
> But for the situation we are talking about, they would need to have the
> same interface, since a PGP front end needs to interact with the PGP
> program. So in the PGP front end depends on the "pgp implementation"
> virtual package, but the PGP program d
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> "Thomas" == Thomas Bushnell, BSG <[EMAIL PROTECTED]> writes:
Thomas> In order to have a virtual package, there is absolutely no need
Thomas> that the various packages that provide it have compatible or
Thomas> even remotely similar interfaces.
At 10:34 Uhr +0200 19.6.2001, Ethan Benson wrote:
>On Tue, Jun 19, 2001 at 10:09:51AM +0200, Christian Jaeger wrote:
> > But if the passwd command doesn't itself have the rights to access
> > /etc/shadow but only the root login shell has (which only runs if
> > called through sshd), then the cr
On Tue, Jun 19, 2001 at 11:14:06PM +0200, Julien Dupre wrote:
> My idea is not to look at security alerts but trust
> that debian maintainers will do it, I have a daily
> cron
> job which mails me if "apt-get -s upgrade" says
> something
> should be upgraded, is this not reasonable ?
No, it's not
Florian Weimer <[EMAIL PROTECTED]> writes:
> [EMAIL PROTECTED] (Thomas Bushnell, BSG) writes:
>
> > It's clear to me we need a virtual package for "pgp implementation"
> > that both pgp and gnupg can provide.
>
> Uh, this doesn't work. Even the PGP releases aren't completely
> compatible among
On Tue, Jun 19, 2001 at 12:28:46AM -0800, Ethan Benson wrote:
> On Tue, Jun 19, 2001 at 12:17:07PM +0800, Ben Harvey wrote:
>
> > cracker==root sysadmin==root+LIDS_password
> > if someone can sniff me typing in my lids password (encrypted in the kernel)
> > then I am stuffed.
>
> they can always
[EMAIL PROTECTED] (Thomas Bushnell, BSG) writes:
> It's clear to me we need a virtual package for "pgp implementation"
> that both pgp and gnupg can provide.
Uh, this doesn't work. Even the PGP releases aren't completely
compatible among themselves, and GnuPG has got a completely different
comma
If your system is not all the day you can also look information for the
"anacron" package. This package run all cron jobs that were told to be run at
the time that the system were off.
Sorry for my speech (language), i'm Spanish. Could you help me and tell me the
mistakes in this mail, please?.
On Tue, Jun 19, 2001 at 11:14:06PM +0200, Julien Dupre wrote:
> My idea is not to look at security alerts but trust
> that debian maintainers will do it, I have a daily
> cron
> job which mails me if "apt-get -s upgrade" says
> something
> should be upgraded, is this not reasonable ?
No, it's no
On Tue, Jun 19, 2001 at 12:28:46AM -0800, Ethan Benson wrote:
> On Tue, Jun 19, 2001 at 12:17:07PM +0800, Ben Harvey wrote:
>
> > cracker==root sysadmin==root+LIDS_password
> > if someone can sniff me typing in my lids password (encrypted in the kernel)
> > then I am stuffed.
>
> they can always
[EMAIL PROTECTED] (Thomas Bushnell, BSG) writes:
> It's clear to me we need a virtual package for "pgp implementation"
> that both pgp and gnupg can provide.
Uh, this doesn't work. Even the PGP releases aren't completely
compatible among themselves, and GnuPG has got a completely different
comm
If your system is not all the day you can also look information for the "anacron"
package. This package run all cron jobs that were told to be run at the time that the
system were off.
Sorry for my speech (language), i'm Spanish. Could you help me and tell me the
mistakes in this mail, please?
Pat Moffitt wrote:
> Look at logrotate. Logrotate is a package for debian. It uses cron and is
> configurable. You will want to configure it after it gets installed as a
> bunch of logs from other packages aren't accounted for.
>
> Also, many packages have facilities for rotating logs. You sho
Pat Moffitt wrote:
> Look at logrotate. Logrotate is a package for debian. It uses cron and is
> configurable. You will want to configure it after it gets installed as a
> bunch of logs from other packages aren't accounted for.
>
> Also, many packages have facilities for rotating logs. You sh
Ethan Benson <[EMAIL PROTECTED]> writes:
> mailcrypt is not in debian, its in contrib. niether contrib or
> non-free are part of debian.
xemacs haves it's own mailcrypt, and it's broken also. Or I have
something else broken? Any solutions available?
And xemacs belongs to main.
--
M. Tavast
On Wed, Jun 20, 2001 at 01:46:26PM +0100, Colin Phipps wrote:
> It's a cron job that does a su nobody before running something, do a
> grep nobody /etc/cron.daily/* and it'll probably be there.
specifically its /etc/cron.daily/find which rebuilds the locatedb.
updatedb is a shellscript and uses no
On Wed, Jun 20, 2001 at 12:02:47AM -0600, Hubert Chan wrote:
> be SUID, you're safer without it being SUID). Is there any (sane) way
> of making it so that programs such as passwd, chsh, etc. don't need to
> be SUID?
Not really. Not if you want to ensure that any of the data they can alter
passe
On 2001-06-20, Matthias Fritschi wrote:
> > Jun 20 06:25:02 blacksun su[2095]: + ??? root-nobody
> > Jun 20 06:25:02 blacksun PAM_unix[2095]: (su) session opened for user
> > nobody by (uid=0)
>
>could that mean somebody got into the server using a security leak in
>a process running as nobody? a
On Wed, Jun 20, 2001 at 02:39:35PM +0200, Matthias Fritschi wrote:
> my linux knowledge comes more from the user/developer side of view, so im
> learning a lot at the moment to be able to set up our new webserver.
> today, i had the following two lines in auth.log, which scared me a bit:
>
> > Ju
hi,
my linux knowledge comes more from the user/developer side of view, so im
learning a lot at the moment to be able to set up our new webserver.
today, i had the following two lines in auth.log, which scared me a bit:
> Jun 20 06:25:02 blacksun su[2095]: + ??? root-nobody
> Jun 20 06:25:02 bla
Ethan Benson <[EMAIL PROTECTED]> writes:
> mailcrypt is not in debian, its in contrib. niether contrib or
> non-free are part of debian.
xemacs haves it's own mailcrypt, and it's broken also. Or I have
something else broken? Any solutions available?
And xemacs belongs to main.
--
M. Tavas
On Wed, Jun 20, 2001 at 01:46:26PM +0100, Colin Phipps wrote:
> It's a cron job that does a su nobody before running something, do a
> grep nobody /etc/cron.daily/* and it'll probably be there.
specifically its /etc/cron.daily/find which rebuilds the locatedb.
updatedb is a shellscript and uses n
On Wed, Jun 20, 2001 at 12:02:47AM -0600, Hubert Chan wrote:
> be SUID, you're safer without it being SUID). Is there any (sane) way
> of making it so that programs such as passwd, chsh, etc. don't need to
> be SUID?
Not really. Not if you want to ensure that any of the data they can alter
pass
On 2001-06-20, Matthias Fritschi wrote:
> > Jun 20 06:25:02 blacksun su[2095]: + ??? root-nobody
> > Jun 20 06:25:02 blacksun PAM_unix[2095]: (su) session opened for user nobody by
>(uid=0)
>
>could that mean somebody got into the server using a security leak in
>a process running as nobody? at
On Wed, Jun 20, 2001 at 02:39:35PM +0200, Matthias Fritschi wrote:
> my linux knowledge comes more from the user/developer side of view, so im
> learning a lot at the moment to be able to set up our new webserver.
> today, i had the following two lines in auth.log, which scared me a bit:
>
> > J
hi,
my linux knowledge comes more from the user/developer side of view, so im
learning a lot at the moment to be able to set up our new webserver.
today, i had the following two lines in auth.log, which scared me a bit:
> Jun 20 06:25:02 blacksun su[2095]: + ??? root-nobody
> Jun 20 06:25:02 b
Christian Kurz <[EMAIL PROTECTED]> writes:
> Would you please check the next time either your box running unstable or
> packages.debian.org? If you had done this before, you would have
> noticed, that mailcrypt from stable also offered an interface to PGP
> (pgp-i, pgp-us and pgp5i are the matchin
On Wed, Jun 20, 2001 at 12:02:47AM -0600, Hubert Chan wrote:
> > "Ethan" == Ethan Benson <[EMAIL PROTECTED]> writes:
>
> Ethan> echo 'eb::0:0:Ethan Benson:/home/eb:/bin/bash' > /etc/passwd.d/eb
>
> Ethan> login whe r00t!
>
> Hmm. Forgot about that. I guess that would be a bit of a secu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> "Ethan" == Ethan Benson <[EMAIL PROTECTED]> writes:
Ethan> echo 'eb::0:0:Ethan Benson:/home/eb:/bin/bash' > /etc/passwd.d/eb
Ethan> login whe r00t!
Hmm. Forgot about that. I guess that would be a bit of a security
hole. :-(
Ethan> it wo
Christian Kurz <[EMAIL PROTECTED]> writes:
> Would you please check the next time either your box running unstable or
> packages.debian.org? If you had done this before, you would have
> noticed, that mailcrypt from stable also offered an interface to PGP
> (pgp-i, pgp-us and pgp5i are the matchi
38 matches
Mail list logo
