On Tue, Jan 22, 2002 at 05:11:45PM +1300, Adam Warner wrote:
> Why does the KDE Control Center think the user is currently root? In
> contrast the GNOME Control Center properly identifies the username.
Perhaps KDE uses getlogin(2) ?
--
Leo Howell M5AKW
On Tue, 2002-01-22 at 05:26, martin f krafft wrote:
> this is a proof-of-concept post. it's a FreeBSD exploit, thus it may or
> may not have been, be, or will be applicable to Debian Linux or Linux in
> general. you have been warned. properly.
>
> http://www.aerasec.de/security/index.html?id=ae-20
On Tue, Jan 22, 2002 at 01:11:18AM +0100, Christian Jaeger wrote:
> This can be a real security hole, at least when you are not aware of
> it (I have just discovered a working way to exploit it on one of my
> machines).
And isn't that a bug in the package in question? :)
--
Daniel Jacobowitz
On Tue, 2002-01-22 at 05:26, martin f krafft wrote:
> this is a proof-of-concept post. it's a FreeBSD exploit, thus it may or
> may not have been, be, or will be applicable to Debian Linux or Linux in
> general. you have been warned. properly.
>
> http://www.aerasec.de/security/index.html?id=ae-2
For the non-mathmatical, or rather gramatical, style to say it, I use the
phrase:
"Security is Inconvenient."
The first time I say it to someone, they usually pause for a moment, digest it,
and it really helps in further discussions about "what to do about...".
It's my answer, for instance, wh
yes, that's UNIX life. convenience ~ security^-1,
I just wanted to point it out here, since I wasn't sure whether I
should file a bug report against fakeroot for writing suid through,
or one for the fakeroot manpage not mentioning the danger, or one for
dpkg-buildpackage either for not mentio
On Tue, 2002-01-22 at 12:21, martin f krafft wrote:
> also sprach Adam Warner <[EMAIL PROTECTED]> [2002.01.21.2307 +0100]:
> > Federico, are you saying that if you su - to a user account (from root)
> > and then start X that you are running X as root? If so that is a major
> > problem.
>
> no, he
also sprach Christian Jaeger <[EMAIL PROTECTED]> [2002.01.22.0129 +0100]:
> They were accessible, because I didn't realize that there was a risk,
> and because it's convenient when other users on the system can grab
> the finished .deb's from the build dir (to install them on their
> machine) wi
Hi,
Quoting martin f krafft ([EMAIL PROTECTED]):
> yeah, but that's OpenSSH only (which *is* 99% of what you'd use it for).
> but i'd love a PAM-based solution. maybe i should port it. if openssh
> can do it, then the code is open-source, then pam should be able to do
> it too.
There are open sour
also sprach Wichert Akkerman <[EMAIL PROTECTED]> [2002.01.22.0122 +0100]:
> There is some support in PAM and in OpenSSH. I have a cryptocard
> RB-1 token now which I intent to get working with OpenSSH at least
> once I have some free time to spent on it.
yeah, but that's OpenSSH only (which *is* 9
At 1:19 Uhr +0100 22.01.2002, martin f krafft wrote:
why are your build directories accessible to the world? a simple
chmod 0700 ~/deb/build fixes all these problems for me, and
persistently...
They were accessible, because I didn't realize that there was a risk,
and because it's convenient wh
also sprach Christian Jaeger <[EMAIL PROTECTED]> [2002.01.22.0111 +0100]:
> Now you may say "don't build packages as root, use fakeroot instead".
> Well I have always used it, and somehow thought I'm safe, but I'm
> not: the permissions modes (like 4755) make it through to the real
> filesystem,
Previously Petro wrote:
> I don't think so.
> But I'd be interested in the responses as well.
There is some support in PAM and in OpenSSH. I have a cryptocard
RB-1 token now which I intent to get working with OpenSSH at least
once I have some free time to spent on it.
Wichert.
--
___
On Mon, Jan 21, 2002 at 06:16:34AM -0800, martin f krafft wrote:
> assuming i have SecurID tokens with licenses, can i make linux
> authenticate based on these *without* the use of external or commercial
> software (like ACE/Server)? any experience anyone?
I don't think so.
But I'd be in
On Tue, Jan 22, 2002 at 01:11:18AM +0100, Christian Jaeger wrote:
> This can be a real security hole, at least when you are not aware of
> it (I have just discovered a working way to exploit it on one of my
> machines).
And isn't that a bug in the package in question? :)
--
Daniel Jacobowitz
This can be a real security hole, at least when you are not aware of
it (I have just discovered a working way to exploit it on one of my
machines).
dpkg-buildpackage makes a semi-real "make install" into a sub
directory of the debian/ directory in the source dir, and then tar's
the installed
Hello
On Mon, Jan 21, 2002 at 03:35:14PM -0800, Thomas Bushnell, BSG wrote:
[cutted much to answer all below]
> > So I end up with a debian specific user with shutdown/reload privileges
> > that's created with a random (saved) password at installtime as the best
> > solution, or?
>
> Nope. Pro
Christian Hammers <[EMAIL PROTECTED]> writes:
> The password for the mysql root user is not property of the system wide
> configuration as I can't force the user to change a file in /etc
> every time they change the users password and, due to mysqls default to
> use the mysql user of the same name
Hi
On Mon, Jan 21, 2002 at 03:23:15PM -0800, Thomas Bushnell, BSG wrote:
> If it's a way to get "the logs" to rotate, that sure sounds like a
> system-wide option. If it's a root password to a system-wide
> database, then that's also a system-wide option.
The password for the mysql root user is
Package: courier-mta
Version: 0.36.1-2
Severity: critical
A hand-crafted .courier file can be used to insert \r characters in the
message queue file. A bug in the function that reads message queue files
subsequently results in memory corruption.
This exploit is fixed in 0.37.2 upstream, I'll upl
also sprach Adam Warner <[EMAIL PROTECTED]> [2002.01.21.2307 +0100]:
> Federico, are you saying that if you su - to a user account (from root)
> and then start X that you are running X as root? If so that is a major
> problem.
no, he actually says that with exec, you should theoretically be more
s
Christian Hammers <[EMAIL PROTECTED]> writes:
> On Mon, Jan 21, 2002 at 01:46:58PM -0800, Thomas Bushnell, BSG wrote:
> > > There is at least one package in Debian that requires you to put
> > > sensitive information in /root. The mysql server package needs you to
> > > have a .my.cnf in the /roo
also sprach Dave Kline <[EMAIL PROTECTED]> [2002.01.21.2340 +0100]:
> Woah, that does sound a little far-fetched. I am assuming there is a
> little more to this story? I would think most *physical* intruders
> would try to nab DVD players, valuables, and money, not wander into a
> spare room and
On Mon, Jan 21, 2002 at 01:46:58PM -0800, Thomas Bushnell, BSG wrote:
> > There is at least one package in Debian that requires you to put
> > sensitive information in /root. The mysql server package needs you to
> > have a .my.cnf in the /root if you want the logs to rotate. The
> > my.cnf conta
also sprach Adam Warner <[EMAIL PROTECTED]> [2002.01.21.2304 +0100]:
> > as sad as it sounds, unlawful intruders happen. this being a true
> > story, i have 11 machines in my spare room, and my house was broken
> > in once. the *only* thing the intruder did was reboot one of the
> > machines (that
For the non-mathmatical, or rather gramatical, style to say it, I use the phrase:
"Security is Inconvenient."
The first time I say it to someone, they usually pause for a moment, digest it, and it
really helps in further discussions about "what to do about...".
It's my answer, for instance, wh
>yes, that's UNIX life. convenience ~ security^-1,
I just wanted to point it out here, since I wasn't sure whether I
should file a bug report against fakeroot for writing suid through,
or one for the fakeroot manpage not mentioning the danger, or one for
dpkg-buildpackage either for not mentio
On Tue, 2002-01-22 at 12:21, martin f krafft wrote:
> also sprach Adam Warner <[EMAIL PROTECTED]> [2002.01.21.2307 +0100]:
> > Federico, are you saying that if you su - to a user account (from root)
> > and then start X that you are running X as root? If so that is a major
> > problem.
>
> no, he
martin f krafft wrote:
also sprach Adam Warner <[EMAIL PROTECTED]> [2002.01.21.1444 +0100]:
Martin, it's a server in my spare room :-) The only person installing a
backdoor on the server would be an unlawful intruder. Or a cat who can
type ;-) Your points are well taken and I would follow the
also sprach Christian Jaeger <[EMAIL PROTECTED]> [2002.01.22.0129 +0100]:
> They were accessible, because I didn't realize that there was a risk,
> and because it's convenient when other users on the system can grab
> the finished .deb's from the build dir (to install them on their
> machine) w
Hi,
Quoting martin f krafft ([EMAIL PROTECTED]):
> yeah, but that's OpenSSH only (which *is* 99% of what you'd use it for).
> but i'd love a PAM-based solution. maybe i should port it. if openssh
> can do it, then the code is open-source, then pam should be able to do
> it too.
There are open sou
also sprach Wichert Akkerman <[EMAIL PROTECTED]> [2002.01.22.0122 +0100]:
> There is some support in PAM and in OpenSSH. I have a cryptocard
> RB-1 token now which I intent to get working with OpenSSH at least
> once I have some free time to spent on it.
yeah, but that's OpenSSH only (which *is*
Greetings!
On Mon, Jan 21, 2002 at 12:17:56PM +0200, Mikko Kilpikoski wrote:
>
> Well, here's my list of questions:
> Are there any free or no cost solutions (for corporate use)?
For exim there is a filter which rejects all mail with directly
executable files attached (ftp.exim.org/pub/filte
At 1:19 Uhr +0100 22.01.2002, martin f krafft wrote:
>why are your build directories accessible to the world? a simple
>chmod 0700 ~/deb/build fixes all these problems for me, and
>persistently...
They were accessible, because I didn't realize that there was a risk,
and because it's convenient w
also sprach Christian Jaeger <[EMAIL PROTECTED]> [2002.01.22.0111 +0100]:
> Now you may say "don't build packages as root, use fakeroot instead".
> Well I have always used it, and somehow thought I'm safe, but I'm
> not: the permissions modes (like 4755) make it through to the real
> filesystem
Previously Petro wrote:
> I don't think so.
> But I'd be interested in the responses as well.
There is some support in PAM and in OpenSSH. I have a cryptocard
RB-1 token now which I intent to get working with OpenSSH at least
once I have some free time to spent on it.
Wichert.
--
__
On Mon, Jan 21, 2002 at 06:16:34AM -0800, martin f krafft wrote:
> assuming i have SecurID tokens with licenses, can i make linux
> authenticate based on these *without* the use of external or commercial
> software (like ACE/Server)? any experience anyone?
I don't think so.
But I'd be i
This can be a real security hole, at least when you are not aware of
it (I have just discovered a working way to exploit it on one of my
machines).
dpkg-buildpackage makes a semi-real "make install" into a sub
directory of the debian/ directory in the source dir, and then tar's
the installed
On Tue, 2002-01-22 at 07:41, Federico Grau wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On Sun, Jan 20, 2002 at 11:04:13AM +1300, Adam Warner wrote:
> > Hi everyone,
> >
> ...
> > The question I have is if I "su - username" and then browse the web,
> > etc. is it impossible for a
On Tue, 2002-01-22 at 03:11, martin f krafft wrote:
> also sprach Adam Warner <[EMAIL PROTECTED]> [2002.01.21.1444 +0100]:
> > Martin, it's a server in my spare room :-) The only person installing a
> > backdoor on the server would be an unlawful intruder. Or a cat who can
> > type ;-) Your points
"Noah L. Meyerhans" <[EMAIL PROTECTED]> writes:
> On Mon, Jan 21, 2002 at 09:45:50PM +, Tim Haynes wrote:
> > > Is there any reason you can't just chmod 0600 /root/.my.cnf, in that
>> > case? Clearly there are individual files that you don't want
>> > world-readable, but that's true for normal
Hello
On Mon, Jan 21, 2002 at 03:35:14PM -0800, Thomas Bushnell, BSG wrote:
[cutted much to answer all below]
> > So I end up with a debian specific user with shutdown/reload privileges
> > that's created with a random (saved) password at installtime as the best
> > solution, or?
>
> Nope. Pr
On Mon, Jan 21, 2002 at 09:45:50PM +, Tim Haynes wrote:
> > Is there any reason you can't just chmod 0600 /root/.my.cnf, in that
> > case? Clearly there are individual files that you don't want
> > world-readable, but that's true for normal users' home dirs as well.
>
> Why do you want folks t
Chris Francy <[EMAIL PROTECTED]> writes:
> There is at least one package in Debian that requires you to put
> sensitive information in /root. The mysql server package needs you to
> have a .my.cnf in the /root if you want the logs to rotate. The
> my.cnf contains the clear text version of the ro
"Noah L. Meyerhans" <[EMAIL PROTECTED]> writes:
>> I have changed /root to 0700 on all my installations because I am running
>> mysql server. It hasn't broken anything.
>
> Is there any reason you can't just chmod 0600 /root/.my.cnf, in that
> case? Clearly there are individual files that you do
On Mon, Jan 21, 2002 at 01:34:31PM -0800, Chris Francy wrote:
>
> There is at least one package in Debian that requires you to put sensitive
> information in /root. The mysql server package needs you to have a .my.cnf
> in the /root if you want the logs to rotate. The my.cnf contains the clear
Christian Hammers <[EMAIL PROTECTED]> writes:
> The password for the mysql root user is not property of the system wide
> configuration as I can't force the user to change a file in /etc
> every time they change the users password and, due to mysqls default to
> use the mysql user of the same nam
At 11:03 AM 1/21/2002, you wrote:
On Mon, Jan 21, 2002 at 07:54:03PM +0100, eim wrote:
>
> Why has Debian choosen to let users access root's home ?
Why not? Debian doesn't put any sensitive files there. In fact, it
doesn't put anything notable there at all.
There is at least one package in
Hi
On Mon, Jan 21, 2002 at 03:23:15PM -0800, Thomas Bushnell, BSG wrote:
> If it's a way to get "the logs" to rotate, that sure sounds like a
> system-wide option. If it's a root password to a system-wide
> database, then that's also a system-wide option.
The password for the mysql root user i
Package: courier-mta
Version: 0.36.1-2
Severity: critical
A hand-crafted .courier file can be used to insert \r characters in the
message queue file. A bug in the function that reads message queue files
subsequently results in memory corruption.
This exploit is fixed in 0.37.2 upstream, I'll up
also sprach Adam Warner <[EMAIL PROTECTED]> [2002.01.21.2307 +0100]:
> Federico, are you saying that if you su - to a user account (from root)
> and then start X that you are running X as root? If so that is a major
> problem.
no, he actually says that with exec, you should theoretically be more
Christian Hammers <[EMAIL PROTECTED]> writes:
> On Mon, Jan 21, 2002 at 01:46:58PM -0800, Thomas Bushnell, BSG wrote:
> > > There is at least one package in Debian that requires you to put
> > > sensitive information in /root. The mysql server package needs you to
> > > have a .my.cnf in the /ro
also sprach Dave Kline <[EMAIL PROTECTED]> [2002.01.21.2340 +0100]:
> Woah, that does sound a little far-fetched. I am assuming there is a
> little more to this story? I would think most *physical* intruders
> would try to nab DVD players, valuables, and money, not wander into a
> spare room and
On Mon, Jan 21, 2002 at 01:46:58PM -0800, Thomas Bushnell, BSG wrote:
> > There is at least one package in Debian that requires you to put
> > sensitive information in /root. The mysql server package needs you to
> > have a .my.cnf in the /root if you want the logs to rotate. The
> > my.cnf cont
also sprach Adam Warner <[EMAIL PROTECTED]> [2002.01.21.2304 +0100]:
> > as sad as it sounds, unlawful intruders happen. this being a true
> > story, i have 11 machines in my spare room, and my house was broken
> > in once. the *only* thing the intruder did was reboot one of the
> > machines (that
Oops, wrong thread, sorry about this
Mathias
martin f krafft wrote:
>also sprach Adam Warner <[EMAIL PROTECTED]> [2002.01.21.1444 +0100]:
>
>>Martin, it's a server in my spare room :-) The only person installing a
>>backdoor on the server would be an unlawful intruder. Or a cat who can
>>type ;-) Your points are well taken and I would follo
Greetings!
On Mon, Jan 21, 2002 at 12:17:56PM +0200, Mikko Kilpikoski wrote:
>
> Well, here's my list of questions:
> Are there any free or no cost solutions (for corporate use)?
For exim there is a filter which rejects all mail with directly
executable files attached (ftp.exim.org/pub/filt
On Tue, 2002-01-22 at 07:41, Federico Grau wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On Sun, Jan 20, 2002 at 11:04:13AM +1300, Adam Warner wrote:
> > Hi everyone,
> >
> ...
> > The question I have is if I "su - username" and then browse the web,
> > etc. is it impossible for a
On Tue, 2002-01-22 at 03:11, martin f krafft wrote:
> also sprach Adam Warner <[EMAIL PROTECTED]> [2002.01.21.1444 +0100]:
> > Martin, it's a server in my spare room :-) The only person installing a
> > backdoor on the server would be an unlawful intruder. Or a cat who can
> > type ;-) Your points
"Noah L. Meyerhans" <[EMAIL PROTECTED]> writes:
> On Mon, Jan 21, 2002 at 09:45:50PM +, Tim Haynes wrote:
> > > Is there any reason you can't just chmod 0600 /root/.my.cnf, in that
>> > case? Clearly there are individual files that you don't want
>> > world-readable, but that's true for norma
On Mon, Jan 21, 2002 at 09:45:50PM +, Tim Haynes wrote:
> > Is there any reason you can't just chmod 0600 /root/.my.cnf, in that
> > case? Clearly there are individual files that you don't want
> > world-readable, but that's true for normal users' home dirs as well.
>
> Why do you want folks
Chris Francy <[EMAIL PROTECTED]> writes:
> There is at least one package in Debian that requires you to put
> sensitive information in /root. The mysql server package needs you to
> have a .my.cnf in the /root if you want the logs to rotate. The
> my.cnf contains the clear text version of the r
"Noah L. Meyerhans" <[EMAIL PROTECTED]> writes:
>> I have changed /root to 0700 on all my installations because I am running
>> mysql server. It hasn't broken anything.
>
> Is there any reason you can't just chmod 0600 /root/.my.cnf, in that
> case? Clearly there are individual files that you d
On Mon, Jan 21, 2002 at 01:34:31PM -0800, Chris Francy wrote:
>
> There is at least one package in Debian that requires you to put sensitive
> information in /root. The mysql server package needs you to have a .my.cnf
> in the /root if you want the logs to rotate. The my.cnf contains the clea
At 11:03 AM 1/21/2002, you wrote:
>On Mon, Jan 21, 2002 at 07:54:03PM +0100, eim wrote:
> >
> > Why has Debian choosen to let users access root's home ?
>
>Why not? Debian doesn't put any sensitive files there. In fact, it
>doesn't put anything notable there at all.
There is at least one packa
On Mon, Jan 21, 2002 at 07:54:03PM +0100, eim wrote:
>
> Why has Debian choosen to let users access root's home ?
Why not? Debian doesn't put any sensitive files there. In fact, it
doesn't put anything notable there at all.
> Let me say I "chmod 0700 /root", will I encounter any
> problems thr
Oops, wrong thread, sorry about this
Mathias
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Hallo debian-sec folks,
While I was checking up some configurations,
I've noticed that the root's home directory /root
is world readable...
$ drwxr-xr-x2 root root 4.0k Jan 21 15:33 root
This seems to be Debian's default configuration,
because also on other Potato boxes I've foun
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sun, Jan 20, 2002 at 11:04:13AM +1300, Adam Warner wrote:
> Hi everyone,
>
...
> The question I have is if I "su - username" and then browse the web,
> etc. is it impossible for a remote user who managed to gain access to
> that user session to bec
On Mon, Jan 21, 2002 at 07:54:03PM +0100, eim wrote:
>
> Why has Debian choosen to let users access root's home ?
Why not? Debian doesn't put any sensitive files there. In fact, it
doesn't put anything notable there at all.
> Let me say I "chmod 0700 /root", will I encounter any
> problems th
Hi,
AFAIK port scans are legal in Germany. It is even legal to break into a
system, as long as you don't damage anything (which would be computer
sabotage; but pay attention, killing a process with an exploit would
already be "damaging the system") or look at anything (which would be
spying).
Any
Hallo debian-sec folks,
While I was checking up some configurations,
I've noticed that the root's home directory /root
is world readable...
$ drwxr-xr-x2 root root 4.0k Jan 21 15:33 root
This seems to be Debian's default configuration,
because also on other Potato boxes I've fou
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sun, Jan 20, 2002 at 11:04:13AM +1300, Adam Warner wrote:
> Hi everyone,
>
...
> The question I have is if I "su - username" and then browse the web,
> etc. is it impossible for a remote user who managed to gain access to
> that user session to be
this is a proof-of-concept post. it's a FreeBSD exploit, thus it may or
may not have been, be, or will be applicable to Debian Linux or Linux in
general. you have been warned. properly.
http://www.aerasec.de/security/index.html?id=ae-200201-053&lang=en
--
martin; (greetings from the
Mathias Palm <[EMAIL PROTECTED]> cum veritate scripsit:
> I am not sure if the packagers of tcl are reading this list. If somebody
> knows a better way to reach them, please write me or even better,
> forward it to the appropriate place.
Write to debian-user@lists.debian.org,
and proceed to filin
The Tcl 8.3, Tk 8.3 and Tix 41 packages are not tuned to work ivery
well with each other in woody.
Using it out of box I get and starting tclsh
% package require Tk
couldn't load file "/usr/lib/tk8.3/libtk8.3.so.1":
/usr/lib/tk8.3/libtk8.3.so.1: cannot open shared object file: No such
file or di
Am Montag, 21. Januar 2002 15:21 schrieb martin f krafft:
> don't run shellscripts setuid or setgid.
AFAIK Linux doesn't support setuid or setgid scripts, if you want to achieve
things like this, you'll have to use an setgid or setuid interpreter (a.k.a.
suidperl).
Good Luck writing a secure
Hi,
AFAIK port scans are legal in Germany. It is even legal to break into a
system, as long as you don't damage anything (which would be computer
sabotage; but pay attention, killing a process with an exploit would
already be "damaging the system") or look at anything (which would be
spying).
An
this is a proof-of-concept post. it's a FreeBSD exploit, thus it may or
may not have been, be, or will be applicable to Debian Linux or Linux in
general. you have been warned. properly.
http://www.aerasec.de/security/index.html?id=ae-200201-053&lang=en
--
martin; (greetings from th
also sprach Phillip Hofmeister <[EMAIL PROTECTED]> [2002.01.21.1511 +0100]:
> Please, everyone flame me if this is a blatant security hole
consider yourself flamed.
> Make your [setuid] shell script secure, non-interuptable
good luck. there is *a lot* of insecurity in a shell script. you
Mathias Palm <[EMAIL PROTECTED]> cum veritate scripsit:
> I am not sure if the packagers of tcl are reading this list. If somebody
> knows a better way to reach them, please write me or even better,
> forward it to the appropriate place.
Write to [EMAIL PROTECTED],
and proceed to filing bugs aga
assuming i have SecurID tokens with licenses, can i make linux
authenticate based on these *without* the use of external or commercial
software (like ACE/Server)? any experience anyone?
--
martin; (greetings from the heart of the sun.)
\ echo mailto: !#^."<*>"|tr "<*> mailto:";
also sprach Adam Warner <[EMAIL PROTECTED]> [2002.01.21.1444 +0100]:
> Martin, it's a server in my spare room :-) The only person installing a
> backdoor on the server would be an unlawful intruder. Or a cat who can
> type ;-) Your points are well taken and I would follow the same security
> practi
Please, everyone flame me if this is a blatant security hole
Make your shell script secure, non-interuptable
set the permission on it to 4750 (Setuid bit) with GROUP Being the group of
people you want to run it and OWNER being the person you want to run it as.
Phil
-Original Messag
> > > Also, which mailserver would you recommend? (I have to learn one
> > > anyway.)
> > I'd recommend QMail. Why? - Read some mailing lists... And this
> is commonly
> > the question of religion.
>
> and i'd recommend postfix.
>
> trying hard to stay away from a religious war, i am keeping th
The Tcl 8.3, Tk 8.3 and Tix 41 packages are not tuned to work ivery
well with each other in woody.
Using it out of box I get and starting tclsh
% package require Tk
couldn't load file "/usr/lib/tk8.3/libtk8.3.so.1":
/usr/lib/tk8.3/libtk8.3.so.1: cannot open shared object file: No such
file or d
On Mon, 2002-01-21 at 23:40, martin f krafft wrote:
> nevertheless, leave a root console open on a production machine really
> just calls for trouble. imagine you are about to head for lunch with a
> friend, but you decide to check something in the server room quickly.
> while you stare at your
and i'd recommend postfix.
I run postfix + kavcheck + avcheck (do a google and you'll probably find
it). kavcheck's postfix implementation isn't very good, but the avcheck
program comes complete with a howto do set it up chroot. Very nice.
Combine this with crontab and you can update twice d
Am Montag, 21. Januar 2002 15:21 schrieb martin f krafft:
> don't run shellscripts setuid or setgid.
AFAIK Linux doesn't support setuid or setgid scripts, if you want to achieve
things like this, you'll have to use an setgid or setuid interpreter (a.k.a.
suidperl).
Good Luck writing a secure
also sprach Phillip Hofmeister <[EMAIL PROTECTED]> [2002.01.21.1511 +0100]:
> Please, everyone flame me if this is a blatant security hole
consider yourself flamed.
> Make your [setuid] shell script secure, non-interuptable
good luck. there is *a lot* of insecurity in a shell script. yo
assuming i have SecurID tokens with licenses, can i make linux
authenticate based on these *without* the use of external or commercial
software (like ACE/Server)? any experience anyone?
--
martin; (greetings from the heart of the sun.)
\ echo mailto: !#^."<*>"|tr "<*> mailto:"
also sprach Adam Warner <[EMAIL PROTECTED]> [2002.01.21.1444 +0100]:
> Martin, it's a server in my spare room :-) The only person installing a
> backdoor on the server would be an unlawful intruder. Or a cat who can
> type ;-) Your points are well taken and I would follow the same security
> pract
Please, everyone flame me if this is a blatant security hole
Make your shell script secure, non-interuptable
set the permission on it to 4750 (Setuid bit) with GROUP Being the group of people you
want to run it and OWNER being the person you want to run it as.
Phil
-Original Messa
> > > Also, which mailserver would you recommend? (I have to learn one
> > > anyway.)
> > I'd recommend QMail. Why? - Read some mailing lists... And this
> is commonly
> > the question of religion.
>
> and i'd recommend postfix.
>
> trying hard to stay away from a religious war, i am keeping t
also sprach Antropov Anton <[EMAIL PROTECTED]> [2002.01.21.1231 +0100]:
> > Also, which mailserver would you recommend? (I have to learn one
> > anyway.)
> I'd recommend QMail. Why? - Read some mailing lists... And this is commonly
> the question of religion.
and i'd recommend postfix.
trying
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
Am Montag, 21. Januar 2002 11:17 schrieb Mikko Kilpikoski:
> Hi.
>
> I am setting up a (updating an existing) mail server at our company and
> would like to get some recommendations on what anti-virus software to
> run on the server. Currently I'm
On Mon, 2002-01-21 at 23:40, martin f krafft wrote:
> nevertheless, leave a root console open on a production machine really
> just calls for trouble. imagine you are about to head for lunch with a
> friend, but you decide to check something in the server room quickly.
> while you stare at your
>
>
>and i'd recommend postfix.
>
I run postfix + kavcheck + avcheck (do a google and you'll probably find
it). kavcheck's postfix implementation isn't very good, but the avcheck
program comes complete with a howto do set it up chroot. Very nice.
Combine this with crontab and you can update twi
> I've tried to check a few websites for info on the commercial products,
> but I find them mostly confusing. Many have like one to a billion
> different 'products' or 'solutions' listed and I can't find the magic
> word linux anywhere either... :/
>
> Well, here's my list of questions:
> Are t
1 - 100 of 113 matches
Mail list logo
